1dnl 2dnl Use the top-level autogen.sh script to generate configure and config.h.in 3dnl 4dnl SPDX-License-Identifier: ISC 5dnl 6dnl Copyright (c) 1994-1996, 1998-2021 Todd C. Miller <Todd.Miller@sudo.ws> 7dnl 8dnl Permission to use, copy, modify, and distribute this software for any 9dnl purpose with or without fee is hereby granted, provided that the above 10dnl copyright notice and this permission notice appear in all copies. 11dnl 12dnl THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13dnl WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14dnl MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15dnl ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16dnl WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19dnl 20AC_PREREQ([2.70]) 21AC_INIT([sudo], [1.9.8p2], [https://bugzilla.sudo.ws/], [sudo]) 22AC_CONFIG_HEADERS([config.h pathnames.h]) 23AC_CONFIG_SRCDIR([src/sudo.c]) 24AC_CONFIG_AUX_DIR([scripts]) 25dnl 26dnl Variables that get substituted in the Makefile and man pages 27dnl 28AC_SUBST([SHELL]) 29AC_SUBST([LIBTOOL]) 30AC_SUBST([CFLAGS]) 31AC_SUBST([PROGS]) 32AC_SUBST([CPPFLAGS]) 33AC_SUBST([LDFLAGS]) 34AC_SUBST([SUDO_LDFLAGS]) 35AC_SUBST([SUDOERS_LDFLAGS]) 36AC_SUBST([LIBUTIL_LDFLAGS]) 37AC_SUBST([ZLIB_LDFLAGS]) 38AC_SUBST([LT_LDFLAGS]) 39AC_SUBST([LT_LDDEP]) 40AC_SUBST([LT_LDEXPORTS]) 41AC_SUBST([LT_STATIC]) 42AC_SUBST([LT_DEP_LIBS]) 43AC_SUBST([COMMON_OBJS]) 44AC_SUBST([SUDOERS_OBJS]) 45AC_SUBST([SUDO_OBJS]) 46AC_SUBST([LIBS]) 47AC_SUBST([SUDO_LIBS]) 48AC_SUBST([SUDOERS_LIBS]) 49AC_SUBST([STATIC_SUDOERS]) 50AC_SUBST([NET_LIBS]) 51AC_SUBST([AFS_LIBS]) 52AC_SUBST([REPLAY_LIBS]) 53AC_SUBST([GETGROUPS_LIB]) 54AC_SUBST([AUTH_OBJS]) 55AC_SUBST([MANTYPE]) 56AC_SUBST([MANDIRTYPE]) 57AC_SUBST([MANCOMPRESS]) 58AC_SUBST([MANCOMPRESSEXT]) 59AC_SUBST([SHLIB_ENABLE]) 60AC_SUBST([SHLIB_MODE]) 61AC_SUBST([SUDOERS_MODE]) 62AC_SUBST([SUDOERS_UID]) 63AC_SUBST([SUDOERS_GID]) 64AC_SUBST([DEVEL]) 65AC_SUBST([BAMAN]) 66AC_SUBST([LCMAN]) 67AC_SUBST([PSMAN]) 68AC_SUBST([SEMAN]) 69AC_SUBST([devdir]) 70AC_SUBST([mansectsu]) 71AC_SUBST([mansectform]) 72AC_SUBST([INTERCEPTFILE]) 73AC_SUBST([INTERCEPTDIR]) 74AC_SUBST([intercept_file]) 75AC_SUBST([NOEXECFILE]) 76AC_SUBST([NOEXECDIR]) 77AC_SUBST([noexec_file]) 78AC_SUBST([sesh_file]) 79AC_SUBST([INSTALL_BACKUP]) 80AC_SUBST([INSTALL_INTERCEPT]) 81AC_SUBST([INSTALL_NOEXEC]) 82AC_SUBST([CHECK_INTERCEPT]) 83AC_SUBST([PRELOAD_MODULE]) 84AC_SUBST([DONT_LEAK_PATH_INFO]) 85AC_SUBST([BSDAUTH_USAGE]) 86AC_SUBST([SELINUX_USAGE]) 87AC_SUBST([LDAP]) 88AC_SUBST([LOGINCAP_USAGE]) 89AC_SUBST([ZLIB]) 90AC_SUBST([ZLIB_SRC]) 91AC_SUBST([LIBTOOL_DEPS]) 92AC_SUBST([CONFIGURE_ARGS]) 93AC_SUBST([LIBDL]) 94AC_SUBST([LIBRT]) 95AC_SUBST([LIBINTL]) 96AC_SUBST([LIBMD]) 97AC_SUBST([LIBTLS]) 98AC_SUBST([LIBPTHREAD]) 99AC_SUBST([SUDO_NLS]) 100AC_SUBST([LOCALEDIR_SUFFIX]) 101AC_SUBST([COMPAT_TEST_PROGS]) 102AC_SUBST([SUDOERS_TEST_PROGS]) 103AC_SUBST([CROSS_COMPILING]) 104AC_SUBST([ASAN_LDFLAGS]) 105AC_SUBST([ASAN_CFLAGS]) 106AC_SUBST([PIE_LDFLAGS]) 107AC_SUBST([PIE_CFLAGS]) 108AC_SUBST([SSP_LDFLAGS]) 109AC_SUBST([SSP_CFLAGS]) 110AC_SUBST([INIT_SCRIPT]) 111AC_SUBST([INIT_DIR]) 112AC_SUBST([RC_LINK]) 113AC_SUBST([COMPAT_EXP]) 114AC_SUBST([TMPFILES_D]) 115AC_SUBST([exampledir]) 116AC_SUBST([DIGEST]) 117AC_SUBST([devsearch]) 118AC_SUBST([SIGNAME]) 119AC_SUBST([PYTHON_PLUGIN]) 120AC_SUBST([PYTHON_PLUGIN_SRC]) 121AC_SUBST([LOGSRV]) 122AC_SUBST([LOGSRV_SRC]) 123AC_SUBST([LOGSRVD_SRC]) 124AC_SUBST([LOGSRVD_CONF]) 125AC_SUBST([LIBLOGSRV]) 126AC_SUBST([PPFILES]) 127AC_SUBST([FUZZ_ENGINE]) 128AC_SUBST([FUZZ_LD]) 129AC_SUBST([INTERCEPT_EXP]) 130 131dnl 132dnl Variables that get substituted in docs (not overridden by environment) 133dnl 134AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR 135AC_SUBST([log_dir])dnl real initial value from SUDO_LOGDIR 136AC_SUBST([logpath])dnl real initial value from SUDO_LOGFILE 137AC_SUBST([relay_dir])dnl real initial value from SUDO_RELAY_DIR 138AC_SUBST([rundir])dnl real initial value from SUDO_RUNDIR 139AC_SUBST([vardir])dnl real initial value from SUDO_VARDIR 140AC_SUBST([timeout]) 141AC_SUBST([password_timeout]) 142AC_SUBST([sudo_umask]) 143AC_SUBST([umask_override]) 144AC_SUBST([passprompt]) 145AC_SUBST([long_otp_prompt]) 146AC_SUBST([lecture]) 147AC_SUBST([logfac]) 148AC_SUBST([goodpri]) 149AC_SUBST([badpri]) 150AC_SUBST([loglen]) 151AC_SUBST([ignore_dot]) 152AC_SUBST([mail_no_user]) 153AC_SUBST([mail_no_host]) 154AC_SUBST([mail_no_perms]) 155AC_SUBST([mailto]) 156AC_SUBST([mailsub]) 157AC_SUBST([badpass_message]) 158AC_SUBST([fqdn]) 159AC_SUBST([runas_default]) 160AC_SUBST([env_editor]) 161AC_SUBST([env_reset]) 162AC_SUBST([passwd_tries]) 163AC_SUBST([timestamp_type]) 164AC_SUBST([insults]) 165AC_SUBST([root_sudo]) 166AC_SUBST([path_info]) 167AC_SUBST([ldap_conf]) 168AC_SUBST([ldap_secret]) 169AC_SUBST([sssd_lib]) 170AC_SUBST([nsswitch_conf]) 171AC_SUBST([netsvc_conf]) 172AC_SUBST([secure_path]) 173AC_SUBST([editor]) 174AC_SUBST([pam_session]) 175AC_SUBST([pam_login_service]) 176AC_SUBST([plugindir]) 177# 178# Begin initial values for man page substitution 179# 180iolog_dir=/var/log/sudo-io 181log_dir=/var/log 182logpath=/var/log/sudo.log 183relay_dir=/var/log/sudo_logsrvd 184rundir=/var/run/sudo 185vardir=/var/adm/sudo 186timeout=5 187password_timeout=5 188sudo_umask=0022 189umask_override=off 190passprompt="Password: " 191long_otp_prompt=off 192lecture=once 193logfac=auth 194goodpri=notice 195badpri=alert 196loglen=80 197ignore_dot=off 198mail_no_user=on 199mail_no_host=off 200mail_no_perms=off 201mailto=root 202mailsub="*** SECURITY information for %h ***" 203badpass_message="Sorry, try again." 204fqdn=off 205runas_default=root 206env_editor=on 207env_reset=on 208editor=vi 209passwd_tries=3 210timestamp_type=tty 211insults=off 212root_sudo=on 213path_info=on 214ldap_conf=/etc/ldap.conf 215ldap_secret=/etc/ldap.secret 216netsvc_conf=/etc/netsvc.conf 217intercept_file="$libexecdir/sudo/sudo_intercept.so" 218noexec_file="$libexecdir/sudo/sudo_noexec.so" 219sesh_file="$libexecdir/sudo/sesh" 220nsswitch_conf=/etc/nsswitch.conf 221secure_path="not set" 222pam_session=on 223pam_login_service=sudo 224plugindir="$libexecdir/sudo" 225DIGEST=digest.lo 226devsearch="/dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev" 227# 228# End initial values for man page substitution 229# 230dnl 231dnl Initial values for Makefile variables listed above 232dnl May be overridden by environment variables.. 233dnl 234INSTALL_BACKUP= 235INSTALL_INTERCEPT= 236INSTALL_NOEXEC= 237CHECK_INTERCEPT= 238PRELOAD_MODULE=-module 239exampledir='$(docdir)/examples' 240devdir='$(srcdir)' 241PROGS="sudo" 242: ${MANDIRTYPE='man'} 243: ${SHLIB_MODE='0644'} 244: ${SUDOERS_MODE='0440'} 245: ${SUDOERS_UID='0'} 246: ${SUDOERS_GID='0'} 247DEVEL= 248LDAP="#" 249BAMAN=0 250LCMAN=0 251PSMAN=0 252SEMAN=0 253LIBINTL= 254LIBMD= 255LIBTLS= 256ZLIB= 257ZLIB_SRC= 258AUTH_OBJS= 259AUTH_REG= 260AUTH_EXCL= 261AUTH_EXCL_DEF= 262AUTH_DEF=passwd 263SUDO_NLS=disabled 264LOCALEDIR_SUFFIX= 265LT_LDEXPORTS="-export-symbols \$(shlib_exp)" 266LT_LDDEP="\$(shlib_exp)" 267OS_INIT=os_init_common 268INIT_SCRIPT= 269INIT_DIR= 270RC_LINK= 271COMPAT_EXP= 272SIGNAME= 273FUZZ_ENGINE= 274FUZZ_LD='$(CC)' 275INTERCEPT_EXP= 276dnl 277dnl Other variables 278dnl 279WEAK_ALIAS=no 280CHECKSHADOW=true 281shadow_funcs= 282shadow_libs= 283TMPFILES_D= 284CONFIGURE_ARGS="$@" 285PYTHON_PLUGIN=# 286LOGSRVD= 287LOGSRVD_SRC=logsrvd 288LOGSRV_SRC=lib/logsrv 289LOGSRVD_CONF='$(srcdir)/sudo_logsrvd.conf' 290LIBLOGSRV='$(top_builddir)/lib/logsrv/liblogsrv.la' 291PPFILES='$(srcdir)/etc/sudo.pp' 292 293dnl 294dnl LD_PRELOAD equivalents 295dnl 296RTLD_PRELOAD_VAR="LD_PRELOAD" 297RTLD_PRELOAD_ENABLE_VAR= 298RTLD_PRELOAD_DELIM=":" 299RTLD_PRELOAD_DEFAULT= 300 301dnl 302dnl libc replacement functions live in libsudo_util.a 303dnl 304AC_CONFIG_LIBOBJ_DIR(lib/util) 305 306dnl 307dnl We must call AC_USE_SYSTEM_EXTENSIONS before the compiler is run. 308dnl 309AC_USE_SYSTEM_EXTENSIONS 310 311# 312# Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir. 313# Starting with sudo 1.8.7, $libexecdir/sudo is used so strip 314# off an extraneous "/sudo" from libexecdir. 315# 316case "$libexecdir" in 317 */sudo) 318 AC_MSG_WARN([libexecdir should not include the "sudo" subdirectory]) 319 libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'` 320 ;; 321esac 322 323dnl 324dnl Deprecated --with options (these all warn or generate an error) 325dnl 326 327AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])], 328[case $with_otp_only in 329 yes) with_passwd="no" 330 AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd]) 331 ;; 332esac]) 333 334AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])], 335[case $with_alertmail in 336 *) with_mailto="$with_alertmail" 337 AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto]) 338 ;; 339esac]) 340 341AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [deprecated])], 342[case $with_pc_insults in 343 yes) enable_offensive_insults=no 344 AC_MSG_NOTICE([--with-pc-insults option deprecated, it is now the default]) 345 ;; 346 no) enable_offensive_insults=yes 347 AC_MSG_NOTICE([--without-pc-insults option deprecated, use --enable-offensive-insults]) 348 ;; 349esac]) 350 351dnl 352dnl Options for --with 353dnl 354 355AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])], 356[case $with_devel in 357 yes) AC_MSG_NOTICE([setting up for development: -Wall, flex, yacc]) 358 AX_APPEND_FLAG([-DSUDO_DEVEL], [CPPFLAGS]) 359 DEVEL="true" 360 devdir=. 361 ;; 362 no) ;; 363 *) AC_MSG_WARN([ignoring unknown argument to --with-devel: $with_devel]) 364 ;; 365esac]) 366 367AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])], 368[case $with_CC in 369 *) AC_MSG_ERROR([the --with-CC option is no longer supported, please pass CC=$with_CC to configure instead.]) 370 ;; 371esac]) 372 373AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [deprecated, use --disable-rpath])], 374[AC_MSG_WARN([--with-rpath deprecated, rpath is now the default])]) 375 376AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[[=PATH]]], [deprecated])], 377[AC_MSG_WARN([--with-blibpath deprecated, use --with-libpath])]) 378 379dnl 380dnl Handle BSM auditing support. 381dnl 382AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])], 383[case $with_bsm_audit in 384 yes) AC_DEFINE(HAVE_BSM_AUDIT) 385 SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm" 386 SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo" 387 ;; 388 no) ;; 389 *) AC_MSG_ERROR([--with-bsm-audit does not take an argument.]) 390 ;; 391esac]) 392 393dnl 394dnl Handle Linux auditing support. 395dnl 396AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])], 397[case $with_linux_audit in 398 yes) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <libaudit.h>]], [[int i = AUDIT_USER_CMD; (void)i;]])], [ 399 AC_DEFINE(HAVE_LINUX_AUDIT) 400 SUDO_LIBS="${SUDO_LIBS} -laudit" 401 SUDOERS_LIBS="${SUDO_LIBS} -laudit" 402 SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo" 403 ], [ 404 AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit]) 405 ]) 406 ;; 407 no) ;; 408 *) AC_MSG_ERROR([--with-linux-audit does not take an argument.]) 409 ;; 410esac]) 411 412dnl 413dnl Handle Solaris auditing support. 414dnl 415AC_ARG_WITH(solaris-audit, [AS_HELP_STRING([--with-solaris-audit], [enable Solaris audit support])], 416[case $with_solaris_audit in 417 yes) AC_DEFINE(HAVE_SOLARIS_AUDIT) 418 SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm" 419 SUDOERS_OBJS="${SUDOERS_OBJS} solaris_audit.lo" 420 ;; 421 no) ;; 422 *) AC_MSG_ERROR([--with-solaris-audit does not take an argument.]) 423 ;; 424esac]) 425 426dnl 427dnl Handle SSSD support. 428dnl 429AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])], 430[case $with_sssd in 431 yes) SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo" 432 case "$SUDOERS_OBJS" in 433 *ldap_util.lo*) ;; 434 *) SUDOERS_OBJS="${SUDOERS_OBJS} ldap_util.lo";; 435 esac 436 AC_DEFINE(HAVE_SSSD) 437 ;; 438 no) ;; 439 *) AC_MSG_ERROR([--with-sssd does not take an argument.]) 440 ;; 441esac]) 442 443AC_ARG_WITH(sssd-conf, [AS_HELP_STRING([--with-sssd-conf], [path to the SSSD config file])]) 444sssd_conf="/etc/sssd/sssd.conf" 445test -n "$with_sssd_conf" && sssd_conf="$with_sssd_conf" 446SUDO_DEFINE_UNQUOTED(_PATH_SSSD_CONF, "$sssd_conf", [Path to the SSSD config file]) 447 448AC_ARG_WITH(sssd-lib, [AS_HELP_STRING([--with-sssd-lib], [path to the SSSD library])]) 449sssd_lib="\"LIBDIR\"" 450test -n "$with_sssd_lib" && sssd_lib="$with_sssd_lib" 451SUDO_DEFINE_UNQUOTED(_PATH_SSSD_LIB, "$sssd_lib", [Path to the SSSD library]) 452 453AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])], 454[case $with_incpath in 455 yes) AC_MSG_ERROR([must give --with-incpath an argument.]) 456 ;; 457 no) AC_MSG_ERROR([--without-incpath not supported.]) 458 ;; 459 *) AC_MSG_NOTICE([adding ${with_incpath} to CPPFLAGS]) 460 for i in ${with_incpath}; do 461 AX_APPEND_FLAG([-I${i}], [CPPFLAGS]) 462 done 463 ;; 464esac]) 465 466AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])], 467[case $with_libpath in 468 yes) AC_MSG_ERROR([must give --with-libpath an argument.]) 469 ;; 470 no) AC_MSG_ERROR([--without-libpath not supported.]) 471 ;; 472 *) AC_MSG_NOTICE([adding ${with_libpath} to LDFLAGS]) 473 ;; 474esac]) 475 476AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])], 477[case $with_libraries in 478 yes) AC_MSG_ERROR([must give --with-libraries an argument.]) 479 ;; 480 no) AC_MSG_ERROR([--without-libraries not supported.]) 481 ;; 482 *) AC_MSG_NOTICE([adding ${with_libraries} to LIBS]) 483 ;; 484esac]) 485 486AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])], 487[case $with_csops in 488 yes) AC_MSG_NOTICE([adding CSOps standard options]) 489 CHECKSIA=false 490 with_ignore_dot=yes 491 insults=on 492 with_classic_insults=yes 493 with_csops_insults=yes 494 with_env_editor=yes 495 : ${mansectsu='8'} 496 : ${mansectform='5'} 497 ;; 498 no) ;; 499 *) AC_MSG_WARN([ignoring unknown argument to --with-csops: $with_csops]) 500 ;; 501esac]) 502 503AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])], 504[case $with_passwd in 505 yes|no) AUTH_DEF="" 506 test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd" 507 ;; 508 *) AC_MSG_ERROR([sorry, --with-passwd does not take an argument.]) 509 ;; 510esac]) 511 512AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[[=DIR]]], [enable S/Key support ])], 513[case $with_skey in 514 no) ;; 515 *) AC_DEFINE(HAVE_SKEY) 516 AUTH_REG="$AUTH_REG S/Key" 517 ;; 518esac]) 519 520AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[[=DIR]]], [enable OPIE support ])], 521[case $with_opie in 522 no) ;; 523 *) AC_DEFINE(HAVE_OPIE) 524 AUTH_REG="$AUTH_REG NRL_OPIE" 525 ;; 526esac]) 527 528AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])], 529[case $with_long_otp_prompt in 530 yes) AC_DEFINE(LONG_OTP_PROMPT) 531 long_otp_prompt=on 532 ;; 533 no) long_otp_prompt=off 534 ;; 535 *) AC_MSG_ERROR([--with-long-otp-prompt does not take an argument.]) 536 ;; 537esac]) 538 539AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])], 540[case $with_SecurID in 541 no) ;; 542 *) AC_DEFINE(HAVE_SECURID) 543 AUTH_EXCL="$AUTH_EXCL SecurID" 544 ;; 545esac]) 546 547AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])], 548[case $with_fwtk in 549 no) ;; 550 *) AC_DEFINE(HAVE_FWTK) 551 AUTH_EXCL="$AUTH_EXCL FWTK" 552 ;; 553esac]) 554 555AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])], 556[case $with_kerb5 in 557 no) ;; 558 *) AUTH_REG="$AUTH_REG kerb5" 559 ;; 560esac]) 561 562AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])], 563[case $with_aixauth in 564 yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";; 565 no) ;; 566 *) AC_MSG_ERROR([--with-aixauth does not take an argument.]) 567 ;; 568esac]) 569 570AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])], 571[case $with_pam in 572 yes) AUTH_EXCL="$AUTH_EXCL PAM";; 573 no) ;; 574 *) AC_MSG_ERROR([--with-pam does not take an argument.]) 575 ;; 576esac]) 577 578AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])], 579[case $with_AFS in 580 yes) AC_DEFINE(HAVE_AFS) 581 AUTH_REG="$AUTH_REG AFS" 582 ;; 583 no) ;; 584 *) AC_MSG_ERROR([--with-AFS does not take an argument.]) 585 ;; 586esac]) 587 588AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])], 589[case $with_DCE in 590 yes) AC_DEFINE(HAVE_DCE) 591 AUTH_REG="$AUTH_REG DCE" 592 ;; 593 no) ;; 594 *) AC_MSG_ERROR([--with-DCE does not take an argument.]) 595 ;; 596esac]) 597 598AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])], 599[case $with_logincap in 600 yes|no) ;; 601 *) AC_MSG_ERROR([--with-logincap does not take an argument.]) 602 ;; 603esac]) 604 605AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])], 606[case $with_bsdauth in 607 yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";; 608 no) ;; 609 *) AC_MSG_ERROR([--with-bsdauth does not take an argument.]) 610 ;; 611esac]) 612 613AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])], 614[case $with_project in 615 yes|no) ;; 616 no) ;; 617 *) AC_MSG_ERROR([--with-project does not take an argument.]) 618 ;; 619esac]) 620 621AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])], 622[case $with_lecture in 623 yes|short|always) lecture=once 624 ;; 625 no|none|never) lecture=never 626 AC_DEFINE(NO_LECTURE) 627 ;; 628 *) AC_MSG_ERROR([unknown argument to --with-lecture: $with_lecture]) 629 ;; 630esac]) 631 632AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])], 633[case $with_logging in 634 yes) AC_MSG_ERROR([must give --with-logging an argument.]) 635 ;; 636 no) AC_MSG_ERROR([--without-logging not supported.]) 637 ;; 638 syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG) 639 ;; 640 file) AC_DEFINE(LOGGING, SLOG_FILE) 641 ;; 642 both) AC_DEFINE(LOGGING, SLOG_BOTH) 643 ;; 644 *) AC_MSG_ERROR([unknown argument to --with-logging: $with_logging]) 645 ;; 646esac], [ 647 with_logging=syslog 648 AC_DEFINE(LOGGING, SLOG_SYSLOG) 649]) 650 651AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])], 652[case $with_logfac in 653 yes) AC_MSG_ERROR([must give --with-logfac an argument.]) 654 ;; 655 no) AC_MSG_ERROR([--without-logfac not supported.]) 656 ;; 657 authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac 658 ;; 659 *) AC_MSG_ERROR([$with_logfac is not a supported syslog facility.]) 660 ;; 661esac]) 662 663AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])], 664[case $with_goodpri in 665 yes) AC_MSG_ERROR([must give --with-goodpri an argument.]) 666 ;; 667 no) AC_MSG_ERROR([--without-goodpri not supported.]) 668 ;; 669 alert|crit|debug|emerg|err|info|notice|warning) 670 goodpri=$with_goodpri 671 ;; 672 *) AC_MSG_ERROR([$with_goodpri is not a supported syslog priority.]) 673 ;; 674esac]) 675AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.]) 676 677AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])], 678[case $with_badpri in 679 yes) AC_MSG_ERROR([must give --with-badpri an argument.]) 680 ;; 681 no) AC_MSG_ERROR([--without-badpri not supported.]) 682 ;; 683 alert|crit|debug|emerg|err|info|notice|warning) 684 badpri=$with_badpri 685 ;; 686 *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.]) 687 ;; 688esac]) 689AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.]) 690 691AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])], 692[case $with_logpath in 693 yes) AC_MSG_ERROR([must give --with-logpath an argument.]) 694 ;; 695 no) AC_MSG_ERROR([--without-logpath not supported.]) 696 ;; 697esac]) 698 699AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])], 700[case $with_loglen in 701 yes) AC_MSG_ERROR([must give --with-loglen an argument.]) 702 ;; 703 no) AC_MSG_ERROR([--without-loglen not supported.]) 704 ;; 705 [[0-9]]*) loglen=$with_loglen 706 ;; 707 *) AC_MSG_ERROR([you must enter a number, not $with_loglen]) 708 ;; 709esac]) 710AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).]) 711 712AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])], 713[case $with_ignore_dot in 714 yes) ignore_dot=on 715 AC_DEFINE(IGNORE_DOT_PATH) 716 ;; 717 no) ignore_dot=off 718 ;; 719 *) AC_MSG_ERROR([--with-ignore-dot does not take an argument.]) 720 ;; 721esac]) 722 723AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])], 724[case $with_mail_if_no_user in 725 yes) mail_no_user=on 726 ;; 727 no) mail_no_user=off 728 ;; 729 *) AC_MSG_ERROR([--with-mail-if-no-user does not take an argument.]) 730 ;; 731esac]) 732if test "$mail_no_user" = "on"; then 733 AC_DEFINE(SEND_MAIL_WHEN_NO_USER) 734fi 735 736AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])], 737[case $with_mail_if_no_host in 738 yes) mail_no_host=on 739 AC_DEFINE(SEND_MAIL_WHEN_NO_HOST) 740 ;; 741 no) mail_no_host=off 742 ;; 743 *) AC_MSG_ERROR([--with-mail-if-no-host does not take an argument.]) 744 ;; 745esac]) 746 747AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])], 748[case $with_mail_if_noperms in 749 yes) mail_noperms=on 750 AC_DEFINE(SEND_MAIL_WHEN_NOT_OK) 751 ;; 752 no) mail_noperms=off 753 ;; 754 *) AC_MSG_ERROR([--with-mail-if-noperms does not take an argument.]) 755 ;; 756esac]) 757 758AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])], 759[case $with_mailto in 760 yes) AC_MSG_ERROR([must give --with-mailto an argument.]) 761 ;; 762 no) AC_MSG_ERROR([--without-mailto not supported.]) 763 ;; 764 *) mailto=$with_mailto 765 ;; 766esac]) 767AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.]) 768 769AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])], 770[case $with_mailsubject in 771 yes) AC_MSG_ERROR([must give --with-mailsubject an argument.]) 772 ;; 773 no) AC_MSG_WARN([sorry, --without-mailsubject not supported.]) 774 ;; 775 *) mailsub="$with_mailsubject" 776 ;; 777esac]) 778AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.]) 779 780AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])], 781[case $with_passprompt in 782 yes) AC_MSG_ERROR([must give --with-passprompt an argument.]) 783 ;; 784 no) AC_MSG_WARN([sorry, --without-passprompt not supported.]) 785 ;; 786 *) passprompt="$with_passprompt" 787esac]) 788AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.]) 789 790AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])], 791[case $with_badpass_message in 792 yes) AC_MSG_ERROR([must give --with-badpass-message an argument.]) 793 ;; 794 no) AC_MSG_WARN([sorry, --without-badpass-message not supported.]) 795 ;; 796 *) badpass_message="$with_badpass_message" 797 ;; 798esac]) 799AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.]) 800 801AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])], 802[case $with_fqdn in 803 yes) fqdn=on 804 AC_DEFINE(FQDN) 805 ;; 806 no) fqdn=off 807 ;; 808 *) AC_MSG_ERROR([--with-fqdn does not take an argument.]) 809 ;; 810esac]) 811 812AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir=DIR], [deprecated])], 813[case $with_timedir in 814 *) AC_MSG_ERROR([--without-timedir no longer supported, see --with-rundir.]) 815 ;; 816esac]) 817 818AC_ARG_WITH(rundir, [AS_HELP_STRING([--with-rundir=DIR], [directory for sudo-specific files that do not survive a system reboot, e.g. `/var/run/sudo'])], 819[case $with_rundir in 820 yes) AC_MSG_ERROR([must give --with-rundir an argument.]) 821 ;; 822 no) AC_MSG_ERROR([--without-rundir not supported.]) 823 ;; 824esac]) 825 826AC_ARG_WITH(vardir, [AS_HELP_STRING([--with-vardir=DIR], [directory for sudo-specific files that survive a system reboot, e.g. `/var/db/sudo' or `/var/lib/sudo'])], 827[case $with_vardir in 828 yes) AC_MSG_ERROR([must give --with-vardir an argument.]) 829 ;; 830 no) AC_MSG_ERROR([--without-vardir not supported.]) 831 ;; 832esac]) 833 834AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])], 835[case $with_iologdir in 836 yes) ;; 837 no) AC_MSG_ERROR([--without-iologdir not supported.]) 838 ;; 839esac]) 840 841AC_ARG_WITH(relaydir, [AS_HELP_STRING([--with-relaydir=DIR], [directory to store sudo_logsrvd relay temporary files in])], 842[case $with_relaydir in 843 yes) ;; 844 no) AC_MSG_ERROR([--without-relaydir not supported.]) 845 ;; 846esac]) 847 848AC_ARG_WITH(tzdir, [AS_HELP_STRING([--with-tzdir=DIR], [path to the time zone data directory])], 849[case $with_tzdir in 850 yes) AC_MSG_ERROR([must give --with-tzdir an argument.]) 851 ;; 852esac]) 853 854AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail]) 855AS_HELP_STRING([--without-sendmail], [do not send mail at all])], 856[case $with_sendmail in 857 yes) with_sendmail="" 858 ;; 859 no) ;; 860 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail") 861 ;; 862esac]) 863 864AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])], 865[case $with_sudoers_mode in 866 yes) AC_MSG_ERROR([must give --with-sudoers-mode an argument.]) 867 ;; 868 no) AC_MSG_ERROR([--without-sudoers-mode not supported.]) 869 ;; 870 [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode} 871 ;; 872 0*) SUDOERS_MODE=$with_sudoers_mode 873 ;; 874 *) AC_MSG_ERROR([you must use an octal mode, not a name.]) 875 ;; 876esac]) 877 878AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])], 879[case $with_sudoers_uid in 880 yes) AC_MSG_ERROR([must give --with-sudoers-uid an argument.]) 881 ;; 882 no) AC_MSG_ERROR([--without-sudoers-uid not supported.]) 883 ;; 884 [[0-9]]*) SUDOERS_UID=$with_sudoers_uid 885 ;; 886 *) AC_MSG_ERROR([you must use an unsigned numeric uid, not a name.]) 887 ;; 888esac]) 889 890AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])], 891[case $with_sudoers_gid in 892 yes) AC_MSG_ERROR([must give --with-sudoers-gid an argument.]) 893 ;; 894 no) AC_MSG_ERROR([--without-sudoers-gid not supported.]) 895 ;; 896 [[0-9]]*) SUDOERS_GID=$with_sudoers_gid 897 ;; 898 *) AC_MSG_ERROR([you must use an unsigned numeric gid, not a name.]) 899 ;; 900esac]) 901 902AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)]) 903AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])], 904[case $with_umask in 905 yes) AC_MSG_ERROR([must give --with-umask an argument.]) 906 ;; 907 no) sudo_umask=0777 908 ;; 909 [[0-9]]*) sudo_umask=$with_umask 910 ;; 911 *) AC_MSG_ERROR([you must enter a numeric mask.]) 912 ;; 913esac]) 914AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.]) 915 916AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])], 917[case $with_umask_override in 918 yes) AC_DEFINE(UMASK_OVERRIDE) 919 umask_override=on 920 ;; 921 no) umask_override=off 922 ;; 923 *) AC_MSG_ERROR([--with-umask-override does not take an argument.]) 924 ;; 925esac]) 926 927AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])], 928[case $with_runas_default in 929 yes) AC_MSG_ERROR([must give --with-runas-default an argument.]) 930 ;; 931 no) AC_MSG_ERROR([--without-runas-default not supported.]) 932 ;; 933 *) runas_default="$with_runas_default" 934 ;; 935esac]) 936AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.]) 937 938AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])], 939[case $with_exempt in 940 yes) AC_MSG_ERROR([must give --with-exempt an argument.]) 941 ;; 942 no) AC_MSG_ERROR([--without-exempt not supported.]) 943 ;; 944 *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").]) 945 ;; 946esac]) 947 948AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])], 949[case $with_editor in 950 yes) AC_MSG_ERROR([must give --with-editor an argument.]) 951 ;; 952 no) AC_MSG_ERROR([--without-editor not supported.]) 953 ;; 954 *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.]) 955 editor="$with_editor" 956 ;; 957esac], [AC_DEFINE(EDITOR, _PATH_VI)]) 958 959AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])], 960[case $with_env_editor in 961 yes) env_editor=on 962 ;; 963 no) env_editor=off 964 ;; 965 *) AC_MSG_ERROR([--with-env-editor does not take an argument.]) 966 ;; 967esac]) 968if test "$env_editor" = "on"; then 969 AC_DEFINE(ENV_EDITOR) 970fi 971 972AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])], 973[case $with_passwd_tries in 974 yes) ;; 975 no) AC_MSG_ERROR([--without-editor not supported.]) 976 ;; 977 [[1-9]]*) passwd_tries=$with_passwd_tries 978 ;; 979 *) AC_MSG_ERROR([you must enter the number of tries, > 0]) 980 ;; 981esac]) 982AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.]) 983 984AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])], 985[case $with_timeout in 986 yes) ;; 987 no) timeout=0 988 ;; 989 [[0-9]]*) timeout=$with_timeout 990 ;; 991 *) AC_MSG_ERROR([you must enter the number of minutes.]) 992 ;; 993esac]) 994AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.]) 995 996AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])], 997[case $with_password_timeout in 998 yes) ;; 999 no) password_timeout=0 1000 ;; 1001 [[0-9]]*) password_timeout=$with_password_timeout 1002 ;; 1003 *) AC_MSG_ERROR([you must enter the number of minutes.]) 1004 ;; 1005esac]) 1006AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).]) 1007 1008AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])], 1009[case $with_tty_tickets in 1010 yes) timestamp_type=tty 1011 ;; 1012 no) timestamp_type=global 1013 ;; 1014 *) AC_MSG_ERROR([--with-tty-tickets does not take an argument.]) 1015 ;; 1016esac]) 1017 1018AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])], 1019[case $with_insults in 1020 yes) insults=on 1021 AC_DEFINE(USE_INSULTS) 1022 with_classic_insults=yes 1023 with_csops_insults=yes 1024 ;; 1025 disabled) insults=off 1026 with_classic_insults=yes 1027 with_csops_insults=yes 1028 ;; 1029 no) insults=off 1030 ;; 1031 *) AC_MSG_ERROR([--with-insults does not take an argument.]) 1032 ;; 1033esac]) 1034 1035AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])], 1036[case $with_all_insults in 1037 yes) with_classic_insults=yes 1038 with_csops_insults=yes 1039 with_hal_insults=yes 1040 with_goons_insults=yes 1041 with_python_insults=yes 1042 ;; 1043 no) ;; 1044 *) AC_MSG_ERROR([--with-all-insults does not take an argument.]) 1045 ;; 1046esac]) 1047 1048AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])], 1049[case $with_classic_insults in 1050 yes) AC_DEFINE(CLASSIC_INSULTS) 1051 ;; 1052 no) ;; 1053 *) AC_MSG_ERROR([--with-classic-insults does not take an argument.]) 1054 ;; 1055esac]) 1056 1057AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])], 1058[case $with_csops_insults in 1059 yes) AC_DEFINE(CSOPS_INSULTS) 1060 ;; 1061 no) ;; 1062 *) AC_MSG_ERROR([--with-csops-insults does not take an argument.]) 1063 ;; 1064esac]) 1065 1066AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])], 1067[case $with_hal_insults in 1068 yes) AC_DEFINE(HAL_INSULTS) 1069 ;; 1070 no) ;; 1071 *) AC_MSG_ERROR([--with-hal-insults does not take an argument.]) 1072 ;; 1073esac]) 1074 1075AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])], 1076[case $with_goons_insults in 1077 yes) AC_DEFINE(GOONS_INSULTS) 1078 ;; 1079 no) ;; 1080 *) AC_MSG_ERROR([--with-goons-insults does not take an argument.]) 1081 ;; 1082esac]) 1083 1084AC_ARG_WITH(python-insults, [AS_HELP_STRING([--with-python-insults], [include the insults from "Monty Python's Flying Circus"])], 1085[case $with_python_insults in 1086 yes) AC_DEFINE(PYTHON_INSULTS) 1087 ;; 1088 no) ;; 1089 *) AC_MSG_ERROR([--with-python-insults does not take an argument.]) 1090 ;; 1091esac]) 1092 1093AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])], 1094[case $with_nsswitch in 1095 no) ;; 1096 yes) with_nsswitch="/etc/nsswitch.conf" 1097 ;; 1098 *) ;; 1099esac]) 1100 1101AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])], 1102[case $with_ldap in 1103 no) ;; 1104 *) AC_DEFINE(HAVE_LDAP) 1105 ;; 1106esac]) 1107 1108AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])]) 1109test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file" 1110SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file]) 1111 1112AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])]) 1113test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file" 1114SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file]) 1115 1116AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])], 1117[case $with_secure_path in 1118 yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" 1119 AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") 1120 secure_path="set to $with_secure_path" 1121 ;; 1122 no) ;; 1123 *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") 1124 secure_path="set to $with_secure_path" 1125 ;; 1126esac]) 1127 1128AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of network interfaces])], 1129[case $with_interfaces in 1130 yes) ;; 1131 no) AC_DEFINE(STUB_LOAD_INTERFACES) 1132 ;; 1133 *) AC_MSG_ERROR([--with-interfaces does not take an argument.]) 1134 ;; 1135esac]) 1136 1137AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])], 1138[case $with_askpass in 1139 yes) AC_MSG_ERROR([--with-askpass takes a path as an argument.]) 1140 ;; 1141 no) ;; 1142 *) ;; 1143esac], [ 1144 with_askpass=no 1145]) 1146if test X"$with_askpass" != X"no"; then 1147 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass") 1148else 1149 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, NULL) 1150fi 1151 1152AC_ARG_WITH(exampledir, [AS_HELP_STRING([--with-exampledir=DIR], [path to install sudo examples in])], 1153[case $with_exampledir in 1154 yes) AC_MSG_ERROR([must give --with-exampledir an argument.]) 1155 ;; 1156 no) AC_MSG_ERROR([--without-exampledir not supported.]) 1157 ;; 1158 *) exampledir="$with_exampledir" 1159esac]) 1160 1161AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir=DIR], [set directory to load plugins from])], 1162[case $with_plugindir in 1163 yes) AC_MSG_ERROR([must give --with-plugindir an argument.]) 1164 ;; 1165 no) AC_MSG_ERROR([--without-plugindir not supported.]) 1166 ;; 1167 *) plugindir="$with_plugindir" 1168 ;; 1169esac]) 1170 1171AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])], 1172[case $with_man in 1173 yes) MANTYPE=man 1174 ;; 1175 no) AC_MSG_ERROR([--without-man not supported.]) 1176 ;; 1177 *) AC_MSG_WARN([ignoring unknown argument to --with-man: $with_man.]) 1178 ;; 1179esac]) 1180 1181AC_ARG_WITH(mdoc, [AS_HELP_STRING([--with-mdoc], [manual pages use mdoc macros])], 1182[case $with_mdoc in 1183 yes) MANTYPE=mdoc 1184 ;; 1185 no) AC_MSG_ERROR([--without-mdoc not supported.]) 1186 ;; 1187 *) AC_MSG_WARN([ignoring unknown argument to --with-mdoc: $with_mdoc.]) 1188 ;; 1189esac]) 1190 1191dnl 1192dnl Options for --enable 1193dnl 1194 1195AC_ARG_ENABLE(authentication, 1196[AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])], 1197[ case "$enableval" in 1198 yes) ;; 1199 no) AC_DEFINE(NO_AUTHENTICATION) 1200 ;; 1201 *) AC_MSG_WARN([ignoring unknown argument to --enable-authentication: $enableval]) 1202 ;; 1203 esac 1204]) 1205 1206AC_ARG_ENABLE(root-mailer, 1207[AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])], 1208[ case "$enableval" in 1209 yes) ;; 1210 no) AC_DEFINE(NO_ROOT_MAILER) 1211 ;; 1212 *) AC_MSG_WARN([ignoring unknown argument to --enable-root-mailer: $enableval]) 1213 ;; 1214 esac 1215]) 1216 1217AC_ARG_ENABLE(setreuid, 1218[AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])], 1219[ case "$enableval" in 1220 no) SKIP_SETREUID=yes 1221 ;; 1222 *) ;; 1223 esac 1224]) 1225 1226AC_ARG_ENABLE(setresuid, 1227[AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])], 1228[ case "$enableval" in 1229 no) SKIP_SETRESUID=yes 1230 ;; 1231 *) ;; 1232 esac 1233]) 1234 1235AC_ARG_ENABLE(shadow, 1236[AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])], 1237[ case "$enableval" in 1238 yes) ;; 1239 no) CHECKSHADOW="false" 1240 ;; 1241 *) AC_MSG_WARN([ignoring unknown argument to --enable-shadow: $enableval]) 1242 ;; 1243 esac 1244]) 1245 1246AC_ARG_ENABLE(root-sudo, 1247[AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])], 1248[ case "$enableval" in 1249 yes) ;; 1250 no) AC_DEFINE(NO_ROOT_SUDO) 1251 root_sudo=off 1252 ;; 1253 *) AC_MSG_ERROR([--enable-root-sudo does not take an argument.]) 1254 ;; 1255 esac 1256]) 1257 1258AC_ARG_ENABLE(log-host, 1259[AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])], 1260[ case "$enableval" in 1261 yes) AC_DEFINE(HOST_IN_LOG) 1262 ;; 1263 no) ;; 1264 *) AC_MSG_WARN([ignoring unknown argument to --enable-log-host: $enableval]) 1265 ;; 1266 esac 1267], AC_MSG_RESULT(no)) 1268 1269AC_ARG_ENABLE(noargs-shell, 1270[AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])], 1271[ case "$enableval" in 1272 yes) AC_DEFINE(SHELL_IF_NO_ARGS) 1273 ;; 1274 no) ;; 1275 *) AC_MSG_WARN([ignoring unknown argument to --enable-noargs-shell: $enableval]) 1276 ;; 1277 esac 1278]) 1279 1280AC_ARG_ENABLE(shell-sets-home, 1281[AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])], 1282[ case "$enableval" in 1283 yes) AC_DEFINE(SHELL_SETS_HOME) 1284 ;; 1285 no) ;; 1286 *) AC_MSG_WARN([ignoring unknown argument to --enable-shell-sets-home: $enableval]) 1287 ;; 1288 esac 1289]) 1290 1291AC_ARG_ENABLE(path_info, 1292[AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])], 1293[ case "$enableval" in 1294 yes) ;; 1295 no) AC_DEFINE(DONT_LEAK_PATH_INFO) 1296 path_info=off 1297 ;; 1298 *) AC_MSG_WARN([ignoring unknown argument to --enable-path-info: $enableval]) 1299 ;; 1300 esac 1301]) 1302 1303AC_ARG_ENABLE(env_debug, 1304[AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])], 1305[ case "$enableval" in 1306 yes) AC_DEFINE(ENV_DEBUG) 1307 ;; 1308 no) ;; 1309 *) AC_MSG_WARN([ignoring unknown argument to --enable-env-debug: $enableval]) 1310 ;; 1311 esac 1312]) 1313 1314AC_ARG_ENABLE(zlib, 1315[AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])], 1316[], [enable_zlib=yes]) 1317AX_APPEND_FLAG([-DZLIB_CONST], [CPPFLAGS]) 1318 1319AC_ARG_ENABLE(env_reset, 1320[AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])], 1321[ case "$enableval" in 1322 yes) env_reset=on 1323 ;; 1324 no) env_reset=off 1325 ;; 1326 *) env_reset=on 1327 AC_MSG_WARN([ignoring unknown argument to --enable-env-reset: $enableval]) 1328 ;; 1329 esac 1330]) 1331if test "$env_reset" = "on"; then 1332 AC_DEFINE(ENV_RESET, 1) 1333else 1334 AC_DEFINE(ENV_RESET, 0) 1335fi 1336 1337AC_ARG_ENABLE(warnings, 1338[AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])], 1339[ case "$enableval" in 1340 yes) ;; 1341 no) ;; 1342 *) AC_MSG_WARN([ignoring unknown argument to --enable-warnings: $enableval]) 1343 ;; 1344 esac 1345]) 1346 1347AC_ARG_ENABLE(werror, 1348[AS_HELP_STRING([--enable-werror], [Whether to enable the -Werror compiler option])], 1349[ case "$enableval" in 1350 yes) ;; 1351 no) ;; 1352 *) AC_MSG_WARN([ignoring unknown argument to --enable-werror: $enableval]) 1353 ;; 1354 esac 1355]) 1356 1357AC_ARG_ENABLE(ssp, 1358[AS_HELP_STRING([--disable-ssp], [Do not compile using the -fstack-protector option.])], 1359[], [enable_ssp=yes]) 1360 1361AC_ARG_ENABLE(hardening, 1362[AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])], 1363[], [enable_hardening=yes]) 1364 1365AC_ARG_ENABLE(pie, 1366[AS_HELP_STRING([--enable-pie], [Build sudo as a position independent executable.])]) 1367 1368AC_ARG_ENABLE(sanitizer, 1369[AS_HELP_STRING([--enable-sanitizer], [Build sudo with sanitizer support.])], [ 1370if test X"$enable_sanitizer" = X"yes"; then 1371 enable_sanitizer="-fsanitize=address,undefined" 1372fi 1373], [enable_sanitizer=no]) 1374 1375AC_ARG_ENABLE(fuzzer, 1376[AS_HELP_STRING([--enable-fuzzer], [Build sudo with LLVM libFuzzer support.])], 1377[], [enable_fuzzer=no]) 1378 1379AC_ARG_ENABLE(fuzzer-engine, 1380[AS_HELP_STRING([--enable-fuzzer-engine], [Link fuzz targets with the specified fuzzer engine instead of the default.])], 1381[ case "$enableval" in 1382 yes) AC_MSG_ERROR([must give --enable-fuzzer-engine an argument.]) 1383 ;; 1384 no) ;; 1385 *) FUZZ_ENGINE="$enableval" 1386 ;; 1387 esac 1388]) 1389 1390AC_ARG_ENABLE(fuzzer-linker, 1391[AS_HELP_STRING([--enable-fuzzer-linker], [Use the specified linker when building fuzz targets instead of the default C compiler.])], 1392[ case "$enableval" in 1393 yes) AC_MSG_ERROR([must give --enable-fuzzer-linker an argument.]) 1394 ;; 1395 no) ;; 1396 *) FUZZ_LD="$enableval" 1397 ;; 1398 esac 1399]) 1400 1401AC_ARG_ENABLE(leaks, 1402[AS_HELP_STRING([--disable-leaks], [Prevent some harmless memory leaks.])], 1403[ case "$enableval" in 1404 yes) ;; 1405 no) AC_DEFINE(NO_LEAKS) 1406 ;; 1407 *) AC_MSG_WARN([ignoring unknown argument to --disable-leaks: $enableval]) 1408 ;; 1409 esac 1410]) 1411 1412AC_ARG_ENABLE(poll, 1413[AS_HELP_STRING([--disable-poll], [Use select() instead of poll().])]) 1414 1415AC_ARG_ENABLE(admin-flag, 1416[AS_HELP_STRING([--enable-admin-flag[[=PATH]]], [Whether to create a Ubuntu-style admin flag file])], 1417[ case "$enableval" in 1418 yes) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ADMIN_FLAG, "~/.sudo_as_admin_successful") 1419 ;; 1420 no) ;; 1421 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ADMIN_FLAG, "$enableval") 1422 ;; 1423 esac 1424]) 1425 1426AC_ARG_ENABLE(nls, 1427[AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])], 1428[], [enable_nls=yes]) 1429 1430AC_ARG_ENABLE(rpath, 1431[AS_HELP_STRING([--disable-rpath], [Disable passing of -Rpath to the linker])], 1432[], [enable_rpath=yes]) 1433 1434AC_ARG_ENABLE(static-sudoers, 1435[AS_HELP_STRING([--enable-static-sudoers], [Build the sudoers policy module as part of the sudo binary instead as a plugin])], 1436[], [enable_static_sudoers=no]) 1437 1438AC_ARG_ENABLE(shared_libutil, 1439[AS_HELP_STRING([--disable-shared-libutil], [Disable use of the libsudo_util shared library.])], 1440[], [enable_shared_libutil=yes]) 1441 1442AC_ARG_ENABLE(tmpfiles.d, 1443[AS_HELP_STRING([--enable-tmpfiles.d=DIR], [Set the path to the systemd tmpfiles.d directory.])], 1444[case $enableval in 1445 yes) TMPFILES_D=/usr/lib/tmpfiles.d 1446 ;; 1447 no) TMPFILES_D= 1448 ;; 1449 *) TMPFILES_D="$enableval" 1450esac], [ 1451 test -f /usr/lib/tmpfiles.d/systemd.conf && TMPFILES_D=/usr/lib/tmpfiles.d 1452]) 1453 1454AC_ARG_ENABLE(devsearch, 1455[AS_HELP_STRING([--enable-devsearch=PATH], [The colon-delimited path to search for device nodes when determining the tty name.])], 1456[case $enableval in 1457 yes) # use default value 1458 ;; 1459 no) AC_MSG_WARN([ignoring attempt to disable the device search path]) 1460 ;; 1461 *) devsearch="$enableval" 1462 ;; 1463esac]) 1464ds="`echo \"$devsearch\"|sed 's@/dev/*\([[^:]]*:*\)@_PATH_DEV \"\1\" @g'`" 1465SUDO_DEFINE_UNQUOTED(_PATH_SUDO_DEVSEARCH, $ds) 1466 1467AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])], 1468[case $with_selinux in 1469 yes) SELINUX_USAGE="[[-r role]] [[-t type]] " 1470 AC_DEFINE(HAVE_SELINUX) 1471 SUDO_LIBS="${SUDO_LIBS} -lselinux" 1472 SUDO_OBJS="${SUDO_OBJS} selinux.o" 1473 PROGS="${PROGS} sesh" 1474 SEMAN=1 1475 AC_CHECK_LIB(selinux, setkeycreatecon, 1476 [AC_DEFINE(HAVE_SETKEYCREATECON)]) 1477 ;; 1478 no) ;; 1479 *) AC_MSG_ERROR([--with-selinux does not take an argument.]) 1480 ;; 1481esac], [with_selinux=no]) 1482 1483AC_ARG_ENABLE(sasl, 1484[AS_HELP_STRING([--enable-sasl], [Enable/disable LDAP SASL support])], 1485[ case "$enableval" in 1486 yes|no) ;; 1487 *) AC_MSG_WARN([ignoring unknown argument to --enable-sasl: $enableval]) 1488 ;; 1489 esac 1490]) 1491 1492AC_ARG_ENABLE(timestamp-type, 1493[AS_HELP_STRING([--timestamp-type=TYPE], [Set the default time stamp record type to global, ppid or tty.])], 1494[ case "$enableval" in 1495 global|ppid|tty) 1496 timestamp_type=$enableval 1497 ;; 1498 *) AC_MSG_WARN([ignoring unknown argument to --enable-timestamp-type: $enableval]) 1499 ;; 1500 esac 1501]) 1502AC_DEFINE_UNQUOTED(TIMESTAMP_TYPE, $timestamp_type) 1503 1504AC_ARG_ENABLE(offensive_insults, 1505[AS_HELP_STRING([--enable-offensive-insults], [Enable potentially offensive sudo insults.])], 1506[], [enable_offensive_insults=no]) 1507if test "$enable_offensive_insults" = "yes"; then 1508 AC_DEFINE(OFFENSIVE_INSULTS) 1509fi 1510 1511AC_ARG_ENABLE(package_build, 1512[AS_HELP_STRING([--enable-package-build], [Enable options for package building.])], 1513[], [enable_package_build=no]) 1514 1515dnl 1516dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default 1517dnl 1518AC_ARG_ENABLE(gss_krb5_ccache_name, 1519[AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])], 1520[check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no]) 1521 1522AC_ARG_ENABLE(pvs-studio, 1523[AS_HELP_STRING([--enable-pvs-studio], [Create a PVS-Studio.cfg file.])]) 1524 1525AC_ARG_ENABLE(log-server, 1526[AS_HELP_STRING([--disable-log-server], [Disable building the sudo_logsrvd log server.])], 1527[ case "$enableval" in 1528 yes) 1529 ;; 1530 no) 1531 LOGSRV=# 1532 LOGSRVD_SRC= 1533 LOGSRVD_CONF= 1534 ;; 1535 *) AC_MSG_WARN([ignoring unknown argument to --enable-log-server: $enableval]) 1536 ;; 1537 esac 1538]) 1539 1540AC_ARG_ENABLE(log-client, 1541[AS_HELP_STRING([--disable-log-client], [Disable sudoers support for using the sudo_logsrvd log server.])], 1542[ case "$enableval" in 1543 yes) 1544 AC_DEFINE([SUDOERS_LOG_CLIENT]) 1545 ;; 1546 no) 1547 ;; 1548 *) AC_MSG_WARN([ignoring unknown argument to --enable-log-client: $enableval]) 1549 ;; 1550 esac 1551], [AC_DEFINE([SUDOERS_LOG_CLIENT])]) 1552 1553if test X"${enable_log_client}${enable_log_server}" = X"nono"; then 1554 # No need for liblogsrv.la 1555 LOGSRV_SRC= 1556 LIBLOGSRV= 1557fi 1558if test X"$LOGSRVD_SRC" != X""; then 1559 PPFILES="$PPFILES "'$(srcdir)/etc/sudo-logsrvd.pp' 1560fi 1561 1562dnl 1563dnl Do OpenSSL / gcrypt after logsrv options 1564dnl 1565AC_ARG_ENABLE(openssl, 1566[AS_HELP_STRING([--enable-openssl], [Use OpenSSL's TLS and sha2 functions])], 1567[], [ 1568 # Enable OpenSSL by default unless logsrvd and client are disabled 1569 if test X"${enable_log_client}${enable_log_server}" != X"nono"; then 1570 enable_openssl=maybe 1571 fi 1572]) 1573 1574AC_ARG_ENABLE(gcrypt, 1575[AS_HELP_STRING([--enable-gcrypt], [Use GNU crypt's sha2 functions])], [ 1576 if test "${enable_openssl-no}" != no; then 1577 AC_MSG_WARN([ignoring --enable-gcrypt when OpenSSL is enabled.]) 1578 enable_gcrypt=no 1579 fi 1580]) 1581 1582AC_ARG_ENABLE(python, 1583[AS_HELP_STRING([--enable-python], [Compile python plugin support])], 1584[ case "$enableval" in 1585 yes|no) 1586 ;; 1587 *) AC_MSG_WARN([ignoring unknown argument to --enable-python: $enableval]) 1588 ;; 1589 esac 1590]) 1591 1592dnl 1593dnl C compiler checks 1594dnl 1595AC_PROG_CPP 1596AC_CHECK_TOOL(AR, ar, false) 1597AC_CHECK_TOOL(RANLIB, ranlib, :) 1598if test X"$AR" = X"false"; then 1599 AC_MSG_ERROR([the "ar" utility is required to build sudo]) 1600fi 1601AX_PROG_CC_FOR_BUILD 1602 1603if test "x$ac_cv_prog_cc_c89" = "xno"; then 1604 AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.]) 1605fi 1606 1607dnl 1608dnl If the user specified --disable-static, override them or we'll 1609dnl be unable to build the executables in the sudoers plugin dir. 1610dnl 1611if test "$enable_static" = "no"; then 1612 AC_MSG_WARN([ignoring --disable-static, sudo does not install static libs]) 1613 enable_static=yes 1614fi 1615 1616dnl 1617dnl Set host variables and m4 macro dir 1618dnl 1619AC_CANONICAL_HOST 1620AC_CONFIG_MACRO_DIR([m4]) 1621 1622dnl 1623dnl On AIX we need to force libtool to install .so files for the plugins 1624dnl instead of a .a file that contains the .so. We do this by enabling 1625dnl runtime linking (where the .so file is installed). This must happen 1626dnl before the call to LT_INIT 1627dnl 1628case "$host_os" in 1629aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) 1630 AX_APPEND_FLAG([-Wl,-brtl], [LDFLAGS]) 1631 ;; 1632esac 1633 1634dnl 1635dnl On HP-UX 11.11 and higher (and hiuxmpp) we prefer dlopen() 1636dnl over shl_load(). Libtool defaults to shl_load() so we need 1637dnl to prime the cache to override that default. 1638dnl 1639case "$host_os" in 1640hiuxmpp*|hpux11.1[[1-9]]|hpux11.[[2-9]][[0-9]]|hpux1[[2-9]].*) 1641 # Prefer dlopen() over shl_load() 1642 : ${ac_cv_func_shl_load='no'} 1643 : ${ac_cv_lib_dld_shl_load='no'} 1644 ;; 1645esac 1646 1647dnl 1648dnl Libtool init, we require libtool 2.2.6b or higher 1649dnl 1650LT_PREREQ([2.2.6b]) 1651LT_INIT([dlopen]) 1652 1653dnl 1654dnl Allow the user to specify an alternate libtool. 1655dnl XXX - should be able to skip LT_INIT if we are using a different libtool 1656dnl 1657AC_ARG_WITH(libtool, [AS_HELP_STRING([--with-libtool=PATH], [specify path to libtool])], 1658[case $with_libtool in 1659 yes|builtin) ;; 1660 no) AC_MSG_ERROR([--without-libtool not supported.]) 1661 ;; 1662 system) LIBTOOL=libtool 1663 ;; 1664 *) LIBTOOL="$with_libtool" 1665 ;; 1666esac]) 1667 1668dnl 1669dnl Defer enable_intercept and with_noexec until after libtool magic runs 1670dnl 1671if test "$enable_shared" = "no"; then 1672 enable_intercept=no 1673 with_noexec=no 1674 enable_dlopen=no 1675 lt_cv_dlopen=none 1676 lt_cv_dlopen_libs= 1677 ac_cv_func_dlopen=no 1678 LT_LDFLAGS=-static 1679fi 1680LIBDL="$lt_cv_dlopen_libs" 1681SHLIB_ENABLE="$enable_dlopen" 1682 1683AC_ARG_ENABLE(intercept, 1684[AS_HELP_STRING([--enable-intercept], [fully qualified pathname of sudo_intercept.so])], 1685[ case "$enableval" in 1686 yes) ;; 1687 no) ;; 1688 *) intercept_file="$enableval" 1689 ;; 1690 esac 1691], [enable_intercept="$intercept_file"]) 1692INTERCEPTFILE="sudo_intercept.so" 1693INTERCEPTDIR="`echo $intercept_file|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`" 1694 1695AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[[=PATH]]], [fully qualified pathname of sudo_noexec.so])], 1696[case $with_noexec in 1697 yes) ;; 1698 no) ;; 1699 *) noexec_file="$with_noexec" 1700 ;; 1701esac], [with_noexec="$noexec_file"]) 1702NOEXECFILE="sudo_noexec.so" 1703NOEXECDIR="`echo $noexec_file|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`" 1704 1705dnl 1706dnl Find programs we use 1707dnl 1708AC_PATH_PROG(UNAMEPROG, [uname], [uname]) 1709AC_PATH_PROG(TRPROG, [tr], [tr]) 1710AC_PATH_PROG(MANDOCPROG, [mandoc], [mandoc]) 1711if test "$MANDOCPROG" != "mandoc"; then 1712 : ${MANTYPE='mdoc'} 1713else 1714 AC_PATH_PROG(NROFFPROG, [nroff]) 1715 if test -n "$NROFFPROG"; then 1716 test -n "$MANTYPE" && sudo_cv_var_mantype="$MANTYPE" 1717 AC_CACHE_CHECK([which macro set to use for manual pages], 1718 [sudo_cv_var_mantype], 1719 [ 1720 sudo_cv_var_mantype="man" 1721 echo ".Sh NAME" > conftest 1722 echo ".Nm sudo" >> conftest 1723 echo ".Nd sudo" >> conftest 1724 echo ".Sh DESCRIPTION" >> conftest 1725 echo "sudo" >> conftest 1726 if $NROFFPROG -mdoc conftest >/dev/null 2>&1; then 1727 sudo_cv_var_mantype="mdoc" 1728 fi 1729 rm -f conftest 1730 ] 1731 ) 1732 MANTYPE="$sudo_cv_var_mantype" 1733 else 1734 : ${MANTYPE='mdoc'} 1735 fi 1736fi 1737 1738dnl 1739dnl If a config.cache exists make sure it matches the current host. 1740dnl 1741if test -n "$sudo_cv_prev_host"; then 1742 if test "$sudo_cv_prev_host" != "$host"; then 1743 AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.]) 1744 fi 1745fi 1746AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host") 1747 1748dnl 1749dnl We want to be able to differentiate between different rev's 1750dnl 1751if test -n "$host_os"; then 1752 OS=`echo $host_os | sed 's/[[0-9]].*//'` 1753 OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'` 1754 OSMAJOR=`echo $OSREV | sed 's/\..*$//'` 1755else 1756 OS="unknown" 1757 OSREV=0 1758 OSMAJOR=0 1759fi 1760 1761case "$host" in 1762 *-*-solaris2*) 1763 AC_DEFINE([PAM_SUN_CODEBASE]) 1764 1765 # LD_PRELOAD is space-delimited 1766 RTLD_PRELOAD_DELIM=" " 1767 1768 # illumos has a broken fmemopen(3) 1769 if test X"`uname -o 2>/dev/null`" = X"illumos"; then 1770 : ${ac_cv_func_fmemopen='no'} 1771 fi 1772 1773 # Solaris-specific initialization 1774 OS_INIT=os_init_solaris 1775 SUDO_OBJS="${SUDO_OBJS} solaris.o" 1776 1777 # AFS support needs -lucb 1778 if test "$with_AFS" = "yes"; then 1779 AFS_LIBS="-lc -lucb" 1780 fi 1781 : ${mansectsu='1m'} 1782 : ${mansectform='4'} 1783 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 1784 AC_CHECK_FUNCS([priv_set], [PSMAN=1]) 1785 ;; 1786 *-*-aix*) 1787 AC_DEFINE([PAM_SUN_CODEBASE]) 1788 1789 # To get all prototypes (so we pass -Wall) 1790 AC_DEFINE([_LINUX_SOURCE_COMPAT]) 1791 1792 # For AIX we build in support for both LAM and PAM 1793 # and choose which to use based on auth_type in 1794 # /etc/security/login.cfg 1795 if test X"${with_pam}${with_aixauth}" = X""; then 1796 AUTH_EXCL_DEF="AIX_AUTH PAM" 1797 fi 1798 1799 # AIX analog of nsswitch.conf, enabled by default 1800 AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])], 1801 [case $with_netsvc in 1802 no) ;; 1803 yes) with_netsvc="/etc/netsvc.conf" 1804 ;; 1805 *) ;; 1806 esac]) 1807 if test -z "$with_nsswitch" -a -z "$with_netsvc"; then 1808 with_netsvc="/etc/netsvc.conf" 1809 fi 1810 1811 # LDR_PRELOAD is only supported in AIX 5.3 and later 1812 case "$OSREV" in 1813 [[1-4]].*) with_noexec=no;; 1814 5.[[1-2]]*) with_noexec=no;; 1815 *) RTLD_PRELOAD_VAR="LDR_PRELOAD";; 1816 esac 1817 1818 # cfmakeraw is broken on AIX (and is not documented) 1819 : ${ac_cv_func_cfmakeraw='no'} 1820 1821 # strnlen/strndup may be broken on AIX < 6 depending 1822 # on the libc version, use our own. 1823 if test $OSMAJOR -lt 6; then 1824 : ${ac_cv_func_strnlen='no'} 1825 fi 1826 1827 # fmemopen(3) may be broken on AIX < 7.1 depending 1828 # on the libc version. 1829 if test $OSMAJOR -lt 7; then 1830 : ${ac_cv_func_fmemopen='no'} 1831 fi 1832 1833 # getdelim() may or may not be present on AIX <= 6.1. 1834 # bos610 is missing getdelim but bos61J has it. 1835 if test "$enable_package_build" = "yes"; then 1836 if test $OSMAJOR -le 6; then 1837 : ${ac_cv_func_getdelim='no'} 1838 fi 1839 fi 1840 1841 # memset_s() may or may ont be present on AIX <= 7.1. 1842 # bos710 is missing memset_s but bos71L has it. 1843 if test "$enable_package_build" = "yes"; then 1844 if test $OSMAJOR -le 7; then 1845 : ${ac_cv_func_memset_s='no'} 1846 fi 1847 fi 1848 1849 # Remove timedir on boot, AIX does not have /var/run 1850 INIT_SCRIPT=aix.sh 1851 INIT_DIR=/etc/rc.d/init.d 1852 RC_LINK=/etc/rc.d/rc2.d/S90sudo 1853 1854 # AIX-specific functions 1855 AC_CHECK_FUNCS([getuserattr setrlimit64]) 1856 AC_CHECK_FUNCS([setauthdb], 1857 [AC_CHECK_TYPES([authdb_t], [], [], [#include <usersec.h>])]) 1858 1859 COMMON_OBJS="${COMMON_OBJS} aix.lo" 1860 SUDO_APPEND_COMPAT_EXP(aix_prep_user_v1 aix_restoreauthdb_v1 aix_setauthdb_v1 aix_setauthdb_v2 aix_getauthregistry_v1) 1861 1862 # These prototypes may be missing 1863 AC_CHECK_DECLS([usrinfo], [], [], [ 1864#include <sys/types.h> 1865#include <uinfo.h> 1866 ]) 1867 AC_CHECK_DECLS([setauthdb], [], [], [ 1868#include <sys/types.h> 1869#include <usersec.h> 1870 ]) 1871 ;; 1872 *-*-hiuxmpp*) 1873 AC_DEFINE([PAM_SUN_CODEBASE]) 1874 1875 : ${mansectsu='1m'} 1876 : ${mansectform='4'} 1877 1878 # HP-UX does not clear /var/run so we need to do it 1879 INIT_SCRIPT=hpux.sh 1880 INIT_DIR=/sbin/init.d 1881 RC_LINK=/sbin/rc2.d/S900sudo 1882 1883 # HP-UX shared libs must be executable. 1884 # Load time is much greater if writable so use 0555. 1885 SHLIB_MODE=0555 1886 1887 # HP-UX won't unlink a shared lib that is open 1888 INSTALL_BACKUP='~' 1889 1890 AC_CHECK_FUNCS([pstat_getproc gethrtime]) 1891 ;; 1892 *-*-hpux*) 1893 AC_DEFINE([PAM_SUN_CODEBASE]) 1894 1895 # AFS support needs -lBSD 1896 if test "$with_AFS" = "yes"; then 1897 AFS_LIBS="-lc -lBSD" 1898 fi 1899 : ${mansectsu='1m'} 1900 : ${mansectform='4'} 1901 1902 # HP-UX does not clear /var/run so we need to do it 1903 INIT_SCRIPT=hpux.sh 1904 INIT_DIR=/sbin/init.d 1905 RC_LINK=/sbin/rc2.d/S900sudo 1906 1907 # HP-UX shared libs must be executable. 1908 # Load time is much greater if writable so use 0555. 1909 SHLIB_MODE=0555 1910 1911 # HP-UX won't unlink a shared lib that is open 1912 INSTALL_BACKUP='~' 1913 1914 # The HP bundled compiler cannot generate shared libs 1915 if test -z "$GCC"; then 1916 AC_CACHE_CHECK([for HP bundled C compiler], 1917 [sudo_cv_var_hpccbundled], 1918 [if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then 1919 sudo_cv_var_hpccbundled=yes 1920 else 1921 sudo_cv_var_hpccbundled=no 1922 fi] 1923 ) 1924 if test "$sudo_cv_var_hpccbundled" = "yes"; then 1925 AC_MSG_ERROR([The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead.]) 1926 fi 1927 fi 1928 1929 # Build PA-RISC1.1 objects for better portability 1930 case "$host_cpu" in 1931 hppa[[2-9]]*) 1932 _CFLAGS="$CFLAGS" 1933 if test -n "$GCC"; then 1934 portable_flag="-march=1.1" 1935 else 1936 portable_flag="+DAportable" 1937 fi 1938 CFLAGS="$CFLAGS $portable_flag" 1939 AC_CACHE_CHECK([whether $CC understands $portable_flag], 1940 [sudo_cv_var_daportable], 1941 [AC_LINK_IFELSE( 1942 [AC_LANG_PROGRAM([[]], [[]])], 1943 [sudo_cv_var_daportable=yes], 1944 [sudo_cv_var_daportable=no] 1945 ) 1946 ] 1947 ) 1948 if test X"$sudo_cv_var_daportable" != X"yes"; then 1949 CFLAGS="$_CFLAGS" 1950 fi 1951 ;; 1952 esac 1953 1954 case "$host_os" in 1955 hpux10.*) 1956 shadow_funcs="getprpwnam iscomsec" 1957 shadow_libs="-lsec" 1958 # HP-UX 10.x doesn't support LD_PRELOAD 1959 with_noexec=no 1960 ;; 1961 *) 1962 shadow_funcs="getspnam iscomsec" 1963 shadow_libs="-lsec" 1964 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 1965 ;; 1966 esac 1967 AC_CHECK_FUNCS([pstat_getproc gethrtime]) 1968 ;; 1969 *-dec-osf*) 1970 # ignore envariables wrt dynamic lib path 1971 AX_APPEND_FLAG([-Wl,-no_library_replacement], [SUDO_LDFLAGS]) 1972 1973 : ${CHECKSIA='true'} 1974 AC_ARG_ENABLE(sia, 1975 [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])], 1976 [ case "$enableval" in 1977 yes) CHECKSIA=true 1978 ;; 1979 no) CHECKSIA=false 1980 ;; 1981 *) AC_MSG_WARN([ignoring unknown argument to --enable-sia: $enableval]) 1982 ;; 1983 esac 1984 ]) 1985 1986 shadow_funcs="getprpwnam dispcrypt" 1987 # OSF/1 4.x and higher need -ldb too 1988 if test $OSMAJOR -lt 4; then 1989 shadow_libs="-lsecurity -laud -lm" 1990 else 1991 shadow_libs="-lsecurity -ldb -laud -lm" 1992 fi 1993 1994 # use SIA by default, if we have it 1995 test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA" 1996 1997 # 1998 # Some versions of Digital Unix ship with a broken 1999 # copy of prot.h, which we need for shadow passwords. 2000 # XXX - make should remove this as part of distclean 2001 # 2002 AC_MSG_CHECKING([for broken prot.h]) 2003 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2004#include <sys/types.h> 2005#include <sys/security.h> 2006#include <prot.h> 2007 ]], [[return(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally]) 2008 sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h 2009 ]) 2010 # ":DEFAULT" must be appended to _RLD_LIST 2011 RTLD_PRELOAD_VAR="_RLD_LIST" 2012 RTLD_PRELOAD_DEFAULT="DEFAULT" 2013 : ${mansectsu='8'} 2014 : ${mansectform='4'} 2015 ;; 2016 *-*-irix*) 2017 AC_DEFINE([_BSD_TYPES]) 2018 if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then 2019 if test -d "/usr/share/man/local"; then 2020 mandir="/usr/share/man/local" 2021 else 2022 mandir="/usr/man/local" 2023 fi 2024 fi 2025 # IRIX <= 4 needs -lsun 2026 if test "$OSMAJOR" -le 4; then 2027 AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"]) 2028 fi 2029 # ":DEFAULT" must be appended to _RLD_LIST 2030 RTLD_PRELOAD_VAR="_RLD_LIST" 2031 RTLD_PRELOAD_DEFAULT="DEFAULT" 2032 : ${mansectsu='1m'} 2033 : ${mansectform='4'} 2034 ;; 2035 *-*-linux*|*-*-k*bsd*-gnu) 2036 shadow_funcs="getspnam" 2037 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 2038 # Check for SECCOMP_SET_MODE_FILTER in linux/seccomp.h 2039 AC_CHECK_DECLS([SECCOMP_SET_MODE_FILTER], [], [], [ 2040#include <sys/types.h> 2041#include <sys/prctl.h> 2042#include <asm/unistd.h> 2043#include <linux/seccomp.h> 2044#include <linux/filter.h> 2045 ]) 2046 # We call getrandom via syscall(3) in case it is not in libc 2047 AC_CHECK_HEADERS([linux/random.h]) 2048 ;; 2049 *-*-gnu*) 2050 # lockf() is broken on the Hurd 2051 ac_cv_func_lockf=no 2052 ;; 2053 *-*-sco*|*-sco-*) 2054 shadow_funcs="getprpwnam" 2055 shadow_libs="-lprot -lx" 2056 : ${mansectsu='1m'} 2057 : ${mansectform='4'} 2058 ;; 2059 m88k-motorola-sysv*) 2060 # motorolla's cc (a variant of gcc) does -O but not -O2 2061 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'` 2062 : ${mansectsu='1m'} 2063 : ${mansectform='4'} 2064 ;; 2065 *-sequent-sysv*) 2066 shadow_funcs="getspnam" 2067 shadow_libs="-lsec" 2068 : ${mansectsu='1m'} 2069 : ${mansectform='4'} 2070 ;; 2071 *-ncr-sysv4*|*-ncr-sysvr4*) 2072 AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"]) 2073 : ${mansectsu='1m'} 2074 : ${mansectform='4'} 2075 ;; 2076 *-ccur-sysv4*|*-ccur-sysvr4*) 2077 LIBS="${LIBS} -lgen" 2078 : ${mansectsu='1m'} 2079 : ${mansectform='4'} 2080 ;; 2081 *-*-bsdi*) 2082 SKIP_SETREUID=yes 2083 # Check for newer BSD auth API 2084 if test -z "$with_bsdauth"; then 2085 AC_CHECK_FUNCS([auth_challenge], [AUTH_EXCL_DEF="BSD_AUTH"]) 2086 fi 2087 ;; 2088 *-*-freebsd*) 2089 AC_DEFINE([_BSD_SOURCE]) 2090 2091 # FreeBSD has a real setreuid(2) starting with 2.1 and 2092 # backported to 2.0.5. We just take 2.1 and above... 2093 case "$OSREV" in 2094 0.*|1.*|2.0*) 2095 SKIP_SETREUID=yes 2096 ;; 2097 esac 2098 if test "${with_skey-'no'}" = "yes"; then 2099 SUDOERS_LIBS="${SUDOERS_LIBS} -lmd" 2100 fi 2101 CHECKSHADOW="false" 2102 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 2103 : ${with_logincap='maybe'} 2104 2105 # Examples go in share/examples/sudo 2106 if test X"$with_exampledir" = X""; then 2107 exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)' 2108 fi 2109 ;; 2110 *-*-*openbsd*) 2111 AC_DEFINE([_BSD_SOURCE]) 2112 2113 # OpenBSD-specific initialization 2114 OS_INIT=os_init_openbsd 2115 SUDO_OBJS="${SUDO_OBJS} openbsd.o" 2116 2117 # OpenBSD has a real setreuid(2) starting with 3.3 but 2118 # we will use setresuid(2) instead. 2119 SKIP_SETREUID=yes 2120 2121 # OpenBSD >= 3.0 supports BSD auth 2122 if test -z "$with_bsdauth"; then 2123 if test "$OSMAJOR" -ge 3; then 2124 AUTH_EXCL_DEF="BSD_AUTH" 2125 fi 2126 fi 2127 : ${with_logincap='maybe'} 2128 2129 # Newer OpenBSD only fills in pw_password for getpwnam_shadow() 2130 shadow_funcs="getpwnam_shadow" 2131 2132 # Examples go in share/examples/sudo 2133 if test X"$with_exampledir" = X""; then 2134 exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)' 2135 fi 2136 ;; 2137 *-*-*netbsd*) 2138 # NetBSD has a real setreuid(2) starting with 1.3.2 2139 case "$OSREV" in 2140 0.9*|1.[[012]]*|1.3|1.3.1) 2141 SKIP_SETREUID=yes 2142 ;; 2143 esac 2144 CHECKSHADOW="false" 2145 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 2146 : ${with_logincap='maybe'} 2147 2148 # For reallocarray() 2149 AC_DEFINE([_OPENBSD_SOURCE]) 2150 2151 # Examples go in share/examples/sudo 2152 if test X"$with_exampledir" = X""; then 2153 exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)' 2154 fi 2155 ;; 2156 *-*-dragonfly*) 2157 AC_DEFINE([_BSD_SOURCE]) 2158 2159 if test "${with_skey-'no'}" = "yes"; then 2160 SUDOERS_LIBS="${SUDOERS_LIBS} -lmd" 2161 fi 2162 CHECKSHADOW="false" 2163 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 2164 : ${with_logincap='yes'} 2165 2166 # Examples go in share/examples/sudo 2167 if test X"$with_exampledir" = X""; then 2168 exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)' 2169 fi 2170 ;; 2171 *-*-*bsd*) 2172 CHECKSHADOW="false" 2173 # Examples go in share/examples/sudo 2174 if test X"$with_exampledir" = X""; then 2175 exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)' 2176 fi 2177 ;; 2178 *-*-darwin*) 2179 # Darwin has a real setreuid(2) starting with 9.0 2180 if test $OSMAJOR -lt 9; then 2181 SKIP_SETREUID=yes 2182 fi 2183 CHECKSHADOW="false" 2184 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 2185 : ${with_logincap='yes'} 2186 # Darwin has a broken poll() 2187 : ${enable_poll='no'} 2188 # Darwin 8 and above can interpose library symbols cleanly 2189 if test $OSMAJOR -ge 8; then 2190 AC_DEFINE(HAVE___INTERPOSE) 2191 dlyld_interpose=yes 2192 else 2193 RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" 2194 fi 2195 RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" 2196 2197 # Build sudo_noexec.so as a shared library, not a module. 2198 # On Darwin, modules and shared libraries are incompatible. 2199 PRELOAD_MODULE= 2200 2201 # Mach monotonic timer that runs while sleeping 2202 AC_CHECK_FUNCS([mach_continuous_time]) 2203 2204 # Undocumented API that dynamically allocates the groups. 2205 AC_CHECK_FUNCS([getgrouplist_2], [AC_CHECK_DECLS([getgrouplist_2])]) 2206 2207 # We need to force a flat namespace to make libc 2208 # symbol hooking work like it does on ELF. 2209 AX_CHECK_LINK_FLAG([-Wl,-force_flat_namespace], [AX_APPEND_FLAG([-Wl,-force_flat_namespace], [SUDO_LDFLAGS])]) 2210 2211 # Examples go in share/examples/sudo 2212 if test X"$with_exampledir" = X""; then 2213 exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)' 2214 fi 2215 ;; 2216 *-*-nextstep*) 2217 # lockf() is broken on the NeXT 2218 ac_cv_func_lockf=no 2219 RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" 2220 RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" 2221 ;; 2222 *-*-*sysv4*) 2223 : ${mansectsu='1m'} 2224 : ${mansectform='4'} 2225 ;; 2226 *-*-*sco3.2*) # SCO OpenServer 5 2227 : ${mansectsu='1'} 2228 : ${mansectform='4'} 2229 shadow_funcs="getprpwnam" 2230 shadow_libs="-lprot" 2231 ;; 2232# UnixWare 7.x, OpenUNIX 8 2233 *-*-*sysv5*) 2234 : ${mansectsu='1'} 2235 : ${mansectform='4'} 2236 case "$host" in 2237 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 2238 shadow_funcs="getprpwnam" 2239 shadow_libs="-lprot" 2240 ;; 2241 *) shadow_funcs="getspnam" 2242 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 2243 ;; 2244 esac 2245 ;; 2246 *-*-sysv*) 2247 : ${mansectsu='1m'} 2248 : ${mansectform='4'} 2249 ;; 2250esac 2251 2252if test X"$enable_pvs_studio" = X"yes"; then 2253 # Determine preprocessor type 2254 case "$CC" in 2255 *clang*) preprocessor=clang;; 2256 *gcc*) preprocessor=gcc;; 2257 *) 2258 case `$CC --version 2>&1` in 2259 *clang*) preprocessor=clang;; 2260 *gcc*) preprocessor=gcc;; 2261 *) AC_MSG_ERROR([Compiler must be gcc or clang for PVS-Studio.]);; 2262 esac 2263 ;; 2264 esac 2265 2266 # Determine platform (currently linux or macos) 2267 case "$host" in 2268 x86_64-*-linux*) pvs_platform=linux64;; 2269 *86-*-linux*) pvs_platform=linux32;; 2270 darwin*) pvs_platform=macos;; 2271 *) AC_MSG_ERROR([PVS-Studio does not support $host_os.]);; 2272 esac 2273 2274 # create basic PVS-Studio.cfg file 2275 cat > PVS-Studio.cfg <<-EOF 2276 preprocessor = $preprocessor 2277 platform = $pvs_platform 2278 analysis-mode = 4 2279 language = C 2280EOF 2281fi 2282 2283dnl 2284dnl Library preloading to support NOEXEC 2285dnl 2286if test X"$enable_intercept" = X"no"; then 2287 intercept_file=disabled 2288fi 2289if test X"$with_noexec" = X"no"; then 2290 noexec_file=disabled 2291fi 2292if test X"${intercept_file} ${noexec_file}" != X"disabled disabled"; then 2293 SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_VAR, "$RTLD_PRELOAD_VAR") 2294 SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DELIM, '$RTLD_PRELOAD_DELIM') 2295 if test -n "$RTLD_PRELOAD_DEFAULT"; then 2296 SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DEFAULT, "$RTLD_PRELOAD_DEFAULT") 2297 fi 2298 if test -n "$RTLD_PRELOAD_ENABLE_VAR"; then 2299 SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_ENABLE_VAR, "$RTLD_PRELOAD_ENABLE_VAR") 2300 fi 2301fi 2302 2303dnl 2304dnl Check for mixing mutually exclusive and regular auth methods 2305dnl 2306AUTH_REG=${AUTH_REG# } 2307AUTH_EXCL=${AUTH_EXCL# } 2308if test -n "$AUTH_EXCL"; then 2309 if test -n "$AUTH_REG"; then 2310 AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods]) 2311 fi 2312fi 2313dnl 2314dnl Only one of S/Key and OPIE may be specified 2315dnl 2316if test X"${with_skey}${with_opie}" = X"yesyes"; then 2317 AC_MSG_ERROR([cannot use both S/Key and OPIE]) 2318fi 2319 2320dnl 2321dnl Use BSD-style man sections by default 2322dnl 2323: ${mansectsu='8'} 2324: ${mansectform='5'} 2325 2326dnl 2327dnl Add in any libpaths or libraries specified via configure 2328dnl 2329if test -n "$with_libpath"; then 2330 for i in ${with_libpath}; do 2331 SUDO_APPEND_LIBPATH(LDFLAGS, [$i]) 2332 done 2333fi 2334if test -n "$with_libraries"; then 2335 for i in ${with_libraries}; do 2336 case $i in 2337 -l*) ;; 2338 *.a) ;; 2339 *.o) ;; 2340 *) i="-l${i}";; 2341 esac 2342 LIBS="${LIBS} ${i}" 2343 done 2344fi 2345 2346dnl 2347dnl C compiler checks (to be done after os checks) 2348dnl 2349AC_C_CONST 2350AC_C_INLINE 2351AC_C_VOLATILE 2352AC_MSG_CHECKING([for variadic macro support in cpp]) 2353AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ 2354AC_INCLUDES_DEFAULT 2355#if defined(__GNUC__) && __GNUC__ == 2 2356# define sudo_fprintf(fp, fmt...) fprintf((fp), (fmt)) 2357#else 2358# define sudo_fprintf(fp, ...) fprintf((fp), __VA_ARGS__) 2359#endif 2360], [sudo_fprintf(stderr, "a %s", "test");])], [AC_MSG_RESULT([yes])], 2361[AC_MSG_RESULT([no]) 2362 AC_DEFINE([NO_VARIADIC_MACROS], [1], [Define if your C preprocessor does not support variadic macros.]) 2363 AC_MSG_WARN([your C preprocessor doesn't support variadic macros, debugging support will be limited]) 2364 SUDO_APPEND_COMPAT_EXP(sudo_debug_printf_nvm_v1) 2365]) 2366 2367dnl 2368dnl Program checks 2369dnl 2370AC_PROG_AWK 2371AC_PROG_YACC 2372AC_PATH_PROG([FLEX], [flex], [flex]) 2373SUDO_PROG_MV 2374SUDO_PROG_BSHELL 2375if test -z "$with_sendmail"; then 2376 SUDO_PROG_SENDMAIL 2377 with_sendmail="$ac_cv_path_SENDMAILPROG" 2378fi 2379SUDO_PROG_VI 2380dnl 2381dnl Use fully-qualified path to vi in the manual 2382dnl 2383if test -z "$with_editor"; then 2384 editor="$ac_cv_path_VIPROG" 2385fi 2386dnl 2387dnl Check for authpriv support in syslog 2388dnl 2389if test X"$with_logfac" = X""; then 2390 AC_CHECK_DECL([LOG_AUTHPRIV], [logfac=authpriv], [], [#include <syslog.h>]) 2391fi 2392AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.]) 2393dnl 2394dnl Header file checks 2395dnl 2396AC_HEADER_DIRENT 2397AC_HEADER_STDBOOL 2398AC_HEADER_MAJOR 2399AC_CHECK_HEADERS_ONCE([netgroup.h paths.h spawn.h wordexp.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h sys/syscall.h sys/statvfs.h]) 2400AC_CHECK_HEADERS([utmps.h] [utmpx.h], [break]) 2401AC_CHECK_HEADERS([endian.h] [sys/endian.h] [machine/endian.h], [break]) 2402AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS([_ttyname_dev])], [], [AC_INCLUDES_DEFAULT 2403#ifdef HAVE_PROCFS_H 2404#include <procfs.h> 2405#endif 2406#ifdef HAVE_SYS_PROCFS_H 2407#include <sys/procfs.h> 2408#endif 2409])] 2410break) 2411# 2412# Check for large file support. 2413# 2414AC_SYS_LARGEFILE 2415# 2416# HP-UX may need to define _XOPEN_SOURCE_EXTENDED to expose MSG_WAITALL. 2417# Also, HP-UX 11.23 has a broken sys/types.h when large files support 2418# is enabled and _XOPEN_SOURCE_EXTENDED is not also defined. 2419# The following test will define _XOPEN_SOURCE_EXTENDED in either case. 2420# 2421case "$host_os" in 2422 hpux*) 2423 AC_CACHE_CHECK([whether sys/socket.h needs _XOPEN_SOURCE_EXTENDED for MSG_WAITALL], [sudo_cv_xopen_source_extended], 2424 [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT 2425# include <sys/socket.h>], [int a = MSG_WAITALL; return a;])], 2426 [sudo_cv_xopen_source_extended=no], [ 2427 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#define _XOPEN_SOURCE_EXTENDED 2428 AC_INCLUDES_DEFAULT 2429# include <sys/socket.h> 2430# include <net/if.h>], [int a = MSG_WAITALL; return a;])], 2431 [sudo_cv_xopen_source_extended=yes], 2432 [sudo_cv_xopen_source_extended=error]) 2433 ])]) 2434 if test "$sudo_cv_xopen_source_extended" = "yes"; then 2435 AC_DEFINE([_XOPEN_SOURCE_EXTENDED]) 2436 fi 2437 ;; 2438esac 2439AC_SYS_POSIX_TERMIOS 2440if test "$ac_cv_sys_posix_termios" != "yes"; then 2441 AC_MSG_ERROR([must have POSIX termios to build sudo]) 2442fi 2443SUDO_MAILDIR 2444if test ${with_logincap-'no'} != "no"; then 2445 AC_CHECK_HEADERS([login_cap.h], [LOGINCAP_USAGE='[[-c class]] '; LCMAN=1 2446 with_logincap=yes 2447 case "$OS" in 2448 freebsd*|netbsd*) 2449 SUDO_LIBS="${SUDO_LIBS} -lutil" 2450 SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" 2451 ;; 2452 esac 2453 ]) 2454fi 2455if test ${with_project-'no'} != "no"; then 2456 AC_CHECK_HEADER(project.h, [ 2457 AC_CHECK_LIB(project, setproject, [ 2458 AC_DEFINE(HAVE_PROJECT_H) 2459 SUDO_LIBS="${SUDO_LIBS} -lproject" 2460 ]) 2461 ], [with_project=no]) 2462fi 2463dnl 2464dnl typedef checks 2465dnl 2466AC_TYPE_MODE_T 2467AC_TYPE_UID_T 2468AC_CHECK_TYPE([clockid_t], [], [AC_DEFINE(clockid_t, int)], [#include <sys/types.h> 2469#include <time.h>]) 2470AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h> 2471#include <signal.h>]) 2472AC_CHECK_TYPES([struct in6_addr], [], [], [#include <sys/types.h> 2473#include <netinet/in.h>]) 2474AC_TYPE_LONG_LONG_INT 2475if test X"$ac_cv_type_long_long_int" != X"yes"; then 2476 AC_MSG_ERROR([C compiler does not appear to support the long long int type]) 2477fi 2478AC_CHECK_TYPE(intmax_t, long long) 2479AC_CHECK_TYPE(uintmax_t, unsigned long long) 2480AC_CHECK_TYPE(uint8_t, unsigned char) 2481AC_CHECK_TYPE(uint32_t, unsigned int) 2482AC_CHECK_TYPE(uint64_t, unsigned long long) 2483AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [ 2484AC_INCLUDES_DEFAULT 2485#include <sys/socket.h>]) 2486SUDO_UID_T_LEN 2487SUDO_SOCK_SA_LEN 2488SUDO_SOCK_SIN_LEN 2489AC_CHECK_SIZEOF([id_t]) 2490AC_CHECK_SIZEOF([long long]) 2491AC_CHECK_SIZEOF([time_t]) 2492if test $ac_cv_header_utmps_h = "yes"; then 2493 SUDO_CHECK_UTMP_MEMBERS([utmps]) 2494elif test $ac_cv_header_utmpx_h = "yes"; then 2495 SUDO_CHECK_UTMP_MEMBERS([utmpx]) 2496else 2497 SUDO_CHECK_UTMP_MEMBERS([utmp]) 2498fi 2499 2500dnl 2501dnl Python plugin support 2502dnl 2503if test ${enable_python-'no'} = "yes"; then 2504 AM_PATH_PYTHON([3]) 2505 2506 AC_ARG_VAR([PYTHON_INCLUDE], [Include flags for python, bypassing python-config]) 2507 AC_ARG_VAR([PYTHON_LIBS], [Linker flags for python, bypassing python-config]) 2508 AC_ARG_VAR([PYTHON_CONFIG], [Path to python-config]) 2509 2510 AS_IF([test -z "$PYTHON_INCLUDE" || test -z "$PYTHON_LIBS"], [ 2511 AS_IF([test -z "$PYTHON_CONFIG"], [ 2512 AC_PATH_PROGS([PYTHON_CONFIG], 2513 [python$PYTHON_VERSION-config python-config], 2514 [no], 2515 [`dirname $PYTHON`]) 2516 AS_IF([test "$PYTHON_CONFIG" = no], [AC_MSG_ERROR([cannot find python-config for $PYTHON.])]) 2517 ]) 2518 ]) 2519 2520 AS_IF([test -z "$PYTHON_INCLUDE"], [ 2521 # Pull out python include path, ignore other flags 2522 PYTHON_INCLUDE=`$PYTHON_CONFIG --cflags | tr " " "\n" | grep "^-I" | sort -u | tr "\n" " "` 2523 ]) 2524 2525 AS_IF([test -z "$PYTHON_LIBS"], [ 2526 # Newer versions of python3-config need --embed to include libpython 2527 if $PYTHON_CONFIG 2>&1 | grep embed >/dev/null; then 2528 PY_EMBED=--embed 2529 else 2530 PY_EMBED= 2531 fi 2532 PYTHON_LIBS=`$PYTHON_CONFIG --ldflags $PY_EMBED` 2533 PYTHON_LIBS=`$PYTHON_CONFIG --ldflags $PY_EMBED | tr " " "\n" | grep "^-[[lL]]" | tr "\n" " "` 2534 ]) 2535 2536 PPFILES="$PPFILES "'$(srcdir)/etc/sudo-python.pp' 2537 PYTHON_PLUGIN_SRC=plugins/python 2538 PYTHON_PLUGIN= 2539 AC_CONFIG_FILES([$PYTHON_PLUGIN_SRC/Makefile]) 2540fi 2541 2542dnl 2543dnl Function checks 2544dnl 2545AC_FUNC_GETGROUPS 2546AC_FUNC_FSEEKO 2547AC_CHECK_FUNCS_ONCE([fexecve fmemopen killpg nl_langinfo faccessat wordexp getauxval]) 2548AC_CHECK_FUNCS([execvpe], [SUDO_APPEND_INTERCEPT_EXP(execvpe)]) 2549AC_CHECK_FUNCS([pread], [ 2550 # pread/pwrite on 32-bit HP-UX 11.x may not support large files 2551 case "$host_os" in 2552 hpux*|hiuxmpp*) 2553 AC_CHECK_FUNCS([pread64 pwrite64], [ 2554 AC_CHECK_DECLS([pread64, pwrite64]) 2555 ]) 2556 ;; 2557 esac 2558], [ 2559 AC_LIBOBJ(pread) 2560 SUDO_APPEND_COMPAT_EXP(sudo_pread) 2561]) 2562AC_CHECK_FUNCS([pwrite], [], [ 2563 AC_LIBOBJ(pwrite) 2564 SUDO_APPEND_COMPAT_EXP(sudo_pwrite) 2565]) 2566AC_CHECK_FUNCS([cfmakeraw], [], [ 2567 AC_LIBOBJ(cfmakeraw) 2568 SUDO_APPEND_COMPAT_EXP(sudo_cfmakeraw) 2569]) 2570AC_CHECK_FUNCS([getgrouplist], [], [ 2571 case "$host_os" in 2572 aix*) 2573 AC_CHECK_FUNCS([getgrset]) 2574 ;; 2575 *) 2576 AC_CHECK_FUNC([nss_search], [ 2577 AC_CHECK_FUNC([_nss_XbyY_buf_alloc], [ 2578 # Solaris 2579 AC_CHECK_FUNC([_nss_initf_group], [ 2580 AC_CHECK_HEADERS([nss_dbdefs.h]) 2581 AC_DEFINE([HAVE_NSS_SEARCH]) 2582 AC_DEFINE([HAVE__NSS_XBYY_BUF_ALLOC]) 2583 AC_DEFINE([HAVE__NSS_INITF_GROUP]) 2584 ], [ 2585 AC_CHECK_HEADERS([nss_dbdefs.h], [ 2586 # Older Solaris does not export _nss_initf_group 2587 # but we can use our own. 2588 AC_DEFINE([HAVE_NSS_SEARCH]) 2589 AC_DEFINE([HAVE__NSS_XBYY_BUF_ALLOC]) 2590 ]) 2591 ]) 2592 ], [ 2593 dnl HP-UX support disabled until "group: compat" fixed 2594 dnl # HP-UX 2595 dnl AC_CHECK_FUNC([__nss_XbyY_buf_alloc], [ 2596 dnl AC_CHECK_FUNC([__nss_initf_group], [ 2597 dnl AC_CHECK_HEADERS([nss_dbdefs.h]) 2598 dnl AC_DEFINE([HAVE_NSS_SEARCH]) 2599 dnl AC_DEFINE([HAVE___NSS_XBYY_BUF_ALLOC]) 2600 dnl AC_DEFINE([HAVE___NSS_INITF_GROUP]) 2601 dnl ]) 2602 dnl]) 2603 ]) 2604 ]) 2605 ;; 2606 esac 2607 SUDO_APPEND_COMPAT_EXP(sudo_getgrouplist) 2608]) 2609AC_CHECK_FUNCS([getdelim], [ 2610 # Out of date gcc fixed includes may result in missing getdelim() prototype 2611 AC_CHECK_DECLS([getdelim]) 2612], [ 2613 AC_LIBOBJ(getdelim) 2614 SUDO_APPEND_COMPAT_EXP(sudo_getdelim) 2615 COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }getdelim_test" 2616]) 2617AC_CHECK_FUNCS([getusershell], [ 2618 # Older Solaris has getusershell() et al but does not declare it. 2619 AC_CHECK_DECLS([getusershell]) 2620], [ 2621 AC_LIBOBJ(getusershell) 2622 SUDO_APPEND_COMPAT_EXP(sudo_getusershell) 2623]) 2624AC_CHECK_FUNCS([reallocarray], [], [ 2625 AC_LIBOBJ(reallocarray) 2626 SUDO_APPEND_COMPAT_EXP(sudo_reallocarray) 2627]) 2628AC_CHECK_FUNCS([arc4random], [ 2629 AC_CHECK_FUNCS([arc4random_uniform], [], [ 2630 AC_LIBOBJ(arc4random_uniform) 2631 SUDO_APPEND_COMPAT_EXP(sudo_arc4random_uniform) 2632 ]) 2633 AC_CHECK_FUNCS([arc4random_buf], [], [ 2634 AC_LIBOBJ(arc4random_buf) 2635 SUDO_APPEND_COMPAT_EXP(sudo_arc4random_buf) 2636 ]) 2637], [ 2638 AC_LIBOBJ(arc4random) 2639 SUDO_APPEND_COMPAT_EXP(sudo_arc4random) 2640 SUDO_APPEND_COMPAT_EXP(sudo_arc4random_buf) 2641 AC_LIBOBJ(arc4random_uniform) 2642 SUDO_APPEND_COMPAT_EXP(sudo_arc4random_uniform) 2643 # arc4random.c needs getentropy() 2644 AC_CHECK_FUNCS([getentropy], [ 2645 AC_CHECK_HEADERS([sys/random.h]) 2646 ], [ 2647 AC_LIBOBJ(getentropy) 2648 SUDO_APPEND_COMPAT_EXP(sudo_getentropy) 2649 ]) 2650 # arc4random.c wants pthread_atfork 2651 AC_CHECK_HEADERS([pthread.h], [ 2652 AC_CHECK_LIB(pthread, main, [LIBPTHREAD="-lpthread"]) 2653 AC_CHECK_FUNCS([pthread_atfork]) 2654 ]) 2655]) 2656 2657utmp_style=LEGACY 2658AC_CHECK_FUNCS([getutsid getutxid getutid], [utmp_style=POSIX; break]) 2659if test "$utmp_style" = "LEGACY"; then 2660 AC_CHECK_FUNCS([getttyent ttyslot], [break]) 2661fi 2662 2663AC_CHECK_FUNCS([sysctl], [AC_CHECK_FUNCS([devname]) 2664 AC_CHECK_MEMBER([struct kinfo_proc.ki_structsize], [AC_DEFINE(HAVE_KINFO_PROC_FREEBSD)], [ 2665 AC_CHECK_MEMBER([struct kinfo_proc2.p_paddr], [AC_DEFINE(HAVE_KINFO_PROC2_NETBSD)], [ 2666 AC_CHECK_MEMBER([struct kinfo_proc.p_paddr], [AC_DEFINE(HAVE_KINFO_PROC_OPENBSD)], [ 2667 AC_CHECK_MEMBER([struct kinfo_proc.kp_proc], [AC_DEFINE(HAVE_KINFO_PROC_44BSD)], [], [ 2668# include <sys/param.h> 2669# include <sys/sysctl.h> 2670 ]) 2671 ], [ 2672# include <sys/param.h> 2673# include <sys/sysctl.h> 2674 ]) 2675 ], 2676 [ 2677# include <sys/param.h> 2678# include <sys/sysctl.h> 2679 ]) 2680 ], 2681 [ 2682# include <sys/param.h> 2683# include <sys/sysctl.h> 2684# include <sys/user.h> 2685 ]) 2686]) 2687 2688AC_CHECK_FUNCS([openpty], [AC_CHECK_HEADERS([libutil.h util.h pty.h], [break])], [ 2689 AC_CHECK_LIB(util, openpty, [ 2690 AC_CHECK_HEADERS([libutil.h util.h pty.h], [break]) 2691 case "$SUDO_LIBS" in 2692 *-lutil*) ;; 2693 *) SUDO_LIBS="${SUDO_LIBS} -lutil";; 2694 esac 2695 AC_DEFINE(HAVE_OPENPTY) 2696 ], [ 2697 AC_CHECK_FUNCS([_getpty], [], [ 2698 AC_CHECK_FUNCS([grantpt], [ 2699 AC_CHECK_FUNCS([posix_openpt]) 2700 ], [ 2701 AC_CHECK_FUNCS([revoke]) 2702 ]) 2703 ]) 2704 ]) 2705]) 2706AC_CHECK_FUNCS([unsetenv], [SUDO_FUNC_UNSETENV_VOID], []) 2707SUDO_FUNC_PUTENV_CONST 2708if test -z "$SKIP_SETRESUID"; then 2709 AC_CHECK_FUNCS([setresuid], [ 2710 SKIP_SETREUID=yes 2711 AC_CHECK_DECLS([setresuid]) 2712 AC_CHECK_FUNCS([getresuid], [AC_CHECK_DECLS([getresuid])]) 2713 ]) 2714fi 2715if test -z "$SKIP_SETREUID"; then 2716 AC_CHECK_FUNCS([setreuid]) 2717fi 2718AC_CHECK_FUNCS_ONCE([seteuid]) 2719if test X"$with_interfaces" != X"no"; then 2720 AC_CHECK_FUNCS([getifaddrs], [AC_CHECK_FUNCS([freeifaddrs])]) 2721fi 2722AC_CHECK_FUNCS([lockf], [break]) 2723AC_CHECK_FUNCS([innetgr], [ 2724 AC_CHECK_DECLS([innetgr], [], [], [ 2725AC_INCLUDES_DEFAULT 2726#ifdef HAVE_NETGROUP_H 2727# include <netgroup.h> 2728#else 2729# include <netdb.h> 2730#endif /* HAVE_NETGROUP_H */ 2731])], [ 2732 AC_CHECK_FUNCS([_innetgr], [ 2733 AC_CHECK_DECLS([_innetgr], [], [], [ 2734AC_INCLUDES_DEFAULT 2735#ifdef HAVE_NETGROUP_H 2736# include <netgroup.h> 2737#else 2738# include <netdb.h> 2739#endif /* HAVE_NETGROUP_H */ 2740 ]) 2741 ]) 2742]) 2743AC_CHECK_FUNCS([getdomainname], [ 2744 AC_CHECK_DECLS([getdomainname], [], [], [ 2745AC_INCLUDES_DEFAULT 2746#include <netdb.h> 2747 ]) 2748], [ 2749 AC_CHECK_FUNCS([sysinfo], [AC_CHECK_HEADERS([sys/systeminfo.h])]) 2750]) 2751AC_CHECK_FUNCS([utimensat], [], [ 2752 AC_LIBOBJ(utimens) 2753 SUDO_APPEND_COMPAT_EXP(sudo_utimensat) 2754 AC_CHECK_FUNCS([utimes]) 2755]) 2756AC_CHECK_FUNCS([futimens], [], [ 2757 AC_LIBOBJ(utimens) 2758 SUDO_APPEND_COMPAT_EXP(sudo_futimens) 2759 AC_CHECK_FUNCS([futimes futimesat futime], [break]) 2760]) 2761AC_CHECK_FUNCS([explicit_bzero], [], [ 2762 AC_LIBOBJ(explicit_bzero) 2763 SUDO_APPEND_COMPAT_EXP(sudo_explicit_bzero) 2764 AC_CHECK_FUNCS([explicit_memset memset_explicit memset_s bzero], [break]) 2765]) 2766SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [ 2767 AC_LIBOBJ(fnmatch) 2768 SUDO_APPEND_COMPAT_EXP(sudo_fnmatch) 2769 COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test" 2770]) 2771SUDO_FUNC_ISBLANK 2772AC_CHECK_FUNCS([glob], [], [ 2773 AC_LIBOBJ(glob) 2774 SUDO_APPEND_COMPAT_EXP(sudo_glob sudo_globfree) 2775]) 2776AC_CHECK_FUNCS([memrchr], [], [ 2777 AC_LIBOBJ(memrchr) 2778 SUDO_APPEND_COMPAT_EXP(sudo_memrchr) 2779]) 2780AC_CHECK_FUNCS([freezero], [], [ 2781 AC_LIBOBJ(freezero) 2782 SUDO_APPEND_COMPAT_EXP(sudo_freezero) 2783]) 2784AC_CHECK_FUNCS(nanosleep, [], [ 2785 # On Solaris, nanosleep is in librt 2786 AC_CHECK_LIB(rt, nanosleep, [ 2787 AC_DEFINE(HAVE_NANOSLEEP) 2788 LIBRT="-lrt" 2789 ], [ 2790 AC_LIBOBJ(nanosleep) 2791 SUDO_APPEND_COMPAT_EXP(sudo_nanosleep) 2792 ]) 2793]) 2794AC_CHECK_FUNCS([openat], [], [ 2795 AC_LIBOBJ(openat) 2796 SUDO_APPEND_COMPAT_EXP(sudo_openat) 2797]) 2798AC_CHECK_FUNCS([unlinkat], [], [ 2799 AC_LIBOBJ(unlinkat) 2800 SUDO_APPEND_COMPAT_EXP(sudo_unlinkat) 2801]) 2802AC_CHECK_FUNCS([fchmodat], [], [ 2803 AC_LIBOBJ(fchmodat) 2804 SUDO_APPEND_COMPAT_EXP(sudo_fchmodat) 2805]) 2806AC_CHECK_FUNCS([fstatat], [], [ 2807 AC_LIBOBJ(fstatat) 2808 SUDO_APPEND_COMPAT_EXP(sudo_fstatat) 2809]) 2810AC_CHECK_FUNCS([dup3], [], [ 2811 AC_LIBOBJ(dup3) 2812 SUDO_APPEND_COMPAT_EXP(sudo_dup3) 2813]) 2814AC_CHECK_FUNCS([pipe2], [], [ 2815 AC_LIBOBJ(pipe2) 2816 SUDO_APPEND_COMPAT_EXP(sudo_pipe2) 2817]) 2818AC_CHECK_FUNCS([pw_dup], [], [ 2819 AC_LIBOBJ(pw_dup) 2820 SUDO_APPEND_COMPAT_EXP(sudo_pw_dup) 2821]) 2822AC_CHECK_FUNCS([strlcpy], [], [ 2823 AC_LIBOBJ(strlcpy) 2824 SUDO_APPEND_COMPAT_EXP(sudo_strlcpy) 2825]) 2826AC_CHECK_FUNCS([strlcat], [], [ 2827 AC_LIBOBJ(strlcat) 2828 SUDO_APPEND_COMPAT_EXP(sudo_strlcat) 2829]) 2830AC_CHECK_FUNC([strnlen], [AC_FUNC_STRNLEN], [AC_LIBOBJ(strnlen)]) 2831if test X"$ac_cv_func_strnlen_working" = X"yes"; then 2832 AC_DEFINE(HAVE_STRNLEN) 2833 AC_CHECK_FUNCS([strndup], [], [ 2834 AC_LIBOBJ(strndup) 2835 SUDO_APPEND_COMPAT_EXP(sudo_strndup) 2836 ]) 2837else 2838 # Broken or missing strnlen, use our own. 2839 SUDO_APPEND_COMPAT_EXP(sudo_strnlen) 2840 # Avoid libc strndup() since it is usually implemented using strnlen() 2841 AC_LIBOBJ(strndup) 2842 SUDO_APPEND_COMPAT_EXP(sudo_strndup) 2843fi 2844AC_CHECK_FUNCS([clock_gettime], [], [ 2845 # On Solaris, clock_gettime is in librt 2846 AC_CHECK_LIB(rt, clock_gettime, [ 2847 AC_DEFINE(HAVE_CLOCK_GETTIME) 2848 LIBRT="-lrt" 2849 ]) 2850]) 2851AC_CHECK_FUNCS([getopt_long], [], [ 2852 AC_LIBOBJ(getopt_long) 2853 SUDO_APPEND_COMPAT_EXP(sudo_getopt_long sudo_getopt_long_only) 2854 AC_CACHE_CHECK([for optreset], sudo_cv_optreset, [ 2855 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern int optreset; optreset = 1; return optreset;]])], [sudo_cv_optreset=yes], [sudo_cv_optreset=no])]) 2856 if test "$sudo_cv_optreset" = "yes"; then 2857 AC_DEFINE(HAVE_OPTRESET) 2858 fi 2859]) 2860AC_CHECK_FUNCS([closefrom], [], [AC_LIBOBJ(closefrom) 2861 SUDO_APPEND_COMPAT_EXP(sudo_closefrom) 2862 AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [], [ 2863# include <limits.h> 2864# include <fcntl.h> ]) 2865]) 2866AC_CHECK_FUNCS([mkstemps mkdtemp], [], [break]) 2867if test X"$ac_cv_func_mkstemps$ac_cv_func_mkdtemp" != X"yesyes"; then 2868 AC_CHECK_FUNCS([arc4random random lrand48], [break]) 2869 if test X"$ac_cv_func_arc4random" != X"yes"; then 2870 AC_CHECK_FUNCS([getentropy]) 2871 fi 2872 AC_LIBOBJ(mktemp) 2873 # If either mkdtemp() or mkstemps() is missing, replace both. 2874 SUDO_APPEND_COMPAT_EXP(sudo_mkdtemp sudo_mkstemps) 2875 COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }mktemp_test" 2876fi 2877AX_FUNC_SNPRINTF 2878if test X"$ac_cv_have_working_snprintf$ac_cv_have_working_vsnprintf" = X"yesyes"; then 2879 # System has a C99-compliant v?snprintf(), check for v?asprintf() 2880 AC_CHECK_FUNCS([asprintf], [], [ 2881 AC_LIBOBJ(snprintf) 2882 SUDO_APPEND_COMPAT_EXP(sudo_asprintf) 2883 ]) 2884 AC_CHECK_FUNCS([vasprintf], [], [ 2885 AC_LIBOBJ(snprintf) 2886 SUDO_APPEND_COMPAT_EXP(sudo_vasprintf) 2887 ]) 2888else 2889 # Missing or non-compliant v?snprintf(), assume missing/bad v?asprintf() 2890 SUDO_APPEND_COMPAT_EXP(sudo_snprintf sudo_vsnprintf sudo_asprintf sudo_vasprintf) 2891fi 2892AC_CHECK_MEMBERS([struct tm.tm_gmtoff], [], [], [ 2893AC_INCLUDES_DEFAULT 2894#include <errno.h> 2895]) 2896AC_CHECK_MEMBER([struct stat.st_mtim], 2897 [AC_DEFINE(HAVE_ST_MTIM)] 2898 [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))], 2899 [AC_CHECK_MEMBER([struct stat.st_mtimespec], 2900 [AC_DEFINE([HAVE_ST_MTIMESPEC])], 2901 [AC_CHECK_MEMBER([struct stat.st_nmtime], AC_DEFINE(HAVE_ST_NMTIME))]) 2902 ] 2903) 2904dnl 2905dnl 4.4BSD-based systems can force the password or group file to be held open 2906dnl 2907AC_CHECK_FUNCS([setpassent setgroupent]) 2908dnl 2909dnl Function checks for sudo_noexec 2910dnl 2911if test X"$with_noexec" != X"no"; then 2912 # Check for non-standard exec functions 2913 AC_CHECK_FUNCS([exect execvP execvpe]) 2914 # Check for posix_spawn, and posix_spawnp 2915 if test X"$ac_cv_header_spawn_h" = X"yes"; then 2916 AC_CHECK_FUNCS([posix_spawn posix_spawnp]) 2917 fi 2918fi 2919 2920dnl 2921dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR. 2922dnl 2923AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> 2924#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> 2925#include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])]) 2926AC_CHECK_MEMBERS([struct dirent.d_type, struct dirent.d_namlen], [], [], [ 2927AC_INCLUDES_DEFAULT 2928#include <$ac_header_dirent> 2929]) 2930dnl 2931dnl Check for functions only present in OpenSSL 1.1 and above 2932dnl 2933openssl_missing=no 2934if test "${enable_openssl-no}" != no; then 2935 # Use pkg-config to find the openssl cflags and libs if possible. 2936 if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then 2937 PKG_CONFIG_LIBDIR="${enable_openssl}/lib/pkgconfig:${enable_openssl}/lib64/pkgconfig:${enable_openssl}/share/pkgconfig" 2938 export PKG_CONFIG_LIBDIR 2939 elif test "$cross_compiling" = "yes" -a -z "$PKG_CONFIG"; then 2940 # Cannot use pkg-config when cross-compiling 2941 PKG_CONFIG=false 2942 fi 2943 : ${PKG_CONFIG='pkg-config'} 2944 if $PKG_CONFIG --exists "openssl >= 1.0.1" >/dev/null 2>&1; then 2945 AC_DEFINE(HAVE_OPENSSL) 2946 if test "$enable_openssl" = "maybe"; then 2947 enable_openssl=yes 2948 fi 2949 2950 O_LDFLAGS="$LDFLAGS" 2951 LDFLAGS="$LDFLAGS `$PKG_CONFIG --libs-only-L openssl`" 2952 # Check whether --static is needed 2953 AC_CHECK_LIB(ssl, SSL_new, [STATIC=""], [STATIC="--static"], [-lcrypto]) 2954 2955 # Use OpenSSL's sha2 functions if possible 2956 AC_CHECK_LIB(crypto, SHA224_Update, [DIGEST=digest_openssl.lo]) 2957 LDFLAGS="$O_LDFLAGS" 2958 2959 # Use pkg-config to determine OpenSSL libs and cflags 2960 LIBTLS=`$PKG_CONFIG $STATIC --libs openssl` 2961 if test "$DIGEST" = "digest_openssl.lo"; then 2962 if $PKG_CONFIG --exists libcrypto >/dev/null 2>&1; then 2963 LIBMD=`$PKG_CONFIG $STATIC --libs libcrypto` 2964 else 2965 # No separate pkg config for libcrypto 2966 LIBMD="$LIBTLS" 2967 fi 2968 fi 2969 for f in `$PKG_CONFIG --cflags-only-I openssl`; do 2970 AX_APPEND_FLAG([$f], [CPPFLAGS]) 2971 done 2972 else 2973 # No pkg-config file present, try to do it manually 2974 O_LDFLAGS="$LDFLAGS" 2975 if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then 2976 LDFLAGS="$LDFLAGS -L${enable_openssl}/lib" 2977 fi 2978 AC_CHECK_LIB(ssl, SSL_new, [ 2979 # Check OPENSSL_VERSION_NUMBER in headers 2980 O_CPPFLAGS="$CPPFLAGS" 2981 if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then 2982 # Note: we only reset CPPFLAGS on failure 2983 AX_APPEND_FLAG([-I${enable_openssl}/include], [CPPFLAGS]) 2984 fi 2985 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <openssl/opensslv.h> 2986#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x1000100fL 2987#error "OpenSSL too old" 2988#endif 2989]])], [ 2990 # OpenSSL >= 1.0.1 detected, use it. 2991 AC_DEFINE(HAVE_OPENSSL) 2992 if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then 2993 SUDO_APPEND_LIBPATH(LIBMD, [${enable_openssl}/lib]) 2994 SUDO_APPEND_LIBPATH(LIBTLS, [${enable_openssl}/lib]) 2995 else 2996 enable_openssl=yes 2997 fi 2998 LIBTLS="${LIBTLS} -lssl -lcrypto" 2999 3000 # Use OpenSSL's sha2 functions if possible 3001 AC_CHECK_LIB(crypto, SHA224_Update, [ 3002 DIGEST=digest_openssl.lo 3003 LIBMD="${LIBMD} -lcrypto" 3004 ]) 3005], [ 3006 # OpenSSL < 1.0.1 detected, ignore it. 3007 if test "$enable_openssl" = "maybe"; then 3008 AC_MSG_WARN([OpenSSL too old (1.0.1 or higher required), Sudo logsrv connections will not be encrypted.]) 3009 enable_openssl=no 3010 else 3011 AC_MSG_ERROR([OpenSSL too old (1.0.1 or higher required).]) 3012 fi 3013 CPPFLAGS="$O_CPPFLAGS" 3014]) 3015 ], [ 3016 if test "$enable_openssl" = "maybe"; then 3017 openssl_missing=yes 3018 enable_openssl=no 3019 else 3020 AC_MSG_ERROR([OpenSSL development libraries not found.]) 3021 fi 3022 ], [-lcrypto]) 3023 LDFLAGS="$O_LDFLAGS" 3024 fi 3025 if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then 3026 unset PKG_CONFIG_LIBDIRS 3027 fi 3028fi 3029dnl 3030dnl Note that enable_openssl may be reset above. 3031dnl 3032if test "${enable_openssl-no}" != no; then 3033 OLIBS="$LIBS" 3034 LIBS="$LIBS $LIBTLS" 3035 AC_CHECK_FUNCS([X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate TLS_method]) 3036 # SSL_CTX_set_min_proto_version may be a macro 3037 AC_CHECK_DECL([SSL_CTX_set_min_proto_version], [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [ 3038 AC_INCLUDES_DEFAULT 3039 #include <openssl/ssl.h> 3040 ]) 3041 # LibreSSL TLS 1.3 support may not be enabled, check for declaration too. 3042 AC_CHECK_FUNC([SSL_CTX_set_ciphersuites], [ 3043 AC_CHECK_DECL([SSL_CTX_set_ciphersuites], [AC_DEFINE(HAVE_SSL_CTX_SET_CIPHERSUITES)], [], [ 3044 AC_INCLUDES_DEFAULT 3045 #include <openssl/ssl.h> 3046 ]) 3047 ]) 3048 LIBS="$OLIBS" 3049elif test "${enable_gcrypt-no}" != no; then 3050 # Use gcrypt's sha2 functions 3051 AC_DEFINE(HAVE_GCRYPT) 3052 DIGEST=digest_gcrypt.lo 3053 LIBMD="-lgcrypt" 3054 if test "$enable_gcrypt" != "yes"; then 3055 AX_APPEND_FLAG([-I${enable_gcrypt}/include], [CPPFLAGS]) 3056 SUDO_APPEND_LIBPATH(LDFLAGS, [${enable_gcrypt}/lib]) 3057 fi 3058fi 3059dnl 3060dnl Check for sha2 functions if not using openssl or gcrypt 3061dnl 3062if test "$DIGEST" = "digest.lo"; then 3063 FOUND_SHA2=no 3064 AC_CHECK_HEADER([sha2.h], [ 3065 FOUND_SHA2=yes 3066 AC_CHECK_FUNCS([SHA224Update], [SUDO_FUNC_SHA2_VOID_PTR], [ 3067 # On some systems, SHA224Update is in libmd 3068 AC_CHECK_LIB(md, SHA224Update, [ 3069 AC_DEFINE(HAVE_SHA224UPDATE) 3070 SUDO_FUNC_SHA2_VOID_PTR 3071 LIBMD="-lmd" 3072 ], [ 3073 # Does not have SHA224Update 3074 FOUND_SHA2=no 3075 ]) 3076 ]) 3077 ]) 3078 if test X"$FOUND_SHA2" = X"no"; then 3079 AC_LIBOBJ(sha2) 3080 SUDO_APPEND_COMPAT_EXP(sudo_SHA224Final sudo_SHA224Init sudo_SHA224Pad sudo_SHA224Transform sudo_SHA224Update sudo_SHA256Final sudo_SHA256Init sudo_SHA256Pad sudo_SHA256Transform sudo_SHA256Update sudo_SHA384Final sudo_SHA384Init sudo_SHA384Pad sudo_SHA384Transform sudo_SHA384Update sudo_SHA512Final sudo_SHA512Init sudo_SHA512Pad sudo_SHA512Transform sudo_SHA512Update) 3081 fi 3082fi 3083dnl 3084dnl If socket(2) not in libc, check -lsocket and -linet 3085dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols 3086dnl 3087OLIBS="$LIBS" 3088LIBS="${LIBS} ${NET_LIBS}" 3089AC_CHECK_FUNC([socket], [], [ 3090 for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do 3091 _libs= 3092 for lib in $libs; do 3093 case "$NET_LIBS" in 3094 *"$lib"*) ;; 3095 *) _libs="$_libs $lib";; 3096 esac 3097 done 3098 libs="${_libs# }" 3099 test -z "$libs" && continue 3100 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" 3101 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" 3102 SUDO_CHECK_LIB($lib, socket, [NET_LIBS="${NET_LIBS} $libs"; break], [], [$extralibs]) 3103 done 3104]) 3105LIBS="$OLIBS" 3106dnl 3107dnl If inet_pton(3) not in libc, check -lnsl and -linet 3108dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols 3109dnl Some systems may have inet_pton() in libresolv. 3110dnl 3111OLIBS="$LIBS" 3112LIBS="${LIBS} ${NET_LIBS}" 3113found=false 3114INET_PTON_LIBS= 3115AC_CHECK_FUNC([inet_pton], [ 3116 found=true 3117 AC_DEFINE(HAVE_INET_PTON) 3118], [ 3119 for libs in "-lsocket" "-linet" "-lsocket -lnsl" "-lresolv"; do 3120 _libs= 3121 for lib in $libs; do 3122 case "$NET_LIBS" in 3123 *"$lib"*) ;; 3124 *) _libs="$_libs $lib";; 3125 esac 3126 done 3127 libs="${_libs# }" 3128 test -z "$libs" && continue 3129 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" 3130 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" 3131 SUDO_CHECK_LIB($lib, inet_pton, [ 3132 found=true 3133 AC_DEFINE(HAVE_INET_PTON) 3134 NET_LIBS="${NET_LIBS} $libs" 3135 INET_PTON_LIBS="$libs" 3136 case "$libs" in 3137 *-lresolv*) 3138 AC_DEFINE(NEED_RESOLV_H) 3139 ;; 3140 esac 3141 break 3142 ], [], [$extralibs]) 3143 done 3144]) 3145LIBS="$OLIBS" 3146if test X"$found" != X"true"; then 3147 AC_LIBOBJ(inet_pton) 3148 SUDO_APPEND_COMPAT_EXP(sudo_inet_pton) 3149fi 3150dnl 3151dnl If inet_ntop(3) not in libc, check -lnsl and -linet 3152dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols 3153dnl Some systems may have inet_ntop() in libresolv. 3154dnl 3155OLIBS="$LIBS" 3156LIBS="${LIBS} ${NET_LIBS}" 3157found=false 3158AC_CHECK_FUNC([inet_ntop], [ 3159 found=true 3160 AC_DEFINE(HAVE_INET_NTOP) 3161], [ 3162 for libs in "-lsocket" "-linet" "-lsocket -lnsl" "-lresolv"; do 3163 _libs= 3164 for lib in $libs; do 3165 case "$NET_LIBS" in 3166 *"$lib"*) ;; 3167 *) _libs="$_libs $lib";; 3168 esac 3169 done 3170 libs="${_libs# }" 3171 test -z "$libs" && continue 3172 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" 3173 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" 3174 SUDO_CHECK_LIB($lib, inet_ntop, [ 3175 found=true 3176 AC_DEFINE(HAVE_INET_NTOP) 3177 NET_LIBS="${NET_LIBS} $libs" 3178 break 3179 ], [], [$extralibs]) 3180 done 3181]) 3182LIBS="$OLIBS" 3183if test X"$found" != X"true"; then 3184 AC_LIBOBJ(inet_ntop) 3185 SUDO_APPEND_COMPAT_EXP(sudo_inet_ntop) 3186fi 3187dnl 3188dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet 3189dnl 3190OLIBS="$LIBS" 3191LIBS="${LIBS} ${NET_LIBS}" 3192AC_CHECK_FUNC([syslog], [], [ 3193 for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do 3194 _libs= 3195 for lib in $libs; do 3196 case "$NET_LIBS" in 3197 *"$lib"*) ;; 3198 *) _libs="$_libs $lib";; 3199 esac 3200 done 3201 libs="${_libs# }" 3202 test -z "$libs" && continue 3203 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" 3204 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" 3205 SUDO_CHECK_LIB($lib, syslog, [NET_LIBS="${NET_LIBS} $libs"; break], [], [$extralibs]) 3206 done 3207]) 3208LIBS="$OLIBS" 3209# 3210# Check for getaddrinfo and add any required libs to NET_LIBS. 3211# If it was added to LIBOBJS we need to export the symbols. 3212# 3213OLIBS="$LIBS" 3214GETADDRINFO_LIBS= 3215AX_FUNC_GETADDRINFO 3216case " $LIBOBJS " in 3217 *" getaddrinfo.$ac_objext "* ) 3218 SUDO_APPEND_COMPAT_EXP(sudo_getaddrinfo sudo_freeaddrinfo sudo_gai_strerror) 3219 # We need libsudo_util to pull in dependent libraries for 3220 # inet_pton(), gethostbyname(), and getservbyname() 3221 if test -n "${INET_PTON_LIBS}"; then 3222 LT_DEP_LIBS="${LT_DEP_LIBS}${LT_DEP_LIBS+ }${INET_PTON_LIBS}" 3223 LIBS="${LIBS}${LIBS+ }${INET_PTON_LIBS}" 3224 fi 3225 AC_CHECK_FUNC([gethostbyname], [], [ 3226 for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do 3227 _libs= 3228 for lib in $libs; do 3229 case "$LT_DEP_LIBS" in 3230 *"$lib"*) ;; 3231 *) _libs="$_libs $lib";; 3232 esac 3233 done 3234 libs="${_libs# }" 3235 test -z "$libs" && continue 3236 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" 3237 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" 3238 SUDO_CHECK_LIB($lib, gethostbyname, [LT_DEP_LIBS="${LT_DEP_LIBS} $libs"; break], [], [$extralibs]) 3239 done 3240 ]) 3241 ;; 3242 *) 3243 for lib in $LIBS; do 3244 case "$OLIBS" in 3245 *"$lib"*) ;; 3246 *) GETADDRINFO_LIBS="${GETADDRINFO_LIBS}${GETADDRINFO_LIBS+ }$lib";; 3247 esac 3248 done 3249 if test -n "${GETADDRINFO_LIBS}"; then 3250 # We need libsudo_util to pull in dependent libraries for 3251 # gai_strerror() 3252 LT_DEP_LIBS="${LT_DEP_LIBS}${LT_DEP_LIBS+ }${GETADDRINFO_LIBS}" 3253 LIBS="${LIBS}${LIBS+ }${GETADDRINFO_LIBS}" 3254 3255 # Add to NET_LIBS if necessary 3256 for lib in $GETADDRINFO_LIBS; do 3257 case "$NET_LIBS" in 3258 *"$lib"*) ;; 3259 *) NET_LIBS="${NET_LIBS}${NET_LIBS+ }$lib";; 3260 esac 3261 done 3262 fi 3263 ;; 3264esac 3265LIBS="$OLIBS" 3266 3267dnl 3268dnl Check for va_copy or __va_copy in stdarg.h 3269dnl 3270AC_CACHE_CHECK([for va_copy], sudo_cv_func_va_copy, [ 3271 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <stdarg.h> 3272 va_list ap1, ap2;]], [[va_copy(ap1, ap2);]])], 3273 [sudo_cv_func_va_copy=yes], [sudo_cv_func_va_copy=no]) 3274]) 3275if test "$sudo_cv_func_va_copy" = "yes"; then 3276 AC_DEFINE(HAVE_VA_COPY) 3277else 3278 AC_CACHE_CHECK([for __va_copy], sudo_cv_func___va_copy, [ 3279 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <stdarg.h> 3280 va_list ap1, ap2;]], [[__va_copy(ap1, ap2);]])], 3281 [sudo_cv_func___va_copy=yes], [sudo_cv_func___va_copy=no]) 3282 ]) 3283 if test "$sudo_cv_func___va_copy" = "yes"; then 3284 AC_DEFINE(HAVE___VA_COPY) 3285 fi 3286fi 3287 3288dnl 3289dnl Check for getprogname()/setprogname() or __progname 3290dnl 3291AC_CHECK_FUNCS([getprogname], [ 3292 AC_CHECK_FUNCS([setprogname], [], [SUDO_APPEND_COMPAT_EXP(sudo_setprogname)]) 3293], [ 3294 AC_CACHE_CHECK([for __progname], sudo_cv___progname, [ 3295 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; if (__progname[0] == '\0') return 1;]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])]) 3296 if test "$sudo_cv___progname" = "yes"; then 3297 AC_DEFINE(HAVE___PROGNAME) 3298 fi 3299 SUDO_APPEND_COMPAT_EXP(sudo_getprogname) 3300 SUDO_APPEND_COMPAT_EXP(sudo_setprogname) 3301]) 3302dnl 3303dnl Check for __func__ or __FUNCTION__ 3304dnl 3305AC_CACHE_CHECK([for __func__], sudo_cv___func__, [ 3306AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[if (__func__[0] == '\0') return 1;]])], [sudo_cv___func__=yes], [sudo_cv___func__=no])]) 3307if test "$sudo_cv___func__" = "yes"; then 3308 AC_DEFINE(HAVE___FUNC__) 3309elif test -n "$GCC"; then 3310 AC_CACHE_CHECK([for __FUNCTION__], sudo_cv___FUNCTION__, [ 3311 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[if(__FUNCTION__[0] == '\0') return 1;]])], [sudo_cv___FUNCTION__=yes], [sudo_cv___FUNCTION__=no])]) 3312 if test "$sudo_cv___FUNCTION__" = "yes"; then 3313 AC_DEFINE(HAVE___FUNC__) 3314 AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__]) 3315 fi 3316fi 3317 3318# gettext() and friends may be located in libc (Linux and Solaris) 3319# or in libintl. However, it is possible to have libintl installed 3320# even when gettext() is present in libc. In the case of GNU libintl, 3321# gettext() will be defined to gettext_libintl in libintl.h. 3322# Since gcc prefers /usr/local/include to /usr/include, we need to 3323# make sure we use the gettext() that matches the include file. 3324if test "$enable_nls" != "no"; then 3325 if test "$enable_nls" != "yes"; then 3326 AX_APPEND_FLAG([-I${enable_nls}/include], [CPPFLAGS]) 3327 SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib]) 3328 fi 3329 OLIBS="$LIBS" 3330 for l in "libc" "-lintl" "-lintl -liconv"; do 3331 if test "$l" = "libc"; then 3332 # If user specified a dir for libintl ignore libc 3333 if test "$enable_nls" != "yes"; then 3334 continue 3335 fi 3336 gettext_name=sudo_cv_gettext 3337 AC_MSG_CHECKING([for gettext]) 3338 else 3339 LIBS="$OLIBS $l" 3340 gettext_name=sudo_cv_gettext"`echo $l|sed -e 's/ //g' -e 's/-/_/g'`" 3341 AC_MSG_CHECKING([for gettext in $l]) 3342 fi 3343 AC_CACHE_VAL($gettext_name, [ 3344 AC_LINK_IFELSE( 3345 [ 3346 AC_LANG_PROGRAM([[#include <libintl.h>]], [(void)gettext((char *)0);]) 3347 ], [eval $gettext_name=yes], [eval $gettext_name=no] 3348 ) 3349 ]) 3350 eval gettext_result="\$$gettext_name" 3351 AC_MSG_RESULT($gettext_result) 3352 if test "$gettext_result" = "yes"; then 3353 AC_CHECK_FUNCS([ngettext]) 3354 break 3355 fi 3356 done 3357 LIBS="$OLIBS" 3358 3359 if test "$sudo_cv_gettext" = "yes"; then 3360 SUDO_NLS=enabled 3361 # For Solaris we need links from lang to lang.UTF-8 in localedir 3362 case "$host_os" in 3363 solaris2*) LOCALEDIR_SUFFIX=".UTF-8";; 3364 esac 3365 elif test "$sudo_cv_gettext_lintl" = "yes"; then 3366 SUDO_NLS=enabled 3367 LIBINTL="-lintl" 3368 elif test "$sudo_cv_gettext_lintl_liconv" = "yes"; then 3369 SUDO_NLS=enabled 3370 LIBINTL="-lintl -liconv" 3371 fi 3372 if test X"$SUDO_NLS" = X"enabled"; then 3373 AC_DEFINE(HAVE_LIBINTL_H) 3374 SUDO_APPEND_COMPAT_EXP(sudo_warn_gettext_v1) 3375 fi 3376fi 3377 3378dnl 3379dnl Deferred zlib option processing. 3380dnl By default we use the system zlib if it is present. 3381dnl If a directory was specified for zlib (or we are use sudo's version), 3382dnl prepend the include dir to make sure we get the right zlib header. 3383dnl 3384case "$enable_zlib" in 3385 yes) 3386 AC_CHECK_LIB(z, gzdopen, [ 3387 AC_CHECK_HEADERS([zlib.h], [ZLIB="-lz"], [enable_zlib=builtin]) 3388 ]) 3389 ;; 3390 no) 3391 ;; 3392 system) 3393 AC_DEFINE(HAVE_ZLIB_H) 3394 ZLIB="-lz" 3395 ;; 3396 static|shared|builtin) 3397 # handled below 3398 ;; 3399 *) 3400 AC_DEFINE(HAVE_ZLIB_H) 3401 AX_APPEND_FLAG([-I${enable_zlib}/include], [CPPFLAGS]) 3402 SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib]) 3403 ZLIB="${ZLIB} -lz" 3404 ;; 3405esac 3406case "$enable_zlib" in 3407 builtin|static|dynamic) 3408 AC_DEFINE(HAVE_ZLIB_H) 3409 # XXX - can't use AX_APPEND_FLAG due to use of $(top_foo) and quoting 3410 CPPFLAGS='-I$(top_builddir)/lib/zlib -I$(top_srcdir)/lib/zlib '"${CPPFLAGS}" 3411 ZLIB="${ZLIB}"' $(top_builddir)/lib/zlib/libsudo_z.la' 3412 ZLIB_SRC=lib/zlib 3413 AC_CONFIG_HEADERS([lib/zlib/zconf.h]) 3414 AC_CONFIG_FILES([lib/zlib/Makefile]) 3415 if test X"$enable_shared" = X"no" -o "$enable_zlib" = "static"; then 3416 if test "$enable_zlib" = "shared"; then 3417 AC_MSG_ERROR([unable to build shared libraries on this system]) 3418 fi 3419 # Build as convenience library 3420 ZLIB_LDFLAGS=-no-install 3421 fi 3422 ;; 3423esac 3424 3425dnl 3426dnl Check for errno declaration in errno.h 3427dnl 3428AC_CHECK_DECLS([errno], [], [], [ 3429AC_INCLUDES_DEFAULT 3430#include <errno.h> 3431]) 3432 3433dnl 3434dnl Check for h_errno declaration in netdb.h 3435dnl 3436AC_CHECK_DECLS([h_errno], [], [], [ 3437AC_INCLUDES_DEFAULT 3438#include <netdb.h> 3439]) 3440 3441dnl 3442dnl Check for incomplete limits.h and missing SIZE_MAX. 3443dnl 3444AC_CHECK_DECLS([LLONG_MAX, LLONG_MIN, ULLONG_MAX, PATH_MAX, SSIZE_MAX], [], [], [ 3445#include <sys/types.h> 3446#include <limits.h> 3447]) 3448AC_CHECK_DECLS([SIZE_MAX], [], [], [ 3449#include <sys/types.h> 3450#include <limits.h> 3451#if defined(HAVE_STDINT_H) 3452# include <stdint.h> 3453#elif defined(HAVE_INTTYPES_H) 3454# include <inttypes.h> 3455#endif 3456]) 3457dnl 3458dnl Try to find equivalents for missing types 3459dnl 3460if test "$ac_cv_have_decl_LLONG_MAX" != "yes"; then 3461 AC_CHECK_DECLS([QUAD_MAX], [], [], [[ 3462#include <sys/types.h> 3463#include <limits.h> 3464 ]]) 3465fi 3466if test "$ac_cv_have_decl_LLONG_MIN" != "yes"; then 3467 AC_CHECK_DECLS([QUAD_MIN], [], [], [[ 3468#include <sys/types.h> 3469#include <limits.h> 3470 ]]) 3471fi 3472if test "$ac_cv_have_decl_ULLONG_MAX" != "yes"; then 3473 AC_CHECK_DECLS([UQUAD_MAX], [], [], [[ 3474#include <sys/types.h> 3475#include <limits.h> 3476 ]]) 3477fi 3478if test "$ac_cv_have_decl_SIZE_MAX" != "yes"; then 3479 AC_CHECK_DECLS([SIZE_T_MAX], [], [], [[ 3480#include <sys/types.h> 3481#include <limits.h> 3482 ]]) 3483fi 3484if test "$ac_cv_have_decl_PATH_MAX" != "yes"; then 3485 AC_CHECK_DECLS([_POSIX_PATH_MAX], [], [], [[ 3486#include <sys/types.h> 3487#include <limits.h> 3488 ]]) 3489fi 3490 3491dnl 3492dnl Check for strsignal() or sys_siglist 3493dnl 3494AC_CHECK_FUNCS([strsignal], [], [ 3495 AC_LIBOBJ(strsignal) 3496 SUDO_APPEND_COMPAT_EXP(sudo_strsignal) 3497 HAVE_SIGLIST="false" 3498 AC_CHECK_DECLS([sys_siglist, _sys_siglist], [ 3499 HAVE_SIGLIST="true" 3500 ], [ ], [ 3501AC_INCLUDES_DEFAULT 3502#include <signal.h> 3503 ]) 3504 if test "$HAVE_SIGLIST" != "true"; then 3505 AC_LIBOBJ(siglist) 3506 fi 3507]) 3508 3509dnl 3510dnl Check for sig2str() and str2sig(), sys_signame or sys_sigabbrev 3511dnl 3512AC_CHECK_FUNCS([sig2str], [ 3513 AC_CHECK_DECLS(SIG2STR_MAX, [], [], [ 3514# include <signal.h> 3515])], [ 3516 AC_LIBOBJ(sig2str) 3517 SUDO_APPEND_COMPAT_EXP(sudo_sig2str) 3518]) 3519AC_CHECK_FUNCS([str2sig], [], [ 3520 AC_LIBOBJ(str2sig) 3521 SUDO_APPEND_COMPAT_EXP(sudo_str2sig) 3522]) 3523 3524dnl 3525dnl Check for sys_signame or sys_sigabbrev if missing sig2str() or str2sig(). 3526dnl Also enable unit tests for sig2str() and str2sig(). 3527dnl 3528if test x"${ac_cv_func_sig2str}${ac_cv_func_str2sig}" != x"yesyes"; then 3529 AC_CHECK_FUNCS([sigabbrev_np]) 3530 if test x"${ac_cv_func_sigabbrev_np}" != x"yes"; then 3531 COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test" 3532 HAVE_SIGNAME="false" 3533 AC_CHECK_DECLS([sys_signame, _sys_signame, sys_sigabbrev], [ 3534 HAVE_SIGNAME="true" 3535 ], [ ], [ 3536AC_INCLUDES_DEFAULT 3537#include <signal.h> 3538 ]) 3539 if test "$HAVE_SIGNAME" != "true"; then 3540 AC_CACHE_CHECK([for undeclared sys_sigabbrev], 3541 [sudo_cv_var_sys_sigabbrev], 3542 [AC_LINK_IFELSE( 3543 [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])], 3544 [sudo_cv_var_sys_sigabbrev=yes], 3545 [sudo_cv_var_sys_sigabbrev=no] 3546 ) 3547 ] 3548 ) 3549 if test "$sudo_cv_var_sys_sigabbrev" = yes; then 3550 AC_DEFINE(HAVE_SYS_SIGABBREV) 3551 else 3552 AC_LIBOBJ(signame) 3553 SIGNAME=signame.lo 3554 fi 3555 fi 3556 fi 3557fi 3558 3559dnl 3560dnl Check for dl_iterate_phdr, may require -ldl 3561dnl 3562OLIBS="$LIBS" 3563LIBS="$LIBS $lt_cv_dlopen_libs" 3564AC_CHECK_FUNCS([dl_iterate_phdr]) 3565LIBS="$OLIBS" 3566 3567dnl 3568dnl nsswitch.conf and its equivalents 3569dnl 3570if test ${with_netsvc-"no"} != "no"; then 3571 SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}") 3572 netsvc_conf=${with_netsvc-/etc/netsvc.conf} 3573elif test ${with_nsswitch-"yes"} != "no"; then 3574 SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}") 3575 nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf} 3576fi 3577 3578dnl 3579dnl Mutually exclusive auth checks come first, followed by 3580dnl non-exclusive ones. Note: passwd must be last of all! 3581dnl 3582 3583dnl 3584dnl Convert default authentication methods to with_* if 3585dnl no explicit authentication scheme was specified. 3586dnl 3587if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then 3588 for auth in $AUTH_EXCL_DEF; do 3589 case $auth in 3590 AIX_AUTH) with_aixauth=maybe;; 3591 BSD_AUTH) with_bsdauth=maybe;; 3592 PAM) with_pam=maybe;; 3593 SIA) CHECKSIA=true;; 3594 esac 3595 done 3596fi 3597 3598dnl 3599dnl PAM support. Systems that use PAM by default set with_pam=default 3600dnl and we do the actual tests here. 3601dnl 3602if test ${with_pam-"no"} != "no"; then 3603 # 3604 # Check for pam_start() in libpam first, then for pam_appl.h. 3605 # 3606 found_pam_lib=no 3607 AC_CHECK_LIB(pam, pam_start, [found_pam_lib=yes], [], [$lt_cv_dlopen_libs]) 3608 # 3609 # Some PAM implementations (macOS for example) put the PAM headers 3610 # in /usr/include/pam instead of /usr/include/security... 3611 # 3612 found_pam_hdrs=no 3613 AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [found_pam_hdrs=yes; break]) 3614 if test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"; then 3615 # Found both PAM libs and headers 3616 with_pam=yes 3617 elif test "$with_pam" = "yes"; then 3618 if test "$found_pam_lib" = "no"; then 3619 AC_MSG_ERROR([--with-pam specified but unable to locate PAM development library.]) 3620 fi 3621 if test "$found_pam_hdrs" = "no"; then 3622 AC_MSG_ERROR([--with-pam specified but unable to locate PAM development headers.]) 3623 fi 3624 elif test "$found_pam_lib" != "$found_pam_hdrs"; then 3625 if test "$found_pam_lib" = "no"; then 3626 AC_MSG_ERROR([found PAM headers but no PAM development library; specify --without-pam to build without PAM]) 3627 fi 3628 if test "$found_pam_hdrs" = "no"; then 3629 AC_MSG_ERROR([found PAM library but no PAM development headers; specify --without-pam to build without PAM]) 3630 fi 3631 fi 3632 3633 if test "$with_pam" = "yes"; then 3634 # Older PAM implementations lack pam_getenvlist 3635 OLIBS="$LIBS" 3636 LIBS="$LIBS -lpam $lt_cv_dlopen_libs" 3637 AC_CHECK_FUNCS([pam_getenvlist]) 3638 LIBS="$OLIBS" 3639 3640 # We already link with -ldl if needed (see LIBDL below) 3641 SUDOERS_LIBS="${SUDOERS_LIBS} -lpam" 3642 AC_DEFINE(HAVE_PAM) 3643 AUTH_OBJS="$AUTH_OBJS pam.lo"; 3644 AUTH_EXCL=PAM 3645 3646 AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])], 3647 [case $with_pam_login in 3648 yes) AC_DEFINE([HAVE_PAM_LOGIN]) 3649 pam_login_service="sudo-i" 3650 ;; 3651 no) ;; 3652 *) AC_MSG_ERROR([--with-pam-login does not take an argument.]) 3653 ;; 3654 esac]) 3655 3656 AC_ARG_ENABLE(pam_session, 3657 [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])], 3658 [ case "$enableval" in 3659 yes) ;; 3660 no) AC_DEFINE(NO_PAM_SESSION) 3661 pam_session=off 3662 ;; 3663 *) AC_MSG_WARN([ignoring unknown argument to --enable-pam-session: $enableval]) 3664 ;; 3665 esac]) 3666 fi 3667fi 3668 3669dnl 3670dnl AIX general authentication 3671dnl We may build in support for both AIX LAM and PAM and select 3672dnl which one to use at run-time. 3673dnl 3674if test ${with_aixauth-'no'} != "no"; then 3675 AC_CHECK_FUNCS([authenticate], [with_aixauth=yes]) 3676 if test "${with_aixauth}" = "yes"; then 3677 AC_MSG_NOTICE([using AIX general authentication]) 3678 AC_DEFINE(HAVE_AIXAUTH) 3679 AUTH_OBJS="$AUTH_OBJS aix_auth.lo"; 3680 SUDOERS_LIBS="${SUDOERS_LIBS} -ls" 3681 AUTH_EXCL=AIX_AUTH 3682 fi 3683fi 3684 3685dnl 3686dnl BSD authentication 3687dnl If set to "maybe" only enable if no other exclusive method in use. 3688dnl 3689if test ${with_bsdauth-'no'} != "no"; then 3690 AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) 3691 [AUTH_OBJS="$AUTH_OBJS bsdauth.lo"] 3692 [BSDAUTH_USAGE='[[-a type]] '] 3693 [AUTH_EXCL=BSD_AUTH; BAMAN=1], 3694 [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])]) 3695fi 3696 3697dnl 3698dnl SIA authentication for Tru64 Unix 3699dnl 3700if test ${CHECKSIA-'false'} = "true"; then 3701 AC_CHECK_FUNCS([sia_ses_init], [found=true], [found=false]) 3702 if test "$found" = "true"; then 3703 AUTH_EXCL=SIA 3704 AUTH_OBJS="$AUTH_OBJS sia.lo" 3705 fi 3706fi 3707 3708dnl 3709dnl extra FWTK libs + includes 3710dnl 3711if test ${with_fwtk-'no'} != "no"; then 3712 if test "$with_fwtk" != "yes"; then 3713 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}]) 3714 AX_APPEND_FLAG([-I${with_fwtk}], [CPPFLAGS]) 3715 with_fwtk=yes 3716 fi 3717 SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall" 3718 AUTH_OBJS="$AUTH_OBJS fwtk.lo" 3719fi 3720 3721dnl 3722dnl extra SecurID lib + includes 3723dnl 3724if test ${with_SecurID-'no'} != "no"; then 3725 if test "$with_SecurID" != "yes"; then 3726 : 3727 elif test -d /usr/ace/examples; then 3728 with_SecurID=/usr/ace/examples 3729 else 3730 with_SecurID=/usr/ace 3731 fi 3732 AX_APPEND_FLAG([-I${with_SecurID}], [CPPFLAGS]) 3733 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}]) 3734 SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread" 3735 AUTH_OBJS="$AUTH_OBJS securid5.lo"; 3736fi 3737 3738dnl 3739dnl Non-mutually exclusive auth checks come next. 3740dnl Note: passwd must be last of all! 3741dnl 3742 3743dnl 3744dnl Convert default authentication methods to with_* if 3745dnl no explicit authentication scheme was specified. 3746dnl 3747if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then 3748 for auth in $AUTH_DEF; do 3749 case $auth in 3750 passwd) : ${with_passwd='maybe'};; 3751 esac 3752 done 3753fi 3754 3755dnl 3756dnl Kerberos V 3757dnl There is an easy way and a hard way... 3758dnl 3759if test ${with_kerb5-'no'} != "no"; then 3760 AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "") 3761 if test -n "$KRB5CONFIG"; then 3762 AC_DEFINE(HAVE_KERB5) 3763 AUTH_OBJS="$AUTH_OBJS kerb5.lo" 3764 for f in `krb5-config --cflags`; do 3765 AX_APPEND_FLAG([$f], [CPPFLAGS]) 3766 done 3767 SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`" 3768 dnl 3769 dnl Try to determine whether we have Heimdal or MIT Kerberos 3770 dnl 3771 AC_MSG_CHECKING(whether we are using Heimdal) 3772 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [ 3773 AC_MSG_RESULT(yes) 3774 AC_DEFINE(HAVE_HEIMDAL) 3775 ], [ 3776 AC_MSG_RESULT(no) 3777 ] 3778 ) 3779 else 3780 AC_DEFINE(HAVE_KERB5) 3781 dnl 3782 dnl Use the specified directory, if any, else search for correct inc dir 3783 dnl 3784 if test "$with_kerb5" = "yes"; then 3785 found=no 3786 O_CPPFLAGS="$CPPFLAGS" 3787 for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do 3788 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" 3789 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]])], [found=yes; break]) 3790 done 3791 if test X"$found" = X"no"; then 3792 CPPFLAGS="$O_CPPFLAGS" 3793 AC_MSG_WARN([unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) 3794 fi 3795 else 3796 dnl XXX - try to include krb5.h here too 3797 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib]) 3798 AX_APPEND_FLAG([-I${with_kerb5}/include], [CPPFLAGS]) 3799 fi 3800 3801 dnl 3802 dnl Try to determine whether we have Heimdal or MIT Kerberos 3803 dnl 3804 AC_MSG_CHECKING(whether we are using Heimdal) 3805 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [ 3806 AC_MSG_RESULT(yes) 3807 AC_DEFINE(HAVE_HEIMDAL) 3808 # XXX - need to check whether -lcrypo is needed! 3809 SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1" 3810 AC_CHECK_LIB(roken, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lroken"]) 3811 ], [ 3812 AC_MSG_RESULT(no) 3813 SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err" 3814 AC_CHECK_LIB(krb5support, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support"]) 3815 ]) 3816 AUTH_OBJS="$AUTH_OBJS kerb5.lo" 3817 fi 3818 _LIBS="$LIBS" 3819 LIBS="${LIBS} ${SUDOERS_LIBS}" 3820 AC_CHECK_FUNCS([krb5_verify_user krb5_init_secure_context]) 3821 AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc], [ 3822 AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context], 3823 sudo_cv_krb5_get_init_creds_opt_free_two_args, [ 3824 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], 3825 [[krb5_get_init_creds_opt_free(NULL, NULL);]] 3826 )], 3827 [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes], 3828 [sudo_cv_krb5_get_init_creds_opt_free_two_args=no] 3829 ) 3830 ] 3831 ) 3832 ]) 3833 if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then 3834 AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS) 3835 fi 3836 LIBS="$_LIBS" 3837 AC_ARG_ENABLE(kerb5-instance, 3838 [AS_HELP_STRING([--enable-kerb5-instance], [instance string to append to the username (separated by a slash)])], 3839 [ case "$enableval" in 3840 yes) AC_MSG_ERROR([must give --enable-kerb5-instance an argument.]) 3841 ;; 3842 no) ;; 3843 *) SUDO_DEFINE_UNQUOTED(SUDO_KRB5_INSTANCE, "$enableval") 3844 ;; 3845 esac]) 3846fi 3847 3848dnl 3849dnl extra AFS libs and includes 3850dnl 3851if test ${with_AFS-'no'} = "yes"; then 3852 3853 # looks like the "standard" place for AFS libs is /usr/afsws/lib 3854 AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs" 3855 for i in $AFSLIBDIRS; do 3856 if test -d ${i}; then 3857 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [$i]) 3858 FOUND_AFSLIBDIR=true 3859 fi 3860 done 3861 if test -z "$FOUND_AFSLIBDIR"; then 3862 AC_MSG_WARN([unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.]) 3863 fi 3864 3865 # Order is important here. Note that we build AFS_LIBS from right to left 3866 # since AFS_LIBS may be initialized with BSD compat libs that must go last 3867 AFS_LIBS="-laudit ${AFS_LIBS}" 3868 for i in $AFSLIBDIRS; do 3869 if test -f ${i}/util.a; then 3870 AFS_LIBS="${i}/util.a ${AFS_LIBS}" 3871 FOUND_UTIL_A=true 3872 break; 3873 fi 3874 done 3875 if test -z "$FOUND_UTIL_A"; then 3876 AFS_LIBS="-lutil ${AFS_LIBS}" 3877 fi 3878 AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}" 3879 3880 # AFS includes may live in /usr/include on some machines... 3881 for i in /usr/afsws/include; do 3882 if test -d ${i}; then 3883 AX_APPEND_FLAG([-I${i}], [CPPFLAGS]) 3884 FOUND_AFSINCDIR=true 3885 fi 3886 done 3887 3888 if test -z "$FOUND_AFSLIBDIR"; then 3889 AC_MSG_WARN([unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.]) 3890 fi 3891 3892 AUTH_OBJS="$AUTH_OBJS afs.lo" 3893fi 3894 3895dnl 3896dnl extra DCE obj + lib 3897dnl Order of libs in HP-UX 10.x is important, -ldce must be last. 3898dnl 3899if test ${with_DCE-'no'} = "yes"; then 3900 DCE_OBJS="${DCE_OBJS} dce_pwent.o" 3901 SUDOERS_LIBS="${SUDOERS_LIBS} -ldce" 3902 AUTH_OBJS="$AUTH_OBJS dce.lo" 3903fi 3904 3905dnl 3906dnl extra S/Key lib and includes 3907dnl 3908if test "${with_skey-'no'}" = "yes"; then 3909 O_LDFLAGS="$LDFLAGS" 3910 if test "$with_skey" != "yes"; then 3911 AX_APPEND_FLAG([-I${with_skey}/include], [CPPFLAGS]) 3912 LDFLAGS="$LDFLAGS -L${with_skey}/lib" 3913 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib]) 3914 AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include <stdio.h>]) 3915 else 3916 found=no 3917 O_CPPFLAGS="$CPPFLAGS" 3918 for dir in "" "/usr/local" "/usr/contrib"; do 3919 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" 3920 AC_CHECK_HEADER([skey.h], [found=yes; break], [], [#include <stdio.h>]) 3921 done 3922 if test "$found" = "no" -o -z "$dir"; then 3923 CPPFLAGS="$O_CPPFLAGS" 3924 else 3925 LDFLAGS="$LDFLAGS -L${dir}/lib" 3926 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) 3927 fi 3928 if test "$found" = "no"; then 3929 AC_MSG_WARN([unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS]) 3930 fi 3931 fi 3932 AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])]) 3933 AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS)) 3934 3935 AC_MSG_CHECKING([for RFC1938-compliant skeychallenge]) 3936 AC_COMPILE_IFELSE( 3937 [AC_LANG_PROGRAM([[ 3938# include <stdio.h> 3939# include <skey.h>]], 3940 [[skeychallenge(NULL, NULL, NULL, 0);]] 3941 )], [ 3942 AC_DEFINE(HAVE_RFC1938_SKEYCHALLENGE) 3943 AC_MSG_RESULT([yes]) 3944 ], [ 3945 AC_MSG_RESULT([no]) 3946 ] 3947 ) 3948 3949 LDFLAGS="$O_LDFLAGS" 3950 SUDOERS_LIBS="${SUDOERS_LIBS} -lskey" 3951 AUTH_OBJS="$AUTH_OBJS rfc1938.lo" 3952fi 3953 3954dnl 3955dnl extra OPIE lib and includes 3956dnl 3957if test "${with_opie-'no'}" = "yes"; then 3958 O_LDFLAGS="$LDFLAGS" 3959 if test "$with_opie" != "yes"; then 3960 AX_APPEND_FLAG([-I${with_opie}/include], [CPPFLAGS]) 3961 LDFLAGS="$LDFLAGS -L${with_opie}/lib" 3962 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib]) 3963 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes], [found=no]) 3964 else 3965 found=no 3966 O_CPPFLAGS="$CPPFLAGS" 3967 for dir in "" "/usr/local" "/usr/contrib"; do 3968 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" 3969 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes; break]) 3970 done 3971 if test "$found" = "no" -o -z "$dir"; then 3972 CPPFLAGS="$O_CPPFLAGS" 3973 else 3974 LDFLAGS="$LDFLAGS -L${dir}/lib" 3975 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) 3976 fi 3977 if test "$found" = "no"; then 3978 AC_MSG_WARN([unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS]) 3979 fi 3980 fi 3981 AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])]) 3982 LDFLAGS="$O_LDFLAGS" 3983 SUDOERS_LIBS="${SUDOERS_LIBS} -lopie" 3984 AUTH_OBJS="$AUTH_OBJS rfc1938.lo" 3985fi 3986 3987dnl 3988dnl Check for shadow password routines if we have not already done so. 3989dnl If there is a specific list of functions to check we do that first. 3990dnl Otherwise, we check for SVR4-style and then SecureWare-style. 3991dnl 3992if test ${with_passwd-'no'} != "no"; then 3993 dnl 3994 dnl if crypt(3) not in libc, look elsewhere 3995 dnl 3996 _LIBS="$LIBS" 3997 AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [ 3998 test "${ac_cv_search_crypt}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_crypt}" 3999 ]) 4000 if test "${ac_cv_search_crypt}" != "no"; then 4001 AC_DEFINE(HAVE_CRYPT) 4002 fi 4003 LIBS="$_LIBS" 4004 4005 if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then 4006 _LIBS="$LIBS" 4007 LIBS="$LIBS $shadow_libs" 4008 found=no 4009 for func in $shadow_funcs; do 4010 AC_CHECK_FUNC([$func], [ 4011 dnl Enumerate shadow functions instead of using: 4012 dnl AC_DEFINE_UNQUOTED(AS_TR_CPP([HAVE_$func])) 4013 dnl for autoheader's sake and to catch template omissions. 4014 case "$func" in 4015 dispcrypt) 4016 AC_DEFINE(HAVE_DISPCRYPT) 4017 ;; 4018 getprpwnam) 4019 AC_DEFINE(HAVE_GETPRPWNAM) 4020 SECUREWARE=1 4021 ;; 4022 getpwnam_shadow) 4023 AC_DEFINE(HAVE_GETPWNAM_SHADOW) 4024 ;; 4025 getspnam) 4026 AC_DEFINE(HAVE_GETSPNAM) 4027 ;; 4028 iscomsec) 4029 AC_DEFINE(HAVE_ISCOMSEC) 4030 ;; 4031 *) 4032 AC_MSG_ERROR([unhandled shadow password function $func]) 4033 ;; 4034 esac 4035 found=yes 4036 ]) 4037 done 4038 if test "$found" = "no"; then 4039 shadow_libs= 4040 fi 4041 CHECKSHADOW=false 4042 LIBS="$_LIBS" 4043 fi 4044 if test "$CHECKSHADOW" = "true"; then 4045 AC_SEARCH_LIBS([getspnam], [gen shadow], [ 4046 AC_DEFINE(HAVE_GETSPNAM) 4047 test "${ac_cv_search_getspnam}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_getspnam}" 4048 CHECKSHADOW=false 4049 ]) 4050 fi 4051 if test "$CHECKSHADOW" = "true"; then 4052 AC_SEARCH_LIBS([getprpwnam], [sec security prot], [ 4053 AC_DEFINE(HAVE_GETPRPWNAM) 4054 test "${ac_cv_search_getprpwnam}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_getprpwnam}" 4055 SECUREWARE=1 4056 CHECKSHADOW=false 4057 ]) 4058 fi 4059 if test -n "$shadow_libs"; then 4060 # sudoers needs to link with shadow libs for password auth 4061 SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs" 4062 fi 4063 if test -n "$SECUREWARE"; then 4064 _LIBS="$LIBS" 4065 LIBS="$LIBS $shadow_libs" 4066 AC_CHECK_FUNCS([bigcrypt]) 4067 AUTH_OBJS="$AUTH_OBJS secureware.lo" 4068 # set_auth_parameters() and initprivs() are called from sudo.c 4069 AC_CHECK_FUNCS([set_auth_parameters initprivs], [test -n "$shadow_libs" && SUDO_LIBS="$SUDO_LIBS $shadow_libs"]) 4070 LIBS="$_LIBS" 4071 fi 4072fi 4073 4074dnl 4075dnl Solaris 11 added a 4th argument to the au_close() function 4076dnl 4077if test X"$with_bsm_audit" = X"yes"; then 4078 SUDO_FUNC_AU_CLOSE_SOLARIS11 4079fi 4080 4081dnl 4082dnl Choose event subsystem backend: poll or select 4083dnl 4084if test X"$enable_poll" = X""; then 4085 AC_CHECK_FUNCS([ppoll poll], [enable_poll=yes; break], [enable_poll=no]) 4086elif test X"$enable_poll" = X"yes"; then 4087 AC_CHECK_FUNCS([ppoll], [], AC_DEFINE(HAVE_POLL)) 4088fi 4089if test "$enable_poll" = "yes"; then 4090 COMMON_OBJS="${COMMON_OBJS} event_poll.lo" 4091else 4092 AC_CHECK_FUNCS([pselect]) 4093 COMMON_OBJS="${COMMON_OBJS} event_select.lo" 4094fi 4095 4096dnl 4097dnl extra lib and .o file for LDAP support 4098dnl 4099if test ${with_ldap-'no'} != "no"; then 4100 O_LDFLAGS="$LDFLAGS" 4101 if test "$with_ldap" != "yes"; then 4102 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib]) 4103 LDFLAGS="$LDFLAGS -L${with_ldap}/lib" 4104 if test -d "${with_ldap}/lib64"; then 4105 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib64]) 4106 LDFLAGS="$LDFLAGS -L${with_ldap}/lib64" 4107 fi 4108 AX_APPEND_FLAG([-I${with_ldap}/include], [CPPFLAGS]) 4109 with_ldap=yes 4110 fi 4111 SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo ldap_conf.lo" 4112 case "$SUDOERS_OBJS" in 4113 *ldap_util.lo*) ;; 4114 *) SUDOERS_OBJS="${SUDOERS_OBJS} ldap_util.lo";; 4115 esac 4116 LDAP="" 4117 4118 _LIBS="$LIBS" 4119 LDAP_LIBS="" 4120 IBMLDAP_EXTRA="" 4121 found=no 4122 # On HP-UX, libibmldap has a hidden dependency on libCsup 4123 case "$host_os" in 4124 hpux*|hiuxmpp*) AC_CHECK_LIB(Csup, main, [IBMLDAP_EXTRA=" -lCsup"]);; 4125 esac 4126 AC_SEARCH_LIBS([ldap_init], ["ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}" "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}]", [ 4127 test "${ac_cv_search_ldap_init}" != "none required" && LDAP_LIBS="${ac_cv_search_ldap_init}" 4128 found=yes 4129 ]) 4130 # If nothing linked, try -lldap and hope for the best 4131 if test "$found" = "no"; then 4132 LDAP_LIBS="-lldap" 4133 fi 4134 LIBS="${_LIBS} ${LDAP_LIBS}" 4135 dnl check if we need to link with -llber for ber_set_option 4136 OLIBS="$LIBS" 4137 AC_MSG_CHECKING([whether lber.h defines LBER_OPT_DEBUG_LEVEL]) 4138 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> 4139# include <lber.h>]], [[int opt=LBER_OPT_DEBUG_LEVEL;]])], [ 4140 AC_MSG_RESULT([yes]) 4141 AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no]) 4142 if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then 4143 LDAP_LIBS="$LDAP_LIBS -llber" 4144 fi 4145 ], [ 4146 AC_MSG_RESULT([no]) 4147 ]) 4148 dnl check if ldap.h includes lber.h for us 4149 AC_MSG_CHECKING([whether lber.h is needed]) 4150 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> 4151# include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [ 4152 AC_MSG_RESULT([yes]) 4153 AC_DEFINE(HAVE_LBER_H)]) 4154 4155 if test ${enable_sasl-'yes'} = "yes"; then 4156 found_sasl_h=no 4157 AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [ 4158 found_sasl_h=yes 4159 AC_CHECK_FUNCS([ldap_sasl_interactive_bind_s]) 4160 break 4161 ]) 4162 if test X${enable_sasl} = X"yes"; then 4163 if test X"$found_sasl_h" != X"yes"; then 4164 AC_MSG_ERROR([--enable-sasl specified but unable to locate SASL development headers.]) 4165 fi 4166 if test X"$ac_cv_func_ldap_sasl_interactive_bind_s" != X"yes"; then : 4167 AC_MSG_ERROR([--enable-sasl specified but SASL support is missing in your LDAP library]) 4168 fi 4169 fi 4170 fi 4171 AC_CHECK_HEADERS([ldapssl.h] [ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>]) 4172 AC_CHECK_FUNCS([ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np]) 4173 AC_CHECK_FUNCS([ldap_search_ext_s ldap_search_st], [break]) 4174 4175 if test X"$check_gss_krb5_ccache_name" = X"yes"; then 4176 AC_CHECK_LIB(gssapi, gss_krb5_ccache_name, 4177 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME) 4178 [LDAP_LIBS="${LDAP_LIBS} -lgssapi"], 4179 AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name, 4180 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME) 4181 [LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"]) 4182 ) 4183 4184 # gssapi headers may be separate or part of Kerberos V 4185 found=no 4186 O_CPPFLAGS="$CPPFLAGS" 4187 for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do 4188 test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" 4189 # Use AC_PREPROC_IFELSE to check existence to avoid caching 4190 # since we test with multiple values of CPPFLAGS 4191 AC_PREPROC_IFELSE([ 4192 AC_LANG_PROGRAM([[#include <gssapi/gssapi.h>]]) 4193 ], [ 4194 AC_CHECK_HEADERS([gssapi/gssapi.h]) 4195 break 4196 ], [ 4197 AC_PREPROC_IFELSE([ 4198 AC_LANG_PROGRAM([[#include <gssapi.h>]]) 4199 ], [ 4200 AC_CHECK_HEADERS([gssapi.h]) 4201 break 4202 ]) 4203 ]) 4204 done 4205 if test X"$ac_cv_header_gssapi_gssapi_h" != X"no"; then 4206 AC_CHECK_HEADERS([gssapi/gssapi_krb5.h]) 4207 elif test X"$ac_cv_header_gssapi_h" = X"no"; then 4208 CPPFLAGS="$O_CPPFLAGS" 4209 AC_MSG_WARN([unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS]) 4210 fi 4211 fi 4212 4213 SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}" 4214 LIBS="$_LIBS" 4215 LDFLAGS="$O_LDFLAGS" 4216fi 4217 4218# 4219# How to do dynamic object loading. 4220# We support dlopen() and sh_load(), else fall back to static loading. 4221# 4222case "$lt_cv_dlopen" in 4223 dlopen) 4224 AC_DEFINE(HAVE_DLOPEN) 4225 if test "$enable_static_sudoers" = "yes"; then 4226 AC_DEFINE(STATIC_SUDOERS_PLUGIN) 4227 SUDO_OBJS="${SUDO_OBJS} preload.o" 4228 STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la" 4229 AX_APPEND_FLAG([--tag=disable-shared], [SUDOERS_LDFLAGS]) 4230 AX_APPEND_FLAG([-static], [SUDOERS_LDFLAGS]) 4231 LT_STATIC="" 4232 else 4233 LT_STATIC="--tag=disable-static" 4234 fi 4235 ;; 4236 shl_load) 4237 AC_DEFINE(HAVE_SHL_LOAD) 4238 if test "$enable_static_sudoers" = "yes"; then 4239 AC_DEFINE(STATIC_SUDOERS_PLUGIN) 4240 SUDO_OBJS="${SUDO_OBJS} preload.o" 4241 STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la" 4242 AX_APPEND_FLAG([--tag=disable-shared], [SUDOERS_LDFLAGS]) 4243 AX_APPEND_FLAG([-static], [SUDOERS_LDFLAGS]) 4244 LT_STATIC="" 4245 else 4246 LT_STATIC="--tag=disable-static" 4247 fi 4248 ;; 4249 *) 4250 if test X"${ac_cv_func_dlopen}" = X"yes"; then 4251 AC_MSG_ERROR([dlopen present but libtool doesn't appear to support your platform.]) 4252 fi 4253 # Preload sudoers module symbols 4254 AC_DEFINE(STATIC_SUDOERS_PLUGIN) 4255 SUDO_OBJS="${SUDO_OBJS} preload.o" 4256 STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la" 4257 LT_STATIC="" 4258 ;; 4259esac 4260 4261# 4262# The check_symbols test can only succeed with a dynamic sudoers plugin. 4263# 4264if test X"$STATIC_SUDOERS" = X""; then 4265 SUDOERS_TEST_PROGS="${SUDOERS_TEST_PROGS}${SUDOERS_TEST_PROGS+ }check_symbols" 4266fi 4267 4268# 4269# We can only disable linking with the shared libsudo_util if 4270# sudoers is linked statically too. 4271# 4272if test "$enable_shared_libutil" = "no"; then 4273 if test X"$STATIC_SUDOERS" = X""; then 4274 AC_MSG_ERROR([--disable-shared-libutil may only be specified with --enable-static-sudoers or when dynamic linking is disabled.]) 4275 else 4276 # Do not install sudoers or libsudo_util. 4277 AX_APPEND_FLAG([-no-install], [SUDOERS_LDFLAGS]) 4278 AX_APPEND_FLAG([-no-install], [LIBUTIL_LDFLAGS]) 4279 fi 4280fi 4281 4282# On HP-UX, you cannot dlopen() a shared object that uses pthreads unless 4283# the main program is linked against -lpthread. We have no knowledge of 4284# what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads) 4285# so always link against -lpthread on HP-UX if it is available. 4286# This check should go after all other libraries tests. 4287case "$host_os" in 4288 hpux*|hiuxmpp*) 4289 AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"]) 4290 AC_DEFINE(_REENTRANT) 4291 ;; 4292esac 4293 4294dnl 4295dnl Check for log file, timestamp and iolog locations 4296dnl 4297if test "$utmp_style" = "LEGACY"; then 4298 SUDO_PATH_UTMP 4299fi 4300SUDO_LOGDIR 4301SUDO_LOGFILE 4302SUDO_RELAY_DIR 4303SUDO_RUNDIR 4304SUDO_VARDIR 4305SUDO_IO_LOGDIR 4306SUDO_TZDIR 4307 4308dnl 4309dnl Attempt to use _FORTIFY_SOURCE with sprintf. If the headers support 4310dnl it but libc does not, __sprintf_chk should be an undefined symbol. 4311dnl 4312if test "$enable_hardening" != "no"; then 4313 O_CPPFLAGS="$CPPFLAGS" 4314 AX_APPEND_FLAG([-D_FORTIFY_SOURCE=2], [CPPFLAGS]) 4315 AC_CACHE_CHECK([whether _FORTIFY_SOURCE may be specified], 4316 [sudo_cv_use_fortify_source], 4317 [AC_LINK_IFELSE([ 4318 AC_LANG_PROGRAM( 4319 [[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]] 4320 )], 4321 [sudo_cv_use_fortify_source=yes], 4322 [sudo_cv_use_fortify_source=no] 4323 ) 4324 ] 4325 [AC_LINK_IFELSE( 4326 [AC_LANG_PROGRAM([[]], [[]])], 4327 [sudo_cv_use_fortify_source=yes], 4328 [sudo_cv_use_fortify_source=no] 4329 ) 4330 ] 4331 ) 4332 if test "$sudo_cv_use_fortify_source" != yes; then 4333 CPPFLAGS="$O_CPPFLAGS" 4334 fi 4335fi 4336 4337dnl 4338dnl Turn warnings into errors. 4339dnl All compiler/loader tests after this point will fail if 4340dnl a warning is displayed (normally, warnings are not fatal). 4341dnl 4342AC_LANG_WERROR 4343 4344dnl 4345dnl If compiler supports the -static-libgcc flag use it unless we have 4346dnl GNU ld (which can avoid linking in libgcc when it is not needed). 4347dnl This test relies on AC_LANG_WERROR 4348dnl 4349if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes" -a -n "$GCC"; then 4350 AX_CHECK_COMPILE_FLAG([-static-libgcc], [AX_APPEND_FLAG([-Wc,-static-libgcc], [LT_LDFLAGS])]) 4351fi 4352 4353dnl 4354dnl We want to use DT_RUNPATH in preference to DT_RPATH in ELF binaries. 4355dnl Otherwise, LD_LIBRARY_PATH does not work when running the tests. 4356dnl We don't do this on NetBSD where RPATH already supports LD_LIBRARY_PATH. 4357dnl 4358case "$OS" in 4359 netbsd*) 4360 ;; 4361 *) 4362 AX_CHECK_LINK_FLAG([-Wl,--enable-new-dtags], [AX_APPEND_FLAG([-Wl,--enable-new-dtags], [LDFLAGS])]) 4363 ;; 4364esac 4365 4366dnl 4367dnl For fuzz_policy we redefine getaddrinfo() and freeaddrinfo(), but 4368dnl this can cause problems with ld.lld when sanitizers are enabled. 4369dnl 4370AX_CHECK_LINK_FLAG([-Wl,--allow-multiple-definition], [AX_APPEND_FLAG([-Wl,--allow-multiple-definition], [LDFLAGS])]) 4371 4372dnl 4373dnl Check for symbol visibility support. 4374dnl This test relies on AC_LANG_WERROR 4375dnl 4376if test -n "$GCC"; then 4377 AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [ 4378 AC_DEFINE(HAVE_DSO_VISIBILITY) 4379 CFLAGS="${CFLAGS} -fvisibility=hidden" 4380 LT_LDEXPORTS= 4381 LT_LDDEP= 4382 ]) 4383else 4384 case "$host_os" in 4385 hpux*|hiuxmpp*) 4386 AX_CHECK_COMPILE_FLAG([-Bhidden_def], [ 4387 # HP-UX cc may not allow __declspec(dllexport) to be 4388 # used in conjunction with #pragma HP_DEFINED_EXTERNAL 4389 # when redefining standard libc functions. 4390 AC_CACHE_CHECK([whether __declspec(dllexport) can be used when overriding libc functions], 4391 [sudo_cv_var_hpux_declspec_libc_function], 4392 [ 4393 _CFLAGS="$CFLAGS" 4394 CFLAGS="${CFLAGS} -Bhidden_def" 4395 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdlib.h> 4396 __declspec(dllexport) char * getenv(const char *n) { return NULL; }]])], [ 4397 sudo_cv_var_hpux_declspec_libc_function=yes 4398 ], [ 4399 sudo_cv_var_hpux_declspec_libc_function=no 4400 ]) 4401 CFLAGS="$_CFLAGS" 4402 ] 4403 ) 4404 if test "$sudo_cv_var_hpux_declspec_libc_function" = "yes"; then 4405 AC_DEFINE(HAVE_DSO_VISIBILITY) 4406 CFLAGS="${CFLAGS} -Bhidden_def" 4407 LT_LDEXPORTS= 4408 LT_LDDEP= 4409 fi 4410 ]) 4411 ;; 4412 solaris2*) 4413 AX_CHECK_COMPILE_FLAG([-xldscope=hidden], [ 4414 AC_DEFINE(HAVE_DSO_VISIBILITY) 4415 CFLAGS="${CFLAGS} -xldscope=hidden" 4416 LT_LDEXPORTS= 4417 LT_LDDEP= 4418 ]) 4419 ;; 4420 esac 4421fi 4422 4423dnl 4424dnl Check whether ld supports version scripts (only GNU and Solaris ld). 4425dnl If possible, we use this even if the compiler has symbol visibility 4426dnl support so we will notice mismatches between the exports file and 4427dnl sudo_dso_public annotations in the source code. 4428dnl This test relies on AC_LANG_WERROR 4429dnl 4430if test "$lt_cv_prog_gnu_ld" = "yes"; then 4431 AC_CACHE_CHECK([whether ld supports anonymous map files], 4432 [sudo_cv_var_gnu_ld_anon_map], 4433 [ 4434 sudo_cv_var_gnu_ld_anon_map=no 4435 cat > conftest.map <<-EOF 4436 { 4437 global: foo; 4438 local: *; 4439 }; 4440EOF 4441 _CFLAGS="$CFLAGS" 4442 CFLAGS="$CFLAGS $lt_prog_compiler_pic" 4443 _LDFLAGS="$LDFLAGS" 4444 LDFLAGS="$LDFLAGS -fpic -shared -Wl,--version-script,./conftest.map" 4445 AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])], 4446 [sudo_cv_var_gnu_ld_anon_map=yes]) 4447 CFLAGS="$_CFLAGS" 4448 LDFLAGS="$_LDFLAGS" 4449 ] 4450 ) 4451 if test "$sudo_cv_var_gnu_ld_anon_map" = "yes"; then 4452 LT_LDDEP="\$(shlib_map)"; LT_LDEXPORTS="-Wl,--version-script,\$(shlib_map)" 4453 fi 4454else 4455 case "$host_os" in 4456 solaris2*) 4457 AC_CACHE_CHECK([whether ld supports anonymous map files], 4458 [sudo_cv_var_solaris_ld_anon_map], 4459 [ 4460 sudo_cv_var_solaris_ld_anon_map=no 4461 cat > conftest.map <<-EOF 4462 { 4463 global: foo; 4464 local: *; 4465 }; 4466EOF 4467 _CFLAGS="$CFLAGS" 4468 CFLAGS="$CFLAGS $lt_prog_compiler_pic" 4469 _LDFLAGS="$LDFLAGS" 4470 LDFLAGS="$LDFLAGS -shared -Wl,-M,./conftest.map" 4471 AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])], 4472 [sudo_cv_var_solaris_ld_anon_map=yes]) 4473 CFLAGS="$_CFLAGS" 4474 LDFLAGS="$_LDFLAGS" 4475 ] 4476 ) 4477 if test "$sudo_cv_var_solaris_ld_anon_map" = "yes"; then 4478 LT_LDDEP="\$(shlib_map)"; LT_LDEXPORTS="-Wl,-M,\$(shlib_map)" 4479 fi 4480 ;; 4481 hpux*|hiuxmpp*) 4482 AC_CACHE_CHECK([whether ld supports controlling exported symbols], 4483 [sudo_cv_var_hpux_ld_symbol_export], 4484 [ 4485 sudo_cv_var_hpux_ld_symbol_export=no 4486 echo "+e foo" > conftest.opt 4487 _CFLAGS="$CFLAGS" 4488 CFLAGS="$CFLAGS $lt_prog_compiler_pic" 4489 _LDFLAGS="$LDFLAGS" 4490 if test -n "$GCC"; then 4491 LDFLAGS="$LDFLAGS -shared -Wl,-c,./conftest.opt" 4492 else 4493 LDFLAGS="$LDFLAGS -b -Wl,-c,./conftest.opt" 4494 fi 4495 AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])], 4496 [sudo_cv_var_hpux_ld_symbol_export=yes]) 4497 CFLAGS="$_CFLAGS" 4498 LDFLAGS="$_LDFLAGS" 4499 rm -f conftest.opt 4500 ] 4501 ) 4502 if test "$sudo_cv_var_hpux_ld_symbol_export" = "yes"; then 4503 LT_LDDEP="\$(shlib_opt)"; LT_LDEXPORTS="-Wl,-c,\$(shlib_opt)" 4504 fi 4505 ;; 4506 esac 4507fi 4508 4509dnl 4510dnl Check for -fsanitize support 4511dnl This test relies on AC_LANG_WERROR 4512dnl 4513if test "$enable_sanitizer" != "no"; then 4514 AX_CHECK_COMPILE_FLAG([$enable_sanitizer], [ 4515 AX_APPEND_FLAG([$enable_sanitizer], [ASAN_CFLAGS]) 4516 AX_APPEND_FLAG([-XCClinker], [ASAN_LDFLAGS]) 4517 AX_APPEND_FLAG([$enable_sanitizer], [ASAN_LDFLAGS]) 4518 AX_CHECK_COMPILE_FLAG([-fno-omit-frame-pointer], [ 4519 AX_APPEND_FLAG([-fno-omit-frame-pointer], [CFLAGS]) 4520 ]) 4521 AC_DEFINE(NO_LEAKS) 4522 dnl 4523 dnl check for libasan.so so we can preload it before sudo_intercept.so 4524 dnl gcc links asan dynamically, clang links it statically. 4525 dnl 4526 case `$CC --version 2>&1` in 4527 *gcc*) 4528 libasan=`$CC -print-file-name=libasan.so 2>/dev/null` 4529 if test -n "$libasan" -a X"$libasan" != X"libasan.so"; then 4530 SUDO_DEFINE_UNQUOTED(_PATH_ASAN_LIB, "$libasan", [Path to the libasan.so shared library]) 4531 fi 4532 ;; 4533 esac 4534 ], [ 4535 AC_MSG_ERROR([$CC does not support the $enable_sanitizer flag]) 4536 ]) 4537fi 4538if test "$enable_fuzzer" = "yes"; then 4539 AX_CHECK_COMPILE_FLAG([-fsanitize=fuzzer-no-link], [ 4540 AX_APPEND_FLAG([-fsanitize=fuzzer-no-link], [ASAN_CFLAGS]) 4541 AX_APPEND_FLAG([-XCClinker], [ASAN_LDFLAGS]) 4542 AX_APPEND_FLAG([-fsanitize=fuzzer-no-link], [ASAN_LDFLAGS]) 4543 if test -z "$FUZZ_ENGINE"; then 4544 FUZZ_ENGINE="-fsanitize=fuzzer" 4545 fi 4546 AX_CHECK_COMPILE_FLAG([-fno-omit-frame-pointer], [ 4547 AX_APPEND_FLAG([-fno-omit-frame-pointer], [CFLAGS]) 4548 ]) 4549 # Use CFLAGS, not CPPFLAGS to match oss-fuzz behavior 4550 AX_APPEND_FLAG([-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION], [CFLAGS]) 4551 AC_DEFINE(NO_LEAKS) 4552 ], [ 4553 AC_MSG_ERROR([$CC does not support the -fsanitize=fuzzer-no-link flag]) 4554 ]) 4555else 4556 # Not using compiler fuzzing support, link with stub library. 4557 FUZZ_ENGINE='$(top_builddir)/lib/fuzzstub/libsudo_fuzzstub.la' 4558fi 4559 4560dnl 4561dnl Check for PIE executable support if using gcc. 4562dnl This test relies on AC_LANG_WERROR 4563dnl 4564if test -n "$GCC"; then 4565 if test -z "$enable_pie"; then 4566 case "$host_os" in 4567 linux*) 4568 # Attempt to build with PIE support 4569 enable_pie="maybe" 4570 ;; 4571 esac 4572 fi 4573 if test -n "$enable_pie"; then 4574 if test "$enable_pie" = "no"; then 4575 AX_CHECK_COMPILE_FLAG([-fno-pie], [ 4576 _CFLAGS="$CFLAGS" 4577 CFLAGS="$CFLAGS -fno-pie" 4578 AX_CHECK_LINK_FLAG([-nopie], [ 4579 PIE_CFLAGS="-fno-pie" 4580 PIE_LDFLAGS="-nopie" 4581 ]) 4582 CFLAGS="$_CFLAGS" 4583 ]) 4584 else 4585 AX_CHECK_COMPILE_FLAG([-fPIE], [ 4586 _CFLAGS="$CFLAGS" 4587 CFLAGS="$CFLAGS -fPIE" 4588 AX_CHECK_LINK_FLAG([-pie], [ 4589 if test "$enable_pie" = "maybe"; then 4590 SUDO_WORKING_PIE([enable_pie=yes], []) 4591 fi 4592 if test "$enable_pie" = "yes"; then 4593 PIE_CFLAGS="-fPIE" 4594 PIE_LDFLAGS="-Wc,-fPIE -pie" 4595 fi 4596 ]) 4597 CFLAGS="$_CFLAGS" 4598 ]) 4599 fi 4600 fi 4601fi 4602if test "$enable_pie" != "yes"; then 4603 # Solaris 11.1 and higher supports tagging binaries to use ASLR 4604 case "$host_os" in 4605 solaris2.1[[1-9]]|solaris2.[[2-9]][[0-9]]) 4606 AX_CHECK_LINK_FLAG([-Wl,-z,aslr], [AX_APPEND_FLAG([-Wl,-z,aslr], [PIE_LDFLAGS])]) 4607 ;; 4608 esac 4609fi 4610 4611dnl 4612dnl Check for -fstack-protector and -z relro support 4613dnl This test relies on AC_LANG_WERROR 4614dnl 4615if test "$enable_hardening" != "no" && test "$enable_ssp" != "no"; then 4616 AC_CACHE_CHECK([for compiler stack protector support], 4617 [sudo_cv_var_stack_protector], 4618 [ 4619 # Avoid CFLAGS since the compiler might optimize away our test. 4620 # We don't want CPPFLAGS or LIBS to interfere with the test but 4621 # keep LDFLAGS as it may have an rpath needed to find the ssp lib. 4622 _CPPFLAGS="$CPPFLAGS" 4623 _CFLAGS="$CFLAGS" 4624 _LDFLAGS="$LDFLAGS" 4625 _LIBS="$LIBS" 4626 CPPFLAGS= 4627 LIBS= 4628 4629 sudo_cv_var_stack_protector="-fstack-protector-strong" 4630 CFLAGS="$sudo_cv_var_stack_protector" 4631 LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector" 4632 AC_LINK_IFELSE([ 4633 AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT], 4634 [[char buf[1024]; buf[1023] = '\0';]]) 4635 ], [], [ 4636 sudo_cv_var_stack_protector="-fstack-protector-all" 4637 CFLAGS="$sudo_cv_var_stack_protector" 4638 LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector" 4639 AC_LINK_IFELSE([ 4640 AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT], 4641 [[char buf[1024]; buf[1023] = '\0';]]) 4642 ], [], [ 4643 sudo_cv_var_stack_protector="-fstack-protector" 4644 CFLAGS="$sudo_cv_var_stack_protector" 4645 LDFLAGS="$_LDFLAGS $sudo_cv_var_stack_protector" 4646 AC_LINK_IFELSE([ 4647 AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT], 4648 [[char buf[1024]; buf[1023] = '\0';]]) 4649 ], [], [ 4650 sudo_cv_var_stack_protector=no 4651 ]) 4652 ]) 4653 ]) 4654 CPPFLAGS="$_CPPFLAGS" 4655 CFLAGS="$_CFLAGS" 4656 LDFLAGS="$_LDFLAGS" 4657 LIBS="$_LIBS" 4658 ] 4659 ) 4660 if test X"$sudo_cv_var_stack_protector" != X"no"; then 4661 SSP_CFLAGS="$sudo_cv_var_stack_protector" 4662 SSP_LDFLAGS="-Wc,$sudo_cv_var_stack_protector" 4663 fi 4664fi 4665if test "$enable_hardening" != "no"; then 4666 AX_CHECK_LINK_FLAG([-fstack-clash-protection], [ 4667 AX_APPEND_FLAG([-fstack-clash-protection], [SSP_CFLAGS]) 4668 AX_APPEND_FLAG([-Wc,-fstack-clash-protection], [SSP_LDFLAGS]) 4669 ]) 4670 AX_CHECK_LINK_FLAG([-Wl,-z,relro], [AX_APPEND_FLAG([-Wl,-z,relro], [LDFLAGS])]) 4671 AX_CHECK_LINK_FLAG([-Wl,-z,noexecstack], [AX_APPEND_FLAG([-Wl,-z,noexecstack], [LDFLAGS])]) 4672fi 4673 4674dnl 4675dnl Use passwd auth module? 4676dnl 4677case "$with_passwd" in 4678yes|maybe) 4679 AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo" 4680 if test "${ac_cv_search_crypt}" = "no"; then 4681 AC_MSG_WARN([no crypt function found, assuming plaintext passwords]) 4682 fi 4683 ;; 4684*) 4685 AC_DEFINE(WITHOUT_PASSWD) 4686 if test -z "$AUTH_OBJS"; then 4687 AC_MSG_ERROR([no authentication methods defined.]) 4688 fi 4689 ;; 4690esac 4691AUTH_OBJS=${AUTH_OBJS# } 4692 4693dnl 4694dnl LIBS may contain duplicates from SUDO_LIBS, SUDOERS_LIBS, or NET_LIBS 4695dnl 4696if test -n "$LIBS"; then 4697 L="$LIBS" 4698 LIBS= 4699 for l in ${L}; do 4700 dupe=0 4701 for sl in ${SUDO_LIBS} ${SUDOERS_LIBS} ${NET_LIBS}; do 4702 test $l = $sl && dupe=1 4703 done 4704 test $dupe = 0 && LIBS="${LIBS} $l" 4705 done 4706fi 4707 4708dnl 4709dnl OS-specific initialization 4710dnl 4711AC_DEFINE_UNQUOTED(os_init, $OS_INIT, [Define to an OS-specific initialization function or `os_init_common'.]) 4712 4713dnl 4714dnl We add -Wall and -Werror after all tests so they don't cause failures 4715dnl 4716if test -n "$GCC"; then 4717 if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then 4718 dnl 4719 dnl Default warnings for development use. 4720 dnl 4721 CFLAGS="${CFLAGS} -Wall -Wsign-compare -Wpointer-arith -Wno-unknown-pragmas" 4722 AX_CHECK_COMPILE_FLAG([-Wshadow], [CFLAGS="$CFLAGS -Wshadow"]) 4723 dnl 4724 dnl The fallthrough attribute is supported by gcc 7.0 and clang 10. 4725 dnl This test relies on AC_LANG_WERROR. 4726 dnl 4727 AC_CACHE_CHECK([whether $CC supports the fallthrough attribute], 4728 [sudo_cv_var_fallthrough_attribute], 4729 [AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 4730 int main(int argc, char *argv[]) 4731 { 4732 int num = argc + 1; 4733 switch (num) { 4734 case 1: 4735 num = 0; 4736 __attribute__((__fallthrough__)); 4737 case 0: 4738 num++; 4739 } 4740 return num; 4741 } 4742 ]])], 4743 [ 4744 sudo_cv_var_fallthrough_attribute=yes 4745 ], 4746 [ 4747 sudo_cv_var_fallthrough_attribute=no] 4748 )] 4749 ) 4750 if test X"$sudo_cv_var_fallthrough_attribute" = X"yes"; then 4751 AC_DEFINE(HAVE_FALLTHROUGH_ATTRIBUTE) 4752 CFLAGS="$CFLAGS -Wimplicit-fallthrough" 4753 fi 4754 fi 4755 if test X"$enable_werror" = X"yes"; then 4756 CFLAGS="${CFLAGS} -Werror" 4757 fi 4758 case "$host" in 4759 # Avoid unwanted warnings on macOS 4760 darwin*) CFLAGS="${CFLAGS} -Wno-deprecated-declarations";; 4761 esac 4762fi 4763 4764dnl 4765dnl Skip regress tests and sudoers validation checks if cross compiling. 4766dnl 4767CROSS_COMPILING="$cross_compiling" 4768 4769dnl 4770dnl Set exec_prefix 4771dnl 4772test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)' 4773 4774dnl 4775dnl Expand exec_prefix in in variables used by the manual pages 4776dnl 4777oexec_prefix="$exec_prefix" 4778if test "$exec_prefix" = '$(prefix)'; then 4779 if test "$prefix" = "NONE"; then 4780 exec_prefix="$ac_default_prefix" 4781 else 4782 exec_prefix="$prefix" 4783 fi 4784fi 4785 4786# Update exec_prefix in intercept_file 4787_intercept_file= 4788while test X"$intercept_file" != X"$_intercept_file"; do 4789 _intercept_file="$intercept_file" 4790 eval intercept_file="$_intercept_file" 4791done 4792 4793# Update exec_prefix in noexec_file 4794_noexec_file= 4795while test X"$noexec_file" != X"$_noexec_file"; do 4796 _noexec_file="$noexec_file" 4797 eval noexec_file="$_noexec_file" 4798done 4799 4800# Update exec_prefix in sesh_file 4801_sesh_file= 4802while test X"$sesh_file" != X"$_sesh_file"; do 4803 _sesh_file="$sesh_file" 4804 eval sesh_file="$_sesh_file" 4805done 4806 4807# Update exec_prefix in plugindir 4808_plugindir= 4809while test X"$plugindir" != X"$_plugindir"; do 4810 _plugindir="$plugindir" 4811 eval plugindir="$_plugindir" 4812done 4813exec_prefix="$oexec_prefix" 4814 4815dnl 4816dnl Defer setting _PATH_SUDO_NOEXEC, etc until after exec_prefix is set 4817dnl 4818if test X"$enable_intercept" != X"no"; then 4819 SUDO_OBJS="${SUDO_OBJS} intercept.pb-c.lo" 4820 PROGS="${PROGS} sudo_intercept.la" 4821 INSTALL_INTERCEPT="install-intercept" 4822 4823 # Can't use sanitizers with LD_PRELOAD 4824 if test "$enable_sanitizer" != "yes"; then 4825 CHECK_INTERCEPT=check_intercept 4826 fi 4827 4828 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_INTERCEPT, "$intercept_file", [The fully qualified pathname of sudo_intercept.so]) 4829fi 4830if test X"$with_noexec" != X"no"; then 4831 PROGS="${PROGS} sudo_noexec.la" 4832 INSTALL_NOEXEC="install-noexec" 4833 4834 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) 4835fi 4836if test X"$with_selinux" != X"no"; then 4837 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file") 4838else 4839 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, NULL) 4840fi 4841if test X"$enable_shared" != X"no"; then 4842 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$plugindir/") 4843 AC_DEFINE(ENABLE_SUDO_PLUGIN_API, 1, [Define to 1 to enable sudo's plugin interface.]) 4844else 4845 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, NULL) 4846fi 4847 4848dnl 4849dnl Add -R options to LDFLAGS, etc. 4850dnl 4851if test X"$LDFLAGS_R" != X""; then 4852 LDFLAGS="$LDFLAGS $LDFLAGS_R" 4853fi 4854if test X"$SUDOERS_LDFLAGS_R" != X""; then 4855 SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS $SUDOERS_LDFLAGS_R" 4856fi 4857if test X"$ZLIB_R" != X""; then 4858 ZLIB="$ZLIB_R $ZLIB" 4859fi 4860 4861dnl 4862dnl Trim leading spaces 4863dnl 4864CFLAGS=${CFLAGS# } 4865CPPFLAGS=${CPPFLAGS# } 4866LDFLAGS=${LDFLAGS# } 4867SUDO_LDFLAGS=${SUDO_LDFLAGS# } 4868SUDOERS_LDFLAGS=${SUDOERS_LDFLAGS# } 4869LIBS=${LIBS# } 4870SUDO_LIBS=${SUDO_LIBS# } 4871SUDOERS_LIBS=${SUDOERS_LIBS# } 4872 4873dnl 4874dnl Override default configure dirs for the Makefile 4875dnl 4876if test X"$prefix" = X"NONE"; then 4877 test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man' 4878else 4879 test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man' 4880fi 4881test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' 4882test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' 4883test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec' 4884test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include' 4885test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share' 4886test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' 4887test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' 4888test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' 4889test "$runstatedir" = '${localstatedir}/run' && runstatedir='$(localstatedir)/run' 4890test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc' 4891 4892dnl 4893dnl Substitute into the Makefile and man pages 4894dnl 4895if test X"$INIT_SCRIPT" != X""; then 4896 AC_CONFIG_FILES([etc/init.d/$INIT_SCRIPT]) 4897elif test X"$TMPFILES_D" != X""; then 4898 AC_CONFIG_FILES([etc/init.d/sudo.conf]) 4899fi 4900 4901AC_CONFIG_FILES([Makefile doc/Makefile examples/Makefile examples/sudo.conf include/Makefile lib/eventlog/Makefile lib/fuzzstub/Makefile lib/iolog/Makefile lib/logsrv/Makefile lib/protobuf-c/Makefile lib/util/Makefile lib/util/util.exp logsrvd/Makefile src/intercept.exp src/sudo_usage.h src/Makefile plugins/audit_json/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/sample_approval/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) 4902 4903AC_OUTPUT 4904 4905dnl 4906dnl Summarize configuration 4907dnl 4908echo "" >&AS_MESSAGE_FD 4909echo "Configured Sudo version $PACKAGE_VERSION" >&AS_MESSAGE_FD 4910echo " Compiler settings:" >&AS_MESSAGE_FD 4911echo " prefix : $prefix" >&AS_MESSAGE_FD 4912echo " compiler : $CC" >&AS_MESSAGE_FD 4913echo " compiler options : $CFLAGS" >&AS_MESSAGE_FD 4914echo " preprocessor options : $CPPFLAGS" >&AS_MESSAGE_FD 4915echo " linker options : $LDFLAGS" >&AS_MESSAGE_FD 4916echo " front-end libraries : $SUDO_LIBS" >&AS_MESSAGE_FD 4917echo " sudoers libraries : $SUDOERS_LIBS" >&AS_MESSAGE_FD 4918echo " extra libraries : $LIBS" >&AS_MESSAGE_FD 4919if test "${enable_sanitizer-no}" != "no"; then 4920 echo " sanitizer options : ${enable_sanitizer}" >&AS_MESSAGE_FD 4921fi 4922if test X"$FUZZ_LD" != X"\$(CC)"; then 4923 echo " fuzzing linker : ${FUZZ_LD}" >&AS_MESSAGE_FD 4924fi 4925if test X"$FUZZ_ENGINE" != X"\$(top_builddir)/lib/fuzzstub/libsudo_fuzzstub.la"; then 4926 echo " fuzzing engine : ${FUZZ_ENGINE}" >&AS_MESSAGE_FD 4927fi 4928echo " Plugin options:" >&AS_MESSAGE_FD 4929echo " plugin support : ${SHLIB_ENABLE}" >&AS_MESSAGE_FD 4930echo " Sudoers plugin static : ${enable_static_sudoers-no}" >&AS_MESSAGE_FD 4931echo " Python plugin : ${enable_python-no}" >&AS_MESSAGE_FD 4932if test "${enable_python-no}" != "no"; then 4933 echo " Python CFLAGS : ${PYTHON_INCLUDE}" >&AS_MESSAGE_FD 4934 echo " Python LDFLAGS : ${PYTHON_LIBS}" >&AS_MESSAGE_FD 4935fi 4936echo " Optional features:" >&AS_MESSAGE_FD 4937echo " log client : ${enable_log_client-yes}" >&AS_MESSAGE_FD 4938echo " log server : ${enable_log_server-yes}" >&AS_MESSAGE_FD 4939echo " log client/server TLS : ${enable_openssl-no}" >&AS_MESSAGE_FD 4940case "$host_os" in 4941 linux*) echo " SELinux RBAC : ${with_selinux-yes}" >&AS_MESSAGE_FD;; 4942esac 4943echo " Optional sudoers back-ends:" >&AS_MESSAGE_FD 4944echo " LDAP : ${with_ldap-no}" >&AS_MESSAGE_FD 4945if test "${with_ldap-no}" != "no"; then 4946 echo " ldap configuration : ${ldap_conf}" >&AS_MESSAGE_FD 4947 echo " ldap secret : ${ldap_secret}" >&AS_MESSAGE_FD 4948 echo " SASL authentication : ${enable_sasl-no}" >&AS_MESSAGE_FD 4949fi 4950echo " SSSD : ${with_sssd-no}" >&AS_MESSAGE_FD 4951if test "${with_sssd-no}" != "no"; then 4952 echo " SSSD config path : ${sssd_conf}" >&AS_MESSAGE_FD 4953 if test "${sssd_lib}" = \""LIBDIR\""; then 4954 echo " SSSD lib dir : ${libdir}" >&AS_MESSAGE_FD 4955 else 4956 echo " SSSD lib dir : ${sssd_lib}" >&AS_MESSAGE_FD 4957 fi 4958fi 4959echo " Authentication options:" >&AS_MESSAGE_FD 4960echo " require authentication : ${enable_authentication-yes}" >&AS_MESSAGE_FD 4961auth_methods=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'` 4962echo " authentication methods : ${auth_methods}" >&AS_MESSAGE_FD 4963if test "${with_pam-no}" = "yes"; then 4964 echo " pam session support : ${pam_session}" >&AS_MESSAGE_FD 4965 echo " pam login service : ${pam_login_service}" >&AS_MESSAGE_FD 4966fi 4967if test "${with_kerb5-no}" != "no"; then 4968 echo " kerb5 instance string : ${with_kerb5-none}" >&AS_MESSAGE_FD 4969fi 4970if test "${with_opie-no}-${with_skey-no}" != "no-no"; then 4971 echo " long OTP prompt : ${long_otp_prompt-no}" >&AS_MESSAGE_FD 4972fi 4973echo " group exempt from passwords : ${with_exempt-none}" >&AS_MESSAGE_FD 4974echo " password prompt : ${passprompt}" >&AS_MESSAGE_FD 4975echo " password prompt timeout : ${password_timeout} minutes" >&AS_MESSAGE_FD 4976echo " password tries : ${passwd_tries}" >&AS_MESSAGE_FD 4977echo " bad password message : ${badpass_message}" >&AS_MESSAGE_FD 4978if test "$insults" = "on"; then 4979 i="" 4980 test "$enable_offensive_insults" = "yes" && i="offensive ${i}" 4981 test "$with_python_insults" = "yes" && i="python ${i}" 4982 test "$with_goons_insults" = "yes" && i="goons ${i}" 4983 test "$with_hal_insults" = "yes" && i="hal ${i}" 4984 test "$with_csops_insults" = "yes" && i="csops ${i}" 4985 test "$with_classic_insults" = "yes" && i="classic ${i}" 4986else 4987 i=no 4988fi 4989echo " insults : $i" >&AS_MESSAGE_FD 4990echo " display lecture : ${lecture}" >&AS_MESSAGE_FD 4991echo " timestamp (credential) type : ${timestamp_type}" >&AS_MESSAGE_FD 4992echo " timestamp (credential) timeout: ${timeout} minutes" >&AS_MESSAGE_FD 4993echo " Logging options:" >&AS_MESSAGE_FD 4994echo " logging default : ${with_logging}" >&AS_MESSAGE_FD 4995echo " syslog facility : ${logfac}" >&AS_MESSAGE_FD 4996echo " syslog priority allowed : ${goodpri}" >&AS_MESSAGE_FD 4997echo " syslog priority denied : ${badpri}" >&AS_MESSAGE_FD 4998echo " log file path : ${logpath}" >&AS_MESSAGE_FD 4999echo " log file includes hostname : ${enable_log_host-no}" >&AS_MESSAGE_FD 5000echo " log file line length : ${loglen}" >&AS_MESSAGE_FD 5001echo " compress I/O logs : ${enable_zlib}" >&AS_MESSAGE_FD 5002case "$host_os" in 5003 linux*) echo " Linux audit : ${with_linux_audit-no}" >&AS_MESSAGE_FD;; 5004 solaris2.11*) echo " Solaris audit : ${with_solaris_audit-no}" >&AS_MESSAGE_FD;; 5005 *) echo " BSM audit : ${with_bsm_audit-no}" >&AS_MESSAGE_FD;; 5006esac 5007echo " run mailer as root : ${enable_root_mailer-yes}" >&AS_MESSAGE_FD 5008echo " warning/error mail recipient : ${mailto}" >&AS_MESSAGE_FD 5009echo " warning/error mail subject : ${mailsub}" >&AS_MESSAGE_FD 5010echo " mail if user not in sudoers : ${mail_no_user}" >&AS_MESSAGE_FD 5011echo " mail if user not on host : ${mail_no_host}" >&AS_MESSAGE_FD 5012echo " mail if command not allowed : ${mail_no_perms}" >&AS_MESSAGE_FD 5013echo " Pathnames:" >&AS_MESSAGE_FD 5014echo " log directory : ${log_dir}" >&AS_MESSAGE_FD 5015echo " plugin directory : ${plugindir}" >&AS_MESSAGE_FD 5016echo " run directory : ${rundir}" >&AS_MESSAGE_FD 5017echo " var directory : ${vardir}" >&AS_MESSAGE_FD 5018echo " I/O log directory : ${iolog_dir}" >&AS_MESSAGE_FD 5019echo " sudo_logsrvd relay directory : ${relay_dir}" >&AS_MESSAGE_FD 5020echo " time zone directory : ${tzdir}" >&AS_MESSAGE_FD 5021echo " path to sendmail : ${with_sendmail}" >&AS_MESSAGE_FD 5022if test -n "$TMPFILES_D"; then 5023 echo " systemd tempfiles dir : ${TMPFILES_D}" >&AS_MESSAGE_FD 5024fi 5025if test ${with_netsvc-"no"} != "no"; then 5026 echo " netsvc file : ${netsvc_conf}" >&AS_MESSAGE_FD 5027elif test ${with_nsswitch-"yes"} != "no"; then 5028 echo " nsswitch file : ${nsswitch_conf}" >&AS_MESSAGE_FD 5029fi 5030echo " noexec file : ${noexec_file}" >&AS_MESSAGE_FD 5031echo " secure path : ${with_secure_path-no}" >&AS_MESSAGE_FD 5032echo " askpass helper file : ${with_askpass-no}" >&AS_MESSAGE_FD 5033echo " device search path : ${devsearch}" >&AS_MESSAGE_FD 5034echo " Other options:" >&AS_MESSAGE_FD 5035if test "${with_devel-no}" != "no"; then 5036 echo " development build : ${with_devel}" >&AS_MESSAGE_FD 5037fi 5038case "$host_os" in 5039 solaris2*) echo " Solaris project support : ${with_project-no}" >&AS_MESSAGE_FD;; 5040esac 5041if test "${with_logincap+set}" = "set"; then 5042 echo " /etc/login.conf support : ${with_logincap}" >&AS_MESSAGE_FD 5043fi 5044echo " fully-qualified domain names : ${fqdn}" >&AS_MESSAGE_FD 5045echo " default umask : ${sudo_umask}" >&AS_MESSAGE_FD 5046echo " umask override : ${umask_override}" >&AS_MESSAGE_FD 5047echo " default runas user : ${runas_default}" >&AS_MESSAGE_FD 5048echo " probe network interfaces : ${with_interfaces-yes}" >&AS_MESSAGE_FD 5049echo " allow root to run sudo : ${root_sudo}" >&AS_MESSAGE_FD 5050echo " reset environment for commands: ${env_reset}" >&AS_MESSAGE_FD 5051echo " run shell if no args : ${enable_noargs_shell-no}" >&AS_MESSAGE_FD 5052echo " ignore '.' or '' in \$PATH : ${ignore_dot}" >&AS_MESSAGE_FD 5053echo " disable path info : ${enable_path_info-no}" >&AS_MESSAGE_FD 5054echo " sudoers file mode : ${SUDOERS_MODE}" >&AS_MESSAGE_FD 5055echo " sudoers file owner : ${SUDOERS_UID}:${SUDOERS_GID}" >&AS_MESSAGE_FD 5056echo " default visudo editor : ${editor}" >&AS_MESSAGE_FD 5057echo " visudo supports \$EDITOR : ${env_editor}" >&AS_MESSAGE_FD 5058if test "${enable_env_debug+set}" = "set"; then 5059 echo " environment debugging : ${enable_env_debug-no}" >&AS_MESSAGE_FD 5060fi 5061echo "" >&AS_MESSAGE_FD 5062 5063dnl 5064dnl Display any warnings/info the user needs to know about at the end. 5065dnl 5066if test "$openssl_missing" = "yes"; then 5067 AC_MSG_WARN([OpenSSL dev libraries not found, Sudo logsrv connections will not be encrypted.]) 5068fi 5069if test "$with_pam" = "yes"; then 5070 case $host_os in 5071 hpux*|hiuxmpp*) 5072 if test -f /usr/lib/security/libpam_hpsec.so.1; then 5073 AC_MSG_NOTICE([you may wish to add the following line to /etc/pam.conf]) 5074 AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login]) 5075 fi 5076 ;; 5077 linux*) 5078 AC_MSG_NOTICE([you will need to customize examples/pam.conf and install it as /etc/pam.d/sudo]) 5079 ;; 5080 esac 5081fi 5082dnl 5083dnl Warn user if they may need to clear rundir manually. 5084dnl 5085case "$rundir" in 5086 /run/*|/var/run/*) 5087 clear_rundir=0 5088 ;; 5089 *) 5090 clear_rundir=1 5091 ;; 5092esac 5093if test $clear_rundir -eq 1; then 5094 AC_MSG_NOTICE([warning: the $rundir/ts directory must be cleared at boot time.]) 5095 AC_MSG_NOTICE([ You may need to create a startup item to do this.]) 5096fi 5097 5098dnl 5099dnl Autoheader templates 5100dnl 5101AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.]) 5102AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.]) 5103AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.]) 5104AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.]) 5105AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.]) 5106AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.]) 5107AH_TEMPLATE(ENV_RESET, [Define to 1 to enable environment resetting by default.]) 5108AH_TEMPLATE(PYTHON_INSULTS, [Define to 1 if you want insults from "Monty Python's Flying Circus".]) 5109AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".]) 5110AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.]) 5111AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.]) 5112AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.]) 5113AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.]) 5114AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.]) 5115AH_TEMPLATE(HAVE_CRYPT, [Define to 1 if you have the `crypt' function.]) 5116AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.]) 5117AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.]) 5118AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.]) 5119AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.]) 5120AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the `dlopen' function.]) 5121AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.]) 5122AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.]) 5123AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.]) 5124AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords).]) 5125AH_TEMPLATE(HAVE_GETPWNAM_SHADOW, [Define to 1 if you have the `getpwnam_shadow' function.]) 5126AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords).]) 5127AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.]) 5128AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.]) 5129AH_TEMPLATE(HAVE_INET_NTOP, [Define to 1 if you have the `inet_ntop' function.]) 5130AH_TEMPLATE(HAVE_INET_PTON, [Define to 1 if you have the `inet_pton' function.]) 5131AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled).]) 5132AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.]) 5133AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.]) 5134AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.]) 5135AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.]) 5136AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.]) 5137AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not).]) 5138AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.]) 5139AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the <libintl.h> header file.]) 5140AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.]) 5141AH_TEMPLATE(HAVE_SSSD, [Define to 1 to enable SSSD support.]) 5142AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.]) 5143AH_TEMPLATE(HAVE_OPTRESET, [Define to 1 if you have the `optreset' symbol.]) 5144AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.]) 5145AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.]) 5146AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.]) 5147AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.]) 5148AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.]) 5149AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.]) 5150AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.]) 5151AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) 5152AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) 5153AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments.]) 5154AH_TEMPLATE(HAVE_SOLARIS_AUDIT, [Define to 1 to enable Solaris audit support.]) 5155AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union.]) 5156AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member.]) 5157AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member.]) 5158AH_TEMPLATE(HAVE_ST_NMTIME, [Define to 1 if your struct stat has an st_nmtime member.]) 5159AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.]) 5160AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.]) 5161AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements.]) 5162AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.]) 5163AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.]) 5164AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.]) 5165AH_TEMPLATE(NO_LEAKS, [Define to 1 if you want sudo to free up memory before exiting.]) 5166AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first time they use sudo.]) 5167AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support.]) 5168AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid running the mailer as root.]) 5169AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.]) 5170AH_TEMPLATE(TIMESTAMP_TYPE, [Define to global, ppid or tty to set the default timestamp record type.]) 5171AH_TEMPLATE(OFFENSIVE_INSULTS, [Define to 1 to include offensive insults from the classic version of sudo.]) 5172AH_TEMPLATE(PREFER_PORTABLE_GETCWD, [Define to 1 to enable replacement getcwd if system getcwd is broken.]) 5173AH_TEMPLATE(SECURE_PATH, [A colon-separated list of directories to override the user's PATH with.]) 5174AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.]) 5175AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.]) 5176AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.]) 5177AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.]) 5178AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.]) 5179AH_TEMPLATE(STATIC_SUDOERS_PLUGIN, [Define to 1 to compile the sudoers plugin statically into the sudo binary.]) 5180AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.]) 5181AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.]) 5182AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.]) 5183AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.]) 5184AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.]) 5185AH_TEMPLATE(clockid_t, [Define to `int' if <time.h> does not define.]) 5186AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.]) 5187AH_TEMPLATE(socklen_t, [Define to `unsigned int' if <sys/socket.h> doesn't define.]) 5188AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.]) 5189AH_TEMPLATE(HAVE___INTERPOSE, [Define to 1 if you have dyld with __interpose attribute support.]) 5190AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication.]) 5191AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.]) 5192AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).]) 5193AH_TEMPLATE(RTLD_PRELOAD_DELIM, [The delimiter to use when defining multiple preloaded objects.]) 5194AH_TEMPLATE(RTLD_PRELOAD_DEFAULT, [The default value of preloaded objects (if any).]) 5195AH_TEMPLATE(HAVE_DSO_VISIBILITY, [Define to 1 if the compiler supports the __visibility__ attribute.]) 5196AH_TEMPLATE(HAVE_SYS_SIGABBREV, [Define to 1 if your libc has the `sys_sigabbrev' symbol.]) 5197AH_TEMPLATE(HAVE_NSS_SEARCH, [Define to 1 if you have the `nss_search' function.]) 5198AH_TEMPLATE(HAVE__NSS_INITF_GROUP, [Define to 1 if you have the `_nss_initf_group' function.]) 5199AH_TEMPLATE(HAVE___NSS_INITF_GROUP, [Define to 1 if you have the `__nss_initf_group' function.]) 5200AH_TEMPLATE(HAVE__NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `_nss_XbyY_buf_alloc' function.]) 5201AH_TEMPLATE(HAVE___NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `__nss_XbyY_buf_alloc' function.]) 5202AH_TEMPLATE(NEED_RESOLV_H, [Define to 1 if resolv.h must be included to get the `inet_ntop' or `inet_pton' function prototypes.]) 5203AH_TEMPLATE(HAVE_STRNLEN, [Define to 1 if you have the `strnlen' function.]) 5204AH_TEMPLATE(PAM_SUN_CODEBASE, [Define to 1 if your system uses a Solaris-derived PAM and not Linux-PAM or OpenPAM.]) 5205AH_TEMPLATE(HAVE_KINFO_PROC_44BSD, [Define to 1 if your system has a 4.4BSD-style kinfo_proc struct.]) 5206AH_TEMPLATE(HAVE_KINFO_PROC_FREEBSD, [Define to 1 if your system has a FreeBSD-style kinfo_proc struct.]) 5207AH_TEMPLATE(HAVE_KINFO_PROC2_NETBSD, [Define to 1 if your system has a NetBSD-style kinfo_proc2 struct.]) 5208AH_TEMPLATE(HAVE_KINFO_PROC_OPENBSD, [Define to 1 if your system has an OpenBSD-style kinfo_proc struct.]) 5209AH_TEMPLATE(HAVE_OPENSSL, [Define to 1 if you are using OpenSSL's TLS and sha2 functions.]) 5210AH_TEMPLATE(HAVE_GCRYPT, [Define to 1 if you are using gcrypt's sha2 functions.]) 5211AH_TEMPLATE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION, [Define to 1 if you have the `SSL_CTX_set_min_proto_version' function or macro.]) 5212AH_TEMPLATE(HAVE_SSL_CTX_SET_CIPHERSUITES, [Define to 1 if you have the `SSL_CTX_set_ciphersuites' function or macro.]) 5213AH_TEMPLATE(SUDOERS_LOG_CLIENT, [Define to 1 to compile support for sudo_logsrvd in the sudoers plugin.]) 5214AH_TEMPLATE(HAVE_FALLTHROUGH_ATTRIBUTE, [Define to 1 if the compiler supports the fallthrough attribute.]) 5215AH_TEMPLATE(HAVE_VA_COPY, [Define to 1 if you have the `va_copy' function.]) 5216AH_TEMPLATE(HAVE___VA_COPY, [Define to 1 if you have the `__va_copy' function.]) 5217 5218dnl 5219dnl Bits to copy verbatim into config.h.in 5220dnl 5221AH_TOP([#ifndef SUDO_CONFIG_H 5222#define SUDO_CONFIG_H]) 5223 5224AH_BOTTOM([/* Symbol visibility controls */ 5225#ifdef HAVE_DSO_VISIBILITY 5226# if defined(__GNUC__) 5227# define sudo_dso_public __attribute__((__visibility__("default"))) 5228# elif defined(__SUNPRO_C) 5229# define sudo_dso_public __global 5230# else 5231# define sudo_dso_public __declspec(dllexport) 5232# endif 5233#else 5234# define sudo_dso_public 5235#endif 5236 5237/* BSD compatibility on some SVR4 systems. */ 5238#ifdef __svr4__ 5239# define BSD_COMP 5240#endif 5241 5242/* Enable BSD extensions on systems that have them. */ 5243#ifndef _BSD_SOURCE 5244# undef _BSD_SOURCE 5245#endif 5246 5247/* Enable OpenBSD extensions on NetBSD. */ 5248#ifndef _OPENBSD_SOURCE 5249# undef _OPENBSD_SOURCE 5250#endif 5251 5252/* Enable BSD types on IRIX. */ 5253#ifndef _BSD_TYPES 5254# undef _BSD_TYPES 5255#endif 5256 5257/* Enable Linux-compatible extensions on AIX. */ 5258#ifndef _LINUX_SOURCE_COMPAT 5259# undef _LINUX_SOURCE_COMPAT 5260#endif 5261 5262/* Enable unlimited getgroups(2) support on macOS. */ 5263#ifndef _DARWIN_UNLIMITED_GETGROUPS 5264# undef _DARWIN_UNLIMITED_GETGROUPS 5265#endif 5266 5267/* Enable prototypes in GCC fixed includes on older systems. */ 5268#ifndef __USE_FIXED_PROTOTYPES__ 5269# undef __USE_FIXED_PROTOTYPES__ 5270#endif 5271 5272/* Enable XPG4v2 extensions to POSIX, needed for MSG_WAITALL on older HP-UX. */ 5273#ifndef _XOPEN_SOURCE_EXTENDED 5274# undef _XOPEN_SOURCE_EXTENDED 5275#endif 5276 5277/* Enable reentrant versions of the standard C API (obsolete). */ 5278#ifndef _REENTRANT 5279# undef _REENTRANT 5280#endif 5281 5282/* Enable "safer" versions of the standard C API (ISO C11). */ 5283#ifndef __STDC_WANT_LIB_EXT1__ 5284# undef __STDC_WANT_LIB_EXT1__ 5285#endif 5286 5287/* Prevent static analyzers from genering bogus memory leak warnings. */ 5288#if defined(__COVERITY__) && !defined(NO_LEAKS) 5289# define NO_LEAKS 5290#endif 5291 5292#endif /* SUDO_CONFIG_H */]) 5293