--- embedaddon/sudo/configure.in 2012/02/21 16:23:02 1.1.1.1 +++ embedaddon/sudo/configure.in 2012/10/09 09:29:52 1.1.1.3 @@ -1,9 +1,9 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. dnl -dnl Copyright (c) 1994-1996,1998-2011 Todd C. Miller +dnl Copyright (c) 1994-1996,1998-2012 Todd C. Miller dnl -AC_INIT([sudo], [1.8.3p2], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.8.6p3], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER([config.h pathnames.h]) dnl dnl Note: this must come after AC_INIT @@ -20,7 +20,11 @@ AC_SUBST([PROGS]) AC_SUBST([CPPFLAGS]) AC_SUBST([LDFLAGS]) AC_SUBST([SUDOERS_LDFLAGS]) -AC_SUBST([LTLDFLAGS]) +AC_SUBST([LT_LDFLAGS]) +AC_SUBST([LT_LDMAP]) +AC_SUBST([LT_LDOPT]) +AC_SUBST([LT_LDDEP]) +AC_SUBST([LT_LDEXPORTS]) AC_SUBST([COMMON_OBJS]) AC_SUBST([SUDOERS_OBJS]) AC_SUBST([SUDO_OBJS]) @@ -34,13 +38,17 @@ AC_SUBST([GETGROUPS_LIB]) AC_SUBST([OSDEFS]) AC_SUBST([AUTH_OBJS]) AC_SUBST([MANTYPE]) -AC_SUBST([MAN_POSTINSTALL]) +AC_SUBST([MANDIRTYPE]) +AC_SUBST([MANCOMPRESS]) +AC_SUBST([MANCOMPRESSEXT]) +AC_SUBST([SHLIB_MODE]) AC_SUBST([SUDOERS_MODE]) AC_SUBST([SUDOERS_UID]) AC_SUBST([SUDOERS_GID]) -AC_SUBST([DEV]) +AC_SUBST([DEVEL]) AC_SUBST([BAMAN]) AC_SUBST([LCMAN]) +AC_SUBST([PSMAN]) AC_SUBST([SEMAN]) AC_SUBST([devdir]) AC_SUBST([mansectsu]) @@ -66,6 +74,11 @@ AC_SUBST([LIBDL]) AC_SUBST([LT_STATIC]) AC_SUBST([LIBINTL]) AC_SUBST([SUDO_NLS]) +AC_SUBST([COMPAT_TEST_PROGS]) +AC_SUBST([CROSS_COMPILING]) +AC_SUBST([PIE_LDFLAGS]) +AC_SUBST([PIE_CFLAGS]) +AC_SUBST([NO_VIZ]) dnl dnl Variables that get substituted in docs (not overridden by environment) dnl @@ -100,6 +113,7 @@ AC_SUBST([root_sudo]) AC_SUBST([path_info]) AC_SUBST([ldap_conf]) AC_SUBST([ldap_secret]) +AC_SUBST([sssd_lib]) AC_SUBST([nsswitch_conf]) AC_SUBST([netsvc_conf]) AC_SUBST([secure_path]) @@ -153,15 +167,17 @@ dnl INSTALL_NOEXEC= devdir='$(srcdir)' PROGS="sudo" -: ${MANTYPE='man'} +: ${MANDIRTYPE='man'} : ${mansrcdir='.'} +: ${SHLIB_MODE='0644'} : ${SUDOERS_MODE='0440'} : ${SUDOERS_UID='0'} : ${SUDOERS_GID='0'} -DEV="#" +DEVEL= LDAP="#" BAMAN=0 LCMAN=0 +PSMAN=0 SEMAN=0 LIBINTL= ZLIB= @@ -172,6 +188,9 @@ AUTH_EXCL= AUTH_EXCL_DEF= AUTH_DEF=passwd SUDO_NLS=disabled +LT_LDEXPORTS="-export-symbols \$(shlib_exp)" +LT_LDDEP="\$(shlib_exp)" +NO_VIZ= dnl dnl Other vaiables @@ -184,6 +203,14 @@ shadow_libs_optional= CONFIGURE_ARGS="$@" dnl +dnl LD_PRELOAD equivalents +dnl +RTLD_PRELOAD_VAR="LD_PRELOAD" +RTLD_PRELOAD_ENABLE_VAR= +RTLD_PRELOAD_DELIM=":" +RTLD_PRELOAD_DEFAULT= + +dnl dnl libc replacement functions live in compat dnl AC_CONFIG_LIBOBJ_DIR(compat) @@ -214,7 +241,7 @@ AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [ad [case $with_devel in yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc]) OSDEFS="${OSDEFS} -DSUDO_DEVEL" - DEV="" + DEVEL="true" devdir=. ;; no) ;; @@ -275,6 +302,24 @@ AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux ;; esac]) +dnl +dnl Handle SSSD support. +dnl +AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])], +[case $with_sssd in + yes) SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo" + AC_DEFINE(HAVE_SSSD) + ;; + no) ;; + *) AC_MSG_ERROR(["--with-sssd does not take an argument."]) + ;; +esac]) + +AC_ARG_WITH(sssd-lib, [AS_HELP_STRING([--with-sssd-lib], [path to the SSSD library])]) +sssd_lib="\"LIBDIR\"" +test -n "$with_sssd_lib" && sssd_lib="$with_sssd_lib" +SUDO_DEFINE_UNQUOTED(_PATH_SSSD_LIB, "$sssd_lib", [Path to the SSSD library]) + AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])], [case $with_incpath in yes) AC_MSG_ERROR(["must give --with-incpath an argument."]) @@ -402,15 +447,6 @@ AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]] ;; esac]) -AC_ARG_WITH(kerb4, [AS_HELP_STRING([--with-kerb4[[=DIR]]], [enable Kerberos IV support])], -[case $with_kerb4 in - no) ;; - *) AC_MSG_CHECKING(whether to try kerberos IV authentication) - AC_MSG_RESULT(yes) - AUTH_REG="$AUTH_REG kerb4" - ;; -esac]) - AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])], [case $with_kerb5 in no) ;; @@ -1075,17 +1111,11 @@ AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-int ;; esac], AC_MSG_RESULT(yes)) -AC_MSG_CHECKING(whether stow should be used) -AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [properly handle GNU stow packaging])], +AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [deprecated])], [case $with_stow in - yes) AC_MSG_RESULT(yes) - AC_DEFINE(USE_STOW) + *) AC_MSG_NOTICE([--with-stow option deprecated, now is defalt behavior]) ;; - no) AC_MSG_RESULT(no) - ;; - *) AC_MSG_ERROR(["--with-stow does not take an argument."]) - ;; -esac], AC_MSG_RESULT(no)) +esac]) AC_MSG_CHECKING(whether to use an askpass helper) AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])], @@ -1104,6 +1134,26 @@ AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugind *) ;; esac], [with_plugindir="$libexecdir"]) +AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])], +[case $with_man in + yes) MANTYPE=man + ;; + no) AC_MSG_ERROR(["--without-man not supported."]) + ;; + *) AC_MSG_ERROR(["ignoring unknown argument to --with-man: $with_man."]) + ;; +esac]) + +AC_ARG_WITH(mdoc, [AS_HELP_STRING([--with-mdoc], [manual pages use mdoc macros])], +[case $with_mdoc in + yes) MANTYPE=mdoc + ;; + no) AC_MSG_ERROR(["--without-mdoc not supported."]) + ;; + *) AC_MSG_ERROR(["ignoring unknown argument to --with-mdoc: $with_mdoc."]) + ;; +esac]) + dnl dnl Options for --enable dnl @@ -1281,10 +1331,10 @@ AC_ARG_ENABLE(env_reset, ]) if test "$env_reset" = "on"; then AC_MSG_RESULT(yes) - AC_DEFINE(ENV_RESET, TRUE) + AC_DEFINE(ENV_RESET, 1) else AC_MSG_RESULT(no) - AC_DEFINE(ENV_RESET, FALSE) + AC_DEFINE(ENV_RESET, 0) fi AC_ARG_ENABLE(warnings, @@ -1307,6 +1357,14 @@ AC_ARG_ENABLE(werror, esac ]) +AC_ARG_ENABLE(hardening, +[AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])], +[], [enable_hardening=yes]) + +AC_ARG_ENABLE(pie, +[AS_HELP_STRING([--disable-pie], [Do not build position independent executables, even if the compiler/linker supports them])], +[], [enable_pie=yes]) + AC_ARG_ENABLE(admin-flag, [AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])], [ case "$enableval" in @@ -1385,6 +1443,7 @@ if test "$enable_shared" = "no"; then enable_dlopen=no lt_cv_dlopen=none lt_cv_dlopen_libs= + ac_cv_func_dlopen=no else eval _shrext="$shrext_cmds" # Darwin uses .dylib for libraries but .so for modules @@ -1404,40 +1463,41 @@ AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PA esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"]) AC_MSG_RESULT($with_noexec) NOEXECFILE="sudo_noexec$_shrext" -NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`" +NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`" dnl dnl Find programs we use dnl -AC_CHECK_PROG(UNAMEPROG, [uname], [uname]) -AC_CHECK_PROG(TRPROG, [tr], [tr]) -AC_CHECK_PROGS(NROFFPROG, [nroff mandoc]) -if test -n "$NROFFPROG"; then - AC_CACHE_CHECK([whether $NROFFPROG supports the -c option], - [sudo_cv_var_nroff_opt_c], - [if $NROFFPROG -c /dev/null 2>&1; then - sudo_cv_var_nroff_opt_c=yes - else - sudo_cv_var_nroff_opt_c=no - fi] - ) - if test "$sudo_cv_var_nroff_opt_c" = "yes"; then - NROFFPROG="$NROFFPROG -c" - fi - AC_CACHE_CHECK([whether $NROFFPROG supports the -Tascii option], - [sudo_cv_var_nroff_opt_Tascii], - [if $NROFFPROG -Tascii /dev/null 2>&1; then - sudo_cv_var_nroff_opt_Tascii=yes - else - sudo_cv_var_nroff_opt_Tascii=no - fi] - if test "$sudo_cv_var_nroff_opt_Tascii" = "yes"; then - NROFFPROG="$NROFFPROG -Tascii" - fi - ) +AC_PATH_PROG(UNAMEPROG, [uname], [uname]) +AC_PATH_PROG(TRPROG, [tr], [tr]) +AC_PATH_PROG(MANDOCPROG, [mandoc], [mandoc]) +if test "$MANDOCPROG" != "mandoc"; then + : ${MANTYPE='mdoc'} else - MANTYPE="cat" - mansrcdir='$(srcdir)' + AC_PATH_PROG(NROFFPROG, [nroff]) + if test -n "$NROFFPROG"; then + test -n "$MANTYPE" && sudo_cv_var_mantype="$MANTYPE" + AC_CACHE_CHECK([which macro set to use for manual pages], + [sudo_cv_var_mantype], + [ + sudo_cv_var_mantype="man" + echo ".Sh NAME" > conftest + echo ".Nm sudo" >> conftest + echo ".Nd sudo" >> conftest + echo ".Sh DESCRIPTION" >> conftest + echo "sudo" >> conftest + if $NROFFPROG -mdoc conftest >/dev/null 2>&1; then + sudo_cv_var_mantype="mdoc" + fi + rm -f conftest + ] + ) + MANTYPE="$sudo_cv_var_mantype" + else + MANTYPE=cat + MANDIRTYPE=cat + mansrcdir='$(srcdir)' + fi fi dnl @@ -1472,6 +1532,9 @@ fi case "$host" in *-*-sunos4*) + # LD_PRELOAD is space-delimited + RTLD_PRELOAD_DELIM=" " + # getcwd(3) opens a pipe to getpwd(1)!?! BROKEN_GETCWD=1 @@ -1483,6 +1546,9 @@ case "$host" in shadow_funcs="getpwanam issecure" ;; *-*-solaris2*) + # LD_PRELOAD is space-delimited + RTLD_PRELOAD_DELIM=" " + # To get the crypt(3) prototype (so we pass -Wall) OSDEFS="${OSDEFS} -D__EXTENSIONS__" # AFS support needs -lucb @@ -1493,7 +1559,7 @@ case "$host" in : ${mansectform='4'} : ${with_rpath='yes'} test -z "$with_pam" && AUTH_EXCL_DEF="PAM" - AC_CHECK_FUNCS(priv_set) + AC_CHECK_FUNCS(priv_set, [PSMAN=1]) ;; *-*-aix*) # To get all prototypes (so we pass -Wall) @@ -1545,6 +1611,8 @@ case "$host" in # LDR_PRELOAD is only supported in AIX 5.3 and later if test $OSMAJOR -lt 5; then with_noexec=no + else + RTLD_PRELOAD_VAR="LDR_PRELOAD" fi # AIX-specific functions @@ -1554,6 +1622,9 @@ case "$host" in *-*-hiuxmpp*) : ${mansectsu='1m'} : ${mansectform='4'} + + # HP-UX shared libs must be executable + SHLIB_MODE=0755 ;; *-*-hpux*) # AFS support needs -lBSD @@ -1563,6 +1634,9 @@ case "$host" in : ${mansectsu='1m'} : ${mansectform='4'} + # HP-UX shared libs must be executable + SHLIB_MODE=0755 + # The HP bundled compiler cannot generate shared libs if test -z "$GCC"; then AC_CACHE_CHECK([for HP bundled C compiler], @@ -1635,6 +1709,7 @@ case "$host" in ;; *-dec-osf*) # ignore envariables wrt dynamic lib path + # XXX - sudo LDFLAGS instead? SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement" : ${CHECKSIA='true'} @@ -1678,13 +1753,15 @@ case "$host" in ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally]) sed 's:::g' < /usr/include/prot.h > prot.h ]) + # ":DEFAULT" must be appended to _RLD_LIST + RTLD_PRELOAD_VAR="_RLD_LIST" + RTLD_PRELOAD_DEFAULT="DEFAULT" : ${mansectsu='8'} : ${mansectform='4'} ;; *-*-irix*) OSDEFS="${OSDEFS} -D_BSD_TYPES" if test -z "$NROFFPROG"; then - MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)' if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then if test -d /usr/share/catman/local; then mandir="/usr/share/catman/local" @@ -1692,6 +1769,9 @@ case "$host" in mandir="/usr/catman/local" fi fi + # Compress cat pages with pack + MANCOMPRESS='pack' + MANCOMPRESSEXT='.z' else if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then if test -d "/usr/share/man/local"; then @@ -1705,6 +1785,9 @@ case "$host" in if test "$OSMAJOR" -le 4; then AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"]) fi + # ":DEFAULT" must be appended to _RLD_LIST + RTLD_PRELOAD_VAR="_RLD_LIST" + RTLD_PRELOAD_DEFAULT="DEFAULT" : ${mansectsu='1m'} : ${mansectform='4'} ;; @@ -1847,11 +1930,15 @@ case "$host" in CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='yes'} + RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" + RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" ;; *-*-nextstep*) # lockf() on is broken on the NeXT -- use flock instead ac_cv_func_lockf=no ac_cv_func_flock=yes + RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" + RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" ;; *-*-*sysv4*) : ${mansectsu='1m'} @@ -1868,6 +1955,20 @@ case "$host" in esac dnl +dnl Library preloading to support NOEXEC +dnl +if test -n "$with_noexec"; then + SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_VAR, "$RTLD_PRELOAD_VAR") + SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DELIM, "$RTLD_PRELOAD_DELIM") + if test -n "$RTLD_PRELOAD_DEFAULT"; then + SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DEFAULT, "$RTLD_PRELOAD_DEFAULT") + fi + if test -n "$RTLD_PRELOAD_ENABLE_VAR"; then + SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_ENABLE_VAR, "$RTLD_PRELOAD_ENABLE_VAR") + fi +fi + +dnl dnl Check for mixing mutually exclusive and regular auth methods dnl AUTH_REG=${AUTH_REG# } @@ -1920,23 +2021,16 @@ dnl AC_PROG_GCC_TRADITIONAL AC_C_CONST AC_C_VOLATILE -if test X"$with_gnu_ld" != "yes" -a -n "$GCC"; then - _CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -static-libgcc" - AC_CACHE_CHECK([whether $CC understands -static-libgcc], - [sudo_cv_var_gcc_static_libgcc], - [AC_LINK_IFELSE( - [AC_LANG_PROGRAM([[]], [[]])], - [sudo_cv_var_gcc_static_libgcc=yes], - [sudo_cv_var_gcc_static_libgcc=no] - ) - ] - ) - CFLAGS="$_CFLAGS" - if test "$sudo_cv_var_gcc_static_libgcc" = "yes"; then - LTLDFLAGS="$LTLDFLAGS -Wc,-static-libgcc" - fi -fi +# Check for variadic macro support in cpp +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ +AC_INCLUDES_DEFAULT +#if defined(__GNUC__) && __GNUC__ == 2 +# define sudo_fprintf(fp, fmt...) fprintf((fp), (fmt)) +#else +# define sudo_fprintf(fp, ...) fprintf((fp), __VA_ARGS__) +#endif +], [sudo_fprintf(stderr, "a %s", "test");])], [], [AC_MSG_ERROR([Your C compiler doesn't support variadic macros, try building with gcc instead])]) + dnl dnl Program checks dnl @@ -1963,7 +2057,18 @@ dnl AC_HEADER_STDC AC_HEADER_DIRENT AC_HEADER_TIME -AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h) +AC_HEADER_STDBOOL +AC_HEADER_MAJOR +AC_CHECK_HEADERS(malloc.h netgroup.h paths.h spawn.h utime.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h) +AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS(_ttyname_dev)], [], [AC_INCLUDES_DEFAULT +#ifdef HAVE_PROCFS_H +#include +#endif +#ifdef HAVE_SYS_PROCFS_H +#include +#endif +])] +break) dnl dnl Check for large file support. HP-UX 11.23 has a broken sys/type.h dnl when large files support is enabled so work around it. @@ -2016,21 +2121,24 @@ AC_TYPE_UID_T AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])]) AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include #include ]) -AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include +AC_CHECK_TYPES([sigaction_t], [], [], [#include #include ]) -AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include +AC_CHECK_TYPES([struct timespec], [], [], [#include #if TIME_WITH_SYS_TIME # include #endif #include ]) -AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include +AC_CHECK_TYPES([struct in6_addr], [], [], [#include #include ]) AC_TYPE_LONG_LONG_INT AC_CHECK_SIZEOF([long int]) -SUDO_TYPE_SIZE_T -SUDO_TYPE_SSIZE_T -SUDO_TYPE_DEV_T -SUDO_TYPE_INO_T +AC_CHECK_TYPE(size_t, unsigned int) +AC_CHECK_TYPE(ssize_t, int) +AC_CHECK_TYPE(dev_t, int) +AC_CHECK_TYPE(ino_t, unsigned int) +AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [ +AC_INCLUDES_DEFAULT +#include ]) SUDO_UID_T_LEN SUDO_SOCK_SA_LEN dnl @@ -2081,20 +2189,58 @@ dnl dnl Function checks dnl AC_FUNC_GETGROUPS -AC_CHECK_FUNCS(strrchr sysconf tzset strftime \ - regcomp setlocale nl_langinfo getaddrinfo mbr_check_membership \ - setrlimit64 sysctl) +AC_CHECK_FUNCS(glob strrchr sysconf tzset strftime setenv \ + regcomp setlocale nl_langinfo mbr_check_membership \ + setrlimit64) AC_REPLACE_FUNCS(getgrouplist) AC_CHECK_FUNCS(getline, [], [ AC_LIBOBJ(getline) AC_CHECK_FUNCS(fgetln) ]) +dnl +dnl If libc supports _FORTIFY_SOURCE check functions, use it. +dnl +if test "$enable_hardening" != "no"; then + O_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" + AC_CHECK_FUNC(__sprintf_chk, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]])], [OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2"], []) + ], []) + CPPFLAGS="$O_CPPFLAGS" +fi + utmp_style=LEGACY AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break]) if test "$utmp_style" = "LEGACY"; then AC_CHECK_FUNCS(getttyent ttyslot, [break]) + AC_CHECK_FUNCS(fseeko) fi +AC_CHECK_FUNCS(sysctl, [AC_CHECK_MEMBERS([struct kinfo_proc.ki_tdev], [], + [ + AC_CHECK_MEMBERS([struct kinfo_proc2.p_tdev], [], [ + AC_CHECK_MEMBERS([struct kinfo_proc.p_tdev], [], [ + AC_CHECK_MEMBERS([struct kinfo_proc.kp_eproc.e_tdev], [], [], [ + #include + #include + ]) + ], [ + #include + #include + ]) + ], + [ + #include + #include + ]) + ], + [ + #include + #include + #include + ]) +]) + AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])], [ AC_CHECK_LIB(util, openpty, [ AC_CHECK_HEADERS(libutil.h util.h pty.h, [break]) @@ -2113,7 +2259,8 @@ AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(libutil.h ut ]) ]) ]) -AC_CHECK_FUNCS(unsetenv, [SUDO_FUNC_UNSETENV_VOID], [AC_LIBOBJ(unsetenv)]) +AC_CHECK_FUNCS(unsetenv, [SUDO_FUNC_UNSETENV_VOID], []) +SUDO_FUNC_PUTENV_CONST if test -z "$SKIP_SETRESUID"; then AC_CHECK_FUNCS(setresuid, [ SKIP_SETREUID=yes @@ -2132,17 +2279,15 @@ fi if test -z "$BROKEN_GETCWD"; then AC_REPLACE_FUNCS(getcwd) fi -AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB) - AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob) - AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)]) AC_CHECK_FUNCS(lockf flock, [break]) AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]]) AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)]) AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)]) -SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)]) +SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch) + COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test" +]) SUDO_FUNC_ISBLANK -AC_REPLACE_FUNCS(memrchr strlcpy strlcat setenv) +AC_REPLACE_FUNCS(memrchr pw_dup strlcpy strlcat) AC_CHECK_FUNCS(nanosleep, [], [ # On Solaris, nanosleep is in librt AC_CHECK_LIB(rt, nanosleep, [REPLAY_LIBS="${REPLAY_LIBS} -lrt"], [AC_LIBOBJ(nanosleep)]) @@ -2168,6 +2313,10 @@ dnl AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include #include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include #include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])]) +AC_CHECK_MEMBERS([struct dirent.d_type], [], [], [ +AC_INCLUDES_DEFAULT +#include <$ac_header_dirent> +]) dnl dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf) @@ -2178,21 +2327,89 @@ fi dnl dnl If socket(2) not in libc, check -lsocket and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols -dnl In this case we look for main(), not socket() to avoid using a cached value dnl -AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl) -AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))]) +AC_CHECK_FUNC(socket, [], [ + for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do + _libs= + for lib in $libs; do + case "$NET_LIBS" in + *"$lib"*) ;; + *) _libs="$_libs $lib";; + esac + done + libs="${_libs# }" + test -z "$libs" && continue + lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" + extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" + SUDO_CHECK_LIB($lib, socket, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) + done +]) dnl dnl If inet_addr(3) not in libc, check -lnsl and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols dnl -AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl) -AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))]) +AC_CHECK_FUNC(inet_addr, [], [ + AC_CHECK_FUNC(__inet_addr, [], [ + for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do + _libs= + for lib in $libs; do + case "$NET_LIBS" in + *"$lib"*) ;; + *) _libs="$_libs $lib";; + esac + done + libs="${_libs# }" + test -z "$libs" && continue + lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" + extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" + SUDO_CHECK_LIB($lib, inet_addr, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) + done + ]) +]) dnl dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet dnl -AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))]) +AC_CHECK_FUNC(syslog, [], [ + for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do + _libs= + for lib in $libs; do + case "$NET_LIBS" in + *"$lib"*) ;; + *) _libs="$_libs $lib";; + esac + done + libs="${_libs# }" + test -z "$libs" && continue + lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" + extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" + SUDO_CHECK_LIB($lib, syslog, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) + done +]) dnl +dnl If getaddrinfo(3) not in libc, check -lsocket and -linet +dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols. +dnl +AC_CHECK_FUNCS(getaddrinfo, [], [ + found=no + for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do + _libs= + for lib in $libs; do + case "$NET_LIBS" in + *"$lib"*) ;; + *) _libs="$_libs $lib";; + esac + done + libs="${_libs# }" + test -z "$libs" && continue + lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" + extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" + SUDO_CHECK_LIB($lib, getaddrinfo, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; found=yes; break], [], [$extralibs]) + done + if test X"$found" != X"no"; then + AC_DEFINE(HAVE_GETADDRINFO) + fi +]) +dnl dnl Check for getprogname() or __progname dnl AC_CHECK_FUNCS(getprogname, , [ @@ -2206,6 +2423,25 @@ AC_CHECK_FUNCS(getprogname, , [ fi AC_MSG_RESULT($sudo_cv___progname) ]) +dnl +dnl Check for __func__ or __FUNCTION__ +dnl +AC_MSG_CHECKING([for __func__]) +AC_CACHE_VAL(sudo_cv___func__, [ +AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__func__);]])], [sudo_cv___func__=yes], [sudo_cv___func__=no])]) +AC_MSG_RESULT($sudo_cv___func__) +if test "$sudo_cv___func__" = "yes"; then + AC_DEFINE(HAVE___FUNC__) +elif test -n "$GCC"; then + AC_MSG_CHECKING([for __FUNCTION__]) + AC_CACHE_VAL(sudo_cv___FUNCTION__, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__FUNCTION__);]])], [sudo_cv___FUNCTION__=yes], [sudo_cv___FUNCTION__=no])]) + AC_MSG_RESULT($sudo_cv___FUNCTION__) + if test "$sudo_cv___FUNCTION__" = "yes"; then + AC_DEFINE(HAVE___FUNC__) + AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler support __FUNCTION__ but not __func__]) + fi +fi # gettext() and friends may be located in libc (Linux and Solaris) # or in libintl. However, it is possible to have libintl installed @@ -2241,7 +2477,10 @@ if test "$enable_nls" != "no"; then ]) eval gettext_result="\$$gettext_name" AC_MSG_RESULT($gettext_result) - test "$gettext_result" = "yes" && break + if test "$gettext_result" = "yes"; then + AC_CHECK_FUNCS(ngettext) + break + fi done LIBS="$OLIBS" @@ -2262,6 +2501,8 @@ fi dnl dnl Deferred zlib option processing. dnl By default we use the system zlib if it is present. +dnl If a directory was specified for zlib (or we are use sudo's version), +dnl prepend the include dir to make sure we get the right zlib header. dnl case "$enable_zlib" in yes) @@ -2280,14 +2521,14 @@ case "$enable_zlib" in ;; *) AC_DEFINE(HAVE_ZLIB_H) - CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include" + CPPFLAGS="-I${enable_zlib}/include ${CPPFLAGS}" SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib]) ZLIB="${ZLIB} -lz" ;; esac if test X"$enable_zlib" = X"builtin"; then AC_DEFINE(HAVE_ZLIB_H) - CPPFLAGS="${CPPFLAGS}"' -I$(top_srcdir)/zlib' + CPPFLAGS='-I$(top_builddir)/zlib -I$(top_srcdir)/zlib '"${CPPFLAGS}" ZLIB="${ZLIB}"' $(top_builddir)/zlib/libz.la' ZLIB_SRC=zlib AC_CONFIG_HEADER([zlib/zconf.h]) @@ -2303,6 +2544,14 @@ AC_INCLUDES_DEFAULT ]) dnl +dnl Check for h_errno declaration in netdb.h +dnl +AC_CHECK_DECLS([h_errno], [], [], [ +AC_INCLUDES_DEFAULT +#include +]) + +dnl dnl Check for strsignal() or sys_siglist dnl AC_CHECK_FUNCS(strsignal, [], [ @@ -2321,6 +2570,37 @@ AC_INCLUDES_DEFAULT ]) dnl +dnl Check for sig2str(), sys_signame or sys_sigabbrev +dnl +AC_CHECK_FUNCS(sig2str, [], [ + AC_LIBOBJ(sig2str) + HAVE_SIGNAME="false" + AC_CHECK_DECLS([sys_signame, _sys_signame, __sys_signame, sys_sigabbrev], [ + HAVE_SIGNAME="true" + break + ], [ ], [ +AC_INCLUDES_DEFAULT +#include + ]) + if test "$HAVE_SIGNAME" != "true"; then + AC_CACHE_CHECK([for undeclared sys_sigabbrev], + [sudo_cv_var_sys_sigabbrev], + [AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])], + [sudo_cv_var_sys_sigabbrev=yes], + [sudo_cv_var_sys_sigabbrev=no] + ) + ] + ) + if test "$sudo_cv_var_sys_sigabbrev" = yes; then + AC_DEFINE(HAVE_SYS_SIGABBREV) + else + AC_LIBOBJ(signame) + fi + fi +]) + +dnl dnl nsswitch.conf and its equivalents dnl if test ${with_netsvc-"no"} != "no"; then @@ -2356,15 +2636,45 @@ dnl PAM support. Systems that use PAM by default set dnl and we do the actual tests here. dnl if test ${with_pam-"no"} != "no"; then - # We already link with -ldl (see LIBDL below) so no need for that here. - SUDOERS_LIBS="${SUDOERS_LIBS} -lpam" + # + # Check for pam_start() in libpam first, then for pam_appl.h. + # + found_pam_lib=no + AC_CHECK_LIB(pam, pam_start, [found_pam_lib=yes], [], [$lt_cv_dlopen_libs]) + # + # Some PAM implementations (MacOS X for example) put the PAM headers + # in /usr/include/pam instead of /usr/include/security... + # + found_pam_hdrs=no + AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [found_pam_hdrs=yes; break]) + if test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"; then + # Found both PAM libs and headers + with_pam=yes + elif test "$with_pam" = "yes"; then + if test "$found_pam_lib" = "no"; then + AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development library."]) + fi + if test "$found_pam_hdrs" = "no"; then + AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development headers."]) + fi + elif test "$found_pam_lib" != "$found_pam_hdrs"; then + if test "$found_pam_lib" = "no"; then + AC_MSG_ERROR(["found PAM headers but no PAM development library; specify --without-pam to build without PAM"]) + fi + if test "$found_pam_hdrs" = "no"; then + AC_MSG_ERROR(["found PAM library but no PAM development headers; specify --without-pam to build without PAM"]) + fi + fi - dnl - dnl Some PAM implementations (MacOS X for example) put the PAM headers - dnl in /usr/include/pam instead of /usr/include/security... - dnl - AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break]) if test "$with_pam" = "yes"; then + # Older PAM implementations lack pam_getenvlist + OLIBS="$LIBS" + LIBS="$LIBS -lpam $lt_cv_dlopen_libs" + AC_CHECK_FUNCS(pam_getenvlist) + LIBS="$OLIBS" + + # We already link with -ldl if needed (see LIBDL below) + SUDOERS_LIBS="${SUDOERS_LIBS} -lpam" AC_DEFINE(HAVE_PAM) AUTH_OBJS="$AUTH_OBJS pam.lo"; AUTH_EXCL=PAM @@ -2458,27 +2768,9 @@ if test ${with_SecurID-'no'} != "no"; then with_SecurID=/usr/ace fi CPPFLAGS="${CPPFLAGS} -I${with_SecurID}" - _LDFLAGS="${LDFLAGS}" SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}]) - # - # Determine whether to use the new or old SecurID API - # - AC_CHECK_LIB(aceclnt, SD_Init, - [ - AUTH_OBJS="$AUTH_OBJS securid5.lo"; - SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread" - ] - [ - SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}]) - ], [ - AUTH_OBJS="$AUTH_OBJS securid.lo"; - SUDOERS_LIBS="${SUDOERS_LIBS} ${with_SecurID}/sdiclient.a" - ], - [ - -lpthread - ] - ) - LDFLAGS="${_LDFLAGS}" + SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread" + AUTH_OBJS="$AUTH_OBJS securid5.lo"; fi dnl @@ -2499,65 +2791,6 @@ if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then fi dnl -dnl Kerberos IV -dnl -if test ${with_kerb4-'no'} != "no"; then - AC_DEFINE(HAVE_KERB4) - dnl - dnl Use the specified directory, if any, else search for correct inc dir - dnl - O_LDFLAGS="$LDFLAGS" - if test "$with_kerb4" = "yes"; then - found=no - O_CPPFLAGS="$CPPFLAGS" - for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do - CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" - AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes; break]) - done - test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS" - else - SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib]) - SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb4}/lib]) - CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include" - AC_CHECK_HEADER([krb.h], [found=yes], [found=no]) - fi - if test X"$found" = X"no"; then - AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) - fi - - dnl - dnl Check for -ldes vs. -ldes425 - dnl - AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [ - AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""]) - ]) - dnl - dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV - dnl - AC_MSG_CHECKING(whether we are using KTH Kerberos IV) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = krb4_version;]])], [ - AC_MSG_RESULT(yes) - K4LIBS="${K4LIBS} -lcom_err" - AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"]) - ], [ - AC_MSG_RESULT(no) - ] - ) - dnl - dnl The actual Kerberos IV lib might be -lkrb or -lkrb4 - dnl - AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [ - AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"], - [K4LIBS="-lkrb $K4LIBS"] - [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDOERS_LDFLAGS and possibly add Kerberos libs to SUDOERS_LIBS])] - , [$K4LIBS]) - ], [$K4LIBS]) - LDFLAGS="$O_LDFLAGS" - SUDOERS_LIBS="${SUDOERS_LIBS} $K4LIBS" - AUTH_OBJS="$AUTH_OBJS kerb4.lo" -fi - -dnl dnl Kerberos V dnl There is an easy way and a hard way... dnl @@ -2639,6 +2872,18 @@ if test ${with_kerb5-'no'} != "no"; then AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS) fi LIBS="$_LIBS" + AC_MSG_CHECKING(whether to use an instance name for Kerberos V) + AC_ARG_ENABLE(kerb5-instance, + [AS_HELP_STRING([--enable-kerb5-instance], [instance string to append to the username (separated by a slash)])], + [ case "$enableval" in + yes) AC_MSG_ERROR(["must give --enable-kerb5-instance an argument."]) + ;; + no) AC_MSG_RESULT(no) + ;; + *) SUDO_DEFINE_UNQUOTED(SUDO_KRB5_INSTANCE, "$enableval") + AC_MSG_RESULT([$enableval]) + ;; + esac], AC_MSG_RESULT(no)) fi dnl @@ -2714,7 +2959,7 @@ if test "${with_skey-'no'}" = "yes"; then for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" AC_CHECK_HEADER([skey.h], [found=yes; break], [], - [#include ]) + [#include ]) done if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" @@ -2891,7 +3136,7 @@ if test ${with_ldap-'no'} != "no"; then AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break]) AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include ]) - AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np) + AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np) AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break]) if test X"$check_gss_krb5_ccache_name" = X"yes"; then @@ -2963,10 +3208,10 @@ if test X"$LIBDL" != X""; then SUDOERS_LIBS="${SUDOERS_LIBS} $LIBDL" fi -# On HP-UX, you cannot dlopen() a shared object that uses pthreads -# unless the main program is linked against -lpthread. Since we -# have no knowledge what libraries a plugin may depend on, we always -# link against -lpthread on HP-UX if it is available. +# On HP-UX, you cannot dlopen() a shared object that uses pthreads unless +# the main program is linked against -lpthread. We have no knowledge of +# what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads) +# so always link against -lpthread on HP-UX if it is available. # This check should go after all other libraries tests. case "$host" in *-*-hpux*) @@ -2997,6 +3242,170 @@ SUDO_TIMEDIR SUDO_IO_LOGDIR dnl +dnl Turn warnings into errors. +dnl All compiler/loader tests after this point will fail if +dnl a warning is displayed (nornally, warnings are not fata). +dnl +AC_LANG_WERROR + +dnl +dnl If compiler supports the -static-libgcc flag use it unless we have +dnl GNU ld (which can avoid linking in libgcc when it is not needed). +dnl This test relies on AC_LANG_WERROR +dnl +if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes" -a -n "$GCC"; then + AX_CHECK_COMPILE_FLAG([-static-libgcc], [LT_LDFLAGS="$LT_LDFLAGS -Wc,-static-libgcc"]) +fi + +dnl +dnl Check for symbol visibility support. +dnl This test relies on AC_LANG_WERROR +dnl +AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [ + AC_DEFINE(HAVE_DSO_VISIBILITY) + CFLAGS="${CFLAGS} -fvisibility=hidden" + LT_LDEXPORTS= + LT_LDDEP= +], [ + NO_VIZ="-DNO_VIZ" + if test -z "$GCC"; then + case "$host" in + *-*-hpux*) + AX_CHECK_COMPILE_FLAG([-Bhidden_def], [ + AC_DEFINE(HAVE_DSO_VISIBILITY) + CFLAGS="${CFLAGS} -Bhidden_def" + LT_LDEXPORTS= + LT_LDDEP= + ]) + ;; + *-*-solaris2*) + AX_CHECK_COMPILE_FLAG([-xldscope=hidden], [ + AC_DEFINE(HAVE_DSO_VISIBILITY) + CFLAGS="${CFLAGS} -xldscope=hidden" + LT_LDEXPORTS= + LT_LDDEP= + ]) + ;; + esac + fi +]) + +dnl +dnl If the compiler doesn't have symbol visibility support, it may +dnl support version scripts (only GNU and Solaris ld). +dnl This test relies on AC_LANG_WERROR +dnl +if test -n "$LT_LDEXPORTS"; then + if test "$lt_cv_prog_gnu_ld" = "yes"; then + AC_CACHE_CHECK([whether ld supports anonymous map files], + [sudo_cv_var_gnu_ld_anon_map], + [ + cat > conftest.map <<-EOF + { + global: foo; + local: *; + }; +EOF + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $lt_prog_compiler_pic" + _LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -fpic -shared -Wl,--version-script,./conftest.map" + AC_TRY_LINK([int foo;], [], [ + sudo_cv_var_gnu_ld_anon_map=yes + ]) + CFLAGS="$_CFLAGS" + LDFLAGS="$_LDFLAGS" + ] + ) + if test "$sudo_cv_var_gnu_ld_anon_map" = "yes"; then + LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,--version-script,\$(shlib_map)" + fi + else + case "$host" in + *-*-solaris2*) + AC_CACHE_CHECK([whether ld supports anonymous map files], + [sudo_cv_var_solaris_ld_anon_map], + [ + cat > conftest.map <<-EOF + { + global: foo; + local: *; + }; +EOF + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $lt_prog_compiler_pic" + _LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -shared -Wl,-M,./conftest.map" + AC_TRY_LINK([int foo;], [], [ + sudo_cv_var_solaris_ld_anon_map=yes + ]) + CFLAGS="$_CFLAGS" + LDFLAGS="$_LDFLAGS" + ] + ) + if test "$sudo_cv_var_solaris_ld_anon_map" = "yes"; then + LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,-M,\$(shlib_map)" + fi + ;; + *-*-hpux*) + AC_CACHE_CHECK([whether ld supports controlling exported symbols], + [sudo_cv_var_hpux_ld_symbol_export], + [ + echo "+e foo" > conftest.opt + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $lt_prog_compiler_pic" + _LDFLAGS="$LDFLAGS" + if test -n "$GCC"; then + LDFLAGS="$LDFLAGS -shared -Wl,-c,./conftest.opt" + else + LDFLAGS="$LDFLAGS -Wl,-b -Wl,-c,./conftest.opt" + fi + AC_TRY_LINK([int foo;], [], [ + sudo_cv_var_hpux_ld_symbol_export=yes + ]) + CFLAGS="$_CFLAGS" + LDFLAGS="$_LDFLAGS" + ] + ) + if test "$sudo_cv_var_hpux_ld_symbol_export" = "yes"; then + LT_LDEXPORTS=; LT_LDDEP="\$(shlib_opt)"; LT_LDOPT="-Wl,-c,\$(shlib_opt)" + fi + ;; + esac + fi +fi + +dnl +dnl Check for PIE executable support if using gcc. +dnl This test relies on AC_LANG_WERROR +dnl +if test "$enable_pie" != "no" -a -n "$GCC"; then + AX_CHECK_COMPILE_FLAG([-fPIE], [ + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fPIE" + AX_CHECK_LINK_FLAG([-pie], [ + PIE_CFLAGS="-fPIE" + PIE_LDFLAGS="-pie" + ]) + CFLAGS="$_CFLAGS" + ]) +fi + +dnl +dnl Check for -fstack-protector and -z relro support +dnl This test relies on AC_LANG_WERROR +dnl +if test "$enable_hardening" != "no"; then + AX_CHECK_COMPILE_FLAG([-fstack-protector], [ + AX_CHECK_LINK_FLAG([-fstack-protector], [ + CFLAGS="${CFLAGS} -fstack-protector" + LT_LDFLAGS="${LT_LDFLAGS} -Wc,-fstack-protector" + ]) + ]) + AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"]) +fi + +dnl dnl Use passwd auth module? dnl case "$with_passwd" in @@ -3042,6 +3451,11 @@ if test -n "$GCC"; then fi dnl +dnl Skip regress tests and sudoers sanity check if cross compiling. +dnl +CROSS_COMPILING="$cross_compiling" + +dnl dnl Set exec_prefix dnl test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)' @@ -3063,14 +3477,29 @@ if test X"$with_noexec" != X"no" -o X"$with_selinux" ! PROGS="${PROGS} libsudo_noexec.la" INSTALL_NOEXEC="install-noexec" - eval noexec_file="$with_noexec" + noexec_file="$with_noexec" + _noexec_file= + while test X"$noexec_file" != X"$_noexec_file"; do + _noexec_file="$noexec_file" + eval noexec_file="$_noexec_file" + done SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) fi if test X"$with_selinux" != X"no"; then - eval sesh_file="$libexecdir/sesh" + sesh_file="$libexecdir/sesh" + _sesh_file= + while test X"$sesh_file" != X"$_sesh_file"; do + _sesh_file="$sesh_file" + eval sesh_file="$_sesh_file" + done SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh]) fi - eval PLUGINDIR="$with_plugindir" + PLUGINDIR="$with_plugindir" + _PLUGINDIR= + while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do + _PLUGINDIR="$PLUGINDIR" + eval PLUGINDIR="$_PLUGINDIR" + done SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/") SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers${SOEXT}") exec_prefix="$oexec_prefix" @@ -3090,13 +3519,14 @@ test "$libexecdir" = '${exec_prefix}/libexec' && libex test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include' test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share' test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' +test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' +test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' dnl dnl Substitute into the Makefile and man pages dnl -dnl AC_CONFIG_FILES([doc/sudo.man doc/visudo.man doc/sudoers.man doc/sudoers.ldap.man doc/sudoreplay.man src/Makefile src/sudo_usage.h]) -AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) +AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) AC_OUTPUT dnl @@ -3104,6 +3534,12 @@ dnl Spew any text the user needs to know about dnl if test "$with_pam" = "yes"; then case $host in + *-*-hpux*) + if test -f /usr/lib/security/libpam_hpsec.so.1; then + AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf]) + AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login]) + fi + ;; *-*-linux*) AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo]) ;; @@ -3133,7 +3569,6 @@ AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' con AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.]) AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.]) AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the `dlopen' function.]) -AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.]) AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.]) AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.]) AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.]) @@ -3144,10 +3579,8 @@ AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have th AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)]) AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.]) AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.]) -AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if contains struct in6_addr.]) AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)]) AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)]) -AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.]) AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.]) AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.]) AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.]) @@ -3157,6 +3590,7 @@ AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP nee AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.]) AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the header file.]) AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.]) +AH_TEMPLATE(HAVE_SSSD, [Define to 1 to enable SSSD support.]) AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.]) AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.]) AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.]) @@ -3165,14 +3599,12 @@ AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use Secu AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.]) AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.]) AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.]) -AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if has the sigaction_t typedef.]) AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments]) AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union]) AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member]) AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member]) -AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h]) AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.]) AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.]) AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements]) @@ -3199,8 +3631,17 @@ AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.]) AH_TEMPLATE(sig_atomic_t, [Define to `int' if does not define.]) AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.]) +AH_TEMPLATE(socklen_t, [Define to `unsigned int' if doesn't define.]) AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.]) AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.]) +AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.]) +AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication]) +AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.]) +AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).]) +AH_TEMPLATE(RTLD_PRELOAD_DELIM, [The delimiter to use when defining multiple preloaded objects.]) +AH_TEMPLATE(RTLD_PRELOAD_DEFAULT, [The default value of preloaded objects (if any).]) +AH_TEMPLATE(HAVE_DSO_VISIBILITY, [Define to 1 if the compiler supports the __visibility__ attribute.]) +AH_TEMPLATE(HAVE_SYS_SIGABBREV, [Define to 1 if your libc has the `sys_sigabbrev' symbol.]) dnl dnl Bits to copy verbatim into config.h.in @@ -3234,11 +3675,13 @@ AH_BOTTOM([/* # endif /* HAVE_ST_MTIMESPEC */ #endif /* HAVE_ST_MTIM */ -/* GNU stow needs /etc/sudoers to be a symlink. */ -#ifdef USE_STOW -# define stat_sudoers stat +#ifdef __GNUC__ +# define ignore_result(x) do { \ + __typeof__(x) y = (x); \ + (void)y; \ +} while(0) #else -# define stat_sudoers lstat +# define ignore_result(x) (void)(x) #endif /* Macros to set/clear/test flags. */