--- embedaddon/sudo/configure.in 2012/05/29 12:26:49 1.1.1.2 +++ embedaddon/sudo/configure.in 2013/10/14 07:56:33 1.1.1.5 @@ -1,9 +1,9 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. dnl -dnl Copyright (c) 1994-1996,1998-2012 Todd C. Miller +dnl Copyright (c) 1994-1996,1998-2013 Todd C. Miller dnl -AC_INIT([sudo], [1.8.5p1], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.8.8], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER([config.h pathnames.h]) dnl dnl Note: this must come after AC_INIT @@ -20,7 +20,11 @@ AC_SUBST([PROGS]) AC_SUBST([CPPFLAGS]) AC_SUBST([LDFLAGS]) AC_SUBST([SUDOERS_LDFLAGS]) -AC_SUBST([LTLDFLAGS]) +AC_SUBST([LT_LDFLAGS]) +AC_SUBST([LT_LDMAP]) +AC_SUBST([LT_LDOPT]) +AC_SUBST([LT_LDDEP]) +AC_SUBST([LT_LDEXPORTS]) AC_SUBST([COMMON_OBJS]) AC_SUBST([SUDOERS_OBJS]) AC_SUBST([SUDO_OBJS]) @@ -34,13 +38,18 @@ AC_SUBST([GETGROUPS_LIB]) AC_SUBST([OSDEFS]) AC_SUBST([AUTH_OBJS]) AC_SUBST([MANTYPE]) -AC_SUBST([MAN_POSTINSTALL]) +AC_SUBST([MANDIRTYPE]) +AC_SUBST([MANCOMPRESS]) +AC_SUBST([MANCOMPRESSEXT]) +AC_SUBST([SHLIB_MODE]) +AC_SUBST([SHLIB_EXT]) AC_SUBST([SUDOERS_MODE]) AC_SUBST([SUDOERS_UID]) AC_SUBST([SUDOERS_GID]) AC_SUBST([DEVEL]) AC_SUBST([BAMAN]) AC_SUBST([LCMAN]) +AC_SUBST([PSMAN]) AC_SUBST([SEMAN]) AC_SUBST([devdir]) AC_SUBST([mansectsu]) @@ -48,9 +57,9 @@ AC_SUBST([mansectform]) AC_SUBST([mansrcdir]) AC_SUBST([NOEXECFILE]) AC_SUBST([NOEXECDIR]) -AC_SUBST([PLUGINDIR]) AC_SUBST([SOEXT]) AC_SUBST([noexec_file]) +AC_SUBST([sesh_file]) AC_SUBST([INSTALL_NOEXEC]) AC_SUBST([DONT_LEAK_PATH_INFO]) AC_SUBST([BSDAUTH_USAGE]) @@ -66,7 +75,14 @@ AC_SUBST([LIBDL]) AC_SUBST([LT_STATIC]) AC_SUBST([LIBINTL]) AC_SUBST([SUDO_NLS]) +AC_SUBST([LOCALEDIR_SUFFIX]) AC_SUBST([COMPAT_TEST_PROGS]) +AC_SUBST([CROSS_COMPILING]) +AC_SUBST([PIE_LDFLAGS]) +AC_SUBST([PIE_CFLAGS]) +AC_SUBST([SSP_LDFLAGS]) +AC_SUBST([SSP_CFLAGS]) +AC_SUBST([NO_VIZ]) dnl dnl Variables that get substituted in docs (not overridden by environment) dnl @@ -101,10 +117,14 @@ AC_SUBST([root_sudo]) AC_SUBST([path_info]) AC_SUBST([ldap_conf]) AC_SUBST([ldap_secret]) +AC_SUBST([sssd_lib]) AC_SUBST([nsswitch_conf]) AC_SUBST([netsvc_conf]) AC_SUBST([secure_path]) AC_SUBST([editor]) +AC_SUBST([pam_session]) +AC_SUBST([pam_login_service]) +AC_SUBST([PLUGINDIR]) # # Begin initial values for man page substitution # @@ -141,9 +161,13 @@ path_info=on ldap_conf=/etc/ldap.conf ldap_secret=/etc/ldap.secret netsvc_conf=/etc/netsvc.conf -noexec_file=/usr/local/libexec/sudo_noexec.so +noexec_file=/usr/local/libexec/sudo/sudo_noexec.so +sesh_file=/usr/local/libexec/sudo/sesh nsswitch_conf=/etc/nsswitch.conf secure_path="not set" +pam_session=on +pam_login_service=sudo +PLUGINDIR=/usr/local/libexec/sudo # # End initial values for man page substitution # @@ -154,8 +178,9 @@ dnl INSTALL_NOEXEC= devdir='$(srcdir)' PROGS="sudo" -: ${MANTYPE='man'} +: ${MANDIRTYPE='man'} : ${mansrcdir='.'} +: ${SHLIB_MODE='0644'} : ${SUDOERS_MODE='0440'} : ${SUDOERS_UID='0'} : ${SUDOERS_GID='0'} @@ -163,6 +188,7 @@ DEVEL= LDAP="#" BAMAN=0 LCMAN=0 +PSMAN=0 SEMAN=0 LIBINTL= ZLIB= @@ -173,6 +199,11 @@ AUTH_EXCL= AUTH_EXCL_DEF= AUTH_DEF=passwd SUDO_NLS=disabled +LOCALEDIR_SUFFIX= +LT_LDEXPORTS="-export-symbols \$(shlib_exp)" +LT_LDDEP="\$(shlib_exp)" +NO_VIZ="-DNO_VIZ" +OS_INIT=os_init_common dnl dnl Other vaiables @@ -197,6 +228,18 @@ dnl libc replacement functions live in compat dnl AC_CONFIG_LIBOBJ_DIR(compat) +# +# Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir. +# Starting with sudo 1.8.7, $libexecdir/sudo is used so strip +# off an extraneous "/sudo" from libexecdir. +# +case "$libexecdir" in + */sudo) + AC_MSG_WARN([libexecdir should not include the "sudo" subdirectory]) + libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'` + ;; +esac + dnl dnl Deprecated --with options (these all warn or generate an error) dnl @@ -237,19 +280,11 @@ AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compil ;; esac]) -AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])], -[case $with_rpath in - yes|no) ;; - *) AC_MSG_ERROR(["--with-rpath does not take an argument."]) - ;; -esac]) +AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [deprecated, use --disable-rpath])], +[AC_MSG_WARN([--with-rpath deprecated, rpath is now the default])]) -AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])], -[case $with_blibpath in - yes|no) ;; - *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.]) - ;; -esac]) +AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [deprecated])], +[AC_MSG_WARN([--with-blibpath deprecated, use --with-libpath])]) dnl dnl Handle BSM auditing support. @@ -284,6 +319,24 @@ AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux ;; esac]) +dnl +dnl Handle SSSD support. +dnl +AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])], +[case $with_sssd in + yes) SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo" + AC_DEFINE(HAVE_SSSD) + ;; + no) ;; + *) AC_MSG_ERROR(["--with-sssd does not take an argument."]) + ;; +esac]) + +AC_ARG_WITH(sssd-lib, [AS_HELP_STRING([--with-sssd-lib], [path to the SSSD library])]) +sssd_lib="\"LIBDIR\"" +test -n "$with_sssd_lib" && sssd_lib="$with_sssd_lib" +SUDO_DEFINE_UNQUOTED(_PATH_SSSD_LIB, "$sssd_lib", [Path to the SSSD library]) + AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])], [case $with_incpath in yes) AC_MSG_ERROR(["must give --with-incpath an argument."]) @@ -292,7 +345,7 @@ AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], ;; *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS]) for i in ${with_incpath}; do - CPPFLAGS="${CPPFLAGS} -I${i}" + SUDO_APPEND_CPPFLAGS(-I${i}) done ;; esac]) @@ -1075,17 +1128,11 @@ AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-int ;; esac], AC_MSG_RESULT(yes)) -AC_MSG_CHECKING(whether stow should be used) -AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [properly handle GNU stow packaging])], +AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [deprecated])], [case $with_stow in - yes) AC_MSG_RESULT(yes) - AC_DEFINE(USE_STOW) + *) AC_MSG_NOTICE([--with-stow option deprecated, now is defalt behavior]) ;; - no) AC_MSG_RESULT(no) - ;; - *) AC_MSG_ERROR(["--with-stow does not take an argument."]) - ;; -esac], AC_MSG_RESULT(no)) +esac]) AC_MSG_CHECKING(whether to use an askpass helper) AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])], @@ -1093,17 +1140,44 @@ AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=P yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."]) ;; no) ;; - *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass]) - ;; -esac], AC_MSG_RESULT(no)) + *) ;; +esac], [ + with_askpass=no + AC_MSG_RESULT(no) +]) +if test X"$with_askpass" != X"no"; then + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass") +else + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, NULL) +fi AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to load plugins from])], [case $with_plugindir in no) AC_MSG_ERROR(["illegal argument: --without-plugindir."]) ;; *) ;; -esac], [with_plugindir="$libexecdir"]) +esac], [with_plugindir="$libexecdir/sudo"]) +AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])], +[case $with_man in + yes) MANTYPE=man + ;; + no) AC_MSG_ERROR(["--without-man not supported."]) + ;; + *) AC_MSG_ERROR(["ignoring unknown argument to --with-man: $with_man."]) + ;; +esac]) + +AC_ARG_WITH(mdoc, [AS_HELP_STRING([--with-mdoc], [manual pages use mdoc macros])], +[case $with_mdoc in + yes) MANTYPE=mdoc + ;; + no) AC_MSG_ERROR(["--without-mdoc not supported."]) + ;; + *) AC_MSG_ERROR(["ignoring unknown argument to --with-mdoc: $with_mdoc."]) + ;; +esac]) + dnl dnl Options for --enable dnl @@ -1307,6 +1381,13 @@ AC_ARG_ENABLE(werror, esac ]) +AC_ARG_ENABLE(hardening, +[AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])], +[], [enable_hardening=yes]) + +AC_ARG_ENABLE(pie, +[AS_HELP_STRING([--enable-pie], [Build sudo as a position independent executable.])]) + AC_ARG_ENABLE(admin-flag, [AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])], [ case "$enableval" in @@ -1322,6 +1403,10 @@ AC_ARG_ENABLE(nls, [AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])], [], [enable_nls=yes]) +AC_ARG_ENABLE(rpath, +[AS_HELP_STRING([--disable-rpath], [Disable passing of -Rpath to the linker])], +[], [enable_rpath=yes]) + AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])], [case $with_selinux in yes) SELINUX_USAGE="[[-r role]] [[-t type]] " @@ -1336,7 +1421,7 @@ AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], no) ;; *) AC_MSG_ERROR(["--with-selinux does not take an argument."]) ;; -esac]) +esac], [with_selinux=no]) dnl dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default @@ -1378,6 +1463,21 @@ LT_PREREQ([2.2.6b]) LT_INIT([dlopen]) dnl +dnl Allow the user to specify an alternate libtool. +dnl XXX - should be able to skip LT_INIT if we are using a different libtool +dnl +AC_ARG_WITH(libtool, [AS_HELP_STRING([--with-libtool=PATH], [specify path to libtool])], +[case $with_libtool in + yes|builtin) ;; + no) AC_MSG_ERROR(["--without-libtool not supported."]) + ;; + system) LIBTOOL=libtool + ;; + *) LIBTOOL="$with_libtool" + ;; +esac]) + +dnl dnl Defer with_noexec until after libtool magic runs dnl if test "$enable_shared" = "no"; then @@ -1386,59 +1486,63 @@ if test "$enable_shared" = "no"; then lt_cv_dlopen=none lt_cv_dlopen_libs= ac_cv_func_dlopen=no + LT_LDFLAGS=-static else eval _shrext="$shrext_cmds" # Darwin uses .dylib for libraries but .so for modules if test X"$_shrext" = X".dylib"; then SOEXT=".so" + SHLIB_EXT=".dylib" else SOEXT="$_shrext" + SHLIB_EXT="$_shrext" fi fi AC_MSG_CHECKING(path to sudo_noexec.so) AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])], [case $with_noexec in - yes) with_noexec="$libexecdir/sudo_noexec$_shrext" + yes) with_noexec="$libexecdir/sudo/sudo_noexec.so" ;; no) ;; *) ;; -esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"]) +esac], [with_noexec="$libexecdir/sudo/sudo_noexec.so"]) AC_MSG_RESULT($with_noexec) -NOEXECFILE="sudo_noexec$_shrext" -NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`" +NOEXECFILE="sudo_noexec.so" +NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`" dnl dnl Find programs we use dnl -AC_CHECK_PROG(UNAMEPROG, [uname], [uname]) -AC_CHECK_PROG(TRPROG, [tr], [tr]) -AC_CHECK_PROGS(NROFFPROG, [nroff mandoc]) -if test -n "$NROFFPROG"; then - AC_CACHE_CHECK([whether $NROFFPROG supports the -c option], - [sudo_cv_var_nroff_opt_c], - [if $NROFFPROG -c /dev/null 2>&1; then - sudo_cv_var_nroff_opt_c=yes - else - sudo_cv_var_nroff_opt_c=no - fi] - ) - if test "$sudo_cv_var_nroff_opt_c" = "yes"; then - NROFFPROG="$NROFFPROG -c" - fi - AC_CACHE_CHECK([whether $NROFFPROG supports the -Tascii option], - [sudo_cv_var_nroff_opt_Tascii], - [if $NROFFPROG -Tascii /dev/null 2>&1; then - sudo_cv_var_nroff_opt_Tascii=yes - else - sudo_cv_var_nroff_opt_Tascii=no - fi] - if test "$sudo_cv_var_nroff_opt_Tascii" = "yes"; then - NROFFPROG="$NROFFPROG -Tascii" - fi - ) +AC_PATH_PROG(UNAMEPROG, [uname], [uname]) +AC_PATH_PROG(TRPROG, [tr], [tr]) +AC_PATH_PROG(MANDOCPROG, [mandoc], [mandoc]) +if test "$MANDOCPROG" != "mandoc"; then + : ${MANTYPE='mdoc'} else - MANTYPE="cat" - mansrcdir='$(srcdir)' + AC_PATH_PROG(NROFFPROG, [nroff]) + if test -n "$NROFFPROG"; then + test -n "$MANTYPE" && sudo_cv_var_mantype="$MANTYPE" + AC_CACHE_CHECK([which macro set to use for manual pages], + [sudo_cv_var_mantype], + [ + sudo_cv_var_mantype="man" + echo ".Sh NAME" > conftest + echo ".Nm sudo" >> conftest + echo ".Nd sudo" >> conftest + echo ".Sh DESCRIPTION" >> conftest + echo "sudo" >> conftest + if $NROFFPROG -mdoc conftest >/dev/null 2>&1; then + sudo_cv_var_mantype="mdoc" + fi + rm -f conftest + ] + ) + MANTYPE="$sudo_cv_var_mantype" + else + MANTYPE=cat + MANDIRTYPE=cat + mansrcdir='$(srcdir)' + fi fi dnl @@ -1490,6 +1594,10 @@ case "$host" in # LD_PRELOAD is space-delimited RTLD_PRELOAD_DELIM=" " + # Solaris-specific initialization + OS_INIT=os_init_solaris + SUDO_OBJS="${SUDO_OBJS} solaris.o" + # To get the crypt(3) prototype (so we pass -Wall) OSDEFS="${OSDEFS} -D__EXTENSIONS__" # AFS support needs -lucb @@ -1498,30 +1606,13 @@ case "$host" in fi : ${mansectsu='1m'} : ${mansectform='4'} - : ${with_rpath='yes'} test -z "$with_pam" && AUTH_EXCL_DEF="PAM" - AC_CHECK_FUNCS(priv_set) + AC_CHECK_FUNCS(priv_set, [PSMAN=1]) ;; *-*-aix*) # To get all prototypes (so we pass -Wall) OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT" SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" - if test X"$with_blibpath" != X"no"; then - AC_MSG_CHECKING([if linker accepts -Wl,-blibpath]) - O_LDFLAGS="$LDFLAGS" - LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [ - if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then - blibpath="$with_blibpath" - elif test -n "$GCC"; then - blibpath="/usr/lib:/lib:/usr/local/lib" - else - blibpath="/usr/lib:/lib" - fi - AC_MSG_RESULT(yes) - ], [AC_MSG_RESULT(no)]) - fi - LDFLAGS="$O_LDFLAGS" # On AIX 6 and higher default to PAM, else default to LAM if test $OSMAJOR -ge 6; then @@ -1546,9 +1637,6 @@ case "$host" in with_netsvc="/etc/netsvc.conf" fi - # For implementing getgrouplist() - AC_CHECK_FUNCS(getgrset) - # LDR_PRELOAD is only supported in AIX 5.3 and later if test $OSMAJOR -lt 5; then with_noexec=no @@ -1557,12 +1645,15 @@ case "$host" in fi # AIX-specific functions - AC_CHECK_FUNCS(getuserattr setauthdb) + AC_CHECK_FUNCS(getuserattr setauthdb setrlimit64) COMMON_OBJS="$COMMON_OBJS aix.lo" ;; *-*-hiuxmpp*) : ${mansectsu='1m'} : ${mansectform='4'} + + # HP-UX shared libs must be executable + SHLIB_MODE=0755 ;; *-*-hpux*) # AFS support needs -lBSD @@ -1572,6 +1663,9 @@ case "$host" in : ${mansectsu='1m'} : ${mansectform='4'} + # HP-UX shared libs must be executable + SHLIB_MODE=0755 + # The HP bundled compiler cannot generate shared libs if test -z "$GCC"; then AC_CACHE_CHECK([for HP bundled C compiler], @@ -1612,11 +1706,11 @@ case "$host" in ;; esac - case "$host" in - *-*-hpux[[1-8]].*) + case "$host_os" in + hpux[[1-8]].*) AC_DEFINE(BROKEN_SYSLOG) ;; - *-*-hpux9.*) + hpux9.*) AC_DEFINE(BROKEN_SYSLOG) shadow_funcs="getspwuid" @@ -1626,10 +1720,11 @@ case "$host" in # order of libs in 9.X is important. -lc_r must be last SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r" LIBS="${LIBS} -ldce -lM -lc_r" - CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant" + SUDO_APPEND_CPPFLAGS(-D_REENTRANT) + SUDO_APPEND_CPPFLAGS(-I/usr/include/reentrant) fi ;; - *-*-hpux10.*) + hpux10.*) shadow_funcs="getprpwnam iscomsec" shadow_libs="-lsec" # HP-UX 10.20 libc has an incompatible getline @@ -1641,9 +1736,11 @@ case "$host" in test -z "$with_pam" && AUTH_EXCL_DEF="PAM" ;; esac + AC_CHECK_FUNCS(pstat_getproc) ;; *-dec-osf*) # ignore envariables wrt dynamic lib path + # XXX - sudo LDFLAGS instead? SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement" : ${CHECKSIA='true'} @@ -1696,7 +1793,6 @@ case "$host" in *-*-irix*) OSDEFS="${OSDEFS} -D_BSD_TYPES" if test -z "$NROFFPROG"; then - MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)' if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then if test -d /usr/share/catman/local; then mandir="/usr/share/catman/local" @@ -1704,6 +1800,9 @@ case "$host" in mandir="/usr/catman/local" fi fi + # Compress cat pages with pack + MANCOMPRESS='pack' + MANCOMPRESSEXT='.z' else if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then if test -d "/usr/share/man/local"; then @@ -1747,7 +1846,8 @@ case "$host" in ;; *-*-riscos*) LIBS="${LIBS} -lsun -lbsd" - CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd" + SUDO_APPEND_CPPFLAGS(-I/usr/include) + SUDO_APPEND_CPPFLAGS(-I/usr/include/bsd) OSDEFS="${OSDEFS} -D_MIPS" : ${mansectsu='1m'} : ${mansectform='4'} @@ -1780,19 +1880,16 @@ case "$host" in shadow_libs="-lsec" : ${mansectsu='1m'} : ${mansectform='4'} - : ${with_rpath='yes'} ;; *-ncr-sysv4*|*-ncr-sysvr4*) AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"]) : ${mansectsu='1m'} : ${mansectform='4'} - : ${with_rpath='yes'} ;; *-ccur-sysv4*|*-ccur-sysvr4*) LIBS="${LIBS} -lgen" : ${mansectsu='1m'} : ${mansectform='4'} - : ${with_rpath='yes'} ;; *-*-bsdi*) SKIP_SETREUID=yes @@ -1818,6 +1915,10 @@ case "$host" in : ${with_logincap='maybe'} ;; *-*-*openbsd*) + # OpenBSD-specific initialization + OS_INIT=os_init_openbsd + SUDO_OBJS="${SUDO_OBJS} openbsd.o" + # OpenBSD has a real setreuid(2) starting with 3.3 but # we will use setresuid(2) instead. SKIP_SETREUID=yes @@ -1862,8 +1963,14 @@ case "$host" in CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='yes'} + # Darwin 8 and above can interpose library symbols cleanly + if test $OSMAJOR -ge 8; then + AC_DEFINE(HAVE___INTERPOSE) + dlyld_interpose=yes + else + RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" + fi RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" - RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" ;; *-*-nextstep*) # lockf() on is broken on the NeXT -- use flock instead @@ -1875,7 +1982,6 @@ case "$host" in *-*-*sysv4*) : ${mansectsu='1m'} : ${mansectform='4'} - : ${with_rpath='yes'} ;; *-*-sysv*) : ${mansectsu='1m'} @@ -1962,23 +2068,7 @@ AC_INCLUDES_DEFAULT # define sudo_fprintf(fp, ...) fprintf((fp), __VA_ARGS__) #endif ], [sudo_fprintf(stderr, "a %s", "test");])], [], [AC_MSG_ERROR([Your C compiler doesn't support variadic macros, try building with gcc instead])]) -if test X"$with_gnu_ld" != "yes" -a -n "$GCC"; then - _CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -static-libgcc" - AC_CACHE_CHECK([whether $CC understands -static-libgcc], - [sudo_cv_var_gcc_static_libgcc], - [AC_LINK_IFELSE( - [AC_LANG_PROGRAM([[]], [[]])], - [sudo_cv_var_gcc_static_libgcc=yes], - [sudo_cv_var_gcc_static_libgcc=no] - ) - ] - ) - CFLAGS="$_CFLAGS" - if test "$sudo_cv_var_gcc_static_libgcc" = "yes"; then - LTLDFLAGS="$LTLDFLAGS -Wc,-static-libgcc" - fi -fi + dnl dnl Program checks dnl @@ -2008,6 +2098,7 @@ AC_HEADER_TIME AC_HEADER_STDBOOL AC_HEADER_MAJOR AC_CHECK_HEADERS(malloc.h netgroup.h paths.h spawn.h utime.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h) +AC_CHECK_HEADERS([endian.h] [sys/endian.h] [machine/endian.h], [break]) AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS(_ttyname_dev)], [], [AC_INCLUDES_DEFAULT #ifdef HAVE_PROCFS_H #include @@ -2022,8 +2113,8 @@ dnl Check for large file support. HP-UX 11.23 has a b dnl when large files support is enabled so work around it. dnl AC_SYS_LARGEFILE -case "$host" in - *-*-hpux11.*) +case "$host_os" in + hpux11.*) AC_CACHE_CHECK([whether sys/types.h needs _XOPEN_SOURCE_EXTENDED], [sudo_cv_xopen_source_extended], [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT #include ], [])], [sudo_cv_xopen_source_extended=no], [ @@ -2044,7 +2135,7 @@ if test "$ac_cv_sys_posix_termios" != "yes"; then fi SUDO_MAILDIR if test ${with_logincap-'no'} != "no"; then - AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1 + AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class]] '; LCMAN=1 case "$OS" in freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" @@ -2063,7 +2154,9 @@ if test ${with_project-'no'} != "no"; then fi dnl dnl typedef checks +dnl We need to define __STDC_WANT_LIB_EXT1__ for errno_t and rsize_t dnl +SUDO_APPEND_CPPFLAGS(-D__STDC_WANT_LIB_EXT1__=1) AC_TYPE_MODE_T AC_TYPE_UID_T AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])]) @@ -2079,14 +2172,23 @@ AC_CHECK_TYPES([struct timespec], [], [], [#include #include ]) AC_TYPE_LONG_LONG_INT +if test X"$ac_cv_type_long_long_int" != X"yes"; then + AC_MSG_ERROR(["C compiler does not appear have required long long support"]) +fi AC_CHECK_SIZEOF([long int]) +AC_CHECK_TYPE(id_t, unsigned int) AC_CHECK_TYPE(size_t, unsigned int) AC_CHECK_TYPE(ssize_t, int) AC_CHECK_TYPE(dev_t, int) AC_CHECK_TYPE(ino_t, unsigned int) +AC_CHECK_TYPE(uint8_t, unsigned char) +AC_CHECK_TYPE(uint32_t, unsigned int) +AC_CHECK_TYPE(uint64_t, unsigned long long) AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [ AC_INCLUDES_DEFAULT #include ]) +AC_CHECK_TYPE(rsize_t, size_t) +AC_CHECK_TYPE(errno_t, int) SUDO_UID_T_LEN SUDO_SOCK_SA_LEN dnl @@ -2137,10 +2239,39 @@ dnl dnl Function checks dnl AC_FUNC_GETGROUPS -AC_CHECK_FUNCS(glob strrchr sysconf tzset strftime setenv \ - regcomp setlocale nl_langinfo mbr_check_membership \ - setrlimit64) -AC_REPLACE_FUNCS(getgrouplist) +AC_CHECK_FUNCS(glob nl_langinfo regcomp setenv strftime strrchr strtoll \ + sysconf tzset) +AC_CHECK_FUNCS(getgrouplist, [], [ + case "$host_os" in + aix*) + AC_CHECK_FUNCS(getgrset) + ;; + *) + AC_CHECK_FUNC(nss_search, [ + AC_CHECK_FUNC(_nss_XbyY_buf_alloc, [ + # Solaris + AC_CHECK_FUNC(_nss_initf_group, [ + AC_CHECK_HEADERS(nss_dbdefs.h) + AC_DEFINE([HAVE_NSS_SEARCH]) + AC_DEFINE([HAVE__NSS_XBYY_BUF_ALLOC]) + AC_DEFINE([HAVE__NSS_INITF_GROUP]) + ]) + ], [ + # HP-UX + AC_CHECK_FUNC(__nss_XbyY_buf_alloc, [ + AC_CHECK_FUNC(__nss_initf_group, [ + AC_CHECK_HEADERS(nss_dbdefs.h) + AC_DEFINE([HAVE_NSS_SEARCH]) + AC_DEFINE([HAVE___NSS_XBYY_BUF_ALLOC]) + AC_DEFINE([HAVE___NSS_INITF_GROUP]) + ]) + ]) + ]) + ]) + ;; + esac + AC_LIBOBJ(getgrouplist) +]) AC_CHECK_FUNCS(getline, [], [ AC_LIBOBJ(getline) AC_CHECK_FUNCS(fgetln) @@ -2148,17 +2279,20 @@ AC_CHECK_FUNCS(getline, [], [ dnl dnl If libc supports _FORTIFY_SOURCE check functions, use it. dnl -O_CPPFLAGS="$CPPFLAGS" -CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" -AC_CHECK_FUNC(__sprintf_chk, [ - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]])], [OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2"], []) -], []) -CPPFLAGS="$O_CPPFLAGS" +if test "$enable_hardening" != "no"; then + O_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" + AC_CHECK_FUNC(__sprintf_chk, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]])], [OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2"], []) + ], []) + CPPFLAGS="$O_CPPFLAGS" +fi utmp_style=LEGACY AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break]) if test "$utmp_style" = "LEGACY"; then AC_CHECK_FUNCS(getttyent ttyslot, [break]) + AC_CHECK_FUNCS(fseeko) fi AC_CHECK_FUNCS(sysctl, [AC_CHECK_MEMBERS([struct kinfo_proc.ki_tdev], [], @@ -2213,11 +2347,9 @@ if test -z "$SKIP_SETRESUID"; then ]) fi if test -z "$SKIP_SETREUID"; then - AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes]) + AC_CHECK_FUNCS(setreuid) fi -if test -z "$SKIP_SETEUID"; then - AC_CHECK_FUNCS(seteuid) -fi +AC_CHECK_FUNCS(seteuid) if test X"$with_interfaces" != X"no"; then AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)]) fi @@ -2232,11 +2364,20 @@ SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOB COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test" ]) SUDO_FUNC_ISBLANK -AC_REPLACE_FUNCS(memrchr pw_dup strlcpy strlcat) +AC_REPLACE_FUNCS(memrchr memset_s pw_dup strlcpy strlcat) AC_CHECK_FUNCS(nanosleep, [], [ # On Solaris, nanosleep is in librt AC_CHECK_LIB(rt, nanosleep, [REPLAY_LIBS="${REPLAY_LIBS} -lrt"], [AC_LIBOBJ(nanosleep)]) ]) +AC_CHECK_FUNCS(getopt_long, [], [AC_LIBOBJ(getopt_long) + AC_MSG_CHECKING([for optreset]) + AC_CACHE_VAL(sudo_cv_optreset, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern int optreset; optreset = 1; return optreset;]])], [sudo_cv_optreset=yes], [sudo_cv_optreset=no])]) + if test "$sudo_cv_optreset" = "yes"; then + AC_DEFINE(HAVE_OPTRESET) + fi + AC_MSG_RESULT($sudo_cv_optreset) +]) AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom) AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [], [ #include @@ -2253,6 +2394,54 @@ if test X"$ac_cv_type_struct_timespec" != X"no"; then [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) fi dnl +dnl Function checks for sudo_noexec +dnl +if test X"$with_noexec" != X"no"; then + # Check for underscore versions of standard exec functions + # unless we are using dyld symbole interposition + if test X"$dlyld_interpose" != X"yes"; then + AC_CHECK_FUNCS(_execl __execl) + AC_CHECK_FUNCS(_execle __execle) + AC_CHECK_FUNCS(_execlp __execlp) + AC_CHECK_FUNCS(_execv __execv) + AC_CHECK_FUNCS(_execve __execve) + AC_CHECK_FUNCS(_execvp __execvp) + fi + # Check for non-standard exec functions including underscore versions + AC_CHECK_FUNCS(exect, [ + if test X"$dlyld_interpose" != X"yes"; then + AC_CHECK_FUNCS(_exect __exect) + fi + ]) + AC_CHECK_FUNCS(execvP, [ + if test X"$dlyld_interpose" != X"yes"; then + AC_CHECK_FUNCS(_execvP __execvP) + fi + ]) + AC_CHECK_FUNCS(execvpe, [ + if test X"$dlyld_interpose" != X"yes"; then + AC_CHECK_FUNCS(_execvpe __execvpe) + fi + ]) + AC_CHECK_FUNCS(fexecve, [ + if test X"$dlyld_interpose" != X"yes"; then + AC_CHECK_FUNCS(_fexecve __fexecve) + fi + ]) + # Check for posix_spawn, posix_spawnp and any underscore versions + AC_CHECK_FUNCS(posix_spawn, [ + if test X"$dlyld_interpose" != X"yes"; then + AC_CHECK_FUNCS(_posix_spawn __posix_spawn) + fi + ]) + AC_CHECK_FUNCS(posix_spawnp, [ + if test X"$dlyld_interpose" != X"yes"; then + AC_CHECK_FUNCS(_posix_spawnp __posix_spawnp) + fi + ]) +fi + +dnl dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR. dnl AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include @@ -2384,7 +2573,7 @@ elif test -n "$GCC"; then AC_MSG_RESULT($sudo_cv___FUNCTION__) if test "$sudo_cv___FUNCTION__" = "yes"; then AC_DEFINE(HAVE___FUNC__) - AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler support __FUNCTION__ but not __func__]) + AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__]) fi fi @@ -2396,7 +2585,7 @@ fi # make sure we use the gettext() that matches the include file. if test "$enable_nls" != "no"; then if test "$enable_nls" != "yes"; then - CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include" + SUDO_APPEND_CPPFLAGS(-I${enable_nls}/include) SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib]) fi OLIBS="$LIBS" @@ -2422,13 +2611,20 @@ if test "$enable_nls" != "no"; then ]) eval gettext_result="\$$gettext_name" AC_MSG_RESULT($gettext_result) - test "$gettext_result" = "yes" && break + if test "$gettext_result" = "yes"; then + AC_CHECK_FUNCS(ngettext) + break + fi done LIBS="$OLIBS" if test "$sudo_cv_gettext" = "yes"; then AC_DEFINE(HAVE_LIBINTL_H) SUDO_NLS=enabled + # For Solaris we need links from lang to lang.UTF-8 in localedir + case "$host_os" in + solaris2*) LOCALEDIR_SUFFIX=".UTF-8";; + esac elif test "$sudo_cv_gettext_lintl" = "yes"; then AC_DEFINE(HAVE_LIBINTL_H) SUDO_NLS=enabled @@ -2463,7 +2659,7 @@ case "$enable_zlib" in ;; *) AC_DEFINE(HAVE_ZLIB_H) - CPPFLAGS="-I${enable_zlib}/include ${CPPFLAGS}" + SUDO_APPEND_CPPFLAGS(-I${enable_zlib}/include) SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib]) ZLIB="${ZLIB} -lz" ;; @@ -2512,6 +2708,37 @@ AC_INCLUDES_DEFAULT ]) dnl +dnl Check for sig2str(), sys_signame or sys_sigabbrev +dnl +AC_CHECK_FUNCS(sig2str, [], [ + AC_LIBOBJ(sig2str) + HAVE_SIGNAME="false" + AC_CHECK_DECLS([sys_signame, _sys_signame, __sys_signame, sys_sigabbrev], [ + HAVE_SIGNAME="true" + break + ], [ ], [ +AC_INCLUDES_DEFAULT +#include + ]) + if test "$HAVE_SIGNAME" != "true"; then + AC_CACHE_CHECK([for undeclared sys_sigabbrev], + [sudo_cv_var_sys_sigabbrev], + [AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])], + [sudo_cv_var_sys_sigabbrev=yes], + [sudo_cv_var_sys_sigabbrev=no] + ) + ] + ) + if test "$sudo_cv_var_sys_sigabbrev" = yes; then + AC_DEFINE(HAVE_SYS_SIGABBREV) + else + AC_LIBOBJ(signame) + fi + fi +]) + +dnl dnl nsswitch.conf and its equivalents dnl if test ${with_netsvc-"no"} != "no"; then @@ -2595,6 +2822,7 @@ if test ${with_pam-"no"} != "no"; then yes) AC_DEFINE([HAVE_PAM_LOGIN]) AC_MSG_CHECKING(whether to use PAM login) AC_MSG_RESULT(yes) + pam_login_service="sudo-i" ;; no) ;; *) AC_MSG_ERROR(["--with-pam-login does not take an argument."]) @@ -2607,12 +2835,13 @@ if test ${with_pam-"no"} != "no"; then [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;; - no) AC_MSG_RESULT(no) - AC_DEFINE(NO_PAM_SESSION) - ;; - *) AC_MSG_RESULT(no) - AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval]) - ;; + no) AC_MSG_RESULT(no) + AC_DEFINE(NO_PAM_SESSION) + pam_session=off + ;; + *) AC_MSG_RESULT(no) + AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval]) + ;; esac], AC_MSG_RESULT(yes)) fi fi @@ -2638,7 +2867,7 @@ dnl if test ${with_bsdauth-'no'} != "no"; then AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) [AUTH_OBJS="$AUTH_OBJS bsdauth.lo"] - [BSDAUTH_USAGE='[[-a auth_type]] '] + [BSDAUTH_USAGE='[[-a type]] '] [AUTH_EXCL=BSD_AUTH; BAMAN=1], [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])]) fi @@ -2660,7 +2889,7 @@ dnl if test ${with_fwtk-'no'} != "no"; then if test "$with_fwtk" != "yes"; then SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}]) - CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" + SUDO_APPEND_CPPFLAGS(-I${with_fwtk}) with_fwtk=yes fi SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall" @@ -2678,8 +2907,8 @@ if test ${with_SecurID-'no'} != "no"; then else with_SecurID=/usr/ace fi - CPPFLAGS="${CPPFLAGS} -I${with_SecurID}" - SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}]) + SUDO_APPEND_CPPFLAGS(-I${with_SecurID}) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}]) SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread" AUTH_OBJS="$AUTH_OBJS securid5.lo"; fi @@ -2742,7 +2971,7 @@ if test ${with_kerb5-'no'} != "no"; then else dnl XXX - try to include krb5.h here too SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib]) - CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include" + SUDO_APPEND_CPPFLAGS(-I${with_kerb5}/include) fi dnl @@ -2832,7 +3061,7 @@ if test ${with_AFS-'no'} = "yes"; then # AFS includes may live in /usr/include on some machines... for i in /usr/afsws/include; do if test -d ${i}; then - CPPFLAGS="${CPPFLAGS} -I${i}" + SUDO_APPEND_CPPFLAGS(-I${i}) FOUND_AFSINCDIR=true fi done @@ -2860,8 +3089,8 @@ dnl if test "${with_skey-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_skey" != "yes"; then - CPPFLAGS="${CPPFLAGS} -I${with_skey}/include" - SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib]) + SUDO_APPEND_CPPFLAGS(-I${with_skey}/include) + LDFLAGS="$LDFLAGS -L${with_skey}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib]) AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include ]) else @@ -2870,12 +3099,12 @@ if test "${with_skey-'no'}" = "yes"; then for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" AC_CHECK_HEADER([skey.h], [found=yes; break], [], - [#include ]) + [#include ]) done if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else - SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) + LDFLAGS="$LDFLAGS -L${dir}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) fi if test "$found" = "no"; then @@ -2910,8 +3139,8 @@ dnl if test "${with_opie-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_opie" != "yes"; then - CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" - SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib]) + SUDO_APPEND_CPPFLAGS(-I${with_opie}/include) + LDFLAGS="$LDFLAGS -L${with_opie}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib]) AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes], [found=no]) else @@ -2924,7 +3153,7 @@ if test "${with_opie-'no'}" = "yes"; then if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else - SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) + LDFLAGS="$LDFLAGS -L${dir}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) fi if test "$found" = "no"; then @@ -2992,46 +3221,33 @@ dnl dnl extra lib and .o file for LDAP support dnl if test ${with_ldap-'no'} != "no"; then - _LDFLAGS="$LDFLAGS" + O_LDFLAGS="$LDFLAGS" if test "$with_ldap" != "yes"; then SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib]) - SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib]) - CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" + LDFLAGS="$LDFLAGS -L${with_ldap}/lib" + SUDO_APPEND_CPPFLAGS(-I${with_ldap}/include) with_ldap=yes fi SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo" LDAP="" - AC_MSG_CHECKING([for LDAP libraries]) - LDAP_LIBS="" _LIBS="$LIBS" + LDAP_LIBS="" + IBMLDAP_EXTRA="" found=no - for l in -lldap -llber '-lssl -lcrypto'; do - LIBS="${LIBS} $l" - LDAP_LIBS="${LDAP_LIBS} $l" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include - #include - #include ]], [[(void)ldap_init(0, 0)]])], [found=yes; break]) - done + # On HP-UX, libibmldap has a hidden dependency on libCsup + case "$host_os" in + hpux*) AC_CHECK_LIB(Csup, main, [IBMLDAP_EXTRA=" -lCsup"]);; + esac + AC_SEARCH_LIBS(ldap_init, "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}", [ + test "$ac_res" != "none required" && LDAP_LIBS="$ac_res" + found=yes + ]) + # If nothing linked, try -lldap and hope for the best if test "$found" = "no"; then - LDAP_LIBS="" - LIBS="$_LIBS" - for l in -libmldap -lidsldif; do - LIBS="${LIBS} $l" - LDAP_LIBS="${LDAP_LIBS} $l" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include - #include - #include ]], [[(void)ldap_init(0, 0)]])], [found=yes; break]) - done - fi - dnl if nothing linked just try with -lldap - if test "$found" = "no"; then - LIBS="${_LIBS} -lldap" LDAP_LIBS="-lldap" - AC_MSG_RESULT([not found, using -lldap]) - else - AC_MSG_RESULT([$LDAP_LIBS]) fi + LIBS="${_LIBS} ${LDAP_LIBS}" dnl check if we need to link with -llber for ber_set_option OLIBS="$LIBS" AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no]) @@ -3045,9 +3261,12 @@ if test ${with_ldap-'no'} != "no"; then AC_MSG_RESULT([yes]) AC_DEFINE(HAVE_LBER_H)]) - AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break]) + AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [ + AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s) + break + ]) AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include ]) - AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np) + AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np) AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break]) if test X"$check_gss_krb5_ccache_name" = X"yes"; then @@ -3079,7 +3298,7 @@ if test ${with_ldap-'no'} != "no"; then SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}" LIBS="$_LIBS" - LDFLAGS="$_LDFLAGS" + LDFLAGS="$O_LDFLAGS" fi # @@ -3089,12 +3308,12 @@ fi case "$lt_cv_dlopen" in dlopen) AC_DEFINE(HAVE_DLOPEN) - SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo" + SUDO_OBJS="$SUDO_OBJS locale_stub.o" LT_STATIC="--tag=disable-static" ;; shl_load) AC_DEFINE(HAVE_SHL_LOAD) - SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo" + SUDO_OBJS="$SUDO_OBJS locale_stub.o" LT_STATIC="--tag=disable-static" AC_LIBOBJ(dlopen) ;; @@ -3119,30 +3338,19 @@ if test X"$LIBDL" != X""; then SUDOERS_LIBS="${SUDOERS_LIBS} $LIBDL" fi -# On HP-UX, you cannot dlopen() a shared object that uses pthreads -# unless the main program is linked against -lpthread. Since we -# have no knowledge what libraries a plugin may depend on, we always -# link against -lpthread on HP-UX if it is available. +# On HP-UX, you cannot dlopen() a shared object that uses pthreads unless +# the main program is linked against -lpthread. We have no knowledge of +# what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads) +# so always link against -lpthread on HP-UX if it is available. # This check should go after all other libraries tests. -case "$host" in - *-*-hpux*) +case "$host_os" in + hpux*) AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"]) + OSDEFS="${OSDEFS} -D_REENTRANT" ;; esac dnl -dnl Add $blibpath to SUDOERS_LDFLAGS if specified by the user or if we -dnl added -L dirpaths to SUDOERS_LDFLAGS. -dnl -if test -n "$blibpath"; then - if test -n "$blibpath_add"; then - SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}" - elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then - SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}" - fi -fi - -dnl dnl Check for log file, timestamp and iolog locations dnl if test "$utmp_style" = "LEGACY"; then @@ -3153,6 +3361,216 @@ SUDO_TIMEDIR SUDO_IO_LOGDIR dnl +dnl Turn warnings into errors. +dnl All compiler/loader tests after this point will fail if +dnl a warning is displayed (nornally, warnings are not fata). +dnl +AC_LANG_WERROR + +dnl +dnl If compiler supports the -static-libgcc flag use it unless we have +dnl GNU ld (which can avoid linking in libgcc when it is not needed). +dnl This test relies on AC_LANG_WERROR +dnl +if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes" -a -n "$GCC"; then + AX_CHECK_COMPILE_FLAG([-static-libgcc], [LT_LDFLAGS="$LT_LDFLAGS -Wc,-static-libgcc"]) +fi + +dnl +dnl Check for symbol visibility support. +dnl This test relies on AC_LANG_WERROR +dnl +if test -n "$GCC"; then + AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [ + AC_DEFINE(HAVE_DSO_VISIBILITY) + CFLAGS="${CFLAGS} -fvisibility=hidden" + LT_LDEXPORTS= + LT_LDDEP= + NO_VIZ= + ]) +else + case "$host_os" in + hpux*) + AX_CHECK_COMPILE_FLAG([-Bhidden_def], [ + AC_DEFINE(HAVE_DSO_VISIBILITY) + CFLAGS="${CFLAGS} -Bhidden_def" + LT_LDEXPORTS= + LT_LDDEP= + ]) + ;; + solaris2*) + AX_CHECK_COMPILE_FLAG([-xldscope=hidden], [ + AC_DEFINE(HAVE_DSO_VISIBILITY) + CFLAGS="${CFLAGS} -xldscope=hidden" + LT_LDEXPORTS= + LT_LDDEP= + ]) + ;; + esac +fi + +dnl +dnl If the compiler doesn't have symbol visibility support, it may +dnl support version scripts (only GNU and Solaris ld). +dnl This test relies on AC_LANG_WERROR +dnl +if test -n "$LT_LDEXPORTS"; then + if test "$lt_cv_prog_gnu_ld" = "yes"; then + AC_CACHE_CHECK([whether ld supports anonymous map files], + [sudo_cv_var_gnu_ld_anon_map], + [ + sudo_cv_var_gnu_ld_anon_map=no + cat > conftest.map <<-EOF + { + global: foo; + local: *; + }; +EOF + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $lt_prog_compiler_pic" + _LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -fpic -shared -Wl,--version-script,./conftest.map" + AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])], + [sudo_cv_var_gnu_ld_anon_map=yes]) + CFLAGS="$_CFLAGS" + LDFLAGS="$_LDFLAGS" + ] + ) + if test "$sudo_cv_var_gnu_ld_anon_map" = "yes"; then + LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,--version-script,\$(shlib_map)" + fi + else + case "$host_os" in + solaris2*) + AC_CACHE_CHECK([whether ld supports anonymous map files], + [sudo_cv_var_solaris_ld_anon_map], + [ + sudo_cv_var_solaris_ld_anon_map=no + cat > conftest.map <<-EOF + { + global: foo; + local: *; + }; +EOF + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $lt_prog_compiler_pic" + _LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -shared -Wl,-M,./conftest.map" + AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])], + [sudo_cv_var_solaris_ld_anon_map=yes]) + CFLAGS="$_CFLAGS" + LDFLAGS="$_LDFLAGS" + ] + ) + if test "$sudo_cv_var_solaris_ld_anon_map" = "yes"; then + LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,-M,\$(shlib_map)" + fi + ;; + hpux*) + AC_CACHE_CHECK([whether ld supports controlling exported symbols], + [sudo_cv_var_hpux_ld_symbol_export], + [ + sudo_cv_var_hpux_ld_symbol_export=no + echo "+e foo" > conftest.opt + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $lt_prog_compiler_pic" + _LDFLAGS="$LDFLAGS" + if test -n "$GCC"; then + LDFLAGS="$LDFLAGS -shared -Wl,-c,./conftest.opt" + else + LDFLAGS="$LDFLAGS -Wl,-b -Wl,-c,./conftest.opt" + fi + AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])], + [sudo_cv_var_hpux_ld_symbol_export=yes]) + CFLAGS="$_CFLAGS" + LDFLAGS="$_LDFLAGS" + rm -f conftest.opt + ] + ) + if test "$sudo_cv_var_hpux_ld_symbol_export" = "yes"; then + LT_LDEXPORTS=; LT_LDDEP="\$(shlib_opt)"; LT_LDOPT="-Wl,-c,\$(shlib_opt)" + fi + ;; + esac + fi +fi + +dnl +dnl Check for PIE executable support if using gcc. +dnl This test relies on AC_LANG_WERROR +dnl +if test -n "$GCC"; then + if test -z "$enable_pie"; then + case "$host_os" in + linux*) + # Attempt to build with PIE support + enable_pie="maybe" + ;; + esac + fi + if test -n "$enable_pie"; then + if test "$enable_pie" = "no"; then + AX_CHECK_COMPILE_FLAG([-fno-pie], [ + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fno-pie" + AX_CHECK_LINK_FLAG([-nopie], [ + PIE_CFLAGS="-fno-pie" + PIE_LDFLAGS="-nopie" + ]) + CFLAGS="$_CFLAGS" + ]) + else + AX_CHECK_COMPILE_FLAG([-fPIE], [ + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fPIE" + AX_CHECK_LINK_FLAG([-pie], [ + if test "$enable_pie" = "maybe"; then + SUDO_WORKING_PIE([enable_pie=yes], []) + fi + if test "$enable_pie" = "yes"; then + PIE_CFLAGS="-fPIE" + PIE_LDFLAGS="-Wc,-fPIE -pie" + fi + ]) + CFLAGS="$_CFLAGS" + ]) + fi + fi +fi +if test "$enable_pie" != "yes"; then + # Solaris 11.1 and higher supports tagging binaries to use ASLR + case "$host_os" in + solaris2.1[[1-9]]|solaris2.[[2-9]][[0-9]]) + AX_CHECK_LINK_FLAG([-Wl,-z,aslr], [PIE_LDFLAGS="${PIE_LDFLAGS}${PIE_LDFLAGS+ }-Wl,-z,aslr"]) + ;; + esac +fi + +dnl +dnl Check for -fstack-protector and -z relro support +dnl This test relies on AC_LANG_WERROR +dnl +if test "$enable_hardening" != "no"; then + if test -n "$GCC"; then + AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [ + AX_CHECK_LINK_FLAG([-fstack-protector-all], [ + SSP_CFLAGS="-fstack-protector-all" + SSP_LDFLAGS="-Wc,-fstack-protector-all" + ]) + ]) + if test -z "$SSP_CFLAGS"; then + AX_CHECK_COMPILE_FLAG([-fstack-protector], [ + AX_CHECK_LINK_FLAG([-fstack-protector], [ + SSP_CFLAGS="-fstack-protector" + SSP_LDFLAGS="-Wc,-fstack-protector" + ]) + ]) + fi + fi + AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"]) +fi + +dnl dnl Use passwd auth module? dnl case "$with_passwd" in @@ -3186,6 +3604,11 @@ if test -n "$LIBS"; then fi dnl +dnl OS-specific initialization +dnl +AC_DEFINE_UNQUOTED(os_init, $OS_INIT, [Define to an OS-specific initialization function or `os_init_common'.]) + +dnl dnl We add -Wall and -Werror after all tests so they don't cause failures dnl if test -n "$GCC"; then @@ -3198,6 +3621,11 @@ if test -n "$GCC"; then fi dnl +dnl Skip regress tests and sudoers sanity check if cross compiling. +dnl +CROSS_COMPILING="$cross_compiling" + +dnl dnl Set exec_prefix dnl test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)' @@ -3206,7 +3634,7 @@ dnl dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set dnl XXX - this is gross! dnl -if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then +if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no" -o "$enabled_shared" != X"no"; then oexec_prefix="$exec_prefix" if test "$exec_prefix" = '$(prefix)'; then if test "$prefix" = "NONE"; then @@ -3228,26 +3656,44 @@ if test X"$with_noexec" != X"no" -o X"$with_selinux" ! SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) fi if test X"$with_selinux" != X"no"; then - sesh_file="$libexecdir/sesh" + sesh_file="$libexecdir/sudo/sesh" _sesh_file= while test X"$sesh_file" != X"$_sesh_file"; do _sesh_file="$sesh_file" eval sesh_file="$_sesh_file" done - SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh]) + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file") fi - PLUGINDIR="$with_plugindir" - _PLUGINDIR= - while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do - _PLUGINDIR="$PLUGINDIR" - eval PLUGINDIR="$_PLUGINDIR" - done - SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/") - SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers${SOEXT}") + if test X"$enable_shared" != X"no"; then + PLUGINDIR="$with_plugindir" + _PLUGINDIR= + while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do + _PLUGINDIR="$PLUGINDIR" + eval PLUGINDIR="$_PLUGINDIR" + done + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/") + SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers.so") + fi exec_prefix="$oexec_prefix" fi +if test X"$with_selinux" = X"no"; then + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, NULL) +fi dnl +dnl Add -R options to LDFLAGS, etc. +dnl +if test X"$LDFLAGS_R" != X""; then + LDFLAGS="$LDFLAGS $LDFLAGS_R" +fi +if test X"$SUDOERS_LDFLAGS_R" != X""; then + SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS $SUDOERS_LDFLAGS_R" +fi +if test X"$ZLIB_R" != X""; then + ZLIB="$ZLIB_R $ZLIB" +fi + +dnl dnl Override default configure dirs for the Makefile dnl if test X"$prefix" = X"NONE"; then @@ -3261,27 +3707,28 @@ test "$libexecdir" = '${exec_prefix}/libexec' && libex test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include' test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share' test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' +test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' +test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' dnl dnl Substitute into the Makefile and man pages dnl -dnl AC_CONFIG_FILES([doc/sudo.man doc/visudo.man doc/sudoers.man doc/sudoers.ldap.man doc/sudoreplay.man src/Makefile src/sudo_usage.h]) -AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) +AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) AC_OUTPUT dnl dnl Spew any text the user needs to know about dnl if test "$with_pam" = "yes"; then - case $host in - *-*-hpux*) + case $host_os in + hpux*) if test -f /usr/lib/security/libpam_hpsec.so.1; then AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf]) AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login]) fi ;; - *-*-linux*) + linux*) AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo]) ;; esac @@ -3313,25 +3760,27 @@ AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.]) AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.]) AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.]) -AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)]) -AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)]) -AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)]) -AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)]) -AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)]) +AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords).]) +AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords).]) +AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords).]) +AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords).]) +AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords).]) AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.]) AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.]) -AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)]) -AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)]) +AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled).]) +AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled).]) AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.]) AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.]) AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.]) AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.]) AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.]) -AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs . (OpenLDAP does not)]) +AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs . (OpenLDAP does not).]) AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.]) AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the header file.]) AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.]) +AH_TEMPLATE(HAVE_SSSD, [Define to 1 to enable SSSD support.]) AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.]) +AH_TEMPLATE(HAVE_OPTRESET, [Define to 1 if you have the `optreset' symbol.]) AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.]) AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.]) AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the header file.]) @@ -3341,18 +3790,18 @@ AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.]) AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) -AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments]) -AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union]) -AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member]) -AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member]) +AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments.]) +AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union.]) +AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member.]) +AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member.]) AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.]) AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.]) -AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements]) +AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements.]) AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.]) AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.]) AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.]) AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.]) -AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support]) +AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support.]) AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.]) AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.]) AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.]) @@ -3375,11 +3824,19 @@ AH_TEMPLATE(socklen_t, [Define to `unsigned int' if