1 dnl Process this file with autoconf to produce a configure script.
3 AC_CONFIG_SRCDIR([conf/pam_conv1/pam_conv_y.y])
4 AM_INIT_AUTOMAKE("Linux-PAM", 1.1.1)
6 AC_CONFIG_HEADERS([config.h])
7 AC_CONFIG_MACRO_DIR([m4])
14 dnl By default, everything under PAM is installed below /usr.
16 AC_PREFIX_DEFAULT(/usr)
18 dnl and some hacks to use /etc and /lib
19 test "${prefix}" = "NONE" && prefix="/usr"
20 if test ${prefix} = '/usr'
22 dnl If we use /usr as prefix, use /etc for config files
23 if test ${sysconfdir} = '${prefix}/etc'
27 if test ${libdir} = '${exec_prefix}/lib'
30 x86_64|ppc64|s390x|sparc64)
36 if test ${sbindir} = '${exec_prefix}/sbin'
40 dnl If we use /usr as prefix, use /usr/share/man for manual pages
41 if test ${mandir} = '${prefix}/man'
43 mandir='${prefix}/share/man'
45 dnl Add security to include directory
46 if test ${includedir} = '${prefix}/include'
48 includedir="${prefix}/include/security"
51 dnl Add /var directory
52 if test ${localstatedir} = '${prefix}/var'
60 dnl check if we should link everything static into libpam
62 AC_ARG_ENABLE(static-modules,AS_HELP_STRING([--enable-static-modules],
63 [do not make the modules dynamically loadable]),
64 STATIC_MODULES=$enableval,STATIC_MODULES=no)
65 if test "$STATIC_MODULES" != "no" ; then
66 CFLAGS="$CFLAGS -DPAM_STATIC"
67 AC_ENABLE_STATIC([yes])
68 AC_ENABLE_SHARED([no])
70 # per default don't build static libraries
71 AC_ENABLE_STATIC([no])
72 AC_ENABLE_SHARED([yes])
74 AM_CONDITIONAL([STATIC_MODULES], [test "$STATIC_MODULES" != "no"])
76 dnl Checks for programs.
77 AC_USE_SYSTEM_EXTENSIONS
92 dnl icc claims to be GCC compatible, but use other flags for warnings
93 if eval "test x$GCC = xyes -a $CC != icc"; then
100 -Wmissing-declarations \
101 -Wmissing-prototypes \
104 -Wstrict-prototypes \
109 JAPHAR_GREP_CFLAGS($flag, [ CFLAGS="$CFLAGS $flag" ])
112 dnl icc has special warning flags
113 if eval "test x$CC = xicc"; then
116 -Wmissing-prototypes \
119 -Wstrict-prototypes \
127 JAPHAR_GREP_CFLAGS($flag, [ CFLAGS="$CFLAGS $flag" ])
134 dnl Check if --version-script is supported by ld
136 AC_CACHE_CHECK(for .symver assembler directive, libc_cv_asm_symver_directive,
137 [cat > conftest.s <<EOF
140 .symver _sym,sym@VERS
142 if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
143 libc_cv_asm_symver_directive=yes
145 libc_cv_asm_symver_directive=no
148 AC_CACHE_CHECK(for ld --version-script, libc_cv_ld_version_script_option, [dnl
149 if test $libc_cv_asm_symver_directive = yes; then
150 cat > conftest.s <<EOF
153 .symver _sym,sym@VERS
155 cat > conftest.map <<EOF
164 if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD;
166 if AC_TRY_COMMAND([${CC-cc} $CFLAGS $LDFLAGS -shared
167 -o conftest.so conftest.o
168 -nostartfiles -nostdlib
169 -Wl,--version-script,conftest.map
170 1>&AS_MESSAGE_LOG_FD]);
172 libc_cv_ld_version_script_option=yes
174 libc_cv_ld_version_script_option=no
177 libc_cv_ld_version_script_option=no
180 libc_cv_ld_version_script_option=no
183 AM_CONDITIONAL([HAVE_VERSIONING],
184 [test "$libc_cv_ld_version_script_option" = "yes"])
187 dnl check for -fPIE/-pie support
189 dnl icc handles -fpie as -fp without error, so blacklist icc
191 AC_ARG_ENABLE(pie,AS_HELP_STRING([--disable-pie],
192 [disable position-independent executeables (PIE)]),
193 USE_PIE=$enableval, USE_PIE=yes)
195 AC_CACHE_CHECK(for -fpie, libc_cv_fpie, [dnl
196 cat > conftest.c <<EOF
200 if test "$USE_PIE" = "yes" -a "$CC" != "icc" &&
201 AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -pie -fpie
202 -o conftest conftest.c 1>&AS_MESSAGE_LOG_FD])
213 AC_SUBST(libc_cv_fpie)
215 AC_SUBST(PIE_LDFLAGS)
219 dnl options and defaults
222 AC_ARG_ENABLE([prelude],
223 AS_HELP_STRING([--disable-prelude],[do not use prelude]),
224 WITH_PRELUDE=$enableval, WITH_PRELUDE=yes)
225 if test "$WITH_PRELUDE" == "yes" ; then
226 AM_PATH_LIBPRELUDE([0.9.0])
227 if test "$LIBPRELUDE_CONFIG" != "no" ; then
228 LIBPRELUDE_CFLAGS="$LIBPRELUDE_CFLAGS -DPRELUDE=1"
232 dnl lots of debugging information goes to /var/run/pam-debug.log
233 AC_ARG_ENABLE([debug],
234 AS_HELP_STRING([--enable-debug],[specify you are building with debugging on]))
236 if test x"$enable_debug" = x"yes" ; then
237 AC_DEFINE([PAM_DEBUG],,
238 [lots of stuff gets written to /var/run/pam-debug.log])
241 AC_ARG_ENABLE(securedir,
242 AS_HELP_STRING([--enable-securedir=DIR],[path to location of PAMs @<:@default=$libdir/security@:>@]),
243 SECUREDIR=$enableval, SECUREDIR=$libdir/security)
246 AC_ARG_ENABLE([isadir],
247 AS_HELP_STRING([--enable-isadir=DIR],[path to arch-specific module files @<:@default=../../(basename of $libdir)/security@:>@]),
249 ISA=../../`basename $libdir`/security)
251 AC_DEFINE_UNQUOTED(_PAM_ISA,"$ISA",[Define to the path, relative to SECUREDIR, where PAMs specific to this architecture can be found.])
252 AC_MSG_RESULT([Defining \$ISA to "$ISA"])
254 AC_ARG_ENABLE(sconfigdir,
255 AS_HELP_STRING([--enable-sconfigdir=DIR],[path to module conf files @<:@default=$sysconfdir/security@:>@]),
256 SCONFIGDIR=$enableval, SCONFIGDIR=$sysconfdir/security)
259 AC_ARG_ENABLE(pamlocking,
260 AS_HELP_STRING([--enable-pamlocking],[configure libpam to observe a global authentication lock]))
262 if test x"$enable_pamlocking" = "xyes"; then
263 AC_DEFINE([PAM_LOCKING],,
264 [libpam should observe a global authentication lock])
267 AC_ARG_ENABLE(read-both-confs,
268 AS_HELP_STRING([--enable-read-both-confs],[read both /etc/pam.d and /etc/pam.conf files]))
270 if test x"$enable_read_both_confs" = "xyes"; then
271 AC_DEFINE([PAM_READ_BOTH_CONFS],,
272 [read both /etc/pam.d and /etc/pam.conf files])
275 AC_ARG_ENABLE([lckpwdf],
276 AS_HELP_STRING([--disable-lckpwdf],[do not use the lckpwdf function]),
277 WITH_LCKPWDF=$enableval, WITH_LCKPWDF=yes)
278 if test "$WITH_LCKPWDF" == "yes" ; then
279 AC_DEFINE([USE_LCKPWDF], 1,
280 [Define to 1 if the lckpwdf function should be used])
283 AC_CHECK_HEADERS(paths.h)
284 AC_ARG_WITH(mailspool,
285 [ --with-mailspool path to mail spool directory
286 [default _PATH_MAILDIR if defined in paths.h, otherwise /var/spool/mail]],
287 with_mailspool=${withval})
288 if test x$with_mailspool != x ; then
289 pam_mail_spool="\"$with_mailspool\""
291 AC_RUN_IFELSE([AC_LANG_SOURCE([[
299 }]])],[pam_mail_spool="_PATH_MAILDIR"],[pam_mail_spool="\"/var/spool/mail\""],[pam_mail_spool="\"/var/spool/mail\""])
301 AC_DEFINE_UNQUOTED(PAM_PATH_MAILDIR, $pam_mail_spool,
302 [Path where mails are stored])
305 [ --with-xauth additional path to check for xauth when it is called from pam_xauth
306 [added to the default of /usr/X11R6/bin/xauth, /usr/bin/xauth, /usr/bin/X11/xauth]],
307 pam_xauth_path=${withval})
308 if test x$with_xauth == x ; then
309 AC_PATH_PROG(pam_xauth_path, xauth)
310 dnl There is no sense in adding the first default path
311 if test x$pam_xauth_path == x/usr/X11R6/bin/xauth ; then
316 if test x$pam_xauth_path != x ; then
317 AC_DEFINE_UNQUOTED(PAM_PATH_XAUTH, "$pam_xauth_path",
318 [Additional path of xauth executable])
321 dnl Checks for the existence of libdl - on BSD and Tru64 its part of libc
322 AC_CHECK_LIB([dl], [dlopen], LIBDL="-ldl", LIBDL="")
326 AC_ARG_ENABLE([cracklib],
327 AS_HELP_STRING([--disable-cracklib],[do not use cracklib]),
328 WITH_CRACKLIB=$enableval, WITH_CRACKLIB=yes)
329 if test x"$WITH_CRACKLIB" != xno ; then
330 AC_CHECK_HEADERS([crack.h],
331 AC_CHECK_LIB([crack], [FascistCheck], LIBCRACK="-lcrack", LIBCRACK=""))
336 AM_CONDITIONAL([HAVE_LIBCRACK], [test ! -z "$LIBCRACK"])
338 dnl Look for Linux Auditing library - see documentation
339 AC_ARG_ENABLE([audit],
340 AS_HELP_STRING([--disable-audit],[do not enable audit support]),
341 WITH_LIBAUDIT=$enableval, WITH_LIBAUDIT=yes)
342 if test x"$WITH_LIBAUDIT" != xno ; then
343 AC_CHECK_HEADER([libaudit.h],
344 [AC_CHECK_LIB(audit, audit_log_acct_message, LIBAUDIT=-laudit, LIBAUDIT="")
345 AC_CHECK_TYPE([struct audit_tty_status],
346 [HAVE_AUDIT_TTY_STATUS=yes],
347 [HAVE_AUDIT_TTY_STATUS=""],
348 [#include <libaudit.h>])]
350 if test ! -z "$LIBAUDIT" -a "$ac_cv_header_libaudit_h" != "no" ; then
351 AC_DEFINE([HAVE_LIBAUDIT], 1, [Define to 1 if audit support should be compiled in.])
353 if test ! -z "$HAVE_AUDIT_TTY_STATUS" ; then
354 AC_DEFINE([HAVE_AUDIT_TTY_STATUS], 1, [Define to 1 if struct audit_tty_status exists.])
360 AM_CONDITIONAL([HAVE_AUDIT_TTY_STATUS],
361 [test "x$HAVE_AUDIT_TTY_STATUS" = xyes])
363 AC_CHECK_HEADERS(xcrypt.h crypt.h)
364 AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"],
365 [crypt_libs="xcrypt crypt"],
366 [crypt_libs="crypt"])
369 AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="-l$ac_lib", LIBCRYPT="")
370 AC_CHECK_FUNCS(crypt_r crypt_gensalt_r)
373 if test "$LIBCRYPT" = "-lxcrypt" -a "$ac_cv_header_xcrypt_h" = "yes" ; then
374 AC_DEFINE([HAVE_LIBXCRYPT], 1, [Define to 1 if xcrypt support should be compiled in.])
377 AC_ARG_WITH([randomdev], AS_HELP_STRING([--with-randomdev=(<path>|yes|no)],[use specified random device instead of /dev/urandom or 'no' to disable]), opt_randomdev=$withval)
378 if test "$opt_randomdev" = yes -o -z "$opt_randomdev"; then
379 opt_randomdev="/dev/urandom"
380 elif test "$opt_randomdev" = no; then
383 if test -n "$opt_randomdev"; then
384 AC_DEFINE_UNQUOTED(PAM_PATH_RANDOMDEV, "$opt_randomdev", [Random device path.])
387 dnl check for libdb or libndbm as fallback. Some libndbm compat
388 dnl libraries are unuseable, so try libdb first.
390 AS_HELP_STRING([--enable-db=(db|ndbm|yes|no)],[Default behavior 'yes', which is to check for libdb first, followed by ndbm. Use 'no' to disable db support.]),
391 WITH_DB=$enableval, WITH_DB=yes)
392 AC_ARG_WITH([db-uniquename],
393 AS_HELP_STRING([--with-db-uniquename=extension],[Unique name for db libraries and functions.]))
394 if test x"$WITH_DB" != xno ; then
395 if test x"$WITH_DB" = xyes -o x"$WITH_DB" = xdb ; then
396 AC_CHECK_LIB([db$with_db_uniquename], [db_create$with_db_uniquename], LIBDB="-ldb$with_db_uniquename", LIBDB="")
397 if test -z "$LIBDB" ; then
398 AC_CHECK_LIB([db$with_db_uniquename], [dbm_store$with_db_uniquename], LIBDB="-ldb$with_db_uniquename", LIBDB="")
401 if test -z "$LIBDB" ; then
402 AC_CHECK_LIB([ndbm],[dbm_store], LIBDB="-lndbm", LIBDB="")
403 if test ! -z "$LIBDB" ; then
404 AC_CHECK_HEADERS(ndbm.h)
407 AC_CHECK_HEADERS(db.h)
411 AM_CONDITIONAL([HAVE_LIBDB], [test ! -z "$LIBDB"])
413 AC_CHECK_LIB([nsl],[yp_get_default_domain], LIBNSL="-lnsl", LIBNSL="")
416 AC_CHECK_FUNCS(yp_get_default_domain getdomainname innetgr yperr_string yp_master yp_bind yp_match yp_unbind)
420 AC_ARG_ENABLE([selinux],
421 AS_HELP_STRING([--disable-selinux],[do not use SELinux]),
422 WITH_SELINUX=$enableval, WITH_SELINUX=yes)
423 if test "$WITH_SELINUX" == "yes" ; then
424 AC_CHECK_LIB([selinux],[getfilecon], LIBSELINUX="-lselinux", LIBSELINUX="")
429 AM_CONDITIONAL([HAVE_LIBSELINUX], [test ! -z "$LIBSELINUX"])
430 if test ! -z "$LIBSELINUX" ; then
431 AC_DEFINE([WITH_SELINUX], 1, [Defined if SE Linux support is compiled in])
433 LIBS="$LIBS $LIBSELINUX"
434 AC_CHECK_FUNCS(setkeycreatecon)
435 AC_CHECK_FUNCS(getseuser)
439 dnl Checks for header files.
443 AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h)
445 dnl For module/pam_lastlog
446 AC_CHECK_HEADERS(lastlog.h utmp.h utmpx.h)
448 dnl Checks for typedefs, structures, and compiler characteristics.
458 dnl Checks for library functions.
460 AC_PROG_GCC_TRADITIONAL
463 AC_CHECK_FUNCS(fseeko gethostname gettimeofday lckpwdf mkdir select)
464 AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
465 AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
466 AC_CHECK_FUNCS(getgrouplist getline getdelim)
467 AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af)
469 AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no])
470 AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes])
472 AC_ARG_ENABLE([regenerate-docu],
473 AC_HELP_STRING([--disable-regenerate-docu], [Don't re-build documentation from XML souces]),
474 [enable_docu=$enableval], [enable_docu=yes])
476 dnl Check for xsltproc
478 AC_PATH_PROG([XSLTPROC], [xsltproc])
479 if test -z "$XSLTPROC"; then
482 AC_PATH_PROG([XMLLINT], [xmllint],[/bin/true])
483 dnl check for DocBook DTD and stylesheets in the local catalog.
484 JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.4//EN],
485 [DocBook XML DTD V4.4], [], enable_docu=no)
486 JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
487 [DocBook XSL Stylesheets], [], enable_docu=no)
489 AC_PATH_PROG([BROWSER], [w3m])
490 if test ! -z "$BROWSER"; then
491 BROWSER="$BROWSER -T text/html -dump"
496 AC_PATH_PROG([FO2PDF], [fop])
498 AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test x$enable_docu != xno)
499 AM_CONDITIONAL(ENABLE_GENERATE_PDF, test ! -z "$FO2PDF")
502 AM_GNU_GETTEXT_VERSION([0.15])
503 AM_GNU_GETTEXT([external])
504 AC_CHECK_FUNCS(dngettext)
506 AH_BOTTOM([#ifdef ENABLE_NLS
508 #define _(msgid) dgettext(PACKAGE, msgid)
509 #define N_(msgid) msgid
511 #define _(msgid) (msgid)
512 #define N_(msgid) msgid
513 #endif /* ENABLE_NLS */])
516 dnl Check for the availability of the kernel key management facility
517 dnl - The pam_keyinit module only requires the syscalls, not the error codes
519 AC_CHECK_DECL(__NR_keyctl, [have_key_syscalls=1],[have_key_syscalls=0],[#include <sys/syscall.h>])
520 AC_CHECK_DECL(ENOKEY, [have_key_errors=1],[have_key_errors=0],[#include <errno.h>])
522 HAVE_KEY_MANAGEMENT=0
523 if test $have_key_syscalls$have_key_errors = 11
525 HAVE_KEY_MANAGEMENT=1
528 if test $HAVE_KEY_MANAGEMENT = 1; then
529 AC_DEFINE([HAVE_KEY_MANAGEMENT], 1,
530 [Defined if the kernel key management facility is available])
532 AC_SUBST([HAVE_KEY_MANAGEMENT], $HAVE_KEY_MANAGEMENT)
534 AM_CONDITIONAL([HAVE_KEY_MANAGEMENT], [test "$have_key_syscalls" = 1])
536 dnl Files to be created from when we run configure
537 AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile \
538 libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \
541 modules/pam_access/Makefile modules/pam_cracklib/Makefile \
542 modules/pam_debug/Makefile modules/pam_deny/Makefile \
543 modules/pam_echo/Makefile modules/pam_env/Makefile \
544 modules/pam_faildelay/Makefile \
545 modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \
546 modules/pam_ftp/Makefile modules/pam_group/Makefile \
547 modules/pam_issue/Makefile modules/pam_keyinit/Makefile \
548 modules/pam_lastlog/Makefile modules/pam_limits/Makefile \
549 modules/pam_listfile/Makefile modules/pam_localuser/Makefile \
550 modules/pam_loginuid/Makefile modules/pam_mail/Makefile \
551 modules/pam_mkhomedir/Makefile modules/pam_motd/Makefile \
552 modules/pam_namespace/Makefile \
553 modules/pam_nologin/Makefile modules/pam_permit/Makefile \
554 modules/pam_pwhistory/Makefile modules/pam_rhosts/Makefile \
555 modules/pam_rootok/Makefile modules/pam_exec/Makefile \
556 modules/pam_securetty/Makefile modules/pam_selinux/Makefile \
557 modules/pam_sepermit/Makefile \
558 modules/pam_shells/Makefile modules/pam_stress/Makefile \
559 modules/pam_succeed_if/Makefile modules/pam_tally/Makefile \
560 modules/pam_tally2/Makefile modules/pam_time/Makefile \
561 modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile \
562 modules/pam_umask/Makefile \
563 modules/pam_unix/Makefile modules/pam_userdb/Makefile \
564 modules/pam_warn/Makefile modules/pam_wheel/Makefile \
565 modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile \
566 doc/man/Makefile doc/sag/Makefile doc/adg/Makefile \
567 doc/mwg/Makefile examples/Makefile tests/Makefile \