1 dnl Process this file with autoconf to produce a configure script.
3 AM_INIT_AUTOMAKE(shadow, 4.1.5)
4 AC_CONFIG_HEADERS([config.h])
7 test "$prefix" = "NONE" && prefix="/usr"
8 test "$prefix" = "/usr" && exec_prefix=""
17 dnl Checks for programs.
25 dnl Checks for libraries.
27 dnl Checks for header files.
33 AC_CHECK_HEADERS(errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
34 utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
35 utime.h ulimit.h sys/resource.h gshadow.h lastlog.h \
36 locale.h rpc/key_prot.h netdb.h acl/libacl.h attr/libattr.h \
39 dnl shadow now uses the libc's shadow implementation
40 AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
42 AC_CHECK_FUNCS(l64a fchmod fchown fsync futimes getgroups gethostname getspnam \
43 gettimeofday getusershell getutent initgroups lchown lckpwdf lstat \
44 lutimes memcpy memset setgroups sigaction strchr updwtmp updwtmpx innetgr \
45 getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r getaddrinfo)
48 dnl Checks for typedefs, structures, and compiler characteristics.
55 AC_CHECK_MEMBERS([struct stat.st_rdev])
56 AC_CHECK_MEMBERS([struct stat.st_atim])
57 AC_CHECK_MEMBERS([struct stat.st_atimensec])
58 AC_CHECK_MEMBERS([struct stat.st_mtim])
59 AC_CHECK_MEMBERS([struct stat.st_mtimensec])
63 AC_CHECK_MEMBERS([struct utmp.ut_type,
68 struct utmp.ut_syslen,
70 struct utmp.ut_addr_v6,
73 struct utmp.ut_tv],,,[[#include <utmp.h>]])
74 dnl There are dependencies:
75 dnl If UTMPX has to be used, the utmp structure shall have a ut_id field.
76 if test "$ac_cv_header_utmpx_h" = "yes" &&
77 test "$ac_cv_member_struct_utmp_ut_id" != "yes"; then
78 AC_MSG_ERROR(Systems with UTMPX and no ut_id field in the utmp structure are not supported)
81 AC_CHECK_MEMBERS([struct utmpx.ut_name,
83 struct utmpx.ut_syslen,
85 struct utmpx.ut_addr_v6,
87 struct utmpx.ut_xtime],,,[[#include <utmpx.h>]])
89 if test "$ac_cv_header_lastlog_h" = "yes"; then
90 AC_CACHE_CHECK(for ll_host in struct lastlog,
91 ac_cv_struct_lastlog_ll_host,
92 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <lastlog.h>],
93 [struct lastlog ll; char *cp = ll.ll_host;]
95 [ac_cv_struct_lastlog_ll_host=yes],
96 [ac_cv_struct_lastlog_ll_host=no]
100 if test "$ac_cv_struct_lastlog_ll_host" = "yes"; then
101 AC_DEFINE(HAVE_LL_HOST, 1,
102 [Define if struct lastlog has ll_host])
106 dnl Checks for library functions.
111 AC_REPLACE_FUNCS(mkdir putgrent putpwent putspent rename rmdir)
112 AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
113 AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr)
115 AC_CHECK_FUNC(setpgrp)
117 if test "$ac_cv_header_shadow_h" = "yes"; then
118 AC_CACHE_CHECK(for working shadow group support,
119 ac_cv_libc_shadowgrp,
120 AC_RUN_IFELSE([AC_LANG_SOURCE([
124 struct sgrp *sg = sgetsgent("test:x::");
125 /* NYS libc on Red Hat 3.0.3 has broken shadow group support */
126 return !sg || !sg->sg_adm || !sg->sg_mem;
129 [ac_cv_libc_shadowgrp=yes],
130 [ac_cv_libc_shadowgrp=no],
131 [ac_cv_libc_shadowgrp=no]
135 if test "$ac_cv_libc_shadowgrp" = "yes"; then
136 AC_DEFINE(HAVE_SHADOWGRP, 1, [Have working shadow group support in libc])
140 AC_CACHE_CHECK([location of shared mail directory], shadow_cv_maildir,
141 [for shadow_cv_maildir in /var/mail /var/spool/mail /usr/spool/mail /usr/mail none; do
142 if test -d $shadow_cv_maildir; then
146 if test $shadow_cv_maildir != none; then
147 AC_DEFINE_UNQUOTED(MAIL_SPOOL_DIR, "$shadow_cv_maildir",
148 [Location of system mail spool directory.])
151 AC_CACHE_CHECK([location of user mail file], shadow_cv_mailfile,
152 [for shadow_cv_mailfile in Mailbox mailbox Mail mail .mail none; do
153 if test -f $HOME/$shadow_cv_mailfile; then
157 if test $shadow_cv_mailfile != none; then
158 AC_DEFINE_UNQUOTED(MAIL_SPOOL_FILE, "$shadow_cv_mailfile",
159 [Name of user's mail spool file if stored in user's home directory.])
162 AC_CACHE_CHECK([location of utmp], shadow_cv_utmpdir,
163 [for shadow_cv_utmpdir in /var/run /var/adm /usr/adm /etc none; do
164 if test -f $shadow_cv_utmpdir/utmp; then
168 if test "$shadow_cv_utmpdir" = "none"; then
169 AC_MSG_WARN(utmp file not found)
171 AC_DEFINE_UNQUOTED(_UTMP_FILE, "$shadow_cv_utmpdir/utmp",
172 [Path for utmp file.])
174 AC_CACHE_CHECK([location of faillog/lastlog/wtmp], shadow_cv_logdir,
175 [for shadow_cv_logdir in /var/log /var/adm /usr/adm /etc; do
176 if test -d $shadow_cv_logdir; then
180 AC_DEFINE_UNQUOTED(_WTMP_FILE, "$shadow_cv_logdir/wtmp",
181 [Path for wtmp file.])
182 AC_DEFINE_UNQUOTED(LASTLOG_FILE, "$shadow_cv_logdir/lastlog",
183 [Path for lastlog file.])
184 AC_DEFINE_UNQUOTED(FAILLOG_FILE, "$shadow_cv_logdir/faillog",
185 [Path for faillog file.])
187 AC_CACHE_CHECK([location of the passwd program], shadow_cv_passwd_dir,
188 [if test -f /usr/bin/passwd; then
189 shadow_cv_passwd_dir=/usr/bin
191 shadow_cv_passwd_dir=/bin
193 AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
194 [Path to passwd program.])
196 dnl XXX - quick hack, should disappear before anyone notices :).
197 AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().])
198 AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
199 AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
201 AC_ARG_ENABLE(shadowgrp,
202 [AC_HELP_STRING([--enable-shadowgrp], [enable shadow group support @<:@default=yes@:>@])],
203 [case "${enableval}" in
204 yes) enable_shadowgrp="yes" ;;
205 no) enable_shadowgrp="no" ;;
206 *) AC_MSG_ERROR(bad value ${enableval} for --enable-shadowgrp) ;;
208 [enable_shadowgrp="yes"]
212 [AC_HELP_STRING([--enable-man],
213 [regenerate roff man pages from Docbook @<:@default=no@:>@])],
214 [enable_man="${enableval}"],
218 AC_ARG_ENABLE(account-tools-setuid,
219 [AC_HELP_STRING([--enable-account-tools-setuid],
220 [Install the user and group management tools setuid and authenticate the callers. This requires --with-pam.])],
221 [case "${enableval}" in
222 yes) enable_acct_tools_setuid="yes" ;;
223 no) enable_acct_tools_setuid="no" ;;
224 *) AC_MSG_ERROR(bad value ${enableval} for --enable-account-tools-setuid)
227 [enable_acct_tools_setuid="maybe"]
231 [AC_HELP_STRING([--enable-utmpx],
232 [enable loggin in utmpx / wtmpx @<:@default=no@:>@])],
233 [case "${enableval}" in
234 yes) enable_utmpx="yes" ;;
235 no) enable_utmpx="no" ;;
236 *) AC_MSG_ERROR(bad value ${enableval} for --enable-utmpx) ;;
242 [AC_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
243 [with_audit=$withval], [with_audit=maybe])
245 [AC_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
246 [with_libpam=$withval], [with_libpam=maybe])
248 [AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
249 [with_selinux=$withval], [with_selinux=maybe])
251 [AC_HELP_STRING([--with-acl], [use ACL support @<:@default=yes if found@:>@])],
252 [with_acl=$withval], [with_acl=maybe])
254 [AC_HELP_STRING([--with-attr], [use Extended Attribute support @<:@default=yes if found@:>@])],
255 [with_attr=$withval], [with_attr=maybe])
257 [AC_HELP_STRING([--with-skey], [use S/Key support @<:@default=no@:>@])],
258 [with_skey=$withval], [with_skey=no])
260 [AC_HELP_STRING([--with-tcb], [use tcb support (incomplete) @<:@default=yes if found@:>@])],
261 [with_tcb=$withval], [with_tcb=maybe])
262 AC_ARG_WITH(libcrack,
263 [AC_HELP_STRING([--with-libcrack], [use libcrack @<:@default=no@:>@])],
264 [with_libcrack=$withval], [with_libcrack=no])
265 AC_ARG_WITH(sha-crypt,
266 [AC_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
267 [with_sha_crypt=$withval], [with_sha_crypt=yes])
269 [AC_HELP_STRING([--with-nscd], [enable support for nscd @<:@default=yes@:>@])],
270 [with_nscd=$withval], [with_nscd=yes])
271 AC_ARG_WITH(group-name-max-length,
272 [AC_HELP_STRING([--with-group-name-max-length], [set max group name length @<:@default=16@:>@])],
273 [with_group_name_max_length=$withval], [with_group_name_max_length=yes])
275 if test "$with_group_name_max_length" = "no" ; then
276 with_group_name_max_length=0
277 elif test "$with_group_name_max_length" = "yes" ; then
278 with_group_name_max_length=16
280 AC_DEFINE_UNQUOTED(GROUP_NAME_MAX_LENGTH, $with_group_name_max_length, [max group name length])
281 AC_SUBST(GROUP_NAME_MAX_LENGTH)
282 GROUP_NAME_MAX_LENGTH="$with_group_name_max_length"
284 AM_CONDITIONAL(USE_SHA_CRYPT, test "x$with_sha_crypt" = "xyes")
285 if test "$with_sha_crypt" = "yes"; then
286 AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
289 if test "$with_nscd" = "yes"; then
290 AC_CHECK_FUNC(posix_spawn,
291 [AC_DEFINE(USE_NSCD, 1, [Define to support flushing of nscd caches])],
292 [AC_MSG_ERROR([posix_spawn is needed for nscd support])])
295 dnl Check for some functions in libc first, only if not found check for
296 dnl other libraries. This should prevent linking libnsl if not really
297 dnl needed (Linux glibc, Irix), but still link it if needed (Solaris).
299 AC_SEARCH_LIBS(inet_ntoa, inet)
300 AC_SEARCH_LIBS(socket, socket)
301 AC_SEARCH_LIBS(gethostbyname, nsl)
303 if test "$enable_shadowgrp" = "yes"; then
304 AC_DEFINE(SHADOWGRP, 1, [Define to support the shadow group file.])
306 AM_CONDITIONAL(SHADOWGRP, test "x$enable_shadowgrp" = "xyes")
308 if test "$enable_man" = "yes"; then
310 dnl Check for xsltproc
312 AC_PATH_PROG([XSLTPROC], [xsltproc])
313 if test -z "$XSLTPROC"; then
317 dnl check for DocBook DTD and stylesheets in the local catalog.
318 JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.1.2//EN],
319 [DocBook XML DTD V4.1.2], [], enable_man=no)
320 JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
321 [DocBook XSL Stylesheets >= 1.70.1], [], enable_man=no)
323 AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test "x$enable_man" != "xno")
326 AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
327 [AC_MSG_ERROR([crypt() not found])])
330 if test "$with_acl" != "no"; then
331 AC_CHECK_HEADERS(acl/libacl.h attr/error_context.h, [acl_header="yes"], [acl_header="no"])
332 if test "$acl_header$with_acl" = "noyes" ; then
333 AC_MSG_ERROR([acl/libacl.h or attr/error_context.h is missing])
334 elif test "$acl_header" = "yes" ; then
335 AC_CHECK_LIB(acl, perm_copy_file,
336 [AC_CHECK_LIB(acl, perm_copy_fd,
340 if test "$acl_lib$with_acl" = "noyes" ; then
341 AC_MSG_ERROR([libacl not found])
342 elif test "$acl_lib" = "no" ; then
345 AC_DEFINE(WITH_ACL, 1,
346 [Build shadow with ACL support])
356 if test "$with_attr" != "no"; then
357 AC_CHECK_HEADERS(attr/libattr.h attr/error_context.h, [attr_header="yes"], [attr_header="no"])
358 if test "$attr_header$with_attr" = "noyes" ; then
359 AC_MSG_ERROR([attr/libattr.h or attr/error_context.h is missing])
360 elif test "$attr_header" = "yes" ; then
361 AC_CHECK_LIB(attr, attr_copy_file,
362 [AC_CHECK_LIB(attr, attr_copy_fd,
366 if test "$attr_lib$with_attr" = "noyes" ; then
367 AC_MSG_ERROR([libattr not found])
368 elif test "$attr_lib" = "no" ; then
371 AC_DEFINE(WITH_ATTR, 1,
372 [Build shadow with Extended Attributes support])
382 if test "$with_audit" != "no"; then
383 AC_CHECK_HEADER(libaudit.h, [audit_header="yes"], [audit_header="no"])
384 if test "$audit_header$with_audit" = "noyes" ; then
385 AC_MSG_ERROR([libaudit.h is missing])
386 elif test "$audit_header" = "yes"; then
387 AC_CHECK_DECL(AUDIT_ADD_USER,,[audit_header="no"],[#include <libaudit.h>])
388 AC_CHECK_DECL(AUDIT_DEL_USER,,[audit_header="no"],[#include <libaudit.h>])
389 AC_CHECK_DECL(AUDIT_ADD_GROUP,,[audit_header="no"],[#include <libaudit.h>])
390 AC_CHECK_DECL(AUDIT_DEL_GROUP,,[audit_header="no"],[#include <libaudit.h>])
391 if test "$audit_header$with_audit" = "noyes" ; then
392 AC_MSG_ERROR([AUDIT_ADD_USER AUDIT_DEL_USER AUDIT_ADD_GROUP or AUDIT_DEL_GROUP missing from libaudit.h])
395 if test "$audit_header" = "yes"; then
396 AC_CHECK_LIB(audit, audit_log_acct_message,
397 [audit_lib="yes"], [audit_lib="no"])
398 if test "$audit_lib$with_audit" = "noyes" ; then
399 AC_MSG_ERROR([libaudit not found])
400 elif test "$audit_lib" = "no" ; then
403 AC_DEFINE(WITH_AUDIT, 1,
404 [Define if you want to enable Audit messages])
414 if test "$with_libcrack" = "yes"; then
415 echo "checking cracklib flavour, don't be surprised by the results"
416 AC_CHECK_LIB(crack, FascistCheck,
417 [LIBCRACK=-lcrack AC_DEFINE(HAVE_LIBCRACK, 1, [Defined if you have libcrack.])])
418 AC_CHECK_LIB(crack, FascistHistory,
419 AC_DEFINE(HAVE_LIBCRACK_HIST, 1, [Defined if you have the ts&szs cracklib.]))
420 AC_CHECK_LIB(crack, FascistHistoryPw,
421 AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
425 if test "$with_selinux" != "no"; then
426 AC_CHECK_HEADERS(selinux/selinux.h, [selinux_header="yes"], [selinux_header="no"])
427 if test "$selinux_header$with_selinux" = "noyes" ; then
428 AC_MSG_ERROR([selinux/selinux.h is missing])
429 elif test "$selinux_header" = "yes" ; then
430 AC_CHECK_LIB(selinux, is_selinux_enabled,
431 [selinux_lib="yes"], [selinux_lib="no"])
432 if test "$selinux_lib$with_selinux" = "noyes" ; then
433 AC_MSG_ERROR([libselinux not found])
434 elif test "$selinux_lib" = "no" ; then
437 AC_DEFINE(WITH_SELINUX, 1,
438 [Build shadow with SELinux support])
439 LIBSELINUX="-lselinux"
448 if test "$with_tcb" != "no"; then
449 AC_CHECK_HEADERS(tcb.h, [tcb_header="yes"], [tcb_header="no"])
450 if test "$tcb_header$with_tcb" = "noyes" ; then
451 AC_MSG_ERROR([tcb.h is missing])
452 elif test "$tcb_header" = "yes" ; then
453 AC_CHECK_LIB(tcb, tcb_is_suspect, [tcb_lib="yes"], [tcb_lib="no"])
454 if test "$tcb_lib$with_tcb" = "noyes" ; then
455 AC_MSG_ERROR([libtcb not found])
456 elif test "$tcb_lib" = "no" ; then
459 AC_DEFINE(WITH_TCB, 1, [Build shadow with tcb support (incomplete)])
467 AM_CONDITIONAL(WITH_TCB, test x$with_tcb = xyes)
470 if test "$with_libpam" != "no"; then
471 AC_CHECK_LIB(pam, pam_start,
472 [pam_lib="yes"], [pam_lib="no"])
473 if test "$pam_lib$with_libpam" = "noyes" ; then
474 AC_MSG_ERROR(libpam not found)
478 pam_conv_function="no"
480 AC_CHECK_LIB(pam, openpam_ttyconv,
481 [pam_conv_function="openpam_ttyconv"],
482 AC_CHECK_LIB(pam_misc, misc_conv,
483 [pam_conv_function="misc_conv"; LIBPAM="$LIBPAM -lpam_misc"])
486 if test "$pam_conv_function$with_libpam" = "noyes" ; then
487 AC_MSG_ERROR(PAM conversation function not found)
491 AC_CHECK_HEADERS( [security/openpam.h security/pam_misc.h],
492 [ pam_headers_found=yes ; break ], [],
493 [ #include <security/pam_appl.h> ] )
494 if test "$pam_headers_found$with_libpam" = "noyes" ; then
495 AC_MSG_ERROR(PAM headers not found)
499 if test "$pam_lib$pam_headers_found" = "yesyes" -a "$pam_conv_function" != "no" ; then
506 dnl Now with_libpam is either yes or no
507 if test "$with_libpam" = "yes"; then
508 AC_CHECK_DECLS([PAM_ESTABLISH_CRED,
510 PAM_NEW_AUTHTOK_REQD,
512 [], [], [#include <security/pam_appl.h>])
517 # We do not use AC_CHECK_FUNCS to avoid duplicated definition with
519 AC_CHECK_FUNC(pam_fail_delay, [AC_DEFINE(HAS_PAM_FAIL_DELAY, 1, [Define to 1 if you have the declaration of 'pam_fail_delay'])])
522 AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
523 AC_DEFINE_UNQUOTED(SHADOW_PAM_CONVERSATION, [$pam_conv_function],[PAM converstation to use])
524 AM_CONDITIONAL(USE_PAM, [true])
526 AC_MSG_CHECKING(use login and su access checking if PAM not used)
529 AC_DEFINE(SU_ACCESS, 1, [Define to support /etc/suauth su access control.])
530 AM_CONDITIONAL(USE_PAM, [false])
531 AC_MSG_CHECKING(use login and su access checking if PAM not used)
535 if test "$enable_acct_tools_setuid" != "no"; then
536 if test "$with_libpam" != "yes"; then
537 if test "$enable_acct_tools_setuid" = "yes"; then
538 AC_MSG_ERROR(PAM support is required for --enable-account-tools-setuid)
540 enable_acct_tools_setuid="no"
543 enable_acct_tools_setuid="yes"
545 if test "$enable_acct_tools_setuid" = "yes"; then
546 AC_DEFINE(ACCT_TOOLS_SETUID,
548 [Define if account management tools should be installed setuid and authenticate the callers])
551 AM_CONDITIONAL(ACCT_TOOLS_SETUID, test "x$enable_acct_tools_setuid" = "xyes")
555 if test "$with_skey" = "yes"; then
556 AC_CHECK_LIB(md, MD5Init, [LIBMD=-lmd])
557 AC_CHECK_LIB(skey, skeychallenge, [LIBSKEY=-lskey],
558 [AC_MSG_ERROR([liskey missing. You can download S/Key source code from http://rsync1.it.gentoo.org/gentoo/distfiles/skey-1.1.5.tar.bz2])])
559 AC_DEFINE(SKEY, 1, [Define to support S/Key logins.])
564 skeychallenge((void*)0, (void*)0, (void*)0, 0);
565 ],[AC_DEFINE(SKEY_BSD_STYLE, 1, [Define to support newer BSD S/Key API])])
568 if test "$enable_utmpx" = "yes"; then
569 if test "$ac_cv_header_utmpx_h" != "yes"; then
570 AC_MSG_ERROR([The utmpx.h header file is required for utmpx support.])
574 [Define if utmpx should be used])
577 AC_DEFINE_UNQUOTED(SHELL, ["$SHELL"], [The default shell.])
579 AM_GNU_GETTEXT_VERSION(0.16)
580 AM_GNU_GETTEXT([external], [need-ngettext])
581 AM_CONDITIONAL(USE_NLS, test "x$USE_NLS" = "xyes")
618 echo "shadow will be compiled with the following features:"
620 echo " auditing support: $with_audit"
621 echo " CrackLib support: $with_libcrack"
622 echo " PAM support: $with_libpam"
623 if test "$with_libpam" = "yes"; then
624 echo " suid account management tools: $enable_acct_tools_setuid"
626 echo " SELinux support: $with_selinux"
627 echo " ACL support: $with_acl"
628 echo " Extended Attributes support: $with_attr"
629 echo " tcb support (incomplete): $with_tcb"
630 echo " shadow group support: $enable_shadowgrp"
631 echo " S/Key support: $with_skey"
632 echo " SHA passwords encryption: $with_sha_crypt"
633 echo " nscd support: $with_nscd"