: ${SUDOERS_GID='0'}
DEV="#"
AUTH_OBJS=
+AUTH_REG=
+AUTH_EXCL=
+AUTH_EXCL_DEF=
+AUTH_DEF=passwd
dnl
dnl Other vaiables
[case $with_passwd in
yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
AC_MSG_RESULT($with_passwd)
+ AUTH_DEF=""
+ test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
;;
*) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
;;
[case $with_skey in
no) with_skey=""
;;
- *) if test -n "$with_opie"; then
- AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
- fi
- AC_DEFINE(HAVE_SKEY)
+ *) AC_DEFINE(HAVE_SKEY)
AC_MSG_CHECKING(whether to try S/Key authentication)
AC_MSG_RESULT(yes)
- SUDO_ADD_AUTH([S/Key], [rfc1938.o])
+ AUTH_REG="$AUTH_REG S/Key"
;;
esac])
[case $with_opie in
no) with_opie=""
;;
- *) if test -n "$with_skey"; then
- AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
- fi
- AC_DEFINE(HAVE_OPIE)
+ *) AC_DEFINE(HAVE_OPIE)
AC_MSG_CHECKING(whether to try NRL OPIE authentication)
AC_MSG_RESULT(yes)
- SUDO_ADD_AUTH([NRL OPIE], [rfc1938.o])
+ AUTH_REG="$AUTH_REG NRL_OPIE"
;;
esac])
*) AC_DEFINE(HAVE_SECURID)
AC_MSG_CHECKING(whether to use SecurID for authentication)
AC_MSG_RESULT(yes)
- # AUTH_OBJS updated later
+ AUTH_EXCL="$AUTH_EXCL SecurID"
;;
esac])
*) AC_DEFINE(HAVE_FWTK)
AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
AC_MSG_RESULT(yes)
- SUDO_ADD_AUTH([FWTK AuthSRV], [fwtk.o], [true])
+ AUTH_EXCL="$AUTH_EXCL FWTK"
;;
esac])
no) with_kerb4="";;
*) AC_MSG_CHECKING(whether to try kerberos IV authentication)
AC_MSG_RESULT(yes)
+ AUTH_REG="$AUTH_REG kerb4"
;;
esac])
no) with_kerb5="";;
*) AC_MSG_CHECKING(whether to try Kerberos V authentication)
AC_MSG_RESULT(yes)
+ AUTH_REG="$AUTH_REG kerb5"
;;
esac])
AC_ARG_WITH(aixauth, [ --with-aixauth enable AIX general authentication support],
[case $with_aixauth in
- yes|no) ;;
+ yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
+ no) ;;
*) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
;;
esac])
AC_ARG_WITH(pam, [ --with-pam enable PAM support],
[case $with_pam in
- yes|no) ;;
+ yes) AUTH_EXCL="$AUTH_EXCL PAM";;
+ no) ;;
*) AC_MSG_ERROR(["--with-pam does not take an argument."])
;;
esac])
yes) AC_DEFINE(HAVE_AFS)
AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
AC_MSG_RESULT(yes)
- SUDO_ADD_AUTH([AFS], [afs.o])
+ AUTH_REG="$AUTH_REG AFS"
;;
no) ;;
*) AC_MSG_ERROR(["--with-AFS does not take an argument."])
yes) AC_DEFINE(HAVE_DCE)
AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
AC_MSG_RESULT(yes)
- SUDO_ADD_AUTH([DCE], [dce.o])
+ AUTH_REG="$AUTH_REG DCE"
;;
no) ;;
*) AC_MSG_ERROR(["--with-DCE does not take an argument."])
AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication support],
[case $with_bsdauth in
- yes|no) ;;
+ yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
+ no) ;;
*) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
;;
esac])
OSMAJOR=0
fi
-: ${with_passwd='default'}
case "$host" in
*-*-sunos4*)
# getcwd(3) opens a pipe to getpwd(1)!?!
: ${mansectsu='1m'}
: ${mansectform='4'}
: ${with_rpath='yes'}
- if test "$with_passwd" != "yes"; then
- : ${with_pam='maybe'}
- fi
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
*-*-aix*)
# To get all prototypes (so we pass -Wall)
fi
LDFLAGS="$O_LDFLAGS"
- # check for authenticate(3)
- if test X"$with_aixauth" = X"" -a X"$with_passwd" != X"yes"; then
- AC_CHECK_FUNCS(authenticate, [with_aixauth=maybe])
+ # Use authenticate(3) as the default authentication method
+ if test X"$with_aixauth" = X""; then
+ AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
fi
;;
*-*-hiuxmpp*)
*)
shadow_funcs="getspnam iscomsec"
shadow_libs="-lsec"
- if test "$with_passwd" != "yes"; then
- : ${with_pam='maybe'}
- fi
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
esac
;;
AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
AC_ARG_ENABLE(sia,
- [ --disable-sia Never use SIA on Digital UNIX],
+ [ --disable-sia Disable SIA on Digital UNIX],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
fi
# use SIA by default, if we have it
- if test "$CHECKSIA" = "true" -a "$with_passwd" != "yes"; then
- AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
- if test "$found" = "true"; then
- SUDO_ADD_AUTH([SIA], [sia.o], [true])
- with_passwd=no
- fi
- fi
- if test "$with_passwd" != "no"; then
- # prot.h is included when using shadow passwords
- AC_MSG_CHECKING([for broken prot.h])
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+ test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
+
+ #
+ # Some versions of Digital Unix ship with a broken
+ # copy of prot.h, which we need for shadow passwords.
+ # XXX - make should remove this as part of distclean
+ #
+ AC_MSG_CHECKING([for broken prot.h])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/security.h>
#include <prot.h>
- ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
- sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
- ])
- fi
+ ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
+ sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
+ ])
: ${mansectsu='8'}
: ${mansectform='4'}
;;
# Some Linux versions need to link with -lshadow
shadow_funcs="getspnam"
shadow_libs_optional="-lshadow"
- if test "$with_passwd" != "yes"; then
- : ${with_pam='maybe'}
- fi
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
*-convex-bsd*)
OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
esac
fi
# Check for newer BSD auth API (just check for >= 3.0?)
- if test -z "$with_bsdauth" -a "$with_passwd" != "yes"; then
- AC_CHECK_FUNCS(auth_challenge, [with_bsdauth=maybe])
+ if test -z "$with_bsdauth"; then
+ AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
fi
;;
*-*-freebsd*)
SUDO_LIBS="${SUDO_LIBS} -lmd"
fi
CHECKSHADOW="false"
- if test "$with_passwd" != "yes"; then
- : ${with_pam='maybe'}
- fi
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='maybe'}
;;
*-*-*openbsd*)
SKIP_SETREUID=yes
CHECKSHADOW="false"
# OpenBSD >= 3.0 supports BSD auth
- if test -z "$with_bsdauth" -a "$with_passwd" != "yes"; then
+ if test -z "$with_bsdauth"; then
case "$OSREV" in
[0-2].*)
;;
*)
- with_bsdauth=maybe
+ AUTH_EXCL_DEF="BSD_AUTH"
;;
esac
fi
;;
esac
CHECKSHADOW="false"
- if test "$with_passwd" != "yes"; then
- : ${with_pam='maybe'}
- fi
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='maybe'}
;;
*-*-dragonfly*)
SUDO_LIBS="${SUDO_LIBS} -lmd"
fi
CHECKSHADOW="false"
- : ${with_pam='yes'}
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='yes'}
;;
*-*-*bsd*)
*-*-darwin*)
SKIP_SETREUID=yes
CHECKSHADOW="false"
- : ${with_pam='yes'}
+ test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='yes'}
;;
*-*-nextstep*)
;;
esac
+dnl
+dnl Check for mixing mutually exclusive and regular auth methods
+dnl
+AUTH_REG=${AUTH_REG# }
+AUTH_EXCL=${AUTH_EXCL# }
+if test -n "$AUTH_EXCL"; then
+ set -- $AUTH_EXCL
+ if test $# != 1; then
+ AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
+ fi
+ if test -n "$AUTH_REG"; then
+ AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
+ fi
+fi
+dnl
+dnl Only one of S/Key and OPIE may be specified
+dnl
+if test X"${with_skey}${with_opie}" = X"yesyes"; then
+ AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
+fi
+
dnl
dnl Use BSD-style man sections by default
dnl
AC_LIBOBJ(snprintf)
fi
dnl
-dnl if crypt(3) not in libc, look elsewhere
-dnl
-if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
- AC_CHECK_FUNC(crypt, , [AC_CHECK_LIB(crypt, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt"; LIBS="${LIBS} -lcrypt"], AC_CHECK_LIB(crypt_d, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt_d"; LIBS="${LIBS} -lcrypt_d"], AC_CHECK_LIB(ufc, crypt, [SUDO_LIBS="${SUDO_LIBS} -lufc"; LIBS="${LIBS} -lufc"])))])
-fi
-dnl
dnl If socket(2) not in libc, check -lsocket and -linet
dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
dnl In this case we look for main(), not socket() to avoid using a cached value
fi
AC_MSG_RESULT($sudo_cv___progname)
])
+
+dnl
+dnl Mutually exclusive auth checks come first, followed by
+dnl non-exclusive ones. Note: passwd must be last of all!
+dnl
+
+dnl
+dnl Convert default authentication methods to with_* if
+dnl no explicit authentication scheme was specified.
+dnl
+if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
+ for auth in $AUTH_EXCL_DEF; do
+ case $auth in
+ AIX_AUTH) with_aixauth=maybe;;
+ BSD_AUTH) with_bsdauth=maybe;;
+ PAM) with_pam=maybe;;
+ SIA) CHECKSIA=true;;
+ esac
+ done
+fi
+
+dnl
+dnl PAM support. Systems that use PAM by default set with_pam=default
+dnl and we do the actual tests here.
+dnl
+if test ${with_pam-"no"} != "no"; then
+ dnl
+ dnl Linux may need this
+ dnl
+ AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
+ ac_cv_lib_dl=ac_cv_lib_dl_main
+
+ dnl
+ dnl Some PAM implementations (MacOS X for example) put the PAM headers
+ dnl in /usr/include/pam instead of /usr/include/security...
+ dnl
+ AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
+ if test "$with_pam" = "yes"; then
+ AC_DEFINE(HAVE_PAM)
+ AUTH_OBJS="$AUTH_OBJS pam.o";
+ AUTH_EXCL=PAM
+ fi
+fi
+
+dnl
+dnl AIX general authentication
+dnl If set to "maybe" only enable if no other exclusive method in use.
+dnl
+if test ${with_aixauth-'no'} != "no"; then
+ if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
+ AC_MSG_NOTICE([using AIX general authentication])
+ AC_DEFINE(HAVE_AIXAUTH)
+ AUTH_OBJS="$AUTH_OBJS aix_auth.o";
+ SUDO_LIBS="${SUDO_LIBS} -ls"
+ AUTH_EXCL=AIX_AUTH
+ fi
+fi
+
+dnl
+dnl BSD authentication
+dnl If set to "maybe" only enable if no other exclusive method in use.
+dnl
+if test ${with_bsdauth-'no'} != "no"; then
+ AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
+ [AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
+ [BSDAUTH_USAGE='[[-a auth_type]] ']
+ [AUTH_EXCL=BSD_AUTH],
+ [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
+fi
+
+dnl
+dnl SIA authentication for Tru64 Unix
+dnl
+if test ${CHECKSIA-'false'} = "true"; then
+ AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
+ if test "$found" = "true"; then
+ AUTH_EXCL=SIA
+ AUTH_OBJS="$AUTH_OBJS sia.o"
+ fi
+fi
+
+dnl
+dnl extra FWTK libs + includes
+dnl
+if test ${with_fwtk-'no'} != "no"; then
+ if test "$with_fwtk" != "yes"; then
+ SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
+ CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
+ with_fwtk=yes
+ fi
+ SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
+ AUTH_OBJS="$AUTH_OBJS fwtk.o"
+fi
+
+dnl
+dnl extra SecurID lib + includes
+dnl
+if test ${with_SecurID-'no'} != "no"; then
+ if test "$with_SecurID" != "yes"; then
+ :
+ elif test -d /usr/ace/examples; then
+ with_SecurID=/usr/ace/examples
+ else
+ with_SecurID=/usr/ace
+ fi
+ CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
+ _LDFLAGS="${LDFLAGS}"
+ SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
+ #
+ # Determine whether to use the new or old SecurID API
+ #
+ AC_CHECK_LIB(aceclnt, SD_Init,
+ [
+ AUTH_OBJS="$AUTH_OBJS securid5.o";
+ SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
+ ]
+ [
+ SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
+ ], [
+ AUTH_OBJS="$AUTH_OBJS securid.o";
+ SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
+ ],
+ [
+ -lpthread
+ ]
+ )
+ LDFLAGS="${_LDFLAGS}"
+fi
+
+dnl
+dnl Non-mutually exclusive auth checks come next.
+dnl Note: passwd must be last of all!
+dnl
+
+dnl
+dnl Convert default authentication methods to with_* if
+dnl no explicit authentication scheme was specified.
+dnl
+if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
+ for auth in $AUTH_DEF; do
+ case $auth in
+ passwd) : ${with_passwd='maybe'};;
+ esac
+ done
+fi
+
dnl
dnl Kerberos IV
dnl
-if test -n "$with_kerb4"; then
+if test ${with_kerb4-'no'} != "no"; then
AC_DEFINE(HAVE_KERB4)
dnl
dnl Use the specified directory, if any, else search for correct inc dir
], [$K4LIBS])
LDFLAGS="$O_LDFLAGS"
SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
- SUDO_ADD_AUTH([Kerberos 4], [kerb4.o])
+ AUTH_OBJS="$AUTH_OBJS kerb4.o"
fi
dnl
dnl Kerberos V
dnl There is an easy way and a hard way...
dnl
-if test "$with_kerb5" = "yes"; then
+if test ${with_kerb5-'no'} != "no"; then
AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
if test -n "$KRB5CONFIG"; then
AC_DEFINE(HAVE_KERB5)
- SUDO_ADD_AUTH([Kerberos 5], [kerb5.o])
+ AUTH_OBJS="$AUTH_OBJS kerb5.o"
CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
dnl
)
fi
fi
-if test -n "$with_kerb5" -a -z "$KRB5CONFIG"; then
+if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
AC_DEFINE(HAVE_KERB5)
dnl
dnl Use the specified directory, if any, else search for correct inc dir
SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
])
- SUDO_ADD_AUTH([Kerberos 5], [kerb5.o])
+ AUTH_OBJS="$AUTH_OBJS kerb5.o"
_LIBS="$LIBS"
LIBS="${LIBS} ${SUDO_LIBS}"
AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
dnl
dnl Some systems put login_cap(3) in libutil
dnl
-if test "$with_logincap" = "yes"; then
+if test ${with_logincap-'no'} = "yes"; then
case "$OS" in
freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
;;
esac
fi
-dnl
-dnl PAM support. Systems that might support PAM set with_pam=maybe
-dnl and we do that actual tests here.
-dnl
-if test ${with_pam-'no'} != "no"; then
- dnl
- dnl Linux may need this
- dnl
- AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
- ac_cv_lib_dl=ac_cv_lib_dl_main
-
- dnl
- dnl Some PAM implementations (MacOS X for example) put the PAM headers
- dnl in /usr/include/pam instead of /usr/include/security...
- dnl
- AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
- if test "$with_pam" = "yes"; then
- AC_DEFINE(HAVE_PAM)
- SUDO_ADD_AUTH([PAM], [pam.o], [true])
- with_passwd=no
- fi
-fi
-
-dnl
-dnl AIX general authentication
-dnl If set to "maybe" only enable if no other exclusive method in use.
-dnl
-if test ${with_aixauth-'no'} != "no"; then
- if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
- AC_MSG_NOTICE([using AIX general authentication])
- AC_DEFINE(HAVE_AIXAUTH)
- SUDO_ADD_AUTH([AIX general authentication], [aix_auth.o], [true])
- SUDO_LIBS="${SUDO_LIBS} -ls"
- with_passwd=no
- fi
-fi
-
-dnl
-dnl BSD authentication
-dnl If set to "maybe" only enable if no other exclusive method in use.
-dnl
-if test ${with_bsdauth-'no'} != "no"; then
- if test X"$with_bsdauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
- AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
- [SUDO_ADD_AUTH([BSD authentication], [bsdauth.o], [true])]
- [BSDAUTH_USAGE='[[-a auth_type]] ']
- [with_passwd=no], -)
- fi
-fi
-
-dnl
-dnl Check for shadow password routines if we have not already done so.
-dnl If there is a specific list of functions to check we do that first.
-dnl Otherwise, we check for SVR4-style and then SecureWare-style.
-dnl
-if test "$with_passwd" != "no"; then
- if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
- _LIBS="$LIBS"
- LIBS="$LIBS $shadow_libs"
- found=no
- AC_CHECK_FUNCS($shadow_funcs, [found=yes])
- if test "$found" = "yes"; then
- SUDO_LIBS="$SUDO_LIBS $shadow_libs"
- elif test -n "$shadow_libs_optional"; then
- LIBS="$LIBS $shadow_libs_optional"
- AC_CHECK_FUNCS($shadow_funcs, [found=yes])
- if test "$found" = "yes"; then
- SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
- fi
- fi
- if test "$found" = "yes"; then
- case "$shadow_funcs" in
- *getprpwnam*) SECUREWARE=1;;
- esac
- test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
- else
- LIBS="$_LIBS"
- fi
- CHECKSHADOW=false
- fi
- if test "$CHECKSHADOW" = "true"; then
- AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
- fi
- if test "$CHECKSHADOW" = "true"; then
- AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
- fi
- if test -n "$SECUREWARE"; then
- AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
- SUDO_ADD_AUTH([SecureWare], [secureware.o])
- fi
-fi
-
dnl
dnl extra AFS libs and includes
dnl
-if test "$with_AFS" = "yes"; then
+if test ${with_AFS-'no'} = "yes"; then
# looks like the "standard" place for AFS libs is /usr/afsws/lib
AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
if test -z "$FOUND_AFSLIBDIR"; then
AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
fi
+
+ AUTH_OBJS="$AUTH_OBJS afs.o"
fi
dnl
dnl extra DCE obj + lib
dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
dnl
-if test "$with_DCE" = "yes"; then
+if test ${with_DCE-'no'} = "yes"; then
DCE_OBJS="${DCE_OBJS} dce_pwent.o"
SUDO_LIBS="${SUDO_LIBS} -ldce"
+ AUTH_OBJS="$AUTH_OBJS dce.o"
fi
dnl
dnl extra S/Key lib and includes
dnl
-if test -n "$with_skey"; then
+if test ${with_skey-'no'} = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_skey" != "yes"; then
CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
LDFLAGS="$O_LDFLAGS"
SUDO_LIBS="${SUDO_LIBS} -lskey"
+ AUTH_OBJS="$AUTH_OBJS rfc1938.o"
fi
dnl
dnl extra OPIE lib and includes
dnl
-if test -n "$with_opie"; then
+if test ${with_opie-'no'} = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_opie" != "yes"; then
CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
LDFLAGS="$O_LDFLAGS"
SUDO_LIBS="${SUDO_LIBS} -lopie"
+ AUTH_OBJS="$AUTH_OBJS rfc1938.o"
fi
dnl
-dnl extra SecurID lib + includes
+dnl Check for shadow password routines if we have not already done so.
+dnl If there is a specific list of functions to check we do that first.
+dnl Otherwise, we check for SVR4-style and then SecureWare-style.
dnl
-if test ${with_SecurID-'no'} != "no"; then
- if test "$with_SecurID" != "yes"; then
- :
- elif test -d /usr/ace/examples; then
- with_SecurID=/usr/ace/examples
- else
- with_SecurID=/usr/ace
+if test ${with_passwd-'no'} != "no"; then
+ dnl
+ dnl if crypt(3) not in libc, look elsewhere
+ dnl
+ if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
+ AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
fi
- CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
- _LDFLAGS="${LDFLAGS}"
- SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
- #
- # Determine whether to use the new or old SecurID API
- #
- AC_CHECK_LIB(aceclnt, SD_Init,
- [
- SUDO_ADD_AUTH([SecurID 5], [securid5.o], true)
- SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
- ]
- [
- SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
- ], [
- SUDO_ADD_AUTH([SecurID], [securid.o], true)
- SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
- ],
- [
- -lpthread
- ]
- )
- LDFLAGS="${_LDFLAGS}"
-fi
-dnl
-dnl extra FWTK libs + includes
-dnl
-if test -n "$with_fwtk"; then
- if test "$with_fwtk" != "yes"; then
- SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
- CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
- with_fwtk=yes
+ if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
+ _LIBS="$LIBS"
+ LIBS="$LIBS $shadow_libs"
+ found=no
+ AC_CHECK_FUNCS($shadow_funcs, [found=yes])
+ if test "$found" = "yes"; then
+ SUDO_LIBS="$SUDO_LIBS $shadow_libs"
+ elif test -n "$shadow_libs_optional"; then
+ LIBS="$LIBS $shadow_libs_optional"
+ AC_CHECK_FUNCS($shadow_funcs, [found=yes])
+ if test "$found" = "yes"; then
+ SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
+ fi
+ fi
+ if test "$found" = "yes"; then
+ case "$shadow_funcs" in
+ *getprpwnam*) SECUREWARE=1;;
+ esac
+ test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
+ else
+ LIBS="$_LIBS"
+ fi
+ CHECKSHADOW=false
+ fi
+ if test "$CHECKSHADOW" = "true"; then
+ AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
+ fi
+ if test "$CHECKSHADOW" = "true"; then
+ AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
+ fi
+ if test -n "$SECUREWARE"; then
+ AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
+ AUTH_OBJS="$AUTH_OBJS secureware.o"
fi
- SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
fi
dnl
dnl extra lib and .o file for LDAP support
dnl
-if test -n "$with_ldap"; then
+if test ${with_ldap-'no'} != "no"; then
_LDFLAGS="$LDFLAGS"
if test "$with_ldap" != "yes"; then
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
dnl Use passwd (and secureware) auth modules?
dnl
case "$with_passwd" in
-no)
+yes|maybe)
+ AUTH_OBJS="$AUTH_OBJS passwd.o"
+ ;;
+*)
AC_DEFINE(WITHOUT_PASSWD)
if test -z "$AUTH_OBJS"; then
AC_MSG_ERROR([no authentication methods defined.])
fi
;;
-*)
- AUTH_OBJS="$AUTH_OBJS passwd.o"
- ;;
esac
+AUTH_OBJS=${AUTH_OBJS# }
_AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
projects / sudo / commitdiff