this file instead of /etc/ldap.secret to read the secret password
when rootbinddn is specified in the ldap config file.
+ --disable-sasl
+ Disable SASL authentication for LDAP. By default, sudo
+ will compile in support for SASL authentication if the
+ ldap_sasl_interactive_bind_s() function is present in the
+ LDAP libraries.
+
--with-logincap
This adds support for login classes specified in /etc/login.conf.
It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD and
enable_tmpfiles_d
enable_devsearch
with_selinux
+enable_sasl
enable_gss_krb5_ccache_name
enable_shared
enable_static
--enable-tmpfiles.d=DIR Set the path to the systemd tmpfiles.d directory.
--enable-devsearch=PATH The colon-delimited path to search for device nodes
when determing the tty name.
+ --enable-sasl Enable/disable LDAP SASL support
--enable-gss-krb5-ccache-name
Use GSS-API to set the Kerberos V cred cache name
--enable-shared[=PKGS] build shared libraries [default=yes]
fi
+# Check whether --enable-sasl was given.
+if test "${enable_sasl+set}" = set; then :
+ enableval=$enable_sasl; case "$enableval" in
+ yes|no) ;;
+ *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-sasl: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-sasl: $enableval" >&2;}
+ ;;
+ esac
+
+fi
+
+
# Check whether --enable-gss_krb5_ccache_name was given.
if test "${enable_gss_krb5_ccache_name+set}" = set; then :
enableval=$enable_gss_krb5_ccache_name; check_gss_krb5_ccache_name=$enableval
fi
#
- # Some PAM implementations (MacOS X for example) put the PAM headers
+ # Some PAM implementations (macOS for example) put the PAM headers
# in /usr/include/pam instead of /usr/include/security...
#
found_pam_hdrs=no
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
- for ac_header in sasl/sasl.h sasl.h
+ if test ${enable_sasl-'yes'} = "yes"; then
+ found_sasl_h=no
+ for ac_header in sasl/sasl.h sasl.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
- for ac_func in ldap_sasl_interactive_bind_s
+ found_sasl_h=yes
+ for ac_func in ldap_sasl_interactive_bind_s
do :
ac_fn_c_check_func "$LINENO" "ldap_sasl_interactive_bind_s" "ac_cv_func_ldap_sasl_interactive_bind_s"
if test "x$ac_cv_func_ldap_sasl_interactive_bind_s" = xyes; then :
fi
done
- break
+ break
fi
done
+ if test X${enable_sasl} = X"yes"; then
+ if test X"$found_sasl_h" != X"yes"; then
+ as_fn_error $? "\"--enable-sasl specified but unable to locate SASL development headers.\"" "$LINENO" 5
+ fi
+ if test X"$ac_cv_func_ldap_sasl_interactive_bind_s" != X"yes"; then :
+ as_fn_error $? "\"--enable-sasl specified but SASL support is missing in your LDAP library\"" "$LINENO" 5
+ fi
+ fi
+ fi
for ac_header in ldap_ssl.h mps/ldap_ssl.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
;;
esac], [with_selinux=no])
+AC_ARG_ENABLE(sasl,
+[AS_HELP_STRING([--enable-sasl], [Enable/disable LDAP SASL support])],
+[ case "$enableval" in
+ yes|no) ;;
+ *) AC_MSG_WARN([Ignoring unknown argument to --enable-sasl: $enableval])
+ ;;
+ esac
+])
+
dnl
dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
dnl
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_LBER_H)])
- AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [
- AC_CHECK_FUNCS([ldap_sasl_interactive_bind_s])
- break
- ])
+ if test ${enable_sasl-'yes'} = "yes"; then
+ found_sasl_h=no
+ AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [
+ found_sasl_h=yes
+ AC_CHECK_FUNCS([ldap_sasl_interactive_bind_s])
+ break
+ ])
+ if test X${enable_sasl} = X"yes"; then
+ if test X"$found_sasl_h" != X"yes"; then
+ AC_MSG_ERROR(["--enable-sasl specified but unable to locate SASL development headers."])
+ fi
+ if test X"$ac_cv_func_ldap_sasl_interactive_bind_s" != X"yes"; then :
+ AC_MSG_ERROR(["--enable-sasl specified but SASL support is missing in your LDAP library"])
+ fi
+ fi
+ fi
AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
AC_CHECK_FUNCS([ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np])
AC_CHECK_FUNCS([ldap_search_ext_s ldap_search_st], [break])
projects / sudo / commitdiff