From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Thu, 22 Jul 1999 12:46:29 +0000 (+0000)
Subject: o tgetpass.c is no longer optional
X-Git-Tag: SUDO_1_6_0~214
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=379f683661ec8af1423066f4df9f34b02d1769ac;p=sudo

o tgetpass.c is no longer optional
o kill DCE_OBJS, add AUTH_OBJS
o kill --disable-tgetpass
o add --without-passwd
o changes to fill in AUTH_OBJS for new auth api
o check for strerror(), v?snprintf() and v?asprintf()
o replace --with-AuthSRV with --with-fwtk
---

diff --git a/configure.in b/configure.in
index 85c4aab58..37e74235e 100644
--- a/configure.in
+++ b/configure.in
@@ -30,12 +30,10 @@ CPPFLAGS=""
 AC_SUBST(CPPFLAGS)dnl
 OSDEFS=""
 AC_SUBST(OSDEFS)dnl
-DCE_OBJS=""
-AC_SUBST(DCE_OBJS)dnl
+AUTH_OBJS="passwd.o"
+AC_SUBST(AUTH_OBJS)dnl
 LIBOBJS=""
 AC_SUBST(LIBOBJS)dnl
-TGETPASS="tgetpass.o"
-AC_SUBST(TGETPASS)dnl
 MANTYPE="man"
 AC_SUBST(MANTYPE)dnl
 MAN_POSTINSTALL=""
@@ -143,11 +141,32 @@ AC_ARG_WITH(csops, [  --with-csops            add CSOps standard options],
 		;;
 esac])
 
+dnl
+dnl Must be the first thing to modify ${AUTH_OBJS}
+dnl
+AC_ARG_WITH(passwd, [  --without-passwd        no passwd/shadow file authentication],
+[case $with_passwd in
+    yes)	;;
+    no)		AC_DEFINE(WITHOUT_PASSWD)
+		AC_MSG_CHECKING(whether to check shadow/passwd file)
+		AC_MSG_RESULT(no)
+		AUTH_OBJS=""
+		;;
+    *)		echo "Sorry, --with-passwd does not take an argument."
+		exit 1
+		;;
+esac])
+
 AC_ARG_WITH(skey, [  --with-skey             enable S/Key support ],
 [case $with_skey in
-    yes)	AC_DEFINE(HAVE_SKEY)
+    yes)	if test -n "$with_opie"; then
+		    AC_MSG_WARN(cannot use both S/Key and OPIE)
+		    exit 1
+		fi
+    		AC_DEFINE(HAVE_SKEY)
 		AC_MSG_CHECKING(whether to try S/Key authentication)
 		AC_MSG_RESULT(yes)
+		AUTH_OBJS="${AUTH_OBJS} rfc1938.o"
 		;;
     no)		;;
     *)		echo "Ignoring unknown argument to --with-skey: $with_skey"
@@ -156,9 +175,14 @@ esac])
 
 AC_ARG_WITH(opie, [  --with-opie             enable OPIE support ],
 [case $with_opie in
-    yes)	AC_DEFINE(HAVE_OPIE)
+    yes)	if test -n "$with_skey"; then
+		    AC_MSG_WARN(cannot use both S/Key and OPIE)
+		    exit 1
+		fi
+		AC_DEFINE(HAVE_OPIE)
 		AC_MSG_CHECKING(whether to try NRL OPIE authentication)
 		AC_MSG_RESULT(yes)
+		AUTH_OBJS="${AUTH_OBJS} rfc1938.o"
 		;;
     no)		;;
     *)		echo "Ignoring unknown argument to --with-opie: $with_opie"
@@ -195,21 +219,25 @@ AC_ARG_WITH(SecurID, [  --with-SecurID          enable SecurID support],
     *)		AC_DEFINE(HAVE_SECURID)
 		AC_MSG_CHECKING(whether to use SecurID for authentication)
 		AC_MSG_RESULT(yes)
+		AUTH_OBJS="securid.o"
 		;;
 esac])
 
-AC_ARG_WITH(AuthSRV, [  --with-AuthSRV          enable FWTK AuthSRV support],
-[case $with_AuthSRV in
-    yes)	AC_DEFINE(HAVE_AUTHSRV)
+AC_ARG_WITH(fwtk, [  --with-fwtk             enable FWTK AuthSRV support],
+[case $with_fwtk in
+    yes)	AC_DEFINE(HAVE_FWTK)
 		AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
 		AC_MSG_RESULT(yes)
+		AUTH_OBJS="fwtk.o"
 		;;
     no)		;;
-    *)		AC_DEFINE(HAVE_AUTHSRV)
+    *)		AC_DEFINE(HAVE_FWTK)
 		AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
 		AC_MSG_RESULT(yes)
-		SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with-AuthSRV}"
-    		CPPFLAGS="${CPPFLAGS} -I${with-AuthSRV}"
+		SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}"
+    		CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
+		AUTH_OBJS="fwtk.o"
+		with_fwtk=yes
 		;;
 esac])
 
@@ -240,6 +268,7 @@ AC_ARG_WITH(authenticate, [  --with-authenticate     enable AIX general authenti
     yes)	AC_DEFINE(HAVE_AUTHENTICATE)
 		AC_MSG_CHECKING(whether to use AIX general authentication)
 		AC_MSG_RESULT(yes)
+		AUTH_OBJS="authenticate.o"
 		;;
     no)		;;
     *)		echo "Sorry, --with-authenticate does not take an argument."
@@ -252,6 +281,7 @@ AC_ARG_WITH(pam, [  --with-pam              enable PAM support],
     yes)	AC_DEFINE(HAVE_PAM)
 		AC_MSG_CHECKING(whether to use PAM authentication)
 		AC_MSG_RESULT(yes)
+		AUTH_OBJS="pam.o"
 		;;
     no)		;;
     *)		echo "Sorry, --with-pam does not take an argument."
@@ -264,6 +294,7 @@ AC_ARG_WITH(AFS, [  --with-AFS              enable AFS support],
     yes)	AC_DEFINE(HAVE_AFS)
 		AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
 		AC_MSG_RESULT(yes)
+		AUTH_OBJS="${AUTH_OBJS} afs.o"
 		;;
     no)		;;
     *)		echo "Sorry, --with-AFS does not take an argument."
@@ -276,6 +307,7 @@ AC_ARG_WITH(DCE, [  --with-DCE              enable DCE support],
     yes)	AC_DEFINE(HAVE_DCE)
 		AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
 		AC_MSG_RESULT(yes)
+		AUTH_OBJS="${AUTH_OBJS} dce.o"
 		;;
     no)		;;
     *)		echo "Sorry, --with-DCE does not take an argument."
@@ -820,22 +852,6 @@ AC_ARG_ENABLE(root-sudo,
   esac
 ], AC_MSG_RESULT(yes))
 
-AC_MSG_CHECKING(whether to use the system getpass function)
-AC_ARG_ENABLE(tgetpass,
-[  --disable-tgetpass      Use the system getpass() instead of sudo's version],
-[ case "$enableval" in
-    yes)	AC_MSG_RESULT(no)
-		;;
-    no)		AC_MSG_RESULT(yes)
-		AC_DEFINE(USE_GETPASS)
-		TGETPASS=""
-		;;
-    *)		AC_MSG_RESULT(no)
-    		echo "Ignoring unknown argument to --enable-tgetpass: $enableval"
-		;;
-  esac
-], AC_MSG_RESULT(no))
-
 AC_MSG_CHECKING(whether to log the hostname in the log file)
 AC_ARG_ENABLE(log-host,
 [  --enable-log-host       Log the hostname in the log file],
@@ -1118,7 +1134,7 @@ case "$host" in
 		# unless overridden on the command line
 		if test "$CHECKSIA" = "true"; then
 		    AC_CHECK_FUNC(sia_ses_init, AC_DEFINE(HAVE_SIA) [
-		    if test -n "$with_skey" -o -n "$with_opie" -o -n "$with_otp_only" -o -n "$with_long_otp_prompt" -o -n "$with_SecurID" -o -n "$with_AuthSRV" -o -n "$with_kerb4" -o -n "$with_kerb5" -o -n "$with_pam" -o -n "$with_AFS" -o -n "$with_DCE"; then
+		    if test -n "$with_skey" -o -n "$with_opie" -o -n "$with_otp_only" -o -n "$with_long_otp_prompt" -o -n "$with_SecurID" -o -n "$with_fwtk" -o -n "$with_kerb4" -o -n "$with_kerb5" -o -n "$with_pam" -o -n "$with_AFS" -o -n "$with_DCE"; then
 			echo "Sorry, you cannot mix SIA and other authentication schemes.  You can turn off SIA support via the --disable-sia option"
 			exit 1
 		    fi]; CHECKSHADOW=false)
@@ -1129,6 +1145,8 @@ case "$host" in
 		fi
 
 		if test -n "$SECUREWARE"; then
+		    AUTH_OBJS="${AUTH_OBJS} secureware.o"
+		    AC_DEFINE(HAVE_GETPRPWNAM)
 		    # 4.x and higher need -ldb too...
 		    AC_CHECK_LIB(db, dbopen, [SUDO_LIBS="${SUDO_LIBS} -lsecurity -ldb -laud -lm"; LIBS="${LIBS} -lsecurity -ldb -laud -lm"], [SUDO_LIBS="${SUDO_LIBS} -lsecurity -ldb -laud -lm"; LIBS="${LIBS} -lsecurity -ldb -laud -lm"])
 		    AC_CHECK_FUNCS(dispcrypt)
@@ -1141,6 +1159,8 @@ case "$host" in
 		    [AC_MSG_RESULT([yes, fixing locally])
 		    sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
 		    ])
+		else
+		    AUTH_OBJS="sia.o"
 		fi
 		;;
     *-*-irix*)
@@ -1318,9 +1338,20 @@ AC_CHECK_FUNC(innetgr, AC_DEFINE(HAVE_INNETGR) AC_CHECK_FUNCS(getdomainname))
 AC_CHECK_FUNC(lsearch, AC_DEFINE(HAVE_LSEARCH), AC_CHECK_LIB(compat, lsearch, AC_CHECK_HEADER(search.h, AC_DEFINE(HAVE_LSEARCH) [SUDO_LIBS="${SUDO_LIBS} -lcompat"; VISUDO_LIBS="${VISUDO_LIBS} -lcompat"; LIBS="${LIBS} -lcompat"], LIBOBJS="$LIBOBJS lsearch.o"), LIBOBJS="$LIBOBJS lsearch.o"))
 AC_CHECK_FUNC(setenv, AC_DEFINE(HAVE_SETENV), AC_FUNC_CHECK(putenv, AC_DEFINE(HAVE_PUTENV), LIBOBJS="$LIBOBJS putenv.o"))
 AC_CHECK_FUNC(utime, AC_DEFINE(HAVE_UTIME)
-SUDO_FUNC_UTIME_POSIX
-AC_FUNC_UTIME_NULL, LIBOBJS="$LIBOBJS utime.o")
+SUDO_FUNC_UTIME_POSIX, LIBOBJS="$LIBOBJS utime.o")
 SUDO_FUNC_FNMATCH(AC_DEFINE(HAVE_FNMATCH), LIBOBJS="$LIBOBJS fnmatch.o")
+AC_REPLACE_FUNCS(strerror)
+AC_CHECK_FUNC(snprintf, AC_DEFINE(HAVE_SNPRINTF), NEED_SNPRINTF=1)
+AC_CHECK_FUNC(vsnprintf, AC_DEFINE(HAVE_VSNPRINTF), NEED_SNPRINTF=1)
+AC_CHECK_FUNC(asprintf, AC_DEFINE(HAVE_ASPRINTF), NEED_SNPRINTF=1)
+AC_CHECK_FUNC(vasprintf, AC_DEFINE(HAVE_VASPRINTF), NEED_SNPRINTF=1)
+dnl
+dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
+dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
+dnl
+if test -n "$NEED_SNPRINTF"; then
+    LIBOBJS="$LIBOBJS snprintf.o"
+fi
 dnl
 dnl if crypt(3) not in libc, look elsewhere
 dnl
@@ -1363,6 +1394,7 @@ if test "$with_kerb5" = "yes"; then
     AC_CHECK_LIB(krb5, krb5_get_init_creds_opt, [
 	AC_DEFINE(HAVE_KERB5)
 	SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
+	AUTH_OBJS="${AUTH_OBJS} kerb5.o"
     ], with_kerb4=yes)
 fi
 
@@ -1399,6 +1431,7 @@ if test "$with_kerb4" = "yes"; then
 	SUDO_LIBS="${SUDO_LIBS} -ldes425 -lkrb5 -lcrypto -lcom_err"
     else
 	AC_HAVE_LIBRARY(des, SUDO_LIBS="${SUDO_LIBS} -lkrb -ldes", SUDO_LIBS="${SUDO_LIBS} -lkrb")
+    AUTH_OBJS="${AUTH_OBJS} kerb4.o"
     fi
 fi
 
@@ -1513,9 +1546,9 @@ if test -n "$with_SecurID" -a "$with_SecurID" != "no"; then
 fi
 
 dnl
-dnl extra AuthSRV lib + includes
+dnl extra FWTK libs + includes
 dnl
-if test "$with_AuthSRV" = "yes"; then
+if test "$with_fwtk" = "yes"; then
     SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
 fi
 
@@ -1532,6 +1565,15 @@ dnl
 SUDO_LOGFILE
 SUDO_TIMEDIR
 
+dnl
+dnl If ${AUTH_OBJS} is empty, define NO_PASSWD
+dnl The meaning of --without-passwd is overloaded...
+dnl
+if test -z "$AUTH_OBJS"; then
+    AC_DEFINE(NO_PASSWD)
+    AC_MSG_WARN(no user authentication will be performed)
+fi
+
 dnl
 dnl Set exec_prefix
 dnl