From: Todd C. Miller Date: Wed, 13 Jun 2007 17:41:44 +0000 (+0000) Subject: Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS. X-Git-Tag: SUDO_1_7_0~558 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4a7c81886ec0335f6f745d26d2c1e51c4c1448f7;p=sudo Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS. This deals with exclusive authentication methods in a simple way. --- diff --git a/aclocal.m4 b/aclocal.m4 index a70e38455..4b777963b 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -313,6 +313,29 @@ AC_DEFUN(SUDO_APPEND_LIBPATH, [ fi ]) +dnl +dnl Add a (potentially exclusive) auth method +dnl $1 - auth name +dnl $2 - object file to add to AUTH_OBJS +dnl $3 - set if method is exclusive +dnl +AC_DEFUN(SUDO_ADD_AUTH, [ +if test X"$AUTH_EXCL" != X""; then + AC_MSG_ERROR(["cannot mix $1 with an exclusive authentication method such as $AUTH_EXCL"]) +elif test X"$3" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + AC_MSG_ERROR(["cannot mix $1 with other authentication methods (such as $_AUTH)"]) +fi +if test X"$3" != X""; then + AUTH_OBJS="$2" + AUTH_EXCL="$1" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="$2" +else + AUTH_OBJS="$AUTH_OBJS $2" +fi +]) + dnl dnl private versions of AC_DEFINE and AC_DEFINE_UNQUOTED that don't support dnl tracing that we use to define paths for pathnames.h so autoheader doesn't diff --git a/configure b/configure index 28029190c..fb94e4b14 100755 --- a/configure +++ b/configure @@ -1867,11 +1867,26 @@ _ACEOF echo $ECHO_N "checking whether to try S/Key authentication... $ECHO_C" >&6 echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 - if test X"$AUTH_OBJS" = X""; then - AUTH_OBJS="rfc1938.o" - else - AUTH_OBJS="${AUTH_OBJS} rfc1938.o" - fi + +if test X"$AUTH_EXCL" != X""; then + { { echo "$as_me:$LINENO: error: \"cannot mix S/Key with an exclusive authentication method such as $AUTH_EXCL\"" >&5 +echo "$as_me: error: \"cannot mix S/Key with an exclusive authentication method such as $AUTH_EXCL\"" >&2;} + { (exit 1); exit 1; }; } +elif test X"" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + { { echo "$as_me:$LINENO: error: \"cannot mix S/Key with other authentication methods (such as $_AUTH)\"" >&5 +echo "$as_me: error: \"cannot mix S/Key with other authentication methods (such as $_AUTH)\"" >&2;} + { (exit 1); exit 1; }; } +fi +if test X"" != X""; then + AUTH_OBJS="rfc1938.o" + AUTH_EXCL="S/Key" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="rfc1938.o" +else + AUTH_OBJS="$AUTH_OBJS rfc1938.o" +fi + ;; esac fi; @@ -1896,11 +1911,26 @@ _ACEOF echo $ECHO_N "checking whether to try NRL OPIE authentication... $ECHO_C" >&6 echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 - if test X"$AUTH_OBJS" = X""; then - AUTH_OBJS="rfc1938.o" - else - AUTH_OBJS="${AUTH_OBJS} rfc1938.o" - fi + +if test X"$AUTH_EXCL" != X""; then + { { echo "$as_me:$LINENO: error: \"cannot mix NRL OPIE with an exclusive authentication method such as $AUTH_EXCL\"" >&5 +echo "$as_me: error: \"cannot mix NRL OPIE with an exclusive authentication method such as $AUTH_EXCL\"" >&2;} + { (exit 1); exit 1; }; } +elif test X"" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + { { echo "$as_me:$LINENO: error: \"cannot mix NRL OPIE with other authentication methods (such as $_AUTH)\"" >&5 +echo "$as_me: error: \"cannot mix NRL OPIE with other authentication methods (such as $_AUTH)\"" >&2;} + { (exit 1); exit 1; }; } +fi +if test X"" != X""; then + AUTH_OBJS="rfc1938.o" + AUTH_EXCL="NRL OPIE" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="rfc1938.o" +else + AUTH_OBJS="$AUTH_OBJS rfc1938.o" +fi + ;; esac fi; @@ -1962,13 +1992,26 @@ _ACEOF echo $ECHO_N "checking whether to use FWTK AuthSRV for authentication... $ECHO_C" >&6 echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 - if test X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then - _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` - { { echo "$as_me:$LINENO: error: \"cannot mix fwtk with other authentication methods (such as $_AUTH)\"" >&5 -echo "$as_me: error: \"cannot mix fwtk with other authentication methods (such as $_AUTH)\"" >&2;} + +if test X"$AUTH_EXCL" != X""; then + { { echo "$as_me:$LINENO: error: \"cannot mix FWTK AuthSRV with an exclusive authentication method such as $AUTH_EXCL\"" >&5 +echo "$as_me: error: \"cannot mix FWTK AuthSRV with an exclusive authentication method such as $AUTH_EXCL\"" >&2;} { (exit 1); exit 1; }; } - fi - AUTH_OBJS="fwtk.o" +elif test X"true" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + { { echo "$as_me:$LINENO: error: \"cannot mix FWTK AuthSRV with other authentication methods (such as $_AUTH)\"" >&5 +echo "$as_me: error: \"cannot mix FWTK AuthSRV with other authentication methods (such as $_AUTH)\"" >&2;} + { (exit 1); exit 1; }; } +fi +if test X"true" != X""; then + AUTH_OBJS="fwtk.o" + AUTH_EXCL="FWTK AuthSRV" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="fwtk.o" +else + AUTH_OBJS="$AUTH_OBJS fwtk.o" +fi + ;; esac fi; @@ -2040,11 +2083,26 @@ _ACEOF echo $ECHO_N "checking whether to try AFS (kerberos) authentication... $ECHO_C" >&6 echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 - if test X"$AUTH_OBJS" = X""; then - AUTH_OBJS="afs.o" - else - AUTH_OBJS="${AUTH_OBJS} afs.o" - fi + +if test X"$AUTH_EXCL" != X""; then + { { echo "$as_me:$LINENO: error: \"cannot mix AFS with an exclusive authentication method such as $AUTH_EXCL\"" >&5 +echo "$as_me: error: \"cannot mix AFS with an exclusive authentication method such as $AUTH_EXCL\"" >&2;} + { (exit 1); exit 1; }; } +elif test X"" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + { { echo "$as_me:$LINENO: error: \"cannot mix AFS with other authentication methods (such as $_AUTH)\"" >&5 +echo "$as_me: error: \"cannot mix AFS with other authentication methods (such as $_AUTH)\"" >&2;} + { (exit 1); exit 1; }; } +fi +if test X"" != X""; then + AUTH_OBJS="afs.o" + AUTH_EXCL="AFS" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="afs.o" +else + AUTH_OBJS="$AUTH_OBJS afs.o" +fi + ;; no) ;; *) { { echo "$as_me:$LINENO: error: \"--with-AFS does not take an argument.\"" >&5 @@ -2067,11 +2125,26 @@ _ACEOF echo $ECHO_N "checking whether to try DCE (kerberos) authentication... $ECHO_C" >&6 echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 - if test X"$AUTH_OBJS" = X""; then - AUTH_OBJS="dce.o" - else - AUTH_OBJS="${AUTH_OBJS} dce.o" - fi + +if test X"$AUTH_EXCL" != X""; then + { { echo "$as_me:$LINENO: error: \"cannot mix DCE with an exclusive authentication method such as $AUTH_EXCL\"" >&5 +echo "$as_me: error: \"cannot mix DCE with an exclusive authentication method such as $AUTH_EXCL\"" >&2;} + { (exit 1); exit 1; }; } +elif test X"" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + { { echo "$as_me:$LINENO: error: \"cannot mix DCE with other authentication methods (such as $_AUTH)\"" >&5 +echo "$as_me: error: \"cannot mix DCE with other authentication methods (such as $_AUTH)\"" >&2;} + { (exit 1); exit 1; }; } +fi +if test X"" != X""; then + AUTH_OBJS="dce.o" + AUTH_EXCL="DCE" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="dce.o" +else + AUTH_OBJS="$AUTH_OBJS dce.o" +fi + ;; no) ;; *) { { echo "$as_me:$LINENO: error: \"--with-DCE does not take an argument.\"" >&5 @@ -6993,7 +7066,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 6996 "configure" +#line 7069 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -7091,7 +7164,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 7094 "configure" +#line 7167 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -7240,7 +7313,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - $ECHO '#line 7243 "configure"' > conftest.$ac_ext + $ECHO '#line 7316 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -7891,11 +7964,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7894: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7967: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:7898: \$? = $ac_status" >&5 + echo "$as_me:7971: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -8166,11 +8239,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8169: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8242: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8173: \$? = $ac_status" >&5 + echo "$as_me:8246: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings @@ -8263,11 +8336,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8266: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8339: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8270: \$? = $ac_status" >&5 + echo "$as_me:8343: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -8317,11 +8390,11 @@ else -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8320: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8393: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8324: \$? = $ac_status" >&5 + echo "$as_me:8397: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10860,13 +10933,26 @@ fi done if test "$found" = "true"; then - if test X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then - _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` - { { echo "$as_me:$LINENO: error: \"cannot mix SIA with other authentication methods (such as $_AUTH)\"" >&5 + +if test X"$AUTH_EXCL" != X""; then + { { echo "$as_me:$LINENO: error: \"cannot mix SIA with an exclusive authentication method such as $AUTH_EXCL\"" >&5 +echo "$as_me: error: \"cannot mix SIA with an exclusive authentication method such as $AUTH_EXCL\"" >&2;} + { (exit 1); exit 1; }; } +elif test X"true" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + { { echo "$as_me:$LINENO: error: \"cannot mix SIA with other authentication methods (such as $_AUTH)\"" >&5 echo "$as_me: error: \"cannot mix SIA with other authentication methods (such as $_AUTH)\"" >&2;} { (exit 1); exit 1; }; } - fi - AUTH_OBJS="sia.o" +fi +if test X"true" != X""; then + AUTH_OBJS="sia.o" + AUTH_EXCL="SIA" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="sia.o" +else + AUTH_OBJS="$AUTH_OBJS sia.o" +fi + CHECKSHADOW=false fi fi @@ -13090,13 +13176,26 @@ if test $ac_cv_header_bsd_auth_h = yes; then #define HAVE_BSD_AUTH_H 1 _ACEOF - if test X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then - _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` - { { echo "$as_me:$LINENO: error: \"cannot mix BSD authentication with other authentication methods (such as $_AUTH)\"" >&5 + +if test X"$AUTH_EXCL" != X""; then + { { echo "$as_me:$LINENO: error: \"cannot mix BSD authentication with an exclusive authentication method such as $AUTH_EXCL\"" >&5 +echo "$as_me: error: \"cannot mix BSD authentication with an exclusive authentication method such as $AUTH_EXCL\"" >&2;} + { (exit 1); exit 1; }; } +elif test X"true" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + { { echo "$as_me:$LINENO: error: \"cannot mix BSD authentication with other authentication methods (such as $_AUTH)\"" >&5 echo "$as_me: error: \"cannot mix BSD authentication with other authentication methods (such as $_AUTH)\"" >&2;} { (exit 1); exit 1; }; } - fi - AUTH_OBJS=bsdauth.o +fi +if test X"true" != X""; then + AUTH_OBJS="bsdauth.o" + AUTH_EXCL="BSD authentication" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="bsdauth.o" +else + AUTH_OBJS="$AUTH_OBJS bsdauth.o" +fi + else - fi @@ -15963,11 +16062,11 @@ _ACEOF else case $LIBOBJS in - "closefrom.o.$ac_objext" | \ - *" closefrom.o.$ac_objext" | \ - "closefrom.o.$ac_objext "* | \ - *" closefrom.o.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS closefrom.o.$ac_objext" ;; + "closefrom.$ac_objext" | \ + *" closefrom.$ac_objext" | \ + "closefrom.$ac_objext "* | \ + *" closefrom.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS closefrom.$ac_objext" ;; esac echo "$as_me:$LINENO: checking whether F_CLOSEM is declared" >&5 @@ -19366,11 +19465,26 @@ fi LDFLAGS="$O_LDFLAGS" SUDO_LIBS="${SUDO_LIBS} $K4LIBS" - if test X"$AUTH_OBJS" = X""; then - AUTH_OBJS="kerb4.o" - else - AUTH_OBJS="${AUTH_OBJS} kerb4.o" - fi + +if test X"$AUTH_EXCL" != X""; then + { { echo "$as_me:$LINENO: error: \"cannot mix Kerberos 4 with an exclusive authentication method such as $AUTH_EXCL\"" >&5 +echo "$as_me: error: \"cannot mix Kerberos 4 with an exclusive authentication method such as $AUTH_EXCL\"" >&2;} + { (exit 1); exit 1; }; } +elif test X"" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + { { echo "$as_me:$LINENO: error: \"cannot mix Kerberos 4 with other authentication methods (such as $_AUTH)\"" >&5 +echo "$as_me: error: \"cannot mix Kerberos 4 with other authentication methods (such as $_AUTH)\"" >&2;} + { (exit 1); exit 1; }; } +fi +if test X"" != X""; then + AUTH_OBJS="kerb4.o" + AUTH_EXCL="Kerberos 4" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="kerb4.o" +else + AUTH_OBJS="$AUTH_OBJS kerb4.o" +fi + fi if test "$with_kerb5" = "yes"; then @@ -19415,11 +19529,26 @@ fi #define HAVE_KERB5 1 _ACEOF - if test X"$AUTH_OBJS" = X""; then - AUTH_OBJS="kerb5.o" - else - AUTH_OBJS="${AUTH_OBJS} kerb5.o" - fi + +if test X"$AUTH_EXCL" != X""; then + { { echo "$as_me:$LINENO: error: \"cannot mix Kerberos 5 with an exclusive authentication method such as $AUTH_EXCL\"" >&5 +echo "$as_me: error: \"cannot mix Kerberos 5 with an exclusive authentication method such as $AUTH_EXCL\"" >&2;} + { (exit 1); exit 1; }; } +elif test X"" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + { { echo "$as_me:$LINENO: error: \"cannot mix Kerberos 5 with other authentication methods (such as $_AUTH)\"" >&5 +echo "$as_me: error: \"cannot mix Kerberos 5 with other authentication methods (such as $_AUTH)\"" >&2;} + { (exit 1); exit 1; }; } +fi +if test X"" != X""; then + AUTH_OBJS="kerb5.o" + AUTH_EXCL="Kerberos 5" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="kerb5.o" +else + AUTH_OBJS="$AUTH_OBJS kerb5.o" +fi + CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`" echo "$as_me:$LINENO: checking whether we are using Heimdal" >&5 @@ -19469,11 +19598,15 @@ echo "${ECHO_T}yes" >&6 _ACEOF - else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 + + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + + fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext fi @@ -19583,7 +19716,8 @@ echo "${ECHO_T}yes" >&6 #define HAVE_HEIMDAL 1 _ACEOF - SUDO_LIBS="${SUDO_LIBS} -lkrb5 -ldes -lcom_err -lasn1" + # XXX - need to check whether -lcrypo is needed! + SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1" echo "$as_me:$LINENO: checking for main in -lroken" >&5 echo $ECHO_N "checking for main in -lroken... $ECHO_C" >&6 if test "${ac_cv_lib_roken_main+set}" = set; then @@ -19659,11 +19793,132 @@ echo "${ECHO_T}no" >&6 fi rm -f conftest.err conftest.$ac_objext conftest.$ac_ext - if test X"$AUTH_OBJS" = X""; then - AUTH_OBJS="kerb5.o" - else - AUTH_OBJS="${AUTH_OBJS} kerb5.o" - fi + +if test X"$AUTH_EXCL" != X""; then + { { echo "$as_me:$LINENO: error: \"cannot mix Kerberos 5 with an exclusive authentication method such as $AUTH_EXCL\"" >&5 +echo "$as_me: error: \"cannot mix Kerberos 5 with an exclusive authentication method such as $AUTH_EXCL\"" >&2;} + { (exit 1); exit 1; }; } +elif test X"" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + { { echo "$as_me:$LINENO: error: \"cannot mix Kerberos 5 with other authentication methods (such as $_AUTH)\"" >&5 +echo "$as_me: error: \"cannot mix Kerberos 5 with other authentication methods (such as $_AUTH)\"" >&2;} + { (exit 1); exit 1; }; } +fi +if test X"" != X""; then + AUTH_OBJS="kerb5.o" + AUTH_EXCL="Kerberos 5" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="kerb5.o" +else + AUTH_OBJS="$AUTH_OBJS kerb5.o" +fi + + _LIBS="$LIBS" + LIBS="${LIBS} ${SUDO_LIBS}" + + +for ac_func in krb5_verify_user krb5_init_secure_context +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case declares $ac_func. + For example, HP-UX 11i declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $ac_func + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +char (*f) () = $ac_func; +#endif +#ifdef __cplusplus +} +#endif + +int +main () +{ +return f != $ac_func; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_var=no" +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + LIBS="$_LIBS" fi if test "$with_logincap" = "yes"; then @@ -19680,13 +19935,26 @@ echo "$as_me: using AIX general authentication" >&6;} #define HAVE_AIXAUTH 1 _ACEOF - if test X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then - _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` - { { echo "$as_me:$LINENO: error: \"cannot mix AIX general authentication with other authentication methods (such as $_AUTH)\"" >&5 + +if test X"$AUTH_EXCL" != X""; then + { { echo "$as_me:$LINENO: error: \"cannot mix AIX general authentication with an exclusive authentication method such as $AUTH_EXCL\"" >&5 +echo "$as_me: error: \"cannot mix AIX general authentication with an exclusive authentication method such as $AUTH_EXCL\"" >&2;} + { (exit 1); exit 1; }; } +elif test X"true" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + { { echo "$as_me:$LINENO: error: \"cannot mix AIX general authentication with other authentication methods (such as $_AUTH)\"" >&5 echo "$as_me: error: \"cannot mix AIX general authentication with other authentication methods (such as $_AUTH)\"" >&2;} { (exit 1); exit 1; }; } - fi +fi +if test X"true" != X""; then AUTH_OBJS="aix_auth.o" + AUTH_EXCL="AIX general authentication" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="aix_auth.o" +else + AUTH_OBJS="$AUTH_OBJS aix_auth.o" +fi + SUDO_LIBS="${SUDO_LIBS} -ls" fi @@ -19913,13 +20181,26 @@ done #define HAVE_PAM 1 _ACEOF - if test X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then - _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` - { { echo "$as_me:$LINENO: error: \"cannot mix PAM with other authentication methods (such as $_AUTH)\"" >&5 + +if test X"$AUTH_EXCL" != X""; then + { { echo "$as_me:$LINENO: error: \"cannot mix PAM with an exclusive authentication method such as $AUTH_EXCL\"" >&5 +echo "$as_me: error: \"cannot mix PAM with an exclusive authentication method such as $AUTH_EXCL\"" >&2;} + { (exit 1); exit 1; }; } +elif test X"true" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + { { echo "$as_me:$LINENO: error: \"cannot mix PAM with other authentication methods (such as $_AUTH)\"" >&5 echo "$as_me: error: \"cannot mix PAM with other authentication methods (such as $_AUTH)\"" >&2;} { (exit 1); exit 1; }; } - fi - AUTH_OBJS="pam.o" +fi +if test X"true" != X""; then + AUTH_OBJS="pam.o" + AUTH_EXCL="PAM" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="pam.o" +else + AUTH_OBJS="$AUTH_OBJS pam.o" +fi + CHECKSHADOW=false fi fi @@ -20744,7 +21025,26 @@ _ACEOF fi done - AUTH_OBJS="${AUTH_OBJS} secureware.o" + +if test X"$AUTH_EXCL" != X""; then + { { echo "$as_me:$LINENO: error: \"cannot mix SecureWare with an exclusive authentication method such as $AUTH_EXCL\"" >&5 +echo "$as_me: error: \"cannot mix SecureWare with an exclusive authentication method such as $AUTH_EXCL\"" >&2;} + { (exit 1); exit 1; }; } +elif test X"" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + { { echo "$as_me:$LINENO: error: \"cannot mix SecureWare with other authentication methods (such as $_AUTH)\"" >&5 +echo "$as_me: error: \"cannot mix SecureWare with other authentication methods (such as $_AUTH)\"" >&2;} + { (exit 1); exit 1; }; } +fi +if test X"" != X""; then + AUTH_OBJS="secureware.o" + AUTH_EXCL="SecureWare" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="secureware.o" +else + AUTH_OBJS="$AUTH_OBJS secureware.o" +fi + fi if test "$with_AFS" = "yes"; then @@ -21249,12 +21549,6 @@ fi fi if test ${with_SecurID-'no'} != "no"; then - if test X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then - _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` - { { echo "$as_me:$LINENO: error: \"cannot mix SecurID with other authentication methods (such as $_AUTH)\"" >&5 -echo "$as_me: error: \"cannot mix SecurID with other authentication methods (such as $_AUTH)\"" >&2;} - { (exit 1); exit 1; }; } - fi if test "$with_SecurID" != "yes"; then : elif test -d /usr/ace/examples; then @@ -21346,7 +21640,26 @@ echo "$as_me:$LINENO: result: $ac_cv_lib_aceclnt_SD_Init_______lpthread_______" echo "${ECHO_T}$ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&6 if test $ac_cv_lib_aceclnt_SD_Init_______lpthread_______ = yes; then - AUTH_OBJS="securid5.o" + +if test X"$AUTH_EXCL" != X""; then + { { echo "$as_me:$LINENO: error: \"cannot mix SecurID 5 with an exclusive authentication method such as $AUTH_EXCL\"" >&5 +echo "$as_me: error: \"cannot mix SecurID 5 with an exclusive authentication method such as $AUTH_EXCL\"" >&2;} + { (exit 1); exit 1; }; } +elif test X"true" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + { { echo "$as_me:$LINENO: error: \"cannot mix SecurID 5 with other authentication methods (such as $_AUTH)\"" >&5 +echo "$as_me: error: \"cannot mix SecurID 5 with other authentication methods (such as $_AUTH)\"" >&2;} + { (exit 1); exit 1; }; } +fi +if test X"true" != X""; then + AUTH_OBJS="securid5.o" + AUTH_EXCL="SecurID 5" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="securid5.o" +else + AUTH_OBJS="$AUTH_OBJS securid5.o" +fi + SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread" @@ -21363,7 +21676,26 @@ if test $ac_cv_lib_aceclnt_SD_Init_______lpthread_______ = yes; then else - AUTH_OBJS="securid.o" + +if test X"$AUTH_EXCL" != X""; then + { { echo "$as_me:$LINENO: error: \"cannot mix SecurID with an exclusive authentication method such as $AUTH_EXCL\"" >&5 +echo "$as_me: error: \"cannot mix SecurID with an exclusive authentication method such as $AUTH_EXCL\"" >&2;} + { (exit 1); exit 1; }; } +elif test X"true" != X"" -a X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then + _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` + { { echo "$as_me:$LINENO: error: \"cannot mix SecurID with other authentication methods (such as $_AUTH)\"" >&5 +echo "$as_me: error: \"cannot mix SecurID with other authentication methods (such as $_AUTH)\"" >&2;} + { (exit 1); exit 1; }; } +fi +if test X"true" != X""; then + AUTH_OBJS="securid.o" + AUTH_EXCL="SecurID" +elif test X"$AUTH_OBJS" = X""; then + AUTH_OBJS="securid.o" +else + AUTH_OBJS="$AUTH_OBJS securid.o" +fi + SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a" fi diff --git a/configure.in b/configure.in index 716ececbc..036cb7d33 100644 --- a/configure.in +++ b/configure.in @@ -270,11 +270,7 @@ AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ], AC_DEFINE(HAVE_SKEY) AC_MSG_CHECKING(whether to try S/Key authentication) AC_MSG_RESULT(yes) - if test X"$AUTH_OBJS" = X""; then - AUTH_OBJS="rfc1938.o" - else - AUTH_OBJS="${AUTH_OBJS} rfc1938.o" - fi + SUDO_ADD_AUTH([S/Key], [rfc1938.o]) ;; esac]) @@ -288,11 +284,7 @@ AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ], AC_DEFINE(HAVE_OPIE) AC_MSG_CHECKING(whether to try NRL OPIE authentication) AC_MSG_RESULT(yes) - if test X"$AUTH_OBJS" = X""; then - AUTH_OBJS="rfc1938.o" - else - AUTH_OBJS="${AUTH_OBJS} rfc1938.o" - fi + SUDO_ADD_AUTH([NRL OPIE], [rfc1938.o]) ;; esac]) @@ -325,11 +317,7 @@ AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support], *) AC_DEFINE(HAVE_FWTK) AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication) AC_MSG_RESULT(yes) - if test X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then - _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` - AC_MSG_ERROR(["cannot mix fwtk with other authentication methods (such as $_AUTH)"]) - fi - AUTH_OBJS="fwtk.o" + SUDO_ADD_AUTH([FWTK AuthSRV], [fwtk.o], [true]) ;; esac]) @@ -368,11 +356,7 @@ AC_ARG_WITH(AFS, [ --with-AFS enable AFS support], yes) AC_DEFINE(HAVE_AFS) AC_MSG_CHECKING(whether to try AFS (kerberos) authentication) AC_MSG_RESULT(yes) - if test X"$AUTH_OBJS" = X""; then - AUTH_OBJS="afs.o" - else - AUTH_OBJS="${AUTH_OBJS} afs.o" - fi + SUDO_ADD_AUTH([AFS], [afs.o]) ;; no) ;; *) AC_MSG_ERROR(["--with-AFS does not take an argument."]) @@ -384,11 +368,7 @@ AC_ARG_WITH(DCE, [ --with-DCE enable DCE support], yes) AC_DEFINE(HAVE_DCE) AC_MSG_CHECKING(whether to try DCE (kerberos) authentication) AC_MSG_RESULT(yes) - if test X"$AUTH_OBJS" = X""; then - AUTH_OBJS="dce.o" - else - AUTH_OBJS="${AUTH_OBJS} dce.o" - fi + SUDO_ADD_AUTH([DCE], [dce.o]) ;; no) ;; *) AC_MSG_ERROR(["--with-DCE does not take an argument."]) @@ -1354,11 +1334,7 @@ case "$host" in if test "$CHECKSIA" = "true"; then AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false]) if test "$found" = "true"; then - if test X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then - _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` - AC_MSG_ERROR(["cannot mix SIA with other authentication methods (such as $_AUTH)"]) - fi - AUTH_OBJS="sia.o" + SUDO_ADD_AUTH([SIA], [sia.o], [true]) CHECKSHADOW=false fi fi @@ -1648,12 +1624,8 @@ if test ${with_logincap-'no'} != "no"; then AC_CHECK_HEADERS(login_cap.h) fi if test "$with_bsdauth" = "yes"; then - AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) [ - if test X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then - _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` - AC_MSG_ERROR(["cannot mix BSD authentication with other authentication methods (such as $_AUTH)"]) - fi - AUTH_OBJS=bsdauth.o], -) + AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) + [SUDO_ADD_AUTH([BSD authentication], [bsdauth.o], [true])], -) fi dnl dnl typedef checks @@ -1868,11 +1840,7 @@ if test -n "$with_kerb4"; then ], [$K4LIBS]) LDFLAGS="$O_LDFLAGS" SUDO_LIBS="${SUDO_LIBS} $K4LIBS" - if test X"$AUTH_OBJS" = X""; then - AUTH_OBJS="kerb4.o" - else - AUTH_OBJS="${AUTH_OBJS} kerb4.o" - fi + SUDO_ADD_AUTH([Kerberos 4], [kerb4.o]) fi dnl @@ -1883,11 +1851,7 @@ if test "$with_kerb5" = "yes"; then AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "") if test -n "$KRB5CONFIG"; then AC_DEFINE(HAVE_KERB5) - if test X"$AUTH_OBJS" = X""; then - AUTH_OBJS="kerb5.o" - else - AUTH_OBJS="${AUTH_OBJS} kerb5.o" - fi + SUDO_ADD_AUTH([Kerberos 5], [kerb5.o]) CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`" dnl @@ -1940,11 +1904,7 @@ if test -n "$with_kerb5" -a -z "$KRB5CONFIG"; then SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err" ]) - if test X"$AUTH_OBJS" = X""; then - AUTH_OBJS="kerb5.o" - else - AUTH_OBJS="${AUTH_OBJS} kerb5.o" - fi + SUDO_ADD_AUTH([Kerberos 5], [kerb5.o]) _LIBS="$LIBS" LIBS="${LIBS} ${SUDO_LIBS}" AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context) @@ -1967,11 +1927,7 @@ dnl if test "$with_aixauth" = "yes"; then AC_MSG_NOTICE([using AIX general authentication]) AC_DEFINE(HAVE_AIXAUTH) - if test X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then - _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` - AC_MSG_ERROR(["cannot mix AIX general authentication with other authentication methods (such as $_AUTH)"]) - fi - AUTH_OBJS="aix_auth.o" + SUDO_ADD_AUTH([AIX general authentication], [aix_auth.o], [true]) SUDO_LIBS="${SUDO_LIBS} -ls" fi @@ -1993,11 +1949,7 @@ if test ${with_pam-'no'} != "no"; then AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break]) if test "$with_pam" = "yes"; then AC_DEFINE(HAVE_PAM) - if test X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then - _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` - AC_MSG_ERROR(["cannot mix PAM with other authentication methods (such as $_AUTH)"]) - fi - AUTH_OBJS="pam.o" + SUDO_ADD_AUTH([PAM], [pam.o], [true]) CHECKSHADOW=false fi fi @@ -2039,7 +1991,7 @@ if test "$CHECKSHADOW" = "true"; then fi if test -n "$SECUREWARE"; then AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs) - AUTH_OBJS="${AUTH_OBJS} secureware.o" + SUDO_ADD_AUTH([SecureWare], [secureware.o]) fi dnl @@ -2165,10 +2117,6 @@ dnl dnl extra SecurID lib + includes dnl if test ${with_SecurID-'no'} != "no"; then - if test X"$AUTH_OBJS" != X"" -a X"$AUTH_OBJS" != X"passwd.o"; then - _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` - AC_MSG_ERROR(["cannot mix SecurID with other authentication methods (such as $_AUTH)"]) - fi if test "$with_SecurID" != "yes"; then : elif test -d /usr/ace/examples; then @@ -2184,13 +2132,13 @@ if test ${with_SecurID-'no'} != "no"; then # AC_CHECK_LIB(aceclnt, SD_Init, [ - AUTH_OBJS="securid5.o" + SUDO_ADD_AUTH([SecurID 5], [securid5.o], true) SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread" ] [ SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}]) ], [ - AUTH_OBJS="securid.o" + SUDO_ADD_AUTH([SecurID], [securid.o], true) SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a" ], [