← Back to branch summary

~ubuntu-branches/ubuntu/natty/pam/natty-security

« back to all changes in this revision

Viewing changes to configure.in

  • Committer: Bazaar Package Importer
  • Author(s): Steve Langasek
  • Date: 2009-08-26 00:40:14 UTC
  • mfrom: (1.1.5 upstream)
  • Revision ID: james.westby@ubuntu.com-20090826004014-qsd46mostuyljeqp
Tags: 1.1.0-1ubuntu1
* Merge from Debian, remaining changes:
  - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not
    present there or in /etc/security/pam_env.conf. (should send to Debian).
  - debian/libpam0g.postinst: only ask questions during update-manager when
    there are non-default services running.
  - debian/patches-applied/series: Ubuntu patches are as below ...
  - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic
    module option 'missingok' which will suppress logging of errors by
    libpam if the module is not found.
  - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for
    password on bad username.
  - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
    initialise RLIMIT_NICE rather than relying on the kernel limits.
  - Change Vcs-Bzr to point at the Ubuntu branch.
  - debian/local/common-password, debian/pam-configs/unix: switch from
    "md5" to "sha512" as password crypt default.
  - Make libpam-modules depend on base-files (>= 5.0.0ubuntu6), to ensure
    run-parts does the right thing in /etc/update-motd.d.
  - debian/patches-applied/pam_motd-legal-notice: display the contents of
    /etc/legal once, then set a flag in the user's homedir to prevent showing
    it again.
  - debian/local/common-{auth,account,password}.md5sums: include the
    Ubuntu-specific intrepid,jaunty md5sums for use during the
    common-session-noninteractive upgrade.
* Dropped changes, superseded upstream:
  - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t
    type rather than __u8.
  - debian/patches-applied/ubuntu-user_defined_environment: Look at
    ~/.pam_environment too, with the same format as
    /etc/security/pam_env.conf.

Show diffs side-by-side

added added

removed removed

Lines of Context:
configure.in
1
1
dnl Process this file with autoconf to produce a configure script.
2
 
AC_INIT(conf/pam_conv1/pam_conv_y.y)
3
 
AM_INIT_AUTOMAKE("Linux-PAM", 1.0.1)
4
 
AC_PREREQ([2.60])
5
 
AM_CONFIG_HEADER(config.h)
 
2
AC_INIT
 
3
AC_CONFIG_SRCDIR([conf/pam_conv1/pam_conv_y.y])
 
4
AM_INIT_AUTOMAKE("Linux-PAM", 1.1.0)
 
5
AC_PREREQ(2.61)
 
6
AC_CONFIG_HEADERS([config.h])
 
7
AC_CONFIG_MACRO_DIR([m4])
6
8
AC_CANONICAL_HOST
7
9
 
8
10
AC_SUBST(PACKAGE)
72
74
AM_CONDITIONAL([STATIC_MODULES], [test "$STATIC_MODULES" != "no"])
73
75
 
74
76
dnl Checks for programs.
75
 
AC_GNU_SOURCE
 
77
AC_USE_SYSTEM_EXTENSIONS
76
78
AC_PROG_CC
77
79
AC_PROG_YACC
78
80
AM_PROG_LEX
218
220
dnl
219
221
 
220
222
AC_ARG_ENABLE([prelude],
221
 
        AC_HELP_STRING([--disable-prelude],[do not use prelude]),
 
223
        AS_HELP_STRING([--disable-prelude],[do not use prelude]),
222
224
        WITH_PRELUDE=$enableval, WITH_PRELUDE=yes)
223
225
if test "$WITH_PRELUDE" == "yes" ; then
224
226
  AM_PATH_LIBPRELUDE([0.9.0])
229
231
 
230
232
dnl lots of debugging information goes to /var/run/pam-debug.log
231
233
AC_ARG_ENABLE([debug],
232
 
    AC_HELP_STRING([--enable-debug],
233
 
        [specify you are building with debugging on]),
234
 
        WITH_DEBUG=yes ; AC_DEFINE([DEBUG],,
235
 
                [lots of stuff gets written to /var/run/pam-debug.log]),
236
 
                WITH_DEBUG=no)
237
 
AC_SUBST(WITH_DEBUG)
 
234
    AS_HELP_STRING([--enable-debug],[specify you are building with debugging on]))
 
235
 
 
236
if test x"$enable_debug" = x"yes" ; then
 
237
   AC_DEFINE([DEBUG],,
 
238
                [lots of stuff gets written to /var/run/pam-debug.log])
 
239
fi
238
240
 
239
241
AC_ARG_ENABLE(securedir,
240
 
        AC_HELP_STRING([--enable-securedir=DIR],[path to location of PAMs @<:@default=$libdir/security@:>@]),
 
242
        AS_HELP_STRING([--enable-securedir=DIR],[path to location of PAMs @<:@default=$libdir/security@:>@]),
241
243
        SECUREDIR=$enableval, SECUREDIR=$libdir/security)
242
244
AC_SUBST(SECUREDIR)
243
245
 
244
246
AC_ARG_ENABLE([isadir],
245
 
        AC_HELP_STRING([--enable-isadir=DIR],[path to arch-specific module files @<:@default=../../(basename of $libdir)/security@:>@]),
 
247
        AS_HELP_STRING([--enable-isadir=DIR],[path to arch-specific module files @<:@default=../../(basename of $libdir)/security@:>@]),
246
248
ISA=$enableval,
247
249
ISA=../../`basename $libdir`/security)
248
250
unset mylibdirbase
250
252
AC_MSG_RESULT([Defining \$ISA to "$ISA"])
251
253
 
252
254
AC_ARG_ENABLE(sconfigdir,
253
 
        AC_HELP_STRING([--enable-sconfigdir=DIR],[path to module conf files @<:@default=$sysconfdir/security@:>@]),
 
255
        AS_HELP_STRING([--enable-sconfigdir=DIR],[path to module conf files @<:@default=$sysconfdir/security@:>@]),
254
256
        SCONFIGDIR=$enableval, SCONFIGDIR=$sysconfdir/security)
255
257
AC_SUBST(SCONFIGDIR)
256
258
 
257
259
AC_ARG_ENABLE(pamlocking,
258
 
        AC_HELP_STRING([--enable-pamlocking],[configure libpam to observe a global authentication lock]),
259
 
        WITH_PAMLOCKING=yes ; AC_DEFINE([PAM_LOCKING],,
260
 
                [libpam should observe a global authentication lock]),
261
 
                WITH_PAMLOCKING=no)
262
 
AC_SUBST(WITH_PAMLOCKING)
 
260
        AS_HELP_STRING([--enable-pamlocking],[configure libpam to observe a global authentication lock]))
 
261
 
 
262
if test x"$enable_pamlocking" = "xyes"; then
 
263
   AC_DEFINE([PAM_LOCKING],,
 
264
        [libpam should observe a global authentication lock])
 
265
fi
263
266
 
264
267
AC_ARG_ENABLE(read-both-confs,
265
 
        AC_HELP_STRING([--enable-read-both-confs],[read both /etc/pam.d and /etc/pam.conf files]),
266
 
        AC_DEFINE([PAM_READ_BOTH_CONFS],,
267
 
                [read both /etc/pam.d and /etc/pam.conf files]))
268
 
AC_SUBST(PAM_READ_BOTH_CONFS)
 
268
        AS_HELP_STRING([--enable-read-both-confs],[read both /etc/pam.d and /etc/pam.conf files]))
 
269
 
 
270
if test x"$enable_read_both_confs" = "xyes"; then
 
271
   AC_DEFINE([PAM_READ_BOTH_CONFS],,
 
272
                [read both /etc/pam.d and /etc/pam.conf files])
 
273
fi
269
274
 
270
275
AC_ARG_ENABLE([lckpwdf],
271
 
        AC_HELP_STRING([--disable-lckpwdf],[do not use the lckpwdf function]),
 
276
        AS_HELP_STRING([--disable-lckpwdf],[do not use the lckpwdf function]),
272
277
        WITH_LCKPWDF=$enableval, WITH_LCKPWDF=yes)
273
278
if test "$WITH_LCKPWDF" == "yes" ; then
274
279
    AC_DEFINE([USE_LCKPWDF], 1,
283
288
if test x$with_mailspool != x ; then
284
289
        pam_mail_spool="\"$with_mailspool\""
285
290
else
286
 
        AC_TRY_RUN([
 
291
        AC_RUN_IFELSE([AC_LANG_SOURCE([[
287
292
#include <paths.h>
288
293
int main() {
289
294
#ifdef _PATH_MAILDIR
291
296
#else
292
297
exit(1);
293
298
#endif
294
 
}], pam_mail_spool="_PATH_MAILDIR",
295
 
pam_mail_spool="\"/var/spool/mail\"",
296
 
pam_mail_spool="\"/var/spool/mail\"")
 
299
}]])],[pam_mail_spool="_PATH_MAILDIR"],[pam_mail_spool="\"/var/spool/mail\""],[pam_mail_spool="\"/var/spool/mail\""])
297
300
fi
298
301
AC_DEFINE_UNQUOTED(PAM_PATH_MAILDIR, $pam_mail_spool,
299
302
        [Path where mails are stored])
321
324
 
322
325
# Check for cracklib
323
326
AC_ARG_ENABLE([cracklib],
324
 
        AC_HELP_STRING([--disable-cracklib],[do not use cracklib]),
 
327
        AS_HELP_STRING([--disable-cracklib],[do not use cracklib]),
325
328
        WITH_CRACKLIB=$enableval, WITH_CRACKLIB=yes)
326
329
if test x"$WITH_CRACKLIB" != xno ; then
327
330
        AC_CHECK_HEADERS([crack.h],
334
337
 
335
338
dnl Look for Linux Auditing library - see documentation
336
339
AC_ARG_ENABLE([audit],
337
 
        AC_HELP_STRING([--disable-audit],[do not enable audit support]),
 
340
        AS_HELP_STRING([--disable-audit],[do not enable audit support]),
338
341
        WITH_LIBAUDIT=$enableval, WITH_LIBAUDIT=yes)
339
342
if test x"$WITH_LIBAUDIT" != xno ; then
340
343
        AC_CHECK_HEADER([libaudit.h],
344
347
                             [HAVE_AUDIT_TTY_STATUS=""],
345
348
                             [#include <libaudit.h>])]
346
349
        )
347
 
        if test ! -z "$LIBAUDIT" -a "ac_cv_header_libaudit_h" != "no" ; then
 
350
        if test ! -z "$LIBAUDIT" -a "$ac_cv_header_libaudit_h" != "no" ; then
348
351
            AC_DEFINE([HAVE_LIBAUDIT], 1, [Define to 1 if audit support should be compiled in.])
349
352
        fi
350
353
        if test ! -z "$HAVE_AUDIT_TTY_STATUS" ; then
357
360
AM_CONDITIONAL([HAVE_AUDIT_TTY_STATUS],
358
361
               [test "x$HAVE_AUDIT_TTY_STATUS" = xyes])
359
362
 
 
363
AC_CHECK_HEADERS(xcrypt.h crypt.h)
360
364
BACKUP_LIBS=$LIBS
361
365
AC_SEARCH_LIBS([crypt],[xcrypt crypt], LIBCRYPT="-l$ac_lib", LIBCRYPT="")
362
 
AC_CHECK_FUNCS(crypt_r)
 
366
AC_CHECK_FUNCS(crypt_r crypt_gensalt_rn)
363
367
LIBS=$BACKUP_LIBS
364
368
AC_SUBST(LIBCRYPT)
 
369
if test "$LIBCRYPT" = "-lxcrypt" -a "$ac_cv_header_xcrypt_h" = "yes" ; then
 
370
        AC_DEFINE([HAVE_LIBXCRYPT], 1, [Define to 1 if xcrypt support should be compiled in.])
 
371
fi
365
372
 
366
 
AC_ARG_WITH([randomdev], AC_HELP_STRING([--with-randomdev=(<path>|yes|no)], [use specified random device instead of /dev/urandom or 'no' to disable]), opt_randomdev=$withval)
 
373
AC_ARG_WITH([randomdev], AS_HELP_STRING([--with-randomdev=(<path>|yes|no)],[use specified random device instead of /dev/urandom or 'no' to disable]), opt_randomdev=$withval)
367
374
if test "$opt_randomdev" = yes -o -z "$opt_randomdev"; then
368
375
       opt_randomdev="/dev/urandom"
369
376
elif test "$opt_randomdev" = no; then
376
383
dnl check for libdb or libndbm as fallback. Some libndbm compat
377
384
dnl libraries are unuseable, so try libdb first.
378
385
AC_ARG_ENABLE([db],
379
 
        AC_HELP_STRING([--enable-db=(db|ndbm|yes|no)],[Default behavior 'yes', which is to check for libdb first, followed by ndbm. Use 'no' to disable db support.]),
 
386
        AS_HELP_STRING([--enable-db=(db|ndbm|yes|no)],[Default behavior 'yes', which is to check for libdb first, followed by ndbm. Use 'no' to disable db support.]),
380
387
        WITH_DB=$enableval, WITH_DB=yes)
381
388
AC_ARG_WITH([db-uniquename],
382
 
        AC_HELP_STRING([--with-db-uniquename=extension],[Unique name for db libraries and functions.]))
 
389
        AS_HELP_STRING([--with-db-uniquename=extension],[Unique name for db libraries and functions.]))
383
390
if test x"$WITH_DB" != xno ; then
384
391
        if test x"$WITH_DB" = xyes -o x"$WITH_DB" = xdb ; then
385
392
              AC_CHECK_LIB([db$with_db_uniquename], [db_create$with_db_uniquename], LIBDB="-ldb$with_db_uniquename", LIBDB="")
407
414
AC_SUBST(LIBNSL)
408
415
 
409
416
AC_ARG_ENABLE([selinux],
410
 
        AC_HELP_STRING([--disable-selinux],[do not use SELinux]),
 
417
        AS_HELP_STRING([--disable-selinux],[do not use SELinux]),
411
418
        WITH_SELINUX=$enableval, WITH_SELINUX=yes)
412
419
if test "$WITH_SELINUX" == "yes" ; then
413
420
  AC_CHECK_LIB([selinux],[getfilecon], LIBSELINUX="-lselinux", LIBSELINUX="")
421
428
    BACKUP_LIBS=$LIBS
422
429
    LIBS="$LIBS $LIBSELINUX"
423
430
    AC_CHECK_FUNCS(setkeycreatecon)
 
431
    AC_CHECK_FUNCS(getseuser)
424
432
    LIBS=$BACKUP_LIBS
425
433
fi
426
434
 
430
438
AC_HEADER_SYS_WAIT
431
439
AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h)
432
440
 
433
 
AC_CHECK_HEADERS(crypt.h)
434
 
 
435
441
dnl For module/pam_lastlog
436
442
AC_CHECK_HEADERS(lastlog.h utmp.h utmpx.h)
437
443
 
487
493
AM_CONDITIONAL(ENABLE_GENERATE_PDF, test ! -z "$FO2PDF")
488
494
 
489
495
 
490
 
AM_GNU_GETTEXT_VERSION
 
496
AM_GNU_GETTEXT_VERSION([0.15])
491
497
AM_GNU_GETTEXT([external])
492
498
AC_CHECK_FUNCS(dngettext)
493
499
 
494
 
AH_VERBATIM([_ZZENABLE_NLS],
495
 
[#ifdef ENABLE_NLS
 
500
AH_BOTTOM([#ifdef ENABLE_NLS
496
501
#include <libintl.h>
497
502
#define _(msgid) dgettext(PACKAGE, msgid)
498
503
#define N_(msgid) msgid
523
528
AM_CONDITIONAL([HAVE_KEY_MANAGEMENT], [test "$have_key_syscalls" = 1])
524
529
 
525
530
dnl Files to be created from when we run configure
526
 
AC_OUTPUT(Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile \
 
531
AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile \
527
532
        libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \
528
533
        po/Makefile.in \
529
534
        modules/Makefile \
540
545
        modules/pam_mkhomedir/Makefile modules/pam_motd/Makefile \
541
546
        modules/pam_namespace/Makefile \
542
547
        modules/pam_nologin/Makefile modules/pam_permit/Makefile \
543
 
        modules/pam_rhosts/Makefile \
 
548
        modules/pam_pwhistory/Makefile modules/pam_rhosts/Makefile \
544
549
        modules/pam_rootok/Makefile modules/pam_exec/Makefile \
545
550
        modules/pam_securetty/Makefile modules/pam_selinux/Makefile \
546
551
        modules/pam_sepermit/Makefile \
547
552
        modules/pam_shells/Makefile modules/pam_stress/Makefile \
548
553
        modules/pam_succeed_if/Makefile modules/pam_tally/Makefile \
549
 
        modules/pam_time/Makefile modules/pam_tty_audit/Makefile \
 
554
        modules/pam_tally2/Makefile modules/pam_time/Makefile \
 
555
        modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile \
550
556
        modules/pam_umask/Makefile \
551
557
        modules/pam_unix/Makefile modules/pam_userdb/Makefile \
552
558
        modules/pam_warn/Makefile modules/pam_wheel/Makefile \
553
559
        modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile \
554
560
        doc/man/Makefile doc/sag/Makefile doc/adg/Makefile \
555
561
        doc/mwg/Makefile examples/Makefile tests/Makefile \
556
 
        xtests/Makefile)
 
562
        xtests/Makefile])
 
563
AC_OUTPUT