← Back to branch summary

~xnox/ubuntu/quantal/shadow/clear-locks

« back to all changes in this revision

Viewing changes to configure.in

  • Committer: Bazaar Package Importer
  • Author(s): Kees Cook
  • Date: 2009-05-05 09:45:21 UTC
  • mfrom: (1.1.6 upstream)
  • Revision ID: james.westby@ubuntu.com-20090505094521-wpk2wn3q7957tlah
Tags: 1:4.1.3.1-1ubuntu1
* Merge from debian unstable, remaining changes:
  - Ubuntu specific:
    + debian/login.defs: use SHA512 by default for password crypt routine.
  - debian/patches/stdout-encrypted-password.patch: chpasswd can report
    password hashes on stdout (debian bug 505640).
  - debian/login.pam: Enable SELinux support (debian bug 527106).
  - debian/securetty.linux: support Freescale MX-series (debian bug 527095).
* Add debian/patches/300_lastlog_failure: fixed upstream (debian bug 524873).
* Drop debian/patches/593_omit_lastchange_field_if_clock_is_misset: fixed
  upstream.

Show diffs side-by-side

added added

removed removed

Lines of Context:
configure.in
1
1
dnl Process this file with autoconf to produce a configure script.
2
2
AC_INIT
3
 
AM_INIT_AUTOMAKE(shadow, 4.1.1)
 
3
AM_INIT_AUTOMAKE(shadow, 4.1.3.1)
4
4
AC_CONFIG_HEADERS([config.h])
5
5
 
6
6
dnl Some hacks...
28
28
AC_HEADER_DIRENT
29
29
AC_HEADER_STDC
30
30
AC_HEADER_SYS_WAIT
 
31
AC_HEADER_STDBOOL
31
32
 
32
33
AC_CHECK_HEADERS(errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
33
34
        utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
37
38
dnl shadow now uses the libc's shadow implementation
38
39
AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
39
40
 
40
 
AC_CHECK_FUNCS(l64a fchmod fchown fsync getgroups gethostname getspnam \
 
41
AC_CHECK_FUNCS(l64a fchmod fchown fsync futimes getgroups gethostname getspnam \
41
42
        gettimeofday getusershell getutent initgroups lchown lckpwdf lstat \
42
 
        memcpy memset setgroups sigaction strchr updwtmp updwtmpx innetgr \
 
43
        lutimes memcpy memset setgroups sigaction strchr updwtmp updwtmpx innetgr \
43
44
        getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
44
45
AC_SYS_LARGEFILE
45
46
 
51
52
AC_TYPE_MODE_T
52
53
AC_HEADER_STAT
53
54
AC_CHECK_MEMBERS([struct stat.st_rdev])
 
55
AC_CHECK_MEMBERS([struct stat.st_atim])
 
56
AC_CHECK_MEMBERS([struct stat.st_atimensec])
 
57
AC_CHECK_MEMBERS([struct stat.st_mtim])
 
58
AC_CHECK_MEMBERS([struct stat.st_mtimensec])
54
59
AC_HEADER_TIME
55
60
AC_STRUCT_TM
56
61
 
212
217
AC_ARG_ENABLE(man,
213
218
        [AC_HELP_STRING([--enable-man],
214
219
                [regenerate roff man pages from Docbook @<:@default=no@:>@])],
215
 
        [enable_man=yes],
216
 
        [enable_man=no]
 
220
        [enable_man="${enableval}"],
 
221
        [enable_man=no]
 
222
)
 
223
 
 
224
AC_ARG_ENABLE(account-tools-setuid,
 
225
        [AC_HELP_STRING([--enable-account-tools-setuid],
 
226
                [Install the user and group management tools setuid and authenticate the callers. This requires --with-pam.])],
 
227
        [case "${enableval}" in
 
228
         yes) enable_acct_tools_setuid="yes" ;;
 
229
          no) enable_acct_tools_setuid="no" ;;
 
230
           *) AC_MSG_ERROR(bad value ${enableval} for --enable-account-tools-setuid)
 
231
           ;;
 
232
         esac],
 
233
        [enable_acct_tools_setuid="maybe"]
217
234
)
218
235
 
219
236
AC_ARG_WITH(audit, 
220
237
        [AC_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
221
 
        [with_audit=$withval], [with_audit=yes])
 
238
        [with_audit=$withval], [with_audit=maybe])
222
239
AC_ARG_WITH(libpam,
223
240
        [AC_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
224
 
        [with_libpam=$withval], [with_libpam=yes])
 
241
        [with_libpam=$withval], [with_libpam=maybe])
225
242
AC_ARG_WITH(selinux,
226
 
        [AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=autodetect@:>@])],
227
 
        [with_selinux=$withval], [with_selinux=yes])
 
243
        [AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
 
244
        [with_selinux=$withval], [with_selinux=maybe])
228
245
AC_ARG_WITH(skey,
229
246
        [AC_HELP_STRING([--with-skey], [use S/Key support @<:@default=no@:>@])],
230
247
        [with_skey=$withval], [with_skey=no])
234
251
AC_ARG_WITH(sha-crypt,
235
252
        [AC_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
236
253
        [with_sha_crypt=$withval], [with_sha_crypt=yes])
 
254
AC_ARG_WITH(nscd,
 
255
        [AC_HELP_STRING([--with-nscd], [enable support for nscd @<:@default=yes@:>@])],
 
256
        [with_nscd=$withval], [with_nscd=yes])
 
257
AC_ARG_WITH(group-name-max-length,
 
258
        [AC_HELP_STRING([--with-group-name-max-length], [set max group name length @<:@default=16@:>@])],
 
259
        [with_group_name_max_length=$withval], [with_group_name_max_length=yes])
 
260
 
 
261
if test "$with_group_name_max_length" = "no" ; then
 
262
        with_group_name_max_length=0
 
263
elif test "$with_group_name_max_length" = "yes" ; then
 
264
        with_group_name_max_length=16
 
265
fi
 
266
AC_DEFINE_UNQUOTED(GROUP_NAME_MAX_LENGTH, $with_group_name_max_length, [max group name length])
 
267
AC_SUBST(GROUP_NAME_MAX_LENGTH)
 
268
GROUP_NAME_MAX_LENGTH="$with_group_name_max_length"
237
269
 
238
270
AM_CONDITIONAL(USE_SHA_CRYPT, test "x$with_sha_crypt" = "xyes")
239
271
if test "$with_sha_crypt" = "yes"; then
240
 
                AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
 
272
        AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
 
273
fi
 
274
 
 
275
if test "$with_nscd" = "yes"; then
 
276
        AC_CHECK_FUNC(posix_spawn,
 
277
                      [AC_DEFINE(USE_NSCD, 1, [Define to support flushing of nscd caches])],
 
278
                      [AC_MSG_ERROR([posix_spawn is needed for nscd support])])
241
279
fi
242
280
 
243
281
dnl Check for some functions in libc first, only if not found check for
268
306
        JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
269
307
                [DocBook XSL Stylesheets >= 1.70.1], [], enable_man=no)
270
308
fi
271
 
AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test x$enable_man != xno)
 
309
AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test "x$enable_man" != "xno")
272
310
 
273
311
AC_SUBST(LIBCRYPT)
274
312
AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
275
313
        [AC_MSG_ERROR([crypt() not found])])
276
314
 
277
315
AC_SUBST(LIBAUDIT)
278
 
if test "$with_audit" = "yes"; then
 
316
if test "$with_audit" != "no"; then
279
317
        AC_CHECK_HEADER(libaudit.h, [audit_header="yes"], [audit_header="no"])
 
318
        if test "$audit_header$with_audit" = "noyes" ; then
 
319
                AC_MSG_ERROR([libaudit.h is missing])
 
320
        elif test "$audit_header" = "yes"; then
 
321
                AC_CHECK_DECL(AUDIT_ADD_USER,,[audit_header="no"],[#include <libaudit.h>])
 
322
                AC_CHECK_DECL(AUDIT_DEL_USER,,[audit_header="no"],[#include <libaudit.h>])
 
323
                AC_CHECK_DECL(AUDIT_ADD_GROUP,,[audit_header="no"],[#include <libaudit.h>])
 
324
                AC_CHECK_DECL(AUDIT_DEL_GROUP,,[audit_header="no"],[#include <libaudit.h>])
 
325
                if test "$audit_header$with_audit" = "noyes" ; then
 
326
                        AC_MSG_ERROR([AUDIT_ADD_USER AUDIT_DEL_USER AUDIT_ADD_GROUP or AUDIT_DEL_GROUP missing from libaudit.h])
 
327
                fi
 
328
        fi
280
329
        if test "$audit_header" = "yes"; then
281
330
                AC_CHECK_LIB(audit, audit_log_acct_message,
282
 
                        [AC_DEFINE(WITH_AUDIT, 1, [Define if you want to enable Audit messages])
283
 
                        LIBAUDIT="-laudit"])
 
331
                             [audit_lib="yes"], [audit_lib="no"])
 
332
                if test "$audit_lib$with_audit" = "noyes" ; then
 
333
                        AC_MSG_ERROR([libaudit not found])
 
334
                elif test "$audit_lib" = "no" ; then
 
335
                        with_audit="no"
 
336
                else
 
337
                        AC_DEFINE(WITH_AUDIT, 1,
 
338
                                  [Define if you want to enable Audit messages])
 
339
                        LIBAUDIT="-laudit"
 
340
                        with_audit="yes"
 
341
                fi
 
342
        else
 
343
                with_audit="no"
284
344
        fi
285
345
fi
286
346
 
295
355
                AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
296
356
fi
297
357
 
298
 
if test "$with_selinux" = "yes"; then
299
 
        AC_CHECK_LIB(selinux, is_selinux_enabled,
300
 
                [LIBSELINUX="-lselinux"
301
 
                AC_SUBST(LIBSELINUX)
302
 
                AC_CHECK_HEADERS(selinux/selinux.h, [],
303
 
                        [AC_MSG_ERROR([selinux/selinux.h is missing])])
304
 
                AC_DEFINE(WITH_SELINUX, 1, [Build shadow with SELinux support])
305
 
                ],
306
 
                [AC_MSG_ERROR([libselinux not found])])
 
358
AC_SUBST(LIBSELINUX)
 
359
if test "$with_selinux" != "no"; then
 
360
        AC_CHECK_HEADERS(selinux/selinux.h, [selinux_header="yes"], [selinux_header="no"])
 
361
        if test "$selinux_header$with_selinux" = "noyes" ; then
 
362
                AC_MSG_ERROR([selinux/selinux.h is missing])
 
363
        elif test "$selinux_header" = "yes" ; then
 
364
                AC_CHECK_LIB(selinux, is_selinux_enabled,
 
365
                             [selinux_lib="yes"], [selinux_lib="no"])
 
366
                if test "$selinux_lib$with_selinux" = "noyes" ; then
 
367
                        AC_MSG_ERROR([libselinux not found])
 
368
                elif test "$selinux_lib" = "no" ; then
 
369
                        with_selinux="no"
 
370
                else
 
371
                        AC_DEFINE(WITH_SELINUX, 1,
 
372
                                  [Build shadow with SELinux support])
 
373
                        LIBSELINUX="-lselinux"
 
374
                        with_selinux="yes"
 
375
                fi
 
376
        else
 
377
                with_selinux="no"
 
378
        fi
307
379
fi
308
380
 
309
381
AC_SUBST(LIBPAM)
310
 
if test "$with_libpam" = "yes"; then
 
382
if test "$with_libpam" != "no"; then
311
383
        AC_CHECK_LIB(pam, pam_start,
312
 
                [AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
313
 
                AM_CONDITIONAL(USE_PAM, [true])
314
 
                LIBPAM="-lpam"
315
 
                AC_CHECK_LIB(pam_misc, main,
316
 
                        [LIBPAM="$LIBPAM -lpam_misc"],
317
 
                        AC_MSG_ERROR(libpam_misc is missing for enable PAM support)
318
 
                )],
319
 
                [AC_MSG_CHECKING(use login access checking if PAM not used)
320
 
                AM_CONDITIONAL(USE_PAM, [false])
321
 
                AC_MSG_RESULT(yes)]
322
 
        )
 
384
                     [pam_lib="yes"], [pam_lib="no"])
 
385
        if test "$pam_lib$with_libpam" = "noyes" ; then
 
386
                AC_MSG_ERROR(libpam not found)
 
387
        fi
 
388
 
 
389
        LIBPAM="-lpam"
 
390
        pam_conv_function="no"
 
391
 
 
392
        AC_CHECK_LIB(pam, openpam_ttyconv,
 
393
                     [pam_conv_function="openpam_ttyconv"],
 
394
                     AC_CHECK_LIB(pam_misc, misc_conv,
 
395
                                  [pam_conv_function="misc_conv"; LIBPAM="$LIBPAM -lpam_misc"])
 
396
                    )
 
397
 
 
398
        if test "$pam_conv_function$with_libpam" = "noyes" ; then
 
399
                AC_MSG_ERROR(PAM conversation function not found)
 
400
        fi
 
401
 
 
402
        pam_headers_found=no
 
403
        AC_CHECK_HEADERS( [security/openpam.h security/pam_misc.h],
 
404
                         [ pam_headers_found=yes ; break ], [],
 
405
                         [ #include <security/pam_appl.h> ] )
 
406
        if test "$pam_headers_found$with_libpam" = "noyes" ; then
 
407
                        AC_MSG_ERROR(PAM headers not found)
 
408
        fi
 
409
 
 
410
 
 
411
        if test "$pam_lib$pam_headers_found" = "yesyes" -a "$pam_conv_function" != "no" ; then
 
412
                with_libpam="yes"
 
413
        else
 
414
                with_libpam="no"
 
415
        fi
 
416
fi
 
417
dnl Now with_libpam is either yes or no
 
418
if test "$with_libpam" = "yes"; then
 
419
        AC_CHECK_DECLS([PAM_ESTABLISH_CRED,
 
420
                        PAM_DELETE_CRED,
 
421
                        PAM_NEW_AUTHTOK_REQD,
 
422
                        PAM_DATA_SILENT],
 
423
                       [], [], [#include <security/pam_appl.h>])
 
424
 
 
425
 
 
426
        save_libs=$LIBS
 
427
        LIBS="$LIBS $LIBPAM"
 
428
        # We do not use AC_CHECK_FUNCS to avoid duplicated definition with
 
429
        # Linux PAM.
 
430
        AC_CHECK_FUNC(pam_fail_delay, [AC_DEFINE(HAS_PAM_FAIL_DELAY, 1, [Define to 1 if you have the declaration of 'pam_fail_delay'])])
 
431
        LIBS=$save_libs
 
432
 
 
433
        AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
 
434
        AC_DEFINE_UNQUOTED(SHADOW_PAM_CONVERSATION, [$pam_conv_function],[PAM converstation to use])
 
435
        AM_CONDITIONAL(USE_PAM, [true])
 
436
 
323
437
        AC_MSG_CHECKING(use login and su access checking if PAM not used)
324
438
        AC_MSG_RESULT(no)
325
439
else
326
 
        AC_MSG_CHECKING(use login and su access checking if PAM not used)
327
440
        AC_DEFINE(SU_ACCESS, 1, [Define to support /etc/suauth su access control.])
 
441
        AM_CONDITIONAL(USE_PAM, [false])
 
442
        AC_MSG_CHECKING(use login and su access checking if PAM not used)
328
443
        AC_MSG_RESULT(yes)
329
 
        AM_CONDITIONAL(USE_PAM, [false])
330
 
fi
 
444
fi
 
445
 
 
446
if test "$enable_acct_tools_setuid" != "no"; then
 
447
        if test "$with_libpam" != "yes"; then
 
448
                if test "$enable_acct_tools_setuid" = "yes"; then
 
449
                        AC_MSG_ERROR(PAM support is required for --enable-account-tools-setuid)
 
450
                else
 
451
                        enable_acct_tools_setuid="no"
 
452
                fi
 
453
        fi
 
454
        if test "$enable_acct_tools_setuid" = "yes"; then
 
455
                AC_DEFINE(ACCT_TOOLS_SETUID,
 
456
                          1,
 
457
                          [Define if account management tools should be installed setuid and authenticate the callers])
 
458
        fi
 
459
fi
 
460
AM_CONDITIONAL(ACCT_TOOLS_SETUID, test "x$enable_acct_tools_setuid" = "xyes")
331
461
 
332
462
AC_SUBST(LIBSKEY)
333
463
AC_SUBST(LIBMD)
353
483
        po/Makefile.in
354
484
        doc/Makefile
355
485
        man/Makefile
 
486
        man/config.xml
356
487
        man/po/Makefile.in
357
488
        man/cs/Makefile
358
489
        man/de/Makefile
387
518
echo "  auditing support:               $with_audit"
388
519
echo "  CrackLib support:               $with_libcrack"
389
520
echo "  PAM support:                    $with_libpam"
 
521
if test "$with_libpam" = "yes"; then
 
522
echo "  suid account management tools:  $enable_acct_tools_setuid"
 
523
fi
390
524
echo "  SELinux support:                $with_selinux"
391
525
echo "  shadow group support:           $enable_shadowgrp"
392
526
echo "  S/Key support:                  $with_skey"
393
527
echo "  SHA passwords encryption:       $with_sha_crypt"
 
528
echo "  nscd support:                   $with_nscd"
394
529
echo