mirror of
https://github.com/shadow-maint/shadow.git
synced 2024-11-24 10:35:01 +08:00
9adfc136b6
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c, libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c: Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(), xgetgrgid(), and xgetspnam(). They allocate memory for the returned structure and are more robust to successive calls. They are implemented with the libc's getxxyyy_r() functions if available. * libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c, libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c, libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c, src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c, src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c, src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/groupadd.c, src/chage.c, src/login.c, src/suauth.c, src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the usage of one of the getpwnam(), getpwuid(), getgrnam(), getgrgid(), and getspnam() functions. It was noticed on http://bugs.debian.org/341230 that chfn and chsh use a passwd structure after calling a pam function, which result in using information from the passwd structure requested by pam, not the original one. It is much easier to use the new xget... functions to avoid these issues. I've checked which call to the original get... functions could be left (reducing the scope of the structure if possible), and I've left comments to ease future reviews (e.g. /* local, no need for xgetpwnam */). Note: the getpwent/getgrent calls should probably be checked also. * src/groupdel.c, src/expiry.c: Fix typos in comments. * src/groupmod.c: Re-indent. * libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c, lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup functions (used by the xget... functions) from the <xx>io.c files to the new <xx>mem.c files. This avoid linking some utils against the SELinux library.
381 lines
11 KiB
Plaintext
381 lines
11 KiB
Plaintext
dnl Process this file with autoconf to produce a configure script.
|
|
AC_INIT
|
|
AM_INIT_AUTOMAKE(shadow, 4.0.18.2)
|
|
AC_CONFIG_HEADERS([config.h])
|
|
|
|
dnl Some hacks...
|
|
test "$prefix" = "NONE" && prefix="/usr"
|
|
test "$prefix" = "/usr" && exec_prefix=""
|
|
|
|
AC_GNU_SOURCE
|
|
|
|
AM_DISABLE_SHARED
|
|
AM_ENABLE_STATIC
|
|
|
|
AM_MAINTAINER_MODE
|
|
|
|
dnl Checks for programs.
|
|
AC_PROG_CC
|
|
AC_ISC_POSIX
|
|
AC_PROG_LN_S
|
|
AC_PROG_YACC
|
|
AM_C_PROTOTYPES
|
|
AM_PROG_LIBTOOL
|
|
|
|
dnl Checks for libraries.
|
|
|
|
dnl Checks for header files.
|
|
AC_HEADER_DIRENT
|
|
AC_HEADER_STDC
|
|
AC_HEADER_SYS_WAIT
|
|
|
|
AC_CHECK_HEADERS(errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
|
|
utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
|
|
utime.h ulimit.h sys/resource.h gshadow.h shadow.h lastlog.h \
|
|
locale.h rpc/key_prot.h netdb.h)
|
|
|
|
AC_CHECK_FUNCS(l64a fchmod fchown fsync getgroups gethostname getspnam \
|
|
gettimeofday getusershell getutent initgroups lchown lckpwdf lstat \
|
|
memcpy memset setgroups sigaction strchr updwtmp updwtmpx innetgr \
|
|
getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
|
|
AC_SYS_LARGEFILE
|
|
|
|
dnl Checks for typedefs, structures, and compiler characteristics.
|
|
AC_C_CONST
|
|
AC_TYPE_UID_T
|
|
AC_TYPE_OFF_T
|
|
AC_TYPE_PID_T
|
|
AC_TYPE_MODE_T
|
|
AC_HEADER_STAT
|
|
AC_CHECK_MEMBERS([struct stat.st_rdev])
|
|
AC_HEADER_TIME
|
|
AC_STRUCT_TM
|
|
|
|
if test "$ac_cv_header_utmp_h" = "yes"; then
|
|
AC_CACHE_CHECK(for ut_host in struct utmp,
|
|
ac_cv_struct_utmp_ut_host,
|
|
AC_COMPILE_IFELSE(
|
|
[AC_LANG_PROGRAM([#include <utmp.h>],
|
|
[struct utmp ut; char *cp = ut.ut_host;]
|
|
)],
|
|
[ac_cv_struct_utmp_ut_host=yes],
|
|
[ac_cv_struct_utmp_ut_host=no]
|
|
)
|
|
)
|
|
|
|
if test "$ac_cv_struct_utmp_ut_host" = "yes"; then
|
|
AC_DEFINE(UT_HOST, 1, [Define if you have ut_host in struct utmp.])
|
|
fi
|
|
|
|
AC_CACHE_CHECK(for ut_user in struct utmp,
|
|
ac_cv_struct_utmp_ut_user,
|
|
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <utmp.h>],
|
|
[struct utmp ut; char *cp = ut.ut_user;]
|
|
)],
|
|
[ac_cv_struct_utmp_ut_user=yes],
|
|
[ac_cv_struct_utmp_ut_user=no]
|
|
)
|
|
)
|
|
|
|
if test "$ac_cv_struct_utmp_ut_user" = "no"; then
|
|
AC_DEFINE(ut_user, ut_name,
|
|
[Define to ut_name if struct utmp has ut_name (not ut_user).])
|
|
fi
|
|
fi
|
|
|
|
if test "$ac_cv_header_lastlog_h" = "yes"; then
|
|
AC_CACHE_CHECK(for ll_host in struct lastlog,
|
|
ac_cv_struct_lastlog_ll_host,
|
|
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <lastlog.h>],
|
|
[struct lastlog ll; char *cp = ll.ll_host;]
|
|
)],
|
|
[ac_cv_struct_lastlog_ll_host=yes],
|
|
[ac_cv_struct_lastlog_ll_host=no]
|
|
)
|
|
)
|
|
|
|
if test "$ac_cv_struct_lastlog_ll_host" = "yes"; then
|
|
AC_DEFINE(HAVE_LL_HOST, 1,
|
|
[Define if struct lastlog has ll_host])
|
|
fi
|
|
fi
|
|
|
|
dnl Checks for library functions.
|
|
AC_TYPE_GETGROUPS
|
|
AC_TYPE_SIGNAL
|
|
AC_FUNC_UTIME_NULL
|
|
AC_FUNC_STRFTIME
|
|
AC_REPLACE_FUNCS(mkdir putgrent putpwent putspent rename rmdir)
|
|
AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
|
|
AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr)
|
|
|
|
AC_CHECK_FUNC(setpgrp)
|
|
AC_FUNC_SETPGRP
|
|
|
|
if test "$ac_cv_header_shadow_h" = "yes"; then
|
|
AC_CACHE_CHECK(for working shadow group support,
|
|
ac_cv_libc_shadowgrp,
|
|
AC_RUN_IFELSE([AC_LANG_SOURCE([
|
|
#include <shadow.h>
|
|
main()
|
|
{
|
|
struct sgrp *sg = sgetsgent("test:x::");
|
|
/* NYS libc on Red Hat 3.0.3 has broken shadow group support */
|
|
return !sg || !sg->sg_adm || !sg->sg_mem;
|
|
}]
|
|
)],
|
|
[ac_cv_libc_shadowgrp=yes],
|
|
[ac_cv_libc_shadowgrp=no],
|
|
[ac_cv_libc_shadowgrp=no]
|
|
)
|
|
)
|
|
|
|
if test "$ac_cv_libc_shadowgrp" = "yes"; then
|
|
AC_DEFINE(HAVE_SHADOWGRP, 1, [Have working shadow group support in libc])
|
|
fi
|
|
fi
|
|
|
|
AC_CACHE_CHECK([location of shared mail directory], shadow_cv_maildir,
|
|
[for shadow_cv_maildir in /var/mail /var/spool/mail /usr/spool/mail /usr/mail none; do
|
|
if test -d $shadow_cv_maildir; then
|
|
break
|
|
fi
|
|
done])
|
|
if test $shadow_cv_maildir != none; then
|
|
AC_DEFINE_UNQUOTED(MAIL_SPOOL_DIR, "$shadow_cv_maildir",
|
|
[Location of system mail spool directory.])
|
|
fi
|
|
|
|
AC_CACHE_CHECK([location of user mail file], shadow_cv_mailfile,
|
|
[for shadow_cv_mailfile in Mailbox mailbox Mail mail .mail none; do
|
|
if test -f $HOME/$shadow_cv_mailfile; then
|
|
break
|
|
fi
|
|
done])
|
|
if test $shadow_cv_mailfile != none; then
|
|
AC_DEFINE_UNQUOTED(MAIL_SPOOL_FILE, "$shadow_cv_mailfile",
|
|
[Name of user's mail spool file if stored in user's home directory.])
|
|
fi
|
|
|
|
AC_CACHE_CHECK([location of utmp], shadow_cv_utmpdir,
|
|
[for shadow_cv_utmpdir in /var/run /var/adm /usr/adm /etc none; do
|
|
if test -f $shadow_cv_utmpdir/utmp; then
|
|
break
|
|
fi
|
|
done])
|
|
if test "$shadow_cv_utmpdir" = "none"; then
|
|
AC_MSG_WARN(utmp file not found)
|
|
fi
|
|
AC_DEFINE_UNQUOTED(_UTMP_FILE, "$shadow_cv_utmpdir/utmp",
|
|
[Path for utmp file.])
|
|
|
|
AC_CACHE_CHECK([location of faillog/lastlog/wtmp], shadow_cv_logdir,
|
|
[for shadow_cv_logdir in /var/log /var/adm /usr/adm /etc; do
|
|
if test -d $shadow_cv_logdir; then
|
|
break
|
|
fi
|
|
done])
|
|
AC_DEFINE_UNQUOTED(_WTMP_FILE, "$shadow_cv_logdir/wtmp",
|
|
[Path for wtmp file.])
|
|
AC_DEFINE_UNQUOTED(LASTLOG_FILE, "$shadow_cv_logdir/lastlog",
|
|
[Path for lastlog file.])
|
|
AC_DEFINE_UNQUOTED(FAILLOG_FILE, "$shadow_cv_logdir/faillog",
|
|
[Path for faillog file.])
|
|
|
|
AC_CACHE_CHECK([location of the passwd program], shadow_cv_passwd_dir,
|
|
[if test -f /usr/bin/passwd; then
|
|
shadow_cv_passwd_dir=/usr/bin
|
|
else
|
|
shadow_cv_passwd_dir=/bin
|
|
fi])
|
|
AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
|
|
[Path to passwd program.])
|
|
|
|
dnl XXX - quick hack, should disappear before anyone notices :).
|
|
AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().])
|
|
AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
|
|
AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
|
|
|
|
AC_ARG_ENABLE(shadowgrp,
|
|
[AC_HELP_STRING([--enable-shadowgrp], [enable shadow group support @<:@default=yes@:>@])],
|
|
[case "${enableval}" in
|
|
yes) enable_shadowgrp="yes" ;;
|
|
no) enable_shadowgrp="no" ;;
|
|
*) AC_MSG_ERROR(bad value ${enableval} for --enable-shadowgrp) ;;
|
|
esac],
|
|
[enable_shadowgrp="yes"]
|
|
)
|
|
|
|
AC_ARG_ENABLE(man,
|
|
[AC_HELP_STRING([--enable-man],
|
|
[regenerate roff man pages from Docbook @<:@default=no@:>@])],
|
|
[enable_man=yes],
|
|
[enable_man=no]
|
|
)
|
|
|
|
AC_ARG_WITH(audit,
|
|
[AC_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
|
|
[with_audit=$withval], [with_audit=yes])
|
|
AC_ARG_WITH(libpam,
|
|
[AC_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
|
|
[with_libpam=$withval], [with_libpam=yes])
|
|
AC_ARG_WITH(selinux,
|
|
[AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=autodetect@:>@])],
|
|
[with_selinux=$withval], [with_selinux=yes])
|
|
AC_ARG_WITH(skey,
|
|
[AC_HELP_STRING([--with-skey], [use S/Key support @<:@default=no@:>@])],
|
|
[with_skey=$withval], [with_skey=no])
|
|
AC_ARG_WITH(libcrack,
|
|
[AC_HELP_STRING([--with-libcrack], [use libcrack @<:@default=yes if found and if PAM not enabled@:>@])],
|
|
[with_libcrack=$withval], [with_libcrack=no])
|
|
|
|
dnl Check for some functions in libc first, only if not found check for
|
|
dnl other libraries. This should prevent linking libnsl if not really
|
|
dnl needed (Linux glibc, Irix), but still link it if needed (Solaris).
|
|
|
|
AC_SEARCH_LIBS(inet_ntoa, inet)
|
|
AC_SEARCH_LIBS(socket, socket)
|
|
AC_SEARCH_LIBS(gethostbyname, nsl)
|
|
|
|
if test "$enable_shadowgrp" = "yes"; then
|
|
AC_DEFINE(SHADOWGRP, 1, [Define to support the shadow group file.])
|
|
fi
|
|
|
|
if test "$enable_man" = "yes"; then
|
|
dnl
|
|
dnl Check for xsltproc
|
|
dnl
|
|
AC_PATH_PROG([XSLTPROC], [xsltproc])
|
|
if test -z "$XSLTPROC"; then
|
|
enable_man=no
|
|
fi
|
|
|
|
dnl check for DocBook DTD and stylesheets in the local catalog.
|
|
JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.1.2//EN],
|
|
[DocBook XML DTD V4.1.2], [], enable_man=no)
|
|
JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
|
|
[DocBook XSL Stylesheets >= 1.70.1], [], enable_man=no)
|
|
fi
|
|
AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test x$enable_man != xno)
|
|
|
|
AC_SUBST(LIBCRYPT)
|
|
AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
|
|
[AC_MSG_ERROR([crypt() not found])])
|
|
|
|
AC_SUBST(LIBAUDIT)
|
|
if test "$with_audit" = "yes"; then
|
|
AC_CHECK_HEADER(libaudit.h, [audit_header="yes"], [audit_header="no"])
|
|
if test "$audit_header" = "yes"; then
|
|
AC_CHECK_LIB(audit, audit_log_acct_message,
|
|
[AC_DEFINE(WITH_AUDIT, 1, [Define if you want to enable Audit messages])
|
|
LIBAUDIT="-laudit"])
|
|
fi
|
|
fi
|
|
|
|
AC_SUBST(LIBCRACK)
|
|
if test "$with_libcrack" = "yes"; then
|
|
echo "checking cracklib flavour, don't be surprised by the results"
|
|
AC_CHECK_LIB(crack, FascistCheck,
|
|
[LIBCRACK=-lcrack AC_DEFINE(HAVE_LIBCRACK, 1, [Defined if you have libcrack.])])
|
|
AC_CHECK_LIB(crack, FascistHistory,
|
|
AC_DEFINE(HAVE_LIBCRACK_HIST, 1, [Defined if you have the ts&szs cracklib.]))
|
|
AC_CHECK_LIB(crack, FascistHistoryPw,
|
|
AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
|
|
fi
|
|
|
|
if test "$with_selinux" = "yes"; then
|
|
AC_CHECK_LIB(selinux, is_selinux_enabled,
|
|
[LIBSELINUX="-lselinux"
|
|
AC_SUBST(LIBSELINUX)
|
|
AC_CHECK_HEADERS(selinux/selinux.h, [],
|
|
[AC_MSG_ERROR([selinux/selinux.h is missing])])
|
|
AC_DEFINE(WITH_SELINUX, 1, [Build shadow with SELinux support])
|
|
],
|
|
[AC_MSG_ERROR([libselinux not found])])
|
|
fi
|
|
|
|
AC_SUBST(LIBPAM)
|
|
if test "$with_libpam" = "yes"; then
|
|
AC_CHECK_LIB(pam, pam_start,
|
|
[AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
|
|
AM_CONDITIONAL(USE_PAM, [true])
|
|
LIBPAM="-lpam"
|
|
AC_CHECK_LIB(pam_misc, main,
|
|
[LIBPAM="$LIBPAM -lpam_misc"],
|
|
AC_MSG_ERROR(libpam_misc is missing for enable PAM support)
|
|
)],
|
|
[AC_MSG_CHECKING(use login access checking if PAM not used)
|
|
AM_CONDITIONAL(USE_PAM, [false])
|
|
AC_MSG_RESULT(yes)]
|
|
)
|
|
AC_MSG_CHECKING(use login and su access checking if PAM not used)
|
|
AC_MSG_RESULT(no)
|
|
else
|
|
AC_MSG_CHECKING(use login and su access checking if PAM not used)
|
|
AC_DEFINE(SU_ACCESS, 1, [Define to support /etc/suauth su access control.])
|
|
AC_MSG_RESULT(yes)
|
|
AM_CONDITIONAL(USE_PAM, [false])
|
|
fi
|
|
|
|
AC_SUBST(LIBSKEY)
|
|
AC_SUBST(LIBMD)
|
|
if test "$with_skey" = "yes"; then
|
|
AC_CHECK_LIB(md, MD5Init, [LIBMD=-lmd])
|
|
AC_CHECK_LIB(skey, skeychallenge, [LIBSKEY=-lskey],
|
|
[AC_MSG_ERROR([liskey missing. You can download S/Key source code from http://rsync1.it.gentoo.org/gentoo/distfiles/skey-1.1.5.tar.bz2])])
|
|
AC_DEFINE(SKEY, 1, [Define to support S/Key logins.])
|
|
AC_TRY_COMPILE([
|
|
#include <stdio.h>
|
|
#include <skey.h>
|
|
],[
|
|
skeychallenge((void*)0, (void*)0, (void*)0, 0);
|
|
],[AC_DEFINE(SKEY_BSD_STYLE, 1, [Define to support newer BSD S/Key API])])
|
|
fi
|
|
|
|
AM_GNU_GETTEXT_VERSION(0.16)
|
|
AM_GNU_GETTEXT([external], [need-ngettext])
|
|
AM_CONDITIONAL(USE_NLS, test "x$USE_NLS" = "xyes")
|
|
|
|
AC_CONFIG_FILES([
|
|
Makefile
|
|
po/Makefile.in
|
|
doc/Makefile
|
|
man/Makefile
|
|
man/cs/Makefile
|
|
man/de/Makefile
|
|
man/es/Makefile
|
|
man/fi/Makefile
|
|
man/fr/Makefile
|
|
man/hu/Makefile
|
|
man/id/Makefile
|
|
man/it/Makefile
|
|
man/ja/Makefile
|
|
man/ko/Makefile
|
|
man/pl/Makefile
|
|
man/pt_BR/Makefile
|
|
man/ru/Makefile
|
|
man/sv/Makefile
|
|
man/tr/Makefile
|
|
man/zh_CN/Makefile
|
|
man/zh_TW/Makefile
|
|
libmisc/Makefile
|
|
lib/Makefile
|
|
src/Makefile
|
|
contrib/Makefile
|
|
etc/Makefile
|
|
etc/pam.d/Makefile
|
|
shadow.spec
|
|
])
|
|
AC_OUTPUT
|
|
|
|
echo
|
|
echo "shadow will be compiled with the following features:"
|
|
echo
|
|
echo " auditing support: $with_audit"
|
|
echo " CrackLib support: $with_libcrack"
|
|
echo " PAM support: $with_libpam"
|
|
echo " SELinux support: $with_selinux"
|
|
echo " shadow group support: $enable_shadowgrp"
|
|
echo " S/Key support: $with_skey"
|
|
echo
|