2007-10-07 17:14:02 +05:30
|
|
|
dnl Process this file with autoconf to produce a configure script.
|
2020-04-19 01:27:56 +05:30
|
|
|
AC_PREREQ([2.69])
|
2021-11-27 22:19:03 +05:30
|
|
|
m4_define([libsubid_abi_major], 4)
|
2020-04-19 01:27:56 +05:30
|
|
|
m4_define([libsubid_abi_minor], 0)
|
|
|
|
|
m4_define([libsubid_abi_micro], 0)
|
|
|
|
|
m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
|
2022-11-08 21:59:30 +05:30
|
|
|
AC_INIT([shadow], [4.13], [pkg-shadow-devel@lists.alioth.debian.org], [],
|
2016-12-06 02:13:20 +05:30
|
|
|
[https://github.com/shadow-maint/shadow])
|
2016-12-06 02:27:34 +05:30
|
|
|
AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
|
2020-04-19 01:27:56 +05:30
|
|
|
AC_CONFIG_MACRO_DIRS([m4])
|
2016-12-06 02:32:55 +05:30
|
|
|
AM_SILENT_RULES([yes])
|
2007-10-07 17:15:23 +05:30
|
|
|
AC_CONFIG_HEADERS([config.h])
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2020-04-19 01:27:56 +05:30
|
|
|
AC_SUBST([LIBSUBID_ABI_MAJOR], [libsubid_abi_major])
|
|
|
|
|
AC_SUBST([LIBSUBID_ABI_MINOR], [libsubid_abi_minor])
|
|
|
|
|
AC_SUBST([LIBSUBID_ABI_MICRO], [libsubid_abi_micro])
|
|
|
|
|
AC_SUBST([LIBSUBID_ABI], [libsubid_abi])
|
|
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
dnl Some hacks...
|
|
|
|
|
test "$prefix" = "NONE" && prefix="/usr"
|
|
|
|
|
test "$prefix" = "/usr" && exec_prefix=""
|
|
|
|
|
|
2022-05-09 22:06:02 +05:30
|
|
|
AC_USE_SYSTEM_EXTENSIONS
|
2007-10-07 17:16:07 +05:30
|
|
|
|
2022-08-05 21:10:12 +05:30
|
|
|
AC_ENABLE_STATIC
|
|
|
|
|
AC_ENABLE_SHARED
|
2007-10-07 17:14:51 +05:30
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
AM_MAINTAINER_MODE
|
|
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
dnl Checks for programs.
|
|
|
|
|
AC_PROG_CC
|
|
|
|
|
AC_PROG_LN_S
|
|
|
|
|
AC_PROG_YACC
|
2022-05-09 22:06:02 +05:30
|
|
|
LT_INIT
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
|
dnl Checks for libraries.
|
|
|
|
|
|
|
|
|
|
dnl Checks for header files.
|
2022-12-03 02:18:51 +05:30
|
|
|
AC_CHECK_HEADERS(crypt.h utmp.h \
|
2022-12-03 02:24:18 +05:30
|
|
|
termio.h sgtty.h sys/ioctl.h paths.h \
|
2022-12-03 02:50:55 +05:30
|
|
|
sys/capability.h sys/random.h \
|
2022-12-03 02:54:56 +05:30
|
|
|
gshadow.h lastlog.h rpc/key_prot.h acl/libacl.h \
|
2021-07-04 15:40:11 +05:30
|
|
|
attr/libattr.h attr/error_context.h)
|
2007-10-07 17:14:51 +05:30
|
|
|
|
2008-01-05 22:03:43 +05:30
|
|
|
dnl shadow now uses the libc's shadow implementation
|
|
|
|
|
AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
|
|
|
|
|
|
2022-12-03 03:02:59 +05:30
|
|
|
AC_CHECK_FUNCS(arc4random_buf futimes \
|
2021-12-30 19:26:52 +05:30
|
|
|
getentropy getrandom getspnam getusershell \
|
2023-02-11 02:46:21 +05:30
|
|
|
initgroups lckpwdf lutimes mempcpy \
|
2022-12-03 03:09:28 +05:30
|
|
|
setgroups updwtmp updwtmpx innetgr \
|
2022-12-03 03:12:39 +05:30
|
|
|
getspnam_r \
|
libmisc/yesno.c: Use getline(3) and rpmatch(3)
getline(3) is much more readable than manually looping. It has some
overhead due to the allocation of a buffer, but that shouldn't be a
problem here. If that was a problem, we could reuse the buffer (thus
making the function non-reentrant), but I don't think that's worth the
extra complexity.
Using rpmatch(3) instead of a simple y/n test provides i18n to the
response checking. We have a fall-back minimalistic implementation for
systems that lack this function (e.g., musl libc).
While we're at it, apply some other minor improvements to this file:
- Remove comment saying which files use this function. That's likely
to get outdated. And anyway, it's just a grep(1) away, so it doesn't
really add any value.
- Remove unnecessary casts to (void) that were used to verbosely ignore
errors from stdio calls. They add clutter without really adding much
value to the code (or I don't see it).
- Remove comments from the function body. They make the function less
readable. Instead, centralize the description of the function into a
man-page-like comment before the function definition. This keeps the
function body short and sweet.
- Add '#include <stdbool.h>', which was missing.
- Minor whitespace style changes (it doesn't hurt the diff at this
point, since most of the affected lines were already touched by other
changes, so I applied my preferred style :).
Acked-by: Samanta Navarro <ferivoz@riseup.net>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2023-04-22 05:29:33 +05:30
|
|
|
rpmatch \
|
2023-02-11 03:04:37 +05:30
|
|
|
memset_explicit explicit_bzero stpecpy stpeprintf)
|
2007-10-07 17:15:58 +05:30
|
|
|
AC_SYS_LARGEFILE
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
|
dnl Checks for typedefs, structures, and compiler characteristics.
|
|
|
|
|
|
2009-04-22 04:09:14 +05:30
|
|
|
AC_CHECK_MEMBERS([struct utmp.ut_type,
|
|
|
|
|
struct utmp.ut_id,
|
|
|
|
|
struct utmp.ut_name,
|
|
|
|
|
struct utmp.ut_user,
|
|
|
|
|
struct utmp.ut_host,
|
|
|
|
|
struct utmp.ut_syslen,
|
|
|
|
|
struct utmp.ut_addr,
|
|
|
|
|
struct utmp.ut_addr_v6,
|
|
|
|
|
struct utmp.ut_time,
|
|
|
|
|
struct utmp.ut_xtime,
|
|
|
|
|
struct utmp.ut_tv],,,[[#include <utmp.h>]])
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
|
if test "$ac_cv_header_lastlog_h" = "yes"; then
|
|
|
|
|
AC_CACHE_CHECK(for ll_host in struct lastlog,
|
2007-10-07 17:15:23 +05:30
|
|
|
ac_cv_struct_lastlog_ll_host,
|
|
|
|
|
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <lastlog.h>],
|
|
|
|
|
[struct lastlog ll; char *cp = ll.ll_host;]
|
|
|
|
|
)],
|
|
|
|
|
[ac_cv_struct_lastlog_ll_host=yes],
|
|
|
|
|
[ac_cv_struct_lastlog_ll_host=no]
|
|
|
|
|
)
|
|
|
|
|
)
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
|
if test "$ac_cv_struct_lastlog_ll_host" = "yes"; then
|
2007-10-07 17:16:34 +05:30
|
|
|
AC_DEFINE(HAVE_LL_HOST, 1,
|
|
|
|
|
[Define if struct lastlog has ll_host])
|
2007-10-07 17:14:02 +05:30
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
dnl Checks for library functions.
|
|
|
|
|
AC_TYPE_GETGROUPS
|
|
|
|
|
AC_FUNC_UTIME_NULL
|
2022-12-12 23:50:47 +05:30
|
|
|
AC_REPLACE_FUNCS(putgrent putpwent putspent)
|
2007-10-07 17:14:02 +05:30
|
|
|
AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
|
|
|
|
|
|
|
|
|
|
AC_CHECK_FUNC(setpgrp)
|
2019-03-31 20:29:45 +05:30
|
|
|
AC_CHECK_FUNC(secure_getenv, [AC_DEFINE(HAS_SECURE_GETENV,
|
|
|
|
|
1,
|
|
|
|
|
[Defined to 1 if you have the declaration of 'secure_getenv'])])
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
|
if test "$ac_cv_header_shadow_h" = "yes"; then
|
2007-10-07 17:16:34 +05:30
|
|
|
AC_CACHE_CHECK(for working shadow group support,
|
|
|
|
|
ac_cv_libc_shadowgrp,
|
|
|
|
|
AC_RUN_IFELSE([AC_LANG_SOURCE([
|
|
|
|
|
#include <shadow.h>
|
2022-11-21 16:22:45 +05:30
|
|
|
#ifdef HAVE_GSHADOW_H
|
|
|
|
|
#include <gshadow.h>
|
|
|
|
|
#endif
|
|
|
|
|
int
|
2007-10-07 17:16:34 +05:30
|
|
|
main()
|
|
|
|
|
{
|
|
|
|
|
struct sgrp *sg = sgetsgent("test:x::");
|
|
|
|
|
/* NYS libc on Red Hat 3.0.3 has broken shadow group support */
|
|
|
|
|
return !sg || !sg->sg_adm || !sg->sg_mem;
|
|
|
|
|
}]
|
|
|
|
|
)],
|
|
|
|
|
[ac_cv_libc_shadowgrp=yes],
|
|
|
|
|
[ac_cv_libc_shadowgrp=no],
|
|
|
|
|
[ac_cv_libc_shadowgrp=no]
|
|
|
|
|
)
|
2007-10-07 17:15:23 +05:30
|
|
|
)
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:16:34 +05:30
|
|
|
if test "$ac_cv_libc_shadowgrp" = "yes"; then
|
|
|
|
|
AC_DEFINE(HAVE_SHADOWGRP, 1, [Have working shadow group support in libc])
|
|
|
|
|
fi
|
2007-10-07 17:14:02 +05:30
|
|
|
fi
|
|
|
|
|
|
2007-10-07 17:15:40 +05:30
|
|
|
AC_CACHE_CHECK([location of shared mail directory], shadow_cv_maildir,
|
2007-10-07 17:15:49 +05:30
|
|
|
[for shadow_cv_maildir in /var/mail /var/spool/mail /usr/spool/mail /usr/mail none; do
|
|
|
|
|
if test -d $shadow_cv_maildir; then
|
2007-10-07 17:14:02 +05:30
|
|
|
break
|
|
|
|
|
fi
|
2007-10-07 17:15:40 +05:30
|
|
|
done])
|
2007-10-07 17:15:49 +05:30
|
|
|
if test $shadow_cv_maildir != none; then
|
2007-10-07 17:16:34 +05:30
|
|
|
AC_DEFINE_UNQUOTED(MAIL_SPOOL_DIR, "$shadow_cv_maildir",
|
|
|
|
|
[Location of system mail spool directory.])
|
2007-10-07 17:15:49 +05:30
|
|
|
fi
|
2007-10-07 17:15:40 +05:30
|
|
|
|
|
|
|
|
AC_CACHE_CHECK([location of user mail file], shadow_cv_mailfile,
|
2007-10-07 17:15:49 +05:30
|
|
|
[for shadow_cv_mailfile in Mailbox mailbox Mail mail .mail none; do
|
2007-10-07 17:15:40 +05:30
|
|
|
if test -f $HOME/$shadow_cv_mailfile; then
|
2007-10-07 17:14:02 +05:30
|
|
|
break
|
|
|
|
|
fi
|
2007-10-07 17:15:40 +05:30
|
|
|
done])
|
2007-10-07 17:15:49 +05:30
|
|
|
if test $shadow_cv_mailfile != none; then
|
2007-10-07 17:16:34 +05:30
|
|
|
AC_DEFINE_UNQUOTED(MAIL_SPOOL_FILE, "$shadow_cv_mailfile",
|
|
|
|
|
[Name of user's mail spool file if stored in user's home directory.])
|
2007-10-07 17:15:49 +05:30
|
|
|
fi
|
2007-10-07 17:15:40 +05:30
|
|
|
|
|
|
|
|
AC_CACHE_CHECK([location of utmp], shadow_cv_utmpdir,
|
2007-10-07 17:16:07 +05:30
|
|
|
[for shadow_cv_utmpdir in /var/run /var/adm /usr/adm /etc none; do
|
2007-10-07 17:15:40 +05:30
|
|
|
if test -f $shadow_cv_utmpdir/utmp; then
|
2007-10-07 17:14:02 +05:30
|
|
|
break
|
|
|
|
|
fi
|
2007-10-07 17:15:40 +05:30
|
|
|
done])
|
|
|
|
|
if test "$shadow_cv_utmpdir" = "none"; then
|
|
|
|
|
AC_MSG_WARN(utmp file not found)
|
|
|
|
|
fi
|
2007-10-07 17:16:34 +05:30
|
|
|
AC_DEFINE_UNQUOTED(_UTMP_FILE, "$shadow_cv_utmpdir/utmp",
|
|
|
|
|
[Path for utmp file.])
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:15:40 +05:30
|
|
|
AC_CACHE_CHECK([location of faillog/lastlog/wtmp], shadow_cv_logdir,
|
|
|
|
|
[for shadow_cv_logdir in /var/log /var/adm /usr/adm /etc; do
|
2007-10-07 17:17:11 +05:30
|
|
|
if test -d $shadow_cv_logdir; then
|
2007-10-07 17:14:02 +05:30
|
|
|
break
|
|
|
|
|
fi
|
2007-10-07 17:15:40 +05:30
|
|
|
done])
|
2007-10-07 17:16:34 +05:30
|
|
|
AC_DEFINE_UNQUOTED(_WTMP_FILE, "$shadow_cv_logdir/wtmp",
|
|
|
|
|
[Path for wtmp file.])
|
|
|
|
|
AC_DEFINE_UNQUOTED(LASTLOG_FILE, "$shadow_cv_logdir/lastlog",
|
|
|
|
|
[Path for lastlog file.])
|
|
|
|
|
AC_DEFINE_UNQUOTED(FAILLOG_FILE, "$shadow_cv_logdir/faillog",
|
|
|
|
|
[Path for faillog file.])
|
2007-10-07 17:15:40 +05:30
|
|
|
|
|
|
|
|
AC_CACHE_CHECK([location of the passwd program], shadow_cv_passwd_dir,
|
|
|
|
|
[if test -f /usr/bin/passwd; then
|
|
|
|
|
shadow_cv_passwd_dir=/usr/bin
|
2007-10-07 17:14:02 +05:30
|
|
|
else
|
2007-10-07 17:15:40 +05:30
|
|
|
shadow_cv_passwd_dir=/bin
|
|
|
|
|
fi])
|
2007-10-07 17:16:34 +05:30
|
|
|
AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
|
|
|
|
|
[Path to passwd program.])
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
|
dnl XXX - quick hack, should disappear before anyone notices :).
|
2022-12-14 02:47:51 +05:30
|
|
|
dnl XXX - I just read the above message :).
|
2013-08-07 05:14:24 +05:30
|
|
|
if test "$ac_cv_func_ruserok" = "yes"; then
|
|
|
|
|
AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
|
|
|
|
|
AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
|
|
|
|
|
fi
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:16:43 +05:30
|
|
|
AC_ARG_ENABLE(shadowgrp,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--enable-shadowgrp], [enable shadow group support @<:@default=yes@:>@])],
|
2007-10-07 17:16:43 +05:30
|
|
|
[case "${enableval}" in
|
|
|
|
|
yes) enable_shadowgrp="yes" ;;
|
|
|
|
|
no) enable_shadowgrp="no" ;;
|
|
|
|
|
*) AC_MSG_ERROR(bad value ${enableval} for --enable-shadowgrp) ;;
|
|
|
|
|
esac],
|
2007-10-07 17:16:52 +05:30
|
|
|
[enable_shadowgrp="yes"]
|
2007-10-07 17:16:43 +05:30
|
|
|
)
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:17:01 +05:30
|
|
|
AC_ARG_ENABLE(man,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--enable-man],
|
2007-10-07 17:17:01 +05:30
|
|
|
[regenerate roff man pages from Docbook @<:@default=no@:>@])],
|
2008-05-26 02:00:45 +05:30
|
|
|
[enable_man="${enableval}"],
|
2009-04-28 01:33:48 +05:30
|
|
|
[enable_man="no"]
|
2007-10-07 17:17:01 +05:30
|
|
|
)
|
|
|
|
|
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
AC_ARG_ENABLE(account-tools-setuid,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--enable-account-tools-setuid],
|
2022-02-04 23:58:18 +05:30
|
|
|
[Install the user and group management tools setuid and authenticate the callers. This requires --with-libpam.])],
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
[case "${enableval}" in
|
|
|
|
|
yes) enable_acct_tools_setuid="yes" ;;
|
|
|
|
|
no) enable_acct_tools_setuid="no" ;;
|
|
|
|
|
*) AC_MSG_ERROR(bad value ${enableval} for --enable-account-tools-setuid)
|
|
|
|
|
;;
|
|
|
|
|
esac],
|
2019-12-17 00:41:23 +05:30
|
|
|
[enable_acct_tools_setuid="no"]
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
)
|
|
|
|
|
|
Allow disabling of subordinate IDs.
* configure.in: Add configure options --enable-subordinate-ids /
--disable-subordinate-ids. Enabled by default.
* lib/prototypes.h: Include <config.h> before using its macros.
* lib/commonio.h, lib/commonio.c: Define commonio_append only when
ENABLE_SUBIDS is defined.
* lib/prototypes.h, libmisc/find_new_sub_gids.c,
libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Likewise.
* libmisc/user_busy.c: Only check if subordinate IDs are in use if
ENABLE_SUBIDS is defined.
* src/Makefile.am: Create newgidmap and newuidmap only if
ENABLE_SUBIDS is defined.
* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
subordinate IDs.
* src/useradd.c: Likewise.
* src/userdel.c: Likewise.
* src/usermod.c: Likewise.
* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 (not translated yet).
* man/generate_mans.mak: Add xsltproc conditionals
subids/no_subids.
* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
condition.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/usermod.8.xml: Document options for subordinate IDs and
reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 18:24:22 +05:30
|
|
|
AC_ARG_ENABLE(subordinate-ids,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--enable-subordinate-ids],
|
Allow disabling of subordinate IDs.
* configure.in: Add configure options --enable-subordinate-ids /
--disable-subordinate-ids. Enabled by default.
* lib/prototypes.h: Include <config.h> before using its macros.
* lib/commonio.h, lib/commonio.c: Define commonio_append only when
ENABLE_SUBIDS is defined.
* lib/prototypes.h, libmisc/find_new_sub_gids.c,
libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Likewise.
* libmisc/user_busy.c: Only check if subordinate IDs are in use if
ENABLE_SUBIDS is defined.
* src/Makefile.am: Create newgidmap and newuidmap only if
ENABLE_SUBIDS is defined.
* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
subordinate IDs.
* src/useradd.c: Likewise.
* src/userdel.c: Likewise.
* src/usermod.c: Likewise.
* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 (not translated yet).
* man/generate_mans.mak: Add xsltproc conditionals
subids/no_subids.
* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
condition.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/usermod.8.xml: Document options for subordinate IDs and
reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 18:24:22 +05:30
|
|
|
[support subordinate ids @<:@default=yes@:>@])],
|
|
|
|
|
[enable_subids="${enableval}"],
|
2013-08-14 23:51:32 +05:30
|
|
|
[enable_subids="maybe"]
|
Allow disabling of subordinate IDs.
* configure.in: Add configure options --enable-subordinate-ids /
--disable-subordinate-ids. Enabled by default.
* lib/prototypes.h: Include <config.h> before using its macros.
* lib/commonio.h, lib/commonio.c: Define commonio_append only when
ENABLE_SUBIDS is defined.
* lib/prototypes.h, libmisc/find_new_sub_gids.c,
libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Likewise.
* libmisc/user_busy.c: Only check if subordinate IDs are in use if
ENABLE_SUBIDS is defined.
* src/Makefile.am: Create newgidmap and newuidmap only if
ENABLE_SUBIDS is defined.
* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
subordinate IDs.
* src/useradd.c: Likewise.
* src/userdel.c: Likewise.
* src/usermod.c: Likewise.
* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 (not translated yet).
* man/generate_mans.mak: Add xsltproc conditionals
subids/no_subids.
* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
condition.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/usermod.8.xml: Document options for subordinate IDs and
reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 18:24:22 +05:30
|
|
|
)
|
|
|
|
|
|
2019-09-20 13:57:31 +05:30
|
|
|
AC_ARG_WITH(audit,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
|
2008-04-17 01:39:03 +05:30
|
|
|
[with_audit=$withval], [with_audit=maybe])
|
2007-10-07 17:17:01 +05:30
|
|
|
AC_ARG_WITH(libpam,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
|
2008-04-17 02:48:20 +05:30
|
|
|
[with_libpam=$withval], [with_libpam=maybe])
|
2019-01-23 20:47:05 +05:30
|
|
|
AC_ARG_WITH(btrfs,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-btrfs], [add BtrFS support @<:@default=yes if found@:>@])],
|
2019-05-04 07:39:58 +05:30
|
|
|
[with_btrfs=$withval], [with_btrfs=maybe])
|
2007-10-07 17:17:01 +05:30
|
|
|
AC_ARG_WITH(selinux,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
|
2008-04-17 02:48:20 +05:30
|
|
|
[with_selinux=$withval], [with_selinux=maybe])
|
2010-03-31 02:31:27 +05:30
|
|
|
AC_ARG_WITH(acl,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-acl], [use ACL support @<:@default=yes if found@:>@])],
|
2010-03-31 17:54:03 +05:30
|
|
|
[with_acl=$withval], [with_acl=maybe])
|
|
|
|
|
AC_ARG_WITH(attr,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-attr], [use Extended Attribute support @<:@default=yes if found@:>@])],
|
2010-03-31 02:31:27 +05:30
|
|
|
[with_attr=$withval], [with_attr=maybe])
|
2007-10-07 17:17:01 +05:30
|
|
|
AC_ARG_WITH(skey,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-skey], [use S/Key support @<:@default=no@:>@])],
|
2007-10-07 17:17:01 +05:30
|
|
|
[with_skey=$withval], [with_skey=no])
|
2010-01-24 22:23:15 +05:30
|
|
|
AC_ARG_WITH(tcb,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-tcb], [use tcb support (incomplete) @<:@default=yes if found@:>@])],
|
2010-01-24 22:23:15 +05:30
|
|
|
[with_tcb=$withval], [with_tcb=maybe])
|
2007-10-07 17:17:01 +05:30
|
|
|
AC_ARG_WITH(libcrack,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-libcrack], [use libcrack @<:@default=no@:>@])],
|
2007-10-07 17:17:01 +05:30
|
|
|
[with_libcrack=$withval], [with_libcrack=no])
|
* configure.in: New configure option: --with-sha-crypt enabled by
default. Keeping the feature enabled is safe. Disabling it permits
to disable the references to the SHA256 and SHA512 password
encryption algorithms from the usage help and manuals (in addition
to the support for these algorithms in the code).
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: ENCRYPT_METHOD is
always supported in login.defs. Remove the ENCRYPTMETHOD_SELECT
preprocessor condition.
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: Disable SHA256 and
SHA512 if USE_SHA_CRYPT is not defined (this corresponds to a
subset of the ENCRYPTMETHOD_SELECT sections).
2007-11-24 18:38:08 +05:30
|
|
|
AC_ARG_WITH(sha-crypt,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
|
* configure.in: New configure option: --with-sha-crypt enabled by
default. Keeping the feature enabled is safe. Disabling it permits
to disable the references to the SHA256 and SHA512 password
encryption algorithms from the usage help and manuals (in addition
to the support for these algorithms in the code).
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: ENCRYPT_METHOD is
always supported in login.defs. Remove the ENCRYPTMETHOD_SELECT
preprocessor condition.
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: Disable SHA256 and
SHA512 if USE_SHA_CRYPT is not defined (this corresponds to a
subset of the ENCRYPTMETHOD_SELECT sections).
2007-11-24 18:38:08 +05:30
|
|
|
[with_sha_crypt=$withval], [with_sha_crypt=yes])
|
2019-09-17 00:24:56 +05:30
|
|
|
AC_ARG_WITH(bcrypt,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-bcrypt], [allow the bcrypt password encryption algorithm @<:@default=no@:>@])],
|
2019-09-17 00:24:56 +05:30
|
|
|
[with_bcrypt=$withval], [with_bcrypt=no])
|
2020-12-28 01:39:25 +05:30
|
|
|
AC_ARG_WITH(yescrypt,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-yescrypt], [allow the yescrypt password encryption algorithm @<:@default=no@:>@])],
|
2020-12-28 01:39:25 +05:30
|
|
|
[with_yescrypt=$withval], [with_yescrypt=no])
|
2008-08-31 00:00:36 +05:30
|
|
|
AC_ARG_WITH(nscd,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-nscd], [enable support for nscd @<:@default=yes@:>@])],
|
2008-08-31 00:00:36 +05:30
|
|
|
[with_nscd=$withval], [with_nscd=yes])
|
Flush sssd caches in addition to nscd caches
Some distributions, notably Fedora, have the following order of nsswitch
modules by default:
passwd: sss files
group: sss files
The advantage of serving local users through SSSD is that the nss_sss
module has a fast mmapped-cache that speeds up NSS lookups compared to
accessing the disk an opening the files on each NSS request.
Traditionally, this has been done with the help of nscd, but using nscd
in parallel with sssd is cumbersome, as both SSSD and nscd use their own
independent caching, so using nscd in setups where sssd is also serving
users from some remote domain (LDAP, AD, ...) can result in a bit of
unpredictability.
More details about why Fedora chose to use sss before files can be found
on e.g.:
https://fedoraproject.org//wiki/Changes/SSSDCacheForLocalUsers
or:
https://docs.pagure.org/SSSD.sssd/design_pages/files_provider.html
Now, even though sssd watches the passwd and group files with the help
of inotify, there can still be a small window where someone requests a
user or a group, finds that it doesn't exist, adds the entry and checks
again. Without some support in shadow-utils that would explicitly drop
the sssd caches, the inotify watch can fire a little late, so a
combination of commands like this:
getent passwd user || useradd user; getent passwd user
can result in the second getent passwd not finding the newly added user
as the racy behaviour might still return the cached negative hit from
the first getent passwd.
This patch more or less copies the already existing support that
shadow-utils had for dropping nscd caches, except using the "sss_cache"
tool that sssd ships.
2018-09-12 17:52:11 +05:30
|
|
|
AC_ARG_WITH(sssd,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-sssd], [enable support for flushing sssd caches @<:@default=yes@:>@])],
|
Flush sssd caches in addition to nscd caches
Some distributions, notably Fedora, have the following order of nsswitch
modules by default:
passwd: sss files
group: sss files
The advantage of serving local users through SSSD is that the nss_sss
module has a fast mmapped-cache that speeds up NSS lookups compared to
accessing the disk an opening the files on each NSS request.
Traditionally, this has been done with the help of nscd, but using nscd
in parallel with sssd is cumbersome, as both SSSD and nscd use their own
independent caching, so using nscd in setups where sssd is also serving
users from some remote domain (LDAP, AD, ...) can result in a bit of
unpredictability.
More details about why Fedora chose to use sss before files can be found
on e.g.:
https://fedoraproject.org//wiki/Changes/SSSDCacheForLocalUsers
or:
https://docs.pagure.org/SSSD.sssd/design_pages/files_provider.html
Now, even though sssd watches the passwd and group files with the help
of inotify, there can still be a small window where someone requests a
user or a group, finds that it doesn't exist, adds the entry and checks
again. Without some support in shadow-utils that would explicitly drop
the sssd caches, the inotify watch can fire a little late, so a
combination of commands like this:
getent passwd user || useradd user; getent passwd user
can result in the second getent passwd not finding the newly added user
as the racy behaviour might still return the cached negative hit from
the first getent passwd.
This patch more or less copies the already existing support that
shadow-utils had for dropping nscd caches, except using the "sss_cache"
tool that sssd ships.
2018-09-12 17:52:11 +05:30
|
|
|
[with_sssd=$withval], [with_sssd=yes])
|
2008-11-30 06:59:40 +05:30
|
|
|
AC_ARG_WITH(group-name-max-length,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-group-name-max-length], [set max group name length @<:@default=32@:>@])],
|
2008-11-30 06:59:40 +05:30
|
|
|
[with_group_name_max_length=$withval], [with_group_name_max_length=yes])
|
2019-11-19 15:27:06 +05:30
|
|
|
AC_ARG_WITH(su,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-su], [build and install su program and man page @<:@default=yes@:>@])],
|
2019-11-19 15:27:06 +05:30
|
|
|
[with_su=$withval], [with_su=yes])
|
2008-11-30 06:59:40 +05:30
|
|
|
|
|
|
|
|
if test "$with_group_name_max_length" = "no" ; then
|
|
|
|
|
with_group_name_max_length=0
|
|
|
|
|
elif test "$with_group_name_max_length" = "yes" ; then
|
2022-02-18 10:50:20 +05:30
|
|
|
with_group_name_max_length=32
|
2008-11-30 06:59:40 +05:30
|
|
|
fi
|
|
|
|
|
AC_DEFINE_UNQUOTED(GROUP_NAME_MAX_LENGTH, $with_group_name_max_length, [max group name length])
|
2008-12-24 04:06:44 +05:30
|
|
|
AC_SUBST(GROUP_NAME_MAX_LENGTH)
|
|
|
|
|
GROUP_NAME_MAX_LENGTH="$with_group_name_max_length"
|
* configure.in: New configure option: --with-sha-crypt enabled by
default. Keeping the feature enabled is safe. Disabling it permits
to disable the references to the SHA256 and SHA512 password
encryption algorithms from the usage help and manuals (in addition
to the support for these algorithms in the code).
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: ENCRYPT_METHOD is
always supported in login.defs. Remove the ENCRYPTMETHOD_SELECT
preprocessor condition.
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: Disable SHA256 and
SHA512 if USE_SHA_CRYPT is not defined (this corresponds to a
subset of the ENCRYPTMETHOD_SELECT sections).
2007-11-24 18:38:08 +05:30
|
|
|
|
|
|
|
|
AM_CONDITIONAL(USE_SHA_CRYPT, test "x$with_sha_crypt" = "xyes")
|
|
|
|
|
if test "$with_sha_crypt" = "yes"; then
|
2008-08-31 22:57:06 +05:30
|
|
|
AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
|
* configure.in: New configure option: --with-sha-crypt enabled by
default. Keeping the feature enabled is safe. Disabling it permits
to disable the references to the SHA256 and SHA512 password
encryption algorithms from the usage help and manuals (in addition
to the support for these algorithms in the code).
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: ENCRYPT_METHOD is
always supported in login.defs. Remove the ENCRYPTMETHOD_SELECT
preprocessor condition.
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: Disable SHA256 and
SHA512 if USE_SHA_CRYPT is not defined (this corresponds to a
subset of the ENCRYPTMETHOD_SELECT sections).
2007-11-24 18:38:08 +05:30
|
|
|
fi
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2019-09-17 00:24:56 +05:30
|
|
|
AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes")
|
|
|
|
|
if test "$with_bcrypt" = "yes"; then
|
|
|
|
|
AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm])
|
|
|
|
|
fi
|
|
|
|
|
|
2020-12-28 01:39:25 +05:30
|
|
|
AM_CONDITIONAL(USE_YESCRYPT, test "x$with_yescrypt" = "xyes")
|
|
|
|
|
if test "$with_yescrypt" = "yes"; then
|
|
|
|
|
AC_DEFINE(USE_YESCRYPT, 1, [Define to allow the yescrypt password encryption algorithm])
|
|
|
|
|
fi
|
|
|
|
|
|
2008-08-31 00:00:36 +05:30
|
|
|
if test "$with_nscd" = "yes"; then
|
2008-08-31 00:02:43 +05:30
|
|
|
AC_CHECK_FUNC(posix_spawn,
|
|
|
|
|
[AC_DEFINE(USE_NSCD, 1, [Define to support flushing of nscd caches])],
|
|
|
|
|
[AC_MSG_ERROR([posix_spawn is needed for nscd support])])
|
2008-08-31 00:00:36 +05:30
|
|
|
fi
|
|
|
|
|
|
Flush sssd caches in addition to nscd caches
Some distributions, notably Fedora, have the following order of nsswitch
modules by default:
passwd: sss files
group: sss files
The advantage of serving local users through SSSD is that the nss_sss
module has a fast mmapped-cache that speeds up NSS lookups compared to
accessing the disk an opening the files on each NSS request.
Traditionally, this has been done with the help of nscd, but using nscd
in parallel with sssd is cumbersome, as both SSSD and nscd use their own
independent caching, so using nscd in setups where sssd is also serving
users from some remote domain (LDAP, AD, ...) can result in a bit of
unpredictability.
More details about why Fedora chose to use sss before files can be found
on e.g.:
https://fedoraproject.org//wiki/Changes/SSSDCacheForLocalUsers
or:
https://docs.pagure.org/SSSD.sssd/design_pages/files_provider.html
Now, even though sssd watches the passwd and group files with the help
of inotify, there can still be a small window where someone requests a
user or a group, finds that it doesn't exist, adds the entry and checks
again. Without some support in shadow-utils that would explicitly drop
the sssd caches, the inotify watch can fire a little late, so a
combination of commands like this:
getent passwd user || useradd user; getent passwd user
can result in the second getent passwd not finding the newly added user
as the racy behaviour might still return the cached negative hit from
the first getent passwd.
This patch more or less copies the already existing support that
shadow-utils had for dropping nscd caches, except using the "sss_cache"
tool that sssd ships.
2018-09-12 17:52:11 +05:30
|
|
|
if test "$with_sssd" = "yes"; then
|
|
|
|
|
AC_CHECK_FUNC(posix_spawn,
|
|
|
|
|
[AC_DEFINE(USE_SSSD, 1, [Define to support flushing of sssd caches])],
|
|
|
|
|
[AC_MSG_ERROR([posix_spawn is needed for sssd support])])
|
|
|
|
|
fi
|
|
|
|
|
|
2021-09-22 10:21:10 +05:30
|
|
|
AS_IF([test "$with_su" != "no"], AC_DEFINE(WITH_SU, 1, [Build with su]))
|
2019-11-19 15:27:06 +05:30
|
|
|
AM_CONDITIONAL([WITH_SU], [test "x$with_su" != "xno"])
|
|
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
dnl Check for some functions in libc first, only if not found check for
|
|
|
|
|
dnl other libraries. This should prevent linking libnsl if not really
|
|
|
|
|
dnl needed (Linux glibc, Irix), but still link it if needed (Solaris).
|
|
|
|
|
|
2007-10-07 17:15:40 +05:30
|
|
|
AC_SEARCH_LIBS(gethostbyname, nsl)
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2019-09-20 13:57:31 +05:30
|
|
|
AC_CHECK_LIB([econf],[econf_readDirs],[LIBECONF="-leconf"],[LIBECONF=""])
|
|
|
|
|
if test -n "$LIBECONF"; then
|
2022-11-28 21:48:09 +05:30
|
|
|
AC_DEFINE_UNQUOTED([VENDORDIR], ["$enable_vendordir"],
|
|
|
|
|
[Directory for distribution provided configuration files])
|
2019-09-20 13:57:31 +05:30
|
|
|
ECONF_CPPFLAGS="-DUSE_ECONF=1"
|
|
|
|
|
AC_ARG_ENABLE([vendordir],
|
|
|
|
|
AS_HELP_STRING([--enable-vendordir=DIR], [Directory for distribution provided configuration files]),,[])
|
|
|
|
|
fi
|
|
|
|
|
AC_SUBST(ECONF_CPPFLAGS)
|
|
|
|
|
AC_SUBST(LIBECONF)
|
|
|
|
|
AC_SUBST([VENDORDIR], [$enable_vendordir])
|
2022-11-28 21:48:09 +05:30
|
|
|
if test "x$enable_vendordir" != x; then
|
|
|
|
|
AC_DEFINE(HAVE_VENDORDIR, 1, [Define to support vendor settings.])
|
|
|
|
|
fi
|
2019-09-20 13:57:31 +05:30
|
|
|
AM_CONDITIONAL([HAVE_VENDORDIR], [test "x$enable_vendordir" != x])
|
|
|
|
|
|
2007-10-07 17:16:34 +05:30
|
|
|
if test "$enable_shadowgrp" = "yes"; then
|
|
|
|
|
AC_DEFINE(SHADOWGRP, 1, [Define to support the shadow group file.])
|
2007-10-07 17:14:02 +05:30
|
|
|
fi
|
2007-11-23 03:06:38 +05:30
|
|
|
AM_CONDITIONAL(SHADOWGRP, test "x$enable_shadowgrp" = "xyes")
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:17:01 +05:30
|
|
|
if test "$enable_man" = "yes"; then
|
|
|
|
|
dnl
|
|
|
|
|
dnl Check for xsltproc
|
|
|
|
|
dnl
|
|
|
|
|
AC_PATH_PROG([XSLTPROC], [xsltproc])
|
|
|
|
|
if test -z "$XSLTPROC"; then
|
|
|
|
|
enable_man=no
|
2017-09-08 19:55:29 +05:30
|
|
|
AC_MSG_ERROR([xsltproc is missing.])
|
2007-10-07 17:17:01 +05:30
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
dnl check for DocBook DTD and stylesheets in the local catalog.
|
2019-05-01 00:05:07 +05:30
|
|
|
JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.5//EN],
|
|
|
|
|
[DocBook XML DTD V4.5], [], enable_man=no)
|
2007-10-07 17:17:45 +05:30
|
|
|
JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
|
2007-10-07 17:17:33 +05:30
|
|
|
[DocBook XSL Stylesheets >= 1.70.1], [], enable_man=no)
|
2007-10-07 17:17:01 +05:30
|
|
|
fi
|
2008-05-26 02:00:45 +05:30
|
|
|
AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test "x$enable_man" != "xno")
|
2007-10-07 17:17:01 +05:30
|
|
|
|
2013-08-14 23:51:32 +05:30
|
|
|
if test "$enable_subids" != "no"; then
|
Allow disabling of subordinate IDs.
* configure.in: Add configure options --enable-subordinate-ids /
--disable-subordinate-ids. Enabled by default.
* lib/prototypes.h: Include <config.h> before using its macros.
* lib/commonio.h, lib/commonio.c: Define commonio_append only when
ENABLE_SUBIDS is defined.
* lib/prototypes.h, libmisc/find_new_sub_gids.c,
libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Likewise.
* libmisc/user_busy.c: Only check if subordinate IDs are in use if
ENABLE_SUBIDS is defined.
* src/Makefile.am: Create newgidmap and newuidmap only if
ENABLE_SUBIDS is defined.
* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
subordinate IDs.
* src/useradd.c: Likewise.
* src/userdel.c: Likewise.
* src/usermod.c: Likewise.
* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 (not translated yet).
* man/generate_mans.mak: Add xsltproc conditionals
subids/no_subids.
* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
condition.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/usermod.8.xml: Document options for subordinate IDs and
reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 18:24:22 +05:30
|
|
|
dnl
|
|
|
|
|
dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
|
|
|
|
|
dnl
|
2014-08-23 14:16:39 +05:30
|
|
|
AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
|
|
|
|
|
AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
|
|
|
|
|
|
|
|
|
|
if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
|
2013-08-14 23:51:32 +05:30
|
|
|
AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
|
|
|
|
|
enable_subids="yes"
|
|
|
|
|
else
|
|
|
|
|
if test "x$enable_subids" = "xyes"; then
|
|
|
|
|
AC_MSG_ERROR([Cannot enable support the subordinate IDs on systems where gid_t or uid_t has less than 32 bits])
|
|
|
|
|
fi
|
|
|
|
|
enable_subids="no"
|
|
|
|
|
fi
|
Allow disabling of subordinate IDs.
* configure.in: Add configure options --enable-subordinate-ids /
--disable-subordinate-ids. Enabled by default.
* lib/prototypes.h: Include <config.h> before using its macros.
* lib/commonio.h, lib/commonio.c: Define commonio_append only when
ENABLE_SUBIDS is defined.
* lib/prototypes.h, libmisc/find_new_sub_gids.c,
libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Likewise.
* libmisc/user_busy.c: Only check if subordinate IDs are in use if
ENABLE_SUBIDS is defined.
* src/Makefile.am: Create newgidmap and newuidmap only if
ENABLE_SUBIDS is defined.
* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
subordinate IDs.
* src/useradd.c: Likewise.
* src/userdel.c: Likewise.
* src/usermod.c: Likewise.
* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 (not translated yet).
* man/generate_mans.mak: Add xsltproc conditionals
subids/no_subids.
* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
condition.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/usermod.8.xml: Document options for subordinate IDs and
reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 18:24:22 +05:30
|
|
|
fi
|
|
|
|
|
AM_CONDITIONAL(ENABLE_SUBIDS, test "x$enable_subids" != "xno")
|
|
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
AC_SUBST(LIBCRYPT)
|
2007-10-07 17:16:34 +05:30
|
|
|
AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
|
|
|
|
|
[AC_MSG_ERROR([crypt() not found])])
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2020-12-28 01:39:25 +05:30
|
|
|
AC_SUBST(LIYESCRYPT)
|
|
|
|
|
AC_CHECK_LIB(crypt, crypt, [LIYESCRYPT=-lcrypt],
|
|
|
|
|
[AC_MSG_ERROR([crypt() not found])])
|
|
|
|
|
|
2022-11-21 18:30:13 +05:30
|
|
|
AC_SEARCH_LIBS([readpassphrase], [bsd], [], [
|
|
|
|
|
AC_MSG_ERROR([readpassphrase() is missing, either from libc or libbsd])
|
|
|
|
|
])
|
|
|
|
|
AS_IF([test "$ac_cv_search_readpassphrase" = "-lbsd"], [
|
|
|
|
|
PKG_CHECK_MODULES([LIBBSD], [libbsd-overlay])
|
|
|
|
|
])
|
|
|
|
|
dnl Make sure either the libc or libbsd provide the header.
|
|
|
|
|
save_CFLAGS="$CFLAGS"
|
|
|
|
|
CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
|
|
|
|
|
AC_CHECK_HEADERS([readpassphrase.h])
|
|
|
|
|
AS_IF([test "$ac_cv_header_readpassphrase_h" != "yes"], [
|
|
|
|
|
AC_MSG_ERROR([readpassphrase.h is missing])
|
|
|
|
|
])
|
|
|
|
|
CFLAGS="$save_CFLAGS"
|
|
|
|
|
|
2010-03-31 02:31:27 +05:30
|
|
|
AC_SUBST(LIBACL)
|
|
|
|
|
if test "$with_acl" != "no"; then
|
|
|
|
|
AC_CHECK_HEADERS(acl/libacl.h attr/error_context.h, [acl_header="yes"], [acl_header="no"])
|
|
|
|
|
if test "$acl_header$with_acl" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR([acl/libacl.h or attr/error_context.h is missing])
|
|
|
|
|
elif test "$acl_header" = "yes" ; then
|
|
|
|
|
AC_CHECK_LIB(acl, perm_copy_file,
|
|
|
|
|
[AC_CHECK_LIB(acl, perm_copy_fd,
|
|
|
|
|
[acl_lib="yes"],
|
|
|
|
|
[acl_lib="no"])],
|
|
|
|
|
[acl_lib="no"])
|
|
|
|
|
if test "$acl_lib$with_acl" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR([libacl not found])
|
|
|
|
|
elif test "$acl_lib" = "no" ; then
|
|
|
|
|
with_acl="no"
|
|
|
|
|
else
|
|
|
|
|
AC_DEFINE(WITH_ACL, 1,
|
|
|
|
|
[Build shadow with ACL support])
|
|
|
|
|
LIBACL="-lacl"
|
|
|
|
|
with_acl="yes"
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
with_acl="no"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
AC_SUBST(LIBATTR)
|
|
|
|
|
if test "$with_attr" != "no"; then
|
|
|
|
|
AC_CHECK_HEADERS(attr/libattr.h attr/error_context.h, [attr_header="yes"], [attr_header="no"])
|
|
|
|
|
if test "$attr_header$with_attr" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR([attr/libattr.h or attr/error_context.h is missing])
|
|
|
|
|
elif test "$attr_header" = "yes" ; then
|
|
|
|
|
AC_CHECK_LIB(attr, attr_copy_file,
|
|
|
|
|
[AC_CHECK_LIB(attr, attr_copy_fd,
|
|
|
|
|
[attr_lib="yes"],
|
|
|
|
|
[attr_lib="no"])],
|
|
|
|
|
[attr_lib="no"])
|
|
|
|
|
if test "$attr_lib$with_attr" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR([libattr not found])
|
|
|
|
|
elif test "$attr_lib" = "no" ; then
|
|
|
|
|
with_attr="no"
|
|
|
|
|
else
|
|
|
|
|
AC_DEFINE(WITH_ATTR, 1,
|
|
|
|
|
[Build shadow with Extended Attributes support])
|
2010-08-21 22:21:53 +05:30
|
|
|
LIBATTR="-lattr"
|
2010-03-31 02:31:27 +05:30
|
|
|
with_attr="yes"
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
with_attr="no"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
2007-10-07 17:17:01 +05:30
|
|
|
AC_SUBST(LIBAUDIT)
|
2008-04-17 01:39:03 +05:30
|
|
|
if test "$with_audit" != "no"; then
|
2007-10-07 17:17:01 +05:30
|
|
|
AC_CHECK_HEADER(libaudit.h, [audit_header="yes"], [audit_header="no"])
|
2008-04-17 01:39:03 +05:30
|
|
|
if test "$audit_header$with_audit" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR([libaudit.h is missing])
|
|
|
|
|
elif test "$audit_header" = "yes"; then
|
2008-09-05 04:04:20 +05:30
|
|
|
AC_CHECK_DECL(AUDIT_ADD_USER,,[audit_header="no"],[#include <libaudit.h>])
|
|
|
|
|
AC_CHECK_DECL(AUDIT_DEL_USER,,[audit_header="no"],[#include <libaudit.h>])
|
|
|
|
|
AC_CHECK_DECL(AUDIT_ADD_GROUP,,[audit_header="no"],[#include <libaudit.h>])
|
|
|
|
|
AC_CHECK_DECL(AUDIT_DEL_GROUP,,[audit_header="no"],[#include <libaudit.h>])
|
|
|
|
|
if test "$audit_header$with_audit" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR([AUDIT_ADD_USER AUDIT_DEL_USER AUDIT_ADD_GROUP or AUDIT_DEL_GROUP missing from libaudit.h])
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
if test "$audit_header" = "yes"; then
|
2007-10-07 17:17:11 +05:30
|
|
|
AC_CHECK_LIB(audit, audit_log_acct_message,
|
2008-04-17 01:39:03 +05:30
|
|
|
[audit_lib="yes"], [audit_lib="no"])
|
|
|
|
|
if test "$audit_lib$with_audit" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR([libaudit not found])
|
|
|
|
|
elif test "$audit_lib" = "no" ; then
|
|
|
|
|
with_audit="no"
|
|
|
|
|
else
|
|
|
|
|
AC_DEFINE(WITH_AUDIT, 1,
|
|
|
|
|
[Define if you want to enable Audit messages])
|
|
|
|
|
LIBAUDIT="-laudit"
|
|
|
|
|
with_audit="yes"
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
with_audit="no"
|
2007-10-07 17:17:01 +05:30
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
AC_SUBST(LIBCRACK)
|
2007-10-07 17:16:34 +05:30
|
|
|
if test "$with_libcrack" = "yes"; then
|
2007-10-07 17:14:02 +05:30
|
|
|
echo "checking cracklib flavour, don't be surprised by the results"
|
2007-10-07 17:16:34 +05:30
|
|
|
AC_CHECK_LIB(crack, FascistCheck,
|
|
|
|
|
[LIBCRACK=-lcrack AC_DEFINE(HAVE_LIBCRACK, 1, [Defined if you have libcrack.])])
|
|
|
|
|
AC_CHECK_LIB(crack, FascistHistory,
|
|
|
|
|
AC_DEFINE(HAVE_LIBCRACK_HIST, 1, [Defined if you have the ts&szs cracklib.]))
|
|
|
|
|
AC_CHECK_LIB(crack, FascistHistoryPw,
|
|
|
|
|
AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
|
2007-10-07 17:14:02 +05:30
|
|
|
fi
|
|
|
|
|
|
2019-01-23 20:47:05 +05:30
|
|
|
if test "$with_btrfs" != "no"; then
|
|
|
|
|
AC_CHECK_HEADERS([sys/statfs.h linux/magic.h linux/btrfs_tree.h], \
|
|
|
|
|
[btrfs_headers="yes"], [btrfs_headers="no"])
|
|
|
|
|
if test "$btrfs_headers$with_btrfs" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR([One of sys/statfs.h linux/magic.h linux/btrfs_tree.h is missing])
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if test "$btrfs_headers" = "yes" ; then
|
|
|
|
|
AC_DEFINE(WITH_BTRFS, 1, [Build shadow with BtrFS support])
|
|
|
|
|
with_btrfs="yes"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
AM_CONDITIONAL(WITH_BTRFS, test x$with_btrfs = xyes)
|
|
|
|
|
|
2008-04-17 02:48:20 +05:30
|
|
|
AC_SUBST(LIBSELINUX)
|
* NEWS, src/userdel.c, man/userdel.8.xml: Add option -Z/--selinux-user.
* libmisc/system.c, lib/prototypes.h, libmisc/Makefile.am: Removed
safe_system().
* lib/selinux.c, po/POTFILES.in, lib/prototypes.h,
lib/Makefile.am: Added helper functions for semanage.
* README, src/useradd.c, src/usermod.c, src/userdel.c,
configure.in: Use libsemanage instead of semanage.
2011-11-18 03:21:07 +05:30
|
|
|
AC_SUBST(LIBSEMANAGE)
|
2008-04-17 02:48:20 +05:30
|
|
|
if test "$with_selinux" != "no"; then
|
|
|
|
|
AC_CHECK_HEADERS(selinux/selinux.h, [selinux_header="yes"], [selinux_header="no"])
|
|
|
|
|
if test "$selinux_header$with_selinux" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR([selinux/selinux.h is missing])
|
* NEWS, src/userdel.c, man/userdel.8.xml: Add option -Z/--selinux-user.
* libmisc/system.c, lib/prototypes.h, libmisc/Makefile.am: Removed
safe_system().
* lib/selinux.c, po/POTFILES.in, lib/prototypes.h,
lib/Makefile.am: Added helper functions for semanage.
* README, src/useradd.c, src/usermod.c, src/userdel.c,
configure.in: Use libsemanage instead of semanage.
2011-11-18 03:21:07 +05:30
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
AC_CHECK_HEADERS(semanage/semanage.h, [semanage_header="yes"], [semanage_header="no"])
|
|
|
|
|
if test "$semanage_header$with_selinux" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR([semanage/semanage.h is missing])
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if test "$selinux_header$semanage_header" = "yesyes" ; then
|
|
|
|
|
AC_CHECK_LIB(selinux, is_selinux_enabled, [selinux_lib="yes"], [selinux_lib="no"])
|
2008-04-17 02:48:20 +05:30
|
|
|
if test "$selinux_lib$with_selinux" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR([libselinux not found])
|
* NEWS, src/userdel.c, man/userdel.8.xml: Add option -Z/--selinux-user.
* libmisc/system.c, lib/prototypes.h, libmisc/Makefile.am: Removed
safe_system().
* lib/selinux.c, po/POTFILES.in, lib/prototypes.h,
lib/Makefile.am: Added helper functions for semanage.
* README, src/useradd.c, src/usermod.c, src/userdel.c,
configure.in: Use libsemanage instead of semanage.
2011-11-18 03:21:07 +05:30
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
AC_CHECK_LIB(semanage, semanage_connect, [semanage_lib="yes"], [semanage_lib="no"])
|
|
|
|
|
if test "$semanage_lib$with_selinux" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR([libsemanage not found])
|
|
|
|
|
fi
|
|
|
|
|
|
2019-06-17 13:06:34 +05:30
|
|
|
if test "$selinux_lib$semanage_lib" = "yesyes" ; then
|
2008-04-17 02:48:20 +05:30
|
|
|
AC_DEFINE(WITH_SELINUX, 1,
|
|
|
|
|
[Build shadow with SELinux support])
|
|
|
|
|
LIBSELINUX="-lselinux"
|
* NEWS, src/userdel.c, man/userdel.8.xml: Add option -Z/--selinux-user.
* libmisc/system.c, lib/prototypes.h, libmisc/Makefile.am: Removed
safe_system().
* lib/selinux.c, po/POTFILES.in, lib/prototypes.h,
lib/Makefile.am: Added helper functions for semanage.
* README, src/useradd.c, src/usermod.c, src/userdel.c,
configure.in: Use libsemanage instead of semanage.
2011-11-18 03:21:07 +05:30
|
|
|
LIBSEMANAGE="-lsemanage"
|
2008-04-17 02:54:14 +05:30
|
|
|
with_selinux="yes"
|
* NEWS, src/userdel.c, man/userdel.8.xml: Add option -Z/--selinux-user.
* libmisc/system.c, lib/prototypes.h, libmisc/Makefile.am: Removed
safe_system().
* lib/selinux.c, po/POTFILES.in, lib/prototypes.h,
lib/Makefile.am: Added helper functions for semanage.
* README, src/useradd.c, src/usermod.c, src/userdel.c,
configure.in: Use libsemanage instead of semanage.
2011-11-18 03:21:07 +05:30
|
|
|
else
|
|
|
|
|
with_selinux="no"
|
2008-04-17 02:48:20 +05:30
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
with_selinux="no"
|
|
|
|
|
fi
|
2007-10-07 17:15:40 +05:30
|
|
|
fi
|
|
|
|
|
|
2010-01-24 22:23:15 +05:30
|
|
|
AC_SUBST(LIBTCB)
|
|
|
|
|
if test "$with_tcb" != "no"; then
|
|
|
|
|
AC_CHECK_HEADERS(tcb.h, [tcb_header="yes"], [tcb_header="no"])
|
|
|
|
|
if test "$tcb_header$with_tcb" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR([tcb.h is missing])
|
|
|
|
|
elif test "$tcb_header" = "yes" ; then
|
|
|
|
|
AC_CHECK_LIB(tcb, tcb_is_suspect, [tcb_lib="yes"], [tcb_lib="no"])
|
|
|
|
|
if test "$tcb_lib$with_tcb" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR([libtcb not found])
|
|
|
|
|
elif test "$tcb_lib" = "no" ; then
|
|
|
|
|
with_tcb="no"
|
|
|
|
|
else
|
|
|
|
|
AC_DEFINE(WITH_TCB, 1, [Build shadow with tcb support (incomplete)])
|
|
|
|
|
LIBTCB="-ltcb"
|
|
|
|
|
with_tcb="yes"
|
|
|
|
|
fi
|
|
|
|
|
else
|
|
|
|
|
with_tcb="no"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
AM_CONDITIONAL(WITH_TCB, test x$with_tcb = xyes)
|
2010-01-24 22:23:15 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
AC_SUBST(LIBPAM)
|
2008-04-17 02:48:20 +05:30
|
|
|
if test "$with_libpam" != "no"; then
|
2007-10-07 17:14:51 +05:30
|
|
|
AC_CHECK_LIB(pam, pam_start,
|
2008-04-17 02:48:20 +05:30
|
|
|
[pam_lib="yes"], [pam_lib="no"])
|
|
|
|
|
if test "$pam_lib$with_libpam" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR(libpam not found)
|
|
|
|
|
fi
|
|
|
|
|
|
2008-07-22 02:44:06 +05:30
|
|
|
LIBPAM="-lpam"
|
|
|
|
|
pam_conv_function="no"
|
|
|
|
|
|
|
|
|
|
AC_CHECK_LIB(pam, openpam_ttyconv,
|
2008-07-22 04:15:08 +05:30
|
|
|
[pam_conv_function="openpam_ttyconv"],
|
|
|
|
|
AC_CHECK_LIB(pam_misc, misc_conv,
|
|
|
|
|
[pam_conv_function="misc_conv"; LIBPAM="$LIBPAM -lpam_misc"])
|
|
|
|
|
)
|
2008-07-22 02:44:06 +05:30
|
|
|
|
|
|
|
|
if test "$pam_conv_function$with_libpam" = "noyes" ; then
|
|
|
|
|
AC_MSG_ERROR(PAM conversation function not found)
|
2008-04-17 02:48:20 +05:30
|
|
|
fi
|
|
|
|
|
|
2008-07-22 02:44:06 +05:30
|
|
|
pam_headers_found=no
|
|
|
|
|
AC_CHECK_HEADERS( [security/openpam.h security/pam_misc.h],
|
2008-07-22 04:15:08 +05:30
|
|
|
[ pam_headers_found=yes ; break ], [],
|
|
|
|
|
[ #include <security/pam_appl.h> ] )
|
|
|
|
|
if test "$pam_headers_found$with_libpam" = "noyes" ; then
|
2008-07-22 02:44:06 +05:30
|
|
|
AC_MSG_ERROR(PAM headers not found)
|
2008-07-22 04:15:08 +05:30
|
|
|
fi
|
2008-07-22 02:44:06 +05:30
|
|
|
|
|
|
|
|
|
|
|
|
|
if test "$pam_lib$pam_headers_found" = "yesyes" -a "$pam_conv_function" != "no" ; then
|
2008-04-17 02:48:20 +05:30
|
|
|
with_libpam="yes"
|
|
|
|
|
else
|
|
|
|
|
with_libpam="no"
|
2009-05-04 04:16:26 +05:30
|
|
|
unset LIBPAM
|
2008-04-17 02:48:20 +05:30
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
dnl Now with_libpam is either yes or no
|
|
|
|
|
if test "$with_libpam" = "yes"; then
|
2008-07-22 02:44:06 +05:30
|
|
|
AC_CHECK_DECLS([PAM_ESTABLISH_CRED,
|
2008-07-22 04:15:08 +05:30
|
|
|
PAM_DELETE_CRED,
|
|
|
|
|
PAM_NEW_AUTHTOK_REQD,
|
|
|
|
|
PAM_DATA_SILENT],
|
|
|
|
|
[], [], [#include <security/pam_appl.h>])
|
2008-07-22 02:44:06 +05:30
|
|
|
|
|
|
|
|
|
|
|
|
|
save_libs=$LIBS
|
2008-08-31 22:57:16 +05:30
|
|
|
LIBS="$LIBS $LIBPAM"
|
|
|
|
|
# We do not use AC_CHECK_FUNCS to avoid duplicated definition with
|
|
|
|
|
# Linux PAM.
|
|
|
|
|
AC_CHECK_FUNC(pam_fail_delay, [AC_DEFINE(HAS_PAM_FAIL_DELAY, 1, [Define to 1 if you have the declaration of 'pam_fail_delay'])])
|
2008-07-22 02:44:06 +05:30
|
|
|
LIBS=$save_libs
|
|
|
|
|
|
2008-04-17 02:48:20 +05:30
|
|
|
AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
|
2017-10-23 00:02:19 +05:30
|
|
|
AC_DEFINE_UNQUOTED(SHADOW_PAM_CONVERSATION, [$pam_conv_function],[PAM conversation to use])
|
2008-04-17 02:48:20 +05:30
|
|
|
AM_CONDITIONAL(USE_PAM, [true])
|
2008-07-22 02:44:06 +05:30
|
|
|
|
2007-10-07 17:14:51 +05:30
|
|
|
AC_MSG_CHECKING(use login and su access checking if PAM not used)
|
|
|
|
|
AC_MSG_RESULT(no)
|
|
|
|
|
else
|
2007-10-07 17:16:34 +05:30
|
|
|
AC_DEFINE(SU_ACCESS, 1, [Define to support /etc/suauth su access control.])
|
2007-10-07 17:17:33 +05:30
|
|
|
AM_CONDITIONAL(USE_PAM, [false])
|
2008-04-17 02:48:20 +05:30
|
|
|
AC_MSG_CHECKING(use login and su access checking if PAM not used)
|
|
|
|
|
AC_MSG_RESULT(yes)
|
2007-10-07 17:14:02 +05:30
|
|
|
fi
|
|
|
|
|
|
2008-09-08 02:10:41 +05:30
|
|
|
if test "$enable_acct_tools_setuid" != "no"; then
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
if test "$with_libpam" != "yes"; then
|
2008-09-08 02:10:41 +05:30
|
|
|
if test "$enable_acct_tools_setuid" = "yes"; then
|
|
|
|
|
AC_MSG_ERROR(PAM support is required for --enable-account-tools-setuid)
|
|
|
|
|
else
|
|
|
|
|
enable_acct_tools_setuid="no"
|
|
|
|
|
fi
|
2009-04-22 03:52:08 +05:30
|
|
|
else
|
|
|
|
|
enable_acct_tools_setuid="yes"
|
2008-09-08 02:10:41 +05:30
|
|
|
fi
|
2008-11-30 07:02:38 +05:30
|
|
|
if test "$enable_acct_tools_setuid" = "yes"; then
|
2008-09-08 02:10:41 +05:30
|
|
|
AC_DEFINE(ACCT_TOOLS_SETUID,
|
|
|
|
|
1,
|
|
|
|
|
[Define if account management tools should be installed setuid and authenticate the callers])
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
AM_CONDITIONAL(ACCT_TOOLS_SETUID, test "x$enable_acct_tools_setuid" = "xyes")
|
|
|
|
|
|
2018-10-24 14:38:28 +05:30
|
|
|
|
|
|
|
|
AC_ARG_WITH(fcaps,
|
2022-05-09 22:06:02 +05:30
|
|
|
[AS_HELP_STRING([--with-fcaps], [use file capabilities instead of suid binaries for newuidmap/newgidmap @<:@default=no@:>@])],
|
2018-10-24 14:38:28 +05:30
|
|
|
[with_fcaps=$withval], [with_fcaps=no])
|
|
|
|
|
AM_CONDITIONAL(FCAPS, test "x$with_fcaps" = "xyes")
|
|
|
|
|
|
|
|
|
|
if test "x$with_fcaps" = "xyes"; then
|
|
|
|
|
AC_CHECK_PROGS(capcmd, "setcap")
|
|
|
|
|
if test "x$capcmd" = "x" ; then
|
|
|
|
|
AC_MSG_ERROR([setcap command not available])
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
2007-10-07 17:16:34 +05:30
|
|
|
AC_SUBST(LIBSKEY)
|
|
|
|
|
AC_SUBST(LIBMD)
|
2007-10-07 17:17:01 +05:30
|
|
|
if test "$with_skey" = "yes"; then
|
2007-10-07 17:16:34 +05:30
|
|
|
AC_CHECK_LIB(md, MD5Init, [LIBMD=-lmd])
|
|
|
|
|
AC_CHECK_LIB(skey, skeychallenge, [LIBSKEY=-lskey],
|
|
|
|
|
[AC_MSG_ERROR([liskey missing. You can download S/Key source code from http://rsync1.it.gentoo.org/gentoo/distfiles/skey-1.1.5.tar.bz2])])
|
|
|
|
|
AC_DEFINE(SKEY, 1, [Define to support S/Key logins.])
|
2022-05-09 22:06:02 +05:30
|
|
|
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
|
2007-10-07 17:17:22 +05:30
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <skey.h>
|
2022-05-09 22:06:02 +05:30
|
|
|
]], [[
|
2007-10-07 17:17:22 +05:30
|
|
|
skeychallenge((void*)0, (void*)0, (void*)0, 0);
|
2022-05-09 22:06:02 +05:30
|
|
|
]])],[AC_DEFINE(SKEY_BSD_STYLE, 1, [Define to support newer BSD S/Key API])],[])
|
2007-10-07 17:16:34 +05:30
|
|
|
fi
|
|
|
|
|
|
2009-07-24 02:32:03 +05:30
|
|
|
AC_DEFINE_UNQUOTED(SHELL, ["$SHELL"], [The default shell.])
|
2009-07-22 19:00:06 +05:30
|
|
|
|
2022-08-05 21:10:21 +05:30
|
|
|
AM_GNU_GETTEXT_VERSION([0.19])
|
2007-10-07 17:16:52 +05:30
|
|
|
AM_GNU_GETTEXT([external], [need-ngettext])
|
2007-10-07 17:17:22 +05:30
|
|
|
AM_CONDITIONAL(USE_NLS, test "x$USE_NLS" = "xyes")
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
AC_CONFIG_FILES([
|
2007-10-07 17:14:51 +05:30
|
|
|
Makefile
|
|
|
|
|
po/Makefile.in
|
|
|
|
|
doc/Makefile
|
|
|
|
|
man/Makefile
|
2008-12-24 04:06:44 +05:30
|
|
|
man/config.xml
|
2011-02-12 20:27:37 +05:30
|
|
|
man/po/Makefile
|
2007-10-07 17:15:14 +05:30
|
|
|
man/cs/Makefile
|
* NEWS, configure.in, man/da/Makefile.am, man/Makefile.am: Build
manpages with more than 50% translated messages.
* man/fr/Makefile.am: Add missing manpages: chgpasswd.8,
groupmems.8, nologin.8, sulogin.8.
* man/de/Makefile.am: Add missing manpages: chage.1, chgpasswd.8,
chpasswd.8, expiry.1, faillog.5, faillog.8, getspnam.3, gpasswd.1,
groupadd.8, groupdel.8, groupmems.8, groupmod.8, grpck.8,
grpconv.8, grpunconv.8, gshadow.5, lastlog.8, login.defs.5,
logoutd.8, newusers.8, nologin.8, pwck.8, pwconv.8, pwunconv.8,
sg.1, shadow.3, shadow.5, suauth.5, useradd.8, userdel.8,
usermod.8, limits.5, login.access.5, porttime.5, id.1, sulogin.8
* man/zh_CN/Makefile.am: Add missing manpages: chgpasswd.8,
groupmems.8, nologin.8, sulogin.8
* man/pl/Makefile.am, man/sv/Makefile.am, man/it/Makefile.am:
Translate only manpages with more than 50% translated messages.
* man/po/da.po: Do not translate names of manpages (newusers,
limits, groups)
2012-01-28 22:23:23 +05:30
|
|
|
man/da/Makefile
|
2007-10-07 17:15:14 +05:30
|
|
|
man/de/Makefile
|
2007-10-07 17:15:23 +05:30
|
|
|
man/es/Makefile
|
2007-10-07 17:17:11 +05:30
|
|
|
man/fi/Makefile
|
2007-10-07 17:15:14 +05:30
|
|
|
man/fr/Makefile
|
2007-10-07 17:14:59 +05:30
|
|
|
man/hu/Makefile
|
2007-10-07 17:15:14 +05:30
|
|
|
man/id/Makefile
|
|
|
|
|
man/it/Makefile
|
2007-10-07 17:14:51 +05:30
|
|
|
man/ja/Makefile
|
2007-10-07 17:15:14 +05:30
|
|
|
man/ko/Makefile
|
2007-10-07 17:14:51 +05:30
|
|
|
man/pl/Makefile
|
|
|
|
|
man/pt_BR/Makefile
|
2007-10-07 17:15:23 +05:30
|
|
|
man/ru/Makefile
|
2007-10-07 17:17:57 +05:30
|
|
|
man/sv/Makefile
|
2007-10-07 17:17:11 +05:30
|
|
|
man/tr/Makefile
|
2022-05-20 00:31:55 +05:30
|
|
|
man/uk/Makefile
|
2007-10-07 17:15:23 +05:30
|
|
|
man/zh_CN/Makefile
|
|
|
|
|
man/zh_TW/Makefile
|
2007-10-07 17:14:51 +05:30
|
|
|
libmisc/Makefile
|
|
|
|
|
lib/Makefile
|
Create a new libsubid
Closes #154
Currently this has three functions: one which returns the
list of subuid ranges for a user, one returning the subgids,
and one which frees the ranges lists.
I might be mistaken about what -disable-man means; some of
the code suggests it means just don't re-generate them, but
not totally ignore them. But that doesn't seem to really work,
so let's just ignore man/ when -disable-man.
Remove --disable-shared. I'm not sure why it was there, but it stems
from long, long ago, and I suspect it comes from some ancient
toolchain bug.
Create a tests/run_some, a shorter version of run_all. I'll
slowly add tests to this as I verify they work, then I can
work on fixing the once which don't.
Also, don't touch man/ if not -enable-man.
Changelog:
Apr 22: change the subid list api as recomended by Dan Walsh.
Apr 23: implement get_subid_owner
Apr 24: implement range add/release
Apr 25: finish tests and rebase
May 10: make @owner const
Signed-off-by: Serge Hallyn <serge@hallyn.com>
2020-04-19 04:33:54 +05:30
|
|
|
libsubid/Makefile
|
2021-12-05 19:27:39 +05:30
|
|
|
libsubid/subid.h
|
2007-10-07 17:14:51 +05:30
|
|
|
src/Makefile
|
|
|
|
|
contrib/Makefile
|
|
|
|
|
etc/Makefile
|
|
|
|
|
etc/pam.d/Makefile
|
2007-10-07 17:15:23 +05:30
|
|
|
shadow.spec
|
|
|
|
|
])
|
|
|
|
|
AC_OUTPUT
|
2007-10-07 17:17:01 +05:30
|
|
|
|
|
|
|
|
echo
|
2007-10-07 17:18:07 +05:30
|
|
|
echo "shadow will be compiled with the following features:"
|
2007-10-07 17:17:01 +05:30
|
|
|
echo
|
|
|
|
|
echo " auditing support: $with_audit"
|
|
|
|
|
echo " CrackLib support: $with_libcrack"
|
|
|
|
|
echo " PAM support: $with_libpam"
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
if test "$with_libpam" = "yes"; then
|
|
|
|
|
echo " suid account management tools: $enable_acct_tools_setuid"
|
|
|
|
|
fi
|
2007-10-07 17:17:01 +05:30
|
|
|
echo " SELinux support: $with_selinux"
|
2019-01-23 20:47:05 +05:30
|
|
|
echo " BtrFS support: $with_btrfs"
|
2010-03-31 02:31:27 +05:30
|
|
|
echo " ACL support: $with_acl"
|
|
|
|
|
echo " Extended Attributes support: $with_attr"
|
2010-01-24 22:23:15 +05:30
|
|
|
echo " tcb support (incomplete): $with_tcb"
|
2007-10-07 17:17:01 +05:30
|
|
|
echo " shadow group support: $enable_shadowgrp"
|
|
|
|
|
echo " S/Key support: $with_skey"
|
* configure.in: New configure option: --with-sha-crypt enabled by
default. Keeping the feature enabled is safe. Disabling it permits
to disable the references to the SHA256 and SHA512 password
encryption algorithms from the usage help and manuals (in addition
to the support for these algorithms in the code).
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: ENCRYPT_METHOD is
always supported in login.defs. Remove the ENCRYPTMETHOD_SELECT
preprocessor condition.
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: Disable SHA256 and
SHA512 if USE_SHA_CRYPT is not defined (this corresponds to a
subset of the ENCRYPTMETHOD_SELECT sections).
2007-11-24 18:38:08 +05:30
|
|
|
echo " SHA passwords encryption: $with_sha_crypt"
|
2019-09-17 00:24:56 +05:30
|
|
|
echo " bcrypt passwords encryption: $with_bcrypt"
|
2020-12-28 01:39:25 +05:30
|
|
|
echo " yescrypt passwords encryption: $with_yescrypt"
|
2008-08-31 00:00:36 +05:30
|
|
|
echo " nscd support: $with_nscd"
|
Flush sssd caches in addition to nscd caches
Some distributions, notably Fedora, have the following order of nsswitch
modules by default:
passwd: sss files
group: sss files
The advantage of serving local users through SSSD is that the nss_sss
module has a fast mmapped-cache that speeds up NSS lookups compared to
accessing the disk an opening the files on each NSS request.
Traditionally, this has been done with the help of nscd, but using nscd
in parallel with sssd is cumbersome, as both SSSD and nscd use their own
independent caching, so using nscd in setups where sssd is also serving
users from some remote domain (LDAP, AD, ...) can result in a bit of
unpredictability.
More details about why Fedora chose to use sss before files can be found
on e.g.:
https://fedoraproject.org//wiki/Changes/SSSDCacheForLocalUsers
or:
https://docs.pagure.org/SSSD.sssd/design_pages/files_provider.html
Now, even though sssd watches the passwd and group files with the help
of inotify, there can still be a small window where someone requests a
user or a group, finds that it doesn't exist, adds the entry and checks
again. Without some support in shadow-utils that would explicitly drop
the sssd caches, the inotify watch can fire a little late, so a
combination of commands like this:
getent passwd user || useradd user; getent passwd user
can result in the second getent passwd not finding the newly added user
as the racy behaviour might still return the cached negative hit from
the first getent passwd.
This patch more or less copies the already existing support that
shadow-utils had for dropping nscd caches, except using the "sss_cache"
tool that sssd ships.
2018-09-12 17:52:11 +05:30
|
|
|
echo " sssd support: $with_sssd"
|
Allow disabling of subordinate IDs.
* configure.in: Add configure options --enable-subordinate-ids /
--disable-subordinate-ids. Enabled by default.
* lib/prototypes.h: Include <config.h> before using its macros.
* lib/commonio.h, lib/commonio.c: Define commonio_append only when
ENABLE_SUBIDS is defined.
* lib/prototypes.h, libmisc/find_new_sub_gids.c,
libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Likewise.
* libmisc/user_busy.c: Only check if subordinate IDs are in use if
ENABLE_SUBIDS is defined.
* src/Makefile.am: Create newgidmap and newuidmap only if
ENABLE_SUBIDS is defined.
* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
subordinate IDs.
* src/useradd.c: Likewise.
* src/userdel.c: Likewise.
* src/usermod.c: Likewise.
* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 (not translated yet).
* man/generate_mans.mak: Add xsltproc conditionals
subids/no_subids.
* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
condition.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/usermod.8.xml: Document options for subordinate IDs and
reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-11 18:24:22 +05:30
|
|
|
echo " subordinate IDs support: $enable_subids"
|
2018-10-24 14:38:28 +05:30
|
|
|
echo " use file caps: $with_fcaps"
|
2019-11-19 15:27:06 +05:30
|
|
|
echo " install su: $with_su"
|
2022-11-28 21:48:09 +05:30
|
|
|
echo " enabled vendor dir: $enable_vendordir"
|
2007-10-07 17:17:01 +05:30
|
|
|
echo
|
