- # from Tim Showalter <tjs+@andrew.cmu.edu>
- PASSWD_LIBS="$PASSWD_LIBS -lkrb -ldes"
- AC_CHECK_FUNC(res_search,,
- AC_CHECK_LIB(resolv,res_search,PASSWD_LIBS="${PASSWD_LIBS} -lresolv",
- AC_MSG_WARN([Can't find DNS resolver libraries needed for Kerberos])
- ))
-
- fi
- elif test "$with_kerberos" != no; then
- echo "error: must be yes or no: --with-kerberos=$with_kerberos"
- exit 1
- fi
-
- # Check for PAM.
- AC_ARG_WITH(pam,
-[ --with-pam Include support for PAM (Pluggable Authentication
- Modules) if possible (this is the default.)
- --without-pam Do not compile in support for PAM.],
- [with_pam="$withval"; with_pam_req="$withval"],[with_pam=no])
-#### Leave PAM off by default for now, since it's buggy on Solaris
-#### (and probably Linux, but it's so hard to tell...)
-
- HANDLE_X_PATH_ARG(with_pam, --with-pam, PAM)
-
- if test "$with_pam" = yes; then
- AC_CACHE_CHECK([for PAM], ac_cv_pam,
- [AC_TRY_X_COMPILE([#include <security/pam_appl.h>],,
- [ac_cv_pam=yes],
- [ac_cv_pam=no])])
- if test "$ac_cv_pam" = yes ; then
- have_pam=yes
- AC_DEFINE(HAVE_PAM)
- PASSWD_LIBS="${PASSWD_LIBS} -lpam -ldl"
- fi
- elif test "$with_pam" != no; then
- echo "error: must be yes or no: --with-pam=$with_pam"
- exit 1
- fi
-
- # Next, check for the nine billion variants of shadow passwords...
-
- pwent_cruft_done=no
- AC_ARG_WITH(shadow,
-[ --with-shadow Include support for shadow password authentication,
- if possible (this is the default, if no Kerberos or
- PAM.)
- --without-shadow Do not compile in support for shadow passwords.
-],
- [with_shadow="$withval"; with_shadow_req="$withval"],[with_shadow=yes])
-
- HANDLE_X_PATH_ARG(with_shadow, --with-shadow, shadow password)
-
- if test "$with_shadow" = no; then
- pwent_cruft_done=yes
- elif test "$with_shadow" != yes; then
- echo "error: must be yes or no: --with-shadow=$with_shadow"
- exit 1
- fi
-
-
- # Sun's "adjunct" passwords.
- #
- if test "$pwent_cruft_done" = no ; then
- AC_CACHE_CHECK([for Sun-style shadow passwords], ac_cv_sun_adjunct,
- [AC_TRY_X_COMPILE([#include <stdlib.h>
- #include <unistd.h>
- #include <sys/types.h>
- #include <sys/label.h>
- #include <sys/audit.h>
- #include <pwdadj.h>],
- [struct passwd_adjunct *p = getpwanam("nobody");
- const char *pw = p->pwa_passwd;],
- [ac_cv_sun_adjunct=yes],
- [ac_cv_sun_adjunct=no])])
- if test "$ac_cv_sun_adjunct" = yes; then
- have_shadow=yes
- need_setuid=yes
- pwent_cruft_done=yes
- AC_DEFINE(HAVE_ADJUNCT_PASSWD)
- fi
- fi
-
- # DEC and SCO so-called "enhanced" security.
- #
- if test "$pwent_cruft_done" = no ; then
- AC_CACHE_CHECK([for DEC-style shadow passwords], ac_cv_enhanced_passwd,
- [AC_TRY_X_COMPILE([#include <stdlib.h>
- #include <unistd.h>
- #include <sys/types.h>
- #include <pwd.h>
- #include <sys/security.h>
- #include <prot.h>],
- [struct pr_passwd *p;
- const char *pw;
- set_auth_parameters(0, 0);
- check_auth_parameters();
- p = getprpwnam("nobody");
- pw = p->ufld.fd_encrypt;],
- [ac_cv_enhanced_passwd=yes],
- [ac_cv_enhanced_passwd=no])])
- if test $ac_cv_enhanced_passwd = yes; then
- have_shadow=yes
- need_setuid=yes
- pwent_cruft_done=yes
- AC_DEFINE(HAVE_ENHANCED_PASSWD)
-
- # On SCO, getprpwnam() is in -lprot (which uses nap() from -lx)
- # (I'm told it needs -lcurses too, but I don't understand why.)
- AC_CHECK_LIB(prot, getprpwnam,
- [PASSWD_LIBS="$PASSWD_LIBS -lprot -lcurses -lx"],
- [# On DEC, getprpwnam() is in -lsecurity
- AC_CHECK_LIB(security, getprpwnam,
- [PASSWD_LIBS="$PASSWD_LIBS -lsecurity"])],
- [-lx])
- fi
- fi
-
- # HP's entry in the "Not Invented Here" Sweepstakes.
- #
- if test "$pwent_cruft_done" = no ; then
- AC_CACHE_CHECK([for HP-style shadow passwords], ac_cv_hpux_passwd,
- [AC_TRY_X_COMPILE([#include <stdlib.h>
- #include <unistd.h>
- #include <sys/types.h>
- #include <pwd.h>
- #include <hpsecurity.h>
- #include <prot.h>],
- [struct s_passwd *p = getspwnam("nobody");
- const char *pw = p->pw_passwd;],
- [ac_cv_hpux_passwd=yes],
- [ac_cv_hpux_passwd=no])])
- if test "$ac_cv_hpux_passwd" = yes; then
- have_shadow=yes
- need_setuid=yes
- pwent_cruft_done=yes
- AC_DEFINE(HAVE_HPUX_PASSWD)
-
- # on HPUX, bigcrypt is in -lsec
- AC_CHECK_LIB(sec, bigcrypt, [PASSWD_LIBS="$PASSWD_LIBS -lsec"])
- fi
- fi
-
- # Traditional (ha!) shadow passwords.
- #
- if test "$pwent_cruft_done" = no ; then
- AC_CACHE_CHECK([for generic shadow passwords], ac_cv_shadow,
- [AC_TRY_X_COMPILE([#include <stdlib.h>
- #include <unistd.h>
- #include <sys/types.h>
- #include <pwd.h>
- #include <shadow.h>],
- [struct spwd *p = getspnam("nobody");
- const char *pw = p->sp_pwdp;],
- [ac_cv_shadow=yes],
- [ac_cv_shadow=no])])
- if test "$ac_cv_shadow" = yes; then
- have_shadow=yes
- need_setuid=yes
- pwent_cruft_done=yes
- AC_DEFINE(HAVE_SHADOW_PASSWD)
-
- # On some systems (UnixWare 2.1), getspnam() is in -lgen instead of -lc.
- have_getspnam=no
- AC_CHECK_LIB(c, getspnam, [have_getspnam=yes])
- if test "$have_getspnam" = no ; then
- AC_CHECK_LIB(gen, getspnam,
- [have_getspnam=yes; PASSWD_LIBS="$PASSWD_LIBS -lgen"])
- fi
- fi
- fi
-
- # On FreeBSD, getpwnam() and friends work just like on non-shadow-password
- # systems -- except you only get stuff in the pw_passwd field if the running
- # program is setuid. So, guess that we've got this lossage to contend with
- # if /etc/master.passwd exists, and default to a setuid installation.
- #
- if test "$pwent_cruft_done" = no ; then
- AC_CACHE_CHECK([for FreeBSD-style shadow passwords], ac_cv_master_passwd,
- [if test -f /etc/master.passwd ; then
- ac_cv_master_passwd=yes
- else
- ac_cv_master_passwd=no
- fi])
- if test "$ac_cv_master_passwd" = yes; then
- need_setuid=yes
- pwent_cruft_done=yes
- fi
- fi
-
- # On some systems (UnixWare 2.1), crypt() is in -lcrypt instead of -lc.
- have_crypt=no
- AC_CHECK_LIB(c, crypt, [have_crypt=yes])
- if test "$have_crypt" = no ; then
- AC_CHECK_LIB(crypt, crypt,
- [have_crypt=yes; PASSWD_LIBS="$PASSWD_LIBS -lcrypt"])
- fi
-
-
- # Most of the above shadow mechanisms will have set need_setuid to yes,
- # if they were found. But, on some systems, we need setuid even when
- # using plain old vanilla passwords.
- #
- if test "$need_setuid" = no ; then
- case "$host" in
- *-hpux* | *-aix* | *-netbsd* | *-freebsd* | *-openbsd* )
- need_setuid=yes
- ;;
- esac
- fi
-
-fi