configure.ac

dnl Process this file with autoconf to produce a configure script.
AC_PREREQ([2.69])
m4_define([libsubid_abi_major], 3)
m4_define([libsubid_abi_minor], 0)
m4_define([libsubid_abi_micro], 0)
m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
AC_INIT([shadow], [4.9], [pkg-shadow-devel@lists.alioth.debian.org], [],
	[https://github.com/shadow-maint/shadow])
AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
AC_CONFIG_MACRO_DIRS([m4])
AM_SILENT_RULES([yes])
AC_CONFIG_HEADERS([config.h])

AC_SUBST([LIBSUBID_ABI_MAJOR], [libsubid_abi_major])
AC_SUBST([LIBSUBID_ABI_MINOR], [libsubid_abi_minor])
AC_SUBST([LIBSUBID_ABI_MICRO], [libsubid_abi_micro])
AC_SUBST([LIBSUBID_ABI], [libsubid_abi])

dnl Some hacks...
test "$prefix" = "NONE" && prefix="/usr"
test "$prefix" = "/usr" && exec_prefix=""

AC_GNU_SOURCE

AM_ENABLE_STATIC
AM_ENABLE_SHARED

AM_MAINTAINER_MODE

dnl Checks for programs.
AC_PROG_CC
AC_ISC_POSIX
AC_PROG_LN_S
AC_PROG_YACC
AM_PROG_LIBTOOL

dnl Checks for libraries.

dnl Checks for header files.
AC_HEADER_DIRENT
AC_HEADER_STDC
AC_HEADER_SYS_WAIT
AC_HEADER_STDBOOL

AC_CHECK_HEADERS(crypt.h errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
	utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
	utime.h ulimit.h sys/capability.h sys/random.h sys/resource.h \
	gshadow.h lastlog.h locale.h rpc/key_prot.h netdb.h acl/libacl.h \
	attr/libattr.h attr/error_context.h)

dnl shadow now uses the libc's shadow implementation
AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])

AC_CHECK_FUNCS(arc4random_buf l64a fchmod fchown fsync futimes getgroups \
	gethostname getentropy getrandom getspnam gettimeofday getusershell \
	getutent initgroups lchown lckpwdf lstat lutimes memcpy memset \
	setgroups sigaction strchr updwtmp updwtmpx innetgr getpwnam_r \
	getpwuid_r getgrnam_r getgrgid_r getspnam_r getaddrinfo ruserok \
	dlopen)
AC_SYS_LARGEFILE

dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_TYPE_UID_T
AC_TYPE_OFF_T
AC_TYPE_PID_T
AC_TYPE_MODE_T
AC_HEADER_STAT
AC_CHECK_MEMBERS([struct stat.st_rdev])
AC_CHECK_MEMBERS([struct stat.st_atim])
AC_CHECK_MEMBERS([struct stat.st_atimensec])
AC_CHECK_MEMBERS([struct stat.st_mtim])
AC_CHECK_MEMBERS([struct stat.st_mtimensec])
AC_HEADER_TIME
AC_STRUCT_TM

AC_CHECK_MEMBERS([struct utmp.ut_type,
                  struct utmp.ut_id,
                  struct utmp.ut_name,
                  struct utmp.ut_user,
                  struct utmp.ut_host,
                  struct utmp.ut_syslen,
                  struct utmp.ut_addr,
                  struct utmp.ut_addr_v6,
                  struct utmp.ut_time,
                  struct utmp.ut_xtime,
                  struct utmp.ut_tv],,,[[#include <utmp.h>]])

AC_CHECK_MEMBERS([struct utmpx.ut_name,
                  struct utmpx.ut_host,
                  struct utmpx.ut_syslen,
                  struct utmpx.ut_addr,
                  struct utmpx.ut_addr_v6,
                  struct utmpx.ut_time,
                  struct utmpx.ut_xtime],,,[[#include <utmpx.h>]])

if test "$ac_cv_header_lastlog_h" = "yes"; then
	AC_CACHE_CHECK(for ll_host in struct lastlog,
		ac_cv_struct_lastlog_ll_host,
		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <lastlog.h>],
					[struct lastlog ll; char *cp = ll.ll_host;]
				)],
			[ac_cv_struct_lastlog_ll_host=yes],
			[ac_cv_struct_lastlog_ll_host=no]
		)
	)

	if test "$ac_cv_struct_lastlog_ll_host" = "yes"; then
		AC_DEFINE(HAVE_LL_HOST, 1,
			[Define if struct lastlog has ll_host])
	fi
fi

dnl Checks for library functions.
AC_TYPE_GETGROUPS
AC_TYPE_SIGNAL
AC_FUNC_UTIME_NULL
AC_FUNC_STRFTIME
AC_REPLACE_FUNCS(mkdir putgrent putpwent putspent rename rmdir)
AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr)

AC_CHECK_FUNC(setpgrp)
AC_CHECK_FUNC(secure_getenv, [AC_DEFINE(HAS_SECURE_GETENV,
                                        1,
                                        [Defined to 1 if you have the declaration of 'secure_getenv'])])

if test "$ac_cv_header_shadow_h" = "yes"; then
	AC_CACHE_CHECK(for working shadow group support,
		ac_cv_libc_shadowgrp,
		AC_RUN_IFELSE([AC_LANG_SOURCE([
				#include <shadow.h>
				main()
				{
					struct sgrp *sg = sgetsgent("test:x::");
					/* NYS libc on Red Hat 3.0.3 has broken shadow group support */
					return !sg || !sg->sg_adm || !sg->sg_mem;
				}]
			)],
			[ac_cv_libc_shadowgrp=yes],
			[ac_cv_libc_shadowgrp=no],
			[ac_cv_libc_shadowgrp=no]
		)
	)

	if test "$ac_cv_libc_shadowgrp" = "yes"; then
		AC_DEFINE(HAVE_SHADOWGRP, 1, [Have working shadow group support in libc])
	fi
fi

AC_CACHE_CHECK([location of shared mail directory], shadow_cv_maildir,
[for shadow_cv_maildir in /var/mail /var/spool/mail /usr/spool/mail /usr/mail none; do
	if test -d $shadow_cv_maildir; then
		break
	fi
done])
if test $shadow_cv_maildir != none; then
	AC_DEFINE_UNQUOTED(MAIL_SPOOL_DIR, "$shadow_cv_maildir",
		[Location of system mail spool directory.])
fi

AC_CACHE_CHECK([location of user mail file], shadow_cv_mailfile,
[for shadow_cv_mailfile in Mailbox mailbox Mail mail .mail none; do
	if test -f $HOME/$shadow_cv_mailfile; then
		break
	fi
done])
if test $shadow_cv_mailfile != none; then
	AC_DEFINE_UNQUOTED(MAIL_SPOOL_FILE, "$shadow_cv_mailfile",
		[Name of user's mail spool file if stored in user's home directory.])
fi

AC_CACHE_CHECK([location of utmp], shadow_cv_utmpdir,
[for shadow_cv_utmpdir in /var/run /var/adm /usr/adm /etc none; do
	if test -f $shadow_cv_utmpdir/utmp; then
		break
	fi
done])
if test "$shadow_cv_utmpdir" = "none"; then
	AC_MSG_WARN(utmp file not found)
fi
AC_DEFINE_UNQUOTED(_UTMP_FILE, "$shadow_cv_utmpdir/utmp",
	[Path for utmp file.])

AC_CACHE_CHECK([location of faillog/lastlog/wtmp], shadow_cv_logdir,
[for shadow_cv_logdir in /var/log /var/adm /usr/adm /etc; do
	if test -d $shadow_cv_logdir; then
		break
	fi
done])
AC_DEFINE_UNQUOTED(_WTMP_FILE, "$shadow_cv_logdir/wtmp",
	[Path for wtmp file.])
AC_DEFINE_UNQUOTED(LASTLOG_FILE, "$shadow_cv_logdir/lastlog",
	[Path for lastlog file.])
AC_DEFINE_UNQUOTED(FAILLOG_FILE, "$shadow_cv_logdir/faillog",
	[Path for faillog file.])

AC_CACHE_CHECK([location of the passwd program], shadow_cv_passwd_dir,
[if test -f /usr/bin/passwd; then
	shadow_cv_passwd_dir=/usr/bin
else
	shadow_cv_passwd_dir=/bin
fi])
AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
	[Path to passwd program.])

dnl XXX - quick hack, should disappear before anyone notices :).
AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().])
if test "$ac_cv_func_ruserok" = "yes"; then
	AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
	AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
fi

AC_ARG_ENABLE(shadowgrp,
	[AC_HELP_STRING([--enable-shadowgrp], [enable shadow group support @<:@default=yes@:>@])],
	[case "${enableval}" in
	 yes) enable_shadowgrp="yes" ;;
	  no) enable_shadowgrp="no" ;;
	   *) AC_MSG_ERROR(bad value ${enableval} for --enable-shadowgrp) ;;
	 esac],
	[enable_shadowgrp="yes"]
)

AC_ARG_ENABLE(man,
	[AC_HELP_STRING([--enable-man],
		[regenerate roff man pages from Docbook @<:@default=no@:>@])],
	[enable_man="${enableval}"],
	[enable_man="no"]
)

AC_ARG_ENABLE(account-tools-setuid,
	[AC_HELP_STRING([--enable-account-tools-setuid],
		[Install the user and group management tools setuid and authenticate the callers. This requires --with-pam.])],
	[case "${enableval}" in
	 yes) enable_acct_tools_setuid="yes" ;;
	  no) enable_acct_tools_setuid="no" ;;
	   *) AC_MSG_ERROR(bad value ${enableval} for --enable-account-tools-setuid)
	   ;;
	 esac],
	[enable_acct_tools_setuid="no"]
)

AC_ARG_ENABLE(utmpx,
	[AC_HELP_STRING([--enable-utmpx],
	                [enable loggin in utmpx / wtmpx @<:@default=no@:>@])],
	[case "${enableval}" in
	 yes) enable_utmpx="yes" ;;
	  no) enable_utmpx="no" ;;
	   *) AC_MSG_ERROR(bad value ${enableval} for --enable-utmpx) ;;
	 esac],
	[enable_utmpx="no"]
)

AC_ARG_ENABLE(subordinate-ids,
	[AC_HELP_STRING([--enable-subordinate-ids],
		[support subordinate ids @<:@default=yes@:>@])],
	[enable_subids="${enableval}"],
	[enable_subids="maybe"]
)

AC_ARG_WITH(audit,
	[AC_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
	[with_audit=$withval], [with_audit=maybe])
AC_ARG_WITH(libpam,
	[AC_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
	[with_libpam=$withval], [with_libpam=maybe])
AC_ARG_WITH(btrfs,
	[AC_HELP_STRING([--with-btrfs], [add BtrFS support @<:@default=yes if found@:>@])],
	[with_btrfs=$withval], [with_btrfs=maybe])
AC_ARG_WITH(selinux,
	[AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
	[with_selinux=$withval], [with_selinux=maybe])
AC_ARG_WITH(acl,
	[AC_HELP_STRING([--with-acl], [use ACL support @<:@default=yes if found@:>@])],
	[with_acl=$withval], [with_acl=maybe])
AC_ARG_WITH(attr,
	[AC_HELP_STRING([--with-attr], [use Extended Attribute support @<:@default=yes if found@:>@])],
	[with_attr=$withval], [with_attr=maybe])
AC_ARG_WITH(skey,
	[AC_HELP_STRING([--with-skey], [use S/Key support @<:@default=no@:>@])],
	[with_skey=$withval], [with_skey=no])
AC_ARG_WITH(tcb,
	[AC_HELP_STRING([--with-tcb], [use tcb support (incomplete) @<:@default=yes if found@:>@])],
	[with_tcb=$withval], [with_tcb=maybe])
AC_ARG_WITH(libcrack,
	[AC_HELP_STRING([--with-libcrack], [use libcrack @<:@default=no@:>@])],
	[with_libcrack=$withval], [with_libcrack=no])
AC_ARG_WITH(sha-crypt,
	[AC_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
	[with_sha_crypt=$withval], [with_sha_crypt=yes])
AC_ARG_WITH(bcrypt,
	[AC_HELP_STRING([--with-bcrypt], [allow the bcrypt password encryption algorithm @<:@default=no@:>@])],
	[with_bcrypt=$withval], [with_bcrypt=no])
AC_ARG_WITH(yescrypt,
	[AC_HELP_STRING([--with-yescrypt], [allow the yescrypt password encryption algorithm @<:@default=no@:>@])],
	[with_yescrypt=$withval], [with_yescrypt=no])
AC_ARG_WITH(nscd,
	[AC_HELP_STRING([--with-nscd], [enable support for nscd @<:@default=yes@:>@])],
	[with_nscd=$withval], [with_nscd=yes])
AC_ARG_WITH(sssd,
	[AC_HELP_STRING([--with-sssd], [enable support for flushing sssd caches @<:@default=yes@:>@])],
	[with_sssd=$withval], [with_sssd=yes])
AC_ARG_WITH(group-name-max-length,
	[AC_HELP_STRING([--with-group-name-max-length], [set max group name length @<:@default=16@:>@])],
	[with_group_name_max_length=$withval], [with_group_name_max_length=yes])
AC_ARG_WITH(su,
	[AC_HELP_STRING([--with-su], [build and install su program and man page @<:@default=yes@:>@])],
	[with_su=$withval], [with_su=yes])

if test "$with_group_name_max_length" = "no" ; then
	with_group_name_max_length=0
elif test "$with_group_name_max_length" = "yes" ; then
	with_group_name_max_length=16
fi
AC_DEFINE_UNQUOTED(GROUP_NAME_MAX_LENGTH, $with_group_name_max_length, [max group name length])
AC_SUBST(GROUP_NAME_MAX_LENGTH)
GROUP_NAME_MAX_LENGTH="$with_group_name_max_length"

AM_CONDITIONAL(USE_SHA_CRYPT, test "x$with_sha_crypt" = "xyes")
if test "$with_sha_crypt" = "yes"; then
	AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
fi

AM_CONDITIONAL(ENABLE_SHARED, test "x$enable_shared" = "xyes")

AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes")
if test "$with_bcrypt" = "yes"; then
	AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm])
fi

AM_CONDITIONAL(USE_YESCRYPT, test "x$with_yescrypt" = "xyes")
if test "$with_yescrypt" = "yes"; then
	AC_DEFINE(USE_YESCRYPT, 1, [Define to allow the yescrypt password encryption algorithm])
fi

if test "$with_nscd" = "yes"; then
	AC_CHECK_FUNC(posix_spawn,
	              [AC_DEFINE(USE_NSCD, 1, [Define to support flushing of nscd caches])],
	              [AC_MSG_ERROR([posix_spawn is needed for nscd support])])
fi

if test "$with_sssd" = "yes"; then
	AC_CHECK_FUNC(posix_spawn,
	              [AC_DEFINE(USE_SSSD, 1, [Define to support flushing of sssd caches])],
	              [AC_MSG_ERROR([posix_spawn is needed for sssd support])])
fi

AS_IF([test "$with_su" != "no"], AC_DEFINE(WITH_SU, 1, [Build with su]))
AM_CONDITIONAL([WITH_SU], [test "x$with_su" != "xno"])

dnl Check for some functions in libc first, only if not found check for
dnl other libraries.  This should prevent linking libnsl if not really
dnl needed (Linux glibc, Irix), but still link it if needed (Solaris).

AC_SEARCH_LIBS(inet_ntoa, inet)
AC_SEARCH_LIBS(socket, socket)
AC_SEARCH_LIBS(gethostbyname, nsl)

AC_CHECK_LIB([econf],[econf_readDirs],[LIBECONF="-leconf"],[LIBECONF=""])
if test -n "$LIBECONF"; then
	ECONF_CPPFLAGS="-DUSE_ECONF=1"
	AC_ARG_ENABLE([vendordir],
		AS_HELP_STRING([--enable-vendordir=DIR], [Directory for distribution provided configuration files]),,[])
fi
AC_SUBST(ECONF_CPPFLAGS)
AC_SUBST(LIBECONF)
AC_SUBST([VENDORDIR], [$enable_vendordir])
AM_CONDITIONAL([HAVE_VENDORDIR], [test "x$enable_vendordir" != x])

if test "$enable_shadowgrp" = "yes"; then
	AC_DEFINE(SHADOWGRP, 1, [Define to support the shadow group file.])
fi
AM_CONDITIONAL(SHADOWGRP, test "x$enable_shadowgrp" = "xyes")

if test "$enable_man" = "yes"; then
	dnl
	dnl Check for xsltproc
	dnl
	AC_PATH_PROG([XSLTPROC], [xsltproc])
	if test -z "$XSLTPROC"; then
		enable_man=no
		AC_MSG_ERROR([xsltproc is missing.])
	fi

	dnl check for DocBook DTD and stylesheets in the local catalog.
	JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.5//EN],
		[DocBook XML DTD V4.5], [], enable_man=no)
	JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
		[DocBook XSL Stylesheets >= 1.70.1], [], enable_man=no)
fi
AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test "x$enable_man" != "xno")

if test "$enable_subids" != "no"; then
	dnl
	dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
	dnl
	AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
	AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])

	if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
		AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
		enable_subids="yes"
	else
		if test "x$enable_subids" = "xyes"; then
			AC_MSG_ERROR([Cannot enable support the subordinate IDs on systems where gid_t or uid_t has less than 32 bits])
		fi
		enable_subids="no"
	fi
fi
AM_CONDITIONAL(ENABLE_SUBIDS, test "x$enable_subids" != "xno")

AC_SUBST(LIBCRYPT)
AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
	[AC_MSG_ERROR([crypt() not found])])

AC_SUBST(LIYESCRYPT)
AC_CHECK_LIB(crypt, crypt, [LIYESCRYPT=-lcrypt],
	[AC_MSG_ERROR([crypt() not found])])

AC_SUBST(LIBACL)
if test "$with_acl" != "no"; then
	AC_CHECK_HEADERS(acl/libacl.h attr/error_context.h, [acl_header="yes"], [acl_header="no"])
	if test "$acl_header$with_acl" = "noyes" ; then
		AC_MSG_ERROR([acl/libacl.h or attr/error_context.h is missing])
	elif test "$acl_header" = "yes" ; then
		AC_CHECK_LIB(acl, perm_copy_file,
		             [AC_CHECK_LIB(acl, perm_copy_fd,
		                           [acl_lib="yes"],
		                           [acl_lib="no"])],
		             [acl_lib="no"])
		if test "$acl_lib$with_acl" = "noyes" ; then
			AC_MSG_ERROR([libacl not found])
		elif test "$acl_lib" = "no" ; then
			with_acl="no"
		else
			AC_DEFINE(WITH_ACL, 1,
			          [Build shadow with ACL support])
			LIBACL="-lacl"
			with_acl="yes"
		fi
	else
		with_acl="no"
	fi
fi

AC_SUBST(LIBATTR)
if test "$with_attr" != "no"; then
	AC_CHECK_HEADERS(attr/libattr.h attr/error_context.h, [attr_header="yes"], [attr_header="no"])
	if test "$attr_header$with_attr" = "noyes" ; then
		AC_MSG_ERROR([attr/libattr.h or attr/error_context.h is missing])
	elif test "$attr_header" = "yes" ; then
		AC_CHECK_LIB(attr, attr_copy_file,
		             [AC_CHECK_LIB(attr, attr_copy_fd,
		                           [attr_lib="yes"],
		                           [attr_lib="no"])],
		             [attr_lib="no"])
		if test "$attr_lib$with_attr" = "noyes" ; then
			AC_MSG_ERROR([libattr not found])
		elif test "$attr_lib" = "no" ; then
			with_attr="no"
		else
			AC_DEFINE(WITH_ATTR, 1,
			          [Build shadow with Extended Attributes support])
			LIBATTR="-lattr"
			with_attr="yes"
		fi
	else
		with_attr="no"
	fi
fi

AC_SUBST(LIBAUDIT)
if test "$with_audit" != "no"; then
	AC_CHECK_HEADER(libaudit.h, [audit_header="yes"], [audit_header="no"])
	if test "$audit_header$with_audit" = "noyes" ; then
		AC_MSG_ERROR([libaudit.h is missing])
	elif test "$audit_header" = "yes"; then
		AC_CHECK_DECL(AUDIT_ADD_USER,,[audit_header="no"],[#include <libaudit.h>])
		AC_CHECK_DECL(AUDIT_DEL_USER,,[audit_header="no"],[#include <libaudit.h>])
		AC_CHECK_DECL(AUDIT_ADD_GROUP,,[audit_header="no"],[#include <libaudit.h>])
		AC_CHECK_DECL(AUDIT_DEL_GROUP,,[audit_header="no"],[#include <libaudit.h>])
		if test "$audit_header$with_audit" = "noyes" ; then
			AC_MSG_ERROR([AUDIT_ADD_USER AUDIT_DEL_USER AUDIT_ADD_GROUP or AUDIT_DEL_GROUP missing from libaudit.h])
		fi
	fi
	if test "$audit_header" = "yes"; then
		AC_CHECK_LIB(audit, audit_log_acct_message,
		             [audit_lib="yes"], [audit_lib="no"])
		if test "$audit_lib$with_audit" = "noyes" ; then
			AC_MSG_ERROR([libaudit not found])
		elif test "$audit_lib" = "no" ; then
			with_audit="no"
		else
			AC_DEFINE(WITH_AUDIT, 1,
			          [Define if you want to enable Audit messages])
			LIBAUDIT="-laudit"
			with_audit="yes"
		fi
	else
		with_audit="no"
	fi
fi

AC_SUBST(LIBCRACK)
if test "$with_libcrack" = "yes"; then
	echo "checking cracklib flavour, don't be surprised by the results"
	AC_CHECK_LIB(crack, FascistCheck,
		[LIBCRACK=-lcrack AC_DEFINE(HAVE_LIBCRACK, 1, [Defined if you have libcrack.])])
	AC_CHECK_LIB(crack, FascistHistory,
		AC_DEFINE(HAVE_LIBCRACK_HIST, 1, [Defined if you have the ts&szs cracklib.]))
	AC_CHECK_LIB(crack, FascistHistoryPw,
		AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
fi

if test "$with_btrfs" != "no"; then
	AC_CHECK_HEADERS([sys/statfs.h linux/magic.h linux/btrfs_tree.h], \
		[btrfs_headers="yes"], [btrfs_headers="no"])
	if test "$btrfs_headers$with_btrfs" = "noyes" ; then
		AC_MSG_ERROR([One of sys/statfs.h linux/magic.h linux/btrfs_tree.h is missing])
	fi

	if test "$btrfs_headers" = "yes" ; then
		AC_DEFINE(WITH_BTRFS, 1, [Build shadow with BtrFS support])
		with_btrfs="yes"
	fi
fi
AM_CONDITIONAL(WITH_BTRFS, test x$with_btrfs = xyes)

AC_SUBST(LIBSELINUX)
AC_SUBST(LIBSEMANAGE)
if test "$with_selinux" != "no"; then
	AC_CHECK_HEADERS(selinux/selinux.h, [selinux_header="yes"], [selinux_header="no"])
	if test "$selinux_header$with_selinux" = "noyes" ; then
		AC_MSG_ERROR([selinux/selinux.h is missing])
	fi

	AC_CHECK_HEADERS(semanage/semanage.h, [semanage_header="yes"], [semanage_header="no"])
	if test "$semanage_header$with_selinux" = "noyes" ; then
		AC_MSG_ERROR([semanage/semanage.h is missing])
	fi

	if test "$selinux_header$semanage_header" = "yesyes" ; then
		AC_CHECK_LIB(selinux, is_selinux_enabled, [selinux_lib="yes"], [selinux_lib="no"])
		if test "$selinux_lib$with_selinux" = "noyes" ; then
			AC_MSG_ERROR([libselinux not found])
		fi

		AC_CHECK_LIB(semanage, semanage_connect, [semanage_lib="yes"], [semanage_lib="no"])
		if test "$semanage_lib$with_selinux" = "noyes" ; then
			AC_MSG_ERROR([libsemanage not found])
		fi

		if test "$selinux_lib$semanage_lib" = "yesyes" ; then
			AC_DEFINE(WITH_SELINUX, 1,
			          [Build shadow with SELinux support])
			LIBSELINUX="-lselinux"
			LIBSEMANAGE="-lsemanage"
			with_selinux="yes"
		else
			with_selinux="no"
		fi
	else
		with_selinux="no"
	fi
fi

AC_SUBST(LIBTCB)
if test "$with_tcb" != "no"; then
	AC_CHECK_HEADERS(tcb.h, [tcb_header="yes"], [tcb_header="no"])
	if test "$tcb_header$with_tcb" = "noyes" ; then
		AC_MSG_ERROR([tcb.h is missing])
	elif test "$tcb_header" = "yes" ; then
		AC_CHECK_LIB(tcb, tcb_is_suspect, [tcb_lib="yes"], [tcb_lib="no"])
		if test "$tcb_lib$with_tcb" = "noyes" ; then
			AC_MSG_ERROR([libtcb not found])
		elif test "$tcb_lib" = "no" ; then
			with_tcb="no"
		else
			AC_DEFINE(WITH_TCB, 1, [Build shadow with tcb support (incomplete)])
			LIBTCB="-ltcb"
			with_tcb="yes"
		fi
	else
		with_tcb="no"
	fi
fi
AM_CONDITIONAL(WITH_TCB, test x$with_tcb = xyes)

AC_SUBST(LIBPAM)
if test "$with_libpam" != "no"; then
	AC_CHECK_LIB(pam, pam_start,
	             [pam_lib="yes"], [pam_lib="no"])
	if test "$pam_lib$with_libpam" = "noyes" ; then
		AC_MSG_ERROR(libpam not found)
	fi

	LIBPAM="-lpam"
	pam_conv_function="no"

	AC_CHECK_LIB(pam, openpam_ttyconv,
	             [pam_conv_function="openpam_ttyconv"],
	             AC_CHECK_LIB(pam_misc, misc_conv,
	                          [pam_conv_function="misc_conv"; LIBPAM="$LIBPAM -lpam_misc"])
	            )

	if test "$pam_conv_function$with_libpam" = "noyes" ; then
		AC_MSG_ERROR(PAM conversation function not found)
	fi

	pam_headers_found=no
	AC_CHECK_HEADERS( [security/openpam.h security/pam_misc.h],
	                 [ pam_headers_found=yes ; break ], [],
	                 [ #include <security/pam_appl.h> ] )
	if test "$pam_headers_found$with_libpam" = "noyes" ; then
	                AC_MSG_ERROR(PAM headers not found)
	fi


	if test "$pam_lib$pam_headers_found" = "yesyes" -a "$pam_conv_function" != "no" ; then
		with_libpam="yes"
	else
		with_libpam="no"
		unset LIBPAM
	fi
fi
dnl Now with_libpam is either yes or no
if test "$with_libpam" = "yes"; then
	AC_CHECK_DECLS([PAM_ESTABLISH_CRED,
	                PAM_DELETE_CRED,
	                PAM_NEW_AUTHTOK_REQD,
	                PAM_DATA_SILENT],
	               [], [], [#include <security/pam_appl.h>])


	save_libs=$LIBS
	LIBS="$LIBS $LIBPAM"
	# We do not use AC_CHECK_FUNCS to avoid duplicated definition with
	# Linux PAM.
	AC_CHECK_FUNC(pam_fail_delay, [AC_DEFINE(HAS_PAM_FAIL_DELAY, 1, [Define to 1 if you have the declaration of 'pam_fail_delay'])])
	LIBS=$save_libs

	AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
	AC_DEFINE_UNQUOTED(SHADOW_PAM_CONVERSATION, [$pam_conv_function],[PAM conversation to use])
	AM_CONDITIONAL(USE_PAM, [true])

	AC_MSG_CHECKING(use login and su access checking if PAM not used)
	AC_MSG_RESULT(no)
else
	AC_DEFINE(SU_ACCESS, 1, [Define to support /etc/suauth su access control.])
	AM_CONDITIONAL(USE_PAM, [false])
	AC_MSG_CHECKING(use login and su access checking if PAM not used)
	AC_MSG_RESULT(yes)
fi

if test "$enable_acct_tools_setuid" != "no"; then
	if test "$with_libpam" != "yes"; then
		if test "$enable_acct_tools_setuid" = "yes"; then
			AC_MSG_ERROR(PAM support is required for --enable-account-tools-setuid)
		else
			enable_acct_tools_setuid="no"
		fi
	else
		enable_acct_tools_setuid="yes"
	fi
	if test "$enable_acct_tools_setuid" = "yes"; then
		AC_DEFINE(ACCT_TOOLS_SETUID,
		          1,
		          [Define if account management tools should be installed setuid and authenticate the callers])
	fi
fi
AM_CONDITIONAL(ACCT_TOOLS_SETUID, test "x$enable_acct_tools_setuid" = "xyes")


AC_ARG_WITH(fcaps,
	[AC_HELP_STRING([--with-fcaps], [use file capabilities instead of suid binaries for newuidmap/newgidmap @<:@default=no@:>@])],
	[with_fcaps=$withval], [with_fcaps=no])
AM_CONDITIONAL(FCAPS, test "x$with_fcaps" = "xyes")

if test "x$with_fcaps" = "xyes"; then
	AC_CHECK_PROGS(capcmd, "setcap")
	if test "x$capcmd" = "x" ; then
		AC_MSG_ERROR([setcap command not available])
	fi
fi

AC_SUBST(LIBSKEY)
AC_SUBST(LIBMD)
if test "$with_skey" = "yes"; then
	AC_CHECK_LIB(md, MD5Init, [LIBMD=-lmd])
	AC_CHECK_LIB(skey, skeychallenge, [LIBSKEY=-lskey],
		[AC_MSG_ERROR([liskey missing. You can download S/Key source code from http://rsync1.it.gentoo.org/gentoo/distfiles/skey-1.1.5.tar.bz2])])
	AC_DEFINE(SKEY, 1, [Define to support S/Key logins.])
	AC_TRY_COMPILE([
		#include <stdio.h>
		#include <skey.h>
	],[
		skeychallenge((void*)0, (void*)0, (void*)0, 0);
	],[AC_DEFINE(SKEY_BSD_STYLE, 1, [Define to support newer BSD S/Key API])])
fi

if test "$enable_utmpx" = "yes"; then
	if test "$ac_cv_header_utmpx_h" != "yes"; then
		AC_MSG_ERROR([The utmpx.h header file is required for utmpx support.])
	fi
	AC_DEFINE(USE_UTMPX,
	          1,
	          [Define if utmpx should be used])
fi

AC_DEFINE_UNQUOTED(SHELL, ["$SHELL"], [The default shell.])

AM_GNU_GETTEXT_VERSION(0.16)
AM_GNU_GETTEXT([external], [need-ngettext])
AM_CONDITIONAL(USE_NLS, test "x$USE_NLS" = "xyes")

AC_CONFIG_FILES([
	Makefile
	po/Makefile.in
	doc/Makefile
	man/Makefile
	man/config.xml
	man/po/Makefile
	man/cs/Makefile
	man/da/Makefile
	man/de/Makefile
	man/es/Makefile
	man/fi/Makefile
	man/fr/Makefile
	man/hu/Makefile
	man/id/Makefile
	man/it/Makefile
	man/ja/Makefile
	man/ko/Makefile
	man/pl/Makefile
	man/pt_BR/Makefile
	man/ru/Makefile
	man/sv/Makefile
	man/tr/Makefile
	man/zh_CN/Makefile
	man/zh_TW/Makefile
	libmisc/Makefile
	lib/Makefile
	libsubid/Makefile
	src/Makefile
	contrib/Makefile
	etc/Makefile
	etc/pam.d/Makefile
	shadow.spec
])
AC_OUTPUT

echo
echo "shadow will be compiled with the following features:"
echo
echo "	auditing support:		$with_audit"
echo "	CrackLib support:		$with_libcrack"
echo "	PAM support:			$with_libpam"
if test "$with_libpam" = "yes"; then
echo "	suid account management tools:	$enable_acct_tools_setuid"
fi
echo "	SELinux support:		$with_selinux"
echo "	BtrFS support:			$with_btrfs"
echo "	ACL support:			$with_acl"
echo "	Extended Attributes support:	$with_attr"
echo "	tcb support (incomplete):	$with_tcb"
echo "	shadow group support:		$enable_shadowgrp"
echo "	S/Key support:			$with_skey"
echo "	SHA passwords encryption:	$with_sha_crypt"
echo "	bcrypt passwords encryption:	$with_bcrypt"
echo "	yescrypt passwords encryption:	$with_yescrypt"
echo "	nscd support:			$with_nscd"
echo "	sssd support:			$with_sssd"
echo "	subordinate IDs support:	$enable_subids"
echo "	use file caps:			$with_fcaps"
echo "	install su:			$with_su"
echo