NetBSD/usr.bin/su/Makefile

#	$NetBSD: Makefile,v 1.39 2005/01/12 01:45:32 christos Exp $
#	from: @(#)Makefile	8.1 (Berkeley) 7/19/93

.include <bsd.own.mk>
MKPAM=yes

PROG=	su
BINOWN=	root
BINMODE=4555

.if ${MKPAM} != "no"

CPPFLAGS+=-DUSE_PAM -DPAM_DEBUG
# XXX: Need libcrypt here, because libcrypto defines it too.
DPADD+=	${LIBPAM} ${LIBCRYPT} ${LIBUTIL}
LDADD+= -lpam -lcrypt -lutil
SRCS=su_pam.c

.else

SRCS=su.c

CPPFLAGS+=-DLOGIN_CAP

DPADD+=	${LIBCRYPT} ${LIBUTIL}
LDADD+=	-lcrypt -lutil

# Uncomment the following line to change the group that may su root to "sugroup"
#
#CPPFLAGS+=-DSU_GROUP=\"sugroup\"

# Uncomment the following line to make su
# treat group wheel (SUGROUP) and/or ROOTAUTH as an indirect
# list of groups.
#CPPFLAGS+=-DSU_INDIRECT_GROUP

.if (${USE_KERBEROS} != "no")
.ifdef AFS
DPADD+= ${LIBKAFS}
LDADD+= -lkafs
.endif

CPPFLAGS+=-DKERBEROS5 -I${DESTDIR}/usr/include/krb5
DPADD+=	${LIBKRB5} ${LIBASN1}
LDADD+= -lkrb5 -lasn1

.if (${USE_KERBEROS4} != "no")
CPPFLAGS+=-DKERBEROS -I${DESTDIR}/usr/include/kerberosIV
DPADD+=	${LIBKRB} ${LIBDES}
LDADD+= -lkrb -ldes
.endif

DPADD+=	${LIBCRYPTO} ${LIBROKEN} ${LIBCOM_ERR}
LDADD+=	-lcrypto -lroken -lcom_err
.endif


.if (${USE_SKEY} != "no")
CPPFLAGS+=-DSKEY
DPADD+= ${LIBSKEY}
LDADD+= -lskey
.endif

.ifdef SU_ROOTAUTH
CPPFLAGS+=-DSU_ROOTAUTH=\"${SU_ROOTAUTH}\"
.endif

.endif

.include <bsd.prog.mk>
:x 2005-01-12 04:45:31 +03:00			`# $NetBSD: Makefile,v 1.39 2005/01/12 01:45:32 christos Exp $`
Sync to 4.4BSD-Lite2 1997-01-09 14:43:05 +03:00			`# from: @(#)Makefile 8.1 (Berkeley) 7/19/93`
initial import of 386bsd-0.1 sources 1993-03-21 12:45:37 +03:00
Add MK... variables to enable/disable various aspects of building crypto support into the system. See share/mk/bsd.README for more a full description. 2000-06-23 10:01:10 +04:00			`.include <bsd.own.mk>`
:x 2005-01-12 04:45:31 +03:00			`MKPAM=yes`
Add MK... variables to enable/disable various aspects of building crypto support into the system. See share/mk/bsd.README for more a full description. 2000-06-23 10:01:10 +04:00
initial import of 386bsd-0.1 sources 1993-03-21 12:45:37 +03:00			`PROG= su`
			`BINOWN= root`
			`BINMODE=4555`
Restore su.c to version 1.58, plus minor prototyping. Split pam into su_pam.c, and turn it off by default in the Makefile until it is tested and actually works. The current pam version does not set ruid properly anymore. 2005-01-10 06:11:50 +03:00
			`.if ${MKPAM} != "no"`

			`CPPFLAGS+=-DUSE_PAM -DPAM_DEBUG`
			`# XXX: Need libcrypt here, because libcrypto defines it too.`
			`DPADD+= ${LIBPAM} ${LIBCRYPT} ${LIBUTIL}`
			`LDADD+= -lpam -lcrypt -lutil`
			`SRCS=su_pam.c`

			`.else`

			`SRCS=su.c`

LOGIN_CAP is mandatory for PAM. 2005-01-11 02:31:34 +03:00			`CPPFLAGS+=-DLOGIN_CAP`

Restore su.c to version 1.58, plus minor prototyping. Split pam into su_pam.c, and turn it off by default in the Makefile until it is tested and actually works. The current pam version does not set ruid properly anymore. 2005-01-10 06:11:50 +03:00			`DPADD+= ${LIBCRYPT} ${LIBUTIL}`
			`LDADD+= -lcrypt -lutil`
Fix PR/2837: su [login [args]] had the wrong usage and did not work properly. Build the correct argument list and add -c for the shells. Fix PR/2839: su will not build with Kerberos. - Also: -Don't coredump when $TERM is not set. -Add prototypes, remove local old style declarations of system functions. -Recognize shells that contain "csh" as being csh alike. -Don't build with SKEY unconditionally. Obey bsd.own.mk. 1996-10-13 03:54:38 +04:00
As per discussion with mrg, back out parts of previous change. The appropriate entry in /etc/group as returned by getgrnam() is used to determine if 'su root' may be permitted, rather than checking if membership exists in the result of getgroups(). The following changes were made regarding the behaviour of the special group for 'su root' * allow for definition of SUGROUP (defaults to "wheel") to override group name. * use getgrnam(SUGROUP) instead of getgrgid(0). * only scan getgrnam(SUGROUP)->gr_mem when checking for group membership. * be more specific as to why 'su root' failed NOTE: If a user's primary group is SUGROUP, and they're not a member of SUGROUP in /etc/group, they will not be able to su. 1997-07-02 09:42:11 +04:00			`# Uncomment the following line to change the group that may su root to "sugroup"`
			`#`
Normalize the program's compilation options so they are all of the form SU_ and document them. 2003-08-20 18:11:17 +04:00			`#CPPFLAGS+=-DSU_GROUP=\"sugroup\"`
As per discussion with mrg, back out parts of previous change. The appropriate entry in /etc/group as returned by getgrnam() is used to determine if 'su root' may be permitted, rather than checking if membership exists in the result of getgroups(). The following changes were made regarding the behaviour of the special group for 'su root' * allow for definition of SUGROUP (defaults to "wheel") to override group name. * use getgrnam(SUGROUP) instead of getgrgid(0). * only scan getgrnam(SUGROUP)->gr_mem when checking for group membership. * be more specific as to why 'su root' failed NOTE: If a user's primary group is SUGROUP, and they're not a member of SUGROUP in /etc/group, they will not be able to su. 1997-07-02 09:42:11 +04:00
SU_INDIRECT_GROUP should not be on by default. 2001-01-11 03:54:57 +03:00			`# Uncomment the following line to make su`
			`# treat group wheel (SUGROUP) and/or ROOTAUTH as an indirect`
If SU_INDIRECT_GROUP is defined (it is by default), then su will consider that SUGROUP and ROOTAUTH group contain the names of users and groups. If user is not found in the list check_ingroup() recurses on each member until either user is found or end of chain is reached. The above allows su's use of the wheel group to be extended to a large number of users without necessarily putting them in group wheel, and in a way that will work over NIS that simply extending the line length limit in getgrent.c cannot. 2001-01-11 00:33:13 +03:00			`# list of groups.`
SU_INDIRECT_GROUP should not be on by default. 2001-01-11 03:54:57 +03:00			`#CPPFLAGS+=-DSU_INDIRECT_GROUP`
If SU_INDIRECT_GROUP is defined (it is by default), then su will consider that SUGROUP and ROOTAUTH group contain the names of users and groups. If user is not found in the list check_ingroup() recurses on each member until either user is found or end of chain is reached. The above allows su's use of the wheel group to be extended to a large number of users without necessarily putting them in group wheel, and in a way that will work over NIS that simply extending the line length limit in getgrent.c cannot. 2001-01-11 00:33:13 +03:00
Fix the checkflist for builds without Kerberos 4 (MKKERBEROS4=no) and without Kerberos 4 & 5 (MKKERBEROS=no). Previously checkflist complained of missing files. * move kerberos- and kerberos 4-only files into new flists, distrib/sets/lists//krb. * make the flist generators grok MKKERBEROS{,4} variables * fix Makefiles which treat MKKERBEROS=no as MKKERBEROS5=no. 9 out of 10 experts agree that it is ludicrous to build w/ KERBEROS4 and w/o KERBEROS5. * fix header files, also, which treat MKKERBEROS=no as MKKERBEROS5=no. * omit some Kerberos-only subdirectories from the build as MKKERBEROS{,4} indicate (I acknowledge the sentiment that flists are the wrong way to go, and that the makefiles should produce the metalog directly. That sounds to me like the right way to go, but I am not prepared to do revamp all the makefiles. While my approach is expedient, it fits painlessly within the current build architecture until we are delivered from flist purgatory, and it does not postpone our delivery. Fair enough?) 2003-12-11 12:46:26 +03:00			`.if (${USE_KERBEROS} != "no")`
Merge a bunch of things from crypto-us and crypto-intl into basesrc, adding support for Heimdal/KTH Kerberos where easy to do so. Eliminate bsd.crypto.mk. There is still a bunch more work to do, but crypto is now more-or-less fully merged into the base NetBSD distribution. 2000-06-20 10:00:24 +04:00			`.ifdef AFS`
			`DPADD+= ${LIBKAFS}`
			`LDADD+= -lkafs`
Use bsd.crypto.mk. 1999-07-13 02:11:37 +04:00			`.endif`

add Kerberos5 support 2000-07-10 06:09:15 +04:00			`CPPFLAGS+=-DKERBEROS5 -I${DESTDIR}/usr/include/krb5`
add DPADD. 2002-10-23 05:25:35 +04:00			`DPADD+= ${LIBKRB5} ${LIBASN1}`
Fix library order. 2000-07-24 02:23:14 +04:00			`LDADD+= -lkrb5 -lasn1`
add Kerberos5 support 2000-07-10 06:09:15 +04:00
split MKKERBEROS4 from MKKERBEROS. based on work by lha at stacken.kth.se (build confirmed with both MKKERBEROS4=yes and MKKERBEROS4=no) 2003-07-23 12:01:24 +04:00			`.if (${USE_KERBEROS4} != "no")`
Merge a bunch of things from crypto-us and crypto-intl into basesrc, adding support for Heimdal/KTH Kerberos where easy to do so. Eliminate bsd.crypto.mk. There is still a bunch more work to do, but crypto is now more-or-less fully merged into the base NetBSD distribution. 2000-06-20 10:00:24 +04:00			`CPPFLAGS+=-DKERBEROS -I${DESTDIR}/usr/include/kerberosIV`
libkrb depends on libdes, patch in private mail from Harold Gutch logix at foobar franken de 2003-08-24 03:03:42 +04:00			`DPADD+= ${LIBKRB} ${LIBDES}`
			`LDADD+= -lkrb -ldes`
split MKKERBEROS4 from MKKERBEROS. based on work by lha at stacken.kth.se (build confirmed with both MKKERBEROS4=yes and MKKERBEROS4=no) 2003-07-23 12:01:24 +04:00			`.endif`
add Kerberos5 support 2000-07-10 06:09:15 +04:00
add DPADD. 2002-10-23 05:25:35 +04:00			`DPADD+= ${LIBCRYPTO} ${LIBROKEN} ${LIBCOM_ERR}`
remove -lvers, it's not used 2000-08-04 02:56:29 +04:00			`LDADD+= -lcrypto -lroken -lcom_err`
Add MK... variables to enable/disable various aspects of building crypto support into the system. See share/mk/bsd.README for more a full description. 2000-06-23 10:01:10 +04:00			`.endif`
Merge a bunch of things from crypto-us and crypto-intl into basesrc, adding support for Heimdal/KTH Kerberos where easy to do so. Eliminate bsd.crypto.mk. There is still a bunch more work to do, but crypto is now more-or-less fully merged into the base NetBSD distribution. 2000-06-20 10:00:24 +04:00
Fix PR/2837: su [login [args]] had the wrong usage and did not work properly. Build the correct argument list and add -c for the shells. Fix PR/2839: su will not build with Kerberos. - Also: -Don't coredump when $TERM is not set. -Add prototypes, remove local old style declarations of system functions. -Recognize shells that contain "csh" as being csh alike. -Don't build with SKEY unconditionally. Obey bsd.own.mk. 1996-10-13 03:54:38 +04:00
Split the notion of building Hesiod, Kerberos, S/key, and YP infrastructure and using that infrastructure in programs. * MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building of the infratsructure (libraries, support programs, etc.) * USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control building of support for using the corresponding API in various libraries/programs that can use it. As discussed on tech-toolchain. 2002-03-22 21:10:19 +03:00			`.if (${USE_SKEY} != "no")`
Make this compile without SKEY. 1997-10-12 16:54:20 +04:00			`CPPFLAGS+=-DSKEY`
			`DPADD+= ${LIBSKEY}`
			`LDADD+= -lskey`
Fix PR/2837: su [login [args]] had the wrong usage and did not work properly. Build the correct argument list and add -c for the shells. Fix PR/2839: su will not build with Kerberos. - Also: -Don't coredump when $TERM is not set. -Add prototypes, remove local old style declarations of system functions. -Recognize shells that contain "csh" as being csh alike. -Don't build with SKEY unconditionally. Obey bsd.own.mk. 1996-10-13 03:54:38 +04:00			`.endif`
Allow people in group wheel to use the ROOTAUTH group. Pick up SUROOTAUTH (presumably from /etc/mk.conf). 1999-07-12 03:41:10 +04:00
Normalize the program's compilation options so they are all of the form SU_ and document them. 2003-08-20 18:11:17 +04:00			`.ifdef SU_ROOTAUTH`
			`CPPFLAGS+=-DSU_ROOTAUTH=\"${SU_ROOTAUTH}\"`
Allow people in group wheel to use the ROOTAUTH group. Pick up SUROOTAUTH (presumably from /etc/mk.conf). 1999-07-12 03:41:10 +04:00			`.endif`
Add PAM support to su 2005-01-08 01:34:20 +03:00
			`.endif`
Restore su.c to version 1.58, plus minor prototyping. Split pam into su_pam.c, and turn it off by default in the Makefile until it is tested and actually works. The current pam version does not set ruid properly anymore. 2005-01-10 06:11:50 +03:00
			`.include <bsd.prog.mk>`