From e1e1d85b2df5389d4bff044b587cf0fa0adb2ff8 Mon Sep 17 00:00:00 2001
From: Kristian Amlie <kristian.amlie@cfengine.com>
Date: Thu, 7 Nov 2013 17:27:18 +0100
Subject: [PATCH] Made PAM detection more resilient, and catching some more
 errors.

Force PAM on platforms where it is known to exist, make it optional on
others. This also switches out the test for usermod tools with tests
for PAM instead.
---
 cf-agent/Makefile.am                          |  8 ++--
 ...verify_users_unix.c => verify_users_pam.c} |  0
 configure.ac                                  | 38 +++++++++++++++----
 configure_flags.env.in                        |  8 ++--
 4 files changed, 38 insertions(+), 16 deletions(-)
 rename cf-agent/{verify_users_unix.c => verify_users_pam.c} (100%)

diff --git a/cf-agent/Makefile.am b/cf-agent/Makefile.am
index 969a5509072..7dcdee17911 100644
--- a/cf-agent/Makefile.am
+++ b/cf-agent/Makefile.am
@@ -31,7 +31,8 @@ libcf_agent_la_LIBADD = ../libpromises/libpromises.la \
 	$(LIBVIRT_LIBS) \
 	$(POSTGRESQL_LIBS) \
 	$(MYSQL_LIBS) \
-	$(LIBXML2_LIBS)
+	$(LIBXML2_LIBS) \
+	$(PAM_LIBS)
 
 libcf_agent_la_SOURCES = \
         agent-diagnostics.c agent-diagnostics.h \
@@ -71,9 +72,8 @@ libcf_agent_la_SOURCES = \
 if !NT
 libcf_agent_la_SOURCES += nfs.c nfs.h
 
-if HAVE_USERPROGS
-  libcf_agent_la_SOURCES += verify_users_unix.c
-  libcf_agent_la_LIBADD += -lpam
+if HAVE_PAM
+  libcf_agent_la_SOURCES += verify_users_pam.c
 else
   libcf_agent_la_SOURCES += verify_users_stub.c
 endif
diff --git a/cf-agent/verify_users_unix.c b/cf-agent/verify_users_pam.c
similarity index 100%
rename from cf-agent/verify_users_unix.c
rename to cf-agent/verify_users_pam.c
diff --git a/configure.ac b/configure.ac
index fc8def345b0..66a2f6d5778 100755
--- a/configure.ac
+++ b/configure.ac
@@ -640,15 +640,37 @@ AS_IF([test "x$USERDEL" != "x"],
       [AC_DEFINE_UNQUOTED(USERDEL, ["$USERDEL"], [Path to userdel tool])]
      )
 
-dnl PAM is needed on systems where applicable
-if echo $target_os | grep -q 'gnu\|solaris\|aix\|hpux\|hp-ux'
-then
-  AC_CHECK_LIB(pam, pam_start, [], [AC_MSG_ERROR(Cannot find PAM library)])
-  AC_CHECK_HEADERS([security/pam_appl.h], [], [AC_MSG_ERROR(Cannot find PAM headers)])
-fi
+AS_IF([test "x$USERADD" != x && \
+       test "x$USERMOD" != x && test "x$USERDEL" != x],
+      [have_userprogs=yes],
+      [have_userprogs=no]
+)
+
+
+CF3_WITH_LIBRARY(pam, [
+  AC_CHECK_LIB(pam, pam_start)
+  AC_CHECK_HEADERS([security/pam_appl.h])
+])
+dnl These platforms must have pam, others can have it, but not required.
+AS_CASE([$target_os],
+        [*gnu*|*solaris*|*aix*|*hpux*|*hp-ux*], [
+            AS_IF([test "x$ac_cv_lib_pam_pam_start" != "xyes"],
+                  [AC_MSG_ERROR(Cannot find PAM library)]
+            )
+            AS_IF([test "x$ac_cv_header_security_pam_appl_h" != "xyes"],
+                  [AC_MSG_ERROR(Cannot find PAM headers)]
+        )]
+)
+AS_IF([test "x$ac_cv_lib_pam_pam_start" = "xyes" && \
+       test "x$ac_cv_header_security_pam_appl_h" = "xyes"],
+      [have_pam=yes],
+      [have_pam=no]
+)
+AM_CONDITIONAL(HAVE_PAM, [test "x$have_pam" = "xyes"])
 
-AM_CONDITIONAL(HAVE_USERPROGS, [test "x$USERADD" != x && \
-    test "x$USERMOD" != x && test "x$USERDEL" != x])
+AS_IF([test "x$have_pam" = "xyes" && test "x$have_userprogs" = "xno"],
+      [AC_MSG_ERROR([PAM library found, but useradd/usermod/userdel not found])]
+)
 
 AC_CHECK_DECLS(getnetgrent, [], [], [[#include <netdb.h>]])
 AC_CHECK_FUNCS(getnetgrent)
diff --git a/configure_flags.env.in b/configure_flags.env.in
index 68f6a328dac..3ba8604e127 100644
--- a/configure_flags.env.in
+++ b/configure_flags.env.in
@@ -3,10 +3,10 @@ CORE_CFLAGS="@CORE_CFLAGS@"
 CORE_LDFLAGS="@CORE_LDFLAGS@"
 CORE_LIBS="@CORE_LIBS@"
 
-AGENT_CPPFLAGS="@LIBVIRT_CPPFLAGS@ @POSTGRESQL_CPPFLAGS@ @MYSQL_CPPFLAGS@ @LIBXML2_CPPFLAGS@"
-AGENT_CFLAGS="@LIBVIRT_CFLAGS@ @POSTGRESQL_CFLAGS@ @MYSQL_CFLAGS@ @LIBXML2_CFLAGS@"
-AGENT_LDFLAGS="@LIBVIRT_LDFLAGS@ @POSTGRESQL_LDFLAGS@ @MYSQL_LDFLAGS@ @LIBXML2_LDFLAGS@"
-AGENT_LDADD="@LIBVIRT_LIBS@ @POSTGRESQL_LIBS@ @MYSQL_LIBS@ @LIBXML2_LIBS@"
+AGENT_CPPFLAGS="@LIBVIRT_CPPFLAGS@ @POSTGRESQL_CPPFLAGS@ @MYSQL_CPPFLAGS@ @LIBXML2_CPPFLAGS@ @PAM_CPPFLAGS@"
+AGENT_CFLAGS="@LIBVIRT_CFLAGS@ @POSTGRESQL_CFLAGS@ @MYSQL_CFLAGS@ @LIBXML2_CFLAGS@ @PAM_CFLAGS@"
+AGENT_LDFLAGS="@LIBVIRT_LDFLAGS@ @POSTGRESQL_LDFLAGS@ @MYSQL_LDFLAGS@ @LIBXML2_LDFLAGS@ @PAM_LDFLAGS@"
+AGENT_LDADD="@LIBVIRT_LIBS@ @POSTGRESQL_LIBS@ @MYSQL_LIBS@ @LIBXML2_LIBS@ @PAM_LIBS@"
 
 hw_cv_func_mkdir_proper="@hw_cv_func_mkdir_proper@"
 hw_cv_func_stat_proper="@hw_cv_func_stat_proper@"