diff --git a/security/sudo/Makefile b/security/sudo/Makefile index b8b0a5e34e377..dd158ce93c72c 100644 --- a/security/sudo/Makefile +++ b/security/sudo/Makefile @@ -16,79 +16,84 @@ USES= cpe libtool CPE_VENDOR= todd_miller USE_LDCONFIG= yes GNU_CONFIGURE= yes -LDFLAGS+= -lgcc - CONFIGURE_ARGS= --sysconfdir=${PREFIX}/etc \ - --with-ignore-dot \ - --with-tty-tickets \ --with-env-editor \ + --with-ignore-dot \ + --with-logfac=${LOGFAC} \ --with-logincap \ --with-long-otp-prompt \ - --with-rundir=/var/run/sudo + --with-rundir=/var/run/sudo \ + --with-tty-tickets +LDFLAGS+= -lgcc -OPTIONS_DEFINE= LDAP INSULTS DISABLE_ROOT_SUDO DISABLE_AUTH NOARGS_SHELL \ - AUDIT OPIE PAM PYTHON NLS SSSD DOCS EXAMPLES -OPTIONS_RADIO= KERBEROS +OPTIONS_DEFINE= AUDIT DISABLE_AUTH DISABLE_ROOT_SUDO DOCS EXAMPLES \ + INSULTS LDAP NLS NOARGS_SHELL OPIE PAM PYTHON SSSD OPTIONS_DEFAULT= AUDIT PAM -OPTIONS_SUB= yes +OPTIONS_RADIO= KERBEROS +OPTIONS_RADIO_KERBEROS= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +OPTIONS_SUB= yes -INSULTS_DESC= Enable insults on failures -DISABLE_ROOT_SUDO_DESC= Do not allow root to run sudo +AUDIT_DESC= Enable BSM audit support DISABLE_AUTH_DESC= Do not require authentication by default +DISABLE_ROOT_SUDO_DESC= Do not allow root to run sudo +INSULTS_DESC= Enable insults on failures +KERBEROS_DESC= Enable Kerberos 5 authentication (no PAM support) NOARGS_SHELL_DESC= Run a shell if no arguments are given -AUDIT_DESC= Enable BSM audit support -KERBEROS_DESC= Enable Kerberos 5 authentication (no PAM support) -OPIE_DESC= Enable one-time passwords (no PAM support) -PYTHON_DESC= Enable python plugin support -SSSD_DESC= Enable SSSD backend support. +OPIE_DESC= Enable one-time passwords (no PAM support) +PYTHON_DESC= Enable python plugin support +SSSD_DESC= Enable SSSD backend support. -PAM_PREVENTS= OPIE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT -PAM_PREVENTS_MSG= PAM cannot be combined with any other authentication plugin +AUDIT_CONFIGURE_WITH= bsm-audit -LOGFAC?= authpriv -CONFIGURE_ARGS+= --with-logfac=${LOGFAC} +DISABLE_AUTH_CONFIGURE_ON= --disable-authentication +DISABLE_ROOT_SUDO_CONFIGURE_ON= --disable-root-sudo -# This is intentionally not an option. -# SUDO_SECURE_PATH is a PATH string that will override the user's PATH. -# ex: make SUDO_SECURE_PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" -.if defined(SUDO_SECURE_PATH) -CONFIGURE_ARGS+= --with-secure-path="${SUDO_SECURE_PATH}" -.endif +GSSAPI_BASE_USES= gssapi +GSSAPI_BASE_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} +GSSAPI_HEIMDAL_USES= gssapi:heimdal +GSSAPI_HEIMDAL_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} +GSSAPI_MIT_USES= gssapi:mit +GSSAPI_MIT_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} -NLS_USES= gettext -NLS_CONFIGURE_ENABLE= nls -NLS_LDFLAGS= -L${LOCALBASE}/lib -lintl -NLS_CFLAGS= -I${LOCALBASE}/include +INSULTS_CONFIGURE_ON= --with-insults --with-all-insults -INSULTS_CONFIGURE_ON= --with-insults -INSULTS_CONFIGURE_ON+= --with-all-insults +LDAP_USES= ldap +LDAP_CONFIGURE_ON= --with-ldap=${PREFIX} \ + --with-ldap-conf-file=${PREFIX}/etc/${SUDO_LDAP_CONF} -LDAP_USES= ldap -LDAP_CONFIGURE_ON= --with-ldap=${PREFIX} -SUDO_LDAP_CONF?= ldap.conf -LDAP_CONFIGURE_ON+= --with-ldap-conf-file=${PREFIX}/etc/${SUDO_LDAP_CONF} +NLS_USES= gettext +NLS_CONFIGURE_ENABLE= nls +NLS_CFLAGS= -I${LOCALBASE}/include +NLS_LDFLAGS= -L${LOCALBASE}/lib -lintl -DISABLE_ROOT_SUDO_CONFIGURE_ON= --disable-root-sudo -DISABLE_AUTH_CONFIGURE_ON= --disable-authentication NOARGS_SHELL_CONFIGURE_ENABLE= noargs-shell -AUDIT_CONFIGURE_WITH= bsm-audit -PAM_CONFIGURE_ON= --with-pam + OPIE_CONFIGURE_ON= --with-opie -PYTHON_USES= python -PYTHON_CONFIGURE_ENABLE= python -SSSD_CONFIGURE_ON= --with-sssd + +PAM_PREVENTS= OPIE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +PAM_PREVENTS_MSG= PAM cannot be combined with any other authentication plugin +PAM_CONFIGURE_ON= --with-pam + +PYTHON_USES= python +PYTHON_CONFIGURE_ENABLE=python + SSSD_RUN_DEPENDS= sssd:security/sssd +SSSD_CONFIGURE_ON= --with-sssd + +LOGFAC?= authpriv +SUDO_LDAP_CONF?= ldap.conf + +# This is intentionally not an option. +# SUDO_SECURE_PATH is a PATH string that will override the user's PATH. +# ex: make SUDO_SECURE_PATH="/sbin:/bin:/usr/sbin:/usr/bin" +.if defined(SUDO_SECURE_PATH) +CONFIGURE_ARGS+= --with-secure-path="${SUDO_SECURE_PATH}" +.endif -OPTIONS_RADIO_KERBEROS= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT -GSSAPI_BASE_USES= gssapi -GSSAPI_BASE_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} -GSSAPI_HEIMDAL_USES= gssapi:heimdal -GSSAPI_HEIMDAL_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} -GSSAPI_MIT_USES= gssapi:mit -GSSAPI_MIT_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} # This is intentionally not an option. -# SUDO_KERB5_INSTANCE is an optional instance string that will be appended to kerberos -# principals when to perform authentication. Common choices are "admin" and "sudo". +# SUDO_KERB5_INSTANCE is an optional instance string that will be appended +# to kerberos principals when to perform authentication. Common choices +# are "admin" and "sudo". .if defined(SUDO_KERB5_INSTANCE) CONFIGURE_ARGS+= --enable-kerb5-instance="${SUDO_KERB5_INSTANCE}" .endif