Adding upstream version 1.9.13p3.upstream/1.9.13p3upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 4892 insertions, 0 deletions

diff --git a/configure.ac b/configure.ac
new file mode 100644
index 0000000..8bb5c07
--- /dev/null
+++ b/configure.ac
@@ -0,0 +1,4892 @@
+dnl
+dnl Use the top-level autogen.sh script to generate configure and config.h.in
+dnl
+dnl SPDX-License-Identifier: ISC
+dnl
+dnl Copyright (c) 1994-1996, 1998-2023 Todd C. Miller <Todd.Miller@sudo.ws>
+dnl
+dnl Permission to use, copy, modify, and distribute this software for any
+dnl purpose with or without fee is hereby granted, provided that the above
+dnl copyright notice and this permission notice appear in all copies.
+dnl
+dnl THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+dnl WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+dnl MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+dnl ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+dnl WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+dnl
+AC_PREREQ([2.69])
+AC_INIT([sudo], [1.9.13p3], [https://bugzilla.sudo.ws/], [sudo])
+AC_CONFIG_HEADERS([config.h pathnames.h])
+AC_CONFIG_SRCDIR([src/sudo.c])
+AC_CONFIG_AUX_DIR([scripts])
+dnl
+dnl Variables that get substituted in the Makefile and man pages
+dnl
+AC_SUBST([SHELL])
+AC_SUBST([LIBTOOL])
+AC_SUBST([CFLAGS])
+AC_SUBST([PROGS])
+AC_SUBST([CPPFLAGS])
+AC_SUBST([LDFLAGS])
+AC_SUBST([SUDO_LDFLAGS])
+AC_SUBST([SUDOERS_LDFLAGS])
+AC_SUBST([LIBUTIL_LDFLAGS])
+AC_SUBST([ZLIB_LDFLAGS])
+AC_SUBST([LT_LDFLAGS])
+AC_SUBST([LT_LDDEP])
+AC_SUBST([LT_LDEXPORTS])
+AC_SUBST([LT_STATIC])
+AC_SUBST([LT_DEP_LIBS])
+AC_SUBST([COMMON_OBJS])
+AC_SUBST([SUDOERS_LT_STATIC])
+AC_SUBST([SUDOERS_OBJS])
+AC_SUBST([SUDO_OBJS])
+AC_SUBST([LIBS])
+AC_SUBST([SUDO_LIBS])
+AC_SUBST([SUDOERS_LIBS])
+AC_SUBST([STATIC_SUDOERS])
+AC_SUBST([NET_LIBS])
+AC_SUBST([AFS_LIBS])
+AC_SUBST([REPLAY_LIBS])
+AC_SUBST([GETGROUPS_LIB])
+AC_SUBST([AUTH_OBJS])
+AC_SUBST([MANTYPE])
+AC_SUBST([MANDIRTYPE])
+AC_SUBST([MANCOMPRESS])
+AC_SUBST([MANCOMPRESSEXT])
+AC_SUBST([SHLIB_ENABLE])
+AC_SUBST([SHLIB_MODE])
+AC_SUBST([SUDOERS_MODE])
+AC_SUBST([SUDOERS_UID])
+AC_SUBST([SUDOERS_GID])
+AC_SUBST([DEVEL])
+AC_SUBST([EXAMPLES])
+AC_SUBST([BAMAN])
+AC_SUBST([LCMAN])
+AC_SUBST([PSMAN])
+AC_SUBST([SEMAN])
+AC_SUBST([AAMAN])
+AC_SUBST([devdir])
+AC_SUBST([mansectsu])
+AC_SUBST([mansectform])
+AC_SUBST([mansectmisc])
+AC_SUBST([INTERCEPTFILE])
+AC_SUBST([INTERCEPTDIR])
+AC_SUBST([intercept_file])
+AC_SUBST([NOEXECFILE])
+AC_SUBST([NOEXECDIR])
+AC_SUBST([noexec_file])
+AC_SUBST([sesh_file])
+AC_SUBST([INSTALL_BACKUP])
+AC_SUBST([INSTALL_INTERCEPT])
+AC_SUBST([INSTALL_NOEXEC])
+AC_SUBST([PRELOAD_MODULE])
+AC_SUBST([DONT_LEAK_PATH_INFO])
+AC_SUBST([BSDAUTH_USAGE])
+AC_SUBST([SELINUX_USAGE])
+AC_SUBST([LDAP])
+AC_SUBST([LOGINCAP_USAGE])
+AC_SUBST([ZLIB])
+AC_SUBST([ZLIB_SRC])
+AC_SUBST([LIBTOOL_DEPS])
+AC_SUBST([CONFIGURE_ARGS])
+AC_SUBST([LIBDL])
+AC_SUBST([LIBRT])
+AC_SUBST([LIBINTL])
+AC_SUBST([LIBCRYPTO])
+AC_SUBST([LIBMD])
+AC_SUBST([LIBTLS])
+AC_SUBST([LIBPTHREAD])
+AC_SUBST([SUDO_NLS])
+AC_SUBST([LOCALEDIR_SUFFIX])
+AC_SUBST([COMPAT_TEST_PROGS])
+AC_SUBST([SUDOERS_TEST_PROGS])
+AC_SUBST([CROSS_COMPILING])
+AC_SUBST([ASAN_LDFLAGS])
+AC_SUBST([ASAN_CFLAGS])
+AC_SUBST([PIE_LDFLAGS])
+AC_SUBST([PIE_CFLAGS])
+AC_SUBST([HARDENING_LDFLAGS])
+AC_SUBST([HARDENING_CFLAGS])
+AC_SUBST([INIT_SCRIPT])
+AC_SUBST([INIT_DIR])
+AC_SUBST([RC_LINK])
+AC_SUBST([COMPAT_EXP])
+AC_SUBST([TMPFILES_D])
+AC_SUBST([exampledir])
+AC_SUBST([DIGEST])
+AC_SUBST([devsearch])
+AC_SUBST([SIGNAME])
+AC_SUBST([PYTHON_PLUGIN])
+AC_SUBST([PYTHON_PLUGIN_SRC])
+AC_SUBST([LOGSRV])
+AC_SUBST([LOGSRV_SRC])
+AC_SUBST([LOGSRVD_SRC])
+AC_SUBST([LOGSRVD_CONF])
+AC_SUBST([LIBLOGSRV])
+AC_SUBST([PPFILES])
+AC_SUBST([FUZZ_ENGINE])
+AC_SUBST([FUZZ_LD])
+AC_SUBST([INTERCEPT_EXP])
+
+dnl
+dnl Variables that get substituted in docs (not overridden by environment)
+dnl
+AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR
+AC_SUBST([log_dir])dnl real initial value from SUDO_LOGDIR
+AC_SUBST([logpath])dnl real initial value from SUDO_LOGFILE
+AC_SUBST([relay_dir])dnl real initial value from SUDO_RELAY_DIR
+AC_SUBST([rundir])dnl real initial value from SUDO_RUNDIR
+AC_SUBST([vardir])dnl real initial value from SUDO_VARDIR
+AC_SUBST([timeout])
+AC_SUBST([password_timeout])
+AC_SUBST([sudo_umask])
+AC_SUBST([umask_override])
+AC_SUBST([passprompt])
+AC_SUBST([long_otp_prompt])
+AC_SUBST([lecture])
+AC_SUBST([logfac])
+AC_SUBST([goodpri])
+AC_SUBST([badpri])
+AC_SUBST([loglen])
+AC_SUBST([ignore_dot])
+AC_SUBST([mail_no_user])
+AC_SUBST([mail_no_host])
+AC_SUBST([mail_no_perms])
+AC_SUBST([mailto])
+AC_SUBST([mailsub])
+AC_SUBST([badpass_message])
+AC_SUBST([fqdn])
+AC_SUBST([runas_default])
+AC_SUBST([env_editor])
+AC_SUBST([env_reset])
+AC_SUBST([passwd_tries])
+AC_SUBST([timestamp_type])
+AC_SUBST([insults])
+AC_SUBST([root_sudo])
+AC_SUBST([path_info])
+AC_SUBST([ldap_conf])
+AC_SUBST([ldap_secret])
+AC_SUBST([sssd_lib])
+AC_SUBST([nsswitch_conf])
+AC_SUBST([netsvc_conf])
+AC_SUBST([secure_path])
+AC_SUBST([editor])
+AC_SUBST([pam_session])
+AC_SUBST([pam_login_service])
+AC_SUBST([plugindir])
+AC_SUBST([sudoers_plugin])
+AC_SUBST([python_plugin])
+#
+# Begin initial values for man page substitution
+#
+iolog_dir=/var/log/sudo-io
+log_dir=/var/log
+logpath=/var/log/sudo.log
+relay_dir=/var/log/sudo_logsrvd
+rundir=/var/run/sudo
+vardir=/var/adm/sudo
+timeout=5
+password_timeout=5
+sudo_umask=0022
+umask_override=off
+passprompt="Password: "
+long_otp_prompt=off
+lecture=once
+logfac=auth
+goodpri=notice
+badpri=alert
+loglen=80
+ignore_dot=off
+mail_no_user=on
+mail_no_host=off
+mail_no_perms=off
+mailto=root
+mailsub="*** SECURITY information for %h ***"
+badpass_message="Sorry, try again."
+fqdn=off
+runas_default=root
+env_editor=on
+env_reset=on
+editor=vi
+passwd_tries=3
+timestamp_type=tty
+insults=off
+root_sudo=on
+path_info=on
+ldap_conf=/etc/ldap.conf
+ldap_secret=/etc/ldap.secret
+netsvc_conf=/etc/netsvc.conf
+intercept_file="$libexecdir/sudo/sudo_intercept.so"
+noexec_file="$libexecdir/sudo/sudo_noexec.so"
+sesh_file="$libexecdir/sudo/sesh"
+nsswitch_conf=/etc/nsswitch.conf
+secure_path="not set"
+pam_session=on
+pam_login_service=sudo
+plugindir="$libexecdir/sudo"
+sudoers_plugin="sudoers.so"
+python_plugin="python_plugin.so"
+DIGEST=digest.lo
+devsearch="/dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev"
+#
+# End initial values for man page substitution
+#
+dnl
+dnl Initial values for Makefile variables listed above
+dnl May be overridden by environment variables..
+dnl
+INSTALL_BACKUP=
+INSTALL_INTERCEPT=
+INSTALL_NOEXEC=
+PRELOAD_MODULE=-module
+exampledir='$(docdir)/examples'
+devdir='$(srcdir)'
+PROGS="sudo"
+: ${MANDIRTYPE='man'}
+: ${SHLIB_MODE='0644'}
+: ${SUDOERS_MODE='0440'}
+: ${SUDOERS_UID='0'}
+: ${SUDOERS_GID='0'}
+DEVEL=
+LDAP="#"
+BAMAN=0
+LCMAN=0
+PSMAN=0
+SEMAN=0
+AAMAN=0
+LIBINTL=
+LIBCRYPTO=
+LIBMD=
+LIBTLS=
+ZLIB=
+ZLIB_SRC=
+AUTH_OBJS=
+AUTH_REG=
+AUTH_EXCL=
+AUTH_EXCL_DEF=
+AUTH_DEF=passwd
+SUDO_NLS=disabled
+LOCALEDIR_SUFFIX=
+LT_LDEXPORTS="-export-symbols \$(shlib_exp)"
+LT_LDDEP="\$(shlib_exp)"
+OS_INIT=os_init_common
+INIT_SCRIPT=
+INIT_DIR=
+RC_LINK=
+COMPAT_EXP=
+SIGNAME=
+FUZZ_ENGINE=
+FUZZ_LD='$(CC)'
+INTERCEPT_EXP=
+dnl
+dnl Other variables
+dnl
+WEAK_ALIAS=no
+CHECKSHADOW=true
+shadow_funcs=
+shadow_libs=
+TMPFILES_D=
+CONFIGURE_ARGS="$@"
+PYTHON_PLUGIN=#
+LOGSRVD=
+LOGSRVD_SRC=logsrvd
+LOGSRV_SRC=lib/logsrv
+LOGSRVD_CONF='sudo_logsrvd.conf'
+LIBLOGSRV='$(top_builddir)/lib/logsrv/liblogsrv.la $(top_builddir)/lib/protobuf-c/libprotobuf-c.la'
+PPFILES='$(srcdir)/etc/sudo.pp'
+
+dnl
+dnl LD_PRELOAD equivalents
+dnl
+RTLD_PRELOAD_VAR="LD_PRELOAD"
+RTLD_PRELOAD_ENABLE_VAR=
+RTLD_PRELOAD_DELIM=":"
+RTLD_PRELOAD_DEFAULT=
+
+dnl
+dnl libc replacement functions live in libsudo_util.a
+dnl
+AC_CONFIG_LIBOBJ_DIR(lib/util)
+
+dnl
+dnl We must call AC_USE_SYSTEM_EXTENSIONS before the compiler is run.
+dnl
+AC_USE_SYSTEM_EXTENSIONS
+
+#
+# Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir.
+# Starting with sudo 1.8.7, $libexecdir/sudo is used so strip
+# off an extraneous "/sudo" from libexecdir.
+#
+case "$libexecdir" in
+    */sudo)
+	AC_MSG_WARN([libexecdir should not include the "sudo" subdirectory])
+	libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'`
+	;;
+esac
+
+dnl
+dnl Deprecated --with options (these all warn or generate an error)
+dnl
+
+AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])],
+[case $with_otp_only in
+    yes)	with_passwd="no"
+		AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
+		;;
+esac])
+
+AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])],
+[case $with_alertmail in
+    *)		with_mailto="$with_alertmail"
+		AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
+		;;
+esac])
+
+AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [deprecated])],
+[case $with_pc_insults in
+    yes)	enable_offensive_insults=no
+		AC_MSG_NOTICE([--with-pc-insults option deprecated, it is now the default])
+		;;
+    no)		enable_offensive_insults=yes
+		AC_MSG_NOTICE([--without-pc-insults option deprecated, use --enable-offensive-insults])
+		;;
+esac])
+
+dnl
+dnl Options for --with
+dnl
+
+AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])],
+[case $with_devel in
+    yes)	AC_MSG_NOTICE([setting up for development: -Wall, flex, yacc])
+		AX_APPEND_FLAG([-DSUDO_DEVEL], [CPPFLAGS])
+		DEVEL="true"
+		devdir=.
+		;;
+    no)		;;
+    *)		AC_MSG_WARN([ignoring unknown argument to --with-devel: $with_devel])
+		;;
+esac])
+
+AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])],
+[case $with_CC in
+    *)		AC_MSG_ERROR([the --with-CC option is no longer supported, please pass CC=$with_CC to configure instead.])
+		;;
+esac])
+
+AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [deprecated, use --disable-rpath])],
+[AC_MSG_WARN([--with-rpath deprecated, rpath is now the default])])
+
+AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[[=PATH]]], [deprecated])],
+[AC_MSG_WARN([--with-blibpath deprecated, use --with-libpath])])
+
+dnl
+dnl Handle BSM auditing support.
+dnl
+AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])],
+[case $with_bsm_audit in
+    yes)	AC_DEFINE(HAVE_BSM_AUDIT)
+		SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm"
+		SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo"
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-bsm-audit does not take an argument.])
+		;;
+esac])
+
+dnl
+dnl Handle Linux auditing support.
+dnl
+AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])],
+[case $with_linux_audit in
+    yes)	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <libaudit.h>]], [[int i = AUDIT_USER_CMD; (void)i;]])], [
+		    AC_DEFINE(HAVE_LINUX_AUDIT)
+		    SUDO_LIBS="${SUDO_LIBS} -laudit"
+		    SUDOERS_LIBS="${SUDO_LIBS} -laudit"
+		    SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo"
+		], [
+		    AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit])
+		])
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-linux-audit does not take an argument.])
+		;;
+esac])
+
+dnl
+dnl Handle Solaris auditing support.
+dnl
+AC_ARG_WITH(solaris-audit, [AS_HELP_STRING([--with-solaris-audit], [enable Solaris audit support])],
+[case $with_solaris_audit in
+    yes)	AC_DEFINE(HAVE_SOLARIS_AUDIT)
+		SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm"
+		SUDOERS_OBJS="${SUDOERS_OBJS} solaris_audit.lo"
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-solaris-audit does not take an argument.])
+		;;
+esac])
+
+dnl
+dnl Handle SSSD support.
+dnl
+AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])],
+[case $with_sssd in
+    yes)	SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo"
+		case "$SUDOERS_OBJS" in
+		    *ldap_util.lo*) ;;
+		    *) SUDOERS_OBJS="${SUDOERS_OBJS} ldap_util.lo";;
+		esac
+		AC_DEFINE(HAVE_SSSD)
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-sssd does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(sssd-conf, [AS_HELP_STRING([--with-sssd-conf], [path to the SSSD config file])])
+sssd_conf="/etc/sssd/sssd.conf"
+test -n "$with_sssd_conf" && sssd_conf="$with_sssd_conf"
+SUDO_DEFINE_UNQUOTED(_PATH_SSSD_CONF, "$sssd_conf", [Path to the SSSD config file])
+
+AC_ARG_WITH(sssd-lib, [AS_HELP_STRING([--with-sssd-lib], [path to the SSSD library])])
+sssd_lib="\"LIBDIR\""
+test -n "$with_sssd_lib" && sssd_lib="$with_sssd_lib"
+SUDO_DEFINE_UNQUOTED(_PATH_SSSD_LIB, "$sssd_lib", [Path to the SSSD library])
+
+AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])],
+[case $with_incpath in
+    yes)	AC_MSG_ERROR([must give --with-incpath an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-incpath not supported.])
+		;;
+    *)		AC_MSG_NOTICE([adding ${with_incpath} to CPPFLAGS])
+		for i in ${with_incpath}; do
+		    AX_APPEND_FLAG([-I${i}], [CPPFLAGS])
+		done
+		;;
+esac])
+
+AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])],
+[case $with_libpath in
+    yes)	AC_MSG_ERROR([must give --with-libpath an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-libpath not supported.])
+		;;
+    *)		AC_MSG_NOTICE([adding ${with_libpath} to LDFLAGS])
+		;;
+esac])
+
+AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])],
+[case $with_libraries in
+    yes)	AC_MSG_ERROR([must give --with-libraries an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-libraries not supported.])
+		;;
+    *)		AC_MSG_NOTICE([adding ${with_libraries} to LIBS])
+		;;
+esac])
+
+AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])],
+[case $with_csops in
+    yes)	AC_MSG_NOTICE([adding CSOps standard options])
+		CHECKSIA=false
+		with_ignore_dot=yes
+		insults=on
+		with_classic_insults=yes
+		with_csops_insults=yes
+		with_env_editor=yes
+		: ${mansectsu='8'}
+		: ${mansectform='5'}
+		: ${mansectmisc='7'}
+		;;
+    no)		;;
+    *)		AC_MSG_WARN([ignoring unknown argument to --with-csops: $with_csops])
+		;;
+esac])
+
+AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
+[case $with_passwd in
+    yes|no)	AUTH_DEF=""
+		test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
+		;;
+    *)		AC_MSG_ERROR([sorry, --with-passwd does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[[=DIR]]], [enable S/Key support ])],
+[case $with_skey in
+    no)		;;
+    *)		AC_DEFINE(HAVE_SKEY)
+		AUTH_REG="$AUTH_REG S/Key"
+		;;
+esac])
+
+AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[[=DIR]]], [enable OPIE support ])],
+[case $with_opie in
+    no)		;;
+    *)		AC_DEFINE(HAVE_OPIE)
+		AUTH_REG="$AUTH_REG NRL_OPIE"
+		;;
+esac])
+
+AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])],
+[case $with_long_otp_prompt in
+    yes)	AC_DEFINE(LONG_OTP_PROMPT)
+		long_otp_prompt=on
+		;;
+    no)		long_otp_prompt=off
+		;;
+    *)		AC_MSG_ERROR([--with-long-otp-prompt does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])],
+[case $with_SecurID in
+    no)		;;
+    *)		AC_DEFINE(HAVE_SECURID)
+		AUTH_EXCL="$AUTH_EXCL SecurID"
+		;;
+esac])
+
+AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])],
+[case $with_fwtk in
+    no)		;;
+    *)		AC_DEFINE(HAVE_FWTK)
+		AUTH_EXCL="$AUTH_EXCL FWTK"
+		;;
+esac])
+
+AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])],
+[case $with_kerb5 in
+    no)		;;
+    *)		AUTH_REG="$AUTH_REG kerb5"
+		;;
+esac])
+
+AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])],
+[case $with_aixauth in
+    yes)	AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-aixauth does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])],
+[case $with_pam in
+    yes)	AUTH_EXCL="$AUTH_EXCL PAM";;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-pam does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])],
+[case $with_AFS in
+    yes)	AC_DEFINE(HAVE_AFS)
+		AUTH_REG="$AUTH_REG AFS"
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-AFS does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])],
+[case $with_DCE in
+    yes)	AC_DEFINE(HAVE_DCE)
+		AUTH_REG="$AUTH_REG DCE"
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-DCE does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])],
+[case $with_logincap in
+    yes|no)	;;
+    *)		AC_MSG_ERROR([--with-logincap does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])],
+[case $with_bsdauth in
+    yes)	AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-bsdauth does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])],
+[case $with_project in
+    yes|no)	;;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-project does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])],
+[case $with_lecture in
+    yes|short|always)	lecture=once
+			;;
+    no|none|never)	lecture=never
+			AC_DEFINE(NO_LECTURE)
+			;;
+    *)		AC_MSG_ERROR([unknown argument to --with-lecture: $with_lecture])
+		;;
+esac])
+
+AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])],
+[case $with_logging in
+    yes)	AC_MSG_ERROR([must give --with-logging an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-logging not supported.])
+		;;
+    syslog)	AC_DEFINE(LOGGING, SLOG_SYSLOG)
+		;;
+    file)	AC_DEFINE(LOGGING, SLOG_FILE)
+		;;
+    both)	AC_DEFINE(LOGGING, SLOG_BOTH)
+		;;
+    *)		AC_MSG_ERROR([unknown argument to --with-logging: $with_logging])
+		;;
+esac], [
+    with_logging=syslog
+    AC_DEFINE(LOGGING, SLOG_SYSLOG)
+])
+
+AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])],
+[case $with_logfac in
+    yes)	AC_MSG_ERROR([must give --with-logfac an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-logfac not supported.])
+		;;
+    authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7)		logfac=$with_logfac
+		;;
+    *)		AC_MSG_ERROR([$with_logfac is not a supported syslog facility.])
+		;;
+esac])
+
+AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])],
+[case $with_goodpri in
+    yes)	AC_MSG_ERROR([must give --with-goodpri an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-goodpri not supported.])
+		;;
+    alert|crit|debug|emerg|err|info|notice|warning)
+		goodpri=$with_goodpri
+		;;
+    *)		AC_MSG_ERROR([$with_goodpri is not a supported syslog priority.])
+		;;
+esac])
+AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
+
+AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])],
+[case $with_badpri in
+    yes)	AC_MSG_ERROR([must give --with-badpri an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-badpri not supported.])
+		;;
+    alert|crit|debug|emerg|err|info|notice|warning)
+		badpri=$with_badpri
+		;;
+    *)		AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
+		;;
+esac])
+AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
+
+AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])],
+[case $with_logpath in
+    yes)	AC_MSG_ERROR([must give --with-logpath an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-logpath not supported.])
+		;;
+esac])
+
+AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])],
+[case $with_loglen in
+    yes)	AC_MSG_ERROR([must give --with-loglen an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-loglen not supported.])
+		;;
+    [[0-9]]*)	loglen=$with_loglen
+		;;
+    *)		AC_MSG_ERROR([you must enter a number, not $with_loglen])
+		;;
+esac])
+AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
+
+AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])],
+[case $with_ignore_dot in
+    yes)	ignore_dot=on
+		AC_DEFINE(IGNORE_DOT_PATH)
+		;;
+    no)		ignore_dot=off
+		;;
+    *)		AC_MSG_ERROR([--with-ignore-dot does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])],
+[case $with_mail_if_no_user in
+    yes)	mail_no_user=on
+		;;
+    no)		mail_no_user=off
+		;;
+    *)		AC_MSG_ERROR([--with-mail-if-no-user does not take an argument.])
+		;;
+esac])
+AS_IF([test "$mail_no_user" = "on"], [AC_DEFINE(SEND_MAIL_WHEN_NO_USER)])
+
+AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])],
+[case $with_mail_if_no_host in
+    yes)	mail_no_host=on
+		AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
+		;;
+    no)		mail_no_host=off
+		;;
+    *)		AC_MSG_ERROR([--with-mail-if-no-host does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])],
+[case $with_mail_if_noperms in
+    yes)	mail_noperms=on
+		AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
+		;;
+    no)		mail_noperms=off
+		;;
+    *)		AC_MSG_ERROR([--with-mail-if-noperms does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])],
+[case $with_mailto in
+    yes)	AC_MSG_ERROR([must give --with-mailto an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-mailto not supported.])
+		;;
+    *)		mailto=$with_mailto
+		;;
+esac])
+AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
+
+AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])],
+[case $with_mailsubject in
+    yes)	AC_MSG_ERROR([must give --with-mailsubject an argument.])
+		;;
+    no)		AC_MSG_WARN([sorry, --without-mailsubject not supported.])
+		;;
+    *)		mailsub="$with_mailsubject"
+		;;
+esac])
+AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
+
+AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])],
+[case $with_passprompt in
+    yes)	AC_MSG_ERROR([must give --with-passprompt an argument.])
+		;;
+    no)		AC_MSG_WARN([sorry, --without-passprompt not supported.])
+		;;
+    *)		passprompt="$with_passprompt"
+esac])
+AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
+
+AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])],
+[case $with_badpass_message in
+    yes)	AC_MSG_ERROR([must give --with-badpass-message an argument.])
+		;;
+    no)		AC_MSG_WARN([sorry, --without-badpass-message not supported.])
+		;;
+    *)		badpass_message="$with_badpass_message"
+		;;
+esac])
+AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
+
+AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])],
+[case $with_fqdn in
+    yes)	fqdn=on
+		AC_DEFINE(FQDN)
+		;;
+    no)		fqdn=off
+		;;
+    *)		AC_MSG_ERROR([--with-fqdn does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir=DIR], [deprecated])],
+[case $with_timedir in
+    *)		AC_MSG_ERROR([--without-timedir no longer supported, see --with-rundir.])
+		;;
+esac])
+
+AC_ARG_WITH(rundir, [AS_HELP_STRING([--with-rundir=DIR], [directory for sudo-specific files that do not survive a system reboot, e.g. '/var/run/sudo'])],
+[case $with_rundir in
+    yes)	AC_MSG_ERROR([must give --with-rundir an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-rundir not supported.])
+		;;
+esac])
+
+AC_ARG_WITH(vardir, [AS_HELP_STRING([--with-vardir=DIR], [directory for sudo-specific files that survive a system reboot, e.g. '/var/db/sudo' or '/var/lib/sudo'])],
+[case $with_vardir in
+    yes)	AC_MSG_ERROR([must give --with-vardir an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-vardir not supported.])
+		;;
+esac])
+
+AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])],
+[case $with_iologdir in
+    yes)    ;;
+    no)     AC_MSG_ERROR([--without-iologdir not supported.])
+	    ;;
+esac])
+
+AC_ARG_WITH(relaydir, [AS_HELP_STRING([--with-relaydir=DIR], [directory to store sudo_logsrvd relay temporary files in])],
+[case $with_relaydir in
+    yes)    ;;
+    no)     AC_MSG_ERROR([--without-relaydir not supported.])
+	    ;;
+esac])
+
+AC_ARG_WITH(tzdir, [AS_HELP_STRING([--with-tzdir=DIR], [path to the time zone data directory])],
+[case $with_tzdir in
+    yes)	AC_MSG_ERROR([must give --with-tzdir an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail])
+AS_HELP_STRING([--without-sendmail], [do not send mail at all])],
+[case $with_sendmail in
+    yes)	with_sendmail=""
+		;;
+    no)		;;
+    *)		SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
+		;;
+esac])
+
+AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])],
+[case $with_sudoers_mode in
+    yes)	AC_MSG_ERROR([must give --with-sudoers-mode an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-sudoers-mode not supported.])
+		;;
+    [[1-9]]*)	SUDOERS_MODE=0${with_sudoers_mode}
+		;;
+    0*)		SUDOERS_MODE=$with_sudoers_mode
+		;;
+    *)		AC_MSG_ERROR([you must use an octal mode, not a name.])
+		;;
+esac])
+
+AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])],
+[case $with_sudoers_uid in
+    yes)	AC_MSG_ERROR([must give --with-sudoers-uid an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-sudoers-uid not supported.])
+		;;
+    [[0-9]]*)	SUDOERS_UID=$with_sudoers_uid
+		;;
+    *)		AC_MSG_ERROR([you must use an unsigned numeric uid, not a name.])
+		;;
+esac])
+
+AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])],
+[case $with_sudoers_gid in
+    yes)	AC_MSG_ERROR([must give --with-sudoers-gid an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-sudoers-gid not supported.])
+		;;
+    [[0-9]]*)	SUDOERS_GID=$with_sudoers_gid
+		;;
+    *)		AC_MSG_ERROR([you must use an unsigned numeric gid, not a name.])
+		;;
+esac])
+
+AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)])
+AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])],
+[case $with_umask in
+    yes)	AC_MSG_ERROR([must give --with-umask an argument.])
+		;;
+    no)		sudo_umask=0777
+		;;
+    [[0-9]]*)	sudo_umask=$with_umask
+		;;
+    *)		AC_MSG_ERROR([you must enter a numeric mask.])
+		;;
+esac])
+AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.])
+
+AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])],
+[case $with_umask_override in
+    yes)	AC_DEFINE(UMASK_OVERRIDE)
+		umask_override=on
+		;;
+    no)		umask_override=off
+		;;
+    *)		AC_MSG_ERROR([--with-umask-override does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])],
+[case $with_runas_default in
+    yes)	AC_MSG_ERROR([must give --with-runas-default an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-runas-default not supported.])
+		;;
+    *)		runas_default="$with_runas_default"
+		;;
+esac])
+AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
+
+AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])],
+[case $with_exempt in
+    yes)	AC_MSG_ERROR([must give --with-exempt an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-exempt not supported.])
+		;;
+    *)		AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
+		;;
+esac])
+
+AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])],
+[case $with_editor in
+    yes)	AC_MSG_ERROR([must give --with-editor an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-editor not supported.])
+		;;
+    *)		AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
+		editor="$with_editor"
+		;;
+esac], [AC_DEFINE(EDITOR, _PATH_VI)])
+
+AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])],
+[case $with_env_editor in
+    yes)	env_editor=on
+		;;
+    no)		env_editor=off
+		;;
+    *)		AC_MSG_ERROR([--with-env-editor does not take an argument.])
+		;;
+esac])
+AS_IF([test "$env_editor" = "on"], [AC_DEFINE(ENV_EDITOR)])
+
+AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])],
+[case $with_passwd_tries in
+    yes)	;;
+    no)		AC_MSG_ERROR([--without-editor not supported.])
+		;;
+    [[1-9]]*)	passwd_tries=$with_passwd_tries
+		;;
+    *)		AC_MSG_ERROR([you must enter the number of tries, > 0])
+		;;
+esac])
+AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
+
+AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])],
+[case $with_timeout in
+    yes)	;;
+    no)		timeout=0
+		;;
+    [[0-9]]*)	timeout=$with_timeout
+		;;
+    *)		AC_MSG_ERROR([you must enter the number of minutes.])
+		;;
+esac])
+AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
+
+AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])],
+[case $with_password_timeout in
+    yes)	;;
+    no)		password_timeout=0
+		;;
+    [[0-9]]*)	password_timeout=$with_password_timeout
+		;;
+    *)		AC_MSG_ERROR([you must enter the number of minutes.])
+		;;
+esac])
+AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
+
+AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])],
+[case $with_tty_tickets in
+    yes)	timestamp_type=tty
+		;;
+    no)		timestamp_type=global
+		;;
+    *)		AC_MSG_ERROR([--with-tty-tickets does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])],
+[case $with_insults in
+    yes)	insults=on
+		AC_DEFINE(USE_INSULTS)
+		with_classic_insults=yes
+		with_csops_insults=yes
+		;;
+    disabled)	insults=off
+		with_classic_insults=yes
+		with_csops_insults=yes
+		;;
+    no)		insults=off
+		;;
+    *)		AC_MSG_ERROR([--with-insults does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])],
+[case $with_all_insults in
+    yes)	with_classic_insults=yes
+		with_csops_insults=yes
+		with_hal_insults=yes
+		with_goons_insults=yes
+		with_python_insults=yes
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-all-insults does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])],
+[case $with_classic_insults in
+    yes)	AC_DEFINE(CLASSIC_INSULTS)
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-classic-insults does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])],
+[case $with_csops_insults in
+    yes)	AC_DEFINE(CSOPS_INSULTS)
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-csops-insults does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])],
+[case $with_hal_insults in
+    yes)	AC_DEFINE(HAL_INSULTS)
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-hal-insults does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])],
+[case $with_goons_insults in
+    yes)	AC_DEFINE(GOONS_INSULTS)
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-goons-insults does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(python-insults, [AS_HELP_STRING([--with-python-insults], [include the insults from "Monty Python's Flying Circus"])],
+[case $with_python_insults in
+    yes)	AC_DEFINE(PYTHON_INSULTS)
+        ;;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-python-insults does not take an argument.])
+        ;;
+esac])
+
+AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])],
+[case $with_nsswitch in
+    no)		;;
+    yes)	with_nsswitch="/etc/nsswitch.conf"
+		;;
+    *)		;;
+esac])
+
+AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])],
+[case $with_ldap in
+    no)		;;
+    *)		AC_DEFINE(HAVE_LDAP)
+		;;
+esac])
+
+AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])])
+test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file"
+SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file])
+
+AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])])
+test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
+SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file])
+
+AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])],
+[case $with_secure_path in
+    yes)	with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
+		AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
+		secure_path="set to $with_secure_path"
+		;;
+    no)		;;
+    *)		AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
+		secure_path="set to $with_secure_path"
+		;;
+esac])
+
+AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of network interfaces])],
+[case $with_interfaces in
+    yes)	;;
+    no)		AC_DEFINE(STUB_LOAD_INTERFACES)
+		;;
+    *)		AC_MSG_ERROR([--with-interfaces does not take an argument.])
+		;;
+esac])
+
+AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])],
+[case $with_askpass in
+    yes)	AC_MSG_ERROR([--with-askpass takes a path as an argument.])
+		;;
+    no)		;;
+    *)		;;
+esac], [
+    with_askpass=no
+])
+AS_IF([test X"$with_askpass" != X"no"], [
+    SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass")
+], [
+    SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, NULL)
+])
+
+AC_ARG_WITH(exampledir, [AS_HELP_STRING([--with-exampledir=DIR], [path to install sudo examples in])],
+[case $with_exampledir in
+    yes)	AC_MSG_ERROR([must give --with-exampledir an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-exampledir not supported.])
+		;;
+    *)		exampledir="$with_exampledir"
+esac])
+
+AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir=DIR], [set directory to load plugins from])],
+[case $with_plugindir in
+    yes)	AC_MSG_ERROR([must give --with-plugindir an argument.])
+		;;
+    no)		AC_MSG_ERROR([--without-plugindir not supported.])
+		;;
+    *)		plugindir="$with_plugindir"
+		;;
+esac])
+
+AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])],
+[case $with_man in
+    yes)	MANTYPE=man
+		;;
+    no)		AC_MSG_ERROR([--without-man not supported.])
+		;;
+    *)		AC_MSG_WARN([ignoring unknown argument to --with-man: $with_man.])
+		;;
+esac])
+
+AC_ARG_WITH(mdoc, [AS_HELP_STRING([--with-mdoc], [manual pages use mdoc macros])],
+[case $with_mdoc in
+    yes)	MANTYPE=mdoc
+		;;
+    no)		AC_MSG_ERROR([--without-mdoc not supported.])
+		;;
+    *)		AC_MSG_WARN([ignoring unknown argument to --with-mdoc: $with_mdoc.])
+		;;
+esac])
+
+dnl
+dnl Options for --enable
+dnl
+
+AC_ARG_ENABLE(authentication,
+[AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])],
+[ case "$enableval" in
+    yes)	;;
+    no)		AC_DEFINE(NO_AUTHENTICATION)
+		;;
+    *)		AC_MSG_WARN([ignoring unknown argument to --enable-authentication: $enableval])
+		;;
+  esac
+])
+
+AC_ARG_ENABLE(root-mailer,
+[AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])],
+[ case "$enableval" in
+    yes)	;;
+    no)		AC_DEFINE(NO_ROOT_MAILER)
+		;;
+    *)		AC_MSG_WARN([ignoring unknown argument to --enable-root-mailer: $enableval])
+		;;
+  esac
+])
+
+AC_ARG_ENABLE(setreuid,
+[AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])],
+[ case "$enableval" in
+    no)		SKIP_SETREUID=yes
+		;;
+    *)		;;
+  esac
+])
+
+AC_ARG_ENABLE(setresuid,
+[AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])],
+[ case "$enableval" in
+    no)		SKIP_SETRESUID=yes
+		;;
+    *)		;;
+  esac
+])
+
+AC_ARG_ENABLE(shadow,
+[AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])],
+[ case "$enableval" in
+    yes)	;;
+    no)		CHECKSHADOW="false"
+		;;
+    *)		AC_MSG_WARN([ignoring unknown argument to --enable-shadow: $enableval])
+		;;
+  esac
+])
+
+AC_ARG_ENABLE(root-sudo,
+[AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])],
+[ case "$enableval" in
+    yes)	;;
+    no)		AC_DEFINE(NO_ROOT_SUDO)
+		root_sudo=off
+		;;
+    *)		AC_MSG_ERROR([--enable-root-sudo does not take an argument.])
+		;;
+  esac
+])
+
+AC_ARG_ENABLE(log-host,
+[AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])],
+[ case "$enableval" in
+    yes)	AC_DEFINE(HOST_IN_LOG)
+		;;
+    no)		;;
+    *)		AC_MSG_WARN([ignoring unknown argument to --enable-log-host: $enableval])
+		;;
+  esac
+])
+
+AC_ARG_ENABLE(noargs-shell,
+[AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])],
+[ case "$enableval" in
+    yes)	AC_DEFINE(SHELL_IF_NO_ARGS)
+		;;
+    no)		;;
+    *)		AC_MSG_WARN([ignoring unknown argument to --enable-noargs-shell: $enableval])
+		;;
+  esac
+])
+
+AC_ARG_ENABLE(shell-sets-home,
+[AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])],
+[ case "$enableval" in
+    yes)	AC_DEFINE(SHELL_SETS_HOME)
+		;;
+    no)		;;
+    *)		AC_MSG_WARN([ignoring unknown argument to --enable-shell-sets-home: $enableval])
+		;;
+  esac
+])
+
+AC_ARG_ENABLE(path_info,
+[AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])],
+[ case "$enableval" in
+    yes)	;;
+    no)		AC_DEFINE(DONT_LEAK_PATH_INFO)
+		path_info=off
+		;;
+    *)		AC_MSG_WARN([ignoring unknown argument to --enable-path-info: $enableval])
+		;;
+  esac
+])
+
+AC_ARG_ENABLE(env_debug,
+[AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])],
+[ case "$enableval" in
+    yes)	AC_DEFINE(ENV_DEBUG)
+		;;
+    no)		;;
+    *)		AC_MSG_WARN([ignoring unknown argument to --enable-env-debug: $enableval])
+		;;
+  esac
+])
+
+AC_ARG_ENABLE(zlib,
+[AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])],
+[], [enable_zlib=yes])
+AX_APPEND_FLAG([-DZLIB_CONST], [CPPFLAGS])
+
+AC_ARG_ENABLE(env_reset,
+[AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])],
+[ case "$enableval" in
+    yes)	env_reset=on
+		;;
+    no)		env_reset=off
+		;;
+    *)		env_reset=on
+    		AC_MSG_WARN([ignoring unknown argument to --enable-env-reset: $enableval])
+		;;
+  esac
+])
+AS_IF([test "$env_reset" = "on"], [
+    AC_DEFINE(ENV_RESET, 1)
+], [
+    AC_DEFINE(ENV_RESET, 0)
+])
+
+AC_ARG_ENABLE(warnings,
+[AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])],
+[ case "$enableval" in
+    yes)    ;;
+    no)	    ;;
+    *)	    AC_MSG_WARN([ignoring unknown argument to --enable-warnings: $enableval])
+	    ;;
+  esac
+])
+
+AC_ARG_ENABLE(werror,
+[AS_HELP_STRING([--enable-werror], [Whether to enable the -Werror compiler option])],
+[ case "$enableval" in
+    yes)    ;;
+    no)	    ;;
+    *)	    AC_MSG_WARN([ignoring unknown argument to --enable-werror: $enableval])
+	    ;;
+  esac
+])
+
+AC_ARG_ENABLE(ssp,
+[AS_HELP_STRING([--disable-ssp], [Do not compile using the -fstack-protector option.])],
+[], [enable_ssp=yes])
+
+AC_ARG_ENABLE(hardening,
+[AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])],
+[], [enable_hardening=yes])
+
+AC_ARG_ENABLE(pie,
+[AS_HELP_STRING([--enable-pie], [Build sudo as a position independent executable.])])
+
+AC_ARG_ENABLE(sanitizer,
+[AS_HELP_STRING([--enable-sanitizer], [Build sudo with sanitizer support.])], [
+    AS_IF([test X"$enable_sanitizer" = X"yes"], [
+	enable_sanitizer="-fsanitize=address,undefined"
+    ])
+], [enable_sanitizer=no])
+
+AC_ARG_ENABLE(fuzzer,
+[AS_HELP_STRING([--enable-fuzzer], [Build sudo with LLVM libFuzzer support.])],
+[], [enable_fuzzer=no])
+
+AC_ARG_ENABLE(fuzzer-engine,
+[AS_HELP_STRING([--enable-fuzzer-engine], [Link fuzz targets with the specified fuzzer engine instead of the default.])],
+[ case "$enableval" in
+    yes)    AC_MSG_ERROR([must give --enable-fuzzer-engine an argument.])
+	    ;;
+    no)	    ;;
+    *)	    FUZZ_ENGINE="$enableval"
+	    ;;
+  esac
+])
+
+AC_ARG_ENABLE(fuzzer-linker,
+[AS_HELP_STRING([--enable-fuzzer-linker], [Use the specified linker when building fuzz targets instead of the default C compiler.])],
+[ case "$enableval" in
+    yes)    AC_MSG_ERROR([must give --enable-fuzzer-linker an argument.])
+	    ;;
+    no)	    ;;
+    *)	    FUZZ_LD="$enableval"
+	    ;;
+  esac
+])
+
+AC_ARG_ENABLE(leaks,
+[AS_HELP_STRING([--disable-leaks], [Prevent some harmless memory leaks.])],
+[ case "$enableval" in
+    yes)    ;;
+    no)	    AC_DEFINE(NO_LEAKS)
+	    ;;
+    *)	    AC_MSG_WARN([ignoring unknown argument to --disable-leaks: $enableval])
+	    ;;
+  esac
+])
+
+AC_ARG_ENABLE(poll,
+[AS_HELP_STRING([--disable-poll], [Use select() instead of poll().])])
+
+AC_ARG_ENABLE(admin-flag,
+[AS_HELP_STRING([--enable-admin-flag[[=PATH]]], [Whether to create a Ubuntu-style admin flag file])],
+[ case "$enableval" in
+    yes)    SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ADMIN_FLAG, "~/.sudo_as_admin_successful")
+	    ;;
+    no)	    ;;
+    *)	    SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ADMIN_FLAG, "$enableval")
+	    ;;
+  esac
+])
+
+AC_ARG_ENABLE(nls,
+[AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])],
+[], [enable_nls=yes])
+
+AC_ARG_ENABLE(rpath,
+[AS_HELP_STRING([--disable-rpath], [Disable passing of -Rpath to the linker])],
+[], [enable_rpath=yes])
+
+AC_ARG_ENABLE(static-sudoers,
+[AS_HELP_STRING([--enable-static-sudoers], [Build the sudoers policy module as part of the sudo binary instead as a plugin])],
+[], [enable_static_sudoers=no])
+
+AC_ARG_ENABLE(shared_libutil,
+[AS_HELP_STRING([--disable-shared-libutil], [Disable use of the libsudo_util shared library.])],
+[], [enable_shared_libutil=yes])
+
+AC_ARG_ENABLE(tmpfiles.d,
+[AS_HELP_STRING([--enable-tmpfiles.d=DIR], [Set the path to the systemd tmpfiles.d directory.])],
+[case $enableval in
+    yes)	TMPFILES_D=/usr/lib/tmpfiles.d
+		;;
+    no)		TMPFILES_D=
+		;;
+    *)		TMPFILES_D="$enableval"
+esac], [
+    test -f /usr/lib/tmpfiles.d/systemd.conf && TMPFILES_D=/usr/lib/tmpfiles.d
+])
+
+AC_ARG_ENABLE(devsearch,
+[AS_HELP_STRING([--enable-devsearch=PATH], [The colon-delimited path to search for device nodes when determining the tty name.])],
+[case $enableval in
+    yes)	# use default value
+		;;
+    no)		AC_MSG_WARN([ignoring attempt to disable the device search path])
+		;;
+    *)		devsearch="$enableval"
+		;;
+esac])
+ds="`echo \"$devsearch\"|sed 's@/dev/*\([[^:]]*:*\)@_PATH_DEV \"\1\" @g'`"
+SUDO_DEFINE_UNQUOTED(_PATH_SUDO_DEVSEARCH, $ds)
+
+AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
+[case $with_selinux in
+    yes)	SELINUX_USAGE="[[-r role]] [[-t type]] "
+    		AC_DEFINE(HAVE_SELINUX)
+		SUDO_LIBS="${SUDO_LIBS} -lselinux"
+		SUDO_OBJS="${SUDO_OBJS} selinux.o"
+		PROGS="${PROGS} sesh"
+		SEMAN=1
+		AC_CHECK_LIB([selinux], [setkeycreatecon],
+		    [AC_DEFINE(HAVE_SETKEYCREATECON)])
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR([--with-selinux does not take an argument.])
+		;;
+esac], [with_selinux=no])
+
+AC_ARG_WITH(apparmor, [AS_HELP_STRING([--with-apparmor], [enable AppArmor support])],
+[case $with_apparmor in
+    yes)        AC_DEFINE(HAVE_APPARMOR)
+                AAMAN=1
+		SUDO_LIBS="${SUDO_LIBS} -lapparmor"
+                SUDO_OBJS="${SUDO_OBJS} apparmor.o"
+                ;;
+    no)         ;;
+    *)          AC_MSG_ERROR([--with-apparmor does not take an argument.])
+
+esac], [with_apparmor=no])
+
+AC_ARG_ENABLE(sasl,
+[AS_HELP_STRING([--enable-sasl], [Enable/disable LDAP SASL support])],
+[ case "$enableval" in
+    yes|no) ;;
+    *)	    AC_MSG_WARN([ignoring unknown argument to --enable-sasl: $enableval])
+	    ;;
+  esac
+])
+
+AC_ARG_ENABLE(timestamp-type,
+[AS_HELP_STRING([--timestamp-type=TYPE], [Set the default time stamp record type to global, ppid or tty.])],
+[ case "$enableval" in
+    global|ppid|tty)
+	    timestamp_type=$enableval
+	    ;;
+    *)	    AC_MSG_WARN([ignoring unknown argument to --enable-timestamp-type: $enableval])
+	    ;;
+  esac
+])
+AC_DEFINE_UNQUOTED(TIMESTAMP_TYPE, $timestamp_type)
+
+AC_ARG_ENABLE(offensive_insults,
+[AS_HELP_STRING([--enable-offensive-insults], [Enable potentially offensive sudo insults.])],
+[], [enable_offensive_insults=no])
+AS_IF([test "$enable_offensive_insults" = "yes"], [AC_DEFINE(OFFENSIVE_INSULTS)])
+
+AC_ARG_ENABLE(package_build,
+[AS_HELP_STRING([--enable-package-build], [Enable options for package building.])],
+[], [enable_package_build=no])
+
+dnl
+dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
+dnl
+AC_ARG_ENABLE(gss_krb5_ccache_name,
+[AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])],
+[check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no])
+
+AC_ARG_ENABLE(pvs-studio,
+[AS_HELP_STRING([--enable-pvs-studio], [Create a PVS-Studio.cfg file.])])
+
+AC_ARG_ENABLE(log-server,
+[AS_HELP_STRING([--disable-log-server], [Disable building the sudo_logsrvd log server.])],
+[ case "$enableval" in
+    yes)
+	    ;;
+    no)
+	    LOGSRV=#
+	    LOGSRVD_SRC=
+	    LOGSRVD_CONF=
+	    ;;
+    *)	    AC_MSG_WARN([ignoring unknown argument to --enable-log-server: $enableval])
+	    ;;
+  esac
+])
+
+AC_ARG_ENABLE(log-client,
+[AS_HELP_STRING([--disable-log-client], [Disable sudoers support for using the sudo_logsrvd log server.])],
+[ case "$enableval" in
+    yes)
+	    AC_DEFINE([SUDOERS_LOG_CLIENT])
+	    ;;
+    no)
+	    ;;
+    *)	    AC_MSG_WARN([ignoring unknown argument to --enable-log-client: $enableval])
+	    ;;
+  esac
+], [AC_DEFINE([SUDOERS_LOG_CLIENT])])
+
+AS_IF([test X"${enable_log_client}${enable_log_server}" = X"nono"], [
+    # No need for liblogsrv.la
+    LOGSRV_SRC=
+    LIBLOGSRV=
+])
+AS_IF([test X"$LOGSRVD_SRC" != X""], [
+    PPFILES="$PPFILES "'$(srcdir)/etc/sudo-logsrvd.pp'
+])
+
+dnl
+dnl Do OpenSSL / wolfSSL / gcrypt after logsrv options
+dnl
+AC_ARG_ENABLE(openssl,
+[AS_HELP_STRING([--enable-openssl], [Use OpenSSL's TLS and sha2 functions])],
+[], [
+    # Enable OpenSSL by default unless logsrvd and client are disabled
+    AS_IF([test X"${enable_log_client}${enable_log_server}" != X"nono"], [
+	enable_openssl=maybe
+    ])
+])
+AC_ARG_ENABLE(openssl-pkgconfig-template,
+[AS_HELP_STRING([--enable-openssl-pkgconfig-template], [A printf format string used to construct the OpenSSL pkg-config name])],
+[], [enable_openssl_pkgconfig_template="%s"])
+
+AC_ARG_ENABLE(wolfssl,
+[AS_HELP_STRING([--enable-wolfssl], [Use wolfSSL's TLS and sha2 functions])], [
+    enable_openssl=no
+])
+
+AC_ARG_ENABLE(gcrypt,
+[AS_HELP_STRING([--enable-gcrypt], [Use GNU crypt's sha2 functions])], [
+    AS_IF([test "${enable_openssl-no}${enable_wolfssl-no}" != "nono"], [
+	AC_MSG_WARN([ignoring --enable-gcrypt when OpenSSL or wolfSSL is enabled.])
+	enable_gcrypt=no
+    ])
+])
+
+AC_ARG_ENABLE(python,
+[AS_HELP_STRING([--enable-python], [Compile python plugin support])],
+[ case "$enableval" in
+    yes|no)
+	;;
+    *) AC_MSG_WARN([ignoring unknown argument to --enable-python: $enableval])
+	;;
+  esac
+])
+
+dnl
+dnl C compiler checks
+dnl
+AC_PROG_CPP
+AC_CHECK_TOOL(AR, ar, false)
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+AS_IF([test X"$AR" = X"false"], [
+    AC_MSG_ERROR([the "ar" utility is required to build sudo])
+])
+AX_PROG_CC_FOR_BUILD
+
+AS_IF([test "x$ac_cv_prog_cc_c89" = "xno"], [
+    AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.])
+])
+
+dnl
+dnl If the user specified --disable-static, override them or we'll
+dnl be unable to build the executables in the sudoers plugin dir.
+dnl
+AS_IF([test "$enable_static" = "no"], [
+    AC_MSG_WARN([ignoring --disable-static, sudo does not install static libs])
+    enable_static=yes
+])
+
+dnl
+dnl Set host variables and m4 macro dir
+dnl
+AC_CANONICAL_HOST
+AC_CONFIG_MACRO_DIR([m4])
+
+dnl
+dnl Relies on CC host being set
+dnl
+SUDO_PVS_STUDIO_CFG
+
+dnl
+dnl On HP-UX 11.11 and higher we prefer dlopen() over shl_load().
+dnl Libtool defaults to shl_load() so we need to prime the cache
+dnl to override that default.
+dnl
+case "$host_os" in
+hpux11.1[[1-9]]|hpux11.[[2-9]][[0-9]]|hpux1[[2-9]].*)
+    # Prefer dlopen() over shl_load()
+    : ${ac_cv_func_shl_load='no'}
+    : ${ac_cv_lib_dld_shl_load='no'}
+    ;;
+esac
+
+dnl
+dnl Libtool init, we require libtool 2.2.6b or higher
+dnl
+LT_PREREQ([2.2.6b])
+LT_INIT([dlopen])
+
+dnl
+dnl AIX supports two distinct flavors of shared libraries.
+dnl Traditional AIX shared libs are .a files with a .so inside.
+dnl AIX SVR4-style shared libs are plain .so files.  The --with-aix-soname
+dnl option can be used to select the type.  We need to set the default
+dnl values to match.  This must come after the LT_INIT() call.
+dnl
+case "$host_os" in
+aix*)
+    AS_IF([test X"$aix_use_runtimelinking" != X"yes"], [
+	# Using traditional AIX dynamic shared objects in an archive file.
+	noexec_file="$libexecdir/sudo/sudo_noexec.a(sudo_noexec.so)"
+	intercept_file="$libexecdir/sudo/sudo_intercept.a(sudo_intercept.so)"
+	sudoers_plugin="sudoers.a(sudoers.so)"
+	python_plugin="python_plugin.a(python_plugin.so)"
+    ])
+    ;;
+esac
+SUDO_DEFINE_UNQUOTED([_PATH_SUDOERS_PLUGIN], ["$sudoers_plugin"])
+
+dnl
+dnl Allow the user to specify an alternate libtool.
+dnl XXX - should be able to skip LT_INIT if we are using a different libtool
+dnl
+AC_ARG_WITH(libtool, [AS_HELP_STRING([--with-libtool=PATH], [specify path to libtool])],
+[case $with_libtool in
+    yes|builtin) ;;
+    no)		AC_MSG_ERROR([--without-libtool not supported.])
+		;;
+    system)	LIBTOOL=libtool
+		;;
+    *)		LIBTOOL="$with_libtool"
+		;;
+esac])
+
+dnl
+dnl Defer enable_intercept and with_noexec until after libtool magic runs
+dnl
+AS_IF([test "$enable_shared" = "no"], [
+    enable_intercept=no
+    with_noexec=no
+    enable_dlopen=no
+    lt_cv_dlopen=none
+    lt_cv_dlopen_libs=
+    ac_cv_func_dlopen=no
+    LT_LDFLAGS=-static
+])
+LIBDL="$lt_cv_dlopen_libs"
+SHLIB_ENABLE="$enable_dlopen"
+
+AC_ARG_ENABLE(intercept,
+[AS_HELP_STRING([--enable-intercept], [fully qualified pathname of sudo_intercept.so])],
+[ case "$enableval" in
+    yes)	;;
+    no)		;;
+    *)		intercept_file="$enableval"
+		;;
+  esac
+], [enable_intercept="$intercept_file"])
+INTERCEPTFILE="sudo_intercept.so"
+INTERCEPTDIR="`echo $intercept_file|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`"
+
+AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[[=PATH]]], [fully qualified pathname of sudo_noexec.so])],
+[case $with_noexec in
+    yes)	;;
+    no)		;;
+    *)		noexec_file="$with_noexec"
+		;;
+esac], [with_noexec="$noexec_file"])
+NOEXECFILE="sudo_noexec.so"
+NOEXECDIR="`echo $noexec_file|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`"
+
+dnl
+dnl Find programs we use
+dnl
+AC_PATH_PROG(SHA1SUM, [sha1sum], [openssl dgst -sha1])
+AC_PATH_PROG(UNAMEPROG, [uname], [uname])
+AC_PATH_PROG(TRPROG, [tr], [tr])
+AC_CACHE_CHECK([for mandoc or nroff], [ac_cv_path_NROFF], [
+    AC_PATH_PROGS_FEATURE_CHECK([NROFF], [mandoc nroff], [ac_cv_path_NROFF="$ac_path_NROFF"], [ac_cv_path_NROFF=no])
+])
+case "$ac_cv_path_NROFF" in
+*mandoc|no)
+    # Prefer mdoc format for mandoc (or when no formatter is present).
+    : ${MANTYPE='mdoc'}
+    ;;
+*)
+    # Check whether nroff supports -mdoc, this may produce incorrect
+    # results when cross-compiling.
+    test -n "$MANTYPE" && sudo_cv_var_mantype="$MANTYPE"
+    AC_CACHE_CHECK([which macro set to use for manual pages],
+	[sudo_cv_var_mantype],
+	[
+	    sudo_cv_var_mantype="man"
+	    echo ".Sh NAME" > conftest
+	    echo ".Nm sudo" >> conftest
+	    echo ".Nd sudo" >> conftest
+	    echo ".Sh DESCRIPTION" >> conftest
+	    echo "sudo" >> conftest
+	    if $ac_cv_path_NROFF -mdoc conftest >/dev/null 2>&1; then
+		sudo_cv_var_mantype="mdoc"
+	    fi
+	    rm -f conftest
+	]
+    )
+    MANTYPE="$sudo_cv_var_mantype"
+    ;;
+esac
+
+dnl
+dnl If a config.cache exists make sure it matches the current host.
+dnl
+AS_IF([test -n "$sudo_cv_prev_host"], [
+    AS_IF([test "$sudo_cv_prev_host" != "$host"], [
+	AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
+    ])
+])
+sudo_cv_prev_host="$host"
+
+dnl
+dnl We want to be able to differentiate between different rev's
+dnl
+AS_IF([test -n "$host_os"], [
+    OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
+    OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
+], [
+    OSREV=0
+    OSMAJOR=0
+])
+
+case "$host" in
+    *-*-solaris2*)
+		AC_DEFINE([PAM_SUN_CODEBASE])
+
+		# LD_PRELOAD is space-delimited
+		RTLD_PRELOAD_DELIM=" "
+
+		# illumos has a broken fmemopen(3)
+		if test X"`uname -o 2>/dev/null`" = X"illumos"; then
+		    : ${ac_cv_func_fmemopen='no'}
+		fi
+
+		# Solaris-specific initialization
+		OS_INIT=os_init_solaris
+		SUDO_OBJS="${SUDO_OBJS} solaris.o"
+
+		# AFS support needs -lucb
+		AS_IF([test "$with_AFS" = "yes"], [
+		    AFS_LIBS="-lc -lucb"
+		])
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${mansectmisc='5'}
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		AC_CHECK_FUNCS([priv_set], [PSMAN=1])
+		;;
+    *-*-aix*)
+		AC_DEFINE([PAM_SUN_CODEBASE])
+
+		# To get all prototypes (so we pass -Wall)
+		AC_DEFINE([_LINUX_SOURCE_COMPAT])
+
+		# For AIX we build in support for both LAM and PAM
+		# and choose which to use based on auth_type in
+		# /etc/security/login.cfg
+		AS_IF([test X"${with_pam}${with_aixauth}" = X""], [
+		    AUTH_EXCL_DEF="AIX_AUTH PAM"
+		])
+
+		# AIX analog of nsswitch.conf, enabled by default
+		AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])],
+		[case $with_netsvc in
+		    no)		;;
+		    yes)	with_netsvc="/etc/netsvc.conf"
+				;;
+		    *)		;;
+		esac])
+		AS_IF([test -z "$with_nsswitch" -a -z "$with_netsvc"], [
+		    with_netsvc="/etc/netsvc.conf"
+		])
+
+		# LDR_PRELOAD is only supported in AIX 5.3 and later
+		case "$OSREV" in
+		    [[1-4]].*)	with_noexec=no;;
+		    5.[[1-2]]*)	with_noexec=no;;
+		    *)		RTLD_PRELOAD_VAR="LDR_PRELOAD";;
+		esac
+
+		# cfmakeraw is broken on AIX (and is not documented)
+		: ${ac_cv_func_cfmakeraw='no'}
+
+		# strnlen/strndup may be broken on AIX < 6 depending
+		# on the libc version, use our own.
+		AS_IF([test $OSMAJOR -lt 6], [
+		    : ${ac_cv_func_strnlen='no'}
+		])
+
+		# fmemopen(3) has a bug wrt feof() on some AIX versions.
+		# https://www.ibm.com/support/pages/apar/IJ11845
+		: ${ac_cv_func_fmemopen='no'}
+
+		# getdelim() may or may not be present on AIX <= 6.1.
+		# bos610 is missing getdelim but bos61J has it.
+		AS_IF([test "$enable_package_build" = "yes"], [
+		    AS_IF([test $OSMAJOR -le 6], [
+			: ${ac_cv_func_getdelim='no'}
+		    ])
+		])
+
+		# memset_s() may or may ont be present on AIX <= 7.1.
+		# bos710 is missing memset_s but bos71L has it.
+		AS_IF([test "$enable_package_build" = "yes"], [
+		    AS_IF([test $OSMAJOR -le 7], [
+			: ${ac_cv_func_memset_s='no'}
+		    ])
+		])
+
+		# Remove timedir on boot, AIX does not have /var/run
+		INIT_SCRIPT=aix.sh
+		INIT_DIR=/etc/rc.d/init.d
+		RC_LINK=/etc/rc.d/rc2.d/S90sudo
+
+		# AIX-specific functions
+		AC_CHECK_FUNCS([getuserattr setrlimit64])
+		AC_CHECK_FUNCS([setauthdb],
+		    [AC_CHECK_TYPES([authdb_t], [], [], [#include <usersec.h>])])
+
+		COMMON_OBJS="${COMMON_OBJS} aix.lo"
+		SUDO_APPEND_COMPAT_EXP(aix_prep_user_v1 aix_restoreauthdb_v1 aix_setauthdb_v1 aix_setauthdb_v2 aix_getauthregistry_v1)
+
+		# These prototypes may be missing
+		AC_CHECK_DECLS([usrinfo], [], [], [
+#include <sys/types.h>
+#include <uinfo.h>
+		])
+		AC_CHECK_DECLS([setauthdb], [], [], [
+#include <sys/types.h>
+#include <usersec.h>
+		])
+		;;
+    *-*-hiuxmpp*)
+		# HI-UX/MPP is based on OSF/1
+
+		# ignore envariables wrt dynamic lib path
+		AX_APPEND_FLAG([-Wl,-no_library_replacement], [SUDO_LDFLAGS])
+
+		shadow_funcs="getprpwnam dispcrypt"
+		shadow_libs="-lsecurity"
+
+		# ":DEFAULT" must be appended to _RLD_LIST
+		RTLD_PRELOAD_VAR="_RLD_LIST"
+		RTLD_PRELOAD_DEFAULT="DEFAULT"
+		: ${mansectsu='8'}
+		: ${mansectform='4'}
+		: ${mansectmisc='5'}
+		;;
+    *-*-hpux*)
+		AC_DEFINE([PAM_SUN_CODEBASE])
+
+		# AFS support needs -lBSD
+		AS_IF([test "$with_AFS" = "yes"], 
+		    AFS_LIBS="-lc -lBSD"
+		])
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${mansectmisc='5'}
+
+		# HP-UX does not clear /var/run so we need to do it
+		INIT_SCRIPT=hpux.sh
+		INIT_DIR=/sbin/init.d
+		RC_LINK=/sbin/rc2.d/S900sudo
+
+		# HP-UX shared libs must be executable.
+		# Load time is much greater if writable so use 0555.
+		SHLIB_MODE=0555
+
+		# HP-UX won't unlink a shared lib that is open
+		INSTALL_BACKUP='~'
+
+		# The HP bundled compiler cannot generate shared libs
+		AS_IF([test -z "$GCC"], [
+		    AC_CACHE_CHECK([for HP bundled C compiler],
+			[sudo_cv_var_hpccbundled],
+			[if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then
+			    sudo_cv_var_hpccbundled=yes
+			else
+			    sudo_cv_var_hpccbundled=no
+			fi]
+		    )
+		    AS_IF([test "$sudo_cv_var_hpccbundled" = "yes"], [
+			AC_MSG_ERROR([The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead.])
+		    ])
+		])
+
+		# Build PA-RISC1.1 objects for better portability
+		case "$host_cpu" in
+		    hppa[[2-9]]*)
+			_CFLAGS="$CFLAGS"
+			AS_IF([test -n "$GCC"], [
+			    portable_flag="-march=1.1"
+			], [
+			    portable_flag="+DAportable"
+			])
+			CFLAGS="$CFLAGS $portable_flag"
+			AC_CACHE_CHECK([whether $CC understands $portable_flag],
+			    [sudo_cv_var_daportable],
+			    [AC_LINK_IFELSE(
+				[AC_LANG_PROGRAM([[]], [[]])],
+				    [sudo_cv_var_daportable=yes],
+				    [sudo_cv_var_daportable=no]
+				)
+			    ]
+			)
+			AS_IF([test X"$sudo_cv_var_daportable" != X"yes"], [
+			    CFLAGS="$_CFLAGS"
+			])
+			;;
+		esac
+
+		case "$host_os" in
+			hpux10.*)
+			    shadow_funcs="getprpwnam iscomsec"
+			    shadow_libs="-lsec"
+			    # HP-UX 10.x doesn't support LD_PRELOAD
+			    with_noexec=no
+			;;
+			*)
+			    shadow_funcs="getspnam iscomsec"
+			    shadow_libs="-lsec"
+			    test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+			;;
+		esac
+		AC_CHECK_HEADERS([utmps.h])
+		AC_CHECK_FUNCS([pstat_getproc gethrtime])
+		;;
+    *-dec-osf*)
+		# ignore envariables wrt dynamic lib path
+		AX_APPEND_FLAG([-Wl,-no_library_replacement], [SUDO_LDFLAGS])
+
+		: ${CHECKSIA='true'}
+		AC_ARG_ENABLE(sia,
+		[AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])],
+		[ case "$enableval" in
+		    yes)	CHECKSIA=true
+				;;
+		    no)		CHECKSIA=false
+				;;
+		    *)		AC_MSG_WARN([ignoring unknown argument to --enable-sia: $enableval])
+				;;
+		  esac
+		])
+
+		shadow_funcs="getprpwnam dispcrypt"
+		# OSF/1 4.x and higher need -ldb too
+		AS_IF([test $OSMAJOR -lt 4], [
+		    shadow_libs="-lsecurity -laud -lm"
+		], [
+		    shadow_libs="-lsecurity -ldb -laud -lm"
+		])
+
+		# use SIA by default, if we have it
+		test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
+
+		#
+		# Some versions of Digital Unix ship with a broken
+		# copy of prot.h, which we need for shadow passwords.
+		# XXX - make should remove this as part of distclean
+		#
+		AC_MSG_CHECKING([for broken prot.h])
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/security.h>
+#include <prot.h>
+		]], [[return(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
+		sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
+		])
+		# ":DEFAULT" must be appended to _RLD_LIST
+		RTLD_PRELOAD_VAR="_RLD_LIST"
+		RTLD_PRELOAD_DEFAULT="DEFAULT"
+		: ${mansectsu='8'}
+		: ${mansectform='4'}
+		: ${mansectmisc='5'}
+		;;
+    *-*-irix*)
+		AC_DEFINE([_BSD_TYPES])
+		AS_IF([test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'], [
+		    AS_IF([test -d "/usr/share/man/local"], [
+			mandir="/usr/share/man/local"
+		    ], [
+			mandir="/usr/man/local"
+		    ])
+		])
+		# IRIX <= 4 needs -lsun
+		AS_IF([test "$OSMAJOR" -le 4], [
+		    AC_CHECK_LIB([sun], [getpwnam], [LIBS="${LIBS} -lsun"])
+		])
+		# ":DEFAULT" must be appended to _RLD_LIST
+		RTLD_PRELOAD_VAR="_RLD_LIST"
+		RTLD_PRELOAD_DEFAULT="DEFAULT"
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${mansectmisc='5'}
+		;;
+    *-*-linux*|*-*-k*bsd*-gnu)
+		shadow_funcs="getspnam"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		# Check for SECCOMP_MODE_FILTER in linux/seccomp.h
+		AC_CHECK_DECLS([SECCOMP_MODE_FILTER], [], [], [
+#include <sys/types.h>
+#include <sys/prctl.h>
+#include <asm/unistd.h>
+#include <linux/seccomp.h>
+#include <linux/filter.h>
+		])
+		# We call getrandom via syscall(3) in case it is not in libc
+		AC_CHECK_HEADERS([linux/random.h sys/syscall.h])
+
+		# Only use our replacement functions when not fuzzing,
+		# they may skew the coverage reports.
+		AS_IF([test X"$enable_fuzzer" = X"no"], [
+		    # glibc's getentropy() emulation may fail on older kernels.
+		    # We use our own getentropy() by default on Linux.
+		    : ${ac_cv_func_getentropy='no'}
+
+		    # glibc's arc4random() may fail in chroot on older kernels.
+		    # We use our own arc4random() by default on Linux.
+		    : ${ac_cv_func_arc4random='no'}
+
+		    # glibc's closefrom() emulation may fail in chroot.
+		    # We use our own closefrom() by default on Linux.
+		    : ${ac_cv_func_closefrom='no'}
+		])
+
+		# Linux 3.2 supports reading/writing a another process
+		# without using ptrace(2).
+		AC_CHECK_FUNCS([process_vm_readv])
+		;;
+    *-*-gnu*)
+		# lockf() is broken on the Hurd
+		ac_cv_func_lockf=no
+		;;
+    *-*-sco*|*-sco-*)
+		shadow_funcs="getprpwnam"
+		shadow_libs="-lprot -lx"
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${mansectmisc='5'}
+		;;
+    m88k-motorola-sysv*)
+		# motorolla's cc (a variant of gcc) does -O but not -O2
+		CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${mansectmisc='5'}
+		;;
+    *-sequent-sysv*)
+		shadow_funcs="getspnam"
+		shadow_libs="-lsec"
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${mansectmisc='5'}
+		;;
+    *-ncr-sysv4*|*-ncr-sysvr4*)
+		AC_CHECK_LIB([c89], [strcasecmp], [LIBS="${LIBS} -lc89"])
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${mansectmisc='5'}
+		;;
+    *-ccur-sysv4*|*-ccur-sysvr4*)
+		LIBS="${LIBS} -lgen"
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${mansectmisc='5'}
+		;;
+    *-*-bsdi*)
+		SKIP_SETREUID=yes
+		# Check for newer BSD auth API
+		AS_IF([test -z "$with_bsdauth"], [
+		    AC_CHECK_FUNCS([auth_challenge], [AUTH_EXCL_DEF="BSD_AUTH"])
+		])
+		;;
+    *-*-freebsd*)
+		AC_DEFINE([_BSD_SOURCE])
+
+		# FreeBSD has a real setreuid(2) starting with 2.1 and
+		# backported to 2.0.5.  We just take 2.1 and above...
+		case "$OSREV" in
+		0.*|1.*|2.0*)
+		    SKIP_SETREUID=yes
+		    ;;
+		esac
+		AS_IF([test "${with_skey-'no'}" = "yes"], [
+		     SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
+		])
+		CHECKSHADOW="false"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		: ${with_logincap='maybe'}
+
+		# Examples go in share/examples/sudo
+		AS_IF([test X"$with_exampledir" = X""], [
+		    exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)'
+		])
+		;;
+    *-*-*openbsd*)
+		AC_DEFINE([_BSD_SOURCE])
+
+		# OpenBSD-specific initialization
+		OS_INIT=os_init_openbsd
+		SUDO_OBJS="${SUDO_OBJS} openbsd.o"
+
+		# OpenBSD has a real setreuid(2) starting with 3.3 but
+		# we will use setresuid(2) instead.
+		SKIP_SETREUID=yes
+
+		# OpenBSD >= 3.0 supports BSD auth
+		AS_IF([test -z "$with_bsdauth"], [
+		    AS_IF([test "$OSMAJOR" -ge 3], [
+			AUTH_EXCL_DEF="BSD_AUTH"
+		    ])
+		])
+		: ${with_logincap='maybe'}
+
+		# Newer OpenBSD only fills in pw_password for getpwnam_shadow()
+		shadow_funcs="getpwnam_shadow"
+
+		# Examples go in share/examples/sudo
+		AS_IF([test X"$with_exampledir" = X""], [
+		    exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)'
+		])
+		;;
+    *-*-*netbsd*)
+		# NetBSD has a real setreuid(2) starting with 1.3.2
+		case "$OSREV" in
+		0.9*|1.[[012]]*|1.3|1.3.1)
+		    SKIP_SETREUID=yes
+		    ;;
+		esac
+		CHECKSHADOW="false"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		: ${with_logincap='maybe'}
+
+		# For reallocarray()
+		AC_DEFINE([_OPENBSD_SOURCE])
+
+		# Examples go in share/examples/sudo
+		AS_IF([test X"$with_exampledir" = X""], [
+		    exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)'
+		])
+		;;
+    *-*-dragonfly*)
+		AC_DEFINE([_BSD_SOURCE])
+
+		AS_IF([test "${with_skey-'no'}" = "yes"], [
+		     SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
+		])
+		CHECKSHADOW="false"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		: ${with_logincap='yes'}
+
+		# Examples go in share/examples/sudo
+		AS_IF([test X"$with_exampledir" = X""], [
+		    exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)'
+		])
+		;;
+    *-*-*bsd*)
+		CHECKSHADOW="false"
+		# Examples go in share/examples/sudo
+		AS_IF([test X"$with_exampledir" = X""], [
+		    exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)'
+		])
+		;;
+    *-*-darwin*)
+		# Darwin has a real setreuid(2) starting with 9.0
+		AS_IF([test $OSMAJOR -lt 9], [
+		    SKIP_SETREUID=yes
+		])
+		CHECKSHADOW="false"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		: ${with_logincap='yes'}
+		# Darwin has a broken poll(), Apple radar 3710161
+		: ${enable_poll='no'}
+		# Darwin 8 and above can interpose library symbols cleanly
+		AS_IF([test $OSMAJOR -ge 8], [
+		    AC_DEFINE(HAVE___INTERPOSE)
+		    dlyld_interpose=yes
+		], [
+		    RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
+		])
+		RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
+
+		# Build sudo_noexec.so as a shared library, not a module.
+		# On Darwin, modules and shared libraries are incompatible.
+		PRELOAD_MODULE=
+
+		# Mach monotonic timer that runs while sleeping
+		AC_CHECK_FUNCS([mach_continuous_time])
+
+		# Undocumented API that dynamically allocates the groups.
+		AC_CHECK_FUNCS([getgrouplist_2], [AC_CHECK_DECLS([getgrouplist_2])])
+
+		# We use proc_pidinfo() to emulate closefrom() on macOS.
+		AC_CHECK_HEADERS([libproc.h], [AC_CHECK_FUNCS([proc_pidinfo])])
+
+		# We need to force a flat namespace to make libc
+		# symbol hooking work like it does on ELF.
+		AX_CHECK_LINK_FLAG([-Wl,-force_flat_namespace], [AX_APPEND_FLAG([-Wl,-force_flat_namespace], [SUDO_LDFLAGS])])
+
+		# Examples go in share/examples/sudo
+		AS_IF([test X"$with_exampledir" = X""], [
+		    exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)'
+		])
+		;;
+    *-*-nextstep*)
+		# lockf() is broken on the NeXT
+		ac_cv_func_lockf=no
+		RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
+		RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
+		;;
+    *-*-*sysv4*)
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${mansectmisc='5'}
+		;;
+    *-*-*sco3.2*)	# SCO OpenServer 5
+		: ${mansectsu='1'}
+		: ${mansectform='4'}
+		: ${mansectmisc='5'}
+		shadow_funcs="getprpwnam"
+		shadow_libs="-lprot"
+		;;
+# UnixWare 7.x, OpenUNIX 8
+    *-*-*sysv5*)
+		: ${mansectsu='1'}
+		: ${mansectform='4'}
+		: ${mansectmisc='5'}
+	case "$host" in
+	*-*-sysv5SCO_SV*)	# SCO OpenServer 6.x
+		shadow_funcs="getprpwnam"
+		shadow_libs="-lprot"
+		;;
+	*)	shadow_funcs="getspnam"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		;;
+	esac
+		;;
+    *-*-sysv*)
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${mansectmisc='5'}
+		;;
+esac
+
+dnl
+dnl Library preloading to support NOEXEC
+dnl
+AS_IF([test X"$enable_intercept" = X"no"], [
+    intercept_file=disabled
+])
+AS_IF([test X"$with_noexec" = X"no"], [
+    noexec_file=disabled
+])
+AS_IF([test X"${intercept_file} ${noexec_file}" != X"disabled disabled"], [
+    SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_VAR, "$RTLD_PRELOAD_VAR")
+    SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DELIM, '$RTLD_PRELOAD_DELIM')
+    AS_IF([test -n "$RTLD_PRELOAD_DEFAULT"], [
+	SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DEFAULT, "$RTLD_PRELOAD_DEFAULT")
+    ])
+    AS_IF([test -n "$RTLD_PRELOAD_ENABLE_VAR"], [
+	SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_ENABLE_VAR, "$RTLD_PRELOAD_ENABLE_VAR")
+    ])
+])
+
+dnl
+dnl Check for mixing mutually exclusive and regular auth methods
+dnl
+AUTH_REG=${AUTH_REG# }
+AUTH_EXCL=${AUTH_EXCL# }
+AS_IF([test -n "$AUTH_EXCL" -a -n "$AUTH_REG"], [
+    AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
+])
+dnl
+dnl Only one of S/Key and OPIE may be specified
+dnl
+AS_IF([test X"${with_skey}${with_opie}" = X"yesyes"], [
+    AC_MSG_ERROR([cannot use both S/Key and OPIE])
+])
+
+dnl
+dnl Use BSD-style man sections by default
+dnl
+: ${mansectsu='8'}
+: ${mansectform='5'}
+: ${mansectmisc='7'}
+
+dnl
+dnl Add in any libpaths or libraries specified via configure
+dnl
+AS_IF([test -n "$with_libpath"], [
+    for i in ${with_libpath}; do
+	SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
+    done
+])
+AS_IF([test -n "$with_libraries"], [
+    for i in ${with_libraries}; do
+	case $i in
+	    -l*)	;;
+	    *.a)	;;
+	    *.o)	;;
+	    *)	i="-l${i}";;
+	esac
+	LIBS="${LIBS} ${i}"
+    done
+])
+
+dnl
+dnl C compiler checks (to be done after os checks)
+dnl AC_PROG_CC_STDC is deprecated in autoconf 2.70 and above.
+dnl
+m4_bmatch(m4_defn([AC_AUTOCONF_VERSION]), [^2\.69], [AC_PROG_CC_STDC])
+AC_C_CONST
+AC_C_INLINE
+AC_C_VOLATILE
+SUDO_CPP_VARIADIC_MACROS
+
+dnl
+dnl Program checks
+dnl
+AC_PROG_AWK
+AC_PROG_YACC
+AC_PATH_PROG([FLEX], [flex], [flex])
+SUDO_PROG_MV
+SUDO_PROG_BSHELL
+AS_IF([test -z "$with_sendmail"], [
+    SUDO_PROG_SENDMAIL
+    with_sendmail="$ac_cv_path_SENDMAILPROG"
+])
+SUDO_PROG_VI
+dnl
+dnl Use fully-qualified path to vi in the manual
+dnl
+AS_IF([test -z "$with_editor"], [
+    editor="$ac_cv_path_VIPROG"
+])
+dnl
+dnl Check for authpriv support in syslog
+dnl
+AS_IF([test X"$with_logfac" = X""], [
+    AC_CHECK_DECL([LOG_AUTHPRIV], [logfac=authpriv], [], [#include <syslog.h>])
+])
+AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
+dnl
+dnl Header file checks
+dnl
+AC_HEADER_DIRENT
+AC_HEADER_STDBOOL
+AC_HEADER_MAJOR
+AC_CHECK_HEADERS_ONCE([netgroup.h paths.h spawn.h wordexp.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h sys/statvfs.h])
+AS_IF([test X"$ac_cv_header_utmps_h" != X"yes"], [
+    AC_CHECK_HEADERS([utmpx.h])
+])
+AC_CHECK_HEADERS([endian.h] [sys/endian.h] [machine/endian.h], [break])
+AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS([_ttyname_dev])], [], [AC_INCLUDES_DEFAULT
+#ifdef HAVE_PROCFS_H
+#include <procfs.h>
+#endif
+#ifdef HAVE_SYS_PROCFS_H
+#include <sys/procfs.h>
+#endif
+])]
+break)
+#
+# Check for large file and 64-bit time support.
+#
+AC_SYS_LARGEFILE
+m4_ifdef([AC_SYS_YEAR2038], [AC_SYS_YEAR2038], [
+    # GNU libc only allows setting _TIME_BITS when FILE_OFFSET_BITS is also set.    # GNU libc defines __TIMESIZE on systems where _TIME_BITS can be set.
+    AS_IF([test X"$ac_cv_sys_file_offset_bits" = X"yes"], [
+	AC_CHECK_DECL(__TIMESIZE, [
+	    AC_DEFINE([_TIME_BITS], [64], [Number of bits in a timestamp, on hosts where this is settable.])
+	], [], [
+AC_INCLUDES_DEFAULT
+#include <time.h>
+	])
+    ])
+])
+
+#
+# Don't allow undefined symbols, even in shared libraries, if possible.
+# This will detect missing symbols at build-time instead of run-time
+# but is incompatible with the sanitizers/fuzzers.
+# We must set this *before* the library tests.
+#
+AS_IF([test -n "$GCC" -a X"${enable_sanitizer}${enable_fuzzer}" = X"nono"], [
+    # On FreeBSD and Dragonfly, environ is filled in by the dynamic loader
+    # so -Wl,--no-undefined causes a link error when environ is used.
+    # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263265
+    # We use errno because OpenBSD shared libraries don't explicitly
+    # link with libc, which can result in undefined reference errors.
+    AC_CACHE_CHECK([the linker accepts -Wl,--no-undefined],
+	[sudo_cv_var_ld___no_undefined],
+	[
+	    sudo_cv_var_ld___no_undefined=no
+	    _CFLAGS="$CFLAGS"
+	    CFLAGS="$CFLAGS $lt_prog_compiler_pic"
+	    _LDFLAGS="$LDFLAGS"
+	    LDFLAGS="$LDFLAGS $lt_prog_compiler_pic -shared -Wl,--no-undefined"
+	    AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <errno.h>
+extern char **environ;]], [[int ret = ((long)environ & 0xff) + errno; return ret;]])],
+		[sudo_cv_var_ld___no_undefined=yes])
+	    CFLAGS="$_CFLAGS"
+	    LDFLAGS="$_LDFLAGS"
+	]
+    )
+    AS_IF([test "$sudo_cv_var_ld___no_undefined" = "yes"], [
+	AX_APPEND_FLAG([-Wl,--no-undefined], [LDFLAGS])
+    ])
+])
+
+#
+# HP-UX may need to define _XOPEN_SOURCE_EXTENDED to expose MSG_WAITALL.
+# Also, HP-UX 11.23 has a broken sys/types.h when large files support
+# is enabled and _XOPEN_SOURCE_EXTENDED is not also defined.
+# The following test will define _XOPEN_SOURCE_EXTENDED in either case.
+#
+case "$host_os" in
+    hpux*)
+	AC_CACHE_CHECK([whether sys/socket.h needs _XOPEN_SOURCE_EXTENDED for MSG_WAITALL], [sudo_cv_xopen_source_extended],
+	[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
+[#	include <sys/socket.h>]], [[int a = MSG_WAITALL; return a;]])],
+	[sudo_cv_xopen_source_extended=no], [
+	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#define _XOPEN_SOURCE_EXTENDED
+	    AC_INCLUDES_DEFAULT
+[#	    include <sys/socket.h>
+#	    include <net/if.h>]], [[int a = MSG_WAITALL; return a;]])],
+	    [sudo_cv_xopen_source_extended=yes],
+	    [sudo_cv_xopen_source_extended=error])
+	])])
+	AS_IF([test "$sudo_cv_xopen_source_extended" = "yes"], [
+	    AC_DEFINE([_XOPEN_SOURCE_EXTENDED])
+	])
+	;;
+esac
+SUDO_MAILDIR
+AS_IF([test ${with_logincap-'no'} != "no"], [
+    AC_CHECK_HEADERS([login_cap.h], [
+	LOGINCAP_USAGE='[[-c class]] '
+	LCMAN=1
+	with_logincap=yes
+    ])
+    AS_IF([test "${with_logincap}" = "yes"], [
+	# setusercontext() is in libutil on NetBSD, FreeBSD, Dragonfly BSD.
+	_LIBS="$LIBS"
+	AC_SEARCH_LIBS([setusercontext], [util])
+	LIBS="$_LIBS"
+	AS_IF([test "${ac_cv_search_setusercontext}" != "none required"], [
+	    SUDO_LIBS="${SUDO_LIBS} -lutil"
+	    SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
+	])
+    ])
+])
+AS_IF([test ${with_project-'no'} != "no"], [
+    AC_CHECK_HEADER(project.h, [
+	AC_CHECK_LIB([project], [setproject], [
+	    AC_DEFINE(HAVE_PROJECT_H)
+	    SUDO_LIBS="${SUDO_LIBS} -lproject"
+	])
+    ], [with_project=no])
+])
+dnl
+dnl typedef checks
+dnl
+AS_IF([test X"${ac_cv_header_stdint_h}${ac_cv_header_inttypes_h}" = X"nono"], [
+    AC_CHECK_TYPES([int8_t, uint8_t, int16_t, uint16_t, int32_t, uint32_t, int64_t, uint64_t, intmax_t, uintmax_t])
+])
+AC_CHECK_TYPES([sig_atomic_t], [], [], [
+AC_INCLUDES_DEFAULT
+#include <signal.h>])
+AC_CHECK_TYPES([struct in6_addr], [], [], [#include <sys/types.h>
+#include <netinet/in.h>])
+AC_CHECK_TYPES(socklen_t, [], [], [
+AC_INCLUDES_DEFAULT
+#include <sys/socket.h>])
+SUDO_UID_T_LEN
+SUDO_SOCK_SA_LEN
+SUDO_SOCK_SIN_LEN
+AC_CHECK_SIZEOF([id_t])
+AC_CHECK_SIZEOF([long long])
+AC_CHECK_SIZEOF([time_t])
+AS_IF([test X"$ac_cv_header_utmps_h" = X"yes"], [
+    SUDO_CHECK_UTMP_MEMBERS([utmps])
+], [test X"$ac_cv_header_utmpx_h" = X"yes"], [
+    SUDO_CHECK_UTMP_MEMBERS([utmpx])
+], [
+    SUDO_CHECK_UTMP_MEMBERS([utmp])
+])
+
+dnl
+dnl Python plugin support
+dnl
+AS_IF([test ${enable_python-'no'} = "yes"], [
+    AM_PATH_PYTHON([3])
+
+    AC_ARG_VAR([PYTHON_INCLUDE], [Include flags for python, bypassing python-config])
+    AC_ARG_VAR([PYTHON_LIBS], [Linker flags for python, bypassing python-config])
+    AC_ARG_VAR([PYTHON_CONFIG], [Path to python-config])
+
+    AS_IF([test -z "$PYTHON_INCLUDE" || test -z "$PYTHON_LIBS"], [
+      AS_IF([test -z "$PYTHON_CONFIG"], [
+        AC_PATH_PROGS([PYTHON_CONFIG],
+                      [python$PYTHON_VERSION-config python-config],
+                      [no],
+                      [`dirname $PYTHON`])
+        AS_IF([test "$PYTHON_CONFIG" = no], [AC_MSG_ERROR([cannot find python-config for $PYTHON.])])
+      ])
+    ])
+
+    AS_IF([test -z "$PYTHON_INCLUDE"], [
+      # Pull out python include path, ignore other flags
+      PYTHON_INCLUDE=`$PYTHON_CONFIG --cflags | tr " " "\n" | grep "^-I" | sort -u | tr "\n" " "`
+    ])
+
+    AS_IF([test -z "$PYTHON_LIBS"], [
+      # Newer versions of python3-config need --embed to include libpython
+      if $PYTHON_CONFIG 2>&1 | grep embed >/dev/null; then
+        PY_EMBED=--embed
+      else
+        PY_EMBED=
+      fi
+      PYTHON_LIBS=`$PYTHON_CONFIG --ldflags $PY_EMBED`
+      PYTHON_LIBS=`$PYTHON_CONFIG --ldflags $PY_EMBED | tr " " "\n" | grep "^-[[lL]]" | tr "\n" " "`
+    ])
+
+    PPFILES="$PPFILES "'$(srcdir)/etc/sudo-python.pp'
+    PYTHON_PLUGIN_SRC=plugins/python
+    PYTHON_PLUGIN=
+    AC_CONFIG_FILES([$PYTHON_PLUGIN_SRC/Makefile])
+])
+
+dnl
+dnl Function checks
+dnl
+AC_FUNC_GETGROUPS
+AC_FUNC_FSEEKO
+AC_CHECK_FUNCS_ONCE([fexecve fmemopen killpg nl_langinfo faccessat wordexp strtoull])
+AC_CHECK_FUNCS([execvpe], [SUDO_APPEND_INTERCEPT_EXP(execvpe)])
+AC_CHECK_FUNCS([pread], [
+    # pread/pwrite on 32-bit HP-UX 11.x may not support large files
+    case "$host_os" in
+	hpux*)
+	    AC_CHECK_FUNCS([pread64 pwrite64], [
+		AC_CHECK_DECLS([pread64, pwrite64])
+	    ])
+	    ;;
+    esac
+], [
+    AC_LIBOBJ(pread)
+    SUDO_APPEND_COMPAT_EXP(sudo_pread)
+])
+AC_CHECK_FUNCS([pwrite], [], [
+    AC_LIBOBJ(pwrite)
+    SUDO_APPEND_COMPAT_EXP(sudo_pwrite)
+])
+AC_CHECK_FUNCS([cfmakeraw], [], [
+    AC_LIBOBJ(cfmakeraw)
+    SUDO_APPEND_COMPAT_EXP(sudo_cfmakeraw)
+])
+AC_CHECK_FUNCS([localtime_r], [], [
+    AC_LIBOBJ(localtime_r)
+    SUDO_APPEND_COMPAT_EXP(sudo_localtime_r)
+])
+AC_CHECK_FUNCS([gmtime_r], [], [
+    AC_LIBOBJ(gmtime_r)
+    SUDO_APPEND_COMPAT_EXP(sudo_gmtime_r)
+])
+AC_CHECK_FUNCS([timegm], [], [
+    AC_LIBOBJ(timegm)
+    SUDO_APPEND_COMPAT_EXP(sudo_timegm)
+])
+AC_CHECK_FUNCS([getgrouplist], [], [
+    case "$host_os" in
+    aix*)
+	AC_CHECK_FUNCS([getgrset])
+	;;
+    *)
+	AC_CHECK_FUNC([nss_search], [
+	    AC_CHECK_FUNC([_nss_XbyY_buf_alloc], [
+		# Solaris
+		AC_CHECK_FUNC([_nss_initf_group], [
+		    AC_CHECK_HEADERS([nss_dbdefs.h])
+		    AC_DEFINE([HAVE_NSS_SEARCH])
+		    AC_DEFINE([HAVE__NSS_XBYY_BUF_ALLOC])
+		    AC_DEFINE([HAVE__NSS_INITF_GROUP])
+		], [
+		    AC_CHECK_HEADERS([nss_dbdefs.h], [
+			# Older Solaris does not export _nss_initf_group
+			# but we can use our own.
+			AC_DEFINE([HAVE_NSS_SEARCH])
+			AC_DEFINE([HAVE__NSS_XBYY_BUF_ALLOC])
+		    ])
+		])
+	    ], [
+		dnl HP-UX support disabled until "group: compat" fixed
+		dnl # HP-UX
+		dnl AC_CHECK_FUNC([__nss_XbyY_buf_alloc], [
+		dnl     AC_CHECK_FUNC([__nss_initf_group], [
+		dnl	AC_CHECK_HEADERS([nss_dbdefs.h])
+		dnl	AC_DEFINE([HAVE_NSS_SEARCH])
+		dnl	AC_DEFINE([HAVE___NSS_XBYY_BUF_ALLOC])
+		dnl	AC_DEFINE([HAVE___NSS_INITF_GROUP])
+		dnl    ])
+		dnl])
+		:
+	    ])
+	])
+	;;
+    esac
+    SUDO_APPEND_COMPAT_EXP(sudo_getgrouplist)
+])
+AC_CHECK_FUNCS([getdelim], [
+    # Out of date gcc fixed includes may result in missing getdelim() prototype
+    AC_CHECK_DECLS([getdelim])
+], [
+    AC_LIBOBJ(getdelim)
+    SUDO_APPEND_COMPAT_EXP(sudo_getdelim)
+    COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }getdelim_test"
+])
+AC_CHECK_FUNCS([getusershell], [
+    # Older Solaris has getusershell() et al but does not declare it.
+    AC_CHECK_DECLS([getusershell])
+], [
+    AC_LIBOBJ(getusershell)
+    SUDO_APPEND_COMPAT_EXP(sudo_getusershell)
+])
+AC_CHECK_FUNCS([reallocarray], [], [
+    AC_LIBOBJ(reallocarray)
+    SUDO_APPEND_COMPAT_EXP(sudo_reallocarray)
+])
+AC_CHECK_FUNCS([arc4random], [
+    AC_CHECK_FUNCS([arc4random_uniform], [], [
+	AC_LIBOBJ(arc4random_uniform)
+	SUDO_APPEND_COMPAT_EXP(sudo_arc4random_uniform)
+    ])
+    AC_CHECK_FUNCS([arc4random_buf], [], [
+	AC_LIBOBJ(arc4random_buf)
+	SUDO_APPEND_COMPAT_EXP(sudo_arc4random_buf)
+    ])
+], [
+    AC_LIBOBJ(arc4random)
+    SUDO_APPEND_COMPAT_EXP(sudo_arc4random)
+    SUDO_APPEND_COMPAT_EXP(sudo_arc4random_buf)
+    AC_LIBOBJ(arc4random_uniform)
+    SUDO_APPEND_COMPAT_EXP(sudo_arc4random_uniform)
+    # arc4random.c needs getentropy()
+    AC_CHECK_FUNCS([getentropy], [
+	AC_CHECK_HEADERS([sys/random.h])
+    ], [
+	AC_LIBOBJ(getentropy)
+	SUDO_APPEND_COMPAT_EXP(sudo_getentropy)
+	AC_CHECK_FUNCS([getauxval])
+    ])
+    # arc4random.c wants pthread_atfork
+    AC_CHECK_HEADERS([pthread.h], [
+	AC_CHECK_LIB([pthread], [main], [LIBPTHREAD="-lpthread"])
+	AC_CHECK_FUNCS([pthread_atfork])
+    ])
+])
+
+utmp_style=LEGACY
+AC_CHECK_FUNCS([getutsid getutxid getutid], [utmp_style=POSIX; break])
+AS_IF([test "$utmp_style" = "LEGACY"], [
+    AC_CHECK_FUNCS([getttyent ttyslot], [break])
+])
+
+AC_CHECK_FUNCS([sysctl], [
+    AC_CHECK_FUNCS([devname])
+    # Check for the various flavors of kinfo_proc
+    found=false
+    AC_CHECK_MEMBER([struct kinfo_proc.ki_structsize], [
+	AC_DEFINE(HAVE_KINFO_PROC_FREEBSD)
+	found=true
+    ], [], [
+#include <sys/param.h>
+#include <sys/sysctl.h>
+#include <sys/user.h>
+    ])
+    AS_IF([test "$found" = "false"], [
+	AC_CHECK_MEMBER([struct kinfo_proc.kp_paddr], [
+	    AC_DEFINE(HAVE_KINFO_PROC_DFLY)
+	    found=true
+	], [], [
+#include <sys/param.h>
+#include <sys/sysctl.h>
+#include <sys/user.h>
+	])
+    ])
+    AS_IF([test "$found" = "false"], [
+	AC_CHECK_MEMBER([struct kinfo_proc2.p_paddr], [
+	    AC_DEFINE(HAVE_KINFO_PROC2_NETBSD)
+	    found=true
+	], [], [
+#include <sys/param.h>
+#include <sys/sysctl.h>
+	])
+    ])
+    AS_IF([test "$found" = "false"], [
+	AC_CHECK_MEMBER([struct kinfo_proc.p_paddr], [
+	    AC_DEFINE(HAVE_KINFO_PROC_OPENBSD)
+	    found=true
+	], [], [
+#include <sys/param.h>
+#include <sys/sysctl.h>
+	])
+    ])
+    AS_IF([test "$found" = "false"], [
+	AC_CHECK_MEMBER([struct kinfo_proc.kp_proc], [
+	    AC_DEFINE(HAVE_KINFO_PROC_44BSD)
+	    found=true
+	], [], [
+#include <sys/param.h>
+#include <sys/sysctl.h>
+	])
+    ])
+])
+
+AC_CHECK_FUNCS([openpty], [AC_CHECK_HEADERS([libutil.h util.h pty.h], [break])], [
+    AC_CHECK_LIB([util], [openpty], [
+	AC_CHECK_HEADERS([libutil.h util.h pty.h], [break])
+	case "$SUDO_LIBS" in
+	    *-lutil*) ;;
+	    *) SUDO_LIBS="${SUDO_LIBS} -lutil";;
+	esac
+	AC_DEFINE(HAVE_OPENPTY)
+    ], [
+	AC_CHECK_FUNCS([_getpty], [], [
+	    AC_CHECK_FUNCS([grantpt], [
+		AC_CHECK_FUNCS([posix_openpt])
+	    ], [
+		AC_CHECK_FUNCS([revoke])
+	    ])
+	])
+    ])
+])
+AC_CHECK_FUNCS([unsetenv], [SUDO_FUNC_UNSETENV_VOID], [])
+SUDO_FUNC_PUTENV_CONST
+AS_IF([test -z "$SKIP_SETRESUID"], [
+    AC_CHECK_FUNCS([setresuid], [
+	SKIP_SETREUID=yes
+	AC_CHECK_DECLS([setresuid])
+	AC_CHECK_FUNCS([getresuid], [AC_CHECK_DECLS([getresuid])])
+    ])
+])
+AS_IF([test -z "$SKIP_SETRESUID"], [
+    AC_CHECK_FUNCS([setreuid])
+])
+AC_CHECK_FUNCS_ONCE([seteuid])
+AS_IF([test X"$with_interfaces" != X"no"], [
+    AC_CHECK_FUNCS([getifaddrs], [AC_CHECK_FUNCS([freeifaddrs])])
+])
+AC_CHECK_FUNCS([lockf], [break])
+AC_CHECK_FUNCS([innetgr], [
+    AC_CHECK_DECLS([innetgr], [], [], [
+AC_INCLUDES_DEFAULT
+#ifdef HAVE_NETGROUP_H
+# include <netgroup.h>
+#else
+# include <netdb.h>
+#endif /* HAVE_NETGROUP_H */
+])], [
+    AC_CHECK_FUNCS([_innetgr], [
+	AC_CHECK_DECLS([_innetgr], [], [], [
+AC_INCLUDES_DEFAULT
+#ifdef HAVE_NETGROUP_H
+# include <netgroup.h>
+#else
+# include <netdb.h>
+#endif /* HAVE_NETGROUP_H */
+	])
+    ])
+])
+AC_CHECK_FUNCS([getdomainname], [
+    AC_CHECK_DECLS([getdomainname], [], [], [
+AC_INCLUDES_DEFAULT
+#include <netdb.h>
+    ])
+], [
+    AC_CHECK_FUNCS([sysinfo], [AC_CHECK_HEADERS([sys/systeminfo.h])])
+])
+AC_CHECK_FUNCS([utimensat], [], [
+    AC_LIBOBJ(utimens)
+    SUDO_APPEND_COMPAT_EXP(sudo_utimensat)
+    AC_CHECK_FUNCS([utimes])
+])
+AC_CHECK_FUNCS([futimens], [], [
+    AC_LIBOBJ(utimens)
+    SUDO_APPEND_COMPAT_EXP(sudo_futimens)
+    AC_CHECK_FUNCS([futimes futimesat futime], [break])
+])
+AC_CHECK_FUNCS([explicit_bzero], [], [
+    AC_LIBOBJ(explicit_bzero)
+    SUDO_APPEND_COMPAT_EXP(sudo_explicit_bzero)
+    AC_CHECK_FUNCS([explicit_memset memset_explicit memset_s bzero], [break])
+])
+SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [
+    AC_LIBOBJ(fnmatch)
+    SUDO_APPEND_COMPAT_EXP(sudo_fnmatch)
+    COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test"
+])
+SUDO_FUNC_ISBLANK
+AC_CHECK_FUNCS([glob], [], [
+    AC_LIBOBJ(glob)
+    SUDO_APPEND_COMPAT_EXP(sudo_glob sudo_globfree)
+])
+AC_CHECK_FUNCS([memrchr], [], [
+    AC_LIBOBJ(memrchr)
+    SUDO_APPEND_COMPAT_EXP(sudo_memrchr)
+])
+AC_CHECK_FUNCS([freezero], [], [
+    AC_LIBOBJ(freezero)
+    SUDO_APPEND_COMPAT_EXP(sudo_freezero)
+])
+AC_CHECK_FUNCS(nanosleep, [], [
+    # On Solaris, nanosleep is in librt
+    AC_CHECK_LIB([rt], [nanosleep], [
+	AC_DEFINE(HAVE_NANOSLEEP)
+	LIBRT="-lrt"
+    ], [
+	AC_LIBOBJ(nanosleep)
+	SUDO_APPEND_COMPAT_EXP(sudo_nanosleep)
+    ])
+])
+AC_CHECK_FUNCS([fchownat], [], [
+    AC_LIBOBJ(fchownat)
+    SUDO_APPEND_COMPAT_EXP(sudo_fchownat)
+])
+AC_CHECK_FUNCS([mkdirat], [], [
+    AC_LIBOBJ(mkdirat)
+    SUDO_APPEND_COMPAT_EXP(sudo_mkdirat)
+])
+AC_CHECK_FUNCS([openat], [], [
+    AC_LIBOBJ(openat)
+    SUDO_APPEND_COMPAT_EXP(sudo_openat)
+])
+AC_CHECK_FUNCS([unlinkat], [], [
+    AC_LIBOBJ(unlinkat)
+    SUDO_APPEND_COMPAT_EXP(sudo_unlinkat)
+])
+AC_CHECK_FUNCS([fchmodat], [], [
+    AC_LIBOBJ(fchmodat)
+    SUDO_APPEND_COMPAT_EXP(sudo_fchmodat)
+])
+AC_CHECK_FUNCS([fstatat], [], [
+    AC_LIBOBJ(fstatat)
+    SUDO_APPEND_COMPAT_EXP(sudo_fstatat)
+])
+AC_CHECK_FUNCS([dup3], [], [
+    AC_LIBOBJ(dup3)
+    SUDO_APPEND_COMPAT_EXP(sudo_dup3)
+])
+AC_CHECK_FUNCS([pipe2], [], [
+    AC_LIBOBJ(pipe2)
+    SUDO_APPEND_COMPAT_EXP(sudo_pipe2)
+])
+AC_CHECK_FUNCS([pw_dup], [], [
+    AC_LIBOBJ(pw_dup)
+    SUDO_APPEND_COMPAT_EXP(sudo_pw_dup)
+])
+AC_CHECK_FUNCS([strlcpy], [], [
+    AC_LIBOBJ(strlcpy)
+    SUDO_APPEND_COMPAT_EXP(sudo_strlcpy)
+])
+AC_CHECK_FUNCS([strlcat], [], [
+    AC_LIBOBJ(strlcat)
+    SUDO_APPEND_COMPAT_EXP(sudo_strlcat)
+])
+AC_CHECK_FUNC([strnlen], [AC_FUNC_STRNLEN], [AC_LIBOBJ(strnlen)])
+AS_IF([test X"$ac_cv_func_strnlen_working" = X"yes"], [
+    AC_DEFINE(HAVE_STRNLEN)
+    AC_CHECK_FUNCS([strndup], [], [
+	AC_LIBOBJ(strndup)
+	SUDO_APPEND_COMPAT_EXP(sudo_strndup)
+    ])
+], [
+    # Broken or missing strnlen, use our own.
+    SUDO_APPEND_COMPAT_EXP(sudo_strnlen)
+    # Avoid libc strndup() since it is usually implemented using strnlen()
+    AC_LIBOBJ(strndup)
+    SUDO_APPEND_COMPAT_EXP(sudo_strndup)
+])
+AC_CHECK_FUNCS([clock_gettime], [], [
+    # On Solaris, clock_gettime is in librt
+    AC_CHECK_LIB([rt], [clock_gettime], [
+	AC_DEFINE(HAVE_CLOCK_GETTIME)
+	LIBRT="-lrt"
+    ])
+])
+AC_CHECK_FUNCS([getopt_long], [], [
+    AC_LIBOBJ(getopt_long)
+    SUDO_APPEND_COMPAT_EXP(sudo_getopt_long sudo_getopt_long_only)
+    AC_CACHE_CHECK([for optreset], sudo_cv_optreset, [
+    AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern int optreset; optreset = 1; return optreset;]])], [sudo_cv_optreset=yes], [sudo_cv_optreset=no])])
+    AS_IF([test "$sudo_cv_optreset" = "yes"], [
+	AC_DEFINE(HAVE_OPTRESET)
+    ])
+])
+AC_CHECK_FUNCS([closefrom], [], [AC_LIBOBJ(closefrom)
+    SUDO_APPEND_COMPAT_EXP(sudo_closefrom)
+    AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [
+	# Linux has a special header for close_range(2).
+	AC_CHECK_FUNCS([close_range], [
+	    case "$host_os" in
+	    linux*) AC_CHECK_HEADERS([linux/close_range.h]);;
+	    esac
+	])
+    ], [
+#	include <limits.h>
+#	include <fcntl.h> ])
+    COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }closefrom_test"
+])
+sudo_mktemp=no
+case "$host_os" in
+    darwin*)
+	# macOS has these but uses a _np (non-portable) suffix
+	AC_CHECK_FUNCS([mkdtempat_np mkostempsat_np], [], [sudo_mktemp=yes; break])
+	;;
+    *)
+	AC_CHECK_FUNCS([mkdtempat mkostempsat], [], [sudo_mktemp=yes; break])
+	;;
+esac
+# If any of the mktemp family are missing we use our own.
+AS_IF([test X"$sudo_mktemp" = X"yes"], [
+    AC_LIBOBJ(mktemp)
+    SUDO_APPEND_COMPAT_EXP(sudo_mkdtemp sudo_mkdtempat sudo_mkostempsat sudo_mkstemp sudo_mkstemps)
+    COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }mktemp_test"
+])
+AX_FUNC_SNPRINTF
+AS_IF([test X"$ac_cv_have_working_snprintf$ac_cv_have_working_vsnprintf" = X"yesyes"], [
+    # System has a C99-compliant v?snprintf(), check for v?asprintf()
+    AC_CHECK_FUNCS([asprintf], [], [
+	AC_LIBOBJ(snprintf)
+	SUDO_APPEND_COMPAT_EXP(sudo_asprintf)
+    ])
+    AC_CHECK_FUNCS([vasprintf], [], [
+	AC_LIBOBJ(snprintf)
+	SUDO_APPEND_COMPAT_EXP(sudo_vasprintf)
+    ])
+], [
+    # Missing or non-compliant v?snprintf(), assume missing/bad v?asprintf()
+    SUDO_APPEND_COMPAT_EXP(sudo_snprintf sudo_vsnprintf sudo_asprintf sudo_vasprintf)
+])
+AC_CHECK_MEMBERS([struct tm.tm_gmtoff], [], [], [
+AC_INCLUDES_DEFAULT
+#include <errno.h>
+])
+AC_CHECK_MEMBER([struct stat.st_mtim],
+    [AC_DEFINE(HAVE_ST_MTIM)]
+    [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
+    [AC_CHECK_MEMBER([struct stat.st_mtimespec],
+	[AC_DEFINE([HAVE_ST_MTIMESPEC])],
+	[AC_CHECK_MEMBER([struct stat.st_nmtime], AC_DEFINE(HAVE_ST_NMTIME))])
+    ]
+)
+dnl
+dnl 4.4BSD-based systems can force the password or group file to be held open
+dnl
+AC_CHECK_FUNCS([setpassent setgroupent])
+dnl
+dnl Function checks for sudo_noexec
+dnl
+AS_IF([test X"$with_noexec" != X"no"], [
+    # Check for non-standard exec functions
+    AC_CHECK_FUNCS([exect execvP execvpe])
+    # Check for posix_spawn, and posix_spawnp
+    AS_IF([test X"$ac_cv_header_spawn_h" = X"yes"], [
+	AC_CHECK_FUNCS([posix_spawn posix_spawnp])
+    ])
+])
+
+dnl
+dnl Check for the dirfd function/macro.  If not found, look for dd_fd in DIR.
+dnl
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+#include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])])
+AC_CHECK_MEMBERS([struct dirent.d_type, struct dirent.d_namlen], [], [], [
+AC_INCLUDES_DEFAULT
+#include <$ac_header_dirent>
+])
+
+dnl
+dnl Check for OpenSSL or wolfSSL
+dnl
+SUDO_CHECK_OPENSSL
+
+dnl
+dnl Check for sha2 functions if not using openssl or wolfssl
+dnl
+AS_IF([test "$DIGEST" = "digest.lo"], [
+    AS_IF([test "${enable_gcrypt-no}" != no], [
+	# Use gcrypt's sha2 functions
+	AC_DEFINE(HAVE_GCRYPT)
+	DIGEST=digest_gcrypt.lo
+	LIBMD="-lgcrypt"
+	AS_IF([test "$enable_gcrypt" != "yes"], [
+	    AX_APPEND_FLAG([-I${enable_gcrypt}/include], [CPPFLAGS])
+	    SUDO_APPEND_LIBPATH(LDFLAGS, [${enable_gcrypt}/lib])
+	])
+    ], [
+	# Use sudo's sha2 functions if not in libmd or libc.
+	FOUND_SHA2=no
+	AC_CHECK_HEADER([sha2.h], [
+	    FOUND_SHA2=yes
+	    AC_CHECK_FUNCS([SHA224Update], [SUDO_FUNC_SHA2_VOID_PTR], [
+		# On some systems, SHA224Update is in libmd
+		AC_CHECK_LIB([md], [SHA224Update], [
+		    AC_DEFINE(HAVE_SHA224UPDATE)
+		    SUDO_FUNC_SHA2_VOID_PTR
+		    LIBMD="-lmd"
+		], [
+		    # Does not have SHA224Update
+		    FOUND_SHA2=no
+		])
+	    ])
+	])
+	AS_IF([test X"$FOUND_SHA2" = X"no"], [
+	    AC_LIBOBJ(sha2)
+	    SUDO_APPEND_COMPAT_EXP(sudo_SHA224Final sudo_SHA224Init sudo_SHA224Pad sudo_SHA224Transform sudo_SHA224Update sudo_SHA256Final sudo_SHA256Init sudo_SHA256Pad sudo_SHA256Transform sudo_SHA256Update sudo_SHA384Final sudo_SHA384Init sudo_SHA384Pad sudo_SHA384Transform sudo_SHA384Update sudo_SHA512Final sudo_SHA512Init sudo_SHA512Pad sudo_SHA512Transform sudo_SHA512Update)
+	])
+    ])
+])
+
+dnl
+dnl Network functions may live in libsocket, libinet, libnsl, or libresolv.
+dnl Order is important here.
+dnl
+SUDO_CHECK_NET_FUNC([socket])
+
+dnl
+dnl We need to keep track of inet_pton()'s dependent libraries for
+dnl our getaddrinfo() replacement.
+dnl
+ONET_LIBS="$NET_LIBS"
+SUDO_CHECK_NET_FUNC([inet_pton], [
+    AC_DEFINE(HAVE_INET_PTON)
+    INET_PTON_LIBS=
+    for lib in $NET_LIBS; do
+	case "$ONET_LIBS" in
+	    *"$lib"*) ;;
+	    *) INET_PTON_LIBS="${INET_PTON_LIBS}${INET_PTON_LIBS+ }$lib";;
+	esac
+    done
+], [
+    AC_LIBOBJ(inet_pton)
+    SUDO_APPEND_COMPAT_EXP(sudo_inet_pton)
+])
+
+dnl
+dnl The check for inet_ntop() must follow inet_pton() for INET_PTON_LIBS.
+dnl
+SUDO_CHECK_NET_FUNC([inet_ntop], [
+    AC_DEFINE(HAVE_INET_NTOP)
+], [
+    AC_LIBOBJ(inet_ntop)
+    SUDO_APPEND_COMPAT_EXP(sudo_inet_ntop)
+])
+
+dnl
+dnl The check for syslog() must be last so we can detect INET_PTON_LIBS.
+dnl
+SUDO_CHECK_NET_FUNC([syslog])
+
+dnl
+dnl Check for getaddrinfo and add any required libs to NET_LIBS.
+dnl If it was added to LIBOBJS we need to export the symbols.
+dnl
+OLIBS="$LIBS"
+GETADDRINFO_LIBS=
+AX_FUNC_GETADDRINFO
+case " $LIBOBJS " in
+    *" getaddrinfo.$ac_objext "* )
+	SUDO_APPEND_COMPAT_EXP(sudo_getaddrinfo sudo_freeaddrinfo sudo_gai_strerror)
+	# We need libsudo_util to pull in dependent libraries for
+	# inet_pton(), gethostbyname(), and getservbyname()
+	AS_IF([test -n "${INET_PTON_LIBS}"], [
+	    LT_DEP_LIBS="${LT_DEP_LIBS}${LT_DEP_LIBS+ }${INET_PTON_LIBS}"
+	    LIBS="${LIBS}${LIBS+ }${INET_PTON_LIBS}"
+	])
+	SUDO_CHECK_NET_FUNC([gethostbyname])
+	;;
+    *)
+	for lib in $LIBS; do
+	    case "$OLIBS" in
+		*"$lib"*) ;;
+		*) GETADDRINFO_LIBS="${GETADDRINFO_LIBS}${GETADDRINFO_LIBS+ }$lib";;
+	    esac
+	done
+	AS_IF([test -n "${GETADDRINFO_LIBS}"], [
+	    # We need libsudo_util to pull in dependent libraries for
+	    # gai_strerror()
+	    LT_DEP_LIBS="${LT_DEP_LIBS}${LT_DEP_LIBS+ }${GETADDRINFO_LIBS}"
+	    LIBS="${LIBS}${LIBS+ }${GETADDRINFO_LIBS}"
+
+	    # Add to NET_LIBS if necessary
+	    for lib in $GETADDRINFO_LIBS; do
+		case "$NET_LIBS" in
+		    *"$lib"*)   ;;
+		    *)		NET_LIBS="${NET_LIBS}${NET_LIBS+ }$lib";;
+		esac
+	    done
+	])
+	;;
+esac
+LIBS="$OLIBS"
+
+dnl
+dnl Check for va_copy or __va_copy in stdarg.h
+dnl
+AC_CACHE_CHECK([for va_copy], sudo_cv_func_va_copy, [
+    AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <stdarg.h>
+	va_list ap1, ap2;]], [[va_copy(ap1, ap2);]])],
+	[sudo_cv_func_va_copy=yes], [sudo_cv_func_va_copy=no])
+])
+AS_IF([test "$sudo_cv_func_va_copy" = "yes"], [
+    AC_DEFINE(HAVE_VA_COPY)
+], [
+    AC_CACHE_CHECK([for __va_copy], sudo_cv_func___va_copy, [
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <stdarg.h>
+	    va_list ap1, ap2;]], [[__va_copy(ap1, ap2);]])],
+	    [sudo_cv_func___va_copy=yes], [sudo_cv_func___va_copy=no])
+    ])
+    AS_IF([test "$sudo_cv_func___va_copy" = "yes"], [
+	AC_DEFINE(HAVE___VA_COPY)
+    ])
+])
+
+dnl
+dnl Check for getprogname()/setprogname() or __progname
+dnl
+AC_CHECK_FUNCS([getprogname], [
+    AC_CHECK_FUNCS([setprogname], [], [SUDO_APPEND_COMPAT_EXP(sudo_setprogname)])
+], [
+    AC_CACHE_CHECK([for __progname], sudo_cv___progname, [
+    AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; if (__progname[0] == '\0') return 1;]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
+    AS_IF([test "$sudo_cv___progname" = "yes"], [
+	AC_DEFINE(HAVE___PROGNAME)
+    ])
+    SUDO_APPEND_COMPAT_EXP(sudo_getprogname)
+    SUDO_APPEND_COMPAT_EXP(sudo_setprogname)
+])
+
+dnl
+dnl Check for __func__ or __FUNCTION__
+dnl
+AC_CACHE_CHECK([for __func__], sudo_cv___func__, [
+    AS_IF([test X"$ac_cv_prog_cc_c99" = X"no"], [
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[if (__func__[0] == '\0') return 1;]])], [sudo_cv___func__=yes], [sudo_cv___func__=no])
+    ], [
+	# C99 and higher support __func__
+	sudo_cv___func__=yes
+    ])
+])
+AS_IF([test "$sudo_cv___func__" = "yes"], [
+    AC_DEFINE(HAVE___FUNC__)
+], [test -n "$GCC"], [
+    AC_CACHE_CHECK([for __FUNCTION__], sudo_cv___FUNCTION__, [
+    AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[if(__FUNCTION__[0] == '\0') return 1;]])], [sudo_cv___FUNCTION__=yes], [sudo_cv___FUNCTION__=no])])
+    AS_IF([test "$sudo_cv___FUNCTION__" = "yes"], [
+	AC_DEFINE(HAVE___FUNC__)
+	AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__])
+    ])
+])
+
+SUDO_CHECK_GETTEXT
+
+dnl
+dnl Deferred zlib option processing.
+dnl By default we use the system zlib if it is present.
+dnl If a directory was specified for zlib (or we are use sudo's version),
+dnl prepend the include dir to make sure we get the right zlib header.
+dnl
+case "$enable_zlib" in
+    yes)
+	AC_CHECK_LIB([z], [gzclearerr], [
+	    AC_CHECK_HEADERS([zlib.h], [ZLIB="-lz"], [enable_zlib=builtin])
+	])
+	;;
+    no)
+	;;
+    system)
+	AC_DEFINE(HAVE_ZLIB_H)
+	ZLIB="-lz"
+	;;
+    static|shared|builtin)
+	# handled below
+	;;
+    *)
+	AC_DEFINE(HAVE_ZLIB_H)
+	AX_APPEND_FLAG([-I${enable_zlib}/include], [CPPFLAGS])
+	SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib])
+	ZLIB="${ZLIB} -lz"
+	;;
+esac
+case "$enable_zlib" in
+    builtin|static|dynamic)
+	AC_DEFINE(HAVE_ZLIB_H)
+	# XXX - can't use AX_APPEND_FLAG due to use of $(top_foo) and quoting
+	CPPFLAGS='-I$(top_builddir)/lib/zlib -I$(top_srcdir)/lib/zlib '"${CPPFLAGS}"
+	ZLIB="${ZLIB}"' $(top_builddir)/lib/zlib/libsudo_z.la'
+	ZLIB_SRC=lib/zlib
+	AC_CONFIG_HEADERS([lib/zlib/zconf.h])
+	AC_CONFIG_FILES([lib/zlib/Makefile])
+	AS_IF([test X"$enable_shared" = X"no" -o "$enable_zlib" = "static"], [
+	    AS_IF([test "$enable_zlib" = "shared"], [
+		AC_MSG_ERROR([unable to build shared libraries on this system])
+	    ])
+	    # Build as convenience library
+	    ZLIB_LDFLAGS=-no-install
+	])
+	;;
+esac
+
+dnl
+dnl Check for NSIG, _NSIG or __NSIG declarations in signal.h
+dnl
+AC_CHECK_DECLS([NSIG], [], [
+    AC_CHECK_DECLS([_NSIG], [], [
+	AC_CHECK_DECLS([__NSIG], [], [], [
+AC_INCLUDES_DEFAULT
+#include <signal.h>
+	])
+    ], [
+AC_INCLUDES_DEFAULT
+#include <signal.h>
+    ])
+], [
+AC_INCLUDES_DEFAULT
+#include <signal.h>
+])
+
+dnl
+dnl Check for errno declaration in errno.h
+dnl
+AC_CHECK_DECLS([errno], [], [], [
+AC_INCLUDES_DEFAULT
+#include <errno.h>
+])
+
+dnl
+dnl Check for h_errno declaration in netdb.h
+dnl
+AC_CHECK_DECLS([h_errno], [], [], [
+AC_INCLUDES_DEFAULT
+#include <netdb.h>
+])
+
+dnl
+dnl Check for incomplete limits.h and missing SIZE_MAX.
+dnl
+AC_CHECK_DECLS([LLONG_MAX, LLONG_MIN, ULLONG_MAX, PATH_MAX, SSIZE_MAX], [], [], [
+#include <sys/types.h>
+#include <limits.h>
+])
+AC_CHECK_DECLS([SIZE_MAX], [], [], [
+#include <sys/types.h>
+#include <limits.h>
+#if defined(HAVE_STDINT_H)
+# include <stdint.h>
+#elif defined(HAVE_INTTYPES_H)
+# include <inttypes.h>
+#endif
+])
+dnl
+dnl Try to find equivalents for missing types
+dnl
+AS_IF([test "$ac_cv_have_decl_LLONG_MAX" != "yes"], [
+    AC_CHECK_DECLS([QUAD_MAX], [], [], [[
+#include <sys/types.h>
+#include <limits.h>
+    ]])
+])
+AS_IF([test "$ac_cv_have_decl_LLONG_MIN" != "yes"], [
+    AC_CHECK_DECLS([QUAD_MIN], [], [], [[
+#include <sys/types.h>
+#include <limits.h>
+    ]])
+])
+AS_IF([test "$ac_cv_have_decl_ULLONG_MAX" != "yes"], [
+    AC_CHECK_DECLS([UQUAD_MAX], [], [], [[
+#include <sys/types.h>
+#include <limits.h>
+    ]])
+])
+AS_IF([test "$ac_cv_have_decl_SIZE_MAX" != "yes"], [
+    AC_CHECK_DECLS([SIZE_T_MAX], [], [], [[
+#include <sys/types.h>
+#include <limits.h>
+    ]])
+])
+AS_IF([test "$ac_cv_have_decl_PATH_MAX" != "yes"], [
+    AC_CHECK_DECLS([_POSIX_PATH_MAX], [], [], [[
+#include <sys/types.h>
+#include <limits.h>
+    ]])
+])
+
+dnl
+dnl Check for strsignal() or sys_siglist
+dnl
+AC_CHECK_FUNCS([strsignal], [], [
+    AC_LIBOBJ(strsignal)
+    SUDO_APPEND_COMPAT_EXP(sudo_strsignal)
+    HAVE_SIGLIST="false"
+    AC_CHECK_DECLS([sys_siglist], [HAVE_SIGLIST="true"], [
+	AC_CHECK_DECLS([_sys_siglist], [HAVE_SIGLIST="true"], [], [
+AC_INCLUDES_DEFAULT
+#include <signal.h>
+	])
+    ], [
+AC_INCLUDES_DEFAULT
+#include <signal.h>
+    ])
+    AS_IF([test "$HAVE_SIGLIST" != "true"], [
+	AC_LIBOBJ(siglist)
+    ])
+])
+
+dnl
+dnl Check for sig2str() and str2sig(), sys_signame or sys_sigabbrev
+dnl
+AC_CHECK_FUNCS([sig2str], [
+    AC_CHECK_DECLS(SIG2STR_MAX, [], [], [
+#	include <signal.h>
+])], [
+    AC_LIBOBJ(sig2str)
+    SUDO_APPEND_COMPAT_EXP(sudo_sig2str)
+])
+AC_CHECK_FUNCS([str2sig], [], [
+    AC_LIBOBJ(str2sig)
+    SUDO_APPEND_COMPAT_EXP(sudo_str2sig)
+])
+
+dnl
+dnl Check for sys_signame or sys_sigabbrev if missing sig2str() or str2sig().
+dnl Also enable unit tests for sig2str() and str2sig().
+dnl
+AS_IF([test x"${ac_cv_func_sig2str}${ac_cv_func_str2sig}" != x"yesyes"], [
+    AC_CHECK_FUNCS([sigabbrev_np])
+    AS_IF([test x"${ac_cv_func_sigabbrev_np}" != x"yes"], [
+	COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test"
+	HAVE_SIGNAME="false"
+	AC_CHECK_DECLS([sys_signame], [HAVE_SIGNAME="true"], [
+	    AC_CHECK_DECLS([_sys_signame], [HAVE_SIGNAME="true"], [
+		AC_CHECK_DECLS([sys_sigabbrev], [HAVE_SIGNAME="true"], [], [
+AC_INCLUDES_DEFAULT
+#include <signal.h>
+		])
+	    ], [
+AC_INCLUDES_DEFAULT
+#include <signal.h>
+	    ])
+	], [
+AC_INCLUDES_DEFAULT
+#include <signal.h>
+	])
+	AS_IF([test "$HAVE_SIGNAME" != "true"], [
+	    AC_CACHE_CHECK([for undeclared sys_sigabbrev],
+		[sudo_cv_var_sys_sigabbrev],
+		[AC_LINK_IFELSE(
+		    [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])],
+			[sudo_cv_var_sys_sigabbrev=yes],
+			[sudo_cv_var_sys_sigabbrev=no]
+		    )
+		]
+	    )
+	    AS_IF([test "$sudo_cv_var_sys_sigabbrev" = yes], [
+		AC_DEFINE(HAVE_SYS_SIGABBREV)
+	    ], [
+		AC_LIBOBJ(signame)
+		SIGNAME=signame.lo
+	    ])
+	])
+    ])
+])
+
+dnl
+dnl Check for dl_iterate_phdr, may require -ldl
+dnl
+OLIBS="$LIBS"
+LIBS="$LIBS $lt_cv_dlopen_libs"
+AC_CHECK_FUNCS([dl_iterate_phdr])
+LIBS="$OLIBS"
+
+dnl
+dnl nsswitch.conf and its equivalents
+dnl
+AS_IF([test ${with_netsvc-"no"} != "no"], [
+    SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}")
+    netsvc_conf=${with_netsvc-/etc/netsvc.conf}
+], [test ${with_nsswitch-"yes"} != "no"], [
+    SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
+    nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
+])
+
+dnl
+dnl Mutually exclusive auth checks come first, followed by
+dnl non-exclusive ones.  Note: passwd must be last of all!
+dnl
+
+dnl
+dnl Convert default authentication methods to with_* if
+dnl no explicit authentication scheme was specified.
+dnl
+AS_IF([test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"], [
+    for auth in $AUTH_EXCL_DEF; do
+	case $auth in
+	    AIX_AUTH)	with_aixauth=maybe;;
+	    BSD_AUTH)	with_bsdauth=maybe;;
+	    PAM)	with_pam=maybe;;
+	    SIA)	CHECKSIA=true;;
+	esac
+    done
+])
+
+dnl
+dnl PAM support.  Systems that use PAM by default set with_pam=default
+dnl and we do the actual tests here.
+dnl
+AS_IF([test ${with_pam-"no"} != "no"], [
+    #
+    # Check for pam_start() in libpam first, then for pam_appl.h.
+    #
+    found_pam_lib=no
+    AC_CHECK_LIB([pam], [pam_start], [found_pam_lib=yes], [], [$lt_cv_dlopen_libs])
+    #
+    # Some PAM implementations (macOS for example) put the PAM headers
+    # in /usr/include/pam instead of /usr/include/security...
+    #
+    found_pam_hdrs=no
+    AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [found_pam_hdrs=yes; break])
+    AS_IF([test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"], [
+	# Found both PAM libs and headers
+	with_pam=yes
+    ], [test "$with_pam" = "yes"], [
+	AS_IF([test "$found_pam_lib" = "no"], [
+	    AC_MSG_ERROR([--with-pam specified but unable to locate PAM development library.])
+	])
+	AS_IF([test "$found_pam_hdrs" = "no"], [
+	    AC_MSG_ERROR([--with-pam specified but unable to locate PAM development headers.])
+	])
+    ], [test "$found_pam_lib" != "$found_pam_hdrs"], [
+	AS_IF([test "$found_pam_lib" = "no"], [
+	    AC_MSG_ERROR([found PAM headers but no PAM development library; specify --without-pam to build without PAM])
+	])
+	AS_IF([test "$found_pam_hdrs" = "no"], [
+	    AC_MSG_ERROR([found PAM library but no PAM development headers; specify --without-pam to build without PAM])
+	])
+    ])
+
+    AS_IF([test "$with_pam" = "yes"], [
+	# Older PAM implementations lack pam_getenvlist
+	OLIBS="$LIBS"
+	LIBS="$LIBS -lpam $lt_cv_dlopen_libs"
+	AC_CHECK_FUNCS([pam_getenvlist])
+	LIBS="$OLIBS"
+
+	# We already link with -ldl if needed (see LIBDL below)
+	SUDOERS_LIBS="${SUDOERS_LIBS} -lpam"
+	AC_DEFINE(HAVE_PAM)
+	AUTH_OBJS="$AUTH_OBJS pam.lo";
+	AUTH_EXCL=PAM
+
+	AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])],
+	[case $with_pam_login in
+	    yes)	AC_DEFINE([HAVE_PAM_LOGIN])
+			pam_login_service="sudo-i"
+			;;
+	    no)		;;
+	    *)		AC_MSG_ERROR([--with-pam-login does not take an argument.])
+			;;
+	esac])
+
+	AC_ARG_ENABLE(pam_session,
+	[AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])],
+	    [ case "$enableval" in
+		yes)	;;
+		no)	AC_DEFINE(NO_PAM_SESSION)
+			pam_session=off
+			;;
+		*)	AC_MSG_WARN([ignoring unknown argument to --enable-pam-session: $enableval])
+			;;
+	    esac])
+    ])
+])
+
+dnl
+dnl AIX general authentication
+dnl We may build in support for both AIX LAM and PAM and select
+dnl which one to use at run-time.
+dnl
+AS_IF([test ${with_aixauth-'no'} != "no"], [
+    AC_CHECK_FUNCS([authenticate], [with_aixauth=yes])
+    AS_IF([test "${with_aixauth}" = "yes"], [
+	AC_MSG_NOTICE([using AIX general authentication])
+	AC_DEFINE(HAVE_AIXAUTH)
+	AUTH_OBJS="$AUTH_OBJS aix_auth.lo";
+	SUDOERS_LIBS="${SUDOERS_LIBS} -ls"
+	AUTH_EXCL=AIX_AUTH
+    ])
+])
+
+dnl
+dnl BSD authentication
+dnl If set to "maybe" only enable if no other exclusive method in use.
+dnl
+AS_IF([test ${with_bsdauth-'no'} != "no"], [
+    AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
+	[AUTH_OBJS="$AUTH_OBJS bsdauth.lo"]
+	[BSDAUTH_USAGE='[[-a type]] ']
+	[AUTH_EXCL=BSD_AUTH; BAMAN=1],
+	[AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
+])
+
+dnl
+dnl SIA authentication for Tru64 Unix
+dnl
+AS_IF([test ${CHECKSIA-'false'} = "true"], [
+    AC_CHECK_FUNCS([sia_ses_init], [found=true], [found=false])
+    AS_IF([test "$found" = "true"], [
+	AUTH_EXCL=SIA
+	AUTH_OBJS="$AUTH_OBJS sia.lo"
+    ])
+])
+
+dnl
+dnl extra FWTK libs + includes
+dnl
+AS_IF([test ${with_fwtk-'no'} != "no"], [
+    AS_IF([test "$with_fwtk" != "yes"], [
+	SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}])
+	AX_APPEND_FLAG([-I${with_fwtk}], [CPPFLAGS])
+	with_fwtk=yes
+    ])
+    SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall"
+    AUTH_OBJS="$AUTH_OBJS fwtk.lo"
+])
+
+dnl
+dnl extra SecurID lib + includes
+dnl
+AS_IF([test ${with_SecurID-'no'} != "no"], [
+    AS_IF([test "$with_SecurID" != "yes"], [], [test -d /usr/ace/examples], [
+	with_SecurID=/usr/ace/examples
+    ], [
+	with_SecurID=/usr/ace
+    ])
+    AX_APPEND_FLAG([-I${with_SecurID}], [CPPFLAGS])
+    SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}])
+    SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
+    AUTH_OBJS="$AUTH_OBJS securid5.lo";
+])
+
+dnl
+dnl Non-mutually exclusive auth checks come next.
+dnl Note: passwd must be last of all!
+dnl
+
+dnl
+dnl Convert default authentication methods to with_* if
+dnl no explicit authentication scheme was specified.
+dnl
+AS_IF([test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"], [
+    for auth in $AUTH_DEF; do
+	case $auth in
+	    passwd)	: ${with_passwd='maybe'};;
+	esac
+    done
+])
+
+dnl
+dnl Kerberos V
+dnl There is an easy way and a hard way...
+dnl
+AS_IF([test ${with_kerb5-'no'} != "no"], [
+    AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
+    AS_IF([test -n "$KRB5CONFIG"], [
+	AC_DEFINE(HAVE_KERB5)
+	AUTH_OBJS="$AUTH_OBJS kerb5.lo"
+	for f in `krb5-config --cflags`; do
+	    AX_APPEND_FLAG([$f], [CPPFLAGS])
+	done
+	SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`"
+	dnl
+	dnl Try to determine whether we have Heimdal or MIT Kerberos
+	dnl
+	AC_MSG_CHECKING(whether we are using Heimdal)
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
+		AC_MSG_RESULT(yes)
+		AC_DEFINE(HAVE_HEIMDAL)
+	    ], [
+		AC_MSG_RESULT(no)
+	    ]
+	)
+    ], [
+	AC_DEFINE(HAVE_KERB5)
+	dnl
+	dnl Use the specified directory, if any, else search for correct inc dir
+	dnl
+	AS_IF([test "$with_kerb5" = "yes"], [
+	    found=no
+	    O_CPPFLAGS="$CPPFLAGS"
+	    for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
+		CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+		AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]])], [found=yes; break])
+	    done
+	    AS_IF([test X"$found" = X"no"], [
+		CPPFLAGS="$O_CPPFLAGS"
+		AC_MSG_WARN([unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
+	    ])
+	], [
+	    dnl XXX - try to include krb5.h here too
+	    SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib])
+	    AX_APPEND_FLAG([-I${with_kerb5}/include], [CPPFLAGS])
+	])
+
+	dnl
+	dnl Try to determine whether we have Heimdal or MIT Kerberos
+	dnl
+	AC_MSG_CHECKING(whether we are using Heimdal)
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
+		AC_MSG_RESULT(yes)
+		AC_DEFINE(HAVE_HEIMDAL)
+		# XXX - need to check whether -lcrypo is needed!
+		SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
+		AC_CHECK_LIB([roken], [main], [SUDOERS_LIBS="${SUDOERS_LIBS} -lroken"])
+	    ], [
+		AC_MSG_RESULT(no)
+		SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err"
+		AC_CHECK_LIB([krb5support], [main], [SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support"])
+	])
+	AUTH_OBJS="$AUTH_OBJS kerb5.lo"
+    ])
+    _LIBS="$LIBS"
+    LIBS="${LIBS} ${SUDOERS_LIBS}"
+    AC_CHECK_FUNCS([krb5_verify_user krb5_init_secure_context])
+    AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc], [
+	AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context],
+	    sudo_cv_krb5_get_init_creds_opt_free_two_args, [
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]],
+			[[krb5_get_init_creds_opt_free(NULL, NULL);]]
+		    )],
+		    [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes],
+		    [sudo_cv_krb5_get_init_creds_opt_free_two_args=no]
+		)
+	    ]
+	)
+    ])
+    AS_IF([test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"], [
+  	AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
+    ])
+    LIBS="$_LIBS"
+    AC_ARG_ENABLE(kerb5-instance,
+    [AS_HELP_STRING([--enable-kerb5-instance], [instance string to append to the username (separated by a slash)])],
+	[ case "$enableval" in
+	    yes)	AC_MSG_ERROR([must give --enable-kerb5-instance an argument.])
+			;;
+	    no)		;;
+	    *)		SUDO_DEFINE_UNQUOTED(SUDO_KRB5_INSTANCE, "$enableval")
+			;;
+	esac])
+])
+
+dnl
+dnl extra AFS libs and includes
+dnl
+AS_IF([test ${with_AFS-'no'} = "yes"], [
+    # looks like the "standard" place for AFS libs is /usr/afsws/lib
+    AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
+    for i in $AFSLIBDIRS; do
+	AS_IF([test -d ${i}], [
+	    SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [$i])
+	    FOUND_AFSLIBDIR=true
+	])
+    done
+    AS_IF([test -z "$FOUND_AFSLIBDIR"], [
+	AC_MSG_WARN([unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.])
+    ])
+
+    # Order is important here.  Note that we build AFS_LIBS from right to left
+    # since AFS_LIBS may be initialized with BSD compat libs that must go last
+    AFS_LIBS="-laudit ${AFS_LIBS}"
+    for i in $AFSLIBDIRS; do
+	AS_IF([test -f ${i}/util.a], [
+	    AFS_LIBS="${i}/util.a ${AFS_LIBS}"
+	    FOUND_UTIL_A=true
+	    break;
+	])
+    done
+    AS_IF([test -z "$FOUND_UTIL_A"], [
+	AFS_LIBS="-lutil ${AFS_LIBS}"
+    ])
+    AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
+
+    # AFS includes may live in /usr/include on some machines...
+    for i in /usr/afsws/include; do
+	AS_IF([test -d ${i}], [
+	    AX_APPEND_FLAG([-I${i}], [CPPFLAGS])
+	    FOUND_AFSINCDIR=true
+	])
+    done
+
+    AS_IF([test -z "$FOUND_AFSLIBDIR"], [
+	AC_MSG_WARN([unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
+    ])
+
+    AUTH_OBJS="$AUTH_OBJS afs.lo"
+])
+
+dnl
+dnl extra DCE obj + lib
+dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
+dnl
+AS_IF([test ${with_DCE-'no'} = "yes"], [
+    DCE_OBJS="${DCE_OBJS} dce_pwent.o"
+    SUDOERS_LIBS="${SUDOERS_LIBS} -ldce"
+    AUTH_OBJS="$AUTH_OBJS dce.lo"
+])
+
+dnl
+dnl extra S/Key lib and includes
+dnl
+AS_IF([test "${with_skey-'no'}" = "yes"], [
+    O_LDFLAGS="$LDFLAGS"
+    AS_IF([test "$with_skey" != "yes"], [
+	AX_APPEND_FLAG([-I${with_skey}/include], [CPPFLAGS])
+	LDFLAGS="$LDFLAGS -L${with_skey}/lib"
+	SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib])
+	AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include <stdio.h>])
+    ], [
+	found=no
+	O_CPPFLAGS="$CPPFLAGS"
+	for dir in "" "/usr/local" "/usr/contrib"; do
+	    test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
+	    AC_CHECK_HEADER([skey.h], [found=yes; break], [], [#include <stdio.h>])
+	done
+	AS_IF([test "$found" = "no" -o -z "$dir"], [
+	    CPPFLAGS="$O_CPPFLAGS"
+	], [
+	    LDFLAGS="$LDFLAGS -L${dir}/lib"
+	    SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
+	])
+	AS_IF([test "$found" = "no"], [
+	    AC_MSG_WARN([unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
+	])
+    ])
+    AC_CHECK_LIB([skey], [main], [found=yes], [AC_MSG_WARN([unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])])
+    AC_CHECK_LIB([skey], [skeyaccess], [AC_DEFINE(HAVE_SKEYACCESS)])
+
+    AC_MSG_CHECKING([for RFC1938-compliant skeychallenge])
+    AC_COMPILE_IFELSE(
+	[AC_LANG_PROGRAM([[
+#	    include <stdio.h>
+#	    include <skey.h>]],
+	    [[skeychallenge(NULL, NULL, NULL, 0);]]
+	)], [
+	    AC_DEFINE(HAVE_RFC1938_SKEYCHALLENGE)
+	    AC_MSG_RESULT([yes])
+	], [
+	    AC_MSG_RESULT([no])
+	]
+    )
+
+    LDFLAGS="$O_LDFLAGS"
+    SUDOERS_LIBS="${SUDOERS_LIBS} -lskey"
+    AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
+])
+
+dnl
+dnl extra OPIE lib and includes
+dnl
+AS_IF([test "${with_opie-'no'}" = "yes"], [
+    O_LDFLAGS="$LDFLAGS"
+    AS_IF([test "$with_opie" != "yes"], [
+	AX_APPEND_FLAG([-I${with_opie}/include], [CPPFLAGS])
+	LDFLAGS="$LDFLAGS -L${with_opie}/lib"
+	SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib])
+	AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes], [found=no])
+    ], [
+	found=no
+	O_CPPFLAGS="$CPPFLAGS"
+	for dir in "" "/usr/local" "/usr/contrib"; do
+	    test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
+	    AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes; break])
+	done
+	AS_IF([test "$found" = "no" -o -z "$dir"], [
+	    CPPFLAGS="$O_CPPFLAGS"
+	], [
+	    LDFLAGS="$LDFLAGS -L${dir}/lib"
+	    SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
+	])
+	AS_IF([test "$found" = "no"], [
+	    AC_MSG_WARN([unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
+	])
+    ])
+    AC_CHECK_LIB([opie], [main], [found=yes], [AC_MSG_WARN([unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])])
+    LDFLAGS="$O_LDFLAGS"
+    SUDOERS_LIBS="${SUDOERS_LIBS} -lopie"
+    AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
+])
+
+dnl
+dnl Check for shadow password routines if we have not already done so.
+dnl If there is a specific list of functions to check we do that first.
+dnl Otherwise, we check for SVR4-style and then SecureWare-style.
+dnl
+AS_IF([test ${with_passwd-'no'} != "no"], [
+    dnl
+    dnl if crypt(3) not in libc, look elsewhere
+    dnl
+    _LIBS="$LIBS"
+    AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [
+	test "${ac_cv_search_crypt}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_crypt}"
+    ])
+    AS_IF([test "${ac_cv_search_crypt}" != "no"], [
+	AC_DEFINE(HAVE_CRYPT)
+    ])
+    LIBS="$_LIBS"
+
+    AS_IF([test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"], [
+	_LIBS="$LIBS"
+	LIBS="$LIBS $shadow_libs"
+	found=no
+	for func in $shadow_funcs; do
+	    AC_CHECK_FUNC([$func], [
+		dnl Enumerate shadow functions instead of using:
+		dnl     AC_DEFINE_UNQUOTED(AS_TR_CPP([HAVE_$func]))
+		dnl for autoheader's sake and to catch template omissions.
+		case "$func" in
+		    dispcrypt)
+			AC_DEFINE(HAVE_DISPCRYPT)
+			;;
+		    getprpwnam)
+			AC_DEFINE(HAVE_GETPRPWNAM)
+			SECUREWARE=1
+			;;
+		    getpwnam_shadow)
+			AC_DEFINE(HAVE_GETPWNAM_SHADOW)
+			;;
+		    getspnam)
+			AC_DEFINE(HAVE_GETSPNAM)
+			;;
+		    iscomsec)
+			AC_DEFINE(HAVE_ISCOMSEC)
+			;;
+		    *)
+			AC_MSG_ERROR([unhandled shadow password function $func])
+			;;
+		esac
+		found=yes
+	    ])
+	done
+	AS_IF([test "$found" = "no"], [
+	    shadow_libs=
+	])
+	CHECKSHADOW=false
+	LIBS="$_LIBS"
+    ])
+    AS_IF([test "$CHECKSHADOW" = "true"], [
+	AC_SEARCH_LIBS([getspnam], [gen shadow], [
+	    AC_DEFINE(HAVE_GETSPNAM)
+	    test "${ac_cv_search_getspnam}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_getspnam}"
+	    CHECKSHADOW=false
+	])
+    ])
+    AS_IF([test "$CHECKSHADOW" = "true"], [
+	AC_SEARCH_LIBS([getprpwnam], [sec security prot], [
+	    AC_DEFINE(HAVE_GETPRPWNAM)
+	    test "${ac_cv_search_getprpwnam}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_getprpwnam}"
+	    SECUREWARE=1
+	    CHECKSHADOW=false
+	])
+    ])
+    AS_IF([test -n "$shadow_libs"], [
+	# sudoers needs to link with shadow libs for password auth
+	SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs"
+    ])
+    AS_IF([test -n "$SECUREWARE"], [
+	_LIBS="$LIBS"
+	LIBS="$LIBS $shadow_libs"
+	AC_CHECK_FUNCS([bigcrypt])
+	AUTH_OBJS="$AUTH_OBJS secureware.lo"
+	# set_auth_parameters() and initprivs() are called from sudo.c
+	AC_CHECK_FUNCS([set_auth_parameters initprivs], [test -n "$shadow_libs" && SUDO_LIBS="$SUDO_LIBS $shadow_libs"])
+	LIBS="$_LIBS"
+    ])
+])
+
+dnl
+dnl Solaris 11 added a 4th argument to the au_close() function
+dnl
+AS_IF([test X"$with_bsm_audit" = X"yes"], [
+    SUDO_FUNC_AU_CLOSE_SOLARIS11
+])
+
+dnl
+dnl Choose event subsystem backend: poll or select
+dnl
+AS_IF([test X"$enable_poll" = X""], [
+    AC_CHECK_FUNCS([ppoll poll], [enable_poll=yes; break], [enable_poll=no])
+], [test X"$enable_poll" = X"yes"], [
+    AC_CHECK_FUNCS([ppoll], [], AC_DEFINE(HAVE_POLL))
+])
+AS_IF([test "$enable_poll" = "yes"], [
+    COMMON_OBJS="${COMMON_OBJS} event_poll.lo"
+], [
+    AC_CHECK_FUNCS([pselect])
+    COMMON_OBJS="${COMMON_OBJS} event_select.lo"
+])
+
+dnl
+dnl If LDAP support is enabled, add sudo ldap objects to SUDOERS_OBJS
+dnl and add LDAP libraries to SUDOERS_LDFLAGS SUDOERS_LIBS.
+dnl
+SUDO_CHECK_LDAP
+
+#
+# How to do dynamic object loading.
+# We support dlopen() and sh_load(), else fall back to static loading.
+#
+case "$lt_cv_dlopen" in
+    dlopen)
+	AC_DEFINE(HAVE_DLOPEN)
+	AS_IF([test "$enable_static_sudoers" = "yes"], [
+	    AC_DEFINE(STATIC_SUDOERS_PLUGIN)
+	    SUDO_OBJS="${SUDO_OBJS} preload.o"
+	    STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la"
+	    AX_APPEND_FLAG([-no-install], [SUDOERS_LDFLAGS])
+	    SUDOERS_LT_STATIC="--tag=disable-shared"
+	    LT_STATIC=""
+	], [
+	    SUDOERS_LT_STATIC="--tag=disable-static"
+	    LT_STATIC="--tag=disable-static"
+	])
+	;;
+    shl_load)
+	AC_DEFINE(HAVE_SHL_LOAD)
+	AS_IF([test "$enable_static_sudoers" = "yes"], [
+	    AC_DEFINE(STATIC_SUDOERS_PLUGIN)
+	    SUDO_OBJS="${SUDO_OBJS} preload.o"
+	    STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la"
+	    AX_APPEND_FLAG([-no-install], [SUDOERS_LDFLAGS])
+	    SUDOERS_LT_STATIC="--tag=disable-shared"
+	    LT_STATIC=""
+	], [
+	    SUDOERS_LT_STATIC="--tag=disable-static"
+	    LT_STATIC="--tag=disable-static"
+	])
+	;;
+    *)
+	AS_IF([test X"${ac_cv_func_dlopen}" = X"yes"], [
+	    AC_MSG_ERROR([dlopen present but libtool doesn't appear to support your platform.])
+	])
+	# Preload sudoers module symbols
+	AC_DEFINE(STATIC_SUDOERS_PLUGIN)
+	SUDO_OBJS="${SUDO_OBJS} preload.o"
+	STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la"
+	LT_STATIC=""
+	;;
+esac
+
+#
+# The check_symbols test can only succeed with a dynamic sudoers plugin.
+#
+if test X"$STATIC_SUDOERS" = X""; then
+    SUDOERS_TEST_PROGS="${SUDOERS_TEST_PROGS}${SUDOERS_TEST_PROGS+ }check_symbols"
+fi
+
+#
+# We can only disable linking with the shared libsudo_util if
+# sudoers is linked statically too.
+#
+AS_IF([test "$enable_shared_libutil" = "no"], [
+    AS_IF([test X"$STATIC_SUDOERS" = X""], [
+	AC_MSG_ERROR([--disable-shared-libutil may only be specified with --enable-static-sudoers or when dynamic linking is disabled.])
+    ], [
+	# Do not install libsudo_util.
+	AX_APPEND_FLAG([-no-install], [LIBUTIL_LDFLAGS])
+    ])
+])
+
+# On HP-UX, you cannot dlopen() a shared object that uses pthreads unless
+# the main program is linked against -lpthread.  We have no knowledge of
+# what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads)
+# so always link against -lpthread on HP-UX if it is available.
+# This check should go after all other libraries tests.
+case "$host_os" in
+    hpux*)
+	AC_CHECK_LIB([pthread], [main], [SUDO_LIBS="${SUDO_LIBS} -lpthread"])
+	AC_DEFINE(_REENTRANT)
+	;;
+esac
+
+dnl
+dnl Check for log file, timestamp and iolog locations
+dnl
+AS_IF([test "$utmp_style" = "LEGACY"], [SUDO_PATH_UTMP])
+SUDO_LOGDIR
+SUDO_LOGFILE
+SUDO_RELAY_DIR
+SUDO_RUNDIR
+SUDO_VARDIR
+SUDO_IO_LOGDIR
+SUDO_TZDIR
+
+dnl
+dnl Turn warnings into errors.
+dnl All compiler/loader tests after this point will fail if
+dnl a warning is displayed (normally, warnings are not fatal).
+dnl
+AC_LANG_WERROR
+
+dnl
+dnl Don't use sys/sysctl.h if it is marked deprecated (Linux).
+dnl This test relies on AC_LANG_WERROR
+dnl
+AC_CHECK_HEADERS([sys/sysctl.h])
+
+dnl
+dnl If compiler supports the -static-libgcc flag use it unless we have
+dnl GNU ld (which can avoid linking in libgcc when it is not needed).
+dnl This test relies on AC_LANG_WERROR
+dnl
+AS_IF([test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes"], [
+    AX_CHECK_COMPILE_FLAG([-static-libgcc], [AX_APPEND_FLAG([-Wc,-static-libgcc], [LT_LDFLAGS])])
+])
+
+dnl
+dnl We want to use DT_RUNPATH in preference to DT_RPATH in ELF binaries.
+dnl Otherwise, LD_LIBRARY_PATH does not work when running the tests.
+dnl We don't do this on NetBSD where RPATH already supports LD_LIBRARY_PATH.
+dnl
+case "$host_os" in
+    netbsd*)
+	;;
+    *)
+	AX_CHECK_LINK_FLAG([-Wl,--enable-new-dtags], [AX_APPEND_FLAG([-Wl,--enable-new-dtags], [LDFLAGS])])
+	;;
+esac
+
+SUDO_CHECK_PIE_SUPPORT
+SUDO_SYMBOL_VISIBILITY
+SUDO_CHECK_SANITIZER
+SUDO_CHECK_HARDENING
+
+dnl
+dnl Use passwd auth module?
+dnl
+case "$with_passwd" in
+yes|maybe)
+    AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo"
+    AS_IF([test "${ac_cv_search_crypt}" = "no"], [
+	AC_MSG_WARN([no crypt function found, assuming plaintext passwords])
+    ])
+    ;;
+*)
+    AC_DEFINE(WITHOUT_PASSWD)
+    AS_IF([test -z "$AUTH_OBJS"], [
+	AC_MSG_ERROR([no authentication methods defined.])
+    ])
+    ;;
+esac
+AUTH_OBJS=${AUTH_OBJS# }
+
+dnl
+dnl LIBS may contain duplicates from SUDO_LIBS, SUDOERS_LIBS, or NET_LIBS
+dnl
+AS_IF([test -n "$LIBS"], [
+    L="$LIBS"
+    LIBS=
+    for l in ${L}; do
+	dupe=0
+	for sl in ${SUDO_LIBS} ${SUDOERS_LIBS} ${NET_LIBS}; do
+	    test $l = $sl && dupe=1
+	done
+	test $dupe = 0 && LIBS="${LIBS} $l"
+    done
+])
+
+dnl
+dnl OS-specific initialization
+dnl
+AC_DEFINE_UNQUOTED(os_init, $OS_INIT, [Define to an OS-specific initialization function or 'os_init_common'.])
+
+dnl
+dnl We add -Wall and -Werror after all tests so they don't cause failures
+dnl
+AS_IF([test -n "$GCC"], [
+    #
+    # The fallthrough attribute is supported by gcc 7.0 and clang 10.
+    # This test relies on AC_LANG_WERROR.
+    #
+    AC_CACHE_CHECK([whether $CC supports the fallthrough attribute],
+	[sudo_cv_var_fallthrough_attribute],
+	[AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+	    int main(int argc, char *argv[])
+	    {
+		int num = argc + 1;
+		switch (num) {
+		    case 1:
+			num = 0;
+			__attribute__((__fallthrough__));
+		    case 0:
+			num++;
+		}
+		return num;
+	    }
+	]])],
+	[
+	    sudo_cv_var_fallthrough_attribute=yes
+	],
+	[
+	    sudo_cv_var_fallthrough_attribute=no]
+	)]
+    )
+    AS_IF([test X"$sudo_cv_var_fallthrough_attribute" = X"yes"], [
+	AC_DEFINE(HAVE_FALLTHROUGH_ATTRIBUTE)
+    ])
+    AS_IF([test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"], [
+	dnl
+	dnl Default warnings for development use.
+	dnl
+	AX_APPEND_FLAG([-Wall], [CFLAGS])
+	AX_APPEND_FLAG([-Wmissing-prototypes], [CFLAGS])
+	AX_APPEND_FLAG([-Wno-unknown-pragmas], [CFLAGS])
+	AX_APPEND_FLAG([-Wpointer-arith], [CFLAGS])
+	AX_APPEND_FLAG([-Wshadow], [CFLAGS])
+	AX_APPEND_FLAG([-Wsign-compare], [CFLAGS])
+	AX_APPEND_FLAG([-Wwrite-strings], [CFLAGS])
+	AX_CHECK_COMPILE_FLAG([-Wvla], [AX_APPEND_FLAG([-Wvla], [CFLAGS])])
+	AX_CHECK_COMPILE_FLAG([-Walloca], [AX_APPEND_FLAG([-Walloca], [CFLAGS])])
+	AX_CHECK_COMPILE_FLAG([-Wtrampolines], [AX_APPEND_FLAG([-Wtrampolines], [CFLAGS])])
+	AS_IF([test X"$sudo_cv_var_fallthrough_attribute" = X"yes"], [
+	    AX_APPEND_FLAG([-Wimplicit-fallthrough], [CFLAGS])
+	])
+    ])
+    AS_IF([test X"$enable_werror" = X"yes"], [
+	AX_APPEND_FLAG([-Werror], [CFLAGS])
+    ])
+    case "$host_os" in
+	# Avoid unwanted warnings on macOS
+	darwin*) AX_APPEND_FLAG([-Wno-deprecated-declarations], [CFLAGS]);;
+    esac
+])
+
+dnl
+dnl Skip regress tests and sudoers validation checks if cross compiling.
+dnl
+CROSS_COMPILING="$cross_compiling"
+
+dnl
+dnl Set exec_prefix
+dnl
+test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
+
+dnl
+dnl Expand exec_prefix in variables used by the manual pages
+dnl
+oexec_prefix="$exec_prefix"
+if test "$exec_prefix" = '$(prefix)'; then
+    if test "$prefix" = "NONE"; then
+	exec_prefix="$ac_default_prefix"
+    else
+	exec_prefix="$prefix"
+    fi
+fi
+
+# Update exec_prefix in intercept_file
+_intercept_file=
+while test X"$intercept_file" != X"$_intercept_file"; do
+    _intercept_file="$intercept_file"
+    eval "intercept_file=\"$_intercept_file\""
+done
+
+# Update exec_prefix in noexec_file
+_noexec_file=
+while test X"$noexec_file" != X"$_noexec_file"; do
+    _noexec_file="$noexec_file"
+    eval "noexec_file=\"$_noexec_file\""
+done
+
+# Update exec_prefix in sesh_file
+_sesh_file=
+while test X"$sesh_file" != X"$_sesh_file"; do
+    _sesh_file="$sesh_file"
+    eval "sesh_file=\"$_sesh_file\""
+done
+
+# Update exec_prefix in plugindir
+_plugindir=
+while test X"$plugindir" != X"$_plugindir"; do
+    _plugindir="$plugindir"
+    eval "plugindir=\"$_plugindir\""
+done
+exec_prefix="$oexec_prefix"
+
+# Convert exampledir to something that can be used in the man pages
+# I wish there was a better way to expand this.
+EXAMPLES="$exampledir"
+while :; do
+    EXAMPLES="`echo \"$EXAMPLES\" | sed -e 's/(/{/g' -e 's/)/}/g'`"
+    case "$EXAMPLES" in
+    *\${[[A-Za-z]]*}*)
+	eval EXAMPLES="$EXAMPLES"
+	;;
+    *)
+	break
+	;;
+    esac
+done
+case "$EXAMPLES" in
+    NONE/*)
+	EXAMPLES="${ac_default_prefix}${EXAMPLES#NONE}"
+	;;
+esac
+
+dnl
+dnl Defer setting _PATH_SUDO_NOEXEC, etc until after exec_prefix is set
+dnl
+AS_IF([test X"$enable_intercept" != X"no"], [
+    SUDO_OBJS="${SUDO_OBJS} intercept.pb-c.o"
+    PROGS="${PROGS} sudo_intercept.la"
+    INSTALL_INTERCEPT="install-intercept"
+
+    SUDO_DEFINE_UNQUOTED(_PATH_SUDO_INTERCEPT, "$intercept_file", [The fully qualified pathname of sudo_intercept.so])
+])
+AS_IF([test X"$with_noexec" != X"no"], [
+    PROGS="${PROGS} sudo_noexec.la"
+    INSTALL_NOEXEC="install-noexec"
+
+    SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
+])
+AS_IF([test X"$with_selinux" != X"no"], [
+    SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file")
+], [
+    SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, NULL)
+])
+AS_IF([test X"$enable_shared" != X"no"], [
+    SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$plugindir/")
+    AC_DEFINE(ENABLE_SUDO_PLUGIN_API, 1, [Define to 1 to enable sudo's plugin interface.])
+], [
+    SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, NULL)
+])
+
+dnl
+dnl Add -R options to LDFLAGS, etc.
+dnl
+if test X"$LDFLAGS_R" != X""; then
+    LDFLAGS="$LDFLAGS $LDFLAGS_R"
+fi
+if test X"$SUDOERS_LDFLAGS_R" != X""; then
+    SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS $SUDOERS_LDFLAGS_R"
+fi
+if test X"$ZLIB_R" != X""; then
+    ZLIB="$ZLIB_R $ZLIB"
+fi
+if test X"$LIBCRYPTO_R" != X""; then
+    LIBCRYPTO="$LIBCRYPTO_R $LIBCRYPTO"
+fi
+if test X"$LIBTLS_R" != X""; then
+    LIBTLS="$LIBTLS_R $LIBTLS"
+fi
+
+dnl
+dnl Trim leading spaces
+dnl
+CFLAGS=${CFLAGS# }
+CPPFLAGS=${CPPFLAGS# }
+LDFLAGS=${LDFLAGS# }
+SUDO_LDFLAGS=${SUDO_LDFLAGS# }
+SUDOERS_LDFLAGS=${SUDOERS_LDFLAGS# }
+LIBS=${LIBS# }
+SUDO_LIBS=${SUDO_LIBS# }
+SUDOERS_LIBS=${SUDOERS_LIBS# }
+
+dnl
+dnl Override default configure dirs for the Makefile
+dnl
+if test X"$prefix" = X"NONE"; then
+    test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
+else
+    test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
+fi
+test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
+test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
+test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec'
+test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
+test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
+test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
+test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
+test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
+test "$runstatedir" = '${localstatedir}/run' && runstatedir='$(localstatedir)/run'
+test "$sysconfdir" = '${prefix}/etc' && sysconfdir='/etc'
+
+dnl
+dnl Substitute into the Makefile and man pages
+dnl
+AS_IF([test X"$INIT_SCRIPT" != X""], [
+    AC_CONFIG_FILES([etc/init.d/$INIT_SCRIPT])
+], [test X"$TMPFILES_D" != X""], [
+    AC_CONFIG_FILES([etc/init.d/sudo.conf])
+])
+
+AC_CONFIG_FILES([Makefile docs/Makefile examples/Makefile examples/sudoers examples/sudo.conf examples/sudo_logsrvd.conf examples/syslog.conf include/Makefile lib/eventlog/Makefile lib/fuzzstub/Makefile lib/iolog/Makefile lib/logsrv/Makefile lib/protobuf-c/Makefile lib/util/Makefile lib/util/regress/harness lib/util/util.exp logsrvd/Makefile src/intercept.exp src/sudo_usage.h src/Makefile plugins/audit_json/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/sample_approval/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/regress/harness plugins/sudoers/sudoers])
+AC_CONFIG_COMMANDS([harness], [chmod +x lib/util/regress/harness plugins/sudoers/regress/harness])
+
+AC_OUTPUT
+
+dnl
+dnl Summarize configuration
+dnl
+if test ${LIBTLS+y}; then
+    have_tls=yes
+fi
+echo "" >&AS_MESSAGE_FD
+echo "Configured Sudo version $PACKAGE_VERSION" >&AS_MESSAGE_FD
+echo " Compiler settings:" >&AS_MESSAGE_FD
+echo "  prefix			: $prefix" >&AS_MESSAGE_FD
+echo "  compiler			: $CC" >&AS_MESSAGE_FD
+echo "  compiler options		: $CFLAGS" >&AS_MESSAGE_FD
+echo "  preprocessor options		: $CPPFLAGS" >&AS_MESSAGE_FD
+echo "  front-end libraries		: $SUDO_LIBS" >&AS_MESSAGE_FD
+echo "  front-end linker options	: $SUDO_LDFLAGS" >&AS_MESSAGE_FD
+echo "  network libraries		: $NET_LIBS" >&AS_MESSAGE_FD
+echo "  extra libraries		: $LIBS" >&AS_MESSAGE_FD
+echo "  extra linker options		: $LDFLAGS" >&AS_MESSAGE_FD
+echo "  sudoers libraries		: $SUDOERS_LIBS" >&AS_MESSAGE_FD
+echo "  sudoers linker options	: $SUDOERS_LDFLAGS" >&AS_MESSAGE_FD
+if test "${enable_sanitizer-no}" != "no"; then
+    echo "  sanitizer options		: ${enable_sanitizer}" >&AS_MESSAGE_FD
+fi
+if test X"$FUZZ_LD" != X"\$(CC)"; then
+    echo "  fuzzing linker		: ${FUZZ_LD}" >&AS_MESSAGE_FD
+fi
+if test X"$FUZZ_ENGINE" != X"\$(top_builddir)/lib/fuzzstub/libsudo_fuzzstub.la"; then
+    echo "  fuzzing engine		: ${FUZZ_ENGINE}" >&AS_MESSAGE_FD
+fi
+echo " Plugin options:" >&AS_MESSAGE_FD
+echo "  plugin support		: ${SHLIB_ENABLE}" >&AS_MESSAGE_FD
+echo "  Sudoers plugin static		: ${enable_static_sudoers-no}" >&AS_MESSAGE_FD
+echo "  Python plugin			: ${enable_python-no}" >&AS_MESSAGE_FD
+if test "${enable_python-no}" != "no"; then
+    echo "   Python CFLAGS		: ${PYTHON_INCLUDE}" >&AS_MESSAGE_FD
+    echo "   Python LDFLAGS		: ${PYTHON_LIBS}" >&AS_MESSAGE_FD
+fi
+echo " Optional features:" >&AS_MESSAGE_FD
+echo "  log client			: ${enable_log_client-yes}" >&AS_MESSAGE_FD
+echo "  log server			: ${enable_log_server-yes}" >&AS_MESSAGE_FD
+echo "  log client/server TLS		: ${have_tls-no}" >&AS_MESSAGE_FD
+case "$host_os" in
+    linux*) echo "  SELinux RBAC			: ${with_selinux-yes}" >&AS_MESSAGE_FD;;
+esac
+echo " Optional sudoers back-ends:" >&AS_MESSAGE_FD
+echo "  LDAP				: ${with_ldap-no}" >&AS_MESSAGE_FD
+if test "${with_ldap-no}" != "no"; then
+    echo "   ldap configuration		: ${ldap_conf}" >&AS_MESSAGE_FD
+    echo "   ldap secret			: ${ldap_secret}" >&AS_MESSAGE_FD
+    echo "   SASL authentication		: ${enable_sasl-no}" >&AS_MESSAGE_FD
+fi
+echo "  SSSD				: ${with_sssd-no}" >&AS_MESSAGE_FD
+if test "${with_sssd-no}" != "no"; then
+    echo "   SSSD config path		: ${sssd_conf}" >&AS_MESSAGE_FD
+    if test "${sssd_lib}" = \""LIBDIR\""; then
+	echo "   SSSD lib dir			: ${libdir}" >&AS_MESSAGE_FD
+    else
+	echo "   SSSD lib dir			: ${sssd_lib}" >&AS_MESSAGE_FD
+    fi
+fi
+echo " Authentication options:" >&AS_MESSAGE_FD
+echo "  require authentication	: ${enable_authentication-yes}" >&AS_MESSAGE_FD
+auth_methods=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'`
+echo "  authentication methods	: ${auth_methods}" >&AS_MESSAGE_FD
+if test "${with_pam-no}" = "yes"; then
+    echo "  pam session support		: ${pam_session}" >&AS_MESSAGE_FD
+    echo "  pam login service		: ${pam_login_service}" >&AS_MESSAGE_FD
+fi
+if test "${with_kerb5-no}" != "no"; then
+    echo "  kerb5 instance string	: ${with_kerb5-none}" >&AS_MESSAGE_FD
+fi
+if test "${with_opie-no}-${with_skey-no}" != "no-no"; then
+    echo "  long OTP prompt		: ${long_otp_prompt-no}" >&AS_MESSAGE_FD
+fi
+echo "  group exempt from passwords	: ${with_exempt-none}" >&AS_MESSAGE_FD
+echo "  password prompt		: ${passprompt}" >&AS_MESSAGE_FD
+echo "  password prompt timeout	: ${password_timeout} minutes" >&AS_MESSAGE_FD
+echo "  password tries		: ${passwd_tries}" >&AS_MESSAGE_FD
+echo "  bad password message		: ${badpass_message}" >&AS_MESSAGE_FD
+if test "$insults" = "on"; then
+    i=""
+    test "$enable_offensive_insults" = "yes" && i="offensive ${i}"
+    test "$with_python_insults" = "yes" && i="python ${i}"
+    test "$with_goons_insults" = "yes" && i="goons ${i}"
+    test "$with_hal_insults" = "yes" && i="hal ${i}"
+    test "$with_csops_insults" = "yes" && i="csops ${i}"
+    test "$with_classic_insults" = "yes" && i="classic ${i}"
+else
+    i=no
+fi
+echo "  insults			: $i" >&AS_MESSAGE_FD
+echo "  display lecture		: ${lecture}" >&AS_MESSAGE_FD
+echo "  timestamp (credential) type	: ${timestamp_type}" >&AS_MESSAGE_FD
+echo "  timestamp (credential) timeout: ${timeout} minutes" >&AS_MESSAGE_FD
+echo " Logging options:" >&AS_MESSAGE_FD
+echo "  logging default		: ${with_logging}" >&AS_MESSAGE_FD
+echo "  syslog facility		: ${logfac}" >&AS_MESSAGE_FD
+echo "  syslog priority allowed	: ${goodpri}" >&AS_MESSAGE_FD
+echo "  syslog priority denied	: ${badpri}" >&AS_MESSAGE_FD
+echo "  log file path			: ${logpath}" >&AS_MESSAGE_FD
+echo "  log file includes hostname	: ${enable_log_host-no}" >&AS_MESSAGE_FD
+echo "  log file line length		: ${loglen}" >&AS_MESSAGE_FD
+echo "  compress I/O logs		: ${enable_zlib}" >&AS_MESSAGE_FD
+case "$host_os" in
+    linux*) echo "  Linux audit			: ${with_linux_audit-no}" >&AS_MESSAGE_FD;;
+    solaris2.11*) echo "  Solaris audit			: ${with_solaris_audit-no}" >&AS_MESSAGE_FD;;
+    *) echo "  BSM audit			: ${with_bsm_audit-no}" >&AS_MESSAGE_FD;;
+esac
+echo "  run mailer as root		: ${enable_root_mailer-yes}" >&AS_MESSAGE_FD
+echo "  warning/error mail recipient	: ${mailto}" >&AS_MESSAGE_FD
+echo "  warning/error mail subject	: ${mailsub}" >&AS_MESSAGE_FD
+echo "  mail if user not in sudoers	: ${mail_no_user}" >&AS_MESSAGE_FD
+echo "  mail if user not on host	: ${mail_no_host}" >&AS_MESSAGE_FD
+echo "  mail if command not allowed	: ${mail_no_perms}" >&AS_MESSAGE_FD
+echo " Pathnames:" >&AS_MESSAGE_FD
+echo "  log directory			: ${log_dir}" >&AS_MESSAGE_FD
+echo "  plugin directory		: ${plugindir}" >&AS_MESSAGE_FD
+echo "  sudoers plugin			: ${sudoers_plugin}" >&AS_MESSAGE_FD
+if test "${enable_python-no}" != "no"; then
+    echo "  python plugin			: ${python_plugin}" >&AS_MESSAGE_FD
+fi
+echo "  run directory			: ${rundir}" >&AS_MESSAGE_FD
+echo "  var directory			: ${vardir}" >&AS_MESSAGE_FD
+echo "  I/O log directory		: ${iolog_dir}" >&AS_MESSAGE_FD
+echo "  sudo_logsrvd relay directory	: ${relay_dir}" >&AS_MESSAGE_FD
+echo "  time zone directory		: ${tzdir}" >&AS_MESSAGE_FD
+echo "  path to sendmail		: ${with_sendmail}" >&AS_MESSAGE_FD
+if test -n "$TMPFILES_D"; then
+    echo "  systemd tempfiles dir	: ${TMPFILES_D}" >&AS_MESSAGE_FD
+fi
+if test ${with_netsvc-"no"} != "no"; then
+    echo "  netsvc file			: ${netsvc_conf}" >&AS_MESSAGE_FD
+elif test ${with_nsswitch-"yes"} != "no"; then
+    echo "  nsswitch file			: ${nsswitch_conf}" >&AS_MESSAGE_FD
+fi
+echo "  intercept file			: ${intercept_file}" >&AS_MESSAGE_FD
+echo "  noexec file			: ${noexec_file}" >&AS_MESSAGE_FD
+echo "  secure path			: ${with_secure_path-no}" >&AS_MESSAGE_FD
+echo "  askpass helper file		: ${with_askpass-no}" >&AS_MESSAGE_FD
+echo "  device search path		: ${devsearch}" >&AS_MESSAGE_FD
+echo " Other options:" >&AS_MESSAGE_FD
+if test "${with_devel-no}" != "no"; then
+    echo "  development build		: ${with_devel}" >&AS_MESSAGE_FD
+fi
+case "$host_os" in
+    solaris2*) echo "  Solaris project support	: ${with_project-no}" >&AS_MESSAGE_FD;;
+esac
+if test "${with_logincap+set}" = "set"; then
+    echo "  /etc/login.conf support	: ${with_logincap}" >&AS_MESSAGE_FD
+fi
+echo "  fully-qualified domain names	: ${fqdn}" >&AS_MESSAGE_FD
+echo "  default umask			: ${sudo_umask}" >&AS_MESSAGE_FD
+echo "  umask override		: ${umask_override}" >&AS_MESSAGE_FD
+echo "  default runas user		: ${runas_default}" >&AS_MESSAGE_FD
+echo "  probe network interfaces	: ${with_interfaces-yes}" >&AS_MESSAGE_FD
+echo "  allow root to run sudo	: ${root_sudo}" >&AS_MESSAGE_FD
+echo "  reset environment for commands: ${env_reset}" >&AS_MESSAGE_FD
+echo "  run shell if no args		: ${enable_noargs_shell-no}" >&AS_MESSAGE_FD
+echo "  ignore '.' or '' in \$PATH	: ${ignore_dot}" >&AS_MESSAGE_FD
+echo "  disable path info		: ${enable_path_info-no}" >&AS_MESSAGE_FD
+echo "  sudoers file mode		: ${SUDOERS_MODE}" >&AS_MESSAGE_FD
+echo "  sudoers file owner		: ${SUDOERS_UID}:${SUDOERS_GID}" >&AS_MESSAGE_FD
+echo "  default visudo editor		: ${editor}" >&AS_MESSAGE_FD
+echo "  visudo supports \$EDITOR	: ${env_editor}" >&AS_MESSAGE_FD
+if test "${enable_env_debug+set}" = "set"; then
+    echo "  environment debugging	: ${enable_env_debug-no}" >&AS_MESSAGE_FD
+fi
+echo "" >&AS_MESSAGE_FD
+
+dnl
+dnl Display any warnings/info the user needs to know about at the end.
+dnl
+AS_IF([test "$openssl_missing" = "yes"], [
+    AC_MSG_WARN([OpenSSL dev libraries not found, Sudo logsrv connections will not be encrypted.])
+])
+AS_IF([test "$with_pam" = "yes"], [
+    case $host_os in
+	hpux*)
+	    AS_IF([test -f /usr/lib/security/libpam_hpsec.so.1], [
+		AC_MSG_NOTICE([you may wish to add the following line to /etc/pam.conf])
+		AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login])
+	    ])
+	    ;;
+	linux*)
+	    AC_MSG_NOTICE([you will need to customize examples/pam.conf and install it as /etc/pam.d/sudo])
+	    ;;
+    esac
+])
+dnl
+dnl Warn user if they may need to clear rundir manually.
+dnl
+case "$rundir" in
+    /run/*|/var/run/*)
+	clear_rundir=0
+	;;
+    *)
+	clear_rundir=1
+	;;
+esac
+AS_IF([test $clear_rundir -eq 1], [
+    AC_MSG_NOTICE([warning: the $rundir/ts directory must be cleared at boot time.])
+    AC_MSG_NOTICE([         You may need to create a startup item to do this.])
+])
+
+dnl
+dnl Autoheader templates
+dnl
+AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
+AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
+AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
+AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.])
+AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
+AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
+AH_TEMPLATE(ENV_RESET, [Define to 1 to enable environment resetting by default.])
+AH_TEMPLATE(PYTHON_INSULTS, [Define to 1 if you want insults from "Monty Python's Flying Circus".])
+AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
+AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
+AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
+AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
+AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
+AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.])
+AH_TEMPLATE(HAVE_CRYPT, [Define to 1 if you have the 'crypt' function.])
+AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
+AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your 'DIR' contains dd_fd.])
+AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the 'dirfd' function or macro.])
+AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the 'dispcrypt' function.])
+AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the 'dlopen' function.])
+AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
+AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the 'fnmatch' function.])
+AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
+AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the 'getprpwnam' function.  (SecureWare-style shadow passwords).])
+AH_TEMPLATE(HAVE_GETPWNAM_SHADOW, [Define to 1 if you have the 'getpwnam_shadow' function.])
+AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the 'getspnam' function (SVR4-style shadow passwords).])
+AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the 'gss_krb5_ccache_name' function.])
+AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
+AH_TEMPLATE(HAVE_INET_NTOP, [Define to 1 if you have the 'inet_ntop' function.])
+AH_TEMPLATE(HAVE_INET_PTON, [Define to 1 if you have the 'inet_pton' function.])
+AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the 'iscomsec' function. (HP-UX >= 10.x check for shadow enabled).])
+AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
+AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the 'krb5_get_init_creds_opt_alloc' function.])
+AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your 'krb5_get_init_creds_opt_free' function takes two arguments.])
+AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the 'krb5_init_secure_context' function.])
+AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the 'krb5_verify_user' function.])
+AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not).])
+AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
+AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the <libintl.h> header file.])
+AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.])
+AH_TEMPLATE(HAVE_SSSD, [Define to 1 to enable SSSD support.])
+AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
+AH_TEMPLATE(HAVE_OPTRESET, [Define to 1 if you have the 'optreset' symbol.])
+AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
+AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.])
+AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
+AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
+AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
+AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the 'setkeycreatecon' function.])
+AH_TEMPLATE(HAVE_APPARMOR, [Define to 1 to enable AppArmor support.])
+AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the 'shl_load' function.])
+AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
+AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
+AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments.])
+AH_TEMPLATE(HAVE_SOLARIS_AUDIT, [Define to 1 to enable Solaris audit support.])
+AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union.])
+AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member.])
+AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member.])
+AH_TEMPLATE(HAVE_ST_NMTIME, [Define to 1 if your struct stat has an st_nmtime member.])
+AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
+AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
+AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements.])
+AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
+AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
+AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
+AH_TEMPLATE(NO_LEAKS, [Define to 1 if you want sudo to free up memory before exiting.])
+AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first time they use sudo.])
+AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support.])
+AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid running the mailer as root.])
+AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
+AH_TEMPLATE(TIMESTAMP_TYPE, [Define to global, ppid or tty to set the default timestamp record type.])
+AH_TEMPLATE(OFFENSIVE_INSULTS, [Define to 1 to include offensive insults from the classic version of sudo.])
+AH_TEMPLATE(PREFER_PORTABLE_GETCWD, [Define to 1 to enable replacement getcwd if system getcwd is broken.])
+AH_TEMPLATE(SECURE_PATH, [A colon-separated list of directories to override the user's PATH with.])
+AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
+AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
+AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
+AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
+AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
+AH_TEMPLATE(STATIC_SUDOERS_PLUGIN, [Define to 1 to compile the sudoers plugin statically into the sudo binary.])
+AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
+AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.])
+AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
+AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
+AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
+AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.])
+AH_TEMPLATE(HAVE___INTERPOSE, [Define to 1 if you have dyld with __interpose attribute support.])
+AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication.])
+AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.])
+AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).])
+AH_TEMPLATE(RTLD_PRELOAD_DELIM, [The delimiter to use when defining multiple preloaded objects.])
+AH_TEMPLATE(RTLD_PRELOAD_DEFAULT, [The default value of preloaded objects (if any).])
+AH_TEMPLATE(HAVE_DSO_VISIBILITY, [Define to 1 if the compiler supports the __visibility__ attribute.])
+AH_TEMPLATE(HAVE_SYS_SIGABBREV, [Define to 1 if your libc has the 'sys_sigabbrev' symbol.])
+AH_TEMPLATE(HAVE_NSS_SEARCH, [Define to 1 if you have the 'nss_search' function.])
+AH_TEMPLATE(HAVE__NSS_INITF_GROUP, [Define to 1 if you have the '_nss_initf_group' function.])
+AH_TEMPLATE(HAVE___NSS_INITF_GROUP, [Define to 1 if you have the '__nss_initf_group' function.])
+AH_TEMPLATE(HAVE__NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the '_nss_XbyY_buf_alloc' function.])
+AH_TEMPLATE(HAVE___NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the '__nss_XbyY_buf_alloc' function.])
+AH_TEMPLATE(NEED_RESOLV_H, [Define to 1 if resolv.h must be included to get the 'inet_ntop' or 'inet_pton' function prototypes.])
+AH_TEMPLATE(HAVE_STRNLEN, [Define to 1 if you have the 'strnlen' function.])
+AH_TEMPLATE(PAM_SUN_CODEBASE, [Define to 1 if your system uses a Solaris-derived PAM and not Linux-PAM or OpenPAM.])
+AH_TEMPLATE(HAVE_KINFO_PROC_44BSD, [Define to 1 if your system has a 4.4BSD-style kinfo_proc struct.])
+AH_TEMPLATE(HAVE_KINFO_PROC_FREEBSD, [Define to 1 if your system has a FreeBSD-style kinfo_proc struct.])
+AH_TEMPLATE(HAVE_KINFO_PROC_DFLY, [Define to 1 if your system has a Dragonfly-style kinfo_proc struct.])
+AH_TEMPLATE(HAVE_KINFO_PROC2_NETBSD, [Define to 1 if your system has a NetBSD-style kinfo_proc2 struct.])
+AH_TEMPLATE(HAVE_KINFO_PROC_OPENBSD, [Define to 1 if your system has an OpenBSD-style kinfo_proc struct.])
+AH_TEMPLATE(HAVE_OPENSSL, [Define to 1 if you are using OpenSSL's TLS and sha2 functions.])
+AH_TEMPLATE(HAVE_WOLFSSL, [Define to 1 if you are using wolfSSL's TLS and sha2 functions.])
+AH_TEMPLATE(HAVE_GCRYPT, [Define to 1 if you are using gcrypt's sha2 functions.])
+AH_TEMPLATE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION, [Define to 1 if you have the 'SSL_CTX_set_min_proto_version' function or macro.])
+AH_TEMPLATE(HAVE_SSL_CTX_SET_CIPHERSUITES, [Define to 1 if you have the 'SSL_CTX_set_ciphersuites' function or macro.])
+AH_TEMPLATE(SUDOERS_LOG_CLIENT, [Define to 1 to compile support for sudo_logsrvd in the sudoers plugin.])
+AH_TEMPLATE(HAVE_FALLTHROUGH_ATTRIBUTE, [Define to 1 if the compiler supports the fallthrough attribute.])
+AH_TEMPLATE(HAVE_VA_COPY, [Define to 1 if you have the 'va_copy' function.])
+AH_TEMPLATE(HAVE___VA_COPY, [Define to 1 if you have the '__va_copy' function.])
+
+dnl
+dnl Bits to copy verbatim into config.h.in
+dnl
+AH_TOP([#ifndef SUDO_CONFIG_H
+#define SUDO_CONFIG_H])
+
+AH_BOTTOM([/* Define C99 types if stdint.h and inttypes.h are missing. */
+#if !defined(HAVE_STDINT_H) && !defined(HAVE_INTTYPES_H)
+# ifndef HAVE_INT8_T
+typedef char			int8_t;
+# endif
+# ifndef HAVE_UINT8_T
+typedef	unsigned char		uint8_t;
+# endif
+# ifndef HAVE_INT16_T
+typedef short			int16_t;
+# endif
+# ifndef HAVE_UINT16_T
+typedef unsigned short		uint16_t;
+# endif
+# ifndef HAVE_INT32_T
+typedef int			int32_t;
+# endif
+# ifndef HAVE_UINT32_T
+typedef unsigned int		uint32_t;
+# endif
+# ifndef HAVE_INT64_T
+typedef long long		int64_t;
+# endif
+# ifndef HAVE_UINT64_T
+typedef unsigned long long	uint64_t;
+# endif
+# ifndef HAVE_INTMAX_T
+typedef long long		intmax_t;
+# endif
+# ifndef HAVE_UINTMAX_T
+typedef unsigned long long	uintmax_t;
+# endif
+#endif /* !HAVE_STDINT_H && !HAVE_INTTYPES_H */
+
+#ifndef HAVE_SIG_ATOMIC_T
+typedef int			sig_atomic_t;
+#endif
+
+#ifndef HAVE_SOCKLEN_T
+typedef unsigned int		socklen_t;
+#endif
+
+#ifndef __GNUC_PREREQ__
+# ifdef __GNUC__
+#  define __GNUC_PREREQ__(ma, mi) \
+	((__GNUC__ > (ma)) || (__GNUC__ == (ma) && __GNUC_MINOR__ >= (mi)))
+# else
+#  define __GNUC_PREREQ__(ma, mi)	0
+# endif
+#endif
+
+/* Define away __attribute__ for non-gcc or old gcc. */
+#if !defined(__attribute__) && !__GNUC_PREREQ__(2, 5)
+# define __attribute__(x)
+#endif
+
+/* For functions that call exit() directly. */
+#ifdef __has_c_attribute
+# if __has_c_attribute(__noreturn__)
+#  define sudo_noreturn		[[__noreturn__]]
+# endif
+#endif
+#ifndef sudo_noreturn
+# if __GNUC_PREREQ__(2, 5)
+#  define sudo_noreturn		__attribute__((__noreturn__))
+# else
+#  define sudo_noreturn
+# endif
+#endif
+
+/* For malloc-like functions that return uninitialized or zeroed memory. */
+#if __GNUC_PREREQ__(2, 96)
+# define sudo_malloclike	__attribute__((__malloc__))
+#else
+# define sudo_malloclike
+#endif
+
+/* Compile-time checking for function arguments that must not be NULL. */
+#if __GNUC_PREREQ__(3, 3)
+# define sudo_attr_nonnull(_a)	__attribute__((__nonnull__ (_a)))
+#else
+# define sudo_attr_nonnull(_a)
+#endif
+
+/* For catching format string mismatches. */
+#if __GNUC_PREREQ__(2, 7)
+# define sudo_printflike(_f, _v)	__attribute__((__format__ (__printf__, _f, _v))) sudo_attr_nonnull(_f)
+# define sudo_printf0like(_f, _v)	__attribute__((__format__ (__printf__, _f, _v)))
+# define sudo_attr_fmt_arg(_f)		__attribute__((__format_arg__ (_f)))
+#else
+# define sudo_printflike(_f, _v)
+# define sudo_printf0like(_f, _v)
+# define sudo_attr_fmt_arg(_f)
+#endif
+
+/* C23 defines a fallthrough attribute, gcc 7.0 and clang 10 have their own. */
+#ifdef __has_c_attribute
+# if __has_c_attribute(__fallthrough__)
+# define FALLTHROUGH		[[__fallthrough__]]
+# endif
+#endif
+#ifndef FALLTHROUGH
+# if defined(HAVE_FALLTHROUGH_ATTRIBUTE)
+#  define FALLTHROUGH		__attribute__((__fallthrough__))
+# else
+#  define FALLTHROUGH		do { } while (0)
+# endif
+#endif
+
+/* Symbol visibility controls. */
+#ifdef HAVE_DSO_VISIBILITY
+# if defined(__GNUC__)
+#  define sudo_dso_public __attribute__((__visibility__("default")))
+# elif defined(__SUNPRO_C)
+#  define sudo_dso_public __global
+# else
+#  define sudo_dso_public __declspec(dllexport)
+# endif
+#else
+# define sudo_dso_public
+#endif
+
+/* BSD compatibility on some SVR4 systems. */
+#ifdef __svr4__
+# define BSD_COMP
+#endif
+
+/* Enable BSD extensions on systems that have them.  */
+#ifndef _BSD_SOURCE
+# undef _BSD_SOURCE
+#endif
+
+/* Enable OpenBSD extensions on NetBSD.  */
+#ifndef _OPENBSD_SOURCE
+# undef _OPENBSD_SOURCE
+#endif
+
+/* Enable BSD types on IRIX.  */
+#ifndef _BSD_TYPES
+# undef _BSD_TYPES
+#endif
+
+/* Enable Linux-compatible extensions on AIX.  */
+#ifndef _LINUX_SOURCE_COMPAT
+# undef _LINUX_SOURCE_COMPAT
+#endif
+
+/* Enable unlimited getgroups(2) support on macOS. */
+#ifndef _DARWIN_UNLIMITED_GETGROUPS
+# undef _DARWIN_UNLIMITED_GETGROUPS
+#endif
+
+/* Enable prototypes in GCC fixed includes on older systems.  */
+#ifndef __USE_FIXED_PROTOTYPES__
+# undef __USE_FIXED_PROTOTYPES__
+#endif
+
+/* Enable XPG4v2 extensions to POSIX, needed for MSG_WAITALL on older HP-UX.  */
+#ifndef _XOPEN_SOURCE_EXTENDED
+# undef _XOPEN_SOURCE_EXTENDED
+#endif
+
+/* Enable reentrant versions of the standard C API (obsolete).  */
+#ifndef _REENTRANT
+# undef _REENTRANT
+#endif
+
+/* Enable "safer" versions of the standard C API (ISO C11).  */
+#ifndef __STDC_WANT_LIB_EXT1__
+# undef __STDC_WANT_LIB_EXT1__
+#endif
+
+/* Prevent static analyzers from genering bogus memory leak warnings. */
+#if defined(__COVERITY__) && !defined(NO_LEAKS)
+# define NO_LEAKS
+#endif
+
+#endif /* SUDO_CONFIG_H */])