From 8e82ae234e88a0d56c29bd1e00ea98d94abb8baa Mon Sep 17 00:00:00 2001
From: nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Date: Wed, 16 Apr 2008 21:18:20 +0000
Subject: [PATCH] Also fix the detection of the pam and selinux features: Fail
 if the feature is requested but the library (or header file) could not be
 found. If nothing is specified, enable the feature only if we can find the
 library (or header file).

---
 ChangeLog    |  6 +++--
 NEWS         |  4 ++-
 configure.in | 73 ++++++++++++++++++++++++++++++++++------------------
 3 files changed, 55 insertions(+), 28 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index dc4fd65f..dc3630a9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,9 @@
 2008-04-16  Nicolas François  <nicolas.francois@centraliens.net>
 
-	* NEWS, configure.in: Fix the detection of the audit library and
-	header file.
+	* NEWS, configure.in: Fix the detection of the audit, pam, and
+	selinux. Fail if the feature is requested but the library (or
+	header file) could not be found. If nothing is specified, enable
+	the feature only if we can find the library (or header file).
 	* configure.in: Document --with-selinux as "yes if found" rather
 	than "autodetected" for consistency with other options.
 
diff --git a/NEWS b/NEWS
index 1367ca47..440f4db7 100644
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,9 @@ shadow-4.1.1 -> shadow-4.1.2						UNRELEASED
 *** general:
 - packaging
   * Distribute the chfn, chsh, and userdel PAM configuration file.
-  * Fix the detection of the audit library and header file.
+  * Fix the detection of the audit, pam, and selinux library and header
+    file; and fail if the feature is requested but not present on the
+    system.
 
 shadow-4.1.0 -> shadow-4.1.1						02-04-2008
 
diff --git a/configure.in b/configure.in
index f6084b92..cda4b3f9 100644
--- a/configure.in
+++ b/configure.in
@@ -221,10 +221,10 @@ AC_ARG_WITH(audit,
 	[with_audit=$withval], [with_audit=maybe])
 AC_ARG_WITH(libpam,
 	[AC_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
-	[with_libpam=$withval], [with_libpam=yes])
+	[with_libpam=$withval], [with_libpam=maybe])
 AC_ARG_WITH(selinux,
 	[AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
-	[with_selinux=$withval], [with_selinux=yes])
+	[with_selinux=$withval], [with_selinux=maybe])
 AC_ARG_WITH(skey,
 	[AC_HELP_STRING([--with-skey], [use S/Key support @<:@default=no@:>@])],
 	[with_skey=$withval], [with_skey=no])
@@ -308,38 +308,61 @@ if test "$with_libcrack" = "yes"; then
 		AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
 fi
 
-if test "$with_selinux" = "yes"; then
-	AC_CHECK_LIB(selinux, is_selinux_enabled,
-		[LIBSELINUX="-lselinux"
-		AC_SUBST(LIBSELINUX)
-		AC_CHECK_HEADERS(selinux/selinux.h, [],
-			[AC_MSG_ERROR([selinux/selinux.h is missing])])
-		AC_DEFINE(WITH_SELINUX, 1, [Build shadow with SELinux support])
-		],
-		[AC_MSG_ERROR([libselinux not found])])
+AC_SUBST(LIBSELINUX)
+if test "$with_selinux" != "no"; then
+	AC_CHECK_HEADERS(selinux/selinux.h, [selinux_header="yes"], [selinux_header="no"])
+	if test "$selinux_header$with_selinux" = "noyes" ; then
+		AC_MSG_ERROR([selinux/selinux.h is missing])
+	elif test "$selinux_header" = "yes" ; then
+		AC_CHECK_LIB(selinux, is_selinux_enabled,
+		             [selinux_lib="yes"], [selinux_lib="no"])
+		if test "$selinux_lib$with_selinux" = "noyes" ; then
+			AC_MSG_ERROR([libselinux not found])
+		elif test "$selinux_lib" = "no" ; then
+			with_selinux="no"
+		else
+			AC_DEFINE(WITH_SELINUX, 1,
+			          [Build shadow with SELinux support])
+			LIBSELINUX="-lselinux"
+			with_selinux = "yes"
+		fi
+	else
+		with_selinux="no"
+	fi
 fi
 
 AC_SUBST(LIBPAM)
-if test "$with_libpam" = "yes"; then
+if test "$with_libpam" != "no"; then
 	AC_CHECK_LIB(pam, pam_start,
-		[AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
-		AM_CONDITIONAL(USE_PAM, [true])
-		LIBPAM="-lpam"
-		AC_CHECK_LIB(pam_misc, main,
-			[LIBPAM="$LIBPAM -lpam_misc"],
-			AC_MSG_ERROR(libpam_misc is missing for enable PAM support)
-		)],
-		[AC_MSG_CHECKING(use login access checking if PAM not used)
-		AM_CONDITIONAL(USE_PAM, [false])
-		AC_MSG_RESULT(yes)]
-	)
+	             [pam_lib="yes"], [pam_lib="no"])
+	if test "$pam_lib$with_libpam" = "noyes" ; then
+		AC_MSG_ERROR(libpam not found)
+	fi
+
+	AC_CHECK_LIB(pam_misc, main,
+	             [pam_misc_lib="yes"], [pam_misc_lib="no"])
+	if test "$pam_misc_lib$with_libpam" = "noyes" ; then
+		AC_MSG_ERROR(libpam_misc not found)
+	fi
+
+	if test "$pam_lib$pam_misc_lib" = "yesyes" ; then
+		with_libpam="yes"
+	else
+		with_libpam="no"
+	fi
+fi
+dnl Now with_libpam is either yes or no
+if test "$with_libpam" = "yes"; then
+	AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
+	AM_CONDITIONAL(USE_PAM, [true])
+	LIBPAM="-lpam -lpam_misc"
 	AC_MSG_CHECKING(use login and su access checking if PAM not used)
 	AC_MSG_RESULT(no)
 else
-	AC_MSG_CHECKING(use login and su access checking if PAM not used)
 	AC_DEFINE(SU_ACCESS, 1, [Define to support /etc/suauth su access control.])
-	AC_MSG_RESULT(yes)
 	AM_CONDITIONAL(USE_PAM, [false])
+	AC_MSG_CHECKING(use login and su access checking if PAM not used)
+	AC_MSG_RESULT(yes)
 fi
 
 AC_SUBST(LIBSKEY)