# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
+AC_REVISION($Revision$)
AC_CONFIG_SRCDIR([ssh.c])
AC_CONFIG_HEADER(config.h)
+
+# Handle Globus configuration right away, because the Globus flavor
+# determines our compiler options.
+
+# Check whether the user wants GSI (Globus) support
+gsi_path="no"
+AC_ARG_WITH(gsi,
+ [ --with-gsi Enable Globus GSI authentication support],
+ [
+ gsi_path="$withval"
+ ]
+)
+
+AC_ARG_WITH(globus,
+ [ --with-globus Enable Globus GSI authentication support],
+ [
+ gsi_path="$withval"
+ ]
+)
+
+AC_ARG_WITH(globus-static,
+ [ --with-globus-static Link statically with Globus GSI libraries],
+ [
+ gsi_static="-static"
+ if test "x$gsi_path" = "xno" ; then
+ gsi_path="$withval"
+ fi
+ ]
+)
+
+# Check whether the user has a Globus flavor type
+globus_flavor_type="no"
+AC_ARG_WITH(globus-flavor,
+ [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
+ [
+ globus_flavor_type="$withval"
+ if test "x$gsi_path" = "xno" ; then
+ gsi_path="yes"
+ fi
+ ]
+)
+
+if test "x$gsi_path" != "xno" ; then
+ # Globus GSSAPI configuration
+ AC_MSG_CHECKING(for Globus GSI)
+ AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
+
+ if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
+ AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
+ fi
+ if test -z "$GSSAPI"; then
+ AC_DEFINE(GSSAPI)
+ GSSAPI="GSI"
+ fi
+
+ if test "x$gsi_path" = "xyes" ; then
+ if test -z "$GLOBUS_LOCATION" ; then
+ AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
+ else
+ gsi_path="$GLOBUS_LOCATION"
+ fi
+ fi
+ GLOBUS_LOCATION="$gsi_path"
+ export GLOBUS_LOCATION
+ if test ! -d "$GLOBUS_LOCATION" ; then
+ AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
+ fi
+
+ if test "x$globus_flavor_type" = "xno" ; then
+ AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
+ fi
+ if test "x$globus_flavor_type" = "xyes" ; then
+ AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
+ fi
+
+ GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
+ if test ! -d "$GLOBUS_INCLUDE" ; then
+ AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
+ fi
+
+ if test -x ${gsi_path}/bin/globus-makefile-header ; then
+ ${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
+ elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
+ ${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
+ else
+ AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
+ fi
+ . ./gpt_build_tmp.sh
+ if test -z "$GLOBUS_PKG_LIBS" ; then
+ AC_MSG_ERROR(globus-makefile-header failed)
+ fi
+
+ AC_MSG_RESULT($GLOBUS_LOCATION)
+ AC_DEFINE(HAVE_GSSAPI_H)
+
+ CC="$GLOBUS_CC"
+ CFLAGS="$GLOBUS_CFLAGS"
+ CPP="$GLOBUS_CPP"
+ CPPFLAGS="$GLOBUS_CPPFLAGS $GLOBUS_INCLUDES"
+ LIBS="$LIBS $GLOBUS_LIBS $GLOBUS_PKG_LIBS"
+ LD="$GLOBUS_LD"
+ LDFLAGS="$LDFLAGS $GLOBUS_LDFLAGS"
+
+ INSTALL_GSISSH="yes"
+else
+ INSTALL_GSISSH=""
+fi
+# End Globus/GSI section
+
AC_PROG_CC
AC_CANONICAL_HOST
AC_C_BIGENDIAN
AC_PROG_CPP
AC_PROG_RANLIB
AC_PROG_INSTALL
+AC_PROG_EGREP
AC_PATH_PROG(AR, ar)
AC_PATH_PROG(CAT, cat)
AC_PATH_PROG(KILL, kill)
AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
+use_stack_protector=1
+AC_ARG_WITH(stackprotect,
+ [ --without-stackprotect Don't use compiler's stack protection], [
+ if test "x$withval" = "xno"; then
+ use_stack_protector=0
+ fi ])
+
if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
case $GCC_VER in
- 1.*) ;;
- 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
- 2.*) ;;
- 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
- 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
+ 1.*) no_attrib_nonnull=1 ;;
+ 2.8* | 2.9*)
+ CFLAGS="$CFLAGS -Wsign-compare"
+ no_attrib_nonnull=1
+ ;;
+ 2.*) no_attrib_nonnull=1 ;;
+ 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
+ 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
*) ;;
esac
+ AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-builtin-memset"
+ AC_LINK_IFELSE( [AC_LANG_SOURCE([[
+#include <string.h>
+int main(void){char b[10]; memset(b, 0, sizeof(b));}
+ ]])],
+ [ AC_MSG_RESULT(yes) ],
+ [ AC_MSG_RESULT(no)
+ CFLAGS="$saved_CFLAGS" ]
+)
+
+ # -fstack-protector-all doesn't always work for some GCC versions
+ # and/or platforms, so we test if we can. If it's not supported
+ # on a given platform gcc will emit a warning so we use -Werror.
+ if test "x$use_stack_protector" = "x1"; then
+ for t in -fstack-protector-all -fstack-protector; do
+ AC_MSG_CHECKING(if $CC supports $t)
+ saved_CFLAGS="$CFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+ CFLAGS="$CFLAGS $t -Werror"
+ LDFLAGS="$LDFLAGS $t -Werror"
+ AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([
+#include <stdio.h>
+int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
+ ])],
+ [ AC_MSG_RESULT(yes)
+ CFLAGS="$saved_CFLAGS $t"
+ LDFLAGS="$saved_LDFLAGS $t"
+ AC_MSG_CHECKING(if $t works)
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([
+#include <stdio.h>
+int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
+ ])],
+ [ AC_MSG_RESULT(yes)
+ break ],
+ [ AC_MSG_RESULT(no) ],
+ [ AC_MSG_WARN([cross compiling: cannot test])
+ break ]
+ )
+ ],
+ [ AC_MSG_RESULT(no) ]
+ )
+ CFLAGS="$saved_CFLAGS"
+ LDFLAGS="$saved_LDFLAGS"
+ done
+ fi
+
if test -z "$have_llong_max"; then
# retry LLONG_MAX with -std=gnu99, needed on some Linuxes
unset ac_cv_have_decl_LLONG_MAX
fi
fi
+if test "x$no_attrib_nonnull" != "x1" ; then
+ AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
+fi
+
AC_ARG_WITH(rpath,
[ --without-rpath Disable auto-added -R linker paths],
[
]
)
+# Allow user to specify flags
+AC_ARG_WITH(cflags,
+ [ --with-cflags Specify additional flags to pass to compiler],
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ CFLAGS="$CFLAGS $withval"
+ fi
+ ]
+)
+AC_ARG_WITH(cppflags,
+ [ --with-cppflags Specify additional flags to pass to preprocessor] ,
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ CPPFLAGS="$CPPFLAGS $withval"
+ fi
+ ]
+)
+AC_ARG_WITH(ldflags,
+ [ --with-ldflags Specify additional flags to pass to linker],
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ LDFLAGS="$LDFLAGS $withval"
+ fi
+ ]
+)
+AC_ARG_WITH(libs,
+ [ --with-libs Specify additional libraries to link with],
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ LIBS="$LIBS $withval"
+ fi
+ ]
+)
+AC_ARG_WITH(Werror,
+ [ --with-Werror Build main code with -Werror],
+ [
+ if test -n "$withval" && test "x$withval" != "xno"; then
+ werror_flags="-Werror"
+ if test "x${withval}" != "xyes"; then
+ werror_flags="$withval"
+ fi
+ fi
+ ]
+)
+
+AC_CHECK_HEADERS( \
+ bstring.h \
+ crypt.h \
+ crypto/sha2.h \
+ dirent.h \
+ endian.h \
+ features.h \
+ fcntl.h \
+ floatingpoint.h \
+ getopt.h \
+ glob.h \
+ ia.h \
+ iaf.h \
+ limits.h \
+ login.h \
+ maillock.h \
+ ndir.h \
+ net/if_tun.h \
+ netdb.h \
+ netgroup.h \
+ pam/pam_appl.h \
+ paths.h \
+ poll.h \
+ pty.h \
+ readpassphrase.h \
+ rpc/types.h \
+ security/pam_appl.h \
+ sha2.h \
+ shadow.h \
+ stddef.h \
+ stdint.h \
+ string.h \
+ strings.h \
+ sys/audit.h \
+ sys/bitypes.h \
+ sys/bsdtty.h \
+ sys/cdefs.h \
+ sys/dir.h \
+ sys/mman.h \
+ sys/ndir.h \
+ sys/poll.h \
+ sys/prctl.h \
+ sys/pstat.h \
+ sys/select.h \
+ sys/stat.h \
+ sys/stream.h \
+ sys/stropts.h \
+ sys/strtio.h \
+ sys/statvfs.h \
+ sys/sysmacros.h \
+ sys/time.h \
+ sys/timers.h \
+ sys/un.h \
+ time.h \
+ tmpdir.h \
+ ttyent.h \
+ ucred.h \
+ unistd.h \
+ usersec.h \
+ util.h \
+ utime.h \
+ utmp.h \
+ utmpx.h \
+ vis.h \
+)
+
+# lastlog.h requires sys/time.h to be included first on Solaris
+AC_CHECK_HEADERS(lastlog.h, [], [], [
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+])
+
+# sys/ptms.h requires sys/stream.h to be included first on Solaris
+AC_CHECK_HEADERS(sys/ptms.h, [], [], [
+#ifdef HAVE_SYS_STREAM_H
+# include <sys/stream.h>
+#endif
+])
+
+# login_cap.h requires sys/types.h on NetBSD
+AC_CHECK_HEADERS(login_cap.h, [], [], [
+#include <sys/types.h>
+])
+
+# older BSDs need sys/param.h before sys/mount.h
+AC_CHECK_HEADERS(sys/mount.h, [], [], [
+#include <sys/param.h>
+])
+
+# Messages for features tested for in target-specific section
+SIA_MSG="no"
+SPC_MSG="no"
+
# Check for some target-specific stuff
case "$host" in
*-*-aix*)
+ # Some versions of VAC won't allow macro redefinitions at
+ # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
+ # particularly with older versions of vac or xlc.
+ # It also throws errors about null macro argments, but these are
+ # not fatal.
+ AC_MSG_CHECKING(if compiler allows macro redefinitions)
+ AC_COMPILE_IFELSE(
+ [AC_LANG_SOURCE([[
+#define testmacro foo
+#define testmacro bar
+int main(void) { exit(0); }
+ ]])],
+ [ AC_MSG_RESULT(yes) ],
+ [ AC_MSG_RESULT(no)
+ CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
+ LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
+ CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
+ CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
+ ]
+ )
+
AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
if (test -z "$blibpath"); then
blibpath="/usr/lib:/lib"
fi
saved_LDFLAGS="$LDFLAGS"
- for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
+ if test "$GCC" = "yes"; then
+ flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
+ else
+ flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
+ fi
+ for tryflags in $flags ;do
if (test -z "$blibflags"); then
LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
AC_TRY_LINK([], [], [blibflags=$tryflags])
[],
[#include <usersec.h>]
)
- AC_CHECK_FUNCS(setauthdb)
+ AC_CHECK_FUNCS(getgrset setauthdb)
+ AC_CHECK_DECL(F_CLOSEM,
+ AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
+ [],
+ [ #include <limits.h>
+ #include <fcntl.h> ]
+ )
check_for_aix_broken_getaddrinfo=1
AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
supported by bsd-setproctitle.c])
AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
[AIX 5.2 and 5.3 (and presumably newer) require this])
+ AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
;;
*-*-cygwin*)
check_for_libcrypt_later=1
- LIBS="$LIBS /usr/lib/textmode.o"
+ LIBS="$LIBS /usr/lib/textreadmode.o"
AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
AC_DEFINE(DISABLE_SHADOW, 1,
[Define if you want to disable shadow passwords])
- AC_DEFINE(IP_TOS_IS_BROKEN, 1,
- [Define if your system choked on IP TOS setting])
AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
[Define if X11 doesn't support AF_UNIX sockets on that system])
AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
AC_DEFINE(DISABLE_FD_PASSING, 1,
[Define if your platform needs to skip post auth
file descriptor passing])
+ AC_DEFINE(SSH_IOBUFSZ, 65536, [Windows is sensitive to read buffer size])
;;
*-*-dgux*)
- AC_DEFINE(IP_TOS_IS_BROKEN)
+ AC_DEFINE(IP_TOS_IS_BROKEN, 1,
+ [Define if your system choked on IP TOS setting])
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
;;
*-*-darwin*)
- AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
+ AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
+ AC_DEFINE(BROKEN_GETADDRINFO)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
[Define if your resolver libs need this for getrrsetbyname])
+ AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
+ AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
+ [Use tunnel device compatibility to OpenBSD])
+ AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
+ [Prepend the address family to IP tunnel traffic])
AC_MSG_CHECKING(if we have the Security Authorization Session API)
AC_TRY_COMPILE([#include <Security/AuthSession.h>],
[SessionCreate(0, 0);],
[ac_cv_use_security_session_api="yes"
- AC_DEFINE(USE_SECURITY_SESSION_API, 1,
- [platform has a Security Authorization Session API])
+ AC_DEFINE(USE_SECURITY_SESSION_API, 1,
+ [platform has the Security Authorization Session API])
LIBS="$LIBS -framework Security"
AC_MSG_RESULT(yes)],
[ac_cv_use_security_session_api="no"
[#include <Kerberos/Kerberos.h>],
[cc_context_t c;
(void) cc_initialize (&c, 0, NULL, NULL);],
- [AC_DEFINE(USE_CCAPI, 1,
+ [AC_DEFINE(USE_CCAPI, 1,
[platform uses an in-memory credentials cache])
LIBS="$LIBS -framework Security"
AC_MSG_RESULT(yes)
fi],
[AC_MSG_RESULT(no)]
)
+ m4_pattern_allow(AU_IPv)
+ AC_CHECK_DECL(AU_IPv4, [],
+ AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
+ [#include <bsm/audit.h>]
+ AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
+ [Define if pututxline updates lastlog too])
+ )
+ ;;
+*-*-dragonfly*)
+ SSHDLIBS="$SSHDLIBS -lcrypt"
;;
*-*-hpux*)
# first we define all of the options common to all HP-UX releases
AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
+*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
+ check_for_libcrypt_later=1
+ AC_DEFINE(PAM_TTY_KLUDGE)
+ AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
+ AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
+ AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
+ AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
+ ;;
*-*-linux*)
no_dev_ptmx=1
check_for_libcrypt_later=1
check_for_openpty_ctty_bug=1
- AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
AC_DEFINE(PAM_TTY_KLUDGE, 1,
[Work around problematic Linux PAM modules handling of PAM_TTY])
AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
fi
;;
mips-sony-bsd|mips-sony-newsos4)
- AC_DEFINE(NEED_SETPRGP, 1, [Need setpgrp to acquire controlling tty])
+ AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
SONY=1
;;
*-*-netbsd*)
AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
AC_CHECK_HEADER([net/if_tap.h], ,
AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
+ AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
;;
*-*-bsdi*)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
+ AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
+ [syslog_r function is safe to use in in a signal handler])
;;
*-*-solaris*)
if test "x$withval" != "xno" ; then
AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
[Define if sshd somehow reacquires a controlling TTY
after setsid()])
+ AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
+ in case the name is longer than 8 chars])
+ AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
external_path_file=/etc/default/login
# hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog"
else
AC_MSG_RESULT(no)
fi
+ AC_ARG_WITH(solaris-contracts,
+ [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
+ [
+ AC_CHECK_LIB(contract, ct_tmpl_activate,
+ [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
+ [Define if you have Solaris process contracts])
+ SSHDLIBS="$SSHDLIBS -lcontract"
+ AC_SUBST(SSHDLIBS)
+ SPC_MSG="yes" ], )
+ ],
+ )
;;
*-*-sunos4*)
CPPFLAGS="$CPPFLAGS -DSUNOS4"
;;
# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
*-*-sysv4.2*)
- CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
AC_DEFINE(USE_PIPES)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
;;
# UnixWare 7.x, OpenUNIX 8
*-*-sysv5*)
- check_for_libcrypt_later=1
AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
AC_DEFINE(USE_PIPES)
AC_DEFINE(SETEUID_BREAKS_SETUID)
TEST_SHELL=/u95/bin/sh
AC_DEFINE(BROKEN_LIBIAF, 1,
[ia_uinfo routines not supported by OS yet])
+ AC_DEFINE(BROKEN_UPDWTMPX)
+ AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
+ AC_CHECK_FUNCS(getluid setluid,,,-lprot)
+ AC_DEFINE(HAVE_SECUREWARE)
+ AC_DEFINE(DISABLE_SHADOW)
+ ],,)
;;
*) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
+ check_for_libcrypt_later=1
;;
esac
;;
system's login() call])
AC_DEFINE(DISABLE_FD_PASSING)
LIBS="$LIBS -lsecurity -ldb -lm -laud"
+ SIA_MSG="yes"
else
AC_MSG_RESULT(no)
AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
;;
-*-*-nto-qnx)
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(NO_X11_UNIX_SOCKETS)
- AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
- AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
- AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
- ;;
-
-*-*-ultrix*)
- AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
- AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
- AC_DEFINE(NEED_SETPRGP)
- AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
- ;;
-
-*-*-lynxos)
- CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
- AC_DEFINE(MISSING_HOWMANY)
- AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
- ;;
-esac
-
-# Allow user to specify flags
-AC_ARG_WITH(cflags,
- [ --with-cflags Specify additional flags to pass to compiler],
- [
- if test -n "$withval" && test "x$withval" != "xno" && \
- test "x${withval}" != "xyes"; then
- CFLAGS="$CFLAGS $withval"
- fi
- ]
-)
-AC_ARG_WITH(cppflags,
- [ --with-cppflags Specify additional flags to pass to preprocessor] ,
- [
- if test -n "$withval" && test "x$withval" != "xno" && \
- test "x${withval}" != "xyes"; then
- CPPFLAGS="$CPPFLAGS $withval"
- fi
- ]
-)
-AC_ARG_WITH(ldflags,
- [ --with-ldflags Specify additional flags to pass to linker],
- [
- if test -n "$withval" && test "x$withval" != "xno" && \
- test "x${withval}" != "xyes"; then
- LDFLAGS="$LDFLAGS $withval"
- fi
- ]
-)
-AC_ARG_WITH(libs,
- [ --with-libs Specify additional libraries to link with],
- [
- if test -n "$withval" && test "x$withval" != "xno" && \
- test "x${withval}" != "xyes"; then
- LIBS="$LIBS $withval"
- fi
- ]
-)
-AC_ARG_WITH(Werror,
- [ --with-Werror Build main code with -Werror],
- [
- if test -n "$withval" && test "x$withval" != "xno"; then
- werror_flags="-Werror"
- if test "x${withval}" != "xyes"; then
- werror_flags="$withval"
- fi
- fi
- ]
-)
-
-AC_MSG_CHECKING(compiler and flags for sanity)
-AC_RUN_IFELSE(
- [AC_LANG_SOURCE([
-#include <stdio.h>
-int main(){exit(0);}
- ])],
- [ AC_MSG_RESULT(yes) ],
- [
- AC_MSG_RESULT(no)
- AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
- ],
- [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
-)
-
-dnl Checks for header files.
-AC_CHECK_HEADERS( \
- bstring.h \
- crypt.h \
- dirent.h \
- endian.h \
- features.h \
- floatingpoint.h \
- getopt.h \
- glob.h \
- ia.h \
- iaf.h \
- lastlog.h \
- limits.h \
- login.h \
- login_cap.h \
- maillock.h \
- ndir.h \
- net/if.h \
- netdb.h \
- netgroup.h \
- netinet/in_systm.h \
- pam/pam_appl.h \
- paths.h \
- pty.h \
- readpassphrase.h \
- rpc/types.h \
- security/pam_appl.h \
- shadow.h \
- stddef.h \
- stdint.h \
- string.h \
- strings.h \
- sys/audit.h \
- sys/bitypes.h \
- sys/bsdtty.h \
- sys/cdefs.h \
- sys/dir.h \
- sys/mman.h \
- sys/ndir.h \
- sys/prctl.h \
- sys/pstat.h \
- sys/select.h \
- sys/stat.h \
- sys/stream.h \
- sys/stropts.h \
- sys/strtio.h \
- sys/sysmacros.h \
- sys/time.h \
- sys/timers.h \
- sys/un.h \
- time.h \
- tmpdir.h \
- ttyent.h \
- unistd.h \
- usersec.h \
- util.h \
- utime.h \
- utmp.h \
- utmpx.h \
- vis.h \
-)
+*-*-nto-qnx*)
+ AC_DEFINE(USE_PIPES)
+ AC_DEFINE(NO_X11_UNIX_SOCKETS)
+ AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
+ AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
+ AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
+ AC_DEFINE(DISABLE_LASTLOG)
+ AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
+ enable_etc_default_login=no # has incompatible /etc/default/login
+ case "$host" in
+ *-*-nto-qnx6*)
+ AC_DEFINE(DISABLE_FD_PASSING)
+ ;;
+ esac
+ ;;
-# sys/ptms.h requires sys/stream.h to be included first on Solaris
-AC_CHECK_HEADERS(sys/ptms.h, [], [], [
-#ifdef HAVE_SYS_STREAM_H
-# include <sys/stream.h>
-#endif
-])
+*-*-ultrix*)
+ AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
+ AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
+ AC_DEFINE(NEED_SETPGRP)
+ AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
+ ;;
+
+*-*-lynxos)
+ CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
+ AC_DEFINE(MISSING_HOWMANY)
+ AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
+ ;;
+esac
+
+AC_MSG_CHECKING(compiler and flags for sanity)
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([
+#include <stdio.h>
+int main(){exit(0);}
+ ])],
+ [ AC_MSG_RESULT(yes) ],
+ [
+ AC_MSG_RESULT(no)
+ AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
+ ],
+ [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
+)
+dnl Checks for header files.
# Checks for libraries.
AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
fi ]
)
+AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
AC_CHECK_LIB(z, deflate, ,
[
saved_CPPFLAGS="$CPPFLAGS"
)
]
)
-AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
AC_ARG_WITH(zlib-version-check,
[ --without-zlib-version-check Disable zlib version check],
AC_CHECK_HEADERS(libutil.h)
AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
[Define if your libraries define login()])])
-AC_CHECK_FUNCS(logout updwtmp logwtmp)
+AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
AC_FUNC_STRFTIME
# Check for g.gl_matchc glob() extension
AC_MSG_CHECKING(for gl_matchc field in glob_t)
-AC_EGREP_CPP(FOUNDIT,
- [
- #include <glob.h>
- int main(void){glob_t g; g.gl_matchc = 1;}
- ],
+AC_TRY_COMPILE(
+ [ #include <glob.h> ],
+ [glob_t g; g.gl_matchc = 1;],
[
AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
[Define if your system glob() function has
]
)
+AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
+
AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
AC_RUN_IFELSE(
[AC_LANG_SOURCE([[
]
)
-# Check whether the user wants GSSAPI mechglue support
-AC_ARG_WITH(mechglue,
- [ --with-mechglue=PATH Build with GSSAPI mechglue library],
- [
- AC_MSG_CHECKING(for mechglue library)
-
- if test -e ${withval}/libgssapi.a ; then
- mechglue_lib=${withval}/libgssapi.a
- elif test -e ${withval}/lib/libgssapi.a ; then
- mechglue_lib=${withval}/lib/libgssapi.a
- else
- AC_MSG_ERROR("Can't find libgssapi in ${withval}");
- fi
- LIBS="$LIBS ${mechglue_lib}"
- AC_MSG_RESULT(${mechglue_lib})
-
- AC_CHECK_LIB(dl, dlopen, , )
- if test $ac_cv_lib_dl_dlopen = yes; then
- LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
- fi
-
- AC_DEFINE(GSSAPI)
- AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
- GSSAPI="mechglue"
-
- ]
-)
-
-
-# Check whether the user wants GSI (Globus) support
-gsi_path="no"
-AC_ARG_WITH(gsi,
- [ --with-gsi Enable Globus GSI authentication support],
- [
- gsi_path="$withval"
- ]
-)
-
-AC_ARG_WITH(globus,
- [ --with-globus Enable Globus GSI authentication support],
- [
- gsi_path="$withval"
- ]
-)
-
-AC_ARG_WITH(globus-static,
- [ --with-globus-static Link statically with Globus GSI libraries],
- [
- gsi_static="-static"
- if test "x$gsi_path" = "xno" ; then
- gsi_path="$withval"
- fi
- ]
-)
-
-# Check whether the user has a Globus flavor type
-globus_flavor_type="no"
-AC_ARG_WITH(globus-flavor,
- [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
- [
- globus_flavor_type="$withval"
- if test "x$gsi_path" = "xno" ; then
- gsi_path="yes"
- fi
- ]
-)
-
-if test "x$gsi_path" != "xno" ; then
- # Globus GSSAPI configuration
- AC_MSG_CHECKING(for Globus GSI)
- AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
-
- if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
- AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
- fi
- if test -z "$GSSAPI"; then
- AC_DEFINE(GSSAPI)
- GSSAPI="GSI"
- fi
-
- if test "x$gsi_path" = "xyes" ; then
- if test -z "$GLOBUS_LOCATION" ; then
- AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
- else
- gsi_path="$GLOBUS_LOCATION"
- fi
- fi
- GLOBUS_LOCATION="$gsi_path"
- export GLOBUS_LOCATION
- if test ! -d "$GLOBUS_LOCATION" ; then
- AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
- fi
-
- if test "x$globus_flavor_type" = "xno" ; then
- AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
- fi
- if test "x$globus_flavor_type" = "xyes" ; then
- AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
- fi
-
- GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
- if test ! -d "$GLOBUS_INCLUDE" ; then
- AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
- fi
- GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
-
- if test -x ${gsi_path}/bin/globus-makefile-header ; then
- GSI_LIBS=`${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
- elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
- GSI_LIBS=`${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
- else
- AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
- fi
- if test -n "${need_dash_r}"; then
- GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
- else
- GSI_LDFLAGS="-L${gsi_path}/lib"
- fi
- if test -z "$GSI_LIBS" ; then
- AC_MSG_ERROR(globus-makefile-header failed)
- fi
-
- AC_DEFINE(HAVE_GSSAPI_H)
-
- LIBS="$LIBS $GSI_LIBS"
- LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
- CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
-
- # test that we got the libraries OK
- AC_TRY_LINK(
- [],
- [],
- [
- AC_MSG_RESULT(yes)
- ],
- [
- AC_MSG_ERROR(link with Globus libraries failed)
- ]
- )
- INSTALL_GSISSH="yes"
-else
- INSTALL_GSISSH=""
-fi
-AC_SUBST(INSTALL_GSISSH)
-# End Globus/GSI section
-
AC_MSG_CHECKING([for /proc/pid/fd directory])
if test -d "/proc/$$/fd" ; then
AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
CPPFLAGS="-I${withval} ${CPPFLAGS}"
fi
fi
- LIBWRAP="-lwrap"
- LIBS="$LIBWRAP $LIBS"
+ LIBS="-lwrap $LIBS"
AC_MSG_CHECKING(for libwrap)
AC_TRY_LINK(
[
AC_DEFINE(LIBWRAP, 1,
[Define if you want
TCP Wrappers support])
- AC_SUBST(LIBWRAP)
+ SSHDLIBS="$SSHDLIBS -lwrap"
TCPW_MSG="yes"
],
[
AUDIT_MODULE=bsm
dnl Checks for headers, libs and functions
AC_CHECK_HEADERS(bsm/audit.h, [],
- [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
+ [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
+ [
+#ifdef HAVE_TIME_H
+# include <time.h>
+#endif
+ ]
+)
AC_CHECK_LIB(bsm, getaudit, [],
[AC_MSG_ERROR(BSM enabled and required library not found)])
AC_CHECK_FUNCS(getaudit, [],
[AC_MSG_ERROR(BSM enabled and required function not found)])
# These are optional
- AC_CHECK_FUNCS(getaudit_addr)
+ AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
;;
debug)
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS( \
arc4random \
+ arc4random_buf \
+ arc4random_uniform \
asprintf \
b64_ntop \
__b64_ntop \
fchmod \
fchown \
freeaddrinfo \
+ fstatvfs \
futimes \
getaddrinfo \
getcwd \
getnameinfo \
getopt \
getpeereid \
+ getpeerucred \
_getpty \
getrlimit \
getttyent \
ogetaddrinfo \
openlog_r \
openpty \
+ poll \
prctl \
pstat \
readpassphrase \
sigvec \
snprintf \
socketpair \
+ statfs \
+ statvfs \
strdup \
strerror \
strlcat \
strtonum \
strtoll \
strtoul \
+ swap32 \
sysconf \
tcgetpgrp \
truncate \
AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
+AC_CHECK_DECLS(SHUT_RD, , ,
+ [
+#include <sys/types.h>
+#include <sys/socket.h>
+ ])
+
+AC_CHECK_DECLS(O_NONBLOCK, , ,
+ [
+#include <sys/types.h>
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+# include <fcntl.h>
+#endif
+ ])
+
+AC_CHECK_DECLS(writev, , , [
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <unistd.h>
+ ])
+
+AC_CHECK_DECLS(MAXSYMLINKS, , , [
+#include <sys/param.h>
+ ])
+
+AC_CHECK_DECLS(offsetof, , , [
+#include <stddef.h>
+ ])
+
AC_CHECK_FUNCS(setresuid, [
dnl Some platorms have setresuid that isn't implemented, test for this
AC_MSG_CHECKING(if setresuid seems to work)
dnl Checks for utmpx functions
AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
AC_CHECK_FUNCS(setutxent utmpxname)
+dnl Checks for lastlog functions
+AC_CHECK_FUNCS(getlastlogxbyname)
AC_CHECK_FUNC(daemon,
[AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
# Check for missing getpeereid (or equiv) support
NO_PEERCHECK=""
-if test "x$ac_cv_func_getpeereid" != "xyes" ; then
+if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
AC_TRY_COMPILE(
[#include <sys/types.h>
[
AC_MSG_RESULT(no)
AC_DEFINE(BROKEN_GETADDRINFO)
- ],
- AC_MSG_RESULT(cross-compiling, assuming no)
- ]
- )
-fi
-
-if test "x$check_for_conflicting_getspnam" = "x1"; then
- AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
- AC_COMPILE_IFELSE(
- [
-#include <shadow.h>
-int main(void) {exit(0);}
- ],
- [
- AC_MSG_RESULT(no)
],
[
- AC_MSG_RESULT(yes)
- AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
- [Conflicting defs for getspnam])
+ AC_MSG_RESULT(cross-compiling, assuming no)
]
- )
-fi
-
-AC_FUNC_GETPGRP
-
-# Check for PAM libs
-PAM_MSG="no"
-AC_ARG_WITH(pam,
- [ --with-pam Enable PAM support ],
- [
- if test "x$withval" != "xno" ; then
- if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
- test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
- AC_MSG_ERROR([PAM headers not found])
- fi
-
- AC_CHECK_LIB(dl, dlopen, , )
- AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
- AC_CHECK_FUNCS(pam_getenvlist)
- AC_CHECK_FUNCS(pam_putenv)
-
- PAM_MSG="yes"
-
- AC_DEFINE(USE_PAM, 1,
- [Define if you want to enable PAM support])
- if test $ac_cv_lib_dl_dlopen = yes; then
- LIBPAM="-lpam -ldl"
- else
- LIBPAM="-lpam"
- fi
- AC_SUBST(LIBPAM)
- fi
- ]
-)
+ )
+fi
-# Check for older PAM
-if test "x$PAM_MSG" = "xyes" ; then
- # Check PAM strerror arguments (old PAM)
- AC_MSG_CHECKING([whether pam_strerror takes only one argument])
- AC_TRY_COMPILE(
+if test "x$check_for_conflicting_getspnam" = "x1"; then
+ AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
+ AC_COMPILE_IFELSE(
[
-#include <stdlib.h>
-#if defined(HAVE_SECURITY_PAM_APPL_H)
-#include <security/pam_appl.h>
-#elif defined (HAVE_PAM_PAM_APPL_H)
-#include <pam/pam_appl.h>
-#endif
+#include <shadow.h>
+int main(void) {exit(0);}
+ ],
+ [
+ AC_MSG_RESULT(no)
],
- [(void)pam_strerror((pam_handle_t *)NULL, -1);],
- [AC_MSG_RESULT(no)],
[
- AC_DEFINE(HAVE_OLD_PAM, 1,
- [Define if you have an old version of PAM
- which takes only one argument to pam_strerror])
AC_MSG_RESULT(yes)
- PAM_MSG="yes (old library)"
+ AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
+ [Conflicting defs for getspnam])
]
)
fi
+AC_FUNC_GETPGRP
+
# Search for OpenSSL
saved_CPPFLAGS="$CPPFLAGS"
saved_LDFLAGS="$LDFLAGS"
fi
]
)
-if test -z "$GSI_LIBS" ; then
+if test -z "$GLOBUS_LDFLAGS" ; then
LIBS="-lcrypto $LIBS"
fi
AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
fi
CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
+ AC_CHECK_HEADER([openssl/opensslv.h], ,
+ AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
[
AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
]
)
+AC_ARG_WITH(openssl-header-check,
+ [ --without-openssl-header-check Disable OpenSSL version consistency check],
+ [ if test "x$withval" = "xno" ; then
+ openssl_check_nonfatal=1
+ fi
+ ]
+)
+
# Sanity check OpenSSL headers
AC_MSG_CHECKING([whether OpenSSL's headers match the library])
AC_RUN_IFELSE(
],
[
AC_MSG_RESULT(no)
- AC_MSG_ERROR([Your OpenSSL headers do not match your library.
-Check config.log for details.
+ if test "x$openssl_check_nonfatal" = "x"; then
+ AC_MSG_ERROR([Your OpenSSL headers do not match your
+library. Check config.log for details.
+If you are sure your installation is consistent, you can disable the check
+by running "./configure --without-openssl-header-check".
+Also see contrib/findssl.sh for help identifying header/library mismatches.
+])
+ else
+ AC_MSG_WARN([Your OpenSSL headers do not match your
+library. Check config.log for details.
Also see contrib/findssl.sh for help identifying header/library mismatches.])
+ fi
],
[
AC_MSG_WARN([cross compiling: not checking])
]
)
+AC_MSG_CHECKING([if programs using OpenSSL functions will link])
+AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <openssl/evp.h>
+int main(void) { SSLeay_add_all_algorithms(); }
+ ]])],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS -ldl"
+ AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
+ AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <openssl/evp.h>
+int main(void) { SSLeay_add_all_algorithms(); }
+ ]])],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ LIBS="$saved_LIBS"
+ ]
+ )
+ ]
+)
+
+AC_ARG_WITH(ssl-engine,
+ [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
+ [ if test "x$withval" != "xno" ; then
+ AC_MSG_CHECKING(for OpenSSL ENGINE support)
+ AC_TRY_COMPILE(
+ [ #include <openssl/engine.h>],
+ [
+ENGINE_load_builtin_engines();ENGINE_register_all_complete();
+ ],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(USE_OPENSSL_ENGINE, 1,
+ [Enable OpenSSL engine support])
+ ],
+ [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
+ )
+ fi ]
+)
+
# Check for OpenSSL without EVP_aes_{192,256}_cbc
AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
-AC_COMPILE_IFELSE(
+AC_LINK_IFELSE(
[AC_LANG_SOURCE([[
#include <string.h>
#include <openssl/evp.h>
-int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL)}
+int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
]])],
[
AC_MSG_RESULT(no)
]
)
+AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
+AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <string.h>
+#include <openssl/evp.h>
+int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
+ ]])],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
+ [Define if EVP_DigestUpdate returns void])
+ ]
+)
+
# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
# because the system crypt() is more featureful.
if test "x$check_for_libcrypt_before" = "x1"; then
AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
fi
-AC_CHECK_LIB(iaf, ia_openinfo)
+# Search for SHA256 support in libc and/or OpenSSL
+AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
+
+saved_LIBS="$LIBS"
+AC_CHECK_LIB(iaf, ia_openinfo, [
+ LIBS="$LIBS -liaf"
+ AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
+ AC_DEFINE(HAVE_LIBIAF, 1,
+ [Define if system has libiaf that supports set_id])
+ ])
+])
+LIBS="$saved_LIBS"
### Configure cryptographic random number support
]
)
+# Check for PAM libs
+PAM_MSG="no"
+AC_ARG_WITH(pam,
+ [ --with-pam Enable PAM support ],
+ [
+ if test "x$withval" != "xno" ; then
+ if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
+ test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
+ AC_MSG_ERROR([PAM headers not found])
+ fi
+
+ saved_LIBS="$LIBS"
+ AC_CHECK_LIB(dl, dlopen, , )
+ AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
+ AC_CHECK_FUNCS(pam_getenvlist)
+ AC_CHECK_FUNCS(pam_putenv)
+ LIBS="$saved_LIBS"
+
+ PAM_MSG="yes"
+
+ SSHDLIBS="$SSHDLIBS -lpam"
+ AC_DEFINE(USE_PAM, 1,
+ [Define if you want to enable PAM support])
+
+ if test $ac_cv_lib_dl_dlopen = yes; then
+ case "$LIBS" in
+ *-ldl*)
+ # libdl already in LIBS
+ ;;
+ *)
+ SSHDLIBS="$SSHDLIBS -ldl"
+ ;;
+ esac
+ fi
+ fi
+ ]
+)
+
+# Check for older PAM
+if test "x$PAM_MSG" = "xyes" ; then
+ # Check PAM strerror arguments (old PAM)
+ AC_MSG_CHECKING([whether pam_strerror takes only one argument])
+ AC_TRY_COMPILE(
+ [
+#include <stdlib.h>
+#if defined(HAVE_SECURITY_PAM_APPL_H)
+#include <security/pam_appl.h>
+#elif defined (HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
+ ],
+ [(void)pam_strerror((pam_handle_t *)NULL, -1);],
+ [AC_MSG_RESULT(no)],
+ [
+ AC_DEFINE(HAVE_OLD_PAM, 1,
+ [Define if you have an old version of PAM
+ which takes only one argument to pam_strerror])
+ AC_MSG_RESULT(yes)
+ PAM_MSG="yes (old library)"
+ ]
+ )
+fi
# Do we want to force the use of the rand helper?
AC_ARG_WITH(rand-helper,
#define __USE_ISOC99
#include <limits.h>
#define DATA "conftest.llminmax"
+#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
+
+/*
+ * printf in libc on some platforms (eg old Tru64) does not understand %lld so
+ * we do this the hard way.
+ */
+static int
+fprint_ll(FILE *f, long long n)
+{
+ unsigned int i;
+ int l[sizeof(long long) * 8];
+
+ if (n < 0)
+ if (fprintf(f, "-") < 0)
+ return -1;
+ for (i = 0; n != 0; i++) {
+ l[i] = my_abs(n % 10);
+ n /= 10;
+ }
+ do {
+ if (fprintf(f, "%d", l[--i]) < 0)
+ return -1;
+ } while (i != 0);
+ if (fprintf(f, " ") < 0)
+ return -1;
+ return 0;
+}
+
int main(void) {
FILE *f;
long long i, llmin, llmax = 0;
/* Sanity check */
if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
- || llmax - 1 > llmax) {
+ || llmax - 1 > llmax || llmin == llmax || llmin == 0
+ || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
fprintf(f, "unknown unknown\n");
exit(2);
}
- if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
+ if (fprint_ll(f, llmin) < 0)
exit(3);
-
+ if (fprint_ll(f, llmax) < 0)
+ exit(4);
+ if (fclose(f) < 0)
+ exit(5);
exit(0);
}
]])],
llong_min=`$AWK '{print $1}' conftest.llminmax`
llong_max=`$AWK '{print $2}' conftest.llminmax`
- # snprintf on some Tru64s doesn't understand "%lld"
- case "$host" in
- alpha-dec-osf*)
- if test "x$ac_cv_sizeof_long_long_int" = "x8" &&
- test "x$llong_max" = "xld"; then
- llong_min="-9223372036854775808"
- llong_max="9223372036854775807"
- fi
- ;;
- esac
-
AC_MSG_RESULT($llong_max)
AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
[max value of long long calculated by configure])
TYPE_SOCKLEN_T
AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
+AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
+#include <sys/types.h>
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_SYS_STATFS_H
+#include <sys/statfs.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+])
-AC_CHECK_TYPES(in_addr_t,,,
+AC_CHECK_TYPES([in_addr_t, in_port_t],,,
[#include <sys/types.h>
#include <netinet/in.h>])
if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
[define if you have struct in6_addr data type])
+
+dnl Now check for sin6_scope_id
+ AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
+ [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <netinet/in.h>
+ ])
fi
AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
file descriptor passing])
fi
+AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/stat.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#ifdef HAVE_SYS_MOUNT_H
+#include <sys/mount.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+], [struct statvfs s; s.f_fsid = 0;],
+[ AC_MSG_RESULT(yes) ],
+[ AC_MSG_RESULT(no)
+
+ AC_MSG_CHECKING(if fsid_t has member val)
+ AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/statvfs.h>],
+ [fsid_t t; t.val[0] = 0;],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
+ [ AC_MSG_RESULT(no) ])
+
+ AC_MSG_CHECKING(if f_fsid has member __val)
+ AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/statvfs.h>],
+ [fsid_t t; t.__val[0] = 0;],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
+ [ AC_MSG_RESULT(no) ])
+])
+
AC_CACHE_CHECK([for msg_control field in struct msghdr],
ac_cv_have_control_in_msghdr, [
AC_COMPILE_IFELSE(
LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
- LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
+ LIBS="$LIBS $LIBOPENSC_LIBS"
AC_DEFINE(SMARTCARD)
AC_DEFINE(USE_OPENSC, 1,
[Define if you want smartcard support
AC_SEARCH_LIBS(res_query, resolv)
AC_SEARCH_LIBS(dn_expand, resolv)
AC_MSG_CHECKING(if res_query will link)
- AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
+ AC_LINK_IFELSE([
+#include "confdefs.h"
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <netdb.h>
+#include <resolv.h>
+int main()
+{
+ res_query (0, 0, 0, 0, 0);
+ return 0;
+}
+ ],
+ AC_MSG_RESULT(yes),
[AC_MSG_RESULT(no)
saved_LIBS="$LIBS"
LIBS="$LIBS -lresolv"
AC_MSG_CHECKING(for res_query in -lresolv)
AC_LINK_IFELSE([
+#include "confdefs.h"
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <netdb.h>
#include <resolv.h>
int main()
{
return 0;
}
],
- [LIBS="$LIBS -lresolv"
- AC_MSG_RESULT(yes)],
+ [AC_MSG_RESULT(yes)],
[LIBS="$saved_LIBS"
AC_MSG_RESULT(no)])
])
[#include <arpa/nameser.h>])
])
+AC_MSG_CHECKING(if struct __res_state _res is an extern)
+AC_LINK_IFELSE([
+#include <stdio.h>
+#if HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+extern struct __res_state _res;
+int main() { return 0; }
+ ],
+ [AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE__RES_EXTERN, 1,
+ [Define if you have struct __res_state _res as an extern])
+ ],
+ [ AC_MSG_RESULT(no) ]
+)
+
+# Check whether user wants SELinux support
+SELINUX_MSG="no"
+LIBSELINUX=""
+AC_ARG_WITH(selinux,
+ [ --with-selinux Enable SELinux support],
+ [ if test "x$withval" != "xno" ; then
+ save_LIBS="$LIBS"
+ AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
+ SELINUX_MSG="yes"
+ AC_CHECK_HEADER([selinux/selinux.h], ,
+ AC_MSG_ERROR(SELinux support requires selinux.h header))
+ AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
+ AC_MSG_ERROR(SELinux support requires libselinux library))
+ SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
+ LIBS="$save_LIBS"
+ fi ]
+)
+
+# Finish configuring Globus GSSAPI
+if test "x$gsi_path" != "xno" ; then
+ if test ! -z "$need_dash_r" ; then
+ LDFLAGS="$LDFLAGS -R${gsi_path}/lib"
+ fi
+ if test ! -z "$blibpath" ; then
+ blibpath="$blibpath:${gsi_path}/lib"
+ fi
+ # test that we got the libraries OK
+ AC_TRY_LINK(
+ [],
+ [],
+ [],
+ [
+ AC_MSG_ERROR(link with Globus libraries failed)
+ ]
+ )
+ AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
+fi
+AC_SUBST(INSTALL_GSISSH)
+
+# Check whether the user wants GSSAPI mechglue support
+AC_ARG_WITH(mechglue,
+ [ --with-mechglue=PATH Build with GSSAPI mechglue library],
+ [
+ AC_MSG_CHECKING(for mechglue library)
+
+ if test -e ${withval}/libgssapi.a ; then
+ mechglue_lib=${withval}/libgssapi.a
+ elif test -e ${withval}/lib/libgssapi.a ; then
+ mechglue_lib=${withval}/lib/libgssapi.a
+ else
+ AC_MSG_ERROR("Can't find libgssapi in ${withval}");
+ fi
+ LIBS="${mechglue_lib} $LIBS"
+ AC_MSG_RESULT(${mechglue_lib})
+
+ AC_CHECK_LIB(dl, dlopen, , )
+ if test $ac_cv_lib_dl_dlopen = yes; then
+ LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
+ fi
+
+ AC_DEFINE(GSSAPI)
+ AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
+ GSSAPI="mechglue"
+ ]
+)
+
+
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
KRB5_MSG="yes"
- AC_MSG_CHECKING(for krb5-config)
- if test -x $KRB5ROOT/bin/krb5-config ; then
- KRB5CONF=$KRB5ROOT/bin/krb5-config
- AC_MSG_RESULT($KRB5CONF)
+ AC_PATH_PROG([KRB5CONF],[krb5-config],
+ [$KRB5ROOT/bin/krb5-config],
+ [$KRB5ROOT/bin:$PATH])
+ if test -x $KRB5CONF ; then
AC_MSG_CHECKING(for gssapi support)
if $KRB5CONF | grep gssapi >/dev/null ; then
AC_MSG_RESULT(no)
)
else
- AC_MSG_RESULT(no)
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
AC_MSG_CHECKING(whether we are using Heimdal)
)
AC_SEARCH_LIBS(dn_expand, resolv)
- AC_CHECK_LIB(gssapi,gss_init_sec_context,
+ AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
[ AC_DEFINE(GSSAPI)
- K5LIBS="-lgssapi $K5LIBS" ],
- [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
+ K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+ [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
[ AC_DEFINE(GSSAPI)
- K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+ K5LIBS="-lgssapi $K5LIBS" ],
AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
$K5LIBS)
],
]
)
+# strip causes problems with GSI libraries...
+if test -z "$GLOBUS_LDFLAGS" ; then
STRIP_OPT=-s
+fi
AC_ARG_ENABLE(strip,
[ --disable-strip Disable calling strip(1) on install],
[
AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
fi
-dnl remove pam and dl because they are in $LIBPAM
-if test "$PAM_MSG" = yes ; then
- LIBS=`echo $LIBS | sed 's/-lpam //'`
-fi
-if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
- LIBS=`echo $LIBS | sed 's/-ldl //'`
-fi
-
dnl Adding -Werror to CFLAGS early prevents configure tests from running.
dnl Add now.
CFLAGS="$CFLAGS $werror_flags"
+if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
+ test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
+ AC_SUBST(TEST_SSH_IPV6, no)
+else
+ AC_SUBST(TEST_SSH_IPV6, yes)
+fi
+
AC_EXEEXT
-AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
+AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
+ openbsd-compat/Makefile openbsd-compat/regress/Makefile \
scard/Makefile ssh_prng_cmds survey.sh])
AC_OUTPUT
fi
echo " Manpage format: $MANTYPE"
echo " PAM support: $PAM_MSG"
+echo " OSF SIA support: $SIA_MSG"
echo " KerberosV support: $KRB5_MSG"
+echo " SELinux support: $SELINUX_MSG"
echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
echo " MD5 password support: $MD5_MSG"
echo " libedit support: $LIBEDIT_MSG"
+echo " Solaris process contract support: $SPC_MSG"
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
echo " BSD Auth support: $BSD_AUTH_MSG"
echo " Compiler flags: ${CFLAGS}"
echo "Preprocessor flags: ${CPPFLAGS}"
echo " Linker flags: ${LDFLAGS}"
-echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
+echo " Libraries: ${LIBS}"
+if test ! -z "${SSHDLIBS}"; then
+echo " +for sshd: ${SSHDLIBS}"
+fi
echo ""
fi
if test ! -z "$NO_PEERCHECK" ; then
- echo "WARNING: the operating system that you are using does not "
- echo "appear to support either the getpeereid() API nor the "
- echo "SO_PEERCRED getsockopt() option. These facilities are used to "
- echo "enforce security checks to prevent unauthorised connections to "
- echo "ssh-agent. Their absence increases the risk that a malicious "
- echo "user can connect to your agent. "
+ echo "WARNING: the operating system that you are using does not"
+ echo "appear to support getpeereid(), getpeerucred() or the"
+ echo "SO_PEERCRED getsockopt() option. These facilities are used to"
+ echo "enforce security checks to prevent unauthorised connections to"
+ echo "ssh-agent. Their absence increases the risk that a malicious"
+ echo "user can connect to your agent."
echo ""
fi
andersk / gssapi-openssh.git / blobdiff