# $Id$
-
-AC_INIT
+#
+# Copyright (c) 1999-2004 Damien Miller
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
+AC_REVISION($Revision$)
AC_CONFIG_SRCDIR([ssh.c])
AC_CONFIG_HEADER(config.h)
+
+# Handle Globus configuration right away, because the Globus flavor
+# determines our compiler options.
+
+# Check whether the user wants GSI (Globus) support
+gsi_path="no"
+AC_ARG_WITH(gsi,
+ [ --with-gsi Enable Globus GSI authentication support],
+ [
+ gsi_path="$withval"
+ ]
+)
+
+AC_ARG_WITH(globus,
+ [ --with-globus Enable Globus GSI authentication support],
+ [
+ gsi_path="$withval"
+ ]
+)
+
+AC_ARG_WITH(globus-static,
+ [ --with-globus-static Link statically with Globus GSI libraries],
+ [
+ gsi_static="-static"
+ if test "x$gsi_path" = "xno" ; then
+ gsi_path="$withval"
+ fi
+ ]
+)
+
+# Check whether the user has a Globus flavor type
+globus_flavor_type="no"
+AC_ARG_WITH(globus-flavor,
+ [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
+ [
+ globus_flavor_type="$withval"
+ if test "x$gsi_path" = "xno" ; then
+ gsi_path="yes"
+ fi
+ ]
+)
+
+if test "x$gsi_path" != "xno" ; then
+ # Globus GSSAPI configuration
+ AC_MSG_CHECKING(for Globus GSI)
+ AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
+
+ if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
+ AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
+ fi
+ if test -z "$GSSAPI"; then
+ AC_DEFINE(GSSAPI)
+ GSSAPI="GSI"
+ fi
+
+ if test "x$gsi_path" = "xyes" ; then
+ if test -z "$GLOBUS_LOCATION" ; then
+ AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
+ else
+ gsi_path="$GLOBUS_LOCATION"
+ fi
+ fi
+ GLOBUS_LOCATION="$gsi_path"
+ export GLOBUS_LOCATION
+ if test ! -d "$GLOBUS_LOCATION" ; then
+ AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
+ fi
+
+ if test "x$globus_flavor_type" = "xno" ; then
+ AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
+ fi
+ if test "x$globus_flavor_type" = "xyes" ; then
+ AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
+ fi
+
+ GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
+ if test ! -d "$GLOBUS_INCLUDE" ; then
+ AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
+ fi
+
+ if test -x ${gsi_path}/bin/globus-makefile-header ; then
+ ${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
+ elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
+ ${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
+ else
+ AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
+ fi
+ . ./gpt_build_tmp.sh
+ if test -z "$GLOBUS_PKG_LIBS" ; then
+ AC_MSG_ERROR(globus-makefile-header failed)
+ fi
+
+ AC_MSG_RESULT($GLOBUS_LOCATION)
+ AC_DEFINE(HAVE_GSSAPI_H)
+
+ CC="$GLOBUS_CC"
+ CFLAGS="$GLOBUS_CFLAGS"
+ CPP="$GLOBUS_CPP"
+ CPPFLAGS="$GLOBUS_CPPFLAGS $GLOBUS_INCLUDES"
+ LIBS="$LIBS $GLOBUS_LIBS $GLOBUS_PKG_LIBS"
+ LD="$GLOBUS_LD"
+ LDFLAGS="$LDFLAGS $GLOBUS_LDFLAGS"
+
+ INSTALL_GSISSH="yes"
+else
+ INSTALL_GSISSH=""
+fi
+# End Globus/GSI section
+
AC_PROG_CC
AC_CANONICAL_HOST
AC_C_BIGENDIAN
# Checks for programs.
+AC_PROG_AWK
AC_PROG_CPP
AC_PROG_RANLIB
AC_PROG_INSTALL
+AC_PROG_EGREP
AC_PATH_PROG(AR, ar)
+AC_PATH_PROG(CAT, cat)
+AC_PATH_PROG(KILL, kill)
AC_PATH_PROGS(PERL, perl5 perl)
+AC_PATH_PROG(SED, sed)
AC_SUBST(PERL)
AC_PATH_PROG(ENT, ent)
AC_SUBST(ENT)
-AC_PATH_PROGS(FILEPRIV, filepriv, true, /sbin:/usr/sbin)
AC_PATH_PROG(TEST_MINUS_S_SH, bash)
AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
AC_PATH_PROG(TEST_MINUS_S_SH, sh)
AC_PATH_PROG(SH, sh)
+AC_SUBST(TEST_SHELL,sh)
+
+dnl for buildpkg.sh
+AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
+ [/usr/sbin${PATH_SEPARATOR}/etc])
+AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
+ [/usr/sbin${PATH_SEPARATOR}/etc])
+AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
+if test -x /sbin/sh; then
+ AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
+else
+ AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
+fi
# System features
AC_SYS_LARGEFILE
# Use LOGIN_PROGRAM from environment if possible
if test ! -z "$LOGIN_PROGRAM" ; then
- AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
+ AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
+ [If your header files don't define LOGIN_PROGRAM,
+ then use this (detected) from environment and PATH])
else
# Search for login
AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
fi
fi
+AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
+if test ! -z "$PATH_PASSWD_PROG" ; then
+ AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
+ [Full path of your "passwd" program])
+fi
+
if test -z "$LD" ; then
LD=$CC
fi
AC_SUBST(LD)
-
+
AC_C_INLINE
-if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
- CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
+
+AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
+
+use_stack_protector=1
+AC_ARG_WITH(stackprotect,
+ [ --without-stackprotect Don't use compiler's stack protection], [
+ if test "x$withval" = "xno"; then
+ use_stack_protector=0
+ fi ])
+
+if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
+ CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
+ GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
+ case $GCC_VER in
+ 1.*) no_attrib_nonnull=1 ;;
+ 2.8* | 2.9*)
+ CFLAGS="$CFLAGS -Wsign-compare"
+ no_attrib_nonnull=1
+ ;;
+ 2.*) no_attrib_nonnull=1 ;;
+ 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
+ 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
+ *) ;;
+ esac
+
+ AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-builtin-memset"
+ AC_LINK_IFELSE( [AC_LANG_SOURCE([[
+#include <string.h>
+int main(void){char b[10]; memset(b, 0, sizeof(b));}
+ ]])],
+ [ AC_MSG_RESULT(yes) ],
+ [ AC_MSG_RESULT(no)
+ CFLAGS="$saved_CFLAGS" ]
+)
+
+ # -fstack-protector-all doesn't always work for some GCC versions
+ # and/or platforms, so we test if we can. If it's not supported
+ # on a given platform gcc will emit a warning so we use -Werror.
+ if test "x$use_stack_protector" = "x1"; then
+ for t in -fstack-protector-all -fstack-protector; do
+ AC_MSG_CHECKING(if $CC supports $t)
+ saved_CFLAGS="$CFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+ CFLAGS="$CFLAGS $t -Werror"
+ LDFLAGS="$LDFLAGS $t -Werror"
+ AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([
+#include <stdio.h>
+int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
+ ])],
+ [ AC_MSG_RESULT(yes)
+ CFLAGS="$saved_CFLAGS $t"
+ LDFLAGS="$saved_LDFLAGS $t"
+ AC_MSG_CHECKING(if $t works)
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([
+#include <stdio.h>
+int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
+ ])],
+ [ AC_MSG_RESULT(yes)
+ break ],
+ [ AC_MSG_RESULT(no) ],
+ [ AC_MSG_WARN([cross compiling: cannot test])
+ break ]
+ )
+ ],
+ [ AC_MSG_RESULT(no) ]
+ )
+ CFLAGS="$saved_CFLAGS"
+ LDFLAGS="$saved_LDFLAGS"
+ done
+ fi
+
+ if test -z "$have_llong_max"; then
+ # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
+ unset ac_cv_have_decl_LLONG_MAX
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -std=gnu99"
+ AC_CHECK_DECL(LLONG_MAX,
+ [have_llong_max=1],
+ [CFLAGS="$saved_CFLAGS"],
+ [#include <limits.h>]
+ )
+ fi
+fi
+
+if test "x$no_attrib_nonnull" != "x1" ; then
+ AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
fi
+AC_ARG_WITH(rpath,
+ [ --without-rpath Disable auto-added -R linker paths],
+ [
+ if test "x$withval" = "xno" ; then
+ need_dash_r=""
+ fi
+ if test "x$withval" = "xyes" ; then
+ need_dash_r=1
+ fi
+ ]
+)
+
+# Allow user to specify flags
+AC_ARG_WITH(cflags,
+ [ --with-cflags Specify additional flags to pass to compiler],
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ CFLAGS="$CFLAGS $withval"
+ fi
+ ]
+)
+AC_ARG_WITH(cppflags,
+ [ --with-cppflags Specify additional flags to pass to preprocessor] ,
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ CPPFLAGS="$CPPFLAGS $withval"
+ fi
+ ]
+)
+AC_ARG_WITH(ldflags,
+ [ --with-ldflags Specify additional flags to pass to linker],
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ LDFLAGS="$LDFLAGS $withval"
+ fi
+ ]
+)
+AC_ARG_WITH(libs,
+ [ --with-libs Specify additional libraries to link with],
+ [
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ LIBS="$LIBS $withval"
+ fi
+ ]
+)
+AC_ARG_WITH(Werror,
+ [ --with-Werror Build main code with -Werror],
+ [
+ if test -n "$withval" && test "x$withval" != "xno"; then
+ werror_flags="-Werror"
+ if test "x${withval}" != "xyes"; then
+ werror_flags="$withval"
+ fi
+ fi
+ ]
+)
+
+AC_CHECK_HEADERS( \
+ bstring.h \
+ crypt.h \
+ crypto/sha2.h \
+ dirent.h \
+ endian.h \
+ features.h \
+ fcntl.h \
+ floatingpoint.h \
+ getopt.h \
+ glob.h \
+ ia.h \
+ iaf.h \
+ limits.h \
+ login.h \
+ maillock.h \
+ ndir.h \
+ net/if_tun.h \
+ netdb.h \
+ netgroup.h \
+ pam/pam_appl.h \
+ paths.h \
+ poll.h \
+ pty.h \
+ readpassphrase.h \
+ rpc/types.h \
+ security/pam_appl.h \
+ sha2.h \
+ shadow.h \
+ stddef.h \
+ stdint.h \
+ string.h \
+ strings.h \
+ sys/audit.h \
+ sys/bitypes.h \
+ sys/bsdtty.h \
+ sys/cdefs.h \
+ sys/dir.h \
+ sys/mman.h \
+ sys/ndir.h \
+ sys/poll.h \
+ sys/prctl.h \
+ sys/pstat.h \
+ sys/select.h \
+ sys/stat.h \
+ sys/stream.h \
+ sys/stropts.h \
+ sys/strtio.h \
+ sys/statvfs.h \
+ sys/sysmacros.h \
+ sys/time.h \
+ sys/timers.h \
+ sys/un.h \
+ time.h \
+ tmpdir.h \
+ ttyent.h \
+ ucred.h \
+ unistd.h \
+ usersec.h \
+ util.h \
+ utime.h \
+ utmp.h \
+ utmpx.h \
+ vis.h \
+)
+
+# lastlog.h requires sys/time.h to be included first on Solaris
+AC_CHECK_HEADERS(lastlog.h, [], [], [
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+])
+
+# sys/ptms.h requires sys/stream.h to be included first on Solaris
+AC_CHECK_HEADERS(sys/ptms.h, [], [], [
+#ifdef HAVE_SYS_STREAM_H
+# include <sys/stream.h>
+#endif
+])
+
+# login_cap.h requires sys/types.h on NetBSD
+AC_CHECK_HEADERS(login_cap.h, [], [], [
+#include <sys/types.h>
+])
+
+# older BSDs need sys/param.h before sys/mount.h
+AC_CHECK_HEADERS(sys/mount.h, [], [], [
+#include <sys/param.h>
+])
+
+# Messages for features tested for in target-specific section
+SIA_MSG="no"
+SPC_MSG="no"
+
# Check for some target-specific stuff
case "$host" in
*-*-aix*)
- AFS_LIBS="-lld"
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
- if (test "$LD" != "gcc" && test -z "$blibpath"); then
- AC_MSG_CHECKING([if linkage editor ($LD) accepts -blibpath])
- saved_LDFLAGS="$LDFLAGS"
- LDFLAGS="$LDFLAGS -blibpath:/usr/lib:/lib:/usr/local/lib"
- AC_TRY_LINK([],
- [],
- [
- AC_MSG_RESULT(yes)
- blibpath="/usr/lib:/lib:/usr/local/lib"
- ],
- [ AC_MSG_RESULT(no) ]
- )
- LDFLAGS="$saved_LDFLAGS"
+ # Some versions of VAC won't allow macro redefinitions at
+ # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
+ # particularly with older versions of vac or xlc.
+ # It also throws errors about null macro argments, but these are
+ # not fatal.
+ AC_MSG_CHECKING(if compiler allows macro redefinitions)
+ AC_COMPILE_IFELSE(
+ [AC_LANG_SOURCE([[
+#define testmacro foo
+#define testmacro bar
+int main(void) { exit(0); }
+ ]])],
+ [ AC_MSG_RESULT(yes) ],
+ [ AC_MSG_RESULT(no)
+ CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
+ LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
+ CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
+ CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
+ ]
+ )
+
+ AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
+ if (test -z "$blibpath"); then
+ blibpath="/usr/lib:/lib"
fi
- AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)])
- AC_DEFINE(BROKEN_GETADDRINFO)
- AC_DEFINE(BROKEN_REALPATH)
+ saved_LDFLAGS="$LDFLAGS"
+ if test "$GCC" = "yes"; then
+ flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
+ else
+ flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
+ fi
+ for tryflags in $flags ;do
+ if (test -z "$blibflags"); then
+ LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
+ AC_TRY_LINK([], [], [blibflags=$tryflags])
+ fi
+ done
+ if (test -z "$blibflags"); then
+ AC_MSG_RESULT(not found)
+ AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
+ else
+ AC_MSG_RESULT($blibflags)
+ fi
+ LDFLAGS="$saved_LDFLAGS"
+ dnl Check for authenticate. Might be in libs.a on older AIXes
+ AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
+ [Define if you want to enable AIX4's authenticate function])],
+ [AC_CHECK_LIB(s,authenticate,
+ [ AC_DEFINE(WITH_AIXAUTHENTICATE)
+ LIBS="$LIBS -ls"
+ ])
+ ])
+ dnl Check for various auth function declarations in headers.
+ AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
+ passwdexpired, setauthdb], , , [#include <usersec.h>])
+ dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
+ AC_CHECK_DECLS(loginfailed,
+ [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
+ AC_TRY_COMPILE(
+ [#include <usersec.h>],
+ [(void)loginfailed("user","host","tty",0);],
+ [AC_MSG_RESULT(yes)
+ AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
+ [Define if your AIX loginfailed() function
+ takes 4 arguments (AIX >= 5.2)])],
+ [AC_MSG_RESULT(no)]
+ )],
+ [],
+ [#include <usersec.h>]
+ )
+ AC_CHECK_FUNCS(getgrset setauthdb)
+ AC_CHECK_DECL(F_CLOSEM,
+ AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
+ [],
+ [ #include <limits.h>
+ #include <fcntl.h> ]
+ )
+ check_for_aix_broken_getaddrinfo=1
+ AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
+ AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
+ [Define if your platform breaks doing a seteuid before a setuid])
+ AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
+ AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
dnl AIX handles lastlog as part of its login message
- AC_DEFINE(DISABLE_LASTLOG)
- AC_DEFINE(LOGIN_NEEDS_UTMPX)
+ AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
+ AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
+ [Some systems need a utmpx entry for /bin/login to work])
+ AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
+ [Define to a Set Process Title type if your system is
+ supported by bsd-setproctitle.c])
+ AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
+ [AIX 5.2 and 5.3 (and presumably newer) require this])
+ AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
;;
*-*-cygwin*)
- LIBS="$LIBS /usr/lib/textmode.o"
- AC_DEFINE(HAVE_CYGWIN)
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(DISABLE_SHADOW)
- AC_DEFINE(IPV4_DEFAULT)
- AC_DEFINE(IP_TOS_IS_BROKEN)
- AC_DEFINE(NO_X11_UNIX_SOCKETS)
- AC_DEFINE(BROKEN_FD_PASSING)
- AC_DEFINE(SETGROUPS_NOOP)
+ check_for_libcrypt_later=1
+ LIBS="$LIBS /usr/lib/textreadmode.o"
+ AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
+ AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
+ AC_DEFINE(DISABLE_SHADOW, 1,
+ [Define if you want to disable shadow passwords])
+ AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
+ [Define if X11 doesn't support AF_UNIX sockets on that system])
+ AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
+ [Define if the concept of ports only accessible to
+ superusers isn't known])
+ AC_DEFINE(DISABLE_FD_PASSING, 1,
+ [Define if your platform needs to skip post auth
+ file descriptor passing])
+ AC_DEFINE(SSH_IOBUFSZ, 65536, [Windows is sensitive to read buffer size])
;;
*-*-dgux*)
- AC_DEFINE(IP_TOS_IS_BROKEN)
+ AC_DEFINE(IP_TOS_IS_BROKEN, 1,
+ [Define if your system choked on IP TOS setting])
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
;;
*-*-darwin*)
+ AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
AC_DEFINE(BROKEN_GETADDRINFO)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
+ AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
+ [Define if your resolver libs need this for getrrsetbyname])
+ AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
+ AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
+ [Use tunnel device compatibility to OpenBSD])
+ AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
+ [Prepend the address family to IP tunnel traffic])
+ AC_MSG_CHECKING(if we have the Security Authorization Session API)
+ AC_TRY_COMPILE([#include <Security/AuthSession.h>],
+ [SessionCreate(0, 0);],
+ [ac_cv_use_security_session_api="yes"
+ AC_DEFINE(USE_SECURITY_SESSION_API, 1,
+ [platform has the Security Authorization Session API])
+ LIBS="$LIBS -framework Security"
+ AC_MSG_RESULT(yes)],
+ [ac_cv_use_security_session_api="no"
+ AC_MSG_RESULT(no)])
+ AC_MSG_CHECKING(if we have an in-memory credentials cache)
+ AC_TRY_COMPILE(
+ [#include <Kerberos/Kerberos.h>],
+ [cc_context_t c;
+ (void) cc_initialize (&c, 0, NULL, NULL);],
+ [AC_DEFINE(USE_CCAPI, 1,
+ [platform uses an in-memory credentials cache])
+ LIBS="$LIBS -framework Security"
+ AC_MSG_RESULT(yes)
+ if test "x$ac_cv_use_security_session_api" = "xno"; then
+ AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
+ fi],
+ [AC_MSG_RESULT(no)]
+ )
+ m4_pattern_allow(AU_IPv)
+ AC_CHECK_DECL(AU_IPv4, [],
+ AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
+ [#include <bsm/audit.h>]
+ AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
+ [Define if pututxline updates lastlog too])
+ )
;;
-*-*-hpux10.26)
- if test -z "$GCC"; then
- CFLAGS="$CFLAGS -Ae"
- fi
- CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
- IPADDR_IN_DISPLAY=yes
- AC_DEFINE(HAVE_SECUREWARE)
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(LOGIN_NO_ENDOPT)
- AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(DISABLE_SHADOW)
- AC_DEFINE(DISABLE_UTMP)
- AC_DEFINE(SPT_TYPE,SPT_PSTAT)
- LIBS="$LIBS -lxnet -lsec -lsecpw"
- disable_ptmx_check=yes
- ;;
-*-*-hpux10*)
- if test -z "$GCC"; then
- CFLAGS="$CFLAGS -Ae"
- fi
- CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
- IPADDR_IN_DISPLAY=yes
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(LOGIN_NO_ENDOPT)
- AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(DISABLE_SHADOW)
- AC_DEFINE(DISABLE_UTMP)
- AC_DEFINE(SPT_TYPE,SPT_PSTAT)
- LIBS="$LIBS -lxnet -lsec"
+*-*-dragonfly*)
+ SSHDLIBS="$SSHDLIBS -lcrypt"
;;
-*-*-hpux11*)
+*-*-hpux*)
+ # first we define all of the options common to all HP-UX releases
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
IPADDR_IN_DISPLAY=yes
- AC_DEFINE(PAM_SUN_CODEBASE)
AC_DEFINE(USE_PIPES)
- AC_DEFINE(LOGIN_NO_ENDOPT)
+ AC_DEFINE(LOGIN_NO_ENDOPT, 1,
+ [Define if your login program cannot handle end of options ("--")])
AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(DISABLE_SHADOW)
- AC_DEFINE(DISABLE_UTMP)
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*",
+ [String used in /etc/passwd to denote locked account])
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
- LIBS="$LIBS -lxnet -lsec"
+ MAIL="/var/mail/username"
+ LIBS="$LIBS -lsec"
+ AC_CHECK_LIB(xnet, t_error, ,
+ AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
+
+ # next, we define all of the options specific to major releases
+ case "$host" in
+ *-*-hpux10*)
+ if test -z "$GCC"; then
+ CFLAGS="$CFLAGS -Ae"
+ fi
+ ;;
+ *-*-hpux11*)
+ AC_DEFINE(PAM_SUN_CODEBASE, 1,
+ [Define if you are using Solaris-derived PAM which
+ passes pam_messages to the conversation function
+ with an extra level of indirection])
+ AC_DEFINE(DISABLE_UTMP, 1,
+ [Define if you don't want to use utmp])
+ AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
+ check_for_hpux_broken_getaddrinfo=1
+ check_for_conflicting_getspnam=1
+ ;;
+ esac
+
+ # lastly, we define options specific to minor releases
+ case "$host" in
+ *-*-hpux10.26)
+ AC_DEFINE(HAVE_SECUREWARE, 1,
+ [Define if you have SecureWare-based
+ protected password database])
+ disable_ptmx_check=yes
+ LIBS="$LIBS -lsecpw"
+ ;;
+ esac
;;
*-*-irix5*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS"
PATH="$PATH:/usr/etc"
- AC_DEFINE(BROKEN_INET_NTOA)
- AC_DEFINE(WITH_ABBREV_NO_TTY)
+ AC_DEFINE(BROKEN_INET_NTOA, 1,
+ [Define if you system's inet_ntoa is busted
+ (e.g. Irix gcc issue)])
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
+ [Define if you shouldn't strip 'tty' from your
+ ttyname in [uw]tmp])
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
*-*-irix6*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS"
PATH="$PATH:/usr/etc"
- AC_DEFINE(WITH_IRIX_ARRAY)
- AC_DEFINE(WITH_IRIX_PROJECT)
- AC_DEFINE(WITH_IRIX_AUDIT)
- AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
+ AC_DEFINE(WITH_IRIX_ARRAY, 1,
+ [Define if you have/want arrays
+ (cluster-wide session managment, not C arrays)])
+ AC_DEFINE(WITH_IRIX_PROJECT, 1,
+ [Define if you want IRIX project management])
+ AC_DEFINE(WITH_IRIX_AUDIT, 1,
+ [Define if you want IRIX audit trails])
+ AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
+ [Define if you want IRIX kernel jobs])])
AC_DEFINE(BROKEN_INET_NTOA)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
AC_DEFINE(WITH_ABBREV_NO_TTY)
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
+ ;;
+*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
+ check_for_libcrypt_later=1
+ AC_DEFINE(PAM_TTY_KLUDGE)
+ AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
+ AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
+ AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
+ AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
;;
*-*-linux*)
no_dev_ptmx=1
check_for_libcrypt_later=1
- AC_DEFINE(DONT_TRY_OTHER_AF)
- AC_DEFINE(PAM_TTY_KLUDGE)
+ check_for_openpty_ctty_bug=1
+ AC_DEFINE(PAM_TTY_KLUDGE, 1,
+ [Work around problematic Linux PAM modules handling of PAM_TTY])
+ AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
+ [String used in /etc/passwd to denote locked account])
+ AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
+ AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
+ [Define to whatever link() returns for "not supported"
+ if it doesn't return EOPNOTSUPP.])
+ AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
+ AC_DEFINE(USE_BTMP)
inet6_default_4in6=yes
+ case `uname -r` in
+ 1.*|2.0.*)
+ AC_DEFINE(BROKEN_CMSG_TYPE, 1,
+ [Define if cmsg_type is not passed correctly])
+ ;;
+ esac
+ # tun(4) forwarding compat code
+ AC_CHECK_HEADERS(linux/if_tun.h)
+ if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
+ AC_DEFINE(SSH_TUN_LINUX, 1,
+ [Open tunnel devices the Linux tun/tap way])
+ AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
+ [Use tunnel device compatibility to OpenBSD])
+ AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
+ [Prepend the address family to IP tunnel traffic])
+ fi
;;
mips-sony-bsd|mips-sony-newsos4)
- AC_DEFINE(HAVE_NEWS4)
+ AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
SONY=1
;;
*-*-netbsd*)
- need_dash_r=1
+ check_for_libcrypt_before=1
+ if test "x$withval" != "xno" ; then
+ need_dash_r=1
+ fi
+ AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
+ AC_CHECK_HEADER([net/if_tap.h], ,
+ AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
+ AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
+ [Prepend the address family to IP tunnel traffic])
;;
*-*-freebsd*)
check_for_libcrypt_later=1
+ AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
+ AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
+ AC_CHECK_HEADER([net/if_tap.h], ,
+ AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
+ AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
+ ;;
+*-*-bsdi*)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
;;
*-next-*)
conf_lastlog_location="/usr/adm/lastlog"
conf_utmp_location=/etc/utmp
conf_wtmp_location=/usr/adm/wtmp
MAIL=/usr/spool/mail
- AC_DEFINE(HAVE_NEXT)
+ AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
AC_DEFINE(BROKEN_REALPATH)
AC_DEFINE(USE_PIPES)
- AC_DEFINE(BROKEN_SAVED_UIDS)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- CFLAGS="$CFLAGS"
+ AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
+ ;;
+*-*-openbsd*)
+ AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
+ AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
+ AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
+ AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
+ [syslog_r function is safe to use in in a signal handler])
;;
*-*-solaris*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
- need_dash_r=1
+ if test "x$withval" != "xno" ; then
+ need_dash_r=1
+ fi
AC_DEFINE(PAM_SUN_CODEBASE)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(LOGIN_NEEDS_TERM)
+ AC_DEFINE(LOGIN_NEEDS_TERM, 1,
+ [Some versions of /bin/login need the TERM supplied
+ on the commandline])
AC_DEFINE(PAM_TTY_KLUDGE)
+ AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
+ [Define if pam_chauthtok wants real uid set
+ to the unpriv'ed user])
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
+ # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
+ AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
+ [Define if sshd somehow reacquires a controlling TTY
+ after setsid()])
+ AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
+ in case the name is longer than 8 chars])
+ AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
+ external_path_file=/etc/default/login
# hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog"
AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
if test "$sol2ver" -ge 8; then
AC_MSG_RESULT(yes)
AC_DEFINE(DISABLE_UTMP)
- AC_DEFINE(DISABLE_WTMP)
+ AC_DEFINE(DISABLE_WTMP, 1,
+ [Define if you don't want to use wtmp])
else
AC_MSG_RESULT(no)
fi
+ AC_ARG_WITH(solaris-contracts,
+ [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
+ [
+ AC_CHECK_LIB(contract, ct_tmpl_activate,
+ [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
+ [Define if you have Solaris process contracts])
+ SSHDLIBS="$SSHDLIBS -lcontract"
+ AC_SUBST(SSHDLIBS)
+ SPC_MSG="yes" ], )
+ ],
+ )
;;
*-*-sunos4*)
CPPFLAGS="$CPPFLAGS -DSUNOS4"
AC_DEFINE(USE_PIPES)
;;
*-ncr-sysv*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lc89"
AC_DEFINE(USE_PIPES)
+ AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
;;
*-sni-sysv*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
# /usr/ucblib MUST NOT be searched on ReliantUNIX
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
+ AC_CHECK_LIB(dl, dlsym, ,)
+ # -lresolv needs to be at the end of LIBS or DNS lookups break
+ AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
IPADDR_IN_DISPLAY=yes
AC_DEFINE(USE_PIPES)
AC_DEFINE(IP_TOS_IS_BROKEN)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ external_path_file=/etc/default/login
# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
# Attention: always take care to bind libsocket and libnsl before libc,
# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
;;
+# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
*-*-sysv4.2*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
AC_DEFINE(USE_PIPES)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
+# UnixWare 7.x, OpenUNIX 8
*-*-sysv5*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
+ AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
AC_DEFINE(USE_PIPES)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(PASSWD_NEEDS_USERNAME)
+ case "$host" in
+ *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
+ TEST_SHELL=/u95/bin/sh
+ AC_DEFINE(BROKEN_LIBIAF, 1,
+ [ia_uinfo routines not supported by OS yet])
+ AC_DEFINE(BROKEN_UPDWTMPX)
+ AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
+ AC_CHECK_FUNCS(getluid setluid,,,-lprot)
+ AC_DEFINE(HAVE_SECUREWARE)
+ AC_DEFINE(DISABLE_SHADOW)
+ ],,)
+ ;;
+ *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
+ check_for_libcrypt_later=1
+ ;;
+ esac
;;
*-*-sysv*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
;;
+# SCO UNIX and OEM versions of SCO UNIX
*-*-sco3.2v4*)
- CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
- LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
- RANLIB=true
- no_dev_ptmx=1
- AC_DEFINE(BROKEN_SYS_TERMIO_H)
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(HAVE_SECUREWARE)
- AC_DEFINE(DISABLE_SHADOW)
- AC_DEFINE(BROKEN_SAVED_UIDS)
- AC_CHECK_FUNCS(getluid setluid)
- MANTYPE=man
- do_sco3_extra_lib_check=yes
+ AC_MSG_ERROR("This Platform is no longer supported.")
;;
+# SCO OpenServer 5.x
*-*-sco3.2v5*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
+ if test -z "$GCC"; then
+ CFLAGS="$CFLAGS -belf"
+ fi
LIBS="$LIBS -lprot -lx -ltinfo -lm"
no_dev_ptmx=1
AC_DEFINE(USE_PIPES)
AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(DISABLE_SHADOW)
- AC_DEFINE(BROKEN_FD_PASSING)
+ AC_DEFINE(DISABLE_FD_PASSING)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(WITH_ABBREV_NO_TTY)
+ AC_DEFINE(BROKEN_UPDWTMPX)
+ AC_DEFINE(PASSWD_NEEDS_USERNAME)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
+ TEST_SHELL=ksh
+ ;;
+*-*-unicosmk*)
+ AC_DEFINE(NO_SSH_LASTLOG, 1,
+ [Define if you don't want to use lastlog in session.c])
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(USE_PIPES)
+ AC_DEFINE(DISABLE_FD_PASSING)
+ LDFLAGS="$LDFLAGS"
+ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
+ MANTYPE=cat
+ ;;
+*-*-unicosmp*)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(WITH_ABBREV_NO_TTY)
+ AC_DEFINE(USE_PIPES)
+ AC_DEFINE(DISABLE_FD_PASSING)
+ LDFLAGS="$LDFLAGS"
+ LIBS="$LIBS -lgen -lacid -ldb"
+ MANTYPE=cat
;;
*-*-unicos*)
- no_libsocket=1
- no_libnsl=1
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(USE_PIPES)
- AC_DEFINE(BROKEN_FD_PASSING)
- LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib"
- LIBS="$LIBS -lgen -lrsc"
+ AC_DEFINE(DISABLE_FD_PASSING)
+ AC_DEFINE(NO_SSH_LASTLOG)
+ LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
+ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
+ MANTYPE=cat
;;
*-dec-osf*)
AC_MSG_CHECKING(for Digital Unix SIA)
if test -z "$no_osfsia" ; then
if test -f /etc/sia/matrix.conf; then
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_OSF_SIA)
- AC_DEFINE(DISABLE_LOGIN)
+ AC_DEFINE(HAVE_OSF_SIA, 1,
+ [Define if you have Digital Unix Security
+ Integration Architecture])
+ AC_DEFINE(DISABLE_LOGIN, 1,
+ [Define if you don't want to use your
+ system's login() call])
+ AC_DEFINE(DISABLE_FD_PASSING)
LIBS="$LIBS -lsecurity -ldb -lm -laud"
+ SIA_MSG="yes"
else
AC_MSG_RESULT(no)
+ AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
+ [String used in /etc/passwd to denote locked account])
fi
fi
+ AC_DEFINE(BROKEN_GETADDRINFO)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
;;
-*-*-nto-qnx)
+*-*-nto-qnx*)
AC_DEFINE(USE_PIPES)
AC_DEFINE(NO_X11_UNIX_SOCKETS)
- AC_DEFINE(MISSING_NFDBITS)
- AC_DEFINE(MISSING_HOWMANY)
- AC_DEFINE(MISSING_FD_MASK)
+ AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
+ AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
+ AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
+ AC_DEFINE(DISABLE_LASTLOG)
+ AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
+ enable_etc_default_login=no # has incompatible /etc/default/login
+ case "$host" in
+ *-*-nto-qnx6*)
+ AC_DEFINE(DISABLE_FD_PASSING)
+ ;;
+ esac
;;
+
+*-*-ultrix*)
+ AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
+ AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
+ AC_DEFINE(NEED_SETPGRP)
+ AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
+ ;;
+
+*-*-lynxos)
+ CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
+ AC_DEFINE(MISSING_HOWMANY)
+ AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
+ ;;
esac
-# Allow user to specify flags
-AC_ARG_WITH(cflags,
- [ --with-cflags Specify additional flags to pass to compiler],
+AC_MSG_CHECKING(compiler and flags for sanity)
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([
+#include <stdio.h>
+int main(){exit(0);}
+ ])],
+ [ AC_MSG_RESULT(yes) ],
[
- if test "x$withval" != "xno" ; then
- CFLAGS="$CFLAGS $withval"
- fi
- ]
-)
-AC_ARG_WITH(cppflags,
- [ --with-cppflags Specify additional flags to pass to preprocessor] ,
- [
- if test "x$withval" != "xno"; then
- CPPFLAGS="$CPPFLAGS $withval"
- fi
- ]
-)
-AC_ARG_WITH(ldflags,
- [ --with-ldflags Specify additional flags to pass to linker],
- [
- if test "x$withval" != "xno" ; then
- LDFLAGS="$LDFLAGS $withval"
- fi
- ]
-)
-AC_ARG_WITH(libs,
- [ --with-libs Specify additional libraries to link with],
- [
- if test "x$withval" != "xno" ; then
- LIBS="$LIBS $withval"
- fi
- ]
+ AC_MSG_RESULT(no)
+ AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
+ ],
+ [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
)
-# Checks for header files.
-AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
- getopt.h glob.h lastlog.h limits.h login.h \
- login_cap.h maillock.h netdb.h netgroup.h \
- netinet/in_systm.h paths.h pty.h readpassphrase.h \
- rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
- strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
- sys/mman.h sys/select.h sys/stat.h \
- sys/stropts.h sys/sysmacros.h sys/time.h \
- sys/un.h time.h ttyent.h usersec.h \
- util.h utime.h utmp.h utmpx.h)
-
+dnl Checks for header files.
# Checks for libraries.
AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
-dnl SCO OS3 needs this for libwrap
-if test "x$with_tcp_wrappers" != "xno" ; then
- if test "x$do_sco3_extra_lib_check" = "xyes" ; then
- AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
- fi
-fi
+dnl IRIX and Solaris 2.5.1 have dirname() in libgen
+AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
+ AC_CHECK_LIB(gen, dirname,[
+ AC_CACHE_CHECK([for broken dirname],
+ ac_cv_have_broken_dirname, [
+ save_LIBS="$LIBS"
+ LIBS="$LIBS -lgen"
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <libgen.h>
+#include <string.h>
-AC_CHECK_FUNC(getspnam, ,
- AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
+int main(int argc, char **argv) {
+ char *s, buf[32];
-AC_ARG_WITH(rpath,
- [ --without-rpath Disable auto-added -R linker paths],
- [
- if test "x$withval" = "xno" ; then
- need_dash_r=""
- fi
- if test "x$withval" = "xyes" ; then
- need_dash_r=1
+ strncpy(buf,"/etc", 32);
+ s = dirname(buf);
+ if (!s || strncmp(s, "/", 32) != 0) {
+ exit(1);
+ } else {
+ exit(0);
+ }
+}
+ ]])],
+ [ ac_cv_have_broken_dirname="no" ],
+ [ ac_cv_have_broken_dirname="yes" ],
+ [ ac_cv_have_broken_dirname="no" ],
+ )
+ LIBS="$save_LIBS"
+ ])
+ if test "x$ac_cv_have_broken_dirname" = "xno" ; then
+ LIBS="$LIBS -lgen"
+ AC_DEFINE(HAVE_DIRNAME)
+ AC_CHECK_HEADERS(libgen.h)
fi
- ]
-)
+ ])
+])
+
+AC_CHECK_FUNC(getspnam, ,
+ AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
+AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
+ [Define if you have the basename function.]))
dnl zlib is required
AC_ARG_WITH(zlib,
[ --with-zlib=PATH Use zlib in PATH],
- [
- if test "x$withval" = "xno" ; then
- AC_MSG_ERROR([*** zlib is required ***])
- fi
+ [ if test "x$withval" = "xno" ; then
+ AC_MSG_ERROR([*** zlib is required ***])
+ elif test "x$withval" != "xyes"; then
if test -d "$withval/lib"; then
if test -n "${need_dash_r}"; then
LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
else
CPPFLAGS="-I${withval} ${CPPFLAGS}"
fi
+ fi ]
+)
+
+AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
+AC_CHECK_LIB(z, deflate, ,
+ [
+ saved_CPPFLAGS="$CPPFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+ save_LIBS="$LIBS"
+ dnl Check default zlib install dir
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
+ else
+ LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
+ fi
+ CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
+ LIBS="$LIBS -lz"
+ AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
+ [
+ AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
+ ]
+ )
+ ]
+)
+
+AC_ARG_WITH(zlib-version-check,
+ [ --without-zlib-version-check Disable zlib version check],
+ [ if test "x$withval" = "xno" ; then
+ zlib_check_nonfatal=1
+ fi
]
)
-AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]))
+AC_MSG_CHECKING(for possibly buggy zlib)
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <zlib.h>
+int main()
+{
+ int a=0, b=0, c=0, d=0, n, v;
+ n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
+ if (n != 3 && n != 4)
+ exit(1);
+ v = a*1000000 + b*10000 + c*100 + d;
+ fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
+
+ /* 1.1.4 is OK */
+ if (a == 1 && b == 1 && c >= 4)
+ exit(0);
+
+ /* 1.2.3 and up are OK */
+ if (v >= 1020300)
+ exit(0);
+
+ exit(2);
+}
+ ]])],
+ AC_MSG_RESULT(no),
+ [ AC_MSG_RESULT(yes)
+ if test -z "$zlib_check_nonfatal" ; then
+ AC_MSG_ERROR([*** zlib too old - check config.log ***
+Your reported zlib version has known security problems. It's possible your
+vendor has fixed these problems without changing the version number. If you
+are sure this is the case, you can disable the check by running
+"./configure --without-zlib-version-check".
+If you are in doubt, upgrade zlib to version 1.2.3 or greater.
+See http://www.gzip.org/zlib/ for details.])
+ else
+ AC_MSG_WARN([zlib version may have security problems])
+ fi
+ ],
+ [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
+)
dnl UnixWare 2.x
-AC_CHECK_FUNC(strcasecmp,
+AC_CHECK_FUNC(strcasecmp,
[], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
)
-AC_CHECK_FUNC(utimes,
- [], [ AC_CHECK_LIB(c89, utimes, LIBS="$LIBS -lc89") ]
+AC_CHECK_FUNCS(utimes,
+ [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
+ LIBS="$LIBS -lc89"]) ]
)
dnl Checks for libutil functions
AC_CHECK_HEADERS(libutil.h)
-AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
-AC_CHECK_FUNCS(logout updwtmp logwtmp)
+AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
+ [Define if your libraries define login()])])
+AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
AC_FUNC_STRFTIME
#ifdef GLOB_ALTDIRFUNC
FOUNDIT
#endif
- ],
+ ],
[
- AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
+ AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
+ [Define if your system glob() function has
+ the GLOB_ALTDIRFUNC extension])
AC_MSG_RESULT(yes)
],
[
# Check for g.gl_matchc glob() extension
AC_MSG_CHECKING(for gl_matchc field in glob_t)
-AC_EGREP_CPP(FOUNDIT,
- [
- #include <glob.h>
- int main(void){glob_t g; g.gl_matchc = 1;}
- ],
- [
- AC_DEFINE(GLOB_HAS_GL_MATCHC)
- AC_MSG_RESULT(yes)
- ],
- [
- AC_MSG_RESULT(no)
- ]
-)
-
-AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
-AC_TRY_RUN(
+AC_TRY_COMPILE(
+ [ #include <glob.h> ],
+ [glob_t g; g.gl_matchc = 1;],
[
-#include <sys/types.h>
-#include <dirent.h>
-int main(void){struct dirent d;return(sizeof(d.d_name)<=sizeof(char));}
+ AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
+ [Define if your system glob() function has
+ gl_matchc options in glob_t])
+ AC_MSG_RESULT(yes)
],
- [AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
- AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
]
)
-# Check whether the user wants GSSAPI mechglue support
-AC_ARG_WITH(mechglue,
- [ --with-mechglue=PATH Build with GSSAPI mechglue library],
- [
- AC_MSG_CHECKING(for mechglue library)
-
- if test -e ${withval}/libgssapi.a ; then
- mechglue_lib=${withval}/libgssapi.a
- elif test -e ${withval}/lib/libgssapi.a ; then
- mechglue_lib=${withval}/lib/libgssapi.a
- else
- AC_MSG_ERROR("Can't find libgssapi in ${withval}");
- fi
- LIBS="$LIBS ${mechglue_lib}"
- AC_MSG_RESULT(${mechglue_lib})
-
-# if test -e ${withval}/gssapi.h ; then
-# CPPFLAGS="$CPPFLAGS -I${withval}"
-# elif test -e ${withval}/include/gssapi.h ; then
-# CPPFLAGS="$CPPFLAGS -I${withval}/include"
-# else
-# AC_MSG_ERROR("Can't find gssapi.h in ${withval}");
-# fi
-
- AC_CHECK_LIB(dl, dlopen, , )
- if test $ac_cv_lib_dl_dlopen = yes; then
- LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
- fi
+AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
- AC_DEFINE(GSSAPI)
- AC_DEFINE(MECHGLUE)
- GSSAPI="mechglue"
-
- ]
-)
-
-
-# Check whether the user wants GSI (Globus) support
-gsi_path="no"
-AC_ARG_WITH(gsi,
- [ --with-gsi=PATH Enable GSI/Globus authentication support],
- [
- gsi_path="$withval"
- ]
-)
-
-AC_ARG_WITH(globus,
- [ --with-globus=PATH Enable GSI/Globus authentication support],
+AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <sys/types.h>
+#include <dirent.h>
+int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
+ ]])],
+ [AC_MSG_RESULT(yes)],
[
- gsi_path="$withval"
- ]
-)
-
-# Check whether the user has a Globus flavor type
-globus_flavor_type="no"
-AC_ARG_WITH(globus-flavor,
- [ --with-globus-flavor=TYPE Describe Globus flavor type (ex: gcc32dbg, etc.)],
+ AC_MSG_RESULT(no)
+ AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
+ [Define if your struct dirent expects you to
+ allocate extra space for d_name])
+ ],
[
- globus_flavor_type="$withval"
+ AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
+ AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
]
)
-if test "x$gsi_path" != "xno" ; then
- # Globus GSSAPI configuration
- AC_DEFINE(GSI)
-
- if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
- AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus/GSI.])
- fi
- if test -z "$GSSAPI"; then
- AC_DEFINE(GSSAPI)
- GSSAPI="GSI"
- fi
-
- # Find GLOBUS/GSI installation Directory
- AC_MSG_CHECKING(for Globus/GSI installation directory)
-
- globus_install_dir=$gsi_path
-
- if test "x$globus_install_dir" = "xyes" ; then
- AC_MSG_ERROR(Cannot find Globus/GSI installation directory -- a path must be specified!)
- fi
- AC_MSG_RESULT($globus_install_dir)
-
- # Find GLOBUS/GSI development directory
- AC_MSG_CHECKING(for Globus/GSI development directory)
-
- if test -d ${globus_install_dir}/lib ; then
- # Looks like a flat directory structure from configure/make
- # and not globus-install or gsi-install
- globus_dev_dir=$globus_install_dir
-
- else
- # Assume a true globus installation with architecture
- # directories and run globus-development-path to find
- # the development directory
-
- # Set GLOBUS_INSTALL_PATH
- GLOBUS_INSTALL_PATH=$globus_install_dir
- export GLOBUS_INSTALL_PATH
-
- dev_path_program=${globus_install_dir}/bin/globus-development-path
-
- if test ! -x ${dev_path_program} ; then
- AC_MSG_ERROR(Cannot find Globus/GSI installation directory: program ${dev_path_program} does not exist or is not executable)
- fi
-
- globus_dev_dir=`${dev_path_program}`
-
- if test -z "$globus_dev_dir" -o "X$globus_dev_dir" = "X<not found>" ; then
- AC_MSG_ERROR(Cannot find Globus/GSI development directory)
- fi
-
- if test ! -d "$globus_dev_dir" ; then
- AC_MSG_ERROR(Cannot find Globus/GSI development directory: $globus_dev_dir does not exist)
- fi
- fi
- AC_MSG_RESULT($globus_dev_dir)
-
- # Find GLOBUS/GSI flavor Directory
- AC_MSG_CHECKING(for Globus flavor type)
-
- if test "x$globus_flavor_type" = "xno" ; then
- if test "$GSSAPI" = "mechglue"; then
- GSI_LIBS="-lglobus_gss_assist -lglobus_gaa"
- else
- GSI_LIBS="-lglobus_gss_assist -lglobus_gss -lglobus_gaa"
- fi
- GSI_LDFLAGS="-L${globus_dev_dir}/lib"
- GSI_CPPFLAGS="-I${globus_dev_dir}/include"
- AC_MSG_RESULT(none)
- else
- GLOBUS_FLAVOR_TYPE_INCL_DIR="${globus_dev_dir}/include/${globus_flavor_type}"
-
- if test ! -d "$GLOBUS_FLAVOR_TYPE_INCL_DIR" ; then
- AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_FLAVOR_TYPE_INCL_DIR})
- fi
-
- AC_MSG_RESULT($globus_flavor_type)
- if test "$GSSAPI" = "mechglue"; then
- GSI_LIBS="${gsi_path}/lib/libglobus_gss_assist_${globus_flavor_type}.a"
- else
- GSI_LIBS="${gsi_path}/lib/libglobus_gss_assist_${globus_flavor_type}.a ${gsi_path}/lib/libglobus_gssapi_gsi_${globus_flavor_type}.a"
- fi
- GSI_CPPFLAGS="-I${GLOBUS_FLAVOR_TYPE_INCL_DIR}"
- fi
-
- LIBS="$LIBS $GSI_LIBS"
- LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
- CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
- INSTALL_GSISSH="yes"
+AC_MSG_CHECKING([for /proc/pid/fd directory])
+if test -d "/proc/$$/fd" ; then
+ AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
+ AC_MSG_RESULT(yes)
else
- INSTALL_GSISSH=""
+ AC_MSG_RESULT(no)
fi
-AC_SUBST(INSTALL_GSISSH)
-# End Globus/GSI section
# Check whether user wants S/Key support
-SKEY_MSG="no"
+SKEY_MSG="no"
AC_ARG_WITH(skey,
- [ --with-skey[[=PATH]] Enable S/Key support
- (optionally in PATH)],
+ [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
[
if test "x$withval" != "xno" ; then
LDFLAGS="$LDFLAGS -L${withval}/lib"
fi
- AC_DEFINE(SKEY)
+ AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
LIBS="-lskey $LIBS"
- SKEY_MSG="yes"
-
+ SKEY_MSG="yes"
+
AC_MSG_CHECKING([for s/key support])
- AC_TRY_RUN(
- [
+ AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdio.h>
#include <skey.h>
-int main() { char *ff = skey_keyinfo(""); ff=""; return 0; }
- ],
+int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
+ ]])],
[AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
])
+ AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
+ AC_TRY_COMPILE(
+ [#include <stdio.h>
+ #include <skey.h>],
+ [(void)skeychallenge(NULL,"name","",0);],
+ [AC_MSG_RESULT(yes)
+ AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
+ [Define if your skeychallenge()
+ function takes 4 arguments (NetBSD)])],
+ [AC_MSG_RESULT(no)]
+ )
fi
]
)
# Check whether user wants TCP wrappers support
TCPW_MSG="no"
AC_ARG_WITH(tcp-wrappers,
- [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
- (optionally in PATH)],
+ [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
[
if test "x$withval" != "xno" ; then
saved_LIBS="$LIBS"
saved_LDFLAGS="$LDFLAGS"
saved_CPPFLAGS="$CPPFLAGS"
- if test -n "${withval}" -a "${withval}" != "yes"; then
+ if test -n "${withval}" && \
+ test "x${withval}" != "xyes"; then
if test -d "${withval}/lib"; then
if test -n "${need_dash_r}"; then
LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
CPPFLAGS="-I${withval} ${CPPFLAGS}"
fi
fi
- LIBWRAP="-lwrap"
- LIBS="$LIBWRAP $LIBS"
+ LIBS="-lwrap $LIBS"
AC_MSG_CHECKING(for libwrap)
AC_TRY_LINK(
[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
#include <tcpd.h>
int deny_severity = 0, allow_severity = 0;
],
[hosts_access(0);],
[
AC_MSG_RESULT(yes)
- AC_DEFINE(LIBWRAP)
- AC_SUBST(LIBWRAP)
+ AC_DEFINE(LIBWRAP, 1,
+ [Define if you want
+ TCP Wrappers support])
+ SSHDLIBS="$SSHDLIBS -lwrap"
TCPW_MSG="yes"
],
[
]
)
-dnl Checks for library functions.
-AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
- clock fchmod fchown freeaddrinfo futimes gai_strerror \
- getaddrinfo getcwd getgrouplist getnameinfo getopt \
- getrlimit getrusage getttyent glob inet_aton inet_ntoa \
- inet_ntop innetgr login_getcapbool md5_crypt memmove \
- mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
- realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
- setenv seteuid setgroups setlogin setproctitle setresgid setreuid \
- setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
- socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
- truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
+# Check whether user wants libedit support
+LIBEDIT_MSG="no"
+AC_ARG_WITH(libedit,
+ [ --with-libedit[[=PATH]] Enable libedit support for sftp],
+ [ if test "x$withval" != "xno" ; then
+ if test "x$withval" != "xyes"; then
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ fi
+ AC_CHECK_LIB(edit, el_init,
+ [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
+ LIBEDIT="-ledit -lcurses"
+ LIBEDIT_MSG="yes"
+ AC_SUBST(LIBEDIT)
+ ],
+ [ AC_MSG_ERROR(libedit not found) ],
+ [ -lcurses ]
+ )
+ AC_MSG_CHECKING(if libedit version is compatible)
+ AC_COMPILE_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <histedit.h>
+int main(void)
+{
+ int i = H_SETSIZE;
+ el_init("", NULL, NULL, NULL);
+ exit(0);
+}
+ ]])],
+ [ AC_MSG_RESULT(yes) ],
+ [ AC_MSG_RESULT(no)
+ AC_MSG_ERROR(libedit version is not compatible) ]
+ )
+ fi ]
+)
-if test $ac_cv_func_mmap = yes ; then
-AC_MSG_CHECKING([for mmap anon shared])
-AC_TRY_RUN(
+AUDIT_MODULE=none
+AC_ARG_WITH(audit,
+ [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
[
-#include <stdio.h>
-#include <sys/mman.h>
-#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
-#define MAP_ANON MAP_ANONYMOUS
+ AC_MSG_CHECKING(for supported audit module)
+ case "$withval" in
+ bsm)
+ AC_MSG_RESULT(bsm)
+ AUDIT_MODULE=bsm
+ dnl Checks for headers, libs and functions
+ AC_CHECK_HEADERS(bsm/audit.h, [],
+ [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
+ [
+#ifdef HAVE_TIME_H
+# include <time.h>
#endif
-main() { char *p;
-p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
-if (p == (char *)-1)
- exit(1);
-exit(0);
-}
- ],
+ ]
+)
+ AC_CHECK_LIB(bsm, getaudit, [],
+ [AC_MSG_ERROR(BSM enabled and required library not found)])
+ AC_CHECK_FUNCS(getaudit, [],
+ [AC_MSG_ERROR(BSM enabled and required function not found)])
+ # These are optional
+ AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
+ AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
+ ;;
+ debug)
+ AUDIT_MODULE=debug
+ AC_MSG_RESULT(debug)
+ AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
+ ;;
+ no)
+ AC_MSG_RESULT(no)
+ ;;
+ *)
+ AC_MSG_ERROR([Unknown audit module $withval])
+ ;;
+ esac ]
+)
+
+dnl Checks for library functions. Please keep in alphabetical order
+AC_CHECK_FUNCS( \
+ arc4random \
+ arc4random_buf \
+ arc4random_uniform \
+ asprintf \
+ b64_ntop \
+ __b64_ntop \
+ b64_pton \
+ __b64_pton \
+ bcopy \
+ bindresvport_sa \
+ clock \
+ closefrom \
+ dirfd \
+ fchmod \
+ fchown \
+ freeaddrinfo \
+ fstatvfs \
+ futimes \
+ getaddrinfo \
+ getcwd \
+ getgrouplist \
+ getnameinfo \
+ getopt \
+ getpeereid \
+ getpeerucred \
+ _getpty \
+ getrlimit \
+ getttyent \
+ glob \
+ inet_aton \
+ inet_ntoa \
+ inet_ntop \
+ innetgr \
+ login_getcapbool \
+ md5_crypt \
+ memmove \
+ mkdtemp \
+ mmap \
+ ngetaddrinfo \
+ nsleep \
+ ogetaddrinfo \
+ openlog_r \
+ openpty \
+ poll \
+ prctl \
+ pstat \
+ readpassphrase \
+ realpath \
+ recvmsg \
+ rresvport_af \
+ sendmsg \
+ setdtablesize \
+ setegid \
+ setenv \
+ seteuid \
+ setgroups \
+ setlogin \
+ setpcred \
+ setproctitle \
+ setregid \
+ setreuid \
+ setrlimit \
+ setsid \
+ setvbuf \
+ sigaction \
+ sigvec \
+ snprintf \
+ socketpair \
+ statfs \
+ statvfs \
+ strdup \
+ strerror \
+ strlcat \
+ strlcpy \
+ strmode \
+ strnvis \
+ strtonum \
+ strtoll \
+ strtoul \
+ swap32 \
+ sysconf \
+ tcgetpgrp \
+ truncate \
+ unsetenv \
+ updwtmpx \
+ vasprintf \
+ vhangup \
+ vsnprintf \
+ waitpid \
+)
+
+# IRIX has a const char return value for gai_strerror()
+AC_CHECK_FUNCS(gai_strerror,[
+ AC_DEFINE(HAVE_GAI_STRERROR)
+ AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+const char *gai_strerror(int);],[
+char *str;
+
+str = gai_strerror(0);],[
+ AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
+ [Define if gai_strerror() returns const char *])])])
+
+AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
+ [Some systems put nanosleep outside of libc]))
+
+dnl Make sure prototypes are defined for these before using them.
+AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
+AC_CHECK_DECL(strsep,
+ [AC_CHECK_FUNCS(strsep)],
+ [],
[
- AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_MMAP_ANON_SHARED)
- ],
- [ AC_MSG_RESULT(no) ]
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif
+ ])
+
+dnl tcsendbreak might be a macro
+AC_CHECK_DECL(tcsendbreak,
+ [AC_DEFINE(HAVE_TCSENDBREAK)],
+ [AC_CHECK_FUNCS(tcsendbreak)],
+ [#include <termios.h>]
)
-fi
-dnl IRIX and Solaris 2.5.1 have dirname() in libgen
-AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
- AC_CHECK_LIB(gen, dirname,[
- AC_CACHE_CHECK([for broken dirname],
- ac_cv_have_broken_dirname, [
- save_LIBS="$LIBS"
- LIBS="$LIBS -lgen"
- AC_TRY_RUN(
- [
-#include <libgen.h>
-#include <string.h>
+AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
-int main(int argc, char **argv) {
- char *s, buf[32];
+AC_CHECK_DECLS(SHUT_RD, , ,
+ [
+#include <sys/types.h>
+#include <sys/socket.h>
+ ])
- strncpy(buf,"/etc", 32);
- s = dirname(buf);
- if (!s || strncmp(s, "/", 32) != 0) {
- exit(1);
- } else {
- exit(0);
- }
-}
- ],
- [ ac_cv_have_broken_dirname="no" ],
- [ ac_cv_have_broken_dirname="yes" ]
- )
- LIBS="$save_LIBS"
- ])
- if test "x$ac_cv_have_broken_dirname" = "xno" ; then
- LIBS="$LIBS -lgen"
- AC_DEFINE(HAVE_DIRNAME)
- AC_CHECK_HEADERS(libgen.h)
- fi
+AC_CHECK_DECLS(O_NONBLOCK, , ,
+ [
+#include <sys/types.h>
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+# include <fcntl.h>
+#endif
])
+
+AC_CHECK_DECLS(writev, , , [
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <unistd.h>
+ ])
+
+AC_CHECK_DECLS(MAXSYMLINKS, , , [
+#include <sys/param.h>
+ ])
+
+AC_CHECK_DECLS(offsetof, , , [
+#include <stddef.h>
+ ])
+
+AC_CHECK_FUNCS(setresuid, [
+ dnl Some platorms have setresuid that isn't implemented, test for this
+ AC_MSG_CHECKING(if setresuid seems to work)
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdlib.h>
+#include <errno.h>
+int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
+ ]])],
+ [AC_MSG_RESULT(yes)],
+ [AC_DEFINE(BROKEN_SETRESUID, 1,
+ [Define if your setresuid() is broken])
+ AC_MSG_RESULT(not implemented)],
+ [AC_MSG_WARN([cross compiling: not checking setresuid])]
+ )
+])
+
+AC_CHECK_FUNCS(setresgid, [
+ dnl Some platorms have setresgid that isn't implemented, test for this
+ AC_MSG_CHECKING(if setresgid seems to work)
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdlib.h>
+#include <errno.h>
+int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
+ ]])],
+ [AC_MSG_RESULT(yes)],
+ [AC_DEFINE(BROKEN_SETRESGID, 1,
+ [Define if your setresgid() is broken])
+ AC_MSG_RESULT(not implemented)],
+ [AC_MSG_WARN([cross compiling: not checking setresuid])]
+ )
])
dnl Checks for time functions
dnl Checks for utmpx functions
AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
AC_CHECK_FUNCS(setutxent utmpxname)
+dnl Checks for lastlog functions
+AC_CHECK_FUNCS(getlastlogxbyname)
-AC_CHECK_FUNC(daemon,
- [AC_DEFINE(HAVE_DAEMON)],
- [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
+AC_CHECK_FUNC(daemon,
+ [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
+ [AC_CHECK_LIB(bsd, daemon,
+ [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
)
-AC_CHECK_FUNC(getpagesize,
- [AC_DEFINE(HAVE_GETPAGESIZE)],
- [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
+AC_CHECK_FUNC(getpagesize,
+ [AC_DEFINE(HAVE_GETPAGESIZE, 1,
+ [Define if your libraries define getpagesize()])],
+ [AC_CHECK_LIB(ucb, getpagesize,
+ [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
)
# Check for broken snprintf
if test "x$ac_cv_func_snprintf" = "xyes" ; then
AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
- AC_TRY_RUN(
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
+ ]])],
+ [AC_MSG_RESULT(yes)],
[
+ AC_MSG_RESULT(no)
+ AC_DEFINE(BROKEN_SNPRINTF, 1,
+ [Define if your snprintf is busted])
+ AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
+ ],
+ [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
+ )
+fi
+
+# If we don't have a working asprintf, then we strongly depend on vsnprintf
+# returning the right thing on overflow: the number of characters it tried to
+# create (as per SUSv3)
+if test "x$ac_cv_func_asprintf" != "xyes" && \
+ test "x$ac_cv_func_vsnprintf" = "xyes" ; then
+ AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <sys/types.h>
#include <stdio.h>
-int main(void){char b[5];snprintf(b,5,"123456789");return(b[4]!='\0');}
+#include <stdarg.h>
+
+int x_snprintf(char *str,size_t count,const char *fmt,...)
+{
+ size_t ret; va_list ap;
+ va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
+ return ret;
+}
+int main(void)
+{
+ char x[1];
+ exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
+} ]])],
+ [AC_MSG_RESULT(yes)],
+ [
+ AC_MSG_RESULT(no)
+ AC_DEFINE(BROKEN_SNPRINTF, 1,
+ [Define if your snprintf is busted])
+ AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
+ ],
+ [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
+ )
+fi
+
+# On systems where [v]snprintf is broken, but is declared in stdio,
+# check that the fmt argument is const char * or just char *.
+# This is only useful for when BROKEN_SNPRINTF
+AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
+AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
+ int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
+ int main(void) { snprintf(0, 0, 0); }
+ ]])],
+ [AC_MSG_RESULT(yes)
+ AC_DEFINE(SNPRINTF_CONST, [const],
+ [Define as const if snprintf() can declare const char *fmt])],
+ [AC_MSG_RESULT(no)
+ AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
+
+# Check for missing getpeereid (or equiv) support
+NO_PEERCHECK=""
+if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
+ AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
+ AC_TRY_COMPILE(
+ [#include <sys/types.h>
+ #include <sys/socket.h>],
+ [int i = SO_PEERCRED;],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
+ ],
+ [AC_MSG_RESULT(no)
+ NO_PEERCHECK=1]
+ )
+fi
+
+dnl see whether mkstemp() requires XXXXXX
+if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
+AC_MSG_CHECKING([for (overly) strict mkstemp])
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdlib.h>
+main() { char template[]="conftest.mkstemp-test";
+if (mkstemp(template) == -1)
+ exit(1);
+unlink(template); exit(0);
+}
+ ]])],
+ [
+ AC_MSG_RESULT(no)
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_STRICT_MKSTEMP)
+ ]
+)
+fi
+
+dnl make sure that openpty does not reacquire controlling terminal
+if test ! -z "$check_for_openpty_ctty_bug"; then
+ AC_MSG_CHECKING(if openpty correctly handles controlling tty)
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <sys/fcntl.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+int
+main()
+{
+ pid_t pid;
+ int fd, ptyfd, ttyfd, status;
+
+ pid = fork();
+ if (pid < 0) { /* failed */
+ exit(1);
+ } else if (pid > 0) { /* parent */
+ waitpid(pid, &status, 0);
+ if (WIFEXITED(status))
+ exit(WEXITSTATUS(status));
+ else
+ exit(2);
+ } else { /* child */
+ close(0); close(1); close(2);
+ setsid();
+ openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
+ fd = open("/dev/tty", O_RDWR | O_NOCTTY);
+ if (fd >= 0)
+ exit(3); /* Acquired ctty: broken */
+ else
+ exit(0); /* Did not acquire ctty: OK */
+ }
+}
+ ]])],
+ [
+ AC_MSG_RESULT(yes)
],
- [AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
- AC_DEFINE(BROKEN_SNPRINTF)
- AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
+ AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ ],
+ [
+ AC_MSG_RESULT(cross-compiling, assuming yes)
]
)
fi
-AC_FUNC_GETPGRP
+if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
+ test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
+ AC_MSG_CHECKING(if getaddrinfo seems to work)
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <errno.h>
+#include <netinet/in.h>
-# Check for PAM libs
-PAM_MSG="no"
-AC_ARG_WITH(pam,
- [ --with-pam Enable PAM support ],
- [
- if test "x$withval" != "xno" ; then
- if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then
- AC_MSG_ERROR([PAM headers not found])
- fi
+#define TEST_PORT "2222"
- AC_CHECK_LIB(dl, dlopen, , )
- AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
- AC_CHECK_FUNCS(pam_getenvlist)
- AC_CHECK_FUNCS(pam_putenv)
+int
+main(void)
+{
+ int err, sock;
+ struct addrinfo *gai_ai, *ai, hints;
+ char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE;
+
+ err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
+ if (err != 0) {
+ fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
+ exit(1);
+ }
+
+ for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
+ if (ai->ai_family != AF_INET6)
+ continue;
+
+ err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
+ sizeof(ntop), strport, sizeof(strport),
+ NI_NUMERICHOST|NI_NUMERICSERV);
+
+ if (err != 0) {
+ if (err == EAI_SYSTEM)
+ perror("getnameinfo EAI_SYSTEM");
+ else
+ fprintf(stderr, "getnameinfo failed: %s\n",
+ gai_strerror(err));
+ exit(2);
+ }
+
+ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+ if (sock < 0)
+ perror("socket");
+ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+ if (errno == EBADF)
+ exit(3);
+ }
+ }
+ exit(0);
+}
+ ]])],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ AC_DEFINE(BROKEN_GETADDRINFO)
+ ],
+ [
+ AC_MSG_RESULT(cross-compiling, assuming yes)
+ ]
+ )
+fi
+
+if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
+ test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
+ AC_MSG_CHECKING(if getaddrinfo seems to work)
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <errno.h>
+#include <netinet/in.h>
+
+#define TEST_PORT "2222"
+
+int
+main(void)
+{
+ int err, sock;
+ struct addrinfo *gai_ai, *ai, hints;
+ char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE;
+
+ err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
+ if (err != 0) {
+ fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
+ exit(1);
+ }
- disable_shadow=yes
- PAM_MSG="yes"
+ for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
+ if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+ continue;
- AC_DEFINE(USE_PAM)
- if test $ac_cv_lib_dl_dlopen = yes; then
- LIBPAM="-lpam -ldl"
- else
- LIBPAM="-lpam"
- fi
- AC_SUBST(LIBPAM)
- fi
- ]
-)
+ err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
+ sizeof(ntop), strport, sizeof(strport),
+ NI_NUMERICHOST|NI_NUMERICSERV);
-# Check for older PAM
-if test "x$PAM_MSG" = "xyes" ; then
- # Check PAM strerror arguments (old PAM)
- AC_MSG_CHECKING([whether pam_strerror takes only one argument])
- AC_TRY_COMPILE(
+ if (ai->ai_family == AF_INET && err != 0) {
+ perror("getnameinfo");
+ exit(2);
+ }
+ }
+ exit(0);
+}
+ ]])],
[
-#include <stdlib.h>
-#include <security/pam_appl.h>
- ],
- [(void)pam_strerror((pam_handle_t *)NULL, -1);],
- [AC_MSG_RESULT(no)],
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
+ [Define if you have a getaddrinfo that fails
+ for the all-zeros IPv6 address])
+ ],
+ [
+ AC_MSG_RESULT(no)
+ AC_DEFINE(BROKEN_GETADDRINFO)
+ ],
+ [
+ AC_MSG_RESULT(cross-compiling, assuming no)
+ ]
+ )
+fi
+
+if test "x$check_for_conflicting_getspnam" = "x1"; then
+ AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
+ AC_COMPILE_IFELSE(
+ [
+#include <shadow.h>
+int main(void) {exit(0);}
+ ],
+ [
+ AC_MSG_RESULT(no)
+ ],
[
- AC_DEFINE(HAVE_OLD_PAM)
AC_MSG_RESULT(yes)
- PAM_MSG="yes (old library)"
+ AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
+ [Conflicting defs for getspnam])
]
)
fi
+AC_FUNC_GETPGRP
+
# Search for OpenSSL
saved_CPPFLAGS="$CPPFLAGS"
saved_LDFLAGS="$LDFLAGS"
[ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
[
if test "x$withval" != "xno" ; then
+ case "$withval" in
+ # Relative paths
+ ./*|../*) withval="`pwd`/$withval"
+ esac
if test -d "$withval/lib"; then
if test -n "${need_dash_r}"; then
LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
fi
]
)
-
-# Patch up SSL libraries for GSI authentication as needed
-if test "x$globus_flavor_type" != "xno" ; then
- #
- # For Globus 2, always link with the static libraries
- #
-
- libssl_utils="${gsi_path}/lib/libglobus_ssl_utils_${globus_flavor_type}.a"
-
- #
- # Trouble arrives at GT 2.1.3+ with the reorg of globus_ssl_utils. Compensating for
- # the new library linking required here through file tests to see which libraries to
- # link against.
- #
-
- libgsi_proxy_core="${gsi_path}/lib/libglobus_gsi_proxy_core_${globus_flavor_type}.a"
- libgsi_credential="${gsi_path}/lib/libglobus_gsi_credential_${globus_flavor_type}.a"
- libgsi_callback="${gsi_path}/lib/libglobus_gsi_callback_${globus_flavor_type}.a"
- liboldgaa="${gsi_path}/lib/libglobus_oldgaa_${globus_flavor_type}.a"
- libgsi_sysconfig="${gsi_path}/lib/libglobus_gsi_sysconfig_${globus_flavor_type}.a"
- libproxy_ssl="${gsi_path}/lib/libglobus_proxy_ssl_${globus_flavor_type}.a"
- libgsi_cert_utils="${gsi_path}/lib/libglobus_gsi_cert_utils_${globus_flavor_type}.a"
- libopenssl_error="${gsi_path}/lib/libglobus_openssl_error_${globus_flavor_type}.a"
- libopenssl="${gsi_path}/lib/libglobus_openssl_${globus_flavor_type}.a"
-
- if test -r ${libgsi_proxy_core} \
- -a -r ${libgsi_credential} \
- -a -r ${libgsi_callback} \
- -a -r ${liboldgaa} \
- -a -r ${libgsi_sysconfig} \
- -a -r ${libproxy_ssl} \
- -a -r ${libgsi_cert_utils} \
- -a -r ${libopenssl_error} \
- -a -r ${libopenssl} ; then
- LIBS="$LIBS ${libgsi_proxy_core}"
- LIBS="$LIBS ${libgsi_credential}"
- LIBS="$LIBS ${libgsi_callback}"
- LIBS="$LIBS ${liboldgaa}"
- LIBS="$LIBS ${libgsi_sysconfig}"
- LIBS="$LIBS ${libproxy_ssl}"
- LIBS="$LIBS ${libgsi_cert_utils}"
- LIBS="$LIBS ${libopenssl_error}"
- LIBS="$LIBS ${libopenssl}"
- elif test -r ${libssl_utils}; then
- LIBS="$LIBS ${libssl_utils}"
- else
- AC_MSG_ERROR(All of the required Globus Toolkit libraries are not present/configured correctly)
- fi
-
- #
- # Standard openssl libraries. They need to appear near the end of the link line.
- #
-
- LIBS="$LIBS ${gsi_path}/lib/libssl_${globus_flavor_type}.a"
- LIBS="$LIBS ${gsi_path}/lib/libcrypto_${globus_flavor_type}.a"
-
- #
- # Another "GT 2.1.3+"ism.
- #
-
- libcommon_path="${gsi_path}/lib/libglobus_common_${globus_flavor_type}.a"
- if test -r ${libcommon_path}; then
- LIBS="$LIBS ${libcommon_path}"
- fi
-else
- if test "x$gsi_path" != "xno" ; then
- # Older GSI needs -lssl too
- LIBS="$LIBS -lssl -lcrypto"
- else # if no GSI authentication (i.e., OpenSSL default)
- LIBS="$LIBS -lcrypto"
- fi
-fi # globus_flavor_type
-
-AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
+if test -z "$GLOBUS_LDFLAGS" ; then
+LIBS="-lcrypto $LIBS"
+fi
+AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
+ [Define if your ssl headers are included
+ with #include <openssl/header.h>]),
[
dnl Check default openssl install dir
if test -n "${need_dash_r}"; then
LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
fi
CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
+ AC_CHECK_HEADER([openssl/opensslv.h], ,
+ AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
[
AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
]
)
+# Determine OpenSSL header version
+AC_MSG_CHECKING([OpenSSL header version])
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+#include <openssl/opensslv.h>
+#define DATA "conftest.sslincver"
+int main(void) {
+ FILE *fd;
+ int rc;
+
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+ if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
+ exit(1);
+
+ exit(0);
+}
+ ]])],
+ [
+ ssl_header_ver=`cat conftest.sslincver`
+ AC_MSG_RESULT($ssl_header_ver)
+ ],
+ [
+ AC_MSG_RESULT(not found)
+ AC_MSG_ERROR(OpenSSL version header not found.)
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
+ ]
+)
+
+# Determine OpenSSL library version
+AC_MSG_CHECKING([OpenSSL library version])
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#define DATA "conftest.ssllibver"
+int main(void) {
+ FILE *fd;
+ int rc;
+
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+ if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
+ exit(1);
+
+ exit(0);
+}
+ ]])],
+ [
+ ssl_library_ver=`cat conftest.ssllibver`
+ AC_MSG_RESULT($ssl_library_ver)
+ ],
+ [
+ AC_MSG_RESULT(not found)
+ AC_MSG_ERROR(OpenSSL library not found.)
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
+ ]
+)
+
+AC_ARG_WITH(openssl-header-check,
+ [ --without-openssl-header-check Disable OpenSSL version consistency check],
+ [ if test "x$withval" = "xno" ; then
+ openssl_check_nonfatal=1
+ fi
+ ]
+)
# Sanity check OpenSSL headers
AC_MSG_CHECKING([whether OpenSSL's headers match the library])
-AC_TRY_RUN(
- [
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <string.h>
#include <openssl/opensslv.h>
-int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
+int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
+ ]])],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ if test "x$openssl_check_nonfatal" = "x"; then
+ AC_MSG_ERROR([Your OpenSSL headers do not match your
+library. Check config.log for details.
+If you are sure your installation is consistent, you can disable the check
+by running "./configure --without-openssl-header-check".
+Also see contrib/findssl.sh for help identifying header/library mismatches.
+])
+ else
+ AC_MSG_WARN([Your OpenSSL headers do not match your
+library. Check config.log for details.
+Also see contrib/findssl.sh for help identifying header/library mismatches.])
+ fi
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
+ ]
+)
+
+AC_MSG_CHECKING([if programs using OpenSSL functions will link])
+AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <openssl/evp.h>
+int main(void) { SSLeay_add_all_algorithms(); }
+ ]])],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS -ldl"
+ AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
+ AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <openssl/evp.h>
+int main(void) { SSLeay_add_all_algorithms(); }
+ ]])],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ LIBS="$saved_LIBS"
+ ]
+ )
+ ]
+)
+
+AC_ARG_WITH(ssl-engine,
+ [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
+ [ if test "x$withval" != "xno" ; then
+ AC_MSG_CHECKING(for OpenSSL ENGINE support)
+ AC_TRY_COMPILE(
+ [ #include <openssl/engine.h>],
+ [
+ENGINE_load_builtin_engines();ENGINE_register_all_complete();
+ ],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(USE_OPENSSL_ENGINE, 1,
+ [Enable OpenSSL engine support])
+ ],
+ [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
+ )
+ fi ]
+)
+
+# Check for OpenSSL without EVP_aes_{192,256}_cbc
+AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
+AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <string.h>
+#include <openssl/evp.h>
+int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
+ ]])],
+ [
+ AC_MSG_RESULT(no)
],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
+ [libcrypto is missing AES 192 and 256 bit functions])
+ ]
+)
+
+AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
+AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <string.h>
+#include <openssl/evp.h>
+int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
+ ]])],
[
AC_MSG_RESULT(yes)
],
[
AC_MSG_RESULT(no)
- AC_MSG_ERROR(Your OpenSSL headers do not match your library)
+ AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
+ [Define if EVP_DigestUpdate returns void])
]
)
-# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
-# version in OpenSSL. Skip this for PAM
-if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then
+# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
+# because the system crypt() is more featureful.
+if test "x$check_for_libcrypt_before" = "x1"; then
+ AC_CHECK_LIB(crypt, crypt)
+fi
+
+# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
+# version in OpenSSL.
+if test "x$check_for_libcrypt_later" = "x1"; then
AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
fi
+# Search for SHA256 support in libc and/or OpenSSL
+AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
+
+saved_LIBS="$LIBS"
+AC_CHECK_LIB(iaf, ia_openinfo, [
+ LIBS="$LIBS -liaf"
+ AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
+ AC_DEFINE(HAVE_LIBIAF, 1,
+ [Define if system has libiaf that supports set_id])
+ ])
+])
+LIBS="$saved_LIBS"
### Configure cryptographic random number support
# Check wheter OpenSSL seeds itself
AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
-AC_TRY_RUN(
- [
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <string.h>
#include <openssl/rand.h>
-int main(void) { return(RAND_status() == 1 ? 0 : 1); }
- ],
+int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
+ ]])],
[
OPENSSL_SEEDS_ITSELF=yes
AC_MSG_RESULT(yes)
# Default to use of the rand helper if OpenSSL doesn't
# seed itself
USE_RAND_HELPER=yes
+ ],
+ [
+ AC_MSG_WARN([cross compiling: assuming yes])
+ # This is safe, since all recent OpenSSL versions will
+ # complain at runtime if not seeded correctly.
+ OPENSSL_SEEDS_ITSELF=yes
+ ]
+)
+
+# Check for PAM libs
+PAM_MSG="no"
+AC_ARG_WITH(pam,
+ [ --with-pam Enable PAM support ],
+ [
+ if test "x$withval" != "xno" ; then
+ if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
+ test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
+ AC_MSG_ERROR([PAM headers not found])
+ fi
+
+ saved_LIBS="$LIBS"
+ AC_CHECK_LIB(dl, dlopen, , )
+ AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
+ AC_CHECK_FUNCS(pam_getenvlist)
+ AC_CHECK_FUNCS(pam_putenv)
+ LIBS="$saved_LIBS"
+
+ PAM_MSG="yes"
+
+ SSHDLIBS="$SSHDLIBS -lpam"
+ AC_DEFINE(USE_PAM, 1,
+ [Define if you want to enable PAM support])
+
+ if test $ac_cv_lib_dl_dlopen = yes; then
+ case "$LIBS" in
+ *-ldl*)
+ # libdl already in LIBS
+ ;;
+ *)
+ SSHDLIBS="$SSHDLIBS -ldl"
+ ;;
+ esac
+ fi
+ fi
]
)
+# Check for older PAM
+if test "x$PAM_MSG" = "xyes" ; then
+ # Check PAM strerror arguments (old PAM)
+ AC_MSG_CHECKING([whether pam_strerror takes only one argument])
+ AC_TRY_COMPILE(
+ [
+#include <stdlib.h>
+#if defined(HAVE_SECURITY_PAM_APPL_H)
+#include <security/pam_appl.h>
+#elif defined (HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
+ ],
+ [(void)pam_strerror((pam_handle_t *)NULL, -1);],
+ [AC_MSG_RESULT(no)],
+ [
+ AC_DEFINE(HAVE_OLD_PAM, 1,
+ [Define if you have an old version of PAM
+ which takes only one argument to pam_strerror])
+ AC_MSG_RESULT(yes)
+ PAM_MSG="yes (old library)"
+ ]
+ )
+fi
# Do we want to force the use of the rand helper?
AC_ARG_WITH(rand-helper,
[ --with-rand-helper Use subprocess to gather strong randomness ],
[
if test "x$withval" = "xno" ; then
- # Force use of OpenSSL's internal RNG, even if
+ # Force use of OpenSSL's internal RNG, even if
# the previous test showed it to be unseeded.
if test -z "$OPENSSL_SEEDS_ITSELF" ; then
AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
USE_RAND_HELPER=yes
fi
],
-)
+)
# Which randomness source do we use?
-if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
+if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
# OpenSSL only
- AC_DEFINE(OPENSSL_PRNG_ONLY)
+ AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
+ [Define if you want OpenSSL's internally seeded PRNG only])
RAND_MSG="OpenSSL internal ONLY"
INSTALL_SSH_RAND_HELPER=""
elif test ! -z "$USE_RAND_HELPER" ; then
esac
if test ! -z "$withval" ; then
PRNGD_PORT="$withval"
- AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
+ AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
+ [Port number of PRNGD/EGD random number socket])
fi
]
)
AC_MSG_WARN(Entropy socket is not readable)
fi
PRNGD_SOCKET="$withval"
- AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
+ AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
+ [Location of PRNGD/EGD random number socket])
fi
],
[
AC_ARG_WITH(entropy-timeout,
[ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
[
- if test "x$withval" != "xno" ; then
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
entropy_timeout=$withval
fi
- ]
+ ]
)
-AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
+AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
+ [Builtin PRNG command timeout])
SSH_PRIVSEP_USER=sshd
AC_ARG_WITH(privsep-user,
[ --with-privsep-user=user Specify non-privileged user for privilege separation],
[
- if test -n "$withval"; then
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
SSH_PRIVSEP_USER=$withval
fi
- ]
+ ]
)
-AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
+AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
+ [non-privileged user for privilege separation])
AC_SUBST(SSH_PRIVSEP_USER)
# We do this little dance with the search path to insure
test -d /usr/sbin && PATH=$PATH:/usr/sbin
PATH=$PATH:/etc:$OPATH
-# These programs are used by the command hashing source to gather entropy
+# These programs are used by the command hashing source to gather entropy
OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
LIBS="$LIBS -liberty";
fi
-# Checks for data types
+# Check for long long datatypes
+AC_CHECK_TYPES([long long, unsigned long long, long double])
+
+# Check datatype sizes
AC_CHECK_SIZEOF(char, 1)
AC_CHECK_SIZEOF(short int, 2)
AC_CHECK_SIZEOF(int, 4)
ac_cv_sizeof_long_long_int=0
fi
+# compute LLONG_MIN and LLONG_MAX if we don't know them.
+if test -z "$have_llong_max"; then
+ AC_MSG_CHECKING([for max value of long long])
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+/* Why is this so damn hard? */
+#ifdef __GNUC__
+# undef __GNUC__
+#endif
+#define __USE_ISOC99
+#include <limits.h>
+#define DATA "conftest.llminmax"
+#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
+
+/*
+ * printf in libc on some platforms (eg old Tru64) does not understand %lld so
+ * we do this the hard way.
+ */
+static int
+fprint_ll(FILE *f, long long n)
+{
+ unsigned int i;
+ int l[sizeof(long long) * 8];
+
+ if (n < 0)
+ if (fprintf(f, "-") < 0)
+ return -1;
+ for (i = 0; n != 0; i++) {
+ l[i] = my_abs(n % 10);
+ n /= 10;
+ }
+ do {
+ if (fprintf(f, "%d", l[--i]) < 0)
+ return -1;
+ } while (i != 0);
+ if (fprintf(f, " ") < 0)
+ return -1;
+ return 0;
+}
+
+int main(void) {
+ FILE *f;
+ long long i, llmin, llmax = 0;
+
+ if((f = fopen(DATA,"w")) == NULL)
+ exit(1);
+
+#if defined(LLONG_MIN) && defined(LLONG_MAX)
+ fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
+ llmin = LLONG_MIN;
+ llmax = LLONG_MAX;
+#else
+ fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
+ /* This will work on one's complement and two's complement */
+ for (i = 1; i > llmax; i <<= 1, i++)
+ llmax = i;
+ llmin = llmax + 1LL; /* wrap */
+#endif
+
+ /* Sanity check */
+ if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
+ || llmax - 1 > llmax || llmin == llmax || llmin == 0
+ || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
+ fprintf(f, "unknown unknown\n");
+ exit(2);
+ }
+
+ if (fprint_ll(f, llmin) < 0)
+ exit(3);
+ if (fprint_ll(f, llmax) < 0)
+ exit(4);
+ if (fclose(f) < 0)
+ exit(5);
+ exit(0);
+}
+ ]])],
+ [
+ llong_min=`$AWK '{print $1}' conftest.llminmax`
+ llong_max=`$AWK '{print $2}' conftest.llminmax`
+
+ AC_MSG_RESULT($llong_max)
+ AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
+ [max value of long long calculated by configure])
+ AC_MSG_CHECKING([for min value of long long])
+ AC_MSG_RESULT($llong_min)
+ AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
+ [min value of long long calculated by configure])
+ ],
+ [
+ AC_MSG_RESULT(not found)
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
+ ]
+ )
+fi
+
+
# More checks for data types
AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
AC_TRY_COMPILE(
- [ #include <sys/types.h> ],
- [ u_int a; a = 1;],
+ [ #include <sys/types.h> ],
+ [ u_int a; a = 1;],
[ ac_cv_have_u_int="yes" ],
[ ac_cv_have_u_int="no" ]
)
])
if test "x$ac_cv_have_u_int" = "xyes" ; then
- AC_DEFINE(HAVE_U_INT)
+ AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
have_u_int=1
fi
AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
AC_TRY_COMPILE(
- [ #include <sys/types.h> ],
- [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
+ [ #include <sys/types.h> ],
+ [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
[ ac_cv_have_intxx_t="yes" ],
[ ac_cv_have_intxx_t="no" ]
)
])
if test "x$ac_cv_have_intxx_t" = "xyes" ; then
- AC_DEFINE(HAVE_INTXX_T)
+ AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
have_intxx_t=1
fi
if (test -z "$have_intxx_t" && \
- test "x$ac_cv_header_stdint_h" = "xyes")
+ test "x$ac_cv_header_stdint_h" = "xyes")
then
AC_MSG_CHECKING([for intXX_t types in stdint.h])
AC_TRY_COMPILE(
- [ #include <stdint.h> ],
- [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
+ [ #include <stdint.h> ],
+ [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
[
AC_DEFINE(HAVE_INTXX_T)
AC_MSG_RESULT(yes)
AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
AC_TRY_COMPILE(
- [ #include <sys/types.h> ],
- [ int64_t a; a = 1;],
+ [
+#include <sys/types.h>
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#include <sys/socket.h>
+#ifdef HAVE_SYS_BITYPES_H
+# include <sys/bitypes.h>
+#endif
+ ],
+ [ int64_t a; a = 1;],
[ ac_cv_have_int64_t="yes" ],
[ ac_cv_have_int64_t="no" ]
)
])
if test "x$ac_cv_have_int64_t" = "xyes" ; then
- AC_DEFINE(HAVE_INT64_T)
- have_int64_t=1
-fi
-
-if test -z "$have_int64_t" ; then
- AC_MSG_CHECKING([for int64_t type in sys/socket.h])
- AC_TRY_COMPILE(
- [ #include <sys/socket.h> ],
- [ int64_t a; a = 1],
- [
- AC_DEFINE(HAVE_INT64_T)
- AC_MSG_RESULT(yes)
- ],
- [ AC_MSG_RESULT(no) ]
- )
-fi
-
-if test -z "$have_int64_t" ; then
- AC_MSG_CHECKING([for int64_t type in sys/bitypes.h])
- AC_TRY_COMPILE(
- [ #include <sys/bitypes.h> ],
- [ int64_t a; a = 1],
- [
- AC_DEFINE(HAVE_INT64_T)
- AC_MSG_RESULT(yes)
- ],
- [ AC_MSG_RESULT(no) ]
- )
+ AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
fi
AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
AC_TRY_COMPILE(
- [ #include <sys/types.h> ],
- [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
+ [ #include <sys/types.h> ],
+ [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
[ ac_cv_have_u_intxx_t="yes" ],
[ ac_cv_have_u_intxx_t="no" ]
)
])
if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
- AC_DEFINE(HAVE_U_INTXX_T)
+ AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
have_u_intxx_t=1
fi
if test -z "$have_u_intxx_t" ; then
AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
AC_TRY_COMPILE(
- [ #include <sys/socket.h> ],
- [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
+ [ #include <sys/socket.h> ],
+ [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
[
AC_DEFINE(HAVE_U_INTXX_T)
AC_MSG_RESULT(yes)
AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
AC_TRY_COMPILE(
- [ #include <sys/types.h> ],
- [ u_int64_t a; a = 1;],
+ [ #include <sys/types.h> ],
+ [ u_int64_t a; a = 1;],
[ ac_cv_have_u_int64_t="yes" ],
[ ac_cv_have_u_int64_t="no" ]
)
])
if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
- AC_DEFINE(HAVE_U_INT64_T)
+ AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
have_u_int64_t=1
fi
if test -z "$have_u_int64_t" ; then
AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
AC_TRY_COMPILE(
- [ #include <sys/bitypes.h> ],
+ [ #include <sys/bitypes.h> ],
[ u_int64_t a; a = 1],
[
AC_DEFINE(HAVE_U_INT64_T)
AC_TRY_COMPILE(
[
#include <sys/types.h>
- ],
- [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
+ ],
+ [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
[ ac_cv_have_uintxx_t="yes" ],
[ ac_cv_have_uintxx_t="no" ]
)
])
if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
- AC_DEFINE(HAVE_UINTXX_T)
+ AC_DEFINE(HAVE_UINTXX_T, 1,
+ [define if you have uintxx_t data type])
fi
fi
if test -z "$have_uintxx_t" ; then
AC_MSG_CHECKING([for uintXX_t types in stdint.h])
AC_TRY_COMPILE(
- [ #include <stdint.h> ],
- [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
+ [ #include <stdint.h> ],
+ [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
[
AC_DEFINE(HAVE_UINTXX_T)
AC_MSG_RESULT(yes)
fi
if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
- test "x$ac_cv_header_sys_bitypes_h" = "xyes")
+ test "x$ac_cv_header_sys_bitypes_h" = "xyes")
then
AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
AC_TRY_COMPILE(
[
#include <sys/bitypes.h>
- ],
+ ],
[
int8_t a; int16_t b; int32_t c;
u_int8_t e; u_int16_t f; u_int32_t g;
a = b = c = e = f = g = 1;
- ],
+ ],
[
AC_DEFINE(HAVE_U_INTXX_T)
AC_DEFINE(HAVE_INTXX_T)
AC_MSG_RESULT(yes)
],
[AC_MSG_RESULT(no)]
- )
+ )
fi
)
])
if test "x$ac_cv_have_u_char" = "xyes" ; then
- AC_DEFINE(HAVE_U_CHAR)
+ AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
fi
TYPE_SOCKLEN_T
AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
+AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
+#include <sys/types.h>
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_SYS_STATFS_H
+#include <sys/statfs.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+])
+
+AC_CHECK_TYPES([in_addr_t, in_port_t],,,
+[#include <sys/types.h>
+#include <netinet/in.h>])
AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
AC_TRY_COMPILE(
)
])
if test "x$ac_cv_have_size_t" = "xyes" ; then
- AC_DEFINE(HAVE_SIZE_T)
+ AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
fi
AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
)
])
if test "x$ac_cv_have_ssize_t" = "xyes" ; then
- AC_DEFINE(HAVE_SSIZE_T)
+ AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
fi
AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
)
])
if test "x$ac_cv_have_clock_t" = "xyes" ; then
- AC_DEFINE(HAVE_CLOCK_T)
+ AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
fi
AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
)
])
if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
- AC_DEFINE(HAVE_SA_FAMILY_T)
+ AC_DEFINE(HAVE_SA_FAMILY_T, 1,
+ [define if you have sa_family_t data type])
fi
AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
)
])
if test "x$ac_cv_have_pid_t" = "xyes" ; then
- AC_DEFINE(HAVE_PID_T)
+ AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
fi
AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
)
])
if test "x$ac_cv_have_mode_t" = "xyes" ; then
- AC_DEFINE(HAVE_MODE_T)
+ AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
fi
)
])
if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
+ AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
+ [define if you have struct sockaddr_storage data type])
fi
AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
)
])
if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
+ AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
+ [define if you have struct sockaddr_in6 data type])
fi
AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
)
])
if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
+ AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
+ [define if you have struct in6_addr data type])
+
+dnl Now check for sin6_scope_id
+ AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
+ [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <netinet/in.h>
+ ])
fi
AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
)
])
if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_ADDRINFO)
+ AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
+ [define if you have struct addrinfo data type])
fi
AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
AC_TRY_COMPILE(
- [ #include <sys/time.h> ],
- [ struct timeval tv; tv.tv_sec = 1;],
+ [ #include <sys/time.h> ],
+ [ struct timeval tv; tv.tv_sec = 1;],
[ ac_cv_have_struct_timeval="yes" ],
[ ac_cv_have_struct_timeval="no" ]
)
])
if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_TIMEVAL)
+ AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
have_struct_timeval=1
fi
-# If we don't have int64_t then we can't compile sftp-server. So don't
-# even attempt to do it.
-if test "x$ac_cv_have_int64_t" = "xno" -a \
- "x$ac_cv_sizeof_long_int" != "x8" -a \
- "x$ac_cv_sizeof_long_long_int" = "x0" ; then
- NO_SFTP='#'
+AC_CHECK_TYPES(struct timespec)
+
+# We need int64_t or else certian parts of the compile will fail.
+if test "x$ac_cv_have_int64_t" = "xno" && \
+ test "x$ac_cv_sizeof_long_int" != "x8" && \
+ test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
+ echo "OpenSSH requires int64_t support. Contact your vendor or install"
+ echo "an alternative compiler (I.E., GCC) before continuing."
+ echo ""
+ exit 1;
else
dnl test snprintf (broken on SCO w/gcc)
- AC_TRY_RUN(
- [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdio.h>
#include <string.h>
#ifdef HAVE_SNPRINTF
strcpy(expected_out, "9223372036854775807");
snprintf(buf, mazsize, "%lld", num);
if(strcmp(buf, expected_out) != 0)
- exit(1);
+ exit(1);
exit(0);
}
#else
main() { exit(0); }
#endif
- ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
+ ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
+ AC_MSG_WARN([cross compiling: Assuming working snprintf()])
)
fi
-AC_SUBST(NO_SFTP)
dnl Checks for structure members
OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
AC_CHECK_MEMBERS([struct stat.st_blksize])
+AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
+ [Define if we don't have struct __res_state in resolv.h])],
+[
+#include <stdio.h>
+#if HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+])
AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
ac_cv_have_ss_family_in_struct_ss, [
)
])
if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
- AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
+ AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
fi
AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
)
])
if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
- AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
+ AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
+ [Fields in struct sockaddr_storage])
fi
AC_CACHE_CHECK([for pw_class field in struct passwd],
)
])
if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
- AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
+ AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
+ [Define if your password has a pw_class field])
fi
AC_CACHE_CHECK([for pw_expire field in struct passwd],
)
])
if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
- AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
+ AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
+ [Define if your password has a pw_expire field])
fi
AC_CACHE_CHECK([for pw_change field in struct passwd],
)
])
if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
- AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
+ AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
+ [Define if your password has a pw_change field])
fi
dnl make sure we're using the real structure members and not defines
AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
ac_cv_have_accrights_in_msghdr, [
- AC_TRY_RUN(
+ AC_COMPILE_IFELSE(
[
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
int main() {
#ifdef msg_accrights
+#error "msg_accrights is a macro"
exit(1);
#endif
struct msghdr m;
)
])
if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
- AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
+ AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
+ [Define if your system uses access rights style
+ file descriptor passing])
fi
+AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/stat.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#ifdef HAVE_SYS_MOUNT_H
+#include <sys/mount.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+], [struct statvfs s; s.f_fsid = 0;],
+[ AC_MSG_RESULT(yes) ],
+[ AC_MSG_RESULT(no)
+
+ AC_MSG_CHECKING(if fsid_t has member val)
+ AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/statvfs.h>],
+ [fsid_t t; t.val[0] = 0;],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
+ [ AC_MSG_RESULT(no) ])
+
+ AC_MSG_CHECKING(if f_fsid has member __val)
+ AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/statvfs.h>],
+ [fsid_t t; t.__val[0] = 0;],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
+ [ AC_MSG_RESULT(no) ])
+])
+
AC_CACHE_CHECK([for msg_control field in struct msghdr],
ac_cv_have_control_in_msghdr, [
- AC_TRY_RUN(
+ AC_COMPILE_IFELSE(
[
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
int main() {
#ifdef msg_control
+#error "msg_control is a macro"
exit(1);
#endif
struct msghdr m;
)
])
if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
- AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
+ AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
+ [Define if your system uses ancillary data style
+ file descriptor passing])
fi
AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
- AC_TRY_LINK([],
- [ extern char *__progname; printf("%s", __progname); ],
+ AC_TRY_LINK([],
+ [ extern char *__progname; printf("%s", __progname); ],
[ ac_cv_libc_defines___progname="yes" ],
[ ac_cv_libc_defines___progname="no" ]
)
])
if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
- AC_DEFINE(HAVE___PROGNAME)
+ AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
fi
AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
AC_TRY_LINK([
#include <stdio.h>
-],
- [ printf("%s", __FUNCTION__); ],
+],
+ [ printf("%s", __FUNCTION__); ],
[ ac_cv_cc_implements___FUNCTION__="yes" ],
[ ac_cv_cc_implements___FUNCTION__="no" ]
)
])
if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
- AC_DEFINE(HAVE___FUNCTION__)
+ AC_DEFINE(HAVE___FUNCTION__, 1,
+ [Define if compiler implements __FUNCTION__])
fi
AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
AC_TRY_LINK([
#include <stdio.h>
-],
- [ printf("%s", __func__); ],
+],
+ [ printf("%s", __func__); ],
[ ac_cv_cc_implements___func__="yes" ],
[ ac_cv_cc_implements___func__="no" ]
)
])
if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
- AC_DEFINE(HAVE___func__)
+ AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
+fi
+
+AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
+ AC_TRY_LINK(
+ [#include <stdarg.h>
+ va_list x,y;],
+ [va_copy(x,y);],
+ [ ac_cv_have_va_copy="yes" ],
+ [ ac_cv_have_va_copy="no" ]
+ )
+])
+if test "x$ac_cv_have_va_copy" = "xyes" ; then
+ AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
+fi
+
+AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
+ AC_TRY_LINK(
+ [#include <stdarg.h>
+ va_list x,y;],
+ [__va_copy(x,y);],
+ [ ac_cv_have___va_copy="yes" ],
+ [ ac_cv_have___va_copy="no" ]
+ )
+])
+if test "x$ac_cv_have___va_copy" = "xyes" ; then
+ AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
fi
AC_CACHE_CHECK([whether getopt has optreset support],
)
])
if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
- AC_DEFINE(HAVE_GETOPT_OPTRESET)
+ AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
+ [Define if your getopt(3) defines and uses optreset])
fi
AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
- AC_TRY_LINK([],
- [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
+ AC_TRY_LINK([],
+ [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
[ ac_cv_libc_defines_sys_errlist="yes" ],
[ ac_cv_libc_defines_sys_errlist="no" ]
)
])
if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
- AC_DEFINE(HAVE_SYS_ERRLIST)
+ AC_DEFINE(HAVE_SYS_ERRLIST, 1,
+ [Define if your system defines sys_errlist[]])
fi
AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
- AC_TRY_LINK([],
- [ extern int sys_nerr; printf("%i", sys_nerr);],
+ AC_TRY_LINK([],
+ [ extern int sys_nerr; printf("%i", sys_nerr);],
[ ac_cv_libc_defines_sys_nerr="yes" ],
[ ac_cv_libc_defines_sys_nerr="no" ]
)
])
if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
- AC_DEFINE(HAVE_SYS_NERR)
+ AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
fi
-SCARD_MSG="no"
-
+SCARD_MSG="no"
# Check whether user wants sectok support
AC_ARG_WITH(sectok,
[ --with-sectok Enable smartcard support using libsectok],
if test "$ac_cv_lib_sectok_sectok_open" != yes; then
AC_MSG_ERROR(Can't find libsectok)
fi
- AC_DEFINE(SMARTCARD)
- AC_DEFINE(USE_SECTOK)
- SCARD_MSG="yes, using sectok"
+ AC_DEFINE(SMARTCARD, 1,
+ [Define if you want smartcard support])
+ AC_DEFINE(USE_SECTOK, 1,
+ [Define if you want smartcard support
+ using sectok])
+ SCARD_MSG="yes, using sectok"
fi
]
)
# Check whether user wants OpenSC support
+OPENSC_CONFIG="no"
AC_ARG_WITH(opensc,
- AC_HELP_STRING([--with-opensc=PFX],
- [Enable smartcard support using OpenSC]),
- opensc_config_prefix="$withval", opensc_config_prefix="")
-if test x$opensc_config_prefix != x ; then
- OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
- AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
- if test "$OPENSC_CONFIG" != "no"; then
- LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
- LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
- CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
- LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
- AC_DEFINE(SMARTCARD)
- AC_DEFINE(USE_OPENSC)
- SCARD_MSG="yes, using OpenSC"
- fi
+ [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
+ [
+ if test "x$withval" != "xno" ; then
+ if test "x$withval" != "xyes" ; then
+ OPENSC_CONFIG=$withval/bin/opensc-config
+ else
+ AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
+ fi
+ if test "$OPENSC_CONFIG" != "no"; then
+ LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
+ LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
+ CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
+ LIBS="$LIBS $LIBOPENSC_LIBS"
+ AC_DEFINE(SMARTCARD)
+ AC_DEFINE(USE_OPENSC, 1,
+ [Define if you want smartcard support
+ using OpenSC])
+ SCARD_MSG="yes, using OpenSC"
+ fi
+ fi
+ ]
+)
+
+# Check libraries needed by DNS fingerprint support
+AC_SEARCH_LIBS(getrrsetbyname, resolv,
+ [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
+ [Define if getrrsetbyname() exists])],
+ [
+ # Needed by our getrrsetbyname()
+ AC_SEARCH_LIBS(res_query, resolv)
+ AC_SEARCH_LIBS(dn_expand, resolv)
+ AC_MSG_CHECKING(if res_query will link)
+ AC_LINK_IFELSE([
+#include "confdefs.h"
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <netdb.h>
+#include <resolv.h>
+int main()
+{
+ res_query (0, 0, 0, 0, 0);
+ return 0;
+}
+ ],
+ AC_MSG_RESULT(yes),
+ [AC_MSG_RESULT(no)
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS -lresolv"
+ AC_MSG_CHECKING(for res_query in -lresolv)
+ AC_LINK_IFELSE([
+#include "confdefs.h"
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <netdb.h>
+#include <resolv.h>
+int main()
+{
+ res_query (0, 0, 0, 0, 0);
+ return 0;
+}
+ ],
+ [AC_MSG_RESULT(yes)],
+ [LIBS="$saved_LIBS"
+ AC_MSG_RESULT(no)])
+ ])
+ AC_CHECK_FUNCS(_getshort _getlong)
+ AC_CHECK_DECLS([_getshort, _getlong], , ,
+ [#include <sys/types.h>
+ #include <arpa/nameser.h>])
+ AC_CHECK_MEMBER(HEADER.ad,
+ [AC_DEFINE(HAVE_HEADER_AD, 1,
+ [Define if HEADER.ad exists in arpa/nameser.h])],,
+ [#include <arpa/nameser.h>])
+ ])
+
+AC_MSG_CHECKING(if struct __res_state _res is an extern)
+AC_LINK_IFELSE([
+#include <stdio.h>
+#if HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+extern struct __res_state _res;
+int main() { return 0; }
+ ],
+ [AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE__RES_EXTERN, 1,
+ [Define if you have struct __res_state _res as an extern])
+ ],
+ [ AC_MSG_RESULT(no) ]
+)
+
+# Check whether user wants SELinux support
+SELINUX_MSG="no"
+LIBSELINUX=""
+AC_ARG_WITH(selinux,
+ [ --with-selinux Enable SELinux support],
+ [ if test "x$withval" != "xno" ; then
+ save_LIBS="$LIBS"
+ AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
+ SELINUX_MSG="yes"
+ AC_CHECK_HEADER([selinux/selinux.h], ,
+ AC_MSG_ERROR(SELinux support requires selinux.h header))
+ AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
+ AC_MSG_ERROR(SELinux support requires libselinux library))
+ SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
+ LIBS="$save_LIBS"
+ fi ]
+)
+
+# Finish configuring Globus GSSAPI
+if test "x$gsi_path" != "xno" ; then
+ if test ! -z "$need_dash_r" ; then
+ LDFLAGS="$LDFLAGS -R${gsi_path}/lib"
+ fi
+ if test ! -z "$blibpath" ; then
+ blibpath="$blibpath:${gsi_path}/lib"
+ fi
+ # test that we got the libraries OK
+ AC_TRY_LINK(
+ [],
+ [],
+ [],
+ [
+ AC_MSG_ERROR(link with Globus libraries failed)
+ ]
+ )
+ AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
fi
+AC_SUBST(INSTALL_GSISSH)
+
+# Check whether the user wants GSSAPI mechglue support
+AC_ARG_WITH(mechglue,
+ [ --with-mechglue=PATH Build with GSSAPI mechglue library],
+ [
+ AC_MSG_CHECKING(for mechglue library)
+
+ if test -e ${withval}/libgssapi.a ; then
+ mechglue_lib=${withval}/libgssapi.a
+ elif test -e ${withval}/lib/libgssapi.a ; then
+ mechglue_lib=${withval}/lib/libgssapi.a
+ else
+ AC_MSG_ERROR("Can't find libgssapi in ${withval}");
+ fi
+ LIBS="${mechglue_lib} $LIBS"
+ AC_MSG_RESULT(${mechglue_lib})
+
+ AC_CHECK_LIB(dl, dlopen, , )
+ if test $ac_cv_lib_dl_dlopen = yes; then
+ LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
+ fi
+
+ AC_DEFINE(GSSAPI)
+ AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
+ GSSAPI="mechglue"
+ ]
+)
+
# Check whether user wants Kerberos 5 support
-KRB5_MSG="no"
+KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
- [ --with-kerberos5=PATH Enable Kerberos 5 support],
- [
- if test "x$withval" != "xno" ; then
- if test "x$withval" = "xyes" ; then
- KRB5ROOT="/usr/local"
- else
- KRB5ROOT=${withval}
- fi
- CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
- LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
- AC_DEFINE(KRB5)
- KRB5_MSG="yes"
- AC_MSG_CHECKING(whether we are using Heimdal)
- AC_TRY_COMPILE([ #include <krb5.h> ],
- [ char *tmp = heimdal_version; ],
- [ AC_MSG_RESULT(yes)
- AC_DEFINE(HEIMDAL)
- K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
- ],
- [ AC_MSG_RESULT(no)
- K5LIBS="-lkrb5 -lk5crypto -lcom_err"
- ]
- )
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
- fi
- if test ! -z "$blibpath" ; then
- blibpath="$blibpath:${KRB5ROOT}/lib"
- fi
- AC_CHECK_LIB(resolv, dn_expand, , )
+ [ --with-kerberos5=PATH Enable Kerberos 5 support],
+ [ if test "x$withval" != "xno" ; then
+ if test "x$withval" = "xyes" ; then
+ KRB5ROOT="/usr/local"
+ else
+ KRB5ROOT=${withval}
+ fi
- # If we're using some other GSSAPI
- if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
- AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
+ AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
+ KRB5_MSG="yes"
+
+ AC_PATH_PROG([KRB5CONF],[krb5-config],
+ [$KRB5ROOT/bin/krb5-config],
+ [$KRB5ROOT/bin:$PATH])
+ if test -x $KRB5CONF ; then
+
+ AC_MSG_CHECKING(for gssapi support)
+ if $KRB5CONF | grep gssapi >/dev/null ; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(GSSAPI, 1,
+ [Define this if you want GSSAPI
+ support in the version 2 protocol])
+ k5confopts=gssapi
+ else
+ AC_MSG_RESULT(no)
+ k5confopts=""
fi
- AC_CHECK_LIB(gssapi,gss_init_sec_context,
+ K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
+ K5LIBS="`$KRB5CONF --libs $k5confopts`"
+ CPPFLAGS="$CPPFLAGS $K5CFLAGS"
+ AC_MSG_CHECKING(whether we are using Heimdal)
+ AC_TRY_COMPILE([ #include <krb5.h> ],
+ [ char *tmp = heimdal_version; ],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(HEIMDAL, 1,
+ [Define this if you are using the
+ Heimdal version of Kerberos V5]) ],
+ AC_MSG_RESULT(no)
+ )
+ else
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
+ LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
+ AC_MSG_CHECKING(whether we are using Heimdal)
+ AC_TRY_COMPILE([ #include <krb5.h> ],
+ [ char *tmp = heimdal_version; ],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(HEIMDAL)
+ K5LIBS="-lkrb5 -ldes"
+ K5LIBS="$K5LIBS -lcom_err -lasn1"
+ AC_CHECK_LIB(roken, net_write,
+ [K5LIBS="$K5LIBS -lroken"])
+ ],
+ [ AC_MSG_RESULT(no)
+ K5LIBS="-lkrb5 -lk5crypto -lcom_err"
+ ]
+ )
+ AC_SEARCH_LIBS(dn_expand, resolv)
+
+ AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
[ AC_DEFINE(GSSAPI)
- K5LIBS="-lgssapi $K5LIBS" ],
- [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
+ K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+ [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
[ AC_DEFINE(GSSAPI)
- K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+ K5LIBS="-lgssapi $K5LIBS" ],
AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
$K5LIBS)
],
$K5LIBS)
-
+
AC_CHECK_HEADER(gssapi.h, ,
[ unset ac_cv_header_gssapi_h
- CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
AC_CHECK_HEADERS(gssapi.h, ,
AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
- )
+ )
]
)
- AC_CHECK_LIB(gssapi, gss_krb5_copy_ccache, /bin/true,
- [ K5LIBS="-lgssapi_krb5 $K5LIBS"
- AC_CHECK_LIB(gssapi_krb5, gss_krb5_copy_ccache, /bin/true,
- AC_MSG_WARN([Cannot find gss_krb5_copy_ccache -- build may fail]),
- $K5LIBS)
- ],
- $K5LIBS)
-
oldCPP="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
AC_CHECK_HEADER(gssapi_krb5.h, ,
[ CPPFLAGS="$oldCPP" ])
+ # If we're using some other GSSAPI
+ if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
+ AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
+ fi
+
if test -z "$GSSAPI"; then
GSSAPI="KRB5";
fi
- KRB5=yes
- fi
- ]
-)
-# Check whether user wants Kerberos 4 support
-KRB4_MSG="no"
-AC_ARG_WITH(kerberos4,
- [ --with-kerberos4=PATH Enable Kerberos 4 support],
- [
- if test "x$withval" != "xno" ; then
- if test "x$withval" != "xyes" ; then
- CPPFLAGS="$CPPFLAGS -I${withval}/include"
- LDFLAGS="$LDFLAGS -L${withval}/lib"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="$LDFLAGS -R${withval}/lib"
- fi
- if test ! -z "$blibpath" ; then
- blibpath="$blibpath:${withval}/lib"
- fi
- else
- if test -d /usr/include/kerberosIV ; then
- CPPFLAGS="$CPPFLAGS -I/usr/include/kerberosIV"
- fi
- fi
+ oldCPP="$CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+ AC_CHECK_HEADER(gssapi_krb5.h, ,
+ [ CPPFLAGS="$oldCPP" ])
- AC_CHECK_HEADERS(krb.h)
- if test "$ac_cv_header_krb_h" != yes; then
- AC_MSG_WARN([Cannot find krb.h, build may fail])
- fi
- AC_CHECK_LIB(krb, main)
- if test "$ac_cv_lib_krb_main" != yes; then
- AC_CHECK_LIB(krb4, main)
- if test "$ac_cv_lib_krb4_main" != yes; then
- AC_MSG_WARN([Cannot find libkrb nor libkrb4, build may fail])
- else
- KLIBS="-lkrb4"
- fi
- else
- KLIBS="-lkrb"
- fi
- AC_CHECK_LIB(des, des_cbc_encrypt)
- if test "$ac_cv_lib_des_des_cbc_encrypt" != yes; then
- AC_CHECK_LIB(des425, des_cbc_encrypt)
- if test "$ac_cv_lib_des425_des_cbc_encrypt" != yes; then
- AC_MSG_WARN([Cannot find libdes nor libdes425, build may fail])
- else
- KLIBS="-ldes425"
- fi
- else
- KLIBS="-ldes"
- fi
- AC_CHECK_LIB(resolv, dn_expand, , )
- KRB4=yes
- KRB4_MSG="yes"
- AC_DEFINE(KRB4)
+ fi
+ if test ! -z "$need_dash_r" ; then
+ LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
fi
+ if test ! -z "$blibpath" ; then
+ blibpath="$blibpath:${KRB5ROOT}/lib"
+ fi
+
+ AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
+ AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
+ AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
+
+ LIBS="$LIBS $K5LIBS"
+ AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
+ [Define this if you want to use libkafs' AFS support]))
+ fi
]
)
-# Check whether user wants AFS support
-AFS_MSG="no"
-AC_ARG_WITH(afs,
- [ --with-afs=PATH Enable AFS support],
+# Check whether user wants AFS_KRB5 support
+AFS_KRB5_MSG="no"
+AC_ARG_WITH(afs-krb5,
+ [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
[
if test "x$withval" != "xno" ; then
if test "x$withval" != "xyes" ; then
- CPPFLAGS="$CPPFLAGS -I${withval}/include"
- LDFLAGS="$LDFLAGS -L${withval}/lib"
+ AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
+ [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
+ else
+ AC_DEFINE_UNQUOTED(AKLOG_PATH,
+ "/usr/bin/aklog",
+ [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
fi
- if test -z "$KRB4" ; then
- AC_MSG_WARN([AFS requires Kerberos IV support, build may fail])
+ if test -z "$KRB5ROOT" ; then
+ AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
fi
- LIBS="-lkafs $LIBS"
+ LIBS="-lkrbafs -lkrb4 $LIBS"
if test ! -z "$AFS_LIBS" ; then
LIBS="$LIBS $AFS_LIBS"
fi
- AC_DEFINE(AFS)
- AFS_MSG="yes"
+ AC_DEFINE(AFS_KRB5, 1,
+ [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
+ AFS_KRB5_MSG="yes"
fi
]
)
-LIBS="$LIBS $KLIBS $K5LIBS"
+
+AC_ARG_WITH(session-hooks,
+ [ --with-session-hooks Enable hooks for executing external commands before/after a session],
+ [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
+)
# Looking for programs, paths and files
PRIVSEP_PATH=/var/empty
AC_ARG_WITH(privsep-path,
- [ --with-privsep-path=xxx Path for privilege separation chroot ],
+ [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
[
- if test "x$withval" != "$no" ; then
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
PRIVSEP_PATH=$withval
fi
]
AC_ARG_WITH(xauth,
[ --with-xauth=PATH Specify path to xauth program ],
[
- if test "x$withval" != "xno" ; then
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
xauth_path=$withval
fi
],
[
- AC_PATH_PROG(xauth_path, xauth,,$PATH:/usr/X/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin)
+ TestPath="$PATH"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
+ AC_PATH_PROG(xauth_path, xauth, , $TestPath)
if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
xauth_path="/usr/openwin/bin/xauth"
fi
]
)
+# strip causes problems with GSI libraries...
+if test -z "$GLOBUS_LDFLAGS" ; then
+STRIP_OPT=-s
+fi
+AC_ARG_ENABLE(strip,
+ [ --disable-strip Disable calling strip(1) on install],
+ [
+ if test "x$enableval" = "xno" ; then
+ STRIP_OPT=
+ fi
+ ]
+)
+AC_SUBST(STRIP_OPT)
+
if test -z "$xauth_path" ; then
XAUTH_PATH="undefined"
AC_SUBST(XAUTH_PATH)
else
- AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
+ AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
+ [Define if xauth is found in your path])
XAUTH_PATH=$xauth_path
AC_SUBST(XAUTH_PATH)
fi
# Check for mail directory (last resort if we cannot get it from headers)
if test ! -z "$MAIL" ; then
maildir=`dirname $MAIL`
- AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
+ AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
+ [Set this to your mail directory if you don't have maillock.h])
fi
+if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
+ AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
+ disable_ptmx_check=yes
+fi
if test -z "$no_dev_ptmx" ; then
if test "x$disable_ptmx_check" != "xyes" ; then
- AC_CHECK_FILE("/dev/ptmx",
+ AC_CHECK_FILE("/dev/ptmx",
[
- AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
+ AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
+ [Define if you have /dev/ptmx])
have_dev_ptmx=1
]
)
fi
fi
-AC_CHECK_FILE("/dev/ptc",
- [
- AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
- have_dev_ptc=1
- ]
-)
+
+if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
+ AC_CHECK_FILE("/dev/ptc",
+ [
+ AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
+ [Define if you have /dev/ptc])
+ have_dev_ptc=1
+ ]
+ )
+else
+ AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
+fi
# Options from here on. Some of these are preset by platform above
AC_ARG_WITH(mantype,
]
)
if test -z "$MANTYPE"; then
- AC_PATH_PROGS(NROFF, nroff awf, /bin/false, /usr/bin:/usr/ucb)
+ TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
+ AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
MANTYPE=doc
elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
AC_SUBST(mansubdir)
# Check whether to enable MD5 passwords
-MD5_MSG="no"
+MD5_MSG="no"
AC_ARG_WITH(md5-passwords,
[ --with-md5-passwords Enable use of MD5 passwords],
[
if test "x$withval" != "xno" ; then
- AC_DEFINE(HAVE_MD5_PASSWORDS)
- MD5_MSG="yes"
+ AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
+ [Define if you want to allow MD5 passwords])
+ MD5_MSG="yes"
fi
]
)
AC_ARG_WITH(shadow,
[ --without-shadow Disable shadow password support],
[
- if test "x$withval" = "xno" ; then
+ if test "x$withval" = "xno" ; then
AC_DEFINE(DISABLE_SHADOW)
disable_shadow=yes
fi
if test "x$sp_expire_available" = "xyes" ; then
AC_MSG_RESULT(yes)
- AC_DEFINE(HAS_SHADOW_EXPIRE)
+ AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
+ [Define if you want to use shadow password expire field])
else
AC_MSG_RESULT(no)
fi
# Use ip address instead of hostname in $DISPLAY
if test ! -z "$IPADDR_IN_DISPLAY" ; then
DISPLAY_HACK_MSG="yes"
- AC_DEFINE(IPADDR_IN_DISPLAY)
+ AC_DEFINE(IPADDR_IN_DISPLAY, 1,
+ [Define if you need to use IP address
+ instead of hostname in $DISPLAY])
else
- DISPLAY_HACK_MSG="no"
+ DISPLAY_HACK_MSG="no"
AC_ARG_WITH(ipaddr-display,
[ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
[
- if test "x$withval" != "xno" ; then
+ if test "x$withval" != "xno" ; then
AC_DEFINE(IPADDR_IN_DISPLAY)
- DISPLAY_HACK_MSG="yes"
+ DISPLAY_HACK_MSG="yes"
fi
]
)
fi
+# check for /etc/default/login and use it if present.
+AC_ARG_ENABLE(etc-default-login,
+ [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
+ [ if test "x$enableval" = "xno"; then
+ AC_MSG_NOTICE([/etc/default/login handling disabled])
+ etc_default_login=no
+ else
+ etc_default_login=yes
+ fi ],
+ [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
+ then
+ AC_MSG_WARN([cross compiling: not checking /etc/default/login])
+ etc_default_login=no
+ else
+ etc_default_login=yes
+ fi ]
+)
+
+if test "x$etc_default_login" != "xno"; then
+ AC_CHECK_FILE("/etc/default/login",
+ [ external_path_file=/etc/default/login ])
+ if test "x$external_path_file" = "x/etc/default/login"; then
+ AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
+ [Define if your system has /etc/default/login])
+ fi
+fi
+
dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
-if test $ac_cv_func_login_getcapbool = "yes" -a \
- $ac_cv_header_login_cap_h = "yes" ; then
- USES_LOGIN_CONF=yes
+if test $ac_cv_func_login_getcapbool = "yes" && \
+ test $ac_cv_header_login_cap_h = "yes" ; then
+ external_path_file=/etc/login.conf
fi
+
# Whether to mess with the default path
-SERVER_PATH_MSG="(default)"
+SERVER_PATH_MSG="(default)"
AC_ARG_WITH(default-path,
[ --with-default-path= Specify default \$PATH environment for server],
[
- if test "$USES_LOGIN_CONF" = "yes" ; then
+ if test "x$external_path_file" = "x/etc/login.conf" ; then
AC_MSG_WARN([
--with-default-path=PATH has no effect on this system.
Edit /etc/login.conf instead.])
- elif test "x$withval" != "xno" ; then
+ elif test "x$withval" != "xno" ; then
+ if test ! -z "$external_path_file" ; then
+ AC_MSG_WARN([
+--with-default-path=PATH will only be used if PATH is not defined in
+$external_path_file .])
+ fi
user_path="$withval"
- SERVER_PATH_MSG="$withval"
+ SERVER_PATH_MSG="$withval"
fi
],
- [ if test "$USES_LOGIN_CONF" = "yes" ; then
- AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
+ [ if test "x$external_path_file" = "x/etc/login.conf" ; then
+ AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
else
- AC_TRY_RUN(
- [
+ if test ! -z "$external_path_file" ; then
+ AC_MSG_WARN([
+If PATH is defined in $external_path_file, ensure the path to scp is included,
+otherwise scp will not work.])
+ fi
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
/* find out what STDPATH is */
#include <stdio.h>
#ifdef HAVE_PATHS_H
# include <paths.h>
#endif
#ifndef _PATH_STDPATH
-# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
+# ifdef _PATH_USERPATH /* Irix */
+# define _PATH_STDPATH _PATH_USERPATH
+# else
+# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
+# endif
#endif
#include <sys/types.h>
#include <sys/stat.h>
{
FILE *fd;
int rc;
-
+
fd = fopen(DATA,"w");
if(fd == NULL)
exit(1);
-
+
if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
exit(1);
exit(0);
}
- ], [ user_path=`cat conftest.stdpath` ],
+ ]])],
+ [ user_path=`cat conftest.stdpath` ],
[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
)
fi
fi ]
)
-if test "$USES_LOGIN_CONF" != "yes" ; then
- AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
+if test "x$external_path_file" != "x/etc/login.conf" ; then
+ AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
AC_SUBST(user_path)
fi
AC_ARG_WITH(superuser-path,
[ --with-superuser-path= Specify different path for super-user],
[
- if test "x$withval" != "xno" ; then
- AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
+ AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
+ [Define if you want a different $PATH
+ for the superuser])
superuser_path=$withval
fi
]
)
-# Whether to force IPv4 by default (needed on broken glibc Linux)
-IPV4_HACK_MSG="no"
-AC_ARG_WITH(ipv4-default,
- [ --with-ipv4-default Use IPv4 by connections unless '-6' specified],
- [
- if test "x$withval" != "xno" ; then
- AC_DEFINE(IPV4_DEFAULT)
- IPV4_HACK_MSG="yes"
- fi
- ]
-)
-
AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
-IPV4_IN6_HACK_MSG="no"
+IPV4_IN6_HACK_MSG="no"
AC_ARG_WITH(4in6,
[ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
[
if test "x$withval" != "xno" ; then
AC_MSG_RESULT(yes)
- AC_DEFINE(IPV4_IN_IPV6)
- IPV4_IN6_HACK_MSG="yes"
+ AC_DEFINE(IPV4_IN_IPV6, 1,
+ [Detect IPv4 in IPv6 mapped addresses
+ and treat as IPv4])
+ IPV4_IN6_HACK_MSG="yes"
else
AC_MSG_RESULT(no)
fi
if test "x$inet6_default_4in6" = "xyes"; then
AC_MSG_RESULT([yes (default)])
AC_DEFINE(IPV4_IN_IPV6)
- IPV4_IN6_HACK_MSG="yes"
+ IPV4_IN6_HACK_MSG="yes"
else
AC_MSG_RESULT([no (default)])
fi
AC_ARG_WITH(bsd-auth,
[ --with-bsd-auth Enable BSD auth support],
[
- if test "x$withval" != "xno" ; then
- AC_DEFINE(BSD_AUTH)
+ if test "x$withval" != "xno" ; then
+ AC_DEFINE(BSD_AUTH, 1,
+ [Define if you have BSD auth support])
BSD_AUTH_MSG=yes
fi
]
# Where to place sshd.pid
piddir=/var/run
# make sure the directory exists
-if test ! -d $piddir ; then
+if test ! -d $piddir ; then
piddir=`eval echo ${sysconfdir}`
case $piddir in
- NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
+ NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
esac
fi
AC_ARG_WITH(pid-dir,
[ --with-pid-dir=PATH Specify location of ssh.pid file],
[
- if test "x$withval" != "xno" ; then
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
piddir=$withval
- if test ! -d $piddir ; then
+ if test ! -d $piddir ; then
AC_MSG_WARN([** no $piddir directory on this system **])
fi
fi
]
)
-AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
+AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
AC_SUBST(piddir)
dnl allow user to disable some login recording features
AC_ARG_ENABLE(lastlog,
[ --disable-lastlog disable use of lastlog even if detected [no]],
- [ AC_DEFINE(DISABLE_LASTLOG) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_LASTLOG)
+ fi
+ ]
)
AC_ARG_ENABLE(utmp,
[ --disable-utmp disable use of utmp even if detected [no]],
- [ AC_DEFINE(DISABLE_UTMP) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_UTMP)
+ fi
+ ]
)
AC_ARG_ENABLE(utmpx,
[ --disable-utmpx disable use of utmpx even if detected [no]],
- [ AC_DEFINE(DISABLE_UTMPX) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_UTMPX, 1,
+ [Define if you don't want to use utmpx])
+ fi
+ ]
)
AC_ARG_ENABLE(wtmp,
[ --disable-wtmp disable use of wtmp even if detected [no]],
- [ AC_DEFINE(DISABLE_WTMP) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_WTMP)
+ fi
+ ]
)
AC_ARG_ENABLE(wtmpx,
[ --disable-wtmpx disable use of wtmpx even if detected [no]],
- [ AC_DEFINE(DISABLE_WTMPX) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_WTMPX, 1,
+ [Define if you don't want to use wtmpx])
+ fi
+ ]
)
AC_ARG_ENABLE(libutil,
[ --disable-libutil disable use of libutil (login() etc.) [no]],
- [ AC_DEFINE(DISABLE_LOGIN) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_LOGIN)
+ fi
+ ]
)
AC_ARG_ENABLE(pututline,
[ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
- [ AC_DEFINE(DISABLE_PUTUTLINE) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_PUTUTLINE, 1,
+ [Define if you don't want to use pututline()
+ etc. to write [uw]tmp])
+ fi
+ ]
)
AC_ARG_ENABLE(pututxline,
[ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
- [ AC_DEFINE(DISABLE_PUTUTXLINE) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_PUTUTXLINE, 1,
+ [Define if you don't want to use pututxline()
+ etc. to write [uw]tmpx])
+ fi
+ ]
)
AC_ARG_WITH(lastlog,
[ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
[
- if test "x$withval" = "xno" ; then
+ if test "x$withval" = "xno" ; then
AC_DEFINE(DISABLE_LASTLOG)
- else
+ elif test -n "$withval" && test "x${withval}" != "xyes"; then
conf_lastlog_location=$withval
fi
]
fi
if test -n "$conf_lastlog_location"; then
- AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
-fi
+ AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
+ [Define if you want to specify the path to your lastlog file])
+fi
dnl utmp detection
AC_MSG_CHECKING([if your system defines UTMP_FILE])
fi
fi
if test -n "$conf_utmp_location"; then
- AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
-fi
+ AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
+ [Define if you want to specify the path to your utmp file])
+fi
dnl wtmp detection
AC_MSG_CHECKING([if your system defines WTMP_FILE])
fi
fi
if test -n "$conf_wtmp_location"; then
- AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
-fi
+ AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
+ [Define if you want to specify the path to your wtmp file])
+fi
dnl utmpx detection - I don't know any system so perverse as to require
AC_DEFINE(DISABLE_UTMPX)
fi
else
- AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
-fi
+ AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
+ [Define if you want to specify the path to your utmpx file])
+fi
dnl wtmpx detection
AC_MSG_CHECKING([if your system defines WTMPX_FILE])
AC_DEFINE(DISABLE_WTMPX)
fi
else
- AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
-fi
+ AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
+ [Define if you want to specify the path to your wtmpx file])
+fi
if test ! -z "$blibpath" ; then
- LDFLAGS="$LDFLAGS -blibpath:$blibpath"
- AC_MSG_WARN([Please check and edit -blibpath in LDFLAGS in Makefile])
+ LDFLAGS="$LDFLAGS $blibflags$blibpath"
+ AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
fi
-dnl remove pam and dl because they are in $LIBPAM
-if test "$PAM_MSG" = yes ; then
- LIBS=`echo $LIBS | sed 's/-lpam //'`
-fi
-if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
- LIBS=`echo $LIBS | sed 's/-ldl //'`
+dnl Adding -Werror to CFLAGS early prevents configure tests from running.
+dnl Add now.
+CFLAGS="$CFLAGS $werror_flags"
+
+if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
+ test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
+ AC_SUBST(TEST_SSH_IPV6, no)
+else
+ AC_SUBST(TEST_SSH_IPV6, yes)
fi
AC_EXEEXT
-AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
+AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
+ openbsd-compat/Makefile openbsd-compat/regress/Makefile \
+ scard/Makefile ssh_prng_cmds survey.sh])
AC_OUTPUT
# Print summary of options
echo " Manual pages: $F"
echo " PID file: $G"
echo " Privilege separation chroot path: $H"
-if test "$USES_LOGIN_CONF" = "yes" ; then
-echo " At runtime, sshd will use the path defined in /etc/login.conf"
+if test "x$external_path_file" = "x/etc/login.conf" ; then
+echo " At runtime, sshd will use the path defined in $external_path_file"
+echo " Make sure the path to scp is present, otherwise scp will not work"
else
echo " sshd default user PATH: $I"
+ if test ! -z "$external_path_file"; then
+echo " (If PATH is set in $external_path_file it will be used instead. If"
+echo " used, ensure the path to scp is present, otherwise scp will not work.)"
+ fi
fi
if test ! -z "$superuser_path" ; then
echo " sshd superuser user PATH: $J"
fi
echo " Manpage format: $MANTYPE"
-echo " PAM support: ${PAM_MSG}"
-echo " KerberosIV support: $KRB4_MSG"
+echo " PAM support: $PAM_MSG"
+echo " OSF SIA support: $SIA_MSG"
echo " KerberosV support: $KRB5_MSG"
+echo " SELinux support: $SELINUX_MSG"
echo " Smartcard support: $SCARD_MSG"
-echo " AFS support: $AFS_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
echo " MD5 password support: $MD5_MSG"
+echo " libedit support: $LIBEDIT_MSG"
+echo " Solaris process contract support: $SPC_MSG"
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
-echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
echo " BSD Auth support: $BSD_AUTH_MSG"
echo " Random number source: $RAND_MSG"
echo " Compiler flags: ${CFLAGS}"
echo "Preprocessor flags: ${CPPFLAGS}"
echo " Linker flags: ${LDFLAGS}"
-echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
+echo " Libraries: ${LIBS}"
+if test ! -z "${SSHDLIBS}"; then
+echo " +for sshd: ${SSHDLIBS}"
+fi
echo ""
+if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
+ echo "SVR4 style packages are supported with \"make package\""
+ echo ""
+fi
+
if test "x$PAM_MSG" = "xyes" ; then
echo "PAM is enabled. You may need to install a PAM control file "
echo "for sshd, otherwise password authentication may fail. "
- echo "Example PAM control files can be found in the contrib/ "
+ echo "Example PAM control files can be found in the contrib/ "
echo "subdirectory"
echo ""
fi
-if test ! -z "$NO_SFTP"; then
- echo "sftp-server will be disabled. Your compiler does not "
- echo "support 64bit integers."
- echo ""
-fi
-
if test ! -z "$RAND_HELPER_CMDHASH" ; then
echo "WARNING: you are using the builtin random number collection "
echo "service. Please read WARNING.RNG and request that your OS "
echo ""
fi
+if test ! -z "$NO_PEERCHECK" ; then
+ echo "WARNING: the operating system that you are using does not"
+ echo "appear to support getpeereid(), getpeerucred() or the"
+ echo "SO_PEERCRED getsockopt() option. These facilities are used to"
+ echo "enforce security checks to prevent unauthorised connections to"
+ echo "ssh-agent. Their absence increases the risk that a malicious"
+ echo "user can connect to your agent."
+ echo ""
+fi
+
+if test "$AUDIT_MODULE" = "bsm" ; then
+ echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
+ echo "See the Solaris section in README.platform for details."
+fi
andersk / gssapi-openssh.git / blobdiff