AC_CONFIG_SRCDIR([ssh.c])
AC_CONFIG_HEADER(config.h)
+
+# Handle Globus configuration right away, because the Globus flavor
+# determines our compiler options.
+
+# Check whether the user wants GSI (Globus) support
+gsi_path="no"
+AC_ARG_WITH(gsi,
+ [ --with-gsi Enable Globus GSI authentication support],
+ [
+ gsi_path="$withval"
+ ]
+)
+
+AC_ARG_WITH(globus,
+ [ --with-globus Enable Globus GSI authentication support],
+ [
+ gsi_path="$withval"
+ ]
+)
+
+AC_ARG_WITH(globus-static,
+ [ --with-globus-static Link statically with Globus GSI libraries],
+ [
+ gsi_static="-static"
+ if test "x$gsi_path" = "xno" ; then
+ gsi_path="$withval"
+ fi
+ ]
+)
+
+# Check whether the user has a Globus flavor type
+globus_flavor_type="no"
+AC_ARG_WITH(globus-flavor,
+ [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
+ [
+ globus_flavor_type="$withval"
+ if test "x$gsi_path" = "xno" ; then
+ gsi_path="yes"
+ fi
+ ]
+)
+
+if test "x$gsi_path" != "xno" ; then
+ # Globus GSSAPI configuration
+ AC_MSG_CHECKING(for Globus GSI)
+ AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
+
+ if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
+ AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
+ fi
+ if test -z "$GSSAPI"; then
+ AC_DEFINE(GSSAPI)
+ GSSAPI="GSI"
+ fi
+
+ if test "x$gsi_path" = "xyes" ; then
+ if test -z "$GLOBUS_LOCATION" ; then
+ AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
+ else
+ gsi_path="$GLOBUS_LOCATION"
+ fi
+ fi
+ GLOBUS_LOCATION="$gsi_path"
+ export GLOBUS_LOCATION
+ if test ! -d "$GLOBUS_LOCATION" ; then
+ AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
+ fi
+
+ if test "x$globus_flavor_type" = "xno" ; then
+ AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
+ fi
+ if test "x$globus_flavor_type" = "xyes" ; then
+ AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
+ fi
+
+ GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
+ if test ! -d "$GLOBUS_INCLUDE" ; then
+ AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
+ fi
+
+ if test -x ${gsi_path}/bin/globus-makefile-header ; then
+ ${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
+ elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
+ ${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
+ else
+ AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
+ fi
+ . ./gpt_build_tmp.sh
+ if test -z "$GLOBUS_PKG_LIBS" ; then
+ AC_MSG_ERROR(globus-makefile-header failed)
+ fi
+
+ AC_MSG_RESULT($GLOBUS_LOCATION)
+ AC_DEFINE(HAVE_GSSAPI_H)
+
+ CC="$GLOBUS_CC"
+ CFLAGS="$GLOBUS_CFLAGS"
+ CPP="$GLOBUS_CPP"
+ CPPFLAGS="$GLOBUS_CPPFLAGS $GLOBUS_INCLUDES"
+ LIBS="$LIBS $GLOBUS_LIBS $GLOBUS_PKG_LIBS"
+ LD="$GLOBUS_LD"
+ LDFLAGS="$LDFLAGS $GLOBUS_LDFLAGS"
+
+ INSTALL_GSISSH="yes"
+else
+ INSTALL_GSISSH=""
+fi
+# End Globus/GSI section
+
AC_PROG_CC
AC_CANONICAL_HOST
AC_C_BIGENDIAN
# -fstack-protector-all doesn't always work for some GCC versions
# and/or platforms, so we test if we can. If it's not supported
- # on a give platform gcc will emit a warning so we use -Werror.
+ # on a given platform gcc will emit a warning so we use -Werror.
if test "x$use_stack_protector" = "x1"; then
for t in -fstack-protector-all -fstack-protector; do
AC_MSG_CHECKING(if $CC supports $t)
LDFLAGS="$LDFLAGS $t -Werror"
AC_LINK_IFELSE(
[AC_LANG_SOURCE([
-#include <stdlib.h>
-int main(void){return 0;}
+#include <stdio.h>
+int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
])],
[ AC_MSG_RESULT(yes)
CFLAGS="$saved_CFLAGS $t"
AC_MSG_CHECKING(if $t works)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([
-#include <stdlib.h>
-int main(void){exit(0);}
+#include <stdio.h>
+int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
])],
[ AC_MSG_RESULT(yes)
break ],
AC_DEFINE(BROKEN_SETREGID)
;;
*-*-darwin*)
- AC_MSG_CHECKING(if we have working getaddrinfo)
- AC_TRY_RUN([#include <mach-o/dyld.h>
-main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
- exit(0);
- else
- exit(1);
-}], [AC_MSG_RESULT(working)],
- [AC_MSG_RESULT(buggy)
- AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
- [AC_MSG_RESULT(assume it is working)])
+ AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
+ AC_DEFINE(BROKEN_GETADDRINFO)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
[Use tunnel device compatibility to OpenBSD])
AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
[Prepend the address family to IP tunnel traffic])
+ AC_MSG_CHECKING(if we have the Security Authorization Session API)
+ AC_TRY_COMPILE([#include <Security/AuthSession.h>],
+ [SessionCreate(0, 0);],
+ [ac_cv_use_security_session_api="yes"
+ AC_DEFINE(USE_SECURITY_SESSION_API, 1,
+ [platform has the Security Authorization Session API])
+ LIBS="$LIBS -framework Security"
+ AC_MSG_RESULT(yes)],
+ [ac_cv_use_security_session_api="no"
+ AC_MSG_RESULT(no)])
+ AC_MSG_CHECKING(if we have an in-memory credentials cache)
+ AC_TRY_COMPILE(
+ [#include <Kerberos/Kerberos.h>],
+ [cc_context_t c;
+ (void) cc_initialize (&c, 0, NULL, NULL);],
+ [AC_DEFINE(USE_CCAPI, 1,
+ [platform uses an in-memory credentials cache])
+ LIBS="$LIBS -framework Security"
+ AC_MSG_RESULT(yes)
+ if test "x$ac_cv_use_security_session_api" = "xno"; then
+ AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
+ fi],
+ [AC_MSG_RESULT(no)]
+ )
m4_pattern_allow(AU_IPv)
AC_CHECK_DECL(AU_IPv4, [],
AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
[#include <bsm/audit.h>]
+ AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
+ [Define if pututxline updates lastlog too])
)
;;
*-*-dragonfly*)
AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
+*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
+ check_for_libcrypt_later=1
+ AC_DEFINE(PAM_TTY_KLUDGE)
+ AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
+ AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
+ AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
+ AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
+ ;;
*-*-linux*)
no_dev_ptmx=1
check_for_libcrypt_later=1
;;
# UnixWare 7.x, OpenUNIX 8
*-*-sysv5*)
- check_for_libcrypt_later=1
AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
AC_DEFINE(USE_PIPES)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_LIBIAF, 1,
[ia_uinfo routines not supported by OS yet])
AC_DEFINE(BROKEN_UPDWTMPX)
+ AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
+ AC_CHECK_FUNCS(getluid setluid,,,-lprot)
+ AC_DEFINE(HAVE_SECUREWARE)
+ AC_DEFINE(DISABLE_SHADOW)
+ ],,)
;;
*) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
+ check_for_libcrypt_later=1
;;
esac
;;
dnl Checks for utmpx functions
AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
AC_CHECK_FUNCS(setutxent utmpxname)
+dnl Checks for lastlog functions
+AC_CHECK_FUNCS(getlastlogxbyname)
AC_CHECK_FUNC(daemon,
[AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
fi
]
)
+if test -z "$GLOBUS_LDFLAGS" ; then
LIBS="-lcrypto $LIBS"
+fi
AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
[Define if your ssl headers are included
with #include <openssl/header.h>]),
if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
[define if you have struct in6_addr data type])
+
+dnl Now check for sin6_scope_id
+ AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
+ [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <netinet/in.h>
+ ])
fi
AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
fi ]
)
+# Finish configuring Globus GSSAPI
+if test "x$gsi_path" != "xno" ; then
+ if test ! -z "$need_dash_r" ; then
+ LDFLAGS="$LDFLAGS -R${gsi_path}/lib"
+ fi
+ if test ! -z "$blibpath" ; then
+ blibpath="$blibpath:${gsi_path}/lib"
+ fi
+ # test that we got the libraries OK
+ AC_TRY_LINK(
+ [],
+ [],
+ [],
+ [
+ AC_MSG_ERROR(link with Globus libraries failed)
+ ]
+ )
+ AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
+fi
+AC_SUBST(INSTALL_GSISSH)
+
+# Check whether the user wants GSSAPI mechglue support
+AC_ARG_WITH(mechglue,
+ [ --with-mechglue=PATH Build with GSSAPI mechglue library],
+ [
+ AC_MSG_CHECKING(for mechglue library)
+
+ if test -e ${withval}/libgssapi.a ; then
+ mechglue_lib=${withval}/libgssapi.a
+ elif test -e ${withval}/lib/libgssapi.a ; then
+ mechglue_lib=${withval}/lib/libgssapi.a
+ else
+ AC_MSG_ERROR("Can't find libgssapi in ${withval}");
+ fi
+ LIBS="${mechglue_lib} $LIBS"
+ AC_MSG_RESULT(${mechglue_lib})
+
+ AC_CHECK_LIB(dl, dlopen, , )
+ if test $ac_cv_lib_dl_dlopen = yes; then
+ LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
+ fi
+
+ AC_DEFINE(GSSAPI)
+ AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
+ GSSAPI="mechglue"
+ ]
+)
+
+
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
AC_CHECK_HEADER(gssapi_krb5.h, ,
[ CPPFLAGS="$oldCPP" ])
- fi
+ # If we're using some other GSSAPI
+ if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
+ AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
+ fi
+
+ if test -z "$GSSAPI"; then
+ GSSAPI="KRB5";
+ fi
+
+ oldCPP="$CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+ AC_CHECK_HEADER(gssapi_krb5.h, ,
+ [ CPPFLAGS="$oldCPP" ])
+
+ fi
if test ! -z "$need_dash_r" ; then
LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
fi
]
)
+# Check whether user wants AFS_KRB5 support
+AFS_KRB5_MSG="no"
+AC_ARG_WITH(afs-krb5,
+ [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
+ [
+ if test "x$withval" != "xno" ; then
+
+ if test "x$withval" != "xyes" ; then
+ AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
+ [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
+ else
+ AC_DEFINE_UNQUOTED(AKLOG_PATH,
+ "/usr/bin/aklog",
+ [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
+ fi
+
+ if test -z "$KRB5ROOT" ; then
+ AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
+ fi
+
+ LIBS="-lkrbafs -lkrb4 $LIBS"
+ if test ! -z "$AFS_LIBS" ; then
+ LIBS="$LIBS $AFS_LIBS"
+ fi
+ AC_DEFINE(AFS_KRB5, 1,
+ [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
+ AFS_KRB5_MSG="yes"
+ fi
+ ]
+)
+
+AC_ARG_WITH(session-hooks,
+ [ --with-session-hooks Enable hooks for executing external commands before/after a session],
+ [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
+)
+
# Looking for programs, paths and files
PRIVSEP_PATH=/var/empty
]
)
+# strip causes problems with GSI libraries...
+if test -z "$GLOBUS_LDFLAGS" ; then
STRIP_OPT=-s
+fi
AC_ARG_ENABLE(strip,
[ --disable-strip Disable calling strip(1) on install],
[