if test ! -d "$GLOBUS_INCLUDE" ; then
AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
fi
- GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
if test -x ${gsi_path}/bin/globus-makefile-header ; then
${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
fi
. ./gpt_build_tmp.sh
- if test -n "${need_dash_r}"; then
- GSI_LDFLAGS="-L${gsi_path}/lib -R${gsi_path}/lib"
- else
- GSI_LDFLAGS="-L${gsi_path}/lib"
- fi
if test -z "$GLOBUS_PKG_LIBS" ; then
AC_MSG_ERROR(globus-makefile-header failed)
fi
- if (test -n "$LIBPATH"); then
- blibpath="$LIBPATH"
- fi
-
+ AC_MSG_RESULT($GLOBUS_LOCATION)
AC_DEFINE(HAVE_GSSAPI_H)
CC="$GLOBUS_CC"
LD="$GLOBUS_LD"
LDFLAGS="$LDFLAGS $GLOBUS_LDFLAGS"
- # test that we got the libraries OK
- AC_TRY_LINK(
- [],
- [],
- [
- AC_MSG_RESULT(yes)
- ],
- [
- AC_MSG_ERROR(link with Globus libraries failed)
- ]
- )
- AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
INSTALL_GSISSH="yes"
else
INSTALL_GSISSH=""
fi
-AC_SUBST(INSTALL_GSISSH)
# End Globus/GSI section
AC_PROG_CC
no_attrib_nonnull=1
;;
2.*) no_attrib_nonnull=1 ;;
- 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
- 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
+ 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
+ 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
*) ;;
esac
+ AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-builtin-memset"
+ AC_LINK_IFELSE( [AC_LANG_SOURCE([[
+#include <string.h>
+int main(void){char b[10]; memset(b, 0, sizeof(b));}
+ ]])],
+ [ AC_MSG_RESULT(yes) ],
+ [ AC_MSG_RESULT(no)
+ CFLAGS="$saved_CFLAGS" ]
+)
+
# -fstack-protector-all doesn't always work for some GCC versions
# and/or platforms, so we test if we can. If it's not supported
- # on a give platform gcc will emit a warning so we use -Werror.
+ # on a given platform gcc will emit a warning so we use -Werror.
if test "x$use_stack_protector" = "x1"; then
for t in -fstack-protector-all -fstack-protector; do
AC_MSG_CHECKING(if $CC supports $t)
LDFLAGS="$LDFLAGS $t -Werror"
AC_LINK_IFELSE(
[AC_LANG_SOURCE([
-#include <stdlib.h>
-int main(void){return 0;}
+#include <stdio.h>
+int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
])],
[ AC_MSG_RESULT(yes)
CFLAGS="$saved_CFLAGS $t"
AC_MSG_CHECKING(if $t works)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([
-#include <stdlib.h>
-int main(void){exit(0);}
+#include <stdio.h>
+int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
])],
[ AC_MSG_RESULT(yes)
break ],
sys/stream.h \
sys/stropts.h \
sys/strtio.h \
+ sys/statvfs.h \
sys/sysmacros.h \
sys/time.h \
sys/timers.h \
#include <sys/types.h>
])
+# older BSDs need sys/param.h before sys/mount.h
+AC_CHECK_HEADERS(sys/mount.h, [], [], [
+#include <sys/param.h>
+])
+
# Messages for features tested for in target-specific section
SIA_MSG="no"
SPC_MSG="no"
AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
AC_DEFINE(DISABLE_SHADOW, 1,
[Define if you want to disable shadow passwords])
- AC_DEFINE(IP_TOS_IS_BROKEN, 1,
- [Define if your system choked on IP TOS setting])
AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
[Define if X11 doesn't support AF_UNIX sockets on that system])
AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
AC_DEFINE(DISABLE_FD_PASSING, 1,
[Define if your platform needs to skip post auth
file descriptor passing])
+ AC_DEFINE(SSH_IOBUFSZ, 65536, [Windows is sensitive to read buffer size])
;;
*-*-dgux*)
- AC_DEFINE(IP_TOS_IS_BROKEN)
+ AC_DEFINE(IP_TOS_IS_BROKEN, 1,
+ [Define if your system choked on IP TOS setting])
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
[Use tunnel device compatibility to OpenBSD])
AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
[Prepend the address family to IP tunnel traffic])
- m4_pattern_allow(AU_IPv)
- AC_CHECK_DECL(AU_IPv4, [],
- AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
- [#include <bsm/audit.h>]
- )
AC_MSG_CHECKING(if we have the Security Authorization Session API)
AC_TRY_COMPILE([#include <Security/AuthSession.h>],
[SessionCreate(0, 0);],
fi],
[AC_MSG_RESULT(no)]
)
+ m4_pattern_allow(AU_IPv)
+ AC_CHECK_DECL(AU_IPv4, [],
+ AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
+ [#include <bsm/audit.h>]
+ AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
+ [Define if pututxline updates lastlog too])
+ )
;;
*-*-dragonfly*)
SSHDLIBS="$SSHDLIBS -lcrypt"
AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
+*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
+ check_for_libcrypt_later=1
+ AC_DEFINE(PAM_TTY_KLUDGE)
+ AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
+ AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
+ AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
+ AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
+ ;;
*-*-linux*)
no_dev_ptmx=1
check_for_libcrypt_later=1
check_for_openpty_ctty_bug=1
- AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
AC_DEFINE(PAM_TTY_KLUDGE, 1,
[Work around problematic Linux PAM modules handling of PAM_TTY])
AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
after setsid()])
AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
in case the name is longer than 8 chars])
+ AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
external_path_file=/etc/default/login
# hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog"
;;
# UnixWare 7.x, OpenUNIX 8
*-*-sysv5*)
- check_for_libcrypt_later=1
AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
AC_DEFINE(USE_PIPES)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_LIBIAF, 1,
[ia_uinfo routines not supported by OS yet])
AC_DEFINE(BROKEN_UPDWTMPX)
+ AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
+ AC_CHECK_FUNCS(getluid setluid,,,-lprot)
+ AC_DEFINE(HAVE_SECUREWARE)
+ AC_DEFINE(DISABLE_SHADOW)
+ ],,)
;;
*) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
+ check_for_libcrypt_later=1
;;
esac
;;
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
;;
*-*-nto-qnx*)
fi ]
)
+AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
AC_CHECK_LIB(z, deflate, ,
[
saved_CPPFLAGS="$CPPFLAGS"
)
]
)
-AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
AC_ARG_WITH(zlib-version-check,
[ --without-zlib-version-check Disable zlib version check],
AC_CHECK_HEADERS(libutil.h)
AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
[Define if your libraries define login()])])
-AC_CHECK_FUNCS(logout updwtmp logwtmp)
+AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
+
+dnl
+dnl Check for globus_usage_stats_send
+dnl
+AC_SEARCH_LIBS(globus_usage_stats_send,
+ globus_usage globus_usage_${globus_flavor_type},
+ AC_DEFINE([HAVE_GLOBUS_USAGE], 1, [Have Globus Usage]))
+dnl
+dnl Check for globus_usage_stats_send_array
+dnl
+AC_SEARCH_LIBS(globus_usage_stats_send_array,
+ globus_usage globus_usage_${globus_flavor_type},
+ AC_DEFINE([HAVE_GLOBUS_USAGE_SEND_ARRAY], 1, [Have Globus Usage send_array]))
AC_FUNC_STRFTIME
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS( \
arc4random \
+ arc4random_buf \
+ arc4random_uniform \
asprintf \
b64_ntop \
__b64_ntop \
fchmod \
fchown \
freeaddrinfo \
+ fstatvfs \
futimes \
getaddrinfo \
getcwd \
sigvec \
snprintf \
socketpair \
+ statfs \
+ statvfs \
strdup \
strerror \
strlcat \
dnl Checks for utmpx functions
AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
AC_CHECK_FUNCS(setutxent utmpxname)
+dnl Checks for lastlog functions
+AC_CHECK_FUNCS(getlastlogxbyname)
AC_CHECK_FUNC(daemon,
[AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
fi
]
)
-if test -z "$GSI_LDFLAGS" ; then
+if test -z "$GLOBUS_LDFLAGS" ; then
LIBS="-lcrypto $LIBS"
fi
AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
fi
CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
+ AC_CHECK_HEADER([openssl/opensslv.h], ,
+ AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
[
AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
]
)
+AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
+AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <string.h>
+#include <openssl/evp.h>
+int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
+ ]])],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
+ [Define if EVP_DigestUpdate returns void])
+ ]
+)
+
# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
# because the system crypt() is more featureful.
if test "x$check_for_libcrypt_before" = "x1"; then
TYPE_SOCKLEN_T
AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
+AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
+#include <sys/types.h>
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_SYS_STATFS_H
+#include <sys/statfs.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+])
-AC_CHECK_TYPES(in_addr_t,,,
+AC_CHECK_TYPES([in_addr_t, in_port_t],,,
[#include <sys/types.h>
#include <netinet/in.h>])
if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
[define if you have struct in6_addr data type])
+
+dnl Now check for sin6_scope_id
+ AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
+ [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <netinet/in.h>
+ ])
fi
AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
file descriptor passing])
fi
+AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/stat.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#ifdef HAVE_SYS_MOUNT_H
+#include <sys/mount.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+], [struct statvfs s; s.f_fsid = 0;],
+[ AC_MSG_RESULT(yes) ],
+[ AC_MSG_RESULT(no)
+
+ AC_MSG_CHECKING(if fsid_t has member val)
+ AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/statvfs.h>],
+ [fsid_t t; t.val[0] = 0;],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
+ [ AC_MSG_RESULT(no) ])
+
+ AC_MSG_CHECKING(if f_fsid has member __val)
+ AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/statvfs.h>],
+ [fsid_t t; t.__val[0] = 0;],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
+ [ AC_MSG_RESULT(no) ])
+])
+
AC_CACHE_CHECK([for msg_control field in struct msghdr],
ac_cv_have_control_in_msghdr, [
AC_COMPILE_IFELSE(
AC_SEARCH_LIBS(res_query, resolv)
AC_SEARCH_LIBS(dn_expand, resolv)
AC_MSG_CHECKING(if res_query will link)
- AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
+ AC_LINK_IFELSE([
+#include "confdefs.h"
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <netdb.h>
+#include <resolv.h>
+int main()
+{
+ res_query (0, 0, 0, 0, 0);
+ return 0;
+}
+ ],
+ AC_MSG_RESULT(yes),
[AC_MSG_RESULT(no)
saved_LIBS="$LIBS"
LIBS="$LIBS -lresolv"
AC_MSG_CHECKING(for res_query in -lresolv)
AC_LINK_IFELSE([
+#include "confdefs.h"
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <netdb.h>
#include <resolv.h>
int main()
{
return 0;
}
],
- [LIBS="$LIBS -lresolv"
- AC_MSG_RESULT(yes)],
+ [AC_MSG_RESULT(yes)],
[LIBS="$saved_LIBS"
AC_MSG_RESULT(no)])
])
fi ]
)
+# Finish configuring Globus GSSAPI
+if test "x$gsi_path" != "xno" ; then
+ if test ! -z "$need_dash_r" ; then
+ LDFLAGS="$LDFLAGS -R${gsi_path}/lib"
+ fi
+ if test ! -z "$blibpath" ; then
+ blibpath="$blibpath:${gsi_path}/lib"
+ fi
+ # test that we got the libraries OK
+ AC_TRY_LINK(
+ [],
+ [],
+ [],
+ [
+ AC_MSG_ERROR(link with Globus libraries failed)
+ ]
+ )
+ AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
+fi
+AC_SUBST(INSTALL_GSISSH)
+
# Check whether the user wants GSSAPI mechglue support
AC_ARG_WITH(mechglue,
[ --with-mechglue=PATH Build with GSSAPI mechglue library],
AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
KRB5_MSG="yes"
- AC_MSG_CHECKING(for krb5-config)
- if test -x $KRB5ROOT/bin/krb5-config ; then
- KRB5CONF=$KRB5ROOT/bin/krb5-config
- AC_MSG_RESULT($KRB5CONF)
+ AC_PATH_PROG([KRB5CONF],[krb5-config],
+ [$KRB5ROOT/bin/krb5-config],
+ [$KRB5ROOT/bin:$PATH])
+ if test -x $KRB5CONF ; then
AC_MSG_CHECKING(for gssapi support)
if $KRB5CONF | grep gssapi >/dev/null ; then
AC_MSG_RESULT(no)
)
else
- AC_MSG_RESULT(no)
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
AC_MSG_CHECKING(whether we are using Heimdal)
)
AC_SEARCH_LIBS(dn_expand, resolv)
- AC_CHECK_LIB(gssapi,gss_init_sec_context,
+ AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
[ AC_DEFINE(GSSAPI)
- K5LIBS="-lgssapi $K5LIBS" ],
- [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
+ K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+ [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
[ AC_DEFINE(GSSAPI)
- K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+ K5LIBS="-lgssapi $K5LIBS" ],
AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
$K5LIBS)
],
]
)
+# strip causes problems with GSI libraries...
+if test -z "$GLOBUS_LDFLAGS" ; then
STRIP_OPT=-s
+fi
AC_ARG_ENABLE(strip,
[ --disable-strip Disable calling strip(1) on install],
[
dnl Add now.
CFLAGS="$CFLAGS $werror_flags"
+if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
+ test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
+ AC_SUBST(TEST_SSH_IPV6, no)
+else
+ AC_SUBST(TEST_SSH_IPV6, yes)
+fi
+
AC_EXEEXT
AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
openbsd-compat/Makefile openbsd-compat/regress/Makefile \