AC_DEFINE(BROKEN_REALPATH)
dnl AIX handles lastlog as part of its login message
AC_DEFINE(DISABLE_LASTLOG)
+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
;;
*-*-cygwin*)
LIBS="$LIBS /usr/lib/textmode.o"
AC_DEFINE(IPV4_DEFAULT)
AC_DEFINE(IP_TOS_IS_BROKEN)
AC_DEFINE(NO_X11_UNIX_SOCKETS)
+ AC_DEFINE(BROKEN_FD_PASSING)
+ AC_DEFINE(SETGROUPS_NOOP)
;;
*-*-dgux*)
AC_DEFINE(IP_TOS_IS_BROKEN)
*-*-sysv4.2*)
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
-# enable_suid_ssh=no
AC_DEFINE(USE_PIPES)
;;
*-*-sysv5*)
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
-# enable_suid_ssh=no
AC_DEFINE(USE_PIPES)
;;
*-*-sysv*)
CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
- rsh_path="/usr/bin/rcmd"
RANLIB=true
no_dev_ptmx=1
AC_DEFINE(BROKEN_SYS_TERMIO_H)
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lprot -lx -ltinfo -lm"
no_dev_ptmx=1
- rsh_path="/usr/bin/rcmd"
AC_DEFINE(USE_PIPES)
AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(DISABLE_SHADOW)
+ AC_DEFINE(BROKEN_FD_PASSING)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
;;
no_libsocket=1
no_libnsl=1
AC_DEFINE(USE_PIPES)
+ AC_DEFINE(BROKEN_FD_PASSING)
LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib"
LIBS="$LIBS -lgen -lrsc"
;;
]
)
+# Check whether the user wants GSSAPI mechglue support
+AC_ARG_WITH(mechglue,
+ [ --with-mechglue=PATH Build with GSSAPI mechglue library],
+ [
+ AC_MSG_CHECKING(for mechglue library)
+
+ if test -e ${withval}/libgssapi.a ; then
+ mechglue_lib=${withval}/libgssapi.a
+ elif test -e ${withval}/lib/libgssapi.a ; then
+ mechglue_lib=${withval}/lib/libgssapi.a
+ else
+ AC_MSG_ERROR("Can't find libgssapi in ${withval}");
+ fi
+ LIBS="$LIBS ${mechglue_lib}"
+ AC_MSG_RESULT(${mechglue_lib})
+
+# if test -e ${withval}/gssapi.h ; then
+# CPPFLAGS="$CPPFLAGS -I${withval}"
+# elif test -e ${withval}/include/gssapi.h ; then
+# CPPFLAGS="$CPPFLAGS -I${withval}/include"
+# else
+# AC_MSG_ERROR("Can't find gssapi.h in ${withval}");
+# fi
+
+ AC_CHECK_LIB(dl, dlopen, , )
+ if test $ac_cv_lib_dl_dlopen = yes; then
+ LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
+ fi
+
+ AC_DEFINE(GSSAPI)
+ AC_DEFINE(MECHGLUE)
+ GSSAPI="mechglue"
+
+ ]
+)
+
+
# Check whether the user wants GSI (Globus) support
gsi_path="no"
AC_ARG_WITH(gsi,
if test "x$gsi_path" != "xno" ; then
# Globus GSSAPI configuration
- AC_DEFINE(GSSAPI)
AC_DEFINE(GSI)
+ if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
+ AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus/GSI.])
+ fi
+ if test -z "$GSSAPI"; then
+ AC_DEFINE(GSSAPI)
+ GSSAPI="GSI"
+ fi
+
# Find GLOBUS/GSI installation Directory
AC_MSG_CHECKING(for Globus/GSI installation directory)
globus_install_dir=$gsi_path
if test "x$globus_install_dir" = "xyes" ; then
- if test -n "$GLOBUS_INSTALL_PATH" ; then
- globus_install_dir=$GLOBUS_INSTALL_PATH
- elif test -n "$GSI_INSTALL_PATH" ; then
- globus_install_dir=$GSI_INSTALL_PATH
- elif test -d /usr/local/globus ; then
- globus_install_dir="/usr/local/globus"
- elif test -d /usr/local/gsi ; then
- globus_install_dir="/usr/local/gsi"
- else
- AC_MSG_ERROR(Cannot find Globus/GSI installation directory)
- fi
+ AC_MSG_ERROR(Cannot find Globus/GSI installation directory -- a path must be specified!)
fi
AC_MSG_RESULT($globus_install_dir)
globus_dev_dir=`${dev_path_program}`
if test -z "$globus_dev_dir" -o "X$globus_dev_dir" = "X<not found>" ; then
- AC_MSG_ERROR(Cannot find Globus/GSI development directory)
+ AC_MSG_ERROR(Cannot find Globus/GSI development directory)
fi
if test ! -d "$globus_dev_dir" ; then
AC_MSG_CHECKING(for Globus flavor type)
if test "x$globus_flavor_type" = "xno" ; then
- GSI_LIBS="-lglobus_gss_assist -lglobus_gss -lglobus_gaa"
+ if test "$GSSAPI" = "mechglue"; then
+ GSI_LIBS="-lglobus_gss_assist -lglobus_gaa"
+ else
+ GSI_LIBS="-lglobus_gss_assist -lglobus_gss -lglobus_gaa"
+ fi
GSI_LDFLAGS="-L${globus_dev_dir}/lib"
- GSI_CFLAGS="-I${globus_dev_dir}/include"
+ GSI_CPPFLAGS="-I${globus_dev_dir}/include"
AC_MSG_RESULT(none)
else
GLOBUS_FLAVOR_TYPE_INCL_DIR="${globus_dev_dir}/include/${globus_flavor_type}"
fi
AC_MSG_RESULT($globus_flavor_type)
- GSI_LIBS="-lglobus_gss_assist_${globus_flavor_type} -lglobus_gssapi_gsi_${globus_flavor_type}"
- GSI_LDFLAGS="-L${globus_dev_dir}/lib"
- GSI_CFLAGS="-I${GLOBUS_FLAVOR_TYPE_INCL_DIR}"
+ if test "$GSSAPI" = "mechglue"; then
+ GSI_LIBS="${gsi_path}/lib/libglobus_gss_assist_${globus_flavor_type}.a"
+ else
+ GSI_LIBS="${gsi_path}/lib/libglobus_gss_assist_${globus_flavor_type}.a ${gsi_path}/lib/libglobus_gssapi_gsi_${globus_flavor_type}.a"
+ fi
+ GSI_CPPFLAGS="-I${GLOBUS_FLAVOR_TYPE_INCL_DIR}"
fi
LIBS="$LIBS $GSI_LIBS"
LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
- CFLAGS="$CFLAGS $GSI_CFLAGS"
-# End Globus/GSI section
+ CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
+ INSTALL_GSISSH="yes"
+else
+ INSTALL_GSISSH=""
fi
+AC_SUBST(INSTALL_GSISSH)
+# End Globus/GSI section
# Check whether user wants S/Key support
SKEY_MSG="no"
inet_ntop innetgr login_getcapbool md5_crypt memmove \
mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
- setenv seteuid setlogin setproctitle setresgid setreuid setrlimit \
- setsid setvbuf sigaction sigvec snprintf socketpair strerror \
- strlcat strlcpy strmode strsep sysconf tcgetpgrp truncate utimes \
- vhangup vsnprintf waitpid __b64_ntop _getpty)
+ setenv seteuid setgroups setlogin setproctitle setresgid setreuid \
+ setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
+ socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
+ truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
+
+if test $ac_cv_func_mmap = yes ; then
+AC_MSG_CHECKING([for mmap anon shared])
+AC_TRY_RUN(
+ [
+#include <stdio.h>
+#include <sys/mman.h>
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+#define MAP_ANON MAP_ANONYMOUS
+#endif
+main() { char *p;
+p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
+if (p == (char *)-1)
+ exit(1);
+exit(0);
+}
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_MMAP_ANON_SHARED)
+ ],
+ [ AC_MSG_RESULT(no) ]
+)
+fi
dnl IRIX and Solaris 2.5.1 have dirname() in libgen
AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
AC_CHECK_FUNCS(setutxent utmpxname)
-AC_CHECK_FUNC(getuserattr,
- [AC_DEFINE(HAVE_GETUSERATTR)],
- [AC_CHECK_LIB(s, getuserattr, [LIBS="$LIBS -ls"; AC_DEFINE(HAVE_GETUSERATTR)])]
-)
-
AC_CHECK_FUNC(daemon,
[AC_DEFINE(HAVE_DAEMON)],
[AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
# Patch up SSL libraries for GSI authentication as needed
if test "x$globus_flavor_type" != "xno" ; then
+ #
# For Globus 2, always link with the static libraries
- LIBS="$LIBS ${gsi_path}/lib/libglobus_ssl_utils_${globus_flavor_type}.a ${gsi_path}/lib/libssl_${globus_flavor_type}.a ${gsi_path}/lib/libcrypto_${globus_flavor_type}.a"
+ #
+
+ libssl_utils="${gsi_path}/lib/libglobus_ssl_utils_${globus_flavor_type}.a"
+
+ #
+ # Trouble arrives at GT 2.1.3+ with the reorg of globus_ssl_utils. Compensating for
+ # the new library linking required here through file tests to see which libraries to
+ # link against.
+ #
+
+ libgsi_proxy_core="${gsi_path}/lib/libglobus_gsi_proxy_core_${globus_flavor_type}.a"
+ libgsi_credential="${gsi_path}/lib/libglobus_gsi_credential_${globus_flavor_type}.a"
+ libgsi_callback="${gsi_path}/lib/libglobus_gsi_callback_${globus_flavor_type}.a"
+ liboldgaa="${gsi_path}/lib/libglobus_oldgaa_${globus_flavor_type}.a"
+ libgsi_sysconfig="${gsi_path}/lib/libglobus_gsi_sysconfig_${globus_flavor_type}.a"
+ libproxy_ssl="${gsi_path}/lib/libglobus_proxy_ssl_${globus_flavor_type}.a"
+ libgsi_cert_utils="${gsi_path}/lib/libglobus_gsi_cert_utils_${globus_flavor_type}.a"
+ libopenssl_error="${gsi_path}/lib/libglobus_openssl_error_${globus_flavor_type}.a"
+ libopenssl="${gsi_path}/lib/libglobus_openssl_${globus_flavor_type}.a"
+
+ if test -r ${libgsi_proxy_core} \
+ -a -r ${libgsi_credential} \
+ -a -r ${libgsi_callback} \
+ -a -r ${liboldgaa} \
+ -a -r ${libgsi_sysconfig} \
+ -a -r ${libproxy_ssl} \
+ -a -r ${libgsi_cert_utils} \
+ -a -r ${libopenssl_error} \
+ -a -r ${libopenssl} ; then
+ LIBS="$LIBS ${libgsi_proxy_core}"
+ LIBS="$LIBS ${libgsi_credential}"
+ LIBS="$LIBS ${libgsi_callback}"
+ LIBS="$LIBS ${liboldgaa}"
+ LIBS="$LIBS ${libgsi_sysconfig}"
+ LIBS="$LIBS ${libproxy_ssl}"
+ LIBS="$LIBS ${libgsi_cert_utils}"
+ LIBS="$LIBS ${libopenssl_error}"
+ LIBS="$LIBS ${libopenssl}"
+ elif test -r ${libssl_utils}; then
+ LIBS="$LIBS ${libssl_utils}"
+ else
+ AC_MSG_ERROR(All of the required Globus Toolkit libraries are not present/configured correctly)
+ fi
+
+ #
+ # Standard openssl libraries. They need to appear near the end of the link line.
+ #
+
+ LIBS="$LIBS ${gsi_path}/lib/libssl_${globus_flavor_type}.a"
+ LIBS="$LIBS ${gsi_path}/lib/libcrypto_${globus_flavor_type}.a"
+
+ #
+ # Another "GT 2.1.3+"ism.
+ #
+
+ libcommon_path="${gsi_path}/lib/libglobus_common_${globus_flavor_type}.a"
+ if test -r ${libcommon_path}; then
+ LIBS="$LIBS ${libcommon_path}"
+ fi
else
if test "x$gsi_path" != "xno" ; then
# Older GSI needs -lssl too
)
AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
-ssh_privsep_user=sshd
+SSH_PRIVSEP_USER=sshd
AC_ARG_WITH(privsep-user,
[ --with-privsep-user=user Specify non-privileged user for privilege separation],
[
if test -n "$withval"; then
- ssh_privsep_user=$withval
+ SSH_PRIVSEP_USER=$withval
fi
]
)
-AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$ssh_privsep_user")
+AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
+AC_SUBST(SSH_PRIVSEP_USER)
# We do this little dance with the search path to insure
# that programs that we select for use by installed programs
AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
fi
+dnl make sure we're using the real structure members and not defines
AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
ac_cv_have_accrights_in_msghdr, [
- AC_TRY_COMPILE(
+ AC_TRY_RUN(
[
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
+int main() {
+#ifdef msg_accrights
+exit(1);
+#endif
+struct msghdr m;
+m.msg_accrights = 0;
+exit(0);
+}
],
- [ struct msghdr m; m.msg_accrights = 0; ],
[ ac_cv_have_accrights_in_msghdr="yes" ],
[ ac_cv_have_accrights_in_msghdr="no" ]
)
AC_CACHE_CHECK([for msg_control field in struct msghdr],
ac_cv_have_control_in_msghdr, [
- AC_TRY_COMPILE(
+ AC_TRY_RUN(
[
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
+int main() {
+#ifdef msg_control
+exit(1);
+#endif
+struct msghdr m;
+m.msg_control = 0;
+exit(0);
+}
],
- [ struct msghdr m; m.msg_control = 0; ],
[ ac_cv_have_control_in_msghdr="yes" ],
[ ac_cv_have_control_in_msghdr="no" ]
)
fi
AC_CHECK_LIB(resolv, dn_expand, , )
+ # If we're using some other GSSAPI
+ if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
+ AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
+ fi
AC_CHECK_LIB(gssapi,gss_init_sec_context,
[ AC_DEFINE(GSSAPI)
K5LIBS="-lgssapi $K5LIBS" ],
$K5LIBS)
],
$K5LIBS)
-
+
AC_CHECK_HEADER(gssapi.h, ,
[ unset ac_cv_header_gssapi_h
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
]
)
+ AC_CHECK_LIB(gssapi, gss_krb5_copy_ccache, /bin/true,
+ [ K5LIBS="-lgssapi_krb5 $K5LIBS"
+ AC_CHECK_LIB(gssapi_krb5, gss_krb5_copy_ccache, /bin/true,
+ AC_MSG_WARN([Cannot find gss_krb5_copy_ccache -- build may fail]),
+ $K5LIBS)
+ ],
+ $K5LIBS)
+
oldCPP="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
AC_CHECK_HEADER(gssapi_krb5.h, ,
[ CPPFLAGS="$oldCPP" ])
+ if test -z "$GSSAPI"; then
+ GSSAPI="KRB5";
+ fi
+
KRB5=yes
fi
]
LIBS="$LIBS $KLIBS $K5LIBS"
# Looking for programs, paths and files
-AC_ARG_WITH(rsh,
- [ --with-rsh=PATH Specify path to remote shell program ],
- [
- if test "x$withval" != "$no" ; then
- rsh_path=$withval
- fi
- ],
- [
- AC_PATH_PROG(rsh_path, rsh)
- ]
-)
PRIVSEP_PATH=/var/empty
AC_ARG_WITH(privsep-path,
XAUTH_PATH=$xauth_path
AC_SUBST(XAUTH_PATH)
fi
-if test ! -z "$rsh_path" ; then
- AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path")
-fi
# Check for mail directory (last resort if we cannot get it from headers)
if test ! -z "$MAIL" ; then
]
)
-AC_MSG_CHECKING(whether to install ssh as suid root)
-AC_ARG_ENABLE(suid-ssh,
-[ --enable-suid-ssh Install ssh as suid root (default)
- --disable-suid-ssh Install ssh without suid bit],
-[ case "$enableval" in
- no)
- AC_MSG_RESULT(no)
- SSHMODE=0711
- ;;
- *) AC_MSG_RESULT(yes)
- SSHMODE=4711
- ;;
- esac ],
- AC_MSG_RESULT(yes)
- SSHMODE=4711
-)
-AC_SUBST(SSHMODE)
-
-
# Where to place sshd.pid
piddir=/var/run
# make sure the directory exists