X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/5107d8f0aec2362143029410cc3c812409924b21..1325a69de3944e18b428a7343961a957cfe7c3dd:/openssh/configure.ac?ds=sidebyside diff --git a/openssh/configure.ac b/openssh/configure.ac index 92d90c8..afc39b4 100644 --- a/openssh/configure.ac +++ b/openssh/configure.ac @@ -19,6 +19,115 @@ AC_REVISION($Revision$) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) + +# Handle Globus configuration right away, because the Globus flavor +# determines our compiler options. + +# Check whether the user wants GSI (Globus) support +gsi_path="no" +AC_ARG_WITH(gsi, + [ --with-gsi Enable Globus GSI authentication support], + [ + gsi_path="$withval" + ] +) + +AC_ARG_WITH(globus, + [ --with-globus Enable Globus GSI authentication support], + [ + gsi_path="$withval" + ] +) + +AC_ARG_WITH(globus-static, + [ --with-globus-static Link statically with Globus GSI libraries], + [ + gsi_static="-static" + if test "x$gsi_path" = "xno" ; then + gsi_path="$withval" + fi + ] +) + +# Check whether the user has a Globus flavor type +globus_flavor_type="no" +AC_ARG_WITH(globus-flavor, + [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)], + [ + globus_flavor_type="$withval" + if test "x$gsi_path" = "xno" ; then + gsi_path="yes" + fi + ] +) + +if test "x$gsi_path" != "xno" ; then + # Globus GSSAPI configuration + AC_MSG_CHECKING(for Globus GSI) + AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.]) + + if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then + AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.]) + fi + if test -z "$GSSAPI"; then + AC_DEFINE(GSSAPI) + GSSAPI="GSI" + fi + + if test "x$gsi_path" = "xyes" ; then + if test -z "$GLOBUS_LOCATION" ; then + AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.) + else + gsi_path="$GLOBUS_LOCATION" + fi + fi + GLOBUS_LOCATION="$gsi_path" + export GLOBUS_LOCATION + if test ! -d "$GLOBUS_LOCATION" ; then + AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.) + fi + + if test "x$globus_flavor_type" = "xno" ; then + AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified) + fi + if test "x$globus_flavor_type" = "xyes" ; then + AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type) + fi + + GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}" + if test ! -d "$GLOBUS_INCLUDE" ; then + AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE}) + fi + + if test -x ${gsi_path}/bin/globus-makefile-header ; then + ${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh + elif test -x ${gsi_path}/sbin/globus-makefile-header ; then + ${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh + else + AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete) + fi + . ./gpt_build_tmp.sh + if test -z "$GLOBUS_PKG_LIBS" ; then + AC_MSG_ERROR(globus-makefile-header failed) + fi + + AC_MSG_RESULT($GLOBUS_LOCATION) + AC_DEFINE(HAVE_GSSAPI_H) + + CC="$GLOBUS_CC" + CFLAGS="$GLOBUS_CFLAGS" + CPP="$GLOBUS_CPP" + CPPFLAGS="$GLOBUS_CPPFLAGS $GLOBUS_INCLUDES" + LIBS="$LIBS $GLOBUS_LIBS $GLOBUS_PKG_LIBS" + LD="$GLOBUS_LD" + LDFLAGS="$LDFLAGS $GLOBUS_LDFLAGS" + + INSTALL_GSISSH="yes" +else + INSTALL_GSISSH="" +fi +# End Globus/GSI section + AC_PROG_CC AC_CANONICAL_HOST AC_C_BIGENDIAN @@ -90,6 +199,13 @@ AC_C_INLINE AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include ]) +use_stack_protector=1 +AC_ARG_WITH(stackprotect, + [ --without-stackprotect Don't use compiler's stack protection], [ + if test "x$withval" = "xno"; then + use_stack_protector=0 + fi ]) + if test "$GCC" = "yes" || test "$GCC" = "egcs"; then CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized" GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` @@ -100,11 +216,61 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then no_attrib_nonnull=1 ;; 2.*) no_attrib_nonnull=1 ;; - 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;; - 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;; + 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;; + 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;; *) ;; esac + AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset) + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fno-builtin-memset" + AC_LINK_IFELSE( [AC_LANG_SOURCE([[ +#include +int main(void){char b[10]; memset(b, 0, sizeof(b));} + ]])], + [ AC_MSG_RESULT(yes) ], + [ AC_MSG_RESULT(no) + CFLAGS="$saved_CFLAGS" ] +) + + # -fstack-protector-all doesn't always work for some GCC versions + # and/or platforms, so we test if we can. If it's not supported + # on a given platform gcc will emit a warning so we use -Werror. + if test "x$use_stack_protector" = "x1"; then + for t in -fstack-protector-all -fstack-protector; do + AC_MSG_CHECKING(if $CC supports $t) + saved_CFLAGS="$CFLAGS" + saved_LDFLAGS="$LDFLAGS" + CFLAGS="$CFLAGS $t -Werror" + LDFLAGS="$LDFLAGS $t -Werror" + AC_LINK_IFELSE( + [AC_LANG_SOURCE([ +#include +int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;} + ])], + [ AC_MSG_RESULT(yes) + CFLAGS="$saved_CFLAGS $t" + LDFLAGS="$saved_LDFLAGS $t" + AC_MSG_CHECKING(if $t works) + AC_RUN_IFELSE( + [AC_LANG_SOURCE([ +#include +int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;} + ])], + [ AC_MSG_RESULT(yes) + break ], + [ AC_MSG_RESULT(no) ], + [ AC_MSG_WARN([cross compiling: cannot test]) + break ] + ) + ], + [ AC_MSG_RESULT(no) ] + ) + CFLAGS="$saved_CFLAGS" + LDFLAGS="$saved_LDFLAGS" + done + fi + if test -z "$have_llong_max"; then # retry LLONG_MAX with -std=gnu99, needed on some Linuxes unset ac_cv_have_decl_LLONG_MAX @@ -222,7 +388,9 @@ AC_CHECK_HEADERS( \ sys/cdefs.h \ sys/dir.h \ sys/mman.h \ + sys/mount.h \ sys/ndir.h \ + sys/poll.h \ sys/prctl.h \ sys/pstat.h \ sys/select.h \ @@ -230,6 +398,7 @@ AC_CHECK_HEADERS( \ sys/stream.h \ sys/stropts.h \ sys/strtio.h \ + sys/statvfs.h \ sys/sysmacros.h \ sys/time.h \ sys/timers.h \ @@ -343,7 +512,7 @@ int main(void) { exit(0); } [], [#include ] ) - AC_CHECK_FUNCS(setauthdb) + AC_CHECK_FUNCS(getgrset setauthdb) AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]), [], @@ -397,6 +566,7 @@ int main(void) { exit(0); } AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) + AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect]) AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1, [Define if your resolver libs need this for getrrsetbyname]) AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) @@ -428,7 +598,14 @@ int main(void) { exit(0); } fi], [AC_MSG_RESULT(no)] ) - ;; + m4_pattern_allow(AU_IPv) + AC_CHECK_DECL(AU_IPv4, [], + AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records]) + [#include ] + AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1, + [Define if pututxline updates lastlog too]) + ) + ;; *-*-dragonfly*) SSHDLIBS="$SSHDLIBS -lcrypt" ;; @@ -511,11 +688,18 @@ int main(void) { exit(0); } AC_DEFINE(WITH_ABBREV_NO_TTY) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") ;; +*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) + check_for_libcrypt_later=1 + AC_DEFINE(PAM_TTY_KLUDGE) + AC_DEFINE(LOCKED_PASSWD_PREFIX, "!") + AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) + AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts]) + AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) + ;; *-*-linux*) no_dev_ptmx=1 check_for_libcrypt_later=1 check_for_openpty_ctty_bug=1 - AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks]) AC_DEFINE(PAM_TTY_KLUDGE, 1, [Work around problematic Linux PAM modules handling of PAM_TTY]) AC_DEFINE(LOCKED_PASSWD_PREFIX, "!", @@ -565,6 +749,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) AC_CHECK_HEADER([net/if_tap.h], , AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support])) + AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need]) ;; *-*-bsdi*) AC_DEFINE(SETEUID_BREAKS_SETUID) @@ -678,7 +863,6 @@ mips-sony-bsd|mips-sony-newsos4) ;; # UnixWare 7.x, OpenUNIX 8 *-*-sysv5*) - check_for_libcrypt_later=1 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars]) AC_DEFINE(USE_PIPES) AC_DEFINE(SETEUID_BREAKS_SETUID) @@ -691,8 +875,14 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet]) AC_DEFINE(BROKEN_UPDWTMPX) + AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot" + AC_CHECK_FUNCS(getluid setluid,,,-lprot) + AC_DEFINE(HAVE_SECUREWARE) + AC_DEFINE(DISABLE_SHADOW) + ],,) ;; *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") + check_for_libcrypt_later=1 ;; esac ;; @@ -791,6 +981,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) + AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv]) ;; *-*-nto-qnx*) @@ -801,6 +992,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems]) AC_DEFINE(DISABLE_LASTLOG) AC_DEFINE(SSHD_ACQUIRES_CTTY) + AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken]) enable_etc_default_login=no # has incompatible /etc/default/login case "$host" in *-*-nto-qnx6*) @@ -996,7 +1188,7 @@ dnl Checks for libutil functions AC_CHECK_HEADERS(libutil.h) AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1, [Define if your libraries define login()])]) -AC_CHECK_FUNCS(logout updwtmp logwtmp) +AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp) AC_FUNC_STRFTIME @@ -1058,148 +1250,6 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} ] ) -# Check whether the user wants GSSAPI mechglue support -AC_ARG_WITH(mechglue, - [ --with-mechglue=PATH Build with GSSAPI mechglue library], - [ - AC_MSG_CHECKING(for mechglue library) - - if test -e ${withval}/libgssapi.a ; then - mechglue_lib=${withval}/libgssapi.a - elif test -e ${withval}/lib/libgssapi.a ; then - mechglue_lib=${withval}/lib/libgssapi.a - else - AC_MSG_ERROR("Can't find libgssapi in ${withval}"); - fi - LIBS="$LIBS ${mechglue_lib}" - AC_MSG_RESULT(${mechglue_lib}) - - AC_CHECK_LIB(dl, dlopen, , ) - if test $ac_cv_lib_dl_dlopen = yes; then - LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic" - fi - - AC_DEFINE(GSSAPI) - AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.]) - GSSAPI="mechglue" - - ] -) - - -# Check whether the user wants GSI (Globus) support -gsi_path="no" -AC_ARG_WITH(gsi, - [ --with-gsi Enable Globus GSI authentication support], - [ - gsi_path="$withval" - ] -) - -AC_ARG_WITH(globus, - [ --with-globus Enable Globus GSI authentication support], - [ - gsi_path="$withval" - ] -) - -AC_ARG_WITH(globus-static, - [ --with-globus-static Link statically with Globus GSI libraries], - [ - gsi_static="-static" - if test "x$gsi_path" = "xno" ; then - gsi_path="$withval" - fi - ] -) - -# Check whether the user has a Globus flavor type -globus_flavor_type="no" -AC_ARG_WITH(globus-flavor, - [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)], - [ - globus_flavor_type="$withval" - if test "x$gsi_path" = "xno" ; then - gsi_path="yes" - fi - ] -) - -if test "x$gsi_path" != "xno" ; then - # Globus GSSAPI configuration - AC_MSG_CHECKING(for Globus GSI) - AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.]) - - if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then - AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.]) - fi - if test -z "$GSSAPI"; then - AC_DEFINE(GSSAPI) - GSSAPI="GSI" - fi - - if test "x$gsi_path" = "xyes" ; then - if test -z "$GLOBUS_LOCATION" ; then - AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.) - else - gsi_path="$GLOBUS_LOCATION" - fi - fi - GLOBUS_LOCATION="$gsi_path" - export GLOBUS_LOCATION - if test ! -d "$GLOBUS_LOCATION" ; then - AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.) - fi - - if test "x$globus_flavor_type" = "xno" ; then - AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified) - fi - if test "x$globus_flavor_type" = "xyes" ; then - AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type) - fi - - if test -x ${gsi_path}/bin/globus-makefile-header ; then - ${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh - elif test -x ${gsi_path}/sbin/globus-makefile-header ; then - ${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh - else - AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete) - fi - . ./gpt_build_tmp.sh - if test -n "${need_dash_r}"; then - GSI_LDFLAGS="-L${gsi_path}/lib -R${gsi_path}/lib" - else - GSI_LDFLAGS="-L${gsi_path}/lib" - fi - if test -z "$GLOBUS_PKG_LIBS" ; then - AC_MSG_ERROR(globus-makefile-header failed) - fi - - AC_DEFINE(HAVE_GSSAPI_H) - - LIBS="$LIBS $GLOBUS_LIBS $GLOBUS_PKG_LIBS" - LDFLAGS="$LDFLAGS $GSI_LDFLAGS" - CPPFLAGS="$CPPFLAGS $GLOBUS_INCLUDES" - - # test that we got the libraries OK - AC_TRY_LINK( - [], - [], - [ - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_ERROR(link with Globus libraries failed) - ] - ) - AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize) - INSTALL_GSISSH="yes" -else - INSTALL_GSISSH="" -fi -AC_SUBST(INSTALL_GSISSH) -# End Globus/GSI section - AC_MSG_CHECKING([for /proc/pid/fd directory]) if test -d "/proc/$$/fd" ; then AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd]) @@ -1372,7 +1422,7 @@ AC_ARG_WITH(audit, AC_CHECK_FUNCS(getaudit, [], [AC_MSG_ERROR(BSM enabled and required function not found)]) # These are optional - AC_CHECK_FUNCS(getaudit_addr) + AC_CHECK_FUNCS(getaudit_addr aug_get_machine) AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module]) ;; debug) @@ -1392,6 +1442,8 @@ AC_ARG_WITH(audit, dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS( \ arc4random \ + arc4random_buf \ + arc4random_uniform \ asprintf \ b64_ntop \ __b64_ntop \ @@ -1405,6 +1457,7 @@ AC_CHECK_FUNCS( \ fchmod \ fchown \ freeaddrinfo \ + fstatvfs \ futimes \ getaddrinfo \ getcwd \ @@ -1456,6 +1509,8 @@ AC_CHECK_FUNCS( \ sigvec \ snprintf \ socketpair \ + statfs \ + statvfs \ strdup \ strerror \ strlcat \ @@ -1588,6 +1643,8 @@ AC_CHECK_FUNCS(utmpname) dnl Checks for utmpx functions AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) AC_CHECK_FUNCS(setutxent utmpxname) +dnl Checks for lastlog functions +AC_CHECK_FUNCS(getlastlogxbyname) AC_CHECK_FUNC(daemon, [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])], @@ -1948,7 +2005,7 @@ AC_ARG_WITH(ssl-dir, fi ] ) -if test -z "$GSI_LDFLAGS" ; then +if test -z "$GLOBUS_LDFLAGS" ; then LIBS="-lcrypto $LIBS" fi AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1, @@ -2164,7 +2221,10 @@ AC_CHECK_FUNCS(SHA256_Update EVP_sha256) saved_LIBS="$LIBS" AC_CHECK_LIB(iaf, ia_openinfo, [ LIBS="$LIBS -liaf" - AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"]) + AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf" + AC_DEFINE(HAVE_LIBIAF, 1, + [Define if system has libiaf that supports set_id]) + ]) ]) LIBS="$saved_LIBS" @@ -2748,6 +2808,18 @@ fi TYPE_SOCKLEN_T AC_CHECK_TYPES(sig_atomic_t,,,[#include ]) +AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[ +#include +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_SYS_STATFS_H +#include +#endif +#ifdef HAVE_SYS_STATVFS_H +#include +#endif +]) AC_CHECK_TYPES(in_addr_t,,, [#include @@ -2896,6 +2968,15 @@ AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1, [define if you have struct in6_addr data type]) + +dnl Now check for sin6_scope_id + AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,, + [ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#include + ]) fi AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ @@ -3110,6 +3191,16 @@ if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then file descriptor passing]) fi +AC_MSG_CHECKING(if f_fsid has val members) +AC_TRY_COMPILE([ +#include +#include ], +[struct fsid_t t; t.val[0] = 0;], + [ AC_MSG_RESULT(yes) + AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ], + [ AC_MSG_RESULT(no) ] +) + AC_CACHE_CHECK([for msg_control field in struct msghdr], ac_cv_have_control_in_msghdr, [ AC_COMPILE_IFELSE( @@ -3361,7 +3452,7 @@ int main() { return 0; } SELINUX_MSG="no" LIBSELINUX="" AC_ARG_WITH(selinux, - [ --with-selinux Enable SELinux support], + [ --with-selinux Enable SELinux support], [ if test "x$withval" != "xno" ; then save_LIBS="$LIBS" AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.]) @@ -3376,6 +3467,55 @@ AC_ARG_WITH(selinux, fi ] ) +# Finish configuring Globus GSSAPI +if test "x$gsi_path" != "xno" ; then + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R${gsi_path}/lib" + fi + if test ! -z "$blibpath" ; then + blibpath="$blibpath:${gsi_path}/lib" + fi + # test that we got the libraries OK + AC_TRY_LINK( + [], + [], + [], + [ + AC_MSG_ERROR(link with Globus libraries failed) + ] + ) + AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize) +fi +AC_SUBST(INSTALL_GSISSH) + +# Check whether the user wants GSSAPI mechglue support +AC_ARG_WITH(mechglue, + [ --with-mechglue=PATH Build with GSSAPI mechglue library], + [ + AC_MSG_CHECKING(for mechglue library) + + if test -e ${withval}/libgssapi.a ; then + mechglue_lib=${withval}/libgssapi.a + elif test -e ${withval}/lib/libgssapi.a ; then + mechglue_lib=${withval}/lib/libgssapi.a + else + AC_MSG_ERROR("Can't find libgssapi in ${withval}"); + fi + LIBS="${mechglue_lib} $LIBS" + AC_MSG_RESULT(${mechglue_lib}) + + AC_CHECK_LIB(dl, dlopen, , ) + if test $ac_cv_lib_dl_dlopen = yes; then + LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic" + fi + + AC_DEFINE(GSSAPI) + AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.]) + GSSAPI="mechglue" + ] +) + + # Check whether user wants Kerberos 5 support KRB5_MSG="no" AC_ARG_WITH(kerberos5, @@ -3438,12 +3578,12 @@ AC_ARG_WITH(kerberos5, ) AC_SEARCH_LIBS(dn_expand, resolv) - AC_CHECK_LIB(gssapi,gss_init_sec_context, + AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context, [ AC_DEFINE(GSSAPI) - K5LIBS="-lgssapi $K5LIBS" ], - [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context, + K5LIBS="-lgssapi_krb5 $K5LIBS" ], + [ AC_CHECK_LIB(gssapi, gss_init_sec_context, [ AC_DEFINE(GSSAPI) - K5LIBS="-lgssapi_krb5 $K5LIBS" ], + K5LIBS="-lgssapi $K5LIBS" ], AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]), $K5LIBS) ], @@ -3567,7 +3707,10 @@ AC_ARG_WITH(xauth, ] ) +# strip causes problems with GSI libraries... +if test -z "$GLOBUS_LDFLAGS" ; then STRIP_OPT=-s +fi AC_ARG_ENABLE(strip, [ --disable-strip Disable calling strip(1) on install], [ @@ -3588,32 +3731,6 @@ else AC_SUBST(XAUTH_PATH) fi -AC_CHECK_DECL(_PATH_BSHELL, , - AC_DEFINE_UNQUOTED(_PATH_BSHELL, "/bin/sh", - [Define to your C shell if not defined in paths.h]), - [ #include ] -) - -AC_CHECK_DECL(_PATH_CSHELL, , - AC_DEFINE_UNQUOTED(_PATH_CSHELL, "/bin/csh", - [Define to your Bourne shell if not defined in paths.h]), - [ #include ] -) - -AC_CHECK_DECL(_PATH_SHELLS, , - AC_DEFINE_UNQUOTED(_PATH_SHELLS, "/etc/shells", - [Define to your shells file if not defined in paths.h]), - [ #include ] -) - -# if _PATH_MAILDIR is in paths.h then we won't go hunting for it. -AC_CHECK_DECL(_PATH_MAILDIR, - AC_DEFINE(PATH_MAILDIR_IN_PATHS_H, 1, - [Define if _PATH_MAILDIR is in paths.h]), - , - [ #include ] -) - # Check for mail directory (last resort if we cannot get it from headers) if test ! -z "$MAIL" ; then maildir=`dirname $MAIL` @@ -4218,6 +4335,13 @@ dnl Adding -Werror to CFLAGS early prevents configure tests from running. dnl Add now. CFLAGS="$CFLAGS $werror_flags" +if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \ + test "x$ac_cv_func_getaddrinfo" != "xyes" ; then + AC_SUBST(TEST_SSH_IPV6, no) +else + AC_SUBST(TEST_SSH_IPV6, yes) +fi + AC_EXEEXT AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ openbsd-compat/Makefile openbsd-compat/regress/Makefile \