From d905e828f61d087c598ac6805bafb25ea90c56b1 Mon Sep 17 00:00:00 2001 From: cphillip Date: Fri, 15 Mar 2002 19:42:43 +0000 Subject: [PATCH] o Add in changes since 1/25 version from my patches. --- openssh/configure.ac | 179 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 175 insertions(+), 4 deletions(-) diff --git a/openssh/configure.ac b/openssh/configure.ac index 8884125..c76df50 100644 --- a/openssh/configure.ac +++ b/openssh/configure.ac @@ -451,6 +451,100 @@ int main(void){struct dirent d;return(sizeof(d.d_name)<=sizeof(char));} ] ) +# Check whether the user wants GSI (Globus) support +gsi_path="no" +AC_ARG_WITH(gsi, + [ --with-gsi=PATH Enable GSI/Globus authentication support], + [ + gsi_path="$withval" + ] +) + +AC_ARG_WITH(globus, + [ --with-globus=PATH Enable GSI/Globus authentication support], + [ + gsi_path="$withval" + ] +) + +# Check whether the user has a Globus flavor type +globus_flavor_type="no" +AC_ARG_WITH(globus-flavor, + [ --with-globus-flavor=TYPE Describe Globus flavor type (ex: gcc32dbg, etc.)], + [ + globus_flavor_type="$withval" + ] +) + +if test "x$gsi_path" != "xno" ; then + # Globus GSSAPI configuration + AC_DEFINE(GSSAPI) + AC_DEFINE(GSI) + + # Find GLOBUS/GSI installation Directory + AC_MSG_CHECKING(for Globus/GSI installation directory) + + globus_install_dir=$gsi_path + + if test "x$globus_install_dir" = "xyes" ; then + AC_MSG_ERROR(Cannot find Globus/GSI installation directory -- a path must be specified!) + fi + AC_MSG_RESULT($globus_install_dir) + + # Find GLOBUS/GSI development directory + AC_MSG_CHECKING(for Globus/GSI development directory) + + # Looks like a flat directory structure from configure/make + # and not globus-install or gsi-install + globus_dev_dir=$globus_install_dir + AC_MSG_RESULT($globus_dev_dir) + + # Find GLOBUS/GSI flavor Directory + AC_MSG_CHECKING(for Globus flavor type) + + if test "x$globus_flavor_type" = "xno" ; then + GSI_LIBS="-lglobus_gss_assist -lglobus_gss -lglobus_gaa" + GSI_LDFLAGS="-L${globus_dev_dir}/lib" + GSI_CFLAGS="-I${globus_dev_dir}/include" + AC_MSG_RESULT(none) + elif test "x$globus_flavor_type" = "xyes" ; then + AC_MSG_ERROR(No Globus flavor type specified) + else + globus_incl_dir="${globus_dev_dir}/include/${globus_flavor_type}" + + if test ! -d "$globus_incl_dir" ; then + AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${globus_incl_dir}) + fi + + AC_MSG_RESULT($globus_flavor_type) + + globus_lib_dir="${globus_dev_dir}/lib" + + GSI_LIBS="-lglobus_gss_assist_${globus_flavor_type} -lglobus_gssapi_gsi_${globus_flavor_type}" + GSI_LDFLAGS="-L${globus_lib_dir}" + GSI_CFLAGS="-I${globus_incl_dir}" + fi + + LIBS="$LIBS $GSI_LIBS" + LDFLAGS="$LDFLAGS $GSI_LDFLAGS" + CFLAGS="$CFLAGS $GSI_CFLAGS" + + # + # some systems don't compile in the path to the shared lib with the + # rest of the objects. to compensate, we set $LD_LIBRARY_PATH + # accordingly. + # + + AC_MSG_CHECKING(whether to compensate linking with LD_LIBRARY_PATH) + AC_MSG_RESULT() + + if test "x${LD_LIBRARY_PATH}" != "x" ; then + LD_LIBRARY_PATH="$LD_LIBRARY_PATH:" + fi + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH${globus_lib_dir}" +# End Globus/GSI section +fi + # Check whether user wants S/Key support SKEY_MSG="no" AC_ARG_WITH(skey, @@ -691,6 +785,11 @@ AC_ARG_WITH(ssl-dir, saved_LIBS="$LIBS" saved_LDFLAGS="$LDFLAGS" saved_CPPFLAGS="$CPPFLAGS" +if test "x$globus_flavor_type" != "xno" ; then +LIBS="$saved_LIBS -lglobus_ssl_utils_${globus_flavor_type} -lssl_${globus_flavor_type} -lcrypto_${globus_flavor_type}" +LDFLAGS="$saved_LDFLAGS" +CPPFLAGS="$saved_CPPFLAGS" +else if test "x$prefix" != "xNONE" ; then tryssldir="$tryssldir $prefix" fi @@ -789,7 +888,12 @@ if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ; fi fi fi +if test "x$gsi_path" == "xno" ; then LIBS="$saved_LIBS -lcrypto" +else +LIBS="$saved_LIBS -lssl -lcrypto" +fi +fi # globus_flavor_type # Now test RSA support saved_LIBS="$LIBS" @@ -1640,7 +1744,68 @@ AC_ARG_WITH(smartcard, ] ) -# Check whether user wants Kerberos support +# Check whether user wants Kerberos 5 support +AC_ARG_WITH(kerberos5, + [ --with-kerberos5=PATH Enable Kerberos 5 support], + [ + if test "x$withval" != "xno" ; then + if test "x$withval" = "xyes" ; then + KRB5ROOT="/usr/local" + else + KRB5ROOT=${withval} + fi + CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" + LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" + AC_DEFINE(KRB5) + AC_MSG_CHECKING(whether we are using Heimdal) + AC_TRY_COMPILE([ #include ], + [ char *tmp = heimdal_version; ], + [ AC_MSG_RESULT(yes) + AC_DEFINE(HEIMDAL) + K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken" + ], + [ AC_MSG_RESULT(no) + K5LIBS="-lkrb5 -lk5crypto -lcom_err" + ] + ) + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" + fi + if test ! -z "$blibpath" ; then + blibpath="$blibpath:${KRB5ROOT}/lib" + fi + AC_CHECK_LIB(resolv, dn_expand, , ) + + AC_CHECK_LIB(gssapi,gss_init_sec_context, + [ AC_DEFINE(GSSAPI) + K5LIBS="-lgssapi $K5LIBS" ], + [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context, + [ AC_DEFINE(GSSAPI) + K5LIBS="-lgssapi_krb5 $K5LIBS" ], + AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]), + $K5LIBS) + ], + $K5LIBS) + + AC_CHECK_HEADER(gssapi.h, , + [ unset ac_cv_header_gssapi_h + CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" + AC_CHECK_HEADERS(gssapi.h, , + AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) + ) + ] + ) + + oldCPP="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" + AC_CHECK_HEADER(gssapi_krb5.h, , + [ CPPFLAGS="$oldCPP" ]) + + KRB5=yes + fi + ] +) +# Check whether user wants Kerberos 4 support KRB4_MSG="no" AC_ARG_WITH(kerberos4, [ --with-kerberos4=PATH Enable Kerberos 4 support], @@ -1720,7 +1885,7 @@ AC_ARG_WITH(afs, fi ] ) -LIBS="$LIBS $KLIBS" +LIBS="$LIBS $KLIBS $K5LIBS" # Looking for programs, paths and files AC_ARG_WITH(rsh, @@ -1993,10 +2158,16 @@ AC_ARG_ENABLE(suid-ssh, [ case "$enableval" in no) AC_MSG_RESULT(no) - SSHMODE=0711 + SSHMODE=0755 + # SSHMODE=0711 + # ^- this is the old mode setting. is there a good reason for this? as a regular + # user, i can't load libraries with 711 perms when i'm not the owner ;; *) AC_MSG_RESULT(yes) - SSHMODE=4711 + SSHMODE=4755 + # SSHMODE=4711 + # ^- this is the old mode setting. is there a good reason for this? as a regular + # user, i can't load libraries with 4711 perms when i'm not the owner ;; esac ], AC_MSG_RESULT(yes) -- 2.45.2