# $Id$
+#
+# Copyright (c) 1999-2004 Damien Miller
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT
AC_CONFIG_SRCDIR([ssh.c])
fi
fi
+AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
+if test ! -z "$PATH_PASSWD_PROG" ; then
+ AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
+fi
+
if test -z "$LD" ; then
LD=$CC
fi
AC_DEFINE(USE_PIPES)
AC_DEFINE(LOGIN_NO_ENDOPT)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(DISABLE_UTMP)
AC_DEFINE(LOCKED_PASSWD_STRING, "*")
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
LIBS="$LIBS -lsec -lsecpw"
AC_DEFINE(USE_PIPES)
AC_DEFINE(LOGIN_NO_ENDOPT)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(DISABLE_UTMP)
AC_DEFINE(LOCKED_PASSWD_STRING, "*")
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
LIBS="$LIBS -lsec"
AC_DEFINE(DISABLE_UTMP)
AC_DEFINE(LOCKED_PASSWD_STRING, "*")
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+ check_for_hpux_broken_getaddrinfo=1
LIBS="$LIBS -lsec"
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
;;
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(BROKEN_UPDWTMPX)
AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
check_for_openpty_ctty_bug=1
AC_DEFINE(DONT_TRY_OTHER_AF)
AC_DEFINE(PAM_TTY_KLUDGE)
- AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!")
+ AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
inet6_default_4in6=yes
case `uname -r` in
AC_DEFINE(BROKEN_SAVED_UIDS)
;;
*-*-solaris*)
+ if test "x$withval" != "xno" ; then
+ need_dash_r=1
+ fi
AC_DEFINE(PAM_SUN_CODEBASE)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(LOGIN_NEEDS_TERM)
;;
*-*-sco3.2v4*)
CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
- LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
+ LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
RANLIB=true
no_dev_ptmx=1
AC_DEFINE(BROKEN_SYS_TERMIO_H)
MANTYPE=man
;;
*-*-unicosmk*)
+ AC_DEFINE(NO_SSH_LASTLOG)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_FD_PASSING)
LDFLAGS="$LDFLAGS"
MANTYPE=cat
;;
*-*-unicosmp*)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_FD_PASSING)
LDFLAGS="$LDFLAGS"
- LIBS="$LIBS -lgen -lacid"
+ LIBS="$LIBS -lgen -lacid -ldb"
MANTYPE=cat
;;
*-*-unicos*)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_FD_PASSING)
AC_DEFINE(NO_SSH_LASTLOG)
netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
- sys/cdefs.h sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
- sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
- sys/un.h time.h tmpdir.h ttyent.h usersec.h \
- util.h utime.h utmp.h utmpx.h vis.h)
+ sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \
+ sys/select.h sys/stat.h sys/stream.h sys/stropts.h \
+ sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \
+ ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
# Checks for libraries.
AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
]
)
AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
+
+AC_ARG_WITH(zlib-version-check,
+ [ --without-zlib-version-check Disable zlib version check],
+ [ if test "x$withval" = "xno" ; then
+ zlib_check_nonfatal=1
+ fi
+ ]
+)
+
AC_MSG_CHECKING(for zlib 1.1.4 or greater)
AC_TRY_RUN([
#include <zlib.h>
],
AC_MSG_RESULT(yes),
[ AC_MSG_RESULT(no)
- AC_MSG_ERROR([*** zlib too old - check config.log ***]) ]
+ if test -z "$zlib_check_nonfatal" ; then
+ AC_MSG_ERROR([*** zlib too old - check config.log ***
+Your reported zlib version has known security problems. It's possible your
+vendor has fixed these problems without changing the version number. If you
+are sure this is the case, you can disable the check by running
+"./configure --without-zlib-version-check".
+If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
+ else
+ AC_MSG_WARN([zlib version may have security problems])
+ fi
+ ]
)
-
dnl UnixWare 2.x
AC_CHECK_FUNC(strcasecmp,
getpeereid _getpty getrlimit getttyent glob inet_aton \
inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
- pstat readpassphrase realpath recvmsg rresvport_af sendmsg \
+ pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
setproctitle setregid setreuid setrlimit \
setsid setvbuf sigaction sigvec snprintf socketpair strerror \
strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
- truncate utimes vhangup vsnprintf waitpid \
+ truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
)
# IRIX has a const char return value for gai_strerror()
)
fi
+if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
+ AC_MSG_CHECKING(if getaddrinfo seems to work)
+ AC_TRY_RUN(
+ [
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <errno.h>
+#include <netinet/in.h>
+
+#define TEST_PORT "2222"
+
+int
+main(void)
+{
+ int err, sock;
+ struct addrinfo *gai_ai, *ai, hints;
+ char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE;
+
+ err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
+ if (err != 0) {
+ fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
+ exit(1);
+ }
+
+ for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
+ if (ai->ai_family != AF_INET6)
+ continue;
+
+ err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
+ sizeof(ntop), strport, sizeof(strport),
+ NI_NUMERICHOST|NI_NUMERICSERV);
+
+ if (err != 0) {
+ if (err == EAI_SYSTEM)
+ perror("getnameinfo EAI_SYSTEM");
+ else
+ fprintf(stderr, "getnameinfo failed: %s\n",
+ gai_strerror(err));
+ exit(2);
+ }
+
+ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+ if (sock < 0)
+ perror("socket");
+ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+ if (errno == EBADF)
+ exit(3);
+ }
+ }
+ exit(0);
+}
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ AC_DEFINE(BROKEN_GETADDRINFO)
+ ]
+ )
+fi
+
AC_FUNC_GETPGRP
# Check for PAM libs
)
fi
-# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
-# because the system crypt() is more featureful.
-if test "x$check_for_libcrypt_before" = "x1"; then
- AC_CHECK_LIB(crypt, crypt)
-fi
-
# Search for OpenSSL
saved_CPPFLAGS="$CPPFLAGS"
saved_LDFLAGS="$LDFLAGS"
fi
]
)
-LIBS="$LIBS -lcrypto"
+LIBS="-lcrypto $LIBS"
AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
[
dnl Check default openssl install dir
]
)
+# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
+# because the system crypt() is more featureful.
+if test "x$check_for_libcrypt_before" = "x1"; then
+ AC_CHECK_LIB(crypt, crypt)
+fi
+
# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
-# version in OpenSSL. Skip this for PAM
+# version in OpenSSL.
if test "x$check_for_libcrypt_later" = "x1"; then
AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
fi
AC_MSG_CHECKING(for gssapi support)
if $KRB5CONF | grep gssapi >/dev/null ; then
AC_MSG_RESULT(yes)
- K5CFLAGS="`$KRB5CONF --cflags gssapi`"
- dnl m4 quadragraphs: "sed 's/-l[^- ]*//g'"
- K5LDFLAGS="`$KRB5CONF --libs gssapi | sed 's/-l@<:@^- @:>@*//g'`"
- K5LIBS="`$KRB5CONF --libs gssapi | sed 's/-L@<:@^- @:>@*//g'`"
+ AC_DEFINE(GSSAPI)
+ k5confopts=gssapi
else
AC_MSG_RESULT(no)
- K5CFLAGS="`$KRB5CONF --cflags`"
- K5LDFLAGS="`$KRB5CONF --libs | sed 's/-l@<:@^- @:>@*//g'`"
- K5LIBS="`$KRB5CONF --libs | sed 's/-L@<:@^- @:>@*//g'`"
+ k5confopts=""
fi
+ K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
+ K5LIBS="`$KRB5CONF --libs $k5confopts`"
CPPFLAGS="$CPPFLAGS $K5CFLAGS"
- LDFLAGS="$LDFLAGS $K5LDFLAGS"
AC_MSG_CHECKING(whether we are using Heimdal)
AC_TRY_COMPILE([ #include <krb5.h> ],
[ char *tmp = heimdal_version; ],
if test ! -z "$blibpath" ; then
blibpath="$blibpath:${KRB5ROOT}/lib"
fi
- fi ]
- AC_SEARCH_LIBS(k_hasafs, kafs,
- [ AC_DEFINE(USE_AFS)
- K5LIBS="-lkafs $K5LIBS"
- ]
- )
+ fi
+
+ AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
+ AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
+ AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
+
+ LIBS="$LIBS $K5LIBS"
+ AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
+ AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
+ ]
)
-LIBS="$LIBS $K5LIBS"
# Looking for programs, paths and files
andersk / openssh.git / blobdiff