AC_PATH_PROG(TEST_MINUS_S_SH, bash)
AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
AC_PATH_PROG(TEST_MINUS_S_SH, sh)
+AC_PATH_PROG(SH, sh)
# System features
AC_SYS_LARGEFILE
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
if (test "$LD" != "gcc" && test -z "$blibpath"); then
- blibpath="/usr/lib:/lib:/usr/local/lib"
+ AC_MSG_CHECKING([if linkage editor ($LD) accepts -blibpath])
+ saved_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -blibpath:/usr/lib:/lib:/usr/local/lib"
+ AC_TRY_LINK([],
+ [],
+ [
+ AC_MSG_RESULT(yes)
+ blibpath="/usr/lib:/lib:/usr/local/lib"
+ ],
+ [ AC_MSG_RESULT(no) ]
+ )
+ LDFLAGS="$saved_LDFLAGS"
fi
AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)])
AC_DEFINE(BROKEN_GETADDRINFO)
+ AC_DEFINE(BROKEN_REALPATH)
dnl AIX handles lastlog as part of its login message
AC_DEFINE(DISABLE_LASTLOG)
;;
*-*-darwin*)
AC_DEFINE(BROKEN_GETADDRINFO)
;;
+*-*-hpux10.26)
+ if test -z "$GCC"; then
+ CFLAGS="$CFLAGS -Ae"
+ fi
+ CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
+ IPADDR_IN_DISPLAY=yes
+ AC_DEFINE(HAVE_SECUREWARE)
+ AC_DEFINE(USE_PIPES)
+ AC_DEFINE(LOGIN_NO_ENDOPT)
+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
+ AC_DEFINE(DISABLE_SHADOW)
+ AC_DEFINE(DISABLE_UTMP)
+ AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+ LIBS="$LIBS -lxnet -lsec -lsecpw"
+ disable_ptmx_check=yes
+ ;;
*-*-hpux10*)
if test -z "$GCC"; then
CFLAGS="$CFLAGS -Ae"
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
IPADDR_IN_DISPLAY=yes
AC_DEFINE(USE_PIPES)
+ AC_DEFINE(LOGIN_NO_ENDOPT)
+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
IPADDR_IN_DISPLAY=yes
AC_DEFINE(PAM_SUN_CODEBASE)
AC_DEFINE(USE_PIPES)
+ AC_DEFINE(LOGIN_NO_ENDOPT)
+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
LDFLAGS="$LDFLAGS"
PATH="$PATH:/usr/etc"
AC_DEFINE(BROKEN_INET_NTOA)
+ AC_DEFINE(WITH_ABBREV_NO_TTY)
;;
*-*-irix6*)
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
AC_DEFINE(WITH_IRIX_AUDIT)
AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
AC_DEFINE(BROKEN_INET_NTOA)
+ AC_DEFINE(WITH_ABBREV_NO_TTY)
;;
*-*-linux*)
no_dev_ptmx=1
no_dev_ptmx=1
AC_DEFINE(BROKEN_SYS_TERMIO_H)
AC_DEFINE(USE_PIPES)
- AC_DEFINE(HAVE_SCO_PROTECTED_PW)
+ AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(BROKEN_SAVED_UIDS)
AC_CHECK_FUNCS(getluid setluid)
no_dev_ptmx=1
rsh_path="/usr/bin/rcmd"
AC_DEFINE(USE_PIPES)
- AC_DEFINE(HAVE_SCO_PROTECTED_PW)
+ AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(DISABLE_SHADOW)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
getaddrinfo getcwd getgrouplist getnameinfo getopt \
getrlimit getrusage getttyent glob inet_aton inet_ntoa \
inet_ntop innetgr login_getcapbool md5_crypt memmove \
- mkdtemp mmap openpty readpassphrase realpath \
- rresvport_af setdtablesize setegid setenv seteuid \
- setlogin setproctitle setresgid setreuid setrlimit \
+ mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
+ realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
+ setenv seteuid setlogin setproctitle setresgid setreuid setrlimit \
setsid setvbuf sigaction sigvec snprintf socketpair strerror \
- strlcat strlcpy strmode strsep sysconf tcgetpgrp utimes \
+ strlcat strlcpy strmode strsep sysconf tcgetpgrp truncate utimes \
vhangup vsnprintf waitpid __b64_ntop _getpty)
dnl IRIX and Solaris 2.5.1 have dirname() in libgen
)
fi
-# The big search for OpenSSL
+# Search for OpenSSL
+saved_CPPFLAGS="$CPPFLAGS"
+saved_LDFLAGS="$LDFLAGS"
AC_ARG_WITH(ssl-dir,
[ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
[
if test "x$withval" != "xno" ; then
- tryssldir=$withval
- fi
- ]
-)
-
-saved_LIBS="$LIBS"
-saved_LDFLAGS="$LDFLAGS"
-saved_CPPFLAGS="$CPPFLAGS"
-if test "x$prefix" != "xNONE" ; then
- tryssldir="$tryssldir $prefix"
-fi
-AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [
- for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
- CPPFLAGS="$saved_CPPFLAGS"
- LDFLAGS="$saved_LDFLAGS"
- LIBS="$saved_LIBS -lcrypto"
-
- # Skip directories if they don't exist
- if test ! -z "$ssldir" -a ! -d "$ssldir" ; then
- continue;
- fi
- if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
- # Try to use $ssldir/lib if it exists, otherwise
- # $ssldir
- if test -d "$ssldir/lib" ; then
- LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="-R$ssldir/lib $LDFLAGS"
+ if test -d "$withval/lib"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
fi
else
- LDFLAGS="-L$ssldir $saved_LDFLAGS"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="-R$ssldir $LDFLAGS"
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval} ${LDFLAGS}"
fi
fi
- # Try to use $ssldir/include if it exists, otherwise
- # $ssldir
- if test -d "$ssldir/include" ; then
- CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
+ if test -d "$withval/include"; then
+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
else
- CPPFLAGS="-I$ssldir $saved_CPPFLAGS"
+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
fi
fi
-
- # Basic test to check for compatible version and correct linking
- # *does not* test for RSA - that comes later.
- AC_TRY_RUN(
- [
-#include <string.h>
-#include <openssl/rand.h>
-int main(void)
-{
- char a[2048];
- memset(a, 0, sizeof(a));
- RAND_add(a, sizeof(a), sizeof(a));
- return(RAND_status() <= 0);
-}
- ],
- [
- found_crypto=1
- break;
- ], []
- )
-
- if test ! -z "$found_crypto" ; then
- break;
- fi
- done
-
- if test -z "$found_crypto" ; then
- AC_MSG_ERROR([Could not find working OpenSSL library, please install or check config.log])
- fi
- if test -z "$ssldir" ; then
- ssldir="(system)"
- fi
-
- ac_cv_openssldir=$ssldir
-])
-
-if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ; then
- AC_DEFINE(HAVE_OPENSSL)
- dnl Need to recover ssldir - test above runs in subshell
- ssldir=$ac_cv_openssldir
- if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
- # Try to use $ssldir/lib if it exists, otherwise
- # $ssldir
- if test -d "$ssldir/lib" ; then
- LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="-R$ssldir/lib $LDFLAGS"
- fi
- else
- LDFLAGS="-L$ssldir $saved_LDFLAGS"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="-R$ssldir $LDFLAGS"
- fi
- fi
- # Try to use $ssldir/include if it exists, otherwise
- # $ssldir
- if test -d "$ssldir/include" ; then
- CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
- else
- CPPFLAGS="-I$ssldir $saved_CPPFLAGS"
- fi
- fi
-fi
-LIBS="$saved_LIBS -lcrypto"
-
-# Now test RSA support
-saved_LIBS="$LIBS"
-AC_MSG_CHECKING([for RSA support])
-for WANTS_RSAREF in "" 1 ; do
- if test -z "$WANTS_RSAREF" ; then
- LIBS="$saved_LIBS"
- else
- LIBS="$saved_LIBS -lRSAglue -lrsaref"
- fi
- AC_TRY_RUN([
-#include <string.h>
-#include <openssl/rand.h>
-#include <openssl/rsa.h>
-#include <openssl/bn.h>
-#include <openssl/sha.h>
-int main(void)
-{
- int num; RSA *key; static unsigned char p_in[] = "blahblah";
- unsigned char c[256], p[256];
- memset(c, 0, sizeof(c)); RAND_add(c, sizeof(c), sizeof(c));
- if ((key=RSA_generate_key(512, 3, NULL, NULL))==NULL) return(1);
- num = RSA_public_encrypt(sizeof(p_in) - 1, p_in, c, key, RSA_PKCS1_PADDING);
- return(-1 == RSA_private_decrypt(num, c, p, key, RSA_PKCS1_PADDING));
-}
- ],
+ ]
+)
+LIBS="$LIBS -lcrypto"
+AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
[
- rsa_works=1
- break;
- ], [])
-done
-LIBS="$saved_LIBS"
-
-if test ! -z "$no_rsa" ; then
- AC_MSG_RESULT(disabled)
- RSA_MSG="disabled"
-else
- if test -z "$rsa_works" ; then
- AC_MSG_WARN([*** No RSA support found *** ])
- RSA_MSG="no"
- else
- if test -z "$WANTS_RSAREF" ; then
- AC_MSG_RESULT(yes)
- RSA_MSG="yes"
+ dnl Check default openssl install dir
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
else
- RSA_MSG="yes (using RSAref)"
- AC_MSG_RESULT(using RSAref)
- LIBS="$LIBS -lcrypto -lRSAglue -lrsaref"
+ LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
fi
- fi
-fi
+ CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
+ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
+ [
+ AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
+ ]
+ )
+ ]
+)
+
# Sanity check OpenSSL headers
AC_MSG_CHECKING([whether OpenSSL's headers match the library])
ssh_privsep_user=sshd
AC_ARG_WITH(privsep-user,
- [ --with-privsep-user Specify non-privileged user for privilege separation],
+ [ --with-privsep-user=user Specify non-privileged user for privilege separation],
[
if test -n "$withval"; then
ssh_privsep_user=$withval
AC_CHECK_SIZEOF(long int, 4)
AC_CHECK_SIZEOF(long long int, 8)
+# Sanity check long long for some platforms (AIX)
+if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
+ ac_cv_sizeof_long_long_int=0
+fi
+
# More checks for data types
AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
AC_TRY_COMPILE(
# Check whether user wants OpenSC support
AC_ARG_WITH(opensc,
- [ --with-opensc Enable smartcard support using OpenSC],
- [
- if test "x$withval" != "xno" ; then
- if test "x$withval" != "xyes" ; then
- CPPFLAGS="$CPPFLAGS -I${withval}"
- LDFLAGS="$LDFLAGS -L${withval}"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="$LDFLAGS -R${withval}"
- fi
- if test ! -z "$blibpath" ; then
- blibpath="$blibpath:${withval}"
- fi
- fi
- AC_CHECK_HEADERS(opensc/pkcs15.h)
- if test "$ac_cv_header_opensc_pkcs15_h" != yes; then
- AC_MSG_ERROR(Can't find opensc/pkcs15.h)
- fi
- AC_CHECK_LIB(opensc, sc_pkcs15_bind)
- if test "$ac_cv_lib_opensc_sc_pkcs15_bind" != yes; then
- AC_MSG_ERROR(Can't find libopensc)
- fi
- AC_DEFINE(SMARTCARD)
- AC_DEFINE(USE_OPENSC)
- SCARD_MSG="yes, using OpenSC"
- fi
- ]
-)
+ AC_HELP_STRING([--with-opensc=PFX],
+ [Enable smartcard support using OpenSC]),
+ opensc_config_prefix="$withval", opensc_config_prefix="")
+if test x$opensc_config_prefix != x ; then
+ OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
+ AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
+ if test "$OPENSC_CONFIG" != "no"; then
+ LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
+ LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
+ CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
+ LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
+ AC_DEFINE(SMARTCARD)
+ AC_DEFINE(USE_OPENSC)
+ SCARD_MSG="yes, using OpenSC"
+ fi
+fi
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
]
)
+PRIVSEP_PATH=/var/empty
+AC_ARG_WITH(privsep-path,
+ [ --with-privsep-path=xxx Path for privilege seperation chroot ],
+ [
+ if test "x$withval" != "$no" ; then
+ PRIVSEP_PATH=$withval
+ fi
+ ]
+)
+AC_SUBST(PRIVSEP_PATH)
+
AC_ARG_WITH(xauth,
[ --with-xauth=PATH Specify path to xauth program ],
[
fi
if test -z "$no_dev_ptmx" ; then
- AC_CHECK_FILE("/dev/ptmx",
- [
- AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
- have_dev_ptmx=1
- ]
- )
+ if test "x$disable_ptmx_check" != "xyes" ; then
+ AC_CHECK_FILE("/dev/ptmx",
+ [
+ AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
+ have_dev_ptmx=1
+ ]
+ )
+ fi
fi
AC_CHECK_FILE("/dev/ptc",
[
)
fi
+dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
+if test $ac_cv_func_login_getcapbool = "yes" -a \
+ $ac_cv_header_login_cap_h = "yes" ; then
+ USES_LOGIN_CONF=yes
+fi
# Whether to mess with the default path
SERVER_PATH_MSG="(default)"
AC_ARG_WITH(default-path,
[ --with-default-path=PATH Specify default \$PATH environment for server],
[
- if test "x$withval" != "xno" ; then
+ if test "$USES_LOGIN_CONF" = "yes" ; then
+ AC_MSG_WARN([
+--with-default-path=PATH has no effect on this system.
+Edit /etc/login.conf instead.])
+ elif test "x$withval" != "xno" ; then
user_path="$withval"
SERVER_PATH_MSG="$withval"
fi
],
- [
+ [ if test "$USES_LOGIN_CONF" = "yes" ; then
+ AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
+ else
AC_TRY_RUN(
[
/* find out what STDPATH is */
AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
fi
fi
+ fi ]
+)
+if test "$USES_LOGIN_CONF" != "yes" ; then
+ AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
+ AC_SUBST(user_path)
+fi
+
+# Set superuser path separately to user path
+MD5_MSG="no"
+AC_ARG_WITH(superuser-path,
+ [ --with-superuser-path= Specify different path for super-user],
+ [
+ if test "x$withval" != "xno" ; then
+ AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
+ superuser_path=$withval
+ fi
]
)
-AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
-AC_SUBST(user_path)
+
# Whether to force IPv4 by default (needed on broken glibc Linux)
IPV4_HACK_MSG="no"
E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
G=`eval echo ${piddir}` ; G=`eval echo ${G}`
-H=`eval echo ${user_path}` ; H=`eval echo ${H}`
+H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
+I=`eval echo ${user_path}` ; I=`eval echo ${I}`
+J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
echo ""
echo "OpenSSH has been configured with the following options:"
-echo " User binaries: $B"
-echo " System binaries: $C"
-echo " Configuration files: $D"
-echo " Askpass program: $E"
-echo " Manual pages: $F"
-echo " PID file: $G"
-echo " sshd default user PATH: $H"
-echo " Manpage format: $MANTYPE"
-echo " PAM support: ${PAM_MSG}"
-echo " KerberosIV support: $KRB4_MSG"
-echo " KerberosV support: $KRB5_MSG"
-echo " Smartcard support: $SCARD_MSG"
-echo " AFS support: $AFS_MSG"
-echo " S/KEY support: $SKEY_MSG"
-echo " TCP Wrappers support: $TCPW_MSG"
-echo " MD5 password support: $MD5_MSG"
-echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
-echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
-echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
-echo " BSD Auth support: $BSD_AUTH_MSG"
-echo " Random number source: $RAND_MSG"
+echo " User binaries: $B"
+echo " System binaries: $C"
+echo " Configuration files: $D"
+echo " Askpass program: $E"
+echo " Manual pages: $F"
+echo " PID file: $G"
+echo " Privilege separation chroot path: $H"
+if test "$USES_LOGIN_CONF" = "yes" ; then
+echo " At runtime, sshd will use the path defined in /etc/login.conf"
+else
+echo " sshd default user PATH: $I"
+fi
+if test ! -z "$superuser_path" ; then
+echo " sshd superuser user PATH: $J"
+fi
+echo " Manpage format: $MANTYPE"
+echo " PAM support: ${PAM_MSG}"
+echo " KerberosIV support: $KRB4_MSG"
+echo " KerberosV support: $KRB5_MSG"
+echo " Smartcard support: $SCARD_MSG"
+echo " AFS support: $AFS_MSG"
+echo " S/KEY support: $SKEY_MSG"
+echo " TCP Wrappers support: $TCPW_MSG"
+echo " MD5 password support: $MD5_MSG"
+echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
+echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+echo " BSD Auth support: $BSD_AUTH_MSG"
+echo " Random number source: $RAND_MSG"
if test ! -z "$USE_RAND_HELPER" ; then
- echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
+echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
fi
echo ""