AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(BROKEN_SAVED_UIDS)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
AC_MSG_RESULT(no)
AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
])
+ AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
+ AC_TRY_COMPILE(
+ [#include <stdio.h>
+ #include <skey.h>],
+ [(void)skeychallenge(NULL,"name","",0);],
+ [AC_MSG_RESULT(yes)
+ AC_DEFINE(SKEYCHALLENGE_4ARG)],
+ [AC_MSG_RESULT(no)]
+ )
fi
]
)
AC_MSG_CHECKING(for libwrap)
AC_TRY_LINK(
[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
#include <tcpd.h>
int deny_severity = 0, allow_severity = 0;
],
[#include <termios.h>]
)
+AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
+
AC_CHECK_FUNCS(setresuid, [
dnl Some platorms have setresuid that isn't implemented, test for this
AC_MSG_CHECKING(if setresuid seems to work)
)
fi
+# Check for missing getpeereid (or equiv) support
+NO_PEERCHECK=""
+if test "x$ac_cv_func_getpeereid" != "xyes" ; then
+ AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
+ AC_TRY_COMPILE(
+ [#include <sys/types.h>
+ #include <sys/socket.h>],
+ [int i = SO_PEERCRED;],
+ [AC_MSG_RESULT(yes)],
+ [AC_MSG_RESULT(no)
+ NO_PEERCHECK=1]
+ )
+fi
+
dnl see whether mkstemp() requires XXXXXX
if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
AC_MSG_CHECKING([for (overly) strict mkstemp])
)
fi
-check_for_hpux_broken_getaddrinfo=1
-
if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
AC_MSG_CHECKING(if getaddrinfo seems to work)
AC_TRY_RUN(
# Needed by our getrrsetbyname()
AC_SEARCH_LIBS(res_query, resolv)
AC_SEARCH_LIBS(dn_expand, resolv)
+ AC_MSG_CHECKING(if res_query will link)
+ AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
+ [AC_MSG_RESULT(no)
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS -lresolv"
+ AC_MSG_CHECKING(for res_query in -lresolv)
+ AC_LINK_IFELSE([
+#include <resolv.h>
+int main()
+{
+ res_query (0, 0, 0, 0, 0);
+ return 0;
+}
+ ],
+ [LIBS="$LIBS -lresolv"
+ AC_MSG_RESULT(yes)],
+ [LIBS="$saved_LIBS"
+ AC_MSG_RESULT(no)])
+ ])
AC_CHECK_FUNCS(_getshort _getlong)
AC_CHECK_MEMBER(HEADER.ad,
[AC_DEFINE(HAVE_HEADER_AD)],,
[ char *tmp = heimdal_version; ],
[ AC_MSG_RESULT(yes)
AC_DEFINE(HEIMDAL)
- K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
+ K5LIBS="-lkrb5 -ldes"
+ K5LIBS="$K5LIBS -lcom_err -lasn1"
+ AC_CHECK_LIB(roken, net_write,
+ [K5LIBS="$K5LIBS -lroken"])
],
[ AC_MSG_RESULT(no)
K5LIBS="-lkrb5 -lk5crypto -lcom_err"
LIBS="$LIBS $K5LIBS"
AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
+ AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
]
)
echo ""
fi
+if test ! -z "$NO_PEERCHECK" ; then
+ echo "WARNING: the operating system that you are using does not "
+ echo "appear to support either the getpeereid() API nor the "
+ echo "SO_PEERCRED getsockopt() option. These facilities are used to "
+ echo "enforce security checks to prevent unauthorised connections to "
+ echo "ssh-agent. Their absence increases the risk that a malicious "
+ echo "user can connect to your agent. "
+ echo ""
+fi
+