# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-AC_INIT
+AC_INIT(OpenSSH, Portable)
AC_CONFIG_SRCDIR([ssh.c])
AC_CONFIG_HEADER(config.h)
LD=$CC
fi
AC_SUBST(LD)
-
+
AC_C_INLINE
if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
AC_ARG_WITH(rpath,
[ --without-rpath Disable auto-added -R linker paths],
[
- if test "x$withval" = "xno" ; then
+ if test "x$withval" = "xno" ; then
need_dash_r=""
fi
if test "x$withval" = "xyes" ; then
LIBS="$LIBS -ls"
])
])
+ dnl Check for various auth function declarations in headers.
+ AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
+ passwdexpired, setauthdb], , , [#include <usersec.h>])
dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
- AC_CHECK_DECL(loginfailed,
+ AC_CHECK_DECLS(loginfailed,
[AC_MSG_CHECKING(if loginfailed takes 4 arguments)
AC_TRY_COMPILE(
[#include <usersec.h>],
[#include <usersec.h>]
)
AC_CHECK_FUNCS(setauthdb)
- AC_DEFINE(BROKEN_GETADDRINFO)
+ check_for_aix_broken_getaddrinfo=1
AC_DEFINE(BROKEN_REALPATH)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(NO_X11_UNIX_SOCKETS)
AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
AC_DEFINE(DISABLE_FD_PASSING)
- AC_DEFINE(SETGROUPS_NOOP)
;;
*-*-dgux*)
AC_DEFINE(IP_TOS_IS_BROKEN)
AC_DEFINE(DISABLE_UTMP)
AC_DEFINE(LOCKED_PASSWD_STRING, "*")
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+ AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
check_for_hpux_broken_getaddrinfo=1
+ check_for_conflicting_getspnam=1
LIBS="$LIBS -lsec"
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
;;
AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
+ AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
+ AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
inet6_default_4in6=yes
case `uname -r` in
1.*|2.0.*)
;;
*-*-netbsd*)
check_for_libcrypt_before=1
- if test "x$withval" != "xno" ; then
+ if test "x$withval" != "xno" ; then
need_dash_r=1
fi
;;
AC_DEFINE(BROKEN_SAVED_UIDS)
;;
*-*-solaris*)
- if test "x$withval" != "xno" ; then
+ if test "x$withval" != "xno" ; then
need_dash_r=1
fi
AC_DEFINE(PAM_SUN_CODEBASE)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(LOGIN_NEEDS_TERM)
AC_DEFINE(PAM_TTY_KLUDGE)
+ AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
AC_DEFINE(SSHD_ACQUIRES_CTTY)
*-sni-sysv*)
# /usr/ucblib MUST NOT be searched on ReliantUNIX
AC_CHECK_LIB(dl, dlsym, ,)
+ # -lresolv needs to be at then end of LIBS or DNS lookups break
+ AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
IPADDR_IN_DISPLAY=yes
AC_DEFINE(USE_PIPES)
AC_DEFINE(IP_TOS_IS_BROKEN)
# Attention: always take care to bind libsocket and libnsl before libc,
# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
;;
+# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
*-*-sysv4.2*)
AC_DEFINE(USE_PIPES)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
;;
+# UnixWare 7.x, OpenUNIX 8
*-*-sysv5*)
AC_DEFINE(USE_PIPES)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
;;
*-*-sysv*)
;;
+# SCO UNIX and OEM versions of SCO UNIX
*-*-sco3.2v4*)
- CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
- LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
- RANLIB=true
- no_dev_ptmx=1
- AC_DEFINE(BROKEN_SYS_TERMIO_H)
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(HAVE_SECUREWARE)
- AC_DEFINE(DISABLE_SHADOW)
- AC_DEFINE(BROKEN_SAVED_UIDS)
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE(WITH_ABBREV_NO_TTY)
- AC_CHECK_FUNCS(getluid setluid)
- MANTYPE=man
- do_sco3_extra_lib_check=yes
- TEST_SHELL=ksh
+ AC_MSG_ERROR("This Platform is no longer supported.")
;;
+# SCO OpenServer 5.x
*-*-sco3.2v5*)
if test -z "$GCC"; then
CFLAGS="$CFLAGS -belf"
AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_DEFINE(BROKEN_UPDWTMPX)
+ AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
TEST_SHELL=ksh
AC_ARG_WITH(cflags,
[ --with-cflags Specify additional flags to pass to compiler],
[
- if test "x$withval" != "xno" ; then
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
CFLAGS="$CFLAGS $withval"
fi
- ]
+ ]
)
AC_ARG_WITH(cppflags,
[ --with-cppflags Specify additional flags to pass to preprocessor] ,
[
- if test "x$withval" != "xno"; then
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
CPPFLAGS="$CPPFLAGS $withval"
fi
]
AC_ARG_WITH(ldflags,
[ --with-ldflags Specify additional flags to pass to linker],
[
- if test "x$withval" != "xno" ; then
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
LDFLAGS="$LDFLAGS $withval"
fi
- ]
+ ]
)
AC_ARG_WITH(libs,
[ --with-libs Specify additional libraries to link with],
[
- if test "x$withval" != "xno" ; then
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
LIBS="$LIBS $withval"
fi
- ]
+ ]
)
AC_MSG_CHECKING(compiler and flags for sanity)
-AC_TRY_RUN([
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([
#include <stdio.h>
int main(){exit(0);}
- ],
+ ])],
[ AC_MSG_RESULT(yes) ],
[
AC_MSG_RESULT(no)
AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
- ]
+ ],
+ [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
)
# Checks for header files.
-AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
- getopt.h glob.h ia.h lastlog.h limits.h login.h \
- login_cap.h maillock.h netdb.h netgroup.h \
+AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
+ floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
+ login_cap.h maillock.h ndir.h netdb.h netgroup.h \
netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
- strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
- sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \
- sys/select.h sys/stat.h sys/stream.h sys/stropts.h \
- sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \
- ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
+ strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
+ sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
+ sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
+ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
+ time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
+
+# sys/ptms.h requires sys/stream.h to be included first on Solaris
+AC_CHECK_HEADERS(sys/ptms.h, [], [], [
+#ifdef HAVE_SYS_STREAM_H
+# include <sys/stream.h>
+#endif
+])
# Checks for libraries.
AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
-dnl SCO OS3 needs this for libwrap
-if test "x$with_tcp_wrappers" != "xno" ; then
- if test "x$do_sco3_extra_lib_check" = "xyes" ; then
- AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
- fi
-fi
-
dnl IRIX and Solaris 2.5.1 have dirname() in libgen
AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
AC_CHECK_LIB(gen, dirname,[
dnl zlib is required
AC_ARG_WITH(zlib,
[ --with-zlib=PATH Use zlib in PATH],
- [
- if test "x$withval" = "xno" ; then
- AC_MSG_ERROR([*** zlib is required ***])
- fi
+ [ if test "x$withval" = "xno" ; then
+ AC_MSG_ERROR([*** zlib is required ***])
+ elif test "x$withval" != "xyes"; then
if test -d "$withval/lib"; then
if test -n "${need_dash_r}"; then
LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
else
CPPFLAGS="-I${withval} ${CPPFLAGS}"
fi
- ]
+ fi ]
)
AC_CHECK_LIB(z, deflate, ,
]
)
-AC_MSG_CHECKING(for zlib 1.1.4 or greater)
-AC_TRY_RUN([
+AC_MSG_CHECKING(for possibly buggy zlib)
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <stdio.h>
#include <zlib.h>
int main()
{
- int a, b, c, v;
- if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
+ int a=0, b=0, c=0, d=0, n, v;
+ n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
+ if (n != 3 && n != 4)
exit(1);
- v = a*1000000 + b*1000 + c;
- if (v >= 1001004)
+ v = a*1000000 + b*10000 + c*100 + d;
+ fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
+
+ /* 1.1.4 is OK */
+ if (a == 1 && b == 1 && c >= 4)
+ exit(0);
+
+ /* 1.2.1.2 and up are OK */
+ if (v >= 1020102)
exit(0);
+
exit(2);
}
- ],
- AC_MSG_RESULT(yes),
- [ AC_MSG_RESULT(no)
+ ]])],
+ AC_MSG_RESULT(no),
+ [ AC_MSG_RESULT(yes)
if test -z "$zlib_check_nonfatal" ; then
AC_MSG_ERROR([*** zlib too old - check config.log ***
Your reported zlib version has known security problems. It's possible your
vendor has fixed these problems without changing the version number. If you
are sure this is the case, you can disable the check by running
"./configure --without-zlib-version-check".
-If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
+If you are in doubt, upgrade zlib to version 1.2.1.2 or greater.
+See http://www.gzip.org/zlib/ for details.])
else
AC_MSG_WARN([zlib version may have security problems])
fi
- ]
+ ],
+ [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
)
dnl UnixWare 2.x
)
AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
-AC_TRY_RUN(
- [
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <sys/types.h>
#include <dirent.h>
int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
- ],
+ ]])],
[AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
+ ],
+ [
+ AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
+ AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
]
)
+AC_MSG_CHECKING([for /proc/pid/fd directory])
+if test -d "/proc/$$/fd" ; then
+ AC_DEFINE(HAVE_PROC_PID)
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
# Check whether user wants S/Key support
SKEY_MSG="no"
AC_ARG_WITH(skey,
- [ --with-skey[[=PATH]] Enable S/Key support
- (optionally in PATH)],
+ [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
[
if test "x$withval" != "xno" ; then
AC_DEFINE(SKEY)
LIBS="-lskey $LIBS"
SKEY_MSG="yes"
-
+
AC_MSG_CHECKING([for s/key support])
AC_TRY_RUN(
[
# Check whether user wants TCP wrappers support
TCPW_MSG="no"
AC_ARG_WITH(tcp-wrappers,
- [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
- (optionally in PATH)],
+ [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
[
if test "x$withval" != "xno" ; then
saved_LIBS="$LIBS"
saved_LDFLAGS="$LDFLAGS"
saved_CPPFLAGS="$CPPFLAGS"
- if test -n "${withval}" -a "${withval}" != "yes"; then
+ if test -n "${withval}" && \
+ test "x${withval}" != "xyes"; then
if test -d "${withval}/lib"; then
if test -n "${need_dash_r}"; then
LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
]
)
+# Check whether user wants libedit support
+LIBEDIT_MSG="no"
+AC_ARG_WITH(libedit,
+ [ --with-libedit[[=PATH]] Enable libedit support for sftp],
+ [ if test "x$withval" != "xno" ; then
+ if test "x$withval" != "xyes"; then
+ CPPFLAGS="$CPPFLAGS -I$withval/include"
+ LDFLAGS="$LDFLAGS -L$withval/lib"
+ fi
+ AC_CHECK_LIB(edit, el_init,
+ [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
+ LIBEDIT="-ledit -lcurses"
+ LIBEDIT_MSG="yes"
+ AC_SUBST(LIBEDIT)
+ ],
+ [ AC_MSG_ERROR(libedit not found) ],
+ [ -lcurses ]
+ )
+ fi ]
+)
+
+AUDIT_MODULE=none
+AC_ARG_WITH(audit,
+ [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
+ [
+ AC_MSG_CHECKING(for supported audit module)
+ case "$withval" in
+ bsm)
+ AC_MSG_RESULT(bsm)
+ AUDIT_MODULE=bsm
+ dnl Checks for headers, libs and functions
+ AC_CHECK_HEADERS(bsm/audit.h, [],
+ [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
+ AC_CHECK_LIB(bsm, getaudit, [],
+ [AC_MSG_ERROR(BSM enabled and required library not found)])
+ AC_CHECK_FUNCS(getaudit, [],
+ [AC_MSG_ERROR(BSM enabled and required function not found)])
+ # These are optional
+ AC_CHECK_FUNCS(getaudit_addr)
+ AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
+ ;;
+ debug)
+ AUDIT_MODULE=debug
+ AC_MSG_RESULT(debug)
+ AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
+ ;;
+ *)
+ AC_MSG_ERROR([Unknown audit module $withval])
+ ;;
+ esac ]
+)
+
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS(\
arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
- bindresvport_sa clock closefrom fchmod fchown freeaddrinfo futimes \
- getaddrinfo getcwd getgrouplist getnameinfo getopt \
- getpeereid _getpty getrlimit getttyent glob inet_aton \
+ bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
+ freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
+ getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
AC_CHECK_FUNCS(setresuid, [
dnl Some platorms have setresuid that isn't implemented, test for this
AC_MSG_CHECKING(if setresuid seems to work)
- AC_TRY_RUN([
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdlib.h>
#include <errno.h>
int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
- ],
+ ]])],
[AC_MSG_RESULT(yes)],
[AC_DEFINE(BROKEN_SETRESUID)
- AC_MSG_RESULT(not implemented)]
+ AC_MSG_RESULT(not implemented)],
+ [AC_MSG_WARN([cross compiling: not checking setresuid])]
)
])
AC_CHECK_FUNCS(setresgid, [
dnl Some platorms have setresgid that isn't implemented, test for this
AC_MSG_CHECKING(if setresgid seems to work)
- AC_TRY_RUN([
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdlib.h>
#include <errno.h>
int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
- ],
+ ]])],
[AC_MSG_RESULT(yes)],
[AC_DEFINE(BROKEN_SETRESGID)
- AC_MSG_RESULT(not implemented)]
+ AC_MSG_RESULT(not implemented)],
+ [AC_MSG_WARN([cross compiling: not checking setresuid])]
)
])
# Check for broken snprintf
if test "x$ac_cv_func_snprintf" = "xyes" ; then
AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
- AC_TRY_RUN(
- [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdio.h>
int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
- ],
+ ]])],
[AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
AC_DEFINE(BROKEN_SNPRINTF)
AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
- ]
+ ],
+ [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
)
fi
[#include <sys/types.h>
#include <sys/socket.h>],
[int i = SO_PEERCRED;],
- [AC_MSG_RESULT(yes)],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option])
+ ],
[AC_MSG_RESULT(no)
NO_PEERCHECK=1]
)
)
fi
-if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
+if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
+ test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
AC_MSG_CHECKING(if getaddrinfo seems to work)
AC_TRY_RUN(
[
)
fi
+if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
+ test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
+ AC_MSG_CHECKING(if getaddrinfo seems to work)
+ AC_TRY_RUN(
+ [
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <errno.h>
+#include <netinet/in.h>
+
+#define TEST_PORT "2222"
+
+int
+main(void)
+{
+ int err, sock;
+ struct addrinfo *gai_ai, *ai, hints;
+ char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE;
+
+ err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
+ if (err != 0) {
+ fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
+ exit(1);
+ }
+
+ for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
+ if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+ continue;
+
+ err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
+ sizeof(ntop), strport, sizeof(strport),
+ NI_NUMERICHOST|NI_NUMERICSERV);
+
+ if (ai->ai_family == AF_INET && err != 0) {
+ perror("getnameinfo");
+ exit(2);
+ }
+ }
+ exit(0);
+}
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
+[Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
+ ],
+ [
+ AC_MSG_RESULT(no)
+ AC_DEFINE(BROKEN_GETADDRINFO)
+ ]
+ )
+fi
+
+if test "x$check_for_conflicting_getspnam" = "x1"; then
+ AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
+ AC_COMPILE_IFELSE(
+ [
+#include <shadow.h>
+int main(void) {exit(0);}
+ ],
+ [
+ AC_MSG_RESULT(no)
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
+ [Conflicting defs for getspnam])
+ ]
+ )
+fi
+
AC_FUNC_GETPGRP
# Check for PAM libs
[ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
[
if test "x$withval" != "xno" ; then
+ case "$withval" in
+ # Relative paths
+ ./*|../*) withval="`pwd`/$withval"
+ esac
if test -d "$withval/lib"; then
if test -n "${need_dash_r}"; then
LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
# Determine OpenSSL header version
AC_MSG_CHECKING([OpenSSL header version])
-AC_TRY_RUN(
- [
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdio.h>
#include <string.h>
#include <openssl/opensslv.h>
exit(0);
}
- ],
+ ]])],
[
ssl_header_ver=`cat conftest.sslincver`
AC_MSG_RESULT($ssl_header_ver)
[
AC_MSG_RESULT(not found)
AC_MSG_ERROR(OpenSSL version header not found.)
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
]
)
# Determine OpenSSL library version
AC_MSG_CHECKING([OpenSSL library version])
-AC_TRY_RUN(
- [
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdio.h>
#include <string.h>
#include <openssl/opensslv.h>
exit(0);
}
- ],
+ ]])],
[
ssl_library_ver=`cat conftest.ssllibver`
AC_MSG_RESULT($ssl_library_ver)
[
AC_MSG_RESULT(not found)
AC_MSG_ERROR(OpenSSL library not found.)
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
]
)
# Sanity check OpenSSL headers
AC_MSG_CHECKING([whether OpenSSL's headers match the library])
-AC_TRY_RUN(
- [
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <string.h>
#include <openssl/opensslv.h>
int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
- ],
+ ]])],
[
AC_MSG_RESULT(yes)
],
AC_MSG_ERROR([Your OpenSSL headers do not match your library.
Check config.log for details.
Also see contrib/findssl.sh for help identifying header/library mismatches.])
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
]
)
# Check wheter OpenSSL seeds itself
AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
-AC_TRY_RUN(
- [
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <string.h>
#include <openssl/rand.h>
int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
- ],
+ ]])],
[
OPENSSL_SEEDS_ITSELF=yes
AC_MSG_RESULT(yes)
# Default to use of the rand helper if OpenSSL doesn't
# seed itself
USE_RAND_HELPER=yes
+ ],
+ [
+ AC_MSG_WARN([cross compiling: assuming yes])
+ # This is safe, since all recent OpenSSL versions will
+ # complain at runtime if not seeded correctly.
+ OPENSSL_SEEDS_ITSELF=yes
]
)
USE_RAND_HELPER=yes
fi
],
-)
+)
# Which randomness source do we use?
-if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
+if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
# OpenSSL only
AC_DEFINE(OPENSSL_PRNG_ONLY)
RAND_MSG="OpenSSL internal ONLY"
AC_ARG_WITH(entropy-timeout,
[ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
[
- if test "x$withval" != "xno" ; then
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
entropy_timeout=$withval
fi
- ]
+ ]
)
AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
AC_ARG_WITH(privsep-user,
[ --with-privsep-user=user Specify non-privileged user for privilege separation],
[
- if test -n "$withval"; then
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
SSH_PRIVSEP_USER=$withval
fi
- ]
+ ]
)
AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
AC_SUBST(SSH_PRIVSEP_USER)
AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
+AC_CHECK_TYPES(in_addr_t,,,
+[#include <sys/types.h>
+#include <netinet/in.h>])
+
AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
AC_TRY_COMPILE(
[
AC_CHECK_TYPES(struct timespec)
# We need int64_t or else certian parts of the compile will fail.
-if test "x$ac_cv_have_int64_t" = "xno" -a \
- "x$ac_cv_sizeof_long_int" != "x8" -a \
- "x$ac_cv_sizeof_long_long_int" = "x0" ; then
+if test "x$ac_cv_have_int64_t" = "xno" && \
+ test "x$ac_cv_sizeof_long_int" != "x8" && \
+ test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
echo "OpenSSH requires int64_t support. Contact your vendor or install"
echo "an alternative compiler (I.E., GCC) before continuing."
echo ""
exit 1;
else
dnl test snprintf (broken on SCO w/gcc)
- AC_TRY_RUN(
- [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdio.h>
#include <string.h>
#ifdef HAVE_SNPRINTF
#else
main() { exit(0); }
#endif
- ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
+ ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
+ AC_MSG_WARN([cross compiling: Assuming working snprintf()])
)
fi
dnl make sure we're using the real structure members and not defines
AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
ac_cv_have_accrights_in_msghdr, [
- AC_TRY_RUN(
+ AC_COMPILE_IFELSE(
[
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
int main() {
#ifdef msg_accrights
+#error "msg_accrights is a macro"
exit(1);
#endif
struct msghdr m;
AC_CACHE_CHECK([for msg_control field in struct msghdr],
ac_cv_have_control_in_msghdr, [
- AC_TRY_RUN(
+ AC_COMPILE_IFELSE(
[
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
int main() {
#ifdef msg_control
+#error "msg_control is a macro"
exit(1);
#endif
struct msghdr m;
)
# Check whether user wants OpenSC support
+OPENSC_CONFIG="no"
AC_ARG_WITH(opensc,
- AC_HELP_STRING([--with-opensc=PFX],
- [Enable smartcard support using OpenSC]),
- opensc_config_prefix="$withval", opensc_config_prefix="")
-if test x$opensc_config_prefix != x ; then
- OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
- AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
- if test "$OPENSC_CONFIG" != "no"; then
- LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
- LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
- CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
- LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
- AC_DEFINE(SMARTCARD)
- AC_DEFINE(USE_OPENSC)
- SCARD_MSG="yes, using OpenSC"
- fi
-fi
+ [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
+ [
+ if test "x$withval" != "xno" ; then
+ if test "x$withval" != "xyes" ; then
+ OPENSC_CONFIG=$withval/bin/opensc-config
+ else
+ AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
+ fi
+ if test "$OPENSC_CONFIG" != "no"; then
+ LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
+ LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
+ CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
+ LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
+ AC_DEFINE(SMARTCARD)
+ AC_DEFINE(USE_OPENSC)
+ SCARD_MSG="yes, using OpenSC"
+ fi
+ fi
+ ]
+)
# Check libraries needed by DNS fingerprint support
AC_SEARCH_LIBS(getrrsetbyname, resolv,
AC_DEFINE(HEIMDAL)
K5LIBS="-lkrb5 -ldes"
K5LIBS="$K5LIBS -lcom_err -lasn1"
- AC_CHECK_LIB(roken, net_write,
+ AC_CHECK_LIB(roken, net_write,
[K5LIBS="$K5LIBS -lroken"])
],
[ AC_MSG_RESULT(no)
$K5LIBS)
],
$K5LIBS)
-
+
AC_CHECK_HEADER(gssapi.h, ,
[ unset ac_cv_header_gssapi_h
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
AC_ARG_WITH(privsep-path,
[ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
[
- if test "x$withval" != "$no" ; then
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
PRIVSEP_PATH=$withval
fi
]
AC_ARG_WITH(xauth,
[ --with-xauth=PATH Specify path to xauth program ],
[
- if test "x$withval" != "xno" ; then
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
xauth_path=$withval
fi
],
AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
fi
+if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
+ AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
+ disable_ptmx_check=yes
+fi
if test -z "$no_dev_ptmx" ; then
if test "x$disable_ptmx_check" != "xyes" ; then
AC_CHECK_FILE("/dev/ptmx",
)
fi
fi
-AC_CHECK_FILE("/dev/ptc",
- [
- AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
- have_dev_ptc=1
- ]
-)
+
+if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
+ AC_CHECK_FILE("/dev/ptc",
+ [
+ AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
+ have_dev_ptc=1
+ ]
+ )
+else
+ AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
+fi
# Options from here on. Some of these are preset by platform above
AC_ARG_WITH(mantype,
AC_ARG_WITH(shadow,
[ --without-shadow Disable shadow password support],
[
- if test "x$withval" = "xno" ; then
+ if test "x$withval" = "xno" ; then
AC_DEFINE(DISABLE_SHADOW)
disable_shadow=yes
fi
AC_ARG_WITH(ipaddr-display,
[ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
[
- if test "x$withval" != "xno" ; then
+ if test "x$withval" != "xno" ; then
AC_DEFINE(IPADDR_IN_DISPLAY)
DISPLAY_HACK_MSG="yes"
fi
# check for /etc/default/login and use it if present.
AC_ARG_ENABLE(etc-default-login,
- [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
-[
-AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
+ [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
+ [ if test "x$enableval" = "xno"; then
+ AC_MSG_NOTICE([/etc/default/login handling disabled])
+ etc_default_login=no
+ else
+ etc_default_login=yes
+ fi ],
+ [ etc_default_login=yes ]
+)
-if test "x$external_path_file" = "x/etc/default/login"; then
- AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
+if test "x$etc_default_login" != "xno"; then
+ AC_CHECK_FILE("/etc/default/login",
+ [ external_path_file=/etc/default/login ])
+ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
+ then
+ AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
+ elif test "x$external_path_file" = "x/etc/default/login"; then
+ AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
+ fi
fi
-])
dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
-if test $ac_cv_func_login_getcapbool = "yes" -a \
- $ac_cv_header_login_cap_h = "yes" ; then
+if test $ac_cv_func_login_getcapbool = "yes" && \
+ test $ac_cv_header_login_cap_h = "yes" ; then
external_path_file=/etc/login.conf
fi
AC_MSG_WARN([
--with-default-path=PATH has no effect on this system.
Edit /etc/login.conf instead.])
- elif test "x$withval" != "xno" ; then
+ elif test "x$withval" != "xno" ; then
if test ! -z "$external_path_file" ; then
AC_MSG_WARN([
--with-default-path=PATH will only be used if PATH is not defined in
{
FILE *fd;
int rc;
-
+
fd = fopen(DATA,"w");
if(fd == NULL)
exit(1);
-
+
if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
exit(1);
AC_ARG_WITH(superuser-path,
[ --with-superuser-path= Specify different path for super-user],
[
- if test "x$withval" != "xno" ; then
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
superuser_path=$withval
fi
AC_ARG_WITH(bsd-auth,
[ --with-bsd-auth Enable BSD auth support],
[
- if test "x$withval" != "xno" ; then
+ if test "x$withval" != "xno" ; then
AC_DEFINE(BSD_AUTH)
BSD_AUTH_MSG=yes
fi
# Where to place sshd.pid
piddir=/var/run
# make sure the directory exists
-if test ! -d $piddir ; then
+if test ! -d $piddir ; then
piddir=`eval echo ${sysconfdir}`
case $piddir in
NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
AC_ARG_WITH(pid-dir,
[ --with-pid-dir=PATH Specify location of ssh.pid file],
[
- if test "x$withval" != "xno" ; then
+ if test -n "$withval" && test "x$withval" != "xno" && \
+ test "x${withval}" != "xyes"; then
piddir=$withval
- if test ! -d $piddir ; then
+ if test ! -d $piddir ; then
AC_MSG_WARN([** no $piddir directory on this system **])
fi
fi
AC_ARG_WITH(lastlog,
[ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
[
- if test "x$withval" = "xno" ; then
+ if test "x$withval" = "xno" ; then
AC_DEFINE(DISABLE_LASTLOG)
- else
+ elif test -n "$withval" && test "x${withval}" != "xyes"; then
conf_lastlog_location=$withval
fi
]
if test -n "$conf_lastlog_location"; then
AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
-fi
+fi
dnl utmp detection
AC_MSG_CHECKING([if your system defines UTMP_FILE])
fi
if test -n "$conf_utmp_location"; then
AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
-fi
+fi
dnl wtmp detection
AC_MSG_CHECKING([if your system defines WTMP_FILE])
fi
if test -n "$conf_wtmp_location"; then
AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
-fi
+fi
dnl utmpx detection - I don't know any system so perverse as to require
fi
else
AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
-fi
+fi
dnl wtmpx detection
AC_MSG_CHECKING([if your system defines WTMPX_FILE])
fi
else
AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
-fi
+fi
if test ! -z "$blibpath" ; then
fi
AC_EXEEXT
-AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
+AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
+ scard/Makefile ssh_prng_cmds survey.sh])
AC_OUTPUT
# Print summary of options
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
echo " MD5 password support: $MD5_MSG"
+echo " libedit support: $LIBEDIT_MSG"
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
echo " BSD Auth support: $BSD_AUTH_MSG"
echo ""
if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
- echo "SVR4 style packages are supported with \"make package\"\n"
+ echo "SVR4 style packages are supported with \"make package\""
+ echo ""
fi
if test "x$PAM_MSG" = "xyes" ; then
echo ""
fi
+if test "$AUDIT_MODULE" = "bsm" ; then
+ echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
+ echo "See the Solaris section in README.platform for details."
+fi