# $Id$
+#
+# Copyright (c) 1999-2004 Damien Miller
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT
AC_CONFIG_SRCDIR([ssh.c])
AC_C_BIGENDIAN
# Checks for programs.
+AC_PROG_AWK
AC_PROG_CPP
AC_PROG_RANLIB
AC_PROG_INSTALL
fi
fi
+AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
+if test ! -z "$PATH_PASSWD_PROG" ; then
+ AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
+fi
+
if test -z "$LD" ; then
LD=$CC
fi
AC_SUBST(LD)
AC_C_INLINE
-if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
+if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
fi
+AC_ARG_WITH(rpath,
+ [ --without-rpath Disable auto-added -R linker paths],
+ [
+ if test "x$withval" = "xno" ; then
+ need_dash_r=""
+ fi
+ if test "x$withval" = "xyes" ; then
+ need_dash_r=1
+ fi
+ ]
+)
+
# Check for some target-specific stuff
case "$host" in
*-*-aix*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
- AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
+ AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
if (test -z "$blibpath"); then
- blibpath="/usr/lib:/lib:/usr/local/lib"
+ blibpath="/usr/lib:/lib"
fi
saved_LDFLAGS="$LDFLAGS"
for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
AC_CHECK_FUNCS(setauthdb)
AC_DEFINE(BROKEN_GETADDRINFO)
AC_DEFINE(BROKEN_REALPATH)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
dnl AIX handles lastlog as part of its login message
AC_DEFINE(DISABLE_LASTLOG)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
;;
*-*-dgux*)
AC_DEFINE(IP_TOS_IS_BROKEN)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
;;
*-*-darwin*)
AC_MSG_CHECKING(if we have working getaddrinfo)
[AC_MSG_RESULT(buggy)
AC_DEFINE(BROKEN_GETADDRINFO)],
[AC_MSG_RESULT(assume it is working)])
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
;;
*-*-hpux10.26)
if test -z "$GCC"; then
AC_DEFINE(USE_PIPES)
AC_DEFINE(LOGIN_NO_ENDOPT)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(DISABLE_SHADOW)
- AC_DEFINE(DISABLE_UTMP)
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*")
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
LIBS="$LIBS -lsec -lsecpw"
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
AC_DEFINE(USE_PIPES)
AC_DEFINE(LOGIN_NO_ENDOPT)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(DISABLE_SHADOW)
- AC_DEFINE(DISABLE_UTMP)
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*")
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
LIBS="$LIBS -lsec"
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
AC_DEFINE(USE_PIPES)
AC_DEFINE(LOGIN_NO_ENDOPT)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*")
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+ check_for_hpux_broken_getaddrinfo=1
LIBS="$LIBS -lsec"
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
;;
*-*-irix5*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS"
PATH="$PATH:/usr/etc"
AC_DEFINE(BROKEN_INET_NTOA)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(WITH_ABBREV_NO_TTY)
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
*-*-irix6*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS"
PATH="$PATH:/usr/etc"
AC_DEFINE(WITH_IRIX_ARRAY)
AC_DEFINE(WITH_IRIX_PROJECT)
AC_DEFINE(WITH_IRIX_AUDIT)
AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
AC_DEFINE(BROKEN_INET_NTOA)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(BROKEN_UPDWTMPX)
AC_DEFINE(WITH_ABBREV_NO_TTY)
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
*-*-linux*)
no_dev_ptmx=1
check_for_libcrypt_later=1
+ check_for_openpty_ctty_bug=1
AC_DEFINE(DONT_TRY_OTHER_AF)
AC_DEFINE(PAM_TTY_KLUDGE)
+ AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
inet6_default_4in6=yes
- # openpty can be in libutil, needed for controlling tty test
- AC_SEARCH_LIBS(openpty, util)
- # make sure that openpty does not reacquire controlling terminal
- AC_MSG_CHECKING(if openpty correctly handles controlling tty)
- AC_TRY_RUN(
- [
-#include <stdio.h>
-#include <sys/fcntl.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-
-int
-main()
-{
- pid_t pid;
- int fd, ptyfd, ttyfd, status;
-
- pid = fork();
- if (pid < 0) { /* failed */
- exit(1);
- } else if (pid > 0) { /* parent */
- waitpid(pid, &status, 0);
- if (WIFEXITED(status))
- exit(WEXITSTATUS(status));
- else
- exit(2);
- } else { /* child */
- close(0); close(1); close(2);
- setsid();
- openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
- fd = open("/dev/tty", O_RDWR | O_NOCTTY);
- if (fd >= 0)
- exit(3); /* Acquired ctty: broken */
- else
- exit(0); /* Did not acquire ctty: OK */
- }
-}
- ],
- [
- AC_MSG_RESULT(yes)
- ],
- [
- AC_MSG_RESULT(no)
- AC_DEFINE(SSHD_ACQUIRES_CTTY)
- ]
- )
case `uname -r` in
1.*|2.0.*)
AC_DEFINE(BROKEN_CMSG_TYPE)
;;
*-*-netbsd*)
check_for_libcrypt_before=1
- need_dash_r=1
+ if test "x$withval" != "xno" ; then
+ need_dash_r=1
+ fi
;;
*-*-freebsd*)
check_for_libcrypt_later=1
;;
+*-*-bsdi*)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ ;;
*-next-*)
conf_lastlog_location="/usr/adm/lastlog"
conf_utmp_location=/etc/utmp
AC_DEFINE(BROKEN_REALPATH)
AC_DEFINE(USE_PIPES)
AC_DEFINE(BROKEN_SAVED_UIDS)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- CFLAGS="$CFLAGS"
;;
*-*-solaris*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
- need_dash_r=1
+ if test "x$withval" != "xno" ; then
+ need_dash_r=1
+ fi
AC_DEFINE(PAM_SUN_CODEBASE)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(LOGIN_NEEDS_TERM)
AC_DEFINE(PAM_TTY_KLUDGE)
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ external_path_file=/etc/default/login
# hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog"
AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
AC_DEFINE(USE_PIPES)
;;
*-ncr-sysv*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lc89"
AC_DEFINE(USE_PIPES)
AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
;;
*-sni-sysv*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
# /usr/ucblib MUST NOT be searched on ReliantUNIX
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
+ AC_CHECK_LIB(dl, dlsym, ,)
IPADDR_IN_DISPLAY=yes
AC_DEFINE(USE_PIPES)
AC_DEFINE(IP_TOS_IS_BROKEN)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ external_path_file=/etc/default/login
# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
# Attention: always take care to bind libsocket and libnsl before libc,
# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
;;
*-*-sysv4.2*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
AC_DEFINE(USE_PIPES)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
;;
*-*-sysv5*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
AC_DEFINE(USE_PIPES)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
;;
*-*-sysv*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
;;
*-*-sco3.2v4*)
- CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
- LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
+ CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
+ LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
RANLIB=true
no_dev_ptmx=1
AC_DEFINE(BROKEN_SYS_TERMIO_H)
AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(BROKEN_SAVED_UIDS)
+ AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
do_sco3_extra_lib_check=yes
if test -z "$GCC"; then
CFLAGS="$CFLAGS -belf"
fi
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lprot -lx -ltinfo -lm"
no_dev_ptmx=1
AC_DEFINE(USE_PIPES)
AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_FD_PASSING)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
;;
*-*-unicosmk*)
+ AC_DEFINE(NO_SSH_LASTLOG)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_FD_PASSING)
LDFLAGS="$LDFLAGS"
LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
MANTYPE=cat
;;
+*-*-unicosmp*)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(WITH_ABBREV_NO_TTY)
+ AC_DEFINE(USE_PIPES)
+ AC_DEFINE(DISABLE_FD_PASSING)
+ LDFLAGS="$LDFLAGS"
+ LIBS="$LIBS -lgen -lacid -ldb"
+ MANTYPE=cat
+ ;;
*-*-unicos*)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_FD_PASSING)
AC_DEFINE(NO_SSH_LASTLOG)
LIBS="$LIBS -lsecurity -ldb -lm -laud"
else
AC_MSG_RESULT(no)
+ AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
fi
fi
- AC_DEFINE(DISABLE_FD_PASSING)
+ AC_DEFINE(BROKEN_GETADDRINFO)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
;;
*-*-nto-qnx)
# Checks for header files.
AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
- getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \
+ getopt.h glob.h ia.h lastlog.h limits.h login.h \
login_cap.h maillock.h netdb.h netgroup.h \
- netinet/in_systm.h paths.h pty.h readpassphrase.h \
+ netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
- sys/cdefs.h sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
- sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
- sys/un.h time.h tmpdir.h ttyent.h usersec.h \
- util.h utime.h utmp.h utmpx.h)
+ sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \
+ sys/select.h sys/stat.h sys/stream.h sys/stropts.h \
+ sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \
+ ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
# Checks for libraries.
AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
fi
fi
-AC_CHECK_FUNC(getspnam, ,
- AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
+dnl IRIX and Solaris 2.5.1 have dirname() in libgen
+AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
+ AC_CHECK_LIB(gen, dirname,[
+ AC_CACHE_CHECK([for broken dirname],
+ ac_cv_have_broken_dirname, [
+ save_LIBS="$LIBS"
+ LIBS="$LIBS -lgen"
+ AC_TRY_RUN(
+ [
+#include <libgen.h>
+#include <string.h>
-AC_ARG_WITH(rpath,
- [ --without-rpath Disable auto-added -R linker paths],
- [
- if test "x$withval" = "xno" ; then
- need_dash_r=""
- fi
- if test "x$withval" = "xyes" ; then
- need_dash_r=1
+int main(int argc, char **argv) {
+ char *s, buf[32];
+
+ strncpy(buf,"/etc", 32);
+ s = dirname(buf);
+ if (!s || strncmp(s, "/", 32) != 0) {
+ exit(1);
+ } else {
+ exit(0);
+ }
+}
+ ],
+ [ ac_cv_have_broken_dirname="no" ],
+ [ ac_cv_have_broken_dirname="yes" ]
+ )
+ LIBS="$save_LIBS"
+ ])
+ if test "x$ac_cv_have_broken_dirname" = "xno" ; then
+ LIBS="$LIBS -lgen"
+ AC_DEFINE(HAVE_DIRNAME)
+ AC_CHECK_HEADERS(libgen.h)
fi
- ]
-)
+ ])
+])
+
+AC_CHECK_FUNC(getspnam, ,
+ AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
+AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
dnl zlib is required
AC_ARG_WITH(zlib,
]
)
-AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]))
+AC_CHECK_LIB(z, deflate, ,
+ [
+ saved_CPPFLAGS="$CPPFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+ save_LIBS="$LIBS"
+ dnl Check default zlib install dir
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
+ else
+ LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
+ fi
+ CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
+ LIBS="$LIBS -lz"
+ AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
+ [
+ AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
+ ]
+ )
+ ]
+)
+AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
+
+AC_ARG_WITH(zlib-version-check,
+ [ --without-zlib-version-check Disable zlib version check],
+ [ if test "x$withval" = "xno" ; then
+ zlib_check_nonfatal=1
+ fi
+ ]
+)
+
+AC_MSG_CHECKING(for zlib 1.1.4 or greater)
+AC_TRY_RUN([
+#include <zlib.h>
+int main()
+{
+ int a, b, c, v;
+ if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
+ exit(1);
+ v = a*1000000 + b*1000 + c;
+ if (v >= 1001004)
+ exit(0);
+ exit(2);
+}
+ ],
+ AC_MSG_RESULT(yes),
+ [ AC_MSG_RESULT(no)
+ if test -z "$zlib_check_nonfatal" ; then
+ AC_MSG_ERROR([*** zlib too old - check config.log ***
+Your reported zlib version has known security problems. It's possible your
+vendor has fixed these problems without changing the version number. If you
+are sure this is the case, you can disable the check by running
+"./configure --without-zlib-version-check".
+If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
+ else
+ AC_MSG_WARN([zlib version may have security problems])
+ fi
+ ]
+)
dnl UnixWare 2.x
-AC_CHECK_FUNC(strcasecmp,
+AC_CHECK_FUNC(strcasecmp,
[], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
)
-AC_CHECK_FUNC(utimes,
+AC_CHECK_FUNC(utimes,
[], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
LIBS="$LIBS -lc89"]) ]
)
#ifdef GLOB_ALTDIRFUNC
FOUNDIT
#endif
- ],
+ ],
[
AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
AC_MSG_RESULT(yes)
# Check for g.gl_matchc glob() extension
AC_MSG_CHECKING(for gl_matchc field in glob_t)
AC_EGREP_CPP(FOUNDIT,
- [
- #include <glob.h>
+ [
+ #include <glob.h>
int main(void){glob_t g; g.gl_matchc = 1;}
- ],
- [
- AC_DEFINE(GLOB_HAS_GL_MATCHC)
- AC_MSG_RESULT(yes)
- ],
- [
- AC_MSG_RESULT(no)
- ]
+ ],
+ [
+ AC_DEFINE(GLOB_HAS_GL_MATCHC)
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ ]
)
AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
#include <dirent.h>
int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
],
- [AC_MSG_RESULT(yes)],
+ [AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
)
# Check whether user wants S/Key support
-SKEY_MSG="no"
+SKEY_MSG="no"
AC_ARG_WITH(skey,
[ --with-skey[[=PATH]] Enable S/Key support
- (optionally in PATH)],
+ (optionally in PATH)],
[
if test "x$withval" != "xno" ; then
AC_DEFINE(SKEY)
LIBS="-lskey $LIBS"
- SKEY_MSG="yes"
+ SKEY_MSG="yes"
AC_MSG_CHECKING([for s/key support])
AC_TRY_RUN(
TCPW_MSG="no"
AC_ARG_WITH(tcp-wrappers,
[ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
- (optionally in PATH)],
+ (optionally in PATH)],
[
if test "x$withval" != "xno" ; then
saved_LIBS="$LIBS"
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS(\
- arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename \
+ arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
- gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \
+ getaddrinfo getcwd getgrouplist getnameinfo getopt \
getpeereid _getpty getrlimit getttyent glob inet_aton \
inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
- pstat readpassphrase realpath recvmsg rresvport_af sendmsg \
+ pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
- setproctitle setregid setresgid setresuid setreuid setrlimit \
+ setproctitle setregid setreuid setrlimit \
setsid setvbuf sigaction sigvec snprintf socketpair strerror \
- strlcat strlcpy strmode strnvis sysconf tcgetpgrp tcsendbreak \
- truncate utimes vhangup vsnprintf waitpid \
+ strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
+ truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
)
+# IRIX has a const char return value for gai_strerror()
+AC_CHECK_FUNCS(gai_strerror,[
+ AC_DEFINE(HAVE_GAI_STRERROR)
+ AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+const char *gai_strerror(int);],[
+char *str;
+
+str = gai_strerror(0);],[
+ AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
+ [Define if gai_strerror() returns const char *])])])
+
AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
-AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
dnl Make sure prototypes are defined for these before using them.
AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
-dnl IRIX and Solaris 2.5.1 have dirname() in libgen
-AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
- AC_CHECK_LIB(gen, dirname,[
- AC_CACHE_CHECK([for broken dirname],
- ac_cv_have_broken_dirname, [
- save_LIBS="$LIBS"
- LIBS="$LIBS -lgen"
- AC_TRY_RUN(
- [
-#include <libgen.h>
-#include <string.h>
+dnl tcsendbreak might be a macro
+AC_CHECK_DECL(tcsendbreak,
+ [AC_DEFINE(HAVE_TCSENDBREAK)],
+ [AC_CHECK_FUNCS(tcsendbreak)],
+ [#include <termios.h>]
+)
-int main(int argc, char **argv) {
- char *s, buf[32];
+AC_CHECK_FUNCS(setresuid, [
+ dnl Some platorms have setresuid that isn't implemented, test for this
+ AC_MSG_CHECKING(if setresuid seems to work)
+ AC_TRY_RUN([
+#include <stdlib.h>
+#include <errno.h>
+int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
+ ],
+ [AC_MSG_RESULT(yes)],
+ [AC_DEFINE(BROKEN_SETRESUID)
+ AC_MSG_RESULT(not implemented)]
+ )
+])
- strncpy(buf,"/etc", 32);
- s = dirname(buf);
- if (!s || strncmp(s, "/", 32) != 0) {
- exit(1);
- } else {
- exit(0);
- }
-}
- ],
- [ ac_cv_have_broken_dirname="no" ],
- [ ac_cv_have_broken_dirname="yes" ]
- )
- LIBS="$save_LIBS"
- ])
- if test "x$ac_cv_have_broken_dirname" = "xno" ; then
- LIBS="$LIBS -lgen"
- AC_DEFINE(HAVE_DIRNAME)
- AC_CHECK_HEADERS(libgen.h)
- fi
- ])
+AC_CHECK_FUNCS(setresgid, [
+ dnl Some platorms have setresgid that isn't implemented, test for this
+ AC_MSG_CHECKING(if setresgid seems to work)
+ AC_TRY_RUN([
+#include <stdlib.h>
+#include <errno.h>
+int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
+ ],
+ [AC_MSG_RESULT(yes)],
+ [AC_DEFINE(BROKEN_SETRESGID)
+ AC_MSG_RESULT(not implemented)]
+ )
])
dnl Checks for time functions
AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
AC_CHECK_FUNCS(setutxent utmpxname)
-AC_CHECK_FUNC(daemon,
+AC_CHECK_FUNC(daemon,
[AC_DEFINE(HAVE_DAEMON)],
[AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
)
-AC_CHECK_FUNC(getpagesize,
+AC_CHECK_FUNC(getpagesize,
[AC_DEFINE(HAVE_GETPAGESIZE)],
[AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
)
#include <stdio.h>
int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
],
- [AC_MSG_RESULT(yes)],
+ [AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
AC_DEFINE(BROKEN_SNPRINTF)
[
AC_MSG_RESULT(no)
],
- [
+ [
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_STRICT_MKSTEMP)
],
[
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_STRICT_MKSTEMP)
- ]
+ ]
)
fi
+dnl make sure that openpty does not reacquire controlling terminal
+if test ! -z "$check_for_openpty_ctty_bug"; then
+ AC_MSG_CHECKING(if openpty correctly handles controlling tty)
+ AC_TRY_RUN(
+ [
+#include <stdio.h>
+#include <sys/fcntl.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+int
+main()
+{
+ pid_t pid;
+ int fd, ptyfd, ttyfd, status;
+
+ pid = fork();
+ if (pid < 0) { /* failed */
+ exit(1);
+ } else if (pid > 0) { /* parent */
+ waitpid(pid, &status, 0);
+ if (WIFEXITED(status))
+ exit(WEXITSTATUS(status));
+ else
+ exit(2);
+ } else { /* child */
+ close(0); close(1); close(2);
+ setsid();
+ openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
+ fd = open("/dev/tty", O_RDWR | O_NOCTTY);
+ if (fd >= 0)
+ exit(3); /* Acquired ctty: broken */
+ else
+ exit(0); /* Did not acquire ctty: OK */
+ }
+}
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ ]
+ )
+fi
+
+if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
+ AC_MSG_CHECKING(if getaddrinfo seems to work)
+ AC_TRY_RUN(
+ [
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <errno.h>
+#include <netinet/in.h>
+
+#define TEST_PORT "2222"
+
+int
+main(void)
+{
+ int err, sock;
+ struct addrinfo *gai_ai, *ai, hints;
+ char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE;
+
+ err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
+ if (err != 0) {
+ fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
+ exit(1);
+ }
+
+ for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
+ if (ai->ai_family != AF_INET6)
+ continue;
+
+ err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
+ sizeof(ntop), strport, sizeof(strport),
+ NI_NUMERICHOST|NI_NUMERICSERV);
+
+ if (err != 0) {
+ if (err == EAI_SYSTEM)
+ perror("getnameinfo EAI_SYSTEM");
+ else
+ fprintf(stderr, "getnameinfo failed: %s\n",
+ gai_strerror(err));
+ exit(2);
+ }
+
+ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+ if (sock < 0)
+ perror("socket");
+ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+ if (errno == EBADF)
+ exit(3);
+ }
+ }
+ exit(0);
+}
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ AC_DEFINE(BROKEN_GETADDRINFO)
+ ]
+ )
+fi
+
AC_FUNC_GETPGRP
# Check for PAM libs
[ --with-pam Enable PAM support ],
[
if test "x$withval" != "xno" ; then
- if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then
+ if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
+ test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
AC_MSG_ERROR([PAM headers not found])
fi
AC_CHECK_LIB(dl, dlopen, , )
AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
AC_CHECK_FUNCS(pam_getenvlist)
+ AC_CHECK_FUNCS(pam_putenv)
- disable_shadow=yes
PAM_MSG="yes"
AC_DEFINE(USE_PAM)
AC_TRY_COMPILE(
[
#include <stdlib.h>
+#if defined(HAVE_SECURITY_PAM_APPL_H)
#include <security/pam_appl.h>
- ],
- [(void)pam_strerror((pam_handle_t *)NULL, -1);],
+#elif defined (HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
+ ],
+ [(void)pam_strerror((pam_handle_t *)NULL, -1);],
[AC_MSG_RESULT(no)],
[
AC_DEFINE(HAVE_OLD_PAM)
)
fi
-# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
-# because the system crypt() is more featureful.
-if test "x$check_for_libcrypt_before" = "x1"; then
- AC_CHECK_LIB(crypt, crypt)
-fi
-
# Search for OpenSSL
saved_CPPFLAGS="$CPPFLAGS"
saved_LDFLAGS="$LDFLAGS"
fi
]
)
-LIBS="$LIBS -lcrypto"
+LIBS="-lcrypto $LIBS"
AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
[
dnl Check default openssl install dir
#include <openssl/opensslv.h>
#define DATA "conftest.sslincver"
int main(void) {
- FILE *fd;
- int rc;
+ FILE *fd;
+ int rc;
- fd = fopen(DATA,"w");
- if(fd == NULL)
- exit(1);
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
exit(1);
#include <openssl/crypto.h>
#define DATA "conftest.ssllibver"
int main(void) {
- FILE *fd;
- int rc;
+ FILE *fd;
+ int rc;
- fd = fopen(DATA,"w");
- if(fd == NULL)
- exit(1);
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
exit(1);
]
)
-# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
-# version in OpenSSL. Skip this for PAM
+# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
+# because the system crypt() is more featureful.
+if test "x$check_for_libcrypt_before" = "x1"; then
+ AC_CHECK_LIB(crypt, crypt)
+fi
+
+# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
+# version in OpenSSL.
if test "x$check_for_libcrypt_later" = "x1"; then
AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
fi
[ --with-rand-helper Use subprocess to gather strong randomness ],
[
if test "x$withval" = "xno" ; then
- # Force use of OpenSSL's internal RNG, even if
+ # Force use of OpenSSL's internal RNG, even if
# the previous test showed it to be unseeded.
if test -z "$OPENSSL_SEEDS_ITSELF" ; then
AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
test -d /usr/sbin && PATH=$PATH:/usr/sbin
PATH=$PATH:/etc:$OPATH
-# These programs are used by the command hashing source to gather entropy
+# These programs are used by the command hashing source to gather entropy
OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
# More checks for data types
AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
AC_TRY_COMPILE(
- [ #include <sys/types.h> ],
- [ u_int a; a = 1;],
+ [ #include <sys/types.h> ],
+ [ u_int a; a = 1;],
[ ac_cv_have_u_int="yes" ],
[ ac_cv_have_u_int="no" ]
)
AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
AC_TRY_COMPILE(
- [ #include <sys/types.h> ],
- [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
+ [ #include <sys/types.h> ],
+ [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
[ ac_cv_have_intxx_t="yes" ],
[ ac_cv_have_intxx_t="no" ]
)
fi
if (test -z "$have_intxx_t" && \
- test "x$ac_cv_header_stdint_h" = "xyes")
+ test "x$ac_cv_header_stdint_h" = "xyes")
then
AC_MSG_CHECKING([for intXX_t types in stdint.h])
AC_TRY_COMPILE(
- [ #include <stdint.h> ],
- [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
+ [ #include <stdint.h> ],
+ [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
[
AC_DEFINE(HAVE_INTXX_T)
AC_MSG_RESULT(yes)
#ifdef HAVE_SYS_BITYPES_H
# include <sys/bitypes.h>
#endif
- ],
- [ int64_t a; a = 1;],
+ ],
+ [ int64_t a; a = 1;],
[ ac_cv_have_int64_t="yes" ],
[ ac_cv_have_int64_t="no" ]
)
AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
AC_TRY_COMPILE(
- [ #include <sys/types.h> ],
- [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
+ [ #include <sys/types.h> ],
+ [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
[ ac_cv_have_u_intxx_t="yes" ],
[ ac_cv_have_u_intxx_t="no" ]
)
if test -z "$have_u_intxx_t" ; then
AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
AC_TRY_COMPILE(
- [ #include <sys/socket.h> ],
- [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
+ [ #include <sys/socket.h> ],
+ [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
[
AC_DEFINE(HAVE_U_INTXX_T)
AC_MSG_RESULT(yes)
AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
AC_TRY_COMPILE(
- [ #include <sys/types.h> ],
- [ u_int64_t a; a = 1;],
+ [ #include <sys/types.h> ],
+ [ u_int64_t a; a = 1;],
[ ac_cv_have_u_int64_t="yes" ],
[ ac_cv_have_u_int64_t="no" ]
)
if test -z "$have_u_int64_t" ; then
AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
AC_TRY_COMPILE(
- [ #include <sys/bitypes.h> ],
+ [ #include <sys/bitypes.h> ],
[ u_int64_t a; a = 1],
[
AC_DEFINE(HAVE_U_INT64_T)
AC_TRY_COMPILE(
[
#include <sys/types.h>
- ],
- [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
+ ],
+ [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
[ ac_cv_have_uintxx_t="yes" ],
[ ac_cv_have_uintxx_t="no" ]
)
if test -z "$have_uintxx_t" ; then
AC_MSG_CHECKING([for uintXX_t types in stdint.h])
AC_TRY_COMPILE(
- [ #include <stdint.h> ],
- [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
+ [ #include <stdint.h> ],
+ [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
[
AC_DEFINE(HAVE_UINTXX_T)
AC_MSG_RESULT(yes)
fi
if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
- test "x$ac_cv_header_sys_bitypes_h" = "xyes")
+ test "x$ac_cv_header_sys_bitypes_h" = "xyes")
then
AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
AC_TRY_COMPILE(
[
#include <sys/bitypes.h>
- ],
+ ],
[
int8_t a; int16_t b; int32_t c;
u_int8_t e; u_int16_t f; u_int32_t g;
a = b = c = e = f = g = 1;
- ],
+ ],
[
AC_DEFINE(HAVE_U_INTXX_T)
AC_DEFINE(HAVE_INTXX_T)
AC_MSG_RESULT(yes)
],
[AC_MSG_RESULT(no)]
- )
+ )
fi
AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
AC_TRY_COMPILE(
- [ #include <sys/time.h> ],
- [ struct timeval tv; tv.tv_sec = 1;],
+ [ #include <sys/time.h> ],
+ [ struct timeval tv; tv.tv_sec = 1;],
[ ac_cv_have_struct_timeval="yes" ],
[ ac_cv_have_struct_timeval="no" ]
)
strcpy(expected_out, "9223372036854775807");
snprintf(buf, mazsize, "%lld", num);
if(strcmp(buf, expected_out) != 0)
- exit(1);
+ exit(1);
exit(0);
}
#else
fi
AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
- AC_TRY_LINK([],
- [ extern char *__progname; printf("%s", __progname); ],
+ AC_TRY_LINK([],
+ [ extern char *__progname; printf("%s", __progname); ],
[ ac_cv_libc_defines___progname="yes" ],
[ ac_cv_libc_defines___progname="no" ]
)
AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
AC_TRY_LINK([
#include <stdio.h>
-],
- [ printf("%s", __FUNCTION__); ],
+],
+ [ printf("%s", __FUNCTION__); ],
[ ac_cv_cc_implements___FUNCTION__="yes" ],
[ ac_cv_cc_implements___FUNCTION__="no" ]
)
AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
AC_TRY_LINK([
#include <stdio.h>
-],
- [ printf("%s", __func__); ],
+],
+ [ printf("%s", __func__); ],
[ ac_cv_cc_implements___func__="yes" ],
[ ac_cv_cc_implements___func__="no" ]
)
fi
AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
- AC_TRY_LINK([],
- [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
+ AC_TRY_LINK([],
+ [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
[ ac_cv_libc_defines_sys_errlist="yes" ],
[ ac_cv_libc_defines_sys_errlist="no" ]
)
AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
- AC_TRY_LINK([],
- [ extern int sys_nerr; printf("%i", sys_nerr);],
+ AC_TRY_LINK([],
+ [ extern int sys_nerr; printf("%i", sys_nerr);],
[ ac_cv_libc_defines_sys_nerr="yes" ],
[ ac_cv_libc_defines_sys_nerr="no" ]
)
AC_DEFINE(HAVE_SYS_NERR)
fi
-SCARD_MSG="no"
+SCARD_MSG="no"
# Check whether user wants sectok support
AC_ARG_WITH(sectok,
[ --with-sectok Enable smartcard support using libsectok],
fi
AC_DEFINE(SMARTCARD)
AC_DEFINE(USE_SECTOK)
- SCARD_MSG="yes, using sectok"
+ SCARD_MSG="yes, using sectok"
fi
]
)
LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
AC_DEFINE(SMARTCARD)
AC_DEFINE(USE_OPENSC)
- SCARD_MSG="yes, using OpenSC"
+ SCARD_MSG="yes, using OpenSC"
fi
fi
-# Check whether user wants DNS support
-DNS_MSG="no"
-AC_ARG_WITH(dns,
- [ --with-dns Support for fetching keys from DNS (experimental)],
+# Check libraries needed by DNS fingerprint support
+AC_SEARCH_LIBS(getrrsetbyname, resolv,
+ [AC_DEFINE(HAVE_GETRRSETBYNAME)],
[
- if test "x$withval" != "xno" ; then
- DNS_MSG="yes"
- AC_DEFINE(DNS)
- AC_SEARCH_LIBS(getrrsetbyname, resolv,
- [AC_DEFINE(HAVE_GETRRSETBYNAME)],
- [
- # Needed by our getrrsetbyname()
- AC_SEARCH_LIBS(res_query, resolv)
- AC_SEARCH_LIBS(dn_expand, resolv)
- ])
- fi
- ]
-)
+ # Needed by our getrrsetbyname()
+ AC_SEARCH_LIBS(res_query, resolv)
+ AC_SEARCH_LIBS(dn_expand, resolv)
+ AC_CHECK_FUNCS(_getshort _getlong)
+ AC_CHECK_MEMBER(HEADER.ad,
+ [AC_DEFINE(HAVE_HEADER_AD)],,
+ [#include <arpa/nameser.h>])
+ ])
# Check whether user wants Kerberos 5 support
-KRB5_MSG="no"
+KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
- [ --with-kerberos5=PATH Enable Kerberos 5 support],
- [
- if test "x$withval" != "xno" ; then
- if test "x$withval" = "xyes" ; then
- KRB5ROOT="/usr/local"
- else
- KRB5ROOT=${withval}
- fi
+ [ --with-kerberos5=PATH Enable Kerberos 5 support],
+ [ if test "x$withval" != "xno" ; then
+ if test "x$withval" = "xyes" ; then
+ KRB5ROOT="/usr/local"
+ else
+ KRB5ROOT=${withval}
+ fi
+
+ AC_DEFINE(KRB5)
+ KRB5_MSG="yes"
+
+ AC_MSG_CHECKING(for krb5-config)
+ if test -x $KRB5ROOT/bin/krb5-config ; then
+ KRB5CONF=$KRB5ROOT/bin/krb5-config
+ AC_MSG_RESULT($KRB5CONF)
+
+ AC_MSG_CHECKING(for gssapi support)
+ if $KRB5CONF | grep gssapi >/dev/null ; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(GSSAPI)
+ k5confopts=gssapi
+ else
+ AC_MSG_RESULT(no)
+ k5confopts=""
+ fi
+ K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
+ K5LIBS="`$KRB5CONF --libs $k5confopts`"
+ CPPFLAGS="$CPPFLAGS $K5CFLAGS"
+ AC_MSG_CHECKING(whether we are using Heimdal)
+ AC_TRY_COMPILE([ #include <krb5.h> ],
+ [ char *tmp = heimdal_version; ],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(HEIMDAL) ],
+ AC_MSG_RESULT(no)
+ )
+ else
+ AC_MSG_RESULT(no)
CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
- LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
- AC_DEFINE(KRB5)
- KRB5_MSG="yes"
- AC_MSG_CHECKING(whether we are using Heimdal)
- AC_TRY_COMPILE([ #include <krb5.h> ],
- [ char *tmp = heimdal_version; ],
- [ AC_MSG_RESULT(yes)
- AC_DEFINE(HEIMDAL)
- K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
- ],
- [ AC_MSG_RESULT(no)
- K5LIBS="-lkrb5 -lk5crypto -lcom_err"
- ]
- )
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
- fi
- if test ! -z "$blibpath" ; then
- blibpath="$blibpath:${KRB5ROOT}/lib"
- fi
+ LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
+ AC_MSG_CHECKING(whether we are using Heimdal)
+ AC_TRY_COMPILE([ #include <krb5.h> ],
+ [ char *tmp = heimdal_version; ],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(HEIMDAL)
+ K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
+ ],
+ [ AC_MSG_RESULT(no)
+ K5LIBS="-lkrb5 -lk5crypto -lcom_err"
+ ]
+ )
AC_SEARCH_LIBS(dn_expand, resolv)
- KRB5=yes
- fi
- ]
+ AC_CHECK_LIB(gssapi,gss_init_sec_context,
+ [ AC_DEFINE(GSSAPI)
+ K5LIBS="-lgssapi $K5LIBS" ],
+ [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
+ [ AC_DEFINE(GSSAPI)
+ K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+ AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
+ $K5LIBS)
+ ],
+ $K5LIBS)
+
+ AC_CHECK_HEADER(gssapi.h, ,
+ [ unset ac_cv_header_gssapi_h
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+ AC_CHECK_HEADERS(gssapi.h, ,
+ AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
+ )
+ ]
+ )
+
+ oldCPP="$CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+ AC_CHECK_HEADER(gssapi_krb5.h, ,
+ [ CPPFLAGS="$oldCPP" ])
+
+ fi
+ if test ! -z "$need_dash_r" ; then
+ LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
+ fi
+ if test ! -z "$blibpath" ; then
+ blibpath="$blibpath:${KRB5ROOT}/lib"
+ fi
+ fi
+
+ AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
+ AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
+ AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
+
+ LIBS="$LIBS $K5LIBS"
+ AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
+ AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
+ ]
)
-LIBS="$LIBS $K5LIBS"
# Looking for programs, paths and files
if test -z "$no_dev_ptmx" ; then
if test "x$disable_ptmx_check" != "xyes" ; then
- AC_CHECK_FILE("/dev/ptmx",
+ AC_CHECK_FILE("/dev/ptmx",
[
AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
have_dev_ptmx=1
)
fi
fi
-AC_CHECK_FILE("/dev/ptc",
+AC_CHECK_FILE("/dev/ptc",
[
AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
have_dev_ptc=1
AC_SUBST(mansubdir)
# Check whether to enable MD5 passwords
-MD5_MSG="no"
+MD5_MSG="no"
AC_ARG_WITH(md5-passwords,
[ --with-md5-passwords Enable use of MD5 passwords],
[
if test "x$withval" != "xno" ; then
AC_DEFINE(HAVE_MD5_PASSWORDS)
- MD5_MSG="yes"
+ MD5_MSG="yes"
fi
]
)
DISPLAY_HACK_MSG="yes"
AC_DEFINE(IPADDR_IN_DISPLAY)
else
- DISPLAY_HACK_MSG="no"
+ DISPLAY_HACK_MSG="no"
AC_ARG_WITH(ipaddr-display,
[ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
[
if test "x$withval" != "xno" ; then
AC_DEFINE(IPADDR_IN_DISPLAY)
- DISPLAY_HACK_MSG="yes"
+ DISPLAY_HACK_MSG="yes"
fi
]
)
fi
+# check for /etc/default/login and use it if present.
+AC_ARG_ENABLE(etc-default-login,
+ [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
+[
+AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
+
+if test "x$external_path_file" = "x/etc/default/login"; then
+ AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
+fi
+])
+
dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
if test $ac_cv_func_login_getcapbool = "yes" -a \
$ac_cv_header_login_cap_h = "yes" ; then
- USES_LOGIN_CONF=yes
+ external_path_file=/etc/login.conf
fi
+
# Whether to mess with the default path
-SERVER_PATH_MSG="(default)"
+SERVER_PATH_MSG="(default)"
AC_ARG_WITH(default-path,
[ --with-default-path= Specify default \$PATH environment for server],
[
- if test "$USES_LOGIN_CONF" = "yes" ; then
+ if test "x$external_path_file" = "x/etc/login.conf" ; then
AC_MSG_WARN([
--with-default-path=PATH has no effect on this system.
Edit /etc/login.conf instead.])
elif test "x$withval" != "xno" ; then
+ if test ! -z "$external_path_file" ; then
+ AC_MSG_WARN([
+--with-default-path=PATH will only be used if PATH is not defined in
+$external_path_file .])
+ fi
user_path="$withval"
- SERVER_PATH_MSG="$withval"
+ SERVER_PATH_MSG="$withval"
fi
],
- [ if test "$USES_LOGIN_CONF" = "yes" ; then
- AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
+ [ if test "x$external_path_file" = "x/etc/login.conf" ; then
+ AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
else
- AC_TRY_RUN(
- [
+ if test ! -z "$external_path_file" ; then
+ AC_MSG_WARN([
+If PATH is defined in $external_path_file, ensure the path to scp is included,
+otherwise scp will not work.])
+ fi
+ AC_TRY_RUN(
+ [
/* find out what STDPATH is */
#include <stdio.h>
#ifdef HAVE_PATHS_H
fi
fi ]
)
-if test "$USES_LOGIN_CONF" != "yes" ; then
+if test "x$external_path_file" != "x/etc/login.conf" ; then
AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
AC_SUBST(user_path)
fi
AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
-IPV4_IN6_HACK_MSG="no"
+IPV4_IN6_HACK_MSG="no"
AC_ARG_WITH(4in6,
[ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
[
if test "x$withval" != "xno" ; then
AC_MSG_RESULT(yes)
AC_DEFINE(IPV4_IN_IPV6)
- IPV4_IN6_HACK_MSG="yes"
+ IPV4_IN6_HACK_MSG="yes"
else
AC_MSG_RESULT(no)
fi
if test "x$inet6_default_4in6" = "xyes"; then
AC_MSG_RESULT([yes (default)])
AC_DEFINE(IPV4_IN_IPV6)
- IPV4_IN6_HACK_MSG="yes"
+ IPV4_IN6_HACK_MSG="yes"
else
AC_MSG_RESULT([no (default)])
fi
if test ! -d $piddir ; then
piddir=`eval echo ${sysconfdir}`
case $piddir in
- NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
+ NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
esac
fi
[ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
[
if test "x$enableval" = "xno" ; then
- AC_DEFINE(DISABLE_PUTUTLINE)
+ AC_DEFINE(DISABLE_PUTUTLINE)
fi
]
)
echo " Manual pages: $F"
echo " PID file: $G"
echo " Privilege separation chroot path: $H"
-if test "$USES_LOGIN_CONF" = "yes" ; then
-echo " At runtime, sshd will use the path defined in /etc/login.conf"
+if test "x$external_path_file" = "x/etc/login.conf" ; then
+echo " At runtime, sshd will use the path defined in $external_path_file"
+echo " Make sure the path to scp is present, otherwise scp will not work"
else
echo " sshd default user PATH: $I"
+ if test ! -z "$external_path_file"; then
+echo " (If PATH is set in $external_path_file it will be used instead. If"
+echo " used, ensure the path to scp is present, otherwise scp will not work.)"
+ fi
fi
if test ! -z "$superuser_path" ; then
echo " sshd superuser user PATH: $J"
fi
echo " Manpage format: $MANTYPE"
-echo " DNS support: $DNS_MSG"
echo " PAM support: $PAM_MSG"
echo " KerberosV support: $KRB5_MSG"
echo " Smartcard support: $SCARD_MSG"
if test "x$PAM_MSG" = "xyes" ; then
echo "PAM is enabled. You may need to install a PAM control file "
echo "for sshd, otherwise password authentication may fail. "
- echo "Example PAM control files can be found in the contrib/ "
+ echo "Example PAM control files can be found in the contrib/ "
echo "subdirectory"
echo ""
fi