AC_PATH_PROG(TEST_MINUS_S_SH, bash)
AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
AC_PATH_PROG(TEST_MINUS_S_SH, sh)
+AC_PATH_PROG(SH, sh)
# System features
AC_SYS_LARGEFILE
realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
setenv seteuid setlogin setproctitle setresgid setreuid setrlimit \
setsid setvbuf sigaction sigvec snprintf socketpair strerror \
- strlcat strlcpy strmode strsep sysconf tcgetpgrp utimes \
+ strlcat strlcpy strmode strsep sysconf tcgetpgrp truncate utimes \
vhangup vsnprintf waitpid __b64_ntop _getpty)
dnl IRIX and Solaris 2.5.1 have dirname() in libgen
)
fi
-# The big search for OpenSSL
+# Search for OpenSSL
+saved_CPPFLAGS="$CPPFLAGS"
+saved_LDFLAGS="$LDFLAGS"
AC_ARG_WITH(ssl-dir,
[ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
[
if test "x$withval" != "xno" ; then
- tryssldir=$withval
- fi
- ]
-)
-
-saved_LIBS="$LIBS"
-saved_LDFLAGS="$LDFLAGS"
-saved_CPPFLAGS="$CPPFLAGS"
-if test "x$prefix" != "xNONE" ; then
- tryssldir="$tryssldir $prefix"
-fi
-AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [
- for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
- CPPFLAGS="$saved_CPPFLAGS"
- LDFLAGS="$saved_LDFLAGS"
- LIBS="$saved_LIBS -lcrypto"
-
- # Skip directories if they don't exist
- if test ! -z "$ssldir" -a ! -d "$ssldir" ; then
- continue;
- fi
- if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
- # Try to use $ssldir/lib if it exists, otherwise
- # $ssldir
- if test -d "$ssldir/lib" ; then
- LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="-R$ssldir/lib $LDFLAGS"
+ if test -d "$withval/lib"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
fi
else
- LDFLAGS="-L$ssldir $saved_LDFLAGS"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="-R$ssldir $LDFLAGS"
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval} ${LDFLAGS}"
fi
fi
- # Try to use $ssldir/include if it exists, otherwise
- # $ssldir
- if test -d "$ssldir/include" ; then
- CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
+ if test -d "$withval/include"; then
+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
else
- CPPFLAGS="-I$ssldir $saved_CPPFLAGS"
- fi
- fi
-
- # Basic test to check for compatible version and correct linking
- # *does not* test for RSA - that comes later.
- AC_TRY_RUN(
- [
-#include <string.h>
-#include <openssl/rand.h>
-int main(void)
-{
- char a[2048];
- memset(a, 0, sizeof(a));
- RAND_add(a, sizeof(a), sizeof(a));
- return(RAND_status() <= 0);
-}
- ],
- [
- found_crypto=1
- break;
- ], []
- )
-
- if test ! -z "$found_crypto" ; then
- break;
- fi
- done
-
- if test -z "$found_crypto" ; then
- AC_MSG_ERROR([Could not find working OpenSSL library, please install or check config.log])
- fi
- if test -z "$ssldir" ; then
- ssldir="(system)"
- fi
-
- ac_cv_openssldir=$ssldir
-])
-
-if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ; then
- AC_DEFINE(HAVE_OPENSSL)
- dnl Need to recover ssldir - test above runs in subshell
- ssldir=$ac_cv_openssldir
- if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
- # Try to use $ssldir/lib if it exists, otherwise
- # $ssldir
- if test -d "$ssldir/lib" ; then
- LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="-R$ssldir/lib $LDFLAGS"
+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
fi
- else
- LDFLAGS="-L$ssldir $saved_LDFLAGS"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="-R$ssldir $LDFLAGS"
- fi
- fi
- # Try to use $ssldir/include if it exists, otherwise
- # $ssldir
- if test -d "$ssldir/include" ; then
- CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
- else
- CPPFLAGS="-I$ssldir $saved_CPPFLAGS"
fi
- fi
-fi
-LIBS="$saved_LIBS -lcrypto"
-
-# Now test RSA support
-saved_LIBS="$LIBS"
-AC_MSG_CHECKING([for RSA support])
-for WANTS_RSAREF in "" 1 ; do
- if test -z "$WANTS_RSAREF" ; then
- LIBS="$saved_LIBS"
- else
- LIBS="$saved_LIBS -lRSAglue -lrsaref"
- fi
- AC_TRY_RUN([
-#include <string.h>
-#include <openssl/rand.h>
-#include <openssl/rsa.h>
-#include <openssl/bn.h>
-#include <openssl/sha.h>
-int main(void)
-{
- int num; RSA *key; static unsigned char p_in[] = "blahblah";
- unsigned char c[256], p[256];
- memset(c, 0, sizeof(c)); RAND_add(c, sizeof(c), sizeof(c));
- if ((key=RSA_generate_key(512, 3, NULL, NULL))==NULL) return(1);
- num = RSA_public_encrypt(sizeof(p_in) - 1, p_in, c, key, RSA_PKCS1_PADDING);
- return(-1 == RSA_private_decrypt(num, c, p, key, RSA_PKCS1_PADDING));
-}
- ],
+ ]
+)
+LIBS="$LIBS -lcrypto"
+AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
[
- rsa_works=1
- break;
- ], [])
-done
-LIBS="$saved_LIBS"
-
-if test ! -z "$no_rsa" ; then
- AC_MSG_RESULT(disabled)
- RSA_MSG="disabled"
-else
- if test -z "$rsa_works" ; then
- AC_MSG_WARN([*** No RSA support found *** ])
- RSA_MSG="no"
- else
- if test -z "$WANTS_RSAREF" ; then
- AC_MSG_RESULT(yes)
- RSA_MSG="yes"
+ dnl Check default openssl install dir
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
else
- RSA_MSG="yes (using RSAref)"
- AC_MSG_RESULT(using RSAref)
- LIBS="$LIBS -lcrypto -lRSAglue -lrsaref"
+ LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
fi
- fi
-fi
+ CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
+ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
+ [
+ AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
+ ]
+ )
+ ]
+)
+
# Sanity check OpenSSL headers
AC_MSG_CHECKING([whether OpenSSL's headers match the library])
ssh_privsep_user=sshd
AC_ARG_WITH(privsep-user,
- [ --with-privsep-user Specify non-privileged user for privilege separation],
+ [ --with-privsep-user=user Specify non-privileged user for privilege separation],
[
if test -n "$withval"; then
ssh_privsep_user=$withval
]
)
+PRIVSEP_PATH=/var/empty
+AC_ARG_WITH(privsep-path,
+ [ --with-privsep-path=xxx Path for privilege seperation chroot ],
+ [
+ if test "x$withval" != "$no" ; then
+ PRIVSEP_PATH=$withval
+ fi
+ ]
+)
+AC_SUBST(PRIVSEP_PATH)
+
AC_ARG_WITH(xauth,
[ --with-xauth=PATH Specify path to xauth program ],
[
AC_SUBST(user_path)
fi
+# Set superuser path separately to user path
+MD5_MSG="no"
+AC_ARG_WITH(superuser-path,
+ [ --with-superuser-path= Specify different path for super-user],
+ [
+ if test "x$withval" != "xno" ; then
+ AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
+ superuser_path=$withval
+ fi
+ ]
+)
+
+
# Whether to force IPv4 by default (needed on broken glibc Linux)
IPV4_HACK_MSG="no"
AC_ARG_WITH(ipv4-default,
E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
G=`eval echo ${piddir}` ; G=`eval echo ${G}`
-H=`eval echo ${user_path}` ; H=`eval echo ${H}`
+H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
+I=`eval echo ${user_path}` ; I=`eval echo ${I}`
+J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
echo ""
echo "OpenSSH has been configured with the following options:"
-echo " User binaries: $B"
-echo " System binaries: $C"
-echo " Configuration files: $D"
-echo " Askpass program: $E"
-echo " Manual pages: $F"
-echo " PID file: $G"
+echo " User binaries: $B"
+echo " System binaries: $C"
+echo " Configuration files: $D"
+echo " Askpass program: $E"
+echo " Manual pages: $F"
+echo " PID file: $G"
+echo " Privilege separation chroot path: $H"
if test "$USES_LOGIN_CONF" = "yes" ; then
-echo " At runtime, sshd will use the path defined in /etc/login.conf"
+echo " At runtime, sshd will use the path defined in /etc/login.conf"
else
-echo " sshd default user PATH: $H"
-fi
-echo " Manpage format: $MANTYPE"
-echo " PAM support: ${PAM_MSG}"
-echo " KerberosIV support: $KRB4_MSG"
-echo " KerberosV support: $KRB5_MSG"
-echo " Smartcard support: $SCARD_MSG"
-echo " AFS support: $AFS_MSG"
-echo " S/KEY support: $SKEY_MSG"
-echo " TCP Wrappers support: $TCPW_MSG"
-echo " MD5 password support: $MD5_MSG"
-echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
-echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
-echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
-echo " BSD Auth support: $BSD_AUTH_MSG"
-echo " Random number source: $RAND_MSG"
+echo " sshd default user PATH: $I"
+fi
+if test ! -z "$superuser_path" ; then
+echo " sshd superuser user PATH: $J"
+fi
+echo " Manpage format: $MANTYPE"
+echo " PAM support: ${PAM_MSG}"
+echo " KerberosIV support: $KRB4_MSG"
+echo " KerberosV support: $KRB5_MSG"
+echo " Smartcard support: $SCARD_MSG"
+echo " AFS support: $AFS_MSG"
+echo " S/KEY support: $SKEY_MSG"
+echo " TCP Wrappers support: $TCPW_MSG"
+echo " MD5 password support: $MD5_MSG"
+echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
+echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+echo " BSD Auth support: $BSD_AUTH_MSG"
+echo " Random number source: $RAND_MSG"
if test ! -z "$USE_RAND_HELPER" ; then
- echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
+echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
fi
echo ""
andersk / openssh.git / blobdiff