AFS_LIBS="-lld"
CFLAGS="$CFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
- if test "$LD" != "gcc" -a -z "$blibpath"; then
+ if (test "$LD" != "gcc" && test -z "$blibpath"); then
blibpath="/usr/lib:/lib:/usr/local/lib"
fi
AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)])
AC_DEFINE(BROKEN_GETADDRINFO)
+ MANTYPE='$(CATMAN)'
+ mansubdir=cat
dnl AIX handles lastlog as part of its login message
AC_DEFINE(DISABLE_LASTLOG)
;;
;;
*-*-irix5*)
CFLAGS="$CFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
+ LDFLAGS="$LDFLAGS"
MANTYPE='$(CATMAN)'
no_libsocket=1
no_libnsl=1
;;
*-*-irix6*)
CFLAGS="$CFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
+ LDFLAGS="$LDFLAGS"
MANTYPE='$(CATMAN)'
- AC_MSG_WARN([*** Irix 6.x is not tested, please report you experiences *** ])
+ AC_DEFINE(WITH_IRIX_ARRAY)
+ AC_DEFINE(WITH_IRIX_PROJECT)
+ AC_DEFINE(WITH_IRIX_AUDIT)
no_libsocket=1
no_libnsl=1
;;
*-*-netbsd*)
need_dash_r=1
;;
+*-next-*)
+ # hardwire lastlog location (can't detect it on some versions)
+ conf_lastlog_location="/usr/adm/lastlog"
+ AC_DEFINE(HAVE_NEXT)
+ CFLAGS="$CFLAGS -I/usr/local/include"
+ MAIL=/usr/spool/mail
+ conf_utmp_location=/etc/utmp
+ AC_MSG_WARN([*** Tested: PA-RISC/m68k Untested: Sparc/Intel])
+ AC_MSG_WARN([*** Expect 'scp' to fail!])
+ AC_MSG_WARN([*** Please report any problems, thanks])
+ ;;
*-*-solaris*)
CFLAGS="$CFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib -L/usr/ucblib -R/usr/ucblib"
need_dash_r=1
# hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog"
+ AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
+ sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
+ if test "$sol2ver" -ge 8; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(DISABLE_UTMP)
+ AC_DEFINE(DISABLE_WTMP)
+ else
+ AC_MSG_RESULT(no)
+ fi
;;
*-*-sunos4*)
CFLAGS="$CFLAGS -DSUNOS4"
mansubdir=cat
LIBS="$LIBS -lgen -lsocket"
;;
+*-*-sco3*)
+ CFLAGS="$CFLAGS -I/usr/local/include"
+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
+ MANTYPE='$(CATMAN)'
+ mansubdir=cat
+ LIBS="$LIBS -lgen -lsocket"
+ no_dev_ptmx=1
+ ;;
esac
# Allow user to specify flags
fi
# Checks for header files.
-AC_CHECK_HEADERS(bstring.h endian.h lastlog.h login.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h stddef.h time.h util.h utmp.h utmpx.h)
+AC_CHECK_HEADERS(bstring.h endian.h lastlog.h limits.h login.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h stddef.h time.h util.h utmp.h utmpx.h)
# Checks for library functions.
AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock freeaddrinfo gai_strerror getaddrinfo getnameinfo getrusage innetgr md5_crypt memmove mkdtemp on_exit openpty rresvport_af setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy vsnprintf vhangup _getpty __b64_ntop)
[AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
)
+PAM_MSG="no"
AC_ARG_WITH(pam,
[ --without-pam Disable PAM support ],
[
if test "x$withval" = "xno" ; then
no_pam=1
AC_DEFINE(DISABLE_PAM)
+ PAM_MSG="disabled"
fi
]
)
-if test -z "$no_pam" -a "x$ac_cv_header_security_pam_appl_h" = "xyes" ; then
+if (test -z "$no_pam" && test "x$ac_cv_header_security_pam_appl_h" = "xyes") ; then
AC_CHECK_LIB(dl, dlopen, , )
LIBS="$LIBS -lpam"
AC_CHECK_FUNCS(pam_getenvlist)
+ disable_shadow=yes
+
+ PAM_MSG="yes"
+
# Check PAM strerror arguments (old PAM)
AC_MSG_CHECKING([whether pam_strerror takes only one argument])
AC_TRY_COMPILE(
[
AC_DEFINE(HAVE_OLD_PAM)
AC_MSG_RESULT(yes)
+ PAM_MSG="yes (old library)"
]
)
fi
ac_cv_openssldir=$ssldir
])
-if test ! -z "$ac_cv_openssldir" -a ! "x$ac_cv_openssldir" = "x(system)" ; then
+if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ; then
AC_DEFINE(HAVE_OPENSSL)
dnl Need to recover ssldir - test above runs in subshell
ssldir=$ac_cv_openssldir
if test ! -z "$no_rsa" ; then
AC_MSG_RESULT(disabled)
+ RSA_MSG="disabled"
else
if test -z "$rsa_works" ; then
AC_MSG_WARN([*** No RSA support found *** ])
+ RSA_MSG="no"
else
if test -z "$WANTS_RSAREF" ; then
AC_MSG_RESULT(yes)
+ RSA_MSG="yes"
else
+ RSA_MSG="yes (using RSAref)"
AC_MSG_RESULT(using RSAref)
LIBS="$saved_LIBS -lcrypto -lRSAglue -lrsaref"
fi
fi
-if test -z "$have_u_intxx_t" -o -z "$have_intxx_t" -a \
- "x$ac_cv_header_sys_bitypes_h" = "xyes"
+if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
+ test "x$ac_cv_header_sys_bitypes_h" = "xyes")
then
AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
AC_TRY_COMPILE(
AC_DEFINE(HAVE_SSIZE_T)
fi
+AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
+ AC_TRY_COMPILE(
+ [
+#include <sys/types.h>
+#include <sys/socket.h>
+ ],
+ [ sa_family_t foo; foo = 1235; ],
+ [ ac_cv_have_sa_family_t="yes" ],
+ [ ac_cv_have_sa_family_t="no" ]
+ )
+])
+if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
+ AC_DEFINE(HAVE_SA_FAMILY_T)
+fi
+
+AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
+ AC_TRY_COMPILE(
+ [
+#include <sys/types.h>
+ ],
+ [ pid_t foo; foo = 1235; ],
+ [ ac_cv_have_pid_t="yes" ],
+ [ ac_cv_have_pid_t="no" ]
+ )
+])
+if test "x$ac_cv_have_pid_t" = "xyes" ; then
+ AC_DEFINE(HAVE_PID_T)
+fi
+
+AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
+ AC_TRY_COMPILE(
+ [
+#include <sys/types.h>
+ ],
+ [ mode_t foo; foo = 1235; ],
+ [ ac_cv_have_mode_t="yes" ],
+ [ ac_cv_have_mode_t="no" ]
+ )
+])
+if test "x$ac_cv_have_mode_t" = "xyes" ; then
+ AC_DEFINE(HAVE_MODE_T)
+fi
+
AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
AC_TRY_COMPILE(
AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
AC_TRY_COMPILE(
[
+#include <sys/types.h>
#include <netinet/in.h>
],
[ struct sockaddr_in6 s; s.sin6_family = 0; ],
AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
AC_TRY_COMPILE(
[
+#include <sys/types.h>
#include <netinet/in.h>
],
[ struct in6_addr s; s.s6_addr[0] = 0; ],
OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
-
-
AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
ac_cv_have_ss_family_in_struct_ss, [
AC_TRY_COMPILE(
AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
fi
-
AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
ac_cv_have___ss_family_in_struct_ss, [
AC_TRY_COMPILE(
[ --with-rsh=PATH Specify path to remote shell program ],
[
if test "x$withval" != "$no" ; then
- AC_DEFINE_UNQUOTED(RSH_PATH, "$withval")
+ rsa_path=$withval
fi
],
[
[ --with-xauth=PATH Specify path to xauth program ],
[
if test "x$withval" != "$xno" ; then
- AC_DEFINE_UNQUOTED(XAUTH_PATH, "$withval")
+ xauth_path=$withval
fi
],
[
AC_PATH_PROG(xauth_path, xauth)
- if test ! -z "$xauth_path" -a -x "/usr/openwin/bin/xauth" ; then
+ if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
xauth_path="/usr/openwin/bin/xauth"
fi
]
# detect pathnames for entropy gathering commands, if we need them
INSTALL_SSH_PRNG_CMDS=""
rm -f prng_commands
-if test -z "$RANDOM_POOL" -a -z "$EGD_SOCKET" ; then
+if (test -z "$RANDOM_POOL" && test -z "$EGD_SOCKET") ; then
# Use these commands to collect entropy
OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
AC_SUBST(mansubdir)
# Check whether user wants Kerberos support
+KRB4_MSG="no"
AC_ARG_WITH(kerberos4,
[ --with-kerberos4=PATH Enable Kerberos 4 support],
[
KLIBS="-lkrb -ldes"
AC_CHECK_LIB(resolv, dn_expand, , )
KRB4=yes
+ KRB4_MSG="yes"
AC_DEFINE(KRB4)
fi
]
)
# Check whether user wants AFS support
+AFS_MSG="no"
AC_ARG_WITH(afs,
[ --with-afs=PATH Enable AFS support],
[
LIBS="$LIBS $AFS_LIBS"
fi
AC_DEFINE(AFS)
+ AFS_MSG="yes"
fi
]
)
LIBS="$LIBS $KLIBS"
# Check whether user wants S/Key support
+SKEY_MSG="no"
AC_ARG_WITH(skey,
[ --with-skey Enable S/Key support],
[
if test "x$withval" != "xno" ; then
AC_DEFINE(SKEY)
LIBS="$LIBS -lskey"
+ SKEY_MSG="yes"
fi
]
)
# Check whether user wants TCP wrappers support
+TCPW_MSG="no"
AC_ARG_WITH(tcp-wrappers,
[ --with-tcp-wrappers Enable tcpwrappers support],
[
[
AC_MSG_RESULT(yes)
AC_DEFINE(LIBWRAP)
+ TCPW_MSG="yes"
],
[
- AC_MSG_RESULT(no)
- AC_MSG_WARN([*** libwrap missing - tcpwrapper support disabled ***])
- LIBS="$saved_LIBS"
+ AC_MSG_ERROR([*** libwrap missing])
]
)
fi
)
# Check whether to enable MD5 passwords
+MD5_MSG="no"
AC_ARG_WITH(md5-passwords,
[ --with-md5-passwords Enable use of MD5 passwords],
[
if test "x$withval" != "xno" ; then
AC_DEFINE(HAVE_MD5_PASSWORDS)
+ MD5_MSG="yes"
fi
]
)
[
if test "x$withval" = "xno" ; then
AC_DEFINE(DISABLE_SHADOW)
+ disable_shadow=yes
fi
]
)
+if test -z "$disable_shadow" ; then
+ AC_MSG_CHECKING([if the systems has expire shadow information])
+ AC_TRY_COMPILE(
+ [
+#include <sys/types.h>
+#include <shadow.h>
+ struct spwd sp;
+ ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
+ [ sp_expire_available=yes ], []
+ )
+
+ if test "x$sp_expire_available" = "xyes" ; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAS_SHADOW_EXPIRE)
+ else
+ AC_MSG_RESULT(no)
+ fi
+fi
+
# Use ip address instead of hostname in $DISPLAY
+DISPLAY_HACK_MSG="no"
AC_ARG_WITH(ipaddr-display,
[ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
[
if test "x$withval" = "xno" ; then
AC_DEFINE(IPADDR_IN_DISPLAY)
+ DISPLAY_HACK_MSG="yes"
fi
]
)
# Whether to mess with the default path
+SERVER_PATH_MSG="(default)"
AC_ARG_WITH(default-path,
[ --with-default-path=PATH Specify default \$PATH environment for server],
[
if test "x$withval" != "xno" ; then
AC_DEFINE_UNQUOTED(USER_PATH, "$withval")
+ SERVER_PATH_MSG="$withval"
fi
]
)
# Whether to force IPv4 by default (needed on broken glibc Linux)
+IPV4_HACK_MSG="no"
AC_ARG_WITH(ipv4-default,
[ --with-ipv4-default Use IPv4 by connections unless '-6' specified],
[
if test "x$withval" != "xno" ; then
AC_DEFINE(IPV4_DEFAULT)
+ IPV4_HACK_MSG="yes"
fi
]
)
AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
+IPV4_IN6_HACK_MSG="no"
AC_ARG_WITH(4in6,
[ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
[
if test "x$withval" != "xno" ; then
AC_MSG_RESULT(yes)
AC_DEFINE(IPV4_IN_IPV6)
+ IPV4_IN6_HACK_MSG="yes"
else
AC_MSG_RESULT(no)
fi
if test "x$inet6_default_4in6" = "xyes"; then
AC_MSG_RESULT([yes (default)])
AC_DEFINE(IPV4_IN_IPV6)
+ IPV4_IN6_HACK_MSG="yes"
else
AC_MSG_RESULT([no (default)])
fi
dnl allow user to disable some login recording features
AC_ARG_ENABLE(lastlog,
- [ --disable-lastlog disable use of lastlog even if detected [no]],
+ [ --disable-lastlog disable use of lastlog even if detected [no]],
[ AC_DEFINE(DISABLE_LASTLOG) ]
)
AC_ARG_ENABLE(utmp,
- [ --disable-utmp disable use of utmp even if detected [no]],
+ [ --disable-utmp disable use of utmp even if detected [no]],
[ AC_DEFINE(DISABLE_UTMP) ]
)
AC_ARG_ENABLE(utmpx,
- [ --disable-utmpx disable use of utmpx even if detected [no]],
+ [ --disable-utmpx disable use of utmpx even if detected [no]],
[ AC_DEFINE(DISABLE_UTMPX) ]
)
AC_ARG_ENABLE(wtmp,
- [ --disable-wtmp disable use of wtmp even if detected [no]],
+ [ --disable-wtmp disable use of wtmp even if detected [no]],
[ AC_DEFINE(DISABLE_WTMP) ]
)
AC_ARG_ENABLE(wtmpx,
- [ --disable-wtmpx disable use of wtmpx even if detected [no]],
+ [ --disable-wtmpx disable use of wtmpx even if detected [no]],
[ AC_DEFINE(DISABLE_WTMPX) ]
)
AC_ARG_ENABLE(libutil,
- [ --disable-libutil disable use of libutil (login() etc.) [no]],
+ [ --disable-libutil disable use of libutil (login() etc.) [no]],
[ AC_DEFINE(DISABLE_LOGIN) ]
)
AC_ARG_ENABLE(pututline,
- [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
+ [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
[ AC_DEFINE(DISABLE_PUTUTLINE) ]
)
AC_ARG_ENABLE(pututxline,
- [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
+ [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
[ AC_DEFINE(DISABLE_PUTUTXLINE) ]
)
AC_ARG_WITH(lastlog,
- [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
+ [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
[ conf_lastlog_location="$withval"; ],)
dnl lastlog, [uw]tmpx? detection
[ char *lastlog = _PATH_LASTLOG; ],
[ AC_MSG_RESULT(yes) ],
[
- AC_MSG_RESULT(no),
+ AC_MSG_RESULT(no)
system_lastlog_path=no
])
]
if test -z "$conf_lastlog_location"; then
if test x"$system_lastlog_path" = x"no" ; then
for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
- if test -d "$f" -o -e "$f" ; then
+ if (test -d "$f" || test -f "$f") ; then
conf_lastlog_location=$f
fi
done
if test -z "$conf_lastlog_location"; then
- AC_MSG_WARN([** Cannot find lastlog - disabling feature **])
- AC_DEFINE(DISABLE_LASTLOG)
+ AC_MSG_WARN([** Cannot find lastlog **])
+ dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
fi
fi
fi
# Change default command timeout for builtin PRNG
-entropy_timeout=100
+entropy_timeout=200
AC_ARG_WITH(entropy-timeout,
[ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
[
AC_OUTPUT(Makefile ssh_prng_cmds)
+# Print summary of options
+
+if test x$MANTYPE = x'$(CATMAN)' ; then
+ MAN_MSG=cat
+else
+ MAN_MSG=man
+fi
+if test ! -z "$RANDOM_POOL" ; then
+ RAND_MSG="Device ($RANDOM_POOL)"
+else
+ if test ! -z "$EGD_SOCKET" ; then
+ RAND_MSG="EGD ($EGD_SOCKET)"
+ else
+ RAND_MSG="Builtin (timeout $entropy_timeout)"
+ fi
+fi
+
+# Someone please show me a better way :)
+A=`eval echo ${prefix}` ; A=`eval echo ${A}`
+B=`eval echo ${bindir}` ; B=`eval echo ${B}`
+C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
+D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
+E=`eval echo ${libexecdir}/ssh/ssh-askpass` ; E=`eval echo ${E}`
+F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
+G=`eval echo ${piddir}` ; G=`eval echo ${G}`
+
+echo ""
+echo "OpenSSH configured has been configured with the following options."
+echo " User binaries: $B"
+echo " System binaries: $C"
+echo " Configuration files: $D"
+echo " Askpass program: $E"
+echo " Manual pages: $F"
+echo " PID file: $G"
+echo " Random number collection: $RAND_MSG"
+echo " Manpage format: $MAN_MSG"
+echo " PAM support: ${PAM_MSG}"
+echo " KerberosIV support: $KRB4_MSG"
+echo " AFS support: $AFS_MSG"
+echo " S/KEY support: $SKEY_MSG"
+echo " TCP Wrappers support: $TCPW_MSG"
+echo " MD5 password support: $MD5_MSG"
+echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
+echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+
+echo ""
+
+echo "Compiler flags: ${CFLAGS}"
+echo "Linker flags: ${LDFLAGS}"
+echo "Libraries: ${LIBS}"
+
+echo ""