AC_SUBST(PERL)
AC_PATH_PROG(ENT, ent)
AC_SUBST(ENT)
-AC_PATH_PROGS(FILEPRIV, filepriv, true, /sbin:/usr/sbin)
AC_PATH_PROG(TEST_MINUS_S_SH, bash)
AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
AC_PATH_PROG(TEST_MINUS_S_SH, sh)
+AC_PATH_PROG(SH, sh)
# System features
AC_SYS_LARGEFILE
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
if (test "$LD" != "gcc" && test -z "$blibpath"); then
- blibpath="/usr/lib:/lib:/usr/local/lib"
+ AC_MSG_CHECKING([if linkage editor ($LD) accepts -blibpath])
+ saved_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -blibpath:/usr/lib:/lib:/usr/local/lib"
+ AC_TRY_LINK([],
+ [],
+ [
+ AC_MSG_RESULT(yes)
+ blibpath="/usr/lib:/lib:/usr/local/lib"
+ ],
+ [ AC_MSG_RESULT(no) ]
+ )
+ LDFLAGS="$saved_LDFLAGS"
fi
- AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)])
+ AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
+ [AC_CHECK_LIB(s,authenticate,
+ [ AC_DEFINE(WITH_AIXAUTHENTICATE)
+ LIBS="$LIBS -ls"
+ ])
+ ])
AC_DEFINE(BROKEN_GETADDRINFO)
+ AC_DEFINE(BROKEN_REALPATH)
dnl AIX handles lastlog as part of its login message
AC_DEFINE(DISABLE_LASTLOG)
+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
;;
*-*-cygwin*)
LIBS="$LIBS /usr/lib/textmode.o"
AC_DEFINE(IPV4_DEFAULT)
AC_DEFINE(IP_TOS_IS_BROKEN)
AC_DEFINE(NO_X11_UNIX_SOCKETS)
+ AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
+ AC_DEFINE(DISABLE_FD_PASSING)
+ AC_DEFINE(SETGROUPS_NOOP)
;;
*-*-dgux*)
AC_DEFINE(IP_TOS_IS_BROKEN)
;;
*-*-darwin*)
- AC_DEFINE(BROKEN_GETADDRINFO)
+ AC_MSG_CHECKING(if we have working getaddrinfo)
+ AC_TRY_RUN([#include <mach-o/dyld.h>
+main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
+ exit(0);
+ else
+ exit(1);
+}], [AC_MSG_RESULT(working)],
+ [AC_MSG_RESULT(buggy)
+ AC_DEFINE(BROKEN_GETADDRINFO)],
+ [AC_MSG_RESULT(assume it is working)])
+ ;;
+*-*-hpux10.26)
+ if test -z "$GCC"; then
+ CFLAGS="$CFLAGS -Ae"
+ fi
+ CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
+ IPADDR_IN_DISPLAY=yes
+ AC_DEFINE(HAVE_SECUREWARE)
+ AC_DEFINE(USE_PIPES)
+ AC_DEFINE(LOGIN_NO_ENDOPT)
+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
+ AC_DEFINE(DISABLE_SHADOW)
+ AC_DEFINE(DISABLE_UTMP)
+ AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+ LIBS="$LIBS -lsec -lsecpw"
+ AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
+ disable_ptmx_check=yes
;;
*-*-hpux10*)
if test -z "$GCC"; then
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
IPADDR_IN_DISPLAY=yes
AC_DEFINE(USE_PIPES)
+ AC_DEFINE(LOGIN_NO_ENDOPT)
+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
- LIBS="$LIBS -lxnet -lsec"
+ LIBS="$LIBS -lsec"
+ AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
;;
*-*-hpux11*)
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
IPADDR_IN_DISPLAY=yes
AC_DEFINE(PAM_SUN_CODEBASE)
AC_DEFINE(USE_PIPES)
+ AC_DEFINE(LOGIN_NO_ENDOPT)
+ AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
- LIBS="$LIBS -lxnet -lsec"
+ LIBS="$LIBS -lsec"
+ AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
;;
*-*-irix5*)
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS"
PATH="$PATH:/usr/etc"
AC_DEFINE(BROKEN_INET_NTOA)
+ AC_DEFINE(WITH_ABBREV_NO_TTY)
;;
*-*-irix6*)
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
AC_DEFINE(WITH_IRIX_AUDIT)
AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
AC_DEFINE(BROKEN_INET_NTOA)
+ AC_DEFINE(WITH_ABBREV_NO_TTY)
;;
*-*-linux*)
no_dev_ptmx=1
SONY=1
;;
*-*-netbsd*)
+ check_for_libcrypt_before=1
need_dash_r=1
;;
*-*-freebsd*)
*-*-sysv4.2*)
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
-# enable_suid_ssh=no
AC_DEFINE(USE_PIPES)
;;
*-*-sysv5*)
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
-# enable_suid_ssh=no
AC_DEFINE(USE_PIPES)
;;
*-*-sysv*)
CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
- rsh_path="/usr/bin/rcmd"
RANLIB=true
no_dev_ptmx=1
AC_DEFINE(BROKEN_SYS_TERMIO_H)
AC_DEFINE(USE_PIPES)
- AC_DEFINE(HAVE_SCO_PROTECTED_PW)
+ AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(BROKEN_SAVED_UIDS)
AC_CHECK_FUNCS(getluid setluid)
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lprot -lx -ltinfo -lm"
no_dev_ptmx=1
- rsh_path="/usr/bin/rcmd"
AC_DEFINE(USE_PIPES)
- AC_DEFINE(HAVE_SCO_PROTECTED_PW)
+ AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(DISABLE_SHADOW)
+ AC_DEFINE(DISABLE_FD_PASSING)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
;;
+*-*-unicosmk*)
+ no_libsocket=1
+ no_libnsl=1
+ AC_DEFINE(USE_PIPES)
+ AC_DEFINE(DISABLE_FD_PASSING)
+ LDFLAGS="$LDFLAGS"
+ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
+ MANTYPE=cat
+ ;;
*-*-unicos*)
no_libsocket=1
no_libnsl=1
AC_DEFINE(USE_PIPES)
- LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib"
- LIBS="$LIBS -lgen -lrsc"
+ AC_DEFINE(DISABLE_FD_PASSING)
+ LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
+ LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
+ MANTYPE=cat
;;
*-dec-osf*)
AC_MSG_CHECKING(for Digital Unix SIA)
AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
getopt.h glob.h lastlog.h limits.h login.h \
login_cap.h maillock.h netdb.h netgroup.h \
- netinet/in_systm.h paths.h pty.h \
+ netinet/in_systm.h paths.h pty.h readpassphrase.h \
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
sys/mman.h sys/select.h sys/stat.h \
[], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
)
AC_CHECK_FUNC(utimes,
- [], [ AC_CHECK_LIB(c89, utimes, LIBS="$LIBS -lc89") ]
+ [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
+ LIBS="$LIBS -lc89"]) ]
)
dnl Checks for libutil functions
dnl Checks for library functions.
AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
clock fchmod fchown freeaddrinfo futimes gai_strerror \
- getaddrinfo getcwd getgrouplist getnameinfo getopt \
+ getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\
getrlimit getrusage getttyent glob inet_aton inet_ntoa \
inet_ntop innetgr login_getcapbool md5_crypt memmove \
- mkdtemp mmap openpty readpassphrase realpath \
- rresvport_af setdtablesize setegid setenv seteuid \
- setlogin setproctitle setresgid setreuid setrlimit \
- setsid setvbuf sigaction sigvec snprintf strerror \
- strlcat strlcpy strmode strsep sysconf tcgetpgrp utimes \
- vhangup vsnprintf waitpid __b64_ntop _getpty)
+ mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
+ realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
+ setenv seteuid setgroups setlogin setproctitle setresgid setreuid \
+ setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
+ socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
+ truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
dnl IRIX and Solaris 2.5.1 have dirname() in libgen
AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
AC_CHECK_FUNCS(setutxent utmpxname)
-AC_CHECK_FUNC(getuserattr,
- [AC_DEFINE(HAVE_GETUSERATTR)],
- [AC_CHECK_LIB(s, getuserattr, [LIBS="$LIBS -ls"; AC_DEFINE(HAVE_GETUSERATTR)])]
-)
-
AC_CHECK_FUNC(daemon,
[AC_DEFINE(HAVE_DAEMON)],
[AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
)
fi
-# The big search for OpenSSL
+# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
+# because the system crypt() is more featureful.
+if test "x$check_for_libcrypt_before" = "x1"; then
+ AC_CHECK_LIB(crypt, crypt)
+fi
+
+# Search for OpenSSL
+saved_CPPFLAGS="$CPPFLAGS"
+saved_LDFLAGS="$LDFLAGS"
AC_ARG_WITH(ssl-dir,
[ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
[
if test "x$withval" != "xno" ; then
- tryssldir=$withval
- fi
- ]
-)
-
-saved_LIBS="$LIBS"
-saved_LDFLAGS="$LDFLAGS"
-saved_CPPFLAGS="$CPPFLAGS"
-if test "x$prefix" != "xNONE" ; then
- tryssldir="$tryssldir $prefix"
-fi
-AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [
- for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
- CPPFLAGS="$saved_CPPFLAGS"
- LDFLAGS="$saved_LDFLAGS"
- LIBS="$saved_LIBS -lcrypto"
-
- # Skip directories if they don't exist
- if test ! -z "$ssldir" -a ! -d "$ssldir" ; then
- continue;
- fi
- if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
- # Try to use $ssldir/lib if it exists, otherwise
- # $ssldir
- if test -d "$ssldir/lib" ; then
- LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="-R$ssldir/lib $LDFLAGS"
+ if test -d "$withval/lib"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
fi
else
- LDFLAGS="-L$ssldir $saved_LDFLAGS"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="-R$ssldir $LDFLAGS"
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval} ${LDFLAGS}"
fi
fi
- # Try to use $ssldir/include if it exists, otherwise
- # $ssldir
- if test -d "$ssldir/include" ; then
- CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
+ if test -d "$withval/include"; then
+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
else
- CPPFLAGS="-I$ssldir $saved_CPPFLAGS"
+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
fi
fi
-
- # Basic test to check for compatible version and correct linking
- # *does not* test for RSA - that comes later.
- AC_TRY_RUN(
- [
-#include <string.h>
-#include <openssl/rand.h>
-int main(void)
-{
- char a[2048];
- memset(a, 0, sizeof(a));
- RAND_add(a, sizeof(a), sizeof(a));
- return(RAND_status() <= 0);
-}
- ],
+ ]
+)
+LIBS="$LIBS -lcrypto"
+AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
+ [
+ dnl Check default openssl install dir
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
+ else
+ LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
+ fi
+ CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
+ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
[
- found_crypto=1
- break;
- ], []
+ AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
+ ]
)
+ ]
+)
- if test ! -z "$found_crypto" ; then
- break;
- fi
- done
+# Determine OpenSSL header version
+AC_MSG_CHECKING([OpenSSL header version])
+AC_TRY_RUN(
+ [
+#include <stdio.h>
+#include <string.h>
+#include <openssl/opensslv.h>
+#define DATA "conftest.sslincver"
+int main(void) {
+ FILE *fd;
+ int rc;
- if test -z "$found_crypto" ; then
- AC_MSG_ERROR([Could not find working OpenSSL library, please install or check config.log])
- fi
- if test -z "$ssldir" ; then
- ssldir="(system)"
- fi
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
- ac_cv_openssldir=$ssldir
-])
+ if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
+ exit(1);
-if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ; then
- AC_DEFINE(HAVE_OPENSSL)
- dnl Need to recover ssldir - test above runs in subshell
- ssldir=$ac_cv_openssldir
- if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
- # Try to use $ssldir/lib if it exists, otherwise
- # $ssldir
- if test -d "$ssldir/lib" ; then
- LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="-R$ssldir/lib $LDFLAGS"
- fi
- else
- LDFLAGS="-L$ssldir $saved_LDFLAGS"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="-R$ssldir $LDFLAGS"
- fi
- fi
- # Try to use $ssldir/include if it exists, otherwise
- # $ssldir
- if test -d "$ssldir/include" ; then
- CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
- else
- CPPFLAGS="-I$ssldir $saved_CPPFLAGS"
- fi
- fi
-fi
-LIBS="$saved_LIBS -lcrypto"
+ exit(0);
+}
+ ],
+ [
+ ssl_header_ver=`cat conftest.sslincver`
+ AC_MSG_RESULT($ssl_header_ver)
+ ],
+ [
+ AC_MSG_RESULT(not found)
+ AC_MSG_ERROR(OpenSSL version header not found.)
+ ]
+)
-# Now test RSA support
-saved_LIBS="$LIBS"
-AC_MSG_CHECKING([for RSA support])
-for WANTS_RSAREF in "" 1 ; do
- if test -z "$WANTS_RSAREF" ; then
- LIBS="$saved_LIBS"
- else
- LIBS="$saved_LIBS -lRSAglue -lrsaref"
- fi
- AC_TRY_RUN([
+# Determine OpenSSL library version
+AC_MSG_CHECKING([OpenSSL library version])
+AC_TRY_RUN(
+ [
+#include <stdio.h>
#include <string.h>
-#include <openssl/rand.h>
-#include <openssl/rsa.h>
-#include <openssl/bn.h>
-#include <openssl/sha.h>
-int main(void)
-{
- int num; RSA *key; static unsigned char p_in[] = "blahblah";
- unsigned char c[256], p[256];
- memset(c, 0, sizeof(c)); RAND_add(c, sizeof(c), sizeof(c));
- if ((key=RSA_generate_key(512, 3, NULL, NULL))==NULL) return(1);
- num = RSA_public_encrypt(sizeof(p_in) - 1, p_in, c, key, RSA_PKCS1_PADDING);
- return(-1 == RSA_private_decrypt(num, c, p, key, RSA_PKCS1_PADDING));
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#define DATA "conftest.ssllibver"
+int main(void) {
+ FILE *fd;
+ int rc;
+
+ fd = fopen(DATA,"w");
+ if(fd == NULL)
+ exit(1);
+
+ if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
+ exit(1);
+
+ exit(0);
}
],
[
- rsa_works=1
- break;
- ], [])
-done
-LIBS="$saved_LIBS"
-
-if test ! -z "$no_rsa" ; then
- AC_MSG_RESULT(disabled)
- RSA_MSG="disabled"
-else
- if test -z "$rsa_works" ; then
- AC_MSG_WARN([*** No RSA support found *** ])
- RSA_MSG="no"
- else
- if test -z "$WANTS_RSAREF" ; then
- AC_MSG_RESULT(yes)
- RSA_MSG="yes"
- else
- RSA_MSG="yes (using RSAref)"
- AC_MSG_RESULT(using RSAref)
- LIBS="$LIBS -lcrypto -lRSAglue -lrsaref"
- fi
- fi
-fi
+ ssl_library_ver=`cat conftest.ssllibver`
+ AC_MSG_RESULT($ssl_library_ver)
+ ],
+ [
+ AC_MSG_RESULT(not found)
+ AC_MSG_ERROR(OpenSSL library not found.)
+ ]
+)
# Sanity check OpenSSL headers
AC_MSG_CHECKING([whether OpenSSL's headers match the library])
fi
]
)
-
AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
+SSH_PRIVSEP_USER=sshd
+AC_ARG_WITH(privsep-user,
+ [ --with-privsep-user=user Specify non-privileged user for privilege separation],
+ [
+ if test -n "$withval"; then
+ SSH_PRIVSEP_USER=$withval
+ fi
+ ]
+)
+AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
+AC_SUBST(SSH_PRIVSEP_USER)
+
# We do this little dance with the search path to insure
# that programs that we select for use by installed programs
# (which may be run by the super-user) come from trusted
OPATH=$PATH
PATH=/bin:/usr/bin
-/bin/test -L /bin 2> /dev/null && PATH=/usr/bin
+test -h /bin 2> /dev/null && PATH=/usr/bin
test -d /sbin && PATH=$PATH:/sbin
test -d /usr/sbin && PATH=$PATH:/usr/sbin
PATH=$PATH:/etc:$OPATH
AC_CHECK_SIZEOF(long int, 4)
AC_CHECK_SIZEOF(long long int, 8)
+# Sanity check long long for some platforms (AIX)
+if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
+ ac_cv_sizeof_long_long_int=0
+fi
+
# More checks for data types
AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
AC_TRY_COMPILE(
AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
AC_TRY_COMPILE(
- [ #include <sys/types.h> ],
+ [
+#include <sys/types.h>
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#include <sys/socket.h>
+#ifdef HAVE_SYS_BITYPES_H
+# include <sys/bitypes.h>
+#endif
+ ],
[ int64_t a; a = 1;],
[ ac_cv_have_int64_t="yes" ],
[ ac_cv_have_int64_t="no" ]
])
if test "x$ac_cv_have_int64_t" = "xyes" ; then
AC_DEFINE(HAVE_INT64_T)
- have_int64_t=1
-fi
-
-if test -z "$have_int64_t" ; then
- AC_MSG_CHECKING([for int64_t type in sys/socket.h])
- AC_TRY_COMPILE(
- [ #include <sys/socket.h> ],
- [ int64_t a; a = 1],
- [
- AC_DEFINE(HAVE_INT64_T)
- AC_MSG_RESULT(yes)
- ],
- [ AC_MSG_RESULT(no) ]
- )
-fi
-
-if test -z "$have_int64_t" ; then
- AC_MSG_CHECKING([for int64_t type in sys/bitypes.h])
- AC_TRY_COMPILE(
- [ #include <sys/bitypes.h> ],
- [ int64_t a; a = 1],
- [
- AC_DEFINE(HAVE_INT64_T)
- AC_MSG_RESULT(yes)
- ],
- [ AC_MSG_RESULT(no) ]
- )
fi
AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
fi
+dnl make sure we're using the real structure members and not defines
AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
ac_cv_have_accrights_in_msghdr, [
- AC_TRY_COMPILE(
+ AC_TRY_RUN(
[
+#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
+int main() {
+#ifdef msg_accrights
+exit(1);
+#endif
+struct msghdr m;
+m.msg_accrights = 0;
+exit(0);
+}
],
- [ struct msghdr m; m.msg_accrights = 0; ],
[ ac_cv_have_accrights_in_msghdr="yes" ],
[ ac_cv_have_accrights_in_msghdr="no" ]
)
AC_CACHE_CHECK([for msg_control field in struct msghdr],
ac_cv_have_control_in_msghdr, [
- AC_TRY_COMPILE(
+ AC_TRY_RUN(
[
+#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
+int main() {
+#ifdef msg_control
+exit(1);
+#endif
+struct msghdr m;
+m.msg_control = 0;
+exit(0);
+}
],
- [ struct msghdr m; m.msg_control = 0; ],
[ ac_cv_have_control_in_msghdr="yes" ],
[ ac_cv_have_control_in_msghdr="no" ]
)
# Check whether user wants OpenSC support
AC_ARG_WITH(opensc,
- [ --with-opensc Enable smartcard support using OpenSC],
- [
- if test "x$withval" != "xno" ; then
- if test "x$withval" != "xyes" ; then
- CPPFLAGS="$CPPFLAGS -I${withval}"
- LDFLAGS="$LDFLAGS -L${withval}"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="$LDFLAGS -R${withval}"
- fi
- if test ! -z "$blibpath" ; then
- blibpath="$blibpath:${withval}"
- fi
- fi
- AC_CHECK_HEADERS(opensc-pkcs15.h)
- if test "$ac_cv_header_opensc_pkcs15_h" != yes; then
- AC_MSG_ERROR(Can't find opensc-pkcs15.h)
- fi
- AC_CHECK_LIB(opensc, sc_pkcs15_bind)
- if test "$ac_cv_lib_opensc_sc_pkcs15_bind" != yes; then
- AC_MSG_ERROR(Can't find libopensc)
- fi
- AC_DEFINE(SMARTCARD)
- AC_DEFINE(USE_OPENSC)
- SCARD_MSG="yes, using OpenSC"
- fi
- ]
+ AC_HELP_STRING([--with-opensc=PFX],
+ [Enable smartcard support using OpenSC]),
+ opensc_config_prefix="$withval", opensc_config_prefix="")
+if test x$opensc_config_prefix != x ; then
+ OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
+ AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
+ if test "$OPENSC_CONFIG" != "no"; then
+ LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
+ LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
+ CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
+ LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
+ AC_DEFINE(SMARTCARD)
+ AC_DEFINE(USE_OPENSC)
+ SCARD_MSG="yes, using OpenSC"
+ fi
+fi
+
+# Check whether user wants Kerberos 5 support
+KRB5_MSG="no"
+AC_ARG_WITH(kerberos5,
+ [ --with-kerberos5=PATH Enable Kerberos 5 support],
+ [
+ if test "x$withval" != "xno" ; then
+ if test "x$withval" = "xyes" ; then
+ KRB5ROOT="/usr/local"
+ else
+ KRB5ROOT=${withval}
+ fi
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
+ LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
+ AC_DEFINE(KRB5)
+ KRB5_MSG="yes"
+ AC_MSG_CHECKING(whether we are using Heimdal)
+ AC_TRY_COMPILE([ #include <krb5.h> ],
+ [ char *tmp = heimdal_version; ],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(HEIMDAL)
+ K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
+ ],
+ [ AC_MSG_RESULT(no)
+ K5LIBS="-lkrb5 -lk5crypto -lcom_err"
+ ]
+ )
+ if test ! -z "$need_dash_r" ; then
+ LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
+ fi
+ if test ! -z "$blibpath" ; then
+ blibpath="$blibpath:${KRB5ROOT}/lib"
+ fi
+ AC_CHECK_LIB(resolv, dn_expand, , )
+
+ KRB5=yes
+ fi
+ ]
)
-
-# Check whether user wants Kerberos support
+# Check whether user wants Kerberos 4 support
KRB4_MSG="no"
AC_ARG_WITH(kerberos4,
[ --with-kerberos4=PATH Enable Kerberos 4 support],
fi
]
)
-LIBS="$LIBS $KLIBS"
+LIBS="$LIBS $KLIBS $K5LIBS"
# Looking for programs, paths and files
-AC_ARG_WITH(rsh,
- [ --with-rsh=PATH Specify path to remote shell program ],
+
+PRIVSEP_PATH=/var/empty
+AC_ARG_WITH(privsep-path,
+ [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
[
if test "x$withval" != "$no" ; then
- rsh_path=$withval
+ PRIVSEP_PATH=$withval
fi
- ],
- [
- AC_PATH_PROG(rsh_path, rsh)
]
)
+AC_SUBST(PRIVSEP_PATH)
AC_ARG_WITH(xauth,
[ --with-xauth=PATH Specify path to xauth program ],
fi
],
[
- AC_PATH_PROG(xauth_path, xauth,,$PATH:/usr/X/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin)
+ TestPath="$PATH"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
+ TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
+ AC_PATH_PROG(xauth_path, xauth, , $TestPath)
if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
xauth_path="/usr/openwin/bin/xauth"
fi
XAUTH_PATH=$xauth_path
AC_SUBST(XAUTH_PATH)
fi
-if test ! -z "$rsh_path" ; then
- AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path")
-fi
# Check for mail directory (last resort if we cannot get it from headers)
if test ! -z "$MAIL" ; then
fi
if test -z "$no_dev_ptmx" ; then
- AC_CHECK_FILE("/dev/ptmx",
- [
- AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
- have_dev_ptmx=1
- ]
- )
+ if test "x$disable_ptmx_check" != "xyes" ; then
+ AC_CHECK_FILE("/dev/ptmx",
+ [
+ AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
+ have_dev_ptmx=1
+ ]
+ )
+ fi
fi
AC_CHECK_FILE("/dev/ptc",
[
]
)
if test -z "$MANTYPE"; then
- AC_PATH_PROGS(NROFF, nroff awf, /bin/false, /usr/bin:/usr/ucb)
+ TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
+ AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
MANTYPE=doc
elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
)
fi
+dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
+if test $ac_cv_func_login_getcapbool = "yes" -a \
+ $ac_cv_header_login_cap_h = "yes" ; then
+ USES_LOGIN_CONF=yes
+fi
# Whether to mess with the default path
SERVER_PATH_MSG="(default)"
AC_ARG_WITH(default-path,
- [ --with-default-path=PATH Specify default \$PATH environment for server],
+ [ --with-default-path= Specify default \$PATH environment for server],
[
- if test "x$withval" != "xno" ; then
+ if test "$USES_LOGIN_CONF" = "yes" ; then
+ AC_MSG_WARN([
+--with-default-path=PATH has no effect on this system.
+Edit /etc/login.conf instead.])
+ elif test "x$withval" != "xno" ; then
user_path="$withval"
SERVER_PATH_MSG="$withval"
fi
],
- [
+ [ if test "$USES_LOGIN_CONF" = "yes" ; then
+ AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
+ else
AC_TRY_RUN(
[
/* find out what STDPATH is */
AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
fi
fi
+ fi ]
+)
+if test "$USES_LOGIN_CONF" != "yes" ; then
+ AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
+ AC_SUBST(user_path)
+fi
+
+# Set superuser path separately to user path
+AC_ARG_WITH(superuser-path,
+ [ --with-superuser-path= Specify different path for super-user],
+ [
+ if test "x$withval" != "xno" ; then
+ AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
+ superuser_path=$withval
+ fi
]
)
-AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
-AC_SUBST(user_path)
+
# Whether to force IPv4 by default (needed on broken glibc Linux)
IPV4_HACK_MSG="no"
]
)
-AC_MSG_CHECKING(whether to install ssh as suid root)
-AC_ARG_ENABLE(suid-ssh,
-[ --enable-suid-ssh Install ssh as suid root (default)
- --disable-suid-ssh Install ssh without suid bit],
-[ case "$enableval" in
- no)
- AC_MSG_RESULT(no)
- SSHMODE=0711
- ;;
- *) AC_MSG_RESULT(yes)
- SSHMODE=4711
- ;;
- esac ],
- AC_MSG_RESULT(yes)
- SSHMODE=4711
-)
-AC_SUBST(SSHMODE)
-
-
# Where to place sshd.pid
piddir=/var/run
# make sure the directory exists
E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
G=`eval echo ${piddir}` ; G=`eval echo ${G}`
-H=`eval echo ${user_path}` ; H=`eval echo ${H}`
+H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
+I=`eval echo ${user_path}` ; I=`eval echo ${I}`
+J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
echo ""
echo "OpenSSH has been configured with the following options:"
-echo " User binaries: $B"
-echo " System binaries: $C"
-echo " Configuration files: $D"
-echo " Askpass program: $E"
-echo " Manual pages: $F"
-echo " PID file: $G"
-echo " sshd default user PATH: $H"
-echo " Manpage format: $MANTYPE"
-echo " PAM support: ${PAM_MSG}"
-echo " KerberosIV support: $KRB4_MSG"
-echo " Smartcard support: $SCARD_MSG"
-echo " AFS support: $AFS_MSG"
-echo " S/KEY support: $SKEY_MSG"
-echo " TCP Wrappers support: $TCPW_MSG"
-echo " MD5 password support: $MD5_MSG"
-echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
-echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
-echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
-echo " BSD Auth support: $BSD_AUTH_MSG"
-echo " Random number source: $RAND_MSG"
+echo " User binaries: $B"
+echo " System binaries: $C"
+echo " Configuration files: $D"
+echo " Askpass program: $E"
+echo " Manual pages: $F"
+echo " PID file: $G"
+echo " Privilege separation chroot path: $H"
+if test "$USES_LOGIN_CONF" = "yes" ; then
+echo " At runtime, sshd will use the path defined in /etc/login.conf"
+else
+echo " sshd default user PATH: $I"
+fi
+if test ! -z "$superuser_path" ; then
+echo " sshd superuser user PATH: $J"
+fi
+echo " Manpage format: $MANTYPE"
+echo " PAM support: ${PAM_MSG}"
+echo " KerberosIV support: $KRB4_MSG"
+echo " KerberosV support: $KRB5_MSG"
+echo " Smartcard support: $SCARD_MSG"
+echo " AFS support: $AFS_MSG"
+echo " S/KEY support: $SKEY_MSG"
+echo " TCP Wrappers support: $TCPW_MSG"
+echo " MD5 password support: $MD5_MSG"
+echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
+echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+echo " BSD Auth support: $BSD_AUTH_MSG"
+echo " Random number source: $RAND_MSG"
if test ! -z "$USE_RAND_HELPER" ; then
- echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
+echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
fi
echo ""