# $Id$
-
-AC_INIT
+#
+# Copyright (c) 1999-2004 Damien Miller
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+AC_INIT(OpenSSH, Portable)
AC_CONFIG_SRCDIR([ssh.c])
AC_CONFIG_HEADER(config.h)
AC_PROG_RANLIB
AC_PROG_INSTALL
AC_PATH_PROG(AR, ar)
+AC_PATH_PROG(CAT, cat)
+AC_PATH_PROG(KILL, kill)
AC_PATH_PROGS(PERL, perl5 perl)
AC_PATH_PROG(SED, sed)
AC_SUBST(PERL)
AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
AC_PATH_PROG(TEST_MINUS_S_SH, sh)
AC_PATH_PROG(SH, sh)
+AC_SUBST(TEST_SHELL,sh)
+
+dnl for buildpkg.sh
+AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
+ [/usr/sbin${PATH_SEPARATOR}/etc])
+AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
+ [/usr/sbin${PATH_SEPARATOR}/etc])
+AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
# System features
AC_SYS_LARGEFILE
fi
fi
+AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
+if test ! -z "$PATH_PASSWD_PROG" ; then
+ AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
+fi
+
if test -z "$LD" ; then
LD=$CC
fi
# Check for some target-specific stuff
case "$host" in
*-*-aix*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
if (test -z "$blibpath"); then
- blibpath="/usr/lib:/lib:/usr/local/lib"
+ blibpath="/usr/lib:/lib"
fi
saved_LDFLAGS="$LDFLAGS"
for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
AC_DEFINE(USE_PIPES)
AC_DEFINE(LOGIN_NO_ENDOPT)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(DISABLE_UTMP)
AC_DEFINE(LOCKED_PASSWD_STRING, "*")
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
LIBS="$LIBS -lsec -lsecpw"
AC_DEFINE(USE_PIPES)
AC_DEFINE(LOGIN_NO_ENDOPT)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(DISABLE_UTMP)
AC_DEFINE(LOCKED_PASSWD_STRING, "*")
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
LIBS="$LIBS -lsec"
AC_DEFINE(DISABLE_UTMP)
AC_DEFINE(LOCKED_PASSWD_STRING, "*")
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+ AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
+ check_for_hpux_broken_getaddrinfo=1
+ check_for_conflicting_getspnam=1
LIBS="$LIBS -lsec"
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
;;
*-*-irix5*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS"
PATH="$PATH:/usr/etc"
AC_DEFINE(BROKEN_INET_NTOA)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
*-*-irix6*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS"
PATH="$PATH:/usr/etc"
AC_DEFINE(WITH_IRIX_ARRAY)
AC_DEFINE(WITH_IRIX_PROJECT)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(BROKEN_UPDWTMPX)
AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
check_for_openpty_ctty_bug=1
AC_DEFINE(DONT_TRY_OTHER_AF)
AC_DEFINE(PAM_TTY_KLUDGE)
- AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!")
+ AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
+ AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
+ AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
+ AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
inet6_default_4in6=yes
case `uname -r` in
1.*|2.0.*)
AC_DEFINE(BROKEN_REALPATH)
AC_DEFINE(USE_PIPES)
AC_DEFINE(BROKEN_SAVED_UIDS)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- CFLAGS="$CFLAGS"
;;
*-*-solaris*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- if test "x$withval" = "xno" ; then
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
- else
- LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
+ if test "x$withval" != "xno" ; then
need_dash_r=1
fi
AC_DEFINE(PAM_SUN_CODEBASE)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(LOGIN_NEEDS_TERM)
AC_DEFINE(PAM_TTY_KLUDGE)
+ AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
AC_DEFINE(SSHD_ACQUIRES_CTTY)
AC_DEFINE(USE_PIPES)
;;
*-ncr-sysv*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lc89"
AC_DEFINE(USE_PIPES)
AC_DEFINE(SSHD_ACQUIRES_CTTY)
AC_DEFINE(BROKEN_SETREGID)
;;
*-sni-sysv*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
# /usr/ucblib MUST NOT be searched on ReliantUNIX
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
AC_CHECK_LIB(dl, dlsym, ,)
IPADDR_IN_DISPLAY=yes
AC_DEFINE(USE_PIPES)
# Attention: always take care to bind libsocket and libnsl before libc,
# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
;;
+# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
*-*-sysv4.2*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
AC_DEFINE(USE_PIPES)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
;;
+# UnixWare 7.x, OpenUNIX 8
*-*-sysv5*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
AC_DEFINE(USE_PIPES)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
;;
*-*-sysv*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
;;
+# SCO UNIX and OEM versions of SCO UNIX
*-*-sco3.2v4*)
- CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
- LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
+ CPPFLAGS="$CPPFLAGS -Dftruncate=chsize"
+ LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm"
RANLIB=true
no_dev_ptmx=1
AC_DEFINE(BROKEN_SYS_TERMIO_H)
AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(BROKEN_SAVED_UIDS)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
do_sco3_extra_lib_check=yes
+ TEST_SHELL=ksh
;;
+# SCO OpenServer 5.x
*-*-sco3.2v5*)
if test -z "$GCC"; then
CFLAGS="$CFLAGS -belf"
fi
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lprot -lx -ltinfo -lm"
no_dev_ptmx=1
AC_DEFINE(USE_PIPES)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(WITH_ABBREV_NO_TTY)
+ AC_DEFINE(BROKEN_UPDWTMPX)
+ AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
+ TEST_SHELL=ksh
;;
*-*-unicosmk*)
+ AC_DEFINE(NO_SSH_LASTLOG)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_FD_PASSING)
LDFLAGS="$LDFLAGS"
MANTYPE=cat
;;
*-*-unicosmp*)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_FD_PASSING)
LDFLAGS="$LDFLAGS"
- LIBS="$LIBS -lgen -lacid"
+ LIBS="$LIBS -lgen -lacid -ldb"
MANTYPE=cat
;;
*-*-unicos*)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_FD_PASSING)
AC_DEFINE(NO_SSH_LASTLOG)
)
AC_MSG_CHECKING(compiler and flags for sanity)
-AC_TRY_RUN([
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([
#include <stdio.h>
int main(){exit(0);}
- ],
+ ])],
[ AC_MSG_RESULT(yes) ],
[
AC_MSG_RESULT(no)
AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
- ]
+ ],
+ [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
)
# Checks for header files.
-AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
- getopt.h glob.h ia.h lastlog.h limits.h login.h \
- login_cap.h maillock.h netdb.h netgroup.h \
+AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
+ floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
+ login_cap.h maillock.h ndir.h netdb.h netgroup.h \
netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
- strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
- sys/cdefs.h sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
- sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
- sys/un.h time.h tmpdir.h ttyent.h usersec.h \
- util.h utime.h utmp.h utmpx.h vis.h)
+ strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
+ sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
+ sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
+ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
+ time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
+
+# sys/ptms.h requires sys/stream.h to be included first on Solaris
+AC_CHECK_HEADERS(sys/ptms.h, [], [], [
+#ifdef HAVE_SYS_STREAM_H
+# include <sys/stream.h>
+#endif
+])
# Checks for libraries.
AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
]
)
-AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]))
+AC_CHECK_LIB(z, deflate, ,
+ [
+ saved_CPPFLAGS="$CPPFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+ save_LIBS="$LIBS"
+ dnl Check default zlib install dir
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
+ else
+ LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
+ fi
+ CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
+ LIBS="$LIBS -lz"
+ AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
+ [
+ AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
+ ]
+ )
+ ]
+)
AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
+
+AC_ARG_WITH(zlib-version-check,
+ [ --without-zlib-version-check Disable zlib version check],
+ [ if test "x$withval" = "xno" ; then
+ zlib_check_nonfatal=1
+ fi
+ ]
+)
+
AC_MSG_CHECKING(for zlib 1.1.4 or greater)
-AC_TRY_RUN([
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include <zlib.h>
int main()
{
exit(0);
exit(2);
}
- ],
+ ]])],
AC_MSG_RESULT(yes),
[ AC_MSG_RESULT(no)
- AC_MSG_ERROR([*** zlib too old - check config.log ***]) ]
+ if test -z "$zlib_check_nonfatal" ; then
+ AC_MSG_ERROR([*** zlib too old - check config.log ***
+Your reported zlib version has known security problems. It's possible your
+vendor has fixed these problems without changing the version number. If you
+are sure this is the case, you can disable the check by running
+"./configure --without-zlib-version-check".
+If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
+ else
+ AC_MSG_WARN([zlib version may have security problems])
+ fi
+ ],
+ [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
)
-
dnl UnixWare 2.x
AC_CHECK_FUNC(strcasecmp,
)
AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
-AC_TRY_RUN(
- [
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <sys/types.h>
#include <dirent.h>
int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
- ],
+ ]])],
[AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
+ ],
+ [
+ AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
+ AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
]
)
+AC_MSG_CHECKING([for /proc/pid/fd directory])
+if test -d "/proc/$$/fd" ; then
+ AC_DEFINE(HAVE_PROC_PID)
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
# Check whether user wants S/Key support
SKEY_MSG="no"
AC_ARG_WITH(skey,
- [ --with-skey[[=PATH]] Enable S/Key support
- (optionally in PATH)],
+ [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
[
if test "x$withval" != "xno" ; then
AC_MSG_RESULT(no)
AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
])
+ AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
+ AC_TRY_COMPILE(
+ [#include <stdio.h>
+ #include <skey.h>],
+ [(void)skeychallenge(NULL,"name","",0);],
+ [AC_MSG_RESULT(yes)
+ AC_DEFINE(SKEYCHALLENGE_4ARG)],
+ [AC_MSG_RESULT(no)]
+ )
fi
]
)
# Check whether user wants TCP wrappers support
TCPW_MSG="no"
AC_ARG_WITH(tcp-wrappers,
- [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support
- (optionally in PATH)],
+ [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
[
if test "x$withval" != "xno" ; then
saved_LIBS="$LIBS"
AC_MSG_CHECKING(for libwrap)
AC_TRY_LINK(
[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
#include <tcpd.h>
int deny_severity = 0, allow_severity = 0;
],
]
)
+# Check whether user wants libedit support
+LIBEDIT_MSG="no"
+AC_ARG_WITH(libedit,
+ [ --with-libedit[[=PATH]] Enable libedit support for sftp],
+ [ if test "x$withval" != "xno" ; then
+ AC_CHECK_LIB(edit, el_init,
+ [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
+ LIBEDIT="-ledit -lcurses"
+ LIBEDIT_MSG="yes"
+ AC_SUBST(LIBEDIT)
+ ],
+ [], [-lcurses]
+ )
+ fi ]
+)
+
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS(\
- arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
- bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
- getaddrinfo getcwd getgrouplist getnameinfo getopt \
- getpeereid _getpty getrlimit getttyent glob inet_aton \
+ arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
+ bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
+ freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
+ getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
- pstat readpassphrase realpath recvmsg rresvport_af sendmsg \
+ pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
setproctitle setregid setreuid setrlimit \
setsid setvbuf sigaction sigvec snprintf socketpair strerror \
strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
- truncate utimes vhangup vsnprintf waitpid \
+ truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
)
# IRIX has a const char return value for gai_strerror()
[#include <termios.h>]
)
+AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
+
AC_CHECK_FUNCS(setresuid, [
dnl Some platorms have setresuid that isn't implemented, test for this
AC_MSG_CHECKING(if setresuid seems to work)
- AC_TRY_RUN([
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdlib.h>
#include <errno.h>
int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
- ],
+ ]])],
[AC_MSG_RESULT(yes)],
[AC_DEFINE(BROKEN_SETRESUID)
- AC_MSG_RESULT(not implemented)]
+ AC_MSG_RESULT(not implemented)],
+ [AC_MSG_WARN([cross compiling: not checking setresuid])]
)
])
AC_CHECK_FUNCS(setresgid, [
dnl Some platorms have setresgid that isn't implemented, test for this
AC_MSG_CHECKING(if setresgid seems to work)
- AC_TRY_RUN([
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdlib.h>
#include <errno.h>
int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
- ],
+ ]])],
[AC_MSG_RESULT(yes)],
[AC_DEFINE(BROKEN_SETRESGID)
- AC_MSG_RESULT(not implemented)]
+ AC_MSG_RESULT(not implemented)],
+ [AC_MSG_WARN([cross compiling: not checking setresuid])]
)
])
# Check for broken snprintf
if test "x$ac_cv_func_snprintf" = "xyes" ; then
AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
- AC_TRY_RUN(
- [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdio.h>
int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
- ],
+ ]])],
[AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
AC_DEFINE(BROKEN_SNPRINTF)
AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
- ]
+ ],
+ [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
)
fi
+# Check for missing getpeereid (or equiv) support
+NO_PEERCHECK=""
+if test "x$ac_cv_func_getpeereid" != "xyes" ; then
+ AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
+ AC_TRY_COMPILE(
+ [#include <sys/types.h>
+ #include <sys/socket.h>],
+ [int i = SO_PEERCRED;],
+ [AC_MSG_RESULT(yes)],
+ [AC_MSG_RESULT(no)
+ NO_PEERCHECK=1]
+ )
+fi
+
dnl see whether mkstemp() requires XXXXXX
if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
AC_MSG_CHECKING([for (overly) strict mkstemp])
)
fi
+if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
+ AC_MSG_CHECKING(if getaddrinfo seems to work)
+ AC_TRY_RUN(
+ [
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <errno.h>
+#include <netinet/in.h>
+
+#define TEST_PORT "2222"
+
+int
+main(void)
+{
+ int err, sock;
+ struct addrinfo *gai_ai, *ai, hints;
+ char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
+
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = PF_UNSPEC;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE;
+
+ err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
+ if (err != 0) {
+ fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
+ exit(1);
+ }
+
+ for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
+ if (ai->ai_family != AF_INET6)
+ continue;
+
+ err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
+ sizeof(ntop), strport, sizeof(strport),
+ NI_NUMERICHOST|NI_NUMERICSERV);
+
+ if (err != 0) {
+ if (err == EAI_SYSTEM)
+ perror("getnameinfo EAI_SYSTEM");
+ else
+ fprintf(stderr, "getnameinfo failed: %s\n",
+ gai_strerror(err));
+ exit(2);
+ }
+
+ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+ if (sock < 0)
+ perror("socket");
+ if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+ if (errno == EBADF)
+ exit(3);
+ }
+ }
+ exit(0);
+}
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ AC_DEFINE(BROKEN_GETADDRINFO)
+ ]
+ )
+fi
+
+if test "x$check_for_conflicting_getspnam" = "x1"; then
+ AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
+ AC_COMPILE_IFELSE(
+ [
+#include <shadow.h>
+int main(void) {exit(0);}
+ ],
+ [
+ AC_MSG_RESULT(no)
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
+ [Conflicting defs for getspnam])
+ ]
+ )
+fi
+
AC_FUNC_GETPGRP
# Check for PAM libs
)
fi
-# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
-# because the system crypt() is more featureful.
-if test "x$check_for_libcrypt_before" = "x1"; then
- AC_CHECK_LIB(crypt, crypt)
-fi
-
# Search for OpenSSL
saved_CPPFLAGS="$CPPFLAGS"
saved_LDFLAGS="$LDFLAGS"
[ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
[
if test "x$withval" != "xno" ; then
+ case "$withval" in
+ # Relative paths
+ ./*|../*) withval="`pwd`/$withval"
+ esac
if test -d "$withval/lib"; then
if test -n "${need_dash_r}"; then
LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
fi
]
)
-LIBS="$LIBS -lcrypto"
+LIBS="-lcrypto $LIBS"
AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
[
dnl Check default openssl install dir
# Determine OpenSSL header version
AC_MSG_CHECKING([OpenSSL header version])
-AC_TRY_RUN(
- [
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdio.h>
#include <string.h>
#include <openssl/opensslv.h>
exit(0);
}
- ],
+ ]])],
[
ssl_header_ver=`cat conftest.sslincver`
AC_MSG_RESULT($ssl_header_ver)
[
AC_MSG_RESULT(not found)
AC_MSG_ERROR(OpenSSL version header not found.)
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
]
)
# Determine OpenSSL library version
AC_MSG_CHECKING([OpenSSL library version])
-AC_TRY_RUN(
- [
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdio.h>
#include <string.h>
#include <openssl/opensslv.h>
exit(0);
}
- ],
+ ]])],
[
ssl_library_ver=`cat conftest.ssllibver`
AC_MSG_RESULT($ssl_library_ver)
[
AC_MSG_RESULT(not found)
AC_MSG_ERROR(OpenSSL library not found.)
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
]
)
# Sanity check OpenSSL headers
AC_MSG_CHECKING([whether OpenSSL's headers match the library])
-AC_TRY_RUN(
- [
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <string.h>
#include <openssl/opensslv.h>
int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
- ],
+ ]])],
[
AC_MSG_RESULT(yes)
],
AC_MSG_ERROR([Your OpenSSL headers do not match your library.
Check config.log for details.
Also see contrib/findssl.sh for help identifying header/library mismatches.])
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
]
)
+# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
+# because the system crypt() is more featureful.
+if test "x$check_for_libcrypt_before" = "x1"; then
+ AC_CHECK_LIB(crypt, crypt)
+fi
+
# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
-# version in OpenSSL. Skip this for PAM
+# version in OpenSSL.
if test "x$check_for_libcrypt_later" = "x1"; then
AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
fi
# Check wheter OpenSSL seeds itself
AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
-AC_TRY_RUN(
- [
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <string.h>
#include <openssl/rand.h>
int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
- ],
+ ]])],
[
OPENSSL_SEEDS_ITSELF=yes
AC_MSG_RESULT(yes)
# Default to use of the rand helper if OpenSSL doesn't
# seed itself
USE_RAND_HELPER=yes
+ ],
+ [
+ AC_MSG_WARN([cross compiling: assuming yes])
+ # This is safe, since all recent OpenSSL versions will
+ # complain at runtime if not seeded correctly.
+ OPENSSL_SEEDS_ITSELF=yes
]
)
exit 1;
else
dnl test snprintf (broken on SCO w/gcc)
- AC_TRY_RUN(
- [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdio.h>
#include <string.h>
#ifdef HAVE_SNPRINTF
#else
main() { exit(0); }
#endif
- ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
+ ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
+ AC_MSG_WARN([cross compiling: Assuming working snprintf()])
)
fi
dnl make sure we're using the real structure members and not defines
AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
ac_cv_have_accrights_in_msghdr, [
- AC_TRY_RUN(
+ AC_COMPILE_IFELSE(
[
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
int main() {
#ifdef msg_accrights
+#error "msg_accrights is a macro"
exit(1);
#endif
struct msghdr m;
AC_CACHE_CHECK([for msg_control field in struct msghdr],
ac_cv_have_control_in_msghdr, [
- AC_TRY_RUN(
+ AC_COMPILE_IFELSE(
[
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/uio.h>
int main() {
#ifdef msg_control
+#error "msg_control is a macro"
exit(1);
#endif
struct msghdr m;
# Needed by our getrrsetbyname()
AC_SEARCH_LIBS(res_query, resolv)
AC_SEARCH_LIBS(dn_expand, resolv)
+ AC_MSG_CHECKING(if res_query will link)
+ AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
+ [AC_MSG_RESULT(no)
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS -lresolv"
+ AC_MSG_CHECKING(for res_query in -lresolv)
+ AC_LINK_IFELSE([
+#include <resolv.h>
+int main()
+{
+ res_query (0, 0, 0, 0, 0);
+ return 0;
+}
+ ],
+ [LIBS="$LIBS -lresolv"
+ AC_MSG_RESULT(yes)],
+ [LIBS="$saved_LIBS"
+ AC_MSG_RESULT(no)])
+ ])
AC_CHECK_FUNCS(_getshort _getlong)
AC_CHECK_MEMBER(HEADER.ad,
[AC_DEFINE(HAVE_HEADER_AD)],,
AC_MSG_CHECKING(for gssapi support)
if $KRB5CONF | grep gssapi >/dev/null ; then
AC_MSG_RESULT(yes)
- K5CFLAGS="`$KRB5CONF --cflags gssapi`"
- dnl m4 quadragraphs: "sed 's/-l[^- ]*//g'"
- K5LDFLAGS="`$KRB5CONF --libs gssapi | sed 's/-l@<:@^- @:>@*//g'`"
- K5LIBS="`$KRB5CONF --libs gssapi | sed 's/-L@<:@^- @:>@*//g'`"
+ AC_DEFINE(GSSAPI)
+ k5confopts=gssapi
else
AC_MSG_RESULT(no)
- K5CFLAGS="`$KRB5CONF --cflags`"
- K5LDFLAGS="`$KRB5CONF --libs | sed 's/-l@<:@^- @:>@*//g'`"
- K5LIBS="`$KRB5CONF --libs | sed 's/-L@<:@^- @:>@*//g'`"
+ k5confopts=""
fi
+ K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
+ K5LIBS="`$KRB5CONF --libs $k5confopts`"
CPPFLAGS="$CPPFLAGS $K5CFLAGS"
- LDFLAGS="$LDFLAGS $K5LDFLAGS"
AC_MSG_CHECKING(whether we are using Heimdal)
AC_TRY_COMPILE([ #include <krb5.h> ],
[ char *tmp = heimdal_version; ],
[ char *tmp = heimdal_version; ],
[ AC_MSG_RESULT(yes)
AC_DEFINE(HEIMDAL)
- K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
+ K5LIBS="-lkrb5 -ldes"
+ K5LIBS="$K5LIBS -lcom_err -lasn1"
+ AC_CHECK_LIB(roken, net_write,
+ [K5LIBS="$K5LIBS -lroken"])
],
[ AC_MSG_RESULT(no)
K5LIBS="-lkrb5 -lk5crypto -lcom_err"
if test ! -z "$blibpath" ; then
blibpath="$blibpath:${KRB5ROOT}/lib"
fi
- fi ]
- AC_SEARCH_LIBS(k_hasafs, kafs,
- [ AC_DEFINE(USE_AFS)
- K5LIBS="-lkafs $K5LIBS"
- ]
- )
+ fi
+
+ AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
+ AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
+ AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
+
+ LIBS="$LIBS $K5LIBS"
+ AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
+ AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
+ ]
)
-LIBS="$LIBS $K5LIBS"
# Looking for programs, paths and files
AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
fi
+if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
+ AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
+ disable_ptmx_check=yes
+fi
if test -z "$no_dev_ptmx" ; then
if test "x$disable_ptmx_check" != "xyes" ; then
AC_CHECK_FILE("/dev/ptmx",
)
fi
fi
-AC_CHECK_FILE("/dev/ptc",
- [
- AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
- have_dev_ptc=1
- ]
-)
+
+if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
+ AC_CHECK_FILE("/dev/ptc",
+ [
+ AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
+ have_dev_ptc=1
+ ]
+ )
+else
+ AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
+fi
# Options from here on. Some of these are preset by platform above
AC_ARG_WITH(mantype,
# check for /etc/default/login and use it if present.
AC_ARG_ENABLE(etc-default-login,
- [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
-[
-AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
+ [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
+ [ if test "x$enableval" = "xno"; then
+ AC_MSG_NOTICE([/etc/default/login handling disabled])
+ etc_default_login=no
+ else
+ etc_default_login=yes
+ fi ],
+ [ etc_default_login=yes ]
+)
-if test "x$external_path_file" = "x/etc/default/login"; then
- AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
+if test "x$etc_default_login" != "xno"; then
+ AC_CHECK_FILE("/etc/default/login",
+ [ external_path_file=/etc/default/login ])
+ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
+ then
+ AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
+ elif test "x$external_path_file" = "x/etc/default/login"; then
+ AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
+ fi
fi
-])
dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
if test $ac_cv_func_login_getcapbool = "yes" -a \
fi
AC_EXEEXT
-AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
+AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
+ scard/Makefile ssh_prng_cmds survey.sh])
AC_OUTPUT
# Print summary of options
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
echo " MD5 password support: $MD5_MSG"
+echo " libedit support: $LIBEDIT_MSG"
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
echo " BSD Auth support: $BSD_AUTH_MSG"
echo ""
+if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
+ echo "SVR4 style packages are supported with \"make package\""
+ echo ""
+fi
+
if test "x$PAM_MSG" = "xyes" ; then
echo "PAM is enabled. You may need to install a PAM control file "
echo "for sshd, otherwise password authentication may fail. "
echo ""
fi
+if test ! -z "$NO_PEERCHECK" ; then
+ echo "WARNING: the operating system that you are using does not "
+ echo "appear to support either the getpeereid() API nor the "
+ echo "SO_PEERCRED getsockopt() option. These facilities are used to "
+ echo "enforce security checks to prevent unauthorised connections to "
+ echo "ssh-agent. Their absence increases the risk that a malicious "
+ echo "user can connect to your agent. "
+ echo ""
+fi
+