-i# $Id$
+# $Id$
AC_INIT
AC_CONFIG_SRCDIR([ssh.c])
AC_DEFINE(WITH_IRIX_ARRAY)
AC_DEFINE(WITH_IRIX_PROJECT)
AC_DEFINE(WITH_IRIX_AUDIT)
- AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
+ AC_DEFINE(WITH_IRIX_JOBS)
AC_DEFINE(BROKEN_INET_NTOA)
;;
*-*-linux*)
CPPFLAGS="$CPPFLAGS -DSUNOS4"
AC_CHECK_FUNCS(getpwanam)
AC_DEFINE(PAM_SUN_CODEBASE)
- AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
conf_utmp_location=/etc/utmp
conf_wtmp_location=/var/adm/wtmp
conf_lastlog_location=/var/adm/lastlog
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lc89"
- AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
AC_DEFINE(USE_PIPES)
;;
*-sni-sysv*)
IPADDR_IN_DISPLAY=yes
AC_DEFINE(USE_PIPES)
AC_DEFINE(IP_TOS_IS_BROKEN)
- AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
# Attention: always take care to bind libsocket and libnsl before libc,
# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
AC_DEFINE(USE_PIPES)
AC_DEFINE(HAVE_SCO_PROTECTED_PW)
AC_DEFINE(DISABLE_SHADOW)
- AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
AC_DEFINE(BROKEN_SAVED_UIDS)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
AC_DEFINE(USE_PIPES)
AC_DEFINE(HAVE_SCO_PROTECTED_PW)
AC_DEFINE(DISABLE_SHADOW)
- AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
;;
]
)
+# Checks for header files.
+AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
+ getopt.h glob.h lastlog.h limits.h login.h \
+ login_cap.h maillock.h netdb.h netgroup.h \
+ netinet/in_systm.h paths.h poll.h pty.h \
+ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
+ strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
+ sys/poll.h sys/select.h sys/stat.h \
+ sys/stropts.h sys/sysmacros.h sys/time.h \
+ sys/un.h time.h ttyent.h usersec.h \
+ util.h utime.h utmp.h utmpx.h)
+
# Checks for libraries.
AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
AC_CHECK_FUNC(getspnam, ,
AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
+AC_ARG_WITH(rpath,
+ [ --without-rpath Disable auto-added -R linker paths],
+ [
+ if test "x$withval" = "xno" ; then
+ need_dash_r=""
+ fi
+ if test "x$withval" = "xyes" ; then
+ need_dash_r=1
+ fi
+ ]
+)
+
dnl zlib is required
AC_ARG_WITH(zlib,
[ --with-zlib=PATH Use zlib in PATH],
[
- if test "x$withval" != "xno" ; then
+ if test "x$withval" = "xno" ; then
AC_MSG_ERROR([*** zlib is required ***])
fi
if test -d "$withval/lib"; then
AC_FUNC_STRFTIME
-# Checks for header files.
-AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
- getopt.h glob.h lastlog.h limits.h login.h \
- login_cap.h maillock.h netdb.h netgroup.h \
- netinet/in_systm.h paths.h poll.h pty.h \
- security/pam_appl.h shadow.h stddef.h stdint.h \
- strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
- sys/poll.h sys/queue.h sys/select.h sys/stat.h \
- sys/stropts.h sys/sysmacros.h sys/time.h \
- sys/ttcompat.h sys/un.h time.h ttyent.h usersec.h \
- util.h utime.h utmp.h utmpx.h)
-
# Check for ALTDIRFUNC glob() extension
AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
AC_EGREP_CPP(FOUNDIT,
LIBS="-lskey $LIBS"
SKEY_MSG="yes"
- AC_CHECK_FUNC(skey_keyinfo,
- [],
+ AC_MSG_CHECKING([for s/key support])
+ AC_TRY_RUN(
[
+#include <stdio.h>
+#include <skey.h>
+int main() { char *ff = skey_keyinfo(""); ff=""; return 0; }
+ ],
+ [AC_MSG_RESULT(yes)],
+ [
+ AC_MSG_RESULT(no)
AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
])
fi
CPPFLAGS="-I${withval} ${CPPFLAGS}"
fi
fi
- LIBS="-lwrap $LIBS"
+ LIBWRAP="-lwrap"
+ LIBS="$LIBWRAP $LIBS"
AC_MSG_CHECKING(for libwrap)
AC_TRY_LINK(
[
[
AC_MSG_RESULT(yes)
AC_DEFINE(LIBWRAP)
+ AC_SUBST(LIBWRAP)
TCPW_MSG="yes"
],
[
AC_MSG_ERROR([*** libwrap missing])
]
)
+ LIBS="$saved_LIBS"
fi
]
)
PAM_MSG="yes"
AC_DEFINE(USE_PAM)
+ if test $ac_cv_lib_dl_dlopen = yes; then
+ LIBPAM="-lpam -ldl"
+ else
+ LIBPAM="-lpam"
+ fi
+ AC_SUBST(LIBPAM)
fi
]
)
fi
fi
+# Sanity check OpenSSL headers
+AC_MSG_CHECKING([whether OpenSSL's headers match the library])
+AC_TRY_RUN(
+ [
+#include <string.h>
+#include <openssl/opensslv.h>
+int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ AC_MSG_ERROR(Your OpenSSL headers do not match your library)
+ ]
+)
+
# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
# version in OpenSSL. Skip this for PAM
if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then
AC_DEFINE(OPENSSL_PRNG_ONLY)
RAND_MSG="OpenSSL internal ONLY"
INSTALL_SSH_RAND_HELPER=""
-elif test ! -z "$OPENSSL_SEEDS_ITSELF" -a ! -z "$USE_RAND_HELPER" ; then
- # OpenSSL with fallback to rand helper
+elif test ! -z "$USE_RAND_HELPER" ; then
+ # install rand helper
RAND_MSG="ssh-rand-helper"
INSTALL_SSH_RAND_HELPER="yes"
fi
AC_ARG_WITH(prngd-port,
[ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
[
- if test ! -z "$withval" -a "x$withval" != "xno" ; then
+ case "$withval" in
+ no)
+ withval=""
+ ;;
+ [[0-9]]*)
+ ;;
+ *)
+ AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
+ ;;
+ esac
+ if test ! -z "$withval" ; then
PRNGD_PORT="$withval"
AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
fi
AC_ARG_WITH(prngd-socket,
[ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
[
- if test -z "$withval" ; then
+ case "$withval" in
+ yes)
withval="/var/run/egd-pool"
- fi
- if test "x$withval" != "xno" ; then
+ ;;
+ no)
+ withval=""
+ ;;
+ /*)
+ ;;
+ *)
+ AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
+ ;;
+ esac
+
+ if test ! -z "$withval" ; then
if test ! -z "$PRNGD_PORT" ; then
AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
fi
- if ! echo "$withval" | grep -q '^/' ; then
- AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
- fi
- if ! test -r "$withval" ; then
+ if test ! -r "$withval" ; then
AC_MSG_WARN(Entropy socket is not readable)
fi
PRNGD_SOCKET="$withval"
AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
fi
+ ],
+ [
+ # Check for existing socket only if we don't have a random device already
+ if test "$USE_RAND_HELPER" = yes ; then
+ AC_MSG_CHECKING(for PRNGD/EGD socket)
+ # Insert other locations here
+ for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
+ if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
+ PRNGD_SOCKET="$sock"
+ AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
+ break;
+ fi
+ done
+ if test ! -z "$PRNGD_SOCKET" ; then
+ AC_MSG_RESULT($PRNGD_SOCKET)
+ else
+ AC_MSG_RESULT(not found)
+ fi
+ fi
]
)
AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
+# We do this little dance with the search path to insure
+# that programs that we select for use by installed programs
+# (which may be run by the super-user) come from trusted
+# locations before they come from the user's private area.
+# This should help avoid accidentally configuring some
+# random version of a program in someone's personal bin.
+
+OPATH=$PATH
+PATH=/bin:/usr/bin
+/bin/test -L /bin && PATH=/usr/bin
+test -d /sbin && PATH=$PATH:/sbin
+test -d /usr/sbin && PATH=$PATH:/usr/sbin
+PATH=$PATH:/etc:$OPATH
+
# These programs are used by the command hashing source to gather entropy
OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
+# restore PATH
+PATH=$OPATH
# Where does ssh-rand-helper get its randomness from?
INSTALL_SSH_PRNG_CMDS=""
)
fi
+if test -z "$have_int64_t" ; then
+ AC_MSG_CHECKING([for int64_t type in sys/bitypes.h])
+ AC_TRY_COMPILE(
+ [ #include <sys/bitypes.h> ],
+ [ int64_t a; a = 1],
+ [
+ AC_DEFINE(HAVE_INT64_T)
+ AC_MSG_RESULT(yes)
+ ],
+ [ AC_MSG_RESULT(no) ]
+ )
+fi
+
AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
AC_TRY_COMPILE(
[ #include <sys/types.h> ],
have_u_int64_t=1
fi
+if test -z "$have_u_int64_t" ; then
+ AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
+ AC_TRY_COMPILE(
+ [ #include <sys/bitypes.h> ],
+ [ u_int64_t a; a = 1],
+ [
+ AC_DEFINE(HAVE_U_INT64_T)
+ AC_MSG_RESULT(yes)
+ ],
+ [ AC_MSG_RESULT(no) ]
+ )
+fi
+
if test -z "$have_u_intxx_t" ; then
AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
AC_TRY_COMPILE(
TYPE_SOCKLEN_T
+AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
+
AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
AC_TRY_COMPILE(
[
AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
fi
+AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
+ ac_cv_have_accrights_in_msghdr, [
+ AC_TRY_COMPILE(
+ [
+#include <sys/socket.h>
+#include <sys/uio.h>
+ ],
+ [ struct msghdr m; m.msg_accrights = 0; ],
+ [ ac_cv_have_accrights_in_msghdr="yes" ],
+ [ ac_cv_have_accrights_in_msghdr="no" ]
+ )
+])
+if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
+ AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
+fi
+
AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
AC_TRY_LINK([],
[ extern char *__progname; printf("%s", __progname); ],
AC_DEFINE(HAVE___PROGNAME)
fi
+AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
+ AC_TRY_LINK([
+#include <stdio.h>
+],
+ [ printf("%s", __FUNCTION__); ],
+ [ ac_cv_cc_implements___FUNCTION__="yes" ],
+ [ ac_cv_cc_implements___FUNCTION__="no" ]
+ )
+])
+if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
+ AC_DEFINE(HAVE___FUNCTION__)
+fi
+
+AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
+ AC_TRY_LINK([
+#include <stdio.h>
+],
+ [ printf("%s", __func__); ],
+ [ ac_cv_cc_implements___func__="yes" ],
+ [ ac_cv_cc_implements___func__="no" ]
+ )
+])
+if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
+ AC_DEFINE(HAVE___func__)
+fi
+
AC_CACHE_CHECK([whether getopt has optreset support],
ac_cv_have_getopt_optreset, [
AC_TRY_LINK(
AC_DEFINE(HAVE_SYS_NERR)
fi
-
-# Check whether user wants Kerberos support
SCARD_MSG="no"
-AC_ARG_WITH(smartcard,
- [ --with-smartcard Enable smartcard support],
+
+# Check whether user wants sectok support
+AC_ARG_WITH(sectok,
+ [ --with-sectok Enable smartcard support using libsectok],
[
if test "x$withval" != "xno" ; then
if test "x$withval" != "xyes" ; then
AC_MSG_ERROR(Can't find libsectok)
fi
AC_DEFINE(SMARTCARD)
- SCARD_MSG="yes"
+ AC_DEFINE(USE_SECTOK)
+ SCARD_MSG="yes, using sectok"
+ fi
+ ]
+)
+
+# Check whether user wants OpenSC support
+AC_ARG_WITH(opensc,
+ [ --with-opensc Enable smartcard support using OpenSC],
+ [
+ if test "x$withval" != "xno" ; then
+ if test "x$withval" != "xyes" ; then
+ CPPFLAGS="$CPPFLAGS -I${withval}"
+ LDFLAGS="$LDFLAGS -L${withval}"
+ if test ! -z "$need_dash_r" ; then
+ LDFLAGS="$LDFLAGS -R${withval}"
+ fi
+ if test ! -z "$blibpath" ; then
+ blibpath="$blibpath:${withval}"
+ fi
+ fi
+ AC_CHECK_HEADERS(opensc-pkcs15.h)
+ if test "$ac_cv_header_opensc_pkcs15_h" != yes; then
+ AC_MSG_ERROR(Can't find opensc-pkcs15.h)
+ fi
+ AC_CHECK_LIB(opensc, sc_pkcs15_bind)
+ if test "$ac_cv_lib_opensc_sc_pkcs15_bind" != yes; then
+ AC_MSG_ERROR(Can't find libopensc)
+ fi
+ AC_DEFINE(SMARTCARD)
+ AC_DEFINE(USE_OPENSC)
+ SCARD_MSG="yes, using OpenSC"
fi
]
)
# Where to place sshd.pid
piddir=/var/run
+# make sure the directory exists
+if test ! -d $piddir ; then
+ piddir=`eval echo ${sysconfdir}`
+ case $piddir in
+ NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
+ esac
+fi
+
AC_ARG_WITH(pid-dir,
[ --with-pid-dir=PATH Specify location of ssh.pid file],
[
if test "x$withval" != "xno" ; then
piddir=$withval
+ if test ! -d $piddir ; then
+ AC_MSG_WARN([** no $piddir directory on this system **])
+ fi
fi
]
)
-# make sure the directory exists
-if test ! -d $piddir ; then
- piddir=`eval echo ${sysconfdir}`
- case $piddir in
- NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
- esac
-fi
-
AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
AC_SUBST(piddir)
AC_MSG_WARN([Please check and edit -blibpath in LDFLAGS in Makefile])
fi
+dnl remove pam and dl because they are in $LIBPAM
+if test "$PAM_MSG" = yes ; then
+ LIBS=`echo $LIBS | sed 's/-lpam //'`
+fi
+if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
+ LIBS=`echo $LIBS | sed 's/-ldl //'`
+fi
+
AC_EXEEXT
AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
AC_OUTPUT
echo " Compiler flags: ${CFLAGS}"
echo "Preprocessor flags: ${CPPFLAGS}"
echo " Linker flags: ${LDFLAGS}"
-echo " Libraries: ${LIBS}"
+echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
echo ""