X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/08ae384f9ef6bc1c6888621faa0ed58b50845d7c..1fe6a48f22b73a8df1b8861a9f0dac46f426da77:/configure.in diff --git a/configure.in b/configure.in index a9b3d2f3..195359ae 100644 --- a/configure.in +++ b/configure.in @@ -13,6 +13,22 @@ AC_PATH_PROG(PERL, perl) AC_SUBST(PERL) AC_PATH_PROG(ENT, ent) AC_SUBST(ENT) +AC_PATH_PROGS(FILEPRIV, filepriv, true, /sbin:/usr/sbin) + +if test -z "$AR" ; then + AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) +fi + +# Use LOGIN_PROGRAM from environment if possible +if test ! -z "$LOGIN_PROGRAM" ; then + AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM") +else + # Search for login + AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login) + if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then + AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK") + fi +fi if test -z "$LD" ; then LD=$CC @@ -25,81 +41,112 @@ if test "$GCC" = "yes"; then CFLAGS="$CFLAGS -Wall" fi +CFLAGS="$CFLAGS -I. -I${srcdir-.}" + # Check for some target-specific stuff case "$host" in *-*-aix*) AFS_LIBS="-lld" CFLAGS="$CFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" - if test "$LD" != "gcc" -a -z "$blibpath"; then + if (test "$LD" != "gcc" && test -z "$blibpath"); then blibpath="/usr/lib:/lib:/usr/local/lib" fi AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)]) AC_DEFINE(BROKEN_GETADDRINFO) + MANTYPE='$(CATMAN)' + mansubdir=cat dnl AIX handles lastlog as part of its login message AC_DEFINE(DISABLE_LASTLOG) + MANTYPE='$(CATMAN)' + mansubdir=cat + ;; +*-*-cygwin*) + LIBS="$LIBS -lregex /usr/lib/textmode.o" + AC_DEFINE(HAVE_CYGWIN) + AC_DEFINE(DISABLE_PAM) + AC_DEFINE(DISABLE_SHADOW) + AC_DEFINE(IPV4_DEFAULT) + AC_DEFINE(IP_TOS_IS_BROKEN) + AC_DEFINE(BROKEN_VHANGUP) + no_pam=1 + no_libsocket=1 + no_libnsl=1 ;; *-*-hpux10*) if test -z "$GCC"; then CFLAGS="$CFLAGS -Ae" fi CFLAGS="$CFLAGS -D_HPUX_SOURCE" - AC_DEFINE(IPADDR_IN_DISPLAY) - AC_MSG_CHECKING(for HPUX trusted system password database) - if test -f /tcb/files/auth/system/default; then - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW) - LIBS="$LIBS -lsec" - AC_MSG_WARN([This configuration is untested]) - else - AC_MSG_RESULT(no) - AC_DEFINE(DISABLE_SHADOW) - fi + IPADDR_IN_DISPLAY=yes + AC_DEFINE(USE_PIPES) + AC_DEFINE(DISABLE_SHADOW) + AC_DEFINE(DISABLE_UTMP) + AC_DEFINE(SPT_TYPE,SPT_PSTAT) + LIBS="$LIBS -lsec" MANTYPE='$(CATMAN)' mansubdir=cat ;; *-*-hpux11*) - if test -z "$GCC"; then - CFLAGS="$CFLAGS -Ae" - fi CFLAGS="$CFLAGS -D_HPUX_SOURCE" - AC_DEFINE(IPADDR_IN_DISPLAY) - AC_MSG_CHECKING(for HPUX trusted system password database) - if test -f /tcb/files/auth/system/default; then - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW) - LIBS="$LIBS -lsec" - AC_MSG_WARN([This configuration is untested]) - else - AC_MSG_RESULT(no) - AC_DEFINE(DISABLE_SHADOW) - fi + IPADDR_IN_DISPLAY=yes + AC_DEFINE(USE_PIPES) + AC_DEFINE(DISABLE_SHADOW) + AC_DEFINE(DISABLE_UTMP) + AC_DEFINE(SPT_TYPE,SPT_PSTAT) + LIBS="$LIBS -lsec" MANTYPE='$(CATMAN)' mansubdir=cat ;; *-*-irix5*) CFLAGS="$CFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS" + PATH="$PATH:/usr/etc" MANTYPE='$(CATMAN)' no_libsocket=1 no_libnsl=1 + AC_DEFINE(BROKEN_INET_NTOA) ;; *-*-irix6*) CFLAGS="$CFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS" + PATH="$PATH:/usr/etc" MANTYPE='$(CATMAN)' - AC_MSG_WARN([*** Irix 6.x is not tested, please report you experiences *** ]) + AC_DEFINE(WITH_IRIX_ARRAY) + AC_DEFINE(WITH_IRIX_PROJECT) + AC_DEFINE(WITH_IRIX_AUDIT) + AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)]) no_libsocket=1 no_libnsl=1 + AC_DEFINE(BROKEN_INET_NTOA) + mansubdir=man ;; *-*-linux*) no_dev_ptmx=1 AC_DEFINE(DONT_TRY_OTHER_AF) + AC_DEFINE(PAM_TTY_KLUDGE) inet6_default_4in6=yes ;; +mips-sony-bsd|mips-sony-newsos4) + AC_DEFINE(HAVE_NEWS4) + SONY=1 + AC_CHECK_LIB(iberty, xatexit, AC_DEFINE(HAVE_XATEXIT), + AC_MSG_ERROR([*** libiberty missing - please install first ***]) + ) + ;; *-*-netbsd*) need_dash_r=1 ;; +*-next-*) + conf_lastlog_location="/usr/adm/lastlog" + conf_utmp_location=/etc/utmp + conf_wtmp_location=/usr/adm/wtmp + MAIL=/usr/spool/mail + AC_DEFINE(HAVE_NEXT) + AC_DEFINE(BROKEN_REALPATH) + AC_DEFINE(USE_PIPES) + CFLAGS="$CFLAGS -I/usr/local/include" + ;; *-*-solaris*) CFLAGS="$CFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib -L/usr/ucblib -R/usr/ucblib" @@ -119,6 +166,36 @@ case "$host" in *-*-sunos4*) CFLAGS="$CFLAGS -DSUNOS4" AC_CHECK_FUNCS(getpwanam) + conf_utmp_location=/etc/utmp + conf_wtmp_location=/var/adm/wtmp + conf_lastlog_location=/var/adm/lastlog + AC_DEFINE(USE_PIPES) + MANTYPE='$(CATMAN)' + mansubdir=cat + ;; +*-sni-sysv*) + CFLAGS="$CFLAGS -I/usr/local/include" + LDFLAGS="$LDFLAGS -L/usr/local/lib -L/usr/ucblib" + MANTYPE='$(CATMAN)' + AC_DEFINE(IP_TOS_IS_BROKEN) + mansubdir=cat + LIBS="$LIBS -lgen -lnsl -lucb" + ;; +*-*-sysv4.2*) + CFLAGS="$CFLAGS -I/usr/local/include" + LDFLAGS="$LDFLAGS -L/usr/local/lib" + MANTYPE='$(CATMAN)' + mansubdir=cat + LIBS="$LIBS -lgen -lsocket -lnsl -lresolv" + enable_suid_ssh=no + ;; +*-*-sysv5*) + CFLAGS="$CFLAGS -I/usr/local/include" + LDFLAGS="$LDFLAGS -L/usr/local/lib" + MANTYPE='$(CATMAN)' + mansubdir=cat + LIBS="$LIBS -lgen -lsocket" + enable_suid_ssh=no ;; *-*-sysv*) CFLAGS="$CFLAGS -I/usr/local/include" @@ -127,6 +204,45 @@ case "$host" in mansubdir=cat LIBS="$LIBS -lgen -lsocket" ;; +*-*-sco3.2v4*) + AC_DEFINE(USE_PIPES) + CFLAGS="$CFLAGS -Dftruncate=chsize -I/usr/local/include" + LDFLAGS="$LDFLAGS -L/usr/local/lib" + MANTYPE='$(CATMAN)' + mansubdir=cat + LIBS="$LIBS -lgen -lsocket -los -lprot -lx -ltinfo -lm" + no_dev_ptmx=1 + RANLIB=true + AC_DEFINE(BROKEN_SYS_TERMIO_H) + rsh_path="/usr/bin/rcmd" + AC_DEFINE(HAVE_SCO_PROTECTED_PW) + AC_DEFINE(DISABLE_SHADOW) + ;; +*-*-sco3.2v5*) + CFLAGS="$CFLAGS -I/usr/local/include" + LDFLAGS="$LDFLAGS -L/usr/local/lib" + MANTYPE='$(CATMAN)' + mansubdir=cat + LIBS="$LIBS -lgen -lsocket -lprot -lx -ltinfo -lm" + no_dev_ptmx=1 + rsh_path="/usr/bin/rcmd" + AC_DEFINE(HAVE_SCO_PROTECTED_PW) + AC_DEFINE(DISABLE_SHADOW) + ;; +*-dec-osf*) +# This is untested + if test ! -z "USE_SIA" ; then + AC_MSG_CHECKING(for Digital Unix Security Integration Architecture) + if test -f /etc/sia/matrix.conf; then + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_OSF_SIA) + AC_DEFINE(DISABLE_LOGIN) + LIBS="$LIBS -lsecurity -ldb -lm -laud" + else + AC_MSG_RESULT(no) + fi + fi + ;; esac # Allow user to specify flags @@ -139,7 +255,7 @@ AC_ARG_WITH(cflags, ] ) AC_ARG_WITH(ldflags, - [ --with-ldlags Specify additional flags to pass to linker], + [ --with-ldflags Specify additional flags to pass to linker], [ if test "x$withval" != "xno" ; then LDFLAGS="$LDFLAGS $withval" @@ -160,6 +276,14 @@ AC_ARG_WITH(libs, AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***])) AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil") +AC_CHECK_FUNC(regcomp, + [], + [ + AC_CHECK_LIB(pcre, pcre_info, + AC_DEFINE(HAVE_LIBPCRE) LIBS="$LIBS -lpcreposix -lpcre") + ] +) + if test -z "$no_libsocket" ; then AC_CHECK_LIB(nsl, yp_match, , ) fi @@ -168,21 +292,26 @@ if test -z "$no_libnsl" ; then fi # Checks for header files. -AC_CHECK_HEADERS(bstring.h endian.h lastlog.h login.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h stddef.h time.h util.h utmp.h utmpx.h) +AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h limits.h login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/queue.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h sys/un.h stddef.h time.h ttyent.h usersec.h util.h utmp.h utmpx.h vis.h) -# Checks for library functions. -AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock freeaddrinfo gai_strerror getaddrinfo getnameinfo getrusage innetgr md5_crypt memmove mkdtemp on_exit openpty rresvport_af setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy vsnprintf vhangup _getpty __b64_ntop) -dnl checks for time functions +dnl Checks for library functions. +AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getnameinfo getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setenv seteuid setlogin setproctitle setreuid setrlimit setsid sigaction sigvec snprintf strerror strlcat strlcpy strsep strtok_r vsnprintf vhangup vis waitpid _getpty __b64_ntop) +dnl Checks for time functions AC_CHECK_FUNCS(gettimeofday time) -dnl checks for libutil functions +dnl Checks for libutil functions AC_CHECK_FUNCS(login logout updwtmp logwtmp) -dnl checks for utmp functions +dnl Checks for utmp functions AC_CHECK_FUNCS(entutent getutent getutid getutline pututline setutent) AC_CHECK_FUNCS(utmpname) -dnl checks for utmpx functions +dnl Checks for utmpx functions AC_CHECK_FUNCS(entutxent getutxent getutxid getutxline pututxline ) AC_CHECK_FUNCS(setutxent utmpxname) +AC_CHECK_FUNC(getuserattr, + [AC_DEFINE(HAVE_GETUSERATTR)], + [AC_CHECK_LIB(s, getuserattr, [LIBS="$LIBS -ls"; AC_DEFINE(HAVE_GETUSERATTR)])] +) + AC_CHECK_FUNC(login, [AC_DEFINE(HAVE_LOGIN)], [AC_CHECK_LIB(bsd, login, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_LOGIN)])] @@ -198,21 +327,46 @@ AC_CHECK_FUNC(getpagesize, [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])] ) +# Check for broken snprintf +if test "x$ac_cv_func_snprintf" = "xyes" ; then + AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) + AC_TRY_RUN( + [ +#include +int main(void){char b[5];snprintf(b,5,"123456789");return(b[4]!='\0');} + ], + [AC_MSG_RESULT(yes)], + [ + AC_MSG_RESULT(no) + AC_DEFINE(BROKEN_SNPRINTF) + AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) + ] + ) +fi + +AC_FUNC_GETPGRP + +PAM_MSG="no" AC_ARG_WITH(pam, [ --without-pam Disable PAM support ], [ if test "x$withval" = "xno" ; then no_pam=1 AC_DEFINE(DISABLE_PAM) + PAM_MSG="disabled" fi ] ) -if test -z "$no_pam" -a "x$ac_cv_header_security_pam_appl_h" = "xyes" ; then +if (test -z "$no_pam" && test "x$ac_cv_header_security_pam_appl_h" = "xyes") ; then AC_CHECK_LIB(dl, dlopen, , ) LIBS="$LIBS -lpam" AC_CHECK_FUNCS(pam_getenvlist) + disable_shadow=yes + + PAM_MSG="yes" + # Check PAM strerror arguments (old PAM) AC_MSG_CHECKING([whether pam_strerror takes only one argument]) AC_TRY_COMPILE( @@ -225,6 +379,7 @@ if test -z "$no_pam" -a "x$ac_cv_header_security_pam_appl_h" = "xyes" ; then [ AC_DEFINE(HAVE_OLD_PAM) AC_MSG_RESULT(yes) + PAM_MSG="yes (old library)" ] ) fi @@ -233,7 +388,7 @@ fi AC_ARG_WITH(ssl-dir, [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], [ - if test "x$withval" != "$xno" ; then + if test "x$withval" != "xno" ; then tryssldir=$withval fi ] @@ -247,7 +402,7 @@ if test "x$prefix" != "xNONE" ; then fi AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [ - for ssldir in "" $tryssldir /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do + for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do if test ! -z "$ssldir" ; then LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir" CFLAGS="$saved_CFLAGS -I$ssldir/include" @@ -295,7 +450,7 @@ int main(void) ac_cv_openssldir=$ssldir ]) -if test ! -z "$ac_cv_openssldir" -a ! "x$ac_cv_openssldir" = "x(system)" ; then +if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ; then AC_DEFINE(HAVE_OPENSSL) dnl Need to recover ssldir - test above runs in subshell ssldir=$ac_cv_openssldir @@ -343,19 +498,28 @@ done if test ! -z "$no_rsa" ; then AC_MSG_RESULT(disabled) + RSA_MSG="disabled" else if test -z "$rsa_works" ; then AC_MSG_WARN([*** No RSA support found *** ]) + RSA_MSG="no" else if test -z "$WANTS_RSAREF" ; then AC_MSG_RESULT(yes) + RSA_MSG="yes" else + RSA_MSG="yes (using RSAref)" AC_MSG_RESULT(using RSAref) LIBS="$saved_LIBS -lcrypto -lRSAglue -lrsaref" fi fi fi +# Cheap hack to ensure NEWS-OS libraries are arranged right. +if test ! -z "$SONY" ; then + LIBS="$LIBS -liberty"; +fi + # Checks for data types AC_CHECK_SIZEOF(char, 1) AC_CHECK_SIZEOF(short int, 2) @@ -364,6 +528,19 @@ AC_CHECK_SIZEOF(long int, 4) AC_CHECK_SIZEOF(long long int, 8) # More checks for data types +AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ + AC_TRY_COMPILE( + [ #include ], + [ u_int a; a = 1;], + [ ac_cv_have_u_int="yes" ], + [ ac_cv_have_u_int="no" ] + ) +]) +if test "x$ac_cv_have_u_int" = "xyes" ; then + AC_DEFINE(HAVE_U_INT) + have_u_int=1 +fi + AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ AC_TRY_COMPILE( [ #include ], @@ -377,6 +554,19 @@ if test "x$ac_cv_have_intxx_t" = "xyes" ; then have_intxx_t=1 fi +AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ + AC_TRY_COMPILE( + [ #include ], + [ int64_t a; a = 1;], + [ ac_cv_have_int64_t="yes" ], + [ ac_cv_have_int64_t="no" ] + ) +]) +if test "x$ac_cv_have_int64_t" = "xyes" ; then + AC_DEFINE(HAVE_INT64_T) + have_int64_t=1 +fi + AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ AC_TRY_COMPILE( [ #include ], @@ -390,9 +580,21 @@ if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then have_u_intxx_t=1 fi +AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ + AC_TRY_COMPILE( + [ #include ], + [ u_int64_t a; a = 1;], + [ ac_cv_have_u_int64_t="yes" ], + [ ac_cv_have_u_int64_t="no" ] + ) +]) +if test "x$ac_cv_have_u_int64_t" = "xyes" ; then + AC_DEFINE(HAVE_U_INT64_T) + have_u_int64_t=1 +fi -if test -z "$have_u_intxx_t" -o -z "$have_intxx_t" -a \ - "x$ac_cv_header_sys_bitypes_h" = "xyes" +if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ + test "x$ac_cv_header_sys_bitypes_h" = "xyes") then AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) AC_TRY_COMPILE( @@ -472,6 +674,59 @@ if test "x$ac_cv_have_ssize_t" = "xyes" ; then AC_DEFINE(HAVE_SSIZE_T) fi +AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ + AC_TRY_COMPILE( + [ +#include +#include + ], + [ sa_family_t foo; foo = 1235; ], + [ ac_cv_have_sa_family_t="yes" ], + [ AC_TRY_COMPILE( + [ +#include +#include +#include + ], + [ sa_family_t foo; foo = 1235; ], + [ ac_cv_have_sa_family_t="yes" ], + + [ ac_cv_have_sa_family_t="no" ] + )] + ) +]) +if test "x$ac_cv_have_sa_family_t" = "xyes" ; then + AC_DEFINE(HAVE_SA_FAMILY_T) +fi + +AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ + AC_TRY_COMPILE( + [ +#include + ], + [ pid_t foo; foo = 1235; ], + [ ac_cv_have_pid_t="yes" ], + [ ac_cv_have_pid_t="no" ] + ) +]) +if test "x$ac_cv_have_pid_t" = "xyes" ; then + AC_DEFINE(HAVE_PID_T) +fi + +AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ + AC_TRY_COMPILE( + [ +#include + ], + [ mode_t foo; foo = 1235; ], + [ ac_cv_have_mode_t="yes" ], + [ ac_cv_have_mode_t="no" ] + ) +]) +if test "x$ac_cv_have_mode_t" = "xyes" ; then + AC_DEFINE(HAVE_MODE_T) +fi + AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ AC_TRY_COMPILE( @@ -491,6 +746,7 @@ fi AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ AC_TRY_COMPILE( [ +#include #include ], [ struct sockaddr_in6 s; s.sin6_family = 0; ], @@ -505,6 +761,7 @@ fi AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ AC_TRY_COMPILE( [ +#include #include ], [ struct in6_addr s; s.s6_addr[0] = 0; ], @@ -532,9 +789,7 @@ if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then AC_DEFINE(HAVE_STRUCT_ADDRINFO) fi - -# Checks for structure members - +dnl Checks for structure members OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP) OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX) OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX) @@ -543,6 +798,7 @@ OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP) OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX) OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP) OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP) +OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX) OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP) OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX) OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP) @@ -551,8 +807,23 @@ OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP) OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP) OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX) OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX) +AC_STRUCT_ST_BLKSIZE - +AC_CACHE_CHECK([for sun_len field in struct sockaddr_un], + ac_cv_have_sun_len_in_struct_sockaddr_un, [ + AC_TRY_COMPILE( + [ +#include +#include + ], + [ struct sockaddr_un s; s.sun_len = 1; ], + [ ac_cv_have_sun_len_in_struct_sockaddr_un="yes" ], + [ ac_cv_have_sun_len_in_struct_sockaddr_un="no" ], + ) +]) +if test "x$ac_cv_have_sun_len_in_struct_sockaddr_un" = "xyes" ; then + AC_DEFINE(HAVE_SUN_LEN_IN_SOCKADDR_UN) +fi AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], ac_cv_have_ss_family_in_struct_ss, [ @@ -570,7 +841,6 @@ if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then AC_DEFINE(HAVE_SS_FAMILY_IN_SS) fi - AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], ac_cv_have___ss_family_in_struct_ss, [ AC_TRY_COMPILE( @@ -587,6 +857,21 @@ if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then AC_DEFINE(HAVE___SS_FAMILY_IN_SS) fi +AC_CACHE_CHECK([for pw_class field in struct passwd], + ac_cv_have_pw_class_in_struct_passwd, [ + AC_TRY_COMPILE( + [ +#include + ], + [ struct passwd p; p.pw_class = 0; ], + [ ac_cv_have_pw_class_in_struct_passwd="yes" ], + [ ac_cv_have_pw_class_in_struct_passwd="no" ] + ) +]) +if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then + AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD) +fi + AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ AC_TRY_LINK([], @@ -600,12 +885,36 @@ if test "x$ac_cv_libc_defines___progname" = "xyes" ; then fi +AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ + AC_TRY_LINK([], + [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);], + [ ac_cv_libc_defines_sys_errlist="yes" ], + [ ac_cv_libc_defines_sys_errlist="no" ] + ) +]) +if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then + AC_DEFINE(HAVE_SYS_ERRLIST) +fi + + +AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ + AC_TRY_LINK([], + [ extern int sys_nerr; printf("%i", sys_nerr);], + [ ac_cv_libc_defines_sys_nerr="yes" ], + [ ac_cv_libc_defines_sys_nerr="no" ] + ) +]) +if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then + AC_DEFINE(HAVE_SYS_NERR) +fi + + # Looking for programs, paths and files AC_ARG_WITH(rsh, [ --with-rsh=PATH Specify path to remote shell program ], [ if test "x$withval" != "$no" ; then - AC_DEFINE_UNQUOTED(RSH_PATH, "$withval") + rsh_path=$withval fi ], [ @@ -616,20 +925,25 @@ AC_ARG_WITH(rsh, AC_ARG_WITH(xauth, [ --with-xauth=PATH Specify path to xauth program ], [ - if test "x$withval" != "$xno" ; then - AC_DEFINE_UNQUOTED(XAUTH_PATH, "$withval") + if test "x$withval" != "xno" ; then + xauth_path=$withval fi ], [ - AC_PATH_PROG(xauth_path, xauth) - if test ! -z "$xauth_path" -a -x "/usr/openwin/bin/xauth" ; then + AC_PATH_PROG(xauth_path, xauth,,$PATH:/usr/X/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin) + if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then xauth_path="/usr/openwin/bin/xauth" fi ] ) -if test ! -z "$xauth_path" ; then +if test -z "$xauth_path" ; then + XAUTH_PATH="undefined" + AC_SUBST(XAUTH_PATH) +else AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path") + XAUTH_PATH=$xauth_path + AC_SUBST(XAUTH_PATH) fi if test ! -z "$rsh_path" ; then AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path") @@ -693,7 +1007,7 @@ AC_ARG_WITH(egd-pool, # detect pathnames for entropy gathering commands, if we need them INSTALL_SSH_PRNG_CMDS="" rm -f prng_commands -if test -z "$RANDOM_POOL" -a -z "$EGD_SOCKET" ; then +if (test -z "$RANDOM_POOL" && test -z "$EGD_SOCKET") ; then # Use these commands to collect entropy OSSH_PATH_ENTROPY_PROG(PROG_LS, ls) OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat) @@ -736,12 +1050,13 @@ AC_SUBST(MANTYPE) AC_SUBST(mansubdir) # Check whether user wants Kerberos support +KRB4_MSG="no" AC_ARG_WITH(kerberos4, [ --with-kerberos4=PATH Enable Kerberos 4 support], [ if test "x$withval" != "xno" ; then - if test "x$withval" != "$xyes" ; then + if test "x$withval" != "xyes" ; then CFLAGS="$CFLAGS -I${withval}/include" LDFLAGS="$LDFLAGS -L${withval}/lib" if test ! -z "$need_dash_r" ; then @@ -768,20 +1083,22 @@ AC_ARG_WITH(kerberos4, KLIBS="-lkrb -ldes" AC_CHECK_LIB(resolv, dn_expand, , ) KRB4=yes + KRB4_MSG="yes" AC_DEFINE(KRB4) fi ] ) # Check whether user wants AFS support +AFS_MSG="no" AC_ARG_WITH(afs, [ --with-afs=PATH Enable AFS support], [ if test "x$withval" != "xno" ; then - if test "x$withval" != "$xyes" ; then + if test "x$withval" != "xyes" ; then CFLAGS="$CFLAGS -I${withval}/include" - LFLAGS="$LFLAGS -L${withval}/lib" + LDFLAGS="$LDFLAGS -L${withval}/lib" fi if test -z "$KRB4" ; then @@ -793,23 +1110,39 @@ AC_ARG_WITH(afs, LIBS="$LIBS $AFS_LIBS" fi AC_DEFINE(AFS) + AFS_MSG="yes" fi ] ) LIBS="$LIBS $KLIBS" # Check whether user wants S/Key support +SKEY_MSG="no" AC_ARG_WITH(skey, - [ --with-skey Enable S/Key support], + [ --with-skey=PATH Enable S/Key support], [ if test "x$withval" != "xno" ; then + + if test "x$withval" != "xyes" ; then + CFLAGS="$CFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + fi + AC_DEFINE(SKEY) LIBS="$LIBS -lskey" + SKEY_MSG="yes" + + AC_CHECK_FUNC(skey_keyinfo, + [], + [ + AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) + ]) fi ] ) # Check whether user wants TCP wrappers support +TCPW_MSG="no" AC_ARG_WITH(tcp-wrappers, [ --with-tcp-wrappers Enable tcpwrappers support], [ @@ -826,11 +1159,10 @@ AC_ARG_WITH(tcp-wrappers, [ AC_MSG_RESULT(yes) AC_DEFINE(LIBWRAP) + TCPW_MSG="yes" ], [ - AC_MSG_RESULT(no) - AC_MSG_WARN([*** libwrap missing - tcpwrapper support disabled ***]) - LIBS="$saved_LIBS" + AC_MSG_ERROR([*** libwrap missing]) ] ) fi @@ -838,11 +1170,13 @@ AC_ARG_WITH(tcp-wrappers, ) # Check whether to enable MD5 passwords +MD5_MSG="no" AC_ARG_WITH(md5-passwords, [ --with-md5-passwords Enable use of MD5 passwords], [ if test "x$withval" != "xno" ; then AC_DEFINE(HAVE_MD5_PASSWORDS) + MD5_MSG="yes" fi ] ) @@ -853,47 +1187,80 @@ AC_ARG_WITH(shadow, [ if test "x$withval" = "xno" ; then AC_DEFINE(DISABLE_SHADOW) + disable_shadow=yes fi ] ) -# Use ip address instead of hostname in $DISPLAY -AC_ARG_WITH(ipaddr-display, - [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], +if test -z "$disable_shadow" ; then + AC_MSG_CHECKING([if the systems has expire shadow information]) + AC_TRY_COMPILE( [ - if test "x$withval" = "xno" ; then - AC_DEFINE(IPADDR_IN_DISPLAY) - fi - ] -) +#include +#include + struct spwd sp; + ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ], + [ sp_expire_available=yes ], [] + ) + + if test "x$sp_expire_available" = "xyes" ; then + AC_MSG_RESULT(yes) + AC_DEFINE(HAS_SHADOW_EXPIRE) + else + AC_MSG_RESULT(no) + fi +fi + +# Use ip address instead of hostname in $DISPLAY +if test ! -z "$IPADDR_IN_DISPLAY" ; then + DISPLAY_HACK_MSG="yes" + AC_DEFINE(IPADDR_IN_DISPLAY) +else + DISPLAY_HACK_MSG="no" + AC_ARG_WITH(ipaddr-display, + [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], + [ + if test "x$withval" != "xno" ; then + AC_DEFINE(IPADDR_IN_DISPLAY) + DISPLAY_HACK_MSG="yes" + fi + ] + ) +fi # Whether to mess with the default path +SERVER_PATH_MSG="(default)" AC_ARG_WITH(default-path, [ --with-default-path=PATH Specify default \$PATH environment for server], [ if test "x$withval" != "xno" ; then AC_DEFINE_UNQUOTED(USER_PATH, "$withval") + SERVER_PATH_MSG="$withval" fi ] ) # Whether to force IPv4 by default (needed on broken glibc Linux) +IPV4_HACK_MSG="no" AC_ARG_WITH(ipv4-default, [ --with-ipv4-default Use IPv4 by connections unless '-6' specified], [ if test "x$withval" != "xno" ; then AC_DEFINE(IPV4_DEFAULT) + IPV4_HACK_MSG="yes" fi ] ) AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) +IPV4_IN6_HACK_MSG="no" AC_ARG_WITH(4in6, [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], [ if test "x$withval" != "xno" ; then AC_MSG_RESULT(yes) AC_DEFINE(IPV4_IN_IPV6) + IPV4_IN6_HACK_MSG="yes" else AC_MSG_RESULT(no) fi @@ -901,12 +1268,32 @@ AC_ARG_WITH(4in6, if test "x$inet6_default_4in6" = "xyes"; then AC_MSG_RESULT([yes (default)]) AC_DEFINE(IPV4_IN_IPV6) + IPV4_IN6_HACK_MSG="yes" else AC_MSG_RESULT([no (default)]) fi ] ) +AC_MSG_CHECKING(whether to install ssh as suid root) +AC_ARG_ENABLE(suid-ssh, +[ --enable-suid-ssh Install ssh as suid root (default) + --disable-suid-ssh Install ssh without suid bit], +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + SSHMODE=0711 + ;; + *) AC_MSG_RESULT(yes) + SSHMODE=04711 + ;; + esac ], + AC_MSG_RESULT(yes) + SSHMODE=04711 +) +AC_SUBST(SSHMODE) + + # Where to place sshd.pid piddir=/var/run AC_ARG_WITH(pid-dir, @@ -918,44 +1305,52 @@ AC_ARG_WITH(pid-dir, ] ) +# make sure the directory exists +if test ! -d $piddir ; then + piddir=`eval echo ${sysconfdir}` + case $piddir in + NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; + esac +fi + AC_DEFINE_UNQUOTED(PIDDIR, "$piddir") AC_SUBST(piddir) dnl allow user to disable some login recording features AC_ARG_ENABLE(lastlog, - [ --disable-lastlog disable use of lastlog even if detected [no]], + [ --disable-lastlog disable use of lastlog even if detected [no]], [ AC_DEFINE(DISABLE_LASTLOG) ] ) AC_ARG_ENABLE(utmp, - [ --disable-utmp disable use of utmp even if detected [no]], + [ --disable-utmp disable use of utmp even if detected [no]], [ AC_DEFINE(DISABLE_UTMP) ] ) AC_ARG_ENABLE(utmpx, - [ --disable-utmpx disable use of utmpx even if detected [no]], + [ --disable-utmpx disable use of utmpx even if detected [no]], [ AC_DEFINE(DISABLE_UTMPX) ] ) AC_ARG_ENABLE(wtmp, - [ --disable-wtmp disable use of wtmp even if detected [no]], + [ --disable-wtmp disable use of wtmp even if detected [no]], [ AC_DEFINE(DISABLE_WTMP) ] ) AC_ARG_ENABLE(wtmpx, - [ --disable-wtmpx disable use of wtmpx even if detected [no]], + [ --disable-wtmpx disable use of wtmpx even if detected [no]], [ AC_DEFINE(DISABLE_WTMPX) ] ) AC_ARG_ENABLE(libutil, - [ --disable-libutil disable use of libutil (login() etc.) [no]], + [ --disable-libutil disable use of libutil (login() etc.) [no]], [ AC_DEFINE(DISABLE_LOGIN) ] ) AC_ARG_ENABLE(pututline, - [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], + [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], [ AC_DEFINE(DISABLE_PUTUTLINE) ] ) AC_ARG_ENABLE(pututxline, - [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], + [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], [ AC_DEFINE(DISABLE_PUTUTXLINE) ] ) AC_ARG_WITH(lastlog, - [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], + [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], [ conf_lastlog_location="$withval"; ],) dnl lastlog, [uw]tmpx? detection @@ -994,7 +1389,7 @@ AC_TRY_COMPILE([ [ char *lastlog = _PATH_LASTLOG; ], [ AC_MSG_RESULT(yes) ], [ - AC_MSG_RESULT(no), + AC_MSG_RESULT(no) system_lastlog_path=no ]) ] @@ -1003,13 +1398,13 @@ AC_TRY_COMPILE([ if test -z "$conf_lastlog_location"; then if test x"$system_lastlog_path" = x"no" ; then for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do - if test -d "$f" -o -f "$f" ; then + if (test -d "$f" || test -f "$f") ; then conf_lastlog_location=$f fi done if test -z "$conf_lastlog_location"; then - AC_MSG_WARN([** Cannot find lastlog - disabling feature **]) - AC_DEFINE(DISABLE_LASTLOG) + AC_MSG_WARN([** Cannot find lastlog **]) + dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx fi fi fi @@ -1150,6 +1545,71 @@ if test ! -z "$blibpath" ; then AC_MSG_WARN([Please check and edit -blibpath in LDFLAGS in Makefile]) fi +AC_EXEEXT + AC_OUTPUT(Makefile ssh_prng_cmds) +# Print summary of options +if test x$MANTYPE = x'$(CATMAN)' ; then + MAN_MSG=cat +else + MAN_MSG=man +fi +if test ! -z "$RANDOM_POOL" ; then + RAND_MSG="Device ($RANDOM_POOL)" +else + if test ! -z "$EGD_SOCKET" ; then + RAND_MSG="EGD ($EGD_SOCKET)" + else + RAND_MSG="Builtin (timeout $entropy_timeout)" + BUILTIN_RNG=1 + fi +fi + +# Someone please show me a better way :) +A=`eval echo ${prefix}` ; A=`eval echo ${A}` +B=`eval echo ${bindir}` ; B=`eval echo ${B}` +C=`eval echo ${sbindir}` ; C=`eval echo ${C}` +D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` +E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` +F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` +G=`eval echo ${piddir}` ; G=`eval echo ${G}` + +echo "" +echo "OpenSSH configured has been configured with the following options." +echo " User binaries: $B" +echo " User binaries: $B" +echo " System binaries: $C" +echo " Configuration files: $D" +echo " Askpass program: $E" +echo " Manual pages: $F" +echo " PID file: $G" +echo " Random number collection: $RAND_MSG" +echo " Manpage format: $MAN_MSG" +echo " PAM support: ${PAM_MSG}" +echo " KerberosIV support: $KRB4_MSG" +echo " AFS support: $AFS_MSG" +echo " S/KEY support: $SKEY_MSG" +echo " TCP Wrappers support: $TCPW_MSG" +echo " MD5 password support: $MD5_MSG" +echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" +echo " Use IPv4 by default hack: $IPV4_HACK_MSG" +echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" + +echo "" + +echo " Host: ${host}" +echo " Compiler: ${CC}" +echo " Compiler flags: ${CFLAGS}" +echo " Linker flags: ${LDFLAGS}" +echo " Libraries: ${LIBS}" + +echo "" + +if test ! -z "$BUILTIN_RNG" ; then + echo "WARNING: you are using the builtin random number collection service." + echo "Please read WARNING.RNG and request that your OS vendor includes" + echo "/dev/random in future versions of their OS." + echo "" +fi