X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/1b06e75e11571b3a24ad0c10aaf4171ca02ee8f5..a814ba4d7ebb0d7ff9f4ea00a5a77e8b0e38767c:/configure.ac diff --git a/configure.ac b/configure.ac index c0fae87d..b37b5f68 100644 --- a/configure.ac +++ b/configure.ac @@ -14,13 +14,14 @@ AC_PROG_RANLIB AC_PROG_INSTALL AC_PATH_PROG(AR, ar) AC_PATH_PROGS(PERL, perl5 perl) +AC_PATH_PROG(SED, sed) AC_SUBST(PERL) AC_PATH_PROG(ENT, ent) AC_SUBST(ENT) -AC_PATH_PROGS(FILEPRIV, filepriv, true, /sbin:/usr/sbin) AC_PATH_PROG(TEST_MINUS_S_SH, bash) AC_PATH_PROG(TEST_MINUS_S_SH, ksh) AC_PATH_PROG(TEST_MINUS_S_SH, sh) +AC_PATH_PROG(SH, sh) # System features AC_SYS_LARGEFILE @@ -53,31 +54,97 @@ fi # Check for some target-specific stuff case "$host" in *-*-aix*) - AFS_LIBS="-lld" CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" - if (test "$LD" != "gcc" && test -z "$blibpath"); then + AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) + if (test -z "$blibpath"); then blibpath="/usr/lib:/lib:/usr/local/lib" fi - AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)]) + saved_LDFLAGS="$LDFLAGS" + for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do + if (test -z "$blibflags"); then + LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" + AC_TRY_LINK([], [], [blibflags=$tryflags]) + fi + done + if (test -z "$blibflags"); then + AC_MSG_RESULT(not found) + AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) + else + AC_MSG_RESULT($blibflags) + fi + LDFLAGS="$saved_LDFLAGS" + dnl Check for authenticate. Might be in libs.a on older AIXes + AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)], + [AC_CHECK_LIB(s,authenticate, + [ AC_DEFINE(WITH_AIXAUTHENTICATE) + LIBS="$LIBS -ls" + ]) + ]) + dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) + AC_CHECK_DECL(loginfailed, + [AC_MSG_CHECKING(if loginfailed takes 4 arguments) + AC_TRY_COMPILE( + [#include ], + [(void)loginfailed("user","host","tty",0);], + [AC_MSG_RESULT(yes) + AC_DEFINE(AIX_LOGINFAILED_4ARG)], + [AC_MSG_RESULT(no)] + )], + [], + [#include ] + ) + AC_CHECK_FUNCS(setauthdb) AC_DEFINE(BROKEN_GETADDRINFO) + AC_DEFINE(BROKEN_REALPATH) dnl AIX handles lastlog as part of its login message AC_DEFINE(DISABLE_LASTLOG) + AC_DEFINE(LOGIN_NEEDS_UTMPX) + AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) ;; *-*-cygwin*) + check_for_libcrypt_later=1 LIBS="$LIBS /usr/lib/textmode.o" AC_DEFINE(HAVE_CYGWIN) AC_DEFINE(USE_PIPES) AC_DEFINE(DISABLE_SHADOW) - AC_DEFINE(IPV4_DEFAULT) AC_DEFINE(IP_TOS_IS_BROKEN) AC_DEFINE(NO_X11_UNIX_SOCKETS) + AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) + AC_DEFINE(DISABLE_FD_PASSING) + AC_DEFINE(SETGROUPS_NOOP) ;; *-*-dgux*) AC_DEFINE(IP_TOS_IS_BROKEN) ;; *-*-darwin*) - AC_DEFINE(BROKEN_GETADDRINFO) + AC_MSG_CHECKING(if we have working getaddrinfo) + AC_TRY_RUN([#include +main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) + exit(0); + else + exit(1); +}], [AC_MSG_RESULT(working)], + [AC_MSG_RESULT(buggy) + AC_DEFINE(BROKEN_GETADDRINFO)], + [AC_MSG_RESULT(assume it is working)]) + ;; +*-*-hpux10.26) + if test -z "$GCC"; then + CFLAGS="$CFLAGS -Ae" + fi + CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" + IPADDR_IN_DISPLAY=yes + AC_DEFINE(HAVE_SECUREWARE) + AC_DEFINE(USE_PIPES) + AC_DEFINE(LOGIN_NO_ENDOPT) + AC_DEFINE(LOGIN_NEEDS_UTMPX) + AC_DEFINE(DISABLE_SHADOW) + AC_DEFINE(DISABLE_UTMP) + AC_DEFINE(SPT_TYPE,SPT_PSTAT) + LIBS="$LIBS -lsec -lsecpw" + AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) + disable_ptmx_check=yes ;; *-*-hpux10*) if test -z "$GCC"; then @@ -86,26 +153,33 @@ case "$host" in CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" IPADDR_IN_DISPLAY=yes AC_DEFINE(USE_PIPES) + AC_DEFINE(LOGIN_NO_ENDOPT) + AC_DEFINE(LOGIN_NEEDS_UTMPX) AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) AC_DEFINE(SPT_TYPE,SPT_PSTAT) - LIBS="$LIBS -lxnet -lsec" + LIBS="$LIBS -lsec" + AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) ;; *-*-hpux11*) CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" IPADDR_IN_DISPLAY=yes AC_DEFINE(PAM_SUN_CODEBASE) AC_DEFINE(USE_PIPES) + AC_DEFINE(LOGIN_NO_ENDOPT) + AC_DEFINE(LOGIN_NEEDS_UTMPX) AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) AC_DEFINE(SPT_TYPE,SPT_PSTAT) - LIBS="$LIBS -lxnet -lsec" + LIBS="$LIBS -lsec" + AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) ;; *-*-irix5*) CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS" PATH="$PATH:/usr/etc" AC_DEFINE(BROKEN_INET_NTOA) + AC_DEFINE(WITH_ABBREV_NO_TTY) ;; *-*-irix6*) CPPFLAGS="$CPPFLAGS -I/usr/local/include" @@ -116,19 +190,73 @@ case "$host" in AC_DEFINE(WITH_IRIX_AUDIT) AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)]) AC_DEFINE(BROKEN_INET_NTOA) + AC_DEFINE(WITH_ABBREV_NO_TTY) ;; *-*-linux*) no_dev_ptmx=1 check_for_libcrypt_later=1 AC_DEFINE(DONT_TRY_OTHER_AF) AC_DEFINE(PAM_TTY_KLUDGE) + AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) inet6_default_4in6=yes + # openpty can be in libutil, needed for controlling tty test + AC_SEARCH_LIBS(openpty, util) + # make sure that openpty does not reacquire controlling terminal + AC_MSG_CHECKING(if openpty correctly handles controlling tty) + AC_TRY_RUN( + [ +#include +#include +#include +#include + +int +main() +{ + pid_t pid; + int fd, ptyfd, ttyfd, status; + + pid = fork(); + if (pid < 0) { /* failed */ + exit(1); + } else if (pid > 0) { /* parent */ + waitpid(pid, &status, 0); + if (WIFEXITED(status)) + exit(WEXITSTATUS(status)); + else + exit(2); + } else { /* child */ + close(0); close(1); close(2); + setsid(); + openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); + fd = open("/dev/tty", O_RDWR | O_NOCTTY); + if (fd >= 0) + exit(3); /* Acquired ctty: broken */ + else + exit(0); /* Did not acquire ctty: OK */ + } +} + ], + [ + AC_MSG_RESULT(yes) + ], + [ + AC_MSG_RESULT(no) + AC_DEFINE(SSHD_ACQUIRES_CTTY) + ] + ) + case `uname -r` in + 1.*|2.0.*) + AC_DEFINE(BROKEN_CMSG_TYPE) + ;; + esac ;; mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(HAVE_NEWS4) SONY=1 ;; *-*-netbsd*) + check_for_libcrypt_before=1 need_dash_r=1 ;; *-*-freebsd*) @@ -154,6 +282,8 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(LOGIN_NEEDS_UTMPX) AC_DEFINE(LOGIN_NEEDS_TERM) AC_DEFINE(PAM_TTY_KLUDGE) + # Pushing STREAMS modules will cause sshd to acquire a controlling tty. + AC_DEFINE(SSHD_ACQUIRES_CTTY) # hardwire lastlog location (can't detect it on some versions) conf_lastlog_location="/var/adm/lastlog" AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x) @@ -180,6 +310,7 @@ mips-sony-bsd|mips-sony-newsos4) LDFLAGS="$LDFLAGS -L/usr/local/lib" LIBS="$LIBS -lc89" AC_DEFINE(USE_PIPES) + AC_DEFINE(SSHD_ACQUIRES_CTTY) ;; *-sni-sysv*) CPPFLAGS="$CPPFLAGS -I/usr/local/include" @@ -188,6 +319,7 @@ mips-sony-bsd|mips-sony-newsos4) IPADDR_IN_DISPLAY=yes AC_DEFINE(USE_PIPES) AC_DEFINE(IP_TOS_IS_BROKEN) + AC_DEFINE(SSHD_ACQUIRES_CTTY) # /usr/ucblib/libucb.a no longer needed on ReliantUNIX # Attention: always take care to bind libsocket and libnsl before libc, # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog @@ -195,13 +327,11 @@ mips-sony-bsd|mips-sony-newsos4) *-*-sysv4.2*) CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" -# enable_suid_ssh=no AC_DEFINE(USE_PIPES) ;; *-*-sysv5*) CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" -# enable_suid_ssh=no AC_DEFINE(USE_PIPES) ;; *-*-sysv*) @@ -212,12 +342,11 @@ mips-sony-bsd|mips-sony-newsos4) CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" LIBS="$LIBS -los -lprot -lx -ltinfo -lm" - rsh_path="/usr/bin/rcmd" RANLIB=true no_dev_ptmx=1 AC_DEFINE(BROKEN_SYS_TERMIO_H) AC_DEFINE(USE_PIPES) - AC_DEFINE(HAVE_SCO_PROTECTED_PW) + AC_DEFINE(HAVE_SECUREWARE) AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(BROKEN_SAVED_UIDS) AC_CHECK_FUNCS(getluid setluid) @@ -225,23 +354,34 @@ mips-sony-bsd|mips-sony-newsos4) do_sco3_extra_lib_check=yes ;; *-*-sco3.2v5*) + if test -z "$GCC"; then + CFLAGS="$CFLAGS -belf" + fi CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" LIBS="$LIBS -lprot -lx -ltinfo -lm" no_dev_ptmx=1 - rsh_path="/usr/bin/rcmd" AC_DEFINE(USE_PIPES) - AC_DEFINE(HAVE_SCO_PROTECTED_PW) + AC_DEFINE(HAVE_SECUREWARE) AC_DEFINE(DISABLE_SHADOW) + AC_DEFINE(DISABLE_FD_PASSING) AC_CHECK_FUNCS(getluid setluid) MANTYPE=man ;; +*-*-unicosmk*) + AC_DEFINE(USE_PIPES) + AC_DEFINE(DISABLE_FD_PASSING) + LDFLAGS="$LDFLAGS" + LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" + MANTYPE=cat + ;; *-*-unicos*) - no_libsocket=1 - no_libnsl=1 AC_DEFINE(USE_PIPES) - LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib" - LIBS="$LIBS -lgen -lrsc" + AC_DEFINE(DISABLE_FD_PASSING) + AC_DEFINE(NO_SSH_LASTLOG) + LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" + LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" + MANTYPE=cat ;; *-dec-osf*) AC_MSG_CHECKING(for Digital Unix SIA) @@ -260,11 +400,13 @@ mips-sony-bsd|mips-sony-newsos4) AC_MSG_RESULT(yes) AC_DEFINE(HAVE_OSF_SIA) AC_DEFINE(DISABLE_LOGIN) + AC_DEFINE(DISABLE_FD_PASSING) LIBS="$LIBS -lsecurity -ldb -lm -laud" else AC_MSG_RESULT(no) fi fi + AC_DEFINE(DISABLE_FD_PASSING) ;; *-*-nto-qnx) @@ -310,16 +452,28 @@ AC_ARG_WITH(libs, ] ) +AC_MSG_CHECKING(compiler and flags for sanity) +AC_TRY_RUN([ +#include +int main(){exit(0);} + ], + [ AC_MSG_RESULT(yes) ], + [ + AC_MSG_RESULT(no) + AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) + ] +) + # Checks for header files. -AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \ - getopt.h glob.h lastlog.h limits.h login.h \ +AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \ + getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \ login_cap.h maillock.h netdb.h netgroup.h \ - netinet/in_systm.h paths.h pty.h \ + netinet/in_systm.h paths.h pty.h readpassphrase.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ - strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ - sys/mman.h sys/select.h sys/stat.h \ - sys/stropts.h sys/sysmacros.h sys/time.h \ - sys/un.h time.h ttyent.h usersec.h \ + strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \ + sys/cdefs.h sys/mman.h sys/pstat.h sys/select.h sys/stat.h \ + sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \ + sys/un.h time.h tmpdir.h ttyent.h usersec.h \ util.h utime.h utmp.h utmpx.h) # Checks for libraries. @@ -383,7 +537,8 @@ AC_CHECK_FUNC(strcasecmp, [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ] ) AC_CHECK_FUNC(utimes, - [], [ AC_CHECK_LIB(c89, utimes, LIBS="$LIBS -lc89") ] + [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES) + LIBS="$LIBS -lc89"]) ] ) dnl Checks for libutil functions @@ -432,7 +587,7 @@ AC_TRY_RUN( [ #include #include -int main(void){struct dirent d;return(sizeof(d.d_name)<=sizeof(char));} +int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} ], [AC_MSG_RESULT(yes)], [ @@ -463,7 +618,7 @@ AC_ARG_WITH(skey, [ #include #include -int main() { char *ff = skey_keyinfo(""); ff=""; return 0; } +int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } ], [AC_MSG_RESULT(yes)], [ @@ -528,18 +683,28 @@ AC_ARG_WITH(tcp-wrappers, ] ) -dnl Checks for library functions. -AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ - clock fchmod fchown freeaddrinfo futimes gai_strerror \ - getaddrinfo getcwd getgrouplist getnameinfo getopt \ - getrlimit getrusage getttyent glob inet_aton inet_ntoa \ - inet_ntop innetgr login_getcapbool md5_crypt memmove \ - mkdtemp mmap openpty readpassphrase realpath recvmsg \ - rresvport_af sendmsg setdtablesize setegid setenv seteuid \ - setlogin setproctitle setresgid setreuid setrlimit \ +dnl Checks for library functions. Please keep in alphabetical order +AC_CHECK_FUNCS(\ + arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename \ + bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \ + gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \ + getpeereid _getpty getrlimit getttyent glob inet_aton \ + inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \ + mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \ + pstat readpassphrase realpath recvmsg rresvport_af sendmsg \ + setdtablesize setegid setenv seteuid setgroups setlogin setpcred \ + setproctitle setregid setresgid setresuid setreuid setrlimit \ setsid setvbuf sigaction sigvec snprintf socketpair strerror \ - strlcat strlcpy strmode strsep sysconf tcgetpgrp utimes \ - vhangup vsnprintf waitpid __b64_ntop _getpty) + strlcat strlcpy strmode strnvis sysconf tcgetpgrp tcsendbreak \ + truncate utimes vhangup vsnprintf waitpid \ +) + +AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP)) +AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME)) + +dnl Make sure prototypes are defined for these before using them. +AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)]) +AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)]) dnl IRIX and Solaris 2.5.1 have dirname() in libgen AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ @@ -587,11 +752,6 @@ dnl Checks for utmpx functions AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) AC_CHECK_FUNCS(setutxent utmpxname) -AC_CHECK_FUNC(getuserattr, - [AC_DEFINE(HAVE_GETUSERATTR)], - [AC_CHECK_LIB(s, getuserattr, [LIBS="$LIBS -ls"; AC_DEFINE(HAVE_GETUSERATTR)])] -) - AC_CHECK_FUNC(daemon, [AC_DEFINE(HAVE_DAEMON)], [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])] @@ -608,7 +768,7 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then AC_TRY_RUN( [ #include -int main(void){char b[5];snprintf(b,5,"123456789");return(b[4]!='\0');} +int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} ], [AC_MSG_RESULT(yes)], [ @@ -619,6 +779,32 @@ int main(void){char b[5];snprintf(b,5,"123456789");return(b[4]!='\0');} ) fi +dnl see whether mkstemp() requires XXXXXX +if test "x$ac_cv_func_mkdtemp" = "xyes" ; then +AC_MSG_CHECKING([for (overly) strict mkstemp]) +AC_TRY_RUN( + [ +#include +main() { char template[]="conftest.mkstemp-test"; +if (mkstemp(template) == -1) + exit(1); +unlink(template); exit(0); +} + ], + [ + AC_MSG_RESULT(no) + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_STRICT_MKSTEMP) + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_STRICT_MKSTEMP) + ] +) +fi + AC_FUNC_GETPGRP # Check for PAM libs @@ -668,169 +854,122 @@ if test "x$PAM_MSG" = "xyes" ; then ) fi -# The big search for OpenSSL +# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, +# because the system crypt() is more featureful. +if test "x$check_for_libcrypt_before" = "x1"; then + AC_CHECK_LIB(crypt, crypt) +fi + +# Search for OpenSSL +saved_CPPFLAGS="$CPPFLAGS" +saved_LDFLAGS="$LDFLAGS" AC_ARG_WITH(ssl-dir, [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], [ if test "x$withval" != "xno" ; then - tryssldir=$withval - fi - ] -) - -saved_LIBS="$LIBS" -saved_LDFLAGS="$LDFLAGS" -saved_CPPFLAGS="$CPPFLAGS" -if test "x$prefix" != "xNONE" ; then - tryssldir="$tryssldir $prefix" -fi -AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [ - for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do - CPPFLAGS="$saved_CPPFLAGS" - LDFLAGS="$saved_LDFLAGS" - LIBS="$saved_LIBS -lcrypto" - - # Skip directories if they don't exist - if test ! -z "$ssldir" -a ! -d "$ssldir" ; then - continue; - fi - if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then - # Try to use $ssldir/lib if it exists, otherwise - # $ssldir - if test -d "$ssldir/lib" ; then - LDFLAGS="-L$ssldir/lib $saved_LDFLAGS" - if test ! -z "$need_dash_r" ; then - LDFLAGS="-R$ssldir/lib $LDFLAGS" + if test -d "$withval/lib"; then + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib ${LDFLAGS}" fi else - LDFLAGS="-L$ssldir $saved_LDFLAGS" - if test ! -z "$need_dash_r" ; then - LDFLAGS="-R$ssldir $LDFLAGS" + if test -n "${need_dash_r}"; then + LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" + else + LDFLAGS="-L${withval} ${LDFLAGS}" fi fi - # Try to use $ssldir/include if it exists, otherwise - # $ssldir - if test -d "$ssldir/include" ; then - CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS" + if test -d "$withval/include"; then + CPPFLAGS="-I${withval}/include ${CPPFLAGS}" else - CPPFLAGS="-I$ssldir $saved_CPPFLAGS" + CPPFLAGS="-I${withval} ${CPPFLAGS}" fi fi - - # Basic test to check for compatible version and correct linking - # *does not* test for RSA - that comes later. - AC_TRY_RUN( - [ -#include -#include -int main(void) -{ - char a[2048]; - memset(a, 0, sizeof(a)); - RAND_add(a, sizeof(a), sizeof(a)); - return(RAND_status() <= 0); -} - ], + ] +) +LIBS="$LIBS -lcrypto" +AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), + [ + dnl Check default openssl install dir + if test -n "${need_dash_r}"; then + LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" + else + LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" + fi + CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" + AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), [ - found_crypto=1 - break; - ], [] + AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) + ] ) + ] +) - if test ! -z "$found_crypto" ; then - break; - fi - done +# Determine OpenSSL header version +AC_MSG_CHECKING([OpenSSL header version]) +AC_TRY_RUN( + [ +#include +#include +#include +#define DATA "conftest.sslincver" +int main(void) { + FILE *fd; + int rc; - if test -z "$found_crypto" ; then - AC_MSG_ERROR([Could not find working OpenSSL library, please install or check config.log]) - fi - if test -z "$ssldir" ; then - ssldir="(system)" - fi + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); - ac_cv_openssldir=$ssldir -]) + if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) + exit(1); -if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ; then - AC_DEFINE(HAVE_OPENSSL) - dnl Need to recover ssldir - test above runs in subshell - ssldir=$ac_cv_openssldir - if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then - # Try to use $ssldir/lib if it exists, otherwise - # $ssldir - if test -d "$ssldir/lib" ; then - LDFLAGS="-L$ssldir/lib $saved_LDFLAGS" - if test ! -z "$need_dash_r" ; then - LDFLAGS="-R$ssldir/lib $LDFLAGS" - fi - else - LDFLAGS="-L$ssldir $saved_LDFLAGS" - if test ! -z "$need_dash_r" ; then - LDFLAGS="-R$ssldir $LDFLAGS" - fi - fi - # Try to use $ssldir/include if it exists, otherwise - # $ssldir - if test -d "$ssldir/include" ; then - CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS" - else - CPPFLAGS="-I$ssldir $saved_CPPFLAGS" - fi - fi -fi -LIBS="$saved_LIBS -lcrypto" + exit(0); +} + ], + [ + ssl_header_ver=`cat conftest.sslincver` + AC_MSG_RESULT($ssl_header_ver) + ], + [ + AC_MSG_RESULT(not found) + AC_MSG_ERROR(OpenSSL version header not found.) + ] +) -# Now test RSA support -saved_LIBS="$LIBS" -AC_MSG_CHECKING([for RSA support]) -for WANTS_RSAREF in "" 1 ; do - if test -z "$WANTS_RSAREF" ; then - LIBS="$saved_LIBS" - else - LIBS="$saved_LIBS -lRSAglue -lrsaref" - fi - AC_TRY_RUN([ +# Determine OpenSSL library version +AC_MSG_CHECKING([OpenSSL library version]) +AC_TRY_RUN( + [ +#include #include -#include -#include -#include -#include -int main(void) -{ - int num; RSA *key; static unsigned char p_in[] = "blahblah"; - unsigned char c[256], p[256]; - memset(c, 0, sizeof(c)); RAND_add(c, sizeof(c), sizeof(c)); - if ((key=RSA_generate_key(512, 3, NULL, NULL))==NULL) return(1); - num = RSA_public_encrypt(sizeof(p_in) - 1, p_in, c, key, RSA_PKCS1_PADDING); - return(-1 == RSA_private_decrypt(num, c, p, key, RSA_PKCS1_PADDING)); +#include +#include +#define DATA "conftest.ssllibver" +int main(void) { + FILE *fd; + int rc; + + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); + + if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) + exit(1); + + exit(0); } ], [ - rsa_works=1 - break; - ], []) -done -LIBS="$saved_LIBS" - -if test ! -z "$no_rsa" ; then - AC_MSG_RESULT(disabled) - RSA_MSG="disabled" -else - if test -z "$rsa_works" ; then - AC_MSG_WARN([*** No RSA support found *** ]) - RSA_MSG="no" - else - if test -z "$WANTS_RSAREF" ; then - AC_MSG_RESULT(yes) - RSA_MSG="yes" - else - RSA_MSG="yes (using RSAref)" - AC_MSG_RESULT(using RSAref) - LIBS="$LIBS -lcrypto -lRSAglue -lrsaref" - fi - fi -fi + ssl_library_ver=`cat conftest.ssllibver` + AC_MSG_RESULT($ssl_library_ver) + ], + [ + AC_MSG_RESULT(not found) + AC_MSG_ERROR(OpenSSL library not found.) + ] +) # Sanity check OpenSSL headers AC_MSG_CHECKING([whether OpenSSL's headers match the library]) @@ -838,20 +977,22 @@ AC_TRY_RUN( [ #include #include -int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } +int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } ], [ AC_MSG_RESULT(yes) ], [ AC_MSG_RESULT(no) - AC_MSG_ERROR(Your OpenSSL headers do not match your library) + AC_MSG_ERROR([Your OpenSSL headers do not match your library. +Check config.log for details. +Also see contrib/findssl.sh for help identifying header/library mismatches.]) ] ) # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the # version in OpenSSL. Skip this for PAM -if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then +if test "x$check_for_libcrypt_later" = "x1"; then AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") fi @@ -864,7 +1005,7 @@ AC_TRY_RUN( [ #include #include -int main(void) { return(RAND_status() == 1 ? 0 : 1); } +int main(void) { exit(RAND_status() == 1 ? 0 : 1); } ], [ OPENSSL_SEEDS_ITSELF=yes @@ -995,16 +1136,17 @@ AC_ARG_WITH(entropy-timeout, ) AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout) -ssh_privsep_user=sshd +SSH_PRIVSEP_USER=sshd AC_ARG_WITH(privsep-user, - [ --with-privsep-user Specify non-privileged user for privilege separation], + [ --with-privsep-user=user Specify non-privileged user for privilege separation], [ if test -n "$withval"; then - ssh_privsep_user=$withval + SSH_PRIVSEP_USER=$withval fi ] ) -AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$ssh_privsep_user") +AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER") +AC_SUBST(SSH_PRIVSEP_USER) # We do this little dance with the search path to insure # that programs that we select for use by installed programs @@ -1068,6 +1210,11 @@ AC_CHECK_SIZEOF(int, 4) AC_CHECK_SIZEOF(long int, 4) AC_CHECK_SIZEOF(long long int, 8) +# Sanity check long long for some platforms (AIX) +if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then + ac_cv_sizeof_long_long_int=0 +fi + # More checks for data types AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ AC_TRY_COMPILE( @@ -1112,7 +1259,16 @@ fi AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ AC_TRY_COMPILE( - [ #include ], + [ +#include +#ifdef HAVE_STDINT_H +# include +#endif +#include +#ifdef HAVE_SYS_BITYPES_H +# include +#endif + ], [ int64_t a; a = 1;], [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" ] @@ -1120,33 +1276,6 @@ AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ ]) if test "x$ac_cv_have_int64_t" = "xyes" ; then AC_DEFINE(HAVE_INT64_T) - have_int64_t=1 -fi - -if test -z "$have_int64_t" ; then - AC_MSG_CHECKING([for int64_t type in sys/socket.h]) - AC_TRY_COMPILE( - [ #include ], - [ int64_t a; a = 1], - [ - AC_DEFINE(HAVE_INT64_T) - AC_MSG_RESULT(yes) - ], - [ AC_MSG_RESULT(no) ] - ) -fi - -if test -z "$have_int64_t" ; then - AC_MSG_CHECKING([for int64_t type in sys/bitypes.h]) - AC_TRY_COMPILE( - [ #include ], - [ int64_t a; a = 1], - [ - AC_DEFINE(HAVE_INT64_T) - AC_MSG_RESULT(yes) - ], - [ AC_MSG_RESULT(no) ] - ) fi AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ @@ -1441,12 +1570,16 @@ if test "x$ac_cv_have_struct_timeval" = "xyes" ; then have_struct_timeval=1 fi -# If we don't have int64_t then we can't compile sftp-server. So don't -# even attempt to do it. +AC_CHECK_TYPES(struct timespec) + +# We need int64_t or else certian parts of the compile will fail. if test "x$ac_cv_have_int64_t" = "xno" -a \ "x$ac_cv_sizeof_long_int" != "x8" -a \ "x$ac_cv_sizeof_long_long_int" = "x0" ; then - NO_SFTP='#' + echo "OpenSSH requires int64_t support. Contact your vendor or install" + echo "an alternative compiler (I.E., GCC) before continuing." + echo "" + exit 1; else dnl test snprintf (broken on SCO w/gcc) AC_TRY_RUN( @@ -1476,7 +1609,6 @@ main() { exit(0); } ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ] ) fi -AC_SUBST(NO_SFTP) dnl Checks for structure members OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP) @@ -1576,15 +1708,23 @@ if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD) fi +dnl make sure we're using the real structure members and not defines AC_CACHE_CHECK([for msg_accrights field in struct msghdr], ac_cv_have_accrights_in_msghdr, [ - AC_TRY_COMPILE( + AC_TRY_RUN( [ #include #include #include +int main() { +#ifdef msg_accrights +exit(1); +#endif +struct msghdr m; +m.msg_accrights = 0; +exit(0); +} ], - [ struct msghdr m; m.msg_accrights = 0; ], [ ac_cv_have_accrights_in_msghdr="yes" ], [ ac_cv_have_accrights_in_msghdr="no" ] ) @@ -1595,13 +1735,20 @@ fi AC_CACHE_CHECK([for msg_control field in struct msghdr], ac_cv_have_control_in_msghdr, [ - AC_TRY_COMPILE( + AC_TRY_RUN( [ #include #include #include +int main() { +#ifdef msg_control +exit(1); +#endif +struct msghdr m; +m.msg_control = 0; +exit(0); +} ], - [ struct msghdr m; m.msg_control = 0; ], [ ac_cv_have_control_in_msghdr="yes" ], [ ac_cv_have_control_in_msghdr="no" ] ) @@ -1686,7 +1833,6 @@ if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then fi SCARD_MSG="no" - # Check whether user wants sectok support AC_ARG_WITH(sectok, [ --with-sectok Enable smartcard support using libsectok], @@ -1719,30 +1865,38 @@ AC_ARG_WITH(sectok, # Check whether user wants OpenSC support AC_ARG_WITH(opensc, - [ --with-opensc Enable smartcard support using OpenSC], + AC_HELP_STRING([--with-opensc=PFX], + [Enable smartcard support using OpenSC]), + opensc_config_prefix="$withval", opensc_config_prefix="") +if test x$opensc_config_prefix != x ; then + OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config + AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no) + if test "$OPENSC_CONFIG" != "no"; then + LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags` + LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs` + CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" + LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS" + AC_DEFINE(SMARTCARD) + AC_DEFINE(USE_OPENSC) + SCARD_MSG="yes, using OpenSC" + fi +fi + +# Check whether user wants DNS support +DNS_MSG="no" +AC_ARG_WITH(dns, + [ --with-dns Support for fetching keys from DNS (experimental)], [ if test "x$withval" != "xno" ; then - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}" - LDFLAGS="$LDFLAGS -L${withval}" - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R${withval}" - fi - if test ! -z "$blibpath" ; then - blibpath="$blibpath:${withval}" - fi - fi - AC_CHECK_HEADERS(opensc/pkcs15.h) - if test "$ac_cv_header_opensc_pkcs15_h" != yes; then - AC_MSG_ERROR(Can't find opensc/pkcs15.h) - fi - AC_CHECK_LIB(opensc, sc_pkcs15_bind) - if test "$ac_cv_lib_opensc_sc_pkcs15_bind" != yes; then - AC_MSG_ERROR(Can't find libopensc) - fi - AC_DEFINE(SMARTCARD) - AC_DEFINE(USE_OPENSC) - SCARD_MSG="yes, using OpenSC" + DNS_MSG="yes" + AC_DEFINE(DNS) + AC_SEARCH_LIBS(getrrsetbyname, resolv, + [AC_DEFINE(HAVE_GETRRSETBYNAME)], + [ + # Needed by our getrrsetbyname() + AC_SEARCH_LIBS(res_query, resolv) + AC_SEARCH_LIBS(dn_expand, resolv) + ]) fi ] ) @@ -1779,106 +1933,26 @@ AC_ARG_WITH(kerberos5, if test ! -z "$blibpath" ; then blibpath="$blibpath:${KRB5ROOT}/lib" fi - AC_CHECK_LIB(resolv, dn_expand, , ) + AC_SEARCH_LIBS(dn_expand, resolv) KRB5=yes fi ] ) -# Check whether user wants Kerberos 4 support -KRB4_MSG="no" -AC_ARG_WITH(kerberos4, - [ --with-kerberos4=PATH Enable Kerberos 4 support], - [ - if test "x$withval" != "xno" ; then - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - LDFLAGS="$LDFLAGS -L${withval}/lib" - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R${withval}/lib" - fi - if test ! -z "$blibpath" ; then - blibpath="$blibpath:${withval}/lib" - fi - else - if test -d /usr/include/kerberosIV ; then - CPPFLAGS="$CPPFLAGS -I/usr/include/kerberosIV" - fi - fi - - AC_CHECK_HEADERS(krb.h) - if test "$ac_cv_header_krb_h" != yes; then - AC_MSG_WARN([Cannot find krb.h, build may fail]) - fi - AC_CHECK_LIB(krb, main) - if test "$ac_cv_lib_krb_main" != yes; then - AC_CHECK_LIB(krb4, main) - if test "$ac_cv_lib_krb4_main" != yes; then - AC_MSG_WARN([Cannot find libkrb nor libkrb4, build may fail]) - else - KLIBS="-lkrb4" - fi - else - KLIBS="-lkrb" - fi - AC_CHECK_LIB(des, des_cbc_encrypt) - if test "$ac_cv_lib_des_des_cbc_encrypt" != yes; then - AC_CHECK_LIB(des425, des_cbc_encrypt) - if test "$ac_cv_lib_des425_des_cbc_encrypt" != yes; then - AC_MSG_WARN([Cannot find libdes nor libdes425, build may fail]) - else - KLIBS="-ldes425" - fi - else - KLIBS="-ldes" - fi - AC_CHECK_LIB(resolv, dn_expand, , ) - KRB4=yes - KRB4_MSG="yes" - AC_DEFINE(KRB4) - fi - ] -) - -# Check whether user wants AFS support -AFS_MSG="no" -AC_ARG_WITH(afs, - [ --with-afs=PATH Enable AFS support], - [ - if test "x$withval" != "xno" ; then - - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - LDFLAGS="$LDFLAGS -L${withval}/lib" - fi - - if test -z "$KRB4" ; then - AC_MSG_WARN([AFS requires Kerberos IV support, build may fail]) - fi - - LIBS="-lkafs $LIBS" - if test ! -z "$AFS_LIBS" ; then - LIBS="$LIBS $AFS_LIBS" - fi - AC_DEFINE(AFS) - AFS_MSG="yes" - fi - ] -) -LIBS="$LIBS $KLIBS $K5LIBS" +LIBS="$LIBS $K5LIBS" # Looking for programs, paths and files -AC_ARG_WITH(rsh, - [ --with-rsh=PATH Specify path to remote shell program ], + +PRIVSEP_PATH=/var/empty +AC_ARG_WITH(privsep-path, + [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], [ if test "x$withval" != "$no" ; then - rsh_path=$withval + PRIVSEP_PATH=$withval fi - ], - [ - AC_PATH_PROG(rsh_path, rsh) ] ) +AC_SUBST(PRIVSEP_PATH) AC_ARG_WITH(xauth, [ --with-xauth=PATH Specify path to xauth program ], @@ -1888,13 +1962,29 @@ AC_ARG_WITH(xauth, fi ], [ - AC_PATH_PROG(xauth_path, xauth,,$PATH:/usr/X/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin) + TestPath="$PATH" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" + TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" + AC_PATH_PROG(xauth_path, xauth, , $TestPath) if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then xauth_path="/usr/openwin/bin/xauth" fi ] ) +STRIP_OPT=-s +AC_ARG_ENABLE(strip, + [ --disable-strip Disable calling strip(1) on install], + [ + if test "x$enableval" = "xno" ; then + STRIP_OPT= + fi + ] +) +AC_SUBST(STRIP_OPT) + if test -z "$xauth_path" ; then XAUTH_PATH="undefined" AC_SUBST(XAUTH_PATH) @@ -1903,9 +1993,6 @@ else XAUTH_PATH=$xauth_path AC_SUBST(XAUTH_PATH) fi -if test ! -z "$rsh_path" ; then - AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path") -fi # Check for mail directory (last resort if we cannot get it from headers) if test ! -z "$MAIL" ; then @@ -1914,12 +2001,14 @@ if test ! -z "$MAIL" ; then fi if test -z "$no_dev_ptmx" ; then - AC_CHECK_FILE("/dev/ptmx", - [ - AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX) - have_dev_ptmx=1 - ] - ) + if test "x$disable_ptmx_check" != "xyes" ; then + AC_CHECK_FILE("/dev/ptmx", + [ + AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX) + have_dev_ptmx=1 + ] + ) + fi fi AC_CHECK_FILE("/dev/ptc", [ @@ -1943,7 +2032,8 @@ AC_ARG_WITH(mantype, ] ) if test -z "$MANTYPE"; then - AC_PATH_PROGS(NROFF, nroff awf, /bin/false, /usr/bin:/usr/ucb) + TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" + AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath) if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then MANTYPE=doc elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then @@ -2019,17 +2109,28 @@ else ) fi +dnl BSD systems use /etc/login.conf so --with-default-path= has no effect +if test $ac_cv_func_login_getcapbool = "yes" -a \ + $ac_cv_header_login_cap_h = "yes" ; then + USES_LOGIN_CONF=yes +fi # Whether to mess with the default path SERVER_PATH_MSG="(default)" AC_ARG_WITH(default-path, - [ --with-default-path=PATH Specify default \$PATH environment for server], + [ --with-default-path= Specify default \$PATH environment for server], [ - if test "x$withval" != "xno" ; then + if test "$USES_LOGIN_CONF" = "yes" ; then + AC_MSG_WARN([ +--with-default-path=PATH has no effect on this system. +Edit /etc/login.conf instead.]) + elif test "x$withval" != "xno" ; then user_path="$withval" SERVER_PATH_MSG="$withval" fi ], - [ + [ if test "$USES_LOGIN_CONF" = "yes" ; then + AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) + else AC_TRY_RUN( [ /* find out what STDPATH is */ @@ -2038,7 +2139,11 @@ AC_ARG_WITH(default-path, # include #endif #ifndef _PATH_STDPATH -# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" +# ifdef _PATH_USERPATH /* Irix */ +# define _PATH_STDPATH _PATH_USERPATH +# else +# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" +# endif #endif #include #include @@ -2079,23 +2184,25 @@ main() AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work) fi fi - ] + fi ] ) -AC_DEFINE_UNQUOTED(USER_PATH, "$user_path") -AC_SUBST(user_path) +if test "$USES_LOGIN_CONF" != "yes" ; then + AC_DEFINE_UNQUOTED(USER_PATH, "$user_path") + AC_SUBST(user_path) +fi -# Whether to force IPv4 by default (needed on broken glibc Linux) -IPV4_HACK_MSG="no" -AC_ARG_WITH(ipv4-default, - [ --with-ipv4-default Use IPv4 by connections unless '-6' specified], +# Set superuser path separately to user path +AC_ARG_WITH(superuser-path, + [ --with-superuser-path= Specify different path for super-user], [ - if test "x$withval" != "xno" ; then - AC_DEFINE(IPV4_DEFAULT) - IPV4_HACK_MSG="yes" + if test "x$withval" != "xno" ; then + AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval") + superuser_path=$withval fi ] ) + AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) IPV4_IN6_HACK_MSG="no" AC_ARG_WITH(4in6, @@ -2131,25 +2238,6 @@ AC_ARG_WITH(bsd-auth, ] ) -AC_MSG_CHECKING(whether to install ssh as suid root) -AC_ARG_ENABLE(suid-ssh, -[ --enable-suid-ssh Install ssh as suid root (default) - --disable-suid-ssh Install ssh without suid bit], -[ case "$enableval" in - no) - AC_MSG_RESULT(no) - SSHMODE=0711 - ;; - *) AC_MSG_RESULT(yes) - SSHMODE=4711 - ;; - esac ], - AC_MSG_RESULT(yes) - SSHMODE=4711 -) -AC_SUBST(SSHMODE) - - # Where to place sshd.pid piddir=/var/run # make sure the directory exists @@ -2178,35 +2266,67 @@ AC_SUBST(piddir) dnl allow user to disable some login recording features AC_ARG_ENABLE(lastlog, [ --disable-lastlog disable use of lastlog even if detected [no]], - [ AC_DEFINE(DISABLE_LASTLOG) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_LASTLOG) + fi + ] ) AC_ARG_ENABLE(utmp, [ --disable-utmp disable use of utmp even if detected [no]], - [ AC_DEFINE(DISABLE_UTMP) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_UTMP) + fi + ] ) AC_ARG_ENABLE(utmpx, [ --disable-utmpx disable use of utmpx even if detected [no]], - [ AC_DEFINE(DISABLE_UTMPX) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_UTMPX) + fi + ] ) AC_ARG_ENABLE(wtmp, [ --disable-wtmp disable use of wtmp even if detected [no]], - [ AC_DEFINE(DISABLE_WTMP) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_WTMP) + fi + ] ) AC_ARG_ENABLE(wtmpx, [ --disable-wtmpx disable use of wtmpx even if detected [no]], - [ AC_DEFINE(DISABLE_WTMPX) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_WTMPX) + fi + ] ) AC_ARG_ENABLE(libutil, [ --disable-libutil disable use of libutil (login() etc.) [no]], - [ AC_DEFINE(DISABLE_LOGIN) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_LOGIN) + fi + ] ) AC_ARG_ENABLE(pututline, [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], - [ AC_DEFINE(DISABLE_PUTUTLINE) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_PUTUTLINE) + fi + ] ) AC_ARG_ENABLE(pututxline, [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], - [ AC_DEFINE(DISABLE_PUTUTXLINE) ] + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE(DISABLE_PUTUTXLINE) + fi + ] ) AC_ARG_WITH(lastlog, [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], @@ -2397,8 +2517,8 @@ fi if test ! -z "$blibpath" ; then - LDFLAGS="$LDFLAGS -blibpath:$blibpath" - AC_MSG_WARN([Please check and edit -blibpath in LDFLAGS in Makefile]) + LDFLAGS="$LDFLAGS $blibflags$blibpath" + AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) fi dnl remove pam and dl because they are in $LIBPAM @@ -2423,33 +2543,41 @@ D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` G=`eval echo ${piddir}` ; G=`eval echo ${G}` -H=`eval echo ${user_path}` ; H=`eval echo ${H}` +H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` +I=`eval echo ${user_path}` ; I=`eval echo ${I}` +J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` echo "" echo "OpenSSH has been configured with the following options:" -echo " User binaries: $B" -echo " System binaries: $C" -echo " Configuration files: $D" -echo " Askpass program: $E" -echo " Manual pages: $F" -echo " PID file: $G" -echo " sshd default user PATH: $H" -echo " Manpage format: $MANTYPE" -echo " PAM support: ${PAM_MSG}" -echo " KerberosIV support: $KRB4_MSG" -echo " KerberosV support: $KRB5_MSG" -echo " Smartcard support: $SCARD_MSG" -echo " AFS support: $AFS_MSG" -echo " S/KEY support: $SKEY_MSG" -echo " TCP Wrappers support: $TCPW_MSG" -echo " MD5 password support: $MD5_MSG" -echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" -echo " Use IPv4 by default hack: $IPV4_HACK_MSG" -echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" -echo " BSD Auth support: $BSD_AUTH_MSG" -echo " Random number source: $RAND_MSG" +echo " User binaries: $B" +echo " System binaries: $C" +echo " Configuration files: $D" +echo " Askpass program: $E" +echo " Manual pages: $F" +echo " PID file: $G" +echo " Privilege separation chroot path: $H" +if test "$USES_LOGIN_CONF" = "yes" ; then +echo " At runtime, sshd will use the path defined in /etc/login.conf" +else +echo " sshd default user PATH: $I" +fi +if test ! -z "$superuser_path" ; then +echo " sshd superuser user PATH: $J" +fi +echo " Manpage format: $MANTYPE" +echo " DNS support: $DNS_MSG" +echo " PAM support: $PAM_MSG" +echo " KerberosV support: $KRB5_MSG" +echo " Smartcard support: $SCARD_MSG" +echo " S/KEY support: $SKEY_MSG" +echo " TCP Wrappers support: $TCPW_MSG" +echo " MD5 password support: $MD5_MSG" +echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" +echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" +echo " BSD Auth support: $BSD_AUTH_MSG" +echo " Random number source: $RAND_MSG" if test ! -z "$USE_RAND_HELPER" ; then - echo " ssh-rand-helper collects from: $RAND_HELPER_MSG" +echo " ssh-rand-helper collects from: $RAND_HELPER_MSG" fi echo "" @@ -2471,12 +2599,6 @@ if test "x$PAM_MSG" = "xyes" ; then echo "" fi -if test ! -z "$NO_SFTP"; then - echo "sftp-server will be disabled. Your compiler does not " - echo "support 64bit integers." - echo "" -fi - if test ! -z "$RAND_HELPER_CMDHASH" ; then echo "WARNING: you are using the builtin random number collection " echo "service. Please read WARNING.RNG and request that your OS "