X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/2f31bdd68787907a72badbedfb1cb41c0b9e502f..2e4fb373fccee2e5a296d484189169914f6e07d8:/configure.in diff --git a/configure.in b/configure.in index c859b66d..e84ae69f 100644 --- a/configure.in +++ b/configure.in @@ -1,19 +1,29 @@ +# $Id$ + AC_INIT(ssh.c) AC_CONFIG_HEADER(config.h) AC_PROG_CC AC_CANONICAL_HOST +AC_C_BIGENDIAN # Checks for programs. AC_PROG_CPP AC_PROG_RANLIB AC_PROG_INSTALL -AC_CHECK_PROG(AR, ar, ar) +AC_PATH_PROG(AR, ar) AC_PATH_PROG(PERL, perl) AC_SUBST(PERL) AC_PATH_PROG(ENT, ent) AC_SUBST(ENT) AC_PATH_PROGS(FILEPRIV, filepriv, true, /sbin:/usr/sbin) +AC_PATH_PROG(TEST_MINUS_S_SH, bash) +AC_PATH_PROG(TEST_MINUS_S_SH, ksh) +AC_PATH_PROG(TEST_MINUS_S_SH, sh) + +if test -z "$AR" ; then + AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) +fi # Use LOGIN_PROGRAM from environment if possible if test ! -z "$LOGIN_PROGRAM" ; then @@ -37,13 +47,11 @@ if test "$GCC" = "yes"; then CFLAGS="$CFLAGS -Wall" fi -CFLAGS="$CFLAGS -I. -I${srcdir-.}" - # Check for some target-specific stuff case "$host" in *-*-aix*) AFS_LIBS="-lld" - CFLAGS="$CFLAGS -I/usr/local/include" + CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" if (test "$LD" != "gcc" && test -z "$blibpath"); then blibpath="/usr/lib:/lib:/usr/local/lib" @@ -60,40 +68,45 @@ case "$host" in *-*-cygwin*) LIBS="$LIBS -lregex /usr/lib/textmode.o" AC_DEFINE(HAVE_CYGWIN) - AC_DEFINE(DISABLE_PAM) AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(IPV4_DEFAULT) AC_DEFINE(IP_TOS_IS_BROKEN) AC_DEFINE(BROKEN_VHANGUP) - no_pam=1 + AC_DEFINE(NO_X11_UNIX_SOCKETS) no_libsocket=1 no_libnsl=1 ;; +*-*-dgux*) + AC_DEFINE(IP_TOS_IS_BROKEN) + ;; *-*-hpux10*) if test -z "$GCC"; then CFLAGS="$CFLAGS -Ae" fi - CFLAGS="$CFLAGS -D_HPUX_SOURCE" + CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE" IPADDR_IN_DISPLAY=yes AC_DEFINE(USE_PIPES) AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) + AC_DEFINE(SPT_TYPE,SPT_PSTAT) LIBS="$LIBS -lsec" MANTYPE='$(CATMAN)' mansubdir=cat ;; *-*-hpux11*) - CFLAGS="$CFLAGS -D_HPUX_SOURCE" + CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE" IPADDR_IN_DISPLAY=yes + AC_DEFINE(PAM_SUN_CODEBASE) AC_DEFINE(USE_PIPES) AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) + AC_DEFINE(SPT_TYPE,SPT_PSTAT) LIBS="$LIBS -lsec" MANTYPE='$(CATMAN)' mansubdir=cat ;; *-*-irix5*) - CFLAGS="$CFLAGS -I/usr/local/include" + CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS" PATH="$PATH:/usr/etc" MANTYPE='$(CATMAN)' @@ -102,26 +115,39 @@ case "$host" in AC_DEFINE(BROKEN_INET_NTOA) ;; *-*-irix6*) - CFLAGS="$CFLAGS -I/usr/local/include" + CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS" PATH="$PATH:/usr/etc" MANTYPE='$(CATMAN)' AC_DEFINE(WITH_IRIX_ARRAY) AC_DEFINE(WITH_IRIX_PROJECT) AC_DEFINE(WITH_IRIX_AUDIT) + AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)]) no_libsocket=1 no_libnsl=1 AC_DEFINE(BROKEN_INET_NTOA) + mansubdir=man ;; *-*-linux*) no_dev_ptmx=1 + check_for_libcrypt_later=1 AC_DEFINE(DONT_TRY_OTHER_AF) AC_DEFINE(PAM_TTY_KLUDGE) inet6_default_4in6=yes ;; +mips-sony-bsd|mips-sony-newsos4) + AC_DEFINE(HAVE_NEWS4) + SONY=1 + AC_CHECK_LIB(iberty, xatexit, AC_DEFINE(HAVE_XATEXIT), + AC_MSG_ERROR([*** libiberty missing - please install first or check config.log ***]) + ) + ;; *-*-netbsd*) need_dash_r=1 ;; +*-*-freebsd*) + check_for_libcrypt_later=1 + ;; *-next-*) conf_lastlog_location="/usr/adm/lastlog" conf_utmp_location=/etc/utmp @@ -129,12 +155,16 @@ case "$host" in MAIL=/usr/spool/mail AC_DEFINE(HAVE_NEXT) AC_DEFINE(BROKEN_REALPATH) - CFLAGS="$CFLAGS -I/usr/local/include" + AC_DEFINE(USE_PIPES) + AC_DEFINE(BROKEN_SAVED_UIDS) + CPPFLAGS="$CPPFLAGS -I/usr/local/include" + CFLAGS="$CFLAGS" ;; *-*-solaris*) - CFLAGS="$CFLAGS -I/usr/local/include" - LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib -L/usr/ucblib -R/usr/ucblib" + CPPFLAGS="$CPPFLAGS -I/usr/local/include" + LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" need_dash_r=1 + AC_DEFINE(PAM_SUN_CODEBASE) # hardwire lastlog location (can't detect it on some versions) conf_lastlog_location="/var/adm/lastlog" AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x) @@ -148,8 +178,10 @@ case "$host" in fi ;; *-*-sunos4*) - CFLAGS="$CFLAGS -DSUNOS4" + CPPFLAGS="$CPPFLAGS -DSUNOS4" AC_CHECK_FUNCS(getpwanam) + AC_DEFINE(PAM_SUN_CODEBASE) + AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H) conf_utmp_location=/etc/utmp conf_wtmp_location=/var/adm/wtmp conf_lastlog_location=/var/adm/lastlog @@ -157,62 +189,79 @@ case "$host" in MANTYPE='$(CATMAN)' mansubdir=cat ;; +*-ncr-sysv*) + CPPFLAGS="$CPPFLAGS -I/usr/local/include" + LDFLAGS="$LDFLAGS -L/usr/local/lib" + MANTYPE='$(CATMAN)' + mansubdir=cat + LIBS="$LIBS -lc89 -lnsl -lgen -lsocket" + ;; *-sni-sysv*) - CFLAGS="$CFLAGS -I/usr/local/include" + CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib -L/usr/ucblib" MANTYPE='$(CATMAN)' + IPADDR_IN_DISPLAY=yes + AC_DEFINE(USE_PIPES) AC_DEFINE(IP_TOS_IS_BROKEN) + AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H) mansubdir=cat LIBS="$LIBS -lgen -lnsl -lucb" ;; *-*-sysv4.2*) - CFLAGS="$CFLAGS -I/usr/local/include" + CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" MANTYPE='$(CATMAN)' mansubdir=cat - LIBS="$LIBS -lgen -lsocket -lnsl -lresolv" enable_suid_ssh=no + AC_DEFINE(USE_PIPES) ;; *-*-sysv5*) - CFLAGS="$CFLAGS -I/usr/local/include" + CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" MANTYPE='$(CATMAN)' mansubdir=cat - LIBS="$LIBS -lgen -lsocket" enable_suid_ssh=no + AC_DEFINE(USE_PIPES) ;; *-*-sysv*) - CFLAGS="$CFLAGS -I/usr/local/include" + CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" MANTYPE='$(CATMAN)' mansubdir=cat LIBS="$LIBS -lgen -lsocket" ;; *-*-sco3.2v4*) - AC_DEFINE(USE_PIPES) - CFLAGS="$CFLAGS -Dftruncate=chsize -I/usr/local/include" + CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" MANTYPE='$(CATMAN)' + LIBS="$LIBS -lgen -lsocket -los -lprot -lx -ltinfo -lm" mansubdir=cat - LIBS="$LIBS -lgen -lsocket -los -lprot -lx" - no_dev_ptmx=1 + rsh_path="/usr/bin/rcmd" RANLIB=true + no_dev_ptmx=1 AC_DEFINE(BROKEN_SYS_TERMIO_H) - rsh_path="/usr/bin/rcmd" + AC_DEFINE(USE_PIPES) AC_DEFINE(HAVE_SCO_PROTECTED_PW) + AC_DEFINE(DISABLE_SHADOW) + AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H) + AC_DEFINE(BROKEN_SAVED_UIDS) + AC_CHECK_FUNCS(getluid setluid) ;; *-*-sco3.2v5*) - CFLAGS="$CFLAGS -I/usr/local/include" + CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" + LIBS="$LIBS -lprot -lx -ltinfo -lm" MANTYPE='$(CATMAN)' mansubdir=cat - LIBS="$LIBS -lgen -lsocket -lprot -lx" no_dev_ptmx=1 rsh_path="/usr/bin/rcmd" + AC_DEFINE(USE_PIPES) AC_DEFINE(HAVE_SCO_PROTECTED_PW) + AC_DEFINE(DISABLE_SHADOW) + AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H) + AC_CHECK_FUNCS(getluid setluid) ;; *-dec-osf*) -# This is untested if test ! -z "USE_SIA" ; then AC_MSG_CHECKING(for Digital Unix Security Integration Architecture) if test -f /etc/sia/matrix.conf; then @@ -236,8 +285,16 @@ AC_ARG_WITH(cflags, fi ] ) +AC_ARG_WITH(cppflags, + [ --with-cppflags Specify additional flags to pass to preprocessor] , + [ + if test "x$withval" != "xno"; then + CPPFLAGS="$CPPFLAGS $withval" + fi + ] +) AC_ARG_WITH(ldflags, - [ --with-ldlags Specify additional flags to pass to linker], + [ --with-ldflags Specify additional flags to pass to linker], [ if test "x$withval" != "xno" ; then LDFLAGS="$LDFLAGS $withval" @@ -253,33 +310,198 @@ AC_ARG_WITH(libs, ] ) +AC_ARG_WITH(pcre, + [ --with-pcre Override built in regex library with pcre], + [ -# Checks for libraries. -AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***])) -AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil") -AC_CHECK_LIB(rx, regcomp, AC_DEFINE(HAVE_LIBRX) LIBS="$LIBS -lrx") + AC_CHECK_LIB(pcre, pcre_info, + [ + AC_DEFINE(HAVE_LIBPCRE) + LIBS="$LIBS -lpcreposix -lpcre" + no_comp_check="yes" + ], + [ AC_MSG_ERROR([*** Can not locate pcre libraries.]) ] + ) + ] +) -if test -z "$no_libsocket" ; then +# Checks for libraries. +if test -z "$no_libnsl" ; then AC_CHECK_LIB(nsl, yp_match, , ) fi -if test -z "$no_libnsl" ; then +if test -z "$no_libsocket" ; then AC_CHECK_LIB(socket, main, , ) fi +dnl SCO OS3 needs this for libwrap +AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc) + +AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen") +AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])) +AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil") + +# We don't want to check if we did an pcre override. +if test -z "$no_comp_check" ; then + AC_CHECK_FUNC(regcomp, + [ AC_DEFINE(HAVE_REGCOMP)], + [ + AC_CHECK_LIB(pcre, pcre_info, + [ + AC_DEFINE(HAVE_LIBPCRE) + LIBS="$LIBS -lpcreposix -lpcre" + ], + [ + AC_MSG_ERROR([*** No regex library found.]) + ]) + ] + ) +fi + +dnl UnixWare 2.x +AC_CHECK_FUNC(strcasecmp, + [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ] +) +AC_CHECK_FUNC(utimes, + [], [ AC_CHECK_LIB(c89, utimes, LIBS="$LIBS -lc89") ] +) + +AC_FUNC_STRFTIME + # Checks for header files. -AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h limits.h login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h sys/un.h stddef.h time.h ttyent.h usersec.h util.h utmp.h utmpx.h vis.h) +AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h limits.h login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h regex.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/queue.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h sys/un.h stddef.h time.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h) + +# Check whether user wants Kerberos support +KRB4_MSG="no" +AC_ARG_WITH(kerberos4, + [ --with-kerberos4=PATH Enable Kerberos 4 support], + [ + if test "x$withval" != "xno" ; then + + if test "x$withval" != "xyes" ; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R${withval}/lib" + fi + if test ! -z "$blibpath" ; then + blibpath="$blibpath:${withval}/lib" + fi + else + if test -d /usr/include/kerberosIV ; then + CPPFLAGS="$CPPFLAGS -I/usr/include/kerberosIV" + fi + fi + + AC_CHECK_HEADERS(krb.h) + AC_CHECK_LIB(krb, main) + if test "$ac_cv_header_krb_h" != yes; then + AC_MSG_WARN([Cannot find krb.h, build may fail]) + fi + if test "$ac_cv_lib_krb_main" != yes; then + AC_MSG_WARN([Cannot find libkrb, build may fail]) + fi + + KLIBS="-lkrb -ldes" + AC_CHECK_LIB(resolv, dn_expand, , ) + KRB4=yes + KRB4_MSG="yes" + AC_DEFINE(KRB4) + fi + ] +) + +# Check whether user wants AFS support +AFS_MSG="no" +AC_ARG_WITH(afs, + [ --with-afs=PATH Enable AFS support], + [ + if test "x$withval" != "xno" ; then + + if test "x$withval" != "xyes" ; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + fi + + if test -z "$KRB4" ; then + AC_MSG_WARN([AFS requires Kerberos IV support, build may fail]) + fi + + LIBS="$LIBS -lkafs" + if test ! -z "$AFS_LIBS" ; then + LIBS="$LIBS $AFS_LIBS" + fi + AC_DEFINE(AFS) + AFS_MSG="yes" + fi + ] +) +LIBS="$LIBS $KLIBS" + +# Check whether user wants S/Key support +SKEY_MSG="no" +AC_ARG_WITH(skey, + [ --with-skey=PATH Enable S/Key support], + [ + if test "x$withval" != "xno" ; then + + if test "x$withval" != "xyes" ; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + fi + + AC_DEFINE(SKEY) + LIBS="-lskey $LIBS" + SKEY_MSG="yes" + + AC_CHECK_FUNC(skey_keyinfo, + [], + [ + AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) + ]) + fi + ] +) + +# Check whether user wants TCP wrappers support +TCPW_MSG="no" +AC_ARG_WITH(tcp-wrappers, + [ --with-tcp-wrappers Enable tcpwrappers support], + [ + if test "x$withval" != "xno" ; then + saved_LIBS="$LIBS" + LIBS="-lwrap $LIBS" + AC_MSG_CHECKING(for libwrap) + AC_TRY_LINK( + [ +#include + int deny_severity = 0, allow_severity = 0; + ], + [hosts_access(0);], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(LIBWRAP) + TCPW_MSG="yes" + ], + [ + AC_MSG_ERROR([*** libwrap missing]) + ] + ) + fi + ] +) dnl Checks for library functions. -AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getnameinfo getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setenv seteuid setlogin setproctitle setreuid setrlimit sigaction sigvec snprintf strerror strlcat strlcpy strsep strtok_r vsnprintf vhangup vis _getpty __b64_ntop) +AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_sa clock fchown fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getnameinfo getrlimit getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setdtablesize setenv seteuid setlogin setproctitle setreuid setrlimit setsid sigaction sigvec snprintf strerror strlcat strlcpy strmode strsep strtok_r sysconf tcgetpgrp utimes vsnprintf vhangup vis waitpid _getpty __b64_ntop) dnl Checks for time functions AC_CHECK_FUNCS(gettimeofday time) dnl Checks for libutil functions +AC_CHECK_HEADERS(libutil.h) AC_CHECK_FUNCS(login logout updwtmp logwtmp) dnl Checks for utmp functions -AC_CHECK_FUNCS(entutent getutent getutid getutline pututline setutent) +AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent) AC_CHECK_FUNCS(utmpname) dnl Checks for utmpx functions -AC_CHECK_FUNCS(entutxent getutxent getutxid getutxline pututxline ) +AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) AC_CHECK_FUNCS(setutxent utmpxname) AC_CHECK_FUNC(getuserattr, @@ -321,27 +543,30 @@ fi AC_FUNC_GETPGRP +# Check for PAM libs PAM_MSG="no" AC_ARG_WITH(pam, - [ --without-pam Disable PAM support ], + [ --with-pam Enable PAM support ], [ - if test "x$withval" = "xno" ; then - no_pam=1 - AC_DEFINE(DISABLE_PAM) - PAM_MSG="disabled" - fi - ] -) -if (test -z "$no_pam" && test "x$ac_cv_header_security_pam_appl_h" = "xyes") ; then - AC_CHECK_LIB(dl, dlopen, , ) - LIBS="$LIBS -lpam" + if test "x$withval" != "xno" ; then + if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then + AC_MSG_ERROR([PAM headers not found]) + fi - AC_CHECK_FUNCS(pam_getenvlist) + AC_CHECK_LIB(dl, dlopen, , ) + AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing])) + AC_CHECK_FUNCS(pam_getenvlist) - disable_shadow=yes + disable_shadow=yes + PAM_MSG="yes" - PAM_MSG="yes" + AC_DEFINE(USE_PAM) + fi + ] +) +# Check for older PAM +if test "x$PAM_MSG" = "xyes" ; then # Check PAM strerror arguments (old PAM) AC_MSG_CHECKING([whether pam_strerror takes only one argument]) AC_TRY_COMPILE( @@ -356,14 +581,14 @@ if (test -z "$no_pam" && test "x$ac_cv_header_security_pam_appl_h" = "xyes") ; t AC_MSG_RESULT(yes) PAM_MSG="yes (old library)" ] - ) + ) fi # The big search for OpenSSL AC_ARG_WITH(ssl-dir, [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], [ - if test "x$withval" != "$xno" ; then + if test "x$withval" != "xno" ; then tryssldir=$withval fi ] @@ -371,25 +596,43 @@ AC_ARG_WITH(ssl-dir, saved_LIBS="$LIBS" saved_LDFLAGS="$LDFLAGS" -saved_CFLAGS="$CFLAGS" +saved_CPPFLAGS="$CPPFLAGS" if test "x$prefix" != "xNONE" ; then tryssldir="$tryssldir $prefix" fi AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [ - for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do - if test ! -z "$ssldir" ; then - LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir" - CFLAGS="$saved_CFLAGS -I$ssldir/include" - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R$ssldir/lib -R$ssldir" + CPPFLAGS="$saved_CPPFLAGS" + LDFLAGS="$saved_LDFLAGS" + LIBS="$saved_LIBS -lcrypto" + + # Skip directories if they don't exist + if test ! -z "$ssldir" -a ! -d "$ssldir" ; then + continue; + fi + if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then + # Try to use $ssldir/lib if it exists, otherwise + # $ssldir + if test -d "$ssldir/lib" ; then + LDFLAGS="$saved_LDFLAGS -L$ssldir/lib" + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R$ssldir/lib" + fi + else + LDFLAGS="$saved_LDFLAGS -L$ssldir" + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R$ssldir" + fi + fi + # Try to use $ssldir/include if it exists, otherwise + # $ssldir + if test -d "$ssldir/include" ; then + CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include" + else + CPPFLAGS="$saved_CPPFLAGS -I$ssldir" fi - else - LDFLAGS="$saved_LDFLAGS" fi - LIBS="$saved_LIBS -lcrypto" - # Basic test to check for compatible version and correct linking # *does not* test for RSA - that comes later. AC_TRY_RUN( @@ -416,7 +659,7 @@ int main(void) done if test -z "$found_crypto" ; then - AC_MSG_ERROR([Could not find working SSLeay / OpenSSL libraries, please install]) + AC_MSG_ERROR([Could not find working OpenSSL library, please install or check config.log]) fi if test -z "$ssldir" ; then ssldir="(system)" @@ -429,13 +672,27 @@ if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ; AC_DEFINE(HAVE_OPENSSL) dnl Need to recover ssldir - test above runs in subshell ssldir=$ac_cv_openssldir - CFLAGS="$saved_CFLAGS -I$ssldir/include" - LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir" - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R$ssldir/lib -R$ssldir" - fi - if test ! -z "$blibpath" ; then - blibpath="$blibpath:$ssldir:$ssldir/lib" + if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then + # Try to use $ssldir/lib if it exists, otherwise + # $ssldir + if test -d "$ssldir/lib" ; then + LDFLAGS="$saved_LDFLAGS -L$ssldir/lib" + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R$ssldir/lib" + fi + else + LDFLAGS="$saved_LDFLAGS -L$ssldir" + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R$ssldir" + fi + fi + # Try to use $ssldir/include if it exists, otherwise + # $ssldir + if test -d "$ssldir/include" ; then + CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include" + else + CPPFLAGS="$saved_CPPFLAGS -I$ssldir" + fi fi fi LIBS="$saved_LIBS -lcrypto" @@ -490,6 +747,17 @@ else fi fi +# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the +# version in OpenSSL. Skip this for PAM +if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then + AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") +fi + +# Cheap hack to ensure NEWS-OS libraries are arranged right. +if test ! -z "$SONY" ; then + LIBS="$LIBS -liberty"; +fi + # Checks for data types AC_CHECK_SIZEOF(char, 1) AC_CHECK_SIZEOF(short int, 2) @@ -644,6 +912,20 @@ if test "x$ac_cv_have_ssize_t" = "xyes" ; then AC_DEFINE(HAVE_SSIZE_T) fi +AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ + AC_TRY_COMPILE( + [ +#include + ], + [ clock_t foo; foo = 1235; ], + [ ac_cv_have_clock_t="yes" ], + [ ac_cv_have_clock_t="no" ] + ) +]) +if test "x$ac_cv_have_clock_t" = "xyes" ; then + AC_DEFINE(HAVE_CLOCK_T) +fi + AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ AC_TRY_COMPILE( [ @@ -759,6 +1041,56 @@ if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then AC_DEFINE(HAVE_STRUCT_ADDRINFO) fi +AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ + AC_TRY_COMPILE( + [ #include ], + [ struct timeval tv; tv.tv_sec = 1;], + [ ac_cv_have_struct_timeval="yes" ], + [ ac_cv_have_struct_timeval="no" ] + ) +]) +if test "x$ac_cv_have_struct_timeval" = "xyes" ; then + AC_DEFINE(HAVE_STRUCT_TIMEVAL) + have_struct_timeval=1 +fi + +# If we don't have int64_t then we can't compile sftp-server. So don't +# even attempt to do it. +if test "x$ac_cv_have_int64_t" = "xno" -a \ + "x$ac_cv_sizeof_long_int" != "x8" -a \ + "x$ac_cv_sizeof_long_long_int" = "x0" ; then + NO_SFTP='#' +else +dnl test snprintf (broken on SCO w/gcc) + AC_TRY_RUN( + [ +#include +#include +#ifdef HAVE_SNPRINTF +main() +{ + char buf[50]; + char expected_out[50]; + int mazsize = 50 ; +#if (SIZEOF_LONG_INT == 8) + long int num = 0x7fffffffffffffff; +#else + long long num = 0x7fffffffffffffff; +#endif + strcpy(expected_out, "9223372036854775807"); + snprintf(buf, mazsize, "%lld", num); + if(strcmp(buf, expected_out) != 0) + exit(1); + exit(0); +} +#else +main() { exit(0); } +#endif + ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ] + ) +fi +AC_SUBST(NO_SFTP) + dnl Checks for structure members OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP) OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX) @@ -895,7 +1227,7 @@ AC_ARG_WITH(rsh, AC_ARG_WITH(xauth, [ --with-xauth=PATH Specify path to xauth program ], [ - if test "x$withval" != "$xno" ; then + if test "x$withval" != "xno" ; then xauth_path=$withval fi ], @@ -907,8 +1239,13 @@ AC_ARG_WITH(xauth, ] ) -if test ! -z "$xauth_path" ; then +if test -z "$xauth_path" ; then + XAUTH_PATH="undefined" + AC_SUBST(XAUTH_PATH) +else AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path") + XAUTH_PATH=$xauth_path + AC_SUBST(XAUTH_PATH) fi if test ! -z "$rsh_path" ; then AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path") @@ -939,7 +1276,7 @@ AC_CHECK_FILE("/dev/ptc", # Check for user-specified random device, otherwise check /dev/urandom AC_ARG_WITH(random, - [ --with-random=FILE read randomness from FILE (default=/dev/urandom)], + [ --with-random=FILE read entropy from FILE (default=/dev/urandom)], [ if test "x$withval" != "xno" ; then RANDOM_POOL="$withval"; @@ -958,21 +1295,52 @@ AC_ARG_WITH(random, ] ) -# Check for EGD pool file -AC_ARG_WITH(egd-pool, - [ --with-egd-pool=FILE read randomness from EGD pool FILE (default none)], +# Check for PRNGD/EGD pool file +AC_ARG_WITH(prngd-port, + [ --with-prngd-port=PORT read entropy from PRNGD/EGD localhost:PORT], + [ + if test ! -z "$withval" -a "x$withval" != "xno" ; then + PRNGD_PORT="$withval" + AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT) + fi + ] +) + +# Check for PRNGD/EGD pool file +AC_ARG_WITH(prngd-socket, + [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], [ if test "x$withval" != "xno" ; then - EGD_SOCKET="$withval"; - AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET") + PRNGD_SOCKET="$withval" + AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET") + fi + ], + [ + # Check for existing socket only if we don't have a random device already + if test -z "$RANDOM_POOL" ; then + AC_MSG_CHECKING(for PRNGD/EGD socket) + # Insert other locations here + for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do + if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then + PRNGD_SOCKET="$sock" + AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET") + break; + fi + done + if test ! -z "$PRNGD_SOCKET" ; then + AC_MSG_RESULT($PRNGD_SOCKET) + else + AC_MSG_RESULT(not found) + fi fi ] ) + # detect pathnames for entropy gathering commands, if we need them INSTALL_SSH_PRNG_CMDS="" rm -f prng_commands -if (test -z "$RANDOM_POOL" && test -z "$EGD_SOCKET") ; then +if (test -z "$RANDOM_POOL" && test -z "$PRNGD") ; then # Use these commands to collect entropy OSSH_PATH_ENTROPY_PROG(PROG_LS, ls) OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat) @@ -988,7 +1356,6 @@ if (test -z "$RANDOM_POOL" && test -z "$EGD_SOCKET") ; then OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime) OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs) OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail) - OSSH_PATH_ENTROPY_PROG(PROG_LS, ls) INSTALL_SSH_PRNG_CMDS="yes" fi @@ -1014,114 +1381,6 @@ AC_ARG_WITH(catman, AC_SUBST(MANTYPE) AC_SUBST(mansubdir) -# Check whether user wants Kerberos support -KRB4_MSG="no" -AC_ARG_WITH(kerberos4, - [ --with-kerberos4=PATH Enable Kerberos 4 support], - [ - if test "x$withval" != "xno" ; then - - if test "x$withval" != "$xyes" ; then - CFLAGS="$CFLAGS -I${withval}/include" - LDFLAGS="$LDFLAGS -L${withval}/lib" - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R${withval}/lib" - fi - if test ! -z "$blibpath" ; then - blibpath="$blibpath:${withval}/lib" - fi - else - if test -d /usr/include/kerberosIV ; then - CFLAGS="$CFLAGS -I/usr/include/kerberosIV" - fi - fi - - AC_CHECK_HEADERS(krb.h) - AC_CHECK_LIB(krb, main) - if test "$ac_cv_header_krb_h" != yes; then - AC_MSG_WARN([Cannot find krb.h, build may fail]) - fi - if test "$ac_cv_lib_krb_main" != yes; then - AC_MSG_WARN([Cannot find libkrb, build may fail]) - fi - - KLIBS="-lkrb -ldes" - AC_CHECK_LIB(resolv, dn_expand, , ) - KRB4=yes - KRB4_MSG="yes" - AC_DEFINE(KRB4) - fi - ] -) - -# Check whether user wants AFS support -AFS_MSG="no" -AC_ARG_WITH(afs, - [ --with-afs=PATH Enable AFS support], - [ - if test "x$withval" != "xno" ; then - - if test "x$withval" != "$xyes" ; then - CFLAGS="$CFLAGS -I${withval}/include" - LFLAGS="$LFLAGS -L${withval}/lib" - fi - - if test -z "$KRB4" ; then - AC_MSG_WARN([AFS requires Kerberos IV support, build may fail]) - fi - - LIBS="$LIBS -lkafs" - if test ! -z "$AFS_LIBS" ; then - LIBS="$LIBS $AFS_LIBS" - fi - AC_DEFINE(AFS) - AFS_MSG="yes" - fi - ] -) -LIBS="$LIBS $KLIBS" - -# Check whether user wants S/Key support -SKEY_MSG="no" -AC_ARG_WITH(skey, - [ --with-skey Enable S/Key support], - [ - if test "x$withval" != "xno" ; then - AC_DEFINE(SKEY) - LIBS="$LIBS -lskey" - SKEY_MSG="yes" - fi - ] -) - -# Check whether user wants TCP wrappers support -TCPW_MSG="no" -AC_ARG_WITH(tcp-wrappers, - [ --with-tcp-wrappers Enable tcpwrappers support], - [ - if test "x$withval" != "xno" ; then - saved_LIBS="$LIBS" - LIBS="$LIBS -lwrap" - AC_MSG_CHECKING(for libwrap) - AC_TRY_LINK( - [ -#include - int deny_severity = 0, allow_severity = 0; - ], - [hosts_access(0);], - [ - AC_MSG_RESULT(yes) - AC_DEFINE(LIBWRAP) - TCPW_MSG="yes" - ], - [ - AC_MSG_ERROR([*** libwrap missing]) - ] - ) - fi - ] -) - # Check whether to enable MD5 passwords MD5_MSG="no" AC_ARG_WITH(md5-passwords, @@ -1187,11 +1446,64 @@ AC_ARG_WITH(default-path, [ --with-default-path=PATH Specify default \$PATH environment for server], [ if test "x$withval" != "xno" ; then - AC_DEFINE_UNQUOTED(USER_PATH, "$withval") + user_path="$withval" SERVER_PATH_MSG="$withval" fi + ], + [ + AC_TRY_RUN( + [ +/* find out what STDPATH is */ +#include +#ifdef HAVE_PATHS_H +# include +#endif +#ifndef _PATH_STDPATH +# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" +#endif +#include +#include +#include +#define DATA "conftest.stdpath" + +main() +{ + FILE *fd; + int rc; + + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); + + if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) + exit(1); + + exit(0); +} + ], [ user_path=`cat conftest.stdpath` ], + [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], + [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] + ) +# make sure $bindir is in USER_PATH so scp will work + t_bindir=`eval echo ${bindir}` + case $t_bindir in + NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; + esac + case $t_bindir in + NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; + esac + echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 + if test $? -ne 0 ; then + echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 + if test $? -ne 0 ; then + user_path=$user_path:$t_bindir + AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work) + fi + fi ] ) +AC_DEFINE_UNQUOTED(USER_PATH, "$user_path") +AC_SUBST(user_path) # Whether to force IPv4 by default (needed on broken glibc Linux) IPV4_HACK_MSG="no" @@ -1228,6 +1540,17 @@ AC_ARG_WITH(4in6, ] ) +# Whether to enable BSD auth support +AC_ARG_WITH(bsd-auth, + [ --with-bsd-auth Enable BSD auth support], + [ + if test "x$withval" != "xno" ; then + AC_DEFINE(BSD_AUTH) + bsd_auth=yes + fi + ] +) + AC_MSG_CHECKING(whether to install ssh as suid root) AC_ARG_ENABLE(suid-ssh, [ --enable-suid-ssh Install ssh as suid root (default) @@ -1266,7 +1589,7 @@ if test ! -d $piddir ; then esac fi -AC_DEFINE_UNQUOTED(PIDDIR, "$piddir") +AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir") AC_SUBST(piddir) dnl allow user to disable some login recording features @@ -1304,7 +1627,14 @@ AC_ARG_ENABLE(pututxline, ) AC_ARG_WITH(lastlog, [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], - [ conf_lastlog_location="$withval"; ],) + [ + if test "x$withval" = "xno" ; then + AC_DEFINE(DISABLE_LASTLOG) + else + conf_lastlog_location=$withval + fi + ] +) dnl lastlog, [uw]tmpx? detection dnl NOTE: set the paths in the platform section to avoid the @@ -1500,7 +1830,7 @@ fi AC_EXEEXT -AC_OUTPUT(Makefile ssh_prng_cmds) +AC_OUTPUT(Makefile openbsd-compat/Makefile ssh_prng_cmds) # Print summary of options @@ -1512,10 +1842,13 @@ fi if test ! -z "$RANDOM_POOL" ; then RAND_MSG="Device ($RANDOM_POOL)" else - if test ! -z "$EGD_SOCKET" ; then - RAND_MSG="EGD ($EGD_SOCKET)" + if test ! -z "$PRNGD_PORT" ; then + RAND_MSG="PRNGD/EGD (port localhost:$PRNGD_PORT)" + elif test ! -z "$PRNGD_SOCKET" ; then + RAND_MSG="PRNGD/EGD (socket $PRNGD_SOCKET)" else RAND_MSG="Builtin (timeout $entropy_timeout)" + BUILTIN_RNG=1 fi fi @@ -1527,16 +1860,17 @@ D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` G=`eval echo ${piddir}` ; G=`eval echo ${G}` +H=`eval echo ${user_path}` ; H=`eval echo ${H}` echo "" echo "OpenSSH configured has been configured with the following options." echo " User binaries: $B" -echo " User binaries: $B" echo " System binaries: $C" echo " Configuration files: $D" echo " Askpass program: $E" echo " Manual pages: $F" echo " PID file: $G" +echo " sshd default user PATH: $H" echo " Random number collection: $RAND_MSG" echo " Manpage format: $MAN_MSG" echo " PAM support: ${PAM_MSG}" @@ -1549,13 +1883,38 @@ echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Use IPv4 by default hack: $IPV4_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" +if test ! -z "$bsd_auth"; then + echo " BSD Auth support: yes" +fi + echo "" -echo " Host: ${host}" -echo " Compiler: ${CC}" -echo " Compiler flags: ${CFLAGS}" -echo " Linker flags: ${LDFLAGS}" -echo " Libraries: ${LIBS}" +echo " Host: ${host}" +echo " Compiler: ${CC}" +echo " Compiler flags: ${CFLAGS}" +echo "Preprocessor flags: ${CPPFLAGS}" +echo " Linker flags: ${LDFLAGS}" +echo " Libraries: ${LIBS}" echo "" +if test "x$PAM_MSG" = "xyes" ; then + echo "PAM is enabled. You may need to install a PAM control file for sshd," + echo "otherwise password authentication may fail. Example PAM control files" + echo "can be found in the contrib/ subdirectory" + echo "" +fi + +if test ! -z "$BUILTIN_RNG" ; then + echo "WARNING: you are using the builtin random number collection service." + echo "Please read WARNING.RNG and request that your OS vendor includes" + echo "/dev/random in future versions of their OS." + echo "" +fi + +if test ! -z "$NO_SFTP"; then + echo "sftp-server will be disabled. Your compiler does not support" + echo "64bit integers." + echo "" +fi +