X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/d468fc76dadd580cccd7db512a6d0ef5eb2e32d7..60688ef9ba2f7c18351abc5cf7506e8afe3e5c87:/configure.in diff --git a/configure.in b/configure.in index 4158b99b..3c6694db 100644 --- a/configure.in +++ b/configure.in @@ -1,90 +1,65 @@ AC_INIT(ssh.c) AC_CONFIG_HEADER(config.h) +AC_PROG_CC AC_CANONICAL_HOST -dnl Checks for programs. -AC_PROG_CC +# Checks for programs. AC_PROG_CPP AC_PROG_RANLIB AC_PROG_INSTALL AC_CHECK_PROG(AR, ar, ar) AC_PATH_PROG(PERL, perl) AC_SUBST(PERL) +AC_PATH_PROG(ENT, ent) +AC_SUBST(ENT) -AC_ARG_WITH(rsh, - [ --with-rsh=PATH Specify path to remote shell program ], - [ - if test "x$withval" != "$xno" ; then - AC_DEFINE_UNQUOTED(RSH_PATH, "$withval") - fi - ], - [ - AC_PATH_PROG(rsh_path, rsh) - ] -) - -AC_ARG_WITH(xauth, - [ --with-xauth=PATH Specify path to xauth program ], - [ - if test "x$withval" != "$xno" ; then - AC_DEFINE_UNQUOTED(XAUTH_PATH, "$withval") - fi - ], - [ - AC_PATH_PROG(xauth_path, xauth) - if test ! -z "$xauth_path" -a -x "/usr/openwin/bin/xauth" ; then - xauth_path="/usr/openwin/bin/xauth" - fi - ] -) - -if test ! -z "$xauth_path" ; then - AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path") -fi -if test ! -z "$rsh_path" ; then - AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path") +if test -z "$LD" ; then + LD=$CC fi - -dnl Checks for compiler characteristics -if test "$GCC" = "yes"; then CFLAGS="$CFLAGS -Wall"; fi - +AC_SUBST(LD) + +# C Compiler features AC_C_INLINE - -dnl Check for OpenSSL/SSLeay directories. -AC_MSG_CHECKING([for OpenSSL/SSLeay directory]) -for ssldir in $prefix /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local $prefix /usr/pkg ; do - if test -f "$ssldir/include/openssl/crypto.h"; then - AC_DEFINE(HAVE_OPENSSL) - GOT_SSL="yes" - break - fi - if test -f "$ssldir/include/ssl/crypto.h"; then - AC_DEFINE(HAVE_SSL) - GOT_SSL="yes" - break - fi -done -if test -z "$GOT_SSL" ; then - AC_MSG_ERROR([Could not find SSLeay / OpenSSL libraries, please install]) -fi -AC_SUBST(ssldir) -AC_DEFINE_UNQUOTED(ssldir, "$ssldir") -if test "$ssldir" != "/usr"; then - CFLAGS="$CFLAGS -I$ssldir/include" - LDFLAGS="$LDFLAGS -L$ssldir/lib" +if test "$GCC" = "yes"; then + CFLAGS="$CFLAGS -Wall" fi -AC_MSG_RESULT($ssldir) -dnl Check for some target-specific stuff +# Check for some target-specific stuff case "$host" in *-*-aix*) AFS_LIBS="-lld" + CFLAGS="$CFLAGS -I/usr/local/include" + LDFLAGS="$LDFLAGS -L/usr/local/lib" + if test "$LD" != "gcc" -a -z "$blibpath"; then + blibpath="/usr/lib:/lib:/usr/local/lib" + fi + AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)]) AC_DEFINE(BROKEN_GETADDRINFO) ;; *-*-hpux10*) if test -z "$GCC"; then - CFLAGS="$CFLAGS -Aa" + CFLAGS="$CFLAGS -Ae" + fi + CFLAGS="$CFLAGS -D_HPUX_SOURCE" + AC_DEFINE(IPADDR_IN_DISPLAY) + AC_DEFINE(USE_UTMPX) + AC_MSG_CHECKING(for HPUX trusted system password database) + if test -f /tcb/files/auth/system/default; then + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_HPUX_TRUSTED_SYSTEM_PW) + LIBS="$LIBS -lsec" + AC_MSG_WARN([This configuration is untested]) + else + AC_MSG_RESULT(no) + AC_DEFINE(DISABLE_SHADOW) + fi + MANTYPE='$(CATMAN)' + mansubdir=cat + ;; +*-*-hpux11*) + if test -z "$GCC"; then + CFLAGS="$CFLAGS -Ae" fi CFLAGS="$CFLAGS -D_HPUX_SOURCE" AC_DEFINE(IPADDR_IN_DISPLAY) @@ -99,43 +74,53 @@ case "$host" in AC_MSG_RESULT(no) AC_DEFINE(DISABLE_SHADOW) fi + MANTYPE='$(CATMAN)' + mansubdir=cat ;; *-*-irix5*) + CFLAGS="$CFLAGS -I/usr/local/include" + LDFLAGS="$LDFLAGS -L/usr/local/lib" + MANTYPE='$(CATMAN)' no_libsocket=1 no_libnsl=1 ;; *-*-irix6*) - AC_MSG_WARN([*** Irix 6.x is not tested *** ]) + CFLAGS="$CFLAGS -I/usr/local/include" + LDFLAGS="$LDFLAGS -L/usr/local/lib" + MANTYPE='$(CATMAN)' + AC_MSG_WARN([*** Irix 6.x is not tested, please report you experiences *** ]) no_libsocket=1 no_libnsl=1 ;; *-*-linux*) no_dev_ptmx=1 + AC_DEFINE(DONT_TRY_OTHER_AF) + inet6_default_4in6=yes ;; *-*-netbsd*) - if test "$GOT_SSL" = "yes"; then - LDFLAGS="$LDFLAGS -R$ssldir/lib" - fi + need_dash_r=1 ;; *-*-solaris*) + CFLAGS="$CFLAGS -I/usr/local/include" + LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib -L/usr/ucblib -R/usr/ucblib" + need_dash_r=1 AC_DEFINE(USE_UTMPX) ;; +*-*-sunos4*) + CFLAGS="$CFLAGS -DSUNOS4" + AC_CHECK_FUNCS(getpwanam) + ;; *-*-sysv*) + CFLAGS="$CFLAGS -I/usr/local/include" + LDFLAGS="$LDFLAGS -L/usr/local/lib" + AC_DEFINE(USE_UTMPX) + MANTYPE='$(CATMAN)' + mansubdir=cat LIBS="$LIBS -lgen -lsocket" ;; esac -dnl Check for RSAref library. -AC_MSG_CHECKING([for RSAref library]) -saved_LIBS="$LIBS" -LIBS="$saved_LIBS -lRSAglue -lrsaref" -AC_TRY_LINK([], [], -[AC_MSG_RESULT(yes); - AC_DEFINE(RSAREF)], -[AC_MSG_RESULT(no)]; LIBS="$saved_LIBS") - -dnl Checks for libraries. -AC_CHECK_LIB(crypto, CRYPTO_lock, ,AC_MSG_ERROR([*** libcrypto missing - please install first ***])) +# Checks for libraries. AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***])) AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil") @@ -146,11 +131,11 @@ if test -z "$no_libnsl" ; then AC_CHECK_LIB(socket, main, , ) fi -dnl Checks for header files. -AC_CHECK_HEADERS(bstring.h endian.h lastlog.h login.h maillock.h netdb.h netgroup.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h util.h utmp.h utmpx.h) +# Checks for header files. +AC_CHECK_HEADERS(bstring.h endian.h lastlog.h login.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h stddef.h util.h utmp.h utmpx.h) -dnl Checks for library functions. -AC_CHECK_FUNCS(arc4random bindresvport_af freeaddrinfo gai_strerror getaddrinfo getpagesize getnameinfo innetgr md5_crypt mkdtemp openpty rresvport_af setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy updwtmpx vsnprintf _getpty) +# Checks for library functions. +AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock freeaddrinfo gai_strerror getaddrinfo getnameinfo getrusage innetgr md5_crypt memmove mkdtemp on_exit openpty rresvport_af setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy updwtmpx vsnprintf vhangup _getpty __b64_ntop) AC_CHECK_FUNC(login, [AC_DEFINE(HAVE_LOGIN)], @@ -162,49 +147,216 @@ AC_CHECK_FUNC(daemon, [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])] ) -dnl Checks for data types +AC_CHECK_FUNC(getpagesize, + [AC_DEFINE(HAVE_GETPAGESIZE)], + [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])] +) + +AC_ARG_WITH(pam, + [ --without-pam Disable PAM support ], + [ + if test "x$withval" = "xno" ; then + no_pam=1 + AC_DEFINE(DISABLE_PAM) + fi + ] +) +if test -z "$no_pam" -a "x$ac_cv_header_security_pam_appl_h" = "xyes" ; then + AC_CHECK_LIB(dl, dlopen, , ) + LIBS="$LIBS -lpam" + + AC_CHECK_FUNCS(pam_getenvlist) + + # Check PAM strerror arguments (old PAM) + AC_MSG_CHECKING([whether pam_strerror takes only one argument]) + AC_TRY_COMPILE( + [ +#include +#include + ], + [(void)pam_strerror((pam_handle_t *)NULL, -1);], + [AC_MSG_RESULT(no)], + [ + AC_DEFINE(HAVE_OLD_PAM) + AC_MSG_RESULT(yes) + ] + ) +fi + +# The big search for OpenSSL +AC_ARG_WITH(ssl-dir, + [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], + [ + if test "x$withval" != "$xno" ; then + tryssldir=$withval + fi + ] +) + +saved_LIBS="$LIBS" +saved_LDFLAGS="$LDFLAGS" +saved_CFLAGS="$CFLAGS" +if test "x$prefix" != "xNONE" ; then + tryssldir="$tryssldir $prefix" +fi +AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [ + + for ssldir in "" $tryssldir /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do + if test ! -z "$ssldir" ; then + LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir" + CFLAGS="$saved_CFLAGS -I$ssldir/include" + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R$ssldir/lib -R$ssldir" + fi + else + LDFLAGS="$saved_LDFLAGS" + fi + + LIBS="$saved_LIBS -lcrypto" + + # Basic test to check for compatible version and correct linking + # *does not* test for RSA - that comes later. + AC_TRY_RUN( + [ +#include +#include +int main(void) +{ + char a[2048]; + memset(a, 0, sizeof(a)); + RAND_add(a, sizeof(a), sizeof(a)); + return(RAND_status() <= 0); +} + ], + [ + found_crypto=1 + break; + ], [] + ) + + if test ! -z "$found_crypto" ; then + break; + fi + done + + if test -z "$found_crypto" ; then + AC_MSG_ERROR([Could not find working SSLeay / OpenSSL libraries, please install]) + fi + if test -z "$ssldir" ; then + ssldir="(system)" + fi + + ac_cv_openssldir=$ssldir +]) + +if test ! -z "$ac_cv_openssldir" -a ! "x$ac_cv_openssldir" = "x(system)" ; then + AC_DEFINE(HAVE_OPENSSL) + dnl Need to recover ssldir - test above runs in subshell + ssldir=$ac_cv_openssldir + CFLAGS="$saved_CFLAGS -I$ssldir/include" + LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir" + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R$ssldir/lib -R$ssldir" + fi + if test ! -z "$blibpath" ; then + blibpath="$blibpath:$ssldir:$ssldir/lib" + fi +fi +LIBS="$saved_LIBS -lcrypto" + +# Now test RSA support +saved_LIBS="$LIBS" +AC_MSG_CHECKING([for RSA support]) +for WANTS_RSAREF in "" 1 ; do + if test -z "$WANTS_RSAREF" ; then + LIBS="$saved_LIBS" + else + LIBS="$saved_LIBS -lRSAglue -lrsaref" + fi + AC_TRY_RUN([ +#include +#include +#include +#include +#include +int main(void) +{ + int num; RSA *key; static unsigned char p_in[] = "blahblah"; + unsigned char c[256], p[256]; + memset(c, 0, sizeof(c)); RAND_add(c, sizeof(c), sizeof(c)); + if ((key=RSA_generate_key(512, 3, NULL, NULL))==NULL) return(1); + num = RSA_public_encrypt(sizeof(p_in) - 1, p_in, c, key, RSA_PKCS1_PADDING); + return(-1 == RSA_private_decrypt(num, c, p, key, RSA_PKCS1_PADDING)); +} + ], + [ + rsa_works=1 + break; + ], []) +done + +if test ! -z "$no_rsa" ; then + AC_MSG_RESULT(disabled) +else + if test -z "$rsa_works" ; then + AC_MSG_WARN([*** No RSA support found *** ]) + else + if test -z "$WANTS_RSAREF" ; then + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT(using RSAref) + LIBS="$saved_LIBS -lcrypto -lRSAglue -lrsaref" + fi + fi +fi + +# Checks for data types AC_CHECK_SIZEOF(char, 1) AC_CHECK_SIZEOF(short int, 2) AC_CHECK_SIZEOF(int, 4) AC_CHECK_SIZEOF(long int, 4) AC_CHECK_SIZEOF(long long int, 8) -dnl More checks for data types -AC_MSG_CHECKING([for intXX_t types]) -AC_TRY_COMPILE( - [#include ], - [int16_t a; int32_t b; a = 1235; b = 1235;], - [ - AC_DEFINE(HAVE_INTXX_T) - AC_MSG_RESULT(yes) - have_intxx_t=1 - ], - [AC_MSG_RESULT(no)] -) +# More checks for data types +AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ + AC_TRY_COMPILE( + [ #include ], + [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], + [ ac_cv_have_intxx_t="yes" ], + [ ac_cv_have_intxx_t="no" ] + ) +]) +if test "x$ac_cv_have_intxx_t" = "xyes" ; then + AC_DEFINE(HAVE_INTXX_T) + have_intxx_t=1 +fi + +AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ + AC_TRY_COMPILE( + [ #include ], + [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], + [ ac_cv_have_u_intxx_t="yes" ], + [ ac_cv_have_u_intxx_t="no" ] + ) +]) +if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then + AC_DEFINE(HAVE_U_INTXX_T) + have_u_intxx_t=1 +fi -AC_MSG_CHECKING([for u_intXX_t types]) -AC_TRY_COMPILE( - [#include ], - [u_int16_t c; u_int32_t d; c = 1235; d = 1235;], - [ - AC_DEFINE(HAVE_U_INTXX_T) - AC_MSG_RESULT(yes) - have_u_intxx_t=1 - ], - [AC_MSG_RESULT(no)] -) if test -z "$have_u_intxx_t" -o -z "$have_intxx_t" -a \ "x$ac_cv_header_sys_bitypes_h" = "xyes" then AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) AC_TRY_COMPILE( - [#include ], [ - u_int16_t c; u_int32_t d; - int16_t e; int32_t f; - c = 1235; d = 1235; - e = 1235; f = 1235; +#include + ], + [ + int8_t a; int16_t b; int32_t c; + u_int8_t e; u_int16_t f; u_int32_t g; + a = b = c = e = f = g = 1; ], [ AC_DEFINE(HAVE_U_INTXX_T) @@ -215,260 +367,230 @@ then ) fi -AC_MSG_CHECKING([for uintXX_t types]) -AC_TRY_COMPILE( - [#include ], - [uint16_t c; uint32_t d; c = 1235; d = 1235;], - [ +if test -z "$have_u_intxx_t" ; then + AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ + AC_TRY_COMPILE( + [ +#include + ], + [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ], + [ ac_cv_have_uintxx_t="yes" ], + [ ac_cv_have_uintxx_t="no" ] + ) + ]) + if test "x$ac_cv_have_uintxx_t" = "xyes" ; then AC_DEFINE(HAVE_UINTXX_T) - AC_MSG_RESULT(yes) - ], - [AC_MSG_RESULT(no)] -) - -AC_MSG_CHECKING([for socklen_t]) -AC_TRY_COMPILE( - [ - #include - #include - ], - [socklen_t foo; foo = 1235;], - [ - AC_DEFINE(HAVE_SOCKLEN_T) - AC_MSG_RESULT(yes) - ], - [AC_MSG_RESULT(no)] -) + fi +fi -AC_MSG_CHECKING([for size_t]) -AC_TRY_COMPILE( - [#include ], - [size_t foo; foo = 1235;], - [ - AC_DEFINE(HAVE_SIZE_T) - AC_MSG_RESULT(yes) - ], - [AC_MSG_RESULT(no)] -) +AC_CACHE_CHECK([for socklen_t], ac_cv_have_socklen_t, [ + AC_TRY_COMPILE( + [ +#include +#include + ], + [socklen_t foo; foo = 1235;], + [ ac_cv_have_socklen_t="yes" ], + [ ac_cv_have_socklen_t="no" ] + ) +]) +if test "x$ac_cv_have_socklen_t" = "xyes" ; then + AC_DEFINE(HAVE_SOCKLEN_T) +fi -AC_MSG_CHECKING([for struct sockaddr_storage]) -AC_TRY_COMPILE( - [ - #include - #include - ], - [struct sockaddr_storage s;], - [ - AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE) - AC_MSG_RESULT(yes) - ], - [AC_MSG_RESULT(no)] -) +AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ + AC_TRY_COMPILE( + [ +#include + ], + [ size_t foo; foo = 1235; ], + [ ac_cv_have_size_t="yes" ], + [ ac_cv_have_size_t="no" ] + ) +]) +if test "x$ac_cv_have_size_t" = "xyes" ; then + AC_DEFINE(HAVE_SIZE_T) +fi -AC_MSG_CHECKING([for struct sockaddr_in6]) -AC_TRY_COMPILE( - [#include ], - [struct sockaddr_in6 s; s.sin6_family = 0;], - [ - AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6) - AC_MSG_RESULT(yes) - ], - [AC_MSG_RESULT(no)] -) +AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ + AC_TRY_COMPILE( + [ +#include + ], + [ ssize_t foo; foo = 1235; ], + [ ac_cv_have_ssize_t="yes" ], + [ ac_cv_have_ssize_t="no" ] + ) +]) +if test "x$ac_cv_have_ssize_t" = "xyes" ; then + AC_DEFINE(HAVE_SSIZE_T) +fi -AC_MSG_CHECKING([for struct in6_addr]) -AC_TRY_COMPILE( - [#include ], - [struct in6_addr s; s.s6_addr[0] = 0;], - [ - AC_DEFINE(HAVE_STRUCT_IN6_ADDR) - AC_MSG_RESULT(yes) - ], - [AC_MSG_RESULT(no)] -) -AC_MSG_CHECKING([for struct addrinfo]) -AC_TRY_COMPILE( - [ - #include - #include - #include - ], - [struct addrinfo s; s.ai_flags = AI_PASSIVE;], - [ - AC_DEFINE(HAVE_STRUCT_ADDRINFO) - AC_MSG_RESULT(yes) - ], - [AC_MSG_RESULT(no)] -) +AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ + AC_TRY_COMPILE( + [ +#include +#include + ], + [ struct sockaddr_storage s; ], + [ ac_cv_have_struct_sockaddr_storage="yes" ], + [ ac_cv_have_struct_sockaddr_storage="no" ] + ) +]) +if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then + AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE) +fi -AC_ARG_WITH(pam, - [ --without-pam Disable PAM support ], - [ - if test "x$withval" = "xno" ; then - no_pam=1 - AC_DEFINE(DISABLE_PAM) - fi - ] -) +AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ + AC_TRY_COMPILE( + [ +#include + ], + [ struct sockaddr_in6 s; s.sin6_family = 0; ], + [ ac_cv_have_struct_sockaddr_in6="yes" ], + [ ac_cv_have_struct_sockaddr_in6="no" ] + ) +]) +if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then + AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6) +fi -if test -z "$no_pam" -a "x$ac_cv_header_security_pam_appl_h" = "xyes" ; then - AC_CHECK_LIB(dl, dlopen, , ) - LIBS="$LIBS -lpam" - dnl Check PAM strerror arguments - AC_MSG_CHECKING([whether pam_strerror takes only one argument]) +AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ AC_TRY_COMPILE( [ - #include - #include - ], - [(void)pam_strerror((pam_handle_t *)NULL, -1);], - [AC_MSG_RESULT(no)], +#include + ], + [ struct in6_addr s; s.s6_addr[0] = 0; ], + [ ac_cv_have_struct_in6_addr="yes" ], + [ ac_cv_have_struct_in6_addr="no" ] + ) +]) +if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then + AC_DEFINE(HAVE_STRUCT_IN6_ADDR) +fi + +AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ + AC_TRY_COMPILE( [ - AC_DEFINE(HAVE_OLD_PAM) - AC_MSG_RESULT(yes) - ] - ) +#include +#include +#include + ], + [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ], + [ ac_cv_have_struct_addrinfo="yes" ], + [ ac_cv_have_struct_addrinfo="no" ] + ) +]) +if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then + AC_DEFINE(HAVE_STRUCT_ADDRINFO) fi -AC_MSG_CHECKING([whether to build GNOME ssh-askpass]) -dnl Check whether user wants GNOME ssh-askpass -AC_ARG_WITH(gnome-askpass, - [ --with-gnome-askpass Build the GNOME passphrase requester (default=no)], - [ - if test x$withval = xno ; then - GNOME_ASKPASS=""; - else - GNOME_ASKPASS="gnome-ssh-askpass"; - fi - ]) -AC_SUBST(GNOME_ASKPASS) -if test -z "$GNOME_ASKPASS" ; then - AC_MSG_RESULT(no) -else - AC_MSG_RESULT(yes) +# Checks for structure members + +OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP) +OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX) +OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX) +OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP) +OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP) +OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX) +OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP) +OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP) +OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP) +OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX) +OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP) +OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX) + + +AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], + ac_cv_have_ss_family_in_struct_ss, [ + AC_TRY_COMPILE( + [ +#include +#include + ], + [ struct sockaddr_storage s; s.ss_family = 1; ], + [ ac_cv_have_ss_family_in_struct_ss="yes" ], + [ ac_cv_have_ss_family_in_struct_ss="no" ], + ) +]) +if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then + AC_DEFINE(HAVE_SS_FAMILY_IN_SS) fi -dnl Check for user-specified random device -AC_ARG_WITH(random, - [ --with-random=FILE read randomness from FILE (default=/dev/urandom)], - [ - RANDOM_POOL="$withval"; - AC_DEFINE_UNQUOTED(RANDOM_POOL, "$RANDOM_POOL") - ], - [ - dnl Check for random device - AC_CHECK_FILE("/dev/urandom", - [ - RANDOM_POOL="/dev/urandom"; - AC_SUBST(RANDOM_POOL) - AC_DEFINE_UNQUOTED(RANDOM_POOL, "$RANDOM_POOL") - ] - ) - ] -) -dnl Check for EGD pool file -AC_ARG_WITH(egd-pool, - [ --with-egd-pool=FILE read randomness from EGD pool FILE (default none)], - [ - RANDOM_POOL="$withval"; - AC_DEFINE(HAVE_EGD) - AC_SUBST(RANDOM_POOL) - AC_DEFINE_UNQUOTED(RANDOM_POOL, "$RANDOM_POOL") - ] -) +AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], + ac_cv_have___ss_family_in_struct_ss, [ + AC_TRY_COMPILE( + [ +#include +#include + ], + [ struct sockaddr_storage s; s.__ss_family = 1; ], + [ ac_cv_have___ss_family_in_struct_ss="yes" ], + [ ac_cv_have___ss_family_in_struct_ss="no" ] + ) +]) +if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then + AC_DEFINE(HAVE___SS_FAMILY_IN_SS) +fi + -dnl Make sure we have random number support -if test -z "$RANDOM_POOL" -a -z "$EGD_POOL"; then - AC_MSG_ERROR([No random device found, and no EGD random pool specified]) +AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ + AC_TRY_LINK([], + [ extern char *__progname; printf("%s", __progname); ], + [ ac_cv_libc_defines___progname="yes" ], + [ ac_cv_libc_defines___progname="no" ] + ) +]) +if test "x$ac_cv_libc_defines___progname" = "xyes" ; then + AC_DEFINE(HAVE___PROGNAME) fi -AC_MSG_CHECKING([whether utmp.h has ut_host field]) -AC_EGREP_HEADER(ut_host, utmp.h, - [AC_DEFINE(HAVE_HOST_IN_UTMP) AC_MSG_RESULT(yes); ], - [AC_MSG_RESULT(no)] -) -AC_MSG_CHECKING([whether utmpx.h has ut_host field]) -AC_EGREP_HEADER(ut_host, utmpx.h, - [AC_DEFINE(HAVE_HOST_IN_UTMPX) AC_MSG_RESULT(yes); ], - [AC_MSG_RESULT(no)] -) -AC_MSG_CHECKING([whether utmpx.h has syslen field]) -AC_EGREP_HEADER(syslen, utmpx.h, - [AC_DEFINE(HAVE_SYSLEN_IN_UTMPX) AC_MSG_RESULT(yes); ], - [AC_MSG_RESULT(no)] -) -AC_MSG_CHECKING([whether utmp.h has ut_pid field]) -AC_EGREP_HEADER(ut_pid, utmp.h, - [AC_DEFINE(HAVE_PID_IN_UTMP) AC_MSG_RESULT(yes); ], - [AC_MSG_RESULT(no)] -) -AC_MSG_CHECKING([whether utmp.h has ut_type field]) -AC_EGREP_HEADER(ut_type, utmp.h, - [AC_DEFINE(HAVE_TYPE_IN_UTMP) AC_MSG_RESULT(yes); ], - [AC_MSG_RESULT(no)] -) -AC_MSG_CHECKING([whether utmp.h has ut_tv field]) -AC_EGREP_HEADER(ut_tv, utmp.h, - [AC_DEFINE(HAVE_TV_IN_UTMP) AC_MSG_RESULT(yes); ], - [AC_MSG_RESULT(no)] -) -AC_MSG_CHECKING([whether utmp.h has ut_id field]) -AC_EGREP_HEADER(ut_id, utmp.h, - [AC_DEFINE(HAVE_ID_IN_UTMP) AC_MSG_RESULT(yes); ], - [AC_MSG_RESULT(no)] -) -AC_MSG_CHECKING([whether utmp.h has ut_addr field]) -AC_EGREP_HEADER(ut_addr, utmp.h, - [AC_DEFINE(HAVE_ADDR_IN_UTMP) AC_MSG_RESULT(yes); ], - [AC_MSG_RESULT(no)] -) -AC_MSG_CHECKING([whether utmpx.h has ut_addr field]) -AC_EGREP_HEADER(ut_addr, utmpx.h, - [AC_DEFINE(HAVE_ADDR_IN_UTMPX) AC_MSG_RESULT(yes); ], - [AC_MSG_RESULT(no)] -) -AC_MSG_CHECKING([whether utmp.h has ut_addr_v6 field]) -AC_EGREP_HEADER(ut_addr_v6, utmp.h, - [AC_DEFINE(HAVE_ADDR_V6_IN_UTMP) AC_MSG_RESULT(yes); ], - [AC_MSG_RESULT(no)] -) -AC_MSG_CHECKING([whether utmpx.h has ut_addr_v6 field]) -AC_EGREP_HEADER(ut_addr_v6, utmpx.h, - [AC_DEFINE(HAVE_ADDR_V6_IN_UTMPX) AC_MSG_RESULT(yes); ], - [AC_MSG_RESULT(no)] -) -AC_MSG_CHECKING([whether struct sockaddr_storage has ss_family field]) -AC_TRY_COMPILE( +# Looking for programs, paths and files +AC_ARG_WITH(rsh, + [ --with-rsh=PATH Specify path to remote shell program ], [ - #include - #include + if test "x$withval" != "$no" ; then + AC_DEFINE_UNQUOTED(RSH_PATH, "$withval") + fi ], - [struct sockaddr_storage s; s.ss_family = 1;], [ - AC_DEFINE(HAVE_SS_FAMILY_IN_SS) - AC_MSG_RESULT(yes) - ], - [AC_MSG_RESULT(no)] + AC_PATH_PROG(rsh_path, rsh) + ] ) -AC_MSG_CHECKING([whether struct sockaddr_storage has __ss_family field]) -AC_TRY_COMPILE( + +AC_ARG_WITH(xauth, + [ --with-xauth=PATH Specify path to xauth program ], [ - #include - #include + if test "x$withval" != "$xno" ; then + AC_DEFINE_UNQUOTED(XAUTH_PATH, "$withval") + fi ], - [struct sockaddr_storage s; s.__ss_family = 1;], [ - AC_DEFINE(HAVE___SS_FAMILY_IN_SS) - AC_MSG_RESULT(yes) - ], - [AC_MSG_RESULT(no)] + AC_PATH_PROG(xauth_path, xauth) + if test ! -z "$xauth_path" -a -x "/usr/openwin/bin/xauth" ; then + xauth_path="/usr/openwin/bin/xauth" + fi + ] ) -dnl Look for lastlog location +if test ! -z "$xauth_path" ; then + AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path") +fi +if test ! -z "$rsh_path" ; then + AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path") +fi + +# Check for mail directory (last resort if we cannot get it from headers) +if test ! -z "$MAIL" ; then + maildir=`dirname $MAIL` + AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir") +fi + +# Look for lastlog location AC_ARG_WITH(lastlog, [ --with-lastlog=FILE Location of lastlog file], [ @@ -480,7 +602,7 @@ AC_ARG_WITH(lastlog, ], [ AC_MSG_CHECKING([location of lastlog file]) - for lastlog in /var/log/lastlog /var/adm/lastlog /etc/security/lastlog ; do + for lastlog in /var/log/lastlog /var/adm/lastlog /usr/adm/lastlog /etc/security/lastlog ; do if test -f $lastlog ; then gotlastlog="file" break @@ -510,46 +632,115 @@ if test ! -z "$nolastlog" ; then AC_DEFINE(DISABLE_LASTLOG) fi -dnl Compile with dante SOCKS library -AC_ARG_WITH(dante, - [ --with-dante=DIR Use Dante SOCKS lib (default is system library path)], +if test -z "$no_dev_ptmx" ; then + AC_CHECK_FILE("/dev/ptmx", + [ + AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX) + have_dev_ptmx=1 + ] + ) +fi +AC_CHECK_FILE("/dev/ptc", + [ + AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) + have_dev_ptc=1 + ] +) + +# Options from here on. Some of these are preset by platform above + +# Check for user-specified random device, otherwise check /dev/urandom +AC_ARG_WITH(random, + [ --with-random=FILE read randomness from FILE (default=/dev/urandom)], [ - AC_DEFINE(HAVE_DANTE) if test "x$withval" != "xno" ; then - if test -n $withval ; then - LIBS="$LIBS -L$withval" - fi - LIBS="$LIBS -lsocks" + RANDOM_POOL="$withval"; + AC_DEFINE_UNQUOTED(RANDOM_POOL, "$RANDOM_POOL") fi + ], + [ + # Check for random device + AC_CHECK_FILE("/dev/urandom", + [ + RANDOM_POOL="/dev/urandom"; + AC_SUBST(RANDOM_POOL) + AC_DEFINE_UNQUOTED(RANDOM_POOL, "$RANDOM_POOL") + ] + ) ] ) -if test -z "$no_dev_ptmx" ; then - AC_CHECK_FILE("/dev/ptmx", AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)) +# Check for EGD pool file +AC_ARG_WITH(egd-pool, + [ --with-egd-pool=FILE read randomness from EGD pool FILE (default none)], + [ + if test "x$withval" != "xno" ; then + EGD_SOCKET="$withval"; + AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET") + fi + ] +) + +# detect pathnames for entropy gathering commands, if we need them +INSTALL_SSH_PRNG_CMDS="" +rm -f prng_commands +if test -z "$RANDOM_POOL" -a -z "$EGD_SOCKET" ; then + # Use these commands to collect entropy + OSSH_PATH_ENTROPY_PROG(PROG_LS, ls) + OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat) + OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp) + OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig) + OSSH_PATH_ENTROPY_PROG(PROG_PS, ps) + OSSH_PATH_ENTROPY_PROG(PROG_W, w) + OSSH_PATH_ENTROPY_PROG(PROG_WHO, who) + OSSH_PATH_ENTROPY_PROG(PROG_LAST, last) + OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog) + OSSH_PATH_ENTROPY_PROG(PROG_DF, df) + OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat) + OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime) + OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs) + OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail) + OSSH_PATH_ENTROPY_PROG(PROG_LS, ls) + + INSTALL_SSH_PRNG_CMDS="yes" fi -AC_CHECK_FILE("/dev/ptc", AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)) +AC_SUBST(INSTALL_SSH_PRNG_CMDS) -AC_MSG_CHECKING([whether libc defines __progname]) -AC_TRY_LINK([], - [extern char *__progname; printf("%s", __progname);], - [ - AC_DEFINE(HAVE___PROGNAME) - AC_MSG_RESULT(yes) - ], + +AC_ARG_WITH(catman, + [ --with-catman=man|cat Install preformatted manpages[no]], [ - AC_MSG_RESULT(no) + MANTYPE='$(CATMAN)' + if test x"$withval" != x"yes" ; then + mansubdir=$withval + else + mansubdir=cat + fi + ], [ + if test -z "$MANTYPE" ; then + MANTYPE='$(TROFFMAN)' + mansubdir=man + fi ] ) +AC_SUBST(MANTYPE) +AC_SUBST(mansubdir) -dnl Check whether user wants Kerberos support +# Check whether user wants Kerberos support AC_ARG_WITH(kerberos4, [ --with-kerberos4=PATH Enable Kerberos 4 support], [ - if test "x$withval" != "$xno" ; then + if test "x$withval" != "xno" ; then if test "x$withval" != "$xyes" ; then CFLAGS="$CFLAGS -I${withval}/include" LDFLAGS="$LDFLAGS -L${withval}/lib" + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R${withval}/lib" + fi + if test ! -z "$blibpath" ; then + blibpath="$blibpath:${withval}/lib" + fi else if test -d /usr/include/kerberosIV ; then CFLAGS="$CFLAGS -I/usr/include/kerberosIV" @@ -565,7 +756,7 @@ AC_ARG_WITH(kerberos4, AC_MSG_WARN([Cannot find libkrb, build may fail]) fi - LIBS="$LIBS -lkrb -ldes" + KLIBS="-lkrb -ldes" AC_CHECK_LIB(resolv, dn_expand, , ) KRB4=yes AC_DEFINE(KRB4) @@ -573,11 +764,11 @@ AC_ARG_WITH(kerberos4, ] ) -dnl Check whether user wants AFS support +# Check whether user wants AFS support AC_ARG_WITH(afs, [ --with-afs=PATH Enable AFS support], [ - if test "x$withval" != "$xno" ; then + if test "x$withval" != "xno" ; then if test "x$withval" != "$xyes" ; then CFLAGS="$CFLAGS -I${withval}/include" @@ -596,40 +787,58 @@ AC_ARG_WITH(afs, fi ] ) +LIBS="$LIBS $KLIBS" -dnl Check whether user wants S/Key support +# Check whether user wants S/Key support AC_ARG_WITH(skey, [ --with-skey Enable S/Key support], [ - if test "x$withval" != "$xno" ; then + if test "x$withval" != "xno" ; then AC_DEFINE(SKEY) LIBS="$LIBS -lskey" fi ] ) -dnl Check whether user wants TCP wrappers support +# Check whether user wants TCP wrappers support AC_ARG_WITH(tcp-wrappers, [ --with-tcp-wrappers Enable tcpwrappers support], [ - if test "x$withval" != "$xno" ; then - AC_DEFINE(LIBWRAP) + if test "x$withval" != "xno" ; then + saved_LIBS="$LIBS" LIBS="$LIBS -lwrap" + AC_MSG_CHECKING(for libwrap) + AC_TRY_LINK( + [ +#include + int deny_severity = 0, allow_severity = 0; + ], + [hosts_access(0);], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(LIBWRAP) + ], + [ + AC_MSG_RESULT(no) + AC_MSG_WARN([*** libwrap missing - tcpwrapper support disabled ***]) + LIBS="$saved_LIBS" + ] + ) fi ] ) -dnl Check whether to enable MD5 passwords +# Check whether to enable MD5 passwords AC_ARG_WITH(md5-passwords, [ --with-md5-passwords Enable use of MD5 passwords], [ - if test "x$withval" != "$xno" ; then + if test "x$withval" != "xno" ; then AC_DEFINE(HAVE_MD5_PASSWORDS) fi ] ) -dnl Check whether to enable utmpx support +# Check whether to enable utmpx support AC_ARG_WITH(utmpx, [ --with-utmpx Enable utmpx support], [ @@ -639,7 +848,7 @@ AC_ARG_WITH(utmpx, ] ) -dnl Whether to disable shadow password support +# Whether to disable shadow password support AC_ARG_WITH(shadow, [ --without-shadow Disable shadow password support], [ @@ -649,7 +858,7 @@ AC_ARG_WITH(shadow, ] ) -dnl Use ip address instead of hostname in $DISPLAY +# Use ip address instead of hostname in $DISPLAY AC_ARG_WITH(ipaddr-display, [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], [ @@ -659,6 +868,7 @@ AC_ARG_WITH(ipaddr-display, ] ) +# Whether to mess with the default path AC_ARG_WITH(default-path, [ --with-default-path=PATH Specify default \$PATH environment for server], [ @@ -668,6 +878,7 @@ AC_ARG_WITH(default-path, ] ) +# Whether to force IPv4 by default (needed on broken glibc Linux) AC_ARG_WITH(ipv4-default, [ --with-ipv4-default Use IPv4 by connections unless '-6' specified], [ @@ -677,6 +888,27 @@ AC_ARG_WITH(ipv4-default, ] ) +AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) +AC_ARG_WITH(4in6, + [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], + [ + if test "x$withval" != "xno" ; then + AC_MSG_RESULT(yes) + AC_DEFINE(IPV4_IN_IPV6) + else + AC_MSG_RESULT(no) + fi + ],[ + if test "x$inet6_default_4in6" = "xyes"; then + AC_MSG_RESULT([yes (default)]) + AC_DEFINE(IPV4_IN_IPV6) + else + AC_MSG_RESULT([no (default)]) + fi + ] +) + +# Where to place sshd.pid piddir=/var/run AC_ARG_WITH(pid-dir, [ --with-pid-dir=PATH Specify location of ssh.pid file], @@ -686,13 +918,29 @@ AC_ARG_WITH(pid-dir, fi ] ) + AC_DEFINE_UNQUOTED(PIDDIR, "$piddir") AC_SUBST(piddir) -dnl Check for mail directory (last resort if we cannot get it from headers) -if test ! -z "$MAIL" ; then - maildir=`dirname $MAIL` - AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir") + +# Change default command timeout for builtin PRNG +entropy_timeout=100 +AC_ARG_WITH(entropy-timeout, + [ --with-entropy-timeout Specify entropy gathering command timeout (msec)], + [ + if test "x$withval" != "xno" ; then + entropy_timeout=$withval + fi + ] +) +AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout) + + +if test ! -z "$blibpath" ; then + LDFLAGS="$LDFLAGS -blibpath:$blibpath" + AC_MSG_WARN([Please check and edit -blibpath in LDFLAGS in Makefile]) fi -AC_OUTPUT(Makefile) +AC_OUTPUT(Makefile ssh_prng_cmds) + +