diff options
author | Colin Watson <cjwatson@debian.org> | 2013-05-07 11:47:26 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2013-05-07 11:47:26 +0100 |
commit | 2ea3f720daeb1ca9f765365fce3a9546961fe624 (patch) | |
tree | c4fb7d1f51fa51e7677232de806aae150e29e2ac /configure.ac | |
parent | f5efcd3450bbf8261915e0c4a6f851229dddaa79 (diff) | |
parent | ecebda56da46a03dafff923d91c382f31faa9eec (diff) |
* New upstream release (http://www.openssh.com/txt/release-6.2).
- Add support for multiple required authentication in SSH protocol 2 via
an AuthenticationMethods option (closes: #195716).
- Fix Sophie Germain formula in moduli(5) (closes: #698612).
- Update ssh-copy-id to Phil Hands' greatly revised version (closes:
#99785, #322228, #620428; LP: #518883, #835901, #1074798).
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 273 |
1 files changed, 219 insertions, 54 deletions
diff --git a/configure.ac b/configure.ac index fabd3e0f1..198a2056e 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.496 2012/07/06 01:49:29 djm Exp $ | 1 | # $Id: configure.ac,v 1.518 2013/03/20 01:55:15 djm Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -15,7 +15,7 @@ | |||
15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | 16 | ||
17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) | 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) |
18 | AC_REVISION($Revision: 1.496 $) | 18 | AC_REVISION($Revision: 1.518 $) |
19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
20 | AC_LANG([C]) | 20 | AC_LANG([C]) |
21 | 21 | ||
@@ -120,32 +120,6 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ | |||
120 | #include <sys/types.h> | 120 | #include <sys/types.h> |
121 | #include <linux/prctl.h> | 121 | #include <linux/prctl.h> |
122 | ]) | 122 | ]) |
123 | if test "x$have_linux_no_new_privs" = "x1" ; then | ||
124 | AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ | ||
125 | #include <sys/types.h> | ||
126 | #include <linux/seccomp.h> | ||
127 | ]) | ||
128 | fi | ||
129 | if test "x$have_seccomp_filter" = "x1" ; then | ||
130 | AC_MSG_CHECKING([kernel for seccomp_filter support]) | ||
131 | AC_RUN_IFELSE([AC_LANG_PROGRAM([[ | ||
132 | #include <errno.h> | ||
133 | #include <linux/seccomp.h> | ||
134 | #include <stdlib.h> | ||
135 | #include <sys/prctl.h> | ||
136 | ]], | ||
137 | [[ errno = 0; | ||
138 | prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); | ||
139 | exit(errno == EFAULT ? 0 : 1); ]])], | ||
140 | [ AC_MSG_RESULT([yes]) ], [ | ||
141 | AC_MSG_RESULT([no]) | ||
142 | # Disable seccomp filter as a target | ||
143 | have_seccomp_filter=0 | ||
144 | ], | ||
145 | [ AC_MSG_RESULT([cross-compiling, assuming yes]) ] | ||
146 | ) | ||
147 | fi | ||
148 | |||
149 | use_stack_protector=1 | 123 | use_stack_protector=1 |
150 | AC_ARG_WITH([stackprotect], | 124 | AC_ARG_WITH([stackprotect], |
151 | [ --without-stackprotect Don't use compiler's stack protection], [ | 125 | [ --without-stackprotect Don't use compiler's stack protection], [ |
@@ -239,6 +213,18 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then | |||
239 | fi | 213 | fi |
240 | fi | 214 | fi |
241 | 215 | ||
216 | AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) | ||
217 | AC_COMPILE_IFELSE( | ||
218 | [AC_LANG_PROGRAM([[ | ||
219 | #include <stdlib.h> | ||
220 | __attribute__((__unused__)) static void foo(void){return;}]], | ||
221 | [[ exit(0); ]])], | ||
222 | [ AC_MSG_RESULT([yes]) ], | ||
223 | [ AC_MSG_RESULT([no]) | ||
224 | AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, | ||
225 | [compiler does not accept __attribute__ on return types]) ] | ||
226 | ) | ||
227 | |||
242 | if test "x$no_attrib_nonnull" != "x1" ; then | 228 | if test "x$no_attrib_nonnull" != "x1" ; then |
243 | AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) | 229 | AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) |
244 | fi | 230 | fi |
@@ -310,6 +296,7 @@ AC_CHECK_HEADERS([ \ | |||
310 | crypto/sha2.h \ | 296 | crypto/sha2.h \ |
311 | dirent.h \ | 297 | dirent.h \ |
312 | endian.h \ | 298 | endian.h \ |
299 | elf.h \ | ||
313 | features.h \ | 300 | features.h \ |
314 | fcntl.h \ | 301 | fcntl.h \ |
315 | floatingpoint.h \ | 302 | floatingpoint.h \ |
@@ -493,6 +480,7 @@ case "$host" in | |||
493 | AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], | 480 | AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], |
494 | [AIX 5.2 and 5.3 (and presumably newer) require this]) | 481 | [AIX 5.2 and 5.3 (and presumably newer) require this]) |
495 | AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) | 482 | AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) |
483 | AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) | ||
496 | ;; | 484 | ;; |
497 | *-*-cygwin*) | 485 | *-*-cygwin*) |
498 | check_for_libcrypt_later=1 | 486 | check_for_libcrypt_later=1 |
@@ -602,6 +590,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
602 | AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], | 590 | AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], |
603 | [String used in /etc/passwd to denote locked account]) | 591 | [String used in /etc/passwd to denote locked account]) |
604 | AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) | 592 | AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) |
593 | AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) | ||
605 | maildir="/var/mail" | 594 | maildir="/var/mail" |
606 | LIBS="$LIBS -lsec" | 595 | LIBS="$LIBS -lsec" |
607 | AC_CHECK_LIB([xnet], [t_error], , | 596 | AC_CHECK_LIB([xnet], [t_error], , |
@@ -713,20 +702,26 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
713 | AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], | 702 | AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], |
714 | [], [#include <linux/types.h>]) | 703 | [], [#include <linux/types.h>]) |
715 | AC_CHECK_FUNCS([prctl]) | 704 | AC_CHECK_FUNCS([prctl]) |
716 | have_seccomp_audit_arch=1 | 705 | AC_MSG_CHECKING([for seccomp architecture]) |
706 | seccomp_audit_arch= | ||
717 | case "$host" in | 707 | case "$host" in |
718 | x86_64-*) | 708 | x86_64-*) |
719 | AC_DEFINE([SECCOMP_AUDIT_ARCH], [AUDIT_ARCH_X86_64], | 709 | seccomp_audit_arch=AUDIT_ARCH_X86_64 |
720 | [Specify the system call convention in use]) | ||
721 | ;; | 710 | ;; |
722 | i*86-*) | 711 | i*86-*) |
723 | AC_DEFINE([SECCOMP_AUDIT_ARCH], [AUDIT_ARCH_I386], | 712 | seccomp_audit_arch=AUDIT_ARCH_I386 |
724 | [Specify the system call convention in use]) | ||
725 | ;; | ||
726 | *) | ||
727 | have_seccomp_audit_arch=0 | ||
728 | ;; | 713 | ;; |
714 | arm*-*) | ||
715 | seccomp_audit_arch=AUDIT_ARCH_ARM | ||
716 | ;; | ||
729 | esac | 717 | esac |
718 | if test "x$seccomp_audit_arch" != "x" ; then | ||
719 | AC_MSG_RESULT(["$seccomp_audit_arch"]) | ||
720 | AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], | ||
721 | [Specify the system call convention in use]) | ||
722 | else | ||
723 | AC_MSG_RESULT([architecture not supported]) | ||
724 | fi | ||
730 | ;; | 725 | ;; |
731 | mips-sony-bsd|mips-sony-newsos4) | 726 | mips-sony-bsd|mips-sony-newsos4) |
732 | AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) | 727 | AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) |
@@ -750,6 +745,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
750 | AC_CHECK_HEADER([net/if_tap.h], , | 745 | AC_CHECK_HEADER([net/if_tap.h], , |
751 | AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) | 746 | AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) |
752 | AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) | 747 | AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) |
748 | AC_DEFINE([BROKEN_STRNVIS], [1], [FreeBSD strnvis does not do what we need]) | ||
753 | ;; | 749 | ;; |
754 | *-*-bsdi*) | 750 | *-*-bsdi*) |
755 | AC_DEFINE([SETEUID_BREAKS_SETUID]) | 751 | AC_DEFINE([SETEUID_BREAKS_SETUID]) |
@@ -926,6 +922,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
926 | AC_CHECK_FUNCS([getluid setluid]) | 922 | AC_CHECK_FUNCS([getluid setluid]) |
927 | MANTYPE=man | 923 | MANTYPE=man |
928 | TEST_SHELL=ksh | 924 | TEST_SHELL=ksh |
925 | SKIP_DISABLE_LASTLOG_DEFINE=yes | ||
929 | ;; | 926 | ;; |
930 | *-*-unicosmk*) | 927 | *-*-unicosmk*) |
931 | AC_DEFINE([NO_SSH_LASTLOG], [1], | 928 | AC_DEFINE([NO_SSH_LASTLOG], [1], |
@@ -1194,7 +1191,7 @@ AC_CHECK_FUNCS([utimes], | |||
1194 | ) | 1191 | ) |
1195 | 1192 | ||
1196 | dnl Checks for libutil functions | 1193 | dnl Checks for libutil functions |
1197 | AC_CHECK_HEADERS([libutil.h]) | 1194 | AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) |
1198 | AC_SEARCH_LIBS([fmt_scaled], [util bsd]) | 1195 | AC_SEARCH_LIBS([fmt_scaled], [util bsd]) |
1199 | AC_SEARCH_LIBS([login], [util bsd]) | 1196 | AC_SEARCH_LIBS([login], [util bsd]) |
1200 | AC_SEARCH_LIBS([logout], [util bsd]) | 1197 | AC_SEARCH_LIBS([logout], [util bsd]) |
@@ -1563,6 +1560,8 @@ AC_CHECK_FUNCS([ \ | |||
1563 | getopt \ | 1560 | getopt \ |
1564 | getpeereid \ | 1561 | getpeereid \ |
1565 | getpeerucred \ | 1562 | getpeerucred \ |
1563 | getpgid \ | ||
1564 | getpgrp \ | ||
1566 | _getpty \ | 1565 | _getpty \ |
1567 | getrlimit \ | 1566 | getrlimit \ |
1568 | getttyent \ | 1567 | getttyent \ |
@@ -1622,6 +1621,7 @@ AC_CHECK_FUNCS([ \ | |||
1622 | strtonum \ | 1621 | strtonum \ |
1623 | strtoll \ | 1622 | strtoll \ |
1624 | strtoul \ | 1623 | strtoul \ |
1624 | strtoull \ | ||
1625 | swap32 \ | 1625 | swap32 \ |
1626 | sysconf \ | 1626 | sysconf \ |
1627 | tcgetpgrp \ | 1627 | tcgetpgrp \ |
@@ -1630,6 +1630,7 @@ AC_CHECK_FUNCS([ \ | |||
1630 | unsetenv \ | 1630 | unsetenv \ |
1631 | updwtmpx \ | 1631 | updwtmpx \ |
1632 | user_from_uid \ | 1632 | user_from_uid \ |
1633 | usleep \ | ||
1633 | vasprintf \ | 1634 | vasprintf \ |
1634 | vhangup \ | 1635 | vhangup \ |
1635 | vsnprintf \ | 1636 | vsnprintf \ |
@@ -2323,6 +2324,56 @@ AC_LINK_IFELSE( | |||
2323 | ] | 2324 | ] |
2324 | ) | 2325 | ) |
2325 | 2326 | ||
2327 | # Check for OpenSSL with EVP_aes_*ctr | ||
2328 | AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) | ||
2329 | AC_LINK_IFELSE( | ||
2330 | [AC_LANG_PROGRAM([[ | ||
2331 | #include <string.h> | ||
2332 | #include <openssl/evp.h> | ||
2333 | ]], [[ | ||
2334 | exit(EVP_aes_128_ctr() == NULL || | ||
2335 | EVP_aes_192_cbc() == NULL || | ||
2336 | EVP_aes_256_cbc() == NULL); | ||
2337 | ]])], | ||
2338 | [ | ||
2339 | AC_MSG_RESULT([yes]) | ||
2340 | AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], | ||
2341 | [libcrypto has EVP AES CTR]) | ||
2342 | ], | ||
2343 | [ | ||
2344 | AC_MSG_RESULT([no]) | ||
2345 | ] | ||
2346 | ) | ||
2347 | |||
2348 | # Check for OpenSSL with EVP_aes_*gcm | ||
2349 | AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) | ||
2350 | AC_LINK_IFELSE( | ||
2351 | [AC_LANG_PROGRAM([[ | ||
2352 | #include <string.h> | ||
2353 | #include <openssl/evp.h> | ||
2354 | ]], [[ | ||
2355 | exit(EVP_aes_128_gcm() == NULL || | ||
2356 | EVP_aes_256_gcm() == NULL || | ||
2357 | EVP_CTRL_GCM_SET_IV_FIXED == 0 || | ||
2358 | EVP_CTRL_GCM_IV_GEN == 0 || | ||
2359 | EVP_CTRL_GCM_SET_TAG == 0 || | ||
2360 | EVP_CTRL_GCM_GET_TAG == 0 || | ||
2361 | EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); | ||
2362 | ]])], | ||
2363 | [ | ||
2364 | AC_MSG_RESULT([yes]) | ||
2365 | AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], | ||
2366 | [libcrypto has EVP AES GCM]) | ||
2367 | ], | ||
2368 | [ | ||
2369 | AC_MSG_RESULT([no]) | ||
2370 | ] | ||
2371 | ) | ||
2372 | |||
2373 | AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], | ||
2374 | [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], | ||
2375 | [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) | ||
2376 | |||
2326 | AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) | 2377 | AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) |
2327 | AC_LINK_IFELSE( | 2378 | AC_LINK_IFELSE( |
2328 | [AC_LANG_PROGRAM([[ | 2379 | [AC_LANG_PROGRAM([[ |
@@ -2589,6 +2640,34 @@ AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], | |||
2589 | [non-privileged user for privilege separation]) | 2640 | [non-privileged user for privilege separation]) |
2590 | AC_SUBST([SSH_PRIVSEP_USER]) | 2641 | AC_SUBST([SSH_PRIVSEP_USER]) |
2591 | 2642 | ||
2643 | if test "x$have_linux_no_new_privs" = "x1" ; then | ||
2644 | AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ | ||
2645 | #include <sys/types.h> | ||
2646 | #include <linux/seccomp.h> | ||
2647 | ]) | ||
2648 | fi | ||
2649 | if test "x$have_seccomp_filter" = "x1" ; then | ||
2650 | AC_MSG_CHECKING([kernel for seccomp_filter support]) | ||
2651 | AC_LINK_IFELSE([AC_LANG_PROGRAM([[ | ||
2652 | #include <errno.h> | ||
2653 | #include <elf.h> | ||
2654 | #include <linux/audit.h> | ||
2655 | #include <linux/seccomp.h> | ||
2656 | #include <stdlib.h> | ||
2657 | #include <sys/prctl.h> | ||
2658 | ]], | ||
2659 | [[ int i = $seccomp_audit_arch; | ||
2660 | errno = 0; | ||
2661 | prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); | ||
2662 | exit(errno == EFAULT ? 0 : 1); ]])], | ||
2663 | [ AC_MSG_RESULT([yes]) ], [ | ||
2664 | AC_MSG_RESULT([no]) | ||
2665 | # Disable seccomp filter as a target | ||
2666 | have_seccomp_filter=0 | ||
2667 | ] | ||
2668 | ) | ||
2669 | fi | ||
2670 | |||
2592 | # Decide which sandbox style to use | 2671 | # Decide which sandbox style to use |
2593 | sandbox_arg="" | 2672 | sandbox_arg="" |
2594 | AC_ARG_WITH([sandbox], | 2673 | AC_ARG_WITH([sandbox], |
@@ -2623,6 +2702,7 @@ AC_RUN_IFELSE( | |||
2623 | struct rlimit rl_zero; | 2702 | struct rlimit rl_zero; |
2624 | int fd, r; | 2703 | int fd, r; |
2625 | fd_set fds; | 2704 | fd_set fds; |
2705 | struct timeval tv; | ||
2626 | 2706 | ||
2627 | fd = open("/dev/null", O_RDONLY); | 2707 | fd = open("/dev/null", O_RDONLY); |
2628 | FD_ZERO(&fds); | 2708 | FD_ZERO(&fds); |
@@ -2630,7 +2710,9 @@ AC_RUN_IFELSE( | |||
2630 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | 2710 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; |
2631 | setrlimit(RLIMIT_FSIZE, &rl_zero); | 2711 | setrlimit(RLIMIT_FSIZE, &rl_zero); |
2632 | setrlimit(RLIMIT_NOFILE, &rl_zero); | 2712 | setrlimit(RLIMIT_NOFILE, &rl_zero); |
2633 | r = select(fd+1, &fds, NULL, NULL, NULL); | 2713 | tv.tv_sec = 1; |
2714 | tv.tv_usec = 0; | ||
2715 | r = select(fd+1, &fds, NULL, NULL, &tv); | ||
2634 | exit (r == -1 ? 1 : 0); | 2716 | exit (r == -1 ? 1 : 0); |
2635 | ]])], | 2717 | ]])], |
2636 | [AC_MSG_RESULT([yes]) | 2718 | [AC_MSG_RESULT([yes]) |
@@ -2640,6 +2722,32 @@ AC_RUN_IFELSE( | |||
2640 | [AC_MSG_WARN([cross compiling: assuming yes])] | 2722 | [AC_MSG_WARN([cross compiling: assuming yes])] |
2641 | ) | 2723 | ) |
2642 | 2724 | ||
2725 | AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) | ||
2726 | AC_RUN_IFELSE( | ||
2727 | [AC_LANG_PROGRAM([[ | ||
2728 | #include <sys/types.h> | ||
2729 | #ifdef HAVE_SYS_TIME_H | ||
2730 | # include <sys/time.h> | ||
2731 | #endif | ||
2732 | #include <sys/resource.h> | ||
2733 | #include <errno.h> | ||
2734 | #include <stdlib.h> | ||
2735 | ]],[[ | ||
2736 | struct rlimit rl_zero; | ||
2737 | int fd, r; | ||
2738 | fd_set fds; | ||
2739 | |||
2740 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
2741 | r = setrlimit(RLIMIT_NOFILE, &rl_zero); | ||
2742 | exit (r == -1 ? 1 : 0); | ||
2743 | ]])], | ||
2744 | [AC_MSG_RESULT([yes]) | ||
2745 | rlimit_nofile_zero_works=yes], | ||
2746 | [AC_MSG_RESULT([no]) | ||
2747 | rlimit_nofile_zero_works=no], | ||
2748 | [AC_MSG_WARN([cross compiling: assuming yes])] | ||
2749 | ) | ||
2750 | |||
2643 | AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) | 2751 | AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) |
2644 | AC_RUN_IFELSE( | 2752 | AC_RUN_IFELSE( |
2645 | [AC_LANG_PROGRAM([[ | 2753 | [AC_LANG_PROGRAM([[ |
@@ -2676,11 +2784,13 @@ elif test "x$sandbox_arg" = "xdarwin" || \ | |||
2676 | elif test "x$sandbox_arg" = "xseccomp_filter" || \ | 2784 | elif test "x$sandbox_arg" = "xseccomp_filter" || \ |
2677 | ( test -z "$sandbox_arg" && \ | 2785 | ( test -z "$sandbox_arg" && \ |
2678 | test "x$have_seccomp_filter" = "x1" && \ | 2786 | test "x$have_seccomp_filter" = "x1" && \ |
2787 | test "x$ac_cv_header_elf_h" = "xyes" && \ | ||
2679 | test "x$ac_cv_header_linux_audit_h" = "xyes" && \ | 2788 | test "x$ac_cv_header_linux_audit_h" = "xyes" && \ |
2680 | test "x$have_seccomp_audit_arch" = "x1" && \ | 2789 | test "x$ac_cv_header_linux_filter_h" = "xyes" && \ |
2790 | test "x$seccomp_audit_arch" != "x" && \ | ||
2681 | test "x$have_linux_no_new_privs" = "x1" && \ | 2791 | test "x$have_linux_no_new_privs" = "x1" && \ |
2682 | test "x$ac_cv_func_prctl" = "xyes" ) ; then | 2792 | test "x$ac_cv_func_prctl" = "xyes" ) ; then |
2683 | test "x$have_seccomp_audit_arch" != "x1" && \ | 2793 | test "x$seccomp_audit_arch" = "x" && \ |
2684 | AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) | 2794 | AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) |
2685 | test "x$have_linux_no_new_privs" != "x1" && \ | 2795 | test "x$have_linux_no_new_privs" != "x1" && \ |
2686 | AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) | 2796 | AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) |
@@ -2692,7 +2802,8 @@ elif test "x$sandbox_arg" = "xseccomp_filter" || \ | |||
2692 | AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) | 2802 | AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) |
2693 | elif test "x$sandbox_arg" = "xrlimit" || \ | 2803 | elif test "x$sandbox_arg" = "xrlimit" || \ |
2694 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ | 2804 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ |
2695 | test "x$select_works_with_rlimit" == "xyes" ) ; then | 2805 | test "x$select_works_with_rlimit" = "xyes" && \ |
2806 | test "x$rlimit_nofile_zero_works" = "xyes" ) ; then | ||
2696 | test "x$ac_cv_func_setrlimit" != "xyes" && \ | 2807 | test "x$ac_cv_func_setrlimit" != "xyes" && \ |
2697 | AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) | 2808 | AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) |
2698 | test "x$select_works_with_rlimit" != "xyes" && \ | 2809 | test "x$select_works_with_rlimit" != "xyes" && \ |
@@ -3584,6 +3695,9 @@ AC_ARG_WITH([kerberos5], | |||
3584 | [$KRB5ROOT/bin/krb5-config], | 3695 | [$KRB5ROOT/bin/krb5-config], |
3585 | [$KRB5ROOT/bin:$PATH]) | 3696 | [$KRB5ROOT/bin:$PATH]) |
3586 | if test -x $KRB5CONF ; then | 3697 | if test -x $KRB5CONF ; then |
3698 | K5CFLAGS="`$KRB5CONF --cflags`" | ||
3699 | K5LIBS="`$KRB5CONF --libs`" | ||
3700 | CPPFLAGS="$CPPFLAGS $K5CFLAGS" | ||
3587 | 3701 | ||
3588 | AC_MSG_CHECKING([for gssapi support]) | 3702 | AC_MSG_CHECKING([for gssapi support]) |
3589 | if $KRB5CONF | grep gssapi >/dev/null ; then | 3703 | if $KRB5CONF | grep gssapi >/dev/null ; then |
@@ -3591,14 +3705,12 @@ AC_ARG_WITH([kerberos5], | |||
3591 | AC_DEFINE([GSSAPI], [1], | 3705 | AC_DEFINE([GSSAPI], [1], |
3592 | [Define this if you want GSSAPI | 3706 | [Define this if you want GSSAPI |
3593 | support in the version 2 protocol]) | 3707 | support in the version 2 protocol]) |
3594 | k5confopts=gssapi | 3708 | GSSCFLAGS="`$KRB5CONF --cflags gssapi`" |
3709 | GSSLIBS="`$KRB5CONF --libs gssapi`" | ||
3710 | CPPFLAGS="$CPPFLAGS $GSSCFLAGS" | ||
3595 | else | 3711 | else |
3596 | AC_MSG_RESULT([no]) | 3712 | AC_MSG_RESULT([no]) |
3597 | k5confopts="" | ||
3598 | fi | 3713 | fi |
3599 | K5CFLAGS="`$KRB5CONF --cflags $k5confopts`" | ||
3600 | K5LIBS="`$KRB5CONF --libs $k5confopts`" | ||
3601 | CPPFLAGS="$CPPFLAGS $K5CFLAGS" | ||
3602 | AC_MSG_CHECKING([whether we are using Heimdal]) | 3714 | AC_MSG_CHECKING([whether we are using Heimdal]) |
3603 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> | 3715 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> |
3604 | ]], [[ char *tmp = heimdal_version; ]])], | 3716 | ]], [[ char *tmp = heimdal_version; ]])], |
@@ -3630,14 +3742,16 @@ AC_ARG_WITH([kerberos5], | |||
3630 | 3742 | ||
3631 | AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], | 3743 | AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], |
3632 | [ AC_DEFINE([GSSAPI]) | 3744 | [ AC_DEFINE([GSSAPI]) |
3633 | K5LIBS="-lgssapi_krb5 $K5LIBS" ], | 3745 | GSSLIBS="-lgssapi_krb5" ], |
3634 | [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], | 3746 | [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], |
3635 | [ AC_DEFINE([GSSAPI]) | 3747 | [ AC_DEFINE([GSSAPI]) |
3636 | K5LIBS="-lgssapi $K5LIBS" ], | 3748 | GSSLIBS="-lgssapi" ], |
3637 | AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]), | 3749 | [ AC_CHECK_LIB([gss], [gss_init_sec_context], |
3638 | $K5LIBS) | 3750 | [ AC_DEFINE([GSSAPI]) |
3639 | ], | 3751 | GSSLIBS="-lgss" ], |
3640 | $K5LIBS) | 3752 | AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) |
3753 | ]) | ||
3754 | ]) | ||
3641 | 3755 | ||
3642 | AC_CHECK_HEADER([gssapi.h], , | 3756 | AC_CHECK_HEADER([gssapi.h], , |
3643 | [ unset ac_cv_header_gssapi_h | 3757 | [ unset ac_cv_header_gssapi_h |
@@ -3665,12 +3779,27 @@ AC_ARG_WITH([kerberos5], | |||
3665 | AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) | 3779 | AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) |
3666 | AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) | 3780 | AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) |
3667 | 3781 | ||
3668 | LIBS="$LIBS $K5LIBS" | ||
3669 | AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], | 3782 | AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], |
3670 | [Define this if you want to use libkafs' AFS support])]) | 3783 | [Define this if you want to use libkafs' AFS support])]) |
3784 | |||
3785 | AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ | ||
3786 | #ifdef HAVE_GSSAPI_H | ||
3787 | # include <gssapi.h> | ||
3788 | #elif defined(HAVE_GSSAPI_GSSAPI_H) | ||
3789 | # include <gssapi/gssapi.h> | ||
3790 | #endif | ||
3791 | |||
3792 | #ifdef HAVE_GSSAPI_GENERIC_H | ||
3793 | # include <gssapi_generic.h> | ||
3794 | #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) | ||
3795 | # include <gssapi/gssapi_generic.h> | ||
3796 | #endif | ||
3797 | ]]) | ||
3671 | fi | 3798 | fi |
3672 | ] | 3799 | ] |
3673 | ) | 3800 | ) |
3801 | AC_SUBST([GSSLIBS]) | ||
3802 | AC_SUBST([K5LIBS]) | ||
3674 | 3803 | ||
3675 | # Check whether user wants ConsoleKit support | 3804 | # Check whether user wants ConsoleKit support |
3676 | CONSOLEKIT_MSG="no" | 3805 | CONSOLEKIT_MSG="no" |
@@ -4361,7 +4490,6 @@ if test -n "$conf_wtmp_location"; then | |||
4361 | [Define if you want to specify the path to your wtmp file]) | 4490 | [Define if you want to specify the path to your wtmp file]) |
4362 | fi | 4491 | fi |
4363 | 4492 | ||
4364 | |||
4365 | dnl wtmpx detection | 4493 | dnl wtmpx detection |
4366 | AC_MSG_CHECKING([if your system defines WTMPX_FILE]) | 4494 | AC_MSG_CHECKING([if your system defines WTMPX_FILE]) |
4367 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ | 4495 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ |
@@ -4393,6 +4521,43 @@ if test ! -z "$blibpath" ; then | |||
4393 | AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) | 4521 | AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) |
4394 | fi | 4522 | fi |
4395 | 4523 | ||
4524 | AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ | ||
4525 | if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then | ||
4526 | AC_DEFINE([DISABLE_LASTLOG]) | ||
4527 | fi | ||
4528 | ], [ | ||
4529 | #ifdef HAVE_SYS_TYPES_H | ||
4530 | #include <sys/types.h> | ||
4531 | #endif | ||
4532 | #ifdef HAVE_UTMP_H | ||
4533 | #include <utmp.h> | ||
4534 | #endif | ||
4535 | #ifdef HAVE_UTMPX_H | ||
4536 | #include <utmpx.h> | ||
4537 | #endif | ||
4538 | #ifdef HAVE_LASTLOG_H | ||
4539 | #include <lastlog.h> | ||
4540 | #endif | ||
4541 | ]) | ||
4542 | |||
4543 | AC_CHECK_MEMBER([struct utmp.ut_line], [], [ | ||
4544 | AC_DEFINE([DISABLE_UTMP]) | ||
4545 | AC_DEFINE([DISABLE_WTMP]) | ||
4546 | ], [ | ||
4547 | #ifdef HAVE_SYS_TYPES_H | ||
4548 | #include <sys/types.h> | ||
4549 | #endif | ||
4550 | #ifdef HAVE_UTMP_H | ||
4551 | #include <utmp.h> | ||
4552 | #endif | ||
4553 | #ifdef HAVE_UTMPX_H | ||
4554 | #include <utmpx.h> | ||
4555 | #endif | ||
4556 | #ifdef HAVE_LASTLOG_H | ||
4557 | #include <lastlog.h> | ||
4558 | #endif | ||
4559 | ]) | ||
4560 | |||
4396 | dnl Adding -Werror to CFLAGS early prevents configure tests from running. | 4561 | dnl Adding -Werror to CFLAGS early prevents configure tests from running. |
4397 | dnl Add now. | 4562 | dnl Add now. |
4398 | CFLAGS="$CFLAGS $werror_flags" | 4563 | CFLAGS="$CFLAGS $werror_flags" |