diff options
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 114 |
1 files changed, 80 insertions, 34 deletions
diff --git a/configure.ac b/configure.ac index 6cafb1535..9f59794bc 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -79,19 +79,6 @@ if test -z "$AR" ; then | |||
79 | AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) | 79 | AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) |
80 | fi | 80 | fi |
81 | 81 | ||
82 | # Use LOGIN_PROGRAM from environment if possible | ||
83 | if test ! -z "$LOGIN_PROGRAM" ; then | ||
84 | AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"], | ||
85 | [If your header files don't define LOGIN_PROGRAM, | ||
86 | then use this (detected) from environment and PATH]) | ||
87 | else | ||
88 | # Search for login | ||
89 | AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login]) | ||
90 | if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then | ||
91 | AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"]) | ||
92 | fi | ||
93 | fi | ||
94 | |||
95 | AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) | 82 | AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) |
96 | if test ! -z "$PATH_PASSWD_PROG" ; then | 83 | if test ! -z "$PATH_PASSWD_PROG" ; then |
97 | AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], | 84 | AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], |
@@ -123,6 +110,7 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ | |||
123 | 110 | ||
124 | openssl=yes | 111 | openssl=yes |
125 | ssh1=no | 112 | ssh1=no |
113 | COMMENT_OUT_RSA1="#no ssh1#" | ||
126 | AC_ARG_WITH([openssl], | 114 | AC_ARG_WITH([openssl], |
127 | [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], | 115 | [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], |
128 | [ if test "x$withval" = "xno" ; then | 116 | [ if test "x$withval" = "xno" ; then |
@@ -147,6 +135,7 @@ AC_ARG_WITH([ssh1], | |||
147 | AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled]) | 135 | AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled]) |
148 | fi | 136 | fi |
149 | ssh1=yes | 137 | ssh1=yes |
138 | COMMENT_OUT_RSA1="" | ||
150 | elif test "x$withval" = "xno" ; then | 139 | elif test "x$withval" = "xno" ; then |
151 | ssh1=no | 140 | ssh1=no |
152 | else | 141 | else |
@@ -158,6 +147,7 @@ AC_MSG_CHECKING([whether SSH protocol 1 support is enabled]) | |||
158 | if test "x$ssh1" = "xyes" ; then | 147 | if test "x$ssh1" = "xyes" ; then |
159 | AC_MSG_RESULT([yes]) | 148 | AC_MSG_RESULT([yes]) |
160 | AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support]) | 149 | AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support]) |
150 | AC_SUBST([COMMENT_OUT_RSA1]) | ||
161 | else | 151 | else |
162 | AC_MSG_RESULT([no]) | 152 | AC_MSG_RESULT([no]) |
163 | fi | 153 | fi |
@@ -415,6 +405,7 @@ AC_CHECK_HEADERS([ \ | |||
415 | sys/poll.h \ | 405 | sys/poll.h \ |
416 | sys/prctl.h \ | 406 | sys/prctl.h \ |
417 | sys/pstat.h \ | 407 | sys/pstat.h \ |
408 | sys/ptrace.h \ | ||
418 | sys/select.h \ | 409 | sys/select.h \ |
419 | sys/stat.h \ | 410 | sys/stat.h \ |
420 | sys/stream.h \ | 411 | sys/stream.h \ |
@@ -677,18 +668,16 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
677 | TEST_MALLOC_OPTIONS="AFGJPRX" | 668 | TEST_MALLOC_OPTIONS="AFGJPRX" |
678 | ;; | 669 | ;; |
679 | *-*-haiku*) | 670 | *-*-haiku*) |
680 | LIBS="$LIBS -lbsd " | 671 | LIBS="$LIBS -lbsd " |
681 | AC_CHECK_LIB([network], [socket]) | 672 | AC_CHECK_LIB([network], [socket]) |
682 | AC_DEFINE([HAVE_U_INT64_T]) | 673 | AC_DEFINE([HAVE_U_INT64_T]) |
683 | MANTYPE=man | 674 | MANTYPE=man |
684 | ;; | 675 | ;; |
685 | *-*-hpux*) | 676 | *-*-hpux*) |
686 | # first we define all of the options common to all HP-UX releases | 677 | # first we define all of the options common to all HP-UX releases |
687 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" | 678 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" |
688 | IPADDR_IN_DISPLAY=yes | 679 | IPADDR_IN_DISPLAY=yes |
689 | AC_DEFINE([USE_PIPES]) | 680 | AC_DEFINE([USE_PIPES]) |
690 | AC_DEFINE([LOGIN_NO_ENDOPT], [1], | ||
691 | [Define if your login program cannot handle end of options ("--")]) | ||
692 | AC_DEFINE([LOGIN_NEEDS_UTMPX]) | 681 | AC_DEFINE([LOGIN_NEEDS_UTMPX]) |
693 | AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], | 682 | AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], |
694 | [String used in /etc/passwd to denote locked account]) | 683 | [String used in /etc/passwd to denote locked account]) |
@@ -805,7 +794,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
805 | fi | 794 | fi |
806 | AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], | 795 | AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], |
807 | [], [#include <linux/types.h>]) | 796 | [], [#include <linux/types.h>]) |
808 | AC_CHECK_FUNCS([prctl]) | ||
809 | AC_MSG_CHECKING([for seccomp architecture]) | 797 | AC_MSG_CHECKING([for seccomp architecture]) |
810 | seccomp_audit_arch= | 798 | seccomp_audit_arch= |
811 | case "$host" in | 799 | case "$host" in |
@@ -870,8 +858,6 @@ mips-sony-bsd|mips-sony-newsos4) | |||
870 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], | 858 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], |
871 | [Prepend the address family to IP tunnel traffic]) | 859 | [Prepend the address family to IP tunnel traffic]) |
872 | TEST_MALLOC_OPTIONS="AJRX" | 860 | TEST_MALLOC_OPTIONS="AJRX" |
873 | AC_DEFINE([BROKEN_STRNVIS], [1], | ||
874 | [NetBSD strnvis argument order is swapped compared to OpenBSD]) | ||
875 | AC_DEFINE([BROKEN_READ_COMPARISON], [1], | 861 | AC_DEFINE([BROKEN_READ_COMPARISON], [1], |
876 | [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) | 862 | [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) |
877 | ;; | 863 | ;; |
@@ -882,8 +868,6 @@ mips-sony-bsd|mips-sony-newsos4) | |||
882 | AC_CHECK_HEADER([net/if_tap.h], , | 868 | AC_CHECK_HEADER([net/if_tap.h], , |
883 | AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) | 869 | AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) |
884 | AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) | 870 | AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) |
885 | AC_DEFINE([BROKEN_STRNVIS], [1], | ||
886 | [FreeBSD strnvis argument order is swapped compared to OpenBSD]) | ||
887 | TEST_MALLOC_OPTIONS="AJRX" | 871 | TEST_MALLOC_OPTIONS="AJRX" |
888 | # Preauth crypto occasionally uses file descriptors for crypto offload | 872 | # Preauth crypto occasionally uses file descriptors for crypto offload |
889 | # and will crash if they cannot be opened. | 873 | # and will crash if they cannot be opened. |
@@ -920,9 +904,6 @@ mips-sony-bsd|mips-sony-newsos4) | |||
920 | fi | 904 | fi |
921 | AC_DEFINE([PAM_SUN_CODEBASE]) | 905 | AC_DEFINE([PAM_SUN_CODEBASE]) |
922 | AC_DEFINE([LOGIN_NEEDS_UTMPX]) | 906 | AC_DEFINE([LOGIN_NEEDS_UTMPX]) |
923 | AC_DEFINE([LOGIN_NEEDS_TERM], [1], | ||
924 | [Some versions of /bin/login need the TERM supplied | ||
925 | on the commandline]) | ||
926 | AC_DEFINE([PAM_TTY_KLUDGE]) | 907 | AC_DEFINE([PAM_TTY_KLUDGE]) |
927 | AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], | 908 | AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], |
928 | [Define if pam_chauthtok wants real uid set | 909 | [Define if pam_chauthtok wants real uid set |
@@ -1181,15 +1162,15 @@ mips-sony-bsd|mips-sony-newsos4) | |||
1181 | 1162 | ||
1182 | *-*-ultrix*) | 1163 | *-*-ultrix*) |
1183 | AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) | 1164 | AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) |
1184 | AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files]) | ||
1185 | AC_DEFINE([NEED_SETPGRP]) | 1165 | AC_DEFINE([NEED_SETPGRP]) |
1186 | AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) | 1166 | AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) |
1187 | ;; | 1167 | ;; |
1188 | 1168 | ||
1189 | *-*-lynxos) | 1169 | *-*-lynxos) |
1190 | CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" | 1170 | CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" |
1191 | AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) | 1171 | AC_DEFINE([BROKEN_SETVBUF], [1], |
1192 | ;; | 1172 | [LynxOS has broken setvbuf() implementation]) |
1173 | ;; | ||
1193 | esac | 1174 | esac |
1194 | 1175 | ||
1195 | AC_MSG_CHECKING([compiler and flags for sanity]) | 1176 | AC_MSG_CHECKING([compiler and flags for sanity]) |
@@ -1807,7 +1788,6 @@ AC_CHECK_FUNCS([ \ | |||
1807 | memmove \ | 1788 | memmove \ |
1808 | memset_s \ | 1789 | memset_s \ |
1809 | mkdtemp \ | 1790 | mkdtemp \ |
1810 | mmap \ | ||
1811 | ngetaddrinfo \ | 1791 | ngetaddrinfo \ |
1812 | nsleep \ | 1792 | nsleep \ |
1813 | ogetaddrinfo \ | 1793 | ogetaddrinfo \ |
@@ -1843,6 +1823,7 @@ AC_CHECK_FUNCS([ \ | |||
1843 | socketpair \ | 1823 | socketpair \ |
1844 | statfs \ | 1824 | statfs \ |
1845 | statvfs \ | 1825 | statvfs \ |
1826 | strcasestr \ | ||
1846 | strdup \ | 1827 | strdup \ |
1847 | strerror \ | 1828 | strerror \ |
1848 | strlcat \ | 1829 | strlcat \ |
@@ -1876,6 +1857,24 @@ CFLAGS="$CFLAGS -D_XOPEN_SOURCE" | |||
1876 | AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) | 1857 | AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) |
1877 | CFLAGS="$saved_CFLAGS" | 1858 | CFLAGS="$saved_CFLAGS" |
1878 | 1859 | ||
1860 | TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} | ||
1861 | AC_MSG_CHECKING([for utf8 locale support]) | ||
1862 | AC_RUN_IFELSE( | ||
1863 | [AC_LANG_PROGRAM([[ | ||
1864 | #include <locale.h> | ||
1865 | #include <stdlib.h> | ||
1866 | ]], [[ | ||
1867 | char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); | ||
1868 | if (loc != NULL) | ||
1869 | exit(0); | ||
1870 | exit(1); | ||
1871 | ]])], | ||
1872 | AC_MSG_RESULT(yes), | ||
1873 | [AC_MSG_RESULT(no) | ||
1874 | TEST_SSH_UTF8=no], | ||
1875 | AC_MSG_WARN([cross compiling: assuming yes]) | ||
1876 | ) | ||
1877 | |||
1879 | AC_LINK_IFELSE( | 1878 | AC_LINK_IFELSE( |
1880 | [AC_LANG_PROGRAM( | 1879 | [AC_LANG_PROGRAM( |
1881 | [[ #include <ctype.h> ]], | 1880 | [[ #include <ctype.h> ]], |
@@ -2413,6 +2412,41 @@ if test "x$check_for_conflicting_getspnam" = "x1"; then | |||
2413 | ) | 2412 | ) |
2414 | fi | 2413 | fi |
2415 | 2414 | ||
2415 | dnl NetBSD added an strnvis and unfortunately made it incompatible with the | ||
2416 | dnl existing one in OpenBSD and Linux's libbsd (the former having existed | ||
2417 | dnl for over ten years). Despite this incompatibility being reported during | ||
2418 | dnl development (see http://gnats.netbsd.org/44977) they still shipped it. | ||
2419 | dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible | ||
2420 | dnl implementation. Try to detect this mess, and assume the only safe option | ||
2421 | dnl if we're cross compiling. | ||
2422 | dnl | ||
2423 | dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); | ||
2424 | dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); | ||
2425 | if test "x$ac_cv_func_strnvis" = "xyes"; then | ||
2426 | AC_MSG_CHECKING([for working strnvis]) | ||
2427 | AC_RUN_IFELSE( | ||
2428 | [AC_LANG_PROGRAM([[ | ||
2429 | #include <signal.h> | ||
2430 | #include <stdlib.h> | ||
2431 | #include <string.h> | ||
2432 | #include <vis.h> | ||
2433 | static void sighandler(int sig) { _exit(1); } | ||
2434 | ]], [[ | ||
2435 | char dst[16]; | ||
2436 | |||
2437 | signal(SIGSEGV, sighandler); | ||
2438 | if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) | ||
2439 | exit(0); | ||
2440 | exit(1) | ||
2441 | ]])], | ||
2442 | [AC_MSG_RESULT([yes])], | ||
2443 | [AC_MSG_RESULT([no]) | ||
2444 | AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], | ||
2445 | [AC_MSG_WARN([cross compiling: assuming broken]) | ||
2446 | AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] | ||
2447 | ) | ||
2448 | fi | ||
2449 | |||
2416 | AC_FUNC_GETPGRP | 2450 | AC_FUNC_GETPGRP |
2417 | 2451 | ||
2418 | # Search for OpenSSL | 2452 | # Search for OpenSSL |
@@ -3092,6 +3126,17 @@ AC_ARG_WITH([pam], | |||
3092 | ] | 3126 | ] |
3093 | ) | 3127 | ) |
3094 | 3128 | ||
3129 | AC_ARG_WITH([pam-service], | ||
3130 | [ --with-pam-service=name Specify PAM service name ], | ||
3131 | [ | ||
3132 | if test "x$withval" != "xno" && \ | ||
3133 | test "x$withval" != "xyes" ; then | ||
3134 | AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], | ||
3135 | ["$withval"], [sshd PAM service name]) | ||
3136 | fi | ||
3137 | ] | ||
3138 | ) | ||
3139 | |||
3095 | # Check for older PAM | 3140 | # Check for older PAM |
3096 | if test "x$PAM_MSG" = "xyes" ; then | 3141 | if test "x$PAM_MSG" = "xyes" ; then |
3097 | # Check PAM strerror arguments (old PAM) | 3142 | # Check PAM strerror arguments (old PAM) |
@@ -4205,7 +4250,7 @@ AC_ARG_WITH([kerberos5], | |||
4205 | AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) | 4250 | AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) |
4206 | KRB5_MSG="yes" | 4251 | KRB5_MSG="yes" |
4207 | 4252 | ||
4208 | AC_PATH_PROG([KRB5CONF], [krb5-config], | 4253 | AC_PATH_TOOL([KRB5CONF], [krb5-config], |
4209 | [$KRB5ROOT/bin/krb5-config], | 4254 | [$KRB5ROOT/bin/krb5-config], |
4210 | [$KRB5ROOT/bin:$PATH]) | 4255 | [$KRB5ROOT/bin:$PATH]) |
4211 | if test -x $KRB5CONF ; then | 4256 | if test -x $KRB5CONF ; then |
@@ -5086,6 +5131,7 @@ else | |||
5086 | fi | 5131 | fi |
5087 | AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) | 5132 | AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) |
5088 | AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) | 5133 | AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) |
5134 | AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) | ||
5089 | AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) | 5135 | AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) |
5090 | AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) | 5136 | AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) |
5091 | 5137 | ||