1 files changed, 89 insertions, 14 deletions

diff --git a/configure.ac b/configure.ac
index 6ba4d244a..36c457728 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.214 2004/04/17 03:03:07 tim Exp $
+# $Id: configure.ac,v 1.226 2004/08/16 13:12:06 dtucker Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -28,6 +28,8 @@ AC_PROG_CPP
 AC_PROG_RANLIB
 AC_PROG_INSTALL
 AC_PATH_PROG(AR, ar)
+AC_PATH_PROG(CAT, cat)
+AC_PATH_PROG(KILL, kill)
 AC_PATH_PROGS(PERL, perl5 perl)
 AC_PATH_PROG(SED, sed)
 AC_SUBST(PERL)
@@ -37,6 +39,14 @@ AC_PATH_PROG(TEST_MINUS_S_SH, bash)
 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
 AC_PATH_PROG(SH, sh)
+AC_SUBST(TEST_SHELL,sh)
+
+dnl for buildpkg.sh
+AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
+        [/usr/sbin${PATH_SEPARATOR}/etc])
+AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
+        [/usr/sbin${PATH_SEPARATOR}/etc])
+AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
 
 # System features
 AC_SYS_LARGEFILE
@@ -244,6 +254,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
         AC_DEFINE(PAM_TTY_KLUDGE)
         AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
         AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
+        AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
         inet6_default_4in6=yes
         case `uname -r` in
         1.*|2.0.*)
@@ -287,6 +298,7 @@ mips-sony-bsd|mips-sony-newsos4)
         AC_DEFINE(LOGIN_NEEDS_UTMPX)
         AC_DEFINE(LOGIN_NEEDS_TERM)
         AC_DEFINE(PAM_TTY_KLUDGE)
+        AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
         AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
         # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
         AC_DEFINE(SSHD_ACQUIRES_CTTY)
@@ -366,6 +378,7 @@ mips-sony-bsd|mips-sony-newsos4)
         AC_CHECK_FUNCS(getluid setluid)
         MANTYPE=man
         do_sco3_extra_lib_check=yes
+        TEST_SHELL=ksh
         ;;
 *-*-sco3.2v5*)
         if test -z "$GCC"; then
@@ -381,8 +394,10 @@ mips-sony-bsd|mips-sony-newsos4)
         AC_DEFINE(BROKEN_SETREUID)
         AC_DEFINE(BROKEN_SETREGID)
         AC_DEFINE(WITH_ABBREV_NO_TTY)
+        AC_DEFINE(BROKEN_UPDWTMPX)
         AC_CHECK_FUNCS(getluid setluid)
         MANTYPE=man
+        TEST_SHELL=ksh
         ;;
 *-*-unicosmk*)
         AC_DEFINE(NO_SSH_LASTLOG)
@@ -503,16 +518,16 @@ int main(){exit(0);}
 )
 
 # Checks for header files.
-AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
-        getopt.h glob.h ia.h lastlog.h limits.h login.h \
-        login_cap.h maillock.h netdb.h netgroup.h \
+AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
+        floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
+        login_cap.h maillock.h ndir.h netdb.h netgroup.h \
         netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
         rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
-        strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
-        sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \
-        sys/select.h sys/stat.h sys/stream.h sys/stropts.h \
-        sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \
-        ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
+        strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
+        sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
+        sys/pstat.h sys/ptms.h sys/select.h sys/stat.h sys/stream.h \
+        sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
+        time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
 
 # Checks for libraries.
 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
@@ -717,6 +732,14 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
         ]
 )
 
+AC_MSG_CHECKING([for /proc/pid/fd directory])
+if test -d "/proc/$$/fd" ; then
+        AC_DEFINE(HAVE_PROC_PID)
+        AC_MSG_RESULT(yes)
+else
+        AC_MSG_RESULT(no)
+fi
+
 # Check whether user wants S/Key support
 SKEY_MSG="no"
 AC_ARG_WITH(skey,
@@ -818,9 +841,9 @@ AC_ARG_WITH(tcp-wrappers,
 
 dnl    Checks for library functions. Please keep in alphabetical order
 AC_CHECK_FUNCS(\
-        arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
-        bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
-        getaddrinfo getcwd getgrouplist getnameinfo getopt \
+        arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
+        bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \
+        futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \
         getpeereid _getpty getrlimit getttyent glob inet_aton \
         inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
         mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
@@ -860,6 +883,8 @@ AC_CHECK_DECL(tcsendbreak,
         [#include <termios.h>]
 )
 
+AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
+
 AC_CHECK_FUNCS(setresuid, [
         dnl Some platorms have setresuid that isn't implemented, test for this
         AC_MSG_CHECKING(if setresuid seems to work)
@@ -924,6 +949,20 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
         )
 fi
 
+# Check for missing getpeereid (or equiv) support
+NO_PEERCHECK=""
+if test "x$ac_cv_func_getpeereid" != "xyes" ; then
+        AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
+        AC_TRY_COMPILE(
+                [#include <sys/types.h>
+                 #include <sys/socket.h>],
+                [int i = SO_PEERCRED;],
+                [AC_MSG_RESULT(yes)],
+                [AC_MSG_RESULT(no)
+                NO_PEERCHECK=1]
+        )
+fi
+
 dnl see whether mkstemp() requires XXXXXX
 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
 AC_MSG_CHECKING([for (overly) strict mkstemp])
@@ -2154,6 +2193,25 @@ AC_SEARCH_LIBS(getrrsetbyname, resolv,
                 # Needed by our getrrsetbyname()
                 AC_SEARCH_LIBS(res_query, resolv)
                 AC_SEARCH_LIBS(dn_expand, resolv)
+                AC_MSG_CHECKING(if res_query will link)
+                AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
+                   [AC_MSG_RESULT(no)
+                    saved_LIBS="$LIBS"
+                    LIBS="$LIBS -lresolv"
+                    AC_MSG_CHECKING(for res_query in -lresolv)
+                    AC_LINK_IFELSE([
+#include <resolv.h>
+int main()
+{
+        res_query (0, 0, 0, 0, 0);
+        return 0;
+}
+                        ],
+                        [LIBS="$LIBS -lresolv"
+                         AC_MSG_RESULT(yes)],
+                        [LIBS="$saved_LIBS"
+                         AC_MSG_RESULT(no)])
+                    ])
                 AC_CHECK_FUNCS(_getshort _getlong)
                 AC_CHECK_MEMBER(HEADER.ad,
                         [AC_DEFINE(HAVE_HEADER_AD)],,
@@ -2207,7 +2265,10 @@ AC_ARG_WITH(kerberos5,
                                        [ char *tmp = heimdal_version; ],
                                        [ AC_MSG_RESULT(yes)
                                          AC_DEFINE(HEIMDAL)
-                                         K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
+                                         K5LIBS="-lkrb5 -ldes"
+                                         K5LIBS="$K5LIBS -lcom_err -lasn1"
+                                         AC_CHECK_LIB(roken, net_write, 
+                                           [K5LIBS="$K5LIBS -lroken"])
                                        ],
                                        [ AC_MSG_RESULT(no)
                                          K5LIBS="-lkrb5 -lk5crypto -lcom_err"
@@ -2870,7 +2931,7 @@ if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
 fi
 
 AC_EXEEXT
-AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
+AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
 AC_OUTPUT
 
 # Print summary of options
@@ -2935,6 +2996,10 @@ echo "         Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
 
 echo ""
 
+if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
+        echo "SVR4 style packages are supported with \"make package\"\n"
+fi
+
 if test "x$PAM_MSG" = "xyes" ; then
         echo "PAM is enabled. You may need to install a PAM control file "
         echo "for sshd, otherwise password authentication may fail. "
@@ -2951,3 +3016,13 @@ if test ! -z "$RAND_HELPER_CMDHASH" ; then
         echo ""
 fi
 
+if test ! -z "$NO_PEERCHECK" ; then
+        echo "WARNING: the operating system that you are using does not "
+        echo "appear to support either the getpeereid() API nor the "
+        echo "SO_PEERCRED getsockopt() option. These facilities are used to "
+        echo "enforce security checks to prevent unauthorised connections to "
+        echo "ssh-agent. Their absence increases the risk that a malicious "
+        echo "user can connect to your agent. "
+        echo ""
+fi
+