# # configure.in # # Author: Tatu Ylonen # # Copyright (c) 1995 Tatu Ylonen , Espoo, Finland # All rights reserved # # Created: Wed Mar 22 18:02:48 1995 ylo # # $Id: configure.in,v 1.1.1.5 1998/05/14 21:26:15 nathanw Exp $ # $Log: configure.in,v $ # Revision 1.1.1.5 1998/05/14 21:26:15 nathanw # 1998/5/14 Athena update # # Revision 1.9 1998/05/13 20:18:54 danw # merge in changes from 1.2.23 # # Revision 1.8 1998/03/11 20:27:39 ghudson # Install ssh mode 755, not 711. # # Revision 1.7 1998/03/03 17:18:30 rbasch # Remove -n32 compile option for IRIX 6.x # # Revision 1.6 1998/02/28 19:08:18 ghudson # Do a better job of using libucb. # # Revision 1.5 1998/01/24 01:47:24 danw # merge in changes for 1.2.22 # # Revision 1.4 1997/11/19 22:37:17 danw # krb5 may need -lgen for regexp stuff # # Revision 1.3 1997/11/15 00:04:17 danw # Use atexit() functions to destroy tickets and call al_acct_revert. # Work around Solaris lossage with libucb and grantpt. # # Revision 1.2 1997/11/12 21:16:15 danw # Athena-login changes (including some krb4 stuff) # # Revision 1.1.1.1 1997/10/17 22:25:52 danw # Import of ssh 1.2.21 # # Revision 1.1.1.2 1998/01/24 01:25:08 danw # Import of ssh 1.2.22 # # Revision 1.1.1.3 1998/05/13 19:10:54 danw # Import of ssh 1.2.23 # # Revision 1.56 1998/04/30 02:34:08 kivinen # Added CRAY T3E. # # Revision 1.55 1998/04/17 00:37:37 kivinen # Added login_cap.h checking. Added /tmp/.X11-pipe socket # directory checking. Added nologin-allow support. Fixed typo. # # Revision 1.54 1998/03/29 02:46:50 kivinen # Fixed order of socks5 lib and include tests. Remvoed gssrpc # from kerberos libs. # # Revision 1.53 1998/03/27 17:26:32 kivinen # Removed TSS. # # Revision 1.52 1998/03/27 16:57:40 kivinen # Added ttyslot and authenticate function checks. Added check # for /var/X/.X11-unix directory (X11 sockets). Fixed kerberos # support when using socks with it. Added --enable-tcp-nodelay # option. # # Revision 1.51 1998/01/14 16:40:03 kivinen # Added check that getespwnam function exists for osf/1. # # Revision 1.50 1998/01/03 06:40:30 kivinen # Fixed prot.h check/local copy generation. # # Revision 1.49 1998/01/02 06:17:02 kivinen # Added automatic prot.h fixiging for dunix 4.0. Added # sys/resource.h checking. # # Revision 1.48 1997/05/13 22:31:34 kivinen # Fixed RSAREF code. # # Revision 1.47 1997/05/08 02:57:26 kivinen # Fixed AC_MSG_RESULT messages when disabling idea in commercial # version. # # Revision 1.46 1997/04/22 23:59:59 kivinen # Fixed SIGINFO check. # Added check that getpseudotty function exists before using. # Added check that spwd struct have sp_expire and sp_inact # fields. # Added WARPLIBS stuff. # # Revision 1.45 1997/04/21 01:03:05 kivinen # Fixed linux shadow password pw_encrypt function detection. It # seems to be in libshadow, not in the same library as getspnam. # Added AC_MSG_CHECKING/AC_MSG_RESULT to AC_EGREP_HEADER stuff. # Added AC_CHECK_FUNCS(waitpid). # # Revision 1.44 1997/04/17 03:58:29 kivinen # Added --enable-deprecated-linux-pw-encrypt support. # Fixed $HOME/MailBox to $HOME/Mailbox. # # Revision 1.43 1997/04/05 21:46:36 kivinen # Added check for $HOME/MailBox. # Added KRB5 define, added -lcom_err to KERBEROS_LIBS. Added # -lndbm to KERBEROS_LIBS if it exists. # # Revision 1.42 1997/03/27 03:14:52 kivinen # Added kerberos patches from Glenn Machin. # Added USELOGIN patches from Brian Cully. # # Revision 1.41 1997/03/26 07:13:24 kivinen # Added mips-sony-newsos6. # Removed extra setting of X_PROGRAMS. # Fixed disable-suid-ssh code. # # Revision 1.40 1997/03/25 06:18:16 kivinen # Added no_utmpx=yes for aix4.2. # Rewrote the linux shadow password checks. # Added mips-sony-bsd support. Added daemon() check. # Fixed HAVE_DEV_PTS_AND_PTC test. # Added SOCKS type defines. # # Revision 1.39 1997/03/19 21:55:24 kivinen # Fixed AC_CHECK_PROG(AR...). # # Revision 1.38 1997/03/19 21:12:01 kivinen # Fixed libshadow code for linux. # Added check if openpty can be found from libbsd. # Added . Added 64 bit irix support. # Added TIS authentication code from Andre April # . # Changed WITHOUT_IDEA to WITH_IDEA. Made all ciphers # configurable using --with-xxx and --without-xxx options. # Added check to libwrap code that if argument points to # directory add that to library path and use -lwrap. # Fixed *-*-forwarding options printing. # Updated zlib version. # # Revision 1.36 1997/01/03 14:59:45 ttsalo # DYNIX/ptx2 patch from Kenneth Stailey # # Revision 1.35 1996/11/26 17:55:12 ttsalo # Resolved some weird conflicts # # Revision 1.34 1996/11/24 08:18:55 kivinen # Fixed cached host information checking. # Added defaults to sizeof checks. # Added --disable-{server,client}-{port,x11}-forwardings?. # # Revision 1.33 1996/11/19 22:45:05 kivinen # Fixed CC for IRIX 6.2 systems (CC="cc -n32"). # # Revision 1.32 1996/10/31 02:06:22 ylo # Added check for cached information no longer being valid. # # Revision 1.31 1996/10/30 04:24:23 kivinen # Changed to require 2.10. # Changed cflags to have -Ae instead of -Aa for hpux. # Added checks if prot.h is broken. Give error message if so. # Export CC and CFLAGS to subdirectories. # Fixed bug in ac_cv_header_shadow_h checking. # # Revision 1.30 1996/10/29 22:36:48 kivinen # Added --disable-asm help text. Updated gmp-2.0.2 to # gmp-2.0.2-ssh-2. # # Revision 1.29 1996/10/22 13:59:22 ttsalo # Fixed a bug # # Revision 1.28 1996/10/19 02:03:47 ylo # Use m68k-apple-aux* for A/UX (instead of old # m68k-apple-sysv). This is now the name used by GNU. # # Revision 1.27 1996/10/17 08:16:19 ttsalo # Check for xauth when configuring with X # # Revision 1.26 1996/10/14 16:15:47 ttsalo # Configuring for OpenBSD (from Thorsten Lockert # # Revision 1.25 1996/10/07 13:00:47 ttsalo # HP-UX shadow password detection removed from "*-*-hpux7.*" # section and placed in "*-*-hpux*". # # Revision 1.24 1996/10/07 11:40:19 ttsalo # Configuring for hurd and a small fix to do_popen() # from "Charles M. Hannum" added. # # Revision 1.23 1996/10/03 13:53:17 ttsalo # Configuring for m68k-apple-sysv added # # Revision 1.22 1996/09/30 01:24:04 kivinen # Fixed test of existence of shadow.h in /etc/shadow testing. # # Revision 1.21 1996/09/29 22:45:33 kivinen # Added --with-socks option that will first try to use socks5 if # found and then socks4. Updated gmp-2.0 to gmp-2.0.2. # # Revision 1.20 1996/09/27 23:35:50 ylo # Define no_termios=yes on ultrix. # # Revision 1.19 1996/09/27 14:31:36 ttsalo # Socks5 support from David Kågedal # # Revision 1.18 1996/09/27 13:58:43 ttsalo # Added checking of shadow.h, removed checking of old slackware # bugs (was causing difficulties with newer distributions). # # Revision 1.17 1996/09/08 17:36:50 ttsalo # Patches for HPUX 10.x shadow passwords from # vincent@ucthpx.uct.ac.za (Russell Vincent) merged. # # Revision 1.16 1996/09/04 12:45:04 ttsalo # Configuring zlib for compilation to separate object # directory now possible # # Revision 1.15 1996/08/27 12:59:32 ttsalo # Changed gmp 1.3.2 to gmp 2.0 # # Revision 1.14 1996/08/16 02:33:44 ylo # Fixes for NextStep. # Fixed quotes in no_x test. # # Revision 1.13 1996/08/11 22:29:37 ylo # Added checking of machine/endian.h. # Added checking of setpgrp. # # Revision 1.12 1996/07/24 12:00:28 ttsalo # Fixed X detection # # Revision 1.11 1996/07/12 09:10:03 ttsalo # Added configuring in zlib-1.0.3 # # Revision 1.10 1996/07/12 07:15:57 ttsalo # -lipc for BSDI 2.1, -lrsc for cray, SCO v5 defines, # dynix/ptx defines, detection of getpseudotty() and # sco-style ptys. # # Revision 1.9 1996/06/25 14:43:39 ylo # Added no_utmpx=yes for OSF/1. # # Revision 1.8 1996/06/21 00:39:24 ylo # Define no_utmpx on ultrix. # # Revision 1.7 1996/06/20 23:49:52 ylo # Define no_utmpx on hpux. # # Revision 1.6 1996/06/03 19:25:12 ylo # Add -L/usr/local/lib in LIBS. This seems to be necessary on # many machines to easily find locally installed libraries, such as # socks or tcp/wrappers. # # Revision 1.5 1996/05/28 12:46:11 ylo # Cosmetic changes. # # Revision 1.4 1996/04/26 00:35:42 ylo # Added AC_ISC_POSIX (AC_PATH_XTRA seems to require it?). # Added support for HPUX 7.x. # Added testing for setluid on OSF/1. # Grep for "installed" when checking for OSF/1 C2 security. # No longer tests for perl5.001 (there are newer versions, and # this would incorrectly take the old buggy version). # Changes in SOCKS support. # # Revision 1.3 1996/04/22 23:38:56 huima # Added support for X programs. # # Revision 1.2 1996/02/18 21:51:17 ylo # Don't use setsid on mips-dec-mach3. # Define HAVE_ULTRIX_SHADOW_PASSWORDS on ultrix. # Test for setluid on OSF/1. Also changed how -lsecurity is checked. # # Revision 1.1.1.1 1996/02/18 21:38:13 ylo # Imported ssh-1.2.13. # # Revision 1.26 1995/10/02 01:22:16 ylo # Check that the compiler understands at least basic ANSI C. # Check sys/syslog.h on Ultrix. # Fixes for SCO. # Fixed --with-etcdir. # Put extra libraries at head of LIBS. # Check existence of /var/run; set and substitute PIDDIR. # # Revision 1.25 1995/09/27 03:13:24 ylo # Fixed a syntax error. # # Revision 1.24 1995/09/27 02:48:20 ylo # Added SOCKS support. # Added some checking... and result printings. # # Revision 1.23 1995/09/27 02:13:44 ylo # Define SPEED_T_IN_STDTYPES_H on sunos 4.1.1 and NextStep. # Added support for SCO unix. # Added --with-etcdir=PATH. # # Revision 1.22 1995/09/21 17:10:59 ylo # Fixed bsdi support. # Added svr4 (univel unixware) support. # Added machten support. # Always define USE_PIPES; socketpairs appear to be broken on # many systems. # Check innetgr. # Don't define XAUTH_PATH if no xauth program. # --with-libwrap can take library name as argument. # Fixed checking for libwrap library. # # Revision 1.21 1995/09/13 11:55:30 ylo # Added Cray and BSDI support. Don't use -pipe on BSDI (bundled # compiler is broken). # Eliminated references to HPSUX_BROKEN_PTYS (it is now used on # all systems). # # Revision 1.20 1995/09/11 17:37:45 ylo # Fixed hpsux pty define on aix 3.2. # Remove duplicate TTY_GROUP define on osf. # Check sizes of all integer types. # Added libwrap support. # # Revision 1.19 1995/09/10 23:26:20 ylo # Fixed osfc2.o in CONFOBJS. # # Revision 1.18 1995/09/10 22:46:19 ylo # Use HPSUX_BROKEN_PTYS on aix3.2.{0-4}. # Added OSF/1 C2 stuff. # Don't check for wait{3,4,pid} (no longer used). # # Revision 1.17 1995/09/09 21:26:42 ylo # /m/shadows/u2/users/ylo/ssh/README # # Revision 1.16 1995/09/06 15:59:08 ylo # Updated 64-bit irix stuff. # Added m88k-dg-dgux support. # # Revision 1.15 1995/08/31 09:20:42 ylo # Added check if compiler works. # Added support for irix6. # Don't use libsun on irix. # Define SSH_LASTLOG even if lastlog not found. # # Revision 1.14 1995/08/29 22:22:10 ylo # Reordered checks for wtmp, utmp, lastlog locations. # Check for missing crypt (replace if missing). # # Revision 1.13 1995/08/22 14:10:30 ylo # Fixed a typo. # # Revision 1.12 1995/08/22 14:08:37 ylo # Added warning if kerberos present. # Added check for seteuid (used to enable uid-swapping). # # Revision 1.11 1995/08/21 23:24:14 ylo # Fixed a typo. # Deleted --with-rhosts. # # Revision 1.10 1995/08/19 13:18:00 ylo # Changed to securid stuff. # # Revision 1.9 1995/08/18 22:53:46 ylo # Added determining the canonical host type. # Added host type specific configuration code for a number of # machines. Eliminated kludges to do this from other parts of # configure. # Added checking for netinet/in_systm.h. # Fixed types in utmp/wtmp testing. # Added --without-idea. # Added --with-securid. # # Revision 1.8 1995/07/27 03:38:18 ylo # Fixed lastlog determination code when lastlog is directory. # # Revision 1.7 1995/07/27 03:27:10 ylo # Added AC_TYPE_MODE_T. # Added default for lastlog when not found (otherwise # directoryness test fails). # # Revision 1.6 1995/07/27 00:37:57 ylo # Added --with-path. # Added looking for utmp, wtmp, and lastlog. # Added checking for utime.h. # # Revision 1.5 1995/07/26 23:29:55 ylo # Removed checking for sys/termios.h. # # Revision 1.4 1995/07/13 17:29:44 ylo # Added --enable-warnings. -Wall is only used if enabled by this. # # Revision 1.3 1995/07/13 09:55:07 ylo # Added AC_STRUCT_ST_BLKSIZE. # # Revision 1.2 1995/07/13 01:20:51 ylo # Removed "Last modified" header. # Added cvs log. # # $Endlog$ # AC_INIT(sshd.c) AC_CONFIG_HEADER(config.h) AC_PREREQ(2.10) # So many systems seem to need this that it is better do it here automatically. LIBS="-L/usr/local/lib $LIBS" AC_CANONICAL_HOST AC_MSG_CHECKING(cached information) hostcheck="$host" AC_CACHE_VAL(ac_cv_hostcheck, [ ac_cv_hostcheck="$hostcheck" ]) if test "$ac_cv_hostcheck" != "$hostcheck"; then AC_MSG_RESULT(changed) AC_MSG_WARN(config.cache exists!) AC_MSG_ERROR(you must do 'make distclean' first to compile for different host or different parameters.) else AC_MSG_RESULT(ok) fi AC_PROG_CC AC_ISC_POSIX AC_DEFINE_UNQUOTED(HOSTTYPE, "$host") case "$host" in *-*-sunos4.1.1*) os_sunos=yes # Tim Adam says speed_t is defined in stdtypes.h AC_DEFINE(SPEED_T_IN_STDTYPES_H) ;; *-*-solaris*) # solaris stuff. appro@fy.chalmers.se # AC_DEFINE(SECURE_RPC) AC_DEFINE(SECURE_NFS) # NIS+ is forced so that we don't have to recompile # if we move to NIS+. appro@fy.chalmers.se AC_DEFINE(NIS_PLUS) ;; *-*-sunos*) os_sunos=yes ;; *-sgi-irix5*) # Irix stuff from snabb@niksula.hut.fi, tsurmacz@asic.ict.pwr.wroc.pl, # C.Martin@sheffield.ac.uk, raistlin@uni-paderborn.de no_libsocket=yes no_libsun=yes no_libnsl=yes # force /etc/shadow support. they can run /sbin/pwconv at any time. # if they do so, don't let sshd down:-) appro@fy.chalmers.se AC_DEFINE(HAVE_ETC_SHADOW) no_shadows_password_checking=yes ;; *-sgi-irix6*) # from d-champion@uchicago.edu no_libsocket=yes no_libnsl=yes no_libsun=yes if test -z "$GCC";then if test "`uname -s`" = "IRIX64"; then CFLAGS="-D_LONG_LONG_LIMB $CFLAGS" LDFLAGS="$LDFLAGS" else CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" fi fi # force /etc/shadow support. they can run /sbin/pwconv at any time. # if they do so, don't let sshd down:-) appro@fy.chalmers.se AC_DEFINE(HAVE_ETC_SHADOW) no_shadows_password_checking=yes ;; *-ibm-aix3.2|*-ibm-aix3.2.0|*-ibm-aix3.2.1|*-ibm-aix3.2.2|*-ibm-aix3.2.3|*-ibm-aix3.2.4) os_aix=yes AC_CHECK_LIB(s, getuserattr) ;; *-ibm-aix4.2|*-ibm-aix4.2.*) no_utmpx=yes os_aix=yes AC_CHECK_LIB(s, getuserattr) ;; *-ibm-aix*) os_aix=yes AC_CHECK_LIB(s, getuserattr) ;; mips-dec-mach3*) # Mach3 stuff from kivinen@hut.fi no_vhangup=yes no_setsid=yes ;; *-dec-ultrix*) # Ultrix stuff from dmckilli@qc.bell.ca, jbotz@orixa.mtholyoke.edu, # corey@cac.washington.edu AC_DEFINE(O_NONBLOCK_BROKEN) AC_DEFINE(HAVE_ULTRIX_SHADOW_PASSWORDS) no_vhangup=yes no_utmpx=yes no_termios=yes # Ultrix shadow passwords implemented in auth-passwd.c. no_shadows_password_checking=yes AC_CHECK_LIB(auth, authenticate_user) AC_TRY_COMPILE([#include ], [int foo = LOG_DAEMON; ], , AC_DEFINE(NEED_SYS_SYSLOG_H)) ;; *-*-hpux7.*) # Kludge for ancient HPUX 7.x (from Nenad Babajic ) AC_DEFINE(HPSUX7_KLUDGES) # HPUX flags from jgotts@engin.umich.edu if test -z "$GCC"; then CFLAGS="$CFLAGS -Aa -D_HPUX_SOURCE" fi AC_DEFINE(HPSUX_NONSTANDARD_X11_KLUDGE) ;; *-*-hpux*) # HPUX flags from jgotts@engin.umich.edu if test -z "$GCC"; then CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE" fi AC_MSG_CHECKING(for HPUX tcb auth option) if test -f /tcb/files/auth/system/pw_id_map; then AC_MSG_RESULT(yes) AC_DEFINE(HAVE_HPUX_TCB_AUTH) LIBS="$LIBS -lsec" else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(for keyserv) if test -f /usr/sbin/keyserv; then AC_MSG_RESULT(yes) AC_DEFINE(SECURE_RPC) LIBS="$LIBS -lrpcsvc" else AC_MSG_RESULT(no) fi AC_DEFINE(HPSUX_NONSTANDARD_X11_KLUDGE) no_utmpx=yes ;; alpha-dec-osf*) AC_DEFINE(TTY_GROUP, "terminal") AC_CHECK_LIB(security, set_auth_parameters) AC_CHECK_FUNCS(setluid getespwnam) no_utmpx=yes AC_MSG_CHECKING(for OSF/1 C2 security package) osfc2sec=`/usr/sbin/setld -i | grep '^OSFC2SEC' | grep 'installed'` if test -n "$osfc2sec"; then AC_MSG_RESULT(yes) AC_DEFINE(HAVE_OSF1_C2_SECURITY) CONFOBJS="$CONFOBJS osfc2.o" OLD_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -I." AC_TRY_COMPILE([#include #include #include ], , , [ AC_MSG_WARN([Could not include file. The digital unix 4.0 prot.h tries to include instead of . Making a local copy of prot.h and patching it.]) sed 's@@@g' prot.h ]) CFLAGS="$OLD_CFLAGS" else AC_MSG_RESULT(no) fi ;; *-*-nextstep*) # Nextstep support from a person who wants to remain anonymous no_termios=yes if test -f /usr/include/bsd/sys/termios.h; then AC_DEFINE(SPEED_T_IN_STDTYPES_H) fi ;; *-*-linux*) AC_CHECK_FUNC(getspnam) if test $ac_cv_func_getspnam = no; then AC_CHECK_LIB(shadow, getspnam) fi if test $ac_cv_func_getspnam = yes; then AC_DEFINE(HAVE_ETC_SHADOW) fi no_shadows_password_checking=yes AC_CHECK_FUNCS(pw_encrypt, pwencrypt=yes) if test $ac_cv_func_pw_encrypt = no; then AC_CHECK_LIB(shadow, pw_encrypt, [ pwencrypt=yes pwencryptlib="-lshadow" ]) fi AC_MSG_CHECKING([whether to enable pw_encrypt]) AC_ARG_ENABLE(deprecated-linux-pw-encrypt, [ --enable-deprecated-linux-pw-encrypt Enable using of deprecated linx pw_encrypt function.], [ if test -z "$pwencrypt"; then AC_MSG_RESULT(no) else AC_DEFINE(crypt,pw_encrypt) AC_MSG_RESULT(no) if test -n "$pwencryptlib"; then LIBS="$LIBS $pwencryptlib" fi fi ], AC_MSG_RESULT(no) ) ;; i*86-*-bsdi2.1*) no_pipe=yes X_EXTRA_LIBS="$X_EXTRA_LIBS -lipc" ;; i*86-*-bsdi*) no_pipe=yes ;; i*86-unknown-bsd*) # Assume 386BSD. pgut01@cs.auckland.ac.nz reported this makes it compile. AC_DEFINE(__FreeBSD__) ;; mips-sony-newsos6) AC_DEFINE(HAVE_NO_TZ_IN_GETTIMEOFDAY) ;; m68k-sony-newsos*) # From snabb@niksula.hut.fi no_vhangup=yes ;; mips-sony-bsd*) no_vhangup=yes ;; m68k-apple-aux*) # Macintosh A/UX tweaks - prune LIB = -L/usr/local/lib, exceeds ld capacity # add -lposix to it, needed for termio stuff LIBS="$LIBS -lposix" AC_DEFINE(_POSIX_SOURCE) ;; m88k-dg-dgux*) AC_DEFINE(BROKEN_INET_ADDR) ;; t3e-*-*) CFLAGS="$CFLAGS -I." LIBS="$LIBS -lrsc" ;; *-cray-unicos*) CFLAGS="$CFLAGS -DCRAY_STACKSEG_END=_getb67" LIBS="$LIBS -lrsc" ;; *-*-sysv4*) AC_CHECK_LIB(gen, openlog) ;; *-*-machten*) AC_DEFINE(USE_STRLEN_FOR_AF_UNIX) no_vhangup=yes ;; i*86-unknown-sco3.2v4*) # From moi@dio.com AC_DEFINE(HAVE_SCO_ETC_SHADOW) AC_DEFINE(SCO) no_ranlib=yes LIBS="-L/usr/lib/libp -lprot -lx $LIBS" CFLAGS="$CFLAGS -UM_I86SM" ;; i*86-unknown-sco3.2v5*) # From brian@ilinx.com AC_DEFINE(HAVE_SCO_ETC_SHADOW) AC_DEFINE(SCO) AC_DEFINE(SCO5) no_ranlib=yes LIBS="-L/usr/lib/libp -lprot -lx $LIBS" CFLAGS="$CFLAGS -UM_I86SM" ;; *-convex-bsd*) # From mark.martinec@nsc.ijs.si # On Convex, getpwnam sets pw_passwd if running as root no_shadows_password_checking=yes ;; *-sequent-ptx*) # From geek+@cmu.edu test_libinet=yes ;; *-sequent-dynix*|*-sequent-ptx*) LIBS="-lseq -lsec $LIBS" X_EXTRA_LIBS="-lsocket -linet -lnsl $X_EXTRA_LIBS" ;; *-*-freebsd*) # From Ollivier Robert: FreeBSD and NetBSD use master.passwd, but set # pw_passwd automatically when running as root. no_shadow_password_checking=yes ;; *-*-netbsd*|*-*-openbsd*) # From Ollivier Robert: FreeBSD and NetBSD use master.passwd, but set # pw_passwd automatically when running as root. no_shadow_password_checking=yes ;; *) ;; esac export CFLAGS CC # Socket pairs appear to be broken on several systems. I don't know exactly # where, so I'll use pipes everywhere for now. AC_DEFINE(USE_PIPES) AC_MSG_CHECKING([that the compiler works]) AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], AC_MSG_RESULT(yes), AC_MSG_RESULT(no) AC_MSG_ERROR(Could not compile and run even a trivial ANSI C program - check CC.), AC_MSG_ERROR(Could not compile and run even a trivial ANSI C program - check CC.)) if test -z "$no_pipe"; then if test -n "$GCC"; then AC_MSG_CHECKING([if the compiler understands -pipe]) OLDCC="$CC" CC="$CC -pipe" AC_TRY_COMPILE(,, AC_MSG_RESULT(yes), CC="$OLDCC" AC_MSG_RESULT(no)) fi fi AC_MSG_CHECKING([whether to enable -Wall]) AC_ARG_ENABLE(warnings, [ --enable-warnings Enable -Wall if using gcc.], [ if test -n "$GCC"; then AC_MSG_RESULT(adding -Wall to CFLAGS.) CFLAGS="$CFLAGS -Wall" fi],AC_MSG_RESULT(no)) AC_TYPE_SIGNAL AC_TYPE_SIZE_T AC_TYPE_UID_T AC_TYPE_OFF_T AC_TYPE_MODE_T AC_STRUCT_ST_BLKSIZE AC_C_CONST AC_C_INLINE AC_C_BIGENDIAN AC_CHECK_SIZEOF(long,4) AC_CHECK_SIZEOF(int,4) AC_CHECK_SIZEOF(short,2) if test -z "$no_termios"; then AC_CHECK_HEADERS(termios.h) fi if test -z "$no_utmpx"; then AC_CHECK_HEADERS(utmpx.h) fi AC_HEADER_STDC AC_HEADER_SYS_WAIT AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h) AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h) AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h) AC_CHECK_HEADERS(netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h) AC_CHECK_HEADERS(sys/resource.h login_cap.h) AC_HEADER_TIME AC_HEADER_DIRENT AC_HEADER_STAT AC_MSG_CHECKING([whether utmp have ut_pid field]) AC_EGREP_HEADER(ut_pid, utmp.h, [ AC_DEFINE(HAVE_PID_IN_UTMP) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) AC_MSG_CHECKING([whether utmp have ut_name field]) AC_EGREP_HEADER(ut_name, utmp.h, [ AC_DEFINE(HAVE_NAME_IN_UTMP) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) AC_MSG_CHECKING([whether utmp have ut_id field]) AC_EGREP_HEADER(ut_id, utmp.h, [ AC_DEFINE(HAVE_ID_IN_UTMP) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) AC_MSG_CHECKING([whether utmp have ut_host field]) AC_EGREP_HEADER(ut_host, utmp.h, [ AC_DEFINE(HAVE_HOST_IN_UTMP) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) AC_MSG_CHECKING([whether utmp have ut_addr field]) AC_EGREP_HEADER(ut_addr, utmp.h, [ AC_DEFINE(HAVE_ADDR_IN_UTMP) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) AC_MSG_CHECKING([whether you have incompatible SIGINFO macro]) AC_EGREP_CPP([p_siginfo], [#include SIGINFO(p,1)], [ AC_DEFINE(HAVE_INCOMPATIBLE_SIGINFO) AC_MSG_RESULT(yes)] , AC_MSG_RESULT(no)) AC_CHECK_LIB(c, crypt, [true], AC_CHECK_LIB(crypt, crypt)) AC_CHECK_LIB(sec, getspnam) AC_CHECK_LIB(seq, get_process_stats) AC_CHECK_LIB(bsd, bcopy) if test -z "$no_libnsl"; then AC_CHECK_LIB(nsl, main) fi if test -n "$test_libinet"; then AC_CHECK_LIB(inet, inet_network) fi if test -z "$no_libsocket"; then AC_CHECK_LIB(socket, socket) fi if test -z "$no_libsun"; then AC_CHECK_LIB(sun, getpwnam) fi if test -z "$no_libbsd"; then AC_CHECK_LIB(bsd, openpty) fi AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil") if test -z "$no_vhangup"; then AC_CHECK_FUNCS(vhangup) fi if test -z "$no_setsid"; then AC_CHECK_FUNCS(setsid) fi AC_CHECK_FUNCS(gettimeofday times getrusage ftruncate revoke makeutx) AC_CHECK_FUNCS(strchr memcpy setlogin openpty _getpty clock fchmod ulimit) AC_CHECK_FUNCS(gethostname getdtablesize umask innetgr initgroups setpgrp) AC_CHECK_FUNCS(setpgid daemon waitpid ttyslot authenticate) AC_REPLACE_FUNCS(strerror memmove remove random putenv crypt socketpair) AC_PROG_LN_S AC_PROG_INSTALL AC_CHECK_PROG(AR, ar, ar, echo) if test -z "$no_ranlib"; then AC_PROG_RANLIB else RANLIB=":" fi AC_PROGRAMS_CHECK(MAKEDEP, makedepend makedep, makedepend) AC_PATH_XTRA AC_PATH_PROG(XAUTH_PATH, xauth) if test -n "$XAUTH_PATH"; then AC_DEFINE_UNQUOTED(XAUTH_PATH, "$XAUTH_PATH") fi if test "$no_x" = yes; then X_PROGRAMS="" else if test "x$XAUTH_PATH" = "x"; then AC_MSG_ERROR(configuring with X but xauth not found - aborting, make sure xauth is in your path or add --without-x to configure to disable X11) fi X_PROGRAMS="ssh-askpass" fi AC_SUBST(X_PROGRAMS) if test '!' -d /tmp/.X11-unix; then if test -d /var/X/.X11-unix; then X11_DIR="/var/X/.X11-unix" AC_SUBST(X11_DIR) else if test -d /tmp/.X11-pipe; then X11_DIR="/tmp/.X11-pipe" AC_SUBST(X11_DIR) fi fi fi AC_PATH_PROGS(PERL, perl5 perl, not found) if test "x$PERL" = "xnot found" || $PERL -e 'exit ($] >= 5)'; then unset ac_cv_path_PERL PERL="/usr/local/bin/perl" AC_MSG_WARN(perl version 5 not found - make-ssh-known-hosts will not work) fi AC_CHECK_FUNCS(getpseudotty) AC_MSG_CHECKING(for pseudo ttys) if test -c /dev/getpty && test $ac_cv_func_getpseudotty = yes then AC_DEFINE(HAVE_GETPSEUDOTTY) AC_MSG_RESULT(getpseudotty) else if test -c /dev/ptmx && test -c /dev/pts/0 then AC_DEFINE(HAVE_DEV_PTMX) AC_MSG_RESULT(streams ptys) else if test -c /dev/ptc && test -c /dev/pts || test -d /dev/pts then AC_DEFINE(HAVE_DEV_PTS_AND_PTC) AC_MSG_RESULT(/dev/pts and /dev/ptc) else if test -c /dev/ptyp10 then AC_DEFINE(HAVE_DEV_PTYP10) AC_MSG_RESULT(sco-style ptys) else AC_MSG_RESULT(bsd-style ptys) fi fi fi fi AC_MSG_CHECKING(for /etc/default/login) if test -f /etc/default/login; then AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi if test -z "$no_shadows_password_checking"; then AC_MSG_CHECKING(for shadow passwords) if test -f /etc/shadow; then # If we don't have shadow.h, this might be some nonstandard # kludging... So better check it out. if test "x$ac_cv_header_shadow_h" = "xyes"; then AC_DEFINE(HAVE_ETC_SHADOW) AC_MSG_RESULT(/etc/shadow) # SunOS C2 security uses this style of shadow passwords, but does not # have getspent in a system library. However, a libshadow.a library # contaning these is publicly available. AC_CHECK_LIB(shadow, getspent) AC_MSG_CHECKING([whether spwd have sp_expire field]) AC_EGREP_HEADER(sp_expire, shadow.h, [ AC_DEFINE(HAVE_STRUCT_SPWD_EXPIRE) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) AC_MSG_CHECKING([whether spwd have sp_inact field]) AC_EGREP_HEADER(sp_inact, shadow.h, [ AC_DEFINE(HAVE_STRUCT_SPWD_INACT) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) else AC_MSG_RESULT(no) fi elif test -n "$os_aix"; then AC_DEFINE(HAVE_ETC_SECURITY_PASSWD) AC_MSG_RESULT(/etc/security/passwd) elif test -n "$os_sunos"; then AC_DEFINE(HAVE_ETC_SECURITY_PASSWD_ADJUNCT) AC_MSG_RESULT(/etc/security/passwd.adjunct) else AC_MSG_RESULT(no) fi fi AC_MSG_CHECKING(location of mail spool files) for dir in /var/spool/mail /var/mail /usr/spool/mail /usr/mail FILE do if test "$dir" = "FILE"; then if test -f $HOME/.MailBox; then AC_MSG_WARN(mail spool directory was not found: assuming you use \$HOME/.MailBox) AC_DEFINE_UNQUOTED(MAIL_SPOOL_FILE, ".MailBox") AC_MSG_RESULT(\$HOME/.MailBox) else if test -f $HOME/Mailbox; then AC_MSG_WARN(mail spool directory was not found: assuming you use \$HOME/Mailbox) AC_DEFINE_UNQUOTED(MAIL_SPOOL_FILE, "Mailbox") AC_MSG_RESULT(\$HOME/Mailbox) else AC_MSG_WARN(mail spool directory was not found: assuming you use \$HOME/newmail) AC_DEFINE_UNQUOTED(MAIL_SPOOL_FILE, "newmail") AC_MSG_RESULT(\$HOME/newmail) fi fi elif test -d $dir; then AC_DEFINE_UNQUOTED(MAIL_SPOOL_DIRECTORY, "$dir") AC_MSG_RESULT($dir) break fi done AC_MSG_CHECKING(location of utmp) if test -f /var/run/utmp; then AC_DEFINE(SSH_UTMP, "/var/run/utmp") AC_MSG_RESULT(/var/run/utmp) elif test -f /var/log/utmp; then AC_DEFINE(SSH_UTMP, "/var/log/utmp") AC_MSG_RESULT(/var/log/utmp) elif test -f /var/adm/utmp; then AC_DEFINE(SSH_UTMP, "/var/adm/utmp") AC_MSG_RESULT(/var/adm/utmp) elif test -f /usr/adm/utmp; then AC_DEFINE(SSH_UTMP, "/usr/adm/utmp") AC_MSG_RESULT(/usr/adm/utmp) elif test -f /etc/utmp; then AC_DEFINE(SSH_UTMP, "/etc/utmp") AC_MSG_RESULT(/etc/utmp) else AC_MSG_RESULT(not found) fi AC_MSG_CHECKING(location of wtmp) if test -f /var/log/wtmp; then AC_DEFINE(SSH_WTMP, "/var/log/wtmp") AC_MSG_RESULT(/var/log/wtmp) elif test -f /var/adm/wtmp; then AC_DEFINE(SSH_WTMP, "/var/adm/wtmp") AC_MSG_RESULT(/var/adm/wtmp) elif test -f /usr/adm/wtmp; then AC_DEFINE(SSH_WTMP, "/usr/adm/wtmp") AC_MSG_RESULT(/usr/adm/wtmp) elif test -f /etc/wtmp; then AC_DEFINE(SSH_WTMP, "/etc/wtmp") AC_MSG_RESULT(/etc/wtmp) else AC_DEFINE(SSH_WTMP, "/var/adm/wtmp") AC_MSG_RESULT(not found) fi AC_MSG_CHECKING(location of lastlog) if test -f /var/log/lastlog || test -d /var/log/lastlog; then AC_DEFINE(SSH_LASTLOG, "/var/log/lastlog") AC_DEFINE(HAVE_LASTLOG) LASTLOG=/var/log/lastlog AC_MSG_RESULT(/var/log/lastlog) elif test -f /var/adm/lastlog || test -d /var/adm/lastlog; then AC_DEFINE(SSH_LASTLOG, "/var/adm/lastlog") AC_DEFINE(HAVE_LASTLOG) LASTLOG=/var/adm/lastlog AC_MSG_RESULT(/var/adm/lastlog) elif test -f /usr/adm/lastlog || test -d /usr/adm/lastlog; then AC_DEFINE(SSH_LASTLOG, "/usr/adm/lastlog") AC_DEFINE(HAVE_LASTLOG) LASTLOG=/usr/adm/lastlog AC_MSG_RESULT(/usr/adm/lastlog) elif test -f /etc/lastlog || test -d /etc/lastlog; then AC_DEFINE(SSH_LASTLOG, "/etc/lastlog") AC_DEFINE(HAVE_LASTLOG) LASTLOG=/etc/lastlog AC_MSG_RESULT(/etc/lastlog) else AC_MSG_RESULT(not found) AC_DEFINE(SSH_LASTLOG, "/var/log/lastlog") LASTLOG=/var/log/lastlog fi AC_MSG_CHECKING(whether $LASTLOG is a directory) if test -d $LASTLOG then AC_MSG_RESULT(yes) AC_DEFINE(LASTLOG_IS_DIR) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(whether to include the IDEA encryption algorithm) AC_ARG_WITH(idea, [ --with-idea Use IDEA (default). --without-idea Don't use IDEA: avoids patent problems in commercial use], [ case "$withval" in no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(yes) AC_DEFINE(WITH_IDEA) CONFOBJS="$CONFOBJS idea.o" ;; esac ], #ifndef F_SECURE_COMMERCIAL AC_MSG_RESULT(yes) AC_DEFINE(WITH_IDEA) CONFOBJS="$CONFOBJS idea.o" #endif F_SECURE_COMMERCIAL #ifdef F_SECURE_COMMERCIAL # #endif F_SECURE_COMMERCIAL ) AC_MSG_CHECKING(whether to include the Blowfish encryption algorithm) AC_ARG_WITH(blowfish, [ --with-blowfish Include blowfish (default). --without-blowfish Don't include blowfish], [ case "$withval" in no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(yes) AC_DEFINE(WITH_BLOWFISH) ;; esac ], AC_MSG_RESULT(yes) AC_DEFINE(WITH_BLOWFISH) ) AC_MSG_CHECKING(whether to include the DES encryption algorithm) AC_ARG_WITH(des, [ --with-des Include single-DES support. --without-des Don't allow single DES (default)], [ case "$withval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(WITH_DES) ;; *) AC_MSG_RESULT(no) ;; esac ], AC_MSG_RESULT(no) ) AC_MSG_CHECKING(whether to include the ARCFOUR encryption algorithm) AC_ARG_WITH(arcfour, [ --with-arcfour Include arcfour (DO NOT ENABLE, unless you know the security implications of this settings. See README.CIPHERS for more info). --without-arcfour Don't include arcfour (default)], [ case "$withval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(WITH_ARCFOUR) ;; *) AC_MSG_RESULT(no) ;; esac ], AC_MSG_RESULT(no) ) AC_MSG_CHECKING(whether to include the none encryption algorithm) AC_ARG_WITH(none, [ --with-none Include support for unencrypted connections --without-none Don't allow unencrypted connections (default)], [ case "$withval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(WITH_NONE) ;; *) AC_MSG_RESULT(no) ;; esac ], AC_MSG_RESULT(no) ) AC_MSG_CHECKING(whether to use login) AC_ARG_WITH(login, [ --with-login[=PATH] Use login -f to finish login connections. ], [ case "$withval" in no) AC_MSG_RESULT(no) ;; yes) AC_MSG_RESULT(yes) AC_PATH_PROGS(PATH_LOGIN, login) AC_DEFINE(USELOGIN) AC_DEFINE_UNQUOTED(PATH_LOGIN, "$PATH_LOGIN") ;; *) AC_MSG_RESULT($withval) AC_DEFINE(USELOGIN) AC_DEFINE_UNQUOTED(PATH_LOGIN, "$withval") ;; esac ], [ AC_MSG_RESULT(no) ] ) AC_MSG_CHECKING(whether to use rsh) AC_ARG_WITH(rsh, [ --with-rsh=PATH Specify where to find rsh. --without-rsh Do not use rsh under any conditions. ], [ case "$withval" in no) AC_MSG_RESULT(no) ;; yes) AC_MSG_RESULT(yes) AC_PATH_PROGS(RSH_PATH, remsh resh rsh) AC_DEFINE_UNQUOTED(RSH_PATH, "$RSH_PATH") ;; *) AC_MSG_RESULT($withval) AC_DEFINE_UNQUOTED(RSH_PATH, "$withval") RSH_PATH="$withval" ;; esac ], [ AC_MSG_RESULT(yes) AC_PATH_PROGS(RSH_PATH, remsh resh rsh) AC_DEFINE_UNQUOTED(RSH_PATH, "$RSH_PATH") ] ) # Check that we didn't accidentally get ssh as rsh. if test -n "$RSH_PATH"; then if test -n "`$RSH_PATH &1 | grep listen-port:host:port`"; then AC_MSG_WARN(Found rsh in $RSH_PATH but it appears to actually be ssh.) AC_MSG_ERROR(Probably forgot to specify --with-rsh=PATH-TO-REAL-RSH.) fi fi # Code to permit setting default path for users (alden@math.ohio-state.edu) AC_MSG_CHECKING(default path) AC_ARG_WITH(path, [ --with-path=PATH Default path passed to user shell by sshd.], [ case "$withval" in no) AC_MSG_RESULT(use system default) ;; *) AC_MSG_RESULT($withval) AC_DEFINE_UNQUOTED(DEFAULT_PATH, "$withval") ;; esac ], AC_MSG_RESULT(use system default) ) AC_MSG_CHECKING(etcdir) AC_ARG_WITH(etcdir, [ --with-etcdir=PATH Directory containing ssh system files (default /etc).], [ case "$withval" in no) AC_MSG_ERROR(Need ETCDIR.) ;; yes) ETCDIR="/etc" AC_MSG_RESULT(/etc) ;; *) ETCDIR="$withval" AC_MSG_RESULT($withval) ;; esac ], ETCDIR="/etc" AC_MSG_RESULT(/etc) ) AC_MSG_CHECKING(whether to use nologin.allow file to override nologin) AC_ARG_WITH(nologin-allow, [ --with-nologin-allow[=PATH] If a nologin.allow override should be used (default /etc/nologin.allow). ], [ case "$withval" in no) AC_MSG_RESULT(no) ;; yes) AC_MSG_RESULT(yes) AC_DEFINE_UNQUOTED(NOLOGIN_ALLOW, "/etc/nologin.allow") ;; *) AC_MSG_RESULT($withval) AC_DEFINE_UNQUOTED(NOLOGIN_ALLOW, "$withval") ;; esac ], [ AC_MSG_RESULT(no) ] ) AC_MSG_CHECKING(whether to support SecurID) AC_ARG_WITH(securid, [ --with-securid[=PATH] Enable support for Security Dynamics SecurID card.], [ case "$withval" in no) AC_MSG_RESULT(no) ;; yes) AC_MSG_RESULT(yes) if test '!' -f /usr/ace/sdiclient.a; then AC_ERROR(SecurID sdiclient.a not found in /usr/ace: you must supply the path.) fi AC_MSG_RESULT(yes) AC_MSG_RESULT(Assuming SecurID headers and libraries are in /usr/ace.) AC_DEFINE(HAVE_SECURID) CFLAGS="$CFLAGS -I/usr/ace" LIBS="/usr/ace/sdiclient.a $LIBS" ;; *) AC_MSG_RESULT(yes) if test '!' -f $withval/sdiclient.a; then AC_ERROR(SecurID sdiclient.a not found in $withval: please supply the correct path.) fi AC_MSG_RESULT(Assuming SecurID headers and libraries are in $withval.) AC_DEFINE(HAVE_SECURID) CFLAGS="$CFLAGS -I$withval" LIBS="$withval/sdiclient.a $LIBS" ;; esac ], AC_MSG_RESULT(no) ) AC_MSG_CHECKING(whether to support TIS authentication server) AC_ARG_WITH(tis, [ --with-tis[=DIR] Enable support for TIS authentication server.], [ case "$withval" in no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(yes) if test '!' -f $withval/libauth.a -a -f $withval/libfwall.a -a -f $withval/firewall.h; then AC_ERROR(TIS libauth.a or libfwall.a or firewall.h not found in $withval: please supply the correct path.) fi AC_MSG_RESULT(Assuming TIS headers and libraries are in $withval.) AC_DEFINE(HAVE_TIS) CFLAGS="$CFLAGS -I$withval -DHAVE_TIS" LIBS="-L$withval -lauth -lfwall $LIBS" ;; esac ], AC_MSG_RESULT(no) ) AC_MSG_CHECKING(whether to use Kerberos) AC_ARG_WITH(kerberos5, [ --with-kerberos5=[KRB_PREFIX] Compile in Kerberos5 support.], [ case "$withval" in yes) with_kerberos5=/usr/local ;; esac ], [ with_kerberos5=no ] ) case "$with_kerberos5" in no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(yes) AC_DEFINE(KERBEROS) AC_DEFINE(KRB5) KERBEROS_ROOT="$with_kerberos5" KERBEROS_INCS="-I${KERBEROS_ROOT}/include" KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lkrb4 -ldes425 -lkrb524 -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err" AC_CHECK_LIB(ndbm, dbm_open, KERBEROS_LIBS="$KERBEROS_LIBS -lndbm") AC_CHECK_LIB(gen, compile, KERBEROS_LIBS="$KERBEROS_LIBS -lgen") KERBEROS_OBJS="auth-kerberos.o" ;; esac AC_SUBST(KERBEROS_ROOT) AC_SUBST(KERBEROS_INCS) AC_SUBST(KERBEROS_LIBS) AC_SUBST(KERBEROS_OBJS) AC_MSG_CHECKING(whether to enable passing the Kerberos TGT) AC_ARG_ENABLE(kerberos-tgt-passing, [ --enable-kerberos-tgt-passing Pass Kerberos ticket-granting-ticket.], [ case "$enableval" in no) AC_MSG_RESULT(no) ;; *) if test "$with_kerberos5" = no ; then AC_MSG_RESULT(no) AC_MSG_WARN("Passing Kerberos TGT requires Kerberos5 support.") else AC_MSG_RESULT(yes) AC_DEFINE(KERBEROS_TGT_PASSING) fi ;; esac ], AC_MSG_RESULT(no) ) AC_MSG_CHECKING(whether to use libwrap) AC_ARG_WITH(libwrap, [ --with-libwrap[=PATH] Compile in libwrap (tcp_wrappers) support.], [ case "$withval" in no) AC_MSG_RESULT(no) ;; yes) AC_MSG_RESULT(yes) AC_CHECK_LIB(wrap, request_init, [ AC_DEFINE(LIBWRAP) WRAPLIBS="-lwrap" AC_DEFINE(HAVE_LIBWRAP) ]) ;; *) AC_MSG_RESULT(yes) AC_DEFINE(LIBWRAP) if test -d "$withval"; then WRAPLIBS="-L$withval -lwrap" else WRAPLIBS="$withval" fi OLDLIBS="$LIBS" LIBS="$WRAPLIBS $LIBS" AC_TRY_LINK([ int allow_severity; int deny_severity; ], [ hosts_access(); ], [], [ AC_MSG_ERROR(Could not find the $withval library. You must first install tcp_wrappers.) ]) LIBS="$OLDLIBS" ;; esac ], AC_MSG_RESULT(no) ) AC_SUBST(WRAPLIBS) AC_MSG_CHECKING(whether to support SOCKS) AC_ARG_WITH(socks, [ --with-socks Compile with SOCKS firewall traversal support.], [ case "$withval" in no) AC_MSG_RESULT(no) ;; yes) AC_MSG_RESULT(yes) AC_CHECK_LIB(socks5, SOCKSconnect, [ socks=5 LIBS="-lsocks5 $LIBS"], [ AC_CHECK_LIB(socks, Rconnect, [ socks=4 LIBS="-lsocks $LIBS"], [ AC_MSG_ERROR(Could not find socks library. You must first install socks.) ] ) ] ) ;; esac ], AC_MSG_RESULT(no) ) if test "x$socks" = "x"; then AC_MSG_CHECKING(whether to support SOCKS5) AC_ARG_WITH(socks5, [ --with-socks5[=PATH] Compile with SOCKS5 firewall traversal support.], [ case "$withval" in no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(yes) socks=5 if test "x$withval" = "xyes"; then withval="-lsocks5" else if test -d "$withval"; then if test -d "$withval/include"; then CFLAGS="$CFLAGS -I$withval/include" else CFLAGS="$CFLAGS -I$withval" fi if test -d "$withval/lib"; then withval="-L$withval/lib -lsocks5" else withval="-L$withval -lsocks5" fi fi fi LIBS="$withval $LIBS" # If Socks was compiled with Kerberos support, we will need # to link against kerberos libraries. Temporarily append # to LIBS. This is harmless if there is no kerberos support. TMPLIBS="$LIBS" LIBS="$LIBS $KERBEROS_LIBS" AC_TRY_LINK([], [ SOCKSconnect(); ], [], [ AC_MSG_ERROR(Could not find the $withval library. You must first install socks5.) ]) LIBS="$TMPLIBS" ;; esac ], AC_MSG_RESULT(no) ) fi if test "x$socks" = "x"; then AC_MSG_CHECKING(whether to support SOCKS4) AC_ARG_WITH(socks4, [ --with-socks4[=PATH] Compile with SOCKS4 firewall traversal support.], [ case "$withval" in no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(yes) socks=4 if test "x$withval" = "xyes"; then withval="-lsocks" else if test -d "$withval"; then withval="-L$withval -lsocks" fi fi LIBS="$withval $LIBS" AC_TRY_LINK([], [ Rconnect(); ], [], [ AC_MSG_ERROR(Could not find the $withval library. You must first install socks.) ]) ;; esac ], AC_MSG_RESULT(no) ) fi if test "x$socks" = "x4"; then AC_DEFINE(SOCKS) AC_DEFINE(SOCKS4) fi if test "x$socks" = "x5"; then AC_DEFINE(SOCKS) AC_DEFINE(SOCKS5) AC_CHECK_HEADER(socks.h) if test "x$ac_cv_header_socks_h" != "xyes"; then AC_DEFINE(Rconnect,SOCKSconnect) AC_DEFINE(Rgetsockname,SOCKSgetsockname) AC_DEFINE(Rgetpeername,SOCKSgetpeername) AC_DEFINE(Rbind,SOCKSbind) AC_DEFINE(Raccept,SOCKSaccept) AC_DEFINE(Rlisten,SOCKSlisten) AC_DEFINE(Rselect,SOCKSselect) AC_DEFINE(Rrecvfrom,SOCKSrecvfrom) AC_DEFINE(Rsendto,SOCKSsendto) AC_DEFINE(Rrecv,SOCKSrecv) AC_DEFINE(Rsend,SOCKSsend) AC_DEFINE(Rread,SOCKSread) AC_DEFINE(Rwrite,SOCKSwrite) AC_DEFINE(Rrresvport,SOCKSrresvport) AC_DEFINE(Rshutdown,SOCKSshutdown) AC_DEFINE(Rlisten,SOCKSlisten) AC_DEFINE(Rclose,SOCKSclose) AC_DEFINE(Rdup,SOCKSdup) AC_DEFINE(Rdup2,SOCKSdup2) AC_DEFINE(Rfclose,SOCKSfclose) AC_DEFINE(Rgethostbyname,SOCKSgethostbyname) fi fi AC_MSG_CHECKING(whether to use rsaref) AC_ARG_WITH(rsaref, [ --with-rsaref[=PATH] Use RSAREF (try to avoid patent problems in U.S.) --without-rsaref Use normal RSA routines (default). ], [ case "$withval" in no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(yes) if test "x$withval" = "xyes"; then withval="-lrsaref" RSAREFDEP="rsaref2/source/librsaref.a" LDFLAGS="-Lrsaref2/source $LDFLAGS" else if test -d "$withval"; then withval="-L$withval -lrsaref" fi fi AC_DEFINE(RSAREF) LIBS="$withval $LIBS" ;; esac ], AC_MSG_RESULT(no) ) # This allows group writeability in userfile_check_owner_permissions() AC_MSG_CHECKING(whether to allow group writeability) AC_ARG_ENABLE(group-writeability, [ --enable-group-writeability Allow group writeability in auth-rsa. ], [ AC_MSG_RESULT(yes) AC_DEFINE(ALLOW_GROUP_WRITEABILITY) ], [ AC_MSG_RESULT(no) ] ) AC_MSG_CHECKING(whether to disable forwardings in server) AC_ARG_ENABLE(server-port-forwardings, [ --disable-server-port-forwardings Disable all port forwardings in server (except X11)], [ case "$enableval" in no) AC_DEFINE(SSHD_NO_PORT_FORWARDING) AC_MSG_RESULT(yes) ;; *) AC_MSG_RESULT(no) ;; esac ], AC_MSG_RESULT(no) ) AC_MSG_CHECKING(whether to disable forwardings in client) AC_ARG_ENABLE(client-port-forwardings, [ --disable-client-port-forwardings Disable all port forwardings in client (except X11)], [ case "$enableval" in no) AC_DEFINE(SSH_NO_PORT_FORWARDING) AC_MSG_RESULT(yes) ;; *) AC_MSG_RESULT(no) ;; esac ], AC_MSG_RESULT(no) ) AC_MSG_CHECKING(whether to disable X11 forwarding in server) AC_ARG_ENABLE(server-x11-forwarding, [ --disable-server-x11-forwarding Disable X11 forwarding in server], [ case "$enableval" in no) AC_DEFINE(SSHD_NO_X11_FORWARDING) AC_MSG_RESULT(yes) ;; *) AC_MSG_RESULT(no) ;; esac ], AC_MSG_RESULT(no) ) AC_MSG_CHECKING(whether to disable X11 forwarding in client) AC_ARG_ENABLE(client-x11-forwarding, [ --disable-client-x11-forwarding Disable X11 forwarding in client], [ case "$enableval" in no) AC_DEFINE(SSH_NO_X11_FORWARDING) AC_MSG_RESULT(yes) ;; *) AC_MSG_RESULT(no) ;; esac ], AC_MSG_RESULT(no) ) AC_MSG_CHECKING(whether to install ssh as suid root) AC_ARG_ENABLE(suid-ssh, [ --enable-suid-ssh Install ssh as suid root (default) --disable-suid-ssh Install ssh without suid bit], [ case "$enableval" in no) AC_MSG_RESULT(no) SSHINSTALLMODE=0755 ;; *) AC_MSG_RESULT(yes) SSHINSTALLMODE=04711 ;; esac ], AC_MSG_RESULT(yes) SSHINSTALLMODE=04711 ) AC_MSG_CHECKING(whether to enable TCP_NODELAY) AC_ARG_ENABLE(tcp-nodelay, [ --enable-tcp-nodelay Enable TCP_NODELAY socket option], [ case "$enableval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(ENABLE_TCP_NODELAY) ;; *) AC_MSG_RESULT(no) esac ], AC_MSG_RESULT(yes) AC_DEFINE(ENABLE_TCP_NODELAY) ) # We include this here only to make it visible in --help; this is only used # in the gmp subdirectory. AC_ARG_ENABLE(asm, [ --disable-asm Disable assembly language optimizations. ], []) PIDDIR="/var/run" AC_MSG_CHECKING(where to put sshd.pid) if test '!' -d $PIDDIR; then PIDDIR="$ETCDIR" fi AC_MSG_RESULT($PIDDIR) AC_CONFIG_SUBDIRS(gmp-2.0.2-ssh-2) AC_ARG_PROGRAM AC_SUBST(ETCDIR) AC_SUBST(PIDDIR) AC_SUBST(RSAREFDEP) AC_SUBST(CONFOBJS) AC_SUBST(SSHINSTALLMODE) ATHENA_LIBS= AC_CHECK_FUNC(res_send,:,AC_CHECK_LIB(resolv,res_send, [ATHENA_LIBS=-lresolv])) AC_ARG_WITH([afs], [ --without-afs don't have afs libraries to build against (default) --with-afs=AFSDIR use preinstalled AFS library tree], ,with_afs=no)dnl if test $with_afs != no; then ATHENA_LIBS="$ATHENA_LIBS -L$with_afs/lib -L$with_afs/lib/afs -lauth -lsys -lrx -llwp -lsys" AC_CHECK_FUNC(sigvec, :, [AC_CHECK_LIB(ucb, sigvec, [ATHENA_LIBS="$ATHENA_LIBS -L/usr/ucblib -R/usr/ucblib -lc -lucb"], :, -L/usr/ucblib)]) AC_CHECK_FUNC(insque, :, [AC_CHECK_LIB(compat, insque, [ATHENA_LIBS="$ATHENA_LIBS -lcompat"])]) fi AC_SUBST(ATHENA_LIBS) AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile)