1 files changed, 89 insertions, 14 deletions
diff --git a/crypto/openssh/configure.ac b/crypto/openssh/configure.ac
index 6ba4d24..36c4577 100644
--- a/crypto/openssh/configure.ac
+++ b/crypto/openssh/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.214 2004/04/17 03:03:07 tim Exp $
+# $Id: configure.ac,v 1.226 2004/08/16 13:12:06 dtucker Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -28,6 +28,8 @@ AC_PROG_CPP
 AC_PROG_RANLIB
 AC_PROG_INSTALL
 AC_PATH_PROG(AR, ar)
+AC_PATH_PROG(CAT, cat)
+AC_PATH_PROG(KILL, kill)
 AC_PATH_PROGS(PERL, perl5 perl)
 AC_PATH_PROG(SED, sed)
 AC_SUBST(PERL)
@@ -37,6 +39,14 @@ AC_PATH_PROG(TEST_MINUS_S_SH, bash)
 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
 AC_PATH_PROG(SH, sh)
+AC_SUBST(TEST_SHELL,sh)
+
+dnl for buildpkg.sh
+AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
+	[/usr/sbin${PATH_SEPARATOR}/etc])
+AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
+	[/usr/sbin${PATH_SEPARATOR}/etc])
+AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
 
 # System features
 AC_SYS_LARGEFILE
@@ -244,6 +254,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
 	AC_DEFINE(PAM_TTY_KLUDGE)
 	AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
 	AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
+	AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
 	inet6_default_4in6=yes
 	case `uname -r` in
 	1.*|2.0.*)
@@ -287,6 +298,7 @@ mips-sony-bsd|mips-sony-newsos4)
 	AC_DEFINE(LOGIN_NEEDS_UTMPX)
 	AC_DEFINE(LOGIN_NEEDS_TERM)
 	AC_DEFINE(PAM_TTY_KLUDGE)
+	AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
 	AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
 	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
 	AC_DEFINE(SSHD_ACQUIRES_CTTY)
@@ -366,6 +378,7 @@ mips-sony-bsd|mips-sony-newsos4)
 	AC_CHECK_FUNCS(getluid setluid)
 	MANTYPE=man
 	do_sco3_extra_lib_check=yes
+	TEST_SHELL=ksh
 	;;
 *-*-sco3.2v5*)
 	if test -z "$GCC"; then
@@ -381,8 +394,10 @@ mips-sony-bsd|mips-sony-newsos4)
 	AC_DEFINE(BROKEN_SETREUID)
 	AC_DEFINE(BROKEN_SETREGID)
 	AC_DEFINE(WITH_ABBREV_NO_TTY)
+	AC_DEFINE(BROKEN_UPDWTMPX)
 	AC_CHECK_FUNCS(getluid setluid)
 	MANTYPE=man
+	TEST_SHELL=ksh
 	;;
 *-*-unicosmk*)
 	AC_DEFINE(NO_SSH_LASTLOG)
@@ -503,16 +518,16 @@ int main(){exit(0);}
 )
 
 # Checks for header files.
-AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
-	getopt.h glob.h ia.h lastlog.h limits.h login.h \
-	login_cap.h maillock.h netdb.h netgroup.h \
+AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
+	floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
+	login_cap.h maillock.h ndir.h netdb.h netgroup.h \
 	netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
 	rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
-	strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
-	sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \
-	sys/select.h sys/stat.h sys/stream.h sys/stropts.h \
-	sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \
-	ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
+	strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
+	sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
+	sys/pstat.h sys/ptms.h sys/select.h sys/stat.h sys/stream.h \
+	sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
+	time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
 
 # Checks for libraries.
 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
@@ -717,6 +732,14 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
 	]
 )
 
+AC_MSG_CHECKING([for /proc/pid/fd directory])
+if test -d "/proc/$$/fd" ; then
+	AC_DEFINE(HAVE_PROC_PID)
+	AC_MSG_RESULT(yes)
+else
+	AC_MSG_RESULT(no)
+fi
+
 # Check whether user wants S/Key support
 SKEY_MSG="no"
 AC_ARG_WITH(skey,
@@ -818,9 +841,9 @@ AC_ARG_WITH(tcp-wrappers,
 
 dnl    Checks for library functions. Please keep in alphabetical order
 AC_CHECK_FUNCS(\
-	arc4random __b64_ntop b64_ntop __b64_pton b64_pton \
-	bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
-	getaddrinfo getcwd getgrouplist getnameinfo getopt \
+	arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
+	bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \
+	futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \
 	getpeereid _getpty getrlimit getttyent glob inet_aton \
 	inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
 	mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
@@ -860,6 +883,8 @@ AC_CHECK_DECL(tcsendbreak,
 	[#include <termios.h>]
 )
 
+AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
+
 AC_CHECK_FUNCS(setresuid, [
 	dnl Some platorms have setresuid that isn't implemented, test for this
 	AC_MSG_CHECKING(if setresuid seems to work)
@@ -924,6 +949,20 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
 	)
 fi
 
+# Check for missing getpeereid (or equiv) support
+NO_PEERCHECK=""
+if test "x$ac_cv_func_getpeereid" != "xyes" ; then
+	AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
+	AC_TRY_COMPILE(
+		[#include <sys/types.h>
+		 #include <sys/socket.h>],
+		[int i = SO_PEERCRED;],
+		[AC_MSG_RESULT(yes)],
+		[AC_MSG_RESULT(no)
+		NO_PEERCHECK=1]
+        )
+fi
+
 dnl see whether mkstemp() requires XXXXXX
 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
 AC_MSG_CHECKING([for (overly) strict mkstemp])
@@ -2154,6 +2193,25 @@ AC_SEARCH_LIBS(getrrsetbyname, resolv,
 		# Needed by our getrrsetbyname()
 		AC_SEARCH_LIBS(res_query, resolv)
 		AC_SEARCH_LIBS(dn_expand, resolv)
+		AC_MSG_CHECKING(if res_query will link)
+		AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
+		   [AC_MSG_RESULT(no)
+		    saved_LIBS="$LIBS"
+		    LIBS="$LIBS -lresolv"
+		    AC_MSG_CHECKING(for res_query in -lresolv)
+		    AC_LINK_IFELSE([
+#include <resolv.h>
+int main()
+{
+	res_query (0, 0, 0, 0, 0);
+	return 0;
+}
+			],
+			[LIBS="$LIBS -lresolv"
+			 AC_MSG_RESULT(yes)],
+			[LIBS="$saved_LIBS"
+			 AC_MSG_RESULT(no)])
+		    ])
 		AC_CHECK_FUNCS(_getshort _getlong)
 		AC_CHECK_MEMBER(HEADER.ad,
 			[AC_DEFINE(HAVE_HEADER_AD)],,
@@ -2207,7 +2265,10 @@ AC_ARG_WITH(kerberos5,
 				       [ char *tmp = heimdal_version; ],
 				       [ AC_MSG_RESULT(yes)
 					 AC_DEFINE(HEIMDAL)
-					 K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
+					 K5LIBS="-lkrb5 -ldes"
+					 K5LIBS="$K5LIBS -lcom_err -lasn1"
+					 AC_CHECK_LIB(roken, net_write, 
+					   [K5LIBS="$K5LIBS -lroken"])
 				       ],
 				       [ AC_MSG_RESULT(no)
 					 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
@@ -2870,7 +2931,7 @@ if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
 fi
 
 AC_EXEEXT
-AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
+AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
 AC_OUTPUT
 
 # Print summary of options
@@ -2935,6 +2996,10 @@ echo "         Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
 
 echo ""
 
+if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
+	echo "SVR4 style packages are supported with \"make package\"\n"
+fi
+
 if test "x$PAM_MSG" = "xyes" ; then
 	echo "PAM is enabled. You may need to install a PAM control file "
 	echo "for sshd, otherwise password authentication may fail. "
@@ -2951,3 +3016,13 @@ if test ! -z "$RAND_HELPER_CMDHASH" ; then
 	echo ""
 fi
 
+if test ! -z "$NO_PEERCHECK" ; then
+	echo "WARNING: the operating system that you are using does not "
+	echo "appear to support either the getpeereid() API nor the "
+	echo "SO_PEERCRED getsockopt() option. These facilities are used to "
+	echo "enforce security checks to prevent unauthorised connections to "
+	echo "ssh-agent. Their absence increases the risk that a malicious "
+	echo "user can connect to your agent. "
+	echo ""
+fi
+