]> andersk Git - gssapi-openssh.git/blame - openssh/configure.ac
andersk / gssapi-openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Import of OpenSSH 5.1p1
[gssapi-openssh.git] / openssh / configure.ac
CommitLineData
3c0ef626 1# $Id$
99be0775 2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
3c0ef626 16
665a873d 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
f2f068fa 18AC_REVISION($Revision$)
3c0ef626 19AC_CONFIG_SRCDIR([ssh.c])
20
21AC_CONFIG_HEADER(config.h)
22AC_PROG_CC
23AC_CANONICAL_HOST
24AC_C_BIGENDIAN
25
26# Checks for programs.
0fff78ff 27AC_PROG_AWK
3c0ef626 28AC_PROG_CPP
29AC_PROG_RANLIB
30AC_PROG_INSTALL
f2f068fa 31AC_PROG_EGREP
3c0ef626 32AC_PATH_PROG(AR, ar)
c9f39d2c 33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
3c0ef626 35AC_PATH_PROGS(PERL, perl5 perl)
6a9b3198 36AC_PATH_PROG(SED, sed)
3c0ef626 37AC_SUBST(PERL)
38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
3c0ef626 40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
700318f3 43AC_PATH_PROG(SH, sh)
c9f39d2c 44AC_SUBST(TEST_SHELL,sh)
45
46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
2c06c99b 52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
3c0ef626 57
58# System features
59AC_SYS_LARGEFILE
60
61if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
2c06c99b 67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
3c0ef626 70else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76fi
77
cdd66111 78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
2c06c99b 80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
cdd66111 82fi
83
3c0ef626 84if test -z "$LD" ; then
85 LD=$CC
86fi
87AC_SUBST(LD)
dec6d9fe 88
3c0ef626 89AC_C_INLINE
665a873d 90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
47686178 93use_stack_protector=1
94AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
97 use_stack_protector=0
98 fi ])
99
cdd66111 100if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
665a873d 101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
2c06c99b 102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
665a873d 103 case $GCC_VER in
d4487008 104 1.*) no_attrib_nonnull=1 ;;
105 2.8* | 2.9*)
106 CFLAGS="$CFLAGS -Wsign-compare"
107 no_attrib_nonnull=1
108 ;;
109 2.*) no_attrib_nonnull=1 ;;
22616013 110 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
2c06c99b 112 *) ;;
665a873d 113 esac
114
22616013 115 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
116 saved_CFLAGS="$CFLAGS"
117 CFLAGS="$CFLAGS -fno-builtin-memset"
118 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
119#include <string.h>
120int main(void){char b[10]; memset(b, 0, sizeof(b));}
121 ]])],
122 [ AC_MSG_RESULT(yes) ],
123 [ AC_MSG_RESULT(no)
124 CFLAGS="$saved_CFLAGS" ]
125)
126
47686178 127 # -fstack-protector-all doesn't always work for some GCC versions
128 # and/or platforms, so we test if we can. If it's not supported
129 # on a give platform gcc will emit a warning so we use -Werror.
130 if test "x$use_stack_protector" = "x1"; then
131 for t in -fstack-protector-all -fstack-protector; do
132 AC_MSG_CHECKING(if $CC supports $t)
133 saved_CFLAGS="$CFLAGS"
134 saved_LDFLAGS="$LDFLAGS"
135 CFLAGS="$CFLAGS $t -Werror"
136 LDFLAGS="$LDFLAGS $t -Werror"
137 AC_LINK_IFELSE(
138 [AC_LANG_SOURCE([
139#include <stdlib.h>
140int main(void){return 0;}
141 ])],
142 [ AC_MSG_RESULT(yes)
143 CFLAGS="$saved_CFLAGS $t"
144 LDFLAGS="$saved_LDFLAGS $t"
145 AC_MSG_CHECKING(if $t works)
146 AC_RUN_IFELSE(
147 [AC_LANG_SOURCE([
148#include <stdlib.h>
149int main(void){exit(0);}
150 ])],
151 [ AC_MSG_RESULT(yes)
152 break ],
153 [ AC_MSG_RESULT(no) ],
154 [ AC_MSG_WARN([cross compiling: cannot test])
155 break ]
156 )
157 ],
158 [ AC_MSG_RESULT(no) ]
159 )
160 CFLAGS="$saved_CFLAGS"
161 LDFLAGS="$saved_LDFLAGS"
162 done
163 fi
164
665a873d 165 if test -z "$have_llong_max"; then
166 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
167 unset ac_cv_have_decl_LLONG_MAX
168 saved_CFLAGS="$CFLAGS"
169 CFLAGS="$CFLAGS -std=gnu99"
170 AC_CHECK_DECL(LLONG_MAX,
171 [have_llong_max=1],
172 [CFLAGS="$saved_CFLAGS"],
173 [#include <limits.h>]
174 )
175 fi
176fi
177
d4487008 178if test "x$no_attrib_nonnull" != "x1" ; then
179 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
180fi
181
cdd66111 182AC_ARG_WITH(rpath,
183 [ --without-rpath Disable auto-added -R linker paths],
184 [
dec6d9fe 185 if test "x$withval" = "xno" ; then
cdd66111 186 need_dash_r=""
187 fi
188 if test "x$withval" = "xyes" ; then
189 need_dash_r=1
190 fi
191 ]
192)
193
ff7ec503 194# Allow user to specify flags
195AC_ARG_WITH(cflags,
196 [ --with-cflags Specify additional flags to pass to compiler],
197 [
198 if test -n "$withval" && test "x$withval" != "xno" && \
199 test "x${withval}" != "xyes"; then
200 CFLAGS="$CFLAGS $withval"
201 fi
202 ]
203)
204AC_ARG_WITH(cppflags,
205 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
206 [
207 if test -n "$withval" && test "x$withval" != "xno" && \
208 test "x${withval}" != "xyes"; then
209 CPPFLAGS="$CPPFLAGS $withval"
210 fi
211 ]
212)
213AC_ARG_WITH(ldflags,
214 [ --with-ldflags Specify additional flags to pass to linker],
215 [
216 if test -n "$withval" && test "x$withval" != "xno" && \
217 test "x${withval}" != "xyes"; then
218 LDFLAGS="$LDFLAGS $withval"
219 fi
220 ]
221)
222AC_ARG_WITH(libs,
223 [ --with-libs Specify additional libraries to link with],
224 [
225 if test -n "$withval" && test "x$withval" != "xno" && \
226 test "x${withval}" != "xyes"; then
227 LIBS="$LIBS $withval"
228 fi
229 ]
230)
231AC_ARG_WITH(Werror,
232 [ --with-Werror Build main code with -Werror],
233 [
234 if test -n "$withval" && test "x$withval" != "xno"; then
235 werror_flags="-Werror"
236 if test "x${withval}" != "xyes"; then
237 werror_flags="$withval"
238 fi
239 fi
240 ]
241)
242
243AC_CHECK_HEADERS( \
244 bstring.h \
245 crypt.h \
246 crypto/sha2.h \
247 dirent.h \
248 endian.h \
249 features.h \
250 fcntl.h \
251 floatingpoint.h \
252 getopt.h \
253 glob.h \
254 ia.h \
255 iaf.h \
256 limits.h \
257 login.h \
258 maillock.h \
259 ndir.h \
260 net/if_tun.h \
261 netdb.h \
262 netgroup.h \
263 pam/pam_appl.h \
264 paths.h \
d4487008 265 poll.h \
ff7ec503 266 pty.h \
267 readpassphrase.h \
268 rpc/types.h \
269 security/pam_appl.h \
270 sha2.h \
271 shadow.h \
272 stddef.h \
273 stdint.h \
274 string.h \
275 strings.h \
276 sys/audit.h \
277 sys/bitypes.h \
278 sys/bsdtty.h \
279 sys/cdefs.h \
280 sys/dir.h \
281 sys/mman.h \
22616013 282 sys/mount.h \
ff7ec503 283 sys/ndir.h \
47686178 284 sys/poll.h \
ff7ec503 285 sys/prctl.h \
286 sys/pstat.h \
287 sys/select.h \
288 sys/stat.h \
289 sys/stream.h \
290 sys/stropts.h \
291 sys/strtio.h \
22616013 292 sys/statvfs.h \
ff7ec503 293 sys/sysmacros.h \
294 sys/time.h \
295 sys/timers.h \
296 sys/un.h \
297 time.h \
298 tmpdir.h \
299 ttyent.h \
d4487008 300 ucred.h \
ff7ec503 301 unistd.h \
302 usersec.h \
303 util.h \
304 utime.h \
305 utmp.h \
306 utmpx.h \
307 vis.h \
308)
309
310# lastlog.h requires sys/time.h to be included first on Solaris
311AC_CHECK_HEADERS(lastlog.h, [], [], [
312#ifdef HAVE_SYS_TIME_H
313# include <sys/time.h>
314#endif
315])
316
317# sys/ptms.h requires sys/stream.h to be included first on Solaris
318AC_CHECK_HEADERS(sys/ptms.h, [], [], [
319#ifdef HAVE_SYS_STREAM_H
320# include <sys/stream.h>
321#endif
322])
323
324# login_cap.h requires sys/types.h on NetBSD
325AC_CHECK_HEADERS(login_cap.h, [], [], [
326#include <sys/types.h>
327])
328
9108f8d9 329# Messages for features tested for in target-specific section
330SIA_MSG="no"
331SPC_MSG="no"
332
3c0ef626 333# Check for some target-specific stuff
334case "$host" in
335*-*-aix*)
9108f8d9 336 # Some versions of VAC won't allow macro redefinitions at
337 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
338 # particularly with older versions of vac or xlc.
339 # It also throws errors about null macro argments, but these are
340 # not fatal.
341 AC_MSG_CHECKING(if compiler allows macro redefinitions)
342 AC_COMPILE_IFELSE(
343 [AC_LANG_SOURCE([[
344#define testmacro foo
345#define testmacro bar
346int main(void) { exit(0); }
347 ]])],
348 [ AC_MSG_RESULT(yes) ],
349 [ AC_MSG_RESULT(no)
350 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
351 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
352 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
353 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
354 ]
355 )
356
cdd66111 357 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
7e772e1f 358 if (test -z "$blibpath"); then
cdd66111 359 blibpath="/usr/lib:/lib"
7e772e1f 360 fi
361 saved_LDFLAGS="$LDFLAGS"
9108f8d9 362 if test "$GCC" = "yes"; then
363 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
364 else
365 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
366 fi
367 for tryflags in $flags ;do
7e772e1f 368 if (test -z "$blibflags"); then
369 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
370 AC_TRY_LINK([], [], [blibflags=$tryflags])
371 fi
372 done
373 if (test -z "$blibflags"); then
374 AC_MSG_RESULT(not found)
375 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
376 else
377 AC_MSG_RESULT($blibflags)
3c0ef626 378 fi
7e772e1f 379 LDFLAGS="$saved_LDFLAGS"
0fff78ff 380 dnl Check for authenticate. Might be in libs.a on older AIXes
2c06c99b 381 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
382 [Define if you want to enable AIX4's authenticate function])],
41b2f314 383 [AC_CHECK_LIB(s,authenticate,
384 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
385 LIBS="$LIBS -ls"
386 ])
387 ])
996d5e62 388 dnl Check for various auth function declarations in headers.
389 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
dec6d9fe 390 passwdexpired, setauthdb], , , [#include <usersec.h>])
0fff78ff 391 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
996d5e62 392 AC_CHECK_DECLS(loginfailed,
0fff78ff 393 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
394 AC_TRY_COMPILE(
395 [#include <usersec.h>],
396 [(void)loginfailed("user","host","tty",0);],
397 [AC_MSG_RESULT(yes)
2c06c99b 398 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
399 [Define if your AIX loginfailed() function
400 takes 4 arguments (AIX >= 5.2)])],
0fff78ff 401 [AC_MSG_RESULT(no)]
402 )],
403 [],
404 [#include <usersec.h>]
405 )
47686178 406 AC_CHECK_FUNCS(getgrset setauthdb)
9108f8d9 407 AC_CHECK_DECL(F_CLOSEM,
408 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
409 [],
410 [ #include <limits.h>
411 #include <fcntl.h> ]
412 )
996d5e62 413 check_for_aix_broken_getaddrinfo=1
2c06c99b 414 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
415 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
416 [Define if your platform breaks doing a seteuid before a setuid])
417 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
418 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
3c0ef626 419 dnl AIX handles lastlog as part of its login message
2c06c99b 420 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
421 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
422 [Some systems need a utmpx entry for /bin/login to work])
423 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
424 [Define to a Set Process Title type if your system is
425 supported by bsd-setproctitle.c])
426 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
427 [AIX 5.2 and 5.3 (and presumably newer) require this])
9108f8d9 428 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
3c0ef626 429 ;;
430*-*-cygwin*)
6a9b3198 431 check_for_libcrypt_later=1
799ae497 432 LIBS="$LIBS /usr/lib/textreadmode.o"
2c06c99b 433 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
434 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
435 AC_DEFINE(DISABLE_SHADOW, 1,
436 [Define if you want to disable shadow passwords])
437 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
438 [Define if your system choked on IP TOS setting])
439 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
440 [Define if X11 doesn't support AF_UNIX sockets on that system])
441 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
442 [Define if the concept of ports only accessible to
443 superusers isn't known])
444 AC_DEFINE(DISABLE_FD_PASSING, 1,
445 [Define if your platform needs to skip post auth
446 file descriptor passing])
3c0ef626 447 ;;
448*-*-dgux*)
449 AC_DEFINE(IP_TOS_IS_BROKEN)
cdd66111 450 AC_DEFINE(SETEUID_BREAKS_SETUID)
451 AC_DEFINE(BROKEN_SETREUID)
452 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 453 ;;
454*-*-darwin*)
41b2f314 455 AC_MSG_CHECKING(if we have working getaddrinfo)
456 AC_TRY_RUN([#include <mach-o/dyld.h>
457main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
458 exit(0);
459 else
460 exit(1);
461}], [AC_MSG_RESULT(working)],
462 [AC_MSG_RESULT(buggy)
2c06c99b 463 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
41b2f314 464 [AC_MSG_RESULT(assume it is working)])
acc3d05e 465 AC_DEFINE(SETEUID_BREAKS_SETUID)
466 AC_DEFINE(BROKEN_SETREUID)
467 AC_DEFINE(BROKEN_SETREGID)
47686178 468 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
2c06c99b 469 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
470 [Define if your resolver libs need this for getrrsetbyname])
9108f8d9 471 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
472 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
473 [Use tunnel device compatibility to OpenBSD])
474 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
475 [Prepend the address family to IP tunnel traffic])
47686178 476 m4_pattern_allow(AU_IPv)
477 AC_CHECK_DECL(AU_IPv4, [],
478 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
479 [#include <bsm/audit.h>]
480 )
9108f8d9 481 ;;
482*-*-dragonfly*)
483 SSHDLIBS="$SSHDLIBS -lcrypt"
3c0ef626 484 ;;
665a873d 485*-*-hpux*)
486 # first we define all of the options common to all HP-UX releases
3c0ef626 487 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
488 IPADDR_IN_DISPLAY=yes
3c0ef626 489 AC_DEFINE(USE_PIPES)
2c06c99b 490 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
491 [Define if your login program cannot handle end of options ("--")])
700318f3 492 AC_DEFINE(LOGIN_NEEDS_UTMPX)
2c06c99b 493 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
494 [String used in /etc/passwd to denote locked account])
0fff78ff 495 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
2c06c99b 496 MAIL="/var/mail/username"
41b2f314 497 LIBS="$LIBS -lsec"
665a873d 498 AC_CHECK_LIB(xnet, t_error, ,
499 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
500
501 # next, we define all of the options specific to major releases
502 case "$host" in
503 *-*-hpux10*)
504 if test -z "$GCC"; then
505 CFLAGS="$CFLAGS -Ae"
506 fi
507 ;;
508 *-*-hpux11*)
2c06c99b 509 AC_DEFINE(PAM_SUN_CODEBASE, 1,
510 [Define if you are using Solaris-derived PAM which
511 passes pam_messages to the conversation function
512 with an extra level of indirection])
513 AC_DEFINE(DISABLE_UTMP, 1,
514 [Define if you don't want to use utmp])
665a873d 515 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
516 check_for_hpux_broken_getaddrinfo=1
517 check_for_conflicting_getspnam=1
518 ;;
519 esac
520
521 # lastly, we define options specific to minor releases
522 case "$host" in
523 *-*-hpux10.26)
2c06c99b 524 AC_DEFINE(HAVE_SECUREWARE, 1,
525 [Define if you have SecureWare-based
526 protected password database])
665a873d 527 disable_ptmx_check=yes
528 LIBS="$LIBS -lsecpw"
529 ;;
530 esac
3c0ef626 531 ;;
532*-*-irix5*)
3c0ef626 533 PATH="$PATH:/usr/etc"
2c06c99b 534 AC_DEFINE(BROKEN_INET_NTOA, 1,
535 [Define if you system's inet_ntoa is busted
536 (e.g. Irix gcc issue)])
cdd66111 537 AC_DEFINE(SETEUID_BREAKS_SETUID)
538 AC_DEFINE(BROKEN_SETREUID)
539 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 540 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
541 [Define if you shouldn't strip 'tty' from your
542 ttyname in [uw]tmp])
0fff78ff 543 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 544 ;;
545*-*-irix6*)
3c0ef626 546 PATH="$PATH:/usr/etc"
2c06c99b 547 AC_DEFINE(WITH_IRIX_ARRAY, 1,
548 [Define if you have/want arrays
549 (cluster-wide session managment, not C arrays)])
550 AC_DEFINE(WITH_IRIX_PROJECT, 1,
551 [Define if you want IRIX project management])
552 AC_DEFINE(WITH_IRIX_AUDIT, 1,
553 [Define if you want IRIX audit trails])
554 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
555 [Define if you want IRIX kernel jobs])])
3c0ef626 556 AC_DEFINE(BROKEN_INET_NTOA)
acc3d05e 557 AC_DEFINE(SETEUID_BREAKS_SETUID)
558 AC_DEFINE(BROKEN_SETREUID)
559 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 560 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
700318f3 561 AC_DEFINE(WITH_ABBREV_NO_TTY)
0fff78ff 562 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 563 ;;
564*-*-linux*)
565 no_dev_ptmx=1
566 check_for_libcrypt_later=1
0fff78ff 567 check_for_openpty_ctty_bug=1
2c06c99b 568 AC_DEFINE(PAM_TTY_KLUDGE, 1,
569 [Work around problematic Linux PAM modules handling of PAM_TTY])
570 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
571 [String used in /etc/passwd to denote locked account])
0fff78ff 572 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
2c06c99b 573 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
574 [Define to whatever link() returns for "not supported"
575 if it doesn't return EOPNOTSUPP.])
996d5e62 576 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
2c06c99b 577 AC_DEFINE(USE_BTMP)
3c0ef626 578 inet6_default_4in6=yes
0fff78ff 579 case `uname -r` in
580 1.*|2.0.*)
2c06c99b 581 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
582 [Define if cmsg_type is not passed correctly])
0fff78ff 583 ;;
584 esac
2c06c99b 585 # tun(4) forwarding compat code
586 AC_CHECK_HEADERS(linux/if_tun.h)
587 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
588 AC_DEFINE(SSH_TUN_LINUX, 1,
589 [Open tunnel devices the Linux tun/tap way])
590 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
591 [Use tunnel device compatibility to OpenBSD])
592 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
593 [Prepend the address family to IP tunnel traffic])
594 fi
3c0ef626 595 ;;
596mips-sony-bsd|mips-sony-newsos4)
f2f068fa 597 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
3c0ef626 598 SONY=1
3c0ef626 599 ;;
600*-*-netbsd*)
41b2f314 601 check_for_libcrypt_before=1
dec6d9fe 602 if test "x$withval" != "xno" ; then
cdd66111 603 need_dash_r=1
604 fi
2c06c99b 605 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
606 AC_CHECK_HEADER([net/if_tap.h], ,
607 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
608 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
609 [Prepend the address family to IP tunnel traffic])
3c0ef626 610 ;;
611*-*-freebsd*)
612 check_for_libcrypt_later=1
2c06c99b 613 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
614 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
615 AC_CHECK_HEADER([net/if_tap.h], ,
616 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
47686178 617 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
3c0ef626 618 ;;
acc3d05e 619*-*-bsdi*)
620 AC_DEFINE(SETEUID_BREAKS_SETUID)
621 AC_DEFINE(BROKEN_SETREUID)
622 AC_DEFINE(BROKEN_SETREGID)
623 ;;
3c0ef626 624*-next-*)
625 conf_lastlog_location="/usr/adm/lastlog"
626 conf_utmp_location=/etc/utmp
627 conf_wtmp_location=/usr/adm/wtmp
628 MAIL=/usr/spool/mail
2c06c99b 629 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
3c0ef626 630 AC_DEFINE(BROKEN_REALPATH)
631 AC_DEFINE(USE_PIPES)
2c06c99b 632 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
3c0ef626 633 ;;
665a873d 634*-*-openbsd*)
635 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
2c06c99b 636 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
637 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
9108f8d9 638 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
639 [syslog_r function is safe to use in in a signal handler])
665a873d 640 ;;
3c0ef626 641*-*-solaris*)
dec6d9fe 642 if test "x$withval" != "xno" ; then
99be0775 643 need_dash_r=1
644 fi
3c0ef626 645 AC_DEFINE(PAM_SUN_CODEBASE)
646 AC_DEFINE(LOGIN_NEEDS_UTMPX)
2c06c99b 647 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
648 [Some versions of /bin/login need the TERM supplied
649 on the commandline])
3c0ef626 650 AC_DEFINE(PAM_TTY_KLUDGE)
2c06c99b 651 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
652 [Define if pam_chauthtok wants real uid set
653 to the unpriv'ed user])
0fff78ff 654 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
655 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
2c06c99b 656 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
657 [Define if sshd somehow reacquires a controlling TTY
658 after setsid()])
9108f8d9 659 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
660 in case the name is longer than 8 chars])
0fff78ff 661 external_path_file=/etc/default/login
3c0ef626 662 # hardwire lastlog location (can't detect it on some versions)
663 conf_lastlog_location="/var/adm/lastlog"
664 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
665 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
666 if test "$sol2ver" -ge 8; then
667 AC_MSG_RESULT(yes)
668 AC_DEFINE(DISABLE_UTMP)
2c06c99b 669 AC_DEFINE(DISABLE_WTMP, 1,
670 [Define if you don't want to use wtmp])
3c0ef626 671 else
672 AC_MSG_RESULT(no)
673 fi
9108f8d9 674 AC_ARG_WITH(solaris-contracts,
675 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
676 [
677 AC_CHECK_LIB(contract, ct_tmpl_activate,
678 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
679 [Define if you have Solaris process contracts])
680 SSHDLIBS="$SSHDLIBS -lcontract"
681 AC_SUBST(SSHDLIBS)
682 SPC_MSG="yes" ], )
683 ],
684 )
3c0ef626 685 ;;
686*-*-sunos4*)
687 CPPFLAGS="$CPPFLAGS -DSUNOS4"
688 AC_CHECK_FUNCS(getpwanam)
689 AC_DEFINE(PAM_SUN_CODEBASE)
3c0ef626 690 conf_utmp_location=/etc/utmp
691 conf_wtmp_location=/var/adm/wtmp
692 conf_lastlog_location=/var/adm/lastlog
693 AC_DEFINE(USE_PIPES)
694 ;;
695*-ncr-sysv*)
3c0ef626 696 LIBS="$LIBS -lc89"
e9a17296 697 AC_DEFINE(USE_PIPES)
0fff78ff 698 AC_DEFINE(SSHD_ACQUIRES_CTTY)
acc3d05e 699 AC_DEFINE(SETEUID_BREAKS_SETUID)
700 AC_DEFINE(BROKEN_SETREUID)
701 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 702 ;;
703*-sni-sysv*)
3c0ef626 704 # /usr/ucblib MUST NOT be searched on ReliantUNIX
cdd66111 705 AC_CHECK_LIB(dl, dlsym, ,)
2c06c99b 706 # -lresolv needs to be at the end of LIBS or DNS lookups break
707 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
3c0ef626 708 IPADDR_IN_DISPLAY=yes
709 AC_DEFINE(USE_PIPES)
710 AC_DEFINE(IP_TOS_IS_BROKEN)
cdd66111 711 AC_DEFINE(SETEUID_BREAKS_SETUID)
712 AC_DEFINE(BROKEN_SETREUID)
713 AC_DEFINE(BROKEN_SETREGID)
0fff78ff 714 AC_DEFINE(SSHD_ACQUIRES_CTTY)
715 external_path_file=/etc/default/login
3c0ef626 716 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
717 # Attention: always take care to bind libsocket and libnsl before libc,
718 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
719 ;;
996d5e62 720# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
3c0ef626 721*-*-sysv4.2*)
3c0ef626 722 AC_DEFINE(USE_PIPES)
0fff78ff 723 AC_DEFINE(SETEUID_BREAKS_SETUID)
724 AC_DEFINE(BROKEN_SETREUID)
725 AC_DEFINE(BROKEN_SETREGID)
dec6d9fe 726 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
2c06c99b 727 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 728 ;;
996d5e62 729# UnixWare 7.x, OpenUNIX 8
3c0ef626 730*-*-sysv5*)
665a873d 731 check_for_libcrypt_later=1
732 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
3c0ef626 733 AC_DEFINE(USE_PIPES)
0fff78ff 734 AC_DEFINE(SETEUID_BREAKS_SETUID)
735 AC_DEFINE(BROKEN_SETREUID)
736 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 737 AC_DEFINE(PASSWD_NEEDS_USERNAME)
665a873d 738 case "$host" in
739 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
740 TEST_SHELL=/u95/bin/sh
2c06c99b 741 AC_DEFINE(BROKEN_LIBIAF, 1,
742 [ia_uinfo routines not supported by OS yet])
9108f8d9 743 AC_DEFINE(BROKEN_UPDWTMPX)
2c06c99b 744 ;;
745 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
665a873d 746 ;;
747 esac
3c0ef626 748 ;;
749*-*-sysv*)
3c0ef626 750 ;;
996d5e62 751# SCO UNIX and OEM versions of SCO UNIX
3c0ef626 752*-*-sco3.2v4*)
996d5e62 753 AC_MSG_ERROR("This Platform is no longer supported.")
3c0ef626 754 ;;
996d5e62 755# SCO OpenServer 5.x
3c0ef626 756*-*-sco3.2v5*)
6a9b3198 757 if test -z "$GCC"; then
758 CFLAGS="$CFLAGS -belf"
759 fi
3c0ef626 760 LIBS="$LIBS -lprot -lx -ltinfo -lm"
761 no_dev_ptmx=1
3c0ef626 762 AC_DEFINE(USE_PIPES)
700318f3 763 AC_DEFINE(HAVE_SECUREWARE)
3c0ef626 764 AC_DEFINE(DISABLE_SHADOW)
41b2f314 765 AC_DEFINE(DISABLE_FD_PASSING)
0fff78ff 766 AC_DEFINE(SETEUID_BREAKS_SETUID)
767 AC_DEFINE(BROKEN_SETREUID)
768 AC_DEFINE(BROKEN_SETREGID)
769 AC_DEFINE(WITH_ABBREV_NO_TTY)
c9f39d2c 770 AC_DEFINE(BROKEN_UPDWTMPX)
2c06c99b 771 AC_DEFINE(PASSWD_NEEDS_USERNAME)
3c0ef626 772 AC_CHECK_FUNCS(getluid setluid)
773 MANTYPE=man
c9f39d2c 774 TEST_SHELL=ksh
3c0ef626 775 ;;
41b2f314 776*-*-unicosmk*)
2c06c99b 777 AC_DEFINE(NO_SSH_LASTLOG, 1,
778 [Define if you don't want to use lastlog in session.c])
cdd66111 779 AC_DEFINE(SETEUID_BREAKS_SETUID)
780 AC_DEFINE(BROKEN_SETREUID)
781 AC_DEFINE(BROKEN_SETREGID)
41b2f314 782 AC_DEFINE(USE_PIPES)
783 AC_DEFINE(DISABLE_FD_PASSING)
784 LDFLAGS="$LDFLAGS"
785 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
786 MANTYPE=cat
787 ;;
0fff78ff 788*-*-unicosmp*)
cdd66111 789 AC_DEFINE(SETEUID_BREAKS_SETUID)
790 AC_DEFINE(BROKEN_SETREUID)
791 AC_DEFINE(BROKEN_SETREGID)
0fff78ff 792 AC_DEFINE(WITH_ABBREV_NO_TTY)
793 AC_DEFINE(USE_PIPES)
794 AC_DEFINE(DISABLE_FD_PASSING)
795 LDFLAGS="$LDFLAGS"
cdd66111 796 LIBS="$LIBS -lgen -lacid -ldb"
0fff78ff 797 MANTYPE=cat
798 ;;
3c0ef626 799*-*-unicos*)
cdd66111 800 AC_DEFINE(SETEUID_BREAKS_SETUID)
801 AC_DEFINE(BROKEN_SETREUID)
802 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 803 AC_DEFINE(USE_PIPES)
41b2f314 804 AC_DEFINE(DISABLE_FD_PASSING)
805 AC_DEFINE(NO_SSH_LASTLOG)
806 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
807 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
808 MANTYPE=cat
3c0ef626 809 ;;
810*-dec-osf*)
811 AC_MSG_CHECKING(for Digital Unix SIA)
812 no_osfsia=""
813 AC_ARG_WITH(osfsia,
814 [ --with-osfsia Enable Digital Unix SIA],
815 [
816 if test "x$withval" = "xno" ; then
817 AC_MSG_RESULT(disabled)
818 no_osfsia=1
819 fi
820 ],
821 )
822 if test -z "$no_osfsia" ; then
823 if test -f /etc/sia/matrix.conf; then
824 AC_MSG_RESULT(yes)
2c06c99b 825 AC_DEFINE(HAVE_OSF_SIA, 1,
826 [Define if you have Digital Unix Security
827 Integration Architecture])
828 AC_DEFINE(DISABLE_LOGIN, 1,
829 [Define if you don't want to use your
830 system's login() call])
6a9b3198 831 AC_DEFINE(DISABLE_FD_PASSING)
3c0ef626 832 LIBS="$LIBS -lsecurity -ldb -lm -laud"
9108f8d9 833 SIA_MSG="yes"
3c0ef626 834 else
835 AC_MSG_RESULT(no)
2c06c99b 836 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
837 [String used in /etc/passwd to denote locked account])
3c0ef626 838 fi
839 fi
0fff78ff 840 AC_DEFINE(BROKEN_GETADDRINFO)
acc3d05e 841 AC_DEFINE(SETEUID_BREAKS_SETUID)
842 AC_DEFINE(BROKEN_SETREUID)
843 AC_DEFINE(BROKEN_SETREGID)
22616013 844 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
3c0ef626 845 ;;
846
f2f068fa 847*-*-nto-qnx*)
3c0ef626 848 AC_DEFINE(USE_PIPES)
849 AC_DEFINE(NO_X11_UNIX_SOCKETS)
2c06c99b 850 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
851 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
852 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
f2f068fa 853 AC_DEFINE(DISABLE_LASTLOG)
9108f8d9 854 AC_DEFINE(SSHD_ACQUIRES_CTTY)
47686178 855 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
9108f8d9 856 enable_etc_default_login=no # has incompatible /etc/default/login
d4487008 857 case "$host" in
858 *-*-nto-qnx6*)
859 AC_DEFINE(DISABLE_FD_PASSING)
860 ;;
861 esac
3c0ef626 862 ;;
665a873d 863
864*-*-ultrix*)
2c06c99b 865 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
866 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
f2f068fa 867 AC_DEFINE(NEED_SETPGRP)
665a873d 868 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
869 ;;
870
871*-*-lynxos)
872 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
2c06c99b 873 AC_DEFINE(MISSING_HOWMANY)
665a873d 874 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
875 ;;
3c0ef626 876esac
877
0fff78ff 878AC_MSG_CHECKING(compiler and flags for sanity)
996d5e62 879AC_RUN_IFELSE(
880 [AC_LANG_SOURCE([
0fff78ff 881#include <stdio.h>
882int main(){exit(0);}
996d5e62 883 ])],
0fff78ff 884 [ AC_MSG_RESULT(yes) ],
885 [
886 AC_MSG_RESULT(no)
887 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
996d5e62 888 ],
889 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
0fff78ff 890)
891
665a873d 892dnl Checks for header files.
3c0ef626 893# Checks for libraries.
894AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
895AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
896
0fff78ff 897dnl IRIX and Solaris 2.5.1 have dirname() in libgen
898AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
899 AC_CHECK_LIB(gen, dirname,[
900 AC_CACHE_CHECK([for broken dirname],
901 ac_cv_have_broken_dirname, [
902 save_LIBS="$LIBS"
903 LIBS="$LIBS -lgen"
2c06c99b 904 AC_RUN_IFELSE(
905 [AC_LANG_SOURCE([[
0fff78ff 906#include <libgen.h>
907#include <string.h>
908
909int main(int argc, char **argv) {
910 char *s, buf[32];
911
912 strncpy(buf,"/etc", 32);
913 s = dirname(buf);
914 if (!s || strncmp(s, "/", 32) != 0) {
915 exit(1);
916 } else {
917 exit(0);
918 }
919}
2c06c99b 920 ]])],
921 [ ac_cv_have_broken_dirname="no" ],
922 [ ac_cv_have_broken_dirname="yes" ],
0fff78ff 923 [ ac_cv_have_broken_dirname="no" ],
0fff78ff 924 )
925 LIBS="$save_LIBS"
926 ])
927 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
928 LIBS="$LIBS -lgen"
929 AC_DEFINE(HAVE_DIRNAME)
930 AC_CHECK_HEADERS(libgen.h)
931 fi
932 ])
933])
934
3c0ef626 935AC_CHECK_FUNC(getspnam, ,
936 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
2c06c99b 937AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
938 [Define if you have the basename function.]))
3c0ef626 939
940dnl zlib is required
941AC_ARG_WITH(zlib,
942 [ --with-zlib=PATH Use zlib in PATH],
dec6d9fe 943 [ if test "x$withval" = "xno" ; then
944 AC_MSG_ERROR([*** zlib is required ***])
945 elif test "x$withval" != "xyes"; then
3c0ef626 946 if test -d "$withval/lib"; then
947 if test -n "${need_dash_r}"; then
948 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
949 else
950 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
951 fi
952 else
953 if test -n "${need_dash_r}"; then
954 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
955 else
956 LDFLAGS="-L${withval} ${LDFLAGS}"
957 fi
958 fi
959 if test -d "$withval/include"; then
960 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
961 else
962 CPPFLAGS="-I${withval} ${CPPFLAGS}"
963 fi
dec6d9fe 964 fi ]
3c0ef626 965)
966
cdd66111 967AC_CHECK_LIB(z, deflate, ,
968 [
969 saved_CPPFLAGS="$CPPFLAGS"
970 saved_LDFLAGS="$LDFLAGS"
971 save_LIBS="$LIBS"
972 dnl Check default zlib install dir
973 if test -n "${need_dash_r}"; then
974 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
975 else
976 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
977 fi
978 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
979 LIBS="$LIBS -lz"
980 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
981 [
982 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
983 ]
984 )
985 ]
986)
987AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
988
989AC_ARG_WITH(zlib-version-check,
990 [ --without-zlib-version-check Disable zlib version check],
991 [ if test "x$withval" = "xno" ; then
992 zlib_check_nonfatal=1
993 fi
994 ]
995)
996
dec6d9fe 997AC_MSG_CHECKING(for possibly buggy zlib)
996d5e62 998AC_RUN_IFELSE([AC_LANG_SOURCE([[
dec6d9fe 999#include <stdio.h>
cdd66111 1000#include <zlib.h>
1001int main()
1002{
dec6d9fe 1003 int a=0, b=0, c=0, d=0, n, v;
1004 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1005 if (n != 3 && n != 4)
cdd66111 1006 exit(1);
dec6d9fe 1007 v = a*1000000 + b*10000 + c*100 + d;
1008 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1009
1010 /* 1.1.4 is OK */
1011 if (a == 1 && b == 1 && c >= 4)
cdd66111 1012 exit(0);
dec6d9fe 1013
665a873d 1014 /* 1.2.3 and up are OK */
1015 if (v >= 1020300)
dec6d9fe 1016 exit(0);
1017
cdd66111 1018 exit(2);
1019}
996d5e62 1020 ]])],
dec6d9fe 1021 AC_MSG_RESULT(no),
1022 [ AC_MSG_RESULT(yes)
cdd66111 1023 if test -z "$zlib_check_nonfatal" ; then
1024 AC_MSG_ERROR([*** zlib too old - check config.log ***
1025Your reported zlib version has known security problems. It's possible your
1026vendor has fixed these problems without changing the version number. If you
1027are sure this is the case, you can disable the check by running
1028"./configure --without-zlib-version-check".
665a873d 1029If you are in doubt, upgrade zlib to version 1.2.3 or greater.
dec6d9fe 1030See http://www.gzip.org/zlib/ for details.])
cdd66111 1031 else
1032 AC_MSG_WARN([zlib version may have security problems])
1033 fi
996d5e62 1034 ],
1035 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
cdd66111 1036)
3c0ef626 1037
3c0ef626 1038dnl UnixWare 2.x
cdd66111 1039AC_CHECK_FUNC(strcasecmp,
3c0ef626 1040 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1041)
2c06c99b 1042AC_CHECK_FUNCS(utimes,
41b2f314 1043 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1044 LIBS="$LIBS -lc89"]) ]
3c0ef626 1045)
1046
1047dnl Checks for libutil functions
1048AC_CHECK_HEADERS(libutil.h)
2c06c99b 1049AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1050 [Define if your libraries define login()])])
22616013 1051AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
3c0ef626 1052
1053AC_FUNC_STRFTIME
1054
3c0ef626 1055# Check for ALTDIRFUNC glob() extension
1056AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1057AC_EGREP_CPP(FOUNDIT,
1058 [
1059 #include <glob.h>
1060 #ifdef GLOB_ALTDIRFUNC
1061 FOUNDIT
1062 #endif
cdd66111 1063 ],
3c0ef626 1064 [
2c06c99b 1065 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1066 [Define if your system glob() function has
1067 the GLOB_ALTDIRFUNC extension])
3c0ef626 1068 AC_MSG_RESULT(yes)
1069 ],
1070 [
1071 AC_MSG_RESULT(no)
1072 ]
1073)
1074
1075# Check for g.gl_matchc glob() extension
1076AC_MSG_CHECKING(for gl_matchc field in glob_t)
9108f8d9 1077AC_TRY_COMPILE(
1078 [ #include <glob.h> ],
1079 [glob_t g; g.gl_matchc = 1;],
cdd66111 1080 [
2c06c99b 1081 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1082 [Define if your system glob() function has
1083 gl_matchc options in glob_t])
cdd66111 1084 AC_MSG_RESULT(yes)
1085 ],
1086 [
1087 AC_MSG_RESULT(no)
1088 ]
3c0ef626 1089)
1090
9108f8d9 1091AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1092
3c0ef626 1093AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
996d5e62 1094AC_RUN_IFELSE(
1095 [AC_LANG_SOURCE([[
3c0ef626 1096#include <sys/types.h>
1097#include <dirent.h>
41b2f314 1098int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
996d5e62 1099 ]])],
cdd66111 1100 [AC_MSG_RESULT(yes)],
3c0ef626 1101 [
1102 AC_MSG_RESULT(no)
2c06c99b 1103 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1104 [Define if your struct dirent expects you to
1105 allocate extra space for d_name])
996d5e62 1106 ],
dec6d9fe 1107 [
996d5e62 1108 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1109 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
3c0ef626 1110 ]
1111)
1112
c9f39d2c 1113AC_MSG_CHECKING([for /proc/pid/fd directory])
1114if test -d "/proc/$$/fd" ; then
2c06c99b 1115 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
c9f39d2c 1116 AC_MSG_RESULT(yes)
1117else
1118 AC_MSG_RESULT(no)
1119fi
1120
3c0ef626 1121# Check whether user wants S/Key support
cdd66111 1122SKEY_MSG="no"
3c0ef626 1123AC_ARG_WITH(skey,
996d5e62 1124 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
3c0ef626 1125 [
1126 if test "x$withval" != "xno" ; then
1127
1128 if test "x$withval" != "xyes" ; then
1129 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1130 LDFLAGS="$LDFLAGS -L${withval}/lib"
1131 fi
1132
2c06c99b 1133 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
3c0ef626 1134 LIBS="-lskey $LIBS"
cdd66111 1135 SKEY_MSG="yes"
dec6d9fe 1136
e9a17296 1137 AC_MSG_CHECKING([for s/key support])
2c06c99b 1138 AC_LINK_IFELSE(
1139 [AC_LANG_SOURCE([[
e9a17296 1140#include <stdio.h>
1141#include <skey.h>
41b2f314 1142int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
2c06c99b 1143 ]])],
e9a17296 1144 [AC_MSG_RESULT(yes)],
3c0ef626 1145 [
e9a17296 1146 AC_MSG_RESULT(no)
3c0ef626 1147 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1148 ])
99be0775 1149 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1150 AC_TRY_COMPILE(
1151 [#include <stdio.h>
1152 #include <skey.h>],
1153 [(void)skeychallenge(NULL,"name","",0);],
1154 [AC_MSG_RESULT(yes)
2c06c99b 1155 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1156 [Define if your skeychallenge()
1157 function takes 4 arguments (NetBSD)])],
99be0775 1158 [AC_MSG_RESULT(no)]
1159 )
3c0ef626 1160 fi
1161 ]
1162)
1163
1164# Check whether user wants TCP wrappers support
1165TCPW_MSG="no"
1166AC_ARG_WITH(tcp-wrappers,
996d5e62 1167 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
3c0ef626 1168 [
1169 if test "x$withval" != "xno" ; then
1170 saved_LIBS="$LIBS"
1171 saved_LDFLAGS="$LDFLAGS"
1172 saved_CPPFLAGS="$CPPFLAGS"
dec6d9fe 1173 if test -n "${withval}" && \
1174 test "x${withval}" != "xyes"; then
3c0ef626 1175 if test -d "${withval}/lib"; then
1176 if test -n "${need_dash_r}"; then
1177 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1178 else
1179 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1180 fi
1181 else
1182 if test -n "${need_dash_r}"; then
1183 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1184 else
1185 LDFLAGS="-L${withval} ${LDFLAGS}"
1186 fi
1187 fi
1188 if test -d "${withval}/include"; then
1189 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1190 else
1191 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1192 fi
1193 fi
d4487008 1194 LIBS="-lwrap $LIBS"
3c0ef626 1195 AC_MSG_CHECKING(for libwrap)
1196 AC_TRY_LINK(
1197 [
99be0775 1198#include <sys/types.h>
1199#include <sys/socket.h>
1200#include <netinet/in.h>
3c0ef626 1201#include <tcpd.h>
1202 int deny_severity = 0, allow_severity = 0;
1203 ],
1204 [hosts_access(0);],
1205 [
1206 AC_MSG_RESULT(yes)
2c06c99b 1207 AC_DEFINE(LIBWRAP, 1,
1208 [Define if you want
1209 TCP Wrappers support])
d4487008 1210 SSHDLIBS="$SSHDLIBS -lwrap"
3c0ef626 1211 TCPW_MSG="yes"
1212 ],
1213 [
1214 AC_MSG_ERROR([*** libwrap missing])
1215 ]
1216 )
e9a17296 1217 LIBS="$saved_LIBS"
3c0ef626 1218 fi
1219 ]
1220)
1221
996d5e62 1222# Check whether user wants libedit support
1223LIBEDIT_MSG="no"
1224AC_ARG_WITH(libedit,
1225 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1226 [ if test "x$withval" != "xno" ; then
dec6d9fe 1227 if test "x$withval" != "xyes"; then
2c06c99b 1228 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1229 if test -n "${need_dash_r}"; then
1230 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1231 else
1232 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1233 fi
dec6d9fe 1234 fi
996d5e62 1235 AC_CHECK_LIB(edit, el_init,
2c06c99b 1236 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
996d5e62 1237 LIBEDIT="-ledit -lcurses"
1238 LIBEDIT_MSG="yes"
1239 AC_SUBST(LIBEDIT)
1240 ],
dec6d9fe 1241 [ AC_MSG_ERROR(libedit not found) ],
1242 [ -lcurses ]
996d5e62 1243 )
665a873d 1244 AC_MSG_CHECKING(if libedit version is compatible)
1245 AC_COMPILE_IFELSE(
1246 [AC_LANG_SOURCE([[
1247#include <histedit.h>
1248int main(void)
1249{
1250 int i = H_SETSIZE;
1251 el_init("", NULL, NULL, NULL);
1252 exit(0);
1253}
1254 ]])],
1255 [ AC_MSG_RESULT(yes) ],
1256 [ AC_MSG_RESULT(no)
1257 AC_MSG_ERROR(libedit version is not compatible) ]
1258 )
996d5e62 1259 fi ]
1260)
1261
1262AUDIT_MODULE=none
1263AC_ARG_WITH(audit,
1264 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1265 [
1266 AC_MSG_CHECKING(for supported audit module)
1267 case "$withval" in
1268 bsm)
1269 AC_MSG_RESULT(bsm)
1270 AUDIT_MODULE=bsm
1271 dnl Checks for headers, libs and functions
1272 AC_CHECK_HEADERS(bsm/audit.h, [],
9108f8d9 1273 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1274 [
1275#ifdef HAVE_TIME_H
1276# include <time.h>
1277#endif
1278 ]
1279)
996d5e62 1280 AC_CHECK_LIB(bsm, getaudit, [],
1281 [AC_MSG_ERROR(BSM enabled and required library not found)])
1282 AC_CHECK_FUNCS(getaudit, [],
1283 [AC_MSG_ERROR(BSM enabled and required function not found)])
1284 # These are optional
47686178 1285 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
2c06c99b 1286 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
996d5e62 1287 ;;
1288 debug)
1289 AUDIT_MODULE=debug
1290 AC_MSG_RESULT(debug)
2c06c99b 1291 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
996d5e62 1292 ;;
665a873d 1293 no)
1294 AC_MSG_RESULT(no)
1295 ;;
996d5e62 1296 *)
1297 AC_MSG_ERROR([Unknown audit module $withval])
1298 ;;
1299 esac ]
1300)
1301
6a9b3198 1302dnl Checks for library functions. Please keep in alphabetical order
665a873d 1303AC_CHECK_FUNCS( \
1304 arc4random \
22616013 1305 arc4random_buf \
1306 arc4random_uniform \
2c06c99b 1307 asprintf \
665a873d 1308 b64_ntop \
1309 __b64_ntop \
1310 b64_pton \
1311 __b64_pton \
1312 bcopy \
1313 bindresvport_sa \
1314 clock \
1315 closefrom \
1316 dirfd \
1317 fchmod \
1318 fchown \
1319 freeaddrinfo \
22616013 1320 fstatvfs \
665a873d 1321 futimes \
1322 getaddrinfo \
1323 getcwd \
1324 getgrouplist \
1325 getnameinfo \
1326 getopt \
1327 getpeereid \
d4487008 1328 getpeerucred \
665a873d 1329 _getpty \
1330 getrlimit \
1331 getttyent \
1332 glob \
1333 inet_aton \
1334 inet_ntoa \
1335 inet_ntop \
1336 innetgr \
1337 login_getcapbool \
1338 md5_crypt \
1339 memmove \
1340 mkdtemp \
1341 mmap \
1342 ngetaddrinfo \
1343 nsleep \
1344 ogetaddrinfo \
1345 openlog_r \
1346 openpty \
d4487008 1347 poll \
665a873d 1348 prctl \
1349 pstat \
1350 readpassphrase \
1351 realpath \
1352 recvmsg \
1353 rresvport_af \
1354 sendmsg \
1355 setdtablesize \
1356 setegid \
1357 setenv \
1358 seteuid \
1359 setgroups \
1360 setlogin \
1361 setpcred \
1362 setproctitle \
1363 setregid \
1364 setreuid \
1365 setrlimit \
1366 setsid \
1367 setvbuf \
1368 sigaction \
1369 sigvec \
1370 snprintf \
1371 socketpair \
22616013 1372 statfs \
1373 statvfs \
665a873d 1374 strdup \
1375 strerror \
1376 strlcat \
1377 strlcpy \
1378 strmode \
1379 strnvis \
1380 strtonum \
1381 strtoll \
1382 strtoul \
d4487008 1383 swap32 \
665a873d 1384 sysconf \
1385 tcgetpgrp \
1386 truncate \
1387 unsetenv \
1388 updwtmpx \
2c06c99b 1389 vasprintf \
665a873d 1390 vhangup \
1391 vsnprintf \
1392 waitpid \
6a9b3198 1393)
1394
acc3d05e 1395# IRIX has a const char return value for gai_strerror()
1396AC_CHECK_FUNCS(gai_strerror,[
1397 AC_DEFINE(HAVE_GAI_STRERROR)
1398 AC_TRY_COMPILE([
1399#include <sys/types.h>
1400#include <sys/socket.h>
1401#include <netdb.h>
1402
1403const char *gai_strerror(int);],[
1404char *str;
1405
1406str = gai_strerror(0);],[
1407 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1408 [Define if gai_strerror() returns const char *])])])
1409
2c06c99b 1410AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1411 [Some systems put nanosleep outside of libc]))
6a9b3198 1412
0fff78ff 1413dnl Make sure prototypes are defined for these before using them.
0fff78ff 1414AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
665a873d 1415AC_CHECK_DECL(strsep,
1416 [AC_CHECK_FUNCS(strsep)],
1417 [],
1418 [
1419#ifdef HAVE_STRING_H
1420# include <string.h>
1421#endif
1422 ])
3c0ef626 1423
0fff78ff 1424dnl tcsendbreak might be a macro
1425AC_CHECK_DECL(tcsendbreak,
1426 [AC_DEFINE(HAVE_TCSENDBREAK)],
cdd66111 1427 [AC_CHECK_FUNCS(tcsendbreak)],
0fff78ff 1428 [#include <termios.h>]
1429)
3c0ef626 1430
c9f39d2c 1431AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1432
9108f8d9 1433AC_CHECK_DECLS(SHUT_RD, , ,
1434 [
1435#include <sys/types.h>
1436#include <sys/socket.h>
1437 ])
1438
1439AC_CHECK_DECLS(O_NONBLOCK, , ,
1440 [
1441#include <sys/types.h>
1442#ifdef HAVE_SYS_STAT_H
1443# include <sys/stat.h>
1444#endif
1445#ifdef HAVE_FCNTL_H
1446# include <fcntl.h>
1447#endif
1448 ])
1449
1450AC_CHECK_DECLS(writev, , , [
1451#include <sys/types.h>
1452#include <sys/uio.h>
1453#include <unistd.h>
1454 ])
1455
d4487008 1456AC_CHECK_DECLS(MAXSYMLINKS, , , [
1457#include <sys/param.h>
1458 ])
1459
1460AC_CHECK_DECLS(offsetof, , , [
1461#include <stddef.h>
1462 ])
1463
cdd66111 1464AC_CHECK_FUNCS(setresuid, [
1465 dnl Some platorms have setresuid that isn't implemented, test for this
1466 AC_MSG_CHECKING(if setresuid seems to work)
996d5e62 1467 AC_RUN_IFELSE(
1468 [AC_LANG_SOURCE([[
cdd66111 1469#include <stdlib.h>
1470#include <errno.h>
1471int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
996d5e62 1472 ]])],
cdd66111 1473 [AC_MSG_RESULT(yes)],
2c06c99b 1474 [AC_DEFINE(BROKEN_SETRESUID, 1,
1475 [Define if your setresuid() is broken])
996d5e62 1476 AC_MSG_RESULT(not implemented)],
1477 [AC_MSG_WARN([cross compiling: not checking setresuid])]
cdd66111 1478 )
1479])
1480
1481AC_CHECK_FUNCS(setresgid, [
1482 dnl Some platorms have setresgid that isn't implemented, test for this
1483 AC_MSG_CHECKING(if setresgid seems to work)
996d5e62 1484 AC_RUN_IFELSE(
1485 [AC_LANG_SOURCE([[
cdd66111 1486#include <stdlib.h>
1487#include <errno.h>
1488int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
996d5e62 1489 ]])],
cdd66111 1490 [AC_MSG_RESULT(yes)],
2c06c99b 1491 [AC_DEFINE(BROKEN_SETRESGID, 1,
1492 [Define if your setresgid() is broken])
996d5e62 1493 AC_MSG_RESULT(not implemented)],
1494 [AC_MSG_WARN([cross compiling: not checking setresuid])]
cdd66111 1495 )
1496])
1497
3c0ef626 1498dnl Checks for time functions
1499AC_CHECK_FUNCS(gettimeofday time)
1500dnl Checks for utmp functions
1501AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1502AC_CHECK_FUNCS(utmpname)
1503dnl Checks for utmpx functions
1504AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1505AC_CHECK_FUNCS(setutxent utmpxname)
1506
cdd66111 1507AC_CHECK_FUNC(daemon,
2c06c99b 1508 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1509 [AC_CHECK_LIB(bsd, daemon,
1510 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
3c0ef626 1511)
1512
cdd66111 1513AC_CHECK_FUNC(getpagesize,
2c06c99b 1514 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1515 [Define if your libraries define getpagesize()])],
1516 [AC_CHECK_LIB(ucb, getpagesize,
1517 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
3c0ef626 1518)
1519
1520# Check for broken snprintf
1521if test "x$ac_cv_func_snprintf" = "xyes" ; then
1522 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
996d5e62 1523 AC_RUN_IFELSE(
1524 [AC_LANG_SOURCE([[
3c0ef626 1525#include <stdio.h>
41b2f314 1526int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
996d5e62 1527 ]])],
cdd66111 1528 [AC_MSG_RESULT(yes)],
3c0ef626 1529 [
1530 AC_MSG_RESULT(no)
2c06c99b 1531 AC_DEFINE(BROKEN_SNPRINTF, 1,
1532 [Define if your snprintf is busted])
3c0ef626 1533 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
996d5e62 1534 ],
1535 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
3c0ef626 1536 )
1537fi
1538
2c06c99b 1539# If we don't have a working asprintf, then we strongly depend on vsnprintf
1540# returning the right thing on overflow: the number of characters it tried to
1541# create (as per SUSv3)
1542if test "x$ac_cv_func_asprintf" != "xyes" && \
1543 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1544 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1545 AC_RUN_IFELSE(
1546 [AC_LANG_SOURCE([[
1547#include <sys/types.h>
1548#include <stdio.h>
1549#include <stdarg.h>
1550
1551int x_snprintf(char *str,size_t count,const char *fmt,...)
1552{
1553 size_t ret; va_list ap;
1554 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1555 return ret;
1556}
1557int main(void)
1558{
1559 char x[1];
1560 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1561} ]])],
1562 [AC_MSG_RESULT(yes)],
1563 [
1564 AC_MSG_RESULT(no)
1565 AC_DEFINE(BROKEN_SNPRINTF, 1,
1566 [Define if your snprintf is busted])
1567 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1568 ],
1569 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1570 )
1571fi
1572
1573# On systems where [v]snprintf is broken, but is declared in stdio,
1574# check that the fmt argument is const char * or just char *.
1575# This is only useful for when BROKEN_SNPRINTF
1576AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1577AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1578 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1579 int main(void) { snprintf(0, 0, 0); }
1580 ]])],
1581 [AC_MSG_RESULT(yes)
1582 AC_DEFINE(SNPRINTF_CONST, [const],
1583 [Define as const if snprintf() can declare const char *fmt])],
1584 [AC_MSG_RESULT(no)
1585 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1586
c9f39d2c 1587# Check for missing getpeereid (or equiv) support
1588NO_PEERCHECK=""
d4487008 1589if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
c9f39d2c 1590 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1591 AC_TRY_COMPILE(
1592 [#include <sys/types.h>
1593 #include <sys/socket.h>],
1594 [int i = SO_PEERCRED;],
dec6d9fe 1595 [ AC_MSG_RESULT(yes)
2c06c99b 1596 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
dec6d9fe 1597 ],
c9f39d2c 1598 [AC_MSG_RESULT(no)
1599 NO_PEERCHECK=1]
1600 )
1601fi
1602
6a9b3198 1603dnl see whether mkstemp() requires XXXXXX
1604if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1605AC_MSG_CHECKING([for (overly) strict mkstemp])
2c06c99b 1606AC_RUN_IFELSE(
1607 [AC_LANG_SOURCE([[
6a9b3198 1608#include <stdlib.h>
1609main() { char template[]="conftest.mkstemp-test";
1610if (mkstemp(template) == -1)
1611 exit(1);
1612unlink(template); exit(0);
1613}
2c06c99b 1614 ]])],
6a9b3198 1615 [
1616 AC_MSG_RESULT(no)
1617 ],
cdd66111 1618 [
6a9b3198 1619 AC_MSG_RESULT(yes)
2c06c99b 1620 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
6a9b3198 1621 ],
1622 [
1623 AC_MSG_RESULT(yes)
1624 AC_DEFINE(HAVE_STRICT_MKSTEMP)
cdd66111 1625 ]
6a9b3198 1626)
1627fi
1628
0fff78ff 1629dnl make sure that openpty does not reacquire controlling terminal
1630if test ! -z "$check_for_openpty_ctty_bug"; then
1631 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
2c06c99b 1632 AC_RUN_IFELSE(
1633 [AC_LANG_SOURCE([[
0fff78ff 1634#include <stdio.h>
1635#include <sys/fcntl.h>
1636#include <sys/types.h>
1637#include <sys/wait.h>
1638
1639int
1640main()
1641{
1642 pid_t pid;
1643 int fd, ptyfd, ttyfd, status;
1644
1645 pid = fork();
1646 if (pid < 0) { /* failed */
1647 exit(1);
1648 } else if (pid > 0) { /* parent */
1649 waitpid(pid, &status, 0);
cdd66111 1650 if (WIFEXITED(status))
0fff78ff 1651 exit(WEXITSTATUS(status));
1652 else
1653 exit(2);
1654 } else { /* child */
1655 close(0); close(1); close(2);
1656 setsid();
1657 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1658 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1659 if (fd >= 0)
1660 exit(3); /* Acquired ctty: broken */
1661 else
1662 exit(0); /* Did not acquire ctty: OK */
1663 }
1664}
2c06c99b 1665 ]])],
0fff78ff 1666 [
1667 AC_MSG_RESULT(yes)
1668 ],
1669 [
1670 AC_MSG_RESULT(no)
1671 AC_DEFINE(SSHD_ACQUIRES_CTTY)
2c06c99b 1672 ],
1673 [
1674 AC_MSG_RESULT(cross-compiling, assuming yes)
0fff78ff 1675 ]
1676 )
1677fi
1678
dec6d9fe 1679if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1680 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
99be0775 1681 AC_MSG_CHECKING(if getaddrinfo seems to work)
2c06c99b 1682 AC_RUN_IFELSE(
1683 [AC_LANG_SOURCE([[
99be0775 1684#include <stdio.h>
1685#include <sys/socket.h>
1686#include <netdb.h>
1687#include <errno.h>
1688#include <netinet/in.h>
1689
1690#define TEST_PORT "2222"
1691
1692int
1693main(void)
1694{
1695 int err, sock;
1696 struct addrinfo *gai_ai, *ai, hints;
1697 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1698
1699 memset(&hints, 0, sizeof(hints));
1700 hints.ai_family = PF_UNSPEC;
1701 hints.ai_socktype = SOCK_STREAM;
1702 hints.ai_flags = AI_PASSIVE;
1703
1704 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1705 if (err != 0) {
1706 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1707 exit(1);
1708 }
1709
1710 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1711 if (ai->ai_family != AF_INET6)
1712 continue;
1713
1714 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1715 sizeof(ntop), strport, sizeof(strport),
1716 NI_NUMERICHOST|NI_NUMERICSERV);
1717
1718 if (err != 0) {
1719 if (err == EAI_SYSTEM)
1720 perror("getnameinfo EAI_SYSTEM");
1721 else
1722 fprintf(stderr, "getnameinfo failed: %s\n",
1723 gai_strerror(err));
1724 exit(2);
1725 }
1726
1727 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1728 if (sock < 0)
1729 perror("socket");
1730 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1731 if (errno == EBADF)
1732 exit(3);
1733 }
1734 }
1735 exit(0);
1736}
2c06c99b 1737 ]])],
99be0775 1738 [
1739 AC_MSG_RESULT(yes)
1740 ],
1741 [
1742 AC_MSG_RESULT(no)
1743 AC_DEFINE(BROKEN_GETADDRINFO)
2c06c99b 1744 ],
1745 [
1746 AC_MSG_RESULT(cross-compiling, assuming yes)
99be0775 1747 ]
1748 )
1749fi
1750
dec6d9fe 1751if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1752 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
996d5e62 1753 AC_MSG_CHECKING(if getaddrinfo seems to work)
2c06c99b 1754 AC_RUN_IFELSE(
1755 [AC_LANG_SOURCE([[
996d5e62 1756#include <stdio.h>
1757#include <sys/socket.h>
1758#include <netdb.h>
1759#include <errno.h>
1760#include <netinet/in.h>
1761
1762#define TEST_PORT "2222"
1763
1764int
1765main(void)
1766{
1767 int err, sock;
1768 struct addrinfo *gai_ai, *ai, hints;
1769 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1770
1771 memset(&hints, 0, sizeof(hints));
1772 hints.ai_family = PF_UNSPEC;
1773 hints.ai_socktype = SOCK_STREAM;
1774 hints.ai_flags = AI_PASSIVE;
1775
1776 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1777 if (err != 0) {
1778 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1779 exit(1);
1780 }
1781
1782 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1783 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1784 continue;
1785
1786 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1787 sizeof(ntop), strport, sizeof(strport),
1788 NI_NUMERICHOST|NI_NUMERICSERV);
1789
1790 if (ai->ai_family == AF_INET && err != 0) {
1791 perror("getnameinfo");
1792 exit(2);
1793 }
1794 }
1795 exit(0);
1796}
2c06c99b 1797 ]])],
996d5e62 1798 [
1799 AC_MSG_RESULT(yes)
2c06c99b 1800 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1801 [Define if you have a getaddrinfo that fails
1802 for the all-zeros IPv6 address])
996d5e62 1803 ],
1804 [
1805 AC_MSG_RESULT(no)
1806 AC_DEFINE(BROKEN_GETADDRINFO)
2c06c99b 1807 ],
9108f8d9 1808 [
2c06c99b 1809 AC_MSG_RESULT(cross-compiling, assuming no)
996d5e62 1810 ]
1811 )
1812fi
1813
1814if test "x$check_for_conflicting_getspnam" = "x1"; then
1815 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1816 AC_COMPILE_IFELSE(
1817 [
1818#include <shadow.h>
1819int main(void) {exit(0);}
1820 ],
1821 [
1822 AC_MSG_RESULT(no)
1823 ],
1824 [
1825 AC_MSG_RESULT(yes)
1826 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1827 [Conflicting defs for getspnam])
1828 ]
1829 )
1830fi
1831
3c0ef626 1832AC_FUNC_GETPGRP
1833
700318f3 1834# Search for OpenSSL
1835saved_CPPFLAGS="$CPPFLAGS"
1836saved_LDFLAGS="$LDFLAGS"
3c0ef626 1837AC_ARG_WITH(ssl-dir,
1838 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1839 [
1840 if test "x$withval" != "xno" ; then
996d5e62 1841 case "$withval" in
1842 # Relative paths
1843 ./*|../*) withval="`pwd`/$withval"
1844 esac
700318f3 1845 if test -d "$withval/lib"; then
1846 if test -n "${need_dash_r}"; then
1847 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1848 else
1849 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
3c0ef626 1850 fi
1851 else
700318f3 1852 if test -n "${need_dash_r}"; then
1853 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1854 else
1855 LDFLAGS="-L${withval} ${LDFLAGS}"
3c0ef626 1856 fi
1857 fi
700318f3 1858 if test -d "$withval/include"; then
1859 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
3c0ef626 1860 else
700318f3 1861 CPPFLAGS="-I${withval} ${CPPFLAGS}"
3c0ef626 1862 fi
1863 fi
700318f3 1864 ]
1865)
cdd66111 1866LIBS="-lcrypto $LIBS"
2c06c99b 1867AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1868 [Define if your ssl headers are included
1869 with #include <openssl/header.h>]),
3c0ef626 1870 [
700318f3 1871 dnl Check default openssl install dir
1872 if test -n "${need_dash_r}"; then
1873 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
3c0ef626 1874 else
700318f3 1875 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
3c0ef626 1876 fi
700318f3 1877 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1878 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1879 [
1880 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1881 ]
1882 )
1883 ]
1884)
1885
41b2f314 1886# Determine OpenSSL header version
1887AC_MSG_CHECKING([OpenSSL header version])
996d5e62 1888AC_RUN_IFELSE(
1889 [AC_LANG_SOURCE([[
41b2f314 1890#include <stdio.h>
1891#include <string.h>
1892#include <openssl/opensslv.h>
1893#define DATA "conftest.sslincver"
1894int main(void) {
cdd66111 1895 FILE *fd;
1896 int rc;
41b2f314 1897
cdd66111 1898 fd = fopen(DATA,"w");
1899 if(fd == NULL)
1900 exit(1);
41b2f314 1901
1902 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1903 exit(1);
1904
1905 exit(0);
1906}
996d5e62 1907 ]])],
41b2f314 1908 [
1909 ssl_header_ver=`cat conftest.sslincver`
1910 AC_MSG_RESULT($ssl_header_ver)
1911 ],
1912 [
1913 AC_MSG_RESULT(not found)
1914 AC_MSG_ERROR(OpenSSL version header not found.)
996d5e62 1915 ],
1916 [
1917 AC_MSG_WARN([cross compiling: not checking])
41b2f314 1918 ]
1919)
1920
1921# Determine OpenSSL library version
1922AC_MSG_CHECKING([OpenSSL library version])
996d5e62 1923AC_RUN_IFELSE(
1924 [AC_LANG_SOURCE([[
41b2f314 1925#include <stdio.h>
1926#include <string.h>
1927#include <openssl/opensslv.h>
1928#include <openssl/crypto.h>
1929#define DATA "conftest.ssllibver"
1930int main(void) {
cdd66111 1931 FILE *fd;
1932 int rc;
41b2f314 1933
cdd66111 1934 fd = fopen(DATA,"w");
1935 if(fd == NULL)
1936 exit(1);
41b2f314 1937
1938 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1939 exit(1);
1940
1941 exit(0);
1942}
996d5e62 1943 ]])],
41b2f314 1944 [
1945 ssl_library_ver=`cat conftest.ssllibver`
1946 AC_MSG_RESULT($ssl_library_ver)
1947 ],
1948 [
1949 AC_MSG_RESULT(not found)
1950 AC_MSG_ERROR(OpenSSL library not found.)
996d5e62 1951 ],
1952 [
1953 AC_MSG_WARN([cross compiling: not checking])
41b2f314 1954 ]
1955)
3c0ef626 1956
799ae497 1957AC_ARG_WITH(openssl-header-check,
1958 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1959 [ if test "x$withval" = "xno" ; then
1960 openssl_check_nonfatal=1
1961 fi
1962 ]
1963)
1964
e9a17296 1965# Sanity check OpenSSL headers
1966AC_MSG_CHECKING([whether OpenSSL's headers match the library])
996d5e62 1967AC_RUN_IFELSE(
1968 [AC_LANG_SOURCE([[
e9a17296 1969#include <string.h>
1970#include <openssl/opensslv.h>
41b2f314 1971int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
996d5e62 1972 ]])],
e9a17296 1973 [
1974 AC_MSG_RESULT(yes)
1975 ],
1976 [
1977 AC_MSG_RESULT(no)
799ae497 1978 if test "x$openssl_check_nonfatal" = "x"; then
1979 AC_MSG_ERROR([Your OpenSSL headers do not match your
1980library. Check config.log for details.
1981If you are sure your installation is consistent, you can disable the check
1982by running "./configure --without-openssl-header-check".
1983Also see contrib/findssl.sh for help identifying header/library mismatches.
1984])
1985 else
1986 AC_MSG_WARN([Your OpenSSL headers do not match your
1987library. Check config.log for details.
0fff78ff 1988Also see contrib/findssl.sh for help identifying header/library mismatches.])
799ae497 1989 fi
996d5e62 1990 ],
1991 [
1992 AC_MSG_WARN([cross compiling: not checking])
e9a17296 1993 ]
1994)
1995
9108f8d9 1996AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1997AC_LINK_IFELSE(
1998 [AC_LANG_SOURCE([[
1999#include <openssl/evp.h>
2000int main(void) { SSLeay_add_all_algorithms(); }
2001 ]])],
2002 [
2003 AC_MSG_RESULT(yes)
2004 ],
2005 [
2006 AC_MSG_RESULT(no)
2007 saved_LIBS="$LIBS"
2008 LIBS="$LIBS -ldl"
2009 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2010 AC_LINK_IFELSE(
2011 [AC_LANG_SOURCE([[
2012#include <openssl/evp.h>
2013int main(void) { SSLeay_add_all_algorithms(); }
2014 ]])],
2015 [
2016 AC_MSG_RESULT(yes)
2017 ],
2018 [
2019 AC_MSG_RESULT(no)
2020 LIBS="$saved_LIBS"
2021 ]
2022 )
2023 ]
2024)
2025
2026AC_ARG_WITH(ssl-engine,
2027 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2028 [ if test "x$withval" != "xno" ; then
2029 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2030 AC_TRY_COMPILE(
2031 [ #include <openssl/engine.h>],
2032 [
ff7ec503 2033ENGINE_load_builtin_engines();ENGINE_register_all_complete();
9108f8d9 2034 ],
2035 [ AC_MSG_RESULT(yes)
2036 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2037 [Enable OpenSSL engine support])
2038 ],
2039 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2040 )
2041 fi ]
2042)
2043
2c06c99b 2044# Check for OpenSSL without EVP_aes_{192,256}_cbc
2045AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
9108f8d9 2046AC_LINK_IFELSE(
2c06c99b 2047 [AC_LANG_SOURCE([[
2048#include <string.h>
2049#include <openssl/evp.h>
f2f068fa 2050int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2c06c99b 2051 ]])],
2052 [
2053 AC_MSG_RESULT(no)
2054 ],
2055 [
2056 AC_MSG_RESULT(yes)
2057 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2058 [libcrypto is missing AES 192 and 256 bit functions])
2059 ]
2060)
2061
cdd66111 2062# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2063# because the system crypt() is more featureful.
2064if test "x$check_for_libcrypt_before" = "x1"; then
2065 AC_CHECK_LIB(crypt, crypt)
2066fi
2067
2068# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2069# version in OpenSSL.
0fff78ff 2070if test "x$check_for_libcrypt_later" = "x1"; then
3c0ef626 2071 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2072fi
2073
9108f8d9 2074# Search for SHA256 support in libc and/or OpenSSL
2075AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2076
d4487008 2077saved_LIBS="$LIBS"
2078AC_CHECK_LIB(iaf, ia_openinfo, [
2079 LIBS="$LIBS -liaf"
47686178 2080 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2081 AC_DEFINE(HAVE_LIBIAF, 1,
2082 [Define if system has libiaf that supports set_id])
2083 ])
d4487008 2084])
2085LIBS="$saved_LIBS"
e9a17296 2086
2087### Configure cryptographic random number support
2088
2089# Check wheter OpenSSL seeds itself
2090AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
996d5e62 2091AC_RUN_IFELSE(
2092 [AC_LANG_SOURCE([[
e9a17296 2093#include <string.h>
2094#include <openssl/rand.h>
41b2f314 2095int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
996d5e62 2096 ]])],
e9a17296 2097 [
2098 OPENSSL_SEEDS_ITSELF=yes
2099 AC_MSG_RESULT(yes)
2100 ],
2101 [
2102 AC_MSG_RESULT(no)
2103 # Default to use of the rand helper if OpenSSL doesn't
2104 # seed itself
2105 USE_RAND_HELPER=yes
996d5e62 2106 ],
2107 [
2108 AC_MSG_WARN([cross compiling: assuming yes])
2109 # This is safe, since all recent OpenSSL versions will
dec6d9fe 2110 # complain at runtime if not seeded correctly.
996d5e62 2111 OPENSSL_SEEDS_ITSELF=yes
e9a17296 2112 ]
2113)
2114
9108f8d9 2115# Check for PAM libs
2116PAM_MSG="no"
2117AC_ARG_WITH(pam,
2118 [ --with-pam Enable PAM support ],
2119 [
2120 if test "x$withval" != "xno" ; then
2121 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2122 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2123 AC_MSG_ERROR([PAM headers not found])
2124 fi
2125
2126 saved_LIBS="$LIBS"
2127 AC_CHECK_LIB(dl, dlopen, , )
2128 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2129 AC_CHECK_FUNCS(pam_getenvlist)
2130 AC_CHECK_FUNCS(pam_putenv)
2131 LIBS="$saved_LIBS"
2132
2133 PAM_MSG="yes"
2134
d4487008 2135 SSHDLIBS="$SSHDLIBS -lpam"
9108f8d9 2136 AC_DEFINE(USE_PAM, 1,
2137 [Define if you want to enable PAM support])
2138
2139 if test $ac_cv_lib_dl_dlopen = yes; then
2140 case "$LIBS" in
2141 *-ldl*)
2142 # libdl already in LIBS
2143 ;;
2144 *)
d4487008 2145 SSHDLIBS="$SSHDLIBS -ldl"
9108f8d9 2146 ;;
2147 esac
2148 fi
9108f8d9 2149 fi
2150 ]
2151)
2152
2153# Check for older PAM
2154if test "x$PAM_MSG" = "xyes" ; then
2155 # Check PAM strerror arguments (old PAM)
2156 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2157 AC_TRY_COMPILE(
2158 [
2159#include <stdlib.h>
2160#if defined(HAVE_SECURITY_PAM_APPL_H)
2161#include <security/pam_appl.h>
2162#elif defined (HAVE_PAM_PAM_APPL_H)
2163#include <pam/pam_appl.h>
2164#endif
2165 ],
2166 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2167 [AC_MSG_RESULT(no)],
2168 [
2169 AC_DEFINE(HAVE_OLD_PAM, 1,
2170 [Define if you have an old version of PAM
2171 which takes only one argument to pam_strerror])
2172 AC_MSG_RESULT(yes)
2173 PAM_MSG="yes (old library)"
2174 ]
2175 )
2176fi
e9a17296 2177
2178# Do we want to force the use of the rand helper?
2179AC_ARG_WITH(rand-helper,
2180 [ --with-rand-helper Use subprocess to gather strong randomness ],
2181 [
2182 if test "x$withval" = "xno" ; then
cdd66111 2183 # Force use of OpenSSL's internal RNG, even if
e9a17296 2184 # the previous test showed it to be unseeded.
2185 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2186 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2187 OPENSSL_SEEDS_ITSELF=yes
2188 USE_RAND_HELPER=""
2189 fi
2190 else
2191 USE_RAND_HELPER=yes
2192 fi
2193 ],
dec6d9fe 2194)
e9a17296 2195
2196# Which randomness source do we use?
dec6d9fe 2197if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
e9a17296 2198 # OpenSSL only
2c06c99b 2199 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2200 [Define if you want OpenSSL's internally seeded PRNG only])
e9a17296 2201 RAND_MSG="OpenSSL internal ONLY"
2202 INSTALL_SSH_RAND_HELPER=""
2203elif test ! -z "$USE_RAND_HELPER" ; then
2204 # install rand helper
2205 RAND_MSG="ssh-rand-helper"
2206 INSTALL_SSH_RAND_HELPER="yes"
2207fi
2208AC_SUBST(INSTALL_SSH_RAND_HELPER)
2209
2210### Configuration of ssh-rand-helper
2211
2212# PRNGD TCP socket
2213AC_ARG_WITH(prngd-port,
2214 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2215 [
2216 case "$withval" in
2217 no)
2218 withval=""
2219 ;;
2220 [[0-9]]*)
2221 ;;
2222 *)
2223 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2224 ;;
2225 esac
2226 if test ! -z "$withval" ; then
2227 PRNGD_PORT="$withval"
2c06c99b 2228 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2229 [Port number of PRNGD/EGD random number socket])
e9a17296 2230 fi
2231 ]
2232)
2233
2234# PRNGD Unix domain socket
2235AC_ARG_WITH(prngd-socket,
2236 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2237 [
2238 case "$withval" in
2239 yes)
2240 withval="/var/run/egd-pool"
2241 ;;
2242 no)
2243 withval=""
2244 ;;
2245 /*)
2246 ;;
2247 *)
2248 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2249 ;;
2250 esac
2251
2252 if test ! -z "$withval" ; then
2253 if test ! -z "$PRNGD_PORT" ; then
2254 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2255 fi
2256 if test ! -r "$withval" ; then
2257 AC_MSG_WARN(Entropy socket is not readable)
2258 fi
2259 PRNGD_SOCKET="$withval"
2c06c99b 2260 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2261 [Location of PRNGD/EGD random number socket])
e9a17296 2262 fi
2263 ],
2264 [
2265 # Check for existing socket only if we don't have a random device already
2266 if test "$USE_RAND_HELPER" = yes ; then
2267 AC_MSG_CHECKING(for PRNGD/EGD socket)
2268 # Insert other locations here
2269 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2270 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2271 PRNGD_SOCKET="$sock"
2272 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2273 break;
2274 fi
2275 done
2276 if test ! -z "$PRNGD_SOCKET" ; then
2277 AC_MSG_RESULT($PRNGD_SOCKET)
2278 else
2279 AC_MSG_RESULT(not found)
2280 fi
2281 fi
2282 ]
2283)
2284
2285# Change default command timeout for hashing entropy source
2286entropy_timeout=200
2287AC_ARG_WITH(entropy-timeout,
2288 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2289 [
dec6d9fe 2290 if test -n "$withval" && test "x$withval" != "xno" && \
2291 test "x${withval}" != "xyes"; then
e9a17296 2292 entropy_timeout=$withval
2293 fi
dec6d9fe 2294 ]
e9a17296 2295)
2c06c99b 2296AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2297 [Builtin PRNG command timeout])
e9a17296 2298
680cee3b 2299SSH_PRIVSEP_USER=sshd
700318f3 2300AC_ARG_WITH(privsep-user,
2301 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2302 [
dec6d9fe 2303 if test -n "$withval" && test "x$withval" != "xno" && \
2304 test "x${withval}" != "xyes"; then
680cee3b 2305 SSH_PRIVSEP_USER=$withval
700318f3 2306 fi
dec6d9fe 2307 ]
700318f3 2308)
2c06c99b 2309AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2310 [non-privileged user for privilege separation])
680cee3b 2311AC_SUBST(SSH_PRIVSEP_USER)
700318f3 2312
2313# We do this little dance with the search path to insure
2314# that programs that we select for use by installed programs
2315# (which may be run by the super-user) come from trusted
2316# locations before they come from the user's private area.
2317# This should help avoid accidentally configuring some
2318# random version of a program in someone's personal bin.
2319
2320OPATH=$PATH
2321PATH=/bin:/usr/bin
2322test -h /bin 2> /dev/null && PATH=/usr/bin
2323test -d /sbin && PATH=$PATH:/sbin
2324test -d /usr/sbin && PATH=$PATH:/usr/sbin
2325PATH=$PATH:/etc:$OPATH
2326
cdd66111 2327# These programs are used by the command hashing source to gather entropy
e9a17296 2328OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2329OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2330OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2331OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2332OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2333OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2334OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2335OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2336OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2337OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2338OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2339OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2340OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2341OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2342OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2343OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
700318f3 2344# restore PATH
2345PATH=$OPATH
e9a17296 2346
2347# Where does ssh-rand-helper get its randomness from?
2348INSTALL_SSH_PRNG_CMDS=""
2349if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2350 if test ! -z "$PRNGD_PORT" ; then
2351 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2352 elif test ! -z "$PRNGD_SOCKET" ; then
2353 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2354 else
2355 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2356 RAND_HELPER_CMDHASH=yes
2357 INSTALL_SSH_PRNG_CMDS="yes"
2358 fi
2359fi
2360AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2361
2362
3c0ef626 2363# Cheap hack to ensure NEWS-OS libraries are arranged right.
2364if test ! -z "$SONY" ; then
2365 LIBS="$LIBS -liberty";
2366fi
2367
2c06c99b 2368# Check for long long datatypes
2369AC_CHECK_TYPES([long long, unsigned long long, long double])
2370
2371# Check datatype sizes
3c0ef626 2372AC_CHECK_SIZEOF(char, 1)
2373AC_CHECK_SIZEOF(short int, 2)
2374AC_CHECK_SIZEOF(int, 4)
2375AC_CHECK_SIZEOF(long int, 4)
2376AC_CHECK_SIZEOF(long long int, 8)
2377
700318f3 2378# Sanity check long long for some platforms (AIX)
2379if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2380 ac_cv_sizeof_long_long_int=0
2381fi
2382
2c06c99b 2383# compute LLONG_MIN and LLONG_MAX if we don't know them.
2384if test -z "$have_llong_max"; then
2385 AC_MSG_CHECKING([for max value of long long])
2386 AC_RUN_IFELSE(
2387 [AC_LANG_SOURCE([[
2388#include <stdio.h>
2389/* Why is this so damn hard? */
2390#ifdef __GNUC__
2391# undef __GNUC__
2392#endif
2393#define __USE_ISOC99
2394#include <limits.h>
2395#define DATA "conftest.llminmax"
9108f8d9 2396#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2397
2398/*
2399 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2400 * we do this the hard way.
2401 */
2402static int
2403fprint_ll(FILE *f, long long n)
2404{
2405 unsigned int i;
2406 int l[sizeof(long long) * 8];
2407
2408 if (n < 0)
2409 if (fprintf(f, "-") < 0)
2410 return -1;
2411 for (i = 0; n != 0; i++) {
2412 l[i] = my_abs(n % 10);
2413 n /= 10;
2414 }
2415 do {
2416 if (fprintf(f, "%d", l[--i]) < 0)
2417 return -1;
2418 } while (i != 0);
2419 if (fprintf(f, " ") < 0)
2420 return -1;
2421 return 0;
2422}
2423
2c06c99b 2424int main(void) {
2425 FILE *f;
2426 long long i, llmin, llmax = 0;
2427
2428 if((f = fopen(DATA,"w")) == NULL)
2429 exit(1);
2430
2431#if defined(LLONG_MIN) && defined(LLONG_MAX)
2432 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2433 llmin = LLONG_MIN;
2434 llmax = LLONG_MAX;
2435#else
2436 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2437 /* This will work on one's complement and two's complement */
2438 for (i = 1; i > llmax; i <<= 1, i++)
2439 llmax = i;
2440 llmin = llmax + 1LL; /* wrap */
2441#endif
2442
2443 /* Sanity check */
2444 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
9108f8d9 2445 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2446 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2c06c99b 2447 fprintf(f, "unknown unknown\n");
2448 exit(2);
2449 }
2450
9108f8d9 2451 if (fprint_ll(f, llmin) < 0)
2c06c99b 2452 exit(3);
9108f8d9 2453 if (fprint_ll(f, llmax) < 0)
2454 exit(4);
2455 if (fclose(f) < 0)
2456 exit(5);
2c06c99b 2457 exit(0);
2458}
2459 ]])],
2460 [
2461 llong_min=`$AWK '{print $1}' conftest.llminmax`
2462 llong_max=`$AWK '{print $2}' conftest.llminmax`
2463
2c06c99b 2464 AC_MSG_RESULT($llong_max)
2465 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2466 [max value of long long calculated by configure])
2467 AC_MSG_CHECKING([for min value of long long])
2468 AC_MSG_RESULT($llong_min)
2469 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2470 [min value of long long calculated by configure])
2471 ],
2472 [
2473 AC_MSG_RESULT(not found)
2474 ],
2475 [
2476 AC_MSG_WARN([cross compiling: not checking])
2477 ]
2478 )
2479fi
2480
2481
3c0ef626 2482# More checks for data types
2483AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2484 AC_TRY_COMPILE(
cdd66111 2485 [ #include <sys/types.h> ],
2486 [ u_int a; a = 1;],
3c0ef626 2487 [ ac_cv_have_u_int="yes" ],
2488 [ ac_cv_have_u_int="no" ]
2489 )
2490])
2491if test "x$ac_cv_have_u_int" = "xyes" ; then
2c06c99b 2492 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
3c0ef626 2493 have_u_int=1
2494fi
2495
2496AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2497 AC_TRY_COMPILE(
cdd66111 2498 [ #include <sys/types.h> ],
2499 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
3c0ef626 2500 [ ac_cv_have_intxx_t="yes" ],
2501 [ ac_cv_have_intxx_t="no" ]
2502 )
2503])
2504if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2c06c99b 2505 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
3c0ef626 2506 have_intxx_t=1
2507fi
2508
2509if (test -z "$have_intxx_t" && \
cdd66111 2510 test "x$ac_cv_header_stdint_h" = "xyes")
3c0ef626 2511then
2512 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2513 AC_TRY_COMPILE(
cdd66111 2514 [ #include <stdint.h> ],
2515 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
3c0ef626 2516 [
2517 AC_DEFINE(HAVE_INTXX_T)
2518 AC_MSG_RESULT(yes)
2519 ],
2520 [ AC_MSG_RESULT(no) ]
2521 )
2522fi
2523
2524AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2525 AC_TRY_COMPILE(
41b2f314 2526 [
2527#include <sys/types.h>
2528#ifdef HAVE_STDINT_H
2529# include <stdint.h>
2530#endif
2531#include <sys/socket.h>
2532#ifdef HAVE_SYS_BITYPES_H
2533# include <sys/bitypes.h>
2534#endif
cdd66111 2535 ],
2536 [ int64_t a; a = 1;],
3c0ef626 2537 [ ac_cv_have_int64_t="yes" ],
2538 [ ac_cv_have_int64_t="no" ]
2539 )
2540])
2541if test "x$ac_cv_have_int64_t" = "xyes" ; then
2c06c99b 2542 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
e9a17296 2543fi
2544
3c0ef626 2545AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2546 AC_TRY_COMPILE(
cdd66111 2547 [ #include <sys/types.h> ],
2548 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
3c0ef626 2549 [ ac_cv_have_u_intxx_t="yes" ],
2550 [ ac_cv_have_u_intxx_t="no" ]
2551 )
2552])
2553if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2c06c99b 2554 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
3c0ef626 2555 have_u_intxx_t=1
2556fi
2557
2558if test -z "$have_u_intxx_t" ; then
2559 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2560 AC_TRY_COMPILE(
cdd66111 2561 [ #include <sys/socket.h> ],
2562 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
3c0ef626 2563 [
2564 AC_DEFINE(HAVE_U_INTXX_T)
2565 AC_MSG_RESULT(yes)
2566 ],
2567 [ AC_MSG_RESULT(no) ]
2568 )
2569fi
2570
2571AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2572 AC_TRY_COMPILE(
cdd66111 2573 [ #include <sys/types.h> ],
2574 [ u_int64_t a; a = 1;],
3c0ef626 2575 [ ac_cv_have_u_int64_t="yes" ],
2576 [ ac_cv_have_u_int64_t="no" ]
2577 )
2578])
2579if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2c06c99b 2580 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
3c0ef626 2581 have_u_int64_t=1
2582fi
2583
e9a17296 2584if test -z "$have_u_int64_t" ; then
2585 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2586 AC_TRY_COMPILE(
cdd66111 2587 [ #include <sys/bitypes.h> ],
e9a17296 2588 [ u_int64_t a; a = 1],
2589 [
2590 AC_DEFINE(HAVE_U_INT64_T)
2591 AC_MSG_RESULT(yes)
2592 ],
2593 [ AC_MSG_RESULT(no) ]
2594 )
2595fi
2596
3c0ef626 2597if test -z "$have_u_intxx_t" ; then
2598 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2599 AC_TRY_COMPILE(
2600 [
2601#include <sys/types.h>
cdd66111 2602 ],
2603 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
3c0ef626 2604 [ ac_cv_have_uintxx_t="yes" ],
2605 [ ac_cv_have_uintxx_t="no" ]
2606 )
2607 ])
2608 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2c06c99b 2609 AC_DEFINE(HAVE_UINTXX_T, 1,
2610 [define if you have uintxx_t data type])
3c0ef626 2611 fi
2612fi
2613
2614if test -z "$have_uintxx_t" ; then
2615 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2616 AC_TRY_COMPILE(
cdd66111 2617 [ #include <stdint.h> ],
2618 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
3c0ef626 2619 [
2620 AC_DEFINE(HAVE_UINTXX_T)
2621 AC_MSG_RESULT(yes)
2622 ],
2623 [ AC_MSG_RESULT(no) ]
2624 )
2625fi
2626
2627if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
cdd66111 2628 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3c0ef626 2629then
2630 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2631 AC_TRY_COMPILE(
2632 [
2633#include <sys/bitypes.h>
cdd66111 2634 ],
3c0ef626 2635 [
2636 int8_t a; int16_t b; int32_t c;
2637 u_int8_t e; u_int16_t f; u_int32_t g;
2638 a = b = c = e = f = g = 1;
cdd66111 2639 ],
3c0ef626 2640 [
2641 AC_DEFINE(HAVE_U_INTXX_T)
2642 AC_DEFINE(HAVE_INTXX_T)
2643 AC_MSG_RESULT(yes)
2644 ],
2645 [AC_MSG_RESULT(no)]
cdd66111 2646 )
3c0ef626 2647fi
2648
2649
2650AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2651 AC_TRY_COMPILE(
2652 [
2653#include <sys/types.h>
2654 ],
2655 [ u_char foo; foo = 125; ],
2656 [ ac_cv_have_u_char="yes" ],
2657 [ ac_cv_have_u_char="no" ]
2658 )
2659])
2660if test "x$ac_cv_have_u_char" = "xyes" ; then
2c06c99b 2661 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
3c0ef626 2662fi
2663
2664TYPE_SOCKLEN_T
2665
e9a17296 2666AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
22616013 2667AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2668#include <sys/types.h>
2669#ifdef HAVE_SYS_BITYPES_H
2670#include <sys/bitypes.h>
2671#endif
2672#ifdef HAVE_SYS_STATFS_H
2673#include <sys/statfs.h>
2674#endif
2675#ifdef HAVE_SYS_STATVFS_H
2676#include <sys/statvfs.h>
2677#endif
2678])
e9a17296 2679
996d5e62 2680AC_CHECK_TYPES(in_addr_t,,,
2681[#include <sys/types.h>
2682#include <netinet/in.h>])
2683
3c0ef626 2684AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2685 AC_TRY_COMPILE(
2686 [
2687#include <sys/types.h>
2688 ],
2689 [ size_t foo; foo = 1235; ],
2690 [ ac_cv_have_size_t="yes" ],
2691 [ ac_cv_have_size_t="no" ]
2692 )
2693])
2694if test "x$ac_cv_have_size_t" = "xyes" ; then
2c06c99b 2695 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
3c0ef626 2696fi
2697
2698AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2699 AC_TRY_COMPILE(
2700 [
2701#include <sys/types.h>
2702 ],
2703 [ ssize_t foo; foo = 1235; ],
2704 [ ac_cv_have_ssize_t="yes" ],
2705 [ ac_cv_have_ssize_t="no" ]
2706 )
2707])
2708if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2c06c99b 2709 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
3c0ef626 2710fi
2711
2712AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2713 AC_TRY_COMPILE(
2714 [
2715#include <time.h>
2716 ],
2717 [ clock_t foo; foo = 1235; ],
2718 [ ac_cv_have_clock_t="yes" ],
2719 [ ac_cv_have_clock_t="no" ]
2720 )
2721])
2722if test "x$ac_cv_have_clock_t" = "xyes" ; then
2c06c99b 2723 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
3c0ef626 2724fi
2725
2726AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2727 AC_TRY_COMPILE(
2728 [
2729#include <sys/types.h>
2730#include <sys/socket.h>
2731 ],
2732 [ sa_family_t foo; foo = 1235; ],
2733 [ ac_cv_have_sa_family_t="yes" ],
2734 [ AC_TRY_COMPILE(
2735 [
2736#include <sys/types.h>
2737#include <sys/socket.h>
2738#include <netinet/in.h>
2739 ],
2740 [ sa_family_t foo; foo = 1235; ],
2741 [ ac_cv_have_sa_family_t="yes" ],
2742
2743 [ ac_cv_have_sa_family_t="no" ]
2744 )]
2745 )
2746])
2747if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2c06c99b 2748 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2749 [define if you have sa_family_t data type])
3c0ef626 2750fi
2751
2752AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2753 AC_TRY_COMPILE(
2754 [
2755#include <sys/types.h>
2756 ],
2757 [ pid_t foo; foo = 1235; ],
2758 [ ac_cv_have_pid_t="yes" ],
2759 [ ac_cv_have_pid_t="no" ]
2760 )
2761])
2762if test "x$ac_cv_have_pid_t" = "xyes" ; then
2c06c99b 2763 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
3c0ef626 2764fi
2765
2766AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2767 AC_TRY_COMPILE(
2768 [
2769#include <sys/types.h>
2770 ],
2771 [ mode_t foo; foo = 1235; ],
2772 [ ac_cv_have_mode_t="yes" ],
2773 [ ac_cv_have_mode_t="no" ]
2774 )
2775])
2776if test "x$ac_cv_have_mode_t" = "xyes" ; then
2c06c99b 2777 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
3c0ef626 2778fi
2779
2780
2781AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2782 AC_TRY_COMPILE(
2783 [
2784#include <sys/types.h>
2785#include <sys/socket.h>
2786 ],
2787 [ struct sockaddr_storage s; ],
2788 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2789 [ ac_cv_have_struct_sockaddr_storage="no" ]
2790 )
2791])
2792if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2c06c99b 2793 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2794 [define if you have struct sockaddr_storage data type])
3c0ef626 2795fi
2796
2797AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2798 AC_TRY_COMPILE(
2799 [
2800#include <sys/types.h>
2801#include <netinet/in.h>
2802 ],
2803 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2804 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2805 [ ac_cv_have_struct_sockaddr_in6="no" ]
2806 )
2807])
2808if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2c06c99b 2809 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2810 [define if you have struct sockaddr_in6 data type])
3c0ef626 2811fi
2812
2813AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2814 AC_TRY_COMPILE(
2815 [
2816#include <sys/types.h>
2817#include <netinet/in.h>
2818 ],
2819 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2820 [ ac_cv_have_struct_in6_addr="yes" ],
2821 [ ac_cv_have_struct_in6_addr="no" ]
2822 )
2823])
2824if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2c06c99b 2825 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2826 [define if you have struct in6_addr data type])
3c0ef626 2827fi
2828
2829AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2830 AC_TRY_COMPILE(
2831 [
2832#include <sys/types.h>
2833#include <sys/socket.h>
2834#include <netdb.h>
2835 ],
2836 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2837 [ ac_cv_have_struct_addrinfo="yes" ],
2838 [ ac_cv_have_struct_addrinfo="no" ]
2839 )
2840])
2841if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2c06c99b 2842 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2843 [define if you have struct addrinfo data type])
3c0ef626 2844fi
2845
2846AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2847 AC_TRY_COMPILE(
cdd66111 2848 [ #include <sys/time.h> ],
2849 [ struct timeval tv; tv.tv_sec = 1;],
3c0ef626 2850 [ ac_cv_have_struct_timeval="yes" ],
2851 [ ac_cv_have_struct_timeval="no" ]
2852 )
2853])
2854if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2c06c99b 2855 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3c0ef626 2856 have_struct_timeval=1
2857fi
2858
6a9b3198 2859AC_CHECK_TYPES(struct timespec)
2860
2861# We need int64_t or else certian parts of the compile will fail.
dec6d9fe 2862if test "x$ac_cv_have_int64_t" = "xno" && \
2863 test "x$ac_cv_sizeof_long_int" != "x8" && \
2864 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
6a9b3198 2865 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2866 echo "an alternative compiler (I.E., GCC) before continuing."
2867 echo ""
2868 exit 1;
3c0ef626 2869else
2870dnl test snprintf (broken on SCO w/gcc)
996d5e62 2871 AC_RUN_IFELSE(
2872 [AC_LANG_SOURCE([[
3c0ef626 2873#include <stdio.h>
2874#include <string.h>
2875#ifdef HAVE_SNPRINTF
2876main()
2877{
2878 char buf[50];
2879 char expected_out[50];
2880 int mazsize = 50 ;
2881#if (SIZEOF_LONG_INT == 8)
2882 long int num = 0x7fffffffffffffff;
2883#else
2884 long long num = 0x7fffffffffffffffll;
2885#endif
2886 strcpy(expected_out, "9223372036854775807");
2887 snprintf(buf, mazsize, "%lld", num);
2888 if(strcmp(buf, expected_out) != 0)
cdd66111 2889 exit(1);
3c0ef626 2890 exit(0);
2891}
2892#else
2893main() { exit(0); }
2894#endif
996d5e62 2895 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2896 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3c0ef626 2897 )
2898fi
3c0ef626 2899
2900dnl Checks for structure members
2901OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2902OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2903OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2904OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2905OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2906OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2907OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2908OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2909OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2910OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2911OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2912OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2913OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2914OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2915OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2916OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2917OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2918
2919AC_CHECK_MEMBERS([struct stat.st_blksize])
2c06c99b 2920AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2921 [Define if we don't have struct __res_state in resolv.h])],
2922[
2923#include <stdio.h>
2924#if HAVE_SYS_TYPES_H
2925# include <sys/types.h>
2926#endif
2927#include <netinet/in.h>
2928#include <arpa/nameser.h>
2929#include <resolv.h>
2930])
3c0ef626 2931
2932AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2933 ac_cv_have_ss_family_in_struct_ss, [
2934 AC_TRY_COMPILE(
2935 [
2936#include <sys/types.h>
2937#include <sys/socket.h>
2938 ],
2939 [ struct sockaddr_storage s; s.ss_family = 1; ],
2940 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2941 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2942 )
2943])
2944if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2c06c99b 2945 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3c0ef626 2946fi
2947
2948AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2949 ac_cv_have___ss_family_in_struct_ss, [
2950 AC_TRY_COMPILE(
2951 [
2952#include <sys/types.h>
2953#include <sys/socket.h>
2954 ],
2955 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2956 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2957 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2958 )
2959])
2960if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2c06c99b 2961 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2962 [Fields in struct sockaddr_storage])
3c0ef626 2963fi
2964
2965AC_CACHE_CHECK([for pw_class field in struct passwd],
2966 ac_cv_have_pw_class_in_struct_passwd, [
2967 AC_TRY_COMPILE(
2968 [
2969#include <pwd.h>
2970 ],
2971 [ struct passwd p; p.pw_class = 0; ],
2972 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2973 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2974 )
2975])
2976if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2c06c99b 2977 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2978 [Define if your password has a pw_class field])
3c0ef626 2979fi
2980
2981AC_CACHE_CHECK([for pw_expire field in struct passwd],
2982 ac_cv_have_pw_expire_in_struct_passwd, [
2983 AC_TRY_COMPILE(
2984 [
2985#include <pwd.h>
2986 ],
2987 [ struct passwd p; p.pw_expire = 0; ],
2988 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2989 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2990 )
2991])
2992if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2c06c99b 2993 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2994 [Define if your password has a pw_expire field])
3c0ef626 2995fi
2996
2997AC_CACHE_CHECK([for pw_change field in struct passwd],
2998 ac_cv_have_pw_change_in_struct_passwd, [
2999 AC_TRY_COMPILE(
3000 [
3001#include <pwd.h>
3002 ],
3003 [ struct passwd p; p.pw_change = 0; ],
3004 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3005 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3006 )
3007])
3008if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2c06c99b 3009 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3010 [Define if your password has a pw_change field])
3c0ef626 3011fi
3012
fba3c309 3013dnl make sure we're using the real structure members and not defines
700318f3 3014AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3015 ac_cv_have_accrights_in_msghdr, [
996d5e62 3016 AC_COMPILE_IFELSE(
700318f3 3017 [
3018#include <sys/types.h>
3019#include <sys/socket.h>
3020#include <sys/uio.h>
fba3c309 3021int main() {
3022#ifdef msg_accrights
996d5e62 3023#error "msg_accrights is a macro"
fba3c309 3024exit(1);
3025#endif
3026struct msghdr m;
3027m.msg_accrights = 0;
3028exit(0);
3029}
700318f3 3030 ],
700318f3 3031 [ ac_cv_have_accrights_in_msghdr="yes" ],
3032 [ ac_cv_have_accrights_in_msghdr="no" ]
3033 )
3034])
3035if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2c06c99b 3036 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3037 [Define if your system uses access rights style
3038 file descriptor passing])
700318f3 3039fi
3040
22616013 3041AC_MSG_CHECKING(if f_fsid has val members)
3042AC_TRY_COMPILE([
3043#include <sys/types.h>
3044#include <sys/statvfs.h>],
3045[struct fsid_t t; t.val[0] = 0;],
3046 [ AC_MSG_RESULT(yes)
3047 AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
3048 [ AC_MSG_RESULT(no) ]
3049)
3050
700318f3 3051AC_CACHE_CHECK([for msg_control field in struct msghdr],
3052 ac_cv_have_control_in_msghdr, [
996d5e62 3053 AC_COMPILE_IFELSE(
700318f3 3054 [
3055#include <sys/types.h>
3056#include <sys/socket.h>
3057#include <sys/uio.h>
fba3c309 3058int main() {
3059#ifdef msg_control
996d5e62 3060#error "msg_control is a macro"
fba3c309 3061exit(1);
3062#endif
3063struct msghdr m;
3064m.msg_control = 0;
3065exit(0);
3066}
700318f3 3067 ],
700318f3 3068 [ ac_cv_have_control_in_msghdr="yes" ],
3069 [ ac_cv_have_control_in_msghdr="no" ]
3070 )
3071])
3072if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2c06c99b 3073 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3074 [Define if your system uses ancillary data style
3075 file descriptor passing])
700318f3 3076fi
3077
3c0ef626 3078AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
cdd66111 3079 AC_TRY_LINK([],
3080 [ extern char *__progname; printf("%s", __progname); ],
3c0ef626 3081 [ ac_cv_libc_defines___progname="yes" ],
3082 [ ac_cv_libc_defines___progname="no" ]
3083 )
3084])
3085if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2c06c99b 3086 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3c0ef626 3087fi
3088
700318f3 3089AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3090 AC_TRY_LINK([
3091#include <stdio.h>
cdd66111 3092],
3093 [ printf("%s", __FUNCTION__); ],
700318f3 3094 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3095 [ ac_cv_cc_implements___FUNCTION__="no" ]
3096 )
3097])
3098if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2c06c99b 3099 AC_DEFINE(HAVE___FUNCTION__, 1,
3100 [Define if compiler implements __FUNCTION__])
700318f3 3101fi
3102
3103AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3104 AC_TRY_LINK([
3105#include <stdio.h>
cdd66111 3106],
3107 [ printf("%s", __func__); ],
700318f3 3108 [ ac_cv_cc_implements___func__="yes" ],
3109 [ ac_cv_cc_implements___func__="no" ]
3110 )
3111])
3112if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2c06c99b 3113 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3114fi
3115
3116AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3117 AC_TRY_LINK(
3118 [#include <stdarg.h>
3119 va_list x,y;],
3120 [va_copy(x,y);],
3121 [ ac_cv_have_va_copy="yes" ],
3122 [ ac_cv_have_va_copy="no" ]
3123 )
3124])
3125if test "x$ac_cv_have_va_copy" = "xyes" ; then
3126 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3127fi
3128
3129AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3130 AC_TRY_LINK(
3131 [#include <stdarg.h>
3132 va_list x,y;],
3133 [__va_copy(x,y);],
3134 [ ac_cv_have___va_copy="yes" ],
3135 [ ac_cv_have___va_copy="no" ]
3136 )
3137])
3138if test "x$ac_cv_have___va_copy" = "xyes" ; then
3139 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
700318f3 3140fi
3141
3c0ef626 3142AC_CACHE_CHECK([whether getopt has optreset support],
3143 ac_cv_have_getopt_optreset, [
3144 AC_TRY_LINK(
3145 [
3146#include <getopt.h>
3147 ],
3148 [ extern int optreset; optreset = 0; ],
3149 [ ac_cv_have_getopt_optreset="yes" ],
3150 [ ac_cv_have_getopt_optreset="no" ]
3151 )
3152])
3153if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2c06c99b 3154 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3155 [Define if your getopt(3) defines and uses optreset])
3c0ef626 3156fi
3157
3158AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
cdd66111 3159 AC_TRY_LINK([],
3160 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3c0ef626 3161 [ ac_cv_libc_defines_sys_errlist="yes" ],
3162 [ ac_cv_libc_defines_sys_errlist="no" ]
3163 )
3164])
3165if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2c06c99b 3166 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3167 [Define if your system defines sys_errlist[]])
3c0ef626 3168fi
3169
3170
3171AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
cdd66111 3172 AC_TRY_LINK([],
3173 [ extern int sys_nerr; printf("%i", sys_nerr);],
3c0ef626 3174 [ ac_cv_libc_defines_sys_nerr="yes" ],
3175 [ ac_cv_libc_defines_sys_nerr="no" ]
3176 )
3177])
3178if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2c06c99b 3179 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3c0ef626 3180fi
3181
cdd66111 3182SCARD_MSG="no"
700318f3 3183# Check whether user wants sectok support
3184AC_ARG_WITH(sectok,
3185 [ --with-sectok Enable smartcard support using libsectok],
3c0ef626 3186 [
3187 if test "x$withval" != "xno" ; then
3188 if test "x$withval" != "xyes" ; then
3189 CPPFLAGS="$CPPFLAGS -I${withval}"
3190 LDFLAGS="$LDFLAGS -L${withval}"
3191 if test ! -z "$need_dash_r" ; then
3192 LDFLAGS="$LDFLAGS -R${withval}"
3193 fi
3194 if test ! -z "$blibpath" ; then
3195 blibpath="$blibpath:${withval}"
3196 fi
3197 fi
3198 AC_CHECK_HEADERS(sectok.h)
3199 if test "$ac_cv_header_sectok_h" != yes; then
3200 AC_MSG_ERROR(Can't find sectok.h)
3201 fi
3202 AC_CHECK_LIB(sectok, sectok_open)
3203 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3204 AC_MSG_ERROR(Can't find libsectok)
3205 fi
2c06c99b 3206 AC_DEFINE(SMARTCARD, 1,
3207 [Define if you want smartcard support])
3208 AC_DEFINE(USE_SECTOK, 1,
3209 [Define if you want smartcard support
3210 using sectok])
cdd66111 3211 SCARD_MSG="yes, using sectok"
3c0ef626 3212 fi
3213 ]
3214)
3215
700318f3 3216# Check whether user wants OpenSC support
dec6d9fe 3217OPENSC_CONFIG="no"
700318f3 3218AC_ARG_WITH(opensc,
2c06c99b 3219 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
dec6d9fe 3220 [
3221 if test "x$withval" != "xno" ; then
3222 if test "x$withval" != "xyes" ; then
3223 OPENSC_CONFIG=$withval/bin/opensc-config
3224 else
3225 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3226 fi
3227 if test "$OPENSC_CONFIG" != "no"; then
3228 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3229 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3230 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
9108f8d9 3231 LIBS="$LIBS $LIBOPENSC_LIBS"
dec6d9fe 3232 AC_DEFINE(SMARTCARD)
2c06c99b 3233 AC_DEFINE(USE_OPENSC, 1,
3234 [Define if you want smartcard support
3235 using OpenSC])
dec6d9fe 3236 SCARD_MSG="yes, using OpenSC"
3237 fi
3238 fi
3239 ]
3240)
700318f3 3241
cdd66111 3242# Check libraries needed by DNS fingerprint support
3243AC_SEARCH_LIBS(getrrsetbyname, resolv,
2c06c99b 3244 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3245 [Define if getrrsetbyname() exists])],
0fff78ff 3246 [
cdd66111 3247 # Needed by our getrrsetbyname()
3248 AC_SEARCH_LIBS(res_query, resolv)
3249 AC_SEARCH_LIBS(dn_expand, resolv)
c9f39d2c 3250 AC_MSG_CHECKING(if res_query will link)
3251 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3252 [AC_MSG_RESULT(no)
3253 saved_LIBS="$LIBS"
3254 LIBS="$LIBS -lresolv"
3255 AC_MSG_CHECKING(for res_query in -lresolv)
3256 AC_LINK_IFELSE([
3257#include <resolv.h>
3258int main()
3259{
3260 res_query (0, 0, 0, 0, 0);
3261 return 0;
3262}
3263 ],
3264 [LIBS="$LIBS -lresolv"
3265 AC_MSG_RESULT(yes)],
3266 [LIBS="$saved_LIBS"
3267 AC_MSG_RESULT(no)])
3268 ])
cdd66111 3269 AC_CHECK_FUNCS(_getshort _getlong)
665a873d 3270 AC_CHECK_DECLS([_getshort, _getlong], , ,
3271 [#include <sys/types.h>
3272 #include <arpa/nameser.h>])
cdd66111 3273 AC_CHECK_MEMBER(HEADER.ad,
2c06c99b 3274 [AC_DEFINE(HAVE_HEADER_AD, 1,
3275 [Define if HEADER.ad exists in arpa/nameser.h])],,
cdd66111 3276 [#include <arpa/nameser.h>])
3277 ])
0fff78ff 3278
d4487008 3279AC_MSG_CHECKING(if struct __res_state _res is an extern)
3280AC_LINK_IFELSE([
3281#include <stdio.h>
3282#if HAVE_SYS_TYPES_H
3283# include <sys/types.h>
3284#endif
3285#include <netinet/in.h>
3286#include <arpa/nameser.h>
3287#include <resolv.h>
3288extern struct __res_state _res;
3289int main() { return 0; }
3290 ],
3291 [AC_MSG_RESULT(yes)
3292 AC_DEFINE(HAVE__RES_EXTERN, 1,
3293 [Define if you have struct __res_state _res as an extern])
3294 ],
3295 [ AC_MSG_RESULT(no) ]
3296)
3297
9108f8d9 3298# Check whether user wants SELinux support
3299SELINUX_MSG="no"
3300LIBSELINUX=""
3301AC_ARG_WITH(selinux,
47686178 3302 [ --with-selinux Enable SELinux support],
9108f8d9 3303 [ if test "x$withval" != "xno" ; then
d4487008 3304 save_LIBS="$LIBS"
9108f8d9 3305 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3306 SELINUX_MSG="yes"
3307 AC_CHECK_HEADER([selinux/selinux.h], ,
3308 AC_MSG_ERROR(SELinux support requires selinux.h header))
3309 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3310 AC_MSG_ERROR(SELinux support requires libselinux library))
d4487008 3311 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
9108f8d9 3312 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
ff7ec503 3313 LIBS="$save_LIBS"
9108f8d9 3314 fi ]
3315)
9108f8d9 3316
700318f3 3317# Check whether user wants Kerberos 5 support
cdd66111 3318KRB5_MSG="no"
700318f3 3319AC_ARG_WITH(kerberos5,
cdd66111 3320 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3321 [ if test "x$withval" != "xno" ; then
3322 if test "x$withval" = "xyes" ; then
3323 KRB5ROOT="/usr/local"
3324 else
3325 KRB5ROOT=${withval}
3326 fi
3327
2c06c99b 3328 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
cdd66111 3329 KRB5_MSG="yes"
3330
3331 AC_MSG_CHECKING(for krb5-config)
3332 if test -x $KRB5ROOT/bin/krb5-config ; then
3333 KRB5CONF=$KRB5ROOT/bin/krb5-config
3334 AC_MSG_RESULT($KRB5CONF)
3335
3336 AC_MSG_CHECKING(for gssapi support)
3337 if $KRB5CONF | grep gssapi >/dev/null ; then
3338 AC_MSG_RESULT(yes)
2c06c99b 3339 AC_DEFINE(GSSAPI, 1,
3340 [Define this if you want GSSAPI
3341 support in the version 2 protocol])
cdd66111 3342 k5confopts=gssapi
3343 else
3344 AC_MSG_RESULT(no)
3345 k5confopts=""
3346 fi
3347 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3348 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3349 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3350 AC_MSG_CHECKING(whether we are using Heimdal)
3351 AC_TRY_COMPILE([ #include <krb5.h> ],
3352 [ char *tmp = heimdal_version; ],
3353 [ AC_MSG_RESULT(yes)
2c06c99b 3354 AC_DEFINE(HEIMDAL, 1,
3355 [Define this if you are using the
3356 Heimdal version of Kerberos V5]) ],
cdd66111 3357 AC_MSG_RESULT(no)
3358 )
3359 else
3360 AC_MSG_RESULT(no)
700318f3 3361 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
cdd66111 3362 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3363 AC_MSG_CHECKING(whether we are using Heimdal)
3364 AC_TRY_COMPILE([ #include <krb5.h> ],
3365 [ char *tmp = heimdal_version; ],
3366 [ AC_MSG_RESULT(yes)
3367 AC_DEFINE(HEIMDAL)
c9f39d2c 3368 K5LIBS="-lkrb5 -ldes"
3369 K5LIBS="$K5LIBS -lcom_err -lasn1"
dec6d9fe 3370 AC_CHECK_LIB(roken, net_write,
c9f39d2c 3371 [K5LIBS="$K5LIBS -lroken"])
cdd66111 3372 ],
3373 [ AC_MSG_RESULT(no)
3374 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3375 ]
3376 )
0fff78ff 3377 AC_SEARCH_LIBS(dn_expand, resolv)
3378
22616013 3379 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
0fff78ff 3380 [ AC_DEFINE(GSSAPI)
22616013 3381 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3382 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
0fff78ff 3383 [ AC_DEFINE(GSSAPI)
22616013 3384 K5LIBS="-lgssapi $K5LIBS" ],
0fff78ff 3385 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3386 $K5LIBS)
3387 ],
3388 $K5LIBS)
dec6d9fe 3389
0fff78ff 3390 AC_CHECK_HEADER(gssapi.h, ,
3391 [ unset ac_cv_header_gssapi_h
cdd66111 3392 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
0fff78ff 3393 AC_CHECK_HEADERS(gssapi.h, ,
3394 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
cdd66111 3395 )
0fff78ff 3396 ]
3397 )
3398
3399 oldCPP="$CPPFLAGS"
3400 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3401 AC_CHECK_HEADER(gssapi_krb5.h, ,
3402 [ CPPFLAGS="$oldCPP" ])
700318f3 3403
cdd66111 3404 fi
3405 if test ! -z "$need_dash_r" ; then
3406 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3407 fi
3408 if test ! -z "$blibpath" ; then
3409 blibpath="$blibpath:${KRB5ROOT}/lib"
3410 fi
cdd66111 3411
2c06c99b 3412 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3413 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3414 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
cdd66111 3415
2c06c99b 3416 LIBS="$LIBS $K5LIBS"
3417 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3418 [Define this if you want to use libkafs' AFS support]))
3419 fi
cdd66111 3420 ]
700318f3 3421)
3c0ef626 3422
3423# Looking for programs, paths and files
3c0ef626 3424
700318f3 3425PRIVSEP_PATH=/var/empty
3426AC_ARG_WITH(privsep-path,
41b2f314 3427 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
700318f3 3428 [
dec6d9fe 3429 if test -n "$withval" && test "x$withval" != "xno" && \
3430 test "x${withval}" != "xyes"; then
700318f3 3431 PRIVSEP_PATH=$withval
3432 fi
3433 ]
3434)
3435AC_SUBST(PRIVSEP_PATH)
3436
3c0ef626 3437AC_ARG_WITH(xauth,
3438 [ --with-xauth=PATH Specify path to xauth program ],
3439 [
dec6d9fe 3440 if test -n "$withval" && test "x$withval" != "xno" && \
3441 test "x${withval}" != "xyes"; then
3c0ef626 3442 xauth_path=$withval
3443 fi
3444 ],
3445 [
41b2f314 3446 TestPath="$PATH"
3447 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3448 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3449 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3450 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3451 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3c0ef626 3452 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3453 xauth_path="/usr/openwin/bin/xauth"
3454 fi
3455 ]
3456)
3457
6a9b3198 3458STRIP_OPT=-s
3459AC_ARG_ENABLE(strip,
3460 [ --disable-strip Disable calling strip(1) on install],
3461 [
3462 if test "x$enableval" = "xno" ; then
3463 STRIP_OPT=
3464 fi
3465 ]
3466)
3467AC_SUBST(STRIP_OPT)
3468
3c0ef626 3469if test -z "$xauth_path" ; then
3470 XAUTH_PATH="undefined"
3471 AC_SUBST(XAUTH_PATH)
3472else
2c06c99b 3473 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3474 [Define if xauth is found in your path])
3c0ef626 3475 XAUTH_PATH=$xauth_path
3476 AC_SUBST(XAUTH_PATH)
3477fi
3c0ef626 3478
3479# Check for mail directory (last resort if we cannot get it from headers)
3480if test ! -z "$MAIL" ; then
3481 maildir=`dirname $MAIL`
2c06c99b 3482 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3483 [Set this to your mail directory if you don't have maillock.h])
3c0ef626 3484fi
3485
996d5e62 3486if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3487 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3488 disable_ptmx_check=yes
3489fi
3c0ef626 3490if test -z "$no_dev_ptmx" ; then
700318f3 3491 if test "x$disable_ptmx_check" != "xyes" ; then
cdd66111 3492 AC_CHECK_FILE("/dev/ptmx",
700318f3 3493 [
2c06c99b 3494 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3495 [Define if you have /dev/ptmx])
700318f3 3496 have_dev_ptmx=1
3497 ]
3498 )
3499 fi
3c0ef626 3500fi
996d5e62 3501
3502if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3503 AC_CHECK_FILE("/dev/ptc",
3504 [
2c06c99b 3505 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3506 [Define if you have /dev/ptc])
996d5e62 3507 have_dev_ptc=1
3508 ]
3509 )
3510else
3511 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3512fi
3c0ef626 3513
3514# Options from here on. Some of these are preset by platform above
3c0ef626 3515AC_ARG_WITH(mantype,
3516 [ --with-mantype=man|cat|doc Set man page type],
3517 [
3518 case "$withval" in
3519 man|cat|doc)
3520 MANTYPE=$withval
3521 ;;
3522 *)
3523 AC_MSG_ERROR(invalid man type: $withval)
3524 ;;
3525 esac
3526 ]
3527)
3528if test -z "$MANTYPE"; then
41b2f314 3529 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3530 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3c0ef626 3531 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3532 MANTYPE=doc
3533 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3534 MANTYPE=man
3535 else
3536 MANTYPE=cat
3537 fi
3538fi
3539AC_SUBST(MANTYPE)
3540if test "$MANTYPE" = "doc"; then
3541 mansubdir=man;
3542else
3543 mansubdir=$MANTYPE;
3544fi
3545AC_SUBST(mansubdir)
3546
3547# Check whether to enable MD5 passwords
cdd66111 3548MD5_MSG="no"
3c0ef626 3549AC_ARG_WITH(md5-passwords,
3550 [ --with-md5-passwords Enable use of MD5 passwords],
3551 [
3552 if test "x$withval" != "xno" ; then
2c06c99b 3553 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3554 [Define if you want to allow MD5 passwords])
cdd66111 3555 MD5_MSG="yes"
3c0ef626 3556 fi
3557 ]
3558)
3559
3560# Whether to disable shadow password support
3561AC_ARG_WITH(shadow,
3562 [ --without-shadow Disable shadow password support],
3563 [
dec6d9fe 3564 if test "x$withval" = "xno" ; then
3c0ef626 3565 AC_DEFINE(DISABLE_SHADOW)
3566 disable_shadow=yes
3567 fi
3568 ]
3569)
3570
3571if test -z "$disable_shadow" ; then
3572 AC_MSG_CHECKING([if the systems has expire shadow information])
3573 AC_TRY_COMPILE(
3574 [
3575#include <sys/types.h>
3576#include <shadow.h>
3577 struct spwd sp;
3578 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3579 [ sp_expire_available=yes ], []
3580 )
3581
3582 if test "x$sp_expire_available" = "xyes" ; then
3583 AC_MSG_RESULT(yes)
2c06c99b 3584 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3585 [Define if you want to use shadow password expire field])
3c0ef626 3586 else
3587 AC_MSG_RESULT(no)
3588 fi
3589fi
3590
3591# Use ip address instead of hostname in $DISPLAY
3592if test ! -z "$IPADDR_IN_DISPLAY" ; then
3593 DISPLAY_HACK_MSG="yes"
2c06c99b 3594 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3595 [Define if you need to use IP address
3596 instead of hostname in $DISPLAY])
3c0ef626 3597else
cdd66111 3598 DISPLAY_HACK_MSG="no"
3c0ef626 3599 AC_ARG_WITH(ipaddr-display,
3600 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3601 [
dec6d9fe 3602 if test "x$withval" != "xno" ; then
3c0ef626 3603 AC_DEFINE(IPADDR_IN_DISPLAY)
cdd66111 3604 DISPLAY_HACK_MSG="yes"
3c0ef626 3605 fi
3606 ]
3607 )
3608fi
3609
0fff78ff 3610# check for /etc/default/login and use it if present.
acc3d05e 3611AC_ARG_ENABLE(etc-default-login,
996d5e62 3612 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3613 [ if test "x$enableval" = "xno"; then
3614 AC_MSG_NOTICE([/etc/default/login handling disabled])
3615 etc_default_login=no
3616 else
3617 etc_default_login=yes
3618 fi ],
2c06c99b 3619 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3620 then
3621 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3622 etc_default_login=no
3623 else
3624 etc_default_login=yes
3625 fi ]
996d5e62 3626)
0fff78ff 3627
996d5e62 3628if test "x$etc_default_login" != "xno"; then
3629 AC_CHECK_FILE("/etc/default/login",
3630 [ external_path_file=/etc/default/login ])
2c06c99b 3631 if test "x$external_path_file" = "x/etc/default/login"; then
3632 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3633 [Define if your system has /etc/default/login])
996d5e62 3634 fi
0fff78ff 3635fi
3636
700318f3 3637dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
dec6d9fe 3638if test $ac_cv_func_login_getcapbool = "yes" && \
3639 test $ac_cv_header_login_cap_h = "yes" ; then
0fff78ff 3640 external_path_file=/etc/login.conf
700318f3 3641fi
0fff78ff 3642
3c0ef626 3643# Whether to mess with the default path
cdd66111 3644SERVER_PATH_MSG="(default)"
3c0ef626 3645AC_ARG_WITH(default-path,
700318f3 3646 [ --with-default-path= Specify default \$PATH environment for server],
3c0ef626 3647 [
0fff78ff 3648 if test "x$external_path_file" = "x/etc/login.conf" ; then
700318f3 3649 AC_MSG_WARN([
3650--with-default-path=PATH has no effect on this system.
3651Edit /etc/login.conf instead.])
dec6d9fe 3652 elif test "x$withval" != "xno" ; then
0fff78ff 3653 if test ! -z "$external_path_file" ; then
3654 AC_MSG_WARN([
3655--with-default-path=PATH will only be used if PATH is not defined in
3656$external_path_file .])
3657 fi
3c0ef626 3658 user_path="$withval"
cdd66111 3659 SERVER_PATH_MSG="$withval"
3c0ef626 3660 fi
3661 ],
0fff78ff 3662 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3663 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
700318f3 3664 else
0fff78ff 3665 if test ! -z "$external_path_file" ; then
3666 AC_MSG_WARN([
3667If PATH is defined in $external_path_file, ensure the path to scp is included,
3668otherwise scp will not work.])
3669 fi
2c06c99b 3670 AC_RUN_IFELSE(
3671 [AC_LANG_SOURCE([[
3c0ef626 3672/* find out what STDPATH is */
3673#include <stdio.h>
3674#ifdef HAVE_PATHS_H
3675# include <paths.h>
3676#endif
3677#ifndef _PATH_STDPATH
6a9b3198 3678# ifdef _PATH_USERPATH /* Irix */
3679# define _PATH_STDPATH _PATH_USERPATH
3680# else
3681# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3682# endif
3c0ef626 3683#endif
3684#include <sys/types.h>
3685#include <sys/stat.h>
3686#include <fcntl.h>
3687#define DATA "conftest.stdpath"
3688
3689main()
3690{
3691 FILE *fd;
3692 int rc;
dec6d9fe 3693
3c0ef626 3694 fd = fopen(DATA,"w");
3695 if(fd == NULL)
3696 exit(1);
dec6d9fe 3697
3c0ef626 3698 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3699 exit(1);
3700
3701 exit(0);
3702}
2c06c99b 3703 ]])],
3704 [ user_path=`cat conftest.stdpath` ],
3c0ef626 3705 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3706 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3707 )
3708# make sure $bindir is in USER_PATH so scp will work
3709 t_bindir=`eval echo ${bindir}`
3710 case $t_bindir in
3711 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3712 esac
3713 case $t_bindir in
3714 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3715 esac
3716 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3717 if test $? -ne 0 ; then
3718 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3719 if test $? -ne 0 ; then
3720 user_path=$user_path:$t_bindir
3721 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3722 fi
3723 fi
700318f3 3724 fi ]
3725)
0fff78ff 3726if test "x$external_path_file" != "x/etc/login.conf" ; then
2c06c99b 3727 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
700318f3 3728 AC_SUBST(user_path)
3729fi
3730
3731# Set superuser path separately to user path
700318f3 3732AC_ARG_WITH(superuser-path,
3733 [ --with-superuser-path= Specify different path for super-user],
3734 [
dec6d9fe 3735 if test -n "$withval" && test "x$withval" != "xno" && \
3736 test "x${withval}" != "xyes"; then
2c06c99b 3737 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3738 [Define if you want a different $PATH
3739 for the superuser])
700318f3 3740 superuser_path=$withval
3741 fi
3c0ef626 3742 ]
3743)
700318f3 3744
3c0ef626 3745
3c0ef626 3746AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
cdd66111 3747IPV4_IN6_HACK_MSG="no"
3c0ef626 3748AC_ARG_WITH(4in6,
3749 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3750 [
3751 if test "x$withval" != "xno" ; then
3752 AC_MSG_RESULT(yes)
2c06c99b 3753 AC_DEFINE(IPV4_IN_IPV6, 1,
3754 [Detect IPv4 in IPv6 mapped addresses
3755 and treat as IPv4])
cdd66111 3756 IPV4_IN6_HACK_MSG="yes"
3c0ef626 3757 else
3758 AC_MSG_RESULT(no)
3759 fi
3760 ],[
3761 if test "x$inet6_default_4in6" = "xyes"; then
3762 AC_MSG_RESULT([yes (default)])
3763 AC_DEFINE(IPV4_IN_IPV6)
cdd66111 3764 IPV4_IN6_HACK_MSG="yes"
3c0ef626 3765 else
3766 AC_MSG_RESULT([no (default)])
3767 fi
3768 ]
3769)
3770
3771# Whether to enable BSD auth support
e9a17296 3772BSD_AUTH_MSG=no
3c0ef626 3773AC_ARG_WITH(bsd-auth,
3774 [ --with-bsd-auth Enable BSD auth support],
3775 [
dec6d9fe 3776 if test "x$withval" != "xno" ; then
2c06c99b 3777 AC_DEFINE(BSD_AUTH, 1,
3778 [Define if you have BSD auth support])
e9a17296 3779 BSD_AUTH_MSG=yes
3c0ef626 3780 fi
3781 ]
3782)
3783
3c0ef626 3784# Where to place sshd.pid
3785piddir=/var/run
700318f3 3786# make sure the directory exists
dec6d9fe 3787if test ! -d $piddir ; then
700318f3 3788 piddir=`eval echo ${sysconfdir}`
3789 case $piddir in
cdd66111 3790 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
700318f3 3791 esac
3792fi
3793
3c0ef626 3794AC_ARG_WITH(pid-dir,
3795 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3796 [
dec6d9fe 3797 if test -n "$withval" && test "x$withval" != "xno" && \
3798 test "x${withval}" != "xyes"; then
3c0ef626 3799 piddir=$withval
dec6d9fe 3800 if test ! -d $piddir ; then
700318f3 3801 AC_MSG_WARN([** no $piddir directory on this system **])
3802 fi
3c0ef626 3803 fi
3804 ]
3805)
3806
2c06c99b 3807AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3c0ef626 3808AC_SUBST(piddir)
3809
3810dnl allow user to disable some login recording features
3811AC_ARG_ENABLE(lastlog,
3812 [ --disable-lastlog disable use of lastlog even if detected [no]],
0fff78ff 3813 [
3814 if test "x$enableval" = "xno" ; then
3815 AC_DEFINE(DISABLE_LASTLOG)
3816 fi
3817 ]
3c0ef626 3818)
3819AC_ARG_ENABLE(utmp,
3820 [ --disable-utmp disable use of utmp even if detected [no]],
0fff78ff 3821 [
3822 if test "x$enableval" = "xno" ; then
3823 AC_DEFINE(DISABLE_UTMP)
3824 fi
3825 ]
3c0ef626 3826)
3827AC_ARG_ENABLE(utmpx,
3828 [ --disable-utmpx disable use of utmpx even if detected [no]],
0fff78ff 3829 [
3830 if test "x$enableval" = "xno" ; then
2c06c99b 3831 AC_DEFINE(DISABLE_UTMPX, 1,
3832 [Define if you don't want to use utmpx])
0fff78ff 3833 fi
3834 ]
3c0ef626 3835)
3836AC_ARG_ENABLE(wtmp,
3837 [ --disable-wtmp disable use of wtmp even if detected [no]],
0fff78ff 3838 [
3839 if test "x$enableval" = "xno" ; then
3840 AC_DEFINE(DISABLE_WTMP)
3841 fi
3842 ]
3c0ef626 3843)
3844AC_ARG_ENABLE(wtmpx,
3845 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
0fff78ff 3846 [
3847 if test "x$enableval" = "xno" ; then
2c06c99b 3848 AC_DEFINE(DISABLE_WTMPX, 1,
3849 [Define if you don't want to use wtmpx])
0fff78ff 3850 fi
3851 ]
3c0ef626 3852)
3853AC_ARG_ENABLE(libutil,
3854 [ --disable-libutil disable use of libutil (login() etc.) [no]],
0fff78ff 3855 [
3856 if test "x$enableval" = "xno" ; then
3857 AC_DEFINE(DISABLE_LOGIN)
3858 fi
3859 ]
3c0ef626 3860)
3861AC_ARG_ENABLE(pututline,
3862 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
0fff78ff 3863 [
3864 if test "x$enableval" = "xno" ; then
2c06c99b 3865 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3866 [Define if you don't want to use pututline()
3867 etc. to write [uw]tmp])
0fff78ff 3868 fi
3869 ]
3c0ef626 3870)
3871AC_ARG_ENABLE(pututxline,
3872 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
0fff78ff 3873 [
3874 if test "x$enableval" = "xno" ; then
2c06c99b 3875 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3876 [Define if you don't want to use pututxline()
3877 etc. to write [uw]tmpx])
0fff78ff 3878 fi
3879 ]
3c0ef626 3880)
3881AC_ARG_WITH(lastlog,
3882 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3883 [
dec6d9fe 3884 if test "x$withval" = "xno" ; then
3c0ef626 3885 AC_DEFINE(DISABLE_LASTLOG)
dec6d9fe 3886 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3c0ef626 3887 conf_lastlog_location=$withval
3888 fi
3889 ]
3890)
3891
3892dnl lastlog, [uw]tmpx? detection
3893dnl NOTE: set the paths in the platform section to avoid the
3894dnl need for command-line parameters
3895dnl lastlog and [uw]tmp are subject to a file search if all else fails
3896
3897dnl lastlog detection
3898dnl NOTE: the code itself will detect if lastlog is a directory
3899AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3900AC_TRY_COMPILE([
3901#include <sys/types.h>
3902#include <utmp.h>
3903#ifdef HAVE_LASTLOG_H
3904# include <lastlog.h>
3905#endif
3906#ifdef HAVE_PATHS_H
3907# include <paths.h>
3908#endif
3909#ifdef HAVE_LOGIN_H
3910# include <login.h>
3911#endif
3912 ],
3913 [ char *lastlog = LASTLOG_FILE; ],
3914 [ AC_MSG_RESULT(yes) ],
3915 [
3916 AC_MSG_RESULT(no)
3917 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3918 AC_TRY_COMPILE([
3919#include <sys/types.h>
3920#include <utmp.h>
3921#ifdef HAVE_LASTLOG_H
3922# include <lastlog.h>
3923#endif
3924#ifdef HAVE_PATHS_H
3925# include <paths.h>
3926#endif
3927 ],
3928 [ char *lastlog = _PATH_LASTLOG; ],
3929 [ AC_MSG_RESULT(yes) ],
3930 [
3931 AC_MSG_RESULT(no)
3932 system_lastlog_path=no
3933 ])
3934 ]
3935)
3936
3937if test -z "$conf_lastlog_location"; then
3938 if test x"$system_lastlog_path" = x"no" ; then
3939 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3940 if (test -d "$f" || test -f "$f") ; then
3941 conf_lastlog_location=$f
3942 fi
3943 done
3944 if test -z "$conf_lastlog_location"; then
3945 AC_MSG_WARN([** Cannot find lastlog **])
3946 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3947 fi
3948 fi
3949fi
3950
3951if test -n "$conf_lastlog_location"; then
2c06c99b 3952 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3953 [Define if you want to specify the path to your lastlog file])
dec6d9fe 3954fi
3c0ef626 3955
3956dnl utmp detection
3957AC_MSG_CHECKING([if your system defines UTMP_FILE])
3958AC_TRY_COMPILE([
3959#include <sys/types.h>
3960#include <utmp.h>
3961#ifdef HAVE_PATHS_H
3962# include <paths.h>
3963#endif
3964 ],
3965 [ char *utmp = UTMP_FILE; ],
3966 [ AC_MSG_RESULT(yes) ],
3967 [ AC_MSG_RESULT(no)
3968 system_utmp_path=no ]
3969)
3970if test -z "$conf_utmp_location"; then
3971 if test x"$system_utmp_path" = x"no" ; then
3972 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3973 if test -f $f ; then
3974 conf_utmp_location=$f
3975 fi
3976 done
3977 if test -z "$conf_utmp_location"; then
3978 AC_DEFINE(DISABLE_UTMP)
3979 fi
3980 fi
3981fi
3982if test -n "$conf_utmp_location"; then
2c06c99b 3983 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3984 [Define if you want to specify the path to your utmp file])
dec6d9fe 3985fi
3c0ef626 3986
3987dnl wtmp detection
3988AC_MSG_CHECKING([if your system defines WTMP_FILE])
3989AC_TRY_COMPILE([
3990#include <sys/types.h>
3991#include <utmp.h>
3992#ifdef HAVE_PATHS_H
3993# include <paths.h>
3994#endif
3995 ],
3996 [ char *wtmp = WTMP_FILE; ],
3997 [ AC_MSG_RESULT(yes) ],
3998 [ AC_MSG_RESULT(no)
3999 system_wtmp_path=no ]
4000)
4001if test -z "$conf_wtmp_location"; then
4002 if test x"$system_wtmp_path" = x"no" ; then
4003 for f in /usr/adm/wtmp /var/log/wtmp; do
4004 if test -f $f ; then
4005 conf_wtmp_location=$f
4006 fi
4007 done
4008 if test -z "$conf_wtmp_location"; then
4009 AC_DEFINE(DISABLE_WTMP)
4010 fi
4011 fi
4012fi
4013if test -n "$conf_wtmp_location"; then
2c06c99b 4014 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4015 [Define if you want to specify the path to your wtmp file])
dec6d9fe 4016fi
3c0ef626 4017
4018
4019dnl utmpx detection - I don't know any system so perverse as to require
4020dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4021dnl there, though.
4022AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4023AC_TRY_COMPILE([
4024#include <sys/types.h>
4025#include <utmp.h>
4026#ifdef HAVE_UTMPX_H
4027#include <utmpx.h>
4028#endif
4029#ifdef HAVE_PATHS_H
4030# include <paths.h>
4031#endif
4032 ],
4033 [ char *utmpx = UTMPX_FILE; ],
4034 [ AC_MSG_RESULT(yes) ],
4035 [ AC_MSG_RESULT(no)
4036 system_utmpx_path=no ]
4037)
4038if test -z "$conf_utmpx_location"; then
4039 if test x"$system_utmpx_path" = x"no" ; then
4040 AC_DEFINE(DISABLE_UTMPX)
4041 fi
4042else
2c06c99b 4043 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4044 [Define if you want to specify the path to your utmpx file])
dec6d9fe 4045fi
3c0ef626 4046
4047dnl wtmpx detection
4048AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4049AC_TRY_COMPILE([
4050#include <sys/types.h>
4051#include <utmp.h>
4052#ifdef HAVE_UTMPX_H
4053#include <utmpx.h>
4054#endif
4055#ifdef HAVE_PATHS_H
4056# include <paths.h>
4057#endif
4058 ],
4059 [ char *wtmpx = WTMPX_FILE; ],
4060 [ AC_MSG_RESULT(yes) ],
4061 [ AC_MSG_RESULT(no)
4062 system_wtmpx_path=no ]
4063)
4064if test -z "$conf_wtmpx_location"; then
4065 if test x"$system_wtmpx_path" = x"no" ; then
4066 AC_DEFINE(DISABLE_WTMPX)
4067 fi
4068else
2c06c99b 4069 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4070 [Define if you want to specify the path to your wtmpx file])
dec6d9fe 4071fi
3c0ef626 4072
4073
3c0ef626 4074if test ! -z "$blibpath" ; then
7e772e1f 4075 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4076 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3c0ef626 4077fi
4078
665a873d 4079dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4080dnl Add now.
4081CFLAGS="$CFLAGS $werror_flags"
4082
22616013 4083if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4084 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4085 AC_SUBST(TEST_SSH_IPV6, no)
4086else
4087 AC_SUBST(TEST_SSH_IPV6, yes)
4088fi
4089
e9a17296 4090AC_EXEEXT
9108f8d9 4091AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4092 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
996d5e62 4093 scard/Makefile ssh_prng_cmds survey.sh])
3c0ef626 4094AC_OUTPUT
4095
4096# Print summary of options
4097
3c0ef626 4098# Someone please show me a better way :)
4099A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4100B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4101C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4102D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4103E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4104F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4105G=`eval echo ${piddir}` ; G=`eval echo ${G}`
700318f3 4106H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4107I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4108J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3c0ef626 4109
4110echo ""
4111echo "OpenSSH has been configured with the following options:"
700318f3 4112echo " User binaries: $B"
4113echo " System binaries: $C"
4114echo " Configuration files: $D"
4115echo " Askpass program: $E"
4116echo " Manual pages: $F"
4117echo " PID file: $G"
4118echo " Privilege separation chroot path: $H"
0fff78ff 4119if test "x$external_path_file" = "x/etc/login.conf" ; then
4120echo " At runtime, sshd will use the path defined in $external_path_file"
4121echo " Make sure the path to scp is present, otherwise scp will not work"
700318f3 4122else
4123echo " sshd default user PATH: $I"
0fff78ff 4124 if test ! -z "$external_path_file"; then
4125echo " (If PATH is set in $external_path_file it will be used instead. If"
4126echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4127 fi
700318f3 4128fi
4129if test ! -z "$superuser_path" ; then
4130echo " sshd superuser user PATH: $J"
4131fi
4132echo " Manpage format: $MANTYPE"
0fff78ff 4133echo " PAM support: $PAM_MSG"
9108f8d9 4134echo " OSF SIA support: $SIA_MSG"
700318f3 4135echo " KerberosV support: $KRB5_MSG"
9108f8d9 4136echo " SELinux support: $SELINUX_MSG"
700318f3 4137echo " Smartcard support: $SCARD_MSG"
700318f3 4138echo " S/KEY support: $SKEY_MSG"
4139echo " TCP Wrappers support: $TCPW_MSG"
4140echo " MD5 password support: $MD5_MSG"
996d5e62 4141echo " libedit support: $LIBEDIT_MSG"
9108f8d9 4142echo " Solaris process contract support: $SPC_MSG"
700318f3 4143echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
700318f3 4144echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4145echo " BSD Auth support: $BSD_AUTH_MSG"
4146echo " Random number source: $RAND_MSG"
e9a17296 4147if test ! -z "$USE_RAND_HELPER" ; then
700318f3 4148echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3c0ef626 4149fi
4150
4151echo ""
4152
4153echo " Host: ${host}"
4154echo " Compiler: ${CC}"
4155echo " Compiler flags: ${CFLAGS}"
4156echo "Preprocessor flags: ${CPPFLAGS}"
4157echo " Linker flags: ${LDFLAGS}"
d4487008 4158echo " Libraries: ${LIBS}"
4159if test ! -z "${SSHDLIBS}"; then
4160echo " +for sshd: ${SSHDLIBS}"
4161fi
3c0ef626 4162
4163echo ""
4164
c9f39d2c 4165if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
996d5e62 4166 echo "SVR4 style packages are supported with \"make package\""
4167 echo ""
c9f39d2c 4168fi
4169
3c0ef626 4170if test "x$PAM_MSG" = "xyes" ; then
e9a17296 4171 echo "PAM is enabled. You may need to install a PAM control file "
4172 echo "for sshd, otherwise password authentication may fail. "
cdd66111 4173 echo "Example PAM control files can be found in the contrib/ "
e9a17296 4174 echo "subdirectory"
3c0ef626 4175 echo ""
4176fi
4177
e9a17296 4178if test ! -z "$RAND_HELPER_CMDHASH" ; then
4179 echo "WARNING: you are using the builtin random number collection "
4180 echo "service. Please read WARNING.RNG and request that your OS "
4181 echo "vendor includes kernel-based random number collection in "
4182 echo "future versions of your OS."
3c0ef626 4183 echo ""
4184fi
4185
c9f39d2c 4186if test ! -z "$NO_PEERCHECK" ; then
d4487008 4187 echo "WARNING: the operating system that you are using does not"
4188 echo "appear to support getpeereid(), getpeerucred() or the"
4189 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4190 echo "enforce security checks to prevent unauthorised connections to"
4191 echo "ssh-agent. Their absence increases the risk that a malicious"
4192 echo "user can connect to your agent."
c9f39d2c 4193 echo ""
4194fi
4195
996d5e62 4196if test "$AUDIT_MODULE" = "bsm" ; then
4197 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4198 echo "See the Solaris section in README.platform for details."
4199fi
git-cvsimport mirror of GSI OpenSSH
This page took 1.646156 seconds and 5 git commands to generate.