]> andersk Git - gssapi-openssh.git/blame - openssh/configure.ac
andersk / gssapi-openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
openssh-4.4p1-gsskex-20061002.patch
[gssapi-openssh.git] / openssh / configure.ac
CommitLineData
3c0ef626 1# $Id$
99be0775 2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
3c0ef626 16
665a873d 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
f2f068fa 18AC_REVISION($Revision$)
3c0ef626 19AC_CONFIG_SRCDIR([ssh.c])
20
21AC_CONFIG_HEADER(config.h)
22AC_PROG_CC
23AC_CANONICAL_HOST
24AC_C_BIGENDIAN
25
26# Checks for programs.
0fff78ff 27AC_PROG_AWK
3c0ef626 28AC_PROG_CPP
29AC_PROG_RANLIB
30AC_PROG_INSTALL
f2f068fa 31AC_PROG_EGREP
3c0ef626 32AC_PATH_PROG(AR, ar)
c9f39d2c 33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
3c0ef626 35AC_PATH_PROGS(PERL, perl5 perl)
6a9b3198 36AC_PATH_PROG(SED, sed)
3c0ef626 37AC_SUBST(PERL)
38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
3c0ef626 40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
700318f3 43AC_PATH_PROG(SH, sh)
c9f39d2c 44AC_SUBST(TEST_SHELL,sh)
45
46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
2c06c99b 52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
3c0ef626 57
58# System features
59AC_SYS_LARGEFILE
60
61if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
2c06c99b 67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
3c0ef626 70else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76fi
77
cdd66111 78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
2c06c99b 80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
cdd66111 82fi
83
3c0ef626 84if test -z "$LD" ; then
85 LD=$CC
86fi
87AC_SUBST(LD)
dec6d9fe 88
3c0ef626 89AC_C_INLINE
665a873d 90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
cdd66111 93if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
665a873d 94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
2c06c99b 95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
665a873d 96 case $GCC_VER in
97 1.*) ;;
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99 2.*) ;;
2c06c99b 100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
102 *) ;;
665a873d 103 esac
104
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
111 [have_llong_max=1],
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
114 )
115 fi
116fi
117
cdd66111 118AC_ARG_WITH(rpath,
119 [ --without-rpath Disable auto-added -R linker paths],
120 [
dec6d9fe 121 if test "x$withval" = "xno" ; then
cdd66111 122 need_dash_r=""
123 fi
124 if test "x$withval" = "xyes" ; then
125 need_dash_r=1
126 fi
127 ]
128)
129
9108f8d9 130# Messages for features tested for in target-specific section
131SIA_MSG="no"
132SPC_MSG="no"
133
3c0ef626 134# Check for some target-specific stuff
135case "$host" in
136*-*-aix*)
9108f8d9 137 # Some versions of VAC won't allow macro redefinitions at
138 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
139 # particularly with older versions of vac or xlc.
140 # It also throws errors about null macro argments, but these are
141 # not fatal.
142 AC_MSG_CHECKING(if compiler allows macro redefinitions)
143 AC_COMPILE_IFELSE(
144 [AC_LANG_SOURCE([[
145#define testmacro foo
146#define testmacro bar
147int main(void) { exit(0); }
148 ]])],
149 [ AC_MSG_RESULT(yes) ],
150 [ AC_MSG_RESULT(no)
151 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
152 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
153 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
154 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
155 ]
156 )
157
cdd66111 158 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
7e772e1f 159 if (test -z "$blibpath"); then
cdd66111 160 blibpath="/usr/lib:/lib"
7e772e1f 161 fi
162 saved_LDFLAGS="$LDFLAGS"
9108f8d9 163 if test "$GCC" = "yes"; then
164 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
165 else
166 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
167 fi
168 for tryflags in $flags ;do
7e772e1f 169 if (test -z "$blibflags"); then
170 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
171 AC_TRY_LINK([], [], [blibflags=$tryflags])
172 fi
173 done
174 if (test -z "$blibflags"); then
175 AC_MSG_RESULT(not found)
176 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
177 else
178 AC_MSG_RESULT($blibflags)
3c0ef626 179 fi
7e772e1f 180 LDFLAGS="$saved_LDFLAGS"
0fff78ff 181 dnl Check for authenticate. Might be in libs.a on older AIXes
2c06c99b 182 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
183 [Define if you want to enable AIX4's authenticate function])],
41b2f314 184 [AC_CHECK_LIB(s,authenticate,
185 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
186 LIBS="$LIBS -ls"
187 ])
188 ])
996d5e62 189 dnl Check for various auth function declarations in headers.
190 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
dec6d9fe 191 passwdexpired, setauthdb], , , [#include <usersec.h>])
0fff78ff 192 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
996d5e62 193 AC_CHECK_DECLS(loginfailed,
0fff78ff 194 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
195 AC_TRY_COMPILE(
196 [#include <usersec.h>],
197 [(void)loginfailed("user","host","tty",0);],
198 [AC_MSG_RESULT(yes)
2c06c99b 199 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
200 [Define if your AIX loginfailed() function
201 takes 4 arguments (AIX >= 5.2)])],
0fff78ff 202 [AC_MSG_RESULT(no)]
203 )],
204 [],
205 [#include <usersec.h>]
206 )
207 AC_CHECK_FUNCS(setauthdb)
9108f8d9 208 AC_CHECK_DECL(F_CLOSEM,
209 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
210 [],
211 [ #include <limits.h>
212 #include <fcntl.h> ]
213 )
996d5e62 214 check_for_aix_broken_getaddrinfo=1
2c06c99b 215 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
216 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
217 [Define if your platform breaks doing a seteuid before a setuid])
218 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
219 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
3c0ef626 220 dnl AIX handles lastlog as part of its login message
2c06c99b 221 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
222 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
223 [Some systems need a utmpx entry for /bin/login to work])
224 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
225 [Define to a Set Process Title type if your system is
226 supported by bsd-setproctitle.c])
227 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
228 [AIX 5.2 and 5.3 (and presumably newer) require this])
9108f8d9 229 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
3c0ef626 230 ;;
231*-*-cygwin*)
6a9b3198 232 check_for_libcrypt_later=1
e9a17296 233 LIBS="$LIBS /usr/lib/textmode.o"
2c06c99b 234 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
235 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
236 AC_DEFINE(DISABLE_SHADOW, 1,
237 [Define if you want to disable shadow passwords])
238 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
239 [Define if your system choked on IP TOS setting])
240 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
241 [Define if X11 doesn't support AF_UNIX sockets on that system])
242 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
243 [Define if the concept of ports only accessible to
244 superusers isn't known])
245 AC_DEFINE(DISABLE_FD_PASSING, 1,
246 [Define if your platform needs to skip post auth
247 file descriptor passing])
3c0ef626 248 ;;
249*-*-dgux*)
250 AC_DEFINE(IP_TOS_IS_BROKEN)
cdd66111 251 AC_DEFINE(SETEUID_BREAKS_SETUID)
252 AC_DEFINE(BROKEN_SETREUID)
253 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 254 ;;
255*-*-darwin*)
41b2f314 256 AC_MSG_CHECKING(if we have working getaddrinfo)
257 AC_TRY_RUN([#include <mach-o/dyld.h>
258main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
259 exit(0);
260 else
261 exit(1);
262}], [AC_MSG_RESULT(working)],
263 [AC_MSG_RESULT(buggy)
2c06c99b 264 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
41b2f314 265 [AC_MSG_RESULT(assume it is working)])
acc3d05e 266 AC_DEFINE(SETEUID_BREAKS_SETUID)
267 AC_DEFINE(BROKEN_SETREUID)
268 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 269 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
270 [Define if your resolver libs need this for getrrsetbyname])
9108f8d9 271 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
272 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
273 [Use tunnel device compatibility to OpenBSD])
274 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
275 [Prepend the address family to IP tunnel traffic])
659bdb8e 276 AC_MSG_CHECKING(if we have the Security Authorization Session API)
277 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
278 [SessionCreate(0, 0);],
279 [ac_cv_use_security_session_api="yes"
280 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
281 [platform has the Security Authorization Session API])
282 LIBS="$LIBS -framework Security"
283 AC_MSG_RESULT(yes)],
284 [ac_cv_use_security_session_api="no"
285 AC_MSG_RESULT(no)])
286 AC_MSG_CHECKING(if we have an in-memory credentials cache)
287 AC_TRY_COMPILE(
288 [#include <Kerberos/Kerberos.h>],
289 [cc_context_t c;
290 (void) cc_initialize (&c, 0, NULL, NULL);],
291 [AC_DEFINE(USE_CCAPI, 1,
292 [platform uses an in-memory credentials cache])
293 LIBS="$LIBS -framework Security"
294 AC_MSG_RESULT(yes)
295 if test "x$ac_cv_use_security_session_api" = "xno"; then
296 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
297 fi],
298 [AC_MSG_RESULT(no)]
299 )
300 ;;
9108f8d9 301*-*-dragonfly*)
302 SSHDLIBS="$SSHDLIBS -lcrypt"
3c0ef626 303 ;;
665a873d 304*-*-hpux*)
305 # first we define all of the options common to all HP-UX releases
3c0ef626 306 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
307 IPADDR_IN_DISPLAY=yes
3c0ef626 308 AC_DEFINE(USE_PIPES)
2c06c99b 309 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
310 [Define if your login program cannot handle end of options ("--")])
700318f3 311 AC_DEFINE(LOGIN_NEEDS_UTMPX)
2c06c99b 312 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
313 [String used in /etc/passwd to denote locked account])
0fff78ff 314 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
2c06c99b 315 MAIL="/var/mail/username"
41b2f314 316 LIBS="$LIBS -lsec"
665a873d 317 AC_CHECK_LIB(xnet, t_error, ,
318 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
319
320 # next, we define all of the options specific to major releases
321 case "$host" in
322 *-*-hpux10*)
323 if test -z "$GCC"; then
324 CFLAGS="$CFLAGS -Ae"
325 fi
326 ;;
327 *-*-hpux11*)
2c06c99b 328 AC_DEFINE(PAM_SUN_CODEBASE, 1,
329 [Define if you are using Solaris-derived PAM which
330 passes pam_messages to the conversation function
331 with an extra level of indirection])
332 AC_DEFINE(DISABLE_UTMP, 1,
333 [Define if you don't want to use utmp])
665a873d 334 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
335 check_for_hpux_broken_getaddrinfo=1
336 check_for_conflicting_getspnam=1
337 ;;
338 esac
339
340 # lastly, we define options specific to minor releases
341 case "$host" in
342 *-*-hpux10.26)
2c06c99b 343 AC_DEFINE(HAVE_SECUREWARE, 1,
344 [Define if you have SecureWare-based
345 protected password database])
665a873d 346 disable_ptmx_check=yes
347 LIBS="$LIBS -lsecpw"
348 ;;
349 esac
3c0ef626 350 ;;
351*-*-irix5*)
3c0ef626 352 PATH="$PATH:/usr/etc"
2c06c99b 353 AC_DEFINE(BROKEN_INET_NTOA, 1,
354 [Define if you system's inet_ntoa is busted
355 (e.g. Irix gcc issue)])
cdd66111 356 AC_DEFINE(SETEUID_BREAKS_SETUID)
357 AC_DEFINE(BROKEN_SETREUID)
358 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 359 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
360 [Define if you shouldn't strip 'tty' from your
361 ttyname in [uw]tmp])
0fff78ff 362 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 363 ;;
364*-*-irix6*)
3c0ef626 365 PATH="$PATH:/usr/etc"
2c06c99b 366 AC_DEFINE(WITH_IRIX_ARRAY, 1,
367 [Define if you have/want arrays
368 (cluster-wide session managment, not C arrays)])
369 AC_DEFINE(WITH_IRIX_PROJECT, 1,
370 [Define if you want IRIX project management])
371 AC_DEFINE(WITH_IRIX_AUDIT, 1,
372 [Define if you want IRIX audit trails])
373 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
374 [Define if you want IRIX kernel jobs])])
3c0ef626 375 AC_DEFINE(BROKEN_INET_NTOA)
acc3d05e 376 AC_DEFINE(SETEUID_BREAKS_SETUID)
377 AC_DEFINE(BROKEN_SETREUID)
378 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 379 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
700318f3 380 AC_DEFINE(WITH_ABBREV_NO_TTY)
0fff78ff 381 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 382 ;;
383*-*-linux*)
384 no_dev_ptmx=1
385 check_for_libcrypt_later=1
0fff78ff 386 check_for_openpty_ctty_bug=1
2c06c99b 387 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
388 AC_DEFINE(PAM_TTY_KLUDGE, 1,
389 [Work around problematic Linux PAM modules handling of PAM_TTY])
390 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
391 [String used in /etc/passwd to denote locked account])
0fff78ff 392 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
2c06c99b 393 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
394 [Define to whatever link() returns for "not supported"
395 if it doesn't return EOPNOTSUPP.])
996d5e62 396 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
2c06c99b 397 AC_DEFINE(USE_BTMP)
3c0ef626 398 inet6_default_4in6=yes
0fff78ff 399 case `uname -r` in
400 1.*|2.0.*)
2c06c99b 401 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
402 [Define if cmsg_type is not passed correctly])
0fff78ff 403 ;;
404 esac
2c06c99b 405 # tun(4) forwarding compat code
406 AC_CHECK_HEADERS(linux/if_tun.h)
407 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
408 AC_DEFINE(SSH_TUN_LINUX, 1,
409 [Open tunnel devices the Linux tun/tap way])
410 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
411 [Use tunnel device compatibility to OpenBSD])
412 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
413 [Prepend the address family to IP tunnel traffic])
414 fi
3c0ef626 415 ;;
416mips-sony-bsd|mips-sony-newsos4)
f2f068fa 417 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
3c0ef626 418 SONY=1
3c0ef626 419 ;;
420*-*-netbsd*)
41b2f314 421 check_for_libcrypt_before=1
dec6d9fe 422 if test "x$withval" != "xno" ; then
cdd66111 423 need_dash_r=1
424 fi
2c06c99b 425 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
426 AC_CHECK_HEADER([net/if_tap.h], ,
427 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
428 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
429 [Prepend the address family to IP tunnel traffic])
3c0ef626 430 ;;
431*-*-freebsd*)
432 check_for_libcrypt_later=1
2c06c99b 433 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
434 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
435 AC_CHECK_HEADER([net/if_tap.h], ,
436 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
3c0ef626 437 ;;
acc3d05e 438*-*-bsdi*)
439 AC_DEFINE(SETEUID_BREAKS_SETUID)
440 AC_DEFINE(BROKEN_SETREUID)
441 AC_DEFINE(BROKEN_SETREGID)
442 ;;
3c0ef626 443*-next-*)
444 conf_lastlog_location="/usr/adm/lastlog"
445 conf_utmp_location=/etc/utmp
446 conf_wtmp_location=/usr/adm/wtmp
447 MAIL=/usr/spool/mail
2c06c99b 448 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
3c0ef626 449 AC_DEFINE(BROKEN_REALPATH)
450 AC_DEFINE(USE_PIPES)
2c06c99b 451 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
3c0ef626 452 ;;
665a873d 453*-*-openbsd*)
454 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
2c06c99b 455 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
456 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
9108f8d9 457 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
458 [syslog_r function is safe to use in in a signal handler])
665a873d 459 ;;
3c0ef626 460*-*-solaris*)
dec6d9fe 461 if test "x$withval" != "xno" ; then
99be0775 462 need_dash_r=1
463 fi
3c0ef626 464 AC_DEFINE(PAM_SUN_CODEBASE)
465 AC_DEFINE(LOGIN_NEEDS_UTMPX)
2c06c99b 466 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
467 [Some versions of /bin/login need the TERM supplied
468 on the commandline])
3c0ef626 469 AC_DEFINE(PAM_TTY_KLUDGE)
2c06c99b 470 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
471 [Define if pam_chauthtok wants real uid set
472 to the unpriv'ed user])
0fff78ff 473 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
474 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
2c06c99b 475 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
476 [Define if sshd somehow reacquires a controlling TTY
477 after setsid()])
9108f8d9 478 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
479 in case the name is longer than 8 chars])
0fff78ff 480 external_path_file=/etc/default/login
3c0ef626 481 # hardwire lastlog location (can't detect it on some versions)
482 conf_lastlog_location="/var/adm/lastlog"
483 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
484 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
485 if test "$sol2ver" -ge 8; then
486 AC_MSG_RESULT(yes)
487 AC_DEFINE(DISABLE_UTMP)
2c06c99b 488 AC_DEFINE(DISABLE_WTMP, 1,
489 [Define if you don't want to use wtmp])
3c0ef626 490 else
491 AC_MSG_RESULT(no)
492 fi
9108f8d9 493 AC_ARG_WITH(solaris-contracts,
494 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
495 [
496 AC_CHECK_LIB(contract, ct_tmpl_activate,
497 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
498 [Define if you have Solaris process contracts])
499 SSHDLIBS="$SSHDLIBS -lcontract"
500 AC_SUBST(SSHDLIBS)
501 SPC_MSG="yes" ], )
502 ],
503 )
3c0ef626 504 ;;
505*-*-sunos4*)
506 CPPFLAGS="$CPPFLAGS -DSUNOS4"
507 AC_CHECK_FUNCS(getpwanam)
508 AC_DEFINE(PAM_SUN_CODEBASE)
3c0ef626 509 conf_utmp_location=/etc/utmp
510 conf_wtmp_location=/var/adm/wtmp
511 conf_lastlog_location=/var/adm/lastlog
512 AC_DEFINE(USE_PIPES)
513 ;;
514*-ncr-sysv*)
3c0ef626 515 LIBS="$LIBS -lc89"
e9a17296 516 AC_DEFINE(USE_PIPES)
0fff78ff 517 AC_DEFINE(SSHD_ACQUIRES_CTTY)
acc3d05e 518 AC_DEFINE(SETEUID_BREAKS_SETUID)
519 AC_DEFINE(BROKEN_SETREUID)
520 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 521 ;;
522*-sni-sysv*)
3c0ef626 523 # /usr/ucblib MUST NOT be searched on ReliantUNIX
cdd66111 524 AC_CHECK_LIB(dl, dlsym, ,)
2c06c99b 525 # -lresolv needs to be at the end of LIBS or DNS lookups break
526 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
3c0ef626 527 IPADDR_IN_DISPLAY=yes
528 AC_DEFINE(USE_PIPES)
529 AC_DEFINE(IP_TOS_IS_BROKEN)
cdd66111 530 AC_DEFINE(SETEUID_BREAKS_SETUID)
531 AC_DEFINE(BROKEN_SETREUID)
532 AC_DEFINE(BROKEN_SETREGID)
0fff78ff 533 AC_DEFINE(SSHD_ACQUIRES_CTTY)
534 external_path_file=/etc/default/login
3c0ef626 535 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
536 # Attention: always take care to bind libsocket and libnsl before libc,
537 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
538 ;;
996d5e62 539# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
3c0ef626 540*-*-sysv4.2*)
3c0ef626 541 AC_DEFINE(USE_PIPES)
0fff78ff 542 AC_DEFINE(SETEUID_BREAKS_SETUID)
543 AC_DEFINE(BROKEN_SETREUID)
544 AC_DEFINE(BROKEN_SETREGID)
dec6d9fe 545 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
2c06c99b 546 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 547 ;;
996d5e62 548# UnixWare 7.x, OpenUNIX 8
3c0ef626 549*-*-sysv5*)
665a873d 550 check_for_libcrypt_later=1
551 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
3c0ef626 552 AC_DEFINE(USE_PIPES)
0fff78ff 553 AC_DEFINE(SETEUID_BREAKS_SETUID)
554 AC_DEFINE(BROKEN_SETREUID)
555 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 556 AC_DEFINE(PASSWD_NEEDS_USERNAME)
665a873d 557 case "$host" in
558 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
559 TEST_SHELL=/u95/bin/sh
2c06c99b 560 AC_DEFINE(BROKEN_LIBIAF, 1,
561 [ia_uinfo routines not supported by OS yet])
9108f8d9 562 AC_DEFINE(BROKEN_UPDWTMPX)
2c06c99b 563 ;;
564 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
665a873d 565 ;;
566 esac
3c0ef626 567 ;;
568*-*-sysv*)
3c0ef626 569 ;;
996d5e62 570# SCO UNIX and OEM versions of SCO UNIX
3c0ef626 571*-*-sco3.2v4*)
996d5e62 572 AC_MSG_ERROR("This Platform is no longer supported.")
3c0ef626 573 ;;
996d5e62 574# SCO OpenServer 5.x
3c0ef626 575*-*-sco3.2v5*)
6a9b3198 576 if test -z "$GCC"; then
577 CFLAGS="$CFLAGS -belf"
578 fi
3c0ef626 579 LIBS="$LIBS -lprot -lx -ltinfo -lm"
580 no_dev_ptmx=1
3c0ef626 581 AC_DEFINE(USE_PIPES)
700318f3 582 AC_DEFINE(HAVE_SECUREWARE)
3c0ef626 583 AC_DEFINE(DISABLE_SHADOW)
41b2f314 584 AC_DEFINE(DISABLE_FD_PASSING)
0fff78ff 585 AC_DEFINE(SETEUID_BREAKS_SETUID)
586 AC_DEFINE(BROKEN_SETREUID)
587 AC_DEFINE(BROKEN_SETREGID)
588 AC_DEFINE(WITH_ABBREV_NO_TTY)
c9f39d2c 589 AC_DEFINE(BROKEN_UPDWTMPX)
2c06c99b 590 AC_DEFINE(PASSWD_NEEDS_USERNAME)
3c0ef626 591 AC_CHECK_FUNCS(getluid setluid)
592 MANTYPE=man
c9f39d2c 593 TEST_SHELL=ksh
3c0ef626 594 ;;
41b2f314 595*-*-unicosmk*)
2c06c99b 596 AC_DEFINE(NO_SSH_LASTLOG, 1,
597 [Define if you don't want to use lastlog in session.c])
cdd66111 598 AC_DEFINE(SETEUID_BREAKS_SETUID)
599 AC_DEFINE(BROKEN_SETREUID)
600 AC_DEFINE(BROKEN_SETREGID)
41b2f314 601 AC_DEFINE(USE_PIPES)
602 AC_DEFINE(DISABLE_FD_PASSING)
603 LDFLAGS="$LDFLAGS"
604 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
605 MANTYPE=cat
606 ;;
0fff78ff 607*-*-unicosmp*)
cdd66111 608 AC_DEFINE(SETEUID_BREAKS_SETUID)
609 AC_DEFINE(BROKEN_SETREUID)
610 AC_DEFINE(BROKEN_SETREGID)
0fff78ff 611 AC_DEFINE(WITH_ABBREV_NO_TTY)
612 AC_DEFINE(USE_PIPES)
613 AC_DEFINE(DISABLE_FD_PASSING)
614 LDFLAGS="$LDFLAGS"
cdd66111 615 LIBS="$LIBS -lgen -lacid -ldb"
0fff78ff 616 MANTYPE=cat
617 ;;
3c0ef626 618*-*-unicos*)
cdd66111 619 AC_DEFINE(SETEUID_BREAKS_SETUID)
620 AC_DEFINE(BROKEN_SETREUID)
621 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 622 AC_DEFINE(USE_PIPES)
41b2f314 623 AC_DEFINE(DISABLE_FD_PASSING)
624 AC_DEFINE(NO_SSH_LASTLOG)
625 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
626 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
627 MANTYPE=cat
3c0ef626 628 ;;
629*-dec-osf*)
630 AC_MSG_CHECKING(for Digital Unix SIA)
631 no_osfsia=""
632 AC_ARG_WITH(osfsia,
633 [ --with-osfsia Enable Digital Unix SIA],
634 [
635 if test "x$withval" = "xno" ; then
636 AC_MSG_RESULT(disabled)
637 no_osfsia=1
638 fi
639 ],
640 )
641 if test -z "$no_osfsia" ; then
642 if test -f /etc/sia/matrix.conf; then
643 AC_MSG_RESULT(yes)
2c06c99b 644 AC_DEFINE(HAVE_OSF_SIA, 1,
645 [Define if you have Digital Unix Security
646 Integration Architecture])
647 AC_DEFINE(DISABLE_LOGIN, 1,
648 [Define if you don't want to use your
649 system's login() call])
6a9b3198 650 AC_DEFINE(DISABLE_FD_PASSING)
3c0ef626 651 LIBS="$LIBS -lsecurity -ldb -lm -laud"
9108f8d9 652 SIA_MSG="yes"
3c0ef626 653 else
654 AC_MSG_RESULT(no)
2c06c99b 655 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
656 [String used in /etc/passwd to denote locked account])
3c0ef626 657 fi
658 fi
0fff78ff 659 AC_DEFINE(BROKEN_GETADDRINFO)
acc3d05e 660 AC_DEFINE(SETEUID_BREAKS_SETUID)
661 AC_DEFINE(BROKEN_SETREUID)
662 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 663 ;;
664
f2f068fa 665*-*-nto-qnx*)
3c0ef626 666 AC_DEFINE(USE_PIPES)
667 AC_DEFINE(NO_X11_UNIX_SOCKETS)
2c06c99b 668 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
669 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
670 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
f2f068fa 671 AC_DEFINE(DISABLE_LASTLOG)
9108f8d9 672 AC_DEFINE(SSHD_ACQUIRES_CTTY)
673 enable_etc_default_login=no # has incompatible /etc/default/login
3c0ef626 674 ;;
665a873d 675
676*-*-ultrix*)
2c06c99b 677 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
678 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
f2f068fa 679 AC_DEFINE(NEED_SETPGRP)
665a873d 680 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
681 ;;
682
683*-*-lynxos)
684 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
2c06c99b 685 AC_DEFINE(MISSING_HOWMANY)
665a873d 686 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
687 ;;
3c0ef626 688esac
689
690# Allow user to specify flags
691AC_ARG_WITH(cflags,
692 [ --with-cflags Specify additional flags to pass to compiler],
693 [
dec6d9fe 694 if test -n "$withval" && test "x$withval" != "xno" && \
695 test "x${withval}" != "xyes"; then
3c0ef626 696 CFLAGS="$CFLAGS $withval"
697 fi
dec6d9fe 698 ]
3c0ef626 699)
700AC_ARG_WITH(cppflags,
701 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
702 [
dec6d9fe 703 if test -n "$withval" && test "x$withval" != "xno" && \
704 test "x${withval}" != "xyes"; then
3c0ef626 705 CPPFLAGS="$CPPFLAGS $withval"
706 fi
707 ]
708)
709AC_ARG_WITH(ldflags,
710 [ --with-ldflags Specify additional flags to pass to linker],
711 [
dec6d9fe 712 if test -n "$withval" && test "x$withval" != "xno" && \
713 test "x${withval}" != "xyes"; then
3c0ef626 714 LDFLAGS="$LDFLAGS $withval"
715 fi
dec6d9fe 716 ]
3c0ef626 717)
718AC_ARG_WITH(libs,
719 [ --with-libs Specify additional libraries to link with],
720 [
dec6d9fe 721 if test -n "$withval" && test "x$withval" != "xno" && \
722 test "x${withval}" != "xyes"; then
3c0ef626 723 LIBS="$LIBS $withval"
724 fi
dec6d9fe 725 ]
3c0ef626 726)
665a873d 727AC_ARG_WITH(Werror,
728 [ --with-Werror Build main code with -Werror],
729 [
730 if test -n "$withval" && test "x$withval" != "xno"; then
731 werror_flags="-Werror"
2c06c99b 732 if test "x${withval}" != "xyes"; then
665a873d 733 werror_flags="$withval"
734 fi
735 fi
736 ]
737)
3c0ef626 738
0fff78ff 739AC_MSG_CHECKING(compiler and flags for sanity)
996d5e62 740AC_RUN_IFELSE(
741 [AC_LANG_SOURCE([
0fff78ff 742#include <stdio.h>
743int main(){exit(0);}
996d5e62 744 ])],
0fff78ff 745 [ AC_MSG_RESULT(yes) ],
746 [
747 AC_MSG_RESULT(no)
748 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
996d5e62 749 ],
750 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
0fff78ff 751)
752
665a873d 753dnl Checks for header files.
754AC_CHECK_HEADERS( \
755 bstring.h \
756 crypt.h \
9108f8d9 757 crypto/sha2.h \
665a873d 758 dirent.h \
759 endian.h \
760 features.h \
9108f8d9 761 fcntl.h \
665a873d 762 floatingpoint.h \
763 getopt.h \
764 glob.h \
765 ia.h \
766 iaf.h \
665a873d 767 limits.h \
768 login.h \
665a873d 769 maillock.h \
770 ndir.h \
9108f8d9 771 net/if_tun.h \
665a873d 772 netdb.h \
773 netgroup.h \
665a873d 774 pam/pam_appl.h \
775 paths.h \
776 pty.h \
777 readpassphrase.h \
778 rpc/types.h \
779 security/pam_appl.h \
9108f8d9 780 sha2.h \
665a873d 781 shadow.h \
782 stddef.h \
783 stdint.h \
784 string.h \
785 strings.h \
786 sys/audit.h \
787 sys/bitypes.h \
788 sys/bsdtty.h \
789 sys/cdefs.h \
790 sys/dir.h \
791 sys/mman.h \
792 sys/ndir.h \
793 sys/prctl.h \
794 sys/pstat.h \
795 sys/select.h \
796 sys/stat.h \
797 sys/stream.h \
798 sys/stropts.h \
799 sys/strtio.h \
800 sys/sysmacros.h \
801 sys/time.h \
802 sys/timers.h \
803 sys/un.h \
804 time.h \
805 tmpdir.h \
806 ttyent.h \
807 unistd.h \
808 usersec.h \
809 util.h \
810 utime.h \
811 utmp.h \
812 utmpx.h \
813 vis.h \
814)
3c0ef626 815
f2f068fa 816# lastlog.h requires sys/time.h to be included first on Solaris
817AC_CHECK_HEADERS(lastlog.h, [], [], [
818#ifdef HAVE_SYS_TIME_H
819# include <sys/time.h>
820#endif
821])
822
996d5e62 823# sys/ptms.h requires sys/stream.h to be included first on Solaris
824AC_CHECK_HEADERS(sys/ptms.h, [], [], [
825#ifdef HAVE_SYS_STREAM_H
826# include <sys/stream.h>
827#endif
828])
829
9108f8d9 830# login_cap.h requires sys/types.h on NetBSD
831AC_CHECK_HEADERS(login_cap.h, [], [], [
832#include <sys/types.h>
833])
834
3c0ef626 835# Checks for libraries.
836AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
837AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
838
0fff78ff 839dnl IRIX and Solaris 2.5.1 have dirname() in libgen
840AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
841 AC_CHECK_LIB(gen, dirname,[
842 AC_CACHE_CHECK([for broken dirname],
843 ac_cv_have_broken_dirname, [
844 save_LIBS="$LIBS"
845 LIBS="$LIBS -lgen"
2c06c99b 846 AC_RUN_IFELSE(
847 [AC_LANG_SOURCE([[
0fff78ff 848#include <libgen.h>
849#include <string.h>
850
851int main(int argc, char **argv) {
852 char *s, buf[32];
853
854 strncpy(buf,"/etc", 32);
855 s = dirname(buf);
856 if (!s || strncmp(s, "/", 32) != 0) {
857 exit(1);
858 } else {
859 exit(0);
860 }
861}
2c06c99b 862 ]])],
863 [ ac_cv_have_broken_dirname="no" ],
864 [ ac_cv_have_broken_dirname="yes" ],
0fff78ff 865 [ ac_cv_have_broken_dirname="no" ],
0fff78ff 866 )
867 LIBS="$save_LIBS"
868 ])
869 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
870 LIBS="$LIBS -lgen"
871 AC_DEFINE(HAVE_DIRNAME)
872 AC_CHECK_HEADERS(libgen.h)
873 fi
874 ])
875])
876
3c0ef626 877AC_CHECK_FUNC(getspnam, ,
878 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
2c06c99b 879AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
880 [Define if you have the basename function.]))
3c0ef626 881
882dnl zlib is required
883AC_ARG_WITH(zlib,
884 [ --with-zlib=PATH Use zlib in PATH],
dec6d9fe 885 [ if test "x$withval" = "xno" ; then
886 AC_MSG_ERROR([*** zlib is required ***])
887 elif test "x$withval" != "xyes"; then
3c0ef626 888 if test -d "$withval/lib"; then
889 if test -n "${need_dash_r}"; then
890 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
891 else
892 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
893 fi
894 else
895 if test -n "${need_dash_r}"; then
896 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
897 else
898 LDFLAGS="-L${withval} ${LDFLAGS}"
899 fi
900 fi
901 if test -d "$withval/include"; then
902 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
903 else
904 CPPFLAGS="-I${withval} ${CPPFLAGS}"
905 fi
dec6d9fe 906 fi ]
3c0ef626 907)
908
cdd66111 909AC_CHECK_LIB(z, deflate, ,
910 [
911 saved_CPPFLAGS="$CPPFLAGS"
912 saved_LDFLAGS="$LDFLAGS"
913 save_LIBS="$LIBS"
914 dnl Check default zlib install dir
915 if test -n "${need_dash_r}"; then
916 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
917 else
918 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
919 fi
920 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
921 LIBS="$LIBS -lz"
922 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
923 [
924 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
925 ]
926 )
927 ]
928)
929AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
930
931AC_ARG_WITH(zlib-version-check,
932 [ --without-zlib-version-check Disable zlib version check],
933 [ if test "x$withval" = "xno" ; then
934 zlib_check_nonfatal=1
935 fi
936 ]
937)
938
dec6d9fe 939AC_MSG_CHECKING(for possibly buggy zlib)
996d5e62 940AC_RUN_IFELSE([AC_LANG_SOURCE([[
dec6d9fe 941#include <stdio.h>
cdd66111 942#include <zlib.h>
943int main()
944{
dec6d9fe 945 int a=0, b=0, c=0, d=0, n, v;
946 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
947 if (n != 3 && n != 4)
cdd66111 948 exit(1);
dec6d9fe 949 v = a*1000000 + b*10000 + c*100 + d;
950 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
951
952 /* 1.1.4 is OK */
953 if (a == 1 && b == 1 && c >= 4)
cdd66111 954 exit(0);
dec6d9fe 955
665a873d 956 /* 1.2.3 and up are OK */
957 if (v >= 1020300)
dec6d9fe 958 exit(0);
959
cdd66111 960 exit(2);
961}
996d5e62 962 ]])],
dec6d9fe 963 AC_MSG_RESULT(no),
964 [ AC_MSG_RESULT(yes)
cdd66111 965 if test -z "$zlib_check_nonfatal" ; then
966 AC_MSG_ERROR([*** zlib too old - check config.log ***
967Your reported zlib version has known security problems. It's possible your
968vendor has fixed these problems without changing the version number. If you
969are sure this is the case, you can disable the check by running
970"./configure --without-zlib-version-check".
665a873d 971If you are in doubt, upgrade zlib to version 1.2.3 or greater.
dec6d9fe 972See http://www.gzip.org/zlib/ for details.])
cdd66111 973 else
974 AC_MSG_WARN([zlib version may have security problems])
975 fi
996d5e62 976 ],
977 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
cdd66111 978)
3c0ef626 979
3c0ef626 980dnl UnixWare 2.x
cdd66111 981AC_CHECK_FUNC(strcasecmp,
3c0ef626 982 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
983)
2c06c99b 984AC_CHECK_FUNCS(utimes,
41b2f314 985 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
986 LIBS="$LIBS -lc89"]) ]
3c0ef626 987)
988
989dnl Checks for libutil functions
990AC_CHECK_HEADERS(libutil.h)
2c06c99b 991AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
992 [Define if your libraries define login()])])
3c0ef626 993AC_CHECK_FUNCS(logout updwtmp logwtmp)
994
995AC_FUNC_STRFTIME
996
3c0ef626 997# Check for ALTDIRFUNC glob() extension
998AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
999AC_EGREP_CPP(FOUNDIT,
1000 [
1001 #include <glob.h>
1002 #ifdef GLOB_ALTDIRFUNC
1003 FOUNDIT
1004 #endif
cdd66111 1005 ],
3c0ef626 1006 [
2c06c99b 1007 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1008 [Define if your system glob() function has
1009 the GLOB_ALTDIRFUNC extension])
3c0ef626 1010 AC_MSG_RESULT(yes)
1011 ],
1012 [
1013 AC_MSG_RESULT(no)
1014 ]
1015)
1016
1017# Check for g.gl_matchc glob() extension
1018AC_MSG_CHECKING(for gl_matchc field in glob_t)
9108f8d9 1019AC_TRY_COMPILE(
1020 [ #include <glob.h> ],
1021 [glob_t g; g.gl_matchc = 1;],
cdd66111 1022 [
2c06c99b 1023 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1024 [Define if your system glob() function has
1025 gl_matchc options in glob_t])
cdd66111 1026 AC_MSG_RESULT(yes)
1027 ],
1028 [
1029 AC_MSG_RESULT(no)
1030 ]
3c0ef626 1031)
1032
9108f8d9 1033AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1034
3c0ef626 1035AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
996d5e62 1036AC_RUN_IFELSE(
1037 [AC_LANG_SOURCE([[
3c0ef626 1038#include <sys/types.h>
1039#include <dirent.h>
41b2f314 1040int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
996d5e62 1041 ]])],
cdd66111 1042 [AC_MSG_RESULT(yes)],
3c0ef626 1043 [
1044 AC_MSG_RESULT(no)
2c06c99b 1045 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1046 [Define if your struct dirent expects you to
1047 allocate extra space for d_name])
996d5e62 1048 ],
dec6d9fe 1049 [
996d5e62 1050 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1051 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
3c0ef626 1052 ]
1053)
1054
c9f39d2c 1055AC_MSG_CHECKING([for /proc/pid/fd directory])
1056if test -d "/proc/$$/fd" ; then
2c06c99b 1057 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
c9f39d2c 1058 AC_MSG_RESULT(yes)
1059else
1060 AC_MSG_RESULT(no)
1061fi
1062
3c0ef626 1063# Check whether user wants S/Key support
cdd66111 1064SKEY_MSG="no"
3c0ef626 1065AC_ARG_WITH(skey,
996d5e62 1066 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
3c0ef626 1067 [
1068 if test "x$withval" != "xno" ; then
1069
1070 if test "x$withval" != "xyes" ; then
1071 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1072 LDFLAGS="$LDFLAGS -L${withval}/lib"
1073 fi
1074
2c06c99b 1075 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
3c0ef626 1076 LIBS="-lskey $LIBS"
cdd66111 1077 SKEY_MSG="yes"
dec6d9fe 1078
e9a17296 1079 AC_MSG_CHECKING([for s/key support])
2c06c99b 1080 AC_LINK_IFELSE(
1081 [AC_LANG_SOURCE([[
e9a17296 1082#include <stdio.h>
1083#include <skey.h>
41b2f314 1084int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
2c06c99b 1085 ]])],
e9a17296 1086 [AC_MSG_RESULT(yes)],
3c0ef626 1087 [
e9a17296 1088 AC_MSG_RESULT(no)
3c0ef626 1089 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1090 ])
99be0775 1091 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1092 AC_TRY_COMPILE(
1093 [#include <stdio.h>
1094 #include <skey.h>],
1095 [(void)skeychallenge(NULL,"name","",0);],
1096 [AC_MSG_RESULT(yes)
2c06c99b 1097 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1098 [Define if your skeychallenge()
1099 function takes 4 arguments (NetBSD)])],
99be0775 1100 [AC_MSG_RESULT(no)]
1101 )
3c0ef626 1102 fi
1103 ]
1104)
1105
1106# Check whether user wants TCP wrappers support
1107TCPW_MSG="no"
1108AC_ARG_WITH(tcp-wrappers,
996d5e62 1109 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
3c0ef626 1110 [
1111 if test "x$withval" != "xno" ; then
1112 saved_LIBS="$LIBS"
1113 saved_LDFLAGS="$LDFLAGS"
1114 saved_CPPFLAGS="$CPPFLAGS"
dec6d9fe 1115 if test -n "${withval}" && \
1116 test "x${withval}" != "xyes"; then
3c0ef626 1117 if test -d "${withval}/lib"; then
1118 if test -n "${need_dash_r}"; then
1119 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1120 else
1121 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1122 fi
1123 else
1124 if test -n "${need_dash_r}"; then
1125 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1126 else
1127 LDFLAGS="-L${withval} ${LDFLAGS}"
1128 fi
1129 fi
1130 if test -d "${withval}/include"; then
1131 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1132 else
1133 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1134 fi
1135 fi
e9a17296 1136 LIBWRAP="-lwrap"
1137 LIBS="$LIBWRAP $LIBS"
3c0ef626 1138 AC_MSG_CHECKING(for libwrap)
1139 AC_TRY_LINK(
1140 [
99be0775 1141#include <sys/types.h>
1142#include <sys/socket.h>
1143#include <netinet/in.h>
3c0ef626 1144#include <tcpd.h>
1145 int deny_severity = 0, allow_severity = 0;
1146 ],
1147 [hosts_access(0);],
1148 [
1149 AC_MSG_RESULT(yes)
2c06c99b 1150 AC_DEFINE(LIBWRAP, 1,
1151 [Define if you want
1152 TCP Wrappers support])
e9a17296 1153 AC_SUBST(LIBWRAP)
3c0ef626 1154 TCPW_MSG="yes"
1155 ],
1156 [
1157 AC_MSG_ERROR([*** libwrap missing])
1158 ]
1159 )
e9a17296 1160 LIBS="$saved_LIBS"
3c0ef626 1161 fi
1162 ]
1163)
1164
996d5e62 1165# Check whether user wants libedit support
1166LIBEDIT_MSG="no"
1167AC_ARG_WITH(libedit,
1168 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1169 [ if test "x$withval" != "xno" ; then
dec6d9fe 1170 if test "x$withval" != "xyes"; then
2c06c99b 1171 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1172 if test -n "${need_dash_r}"; then
1173 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1174 else
1175 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1176 fi
dec6d9fe 1177 fi
996d5e62 1178 AC_CHECK_LIB(edit, el_init,
2c06c99b 1179 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
996d5e62 1180 LIBEDIT="-ledit -lcurses"
1181 LIBEDIT_MSG="yes"
1182 AC_SUBST(LIBEDIT)
1183 ],
dec6d9fe 1184 [ AC_MSG_ERROR(libedit not found) ],
1185 [ -lcurses ]
996d5e62 1186 )
665a873d 1187 AC_MSG_CHECKING(if libedit version is compatible)
1188 AC_COMPILE_IFELSE(
1189 [AC_LANG_SOURCE([[
1190#include <histedit.h>
1191int main(void)
1192{
1193 int i = H_SETSIZE;
1194 el_init("", NULL, NULL, NULL);
1195 exit(0);
1196}
1197 ]])],
1198 [ AC_MSG_RESULT(yes) ],
1199 [ AC_MSG_RESULT(no)
1200 AC_MSG_ERROR(libedit version is not compatible) ]
1201 )
996d5e62 1202 fi ]
1203)
1204
1205AUDIT_MODULE=none
1206AC_ARG_WITH(audit,
1207 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1208 [
1209 AC_MSG_CHECKING(for supported audit module)
1210 case "$withval" in
1211 bsm)
1212 AC_MSG_RESULT(bsm)
1213 AUDIT_MODULE=bsm
1214 dnl Checks for headers, libs and functions
1215 AC_CHECK_HEADERS(bsm/audit.h, [],
9108f8d9 1216 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1217 [
1218#ifdef HAVE_TIME_H
1219# include <time.h>
1220#endif
1221 ]
1222)
996d5e62 1223 AC_CHECK_LIB(bsm, getaudit, [],
1224 [AC_MSG_ERROR(BSM enabled and required library not found)])
1225 AC_CHECK_FUNCS(getaudit, [],
1226 [AC_MSG_ERROR(BSM enabled and required function not found)])
1227 # These are optional
1228 AC_CHECK_FUNCS(getaudit_addr)
2c06c99b 1229 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
996d5e62 1230 ;;
1231 debug)
1232 AUDIT_MODULE=debug
1233 AC_MSG_RESULT(debug)
2c06c99b 1234 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
996d5e62 1235 ;;
665a873d 1236 no)
1237 AC_MSG_RESULT(no)
1238 ;;
996d5e62 1239 *)
1240 AC_MSG_ERROR([Unknown audit module $withval])
1241 ;;
1242 esac ]
1243)
1244
6a9b3198 1245dnl Checks for library functions. Please keep in alphabetical order
665a873d 1246AC_CHECK_FUNCS( \
1247 arc4random \
2c06c99b 1248 asprintf \
665a873d 1249 b64_ntop \
1250 __b64_ntop \
1251 b64_pton \
1252 __b64_pton \
1253 bcopy \
1254 bindresvport_sa \
1255 clock \
1256 closefrom \
1257 dirfd \
1258 fchmod \
1259 fchown \
1260 freeaddrinfo \
1261 futimes \
1262 getaddrinfo \
1263 getcwd \
1264 getgrouplist \
1265 getnameinfo \
1266 getopt \
1267 getpeereid \
1268 _getpty \
1269 getrlimit \
1270 getttyent \
1271 glob \
1272 inet_aton \
1273 inet_ntoa \
1274 inet_ntop \
1275 innetgr \
1276 login_getcapbool \
1277 md5_crypt \
1278 memmove \
1279 mkdtemp \
1280 mmap \
1281 ngetaddrinfo \
1282 nsleep \
1283 ogetaddrinfo \
1284 openlog_r \
1285 openpty \
1286 prctl \
1287 pstat \
1288 readpassphrase \
1289 realpath \
1290 recvmsg \
1291 rresvport_af \
1292 sendmsg \
1293 setdtablesize \
1294 setegid \
1295 setenv \
1296 seteuid \
1297 setgroups \
1298 setlogin \
1299 setpcred \
1300 setproctitle \
1301 setregid \
1302 setreuid \
1303 setrlimit \
1304 setsid \
1305 setvbuf \
1306 sigaction \
1307 sigvec \
1308 snprintf \
1309 socketpair \
1310 strdup \
1311 strerror \
1312 strlcat \
1313 strlcpy \
1314 strmode \
1315 strnvis \
1316 strtonum \
1317 strtoll \
1318 strtoul \
1319 sysconf \
1320 tcgetpgrp \
1321 truncate \
1322 unsetenv \
1323 updwtmpx \
2c06c99b 1324 vasprintf \
665a873d 1325 vhangup \
1326 vsnprintf \
1327 waitpid \
6a9b3198 1328)
1329
acc3d05e 1330# IRIX has a const char return value for gai_strerror()
1331AC_CHECK_FUNCS(gai_strerror,[
1332 AC_DEFINE(HAVE_GAI_STRERROR)
1333 AC_TRY_COMPILE([
1334#include <sys/types.h>
1335#include <sys/socket.h>
1336#include <netdb.h>
1337
1338const char *gai_strerror(int);],[
1339char *str;
1340
1341str = gai_strerror(0);],[
1342 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1343 [Define if gai_strerror() returns const char *])])])
1344
2c06c99b 1345AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1346 [Some systems put nanosleep outside of libc]))
6a9b3198 1347
0fff78ff 1348dnl Make sure prototypes are defined for these before using them.
0fff78ff 1349AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
665a873d 1350AC_CHECK_DECL(strsep,
1351 [AC_CHECK_FUNCS(strsep)],
1352 [],
1353 [
1354#ifdef HAVE_STRING_H
1355# include <string.h>
1356#endif
1357 ])
3c0ef626 1358
0fff78ff 1359dnl tcsendbreak might be a macro
1360AC_CHECK_DECL(tcsendbreak,
1361 [AC_DEFINE(HAVE_TCSENDBREAK)],
cdd66111 1362 [AC_CHECK_FUNCS(tcsendbreak)],
0fff78ff 1363 [#include <termios.h>]
1364)
3c0ef626 1365
c9f39d2c 1366AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1367
9108f8d9 1368AC_CHECK_DECLS(SHUT_RD, , ,
1369 [
1370#include <sys/types.h>
1371#include <sys/socket.h>
1372 ])
1373
1374AC_CHECK_DECLS(O_NONBLOCK, , ,
1375 [
1376#include <sys/types.h>
1377#ifdef HAVE_SYS_STAT_H
1378# include <sys/stat.h>
1379#endif
1380#ifdef HAVE_FCNTL_H
1381# include <fcntl.h>
1382#endif
1383 ])
1384
1385AC_CHECK_DECLS(writev, , , [
1386#include <sys/types.h>
1387#include <sys/uio.h>
1388#include <unistd.h>
1389 ])
1390
cdd66111 1391AC_CHECK_FUNCS(setresuid, [
1392 dnl Some platorms have setresuid that isn't implemented, test for this
1393 AC_MSG_CHECKING(if setresuid seems to work)
996d5e62 1394 AC_RUN_IFELSE(
1395 [AC_LANG_SOURCE([[
cdd66111 1396#include <stdlib.h>
1397#include <errno.h>
1398int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
996d5e62 1399 ]])],
cdd66111 1400 [AC_MSG_RESULT(yes)],
2c06c99b 1401 [AC_DEFINE(BROKEN_SETRESUID, 1,
1402 [Define if your setresuid() is broken])
996d5e62 1403 AC_MSG_RESULT(not implemented)],
1404 [AC_MSG_WARN([cross compiling: not checking setresuid])]
cdd66111 1405 )
1406])
1407
1408AC_CHECK_FUNCS(setresgid, [
1409 dnl Some platorms have setresgid that isn't implemented, test for this
1410 AC_MSG_CHECKING(if setresgid seems to work)
996d5e62 1411 AC_RUN_IFELSE(
1412 [AC_LANG_SOURCE([[
cdd66111 1413#include <stdlib.h>
1414#include <errno.h>
1415int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
996d5e62 1416 ]])],
cdd66111 1417 [AC_MSG_RESULT(yes)],
2c06c99b 1418 [AC_DEFINE(BROKEN_SETRESGID, 1,
1419 [Define if your setresgid() is broken])
996d5e62 1420 AC_MSG_RESULT(not implemented)],
1421 [AC_MSG_WARN([cross compiling: not checking setresuid])]
cdd66111 1422 )
1423])
1424
3c0ef626 1425dnl Checks for time functions
1426AC_CHECK_FUNCS(gettimeofday time)
1427dnl Checks for utmp functions
1428AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1429AC_CHECK_FUNCS(utmpname)
1430dnl Checks for utmpx functions
1431AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1432AC_CHECK_FUNCS(setutxent utmpxname)
1433
cdd66111 1434AC_CHECK_FUNC(daemon,
2c06c99b 1435 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1436 [AC_CHECK_LIB(bsd, daemon,
1437 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
3c0ef626 1438)
1439
cdd66111 1440AC_CHECK_FUNC(getpagesize,
2c06c99b 1441 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1442 [Define if your libraries define getpagesize()])],
1443 [AC_CHECK_LIB(ucb, getpagesize,
1444 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
3c0ef626 1445)
1446
1447# Check for broken snprintf
1448if test "x$ac_cv_func_snprintf" = "xyes" ; then
1449 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
996d5e62 1450 AC_RUN_IFELSE(
1451 [AC_LANG_SOURCE([[
3c0ef626 1452#include <stdio.h>
41b2f314 1453int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
996d5e62 1454 ]])],
cdd66111 1455 [AC_MSG_RESULT(yes)],
3c0ef626 1456 [
1457 AC_MSG_RESULT(no)
2c06c99b 1458 AC_DEFINE(BROKEN_SNPRINTF, 1,
1459 [Define if your snprintf is busted])
3c0ef626 1460 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
996d5e62 1461 ],
1462 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
3c0ef626 1463 )
1464fi
1465
2c06c99b 1466# If we don't have a working asprintf, then we strongly depend on vsnprintf
1467# returning the right thing on overflow: the number of characters it tried to
1468# create (as per SUSv3)
1469if test "x$ac_cv_func_asprintf" != "xyes" && \
1470 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1471 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1472 AC_RUN_IFELSE(
1473 [AC_LANG_SOURCE([[
1474#include <sys/types.h>
1475#include <stdio.h>
1476#include <stdarg.h>
1477
1478int x_snprintf(char *str,size_t count,const char *fmt,...)
1479{
1480 size_t ret; va_list ap;
1481 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1482 return ret;
1483}
1484int main(void)
1485{
1486 char x[1];
1487 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1488} ]])],
1489 [AC_MSG_RESULT(yes)],
1490 [
1491 AC_MSG_RESULT(no)
1492 AC_DEFINE(BROKEN_SNPRINTF, 1,
1493 [Define if your snprintf is busted])
1494 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1495 ],
1496 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1497 )
1498fi
1499
1500# On systems where [v]snprintf is broken, but is declared in stdio,
1501# check that the fmt argument is const char * or just char *.
1502# This is only useful for when BROKEN_SNPRINTF
1503AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1504AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1505 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1506 int main(void) { snprintf(0, 0, 0); }
1507 ]])],
1508 [AC_MSG_RESULT(yes)
1509 AC_DEFINE(SNPRINTF_CONST, [const],
1510 [Define as const if snprintf() can declare const char *fmt])],
1511 [AC_MSG_RESULT(no)
1512 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1513
c9f39d2c 1514# Check for missing getpeereid (or equiv) support
1515NO_PEERCHECK=""
1516if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1517 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1518 AC_TRY_COMPILE(
1519 [#include <sys/types.h>
1520 #include <sys/socket.h>],
1521 [int i = SO_PEERCRED;],
dec6d9fe 1522 [ AC_MSG_RESULT(yes)
2c06c99b 1523 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
dec6d9fe 1524 ],
c9f39d2c 1525 [AC_MSG_RESULT(no)
1526 NO_PEERCHECK=1]
1527 )
1528fi
1529
6a9b3198 1530dnl see whether mkstemp() requires XXXXXX
1531if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1532AC_MSG_CHECKING([for (overly) strict mkstemp])
2c06c99b 1533AC_RUN_IFELSE(
1534 [AC_LANG_SOURCE([[
6a9b3198 1535#include <stdlib.h>
1536main() { char template[]="conftest.mkstemp-test";
1537if (mkstemp(template) == -1)
1538 exit(1);
1539unlink(template); exit(0);
1540}
2c06c99b 1541 ]])],
6a9b3198 1542 [
1543 AC_MSG_RESULT(no)
1544 ],
cdd66111 1545 [
6a9b3198 1546 AC_MSG_RESULT(yes)
2c06c99b 1547 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
6a9b3198 1548 ],
1549 [
1550 AC_MSG_RESULT(yes)
1551 AC_DEFINE(HAVE_STRICT_MKSTEMP)
cdd66111 1552 ]
6a9b3198 1553)
1554fi
1555
0fff78ff 1556dnl make sure that openpty does not reacquire controlling terminal
1557if test ! -z "$check_for_openpty_ctty_bug"; then
1558 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
2c06c99b 1559 AC_RUN_IFELSE(
1560 [AC_LANG_SOURCE([[
0fff78ff 1561#include <stdio.h>
1562#include <sys/fcntl.h>
1563#include <sys/types.h>
1564#include <sys/wait.h>
1565
1566int
1567main()
1568{
1569 pid_t pid;
1570 int fd, ptyfd, ttyfd, status;
1571
1572 pid = fork();
1573 if (pid < 0) { /* failed */
1574 exit(1);
1575 } else if (pid > 0) { /* parent */
1576 waitpid(pid, &status, 0);
cdd66111 1577 if (WIFEXITED(status))
0fff78ff 1578 exit(WEXITSTATUS(status));
1579 else
1580 exit(2);
1581 } else { /* child */
1582 close(0); close(1); close(2);
1583 setsid();
1584 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1585 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1586 if (fd >= 0)
1587 exit(3); /* Acquired ctty: broken */
1588 else
1589 exit(0); /* Did not acquire ctty: OK */
1590 }
1591}
2c06c99b 1592 ]])],
0fff78ff 1593 [
1594 AC_MSG_RESULT(yes)
1595 ],
1596 [
1597 AC_MSG_RESULT(no)
1598 AC_DEFINE(SSHD_ACQUIRES_CTTY)
2c06c99b 1599 ],
1600 [
1601 AC_MSG_RESULT(cross-compiling, assuming yes)
0fff78ff 1602 ]
1603 )
1604fi
1605
dec6d9fe 1606if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1607 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
99be0775 1608 AC_MSG_CHECKING(if getaddrinfo seems to work)
2c06c99b 1609 AC_RUN_IFELSE(
1610 [AC_LANG_SOURCE([[
99be0775 1611#include <stdio.h>
1612#include <sys/socket.h>
1613#include <netdb.h>
1614#include <errno.h>
1615#include <netinet/in.h>
1616
1617#define TEST_PORT "2222"
1618
1619int
1620main(void)
1621{
1622 int err, sock;
1623 struct addrinfo *gai_ai, *ai, hints;
1624 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1625
1626 memset(&hints, 0, sizeof(hints));
1627 hints.ai_family = PF_UNSPEC;
1628 hints.ai_socktype = SOCK_STREAM;
1629 hints.ai_flags = AI_PASSIVE;
1630
1631 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1632 if (err != 0) {
1633 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1634 exit(1);
1635 }
1636
1637 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1638 if (ai->ai_family != AF_INET6)
1639 continue;
1640
1641 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1642 sizeof(ntop), strport, sizeof(strport),
1643 NI_NUMERICHOST|NI_NUMERICSERV);
1644
1645 if (err != 0) {
1646 if (err == EAI_SYSTEM)
1647 perror("getnameinfo EAI_SYSTEM");
1648 else
1649 fprintf(stderr, "getnameinfo failed: %s\n",
1650 gai_strerror(err));
1651 exit(2);
1652 }
1653
1654 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1655 if (sock < 0)
1656 perror("socket");
1657 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1658 if (errno == EBADF)
1659 exit(3);
1660 }
1661 }
1662 exit(0);
1663}
2c06c99b 1664 ]])],
99be0775 1665 [
1666 AC_MSG_RESULT(yes)
1667 ],
1668 [
1669 AC_MSG_RESULT(no)
1670 AC_DEFINE(BROKEN_GETADDRINFO)
2c06c99b 1671 ],
1672 [
1673 AC_MSG_RESULT(cross-compiling, assuming yes)
99be0775 1674 ]
1675 )
1676fi
1677
dec6d9fe 1678if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1679 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
996d5e62 1680 AC_MSG_CHECKING(if getaddrinfo seems to work)
2c06c99b 1681 AC_RUN_IFELSE(
1682 [AC_LANG_SOURCE([[
996d5e62 1683#include <stdio.h>
1684#include <sys/socket.h>
1685#include <netdb.h>
1686#include <errno.h>
1687#include <netinet/in.h>
1688
1689#define TEST_PORT "2222"
1690
1691int
1692main(void)
1693{
1694 int err, sock;
1695 struct addrinfo *gai_ai, *ai, hints;
1696 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1697
1698 memset(&hints, 0, sizeof(hints));
1699 hints.ai_family = PF_UNSPEC;
1700 hints.ai_socktype = SOCK_STREAM;
1701 hints.ai_flags = AI_PASSIVE;
1702
1703 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1704 if (err != 0) {
1705 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1706 exit(1);
1707 }
1708
1709 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1710 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1711 continue;
1712
1713 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1714 sizeof(ntop), strport, sizeof(strport),
1715 NI_NUMERICHOST|NI_NUMERICSERV);
1716
1717 if (ai->ai_family == AF_INET && err != 0) {
1718 perror("getnameinfo");
1719 exit(2);
1720 }
1721 }
1722 exit(0);
1723}
2c06c99b 1724 ]])],
996d5e62 1725 [
1726 AC_MSG_RESULT(yes)
2c06c99b 1727 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1728 [Define if you have a getaddrinfo that fails
1729 for the all-zeros IPv6 address])
996d5e62 1730 ],
1731 [
1732 AC_MSG_RESULT(no)
1733 AC_DEFINE(BROKEN_GETADDRINFO)
2c06c99b 1734 ],
9108f8d9 1735 [
2c06c99b 1736 AC_MSG_RESULT(cross-compiling, assuming no)
996d5e62 1737 ]
1738 )
1739fi
1740
1741if test "x$check_for_conflicting_getspnam" = "x1"; then
1742 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1743 AC_COMPILE_IFELSE(
1744 [
1745#include <shadow.h>
1746int main(void) {exit(0);}
1747 ],
1748 [
1749 AC_MSG_RESULT(no)
1750 ],
1751 [
1752 AC_MSG_RESULT(yes)
1753 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1754 [Conflicting defs for getspnam])
1755 ]
1756 )
1757fi
1758
3c0ef626 1759AC_FUNC_GETPGRP
1760
700318f3 1761# Search for OpenSSL
1762saved_CPPFLAGS="$CPPFLAGS"
1763saved_LDFLAGS="$LDFLAGS"
3c0ef626 1764AC_ARG_WITH(ssl-dir,
1765 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1766 [
1767 if test "x$withval" != "xno" ; then
996d5e62 1768 case "$withval" in
1769 # Relative paths
1770 ./*|../*) withval="`pwd`/$withval"
1771 esac
700318f3 1772 if test -d "$withval/lib"; then
1773 if test -n "${need_dash_r}"; then
1774 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1775 else
1776 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
3c0ef626 1777 fi
1778 else
700318f3 1779 if test -n "${need_dash_r}"; then
1780 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1781 else
1782 LDFLAGS="-L${withval} ${LDFLAGS}"
3c0ef626 1783 fi
1784 fi
700318f3 1785 if test -d "$withval/include"; then
1786 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
3c0ef626 1787 else
700318f3 1788 CPPFLAGS="-I${withval} ${CPPFLAGS}"
3c0ef626 1789 fi
1790 fi
700318f3 1791 ]
1792)
cdd66111 1793LIBS="-lcrypto $LIBS"
2c06c99b 1794AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1795 [Define if your ssl headers are included
1796 with #include <openssl/header.h>]),
3c0ef626 1797 [
700318f3 1798 dnl Check default openssl install dir
1799 if test -n "${need_dash_r}"; then
1800 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
3c0ef626 1801 else
700318f3 1802 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
3c0ef626 1803 fi
700318f3 1804 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1805 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1806 [
1807 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1808 ]
1809 )
1810 ]
1811)
1812
41b2f314 1813# Determine OpenSSL header version
1814AC_MSG_CHECKING([OpenSSL header version])
996d5e62 1815AC_RUN_IFELSE(
1816 [AC_LANG_SOURCE([[
41b2f314 1817#include <stdio.h>
1818#include <string.h>
1819#include <openssl/opensslv.h>
1820#define DATA "conftest.sslincver"
1821int main(void) {
cdd66111 1822 FILE *fd;
1823 int rc;
41b2f314 1824
cdd66111 1825 fd = fopen(DATA,"w");
1826 if(fd == NULL)
1827 exit(1);
41b2f314 1828
1829 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1830 exit(1);
1831
1832 exit(0);
1833}
996d5e62 1834 ]])],
41b2f314 1835 [
1836 ssl_header_ver=`cat conftest.sslincver`
1837 AC_MSG_RESULT($ssl_header_ver)
1838 ],
1839 [
1840 AC_MSG_RESULT(not found)
1841 AC_MSG_ERROR(OpenSSL version header not found.)
996d5e62 1842 ],
1843 [
1844 AC_MSG_WARN([cross compiling: not checking])
41b2f314 1845 ]
1846)
1847
1848# Determine OpenSSL library version
1849AC_MSG_CHECKING([OpenSSL library version])
996d5e62 1850AC_RUN_IFELSE(
1851 [AC_LANG_SOURCE([[
41b2f314 1852#include <stdio.h>
1853#include <string.h>
1854#include <openssl/opensslv.h>
1855#include <openssl/crypto.h>
1856#define DATA "conftest.ssllibver"
1857int main(void) {
cdd66111 1858 FILE *fd;
1859 int rc;
41b2f314 1860
cdd66111 1861 fd = fopen(DATA,"w");
1862 if(fd == NULL)
1863 exit(1);
41b2f314 1864
1865 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1866 exit(1);
1867
1868 exit(0);
1869}
996d5e62 1870 ]])],
41b2f314 1871 [
1872 ssl_library_ver=`cat conftest.ssllibver`
1873 AC_MSG_RESULT($ssl_library_ver)
1874 ],
1875 [
1876 AC_MSG_RESULT(not found)
1877 AC_MSG_ERROR(OpenSSL library not found.)
996d5e62 1878 ],
1879 [
1880 AC_MSG_WARN([cross compiling: not checking])
41b2f314 1881 ]
1882)
3c0ef626 1883
e9a17296 1884# Sanity check OpenSSL headers
1885AC_MSG_CHECKING([whether OpenSSL's headers match the library])
996d5e62 1886AC_RUN_IFELSE(
1887 [AC_LANG_SOURCE([[
e9a17296 1888#include <string.h>
1889#include <openssl/opensslv.h>
41b2f314 1890int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
996d5e62 1891 ]])],
e9a17296 1892 [
1893 AC_MSG_RESULT(yes)
1894 ],
1895 [
1896 AC_MSG_RESULT(no)
0fff78ff 1897 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1898Check config.log for details.
1899Also see contrib/findssl.sh for help identifying header/library mismatches.])
996d5e62 1900 ],
1901 [
1902 AC_MSG_WARN([cross compiling: not checking])
e9a17296 1903 ]
1904)
1905
9108f8d9 1906AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1907AC_LINK_IFELSE(
1908 [AC_LANG_SOURCE([[
1909#include <openssl/evp.h>
1910int main(void) { SSLeay_add_all_algorithms(); }
1911 ]])],
1912 [
1913 AC_MSG_RESULT(yes)
1914 ],
1915 [
1916 AC_MSG_RESULT(no)
1917 saved_LIBS="$LIBS"
1918 LIBS="$LIBS -ldl"
1919 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1920 AC_LINK_IFELSE(
1921 [AC_LANG_SOURCE([[
1922#include <openssl/evp.h>
1923int main(void) { SSLeay_add_all_algorithms(); }
1924 ]])],
1925 [
1926 AC_MSG_RESULT(yes)
1927 ],
1928 [
1929 AC_MSG_RESULT(no)
1930 LIBS="$saved_LIBS"
1931 ]
1932 )
1933 ]
1934)
1935
1936AC_ARG_WITH(ssl-engine,
1937 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1938 [ if test "x$withval" != "xno" ; then
1939 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1940 AC_TRY_COMPILE(
1941 [ #include <openssl/engine.h>],
1942 [
1943int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1944 ],
1945 [ AC_MSG_RESULT(yes)
1946 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1947 [Enable OpenSSL engine support])
1948 ],
1949 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1950 )
1951 fi ]
1952)
1953
2c06c99b 1954# Check for OpenSSL without EVP_aes_{192,256}_cbc
1955AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
9108f8d9 1956AC_LINK_IFELSE(
2c06c99b 1957 [AC_LANG_SOURCE([[
1958#include <string.h>
1959#include <openssl/evp.h>
f2f068fa 1960int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2c06c99b 1961 ]])],
1962 [
1963 AC_MSG_RESULT(no)
1964 ],
1965 [
1966 AC_MSG_RESULT(yes)
1967 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1968 [libcrypto is missing AES 192 and 256 bit functions])
1969 ]
1970)
1971
cdd66111 1972# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1973# because the system crypt() is more featureful.
1974if test "x$check_for_libcrypt_before" = "x1"; then
1975 AC_CHECK_LIB(crypt, crypt)
1976fi
1977
1978# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1979# version in OpenSSL.
0fff78ff 1980if test "x$check_for_libcrypt_later" = "x1"; then
3c0ef626 1981 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1982fi
1983
9108f8d9 1984# Search for SHA256 support in libc and/or OpenSSL
1985AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1986
665a873d 1987AC_CHECK_LIB(iaf, ia_openinfo)
e9a17296 1988
1989### Configure cryptographic random number support
1990
1991# Check wheter OpenSSL seeds itself
1992AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
996d5e62 1993AC_RUN_IFELSE(
1994 [AC_LANG_SOURCE([[
e9a17296 1995#include <string.h>
1996#include <openssl/rand.h>
41b2f314 1997int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
996d5e62 1998 ]])],
e9a17296 1999 [
2000 OPENSSL_SEEDS_ITSELF=yes
2001 AC_MSG_RESULT(yes)
2002 ],
2003 [
2004 AC_MSG_RESULT(no)
2005 # Default to use of the rand helper if OpenSSL doesn't
2006 # seed itself
2007 USE_RAND_HELPER=yes
996d5e62 2008 ],
2009 [
2010 AC_MSG_WARN([cross compiling: assuming yes])
2011 # This is safe, since all recent OpenSSL versions will
dec6d9fe 2012 # complain at runtime if not seeded correctly.
996d5e62 2013 OPENSSL_SEEDS_ITSELF=yes
e9a17296 2014 ]
2015)
2016
9108f8d9 2017# Check for PAM libs
2018PAM_MSG="no"
2019AC_ARG_WITH(pam,
2020 [ --with-pam Enable PAM support ],
2021 [
2022 if test "x$withval" != "xno" ; then
2023 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2024 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2025 AC_MSG_ERROR([PAM headers not found])
2026 fi
2027
2028 saved_LIBS="$LIBS"
2029 AC_CHECK_LIB(dl, dlopen, , )
2030 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2031 AC_CHECK_FUNCS(pam_getenvlist)
2032 AC_CHECK_FUNCS(pam_putenv)
2033 LIBS="$saved_LIBS"
2034
2035 PAM_MSG="yes"
2036
2037 LIBPAM="-lpam"
2038 AC_DEFINE(USE_PAM, 1,
2039 [Define if you want to enable PAM support])
2040
2041 if test $ac_cv_lib_dl_dlopen = yes; then
2042 case "$LIBS" in
2043 *-ldl*)
2044 # libdl already in LIBS
2045 ;;
2046 *)
2047 LIBPAM="$LIBPAM -ldl"
2048 ;;
2049 esac
2050 fi
2051 AC_SUBST(LIBPAM)
2052 fi
2053 ]
2054)
2055
2056# Check for older PAM
2057if test "x$PAM_MSG" = "xyes" ; then
2058 # Check PAM strerror arguments (old PAM)
2059 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2060 AC_TRY_COMPILE(
2061 [
2062#include <stdlib.h>
2063#if defined(HAVE_SECURITY_PAM_APPL_H)
2064#include <security/pam_appl.h>
2065#elif defined (HAVE_PAM_PAM_APPL_H)
2066#include <pam/pam_appl.h>
2067#endif
2068 ],
2069 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2070 [AC_MSG_RESULT(no)],
2071 [
2072 AC_DEFINE(HAVE_OLD_PAM, 1,
2073 [Define if you have an old version of PAM
2074 which takes only one argument to pam_strerror])
2075 AC_MSG_RESULT(yes)
2076 PAM_MSG="yes (old library)"
2077 ]
2078 )
2079fi
e9a17296 2080
2081# Do we want to force the use of the rand helper?
2082AC_ARG_WITH(rand-helper,
2083 [ --with-rand-helper Use subprocess to gather strong randomness ],
2084 [
2085 if test "x$withval" = "xno" ; then
cdd66111 2086 # Force use of OpenSSL's internal RNG, even if
e9a17296 2087 # the previous test showed it to be unseeded.
2088 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2089 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2090 OPENSSL_SEEDS_ITSELF=yes
2091 USE_RAND_HELPER=""
2092 fi
2093 else
2094 USE_RAND_HELPER=yes
2095 fi
2096 ],
dec6d9fe 2097)
e9a17296 2098
2099# Which randomness source do we use?
dec6d9fe 2100if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
e9a17296 2101 # OpenSSL only
2c06c99b 2102 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2103 [Define if you want OpenSSL's internally seeded PRNG only])
e9a17296 2104 RAND_MSG="OpenSSL internal ONLY"
2105 INSTALL_SSH_RAND_HELPER=""
2106elif test ! -z "$USE_RAND_HELPER" ; then
2107 # install rand helper
2108 RAND_MSG="ssh-rand-helper"
2109 INSTALL_SSH_RAND_HELPER="yes"
2110fi
2111AC_SUBST(INSTALL_SSH_RAND_HELPER)
2112
2113### Configuration of ssh-rand-helper
2114
2115# PRNGD TCP socket
2116AC_ARG_WITH(prngd-port,
2117 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2118 [
2119 case "$withval" in
2120 no)
2121 withval=""
2122 ;;
2123 [[0-9]]*)
2124 ;;
2125 *)
2126 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2127 ;;
2128 esac
2129 if test ! -z "$withval" ; then
2130 PRNGD_PORT="$withval"
2c06c99b 2131 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2132 [Port number of PRNGD/EGD random number socket])
e9a17296 2133 fi
2134 ]
2135)
2136
2137# PRNGD Unix domain socket
2138AC_ARG_WITH(prngd-socket,
2139 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2140 [
2141 case "$withval" in
2142 yes)
2143 withval="/var/run/egd-pool"
2144 ;;
2145 no)
2146 withval=""
2147 ;;
2148 /*)
2149 ;;
2150 *)
2151 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2152 ;;
2153 esac
2154
2155 if test ! -z "$withval" ; then
2156 if test ! -z "$PRNGD_PORT" ; then
2157 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2158 fi
2159 if test ! -r "$withval" ; then
2160 AC_MSG_WARN(Entropy socket is not readable)
2161 fi
2162 PRNGD_SOCKET="$withval"
2c06c99b 2163 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2164 [Location of PRNGD/EGD random number socket])
e9a17296 2165 fi
2166 ],
2167 [
2168 # Check for existing socket only if we don't have a random device already
2169 if test "$USE_RAND_HELPER" = yes ; then
2170 AC_MSG_CHECKING(for PRNGD/EGD socket)
2171 # Insert other locations here
2172 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2173 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2174 PRNGD_SOCKET="$sock"
2175 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2176 break;
2177 fi
2178 done
2179 if test ! -z "$PRNGD_SOCKET" ; then
2180 AC_MSG_RESULT($PRNGD_SOCKET)
2181 else
2182 AC_MSG_RESULT(not found)
2183 fi
2184 fi
2185 ]
2186)
2187
2188# Change default command timeout for hashing entropy source
2189entropy_timeout=200
2190AC_ARG_WITH(entropy-timeout,
2191 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2192 [
dec6d9fe 2193 if test -n "$withval" && test "x$withval" != "xno" && \
2194 test "x${withval}" != "xyes"; then
e9a17296 2195 entropy_timeout=$withval
2196 fi
dec6d9fe 2197 ]
e9a17296 2198)
2c06c99b 2199AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2200 [Builtin PRNG command timeout])
e9a17296 2201
680cee3b 2202SSH_PRIVSEP_USER=sshd
700318f3 2203AC_ARG_WITH(privsep-user,
2204 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2205 [
dec6d9fe 2206 if test -n "$withval" && test "x$withval" != "xno" && \
2207 test "x${withval}" != "xyes"; then
680cee3b 2208 SSH_PRIVSEP_USER=$withval
700318f3 2209 fi
dec6d9fe 2210 ]
700318f3 2211)
2c06c99b 2212AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2213 [non-privileged user for privilege separation])
680cee3b 2214AC_SUBST(SSH_PRIVSEP_USER)
700318f3 2215
2216# We do this little dance with the search path to insure
2217# that programs that we select for use by installed programs
2218# (which may be run by the super-user) come from trusted
2219# locations before they come from the user's private area.
2220# This should help avoid accidentally configuring some
2221# random version of a program in someone's personal bin.
2222
2223OPATH=$PATH
2224PATH=/bin:/usr/bin
2225test -h /bin 2> /dev/null && PATH=/usr/bin
2226test -d /sbin && PATH=$PATH:/sbin
2227test -d /usr/sbin && PATH=$PATH:/usr/sbin
2228PATH=$PATH:/etc:$OPATH
2229
cdd66111 2230# These programs are used by the command hashing source to gather entropy
e9a17296 2231OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2232OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2233OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2234OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2235OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2236OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2237OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2238OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2239OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2240OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2241OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2242OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2243OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2244OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2245OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2246OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
700318f3 2247# restore PATH
2248PATH=$OPATH
e9a17296 2249
2250# Where does ssh-rand-helper get its randomness from?
2251INSTALL_SSH_PRNG_CMDS=""
2252if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2253 if test ! -z "$PRNGD_PORT" ; then
2254 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2255 elif test ! -z "$PRNGD_SOCKET" ; then
2256 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2257 else
2258 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2259 RAND_HELPER_CMDHASH=yes
2260 INSTALL_SSH_PRNG_CMDS="yes"
2261 fi
2262fi
2263AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2264
2265
3c0ef626 2266# Cheap hack to ensure NEWS-OS libraries are arranged right.
2267if test ! -z "$SONY" ; then
2268 LIBS="$LIBS -liberty";
2269fi
2270
2c06c99b 2271# Check for long long datatypes
2272AC_CHECK_TYPES([long long, unsigned long long, long double])
2273
2274# Check datatype sizes
3c0ef626 2275AC_CHECK_SIZEOF(char, 1)
2276AC_CHECK_SIZEOF(short int, 2)
2277AC_CHECK_SIZEOF(int, 4)
2278AC_CHECK_SIZEOF(long int, 4)
2279AC_CHECK_SIZEOF(long long int, 8)
2280
700318f3 2281# Sanity check long long for some platforms (AIX)
2282if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2283 ac_cv_sizeof_long_long_int=0
2284fi
2285
2c06c99b 2286# compute LLONG_MIN and LLONG_MAX if we don't know them.
2287if test -z "$have_llong_max"; then
2288 AC_MSG_CHECKING([for max value of long long])
2289 AC_RUN_IFELSE(
2290 [AC_LANG_SOURCE([[
2291#include <stdio.h>
2292/* Why is this so damn hard? */
2293#ifdef __GNUC__
2294# undef __GNUC__
2295#endif
2296#define __USE_ISOC99
2297#include <limits.h>
2298#define DATA "conftest.llminmax"
9108f8d9 2299#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2300
2301/*
2302 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2303 * we do this the hard way.
2304 */
2305static int
2306fprint_ll(FILE *f, long long n)
2307{
2308 unsigned int i;
2309 int l[sizeof(long long) * 8];
2310
2311 if (n < 0)
2312 if (fprintf(f, "-") < 0)
2313 return -1;
2314 for (i = 0; n != 0; i++) {
2315 l[i] = my_abs(n % 10);
2316 n /= 10;
2317 }
2318 do {
2319 if (fprintf(f, "%d", l[--i]) < 0)
2320 return -1;
2321 } while (i != 0);
2322 if (fprintf(f, " ") < 0)
2323 return -1;
2324 return 0;
2325}
2326
2c06c99b 2327int main(void) {
2328 FILE *f;
2329 long long i, llmin, llmax = 0;
2330
2331 if((f = fopen(DATA,"w")) == NULL)
2332 exit(1);
2333
2334#if defined(LLONG_MIN) && defined(LLONG_MAX)
2335 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2336 llmin = LLONG_MIN;
2337 llmax = LLONG_MAX;
2338#else
2339 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2340 /* This will work on one's complement and two's complement */
2341 for (i = 1; i > llmax; i <<= 1, i++)
2342 llmax = i;
2343 llmin = llmax + 1LL; /* wrap */
2344#endif
2345
2346 /* Sanity check */
2347 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
9108f8d9 2348 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2349 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2c06c99b 2350 fprintf(f, "unknown unknown\n");
2351 exit(2);
2352 }
2353
9108f8d9 2354 if (fprint_ll(f, llmin) < 0)
2c06c99b 2355 exit(3);
9108f8d9 2356 if (fprint_ll(f, llmax) < 0)
2357 exit(4);
2358 if (fclose(f) < 0)
2359 exit(5);
2c06c99b 2360 exit(0);
2361}
2362 ]])],
2363 [
2364 llong_min=`$AWK '{print $1}' conftest.llminmax`
2365 llong_max=`$AWK '{print $2}' conftest.llminmax`
2366
2c06c99b 2367 AC_MSG_RESULT($llong_max)
2368 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2369 [max value of long long calculated by configure])
2370 AC_MSG_CHECKING([for min value of long long])
2371 AC_MSG_RESULT($llong_min)
2372 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2373 [min value of long long calculated by configure])
2374 ],
2375 [
2376 AC_MSG_RESULT(not found)
2377 ],
2378 [
2379 AC_MSG_WARN([cross compiling: not checking])
2380 ]
2381 )
2382fi
2383
2384
3c0ef626 2385# More checks for data types
2386AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2387 AC_TRY_COMPILE(
cdd66111 2388 [ #include <sys/types.h> ],
2389 [ u_int a; a = 1;],
3c0ef626 2390 [ ac_cv_have_u_int="yes" ],
2391 [ ac_cv_have_u_int="no" ]
2392 )
2393])
2394if test "x$ac_cv_have_u_int" = "xyes" ; then
2c06c99b 2395 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
3c0ef626 2396 have_u_int=1
2397fi
2398
2399AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2400 AC_TRY_COMPILE(
cdd66111 2401 [ #include <sys/types.h> ],
2402 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
3c0ef626 2403 [ ac_cv_have_intxx_t="yes" ],
2404 [ ac_cv_have_intxx_t="no" ]
2405 )
2406])
2407if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2c06c99b 2408 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
3c0ef626 2409 have_intxx_t=1
2410fi
2411
2412if (test -z "$have_intxx_t" && \
cdd66111 2413 test "x$ac_cv_header_stdint_h" = "xyes")
3c0ef626 2414then
2415 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2416 AC_TRY_COMPILE(
cdd66111 2417 [ #include <stdint.h> ],
2418 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
3c0ef626 2419 [
2420 AC_DEFINE(HAVE_INTXX_T)
2421 AC_MSG_RESULT(yes)
2422 ],
2423 [ AC_MSG_RESULT(no) ]
2424 )
2425fi
2426
2427AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2428 AC_TRY_COMPILE(
41b2f314 2429 [
2430#include <sys/types.h>
2431#ifdef HAVE_STDINT_H
2432# include <stdint.h>
2433#endif
2434#include <sys/socket.h>
2435#ifdef HAVE_SYS_BITYPES_H
2436# include <sys/bitypes.h>
2437#endif
cdd66111 2438 ],
2439 [ int64_t a; a = 1;],
3c0ef626 2440 [ ac_cv_have_int64_t="yes" ],
2441 [ ac_cv_have_int64_t="no" ]
2442 )
2443])
2444if test "x$ac_cv_have_int64_t" = "xyes" ; then
2c06c99b 2445 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
e9a17296 2446fi
2447
3c0ef626 2448AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2449 AC_TRY_COMPILE(
cdd66111 2450 [ #include <sys/types.h> ],
2451 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
3c0ef626 2452 [ ac_cv_have_u_intxx_t="yes" ],
2453 [ ac_cv_have_u_intxx_t="no" ]
2454 )
2455])
2456if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2c06c99b 2457 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
3c0ef626 2458 have_u_intxx_t=1
2459fi
2460
2461if test -z "$have_u_intxx_t" ; then
2462 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2463 AC_TRY_COMPILE(
cdd66111 2464 [ #include <sys/socket.h> ],
2465 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
3c0ef626 2466 [
2467 AC_DEFINE(HAVE_U_INTXX_T)
2468 AC_MSG_RESULT(yes)
2469 ],
2470 [ AC_MSG_RESULT(no) ]
2471 )
2472fi
2473
2474AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2475 AC_TRY_COMPILE(
cdd66111 2476 [ #include <sys/types.h> ],
2477 [ u_int64_t a; a = 1;],
3c0ef626 2478 [ ac_cv_have_u_int64_t="yes" ],
2479 [ ac_cv_have_u_int64_t="no" ]
2480 )
2481])
2482if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2c06c99b 2483 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
3c0ef626 2484 have_u_int64_t=1
2485fi
2486
e9a17296 2487if test -z "$have_u_int64_t" ; then
2488 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2489 AC_TRY_COMPILE(
cdd66111 2490 [ #include <sys/bitypes.h> ],
e9a17296 2491 [ u_int64_t a; a = 1],
2492 [
2493 AC_DEFINE(HAVE_U_INT64_T)
2494 AC_MSG_RESULT(yes)
2495 ],
2496 [ AC_MSG_RESULT(no) ]
2497 )
2498fi
2499
3c0ef626 2500if test -z "$have_u_intxx_t" ; then
2501 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2502 AC_TRY_COMPILE(
2503 [
2504#include <sys/types.h>
cdd66111 2505 ],
2506 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
3c0ef626 2507 [ ac_cv_have_uintxx_t="yes" ],
2508 [ ac_cv_have_uintxx_t="no" ]
2509 )
2510 ])
2511 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2c06c99b 2512 AC_DEFINE(HAVE_UINTXX_T, 1,
2513 [define if you have uintxx_t data type])
3c0ef626 2514 fi
2515fi
2516
2517if test -z "$have_uintxx_t" ; then
2518 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2519 AC_TRY_COMPILE(
cdd66111 2520 [ #include <stdint.h> ],
2521 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
3c0ef626 2522 [
2523 AC_DEFINE(HAVE_UINTXX_T)
2524 AC_MSG_RESULT(yes)
2525 ],
2526 [ AC_MSG_RESULT(no) ]
2527 )
2528fi
2529
2530if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
cdd66111 2531 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3c0ef626 2532then
2533 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2534 AC_TRY_COMPILE(
2535 [
2536#include <sys/bitypes.h>
cdd66111 2537 ],
3c0ef626 2538 [
2539 int8_t a; int16_t b; int32_t c;
2540 u_int8_t e; u_int16_t f; u_int32_t g;
2541 a = b = c = e = f = g = 1;
cdd66111 2542 ],
3c0ef626 2543 [
2544 AC_DEFINE(HAVE_U_INTXX_T)
2545 AC_DEFINE(HAVE_INTXX_T)
2546 AC_MSG_RESULT(yes)
2547 ],
2548 [AC_MSG_RESULT(no)]
cdd66111 2549 )
3c0ef626 2550fi
2551
2552
2553AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2554 AC_TRY_COMPILE(
2555 [
2556#include <sys/types.h>
2557 ],
2558 [ u_char foo; foo = 125; ],
2559 [ ac_cv_have_u_char="yes" ],
2560 [ ac_cv_have_u_char="no" ]
2561 )
2562])
2563if test "x$ac_cv_have_u_char" = "xyes" ; then
2c06c99b 2564 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
3c0ef626 2565fi
2566
2567TYPE_SOCKLEN_T
2568
e9a17296 2569AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2570
996d5e62 2571AC_CHECK_TYPES(in_addr_t,,,
2572[#include <sys/types.h>
2573#include <netinet/in.h>])
2574
3c0ef626 2575AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2576 AC_TRY_COMPILE(
2577 [
2578#include <sys/types.h>
2579 ],
2580 [ size_t foo; foo = 1235; ],
2581 [ ac_cv_have_size_t="yes" ],
2582 [ ac_cv_have_size_t="no" ]
2583 )
2584])
2585if test "x$ac_cv_have_size_t" = "xyes" ; then
2c06c99b 2586 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
3c0ef626 2587fi
2588
2589AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2590 AC_TRY_COMPILE(
2591 [
2592#include <sys/types.h>
2593 ],
2594 [ ssize_t foo; foo = 1235; ],
2595 [ ac_cv_have_ssize_t="yes" ],
2596 [ ac_cv_have_ssize_t="no" ]
2597 )
2598])
2599if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2c06c99b 2600 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
3c0ef626 2601fi
2602
2603AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2604 AC_TRY_COMPILE(
2605 [
2606#include <time.h>
2607 ],
2608 [ clock_t foo; foo = 1235; ],
2609 [ ac_cv_have_clock_t="yes" ],
2610 [ ac_cv_have_clock_t="no" ]
2611 )
2612])
2613if test "x$ac_cv_have_clock_t" = "xyes" ; then
2c06c99b 2614 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
3c0ef626 2615fi
2616
2617AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2618 AC_TRY_COMPILE(
2619 [
2620#include <sys/types.h>
2621#include <sys/socket.h>
2622 ],
2623 [ sa_family_t foo; foo = 1235; ],
2624 [ ac_cv_have_sa_family_t="yes" ],
2625 [ AC_TRY_COMPILE(
2626 [
2627#include <sys/types.h>
2628#include <sys/socket.h>
2629#include <netinet/in.h>
2630 ],
2631 [ sa_family_t foo; foo = 1235; ],
2632 [ ac_cv_have_sa_family_t="yes" ],
2633
2634 [ ac_cv_have_sa_family_t="no" ]
2635 )]
2636 )
2637])
2638if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2c06c99b 2639 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2640 [define if you have sa_family_t data type])
3c0ef626 2641fi
2642
2643AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2644 AC_TRY_COMPILE(
2645 [
2646#include <sys/types.h>
2647 ],
2648 [ pid_t foo; foo = 1235; ],
2649 [ ac_cv_have_pid_t="yes" ],
2650 [ ac_cv_have_pid_t="no" ]
2651 )
2652])
2653if test "x$ac_cv_have_pid_t" = "xyes" ; then
2c06c99b 2654 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
3c0ef626 2655fi
2656
2657AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2658 AC_TRY_COMPILE(
2659 [
2660#include <sys/types.h>
2661 ],
2662 [ mode_t foo; foo = 1235; ],
2663 [ ac_cv_have_mode_t="yes" ],
2664 [ ac_cv_have_mode_t="no" ]
2665 )
2666])
2667if test "x$ac_cv_have_mode_t" = "xyes" ; then
2c06c99b 2668 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
3c0ef626 2669fi
2670
2671
2672AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2673 AC_TRY_COMPILE(
2674 [
2675#include <sys/types.h>
2676#include <sys/socket.h>
2677 ],
2678 [ struct sockaddr_storage s; ],
2679 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2680 [ ac_cv_have_struct_sockaddr_storage="no" ]
2681 )
2682])
2683if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2c06c99b 2684 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2685 [define if you have struct sockaddr_storage data type])
3c0ef626 2686fi
2687
2688AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2689 AC_TRY_COMPILE(
2690 [
2691#include <sys/types.h>
2692#include <netinet/in.h>
2693 ],
2694 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2695 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2696 [ ac_cv_have_struct_sockaddr_in6="no" ]
2697 )
2698])
2699if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2c06c99b 2700 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2701 [define if you have struct sockaddr_in6 data type])
3c0ef626 2702fi
2703
2704AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2705 AC_TRY_COMPILE(
2706 [
2707#include <sys/types.h>
2708#include <netinet/in.h>
2709 ],
2710 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2711 [ ac_cv_have_struct_in6_addr="yes" ],
2712 [ ac_cv_have_struct_in6_addr="no" ]
2713 )
2714])
2715if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2c06c99b 2716 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2717 [define if you have struct in6_addr data type])
3c0ef626 2718fi
2719
2720AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2721 AC_TRY_COMPILE(
2722 [
2723#include <sys/types.h>
2724#include <sys/socket.h>
2725#include <netdb.h>
2726 ],
2727 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2728 [ ac_cv_have_struct_addrinfo="yes" ],
2729 [ ac_cv_have_struct_addrinfo="no" ]
2730 )
2731])
2732if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2c06c99b 2733 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2734 [define if you have struct addrinfo data type])
3c0ef626 2735fi
2736
2737AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2738 AC_TRY_COMPILE(
cdd66111 2739 [ #include <sys/time.h> ],
2740 [ struct timeval tv; tv.tv_sec = 1;],
3c0ef626 2741 [ ac_cv_have_struct_timeval="yes" ],
2742 [ ac_cv_have_struct_timeval="no" ]
2743 )
2744])
2745if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2c06c99b 2746 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3c0ef626 2747 have_struct_timeval=1
2748fi
2749
6a9b3198 2750AC_CHECK_TYPES(struct timespec)
2751
2752# We need int64_t or else certian parts of the compile will fail.
dec6d9fe 2753if test "x$ac_cv_have_int64_t" = "xno" && \
2754 test "x$ac_cv_sizeof_long_int" != "x8" && \
2755 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
6a9b3198 2756 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2757 echo "an alternative compiler (I.E., GCC) before continuing."
2758 echo ""
2759 exit 1;
3c0ef626 2760else
2761dnl test snprintf (broken on SCO w/gcc)
996d5e62 2762 AC_RUN_IFELSE(
2763 [AC_LANG_SOURCE([[
3c0ef626 2764#include <stdio.h>
2765#include <string.h>
2766#ifdef HAVE_SNPRINTF
2767main()
2768{
2769 char buf[50];
2770 char expected_out[50];
2771 int mazsize = 50 ;
2772#if (SIZEOF_LONG_INT == 8)
2773 long int num = 0x7fffffffffffffff;
2774#else
2775 long long num = 0x7fffffffffffffffll;
2776#endif
2777 strcpy(expected_out, "9223372036854775807");
2778 snprintf(buf, mazsize, "%lld", num);
2779 if(strcmp(buf, expected_out) != 0)
cdd66111 2780 exit(1);
3c0ef626 2781 exit(0);
2782}
2783#else
2784main() { exit(0); }
2785#endif
996d5e62 2786 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2787 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3c0ef626 2788 )
2789fi
3c0ef626 2790
2791dnl Checks for structure members
2792OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2793OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2794OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2795OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2796OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2797OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2798OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2799OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2800OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2801OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2802OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2803OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2804OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2805OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2806OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2807OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2808OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2809
2810AC_CHECK_MEMBERS([struct stat.st_blksize])
2c06c99b 2811AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2812 [Define if we don't have struct __res_state in resolv.h])],
2813[
2814#include <stdio.h>
2815#if HAVE_SYS_TYPES_H
2816# include <sys/types.h>
2817#endif
2818#include <netinet/in.h>
2819#include <arpa/nameser.h>
2820#include <resolv.h>
2821])
3c0ef626 2822
2823AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2824 ac_cv_have_ss_family_in_struct_ss, [
2825 AC_TRY_COMPILE(
2826 [
2827#include <sys/types.h>
2828#include <sys/socket.h>
2829 ],
2830 [ struct sockaddr_storage s; s.ss_family = 1; ],
2831 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2832 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2833 )
2834])
2835if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2c06c99b 2836 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3c0ef626 2837fi
2838
2839AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2840 ac_cv_have___ss_family_in_struct_ss, [
2841 AC_TRY_COMPILE(
2842 [
2843#include <sys/types.h>
2844#include <sys/socket.h>
2845 ],
2846 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2847 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2848 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2849 )
2850])
2851if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2c06c99b 2852 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2853 [Fields in struct sockaddr_storage])
3c0ef626 2854fi
2855
2856AC_CACHE_CHECK([for pw_class field in struct passwd],
2857 ac_cv_have_pw_class_in_struct_passwd, [
2858 AC_TRY_COMPILE(
2859 [
2860#include <pwd.h>
2861 ],
2862 [ struct passwd p; p.pw_class = 0; ],
2863 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2864 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2865 )
2866])
2867if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2c06c99b 2868 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2869 [Define if your password has a pw_class field])
3c0ef626 2870fi
2871
2872AC_CACHE_CHECK([for pw_expire field in struct passwd],
2873 ac_cv_have_pw_expire_in_struct_passwd, [
2874 AC_TRY_COMPILE(
2875 [
2876#include <pwd.h>
2877 ],
2878 [ struct passwd p; p.pw_expire = 0; ],
2879 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2880 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2881 )
2882])
2883if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2c06c99b 2884 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2885 [Define if your password has a pw_expire field])
3c0ef626 2886fi
2887
2888AC_CACHE_CHECK([for pw_change field in struct passwd],
2889 ac_cv_have_pw_change_in_struct_passwd, [
2890 AC_TRY_COMPILE(
2891 [
2892#include <pwd.h>
2893 ],
2894 [ struct passwd p; p.pw_change = 0; ],
2895 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2896 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2897 )
2898])
2899if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2c06c99b 2900 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2901 [Define if your password has a pw_change field])
3c0ef626 2902fi
2903
fba3c309 2904dnl make sure we're using the real structure members and not defines
700318f3 2905AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2906 ac_cv_have_accrights_in_msghdr, [
996d5e62 2907 AC_COMPILE_IFELSE(
700318f3 2908 [
2909#include <sys/types.h>
2910#include <sys/socket.h>
2911#include <sys/uio.h>
fba3c309 2912int main() {
2913#ifdef msg_accrights
996d5e62 2914#error "msg_accrights is a macro"
fba3c309 2915exit(1);
2916#endif
2917struct msghdr m;
2918m.msg_accrights = 0;
2919exit(0);
2920}
700318f3 2921 ],
700318f3 2922 [ ac_cv_have_accrights_in_msghdr="yes" ],
2923 [ ac_cv_have_accrights_in_msghdr="no" ]
2924 )
2925])
2926if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2c06c99b 2927 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2928 [Define if your system uses access rights style
2929 file descriptor passing])
700318f3 2930fi
2931
2932AC_CACHE_CHECK([for msg_control field in struct msghdr],
2933 ac_cv_have_control_in_msghdr, [
996d5e62 2934 AC_COMPILE_IFELSE(
700318f3 2935 [
2936#include <sys/types.h>
2937#include <sys/socket.h>
2938#include <sys/uio.h>
fba3c309 2939int main() {
2940#ifdef msg_control
996d5e62 2941#error "msg_control is a macro"
fba3c309 2942exit(1);
2943#endif
2944struct msghdr m;
2945m.msg_control = 0;
2946exit(0);
2947}
700318f3 2948 ],
700318f3 2949 [ ac_cv_have_control_in_msghdr="yes" ],
2950 [ ac_cv_have_control_in_msghdr="no" ]
2951 )
2952])
2953if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2c06c99b 2954 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2955 [Define if your system uses ancillary data style
2956 file descriptor passing])
700318f3 2957fi
2958
3c0ef626 2959AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
cdd66111 2960 AC_TRY_LINK([],
2961 [ extern char *__progname; printf("%s", __progname); ],
3c0ef626 2962 [ ac_cv_libc_defines___progname="yes" ],
2963 [ ac_cv_libc_defines___progname="no" ]
2964 )
2965])
2966if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2c06c99b 2967 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3c0ef626 2968fi
2969
700318f3 2970AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2971 AC_TRY_LINK([
2972#include <stdio.h>
cdd66111 2973],
2974 [ printf("%s", __FUNCTION__); ],
700318f3 2975 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2976 [ ac_cv_cc_implements___FUNCTION__="no" ]
2977 )
2978])
2979if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2c06c99b 2980 AC_DEFINE(HAVE___FUNCTION__, 1,
2981 [Define if compiler implements __FUNCTION__])
700318f3 2982fi
2983
2984AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2985 AC_TRY_LINK([
2986#include <stdio.h>
cdd66111 2987],
2988 [ printf("%s", __func__); ],
700318f3 2989 [ ac_cv_cc_implements___func__="yes" ],
2990 [ ac_cv_cc_implements___func__="no" ]
2991 )
2992])
2993if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2c06c99b 2994 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2995fi
2996
2997AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2998 AC_TRY_LINK(
2999 [#include <stdarg.h>
3000 va_list x,y;],
3001 [va_copy(x,y);],
3002 [ ac_cv_have_va_copy="yes" ],
3003 [ ac_cv_have_va_copy="no" ]
3004 )
3005])
3006if test "x$ac_cv_have_va_copy" = "xyes" ; then
3007 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3008fi
3009
3010AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3011 AC_TRY_LINK(
3012 [#include <stdarg.h>
3013 va_list x,y;],
3014 [__va_copy(x,y);],
3015 [ ac_cv_have___va_copy="yes" ],
3016 [ ac_cv_have___va_copy="no" ]
3017 )
3018])
3019if test "x$ac_cv_have___va_copy" = "xyes" ; then
3020 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
700318f3 3021fi
3022
3c0ef626 3023AC_CACHE_CHECK([whether getopt has optreset support],
3024 ac_cv_have_getopt_optreset, [
3025 AC_TRY_LINK(
3026 [
3027#include <getopt.h>
3028 ],
3029 [ extern int optreset; optreset = 0; ],
3030 [ ac_cv_have_getopt_optreset="yes" ],
3031 [ ac_cv_have_getopt_optreset="no" ]
3032 )
3033])
3034if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2c06c99b 3035 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3036 [Define if your getopt(3) defines and uses optreset])
3c0ef626 3037fi
3038
3039AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
cdd66111 3040 AC_TRY_LINK([],
3041 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3c0ef626 3042 [ ac_cv_libc_defines_sys_errlist="yes" ],
3043 [ ac_cv_libc_defines_sys_errlist="no" ]
3044 )
3045])
3046if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2c06c99b 3047 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3048 [Define if your system defines sys_errlist[]])
3c0ef626 3049fi
3050
3051
3052AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
cdd66111 3053 AC_TRY_LINK([],
3054 [ extern int sys_nerr; printf("%i", sys_nerr);],
3c0ef626 3055 [ ac_cv_libc_defines_sys_nerr="yes" ],
3056 [ ac_cv_libc_defines_sys_nerr="no" ]
3057 )
3058])
3059if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2c06c99b 3060 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3c0ef626 3061fi
3062
cdd66111 3063SCARD_MSG="no"
700318f3 3064# Check whether user wants sectok support
3065AC_ARG_WITH(sectok,
3066 [ --with-sectok Enable smartcard support using libsectok],
3c0ef626 3067 [
3068 if test "x$withval" != "xno" ; then
3069 if test "x$withval" != "xyes" ; then
3070 CPPFLAGS="$CPPFLAGS -I${withval}"
3071 LDFLAGS="$LDFLAGS -L${withval}"
3072 if test ! -z "$need_dash_r" ; then
3073 LDFLAGS="$LDFLAGS -R${withval}"
3074 fi
3075 if test ! -z "$blibpath" ; then
3076 blibpath="$blibpath:${withval}"
3077 fi
3078 fi
3079 AC_CHECK_HEADERS(sectok.h)
3080 if test "$ac_cv_header_sectok_h" != yes; then
3081 AC_MSG_ERROR(Can't find sectok.h)
3082 fi
3083 AC_CHECK_LIB(sectok, sectok_open)
3084 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3085 AC_MSG_ERROR(Can't find libsectok)
3086 fi
2c06c99b 3087 AC_DEFINE(SMARTCARD, 1,
3088 [Define if you want smartcard support])
3089 AC_DEFINE(USE_SECTOK, 1,
3090 [Define if you want smartcard support
3091 using sectok])
cdd66111 3092 SCARD_MSG="yes, using sectok"
3c0ef626 3093 fi
3094 ]
3095)
3096
700318f3 3097# Check whether user wants OpenSC support
dec6d9fe 3098OPENSC_CONFIG="no"
700318f3 3099AC_ARG_WITH(opensc,
2c06c99b 3100 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
dec6d9fe 3101 [
3102 if test "x$withval" != "xno" ; then
3103 if test "x$withval" != "xyes" ; then
3104 OPENSC_CONFIG=$withval/bin/opensc-config
3105 else
3106 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3107 fi
3108 if test "$OPENSC_CONFIG" != "no"; then
3109 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3110 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3111 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
9108f8d9 3112 LIBS="$LIBS $LIBOPENSC_LIBS"
dec6d9fe 3113 AC_DEFINE(SMARTCARD)
2c06c99b 3114 AC_DEFINE(USE_OPENSC, 1,
3115 [Define if you want smartcard support
3116 using OpenSC])
dec6d9fe 3117 SCARD_MSG="yes, using OpenSC"
3118 fi
3119 fi
3120 ]
3121)
700318f3 3122
cdd66111 3123# Check libraries needed by DNS fingerprint support
3124AC_SEARCH_LIBS(getrrsetbyname, resolv,
2c06c99b 3125 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3126 [Define if getrrsetbyname() exists])],
0fff78ff 3127 [
cdd66111 3128 # Needed by our getrrsetbyname()
3129 AC_SEARCH_LIBS(res_query, resolv)
3130 AC_SEARCH_LIBS(dn_expand, resolv)
c9f39d2c 3131 AC_MSG_CHECKING(if res_query will link)
3132 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3133 [AC_MSG_RESULT(no)
3134 saved_LIBS="$LIBS"
3135 LIBS="$LIBS -lresolv"
3136 AC_MSG_CHECKING(for res_query in -lresolv)
3137 AC_LINK_IFELSE([
3138#include <resolv.h>
3139int main()
3140{
3141 res_query (0, 0, 0, 0, 0);
3142 return 0;
3143}
3144 ],
3145 [LIBS="$LIBS -lresolv"
3146 AC_MSG_RESULT(yes)],
3147 [LIBS="$saved_LIBS"
3148 AC_MSG_RESULT(no)])
3149 ])
cdd66111 3150 AC_CHECK_FUNCS(_getshort _getlong)
665a873d 3151 AC_CHECK_DECLS([_getshort, _getlong], , ,
3152 [#include <sys/types.h>
3153 #include <arpa/nameser.h>])
cdd66111 3154 AC_CHECK_MEMBER(HEADER.ad,
2c06c99b 3155 [AC_DEFINE(HAVE_HEADER_AD, 1,
3156 [Define if HEADER.ad exists in arpa/nameser.h])],,
cdd66111 3157 [#include <arpa/nameser.h>])
3158 ])
0fff78ff 3159
9108f8d9 3160# Check whether user wants SELinux support
3161SELINUX_MSG="no"
3162LIBSELINUX=""
3163AC_ARG_WITH(selinux,
3164 [ --with-selinux Enable SELinux support],
3165 [ if test "x$withval" != "xno" ; then
3166 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3167 SELINUX_MSG="yes"
3168 AC_CHECK_HEADER([selinux/selinux.h], ,
3169 AC_MSG_ERROR(SELinux support requires selinux.h header))
3170 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3171 AC_MSG_ERROR(SELinux support requires libselinux library))
3172 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3173 fi ]
3174)
3175AC_SUBST(LIBSELINUX)
3176
700318f3 3177# Check whether user wants Kerberos 5 support
cdd66111 3178KRB5_MSG="no"
700318f3 3179AC_ARG_WITH(kerberos5,
cdd66111 3180 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3181 [ if test "x$withval" != "xno" ; then
3182 if test "x$withval" = "xyes" ; then
3183 KRB5ROOT="/usr/local"
3184 else
3185 KRB5ROOT=${withval}
3186 fi
3187
2c06c99b 3188 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
cdd66111 3189 KRB5_MSG="yes"
3190
3191 AC_MSG_CHECKING(for krb5-config)
3192 if test -x $KRB5ROOT/bin/krb5-config ; then
3193 KRB5CONF=$KRB5ROOT/bin/krb5-config
3194 AC_MSG_RESULT($KRB5CONF)
3195
3196 AC_MSG_CHECKING(for gssapi support)
3197 if $KRB5CONF | grep gssapi >/dev/null ; then
3198 AC_MSG_RESULT(yes)
2c06c99b 3199 AC_DEFINE(GSSAPI, 1,
3200 [Define this if you want GSSAPI
3201 support in the version 2 protocol])
cdd66111 3202 k5confopts=gssapi
3203 else
3204 AC_MSG_RESULT(no)
3205 k5confopts=""
3206 fi
3207 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3208 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3209 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3210 AC_MSG_CHECKING(whether we are using Heimdal)
3211 AC_TRY_COMPILE([ #include <krb5.h> ],
3212 [ char *tmp = heimdal_version; ],
3213 [ AC_MSG_RESULT(yes)
2c06c99b 3214 AC_DEFINE(HEIMDAL, 1,
3215 [Define this if you are using the
3216 Heimdal version of Kerberos V5]) ],
cdd66111 3217 AC_MSG_RESULT(no)
3218 )
3219 else
3220 AC_MSG_RESULT(no)
700318f3 3221 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
cdd66111 3222 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3223 AC_MSG_CHECKING(whether we are using Heimdal)
3224 AC_TRY_COMPILE([ #include <krb5.h> ],
3225 [ char *tmp = heimdal_version; ],
3226 [ AC_MSG_RESULT(yes)
3227 AC_DEFINE(HEIMDAL)
c9f39d2c 3228 K5LIBS="-lkrb5 -ldes"
3229 K5LIBS="$K5LIBS -lcom_err -lasn1"
dec6d9fe 3230 AC_CHECK_LIB(roken, net_write,
c9f39d2c 3231 [K5LIBS="$K5LIBS -lroken"])
cdd66111 3232 ],
3233 [ AC_MSG_RESULT(no)
3234 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3235 ]
3236 )
0fff78ff 3237 AC_SEARCH_LIBS(dn_expand, resolv)
3238
3239 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3240 [ AC_DEFINE(GSSAPI)
3241 K5LIBS="-lgssapi $K5LIBS" ],
3242 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3243 [ AC_DEFINE(GSSAPI)
cdd66111 3244 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
0fff78ff 3245 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3246 $K5LIBS)
3247 ],
3248 $K5LIBS)
dec6d9fe 3249
0fff78ff 3250 AC_CHECK_HEADER(gssapi.h, ,
3251 [ unset ac_cv_header_gssapi_h
cdd66111 3252 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
0fff78ff 3253 AC_CHECK_HEADERS(gssapi.h, ,
3254 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
cdd66111 3255 )
0fff78ff 3256 ]
3257 )
3258
3259 oldCPP="$CPPFLAGS"
3260 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3261 AC_CHECK_HEADER(gssapi_krb5.h, ,
3262 [ CPPFLAGS="$oldCPP" ])
700318f3 3263
cdd66111 3264 fi
3265 if test ! -z "$need_dash_r" ; then
3266 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3267 fi
3268 if test ! -z "$blibpath" ; then
3269 blibpath="$blibpath:${KRB5ROOT}/lib"
3270 fi
cdd66111 3271
2c06c99b 3272 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3273 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3274 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
cdd66111 3275
2c06c99b 3276 LIBS="$LIBS $K5LIBS"
3277 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3278 [Define this if you want to use libkafs' AFS support]))
3279 fi
cdd66111 3280 ]
700318f3 3281)
3c0ef626 3282
3283# Looking for programs, paths and files
3c0ef626 3284
700318f3 3285PRIVSEP_PATH=/var/empty
3286AC_ARG_WITH(privsep-path,
41b2f314 3287 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
700318f3 3288 [
dec6d9fe 3289 if test -n "$withval" && test "x$withval" != "xno" && \
3290 test "x${withval}" != "xyes"; then
700318f3 3291 PRIVSEP_PATH=$withval
3292 fi
3293 ]
3294)
3295AC_SUBST(PRIVSEP_PATH)
3296
3c0ef626 3297AC_ARG_WITH(xauth,
3298 [ --with-xauth=PATH Specify path to xauth program ],
3299 [
dec6d9fe 3300 if test -n "$withval" && test "x$withval" != "xno" && \
3301 test "x${withval}" != "xyes"; then
3c0ef626 3302 xauth_path=$withval
3303 fi
3304 ],
3305 [
41b2f314 3306 TestPath="$PATH"
3307 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3308 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3309 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3310 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3311 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3c0ef626 3312 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3313 xauth_path="/usr/openwin/bin/xauth"
3314 fi
3315 ]
3316)
3317
6a9b3198 3318STRIP_OPT=-s
3319AC_ARG_ENABLE(strip,
3320 [ --disable-strip Disable calling strip(1) on install],
3321 [
3322 if test "x$enableval" = "xno" ; then
3323 STRIP_OPT=
3324 fi
3325 ]
3326)
3327AC_SUBST(STRIP_OPT)
3328
3c0ef626 3329if test -z "$xauth_path" ; then
3330 XAUTH_PATH="undefined"
3331 AC_SUBST(XAUTH_PATH)
3332else
2c06c99b 3333 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3334 [Define if xauth is found in your path])
3c0ef626 3335 XAUTH_PATH=$xauth_path
3336 AC_SUBST(XAUTH_PATH)
3337fi
3c0ef626 3338
3339# Check for mail directory (last resort if we cannot get it from headers)
3340if test ! -z "$MAIL" ; then
3341 maildir=`dirname $MAIL`
2c06c99b 3342 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3343 [Set this to your mail directory if you don't have maillock.h])
3c0ef626 3344fi
3345
996d5e62 3346if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3347 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3348 disable_ptmx_check=yes
3349fi
3c0ef626 3350if test -z "$no_dev_ptmx" ; then
700318f3 3351 if test "x$disable_ptmx_check" != "xyes" ; then
cdd66111 3352 AC_CHECK_FILE("/dev/ptmx",
700318f3 3353 [
2c06c99b 3354 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3355 [Define if you have /dev/ptmx])
700318f3 3356 have_dev_ptmx=1
3357 ]
3358 )
3359 fi
3c0ef626 3360fi
996d5e62 3361
3362if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3363 AC_CHECK_FILE("/dev/ptc",
3364 [
2c06c99b 3365 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3366 [Define if you have /dev/ptc])
996d5e62 3367 have_dev_ptc=1
3368 ]
3369 )
3370else
3371 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3372fi
3c0ef626 3373
3374# Options from here on. Some of these are preset by platform above
3c0ef626 3375AC_ARG_WITH(mantype,
3376 [ --with-mantype=man|cat|doc Set man page type],
3377 [
3378 case "$withval" in
3379 man|cat|doc)
3380 MANTYPE=$withval
3381 ;;
3382 *)
3383 AC_MSG_ERROR(invalid man type: $withval)
3384 ;;
3385 esac
3386 ]
3387)
3388if test -z "$MANTYPE"; then
41b2f314 3389 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3390 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3c0ef626 3391 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3392 MANTYPE=doc
3393 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3394 MANTYPE=man
3395 else
3396 MANTYPE=cat
3397 fi
3398fi
3399AC_SUBST(MANTYPE)
3400if test "$MANTYPE" = "doc"; then
3401 mansubdir=man;
3402else
3403 mansubdir=$MANTYPE;
3404fi
3405AC_SUBST(mansubdir)
3406
3407# Check whether to enable MD5 passwords
cdd66111 3408MD5_MSG="no"
3c0ef626 3409AC_ARG_WITH(md5-passwords,
3410 [ --with-md5-passwords Enable use of MD5 passwords],
3411 [
3412 if test "x$withval" != "xno" ; then
2c06c99b 3413 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3414 [Define if you want to allow MD5 passwords])
cdd66111 3415 MD5_MSG="yes"
3c0ef626 3416 fi
3417 ]
3418)
3419
3420# Whether to disable shadow password support
3421AC_ARG_WITH(shadow,
3422 [ --without-shadow Disable shadow password support],
3423 [
dec6d9fe 3424 if test "x$withval" = "xno" ; then
3c0ef626 3425 AC_DEFINE(DISABLE_SHADOW)
3426 disable_shadow=yes
3427 fi
3428 ]
3429)
3430
3431if test -z "$disable_shadow" ; then
3432 AC_MSG_CHECKING([if the systems has expire shadow information])
3433 AC_TRY_COMPILE(
3434 [
3435#include <sys/types.h>
3436#include <shadow.h>
3437 struct spwd sp;
3438 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3439 [ sp_expire_available=yes ], []
3440 )
3441
3442 if test "x$sp_expire_available" = "xyes" ; then
3443 AC_MSG_RESULT(yes)
2c06c99b 3444 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3445 [Define if you want to use shadow password expire field])
3c0ef626 3446 else
3447 AC_MSG_RESULT(no)
3448 fi
3449fi
3450
3451# Use ip address instead of hostname in $DISPLAY
3452if test ! -z "$IPADDR_IN_DISPLAY" ; then
3453 DISPLAY_HACK_MSG="yes"
2c06c99b 3454 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3455 [Define if you need to use IP address
3456 instead of hostname in $DISPLAY])
3c0ef626 3457else
cdd66111 3458 DISPLAY_HACK_MSG="no"
3c0ef626 3459 AC_ARG_WITH(ipaddr-display,
3460 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3461 [
dec6d9fe 3462 if test "x$withval" != "xno" ; then
3c0ef626 3463 AC_DEFINE(IPADDR_IN_DISPLAY)
cdd66111 3464 DISPLAY_HACK_MSG="yes"
3c0ef626 3465 fi
3466 ]
3467 )
3468fi
3469
0fff78ff 3470# check for /etc/default/login and use it if present.
acc3d05e 3471AC_ARG_ENABLE(etc-default-login,
996d5e62 3472 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3473 [ if test "x$enableval" = "xno"; then
3474 AC_MSG_NOTICE([/etc/default/login handling disabled])
3475 etc_default_login=no
3476 else
3477 etc_default_login=yes
3478 fi ],
2c06c99b 3479 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3480 then
3481 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3482 etc_default_login=no
3483 else
3484 etc_default_login=yes
3485 fi ]
996d5e62 3486)
0fff78ff 3487
996d5e62 3488if test "x$etc_default_login" != "xno"; then
3489 AC_CHECK_FILE("/etc/default/login",
3490 [ external_path_file=/etc/default/login ])
2c06c99b 3491 if test "x$external_path_file" = "x/etc/default/login"; then
3492 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3493 [Define if your system has /etc/default/login])
996d5e62 3494 fi
0fff78ff 3495fi
3496
700318f3 3497dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
dec6d9fe 3498if test $ac_cv_func_login_getcapbool = "yes" && \
3499 test $ac_cv_header_login_cap_h = "yes" ; then
0fff78ff 3500 external_path_file=/etc/login.conf
700318f3 3501fi
0fff78ff 3502
3c0ef626 3503# Whether to mess with the default path
cdd66111 3504SERVER_PATH_MSG="(default)"
3c0ef626 3505AC_ARG_WITH(default-path,
700318f3 3506 [ --with-default-path= Specify default \$PATH environment for server],
3c0ef626 3507 [
0fff78ff 3508 if test "x$external_path_file" = "x/etc/login.conf" ; then
700318f3 3509 AC_MSG_WARN([
3510--with-default-path=PATH has no effect on this system.
3511Edit /etc/login.conf instead.])
dec6d9fe 3512 elif test "x$withval" != "xno" ; then
0fff78ff 3513 if test ! -z "$external_path_file" ; then
3514 AC_MSG_WARN([
3515--with-default-path=PATH will only be used if PATH is not defined in
3516$external_path_file .])
3517 fi
3c0ef626 3518 user_path="$withval"
cdd66111 3519 SERVER_PATH_MSG="$withval"
3c0ef626 3520 fi
3521 ],
0fff78ff 3522 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3523 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
700318f3 3524 else
0fff78ff 3525 if test ! -z "$external_path_file" ; then
3526 AC_MSG_WARN([
3527If PATH is defined in $external_path_file, ensure the path to scp is included,
3528otherwise scp will not work.])
3529 fi
2c06c99b 3530 AC_RUN_IFELSE(
3531 [AC_LANG_SOURCE([[
3c0ef626 3532/* find out what STDPATH is */
3533#include <stdio.h>
3534#ifdef HAVE_PATHS_H
3535# include <paths.h>
3536#endif
3537#ifndef _PATH_STDPATH
6a9b3198 3538# ifdef _PATH_USERPATH /* Irix */
3539# define _PATH_STDPATH _PATH_USERPATH
3540# else
3541# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3542# endif
3c0ef626 3543#endif
3544#include <sys/types.h>
3545#include <sys/stat.h>
3546#include <fcntl.h>
3547#define DATA "conftest.stdpath"
3548
3549main()
3550{
3551 FILE *fd;
3552 int rc;
dec6d9fe 3553
3c0ef626 3554 fd = fopen(DATA,"w");
3555 if(fd == NULL)
3556 exit(1);
dec6d9fe 3557
3c0ef626 3558 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3559 exit(1);
3560
3561 exit(0);
3562}
2c06c99b 3563 ]])],
3564 [ user_path=`cat conftest.stdpath` ],
3c0ef626 3565 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3566 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3567 )
3568# make sure $bindir is in USER_PATH so scp will work
3569 t_bindir=`eval echo ${bindir}`
3570 case $t_bindir in
3571 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3572 esac
3573 case $t_bindir in
3574 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3575 esac
3576 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3577 if test $? -ne 0 ; then
3578 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3579 if test $? -ne 0 ; then
3580 user_path=$user_path:$t_bindir
3581 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3582 fi
3583 fi
700318f3 3584 fi ]
3585)
0fff78ff 3586if test "x$external_path_file" != "x/etc/login.conf" ; then
2c06c99b 3587 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
700318f3 3588 AC_SUBST(user_path)
3589fi
3590
3591# Set superuser path separately to user path
700318f3 3592AC_ARG_WITH(superuser-path,
3593 [ --with-superuser-path= Specify different path for super-user],
3594 [
dec6d9fe 3595 if test -n "$withval" && test "x$withval" != "xno" && \
3596 test "x${withval}" != "xyes"; then
2c06c99b 3597 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3598 [Define if you want a different $PATH
3599 for the superuser])
700318f3 3600 superuser_path=$withval
3601 fi
3c0ef626 3602 ]
3603)
700318f3 3604
3c0ef626 3605
3c0ef626 3606AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
cdd66111 3607IPV4_IN6_HACK_MSG="no"
3c0ef626 3608AC_ARG_WITH(4in6,
3609 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3610 [
3611 if test "x$withval" != "xno" ; then
3612 AC_MSG_RESULT(yes)
2c06c99b 3613 AC_DEFINE(IPV4_IN_IPV6, 1,
3614 [Detect IPv4 in IPv6 mapped addresses
3615 and treat as IPv4])
cdd66111 3616 IPV4_IN6_HACK_MSG="yes"
3c0ef626 3617 else
3618 AC_MSG_RESULT(no)
3619 fi
3620 ],[
3621 if test "x$inet6_default_4in6" = "xyes"; then
3622 AC_MSG_RESULT([yes (default)])
3623 AC_DEFINE(IPV4_IN_IPV6)
cdd66111 3624 IPV4_IN6_HACK_MSG="yes"
3c0ef626 3625 else
3626 AC_MSG_RESULT([no (default)])
3627 fi
3628 ]
3629)
3630
3631# Whether to enable BSD auth support
e9a17296 3632BSD_AUTH_MSG=no
3c0ef626 3633AC_ARG_WITH(bsd-auth,
3634 [ --with-bsd-auth Enable BSD auth support],
3635 [
dec6d9fe 3636 if test "x$withval" != "xno" ; then
2c06c99b 3637 AC_DEFINE(BSD_AUTH, 1,
3638 [Define if you have BSD auth support])
e9a17296 3639 BSD_AUTH_MSG=yes
3c0ef626 3640 fi
3641 ]
3642)
3643
3c0ef626 3644# Where to place sshd.pid
3645piddir=/var/run
700318f3 3646# make sure the directory exists
dec6d9fe 3647if test ! -d $piddir ; then
700318f3 3648 piddir=`eval echo ${sysconfdir}`
3649 case $piddir in
cdd66111 3650 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
700318f3 3651 esac
3652fi
3653
3c0ef626 3654AC_ARG_WITH(pid-dir,
3655 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3656 [
dec6d9fe 3657 if test -n "$withval" && test "x$withval" != "xno" && \
3658 test "x${withval}" != "xyes"; then
3c0ef626 3659 piddir=$withval
dec6d9fe 3660 if test ! -d $piddir ; then
700318f3 3661 AC_MSG_WARN([** no $piddir directory on this system **])
3662 fi
3c0ef626 3663 fi
3664 ]
3665)
3666
2c06c99b 3667AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3c0ef626 3668AC_SUBST(piddir)
3669
3670dnl allow user to disable some login recording features
3671AC_ARG_ENABLE(lastlog,
3672 [ --disable-lastlog disable use of lastlog even if detected [no]],
0fff78ff 3673 [
3674 if test "x$enableval" = "xno" ; then
3675 AC_DEFINE(DISABLE_LASTLOG)
3676 fi
3677 ]
3c0ef626 3678)
3679AC_ARG_ENABLE(utmp,
3680 [ --disable-utmp disable use of utmp even if detected [no]],
0fff78ff 3681 [
3682 if test "x$enableval" = "xno" ; then
3683 AC_DEFINE(DISABLE_UTMP)
3684 fi
3685 ]
3c0ef626 3686)
3687AC_ARG_ENABLE(utmpx,
3688 [ --disable-utmpx disable use of utmpx even if detected [no]],
0fff78ff 3689 [
3690 if test "x$enableval" = "xno" ; then
2c06c99b 3691 AC_DEFINE(DISABLE_UTMPX, 1,
3692 [Define if you don't want to use utmpx])
0fff78ff 3693 fi
3694 ]
3c0ef626 3695)
3696AC_ARG_ENABLE(wtmp,
3697 [ --disable-wtmp disable use of wtmp even if detected [no]],
0fff78ff 3698 [
3699 if test "x$enableval" = "xno" ; then
3700 AC_DEFINE(DISABLE_WTMP)
3701 fi
3702 ]
3c0ef626 3703)
3704AC_ARG_ENABLE(wtmpx,
3705 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
0fff78ff 3706 [
3707 if test "x$enableval" = "xno" ; then
2c06c99b 3708 AC_DEFINE(DISABLE_WTMPX, 1,
3709 [Define if you don't want to use wtmpx])
0fff78ff 3710 fi
3711 ]
3c0ef626 3712)
3713AC_ARG_ENABLE(libutil,
3714 [ --disable-libutil disable use of libutil (login() etc.) [no]],
0fff78ff 3715 [
3716 if test "x$enableval" = "xno" ; then
3717 AC_DEFINE(DISABLE_LOGIN)
3718 fi
3719 ]
3c0ef626 3720)
3721AC_ARG_ENABLE(pututline,
3722 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
0fff78ff 3723 [
3724 if test "x$enableval" = "xno" ; then
2c06c99b 3725 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3726 [Define if you don't want to use pututline()
3727 etc. to write [uw]tmp])
0fff78ff 3728 fi
3729 ]
3c0ef626 3730)
3731AC_ARG_ENABLE(pututxline,
3732 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
0fff78ff 3733 [
3734 if test "x$enableval" = "xno" ; then
2c06c99b 3735 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3736 [Define if you don't want to use pututxline()
3737 etc. to write [uw]tmpx])
0fff78ff 3738 fi
3739 ]
3c0ef626 3740)
3741AC_ARG_WITH(lastlog,
3742 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3743 [
dec6d9fe 3744 if test "x$withval" = "xno" ; then
3c0ef626 3745 AC_DEFINE(DISABLE_LASTLOG)
dec6d9fe 3746 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3c0ef626 3747 conf_lastlog_location=$withval
3748 fi
3749 ]
3750)
3751
3752dnl lastlog, [uw]tmpx? detection
3753dnl NOTE: set the paths in the platform section to avoid the
3754dnl need for command-line parameters
3755dnl lastlog and [uw]tmp are subject to a file search if all else fails
3756
3757dnl lastlog detection
3758dnl NOTE: the code itself will detect if lastlog is a directory
3759AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3760AC_TRY_COMPILE([
3761#include <sys/types.h>
3762#include <utmp.h>
3763#ifdef HAVE_LASTLOG_H
3764# include <lastlog.h>
3765#endif
3766#ifdef HAVE_PATHS_H
3767# include <paths.h>
3768#endif
3769#ifdef HAVE_LOGIN_H
3770# include <login.h>
3771#endif
3772 ],
3773 [ char *lastlog = LASTLOG_FILE; ],
3774 [ AC_MSG_RESULT(yes) ],
3775 [
3776 AC_MSG_RESULT(no)
3777 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3778 AC_TRY_COMPILE([
3779#include <sys/types.h>
3780#include <utmp.h>
3781#ifdef HAVE_LASTLOG_H
3782# include <lastlog.h>
3783#endif
3784#ifdef HAVE_PATHS_H
3785# include <paths.h>
3786#endif
3787 ],
3788 [ char *lastlog = _PATH_LASTLOG; ],
3789 [ AC_MSG_RESULT(yes) ],
3790 [
3791 AC_MSG_RESULT(no)
3792 system_lastlog_path=no
3793 ])
3794 ]
3795)
3796
3797if test -z "$conf_lastlog_location"; then
3798 if test x"$system_lastlog_path" = x"no" ; then
3799 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3800 if (test -d "$f" || test -f "$f") ; then
3801 conf_lastlog_location=$f
3802 fi
3803 done
3804 if test -z "$conf_lastlog_location"; then
3805 AC_MSG_WARN([** Cannot find lastlog **])
3806 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3807 fi
3808 fi
3809fi
3810
3811if test -n "$conf_lastlog_location"; then
2c06c99b 3812 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3813 [Define if you want to specify the path to your lastlog file])
dec6d9fe 3814fi
3c0ef626 3815
3816dnl utmp detection
3817AC_MSG_CHECKING([if your system defines UTMP_FILE])
3818AC_TRY_COMPILE([
3819#include <sys/types.h>
3820#include <utmp.h>
3821#ifdef HAVE_PATHS_H
3822# include <paths.h>
3823#endif
3824 ],
3825 [ char *utmp = UTMP_FILE; ],
3826 [ AC_MSG_RESULT(yes) ],
3827 [ AC_MSG_RESULT(no)
3828 system_utmp_path=no ]
3829)
3830if test -z "$conf_utmp_location"; then
3831 if test x"$system_utmp_path" = x"no" ; then
3832 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3833 if test -f $f ; then
3834 conf_utmp_location=$f
3835 fi
3836 done
3837 if test -z "$conf_utmp_location"; then
3838 AC_DEFINE(DISABLE_UTMP)
3839 fi
3840 fi
3841fi
3842if test -n "$conf_utmp_location"; then
2c06c99b 3843 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3844 [Define if you want to specify the path to your utmp file])
dec6d9fe 3845fi
3c0ef626 3846
3847dnl wtmp detection
3848AC_MSG_CHECKING([if your system defines WTMP_FILE])
3849AC_TRY_COMPILE([
3850#include <sys/types.h>
3851#include <utmp.h>
3852#ifdef HAVE_PATHS_H
3853# include <paths.h>
3854#endif
3855 ],
3856 [ char *wtmp = WTMP_FILE; ],
3857 [ AC_MSG_RESULT(yes) ],
3858 [ AC_MSG_RESULT(no)
3859 system_wtmp_path=no ]
3860)
3861if test -z "$conf_wtmp_location"; then
3862 if test x"$system_wtmp_path" = x"no" ; then
3863 for f in /usr/adm/wtmp /var/log/wtmp; do
3864 if test -f $f ; then
3865 conf_wtmp_location=$f
3866 fi
3867 done
3868 if test -z "$conf_wtmp_location"; then
3869 AC_DEFINE(DISABLE_WTMP)
3870 fi
3871 fi
3872fi
3873if test -n "$conf_wtmp_location"; then
2c06c99b 3874 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3875 [Define if you want to specify the path to your wtmp file])
dec6d9fe 3876fi
3c0ef626 3877
3878
3879dnl utmpx detection - I don't know any system so perverse as to require
3880dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3881dnl there, though.
3882AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3883AC_TRY_COMPILE([
3884#include <sys/types.h>
3885#include <utmp.h>
3886#ifdef HAVE_UTMPX_H
3887#include <utmpx.h>
3888#endif
3889#ifdef HAVE_PATHS_H
3890# include <paths.h>
3891#endif
3892 ],
3893 [ char *utmpx = UTMPX_FILE; ],
3894 [ AC_MSG_RESULT(yes) ],
3895 [ AC_MSG_RESULT(no)
3896 system_utmpx_path=no ]
3897)
3898if test -z "$conf_utmpx_location"; then
3899 if test x"$system_utmpx_path" = x"no" ; then
3900 AC_DEFINE(DISABLE_UTMPX)
3901 fi
3902else
2c06c99b 3903 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3904 [Define if you want to specify the path to your utmpx file])
dec6d9fe 3905fi
3c0ef626 3906
3907dnl wtmpx detection
3908AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3909AC_TRY_COMPILE([
3910#include <sys/types.h>
3911#include <utmp.h>
3912#ifdef HAVE_UTMPX_H
3913#include <utmpx.h>
3914#endif
3915#ifdef HAVE_PATHS_H
3916# include <paths.h>
3917#endif
3918 ],
3919 [ char *wtmpx = WTMPX_FILE; ],
3920 [ AC_MSG_RESULT(yes) ],
3921 [ AC_MSG_RESULT(no)
3922 system_wtmpx_path=no ]
3923)
3924if test -z "$conf_wtmpx_location"; then
3925 if test x"$system_wtmpx_path" = x"no" ; then
3926 AC_DEFINE(DISABLE_WTMPX)
3927 fi
3928else
2c06c99b 3929 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3930 [Define if you want to specify the path to your wtmpx file])
dec6d9fe 3931fi
3c0ef626 3932
3933
3c0ef626 3934if test ! -z "$blibpath" ; then
7e772e1f 3935 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3936 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3c0ef626 3937fi
3938
665a873d 3939dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3940dnl Add now.
3941CFLAGS="$CFLAGS $werror_flags"
3942
e9a17296 3943AC_EXEEXT
9108f8d9 3944AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3945 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
996d5e62 3946 scard/Makefile ssh_prng_cmds survey.sh])
3c0ef626 3947AC_OUTPUT
3948
3949# Print summary of options
3950
3c0ef626 3951# Someone please show me a better way :)
3952A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3953B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3954C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3955D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3956E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3957F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3958G=`eval echo ${piddir}` ; G=`eval echo ${G}`
700318f3 3959H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3960I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3961J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3c0ef626 3962
3963echo ""
3964echo "OpenSSH has been configured with the following options:"
700318f3 3965echo " User binaries: $B"
3966echo " System binaries: $C"
3967echo " Configuration files: $D"
3968echo " Askpass program: $E"
3969echo " Manual pages: $F"
3970echo " PID file: $G"
3971echo " Privilege separation chroot path: $H"
0fff78ff 3972if test "x$external_path_file" = "x/etc/login.conf" ; then
3973echo " At runtime, sshd will use the path defined in $external_path_file"
3974echo " Make sure the path to scp is present, otherwise scp will not work"
700318f3 3975else
3976echo " sshd default user PATH: $I"
0fff78ff 3977 if test ! -z "$external_path_file"; then
3978echo " (If PATH is set in $external_path_file it will be used instead. If"
3979echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3980 fi
700318f3 3981fi
3982if test ! -z "$superuser_path" ; then
3983echo " sshd superuser user PATH: $J"
3984fi
3985echo " Manpage format: $MANTYPE"
0fff78ff 3986echo " PAM support: $PAM_MSG"
9108f8d9 3987echo " OSF SIA support: $SIA_MSG"
700318f3 3988echo " KerberosV support: $KRB5_MSG"
9108f8d9 3989echo " SELinux support: $SELINUX_MSG"
700318f3 3990echo " Smartcard support: $SCARD_MSG"
700318f3 3991echo " S/KEY support: $SKEY_MSG"
3992echo " TCP Wrappers support: $TCPW_MSG"
3993echo " MD5 password support: $MD5_MSG"
996d5e62 3994echo " libedit support: $LIBEDIT_MSG"
9108f8d9 3995echo " Solaris process contract support: $SPC_MSG"
700318f3 3996echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
700318f3 3997echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3998echo " BSD Auth support: $BSD_AUTH_MSG"
3999echo " Random number source: $RAND_MSG"
e9a17296 4000if test ! -z "$USE_RAND_HELPER" ; then
700318f3 4001echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3c0ef626 4002fi
4003
4004echo ""
4005
4006echo " Host: ${host}"
4007echo " Compiler: ${CC}"
4008echo " Compiler flags: ${CFLAGS}"
4009echo "Preprocessor flags: ${CPPFLAGS}"
4010echo " Linker flags: ${LDFLAGS}"
e9a17296 4011echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3c0ef626 4012
4013echo ""
4014
c9f39d2c 4015if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
996d5e62 4016 echo "SVR4 style packages are supported with \"make package\""
4017 echo ""
c9f39d2c 4018fi
4019
3c0ef626 4020if test "x$PAM_MSG" = "xyes" ; then
e9a17296 4021 echo "PAM is enabled. You may need to install a PAM control file "
4022 echo "for sshd, otherwise password authentication may fail. "
cdd66111 4023 echo "Example PAM control files can be found in the contrib/ "
e9a17296 4024 echo "subdirectory"
3c0ef626 4025 echo ""
4026fi
4027
e9a17296 4028if test ! -z "$RAND_HELPER_CMDHASH" ; then
4029 echo "WARNING: you are using the builtin random number collection "
4030 echo "service. Please read WARNING.RNG and request that your OS "
4031 echo "vendor includes kernel-based random number collection in "
4032 echo "future versions of your OS."
3c0ef626 4033 echo ""
4034fi
4035
c9f39d2c 4036if test ! -z "$NO_PEERCHECK" ; then
4037 echo "WARNING: the operating system that you are using does not "
4038 echo "appear to support either the getpeereid() API nor the "
4039 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4040 echo "enforce security checks to prevent unauthorised connections to "
4041 echo "ssh-agent. Their absence increases the risk that a malicious "
4042 echo "user can connect to your agent. "
4043 echo ""
4044fi
4045
996d5e62 4046if test "$AUDIT_MODULE" = "bsm" ; then
4047 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4048 echo "See the Solaris section in README.platform for details."
4049fi
git-cvsimport mirror of GSI OpenSSH
This page took 0.704491 seconds and 5 git commands to generate.