]> andersk Git - gssapi-openssh.git/blame - openssh/configure.ac
andersk / gssapi-openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
http://www.sxw.org.uk/computing/patches/openssh-4.5p1-gsskex-20061220.patch
[gssapi-openssh.git] / openssh / configure.ac
CommitLineData
3c0ef626 1# $Id$
99be0775 2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
3c0ef626 16
665a873d 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
f2f068fa 18AC_REVISION($Revision$)
3c0ef626 19AC_CONFIG_SRCDIR([ssh.c])
20
21AC_CONFIG_HEADER(config.h)
22AC_PROG_CC
23AC_CANONICAL_HOST
24AC_C_BIGENDIAN
25
26# Checks for programs.
0fff78ff 27AC_PROG_AWK
3c0ef626 28AC_PROG_CPP
29AC_PROG_RANLIB
30AC_PROG_INSTALL
f2f068fa 31AC_PROG_EGREP
3c0ef626 32AC_PATH_PROG(AR, ar)
c9f39d2c 33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
3c0ef626 35AC_PATH_PROGS(PERL, perl5 perl)
6a9b3198 36AC_PATH_PROG(SED, sed)
3c0ef626 37AC_SUBST(PERL)
38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
3c0ef626 40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
700318f3 43AC_PATH_PROG(SH, sh)
c9f39d2c 44AC_SUBST(TEST_SHELL,sh)
45
46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
2c06c99b 52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
3c0ef626 57
58# System features
59AC_SYS_LARGEFILE
60
61if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
2c06c99b 67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
3c0ef626 70else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76fi
77
cdd66111 78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
2c06c99b 80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
cdd66111 82fi
83
3c0ef626 84if test -z "$LD" ; then
85 LD=$CC
86fi
87AC_SUBST(LD)
dec6d9fe 88
3c0ef626 89AC_C_INLINE
665a873d 90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
cdd66111 93if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
665a873d 94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
2c06c99b 95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
665a873d 96 case $GCC_VER in
97 1.*) ;;
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99 2.*) ;;
2c06c99b 100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
102 *) ;;
665a873d 103 esac
104
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
111 [have_llong_max=1],
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
114 )
115 fi
116fi
117
cdd66111 118AC_ARG_WITH(rpath,
119 [ --without-rpath Disable auto-added -R linker paths],
120 [
dec6d9fe 121 if test "x$withval" = "xno" ; then
cdd66111 122 need_dash_r=""
123 fi
124 if test "x$withval" = "xyes" ; then
125 need_dash_r=1
126 fi
127 ]
128)
129
ff7ec503 130# Allow user to specify flags
131AC_ARG_WITH(cflags,
132 [ --with-cflags Specify additional flags to pass to compiler],
133 [
134 if test -n "$withval" && test "x$withval" != "xno" && \
135 test "x${withval}" != "xyes"; then
136 CFLAGS="$CFLAGS $withval"
137 fi
138 ]
139)
140AC_ARG_WITH(cppflags,
141 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
142 [
143 if test -n "$withval" && test "x$withval" != "xno" && \
144 test "x${withval}" != "xyes"; then
145 CPPFLAGS="$CPPFLAGS $withval"
146 fi
147 ]
148)
149AC_ARG_WITH(ldflags,
150 [ --with-ldflags Specify additional flags to pass to linker],
151 [
152 if test -n "$withval" && test "x$withval" != "xno" && \
153 test "x${withval}" != "xyes"; then
154 LDFLAGS="$LDFLAGS $withval"
155 fi
156 ]
157)
158AC_ARG_WITH(libs,
159 [ --with-libs Specify additional libraries to link with],
160 [
161 if test -n "$withval" && test "x$withval" != "xno" && \
162 test "x${withval}" != "xyes"; then
163 LIBS="$LIBS $withval"
164 fi
165 ]
166)
167AC_ARG_WITH(Werror,
168 [ --with-Werror Build main code with -Werror],
169 [
170 if test -n "$withval" && test "x$withval" != "xno"; then
171 werror_flags="-Werror"
172 if test "x${withval}" != "xyes"; then
173 werror_flags="$withval"
174 fi
175 fi
176 ]
177)
178
179AC_CHECK_HEADERS( \
180 bstring.h \
181 crypt.h \
182 crypto/sha2.h \
183 dirent.h \
184 endian.h \
185 features.h \
186 fcntl.h \
187 floatingpoint.h \
188 getopt.h \
189 glob.h \
190 ia.h \
191 iaf.h \
192 limits.h \
193 login.h \
194 maillock.h \
195 ndir.h \
196 net/if_tun.h \
197 netdb.h \
198 netgroup.h \
199 pam/pam_appl.h \
200 paths.h \
201 pty.h \
202 readpassphrase.h \
203 rpc/types.h \
204 security/pam_appl.h \
205 sha2.h \
206 shadow.h \
207 stddef.h \
208 stdint.h \
209 string.h \
210 strings.h \
211 sys/audit.h \
212 sys/bitypes.h \
213 sys/bsdtty.h \
214 sys/cdefs.h \
215 sys/dir.h \
216 sys/mman.h \
217 sys/ndir.h \
218 sys/prctl.h \
219 sys/pstat.h \
220 sys/select.h \
221 sys/stat.h \
222 sys/stream.h \
223 sys/stropts.h \
224 sys/strtio.h \
225 sys/sysmacros.h \
226 sys/time.h \
227 sys/timers.h \
228 sys/un.h \
229 time.h \
230 tmpdir.h \
231 ttyent.h \
232 unistd.h \
233 usersec.h \
234 util.h \
235 utime.h \
236 utmp.h \
237 utmpx.h \
238 vis.h \
239)
240
241# lastlog.h requires sys/time.h to be included first on Solaris
242AC_CHECK_HEADERS(lastlog.h, [], [], [
243#ifdef HAVE_SYS_TIME_H
244# include <sys/time.h>
245#endif
246])
247
248# sys/ptms.h requires sys/stream.h to be included first on Solaris
249AC_CHECK_HEADERS(sys/ptms.h, [], [], [
250#ifdef HAVE_SYS_STREAM_H
251# include <sys/stream.h>
252#endif
253])
254
255# login_cap.h requires sys/types.h on NetBSD
256AC_CHECK_HEADERS(login_cap.h, [], [], [
257#include <sys/types.h>
258])
259
9108f8d9 260# Messages for features tested for in target-specific section
261SIA_MSG="no"
262SPC_MSG="no"
263
3c0ef626 264# Check for some target-specific stuff
265case "$host" in
266*-*-aix*)
9108f8d9 267 # Some versions of VAC won't allow macro redefinitions at
268 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
269 # particularly with older versions of vac or xlc.
270 # It also throws errors about null macro argments, but these are
271 # not fatal.
272 AC_MSG_CHECKING(if compiler allows macro redefinitions)
273 AC_COMPILE_IFELSE(
274 [AC_LANG_SOURCE([[
275#define testmacro foo
276#define testmacro bar
277int main(void) { exit(0); }
278 ]])],
279 [ AC_MSG_RESULT(yes) ],
280 [ AC_MSG_RESULT(no)
281 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
282 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
283 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
284 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
285 ]
286 )
287
cdd66111 288 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
7e772e1f 289 if (test -z "$blibpath"); then
cdd66111 290 blibpath="/usr/lib:/lib"
7e772e1f 291 fi
292 saved_LDFLAGS="$LDFLAGS"
9108f8d9 293 if test "$GCC" = "yes"; then
294 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
295 else
296 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
297 fi
298 for tryflags in $flags ;do
7e772e1f 299 if (test -z "$blibflags"); then
300 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
301 AC_TRY_LINK([], [], [blibflags=$tryflags])
302 fi
303 done
304 if (test -z "$blibflags"); then
305 AC_MSG_RESULT(not found)
306 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
307 else
308 AC_MSG_RESULT($blibflags)
3c0ef626 309 fi
7e772e1f 310 LDFLAGS="$saved_LDFLAGS"
0fff78ff 311 dnl Check for authenticate. Might be in libs.a on older AIXes
2c06c99b 312 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
313 [Define if you want to enable AIX4's authenticate function])],
41b2f314 314 [AC_CHECK_LIB(s,authenticate,
315 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
316 LIBS="$LIBS -ls"
317 ])
318 ])
996d5e62 319 dnl Check for various auth function declarations in headers.
320 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
dec6d9fe 321 passwdexpired, setauthdb], , , [#include <usersec.h>])
0fff78ff 322 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
996d5e62 323 AC_CHECK_DECLS(loginfailed,
0fff78ff 324 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
325 AC_TRY_COMPILE(
326 [#include <usersec.h>],
327 [(void)loginfailed("user","host","tty",0);],
328 [AC_MSG_RESULT(yes)
2c06c99b 329 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
330 [Define if your AIX loginfailed() function
331 takes 4 arguments (AIX >= 5.2)])],
0fff78ff 332 [AC_MSG_RESULT(no)]
333 )],
334 [],
335 [#include <usersec.h>]
336 )
337 AC_CHECK_FUNCS(setauthdb)
9108f8d9 338 AC_CHECK_DECL(F_CLOSEM,
339 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
340 [],
341 [ #include <limits.h>
342 #include <fcntl.h> ]
343 )
996d5e62 344 check_for_aix_broken_getaddrinfo=1
2c06c99b 345 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
346 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
347 [Define if your platform breaks doing a seteuid before a setuid])
348 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
349 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
3c0ef626 350 dnl AIX handles lastlog as part of its login message
2c06c99b 351 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
352 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
353 [Some systems need a utmpx entry for /bin/login to work])
354 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
355 [Define to a Set Process Title type if your system is
356 supported by bsd-setproctitle.c])
357 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
358 [AIX 5.2 and 5.3 (and presumably newer) require this])
9108f8d9 359 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
3c0ef626 360 ;;
361*-*-cygwin*)
6a9b3198 362 check_for_libcrypt_later=1
e9a17296 363 LIBS="$LIBS /usr/lib/textmode.o"
2c06c99b 364 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
365 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
366 AC_DEFINE(DISABLE_SHADOW, 1,
367 [Define if you want to disable shadow passwords])
368 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
369 [Define if your system choked on IP TOS setting])
370 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
371 [Define if X11 doesn't support AF_UNIX sockets on that system])
372 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
373 [Define if the concept of ports only accessible to
374 superusers isn't known])
375 AC_DEFINE(DISABLE_FD_PASSING, 1,
376 [Define if your platform needs to skip post auth
377 file descriptor passing])
3c0ef626 378 ;;
379*-*-dgux*)
380 AC_DEFINE(IP_TOS_IS_BROKEN)
cdd66111 381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 384 ;;
385*-*-darwin*)
41b2f314 386 AC_MSG_CHECKING(if we have working getaddrinfo)
387 AC_TRY_RUN([#include <mach-o/dyld.h>
388main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
389 exit(0);
390 else
391 exit(1);
392}], [AC_MSG_RESULT(working)],
393 [AC_MSG_RESULT(buggy)
2c06c99b 394 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
41b2f314 395 [AC_MSG_RESULT(assume it is working)])
acc3d05e 396 AC_DEFINE(SETEUID_BREAKS_SETUID)
397 AC_DEFINE(BROKEN_SETREUID)
398 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 399 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
400 [Define if your resolver libs need this for getrrsetbyname])
9108f8d9 401 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
402 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
403 [Use tunnel device compatibility to OpenBSD])
404 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
405 [Prepend the address family to IP tunnel traffic])
70e5f740 406 AC_MSG_CHECKING(if we have the Security Authorization Session API)
407 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
408 [SessionCreate(0, 0);],
409 [ac_cv_use_security_session_api="yes"
410 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
411 [platform has the Security Authorization Session API])
412 LIBS="$LIBS -framework Security"
413 AC_MSG_RESULT(yes)],
414 [ac_cv_use_security_session_api="no"
415 AC_MSG_RESULT(no)])
416 AC_MSG_CHECKING(if we have an in-memory credentials cache)
417 AC_TRY_COMPILE(
418 [#include <Kerberos/Kerberos.h>],
419 [cc_context_t c;
420 (void) cc_initialize (&c, 0, NULL, NULL);],
421 [AC_DEFINE(USE_CCAPI, 1,
422 [platform uses an in-memory credentials cache])
423 LIBS="$LIBS -framework Security"
424 AC_MSG_RESULT(yes)
425 if test "x$ac_cv_use_security_session_api" = "xno"; then
426 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
427 fi],
428 [AC_MSG_RESULT(no)]
429 )
430 ;;
9108f8d9 431*-*-dragonfly*)
432 SSHDLIBS="$SSHDLIBS -lcrypt"
3c0ef626 433 ;;
665a873d 434*-*-hpux*)
435 # first we define all of the options common to all HP-UX releases
3c0ef626 436 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
437 IPADDR_IN_DISPLAY=yes
3c0ef626 438 AC_DEFINE(USE_PIPES)
2c06c99b 439 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
440 [Define if your login program cannot handle end of options ("--")])
700318f3 441 AC_DEFINE(LOGIN_NEEDS_UTMPX)
2c06c99b 442 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
443 [String used in /etc/passwd to denote locked account])
0fff78ff 444 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
2c06c99b 445 MAIL="/var/mail/username"
41b2f314 446 LIBS="$LIBS -lsec"
665a873d 447 AC_CHECK_LIB(xnet, t_error, ,
448 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
449
450 # next, we define all of the options specific to major releases
451 case "$host" in
452 *-*-hpux10*)
453 if test -z "$GCC"; then
454 CFLAGS="$CFLAGS -Ae"
455 fi
456 ;;
457 *-*-hpux11*)
2c06c99b 458 AC_DEFINE(PAM_SUN_CODEBASE, 1,
459 [Define if you are using Solaris-derived PAM which
460 passes pam_messages to the conversation function
461 with an extra level of indirection])
462 AC_DEFINE(DISABLE_UTMP, 1,
463 [Define if you don't want to use utmp])
665a873d 464 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
465 check_for_hpux_broken_getaddrinfo=1
466 check_for_conflicting_getspnam=1
467 ;;
468 esac
469
470 # lastly, we define options specific to minor releases
471 case "$host" in
472 *-*-hpux10.26)
2c06c99b 473 AC_DEFINE(HAVE_SECUREWARE, 1,
474 [Define if you have SecureWare-based
475 protected password database])
665a873d 476 disable_ptmx_check=yes
477 LIBS="$LIBS -lsecpw"
478 ;;
479 esac
3c0ef626 480 ;;
481*-*-irix5*)
3c0ef626 482 PATH="$PATH:/usr/etc"
2c06c99b 483 AC_DEFINE(BROKEN_INET_NTOA, 1,
484 [Define if you system's inet_ntoa is busted
485 (e.g. Irix gcc issue)])
cdd66111 486 AC_DEFINE(SETEUID_BREAKS_SETUID)
487 AC_DEFINE(BROKEN_SETREUID)
488 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 489 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
490 [Define if you shouldn't strip 'tty' from your
491 ttyname in [uw]tmp])
0fff78ff 492 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 493 ;;
494*-*-irix6*)
3c0ef626 495 PATH="$PATH:/usr/etc"
2c06c99b 496 AC_DEFINE(WITH_IRIX_ARRAY, 1,
497 [Define if you have/want arrays
498 (cluster-wide session managment, not C arrays)])
499 AC_DEFINE(WITH_IRIX_PROJECT, 1,
500 [Define if you want IRIX project management])
501 AC_DEFINE(WITH_IRIX_AUDIT, 1,
502 [Define if you want IRIX audit trails])
503 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
504 [Define if you want IRIX kernel jobs])])
3c0ef626 505 AC_DEFINE(BROKEN_INET_NTOA)
acc3d05e 506 AC_DEFINE(SETEUID_BREAKS_SETUID)
507 AC_DEFINE(BROKEN_SETREUID)
508 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 509 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
700318f3 510 AC_DEFINE(WITH_ABBREV_NO_TTY)
0fff78ff 511 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 512 ;;
513*-*-linux*)
514 no_dev_ptmx=1
515 check_for_libcrypt_later=1
0fff78ff 516 check_for_openpty_ctty_bug=1
2c06c99b 517 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
518 AC_DEFINE(PAM_TTY_KLUDGE, 1,
519 [Work around problematic Linux PAM modules handling of PAM_TTY])
520 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
521 [String used in /etc/passwd to denote locked account])
0fff78ff 522 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
2c06c99b 523 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
524 [Define to whatever link() returns for "not supported"
525 if it doesn't return EOPNOTSUPP.])
996d5e62 526 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
2c06c99b 527 AC_DEFINE(USE_BTMP)
3c0ef626 528 inet6_default_4in6=yes
0fff78ff 529 case `uname -r` in
530 1.*|2.0.*)
2c06c99b 531 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
532 [Define if cmsg_type is not passed correctly])
0fff78ff 533 ;;
534 esac
2c06c99b 535 # tun(4) forwarding compat code
536 AC_CHECK_HEADERS(linux/if_tun.h)
537 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
538 AC_DEFINE(SSH_TUN_LINUX, 1,
539 [Open tunnel devices the Linux tun/tap way])
540 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
541 [Use tunnel device compatibility to OpenBSD])
542 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
543 [Prepend the address family to IP tunnel traffic])
544 fi
3c0ef626 545 ;;
546mips-sony-bsd|mips-sony-newsos4)
f2f068fa 547 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
3c0ef626 548 SONY=1
3c0ef626 549 ;;
550*-*-netbsd*)
41b2f314 551 check_for_libcrypt_before=1
dec6d9fe 552 if test "x$withval" != "xno" ; then
cdd66111 553 need_dash_r=1
554 fi
2c06c99b 555 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
556 AC_CHECK_HEADER([net/if_tap.h], ,
557 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
558 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
559 [Prepend the address family to IP tunnel traffic])
3c0ef626 560 ;;
561*-*-freebsd*)
562 check_for_libcrypt_later=1
2c06c99b 563 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
564 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
565 AC_CHECK_HEADER([net/if_tap.h], ,
566 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
3c0ef626 567 ;;
acc3d05e 568*-*-bsdi*)
569 AC_DEFINE(SETEUID_BREAKS_SETUID)
570 AC_DEFINE(BROKEN_SETREUID)
571 AC_DEFINE(BROKEN_SETREGID)
572 ;;
3c0ef626 573*-next-*)
574 conf_lastlog_location="/usr/adm/lastlog"
575 conf_utmp_location=/etc/utmp
576 conf_wtmp_location=/usr/adm/wtmp
577 MAIL=/usr/spool/mail
2c06c99b 578 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
3c0ef626 579 AC_DEFINE(BROKEN_REALPATH)
580 AC_DEFINE(USE_PIPES)
2c06c99b 581 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
3c0ef626 582 ;;
665a873d 583*-*-openbsd*)
584 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
2c06c99b 585 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
586 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
9108f8d9 587 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
588 [syslog_r function is safe to use in in a signal handler])
665a873d 589 ;;
3c0ef626 590*-*-solaris*)
dec6d9fe 591 if test "x$withval" != "xno" ; then
99be0775 592 need_dash_r=1
593 fi
3c0ef626 594 AC_DEFINE(PAM_SUN_CODEBASE)
595 AC_DEFINE(LOGIN_NEEDS_UTMPX)
2c06c99b 596 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
597 [Some versions of /bin/login need the TERM supplied
598 on the commandline])
3c0ef626 599 AC_DEFINE(PAM_TTY_KLUDGE)
2c06c99b 600 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
601 [Define if pam_chauthtok wants real uid set
602 to the unpriv'ed user])
0fff78ff 603 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
604 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
2c06c99b 605 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
606 [Define if sshd somehow reacquires a controlling TTY
607 after setsid()])
9108f8d9 608 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
609 in case the name is longer than 8 chars])
0fff78ff 610 external_path_file=/etc/default/login
3c0ef626 611 # hardwire lastlog location (can't detect it on some versions)
612 conf_lastlog_location="/var/adm/lastlog"
613 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
614 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
615 if test "$sol2ver" -ge 8; then
616 AC_MSG_RESULT(yes)
617 AC_DEFINE(DISABLE_UTMP)
2c06c99b 618 AC_DEFINE(DISABLE_WTMP, 1,
619 [Define if you don't want to use wtmp])
3c0ef626 620 else
621 AC_MSG_RESULT(no)
622 fi
9108f8d9 623 AC_ARG_WITH(solaris-contracts,
624 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
625 [
626 AC_CHECK_LIB(contract, ct_tmpl_activate,
627 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
628 [Define if you have Solaris process contracts])
629 SSHDLIBS="$SSHDLIBS -lcontract"
630 AC_SUBST(SSHDLIBS)
631 SPC_MSG="yes" ], )
632 ],
633 )
3c0ef626 634 ;;
635*-*-sunos4*)
636 CPPFLAGS="$CPPFLAGS -DSUNOS4"
637 AC_CHECK_FUNCS(getpwanam)
638 AC_DEFINE(PAM_SUN_CODEBASE)
3c0ef626 639 conf_utmp_location=/etc/utmp
640 conf_wtmp_location=/var/adm/wtmp
641 conf_lastlog_location=/var/adm/lastlog
642 AC_DEFINE(USE_PIPES)
643 ;;
644*-ncr-sysv*)
3c0ef626 645 LIBS="$LIBS -lc89"
e9a17296 646 AC_DEFINE(USE_PIPES)
0fff78ff 647 AC_DEFINE(SSHD_ACQUIRES_CTTY)
acc3d05e 648 AC_DEFINE(SETEUID_BREAKS_SETUID)
649 AC_DEFINE(BROKEN_SETREUID)
650 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 651 ;;
652*-sni-sysv*)
3c0ef626 653 # /usr/ucblib MUST NOT be searched on ReliantUNIX
cdd66111 654 AC_CHECK_LIB(dl, dlsym, ,)
2c06c99b 655 # -lresolv needs to be at the end of LIBS or DNS lookups break
656 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
3c0ef626 657 IPADDR_IN_DISPLAY=yes
658 AC_DEFINE(USE_PIPES)
659 AC_DEFINE(IP_TOS_IS_BROKEN)
cdd66111 660 AC_DEFINE(SETEUID_BREAKS_SETUID)
661 AC_DEFINE(BROKEN_SETREUID)
662 AC_DEFINE(BROKEN_SETREGID)
0fff78ff 663 AC_DEFINE(SSHD_ACQUIRES_CTTY)
664 external_path_file=/etc/default/login
3c0ef626 665 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
666 # Attention: always take care to bind libsocket and libnsl before libc,
667 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
668 ;;
996d5e62 669# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
3c0ef626 670*-*-sysv4.2*)
3c0ef626 671 AC_DEFINE(USE_PIPES)
0fff78ff 672 AC_DEFINE(SETEUID_BREAKS_SETUID)
673 AC_DEFINE(BROKEN_SETREUID)
674 AC_DEFINE(BROKEN_SETREGID)
dec6d9fe 675 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
2c06c99b 676 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 677 ;;
996d5e62 678# UnixWare 7.x, OpenUNIX 8
3c0ef626 679*-*-sysv5*)
665a873d 680 check_for_libcrypt_later=1
681 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
3c0ef626 682 AC_DEFINE(USE_PIPES)
0fff78ff 683 AC_DEFINE(SETEUID_BREAKS_SETUID)
684 AC_DEFINE(BROKEN_SETREUID)
685 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 686 AC_DEFINE(PASSWD_NEEDS_USERNAME)
665a873d 687 case "$host" in
688 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
689 TEST_SHELL=/u95/bin/sh
2c06c99b 690 AC_DEFINE(BROKEN_LIBIAF, 1,
691 [ia_uinfo routines not supported by OS yet])
9108f8d9 692 AC_DEFINE(BROKEN_UPDWTMPX)
2c06c99b 693 ;;
694 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
665a873d 695 ;;
696 esac
3c0ef626 697 ;;
698*-*-sysv*)
3c0ef626 699 ;;
996d5e62 700# SCO UNIX and OEM versions of SCO UNIX
3c0ef626 701*-*-sco3.2v4*)
996d5e62 702 AC_MSG_ERROR("This Platform is no longer supported.")
3c0ef626 703 ;;
996d5e62 704# SCO OpenServer 5.x
3c0ef626 705*-*-sco3.2v5*)
6a9b3198 706 if test -z "$GCC"; then
707 CFLAGS="$CFLAGS -belf"
708 fi
3c0ef626 709 LIBS="$LIBS -lprot -lx -ltinfo -lm"
710 no_dev_ptmx=1
3c0ef626 711 AC_DEFINE(USE_PIPES)
700318f3 712 AC_DEFINE(HAVE_SECUREWARE)
3c0ef626 713 AC_DEFINE(DISABLE_SHADOW)
41b2f314 714 AC_DEFINE(DISABLE_FD_PASSING)
0fff78ff 715 AC_DEFINE(SETEUID_BREAKS_SETUID)
716 AC_DEFINE(BROKEN_SETREUID)
717 AC_DEFINE(BROKEN_SETREGID)
718 AC_DEFINE(WITH_ABBREV_NO_TTY)
c9f39d2c 719 AC_DEFINE(BROKEN_UPDWTMPX)
2c06c99b 720 AC_DEFINE(PASSWD_NEEDS_USERNAME)
3c0ef626 721 AC_CHECK_FUNCS(getluid setluid)
722 MANTYPE=man
c9f39d2c 723 TEST_SHELL=ksh
3c0ef626 724 ;;
41b2f314 725*-*-unicosmk*)
2c06c99b 726 AC_DEFINE(NO_SSH_LASTLOG, 1,
727 [Define if you don't want to use lastlog in session.c])
cdd66111 728 AC_DEFINE(SETEUID_BREAKS_SETUID)
729 AC_DEFINE(BROKEN_SETREUID)
730 AC_DEFINE(BROKEN_SETREGID)
41b2f314 731 AC_DEFINE(USE_PIPES)
732 AC_DEFINE(DISABLE_FD_PASSING)
733 LDFLAGS="$LDFLAGS"
734 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
735 MANTYPE=cat
736 ;;
0fff78ff 737*-*-unicosmp*)
cdd66111 738 AC_DEFINE(SETEUID_BREAKS_SETUID)
739 AC_DEFINE(BROKEN_SETREUID)
740 AC_DEFINE(BROKEN_SETREGID)
0fff78ff 741 AC_DEFINE(WITH_ABBREV_NO_TTY)
742 AC_DEFINE(USE_PIPES)
743 AC_DEFINE(DISABLE_FD_PASSING)
744 LDFLAGS="$LDFLAGS"
cdd66111 745 LIBS="$LIBS -lgen -lacid -ldb"
0fff78ff 746 MANTYPE=cat
747 ;;
3c0ef626 748*-*-unicos*)
cdd66111 749 AC_DEFINE(SETEUID_BREAKS_SETUID)
750 AC_DEFINE(BROKEN_SETREUID)
751 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 752 AC_DEFINE(USE_PIPES)
41b2f314 753 AC_DEFINE(DISABLE_FD_PASSING)
754 AC_DEFINE(NO_SSH_LASTLOG)
755 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
756 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
757 MANTYPE=cat
3c0ef626 758 ;;
759*-dec-osf*)
760 AC_MSG_CHECKING(for Digital Unix SIA)
761 no_osfsia=""
762 AC_ARG_WITH(osfsia,
763 [ --with-osfsia Enable Digital Unix SIA],
764 [
765 if test "x$withval" = "xno" ; then
766 AC_MSG_RESULT(disabled)
767 no_osfsia=1
768 fi
769 ],
770 )
771 if test -z "$no_osfsia" ; then
772 if test -f /etc/sia/matrix.conf; then
773 AC_MSG_RESULT(yes)
2c06c99b 774 AC_DEFINE(HAVE_OSF_SIA, 1,
775 [Define if you have Digital Unix Security
776 Integration Architecture])
777 AC_DEFINE(DISABLE_LOGIN, 1,
778 [Define if you don't want to use your
779 system's login() call])
6a9b3198 780 AC_DEFINE(DISABLE_FD_PASSING)
3c0ef626 781 LIBS="$LIBS -lsecurity -ldb -lm -laud"
9108f8d9 782 SIA_MSG="yes"
3c0ef626 783 else
784 AC_MSG_RESULT(no)
2c06c99b 785 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
786 [String used in /etc/passwd to denote locked account])
3c0ef626 787 fi
788 fi
0fff78ff 789 AC_DEFINE(BROKEN_GETADDRINFO)
acc3d05e 790 AC_DEFINE(SETEUID_BREAKS_SETUID)
791 AC_DEFINE(BROKEN_SETREUID)
792 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 793 ;;
794
f2f068fa 795*-*-nto-qnx*)
3c0ef626 796 AC_DEFINE(USE_PIPES)
797 AC_DEFINE(NO_X11_UNIX_SOCKETS)
2c06c99b 798 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
799 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
800 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
f2f068fa 801 AC_DEFINE(DISABLE_LASTLOG)
9108f8d9 802 AC_DEFINE(SSHD_ACQUIRES_CTTY)
803 enable_etc_default_login=no # has incompatible /etc/default/login
3c0ef626 804 ;;
665a873d 805
806*-*-ultrix*)
2c06c99b 807 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
808 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
f2f068fa 809 AC_DEFINE(NEED_SETPGRP)
665a873d 810 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
811 ;;
812
813*-*-lynxos)
814 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
2c06c99b 815 AC_DEFINE(MISSING_HOWMANY)
665a873d 816 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
817 ;;
3c0ef626 818esac
819
0fff78ff 820AC_MSG_CHECKING(compiler and flags for sanity)
996d5e62 821AC_RUN_IFELSE(
822 [AC_LANG_SOURCE([
0fff78ff 823#include <stdio.h>
824int main(){exit(0);}
996d5e62 825 ])],
0fff78ff 826 [ AC_MSG_RESULT(yes) ],
827 [
828 AC_MSG_RESULT(no)
829 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
996d5e62 830 ],
831 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
0fff78ff 832)
833
665a873d 834dnl Checks for header files.
3c0ef626 835# Checks for libraries.
836AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
837AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
838
0fff78ff 839dnl IRIX and Solaris 2.5.1 have dirname() in libgen
840AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
841 AC_CHECK_LIB(gen, dirname,[
842 AC_CACHE_CHECK([for broken dirname],
843 ac_cv_have_broken_dirname, [
844 save_LIBS="$LIBS"
845 LIBS="$LIBS -lgen"
2c06c99b 846 AC_RUN_IFELSE(
847 [AC_LANG_SOURCE([[
0fff78ff 848#include <libgen.h>
849#include <string.h>
850
851int main(int argc, char **argv) {
852 char *s, buf[32];
853
854 strncpy(buf,"/etc", 32);
855 s = dirname(buf);
856 if (!s || strncmp(s, "/", 32) != 0) {
857 exit(1);
858 } else {
859 exit(0);
860 }
861}
2c06c99b 862 ]])],
863 [ ac_cv_have_broken_dirname="no" ],
864 [ ac_cv_have_broken_dirname="yes" ],
0fff78ff 865 [ ac_cv_have_broken_dirname="no" ],
0fff78ff 866 )
867 LIBS="$save_LIBS"
868 ])
869 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
870 LIBS="$LIBS -lgen"
871 AC_DEFINE(HAVE_DIRNAME)
872 AC_CHECK_HEADERS(libgen.h)
873 fi
874 ])
875])
876
3c0ef626 877AC_CHECK_FUNC(getspnam, ,
878 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
2c06c99b 879AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
880 [Define if you have the basename function.]))
3c0ef626 881
882dnl zlib is required
883AC_ARG_WITH(zlib,
884 [ --with-zlib=PATH Use zlib in PATH],
dec6d9fe 885 [ if test "x$withval" = "xno" ; then
886 AC_MSG_ERROR([*** zlib is required ***])
887 elif test "x$withval" != "xyes"; then
3c0ef626 888 if test -d "$withval/lib"; then
889 if test -n "${need_dash_r}"; then
890 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
891 else
892 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
893 fi
894 else
895 if test -n "${need_dash_r}"; then
896 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
897 else
898 LDFLAGS="-L${withval} ${LDFLAGS}"
899 fi
900 fi
901 if test -d "$withval/include"; then
902 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
903 else
904 CPPFLAGS="-I${withval} ${CPPFLAGS}"
905 fi
dec6d9fe 906 fi ]
3c0ef626 907)
908
cdd66111 909AC_CHECK_LIB(z, deflate, ,
910 [
911 saved_CPPFLAGS="$CPPFLAGS"
912 saved_LDFLAGS="$LDFLAGS"
913 save_LIBS="$LIBS"
914 dnl Check default zlib install dir
915 if test -n "${need_dash_r}"; then
916 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
917 else
918 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
919 fi
920 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
921 LIBS="$LIBS -lz"
922 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
923 [
924 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
925 ]
926 )
927 ]
928)
929AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
930
931AC_ARG_WITH(zlib-version-check,
932 [ --without-zlib-version-check Disable zlib version check],
933 [ if test "x$withval" = "xno" ; then
934 zlib_check_nonfatal=1
935 fi
936 ]
937)
938
dec6d9fe 939AC_MSG_CHECKING(for possibly buggy zlib)
996d5e62 940AC_RUN_IFELSE([AC_LANG_SOURCE([[
dec6d9fe 941#include <stdio.h>
cdd66111 942#include <zlib.h>
943int main()
944{
dec6d9fe 945 int a=0, b=0, c=0, d=0, n, v;
946 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
947 if (n != 3 && n != 4)
cdd66111 948 exit(1);
dec6d9fe 949 v = a*1000000 + b*10000 + c*100 + d;
950 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
951
952 /* 1.1.4 is OK */
953 if (a == 1 && b == 1 && c >= 4)
cdd66111 954 exit(0);
dec6d9fe 955
665a873d 956 /* 1.2.3 and up are OK */
957 if (v >= 1020300)
dec6d9fe 958 exit(0);
959
cdd66111 960 exit(2);
961}
996d5e62 962 ]])],
dec6d9fe 963 AC_MSG_RESULT(no),
964 [ AC_MSG_RESULT(yes)
cdd66111 965 if test -z "$zlib_check_nonfatal" ; then
966 AC_MSG_ERROR([*** zlib too old - check config.log ***
967Your reported zlib version has known security problems. It's possible your
968vendor has fixed these problems without changing the version number. If you
969are sure this is the case, you can disable the check by running
970"./configure --without-zlib-version-check".
665a873d 971If you are in doubt, upgrade zlib to version 1.2.3 or greater.
dec6d9fe 972See http://www.gzip.org/zlib/ for details.])
cdd66111 973 else
974 AC_MSG_WARN([zlib version may have security problems])
975 fi
996d5e62 976 ],
977 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
cdd66111 978)
3c0ef626 979
3c0ef626 980dnl UnixWare 2.x
cdd66111 981AC_CHECK_FUNC(strcasecmp,
3c0ef626 982 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
983)
2c06c99b 984AC_CHECK_FUNCS(utimes,
41b2f314 985 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
986 LIBS="$LIBS -lc89"]) ]
3c0ef626 987)
988
989dnl Checks for libutil functions
990AC_CHECK_HEADERS(libutil.h)
2c06c99b 991AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
992 [Define if your libraries define login()])])
3c0ef626 993AC_CHECK_FUNCS(logout updwtmp logwtmp)
994
995AC_FUNC_STRFTIME
996
3c0ef626 997# Check for ALTDIRFUNC glob() extension
998AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
999AC_EGREP_CPP(FOUNDIT,
1000 [
1001 #include <glob.h>
1002 #ifdef GLOB_ALTDIRFUNC
1003 FOUNDIT
1004 #endif
cdd66111 1005 ],
3c0ef626 1006 [
2c06c99b 1007 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1008 [Define if your system glob() function has
1009 the GLOB_ALTDIRFUNC extension])
3c0ef626 1010 AC_MSG_RESULT(yes)
1011 ],
1012 [
1013 AC_MSG_RESULT(no)
1014 ]
1015)
1016
1017# Check for g.gl_matchc glob() extension
1018AC_MSG_CHECKING(for gl_matchc field in glob_t)
9108f8d9 1019AC_TRY_COMPILE(
1020 [ #include <glob.h> ],
1021 [glob_t g; g.gl_matchc = 1;],
cdd66111 1022 [
2c06c99b 1023 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1024 [Define if your system glob() function has
1025 gl_matchc options in glob_t])
cdd66111 1026 AC_MSG_RESULT(yes)
1027 ],
1028 [
1029 AC_MSG_RESULT(no)
1030 ]
3c0ef626 1031)
1032
9108f8d9 1033AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1034
3c0ef626 1035AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
996d5e62 1036AC_RUN_IFELSE(
1037 [AC_LANG_SOURCE([[
3c0ef626 1038#include <sys/types.h>
1039#include <dirent.h>
41b2f314 1040int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
996d5e62 1041 ]])],
cdd66111 1042 [AC_MSG_RESULT(yes)],
3c0ef626 1043 [
1044 AC_MSG_RESULT(no)
2c06c99b 1045 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1046 [Define if your struct dirent expects you to
1047 allocate extra space for d_name])
996d5e62 1048 ],
dec6d9fe 1049 [
996d5e62 1050 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1051 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
3c0ef626 1052 ]
1053)
1054
c9f39d2c 1055AC_MSG_CHECKING([for /proc/pid/fd directory])
1056if test -d "/proc/$$/fd" ; then
2c06c99b 1057 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
c9f39d2c 1058 AC_MSG_RESULT(yes)
1059else
1060 AC_MSG_RESULT(no)
1061fi
1062
3c0ef626 1063# Check whether user wants S/Key support
cdd66111 1064SKEY_MSG="no"
3c0ef626 1065AC_ARG_WITH(skey,
996d5e62 1066 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
3c0ef626 1067 [
1068 if test "x$withval" != "xno" ; then
1069
1070 if test "x$withval" != "xyes" ; then
1071 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1072 LDFLAGS="$LDFLAGS -L${withval}/lib"
1073 fi
1074
2c06c99b 1075 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
3c0ef626 1076 LIBS="-lskey $LIBS"
cdd66111 1077 SKEY_MSG="yes"
dec6d9fe 1078
e9a17296 1079 AC_MSG_CHECKING([for s/key support])
2c06c99b 1080 AC_LINK_IFELSE(
1081 [AC_LANG_SOURCE([[
e9a17296 1082#include <stdio.h>
1083#include <skey.h>
41b2f314 1084int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
2c06c99b 1085 ]])],
e9a17296 1086 [AC_MSG_RESULT(yes)],
3c0ef626 1087 [
e9a17296 1088 AC_MSG_RESULT(no)
3c0ef626 1089 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1090 ])
99be0775 1091 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1092 AC_TRY_COMPILE(
1093 [#include <stdio.h>
1094 #include <skey.h>],
1095 [(void)skeychallenge(NULL,"name","",0);],
1096 [AC_MSG_RESULT(yes)
2c06c99b 1097 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1098 [Define if your skeychallenge()
1099 function takes 4 arguments (NetBSD)])],
99be0775 1100 [AC_MSG_RESULT(no)]
1101 )
3c0ef626 1102 fi
1103 ]
1104)
1105
1106# Check whether user wants TCP wrappers support
1107TCPW_MSG="no"
1108AC_ARG_WITH(tcp-wrappers,
996d5e62 1109 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
3c0ef626 1110 [
1111 if test "x$withval" != "xno" ; then
1112 saved_LIBS="$LIBS"
1113 saved_LDFLAGS="$LDFLAGS"
1114 saved_CPPFLAGS="$CPPFLAGS"
dec6d9fe 1115 if test -n "${withval}" && \
1116 test "x${withval}" != "xyes"; then
3c0ef626 1117 if test -d "${withval}/lib"; then
1118 if test -n "${need_dash_r}"; then
1119 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1120 else
1121 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1122 fi
1123 else
1124 if test -n "${need_dash_r}"; then
1125 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1126 else
1127 LDFLAGS="-L${withval} ${LDFLAGS}"
1128 fi
1129 fi
1130 if test -d "${withval}/include"; then
1131 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1132 else
1133 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1134 fi
1135 fi
e9a17296 1136 LIBWRAP="-lwrap"
1137 LIBS="$LIBWRAP $LIBS"
3c0ef626 1138 AC_MSG_CHECKING(for libwrap)
1139 AC_TRY_LINK(
1140 [
99be0775 1141#include <sys/types.h>
1142#include <sys/socket.h>
1143#include <netinet/in.h>
3c0ef626 1144#include <tcpd.h>
1145 int deny_severity = 0, allow_severity = 0;
1146 ],
1147 [hosts_access(0);],
1148 [
1149 AC_MSG_RESULT(yes)
2c06c99b 1150 AC_DEFINE(LIBWRAP, 1,
1151 [Define if you want
1152 TCP Wrappers support])
e9a17296 1153 AC_SUBST(LIBWRAP)
3c0ef626 1154 TCPW_MSG="yes"
1155 ],
1156 [
1157 AC_MSG_ERROR([*** libwrap missing])
1158 ]
1159 )
e9a17296 1160 LIBS="$saved_LIBS"
3c0ef626 1161 fi
1162 ]
1163)
1164
996d5e62 1165# Check whether user wants libedit support
1166LIBEDIT_MSG="no"
1167AC_ARG_WITH(libedit,
1168 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1169 [ if test "x$withval" != "xno" ; then
dec6d9fe 1170 if test "x$withval" != "xyes"; then
2c06c99b 1171 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1172 if test -n "${need_dash_r}"; then
1173 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1174 else
1175 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1176 fi
dec6d9fe 1177 fi
996d5e62 1178 AC_CHECK_LIB(edit, el_init,
2c06c99b 1179 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
996d5e62 1180 LIBEDIT="-ledit -lcurses"
1181 LIBEDIT_MSG="yes"
1182 AC_SUBST(LIBEDIT)
1183 ],
dec6d9fe 1184 [ AC_MSG_ERROR(libedit not found) ],
1185 [ -lcurses ]
996d5e62 1186 )
665a873d 1187 AC_MSG_CHECKING(if libedit version is compatible)
1188 AC_COMPILE_IFELSE(
1189 [AC_LANG_SOURCE([[
1190#include <histedit.h>
1191int main(void)
1192{
1193 int i = H_SETSIZE;
1194 el_init("", NULL, NULL, NULL);
1195 exit(0);
1196}
1197 ]])],
1198 [ AC_MSG_RESULT(yes) ],
1199 [ AC_MSG_RESULT(no)
1200 AC_MSG_ERROR(libedit version is not compatible) ]
1201 )
996d5e62 1202 fi ]
1203)
1204
1205AUDIT_MODULE=none
1206AC_ARG_WITH(audit,
1207 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1208 [
1209 AC_MSG_CHECKING(for supported audit module)
1210 case "$withval" in
1211 bsm)
1212 AC_MSG_RESULT(bsm)
1213 AUDIT_MODULE=bsm
1214 dnl Checks for headers, libs and functions
1215 AC_CHECK_HEADERS(bsm/audit.h, [],
9108f8d9 1216 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1217 [
1218#ifdef HAVE_TIME_H
1219# include <time.h>
1220#endif
1221 ]
1222)
996d5e62 1223 AC_CHECK_LIB(bsm, getaudit, [],
1224 [AC_MSG_ERROR(BSM enabled and required library not found)])
1225 AC_CHECK_FUNCS(getaudit, [],
1226 [AC_MSG_ERROR(BSM enabled and required function not found)])
1227 # These are optional
1228 AC_CHECK_FUNCS(getaudit_addr)
2c06c99b 1229 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
996d5e62 1230 ;;
1231 debug)
1232 AUDIT_MODULE=debug
1233 AC_MSG_RESULT(debug)
2c06c99b 1234 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
996d5e62 1235 ;;
665a873d 1236 no)
1237 AC_MSG_RESULT(no)
1238 ;;
996d5e62 1239 *)
1240 AC_MSG_ERROR([Unknown audit module $withval])
1241 ;;
1242 esac ]
1243)
1244
6a9b3198 1245dnl Checks for library functions. Please keep in alphabetical order
665a873d 1246AC_CHECK_FUNCS( \
1247 arc4random \
2c06c99b 1248 asprintf \
665a873d 1249 b64_ntop \
1250 __b64_ntop \
1251 b64_pton \
1252 __b64_pton \
1253 bcopy \
1254 bindresvport_sa \
1255 clock \
1256 closefrom \
1257 dirfd \
1258 fchmod \
1259 fchown \
1260 freeaddrinfo \
1261 futimes \
1262 getaddrinfo \
1263 getcwd \
1264 getgrouplist \
1265 getnameinfo \
1266 getopt \
1267 getpeereid \
1268 _getpty \
1269 getrlimit \
1270 getttyent \
1271 glob \
1272 inet_aton \
1273 inet_ntoa \
1274 inet_ntop \
1275 innetgr \
1276 login_getcapbool \
1277 md5_crypt \
1278 memmove \
1279 mkdtemp \
1280 mmap \
1281 ngetaddrinfo \
1282 nsleep \
1283 ogetaddrinfo \
1284 openlog_r \
1285 openpty \
1286 prctl \
1287 pstat \
1288 readpassphrase \
1289 realpath \
1290 recvmsg \
1291 rresvport_af \
1292 sendmsg \
1293 setdtablesize \
1294 setegid \
1295 setenv \
1296 seteuid \
1297 setgroups \
1298 setlogin \
1299 setpcred \
1300 setproctitle \
1301 setregid \
1302 setreuid \
1303 setrlimit \
1304 setsid \
1305 setvbuf \
1306 sigaction \
1307 sigvec \
1308 snprintf \
1309 socketpair \
1310 strdup \
1311 strerror \
1312 strlcat \
1313 strlcpy \
1314 strmode \
1315 strnvis \
1316 strtonum \
1317 strtoll \
1318 strtoul \
1319 sysconf \
1320 tcgetpgrp \
1321 truncate \
1322 unsetenv \
1323 updwtmpx \
2c06c99b 1324 vasprintf \
665a873d 1325 vhangup \
1326 vsnprintf \
1327 waitpid \
6a9b3198 1328)
1329
acc3d05e 1330# IRIX has a const char return value for gai_strerror()
1331AC_CHECK_FUNCS(gai_strerror,[
1332 AC_DEFINE(HAVE_GAI_STRERROR)
1333 AC_TRY_COMPILE([
1334#include <sys/types.h>
1335#include <sys/socket.h>
1336#include <netdb.h>
1337
1338const char *gai_strerror(int);],[
1339char *str;
1340
1341str = gai_strerror(0);],[
1342 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1343 [Define if gai_strerror() returns const char *])])])
1344
2c06c99b 1345AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1346 [Some systems put nanosleep outside of libc]))
6a9b3198 1347
0fff78ff 1348dnl Make sure prototypes are defined for these before using them.
0fff78ff 1349AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
665a873d 1350AC_CHECK_DECL(strsep,
1351 [AC_CHECK_FUNCS(strsep)],
1352 [],
1353 [
1354#ifdef HAVE_STRING_H
1355# include <string.h>
1356#endif
1357 ])
3c0ef626 1358
0fff78ff 1359dnl tcsendbreak might be a macro
1360AC_CHECK_DECL(tcsendbreak,
1361 [AC_DEFINE(HAVE_TCSENDBREAK)],
cdd66111 1362 [AC_CHECK_FUNCS(tcsendbreak)],
0fff78ff 1363 [#include <termios.h>]
1364)
3c0ef626 1365
c9f39d2c 1366AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1367
9108f8d9 1368AC_CHECK_DECLS(SHUT_RD, , ,
1369 [
1370#include <sys/types.h>
1371#include <sys/socket.h>
1372 ])
1373
1374AC_CHECK_DECLS(O_NONBLOCK, , ,
1375 [
1376#include <sys/types.h>
1377#ifdef HAVE_SYS_STAT_H
1378# include <sys/stat.h>
1379#endif
1380#ifdef HAVE_FCNTL_H
1381# include <fcntl.h>
1382#endif
1383 ])
1384
1385AC_CHECK_DECLS(writev, , , [
1386#include <sys/types.h>
1387#include <sys/uio.h>
1388#include <unistd.h>
1389 ])
1390
cdd66111 1391AC_CHECK_FUNCS(setresuid, [
1392 dnl Some platorms have setresuid that isn't implemented, test for this
1393 AC_MSG_CHECKING(if setresuid seems to work)
996d5e62 1394 AC_RUN_IFELSE(
1395 [AC_LANG_SOURCE([[
cdd66111 1396#include <stdlib.h>
1397#include <errno.h>
1398int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
996d5e62 1399 ]])],
cdd66111 1400 [AC_MSG_RESULT(yes)],
2c06c99b 1401 [AC_DEFINE(BROKEN_SETRESUID, 1,
1402 [Define if your setresuid() is broken])
996d5e62 1403 AC_MSG_RESULT(not implemented)],
1404 [AC_MSG_WARN([cross compiling: not checking setresuid])]
cdd66111 1405 )
1406])
1407
1408AC_CHECK_FUNCS(setresgid, [
1409 dnl Some platorms have setresgid that isn't implemented, test for this
1410 AC_MSG_CHECKING(if setresgid seems to work)
996d5e62 1411 AC_RUN_IFELSE(
1412 [AC_LANG_SOURCE([[
cdd66111 1413#include <stdlib.h>
1414#include <errno.h>
1415int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
996d5e62 1416 ]])],
cdd66111 1417 [AC_MSG_RESULT(yes)],
2c06c99b 1418 [AC_DEFINE(BROKEN_SETRESGID, 1,
1419 [Define if your setresgid() is broken])
996d5e62 1420 AC_MSG_RESULT(not implemented)],
1421 [AC_MSG_WARN([cross compiling: not checking setresuid])]
cdd66111 1422 )
1423])
1424
3c0ef626 1425dnl Checks for time functions
1426AC_CHECK_FUNCS(gettimeofday time)
1427dnl Checks for utmp functions
1428AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1429AC_CHECK_FUNCS(utmpname)
1430dnl Checks for utmpx functions
1431AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1432AC_CHECK_FUNCS(setutxent utmpxname)
1433
cdd66111 1434AC_CHECK_FUNC(daemon,
2c06c99b 1435 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1436 [AC_CHECK_LIB(bsd, daemon,
1437 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
3c0ef626 1438)
1439
cdd66111 1440AC_CHECK_FUNC(getpagesize,
2c06c99b 1441 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1442 [Define if your libraries define getpagesize()])],
1443 [AC_CHECK_LIB(ucb, getpagesize,
1444 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
3c0ef626 1445)
1446
1447# Check for broken snprintf
1448if test "x$ac_cv_func_snprintf" = "xyes" ; then
1449 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
996d5e62 1450 AC_RUN_IFELSE(
1451 [AC_LANG_SOURCE([[
3c0ef626 1452#include <stdio.h>
41b2f314 1453int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
996d5e62 1454 ]])],
cdd66111 1455 [AC_MSG_RESULT(yes)],
3c0ef626 1456 [
1457 AC_MSG_RESULT(no)
2c06c99b 1458 AC_DEFINE(BROKEN_SNPRINTF, 1,
1459 [Define if your snprintf is busted])
3c0ef626 1460 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
996d5e62 1461 ],
1462 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
3c0ef626 1463 )
1464fi
1465
2c06c99b 1466# If we don't have a working asprintf, then we strongly depend on vsnprintf
1467# returning the right thing on overflow: the number of characters it tried to
1468# create (as per SUSv3)
1469if test "x$ac_cv_func_asprintf" != "xyes" && \
1470 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1471 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1472 AC_RUN_IFELSE(
1473 [AC_LANG_SOURCE([[
1474#include <sys/types.h>
1475#include <stdio.h>
1476#include <stdarg.h>
1477
1478int x_snprintf(char *str,size_t count,const char *fmt,...)
1479{
1480 size_t ret; va_list ap;
1481 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1482 return ret;
1483}
1484int main(void)
1485{
1486 char x[1];
1487 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1488} ]])],
1489 [AC_MSG_RESULT(yes)],
1490 [
1491 AC_MSG_RESULT(no)
1492 AC_DEFINE(BROKEN_SNPRINTF, 1,
1493 [Define if your snprintf is busted])
1494 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1495 ],
1496 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1497 )
1498fi
1499
1500# On systems where [v]snprintf is broken, but is declared in stdio,
1501# check that the fmt argument is const char * or just char *.
1502# This is only useful for when BROKEN_SNPRINTF
1503AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1504AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1505 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1506 int main(void) { snprintf(0, 0, 0); }
1507 ]])],
1508 [AC_MSG_RESULT(yes)
1509 AC_DEFINE(SNPRINTF_CONST, [const],
1510 [Define as const if snprintf() can declare const char *fmt])],
1511 [AC_MSG_RESULT(no)
1512 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1513
c9f39d2c 1514# Check for missing getpeereid (or equiv) support
1515NO_PEERCHECK=""
1516if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1517 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1518 AC_TRY_COMPILE(
1519 [#include <sys/types.h>
1520 #include <sys/socket.h>],
1521 [int i = SO_PEERCRED;],
dec6d9fe 1522 [ AC_MSG_RESULT(yes)
2c06c99b 1523 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
dec6d9fe 1524 ],
c9f39d2c 1525 [AC_MSG_RESULT(no)
1526 NO_PEERCHECK=1]
1527 )
1528fi
1529
6a9b3198 1530dnl see whether mkstemp() requires XXXXXX
1531if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1532AC_MSG_CHECKING([for (overly) strict mkstemp])
2c06c99b 1533AC_RUN_IFELSE(
1534 [AC_LANG_SOURCE([[
6a9b3198 1535#include <stdlib.h>
1536main() { char template[]="conftest.mkstemp-test";
1537if (mkstemp(template) == -1)
1538 exit(1);
1539unlink(template); exit(0);
1540}
2c06c99b 1541 ]])],
6a9b3198 1542 [
1543 AC_MSG_RESULT(no)
1544 ],
cdd66111 1545 [
6a9b3198 1546 AC_MSG_RESULT(yes)
2c06c99b 1547 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
6a9b3198 1548 ],
1549 [
1550 AC_MSG_RESULT(yes)
1551 AC_DEFINE(HAVE_STRICT_MKSTEMP)
cdd66111 1552 ]
6a9b3198 1553)
1554fi
1555
0fff78ff 1556dnl make sure that openpty does not reacquire controlling terminal
1557if test ! -z "$check_for_openpty_ctty_bug"; then
1558 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
2c06c99b 1559 AC_RUN_IFELSE(
1560 [AC_LANG_SOURCE([[
0fff78ff 1561#include <stdio.h>
1562#include <sys/fcntl.h>
1563#include <sys/types.h>
1564#include <sys/wait.h>
1565
1566int
1567main()
1568{
1569 pid_t pid;
1570 int fd, ptyfd, ttyfd, status;
1571
1572 pid = fork();
1573 if (pid < 0) { /* failed */
1574 exit(1);
1575 } else if (pid > 0) { /* parent */
1576 waitpid(pid, &status, 0);
cdd66111 1577 if (WIFEXITED(status))
0fff78ff 1578 exit(WEXITSTATUS(status));
1579 else
1580 exit(2);
1581 } else { /* child */
1582 close(0); close(1); close(2);
1583 setsid();
1584 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1585 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1586 if (fd >= 0)
1587 exit(3); /* Acquired ctty: broken */
1588 else
1589 exit(0); /* Did not acquire ctty: OK */
1590 }
1591}
2c06c99b 1592 ]])],
0fff78ff 1593 [
1594 AC_MSG_RESULT(yes)
1595 ],
1596 [
1597 AC_MSG_RESULT(no)
1598 AC_DEFINE(SSHD_ACQUIRES_CTTY)
2c06c99b 1599 ],
1600 [
1601 AC_MSG_RESULT(cross-compiling, assuming yes)
0fff78ff 1602 ]
1603 )
1604fi
1605
dec6d9fe 1606if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1607 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
99be0775 1608 AC_MSG_CHECKING(if getaddrinfo seems to work)
2c06c99b 1609 AC_RUN_IFELSE(
1610 [AC_LANG_SOURCE([[
99be0775 1611#include <stdio.h>
1612#include <sys/socket.h>
1613#include <netdb.h>
1614#include <errno.h>
1615#include <netinet/in.h>
1616
1617#define TEST_PORT "2222"
1618
1619int
1620main(void)
1621{
1622 int err, sock;
1623 struct addrinfo *gai_ai, *ai, hints;
1624 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1625
1626 memset(&hints, 0, sizeof(hints));
1627 hints.ai_family = PF_UNSPEC;
1628 hints.ai_socktype = SOCK_STREAM;
1629 hints.ai_flags = AI_PASSIVE;
1630
1631 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1632 if (err != 0) {
1633 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1634 exit(1);
1635 }
1636
1637 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1638 if (ai->ai_family != AF_INET6)
1639 continue;
1640
1641 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1642 sizeof(ntop), strport, sizeof(strport),
1643 NI_NUMERICHOST|NI_NUMERICSERV);
1644
1645 if (err != 0) {
1646 if (err == EAI_SYSTEM)
1647 perror("getnameinfo EAI_SYSTEM");
1648 else
1649 fprintf(stderr, "getnameinfo failed: %s\n",
1650 gai_strerror(err));
1651 exit(2);
1652 }
1653
1654 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1655 if (sock < 0)
1656 perror("socket");
1657 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1658 if (errno == EBADF)
1659 exit(3);
1660 }
1661 }
1662 exit(0);
1663}
2c06c99b 1664 ]])],
99be0775 1665 [
1666 AC_MSG_RESULT(yes)
1667 ],
1668 [
1669 AC_MSG_RESULT(no)
1670 AC_DEFINE(BROKEN_GETADDRINFO)
2c06c99b 1671 ],
1672 [
1673 AC_MSG_RESULT(cross-compiling, assuming yes)
99be0775 1674 ]
1675 )
1676fi
1677
dec6d9fe 1678if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1679 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
996d5e62 1680 AC_MSG_CHECKING(if getaddrinfo seems to work)
2c06c99b 1681 AC_RUN_IFELSE(
1682 [AC_LANG_SOURCE([[
996d5e62 1683#include <stdio.h>
1684#include <sys/socket.h>
1685#include <netdb.h>
1686#include <errno.h>
1687#include <netinet/in.h>
1688
1689#define TEST_PORT "2222"
1690
1691int
1692main(void)
1693{
1694 int err, sock;
1695 struct addrinfo *gai_ai, *ai, hints;
1696 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1697
1698 memset(&hints, 0, sizeof(hints));
1699 hints.ai_family = PF_UNSPEC;
1700 hints.ai_socktype = SOCK_STREAM;
1701 hints.ai_flags = AI_PASSIVE;
1702
1703 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1704 if (err != 0) {
1705 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1706 exit(1);
1707 }
1708
1709 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1710 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1711 continue;
1712
1713 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1714 sizeof(ntop), strport, sizeof(strport),
1715 NI_NUMERICHOST|NI_NUMERICSERV);
1716
1717 if (ai->ai_family == AF_INET && err != 0) {
1718 perror("getnameinfo");
1719 exit(2);
1720 }
1721 }
1722 exit(0);
1723}
2c06c99b 1724 ]])],
996d5e62 1725 [
1726 AC_MSG_RESULT(yes)
2c06c99b 1727 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1728 [Define if you have a getaddrinfo that fails
1729 for the all-zeros IPv6 address])
996d5e62 1730 ],
1731 [
1732 AC_MSG_RESULT(no)
1733 AC_DEFINE(BROKEN_GETADDRINFO)
2c06c99b 1734 ],
9108f8d9 1735 [
2c06c99b 1736 AC_MSG_RESULT(cross-compiling, assuming no)
996d5e62 1737 ]
1738 )
1739fi
1740
1741if test "x$check_for_conflicting_getspnam" = "x1"; then
1742 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1743 AC_COMPILE_IFELSE(
1744 [
1745#include <shadow.h>
1746int main(void) {exit(0);}
1747 ],
1748 [
1749 AC_MSG_RESULT(no)
1750 ],
1751 [
1752 AC_MSG_RESULT(yes)
1753 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1754 [Conflicting defs for getspnam])
1755 ]
1756 )
1757fi
1758
3c0ef626 1759AC_FUNC_GETPGRP
1760
700318f3 1761# Search for OpenSSL
1762saved_CPPFLAGS="$CPPFLAGS"
1763saved_LDFLAGS="$LDFLAGS"
3c0ef626 1764AC_ARG_WITH(ssl-dir,
1765 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1766 [
1767 if test "x$withval" != "xno" ; then
996d5e62 1768 case "$withval" in
1769 # Relative paths
1770 ./*|../*) withval="`pwd`/$withval"
1771 esac
700318f3 1772 if test -d "$withval/lib"; then
1773 if test -n "${need_dash_r}"; then
1774 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1775 else
1776 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
3c0ef626 1777 fi
1778 else
700318f3 1779 if test -n "${need_dash_r}"; then
1780 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1781 else
1782 LDFLAGS="-L${withval} ${LDFLAGS}"
3c0ef626 1783 fi
1784 fi
700318f3 1785 if test -d "$withval/include"; then
1786 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
3c0ef626 1787 else
700318f3 1788 CPPFLAGS="-I${withval} ${CPPFLAGS}"
3c0ef626 1789 fi
1790 fi
700318f3 1791 ]
1792)
cdd66111 1793LIBS="-lcrypto $LIBS"
2c06c99b 1794AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1795 [Define if your ssl headers are included
1796 with #include <openssl/header.h>]),
3c0ef626 1797 [
700318f3 1798 dnl Check default openssl install dir
1799 if test -n "${need_dash_r}"; then
1800 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
3c0ef626 1801 else
700318f3 1802 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
3c0ef626 1803 fi
700318f3 1804 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1805 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1806 [
1807 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1808 ]
1809 )
1810 ]
1811)
1812
41b2f314 1813# Determine OpenSSL header version
1814AC_MSG_CHECKING([OpenSSL header version])
996d5e62 1815AC_RUN_IFELSE(
1816 [AC_LANG_SOURCE([[
41b2f314 1817#include <stdio.h>
1818#include <string.h>
1819#include <openssl/opensslv.h>
1820#define DATA "conftest.sslincver"
1821int main(void) {
cdd66111 1822 FILE *fd;
1823 int rc;
41b2f314 1824
cdd66111 1825 fd = fopen(DATA,"w");
1826 if(fd == NULL)
1827 exit(1);
41b2f314 1828
1829 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1830 exit(1);
1831
1832 exit(0);
1833}
996d5e62 1834 ]])],
41b2f314 1835 [
1836 ssl_header_ver=`cat conftest.sslincver`
1837 AC_MSG_RESULT($ssl_header_ver)
1838 ],
1839 [
1840 AC_MSG_RESULT(not found)
1841 AC_MSG_ERROR(OpenSSL version header not found.)
996d5e62 1842 ],
1843 [
1844 AC_MSG_WARN([cross compiling: not checking])
41b2f314 1845 ]
1846)
1847
1848# Determine OpenSSL library version
1849AC_MSG_CHECKING([OpenSSL library version])
996d5e62 1850AC_RUN_IFELSE(
1851 [AC_LANG_SOURCE([[
41b2f314 1852#include <stdio.h>
1853#include <string.h>
1854#include <openssl/opensslv.h>
1855#include <openssl/crypto.h>
1856#define DATA "conftest.ssllibver"
1857int main(void) {
cdd66111 1858 FILE *fd;
1859 int rc;
41b2f314 1860
cdd66111 1861 fd = fopen(DATA,"w");
1862 if(fd == NULL)
1863 exit(1);
41b2f314 1864
1865 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1866 exit(1);
1867
1868 exit(0);
1869}
996d5e62 1870 ]])],
41b2f314 1871 [
1872 ssl_library_ver=`cat conftest.ssllibver`
1873 AC_MSG_RESULT($ssl_library_ver)
1874 ],
1875 [
1876 AC_MSG_RESULT(not found)
1877 AC_MSG_ERROR(OpenSSL library not found.)
996d5e62 1878 ],
1879 [
1880 AC_MSG_WARN([cross compiling: not checking])
41b2f314 1881 ]
1882)
3c0ef626 1883
e9a17296 1884# Sanity check OpenSSL headers
1885AC_MSG_CHECKING([whether OpenSSL's headers match the library])
996d5e62 1886AC_RUN_IFELSE(
1887 [AC_LANG_SOURCE([[
e9a17296 1888#include <string.h>
1889#include <openssl/opensslv.h>
41b2f314 1890int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
996d5e62 1891 ]])],
e9a17296 1892 [
1893 AC_MSG_RESULT(yes)
1894 ],
1895 [
1896 AC_MSG_RESULT(no)
0fff78ff 1897 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1898Check config.log for details.
1899Also see contrib/findssl.sh for help identifying header/library mismatches.])
996d5e62 1900 ],
1901 [
1902 AC_MSG_WARN([cross compiling: not checking])
e9a17296 1903 ]
1904)
1905
9108f8d9 1906AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1907AC_LINK_IFELSE(
1908 [AC_LANG_SOURCE([[
1909#include <openssl/evp.h>
1910int main(void) { SSLeay_add_all_algorithms(); }
1911 ]])],
1912 [
1913 AC_MSG_RESULT(yes)
1914 ],
1915 [
1916 AC_MSG_RESULT(no)
1917 saved_LIBS="$LIBS"
1918 LIBS="$LIBS -ldl"
1919 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1920 AC_LINK_IFELSE(
1921 [AC_LANG_SOURCE([[
1922#include <openssl/evp.h>
1923int main(void) { SSLeay_add_all_algorithms(); }
1924 ]])],
1925 [
1926 AC_MSG_RESULT(yes)
1927 ],
1928 [
1929 AC_MSG_RESULT(no)
1930 LIBS="$saved_LIBS"
1931 ]
1932 )
1933 ]
1934)
1935
1936AC_ARG_WITH(ssl-engine,
1937 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1938 [ if test "x$withval" != "xno" ; then
1939 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1940 AC_TRY_COMPILE(
1941 [ #include <openssl/engine.h>],
1942 [
ff7ec503 1943ENGINE_load_builtin_engines();ENGINE_register_all_complete();
9108f8d9 1944 ],
1945 [ AC_MSG_RESULT(yes)
1946 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1947 [Enable OpenSSL engine support])
1948 ],
1949 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1950 )
1951 fi ]
1952)
1953
2c06c99b 1954# Check for OpenSSL without EVP_aes_{192,256}_cbc
1955AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
9108f8d9 1956AC_LINK_IFELSE(
2c06c99b 1957 [AC_LANG_SOURCE([[
1958#include <string.h>
1959#include <openssl/evp.h>
f2f068fa 1960int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2c06c99b 1961 ]])],
1962 [
1963 AC_MSG_RESULT(no)
1964 ],
1965 [
1966 AC_MSG_RESULT(yes)
1967 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1968 [libcrypto is missing AES 192 and 256 bit functions])
1969 ]
1970)
1971
cdd66111 1972# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1973# because the system crypt() is more featureful.
1974if test "x$check_for_libcrypt_before" = "x1"; then
1975 AC_CHECK_LIB(crypt, crypt)
1976fi
1977
1978# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1979# version in OpenSSL.
0fff78ff 1980if test "x$check_for_libcrypt_later" = "x1"; then
3c0ef626 1981 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1982fi
1983
9108f8d9 1984# Search for SHA256 support in libc and/or OpenSSL
1985AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1986
665a873d 1987AC_CHECK_LIB(iaf, ia_openinfo)
e9a17296 1988
1989### Configure cryptographic random number support
1990
1991# Check wheter OpenSSL seeds itself
1992AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
996d5e62 1993AC_RUN_IFELSE(
1994 [AC_LANG_SOURCE([[
e9a17296 1995#include <string.h>
1996#include <openssl/rand.h>
41b2f314 1997int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
996d5e62 1998 ]])],
e9a17296 1999 [
2000 OPENSSL_SEEDS_ITSELF=yes
2001 AC_MSG_RESULT(yes)
2002 ],
2003 [
2004 AC_MSG_RESULT(no)
2005 # Default to use of the rand helper if OpenSSL doesn't
2006 # seed itself
2007 USE_RAND_HELPER=yes
996d5e62 2008 ],
2009 [
2010 AC_MSG_WARN([cross compiling: assuming yes])
2011 # This is safe, since all recent OpenSSL versions will
dec6d9fe 2012 # complain at runtime if not seeded correctly.
996d5e62 2013 OPENSSL_SEEDS_ITSELF=yes
e9a17296 2014 ]
2015)
2016
9108f8d9 2017# Check for PAM libs
2018PAM_MSG="no"
2019AC_ARG_WITH(pam,
2020 [ --with-pam Enable PAM support ],
2021 [
2022 if test "x$withval" != "xno" ; then
2023 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2024 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2025 AC_MSG_ERROR([PAM headers not found])
2026 fi
2027
2028 saved_LIBS="$LIBS"
2029 AC_CHECK_LIB(dl, dlopen, , )
2030 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2031 AC_CHECK_FUNCS(pam_getenvlist)
2032 AC_CHECK_FUNCS(pam_putenv)
2033 LIBS="$saved_LIBS"
2034
2035 PAM_MSG="yes"
2036
2037 LIBPAM="-lpam"
2038 AC_DEFINE(USE_PAM, 1,
2039 [Define if you want to enable PAM support])
2040
2041 if test $ac_cv_lib_dl_dlopen = yes; then
2042 case "$LIBS" in
2043 *-ldl*)
2044 # libdl already in LIBS
2045 ;;
2046 *)
2047 LIBPAM="$LIBPAM -ldl"
2048 ;;
2049 esac
2050 fi
2051 AC_SUBST(LIBPAM)
2052 fi
2053 ]
2054)
2055
2056# Check for older PAM
2057if test "x$PAM_MSG" = "xyes" ; then
2058 # Check PAM strerror arguments (old PAM)
2059 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2060 AC_TRY_COMPILE(
2061 [
2062#include <stdlib.h>
2063#if defined(HAVE_SECURITY_PAM_APPL_H)
2064#include <security/pam_appl.h>
2065#elif defined (HAVE_PAM_PAM_APPL_H)
2066#include <pam/pam_appl.h>
2067#endif
2068 ],
2069 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2070 [AC_MSG_RESULT(no)],
2071 [
2072 AC_DEFINE(HAVE_OLD_PAM, 1,
2073 [Define if you have an old version of PAM
2074 which takes only one argument to pam_strerror])
2075 AC_MSG_RESULT(yes)
2076 PAM_MSG="yes (old library)"
2077 ]
2078 )
2079fi
e9a17296 2080
2081# Do we want to force the use of the rand helper?
2082AC_ARG_WITH(rand-helper,
2083 [ --with-rand-helper Use subprocess to gather strong randomness ],
2084 [
2085 if test "x$withval" = "xno" ; then
cdd66111 2086 # Force use of OpenSSL's internal RNG, even if
e9a17296 2087 # the previous test showed it to be unseeded.
2088 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2089 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2090 OPENSSL_SEEDS_ITSELF=yes
2091 USE_RAND_HELPER=""
2092 fi
2093 else
2094 USE_RAND_HELPER=yes
2095 fi
2096 ],
dec6d9fe 2097)
e9a17296 2098
2099# Which randomness source do we use?
dec6d9fe 2100if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
e9a17296 2101 # OpenSSL only
2c06c99b 2102 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2103 [Define if you want OpenSSL's internally seeded PRNG only])
e9a17296 2104 RAND_MSG="OpenSSL internal ONLY"
2105 INSTALL_SSH_RAND_HELPER=""
2106elif test ! -z "$USE_RAND_HELPER" ; then
2107 # install rand helper
2108 RAND_MSG="ssh-rand-helper"
2109 INSTALL_SSH_RAND_HELPER="yes"
2110fi
2111AC_SUBST(INSTALL_SSH_RAND_HELPER)
2112
2113### Configuration of ssh-rand-helper
2114
2115# PRNGD TCP socket
2116AC_ARG_WITH(prngd-port,
2117 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2118 [
2119 case "$withval" in
2120 no)
2121 withval=""
2122 ;;
2123 [[0-9]]*)
2124 ;;
2125 *)
2126 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2127 ;;
2128 esac
2129 if test ! -z "$withval" ; then
2130 PRNGD_PORT="$withval"
2c06c99b 2131 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2132 [Port number of PRNGD/EGD random number socket])
e9a17296 2133 fi
2134 ]
2135)
2136
2137# PRNGD Unix domain socket
2138AC_ARG_WITH(prngd-socket,
2139 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2140 [
2141 case "$withval" in
2142 yes)
2143 withval="/var/run/egd-pool"
2144 ;;
2145 no)
2146 withval=""
2147 ;;
2148 /*)
2149 ;;
2150 *)
2151 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2152 ;;
2153 esac
2154
2155 if test ! -z "$withval" ; then
2156 if test ! -z "$PRNGD_PORT" ; then
2157 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2158 fi
2159 if test ! -r "$withval" ; then
2160 AC_MSG_WARN(Entropy socket is not readable)
2161 fi
2162 PRNGD_SOCKET="$withval"
2c06c99b 2163 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2164 [Location of PRNGD/EGD random number socket])
e9a17296 2165 fi
2166 ],
2167 [
2168 # Check for existing socket only if we don't have a random device already
2169 if test "$USE_RAND_HELPER" = yes ; then
2170 AC_MSG_CHECKING(for PRNGD/EGD socket)
2171 # Insert other locations here
2172 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2173 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2174 PRNGD_SOCKET="$sock"
2175 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2176 break;
2177 fi
2178 done
2179 if test ! -z "$PRNGD_SOCKET" ; then
2180 AC_MSG_RESULT($PRNGD_SOCKET)
2181 else
2182 AC_MSG_RESULT(not found)
2183 fi
2184 fi
2185 ]
2186)
2187
2188# Change default command timeout for hashing entropy source
2189entropy_timeout=200
2190AC_ARG_WITH(entropy-timeout,
2191 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2192 [
dec6d9fe 2193 if test -n "$withval" && test "x$withval" != "xno" && \
2194 test "x${withval}" != "xyes"; then
e9a17296 2195 entropy_timeout=$withval
2196 fi
dec6d9fe 2197 ]
e9a17296 2198)
2c06c99b 2199AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2200 [Builtin PRNG command timeout])
e9a17296 2201
680cee3b 2202SSH_PRIVSEP_USER=sshd
700318f3 2203AC_ARG_WITH(privsep-user,
2204 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2205 [
dec6d9fe 2206 if test -n "$withval" && test "x$withval" != "xno" && \
2207 test "x${withval}" != "xyes"; then
680cee3b 2208 SSH_PRIVSEP_USER=$withval
700318f3 2209 fi
dec6d9fe 2210 ]
700318f3 2211)
2c06c99b 2212AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2213 [non-privileged user for privilege separation])
680cee3b 2214AC_SUBST(SSH_PRIVSEP_USER)
700318f3 2215
2216# We do this little dance with the search path to insure
2217# that programs that we select for use by installed programs
2218# (which may be run by the super-user) come from trusted
2219# locations before they come from the user's private area.
2220# This should help avoid accidentally configuring some
2221# random version of a program in someone's personal bin.
2222
2223OPATH=$PATH
2224PATH=/bin:/usr/bin
2225test -h /bin 2> /dev/null && PATH=/usr/bin
2226test -d /sbin && PATH=$PATH:/sbin
2227test -d /usr/sbin && PATH=$PATH:/usr/sbin
2228PATH=$PATH:/etc:$OPATH
2229
cdd66111 2230# These programs are used by the command hashing source to gather entropy
e9a17296 2231OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2232OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2233OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2234OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2235OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2236OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2237OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2238OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2239OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2240OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2241OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2242OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2243OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2244OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2245OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2246OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
700318f3 2247# restore PATH
2248PATH=$OPATH
e9a17296 2249
2250# Where does ssh-rand-helper get its randomness from?
2251INSTALL_SSH_PRNG_CMDS=""
2252if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2253 if test ! -z "$PRNGD_PORT" ; then
2254 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2255 elif test ! -z "$PRNGD_SOCKET" ; then
2256 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2257 else
2258 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2259 RAND_HELPER_CMDHASH=yes
2260 INSTALL_SSH_PRNG_CMDS="yes"
2261 fi
2262fi
2263AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2264
2265
3c0ef626 2266# Cheap hack to ensure NEWS-OS libraries are arranged right.
2267if test ! -z "$SONY" ; then
2268 LIBS="$LIBS -liberty";
2269fi
2270
2c06c99b 2271# Check for long long datatypes
2272AC_CHECK_TYPES([long long, unsigned long long, long double])
2273
2274# Check datatype sizes
3c0ef626 2275AC_CHECK_SIZEOF(char, 1)
2276AC_CHECK_SIZEOF(short int, 2)
2277AC_CHECK_SIZEOF(int, 4)
2278AC_CHECK_SIZEOF(long int, 4)
2279AC_CHECK_SIZEOF(long long int, 8)
2280
700318f3 2281# Sanity check long long for some platforms (AIX)
2282if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2283 ac_cv_sizeof_long_long_int=0
2284fi
2285
2c06c99b 2286# compute LLONG_MIN and LLONG_MAX if we don't know them.
2287if test -z "$have_llong_max"; then
2288 AC_MSG_CHECKING([for max value of long long])
2289 AC_RUN_IFELSE(
2290 [AC_LANG_SOURCE([[
2291#include <stdio.h>
2292/* Why is this so damn hard? */
2293#ifdef __GNUC__
2294# undef __GNUC__
2295#endif
2296#define __USE_ISOC99
2297#include <limits.h>
2298#define DATA "conftest.llminmax"
9108f8d9 2299#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2300
2301/*
2302 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2303 * we do this the hard way.
2304 */
2305static int
2306fprint_ll(FILE *f, long long n)
2307{
2308 unsigned int i;
2309 int l[sizeof(long long) * 8];
2310
2311 if (n < 0)
2312 if (fprintf(f, "-") < 0)
2313 return -1;
2314 for (i = 0; n != 0; i++) {
2315 l[i] = my_abs(n % 10);
2316 n /= 10;
2317 }
2318 do {
2319 if (fprintf(f, "%d", l[--i]) < 0)
2320 return -1;
2321 } while (i != 0);
2322 if (fprintf(f, " ") < 0)
2323 return -1;
2324 return 0;
2325}
2326
2c06c99b 2327int main(void) {
2328 FILE *f;
2329 long long i, llmin, llmax = 0;
2330
2331 if((f = fopen(DATA,"w")) == NULL)
2332 exit(1);
2333
2334#if defined(LLONG_MIN) && defined(LLONG_MAX)
2335 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2336 llmin = LLONG_MIN;
2337 llmax = LLONG_MAX;
2338#else
2339 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2340 /* This will work on one's complement and two's complement */
2341 for (i = 1; i > llmax; i <<= 1, i++)
2342 llmax = i;
2343 llmin = llmax + 1LL; /* wrap */
2344#endif
2345
2346 /* Sanity check */
2347 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
9108f8d9 2348 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2349 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2c06c99b 2350 fprintf(f, "unknown unknown\n");
2351 exit(2);
2352 }
2353
9108f8d9 2354 if (fprint_ll(f, llmin) < 0)
2c06c99b 2355 exit(3);
9108f8d9 2356 if (fprint_ll(f, llmax) < 0)
2357 exit(4);
2358 if (fclose(f) < 0)
2359 exit(5);
2c06c99b 2360 exit(0);
2361}
2362 ]])],
2363 [
2364 llong_min=`$AWK '{print $1}' conftest.llminmax`
2365 llong_max=`$AWK '{print $2}' conftest.llminmax`
2366
2c06c99b 2367 AC_MSG_RESULT($llong_max)
2368 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2369 [max value of long long calculated by configure])
2370 AC_MSG_CHECKING([for min value of long long])
2371 AC_MSG_RESULT($llong_min)
2372 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2373 [min value of long long calculated by configure])
2374 ],
2375 [
2376 AC_MSG_RESULT(not found)
2377 ],
2378 [
2379 AC_MSG_WARN([cross compiling: not checking])
2380 ]
2381 )
2382fi
2383
2384
3c0ef626 2385# More checks for data types
2386AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2387 AC_TRY_COMPILE(
cdd66111 2388 [ #include <sys/types.h> ],
2389 [ u_int a; a = 1;],
3c0ef626 2390 [ ac_cv_have_u_int="yes" ],
2391 [ ac_cv_have_u_int="no" ]
2392 )
2393])
2394if test "x$ac_cv_have_u_int" = "xyes" ; then
2c06c99b 2395 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
3c0ef626 2396 have_u_int=1
2397fi
2398
2399AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2400 AC_TRY_COMPILE(
cdd66111 2401 [ #include <sys/types.h> ],
2402 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
3c0ef626 2403 [ ac_cv_have_intxx_t="yes" ],
2404 [ ac_cv_have_intxx_t="no" ]
2405 )
2406])
2407if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2c06c99b 2408 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
3c0ef626 2409 have_intxx_t=1
2410fi
2411
2412if (test -z "$have_intxx_t" && \
cdd66111 2413 test "x$ac_cv_header_stdint_h" = "xyes")
3c0ef626 2414then
2415 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2416 AC_TRY_COMPILE(
cdd66111 2417 [ #include <stdint.h> ],
2418 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
3c0ef626 2419 [
2420 AC_DEFINE(HAVE_INTXX_T)
2421 AC_MSG_RESULT(yes)
2422 ],
2423 [ AC_MSG_RESULT(no) ]
2424 )
2425fi
2426
2427AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2428 AC_TRY_COMPILE(
41b2f314 2429 [
2430#include <sys/types.h>
2431#ifdef HAVE_STDINT_H
2432# include <stdint.h>
2433#endif
2434#include <sys/socket.h>
2435#ifdef HAVE_SYS_BITYPES_H
2436# include <sys/bitypes.h>
2437#endif
cdd66111 2438 ],
2439 [ int64_t a; a = 1;],
3c0ef626 2440 [ ac_cv_have_int64_t="yes" ],
2441 [ ac_cv_have_int64_t="no" ]
2442 )
2443])
2444if test "x$ac_cv_have_int64_t" = "xyes" ; then
2c06c99b 2445 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
e9a17296 2446fi
2447
3c0ef626 2448AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2449 AC_TRY_COMPILE(
cdd66111 2450 [ #include <sys/types.h> ],
2451 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
3c0ef626 2452 [ ac_cv_have_u_intxx_t="yes" ],
2453 [ ac_cv_have_u_intxx_t="no" ]
2454 )
2455])
2456if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2c06c99b 2457 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
3c0ef626 2458 have_u_intxx_t=1
2459fi
2460
2461if test -z "$have_u_intxx_t" ; then
2462 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2463 AC_TRY_COMPILE(
cdd66111 2464 [ #include <sys/socket.h> ],
2465 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
3c0ef626 2466 [
2467 AC_DEFINE(HAVE_U_INTXX_T)
2468 AC_MSG_RESULT(yes)
2469 ],
2470 [ AC_MSG_RESULT(no) ]
2471 )
2472fi
2473
2474AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2475 AC_TRY_COMPILE(
cdd66111 2476 [ #include <sys/types.h> ],
2477 [ u_int64_t a; a = 1;],
3c0ef626 2478 [ ac_cv_have_u_int64_t="yes" ],
2479 [ ac_cv_have_u_int64_t="no" ]
2480 )
2481])
2482if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2c06c99b 2483 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
3c0ef626 2484 have_u_int64_t=1
2485fi
2486
e9a17296 2487if test -z "$have_u_int64_t" ; then
2488 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2489 AC_TRY_COMPILE(
cdd66111 2490 [ #include <sys/bitypes.h> ],
e9a17296 2491 [ u_int64_t a; a = 1],
2492 [
2493 AC_DEFINE(HAVE_U_INT64_T)
2494 AC_MSG_RESULT(yes)
2495 ],
2496 [ AC_MSG_RESULT(no) ]
2497 )
2498fi
2499
3c0ef626 2500if test -z "$have_u_intxx_t" ; then
2501 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2502 AC_TRY_COMPILE(
2503 [
2504#include <sys/types.h>
cdd66111 2505 ],
2506 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
3c0ef626 2507 [ ac_cv_have_uintxx_t="yes" ],
2508 [ ac_cv_have_uintxx_t="no" ]
2509 )
2510 ])
2511 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2c06c99b 2512 AC_DEFINE(HAVE_UINTXX_T, 1,
2513 [define if you have uintxx_t data type])
3c0ef626 2514 fi
2515fi
2516
2517if test -z "$have_uintxx_t" ; then
2518 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2519 AC_TRY_COMPILE(
cdd66111 2520 [ #include <stdint.h> ],
2521 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
3c0ef626 2522 [
2523 AC_DEFINE(HAVE_UINTXX_T)
2524 AC_MSG_RESULT(yes)
2525 ],
2526 [ AC_MSG_RESULT(no) ]
2527 )
2528fi
2529
2530if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
cdd66111 2531 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3c0ef626 2532then
2533 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2534 AC_TRY_COMPILE(
2535 [
2536#include <sys/bitypes.h>
cdd66111 2537 ],
3c0ef626 2538 [
2539 int8_t a; int16_t b; int32_t c;
2540 u_int8_t e; u_int16_t f; u_int32_t g;
2541 a = b = c = e = f = g = 1;
cdd66111 2542 ],
3c0ef626 2543 [
2544 AC_DEFINE(HAVE_U_INTXX_T)
2545 AC_DEFINE(HAVE_INTXX_T)
2546 AC_MSG_RESULT(yes)
2547 ],
2548 [AC_MSG_RESULT(no)]
cdd66111 2549 )
3c0ef626 2550fi
2551
2552
2553AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2554 AC_TRY_COMPILE(
2555 [
2556#include <sys/types.h>
2557 ],
2558 [ u_char foo; foo = 125; ],
2559 [ ac_cv_have_u_char="yes" ],
2560 [ ac_cv_have_u_char="no" ]
2561 )
2562])
2563if test "x$ac_cv_have_u_char" = "xyes" ; then
2c06c99b 2564 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
3c0ef626 2565fi
2566
2567TYPE_SOCKLEN_T
2568
e9a17296 2569AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2570
996d5e62 2571AC_CHECK_TYPES(in_addr_t,,,
2572[#include <sys/types.h>
2573#include <netinet/in.h>])
2574
3c0ef626 2575AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2576 AC_TRY_COMPILE(
2577 [
2578#include <sys/types.h>
2579 ],
2580 [ size_t foo; foo = 1235; ],
2581 [ ac_cv_have_size_t="yes" ],
2582 [ ac_cv_have_size_t="no" ]
2583 )
2584])
2585if test "x$ac_cv_have_size_t" = "xyes" ; then
2c06c99b 2586 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
3c0ef626 2587fi
2588
2589AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2590 AC_TRY_COMPILE(
2591 [
2592#include <sys/types.h>
2593 ],
2594 [ ssize_t foo; foo = 1235; ],
2595 [ ac_cv_have_ssize_t="yes" ],
2596 [ ac_cv_have_ssize_t="no" ]
2597 )
2598])
2599if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2c06c99b 2600 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
3c0ef626 2601fi
2602
2603AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2604 AC_TRY_COMPILE(
2605 [
2606#include <time.h>
2607 ],
2608 [ clock_t foo; foo = 1235; ],
2609 [ ac_cv_have_clock_t="yes" ],
2610 [ ac_cv_have_clock_t="no" ]
2611 )
2612])
2613if test "x$ac_cv_have_clock_t" = "xyes" ; then
2c06c99b 2614 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
3c0ef626 2615fi
2616
2617AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2618 AC_TRY_COMPILE(
2619 [
2620#include <sys/types.h>
2621#include <sys/socket.h>
2622 ],
2623 [ sa_family_t foo; foo = 1235; ],
2624 [ ac_cv_have_sa_family_t="yes" ],
2625 [ AC_TRY_COMPILE(
2626 [
2627#include <sys/types.h>
2628#include <sys/socket.h>
2629#include <netinet/in.h>
2630 ],
2631 [ sa_family_t foo; foo = 1235; ],
2632 [ ac_cv_have_sa_family_t="yes" ],
2633
2634 [ ac_cv_have_sa_family_t="no" ]
2635 )]
2636 )
2637])
2638if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2c06c99b 2639 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2640 [define if you have sa_family_t data type])
3c0ef626 2641fi
2642
2643AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2644 AC_TRY_COMPILE(
2645 [
2646#include <sys/types.h>
2647 ],
2648 [ pid_t foo; foo = 1235; ],
2649 [ ac_cv_have_pid_t="yes" ],
2650 [ ac_cv_have_pid_t="no" ]
2651 )
2652])
2653if test "x$ac_cv_have_pid_t" = "xyes" ; then
2c06c99b 2654 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
3c0ef626 2655fi
2656
2657AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2658 AC_TRY_COMPILE(
2659 [
2660#include <sys/types.h>
2661 ],
2662 [ mode_t foo; foo = 1235; ],
2663 [ ac_cv_have_mode_t="yes" ],
2664 [ ac_cv_have_mode_t="no" ]
2665 )
2666])
2667if test "x$ac_cv_have_mode_t" = "xyes" ; then
2c06c99b 2668 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
3c0ef626 2669fi
2670
2671
2672AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2673 AC_TRY_COMPILE(
2674 [
2675#include <sys/types.h>
2676#include <sys/socket.h>
2677 ],
2678 [ struct sockaddr_storage s; ],
2679 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2680 [ ac_cv_have_struct_sockaddr_storage="no" ]
2681 )
2682])
2683if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2c06c99b 2684 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2685 [define if you have struct sockaddr_storage data type])
3c0ef626 2686fi
2687
2688AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2689 AC_TRY_COMPILE(
2690 [
2691#include <sys/types.h>
2692#include <netinet/in.h>
2693 ],
2694 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2695 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2696 [ ac_cv_have_struct_sockaddr_in6="no" ]
2697 )
2698])
2699if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2c06c99b 2700 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2701 [define if you have struct sockaddr_in6 data type])
3c0ef626 2702fi
2703
2704AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2705 AC_TRY_COMPILE(
2706 [
2707#include <sys/types.h>
2708#include <netinet/in.h>
2709 ],
2710 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2711 [ ac_cv_have_struct_in6_addr="yes" ],
2712 [ ac_cv_have_struct_in6_addr="no" ]
2713 )
2714])
2715if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2c06c99b 2716 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2717 [define if you have struct in6_addr data type])
3c0ef626 2718fi
2719
2720AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2721 AC_TRY_COMPILE(
2722 [
2723#include <sys/types.h>
2724#include <sys/socket.h>
2725#include <netdb.h>
2726 ],
2727 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2728 [ ac_cv_have_struct_addrinfo="yes" ],
2729 [ ac_cv_have_struct_addrinfo="no" ]
2730 )
2731])
2732if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2c06c99b 2733 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2734 [define if you have struct addrinfo data type])
3c0ef626 2735fi
2736
2737AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2738 AC_TRY_COMPILE(
cdd66111 2739 [ #include <sys/time.h> ],
2740 [ struct timeval tv; tv.tv_sec = 1;],
3c0ef626 2741 [ ac_cv_have_struct_timeval="yes" ],
2742 [ ac_cv_have_struct_timeval="no" ]
2743 )
2744])
2745if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2c06c99b 2746 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3c0ef626 2747 have_struct_timeval=1
2748fi
2749
6a9b3198 2750AC_CHECK_TYPES(struct timespec)
2751
2752# We need int64_t or else certian parts of the compile will fail.
dec6d9fe 2753if test "x$ac_cv_have_int64_t" = "xno" && \
2754 test "x$ac_cv_sizeof_long_int" != "x8" && \
2755 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
6a9b3198 2756 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2757 echo "an alternative compiler (I.E., GCC) before continuing."
2758 echo ""
2759 exit 1;
3c0ef626 2760else
2761dnl test snprintf (broken on SCO w/gcc)
996d5e62 2762 AC_RUN_IFELSE(
2763 [AC_LANG_SOURCE([[
3c0ef626 2764#include <stdio.h>
2765#include <string.h>
2766#ifdef HAVE_SNPRINTF
2767main()
2768{
2769 char buf[50];
2770 char expected_out[50];
2771 int mazsize = 50 ;
2772#if (SIZEOF_LONG_INT == 8)
2773 long int num = 0x7fffffffffffffff;
2774#else
2775 long long num = 0x7fffffffffffffffll;
2776#endif
2777 strcpy(expected_out, "9223372036854775807");
2778 snprintf(buf, mazsize, "%lld", num);
2779 if(strcmp(buf, expected_out) != 0)
cdd66111 2780 exit(1);
3c0ef626 2781 exit(0);
2782}
2783#else
2784main() { exit(0); }
2785#endif
996d5e62 2786 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2787 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3c0ef626 2788 )
2789fi
3c0ef626 2790
2791dnl Checks for structure members
2792OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2793OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2794OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2795OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2796OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2797OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2798OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2799OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2800OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2801OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2802OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2803OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2804OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2805OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2806OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2807OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2808OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2809
2810AC_CHECK_MEMBERS([struct stat.st_blksize])
2c06c99b 2811AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2812 [Define if we don't have struct __res_state in resolv.h])],
2813[
2814#include <stdio.h>
2815#if HAVE_SYS_TYPES_H
2816# include <sys/types.h>
2817#endif
2818#include <netinet/in.h>
2819#include <arpa/nameser.h>
2820#include <resolv.h>
2821])
3c0ef626 2822
2823AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2824 ac_cv_have_ss_family_in_struct_ss, [
2825 AC_TRY_COMPILE(
2826 [
2827#include <sys/types.h>
2828#include <sys/socket.h>
2829 ],
2830 [ struct sockaddr_storage s; s.ss_family = 1; ],
2831 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2832 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2833 )
2834])
2835if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2c06c99b 2836 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3c0ef626 2837fi
2838
2839AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2840 ac_cv_have___ss_family_in_struct_ss, [
2841 AC_TRY_COMPILE(
2842 [
2843#include <sys/types.h>
2844#include <sys/socket.h>
2845 ],
2846 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2847 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2848 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2849 )
2850])
2851if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2c06c99b 2852 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2853 [Fields in struct sockaddr_storage])
3c0ef626 2854fi
2855
2856AC_CACHE_CHECK([for pw_class field in struct passwd],
2857 ac_cv_have_pw_class_in_struct_passwd, [
2858 AC_TRY_COMPILE(
2859 [
2860#include <pwd.h>
2861 ],
2862 [ struct passwd p; p.pw_class = 0; ],
2863 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2864 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2865 )
2866])
2867if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2c06c99b 2868 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2869 [Define if your password has a pw_class field])
3c0ef626 2870fi
2871
2872AC_CACHE_CHECK([for pw_expire field in struct passwd],
2873 ac_cv_have_pw_expire_in_struct_passwd, [
2874 AC_TRY_COMPILE(
2875 [
2876#include <pwd.h>
2877 ],
2878 [ struct passwd p; p.pw_expire = 0; ],
2879 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2880 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2881 )
2882])
2883if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2c06c99b 2884 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2885 [Define if your password has a pw_expire field])
3c0ef626 2886fi
2887
2888AC_CACHE_CHECK([for pw_change field in struct passwd],
2889 ac_cv_have_pw_change_in_struct_passwd, [
2890 AC_TRY_COMPILE(
2891 [
2892#include <pwd.h>
2893 ],
2894 [ struct passwd p; p.pw_change = 0; ],
2895 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2896 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2897 )
2898])
2899if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2c06c99b 2900 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2901 [Define if your password has a pw_change field])
3c0ef626 2902fi
2903
fba3c309 2904dnl make sure we're using the real structure members and not defines
700318f3 2905AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2906 ac_cv_have_accrights_in_msghdr, [
996d5e62 2907 AC_COMPILE_IFELSE(
700318f3 2908 [
2909#include <sys/types.h>
2910#include <sys/socket.h>
2911#include <sys/uio.h>
fba3c309 2912int main() {
2913#ifdef msg_accrights
996d5e62 2914#error "msg_accrights is a macro"
fba3c309 2915exit(1);
2916#endif
2917struct msghdr m;
2918m.msg_accrights = 0;
2919exit(0);
2920}
700318f3 2921 ],
700318f3 2922 [ ac_cv_have_accrights_in_msghdr="yes" ],
2923 [ ac_cv_have_accrights_in_msghdr="no" ]
2924 )
2925])
2926if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2c06c99b 2927 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2928 [Define if your system uses access rights style
2929 file descriptor passing])
700318f3 2930fi
2931
2932AC_CACHE_CHECK([for msg_control field in struct msghdr],
2933 ac_cv_have_control_in_msghdr, [
996d5e62 2934 AC_COMPILE_IFELSE(
700318f3 2935 [
2936#include <sys/types.h>
2937#include <sys/socket.h>
2938#include <sys/uio.h>
fba3c309 2939int main() {
2940#ifdef msg_control
996d5e62 2941#error "msg_control is a macro"
fba3c309 2942exit(1);
2943#endif
2944struct msghdr m;
2945m.msg_control = 0;
2946exit(0);
2947}
700318f3 2948 ],
700318f3 2949 [ ac_cv_have_control_in_msghdr="yes" ],
2950 [ ac_cv_have_control_in_msghdr="no" ]
2951 )
2952])
2953if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2c06c99b 2954 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2955 [Define if your system uses ancillary data style
2956 file descriptor passing])
700318f3 2957fi
2958
3c0ef626 2959AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
cdd66111 2960 AC_TRY_LINK([],
2961 [ extern char *__progname; printf("%s", __progname); ],
3c0ef626 2962 [ ac_cv_libc_defines___progname="yes" ],
2963 [ ac_cv_libc_defines___progname="no" ]
2964 )
2965])
2966if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2c06c99b 2967 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3c0ef626 2968fi
2969
700318f3 2970AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2971 AC_TRY_LINK([
2972#include <stdio.h>
cdd66111 2973],
2974 [ printf("%s", __FUNCTION__); ],
700318f3 2975 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2976 [ ac_cv_cc_implements___FUNCTION__="no" ]
2977 )
2978])
2979if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2c06c99b 2980 AC_DEFINE(HAVE___FUNCTION__, 1,
2981 [Define if compiler implements __FUNCTION__])
700318f3 2982fi
2983
2984AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2985 AC_TRY_LINK([
2986#include <stdio.h>
cdd66111 2987],
2988 [ printf("%s", __func__); ],
700318f3 2989 [ ac_cv_cc_implements___func__="yes" ],
2990 [ ac_cv_cc_implements___func__="no" ]
2991 )
2992])
2993if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2c06c99b 2994 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2995fi
2996
2997AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2998 AC_TRY_LINK(
2999 [#include <stdarg.h>
3000 va_list x,y;],
3001 [va_copy(x,y);],
3002 [ ac_cv_have_va_copy="yes" ],
3003 [ ac_cv_have_va_copy="no" ]
3004 )
3005])
3006if test "x$ac_cv_have_va_copy" = "xyes" ; then
3007 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3008fi
3009
3010AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3011 AC_TRY_LINK(
3012 [#include <stdarg.h>
3013 va_list x,y;],
3014 [__va_copy(x,y);],
3015 [ ac_cv_have___va_copy="yes" ],
3016 [ ac_cv_have___va_copy="no" ]
3017 )
3018])
3019if test "x$ac_cv_have___va_copy" = "xyes" ; then
3020 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
700318f3 3021fi
3022
3c0ef626 3023AC_CACHE_CHECK([whether getopt has optreset support],
3024 ac_cv_have_getopt_optreset, [
3025 AC_TRY_LINK(
3026 [
3027#include <getopt.h>
3028 ],
3029 [ extern int optreset; optreset = 0; ],
3030 [ ac_cv_have_getopt_optreset="yes" ],
3031 [ ac_cv_have_getopt_optreset="no" ]
3032 )
3033])
3034if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2c06c99b 3035 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3036 [Define if your getopt(3) defines and uses optreset])
3c0ef626 3037fi
3038
3039AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
cdd66111 3040 AC_TRY_LINK([],
3041 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3c0ef626 3042 [ ac_cv_libc_defines_sys_errlist="yes" ],
3043 [ ac_cv_libc_defines_sys_errlist="no" ]
3044 )
3045])
3046if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2c06c99b 3047 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3048 [Define if your system defines sys_errlist[]])
3c0ef626 3049fi
3050
3051
3052AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
cdd66111 3053 AC_TRY_LINK([],
3054 [ extern int sys_nerr; printf("%i", sys_nerr);],
3c0ef626 3055 [ ac_cv_libc_defines_sys_nerr="yes" ],
3056 [ ac_cv_libc_defines_sys_nerr="no" ]
3057 )
3058])
3059if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2c06c99b 3060 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3c0ef626 3061fi
3062
cdd66111 3063SCARD_MSG="no"
700318f3 3064# Check whether user wants sectok support
3065AC_ARG_WITH(sectok,
3066 [ --with-sectok Enable smartcard support using libsectok],
3c0ef626 3067 [
3068 if test "x$withval" != "xno" ; then
3069 if test "x$withval" != "xyes" ; then
3070 CPPFLAGS="$CPPFLAGS -I${withval}"
3071 LDFLAGS="$LDFLAGS -L${withval}"
3072 if test ! -z "$need_dash_r" ; then
3073 LDFLAGS="$LDFLAGS -R${withval}"
3074 fi
3075 if test ! -z "$blibpath" ; then
3076 blibpath="$blibpath:${withval}"
3077 fi
3078 fi
3079 AC_CHECK_HEADERS(sectok.h)
3080 if test "$ac_cv_header_sectok_h" != yes; then
3081 AC_MSG_ERROR(Can't find sectok.h)
3082 fi
3083 AC_CHECK_LIB(sectok, sectok_open)
3084 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3085 AC_MSG_ERROR(Can't find libsectok)
3086 fi
2c06c99b 3087 AC_DEFINE(SMARTCARD, 1,
3088 [Define if you want smartcard support])
3089 AC_DEFINE(USE_SECTOK, 1,
3090 [Define if you want smartcard support
3091 using sectok])
cdd66111 3092 SCARD_MSG="yes, using sectok"
3c0ef626 3093 fi
3094 ]
3095)
3096
700318f3 3097# Check whether user wants OpenSC support
dec6d9fe 3098OPENSC_CONFIG="no"
700318f3 3099AC_ARG_WITH(opensc,
2c06c99b 3100 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
dec6d9fe 3101 [
3102 if test "x$withval" != "xno" ; then
3103 if test "x$withval" != "xyes" ; then
3104 OPENSC_CONFIG=$withval/bin/opensc-config
3105 else
3106 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3107 fi
3108 if test "$OPENSC_CONFIG" != "no"; then
3109 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3110 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3111 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
9108f8d9 3112 LIBS="$LIBS $LIBOPENSC_LIBS"
dec6d9fe 3113 AC_DEFINE(SMARTCARD)
2c06c99b 3114 AC_DEFINE(USE_OPENSC, 1,
3115 [Define if you want smartcard support
3116 using OpenSC])
dec6d9fe 3117 SCARD_MSG="yes, using OpenSC"
3118 fi
3119 fi
3120 ]
3121)
700318f3 3122
cdd66111 3123# Check libraries needed by DNS fingerprint support
3124AC_SEARCH_LIBS(getrrsetbyname, resolv,
2c06c99b 3125 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3126 [Define if getrrsetbyname() exists])],
0fff78ff 3127 [
cdd66111 3128 # Needed by our getrrsetbyname()
3129 AC_SEARCH_LIBS(res_query, resolv)
3130 AC_SEARCH_LIBS(dn_expand, resolv)
c9f39d2c 3131 AC_MSG_CHECKING(if res_query will link)
3132 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3133 [AC_MSG_RESULT(no)
3134 saved_LIBS="$LIBS"
3135 LIBS="$LIBS -lresolv"
3136 AC_MSG_CHECKING(for res_query in -lresolv)
3137 AC_LINK_IFELSE([
3138#include <resolv.h>
3139int main()
3140{
3141 res_query (0, 0, 0, 0, 0);
3142 return 0;
3143}
3144 ],
3145 [LIBS="$LIBS -lresolv"
3146 AC_MSG_RESULT(yes)],
3147 [LIBS="$saved_LIBS"
3148 AC_MSG_RESULT(no)])
3149 ])
cdd66111 3150 AC_CHECK_FUNCS(_getshort _getlong)
665a873d 3151 AC_CHECK_DECLS([_getshort, _getlong], , ,
3152 [#include <sys/types.h>
3153 #include <arpa/nameser.h>])
cdd66111 3154 AC_CHECK_MEMBER(HEADER.ad,
2c06c99b 3155 [AC_DEFINE(HAVE_HEADER_AD, 1,
3156 [Define if HEADER.ad exists in arpa/nameser.h])],,
cdd66111 3157 [#include <arpa/nameser.h>])
3158 ])
0fff78ff 3159
9108f8d9 3160# Check whether user wants SELinux support
3161SELINUX_MSG="no"
3162LIBSELINUX=""
3163AC_ARG_WITH(selinux,
3164 [ --with-selinux Enable SELinux support],
3165 [ if test "x$withval" != "xno" ; then
3166 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3167 SELINUX_MSG="yes"
3168 AC_CHECK_HEADER([selinux/selinux.h], ,
3169 AC_MSG_ERROR(SELinux support requires selinux.h header))
3170 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3171 AC_MSG_ERROR(SELinux support requires libselinux library))
ff7ec503 3172 save_LIBS="$LIBS"
3173 LIBS="$LIBS $LIBSELINUX"
9108f8d9 3174 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
ff7ec503 3175 LIBS="$save_LIBS"
9108f8d9 3176 fi ]
3177)
3178AC_SUBST(LIBSELINUX)
3179
700318f3 3180# Check whether user wants Kerberos 5 support
cdd66111 3181KRB5_MSG="no"
700318f3 3182AC_ARG_WITH(kerberos5,
cdd66111 3183 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3184 [ if test "x$withval" != "xno" ; then
3185 if test "x$withval" = "xyes" ; then
3186 KRB5ROOT="/usr/local"
3187 else
3188 KRB5ROOT=${withval}
3189 fi
3190
2c06c99b 3191 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
cdd66111 3192 KRB5_MSG="yes"
3193
3194 AC_MSG_CHECKING(for krb5-config)
3195 if test -x $KRB5ROOT/bin/krb5-config ; then
3196 KRB5CONF=$KRB5ROOT/bin/krb5-config
3197 AC_MSG_RESULT($KRB5CONF)
3198
3199 AC_MSG_CHECKING(for gssapi support)
3200 if $KRB5CONF | grep gssapi >/dev/null ; then
3201 AC_MSG_RESULT(yes)
2c06c99b 3202 AC_DEFINE(GSSAPI, 1,
3203 [Define this if you want GSSAPI
3204 support in the version 2 protocol])
cdd66111 3205 k5confopts=gssapi
3206 else
3207 AC_MSG_RESULT(no)
3208 k5confopts=""
3209 fi
3210 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3211 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3212 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3213 AC_MSG_CHECKING(whether we are using Heimdal)
3214 AC_TRY_COMPILE([ #include <krb5.h> ],
3215 [ char *tmp = heimdal_version; ],
3216 [ AC_MSG_RESULT(yes)
2c06c99b 3217 AC_DEFINE(HEIMDAL, 1,
3218 [Define this if you are using the
3219 Heimdal version of Kerberos V5]) ],
cdd66111 3220 AC_MSG_RESULT(no)
3221 )
3222 else
3223 AC_MSG_RESULT(no)
700318f3 3224 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
cdd66111 3225 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3226 AC_MSG_CHECKING(whether we are using Heimdal)
3227 AC_TRY_COMPILE([ #include <krb5.h> ],
3228 [ char *tmp = heimdal_version; ],
3229 [ AC_MSG_RESULT(yes)
3230 AC_DEFINE(HEIMDAL)
c9f39d2c 3231 K5LIBS="-lkrb5 -ldes"
3232 K5LIBS="$K5LIBS -lcom_err -lasn1"
dec6d9fe 3233 AC_CHECK_LIB(roken, net_write,
c9f39d2c 3234 [K5LIBS="$K5LIBS -lroken"])
cdd66111 3235 ],
3236 [ AC_MSG_RESULT(no)
3237 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3238 ]
3239 )
0fff78ff 3240 AC_SEARCH_LIBS(dn_expand, resolv)
3241
3242 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3243 [ AC_DEFINE(GSSAPI)
3244 K5LIBS="-lgssapi $K5LIBS" ],
3245 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3246 [ AC_DEFINE(GSSAPI)
cdd66111 3247 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
0fff78ff 3248 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3249 $K5LIBS)
3250 ],
3251 $K5LIBS)
dec6d9fe 3252
0fff78ff 3253 AC_CHECK_HEADER(gssapi.h, ,
3254 [ unset ac_cv_header_gssapi_h
cdd66111 3255 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
0fff78ff 3256 AC_CHECK_HEADERS(gssapi.h, ,
3257 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
cdd66111 3258 )
0fff78ff 3259 ]
3260 )
3261
3262 oldCPP="$CPPFLAGS"
3263 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3264 AC_CHECK_HEADER(gssapi_krb5.h, ,
3265 [ CPPFLAGS="$oldCPP" ])
700318f3 3266
cdd66111 3267 fi
3268 if test ! -z "$need_dash_r" ; then
3269 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3270 fi
3271 if test ! -z "$blibpath" ; then
3272 blibpath="$blibpath:${KRB5ROOT}/lib"
3273 fi
cdd66111 3274
2c06c99b 3275 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3276 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3277 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
cdd66111 3278
2c06c99b 3279 LIBS="$LIBS $K5LIBS"
3280 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3281 [Define this if you want to use libkafs' AFS support]))
3282 fi
cdd66111 3283 ]
700318f3 3284)
3c0ef626 3285
3286# Looking for programs, paths and files
3c0ef626 3287
700318f3 3288PRIVSEP_PATH=/var/empty
3289AC_ARG_WITH(privsep-path,
41b2f314 3290 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
700318f3 3291 [
dec6d9fe 3292 if test -n "$withval" && test "x$withval" != "xno" && \
3293 test "x${withval}" != "xyes"; then
700318f3 3294 PRIVSEP_PATH=$withval
3295 fi
3296 ]
3297)
3298AC_SUBST(PRIVSEP_PATH)
3299
3c0ef626 3300AC_ARG_WITH(xauth,
3301 [ --with-xauth=PATH Specify path to xauth program ],
3302 [
dec6d9fe 3303 if test -n "$withval" && test "x$withval" != "xno" && \
3304 test "x${withval}" != "xyes"; then
3c0ef626 3305 xauth_path=$withval
3306 fi
3307 ],
3308 [
41b2f314 3309 TestPath="$PATH"
3310 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3311 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3312 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3313 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3314 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3c0ef626 3315 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3316 xauth_path="/usr/openwin/bin/xauth"
3317 fi
3318 ]
3319)
3320
6a9b3198 3321STRIP_OPT=-s
3322AC_ARG_ENABLE(strip,
3323 [ --disable-strip Disable calling strip(1) on install],
3324 [
3325 if test "x$enableval" = "xno" ; then
3326 STRIP_OPT=
3327 fi
3328 ]
3329)
3330AC_SUBST(STRIP_OPT)
3331
3c0ef626 3332if test -z "$xauth_path" ; then
3333 XAUTH_PATH="undefined"
3334 AC_SUBST(XAUTH_PATH)
3335else
2c06c99b 3336 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3337 [Define if xauth is found in your path])
3c0ef626 3338 XAUTH_PATH=$xauth_path
3339 AC_SUBST(XAUTH_PATH)
3340fi
3c0ef626 3341
3342# Check for mail directory (last resort if we cannot get it from headers)
3343if test ! -z "$MAIL" ; then
3344 maildir=`dirname $MAIL`
2c06c99b 3345 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3346 [Set this to your mail directory if you don't have maillock.h])
3c0ef626 3347fi
3348
996d5e62 3349if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3350 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3351 disable_ptmx_check=yes
3352fi
3c0ef626 3353if test -z "$no_dev_ptmx" ; then
700318f3 3354 if test "x$disable_ptmx_check" != "xyes" ; then
cdd66111 3355 AC_CHECK_FILE("/dev/ptmx",
700318f3 3356 [
2c06c99b 3357 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3358 [Define if you have /dev/ptmx])
700318f3 3359 have_dev_ptmx=1
3360 ]
3361 )
3362 fi
3c0ef626 3363fi
996d5e62 3364
3365if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3366 AC_CHECK_FILE("/dev/ptc",
3367 [
2c06c99b 3368 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3369 [Define if you have /dev/ptc])
996d5e62 3370 have_dev_ptc=1
3371 ]
3372 )
3373else
3374 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3375fi
3c0ef626 3376
3377# Options from here on. Some of these are preset by platform above
3c0ef626 3378AC_ARG_WITH(mantype,
3379 [ --with-mantype=man|cat|doc Set man page type],
3380 [
3381 case "$withval" in
3382 man|cat|doc)
3383 MANTYPE=$withval
3384 ;;
3385 *)
3386 AC_MSG_ERROR(invalid man type: $withval)
3387 ;;
3388 esac
3389 ]
3390)
3391if test -z "$MANTYPE"; then
41b2f314 3392 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3393 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3c0ef626 3394 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3395 MANTYPE=doc
3396 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3397 MANTYPE=man
3398 else
3399 MANTYPE=cat
3400 fi
3401fi
3402AC_SUBST(MANTYPE)
3403if test "$MANTYPE" = "doc"; then
3404 mansubdir=man;
3405else
3406 mansubdir=$MANTYPE;
3407fi
3408AC_SUBST(mansubdir)
3409
3410# Check whether to enable MD5 passwords
cdd66111 3411MD5_MSG="no"
3c0ef626 3412AC_ARG_WITH(md5-passwords,
3413 [ --with-md5-passwords Enable use of MD5 passwords],
3414 [
3415 if test "x$withval" != "xno" ; then
2c06c99b 3416 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3417 [Define if you want to allow MD5 passwords])
cdd66111 3418 MD5_MSG="yes"
3c0ef626 3419 fi
3420 ]
3421)
3422
3423# Whether to disable shadow password support
3424AC_ARG_WITH(shadow,
3425 [ --without-shadow Disable shadow password support],
3426 [
dec6d9fe 3427 if test "x$withval" = "xno" ; then
3c0ef626 3428 AC_DEFINE(DISABLE_SHADOW)
3429 disable_shadow=yes
3430 fi
3431 ]
3432)
3433
3434if test -z "$disable_shadow" ; then
3435 AC_MSG_CHECKING([if the systems has expire shadow information])
3436 AC_TRY_COMPILE(
3437 [
3438#include <sys/types.h>
3439#include <shadow.h>
3440 struct spwd sp;
3441 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3442 [ sp_expire_available=yes ], []
3443 )
3444
3445 if test "x$sp_expire_available" = "xyes" ; then
3446 AC_MSG_RESULT(yes)
2c06c99b 3447 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3448 [Define if you want to use shadow password expire field])
3c0ef626 3449 else
3450 AC_MSG_RESULT(no)
3451 fi
3452fi
3453
3454# Use ip address instead of hostname in $DISPLAY
3455if test ! -z "$IPADDR_IN_DISPLAY" ; then
3456 DISPLAY_HACK_MSG="yes"
2c06c99b 3457 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3458 [Define if you need to use IP address
3459 instead of hostname in $DISPLAY])
3c0ef626 3460else
cdd66111 3461 DISPLAY_HACK_MSG="no"
3c0ef626 3462 AC_ARG_WITH(ipaddr-display,
3463 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3464 [
dec6d9fe 3465 if test "x$withval" != "xno" ; then
3c0ef626 3466 AC_DEFINE(IPADDR_IN_DISPLAY)
cdd66111 3467 DISPLAY_HACK_MSG="yes"
3c0ef626 3468 fi
3469 ]
3470 )
3471fi
3472
0fff78ff 3473# check for /etc/default/login and use it if present.
acc3d05e 3474AC_ARG_ENABLE(etc-default-login,
996d5e62 3475 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3476 [ if test "x$enableval" = "xno"; then
3477 AC_MSG_NOTICE([/etc/default/login handling disabled])
3478 etc_default_login=no
3479 else
3480 etc_default_login=yes
3481 fi ],
2c06c99b 3482 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3483 then
3484 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3485 etc_default_login=no
3486 else
3487 etc_default_login=yes
3488 fi ]
996d5e62 3489)
0fff78ff 3490
996d5e62 3491if test "x$etc_default_login" != "xno"; then
3492 AC_CHECK_FILE("/etc/default/login",
3493 [ external_path_file=/etc/default/login ])
2c06c99b 3494 if test "x$external_path_file" = "x/etc/default/login"; then
3495 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3496 [Define if your system has /etc/default/login])
996d5e62 3497 fi
0fff78ff 3498fi
3499
700318f3 3500dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
dec6d9fe 3501if test $ac_cv_func_login_getcapbool = "yes" && \
3502 test $ac_cv_header_login_cap_h = "yes" ; then
0fff78ff 3503 external_path_file=/etc/login.conf
700318f3 3504fi
0fff78ff 3505
3c0ef626 3506# Whether to mess with the default path
cdd66111 3507SERVER_PATH_MSG="(default)"
3c0ef626 3508AC_ARG_WITH(default-path,
700318f3 3509 [ --with-default-path= Specify default \$PATH environment for server],
3c0ef626 3510 [
0fff78ff 3511 if test "x$external_path_file" = "x/etc/login.conf" ; then
700318f3 3512 AC_MSG_WARN([
3513--with-default-path=PATH has no effect on this system.
3514Edit /etc/login.conf instead.])
dec6d9fe 3515 elif test "x$withval" != "xno" ; then
0fff78ff 3516 if test ! -z "$external_path_file" ; then
3517 AC_MSG_WARN([
3518--with-default-path=PATH will only be used if PATH is not defined in
3519$external_path_file .])
3520 fi
3c0ef626 3521 user_path="$withval"
cdd66111 3522 SERVER_PATH_MSG="$withval"
3c0ef626 3523 fi
3524 ],
0fff78ff 3525 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3526 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
700318f3 3527 else
0fff78ff 3528 if test ! -z "$external_path_file" ; then
3529 AC_MSG_WARN([
3530If PATH is defined in $external_path_file, ensure the path to scp is included,
3531otherwise scp will not work.])
3532 fi
2c06c99b 3533 AC_RUN_IFELSE(
3534 [AC_LANG_SOURCE([[
3c0ef626 3535/* find out what STDPATH is */
3536#include <stdio.h>
3537#ifdef HAVE_PATHS_H
3538# include <paths.h>
3539#endif
3540#ifndef _PATH_STDPATH
6a9b3198 3541# ifdef _PATH_USERPATH /* Irix */
3542# define _PATH_STDPATH _PATH_USERPATH
3543# else
3544# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3545# endif
3c0ef626 3546#endif
3547#include <sys/types.h>
3548#include <sys/stat.h>
3549#include <fcntl.h>
3550#define DATA "conftest.stdpath"
3551
3552main()
3553{
3554 FILE *fd;
3555 int rc;
dec6d9fe 3556
3c0ef626 3557 fd = fopen(DATA,"w");
3558 if(fd == NULL)
3559 exit(1);
dec6d9fe 3560
3c0ef626 3561 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3562 exit(1);
3563
3564 exit(0);
3565}
2c06c99b 3566 ]])],
3567 [ user_path=`cat conftest.stdpath` ],
3c0ef626 3568 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3569 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3570 )
3571# make sure $bindir is in USER_PATH so scp will work
3572 t_bindir=`eval echo ${bindir}`
3573 case $t_bindir in
3574 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3575 esac
3576 case $t_bindir in
3577 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3578 esac
3579 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3580 if test $? -ne 0 ; then
3581 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3582 if test $? -ne 0 ; then
3583 user_path=$user_path:$t_bindir
3584 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3585 fi
3586 fi
700318f3 3587 fi ]
3588)
0fff78ff 3589if test "x$external_path_file" != "x/etc/login.conf" ; then
2c06c99b 3590 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
700318f3 3591 AC_SUBST(user_path)
3592fi
3593
3594# Set superuser path separately to user path
700318f3 3595AC_ARG_WITH(superuser-path,
3596 [ --with-superuser-path= Specify different path for super-user],
3597 [
dec6d9fe 3598 if test -n "$withval" && test "x$withval" != "xno" && \
3599 test "x${withval}" != "xyes"; then
2c06c99b 3600 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3601 [Define if you want a different $PATH
3602 for the superuser])
700318f3 3603 superuser_path=$withval
3604 fi
3c0ef626 3605 ]
3606)
700318f3 3607
3c0ef626 3608
3c0ef626 3609AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
cdd66111 3610IPV4_IN6_HACK_MSG="no"
3c0ef626 3611AC_ARG_WITH(4in6,
3612 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3613 [
3614 if test "x$withval" != "xno" ; then
3615 AC_MSG_RESULT(yes)
2c06c99b 3616 AC_DEFINE(IPV4_IN_IPV6, 1,
3617 [Detect IPv4 in IPv6 mapped addresses
3618 and treat as IPv4])
cdd66111 3619 IPV4_IN6_HACK_MSG="yes"
3c0ef626 3620 else
3621 AC_MSG_RESULT(no)
3622 fi
3623 ],[
3624 if test "x$inet6_default_4in6" = "xyes"; then
3625 AC_MSG_RESULT([yes (default)])
3626 AC_DEFINE(IPV4_IN_IPV6)
cdd66111 3627 IPV4_IN6_HACK_MSG="yes"
3c0ef626 3628 else
3629 AC_MSG_RESULT([no (default)])
3630 fi
3631 ]
3632)
3633
3634# Whether to enable BSD auth support
e9a17296 3635BSD_AUTH_MSG=no
3c0ef626 3636AC_ARG_WITH(bsd-auth,
3637 [ --with-bsd-auth Enable BSD auth support],
3638 [
dec6d9fe 3639 if test "x$withval" != "xno" ; then
2c06c99b 3640 AC_DEFINE(BSD_AUTH, 1,
3641 [Define if you have BSD auth support])
e9a17296 3642 BSD_AUTH_MSG=yes
3c0ef626 3643 fi
3644 ]
3645)
3646
3c0ef626 3647# Where to place sshd.pid
3648piddir=/var/run
700318f3 3649# make sure the directory exists
dec6d9fe 3650if test ! -d $piddir ; then
700318f3 3651 piddir=`eval echo ${sysconfdir}`
3652 case $piddir in
cdd66111 3653 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
700318f3 3654 esac
3655fi
3656
3c0ef626 3657AC_ARG_WITH(pid-dir,
3658 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3659 [
dec6d9fe 3660 if test -n "$withval" && test "x$withval" != "xno" && \
3661 test "x${withval}" != "xyes"; then
3c0ef626 3662 piddir=$withval
dec6d9fe 3663 if test ! -d $piddir ; then
700318f3 3664 AC_MSG_WARN([** no $piddir directory on this system **])
3665 fi
3c0ef626 3666 fi
3667 ]
3668)
3669
2c06c99b 3670AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3c0ef626 3671AC_SUBST(piddir)
3672
3673dnl allow user to disable some login recording features
3674AC_ARG_ENABLE(lastlog,
3675 [ --disable-lastlog disable use of lastlog even if detected [no]],
0fff78ff 3676 [
3677 if test "x$enableval" = "xno" ; then
3678 AC_DEFINE(DISABLE_LASTLOG)
3679 fi
3680 ]
3c0ef626 3681)
3682AC_ARG_ENABLE(utmp,
3683 [ --disable-utmp disable use of utmp even if detected [no]],
0fff78ff 3684 [
3685 if test "x$enableval" = "xno" ; then
3686 AC_DEFINE(DISABLE_UTMP)
3687 fi
3688 ]
3c0ef626 3689)
3690AC_ARG_ENABLE(utmpx,
3691 [ --disable-utmpx disable use of utmpx even if detected [no]],
0fff78ff 3692 [
3693 if test "x$enableval" = "xno" ; then
2c06c99b 3694 AC_DEFINE(DISABLE_UTMPX, 1,
3695 [Define if you don't want to use utmpx])
0fff78ff 3696 fi
3697 ]
3c0ef626 3698)
3699AC_ARG_ENABLE(wtmp,
3700 [ --disable-wtmp disable use of wtmp even if detected [no]],
0fff78ff 3701 [
3702 if test "x$enableval" = "xno" ; then
3703 AC_DEFINE(DISABLE_WTMP)
3704 fi
3705 ]
3c0ef626 3706)
3707AC_ARG_ENABLE(wtmpx,
3708 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
0fff78ff 3709 [
3710 if test "x$enableval" = "xno" ; then
2c06c99b 3711 AC_DEFINE(DISABLE_WTMPX, 1,
3712 [Define if you don't want to use wtmpx])
0fff78ff 3713 fi
3714 ]
3c0ef626 3715)
3716AC_ARG_ENABLE(libutil,
3717 [ --disable-libutil disable use of libutil (login() etc.) [no]],
0fff78ff 3718 [
3719 if test "x$enableval" = "xno" ; then
3720 AC_DEFINE(DISABLE_LOGIN)
3721 fi
3722 ]
3c0ef626 3723)
3724AC_ARG_ENABLE(pututline,
3725 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
0fff78ff 3726 [
3727 if test "x$enableval" = "xno" ; then
2c06c99b 3728 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3729 [Define if you don't want to use pututline()
3730 etc. to write [uw]tmp])
0fff78ff 3731 fi
3732 ]
3c0ef626 3733)
3734AC_ARG_ENABLE(pututxline,
3735 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
0fff78ff 3736 [
3737 if test "x$enableval" = "xno" ; then
2c06c99b 3738 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3739 [Define if you don't want to use pututxline()
3740 etc. to write [uw]tmpx])
0fff78ff 3741 fi
3742 ]
3c0ef626 3743)
3744AC_ARG_WITH(lastlog,
3745 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3746 [
dec6d9fe 3747 if test "x$withval" = "xno" ; then
3c0ef626 3748 AC_DEFINE(DISABLE_LASTLOG)
dec6d9fe 3749 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3c0ef626 3750 conf_lastlog_location=$withval
3751 fi
3752 ]
3753)
3754
3755dnl lastlog, [uw]tmpx? detection
3756dnl NOTE: set the paths in the platform section to avoid the
3757dnl need for command-line parameters
3758dnl lastlog and [uw]tmp are subject to a file search if all else fails
3759
3760dnl lastlog detection
3761dnl NOTE: the code itself will detect if lastlog is a directory
3762AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3763AC_TRY_COMPILE([
3764#include <sys/types.h>
3765#include <utmp.h>
3766#ifdef HAVE_LASTLOG_H
3767# include <lastlog.h>
3768#endif
3769#ifdef HAVE_PATHS_H
3770# include <paths.h>
3771#endif
3772#ifdef HAVE_LOGIN_H
3773# include <login.h>
3774#endif
3775 ],
3776 [ char *lastlog = LASTLOG_FILE; ],
3777 [ AC_MSG_RESULT(yes) ],
3778 [
3779 AC_MSG_RESULT(no)
3780 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3781 AC_TRY_COMPILE([
3782#include <sys/types.h>
3783#include <utmp.h>
3784#ifdef HAVE_LASTLOG_H
3785# include <lastlog.h>
3786#endif
3787#ifdef HAVE_PATHS_H
3788# include <paths.h>
3789#endif
3790 ],
3791 [ char *lastlog = _PATH_LASTLOG; ],
3792 [ AC_MSG_RESULT(yes) ],
3793 [
3794 AC_MSG_RESULT(no)
3795 system_lastlog_path=no
3796 ])
3797 ]
3798)
3799
3800if test -z "$conf_lastlog_location"; then
3801 if test x"$system_lastlog_path" = x"no" ; then
3802 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3803 if (test -d "$f" || test -f "$f") ; then
3804 conf_lastlog_location=$f
3805 fi
3806 done
3807 if test -z "$conf_lastlog_location"; then
3808 AC_MSG_WARN([** Cannot find lastlog **])
3809 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3810 fi
3811 fi
3812fi
3813
3814if test -n "$conf_lastlog_location"; then
2c06c99b 3815 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3816 [Define if you want to specify the path to your lastlog file])
dec6d9fe 3817fi
3c0ef626 3818
3819dnl utmp detection
3820AC_MSG_CHECKING([if your system defines UTMP_FILE])
3821AC_TRY_COMPILE([
3822#include <sys/types.h>
3823#include <utmp.h>
3824#ifdef HAVE_PATHS_H
3825# include <paths.h>
3826#endif
3827 ],
3828 [ char *utmp = UTMP_FILE; ],
3829 [ AC_MSG_RESULT(yes) ],
3830 [ AC_MSG_RESULT(no)
3831 system_utmp_path=no ]
3832)
3833if test -z "$conf_utmp_location"; then
3834 if test x"$system_utmp_path" = x"no" ; then
3835 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3836 if test -f $f ; then
3837 conf_utmp_location=$f
3838 fi
3839 done
3840 if test -z "$conf_utmp_location"; then
3841 AC_DEFINE(DISABLE_UTMP)
3842 fi
3843 fi
3844fi
3845if test -n "$conf_utmp_location"; then
2c06c99b 3846 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3847 [Define if you want to specify the path to your utmp file])
dec6d9fe 3848fi
3c0ef626 3849
3850dnl wtmp detection
3851AC_MSG_CHECKING([if your system defines WTMP_FILE])
3852AC_TRY_COMPILE([
3853#include <sys/types.h>
3854#include <utmp.h>
3855#ifdef HAVE_PATHS_H
3856# include <paths.h>
3857#endif
3858 ],
3859 [ char *wtmp = WTMP_FILE; ],
3860 [ AC_MSG_RESULT(yes) ],
3861 [ AC_MSG_RESULT(no)
3862 system_wtmp_path=no ]
3863)
3864if test -z "$conf_wtmp_location"; then
3865 if test x"$system_wtmp_path" = x"no" ; then
3866 for f in /usr/adm/wtmp /var/log/wtmp; do
3867 if test -f $f ; then
3868 conf_wtmp_location=$f
3869 fi
3870 done
3871 if test -z "$conf_wtmp_location"; then
3872 AC_DEFINE(DISABLE_WTMP)
3873 fi
3874 fi
3875fi
3876if test -n "$conf_wtmp_location"; then
2c06c99b 3877 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3878 [Define if you want to specify the path to your wtmp file])
dec6d9fe 3879fi
3c0ef626 3880
3881
3882dnl utmpx detection - I don't know any system so perverse as to require
3883dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3884dnl there, though.
3885AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3886AC_TRY_COMPILE([
3887#include <sys/types.h>
3888#include <utmp.h>
3889#ifdef HAVE_UTMPX_H
3890#include <utmpx.h>
3891#endif
3892#ifdef HAVE_PATHS_H
3893# include <paths.h>
3894#endif
3895 ],
3896 [ char *utmpx = UTMPX_FILE; ],
3897 [ AC_MSG_RESULT(yes) ],
3898 [ AC_MSG_RESULT(no)
3899 system_utmpx_path=no ]
3900)
3901if test -z "$conf_utmpx_location"; then
3902 if test x"$system_utmpx_path" = x"no" ; then
3903 AC_DEFINE(DISABLE_UTMPX)
3904 fi
3905else
2c06c99b 3906 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3907 [Define if you want to specify the path to your utmpx file])
dec6d9fe 3908fi
3c0ef626 3909
3910dnl wtmpx detection
3911AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3912AC_TRY_COMPILE([
3913#include <sys/types.h>
3914#include <utmp.h>
3915#ifdef HAVE_UTMPX_H
3916#include <utmpx.h>
3917#endif
3918#ifdef HAVE_PATHS_H
3919# include <paths.h>
3920#endif
3921 ],
3922 [ char *wtmpx = WTMPX_FILE; ],
3923 [ AC_MSG_RESULT(yes) ],
3924 [ AC_MSG_RESULT(no)
3925 system_wtmpx_path=no ]
3926)
3927if test -z "$conf_wtmpx_location"; then
3928 if test x"$system_wtmpx_path" = x"no" ; then
3929 AC_DEFINE(DISABLE_WTMPX)
3930 fi
3931else
2c06c99b 3932 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3933 [Define if you want to specify the path to your wtmpx file])
dec6d9fe 3934fi
3c0ef626 3935
3936
3c0ef626 3937if test ! -z "$blibpath" ; then
7e772e1f 3938 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3939 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3c0ef626 3940fi
3941
665a873d 3942dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3943dnl Add now.
3944CFLAGS="$CFLAGS $werror_flags"
3945
e9a17296 3946AC_EXEEXT
9108f8d9 3947AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3948 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
996d5e62 3949 scard/Makefile ssh_prng_cmds survey.sh])
3c0ef626 3950AC_OUTPUT
3951
3952# Print summary of options
3953
3c0ef626 3954# Someone please show me a better way :)
3955A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3956B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3957C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3958D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3959E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3960F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3961G=`eval echo ${piddir}` ; G=`eval echo ${G}`
700318f3 3962H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3963I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3964J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3c0ef626 3965
3966echo ""
3967echo "OpenSSH has been configured with the following options:"
700318f3 3968echo " User binaries: $B"
3969echo " System binaries: $C"
3970echo " Configuration files: $D"
3971echo " Askpass program: $E"
3972echo " Manual pages: $F"
3973echo " PID file: $G"
3974echo " Privilege separation chroot path: $H"
0fff78ff 3975if test "x$external_path_file" = "x/etc/login.conf" ; then
3976echo " At runtime, sshd will use the path defined in $external_path_file"
3977echo " Make sure the path to scp is present, otherwise scp will not work"
700318f3 3978else
3979echo " sshd default user PATH: $I"
0fff78ff 3980 if test ! -z "$external_path_file"; then
3981echo " (If PATH is set in $external_path_file it will be used instead. If"
3982echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3983 fi
700318f3 3984fi
3985if test ! -z "$superuser_path" ; then
3986echo " sshd superuser user PATH: $J"
3987fi
3988echo " Manpage format: $MANTYPE"
0fff78ff 3989echo " PAM support: $PAM_MSG"
9108f8d9 3990echo " OSF SIA support: $SIA_MSG"
700318f3 3991echo " KerberosV support: $KRB5_MSG"
9108f8d9 3992echo " SELinux support: $SELINUX_MSG"
700318f3 3993echo " Smartcard support: $SCARD_MSG"
700318f3 3994echo " S/KEY support: $SKEY_MSG"
3995echo " TCP Wrappers support: $TCPW_MSG"
3996echo " MD5 password support: $MD5_MSG"
996d5e62 3997echo " libedit support: $LIBEDIT_MSG"
9108f8d9 3998echo " Solaris process contract support: $SPC_MSG"
700318f3 3999echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
700318f3 4000echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4001echo " BSD Auth support: $BSD_AUTH_MSG"
4002echo " Random number source: $RAND_MSG"
e9a17296 4003if test ! -z "$USE_RAND_HELPER" ; then
700318f3 4004echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3c0ef626 4005fi
4006
4007echo ""
4008
4009echo " Host: ${host}"
4010echo " Compiler: ${CC}"
4011echo " Compiler flags: ${CFLAGS}"
4012echo "Preprocessor flags: ${CPPFLAGS}"
4013echo " Linker flags: ${LDFLAGS}"
e9a17296 4014echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3c0ef626 4015
4016echo ""
4017
c9f39d2c 4018if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
996d5e62 4019 echo "SVR4 style packages are supported with \"make package\""
4020 echo ""
c9f39d2c 4021fi
4022
3c0ef626 4023if test "x$PAM_MSG" = "xyes" ; then
e9a17296 4024 echo "PAM is enabled. You may need to install a PAM control file "
4025 echo "for sshd, otherwise password authentication may fail. "
cdd66111 4026 echo "Example PAM control files can be found in the contrib/ "
e9a17296 4027 echo "subdirectory"
3c0ef626 4028 echo ""
4029fi
4030
e9a17296 4031if test ! -z "$RAND_HELPER_CMDHASH" ; then
4032 echo "WARNING: you are using the builtin random number collection "
4033 echo "service. Please read WARNING.RNG and request that your OS "
4034 echo "vendor includes kernel-based random number collection in "
4035 echo "future versions of your OS."
3c0ef626 4036 echo ""
4037fi
4038
c9f39d2c 4039if test ! -z "$NO_PEERCHECK" ; then
4040 echo "WARNING: the operating system that you are using does not "
4041 echo "appear to support either the getpeereid() API nor the "
4042 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4043 echo "enforce security checks to prevent unauthorised connections to "
4044 echo "ssh-agent. Their absence increases the risk that a malicious "
4045 echo "user can connect to your agent. "
4046 echo ""
4047fi
4048
996d5e62 4049if test "$AUDIT_MODULE" = "bsm" ; then
4050 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4051 echo "See the Solaris section in README.platform for details."
4052fi
git-cvsimport mirror of GSI OpenSSH
This page took 3.64707 seconds and 5 git commands to generate.