]> andersk Git - gssapi-openssh.git/blame - openssh/configure.ac
andersk / gssapi-openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
add GssapiCredentialsPath option for sshd_config as requested in
[gssapi-openssh.git] / openssh / configure.ac
CommitLineData
3c0ef626 1# $Id$
12a403af 2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
3c0ef626 16
2ce0bfe4 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
4b6dae8f 18AC_REVISION($Revision$)
3c0ef626 19AC_CONFIG_SRCDIR([ssh.c])
20
21AC_CONFIG_HEADER(config.h)
22AC_PROG_CC
23AC_CANONICAL_HOST
24AC_C_BIGENDIAN
25
26# Checks for programs.
7cac2b65 27AC_PROG_AWK
3c0ef626 28AC_PROG_CPP
29AC_PROG_RANLIB
30AC_PROG_INSTALL
4b6dae8f 31AC_PROG_EGREP
3c0ef626 32AC_PATH_PROG(AR, ar)
7e82606e 33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
3c0ef626 35AC_PATH_PROGS(PERL, perl5 perl)
bfe49944 36AC_PATH_PROG(SED, sed)
3c0ef626 37AC_SUBST(PERL)
38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
3c0ef626 40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
350391c5 43AC_PATH_PROG(SH, sh)
7e82606e 44AC_SUBST(TEST_SHELL,sh)
45
46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
08822d99 52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
3c0ef626 57
58# System features
59AC_SYS_LARGEFILE
60
61if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
08822d99 67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
3c0ef626 70else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76fi
77
540d72c3 78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
08822d99 80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
540d72c3 82fi
83
3c0ef626 84if test -z "$LD" ; then
85 LD=$CC
86fi
87AC_SUBST(LD)
8b32eddc 88
3c0ef626 89AC_C_INLINE
2ce0bfe4 90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
540d72c3 93if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
2ce0bfe4 94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
08822d99 95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
2ce0bfe4 96 case $GCC_VER in
97 1.*) ;;
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99 2.*) ;;
08822d99 100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
102 *) ;;
2ce0bfe4 103 esac
104
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
111 [have_llong_max=1],
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
114 )
115 fi
116fi
117
540d72c3 118AC_ARG_WITH(rpath,
119 [ --without-rpath Disable auto-added -R linker paths],
120 [
8b32eddc 121 if test "x$withval" = "xno" ; then
540d72c3 122 need_dash_r=""
123 fi
124 if test "x$withval" = "xyes" ; then
125 need_dash_r=1
126 fi
127 ]
128)
129
240debe0 130# Allow user to specify flags
131AC_ARG_WITH(cflags,
132 [ --with-cflags Specify additional flags to pass to compiler],
133 [
134 if test -n "$withval" && test "x$withval" != "xno" && \
135 test "x${withval}" != "xyes"; then
136 CFLAGS="$CFLAGS $withval"
137 fi
138 ]
139)
140AC_ARG_WITH(cppflags,
141 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
142 [
143 if test -n "$withval" && test "x$withval" != "xno" && \
144 test "x${withval}" != "xyes"; then
145 CPPFLAGS="$CPPFLAGS $withval"
146 fi
147 ]
148)
149AC_ARG_WITH(ldflags,
150 [ --with-ldflags Specify additional flags to pass to linker],
151 [
152 if test -n "$withval" && test "x$withval" != "xno" && \
153 test "x${withval}" != "xyes"; then
154 LDFLAGS="$LDFLAGS $withval"
155 fi
156 ]
157)
158AC_ARG_WITH(libs,
159 [ --with-libs Specify additional libraries to link with],
160 [
161 if test -n "$withval" && test "x$withval" != "xno" && \
162 test "x${withval}" != "xyes"; then
163 LIBS="$LIBS $withval"
164 fi
165 ]
166)
167AC_ARG_WITH(Werror,
168 [ --with-Werror Build main code with -Werror],
169 [
170 if test -n "$withval" && test "x$withval" != "xno"; then
171 werror_flags="-Werror"
172 if test "x${withval}" != "xyes"; then
173 werror_flags="$withval"
174 fi
175 fi
176 ]
177)
178
179AC_CHECK_HEADERS( \
180 bstring.h \
181 crypt.h \
182 crypto/sha2.h \
183 dirent.h \
184 endian.h \
185 features.h \
186 fcntl.h \
187 floatingpoint.h \
188 getopt.h \
189 glob.h \
190 ia.h \
191 iaf.h \
192 limits.h \
193 login.h \
194 maillock.h \
195 ndir.h \
196 net/if_tun.h \
197 netdb.h \
198 netgroup.h \
199 pam/pam_appl.h \
200 paths.h \
201 pty.h \
202 readpassphrase.h \
203 rpc/types.h \
204 security/pam_appl.h \
205 sha2.h \
206 shadow.h \
207 stddef.h \
208 stdint.h \
209 string.h \
210 strings.h \
211 sys/audit.h \
212 sys/bitypes.h \
213 sys/bsdtty.h \
214 sys/cdefs.h \
215 sys/dir.h \
216 sys/mman.h \
217 sys/ndir.h \
218 sys/prctl.h \
219 sys/pstat.h \
220 sys/select.h \
221 sys/stat.h \
222 sys/stream.h \
223 sys/stropts.h \
224 sys/strtio.h \
225 sys/sysmacros.h \
226 sys/time.h \
227 sys/timers.h \
228 sys/un.h \
229 time.h \
230 tmpdir.h \
231 ttyent.h \
232 unistd.h \
233 usersec.h \
234 util.h \
235 utime.h \
236 utmp.h \
237 utmpx.h \
238 vis.h \
239)
240
241# lastlog.h requires sys/time.h to be included first on Solaris
242AC_CHECK_HEADERS(lastlog.h, [], [], [
243#ifdef HAVE_SYS_TIME_H
244# include <sys/time.h>
245#endif
246])
247
248# sys/ptms.h requires sys/stream.h to be included first on Solaris
249AC_CHECK_HEADERS(sys/ptms.h, [], [], [
250#ifdef HAVE_SYS_STREAM_H
251# include <sys/stream.h>
252#endif
253])
254
255# login_cap.h requires sys/types.h on NetBSD
256AC_CHECK_HEADERS(login_cap.h, [], [], [
257#include <sys/types.h>
258])
259
30460aeb 260# Messages for features tested for in target-specific section
261SIA_MSG="no"
262SPC_MSG="no"
263
3c0ef626 264# Check for some target-specific stuff
265case "$host" in
266*-*-aix*)
30460aeb 267 # Some versions of VAC won't allow macro redefinitions at
268 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
269 # particularly with older versions of vac or xlc.
270 # It also throws errors about null macro argments, but these are
271 # not fatal.
272 AC_MSG_CHECKING(if compiler allows macro redefinitions)
273 AC_COMPILE_IFELSE(
274 [AC_LANG_SOURCE([[
275#define testmacro foo
276#define testmacro bar
277int main(void) { exit(0); }
278 ]])],
279 [ AC_MSG_RESULT(yes) ],
280 [ AC_MSG_RESULT(no)
281 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
282 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
283 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
284 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
285 ]
286 )
287
540d72c3 288 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
256cb466 289 if (test -z "$blibpath"); then
540d72c3 290 blibpath="/usr/lib:/lib"
3c0ef626 291 fi
256cb466 292 saved_LDFLAGS="$LDFLAGS"
30460aeb 293 if test "$GCC" = "yes"; then
294 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
295 else
296 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
297 fi
298 for tryflags in $flags ;do
256cb466 299 if (test -z "$blibflags"); then
300 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
301 AC_TRY_LINK([], [], [blibflags=$tryflags])
302 fi
303 done
304 if (test -z "$blibflags"); then
305 AC_MSG_RESULT(not found)
306 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
307 else
308 AC_MSG_RESULT($blibflags)
309 fi
310 LDFLAGS="$saved_LDFLAGS"
7cac2b65 311 dnl Check for authenticate. Might be in libs.a on older AIXes
08822d99 312 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
313 [Define if you want to enable AIX4's authenticate function])],
d03f4262 314 [AC_CHECK_LIB(s,authenticate,
315 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
316 LIBS="$LIBS -ls"
317 ])
318 ])
dfddba3d 319 dnl Check for various auth function declarations in headers.
320 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
8b32eddc 321 passwdexpired, setauthdb], , , [#include <usersec.h>])
7cac2b65 322 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
dfddba3d 323 AC_CHECK_DECLS(loginfailed,
7cac2b65 324 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
325 AC_TRY_COMPILE(
326 [#include <usersec.h>],
327 [(void)loginfailed("user","host","tty",0);],
328 [AC_MSG_RESULT(yes)
08822d99 329 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
330 [Define if your AIX loginfailed() function
331 takes 4 arguments (AIX >= 5.2)])],
7cac2b65 332 [AC_MSG_RESULT(no)]
333 )],
334 [],
335 [#include <usersec.h>]
336 )
337 AC_CHECK_FUNCS(setauthdb)
30460aeb 338 AC_CHECK_DECL(F_CLOSEM,
339 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
340 [],
341 [ #include <limits.h>
342 #include <fcntl.h> ]
343 )
dfddba3d 344 check_for_aix_broken_getaddrinfo=1
08822d99 345 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
346 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
347 [Define if your platform breaks doing a seteuid before a setuid])
348 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
349 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
3c0ef626 350 dnl AIX handles lastlog as part of its login message
08822d99 351 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
352 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
353 [Some systems need a utmpx entry for /bin/login to work])
354 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
355 [Define to a Set Process Title type if your system is
356 supported by bsd-setproctitle.c])
357 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
358 [AIX 5.2 and 5.3 (and presumably newer) require this])
30460aeb 359 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
3c0ef626 360 ;;
361*-*-cygwin*)
bfe49944 362 check_for_libcrypt_later=1
e9702f7d 363 LIBS="$LIBS /usr/lib/textmode.o"
08822d99 364 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
365 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
366 AC_DEFINE(DISABLE_SHADOW, 1,
367 [Define if you want to disable shadow passwords])
368 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
369 [Define if your system choked on IP TOS setting])
370 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
371 [Define if X11 doesn't support AF_UNIX sockets on that system])
372 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
373 [Define if the concept of ports only accessible to
374 superusers isn't known])
375 AC_DEFINE(DISABLE_FD_PASSING, 1,
376 [Define if your platform needs to skip post auth
377 file descriptor passing])
3c0ef626 378 ;;
379*-*-dgux*)
380 AC_DEFINE(IP_TOS_IS_BROKEN)
540d72c3 381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 384 ;;
385*-*-darwin*)
08822d99 386 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
29d88157 387 AC_DEFINE(SETEUID_BREAKS_SETUID)
388 AC_DEFINE(BROKEN_SETREUID)
389 AC_DEFINE(BROKEN_SETREGID)
08822d99 390 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
391 [Define if your resolver libs need this for getrrsetbyname])
30460aeb 392 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
393 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
394 [Use tunnel device compatibility to OpenBSD])
395 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
396 [Prepend the address family to IP tunnel traffic])
f713db99 397 AC_MSG_CHECKING(if we have the Security Authorization Session API)
398 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
399 [SessionCreate(0, 0);],
400 [ac_cv_use_security_session_api="yes"
401 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
402 [platform has the Security Authorization Session API])
403 LIBS="$LIBS -framework Security"
404 AC_MSG_RESULT(yes)],
405 [ac_cv_use_security_session_api="no"
406 AC_MSG_RESULT(no)])
407 AC_MSG_CHECKING(if we have an in-memory credentials cache)
408 AC_TRY_COMPILE(
409 [#include <Kerberos/Kerberos.h>],
410 [cc_context_t c;
411 (void) cc_initialize (&c, 0, NULL, NULL);],
412 [AC_DEFINE(USE_CCAPI, 1,
413 [platform uses an in-memory credentials cache])
414 LIBS="$LIBS -framework Security"
415 AC_MSG_RESULT(yes)
416 if test "x$ac_cv_use_security_session_api" = "xno"; then
417 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
418 fi],
419 [AC_MSG_RESULT(no)]
420 )
421 ;;
30460aeb 422*-*-dragonfly*)
423 SSHDLIBS="$SSHDLIBS -lcrypt"
3c0ef626 424 ;;
2ce0bfe4 425*-*-hpux*)
426 # first we define all of the options common to all HP-UX releases
3c0ef626 427 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
428 IPADDR_IN_DISPLAY=yes
3c0ef626 429 AC_DEFINE(USE_PIPES)
08822d99 430 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
431 [Define if your login program cannot handle end of options ("--")])
350391c5 432 AC_DEFINE(LOGIN_NEEDS_UTMPX)
08822d99 433 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
434 [String used in /etc/passwd to denote locked account])
7cac2b65 435 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
08822d99 436 MAIL="/var/mail/username"
d03f4262 437 LIBS="$LIBS -lsec"
2ce0bfe4 438 AC_CHECK_LIB(xnet, t_error, ,
439 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
440
441 # next, we define all of the options specific to major releases
442 case "$host" in
443 *-*-hpux10*)
444 if test -z "$GCC"; then
445 CFLAGS="$CFLAGS -Ae"
446 fi
447 ;;
448 *-*-hpux11*)
08822d99 449 AC_DEFINE(PAM_SUN_CODEBASE, 1,
450 [Define if you are using Solaris-derived PAM which
451 passes pam_messages to the conversation function
452 with an extra level of indirection])
453 AC_DEFINE(DISABLE_UTMP, 1,
454 [Define if you don't want to use utmp])
2ce0bfe4 455 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
456 check_for_hpux_broken_getaddrinfo=1
457 check_for_conflicting_getspnam=1
458 ;;
459 esac
460
461 # lastly, we define options specific to minor releases
462 case "$host" in
463 *-*-hpux10.26)
08822d99 464 AC_DEFINE(HAVE_SECUREWARE, 1,
465 [Define if you have SecureWare-based
466 protected password database])
2ce0bfe4 467 disable_ptmx_check=yes
468 LIBS="$LIBS -lsecpw"
469 ;;
470 esac
3c0ef626 471 ;;
472*-*-irix5*)
3c0ef626 473 PATH="$PATH:/usr/etc"
08822d99 474 AC_DEFINE(BROKEN_INET_NTOA, 1,
475 [Define if you system's inet_ntoa is busted
476 (e.g. Irix gcc issue)])
540d72c3 477 AC_DEFINE(SETEUID_BREAKS_SETUID)
478 AC_DEFINE(BROKEN_SETREUID)
479 AC_DEFINE(BROKEN_SETREGID)
08822d99 480 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
481 [Define if you shouldn't strip 'tty' from your
482 ttyname in [uw]tmp])
7cac2b65 483 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 484 ;;
485*-*-irix6*)
3c0ef626 486 PATH="$PATH:/usr/etc"
08822d99 487 AC_DEFINE(WITH_IRIX_ARRAY, 1,
488 [Define if you have/want arrays
489 (cluster-wide session managment, not C arrays)])
490 AC_DEFINE(WITH_IRIX_PROJECT, 1,
491 [Define if you want IRIX project management])
492 AC_DEFINE(WITH_IRIX_AUDIT, 1,
493 [Define if you want IRIX audit trails])
494 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
495 [Define if you want IRIX kernel jobs])])
3c0ef626 496 AC_DEFINE(BROKEN_INET_NTOA)
29d88157 497 AC_DEFINE(SETEUID_BREAKS_SETUID)
498 AC_DEFINE(BROKEN_SETREUID)
499 AC_DEFINE(BROKEN_SETREGID)
08822d99 500 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
350391c5 501 AC_DEFINE(WITH_ABBREV_NO_TTY)
7cac2b65 502 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 503 ;;
504*-*-linux*)
505 no_dev_ptmx=1
506 check_for_libcrypt_later=1
7cac2b65 507 check_for_openpty_ctty_bug=1
08822d99 508 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
509 AC_DEFINE(PAM_TTY_KLUDGE, 1,
510 [Work around problematic Linux PAM modules handling of PAM_TTY])
511 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
512 [String used in /etc/passwd to denote locked account])
7cac2b65 513 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
08822d99 514 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
515 [Define to whatever link() returns for "not supported"
516 if it doesn't return EOPNOTSUPP.])
dfddba3d 517 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
08822d99 518 AC_DEFINE(USE_BTMP)
3c0ef626 519 inet6_default_4in6=yes
7cac2b65 520 case `uname -r` in
521 1.*|2.0.*)
08822d99 522 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
523 [Define if cmsg_type is not passed correctly])
7cac2b65 524 ;;
525 esac
08822d99 526 # tun(4) forwarding compat code
527 AC_CHECK_HEADERS(linux/if_tun.h)
528 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
529 AC_DEFINE(SSH_TUN_LINUX, 1,
530 [Open tunnel devices the Linux tun/tap way])
531 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
532 [Use tunnel device compatibility to OpenBSD])
533 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
534 [Prepend the address family to IP tunnel traffic])
535 fi
3c0ef626 536 ;;
537mips-sony-bsd|mips-sony-newsos4)
4b6dae8f 538 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
3c0ef626 539 SONY=1
3c0ef626 540 ;;
541*-*-netbsd*)
d03f4262 542 check_for_libcrypt_before=1
8b32eddc 543 if test "x$withval" != "xno" ; then
540d72c3 544 need_dash_r=1
545 fi
08822d99 546 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
547 AC_CHECK_HEADER([net/if_tap.h], ,
548 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
549 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
550 [Prepend the address family to IP tunnel traffic])
3c0ef626 551 ;;
552*-*-freebsd*)
553 check_for_libcrypt_later=1
08822d99 554 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
555 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
556 AC_CHECK_HEADER([net/if_tap.h], ,
557 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
3c0ef626 558 ;;
29d88157 559*-*-bsdi*)
560 AC_DEFINE(SETEUID_BREAKS_SETUID)
561 AC_DEFINE(BROKEN_SETREUID)
562 AC_DEFINE(BROKEN_SETREGID)
563 ;;
3c0ef626 564*-next-*)
565 conf_lastlog_location="/usr/adm/lastlog"
566 conf_utmp_location=/etc/utmp
567 conf_wtmp_location=/usr/adm/wtmp
568 MAIL=/usr/spool/mail
08822d99 569 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
3c0ef626 570 AC_DEFINE(BROKEN_REALPATH)
571 AC_DEFINE(USE_PIPES)
08822d99 572 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
3c0ef626 573 ;;
2ce0bfe4 574*-*-openbsd*)
575 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
08822d99 576 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
577 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
30460aeb 578 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
579 [syslog_r function is safe to use in in a signal handler])
2ce0bfe4 580 ;;
3c0ef626 581*-*-solaris*)
8b32eddc 582 if test "x$withval" != "xno" ; then
12a403af 583 need_dash_r=1
584 fi
3c0ef626 585 AC_DEFINE(PAM_SUN_CODEBASE)
586 AC_DEFINE(LOGIN_NEEDS_UTMPX)
08822d99 587 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
588 [Some versions of /bin/login need the TERM supplied
589 on the commandline])
3c0ef626 590 AC_DEFINE(PAM_TTY_KLUDGE)
08822d99 591 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
592 [Define if pam_chauthtok wants real uid set
593 to the unpriv'ed user])
7cac2b65 594 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
595 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
08822d99 596 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
597 [Define if sshd somehow reacquires a controlling TTY
598 after setsid()])
30460aeb 599 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
600 in case the name is longer than 8 chars])
7cac2b65 601 external_path_file=/etc/default/login
3c0ef626 602 # hardwire lastlog location (can't detect it on some versions)
603 conf_lastlog_location="/var/adm/lastlog"
604 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
605 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
606 if test "$sol2ver" -ge 8; then
607 AC_MSG_RESULT(yes)
608 AC_DEFINE(DISABLE_UTMP)
08822d99 609 AC_DEFINE(DISABLE_WTMP, 1,
610 [Define if you don't want to use wtmp])
3c0ef626 611 else
612 AC_MSG_RESULT(no)
613 fi
30460aeb 614 AC_ARG_WITH(solaris-contracts,
615 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
616 [
617 AC_CHECK_LIB(contract, ct_tmpl_activate,
618 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
619 [Define if you have Solaris process contracts])
620 SSHDLIBS="$SSHDLIBS -lcontract"
621 AC_SUBST(SSHDLIBS)
622 SPC_MSG="yes" ], )
623 ],
624 )
3c0ef626 625 ;;
626*-*-sunos4*)
627 CPPFLAGS="$CPPFLAGS -DSUNOS4"
628 AC_CHECK_FUNCS(getpwanam)
629 AC_DEFINE(PAM_SUN_CODEBASE)
3c0ef626 630 conf_utmp_location=/etc/utmp
631 conf_wtmp_location=/var/adm/wtmp
632 conf_lastlog_location=/var/adm/lastlog
633 AC_DEFINE(USE_PIPES)
634 ;;
635*-ncr-sysv*)
3c0ef626 636 LIBS="$LIBS -lc89"
e9702f7d 637 AC_DEFINE(USE_PIPES)
7cac2b65 638 AC_DEFINE(SSHD_ACQUIRES_CTTY)
29d88157 639 AC_DEFINE(SETEUID_BREAKS_SETUID)
640 AC_DEFINE(BROKEN_SETREUID)
641 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 642 ;;
643*-sni-sysv*)
3c0ef626 644 # /usr/ucblib MUST NOT be searched on ReliantUNIX
540d72c3 645 AC_CHECK_LIB(dl, dlsym, ,)
08822d99 646 # -lresolv needs to be at the end of LIBS or DNS lookups break
647 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
3c0ef626 648 IPADDR_IN_DISPLAY=yes
649 AC_DEFINE(USE_PIPES)
650 AC_DEFINE(IP_TOS_IS_BROKEN)
540d72c3 651 AC_DEFINE(SETEUID_BREAKS_SETUID)
652 AC_DEFINE(BROKEN_SETREUID)
653 AC_DEFINE(BROKEN_SETREGID)
7cac2b65 654 AC_DEFINE(SSHD_ACQUIRES_CTTY)
655 external_path_file=/etc/default/login
3c0ef626 656 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
657 # Attention: always take care to bind libsocket and libnsl before libc,
658 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
659 ;;
dfddba3d 660# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
3c0ef626 661*-*-sysv4.2*)
3c0ef626 662 AC_DEFINE(USE_PIPES)
7cac2b65 663 AC_DEFINE(SETEUID_BREAKS_SETUID)
664 AC_DEFINE(BROKEN_SETREUID)
665 AC_DEFINE(BROKEN_SETREGID)
8b32eddc 666 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
08822d99 667 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 668 ;;
dfddba3d 669# UnixWare 7.x, OpenUNIX 8
3c0ef626 670*-*-sysv5*)
2ce0bfe4 671 check_for_libcrypt_later=1
672 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
3c0ef626 673 AC_DEFINE(USE_PIPES)
7cac2b65 674 AC_DEFINE(SETEUID_BREAKS_SETUID)
675 AC_DEFINE(BROKEN_SETREUID)
676 AC_DEFINE(BROKEN_SETREGID)
08822d99 677 AC_DEFINE(PASSWD_NEEDS_USERNAME)
2ce0bfe4 678 case "$host" in
679 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
680 TEST_SHELL=/u95/bin/sh
08822d99 681 AC_DEFINE(BROKEN_LIBIAF, 1,
682 [ia_uinfo routines not supported by OS yet])
30460aeb 683 AC_DEFINE(BROKEN_UPDWTMPX)
08822d99 684 ;;
685 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
2ce0bfe4 686 ;;
687 esac
3c0ef626 688 ;;
689*-*-sysv*)
3c0ef626 690 ;;
dfddba3d 691# SCO UNIX and OEM versions of SCO UNIX
3c0ef626 692*-*-sco3.2v4*)
dfddba3d 693 AC_MSG_ERROR("This Platform is no longer supported.")
3c0ef626 694 ;;
dfddba3d 695# SCO OpenServer 5.x
3c0ef626 696*-*-sco3.2v5*)
bfe49944 697 if test -z "$GCC"; then
698 CFLAGS="$CFLAGS -belf"
699 fi
3c0ef626 700 LIBS="$LIBS -lprot -lx -ltinfo -lm"
701 no_dev_ptmx=1
3c0ef626 702 AC_DEFINE(USE_PIPES)
350391c5 703 AC_DEFINE(HAVE_SECUREWARE)
3c0ef626 704 AC_DEFINE(DISABLE_SHADOW)
d03f4262 705 AC_DEFINE(DISABLE_FD_PASSING)
7cac2b65 706 AC_DEFINE(SETEUID_BREAKS_SETUID)
707 AC_DEFINE(BROKEN_SETREUID)
708 AC_DEFINE(BROKEN_SETREGID)
709 AC_DEFINE(WITH_ABBREV_NO_TTY)
7e82606e 710 AC_DEFINE(BROKEN_UPDWTMPX)
08822d99 711 AC_DEFINE(PASSWD_NEEDS_USERNAME)
3c0ef626 712 AC_CHECK_FUNCS(getluid setluid)
713 MANTYPE=man
7e82606e 714 TEST_SHELL=ksh
3c0ef626 715 ;;
d03f4262 716*-*-unicosmk*)
08822d99 717 AC_DEFINE(NO_SSH_LASTLOG, 1,
718 [Define if you don't want to use lastlog in session.c])
540d72c3 719 AC_DEFINE(SETEUID_BREAKS_SETUID)
720 AC_DEFINE(BROKEN_SETREUID)
721 AC_DEFINE(BROKEN_SETREGID)
d03f4262 722 AC_DEFINE(USE_PIPES)
723 AC_DEFINE(DISABLE_FD_PASSING)
724 LDFLAGS="$LDFLAGS"
725 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
726 MANTYPE=cat
727 ;;
7cac2b65 728*-*-unicosmp*)
540d72c3 729 AC_DEFINE(SETEUID_BREAKS_SETUID)
730 AC_DEFINE(BROKEN_SETREUID)
731 AC_DEFINE(BROKEN_SETREGID)
7cac2b65 732 AC_DEFINE(WITH_ABBREV_NO_TTY)
733 AC_DEFINE(USE_PIPES)
734 AC_DEFINE(DISABLE_FD_PASSING)
735 LDFLAGS="$LDFLAGS"
540d72c3 736 LIBS="$LIBS -lgen -lacid -ldb"
7cac2b65 737 MANTYPE=cat
738 ;;
3c0ef626 739*-*-unicos*)
540d72c3 740 AC_DEFINE(SETEUID_BREAKS_SETUID)
741 AC_DEFINE(BROKEN_SETREUID)
742 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 743 AC_DEFINE(USE_PIPES)
d03f4262 744 AC_DEFINE(DISABLE_FD_PASSING)
745 AC_DEFINE(NO_SSH_LASTLOG)
746 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
747 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
748 MANTYPE=cat
3c0ef626 749 ;;
750*-dec-osf*)
751 AC_MSG_CHECKING(for Digital Unix SIA)
752 no_osfsia=""
753 AC_ARG_WITH(osfsia,
754 [ --with-osfsia Enable Digital Unix SIA],
755 [
756 if test "x$withval" = "xno" ; then
757 AC_MSG_RESULT(disabled)
758 no_osfsia=1
759 fi
760 ],
761 )
762 if test -z "$no_osfsia" ; then
763 if test -f /etc/sia/matrix.conf; then
764 AC_MSG_RESULT(yes)
08822d99 765 AC_DEFINE(HAVE_OSF_SIA, 1,
766 [Define if you have Digital Unix Security
767 Integration Architecture])
768 AC_DEFINE(DISABLE_LOGIN, 1,
769 [Define if you don't want to use your
770 system's login() call])
bfe49944 771 AC_DEFINE(DISABLE_FD_PASSING)
3c0ef626 772 LIBS="$LIBS -lsecurity -ldb -lm -laud"
30460aeb 773 SIA_MSG="yes"
3c0ef626 774 else
775 AC_MSG_RESULT(no)
08822d99 776 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
777 [String used in /etc/passwd to denote locked account])
3c0ef626 778 fi
779 fi
7cac2b65 780 AC_DEFINE(BROKEN_GETADDRINFO)
29d88157 781 AC_DEFINE(SETEUID_BREAKS_SETUID)
782 AC_DEFINE(BROKEN_SETREUID)
783 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 784 ;;
785
4b6dae8f 786*-*-nto-qnx*)
3c0ef626 787 AC_DEFINE(USE_PIPES)
788 AC_DEFINE(NO_X11_UNIX_SOCKETS)
08822d99 789 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
790 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
791 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
4b6dae8f 792 AC_DEFINE(DISABLE_LASTLOG)
30460aeb 793 AC_DEFINE(SSHD_ACQUIRES_CTTY)
794 enable_etc_default_login=no # has incompatible /etc/default/login
3c0ef626 795 ;;
2ce0bfe4 796
797*-*-ultrix*)
08822d99 798 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
799 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
4b6dae8f 800 AC_DEFINE(NEED_SETPGRP)
2ce0bfe4 801 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
802 ;;
803
804*-*-lynxos)
805 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
08822d99 806 AC_DEFINE(MISSING_HOWMANY)
2ce0bfe4 807 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
808 ;;
3c0ef626 809esac
810
7cac2b65 811AC_MSG_CHECKING(compiler and flags for sanity)
dfddba3d 812AC_RUN_IFELSE(
813 [AC_LANG_SOURCE([
7cac2b65 814#include <stdio.h>
815int main(){exit(0);}
dfddba3d 816 ])],
7cac2b65 817 [ AC_MSG_RESULT(yes) ],
818 [
819 AC_MSG_RESULT(no)
820 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
dfddba3d 821 ],
822 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
7cac2b65 823)
824
2ce0bfe4 825dnl Checks for header files.
3c0ef626 826# Checks for libraries.
827AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
828AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
829
7cac2b65 830dnl IRIX and Solaris 2.5.1 have dirname() in libgen
831AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
832 AC_CHECK_LIB(gen, dirname,[
833 AC_CACHE_CHECK([for broken dirname],
834 ac_cv_have_broken_dirname, [
835 save_LIBS="$LIBS"
836 LIBS="$LIBS -lgen"
08822d99 837 AC_RUN_IFELSE(
838 [AC_LANG_SOURCE([[
7cac2b65 839#include <libgen.h>
840#include <string.h>
841
842int main(int argc, char **argv) {
843 char *s, buf[32];
844
845 strncpy(buf,"/etc", 32);
846 s = dirname(buf);
847 if (!s || strncmp(s, "/", 32) != 0) {
848 exit(1);
849 } else {
850 exit(0);
851 }
852}
08822d99 853 ]])],
854 [ ac_cv_have_broken_dirname="no" ],
855 [ ac_cv_have_broken_dirname="yes" ],
7cac2b65 856 [ ac_cv_have_broken_dirname="no" ],
7cac2b65 857 )
858 LIBS="$save_LIBS"
859 ])
860 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
861 LIBS="$LIBS -lgen"
862 AC_DEFINE(HAVE_DIRNAME)
863 AC_CHECK_HEADERS(libgen.h)
864 fi
865 ])
866])
867
3c0ef626 868AC_CHECK_FUNC(getspnam, ,
869 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
08822d99 870AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
871 [Define if you have the basename function.]))
3c0ef626 872
873dnl zlib is required
874AC_ARG_WITH(zlib,
875 [ --with-zlib=PATH Use zlib in PATH],
8b32eddc 876 [ if test "x$withval" = "xno" ; then
877 AC_MSG_ERROR([*** zlib is required ***])
878 elif test "x$withval" != "xyes"; then
3c0ef626 879 if test -d "$withval/lib"; then
880 if test -n "${need_dash_r}"; then
881 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
882 else
883 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
884 fi
885 else
886 if test -n "${need_dash_r}"; then
887 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
888 else
889 LDFLAGS="-L${withval} ${LDFLAGS}"
890 fi
891 fi
892 if test -d "$withval/include"; then
893 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
894 else
895 CPPFLAGS="-I${withval} ${CPPFLAGS}"
896 fi
8b32eddc 897 fi ]
3c0ef626 898)
899
540d72c3 900AC_CHECK_LIB(z, deflate, ,
901 [
902 saved_CPPFLAGS="$CPPFLAGS"
903 saved_LDFLAGS="$LDFLAGS"
904 save_LIBS="$LIBS"
905 dnl Check default zlib install dir
906 if test -n "${need_dash_r}"; then
907 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
908 else
909 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
910 fi
911 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
912 LIBS="$LIBS -lz"
913 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
914 [
915 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
916 ]
917 )
918 ]
919)
920AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
921
922AC_ARG_WITH(zlib-version-check,
923 [ --without-zlib-version-check Disable zlib version check],
924 [ if test "x$withval" = "xno" ; then
925 zlib_check_nonfatal=1
926 fi
927 ]
928)
929
8b32eddc 930AC_MSG_CHECKING(for possibly buggy zlib)
dfddba3d 931AC_RUN_IFELSE([AC_LANG_SOURCE([[
8b32eddc 932#include <stdio.h>
540d72c3 933#include <zlib.h>
934int main()
935{
8b32eddc 936 int a=0, b=0, c=0, d=0, n, v;
937 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
938 if (n != 3 && n != 4)
540d72c3 939 exit(1);
8b32eddc 940 v = a*1000000 + b*10000 + c*100 + d;
941 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
942
943 /* 1.1.4 is OK */
944 if (a == 1 && b == 1 && c >= 4)
540d72c3 945 exit(0);
8b32eddc 946
2ce0bfe4 947 /* 1.2.3 and up are OK */
948 if (v >= 1020300)
8b32eddc 949 exit(0);
950
540d72c3 951 exit(2);
952}
dfddba3d 953 ]])],
8b32eddc 954 AC_MSG_RESULT(no),
955 [ AC_MSG_RESULT(yes)
540d72c3 956 if test -z "$zlib_check_nonfatal" ; then
957 AC_MSG_ERROR([*** zlib too old - check config.log ***
958Your reported zlib version has known security problems. It's possible your
959vendor has fixed these problems without changing the version number. If you
960are sure this is the case, you can disable the check by running
961"./configure --without-zlib-version-check".
2ce0bfe4 962If you are in doubt, upgrade zlib to version 1.2.3 or greater.
8b32eddc 963See http://www.gzip.org/zlib/ for details.])
540d72c3 964 else
965 AC_MSG_WARN([zlib version may have security problems])
966 fi
dfddba3d 967 ],
968 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
540d72c3 969)
3c0ef626 970
3c0ef626 971dnl UnixWare 2.x
540d72c3 972AC_CHECK_FUNC(strcasecmp,
3c0ef626 973 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
974)
08822d99 975AC_CHECK_FUNCS(utimes,
d03f4262 976 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
977 LIBS="$LIBS -lc89"]) ]
3c0ef626 978)
979
980dnl Checks for libutil functions
981AC_CHECK_HEADERS(libutil.h)
08822d99 982AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
983 [Define if your libraries define login()])])
3c0ef626 984AC_CHECK_FUNCS(logout updwtmp logwtmp)
985
986AC_FUNC_STRFTIME
987
3c0ef626 988# Check for ALTDIRFUNC glob() extension
989AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
990AC_EGREP_CPP(FOUNDIT,
991 [
992 #include <glob.h>
993 #ifdef GLOB_ALTDIRFUNC
994 FOUNDIT
995 #endif
540d72c3 996 ],
3c0ef626 997 [
08822d99 998 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
999 [Define if your system glob() function has
1000 the GLOB_ALTDIRFUNC extension])
3c0ef626 1001 AC_MSG_RESULT(yes)
1002 ],
1003 [
1004 AC_MSG_RESULT(no)
1005 ]
1006)
1007
1008# Check for g.gl_matchc glob() extension
1009AC_MSG_CHECKING(for gl_matchc field in glob_t)
30460aeb 1010AC_TRY_COMPILE(
1011 [ #include <glob.h> ],
1012 [glob_t g; g.gl_matchc = 1;],
540d72c3 1013 [
08822d99 1014 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1015 [Define if your system glob() function has
1016 gl_matchc options in glob_t])
540d72c3 1017 AC_MSG_RESULT(yes)
1018 ],
1019 [
1020 AC_MSG_RESULT(no)
1021 ]
3c0ef626 1022)
1023
30460aeb 1024AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1025
3c0ef626 1026AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
dfddba3d 1027AC_RUN_IFELSE(
1028 [AC_LANG_SOURCE([[
3c0ef626 1029#include <sys/types.h>
1030#include <dirent.h>
d03f4262 1031int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
dfddba3d 1032 ]])],
540d72c3 1033 [AC_MSG_RESULT(yes)],
3c0ef626 1034 [
1035 AC_MSG_RESULT(no)
08822d99 1036 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1037 [Define if your struct dirent expects you to
1038 allocate extra space for d_name])
dfddba3d 1039 ],
8b32eddc 1040 [
dfddba3d 1041 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1042 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
3c0ef626 1043 ]
1044)
1045
1c89237d 1046# Check whether the user wants GSSAPI mechglue support
1047AC_ARG_WITH(mechglue,
bec32dad 1048 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1c89237d 1049 [
1050 AC_MSG_CHECKING(for mechglue library)
bec32dad 1051
1052 if test -e ${withval}/libgssapi.a ; then
1053 mechglue_lib=${withval}/libgssapi.a
1054 elif test -e ${withval}/lib/libgssapi.a ; then
1055 mechglue_lib=${withval}/lib/libgssapi.a
1056 else
1057 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1c89237d 1058 fi
bec32dad 1059 LIBS="$LIBS ${mechglue_lib}"
1060 AC_MSG_RESULT(${mechglue_lib})
1061
1c89237d 1062 AC_CHECK_LIB(dl, dlopen, , )
1063 if test $ac_cv_lib_dl_dlopen = yes; then
bec32dad 1064 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1c89237d 1065 fi
bec32dad 1066
1c89237d 1067 AC_DEFINE(GSSAPI)
08822d99 1068 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1c89237d 1069 GSSAPI="mechglue"
1070
1c89237d 1071 ]
1072)
1073
1074
5598e598 1075# Check whether the user wants GSI (Globus) support
1076gsi_path="no"
1077AC_ARG_WITH(gsi,
483bcdbd 1078 [ --with-gsi Enable Globus GSI authentication support],
5598e598 1079 [
1080 gsi_path="$withval"
1081 ]
1082)
1083
1084AC_ARG_WITH(globus,
483bcdbd 1085 [ --with-globus Enable Globus GSI authentication support],
5598e598 1086 [
1087 gsi_path="$withval"
1088 ]
1089)
1090
483bcdbd 1091AC_ARG_WITH(globus-static,
1092 [ --with-globus-static Link statically with Globus GSI libraries],
1093 [
1094 gsi_static="-static"
9e6effad 1095 if test "x$gsi_path" = "xno" ; then
6e098d39 1096 gsi_path="$withval"
1097 fi
483bcdbd 1098 ]
1099)
1100
5fb9fc74 1101# Check whether the user has a Globus flavor type
1102globus_flavor_type="no"
1103AC_ARG_WITH(globus-flavor,
483bcdbd 1104 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
5fb9fc74 1105 [
1106 globus_flavor_type="$withval"
9e6effad 1107 if test "x$gsi_path" = "xno" ; then
e78b0188 1108 gsi_path="yes"
1109 fi
5fb9fc74 1110 ]
1111)
1112
5598e598 1113if test "x$gsi_path" != "xno" ; then
1114 # Globus GSSAPI configuration
22798398 1115 AC_MSG_CHECKING(for Globus GSI)
08822d99 1116 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
5598e598 1117
1c89237d 1118 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
483bcdbd 1119 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1c89237d 1120 fi
1121 if test -z "$GSSAPI"; then
1122 AC_DEFINE(GSSAPI)
1123 GSSAPI="GSI"
1124 fi
1125
8b1f0dfd 1126 if test "x$gsi_path" = "xyes" ; then
1127 if test -z "$GLOBUS_LOCATION" ; then
483bcdbd 1128 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
8b1f0dfd 1129 else
1130 gsi_path="$GLOBUS_LOCATION"
1131 fi
1132 fi
483bcdbd 1133 GLOBUS_LOCATION="$gsi_path"
1134 export GLOBUS_LOCATION
1135 if test ! -d "$GLOBUS_LOCATION" ; then
1136 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
5598e598 1137 fi
5598e598 1138
22798398 1139 if test "x$globus_flavor_type" = "xno" ; then
1140 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1141 fi
1142 if test "x$globus_flavor_type" = "xyes" ; then
1143 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
5598e598 1144 fi
5fb9fc74 1145
22798398 1146 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1147 if test ! -d "$GLOBUS_INCLUDE" ; then
1148 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1149 fi
1150 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
bed23354 1151
1152 if test -x ${gsi_path}/bin/globus-makefile-header ; then
483bcdbd 1153 GSI_LIBS=`${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
bed23354 1154 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
483bcdbd 1155 GSI_LIBS=`${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
5fb9fc74 1156 else
bed23354 1157 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
22798398 1158 fi
1dca09f1 1159 if test -n "${need_dash_r}"; then
1160 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
1161 else
1162 GSI_LDFLAGS="-L${gsi_path}/lib"
1163 fi
22798398 1164 if test -z "$GSI_LIBS" ; then
bed23354 1165 AC_MSG_ERROR(globus-makefile-header failed)
5fb9fc74 1166 fi
5598e598 1167
540d72c3 1168 AC_DEFINE(HAVE_GSSAPI_H)
1169
5598e598 1170 LIBS="$LIBS $GSI_LIBS"
1171 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1c89237d 1172 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
22798398 1173
1174 # test that we got the libraries OK
1175 AC_TRY_LINK(
1176 [],
1177 [],
1178 [
1179 AC_MSG_RESULT(yes)
1180 ],
1181 [
1182 AC_MSG_ERROR(link with Globus libraries failed)
1183 ]
1184 )
fd34c71f 1185 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1ca858e9 1186 INSTALL_GSISSH="yes"
1187else
1188 INSTALL_GSISSH=""
5598e598 1189fi
1ca858e9 1190AC_SUBST(INSTALL_GSISSH)
1191# End Globus/GSI section
5598e598 1192
7e82606e 1193AC_MSG_CHECKING([for /proc/pid/fd directory])
1194if test -d "/proc/$$/fd" ; then
08822d99 1195 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
7e82606e 1196 AC_MSG_RESULT(yes)
1197else
1198 AC_MSG_RESULT(no)
1199fi
1200
3c0ef626 1201# Check whether user wants S/Key support
540d72c3 1202SKEY_MSG="no"
3c0ef626 1203AC_ARG_WITH(skey,
dfddba3d 1204 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
3c0ef626 1205 [
1206 if test "x$withval" != "xno" ; then
1207
1208 if test "x$withval" != "xyes" ; then
1209 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1210 LDFLAGS="$LDFLAGS -L${withval}/lib"
1211 fi
1212
08822d99 1213 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
3c0ef626 1214 LIBS="-lskey $LIBS"
540d72c3 1215 SKEY_MSG="yes"
8b32eddc 1216
e9702f7d 1217 AC_MSG_CHECKING([for s/key support])
08822d99 1218 AC_LINK_IFELSE(
1219 [AC_LANG_SOURCE([[
e9702f7d 1220#include <stdio.h>
1221#include <skey.h>
d03f4262 1222int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
08822d99 1223 ]])],
e9702f7d 1224 [AC_MSG_RESULT(yes)],
3c0ef626 1225 [
e9702f7d 1226 AC_MSG_RESULT(no)
3c0ef626 1227 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1228 ])
12a403af 1229 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1230 AC_TRY_COMPILE(
1231 [#include <stdio.h>
1232 #include <skey.h>],
1233 [(void)skeychallenge(NULL,"name","",0);],
1234 [AC_MSG_RESULT(yes)
08822d99 1235 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1236 [Define if your skeychallenge()
1237 function takes 4 arguments (NetBSD)])],
12a403af 1238 [AC_MSG_RESULT(no)]
1239 )
3c0ef626 1240 fi
1241 ]
1242)
1243
1244# Check whether user wants TCP wrappers support
1245TCPW_MSG="no"
1246AC_ARG_WITH(tcp-wrappers,
dfddba3d 1247 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
3c0ef626 1248 [
1249 if test "x$withval" != "xno" ; then
1250 saved_LIBS="$LIBS"
1251 saved_LDFLAGS="$LDFLAGS"
1252 saved_CPPFLAGS="$CPPFLAGS"
8b32eddc 1253 if test -n "${withval}" && \
1254 test "x${withval}" != "xyes"; then
3c0ef626 1255 if test -d "${withval}/lib"; then
1256 if test -n "${need_dash_r}"; then
1257 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1258 else
1259 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1260 fi
1261 else
1262 if test -n "${need_dash_r}"; then
1263 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1264 else
1265 LDFLAGS="-L${withval} ${LDFLAGS}"
1266 fi
1267 fi
1268 if test -d "${withval}/include"; then
1269 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1270 else
1271 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1272 fi
1273 fi
e9702f7d 1274 LIBWRAP="-lwrap"
1275 LIBS="$LIBWRAP $LIBS"
3c0ef626 1276 AC_MSG_CHECKING(for libwrap)
1277 AC_TRY_LINK(
1278 [
12a403af 1279#include <sys/types.h>
1280#include <sys/socket.h>
1281#include <netinet/in.h>
3c0ef626 1282#include <tcpd.h>
1283 int deny_severity = 0, allow_severity = 0;
1284 ],
1285 [hosts_access(0);],
1286 [
1287 AC_MSG_RESULT(yes)
08822d99 1288 AC_DEFINE(LIBWRAP, 1,
1289 [Define if you want
1290 TCP Wrappers support])
e9702f7d 1291 AC_SUBST(LIBWRAP)
3c0ef626 1292 TCPW_MSG="yes"
1293 ],
1294 [
1295 AC_MSG_ERROR([*** libwrap missing])
1296 ]
1297 )
e9702f7d 1298 LIBS="$saved_LIBS"
3c0ef626 1299 fi
1300 ]
1301)
1302
dfddba3d 1303# Check whether user wants libedit support
1304LIBEDIT_MSG="no"
1305AC_ARG_WITH(libedit,
1306 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1307 [ if test "x$withval" != "xno" ; then
8b32eddc 1308 if test "x$withval" != "xyes"; then
08822d99 1309 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1310 if test -n "${need_dash_r}"; then
1311 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1312 else
1313 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1314 fi
8b32eddc 1315 fi
dfddba3d 1316 AC_CHECK_LIB(edit, el_init,
08822d99 1317 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
dfddba3d 1318 LIBEDIT="-ledit -lcurses"
1319 LIBEDIT_MSG="yes"
1320 AC_SUBST(LIBEDIT)
1321 ],
8b32eddc 1322 [ AC_MSG_ERROR(libedit not found) ],
1323 [ -lcurses ]
dfddba3d 1324 )
2ce0bfe4 1325 AC_MSG_CHECKING(if libedit version is compatible)
1326 AC_COMPILE_IFELSE(
1327 [AC_LANG_SOURCE([[
1328#include <histedit.h>
1329int main(void)
1330{
1331 int i = H_SETSIZE;
1332 el_init("", NULL, NULL, NULL);
1333 exit(0);
1334}
1335 ]])],
1336 [ AC_MSG_RESULT(yes) ],
1337 [ AC_MSG_RESULT(no)
1338 AC_MSG_ERROR(libedit version is not compatible) ]
1339 )
dfddba3d 1340 fi ]
1341)
1342
1343AUDIT_MODULE=none
1344AC_ARG_WITH(audit,
1345 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1346 [
1347 AC_MSG_CHECKING(for supported audit module)
1348 case "$withval" in
1349 bsm)
1350 AC_MSG_RESULT(bsm)
1351 AUDIT_MODULE=bsm
1352 dnl Checks for headers, libs and functions
1353 AC_CHECK_HEADERS(bsm/audit.h, [],
30460aeb 1354 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1355 [
1356#ifdef HAVE_TIME_H
1357# include <time.h>
1358#endif
1359 ]
1360)
dfddba3d 1361 AC_CHECK_LIB(bsm, getaudit, [],
1362 [AC_MSG_ERROR(BSM enabled and required library not found)])
1363 AC_CHECK_FUNCS(getaudit, [],
1364 [AC_MSG_ERROR(BSM enabled and required function not found)])
1365 # These are optional
1366 AC_CHECK_FUNCS(getaudit_addr)
08822d99 1367 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
dfddba3d 1368 ;;
1369 debug)
1370 AUDIT_MODULE=debug
1371 AC_MSG_RESULT(debug)
08822d99 1372 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
dfddba3d 1373 ;;
2ce0bfe4 1374 no)
1375 AC_MSG_RESULT(no)
1376 ;;
dfddba3d 1377 *)
1378 AC_MSG_ERROR([Unknown audit module $withval])
1379 ;;
1380 esac ]
1381)
1382
bfe49944 1383dnl Checks for library functions. Please keep in alphabetical order
2ce0bfe4 1384AC_CHECK_FUNCS( \
1385 arc4random \
08822d99 1386 asprintf \
2ce0bfe4 1387 b64_ntop \
1388 __b64_ntop \
1389 b64_pton \
1390 __b64_pton \
1391 bcopy \
1392 bindresvport_sa \
1393 clock \
1394 closefrom \
1395 dirfd \
1396 fchmod \
1397 fchown \
1398 freeaddrinfo \
1399 futimes \
1400 getaddrinfo \
1401 getcwd \
1402 getgrouplist \
1403 getnameinfo \
1404 getopt \
1405 getpeereid \
1406 _getpty \
1407 getrlimit \
1408 getttyent \
1409 glob \
1410 inet_aton \
1411 inet_ntoa \
1412 inet_ntop \
1413 innetgr \
1414 login_getcapbool \
1415 md5_crypt \
1416 memmove \
1417 mkdtemp \
1418 mmap \
1419 ngetaddrinfo \
1420 nsleep \
1421 ogetaddrinfo \
1422 openlog_r \
1423 openpty \
1424 prctl \
1425 pstat \
1426 readpassphrase \
1427 realpath \
1428 recvmsg \
1429 rresvport_af \
1430 sendmsg \
1431 setdtablesize \
1432 setegid \
1433 setenv \
1434 seteuid \
1435 setgroups \
1436 setlogin \
1437 setpcred \
1438 setproctitle \
1439 setregid \
1440 setreuid \
1441 setrlimit \
1442 setsid \
1443 setvbuf \
1444 sigaction \
1445 sigvec \
1446 snprintf \
1447 socketpair \
1448 strdup \
1449 strerror \
1450 strlcat \
1451 strlcpy \
1452 strmode \
1453 strnvis \
1454 strtonum \
1455 strtoll \
1456 strtoul \
1457 sysconf \
1458 tcgetpgrp \
1459 truncate \
1460 unsetenv \
1461 updwtmpx \
08822d99 1462 vasprintf \
2ce0bfe4 1463 vhangup \
1464 vsnprintf \
1465 waitpid \
bfe49944 1466)
1467
29d88157 1468# IRIX has a const char return value for gai_strerror()
1469AC_CHECK_FUNCS(gai_strerror,[
1470 AC_DEFINE(HAVE_GAI_STRERROR)
1471 AC_TRY_COMPILE([
1472#include <sys/types.h>
1473#include <sys/socket.h>
1474#include <netdb.h>
1475
1476const char *gai_strerror(int);],[
1477char *str;
1478
1479str = gai_strerror(0);],[
1480 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1481 [Define if gai_strerror() returns const char *])])])
1482
08822d99 1483AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1484 [Some systems put nanosleep outside of libc]))
bfe49944 1485
7cac2b65 1486dnl Make sure prototypes are defined for these before using them.
7cac2b65 1487AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
2ce0bfe4 1488AC_CHECK_DECL(strsep,
1489 [AC_CHECK_FUNCS(strsep)],
1490 [],
1491 [
1492#ifdef HAVE_STRING_H
1493# include <string.h>
1494#endif
1495 ])
3c0ef626 1496
7cac2b65 1497dnl tcsendbreak might be a macro
1498AC_CHECK_DECL(tcsendbreak,
1499 [AC_DEFINE(HAVE_TCSENDBREAK)],
540d72c3 1500 [AC_CHECK_FUNCS(tcsendbreak)],
7cac2b65 1501 [#include <termios.h>]
1502)
3c0ef626 1503
7e82606e 1504AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1505
30460aeb 1506AC_CHECK_DECLS(SHUT_RD, , ,
1507 [
1508#include <sys/types.h>
1509#include <sys/socket.h>
1510 ])
1511
1512AC_CHECK_DECLS(O_NONBLOCK, , ,
1513 [
1514#include <sys/types.h>
1515#ifdef HAVE_SYS_STAT_H
1516# include <sys/stat.h>
1517#endif
1518#ifdef HAVE_FCNTL_H
1519# include <fcntl.h>
1520#endif
1521 ])
1522
1523AC_CHECK_DECLS(writev, , , [
1524#include <sys/types.h>
1525#include <sys/uio.h>
1526#include <unistd.h>
1527 ])
1528
540d72c3 1529AC_CHECK_FUNCS(setresuid, [
1530 dnl Some platorms have setresuid that isn't implemented, test for this
1531 AC_MSG_CHECKING(if setresuid seems to work)
dfddba3d 1532 AC_RUN_IFELSE(
1533 [AC_LANG_SOURCE([[
540d72c3 1534#include <stdlib.h>
1535#include <errno.h>
1536int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
dfddba3d 1537 ]])],
540d72c3 1538 [AC_MSG_RESULT(yes)],
08822d99 1539 [AC_DEFINE(BROKEN_SETRESUID, 1,
1540 [Define if your setresuid() is broken])
dfddba3d 1541 AC_MSG_RESULT(not implemented)],
1542 [AC_MSG_WARN([cross compiling: not checking setresuid])]
540d72c3 1543 )
1544])
1545
1546AC_CHECK_FUNCS(setresgid, [
1547 dnl Some platorms have setresgid that isn't implemented, test for this
1548 AC_MSG_CHECKING(if setresgid seems to work)
dfddba3d 1549 AC_RUN_IFELSE(
1550 [AC_LANG_SOURCE([[
540d72c3 1551#include <stdlib.h>
1552#include <errno.h>
1553int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
dfddba3d 1554 ]])],
540d72c3 1555 [AC_MSG_RESULT(yes)],
08822d99 1556 [AC_DEFINE(BROKEN_SETRESGID, 1,
1557 [Define if your setresgid() is broken])
dfddba3d 1558 AC_MSG_RESULT(not implemented)],
1559 [AC_MSG_WARN([cross compiling: not checking setresuid])]
540d72c3 1560 )
1561])
1562
3c0ef626 1563dnl Checks for time functions
1564AC_CHECK_FUNCS(gettimeofday time)
1565dnl Checks for utmp functions
1566AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1567AC_CHECK_FUNCS(utmpname)
1568dnl Checks for utmpx functions
1569AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1570AC_CHECK_FUNCS(setutxent utmpxname)
1571
540d72c3 1572AC_CHECK_FUNC(daemon,
08822d99 1573 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1574 [AC_CHECK_LIB(bsd, daemon,
1575 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
3c0ef626 1576)
1577
540d72c3 1578AC_CHECK_FUNC(getpagesize,
08822d99 1579 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1580 [Define if your libraries define getpagesize()])],
1581 [AC_CHECK_LIB(ucb, getpagesize,
1582 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
3c0ef626 1583)
1584
1585# Check for broken snprintf
1586if test "x$ac_cv_func_snprintf" = "xyes" ; then
1587 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
dfddba3d 1588 AC_RUN_IFELSE(
1589 [AC_LANG_SOURCE([[
3c0ef626 1590#include <stdio.h>
d03f4262 1591int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
dfddba3d 1592 ]])],
540d72c3 1593 [AC_MSG_RESULT(yes)],
3c0ef626 1594 [
1595 AC_MSG_RESULT(no)
08822d99 1596 AC_DEFINE(BROKEN_SNPRINTF, 1,
1597 [Define if your snprintf is busted])
3c0ef626 1598 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
dfddba3d 1599 ],
1600 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
3c0ef626 1601 )
1602fi
1603
08822d99 1604# If we don't have a working asprintf, then we strongly depend on vsnprintf
1605# returning the right thing on overflow: the number of characters it tried to
1606# create (as per SUSv3)
1607if test "x$ac_cv_func_asprintf" != "xyes" && \
1608 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1609 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1610 AC_RUN_IFELSE(
1611 [AC_LANG_SOURCE([[
1612#include <sys/types.h>
1613#include <stdio.h>
1614#include <stdarg.h>
1615
1616int x_snprintf(char *str,size_t count,const char *fmt,...)
1617{
1618 size_t ret; va_list ap;
1619 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1620 return ret;
1621}
1622int main(void)
1623{
1624 char x[1];
1625 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1626} ]])],
1627 [AC_MSG_RESULT(yes)],
1628 [
1629 AC_MSG_RESULT(no)
1630 AC_DEFINE(BROKEN_SNPRINTF, 1,
1631 [Define if your snprintf is busted])
1632 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1633 ],
1634 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1635 )
1636fi
1637
1638# On systems where [v]snprintf is broken, but is declared in stdio,
1639# check that the fmt argument is const char * or just char *.
1640# This is only useful for when BROKEN_SNPRINTF
1641AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1642AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1643 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1644 int main(void) { snprintf(0, 0, 0); }
1645 ]])],
1646 [AC_MSG_RESULT(yes)
1647 AC_DEFINE(SNPRINTF_CONST, [const],
1648 [Define as const if snprintf() can declare const char *fmt])],
1649 [AC_MSG_RESULT(no)
1650 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1651
7e82606e 1652# Check for missing getpeereid (or equiv) support
1653NO_PEERCHECK=""
1654if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1655 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1656 AC_TRY_COMPILE(
1657 [#include <sys/types.h>
1658 #include <sys/socket.h>],
1659 [int i = SO_PEERCRED;],
8b32eddc 1660 [ AC_MSG_RESULT(yes)
08822d99 1661 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
8b32eddc 1662 ],
7e82606e 1663 [AC_MSG_RESULT(no)
1664 NO_PEERCHECK=1]
1665 )
1666fi
1667
bfe49944 1668dnl see whether mkstemp() requires XXXXXX
1669if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1670AC_MSG_CHECKING([for (overly) strict mkstemp])
08822d99 1671AC_RUN_IFELSE(
1672 [AC_LANG_SOURCE([[
bfe49944 1673#include <stdlib.h>
1674main() { char template[]="conftest.mkstemp-test";
1675if (mkstemp(template) == -1)
1676 exit(1);
1677unlink(template); exit(0);
1678}
08822d99 1679 ]])],
bfe49944 1680 [
1681 AC_MSG_RESULT(no)
1682 ],
540d72c3 1683 [
bfe49944 1684 AC_MSG_RESULT(yes)
08822d99 1685 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
bfe49944 1686 ],
1687 [
1688 AC_MSG_RESULT(yes)
1689 AC_DEFINE(HAVE_STRICT_MKSTEMP)
540d72c3 1690 ]
bfe49944 1691)
1692fi
1693
7cac2b65 1694dnl make sure that openpty does not reacquire controlling terminal
1695if test ! -z "$check_for_openpty_ctty_bug"; then
1696 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
08822d99 1697 AC_RUN_IFELSE(
1698 [AC_LANG_SOURCE([[
7cac2b65 1699#include <stdio.h>
1700#include <sys/fcntl.h>
1701#include <sys/types.h>
1702#include <sys/wait.h>
1703
1704int
1705main()
1706{
1707 pid_t pid;
1708 int fd, ptyfd, ttyfd, status;
1709
1710 pid = fork();
1711 if (pid < 0) { /* failed */
1712 exit(1);
1713 } else if (pid > 0) { /* parent */
1714 waitpid(pid, &status, 0);
540d72c3 1715 if (WIFEXITED(status))
7cac2b65 1716 exit(WEXITSTATUS(status));
1717 else
1718 exit(2);
1719 } else { /* child */
1720 close(0); close(1); close(2);
1721 setsid();
1722 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1723 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1724 if (fd >= 0)
1725 exit(3); /* Acquired ctty: broken */
1726 else
1727 exit(0); /* Did not acquire ctty: OK */
1728 }
1729}
08822d99 1730 ]])],
7cac2b65 1731 [
1732 AC_MSG_RESULT(yes)
1733 ],
1734 [
1735 AC_MSG_RESULT(no)
1736 AC_DEFINE(SSHD_ACQUIRES_CTTY)
08822d99 1737 ],
1738 [
1739 AC_MSG_RESULT(cross-compiling, assuming yes)
7cac2b65 1740 ]
1741 )
1742fi
1743
8b32eddc 1744if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1745 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
12a403af 1746 AC_MSG_CHECKING(if getaddrinfo seems to work)
08822d99 1747 AC_RUN_IFELSE(
1748 [AC_LANG_SOURCE([[
12a403af 1749#include <stdio.h>
1750#include <sys/socket.h>
1751#include <netdb.h>
1752#include <errno.h>
1753#include <netinet/in.h>
1754
1755#define TEST_PORT "2222"
1756
1757int
1758main(void)
1759{
1760 int err, sock;
1761 struct addrinfo *gai_ai, *ai, hints;
1762 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1763
1764 memset(&hints, 0, sizeof(hints));
1765 hints.ai_family = PF_UNSPEC;
1766 hints.ai_socktype = SOCK_STREAM;
1767 hints.ai_flags = AI_PASSIVE;
1768
1769 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1770 if (err != 0) {
1771 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1772 exit(1);
1773 }
1774
1775 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1776 if (ai->ai_family != AF_INET6)
1777 continue;
1778
1779 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1780 sizeof(ntop), strport, sizeof(strport),
1781 NI_NUMERICHOST|NI_NUMERICSERV);
1782
1783 if (err != 0) {
1784 if (err == EAI_SYSTEM)
1785 perror("getnameinfo EAI_SYSTEM");
1786 else
1787 fprintf(stderr, "getnameinfo failed: %s\n",
1788 gai_strerror(err));
1789 exit(2);
1790 }
1791
1792 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1793 if (sock < 0)
1794 perror("socket");
1795 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1796 if (errno == EBADF)
1797 exit(3);
1798 }
1799 }
1800 exit(0);
1801}
08822d99 1802 ]])],
12a403af 1803 [
1804 AC_MSG_RESULT(yes)
1805 ],
1806 [
1807 AC_MSG_RESULT(no)
1808 AC_DEFINE(BROKEN_GETADDRINFO)
08822d99 1809 ],
1810 [
1811 AC_MSG_RESULT(cross-compiling, assuming yes)
12a403af 1812 ]
1813 )
1814fi
1815
8b32eddc 1816if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1817 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
dfddba3d 1818 AC_MSG_CHECKING(if getaddrinfo seems to work)
08822d99 1819 AC_RUN_IFELSE(
1820 [AC_LANG_SOURCE([[
dfddba3d 1821#include <stdio.h>
1822#include <sys/socket.h>
1823#include <netdb.h>
1824#include <errno.h>
1825#include <netinet/in.h>
1826
1827#define TEST_PORT "2222"
1828
1829int
1830main(void)
1831{
1832 int err, sock;
1833 struct addrinfo *gai_ai, *ai, hints;
1834 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1835
1836 memset(&hints, 0, sizeof(hints));
1837 hints.ai_family = PF_UNSPEC;
1838 hints.ai_socktype = SOCK_STREAM;
1839 hints.ai_flags = AI_PASSIVE;
1840
1841 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1842 if (err != 0) {
1843 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1844 exit(1);
1845 }
1846
1847 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1848 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1849 continue;
1850
1851 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1852 sizeof(ntop), strport, sizeof(strport),
1853 NI_NUMERICHOST|NI_NUMERICSERV);
1854
1855 if (ai->ai_family == AF_INET && err != 0) {
1856 perror("getnameinfo");
1857 exit(2);
1858 }
1859 }
1860 exit(0);
1861}
08822d99 1862 ]])],
dfddba3d 1863 [
1864 AC_MSG_RESULT(yes)
08822d99 1865 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1866 [Define if you have a getaddrinfo that fails
1867 for the all-zeros IPv6 address])
dfddba3d 1868 ],
1869 [
1870 AC_MSG_RESULT(no)
1871 AC_DEFINE(BROKEN_GETADDRINFO)
08822d99 1872 ],
30460aeb 1873 [
08822d99 1874 AC_MSG_RESULT(cross-compiling, assuming no)
dfddba3d 1875 ]
1876 )
1877fi
1878
1879if test "x$check_for_conflicting_getspnam" = "x1"; then
1880 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1881 AC_COMPILE_IFELSE(
1882 [
1883#include <shadow.h>
1884int main(void) {exit(0);}
1885 ],
1886 [
1887 AC_MSG_RESULT(no)
1888 ],
1889 [
1890 AC_MSG_RESULT(yes)
1891 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1892 [Conflicting defs for getspnam])
1893 ]
1894 )
1895fi
1896
3c0ef626 1897AC_FUNC_GETPGRP
1898
350391c5 1899# Search for OpenSSL
1900saved_CPPFLAGS="$CPPFLAGS"
1901saved_LDFLAGS="$LDFLAGS"
3c0ef626 1902AC_ARG_WITH(ssl-dir,
1903 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1904 [
1905 if test "x$withval" != "xno" ; then
dfddba3d 1906 case "$withval" in
1907 # Relative paths
1908 ./*|../*) withval="`pwd`/$withval"
1909 esac
350391c5 1910 if test -d "$withval/lib"; then
1911 if test -n "${need_dash_r}"; then
1912 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1913 else
1914 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
3c0ef626 1915 fi
1916 else
350391c5 1917 if test -n "${need_dash_r}"; then
1918 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1919 else
1920 LDFLAGS="-L${withval} ${LDFLAGS}"
3c0ef626 1921 fi
1922 fi
350391c5 1923 if test -d "$withval/include"; then
1924 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
3c0ef626 1925 else
350391c5 1926 CPPFLAGS="-I${withval} ${CPPFLAGS}"
3c0ef626 1927 fi
1928 fi
350391c5 1929 ]
1930)
22798398 1931if test -z "$GSI_LIBS" ; then
540d72c3 1932LIBS="-lcrypto $LIBS"
22798398 1933fi
08822d99 1934AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1935 [Define if your ssl headers are included
1936 with #include <openssl/header.h>]),
3c0ef626 1937 [
350391c5 1938 dnl Check default openssl install dir
1939 if test -n "${need_dash_r}"; then
1940 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
3c0ef626 1941 else
350391c5 1942 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
3c0ef626 1943 fi
350391c5 1944 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1945 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1946 [
1947 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1948 ]
1949 )
1950 ]
1951)
1952
d03f4262 1953# Determine OpenSSL header version
1954AC_MSG_CHECKING([OpenSSL header version])
dfddba3d 1955AC_RUN_IFELSE(
1956 [AC_LANG_SOURCE([[
d03f4262 1957#include <stdio.h>
1958#include <string.h>
1959#include <openssl/opensslv.h>
1960#define DATA "conftest.sslincver"
1961int main(void) {
540d72c3 1962 FILE *fd;
1963 int rc;
d03f4262 1964
540d72c3 1965 fd = fopen(DATA,"w");
1966 if(fd == NULL)
1967 exit(1);
d03f4262 1968
1969 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1970 exit(1);
1971
1972 exit(0);
1973}
dfddba3d 1974 ]])],
d03f4262 1975 [
1976 ssl_header_ver=`cat conftest.sslincver`
1977 AC_MSG_RESULT($ssl_header_ver)
1978 ],
1979 [
1980 AC_MSG_RESULT(not found)
1981 AC_MSG_ERROR(OpenSSL version header not found.)
dfddba3d 1982 ],
1983 [
1984 AC_MSG_WARN([cross compiling: not checking])
d03f4262 1985 ]
1986)
1987
1988# Determine OpenSSL library version
1989AC_MSG_CHECKING([OpenSSL library version])
dfddba3d 1990AC_RUN_IFELSE(
1991 [AC_LANG_SOURCE([[
d03f4262 1992#include <stdio.h>
1993#include <string.h>
1994#include <openssl/opensslv.h>
1995#include <openssl/crypto.h>
1996#define DATA "conftest.ssllibver"
1997int main(void) {
540d72c3 1998 FILE *fd;
1999 int rc;
d03f4262 2000
540d72c3 2001 fd = fopen(DATA,"w");
2002 if(fd == NULL)
2003 exit(1);
d03f4262 2004
2005 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2006 exit(1);
2007
2008 exit(0);
2009}
dfddba3d 2010 ]])],
d03f4262 2011 [
2012 ssl_library_ver=`cat conftest.ssllibver`
2013 AC_MSG_RESULT($ssl_library_ver)
2014 ],
2015 [
2016 AC_MSG_RESULT(not found)
2017 AC_MSG_ERROR(OpenSSL library not found.)
dfddba3d 2018 ],
2019 [
2020 AC_MSG_WARN([cross compiling: not checking])
d03f4262 2021 ]
2022)
3c0ef626 2023
e9702f7d 2024# Sanity check OpenSSL headers
2025AC_MSG_CHECKING([whether OpenSSL's headers match the library])
dfddba3d 2026AC_RUN_IFELSE(
2027 [AC_LANG_SOURCE([[
e9702f7d 2028#include <string.h>
2029#include <openssl/opensslv.h>
d03f4262 2030int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
dfddba3d 2031 ]])],
e9702f7d 2032 [
2033 AC_MSG_RESULT(yes)
2034 ],
2035 [
2036 AC_MSG_RESULT(no)
7cac2b65 2037 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
2038Check config.log for details.
2039Also see contrib/findssl.sh for help identifying header/library mismatches.])
dfddba3d 2040 ],
2041 [
2042 AC_MSG_WARN([cross compiling: not checking])
e9702f7d 2043 ]
2044)
2045
30460aeb 2046AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2047AC_LINK_IFELSE(
2048 [AC_LANG_SOURCE([[
2049#include <openssl/evp.h>
2050int main(void) { SSLeay_add_all_algorithms(); }
2051 ]])],
2052 [
2053 AC_MSG_RESULT(yes)
2054 ],
2055 [
2056 AC_MSG_RESULT(no)
2057 saved_LIBS="$LIBS"
2058 LIBS="$LIBS -ldl"
2059 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2060 AC_LINK_IFELSE(
2061 [AC_LANG_SOURCE([[
2062#include <openssl/evp.h>
2063int main(void) { SSLeay_add_all_algorithms(); }
2064 ]])],
2065 [
2066 AC_MSG_RESULT(yes)
2067 ],
2068 [
2069 AC_MSG_RESULT(no)
2070 LIBS="$saved_LIBS"
2071 ]
2072 )
2073 ]
2074)
2075
2076AC_ARG_WITH(ssl-engine,
2077 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2078 [ if test "x$withval" != "xno" ; then
2079 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2080 AC_TRY_COMPILE(
2081 [ #include <openssl/engine.h>],
2082 [
240debe0 2083ENGINE_load_builtin_engines();ENGINE_register_all_complete();
30460aeb 2084 ],
2085 [ AC_MSG_RESULT(yes)
2086 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2087 [Enable OpenSSL engine support])
2088 ],
2089 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2090 )
2091 fi ]
2092)
2093
08822d99 2094# Check for OpenSSL without EVP_aes_{192,256}_cbc
2095AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
30460aeb 2096AC_LINK_IFELSE(
08822d99 2097 [AC_LANG_SOURCE([[
2098#include <string.h>
2099#include <openssl/evp.h>
4b6dae8f 2100int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
08822d99 2101 ]])],
2102 [
2103 AC_MSG_RESULT(no)
2104 ],
2105 [
2106 AC_MSG_RESULT(yes)
2107 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2108 [libcrypto is missing AES 192 and 256 bit functions])
2109 ]
2110)
2111
540d72c3 2112# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2113# because the system crypt() is more featureful.
2114if test "x$check_for_libcrypt_before" = "x1"; then
2115 AC_CHECK_LIB(crypt, crypt)
2116fi
2117
2118# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2119# version in OpenSSL.
7cac2b65 2120if test "x$check_for_libcrypt_later" = "x1"; then
3c0ef626 2121 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2122fi
2123
30460aeb 2124# Search for SHA256 support in libc and/or OpenSSL
2125AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2126
2ce0bfe4 2127AC_CHECK_LIB(iaf, ia_openinfo)
e9702f7d 2128
2129### Configure cryptographic random number support
2130
2131# Check wheter OpenSSL seeds itself
2132AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
dfddba3d 2133AC_RUN_IFELSE(
2134 [AC_LANG_SOURCE([[
e9702f7d 2135#include <string.h>
2136#include <openssl/rand.h>
d03f4262 2137int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
dfddba3d 2138 ]])],
e9702f7d 2139 [
2140 OPENSSL_SEEDS_ITSELF=yes
2141 AC_MSG_RESULT(yes)
2142 ],
2143 [
2144 AC_MSG_RESULT(no)
2145 # Default to use of the rand helper if OpenSSL doesn't
2146 # seed itself
2147 USE_RAND_HELPER=yes
dfddba3d 2148 ],
2149 [
2150 AC_MSG_WARN([cross compiling: assuming yes])
2151 # This is safe, since all recent OpenSSL versions will
8b32eddc 2152 # complain at runtime if not seeded correctly.
dfddba3d 2153 OPENSSL_SEEDS_ITSELF=yes
e9702f7d 2154 ]
2155)
2156
30460aeb 2157# Check for PAM libs
2158PAM_MSG="no"
2159AC_ARG_WITH(pam,
2160 [ --with-pam Enable PAM support ],
2161 [
2162 if test "x$withval" != "xno" ; then
2163 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2164 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2165 AC_MSG_ERROR([PAM headers not found])
2166 fi
2167
2168 saved_LIBS="$LIBS"
2169 AC_CHECK_LIB(dl, dlopen, , )
2170 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2171 AC_CHECK_FUNCS(pam_getenvlist)
2172 AC_CHECK_FUNCS(pam_putenv)
2173 LIBS="$saved_LIBS"
2174
2175 PAM_MSG="yes"
2176
2177 LIBPAM="-lpam"
2178 AC_DEFINE(USE_PAM, 1,
2179 [Define if you want to enable PAM support])
2180
2181 if test $ac_cv_lib_dl_dlopen = yes; then
2182 case "$LIBS" in
2183 *-ldl*)
2184 # libdl already in LIBS
2185 ;;
2186 *)
2187 LIBPAM="$LIBPAM -ldl"
2188 ;;
2189 esac
2190 fi
2191 AC_SUBST(LIBPAM)
2192 fi
2193 ]
2194)
2195
2196# Check for older PAM
2197if test "x$PAM_MSG" = "xyes" ; then
2198 # Check PAM strerror arguments (old PAM)
2199 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2200 AC_TRY_COMPILE(
2201 [
2202#include <stdlib.h>
2203#if defined(HAVE_SECURITY_PAM_APPL_H)
2204#include <security/pam_appl.h>
2205#elif defined (HAVE_PAM_PAM_APPL_H)
2206#include <pam/pam_appl.h>
2207#endif
2208 ],
2209 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2210 [AC_MSG_RESULT(no)],
2211 [
2212 AC_DEFINE(HAVE_OLD_PAM, 1,
2213 [Define if you have an old version of PAM
2214 which takes only one argument to pam_strerror])
2215 AC_MSG_RESULT(yes)
2216 PAM_MSG="yes (old library)"
2217 ]
2218 )
2219fi
e9702f7d 2220
2221# Do we want to force the use of the rand helper?
2222AC_ARG_WITH(rand-helper,
2223 [ --with-rand-helper Use subprocess to gather strong randomness ],
2224 [
2225 if test "x$withval" = "xno" ; then
540d72c3 2226 # Force use of OpenSSL's internal RNG, even if
e9702f7d 2227 # the previous test showed it to be unseeded.
2228 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2229 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2230 OPENSSL_SEEDS_ITSELF=yes
2231 USE_RAND_HELPER=""
2232 fi
2233 else
2234 USE_RAND_HELPER=yes
2235 fi
2236 ],
8b32eddc 2237)
e9702f7d 2238
2239# Which randomness source do we use?
8b32eddc 2240if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
e9702f7d 2241 # OpenSSL only
08822d99 2242 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2243 [Define if you want OpenSSL's internally seeded PRNG only])
e9702f7d 2244 RAND_MSG="OpenSSL internal ONLY"
2245 INSTALL_SSH_RAND_HELPER=""
2246elif test ! -z "$USE_RAND_HELPER" ; then
2247 # install rand helper
2248 RAND_MSG="ssh-rand-helper"
2249 INSTALL_SSH_RAND_HELPER="yes"
2250fi
2251AC_SUBST(INSTALL_SSH_RAND_HELPER)
2252
2253### Configuration of ssh-rand-helper
2254
2255# PRNGD TCP socket
2256AC_ARG_WITH(prngd-port,
2257 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2258 [
2259 case "$withval" in
2260 no)
2261 withval=""
2262 ;;
2263 [[0-9]]*)
2264 ;;
2265 *)
2266 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2267 ;;
2268 esac
2269 if test ! -z "$withval" ; then
2270 PRNGD_PORT="$withval"
08822d99 2271 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2272 [Port number of PRNGD/EGD random number socket])
e9702f7d 2273 fi
2274 ]
2275)
2276
2277# PRNGD Unix domain socket
2278AC_ARG_WITH(prngd-socket,
2279 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2280 [
2281 case "$withval" in
2282 yes)
2283 withval="/var/run/egd-pool"
2284 ;;
2285 no)
2286 withval=""
2287 ;;
2288 /*)
2289 ;;
2290 *)
2291 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2292 ;;
2293 esac
2294
2295 if test ! -z "$withval" ; then
2296 if test ! -z "$PRNGD_PORT" ; then
2297 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2298 fi
2299 if test ! -r "$withval" ; then
2300 AC_MSG_WARN(Entropy socket is not readable)
2301 fi
2302 PRNGD_SOCKET="$withval"
08822d99 2303 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2304 [Location of PRNGD/EGD random number socket])
e9702f7d 2305 fi
2306 ],
2307 [
2308 # Check for existing socket only if we don't have a random device already
2309 if test "$USE_RAND_HELPER" = yes ; then
2310 AC_MSG_CHECKING(for PRNGD/EGD socket)
2311 # Insert other locations here
2312 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2313 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2314 PRNGD_SOCKET="$sock"
2315 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2316 break;
2317 fi
2318 done
2319 if test ! -z "$PRNGD_SOCKET" ; then
2320 AC_MSG_RESULT($PRNGD_SOCKET)
2321 else
2322 AC_MSG_RESULT(not found)
2323 fi
2324 fi
2325 ]
2326)
2327
2328# Change default command timeout for hashing entropy source
2329entropy_timeout=200
2330AC_ARG_WITH(entropy-timeout,
2331 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2332 [
8b32eddc 2333 if test -n "$withval" && test "x$withval" != "xno" && \
2334 test "x${withval}" != "xyes"; then
e9702f7d 2335 entropy_timeout=$withval
2336 fi
8b32eddc 2337 ]
e9702f7d 2338)
08822d99 2339AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2340 [Builtin PRNG command timeout])
e9702f7d 2341
276b07a3 2342SSH_PRIVSEP_USER=sshd
350391c5 2343AC_ARG_WITH(privsep-user,
2344 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2345 [
8b32eddc 2346 if test -n "$withval" && test "x$withval" != "xno" && \
2347 test "x${withval}" != "xyes"; then
276b07a3 2348 SSH_PRIVSEP_USER=$withval
350391c5 2349 fi
8b32eddc 2350 ]
350391c5 2351)
08822d99 2352AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2353 [non-privileged user for privilege separation])
276b07a3 2354AC_SUBST(SSH_PRIVSEP_USER)
350391c5 2355
2356# We do this little dance with the search path to insure
2357# that programs that we select for use by installed programs
2358# (which may be run by the super-user) come from trusted
2359# locations before they come from the user's private area.
2360# This should help avoid accidentally configuring some
2361# random version of a program in someone's personal bin.
2362
2363OPATH=$PATH
2364PATH=/bin:/usr/bin
2365test -h /bin 2> /dev/null && PATH=/usr/bin
2366test -d /sbin && PATH=$PATH:/sbin
2367test -d /usr/sbin && PATH=$PATH:/usr/sbin
2368PATH=$PATH:/etc:$OPATH
2369
540d72c3 2370# These programs are used by the command hashing source to gather entropy
e9702f7d 2371OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2372OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2373OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2374OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2375OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2376OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2377OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2378OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2379OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2380OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2381OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2382OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2383OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2384OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2385OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2386OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
350391c5 2387# restore PATH
2388PATH=$OPATH
e9702f7d 2389
2390# Where does ssh-rand-helper get its randomness from?
2391INSTALL_SSH_PRNG_CMDS=""
2392if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2393 if test ! -z "$PRNGD_PORT" ; then
2394 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2395 elif test ! -z "$PRNGD_SOCKET" ; then
2396 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2397 else
2398 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2399 RAND_HELPER_CMDHASH=yes
2400 INSTALL_SSH_PRNG_CMDS="yes"
2401 fi
2402fi
2403AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2404
2405
3c0ef626 2406# Cheap hack to ensure NEWS-OS libraries are arranged right.
2407if test ! -z "$SONY" ; then
2408 LIBS="$LIBS -liberty";
2409fi
2410
08822d99 2411# Check for long long datatypes
2412AC_CHECK_TYPES([long long, unsigned long long, long double])
2413
2414# Check datatype sizes
3c0ef626 2415AC_CHECK_SIZEOF(char, 1)
2416AC_CHECK_SIZEOF(short int, 2)
2417AC_CHECK_SIZEOF(int, 4)
2418AC_CHECK_SIZEOF(long int, 4)
2419AC_CHECK_SIZEOF(long long int, 8)
2420
350391c5 2421# Sanity check long long for some platforms (AIX)
2422if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2423 ac_cv_sizeof_long_long_int=0
2424fi
2425
08822d99 2426# compute LLONG_MIN and LLONG_MAX if we don't know them.
2427if test -z "$have_llong_max"; then
2428 AC_MSG_CHECKING([for max value of long long])
2429 AC_RUN_IFELSE(
2430 [AC_LANG_SOURCE([[
2431#include <stdio.h>
2432/* Why is this so damn hard? */
2433#ifdef __GNUC__
2434# undef __GNUC__
2435#endif
2436#define __USE_ISOC99
2437#include <limits.h>
2438#define DATA "conftest.llminmax"
30460aeb 2439#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2440
2441/*
2442 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2443 * we do this the hard way.
2444 */
2445static int
2446fprint_ll(FILE *f, long long n)
2447{
2448 unsigned int i;
2449 int l[sizeof(long long) * 8];
2450
2451 if (n < 0)
2452 if (fprintf(f, "-") < 0)
2453 return -1;
2454 for (i = 0; n != 0; i++) {
2455 l[i] = my_abs(n % 10);
2456 n /= 10;
2457 }
2458 do {
2459 if (fprintf(f, "%d", l[--i]) < 0)
2460 return -1;
2461 } while (i != 0);
2462 if (fprintf(f, " ") < 0)
2463 return -1;
2464 return 0;
2465}
2466
08822d99 2467int main(void) {
2468 FILE *f;
2469 long long i, llmin, llmax = 0;
2470
2471 if((f = fopen(DATA,"w")) == NULL)
2472 exit(1);
2473
2474#if defined(LLONG_MIN) && defined(LLONG_MAX)
2475 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2476 llmin = LLONG_MIN;
2477 llmax = LLONG_MAX;
2478#else
2479 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2480 /* This will work on one's complement and two's complement */
2481 for (i = 1; i > llmax; i <<= 1, i++)
2482 llmax = i;
2483 llmin = llmax + 1LL; /* wrap */
2484#endif
2485
2486 /* Sanity check */
2487 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
30460aeb 2488 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2489 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
08822d99 2490 fprintf(f, "unknown unknown\n");
2491 exit(2);
2492 }
2493
30460aeb 2494 if (fprint_ll(f, llmin) < 0)
08822d99 2495 exit(3);
30460aeb 2496 if (fprint_ll(f, llmax) < 0)
2497 exit(4);
2498 if (fclose(f) < 0)
2499 exit(5);
08822d99 2500 exit(0);
2501}
2502 ]])],
2503 [
2504 llong_min=`$AWK '{print $1}' conftest.llminmax`
2505 llong_max=`$AWK '{print $2}' conftest.llminmax`
2506
08822d99 2507 AC_MSG_RESULT($llong_max)
2508 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2509 [max value of long long calculated by configure])
2510 AC_MSG_CHECKING([for min value of long long])
2511 AC_MSG_RESULT($llong_min)
2512 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2513 [min value of long long calculated by configure])
2514 ],
2515 [
2516 AC_MSG_RESULT(not found)
2517 ],
2518 [
2519 AC_MSG_WARN([cross compiling: not checking])
2520 ]
2521 )
2522fi
2523
2524
3c0ef626 2525# More checks for data types
2526AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2527 AC_TRY_COMPILE(
540d72c3 2528 [ #include <sys/types.h> ],
2529 [ u_int a; a = 1;],
3c0ef626 2530 [ ac_cv_have_u_int="yes" ],
2531 [ ac_cv_have_u_int="no" ]
2532 )
2533])
2534if test "x$ac_cv_have_u_int" = "xyes" ; then
08822d99 2535 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
3c0ef626 2536 have_u_int=1
2537fi
2538
2539AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2540 AC_TRY_COMPILE(
540d72c3 2541 [ #include <sys/types.h> ],
2542 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
3c0ef626 2543 [ ac_cv_have_intxx_t="yes" ],
2544 [ ac_cv_have_intxx_t="no" ]
2545 )
2546])
2547if test "x$ac_cv_have_intxx_t" = "xyes" ; then
08822d99 2548 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
3c0ef626 2549 have_intxx_t=1
2550fi
2551
2552if (test -z "$have_intxx_t" && \
540d72c3 2553 test "x$ac_cv_header_stdint_h" = "xyes")
3c0ef626 2554then
2555 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2556 AC_TRY_COMPILE(
540d72c3 2557 [ #include <stdint.h> ],
2558 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
3c0ef626 2559 [
2560 AC_DEFINE(HAVE_INTXX_T)
2561 AC_MSG_RESULT(yes)
2562 ],
2563 [ AC_MSG_RESULT(no) ]
2564 )
2565fi
2566
2567AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2568 AC_TRY_COMPILE(
d03f4262 2569 [
2570#include <sys/types.h>
2571#ifdef HAVE_STDINT_H
2572# include <stdint.h>
2573#endif
2574#include <sys/socket.h>
2575#ifdef HAVE_SYS_BITYPES_H
2576# include <sys/bitypes.h>
2577#endif
540d72c3 2578 ],
2579 [ int64_t a; a = 1;],
3c0ef626 2580 [ ac_cv_have_int64_t="yes" ],
2581 [ ac_cv_have_int64_t="no" ]
2582 )
2583])
2584if test "x$ac_cv_have_int64_t" = "xyes" ; then
08822d99 2585 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
e9702f7d 2586fi
2587
3c0ef626 2588AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2589 AC_TRY_COMPILE(
540d72c3 2590 [ #include <sys/types.h> ],
2591 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
3c0ef626 2592 [ ac_cv_have_u_intxx_t="yes" ],
2593 [ ac_cv_have_u_intxx_t="no" ]
2594 )
2595])
2596if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
08822d99 2597 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
3c0ef626 2598 have_u_intxx_t=1
2599fi
2600
2601if test -z "$have_u_intxx_t" ; then
2602 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2603 AC_TRY_COMPILE(
540d72c3 2604 [ #include <sys/socket.h> ],
2605 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
3c0ef626 2606 [
2607 AC_DEFINE(HAVE_U_INTXX_T)
2608 AC_MSG_RESULT(yes)
2609 ],
2610 [ AC_MSG_RESULT(no) ]
2611 )
2612fi
2613
2614AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2615 AC_TRY_COMPILE(
540d72c3 2616 [ #include <sys/types.h> ],
2617 [ u_int64_t a; a = 1;],
3c0ef626 2618 [ ac_cv_have_u_int64_t="yes" ],
2619 [ ac_cv_have_u_int64_t="no" ]
2620 )
2621])
2622if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
08822d99 2623 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
3c0ef626 2624 have_u_int64_t=1
2625fi
2626
e9702f7d 2627if test -z "$have_u_int64_t" ; then
2628 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2629 AC_TRY_COMPILE(
540d72c3 2630 [ #include <sys/bitypes.h> ],
e9702f7d 2631 [ u_int64_t a; a = 1],
2632 [
2633 AC_DEFINE(HAVE_U_INT64_T)
2634 AC_MSG_RESULT(yes)
2635 ],
2636 [ AC_MSG_RESULT(no) ]
2637 )
2638fi
2639
3c0ef626 2640if test -z "$have_u_intxx_t" ; then
2641 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2642 AC_TRY_COMPILE(
2643 [
2644#include <sys/types.h>
540d72c3 2645 ],
2646 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
3c0ef626 2647 [ ac_cv_have_uintxx_t="yes" ],
2648 [ ac_cv_have_uintxx_t="no" ]
2649 )
2650 ])
2651 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
08822d99 2652 AC_DEFINE(HAVE_UINTXX_T, 1,
2653 [define if you have uintxx_t data type])
3c0ef626 2654 fi
2655fi
2656
2657if test -z "$have_uintxx_t" ; then
2658 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2659 AC_TRY_COMPILE(
540d72c3 2660 [ #include <stdint.h> ],
2661 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
3c0ef626 2662 [
2663 AC_DEFINE(HAVE_UINTXX_T)
2664 AC_MSG_RESULT(yes)
2665 ],
2666 [ AC_MSG_RESULT(no) ]
2667 )
2668fi
2669
2670if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
540d72c3 2671 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3c0ef626 2672then
2673 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2674 AC_TRY_COMPILE(
2675 [
2676#include <sys/bitypes.h>
540d72c3 2677 ],
3c0ef626 2678 [
2679 int8_t a; int16_t b; int32_t c;
2680 u_int8_t e; u_int16_t f; u_int32_t g;
2681 a = b = c = e = f = g = 1;
540d72c3 2682 ],
3c0ef626 2683 [
2684 AC_DEFINE(HAVE_U_INTXX_T)
2685 AC_DEFINE(HAVE_INTXX_T)
2686 AC_MSG_RESULT(yes)
2687 ],
2688 [AC_MSG_RESULT(no)]
540d72c3 2689 )
3c0ef626 2690fi
2691
2692
2693AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2694 AC_TRY_COMPILE(
2695 [
2696#include <sys/types.h>
2697 ],
2698 [ u_char foo; foo = 125; ],
2699 [ ac_cv_have_u_char="yes" ],
2700 [ ac_cv_have_u_char="no" ]
2701 )
2702])
2703if test "x$ac_cv_have_u_char" = "xyes" ; then
08822d99 2704 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
3c0ef626 2705fi
2706
2707TYPE_SOCKLEN_T
2708
e9702f7d 2709AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2710
dfddba3d 2711AC_CHECK_TYPES(in_addr_t,,,
2712[#include <sys/types.h>
2713#include <netinet/in.h>])
2714
3c0ef626 2715AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2716 AC_TRY_COMPILE(
2717 [
2718#include <sys/types.h>
2719 ],
2720 [ size_t foo; foo = 1235; ],
2721 [ ac_cv_have_size_t="yes" ],
2722 [ ac_cv_have_size_t="no" ]
2723 )
2724])
2725if test "x$ac_cv_have_size_t" = "xyes" ; then
08822d99 2726 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
3c0ef626 2727fi
2728
2729AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2730 AC_TRY_COMPILE(
2731 [
2732#include <sys/types.h>
2733 ],
2734 [ ssize_t foo; foo = 1235; ],
2735 [ ac_cv_have_ssize_t="yes" ],
2736 [ ac_cv_have_ssize_t="no" ]
2737 )
2738])
2739if test "x$ac_cv_have_ssize_t" = "xyes" ; then
08822d99 2740 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
3c0ef626 2741fi
2742
2743AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2744 AC_TRY_COMPILE(
2745 [
2746#include <time.h>
2747 ],
2748 [ clock_t foo; foo = 1235; ],
2749 [ ac_cv_have_clock_t="yes" ],
2750 [ ac_cv_have_clock_t="no" ]
2751 )
2752])
2753if test "x$ac_cv_have_clock_t" = "xyes" ; then
08822d99 2754 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
3c0ef626 2755fi
2756
2757AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2758 AC_TRY_COMPILE(
2759 [
2760#include <sys/types.h>
2761#include <sys/socket.h>
2762 ],
2763 [ sa_family_t foo; foo = 1235; ],
2764 [ ac_cv_have_sa_family_t="yes" ],
2765 [ AC_TRY_COMPILE(
2766 [
2767#include <sys/types.h>
2768#include <sys/socket.h>
2769#include <netinet/in.h>
2770 ],
2771 [ sa_family_t foo; foo = 1235; ],
2772 [ ac_cv_have_sa_family_t="yes" ],
2773
2774 [ ac_cv_have_sa_family_t="no" ]
2775 )]
2776 )
2777])
2778if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
08822d99 2779 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2780 [define if you have sa_family_t data type])
3c0ef626 2781fi
2782
2783AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2784 AC_TRY_COMPILE(
2785 [
2786#include <sys/types.h>
2787 ],
2788 [ pid_t foo; foo = 1235; ],
2789 [ ac_cv_have_pid_t="yes" ],
2790 [ ac_cv_have_pid_t="no" ]
2791 )
2792])
2793if test "x$ac_cv_have_pid_t" = "xyes" ; then
08822d99 2794 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
3c0ef626 2795fi
2796
2797AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2798 AC_TRY_COMPILE(
2799 [
2800#include <sys/types.h>
2801 ],
2802 [ mode_t foo; foo = 1235; ],
2803 [ ac_cv_have_mode_t="yes" ],
2804 [ ac_cv_have_mode_t="no" ]
2805 )
2806])
2807if test "x$ac_cv_have_mode_t" = "xyes" ; then
08822d99 2808 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
3c0ef626 2809fi
2810
2811
2812AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2813 AC_TRY_COMPILE(
2814 [
2815#include <sys/types.h>
2816#include <sys/socket.h>
2817 ],
2818 [ struct sockaddr_storage s; ],
2819 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2820 [ ac_cv_have_struct_sockaddr_storage="no" ]
2821 )
2822])
2823if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
08822d99 2824 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2825 [define if you have struct sockaddr_storage data type])
3c0ef626 2826fi
2827
2828AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2829 AC_TRY_COMPILE(
2830 [
2831#include <sys/types.h>
2832#include <netinet/in.h>
2833 ],
2834 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2835 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2836 [ ac_cv_have_struct_sockaddr_in6="no" ]
2837 )
2838])
2839if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
08822d99 2840 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2841 [define if you have struct sockaddr_in6 data type])
3c0ef626 2842fi
2843
2844AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2845 AC_TRY_COMPILE(
2846 [
2847#include <sys/types.h>
2848#include <netinet/in.h>
2849 ],
2850 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2851 [ ac_cv_have_struct_in6_addr="yes" ],
2852 [ ac_cv_have_struct_in6_addr="no" ]
2853 )
2854])
2855if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
08822d99 2856 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2857 [define if you have struct in6_addr data type])
3c0ef626 2858fi
2859
2860AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2861 AC_TRY_COMPILE(
2862 [
2863#include <sys/types.h>
2864#include <sys/socket.h>
2865#include <netdb.h>
2866 ],
2867 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2868 [ ac_cv_have_struct_addrinfo="yes" ],
2869 [ ac_cv_have_struct_addrinfo="no" ]
2870 )
2871])
2872if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
08822d99 2873 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2874 [define if you have struct addrinfo data type])
3c0ef626 2875fi
2876
2877AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2878 AC_TRY_COMPILE(
540d72c3 2879 [ #include <sys/time.h> ],
2880 [ struct timeval tv; tv.tv_sec = 1;],
3c0ef626 2881 [ ac_cv_have_struct_timeval="yes" ],
2882 [ ac_cv_have_struct_timeval="no" ]
2883 )
2884])
2885if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
08822d99 2886 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3c0ef626 2887 have_struct_timeval=1
2888fi
2889
bfe49944 2890AC_CHECK_TYPES(struct timespec)
2891
2892# We need int64_t or else certian parts of the compile will fail.
8b32eddc 2893if test "x$ac_cv_have_int64_t" = "xno" && \
2894 test "x$ac_cv_sizeof_long_int" != "x8" && \
2895 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
bfe49944 2896 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2897 echo "an alternative compiler (I.E., GCC) before continuing."
2898 echo ""
2899 exit 1;
3c0ef626 2900else
2901dnl test snprintf (broken on SCO w/gcc)
dfddba3d 2902 AC_RUN_IFELSE(
2903 [AC_LANG_SOURCE([[
3c0ef626 2904#include <stdio.h>
2905#include <string.h>
2906#ifdef HAVE_SNPRINTF
2907main()
2908{
2909 char buf[50];
2910 char expected_out[50];
2911 int mazsize = 50 ;
2912#if (SIZEOF_LONG_INT == 8)
2913 long int num = 0x7fffffffffffffff;
2914#else
2915 long long num = 0x7fffffffffffffffll;
2916#endif
2917 strcpy(expected_out, "9223372036854775807");
2918 snprintf(buf, mazsize, "%lld", num);
2919 if(strcmp(buf, expected_out) != 0)
540d72c3 2920 exit(1);
3c0ef626 2921 exit(0);
2922}
2923#else
2924main() { exit(0); }
2925#endif
dfddba3d 2926 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2927 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3c0ef626 2928 )
2929fi
3c0ef626 2930
2931dnl Checks for structure members
2932OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2933OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2934OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2935OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2936OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2937OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2938OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2939OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2940OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2941OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2942OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2943OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2944OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2945OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2946OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2947OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2948OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2949
2950AC_CHECK_MEMBERS([struct stat.st_blksize])
08822d99 2951AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2952 [Define if we don't have struct __res_state in resolv.h])],
2953[
2954#include <stdio.h>
2955#if HAVE_SYS_TYPES_H
2956# include <sys/types.h>
2957#endif
2958#include <netinet/in.h>
2959#include <arpa/nameser.h>
2960#include <resolv.h>
2961])
3c0ef626 2962
2963AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2964 ac_cv_have_ss_family_in_struct_ss, [
2965 AC_TRY_COMPILE(
2966 [
2967#include <sys/types.h>
2968#include <sys/socket.h>
2969 ],
2970 [ struct sockaddr_storage s; s.ss_family = 1; ],
2971 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2972 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2973 )
2974])
2975if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
08822d99 2976 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3c0ef626 2977fi
2978
2979AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2980 ac_cv_have___ss_family_in_struct_ss, [
2981 AC_TRY_COMPILE(
2982 [
2983#include <sys/types.h>
2984#include <sys/socket.h>
2985 ],
2986 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2987 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2988 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2989 )
2990])
2991if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
08822d99 2992 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2993 [Fields in struct sockaddr_storage])
3c0ef626 2994fi
2995
2996AC_CACHE_CHECK([for pw_class field in struct passwd],
2997 ac_cv_have_pw_class_in_struct_passwd, [
2998 AC_TRY_COMPILE(
2999 [
3000#include <pwd.h>
3001 ],
3002 [ struct passwd p; p.pw_class = 0; ],
3003 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3004 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3005 )
3006])
3007if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
08822d99 3008 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3009 [Define if your password has a pw_class field])
3c0ef626 3010fi
3011
3012AC_CACHE_CHECK([for pw_expire field in struct passwd],
3013 ac_cv_have_pw_expire_in_struct_passwd, [
3014 AC_TRY_COMPILE(
3015 [
3016#include <pwd.h>
3017 ],
3018 [ struct passwd p; p.pw_expire = 0; ],
3019 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3020 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3021 )
3022])
3023if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
08822d99 3024 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3025 [Define if your password has a pw_expire field])
3c0ef626 3026fi
3027
3028AC_CACHE_CHECK([for pw_change field in struct passwd],
3029 ac_cv_have_pw_change_in_struct_passwd, [
3030 AC_TRY_COMPILE(
3031 [
3032#include <pwd.h>
3033 ],
3034 [ struct passwd p; p.pw_change = 0; ],
3035 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3036 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3037 )
3038])
3039if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
08822d99 3040 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3041 [Define if your password has a pw_change field])
3c0ef626 3042fi
3043
541874c2 3044dnl make sure we're using the real structure members and not defines
350391c5 3045AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3046 ac_cv_have_accrights_in_msghdr, [
dfddba3d 3047 AC_COMPILE_IFELSE(
350391c5 3048 [
3049#include <sys/types.h>
3050#include <sys/socket.h>
3051#include <sys/uio.h>
541874c2 3052int main() {
3053#ifdef msg_accrights
dfddba3d 3054#error "msg_accrights is a macro"
541874c2 3055exit(1);
3056#endif
3057struct msghdr m;
3058m.msg_accrights = 0;
3059exit(0);
3060}
350391c5 3061 ],
350391c5 3062 [ ac_cv_have_accrights_in_msghdr="yes" ],
3063 [ ac_cv_have_accrights_in_msghdr="no" ]
3064 )
3065])
3066if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
08822d99 3067 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3068 [Define if your system uses access rights style
3069 file descriptor passing])
350391c5 3070fi
3071
3072AC_CACHE_CHECK([for msg_control field in struct msghdr],
3073 ac_cv_have_control_in_msghdr, [
dfddba3d 3074 AC_COMPILE_IFELSE(
350391c5 3075 [
3076#include <sys/types.h>
3077#include <sys/socket.h>
3078#include <sys/uio.h>
541874c2 3079int main() {
3080#ifdef msg_control
dfddba3d 3081#error "msg_control is a macro"
541874c2 3082exit(1);
3083#endif
3084struct msghdr m;
3085m.msg_control = 0;
3086exit(0);
3087}
350391c5 3088 ],
350391c5 3089 [ ac_cv_have_control_in_msghdr="yes" ],
3090 [ ac_cv_have_control_in_msghdr="no" ]
3091 )
3092])
3093if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
08822d99 3094 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3095 [Define if your system uses ancillary data style
3096 file descriptor passing])
350391c5 3097fi
3098
3c0ef626 3099AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
540d72c3 3100 AC_TRY_LINK([],
3101 [ extern char *__progname; printf("%s", __progname); ],
3c0ef626 3102 [ ac_cv_libc_defines___progname="yes" ],
3103 [ ac_cv_libc_defines___progname="no" ]
3104 )
3105])
3106if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
08822d99 3107 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3c0ef626 3108fi
3109
350391c5 3110AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3111 AC_TRY_LINK([
3112#include <stdio.h>
540d72c3 3113],
3114 [ printf("%s", __FUNCTION__); ],
350391c5 3115 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3116 [ ac_cv_cc_implements___FUNCTION__="no" ]
3117 )
3118])
3119if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
08822d99 3120 AC_DEFINE(HAVE___FUNCTION__, 1,
3121 [Define if compiler implements __FUNCTION__])
350391c5 3122fi
3123
3124AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3125 AC_TRY_LINK([
3126#include <stdio.h>
540d72c3 3127],
3128 [ printf("%s", __func__); ],
350391c5 3129 [ ac_cv_cc_implements___func__="yes" ],
3130 [ ac_cv_cc_implements___func__="no" ]
3131 )
3132])
3133if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
08822d99 3134 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3135fi
3136
3137AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3138 AC_TRY_LINK(
3139 [#include <stdarg.h>
3140 va_list x,y;],
3141 [va_copy(x,y);],
3142 [ ac_cv_have_va_copy="yes" ],
3143 [ ac_cv_have_va_copy="no" ]
3144 )
3145])
3146if test "x$ac_cv_have_va_copy" = "xyes" ; then
3147 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3148fi
3149
3150AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3151 AC_TRY_LINK(
3152 [#include <stdarg.h>
3153 va_list x,y;],
3154 [__va_copy(x,y);],
3155 [ ac_cv_have___va_copy="yes" ],
3156 [ ac_cv_have___va_copy="no" ]
3157 )
3158])
3159if test "x$ac_cv_have___va_copy" = "xyes" ; then
3160 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
350391c5 3161fi
3162
3c0ef626 3163AC_CACHE_CHECK([whether getopt has optreset support],
3164 ac_cv_have_getopt_optreset, [
3165 AC_TRY_LINK(
3166 [
3167#include <getopt.h>
3168 ],
3169 [ extern int optreset; optreset = 0; ],
3170 [ ac_cv_have_getopt_optreset="yes" ],
3171 [ ac_cv_have_getopt_optreset="no" ]
3172 )
3173])
3174if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
08822d99 3175 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3176 [Define if your getopt(3) defines and uses optreset])
3c0ef626 3177fi
3178
3179AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
540d72c3 3180 AC_TRY_LINK([],
3181 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3c0ef626 3182 [ ac_cv_libc_defines_sys_errlist="yes" ],
3183 [ ac_cv_libc_defines_sys_errlist="no" ]
3184 )
3185])
3186if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
08822d99 3187 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3188 [Define if your system defines sys_errlist[]])
3c0ef626 3189fi
3190
3191
3192AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
540d72c3 3193 AC_TRY_LINK([],
3194 [ extern int sys_nerr; printf("%i", sys_nerr);],
3c0ef626 3195 [ ac_cv_libc_defines_sys_nerr="yes" ],
3196 [ ac_cv_libc_defines_sys_nerr="no" ]
3197 )
3198])
3199if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
08822d99 3200 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3c0ef626 3201fi
3202
540d72c3 3203SCARD_MSG="no"
350391c5 3204# Check whether user wants sectok support
3205AC_ARG_WITH(sectok,
3206 [ --with-sectok Enable smartcard support using libsectok],
3c0ef626 3207 [
3208 if test "x$withval" != "xno" ; then
3209 if test "x$withval" != "xyes" ; then
3210 CPPFLAGS="$CPPFLAGS -I${withval}"
3211 LDFLAGS="$LDFLAGS -L${withval}"
3212 if test ! -z "$need_dash_r" ; then
3213 LDFLAGS="$LDFLAGS -R${withval}"
3214 fi
3215 if test ! -z "$blibpath" ; then
3216 blibpath="$blibpath:${withval}"
3217 fi
3218 fi
3219 AC_CHECK_HEADERS(sectok.h)
3220 if test "$ac_cv_header_sectok_h" != yes; then
3221 AC_MSG_ERROR(Can't find sectok.h)
3222 fi
3223 AC_CHECK_LIB(sectok, sectok_open)
3224 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3225 AC_MSG_ERROR(Can't find libsectok)
3226 fi
08822d99 3227 AC_DEFINE(SMARTCARD, 1,
3228 [Define if you want smartcard support])
3229 AC_DEFINE(USE_SECTOK, 1,
3230 [Define if you want smartcard support
3231 using sectok])
540d72c3 3232 SCARD_MSG="yes, using sectok"
3c0ef626 3233 fi
3234 ]
3235)
3236
350391c5 3237# Check whether user wants OpenSC support
8b32eddc 3238OPENSC_CONFIG="no"
350391c5 3239AC_ARG_WITH(opensc,
08822d99 3240 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
8b32eddc 3241 [
3242 if test "x$withval" != "xno" ; then
3243 if test "x$withval" != "xyes" ; then
3244 OPENSC_CONFIG=$withval/bin/opensc-config
3245 else
3246 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3247 fi
3248 if test "$OPENSC_CONFIG" != "no"; then
3249 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3250 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3251 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
30460aeb 3252 LIBS="$LIBS $LIBOPENSC_LIBS"
8b32eddc 3253 AC_DEFINE(SMARTCARD)
08822d99 3254 AC_DEFINE(USE_OPENSC, 1,
3255 [Define if you want smartcard support
3256 using OpenSC])
8b32eddc 3257 SCARD_MSG="yes, using OpenSC"
3258 fi
3259 fi
3260 ]
3261)
350391c5 3262
540d72c3 3263# Check libraries needed by DNS fingerprint support
3264AC_SEARCH_LIBS(getrrsetbyname, resolv,
08822d99 3265 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3266 [Define if getrrsetbyname() exists])],
7cac2b65 3267 [
540d72c3 3268 # Needed by our getrrsetbyname()
3269 AC_SEARCH_LIBS(res_query, resolv)
3270 AC_SEARCH_LIBS(dn_expand, resolv)
7e82606e 3271 AC_MSG_CHECKING(if res_query will link)
3272 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3273 [AC_MSG_RESULT(no)
3274 saved_LIBS="$LIBS"
3275 LIBS="$LIBS -lresolv"
3276 AC_MSG_CHECKING(for res_query in -lresolv)
3277 AC_LINK_IFELSE([
3278#include <resolv.h>
3279int main()
3280{
3281 res_query (0, 0, 0, 0, 0);
3282 return 0;
3283}
3284 ],
3285 [LIBS="$LIBS -lresolv"
3286 AC_MSG_RESULT(yes)],
3287 [LIBS="$saved_LIBS"
3288 AC_MSG_RESULT(no)])
3289 ])
540d72c3 3290 AC_CHECK_FUNCS(_getshort _getlong)
2ce0bfe4 3291 AC_CHECK_DECLS([_getshort, _getlong], , ,
3292 [#include <sys/types.h>
3293 #include <arpa/nameser.h>])
540d72c3 3294 AC_CHECK_MEMBER(HEADER.ad,
08822d99 3295 [AC_DEFINE(HAVE_HEADER_AD, 1,
3296 [Define if HEADER.ad exists in arpa/nameser.h])],,
540d72c3 3297 [#include <arpa/nameser.h>])
3298 ])
7cac2b65 3299
30460aeb 3300# Check whether user wants SELinux support
3301SELINUX_MSG="no"
3302LIBSELINUX=""
3303AC_ARG_WITH(selinux,
3304 [ --with-selinux Enable SELinux support],
3305 [ if test "x$withval" != "xno" ; then
3306 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3307 SELINUX_MSG="yes"
3308 AC_CHECK_HEADER([selinux/selinux.h], ,
3309 AC_MSG_ERROR(SELinux support requires selinux.h header))
3310 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3311 AC_MSG_ERROR(SELinux support requires libselinux library))
240debe0 3312 save_LIBS="$LIBS"
3313 LIBS="$LIBS $LIBSELINUX"
30460aeb 3314 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
240debe0 3315 LIBS="$save_LIBS"
30460aeb 3316 fi ]
3317)
3318AC_SUBST(LIBSELINUX)
3319
63119dd9 3320# Check whether user wants Kerberos 5 support
540d72c3 3321KRB5_MSG="no"
63119dd9 3322AC_ARG_WITH(kerberos5,
540d72c3 3323 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3324 [ if test "x$withval" != "xno" ; then
3325 if test "x$withval" = "xyes" ; then
3326 KRB5ROOT="/usr/local"
3327 else
3328 KRB5ROOT=${withval}
3329 fi
3330
08822d99 3331 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
540d72c3 3332 KRB5_MSG="yes"
3333
3334 AC_MSG_CHECKING(for krb5-config)
3335 if test -x $KRB5ROOT/bin/krb5-config ; then
3336 KRB5CONF=$KRB5ROOT/bin/krb5-config
3337 AC_MSG_RESULT($KRB5CONF)
3338
3339 AC_MSG_CHECKING(for gssapi support)
3340 if $KRB5CONF | grep gssapi >/dev/null ; then
3341 AC_MSG_RESULT(yes)
08822d99 3342 AC_DEFINE(GSSAPI, 1,
3343 [Define this if you want GSSAPI
3344 support in the version 2 protocol])
540d72c3 3345 k5confopts=gssapi
3346 else
3347 AC_MSG_RESULT(no)
3348 k5confopts=""
3349 fi
3350 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3351 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3352 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3353 AC_MSG_CHECKING(whether we are using Heimdal)
3354 AC_TRY_COMPILE([ #include <krb5.h> ],
3355 [ char *tmp = heimdal_version; ],
3356 [ AC_MSG_RESULT(yes)
08822d99 3357 AC_DEFINE(HEIMDAL, 1,
3358 [Define this if you are using the
3359 Heimdal version of Kerberos V5]) ],
540d72c3 3360 AC_MSG_RESULT(no)
3361 )
3362 else
3363 AC_MSG_RESULT(no)
63119dd9 3364 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
540d72c3 3365 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3366 AC_MSG_CHECKING(whether we are using Heimdal)
3367 AC_TRY_COMPILE([ #include <krb5.h> ],
3368 [ char *tmp = heimdal_version; ],
3369 [ AC_MSG_RESULT(yes)
3370 AC_DEFINE(HEIMDAL)
7e82606e 3371 K5LIBS="-lkrb5 -ldes"
3372 K5LIBS="$K5LIBS -lcom_err -lasn1"
8b32eddc 3373 AC_CHECK_LIB(roken, net_write,
7e82606e 3374 [K5LIBS="$K5LIBS -lroken"])
540d72c3 3375 ],
3376 [ AC_MSG_RESULT(no)
3377 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3378 ]
3379 )
7cac2b65 3380 AC_SEARCH_LIBS(dn_expand, resolv)
3381
3382 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3383 [ AC_DEFINE(GSSAPI)
3384 K5LIBS="-lgssapi $K5LIBS" ],
3385 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3386 [ AC_DEFINE(GSSAPI)
540d72c3 3387 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
7cac2b65 3388 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3389 $K5LIBS)
3390 ],
3391 $K5LIBS)
8b32eddc 3392
7cac2b65 3393 AC_CHECK_HEADER(gssapi.h, ,
3394 [ unset ac_cv_header_gssapi_h
540d72c3 3395 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
7cac2b65 3396 AC_CHECK_HEADERS(gssapi.h, ,
3397 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
540d72c3 3398 )
7cac2b65 3399 ]
3400 )
3401
3402 oldCPP="$CPPFLAGS"
3403 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3404 AC_CHECK_HEADER(gssapi_krb5.h, ,
3405 [ CPPFLAGS="$oldCPP" ])
63119dd9 3406
1c89237d 3407 # If we're using some other GSSAPI
3408 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3409 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3410 fi
5598e598 3411
540d72c3 3412 if test -z "$GSSAPI"; then
3413 GSSAPI="KRB5";
3414 fi
1c89237d 3415
5598e598 3416 oldCPP="$CPPFLAGS"
3417 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3418 AC_CHECK_HEADER(gssapi_krb5.h, ,
3419 [ CPPFLAGS="$oldCPP" ])
3420
63119dd9 3421 fi
540d72c3 3422 if test ! -z "$need_dash_r" ; then
3423 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3424 fi
3425 if test ! -z "$blibpath" ; then
3426 blibpath="$blibpath:${KRB5ROOT}/lib"
3427 fi
540d72c3 3428
08822d99 3429 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3430 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3431 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
540d72c3 3432
08822d99 3433 LIBS="$LIBS $K5LIBS"
3434 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3435 [Define this if you want to use libkafs' AFS support]))
3436 fi
540d72c3 3437 ]
63119dd9 3438)
3c0ef626 3439
62eb343a 3440# Check whether user wants AFS_KRB5 support
3441AFS_KRB5_MSG="no"
3442AC_ARG_WITH(afs-krb5,
3443 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3444 [
3445 if test "x$withval" != "xno" ; then
3446
3447 if test "x$withval" != "xyes" ; then
08822d99 3448 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3449 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
62eb343a 3450 else
08822d99 3451 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3452 "/usr/bin/aklog",
3453 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
62eb343a 3454 fi
3455
540d72c3 3456 if test -z "$KRB5ROOT" ; then
62eb343a 3457 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3458 fi
3459
0a00e8f9 3460 LIBS="-lkrbafs -lkrb4 $LIBS"
62eb343a 3461 if test ! -z "$AFS_LIBS" ; then
3462 LIBS="$LIBS $AFS_LIBS"
3463 fi
08822d99 3464 AC_DEFINE(AFS_KRB5, 1,
3465 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
62eb343a 3466 AFS_KRB5_MSG="yes"
3467 fi
3468 ]
3469)
3c0ef626 3470
75be3237 3471AC_ARG_WITH(session-hooks,
3472 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
08822d99 3473 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
75be3237 3474)
3475
3c0ef626 3476# Looking for programs, paths and files
3c0ef626 3477
350391c5 3478PRIVSEP_PATH=/var/empty
3479AC_ARG_WITH(privsep-path,
d03f4262 3480 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
350391c5 3481 [
8b32eddc 3482 if test -n "$withval" && test "x$withval" != "xno" && \
3483 test "x${withval}" != "xyes"; then
350391c5 3484 PRIVSEP_PATH=$withval
3485 fi
3486 ]
3487)
3488AC_SUBST(PRIVSEP_PATH)
3489
3c0ef626 3490AC_ARG_WITH(xauth,
3491 [ --with-xauth=PATH Specify path to xauth program ],
3492 [
8b32eddc 3493 if test -n "$withval" && test "x$withval" != "xno" && \
3494 test "x${withval}" != "xyes"; then
3c0ef626 3495 xauth_path=$withval
3496 fi
3497 ],
3498 [
d03f4262 3499 TestPath="$PATH"
3500 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3501 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3502 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3503 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3504 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3c0ef626 3505 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3506 xauth_path="/usr/openwin/bin/xauth"
3507 fi
3508 ]
3509)
3510
bfe49944 3511STRIP_OPT=-s
3512AC_ARG_ENABLE(strip,
3513 [ --disable-strip Disable calling strip(1) on install],
3514 [
3515 if test "x$enableval" = "xno" ; then
3516 STRIP_OPT=
3517 fi
3518 ]
3519)
3520AC_SUBST(STRIP_OPT)
3521
3c0ef626 3522if test -z "$xauth_path" ; then
3523 XAUTH_PATH="undefined"
3524 AC_SUBST(XAUTH_PATH)
3525else
08822d99 3526 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3527 [Define if xauth is found in your path])
3c0ef626 3528 XAUTH_PATH=$xauth_path
3529 AC_SUBST(XAUTH_PATH)
3530fi
3c0ef626 3531
3532# Check for mail directory (last resort if we cannot get it from headers)
3533if test ! -z "$MAIL" ; then
3534 maildir=`dirname $MAIL`
08822d99 3535 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3536 [Set this to your mail directory if you don't have maillock.h])
3c0ef626 3537fi
3538
dfddba3d 3539if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3540 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3541 disable_ptmx_check=yes
3542fi
3c0ef626 3543if test -z "$no_dev_ptmx" ; then
350391c5 3544 if test "x$disable_ptmx_check" != "xyes" ; then
540d72c3 3545 AC_CHECK_FILE("/dev/ptmx",
350391c5 3546 [
08822d99 3547 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3548 [Define if you have /dev/ptmx])
350391c5 3549 have_dev_ptmx=1
3550 ]
3551 )
3552 fi
3c0ef626 3553fi
dfddba3d 3554
3555if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3556 AC_CHECK_FILE("/dev/ptc",
3557 [
08822d99 3558 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3559 [Define if you have /dev/ptc])
dfddba3d 3560 have_dev_ptc=1
3561 ]
3562 )
3563else
3564 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3565fi
3c0ef626 3566
3567# Options from here on. Some of these are preset by platform above
3c0ef626 3568AC_ARG_WITH(mantype,
3569 [ --with-mantype=man|cat|doc Set man page type],
3570 [
3571 case "$withval" in
3572 man|cat|doc)
3573 MANTYPE=$withval
3574 ;;
3575 *)
3576 AC_MSG_ERROR(invalid man type: $withval)
3577 ;;
3578 esac
3579 ]
3580)
3581if test -z "$MANTYPE"; then
d03f4262 3582 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3583 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3c0ef626 3584 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3585 MANTYPE=doc
3586 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3587 MANTYPE=man
3588 else
3589 MANTYPE=cat
3590 fi
3591fi
3592AC_SUBST(MANTYPE)
3593if test "$MANTYPE" = "doc"; then
3594 mansubdir=man;
3595else
3596 mansubdir=$MANTYPE;
3597fi
3598AC_SUBST(mansubdir)
3599
3600# Check whether to enable MD5 passwords
540d72c3 3601MD5_MSG="no"
3c0ef626 3602AC_ARG_WITH(md5-passwords,
3603 [ --with-md5-passwords Enable use of MD5 passwords],
3604 [
3605 if test "x$withval" != "xno" ; then
08822d99 3606 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3607 [Define if you want to allow MD5 passwords])
540d72c3 3608 MD5_MSG="yes"
3c0ef626 3609 fi
3610 ]
3611)
3612
3613# Whether to disable shadow password support
3614AC_ARG_WITH(shadow,
3615 [ --without-shadow Disable shadow password support],
3616 [
8b32eddc 3617 if test "x$withval" = "xno" ; then
3c0ef626 3618 AC_DEFINE(DISABLE_SHADOW)
3619 disable_shadow=yes
3620 fi
3621 ]
3622)
3623
3624if test -z "$disable_shadow" ; then
3625 AC_MSG_CHECKING([if the systems has expire shadow information])
3626 AC_TRY_COMPILE(
3627 [
3628#include <sys/types.h>
3629#include <shadow.h>
3630 struct spwd sp;
3631 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3632 [ sp_expire_available=yes ], []
3633 )
3634
3635 if test "x$sp_expire_available" = "xyes" ; then
3636 AC_MSG_RESULT(yes)
08822d99 3637 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3638 [Define if you want to use shadow password expire field])
3c0ef626 3639 else
3640 AC_MSG_RESULT(no)
3641 fi
3642fi
3643
3644# Use ip address instead of hostname in $DISPLAY
3645if test ! -z "$IPADDR_IN_DISPLAY" ; then
3646 DISPLAY_HACK_MSG="yes"
08822d99 3647 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3648 [Define if you need to use IP address
3649 instead of hostname in $DISPLAY])
3c0ef626 3650else
540d72c3 3651 DISPLAY_HACK_MSG="no"
3c0ef626 3652 AC_ARG_WITH(ipaddr-display,
3653 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3654 [
8b32eddc 3655 if test "x$withval" != "xno" ; then
3c0ef626 3656 AC_DEFINE(IPADDR_IN_DISPLAY)
540d72c3 3657 DISPLAY_HACK_MSG="yes"
3c0ef626 3658 fi
3659 ]
3660 )
3661fi
3662
7cac2b65 3663# check for /etc/default/login and use it if present.
29d88157 3664AC_ARG_ENABLE(etc-default-login,
dfddba3d 3665 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3666 [ if test "x$enableval" = "xno"; then
3667 AC_MSG_NOTICE([/etc/default/login handling disabled])
3668 etc_default_login=no
3669 else
3670 etc_default_login=yes
3671 fi ],
08822d99 3672 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3673 then
3674 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3675 etc_default_login=no
3676 else
3677 etc_default_login=yes
3678 fi ]
dfddba3d 3679)
3680
3681if test "x$etc_default_login" != "xno"; then
3682 AC_CHECK_FILE("/etc/default/login",
3683 [ external_path_file=/etc/default/login ])
08822d99 3684 if test "x$external_path_file" = "x/etc/default/login"; then
3685 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3686 [Define if your system has /etc/default/login])
dfddba3d 3687 fi
7cac2b65 3688fi
3689
350391c5 3690dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
8b32eddc 3691if test $ac_cv_func_login_getcapbool = "yes" && \
3692 test $ac_cv_header_login_cap_h = "yes" ; then
7cac2b65 3693 external_path_file=/etc/login.conf
350391c5 3694fi
7cac2b65 3695
3c0ef626 3696# Whether to mess with the default path
540d72c3 3697SERVER_PATH_MSG="(default)"
3c0ef626 3698AC_ARG_WITH(default-path,
350391c5 3699 [ --with-default-path= Specify default \$PATH environment for server],
3c0ef626 3700 [
7cac2b65 3701 if test "x$external_path_file" = "x/etc/login.conf" ; then
350391c5 3702 AC_MSG_WARN([
3703--with-default-path=PATH has no effect on this system.
3704Edit /etc/login.conf instead.])
8b32eddc 3705 elif test "x$withval" != "xno" ; then
7cac2b65 3706 if test ! -z "$external_path_file" ; then
3707 AC_MSG_WARN([
3708--with-default-path=PATH will only be used if PATH is not defined in
3709$external_path_file .])
3710 fi
3c0ef626 3711 user_path="$withval"
540d72c3 3712 SERVER_PATH_MSG="$withval"
3c0ef626 3713 fi
3714 ],
7cac2b65 3715 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3716 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
350391c5 3717 else
7cac2b65 3718 if test ! -z "$external_path_file" ; then
3719 AC_MSG_WARN([
3720If PATH is defined in $external_path_file, ensure the path to scp is included,
3721otherwise scp will not work.])
3722 fi
08822d99 3723 AC_RUN_IFELSE(
3724 [AC_LANG_SOURCE([[
3c0ef626 3725/* find out what STDPATH is */
3726#include <stdio.h>
3727#ifdef HAVE_PATHS_H
3728# include <paths.h>
3729#endif
3730#ifndef _PATH_STDPATH
bfe49944 3731# ifdef _PATH_USERPATH /* Irix */
3732# define _PATH_STDPATH _PATH_USERPATH
3733# else
3734# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3735# endif
3c0ef626 3736#endif
3737#include <sys/types.h>
3738#include <sys/stat.h>
3739#include <fcntl.h>
3740#define DATA "conftest.stdpath"
3741
3742main()
3743{
3744 FILE *fd;
3745 int rc;
8b32eddc 3746
3c0ef626 3747 fd = fopen(DATA,"w");
3748 if(fd == NULL)
3749 exit(1);
8b32eddc 3750
3c0ef626 3751 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3752 exit(1);
3753
3754 exit(0);
3755}
08822d99 3756 ]])],
3757 [ user_path=`cat conftest.stdpath` ],
3c0ef626 3758 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3759 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3760 )
3761# make sure $bindir is in USER_PATH so scp will work
3762 t_bindir=`eval echo ${bindir}`
3763 case $t_bindir in
3764 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3765 esac
3766 case $t_bindir in
3767 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3768 esac
3769 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3770 if test $? -ne 0 ; then
3771 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3772 if test $? -ne 0 ; then
3773 user_path=$user_path:$t_bindir
3774 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3775 fi
3776 fi
350391c5 3777 fi ]
3778)
7cac2b65 3779if test "x$external_path_file" != "x/etc/login.conf" ; then
08822d99 3780 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
350391c5 3781 AC_SUBST(user_path)
3782fi
3783
3784# Set superuser path separately to user path
350391c5 3785AC_ARG_WITH(superuser-path,
3786 [ --with-superuser-path= Specify different path for super-user],
3787 [
8b32eddc 3788 if test -n "$withval" && test "x$withval" != "xno" && \
3789 test "x${withval}" != "xyes"; then
08822d99 3790 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3791 [Define if you want a different $PATH
3792 for the superuser])
350391c5 3793 superuser_path=$withval
3794 fi
3c0ef626 3795 ]
3796)
350391c5 3797
3c0ef626 3798
3c0ef626 3799AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
540d72c3 3800IPV4_IN6_HACK_MSG="no"
3c0ef626 3801AC_ARG_WITH(4in6,
3802 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3803 [
3804 if test "x$withval" != "xno" ; then
3805 AC_MSG_RESULT(yes)
08822d99 3806 AC_DEFINE(IPV4_IN_IPV6, 1,
3807 [Detect IPv4 in IPv6 mapped addresses
3808 and treat as IPv4])
540d72c3 3809 IPV4_IN6_HACK_MSG="yes"
3c0ef626 3810 else
3811 AC_MSG_RESULT(no)
3812 fi
3813 ],[
3814 if test "x$inet6_default_4in6" = "xyes"; then
3815 AC_MSG_RESULT([yes (default)])
3816 AC_DEFINE(IPV4_IN_IPV6)
540d72c3 3817 IPV4_IN6_HACK_MSG="yes"
3c0ef626 3818 else
3819 AC_MSG_RESULT([no (default)])
3820 fi
3821 ]
3822)
3823
3824# Whether to enable BSD auth support
e9702f7d 3825BSD_AUTH_MSG=no
3c0ef626 3826AC_ARG_WITH(bsd-auth,
3827 [ --with-bsd-auth Enable BSD auth support],
3828 [
8b32eddc 3829 if test "x$withval" != "xno" ; then
08822d99 3830 AC_DEFINE(BSD_AUTH, 1,
3831 [Define if you have BSD auth support])
e9702f7d 3832 BSD_AUTH_MSG=yes
3c0ef626 3833 fi
3834 ]
3835)
3836
3c0ef626 3837# Where to place sshd.pid
3838piddir=/var/run
350391c5 3839# make sure the directory exists
8b32eddc 3840if test ! -d $piddir ; then
350391c5 3841 piddir=`eval echo ${sysconfdir}`
3842 case $piddir in
540d72c3 3843 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
350391c5 3844 esac
3845fi
3846
3c0ef626 3847AC_ARG_WITH(pid-dir,
3848 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3849 [
8b32eddc 3850 if test -n "$withval" && test "x$withval" != "xno" && \
3851 test "x${withval}" != "xyes"; then
3c0ef626 3852 piddir=$withval
8b32eddc 3853 if test ! -d $piddir ; then
350391c5 3854 AC_MSG_WARN([** no $piddir directory on this system **])
3855 fi
3c0ef626 3856 fi
3857 ]
3858)
3859
08822d99 3860AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3c0ef626 3861AC_SUBST(piddir)
3862
3863dnl allow user to disable some login recording features
3864AC_ARG_ENABLE(lastlog,
3865 [ --disable-lastlog disable use of lastlog even if detected [no]],
7cac2b65 3866 [
3867 if test "x$enableval" = "xno" ; then
3868 AC_DEFINE(DISABLE_LASTLOG)
3869 fi
3870 ]
3c0ef626 3871)
3872AC_ARG_ENABLE(utmp,
3873 [ --disable-utmp disable use of utmp even if detected [no]],
7cac2b65 3874 [
3875 if test "x$enableval" = "xno" ; then
3876 AC_DEFINE(DISABLE_UTMP)
3877 fi
3878 ]
3c0ef626 3879)
3880AC_ARG_ENABLE(utmpx,
3881 [ --disable-utmpx disable use of utmpx even if detected [no]],
7cac2b65 3882 [
3883 if test "x$enableval" = "xno" ; then
08822d99 3884 AC_DEFINE(DISABLE_UTMPX, 1,
3885 [Define if you don't want to use utmpx])
7cac2b65 3886 fi
3887 ]
3c0ef626 3888)
3889AC_ARG_ENABLE(wtmp,
3890 [ --disable-wtmp disable use of wtmp even if detected [no]],
7cac2b65 3891 [
3892 if test "x$enableval" = "xno" ; then
3893 AC_DEFINE(DISABLE_WTMP)
3894 fi
3895 ]
3c0ef626 3896)
3897AC_ARG_ENABLE(wtmpx,
3898 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
7cac2b65 3899 [
3900 if test "x$enableval" = "xno" ; then
08822d99 3901 AC_DEFINE(DISABLE_WTMPX, 1,
3902 [Define if you don't want to use wtmpx])
7cac2b65 3903 fi
3904 ]
3c0ef626 3905)
3906AC_ARG_ENABLE(libutil,
3907 [ --disable-libutil disable use of libutil (login() etc.) [no]],
7cac2b65 3908 [
3909 if test "x$enableval" = "xno" ; then
3910 AC_DEFINE(DISABLE_LOGIN)
3911 fi
3912 ]
3c0ef626 3913)
3914AC_ARG_ENABLE(pututline,
3915 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
7cac2b65 3916 [
3917 if test "x$enableval" = "xno" ; then
08822d99 3918 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3919 [Define if you don't want to use pututline()
3920 etc. to write [uw]tmp])
7cac2b65 3921 fi
3922 ]
3c0ef626 3923)
3924AC_ARG_ENABLE(pututxline,
3925 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
7cac2b65 3926 [
3927 if test "x$enableval" = "xno" ; then
08822d99 3928 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3929 [Define if you don't want to use pututxline()
3930 etc. to write [uw]tmpx])
7cac2b65 3931 fi
3932 ]
3c0ef626 3933)
3934AC_ARG_WITH(lastlog,
3935 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3936 [
8b32eddc 3937 if test "x$withval" = "xno" ; then
3c0ef626 3938 AC_DEFINE(DISABLE_LASTLOG)
8b32eddc 3939 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3c0ef626 3940 conf_lastlog_location=$withval
3941 fi
3942 ]
3943)
3944
3945dnl lastlog, [uw]tmpx? detection
3946dnl NOTE: set the paths in the platform section to avoid the
3947dnl need for command-line parameters
3948dnl lastlog and [uw]tmp are subject to a file search if all else fails
3949
3950dnl lastlog detection
3951dnl NOTE: the code itself will detect if lastlog is a directory
3952AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3953AC_TRY_COMPILE([
3954#include <sys/types.h>
3955#include <utmp.h>
3956#ifdef HAVE_LASTLOG_H
3957# include <lastlog.h>
3958#endif
3959#ifdef HAVE_PATHS_H
3960# include <paths.h>
3961#endif
3962#ifdef HAVE_LOGIN_H
3963# include <login.h>
3964#endif
3965 ],
3966 [ char *lastlog = LASTLOG_FILE; ],
3967 [ AC_MSG_RESULT(yes) ],
3968 [
3969 AC_MSG_RESULT(no)
3970 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3971 AC_TRY_COMPILE([
3972#include <sys/types.h>
3973#include <utmp.h>
3974#ifdef HAVE_LASTLOG_H
3975# include <lastlog.h>
3976#endif
3977#ifdef HAVE_PATHS_H
3978# include <paths.h>
3979#endif
3980 ],
3981 [ char *lastlog = _PATH_LASTLOG; ],
3982 [ AC_MSG_RESULT(yes) ],
3983 [
3984 AC_MSG_RESULT(no)
3985 system_lastlog_path=no
3986 ])
3987 ]
3988)
3989
3990if test -z "$conf_lastlog_location"; then
3991 if test x"$system_lastlog_path" = x"no" ; then
3992 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3993 if (test -d "$f" || test -f "$f") ; then
3994 conf_lastlog_location=$f
3995 fi
3996 done
3997 if test -z "$conf_lastlog_location"; then
3998 AC_MSG_WARN([** Cannot find lastlog **])
3999 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4000 fi
4001 fi
4002fi
4003
4004if test -n "$conf_lastlog_location"; then
08822d99 4005 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4006 [Define if you want to specify the path to your lastlog file])
8b32eddc 4007fi
3c0ef626 4008
4009dnl utmp detection
4010AC_MSG_CHECKING([if your system defines UTMP_FILE])
4011AC_TRY_COMPILE([
4012#include <sys/types.h>
4013#include <utmp.h>
4014#ifdef HAVE_PATHS_H
4015# include <paths.h>
4016#endif
4017 ],
4018 [ char *utmp = UTMP_FILE; ],
4019 [ AC_MSG_RESULT(yes) ],
4020 [ AC_MSG_RESULT(no)
4021 system_utmp_path=no ]
4022)
4023if test -z "$conf_utmp_location"; then
4024 if test x"$system_utmp_path" = x"no" ; then
4025 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4026 if test -f $f ; then
4027 conf_utmp_location=$f
4028 fi
4029 done
4030 if test -z "$conf_utmp_location"; then
4031 AC_DEFINE(DISABLE_UTMP)
4032 fi
4033 fi
4034fi
4035if test -n "$conf_utmp_location"; then
08822d99 4036 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4037 [Define if you want to specify the path to your utmp file])
8b32eddc 4038fi
3c0ef626 4039
4040dnl wtmp detection
4041AC_MSG_CHECKING([if your system defines WTMP_FILE])
4042AC_TRY_COMPILE([
4043#include <sys/types.h>
4044#include <utmp.h>
4045#ifdef HAVE_PATHS_H
4046# include <paths.h>
4047#endif
4048 ],
4049 [ char *wtmp = WTMP_FILE; ],
4050 [ AC_MSG_RESULT(yes) ],
4051 [ AC_MSG_RESULT(no)
4052 system_wtmp_path=no ]
4053)
4054if test -z "$conf_wtmp_location"; then
4055 if test x"$system_wtmp_path" = x"no" ; then
4056 for f in /usr/adm/wtmp /var/log/wtmp; do
4057 if test -f $f ; then
4058 conf_wtmp_location=$f
4059 fi
4060 done
4061 if test -z "$conf_wtmp_location"; then
4062 AC_DEFINE(DISABLE_WTMP)
4063 fi
4064 fi
4065fi
4066if test -n "$conf_wtmp_location"; then
08822d99 4067 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4068 [Define if you want to specify the path to your wtmp file])
8b32eddc 4069fi
3c0ef626 4070
4071
4072dnl utmpx detection - I don't know any system so perverse as to require
4073dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4074dnl there, though.
4075AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4076AC_TRY_COMPILE([
4077#include <sys/types.h>
4078#include <utmp.h>
4079#ifdef HAVE_UTMPX_H
4080#include <utmpx.h>
4081#endif
4082#ifdef HAVE_PATHS_H
4083# include <paths.h>
4084#endif
4085 ],
4086 [ char *utmpx = UTMPX_FILE; ],
4087 [ AC_MSG_RESULT(yes) ],
4088 [ AC_MSG_RESULT(no)
4089 system_utmpx_path=no ]
4090)
4091if test -z "$conf_utmpx_location"; then
4092 if test x"$system_utmpx_path" = x"no" ; then
4093 AC_DEFINE(DISABLE_UTMPX)
4094 fi
4095else
08822d99 4096 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4097 [Define if you want to specify the path to your utmpx file])
8b32eddc 4098fi
3c0ef626 4099
4100dnl wtmpx detection
4101AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4102AC_TRY_COMPILE([
4103#include <sys/types.h>
4104#include <utmp.h>
4105#ifdef HAVE_UTMPX_H
4106#include <utmpx.h>
4107#endif
4108#ifdef HAVE_PATHS_H
4109# include <paths.h>
4110#endif
4111 ],
4112 [ char *wtmpx = WTMPX_FILE; ],
4113 [ AC_MSG_RESULT(yes) ],
4114 [ AC_MSG_RESULT(no)
4115 system_wtmpx_path=no ]
4116)
4117if test -z "$conf_wtmpx_location"; then
4118 if test x"$system_wtmpx_path" = x"no" ; then
4119 AC_DEFINE(DISABLE_WTMPX)
4120 fi
4121else
08822d99 4122 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4123 [Define if you want to specify the path to your wtmpx file])
8b32eddc 4124fi
3c0ef626 4125
4126
3c0ef626 4127if test ! -z "$blibpath" ; then
256cb466 4128 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4129 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3c0ef626 4130fi
4131
2ce0bfe4 4132dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4133dnl Add now.
4134CFLAGS="$CFLAGS $werror_flags"
4135
e9702f7d 4136AC_EXEEXT
30460aeb 4137AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4138 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
dfddba3d 4139 scard/Makefile ssh_prng_cmds survey.sh])
3c0ef626 4140AC_OUTPUT
4141
4142# Print summary of options
4143
3c0ef626 4144# Someone please show me a better way :)
4145A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4146B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4147C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4148D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4149E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4150F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4151G=`eval echo ${piddir}` ; G=`eval echo ${G}`
350391c5 4152H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4153I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4154J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3c0ef626 4155
4156echo ""
4157echo "OpenSSH has been configured with the following options:"
350391c5 4158echo " User binaries: $B"
4159echo " System binaries: $C"
4160echo " Configuration files: $D"
4161echo " Askpass program: $E"
4162echo " Manual pages: $F"
4163echo " PID file: $G"
4164echo " Privilege separation chroot path: $H"
7cac2b65 4165if test "x$external_path_file" = "x/etc/login.conf" ; then
4166echo " At runtime, sshd will use the path defined in $external_path_file"
4167echo " Make sure the path to scp is present, otherwise scp will not work"
350391c5 4168else
4169echo " sshd default user PATH: $I"
7cac2b65 4170 if test ! -z "$external_path_file"; then
4171echo " (If PATH is set in $external_path_file it will be used instead. If"
4172echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4173 fi
350391c5 4174fi
4175if test ! -z "$superuser_path" ; then
4176echo " sshd superuser user PATH: $J"
4177fi
4178echo " Manpage format: $MANTYPE"
7cac2b65 4179echo " PAM support: $PAM_MSG"
30460aeb 4180echo " OSF SIA support: $SIA_MSG"
350391c5 4181echo " KerberosV support: $KRB5_MSG"
30460aeb 4182echo " SELinux support: $SELINUX_MSG"
350391c5 4183echo " Smartcard support: $SCARD_MSG"
350391c5 4184echo " S/KEY support: $SKEY_MSG"
4185echo " TCP Wrappers support: $TCPW_MSG"
4186echo " MD5 password support: $MD5_MSG"
dfddba3d 4187echo " libedit support: $LIBEDIT_MSG"
30460aeb 4188echo " Solaris process contract support: $SPC_MSG"
350391c5 4189echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
350391c5 4190echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4191echo " BSD Auth support: $BSD_AUTH_MSG"
4192echo " Random number source: $RAND_MSG"
e9702f7d 4193if test ! -z "$USE_RAND_HELPER" ; then
350391c5 4194echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3c0ef626 4195fi
4196
4197echo ""
4198
4199echo " Host: ${host}"
4200echo " Compiler: ${CC}"
4201echo " Compiler flags: ${CFLAGS}"
4202echo "Preprocessor flags: ${CPPFLAGS}"
4203echo " Linker flags: ${LDFLAGS}"
e9702f7d 4204echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3c0ef626 4205
4206echo ""
4207
7e82606e 4208if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
dfddba3d 4209 echo "SVR4 style packages are supported with \"make package\""
4210 echo ""
7e82606e 4211fi
4212
3c0ef626 4213if test "x$PAM_MSG" = "xyes" ; then
e9702f7d 4214 echo "PAM is enabled. You may need to install a PAM control file "
4215 echo "for sshd, otherwise password authentication may fail. "
540d72c3 4216 echo "Example PAM control files can be found in the contrib/ "
e9702f7d 4217 echo "subdirectory"
3c0ef626 4218 echo ""
4219fi
4220
e9702f7d 4221if test ! -z "$RAND_HELPER_CMDHASH" ; then
4222 echo "WARNING: you are using the builtin random number collection "
4223 echo "service. Please read WARNING.RNG and request that your OS "
4224 echo "vendor includes kernel-based random number collection in "
4225 echo "future versions of your OS."
3c0ef626 4226 echo ""
4227fi
4228
7e82606e 4229if test ! -z "$NO_PEERCHECK" ; then
4230 echo "WARNING: the operating system that you are using does not "
4231 echo "appear to support either the getpeereid() API nor the "
4232 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4233 echo "enforce security checks to prevent unauthorised connections to "
4234 echo "ssh-agent. Their absence increases the risk that a malicious "
4235 echo "user can connect to your agent. "
4236 echo ""
4237fi
4238
dfddba3d 4239if test "$AUDIT_MODULE" = "bsm" ; then
4240 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4241 echo "See the Solaris section in README.platform for details."
4242fi
git-cvsimport mirror of GSI OpenSSH
This page took 0.795631 seconds and 5 git commands to generate.