]> andersk Git - gssapi-openssh.git/blame - openssh/configure.ac
andersk / gssapi-openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch committed...
[gssapi-openssh.git] / openssh / configure.ac
CommitLineData
3c0ef626 1# $Id$
99be0775 2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
3c0ef626 16
665a873d 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
f2f068fa 18AC_REVISION($Revision$)
3c0ef626 19AC_CONFIG_SRCDIR([ssh.c])
20
21AC_CONFIG_HEADER(config.h)
22AC_PROG_CC
23AC_CANONICAL_HOST
24AC_C_BIGENDIAN
25
26# Checks for programs.
0fff78ff 27AC_PROG_AWK
3c0ef626 28AC_PROG_CPP
29AC_PROG_RANLIB
30AC_PROG_INSTALL
f2f068fa 31AC_PROG_EGREP
3c0ef626 32AC_PATH_PROG(AR, ar)
c9f39d2c 33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
3c0ef626 35AC_PATH_PROGS(PERL, perl5 perl)
6a9b3198 36AC_PATH_PROG(SED, sed)
3c0ef626 37AC_SUBST(PERL)
38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
3c0ef626 40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
700318f3 43AC_PATH_PROG(SH, sh)
c9f39d2c 44AC_SUBST(TEST_SHELL,sh)
45
46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
2c06c99b 52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
3c0ef626 57
58# System features
59AC_SYS_LARGEFILE
60
61if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
2c06c99b 67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
3c0ef626 70else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76fi
77
cdd66111 78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
2c06c99b 80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
cdd66111 82fi
83
3c0ef626 84if test -z "$LD" ; then
85 LD=$CC
86fi
87AC_SUBST(LD)
dec6d9fe 88
3c0ef626 89AC_C_INLINE
665a873d 90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
cdd66111 93if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
665a873d 94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
2c06c99b 95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
665a873d 96 case $GCC_VER in
97 1.*) ;;
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99 2.*) ;;
2c06c99b 100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
102 *) ;;
665a873d 103 esac
104
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
111 [have_llong_max=1],
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
114 )
115 fi
116fi
117
cdd66111 118AC_ARG_WITH(rpath,
119 [ --without-rpath Disable auto-added -R linker paths],
120 [
dec6d9fe 121 if test "x$withval" = "xno" ; then
cdd66111 122 need_dash_r=""
123 fi
124 if test "x$withval" = "xyes" ; then
125 need_dash_r=1
126 fi
127 ]
128)
129
ff7ec503 130# Allow user to specify flags
131AC_ARG_WITH(cflags,
132 [ --with-cflags Specify additional flags to pass to compiler],
133 [
134 if test -n "$withval" && test "x$withval" != "xno" && \
135 test "x${withval}" != "xyes"; then
136 CFLAGS="$CFLAGS $withval"
137 fi
138 ]
139)
140AC_ARG_WITH(cppflags,
141 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
142 [
143 if test -n "$withval" && test "x$withval" != "xno" && \
144 test "x${withval}" != "xyes"; then
145 CPPFLAGS="$CPPFLAGS $withval"
146 fi
147 ]
148)
149AC_ARG_WITH(ldflags,
150 [ --with-ldflags Specify additional flags to pass to linker],
151 [
152 if test -n "$withval" && test "x$withval" != "xno" && \
153 test "x${withval}" != "xyes"; then
154 LDFLAGS="$LDFLAGS $withval"
155 fi
156 ]
157)
158AC_ARG_WITH(libs,
159 [ --with-libs Specify additional libraries to link with],
160 [
161 if test -n "$withval" && test "x$withval" != "xno" && \
162 test "x${withval}" != "xyes"; then
163 LIBS="$LIBS $withval"
164 fi
165 ]
166)
167AC_ARG_WITH(Werror,
168 [ --with-Werror Build main code with -Werror],
169 [
170 if test -n "$withval" && test "x$withval" != "xno"; then
171 werror_flags="-Werror"
172 if test "x${withval}" != "xyes"; then
173 werror_flags="$withval"
174 fi
175 fi
176 ]
177)
178
179AC_CHECK_HEADERS( \
180 bstring.h \
181 crypt.h \
182 crypto/sha2.h \
183 dirent.h \
184 endian.h \
185 features.h \
186 fcntl.h \
187 floatingpoint.h \
188 getopt.h \
189 glob.h \
190 ia.h \
191 iaf.h \
192 limits.h \
193 login.h \
194 maillock.h \
195 ndir.h \
196 net/if_tun.h \
197 netdb.h \
198 netgroup.h \
199 pam/pam_appl.h \
200 paths.h \
201 pty.h \
202 readpassphrase.h \
203 rpc/types.h \
204 security/pam_appl.h \
205 sha2.h \
206 shadow.h \
207 stddef.h \
208 stdint.h \
209 string.h \
210 strings.h \
211 sys/audit.h \
212 sys/bitypes.h \
213 sys/bsdtty.h \
214 sys/cdefs.h \
215 sys/dir.h \
216 sys/mman.h \
217 sys/ndir.h \
218 sys/prctl.h \
219 sys/pstat.h \
220 sys/select.h \
221 sys/stat.h \
222 sys/stream.h \
223 sys/stropts.h \
224 sys/strtio.h \
225 sys/sysmacros.h \
226 sys/time.h \
227 sys/timers.h \
228 sys/un.h \
229 time.h \
230 tmpdir.h \
231 ttyent.h \
232 unistd.h \
233 usersec.h \
234 util.h \
235 utime.h \
236 utmp.h \
237 utmpx.h \
238 vis.h \
239)
240
241# lastlog.h requires sys/time.h to be included first on Solaris
242AC_CHECK_HEADERS(lastlog.h, [], [], [
243#ifdef HAVE_SYS_TIME_H
244# include <sys/time.h>
245#endif
246])
247
248# sys/ptms.h requires sys/stream.h to be included first on Solaris
249AC_CHECK_HEADERS(sys/ptms.h, [], [], [
250#ifdef HAVE_SYS_STREAM_H
251# include <sys/stream.h>
252#endif
253])
254
255# login_cap.h requires sys/types.h on NetBSD
256AC_CHECK_HEADERS(login_cap.h, [], [], [
257#include <sys/types.h>
258])
259
9108f8d9 260# Messages for features tested for in target-specific section
261SIA_MSG="no"
262SPC_MSG="no"
263
3c0ef626 264# Check for some target-specific stuff
265case "$host" in
266*-*-aix*)
9108f8d9 267 # Some versions of VAC won't allow macro redefinitions at
268 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
269 # particularly with older versions of vac or xlc.
270 # It also throws errors about null macro argments, but these are
271 # not fatal.
272 AC_MSG_CHECKING(if compiler allows macro redefinitions)
273 AC_COMPILE_IFELSE(
274 [AC_LANG_SOURCE([[
275#define testmacro foo
276#define testmacro bar
277int main(void) { exit(0); }
278 ]])],
279 [ AC_MSG_RESULT(yes) ],
280 [ AC_MSG_RESULT(no)
281 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
282 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
283 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
284 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
285 ]
286 )
287
cdd66111 288 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
7e772e1f 289 if (test -z "$blibpath"); then
cdd66111 290 blibpath="/usr/lib:/lib"
7e772e1f 291 fi
292 saved_LDFLAGS="$LDFLAGS"
9108f8d9 293 if test "$GCC" = "yes"; then
294 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
295 else
296 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
297 fi
298 for tryflags in $flags ;do
7e772e1f 299 if (test -z "$blibflags"); then
300 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
301 AC_TRY_LINK([], [], [blibflags=$tryflags])
302 fi
303 done
304 if (test -z "$blibflags"); then
305 AC_MSG_RESULT(not found)
306 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
307 else
308 AC_MSG_RESULT($blibflags)
3c0ef626 309 fi
7e772e1f 310 LDFLAGS="$saved_LDFLAGS"
0fff78ff 311 dnl Check for authenticate. Might be in libs.a on older AIXes
2c06c99b 312 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
313 [Define if you want to enable AIX4's authenticate function])],
41b2f314 314 [AC_CHECK_LIB(s,authenticate,
315 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
316 LIBS="$LIBS -ls"
317 ])
318 ])
996d5e62 319 dnl Check for various auth function declarations in headers.
320 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
dec6d9fe 321 passwdexpired, setauthdb], , , [#include <usersec.h>])
0fff78ff 322 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
996d5e62 323 AC_CHECK_DECLS(loginfailed,
0fff78ff 324 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
325 AC_TRY_COMPILE(
326 [#include <usersec.h>],
327 [(void)loginfailed("user","host","tty",0);],
328 [AC_MSG_RESULT(yes)
2c06c99b 329 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
330 [Define if your AIX loginfailed() function
331 takes 4 arguments (AIX >= 5.2)])],
0fff78ff 332 [AC_MSG_RESULT(no)]
333 )],
334 [],
335 [#include <usersec.h>]
336 )
337 AC_CHECK_FUNCS(setauthdb)
9108f8d9 338 AC_CHECK_DECL(F_CLOSEM,
339 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
340 [],
341 [ #include <limits.h>
342 #include <fcntl.h> ]
343 )
996d5e62 344 check_for_aix_broken_getaddrinfo=1
2c06c99b 345 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
346 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
347 [Define if your platform breaks doing a seteuid before a setuid])
348 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
349 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
3c0ef626 350 dnl AIX handles lastlog as part of its login message
2c06c99b 351 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
352 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
353 [Some systems need a utmpx entry for /bin/login to work])
354 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
355 [Define to a Set Process Title type if your system is
356 supported by bsd-setproctitle.c])
357 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
358 [AIX 5.2 and 5.3 (and presumably newer) require this])
9108f8d9 359 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
3c0ef626 360 ;;
361*-*-cygwin*)
6a9b3198 362 check_for_libcrypt_later=1
799ae497 363 LIBS="$LIBS /usr/lib/textreadmode.o"
2c06c99b 364 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
365 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
366 AC_DEFINE(DISABLE_SHADOW, 1,
367 [Define if you want to disable shadow passwords])
368 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
369 [Define if your system choked on IP TOS setting])
370 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
371 [Define if X11 doesn't support AF_UNIX sockets on that system])
372 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
373 [Define if the concept of ports only accessible to
374 superusers isn't known])
375 AC_DEFINE(DISABLE_FD_PASSING, 1,
376 [Define if your platform needs to skip post auth
377 file descriptor passing])
3c0ef626 378 ;;
379*-*-dgux*)
380 AC_DEFINE(IP_TOS_IS_BROKEN)
cdd66111 381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 384 ;;
385*-*-darwin*)
41b2f314 386 AC_MSG_CHECKING(if we have working getaddrinfo)
387 AC_TRY_RUN([#include <mach-o/dyld.h>
388main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
389 exit(0);
390 else
391 exit(1);
392}], [AC_MSG_RESULT(working)],
393 [AC_MSG_RESULT(buggy)
2c06c99b 394 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
41b2f314 395 [AC_MSG_RESULT(assume it is working)])
acc3d05e 396 AC_DEFINE(SETEUID_BREAKS_SETUID)
397 AC_DEFINE(BROKEN_SETREUID)
398 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 399 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
400 [Define if your resolver libs need this for getrrsetbyname])
9108f8d9 401 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
402 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
403 [Use tunnel device compatibility to OpenBSD])
404 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
405 [Prepend the address family to IP tunnel traffic])
d617aef3 406 AC_MSG_CHECKING(if we have the Security Authorization Session API)
407 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
408 [SessionCreate(0, 0);],
409 [ac_cv_use_security_session_api="yes"
410 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
411 [platform has the Security Authorization Session API])
412 LIBS="$LIBS -framework Security"
413 AC_MSG_RESULT(yes)],
414 [ac_cv_use_security_session_api="no"
415 AC_MSG_RESULT(no)])
416 AC_MSG_CHECKING(if we have an in-memory credentials cache)
417 AC_TRY_COMPILE(
418 [#include <Kerberos/Kerberos.h>],
419 [cc_context_t c;
420 (void) cc_initialize (&c, 0, NULL, NULL);],
421 [AC_DEFINE(USE_CCAPI, 1,
422 [platform uses an in-memory credentials cache])
423 LIBS="$LIBS -framework Security"
424 AC_MSG_RESULT(yes)
425 if test "x$ac_cv_use_security_session_api" = "xno"; then
426 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
427 fi],
428 [AC_MSG_RESULT(no)]
429 )
430 ;;
9108f8d9 431*-*-dragonfly*)
432 SSHDLIBS="$SSHDLIBS -lcrypt"
3c0ef626 433 ;;
665a873d 434*-*-hpux*)
435 # first we define all of the options common to all HP-UX releases
3c0ef626 436 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
437 IPADDR_IN_DISPLAY=yes
3c0ef626 438 AC_DEFINE(USE_PIPES)
2c06c99b 439 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
440 [Define if your login program cannot handle end of options ("--")])
700318f3 441 AC_DEFINE(LOGIN_NEEDS_UTMPX)
2c06c99b 442 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
443 [String used in /etc/passwd to denote locked account])
0fff78ff 444 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
2c06c99b 445 MAIL="/var/mail/username"
41b2f314 446 LIBS="$LIBS -lsec"
665a873d 447 AC_CHECK_LIB(xnet, t_error, ,
448 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
449
450 # next, we define all of the options specific to major releases
451 case "$host" in
452 *-*-hpux10*)
453 if test -z "$GCC"; then
454 CFLAGS="$CFLAGS -Ae"
455 fi
456 ;;
457 *-*-hpux11*)
2c06c99b 458 AC_DEFINE(PAM_SUN_CODEBASE, 1,
459 [Define if you are using Solaris-derived PAM which
460 passes pam_messages to the conversation function
461 with an extra level of indirection])
462 AC_DEFINE(DISABLE_UTMP, 1,
463 [Define if you don't want to use utmp])
665a873d 464 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
465 check_for_hpux_broken_getaddrinfo=1
466 check_for_conflicting_getspnam=1
467 ;;
468 esac
469
470 # lastly, we define options specific to minor releases
471 case "$host" in
472 *-*-hpux10.26)
2c06c99b 473 AC_DEFINE(HAVE_SECUREWARE, 1,
474 [Define if you have SecureWare-based
475 protected password database])
665a873d 476 disable_ptmx_check=yes
477 LIBS="$LIBS -lsecpw"
478 ;;
479 esac
3c0ef626 480 ;;
481*-*-irix5*)
3c0ef626 482 PATH="$PATH:/usr/etc"
2c06c99b 483 AC_DEFINE(BROKEN_INET_NTOA, 1,
484 [Define if you system's inet_ntoa is busted
485 (e.g. Irix gcc issue)])
cdd66111 486 AC_DEFINE(SETEUID_BREAKS_SETUID)
487 AC_DEFINE(BROKEN_SETREUID)
488 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 489 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
490 [Define if you shouldn't strip 'tty' from your
491 ttyname in [uw]tmp])
0fff78ff 492 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 493 ;;
494*-*-irix6*)
3c0ef626 495 PATH="$PATH:/usr/etc"
2c06c99b 496 AC_DEFINE(WITH_IRIX_ARRAY, 1,
497 [Define if you have/want arrays
498 (cluster-wide session managment, not C arrays)])
499 AC_DEFINE(WITH_IRIX_PROJECT, 1,
500 [Define if you want IRIX project management])
501 AC_DEFINE(WITH_IRIX_AUDIT, 1,
502 [Define if you want IRIX audit trails])
503 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
504 [Define if you want IRIX kernel jobs])])
3c0ef626 505 AC_DEFINE(BROKEN_INET_NTOA)
acc3d05e 506 AC_DEFINE(SETEUID_BREAKS_SETUID)
507 AC_DEFINE(BROKEN_SETREUID)
508 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 509 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
700318f3 510 AC_DEFINE(WITH_ABBREV_NO_TTY)
0fff78ff 511 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 512 ;;
513*-*-linux*)
514 no_dev_ptmx=1
515 check_for_libcrypt_later=1
0fff78ff 516 check_for_openpty_ctty_bug=1
2c06c99b 517 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
518 AC_DEFINE(PAM_TTY_KLUDGE, 1,
519 [Work around problematic Linux PAM modules handling of PAM_TTY])
520 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
521 [String used in /etc/passwd to denote locked account])
0fff78ff 522 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
2c06c99b 523 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
524 [Define to whatever link() returns for "not supported"
525 if it doesn't return EOPNOTSUPP.])
996d5e62 526 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
2c06c99b 527 AC_DEFINE(USE_BTMP)
3c0ef626 528 inet6_default_4in6=yes
0fff78ff 529 case `uname -r` in
530 1.*|2.0.*)
2c06c99b 531 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
532 [Define if cmsg_type is not passed correctly])
0fff78ff 533 ;;
534 esac
2c06c99b 535 # tun(4) forwarding compat code
536 AC_CHECK_HEADERS(linux/if_tun.h)
537 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
538 AC_DEFINE(SSH_TUN_LINUX, 1,
539 [Open tunnel devices the Linux tun/tap way])
540 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
541 [Use tunnel device compatibility to OpenBSD])
542 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
543 [Prepend the address family to IP tunnel traffic])
544 fi
3c0ef626 545 ;;
546mips-sony-bsd|mips-sony-newsos4)
f2f068fa 547 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
3c0ef626 548 SONY=1
3c0ef626 549 ;;
550*-*-netbsd*)
41b2f314 551 check_for_libcrypt_before=1
dec6d9fe 552 if test "x$withval" != "xno" ; then
cdd66111 553 need_dash_r=1
554 fi
2c06c99b 555 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
556 AC_CHECK_HEADER([net/if_tap.h], ,
557 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
558 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
559 [Prepend the address family to IP tunnel traffic])
3c0ef626 560 ;;
561*-*-freebsd*)
562 check_for_libcrypt_later=1
2c06c99b 563 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
564 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
565 AC_CHECK_HEADER([net/if_tap.h], ,
566 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
3c0ef626 567 ;;
acc3d05e 568*-*-bsdi*)
569 AC_DEFINE(SETEUID_BREAKS_SETUID)
570 AC_DEFINE(BROKEN_SETREUID)
571 AC_DEFINE(BROKEN_SETREGID)
572 ;;
3c0ef626 573*-next-*)
574 conf_lastlog_location="/usr/adm/lastlog"
575 conf_utmp_location=/etc/utmp
576 conf_wtmp_location=/usr/adm/wtmp
577 MAIL=/usr/spool/mail
2c06c99b 578 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
3c0ef626 579 AC_DEFINE(BROKEN_REALPATH)
580 AC_DEFINE(USE_PIPES)
2c06c99b 581 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
3c0ef626 582 ;;
665a873d 583*-*-openbsd*)
584 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
2c06c99b 585 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
586 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
9108f8d9 587 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
588 [syslog_r function is safe to use in in a signal handler])
665a873d 589 ;;
3c0ef626 590*-*-solaris*)
dec6d9fe 591 if test "x$withval" != "xno" ; then
99be0775 592 need_dash_r=1
593 fi
3c0ef626 594 AC_DEFINE(PAM_SUN_CODEBASE)
595 AC_DEFINE(LOGIN_NEEDS_UTMPX)
2c06c99b 596 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
597 [Some versions of /bin/login need the TERM supplied
598 on the commandline])
3c0ef626 599 AC_DEFINE(PAM_TTY_KLUDGE)
2c06c99b 600 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
601 [Define if pam_chauthtok wants real uid set
602 to the unpriv'ed user])
0fff78ff 603 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
604 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
2c06c99b 605 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
606 [Define if sshd somehow reacquires a controlling TTY
607 after setsid()])
9108f8d9 608 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
609 in case the name is longer than 8 chars])
0fff78ff 610 external_path_file=/etc/default/login
3c0ef626 611 # hardwire lastlog location (can't detect it on some versions)
612 conf_lastlog_location="/var/adm/lastlog"
613 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
614 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
615 if test "$sol2ver" -ge 8; then
616 AC_MSG_RESULT(yes)
617 AC_DEFINE(DISABLE_UTMP)
2c06c99b 618 AC_DEFINE(DISABLE_WTMP, 1,
619 [Define if you don't want to use wtmp])
3c0ef626 620 else
621 AC_MSG_RESULT(no)
622 fi
9108f8d9 623 AC_ARG_WITH(solaris-contracts,
624 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
625 [
626 AC_CHECK_LIB(contract, ct_tmpl_activate,
627 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
628 [Define if you have Solaris process contracts])
629 SSHDLIBS="$SSHDLIBS -lcontract"
630 AC_SUBST(SSHDLIBS)
631 SPC_MSG="yes" ], )
632 ],
633 )
3c0ef626 634 ;;
635*-*-sunos4*)
636 CPPFLAGS="$CPPFLAGS -DSUNOS4"
637 AC_CHECK_FUNCS(getpwanam)
638 AC_DEFINE(PAM_SUN_CODEBASE)
3c0ef626 639 conf_utmp_location=/etc/utmp
640 conf_wtmp_location=/var/adm/wtmp
641 conf_lastlog_location=/var/adm/lastlog
642 AC_DEFINE(USE_PIPES)
643 ;;
644*-ncr-sysv*)
3c0ef626 645 LIBS="$LIBS -lc89"
e9a17296 646 AC_DEFINE(USE_PIPES)
0fff78ff 647 AC_DEFINE(SSHD_ACQUIRES_CTTY)
acc3d05e 648 AC_DEFINE(SETEUID_BREAKS_SETUID)
649 AC_DEFINE(BROKEN_SETREUID)
650 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 651 ;;
652*-sni-sysv*)
3c0ef626 653 # /usr/ucblib MUST NOT be searched on ReliantUNIX
cdd66111 654 AC_CHECK_LIB(dl, dlsym, ,)
2c06c99b 655 # -lresolv needs to be at the end of LIBS or DNS lookups break
656 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
3c0ef626 657 IPADDR_IN_DISPLAY=yes
658 AC_DEFINE(USE_PIPES)
659 AC_DEFINE(IP_TOS_IS_BROKEN)
cdd66111 660 AC_DEFINE(SETEUID_BREAKS_SETUID)
661 AC_DEFINE(BROKEN_SETREUID)
662 AC_DEFINE(BROKEN_SETREGID)
0fff78ff 663 AC_DEFINE(SSHD_ACQUIRES_CTTY)
664 external_path_file=/etc/default/login
3c0ef626 665 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
666 # Attention: always take care to bind libsocket and libnsl before libc,
667 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
668 ;;
996d5e62 669# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
3c0ef626 670*-*-sysv4.2*)
3c0ef626 671 AC_DEFINE(USE_PIPES)
0fff78ff 672 AC_DEFINE(SETEUID_BREAKS_SETUID)
673 AC_DEFINE(BROKEN_SETREUID)
674 AC_DEFINE(BROKEN_SETREGID)
dec6d9fe 675 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
2c06c99b 676 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 677 ;;
996d5e62 678# UnixWare 7.x, OpenUNIX 8
3c0ef626 679*-*-sysv5*)
665a873d 680 check_for_libcrypt_later=1
681 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
3c0ef626 682 AC_DEFINE(USE_PIPES)
0fff78ff 683 AC_DEFINE(SETEUID_BREAKS_SETUID)
684 AC_DEFINE(BROKEN_SETREUID)
685 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 686 AC_DEFINE(PASSWD_NEEDS_USERNAME)
665a873d 687 case "$host" in
688 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
689 TEST_SHELL=/u95/bin/sh
2c06c99b 690 AC_DEFINE(BROKEN_LIBIAF, 1,
691 [ia_uinfo routines not supported by OS yet])
9108f8d9 692 AC_DEFINE(BROKEN_UPDWTMPX)
2c06c99b 693 ;;
694 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
665a873d 695 ;;
696 esac
3c0ef626 697 ;;
698*-*-sysv*)
3c0ef626 699 ;;
996d5e62 700# SCO UNIX and OEM versions of SCO UNIX
3c0ef626 701*-*-sco3.2v4*)
996d5e62 702 AC_MSG_ERROR("This Platform is no longer supported.")
3c0ef626 703 ;;
996d5e62 704# SCO OpenServer 5.x
3c0ef626 705*-*-sco3.2v5*)
6a9b3198 706 if test -z "$GCC"; then
707 CFLAGS="$CFLAGS -belf"
708 fi
3c0ef626 709 LIBS="$LIBS -lprot -lx -ltinfo -lm"
710 no_dev_ptmx=1
3c0ef626 711 AC_DEFINE(USE_PIPES)
700318f3 712 AC_DEFINE(HAVE_SECUREWARE)
3c0ef626 713 AC_DEFINE(DISABLE_SHADOW)
41b2f314 714 AC_DEFINE(DISABLE_FD_PASSING)
0fff78ff 715 AC_DEFINE(SETEUID_BREAKS_SETUID)
716 AC_DEFINE(BROKEN_SETREUID)
717 AC_DEFINE(BROKEN_SETREGID)
718 AC_DEFINE(WITH_ABBREV_NO_TTY)
c9f39d2c 719 AC_DEFINE(BROKEN_UPDWTMPX)
2c06c99b 720 AC_DEFINE(PASSWD_NEEDS_USERNAME)
3c0ef626 721 AC_CHECK_FUNCS(getluid setluid)
722 MANTYPE=man
c9f39d2c 723 TEST_SHELL=ksh
3c0ef626 724 ;;
41b2f314 725*-*-unicosmk*)
2c06c99b 726 AC_DEFINE(NO_SSH_LASTLOG, 1,
727 [Define if you don't want to use lastlog in session.c])
cdd66111 728 AC_DEFINE(SETEUID_BREAKS_SETUID)
729 AC_DEFINE(BROKEN_SETREUID)
730 AC_DEFINE(BROKEN_SETREGID)
41b2f314 731 AC_DEFINE(USE_PIPES)
732 AC_DEFINE(DISABLE_FD_PASSING)
733 LDFLAGS="$LDFLAGS"
734 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
735 MANTYPE=cat
736 ;;
0fff78ff 737*-*-unicosmp*)
cdd66111 738 AC_DEFINE(SETEUID_BREAKS_SETUID)
739 AC_DEFINE(BROKEN_SETREUID)
740 AC_DEFINE(BROKEN_SETREGID)
0fff78ff 741 AC_DEFINE(WITH_ABBREV_NO_TTY)
742 AC_DEFINE(USE_PIPES)
743 AC_DEFINE(DISABLE_FD_PASSING)
744 LDFLAGS="$LDFLAGS"
cdd66111 745 LIBS="$LIBS -lgen -lacid -ldb"
0fff78ff 746 MANTYPE=cat
747 ;;
3c0ef626 748*-*-unicos*)
cdd66111 749 AC_DEFINE(SETEUID_BREAKS_SETUID)
750 AC_DEFINE(BROKEN_SETREUID)
751 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 752 AC_DEFINE(USE_PIPES)
41b2f314 753 AC_DEFINE(DISABLE_FD_PASSING)
754 AC_DEFINE(NO_SSH_LASTLOG)
755 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
756 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
757 MANTYPE=cat
3c0ef626 758 ;;
759*-dec-osf*)
760 AC_MSG_CHECKING(for Digital Unix SIA)
761 no_osfsia=""
762 AC_ARG_WITH(osfsia,
763 [ --with-osfsia Enable Digital Unix SIA],
764 [
765 if test "x$withval" = "xno" ; then
766 AC_MSG_RESULT(disabled)
767 no_osfsia=1
768 fi
769 ],
770 )
771 if test -z "$no_osfsia" ; then
772 if test -f /etc/sia/matrix.conf; then
773 AC_MSG_RESULT(yes)
2c06c99b 774 AC_DEFINE(HAVE_OSF_SIA, 1,
775 [Define if you have Digital Unix Security
776 Integration Architecture])
777 AC_DEFINE(DISABLE_LOGIN, 1,
778 [Define if you don't want to use your
779 system's login() call])
6a9b3198 780 AC_DEFINE(DISABLE_FD_PASSING)
3c0ef626 781 LIBS="$LIBS -lsecurity -ldb -lm -laud"
9108f8d9 782 SIA_MSG="yes"
3c0ef626 783 else
784 AC_MSG_RESULT(no)
2c06c99b 785 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
786 [String used in /etc/passwd to denote locked account])
3c0ef626 787 fi
788 fi
0fff78ff 789 AC_DEFINE(BROKEN_GETADDRINFO)
acc3d05e 790 AC_DEFINE(SETEUID_BREAKS_SETUID)
791 AC_DEFINE(BROKEN_SETREUID)
792 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 793 ;;
794
f2f068fa 795*-*-nto-qnx*)
3c0ef626 796 AC_DEFINE(USE_PIPES)
797 AC_DEFINE(NO_X11_UNIX_SOCKETS)
2c06c99b 798 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
799 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
800 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
f2f068fa 801 AC_DEFINE(DISABLE_LASTLOG)
9108f8d9 802 AC_DEFINE(SSHD_ACQUIRES_CTTY)
803 enable_etc_default_login=no # has incompatible /etc/default/login
3c0ef626 804 ;;
665a873d 805
806*-*-ultrix*)
2c06c99b 807 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
808 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
f2f068fa 809 AC_DEFINE(NEED_SETPGRP)
665a873d 810 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
811 ;;
812
813*-*-lynxos)
814 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
2c06c99b 815 AC_DEFINE(MISSING_HOWMANY)
665a873d 816 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
817 ;;
3c0ef626 818esac
819
0fff78ff 820AC_MSG_CHECKING(compiler and flags for sanity)
996d5e62 821AC_RUN_IFELSE(
822 [AC_LANG_SOURCE([
0fff78ff 823#include <stdio.h>
824int main(){exit(0);}
996d5e62 825 ])],
0fff78ff 826 [ AC_MSG_RESULT(yes) ],
827 [
828 AC_MSG_RESULT(no)
829 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
996d5e62 830 ],
831 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
0fff78ff 832)
833
665a873d 834dnl Checks for header files.
3c0ef626 835# Checks for libraries.
836AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
837AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
838
0fff78ff 839dnl IRIX and Solaris 2.5.1 have dirname() in libgen
840AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
841 AC_CHECK_LIB(gen, dirname,[
842 AC_CACHE_CHECK([for broken dirname],
843 ac_cv_have_broken_dirname, [
844 save_LIBS="$LIBS"
845 LIBS="$LIBS -lgen"
2c06c99b 846 AC_RUN_IFELSE(
847 [AC_LANG_SOURCE([[
0fff78ff 848#include <libgen.h>
849#include <string.h>
850
851int main(int argc, char **argv) {
852 char *s, buf[32];
853
854 strncpy(buf,"/etc", 32);
855 s = dirname(buf);
856 if (!s || strncmp(s, "/", 32) != 0) {
857 exit(1);
858 } else {
859 exit(0);
860 }
861}
2c06c99b 862 ]])],
863 [ ac_cv_have_broken_dirname="no" ],
864 [ ac_cv_have_broken_dirname="yes" ],
0fff78ff 865 [ ac_cv_have_broken_dirname="no" ],
0fff78ff 866 )
867 LIBS="$save_LIBS"
868 ])
869 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
870 LIBS="$LIBS -lgen"
871 AC_DEFINE(HAVE_DIRNAME)
872 AC_CHECK_HEADERS(libgen.h)
873 fi
874 ])
875])
876
3c0ef626 877AC_CHECK_FUNC(getspnam, ,
878 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
2c06c99b 879AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
880 [Define if you have the basename function.]))
3c0ef626 881
882dnl zlib is required
883AC_ARG_WITH(zlib,
884 [ --with-zlib=PATH Use zlib in PATH],
dec6d9fe 885 [ if test "x$withval" = "xno" ; then
886 AC_MSG_ERROR([*** zlib is required ***])
887 elif test "x$withval" != "xyes"; then
3c0ef626 888 if test -d "$withval/lib"; then
889 if test -n "${need_dash_r}"; then
890 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
891 else
892 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
893 fi
894 else
895 if test -n "${need_dash_r}"; then
896 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
897 else
898 LDFLAGS="-L${withval} ${LDFLAGS}"
899 fi
900 fi
901 if test -d "$withval/include"; then
902 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
903 else
904 CPPFLAGS="-I${withval} ${CPPFLAGS}"
905 fi
dec6d9fe 906 fi ]
3c0ef626 907)
908
cdd66111 909AC_CHECK_LIB(z, deflate, ,
910 [
911 saved_CPPFLAGS="$CPPFLAGS"
912 saved_LDFLAGS="$LDFLAGS"
913 save_LIBS="$LIBS"
914 dnl Check default zlib install dir
915 if test -n "${need_dash_r}"; then
916 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
917 else
918 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
919 fi
920 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
921 LIBS="$LIBS -lz"
922 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
923 [
924 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
925 ]
926 )
927 ]
928)
929AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
930
931AC_ARG_WITH(zlib-version-check,
932 [ --without-zlib-version-check Disable zlib version check],
933 [ if test "x$withval" = "xno" ; then
934 zlib_check_nonfatal=1
935 fi
936 ]
937)
938
dec6d9fe 939AC_MSG_CHECKING(for possibly buggy zlib)
996d5e62 940AC_RUN_IFELSE([AC_LANG_SOURCE([[
dec6d9fe 941#include <stdio.h>
cdd66111 942#include <zlib.h>
943int main()
944{
dec6d9fe 945 int a=0, b=0, c=0, d=0, n, v;
946 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
947 if (n != 3 && n != 4)
cdd66111 948 exit(1);
dec6d9fe 949 v = a*1000000 + b*10000 + c*100 + d;
950 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
951
952 /* 1.1.4 is OK */
953 if (a == 1 && b == 1 && c >= 4)
cdd66111 954 exit(0);
dec6d9fe 955
665a873d 956 /* 1.2.3 and up are OK */
957 if (v >= 1020300)
dec6d9fe 958 exit(0);
959
cdd66111 960 exit(2);
961}
996d5e62 962 ]])],
dec6d9fe 963 AC_MSG_RESULT(no),
964 [ AC_MSG_RESULT(yes)
cdd66111 965 if test -z "$zlib_check_nonfatal" ; then
966 AC_MSG_ERROR([*** zlib too old - check config.log ***
967Your reported zlib version has known security problems. It's possible your
968vendor has fixed these problems without changing the version number. If you
969are sure this is the case, you can disable the check by running
970"./configure --without-zlib-version-check".
665a873d 971If you are in doubt, upgrade zlib to version 1.2.3 or greater.
dec6d9fe 972See http://www.gzip.org/zlib/ for details.])
cdd66111 973 else
974 AC_MSG_WARN([zlib version may have security problems])
975 fi
996d5e62 976 ],
977 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
cdd66111 978)
3c0ef626 979
3c0ef626 980dnl UnixWare 2.x
cdd66111 981AC_CHECK_FUNC(strcasecmp,
3c0ef626 982 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
983)
2c06c99b 984AC_CHECK_FUNCS(utimes,
41b2f314 985 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
986 LIBS="$LIBS -lc89"]) ]
3c0ef626 987)
988
989dnl Checks for libutil functions
990AC_CHECK_HEADERS(libutil.h)
2c06c99b 991AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
992 [Define if your libraries define login()])])
3c0ef626 993AC_CHECK_FUNCS(logout updwtmp logwtmp)
994
995AC_FUNC_STRFTIME
996
3c0ef626 997# Check for ALTDIRFUNC glob() extension
998AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
999AC_EGREP_CPP(FOUNDIT,
1000 [
1001 #include <glob.h>
1002 #ifdef GLOB_ALTDIRFUNC
1003 FOUNDIT
1004 #endif
cdd66111 1005 ],
3c0ef626 1006 [
2c06c99b 1007 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1008 [Define if your system glob() function has
1009 the GLOB_ALTDIRFUNC extension])
3c0ef626 1010 AC_MSG_RESULT(yes)
1011 ],
1012 [
1013 AC_MSG_RESULT(no)
1014 ]
1015)
1016
1017# Check for g.gl_matchc glob() extension
1018AC_MSG_CHECKING(for gl_matchc field in glob_t)
9108f8d9 1019AC_TRY_COMPILE(
1020 [ #include <glob.h> ],
1021 [glob_t g; g.gl_matchc = 1;],
cdd66111 1022 [
2c06c99b 1023 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1024 [Define if your system glob() function has
1025 gl_matchc options in glob_t])
cdd66111 1026 AC_MSG_RESULT(yes)
1027 ],
1028 [
1029 AC_MSG_RESULT(no)
1030 ]
3c0ef626 1031)
1032
9108f8d9 1033AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1034
3c0ef626 1035AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
996d5e62 1036AC_RUN_IFELSE(
1037 [AC_LANG_SOURCE([[
3c0ef626 1038#include <sys/types.h>
1039#include <dirent.h>
41b2f314 1040int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
996d5e62 1041 ]])],
cdd66111 1042 [AC_MSG_RESULT(yes)],
3c0ef626 1043 [
1044 AC_MSG_RESULT(no)
2c06c99b 1045 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1046 [Define if your struct dirent expects you to
1047 allocate extra space for d_name])
996d5e62 1048 ],
dec6d9fe 1049 [
996d5e62 1050 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1051 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
3c0ef626 1052 ]
1053)
1054
c9f39d2c 1055AC_MSG_CHECKING([for /proc/pid/fd directory])
1056if test -d "/proc/$$/fd" ; then
2c06c99b 1057 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
c9f39d2c 1058 AC_MSG_RESULT(yes)
1059else
1060 AC_MSG_RESULT(no)
1061fi
1062
3c0ef626 1063# Check whether user wants S/Key support
cdd66111 1064SKEY_MSG="no"
3c0ef626 1065AC_ARG_WITH(skey,
996d5e62 1066 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
3c0ef626 1067 [
1068 if test "x$withval" != "xno" ; then
1069
1070 if test "x$withval" != "xyes" ; then
1071 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1072 LDFLAGS="$LDFLAGS -L${withval}/lib"
1073 fi
1074
2c06c99b 1075 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
3c0ef626 1076 LIBS="-lskey $LIBS"
cdd66111 1077 SKEY_MSG="yes"
dec6d9fe 1078
e9a17296 1079 AC_MSG_CHECKING([for s/key support])
2c06c99b 1080 AC_LINK_IFELSE(
1081 [AC_LANG_SOURCE([[
e9a17296 1082#include <stdio.h>
1083#include <skey.h>
41b2f314 1084int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
2c06c99b 1085 ]])],
e9a17296 1086 [AC_MSG_RESULT(yes)],
3c0ef626 1087 [
e9a17296 1088 AC_MSG_RESULT(no)
3c0ef626 1089 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1090 ])
99be0775 1091 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1092 AC_TRY_COMPILE(
1093 [#include <stdio.h>
1094 #include <skey.h>],
1095 [(void)skeychallenge(NULL,"name","",0);],
1096 [AC_MSG_RESULT(yes)
2c06c99b 1097 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1098 [Define if your skeychallenge()
1099 function takes 4 arguments (NetBSD)])],
99be0775 1100 [AC_MSG_RESULT(no)]
1101 )
3c0ef626 1102 fi
1103 ]
1104)
1105
1106# Check whether user wants TCP wrappers support
1107TCPW_MSG="no"
1108AC_ARG_WITH(tcp-wrappers,
996d5e62 1109 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
3c0ef626 1110 [
1111 if test "x$withval" != "xno" ; then
1112 saved_LIBS="$LIBS"
1113 saved_LDFLAGS="$LDFLAGS"
1114 saved_CPPFLAGS="$CPPFLAGS"
dec6d9fe 1115 if test -n "${withval}" && \
1116 test "x${withval}" != "xyes"; then
3c0ef626 1117 if test -d "${withval}/lib"; then
1118 if test -n "${need_dash_r}"; then
1119 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1120 else
1121 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1122 fi
1123 else
1124 if test -n "${need_dash_r}"; then
1125 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1126 else
1127 LDFLAGS="-L${withval} ${LDFLAGS}"
1128 fi
1129 fi
1130 if test -d "${withval}/include"; then
1131 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1132 else
1133 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1134 fi
1135 fi
e9a17296 1136 LIBWRAP="-lwrap"
1137 LIBS="$LIBWRAP $LIBS"
3c0ef626 1138 AC_MSG_CHECKING(for libwrap)
1139 AC_TRY_LINK(
1140 [
99be0775 1141#include <sys/types.h>
1142#include <sys/socket.h>
1143#include <netinet/in.h>
3c0ef626 1144#include <tcpd.h>
1145 int deny_severity = 0, allow_severity = 0;
1146 ],
1147 [hosts_access(0);],
1148 [
1149 AC_MSG_RESULT(yes)
2c06c99b 1150 AC_DEFINE(LIBWRAP, 1,
1151 [Define if you want
1152 TCP Wrappers support])
e9a17296 1153 AC_SUBST(LIBWRAP)
3c0ef626 1154 TCPW_MSG="yes"
1155 ],
1156 [
1157 AC_MSG_ERROR([*** libwrap missing])
1158 ]
1159 )
e9a17296 1160 LIBS="$saved_LIBS"
3c0ef626 1161 fi
1162 ]
1163)
1164
996d5e62 1165# Check whether user wants libedit support
1166LIBEDIT_MSG="no"
1167AC_ARG_WITH(libedit,
1168 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1169 [ if test "x$withval" != "xno" ; then
dec6d9fe 1170 if test "x$withval" != "xyes"; then
2c06c99b 1171 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1172 if test -n "${need_dash_r}"; then
1173 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1174 else
1175 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1176 fi
dec6d9fe 1177 fi
996d5e62 1178 AC_CHECK_LIB(edit, el_init,
2c06c99b 1179 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
996d5e62 1180 LIBEDIT="-ledit -lcurses"
1181 LIBEDIT_MSG="yes"
1182 AC_SUBST(LIBEDIT)
1183 ],
dec6d9fe 1184 [ AC_MSG_ERROR(libedit not found) ],
1185 [ -lcurses ]
996d5e62 1186 )
665a873d 1187 AC_MSG_CHECKING(if libedit version is compatible)
1188 AC_COMPILE_IFELSE(
1189 [AC_LANG_SOURCE([[
1190#include <histedit.h>
1191int main(void)
1192{
1193 int i = H_SETSIZE;
1194 el_init("", NULL, NULL, NULL);
1195 exit(0);
1196}
1197 ]])],
1198 [ AC_MSG_RESULT(yes) ],
1199 [ AC_MSG_RESULT(no)
1200 AC_MSG_ERROR(libedit version is not compatible) ]
1201 )
996d5e62 1202 fi ]
1203)
1204
1205AUDIT_MODULE=none
1206AC_ARG_WITH(audit,
1207 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1208 [
1209 AC_MSG_CHECKING(for supported audit module)
1210 case "$withval" in
1211 bsm)
1212 AC_MSG_RESULT(bsm)
1213 AUDIT_MODULE=bsm
1214 dnl Checks for headers, libs and functions
1215 AC_CHECK_HEADERS(bsm/audit.h, [],
9108f8d9 1216 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1217 [
1218#ifdef HAVE_TIME_H
1219# include <time.h>
1220#endif
1221 ]
1222)
996d5e62 1223 AC_CHECK_LIB(bsm, getaudit, [],
1224 [AC_MSG_ERROR(BSM enabled and required library not found)])
1225 AC_CHECK_FUNCS(getaudit, [],
1226 [AC_MSG_ERROR(BSM enabled and required function not found)])
1227 # These are optional
1228 AC_CHECK_FUNCS(getaudit_addr)
2c06c99b 1229 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
996d5e62 1230 ;;
1231 debug)
1232 AUDIT_MODULE=debug
1233 AC_MSG_RESULT(debug)
2c06c99b 1234 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
996d5e62 1235 ;;
665a873d 1236 no)
1237 AC_MSG_RESULT(no)
1238 ;;
996d5e62 1239 *)
1240 AC_MSG_ERROR([Unknown audit module $withval])
1241 ;;
1242 esac ]
1243)
1244
6a9b3198 1245dnl Checks for library functions. Please keep in alphabetical order
665a873d 1246AC_CHECK_FUNCS( \
1247 arc4random \
2c06c99b 1248 asprintf \
665a873d 1249 b64_ntop \
1250 __b64_ntop \
1251 b64_pton \
1252 __b64_pton \
1253 bcopy \
1254 bindresvport_sa \
1255 clock \
1256 closefrom \
1257 dirfd \
1258 fchmod \
1259 fchown \
1260 freeaddrinfo \
1261 futimes \
1262 getaddrinfo \
1263 getcwd \
1264 getgrouplist \
1265 getnameinfo \
1266 getopt \
1267 getpeereid \
1268 _getpty \
1269 getrlimit \
1270 getttyent \
1271 glob \
1272 inet_aton \
1273 inet_ntoa \
1274 inet_ntop \
1275 innetgr \
1276 login_getcapbool \
1277 md5_crypt \
1278 memmove \
1279 mkdtemp \
1280 mmap \
1281 ngetaddrinfo \
1282 nsleep \
1283 ogetaddrinfo \
1284 openlog_r \
1285 openpty \
1286 prctl \
1287 pstat \
1288 readpassphrase \
1289 realpath \
1290 recvmsg \
1291 rresvport_af \
1292 sendmsg \
1293 setdtablesize \
1294 setegid \
1295 setenv \
1296 seteuid \
1297 setgroups \
1298 setlogin \
1299 setpcred \
1300 setproctitle \
1301 setregid \
1302 setreuid \
1303 setrlimit \
1304 setsid \
1305 setvbuf \
1306 sigaction \
1307 sigvec \
1308 snprintf \
1309 socketpair \
1310 strdup \
1311 strerror \
1312 strlcat \
1313 strlcpy \
1314 strmode \
1315 strnvis \
1316 strtonum \
1317 strtoll \
1318 strtoul \
1319 sysconf \
1320 tcgetpgrp \
1321 truncate \
1322 unsetenv \
1323 updwtmpx \
2c06c99b 1324 vasprintf \
665a873d 1325 vhangup \
1326 vsnprintf \
1327 waitpid \
6a9b3198 1328)
1329
acc3d05e 1330# IRIX has a const char return value for gai_strerror()
1331AC_CHECK_FUNCS(gai_strerror,[
1332 AC_DEFINE(HAVE_GAI_STRERROR)
1333 AC_TRY_COMPILE([
1334#include <sys/types.h>
1335#include <sys/socket.h>
1336#include <netdb.h>
1337
1338const char *gai_strerror(int);],[
1339char *str;
1340
1341str = gai_strerror(0);],[
1342 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1343 [Define if gai_strerror() returns const char *])])])
1344
2c06c99b 1345AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1346 [Some systems put nanosleep outside of libc]))
6a9b3198 1347
0fff78ff 1348dnl Make sure prototypes are defined for these before using them.
0fff78ff 1349AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
665a873d 1350AC_CHECK_DECL(strsep,
1351 [AC_CHECK_FUNCS(strsep)],
1352 [],
1353 [
1354#ifdef HAVE_STRING_H
1355# include <string.h>
1356#endif
1357 ])
3c0ef626 1358
0fff78ff 1359dnl tcsendbreak might be a macro
1360AC_CHECK_DECL(tcsendbreak,
1361 [AC_DEFINE(HAVE_TCSENDBREAK)],
cdd66111 1362 [AC_CHECK_FUNCS(tcsendbreak)],
0fff78ff 1363 [#include <termios.h>]
1364)
3c0ef626 1365
c9f39d2c 1366AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1367
9108f8d9 1368AC_CHECK_DECLS(SHUT_RD, , ,
1369 [
1370#include <sys/types.h>
1371#include <sys/socket.h>
1372 ])
1373
1374AC_CHECK_DECLS(O_NONBLOCK, , ,
1375 [
1376#include <sys/types.h>
1377#ifdef HAVE_SYS_STAT_H
1378# include <sys/stat.h>
1379#endif
1380#ifdef HAVE_FCNTL_H
1381# include <fcntl.h>
1382#endif
1383 ])
1384
1385AC_CHECK_DECLS(writev, , , [
1386#include <sys/types.h>
1387#include <sys/uio.h>
1388#include <unistd.h>
1389 ])
1390
cdd66111 1391AC_CHECK_FUNCS(setresuid, [
1392 dnl Some platorms have setresuid that isn't implemented, test for this
1393 AC_MSG_CHECKING(if setresuid seems to work)
996d5e62 1394 AC_RUN_IFELSE(
1395 [AC_LANG_SOURCE([[
cdd66111 1396#include <stdlib.h>
1397#include <errno.h>
1398int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
996d5e62 1399 ]])],
cdd66111 1400 [AC_MSG_RESULT(yes)],
2c06c99b 1401 [AC_DEFINE(BROKEN_SETRESUID, 1,
1402 [Define if your setresuid() is broken])
996d5e62 1403 AC_MSG_RESULT(not implemented)],
1404 [AC_MSG_WARN([cross compiling: not checking setresuid])]
cdd66111 1405 )
1406])
1407
1408AC_CHECK_FUNCS(setresgid, [
1409 dnl Some platorms have setresgid that isn't implemented, test for this
1410 AC_MSG_CHECKING(if setresgid seems to work)
996d5e62 1411 AC_RUN_IFELSE(
1412 [AC_LANG_SOURCE([[
cdd66111 1413#include <stdlib.h>
1414#include <errno.h>
1415int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
996d5e62 1416 ]])],
cdd66111 1417 [AC_MSG_RESULT(yes)],
2c06c99b 1418 [AC_DEFINE(BROKEN_SETRESGID, 1,
1419 [Define if your setresgid() is broken])
996d5e62 1420 AC_MSG_RESULT(not implemented)],
1421 [AC_MSG_WARN([cross compiling: not checking setresuid])]
cdd66111 1422 )
1423])
1424
3c0ef626 1425dnl Checks for time functions
1426AC_CHECK_FUNCS(gettimeofday time)
1427dnl Checks for utmp functions
1428AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1429AC_CHECK_FUNCS(utmpname)
1430dnl Checks for utmpx functions
1431AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1432AC_CHECK_FUNCS(setutxent utmpxname)
1433
cdd66111 1434AC_CHECK_FUNC(daemon,
2c06c99b 1435 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1436 [AC_CHECK_LIB(bsd, daemon,
1437 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
3c0ef626 1438)
1439
cdd66111 1440AC_CHECK_FUNC(getpagesize,
2c06c99b 1441 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1442 [Define if your libraries define getpagesize()])],
1443 [AC_CHECK_LIB(ucb, getpagesize,
1444 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
3c0ef626 1445)
1446
1447# Check for broken snprintf
1448if test "x$ac_cv_func_snprintf" = "xyes" ; then
1449 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
996d5e62 1450 AC_RUN_IFELSE(
1451 [AC_LANG_SOURCE([[
3c0ef626 1452#include <stdio.h>
41b2f314 1453int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
996d5e62 1454 ]])],
cdd66111 1455 [AC_MSG_RESULT(yes)],
3c0ef626 1456 [
1457 AC_MSG_RESULT(no)
2c06c99b 1458 AC_DEFINE(BROKEN_SNPRINTF, 1,
1459 [Define if your snprintf is busted])
3c0ef626 1460 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
996d5e62 1461 ],
1462 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
3c0ef626 1463 )
1464fi
1465
2c06c99b 1466# If we don't have a working asprintf, then we strongly depend on vsnprintf
1467# returning the right thing on overflow: the number of characters it tried to
1468# create (as per SUSv3)
1469if test "x$ac_cv_func_asprintf" != "xyes" && \
1470 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1471 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1472 AC_RUN_IFELSE(
1473 [AC_LANG_SOURCE([[
1474#include <sys/types.h>
1475#include <stdio.h>
1476#include <stdarg.h>
1477
1478int x_snprintf(char *str,size_t count,const char *fmt,...)
1479{
1480 size_t ret; va_list ap;
1481 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1482 return ret;
1483}
1484int main(void)
1485{
1486 char x[1];
1487 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1488} ]])],
1489 [AC_MSG_RESULT(yes)],
1490 [
1491 AC_MSG_RESULT(no)
1492 AC_DEFINE(BROKEN_SNPRINTF, 1,
1493 [Define if your snprintf is busted])
1494 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1495 ],
1496 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1497 )
1498fi
1499
1500# On systems where [v]snprintf is broken, but is declared in stdio,
1501# check that the fmt argument is const char * or just char *.
1502# This is only useful for when BROKEN_SNPRINTF
1503AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1504AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1505 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1506 int main(void) { snprintf(0, 0, 0); }
1507 ]])],
1508 [AC_MSG_RESULT(yes)
1509 AC_DEFINE(SNPRINTF_CONST, [const],
1510 [Define as const if snprintf() can declare const char *fmt])],
1511 [AC_MSG_RESULT(no)
1512 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1513
c9f39d2c 1514# Check for missing getpeereid (or equiv) support
1515NO_PEERCHECK=""
1516if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1517 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1518 AC_TRY_COMPILE(
1519 [#include <sys/types.h>
1520 #include <sys/socket.h>],
1521 [int i = SO_PEERCRED;],
dec6d9fe 1522 [ AC_MSG_RESULT(yes)
2c06c99b 1523 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
dec6d9fe 1524 ],
c9f39d2c 1525 [AC_MSG_RESULT(no)
1526 NO_PEERCHECK=1]
1527 )
1528fi
1529
6a9b3198 1530dnl see whether mkstemp() requires XXXXXX
1531if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1532AC_MSG_CHECKING([for (overly) strict mkstemp])
2c06c99b 1533AC_RUN_IFELSE(
1534 [AC_LANG_SOURCE([[
6a9b3198 1535#include <stdlib.h>
1536main() { char template[]="conftest.mkstemp-test";
1537if (mkstemp(template) == -1)
1538 exit(1);
1539unlink(template); exit(0);
1540}
2c06c99b 1541 ]])],
6a9b3198 1542 [
1543 AC_MSG_RESULT(no)
1544 ],
cdd66111 1545 [
6a9b3198 1546 AC_MSG_RESULT(yes)
2c06c99b 1547 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
6a9b3198 1548 ],
1549 [
1550 AC_MSG_RESULT(yes)
1551 AC_DEFINE(HAVE_STRICT_MKSTEMP)
cdd66111 1552 ]
6a9b3198 1553)
1554fi
1555
0fff78ff 1556dnl make sure that openpty does not reacquire controlling terminal
1557if test ! -z "$check_for_openpty_ctty_bug"; then
1558 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
2c06c99b 1559 AC_RUN_IFELSE(
1560 [AC_LANG_SOURCE([[
0fff78ff 1561#include <stdio.h>
1562#include <sys/fcntl.h>
1563#include <sys/types.h>
1564#include <sys/wait.h>
1565
1566int
1567main()
1568{
1569 pid_t pid;
1570 int fd, ptyfd, ttyfd, status;
1571
1572 pid = fork();
1573 if (pid < 0) { /* failed */
1574 exit(1);
1575 } else if (pid > 0) { /* parent */
1576 waitpid(pid, &status, 0);
cdd66111 1577 if (WIFEXITED(status))
0fff78ff 1578 exit(WEXITSTATUS(status));
1579 else
1580 exit(2);
1581 } else { /* child */
1582 close(0); close(1); close(2);
1583 setsid();
1584 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1585 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1586 if (fd >= 0)
1587 exit(3); /* Acquired ctty: broken */
1588 else
1589 exit(0); /* Did not acquire ctty: OK */
1590 }
1591}
2c06c99b 1592 ]])],
0fff78ff 1593 [
1594 AC_MSG_RESULT(yes)
1595 ],
1596 [
1597 AC_MSG_RESULT(no)
1598 AC_DEFINE(SSHD_ACQUIRES_CTTY)
2c06c99b 1599 ],
1600 [
1601 AC_MSG_RESULT(cross-compiling, assuming yes)
0fff78ff 1602 ]
1603 )
1604fi
1605
dec6d9fe 1606if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1607 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
99be0775 1608 AC_MSG_CHECKING(if getaddrinfo seems to work)
2c06c99b 1609 AC_RUN_IFELSE(
1610 [AC_LANG_SOURCE([[
99be0775 1611#include <stdio.h>
1612#include <sys/socket.h>
1613#include <netdb.h>
1614#include <errno.h>
1615#include <netinet/in.h>
1616
1617#define TEST_PORT "2222"
1618
1619int
1620main(void)
1621{
1622 int err, sock;
1623 struct addrinfo *gai_ai, *ai, hints;
1624 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1625
1626 memset(&hints, 0, sizeof(hints));
1627 hints.ai_family = PF_UNSPEC;
1628 hints.ai_socktype = SOCK_STREAM;
1629 hints.ai_flags = AI_PASSIVE;
1630
1631 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1632 if (err != 0) {
1633 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1634 exit(1);
1635 }
1636
1637 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1638 if (ai->ai_family != AF_INET6)
1639 continue;
1640
1641 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1642 sizeof(ntop), strport, sizeof(strport),
1643 NI_NUMERICHOST|NI_NUMERICSERV);
1644
1645 if (err != 0) {
1646 if (err == EAI_SYSTEM)
1647 perror("getnameinfo EAI_SYSTEM");
1648 else
1649 fprintf(stderr, "getnameinfo failed: %s\n",
1650 gai_strerror(err));
1651 exit(2);
1652 }
1653
1654 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1655 if (sock < 0)
1656 perror("socket");
1657 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1658 if (errno == EBADF)
1659 exit(3);
1660 }
1661 }
1662 exit(0);
1663}
2c06c99b 1664 ]])],
99be0775 1665 [
1666 AC_MSG_RESULT(yes)
1667 ],
1668 [
1669 AC_MSG_RESULT(no)
1670 AC_DEFINE(BROKEN_GETADDRINFO)
2c06c99b 1671 ],
1672 [
1673 AC_MSG_RESULT(cross-compiling, assuming yes)
99be0775 1674 ]
1675 )
1676fi
1677
dec6d9fe 1678if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1679 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
996d5e62 1680 AC_MSG_CHECKING(if getaddrinfo seems to work)
2c06c99b 1681 AC_RUN_IFELSE(
1682 [AC_LANG_SOURCE([[
996d5e62 1683#include <stdio.h>
1684#include <sys/socket.h>
1685#include <netdb.h>
1686#include <errno.h>
1687#include <netinet/in.h>
1688
1689#define TEST_PORT "2222"
1690
1691int
1692main(void)
1693{
1694 int err, sock;
1695 struct addrinfo *gai_ai, *ai, hints;
1696 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1697
1698 memset(&hints, 0, sizeof(hints));
1699 hints.ai_family = PF_UNSPEC;
1700 hints.ai_socktype = SOCK_STREAM;
1701 hints.ai_flags = AI_PASSIVE;
1702
1703 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1704 if (err != 0) {
1705 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1706 exit(1);
1707 }
1708
1709 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1710 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1711 continue;
1712
1713 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1714 sizeof(ntop), strport, sizeof(strport),
1715 NI_NUMERICHOST|NI_NUMERICSERV);
1716
1717 if (ai->ai_family == AF_INET && err != 0) {
1718 perror("getnameinfo");
1719 exit(2);
1720 }
1721 }
1722 exit(0);
1723}
2c06c99b 1724 ]])],
996d5e62 1725 [
1726 AC_MSG_RESULT(yes)
2c06c99b 1727 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1728 [Define if you have a getaddrinfo that fails
1729 for the all-zeros IPv6 address])
996d5e62 1730 ],
1731 [
1732 AC_MSG_RESULT(no)
1733 AC_DEFINE(BROKEN_GETADDRINFO)
2c06c99b 1734 ],
9108f8d9 1735 [
2c06c99b 1736 AC_MSG_RESULT(cross-compiling, assuming no)
996d5e62 1737 ]
1738 )
1739fi
1740
1741if test "x$check_for_conflicting_getspnam" = "x1"; then
1742 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1743 AC_COMPILE_IFELSE(
1744 [
1745#include <shadow.h>
1746int main(void) {exit(0);}
1747 ],
1748 [
1749 AC_MSG_RESULT(no)
1750 ],
1751 [
1752 AC_MSG_RESULT(yes)
1753 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1754 [Conflicting defs for getspnam])
1755 ]
1756 )
1757fi
1758
3c0ef626 1759AC_FUNC_GETPGRP
1760
700318f3 1761# Search for OpenSSL
1762saved_CPPFLAGS="$CPPFLAGS"
1763saved_LDFLAGS="$LDFLAGS"
3c0ef626 1764AC_ARG_WITH(ssl-dir,
1765 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1766 [
1767 if test "x$withval" != "xno" ; then
996d5e62 1768 case "$withval" in
1769 # Relative paths
1770 ./*|../*) withval="`pwd`/$withval"
1771 esac
700318f3 1772 if test -d "$withval/lib"; then
1773 if test -n "${need_dash_r}"; then
1774 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1775 else
1776 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
3c0ef626 1777 fi
1778 else
700318f3 1779 if test -n "${need_dash_r}"; then
1780 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1781 else
1782 LDFLAGS="-L${withval} ${LDFLAGS}"
3c0ef626 1783 fi
1784 fi
700318f3 1785 if test -d "$withval/include"; then
1786 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
3c0ef626 1787 else
700318f3 1788 CPPFLAGS="-I${withval} ${CPPFLAGS}"
3c0ef626 1789 fi
1790 fi
700318f3 1791 ]
1792)
cdd66111 1793LIBS="-lcrypto $LIBS"
2c06c99b 1794AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1795 [Define if your ssl headers are included
1796 with #include <openssl/header.h>]),
3c0ef626 1797 [
700318f3 1798 dnl Check default openssl install dir
1799 if test -n "${need_dash_r}"; then
1800 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
3c0ef626 1801 else
700318f3 1802 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
3c0ef626 1803 fi
700318f3 1804 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1805 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1806 [
1807 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1808 ]
1809 )
1810 ]
1811)
1812
41b2f314 1813# Determine OpenSSL header version
1814AC_MSG_CHECKING([OpenSSL header version])
996d5e62 1815AC_RUN_IFELSE(
1816 [AC_LANG_SOURCE([[
41b2f314 1817#include <stdio.h>
1818#include <string.h>
1819#include <openssl/opensslv.h>
1820#define DATA "conftest.sslincver"
1821int main(void) {
cdd66111 1822 FILE *fd;
1823 int rc;
41b2f314 1824
cdd66111 1825 fd = fopen(DATA,"w");
1826 if(fd == NULL)
1827 exit(1);
41b2f314 1828
1829 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1830 exit(1);
1831
1832 exit(0);
1833}
996d5e62 1834 ]])],
41b2f314 1835 [
1836 ssl_header_ver=`cat conftest.sslincver`
1837 AC_MSG_RESULT($ssl_header_ver)
1838 ],
1839 [
1840 AC_MSG_RESULT(not found)
1841 AC_MSG_ERROR(OpenSSL version header not found.)
996d5e62 1842 ],
1843 [
1844 AC_MSG_WARN([cross compiling: not checking])
41b2f314 1845 ]
1846)
1847
1848# Determine OpenSSL library version
1849AC_MSG_CHECKING([OpenSSL library version])
996d5e62 1850AC_RUN_IFELSE(
1851 [AC_LANG_SOURCE([[
41b2f314 1852#include <stdio.h>
1853#include <string.h>
1854#include <openssl/opensslv.h>
1855#include <openssl/crypto.h>
1856#define DATA "conftest.ssllibver"
1857int main(void) {
cdd66111 1858 FILE *fd;
1859 int rc;
41b2f314 1860
cdd66111 1861 fd = fopen(DATA,"w");
1862 if(fd == NULL)
1863 exit(1);
41b2f314 1864
1865 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1866 exit(1);
1867
1868 exit(0);
1869}
996d5e62 1870 ]])],
41b2f314 1871 [
1872 ssl_library_ver=`cat conftest.ssllibver`
1873 AC_MSG_RESULT($ssl_library_ver)
1874 ],
1875 [
1876 AC_MSG_RESULT(not found)
1877 AC_MSG_ERROR(OpenSSL library not found.)
996d5e62 1878 ],
1879 [
1880 AC_MSG_WARN([cross compiling: not checking])
41b2f314 1881 ]
1882)
3c0ef626 1883
799ae497 1884AC_ARG_WITH(openssl-header-check,
1885 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1886 [ if test "x$withval" = "xno" ; then
1887 openssl_check_nonfatal=1
1888 fi
1889 ]
1890)
1891
e9a17296 1892# Sanity check OpenSSL headers
1893AC_MSG_CHECKING([whether OpenSSL's headers match the library])
996d5e62 1894AC_RUN_IFELSE(
1895 [AC_LANG_SOURCE([[
e9a17296 1896#include <string.h>
1897#include <openssl/opensslv.h>
41b2f314 1898int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
996d5e62 1899 ]])],
e9a17296 1900 [
1901 AC_MSG_RESULT(yes)
1902 ],
1903 [
1904 AC_MSG_RESULT(no)
799ae497 1905 if test "x$openssl_check_nonfatal" = "x"; then
1906 AC_MSG_ERROR([Your OpenSSL headers do not match your
1907library. Check config.log for details.
1908If you are sure your installation is consistent, you can disable the check
1909by running "./configure --without-openssl-header-check".
1910Also see contrib/findssl.sh for help identifying header/library mismatches.
1911])
1912 else
1913 AC_MSG_WARN([Your OpenSSL headers do not match your
1914library. Check config.log for details.
0fff78ff 1915Also see contrib/findssl.sh for help identifying header/library mismatches.])
799ae497 1916 fi
996d5e62 1917 ],
1918 [
1919 AC_MSG_WARN([cross compiling: not checking])
e9a17296 1920 ]
1921)
1922
9108f8d9 1923AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1924AC_LINK_IFELSE(
1925 [AC_LANG_SOURCE([[
1926#include <openssl/evp.h>
1927int main(void) { SSLeay_add_all_algorithms(); }
1928 ]])],
1929 [
1930 AC_MSG_RESULT(yes)
1931 ],
1932 [
1933 AC_MSG_RESULT(no)
1934 saved_LIBS="$LIBS"
1935 LIBS="$LIBS -ldl"
1936 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1937 AC_LINK_IFELSE(
1938 [AC_LANG_SOURCE([[
1939#include <openssl/evp.h>
1940int main(void) { SSLeay_add_all_algorithms(); }
1941 ]])],
1942 [
1943 AC_MSG_RESULT(yes)
1944 ],
1945 [
1946 AC_MSG_RESULT(no)
1947 LIBS="$saved_LIBS"
1948 ]
1949 )
1950 ]
1951)
1952
1953AC_ARG_WITH(ssl-engine,
1954 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1955 [ if test "x$withval" != "xno" ; then
1956 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1957 AC_TRY_COMPILE(
1958 [ #include <openssl/engine.h>],
1959 [
ff7ec503 1960ENGINE_load_builtin_engines();ENGINE_register_all_complete();
9108f8d9 1961 ],
1962 [ AC_MSG_RESULT(yes)
1963 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1964 [Enable OpenSSL engine support])
1965 ],
1966 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1967 )
1968 fi ]
1969)
1970
2c06c99b 1971# Check for OpenSSL without EVP_aes_{192,256}_cbc
1972AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
9108f8d9 1973AC_LINK_IFELSE(
2c06c99b 1974 [AC_LANG_SOURCE([[
1975#include <string.h>
1976#include <openssl/evp.h>
f2f068fa 1977int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2c06c99b 1978 ]])],
1979 [
1980 AC_MSG_RESULT(no)
1981 ],
1982 [
1983 AC_MSG_RESULT(yes)
1984 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1985 [libcrypto is missing AES 192 and 256 bit functions])
1986 ]
1987)
1988
cdd66111 1989# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1990# because the system crypt() is more featureful.
1991if test "x$check_for_libcrypt_before" = "x1"; then
1992 AC_CHECK_LIB(crypt, crypt)
1993fi
1994
1995# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1996# version in OpenSSL.
0fff78ff 1997if test "x$check_for_libcrypt_later" = "x1"; then
3c0ef626 1998 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1999fi
2000
9108f8d9 2001# Search for SHA256 support in libc and/or OpenSSL
2002AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2003
665a873d 2004AC_CHECK_LIB(iaf, ia_openinfo)
e9a17296 2005
2006### Configure cryptographic random number support
2007
2008# Check wheter OpenSSL seeds itself
2009AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
996d5e62 2010AC_RUN_IFELSE(
2011 [AC_LANG_SOURCE([[
e9a17296 2012#include <string.h>
2013#include <openssl/rand.h>
41b2f314 2014int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
996d5e62 2015 ]])],
e9a17296 2016 [
2017 OPENSSL_SEEDS_ITSELF=yes
2018 AC_MSG_RESULT(yes)
2019 ],
2020 [
2021 AC_MSG_RESULT(no)
2022 # Default to use of the rand helper if OpenSSL doesn't
2023 # seed itself
2024 USE_RAND_HELPER=yes
996d5e62 2025 ],
2026 [
2027 AC_MSG_WARN([cross compiling: assuming yes])
2028 # This is safe, since all recent OpenSSL versions will
dec6d9fe 2029 # complain at runtime if not seeded correctly.
996d5e62 2030 OPENSSL_SEEDS_ITSELF=yes
e9a17296 2031 ]
2032)
2033
9108f8d9 2034# Check for PAM libs
2035PAM_MSG="no"
2036AC_ARG_WITH(pam,
2037 [ --with-pam Enable PAM support ],
2038 [
2039 if test "x$withval" != "xno" ; then
2040 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2041 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2042 AC_MSG_ERROR([PAM headers not found])
2043 fi
2044
2045 saved_LIBS="$LIBS"
2046 AC_CHECK_LIB(dl, dlopen, , )
2047 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2048 AC_CHECK_FUNCS(pam_getenvlist)
2049 AC_CHECK_FUNCS(pam_putenv)
2050 LIBS="$saved_LIBS"
2051
2052 PAM_MSG="yes"
2053
2054 LIBPAM="-lpam"
2055 AC_DEFINE(USE_PAM, 1,
2056 [Define if you want to enable PAM support])
2057
2058 if test $ac_cv_lib_dl_dlopen = yes; then
2059 case "$LIBS" in
2060 *-ldl*)
2061 # libdl already in LIBS
2062 ;;
2063 *)
2064 LIBPAM="$LIBPAM -ldl"
2065 ;;
2066 esac
2067 fi
2068 AC_SUBST(LIBPAM)
2069 fi
2070 ]
2071)
2072
2073# Check for older PAM
2074if test "x$PAM_MSG" = "xyes" ; then
2075 # Check PAM strerror arguments (old PAM)
2076 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2077 AC_TRY_COMPILE(
2078 [
2079#include <stdlib.h>
2080#if defined(HAVE_SECURITY_PAM_APPL_H)
2081#include <security/pam_appl.h>
2082#elif defined (HAVE_PAM_PAM_APPL_H)
2083#include <pam/pam_appl.h>
2084#endif
2085 ],
2086 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2087 [AC_MSG_RESULT(no)],
2088 [
2089 AC_DEFINE(HAVE_OLD_PAM, 1,
2090 [Define if you have an old version of PAM
2091 which takes only one argument to pam_strerror])
2092 AC_MSG_RESULT(yes)
2093 PAM_MSG="yes (old library)"
2094 ]
2095 )
2096fi
e9a17296 2097
2098# Do we want to force the use of the rand helper?
2099AC_ARG_WITH(rand-helper,
2100 [ --with-rand-helper Use subprocess to gather strong randomness ],
2101 [
2102 if test "x$withval" = "xno" ; then
cdd66111 2103 # Force use of OpenSSL's internal RNG, even if
e9a17296 2104 # the previous test showed it to be unseeded.
2105 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2106 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2107 OPENSSL_SEEDS_ITSELF=yes
2108 USE_RAND_HELPER=""
2109 fi
2110 else
2111 USE_RAND_HELPER=yes
2112 fi
2113 ],
dec6d9fe 2114)
e9a17296 2115
2116# Which randomness source do we use?
dec6d9fe 2117if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
e9a17296 2118 # OpenSSL only
2c06c99b 2119 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2120 [Define if you want OpenSSL's internally seeded PRNG only])
e9a17296 2121 RAND_MSG="OpenSSL internal ONLY"
2122 INSTALL_SSH_RAND_HELPER=""
2123elif test ! -z "$USE_RAND_HELPER" ; then
2124 # install rand helper
2125 RAND_MSG="ssh-rand-helper"
2126 INSTALL_SSH_RAND_HELPER="yes"
2127fi
2128AC_SUBST(INSTALL_SSH_RAND_HELPER)
2129
2130### Configuration of ssh-rand-helper
2131
2132# PRNGD TCP socket
2133AC_ARG_WITH(prngd-port,
2134 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2135 [
2136 case "$withval" in
2137 no)
2138 withval=""
2139 ;;
2140 [[0-9]]*)
2141 ;;
2142 *)
2143 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2144 ;;
2145 esac
2146 if test ! -z "$withval" ; then
2147 PRNGD_PORT="$withval"
2c06c99b 2148 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2149 [Port number of PRNGD/EGD random number socket])
e9a17296 2150 fi
2151 ]
2152)
2153
2154# PRNGD Unix domain socket
2155AC_ARG_WITH(prngd-socket,
2156 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2157 [
2158 case "$withval" in
2159 yes)
2160 withval="/var/run/egd-pool"
2161 ;;
2162 no)
2163 withval=""
2164 ;;
2165 /*)
2166 ;;
2167 *)
2168 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2169 ;;
2170 esac
2171
2172 if test ! -z "$withval" ; then
2173 if test ! -z "$PRNGD_PORT" ; then
2174 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2175 fi
2176 if test ! -r "$withval" ; then
2177 AC_MSG_WARN(Entropy socket is not readable)
2178 fi
2179 PRNGD_SOCKET="$withval"
2c06c99b 2180 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2181 [Location of PRNGD/EGD random number socket])
e9a17296 2182 fi
2183 ],
2184 [
2185 # Check for existing socket only if we don't have a random device already
2186 if test "$USE_RAND_HELPER" = yes ; then
2187 AC_MSG_CHECKING(for PRNGD/EGD socket)
2188 # Insert other locations here
2189 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2190 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2191 PRNGD_SOCKET="$sock"
2192 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2193 break;
2194 fi
2195 done
2196 if test ! -z "$PRNGD_SOCKET" ; then
2197 AC_MSG_RESULT($PRNGD_SOCKET)
2198 else
2199 AC_MSG_RESULT(not found)
2200 fi
2201 fi
2202 ]
2203)
2204
2205# Change default command timeout for hashing entropy source
2206entropy_timeout=200
2207AC_ARG_WITH(entropy-timeout,
2208 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2209 [
dec6d9fe 2210 if test -n "$withval" && test "x$withval" != "xno" && \
2211 test "x${withval}" != "xyes"; then
e9a17296 2212 entropy_timeout=$withval
2213 fi
dec6d9fe 2214 ]
e9a17296 2215)
2c06c99b 2216AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2217 [Builtin PRNG command timeout])
e9a17296 2218
680cee3b 2219SSH_PRIVSEP_USER=sshd
700318f3 2220AC_ARG_WITH(privsep-user,
2221 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2222 [
dec6d9fe 2223 if test -n "$withval" && test "x$withval" != "xno" && \
2224 test "x${withval}" != "xyes"; then
680cee3b 2225 SSH_PRIVSEP_USER=$withval
700318f3 2226 fi
dec6d9fe 2227 ]
700318f3 2228)
2c06c99b 2229AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2230 [non-privileged user for privilege separation])
680cee3b 2231AC_SUBST(SSH_PRIVSEP_USER)
700318f3 2232
2233# We do this little dance with the search path to insure
2234# that programs that we select for use by installed programs
2235# (which may be run by the super-user) come from trusted
2236# locations before they come from the user's private area.
2237# This should help avoid accidentally configuring some
2238# random version of a program in someone's personal bin.
2239
2240OPATH=$PATH
2241PATH=/bin:/usr/bin
2242test -h /bin 2> /dev/null && PATH=/usr/bin
2243test -d /sbin && PATH=$PATH:/sbin
2244test -d /usr/sbin && PATH=$PATH:/usr/sbin
2245PATH=$PATH:/etc:$OPATH
2246
cdd66111 2247# These programs are used by the command hashing source to gather entropy
e9a17296 2248OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2249OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2250OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2251OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2252OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2253OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2254OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2255OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2256OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2257OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2258OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2259OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2260OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2261OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2262OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2263OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
700318f3 2264# restore PATH
2265PATH=$OPATH
e9a17296 2266
2267# Where does ssh-rand-helper get its randomness from?
2268INSTALL_SSH_PRNG_CMDS=""
2269if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2270 if test ! -z "$PRNGD_PORT" ; then
2271 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2272 elif test ! -z "$PRNGD_SOCKET" ; then
2273 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2274 else
2275 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2276 RAND_HELPER_CMDHASH=yes
2277 INSTALL_SSH_PRNG_CMDS="yes"
2278 fi
2279fi
2280AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2281
2282
3c0ef626 2283# Cheap hack to ensure NEWS-OS libraries are arranged right.
2284if test ! -z "$SONY" ; then
2285 LIBS="$LIBS -liberty";
2286fi
2287
2c06c99b 2288# Check for long long datatypes
2289AC_CHECK_TYPES([long long, unsigned long long, long double])
2290
2291# Check datatype sizes
3c0ef626 2292AC_CHECK_SIZEOF(char, 1)
2293AC_CHECK_SIZEOF(short int, 2)
2294AC_CHECK_SIZEOF(int, 4)
2295AC_CHECK_SIZEOF(long int, 4)
2296AC_CHECK_SIZEOF(long long int, 8)
2297
700318f3 2298# Sanity check long long for some platforms (AIX)
2299if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2300 ac_cv_sizeof_long_long_int=0
2301fi
2302
2c06c99b 2303# compute LLONG_MIN and LLONG_MAX if we don't know them.
2304if test -z "$have_llong_max"; then
2305 AC_MSG_CHECKING([for max value of long long])
2306 AC_RUN_IFELSE(
2307 [AC_LANG_SOURCE([[
2308#include <stdio.h>
2309/* Why is this so damn hard? */
2310#ifdef __GNUC__
2311# undef __GNUC__
2312#endif
2313#define __USE_ISOC99
2314#include <limits.h>
2315#define DATA "conftest.llminmax"
9108f8d9 2316#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2317
2318/*
2319 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2320 * we do this the hard way.
2321 */
2322static int
2323fprint_ll(FILE *f, long long n)
2324{
2325 unsigned int i;
2326 int l[sizeof(long long) * 8];
2327
2328 if (n < 0)
2329 if (fprintf(f, "-") < 0)
2330 return -1;
2331 for (i = 0; n != 0; i++) {
2332 l[i] = my_abs(n % 10);
2333 n /= 10;
2334 }
2335 do {
2336 if (fprintf(f, "%d", l[--i]) < 0)
2337 return -1;
2338 } while (i != 0);
2339 if (fprintf(f, " ") < 0)
2340 return -1;
2341 return 0;
2342}
2343
2c06c99b 2344int main(void) {
2345 FILE *f;
2346 long long i, llmin, llmax = 0;
2347
2348 if((f = fopen(DATA,"w")) == NULL)
2349 exit(1);
2350
2351#if defined(LLONG_MIN) && defined(LLONG_MAX)
2352 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2353 llmin = LLONG_MIN;
2354 llmax = LLONG_MAX;
2355#else
2356 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2357 /* This will work on one's complement and two's complement */
2358 for (i = 1; i > llmax; i <<= 1, i++)
2359 llmax = i;
2360 llmin = llmax + 1LL; /* wrap */
2361#endif
2362
2363 /* Sanity check */
2364 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
9108f8d9 2365 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2366 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2c06c99b 2367 fprintf(f, "unknown unknown\n");
2368 exit(2);
2369 }
2370
9108f8d9 2371 if (fprint_ll(f, llmin) < 0)
2c06c99b 2372 exit(3);
9108f8d9 2373 if (fprint_ll(f, llmax) < 0)
2374 exit(4);
2375 if (fclose(f) < 0)
2376 exit(5);
2c06c99b 2377 exit(0);
2378}
2379 ]])],
2380 [
2381 llong_min=`$AWK '{print $1}' conftest.llminmax`
2382 llong_max=`$AWK '{print $2}' conftest.llminmax`
2383
2c06c99b 2384 AC_MSG_RESULT($llong_max)
2385 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2386 [max value of long long calculated by configure])
2387 AC_MSG_CHECKING([for min value of long long])
2388 AC_MSG_RESULT($llong_min)
2389 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2390 [min value of long long calculated by configure])
2391 ],
2392 [
2393 AC_MSG_RESULT(not found)
2394 ],
2395 [
2396 AC_MSG_WARN([cross compiling: not checking])
2397 ]
2398 )
2399fi
2400
2401
3c0ef626 2402# More checks for data types
2403AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2404 AC_TRY_COMPILE(
cdd66111 2405 [ #include <sys/types.h> ],
2406 [ u_int a; a = 1;],
3c0ef626 2407 [ ac_cv_have_u_int="yes" ],
2408 [ ac_cv_have_u_int="no" ]
2409 )
2410])
2411if test "x$ac_cv_have_u_int" = "xyes" ; then
2c06c99b 2412 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
3c0ef626 2413 have_u_int=1
2414fi
2415
2416AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2417 AC_TRY_COMPILE(
cdd66111 2418 [ #include <sys/types.h> ],
2419 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
3c0ef626 2420 [ ac_cv_have_intxx_t="yes" ],
2421 [ ac_cv_have_intxx_t="no" ]
2422 )
2423])
2424if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2c06c99b 2425 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
3c0ef626 2426 have_intxx_t=1
2427fi
2428
2429if (test -z "$have_intxx_t" && \
cdd66111 2430 test "x$ac_cv_header_stdint_h" = "xyes")
3c0ef626 2431then
2432 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2433 AC_TRY_COMPILE(
cdd66111 2434 [ #include <stdint.h> ],
2435 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
3c0ef626 2436 [
2437 AC_DEFINE(HAVE_INTXX_T)
2438 AC_MSG_RESULT(yes)
2439 ],
2440 [ AC_MSG_RESULT(no) ]
2441 )
2442fi
2443
2444AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2445 AC_TRY_COMPILE(
41b2f314 2446 [
2447#include <sys/types.h>
2448#ifdef HAVE_STDINT_H
2449# include <stdint.h>
2450#endif
2451#include <sys/socket.h>
2452#ifdef HAVE_SYS_BITYPES_H
2453# include <sys/bitypes.h>
2454#endif
cdd66111 2455 ],
2456 [ int64_t a; a = 1;],
3c0ef626 2457 [ ac_cv_have_int64_t="yes" ],
2458 [ ac_cv_have_int64_t="no" ]
2459 )
2460])
2461if test "x$ac_cv_have_int64_t" = "xyes" ; then
2c06c99b 2462 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
e9a17296 2463fi
2464
3c0ef626 2465AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2466 AC_TRY_COMPILE(
cdd66111 2467 [ #include <sys/types.h> ],
2468 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
3c0ef626 2469 [ ac_cv_have_u_intxx_t="yes" ],
2470 [ ac_cv_have_u_intxx_t="no" ]
2471 )
2472])
2473if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2c06c99b 2474 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
3c0ef626 2475 have_u_intxx_t=1
2476fi
2477
2478if test -z "$have_u_intxx_t" ; then
2479 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2480 AC_TRY_COMPILE(
cdd66111 2481 [ #include <sys/socket.h> ],
2482 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
3c0ef626 2483 [
2484 AC_DEFINE(HAVE_U_INTXX_T)
2485 AC_MSG_RESULT(yes)
2486 ],
2487 [ AC_MSG_RESULT(no) ]
2488 )
2489fi
2490
2491AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2492 AC_TRY_COMPILE(
cdd66111 2493 [ #include <sys/types.h> ],
2494 [ u_int64_t a; a = 1;],
3c0ef626 2495 [ ac_cv_have_u_int64_t="yes" ],
2496 [ ac_cv_have_u_int64_t="no" ]
2497 )
2498])
2499if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2c06c99b 2500 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
3c0ef626 2501 have_u_int64_t=1
2502fi
2503
e9a17296 2504if test -z "$have_u_int64_t" ; then
2505 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2506 AC_TRY_COMPILE(
cdd66111 2507 [ #include <sys/bitypes.h> ],
e9a17296 2508 [ u_int64_t a; a = 1],
2509 [
2510 AC_DEFINE(HAVE_U_INT64_T)
2511 AC_MSG_RESULT(yes)
2512 ],
2513 [ AC_MSG_RESULT(no) ]
2514 )
2515fi
2516
3c0ef626 2517if test -z "$have_u_intxx_t" ; then
2518 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2519 AC_TRY_COMPILE(
2520 [
2521#include <sys/types.h>
cdd66111 2522 ],
2523 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
3c0ef626 2524 [ ac_cv_have_uintxx_t="yes" ],
2525 [ ac_cv_have_uintxx_t="no" ]
2526 )
2527 ])
2528 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2c06c99b 2529 AC_DEFINE(HAVE_UINTXX_T, 1,
2530 [define if you have uintxx_t data type])
3c0ef626 2531 fi
2532fi
2533
2534if test -z "$have_uintxx_t" ; then
2535 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2536 AC_TRY_COMPILE(
cdd66111 2537 [ #include <stdint.h> ],
2538 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
3c0ef626 2539 [
2540 AC_DEFINE(HAVE_UINTXX_T)
2541 AC_MSG_RESULT(yes)
2542 ],
2543 [ AC_MSG_RESULT(no) ]
2544 )
2545fi
2546
2547if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
cdd66111 2548 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3c0ef626 2549then
2550 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2551 AC_TRY_COMPILE(
2552 [
2553#include <sys/bitypes.h>
cdd66111 2554 ],
3c0ef626 2555 [
2556 int8_t a; int16_t b; int32_t c;
2557 u_int8_t e; u_int16_t f; u_int32_t g;
2558 a = b = c = e = f = g = 1;
cdd66111 2559 ],
3c0ef626 2560 [
2561 AC_DEFINE(HAVE_U_INTXX_T)
2562 AC_DEFINE(HAVE_INTXX_T)
2563 AC_MSG_RESULT(yes)
2564 ],
2565 [AC_MSG_RESULT(no)]
cdd66111 2566 )
3c0ef626 2567fi
2568
2569
2570AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2571 AC_TRY_COMPILE(
2572 [
2573#include <sys/types.h>
2574 ],
2575 [ u_char foo; foo = 125; ],
2576 [ ac_cv_have_u_char="yes" ],
2577 [ ac_cv_have_u_char="no" ]
2578 )
2579])
2580if test "x$ac_cv_have_u_char" = "xyes" ; then
2c06c99b 2581 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
3c0ef626 2582fi
2583
2584TYPE_SOCKLEN_T
2585
e9a17296 2586AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2587
996d5e62 2588AC_CHECK_TYPES(in_addr_t,,,
2589[#include <sys/types.h>
2590#include <netinet/in.h>])
2591
3c0ef626 2592AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2593 AC_TRY_COMPILE(
2594 [
2595#include <sys/types.h>
2596 ],
2597 [ size_t foo; foo = 1235; ],
2598 [ ac_cv_have_size_t="yes" ],
2599 [ ac_cv_have_size_t="no" ]
2600 )
2601])
2602if test "x$ac_cv_have_size_t" = "xyes" ; then
2c06c99b 2603 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
3c0ef626 2604fi
2605
2606AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2607 AC_TRY_COMPILE(
2608 [
2609#include <sys/types.h>
2610 ],
2611 [ ssize_t foo; foo = 1235; ],
2612 [ ac_cv_have_ssize_t="yes" ],
2613 [ ac_cv_have_ssize_t="no" ]
2614 )
2615])
2616if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2c06c99b 2617 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
3c0ef626 2618fi
2619
2620AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2621 AC_TRY_COMPILE(
2622 [
2623#include <time.h>
2624 ],
2625 [ clock_t foo; foo = 1235; ],
2626 [ ac_cv_have_clock_t="yes" ],
2627 [ ac_cv_have_clock_t="no" ]
2628 )
2629])
2630if test "x$ac_cv_have_clock_t" = "xyes" ; then
2c06c99b 2631 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
3c0ef626 2632fi
2633
2634AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2635 AC_TRY_COMPILE(
2636 [
2637#include <sys/types.h>
2638#include <sys/socket.h>
2639 ],
2640 [ sa_family_t foo; foo = 1235; ],
2641 [ ac_cv_have_sa_family_t="yes" ],
2642 [ AC_TRY_COMPILE(
2643 [
2644#include <sys/types.h>
2645#include <sys/socket.h>
2646#include <netinet/in.h>
2647 ],
2648 [ sa_family_t foo; foo = 1235; ],
2649 [ ac_cv_have_sa_family_t="yes" ],
2650
2651 [ ac_cv_have_sa_family_t="no" ]
2652 )]
2653 )
2654])
2655if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2c06c99b 2656 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2657 [define if you have sa_family_t data type])
3c0ef626 2658fi
2659
2660AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2661 AC_TRY_COMPILE(
2662 [
2663#include <sys/types.h>
2664 ],
2665 [ pid_t foo; foo = 1235; ],
2666 [ ac_cv_have_pid_t="yes" ],
2667 [ ac_cv_have_pid_t="no" ]
2668 )
2669])
2670if test "x$ac_cv_have_pid_t" = "xyes" ; then
2c06c99b 2671 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
3c0ef626 2672fi
2673
2674AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2675 AC_TRY_COMPILE(
2676 [
2677#include <sys/types.h>
2678 ],
2679 [ mode_t foo; foo = 1235; ],
2680 [ ac_cv_have_mode_t="yes" ],
2681 [ ac_cv_have_mode_t="no" ]
2682 )
2683])
2684if test "x$ac_cv_have_mode_t" = "xyes" ; then
2c06c99b 2685 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
3c0ef626 2686fi
2687
2688
2689AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2690 AC_TRY_COMPILE(
2691 [
2692#include <sys/types.h>
2693#include <sys/socket.h>
2694 ],
2695 [ struct sockaddr_storage s; ],
2696 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2697 [ ac_cv_have_struct_sockaddr_storage="no" ]
2698 )
2699])
2700if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2c06c99b 2701 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2702 [define if you have struct sockaddr_storage data type])
3c0ef626 2703fi
2704
2705AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2706 AC_TRY_COMPILE(
2707 [
2708#include <sys/types.h>
2709#include <netinet/in.h>
2710 ],
2711 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2712 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2713 [ ac_cv_have_struct_sockaddr_in6="no" ]
2714 )
2715])
2716if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2c06c99b 2717 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2718 [define if you have struct sockaddr_in6 data type])
3c0ef626 2719fi
2720
2721AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2722 AC_TRY_COMPILE(
2723 [
2724#include <sys/types.h>
2725#include <netinet/in.h>
2726 ],
2727 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2728 [ ac_cv_have_struct_in6_addr="yes" ],
2729 [ ac_cv_have_struct_in6_addr="no" ]
2730 )
2731])
2732if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2c06c99b 2733 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2734 [define if you have struct in6_addr data type])
3c0ef626 2735fi
2736
2737AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2738 AC_TRY_COMPILE(
2739 [
2740#include <sys/types.h>
2741#include <sys/socket.h>
2742#include <netdb.h>
2743 ],
2744 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2745 [ ac_cv_have_struct_addrinfo="yes" ],
2746 [ ac_cv_have_struct_addrinfo="no" ]
2747 )
2748])
2749if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2c06c99b 2750 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2751 [define if you have struct addrinfo data type])
3c0ef626 2752fi
2753
2754AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2755 AC_TRY_COMPILE(
cdd66111 2756 [ #include <sys/time.h> ],
2757 [ struct timeval tv; tv.tv_sec = 1;],
3c0ef626 2758 [ ac_cv_have_struct_timeval="yes" ],
2759 [ ac_cv_have_struct_timeval="no" ]
2760 )
2761])
2762if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2c06c99b 2763 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3c0ef626 2764 have_struct_timeval=1
2765fi
2766
6a9b3198 2767AC_CHECK_TYPES(struct timespec)
2768
2769# We need int64_t or else certian parts of the compile will fail.
dec6d9fe 2770if test "x$ac_cv_have_int64_t" = "xno" && \
2771 test "x$ac_cv_sizeof_long_int" != "x8" && \
2772 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
6a9b3198 2773 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2774 echo "an alternative compiler (I.E., GCC) before continuing."
2775 echo ""
2776 exit 1;
3c0ef626 2777else
2778dnl test snprintf (broken on SCO w/gcc)
996d5e62 2779 AC_RUN_IFELSE(
2780 [AC_LANG_SOURCE([[
3c0ef626 2781#include <stdio.h>
2782#include <string.h>
2783#ifdef HAVE_SNPRINTF
2784main()
2785{
2786 char buf[50];
2787 char expected_out[50];
2788 int mazsize = 50 ;
2789#if (SIZEOF_LONG_INT == 8)
2790 long int num = 0x7fffffffffffffff;
2791#else
2792 long long num = 0x7fffffffffffffffll;
2793#endif
2794 strcpy(expected_out, "9223372036854775807");
2795 snprintf(buf, mazsize, "%lld", num);
2796 if(strcmp(buf, expected_out) != 0)
cdd66111 2797 exit(1);
3c0ef626 2798 exit(0);
2799}
2800#else
2801main() { exit(0); }
2802#endif
996d5e62 2803 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2804 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3c0ef626 2805 )
2806fi
3c0ef626 2807
2808dnl Checks for structure members
2809OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2810OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2811OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2812OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2813OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2814OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2815OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2816OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2817OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2818OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2819OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2820OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2821OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2822OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2823OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2824OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2825OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2826
2827AC_CHECK_MEMBERS([struct stat.st_blksize])
2c06c99b 2828AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2829 [Define if we don't have struct __res_state in resolv.h])],
2830[
2831#include <stdio.h>
2832#if HAVE_SYS_TYPES_H
2833# include <sys/types.h>
2834#endif
2835#include <netinet/in.h>
2836#include <arpa/nameser.h>
2837#include <resolv.h>
2838])
3c0ef626 2839
2840AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2841 ac_cv_have_ss_family_in_struct_ss, [
2842 AC_TRY_COMPILE(
2843 [
2844#include <sys/types.h>
2845#include <sys/socket.h>
2846 ],
2847 [ struct sockaddr_storage s; s.ss_family = 1; ],
2848 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2849 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2850 )
2851])
2852if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2c06c99b 2853 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3c0ef626 2854fi
2855
2856AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2857 ac_cv_have___ss_family_in_struct_ss, [
2858 AC_TRY_COMPILE(
2859 [
2860#include <sys/types.h>
2861#include <sys/socket.h>
2862 ],
2863 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2864 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2865 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2866 )
2867])
2868if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2c06c99b 2869 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2870 [Fields in struct sockaddr_storage])
3c0ef626 2871fi
2872
2873AC_CACHE_CHECK([for pw_class field in struct passwd],
2874 ac_cv_have_pw_class_in_struct_passwd, [
2875 AC_TRY_COMPILE(
2876 [
2877#include <pwd.h>
2878 ],
2879 [ struct passwd p; p.pw_class = 0; ],
2880 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2881 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2882 )
2883])
2884if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2c06c99b 2885 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2886 [Define if your password has a pw_class field])
3c0ef626 2887fi
2888
2889AC_CACHE_CHECK([for pw_expire field in struct passwd],
2890 ac_cv_have_pw_expire_in_struct_passwd, [
2891 AC_TRY_COMPILE(
2892 [
2893#include <pwd.h>
2894 ],
2895 [ struct passwd p; p.pw_expire = 0; ],
2896 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2897 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2898 )
2899])
2900if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2c06c99b 2901 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2902 [Define if your password has a pw_expire field])
3c0ef626 2903fi
2904
2905AC_CACHE_CHECK([for pw_change field in struct passwd],
2906 ac_cv_have_pw_change_in_struct_passwd, [
2907 AC_TRY_COMPILE(
2908 [
2909#include <pwd.h>
2910 ],
2911 [ struct passwd p; p.pw_change = 0; ],
2912 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2913 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2914 )
2915])
2916if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2c06c99b 2917 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2918 [Define if your password has a pw_change field])
3c0ef626 2919fi
2920
fba3c309 2921dnl make sure we're using the real structure members and not defines
700318f3 2922AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2923 ac_cv_have_accrights_in_msghdr, [
996d5e62 2924 AC_COMPILE_IFELSE(
700318f3 2925 [
2926#include <sys/types.h>
2927#include <sys/socket.h>
2928#include <sys/uio.h>
fba3c309 2929int main() {
2930#ifdef msg_accrights
996d5e62 2931#error "msg_accrights is a macro"
fba3c309 2932exit(1);
2933#endif
2934struct msghdr m;
2935m.msg_accrights = 0;
2936exit(0);
2937}
700318f3 2938 ],
700318f3 2939 [ ac_cv_have_accrights_in_msghdr="yes" ],
2940 [ ac_cv_have_accrights_in_msghdr="no" ]
2941 )
2942])
2943if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2c06c99b 2944 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2945 [Define if your system uses access rights style
2946 file descriptor passing])
700318f3 2947fi
2948
2949AC_CACHE_CHECK([for msg_control field in struct msghdr],
2950 ac_cv_have_control_in_msghdr, [
996d5e62 2951 AC_COMPILE_IFELSE(
700318f3 2952 [
2953#include <sys/types.h>
2954#include <sys/socket.h>
2955#include <sys/uio.h>
fba3c309 2956int main() {
2957#ifdef msg_control
996d5e62 2958#error "msg_control is a macro"
fba3c309 2959exit(1);
2960#endif
2961struct msghdr m;
2962m.msg_control = 0;
2963exit(0);
2964}
700318f3 2965 ],
700318f3 2966 [ ac_cv_have_control_in_msghdr="yes" ],
2967 [ ac_cv_have_control_in_msghdr="no" ]
2968 )
2969])
2970if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2c06c99b 2971 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2972 [Define if your system uses ancillary data style
2973 file descriptor passing])
700318f3 2974fi
2975
3c0ef626 2976AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
cdd66111 2977 AC_TRY_LINK([],
2978 [ extern char *__progname; printf("%s", __progname); ],
3c0ef626 2979 [ ac_cv_libc_defines___progname="yes" ],
2980 [ ac_cv_libc_defines___progname="no" ]
2981 )
2982])
2983if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2c06c99b 2984 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3c0ef626 2985fi
2986
700318f3 2987AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2988 AC_TRY_LINK([
2989#include <stdio.h>
cdd66111 2990],
2991 [ printf("%s", __FUNCTION__); ],
700318f3 2992 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2993 [ ac_cv_cc_implements___FUNCTION__="no" ]
2994 )
2995])
2996if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2c06c99b 2997 AC_DEFINE(HAVE___FUNCTION__, 1,
2998 [Define if compiler implements __FUNCTION__])
700318f3 2999fi
3000
3001AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3002 AC_TRY_LINK([
3003#include <stdio.h>
cdd66111 3004],
3005 [ printf("%s", __func__); ],
700318f3 3006 [ ac_cv_cc_implements___func__="yes" ],
3007 [ ac_cv_cc_implements___func__="no" ]
3008 )
3009])
3010if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2c06c99b 3011 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3012fi
3013
3014AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3015 AC_TRY_LINK(
3016 [#include <stdarg.h>
3017 va_list x,y;],
3018 [va_copy(x,y);],
3019 [ ac_cv_have_va_copy="yes" ],
3020 [ ac_cv_have_va_copy="no" ]
3021 )
3022])
3023if test "x$ac_cv_have_va_copy" = "xyes" ; then
3024 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3025fi
3026
3027AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3028 AC_TRY_LINK(
3029 [#include <stdarg.h>
3030 va_list x,y;],
3031 [__va_copy(x,y);],
3032 [ ac_cv_have___va_copy="yes" ],
3033 [ ac_cv_have___va_copy="no" ]
3034 )
3035])
3036if test "x$ac_cv_have___va_copy" = "xyes" ; then
3037 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
700318f3 3038fi
3039
3c0ef626 3040AC_CACHE_CHECK([whether getopt has optreset support],
3041 ac_cv_have_getopt_optreset, [
3042 AC_TRY_LINK(
3043 [
3044#include <getopt.h>
3045 ],
3046 [ extern int optreset; optreset = 0; ],
3047 [ ac_cv_have_getopt_optreset="yes" ],
3048 [ ac_cv_have_getopt_optreset="no" ]
3049 )
3050])
3051if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2c06c99b 3052 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3053 [Define if your getopt(3) defines and uses optreset])
3c0ef626 3054fi
3055
3056AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
cdd66111 3057 AC_TRY_LINK([],
3058 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3c0ef626 3059 [ ac_cv_libc_defines_sys_errlist="yes" ],
3060 [ ac_cv_libc_defines_sys_errlist="no" ]
3061 )
3062])
3063if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2c06c99b 3064 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3065 [Define if your system defines sys_errlist[]])
3c0ef626 3066fi
3067
3068
3069AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
cdd66111 3070 AC_TRY_LINK([],
3071 [ extern int sys_nerr; printf("%i", sys_nerr);],
3c0ef626 3072 [ ac_cv_libc_defines_sys_nerr="yes" ],
3073 [ ac_cv_libc_defines_sys_nerr="no" ]
3074 )
3075])
3076if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2c06c99b 3077 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3c0ef626 3078fi
3079
cdd66111 3080SCARD_MSG="no"
700318f3 3081# Check whether user wants sectok support
3082AC_ARG_WITH(sectok,
3083 [ --with-sectok Enable smartcard support using libsectok],
3c0ef626 3084 [
3085 if test "x$withval" != "xno" ; then
3086 if test "x$withval" != "xyes" ; then
3087 CPPFLAGS="$CPPFLAGS -I${withval}"
3088 LDFLAGS="$LDFLAGS -L${withval}"
3089 if test ! -z "$need_dash_r" ; then
3090 LDFLAGS="$LDFLAGS -R${withval}"
3091 fi
3092 if test ! -z "$blibpath" ; then
3093 blibpath="$blibpath:${withval}"
3094 fi
3095 fi
3096 AC_CHECK_HEADERS(sectok.h)
3097 if test "$ac_cv_header_sectok_h" != yes; then
3098 AC_MSG_ERROR(Can't find sectok.h)
3099 fi
3100 AC_CHECK_LIB(sectok, sectok_open)
3101 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3102 AC_MSG_ERROR(Can't find libsectok)
3103 fi
2c06c99b 3104 AC_DEFINE(SMARTCARD, 1,
3105 [Define if you want smartcard support])
3106 AC_DEFINE(USE_SECTOK, 1,
3107 [Define if you want smartcard support
3108 using sectok])
cdd66111 3109 SCARD_MSG="yes, using sectok"
3c0ef626 3110 fi
3111 ]
3112)
3113
700318f3 3114# Check whether user wants OpenSC support
dec6d9fe 3115OPENSC_CONFIG="no"
700318f3 3116AC_ARG_WITH(opensc,
2c06c99b 3117 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
dec6d9fe 3118 [
3119 if test "x$withval" != "xno" ; then
3120 if test "x$withval" != "xyes" ; then
3121 OPENSC_CONFIG=$withval/bin/opensc-config
3122 else
3123 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3124 fi
3125 if test "$OPENSC_CONFIG" != "no"; then
3126 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3127 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3128 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
9108f8d9 3129 LIBS="$LIBS $LIBOPENSC_LIBS"
dec6d9fe 3130 AC_DEFINE(SMARTCARD)
2c06c99b 3131 AC_DEFINE(USE_OPENSC, 1,
3132 [Define if you want smartcard support
3133 using OpenSC])
dec6d9fe 3134 SCARD_MSG="yes, using OpenSC"
3135 fi
3136 fi
3137 ]
3138)
700318f3 3139
cdd66111 3140# Check libraries needed by DNS fingerprint support
3141AC_SEARCH_LIBS(getrrsetbyname, resolv,
2c06c99b 3142 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3143 [Define if getrrsetbyname() exists])],
0fff78ff 3144 [
cdd66111 3145 # Needed by our getrrsetbyname()
3146 AC_SEARCH_LIBS(res_query, resolv)
3147 AC_SEARCH_LIBS(dn_expand, resolv)
c9f39d2c 3148 AC_MSG_CHECKING(if res_query will link)
3149 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3150 [AC_MSG_RESULT(no)
3151 saved_LIBS="$LIBS"
3152 LIBS="$LIBS -lresolv"
3153 AC_MSG_CHECKING(for res_query in -lresolv)
3154 AC_LINK_IFELSE([
3155#include <resolv.h>
3156int main()
3157{
3158 res_query (0, 0, 0, 0, 0);
3159 return 0;
3160}
3161 ],
3162 [LIBS="$LIBS -lresolv"
3163 AC_MSG_RESULT(yes)],
3164 [LIBS="$saved_LIBS"
3165 AC_MSG_RESULT(no)])
3166 ])
cdd66111 3167 AC_CHECK_FUNCS(_getshort _getlong)
665a873d 3168 AC_CHECK_DECLS([_getshort, _getlong], , ,
3169 [#include <sys/types.h>
3170 #include <arpa/nameser.h>])
cdd66111 3171 AC_CHECK_MEMBER(HEADER.ad,
2c06c99b 3172 [AC_DEFINE(HAVE_HEADER_AD, 1,
3173 [Define if HEADER.ad exists in arpa/nameser.h])],,
cdd66111 3174 [#include <arpa/nameser.h>])
3175 ])
0fff78ff 3176
9108f8d9 3177# Check whether user wants SELinux support
3178SELINUX_MSG="no"
3179LIBSELINUX=""
3180AC_ARG_WITH(selinux,
3181 [ --with-selinux Enable SELinux support],
3182 [ if test "x$withval" != "xno" ; then
3183 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3184 SELINUX_MSG="yes"
3185 AC_CHECK_HEADER([selinux/selinux.h], ,
3186 AC_MSG_ERROR(SELinux support requires selinux.h header))
3187 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3188 AC_MSG_ERROR(SELinux support requires libselinux library))
ff7ec503 3189 save_LIBS="$LIBS"
3190 LIBS="$LIBS $LIBSELINUX"
9108f8d9 3191 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
ff7ec503 3192 LIBS="$save_LIBS"
9108f8d9 3193 fi ]
3194)
3195AC_SUBST(LIBSELINUX)
3196
700318f3 3197# Check whether user wants Kerberos 5 support
cdd66111 3198KRB5_MSG="no"
700318f3 3199AC_ARG_WITH(kerberos5,
cdd66111 3200 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3201 [ if test "x$withval" != "xno" ; then
3202 if test "x$withval" = "xyes" ; then
3203 KRB5ROOT="/usr/local"
3204 else
3205 KRB5ROOT=${withval}
3206 fi
3207
2c06c99b 3208 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
cdd66111 3209 KRB5_MSG="yes"
3210
3211 AC_MSG_CHECKING(for krb5-config)
3212 if test -x $KRB5ROOT/bin/krb5-config ; then
3213 KRB5CONF=$KRB5ROOT/bin/krb5-config
3214 AC_MSG_RESULT($KRB5CONF)
3215
3216 AC_MSG_CHECKING(for gssapi support)
3217 if $KRB5CONF | grep gssapi >/dev/null ; then
3218 AC_MSG_RESULT(yes)
2c06c99b 3219 AC_DEFINE(GSSAPI, 1,
3220 [Define this if you want GSSAPI
3221 support in the version 2 protocol])
cdd66111 3222 k5confopts=gssapi
3223 else
3224 AC_MSG_RESULT(no)
3225 k5confopts=""
3226 fi
3227 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3228 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3229 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3230 AC_MSG_CHECKING(whether we are using Heimdal)
3231 AC_TRY_COMPILE([ #include <krb5.h> ],
3232 [ char *tmp = heimdal_version; ],
3233 [ AC_MSG_RESULT(yes)
2c06c99b 3234 AC_DEFINE(HEIMDAL, 1,
3235 [Define this if you are using the
3236 Heimdal version of Kerberos V5]) ],
cdd66111 3237 AC_MSG_RESULT(no)
3238 )
3239 else
3240 AC_MSG_RESULT(no)
700318f3 3241 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
cdd66111 3242 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3243 AC_MSG_CHECKING(whether we are using Heimdal)
3244 AC_TRY_COMPILE([ #include <krb5.h> ],
3245 [ char *tmp = heimdal_version; ],
3246 [ AC_MSG_RESULT(yes)
3247 AC_DEFINE(HEIMDAL)
c9f39d2c 3248 K5LIBS="-lkrb5 -ldes"
3249 K5LIBS="$K5LIBS -lcom_err -lasn1"
dec6d9fe 3250 AC_CHECK_LIB(roken, net_write,
c9f39d2c 3251 [K5LIBS="$K5LIBS -lroken"])
cdd66111 3252 ],
3253 [ AC_MSG_RESULT(no)
3254 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3255 ]
3256 )
0fff78ff 3257 AC_SEARCH_LIBS(dn_expand, resolv)
3258
3259 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3260 [ AC_DEFINE(GSSAPI)
3261 K5LIBS="-lgssapi $K5LIBS" ],
3262 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3263 [ AC_DEFINE(GSSAPI)
cdd66111 3264 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
0fff78ff 3265 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3266 $K5LIBS)
3267 ],
3268 $K5LIBS)
dec6d9fe 3269
0fff78ff 3270 AC_CHECK_HEADER(gssapi.h, ,
3271 [ unset ac_cv_header_gssapi_h
cdd66111 3272 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
0fff78ff 3273 AC_CHECK_HEADERS(gssapi.h, ,
3274 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
cdd66111 3275 )
0fff78ff 3276 ]
3277 )
3278
3279 oldCPP="$CPPFLAGS"
3280 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3281 AC_CHECK_HEADER(gssapi_krb5.h, ,
3282 [ CPPFLAGS="$oldCPP" ])
700318f3 3283
cdd66111 3284 fi
3285 if test ! -z "$need_dash_r" ; then
3286 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3287 fi
3288 if test ! -z "$blibpath" ; then
3289 blibpath="$blibpath:${KRB5ROOT}/lib"
3290 fi
cdd66111 3291
2c06c99b 3292 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3293 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3294 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
cdd66111 3295
2c06c99b 3296 LIBS="$LIBS $K5LIBS"
3297 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3298 [Define this if you want to use libkafs' AFS support]))
3299 fi
cdd66111 3300 ]
700318f3 3301)
3c0ef626 3302
3303# Looking for programs, paths and files
3c0ef626 3304
700318f3 3305PRIVSEP_PATH=/var/empty
3306AC_ARG_WITH(privsep-path,
41b2f314 3307 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
700318f3 3308 [
dec6d9fe 3309 if test -n "$withval" && test "x$withval" != "xno" && \
3310 test "x${withval}" != "xyes"; then
700318f3 3311 PRIVSEP_PATH=$withval
3312 fi
3313 ]
3314)
3315AC_SUBST(PRIVSEP_PATH)
3316
3c0ef626 3317AC_ARG_WITH(xauth,
3318 [ --with-xauth=PATH Specify path to xauth program ],
3319 [
dec6d9fe 3320 if test -n "$withval" && test "x$withval" != "xno" && \
3321 test "x${withval}" != "xyes"; then
3c0ef626 3322 xauth_path=$withval
3323 fi
3324 ],
3325 [
41b2f314 3326 TestPath="$PATH"
3327 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3328 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3329 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3330 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3331 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3c0ef626 3332 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3333 xauth_path="/usr/openwin/bin/xauth"
3334 fi
3335 ]
3336)
3337
6a9b3198 3338STRIP_OPT=-s
3339AC_ARG_ENABLE(strip,
3340 [ --disable-strip Disable calling strip(1) on install],
3341 [
3342 if test "x$enableval" = "xno" ; then
3343 STRIP_OPT=
3344 fi
3345 ]
3346)
3347AC_SUBST(STRIP_OPT)
3348
3c0ef626 3349if test -z "$xauth_path" ; then
3350 XAUTH_PATH="undefined"
3351 AC_SUBST(XAUTH_PATH)
3352else
2c06c99b 3353 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3354 [Define if xauth is found in your path])
3c0ef626 3355 XAUTH_PATH=$xauth_path
3356 AC_SUBST(XAUTH_PATH)
3357fi
3c0ef626 3358
3359# Check for mail directory (last resort if we cannot get it from headers)
3360if test ! -z "$MAIL" ; then
3361 maildir=`dirname $MAIL`
2c06c99b 3362 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3363 [Set this to your mail directory if you don't have maillock.h])
3c0ef626 3364fi
3365
996d5e62 3366if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3367 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3368 disable_ptmx_check=yes
3369fi
3c0ef626 3370if test -z "$no_dev_ptmx" ; then
700318f3 3371 if test "x$disable_ptmx_check" != "xyes" ; then
cdd66111 3372 AC_CHECK_FILE("/dev/ptmx",
700318f3 3373 [
2c06c99b 3374 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3375 [Define if you have /dev/ptmx])
700318f3 3376 have_dev_ptmx=1
3377 ]
3378 )
3379 fi
3c0ef626 3380fi
996d5e62 3381
3382if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3383 AC_CHECK_FILE("/dev/ptc",
3384 [
2c06c99b 3385 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3386 [Define if you have /dev/ptc])
996d5e62 3387 have_dev_ptc=1
3388 ]
3389 )
3390else
3391 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3392fi
3c0ef626 3393
3394# Options from here on. Some of these are preset by platform above
3c0ef626 3395AC_ARG_WITH(mantype,
3396 [ --with-mantype=man|cat|doc Set man page type],
3397 [
3398 case "$withval" in
3399 man|cat|doc)
3400 MANTYPE=$withval
3401 ;;
3402 *)
3403 AC_MSG_ERROR(invalid man type: $withval)
3404 ;;
3405 esac
3406 ]
3407)
3408if test -z "$MANTYPE"; then
41b2f314 3409 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3410 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3c0ef626 3411 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3412 MANTYPE=doc
3413 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3414 MANTYPE=man
3415 else
3416 MANTYPE=cat
3417 fi
3418fi
3419AC_SUBST(MANTYPE)
3420if test "$MANTYPE" = "doc"; then
3421 mansubdir=man;
3422else
3423 mansubdir=$MANTYPE;
3424fi
3425AC_SUBST(mansubdir)
3426
3427# Check whether to enable MD5 passwords
cdd66111 3428MD5_MSG="no"
3c0ef626 3429AC_ARG_WITH(md5-passwords,
3430 [ --with-md5-passwords Enable use of MD5 passwords],
3431 [
3432 if test "x$withval" != "xno" ; then
2c06c99b 3433 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3434 [Define if you want to allow MD5 passwords])
cdd66111 3435 MD5_MSG="yes"
3c0ef626 3436 fi
3437 ]
3438)
3439
3440# Whether to disable shadow password support
3441AC_ARG_WITH(shadow,
3442 [ --without-shadow Disable shadow password support],
3443 [
dec6d9fe 3444 if test "x$withval" = "xno" ; then
3c0ef626 3445 AC_DEFINE(DISABLE_SHADOW)
3446 disable_shadow=yes
3447 fi
3448 ]
3449)
3450
3451if test -z "$disable_shadow" ; then
3452 AC_MSG_CHECKING([if the systems has expire shadow information])
3453 AC_TRY_COMPILE(
3454 [
3455#include <sys/types.h>
3456#include <shadow.h>
3457 struct spwd sp;
3458 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3459 [ sp_expire_available=yes ], []
3460 )
3461
3462 if test "x$sp_expire_available" = "xyes" ; then
3463 AC_MSG_RESULT(yes)
2c06c99b 3464 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3465 [Define if you want to use shadow password expire field])
3c0ef626 3466 else
3467 AC_MSG_RESULT(no)
3468 fi
3469fi
3470
3471# Use ip address instead of hostname in $DISPLAY
3472if test ! -z "$IPADDR_IN_DISPLAY" ; then
3473 DISPLAY_HACK_MSG="yes"
2c06c99b 3474 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3475 [Define if you need to use IP address
3476 instead of hostname in $DISPLAY])
3c0ef626 3477else
cdd66111 3478 DISPLAY_HACK_MSG="no"
3c0ef626 3479 AC_ARG_WITH(ipaddr-display,
3480 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3481 [
dec6d9fe 3482 if test "x$withval" != "xno" ; then
3c0ef626 3483 AC_DEFINE(IPADDR_IN_DISPLAY)
cdd66111 3484 DISPLAY_HACK_MSG="yes"
3c0ef626 3485 fi
3486 ]
3487 )
3488fi
3489
0fff78ff 3490# check for /etc/default/login and use it if present.
acc3d05e 3491AC_ARG_ENABLE(etc-default-login,
996d5e62 3492 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3493 [ if test "x$enableval" = "xno"; then
3494 AC_MSG_NOTICE([/etc/default/login handling disabled])
3495 etc_default_login=no
3496 else
3497 etc_default_login=yes
3498 fi ],
2c06c99b 3499 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3500 then
3501 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3502 etc_default_login=no
3503 else
3504 etc_default_login=yes
3505 fi ]
996d5e62 3506)
0fff78ff 3507
996d5e62 3508if test "x$etc_default_login" != "xno"; then
3509 AC_CHECK_FILE("/etc/default/login",
3510 [ external_path_file=/etc/default/login ])
2c06c99b 3511 if test "x$external_path_file" = "x/etc/default/login"; then
3512 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3513 [Define if your system has /etc/default/login])
996d5e62 3514 fi
0fff78ff 3515fi
3516
700318f3 3517dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
dec6d9fe 3518if test $ac_cv_func_login_getcapbool = "yes" && \
3519 test $ac_cv_header_login_cap_h = "yes" ; then
0fff78ff 3520 external_path_file=/etc/login.conf
700318f3 3521fi
0fff78ff 3522
3c0ef626 3523# Whether to mess with the default path
cdd66111 3524SERVER_PATH_MSG="(default)"
3c0ef626 3525AC_ARG_WITH(default-path,
700318f3 3526 [ --with-default-path= Specify default \$PATH environment for server],
3c0ef626 3527 [
0fff78ff 3528 if test "x$external_path_file" = "x/etc/login.conf" ; then
700318f3 3529 AC_MSG_WARN([
3530--with-default-path=PATH has no effect on this system.
3531Edit /etc/login.conf instead.])
dec6d9fe 3532 elif test "x$withval" != "xno" ; then
0fff78ff 3533 if test ! -z "$external_path_file" ; then
3534 AC_MSG_WARN([
3535--with-default-path=PATH will only be used if PATH is not defined in
3536$external_path_file .])
3537 fi
3c0ef626 3538 user_path="$withval"
cdd66111 3539 SERVER_PATH_MSG="$withval"
3c0ef626 3540 fi
3541 ],
0fff78ff 3542 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3543 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
700318f3 3544 else
0fff78ff 3545 if test ! -z "$external_path_file" ; then
3546 AC_MSG_WARN([
3547If PATH is defined in $external_path_file, ensure the path to scp is included,
3548otherwise scp will not work.])
3549 fi
2c06c99b 3550 AC_RUN_IFELSE(
3551 [AC_LANG_SOURCE([[
3c0ef626 3552/* find out what STDPATH is */
3553#include <stdio.h>
3554#ifdef HAVE_PATHS_H
3555# include <paths.h>
3556#endif
3557#ifndef _PATH_STDPATH
6a9b3198 3558# ifdef _PATH_USERPATH /* Irix */
3559# define _PATH_STDPATH _PATH_USERPATH
3560# else
3561# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3562# endif
3c0ef626 3563#endif
3564#include <sys/types.h>
3565#include <sys/stat.h>
3566#include <fcntl.h>
3567#define DATA "conftest.stdpath"
3568
3569main()
3570{
3571 FILE *fd;
3572 int rc;
dec6d9fe 3573
3c0ef626 3574 fd = fopen(DATA,"w");
3575 if(fd == NULL)
3576 exit(1);
dec6d9fe 3577
3c0ef626 3578 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3579 exit(1);
3580
3581 exit(0);
3582}
2c06c99b 3583 ]])],
3584 [ user_path=`cat conftest.stdpath` ],
3c0ef626 3585 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3586 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3587 )
3588# make sure $bindir is in USER_PATH so scp will work
3589 t_bindir=`eval echo ${bindir}`
3590 case $t_bindir in
3591 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3592 esac
3593 case $t_bindir in
3594 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3595 esac
3596 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3597 if test $? -ne 0 ; then
3598 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3599 if test $? -ne 0 ; then
3600 user_path=$user_path:$t_bindir
3601 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3602 fi
3603 fi
700318f3 3604 fi ]
3605)
0fff78ff 3606if test "x$external_path_file" != "x/etc/login.conf" ; then
2c06c99b 3607 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
700318f3 3608 AC_SUBST(user_path)
3609fi
3610
3611# Set superuser path separately to user path
700318f3 3612AC_ARG_WITH(superuser-path,
3613 [ --with-superuser-path= Specify different path for super-user],
3614 [
dec6d9fe 3615 if test -n "$withval" && test "x$withval" != "xno" && \
3616 test "x${withval}" != "xyes"; then
2c06c99b 3617 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3618 [Define if you want a different $PATH
3619 for the superuser])
700318f3 3620 superuser_path=$withval
3621 fi
3c0ef626 3622 ]
3623)
700318f3 3624
3c0ef626 3625
3c0ef626 3626AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
cdd66111 3627IPV4_IN6_HACK_MSG="no"
3c0ef626 3628AC_ARG_WITH(4in6,
3629 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3630 [
3631 if test "x$withval" != "xno" ; then
3632 AC_MSG_RESULT(yes)
2c06c99b 3633 AC_DEFINE(IPV4_IN_IPV6, 1,
3634 [Detect IPv4 in IPv6 mapped addresses
3635 and treat as IPv4])
cdd66111 3636 IPV4_IN6_HACK_MSG="yes"
3c0ef626 3637 else
3638 AC_MSG_RESULT(no)
3639 fi
3640 ],[
3641 if test "x$inet6_default_4in6" = "xyes"; then
3642 AC_MSG_RESULT([yes (default)])
3643 AC_DEFINE(IPV4_IN_IPV6)
cdd66111 3644 IPV4_IN6_HACK_MSG="yes"
3c0ef626 3645 else
3646 AC_MSG_RESULT([no (default)])
3647 fi
3648 ]
3649)
3650
3651# Whether to enable BSD auth support
e9a17296 3652BSD_AUTH_MSG=no
3c0ef626 3653AC_ARG_WITH(bsd-auth,
3654 [ --with-bsd-auth Enable BSD auth support],
3655 [
dec6d9fe 3656 if test "x$withval" != "xno" ; then
2c06c99b 3657 AC_DEFINE(BSD_AUTH, 1,
3658 [Define if you have BSD auth support])
e9a17296 3659 BSD_AUTH_MSG=yes
3c0ef626 3660 fi
3661 ]
3662)
3663
3c0ef626 3664# Where to place sshd.pid
3665piddir=/var/run
700318f3 3666# make sure the directory exists
dec6d9fe 3667if test ! -d $piddir ; then
700318f3 3668 piddir=`eval echo ${sysconfdir}`
3669 case $piddir in
cdd66111 3670 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
700318f3 3671 esac
3672fi
3673
3c0ef626 3674AC_ARG_WITH(pid-dir,
3675 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3676 [
dec6d9fe 3677 if test -n "$withval" && test "x$withval" != "xno" && \
3678 test "x${withval}" != "xyes"; then
3c0ef626 3679 piddir=$withval
dec6d9fe 3680 if test ! -d $piddir ; then
700318f3 3681 AC_MSG_WARN([** no $piddir directory on this system **])
3682 fi
3c0ef626 3683 fi
3684 ]
3685)
3686
2c06c99b 3687AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3c0ef626 3688AC_SUBST(piddir)
3689
3690dnl allow user to disable some login recording features
3691AC_ARG_ENABLE(lastlog,
3692 [ --disable-lastlog disable use of lastlog even if detected [no]],
0fff78ff 3693 [
3694 if test "x$enableval" = "xno" ; then
3695 AC_DEFINE(DISABLE_LASTLOG)
3696 fi
3697 ]
3c0ef626 3698)
3699AC_ARG_ENABLE(utmp,
3700 [ --disable-utmp disable use of utmp even if detected [no]],
0fff78ff 3701 [
3702 if test "x$enableval" = "xno" ; then
3703 AC_DEFINE(DISABLE_UTMP)
3704 fi
3705 ]
3c0ef626 3706)
3707AC_ARG_ENABLE(utmpx,
3708 [ --disable-utmpx disable use of utmpx even if detected [no]],
0fff78ff 3709 [
3710 if test "x$enableval" = "xno" ; then
2c06c99b 3711 AC_DEFINE(DISABLE_UTMPX, 1,
3712 [Define if you don't want to use utmpx])
0fff78ff 3713 fi
3714 ]
3c0ef626 3715)
3716AC_ARG_ENABLE(wtmp,
3717 [ --disable-wtmp disable use of wtmp even if detected [no]],
0fff78ff 3718 [
3719 if test "x$enableval" = "xno" ; then
3720 AC_DEFINE(DISABLE_WTMP)
3721 fi
3722 ]
3c0ef626 3723)
3724AC_ARG_ENABLE(wtmpx,
3725 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
0fff78ff 3726 [
3727 if test "x$enableval" = "xno" ; then
2c06c99b 3728 AC_DEFINE(DISABLE_WTMPX, 1,
3729 [Define if you don't want to use wtmpx])
0fff78ff 3730 fi
3731 ]
3c0ef626 3732)
3733AC_ARG_ENABLE(libutil,
3734 [ --disable-libutil disable use of libutil (login() etc.) [no]],
0fff78ff 3735 [
3736 if test "x$enableval" = "xno" ; then
3737 AC_DEFINE(DISABLE_LOGIN)
3738 fi
3739 ]
3c0ef626 3740)
3741AC_ARG_ENABLE(pututline,
3742 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
0fff78ff 3743 [
3744 if test "x$enableval" = "xno" ; then
2c06c99b 3745 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3746 [Define if you don't want to use pututline()
3747 etc. to write [uw]tmp])
0fff78ff 3748 fi
3749 ]
3c0ef626 3750)
3751AC_ARG_ENABLE(pututxline,
3752 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
0fff78ff 3753 [
3754 if test "x$enableval" = "xno" ; then
2c06c99b 3755 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3756 [Define if you don't want to use pututxline()
3757 etc. to write [uw]tmpx])
0fff78ff 3758 fi
3759 ]
3c0ef626 3760)
3761AC_ARG_WITH(lastlog,
3762 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3763 [
dec6d9fe 3764 if test "x$withval" = "xno" ; then
3c0ef626 3765 AC_DEFINE(DISABLE_LASTLOG)
dec6d9fe 3766 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3c0ef626 3767 conf_lastlog_location=$withval
3768 fi
3769 ]
3770)
3771
3772dnl lastlog, [uw]tmpx? detection
3773dnl NOTE: set the paths in the platform section to avoid the
3774dnl need for command-line parameters
3775dnl lastlog and [uw]tmp are subject to a file search if all else fails
3776
3777dnl lastlog detection
3778dnl NOTE: the code itself will detect if lastlog is a directory
3779AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3780AC_TRY_COMPILE([
3781#include <sys/types.h>
3782#include <utmp.h>
3783#ifdef HAVE_LASTLOG_H
3784# include <lastlog.h>
3785#endif
3786#ifdef HAVE_PATHS_H
3787# include <paths.h>
3788#endif
3789#ifdef HAVE_LOGIN_H
3790# include <login.h>
3791#endif
3792 ],
3793 [ char *lastlog = LASTLOG_FILE; ],
3794 [ AC_MSG_RESULT(yes) ],
3795 [
3796 AC_MSG_RESULT(no)
3797 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3798 AC_TRY_COMPILE([
3799#include <sys/types.h>
3800#include <utmp.h>
3801#ifdef HAVE_LASTLOG_H
3802# include <lastlog.h>
3803#endif
3804#ifdef HAVE_PATHS_H
3805# include <paths.h>
3806#endif
3807 ],
3808 [ char *lastlog = _PATH_LASTLOG; ],
3809 [ AC_MSG_RESULT(yes) ],
3810 [
3811 AC_MSG_RESULT(no)
3812 system_lastlog_path=no
3813 ])
3814 ]
3815)
3816
3817if test -z "$conf_lastlog_location"; then
3818 if test x"$system_lastlog_path" = x"no" ; then
3819 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3820 if (test -d "$f" || test -f "$f") ; then
3821 conf_lastlog_location=$f
3822 fi
3823 done
3824 if test -z "$conf_lastlog_location"; then
3825 AC_MSG_WARN([** Cannot find lastlog **])
3826 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3827 fi
3828 fi
3829fi
3830
3831if test -n "$conf_lastlog_location"; then
2c06c99b 3832 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3833 [Define if you want to specify the path to your lastlog file])
dec6d9fe 3834fi
3c0ef626 3835
3836dnl utmp detection
3837AC_MSG_CHECKING([if your system defines UTMP_FILE])
3838AC_TRY_COMPILE([
3839#include <sys/types.h>
3840#include <utmp.h>
3841#ifdef HAVE_PATHS_H
3842# include <paths.h>
3843#endif
3844 ],
3845 [ char *utmp = UTMP_FILE; ],
3846 [ AC_MSG_RESULT(yes) ],
3847 [ AC_MSG_RESULT(no)
3848 system_utmp_path=no ]
3849)
3850if test -z "$conf_utmp_location"; then
3851 if test x"$system_utmp_path" = x"no" ; then
3852 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3853 if test -f $f ; then
3854 conf_utmp_location=$f
3855 fi
3856 done
3857 if test -z "$conf_utmp_location"; then
3858 AC_DEFINE(DISABLE_UTMP)
3859 fi
3860 fi
3861fi
3862if test -n "$conf_utmp_location"; then
2c06c99b 3863 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3864 [Define if you want to specify the path to your utmp file])
dec6d9fe 3865fi
3c0ef626 3866
3867dnl wtmp detection
3868AC_MSG_CHECKING([if your system defines WTMP_FILE])
3869AC_TRY_COMPILE([
3870#include <sys/types.h>
3871#include <utmp.h>
3872#ifdef HAVE_PATHS_H
3873# include <paths.h>
3874#endif
3875 ],
3876 [ char *wtmp = WTMP_FILE; ],
3877 [ AC_MSG_RESULT(yes) ],
3878 [ AC_MSG_RESULT(no)
3879 system_wtmp_path=no ]
3880)
3881if test -z "$conf_wtmp_location"; then
3882 if test x"$system_wtmp_path" = x"no" ; then
3883 for f in /usr/adm/wtmp /var/log/wtmp; do
3884 if test -f $f ; then
3885 conf_wtmp_location=$f
3886 fi
3887 done
3888 if test -z "$conf_wtmp_location"; then
3889 AC_DEFINE(DISABLE_WTMP)
3890 fi
3891 fi
3892fi
3893if test -n "$conf_wtmp_location"; then
2c06c99b 3894 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3895 [Define if you want to specify the path to your wtmp file])
dec6d9fe 3896fi
3c0ef626 3897
3898
3899dnl utmpx detection - I don't know any system so perverse as to require
3900dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3901dnl there, though.
3902AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3903AC_TRY_COMPILE([
3904#include <sys/types.h>
3905#include <utmp.h>
3906#ifdef HAVE_UTMPX_H
3907#include <utmpx.h>
3908#endif
3909#ifdef HAVE_PATHS_H
3910# include <paths.h>
3911#endif
3912 ],
3913 [ char *utmpx = UTMPX_FILE; ],
3914 [ AC_MSG_RESULT(yes) ],
3915 [ AC_MSG_RESULT(no)
3916 system_utmpx_path=no ]
3917)
3918if test -z "$conf_utmpx_location"; then
3919 if test x"$system_utmpx_path" = x"no" ; then
3920 AC_DEFINE(DISABLE_UTMPX)
3921 fi
3922else
2c06c99b 3923 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3924 [Define if you want to specify the path to your utmpx file])
dec6d9fe 3925fi
3c0ef626 3926
3927dnl wtmpx detection
3928AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3929AC_TRY_COMPILE([
3930#include <sys/types.h>
3931#include <utmp.h>
3932#ifdef HAVE_UTMPX_H
3933#include <utmpx.h>
3934#endif
3935#ifdef HAVE_PATHS_H
3936# include <paths.h>
3937#endif
3938 ],
3939 [ char *wtmpx = WTMPX_FILE; ],
3940 [ AC_MSG_RESULT(yes) ],
3941 [ AC_MSG_RESULT(no)
3942 system_wtmpx_path=no ]
3943)
3944if test -z "$conf_wtmpx_location"; then
3945 if test x"$system_wtmpx_path" = x"no" ; then
3946 AC_DEFINE(DISABLE_WTMPX)
3947 fi
3948else
2c06c99b 3949 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3950 [Define if you want to specify the path to your wtmpx file])
dec6d9fe 3951fi
3c0ef626 3952
3953
3c0ef626 3954if test ! -z "$blibpath" ; then
7e772e1f 3955 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3956 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3c0ef626 3957fi
3958
665a873d 3959dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3960dnl Add now.
3961CFLAGS="$CFLAGS $werror_flags"
3962
e9a17296 3963AC_EXEEXT
9108f8d9 3964AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3965 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
996d5e62 3966 scard/Makefile ssh_prng_cmds survey.sh])
3c0ef626 3967AC_OUTPUT
3968
3969# Print summary of options
3970
3c0ef626 3971# Someone please show me a better way :)
3972A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3973B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3974C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3975D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3976E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3977F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3978G=`eval echo ${piddir}` ; G=`eval echo ${G}`
700318f3 3979H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3980I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3981J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3c0ef626 3982
3983echo ""
3984echo "OpenSSH has been configured with the following options:"
700318f3 3985echo " User binaries: $B"
3986echo " System binaries: $C"
3987echo " Configuration files: $D"
3988echo " Askpass program: $E"
3989echo " Manual pages: $F"
3990echo " PID file: $G"
3991echo " Privilege separation chroot path: $H"
0fff78ff 3992if test "x$external_path_file" = "x/etc/login.conf" ; then
3993echo " At runtime, sshd will use the path defined in $external_path_file"
3994echo " Make sure the path to scp is present, otherwise scp will not work"
700318f3 3995else
3996echo " sshd default user PATH: $I"
0fff78ff 3997 if test ! -z "$external_path_file"; then
3998echo " (If PATH is set in $external_path_file it will be used instead. If"
3999echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4000 fi
700318f3 4001fi
4002if test ! -z "$superuser_path" ; then
4003echo " sshd superuser user PATH: $J"
4004fi
4005echo " Manpage format: $MANTYPE"
0fff78ff 4006echo " PAM support: $PAM_MSG"
9108f8d9 4007echo " OSF SIA support: $SIA_MSG"
700318f3 4008echo " KerberosV support: $KRB5_MSG"
9108f8d9 4009echo " SELinux support: $SELINUX_MSG"
700318f3 4010echo " Smartcard support: $SCARD_MSG"
700318f3 4011echo " S/KEY support: $SKEY_MSG"
4012echo " TCP Wrappers support: $TCPW_MSG"
4013echo " MD5 password support: $MD5_MSG"
996d5e62 4014echo " libedit support: $LIBEDIT_MSG"
9108f8d9 4015echo " Solaris process contract support: $SPC_MSG"
700318f3 4016echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
700318f3 4017echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4018echo " BSD Auth support: $BSD_AUTH_MSG"
4019echo " Random number source: $RAND_MSG"
e9a17296 4020if test ! -z "$USE_RAND_HELPER" ; then
700318f3 4021echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3c0ef626 4022fi
4023
4024echo ""
4025
4026echo " Host: ${host}"
4027echo " Compiler: ${CC}"
4028echo " Compiler flags: ${CFLAGS}"
4029echo "Preprocessor flags: ${CPPFLAGS}"
4030echo " Linker flags: ${LDFLAGS}"
e9a17296 4031echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3c0ef626 4032
4033echo ""
4034
c9f39d2c 4035if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
996d5e62 4036 echo "SVR4 style packages are supported with \"make package\""
4037 echo ""
c9f39d2c 4038fi
4039
3c0ef626 4040if test "x$PAM_MSG" = "xyes" ; then
e9a17296 4041 echo "PAM is enabled. You may need to install a PAM control file "
4042 echo "for sshd, otherwise password authentication may fail. "
cdd66111 4043 echo "Example PAM control files can be found in the contrib/ "
e9a17296 4044 echo "subdirectory"
3c0ef626 4045 echo ""
4046fi
4047
e9a17296 4048if test ! -z "$RAND_HELPER_CMDHASH" ; then
4049 echo "WARNING: you are using the builtin random number collection "
4050 echo "service. Please read WARNING.RNG and request that your OS "
4051 echo "vendor includes kernel-based random number collection in "
4052 echo "future versions of your OS."
3c0ef626 4053 echo ""
4054fi
4055
c9f39d2c 4056if test ! -z "$NO_PEERCHECK" ; then
4057 echo "WARNING: the operating system that you are using does not "
4058 echo "appear to support either the getpeereid() API nor the "
4059 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4060 echo "enforce security checks to prevent unauthorised connections to "
4061 echo "ssh-agent. Their absence increases the risk that a malicious "
4062 echo "user can connect to your agent. "
4063 echo ""
4064fi
4065
996d5e62 4066if test "$AUDIT_MODULE" = "bsm" ; then
4067 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4068 echo "See the Solaris section in README.platform for details."
4069fi
git-cvsimport mirror of GSI OpenSSH
This page took 0.746588 seconds and 5 git commands to generate.