]> andersk Git - gssapi-openssh.git/blame - openssh/configure.ac
andersk / gssapi-openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
check for existence of globus_gss_assist_map_and_authorize()
[gssapi-openssh.git] / openssh / configure.ac
CommitLineData
3c0ef626 1# $Id$
12a403af 2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
3c0ef626 16
2ce0bfe4 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
4b6dae8f 18AC_REVISION($Revision$)
3c0ef626 19AC_CONFIG_SRCDIR([ssh.c])
20
21AC_CONFIG_HEADER(config.h)
22AC_PROG_CC
23AC_CANONICAL_HOST
24AC_C_BIGENDIAN
25
26# Checks for programs.
7cac2b65 27AC_PROG_AWK
3c0ef626 28AC_PROG_CPP
29AC_PROG_RANLIB
30AC_PROG_INSTALL
4b6dae8f 31AC_PROG_EGREP
3c0ef626 32AC_PATH_PROG(AR, ar)
7e82606e 33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
3c0ef626 35AC_PATH_PROGS(PERL, perl5 perl)
bfe49944 36AC_PATH_PROG(SED, sed)
3c0ef626 37AC_SUBST(PERL)
38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
3c0ef626 40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
350391c5 43AC_PATH_PROG(SH, sh)
7e82606e 44AC_SUBST(TEST_SHELL,sh)
45
46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
08822d99 52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
3c0ef626 57
58# System features
59AC_SYS_LARGEFILE
60
61if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
08822d99 67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
3c0ef626 70else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76fi
77
540d72c3 78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
08822d99 80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
540d72c3 82fi
83
3c0ef626 84if test -z "$LD" ; then
85 LD=$CC
86fi
87AC_SUBST(LD)
8b32eddc 88
3c0ef626 89AC_C_INLINE
2ce0bfe4 90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
540d72c3 93if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
2ce0bfe4 94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
08822d99 95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
2ce0bfe4 96 case $GCC_VER in
97 1.*) ;;
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99 2.*) ;;
08822d99 100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
102 *) ;;
2ce0bfe4 103 esac
104
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
111 [have_llong_max=1],
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
114 )
115 fi
116fi
117
540d72c3 118AC_ARG_WITH(rpath,
119 [ --without-rpath Disable auto-added -R linker paths],
120 [
8b32eddc 121 if test "x$withval" = "xno" ; then
540d72c3 122 need_dash_r=""
123 fi
124 if test "x$withval" = "xyes" ; then
125 need_dash_r=1
126 fi
127 ]
128)
129
3c0ef626 130# Check for some target-specific stuff
131case "$host" in
132*-*-aix*)
540d72c3 133 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
256cb466 134 if (test -z "$blibpath"); then
540d72c3 135 blibpath="/usr/lib:/lib"
3c0ef626 136 fi
256cb466 137 saved_LDFLAGS="$LDFLAGS"
138 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
139 if (test -z "$blibflags"); then
140 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
141 AC_TRY_LINK([], [], [blibflags=$tryflags])
142 fi
143 done
144 if (test -z "$blibflags"); then
145 AC_MSG_RESULT(not found)
146 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
147 else
148 AC_MSG_RESULT($blibflags)
149 fi
150 LDFLAGS="$saved_LDFLAGS"
7cac2b65 151 dnl Check for authenticate. Might be in libs.a on older AIXes
08822d99 152 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
153 [Define if you want to enable AIX4's authenticate function])],
d03f4262 154 [AC_CHECK_LIB(s,authenticate,
155 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
156 LIBS="$LIBS -ls"
157 ])
158 ])
dfddba3d 159 dnl Check for various auth function declarations in headers.
160 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
8b32eddc 161 passwdexpired, setauthdb], , , [#include <usersec.h>])
7cac2b65 162 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
dfddba3d 163 AC_CHECK_DECLS(loginfailed,
7cac2b65 164 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
165 AC_TRY_COMPILE(
166 [#include <usersec.h>],
167 [(void)loginfailed("user","host","tty",0);],
168 [AC_MSG_RESULT(yes)
08822d99 169 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
170 [Define if your AIX loginfailed() function
171 takes 4 arguments (AIX >= 5.2)])],
7cac2b65 172 [AC_MSG_RESULT(no)]
173 )],
174 [],
175 [#include <usersec.h>]
176 )
177 AC_CHECK_FUNCS(setauthdb)
dfddba3d 178 check_for_aix_broken_getaddrinfo=1
08822d99 179 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
180 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
181 [Define if your platform breaks doing a seteuid before a setuid])
182 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
183 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
3c0ef626 184 dnl AIX handles lastlog as part of its login message
08822d99 185 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
186 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
187 [Some systems need a utmpx entry for /bin/login to work])
188 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
189 [Define to a Set Process Title type if your system is
190 supported by bsd-setproctitle.c])
191 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
192 [AIX 5.2 and 5.3 (and presumably newer) require this])
3c0ef626 193 ;;
194*-*-cygwin*)
bfe49944 195 check_for_libcrypt_later=1
e9702f7d 196 LIBS="$LIBS /usr/lib/textmode.o"
08822d99 197 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
198 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
199 AC_DEFINE(DISABLE_SHADOW, 1,
200 [Define if you want to disable shadow passwords])
201 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
202 [Define if your system choked on IP TOS setting])
203 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
204 [Define if X11 doesn't support AF_UNIX sockets on that system])
205 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
206 [Define if the concept of ports only accessible to
207 superusers isn't known])
208 AC_DEFINE(DISABLE_FD_PASSING, 1,
209 [Define if your platform needs to skip post auth
210 file descriptor passing])
3c0ef626 211 ;;
212*-*-dgux*)
213 AC_DEFINE(IP_TOS_IS_BROKEN)
540d72c3 214 AC_DEFINE(SETEUID_BREAKS_SETUID)
215 AC_DEFINE(BROKEN_SETREUID)
216 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 217 ;;
218*-*-darwin*)
08822d99 219 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
29d88157 220 AC_DEFINE(SETEUID_BREAKS_SETUID)
221 AC_DEFINE(BROKEN_SETREUID)
222 AC_DEFINE(BROKEN_SETREGID)
08822d99 223 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
224 [Define if your resolver libs need this for getrrsetbyname])
c06c9ae8 225 AC_MSG_CHECKING(if we have the Security Authorization Session API)
226 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
227 [SessionCreate(0, 0);],
228 [ac_cv_use_security_session_api="yes"
229 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
230 [platform has the Security Authorization Session API])
231 LIBS="$LIBS -framework Security"
232 AC_MSG_RESULT(yes)],
233 [ac_cv_use_security_session_api="no"
234 AC_MSG_RESULT(no)])
235 AC_MSG_CHECKING(if we have an in-memory credentials cache)
236 AC_TRY_COMPILE(
237 [#include <Kerberos/Kerberos.h>],
238 [cc_context_t c;
239 (void) cc_initialize (&c, 0, NULL, NULL);],
240 [AC_DEFINE(USE_CCAPI, 1,
08822d99 241 [platform uses an in-memory credentials cache])
c06c9ae8 242 LIBS="$LIBS -framework Security"
243 AC_MSG_RESULT(yes)
244 if test "x$ac_cv_use_security_session_api" = "xno"; then
245 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
246 fi],
247 [AC_MSG_RESULT(no)]
248 )
3c0ef626 249 ;;
2ce0bfe4 250*-*-hpux*)
251 # first we define all of the options common to all HP-UX releases
3c0ef626 252 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
253 IPADDR_IN_DISPLAY=yes
3c0ef626 254 AC_DEFINE(USE_PIPES)
08822d99 255 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
256 [Define if your login program cannot handle end of options ("--")])
350391c5 257 AC_DEFINE(LOGIN_NEEDS_UTMPX)
08822d99 258 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
259 [String used in /etc/passwd to denote locked account])
7cac2b65 260 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
08822d99 261 MAIL="/var/mail/username"
d03f4262 262 LIBS="$LIBS -lsec"
2ce0bfe4 263 AC_CHECK_LIB(xnet, t_error, ,
264 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
265
266 # next, we define all of the options specific to major releases
267 case "$host" in
268 *-*-hpux10*)
269 if test -z "$GCC"; then
270 CFLAGS="$CFLAGS -Ae"
271 fi
272 ;;
273 *-*-hpux11*)
08822d99 274 AC_DEFINE(PAM_SUN_CODEBASE, 1,
275 [Define if you are using Solaris-derived PAM which
276 passes pam_messages to the conversation function
277 with an extra level of indirection])
278 AC_DEFINE(DISABLE_UTMP, 1,
279 [Define if you don't want to use utmp])
2ce0bfe4 280 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
281 check_for_hpux_broken_getaddrinfo=1
282 check_for_conflicting_getspnam=1
283 ;;
284 esac
285
286 # lastly, we define options specific to minor releases
287 case "$host" in
288 *-*-hpux10.26)
08822d99 289 AC_DEFINE(HAVE_SECUREWARE, 1,
290 [Define if you have SecureWare-based
291 protected password database])
2ce0bfe4 292 disable_ptmx_check=yes
293 LIBS="$LIBS -lsecpw"
294 ;;
295 esac
3c0ef626 296 ;;
297*-*-irix5*)
3c0ef626 298 PATH="$PATH:/usr/etc"
08822d99 299 AC_DEFINE(BROKEN_INET_NTOA, 1,
300 [Define if you system's inet_ntoa is busted
301 (e.g. Irix gcc issue)])
540d72c3 302 AC_DEFINE(SETEUID_BREAKS_SETUID)
303 AC_DEFINE(BROKEN_SETREUID)
304 AC_DEFINE(BROKEN_SETREGID)
08822d99 305 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
306 [Define if you shouldn't strip 'tty' from your
307 ttyname in [uw]tmp])
7cac2b65 308 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 309 ;;
310*-*-irix6*)
3c0ef626 311 PATH="$PATH:/usr/etc"
08822d99 312 AC_DEFINE(WITH_IRIX_ARRAY, 1,
313 [Define if you have/want arrays
314 (cluster-wide session managment, not C arrays)])
315 AC_DEFINE(WITH_IRIX_PROJECT, 1,
316 [Define if you want IRIX project management])
317 AC_DEFINE(WITH_IRIX_AUDIT, 1,
318 [Define if you want IRIX audit trails])
319 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
320 [Define if you want IRIX kernel jobs])])
3c0ef626 321 AC_DEFINE(BROKEN_INET_NTOA)
29d88157 322 AC_DEFINE(SETEUID_BREAKS_SETUID)
323 AC_DEFINE(BROKEN_SETREUID)
324 AC_DEFINE(BROKEN_SETREGID)
08822d99 325 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
350391c5 326 AC_DEFINE(WITH_ABBREV_NO_TTY)
7cac2b65 327 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 328 ;;
329*-*-linux*)
330 no_dev_ptmx=1
331 check_for_libcrypt_later=1
7cac2b65 332 check_for_openpty_ctty_bug=1
08822d99 333 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
334 AC_DEFINE(PAM_TTY_KLUDGE, 1,
335 [Work around problematic Linux PAM modules handling of PAM_TTY])
336 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
337 [String used in /etc/passwd to denote locked account])
7cac2b65 338 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
08822d99 339 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
340 [Define to whatever link() returns for "not supported"
341 if it doesn't return EOPNOTSUPP.])
dfddba3d 342 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
08822d99 343 AC_DEFINE(USE_BTMP)
3c0ef626 344 inet6_default_4in6=yes
7cac2b65 345 case `uname -r` in
346 1.*|2.0.*)
08822d99 347 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
348 [Define if cmsg_type is not passed correctly])
7cac2b65 349 ;;
350 esac
08822d99 351 # tun(4) forwarding compat code
352 AC_CHECK_HEADERS(linux/if_tun.h)
353 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
354 AC_DEFINE(SSH_TUN_LINUX, 1,
355 [Open tunnel devices the Linux tun/tap way])
356 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
357 [Use tunnel device compatibility to OpenBSD])
358 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
359 [Prepend the address family to IP tunnel traffic])
360 fi
3c0ef626 361 ;;
362mips-sony-bsd|mips-sony-newsos4)
4b6dae8f 363 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
3c0ef626 364 SONY=1
3c0ef626 365 ;;
366*-*-netbsd*)
d03f4262 367 check_for_libcrypt_before=1
8b32eddc 368 if test "x$withval" != "xno" ; then
540d72c3 369 need_dash_r=1
370 fi
08822d99 371 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
372 AC_CHECK_HEADER([net/if_tap.h], ,
373 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
374 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
375 [Prepend the address family to IP tunnel traffic])
3c0ef626 376 ;;
377*-*-freebsd*)
378 check_for_libcrypt_later=1
08822d99 379 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
380 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
381 AC_CHECK_HEADER([net/if_tap.h], ,
382 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
3c0ef626 383 ;;
29d88157 384*-*-bsdi*)
385 AC_DEFINE(SETEUID_BREAKS_SETUID)
386 AC_DEFINE(BROKEN_SETREUID)
387 AC_DEFINE(BROKEN_SETREGID)
388 ;;
3c0ef626 389*-next-*)
390 conf_lastlog_location="/usr/adm/lastlog"
391 conf_utmp_location=/etc/utmp
392 conf_wtmp_location=/usr/adm/wtmp
393 MAIL=/usr/spool/mail
08822d99 394 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
3c0ef626 395 AC_DEFINE(BROKEN_REALPATH)
396 AC_DEFINE(USE_PIPES)
08822d99 397 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
3c0ef626 398 ;;
2ce0bfe4 399*-*-openbsd*)
400 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
08822d99 401 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
402 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
2ce0bfe4 403 ;;
3c0ef626 404*-*-solaris*)
8b32eddc 405 if test "x$withval" != "xno" ; then
12a403af 406 need_dash_r=1
407 fi
3c0ef626 408 AC_DEFINE(PAM_SUN_CODEBASE)
409 AC_DEFINE(LOGIN_NEEDS_UTMPX)
08822d99 410 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
411 [Some versions of /bin/login need the TERM supplied
412 on the commandline])
3c0ef626 413 AC_DEFINE(PAM_TTY_KLUDGE)
08822d99 414 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
415 [Define if pam_chauthtok wants real uid set
416 to the unpriv'ed user])
7cac2b65 417 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
418 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
08822d99 419 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
420 [Define if sshd somehow reacquires a controlling TTY
421 after setsid()])
7cac2b65 422 external_path_file=/etc/default/login
3c0ef626 423 # hardwire lastlog location (can't detect it on some versions)
424 conf_lastlog_location="/var/adm/lastlog"
425 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
426 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
427 if test "$sol2ver" -ge 8; then
428 AC_MSG_RESULT(yes)
429 AC_DEFINE(DISABLE_UTMP)
08822d99 430 AC_DEFINE(DISABLE_WTMP, 1,
431 [Define if you don't want to use wtmp])
3c0ef626 432 else
433 AC_MSG_RESULT(no)
434 fi
435 ;;
436*-*-sunos4*)
437 CPPFLAGS="$CPPFLAGS -DSUNOS4"
438 AC_CHECK_FUNCS(getpwanam)
439 AC_DEFINE(PAM_SUN_CODEBASE)
3c0ef626 440 conf_utmp_location=/etc/utmp
441 conf_wtmp_location=/var/adm/wtmp
442 conf_lastlog_location=/var/adm/lastlog
443 AC_DEFINE(USE_PIPES)
444 ;;
445*-ncr-sysv*)
3c0ef626 446 LIBS="$LIBS -lc89"
e9702f7d 447 AC_DEFINE(USE_PIPES)
7cac2b65 448 AC_DEFINE(SSHD_ACQUIRES_CTTY)
29d88157 449 AC_DEFINE(SETEUID_BREAKS_SETUID)
450 AC_DEFINE(BROKEN_SETREUID)
451 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 452 ;;
453*-sni-sysv*)
3c0ef626 454 # /usr/ucblib MUST NOT be searched on ReliantUNIX
540d72c3 455 AC_CHECK_LIB(dl, dlsym, ,)
08822d99 456 # -lresolv needs to be at the end of LIBS or DNS lookups break
457 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
3c0ef626 458 IPADDR_IN_DISPLAY=yes
459 AC_DEFINE(USE_PIPES)
460 AC_DEFINE(IP_TOS_IS_BROKEN)
540d72c3 461 AC_DEFINE(SETEUID_BREAKS_SETUID)
462 AC_DEFINE(BROKEN_SETREUID)
463 AC_DEFINE(BROKEN_SETREGID)
7cac2b65 464 AC_DEFINE(SSHD_ACQUIRES_CTTY)
465 external_path_file=/etc/default/login
3c0ef626 466 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
467 # Attention: always take care to bind libsocket and libnsl before libc,
468 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
469 ;;
dfddba3d 470# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
3c0ef626 471*-*-sysv4.2*)
08822d99 472 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
3c0ef626 473 AC_DEFINE(USE_PIPES)
7cac2b65 474 AC_DEFINE(SETEUID_BREAKS_SETUID)
475 AC_DEFINE(BROKEN_SETREUID)
476 AC_DEFINE(BROKEN_SETREGID)
8b32eddc 477 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
08822d99 478 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 479 ;;
dfddba3d 480# UnixWare 7.x, OpenUNIX 8
3c0ef626 481*-*-sysv5*)
2ce0bfe4 482 check_for_libcrypt_later=1
483 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
3c0ef626 484 AC_DEFINE(USE_PIPES)
7cac2b65 485 AC_DEFINE(SETEUID_BREAKS_SETUID)
486 AC_DEFINE(BROKEN_SETREUID)
487 AC_DEFINE(BROKEN_SETREGID)
08822d99 488 AC_DEFINE(PASSWD_NEEDS_USERNAME)
2ce0bfe4 489 case "$host" in
490 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
491 TEST_SHELL=/u95/bin/sh
08822d99 492 AC_DEFINE(BROKEN_LIBIAF, 1,
493 [ia_uinfo routines not supported by OS yet])
494 ;;
495 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
2ce0bfe4 496 ;;
497 esac
3c0ef626 498 ;;
499*-*-sysv*)
3c0ef626 500 ;;
dfddba3d 501# SCO UNIX and OEM versions of SCO UNIX
3c0ef626 502*-*-sco3.2v4*)
dfddba3d 503 AC_MSG_ERROR("This Platform is no longer supported.")
3c0ef626 504 ;;
dfddba3d 505# SCO OpenServer 5.x
3c0ef626 506*-*-sco3.2v5*)
bfe49944 507 if test -z "$GCC"; then
508 CFLAGS="$CFLAGS -belf"
509 fi
3c0ef626 510 LIBS="$LIBS -lprot -lx -ltinfo -lm"
511 no_dev_ptmx=1
3c0ef626 512 AC_DEFINE(USE_PIPES)
350391c5 513 AC_DEFINE(HAVE_SECUREWARE)
3c0ef626 514 AC_DEFINE(DISABLE_SHADOW)
d03f4262 515 AC_DEFINE(DISABLE_FD_PASSING)
7cac2b65 516 AC_DEFINE(SETEUID_BREAKS_SETUID)
517 AC_DEFINE(BROKEN_SETREUID)
518 AC_DEFINE(BROKEN_SETREGID)
519 AC_DEFINE(WITH_ABBREV_NO_TTY)
7e82606e 520 AC_DEFINE(BROKEN_UPDWTMPX)
08822d99 521 AC_DEFINE(PASSWD_NEEDS_USERNAME)
3c0ef626 522 AC_CHECK_FUNCS(getluid setluid)
523 MANTYPE=man
7e82606e 524 TEST_SHELL=ksh
3c0ef626 525 ;;
d03f4262 526*-*-unicosmk*)
08822d99 527 AC_DEFINE(NO_SSH_LASTLOG, 1,
528 [Define if you don't want to use lastlog in session.c])
540d72c3 529 AC_DEFINE(SETEUID_BREAKS_SETUID)
530 AC_DEFINE(BROKEN_SETREUID)
531 AC_DEFINE(BROKEN_SETREGID)
d03f4262 532 AC_DEFINE(USE_PIPES)
533 AC_DEFINE(DISABLE_FD_PASSING)
534 LDFLAGS="$LDFLAGS"
535 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
536 MANTYPE=cat
537 ;;
7cac2b65 538*-*-unicosmp*)
540d72c3 539 AC_DEFINE(SETEUID_BREAKS_SETUID)
540 AC_DEFINE(BROKEN_SETREUID)
541 AC_DEFINE(BROKEN_SETREGID)
7cac2b65 542 AC_DEFINE(WITH_ABBREV_NO_TTY)
543 AC_DEFINE(USE_PIPES)
544 AC_DEFINE(DISABLE_FD_PASSING)
545 LDFLAGS="$LDFLAGS"
540d72c3 546 LIBS="$LIBS -lgen -lacid -ldb"
7cac2b65 547 MANTYPE=cat
548 ;;
3c0ef626 549*-*-unicos*)
540d72c3 550 AC_DEFINE(SETEUID_BREAKS_SETUID)
551 AC_DEFINE(BROKEN_SETREUID)
552 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 553 AC_DEFINE(USE_PIPES)
d03f4262 554 AC_DEFINE(DISABLE_FD_PASSING)
555 AC_DEFINE(NO_SSH_LASTLOG)
556 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
557 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
558 MANTYPE=cat
3c0ef626 559 ;;
560*-dec-osf*)
561 AC_MSG_CHECKING(for Digital Unix SIA)
562 no_osfsia=""
563 AC_ARG_WITH(osfsia,
564 [ --with-osfsia Enable Digital Unix SIA],
565 [
566 if test "x$withval" = "xno" ; then
567 AC_MSG_RESULT(disabled)
568 no_osfsia=1
569 fi
570 ],
571 )
572 if test -z "$no_osfsia" ; then
573 if test -f /etc/sia/matrix.conf; then
574 AC_MSG_RESULT(yes)
08822d99 575 AC_DEFINE(HAVE_OSF_SIA, 1,
576 [Define if you have Digital Unix Security
577 Integration Architecture])
578 AC_DEFINE(DISABLE_LOGIN, 1,
579 [Define if you don't want to use your
580 system's login() call])
bfe49944 581 AC_DEFINE(DISABLE_FD_PASSING)
3c0ef626 582 LIBS="$LIBS -lsecurity -ldb -lm -laud"
583 else
584 AC_MSG_RESULT(no)
08822d99 585 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
586 [String used in /etc/passwd to denote locked account])
3c0ef626 587 fi
588 fi
7cac2b65 589 AC_DEFINE(BROKEN_GETADDRINFO)
29d88157 590 AC_DEFINE(SETEUID_BREAKS_SETUID)
591 AC_DEFINE(BROKEN_SETREUID)
592 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 593 ;;
594
4b6dae8f 595*-*-nto-qnx*)
3c0ef626 596 AC_DEFINE(USE_PIPES)
597 AC_DEFINE(NO_X11_UNIX_SOCKETS)
08822d99 598 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
599 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
600 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
4b6dae8f 601 AC_DEFINE(DISABLE_LASTLOG)
3c0ef626 602 ;;
2ce0bfe4 603
604*-*-ultrix*)
08822d99 605 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
606 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
4b6dae8f 607 AC_DEFINE(NEED_SETPGRP)
2ce0bfe4 608 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
609 ;;
610
611*-*-lynxos)
612 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
08822d99 613 AC_DEFINE(MISSING_HOWMANY)
2ce0bfe4 614 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
615 ;;
3c0ef626 616esac
617
618# Allow user to specify flags
619AC_ARG_WITH(cflags,
620 [ --with-cflags Specify additional flags to pass to compiler],
621 [
8b32eddc 622 if test -n "$withval" && test "x$withval" != "xno" && \
623 test "x${withval}" != "xyes"; then
3c0ef626 624 CFLAGS="$CFLAGS $withval"
625 fi
8b32eddc 626 ]
3c0ef626 627)
628AC_ARG_WITH(cppflags,
629 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
630 [
8b32eddc 631 if test -n "$withval" && test "x$withval" != "xno" && \
632 test "x${withval}" != "xyes"; then
3c0ef626 633 CPPFLAGS="$CPPFLAGS $withval"
634 fi
635 ]
636)
637AC_ARG_WITH(ldflags,
638 [ --with-ldflags Specify additional flags to pass to linker],
639 [
8b32eddc 640 if test -n "$withval" && test "x$withval" != "xno" && \
641 test "x${withval}" != "xyes"; then
3c0ef626 642 LDFLAGS="$LDFLAGS $withval"
643 fi
8b32eddc 644 ]
3c0ef626 645)
646AC_ARG_WITH(libs,
647 [ --with-libs Specify additional libraries to link with],
648 [
8b32eddc 649 if test -n "$withval" && test "x$withval" != "xno" && \
650 test "x${withval}" != "xyes"; then
3c0ef626 651 LIBS="$LIBS $withval"
652 fi
8b32eddc 653 ]
3c0ef626 654)
2ce0bfe4 655AC_ARG_WITH(Werror,
656 [ --with-Werror Build main code with -Werror],
657 [
658 if test -n "$withval" && test "x$withval" != "xno"; then
659 werror_flags="-Werror"
08822d99 660 if test "x${withval}" != "xyes"; then
2ce0bfe4 661 werror_flags="$withval"
662 fi
663 fi
664 ]
665)
3c0ef626 666
7cac2b65 667AC_MSG_CHECKING(compiler and flags for sanity)
dfddba3d 668AC_RUN_IFELSE(
669 [AC_LANG_SOURCE([
7cac2b65 670#include <stdio.h>
671int main(){exit(0);}
dfddba3d 672 ])],
7cac2b65 673 [ AC_MSG_RESULT(yes) ],
674 [
675 AC_MSG_RESULT(no)
676 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
dfddba3d 677 ],
678 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
7cac2b65 679)
680
2ce0bfe4 681dnl Checks for header files.
682AC_CHECK_HEADERS( \
683 bstring.h \
684 crypt.h \
685 dirent.h \
686 endian.h \
687 features.h \
688 floatingpoint.h \
689 getopt.h \
690 glob.h \
691 ia.h \
692 iaf.h \
2ce0bfe4 693 limits.h \
694 login.h \
695 login_cap.h \
696 maillock.h \
697 ndir.h \
698 netdb.h \
699 netgroup.h \
2ce0bfe4 700 pam/pam_appl.h \
701 paths.h \
702 pty.h \
703 readpassphrase.h \
704 rpc/types.h \
705 security/pam_appl.h \
706 shadow.h \
707 stddef.h \
708 stdint.h \
709 string.h \
710 strings.h \
711 sys/audit.h \
712 sys/bitypes.h \
713 sys/bsdtty.h \
714 sys/cdefs.h \
715 sys/dir.h \
716 sys/mman.h \
717 sys/ndir.h \
718 sys/prctl.h \
719 sys/pstat.h \
720 sys/select.h \
721 sys/stat.h \
722 sys/stream.h \
723 sys/stropts.h \
724 sys/strtio.h \
725 sys/sysmacros.h \
726 sys/time.h \
727 sys/timers.h \
728 sys/un.h \
729 time.h \
730 tmpdir.h \
731 ttyent.h \
732 unistd.h \
733 usersec.h \
734 util.h \
735 utime.h \
736 utmp.h \
737 utmpx.h \
738 vis.h \
739)
e9702f7d 740
4b6dae8f 741# lastlog.h requires sys/time.h to be included first on Solaris
742AC_CHECK_HEADERS(lastlog.h, [], [], [
743#ifdef HAVE_SYS_TIME_H
744# include <sys/time.h>
745#endif
746])
747
dfddba3d 748# sys/ptms.h requires sys/stream.h to be included first on Solaris
749AC_CHECK_HEADERS(sys/ptms.h, [], [], [
750#ifdef HAVE_SYS_STREAM_H
751# include <sys/stream.h>
752#endif
753])
754
3c0ef626 755# Checks for libraries.
756AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
757AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
758
7cac2b65 759dnl IRIX and Solaris 2.5.1 have dirname() in libgen
760AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
761 AC_CHECK_LIB(gen, dirname,[
762 AC_CACHE_CHECK([for broken dirname],
763 ac_cv_have_broken_dirname, [
764 save_LIBS="$LIBS"
765 LIBS="$LIBS -lgen"
08822d99 766 AC_RUN_IFELSE(
767 [AC_LANG_SOURCE([[
7cac2b65 768#include <libgen.h>
769#include <string.h>
770
771int main(int argc, char **argv) {
772 char *s, buf[32];
773
774 strncpy(buf,"/etc", 32);
775 s = dirname(buf);
776 if (!s || strncmp(s, "/", 32) != 0) {
777 exit(1);
778 } else {
779 exit(0);
780 }
781}
08822d99 782 ]])],
783 [ ac_cv_have_broken_dirname="no" ],
784 [ ac_cv_have_broken_dirname="yes" ],
7cac2b65 785 [ ac_cv_have_broken_dirname="no" ],
7cac2b65 786 )
787 LIBS="$save_LIBS"
788 ])
789 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
790 LIBS="$LIBS -lgen"
791 AC_DEFINE(HAVE_DIRNAME)
792 AC_CHECK_HEADERS(libgen.h)
793 fi
794 ])
795])
796
3c0ef626 797AC_CHECK_FUNC(getspnam, ,
798 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
08822d99 799AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
800 [Define if you have the basename function.]))
3c0ef626 801
802dnl zlib is required
803AC_ARG_WITH(zlib,
804 [ --with-zlib=PATH Use zlib in PATH],
8b32eddc 805 [ if test "x$withval" = "xno" ; then
806 AC_MSG_ERROR([*** zlib is required ***])
807 elif test "x$withval" != "xyes"; then
3c0ef626 808 if test -d "$withval/lib"; then
809 if test -n "${need_dash_r}"; then
810 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
811 else
812 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
813 fi
814 else
815 if test -n "${need_dash_r}"; then
816 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
817 else
818 LDFLAGS="-L${withval} ${LDFLAGS}"
819 fi
820 fi
821 if test -d "$withval/include"; then
822 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
823 else
824 CPPFLAGS="-I${withval} ${CPPFLAGS}"
825 fi
8b32eddc 826 fi ]
3c0ef626 827)
828
540d72c3 829AC_CHECK_LIB(z, deflate, ,
830 [
831 saved_CPPFLAGS="$CPPFLAGS"
832 saved_LDFLAGS="$LDFLAGS"
833 save_LIBS="$LIBS"
834 dnl Check default zlib install dir
835 if test -n "${need_dash_r}"; then
836 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
837 else
838 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
839 fi
840 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
841 LIBS="$LIBS -lz"
842 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
843 [
844 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
845 ]
846 )
847 ]
848)
849AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
850
851AC_ARG_WITH(zlib-version-check,
852 [ --without-zlib-version-check Disable zlib version check],
853 [ if test "x$withval" = "xno" ; then
854 zlib_check_nonfatal=1
855 fi
856 ]
857)
858
8b32eddc 859AC_MSG_CHECKING(for possibly buggy zlib)
dfddba3d 860AC_RUN_IFELSE([AC_LANG_SOURCE([[
8b32eddc 861#include <stdio.h>
540d72c3 862#include <zlib.h>
863int main()
864{
8b32eddc 865 int a=0, b=0, c=0, d=0, n, v;
866 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
867 if (n != 3 && n != 4)
540d72c3 868 exit(1);
8b32eddc 869 v = a*1000000 + b*10000 + c*100 + d;
870 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
871
872 /* 1.1.4 is OK */
873 if (a == 1 && b == 1 && c >= 4)
540d72c3 874 exit(0);
8b32eddc 875
2ce0bfe4 876 /* 1.2.3 and up are OK */
877 if (v >= 1020300)
8b32eddc 878 exit(0);
879
540d72c3 880 exit(2);
881}
dfddba3d 882 ]])],
8b32eddc 883 AC_MSG_RESULT(no),
884 [ AC_MSG_RESULT(yes)
540d72c3 885 if test -z "$zlib_check_nonfatal" ; then
886 AC_MSG_ERROR([*** zlib too old - check config.log ***
887Your reported zlib version has known security problems. It's possible your
888vendor has fixed these problems without changing the version number. If you
889are sure this is the case, you can disable the check by running
890"./configure --without-zlib-version-check".
2ce0bfe4 891If you are in doubt, upgrade zlib to version 1.2.3 or greater.
8b32eddc 892See http://www.gzip.org/zlib/ for details.])
540d72c3 893 else
894 AC_MSG_WARN([zlib version may have security problems])
895 fi
dfddba3d 896 ],
897 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
540d72c3 898)
3c0ef626 899
3c0ef626 900dnl UnixWare 2.x
540d72c3 901AC_CHECK_FUNC(strcasecmp,
3c0ef626 902 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
903)
08822d99 904AC_CHECK_FUNCS(utimes,
d03f4262 905 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
906 LIBS="$LIBS -lc89"]) ]
3c0ef626 907)
908
909dnl Checks for libutil functions
910AC_CHECK_HEADERS(libutil.h)
08822d99 911AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
912 [Define if your libraries define login()])])
3c0ef626 913AC_CHECK_FUNCS(logout updwtmp logwtmp)
914
915AC_FUNC_STRFTIME
916
3c0ef626 917# Check for ALTDIRFUNC glob() extension
918AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
919AC_EGREP_CPP(FOUNDIT,
920 [
921 #include <glob.h>
922 #ifdef GLOB_ALTDIRFUNC
923 FOUNDIT
924 #endif
540d72c3 925 ],
3c0ef626 926 [
08822d99 927 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
928 [Define if your system glob() function has
929 the GLOB_ALTDIRFUNC extension])
3c0ef626 930 AC_MSG_RESULT(yes)
931 ],
932 [
933 AC_MSG_RESULT(no)
934 ]
935)
936
937# Check for g.gl_matchc glob() extension
938AC_MSG_CHECKING(for gl_matchc field in glob_t)
939AC_EGREP_CPP(FOUNDIT,
540d72c3 940 [
941 #include <glob.h>
3c0ef626 942 int main(void){glob_t g; g.gl_matchc = 1;}
540d72c3 943 ],
944 [
08822d99 945 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
946 [Define if your system glob() function has
947 gl_matchc options in glob_t])
540d72c3 948 AC_MSG_RESULT(yes)
949 ],
950 [
951 AC_MSG_RESULT(no)
952 ]
3c0ef626 953)
954
955AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
dfddba3d 956AC_RUN_IFELSE(
957 [AC_LANG_SOURCE([[
3c0ef626 958#include <sys/types.h>
959#include <dirent.h>
d03f4262 960int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
dfddba3d 961 ]])],
540d72c3 962 [AC_MSG_RESULT(yes)],
3c0ef626 963 [
964 AC_MSG_RESULT(no)
08822d99 965 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
966 [Define if your struct dirent expects you to
967 allocate extra space for d_name])
dfddba3d 968 ],
8b32eddc 969 [
dfddba3d 970 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
971 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
3c0ef626 972 ]
973)
974
1c89237d 975# Check whether the user wants GSSAPI mechglue support
976AC_ARG_WITH(mechglue,
bec32dad 977 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1c89237d 978 [
979 AC_MSG_CHECKING(for mechglue library)
bec32dad 980
981 if test -e ${withval}/libgssapi.a ; then
982 mechglue_lib=${withval}/libgssapi.a
983 elif test -e ${withval}/lib/libgssapi.a ; then
984 mechglue_lib=${withval}/lib/libgssapi.a
985 else
986 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1c89237d 987 fi
bec32dad 988 LIBS="$LIBS ${mechglue_lib}"
989 AC_MSG_RESULT(${mechglue_lib})
990
1c89237d 991 AC_CHECK_LIB(dl, dlopen, , )
992 if test $ac_cv_lib_dl_dlopen = yes; then
bec32dad 993 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1c89237d 994 fi
bec32dad 995
1c89237d 996 AC_DEFINE(GSSAPI)
08822d99 997 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1c89237d 998 GSSAPI="mechglue"
999
1c89237d 1000 ]
1001)
1002
1003
5598e598 1004# Check whether the user wants GSI (Globus) support
1005gsi_path="no"
1006AC_ARG_WITH(gsi,
483bcdbd 1007 [ --with-gsi Enable Globus GSI authentication support],
5598e598 1008 [
1009 gsi_path="$withval"
1010 ]
1011)
1012
1013AC_ARG_WITH(globus,
483bcdbd 1014 [ --with-globus Enable Globus GSI authentication support],
5598e598 1015 [
1016 gsi_path="$withval"
1017 ]
1018)
1019
483bcdbd 1020AC_ARG_WITH(globus-static,
1021 [ --with-globus-static Link statically with Globus GSI libraries],
1022 [
1023 gsi_static="-static"
9e6effad 1024 if test "x$gsi_path" = "xno" ; then
6e098d39 1025 gsi_path="$withval"
1026 fi
483bcdbd 1027 ]
1028)
1029
5fb9fc74 1030# Check whether the user has a Globus flavor type
1031globus_flavor_type="no"
1032AC_ARG_WITH(globus-flavor,
483bcdbd 1033 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
5fb9fc74 1034 [
1035 globus_flavor_type="$withval"
9e6effad 1036 if test "x$gsi_path" = "xno" ; then
e78b0188 1037 gsi_path="yes"
1038 fi
5fb9fc74 1039 ]
1040)
1041
5598e598 1042if test "x$gsi_path" != "xno" ; then
1043 # Globus GSSAPI configuration
22798398 1044 AC_MSG_CHECKING(for Globus GSI)
08822d99 1045 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
5598e598 1046
1c89237d 1047 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
483bcdbd 1048 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1c89237d 1049 fi
1050 if test -z "$GSSAPI"; then
1051 AC_DEFINE(GSSAPI)
1052 GSSAPI="GSI"
1053 fi
1054
8b1f0dfd 1055 if test "x$gsi_path" = "xyes" ; then
1056 if test -z "$GLOBUS_LOCATION" ; then
483bcdbd 1057 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
8b1f0dfd 1058 else
1059 gsi_path="$GLOBUS_LOCATION"
1060 fi
1061 fi
483bcdbd 1062 GLOBUS_LOCATION="$gsi_path"
1063 export GLOBUS_LOCATION
1064 if test ! -d "$GLOBUS_LOCATION" ; then
1065 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
5598e598 1066 fi
5598e598 1067
22798398 1068 if test "x$globus_flavor_type" = "xno" ; then
1069 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1070 fi
1071 if test "x$globus_flavor_type" = "xyes" ; then
1072 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
5598e598 1073 fi
5fb9fc74 1074
22798398 1075 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1076 if test ! -d "$GLOBUS_INCLUDE" ; then
1077 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1078 fi
1079 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
bed23354 1080
1081 if test -x ${gsi_path}/bin/globus-makefile-header ; then
483bcdbd 1082 GSI_LIBS=`${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
bed23354 1083 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
483bcdbd 1084 GSI_LIBS=`${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
5fb9fc74 1085 else
bed23354 1086 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
22798398 1087 fi
1dca09f1 1088 if test -n "${need_dash_r}"; then
1089 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
1090 else
1091 GSI_LDFLAGS="-L${gsi_path}/lib"
1092 fi
22798398 1093 if test -z "$GSI_LIBS" ; then
bed23354 1094 AC_MSG_ERROR(globus-makefile-header failed)
5fb9fc74 1095 fi
5598e598 1096
540d72c3 1097 AC_DEFINE(HAVE_GSSAPI_H)
1098
5598e598 1099 LIBS="$LIBS $GSI_LIBS"
1100 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1c89237d 1101 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
22798398 1102
1103 # test that we got the libraries OK
1104 AC_TRY_LINK(
1105 [],
1106 [],
1107 [
1108 AC_MSG_RESULT(yes)
1109 ],
1110 [
1111 AC_MSG_ERROR(link with Globus libraries failed)
1112 ]
1113 )
fd34c71f 1114 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1ca858e9 1115 INSTALL_GSISSH="yes"
1116else
1117 INSTALL_GSISSH=""
5598e598 1118fi
1ca858e9 1119AC_SUBST(INSTALL_GSISSH)
1120# End Globus/GSI section
5598e598 1121
7e82606e 1122AC_MSG_CHECKING([for /proc/pid/fd directory])
1123if test -d "/proc/$$/fd" ; then
08822d99 1124 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
7e82606e 1125 AC_MSG_RESULT(yes)
1126else
1127 AC_MSG_RESULT(no)
1128fi
1129
3c0ef626 1130# Check whether user wants S/Key support
540d72c3 1131SKEY_MSG="no"
3c0ef626 1132AC_ARG_WITH(skey,
dfddba3d 1133 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
3c0ef626 1134 [
1135 if test "x$withval" != "xno" ; then
1136
1137 if test "x$withval" != "xyes" ; then
1138 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1139 LDFLAGS="$LDFLAGS -L${withval}/lib"
1140 fi
1141
08822d99 1142 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
3c0ef626 1143 LIBS="-lskey $LIBS"
540d72c3 1144 SKEY_MSG="yes"
8b32eddc 1145
e9702f7d 1146 AC_MSG_CHECKING([for s/key support])
08822d99 1147 AC_LINK_IFELSE(
1148 [AC_LANG_SOURCE([[
e9702f7d 1149#include <stdio.h>
1150#include <skey.h>
d03f4262 1151int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
08822d99 1152 ]])],
e9702f7d 1153 [AC_MSG_RESULT(yes)],
3c0ef626 1154 [
e9702f7d 1155 AC_MSG_RESULT(no)
3c0ef626 1156 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1157 ])
12a403af 1158 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1159 AC_TRY_COMPILE(
1160 [#include <stdio.h>
1161 #include <skey.h>],
1162 [(void)skeychallenge(NULL,"name","",0);],
1163 [AC_MSG_RESULT(yes)
08822d99 1164 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1165 [Define if your skeychallenge()
1166 function takes 4 arguments (NetBSD)])],
12a403af 1167 [AC_MSG_RESULT(no)]
1168 )
3c0ef626 1169 fi
1170 ]
1171)
1172
1173# Check whether user wants TCP wrappers support
1174TCPW_MSG="no"
1175AC_ARG_WITH(tcp-wrappers,
dfddba3d 1176 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
3c0ef626 1177 [
1178 if test "x$withval" != "xno" ; then
1179 saved_LIBS="$LIBS"
1180 saved_LDFLAGS="$LDFLAGS"
1181 saved_CPPFLAGS="$CPPFLAGS"
8b32eddc 1182 if test -n "${withval}" && \
1183 test "x${withval}" != "xyes"; then
3c0ef626 1184 if test -d "${withval}/lib"; then
1185 if test -n "${need_dash_r}"; then
1186 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1187 else
1188 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1189 fi
1190 else
1191 if test -n "${need_dash_r}"; then
1192 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1193 else
1194 LDFLAGS="-L${withval} ${LDFLAGS}"
1195 fi
1196 fi
1197 if test -d "${withval}/include"; then
1198 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1199 else
1200 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1201 fi
1202 fi
e9702f7d 1203 LIBWRAP="-lwrap"
1204 LIBS="$LIBWRAP $LIBS"
3c0ef626 1205 AC_MSG_CHECKING(for libwrap)
1206 AC_TRY_LINK(
1207 [
12a403af 1208#include <sys/types.h>
1209#include <sys/socket.h>
1210#include <netinet/in.h>
3c0ef626 1211#include <tcpd.h>
1212 int deny_severity = 0, allow_severity = 0;
1213 ],
1214 [hosts_access(0);],
1215 [
1216 AC_MSG_RESULT(yes)
08822d99 1217 AC_DEFINE(LIBWRAP, 1,
1218 [Define if you want
1219 TCP Wrappers support])
e9702f7d 1220 AC_SUBST(LIBWRAP)
3c0ef626 1221 TCPW_MSG="yes"
1222 ],
1223 [
1224 AC_MSG_ERROR([*** libwrap missing])
1225 ]
1226 )
e9702f7d 1227 LIBS="$saved_LIBS"
3c0ef626 1228 fi
1229 ]
1230)
1231
dfddba3d 1232# Check whether user wants libedit support
1233LIBEDIT_MSG="no"
1234AC_ARG_WITH(libedit,
1235 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1236 [ if test "x$withval" != "xno" ; then
8b32eddc 1237 if test "x$withval" != "xyes"; then
08822d99 1238 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1239 if test -n "${need_dash_r}"; then
1240 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1241 else
1242 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1243 fi
8b32eddc 1244 fi
dfddba3d 1245 AC_CHECK_LIB(edit, el_init,
08822d99 1246 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
dfddba3d 1247 LIBEDIT="-ledit -lcurses"
1248 LIBEDIT_MSG="yes"
1249 AC_SUBST(LIBEDIT)
1250 ],
8b32eddc 1251 [ AC_MSG_ERROR(libedit not found) ],
1252 [ -lcurses ]
dfddba3d 1253 )
2ce0bfe4 1254 AC_MSG_CHECKING(if libedit version is compatible)
1255 AC_COMPILE_IFELSE(
1256 [AC_LANG_SOURCE([[
1257#include <histedit.h>
1258int main(void)
1259{
1260 int i = H_SETSIZE;
1261 el_init("", NULL, NULL, NULL);
1262 exit(0);
1263}
1264 ]])],
1265 [ AC_MSG_RESULT(yes) ],
1266 [ AC_MSG_RESULT(no)
1267 AC_MSG_ERROR(libedit version is not compatible) ]
1268 )
dfddba3d 1269 fi ]
1270)
1271
1272AUDIT_MODULE=none
1273AC_ARG_WITH(audit,
1274 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1275 [
1276 AC_MSG_CHECKING(for supported audit module)
1277 case "$withval" in
1278 bsm)
1279 AC_MSG_RESULT(bsm)
1280 AUDIT_MODULE=bsm
1281 dnl Checks for headers, libs and functions
1282 AC_CHECK_HEADERS(bsm/audit.h, [],
1283 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1284 AC_CHECK_LIB(bsm, getaudit, [],
1285 [AC_MSG_ERROR(BSM enabled and required library not found)])
1286 AC_CHECK_FUNCS(getaudit, [],
1287 [AC_MSG_ERROR(BSM enabled and required function not found)])
1288 # These are optional
1289 AC_CHECK_FUNCS(getaudit_addr)
08822d99 1290 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
dfddba3d 1291 ;;
1292 debug)
1293 AUDIT_MODULE=debug
1294 AC_MSG_RESULT(debug)
08822d99 1295 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
dfddba3d 1296 ;;
2ce0bfe4 1297 no)
1298 AC_MSG_RESULT(no)
1299 ;;
dfddba3d 1300 *)
1301 AC_MSG_ERROR([Unknown audit module $withval])
1302 ;;
1303 esac ]
1304)
1305
bfe49944 1306dnl Checks for library functions. Please keep in alphabetical order
2ce0bfe4 1307AC_CHECK_FUNCS( \
1308 arc4random \
08822d99 1309 asprintf \
2ce0bfe4 1310 b64_ntop \
1311 __b64_ntop \
1312 b64_pton \
1313 __b64_pton \
1314 bcopy \
1315 bindresvport_sa \
1316 clock \
1317 closefrom \
1318 dirfd \
1319 fchmod \
1320 fchown \
1321 freeaddrinfo \
1322 futimes \
1323 getaddrinfo \
1324 getcwd \
1325 getgrouplist \
1326 getnameinfo \
1327 getopt \
1328 getpeereid \
1329 _getpty \
1330 getrlimit \
1331 getttyent \
1332 glob \
1333 inet_aton \
1334 inet_ntoa \
1335 inet_ntop \
1336 innetgr \
1337 login_getcapbool \
1338 md5_crypt \
1339 memmove \
1340 mkdtemp \
1341 mmap \
1342 ngetaddrinfo \
1343 nsleep \
1344 ogetaddrinfo \
1345 openlog_r \
1346 openpty \
1347 prctl \
1348 pstat \
1349 readpassphrase \
1350 realpath \
1351 recvmsg \
1352 rresvport_af \
1353 sendmsg \
1354 setdtablesize \
1355 setegid \
1356 setenv \
1357 seteuid \
1358 setgroups \
1359 setlogin \
1360 setpcred \
1361 setproctitle \
1362 setregid \
1363 setreuid \
1364 setrlimit \
1365 setsid \
1366 setvbuf \
1367 sigaction \
1368 sigvec \
1369 snprintf \
1370 socketpair \
1371 strdup \
1372 strerror \
1373 strlcat \
1374 strlcpy \
1375 strmode \
1376 strnvis \
1377 strtonum \
1378 strtoll \
1379 strtoul \
1380 sysconf \
1381 tcgetpgrp \
1382 truncate \
1383 unsetenv \
1384 updwtmpx \
08822d99 1385 vasprintf \
2ce0bfe4 1386 vhangup \
1387 vsnprintf \
1388 waitpid \
bfe49944 1389)
1390
29d88157 1391# IRIX has a const char return value for gai_strerror()
1392AC_CHECK_FUNCS(gai_strerror,[
1393 AC_DEFINE(HAVE_GAI_STRERROR)
1394 AC_TRY_COMPILE([
1395#include <sys/types.h>
1396#include <sys/socket.h>
1397#include <netdb.h>
1398
1399const char *gai_strerror(int);],[
1400char *str;
1401
1402str = gai_strerror(0);],[
1403 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1404 [Define if gai_strerror() returns const char *])])])
1405
08822d99 1406AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1407 [Some systems put nanosleep outside of libc]))
bfe49944 1408
7cac2b65 1409dnl Make sure prototypes are defined for these before using them.
7cac2b65 1410AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
2ce0bfe4 1411AC_CHECK_DECL(strsep,
1412 [AC_CHECK_FUNCS(strsep)],
1413 [],
1414 [
1415#ifdef HAVE_STRING_H
1416# include <string.h>
1417#endif
1418 ])
3c0ef626 1419
7cac2b65 1420dnl tcsendbreak might be a macro
1421AC_CHECK_DECL(tcsendbreak,
1422 [AC_DEFINE(HAVE_TCSENDBREAK)],
540d72c3 1423 [AC_CHECK_FUNCS(tcsendbreak)],
7cac2b65 1424 [#include <termios.h>]
1425)
3c0ef626 1426
7e82606e 1427AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1428
540d72c3 1429AC_CHECK_FUNCS(setresuid, [
1430 dnl Some platorms have setresuid that isn't implemented, test for this
1431 AC_MSG_CHECKING(if setresuid seems to work)
dfddba3d 1432 AC_RUN_IFELSE(
1433 [AC_LANG_SOURCE([[
540d72c3 1434#include <stdlib.h>
1435#include <errno.h>
1436int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
dfddba3d 1437 ]])],
540d72c3 1438 [AC_MSG_RESULT(yes)],
08822d99 1439 [AC_DEFINE(BROKEN_SETRESUID, 1,
1440 [Define if your setresuid() is broken])
dfddba3d 1441 AC_MSG_RESULT(not implemented)],
1442 [AC_MSG_WARN([cross compiling: not checking setresuid])]
540d72c3 1443 )
1444])
1445
1446AC_CHECK_FUNCS(setresgid, [
1447 dnl Some platorms have setresgid that isn't implemented, test for this
1448 AC_MSG_CHECKING(if setresgid seems to work)
dfddba3d 1449 AC_RUN_IFELSE(
1450 [AC_LANG_SOURCE([[
540d72c3 1451#include <stdlib.h>
1452#include <errno.h>
1453int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
dfddba3d 1454 ]])],
540d72c3 1455 [AC_MSG_RESULT(yes)],
08822d99 1456 [AC_DEFINE(BROKEN_SETRESGID, 1,
1457 [Define if your setresgid() is broken])
dfddba3d 1458 AC_MSG_RESULT(not implemented)],
1459 [AC_MSG_WARN([cross compiling: not checking setresuid])]
540d72c3 1460 )
1461])
1462
3c0ef626 1463dnl Checks for time functions
1464AC_CHECK_FUNCS(gettimeofday time)
1465dnl Checks for utmp functions
1466AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1467AC_CHECK_FUNCS(utmpname)
1468dnl Checks for utmpx functions
1469AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1470AC_CHECK_FUNCS(setutxent utmpxname)
1471
540d72c3 1472AC_CHECK_FUNC(daemon,
08822d99 1473 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1474 [AC_CHECK_LIB(bsd, daemon,
1475 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
3c0ef626 1476)
1477
540d72c3 1478AC_CHECK_FUNC(getpagesize,
08822d99 1479 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1480 [Define if your libraries define getpagesize()])],
1481 [AC_CHECK_LIB(ucb, getpagesize,
1482 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
3c0ef626 1483)
1484
1485# Check for broken snprintf
1486if test "x$ac_cv_func_snprintf" = "xyes" ; then
1487 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
dfddba3d 1488 AC_RUN_IFELSE(
1489 [AC_LANG_SOURCE([[
3c0ef626 1490#include <stdio.h>
d03f4262 1491int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
dfddba3d 1492 ]])],
540d72c3 1493 [AC_MSG_RESULT(yes)],
3c0ef626 1494 [
1495 AC_MSG_RESULT(no)
08822d99 1496 AC_DEFINE(BROKEN_SNPRINTF, 1,
1497 [Define if your snprintf is busted])
3c0ef626 1498 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
dfddba3d 1499 ],
1500 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
3c0ef626 1501 )
1502fi
1503
08822d99 1504# If we don't have a working asprintf, then we strongly depend on vsnprintf
1505# returning the right thing on overflow: the number of characters it tried to
1506# create (as per SUSv3)
1507if test "x$ac_cv_func_asprintf" != "xyes" && \
1508 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1509 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1510 AC_RUN_IFELSE(
1511 [AC_LANG_SOURCE([[
1512#include <sys/types.h>
1513#include <stdio.h>
1514#include <stdarg.h>
1515
1516int x_snprintf(char *str,size_t count,const char *fmt,...)
1517{
1518 size_t ret; va_list ap;
1519 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1520 return ret;
1521}
1522int main(void)
1523{
1524 char x[1];
1525 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1526} ]])],
1527 [AC_MSG_RESULT(yes)],
1528 [
1529 AC_MSG_RESULT(no)
1530 AC_DEFINE(BROKEN_SNPRINTF, 1,
1531 [Define if your snprintf is busted])
1532 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1533 ],
1534 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1535 )
1536fi
1537
1538# On systems where [v]snprintf is broken, but is declared in stdio,
1539# check that the fmt argument is const char * or just char *.
1540# This is only useful for when BROKEN_SNPRINTF
1541AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1542AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1543 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1544 int main(void) { snprintf(0, 0, 0); }
1545 ]])],
1546 [AC_MSG_RESULT(yes)
1547 AC_DEFINE(SNPRINTF_CONST, [const],
1548 [Define as const if snprintf() can declare const char *fmt])],
1549 [AC_MSG_RESULT(no)
1550 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1551
7e82606e 1552# Check for missing getpeereid (or equiv) support
1553NO_PEERCHECK=""
1554if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1555 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1556 AC_TRY_COMPILE(
1557 [#include <sys/types.h>
1558 #include <sys/socket.h>],
1559 [int i = SO_PEERCRED;],
8b32eddc 1560 [ AC_MSG_RESULT(yes)
08822d99 1561 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
8b32eddc 1562 ],
7e82606e 1563 [AC_MSG_RESULT(no)
1564 NO_PEERCHECK=1]
1565 )
1566fi
1567
bfe49944 1568dnl see whether mkstemp() requires XXXXXX
1569if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1570AC_MSG_CHECKING([for (overly) strict mkstemp])
08822d99 1571AC_RUN_IFELSE(
1572 [AC_LANG_SOURCE([[
bfe49944 1573#include <stdlib.h>
1574main() { char template[]="conftest.mkstemp-test";
1575if (mkstemp(template) == -1)
1576 exit(1);
1577unlink(template); exit(0);
1578}
08822d99 1579 ]])],
bfe49944 1580 [
1581 AC_MSG_RESULT(no)
1582 ],
540d72c3 1583 [
bfe49944 1584 AC_MSG_RESULT(yes)
08822d99 1585 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
bfe49944 1586 ],
1587 [
1588 AC_MSG_RESULT(yes)
1589 AC_DEFINE(HAVE_STRICT_MKSTEMP)
540d72c3 1590 ]
bfe49944 1591)
1592fi
1593
7cac2b65 1594dnl make sure that openpty does not reacquire controlling terminal
1595if test ! -z "$check_for_openpty_ctty_bug"; then
1596 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
08822d99 1597 AC_RUN_IFELSE(
1598 [AC_LANG_SOURCE([[
7cac2b65 1599#include <stdio.h>
1600#include <sys/fcntl.h>
1601#include <sys/types.h>
1602#include <sys/wait.h>
1603
1604int
1605main()
1606{
1607 pid_t pid;
1608 int fd, ptyfd, ttyfd, status;
1609
1610 pid = fork();
1611 if (pid < 0) { /* failed */
1612 exit(1);
1613 } else if (pid > 0) { /* parent */
1614 waitpid(pid, &status, 0);
540d72c3 1615 if (WIFEXITED(status))
7cac2b65 1616 exit(WEXITSTATUS(status));
1617 else
1618 exit(2);
1619 } else { /* child */
1620 close(0); close(1); close(2);
1621 setsid();
1622 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1623 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1624 if (fd >= 0)
1625 exit(3); /* Acquired ctty: broken */
1626 else
1627 exit(0); /* Did not acquire ctty: OK */
1628 }
1629}
08822d99 1630 ]])],
7cac2b65 1631 [
1632 AC_MSG_RESULT(yes)
1633 ],
1634 [
1635 AC_MSG_RESULT(no)
1636 AC_DEFINE(SSHD_ACQUIRES_CTTY)
08822d99 1637 ],
1638 [
1639 AC_MSG_RESULT(cross-compiling, assuming yes)
7cac2b65 1640 ]
1641 )
1642fi
1643
8b32eddc 1644if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1645 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
12a403af 1646 AC_MSG_CHECKING(if getaddrinfo seems to work)
08822d99 1647 AC_RUN_IFELSE(
1648 [AC_LANG_SOURCE([[
12a403af 1649#include <stdio.h>
1650#include <sys/socket.h>
1651#include <netdb.h>
1652#include <errno.h>
1653#include <netinet/in.h>
1654
1655#define TEST_PORT "2222"
1656
1657int
1658main(void)
1659{
1660 int err, sock;
1661 struct addrinfo *gai_ai, *ai, hints;
1662 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1663
1664 memset(&hints, 0, sizeof(hints));
1665 hints.ai_family = PF_UNSPEC;
1666 hints.ai_socktype = SOCK_STREAM;
1667 hints.ai_flags = AI_PASSIVE;
1668
1669 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1670 if (err != 0) {
1671 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1672 exit(1);
1673 }
1674
1675 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1676 if (ai->ai_family != AF_INET6)
1677 continue;
1678
1679 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1680 sizeof(ntop), strport, sizeof(strport),
1681 NI_NUMERICHOST|NI_NUMERICSERV);
1682
1683 if (err != 0) {
1684 if (err == EAI_SYSTEM)
1685 perror("getnameinfo EAI_SYSTEM");
1686 else
1687 fprintf(stderr, "getnameinfo failed: %s\n",
1688 gai_strerror(err));
1689 exit(2);
1690 }
1691
1692 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1693 if (sock < 0)
1694 perror("socket");
1695 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1696 if (errno == EBADF)
1697 exit(3);
1698 }
1699 }
1700 exit(0);
1701}
08822d99 1702 ]])],
12a403af 1703 [
1704 AC_MSG_RESULT(yes)
1705 ],
1706 [
1707 AC_MSG_RESULT(no)
1708 AC_DEFINE(BROKEN_GETADDRINFO)
08822d99 1709 ],
1710 [
1711 AC_MSG_RESULT(cross-compiling, assuming yes)
12a403af 1712 ]
1713 )
1714fi
1715
8b32eddc 1716if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1717 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
dfddba3d 1718 AC_MSG_CHECKING(if getaddrinfo seems to work)
08822d99 1719 AC_RUN_IFELSE(
1720 [AC_LANG_SOURCE([[
dfddba3d 1721#include <stdio.h>
1722#include <sys/socket.h>
1723#include <netdb.h>
1724#include <errno.h>
1725#include <netinet/in.h>
1726
1727#define TEST_PORT "2222"
1728
1729int
1730main(void)
1731{
1732 int err, sock;
1733 struct addrinfo *gai_ai, *ai, hints;
1734 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1735
1736 memset(&hints, 0, sizeof(hints));
1737 hints.ai_family = PF_UNSPEC;
1738 hints.ai_socktype = SOCK_STREAM;
1739 hints.ai_flags = AI_PASSIVE;
1740
1741 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1742 if (err != 0) {
1743 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1744 exit(1);
1745 }
1746
1747 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1748 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1749 continue;
1750
1751 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1752 sizeof(ntop), strport, sizeof(strport),
1753 NI_NUMERICHOST|NI_NUMERICSERV);
1754
1755 if (ai->ai_family == AF_INET && err != 0) {
1756 perror("getnameinfo");
1757 exit(2);
1758 }
1759 }
1760 exit(0);
1761}
08822d99 1762 ]])],
dfddba3d 1763 [
1764 AC_MSG_RESULT(yes)
08822d99 1765 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1766 [Define if you have a getaddrinfo that fails
1767 for the all-zeros IPv6 address])
dfddba3d 1768 ],
1769 [
1770 AC_MSG_RESULT(no)
1771 AC_DEFINE(BROKEN_GETADDRINFO)
08822d99 1772 ],
1773 AC_MSG_RESULT(cross-compiling, assuming no)
dfddba3d 1774 ]
1775 )
1776fi
1777
1778if test "x$check_for_conflicting_getspnam" = "x1"; then
1779 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1780 AC_COMPILE_IFELSE(
1781 [
1782#include <shadow.h>
1783int main(void) {exit(0);}
1784 ],
1785 [
1786 AC_MSG_RESULT(no)
1787 ],
1788 [
1789 AC_MSG_RESULT(yes)
1790 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1791 [Conflicting defs for getspnam])
1792 ]
1793 )
1794fi
1795
3c0ef626 1796AC_FUNC_GETPGRP
1797
1798# Check for PAM libs
1799PAM_MSG="no"
1800AC_ARG_WITH(pam,
1801 [ --with-pam Enable PAM support ],
1802 [
1803 if test "x$withval" != "xno" ; then
540d72c3 1804 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1805 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
3c0ef626 1806 AC_MSG_ERROR([PAM headers not found])
1807 fi
1808
1809 AC_CHECK_LIB(dl, dlopen, , )
1810 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1811 AC_CHECK_FUNCS(pam_getenvlist)
905081a4 1812 AC_CHECK_FUNCS(pam_putenv)
3c0ef626 1813
3c0ef626 1814 PAM_MSG="yes"
1815
08822d99 1816 AC_DEFINE(USE_PAM, 1,
1817 [Define if you want to enable PAM support])
e9702f7d 1818 if test $ac_cv_lib_dl_dlopen = yes; then
1819 LIBPAM="-lpam -ldl"
1820 else
1821 LIBPAM="-lpam"
1822 fi
1823 AC_SUBST(LIBPAM)
3c0ef626 1824 fi
1825 ]
1826)
1827
1828# Check for older PAM
1829if test "x$PAM_MSG" = "xyes" ; then
1830 # Check PAM strerror arguments (old PAM)
1831 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1832 AC_TRY_COMPILE(
1833 [
1834#include <stdlib.h>
540d72c3 1835#if defined(HAVE_SECURITY_PAM_APPL_H)
3c0ef626 1836#include <security/pam_appl.h>
540d72c3 1837#elif defined (HAVE_PAM_PAM_APPL_H)
1838#include <pam/pam_appl.h>
1839#endif
1840 ],
1841 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
3c0ef626 1842 [AC_MSG_RESULT(no)],
1843 [
08822d99 1844 AC_DEFINE(HAVE_OLD_PAM, 1,
1845 [Define if you have an old version of PAM
1846 which takes only one argument to pam_strerror])
3c0ef626 1847 AC_MSG_RESULT(yes)
1848 PAM_MSG="yes (old library)"
1849 ]
1850 )
1851fi
1852
350391c5 1853# Search for OpenSSL
1854saved_CPPFLAGS="$CPPFLAGS"
1855saved_LDFLAGS="$LDFLAGS"
3c0ef626 1856AC_ARG_WITH(ssl-dir,
1857 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1858 [
1859 if test "x$withval" != "xno" ; then
dfddba3d 1860 case "$withval" in
1861 # Relative paths
1862 ./*|../*) withval="`pwd`/$withval"
1863 esac
350391c5 1864 if test -d "$withval/lib"; then
1865 if test -n "${need_dash_r}"; then
1866 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1867 else
1868 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
3c0ef626 1869 fi
1870 else
350391c5 1871 if test -n "${need_dash_r}"; then
1872 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1873 else
1874 LDFLAGS="-L${withval} ${LDFLAGS}"
3c0ef626 1875 fi
1876 fi
350391c5 1877 if test -d "$withval/include"; then
1878 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
3c0ef626 1879 else
350391c5 1880 CPPFLAGS="-I${withval} ${CPPFLAGS}"
3c0ef626 1881 fi
1882 fi
350391c5 1883 ]
1884)
22798398 1885if test -z "$GSI_LIBS" ; then
540d72c3 1886LIBS="-lcrypto $LIBS"
22798398 1887fi
08822d99 1888AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1889 [Define if your ssl headers are included
1890 with #include <openssl/header.h>]),
3c0ef626 1891 [
350391c5 1892 dnl Check default openssl install dir
1893 if test -n "${need_dash_r}"; then
1894 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
3c0ef626 1895 else
350391c5 1896 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
3c0ef626 1897 fi
350391c5 1898 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1899 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1900 [
1901 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1902 ]
1903 )
1904 ]
1905)
1906
d03f4262 1907# Determine OpenSSL header version
1908AC_MSG_CHECKING([OpenSSL header version])
dfddba3d 1909AC_RUN_IFELSE(
1910 [AC_LANG_SOURCE([[
d03f4262 1911#include <stdio.h>
1912#include <string.h>
1913#include <openssl/opensslv.h>
1914#define DATA "conftest.sslincver"
1915int main(void) {
540d72c3 1916 FILE *fd;
1917 int rc;
d03f4262 1918
540d72c3 1919 fd = fopen(DATA,"w");
1920 if(fd == NULL)
1921 exit(1);
d03f4262 1922
1923 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1924 exit(1);
1925
1926 exit(0);
1927}
dfddba3d 1928 ]])],
d03f4262 1929 [
1930 ssl_header_ver=`cat conftest.sslincver`
1931 AC_MSG_RESULT($ssl_header_ver)
1932 ],
1933 [
1934 AC_MSG_RESULT(not found)
1935 AC_MSG_ERROR(OpenSSL version header not found.)
dfddba3d 1936 ],
1937 [
1938 AC_MSG_WARN([cross compiling: not checking])
d03f4262 1939 ]
1940)
1941
1942# Determine OpenSSL library version
1943AC_MSG_CHECKING([OpenSSL library version])
dfddba3d 1944AC_RUN_IFELSE(
1945 [AC_LANG_SOURCE([[
d03f4262 1946#include <stdio.h>
1947#include <string.h>
1948#include <openssl/opensslv.h>
1949#include <openssl/crypto.h>
1950#define DATA "conftest.ssllibver"
1951int main(void) {
540d72c3 1952 FILE *fd;
1953 int rc;
d03f4262 1954
540d72c3 1955 fd = fopen(DATA,"w");
1956 if(fd == NULL)
1957 exit(1);
d03f4262 1958
1959 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1960 exit(1);
1961
1962 exit(0);
1963}
dfddba3d 1964 ]])],
d03f4262 1965 [
1966 ssl_library_ver=`cat conftest.ssllibver`
1967 AC_MSG_RESULT($ssl_library_ver)
1968 ],
1969 [
1970 AC_MSG_RESULT(not found)
1971 AC_MSG_ERROR(OpenSSL library not found.)
dfddba3d 1972 ],
1973 [
1974 AC_MSG_WARN([cross compiling: not checking])
d03f4262 1975 ]
1976)
3c0ef626 1977
e9702f7d 1978# Sanity check OpenSSL headers
1979AC_MSG_CHECKING([whether OpenSSL's headers match the library])
dfddba3d 1980AC_RUN_IFELSE(
1981 [AC_LANG_SOURCE([[
e9702f7d 1982#include <string.h>
1983#include <openssl/opensslv.h>
d03f4262 1984int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
dfddba3d 1985 ]])],
e9702f7d 1986 [
1987 AC_MSG_RESULT(yes)
1988 ],
1989 [
1990 AC_MSG_RESULT(no)
7cac2b65 1991 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1992Check config.log for details.
1993Also see contrib/findssl.sh for help identifying header/library mismatches.])
dfddba3d 1994 ],
1995 [
1996 AC_MSG_WARN([cross compiling: not checking])
e9702f7d 1997 ]
1998)
1999
08822d99 2000# Check for OpenSSL without EVP_aes_{192,256}_cbc
2001AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2002AC_COMPILE_IFELSE(
2003 [AC_LANG_SOURCE([[
2004#include <string.h>
2005#include <openssl/evp.h>
4b6dae8f 2006int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
08822d99 2007 ]])],
2008 [
2009 AC_MSG_RESULT(no)
2010 ],
2011 [
2012 AC_MSG_RESULT(yes)
2013 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2014 [libcrypto is missing AES 192 and 256 bit functions])
2015 ]
2016)
2017
540d72c3 2018# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2019# because the system crypt() is more featureful.
2020if test "x$check_for_libcrypt_before" = "x1"; then
2021 AC_CHECK_LIB(crypt, crypt)
2022fi
2023
2024# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2025# version in OpenSSL.
7cac2b65 2026if test "x$check_for_libcrypt_later" = "x1"; then
3c0ef626 2027 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2028fi
2029
2ce0bfe4 2030AC_CHECK_LIB(iaf, ia_openinfo)
e9702f7d 2031
2032### Configure cryptographic random number support
2033
2034# Check wheter OpenSSL seeds itself
2035AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
dfddba3d 2036AC_RUN_IFELSE(
2037 [AC_LANG_SOURCE([[
e9702f7d 2038#include <string.h>
2039#include <openssl/rand.h>
d03f4262 2040int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
dfddba3d 2041 ]])],
e9702f7d 2042 [
2043 OPENSSL_SEEDS_ITSELF=yes
2044 AC_MSG_RESULT(yes)
2045 ],
2046 [
2047 AC_MSG_RESULT(no)
2048 # Default to use of the rand helper if OpenSSL doesn't
2049 # seed itself
2050 USE_RAND_HELPER=yes
dfddba3d 2051 ],
2052 [
2053 AC_MSG_WARN([cross compiling: assuming yes])
2054 # This is safe, since all recent OpenSSL versions will
8b32eddc 2055 # complain at runtime if not seeded correctly.
dfddba3d 2056 OPENSSL_SEEDS_ITSELF=yes
e9702f7d 2057 ]
2058)
2059
2060
2061# Do we want to force the use of the rand helper?
2062AC_ARG_WITH(rand-helper,
2063 [ --with-rand-helper Use subprocess to gather strong randomness ],
2064 [
2065 if test "x$withval" = "xno" ; then
540d72c3 2066 # Force use of OpenSSL's internal RNG, even if
e9702f7d 2067 # the previous test showed it to be unseeded.
2068 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2069 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2070 OPENSSL_SEEDS_ITSELF=yes
2071 USE_RAND_HELPER=""
2072 fi
2073 else
2074 USE_RAND_HELPER=yes
2075 fi
2076 ],
8b32eddc 2077)
e9702f7d 2078
2079# Which randomness source do we use?
8b32eddc 2080if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
e9702f7d 2081 # OpenSSL only
08822d99 2082 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2083 [Define if you want OpenSSL's internally seeded PRNG only])
e9702f7d 2084 RAND_MSG="OpenSSL internal ONLY"
2085 INSTALL_SSH_RAND_HELPER=""
2086elif test ! -z "$USE_RAND_HELPER" ; then
2087 # install rand helper
2088 RAND_MSG="ssh-rand-helper"
2089 INSTALL_SSH_RAND_HELPER="yes"
2090fi
2091AC_SUBST(INSTALL_SSH_RAND_HELPER)
2092
2093### Configuration of ssh-rand-helper
2094
2095# PRNGD TCP socket
2096AC_ARG_WITH(prngd-port,
2097 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2098 [
2099 case "$withval" in
2100 no)
2101 withval=""
2102 ;;
2103 [[0-9]]*)
2104 ;;
2105 *)
2106 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2107 ;;
2108 esac
2109 if test ! -z "$withval" ; then
2110 PRNGD_PORT="$withval"
08822d99 2111 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2112 [Port number of PRNGD/EGD random number socket])
e9702f7d 2113 fi
2114 ]
2115)
2116
2117# PRNGD Unix domain socket
2118AC_ARG_WITH(prngd-socket,
2119 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2120 [
2121 case "$withval" in
2122 yes)
2123 withval="/var/run/egd-pool"
2124 ;;
2125 no)
2126 withval=""
2127 ;;
2128 /*)
2129 ;;
2130 *)
2131 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2132 ;;
2133 esac
2134
2135 if test ! -z "$withval" ; then
2136 if test ! -z "$PRNGD_PORT" ; then
2137 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2138 fi
2139 if test ! -r "$withval" ; then
2140 AC_MSG_WARN(Entropy socket is not readable)
2141 fi
2142 PRNGD_SOCKET="$withval"
08822d99 2143 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2144 [Location of PRNGD/EGD random number socket])
e9702f7d 2145 fi
2146 ],
2147 [
2148 # Check for existing socket only if we don't have a random device already
2149 if test "$USE_RAND_HELPER" = yes ; then
2150 AC_MSG_CHECKING(for PRNGD/EGD socket)
2151 # Insert other locations here
2152 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2153 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2154 PRNGD_SOCKET="$sock"
2155 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2156 break;
2157 fi
2158 done
2159 if test ! -z "$PRNGD_SOCKET" ; then
2160 AC_MSG_RESULT($PRNGD_SOCKET)
2161 else
2162 AC_MSG_RESULT(not found)
2163 fi
2164 fi
2165 ]
2166)
2167
2168# Change default command timeout for hashing entropy source
2169entropy_timeout=200
2170AC_ARG_WITH(entropy-timeout,
2171 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2172 [
8b32eddc 2173 if test -n "$withval" && test "x$withval" != "xno" && \
2174 test "x${withval}" != "xyes"; then
e9702f7d 2175 entropy_timeout=$withval
2176 fi
8b32eddc 2177 ]
e9702f7d 2178)
08822d99 2179AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2180 [Builtin PRNG command timeout])
e9702f7d 2181
276b07a3 2182SSH_PRIVSEP_USER=sshd
350391c5 2183AC_ARG_WITH(privsep-user,
2184 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2185 [
8b32eddc 2186 if test -n "$withval" && test "x$withval" != "xno" && \
2187 test "x${withval}" != "xyes"; then
276b07a3 2188 SSH_PRIVSEP_USER=$withval
350391c5 2189 fi
8b32eddc 2190 ]
350391c5 2191)
08822d99 2192AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2193 [non-privileged user for privilege separation])
276b07a3 2194AC_SUBST(SSH_PRIVSEP_USER)
350391c5 2195
2196# We do this little dance with the search path to insure
2197# that programs that we select for use by installed programs
2198# (which may be run by the super-user) come from trusted
2199# locations before they come from the user's private area.
2200# This should help avoid accidentally configuring some
2201# random version of a program in someone's personal bin.
2202
2203OPATH=$PATH
2204PATH=/bin:/usr/bin
2205test -h /bin 2> /dev/null && PATH=/usr/bin
2206test -d /sbin && PATH=$PATH:/sbin
2207test -d /usr/sbin && PATH=$PATH:/usr/sbin
2208PATH=$PATH:/etc:$OPATH
2209
540d72c3 2210# These programs are used by the command hashing source to gather entropy
e9702f7d 2211OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2212OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2213OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2214OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2215OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2216OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2217OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2218OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2219OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2220OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2221OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2222OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2223OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2224OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2225OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2226OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
350391c5 2227# restore PATH
2228PATH=$OPATH
e9702f7d 2229
2230# Where does ssh-rand-helper get its randomness from?
2231INSTALL_SSH_PRNG_CMDS=""
2232if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2233 if test ! -z "$PRNGD_PORT" ; then
2234 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2235 elif test ! -z "$PRNGD_SOCKET" ; then
2236 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2237 else
2238 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2239 RAND_HELPER_CMDHASH=yes
2240 INSTALL_SSH_PRNG_CMDS="yes"
2241 fi
2242fi
2243AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2244
2245
3c0ef626 2246# Cheap hack to ensure NEWS-OS libraries are arranged right.
2247if test ! -z "$SONY" ; then
2248 LIBS="$LIBS -liberty";
2249fi
2250
08822d99 2251# Check for long long datatypes
2252AC_CHECK_TYPES([long long, unsigned long long, long double])
2253
2254# Check datatype sizes
3c0ef626 2255AC_CHECK_SIZEOF(char, 1)
2256AC_CHECK_SIZEOF(short int, 2)
2257AC_CHECK_SIZEOF(int, 4)
2258AC_CHECK_SIZEOF(long int, 4)
2259AC_CHECK_SIZEOF(long long int, 8)
2260
350391c5 2261# Sanity check long long for some platforms (AIX)
2262if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2263 ac_cv_sizeof_long_long_int=0
2264fi
2265
08822d99 2266# compute LLONG_MIN and LLONG_MAX if we don't know them.
2267if test -z "$have_llong_max"; then
2268 AC_MSG_CHECKING([for max value of long long])
2269 AC_RUN_IFELSE(
2270 [AC_LANG_SOURCE([[
2271#include <stdio.h>
2272/* Why is this so damn hard? */
2273#ifdef __GNUC__
2274# undef __GNUC__
2275#endif
2276#define __USE_ISOC99
2277#include <limits.h>
2278#define DATA "conftest.llminmax"
2279int main(void) {
2280 FILE *f;
2281 long long i, llmin, llmax = 0;
2282
2283 if((f = fopen(DATA,"w")) == NULL)
2284 exit(1);
2285
2286#if defined(LLONG_MIN) && defined(LLONG_MAX)
2287 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2288 llmin = LLONG_MIN;
2289 llmax = LLONG_MAX;
2290#else
2291 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2292 /* This will work on one's complement and two's complement */
2293 for (i = 1; i > llmax; i <<= 1, i++)
2294 llmax = i;
2295 llmin = llmax + 1LL; /* wrap */
2296#endif
2297
2298 /* Sanity check */
2299 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2300 || llmax - 1 > llmax) {
2301 fprintf(f, "unknown unknown\n");
2302 exit(2);
2303 }
2304
2305 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
2306 exit(3);
2307
2308 exit(0);
2309}
2310 ]])],
2311 [
2312 llong_min=`$AWK '{print $1}' conftest.llminmax`
2313 llong_max=`$AWK '{print $2}' conftest.llminmax`
2314
2315 # snprintf on some Tru64s doesn't understand "%lld"
2316 case "$host" in
2317 alpha-dec-osf*)
2318 if test "x$ac_cv_sizeof_long_long_int" = "x8" &&
2319 test "x$llong_max" = "xld"; then
2320 llong_min="-9223372036854775808"
2321 llong_max="9223372036854775807"
2322 fi
2323 ;;
2324 esac
2325
2326 AC_MSG_RESULT($llong_max)
2327 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2328 [max value of long long calculated by configure])
2329 AC_MSG_CHECKING([for min value of long long])
2330 AC_MSG_RESULT($llong_min)
2331 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2332 [min value of long long calculated by configure])
2333 ],
2334 [
2335 AC_MSG_RESULT(not found)
2336 ],
2337 [
2338 AC_MSG_WARN([cross compiling: not checking])
2339 ]
2340 )
2341fi
2342
2343
3c0ef626 2344# More checks for data types
2345AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2346 AC_TRY_COMPILE(
540d72c3 2347 [ #include <sys/types.h> ],
2348 [ u_int a; a = 1;],
3c0ef626 2349 [ ac_cv_have_u_int="yes" ],
2350 [ ac_cv_have_u_int="no" ]
2351 )
2352])
2353if test "x$ac_cv_have_u_int" = "xyes" ; then
08822d99 2354 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
3c0ef626 2355 have_u_int=1
2356fi
2357
2358AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2359 AC_TRY_COMPILE(
540d72c3 2360 [ #include <sys/types.h> ],
2361 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
3c0ef626 2362 [ ac_cv_have_intxx_t="yes" ],
2363 [ ac_cv_have_intxx_t="no" ]
2364 )
2365])
2366if test "x$ac_cv_have_intxx_t" = "xyes" ; then
08822d99 2367 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
3c0ef626 2368 have_intxx_t=1
2369fi
2370
2371if (test -z "$have_intxx_t" && \
540d72c3 2372 test "x$ac_cv_header_stdint_h" = "xyes")
3c0ef626 2373then
2374 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2375 AC_TRY_COMPILE(
540d72c3 2376 [ #include <stdint.h> ],
2377 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
3c0ef626 2378 [
2379 AC_DEFINE(HAVE_INTXX_T)
2380 AC_MSG_RESULT(yes)
2381 ],
2382 [ AC_MSG_RESULT(no) ]
2383 )
2384fi
2385
2386AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2387 AC_TRY_COMPILE(
d03f4262 2388 [
2389#include <sys/types.h>
2390#ifdef HAVE_STDINT_H
2391# include <stdint.h>
2392#endif
2393#include <sys/socket.h>
2394#ifdef HAVE_SYS_BITYPES_H
2395# include <sys/bitypes.h>
2396#endif
540d72c3 2397 ],
2398 [ int64_t a; a = 1;],
3c0ef626 2399 [ ac_cv_have_int64_t="yes" ],
2400 [ ac_cv_have_int64_t="no" ]
2401 )
2402])
2403if test "x$ac_cv_have_int64_t" = "xyes" ; then
08822d99 2404 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
e9702f7d 2405fi
2406
3c0ef626 2407AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2408 AC_TRY_COMPILE(
540d72c3 2409 [ #include <sys/types.h> ],
2410 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
3c0ef626 2411 [ ac_cv_have_u_intxx_t="yes" ],
2412 [ ac_cv_have_u_intxx_t="no" ]
2413 )
2414])
2415if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
08822d99 2416 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
3c0ef626 2417 have_u_intxx_t=1
2418fi
2419
2420if test -z "$have_u_intxx_t" ; then
2421 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2422 AC_TRY_COMPILE(
540d72c3 2423 [ #include <sys/socket.h> ],
2424 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
3c0ef626 2425 [
2426 AC_DEFINE(HAVE_U_INTXX_T)
2427 AC_MSG_RESULT(yes)
2428 ],
2429 [ AC_MSG_RESULT(no) ]
2430 )
2431fi
2432
2433AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2434 AC_TRY_COMPILE(
540d72c3 2435 [ #include <sys/types.h> ],
2436 [ u_int64_t a; a = 1;],
3c0ef626 2437 [ ac_cv_have_u_int64_t="yes" ],
2438 [ ac_cv_have_u_int64_t="no" ]
2439 )
2440])
2441if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
08822d99 2442 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
3c0ef626 2443 have_u_int64_t=1
2444fi
2445
e9702f7d 2446if test -z "$have_u_int64_t" ; then
2447 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2448 AC_TRY_COMPILE(
540d72c3 2449 [ #include <sys/bitypes.h> ],
e9702f7d 2450 [ u_int64_t a; a = 1],
2451 [
2452 AC_DEFINE(HAVE_U_INT64_T)
2453 AC_MSG_RESULT(yes)
2454 ],
2455 [ AC_MSG_RESULT(no) ]
2456 )
2457fi
2458
3c0ef626 2459if test -z "$have_u_intxx_t" ; then
2460 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2461 AC_TRY_COMPILE(
2462 [
2463#include <sys/types.h>
540d72c3 2464 ],
2465 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
3c0ef626 2466 [ ac_cv_have_uintxx_t="yes" ],
2467 [ ac_cv_have_uintxx_t="no" ]
2468 )
2469 ])
2470 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
08822d99 2471 AC_DEFINE(HAVE_UINTXX_T, 1,
2472 [define if you have uintxx_t data type])
3c0ef626 2473 fi
2474fi
2475
2476if test -z "$have_uintxx_t" ; then
2477 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2478 AC_TRY_COMPILE(
540d72c3 2479 [ #include <stdint.h> ],
2480 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
3c0ef626 2481 [
2482 AC_DEFINE(HAVE_UINTXX_T)
2483 AC_MSG_RESULT(yes)
2484 ],
2485 [ AC_MSG_RESULT(no) ]
2486 )
2487fi
2488
2489if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
540d72c3 2490 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3c0ef626 2491then
2492 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2493 AC_TRY_COMPILE(
2494 [
2495#include <sys/bitypes.h>
540d72c3 2496 ],
3c0ef626 2497 [
2498 int8_t a; int16_t b; int32_t c;
2499 u_int8_t e; u_int16_t f; u_int32_t g;
2500 a = b = c = e = f = g = 1;
540d72c3 2501 ],
3c0ef626 2502 [
2503 AC_DEFINE(HAVE_U_INTXX_T)
2504 AC_DEFINE(HAVE_INTXX_T)
2505 AC_MSG_RESULT(yes)
2506 ],
2507 [AC_MSG_RESULT(no)]
540d72c3 2508 )
3c0ef626 2509fi
2510
2511
2512AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2513 AC_TRY_COMPILE(
2514 [
2515#include <sys/types.h>
2516 ],
2517 [ u_char foo; foo = 125; ],
2518 [ ac_cv_have_u_char="yes" ],
2519 [ ac_cv_have_u_char="no" ]
2520 )
2521])
2522if test "x$ac_cv_have_u_char" = "xyes" ; then
08822d99 2523 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
3c0ef626 2524fi
2525
2526TYPE_SOCKLEN_T
2527
e9702f7d 2528AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2529
dfddba3d 2530AC_CHECK_TYPES(in_addr_t,,,
2531[#include <sys/types.h>
2532#include <netinet/in.h>])
2533
3c0ef626 2534AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2535 AC_TRY_COMPILE(
2536 [
2537#include <sys/types.h>
2538 ],
2539 [ size_t foo; foo = 1235; ],
2540 [ ac_cv_have_size_t="yes" ],
2541 [ ac_cv_have_size_t="no" ]
2542 )
2543])
2544if test "x$ac_cv_have_size_t" = "xyes" ; then
08822d99 2545 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
3c0ef626 2546fi
2547
2548AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2549 AC_TRY_COMPILE(
2550 [
2551#include <sys/types.h>
2552 ],
2553 [ ssize_t foo; foo = 1235; ],
2554 [ ac_cv_have_ssize_t="yes" ],
2555 [ ac_cv_have_ssize_t="no" ]
2556 )
2557])
2558if test "x$ac_cv_have_ssize_t" = "xyes" ; then
08822d99 2559 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
3c0ef626 2560fi
2561
2562AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2563 AC_TRY_COMPILE(
2564 [
2565#include <time.h>
2566 ],
2567 [ clock_t foo; foo = 1235; ],
2568 [ ac_cv_have_clock_t="yes" ],
2569 [ ac_cv_have_clock_t="no" ]
2570 )
2571])
2572if test "x$ac_cv_have_clock_t" = "xyes" ; then
08822d99 2573 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
3c0ef626 2574fi
2575
2576AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2577 AC_TRY_COMPILE(
2578 [
2579#include <sys/types.h>
2580#include <sys/socket.h>
2581 ],
2582 [ sa_family_t foo; foo = 1235; ],
2583 [ ac_cv_have_sa_family_t="yes" ],
2584 [ AC_TRY_COMPILE(
2585 [
2586#include <sys/types.h>
2587#include <sys/socket.h>
2588#include <netinet/in.h>
2589 ],
2590 [ sa_family_t foo; foo = 1235; ],
2591 [ ac_cv_have_sa_family_t="yes" ],
2592
2593 [ ac_cv_have_sa_family_t="no" ]
2594 )]
2595 )
2596])
2597if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
08822d99 2598 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2599 [define if you have sa_family_t data type])
3c0ef626 2600fi
2601
2602AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2603 AC_TRY_COMPILE(
2604 [
2605#include <sys/types.h>
2606 ],
2607 [ pid_t foo; foo = 1235; ],
2608 [ ac_cv_have_pid_t="yes" ],
2609 [ ac_cv_have_pid_t="no" ]
2610 )
2611])
2612if test "x$ac_cv_have_pid_t" = "xyes" ; then
08822d99 2613 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
3c0ef626 2614fi
2615
2616AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2617 AC_TRY_COMPILE(
2618 [
2619#include <sys/types.h>
2620 ],
2621 [ mode_t foo; foo = 1235; ],
2622 [ ac_cv_have_mode_t="yes" ],
2623 [ ac_cv_have_mode_t="no" ]
2624 )
2625])
2626if test "x$ac_cv_have_mode_t" = "xyes" ; then
08822d99 2627 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
3c0ef626 2628fi
2629
2630
2631AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2632 AC_TRY_COMPILE(
2633 [
2634#include <sys/types.h>
2635#include <sys/socket.h>
2636 ],
2637 [ struct sockaddr_storage s; ],
2638 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2639 [ ac_cv_have_struct_sockaddr_storage="no" ]
2640 )
2641])
2642if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
08822d99 2643 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2644 [define if you have struct sockaddr_storage data type])
3c0ef626 2645fi
2646
2647AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2648 AC_TRY_COMPILE(
2649 [
2650#include <sys/types.h>
2651#include <netinet/in.h>
2652 ],
2653 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2654 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2655 [ ac_cv_have_struct_sockaddr_in6="no" ]
2656 )
2657])
2658if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
08822d99 2659 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2660 [define if you have struct sockaddr_in6 data type])
3c0ef626 2661fi
2662
2663AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2664 AC_TRY_COMPILE(
2665 [
2666#include <sys/types.h>
2667#include <netinet/in.h>
2668 ],
2669 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2670 [ ac_cv_have_struct_in6_addr="yes" ],
2671 [ ac_cv_have_struct_in6_addr="no" ]
2672 )
2673])
2674if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
08822d99 2675 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2676 [define if you have struct in6_addr data type])
3c0ef626 2677fi
2678
2679AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2680 AC_TRY_COMPILE(
2681 [
2682#include <sys/types.h>
2683#include <sys/socket.h>
2684#include <netdb.h>
2685 ],
2686 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2687 [ ac_cv_have_struct_addrinfo="yes" ],
2688 [ ac_cv_have_struct_addrinfo="no" ]
2689 )
2690])
2691if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
08822d99 2692 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2693 [define if you have struct addrinfo data type])
3c0ef626 2694fi
2695
2696AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2697 AC_TRY_COMPILE(
540d72c3 2698 [ #include <sys/time.h> ],
2699 [ struct timeval tv; tv.tv_sec = 1;],
3c0ef626 2700 [ ac_cv_have_struct_timeval="yes" ],
2701 [ ac_cv_have_struct_timeval="no" ]
2702 )
2703])
2704if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
08822d99 2705 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3c0ef626 2706 have_struct_timeval=1
2707fi
2708
bfe49944 2709AC_CHECK_TYPES(struct timespec)
2710
2711# We need int64_t or else certian parts of the compile will fail.
8b32eddc 2712if test "x$ac_cv_have_int64_t" = "xno" && \
2713 test "x$ac_cv_sizeof_long_int" != "x8" && \
2714 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
bfe49944 2715 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2716 echo "an alternative compiler (I.E., GCC) before continuing."
2717 echo ""
2718 exit 1;
3c0ef626 2719else
2720dnl test snprintf (broken on SCO w/gcc)
dfddba3d 2721 AC_RUN_IFELSE(
2722 [AC_LANG_SOURCE([[
3c0ef626 2723#include <stdio.h>
2724#include <string.h>
2725#ifdef HAVE_SNPRINTF
2726main()
2727{
2728 char buf[50];
2729 char expected_out[50];
2730 int mazsize = 50 ;
2731#if (SIZEOF_LONG_INT == 8)
2732 long int num = 0x7fffffffffffffff;
2733#else
2734 long long num = 0x7fffffffffffffffll;
2735#endif
2736 strcpy(expected_out, "9223372036854775807");
2737 snprintf(buf, mazsize, "%lld", num);
2738 if(strcmp(buf, expected_out) != 0)
540d72c3 2739 exit(1);
3c0ef626 2740 exit(0);
2741}
2742#else
2743main() { exit(0); }
2744#endif
dfddba3d 2745 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2746 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3c0ef626 2747 )
2748fi
3c0ef626 2749
2750dnl Checks for structure members
2751OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2752OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2753OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2754OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2755OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2756OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2757OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2758OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2759OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2760OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2761OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2762OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2763OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2764OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2765OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2766OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2767OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2768
2769AC_CHECK_MEMBERS([struct stat.st_blksize])
08822d99 2770AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2771 [Define if we don't have struct __res_state in resolv.h])],
2772[
2773#include <stdio.h>
2774#if HAVE_SYS_TYPES_H
2775# include <sys/types.h>
2776#endif
2777#include <netinet/in.h>
2778#include <arpa/nameser.h>
2779#include <resolv.h>
2780])
3c0ef626 2781
2782AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2783 ac_cv_have_ss_family_in_struct_ss, [
2784 AC_TRY_COMPILE(
2785 [
2786#include <sys/types.h>
2787#include <sys/socket.h>
2788 ],
2789 [ struct sockaddr_storage s; s.ss_family = 1; ],
2790 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2791 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2792 )
2793])
2794if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
08822d99 2795 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3c0ef626 2796fi
2797
2798AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2799 ac_cv_have___ss_family_in_struct_ss, [
2800 AC_TRY_COMPILE(
2801 [
2802#include <sys/types.h>
2803#include <sys/socket.h>
2804 ],
2805 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2806 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2807 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2808 )
2809])
2810if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
08822d99 2811 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2812 [Fields in struct sockaddr_storage])
3c0ef626 2813fi
2814
2815AC_CACHE_CHECK([for pw_class field in struct passwd],
2816 ac_cv_have_pw_class_in_struct_passwd, [
2817 AC_TRY_COMPILE(
2818 [
2819#include <pwd.h>
2820 ],
2821 [ struct passwd p; p.pw_class = 0; ],
2822 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2823 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2824 )
2825])
2826if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
08822d99 2827 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2828 [Define if your password has a pw_class field])
3c0ef626 2829fi
2830
2831AC_CACHE_CHECK([for pw_expire field in struct passwd],
2832 ac_cv_have_pw_expire_in_struct_passwd, [
2833 AC_TRY_COMPILE(
2834 [
2835#include <pwd.h>
2836 ],
2837 [ struct passwd p; p.pw_expire = 0; ],
2838 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2839 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2840 )
2841])
2842if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
08822d99 2843 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2844 [Define if your password has a pw_expire field])
3c0ef626 2845fi
2846
2847AC_CACHE_CHECK([for pw_change field in struct passwd],
2848 ac_cv_have_pw_change_in_struct_passwd, [
2849 AC_TRY_COMPILE(
2850 [
2851#include <pwd.h>
2852 ],
2853 [ struct passwd p; p.pw_change = 0; ],
2854 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2855 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2856 )
2857])
2858if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
08822d99 2859 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2860 [Define if your password has a pw_change field])
3c0ef626 2861fi
2862
541874c2 2863dnl make sure we're using the real structure members and not defines
350391c5 2864AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2865 ac_cv_have_accrights_in_msghdr, [
dfddba3d 2866 AC_COMPILE_IFELSE(
350391c5 2867 [
2868#include <sys/types.h>
2869#include <sys/socket.h>
2870#include <sys/uio.h>
541874c2 2871int main() {
2872#ifdef msg_accrights
dfddba3d 2873#error "msg_accrights is a macro"
541874c2 2874exit(1);
2875#endif
2876struct msghdr m;
2877m.msg_accrights = 0;
2878exit(0);
2879}
350391c5 2880 ],
350391c5 2881 [ ac_cv_have_accrights_in_msghdr="yes" ],
2882 [ ac_cv_have_accrights_in_msghdr="no" ]
2883 )
2884])
2885if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
08822d99 2886 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2887 [Define if your system uses access rights style
2888 file descriptor passing])
350391c5 2889fi
2890
2891AC_CACHE_CHECK([for msg_control field in struct msghdr],
2892 ac_cv_have_control_in_msghdr, [
dfddba3d 2893 AC_COMPILE_IFELSE(
350391c5 2894 [
2895#include <sys/types.h>
2896#include <sys/socket.h>
2897#include <sys/uio.h>
541874c2 2898int main() {
2899#ifdef msg_control
dfddba3d 2900#error "msg_control is a macro"
541874c2 2901exit(1);
2902#endif
2903struct msghdr m;
2904m.msg_control = 0;
2905exit(0);
2906}
350391c5 2907 ],
350391c5 2908 [ ac_cv_have_control_in_msghdr="yes" ],
2909 [ ac_cv_have_control_in_msghdr="no" ]
2910 )
2911])
2912if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
08822d99 2913 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2914 [Define if your system uses ancillary data style
2915 file descriptor passing])
350391c5 2916fi
2917
3c0ef626 2918AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
540d72c3 2919 AC_TRY_LINK([],
2920 [ extern char *__progname; printf("%s", __progname); ],
3c0ef626 2921 [ ac_cv_libc_defines___progname="yes" ],
2922 [ ac_cv_libc_defines___progname="no" ]
2923 )
2924])
2925if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
08822d99 2926 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3c0ef626 2927fi
2928
350391c5 2929AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2930 AC_TRY_LINK([
2931#include <stdio.h>
540d72c3 2932],
2933 [ printf("%s", __FUNCTION__); ],
350391c5 2934 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2935 [ ac_cv_cc_implements___FUNCTION__="no" ]
2936 )
2937])
2938if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
08822d99 2939 AC_DEFINE(HAVE___FUNCTION__, 1,
2940 [Define if compiler implements __FUNCTION__])
350391c5 2941fi
2942
2943AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2944 AC_TRY_LINK([
2945#include <stdio.h>
540d72c3 2946],
2947 [ printf("%s", __func__); ],
350391c5 2948 [ ac_cv_cc_implements___func__="yes" ],
2949 [ ac_cv_cc_implements___func__="no" ]
2950 )
2951])
2952if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
08822d99 2953 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2954fi
2955
2956AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2957 AC_TRY_LINK(
2958 [#include <stdarg.h>
2959 va_list x,y;],
2960 [va_copy(x,y);],
2961 [ ac_cv_have_va_copy="yes" ],
2962 [ ac_cv_have_va_copy="no" ]
2963 )
2964])
2965if test "x$ac_cv_have_va_copy" = "xyes" ; then
2966 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2967fi
2968
2969AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2970 AC_TRY_LINK(
2971 [#include <stdarg.h>
2972 va_list x,y;],
2973 [__va_copy(x,y);],
2974 [ ac_cv_have___va_copy="yes" ],
2975 [ ac_cv_have___va_copy="no" ]
2976 )
2977])
2978if test "x$ac_cv_have___va_copy" = "xyes" ; then
2979 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
350391c5 2980fi
2981
3c0ef626 2982AC_CACHE_CHECK([whether getopt has optreset support],
2983 ac_cv_have_getopt_optreset, [
2984 AC_TRY_LINK(
2985 [
2986#include <getopt.h>
2987 ],
2988 [ extern int optreset; optreset = 0; ],
2989 [ ac_cv_have_getopt_optreset="yes" ],
2990 [ ac_cv_have_getopt_optreset="no" ]
2991 )
2992])
2993if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
08822d99 2994 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2995 [Define if your getopt(3) defines and uses optreset])
3c0ef626 2996fi
2997
2998AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
540d72c3 2999 AC_TRY_LINK([],
3000 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3c0ef626 3001 [ ac_cv_libc_defines_sys_errlist="yes" ],
3002 [ ac_cv_libc_defines_sys_errlist="no" ]
3003 )
3004])
3005if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
08822d99 3006 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3007 [Define if your system defines sys_errlist[]])
3c0ef626 3008fi
3009
3010
3011AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
540d72c3 3012 AC_TRY_LINK([],
3013 [ extern int sys_nerr; printf("%i", sys_nerr);],
3c0ef626 3014 [ ac_cv_libc_defines_sys_nerr="yes" ],
3015 [ ac_cv_libc_defines_sys_nerr="no" ]
3016 )
3017])
3018if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
08822d99 3019 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3c0ef626 3020fi
3021
540d72c3 3022SCARD_MSG="no"
350391c5 3023# Check whether user wants sectok support
3024AC_ARG_WITH(sectok,
3025 [ --with-sectok Enable smartcard support using libsectok],
3c0ef626 3026 [
3027 if test "x$withval" != "xno" ; then
3028 if test "x$withval" != "xyes" ; then
3029 CPPFLAGS="$CPPFLAGS -I${withval}"
3030 LDFLAGS="$LDFLAGS -L${withval}"
3031 if test ! -z "$need_dash_r" ; then
3032 LDFLAGS="$LDFLAGS -R${withval}"
3033 fi
3034 if test ! -z "$blibpath" ; then
3035 blibpath="$blibpath:${withval}"
3036 fi
3037 fi
3038 AC_CHECK_HEADERS(sectok.h)
3039 if test "$ac_cv_header_sectok_h" != yes; then
3040 AC_MSG_ERROR(Can't find sectok.h)
3041 fi
3042 AC_CHECK_LIB(sectok, sectok_open)
3043 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3044 AC_MSG_ERROR(Can't find libsectok)
3045 fi
08822d99 3046 AC_DEFINE(SMARTCARD, 1,
3047 [Define if you want smartcard support])
3048 AC_DEFINE(USE_SECTOK, 1,
3049 [Define if you want smartcard support
3050 using sectok])
540d72c3 3051 SCARD_MSG="yes, using sectok"
3c0ef626 3052 fi
3053 ]
3054)
3055
350391c5 3056# Check whether user wants OpenSC support
8b32eddc 3057OPENSC_CONFIG="no"
350391c5 3058AC_ARG_WITH(opensc,
08822d99 3059 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
8b32eddc 3060 [
3061 if test "x$withval" != "xno" ; then
3062 if test "x$withval" != "xyes" ; then
3063 OPENSC_CONFIG=$withval/bin/opensc-config
3064 else
3065 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3066 fi
3067 if test "$OPENSC_CONFIG" != "no"; then
3068 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3069 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3070 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3071 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
3072 AC_DEFINE(SMARTCARD)
08822d99 3073 AC_DEFINE(USE_OPENSC, 1,
3074 [Define if you want smartcard support
3075 using OpenSC])
8b32eddc 3076 SCARD_MSG="yes, using OpenSC"
3077 fi
3078 fi
3079 ]
3080)
350391c5 3081
540d72c3 3082# Check libraries needed by DNS fingerprint support
3083AC_SEARCH_LIBS(getrrsetbyname, resolv,
08822d99 3084 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3085 [Define if getrrsetbyname() exists])],
7cac2b65 3086 [
540d72c3 3087 # Needed by our getrrsetbyname()
3088 AC_SEARCH_LIBS(res_query, resolv)
3089 AC_SEARCH_LIBS(dn_expand, resolv)
7e82606e 3090 AC_MSG_CHECKING(if res_query will link)
3091 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3092 [AC_MSG_RESULT(no)
3093 saved_LIBS="$LIBS"
3094 LIBS="$LIBS -lresolv"
3095 AC_MSG_CHECKING(for res_query in -lresolv)
3096 AC_LINK_IFELSE([
3097#include <resolv.h>
3098int main()
3099{
3100 res_query (0, 0, 0, 0, 0);
3101 return 0;
3102}
3103 ],
3104 [LIBS="$LIBS -lresolv"
3105 AC_MSG_RESULT(yes)],
3106 [LIBS="$saved_LIBS"
3107 AC_MSG_RESULT(no)])
3108 ])
540d72c3 3109 AC_CHECK_FUNCS(_getshort _getlong)
2ce0bfe4 3110 AC_CHECK_DECLS([_getshort, _getlong], , ,
3111 [#include <sys/types.h>
3112 #include <arpa/nameser.h>])
540d72c3 3113 AC_CHECK_MEMBER(HEADER.ad,
08822d99 3114 [AC_DEFINE(HAVE_HEADER_AD, 1,
3115 [Define if HEADER.ad exists in arpa/nameser.h])],,
540d72c3 3116 [#include <arpa/nameser.h>])
3117 ])
7cac2b65 3118
63119dd9 3119# Check whether user wants Kerberos 5 support
540d72c3 3120KRB5_MSG="no"
63119dd9 3121AC_ARG_WITH(kerberos5,
540d72c3 3122 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3123 [ if test "x$withval" != "xno" ; then
3124 if test "x$withval" = "xyes" ; then
3125 KRB5ROOT="/usr/local"
3126 else
3127 KRB5ROOT=${withval}
3128 fi
3129
08822d99 3130 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
540d72c3 3131 KRB5_MSG="yes"
3132
3133 AC_MSG_CHECKING(for krb5-config)
3134 if test -x $KRB5ROOT/bin/krb5-config ; then
3135 KRB5CONF=$KRB5ROOT/bin/krb5-config
3136 AC_MSG_RESULT($KRB5CONF)
3137
3138 AC_MSG_CHECKING(for gssapi support)
3139 if $KRB5CONF | grep gssapi >/dev/null ; then
3140 AC_MSG_RESULT(yes)
08822d99 3141 AC_DEFINE(GSSAPI, 1,
3142 [Define this if you want GSSAPI
3143 support in the version 2 protocol])
540d72c3 3144 k5confopts=gssapi
3145 else
3146 AC_MSG_RESULT(no)
3147 k5confopts=""
3148 fi
3149 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3150 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3151 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3152 AC_MSG_CHECKING(whether we are using Heimdal)
3153 AC_TRY_COMPILE([ #include <krb5.h> ],
3154 [ char *tmp = heimdal_version; ],
3155 [ AC_MSG_RESULT(yes)
08822d99 3156 AC_DEFINE(HEIMDAL, 1,
3157 [Define this if you are using the
3158 Heimdal version of Kerberos V5]) ],
540d72c3 3159 AC_MSG_RESULT(no)
3160 )
3161 else
3162 AC_MSG_RESULT(no)
63119dd9 3163 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
540d72c3 3164 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3165 AC_MSG_CHECKING(whether we are using Heimdal)
3166 AC_TRY_COMPILE([ #include <krb5.h> ],
3167 [ char *tmp = heimdal_version; ],
3168 [ AC_MSG_RESULT(yes)
3169 AC_DEFINE(HEIMDAL)
7e82606e 3170 K5LIBS="-lkrb5 -ldes"
3171 K5LIBS="$K5LIBS -lcom_err -lasn1"
8b32eddc 3172 AC_CHECK_LIB(roken, net_write,
7e82606e 3173 [K5LIBS="$K5LIBS -lroken"])
540d72c3 3174 ],
3175 [ AC_MSG_RESULT(no)
3176 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3177 ]
3178 )
7cac2b65 3179 AC_SEARCH_LIBS(dn_expand, resolv)
3180
3181 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3182 [ AC_DEFINE(GSSAPI)
3183 K5LIBS="-lgssapi $K5LIBS" ],
3184 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3185 [ AC_DEFINE(GSSAPI)
540d72c3 3186 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
7cac2b65 3187 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3188 $K5LIBS)
3189 ],
3190 $K5LIBS)
8b32eddc 3191
7cac2b65 3192 AC_CHECK_HEADER(gssapi.h, ,
3193 [ unset ac_cv_header_gssapi_h
540d72c3 3194 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
7cac2b65 3195 AC_CHECK_HEADERS(gssapi.h, ,
3196 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
540d72c3 3197 )
7cac2b65 3198 ]
3199 )
3200
3201 oldCPP="$CPPFLAGS"
3202 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3203 AC_CHECK_HEADER(gssapi_krb5.h, ,
3204 [ CPPFLAGS="$oldCPP" ])
63119dd9 3205
1c89237d 3206 # If we're using some other GSSAPI
3207 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3208 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3209 fi
5598e598 3210
540d72c3 3211 if test -z "$GSSAPI"; then
3212 GSSAPI="KRB5";
3213 fi
1c89237d 3214
5598e598 3215 oldCPP="$CPPFLAGS"
3216 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3217 AC_CHECK_HEADER(gssapi_krb5.h, ,
3218 [ CPPFLAGS="$oldCPP" ])
3219
63119dd9 3220 fi
540d72c3 3221 if test ! -z "$need_dash_r" ; then
3222 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3223 fi
3224 if test ! -z "$blibpath" ; then
3225 blibpath="$blibpath:${KRB5ROOT}/lib"
3226 fi
540d72c3 3227
08822d99 3228 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3229 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3230 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
540d72c3 3231
08822d99 3232 LIBS="$LIBS $K5LIBS"
3233 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3234 [Define this if you want to use libkafs' AFS support]))
3235 fi
540d72c3 3236 ]
63119dd9 3237)
3c0ef626 3238
62eb343a 3239# Check whether user wants AFS_KRB5 support
3240AFS_KRB5_MSG="no"
3241AC_ARG_WITH(afs-krb5,
3242 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3243 [
3244 if test "x$withval" != "xno" ; then
3245
3246 if test "x$withval" != "xyes" ; then
08822d99 3247 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3248 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
62eb343a 3249 else
08822d99 3250 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3251 "/usr/bin/aklog",
3252 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
62eb343a 3253 fi
3254
540d72c3 3255 if test -z "$KRB5ROOT" ; then
62eb343a 3256 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3257 fi
3258
0a00e8f9 3259 LIBS="-lkrbafs -lkrb4 $LIBS"
62eb343a 3260 if test ! -z "$AFS_LIBS" ; then
3261 LIBS="$LIBS $AFS_LIBS"
3262 fi
08822d99 3263 AC_DEFINE(AFS_KRB5, 1,
3264 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
62eb343a 3265 AFS_KRB5_MSG="yes"
3266 fi
3267 ]
3268)
3c0ef626 3269
75be3237 3270AC_ARG_WITH(session-hooks,
3271 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
08822d99 3272 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
75be3237 3273)
3274
3c0ef626 3275# Looking for programs, paths and files
3c0ef626 3276
350391c5 3277PRIVSEP_PATH=/var/empty
3278AC_ARG_WITH(privsep-path,
d03f4262 3279 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
350391c5 3280 [
8b32eddc 3281 if test -n "$withval" && test "x$withval" != "xno" && \
3282 test "x${withval}" != "xyes"; then
350391c5 3283 PRIVSEP_PATH=$withval
3284 fi
3285 ]
3286)
3287AC_SUBST(PRIVSEP_PATH)
3288
3c0ef626 3289AC_ARG_WITH(xauth,
3290 [ --with-xauth=PATH Specify path to xauth program ],
3291 [
8b32eddc 3292 if test -n "$withval" && test "x$withval" != "xno" && \
3293 test "x${withval}" != "xyes"; then
3c0ef626 3294 xauth_path=$withval
3295 fi
3296 ],
3297 [
d03f4262 3298 TestPath="$PATH"
3299 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3300 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3301 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3302 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3303 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3c0ef626 3304 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3305 xauth_path="/usr/openwin/bin/xauth"
3306 fi
3307 ]
3308)
3309
bfe49944 3310STRIP_OPT=-s
3311AC_ARG_ENABLE(strip,
3312 [ --disable-strip Disable calling strip(1) on install],
3313 [
3314 if test "x$enableval" = "xno" ; then
3315 STRIP_OPT=
3316 fi
3317 ]
3318)
3319AC_SUBST(STRIP_OPT)
3320
3c0ef626 3321if test -z "$xauth_path" ; then
3322 XAUTH_PATH="undefined"
3323 AC_SUBST(XAUTH_PATH)
3324else
08822d99 3325 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3326 [Define if xauth is found in your path])
3c0ef626 3327 XAUTH_PATH=$xauth_path
3328 AC_SUBST(XAUTH_PATH)
3329fi
3c0ef626 3330
3331# Check for mail directory (last resort if we cannot get it from headers)
3332if test ! -z "$MAIL" ; then
3333 maildir=`dirname $MAIL`
08822d99 3334 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3335 [Set this to your mail directory if you don't have maillock.h])
3c0ef626 3336fi
3337
dfddba3d 3338if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3339 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3340 disable_ptmx_check=yes
3341fi
3c0ef626 3342if test -z "$no_dev_ptmx" ; then
350391c5 3343 if test "x$disable_ptmx_check" != "xyes" ; then
540d72c3 3344 AC_CHECK_FILE("/dev/ptmx",
350391c5 3345 [
08822d99 3346 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3347 [Define if you have /dev/ptmx])
350391c5 3348 have_dev_ptmx=1
3349 ]
3350 )
3351 fi
3c0ef626 3352fi
dfddba3d 3353
3354if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3355 AC_CHECK_FILE("/dev/ptc",
3356 [
08822d99 3357 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3358 [Define if you have /dev/ptc])
dfddba3d 3359 have_dev_ptc=1
3360 ]
3361 )
3362else
3363 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3364fi
3c0ef626 3365
3366# Options from here on. Some of these are preset by platform above
3c0ef626 3367AC_ARG_WITH(mantype,
3368 [ --with-mantype=man|cat|doc Set man page type],
3369 [
3370 case "$withval" in
3371 man|cat|doc)
3372 MANTYPE=$withval
3373 ;;
3374 *)
3375 AC_MSG_ERROR(invalid man type: $withval)
3376 ;;
3377 esac
3378 ]
3379)
3380if test -z "$MANTYPE"; then
d03f4262 3381 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3382 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3c0ef626 3383 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3384 MANTYPE=doc
3385 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3386 MANTYPE=man
3387 else
3388 MANTYPE=cat
3389 fi
3390fi
3391AC_SUBST(MANTYPE)
3392if test "$MANTYPE" = "doc"; then
3393 mansubdir=man;
3394else
3395 mansubdir=$MANTYPE;
3396fi
3397AC_SUBST(mansubdir)
3398
3399# Check whether to enable MD5 passwords
540d72c3 3400MD5_MSG="no"
3c0ef626 3401AC_ARG_WITH(md5-passwords,
3402 [ --with-md5-passwords Enable use of MD5 passwords],
3403 [
3404 if test "x$withval" != "xno" ; then
08822d99 3405 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3406 [Define if you want to allow MD5 passwords])
540d72c3 3407 MD5_MSG="yes"
3c0ef626 3408 fi
3409 ]
3410)
3411
3412# Whether to disable shadow password support
3413AC_ARG_WITH(shadow,
3414 [ --without-shadow Disable shadow password support],
3415 [
8b32eddc 3416 if test "x$withval" = "xno" ; then
3c0ef626 3417 AC_DEFINE(DISABLE_SHADOW)
3418 disable_shadow=yes
3419 fi
3420 ]
3421)
3422
3423if test -z "$disable_shadow" ; then
3424 AC_MSG_CHECKING([if the systems has expire shadow information])
3425 AC_TRY_COMPILE(
3426 [
3427#include <sys/types.h>
3428#include <shadow.h>
3429 struct spwd sp;
3430 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3431 [ sp_expire_available=yes ], []
3432 )
3433
3434 if test "x$sp_expire_available" = "xyes" ; then
3435 AC_MSG_RESULT(yes)
08822d99 3436 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3437 [Define if you want to use shadow password expire field])
3c0ef626 3438 else
3439 AC_MSG_RESULT(no)
3440 fi
3441fi
3442
3443# Use ip address instead of hostname in $DISPLAY
3444if test ! -z "$IPADDR_IN_DISPLAY" ; then
3445 DISPLAY_HACK_MSG="yes"
08822d99 3446 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3447 [Define if you need to use IP address
3448 instead of hostname in $DISPLAY])
3c0ef626 3449else
540d72c3 3450 DISPLAY_HACK_MSG="no"
3c0ef626 3451 AC_ARG_WITH(ipaddr-display,
3452 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3453 [
8b32eddc 3454 if test "x$withval" != "xno" ; then
3c0ef626 3455 AC_DEFINE(IPADDR_IN_DISPLAY)
540d72c3 3456 DISPLAY_HACK_MSG="yes"
3c0ef626 3457 fi
3458 ]
3459 )
3460fi
3461
7cac2b65 3462# check for /etc/default/login and use it if present.
29d88157 3463AC_ARG_ENABLE(etc-default-login,
dfddba3d 3464 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3465 [ if test "x$enableval" = "xno"; then
3466 AC_MSG_NOTICE([/etc/default/login handling disabled])
3467 etc_default_login=no
3468 else
3469 etc_default_login=yes
3470 fi ],
08822d99 3471 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3472 then
3473 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3474 etc_default_login=no
3475 else
3476 etc_default_login=yes
3477 fi ]
dfddba3d 3478)
3479
3480if test "x$etc_default_login" != "xno"; then
3481 AC_CHECK_FILE("/etc/default/login",
3482 [ external_path_file=/etc/default/login ])
08822d99 3483 if test "x$external_path_file" = "x/etc/default/login"; then
3484 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3485 [Define if your system has /etc/default/login])
dfddba3d 3486 fi
7cac2b65 3487fi
3488
350391c5 3489dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
8b32eddc 3490if test $ac_cv_func_login_getcapbool = "yes" && \
3491 test $ac_cv_header_login_cap_h = "yes" ; then
7cac2b65 3492 external_path_file=/etc/login.conf
350391c5 3493fi
7cac2b65 3494
3c0ef626 3495# Whether to mess with the default path
540d72c3 3496SERVER_PATH_MSG="(default)"
3c0ef626 3497AC_ARG_WITH(default-path,
350391c5 3498 [ --with-default-path= Specify default \$PATH environment for server],
3c0ef626 3499 [
7cac2b65 3500 if test "x$external_path_file" = "x/etc/login.conf" ; then
350391c5 3501 AC_MSG_WARN([
3502--with-default-path=PATH has no effect on this system.
3503Edit /etc/login.conf instead.])
8b32eddc 3504 elif test "x$withval" != "xno" ; then
7cac2b65 3505 if test ! -z "$external_path_file" ; then
3506 AC_MSG_WARN([
3507--with-default-path=PATH will only be used if PATH is not defined in
3508$external_path_file .])
3509 fi
3c0ef626 3510 user_path="$withval"
540d72c3 3511 SERVER_PATH_MSG="$withval"
3c0ef626 3512 fi
3513 ],
7cac2b65 3514 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3515 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
350391c5 3516 else
7cac2b65 3517 if test ! -z "$external_path_file" ; then
3518 AC_MSG_WARN([
3519If PATH is defined in $external_path_file, ensure the path to scp is included,
3520otherwise scp will not work.])
3521 fi
08822d99 3522 AC_RUN_IFELSE(
3523 [AC_LANG_SOURCE([[
3c0ef626 3524/* find out what STDPATH is */
3525#include <stdio.h>
3526#ifdef HAVE_PATHS_H
3527# include <paths.h>
3528#endif
3529#ifndef _PATH_STDPATH
bfe49944 3530# ifdef _PATH_USERPATH /* Irix */
3531# define _PATH_STDPATH _PATH_USERPATH
3532# else
3533# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3534# endif
3c0ef626 3535#endif
3536#include <sys/types.h>
3537#include <sys/stat.h>
3538#include <fcntl.h>
3539#define DATA "conftest.stdpath"
3540
3541main()
3542{
3543 FILE *fd;
3544 int rc;
8b32eddc 3545
3c0ef626 3546 fd = fopen(DATA,"w");
3547 if(fd == NULL)
3548 exit(1);
8b32eddc 3549
3c0ef626 3550 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3551 exit(1);
3552
3553 exit(0);
3554}
08822d99 3555 ]])],
3556 [ user_path=`cat conftest.stdpath` ],
3c0ef626 3557 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3558 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3559 )
3560# make sure $bindir is in USER_PATH so scp will work
3561 t_bindir=`eval echo ${bindir}`
3562 case $t_bindir in
3563 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3564 esac
3565 case $t_bindir in
3566 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3567 esac
3568 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3569 if test $? -ne 0 ; then
3570 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3571 if test $? -ne 0 ; then
3572 user_path=$user_path:$t_bindir
3573 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3574 fi
3575 fi
350391c5 3576 fi ]
3577)
7cac2b65 3578if test "x$external_path_file" != "x/etc/login.conf" ; then
08822d99 3579 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
350391c5 3580 AC_SUBST(user_path)
3581fi
3582
3583# Set superuser path separately to user path
350391c5 3584AC_ARG_WITH(superuser-path,
3585 [ --with-superuser-path= Specify different path for super-user],
3586 [
8b32eddc 3587 if test -n "$withval" && test "x$withval" != "xno" && \
3588 test "x${withval}" != "xyes"; then
08822d99 3589 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3590 [Define if you want a different $PATH
3591 for the superuser])
350391c5 3592 superuser_path=$withval
3593 fi
3c0ef626 3594 ]
3595)
350391c5 3596
3c0ef626 3597
3c0ef626 3598AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
540d72c3 3599IPV4_IN6_HACK_MSG="no"
3c0ef626 3600AC_ARG_WITH(4in6,
3601 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3602 [
3603 if test "x$withval" != "xno" ; then
3604 AC_MSG_RESULT(yes)
08822d99 3605 AC_DEFINE(IPV4_IN_IPV6, 1,
3606 [Detect IPv4 in IPv6 mapped addresses
3607 and treat as IPv4])
540d72c3 3608 IPV4_IN6_HACK_MSG="yes"
3c0ef626 3609 else
3610 AC_MSG_RESULT(no)
3611 fi
3612 ],[
3613 if test "x$inet6_default_4in6" = "xyes"; then
3614 AC_MSG_RESULT([yes (default)])
3615 AC_DEFINE(IPV4_IN_IPV6)
540d72c3 3616 IPV4_IN6_HACK_MSG="yes"
3c0ef626 3617 else
3618 AC_MSG_RESULT([no (default)])
3619 fi
3620 ]
3621)
3622
3623# Whether to enable BSD auth support
e9702f7d 3624BSD_AUTH_MSG=no
3c0ef626 3625AC_ARG_WITH(bsd-auth,
3626 [ --with-bsd-auth Enable BSD auth support],
3627 [
8b32eddc 3628 if test "x$withval" != "xno" ; then
08822d99 3629 AC_DEFINE(BSD_AUTH, 1,
3630 [Define if you have BSD auth support])
e9702f7d 3631 BSD_AUTH_MSG=yes
3c0ef626 3632 fi
3633 ]
3634)
3635
3c0ef626 3636# Where to place sshd.pid
3637piddir=/var/run
350391c5 3638# make sure the directory exists
8b32eddc 3639if test ! -d $piddir ; then
350391c5 3640 piddir=`eval echo ${sysconfdir}`
3641 case $piddir in
540d72c3 3642 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
350391c5 3643 esac
3644fi
3645
3c0ef626 3646AC_ARG_WITH(pid-dir,
3647 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3648 [
8b32eddc 3649 if test -n "$withval" && test "x$withval" != "xno" && \
3650 test "x${withval}" != "xyes"; then
3c0ef626 3651 piddir=$withval
8b32eddc 3652 if test ! -d $piddir ; then
350391c5 3653 AC_MSG_WARN([** no $piddir directory on this system **])
3654 fi
3c0ef626 3655 fi
3656 ]
3657)
3658
08822d99 3659AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3c0ef626 3660AC_SUBST(piddir)
3661
3662dnl allow user to disable some login recording features
3663AC_ARG_ENABLE(lastlog,
3664 [ --disable-lastlog disable use of lastlog even if detected [no]],
7cac2b65 3665 [
3666 if test "x$enableval" = "xno" ; then
3667 AC_DEFINE(DISABLE_LASTLOG)
3668 fi
3669 ]
3c0ef626 3670)
3671AC_ARG_ENABLE(utmp,
3672 [ --disable-utmp disable use of utmp even if detected [no]],
7cac2b65 3673 [
3674 if test "x$enableval" = "xno" ; then
3675 AC_DEFINE(DISABLE_UTMP)
3676 fi
3677 ]
3c0ef626 3678)
3679AC_ARG_ENABLE(utmpx,
3680 [ --disable-utmpx disable use of utmpx even if detected [no]],
7cac2b65 3681 [
3682 if test "x$enableval" = "xno" ; then
08822d99 3683 AC_DEFINE(DISABLE_UTMPX, 1,
3684 [Define if you don't want to use utmpx])
7cac2b65 3685 fi
3686 ]
3c0ef626 3687)
3688AC_ARG_ENABLE(wtmp,
3689 [ --disable-wtmp disable use of wtmp even if detected [no]],
7cac2b65 3690 [
3691 if test "x$enableval" = "xno" ; then
3692 AC_DEFINE(DISABLE_WTMP)
3693 fi
3694 ]
3c0ef626 3695)
3696AC_ARG_ENABLE(wtmpx,
3697 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
7cac2b65 3698 [
3699 if test "x$enableval" = "xno" ; then
08822d99 3700 AC_DEFINE(DISABLE_WTMPX, 1,
3701 [Define if you don't want to use wtmpx])
7cac2b65 3702 fi
3703 ]
3c0ef626 3704)
3705AC_ARG_ENABLE(libutil,
3706 [ --disable-libutil disable use of libutil (login() etc.) [no]],
7cac2b65 3707 [
3708 if test "x$enableval" = "xno" ; then
3709 AC_DEFINE(DISABLE_LOGIN)
3710 fi
3711 ]
3c0ef626 3712)
3713AC_ARG_ENABLE(pututline,
3714 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
7cac2b65 3715 [
3716 if test "x$enableval" = "xno" ; then
08822d99 3717 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3718 [Define if you don't want to use pututline()
3719 etc. to write [uw]tmp])
7cac2b65 3720 fi
3721 ]
3c0ef626 3722)
3723AC_ARG_ENABLE(pututxline,
3724 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
7cac2b65 3725 [
3726 if test "x$enableval" = "xno" ; then
08822d99 3727 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3728 [Define if you don't want to use pututxline()
3729 etc. to write [uw]tmpx])
7cac2b65 3730 fi
3731 ]
3c0ef626 3732)
3733AC_ARG_WITH(lastlog,
3734 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3735 [
8b32eddc 3736 if test "x$withval" = "xno" ; then
3c0ef626 3737 AC_DEFINE(DISABLE_LASTLOG)
8b32eddc 3738 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3c0ef626 3739 conf_lastlog_location=$withval
3740 fi
3741 ]
3742)
3743
3744dnl lastlog, [uw]tmpx? detection
3745dnl NOTE: set the paths in the platform section to avoid the
3746dnl need for command-line parameters
3747dnl lastlog and [uw]tmp are subject to a file search if all else fails
3748
3749dnl lastlog detection
3750dnl NOTE: the code itself will detect if lastlog is a directory
3751AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3752AC_TRY_COMPILE([
3753#include <sys/types.h>
3754#include <utmp.h>
3755#ifdef HAVE_LASTLOG_H
3756# include <lastlog.h>
3757#endif
3758#ifdef HAVE_PATHS_H
3759# include <paths.h>
3760#endif
3761#ifdef HAVE_LOGIN_H
3762# include <login.h>
3763#endif
3764 ],
3765 [ char *lastlog = LASTLOG_FILE; ],
3766 [ AC_MSG_RESULT(yes) ],
3767 [
3768 AC_MSG_RESULT(no)
3769 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3770 AC_TRY_COMPILE([
3771#include <sys/types.h>
3772#include <utmp.h>
3773#ifdef HAVE_LASTLOG_H
3774# include <lastlog.h>
3775#endif
3776#ifdef HAVE_PATHS_H
3777# include <paths.h>
3778#endif
3779 ],
3780 [ char *lastlog = _PATH_LASTLOG; ],
3781 [ AC_MSG_RESULT(yes) ],
3782 [
3783 AC_MSG_RESULT(no)
3784 system_lastlog_path=no
3785 ])
3786 ]
3787)
3788
3789if test -z "$conf_lastlog_location"; then
3790 if test x"$system_lastlog_path" = x"no" ; then
3791 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3792 if (test -d "$f" || test -f "$f") ; then
3793 conf_lastlog_location=$f
3794 fi
3795 done
3796 if test -z "$conf_lastlog_location"; then
3797 AC_MSG_WARN([** Cannot find lastlog **])
3798 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3799 fi
3800 fi
3801fi
3802
3803if test -n "$conf_lastlog_location"; then
08822d99 3804 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3805 [Define if you want to specify the path to your lastlog file])
8b32eddc 3806fi
3c0ef626 3807
3808dnl utmp detection
3809AC_MSG_CHECKING([if your system defines UTMP_FILE])
3810AC_TRY_COMPILE([
3811#include <sys/types.h>
3812#include <utmp.h>
3813#ifdef HAVE_PATHS_H
3814# include <paths.h>
3815#endif
3816 ],
3817 [ char *utmp = UTMP_FILE; ],
3818 [ AC_MSG_RESULT(yes) ],
3819 [ AC_MSG_RESULT(no)
3820 system_utmp_path=no ]
3821)
3822if test -z "$conf_utmp_location"; then
3823 if test x"$system_utmp_path" = x"no" ; then
3824 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3825 if test -f $f ; then
3826 conf_utmp_location=$f
3827 fi
3828 done
3829 if test -z "$conf_utmp_location"; then
3830 AC_DEFINE(DISABLE_UTMP)
3831 fi
3832 fi
3833fi
3834if test -n "$conf_utmp_location"; then
08822d99 3835 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3836 [Define if you want to specify the path to your utmp file])
8b32eddc 3837fi
3c0ef626 3838
3839dnl wtmp detection
3840AC_MSG_CHECKING([if your system defines WTMP_FILE])
3841AC_TRY_COMPILE([
3842#include <sys/types.h>
3843#include <utmp.h>
3844#ifdef HAVE_PATHS_H
3845# include <paths.h>
3846#endif
3847 ],
3848 [ char *wtmp = WTMP_FILE; ],
3849 [ AC_MSG_RESULT(yes) ],
3850 [ AC_MSG_RESULT(no)
3851 system_wtmp_path=no ]
3852)
3853if test -z "$conf_wtmp_location"; then
3854 if test x"$system_wtmp_path" = x"no" ; then
3855 for f in /usr/adm/wtmp /var/log/wtmp; do
3856 if test -f $f ; then
3857 conf_wtmp_location=$f
3858 fi
3859 done
3860 if test -z "$conf_wtmp_location"; then
3861 AC_DEFINE(DISABLE_WTMP)
3862 fi
3863 fi
3864fi
3865if test -n "$conf_wtmp_location"; then
08822d99 3866 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3867 [Define if you want to specify the path to your wtmp file])
8b32eddc 3868fi
3c0ef626 3869
3870
3871dnl utmpx detection - I don't know any system so perverse as to require
3872dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3873dnl there, though.
3874AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3875AC_TRY_COMPILE([
3876#include <sys/types.h>
3877#include <utmp.h>
3878#ifdef HAVE_UTMPX_H
3879#include <utmpx.h>
3880#endif
3881#ifdef HAVE_PATHS_H
3882# include <paths.h>
3883#endif
3884 ],
3885 [ char *utmpx = UTMPX_FILE; ],
3886 [ AC_MSG_RESULT(yes) ],
3887 [ AC_MSG_RESULT(no)
3888 system_utmpx_path=no ]
3889)
3890if test -z "$conf_utmpx_location"; then
3891 if test x"$system_utmpx_path" = x"no" ; then
3892 AC_DEFINE(DISABLE_UTMPX)
3893 fi
3894else
08822d99 3895 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3896 [Define if you want to specify the path to your utmpx file])
8b32eddc 3897fi
3c0ef626 3898
3899dnl wtmpx detection
3900AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3901AC_TRY_COMPILE([
3902#include <sys/types.h>
3903#include <utmp.h>
3904#ifdef HAVE_UTMPX_H
3905#include <utmpx.h>
3906#endif
3907#ifdef HAVE_PATHS_H
3908# include <paths.h>
3909#endif
3910 ],
3911 [ char *wtmpx = WTMPX_FILE; ],
3912 [ AC_MSG_RESULT(yes) ],
3913 [ AC_MSG_RESULT(no)
3914 system_wtmpx_path=no ]
3915)
3916if test -z "$conf_wtmpx_location"; then
3917 if test x"$system_wtmpx_path" = x"no" ; then
3918 AC_DEFINE(DISABLE_WTMPX)
3919 fi
3920else
08822d99 3921 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3922 [Define if you want to specify the path to your wtmpx file])
8b32eddc 3923fi
3c0ef626 3924
3925
3c0ef626 3926if test ! -z "$blibpath" ; then
256cb466 3927 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3928 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3c0ef626 3929fi
3930
e9702f7d 3931dnl remove pam and dl because they are in $LIBPAM
3932if test "$PAM_MSG" = yes ; then
3933 LIBS=`echo $LIBS | sed 's/-lpam //'`
3934fi
3935if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3936 LIBS=`echo $LIBS | sed 's/-ldl //'`
3937fi
3c0ef626 3938
2ce0bfe4 3939dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3940dnl Add now.
3941CFLAGS="$CFLAGS $werror_flags"
3942
e9702f7d 3943AC_EXEEXT
dfddba3d 3944AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3945 scard/Makefile ssh_prng_cmds survey.sh])
3c0ef626 3946AC_OUTPUT
3947
3948# Print summary of options
3949
3c0ef626 3950# Someone please show me a better way :)
3951A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3952B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3953C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3954D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3955E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3956F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3957G=`eval echo ${piddir}` ; G=`eval echo ${G}`
350391c5 3958H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3959I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3960J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3c0ef626 3961
3962echo ""
3963echo "OpenSSH has been configured with the following options:"
350391c5 3964echo " User binaries: $B"
3965echo " System binaries: $C"
3966echo " Configuration files: $D"
3967echo " Askpass program: $E"
3968echo " Manual pages: $F"
3969echo " PID file: $G"
3970echo " Privilege separation chroot path: $H"
7cac2b65 3971if test "x$external_path_file" = "x/etc/login.conf" ; then
3972echo " At runtime, sshd will use the path defined in $external_path_file"
3973echo " Make sure the path to scp is present, otherwise scp will not work"
350391c5 3974else
3975echo " sshd default user PATH: $I"
7cac2b65 3976 if test ! -z "$external_path_file"; then
3977echo " (If PATH is set in $external_path_file it will be used instead. If"
3978echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3979 fi
350391c5 3980fi
3981if test ! -z "$superuser_path" ; then
3982echo " sshd superuser user PATH: $J"
3983fi
3984echo " Manpage format: $MANTYPE"
7cac2b65 3985echo " PAM support: $PAM_MSG"
350391c5 3986echo " KerberosV support: $KRB5_MSG"
3987echo " Smartcard support: $SCARD_MSG"
350391c5 3988echo " S/KEY support: $SKEY_MSG"
3989echo " TCP Wrappers support: $TCPW_MSG"
3990echo " MD5 password support: $MD5_MSG"
dfddba3d 3991echo " libedit support: $LIBEDIT_MSG"
350391c5 3992echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
350391c5 3993echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3994echo " BSD Auth support: $BSD_AUTH_MSG"
3995echo " Random number source: $RAND_MSG"
e9702f7d 3996if test ! -z "$USE_RAND_HELPER" ; then
350391c5 3997echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3c0ef626 3998fi
3999
4000echo ""
4001
4002echo " Host: ${host}"
4003echo " Compiler: ${CC}"
4004echo " Compiler flags: ${CFLAGS}"
4005echo "Preprocessor flags: ${CPPFLAGS}"
4006echo " Linker flags: ${LDFLAGS}"
e9702f7d 4007echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3c0ef626 4008
4009echo ""
4010
7e82606e 4011if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
dfddba3d 4012 echo "SVR4 style packages are supported with \"make package\""
4013 echo ""
7e82606e 4014fi
4015
3c0ef626 4016if test "x$PAM_MSG" = "xyes" ; then
e9702f7d 4017 echo "PAM is enabled. You may need to install a PAM control file "
4018 echo "for sshd, otherwise password authentication may fail. "
540d72c3 4019 echo "Example PAM control files can be found in the contrib/ "
e9702f7d 4020 echo "subdirectory"
3c0ef626 4021 echo ""
4022fi
4023
e9702f7d 4024if test ! -z "$RAND_HELPER_CMDHASH" ; then
4025 echo "WARNING: you are using the builtin random number collection "
4026 echo "service. Please read WARNING.RNG and request that your OS "
4027 echo "vendor includes kernel-based random number collection in "
4028 echo "future versions of your OS."
3c0ef626 4029 echo ""
4030fi
4031
7e82606e 4032if test ! -z "$NO_PEERCHECK" ; then
4033 echo "WARNING: the operating system that you are using does not "
4034 echo "appear to support either the getpeereid() API nor the "
4035 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4036 echo "enforce security checks to prevent unauthorised connections to "
4037 echo "ssh-agent. Their absence increases the risk that a malicious "
4038 echo "user can connect to your agent. "
4039 echo ""
4040fi
4041
dfddba3d 4042if test "$AUDIT_MODULE" = "bsm" ; then
4043 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4044 echo "See the Solaris section in README.platform for details."
4045fi
git-cvsimport mirror of GSI OpenSSH
This page took 0.72216 seconds and 5 git commands to generate.