]> andersk Git - gssapi-openssh.git/blame - openssh/configure.ac
andersk / gssapi-openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Import of OpenSSH 4.9p1
[gssapi-openssh.git] / openssh / configure.ac
CommitLineData
3c0ef626 1# $Id$
99be0775 2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
3c0ef626 16
665a873d 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
f2f068fa 18AC_REVISION($Revision$)
3c0ef626 19AC_CONFIG_SRCDIR([ssh.c])
20
21AC_CONFIG_HEADER(config.h)
22AC_PROG_CC
23AC_CANONICAL_HOST
24AC_C_BIGENDIAN
25
26# Checks for programs.
0fff78ff 27AC_PROG_AWK
3c0ef626 28AC_PROG_CPP
29AC_PROG_RANLIB
30AC_PROG_INSTALL
f2f068fa 31AC_PROG_EGREP
3c0ef626 32AC_PATH_PROG(AR, ar)
c9f39d2c 33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
3c0ef626 35AC_PATH_PROGS(PERL, perl5 perl)
6a9b3198 36AC_PATH_PROG(SED, sed)
3c0ef626 37AC_SUBST(PERL)
38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
3c0ef626 40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
700318f3 43AC_PATH_PROG(SH, sh)
c9f39d2c 44AC_SUBST(TEST_SHELL,sh)
45
46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
2c06c99b 52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
3c0ef626 57
58# System features
59AC_SYS_LARGEFILE
60
61if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
2c06c99b 67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
3c0ef626 70else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76fi
77
cdd66111 78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
2c06c99b 80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
cdd66111 82fi
83
3c0ef626 84if test -z "$LD" ; then
85 LD=$CC
86fi
87AC_SUBST(LD)
dec6d9fe 88
3c0ef626 89AC_C_INLINE
665a873d 90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
47686178 93use_stack_protector=1
94AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
97 use_stack_protector=0
98 fi ])
99
cdd66111 100if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
665a873d 101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
2c06c99b 102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
665a873d 103 case $GCC_VER in
d4487008 104 1.*) no_attrib_nonnull=1 ;;
105 2.8* | 2.9*)
106 CFLAGS="$CFLAGS -Wsign-compare"
107 no_attrib_nonnull=1
108 ;;
109 2.*) no_attrib_nonnull=1 ;;
2c06c99b 110 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
112 *) ;;
665a873d 113 esac
114
47686178 115 # -fstack-protector-all doesn't always work for some GCC versions
116 # and/or platforms, so we test if we can. If it's not supported
117 # on a give platform gcc will emit a warning so we use -Werror.
118 if test "x$use_stack_protector" = "x1"; then
119 for t in -fstack-protector-all -fstack-protector; do
120 AC_MSG_CHECKING(if $CC supports $t)
121 saved_CFLAGS="$CFLAGS"
122 saved_LDFLAGS="$LDFLAGS"
123 CFLAGS="$CFLAGS $t -Werror"
124 LDFLAGS="$LDFLAGS $t -Werror"
125 AC_LINK_IFELSE(
126 [AC_LANG_SOURCE([
127#include <stdlib.h>
128int main(void){return 0;}
129 ])],
130 [ AC_MSG_RESULT(yes)
131 CFLAGS="$saved_CFLAGS $t"
132 LDFLAGS="$saved_LDFLAGS $t"
133 AC_MSG_CHECKING(if $t works)
134 AC_RUN_IFELSE(
135 [AC_LANG_SOURCE([
136#include <stdlib.h>
137int main(void){exit(0);}
138 ])],
139 [ AC_MSG_RESULT(yes)
140 break ],
141 [ AC_MSG_RESULT(no) ],
142 [ AC_MSG_WARN([cross compiling: cannot test])
143 break ]
144 )
145 ],
146 [ AC_MSG_RESULT(no) ]
147 )
148 CFLAGS="$saved_CFLAGS"
149 LDFLAGS="$saved_LDFLAGS"
150 done
151 fi
152
665a873d 153 if test -z "$have_llong_max"; then
154 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
155 unset ac_cv_have_decl_LLONG_MAX
156 saved_CFLAGS="$CFLAGS"
157 CFLAGS="$CFLAGS -std=gnu99"
158 AC_CHECK_DECL(LLONG_MAX,
159 [have_llong_max=1],
160 [CFLAGS="$saved_CFLAGS"],
161 [#include <limits.h>]
162 )
163 fi
164fi
165
d4487008 166if test "x$no_attrib_nonnull" != "x1" ; then
167 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
168fi
169
cdd66111 170AC_ARG_WITH(rpath,
171 [ --without-rpath Disable auto-added -R linker paths],
172 [
dec6d9fe 173 if test "x$withval" = "xno" ; then
cdd66111 174 need_dash_r=""
175 fi
176 if test "x$withval" = "xyes" ; then
177 need_dash_r=1
178 fi
179 ]
180)
181
ff7ec503 182# Allow user to specify flags
183AC_ARG_WITH(cflags,
184 [ --with-cflags Specify additional flags to pass to compiler],
185 [
186 if test -n "$withval" && test "x$withval" != "xno" && \
187 test "x${withval}" != "xyes"; then
188 CFLAGS="$CFLAGS $withval"
189 fi
190 ]
191)
192AC_ARG_WITH(cppflags,
193 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
194 [
195 if test -n "$withval" && test "x$withval" != "xno" && \
196 test "x${withval}" != "xyes"; then
197 CPPFLAGS="$CPPFLAGS $withval"
198 fi
199 ]
200)
201AC_ARG_WITH(ldflags,
202 [ --with-ldflags Specify additional flags to pass to linker],
203 [
204 if test -n "$withval" && test "x$withval" != "xno" && \
205 test "x${withval}" != "xyes"; then
206 LDFLAGS="$LDFLAGS $withval"
207 fi
208 ]
209)
210AC_ARG_WITH(libs,
211 [ --with-libs Specify additional libraries to link with],
212 [
213 if test -n "$withval" && test "x$withval" != "xno" && \
214 test "x${withval}" != "xyes"; then
215 LIBS="$LIBS $withval"
216 fi
217 ]
218)
219AC_ARG_WITH(Werror,
220 [ --with-Werror Build main code with -Werror],
221 [
222 if test -n "$withval" && test "x$withval" != "xno"; then
223 werror_flags="-Werror"
224 if test "x${withval}" != "xyes"; then
225 werror_flags="$withval"
226 fi
227 fi
228 ]
229)
230
231AC_CHECK_HEADERS( \
232 bstring.h \
233 crypt.h \
234 crypto/sha2.h \
235 dirent.h \
236 endian.h \
237 features.h \
238 fcntl.h \
239 floatingpoint.h \
240 getopt.h \
241 glob.h \
242 ia.h \
243 iaf.h \
244 limits.h \
245 login.h \
246 maillock.h \
247 ndir.h \
248 net/if_tun.h \
249 netdb.h \
250 netgroup.h \
251 pam/pam_appl.h \
252 paths.h \
d4487008 253 poll.h \
ff7ec503 254 pty.h \
255 readpassphrase.h \
256 rpc/types.h \
257 security/pam_appl.h \
258 sha2.h \
259 shadow.h \
260 stddef.h \
261 stdint.h \
262 string.h \
263 strings.h \
264 sys/audit.h \
265 sys/bitypes.h \
266 sys/bsdtty.h \
267 sys/cdefs.h \
268 sys/dir.h \
269 sys/mman.h \
270 sys/ndir.h \
47686178 271 sys/poll.h \
ff7ec503 272 sys/prctl.h \
273 sys/pstat.h \
274 sys/select.h \
275 sys/stat.h \
276 sys/stream.h \
277 sys/stropts.h \
278 sys/strtio.h \
279 sys/sysmacros.h \
280 sys/time.h \
281 sys/timers.h \
282 sys/un.h \
283 time.h \
284 tmpdir.h \
285 ttyent.h \
d4487008 286 ucred.h \
ff7ec503 287 unistd.h \
288 usersec.h \
289 util.h \
290 utime.h \
291 utmp.h \
292 utmpx.h \
293 vis.h \
294)
295
296# lastlog.h requires sys/time.h to be included first on Solaris
297AC_CHECK_HEADERS(lastlog.h, [], [], [
298#ifdef HAVE_SYS_TIME_H
299# include <sys/time.h>
300#endif
301])
302
303# sys/ptms.h requires sys/stream.h to be included first on Solaris
304AC_CHECK_HEADERS(sys/ptms.h, [], [], [
305#ifdef HAVE_SYS_STREAM_H
306# include <sys/stream.h>
307#endif
308])
309
310# login_cap.h requires sys/types.h on NetBSD
311AC_CHECK_HEADERS(login_cap.h, [], [], [
312#include <sys/types.h>
313])
314
9108f8d9 315# Messages for features tested for in target-specific section
316SIA_MSG="no"
317SPC_MSG="no"
318
3c0ef626 319# Check for some target-specific stuff
320case "$host" in
321*-*-aix*)
9108f8d9 322 # Some versions of VAC won't allow macro redefinitions at
323 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
324 # particularly with older versions of vac or xlc.
325 # It also throws errors about null macro argments, but these are
326 # not fatal.
327 AC_MSG_CHECKING(if compiler allows macro redefinitions)
328 AC_COMPILE_IFELSE(
329 [AC_LANG_SOURCE([[
330#define testmacro foo
331#define testmacro bar
332int main(void) { exit(0); }
333 ]])],
334 [ AC_MSG_RESULT(yes) ],
335 [ AC_MSG_RESULT(no)
336 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
337 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
338 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
339 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
340 ]
341 )
342
cdd66111 343 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
7e772e1f 344 if (test -z "$blibpath"); then
cdd66111 345 blibpath="/usr/lib:/lib"
7e772e1f 346 fi
347 saved_LDFLAGS="$LDFLAGS"
9108f8d9 348 if test "$GCC" = "yes"; then
349 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
350 else
351 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
352 fi
353 for tryflags in $flags ;do
7e772e1f 354 if (test -z "$blibflags"); then
355 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
356 AC_TRY_LINK([], [], [blibflags=$tryflags])
357 fi
358 done
359 if (test -z "$blibflags"); then
360 AC_MSG_RESULT(not found)
361 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
362 else
363 AC_MSG_RESULT($blibflags)
3c0ef626 364 fi
7e772e1f 365 LDFLAGS="$saved_LDFLAGS"
0fff78ff 366 dnl Check for authenticate. Might be in libs.a on older AIXes
2c06c99b 367 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
368 [Define if you want to enable AIX4's authenticate function])],
41b2f314 369 [AC_CHECK_LIB(s,authenticate,
370 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
371 LIBS="$LIBS -ls"
372 ])
373 ])
996d5e62 374 dnl Check for various auth function declarations in headers.
375 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
dec6d9fe 376 passwdexpired, setauthdb], , , [#include <usersec.h>])
0fff78ff 377 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
996d5e62 378 AC_CHECK_DECLS(loginfailed,
0fff78ff 379 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
380 AC_TRY_COMPILE(
381 [#include <usersec.h>],
382 [(void)loginfailed("user","host","tty",0);],
383 [AC_MSG_RESULT(yes)
2c06c99b 384 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
385 [Define if your AIX loginfailed() function
386 takes 4 arguments (AIX >= 5.2)])],
0fff78ff 387 [AC_MSG_RESULT(no)]
388 )],
389 [],
390 [#include <usersec.h>]
391 )
47686178 392 AC_CHECK_FUNCS(getgrset setauthdb)
9108f8d9 393 AC_CHECK_DECL(F_CLOSEM,
394 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
395 [],
396 [ #include <limits.h>
397 #include <fcntl.h> ]
398 )
996d5e62 399 check_for_aix_broken_getaddrinfo=1
2c06c99b 400 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
401 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
402 [Define if your platform breaks doing a seteuid before a setuid])
403 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
404 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
3c0ef626 405 dnl AIX handles lastlog as part of its login message
2c06c99b 406 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
407 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
408 [Some systems need a utmpx entry for /bin/login to work])
409 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
410 [Define to a Set Process Title type if your system is
411 supported by bsd-setproctitle.c])
412 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
413 [AIX 5.2 and 5.3 (and presumably newer) require this])
9108f8d9 414 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
3c0ef626 415 ;;
416*-*-cygwin*)
6a9b3198 417 check_for_libcrypt_later=1
799ae497 418 LIBS="$LIBS /usr/lib/textreadmode.o"
2c06c99b 419 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
420 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
421 AC_DEFINE(DISABLE_SHADOW, 1,
422 [Define if you want to disable shadow passwords])
423 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
424 [Define if your system choked on IP TOS setting])
425 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
426 [Define if X11 doesn't support AF_UNIX sockets on that system])
427 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
428 [Define if the concept of ports only accessible to
429 superusers isn't known])
430 AC_DEFINE(DISABLE_FD_PASSING, 1,
431 [Define if your platform needs to skip post auth
432 file descriptor passing])
3c0ef626 433 ;;
434*-*-dgux*)
435 AC_DEFINE(IP_TOS_IS_BROKEN)
cdd66111 436 AC_DEFINE(SETEUID_BREAKS_SETUID)
437 AC_DEFINE(BROKEN_SETREUID)
438 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 439 ;;
440*-*-darwin*)
41b2f314 441 AC_MSG_CHECKING(if we have working getaddrinfo)
442 AC_TRY_RUN([#include <mach-o/dyld.h>
443main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
444 exit(0);
445 else
446 exit(1);
447}], [AC_MSG_RESULT(working)],
448 [AC_MSG_RESULT(buggy)
2c06c99b 449 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
41b2f314 450 [AC_MSG_RESULT(assume it is working)])
acc3d05e 451 AC_DEFINE(SETEUID_BREAKS_SETUID)
452 AC_DEFINE(BROKEN_SETREUID)
453 AC_DEFINE(BROKEN_SETREGID)
47686178 454 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
2c06c99b 455 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
456 [Define if your resolver libs need this for getrrsetbyname])
9108f8d9 457 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
458 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
459 [Use tunnel device compatibility to OpenBSD])
460 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
461 [Prepend the address family to IP tunnel traffic])
47686178 462 m4_pattern_allow(AU_IPv)
463 AC_CHECK_DECL(AU_IPv4, [],
464 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
465 [#include <bsm/audit.h>]
466 )
9108f8d9 467 ;;
468*-*-dragonfly*)
469 SSHDLIBS="$SSHDLIBS -lcrypt"
3c0ef626 470 ;;
665a873d 471*-*-hpux*)
472 # first we define all of the options common to all HP-UX releases
3c0ef626 473 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
474 IPADDR_IN_DISPLAY=yes
3c0ef626 475 AC_DEFINE(USE_PIPES)
2c06c99b 476 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
477 [Define if your login program cannot handle end of options ("--")])
700318f3 478 AC_DEFINE(LOGIN_NEEDS_UTMPX)
2c06c99b 479 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
480 [String used in /etc/passwd to denote locked account])
0fff78ff 481 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
2c06c99b 482 MAIL="/var/mail/username"
41b2f314 483 LIBS="$LIBS -lsec"
665a873d 484 AC_CHECK_LIB(xnet, t_error, ,
485 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
486
487 # next, we define all of the options specific to major releases
488 case "$host" in
489 *-*-hpux10*)
490 if test -z "$GCC"; then
491 CFLAGS="$CFLAGS -Ae"
492 fi
493 ;;
494 *-*-hpux11*)
2c06c99b 495 AC_DEFINE(PAM_SUN_CODEBASE, 1,
496 [Define if you are using Solaris-derived PAM which
497 passes pam_messages to the conversation function
498 with an extra level of indirection])
499 AC_DEFINE(DISABLE_UTMP, 1,
500 [Define if you don't want to use utmp])
665a873d 501 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
502 check_for_hpux_broken_getaddrinfo=1
503 check_for_conflicting_getspnam=1
504 ;;
505 esac
506
507 # lastly, we define options specific to minor releases
508 case "$host" in
509 *-*-hpux10.26)
2c06c99b 510 AC_DEFINE(HAVE_SECUREWARE, 1,
511 [Define if you have SecureWare-based
512 protected password database])
665a873d 513 disable_ptmx_check=yes
514 LIBS="$LIBS -lsecpw"
515 ;;
516 esac
3c0ef626 517 ;;
518*-*-irix5*)
3c0ef626 519 PATH="$PATH:/usr/etc"
2c06c99b 520 AC_DEFINE(BROKEN_INET_NTOA, 1,
521 [Define if you system's inet_ntoa is busted
522 (e.g. Irix gcc issue)])
cdd66111 523 AC_DEFINE(SETEUID_BREAKS_SETUID)
524 AC_DEFINE(BROKEN_SETREUID)
525 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 526 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
527 [Define if you shouldn't strip 'tty' from your
528 ttyname in [uw]tmp])
0fff78ff 529 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 530 ;;
531*-*-irix6*)
3c0ef626 532 PATH="$PATH:/usr/etc"
2c06c99b 533 AC_DEFINE(WITH_IRIX_ARRAY, 1,
534 [Define if you have/want arrays
535 (cluster-wide session managment, not C arrays)])
536 AC_DEFINE(WITH_IRIX_PROJECT, 1,
537 [Define if you want IRIX project management])
538 AC_DEFINE(WITH_IRIX_AUDIT, 1,
539 [Define if you want IRIX audit trails])
540 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
541 [Define if you want IRIX kernel jobs])])
3c0ef626 542 AC_DEFINE(BROKEN_INET_NTOA)
acc3d05e 543 AC_DEFINE(SETEUID_BREAKS_SETUID)
544 AC_DEFINE(BROKEN_SETREUID)
545 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 546 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
700318f3 547 AC_DEFINE(WITH_ABBREV_NO_TTY)
0fff78ff 548 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 549 ;;
550*-*-linux*)
551 no_dev_ptmx=1
552 check_for_libcrypt_later=1
0fff78ff 553 check_for_openpty_ctty_bug=1
2c06c99b 554 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
555 AC_DEFINE(PAM_TTY_KLUDGE, 1,
556 [Work around problematic Linux PAM modules handling of PAM_TTY])
557 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
558 [String used in /etc/passwd to denote locked account])
0fff78ff 559 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
2c06c99b 560 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
561 [Define to whatever link() returns for "not supported"
562 if it doesn't return EOPNOTSUPP.])
996d5e62 563 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
2c06c99b 564 AC_DEFINE(USE_BTMP)
3c0ef626 565 inet6_default_4in6=yes
0fff78ff 566 case `uname -r` in
567 1.*|2.0.*)
2c06c99b 568 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
569 [Define if cmsg_type is not passed correctly])
0fff78ff 570 ;;
571 esac
2c06c99b 572 # tun(4) forwarding compat code
573 AC_CHECK_HEADERS(linux/if_tun.h)
574 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
575 AC_DEFINE(SSH_TUN_LINUX, 1,
576 [Open tunnel devices the Linux tun/tap way])
577 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
578 [Use tunnel device compatibility to OpenBSD])
579 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
580 [Prepend the address family to IP tunnel traffic])
581 fi
3c0ef626 582 ;;
583mips-sony-bsd|mips-sony-newsos4)
f2f068fa 584 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
3c0ef626 585 SONY=1
3c0ef626 586 ;;
587*-*-netbsd*)
41b2f314 588 check_for_libcrypt_before=1
dec6d9fe 589 if test "x$withval" != "xno" ; then
cdd66111 590 need_dash_r=1
591 fi
2c06c99b 592 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
593 AC_CHECK_HEADER([net/if_tap.h], ,
594 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
595 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
596 [Prepend the address family to IP tunnel traffic])
3c0ef626 597 ;;
598*-*-freebsd*)
599 check_for_libcrypt_later=1
2c06c99b 600 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
601 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
602 AC_CHECK_HEADER([net/if_tap.h], ,
603 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
47686178 604 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
3c0ef626 605 ;;
acc3d05e 606*-*-bsdi*)
607 AC_DEFINE(SETEUID_BREAKS_SETUID)
608 AC_DEFINE(BROKEN_SETREUID)
609 AC_DEFINE(BROKEN_SETREGID)
610 ;;
3c0ef626 611*-next-*)
612 conf_lastlog_location="/usr/adm/lastlog"
613 conf_utmp_location=/etc/utmp
614 conf_wtmp_location=/usr/adm/wtmp
615 MAIL=/usr/spool/mail
2c06c99b 616 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
3c0ef626 617 AC_DEFINE(BROKEN_REALPATH)
618 AC_DEFINE(USE_PIPES)
2c06c99b 619 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
3c0ef626 620 ;;
665a873d 621*-*-openbsd*)
622 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
2c06c99b 623 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
624 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
9108f8d9 625 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
626 [syslog_r function is safe to use in in a signal handler])
665a873d 627 ;;
3c0ef626 628*-*-solaris*)
dec6d9fe 629 if test "x$withval" != "xno" ; then
99be0775 630 need_dash_r=1
631 fi
3c0ef626 632 AC_DEFINE(PAM_SUN_CODEBASE)
633 AC_DEFINE(LOGIN_NEEDS_UTMPX)
2c06c99b 634 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
635 [Some versions of /bin/login need the TERM supplied
636 on the commandline])
3c0ef626 637 AC_DEFINE(PAM_TTY_KLUDGE)
2c06c99b 638 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
639 [Define if pam_chauthtok wants real uid set
640 to the unpriv'ed user])
0fff78ff 641 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
642 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
2c06c99b 643 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
644 [Define if sshd somehow reacquires a controlling TTY
645 after setsid()])
9108f8d9 646 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
647 in case the name is longer than 8 chars])
0fff78ff 648 external_path_file=/etc/default/login
3c0ef626 649 # hardwire lastlog location (can't detect it on some versions)
650 conf_lastlog_location="/var/adm/lastlog"
651 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
652 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
653 if test "$sol2ver" -ge 8; then
654 AC_MSG_RESULT(yes)
655 AC_DEFINE(DISABLE_UTMP)
2c06c99b 656 AC_DEFINE(DISABLE_WTMP, 1,
657 [Define if you don't want to use wtmp])
3c0ef626 658 else
659 AC_MSG_RESULT(no)
660 fi
9108f8d9 661 AC_ARG_WITH(solaris-contracts,
662 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
663 [
664 AC_CHECK_LIB(contract, ct_tmpl_activate,
665 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
666 [Define if you have Solaris process contracts])
667 SSHDLIBS="$SSHDLIBS -lcontract"
668 AC_SUBST(SSHDLIBS)
669 SPC_MSG="yes" ], )
670 ],
671 )
3c0ef626 672 ;;
673*-*-sunos4*)
674 CPPFLAGS="$CPPFLAGS -DSUNOS4"
675 AC_CHECK_FUNCS(getpwanam)
676 AC_DEFINE(PAM_SUN_CODEBASE)
3c0ef626 677 conf_utmp_location=/etc/utmp
678 conf_wtmp_location=/var/adm/wtmp
679 conf_lastlog_location=/var/adm/lastlog
680 AC_DEFINE(USE_PIPES)
681 ;;
682*-ncr-sysv*)
3c0ef626 683 LIBS="$LIBS -lc89"
e9a17296 684 AC_DEFINE(USE_PIPES)
0fff78ff 685 AC_DEFINE(SSHD_ACQUIRES_CTTY)
acc3d05e 686 AC_DEFINE(SETEUID_BREAKS_SETUID)
687 AC_DEFINE(BROKEN_SETREUID)
688 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 689 ;;
690*-sni-sysv*)
3c0ef626 691 # /usr/ucblib MUST NOT be searched on ReliantUNIX
cdd66111 692 AC_CHECK_LIB(dl, dlsym, ,)
2c06c99b 693 # -lresolv needs to be at the end of LIBS or DNS lookups break
694 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
3c0ef626 695 IPADDR_IN_DISPLAY=yes
696 AC_DEFINE(USE_PIPES)
697 AC_DEFINE(IP_TOS_IS_BROKEN)
cdd66111 698 AC_DEFINE(SETEUID_BREAKS_SETUID)
699 AC_DEFINE(BROKEN_SETREUID)
700 AC_DEFINE(BROKEN_SETREGID)
0fff78ff 701 AC_DEFINE(SSHD_ACQUIRES_CTTY)
702 external_path_file=/etc/default/login
3c0ef626 703 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
704 # Attention: always take care to bind libsocket and libnsl before libc,
705 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
706 ;;
996d5e62 707# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
3c0ef626 708*-*-sysv4.2*)
3c0ef626 709 AC_DEFINE(USE_PIPES)
0fff78ff 710 AC_DEFINE(SETEUID_BREAKS_SETUID)
711 AC_DEFINE(BROKEN_SETREUID)
712 AC_DEFINE(BROKEN_SETREGID)
dec6d9fe 713 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
2c06c99b 714 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
3c0ef626 715 ;;
996d5e62 716# UnixWare 7.x, OpenUNIX 8
3c0ef626 717*-*-sysv5*)
665a873d 718 check_for_libcrypt_later=1
719 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
3c0ef626 720 AC_DEFINE(USE_PIPES)
0fff78ff 721 AC_DEFINE(SETEUID_BREAKS_SETUID)
722 AC_DEFINE(BROKEN_SETREUID)
723 AC_DEFINE(BROKEN_SETREGID)
2c06c99b 724 AC_DEFINE(PASSWD_NEEDS_USERNAME)
665a873d 725 case "$host" in
726 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
727 TEST_SHELL=/u95/bin/sh
2c06c99b 728 AC_DEFINE(BROKEN_LIBIAF, 1,
729 [ia_uinfo routines not supported by OS yet])
9108f8d9 730 AC_DEFINE(BROKEN_UPDWTMPX)
2c06c99b 731 ;;
732 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
665a873d 733 ;;
734 esac
3c0ef626 735 ;;
736*-*-sysv*)
3c0ef626 737 ;;
996d5e62 738# SCO UNIX and OEM versions of SCO UNIX
3c0ef626 739*-*-sco3.2v4*)
996d5e62 740 AC_MSG_ERROR("This Platform is no longer supported.")
3c0ef626 741 ;;
996d5e62 742# SCO OpenServer 5.x
3c0ef626 743*-*-sco3.2v5*)
6a9b3198 744 if test -z "$GCC"; then
745 CFLAGS="$CFLAGS -belf"
746 fi
3c0ef626 747 LIBS="$LIBS -lprot -lx -ltinfo -lm"
748 no_dev_ptmx=1
3c0ef626 749 AC_DEFINE(USE_PIPES)
700318f3 750 AC_DEFINE(HAVE_SECUREWARE)
3c0ef626 751 AC_DEFINE(DISABLE_SHADOW)
41b2f314 752 AC_DEFINE(DISABLE_FD_PASSING)
0fff78ff 753 AC_DEFINE(SETEUID_BREAKS_SETUID)
754 AC_DEFINE(BROKEN_SETREUID)
755 AC_DEFINE(BROKEN_SETREGID)
756 AC_DEFINE(WITH_ABBREV_NO_TTY)
c9f39d2c 757 AC_DEFINE(BROKEN_UPDWTMPX)
2c06c99b 758 AC_DEFINE(PASSWD_NEEDS_USERNAME)
3c0ef626 759 AC_CHECK_FUNCS(getluid setluid)
760 MANTYPE=man
c9f39d2c 761 TEST_SHELL=ksh
3c0ef626 762 ;;
41b2f314 763*-*-unicosmk*)
2c06c99b 764 AC_DEFINE(NO_SSH_LASTLOG, 1,
765 [Define if you don't want to use lastlog in session.c])
cdd66111 766 AC_DEFINE(SETEUID_BREAKS_SETUID)
767 AC_DEFINE(BROKEN_SETREUID)
768 AC_DEFINE(BROKEN_SETREGID)
41b2f314 769 AC_DEFINE(USE_PIPES)
770 AC_DEFINE(DISABLE_FD_PASSING)
771 LDFLAGS="$LDFLAGS"
772 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
773 MANTYPE=cat
774 ;;
0fff78ff 775*-*-unicosmp*)
cdd66111 776 AC_DEFINE(SETEUID_BREAKS_SETUID)
777 AC_DEFINE(BROKEN_SETREUID)
778 AC_DEFINE(BROKEN_SETREGID)
0fff78ff 779 AC_DEFINE(WITH_ABBREV_NO_TTY)
780 AC_DEFINE(USE_PIPES)
781 AC_DEFINE(DISABLE_FD_PASSING)
782 LDFLAGS="$LDFLAGS"
cdd66111 783 LIBS="$LIBS -lgen -lacid -ldb"
0fff78ff 784 MANTYPE=cat
785 ;;
3c0ef626 786*-*-unicos*)
cdd66111 787 AC_DEFINE(SETEUID_BREAKS_SETUID)
788 AC_DEFINE(BROKEN_SETREUID)
789 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 790 AC_DEFINE(USE_PIPES)
41b2f314 791 AC_DEFINE(DISABLE_FD_PASSING)
792 AC_DEFINE(NO_SSH_LASTLOG)
793 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
794 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
795 MANTYPE=cat
3c0ef626 796 ;;
797*-dec-osf*)
798 AC_MSG_CHECKING(for Digital Unix SIA)
799 no_osfsia=""
800 AC_ARG_WITH(osfsia,
801 [ --with-osfsia Enable Digital Unix SIA],
802 [
803 if test "x$withval" = "xno" ; then
804 AC_MSG_RESULT(disabled)
805 no_osfsia=1
806 fi
807 ],
808 )
809 if test -z "$no_osfsia" ; then
810 if test -f /etc/sia/matrix.conf; then
811 AC_MSG_RESULT(yes)
2c06c99b 812 AC_DEFINE(HAVE_OSF_SIA, 1,
813 [Define if you have Digital Unix Security
814 Integration Architecture])
815 AC_DEFINE(DISABLE_LOGIN, 1,
816 [Define if you don't want to use your
817 system's login() call])
6a9b3198 818 AC_DEFINE(DISABLE_FD_PASSING)
3c0ef626 819 LIBS="$LIBS -lsecurity -ldb -lm -laud"
9108f8d9 820 SIA_MSG="yes"
3c0ef626 821 else
822 AC_MSG_RESULT(no)
2c06c99b 823 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
824 [String used in /etc/passwd to denote locked account])
3c0ef626 825 fi
826 fi
0fff78ff 827 AC_DEFINE(BROKEN_GETADDRINFO)
acc3d05e 828 AC_DEFINE(SETEUID_BREAKS_SETUID)
829 AC_DEFINE(BROKEN_SETREUID)
830 AC_DEFINE(BROKEN_SETREGID)
3c0ef626 831 ;;
832
f2f068fa 833*-*-nto-qnx*)
3c0ef626 834 AC_DEFINE(USE_PIPES)
835 AC_DEFINE(NO_X11_UNIX_SOCKETS)
2c06c99b 836 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
837 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
838 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
f2f068fa 839 AC_DEFINE(DISABLE_LASTLOG)
9108f8d9 840 AC_DEFINE(SSHD_ACQUIRES_CTTY)
47686178 841 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
9108f8d9 842 enable_etc_default_login=no # has incompatible /etc/default/login
d4487008 843 case "$host" in
844 *-*-nto-qnx6*)
845 AC_DEFINE(DISABLE_FD_PASSING)
846 ;;
847 esac
3c0ef626 848 ;;
665a873d 849
850*-*-ultrix*)
2c06c99b 851 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
852 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
f2f068fa 853 AC_DEFINE(NEED_SETPGRP)
665a873d 854 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
855 ;;
856
857*-*-lynxos)
858 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
2c06c99b 859 AC_DEFINE(MISSING_HOWMANY)
665a873d 860 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
861 ;;
3c0ef626 862esac
863
0fff78ff 864AC_MSG_CHECKING(compiler and flags for sanity)
996d5e62 865AC_RUN_IFELSE(
866 [AC_LANG_SOURCE([
0fff78ff 867#include <stdio.h>
868int main(){exit(0);}
996d5e62 869 ])],
0fff78ff 870 [ AC_MSG_RESULT(yes) ],
871 [
872 AC_MSG_RESULT(no)
873 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
996d5e62 874 ],
875 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
0fff78ff 876)
877
665a873d 878dnl Checks for header files.
3c0ef626 879# Checks for libraries.
880AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
881AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
882
0fff78ff 883dnl IRIX and Solaris 2.5.1 have dirname() in libgen
884AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
885 AC_CHECK_LIB(gen, dirname,[
886 AC_CACHE_CHECK([for broken dirname],
887 ac_cv_have_broken_dirname, [
888 save_LIBS="$LIBS"
889 LIBS="$LIBS -lgen"
2c06c99b 890 AC_RUN_IFELSE(
891 [AC_LANG_SOURCE([[
0fff78ff 892#include <libgen.h>
893#include <string.h>
894
895int main(int argc, char **argv) {
896 char *s, buf[32];
897
898 strncpy(buf,"/etc", 32);
899 s = dirname(buf);
900 if (!s || strncmp(s, "/", 32) != 0) {
901 exit(1);
902 } else {
903 exit(0);
904 }
905}
2c06c99b 906 ]])],
907 [ ac_cv_have_broken_dirname="no" ],
908 [ ac_cv_have_broken_dirname="yes" ],
0fff78ff 909 [ ac_cv_have_broken_dirname="no" ],
0fff78ff 910 )
911 LIBS="$save_LIBS"
912 ])
913 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
914 LIBS="$LIBS -lgen"
915 AC_DEFINE(HAVE_DIRNAME)
916 AC_CHECK_HEADERS(libgen.h)
917 fi
918 ])
919])
920
3c0ef626 921AC_CHECK_FUNC(getspnam, ,
922 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
2c06c99b 923AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
924 [Define if you have the basename function.]))
3c0ef626 925
926dnl zlib is required
927AC_ARG_WITH(zlib,
928 [ --with-zlib=PATH Use zlib in PATH],
dec6d9fe 929 [ if test "x$withval" = "xno" ; then
930 AC_MSG_ERROR([*** zlib is required ***])
931 elif test "x$withval" != "xyes"; then
3c0ef626 932 if test -d "$withval/lib"; then
933 if test -n "${need_dash_r}"; then
934 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
935 else
936 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
937 fi
938 else
939 if test -n "${need_dash_r}"; then
940 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
941 else
942 LDFLAGS="-L${withval} ${LDFLAGS}"
943 fi
944 fi
945 if test -d "$withval/include"; then
946 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
947 else
948 CPPFLAGS="-I${withval} ${CPPFLAGS}"
949 fi
dec6d9fe 950 fi ]
3c0ef626 951)
952
cdd66111 953AC_CHECK_LIB(z, deflate, ,
954 [
955 saved_CPPFLAGS="$CPPFLAGS"
956 saved_LDFLAGS="$LDFLAGS"
957 save_LIBS="$LIBS"
958 dnl Check default zlib install dir
959 if test -n "${need_dash_r}"; then
960 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
961 else
962 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
963 fi
964 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
965 LIBS="$LIBS -lz"
966 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
967 [
968 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
969 ]
970 )
971 ]
972)
973AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
974
975AC_ARG_WITH(zlib-version-check,
976 [ --without-zlib-version-check Disable zlib version check],
977 [ if test "x$withval" = "xno" ; then
978 zlib_check_nonfatal=1
979 fi
980 ]
981)
982
dec6d9fe 983AC_MSG_CHECKING(for possibly buggy zlib)
996d5e62 984AC_RUN_IFELSE([AC_LANG_SOURCE([[
dec6d9fe 985#include <stdio.h>
cdd66111 986#include <zlib.h>
987int main()
988{
dec6d9fe 989 int a=0, b=0, c=0, d=0, n, v;
990 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
991 if (n != 3 && n != 4)
cdd66111 992 exit(1);
dec6d9fe 993 v = a*1000000 + b*10000 + c*100 + d;
994 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
995
996 /* 1.1.4 is OK */
997 if (a == 1 && b == 1 && c >= 4)
cdd66111 998 exit(0);
dec6d9fe 999
665a873d 1000 /* 1.2.3 and up are OK */
1001 if (v >= 1020300)
dec6d9fe 1002 exit(0);
1003
cdd66111 1004 exit(2);
1005}
996d5e62 1006 ]])],
dec6d9fe 1007 AC_MSG_RESULT(no),
1008 [ AC_MSG_RESULT(yes)
cdd66111 1009 if test -z "$zlib_check_nonfatal" ; then
1010 AC_MSG_ERROR([*** zlib too old - check config.log ***
1011Your reported zlib version has known security problems. It's possible your
1012vendor has fixed these problems without changing the version number. If you
1013are sure this is the case, you can disable the check by running
1014"./configure --without-zlib-version-check".
665a873d 1015If you are in doubt, upgrade zlib to version 1.2.3 or greater.
dec6d9fe 1016See http://www.gzip.org/zlib/ for details.])
cdd66111 1017 else
1018 AC_MSG_WARN([zlib version may have security problems])
1019 fi
996d5e62 1020 ],
1021 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
cdd66111 1022)
3c0ef626 1023
3c0ef626 1024dnl UnixWare 2.x
cdd66111 1025AC_CHECK_FUNC(strcasecmp,
3c0ef626 1026 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1027)
2c06c99b 1028AC_CHECK_FUNCS(utimes,
41b2f314 1029 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1030 LIBS="$LIBS -lc89"]) ]
3c0ef626 1031)
1032
1033dnl Checks for libutil functions
1034AC_CHECK_HEADERS(libutil.h)
2c06c99b 1035AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1036 [Define if your libraries define login()])])
3c0ef626 1037AC_CHECK_FUNCS(logout updwtmp logwtmp)
1038
1039AC_FUNC_STRFTIME
1040
3c0ef626 1041# Check for ALTDIRFUNC glob() extension
1042AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1043AC_EGREP_CPP(FOUNDIT,
1044 [
1045 #include <glob.h>
1046 #ifdef GLOB_ALTDIRFUNC
1047 FOUNDIT
1048 #endif
cdd66111 1049 ],
3c0ef626 1050 [
2c06c99b 1051 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1052 [Define if your system glob() function has
1053 the GLOB_ALTDIRFUNC extension])
3c0ef626 1054 AC_MSG_RESULT(yes)
1055 ],
1056 [
1057 AC_MSG_RESULT(no)
1058 ]
1059)
1060
1061# Check for g.gl_matchc glob() extension
1062AC_MSG_CHECKING(for gl_matchc field in glob_t)
9108f8d9 1063AC_TRY_COMPILE(
1064 [ #include <glob.h> ],
1065 [glob_t g; g.gl_matchc = 1;],
cdd66111 1066 [
2c06c99b 1067 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1068 [Define if your system glob() function has
1069 gl_matchc options in glob_t])
cdd66111 1070 AC_MSG_RESULT(yes)
1071 ],
1072 [
1073 AC_MSG_RESULT(no)
1074 ]
3c0ef626 1075)
1076
9108f8d9 1077AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1078
3c0ef626 1079AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
996d5e62 1080AC_RUN_IFELSE(
1081 [AC_LANG_SOURCE([[
3c0ef626 1082#include <sys/types.h>
1083#include <dirent.h>
41b2f314 1084int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
996d5e62 1085 ]])],
cdd66111 1086 [AC_MSG_RESULT(yes)],
3c0ef626 1087 [
1088 AC_MSG_RESULT(no)
2c06c99b 1089 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1090 [Define if your struct dirent expects you to
1091 allocate extra space for d_name])
996d5e62 1092 ],
dec6d9fe 1093 [
996d5e62 1094 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1095 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
3c0ef626 1096 ]
1097)
1098
c9f39d2c 1099AC_MSG_CHECKING([for /proc/pid/fd directory])
1100if test -d "/proc/$$/fd" ; then
2c06c99b 1101 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
c9f39d2c 1102 AC_MSG_RESULT(yes)
1103else
1104 AC_MSG_RESULT(no)
1105fi
1106
3c0ef626 1107# Check whether user wants S/Key support
cdd66111 1108SKEY_MSG="no"
3c0ef626 1109AC_ARG_WITH(skey,
996d5e62 1110 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
3c0ef626 1111 [
1112 if test "x$withval" != "xno" ; then
1113
1114 if test "x$withval" != "xyes" ; then
1115 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1116 LDFLAGS="$LDFLAGS -L${withval}/lib"
1117 fi
1118
2c06c99b 1119 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
3c0ef626 1120 LIBS="-lskey $LIBS"
cdd66111 1121 SKEY_MSG="yes"
dec6d9fe 1122
e9a17296 1123 AC_MSG_CHECKING([for s/key support])
2c06c99b 1124 AC_LINK_IFELSE(
1125 [AC_LANG_SOURCE([[
e9a17296 1126#include <stdio.h>
1127#include <skey.h>
41b2f314 1128int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
2c06c99b 1129 ]])],
e9a17296 1130 [AC_MSG_RESULT(yes)],
3c0ef626 1131 [
e9a17296 1132 AC_MSG_RESULT(no)
3c0ef626 1133 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1134 ])
99be0775 1135 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1136 AC_TRY_COMPILE(
1137 [#include <stdio.h>
1138 #include <skey.h>],
1139 [(void)skeychallenge(NULL,"name","",0);],
1140 [AC_MSG_RESULT(yes)
2c06c99b 1141 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1142 [Define if your skeychallenge()
1143 function takes 4 arguments (NetBSD)])],
99be0775 1144 [AC_MSG_RESULT(no)]
1145 )
3c0ef626 1146 fi
1147 ]
1148)
1149
1150# Check whether user wants TCP wrappers support
1151TCPW_MSG="no"
1152AC_ARG_WITH(tcp-wrappers,
996d5e62 1153 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
3c0ef626 1154 [
1155 if test "x$withval" != "xno" ; then
1156 saved_LIBS="$LIBS"
1157 saved_LDFLAGS="$LDFLAGS"
1158 saved_CPPFLAGS="$CPPFLAGS"
dec6d9fe 1159 if test -n "${withval}" && \
1160 test "x${withval}" != "xyes"; then
3c0ef626 1161 if test -d "${withval}/lib"; then
1162 if test -n "${need_dash_r}"; then
1163 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1164 else
1165 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1166 fi
1167 else
1168 if test -n "${need_dash_r}"; then
1169 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1170 else
1171 LDFLAGS="-L${withval} ${LDFLAGS}"
1172 fi
1173 fi
1174 if test -d "${withval}/include"; then
1175 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1176 else
1177 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1178 fi
1179 fi
d4487008 1180 LIBS="-lwrap $LIBS"
3c0ef626 1181 AC_MSG_CHECKING(for libwrap)
1182 AC_TRY_LINK(
1183 [
99be0775 1184#include <sys/types.h>
1185#include <sys/socket.h>
1186#include <netinet/in.h>
3c0ef626 1187#include <tcpd.h>
1188 int deny_severity = 0, allow_severity = 0;
1189 ],
1190 [hosts_access(0);],
1191 [
1192 AC_MSG_RESULT(yes)
2c06c99b 1193 AC_DEFINE(LIBWRAP, 1,
1194 [Define if you want
1195 TCP Wrappers support])
d4487008 1196 SSHDLIBS="$SSHDLIBS -lwrap"
3c0ef626 1197 TCPW_MSG="yes"
1198 ],
1199 [
1200 AC_MSG_ERROR([*** libwrap missing])
1201 ]
1202 )
e9a17296 1203 LIBS="$saved_LIBS"
3c0ef626 1204 fi
1205 ]
1206)
1207
996d5e62 1208# Check whether user wants libedit support
1209LIBEDIT_MSG="no"
1210AC_ARG_WITH(libedit,
1211 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1212 [ if test "x$withval" != "xno" ; then
dec6d9fe 1213 if test "x$withval" != "xyes"; then
2c06c99b 1214 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1215 if test -n "${need_dash_r}"; then
1216 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1217 else
1218 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1219 fi
dec6d9fe 1220 fi
996d5e62 1221 AC_CHECK_LIB(edit, el_init,
2c06c99b 1222 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
996d5e62 1223 LIBEDIT="-ledit -lcurses"
1224 LIBEDIT_MSG="yes"
1225 AC_SUBST(LIBEDIT)
1226 ],
dec6d9fe 1227 [ AC_MSG_ERROR(libedit not found) ],
1228 [ -lcurses ]
996d5e62 1229 )
665a873d 1230 AC_MSG_CHECKING(if libedit version is compatible)
1231 AC_COMPILE_IFELSE(
1232 [AC_LANG_SOURCE([[
1233#include <histedit.h>
1234int main(void)
1235{
1236 int i = H_SETSIZE;
1237 el_init("", NULL, NULL, NULL);
1238 exit(0);
1239}
1240 ]])],
1241 [ AC_MSG_RESULT(yes) ],
1242 [ AC_MSG_RESULT(no)
1243 AC_MSG_ERROR(libedit version is not compatible) ]
1244 )
996d5e62 1245 fi ]
1246)
1247
1248AUDIT_MODULE=none
1249AC_ARG_WITH(audit,
1250 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1251 [
1252 AC_MSG_CHECKING(for supported audit module)
1253 case "$withval" in
1254 bsm)
1255 AC_MSG_RESULT(bsm)
1256 AUDIT_MODULE=bsm
1257 dnl Checks for headers, libs and functions
1258 AC_CHECK_HEADERS(bsm/audit.h, [],
9108f8d9 1259 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1260 [
1261#ifdef HAVE_TIME_H
1262# include <time.h>
1263#endif
1264 ]
1265)
996d5e62 1266 AC_CHECK_LIB(bsm, getaudit, [],
1267 [AC_MSG_ERROR(BSM enabled and required library not found)])
1268 AC_CHECK_FUNCS(getaudit, [],
1269 [AC_MSG_ERROR(BSM enabled and required function not found)])
1270 # These are optional
47686178 1271 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
2c06c99b 1272 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
996d5e62 1273 ;;
1274 debug)
1275 AUDIT_MODULE=debug
1276 AC_MSG_RESULT(debug)
2c06c99b 1277 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
996d5e62 1278 ;;
665a873d 1279 no)
1280 AC_MSG_RESULT(no)
1281 ;;
996d5e62 1282 *)
1283 AC_MSG_ERROR([Unknown audit module $withval])
1284 ;;
1285 esac ]
1286)
1287
6a9b3198 1288dnl Checks for library functions. Please keep in alphabetical order
665a873d 1289AC_CHECK_FUNCS( \
1290 arc4random \
2c06c99b 1291 asprintf \
665a873d 1292 b64_ntop \
1293 __b64_ntop \
1294 b64_pton \
1295 __b64_pton \
1296 bcopy \
1297 bindresvport_sa \
1298 clock \
1299 closefrom \
1300 dirfd \
1301 fchmod \
1302 fchown \
1303 freeaddrinfo \
1304 futimes \
1305 getaddrinfo \
1306 getcwd \
1307 getgrouplist \
1308 getnameinfo \
1309 getopt \
1310 getpeereid \
d4487008 1311 getpeerucred \
665a873d 1312 _getpty \
1313 getrlimit \
1314 getttyent \
1315 glob \
1316 inet_aton \
1317 inet_ntoa \
1318 inet_ntop \
1319 innetgr \
1320 login_getcapbool \
1321 md5_crypt \
1322 memmove \
1323 mkdtemp \
1324 mmap \
1325 ngetaddrinfo \
1326 nsleep \
1327 ogetaddrinfo \
1328 openlog_r \
1329 openpty \
d4487008 1330 poll \
665a873d 1331 prctl \
1332 pstat \
1333 readpassphrase \
1334 realpath \
1335 recvmsg \
1336 rresvport_af \
1337 sendmsg \
1338 setdtablesize \
1339 setegid \
1340 setenv \
1341 seteuid \
1342 setgroups \
1343 setlogin \
1344 setpcred \
1345 setproctitle \
1346 setregid \
1347 setreuid \
1348 setrlimit \
1349 setsid \
1350 setvbuf \
1351 sigaction \
1352 sigvec \
1353 snprintf \
1354 socketpair \
1355 strdup \
1356 strerror \
1357 strlcat \
1358 strlcpy \
1359 strmode \
1360 strnvis \
1361 strtonum \
1362 strtoll \
1363 strtoul \
d4487008 1364 swap32 \
665a873d 1365 sysconf \
1366 tcgetpgrp \
1367 truncate \
1368 unsetenv \
1369 updwtmpx \
2c06c99b 1370 vasprintf \
665a873d 1371 vhangup \
1372 vsnprintf \
1373 waitpid \
6a9b3198 1374)
1375
acc3d05e 1376# IRIX has a const char return value for gai_strerror()
1377AC_CHECK_FUNCS(gai_strerror,[
1378 AC_DEFINE(HAVE_GAI_STRERROR)
1379 AC_TRY_COMPILE([
1380#include <sys/types.h>
1381#include <sys/socket.h>
1382#include <netdb.h>
1383
1384const char *gai_strerror(int);],[
1385char *str;
1386
1387str = gai_strerror(0);],[
1388 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1389 [Define if gai_strerror() returns const char *])])])
1390
2c06c99b 1391AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1392 [Some systems put nanosleep outside of libc]))
6a9b3198 1393
0fff78ff 1394dnl Make sure prototypes are defined for these before using them.
0fff78ff 1395AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
665a873d 1396AC_CHECK_DECL(strsep,
1397 [AC_CHECK_FUNCS(strsep)],
1398 [],
1399 [
1400#ifdef HAVE_STRING_H
1401# include <string.h>
1402#endif
1403 ])
3c0ef626 1404
0fff78ff 1405dnl tcsendbreak might be a macro
1406AC_CHECK_DECL(tcsendbreak,
1407 [AC_DEFINE(HAVE_TCSENDBREAK)],
cdd66111 1408 [AC_CHECK_FUNCS(tcsendbreak)],
0fff78ff 1409 [#include <termios.h>]
1410)
3c0ef626 1411
c9f39d2c 1412AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1413
9108f8d9 1414AC_CHECK_DECLS(SHUT_RD, , ,
1415 [
1416#include <sys/types.h>
1417#include <sys/socket.h>
1418 ])
1419
1420AC_CHECK_DECLS(O_NONBLOCK, , ,
1421 [
1422#include <sys/types.h>
1423#ifdef HAVE_SYS_STAT_H
1424# include <sys/stat.h>
1425#endif
1426#ifdef HAVE_FCNTL_H
1427# include <fcntl.h>
1428#endif
1429 ])
1430
1431AC_CHECK_DECLS(writev, , , [
1432#include <sys/types.h>
1433#include <sys/uio.h>
1434#include <unistd.h>
1435 ])
1436
d4487008 1437AC_CHECK_DECLS(MAXSYMLINKS, , , [
1438#include <sys/param.h>
1439 ])
1440
1441AC_CHECK_DECLS(offsetof, , , [
1442#include <stddef.h>
1443 ])
1444
cdd66111 1445AC_CHECK_FUNCS(setresuid, [
1446 dnl Some platorms have setresuid that isn't implemented, test for this
1447 AC_MSG_CHECKING(if setresuid seems to work)
996d5e62 1448 AC_RUN_IFELSE(
1449 [AC_LANG_SOURCE([[
cdd66111 1450#include <stdlib.h>
1451#include <errno.h>
1452int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
996d5e62 1453 ]])],
cdd66111 1454 [AC_MSG_RESULT(yes)],
2c06c99b 1455 [AC_DEFINE(BROKEN_SETRESUID, 1,
1456 [Define if your setresuid() is broken])
996d5e62 1457 AC_MSG_RESULT(not implemented)],
1458 [AC_MSG_WARN([cross compiling: not checking setresuid])]
cdd66111 1459 )
1460])
1461
1462AC_CHECK_FUNCS(setresgid, [
1463 dnl Some platorms have setresgid that isn't implemented, test for this
1464 AC_MSG_CHECKING(if setresgid seems to work)
996d5e62 1465 AC_RUN_IFELSE(
1466 [AC_LANG_SOURCE([[
cdd66111 1467#include <stdlib.h>
1468#include <errno.h>
1469int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
996d5e62 1470 ]])],
cdd66111 1471 [AC_MSG_RESULT(yes)],
2c06c99b 1472 [AC_DEFINE(BROKEN_SETRESGID, 1,
1473 [Define if your setresgid() is broken])
996d5e62 1474 AC_MSG_RESULT(not implemented)],
1475 [AC_MSG_WARN([cross compiling: not checking setresuid])]
cdd66111 1476 )
1477])
1478
3c0ef626 1479dnl Checks for time functions
1480AC_CHECK_FUNCS(gettimeofday time)
1481dnl Checks for utmp functions
1482AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1483AC_CHECK_FUNCS(utmpname)
1484dnl Checks for utmpx functions
1485AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1486AC_CHECK_FUNCS(setutxent utmpxname)
1487
cdd66111 1488AC_CHECK_FUNC(daemon,
2c06c99b 1489 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1490 [AC_CHECK_LIB(bsd, daemon,
1491 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
3c0ef626 1492)
1493
cdd66111 1494AC_CHECK_FUNC(getpagesize,
2c06c99b 1495 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1496 [Define if your libraries define getpagesize()])],
1497 [AC_CHECK_LIB(ucb, getpagesize,
1498 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
3c0ef626 1499)
1500
1501# Check for broken snprintf
1502if test "x$ac_cv_func_snprintf" = "xyes" ; then
1503 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
996d5e62 1504 AC_RUN_IFELSE(
1505 [AC_LANG_SOURCE([[
3c0ef626 1506#include <stdio.h>
41b2f314 1507int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
996d5e62 1508 ]])],
cdd66111 1509 [AC_MSG_RESULT(yes)],
3c0ef626 1510 [
1511 AC_MSG_RESULT(no)
2c06c99b 1512 AC_DEFINE(BROKEN_SNPRINTF, 1,
1513 [Define if your snprintf is busted])
3c0ef626 1514 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
996d5e62 1515 ],
1516 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
3c0ef626 1517 )
1518fi
1519
2c06c99b 1520# If we don't have a working asprintf, then we strongly depend on vsnprintf
1521# returning the right thing on overflow: the number of characters it tried to
1522# create (as per SUSv3)
1523if test "x$ac_cv_func_asprintf" != "xyes" && \
1524 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1525 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1526 AC_RUN_IFELSE(
1527 [AC_LANG_SOURCE([[
1528#include <sys/types.h>
1529#include <stdio.h>
1530#include <stdarg.h>
1531
1532int x_snprintf(char *str,size_t count,const char *fmt,...)
1533{
1534 size_t ret; va_list ap;
1535 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1536 return ret;
1537}
1538int main(void)
1539{
1540 char x[1];
1541 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1542} ]])],
1543 [AC_MSG_RESULT(yes)],
1544 [
1545 AC_MSG_RESULT(no)
1546 AC_DEFINE(BROKEN_SNPRINTF, 1,
1547 [Define if your snprintf is busted])
1548 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1549 ],
1550 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1551 )
1552fi
1553
1554# On systems where [v]snprintf is broken, but is declared in stdio,
1555# check that the fmt argument is const char * or just char *.
1556# This is only useful for when BROKEN_SNPRINTF
1557AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1558AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1559 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1560 int main(void) { snprintf(0, 0, 0); }
1561 ]])],
1562 [AC_MSG_RESULT(yes)
1563 AC_DEFINE(SNPRINTF_CONST, [const],
1564 [Define as const if snprintf() can declare const char *fmt])],
1565 [AC_MSG_RESULT(no)
1566 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1567
c9f39d2c 1568# Check for missing getpeereid (or equiv) support
1569NO_PEERCHECK=""
d4487008 1570if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
c9f39d2c 1571 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1572 AC_TRY_COMPILE(
1573 [#include <sys/types.h>
1574 #include <sys/socket.h>],
1575 [int i = SO_PEERCRED;],
dec6d9fe 1576 [ AC_MSG_RESULT(yes)
2c06c99b 1577 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
dec6d9fe 1578 ],
c9f39d2c 1579 [AC_MSG_RESULT(no)
1580 NO_PEERCHECK=1]
1581 )
1582fi
1583
6a9b3198 1584dnl see whether mkstemp() requires XXXXXX
1585if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1586AC_MSG_CHECKING([for (overly) strict mkstemp])
2c06c99b 1587AC_RUN_IFELSE(
1588 [AC_LANG_SOURCE([[
6a9b3198 1589#include <stdlib.h>
1590main() { char template[]="conftest.mkstemp-test";
1591if (mkstemp(template) == -1)
1592 exit(1);
1593unlink(template); exit(0);
1594}
2c06c99b 1595 ]])],
6a9b3198 1596 [
1597 AC_MSG_RESULT(no)
1598 ],
cdd66111 1599 [
6a9b3198 1600 AC_MSG_RESULT(yes)
2c06c99b 1601 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
6a9b3198 1602 ],
1603 [
1604 AC_MSG_RESULT(yes)
1605 AC_DEFINE(HAVE_STRICT_MKSTEMP)
cdd66111 1606 ]
6a9b3198 1607)
1608fi
1609
0fff78ff 1610dnl make sure that openpty does not reacquire controlling terminal
1611if test ! -z "$check_for_openpty_ctty_bug"; then
1612 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
2c06c99b 1613 AC_RUN_IFELSE(
1614 [AC_LANG_SOURCE([[
0fff78ff 1615#include <stdio.h>
1616#include <sys/fcntl.h>
1617#include <sys/types.h>
1618#include <sys/wait.h>
1619
1620int
1621main()
1622{
1623 pid_t pid;
1624 int fd, ptyfd, ttyfd, status;
1625
1626 pid = fork();
1627 if (pid < 0) { /* failed */
1628 exit(1);
1629 } else if (pid > 0) { /* parent */
1630 waitpid(pid, &status, 0);
cdd66111 1631 if (WIFEXITED(status))
0fff78ff 1632 exit(WEXITSTATUS(status));
1633 else
1634 exit(2);
1635 } else { /* child */
1636 close(0); close(1); close(2);
1637 setsid();
1638 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1639 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1640 if (fd >= 0)
1641 exit(3); /* Acquired ctty: broken */
1642 else
1643 exit(0); /* Did not acquire ctty: OK */
1644 }
1645}
2c06c99b 1646 ]])],
0fff78ff 1647 [
1648 AC_MSG_RESULT(yes)
1649 ],
1650 [
1651 AC_MSG_RESULT(no)
1652 AC_DEFINE(SSHD_ACQUIRES_CTTY)
2c06c99b 1653 ],
1654 [
1655 AC_MSG_RESULT(cross-compiling, assuming yes)
0fff78ff 1656 ]
1657 )
1658fi
1659
dec6d9fe 1660if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1661 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
99be0775 1662 AC_MSG_CHECKING(if getaddrinfo seems to work)
2c06c99b 1663 AC_RUN_IFELSE(
1664 [AC_LANG_SOURCE([[
99be0775 1665#include <stdio.h>
1666#include <sys/socket.h>
1667#include <netdb.h>
1668#include <errno.h>
1669#include <netinet/in.h>
1670
1671#define TEST_PORT "2222"
1672
1673int
1674main(void)
1675{
1676 int err, sock;
1677 struct addrinfo *gai_ai, *ai, hints;
1678 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1679
1680 memset(&hints, 0, sizeof(hints));
1681 hints.ai_family = PF_UNSPEC;
1682 hints.ai_socktype = SOCK_STREAM;
1683 hints.ai_flags = AI_PASSIVE;
1684
1685 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1686 if (err != 0) {
1687 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1688 exit(1);
1689 }
1690
1691 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1692 if (ai->ai_family != AF_INET6)
1693 continue;
1694
1695 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1696 sizeof(ntop), strport, sizeof(strport),
1697 NI_NUMERICHOST|NI_NUMERICSERV);
1698
1699 if (err != 0) {
1700 if (err == EAI_SYSTEM)
1701 perror("getnameinfo EAI_SYSTEM");
1702 else
1703 fprintf(stderr, "getnameinfo failed: %s\n",
1704 gai_strerror(err));
1705 exit(2);
1706 }
1707
1708 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1709 if (sock < 0)
1710 perror("socket");
1711 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1712 if (errno == EBADF)
1713 exit(3);
1714 }
1715 }
1716 exit(0);
1717}
2c06c99b 1718 ]])],
99be0775 1719 [
1720 AC_MSG_RESULT(yes)
1721 ],
1722 [
1723 AC_MSG_RESULT(no)
1724 AC_DEFINE(BROKEN_GETADDRINFO)
2c06c99b 1725 ],
1726 [
1727 AC_MSG_RESULT(cross-compiling, assuming yes)
99be0775 1728 ]
1729 )
1730fi
1731
dec6d9fe 1732if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1733 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
996d5e62 1734 AC_MSG_CHECKING(if getaddrinfo seems to work)
2c06c99b 1735 AC_RUN_IFELSE(
1736 [AC_LANG_SOURCE([[
996d5e62 1737#include <stdio.h>
1738#include <sys/socket.h>
1739#include <netdb.h>
1740#include <errno.h>
1741#include <netinet/in.h>
1742
1743#define TEST_PORT "2222"
1744
1745int
1746main(void)
1747{
1748 int err, sock;
1749 struct addrinfo *gai_ai, *ai, hints;
1750 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1751
1752 memset(&hints, 0, sizeof(hints));
1753 hints.ai_family = PF_UNSPEC;
1754 hints.ai_socktype = SOCK_STREAM;
1755 hints.ai_flags = AI_PASSIVE;
1756
1757 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1758 if (err != 0) {
1759 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1760 exit(1);
1761 }
1762
1763 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1764 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1765 continue;
1766
1767 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1768 sizeof(ntop), strport, sizeof(strport),
1769 NI_NUMERICHOST|NI_NUMERICSERV);
1770
1771 if (ai->ai_family == AF_INET && err != 0) {
1772 perror("getnameinfo");
1773 exit(2);
1774 }
1775 }
1776 exit(0);
1777}
2c06c99b 1778 ]])],
996d5e62 1779 [
1780 AC_MSG_RESULT(yes)
2c06c99b 1781 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1782 [Define if you have a getaddrinfo that fails
1783 for the all-zeros IPv6 address])
996d5e62 1784 ],
1785 [
1786 AC_MSG_RESULT(no)
1787 AC_DEFINE(BROKEN_GETADDRINFO)
2c06c99b 1788 ],
9108f8d9 1789 [
2c06c99b 1790 AC_MSG_RESULT(cross-compiling, assuming no)
996d5e62 1791 ]
1792 )
1793fi
1794
1795if test "x$check_for_conflicting_getspnam" = "x1"; then
1796 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1797 AC_COMPILE_IFELSE(
1798 [
1799#include <shadow.h>
1800int main(void) {exit(0);}
1801 ],
1802 [
1803 AC_MSG_RESULT(no)
1804 ],
1805 [
1806 AC_MSG_RESULT(yes)
1807 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1808 [Conflicting defs for getspnam])
1809 ]
1810 )
1811fi
1812
3c0ef626 1813AC_FUNC_GETPGRP
1814
700318f3 1815# Search for OpenSSL
1816saved_CPPFLAGS="$CPPFLAGS"
1817saved_LDFLAGS="$LDFLAGS"
3c0ef626 1818AC_ARG_WITH(ssl-dir,
1819 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1820 [
1821 if test "x$withval" != "xno" ; then
996d5e62 1822 case "$withval" in
1823 # Relative paths
1824 ./*|../*) withval="`pwd`/$withval"
1825 esac
700318f3 1826 if test -d "$withval/lib"; then
1827 if test -n "${need_dash_r}"; then
1828 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1829 else
1830 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
3c0ef626 1831 fi
1832 else
700318f3 1833 if test -n "${need_dash_r}"; then
1834 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1835 else
1836 LDFLAGS="-L${withval} ${LDFLAGS}"
3c0ef626 1837 fi
1838 fi
700318f3 1839 if test -d "$withval/include"; then
1840 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
3c0ef626 1841 else
700318f3 1842 CPPFLAGS="-I${withval} ${CPPFLAGS}"
3c0ef626 1843 fi
1844 fi
700318f3 1845 ]
1846)
cdd66111 1847LIBS="-lcrypto $LIBS"
2c06c99b 1848AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1849 [Define if your ssl headers are included
1850 with #include <openssl/header.h>]),
3c0ef626 1851 [
700318f3 1852 dnl Check default openssl install dir
1853 if test -n "${need_dash_r}"; then
1854 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
3c0ef626 1855 else
700318f3 1856 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
3c0ef626 1857 fi
700318f3 1858 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1859 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1860 [
1861 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1862 ]
1863 )
1864 ]
1865)
1866
41b2f314 1867# Determine OpenSSL header version
1868AC_MSG_CHECKING([OpenSSL header version])
996d5e62 1869AC_RUN_IFELSE(
1870 [AC_LANG_SOURCE([[
41b2f314 1871#include <stdio.h>
1872#include <string.h>
1873#include <openssl/opensslv.h>
1874#define DATA "conftest.sslincver"
1875int main(void) {
cdd66111 1876 FILE *fd;
1877 int rc;
41b2f314 1878
cdd66111 1879 fd = fopen(DATA,"w");
1880 if(fd == NULL)
1881 exit(1);
41b2f314 1882
1883 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1884 exit(1);
1885
1886 exit(0);
1887}
996d5e62 1888 ]])],
41b2f314 1889 [
1890 ssl_header_ver=`cat conftest.sslincver`
1891 AC_MSG_RESULT($ssl_header_ver)
1892 ],
1893 [
1894 AC_MSG_RESULT(not found)
1895 AC_MSG_ERROR(OpenSSL version header not found.)
996d5e62 1896 ],
1897 [
1898 AC_MSG_WARN([cross compiling: not checking])
41b2f314 1899 ]
1900)
1901
1902# Determine OpenSSL library version
1903AC_MSG_CHECKING([OpenSSL library version])
996d5e62 1904AC_RUN_IFELSE(
1905 [AC_LANG_SOURCE([[
41b2f314 1906#include <stdio.h>
1907#include <string.h>
1908#include <openssl/opensslv.h>
1909#include <openssl/crypto.h>
1910#define DATA "conftest.ssllibver"
1911int main(void) {
cdd66111 1912 FILE *fd;
1913 int rc;
41b2f314 1914
cdd66111 1915 fd = fopen(DATA,"w");
1916 if(fd == NULL)
1917 exit(1);
41b2f314 1918
1919 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1920 exit(1);
1921
1922 exit(0);
1923}
996d5e62 1924 ]])],
41b2f314 1925 [
1926 ssl_library_ver=`cat conftest.ssllibver`
1927 AC_MSG_RESULT($ssl_library_ver)
1928 ],
1929 [
1930 AC_MSG_RESULT(not found)
1931 AC_MSG_ERROR(OpenSSL library not found.)
996d5e62 1932 ],
1933 [
1934 AC_MSG_WARN([cross compiling: not checking])
41b2f314 1935 ]
1936)
3c0ef626 1937
799ae497 1938AC_ARG_WITH(openssl-header-check,
1939 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1940 [ if test "x$withval" = "xno" ; then
1941 openssl_check_nonfatal=1
1942 fi
1943 ]
1944)
1945
e9a17296 1946# Sanity check OpenSSL headers
1947AC_MSG_CHECKING([whether OpenSSL's headers match the library])
996d5e62 1948AC_RUN_IFELSE(
1949 [AC_LANG_SOURCE([[
e9a17296 1950#include <string.h>
1951#include <openssl/opensslv.h>
41b2f314 1952int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
996d5e62 1953 ]])],
e9a17296 1954 [
1955 AC_MSG_RESULT(yes)
1956 ],
1957 [
1958 AC_MSG_RESULT(no)
799ae497 1959 if test "x$openssl_check_nonfatal" = "x"; then
1960 AC_MSG_ERROR([Your OpenSSL headers do not match your
1961library. Check config.log for details.
1962If you are sure your installation is consistent, you can disable the check
1963by running "./configure --without-openssl-header-check".
1964Also see contrib/findssl.sh for help identifying header/library mismatches.
1965])
1966 else
1967 AC_MSG_WARN([Your OpenSSL headers do not match your
1968library. Check config.log for details.
0fff78ff 1969Also see contrib/findssl.sh for help identifying header/library mismatches.])
799ae497 1970 fi
996d5e62 1971 ],
1972 [
1973 AC_MSG_WARN([cross compiling: not checking])
e9a17296 1974 ]
1975)
1976
9108f8d9 1977AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1978AC_LINK_IFELSE(
1979 [AC_LANG_SOURCE([[
1980#include <openssl/evp.h>
1981int main(void) { SSLeay_add_all_algorithms(); }
1982 ]])],
1983 [
1984 AC_MSG_RESULT(yes)
1985 ],
1986 [
1987 AC_MSG_RESULT(no)
1988 saved_LIBS="$LIBS"
1989 LIBS="$LIBS -ldl"
1990 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1991 AC_LINK_IFELSE(
1992 [AC_LANG_SOURCE([[
1993#include <openssl/evp.h>
1994int main(void) { SSLeay_add_all_algorithms(); }
1995 ]])],
1996 [
1997 AC_MSG_RESULT(yes)
1998 ],
1999 [
2000 AC_MSG_RESULT(no)
2001 LIBS="$saved_LIBS"
2002 ]
2003 )
2004 ]
2005)
2006
2007AC_ARG_WITH(ssl-engine,
2008 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2009 [ if test "x$withval" != "xno" ; then
2010 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2011 AC_TRY_COMPILE(
2012 [ #include <openssl/engine.h>],
2013 [
ff7ec503 2014ENGINE_load_builtin_engines();ENGINE_register_all_complete();
9108f8d9 2015 ],
2016 [ AC_MSG_RESULT(yes)
2017 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2018 [Enable OpenSSL engine support])
2019 ],
2020 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2021 )
2022 fi ]
2023)
2024
2c06c99b 2025# Check for OpenSSL without EVP_aes_{192,256}_cbc
2026AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
9108f8d9 2027AC_LINK_IFELSE(
2c06c99b 2028 [AC_LANG_SOURCE([[
2029#include <string.h>
2030#include <openssl/evp.h>
f2f068fa 2031int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2c06c99b 2032 ]])],
2033 [
2034 AC_MSG_RESULT(no)
2035 ],
2036 [
2037 AC_MSG_RESULT(yes)
2038 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2039 [libcrypto is missing AES 192 and 256 bit functions])
2040 ]
2041)
2042
cdd66111 2043# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2044# because the system crypt() is more featureful.
2045if test "x$check_for_libcrypt_before" = "x1"; then
2046 AC_CHECK_LIB(crypt, crypt)
2047fi
2048
2049# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2050# version in OpenSSL.
0fff78ff 2051if test "x$check_for_libcrypt_later" = "x1"; then
3c0ef626 2052 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2053fi
2054
9108f8d9 2055# Search for SHA256 support in libc and/or OpenSSL
2056AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2057
d4487008 2058saved_LIBS="$LIBS"
2059AC_CHECK_LIB(iaf, ia_openinfo, [
2060 LIBS="$LIBS -liaf"
47686178 2061 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2062 AC_DEFINE(HAVE_LIBIAF, 1,
2063 [Define if system has libiaf that supports set_id])
2064 ])
d4487008 2065])
2066LIBS="$saved_LIBS"
e9a17296 2067
2068### Configure cryptographic random number support
2069
2070# Check wheter OpenSSL seeds itself
2071AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
996d5e62 2072AC_RUN_IFELSE(
2073 [AC_LANG_SOURCE([[
e9a17296 2074#include <string.h>
2075#include <openssl/rand.h>
41b2f314 2076int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
996d5e62 2077 ]])],
e9a17296 2078 [
2079 OPENSSL_SEEDS_ITSELF=yes
2080 AC_MSG_RESULT(yes)
2081 ],
2082 [
2083 AC_MSG_RESULT(no)
2084 # Default to use of the rand helper if OpenSSL doesn't
2085 # seed itself
2086 USE_RAND_HELPER=yes
996d5e62 2087 ],
2088 [
2089 AC_MSG_WARN([cross compiling: assuming yes])
2090 # This is safe, since all recent OpenSSL versions will
dec6d9fe 2091 # complain at runtime if not seeded correctly.
996d5e62 2092 OPENSSL_SEEDS_ITSELF=yes
e9a17296 2093 ]
2094)
2095
9108f8d9 2096# Check for PAM libs
2097PAM_MSG="no"
2098AC_ARG_WITH(pam,
2099 [ --with-pam Enable PAM support ],
2100 [
2101 if test "x$withval" != "xno" ; then
2102 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2103 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2104 AC_MSG_ERROR([PAM headers not found])
2105 fi
2106
2107 saved_LIBS="$LIBS"
2108 AC_CHECK_LIB(dl, dlopen, , )
2109 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2110 AC_CHECK_FUNCS(pam_getenvlist)
2111 AC_CHECK_FUNCS(pam_putenv)
2112 LIBS="$saved_LIBS"
2113
2114 PAM_MSG="yes"
2115
d4487008 2116 SSHDLIBS="$SSHDLIBS -lpam"
9108f8d9 2117 AC_DEFINE(USE_PAM, 1,
2118 [Define if you want to enable PAM support])
2119
2120 if test $ac_cv_lib_dl_dlopen = yes; then
2121 case "$LIBS" in
2122 *-ldl*)
2123 # libdl already in LIBS
2124 ;;
2125 *)
d4487008 2126 SSHDLIBS="$SSHDLIBS -ldl"
9108f8d9 2127 ;;
2128 esac
2129 fi
9108f8d9 2130 fi
2131 ]
2132)
2133
2134# Check for older PAM
2135if test "x$PAM_MSG" = "xyes" ; then
2136 # Check PAM strerror arguments (old PAM)
2137 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2138 AC_TRY_COMPILE(
2139 [
2140#include <stdlib.h>
2141#if defined(HAVE_SECURITY_PAM_APPL_H)
2142#include <security/pam_appl.h>
2143#elif defined (HAVE_PAM_PAM_APPL_H)
2144#include <pam/pam_appl.h>
2145#endif
2146 ],
2147 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2148 [AC_MSG_RESULT(no)],
2149 [
2150 AC_DEFINE(HAVE_OLD_PAM, 1,
2151 [Define if you have an old version of PAM
2152 which takes only one argument to pam_strerror])
2153 AC_MSG_RESULT(yes)
2154 PAM_MSG="yes (old library)"
2155 ]
2156 )
2157fi
e9a17296 2158
2159# Do we want to force the use of the rand helper?
2160AC_ARG_WITH(rand-helper,
2161 [ --with-rand-helper Use subprocess to gather strong randomness ],
2162 [
2163 if test "x$withval" = "xno" ; then
cdd66111 2164 # Force use of OpenSSL's internal RNG, even if
e9a17296 2165 # the previous test showed it to be unseeded.
2166 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2167 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2168 OPENSSL_SEEDS_ITSELF=yes
2169 USE_RAND_HELPER=""
2170 fi
2171 else
2172 USE_RAND_HELPER=yes
2173 fi
2174 ],
dec6d9fe 2175)
e9a17296 2176
2177# Which randomness source do we use?
dec6d9fe 2178if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
e9a17296 2179 # OpenSSL only
2c06c99b 2180 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2181 [Define if you want OpenSSL's internally seeded PRNG only])
e9a17296 2182 RAND_MSG="OpenSSL internal ONLY"
2183 INSTALL_SSH_RAND_HELPER=""
2184elif test ! -z "$USE_RAND_HELPER" ; then
2185 # install rand helper
2186 RAND_MSG="ssh-rand-helper"
2187 INSTALL_SSH_RAND_HELPER="yes"
2188fi
2189AC_SUBST(INSTALL_SSH_RAND_HELPER)
2190
2191### Configuration of ssh-rand-helper
2192
2193# PRNGD TCP socket
2194AC_ARG_WITH(prngd-port,
2195 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2196 [
2197 case "$withval" in
2198 no)
2199 withval=""
2200 ;;
2201 [[0-9]]*)
2202 ;;
2203 *)
2204 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2205 ;;
2206 esac
2207 if test ! -z "$withval" ; then
2208 PRNGD_PORT="$withval"
2c06c99b 2209 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2210 [Port number of PRNGD/EGD random number socket])
e9a17296 2211 fi
2212 ]
2213)
2214
2215# PRNGD Unix domain socket
2216AC_ARG_WITH(prngd-socket,
2217 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2218 [
2219 case "$withval" in
2220 yes)
2221 withval="/var/run/egd-pool"
2222 ;;
2223 no)
2224 withval=""
2225 ;;
2226 /*)
2227 ;;
2228 *)
2229 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2230 ;;
2231 esac
2232
2233 if test ! -z "$withval" ; then
2234 if test ! -z "$PRNGD_PORT" ; then
2235 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2236 fi
2237 if test ! -r "$withval" ; then
2238 AC_MSG_WARN(Entropy socket is not readable)
2239 fi
2240 PRNGD_SOCKET="$withval"
2c06c99b 2241 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2242 [Location of PRNGD/EGD random number socket])
e9a17296 2243 fi
2244 ],
2245 [
2246 # Check for existing socket only if we don't have a random device already
2247 if test "$USE_RAND_HELPER" = yes ; then
2248 AC_MSG_CHECKING(for PRNGD/EGD socket)
2249 # Insert other locations here
2250 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2251 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2252 PRNGD_SOCKET="$sock"
2253 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2254 break;
2255 fi
2256 done
2257 if test ! -z "$PRNGD_SOCKET" ; then
2258 AC_MSG_RESULT($PRNGD_SOCKET)
2259 else
2260 AC_MSG_RESULT(not found)
2261 fi
2262 fi
2263 ]
2264)
2265
2266# Change default command timeout for hashing entropy source
2267entropy_timeout=200
2268AC_ARG_WITH(entropy-timeout,
2269 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2270 [
dec6d9fe 2271 if test -n "$withval" && test "x$withval" != "xno" && \
2272 test "x${withval}" != "xyes"; then
e9a17296 2273 entropy_timeout=$withval
2274 fi
dec6d9fe 2275 ]
e9a17296 2276)
2c06c99b 2277AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2278 [Builtin PRNG command timeout])
e9a17296 2279
680cee3b 2280SSH_PRIVSEP_USER=sshd
700318f3 2281AC_ARG_WITH(privsep-user,
2282 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2283 [
dec6d9fe 2284 if test -n "$withval" && test "x$withval" != "xno" && \
2285 test "x${withval}" != "xyes"; then
680cee3b 2286 SSH_PRIVSEP_USER=$withval
700318f3 2287 fi
dec6d9fe 2288 ]
700318f3 2289)
2c06c99b 2290AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2291 [non-privileged user for privilege separation])
680cee3b 2292AC_SUBST(SSH_PRIVSEP_USER)
700318f3 2293
2294# We do this little dance with the search path to insure
2295# that programs that we select for use by installed programs
2296# (which may be run by the super-user) come from trusted
2297# locations before they come from the user's private area.
2298# This should help avoid accidentally configuring some
2299# random version of a program in someone's personal bin.
2300
2301OPATH=$PATH
2302PATH=/bin:/usr/bin
2303test -h /bin 2> /dev/null && PATH=/usr/bin
2304test -d /sbin && PATH=$PATH:/sbin
2305test -d /usr/sbin && PATH=$PATH:/usr/sbin
2306PATH=$PATH:/etc:$OPATH
2307
cdd66111 2308# These programs are used by the command hashing source to gather entropy
e9a17296 2309OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2310OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2311OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2312OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2313OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2314OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2315OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2316OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2317OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2318OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2319OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2320OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2321OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2322OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2323OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2324OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
700318f3 2325# restore PATH
2326PATH=$OPATH
e9a17296 2327
2328# Where does ssh-rand-helper get its randomness from?
2329INSTALL_SSH_PRNG_CMDS=""
2330if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2331 if test ! -z "$PRNGD_PORT" ; then
2332 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2333 elif test ! -z "$PRNGD_SOCKET" ; then
2334 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2335 else
2336 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2337 RAND_HELPER_CMDHASH=yes
2338 INSTALL_SSH_PRNG_CMDS="yes"
2339 fi
2340fi
2341AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2342
2343
3c0ef626 2344# Cheap hack to ensure NEWS-OS libraries are arranged right.
2345if test ! -z "$SONY" ; then
2346 LIBS="$LIBS -liberty";
2347fi
2348
2c06c99b 2349# Check for long long datatypes
2350AC_CHECK_TYPES([long long, unsigned long long, long double])
2351
2352# Check datatype sizes
3c0ef626 2353AC_CHECK_SIZEOF(char, 1)
2354AC_CHECK_SIZEOF(short int, 2)
2355AC_CHECK_SIZEOF(int, 4)
2356AC_CHECK_SIZEOF(long int, 4)
2357AC_CHECK_SIZEOF(long long int, 8)
2358
700318f3 2359# Sanity check long long for some platforms (AIX)
2360if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2361 ac_cv_sizeof_long_long_int=0
2362fi
2363
2c06c99b 2364# compute LLONG_MIN and LLONG_MAX if we don't know them.
2365if test -z "$have_llong_max"; then
2366 AC_MSG_CHECKING([for max value of long long])
2367 AC_RUN_IFELSE(
2368 [AC_LANG_SOURCE([[
2369#include <stdio.h>
2370/* Why is this so damn hard? */
2371#ifdef __GNUC__
2372# undef __GNUC__
2373#endif
2374#define __USE_ISOC99
2375#include <limits.h>
2376#define DATA "conftest.llminmax"
9108f8d9 2377#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2378
2379/*
2380 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2381 * we do this the hard way.
2382 */
2383static int
2384fprint_ll(FILE *f, long long n)
2385{
2386 unsigned int i;
2387 int l[sizeof(long long) * 8];
2388
2389 if (n < 0)
2390 if (fprintf(f, "-") < 0)
2391 return -1;
2392 for (i = 0; n != 0; i++) {
2393 l[i] = my_abs(n % 10);
2394 n /= 10;
2395 }
2396 do {
2397 if (fprintf(f, "%d", l[--i]) < 0)
2398 return -1;
2399 } while (i != 0);
2400 if (fprintf(f, " ") < 0)
2401 return -1;
2402 return 0;
2403}
2404
2c06c99b 2405int main(void) {
2406 FILE *f;
2407 long long i, llmin, llmax = 0;
2408
2409 if((f = fopen(DATA,"w")) == NULL)
2410 exit(1);
2411
2412#if defined(LLONG_MIN) && defined(LLONG_MAX)
2413 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2414 llmin = LLONG_MIN;
2415 llmax = LLONG_MAX;
2416#else
2417 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2418 /* This will work on one's complement and two's complement */
2419 for (i = 1; i > llmax; i <<= 1, i++)
2420 llmax = i;
2421 llmin = llmax + 1LL; /* wrap */
2422#endif
2423
2424 /* Sanity check */
2425 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
9108f8d9 2426 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2427 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2c06c99b 2428 fprintf(f, "unknown unknown\n");
2429 exit(2);
2430 }
2431
9108f8d9 2432 if (fprint_ll(f, llmin) < 0)
2c06c99b 2433 exit(3);
9108f8d9 2434 if (fprint_ll(f, llmax) < 0)
2435 exit(4);
2436 if (fclose(f) < 0)
2437 exit(5);
2c06c99b 2438 exit(0);
2439}
2440 ]])],
2441 [
2442 llong_min=`$AWK '{print $1}' conftest.llminmax`
2443 llong_max=`$AWK '{print $2}' conftest.llminmax`
2444
2c06c99b 2445 AC_MSG_RESULT($llong_max)
2446 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2447 [max value of long long calculated by configure])
2448 AC_MSG_CHECKING([for min value of long long])
2449 AC_MSG_RESULT($llong_min)
2450 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2451 [min value of long long calculated by configure])
2452 ],
2453 [
2454 AC_MSG_RESULT(not found)
2455 ],
2456 [
2457 AC_MSG_WARN([cross compiling: not checking])
2458 ]
2459 )
2460fi
2461
2462
3c0ef626 2463# More checks for data types
2464AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2465 AC_TRY_COMPILE(
cdd66111 2466 [ #include <sys/types.h> ],
2467 [ u_int a; a = 1;],
3c0ef626 2468 [ ac_cv_have_u_int="yes" ],
2469 [ ac_cv_have_u_int="no" ]
2470 )
2471])
2472if test "x$ac_cv_have_u_int" = "xyes" ; then
2c06c99b 2473 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
3c0ef626 2474 have_u_int=1
2475fi
2476
2477AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2478 AC_TRY_COMPILE(
cdd66111 2479 [ #include <sys/types.h> ],
2480 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
3c0ef626 2481 [ ac_cv_have_intxx_t="yes" ],
2482 [ ac_cv_have_intxx_t="no" ]
2483 )
2484])
2485if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2c06c99b 2486 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
3c0ef626 2487 have_intxx_t=1
2488fi
2489
2490if (test -z "$have_intxx_t" && \
cdd66111 2491 test "x$ac_cv_header_stdint_h" = "xyes")
3c0ef626 2492then
2493 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2494 AC_TRY_COMPILE(
cdd66111 2495 [ #include <stdint.h> ],
2496 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
3c0ef626 2497 [
2498 AC_DEFINE(HAVE_INTXX_T)
2499 AC_MSG_RESULT(yes)
2500 ],
2501 [ AC_MSG_RESULT(no) ]
2502 )
2503fi
2504
2505AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2506 AC_TRY_COMPILE(
41b2f314 2507 [
2508#include <sys/types.h>
2509#ifdef HAVE_STDINT_H
2510# include <stdint.h>
2511#endif
2512#include <sys/socket.h>
2513#ifdef HAVE_SYS_BITYPES_H
2514# include <sys/bitypes.h>
2515#endif
cdd66111 2516 ],
2517 [ int64_t a; a = 1;],
3c0ef626 2518 [ ac_cv_have_int64_t="yes" ],
2519 [ ac_cv_have_int64_t="no" ]
2520 )
2521])
2522if test "x$ac_cv_have_int64_t" = "xyes" ; then
2c06c99b 2523 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
e9a17296 2524fi
2525
3c0ef626 2526AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2527 AC_TRY_COMPILE(
cdd66111 2528 [ #include <sys/types.h> ],
2529 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
3c0ef626 2530 [ ac_cv_have_u_intxx_t="yes" ],
2531 [ ac_cv_have_u_intxx_t="no" ]
2532 )
2533])
2534if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2c06c99b 2535 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
3c0ef626 2536 have_u_intxx_t=1
2537fi
2538
2539if test -z "$have_u_intxx_t" ; then
2540 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2541 AC_TRY_COMPILE(
cdd66111 2542 [ #include <sys/socket.h> ],
2543 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
3c0ef626 2544 [
2545 AC_DEFINE(HAVE_U_INTXX_T)
2546 AC_MSG_RESULT(yes)
2547 ],
2548 [ AC_MSG_RESULT(no) ]
2549 )
2550fi
2551
2552AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2553 AC_TRY_COMPILE(
cdd66111 2554 [ #include <sys/types.h> ],
2555 [ u_int64_t a; a = 1;],
3c0ef626 2556 [ ac_cv_have_u_int64_t="yes" ],
2557 [ ac_cv_have_u_int64_t="no" ]
2558 )
2559])
2560if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2c06c99b 2561 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
3c0ef626 2562 have_u_int64_t=1
2563fi
2564
e9a17296 2565if test -z "$have_u_int64_t" ; then
2566 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2567 AC_TRY_COMPILE(
cdd66111 2568 [ #include <sys/bitypes.h> ],
e9a17296 2569 [ u_int64_t a; a = 1],
2570 [
2571 AC_DEFINE(HAVE_U_INT64_T)
2572 AC_MSG_RESULT(yes)
2573 ],
2574 [ AC_MSG_RESULT(no) ]
2575 )
2576fi
2577
3c0ef626 2578if test -z "$have_u_intxx_t" ; then
2579 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2580 AC_TRY_COMPILE(
2581 [
2582#include <sys/types.h>
cdd66111 2583 ],
2584 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
3c0ef626 2585 [ ac_cv_have_uintxx_t="yes" ],
2586 [ ac_cv_have_uintxx_t="no" ]
2587 )
2588 ])
2589 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2c06c99b 2590 AC_DEFINE(HAVE_UINTXX_T, 1,
2591 [define if you have uintxx_t data type])
3c0ef626 2592 fi
2593fi
2594
2595if test -z "$have_uintxx_t" ; then
2596 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2597 AC_TRY_COMPILE(
cdd66111 2598 [ #include <stdint.h> ],
2599 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
3c0ef626 2600 [
2601 AC_DEFINE(HAVE_UINTXX_T)
2602 AC_MSG_RESULT(yes)
2603 ],
2604 [ AC_MSG_RESULT(no) ]
2605 )
2606fi
2607
2608if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
cdd66111 2609 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
3c0ef626 2610then
2611 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2612 AC_TRY_COMPILE(
2613 [
2614#include <sys/bitypes.h>
cdd66111 2615 ],
3c0ef626 2616 [
2617 int8_t a; int16_t b; int32_t c;
2618 u_int8_t e; u_int16_t f; u_int32_t g;
2619 a = b = c = e = f = g = 1;
cdd66111 2620 ],
3c0ef626 2621 [
2622 AC_DEFINE(HAVE_U_INTXX_T)
2623 AC_DEFINE(HAVE_INTXX_T)
2624 AC_MSG_RESULT(yes)
2625 ],
2626 [AC_MSG_RESULT(no)]
cdd66111 2627 )
3c0ef626 2628fi
2629
2630
2631AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2632 AC_TRY_COMPILE(
2633 [
2634#include <sys/types.h>
2635 ],
2636 [ u_char foo; foo = 125; ],
2637 [ ac_cv_have_u_char="yes" ],
2638 [ ac_cv_have_u_char="no" ]
2639 )
2640])
2641if test "x$ac_cv_have_u_char" = "xyes" ; then
2c06c99b 2642 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
3c0ef626 2643fi
2644
2645TYPE_SOCKLEN_T
2646
e9a17296 2647AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2648
996d5e62 2649AC_CHECK_TYPES(in_addr_t,,,
2650[#include <sys/types.h>
2651#include <netinet/in.h>])
2652
3c0ef626 2653AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2654 AC_TRY_COMPILE(
2655 [
2656#include <sys/types.h>
2657 ],
2658 [ size_t foo; foo = 1235; ],
2659 [ ac_cv_have_size_t="yes" ],
2660 [ ac_cv_have_size_t="no" ]
2661 )
2662])
2663if test "x$ac_cv_have_size_t" = "xyes" ; then
2c06c99b 2664 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
3c0ef626 2665fi
2666
2667AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2668 AC_TRY_COMPILE(
2669 [
2670#include <sys/types.h>
2671 ],
2672 [ ssize_t foo; foo = 1235; ],
2673 [ ac_cv_have_ssize_t="yes" ],
2674 [ ac_cv_have_ssize_t="no" ]
2675 )
2676])
2677if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2c06c99b 2678 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
3c0ef626 2679fi
2680
2681AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2682 AC_TRY_COMPILE(
2683 [
2684#include <time.h>
2685 ],
2686 [ clock_t foo; foo = 1235; ],
2687 [ ac_cv_have_clock_t="yes" ],
2688 [ ac_cv_have_clock_t="no" ]
2689 )
2690])
2691if test "x$ac_cv_have_clock_t" = "xyes" ; then
2c06c99b 2692 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
3c0ef626 2693fi
2694
2695AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2696 AC_TRY_COMPILE(
2697 [
2698#include <sys/types.h>
2699#include <sys/socket.h>
2700 ],
2701 [ sa_family_t foo; foo = 1235; ],
2702 [ ac_cv_have_sa_family_t="yes" ],
2703 [ AC_TRY_COMPILE(
2704 [
2705#include <sys/types.h>
2706#include <sys/socket.h>
2707#include <netinet/in.h>
2708 ],
2709 [ sa_family_t foo; foo = 1235; ],
2710 [ ac_cv_have_sa_family_t="yes" ],
2711
2712 [ ac_cv_have_sa_family_t="no" ]
2713 )]
2714 )
2715])
2716if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2c06c99b 2717 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2718 [define if you have sa_family_t data type])
3c0ef626 2719fi
2720
2721AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2722 AC_TRY_COMPILE(
2723 [
2724#include <sys/types.h>
2725 ],
2726 [ pid_t foo; foo = 1235; ],
2727 [ ac_cv_have_pid_t="yes" ],
2728 [ ac_cv_have_pid_t="no" ]
2729 )
2730])
2731if test "x$ac_cv_have_pid_t" = "xyes" ; then
2c06c99b 2732 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
3c0ef626 2733fi
2734
2735AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2736 AC_TRY_COMPILE(
2737 [
2738#include <sys/types.h>
2739 ],
2740 [ mode_t foo; foo = 1235; ],
2741 [ ac_cv_have_mode_t="yes" ],
2742 [ ac_cv_have_mode_t="no" ]
2743 )
2744])
2745if test "x$ac_cv_have_mode_t" = "xyes" ; then
2c06c99b 2746 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
3c0ef626 2747fi
2748
2749
2750AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2751 AC_TRY_COMPILE(
2752 [
2753#include <sys/types.h>
2754#include <sys/socket.h>
2755 ],
2756 [ struct sockaddr_storage s; ],
2757 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2758 [ ac_cv_have_struct_sockaddr_storage="no" ]
2759 )
2760])
2761if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2c06c99b 2762 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2763 [define if you have struct sockaddr_storage data type])
3c0ef626 2764fi
2765
2766AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2767 AC_TRY_COMPILE(
2768 [
2769#include <sys/types.h>
2770#include <netinet/in.h>
2771 ],
2772 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2773 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2774 [ ac_cv_have_struct_sockaddr_in6="no" ]
2775 )
2776])
2777if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2c06c99b 2778 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2779 [define if you have struct sockaddr_in6 data type])
3c0ef626 2780fi
2781
2782AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2783 AC_TRY_COMPILE(
2784 [
2785#include <sys/types.h>
2786#include <netinet/in.h>
2787 ],
2788 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2789 [ ac_cv_have_struct_in6_addr="yes" ],
2790 [ ac_cv_have_struct_in6_addr="no" ]
2791 )
2792])
2793if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2c06c99b 2794 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2795 [define if you have struct in6_addr data type])
3c0ef626 2796fi
2797
2798AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2799 AC_TRY_COMPILE(
2800 [
2801#include <sys/types.h>
2802#include <sys/socket.h>
2803#include <netdb.h>
2804 ],
2805 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2806 [ ac_cv_have_struct_addrinfo="yes" ],
2807 [ ac_cv_have_struct_addrinfo="no" ]
2808 )
2809])
2810if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2c06c99b 2811 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2812 [define if you have struct addrinfo data type])
3c0ef626 2813fi
2814
2815AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2816 AC_TRY_COMPILE(
cdd66111 2817 [ #include <sys/time.h> ],
2818 [ struct timeval tv; tv.tv_sec = 1;],
3c0ef626 2819 [ ac_cv_have_struct_timeval="yes" ],
2820 [ ac_cv_have_struct_timeval="no" ]
2821 )
2822])
2823if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2c06c99b 2824 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3c0ef626 2825 have_struct_timeval=1
2826fi
2827
6a9b3198 2828AC_CHECK_TYPES(struct timespec)
2829
2830# We need int64_t or else certian parts of the compile will fail.
dec6d9fe 2831if test "x$ac_cv_have_int64_t" = "xno" && \
2832 test "x$ac_cv_sizeof_long_int" != "x8" && \
2833 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
6a9b3198 2834 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2835 echo "an alternative compiler (I.E., GCC) before continuing."
2836 echo ""
2837 exit 1;
3c0ef626 2838else
2839dnl test snprintf (broken on SCO w/gcc)
996d5e62 2840 AC_RUN_IFELSE(
2841 [AC_LANG_SOURCE([[
3c0ef626 2842#include <stdio.h>
2843#include <string.h>
2844#ifdef HAVE_SNPRINTF
2845main()
2846{
2847 char buf[50];
2848 char expected_out[50];
2849 int mazsize = 50 ;
2850#if (SIZEOF_LONG_INT == 8)
2851 long int num = 0x7fffffffffffffff;
2852#else
2853 long long num = 0x7fffffffffffffffll;
2854#endif
2855 strcpy(expected_out, "9223372036854775807");
2856 snprintf(buf, mazsize, "%lld", num);
2857 if(strcmp(buf, expected_out) != 0)
cdd66111 2858 exit(1);
3c0ef626 2859 exit(0);
2860}
2861#else
2862main() { exit(0); }
2863#endif
996d5e62 2864 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2865 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3c0ef626 2866 )
2867fi
3c0ef626 2868
2869dnl Checks for structure members
2870OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2871OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2872OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2873OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2874OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2875OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2876OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2877OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2878OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2879OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2880OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2881OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2882OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2883OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2884OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2885OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2886OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2887
2888AC_CHECK_MEMBERS([struct stat.st_blksize])
2c06c99b 2889AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2890 [Define if we don't have struct __res_state in resolv.h])],
2891[
2892#include <stdio.h>
2893#if HAVE_SYS_TYPES_H
2894# include <sys/types.h>
2895#endif
2896#include <netinet/in.h>
2897#include <arpa/nameser.h>
2898#include <resolv.h>
2899])
3c0ef626 2900
2901AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2902 ac_cv_have_ss_family_in_struct_ss, [
2903 AC_TRY_COMPILE(
2904 [
2905#include <sys/types.h>
2906#include <sys/socket.h>
2907 ],
2908 [ struct sockaddr_storage s; s.ss_family = 1; ],
2909 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2910 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2911 )
2912])
2913if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2c06c99b 2914 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3c0ef626 2915fi
2916
2917AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2918 ac_cv_have___ss_family_in_struct_ss, [
2919 AC_TRY_COMPILE(
2920 [
2921#include <sys/types.h>
2922#include <sys/socket.h>
2923 ],
2924 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2925 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2926 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2927 )
2928])
2929if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2c06c99b 2930 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2931 [Fields in struct sockaddr_storage])
3c0ef626 2932fi
2933
2934AC_CACHE_CHECK([for pw_class field in struct passwd],
2935 ac_cv_have_pw_class_in_struct_passwd, [
2936 AC_TRY_COMPILE(
2937 [
2938#include <pwd.h>
2939 ],
2940 [ struct passwd p; p.pw_class = 0; ],
2941 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2942 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2943 )
2944])
2945if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2c06c99b 2946 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2947 [Define if your password has a pw_class field])
3c0ef626 2948fi
2949
2950AC_CACHE_CHECK([for pw_expire field in struct passwd],
2951 ac_cv_have_pw_expire_in_struct_passwd, [
2952 AC_TRY_COMPILE(
2953 [
2954#include <pwd.h>
2955 ],
2956 [ struct passwd p; p.pw_expire = 0; ],
2957 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2958 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2959 )
2960])
2961if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2c06c99b 2962 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2963 [Define if your password has a pw_expire field])
3c0ef626 2964fi
2965
2966AC_CACHE_CHECK([for pw_change field in struct passwd],
2967 ac_cv_have_pw_change_in_struct_passwd, [
2968 AC_TRY_COMPILE(
2969 [
2970#include <pwd.h>
2971 ],
2972 [ struct passwd p; p.pw_change = 0; ],
2973 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2974 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2975 )
2976])
2977if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2c06c99b 2978 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2979 [Define if your password has a pw_change field])
3c0ef626 2980fi
2981
fba3c309 2982dnl make sure we're using the real structure members and not defines
700318f3 2983AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2984 ac_cv_have_accrights_in_msghdr, [
996d5e62 2985 AC_COMPILE_IFELSE(
700318f3 2986 [
2987#include <sys/types.h>
2988#include <sys/socket.h>
2989#include <sys/uio.h>
fba3c309 2990int main() {
2991#ifdef msg_accrights
996d5e62 2992#error "msg_accrights is a macro"
fba3c309 2993exit(1);
2994#endif
2995struct msghdr m;
2996m.msg_accrights = 0;
2997exit(0);
2998}
700318f3 2999 ],
700318f3 3000 [ ac_cv_have_accrights_in_msghdr="yes" ],
3001 [ ac_cv_have_accrights_in_msghdr="no" ]
3002 )
3003])
3004if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2c06c99b 3005 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3006 [Define if your system uses access rights style
3007 file descriptor passing])
700318f3 3008fi
3009
3010AC_CACHE_CHECK([for msg_control field in struct msghdr],
3011 ac_cv_have_control_in_msghdr, [
996d5e62 3012 AC_COMPILE_IFELSE(
700318f3 3013 [
3014#include <sys/types.h>
3015#include <sys/socket.h>
3016#include <sys/uio.h>
fba3c309 3017int main() {
3018#ifdef msg_control
996d5e62 3019#error "msg_control is a macro"
fba3c309 3020exit(1);
3021#endif
3022struct msghdr m;
3023m.msg_control = 0;
3024exit(0);
3025}
700318f3 3026 ],
700318f3 3027 [ ac_cv_have_control_in_msghdr="yes" ],
3028 [ ac_cv_have_control_in_msghdr="no" ]
3029 )
3030])
3031if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2c06c99b 3032 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3033 [Define if your system uses ancillary data style
3034 file descriptor passing])
700318f3 3035fi
3036
3c0ef626 3037AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
cdd66111 3038 AC_TRY_LINK([],
3039 [ extern char *__progname; printf("%s", __progname); ],
3c0ef626 3040 [ ac_cv_libc_defines___progname="yes" ],
3041 [ ac_cv_libc_defines___progname="no" ]
3042 )
3043])
3044if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2c06c99b 3045 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3c0ef626 3046fi
3047
700318f3 3048AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3049 AC_TRY_LINK([
3050#include <stdio.h>
cdd66111 3051],
3052 [ printf("%s", __FUNCTION__); ],
700318f3 3053 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3054 [ ac_cv_cc_implements___FUNCTION__="no" ]
3055 )
3056])
3057if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2c06c99b 3058 AC_DEFINE(HAVE___FUNCTION__, 1,
3059 [Define if compiler implements __FUNCTION__])
700318f3 3060fi
3061
3062AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3063 AC_TRY_LINK([
3064#include <stdio.h>
cdd66111 3065],
3066 [ printf("%s", __func__); ],
700318f3 3067 [ ac_cv_cc_implements___func__="yes" ],
3068 [ ac_cv_cc_implements___func__="no" ]
3069 )
3070])
3071if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2c06c99b 3072 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3073fi
3074
3075AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3076 AC_TRY_LINK(
3077 [#include <stdarg.h>
3078 va_list x,y;],
3079 [va_copy(x,y);],
3080 [ ac_cv_have_va_copy="yes" ],
3081 [ ac_cv_have_va_copy="no" ]
3082 )
3083])
3084if test "x$ac_cv_have_va_copy" = "xyes" ; then
3085 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3086fi
3087
3088AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3089 AC_TRY_LINK(
3090 [#include <stdarg.h>
3091 va_list x,y;],
3092 [__va_copy(x,y);],
3093 [ ac_cv_have___va_copy="yes" ],
3094 [ ac_cv_have___va_copy="no" ]
3095 )
3096])
3097if test "x$ac_cv_have___va_copy" = "xyes" ; then
3098 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
700318f3 3099fi
3100
3c0ef626 3101AC_CACHE_CHECK([whether getopt has optreset support],
3102 ac_cv_have_getopt_optreset, [
3103 AC_TRY_LINK(
3104 [
3105#include <getopt.h>
3106 ],
3107 [ extern int optreset; optreset = 0; ],
3108 [ ac_cv_have_getopt_optreset="yes" ],
3109 [ ac_cv_have_getopt_optreset="no" ]
3110 )
3111])
3112if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2c06c99b 3113 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3114 [Define if your getopt(3) defines and uses optreset])
3c0ef626 3115fi
3116
3117AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
cdd66111 3118 AC_TRY_LINK([],
3119 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3c0ef626 3120 [ ac_cv_libc_defines_sys_errlist="yes" ],
3121 [ ac_cv_libc_defines_sys_errlist="no" ]
3122 )
3123])
3124if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2c06c99b 3125 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3126 [Define if your system defines sys_errlist[]])
3c0ef626 3127fi
3128
3129
3130AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
cdd66111 3131 AC_TRY_LINK([],
3132 [ extern int sys_nerr; printf("%i", sys_nerr);],
3c0ef626 3133 [ ac_cv_libc_defines_sys_nerr="yes" ],
3134 [ ac_cv_libc_defines_sys_nerr="no" ]
3135 )
3136])
3137if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2c06c99b 3138 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3c0ef626 3139fi
3140
cdd66111 3141SCARD_MSG="no"
700318f3 3142# Check whether user wants sectok support
3143AC_ARG_WITH(sectok,
3144 [ --with-sectok Enable smartcard support using libsectok],
3c0ef626 3145 [
3146 if test "x$withval" != "xno" ; then
3147 if test "x$withval" != "xyes" ; then
3148 CPPFLAGS="$CPPFLAGS -I${withval}"
3149 LDFLAGS="$LDFLAGS -L${withval}"
3150 if test ! -z "$need_dash_r" ; then
3151 LDFLAGS="$LDFLAGS -R${withval}"
3152 fi
3153 if test ! -z "$blibpath" ; then
3154 blibpath="$blibpath:${withval}"
3155 fi
3156 fi
3157 AC_CHECK_HEADERS(sectok.h)
3158 if test "$ac_cv_header_sectok_h" != yes; then
3159 AC_MSG_ERROR(Can't find sectok.h)
3160 fi
3161 AC_CHECK_LIB(sectok, sectok_open)
3162 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3163 AC_MSG_ERROR(Can't find libsectok)
3164 fi
2c06c99b 3165 AC_DEFINE(SMARTCARD, 1,
3166 [Define if you want smartcard support])
3167 AC_DEFINE(USE_SECTOK, 1,
3168 [Define if you want smartcard support
3169 using sectok])
cdd66111 3170 SCARD_MSG="yes, using sectok"
3c0ef626 3171 fi
3172 ]
3173)
3174
700318f3 3175# Check whether user wants OpenSC support
dec6d9fe 3176OPENSC_CONFIG="no"
700318f3 3177AC_ARG_WITH(opensc,
2c06c99b 3178 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
dec6d9fe 3179 [
3180 if test "x$withval" != "xno" ; then
3181 if test "x$withval" != "xyes" ; then
3182 OPENSC_CONFIG=$withval/bin/opensc-config
3183 else
3184 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3185 fi
3186 if test "$OPENSC_CONFIG" != "no"; then
3187 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3188 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3189 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
9108f8d9 3190 LIBS="$LIBS $LIBOPENSC_LIBS"
dec6d9fe 3191 AC_DEFINE(SMARTCARD)
2c06c99b 3192 AC_DEFINE(USE_OPENSC, 1,
3193 [Define if you want smartcard support
3194 using OpenSC])
dec6d9fe 3195 SCARD_MSG="yes, using OpenSC"
3196 fi
3197 fi
3198 ]
3199)
700318f3 3200
cdd66111 3201# Check libraries needed by DNS fingerprint support
3202AC_SEARCH_LIBS(getrrsetbyname, resolv,
2c06c99b 3203 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3204 [Define if getrrsetbyname() exists])],
0fff78ff 3205 [
cdd66111 3206 # Needed by our getrrsetbyname()
3207 AC_SEARCH_LIBS(res_query, resolv)
3208 AC_SEARCH_LIBS(dn_expand, resolv)
c9f39d2c 3209 AC_MSG_CHECKING(if res_query will link)
3210 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3211 [AC_MSG_RESULT(no)
3212 saved_LIBS="$LIBS"
3213 LIBS="$LIBS -lresolv"
3214 AC_MSG_CHECKING(for res_query in -lresolv)
3215 AC_LINK_IFELSE([
3216#include <resolv.h>
3217int main()
3218{
3219 res_query (0, 0, 0, 0, 0);
3220 return 0;
3221}
3222 ],
3223 [LIBS="$LIBS -lresolv"
3224 AC_MSG_RESULT(yes)],
3225 [LIBS="$saved_LIBS"
3226 AC_MSG_RESULT(no)])
3227 ])
cdd66111 3228 AC_CHECK_FUNCS(_getshort _getlong)
665a873d 3229 AC_CHECK_DECLS([_getshort, _getlong], , ,
3230 [#include <sys/types.h>
3231 #include <arpa/nameser.h>])
cdd66111 3232 AC_CHECK_MEMBER(HEADER.ad,
2c06c99b 3233 [AC_DEFINE(HAVE_HEADER_AD, 1,
3234 [Define if HEADER.ad exists in arpa/nameser.h])],,
cdd66111 3235 [#include <arpa/nameser.h>])
3236 ])
0fff78ff 3237
d4487008 3238AC_MSG_CHECKING(if struct __res_state _res is an extern)
3239AC_LINK_IFELSE([
3240#include <stdio.h>
3241#if HAVE_SYS_TYPES_H
3242# include <sys/types.h>
3243#endif
3244#include <netinet/in.h>
3245#include <arpa/nameser.h>
3246#include <resolv.h>
3247extern struct __res_state _res;
3248int main() { return 0; }
3249 ],
3250 [AC_MSG_RESULT(yes)
3251 AC_DEFINE(HAVE__RES_EXTERN, 1,
3252 [Define if you have struct __res_state _res as an extern])
3253 ],
3254 [ AC_MSG_RESULT(no) ]
3255)
3256
9108f8d9 3257# Check whether user wants SELinux support
3258SELINUX_MSG="no"
3259LIBSELINUX=""
3260AC_ARG_WITH(selinux,
47686178 3261 [ --with-selinux Enable SELinux support],
9108f8d9 3262 [ if test "x$withval" != "xno" ; then
d4487008 3263 save_LIBS="$LIBS"
9108f8d9 3264 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3265 SELINUX_MSG="yes"
3266 AC_CHECK_HEADER([selinux/selinux.h], ,
3267 AC_MSG_ERROR(SELinux support requires selinux.h header))
3268 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3269 AC_MSG_ERROR(SELinux support requires libselinux library))
d4487008 3270 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
9108f8d9 3271 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
ff7ec503 3272 LIBS="$save_LIBS"
9108f8d9 3273 fi ]
3274)
9108f8d9 3275
700318f3 3276# Check whether user wants Kerberos 5 support
cdd66111 3277KRB5_MSG="no"
700318f3 3278AC_ARG_WITH(kerberos5,
cdd66111 3279 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3280 [ if test "x$withval" != "xno" ; then
3281 if test "x$withval" = "xyes" ; then
3282 KRB5ROOT="/usr/local"
3283 else
3284 KRB5ROOT=${withval}
3285 fi
3286
2c06c99b 3287 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
cdd66111 3288 KRB5_MSG="yes"
3289
3290 AC_MSG_CHECKING(for krb5-config)
3291 if test -x $KRB5ROOT/bin/krb5-config ; then
3292 KRB5CONF=$KRB5ROOT/bin/krb5-config
3293 AC_MSG_RESULT($KRB5CONF)
3294
3295 AC_MSG_CHECKING(for gssapi support)
3296 if $KRB5CONF | grep gssapi >/dev/null ; then
3297 AC_MSG_RESULT(yes)
2c06c99b 3298 AC_DEFINE(GSSAPI, 1,
3299 [Define this if you want GSSAPI
3300 support in the version 2 protocol])
cdd66111 3301 k5confopts=gssapi
3302 else
3303 AC_MSG_RESULT(no)
3304 k5confopts=""
3305 fi
3306 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3307 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3308 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3309 AC_MSG_CHECKING(whether we are using Heimdal)
3310 AC_TRY_COMPILE([ #include <krb5.h> ],
3311 [ char *tmp = heimdal_version; ],
3312 [ AC_MSG_RESULT(yes)
2c06c99b 3313 AC_DEFINE(HEIMDAL, 1,
3314 [Define this if you are using the
3315 Heimdal version of Kerberos V5]) ],
cdd66111 3316 AC_MSG_RESULT(no)
3317 )
3318 else
3319 AC_MSG_RESULT(no)
700318f3 3320 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
cdd66111 3321 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3322 AC_MSG_CHECKING(whether we are using Heimdal)
3323 AC_TRY_COMPILE([ #include <krb5.h> ],
3324 [ char *tmp = heimdal_version; ],
3325 [ AC_MSG_RESULT(yes)
3326 AC_DEFINE(HEIMDAL)
c9f39d2c 3327 K5LIBS="-lkrb5 -ldes"
3328 K5LIBS="$K5LIBS -lcom_err -lasn1"
dec6d9fe 3329 AC_CHECK_LIB(roken, net_write,
c9f39d2c 3330 [K5LIBS="$K5LIBS -lroken"])
cdd66111 3331 ],
3332 [ AC_MSG_RESULT(no)
3333 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3334 ]
3335 )
0fff78ff 3336 AC_SEARCH_LIBS(dn_expand, resolv)
3337
3338 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3339 [ AC_DEFINE(GSSAPI)
3340 K5LIBS="-lgssapi $K5LIBS" ],
3341 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3342 [ AC_DEFINE(GSSAPI)
cdd66111 3343 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
0fff78ff 3344 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3345 $K5LIBS)
3346 ],
3347 $K5LIBS)
dec6d9fe 3348
0fff78ff 3349 AC_CHECK_HEADER(gssapi.h, ,
3350 [ unset ac_cv_header_gssapi_h
cdd66111 3351 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
0fff78ff 3352 AC_CHECK_HEADERS(gssapi.h, ,
3353 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
cdd66111 3354 )
0fff78ff 3355 ]
3356 )
3357
3358 oldCPP="$CPPFLAGS"
3359 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3360 AC_CHECK_HEADER(gssapi_krb5.h, ,
3361 [ CPPFLAGS="$oldCPP" ])
700318f3 3362
cdd66111 3363 fi
3364 if test ! -z "$need_dash_r" ; then
3365 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3366 fi
3367 if test ! -z "$blibpath" ; then
3368 blibpath="$blibpath:${KRB5ROOT}/lib"
3369 fi
cdd66111 3370
2c06c99b 3371 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3372 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3373 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
cdd66111 3374
2c06c99b 3375 LIBS="$LIBS $K5LIBS"
3376 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3377 [Define this if you want to use libkafs' AFS support]))
3378 fi
cdd66111 3379 ]
700318f3 3380)
3c0ef626 3381
3382# Looking for programs, paths and files
3c0ef626 3383
700318f3 3384PRIVSEP_PATH=/var/empty
3385AC_ARG_WITH(privsep-path,
41b2f314 3386 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
700318f3 3387 [
dec6d9fe 3388 if test -n "$withval" && test "x$withval" != "xno" && \
3389 test "x${withval}" != "xyes"; then
700318f3 3390 PRIVSEP_PATH=$withval
3391 fi
3392 ]
3393)
3394AC_SUBST(PRIVSEP_PATH)
3395
3c0ef626 3396AC_ARG_WITH(xauth,
3397 [ --with-xauth=PATH Specify path to xauth program ],
3398 [
dec6d9fe 3399 if test -n "$withval" && test "x$withval" != "xno" && \
3400 test "x${withval}" != "xyes"; then
3c0ef626 3401 xauth_path=$withval
3402 fi
3403 ],
3404 [
41b2f314 3405 TestPath="$PATH"
3406 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3407 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3408 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3409 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3410 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3c0ef626 3411 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3412 xauth_path="/usr/openwin/bin/xauth"
3413 fi
3414 ]
3415)
3416
6a9b3198 3417STRIP_OPT=-s
3418AC_ARG_ENABLE(strip,
3419 [ --disable-strip Disable calling strip(1) on install],
3420 [
3421 if test "x$enableval" = "xno" ; then
3422 STRIP_OPT=
3423 fi
3424 ]
3425)
3426AC_SUBST(STRIP_OPT)
3427
3c0ef626 3428if test -z "$xauth_path" ; then
3429 XAUTH_PATH="undefined"
3430 AC_SUBST(XAUTH_PATH)
3431else
2c06c99b 3432 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3433 [Define if xauth is found in your path])
3c0ef626 3434 XAUTH_PATH=$xauth_path
3435 AC_SUBST(XAUTH_PATH)
3436fi
3c0ef626 3437
3438# Check for mail directory (last resort if we cannot get it from headers)
3439if test ! -z "$MAIL" ; then
3440 maildir=`dirname $MAIL`
2c06c99b 3441 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3442 [Set this to your mail directory if you don't have maillock.h])
3c0ef626 3443fi
3444
996d5e62 3445if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3446 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3447 disable_ptmx_check=yes
3448fi
3c0ef626 3449if test -z "$no_dev_ptmx" ; then
700318f3 3450 if test "x$disable_ptmx_check" != "xyes" ; then
cdd66111 3451 AC_CHECK_FILE("/dev/ptmx",
700318f3 3452 [
2c06c99b 3453 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3454 [Define if you have /dev/ptmx])
700318f3 3455 have_dev_ptmx=1
3456 ]
3457 )
3458 fi
3c0ef626 3459fi
996d5e62 3460
3461if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3462 AC_CHECK_FILE("/dev/ptc",
3463 [
2c06c99b 3464 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3465 [Define if you have /dev/ptc])
996d5e62 3466 have_dev_ptc=1
3467 ]
3468 )
3469else
3470 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3471fi
3c0ef626 3472
3473# Options from here on. Some of these are preset by platform above
3c0ef626 3474AC_ARG_WITH(mantype,
3475 [ --with-mantype=man|cat|doc Set man page type],
3476 [
3477 case "$withval" in
3478 man|cat|doc)
3479 MANTYPE=$withval
3480 ;;
3481 *)
3482 AC_MSG_ERROR(invalid man type: $withval)
3483 ;;
3484 esac
3485 ]
3486)
3487if test -z "$MANTYPE"; then
41b2f314 3488 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3489 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3c0ef626 3490 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3491 MANTYPE=doc
3492 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3493 MANTYPE=man
3494 else
3495 MANTYPE=cat
3496 fi
3497fi
3498AC_SUBST(MANTYPE)
3499if test "$MANTYPE" = "doc"; then
3500 mansubdir=man;
3501else
3502 mansubdir=$MANTYPE;
3503fi
3504AC_SUBST(mansubdir)
3505
3506# Check whether to enable MD5 passwords
cdd66111 3507MD5_MSG="no"
3c0ef626 3508AC_ARG_WITH(md5-passwords,
3509 [ --with-md5-passwords Enable use of MD5 passwords],
3510 [
3511 if test "x$withval" != "xno" ; then
2c06c99b 3512 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3513 [Define if you want to allow MD5 passwords])
cdd66111 3514 MD5_MSG="yes"
3c0ef626 3515 fi
3516 ]
3517)
3518
3519# Whether to disable shadow password support
3520AC_ARG_WITH(shadow,
3521 [ --without-shadow Disable shadow password support],
3522 [
dec6d9fe 3523 if test "x$withval" = "xno" ; then
3c0ef626 3524 AC_DEFINE(DISABLE_SHADOW)
3525 disable_shadow=yes
3526 fi
3527 ]
3528)
3529
3530if test -z "$disable_shadow" ; then
3531 AC_MSG_CHECKING([if the systems has expire shadow information])
3532 AC_TRY_COMPILE(
3533 [
3534#include <sys/types.h>
3535#include <shadow.h>
3536 struct spwd sp;
3537 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3538 [ sp_expire_available=yes ], []
3539 )
3540
3541 if test "x$sp_expire_available" = "xyes" ; then
3542 AC_MSG_RESULT(yes)
2c06c99b 3543 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3544 [Define if you want to use shadow password expire field])
3c0ef626 3545 else
3546 AC_MSG_RESULT(no)
3547 fi
3548fi
3549
3550# Use ip address instead of hostname in $DISPLAY
3551if test ! -z "$IPADDR_IN_DISPLAY" ; then
3552 DISPLAY_HACK_MSG="yes"
2c06c99b 3553 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3554 [Define if you need to use IP address
3555 instead of hostname in $DISPLAY])
3c0ef626 3556else
cdd66111 3557 DISPLAY_HACK_MSG="no"
3c0ef626 3558 AC_ARG_WITH(ipaddr-display,
3559 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3560 [
dec6d9fe 3561 if test "x$withval" != "xno" ; then
3c0ef626 3562 AC_DEFINE(IPADDR_IN_DISPLAY)
cdd66111 3563 DISPLAY_HACK_MSG="yes"
3c0ef626 3564 fi
3565 ]
3566 )
3567fi
3568
0fff78ff 3569# check for /etc/default/login and use it if present.
acc3d05e 3570AC_ARG_ENABLE(etc-default-login,
996d5e62 3571 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3572 [ if test "x$enableval" = "xno"; then
3573 AC_MSG_NOTICE([/etc/default/login handling disabled])
3574 etc_default_login=no
3575 else
3576 etc_default_login=yes
3577 fi ],
2c06c99b 3578 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3579 then
3580 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3581 etc_default_login=no
3582 else
3583 etc_default_login=yes
3584 fi ]
996d5e62 3585)
0fff78ff 3586
996d5e62 3587if test "x$etc_default_login" != "xno"; then
3588 AC_CHECK_FILE("/etc/default/login",
3589 [ external_path_file=/etc/default/login ])
2c06c99b 3590 if test "x$external_path_file" = "x/etc/default/login"; then
3591 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3592 [Define if your system has /etc/default/login])
996d5e62 3593 fi
0fff78ff 3594fi
3595
700318f3 3596dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
dec6d9fe 3597if test $ac_cv_func_login_getcapbool = "yes" && \
3598 test $ac_cv_header_login_cap_h = "yes" ; then
0fff78ff 3599 external_path_file=/etc/login.conf
700318f3 3600fi
0fff78ff 3601
3c0ef626 3602# Whether to mess with the default path
cdd66111 3603SERVER_PATH_MSG="(default)"
3c0ef626 3604AC_ARG_WITH(default-path,
700318f3 3605 [ --with-default-path= Specify default \$PATH environment for server],
3c0ef626 3606 [
0fff78ff 3607 if test "x$external_path_file" = "x/etc/login.conf" ; then
700318f3 3608 AC_MSG_WARN([
3609--with-default-path=PATH has no effect on this system.
3610Edit /etc/login.conf instead.])
dec6d9fe 3611 elif test "x$withval" != "xno" ; then
0fff78ff 3612 if test ! -z "$external_path_file" ; then
3613 AC_MSG_WARN([
3614--with-default-path=PATH will only be used if PATH is not defined in
3615$external_path_file .])
3616 fi
3c0ef626 3617 user_path="$withval"
cdd66111 3618 SERVER_PATH_MSG="$withval"
3c0ef626 3619 fi
3620 ],
0fff78ff 3621 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3622 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
700318f3 3623 else
0fff78ff 3624 if test ! -z "$external_path_file" ; then
3625 AC_MSG_WARN([
3626If PATH is defined in $external_path_file, ensure the path to scp is included,
3627otherwise scp will not work.])
3628 fi
2c06c99b 3629 AC_RUN_IFELSE(
3630 [AC_LANG_SOURCE([[
3c0ef626 3631/* find out what STDPATH is */
3632#include <stdio.h>
3633#ifdef HAVE_PATHS_H
3634# include <paths.h>
3635#endif
3636#ifndef _PATH_STDPATH
6a9b3198 3637# ifdef _PATH_USERPATH /* Irix */
3638# define _PATH_STDPATH _PATH_USERPATH
3639# else
3640# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3641# endif
3c0ef626 3642#endif
3643#include <sys/types.h>
3644#include <sys/stat.h>
3645#include <fcntl.h>
3646#define DATA "conftest.stdpath"
3647
3648main()
3649{
3650 FILE *fd;
3651 int rc;
dec6d9fe 3652
3c0ef626 3653 fd = fopen(DATA,"w");
3654 if(fd == NULL)
3655 exit(1);
dec6d9fe 3656
3c0ef626 3657 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3658 exit(1);
3659
3660 exit(0);
3661}
2c06c99b 3662 ]])],
3663 [ user_path=`cat conftest.stdpath` ],
3c0ef626 3664 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3665 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3666 )
3667# make sure $bindir is in USER_PATH so scp will work
3668 t_bindir=`eval echo ${bindir}`
3669 case $t_bindir in
3670 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3671 esac
3672 case $t_bindir in
3673 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3674 esac
3675 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3676 if test $? -ne 0 ; then
3677 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3678 if test $? -ne 0 ; then
3679 user_path=$user_path:$t_bindir
3680 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3681 fi
3682 fi
700318f3 3683 fi ]
3684)
0fff78ff 3685if test "x$external_path_file" != "x/etc/login.conf" ; then
2c06c99b 3686 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
700318f3 3687 AC_SUBST(user_path)
3688fi
3689
3690# Set superuser path separately to user path
700318f3 3691AC_ARG_WITH(superuser-path,
3692 [ --with-superuser-path= Specify different path for super-user],
3693 [
dec6d9fe 3694 if test -n "$withval" && test "x$withval" != "xno" && \
3695 test "x${withval}" != "xyes"; then
2c06c99b 3696 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3697 [Define if you want a different $PATH
3698 for the superuser])
700318f3 3699 superuser_path=$withval
3700 fi
3c0ef626 3701 ]
3702)
700318f3 3703
3c0ef626 3704
3c0ef626 3705AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
cdd66111 3706IPV4_IN6_HACK_MSG="no"
3c0ef626 3707AC_ARG_WITH(4in6,
3708 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3709 [
3710 if test "x$withval" != "xno" ; then
3711 AC_MSG_RESULT(yes)
2c06c99b 3712 AC_DEFINE(IPV4_IN_IPV6, 1,
3713 [Detect IPv4 in IPv6 mapped addresses
3714 and treat as IPv4])
cdd66111 3715 IPV4_IN6_HACK_MSG="yes"
3c0ef626 3716 else
3717 AC_MSG_RESULT(no)
3718 fi
3719 ],[
3720 if test "x$inet6_default_4in6" = "xyes"; then
3721 AC_MSG_RESULT([yes (default)])
3722 AC_DEFINE(IPV4_IN_IPV6)
cdd66111 3723 IPV4_IN6_HACK_MSG="yes"
3c0ef626 3724 else
3725 AC_MSG_RESULT([no (default)])
3726 fi
3727 ]
3728)
3729
3730# Whether to enable BSD auth support
e9a17296 3731BSD_AUTH_MSG=no
3c0ef626 3732AC_ARG_WITH(bsd-auth,
3733 [ --with-bsd-auth Enable BSD auth support],
3734 [
dec6d9fe 3735 if test "x$withval" != "xno" ; then
2c06c99b 3736 AC_DEFINE(BSD_AUTH, 1,
3737 [Define if you have BSD auth support])
e9a17296 3738 BSD_AUTH_MSG=yes
3c0ef626 3739 fi
3740 ]
3741)
3742
3c0ef626 3743# Where to place sshd.pid
3744piddir=/var/run
700318f3 3745# make sure the directory exists
dec6d9fe 3746if test ! -d $piddir ; then
700318f3 3747 piddir=`eval echo ${sysconfdir}`
3748 case $piddir in
cdd66111 3749 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
700318f3 3750 esac
3751fi
3752
3c0ef626 3753AC_ARG_WITH(pid-dir,
3754 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3755 [
dec6d9fe 3756 if test -n "$withval" && test "x$withval" != "xno" && \
3757 test "x${withval}" != "xyes"; then
3c0ef626 3758 piddir=$withval
dec6d9fe 3759 if test ! -d $piddir ; then
700318f3 3760 AC_MSG_WARN([** no $piddir directory on this system **])
3761 fi
3c0ef626 3762 fi
3763 ]
3764)
3765
2c06c99b 3766AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3c0ef626 3767AC_SUBST(piddir)
3768
3769dnl allow user to disable some login recording features
3770AC_ARG_ENABLE(lastlog,
3771 [ --disable-lastlog disable use of lastlog even if detected [no]],
0fff78ff 3772 [
3773 if test "x$enableval" = "xno" ; then
3774 AC_DEFINE(DISABLE_LASTLOG)
3775 fi
3776 ]
3c0ef626 3777)
3778AC_ARG_ENABLE(utmp,
3779 [ --disable-utmp disable use of utmp even if detected [no]],
0fff78ff 3780 [
3781 if test "x$enableval" = "xno" ; then
3782 AC_DEFINE(DISABLE_UTMP)
3783 fi
3784 ]
3c0ef626 3785)
3786AC_ARG_ENABLE(utmpx,
3787 [ --disable-utmpx disable use of utmpx even if detected [no]],
0fff78ff 3788 [
3789 if test "x$enableval" = "xno" ; then
2c06c99b 3790 AC_DEFINE(DISABLE_UTMPX, 1,
3791 [Define if you don't want to use utmpx])
0fff78ff 3792 fi
3793 ]
3c0ef626 3794)
3795AC_ARG_ENABLE(wtmp,
3796 [ --disable-wtmp disable use of wtmp even if detected [no]],
0fff78ff 3797 [
3798 if test "x$enableval" = "xno" ; then
3799 AC_DEFINE(DISABLE_WTMP)
3800 fi
3801 ]
3c0ef626 3802)
3803AC_ARG_ENABLE(wtmpx,
3804 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
0fff78ff 3805 [
3806 if test "x$enableval" = "xno" ; then
2c06c99b 3807 AC_DEFINE(DISABLE_WTMPX, 1,
3808 [Define if you don't want to use wtmpx])
0fff78ff 3809 fi
3810 ]
3c0ef626 3811)
3812AC_ARG_ENABLE(libutil,
3813 [ --disable-libutil disable use of libutil (login() etc.) [no]],
0fff78ff 3814 [
3815 if test "x$enableval" = "xno" ; then
3816 AC_DEFINE(DISABLE_LOGIN)
3817 fi
3818 ]
3c0ef626 3819)
3820AC_ARG_ENABLE(pututline,
3821 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
0fff78ff 3822 [
3823 if test "x$enableval" = "xno" ; then
2c06c99b 3824 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3825 [Define if you don't want to use pututline()
3826 etc. to write [uw]tmp])
0fff78ff 3827 fi
3828 ]
3c0ef626 3829)
3830AC_ARG_ENABLE(pututxline,
3831 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
0fff78ff 3832 [
3833 if test "x$enableval" = "xno" ; then
2c06c99b 3834 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3835 [Define if you don't want to use pututxline()
3836 etc. to write [uw]tmpx])
0fff78ff 3837 fi
3838 ]
3c0ef626 3839)
3840AC_ARG_WITH(lastlog,
3841 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3842 [
dec6d9fe 3843 if test "x$withval" = "xno" ; then
3c0ef626 3844 AC_DEFINE(DISABLE_LASTLOG)
dec6d9fe 3845 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3c0ef626 3846 conf_lastlog_location=$withval
3847 fi
3848 ]
3849)
3850
3851dnl lastlog, [uw]tmpx? detection
3852dnl NOTE: set the paths in the platform section to avoid the
3853dnl need for command-line parameters
3854dnl lastlog and [uw]tmp are subject to a file search if all else fails
3855
3856dnl lastlog detection
3857dnl NOTE: the code itself will detect if lastlog is a directory
3858AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3859AC_TRY_COMPILE([
3860#include <sys/types.h>
3861#include <utmp.h>
3862#ifdef HAVE_LASTLOG_H
3863# include <lastlog.h>
3864#endif
3865#ifdef HAVE_PATHS_H
3866# include <paths.h>
3867#endif
3868#ifdef HAVE_LOGIN_H
3869# include <login.h>
3870#endif
3871 ],
3872 [ char *lastlog = LASTLOG_FILE; ],
3873 [ AC_MSG_RESULT(yes) ],
3874 [
3875 AC_MSG_RESULT(no)
3876 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3877 AC_TRY_COMPILE([
3878#include <sys/types.h>
3879#include <utmp.h>
3880#ifdef HAVE_LASTLOG_H
3881# include <lastlog.h>
3882#endif
3883#ifdef HAVE_PATHS_H
3884# include <paths.h>
3885#endif
3886 ],
3887 [ char *lastlog = _PATH_LASTLOG; ],
3888 [ AC_MSG_RESULT(yes) ],
3889 [
3890 AC_MSG_RESULT(no)
3891 system_lastlog_path=no
3892 ])
3893 ]
3894)
3895
3896if test -z "$conf_lastlog_location"; then
3897 if test x"$system_lastlog_path" = x"no" ; then
3898 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3899 if (test -d "$f" || test -f "$f") ; then
3900 conf_lastlog_location=$f
3901 fi
3902 done
3903 if test -z "$conf_lastlog_location"; then
3904 AC_MSG_WARN([** Cannot find lastlog **])
3905 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3906 fi
3907 fi
3908fi
3909
3910if test -n "$conf_lastlog_location"; then
2c06c99b 3911 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3912 [Define if you want to specify the path to your lastlog file])
dec6d9fe 3913fi
3c0ef626 3914
3915dnl utmp detection
3916AC_MSG_CHECKING([if your system defines UTMP_FILE])
3917AC_TRY_COMPILE([
3918#include <sys/types.h>
3919#include <utmp.h>
3920#ifdef HAVE_PATHS_H
3921# include <paths.h>
3922#endif
3923 ],
3924 [ char *utmp = UTMP_FILE; ],
3925 [ AC_MSG_RESULT(yes) ],
3926 [ AC_MSG_RESULT(no)
3927 system_utmp_path=no ]
3928)
3929if test -z "$conf_utmp_location"; then
3930 if test x"$system_utmp_path" = x"no" ; then
3931 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3932 if test -f $f ; then
3933 conf_utmp_location=$f
3934 fi
3935 done
3936 if test -z "$conf_utmp_location"; then
3937 AC_DEFINE(DISABLE_UTMP)
3938 fi
3939 fi
3940fi
3941if test -n "$conf_utmp_location"; then
2c06c99b 3942 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3943 [Define if you want to specify the path to your utmp file])
dec6d9fe 3944fi
3c0ef626 3945
3946dnl wtmp detection
3947AC_MSG_CHECKING([if your system defines WTMP_FILE])
3948AC_TRY_COMPILE([
3949#include <sys/types.h>
3950#include <utmp.h>
3951#ifdef HAVE_PATHS_H
3952# include <paths.h>
3953#endif
3954 ],
3955 [ char *wtmp = WTMP_FILE; ],
3956 [ AC_MSG_RESULT(yes) ],
3957 [ AC_MSG_RESULT(no)
3958 system_wtmp_path=no ]
3959)
3960if test -z "$conf_wtmp_location"; then
3961 if test x"$system_wtmp_path" = x"no" ; then
3962 for f in /usr/adm/wtmp /var/log/wtmp; do
3963 if test -f $f ; then
3964 conf_wtmp_location=$f
3965 fi
3966 done
3967 if test -z "$conf_wtmp_location"; then
3968 AC_DEFINE(DISABLE_WTMP)
3969 fi
3970 fi
3971fi
3972if test -n "$conf_wtmp_location"; then
2c06c99b 3973 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3974 [Define if you want to specify the path to your wtmp file])
dec6d9fe 3975fi
3c0ef626 3976
3977
3978dnl utmpx detection - I don't know any system so perverse as to require
3979dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3980dnl there, though.
3981AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3982AC_TRY_COMPILE([
3983#include <sys/types.h>
3984#include <utmp.h>
3985#ifdef HAVE_UTMPX_H
3986#include <utmpx.h>
3987#endif
3988#ifdef HAVE_PATHS_H
3989# include <paths.h>
3990#endif
3991 ],
3992 [ char *utmpx = UTMPX_FILE; ],
3993 [ AC_MSG_RESULT(yes) ],
3994 [ AC_MSG_RESULT(no)
3995 system_utmpx_path=no ]
3996)
3997if test -z "$conf_utmpx_location"; then
3998 if test x"$system_utmpx_path" = x"no" ; then
3999 AC_DEFINE(DISABLE_UTMPX)
4000 fi
4001else
2c06c99b 4002 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4003 [Define if you want to specify the path to your utmpx file])
dec6d9fe 4004fi
3c0ef626 4005
4006dnl wtmpx detection
4007AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4008AC_TRY_COMPILE([
4009#include <sys/types.h>
4010#include <utmp.h>
4011#ifdef HAVE_UTMPX_H
4012#include <utmpx.h>
4013#endif
4014#ifdef HAVE_PATHS_H
4015# include <paths.h>
4016#endif
4017 ],
4018 [ char *wtmpx = WTMPX_FILE; ],
4019 [ AC_MSG_RESULT(yes) ],
4020 [ AC_MSG_RESULT(no)
4021 system_wtmpx_path=no ]
4022)
4023if test -z "$conf_wtmpx_location"; then
4024 if test x"$system_wtmpx_path" = x"no" ; then
4025 AC_DEFINE(DISABLE_WTMPX)
4026 fi
4027else
2c06c99b 4028 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4029 [Define if you want to specify the path to your wtmpx file])
dec6d9fe 4030fi
3c0ef626 4031
4032
3c0ef626 4033if test ! -z "$blibpath" ; then
7e772e1f 4034 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4035 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3c0ef626 4036fi
4037
665a873d 4038dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4039dnl Add now.
4040CFLAGS="$CFLAGS $werror_flags"
4041
e9a17296 4042AC_EXEEXT
9108f8d9 4043AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4044 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
996d5e62 4045 scard/Makefile ssh_prng_cmds survey.sh])
3c0ef626 4046AC_OUTPUT
4047
4048# Print summary of options
4049
3c0ef626 4050# Someone please show me a better way :)
4051A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4052B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4053C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4054D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4055E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4056F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4057G=`eval echo ${piddir}` ; G=`eval echo ${G}`
700318f3 4058H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4059I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4060J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3c0ef626 4061
4062echo ""
4063echo "OpenSSH has been configured with the following options:"
700318f3 4064echo " User binaries: $B"
4065echo " System binaries: $C"
4066echo " Configuration files: $D"
4067echo " Askpass program: $E"
4068echo " Manual pages: $F"
4069echo " PID file: $G"
4070echo " Privilege separation chroot path: $H"
0fff78ff 4071if test "x$external_path_file" = "x/etc/login.conf" ; then
4072echo " At runtime, sshd will use the path defined in $external_path_file"
4073echo " Make sure the path to scp is present, otherwise scp will not work"
700318f3 4074else
4075echo " sshd default user PATH: $I"
0fff78ff 4076 if test ! -z "$external_path_file"; then
4077echo " (If PATH is set in $external_path_file it will be used instead. If"
4078echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4079 fi
700318f3 4080fi
4081if test ! -z "$superuser_path" ; then
4082echo " sshd superuser user PATH: $J"
4083fi
4084echo " Manpage format: $MANTYPE"
0fff78ff 4085echo " PAM support: $PAM_MSG"
9108f8d9 4086echo " OSF SIA support: $SIA_MSG"
700318f3 4087echo " KerberosV support: $KRB5_MSG"
9108f8d9 4088echo " SELinux support: $SELINUX_MSG"
700318f3 4089echo " Smartcard support: $SCARD_MSG"
700318f3 4090echo " S/KEY support: $SKEY_MSG"
4091echo " TCP Wrappers support: $TCPW_MSG"
4092echo " MD5 password support: $MD5_MSG"
996d5e62 4093echo " libedit support: $LIBEDIT_MSG"
9108f8d9 4094echo " Solaris process contract support: $SPC_MSG"
700318f3 4095echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
700318f3 4096echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4097echo " BSD Auth support: $BSD_AUTH_MSG"
4098echo " Random number source: $RAND_MSG"
e9a17296 4099if test ! -z "$USE_RAND_HELPER" ; then
700318f3 4100echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3c0ef626 4101fi
4102
4103echo ""
4104
4105echo " Host: ${host}"
4106echo " Compiler: ${CC}"
4107echo " Compiler flags: ${CFLAGS}"
4108echo "Preprocessor flags: ${CPPFLAGS}"
4109echo " Linker flags: ${LDFLAGS}"
d4487008 4110echo " Libraries: ${LIBS}"
4111if test ! -z "${SSHDLIBS}"; then
4112echo " +for sshd: ${SSHDLIBS}"
4113fi
3c0ef626 4114
4115echo ""
4116
c9f39d2c 4117if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
996d5e62 4118 echo "SVR4 style packages are supported with \"make package\""
4119 echo ""
c9f39d2c 4120fi
4121
3c0ef626 4122if test "x$PAM_MSG" = "xyes" ; then
e9a17296 4123 echo "PAM is enabled. You may need to install a PAM control file "
4124 echo "for sshd, otherwise password authentication may fail. "
cdd66111 4125 echo "Example PAM control files can be found in the contrib/ "
e9a17296 4126 echo "subdirectory"
3c0ef626 4127 echo ""
4128fi
4129
e9a17296 4130if test ! -z "$RAND_HELPER_CMDHASH" ; then
4131 echo "WARNING: you are using the builtin random number collection "
4132 echo "service. Please read WARNING.RNG and request that your OS "
4133 echo "vendor includes kernel-based random number collection in "
4134 echo "future versions of your OS."
3c0ef626 4135 echo ""
4136fi
4137
c9f39d2c 4138if test ! -z "$NO_PEERCHECK" ; then
d4487008 4139 echo "WARNING: the operating system that you are using does not"
4140 echo "appear to support getpeereid(), getpeerucred() or the"
4141 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4142 echo "enforce security checks to prevent unauthorised connections to"
4143 echo "ssh-agent. Their absence increases the risk that a malicious"
4144 echo "user can connect to your agent."
c9f39d2c 4145 echo ""
4146fi
4147
996d5e62 4148if test "$AUDIT_MODULE" = "bsm" ; then
4149 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4150 echo "See the Solaris section in README.platform for details."
4151fi
git-cvsimport mirror of GSI OpenSSH
This page took 0.751886 seconds and 5 git commands to generate.