]> andersk Git - gssapi-openssh.git/blame_incremental - openssh/configure.ac
andersk / gssapi-openssh.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
merged OPENSSH_5_2P1_GSSAPI_20090225 to GPT-branch
[gssapi-openssh.git] / openssh / configure.ac
... / ...
CommitLineData
1# $Id$
2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18AC_REVISION($Revision$)
19AC_CONFIG_SRCDIR([ssh.c])
20
21AC_CONFIG_HEADER(config.h)
22
23AC_PROG_CC
24AC_CANONICAL_HOST
25AC_C_BIGENDIAN
26
27# Checks for programs.
28AC_PROG_AWK
29AC_PROG_CPP
30AC_PROG_RANLIB
31AC_PROG_INSTALL
32AC_PROG_EGREP
33AC_PATH_PROG(AR, ar)
34AC_PATH_PROG(CAT, cat)
35AC_PATH_PROG(KILL, kill)
36AC_PATH_PROGS(PERL, perl5 perl)
37AC_PATH_PROG(SED, sed)
38AC_SUBST(PERL)
39AC_PATH_PROG(ENT, ent)
40AC_SUBST(ENT)
41AC_PATH_PROG(TEST_MINUS_S_SH, bash)
42AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
43AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44AC_PATH_PROG(SH, sh)
45AC_SUBST(TEST_SHELL,sh)
46
47dnl for buildpkg.sh
48AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
49 [/usr/sbin${PATH_SEPARATOR}/etc])
50AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
51 [/usr/sbin${PATH_SEPARATOR}/etc])
52AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
53if test -x /sbin/sh; then
54 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55else
56 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
57fi
58
59# System features
60AC_SYS_LARGEFILE
61
62if test -z "$AR" ; then
63 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
64fi
65
66# Use LOGIN_PROGRAM from environment if possible
67if test ! -z "$LOGIN_PROGRAM" ; then
68 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
69 [If your header files don't define LOGIN_PROGRAM,
70 then use this (detected) from environment and PATH])
71else
72 # Search for login
73 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
74 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
75 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
76 fi
77fi
78
79AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
80if test ! -z "$PATH_PASSWD_PROG" ; then
81 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
82 [Full path of your "passwd" program])
83fi
84
85if test -z "$LD" ; then
86 LD=$CC
87fi
88AC_SUBST(LD)
89
90AC_C_INLINE
91
92AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93
94use_stack_protector=1
95AC_ARG_WITH(stackprotect,
96 [ --without-stackprotect Don't use compiler's stack protection], [
97 if test "x$withval" = "xno"; then
98 use_stack_protector=0
99 fi ])
100
101if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
102 CFLAGS="$CFLAGS -Wall -Wpointer-arith"
103 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
104 case $GCC_VER in
105 1.*) no_attrib_nonnull=1 ;;
106 2.8* | 2.9*)
107 CFLAGS="$CFLAGS -Wsign-compare"
108 no_attrib_nonnull=1
109 ;;
110 2.*) no_attrib_nonnull=1 ;;
111 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
112 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
113 *) ;;
114 esac
115
116 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
117 saved_CFLAGS="$CFLAGS"
118 CFLAGS="$CFLAGS -fno-builtin-memset"
119 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
120#include <string.h>
121int main(void){char b[10]; memset(b, 0, sizeof(b));}
122 ]])],
123 [ AC_MSG_RESULT(yes) ],
124 [ AC_MSG_RESULT(no)
125 CFLAGS="$saved_CFLAGS" ]
126)
127
128 # -fstack-protector-all doesn't always work for some GCC versions
129 # and/or platforms, so we test if we can. If it's not supported
130 # on a given platform gcc will emit a warning so we use -Werror.
131 if test "x$use_stack_protector" = "x1"; then
132 for t in -fstack-protector-all -fstack-protector; do
133 AC_MSG_CHECKING(if $CC supports $t)
134 saved_CFLAGS="$CFLAGS"
135 saved_LDFLAGS="$LDFLAGS"
136 CFLAGS="$CFLAGS $t -Werror"
137 LDFLAGS="$LDFLAGS $t -Werror"
138 AC_LINK_IFELSE(
139 [AC_LANG_SOURCE([
140#include <stdio.h>
141int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
142 ])],
143 [ AC_MSG_RESULT(yes)
144 CFLAGS="$saved_CFLAGS $t"
145 LDFLAGS="$saved_LDFLAGS $t"
146 AC_MSG_CHECKING(if $t works)
147 AC_RUN_IFELSE(
148 [AC_LANG_SOURCE([
149#include <stdio.h>
150int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
151 ])],
152 [ AC_MSG_RESULT(yes)
153 break ],
154 [ AC_MSG_RESULT(no) ],
155 [ AC_MSG_WARN([cross compiling: cannot test])
156 break ]
157 )
158 ],
159 [ AC_MSG_RESULT(no) ]
160 )
161 CFLAGS="$saved_CFLAGS"
162 LDFLAGS="$saved_LDFLAGS"
163 done
164 fi
165
166 if test -z "$have_llong_max"; then
167 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
168 unset ac_cv_have_decl_LLONG_MAX
169 saved_CFLAGS="$CFLAGS"
170 CFLAGS="$CFLAGS -std=gnu99"
171 AC_CHECK_DECL(LLONG_MAX,
172 [have_llong_max=1],
173 [CFLAGS="$saved_CFLAGS"],
174 [#include <limits.h>]
175 )
176 fi
177fi
178
179if test "x$no_attrib_nonnull" != "x1" ; then
180 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
181fi
182
183AC_ARG_WITH(rpath,
184 [ --without-rpath Disable auto-added -R linker paths],
185 [
186 if test "x$withval" = "xno" ; then
187 need_dash_r=""
188 fi
189 if test "x$withval" = "xyes" ; then
190 need_dash_r=1
191 fi
192 ]
193)
194
195# Allow user to specify flags
196AC_ARG_WITH(cflags,
197 [ --with-cflags Specify additional flags to pass to compiler],
198 [
199 if test -n "$withval" && test "x$withval" != "xno" && \
200 test "x${withval}" != "xyes"; then
201 CFLAGS="$CFLAGS $withval"
202 fi
203 ]
204)
205AC_ARG_WITH(cppflags,
206 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
207 [
208 if test -n "$withval" && test "x$withval" != "xno" && \
209 test "x${withval}" != "xyes"; then
210 CPPFLAGS="$CPPFLAGS $withval"
211 fi
212 ]
213)
214AC_ARG_WITH(ldflags,
215 [ --with-ldflags Specify additional flags to pass to linker],
216 [
217 if test -n "$withval" && test "x$withval" != "xno" && \
218 test "x${withval}" != "xyes"; then
219 LDFLAGS="$LDFLAGS $withval"
220 fi
221 ]
222)
223AC_ARG_WITH(libs,
224 [ --with-libs Specify additional libraries to link with],
225 [
226 if test -n "$withval" && test "x$withval" != "xno" && \
227 test "x${withval}" != "xyes"; then
228 LIBS="$LIBS $withval"
229 fi
230 ]
231)
232AC_ARG_WITH(Werror,
233 [ --with-Werror Build main code with -Werror],
234 [
235 if test -n "$withval" && test "x$withval" != "xno"; then
236 werror_flags="-Werror"
237 if test "x${withval}" != "xyes"; then
238 werror_flags="$withval"
239 fi
240 fi
241 ]
242)
243
244AC_CHECK_HEADERS( \
245 bstring.h \
246 crypt.h \
247 crypto/sha2.h \
248 dirent.h \
249 endian.h \
250 features.h \
251 fcntl.h \
252 floatingpoint.h \
253 getopt.h \
254 glob.h \
255 ia.h \
256 iaf.h \
257 limits.h \
258 login.h \
259 maillock.h \
260 ndir.h \
261 net/if_tun.h \
262 netdb.h \
263 netgroup.h \
264 pam/pam_appl.h \
265 paths.h \
266 poll.h \
267 pty.h \
268 readpassphrase.h \
269 rpc/types.h \
270 security/pam_appl.h \
271 sha2.h \
272 shadow.h \
273 stddef.h \
274 stdint.h \
275 string.h \
276 strings.h \
277 sys/audit.h \
278 sys/bitypes.h \
279 sys/bsdtty.h \
280 sys/cdefs.h \
281 sys/dir.h \
282 sys/mman.h \
283 sys/mount.h \
284 sys/ndir.h \
285 sys/poll.h \
286 sys/prctl.h \
287 sys/pstat.h \
288 sys/select.h \
289 sys/stat.h \
290 sys/stream.h \
291 sys/stropts.h \
292 sys/strtio.h \
293 sys/statvfs.h \
294 sys/sysmacros.h \
295 sys/time.h \
296 sys/timers.h \
297 sys/un.h \
298 time.h \
299 tmpdir.h \
300 ttyent.h \
301 ucred.h \
302 unistd.h \
303 usersec.h \
304 util.h \
305 utime.h \
306 utmp.h \
307 utmpx.h \
308 vis.h \
309)
310
311# lastlog.h requires sys/time.h to be included first on Solaris
312AC_CHECK_HEADERS(lastlog.h, [], [], [
313#ifdef HAVE_SYS_TIME_H
314# include <sys/time.h>
315#endif
316])
317
318# sys/ptms.h requires sys/stream.h to be included first on Solaris
319AC_CHECK_HEADERS(sys/ptms.h, [], [], [
320#ifdef HAVE_SYS_STREAM_H
321# include <sys/stream.h>
322#endif
323])
324
325# login_cap.h requires sys/types.h on NetBSD
326AC_CHECK_HEADERS(login_cap.h, [], [], [
327#include <sys/types.h>
328])
329
330# Messages for features tested for in target-specific section
331SIA_MSG="no"
332SPC_MSG="no"
333
334# Check for some target-specific stuff
335case "$host" in
336*-*-aix*)
337 # Some versions of VAC won't allow macro redefinitions at
338 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
339 # particularly with older versions of vac or xlc.
340 # It also throws errors about null macro argments, but these are
341 # not fatal.
342 AC_MSG_CHECKING(if compiler allows macro redefinitions)
343 AC_COMPILE_IFELSE(
344 [AC_LANG_SOURCE([[
345#define testmacro foo
346#define testmacro bar
347int main(void) { exit(0); }
348 ]])],
349 [ AC_MSG_RESULT(yes) ],
350 [ AC_MSG_RESULT(no)
351 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
352 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
353 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
354 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
355 ]
356 )
357
358 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
359 if (test -z "$blibpath"); then
360 blibpath="/usr/lib:/lib"
361 fi
362 saved_LDFLAGS="$LDFLAGS"
363 if test "$GCC" = "yes"; then
364 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
365 else
366 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
367 fi
368 for tryflags in $flags ;do
369 if (test -z "$blibflags"); then
370 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
371 AC_TRY_LINK([], [], [blibflags=$tryflags])
372 fi
373 done
374 if (test -z "$blibflags"); then
375 AC_MSG_RESULT(not found)
376 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
377 else
378 AC_MSG_RESULT($blibflags)
379 fi
380 LDFLAGS="$saved_LDFLAGS"
381 dnl Check for authenticate. Might be in libs.a on older AIXes
382 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
383 [Define if you want to enable AIX4's authenticate function])],
384 [AC_CHECK_LIB(s,authenticate,
385 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
386 LIBS="$LIBS -ls"
387 ])
388 ])
389 dnl Check for various auth function declarations in headers.
390 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
391 passwdexpired, setauthdb], , , [#include <usersec.h>])
392 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
393 AC_CHECK_DECLS(loginfailed,
394 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
395 AC_TRY_COMPILE(
396 [#include <usersec.h>],
397 [(void)loginfailed("user","host","tty",0);],
398 [AC_MSG_RESULT(yes)
399 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
400 [Define if your AIX loginfailed() function
401 takes 4 arguments (AIX >= 5.2)])],
402 [AC_MSG_RESULT(no)]
403 )],
404 [],
405 [#include <usersec.h>]
406 )
407 AC_CHECK_FUNCS(getgrset setauthdb)
408 AC_CHECK_DECL(F_CLOSEM,
409 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
410 [],
411 [ #include <limits.h>
412 #include <fcntl.h> ]
413 )
414 check_for_aix_broken_getaddrinfo=1
415 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
416 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
417 [Define if your platform breaks doing a seteuid before a setuid])
418 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
419 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
420 dnl AIX handles lastlog as part of its login message
421 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
422 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
423 [Some systems need a utmpx entry for /bin/login to work])
424 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
425 [Define to a Set Process Title type if your system is
426 supported by bsd-setproctitle.c])
427 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
428 [AIX 5.2 and 5.3 (and presumably newer) require this])
429 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
430 ;;
431*-*-cygwin*)
432 check_for_libcrypt_later=1
433 LIBS="$LIBS /usr/lib/textreadmode.o"
434 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
435 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
436 AC_DEFINE(DISABLE_SHADOW, 1,
437 [Define if you want to disable shadow passwords])
438 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
439 [Define if your system choked on IP TOS setting])
440 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
441 [Define if X11 doesn't support AF_UNIX sockets on that system])
442 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
443 [Define if the concept of ports only accessible to
444 superusers isn't known])
445 AC_DEFINE(DISABLE_FD_PASSING, 1,
446 [Define if your platform needs to skip post auth
447 file descriptor passing])
448 ;;
449*-*-dgux*)
450 AC_DEFINE(IP_TOS_IS_BROKEN)
451 AC_DEFINE(SETEUID_BREAKS_SETUID)
452 AC_DEFINE(BROKEN_SETREUID)
453 AC_DEFINE(BROKEN_SETREGID)
454 ;;
455*-*-darwin*)
456 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
457 AC_DEFINE(BROKEN_GETADDRINFO)
458 AC_DEFINE(SETEUID_BREAKS_SETUID)
459 AC_DEFINE(BROKEN_SETREUID)
460 AC_DEFINE(BROKEN_SETREGID)
461 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
462 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
463 [Define if your resolver libs need this for getrrsetbyname])
464 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
465 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
466 [Use tunnel device compatibility to OpenBSD])
467 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
468 [Prepend the address family to IP tunnel traffic])
469 m4_pattern_allow(AU_IPv)
470 AC_CHECK_DECL(AU_IPv4, [],
471 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
472 [#include <bsm/audit.h>]
473 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
474 [Define if pututxline updates lastlog too])
475 )
476 AC_MSG_CHECKING(if we have the Security Authorization Session API)
477 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
478 [SessionCreate(0, 0);],
479 [ac_cv_use_security_session_api="yes"
480 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
481 [platform has the Security Authorization Session API])
482 LIBS="$LIBS -framework Security"
483 AC_MSG_RESULT(yes)],
484 [ac_cv_use_security_session_api="no"
485 AC_MSG_RESULT(no)])
486 AC_MSG_CHECKING(if we have an in-memory credentials cache)
487 AC_TRY_COMPILE(
488 [#include <Kerberos/Kerberos.h>],
489 [cc_context_t c;
490 (void) cc_initialize (&c, 0, NULL, NULL);],
491 [AC_DEFINE(USE_CCAPI, 1,
492 [platform uses an in-memory credentials cache])
493 LIBS="$LIBS -framework Security"
494 AC_MSG_RESULT(yes)
495 if test "x$ac_cv_use_security_session_api" = "xno"; then
496 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
497 fi],
498 [AC_MSG_RESULT(no)]
499 )
500 ;;
501*-*-dragonfly*)
502 SSHDLIBS="$SSHDLIBS -lcrypt"
503 ;;
504*-*-hpux*)
505 # first we define all of the options common to all HP-UX releases
506 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
507 IPADDR_IN_DISPLAY=yes
508 AC_DEFINE(USE_PIPES)
509 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
510 [Define if your login program cannot handle end of options ("--")])
511 AC_DEFINE(LOGIN_NEEDS_UTMPX)
512 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
513 [String used in /etc/passwd to denote locked account])
514 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
515 MAIL="/var/mail/username"
516 LIBS="$LIBS -lsec"
517 AC_CHECK_LIB(xnet, t_error, ,
518 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
519
520 # next, we define all of the options specific to major releases
521 case "$host" in
522 *-*-hpux10*)
523 if test -z "$GCC"; then
524 CFLAGS="$CFLAGS -Ae"
525 fi
526 ;;
527 *-*-hpux11*)
528 AC_DEFINE(PAM_SUN_CODEBASE, 1,
529 [Define if you are using Solaris-derived PAM which
530 passes pam_messages to the conversation function
531 with an extra level of indirection])
532 AC_DEFINE(DISABLE_UTMP, 1,
533 [Define if you don't want to use utmp])
534 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
535 check_for_hpux_broken_getaddrinfo=1
536 check_for_conflicting_getspnam=1
537 ;;
538 esac
539
540 # lastly, we define options specific to minor releases
541 case "$host" in
542 *-*-hpux10.26)
543 AC_DEFINE(HAVE_SECUREWARE, 1,
544 [Define if you have SecureWare-based
545 protected password database])
546 disable_ptmx_check=yes
547 LIBS="$LIBS -lsecpw"
548 ;;
549 esac
550 ;;
551*-*-irix5*)
552 PATH="$PATH:/usr/etc"
553 AC_DEFINE(BROKEN_INET_NTOA, 1,
554 [Define if you system's inet_ntoa is busted
555 (e.g. Irix gcc issue)])
556 AC_DEFINE(SETEUID_BREAKS_SETUID)
557 AC_DEFINE(BROKEN_SETREUID)
558 AC_DEFINE(BROKEN_SETREGID)
559 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
560 [Define if you shouldn't strip 'tty' from your
561 ttyname in [uw]tmp])
562 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
563 ;;
564*-*-irix6*)
565 PATH="$PATH:/usr/etc"
566 AC_DEFINE(WITH_IRIX_ARRAY, 1,
567 [Define if you have/want arrays
568 (cluster-wide session managment, not C arrays)])
569 AC_DEFINE(WITH_IRIX_PROJECT, 1,
570 [Define if you want IRIX project management])
571 AC_DEFINE(WITH_IRIX_AUDIT, 1,
572 [Define if you want IRIX audit trails])
573 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
574 [Define if you want IRIX kernel jobs])])
575 AC_DEFINE(BROKEN_INET_NTOA)
576 AC_DEFINE(SETEUID_BREAKS_SETUID)
577 AC_DEFINE(BROKEN_SETREUID)
578 AC_DEFINE(BROKEN_SETREGID)
579 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
580 AC_DEFINE(WITH_ABBREV_NO_TTY)
581 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
582 ;;
583*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
584 check_for_libcrypt_later=1
585 AC_DEFINE(PAM_TTY_KLUDGE)
586 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
587 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
588 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
589 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
590 ;;
591*-*-linux*)
592 no_dev_ptmx=1
593 check_for_libcrypt_later=1
594 check_for_openpty_ctty_bug=1
595 AC_DEFINE(PAM_TTY_KLUDGE, 1,
596 [Work around problematic Linux PAM modules handling of PAM_TTY])
597 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
598 [String used in /etc/passwd to denote locked account])
599 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
600 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
601 [Define to whatever link() returns for "not supported"
602 if it doesn't return EOPNOTSUPP.])
603 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
604 AC_DEFINE(USE_BTMP)
605 inet6_default_4in6=yes
606 case `uname -r` in
607 1.*|2.0.*)
608 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
609 [Define if cmsg_type is not passed correctly])
610 ;;
611 esac
612 # tun(4) forwarding compat code
613 AC_CHECK_HEADERS(linux/if_tun.h)
614 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
615 AC_DEFINE(SSH_TUN_LINUX, 1,
616 [Open tunnel devices the Linux tun/tap way])
617 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
618 [Use tunnel device compatibility to OpenBSD])
619 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
620 [Prepend the address family to IP tunnel traffic])
621 fi
622 ;;
623mips-sony-bsd|mips-sony-newsos4)
624 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
625 SONY=1
626 ;;
627*-*-netbsd*)
628 check_for_libcrypt_before=1
629 if test "x$withval" != "xno" ; then
630 need_dash_r=1
631 fi
632 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
633 AC_CHECK_HEADER([net/if_tap.h], ,
634 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
635 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
636 [Prepend the address family to IP tunnel traffic])
637 ;;
638*-*-freebsd*)
639 check_for_libcrypt_later=1
640 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
641 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
642 AC_CHECK_HEADER([net/if_tap.h], ,
643 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
644 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
645 ;;
646*-*-bsdi*)
647 AC_DEFINE(SETEUID_BREAKS_SETUID)
648 AC_DEFINE(BROKEN_SETREUID)
649 AC_DEFINE(BROKEN_SETREGID)
650 ;;
651*-next-*)
652 conf_lastlog_location="/usr/adm/lastlog"
653 conf_utmp_location=/etc/utmp
654 conf_wtmp_location=/usr/adm/wtmp
655 MAIL=/usr/spool/mail
656 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
657 AC_DEFINE(BROKEN_REALPATH)
658 AC_DEFINE(USE_PIPES)
659 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
660 ;;
661*-*-openbsd*)
662 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
663 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
664 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
665 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
666 [syslog_r function is safe to use in in a signal handler])
667 ;;
668*-*-solaris*)
669 if test "x$withval" != "xno" ; then
670 need_dash_r=1
671 fi
672 AC_DEFINE(PAM_SUN_CODEBASE)
673 AC_DEFINE(LOGIN_NEEDS_UTMPX)
674 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
675 [Some versions of /bin/login need the TERM supplied
676 on the commandline])
677 AC_DEFINE(PAM_TTY_KLUDGE)
678 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
679 [Define if pam_chauthtok wants real uid set
680 to the unpriv'ed user])
681 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
682 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
683 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
684 [Define if sshd somehow reacquires a controlling TTY
685 after setsid()])
686 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
687 in case the name is longer than 8 chars])
688 external_path_file=/etc/default/login
689 # hardwire lastlog location (can't detect it on some versions)
690 conf_lastlog_location="/var/adm/lastlog"
691 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
692 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
693 if test "$sol2ver" -ge 8; then
694 AC_MSG_RESULT(yes)
695 AC_DEFINE(DISABLE_UTMP)
696 AC_DEFINE(DISABLE_WTMP, 1,
697 [Define if you don't want to use wtmp])
698 else
699 AC_MSG_RESULT(no)
700 fi
701 AC_ARG_WITH(solaris-contracts,
702 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
703 [
704 AC_CHECK_LIB(contract, ct_tmpl_activate,
705 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
706 [Define if you have Solaris process contracts])
707 SSHDLIBS="$SSHDLIBS -lcontract"
708 AC_SUBST(SSHDLIBS)
709 SPC_MSG="yes" ], )
710 ],
711 )
712 ;;
713*-*-sunos4*)
714 CPPFLAGS="$CPPFLAGS -DSUNOS4"
715 AC_CHECK_FUNCS(getpwanam)
716 AC_DEFINE(PAM_SUN_CODEBASE)
717 conf_utmp_location=/etc/utmp
718 conf_wtmp_location=/var/adm/wtmp
719 conf_lastlog_location=/var/adm/lastlog
720 AC_DEFINE(USE_PIPES)
721 ;;
722*-ncr-sysv*)
723 LIBS="$LIBS -lc89"
724 AC_DEFINE(USE_PIPES)
725 AC_DEFINE(SSHD_ACQUIRES_CTTY)
726 AC_DEFINE(SETEUID_BREAKS_SETUID)
727 AC_DEFINE(BROKEN_SETREUID)
728 AC_DEFINE(BROKEN_SETREGID)
729 ;;
730*-sni-sysv*)
731 # /usr/ucblib MUST NOT be searched on ReliantUNIX
732 AC_CHECK_LIB(dl, dlsym, ,)
733 # -lresolv needs to be at the end of LIBS or DNS lookups break
734 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
735 IPADDR_IN_DISPLAY=yes
736 AC_DEFINE(USE_PIPES)
737 AC_DEFINE(IP_TOS_IS_BROKEN)
738 AC_DEFINE(SETEUID_BREAKS_SETUID)
739 AC_DEFINE(BROKEN_SETREUID)
740 AC_DEFINE(BROKEN_SETREGID)
741 AC_DEFINE(SSHD_ACQUIRES_CTTY)
742 external_path_file=/etc/default/login
743 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
744 # Attention: always take care to bind libsocket and libnsl before libc,
745 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
746 ;;
747# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
748*-*-sysv4.2*)
749 AC_DEFINE(USE_PIPES)
750 AC_DEFINE(SETEUID_BREAKS_SETUID)
751 AC_DEFINE(BROKEN_SETREUID)
752 AC_DEFINE(BROKEN_SETREGID)
753 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
754 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
755 ;;
756# UnixWare 7.x, OpenUNIX 8
757*-*-sysv5*)
758 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
759 AC_DEFINE(USE_PIPES)
760 AC_DEFINE(SETEUID_BREAKS_SETUID)
761 AC_DEFINE(BROKEN_SETREUID)
762 AC_DEFINE(BROKEN_SETREGID)
763 AC_DEFINE(PASSWD_NEEDS_USERNAME)
764 case "$host" in
765 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
766 TEST_SHELL=/u95/bin/sh
767 AC_DEFINE(BROKEN_LIBIAF, 1,
768 [ia_uinfo routines not supported by OS yet])
769 AC_DEFINE(BROKEN_UPDWTMPX)
770 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
771 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
772 AC_DEFINE(HAVE_SECUREWARE)
773 AC_DEFINE(DISABLE_SHADOW)
774 ],,)
775 ;;
776 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
777 check_for_libcrypt_later=1
778 ;;
779 esac
780 ;;
781*-*-sysv*)
782 ;;
783# SCO UNIX and OEM versions of SCO UNIX
784*-*-sco3.2v4*)
785 AC_MSG_ERROR("This Platform is no longer supported.")
786 ;;
787# SCO OpenServer 5.x
788*-*-sco3.2v5*)
789 if test -z "$GCC"; then
790 CFLAGS="$CFLAGS -belf"
791 fi
792 LIBS="$LIBS -lprot -lx -ltinfo -lm"
793 no_dev_ptmx=1
794 AC_DEFINE(USE_PIPES)
795 AC_DEFINE(HAVE_SECUREWARE)
796 AC_DEFINE(DISABLE_SHADOW)
797 AC_DEFINE(DISABLE_FD_PASSING)
798 AC_DEFINE(SETEUID_BREAKS_SETUID)
799 AC_DEFINE(BROKEN_SETREUID)
800 AC_DEFINE(BROKEN_SETREGID)
801 AC_DEFINE(WITH_ABBREV_NO_TTY)
802 AC_DEFINE(BROKEN_UPDWTMPX)
803 AC_DEFINE(PASSWD_NEEDS_USERNAME)
804 AC_CHECK_FUNCS(getluid setluid)
805 MANTYPE=man
806 TEST_SHELL=ksh
807 ;;
808*-*-unicosmk*)
809 AC_DEFINE(NO_SSH_LASTLOG, 1,
810 [Define if you don't want to use lastlog in session.c])
811 AC_DEFINE(SETEUID_BREAKS_SETUID)
812 AC_DEFINE(BROKEN_SETREUID)
813 AC_DEFINE(BROKEN_SETREGID)
814 AC_DEFINE(USE_PIPES)
815 AC_DEFINE(DISABLE_FD_PASSING)
816 LDFLAGS="$LDFLAGS"
817 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
818 MANTYPE=cat
819 ;;
820*-*-unicosmp*)
821 AC_DEFINE(SETEUID_BREAKS_SETUID)
822 AC_DEFINE(BROKEN_SETREUID)
823 AC_DEFINE(BROKEN_SETREGID)
824 AC_DEFINE(WITH_ABBREV_NO_TTY)
825 AC_DEFINE(USE_PIPES)
826 AC_DEFINE(DISABLE_FD_PASSING)
827 LDFLAGS="$LDFLAGS"
828 LIBS="$LIBS -lgen -lacid -ldb"
829 MANTYPE=cat
830 ;;
831*-*-unicos*)
832 AC_DEFINE(SETEUID_BREAKS_SETUID)
833 AC_DEFINE(BROKEN_SETREUID)
834 AC_DEFINE(BROKEN_SETREGID)
835 AC_DEFINE(USE_PIPES)
836 AC_DEFINE(DISABLE_FD_PASSING)
837 AC_DEFINE(NO_SSH_LASTLOG)
838 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
839 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
840 MANTYPE=cat
841 ;;
842*-dec-osf*)
843 AC_MSG_CHECKING(for Digital Unix SIA)
844 no_osfsia=""
845 AC_ARG_WITH(osfsia,
846 [ --with-osfsia Enable Digital Unix SIA],
847 [
848 if test "x$withval" = "xno" ; then
849 AC_MSG_RESULT(disabled)
850 no_osfsia=1
851 fi
852 ],
853 )
854 if test -z "$no_osfsia" ; then
855 if test -f /etc/sia/matrix.conf; then
856 AC_MSG_RESULT(yes)
857 AC_DEFINE(HAVE_OSF_SIA, 1,
858 [Define if you have Digital Unix Security
859 Integration Architecture])
860 AC_DEFINE(DISABLE_LOGIN, 1,
861 [Define if you don't want to use your
862 system's login() call])
863 AC_DEFINE(DISABLE_FD_PASSING)
864 LIBS="$LIBS -lsecurity -ldb -lm -laud"
865 SIA_MSG="yes"
866 else
867 AC_MSG_RESULT(no)
868 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
869 [String used in /etc/passwd to denote locked account])
870 fi
871 fi
872 AC_DEFINE(BROKEN_GETADDRINFO)
873 AC_DEFINE(SETEUID_BREAKS_SETUID)
874 AC_DEFINE(BROKEN_SETREUID)
875 AC_DEFINE(BROKEN_SETREGID)
876 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
877 ;;
878
879*-*-nto-qnx*)
880 AC_DEFINE(USE_PIPES)
881 AC_DEFINE(NO_X11_UNIX_SOCKETS)
882 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
883 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
884 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
885 AC_DEFINE(DISABLE_LASTLOG)
886 AC_DEFINE(SSHD_ACQUIRES_CTTY)
887 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
888 enable_etc_default_login=no # has incompatible /etc/default/login
889 case "$host" in
890 *-*-nto-qnx6*)
891 AC_DEFINE(DISABLE_FD_PASSING)
892 ;;
893 esac
894 ;;
895
896*-*-ultrix*)
897 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
898 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
899 AC_DEFINE(NEED_SETPGRP)
900 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
901 ;;
902
903*-*-lynxos)
904 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
905 AC_DEFINE(MISSING_HOWMANY)
906 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
907 ;;
908esac
909
910AC_MSG_CHECKING(compiler and flags for sanity)
911AC_RUN_IFELSE(
912 [AC_LANG_SOURCE([
913#include <stdio.h>
914int main(){exit(0);}
915 ])],
916 [ AC_MSG_RESULT(yes) ],
917 [
918 AC_MSG_RESULT(no)
919 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
920 ],
921 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
922)
923
924dnl Checks for header files.
925# Checks for libraries.
926AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
927AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
928
929dnl IRIX and Solaris 2.5.1 have dirname() in libgen
930AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
931 AC_CHECK_LIB(gen, dirname,[
932 AC_CACHE_CHECK([for broken dirname],
933 ac_cv_have_broken_dirname, [
934 save_LIBS="$LIBS"
935 LIBS="$LIBS -lgen"
936 AC_RUN_IFELSE(
937 [AC_LANG_SOURCE([[
938#include <libgen.h>
939#include <string.h>
940
941int main(int argc, char **argv) {
942 char *s, buf[32];
943
944 strncpy(buf,"/etc", 32);
945 s = dirname(buf);
946 if (!s || strncmp(s, "/", 32) != 0) {
947 exit(1);
948 } else {
949 exit(0);
950 }
951}
952 ]])],
953 [ ac_cv_have_broken_dirname="no" ],
954 [ ac_cv_have_broken_dirname="yes" ],
955 [ ac_cv_have_broken_dirname="no" ],
956 )
957 LIBS="$save_LIBS"
958 ])
959 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
960 LIBS="$LIBS -lgen"
961 AC_DEFINE(HAVE_DIRNAME)
962 AC_CHECK_HEADERS(libgen.h)
963 fi
964 ])
965])
966
967AC_CHECK_FUNC(getspnam, ,
968 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
969AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
970 [Define if you have the basename function.]))
971
972dnl zlib is required
973AC_ARG_WITH(zlib,
974 [ --with-zlib=PATH Use zlib in PATH],
975 [ if test "x$withval" = "xno" ; then
976 AC_MSG_ERROR([*** zlib is required ***])
977 elif test "x$withval" != "xyes"; then
978 if test -d "$withval/lib"; then
979 if test -n "${need_dash_r}"; then
980 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
981 else
982 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
983 fi
984 else
985 if test -n "${need_dash_r}"; then
986 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
987 else
988 LDFLAGS="-L${withval} ${LDFLAGS}"
989 fi
990 fi
991 if test -d "$withval/include"; then
992 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
993 else
994 CPPFLAGS="-I${withval} ${CPPFLAGS}"
995 fi
996 fi ]
997)
998
999AC_CHECK_LIB(z, deflate, ,
1000 [
1001 saved_CPPFLAGS="$CPPFLAGS"
1002 saved_LDFLAGS="$LDFLAGS"
1003 save_LIBS="$LIBS"
1004 dnl Check default zlib install dir
1005 if test -n "${need_dash_r}"; then
1006 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1007 else
1008 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1009 fi
1010 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1011 LIBS="$LIBS -lz"
1012 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1013 [
1014 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1015 ]
1016 )
1017 ]
1018)
1019AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1020
1021AC_ARG_WITH(zlib-version-check,
1022 [ --without-zlib-version-check Disable zlib version check],
1023 [ if test "x$withval" = "xno" ; then
1024 zlib_check_nonfatal=1
1025 fi
1026 ]
1027)
1028
1029AC_MSG_CHECKING(for possibly buggy zlib)
1030AC_RUN_IFELSE([AC_LANG_SOURCE([[
1031#include <stdio.h>
1032#include <zlib.h>
1033int main()
1034{
1035 int a=0, b=0, c=0, d=0, n, v;
1036 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1037 if (n != 3 && n != 4)
1038 exit(1);
1039 v = a*1000000 + b*10000 + c*100 + d;
1040 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1041
1042 /* 1.1.4 is OK */
1043 if (a == 1 && b == 1 && c >= 4)
1044 exit(0);
1045
1046 /* 1.2.3 and up are OK */
1047 if (v >= 1020300)
1048 exit(0);
1049
1050 exit(2);
1051}
1052 ]])],
1053 AC_MSG_RESULT(no),
1054 [ AC_MSG_RESULT(yes)
1055 if test -z "$zlib_check_nonfatal" ; then
1056 AC_MSG_ERROR([*** zlib too old - check config.log ***
1057Your reported zlib version has known security problems. It's possible your
1058vendor has fixed these problems without changing the version number. If you
1059are sure this is the case, you can disable the check by running
1060"./configure --without-zlib-version-check".
1061If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1062See http://www.gzip.org/zlib/ for details.])
1063 else
1064 AC_MSG_WARN([zlib version may have security problems])
1065 fi
1066 ],
1067 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1068)
1069
1070dnl UnixWare 2.x
1071AC_CHECK_FUNC(strcasecmp,
1072 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1073)
1074AC_CHECK_FUNCS(utimes,
1075 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1076 LIBS="$LIBS -lc89"]) ]
1077)
1078
1079dnl Checks for libutil functions
1080AC_CHECK_HEADERS(libutil.h)
1081AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1082 [Define if your libraries define login()])])
1083AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1084
1085AC_FUNC_STRFTIME
1086
1087# Check for ALTDIRFUNC glob() extension
1088AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1089AC_EGREP_CPP(FOUNDIT,
1090 [
1091 #include <glob.h>
1092 #ifdef GLOB_ALTDIRFUNC
1093 FOUNDIT
1094 #endif
1095 ],
1096 [
1097 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1098 [Define if your system glob() function has
1099 the GLOB_ALTDIRFUNC extension])
1100 AC_MSG_RESULT(yes)
1101 ],
1102 [
1103 AC_MSG_RESULT(no)
1104 ]
1105)
1106
1107# Check for g.gl_matchc glob() extension
1108AC_MSG_CHECKING(for gl_matchc field in glob_t)
1109AC_TRY_COMPILE(
1110 [ #include <glob.h> ],
1111 [glob_t g; g.gl_matchc = 1;],
1112 [
1113 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1114 [Define if your system glob() function has
1115 gl_matchc options in glob_t])
1116 AC_MSG_RESULT(yes)
1117 ],
1118 [
1119 AC_MSG_RESULT(no)
1120 ]
1121)
1122
1123AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1124
1125AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1126AC_RUN_IFELSE(
1127 [AC_LANG_SOURCE([[
1128#include <sys/types.h>
1129#include <dirent.h>
1130int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1131 ]])],
1132 [AC_MSG_RESULT(yes)],
1133 [
1134 AC_MSG_RESULT(no)
1135 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1136 [Define if your struct dirent expects you to
1137 allocate extra space for d_name])
1138 ],
1139 [
1140 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1141 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1142 ]
1143)
1144
1145# Check whether the user wants GSSAPI mechglue support
1146AC_ARG_WITH(mechglue,
1147 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1148 [
1149 AC_MSG_CHECKING(for mechglue library)
1150
1151 if test -e ${withval}/libgssapi.a ; then
1152 mechglue_lib=${withval}/libgssapi.a
1153 elif test -e ${withval}/lib/libgssapi.a ; then
1154 mechglue_lib=${withval}/lib/libgssapi.a
1155 else
1156 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1157 fi
1158 LIBS="$LIBS ${mechglue_lib}"
1159 AC_MSG_RESULT(${mechglue_lib})
1160
1161 AC_CHECK_LIB(dl, dlopen, , )
1162 if test $ac_cv_lib_dl_dlopen = yes; then
1163 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1164 fi
1165
1166 AC_DEFINE(GSSAPI)
1167 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1168 GSSAPI="mechglue"
1169
1170 ]
1171)
1172
1173
1174# Check whether the user wants GSI (Globus) support
1175gsi_path="no"
1176AC_ARG_WITH(gsi,
1177 [ --with-gsi Enable Globus GSI authentication support],
1178 [
1179 gsi_path="$withval"
1180 ]
1181)
1182
1183AC_ARG_WITH(globus,
1184 [ --with-globus Enable Globus GSI authentication support],
1185 [
1186 gsi_path="$withval"
1187 ]
1188)
1189
1190AC_ARG_WITH(globus-static,
1191 [ --with-globus-static Link statically with Globus GSI libraries],
1192 [
1193 gsi_static=1
1194 if test "x$gsi_path" = "xno" ; then
1195 gsi_path="$withval"
1196 fi
1197 ]
1198)
1199
1200# Check whether the user has a Globus flavor type
1201globus_flavor_type="no"
1202AC_ARG_WITH(globus-flavor,
1203 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
1204 [
1205 globus_flavor_type="$withval"
1206 if test "x$gsi_path" = "xno" ; then
1207 gsi_path="yes"
1208 fi
1209 ]
1210)
1211
1212if test "x$gsi_path" != "xno" ; then
1213 # Globus GSSAPI configuration
1214 AC_MSG_CHECKING(for Globus GSI)
1215 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
1216
1217 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
1218 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1219 fi
1220 if test -z "$GSSAPI"; then
1221 AC_DEFINE(GSSAPI)
1222 GSSAPI="GSI"
1223 fi
1224
1225 if test "x$gsi_path" = "xyes" ; then
1226 if test -z "$GLOBUS_LOCATION" ; then
1227 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
1228 else
1229 gsi_path="$GLOBUS_LOCATION"
1230 fi
1231 fi
1232 GLOBUS_LOCATION="$gsi_path"
1233 export GLOBUS_LOCATION
1234 if test ! -d "$GLOBUS_LOCATION" ; then
1235 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1236 fi
1237
1238 if test "x$globus_flavor_type" = "xno" ; then
1239 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1240 fi
1241 if test "x$globus_flavor_type" = "xyes" ; then
1242 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1243 fi
1244 AC_MSG_RESULT(yes)
1245
1246 AC_MSG_CHECKING(for Globus include path)
1247 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1248 if test ! -d "$GLOBUS_INCLUDE" ; then
1249 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1250 fi
1251 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
1252 AC_MSG_RESULT(yes)
1253
1254 #
1255 # Find GPT linkline helper
1256 #
1257
1258 AC_MSG_CHECKING(for GPT linkline helper)
1259 if test -x $GPT_LOCATION/sbin/gpt_build_config ; then
1260 gpt_linkline_helper="$GPT_LOCATION/sbin/gpt_build_config"
1261 elif test -x ${gsi_path}/sbin/gpt_build_config ; then
1262 gpt_linkline_helper="${gsi_path}/sbin/gpt_build_config"
1263 else
1264 AC_MSG_ERROR(Cannot find gpt_build_config: GPT installation is incomplete)
1265 fi
1266 AC_MSG_RESULT(yes)
1267
1268 #
1269 # Build Globus linkline
1270 #
1271
1272 if test -n "${gsi_static}"; then
1273 ${gpt_linkline_helper} -f ${globus_flavor_type} -link static -src pkg_data_src.gpt
1274 else
1275 ${gpt_linkline_helper} -f ${globus_flavor_type} -link shared -src pkg_data_src.gpt
1276 fi
1277 . ./gpt_build_temp.sh
1278 if test -n "${need_dash_r}"; then
1279 GSI_LDFLAGS="-L${gsi_path}/lib -R${gsi_path}/lib"
1280 else
1281 GSI_LDFLAGS="-L${gsi_path}/lib"
1282 fi
1283 GSI_LIBS="$GPT_CONFIG_PGM_LINKS"
1284 LD_LIBRARY_PATH="${gsi_path}/lib:$LD_LIBRARY_PATH"; export LD_LIBRARY_PATH
1285
1286 #
1287 # Test Globus linkline
1288 #
1289
1290 AC_MSG_CHECKING(for Globus linkline)
1291 if test -z "$GSI_LIBS" ; then
1292 AC_MSG_ERROR(gpt_build_config failed)
1293 fi
1294 AC_MSG_RESULT(yes)
1295
1296 AC_DEFINE(HAVE_GSSAPI_H)
1297
1298 LIBS="$LIBS $GSI_LIBS $GPT_CONFIG_LIBS"
1299 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1300 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS $GPT_CONFIG_INCLUDES"
1301 CFLAGS="$CFLAGS $GPT_CONFIG_CFLAGS"
1302
1303 AC_MSG_CHECKING(that Globus linkline works)
1304 # test that we got the libraries OK
1305 AC_TRY_LINK(
1306 [],
1307 [],
1308 [
1309 AC_MSG_RESULT(yes)
1310 ],
1311 [
1312 AC_MSG_ERROR(link with Globus libraries failed)
1313 ]
1314 )
1315 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1316 INSTALL_GSISSH="yes"
1317else
1318 INSTALL_GSISSH=""
1319fi
1320# End Globus/GSI section
1321
1322AC_MSG_CHECKING([for /proc/pid/fd directory])
1323if test -d "/proc/$$/fd" ; then
1324 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1325 AC_MSG_RESULT(yes)
1326else
1327 AC_MSG_RESULT(no)
1328fi
1329
1330# Check whether user wants S/Key support
1331SKEY_MSG="no"
1332AC_ARG_WITH(skey,
1333 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1334 [
1335 if test "x$withval" != "xno" ; then
1336
1337 if test "x$withval" != "xyes" ; then
1338 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1339 LDFLAGS="$LDFLAGS -L${withval}/lib"
1340 fi
1341
1342 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1343 LIBS="-lskey $LIBS"
1344 SKEY_MSG="yes"
1345
1346 AC_MSG_CHECKING([for s/key support])
1347 AC_LINK_IFELSE(
1348 [AC_LANG_SOURCE([[
1349#include <stdio.h>
1350#include <skey.h>
1351int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1352 ]])],
1353 [AC_MSG_RESULT(yes)],
1354 [
1355 AC_MSG_RESULT(no)
1356 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1357 ])
1358 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1359 AC_TRY_COMPILE(
1360 [#include <stdio.h>
1361 #include <skey.h>],
1362 [(void)skeychallenge(NULL,"name","",0);],
1363 [AC_MSG_RESULT(yes)
1364 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1365 [Define if your skeychallenge()
1366 function takes 4 arguments (NetBSD)])],
1367 [AC_MSG_RESULT(no)]
1368 )
1369 fi
1370 ]
1371)
1372
1373# Check whether user wants TCP wrappers support
1374TCPW_MSG="no"
1375AC_ARG_WITH(tcp-wrappers,
1376 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1377 [
1378 if test "x$withval" != "xno" ; then
1379 saved_LIBS="$LIBS"
1380 saved_LDFLAGS="$LDFLAGS"
1381 saved_CPPFLAGS="$CPPFLAGS"
1382 if test -n "${withval}" && \
1383 test "x${withval}" != "xyes"; then
1384 if test -d "${withval}/lib"; then
1385 if test -n "${need_dash_r}"; then
1386 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1387 else
1388 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1389 fi
1390 else
1391 if test -n "${need_dash_r}"; then
1392 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1393 else
1394 LDFLAGS="-L${withval} ${LDFLAGS}"
1395 fi
1396 fi
1397 if test -d "${withval}/include"; then
1398 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1399 else
1400 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1401 fi
1402 fi
1403 LIBS="-lwrap $LIBS"
1404 AC_MSG_CHECKING(for libwrap)
1405 AC_TRY_LINK(
1406 [
1407#include <sys/types.h>
1408#include <sys/socket.h>
1409#include <netinet/in.h>
1410#include <tcpd.h>
1411 int deny_severity = 0, allow_severity = 0;
1412 ],
1413 [hosts_access(0);],
1414 [
1415 AC_MSG_RESULT(yes)
1416 AC_DEFINE(LIBWRAP, 1,
1417 [Define if you want
1418 TCP Wrappers support])
1419 SSHDLIBS="$SSHDLIBS -lwrap"
1420 TCPW_MSG="yes"
1421 ],
1422 [
1423 AC_MSG_ERROR([*** libwrap missing])
1424 ]
1425 )
1426 LIBS="$saved_LIBS"
1427 fi
1428 ]
1429)
1430
1431# Check whether user wants libedit support
1432LIBEDIT_MSG="no"
1433AC_ARG_WITH(libedit,
1434 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1435 [ if test "x$withval" != "xno" ; then
1436 if test "x$withval" != "xyes"; then
1437 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1438 if test -n "${need_dash_r}"; then
1439 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1440 else
1441 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1442 fi
1443 fi
1444 AC_CHECK_LIB(edit, el_init,
1445 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1446 LIBEDIT="-ledit -lcurses"
1447 LIBEDIT_MSG="yes"
1448 AC_SUBST(LIBEDIT)
1449 ],
1450 [ AC_MSG_ERROR(libedit not found) ],
1451 [ -lcurses ]
1452 )
1453 AC_MSG_CHECKING(if libedit version is compatible)
1454 AC_COMPILE_IFELSE(
1455 [AC_LANG_SOURCE([[
1456#include <histedit.h>
1457int main(void)
1458{
1459 int i = H_SETSIZE;
1460 el_init("", NULL, NULL, NULL);
1461 exit(0);
1462}
1463 ]])],
1464 [ AC_MSG_RESULT(yes) ],
1465 [ AC_MSG_RESULT(no)
1466 AC_MSG_ERROR(libedit version is not compatible) ]
1467 )
1468 fi ]
1469)
1470
1471AUDIT_MODULE=none
1472AC_ARG_WITH(audit,
1473 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1474 [
1475 AC_MSG_CHECKING(for supported audit module)
1476 case "$withval" in
1477 bsm)
1478 AC_MSG_RESULT(bsm)
1479 AUDIT_MODULE=bsm
1480 dnl Checks for headers, libs and functions
1481 AC_CHECK_HEADERS(bsm/audit.h, [],
1482 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1483 [
1484#ifdef HAVE_TIME_H
1485# include <time.h>
1486#endif
1487 ]
1488)
1489 AC_CHECK_LIB(bsm, getaudit, [],
1490 [AC_MSG_ERROR(BSM enabled and required library not found)])
1491 AC_CHECK_FUNCS(getaudit, [],
1492 [AC_MSG_ERROR(BSM enabled and required function not found)])
1493 # These are optional
1494 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1495 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1496 ;;
1497 debug)
1498 AUDIT_MODULE=debug
1499 AC_MSG_RESULT(debug)
1500 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1501 ;;
1502 no)
1503 AC_MSG_RESULT(no)
1504 ;;
1505 *)
1506 AC_MSG_ERROR([Unknown audit module $withval])
1507 ;;
1508 esac ]
1509)
1510
1511dnl Checks for library functions. Please keep in alphabetical order
1512AC_CHECK_FUNCS( \
1513 arc4random \
1514 arc4random_buf \
1515 arc4random_uniform \
1516 asprintf \
1517 b64_ntop \
1518 __b64_ntop \
1519 b64_pton \
1520 __b64_pton \
1521 bcopy \
1522 bindresvport_sa \
1523 clock \
1524 closefrom \
1525 dirfd \
1526 fchmod \
1527 fchown \
1528 freeaddrinfo \
1529 fstatvfs \
1530 futimes \
1531 getaddrinfo \
1532 getcwd \
1533 getgrouplist \
1534 getnameinfo \
1535 getopt \
1536 getpeereid \
1537 getpeerucred \
1538 _getpty \
1539 getrlimit \
1540 getttyent \
1541 glob \
1542 inet_aton \
1543 inet_ntoa \
1544 inet_ntop \
1545 innetgr \
1546 login_getcapbool \
1547 md5_crypt \
1548 memmove \
1549 mkdtemp \
1550 mmap \
1551 ngetaddrinfo \
1552 nsleep \
1553 ogetaddrinfo \
1554 openlog_r \
1555 openpty \
1556 poll \
1557 prctl \
1558 pstat \
1559 readpassphrase \
1560 realpath \
1561 recvmsg \
1562 rresvport_af \
1563 sendmsg \
1564 setdtablesize \
1565 setegid \
1566 setenv \
1567 seteuid \
1568 setgroups \
1569 setlogin \
1570 setpcred \
1571 setproctitle \
1572 setregid \
1573 setreuid \
1574 setrlimit \
1575 setsid \
1576 setvbuf \
1577 sigaction \
1578 sigvec \
1579 snprintf \
1580 socketpair \
1581 statfs \
1582 statvfs \
1583 strdup \
1584 strerror \
1585 strlcat \
1586 strlcpy \
1587 strmode \
1588 strnvis \
1589 strtonum \
1590 strtoll \
1591 strtoul \
1592 swap32 \
1593 sysconf \
1594 tcgetpgrp \
1595 truncate \
1596 unsetenv \
1597 updwtmpx \
1598 vasprintf \
1599 vhangup \
1600 vsnprintf \
1601 waitpid \
1602)
1603
1604# IRIX has a const char return value for gai_strerror()
1605AC_CHECK_FUNCS(gai_strerror,[
1606 AC_DEFINE(HAVE_GAI_STRERROR)
1607 AC_TRY_COMPILE([
1608#include <sys/types.h>
1609#include <sys/socket.h>
1610#include <netdb.h>
1611
1612const char *gai_strerror(int);],[
1613char *str;
1614
1615str = gai_strerror(0);],[
1616 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1617 [Define if gai_strerror() returns const char *])])])
1618
1619AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1620 [Some systems put nanosleep outside of libc]))
1621
1622dnl Make sure prototypes are defined for these before using them.
1623AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1624AC_CHECK_DECL(strsep,
1625 [AC_CHECK_FUNCS(strsep)],
1626 [],
1627 [
1628#ifdef HAVE_STRING_H
1629# include <string.h>
1630#endif
1631 ])
1632
1633dnl tcsendbreak might be a macro
1634AC_CHECK_DECL(tcsendbreak,
1635 [AC_DEFINE(HAVE_TCSENDBREAK)],
1636 [AC_CHECK_FUNCS(tcsendbreak)],
1637 [#include <termios.h>]
1638)
1639
1640AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1641
1642AC_CHECK_DECLS(SHUT_RD, , ,
1643 [
1644#include <sys/types.h>
1645#include <sys/socket.h>
1646 ])
1647
1648AC_CHECK_DECLS(O_NONBLOCK, , ,
1649 [
1650#include <sys/types.h>
1651#ifdef HAVE_SYS_STAT_H
1652# include <sys/stat.h>
1653#endif
1654#ifdef HAVE_FCNTL_H
1655# include <fcntl.h>
1656#endif
1657 ])
1658
1659AC_CHECK_DECLS(writev, , , [
1660#include <sys/types.h>
1661#include <sys/uio.h>
1662#include <unistd.h>
1663 ])
1664
1665AC_CHECK_DECLS(MAXSYMLINKS, , , [
1666#include <sys/param.h>
1667 ])
1668
1669AC_CHECK_DECLS(offsetof, , , [
1670#include <stddef.h>
1671 ])
1672
1673AC_CHECK_FUNCS(setresuid, [
1674 dnl Some platorms have setresuid that isn't implemented, test for this
1675 AC_MSG_CHECKING(if setresuid seems to work)
1676 AC_RUN_IFELSE(
1677 [AC_LANG_SOURCE([[
1678#include <stdlib.h>
1679#include <errno.h>
1680int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1681 ]])],
1682 [AC_MSG_RESULT(yes)],
1683 [AC_DEFINE(BROKEN_SETRESUID, 1,
1684 [Define if your setresuid() is broken])
1685 AC_MSG_RESULT(not implemented)],
1686 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1687 )
1688])
1689
1690AC_CHECK_FUNCS(setresgid, [
1691 dnl Some platorms have setresgid that isn't implemented, test for this
1692 AC_MSG_CHECKING(if setresgid seems to work)
1693 AC_RUN_IFELSE(
1694 [AC_LANG_SOURCE([[
1695#include <stdlib.h>
1696#include <errno.h>
1697int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1698 ]])],
1699 [AC_MSG_RESULT(yes)],
1700 [AC_DEFINE(BROKEN_SETRESGID, 1,
1701 [Define if your setresgid() is broken])
1702 AC_MSG_RESULT(not implemented)],
1703 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1704 )
1705])
1706
1707dnl Checks for time functions
1708AC_CHECK_FUNCS(gettimeofday time)
1709dnl Checks for utmp functions
1710AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1711AC_CHECK_FUNCS(utmpname)
1712dnl Checks for utmpx functions
1713AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1714AC_CHECK_FUNCS(setutxent utmpxname)
1715dnl Checks for lastlog functions
1716AC_CHECK_FUNCS(getlastlogxbyname)
1717
1718AC_CHECK_FUNC(daemon,
1719 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1720 [AC_CHECK_LIB(bsd, daemon,
1721 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1722)
1723
1724AC_CHECK_FUNC(getpagesize,
1725 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1726 [Define if your libraries define getpagesize()])],
1727 [AC_CHECK_LIB(ucb, getpagesize,
1728 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1729)
1730
1731# Check for broken snprintf
1732if test "x$ac_cv_func_snprintf" = "xyes" ; then
1733 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1734 AC_RUN_IFELSE(
1735 [AC_LANG_SOURCE([[
1736#include <stdio.h>
1737int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1738 ]])],
1739 [AC_MSG_RESULT(yes)],
1740 [
1741 AC_MSG_RESULT(no)
1742 AC_DEFINE(BROKEN_SNPRINTF, 1,
1743 [Define if your snprintf is busted])
1744 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1745 ],
1746 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1747 )
1748fi
1749
1750# If we don't have a working asprintf, then we strongly depend on vsnprintf
1751# returning the right thing on overflow: the number of characters it tried to
1752# create (as per SUSv3)
1753if test "x$ac_cv_func_asprintf" != "xyes" && \
1754 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1755 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1756 AC_RUN_IFELSE(
1757 [AC_LANG_SOURCE([[
1758#include <sys/types.h>
1759#include <stdio.h>
1760#include <stdarg.h>
1761
1762int x_snprintf(char *str,size_t count,const char *fmt,...)
1763{
1764 size_t ret; va_list ap;
1765 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1766 return ret;
1767}
1768int main(void)
1769{
1770 char x[1];
1771 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1772} ]])],
1773 [AC_MSG_RESULT(yes)],
1774 [
1775 AC_MSG_RESULT(no)
1776 AC_DEFINE(BROKEN_SNPRINTF, 1,
1777 [Define if your snprintf is busted])
1778 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1779 ],
1780 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1781 )
1782fi
1783
1784# On systems where [v]snprintf is broken, but is declared in stdio,
1785# check that the fmt argument is const char * or just char *.
1786# This is only useful for when BROKEN_SNPRINTF
1787AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1788AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1789 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1790 int main(void) { snprintf(0, 0, 0); }
1791 ]])],
1792 [AC_MSG_RESULT(yes)
1793 AC_DEFINE(SNPRINTF_CONST, [const],
1794 [Define as const if snprintf() can declare const char *fmt])],
1795 [AC_MSG_RESULT(no)
1796 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1797
1798# Check for missing getpeereid (or equiv) support
1799NO_PEERCHECK=""
1800if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1801 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1802 AC_TRY_COMPILE(
1803 [#include <sys/types.h>
1804 #include <sys/socket.h>],
1805 [int i = SO_PEERCRED;],
1806 [ AC_MSG_RESULT(yes)
1807 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1808 ],
1809 [AC_MSG_RESULT(no)
1810 NO_PEERCHECK=1]
1811 )
1812fi
1813
1814dnl see whether mkstemp() requires XXXXXX
1815if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1816AC_MSG_CHECKING([for (overly) strict mkstemp])
1817AC_RUN_IFELSE(
1818 [AC_LANG_SOURCE([[
1819#include <stdlib.h>
1820main() { char template[]="conftest.mkstemp-test";
1821if (mkstemp(template) == -1)
1822 exit(1);
1823unlink(template); exit(0);
1824}
1825 ]])],
1826 [
1827 AC_MSG_RESULT(no)
1828 ],
1829 [
1830 AC_MSG_RESULT(yes)
1831 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1832 ],
1833 [
1834 AC_MSG_RESULT(yes)
1835 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1836 ]
1837)
1838fi
1839
1840dnl make sure that openpty does not reacquire controlling terminal
1841if test ! -z "$check_for_openpty_ctty_bug"; then
1842 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1843 AC_RUN_IFELSE(
1844 [AC_LANG_SOURCE([[
1845#include <stdio.h>
1846#include <sys/fcntl.h>
1847#include <sys/types.h>
1848#include <sys/wait.h>
1849
1850int
1851main()
1852{
1853 pid_t pid;
1854 int fd, ptyfd, ttyfd, status;
1855
1856 pid = fork();
1857 if (pid < 0) { /* failed */
1858 exit(1);
1859 } else if (pid > 0) { /* parent */
1860 waitpid(pid, &status, 0);
1861 if (WIFEXITED(status))
1862 exit(WEXITSTATUS(status));
1863 else
1864 exit(2);
1865 } else { /* child */
1866 close(0); close(1); close(2);
1867 setsid();
1868 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1869 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1870 if (fd >= 0)
1871 exit(3); /* Acquired ctty: broken */
1872 else
1873 exit(0); /* Did not acquire ctty: OK */
1874 }
1875}
1876 ]])],
1877 [
1878 AC_MSG_RESULT(yes)
1879 ],
1880 [
1881 AC_MSG_RESULT(no)
1882 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1883 ],
1884 [
1885 AC_MSG_RESULT(cross-compiling, assuming yes)
1886 ]
1887 )
1888fi
1889
1890if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1891 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1892 AC_MSG_CHECKING(if getaddrinfo seems to work)
1893 AC_RUN_IFELSE(
1894 [AC_LANG_SOURCE([[
1895#include <stdio.h>
1896#include <sys/socket.h>
1897#include <netdb.h>
1898#include <errno.h>
1899#include <netinet/in.h>
1900
1901#define TEST_PORT "2222"
1902
1903int
1904main(void)
1905{
1906 int err, sock;
1907 struct addrinfo *gai_ai, *ai, hints;
1908 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1909
1910 memset(&hints, 0, sizeof(hints));
1911 hints.ai_family = PF_UNSPEC;
1912 hints.ai_socktype = SOCK_STREAM;
1913 hints.ai_flags = AI_PASSIVE;
1914
1915 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1916 if (err != 0) {
1917 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1918 exit(1);
1919 }
1920
1921 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1922 if (ai->ai_family != AF_INET6)
1923 continue;
1924
1925 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1926 sizeof(ntop), strport, sizeof(strport),
1927 NI_NUMERICHOST|NI_NUMERICSERV);
1928
1929 if (err != 0) {
1930 if (err == EAI_SYSTEM)
1931 perror("getnameinfo EAI_SYSTEM");
1932 else
1933 fprintf(stderr, "getnameinfo failed: %s\n",
1934 gai_strerror(err));
1935 exit(2);
1936 }
1937
1938 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1939 if (sock < 0)
1940 perror("socket");
1941 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1942 if (errno == EBADF)
1943 exit(3);
1944 }
1945 }
1946 exit(0);
1947}
1948 ]])],
1949 [
1950 AC_MSG_RESULT(yes)
1951 ],
1952 [
1953 AC_MSG_RESULT(no)
1954 AC_DEFINE(BROKEN_GETADDRINFO)
1955 ],
1956 [
1957 AC_MSG_RESULT(cross-compiling, assuming yes)
1958 ]
1959 )
1960fi
1961
1962if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1963 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1964 AC_MSG_CHECKING(if getaddrinfo seems to work)
1965 AC_RUN_IFELSE(
1966 [AC_LANG_SOURCE([[
1967#include <stdio.h>
1968#include <sys/socket.h>
1969#include <netdb.h>
1970#include <errno.h>
1971#include <netinet/in.h>
1972
1973#define TEST_PORT "2222"
1974
1975int
1976main(void)
1977{
1978 int err, sock;
1979 struct addrinfo *gai_ai, *ai, hints;
1980 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1981
1982 memset(&hints, 0, sizeof(hints));
1983 hints.ai_family = PF_UNSPEC;
1984 hints.ai_socktype = SOCK_STREAM;
1985 hints.ai_flags = AI_PASSIVE;
1986
1987 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1988 if (err != 0) {
1989 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1990 exit(1);
1991 }
1992
1993 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1994 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1995 continue;
1996
1997 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1998 sizeof(ntop), strport, sizeof(strport),
1999 NI_NUMERICHOST|NI_NUMERICSERV);
2000
2001 if (ai->ai_family == AF_INET && err != 0) {
2002 perror("getnameinfo");
2003 exit(2);
2004 }
2005 }
2006 exit(0);
2007}
2008 ]])],
2009 [
2010 AC_MSG_RESULT(yes)
2011 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
2012 [Define if you have a getaddrinfo that fails
2013 for the all-zeros IPv6 address])
2014 ],
2015 [
2016 AC_MSG_RESULT(no)
2017 AC_DEFINE(BROKEN_GETADDRINFO)
2018 ],
2019 [
2020 AC_MSG_RESULT(cross-compiling, assuming no)
2021 ]
2022 )
2023fi
2024
2025if test "x$check_for_conflicting_getspnam" = "x1"; then
2026 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
2027 AC_COMPILE_IFELSE(
2028 [
2029#include <shadow.h>
2030int main(void) {exit(0);}
2031 ],
2032 [
2033 AC_MSG_RESULT(no)
2034 ],
2035 [
2036 AC_MSG_RESULT(yes)
2037 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
2038 [Conflicting defs for getspnam])
2039 ]
2040 )
2041fi
2042
2043AC_FUNC_GETPGRP
2044
2045# Search for OpenSSL
2046saved_CPPFLAGS="$CPPFLAGS"
2047saved_LDFLAGS="$LDFLAGS"
2048AC_ARG_WITH(ssl-dir,
2049 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2050 [
2051 if test "x$withval" != "xno" ; then
2052 case "$withval" in
2053 # Relative paths
2054 ./*|../*) withval="`pwd`/$withval"
2055 esac
2056 if test -d "$withval/lib"; then
2057 if test -n "${need_dash_r}"; then
2058 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2059 else
2060 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2061 fi
2062 else
2063 if test -n "${need_dash_r}"; then
2064 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2065 else
2066 LDFLAGS="-L${withval} ${LDFLAGS}"
2067 fi
2068 fi
2069 if test -d "$withval/include"; then
2070 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2071 else
2072 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2073 fi
2074 fi
2075 ]
2076)
2077
2078if test -z "$GSI_LIBS" ; then
2079LIBS="-lcrypto $LIBS"
2080fi
2081AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
2082 [Define if your ssl headers are included
2083 with #include <openssl/header.h>]),
2084 [
2085 dnl Check default openssl install dir
2086 if test -n "${need_dash_r}"; then
2087 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2088 else
2089 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2090 fi
2091 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2092 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2093 [
2094 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2095 ]
2096 )
2097 ]
2098)
2099
2100# Determine OpenSSL header version
2101AC_MSG_CHECKING([OpenSSL header version])
2102AC_RUN_IFELSE(
2103 [AC_LANG_SOURCE([[
2104#include <stdio.h>
2105#include <string.h>
2106#include <openssl/opensslv.h>
2107#define DATA "conftest.sslincver"
2108int main(void) {
2109 FILE *fd;
2110 int rc;
2111
2112 fd = fopen(DATA,"w");
2113 if(fd == NULL)
2114 exit(1);
2115
2116 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2117 exit(1);
2118
2119 exit(0);
2120}
2121 ]])],
2122 [
2123 ssl_header_ver=`cat conftest.sslincver`
2124 AC_MSG_RESULT($ssl_header_ver)
2125 ],
2126 [
2127 AC_MSG_RESULT(not found)
2128 AC_MSG_ERROR(OpenSSL version header not found.)
2129 ],
2130 [
2131 AC_MSG_WARN([cross compiling: not checking])
2132 ]
2133)
2134
2135# Determine OpenSSL library version
2136AC_MSG_CHECKING([OpenSSL library version])
2137AC_RUN_IFELSE(
2138 [AC_LANG_SOURCE([[
2139#include <stdio.h>
2140#include <string.h>
2141#include <openssl/opensslv.h>
2142#include <openssl/crypto.h>
2143#define DATA "conftest.ssllibver"
2144int main(void) {
2145 FILE *fd;
2146 int rc;
2147
2148 fd = fopen(DATA,"w");
2149 if(fd == NULL)
2150 exit(1);
2151
2152 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2153 exit(1);
2154
2155 exit(0);
2156}
2157 ]])],
2158 [
2159 ssl_library_ver=`cat conftest.ssllibver`
2160 AC_MSG_RESULT($ssl_library_ver)
2161 ],
2162 [
2163 AC_MSG_RESULT(not found)
2164 AC_MSG_ERROR(OpenSSL library not found.)
2165 ],
2166 [
2167 AC_MSG_WARN([cross compiling: not checking])
2168 ]
2169)
2170
2171AC_ARG_WITH(openssl-header-check,
2172 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2173 [ if test "x$withval" = "xno" ; then
2174 openssl_check_nonfatal=1
2175 fi
2176 ]
2177)
2178
2179# Sanity check OpenSSL headers
2180AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2181AC_RUN_IFELSE(
2182 [AC_LANG_SOURCE([[
2183#include <string.h>
2184#include <openssl/opensslv.h>
2185int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2186 ]])],
2187 [
2188 AC_MSG_RESULT(yes)
2189 ],
2190 [
2191 AC_MSG_RESULT(no)
2192 if test "x$openssl_check_nonfatal" = "x"; then
2193 AC_MSG_ERROR([Your OpenSSL headers do not match your
2194library. Check config.log for details.
2195If you are sure your installation is consistent, you can disable the check
2196by running "./configure --without-openssl-header-check".
2197Also see contrib/findssl.sh for help identifying header/library mismatches.
2198])
2199 else
2200 AC_MSG_WARN([Your OpenSSL headers do not match your
2201library. Check config.log for details.
2202Also see contrib/findssl.sh for help identifying header/library mismatches.])
2203 fi
2204 ],
2205 [
2206 AC_MSG_WARN([cross compiling: not checking])
2207 ]
2208)
2209
2210AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2211AC_LINK_IFELSE(
2212 [AC_LANG_SOURCE([[
2213#include <openssl/evp.h>
2214int main(void) { SSLeay_add_all_algorithms(); }
2215 ]])],
2216 [
2217 AC_MSG_RESULT(yes)
2218 ],
2219 [
2220 AC_MSG_RESULT(no)
2221 saved_LIBS="$LIBS"
2222 LIBS="$LIBS -ldl"
2223 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2224 AC_LINK_IFELSE(
2225 [AC_LANG_SOURCE([[
2226#include <openssl/evp.h>
2227int main(void) { SSLeay_add_all_algorithms(); }
2228 ]])],
2229 [
2230 AC_MSG_RESULT(yes)
2231 ],
2232 [
2233 AC_MSG_RESULT(no)
2234 LIBS="$saved_LIBS"
2235 ]
2236 )
2237 ]
2238)
2239
2240AC_ARG_WITH(ssl-engine,
2241 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2242 [ if test "x$withval" != "xno" ; then
2243 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2244 AC_TRY_COMPILE(
2245 [ #include <openssl/engine.h>],
2246 [
2247ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2248 ],
2249 [ AC_MSG_RESULT(yes)
2250 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2251 [Enable OpenSSL engine support])
2252 ],
2253 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2254 )
2255 fi ]
2256)
2257
2258# Check for OpenSSL without EVP_aes_{192,256}_cbc
2259AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2260AC_LINK_IFELSE(
2261 [AC_LANG_SOURCE([[
2262#include <string.h>
2263#include <openssl/evp.h>
2264int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2265 ]])],
2266 [
2267 AC_MSG_RESULT(no)
2268 ],
2269 [
2270 AC_MSG_RESULT(yes)
2271 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2272 [libcrypto is missing AES 192 and 256 bit functions])
2273 ]
2274)
2275
2276# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2277# because the system crypt() is more featureful.
2278if test "x$check_for_libcrypt_before" = "x1"; then
2279 AC_CHECK_LIB(crypt, crypt)
2280fi
2281
2282# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2283# version in OpenSSL.
2284if test "x$check_for_libcrypt_later" = "x1"; then
2285 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2286fi
2287
2288# Search for SHA256 support in libc and/or OpenSSL
2289AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2290
2291saved_LIBS="$LIBS"
2292AC_CHECK_LIB(iaf, ia_openinfo, [
2293 LIBS="$LIBS -liaf"
2294 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2295 AC_DEFINE(HAVE_LIBIAF, 1,
2296 [Define if system has libiaf that supports set_id])
2297 ])
2298])
2299LIBS="$saved_LIBS"
2300
2301### Configure cryptographic random number support
2302
2303# Check wheter OpenSSL seeds itself
2304AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2305AC_RUN_IFELSE(
2306 [AC_LANG_SOURCE([[
2307#include <string.h>
2308#include <openssl/rand.h>
2309int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2310 ]])],
2311 [
2312 OPENSSL_SEEDS_ITSELF=yes
2313 AC_MSG_RESULT(yes)
2314 ],
2315 [
2316 AC_MSG_RESULT(no)
2317 # Default to use of the rand helper if OpenSSL doesn't
2318 # seed itself
2319 USE_RAND_HELPER=yes
2320 ],
2321 [
2322 AC_MSG_WARN([cross compiling: assuming yes])
2323 # This is safe, since all recent OpenSSL versions will
2324 # complain at runtime if not seeded correctly.
2325 OPENSSL_SEEDS_ITSELF=yes
2326 ]
2327)
2328
2329# Check for PAM libs
2330PAM_MSG="no"
2331AC_ARG_WITH(pam,
2332 [ --with-pam Enable PAM support ],
2333 [
2334 if test "x$withval" != "xno" ; then
2335 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2336 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2337 AC_MSG_ERROR([PAM headers not found])
2338 fi
2339
2340 saved_LIBS="$LIBS"
2341 AC_CHECK_LIB(dl, dlopen, , )
2342 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2343 AC_CHECK_FUNCS(pam_getenvlist)
2344 AC_CHECK_FUNCS(pam_putenv)
2345 LIBS="$saved_LIBS"
2346
2347 PAM_MSG="yes"
2348
2349 SSHDLIBS="$SSHDLIBS -lpam"
2350 AC_DEFINE(USE_PAM, 1,
2351 [Define if you want to enable PAM support])
2352
2353 if test $ac_cv_lib_dl_dlopen = yes; then
2354 case "$LIBS" in
2355 *-ldl*)
2356 # libdl already in LIBS
2357 ;;
2358 *)
2359 SSHDLIBS="$SSHDLIBS -ldl"
2360 ;;
2361 esac
2362 fi
2363 fi
2364 ],
2365 [
2366 saved_LIBS="$LIBS"
2367 AC_CHECK_LIB(dl, dlopen, , )
2368 AC_CHECK_LIB(pam, pam_set_item, , )
2369 AC_CHECK_FUNCS(pam_getenvlist)
2370 AC_CHECK_FUNCS(pam_putenv)
2371 LIBS="$saved_LIBS"
2372
2373 if (test "x$ac_cv_header_security_pam_appl_h" = "xyes" || \
2374 test "x$ac_cv_header_pam_pam_appl_h" = "xyes") &&
2375 test "x$ac_cv_lib_pam_pam_set_item" = "xyes" ; then
2376
2377 PAM_MSG="yes"
2378
2379 LIBPAM="-lpam"
2380
2381 if test $ac_cv_lib_dl_dlopen = yes; then
2382 case "$LIBS" in
2383 *-ldl*)
2384 # libdl already in LIBS
2385 ;;
2386 *)
2387 LIBPAM="$LIBPAM -ldl"
2388 ;;
2389 esac
2390 fi
2391 AC_SUBST(LIBPAM)
2392 fi
2393 ]
2394)
2395
2396# Check for older PAM
2397if test "x$PAM_MSG" = "xyes" ; then
2398 # Check PAM strerror arguments (old PAM)
2399 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2400 AC_TRY_COMPILE(
2401 [
2402#include <stdlib.h>
2403#if defined(HAVE_SECURITY_PAM_APPL_H)
2404#include <security/pam_appl.h>
2405#elif defined (HAVE_PAM_PAM_APPL_H)
2406#include <pam/pam_appl.h>
2407#endif
2408 ],
2409 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2410 [AC_MSG_RESULT(no)],
2411 [
2412 AC_DEFINE(HAVE_OLD_PAM, 1,
2413 [Define if you have an old version of PAM
2414 which takes only one argument to pam_strerror])
2415 AC_MSG_RESULT(yes)
2416 PAM_MSG="yes (old library)"
2417 ]
2418 )
2419fi
2420
2421# Do we want to force the use of the rand helper?
2422AC_ARG_WITH(rand-helper,
2423 [ --with-rand-helper Use subprocess to gather strong randomness ],
2424 [
2425 if test "x$withval" = "xno" ; then
2426 # Force use of OpenSSL's internal RNG, even if
2427 # the previous test showed it to be unseeded.
2428 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2429 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2430 OPENSSL_SEEDS_ITSELF=yes
2431 USE_RAND_HELPER=""
2432 fi
2433 else
2434 USE_RAND_HELPER=yes
2435 fi
2436 ],
2437)
2438
2439# Which randomness source do we use?
2440if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2441 # OpenSSL only
2442 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2443 [Define if you want OpenSSL's internally seeded PRNG only])
2444 RAND_MSG="OpenSSL internal ONLY"
2445 INSTALL_SSH_RAND_HELPER=""
2446elif test ! -z "$USE_RAND_HELPER" ; then
2447 # install rand helper
2448 RAND_MSG="ssh-rand-helper"
2449 INSTALL_SSH_RAND_HELPER="yes"
2450fi
2451AC_SUBST(INSTALL_SSH_RAND_HELPER)
2452
2453### Configuration of ssh-rand-helper
2454
2455# PRNGD TCP socket
2456AC_ARG_WITH(prngd-port,
2457 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2458 [
2459 case "$withval" in
2460 no)
2461 withval=""
2462 ;;
2463 [[0-9]]*)
2464 ;;
2465 *)
2466 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2467 ;;
2468 esac
2469 if test ! -z "$withval" ; then
2470 PRNGD_PORT="$withval"
2471 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2472 [Port number of PRNGD/EGD random number socket])
2473 fi
2474 ]
2475)
2476
2477# PRNGD Unix domain socket
2478AC_ARG_WITH(prngd-socket,
2479 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2480 [
2481 case "$withval" in
2482 yes)
2483 withval="/var/run/egd-pool"
2484 ;;
2485 no)
2486 withval=""
2487 ;;
2488 /*)
2489 ;;
2490 *)
2491 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2492 ;;
2493 esac
2494
2495 if test ! -z "$withval" ; then
2496 if test ! -z "$PRNGD_PORT" ; then
2497 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2498 fi
2499 if test ! -r "$withval" ; then
2500 AC_MSG_WARN(Entropy socket is not readable)
2501 fi
2502 PRNGD_SOCKET="$withval"
2503 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2504 [Location of PRNGD/EGD random number socket])
2505 fi
2506 ],
2507 [
2508 # Check for existing socket only if we don't have a random device already
2509 if test "$USE_RAND_HELPER" = yes ; then
2510 AC_MSG_CHECKING(for PRNGD/EGD socket)
2511 # Insert other locations here
2512 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2513 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2514 PRNGD_SOCKET="$sock"
2515 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2516 break;
2517 fi
2518 done
2519 if test ! -z "$PRNGD_SOCKET" ; then
2520 AC_MSG_RESULT($PRNGD_SOCKET)
2521 else
2522 AC_MSG_RESULT(not found)
2523 fi
2524 fi
2525 ]
2526)
2527
2528# Change default command timeout for hashing entropy source
2529entropy_timeout=200
2530AC_ARG_WITH(entropy-timeout,
2531 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2532 [
2533 if test -n "$withval" && test "x$withval" != "xno" && \
2534 test "x${withval}" != "xyes"; then
2535 entropy_timeout=$withval
2536 fi
2537 ]
2538)
2539AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2540 [Builtin PRNG command timeout])
2541
2542SSH_PRIVSEP_USER=sshd
2543AC_ARG_WITH(privsep-user,
2544 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2545 [
2546 if test -n "$withval" && test "x$withval" != "xno" && \
2547 test "x${withval}" != "xyes"; then
2548 SSH_PRIVSEP_USER=$withval
2549 fi
2550 ]
2551)
2552AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2553 [non-privileged user for privilege separation])
2554AC_SUBST(SSH_PRIVSEP_USER)
2555
2556# We do this little dance with the search path to insure
2557# that programs that we select for use by installed programs
2558# (which may be run by the super-user) come from trusted
2559# locations before they come from the user's private area.
2560# This should help avoid accidentally configuring some
2561# random version of a program in someone's personal bin.
2562
2563OPATH=$PATH
2564PATH=/bin:/usr/bin
2565test -h /bin 2> /dev/null && PATH=/usr/bin
2566test -d /sbin && PATH=$PATH:/sbin
2567test -d /usr/sbin && PATH=$PATH:/usr/sbin
2568PATH=$PATH:/etc:$OPATH
2569
2570# These programs are used by the command hashing source to gather entropy
2571OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2572OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2573OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2574OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2575OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2576OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2577OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2578OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2579OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2580OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2581OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2582OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2583OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2584OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2585OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2586OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2587# restore PATH
2588PATH=$OPATH
2589
2590# Where does ssh-rand-helper get its randomness from?
2591INSTALL_SSH_PRNG_CMDS=""
2592if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2593 if test ! -z "$PRNGD_PORT" ; then
2594 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2595 elif test ! -z "$PRNGD_SOCKET" ; then
2596 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2597 else
2598 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2599 RAND_HELPER_CMDHASH=yes
2600 INSTALL_SSH_PRNG_CMDS="yes"
2601 fi
2602fi
2603AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2604
2605
2606# Cheap hack to ensure NEWS-OS libraries are arranged right.
2607if test ! -z "$SONY" ; then
2608 LIBS="$LIBS -liberty";
2609fi
2610
2611# Check for long long datatypes
2612AC_CHECK_TYPES([long long, unsigned long long, long double])
2613
2614# Check datatype sizes
2615AC_CHECK_SIZEOF(char, 1)
2616AC_CHECK_SIZEOF(short int, 2)
2617AC_CHECK_SIZEOF(int, 4)
2618AC_CHECK_SIZEOF(long int, 4)
2619AC_CHECK_SIZEOF(long long int, 8)
2620
2621# Sanity check long long for some platforms (AIX)
2622if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2623 ac_cv_sizeof_long_long_int=0
2624fi
2625
2626# compute LLONG_MIN and LLONG_MAX if we don't know them.
2627if test -z "$have_llong_max"; then
2628 AC_MSG_CHECKING([for max value of long long])
2629 AC_RUN_IFELSE(
2630 [AC_LANG_SOURCE([[
2631#include <stdio.h>
2632/* Why is this so damn hard? */
2633#ifdef __GNUC__
2634# undef __GNUC__
2635#endif
2636#define __USE_ISOC99
2637#include <limits.h>
2638#define DATA "conftest.llminmax"
2639#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2640
2641/*
2642 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2643 * we do this the hard way.
2644 */
2645static int
2646fprint_ll(FILE *f, long long n)
2647{
2648 unsigned int i;
2649 int l[sizeof(long long) * 8];
2650
2651 if (n < 0)
2652 if (fprintf(f, "-") < 0)
2653 return -1;
2654 for (i = 0; n != 0; i++) {
2655 l[i] = my_abs(n % 10);
2656 n /= 10;
2657 }
2658 do {
2659 if (fprintf(f, "%d", l[--i]) < 0)
2660 return -1;
2661 } while (i != 0);
2662 if (fprintf(f, " ") < 0)
2663 return -1;
2664 return 0;
2665}
2666
2667int main(void) {
2668 FILE *f;
2669 long long i, llmin, llmax = 0;
2670
2671 if((f = fopen(DATA,"w")) == NULL)
2672 exit(1);
2673
2674#if defined(LLONG_MIN) && defined(LLONG_MAX)
2675 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2676 llmin = LLONG_MIN;
2677 llmax = LLONG_MAX;
2678#else
2679 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2680 /* This will work on one's complement and two's complement */
2681 for (i = 1; i > llmax; i <<= 1, i++)
2682 llmax = i;
2683 llmin = llmax + 1LL; /* wrap */
2684#endif
2685
2686 /* Sanity check */
2687 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2688 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2689 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2690 fprintf(f, "unknown unknown\n");
2691 exit(2);
2692 }
2693
2694 if (fprint_ll(f, llmin) < 0)
2695 exit(3);
2696 if (fprint_ll(f, llmax) < 0)
2697 exit(4);
2698 if (fclose(f) < 0)
2699 exit(5);
2700 exit(0);
2701}
2702 ]])],
2703 [
2704 llong_min=`$AWK '{print $1}' conftest.llminmax`
2705 llong_max=`$AWK '{print $2}' conftest.llminmax`
2706
2707 AC_MSG_RESULT($llong_max)
2708 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2709 [max value of long long calculated by configure])
2710 AC_MSG_CHECKING([for min value of long long])
2711 AC_MSG_RESULT($llong_min)
2712 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2713 [min value of long long calculated by configure])
2714 ],
2715 [
2716 AC_MSG_RESULT(not found)
2717 ],
2718 [
2719 AC_MSG_WARN([cross compiling: not checking])
2720 ]
2721 )
2722fi
2723
2724
2725# More checks for data types
2726AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2727 AC_TRY_COMPILE(
2728 [ #include <sys/types.h> ],
2729 [ u_int a; a = 1;],
2730 [ ac_cv_have_u_int="yes" ],
2731 [ ac_cv_have_u_int="no" ]
2732 )
2733])
2734if test "x$ac_cv_have_u_int" = "xyes" ; then
2735 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2736 have_u_int=1
2737fi
2738
2739AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2740 AC_TRY_COMPILE(
2741 [ #include <sys/types.h> ],
2742 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2743 [ ac_cv_have_intxx_t="yes" ],
2744 [ ac_cv_have_intxx_t="no" ]
2745 )
2746])
2747if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2748 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2749 have_intxx_t=1
2750fi
2751
2752if (test -z "$have_intxx_t" && \
2753 test "x$ac_cv_header_stdint_h" = "xyes")
2754then
2755 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2756 AC_TRY_COMPILE(
2757 [ #include <stdint.h> ],
2758 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2759 [
2760 AC_DEFINE(HAVE_INTXX_T)
2761 AC_MSG_RESULT(yes)
2762 ],
2763 [ AC_MSG_RESULT(no) ]
2764 )
2765fi
2766
2767AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2768 AC_TRY_COMPILE(
2769 [
2770#include <sys/types.h>
2771#ifdef HAVE_STDINT_H
2772# include <stdint.h>
2773#endif
2774#include <sys/socket.h>
2775#ifdef HAVE_SYS_BITYPES_H
2776# include <sys/bitypes.h>
2777#endif
2778 ],
2779 [ int64_t a; a = 1;],
2780 [ ac_cv_have_int64_t="yes" ],
2781 [ ac_cv_have_int64_t="no" ]
2782 )
2783])
2784if test "x$ac_cv_have_int64_t" = "xyes" ; then
2785 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2786fi
2787
2788AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2789 AC_TRY_COMPILE(
2790 [ #include <sys/types.h> ],
2791 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2792 [ ac_cv_have_u_intxx_t="yes" ],
2793 [ ac_cv_have_u_intxx_t="no" ]
2794 )
2795])
2796if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2797 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2798 have_u_intxx_t=1
2799fi
2800
2801if test -z "$have_u_intxx_t" ; then
2802 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2803 AC_TRY_COMPILE(
2804 [ #include <sys/socket.h> ],
2805 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2806 [
2807 AC_DEFINE(HAVE_U_INTXX_T)
2808 AC_MSG_RESULT(yes)
2809 ],
2810 [ AC_MSG_RESULT(no) ]
2811 )
2812fi
2813
2814AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2815 AC_TRY_COMPILE(
2816 [ #include <sys/types.h> ],
2817 [ u_int64_t a; a = 1;],
2818 [ ac_cv_have_u_int64_t="yes" ],
2819 [ ac_cv_have_u_int64_t="no" ]
2820 )
2821])
2822if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2823 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2824 have_u_int64_t=1
2825fi
2826
2827if test -z "$have_u_int64_t" ; then
2828 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2829 AC_TRY_COMPILE(
2830 [ #include <sys/bitypes.h> ],
2831 [ u_int64_t a; a = 1],
2832 [
2833 AC_DEFINE(HAVE_U_INT64_T)
2834 AC_MSG_RESULT(yes)
2835 ],
2836 [ AC_MSG_RESULT(no) ]
2837 )
2838fi
2839
2840if test -z "$have_u_intxx_t" ; then
2841 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2842 AC_TRY_COMPILE(
2843 [
2844#include <sys/types.h>
2845 ],
2846 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2847 [ ac_cv_have_uintxx_t="yes" ],
2848 [ ac_cv_have_uintxx_t="no" ]
2849 )
2850 ])
2851 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2852 AC_DEFINE(HAVE_UINTXX_T, 1,
2853 [define if you have uintxx_t data type])
2854 fi
2855fi
2856
2857if test -z "$have_uintxx_t" ; then
2858 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2859 AC_TRY_COMPILE(
2860 [ #include <stdint.h> ],
2861 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2862 [
2863 AC_DEFINE(HAVE_UINTXX_T)
2864 AC_MSG_RESULT(yes)
2865 ],
2866 [ AC_MSG_RESULT(no) ]
2867 )
2868fi
2869
2870if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2871 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2872then
2873 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2874 AC_TRY_COMPILE(
2875 [
2876#include <sys/bitypes.h>
2877 ],
2878 [
2879 int8_t a; int16_t b; int32_t c;
2880 u_int8_t e; u_int16_t f; u_int32_t g;
2881 a = b = c = e = f = g = 1;
2882 ],
2883 [
2884 AC_DEFINE(HAVE_U_INTXX_T)
2885 AC_DEFINE(HAVE_INTXX_T)
2886 AC_MSG_RESULT(yes)
2887 ],
2888 [AC_MSG_RESULT(no)]
2889 )
2890fi
2891
2892
2893AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2894 AC_TRY_COMPILE(
2895 [
2896#include <sys/types.h>
2897 ],
2898 [ u_char foo; foo = 125; ],
2899 [ ac_cv_have_u_char="yes" ],
2900 [ ac_cv_have_u_char="no" ]
2901 )
2902])
2903if test "x$ac_cv_have_u_char" = "xyes" ; then
2904 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2905fi
2906
2907TYPE_SOCKLEN_T
2908
2909AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2910AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2911#include <sys/types.h>
2912#ifdef HAVE_SYS_BITYPES_H
2913#include <sys/bitypes.h>
2914#endif
2915#ifdef HAVE_SYS_STATFS_H
2916#include <sys/statfs.h>
2917#endif
2918#ifdef HAVE_SYS_STATVFS_H
2919#include <sys/statvfs.h>
2920#endif
2921])
2922
2923AC_CHECK_TYPES(in_addr_t,,,
2924[#include <sys/types.h>
2925#include <netinet/in.h>])
2926
2927AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2928 AC_TRY_COMPILE(
2929 [
2930#include <sys/types.h>
2931 ],
2932 [ size_t foo; foo = 1235; ],
2933 [ ac_cv_have_size_t="yes" ],
2934 [ ac_cv_have_size_t="no" ]
2935 )
2936])
2937if test "x$ac_cv_have_size_t" = "xyes" ; then
2938 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2939fi
2940
2941AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2942 AC_TRY_COMPILE(
2943 [
2944#include <sys/types.h>
2945 ],
2946 [ ssize_t foo; foo = 1235; ],
2947 [ ac_cv_have_ssize_t="yes" ],
2948 [ ac_cv_have_ssize_t="no" ]
2949 )
2950])
2951if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2952 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2953fi
2954
2955AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2956 AC_TRY_COMPILE(
2957 [
2958#include <time.h>
2959 ],
2960 [ clock_t foo; foo = 1235; ],
2961 [ ac_cv_have_clock_t="yes" ],
2962 [ ac_cv_have_clock_t="no" ]
2963 )
2964])
2965if test "x$ac_cv_have_clock_t" = "xyes" ; then
2966 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2967fi
2968
2969AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2970 AC_TRY_COMPILE(
2971 [
2972#include <sys/types.h>
2973#include <sys/socket.h>
2974 ],
2975 [ sa_family_t foo; foo = 1235; ],
2976 [ ac_cv_have_sa_family_t="yes" ],
2977 [ AC_TRY_COMPILE(
2978 [
2979#include <sys/types.h>
2980#include <sys/socket.h>
2981#include <netinet/in.h>
2982 ],
2983 [ sa_family_t foo; foo = 1235; ],
2984 [ ac_cv_have_sa_family_t="yes" ],
2985
2986 [ ac_cv_have_sa_family_t="no" ]
2987 )]
2988 )
2989])
2990if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2991 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2992 [define if you have sa_family_t data type])
2993fi
2994
2995AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2996 AC_TRY_COMPILE(
2997 [
2998#include <sys/types.h>
2999 ],
3000 [ pid_t foo; foo = 1235; ],
3001 [ ac_cv_have_pid_t="yes" ],
3002 [ ac_cv_have_pid_t="no" ]
3003 )
3004])
3005if test "x$ac_cv_have_pid_t" = "xyes" ; then
3006 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
3007fi
3008
3009AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
3010 AC_TRY_COMPILE(
3011 [
3012#include <sys/types.h>
3013 ],
3014 [ mode_t foo; foo = 1235; ],
3015 [ ac_cv_have_mode_t="yes" ],
3016 [ ac_cv_have_mode_t="no" ]
3017 )
3018])
3019if test "x$ac_cv_have_mode_t" = "xyes" ; then
3020 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
3021fi
3022
3023
3024AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3025 AC_TRY_COMPILE(
3026 [
3027#include <sys/types.h>
3028#include <sys/socket.h>
3029 ],
3030 [ struct sockaddr_storage s; ],
3031 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3032 [ ac_cv_have_struct_sockaddr_storage="no" ]
3033 )
3034])
3035if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3036 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
3037 [define if you have struct sockaddr_storage data type])
3038fi
3039
3040AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3041 AC_TRY_COMPILE(
3042 [
3043#include <sys/types.h>
3044#include <netinet/in.h>
3045 ],
3046 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
3047 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3048 [ ac_cv_have_struct_sockaddr_in6="no" ]
3049 )
3050])
3051if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3052 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
3053 [define if you have struct sockaddr_in6 data type])
3054fi
3055
3056AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3057 AC_TRY_COMPILE(
3058 [
3059#include <sys/types.h>
3060#include <netinet/in.h>
3061 ],
3062 [ struct in6_addr s; s.s6_addr[0] = 0; ],
3063 [ ac_cv_have_struct_in6_addr="yes" ],
3064 [ ac_cv_have_struct_in6_addr="no" ]
3065 )
3066])
3067if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3068 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
3069 [define if you have struct in6_addr data type])
3070
3071dnl Now check for sin6_scope_id
3072 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
3073 [
3074#ifdef HAVE_SYS_TYPES_H
3075#include <sys/types.h>
3076#endif
3077#include <netinet/in.h>
3078 ])
3079fi
3080
3081AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3082 AC_TRY_COMPILE(
3083 [
3084#include <sys/types.h>
3085#include <sys/socket.h>
3086#include <netdb.h>
3087 ],
3088 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
3089 [ ac_cv_have_struct_addrinfo="yes" ],
3090 [ ac_cv_have_struct_addrinfo="no" ]
3091 )
3092])
3093if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3094 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
3095 [define if you have struct addrinfo data type])
3096fi
3097
3098AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3099 AC_TRY_COMPILE(
3100 [ #include <sys/time.h> ],
3101 [ struct timeval tv; tv.tv_sec = 1;],
3102 [ ac_cv_have_struct_timeval="yes" ],
3103 [ ac_cv_have_struct_timeval="no" ]
3104 )
3105])
3106if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3107 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3108 have_struct_timeval=1
3109fi
3110
3111AC_CHECK_TYPES(struct timespec)
3112
3113# We need int64_t or else certian parts of the compile will fail.
3114if test "x$ac_cv_have_int64_t" = "xno" && \
3115 test "x$ac_cv_sizeof_long_int" != "x8" && \
3116 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3117 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3118 echo "an alternative compiler (I.E., GCC) before continuing."
3119 echo ""
3120 exit 1;
3121else
3122dnl test snprintf (broken on SCO w/gcc)
3123 AC_RUN_IFELSE(
3124 [AC_LANG_SOURCE([[
3125#include <stdio.h>
3126#include <string.h>
3127#ifdef HAVE_SNPRINTF
3128main()
3129{
3130 char buf[50];
3131 char expected_out[50];
3132 int mazsize = 50 ;
3133#if (SIZEOF_LONG_INT == 8)
3134 long int num = 0x7fffffffffffffff;
3135#else
3136 long long num = 0x7fffffffffffffffll;
3137#endif
3138 strcpy(expected_out, "9223372036854775807");
3139 snprintf(buf, mazsize, "%lld", num);
3140 if(strcmp(buf, expected_out) != 0)
3141 exit(1);
3142 exit(0);
3143}
3144#else
3145main() { exit(0); }
3146#endif
3147 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3148 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3149 )
3150fi
3151
3152dnl Checks for structure members
3153OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3154OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3155OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3156OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3157OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3158OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3159OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3160OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3161OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3162OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3163OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3164OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3165OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3166OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3167OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3168OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3169OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3170
3171AC_CHECK_MEMBERS([struct stat.st_blksize])
3172AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3173 [Define if we don't have struct __res_state in resolv.h])],
3174[
3175#include <stdio.h>
3176#if HAVE_SYS_TYPES_H
3177# include <sys/types.h>
3178#endif
3179#include <netinet/in.h>
3180#include <arpa/nameser.h>
3181#include <resolv.h>
3182])
3183
3184AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3185 ac_cv_have_ss_family_in_struct_ss, [
3186 AC_TRY_COMPILE(
3187 [
3188#include <sys/types.h>
3189#include <sys/socket.h>
3190 ],
3191 [ struct sockaddr_storage s; s.ss_family = 1; ],
3192 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3193 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3194 )
3195])
3196if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3197 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3198fi
3199
3200AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3201 ac_cv_have___ss_family_in_struct_ss, [
3202 AC_TRY_COMPILE(
3203 [
3204#include <sys/types.h>
3205#include <sys/socket.h>
3206 ],
3207 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3208 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3209 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3210 )
3211])
3212if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3213 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3214 [Fields in struct sockaddr_storage])
3215fi
3216
3217AC_CACHE_CHECK([for pw_class field in struct passwd],
3218 ac_cv_have_pw_class_in_struct_passwd, [
3219 AC_TRY_COMPILE(
3220 [
3221#include <pwd.h>
3222 ],
3223 [ struct passwd p; p.pw_class = 0; ],
3224 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3225 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3226 )
3227])
3228if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3229 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3230 [Define if your password has a pw_class field])
3231fi
3232
3233AC_CACHE_CHECK([for pw_expire field in struct passwd],
3234 ac_cv_have_pw_expire_in_struct_passwd, [
3235 AC_TRY_COMPILE(
3236 [
3237#include <pwd.h>
3238 ],
3239 [ struct passwd p; p.pw_expire = 0; ],
3240 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3241 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3242 )
3243])
3244if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3245 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3246 [Define if your password has a pw_expire field])
3247fi
3248
3249AC_CACHE_CHECK([for pw_change field in struct passwd],
3250 ac_cv_have_pw_change_in_struct_passwd, [
3251 AC_TRY_COMPILE(
3252 [
3253#include <pwd.h>
3254 ],
3255 [ struct passwd p; p.pw_change = 0; ],
3256 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3257 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3258 )
3259])
3260if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3261 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3262 [Define if your password has a pw_change field])
3263fi
3264
3265dnl make sure we're using the real structure members and not defines
3266AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3267 ac_cv_have_accrights_in_msghdr, [
3268 AC_COMPILE_IFELSE(
3269 [
3270#include <sys/types.h>
3271#include <sys/socket.h>
3272#include <sys/uio.h>
3273int main() {
3274#ifdef msg_accrights
3275#error "msg_accrights is a macro"
3276exit(1);
3277#endif
3278struct msghdr m;
3279m.msg_accrights = 0;
3280exit(0);
3281}
3282 ],
3283 [ ac_cv_have_accrights_in_msghdr="yes" ],
3284 [ ac_cv_have_accrights_in_msghdr="no" ]
3285 )
3286])
3287if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3288 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3289 [Define if your system uses access rights style
3290 file descriptor passing])
3291fi
3292
3293AC_MSG_CHECKING(if f_fsid has val members)
3294AC_TRY_COMPILE([
3295#include <sys/types.h>
3296#include <sys/statvfs.h>],
3297[struct fsid_t t; t.val[0] = 0;],
3298 [ AC_MSG_RESULT(yes)
3299 AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
3300 [ AC_MSG_RESULT(no) ]
3301)
3302
3303AC_CACHE_CHECK([for msg_control field in struct msghdr],
3304 ac_cv_have_control_in_msghdr, [
3305 AC_COMPILE_IFELSE(
3306 [
3307#include <sys/types.h>
3308#include <sys/socket.h>
3309#include <sys/uio.h>
3310int main() {
3311#ifdef msg_control
3312#error "msg_control is a macro"
3313exit(1);
3314#endif
3315struct msghdr m;
3316m.msg_control = 0;
3317exit(0);
3318}
3319 ],
3320 [ ac_cv_have_control_in_msghdr="yes" ],
3321 [ ac_cv_have_control_in_msghdr="no" ]
3322 )
3323])
3324if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3325 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3326 [Define if your system uses ancillary data style
3327 file descriptor passing])
3328fi
3329
3330AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3331 AC_TRY_LINK([],
3332 [ extern char *__progname; printf("%s", __progname); ],
3333 [ ac_cv_libc_defines___progname="yes" ],
3334 [ ac_cv_libc_defines___progname="no" ]
3335 )
3336])
3337if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3338 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3339fi
3340
3341AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3342 AC_TRY_LINK([
3343#include <stdio.h>
3344],
3345 [ printf("%s", __FUNCTION__); ],
3346 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3347 [ ac_cv_cc_implements___FUNCTION__="no" ]
3348 )
3349])
3350if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3351 AC_DEFINE(HAVE___FUNCTION__, 1,
3352 [Define if compiler implements __FUNCTION__])
3353fi
3354
3355AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3356 AC_TRY_LINK([
3357#include <stdio.h>
3358],
3359 [ printf("%s", __func__); ],
3360 [ ac_cv_cc_implements___func__="yes" ],
3361 [ ac_cv_cc_implements___func__="no" ]
3362 )
3363])
3364if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3365 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3366fi
3367
3368AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3369 AC_TRY_LINK(
3370 [#include <stdarg.h>
3371 va_list x,y;],
3372 [va_copy(x,y);],
3373 [ ac_cv_have_va_copy="yes" ],
3374 [ ac_cv_have_va_copy="no" ]
3375 )
3376])
3377if test "x$ac_cv_have_va_copy" = "xyes" ; then
3378 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3379fi
3380
3381AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3382 AC_TRY_LINK(
3383 [#include <stdarg.h>
3384 va_list x,y;],
3385 [__va_copy(x,y);],
3386 [ ac_cv_have___va_copy="yes" ],
3387 [ ac_cv_have___va_copy="no" ]
3388 )
3389])
3390if test "x$ac_cv_have___va_copy" = "xyes" ; then
3391 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3392fi
3393
3394AC_CACHE_CHECK([whether getopt has optreset support],
3395 ac_cv_have_getopt_optreset, [
3396 AC_TRY_LINK(
3397 [
3398#include <getopt.h>
3399 ],
3400 [ extern int optreset; optreset = 0; ],
3401 [ ac_cv_have_getopt_optreset="yes" ],
3402 [ ac_cv_have_getopt_optreset="no" ]
3403 )
3404])
3405if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3406 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3407 [Define if your getopt(3) defines and uses optreset])
3408fi
3409
3410AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3411 AC_TRY_LINK([],
3412 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3413 [ ac_cv_libc_defines_sys_errlist="yes" ],
3414 [ ac_cv_libc_defines_sys_errlist="no" ]
3415 )
3416])
3417if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3418 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3419 [Define if your system defines sys_errlist[]])
3420fi
3421
3422
3423AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3424 AC_TRY_LINK([],
3425 [ extern int sys_nerr; printf("%i", sys_nerr);],
3426 [ ac_cv_libc_defines_sys_nerr="yes" ],
3427 [ ac_cv_libc_defines_sys_nerr="no" ]
3428 )
3429])
3430if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3431 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3432fi
3433
3434SCARD_MSG="no"
3435# Check whether user wants sectok support
3436AC_ARG_WITH(sectok,
3437 [ --with-sectok Enable smartcard support using libsectok],
3438 [
3439 if test "x$withval" != "xno" ; then
3440 if test "x$withval" != "xyes" ; then
3441 CPPFLAGS="$CPPFLAGS -I${withval}"
3442 LDFLAGS="$LDFLAGS -L${withval}"
3443 if test ! -z "$need_dash_r" ; then
3444 LDFLAGS="$LDFLAGS -R${withval}"
3445 fi
3446 if test ! -z "$blibpath" ; then
3447 blibpath="$blibpath:${withval}"
3448 fi
3449 fi
3450 AC_CHECK_HEADERS(sectok.h)
3451 if test "$ac_cv_header_sectok_h" != yes; then
3452 AC_MSG_ERROR(Can't find sectok.h)
3453 fi
3454 AC_CHECK_LIB(sectok, sectok_open)
3455 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3456 AC_MSG_ERROR(Can't find libsectok)
3457 fi
3458 AC_DEFINE(SMARTCARD, 1,
3459 [Define if you want smartcard support])
3460 AC_DEFINE(USE_SECTOK, 1,
3461 [Define if you want smartcard support
3462 using sectok])
3463 SCARD_MSG="yes, using sectok"
3464 fi
3465 ]
3466)
3467
3468# Check whether user wants OpenSC support
3469OPENSC_CONFIG="no"
3470AC_ARG_WITH(opensc,
3471 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3472 [
3473 if test "x$withval" != "xno" ; then
3474 if test "x$withval" != "xyes" ; then
3475 OPENSC_CONFIG=$withval/bin/opensc-config
3476 else
3477 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3478 fi
3479 if test "$OPENSC_CONFIG" != "no"; then
3480 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3481 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3482 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3483 LIBS="$LIBS $LIBOPENSC_LIBS"
3484 AC_DEFINE(SMARTCARD)
3485 AC_DEFINE(USE_OPENSC, 1,
3486 [Define if you want smartcard support
3487 using OpenSC])
3488 SCARD_MSG="yes, using OpenSC"
3489 fi
3490 fi
3491 ]
3492)
3493
3494# Check libraries needed by DNS fingerprint support
3495AC_SEARCH_LIBS(getrrsetbyname, resolv,
3496 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3497 [Define if getrrsetbyname() exists])],
3498 [
3499 # Needed by our getrrsetbyname()
3500 AC_SEARCH_LIBS(res_query, resolv)
3501 AC_SEARCH_LIBS(dn_expand, resolv)
3502 AC_MSG_CHECKING(if res_query will link)
3503 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3504 [AC_MSG_RESULT(no)
3505 saved_LIBS="$LIBS"
3506 LIBS="$LIBS -lresolv"
3507 AC_MSG_CHECKING(for res_query in -lresolv)
3508 AC_LINK_IFELSE([
3509#include <resolv.h>
3510int main()
3511{
3512 res_query (0, 0, 0, 0, 0);
3513 return 0;
3514}
3515 ],
3516 [LIBS="$LIBS -lresolv"
3517 AC_MSG_RESULT(yes)],
3518 [LIBS="$saved_LIBS"
3519 AC_MSG_RESULT(no)])
3520 ])
3521 AC_CHECK_FUNCS(_getshort _getlong)
3522 AC_CHECK_DECLS([_getshort, _getlong], , ,
3523 [#include <sys/types.h>
3524 #include <arpa/nameser.h>])
3525 AC_CHECK_MEMBER(HEADER.ad,
3526 [AC_DEFINE(HAVE_HEADER_AD, 1,
3527 [Define if HEADER.ad exists in arpa/nameser.h])],,
3528 [#include <arpa/nameser.h>])
3529 ])
3530
3531AC_MSG_CHECKING(if struct __res_state _res is an extern)
3532AC_LINK_IFELSE([
3533#include <stdio.h>
3534#if HAVE_SYS_TYPES_H
3535# include <sys/types.h>
3536#endif
3537#include <netinet/in.h>
3538#include <arpa/nameser.h>
3539#include <resolv.h>
3540extern struct __res_state _res;
3541int main() { return 0; }
3542 ],
3543 [AC_MSG_RESULT(yes)
3544 AC_DEFINE(HAVE__RES_EXTERN, 1,
3545 [Define if you have struct __res_state _res as an extern])
3546 ],
3547 [ AC_MSG_RESULT(no) ]
3548)
3549
3550# Check whether user wants SELinux support
3551SELINUX_MSG="no"
3552LIBSELINUX=""
3553AC_ARG_WITH(selinux,
3554 [ --with-selinux Enable SELinux support],
3555 [ if test "x$withval" != "xno" ; then
3556 save_LIBS="$LIBS"
3557 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3558 SELINUX_MSG="yes"
3559 AC_CHECK_HEADER([selinux/selinux.h], ,
3560 AC_MSG_ERROR(SELinux support requires selinux.h header))
3561 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3562 AC_MSG_ERROR(SELinux support requires libselinux library))
3563 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3564 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3565 LIBS="$save_LIBS"
3566 fi ]
3567)
3568
3569# Check whether user wants Kerberos 5 support
3570KRB5_MSG="no"
3571AC_ARG_WITH(kerberos5,
3572 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3573 [ if test "x$withval" != "xno" ; then
3574 if test "x$withval" = "xyes" ; then
3575 KRB5ROOT="/usr/local"
3576 else
3577 KRB5ROOT=${withval}
3578 fi
3579
3580 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3581 KRB5_MSG="yes"
3582
3583 AC_MSG_CHECKING(for krb5-config)
3584 if test -x $KRB5ROOT/bin/krb5-config ; then
3585 KRB5CONF=$KRB5ROOT/bin/krb5-config
3586 AC_MSG_RESULT($KRB5CONF)
3587
3588 AC_MSG_CHECKING(for gssapi support)
3589 if $KRB5CONF | grep gssapi >/dev/null ; then
3590 AC_MSG_RESULT(yes)
3591 AC_DEFINE(GSSAPI, 1,
3592 [Define this if you want GSSAPI
3593 support in the version 2 protocol])
3594 k5confopts=gssapi
3595 else
3596 AC_MSG_RESULT(no)
3597 k5confopts=""
3598 fi
3599 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3600 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3601 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3602 AC_MSG_CHECKING(whether we are using Heimdal)
3603 AC_TRY_COMPILE([ #include <krb5.h> ],
3604 [ char *tmp = heimdal_version; ],
3605 [ AC_MSG_RESULT(yes)
3606 AC_DEFINE(HEIMDAL, 1,
3607 [Define this if you are using the
3608 Heimdal version of Kerberos V5]) ],
3609 AC_MSG_RESULT(no)
3610 )
3611 else
3612 AC_MSG_RESULT(no)
3613 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3614 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3615 AC_MSG_CHECKING(whether we are using Heimdal)
3616 AC_TRY_COMPILE([ #include <krb5.h> ],
3617 [ char *tmp = heimdal_version; ],
3618 [ AC_MSG_RESULT(yes)
3619 AC_DEFINE(HEIMDAL)
3620 K5LIBS="-lkrb5 -ldes"
3621 K5LIBS="$K5LIBS -lcom_err -lasn1"
3622 AC_CHECK_LIB(roken, net_write,
3623 [K5LIBS="$K5LIBS -lroken"])
3624 ],
3625 [ AC_MSG_RESULT(no)
3626 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3627 ]
3628 )
3629 AC_SEARCH_LIBS(dn_expand, resolv)
3630
3631 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3632 [ AC_DEFINE(GSSAPI)
3633 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3634 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3635 [ AC_DEFINE(GSSAPI)
3636 K5LIBS="-lgssapi $K5LIBS" ],
3637 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3638 $K5LIBS)
3639 ],
3640 $K5LIBS)
3641
3642 AC_CHECK_HEADER(gssapi.h, ,
3643 [ unset ac_cv_header_gssapi_h
3644 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3645 AC_CHECK_HEADERS(gssapi.h, ,
3646 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3647 )
3648 ]
3649 )
3650
3651 oldCPP="$CPPFLAGS"
3652 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3653 AC_CHECK_HEADER(gssapi_krb5.h, ,
3654 [ CPPFLAGS="$oldCPP" ])
3655
3656 # If we're using some other GSSAPI
3657 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3658 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3659 fi
3660
3661 if test -z "$GSSAPI"; then
3662 GSSAPI="KRB5";
3663 fi
3664
3665 oldCPP="$CPPFLAGS"
3666 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3667 AC_CHECK_HEADER(gssapi_krb5.h, ,
3668 [ CPPFLAGS="$oldCPP" ])
3669
3670 fi
3671 if test ! -z "$need_dash_r" ; then
3672 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3673 fi
3674 if test ! -z "$blibpath" ; then
3675 blibpath="$blibpath:${KRB5ROOT}/lib"
3676 fi
3677
3678 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3679 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3680 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3681
3682 LIBS="$LIBS $K5LIBS"
3683 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3684 [Define this if you want to use libkafs' AFS support]))
3685 fi
3686 ]
3687)
3688
3689# Check whether user wants AFS_KRB5 support
3690AFS_KRB5_MSG="no"
3691AC_ARG_WITH(afs-krb5,
3692 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3693 [
3694 if test "x$withval" != "xno" ; then
3695
3696 if test "x$withval" != "xyes" ; then
3697 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3698 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3699 else
3700 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3701 "/usr/bin/aklog",
3702 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3703 fi
3704
3705 if test -z "$KRB5ROOT" ; then
3706 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3707 fi
3708
3709 LIBS="-lkrbafs -lkrb4 $LIBS"
3710 if test ! -z "$AFS_LIBS" ; then
3711 LIBS="$LIBS $AFS_LIBS"
3712 fi
3713 AC_DEFINE(AFS_KRB5, 1,
3714 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3715 AFS_KRB5_MSG="yes"
3716 fi
3717 ]
3718)
3719
3720AC_ARG_WITH(session-hooks,
3721 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3722 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3723)
3724
3725# Looking for programs, paths and files
3726
3727PRIVSEP_PATH=/var/empty
3728AC_ARG_WITH(privsep-path,
3729 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3730 [
3731 if test -n "$withval" && test "x$withval" != "xno" && \
3732 test "x${withval}" != "xyes"; then
3733 PRIVSEP_PATH=$withval
3734 fi
3735 ]
3736)
3737AC_SUBST(PRIVSEP_PATH)
3738
3739AC_ARG_WITH(xauth,
3740 [ --with-xauth=PATH Specify path to xauth program ],
3741 [
3742 if test -n "$withval" && test "x$withval" != "xno" && \
3743 test "x${withval}" != "xyes"; then
3744 xauth_path=$withval
3745 fi
3746 ],
3747 [
3748 TestPath="$PATH"
3749 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3750 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3751 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3752 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3753 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3754 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3755 xauth_path="/usr/openwin/bin/xauth"
3756 fi
3757 ]
3758)
3759
3760# strip causes problems with GSI libraries...
3761if test -z "$GSI_LIBS" ; then
3762STRIP_OPT=-s
3763fi
3764AC_ARG_ENABLE(strip,
3765 [ --disable-strip Disable calling strip(1) on install],
3766 [
3767 if test "x$enableval" = "xno" ; then
3768 STRIP_OPT=
3769 fi
3770 ]
3771)
3772AC_SUBST(STRIP_OPT)
3773
3774if test -z "$xauth_path" ; then
3775 XAUTH_PATH="undefined"
3776 AC_SUBST(XAUTH_PATH)
3777else
3778 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3779 [Define if xauth is found in your path])
3780 XAUTH_PATH=$xauth_path
3781 AC_SUBST(XAUTH_PATH)
3782fi
3783
3784# Check for mail directory (last resort if we cannot get it from headers)
3785if test ! -z "$MAIL" ; then
3786 maildir=`dirname $MAIL`
3787 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3788 [Set this to your mail directory if you don't have maillock.h])
3789fi
3790
3791if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3792 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3793 disable_ptmx_check=yes
3794fi
3795if test -z "$no_dev_ptmx" ; then
3796 if test "x$disable_ptmx_check" != "xyes" ; then
3797 AC_CHECK_FILE("/dev/ptmx",
3798 [
3799 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3800 [Define if you have /dev/ptmx])
3801 have_dev_ptmx=1
3802 ]
3803 )
3804 fi
3805fi
3806
3807if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3808 AC_CHECK_FILE("/dev/ptc",
3809 [
3810 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3811 [Define if you have /dev/ptc])
3812 have_dev_ptc=1
3813 ]
3814 )
3815else
3816 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3817fi
3818
3819# Options from here on. Some of these are preset by platform above
3820AC_ARG_WITH(mantype,
3821 [ --with-mantype=man|cat|doc Set man page type],
3822 [
3823 case "$withval" in
3824 man|cat|doc)
3825 MANTYPE=$withval
3826 ;;
3827 *)
3828 AC_MSG_ERROR(invalid man type: $withval)
3829 ;;
3830 esac
3831 ]
3832)
3833if test -z "$MANTYPE"; then
3834 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3835 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3836 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3837 MANTYPE=doc
3838 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3839 MANTYPE=man
3840 else
3841 MANTYPE=cat
3842 fi
3843fi
3844AC_SUBST(MANTYPE)
3845if test "$MANTYPE" = "doc"; then
3846 mansubdir=man;
3847else
3848 mansubdir=$MANTYPE;
3849fi
3850AC_SUBST(mansubdir)
3851
3852# Check whether to enable MD5 passwords
3853MD5_MSG="no"
3854AC_ARG_WITH(md5-passwords,
3855 [ --with-md5-passwords Enable use of MD5 passwords],
3856 [
3857 if test "x$withval" != "xno" ; then
3858 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3859 [Define if you want to allow MD5 passwords])
3860 MD5_MSG="yes"
3861 fi
3862 ]
3863)
3864
3865# Whether to disable shadow password support
3866AC_ARG_WITH(shadow,
3867 [ --without-shadow Disable shadow password support],
3868 [
3869 if test "x$withval" = "xno" ; then
3870 AC_DEFINE(DISABLE_SHADOW)
3871 disable_shadow=yes
3872 fi
3873 ]
3874)
3875
3876if test -z "$disable_shadow" ; then
3877 AC_MSG_CHECKING([if the systems has expire shadow information])
3878 AC_TRY_COMPILE(
3879 [
3880#include <sys/types.h>
3881#include <shadow.h>
3882 struct spwd sp;
3883 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3884 [ sp_expire_available=yes ], []
3885 )
3886
3887 if test "x$sp_expire_available" = "xyes" ; then
3888 AC_MSG_RESULT(yes)
3889 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3890 [Define if you want to use shadow password expire field])
3891 else
3892 AC_MSG_RESULT(no)
3893 fi
3894fi
3895
3896# Use ip address instead of hostname in $DISPLAY
3897if test ! -z "$IPADDR_IN_DISPLAY" ; then
3898 DISPLAY_HACK_MSG="yes"
3899 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3900 [Define if you need to use IP address
3901 instead of hostname in $DISPLAY])
3902else
3903 DISPLAY_HACK_MSG="no"
3904 AC_ARG_WITH(ipaddr-display,
3905 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3906 [
3907 if test "x$withval" != "xno" ; then
3908 AC_DEFINE(IPADDR_IN_DISPLAY)
3909 DISPLAY_HACK_MSG="yes"
3910 fi
3911 ]
3912 )
3913fi
3914
3915# check for /etc/default/login and use it if present.
3916AC_ARG_ENABLE(etc-default-login,
3917 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3918 [ if test "x$enableval" = "xno"; then
3919 AC_MSG_NOTICE([/etc/default/login handling disabled])
3920 etc_default_login=no
3921 else
3922 etc_default_login=yes
3923 fi ],
3924 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3925 then
3926 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3927 etc_default_login=no
3928 else
3929 etc_default_login=yes
3930 fi ]
3931)
3932
3933if test "x$etc_default_login" != "xno"; then
3934 AC_CHECK_FILE("/etc/default/login",
3935 [ external_path_file=/etc/default/login ])
3936 if test "x$external_path_file" = "x/etc/default/login"; then
3937 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3938 [Define if your system has /etc/default/login])
3939 fi
3940fi
3941
3942dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3943if test $ac_cv_func_login_getcapbool = "yes" && \
3944 test $ac_cv_header_login_cap_h = "yes" ; then
3945 external_path_file=/etc/login.conf
3946fi
3947
3948# Whether to mess with the default path
3949SERVER_PATH_MSG="(default)"
3950AC_ARG_WITH(default-path,
3951 [ --with-default-path= Specify default \$PATH environment for server],
3952 [
3953 if test "x$external_path_file" = "x/etc/login.conf" ; then
3954 AC_MSG_WARN([
3955--with-default-path=PATH has no effect on this system.
3956Edit /etc/login.conf instead.])
3957 elif test "x$withval" != "xno" ; then
3958 if test ! -z "$external_path_file" ; then
3959 AC_MSG_WARN([
3960--with-default-path=PATH will only be used if PATH is not defined in
3961$external_path_file .])
3962 fi
3963 user_path="$withval"
3964 SERVER_PATH_MSG="$withval"
3965 fi
3966 ],
3967 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3968 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3969 else
3970 if test ! -z "$external_path_file" ; then
3971 AC_MSG_WARN([
3972If PATH is defined in $external_path_file, ensure the path to scp is included,
3973otherwise scp will not work.])
3974 fi
3975 AC_RUN_IFELSE(
3976 [AC_LANG_SOURCE([[
3977/* find out what STDPATH is */
3978#include <stdio.h>
3979#ifdef HAVE_PATHS_H
3980# include <paths.h>
3981#endif
3982#ifndef _PATH_STDPATH
3983# ifdef _PATH_USERPATH /* Irix */
3984# define _PATH_STDPATH _PATH_USERPATH
3985# else
3986# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3987# endif
3988#endif
3989#include <sys/types.h>
3990#include <sys/stat.h>
3991#include <fcntl.h>
3992#define DATA "conftest.stdpath"
3993
3994main()
3995{
3996 FILE *fd;
3997 int rc;
3998
3999 fd = fopen(DATA,"w");
4000 if(fd == NULL)
4001 exit(1);
4002
4003 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
4004 exit(1);
4005
4006 exit(0);
4007}
4008 ]])],
4009 [ user_path=`cat conftest.stdpath` ],
4010 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
4011 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
4012 )
4013 fi ]
4014)
4015if test "x$external_path_file" != "x/etc/login.conf" ; then
4016 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
4017 AC_SUBST(user_path)
4018fi
4019
4020# Set superuser path separately to user path
4021AC_ARG_WITH(superuser-path,
4022 [ --with-superuser-path= Specify different path for super-user],
4023 [
4024 if test -n "$withval" && test "x$withval" != "xno" && \
4025 test "x${withval}" != "xyes"; then
4026 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
4027 [Define if you want a different $PATH
4028 for the superuser])
4029 superuser_path=$withval
4030 fi
4031 ]
4032)
4033
4034
4035AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4036IPV4_IN6_HACK_MSG="no"
4037AC_ARG_WITH(4in6,
4038 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4039 [
4040 if test "x$withval" != "xno" ; then
4041 AC_MSG_RESULT(yes)
4042 AC_DEFINE(IPV4_IN_IPV6, 1,
4043 [Detect IPv4 in IPv6 mapped addresses
4044 and treat as IPv4])
4045 IPV4_IN6_HACK_MSG="yes"
4046 else
4047 AC_MSG_RESULT(no)
4048 fi
4049 ],[
4050 if test "x$inet6_default_4in6" = "xyes"; then
4051 AC_MSG_RESULT([yes (default)])
4052 AC_DEFINE(IPV4_IN_IPV6)
4053 IPV4_IN6_HACK_MSG="yes"
4054 else
4055 AC_MSG_RESULT([no (default)])
4056 fi
4057 ]
4058)
4059
4060# Whether to enable BSD auth support
4061BSD_AUTH_MSG=no
4062AC_ARG_WITH(bsd-auth,
4063 [ --with-bsd-auth Enable BSD auth support],
4064 [
4065 if test "x$withval" != "xno" ; then
4066 AC_DEFINE(BSD_AUTH, 1,
4067 [Define if you have BSD auth support])
4068 BSD_AUTH_MSG=yes
4069 fi
4070 ]
4071)
4072
4073# Where to place sshd.pid
4074piddir=/var/run
4075# make sure the directory exists
4076if test ! -d $piddir ; then
4077 piddir=`eval echo ${sysconfdir}`
4078 case $piddir in
4079 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4080 esac
4081fi
4082
4083AC_ARG_WITH(pid-dir,
4084 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4085 [
4086 if test -n "$withval" && test "x$withval" != "xno" && \
4087 test "x${withval}" != "xyes"; then
4088 piddir=$withval
4089 if test ! -d $piddir ; then
4090 AC_MSG_WARN([** no $piddir directory on this system **])
4091 fi
4092 fi
4093 ]
4094)
4095
4096AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
4097AC_SUBST(piddir)
4098
4099dnl allow user to disable some login recording features
4100AC_ARG_ENABLE(lastlog,
4101 [ --disable-lastlog disable use of lastlog even if detected [no]],
4102 [
4103 if test "x$enableval" = "xno" ; then
4104 AC_DEFINE(DISABLE_LASTLOG)
4105 fi
4106 ]
4107)
4108AC_ARG_ENABLE(utmp,
4109 [ --disable-utmp disable use of utmp even if detected [no]],
4110 [
4111 if test "x$enableval" = "xno" ; then
4112 AC_DEFINE(DISABLE_UTMP)
4113 fi
4114 ]
4115)
4116AC_ARG_ENABLE(utmpx,
4117 [ --disable-utmpx disable use of utmpx even if detected [no]],
4118 [
4119 if test "x$enableval" = "xno" ; then
4120 AC_DEFINE(DISABLE_UTMPX, 1,
4121 [Define if you don't want to use utmpx])
4122 fi
4123 ]
4124)
4125AC_ARG_ENABLE(wtmp,
4126 [ --disable-wtmp disable use of wtmp even if detected [no]],
4127 [
4128 if test "x$enableval" = "xno" ; then
4129 AC_DEFINE(DISABLE_WTMP)
4130 fi
4131 ]
4132)
4133AC_ARG_ENABLE(wtmpx,
4134 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4135 [
4136 if test "x$enableval" = "xno" ; then
4137 AC_DEFINE(DISABLE_WTMPX, 1,
4138 [Define if you don't want to use wtmpx])
4139 fi
4140 ]
4141)
4142AC_ARG_ENABLE(libutil,
4143 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4144 [
4145 if test "x$enableval" = "xno" ; then
4146 AC_DEFINE(DISABLE_LOGIN)
4147 fi
4148 ]
4149)
4150AC_ARG_ENABLE(pututline,
4151 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4152 [
4153 if test "x$enableval" = "xno" ; then
4154 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4155 [Define if you don't want to use pututline()
4156 etc. to write [uw]tmp])
4157 fi
4158 ]
4159)
4160AC_ARG_ENABLE(pututxline,
4161 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4162 [
4163 if test "x$enableval" = "xno" ; then
4164 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4165 [Define if you don't want to use pututxline()
4166 etc. to write [uw]tmpx])
4167 fi
4168 ]
4169)
4170AC_ARG_WITH(lastlog,
4171 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4172 [
4173 if test "x$withval" = "xno" ; then
4174 AC_DEFINE(DISABLE_LASTLOG)
4175 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4176 conf_lastlog_location=$withval
4177 fi
4178 ]
4179)
4180
4181dnl lastlog, [uw]tmpx? detection
4182dnl NOTE: set the paths in the platform section to avoid the
4183dnl need for command-line parameters
4184dnl lastlog and [uw]tmp are subject to a file search if all else fails
4185
4186dnl lastlog detection
4187dnl NOTE: the code itself will detect if lastlog is a directory
4188AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4189AC_TRY_COMPILE([
4190#include <sys/types.h>
4191#include <utmp.h>
4192#ifdef HAVE_LASTLOG_H
4193# include <lastlog.h>
4194#endif
4195#ifdef HAVE_PATHS_H
4196# include <paths.h>
4197#endif
4198#ifdef HAVE_LOGIN_H
4199# include <login.h>
4200#endif
4201 ],
4202 [ char *lastlog = LASTLOG_FILE; ],
4203 [ AC_MSG_RESULT(yes) ],
4204 [
4205 AC_MSG_RESULT(no)
4206 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4207 AC_TRY_COMPILE([
4208#include <sys/types.h>
4209#include <utmp.h>
4210#ifdef HAVE_LASTLOG_H
4211# include <lastlog.h>
4212#endif
4213#ifdef HAVE_PATHS_H
4214# include <paths.h>
4215#endif
4216 ],
4217 [ char *lastlog = _PATH_LASTLOG; ],
4218 [ AC_MSG_RESULT(yes) ],
4219 [
4220 AC_MSG_RESULT(no)
4221 system_lastlog_path=no
4222 ])
4223 ]
4224)
4225
4226if test -z "$conf_lastlog_location"; then
4227 if test x"$system_lastlog_path" = x"no" ; then
4228 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4229 if (test -d "$f" || test -f "$f") ; then
4230 conf_lastlog_location=$f
4231 fi
4232 done
4233 if test -z "$conf_lastlog_location"; then
4234 AC_MSG_WARN([** Cannot find lastlog **])
4235 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4236 fi
4237 fi
4238fi
4239
4240if test -n "$conf_lastlog_location"; then
4241 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4242 [Define if you want to specify the path to your lastlog file])
4243fi
4244
4245dnl utmp detection
4246AC_MSG_CHECKING([if your system defines UTMP_FILE])
4247AC_TRY_COMPILE([
4248#include <sys/types.h>
4249#include <utmp.h>
4250#ifdef HAVE_PATHS_H
4251# include <paths.h>
4252#endif
4253 ],
4254 [ char *utmp = UTMP_FILE; ],
4255 [ AC_MSG_RESULT(yes) ],
4256 [ AC_MSG_RESULT(no)
4257 system_utmp_path=no ]
4258)
4259if test -z "$conf_utmp_location"; then
4260 if test x"$system_utmp_path" = x"no" ; then
4261 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4262 if test -f $f ; then
4263 conf_utmp_location=$f
4264 fi
4265 done
4266 if test -z "$conf_utmp_location"; then
4267 AC_DEFINE(DISABLE_UTMP)
4268 fi
4269 fi
4270fi
4271if test -n "$conf_utmp_location"; then
4272 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4273 [Define if you want to specify the path to your utmp file])
4274fi
4275
4276dnl wtmp detection
4277AC_MSG_CHECKING([if your system defines WTMP_FILE])
4278AC_TRY_COMPILE([
4279#include <sys/types.h>
4280#include <utmp.h>
4281#ifdef HAVE_PATHS_H
4282# include <paths.h>
4283#endif
4284 ],
4285 [ char *wtmp = WTMP_FILE; ],
4286 [ AC_MSG_RESULT(yes) ],
4287 [ AC_MSG_RESULT(no)
4288 system_wtmp_path=no ]
4289)
4290if test -z "$conf_wtmp_location"; then
4291 if test x"$system_wtmp_path" = x"no" ; then
4292 for f in /usr/adm/wtmp /var/log/wtmp; do
4293 if test -f $f ; then
4294 conf_wtmp_location=$f
4295 fi
4296 done
4297 if test -z "$conf_wtmp_location"; then
4298 AC_DEFINE(DISABLE_WTMP)
4299 fi
4300 fi
4301fi
4302if test -n "$conf_wtmp_location"; then
4303 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4304 [Define if you want to specify the path to your wtmp file])
4305fi
4306
4307
4308dnl utmpx detection - I don't know any system so perverse as to require
4309dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4310dnl there, though.
4311AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4312AC_TRY_COMPILE([
4313#include <sys/types.h>
4314#include <utmp.h>
4315#ifdef HAVE_UTMPX_H
4316#include <utmpx.h>
4317#endif
4318#ifdef HAVE_PATHS_H
4319# include <paths.h>
4320#endif
4321 ],
4322 [ char *utmpx = UTMPX_FILE; ],
4323 [ AC_MSG_RESULT(yes) ],
4324 [ AC_MSG_RESULT(no)
4325 system_utmpx_path=no ]
4326)
4327if test -z "$conf_utmpx_location"; then
4328 if test x"$system_utmpx_path" = x"no" ; then
4329 AC_DEFINE(DISABLE_UTMPX)
4330 fi
4331else
4332 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4333 [Define if you want to specify the path to your utmpx file])
4334fi
4335
4336dnl wtmpx detection
4337AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4338AC_TRY_COMPILE([
4339#include <sys/types.h>
4340#include <utmp.h>
4341#ifdef HAVE_UTMPX_H
4342#include <utmpx.h>
4343#endif
4344#ifdef HAVE_PATHS_H
4345# include <paths.h>
4346#endif
4347 ],
4348 [ char *wtmpx = WTMPX_FILE; ],
4349 [ AC_MSG_RESULT(yes) ],
4350 [ AC_MSG_RESULT(no)
4351 system_wtmpx_path=no ]
4352)
4353if test -z "$conf_wtmpx_location"; then
4354 if test x"$system_wtmpx_path" = x"no" ; then
4355 AC_DEFINE(DISABLE_WTMPX)
4356 fi
4357else
4358 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4359 [Define if you want to specify the path to your wtmpx file])
4360fi
4361
4362
4363if test ! -z "$blibpath" ; then
4364 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4365 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4366fi
4367
4368dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4369dnl Add now.
4370CFLAGS="$CFLAGS $werror_flags"
4371
4372if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4373 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4374 AC_SUBST(TEST_SSH_IPV6, no)
4375else
4376 AC_SUBST(TEST_SSH_IPV6, yes)
4377fi
4378
4379AC_EXEEXT
4380AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4381 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4382 scard/Makefile ssh_prng_cmds survey.sh])
4383AC_OUTPUT
4384
4385# Print summary of options
4386
4387# Someone please show me a better way :)
4388A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4389B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4390C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4391D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4392E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4393F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4394H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4395I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4396J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4397
4398echo ""
4399echo "OpenSSH has been configured with the following options:"
4400echo " User binaries: $B"
4401echo " System binaries: $C"
4402echo " Configuration files: $D"
4403echo " Askpass program: $E"
4404echo " Manual pages: $F"
4405echo " Privilege separation chroot path: $H"
4406if test "x$external_path_file" = "x/etc/login.conf" ; then
4407echo " At runtime, sshd will use the path defined in $external_path_file"
4408echo " Make sure the path to scp is present, otherwise scp will not work"
4409else
4410echo " sshd default user PATH: $I"
4411 if test ! -z "$external_path_file"; then
4412echo " (If PATH is set in $external_path_file it will be used instead. If"
4413echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4414 fi
4415fi
4416if test ! -z "$superuser_path" ; then
4417echo " sshd superuser user PATH: $J"
4418fi
4419echo " Manpage format: $MANTYPE"
4420echo " PAM support: $PAM_MSG"
4421echo " OSF SIA support: $SIA_MSG"
4422echo " KerberosV support: $KRB5_MSG"
4423echo " SELinux support: $SELINUX_MSG"
4424echo " Smartcard support: $SCARD_MSG"
4425echo " S/KEY support: $SKEY_MSG"
4426echo " TCP Wrappers support: $TCPW_MSG"
4427echo " MD5 password support: $MD5_MSG"
4428echo " libedit support: $LIBEDIT_MSG"
4429echo " Solaris process contract support: $SPC_MSG"
4430echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4431echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4432echo " BSD Auth support: $BSD_AUTH_MSG"
4433echo " Random number source: $RAND_MSG"
4434if test ! -z "$USE_RAND_HELPER" ; then
4435echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4436fi
4437
4438echo ""
4439
4440echo " Host: ${host}"
4441echo " Compiler: ${CC}"
4442echo " Compiler flags: ${CFLAGS}"
4443echo "Preprocessor flags: ${CPPFLAGS}"
4444echo " Linker flags: ${LDFLAGS}"
4445echo " Libraries: ${LIBS}"
4446if test ! -z "${SSHDLIBS}"; then
4447echo " +for sshd: ${SSHDLIBS}"
4448fi
4449
4450echo ""
4451
4452if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4453 echo "SVR4 style packages are supported with \"make package\""
4454 echo ""
4455fi
4456
4457if test "x$PAM_MSG" = "xyes" ; then
4458 echo "PAM is enabled. You may need to install a PAM control file "
4459 echo "for sshd, otherwise password authentication may fail. "
4460 echo "Example PAM control files can be found in the contrib/ "
4461 echo "subdirectory"
4462 echo ""
4463fi
4464
4465if test ! -z "$RAND_HELPER_CMDHASH" ; then
4466 echo "WARNING: you are using the builtin random number collection "
4467 echo "service. Please read WARNING.RNG and request that your OS "
4468 echo "vendor includes kernel-based random number collection in "
4469 echo "future versions of your OS."
4470 echo ""
4471fi
4472
4473if test ! -z "$NO_PEERCHECK" ; then
4474 echo "WARNING: the operating system that you are using does not"
4475 echo "appear to support getpeereid(), getpeerucred() or the"
4476 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4477 echo "enforce security checks to prevent unauthorised connections to"
4478 echo "ssh-agent. Their absence increases the risk that a malicious"
4479 echo "user can connect to your agent."
4480 echo ""
4481fi
4482
4483if test "$AUDIT_MODULE" = "bsm" ; then
4484 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4485 echo "See the Solaris section in README.platform for details."
4486fi
git-cvsimport mirror of GSI OpenSSH
This page took 0.095255 seconds and 5 git commands to generate.