]> andersk Git - gssapi-openssh.git/blob - openssh/configure.ac
initialize pointers to avoid compiler warnings
[gssapi-openssh.git] / openssh / configure.ac
1 # $Id$
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_CONFIG_SRCDIR([ssh.c])
19
20 AC_CONFIG_HEADER(config.h)
21 AC_PROG_CC
22 AC_CANONICAL_HOST
23 AC_C_BIGENDIAN
24
25 # Checks for programs.
26 AC_PROG_AWK
27 AC_PROG_CPP
28 AC_PROG_RANLIB
29 AC_PROG_INSTALL
30 AC_PATH_PROG(AR, ar)
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
35 AC_SUBST(PERL)
36 AC_PATH_PROG(ENT, ent)
37 AC_SUBST(ENT)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
41 AC_PATH_PROG(SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
43
44 dnl for buildpkg.sh
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46         [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48         [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
50
51 # System features
52 AC_SYS_LARGEFILE
53
54 if test -z "$AR" ; then
55         AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
56 fi
57
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60         AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
61 else
62         # Search for login
63         AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64         if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65                 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
66         fi
67 fi
68
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71         AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
72 fi
73
74 if test -z "$LD" ; then
75         LD=$CC
76 fi
77 AC_SUBST(LD)
78
79 AC_C_INLINE
80
81 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
82
83 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
84         CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
85         GCC_VER=`$CC --version`
86         case $GCC_VER in
87                 1.*) ;;
88                 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
89                 2.*) ;;
90                 *) CFLAGS="$CFLAGS -Wsign-compare" ;;
91         esac
92
93         if test -z "$have_llong_max"; then
94                 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
95                 unset ac_cv_have_decl_LLONG_MAX
96                 saved_CFLAGS="$CFLAGS"
97                 CFLAGS="$CFLAGS -std=gnu99"
98                 AC_CHECK_DECL(LLONG_MAX,
99                     [have_llong_max=1],
100                     [CFLAGS="$saved_CFLAGS"],
101                     [#include <limits.h>]
102                 )
103         fi
104 fi
105
106 if test -z "$have_llong_max"; then
107         AC_MSG_CHECKING([for max value of long long])
108         AC_RUN_IFELSE(
109                 [AC_LANG_SOURCE([[
110 #include <stdio.h>
111 /* Why is this so damn hard? */
112 #ifdef __GNUC__
113 # undef __GNUC__
114 #endif
115 #define __USE_ISOC99
116 #include <limits.h>
117 #define DATA "conftest.llminmax"
118 int main(void) {
119         FILE *f;
120         long long i, llmin, llmax = 0;
121
122         if((f = fopen(DATA,"w")) == NULL)
123                 exit(1);
124
125 #if defined(LLONG_MIN) && defined(LLONG_MAX)
126         fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
127         llmin = LLONG_MIN;
128         llmax = LLONG_MAX;
129 #else
130         fprintf(stderr, "Calculating  LLONG_MIN and LLONG_MAX\n");
131         /* This will work on one's complement and two's complement */
132         for (i = 1; i > llmax; i <<= 1, i++)
133                 llmax = i;
134         llmin = llmax + 1LL;    /* wrap */
135 #endif
136
137         /* Sanity check */
138         if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
139             || llmax - 1 > llmax) {
140                 fprintf(f, "unknown unknown\n");
141                 exit(2);
142         }
143
144         if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
145                 exit(3);
146
147         exit(0);
148 }
149                 ]])],
150                 [
151                         llong_min=`$AWK '{print $1}' conftest.llminmax`
152                         llong_max=`$AWK '{print $2}' conftest.llminmax`
153                         AC_MSG_RESULT($llong_max)
154                         AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
155                             [max value of long long calculated by configure])
156                         AC_MSG_CHECKING([for min value of long long])
157                         AC_MSG_RESULT($llong_min)
158                         AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
159                             [min value of long long calculated by configure])
160                 ],
161                 [
162                         AC_MSG_RESULT(not found)
163                 ],
164                 [
165                         AC_MSG_WARN([cross compiling: not checking])
166                 ]
167         )
168 fi
169
170 AC_ARG_WITH(rpath,
171         [  --without-rpath         Disable auto-added -R linker paths],
172         [
173                 if test "x$withval" = "xno" ; then
174                         need_dash_r=""
175                 fi
176                 if test "x$withval" = "xyes" ; then
177                         need_dash_r=1
178                 fi
179         ]
180 )
181
182 # Check for some target-specific stuff
183 case "$host" in
184 *-*-aix*)
185         AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
186         if (test -z "$blibpath"); then
187                 blibpath="/usr/lib:/lib"
188         fi
189         saved_LDFLAGS="$LDFLAGS"
190         for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
191                 if (test -z "$blibflags"); then
192                         LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
193                         AC_TRY_LINK([], [], [blibflags=$tryflags])
194                 fi
195         done
196         if (test -z "$blibflags"); then
197                 AC_MSG_RESULT(not found)
198                 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
199         else
200                 AC_MSG_RESULT($blibflags)
201         fi
202         LDFLAGS="$saved_LDFLAGS"
203         dnl Check for authenticate.  Might be in libs.a on older AIXes
204         AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
205                 [AC_CHECK_LIB(s,authenticate,
206                         [ AC_DEFINE(WITH_AIXAUTHENTICATE)
207                                 LIBS="$LIBS -ls"
208                         ])
209                 ])
210         dnl Check for various auth function declarations in headers.
211         AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
212             passwdexpired, setauthdb], , , [#include <usersec.h>])
213         dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
214         AC_CHECK_DECLS(loginfailed,
215                  [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
216                   AC_TRY_COMPILE(
217                         [#include <usersec.h>],
218                         [(void)loginfailed("user","host","tty",0);],
219                         [AC_MSG_RESULT(yes)
220                          AC_DEFINE(AIX_LOGINFAILED_4ARG)],
221                         [AC_MSG_RESULT(no)]
222                 )],
223                 [],
224                 [#include <usersec.h>]
225         )
226         AC_CHECK_FUNCS(setauthdb)
227         check_for_aix_broken_getaddrinfo=1
228         AC_DEFINE(BROKEN_REALPATH)
229         AC_DEFINE(SETEUID_BREAKS_SETUID)
230         AC_DEFINE(BROKEN_SETREUID)
231         AC_DEFINE(BROKEN_SETREGID)
232         dnl AIX handles lastlog as part of its login message
233         AC_DEFINE(DISABLE_LASTLOG)
234         AC_DEFINE(LOGIN_NEEDS_UTMPX)
235         AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
236         ;;
237 *-*-cygwin*)
238         check_for_libcrypt_later=1
239         LIBS="$LIBS /usr/lib/textmode.o"
240         AC_DEFINE(HAVE_CYGWIN)
241         AC_DEFINE(USE_PIPES)
242         AC_DEFINE(DISABLE_SHADOW)
243         AC_DEFINE(IP_TOS_IS_BROKEN)
244         AC_DEFINE(NO_X11_UNIX_SOCKETS)
245         AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
246         AC_DEFINE(DISABLE_FD_PASSING)
247         ;;
248 *-*-dgux*)
249         AC_DEFINE(IP_TOS_IS_BROKEN)
250         AC_DEFINE(SETEUID_BREAKS_SETUID)
251         AC_DEFINE(BROKEN_SETREUID)
252         AC_DEFINE(BROKEN_SETREGID)
253         ;;
254 *-*-darwin*)
255         AC_DEFINE(BROKEN_GETADDRINFO)
256         AC_DEFINE(SETEUID_BREAKS_SETUID)
257         AC_DEFINE(BROKEN_SETREUID)
258         AC_DEFINE(BROKEN_SETREGID)
259         AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
260         ;;
261 *-*-hpux*)
262         # first we define all of the options common to all HP-UX releases
263         CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
264         IPADDR_IN_DISPLAY=yes
265         AC_DEFINE(USE_PIPES)
266         AC_DEFINE(LOGIN_NO_ENDOPT)
267         AC_DEFINE(LOGIN_NEEDS_UTMPX)
268         AC_DEFINE(LOCKED_PASSWD_STRING, "*")
269         AC_DEFINE(SPT_TYPE,SPT_PSTAT)
270         LIBS="$LIBS -lsec"
271         AC_CHECK_LIB(xnet, t_error, ,
272             AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
273
274         # next, we define all of the options specific to major releases
275         case "$host" in
276         *-*-hpux10*)
277                 if test -z "$GCC"; then
278                         CFLAGS="$CFLAGS -Ae"
279                 fi
280                 ;;
281         *-*-hpux11*)
282                 AC_DEFINE(PAM_SUN_CODEBASE)
283                 AC_DEFINE(DISABLE_UTMP)
284                 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
285                 check_for_hpux_broken_getaddrinfo=1
286                 check_for_conflicting_getspnam=1
287                 ;;
288         esac
289
290         # lastly, we define options specific to minor releases
291         case "$host" in
292         *-*-hpux10.26)
293                 AC_DEFINE(HAVE_SECUREWARE)
294                 disable_ptmx_check=yes
295                 LIBS="$LIBS -lsecpw"
296                 ;;
297         esac
298         ;;
299 *-*-irix5*)
300         PATH="$PATH:/usr/etc"
301         AC_DEFINE(BROKEN_INET_NTOA)
302         AC_DEFINE(SETEUID_BREAKS_SETUID)
303         AC_DEFINE(BROKEN_SETREUID)
304         AC_DEFINE(BROKEN_SETREGID)
305         AC_DEFINE(WITH_ABBREV_NO_TTY)
306         AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
307         ;;
308 *-*-irix6*)
309         PATH="$PATH:/usr/etc"
310         AC_DEFINE(WITH_IRIX_ARRAY)
311         AC_DEFINE(WITH_IRIX_PROJECT)
312         AC_DEFINE(WITH_IRIX_AUDIT)
313         AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
314         AC_DEFINE(BROKEN_INET_NTOA)
315         AC_DEFINE(SETEUID_BREAKS_SETUID)
316         AC_DEFINE(BROKEN_SETREUID)
317         AC_DEFINE(BROKEN_SETREGID)
318         AC_DEFINE(BROKEN_UPDWTMPX)
319         AC_DEFINE(WITH_ABBREV_NO_TTY)
320         AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
321         ;;
322 *-*-linux*)
323         no_dev_ptmx=1
324         check_for_libcrypt_later=1
325         check_for_openpty_ctty_bug=1
326         AC_DEFINE(DONT_TRY_OTHER_AF)
327         AC_DEFINE(PAM_TTY_KLUDGE)
328         AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
329         AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
330         AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
331         AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
332         AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
333         inet6_default_4in6=yes
334         case `uname -r` in
335         1.*|2.0.*)
336                 AC_DEFINE(BROKEN_CMSG_TYPE)
337                 ;;
338         esac
339         ;;
340 mips-sony-bsd|mips-sony-newsos4)
341         AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
342         SONY=1
343         ;;
344 *-*-netbsd*)
345         check_for_libcrypt_before=1
346         if test "x$withval" != "xno" ; then
347                 need_dash_r=1
348         fi
349         ;;
350 *-*-freebsd*)
351         check_for_libcrypt_later=1
352         ;;
353 *-*-bsdi*)
354         AC_DEFINE(SETEUID_BREAKS_SETUID)
355         AC_DEFINE(BROKEN_SETREUID)
356         AC_DEFINE(BROKEN_SETREGID)
357         ;;
358 *-next-*)
359         conf_lastlog_location="/usr/adm/lastlog"
360         conf_utmp_location=/etc/utmp
361         conf_wtmp_location=/usr/adm/wtmp
362         MAIL=/usr/spool/mail
363         AC_DEFINE(HAVE_NEXT)
364         AC_DEFINE(BROKEN_REALPATH)
365         AC_DEFINE(USE_PIPES)
366         AC_DEFINE(BROKEN_SAVED_UIDS)
367         ;;
368 *-*-openbsd*)
369         AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
370         ;;
371 *-*-solaris*)
372         if test "x$withval" != "xno" ; then
373                 need_dash_r=1
374         fi
375         AC_DEFINE(PAM_SUN_CODEBASE)
376         AC_DEFINE(LOGIN_NEEDS_UTMPX)
377         AC_DEFINE(LOGIN_NEEDS_TERM)
378         AC_DEFINE(PAM_TTY_KLUDGE)
379         AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
380         AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
381         # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
382         AC_DEFINE(SSHD_ACQUIRES_CTTY)
383         external_path_file=/etc/default/login
384         # hardwire lastlog location (can't detect it on some versions)
385         conf_lastlog_location="/var/adm/lastlog"
386         AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
387         sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
388         if test "$sol2ver" -ge 8; then
389                 AC_MSG_RESULT(yes)
390                 AC_DEFINE(DISABLE_UTMP)
391                 AC_DEFINE(DISABLE_WTMP)
392         else
393                 AC_MSG_RESULT(no)
394         fi
395         ;;
396 *-*-sunos4*)
397         CPPFLAGS="$CPPFLAGS -DSUNOS4"
398         AC_CHECK_FUNCS(getpwanam)
399         AC_DEFINE(PAM_SUN_CODEBASE)
400         conf_utmp_location=/etc/utmp
401         conf_wtmp_location=/var/adm/wtmp
402         conf_lastlog_location=/var/adm/lastlog
403         AC_DEFINE(USE_PIPES)
404         ;;
405 *-ncr-sysv*)
406         LIBS="$LIBS -lc89"
407         AC_DEFINE(USE_PIPES)
408         AC_DEFINE(SSHD_ACQUIRES_CTTY)
409         AC_DEFINE(SETEUID_BREAKS_SETUID)
410         AC_DEFINE(BROKEN_SETREUID)
411         AC_DEFINE(BROKEN_SETREGID)
412         ;;
413 *-sni-sysv*)
414         # /usr/ucblib MUST NOT be searched on ReliantUNIX
415         AC_CHECK_LIB(dl, dlsym, ,)
416         # -lresolv needs to be at then end of LIBS or DNS lookups break
417         AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
418         IPADDR_IN_DISPLAY=yes
419         AC_DEFINE(USE_PIPES)
420         AC_DEFINE(IP_TOS_IS_BROKEN)
421         AC_DEFINE(SETEUID_BREAKS_SETUID)
422         AC_DEFINE(BROKEN_SETREUID)
423         AC_DEFINE(BROKEN_SETREGID)
424         AC_DEFINE(SSHD_ACQUIRES_CTTY)
425         external_path_file=/etc/default/login
426         # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
427         # Attention: always take care to bind libsocket and libnsl before libc,
428         # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
429         ;;
430 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
431 *-*-sysv4.2*)
432         AC_DEFINE(USE_PIPES)
433         AC_DEFINE(SETEUID_BREAKS_SETUID)
434         AC_DEFINE(BROKEN_SETREUID)
435         AC_DEFINE(BROKEN_SETREGID)
436         AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
437         ;;
438 # UnixWare 7.x, OpenUNIX 8
439 *-*-sysv5*)
440         check_for_libcrypt_later=1
441         AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
442         AC_DEFINE(USE_PIPES)
443         AC_DEFINE(SETEUID_BREAKS_SETUID)
444         AC_DEFINE(BROKEN_SETREUID)
445         AC_DEFINE(BROKEN_SETREGID)
446         AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
447         case "$host" in
448         *-*-sysv5SCO_SV*)       # SCO OpenServer 6.x
449                 TEST_SHELL=/u95/bin/sh
450                 AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet])
451                 ;;
452         esac
453         ;;
454 *-*-sysv*)
455         ;;
456 # SCO UNIX and OEM versions of SCO UNIX
457 *-*-sco3.2v4*)
458         AC_MSG_ERROR("This Platform is no longer supported.")
459         ;;
460 # SCO OpenServer 5.x
461 *-*-sco3.2v5*)
462         if test -z "$GCC"; then
463                 CFLAGS="$CFLAGS -belf"
464         fi
465         LIBS="$LIBS -lprot -lx -ltinfo -lm"
466         no_dev_ptmx=1
467         AC_DEFINE(USE_PIPES)
468         AC_DEFINE(HAVE_SECUREWARE)
469         AC_DEFINE(DISABLE_SHADOW)
470         AC_DEFINE(DISABLE_FD_PASSING)
471         AC_DEFINE(SETEUID_BREAKS_SETUID)
472         AC_DEFINE(BROKEN_SETREUID)
473         AC_DEFINE(BROKEN_SETREGID)
474         AC_DEFINE(WITH_ABBREV_NO_TTY)
475         AC_DEFINE(BROKEN_UPDWTMPX)
476         AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
477         AC_CHECK_FUNCS(getluid setluid)
478         MANTYPE=man
479         TEST_SHELL=ksh
480         ;;
481 *-*-unicosmk*)
482         AC_DEFINE(NO_SSH_LASTLOG)
483         AC_DEFINE(SETEUID_BREAKS_SETUID)
484         AC_DEFINE(BROKEN_SETREUID)
485         AC_DEFINE(BROKEN_SETREGID)
486         AC_DEFINE(USE_PIPES)
487         AC_DEFINE(DISABLE_FD_PASSING)
488         LDFLAGS="$LDFLAGS"
489         LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
490         MANTYPE=cat
491         ;;
492 *-*-unicosmp*)
493         AC_DEFINE(SETEUID_BREAKS_SETUID)
494         AC_DEFINE(BROKEN_SETREUID)
495         AC_DEFINE(BROKEN_SETREGID)
496         AC_DEFINE(WITH_ABBREV_NO_TTY)
497         AC_DEFINE(USE_PIPES)
498         AC_DEFINE(DISABLE_FD_PASSING)
499         LDFLAGS="$LDFLAGS"
500         LIBS="$LIBS -lgen -lacid -ldb"
501         MANTYPE=cat
502         ;;
503 *-*-unicos*)
504         AC_DEFINE(SETEUID_BREAKS_SETUID)
505         AC_DEFINE(BROKEN_SETREUID)
506         AC_DEFINE(BROKEN_SETREGID)
507         AC_DEFINE(USE_PIPES)
508         AC_DEFINE(DISABLE_FD_PASSING)
509         AC_DEFINE(NO_SSH_LASTLOG)
510         LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
511         LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
512         MANTYPE=cat
513         ;;
514 *-dec-osf*)
515         AC_MSG_CHECKING(for Digital Unix SIA)
516         no_osfsia=""
517         AC_ARG_WITH(osfsia,
518                 [  --with-osfsia           Enable Digital Unix SIA],
519                 [
520                         if test "x$withval" = "xno" ; then
521                                 AC_MSG_RESULT(disabled)
522                                 no_osfsia=1
523                         fi
524                 ],
525         )
526         if test -z "$no_osfsia" ; then
527                 if test -f /etc/sia/matrix.conf; then
528                         AC_MSG_RESULT(yes)
529                         AC_DEFINE(HAVE_OSF_SIA)
530                         AC_DEFINE(DISABLE_LOGIN)
531                         AC_DEFINE(DISABLE_FD_PASSING)
532                         LIBS="$LIBS -lsecurity -ldb -lm -laud"
533                 else
534                         AC_MSG_RESULT(no)
535                         AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
536                 fi
537         fi
538         AC_DEFINE(BROKEN_GETADDRINFO)
539         AC_DEFINE(SETEUID_BREAKS_SETUID)
540         AC_DEFINE(BROKEN_SETREUID)
541         AC_DEFINE(BROKEN_SETREGID)
542         ;;
543
544 *-*-nto-qnx)
545         AC_DEFINE(USE_PIPES)
546         AC_DEFINE(NO_X11_UNIX_SOCKETS)
547         AC_DEFINE(MISSING_NFDBITS)
548         AC_DEFINE(MISSING_HOWMANY)
549         AC_DEFINE(MISSING_FD_MASK)
550         ;;
551
552 *-*-ultrix*)
553         AC_DEFINE(BROKEN_GETGROUPS, [], [getgroups(0,NULL) will return -1])
554         AC_DEFINE(BROKEN_MMAP, [], [Ultrix mmap can't map files])
555         AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
556         AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
557         ;;
558
559 *-*-lynxos)
560         CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
561         AC_DEFINE(MISSING_HOWMANY)
562         AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
563         ;;
564 esac
565
566 # Allow user to specify flags
567 AC_ARG_WITH(cflags,
568         [  --with-cflags           Specify additional flags to pass to compiler],
569         [
570                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
571                     test "x${withval}" != "xyes"; then
572                         CFLAGS="$CFLAGS $withval"
573                 fi
574         ]
575 )
576 AC_ARG_WITH(cppflags,
577         [  --with-cppflags         Specify additional flags to pass to preprocessor] ,
578         [
579                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
580                     test "x${withval}" != "xyes"; then
581                         CPPFLAGS="$CPPFLAGS $withval"
582                 fi
583         ]
584 )
585 AC_ARG_WITH(ldflags,
586         [  --with-ldflags          Specify additional flags to pass to linker],
587         [
588                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
589                     test "x${withval}" != "xyes"; then
590                         LDFLAGS="$LDFLAGS $withval"
591                 fi
592         ]
593 )
594 AC_ARG_WITH(libs,
595         [  --with-libs             Specify additional libraries to link with],
596         [
597                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
598                     test "x${withval}" != "xyes"; then
599                         LIBS="$LIBS $withval"
600                 fi
601         ]
602 )
603 AC_ARG_WITH(Werror,
604         [  --with-Werror           Build main code with -Werror],
605         [
606                 if test -n "$withval"  &&  test "x$withval" != "xno"; then
607                         werror_flags="-Werror"
608                         if "x${withval}" != "xyes"; then
609                                 werror_flags="$withval"
610                         fi
611                 fi
612         ]
613 )
614
615 AC_MSG_CHECKING(compiler and flags for sanity)
616 AC_RUN_IFELSE(
617         [AC_LANG_SOURCE([
618 #include <stdio.h>
619 int main(){exit(0);}
620         ])],
621         [       AC_MSG_RESULT(yes) ],
622         [
623                 AC_MSG_RESULT(no)
624                 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
625         ],
626         [       AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
627 )
628
629 dnl Checks for header files.
630 AC_CHECK_HEADERS( \
631         bstring.h \
632         crypt.h \
633         dirent.h \
634         endian.h \
635         features.h \
636         floatingpoint.h \
637         getopt.h \
638         glob.h \
639         ia.h \
640         iaf.h \
641         lastlog.h \
642         limits.h \
643         login.h \
644         login_cap.h \
645         maillock.h \
646         ndir.h \
647         netdb.h \
648         netgroup.h \
649         netinet/in_systm.h \
650         pam/pam_appl.h \
651         paths.h \
652         pty.h \
653         readpassphrase.h \
654         rpc/types.h \
655         security/pam_appl.h \
656         shadow.h \
657         stddef.h \
658         stdint.h \
659         string.h \
660         strings.h \
661         sys/audit.h \
662         sys/bitypes.h \
663         sys/bsdtty.h \
664         sys/cdefs.h \
665         sys/dir.h \
666         sys/mman.h \
667         sys/ndir.h \
668         sys/prctl.h \
669         sys/pstat.h \
670         sys/select.h \
671         sys/stat.h \
672         sys/stream.h \
673         sys/stropts.h \
674         sys/strtio.h \
675         sys/sysmacros.h \
676         sys/time.h \
677         sys/timers.h \
678         sys/un.h \
679         time.h \
680         tmpdir.h \
681         ttyent.h \
682         unistd.h \
683         usersec.h \
684         util.h \
685         utime.h \
686         utmp.h \
687         utmpx.h \
688         vis.h \
689 )
690
691 # sys/ptms.h requires sys/stream.h to be included first on Solaris
692 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
693 #ifdef HAVE_SYS_STREAM_H
694 # include <sys/stream.h>
695 #endif
696 ])
697
698 # Checks for libraries.
699 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
700 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
701
702 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
703 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
704         AC_CHECK_LIB(gen, dirname,[
705                 AC_CACHE_CHECK([for broken dirname],
706                         ac_cv_have_broken_dirname, [
707                         save_LIBS="$LIBS"
708                         LIBS="$LIBS -lgen"
709                         AC_TRY_RUN(
710                                 [
711 #include <libgen.h>
712 #include <string.h>
713
714 int main(int argc, char **argv) {
715     char *s, buf[32];
716
717     strncpy(buf,"/etc", 32);
718     s = dirname(buf);
719     if (!s || strncmp(s, "/", 32) != 0) {
720         exit(1);
721     } else {
722         exit(0);
723     }
724 }
725                                 ],
726                                 [ ac_cv_have_broken_dirname="no" ],
727                                 [ ac_cv_have_broken_dirname="yes" ]
728                         )
729                         LIBS="$save_LIBS"
730                 ])
731                 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
732                         LIBS="$LIBS -lgen"
733                         AC_DEFINE(HAVE_DIRNAME)
734                         AC_CHECK_HEADERS(libgen.h)
735                 fi
736         ])
737 ])
738
739 AC_CHECK_FUNC(getspnam, ,
740         AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
741 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
742
743 dnl zlib is required
744 AC_ARG_WITH(zlib,
745         [  --with-zlib=PATH        Use zlib in PATH],
746         [ if test "x$withval" = "xno" ; then
747                 AC_MSG_ERROR([*** zlib is required ***])
748           elif test "x$withval" != "xyes"; then
749                 if test -d "$withval/lib"; then
750                         if test -n "${need_dash_r}"; then
751                                 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
752                         else
753                                 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
754                         fi
755                 else
756                         if test -n "${need_dash_r}"; then
757                                 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
758                         else
759                                 LDFLAGS="-L${withval} ${LDFLAGS}"
760                         fi
761                 fi
762                 if test -d "$withval/include"; then
763                         CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
764                 else
765                         CPPFLAGS="-I${withval} ${CPPFLAGS}"
766                 fi
767         fi ]
768 )
769
770 AC_CHECK_LIB(z, deflate, ,
771         [
772                 saved_CPPFLAGS="$CPPFLAGS"
773                 saved_LDFLAGS="$LDFLAGS"
774                 save_LIBS="$LIBS"
775                 dnl Check default zlib install dir
776                 if test -n "${need_dash_r}"; then
777                         LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
778                 else
779                         LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
780                 fi
781                 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
782                 LIBS="$LIBS -lz"
783                 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
784                         [
785                                 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
786                         ]
787                 )
788         ]
789 )
790 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
791
792 AC_ARG_WITH(zlib-version-check,
793         [  --without-zlib-version-check Disable zlib version check],
794         [  if test "x$withval" = "xno" ; then
795                 zlib_check_nonfatal=1
796            fi
797         ]
798 )
799
800 AC_MSG_CHECKING(for possibly buggy zlib)
801 AC_RUN_IFELSE([AC_LANG_SOURCE([[
802 #include <stdio.h>
803 #include <zlib.h>
804 int main()
805 {
806         int a=0, b=0, c=0, d=0, n, v;
807         n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
808         if (n != 3 && n != 4)
809                 exit(1);
810         v = a*1000000 + b*10000 + c*100 + d;
811         fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
812
813         /* 1.1.4 is OK */
814         if (a == 1 && b == 1 && c >= 4)
815                 exit(0);
816
817         /* 1.2.3 and up are OK */
818         if (v >= 1020300)
819                 exit(0);
820
821         exit(2);
822 }
823         ]])],
824         AC_MSG_RESULT(no),
825         [ AC_MSG_RESULT(yes)
826           if test -z "$zlib_check_nonfatal" ; then
827                 AC_MSG_ERROR([*** zlib too old - check config.log ***
828 Your reported zlib version has known security problems.  It's possible your
829 vendor has fixed these problems without changing the version number.  If you
830 are sure this is the case, you can disable the check by running
831 "./configure --without-zlib-version-check".
832 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
833 See http://www.gzip.org/zlib/ for details.])
834           else
835                 AC_MSG_WARN([zlib version may have security problems])
836           fi
837         ],
838         [       AC_MSG_WARN([cross compiling: not checking zlib version]) ]
839 )
840
841 dnl UnixWare 2.x
842 AC_CHECK_FUNC(strcasecmp,
843         [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
844 )
845 AC_CHECK_FUNC(utimes,
846         [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
847                                         LIBS="$LIBS -lc89"]) ]
848 )
849
850 dnl    Checks for libutil functions
851 AC_CHECK_HEADERS(libutil.h)
852 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
853 AC_CHECK_FUNCS(logout updwtmp logwtmp)
854
855 AC_FUNC_STRFTIME
856
857 # Check for ALTDIRFUNC glob() extension
858 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
859 AC_EGREP_CPP(FOUNDIT,
860         [
861                 #include <glob.h>
862                 #ifdef GLOB_ALTDIRFUNC
863                 FOUNDIT
864                 #endif
865         ],
866         [
867                 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
868                 AC_MSG_RESULT(yes)
869         ],
870         [
871                 AC_MSG_RESULT(no)
872         ]
873 )
874
875 # Check for g.gl_matchc glob() extension
876 AC_MSG_CHECKING(for gl_matchc field in glob_t)
877 AC_EGREP_CPP(FOUNDIT,
878         [
879                 #include <glob.h>
880                 int main(void){glob_t g; g.gl_matchc = 1;}
881         ],
882         [
883                 AC_DEFINE(GLOB_HAS_GL_MATCHC)
884                 AC_MSG_RESULT(yes)
885         ],
886         [
887                 AC_MSG_RESULT(no)
888         ]
889 )
890
891 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
892 AC_RUN_IFELSE(
893         [AC_LANG_SOURCE([[
894 #include <sys/types.h>
895 #include <dirent.h>
896 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
897         ]])],
898         [AC_MSG_RESULT(yes)],
899         [
900                 AC_MSG_RESULT(no)
901                 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
902         ],
903         [
904                 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
905                 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
906         ]
907 )
908
909 # Check whether the user wants GSSAPI mechglue support
910 AC_ARG_WITH(mechglue,
911         [  --with-mechglue=PATH    Build with GSSAPI mechglue library],
912         [
913                 AC_MSG_CHECKING(for mechglue library)
914
915                 if test -e ${withval}/libgssapi.a ; then
916                     mechglue_lib=${withval}/libgssapi.a
917                 elif test -e ${withval}/lib/libgssapi.a ; then
918                     mechglue_lib=${withval}/lib/libgssapi.a
919                 else
920                     AC_MSG_ERROR("Can't find libgssapi in ${withval}");
921                 fi
922                 LIBS="$LIBS ${mechglue_lib}"
923                 AC_MSG_RESULT(${mechglue_lib})
924
925                 AC_CHECK_LIB(dl, dlopen, , )
926                 if test $ac_cv_lib_dl_dlopen = yes; then
927                    LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
928                 fi
929
930                 AC_DEFINE(GSSAPI)
931                 AC_DEFINE(MECHGLUE)
932                 GSSAPI="mechglue"
933
934         ]
935 )
936
937
938 # Check whether the user wants GSI (Globus) support
939 gsi_path="no"
940 AC_ARG_WITH(gsi,
941         [  --with-gsi              Enable Globus GSI authentication support],
942         [
943                 gsi_path="$withval"
944         ]
945 )
946
947 AC_ARG_WITH(globus,
948         [  --with-globus           Enable Globus GSI authentication support],
949         [
950                 gsi_path="$withval"
951         ]
952 )
953
954 AC_ARG_WITH(globus-static,
955         [  --with-globus-static    Link statically with Globus GSI libraries],
956         [
957                 gsi_static="-static"
958                 if test "x$gsi_path" = "xno" ; then
959                         gsi_path="$withval"
960                 fi
961         ]
962 )
963
964 # Check whether the user has a Globus flavor type
965 globus_flavor_type="no"
966 AC_ARG_WITH(globus-flavor,
967         [  --with-globus-flavor=TYPE  Specify Globus flavor type (ex: gcc32dbg)],
968         [
969                 globus_flavor_type="$withval"
970                 if test "x$gsi_path" = "xno" ; then
971                         gsi_path="yes"
972                 fi
973         ]
974 )
975
976 if test "x$gsi_path" != "xno" ; then
977         # Globus GSSAPI configuration
978         AC_MSG_CHECKING(for Globus GSI)
979         AC_DEFINE(GSI)
980
981         if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
982                 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
983         fi
984         if test -z "$GSSAPI"; then
985                 AC_DEFINE(GSSAPI)
986                 GSSAPI="GSI"
987         fi
988
989         if test "x$gsi_path" = "xyes" ; then
990                 if test -z "$GLOBUS_LOCATION" ; then
991                         AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
992                 else
993                         gsi_path="$GLOBUS_LOCATION"
994                 fi
995         fi
996         GLOBUS_LOCATION="$gsi_path"
997         export GLOBUS_LOCATION
998         if test ! -d "$GLOBUS_LOCATION" ; then
999                 AC_MSG_ERROR(Cannot find Globus installation.  Set GLOBUS_LOCATION environment variable.)
1000         fi
1001
1002         if test "x$globus_flavor_type" = "xno" ; then
1003                 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1004         fi
1005         if test "x$globus_flavor_type" = "xyes" ; then
1006                 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1007         fi
1008
1009         GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1010         if test ! -d "$GLOBUS_INCLUDE" ; then
1011                 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1012         fi
1013         GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
1014         
1015         if test -x ${gsi_path}/bin/globus-makefile-header ; then
1016                 GSI_LIBS=`${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
1017         elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
1018                 GSI_LIBS=`${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
1019         else
1020                 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
1021         fi
1022         if test -n "${need_dash_r}"; then
1023                 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
1024         else
1025                 GSI_LDFLAGS="-L${gsi_path}/lib"
1026         fi
1027         if test -z "$GSI_LIBS" ; then
1028                 AC_MSG_ERROR(globus-makefile-header failed)
1029         fi
1030
1031         AC_DEFINE(HAVE_GSSAPI_H)
1032
1033         LIBS="$LIBS $GSI_LIBS"
1034         LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1035         CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
1036
1037         # test that we got the libraries OK
1038         AC_TRY_LINK(
1039                 [],
1040                 [],
1041                 [
1042                         AC_MSG_RESULT(yes)
1043                 ],
1044                 [
1045                         AC_MSG_ERROR(link with Globus libraries failed)
1046                 ]
1047         )
1048         INSTALL_GSISSH="yes"
1049 else
1050         INSTALL_GSISSH=""
1051 fi
1052 AC_SUBST(INSTALL_GSISSH)
1053 # End Globus/GSI section
1054
1055 AC_MSG_CHECKING([for /proc/pid/fd directory])
1056 if test -d "/proc/$$/fd" ; then
1057         AC_DEFINE(HAVE_PROC_PID)
1058         AC_MSG_RESULT(yes)
1059 else
1060         AC_MSG_RESULT(no)
1061 fi
1062
1063 # Check whether user wants S/Key support
1064 SKEY_MSG="no"
1065 AC_ARG_WITH(skey,
1066         [  --with-skey[[=PATH]]      Enable S/Key support (optionally in PATH)],
1067         [
1068                 if test "x$withval" != "xno" ; then
1069
1070                         if test "x$withval" != "xyes" ; then
1071                                 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1072                                 LDFLAGS="$LDFLAGS -L${withval}/lib"
1073                         fi
1074
1075                         AC_DEFINE(SKEY)
1076                         LIBS="-lskey $LIBS"
1077                         SKEY_MSG="yes"
1078
1079                         AC_MSG_CHECKING([for s/key support])
1080                         AC_TRY_RUN(
1081                                 [
1082 #include <stdio.h>
1083 #include <skey.h>
1084 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1085                                 ],
1086                                 [AC_MSG_RESULT(yes)],
1087                                 [
1088                                         AC_MSG_RESULT(no)
1089                                         AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1090                                 ])
1091                         AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1092                         AC_TRY_COMPILE(
1093                                 [#include <stdio.h>
1094                                  #include <skey.h>],
1095                                 [(void)skeychallenge(NULL,"name","",0);],
1096                                 [AC_MSG_RESULT(yes)
1097                                  AC_DEFINE(SKEYCHALLENGE_4ARG)],
1098                                 [AC_MSG_RESULT(no)]
1099                         )
1100                 fi
1101         ]
1102 )
1103
1104 # Check whether user wants TCP wrappers support
1105 TCPW_MSG="no"
1106 AC_ARG_WITH(tcp-wrappers,
1107         [  --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1108         [
1109                 if test "x$withval" != "xno" ; then
1110                         saved_LIBS="$LIBS"
1111                         saved_LDFLAGS="$LDFLAGS"
1112                         saved_CPPFLAGS="$CPPFLAGS"
1113                         if test -n "${withval}" && \
1114                             test "x${withval}" != "xyes"; then
1115                                 if test -d "${withval}/lib"; then
1116                                         if test -n "${need_dash_r}"; then
1117                                                 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1118                                         else
1119                                                 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1120                                         fi
1121                                 else
1122                                         if test -n "${need_dash_r}"; then
1123                                                 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1124                                         else
1125                                                 LDFLAGS="-L${withval} ${LDFLAGS}"
1126                                         fi
1127                                 fi
1128                                 if test -d "${withval}/include"; then
1129                                         CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1130                                 else
1131                                         CPPFLAGS="-I${withval} ${CPPFLAGS}"
1132                                 fi
1133                         fi
1134                         LIBWRAP="-lwrap"
1135                         LIBS="$LIBWRAP $LIBS"
1136                         AC_MSG_CHECKING(for libwrap)
1137                         AC_TRY_LINK(
1138                                 [
1139 #include <sys/types.h>
1140 #include <sys/socket.h>
1141 #include <netinet/in.h>
1142 #include <tcpd.h>
1143                                         int deny_severity = 0, allow_severity = 0;
1144                                 ],
1145                                 [hosts_access(0);],
1146                                 [
1147                                         AC_MSG_RESULT(yes)
1148                                         AC_DEFINE(LIBWRAP)
1149                                         AC_SUBST(LIBWRAP)
1150                                         TCPW_MSG="yes"
1151                                 ],
1152                                 [
1153                                         AC_MSG_ERROR([*** libwrap missing])
1154                                 ]
1155                         )
1156                         LIBS="$saved_LIBS"
1157                 fi
1158         ]
1159 )
1160
1161 # Check whether user wants libedit support
1162 LIBEDIT_MSG="no"
1163 AC_ARG_WITH(libedit,
1164         [  --with-libedit[[=PATH]]   Enable libedit support for sftp],
1165         [ if test "x$withval" != "xno" ; then
1166                 if test "x$withval" != "xyes"; then
1167                         CPPFLAGS="$CPPFLAGS -I$withval/include"
1168                         LDFLAGS="$LDFLAGS -L$withval/lib"
1169                 fi
1170                 AC_CHECK_LIB(edit, el_init,
1171                         [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
1172                           LIBEDIT="-ledit -lcurses"
1173                           LIBEDIT_MSG="yes"
1174                           AC_SUBST(LIBEDIT)
1175                         ],
1176                         [ AC_MSG_ERROR(libedit not found) ],
1177                         [ -lcurses ]
1178                 )
1179                 AC_MSG_CHECKING(if libedit version is compatible)
1180                 AC_COMPILE_IFELSE(
1181                     [AC_LANG_SOURCE([[
1182 #include <histedit.h>
1183 int main(void)
1184 {
1185         int i = H_SETSIZE;
1186         el_init("", NULL, NULL, NULL);
1187         exit(0);
1188 }
1189                     ]])],
1190                     [ AC_MSG_RESULT(yes) ],
1191                     [ AC_MSG_RESULT(no)
1192                       AC_MSG_ERROR(libedit version is not compatible) ]
1193                 )
1194         fi ]
1195 )
1196
1197 AUDIT_MODULE=none
1198 AC_ARG_WITH(audit,
1199         [  --with-audit=module     Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1200         [
1201           AC_MSG_CHECKING(for supported audit module)
1202           case "$withval" in
1203           bsm)
1204                 AC_MSG_RESULT(bsm)
1205                 AUDIT_MODULE=bsm
1206                 dnl    Checks for headers, libs and functions
1207                 AC_CHECK_HEADERS(bsm/audit.h, [],
1208                     [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1209                 AC_CHECK_LIB(bsm, getaudit, [],
1210                     [AC_MSG_ERROR(BSM enabled and required library not found)])
1211                 AC_CHECK_FUNCS(getaudit, [],
1212                     [AC_MSG_ERROR(BSM enabled and required function not found)])
1213                 # These are optional
1214                 AC_CHECK_FUNCS(getaudit_addr)
1215                 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
1216                 ;;
1217           debug)
1218                 AUDIT_MODULE=debug
1219                 AC_MSG_RESULT(debug)
1220                 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
1221                 ;;
1222           no)
1223                 AC_MSG_RESULT(no)
1224                 ;;
1225           *)
1226                 AC_MSG_ERROR([Unknown audit module $withval])
1227                 ;;
1228         esac ]
1229 )
1230
1231 dnl    Checks for library functions. Please keep in alphabetical order
1232 AC_CHECK_FUNCS( \
1233         arc4random \
1234         b64_ntop \
1235         __b64_ntop \
1236         b64_pton \
1237         __b64_pton \
1238         bcopy \
1239         bindresvport_sa \
1240         clock \
1241         closefrom \
1242         dirfd \
1243         fchmod \
1244         fchown \
1245         freeaddrinfo \
1246         futimes \
1247         getaddrinfo \
1248         getcwd \
1249         getgrouplist \
1250         getnameinfo \
1251         getopt \
1252         getpeereid \
1253         _getpty \
1254         getrlimit \
1255         getttyent \
1256         glob \
1257         inet_aton \
1258         inet_ntoa \
1259         inet_ntop \
1260         innetgr \
1261         login_getcapbool \
1262         md5_crypt \
1263         memmove \
1264         mkdtemp \
1265         mmap \
1266         ngetaddrinfo \
1267         nsleep \
1268         ogetaddrinfo \
1269         openlog_r \
1270         openpty \
1271         prctl \
1272         pstat \
1273         readpassphrase \
1274         realpath \
1275         recvmsg \
1276         rresvport_af \
1277         sendmsg \
1278         setdtablesize \
1279         setegid \
1280         setenv \
1281         seteuid \
1282         setgroups \
1283         setlogin \
1284         setpcred \
1285         setproctitle \
1286         setregid \
1287         setreuid \
1288         setrlimit \
1289         setsid \
1290         setvbuf \
1291         sigaction \
1292         sigvec \
1293         snprintf \
1294         socketpair \
1295         strdup \
1296         strerror \
1297         strlcat \
1298         strlcpy \
1299         strmode \
1300         strnvis \
1301         strtonum \
1302         strtoll \
1303         strtoul \
1304         sysconf \
1305         tcgetpgrp \
1306         truncate \
1307         unsetenv \
1308         updwtmpx \
1309         utimes \
1310         vhangup \
1311         vsnprintf \
1312         waitpid \
1313 )
1314
1315 # IRIX has a const char return value for gai_strerror()
1316 AC_CHECK_FUNCS(gai_strerror,[
1317         AC_DEFINE(HAVE_GAI_STRERROR)
1318         AC_TRY_COMPILE([
1319 #include <sys/types.h>
1320 #include <sys/socket.h>
1321 #include <netdb.h>
1322
1323 const char *gai_strerror(int);],[
1324 char *str;
1325
1326 str = gai_strerror(0);],[
1327                 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1328                 [Define if gai_strerror() returns const char *])])])
1329
1330 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
1331
1332 dnl Make sure prototypes are defined for these before using them.
1333 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1334 AC_CHECK_DECL(strsep,
1335         [AC_CHECK_FUNCS(strsep)],
1336         [],
1337         [
1338 #ifdef HAVE_STRING_H
1339 # include <string.h>
1340 #endif
1341         ])
1342
1343 dnl tcsendbreak might be a macro
1344 AC_CHECK_DECL(tcsendbreak,
1345         [AC_DEFINE(HAVE_TCSENDBREAK)],
1346         [AC_CHECK_FUNCS(tcsendbreak)],
1347         [#include <termios.h>]
1348 )
1349
1350 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1351
1352 AC_CHECK_FUNCS(setresuid, [
1353         dnl Some platorms have setresuid that isn't implemented, test for this
1354         AC_MSG_CHECKING(if setresuid seems to work)
1355         AC_RUN_IFELSE(
1356                 [AC_LANG_SOURCE([[
1357 #include <stdlib.h>
1358 #include <errno.h>
1359 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1360                 ]])],
1361                 [AC_MSG_RESULT(yes)],
1362                 [AC_DEFINE(BROKEN_SETRESUID)
1363                  AC_MSG_RESULT(not implemented)],
1364                 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1365         )
1366 ])
1367
1368 AC_CHECK_FUNCS(setresgid, [
1369         dnl Some platorms have setresgid that isn't implemented, test for this
1370         AC_MSG_CHECKING(if setresgid seems to work)
1371         AC_RUN_IFELSE(
1372                 [AC_LANG_SOURCE([[
1373 #include <stdlib.h>
1374 #include <errno.h>
1375 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1376                 ]])],
1377                 [AC_MSG_RESULT(yes)],
1378                 [AC_DEFINE(BROKEN_SETRESGID)
1379                  AC_MSG_RESULT(not implemented)],
1380                 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1381         )
1382 ])
1383
1384 dnl    Checks for time functions
1385 AC_CHECK_FUNCS(gettimeofday time)
1386 dnl    Checks for utmp functions
1387 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1388 AC_CHECK_FUNCS(utmpname)
1389 dnl    Checks for utmpx functions
1390 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1391 AC_CHECK_FUNCS(setutxent utmpxname)
1392
1393 AC_CHECK_FUNC(daemon,
1394         [AC_DEFINE(HAVE_DAEMON)],
1395         [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1396 )
1397
1398 AC_CHECK_FUNC(getpagesize,
1399         [AC_DEFINE(HAVE_GETPAGESIZE)],
1400         [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1401 )
1402
1403 # Check for broken snprintf
1404 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1405         AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1406         AC_RUN_IFELSE(
1407                 [AC_LANG_SOURCE([[
1408 #include <stdio.h>
1409 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1410                 ]])],
1411                 [AC_MSG_RESULT(yes)],
1412                 [
1413                         AC_MSG_RESULT(no)
1414                         AC_DEFINE(BROKEN_SNPRINTF)
1415                         AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1416                 ],
1417                 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1418         )
1419 fi
1420
1421 # Check for missing getpeereid (or equiv) support
1422 NO_PEERCHECK=""
1423 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1424         AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1425         AC_TRY_COMPILE(
1426                 [#include <sys/types.h>
1427                  #include <sys/socket.h>],
1428                 [int i = SO_PEERCRED;],
1429                 [ AC_MSG_RESULT(yes)
1430                   AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option])
1431                 ],
1432                 [AC_MSG_RESULT(no)
1433                 NO_PEERCHECK=1]
1434         )
1435 fi
1436
1437 dnl see whether mkstemp() requires XXXXXX
1438 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1439 AC_MSG_CHECKING([for (overly) strict mkstemp])
1440 AC_TRY_RUN(
1441         [
1442 #include <stdlib.h>
1443 main() { char template[]="conftest.mkstemp-test";
1444 if (mkstemp(template) == -1)
1445         exit(1);
1446 unlink(template); exit(0);
1447 }
1448         ],
1449         [
1450                 AC_MSG_RESULT(no)
1451         ],
1452         [
1453                 AC_MSG_RESULT(yes)
1454                 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1455         ],
1456         [
1457                 AC_MSG_RESULT(yes)
1458                 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1459         ]
1460 )
1461 fi
1462
1463 dnl make sure that openpty does not reacquire controlling terminal
1464 if test ! -z "$check_for_openpty_ctty_bug"; then
1465         AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1466         AC_TRY_RUN(
1467                 [
1468 #include <stdio.h>
1469 #include <sys/fcntl.h>
1470 #include <sys/types.h>
1471 #include <sys/wait.h>
1472
1473 int
1474 main()
1475 {
1476         pid_t pid;
1477         int fd, ptyfd, ttyfd, status;
1478
1479         pid = fork();
1480         if (pid < 0) {          /* failed */
1481                 exit(1);
1482         } else if (pid > 0) {   /* parent */
1483                 waitpid(pid, &status, 0);
1484                 if (WIFEXITED(status))
1485                         exit(WEXITSTATUS(status));
1486                 else
1487                         exit(2);
1488         } else {                /* child */
1489                 close(0); close(1); close(2);
1490                 setsid();
1491                 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1492                 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1493                 if (fd >= 0)
1494                         exit(3);        /* Acquired ctty: broken */
1495                 else
1496                         exit(0);        /* Did not acquire ctty: OK */
1497         }
1498 }
1499                 ],
1500                 [
1501                         AC_MSG_RESULT(yes)
1502                 ],
1503                 [
1504                         AC_MSG_RESULT(no)
1505                         AC_DEFINE(SSHD_ACQUIRES_CTTY)
1506                 ]
1507         )
1508 fi
1509
1510 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1511     test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1512         AC_MSG_CHECKING(if getaddrinfo seems to work)
1513         AC_TRY_RUN(
1514                 [
1515 #include <stdio.h>
1516 #include <sys/socket.h>
1517 #include <netdb.h>
1518 #include <errno.h>
1519 #include <netinet/in.h>
1520
1521 #define TEST_PORT "2222"
1522
1523 int
1524 main(void)
1525 {
1526         int err, sock;
1527         struct addrinfo *gai_ai, *ai, hints;
1528         char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1529
1530         memset(&hints, 0, sizeof(hints));
1531         hints.ai_family = PF_UNSPEC;
1532         hints.ai_socktype = SOCK_STREAM;
1533         hints.ai_flags = AI_PASSIVE;
1534
1535         err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1536         if (err != 0) {
1537                 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1538                 exit(1);
1539         }
1540
1541         for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1542                 if (ai->ai_family != AF_INET6)
1543                         continue;
1544
1545                 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1546                     sizeof(ntop), strport, sizeof(strport),
1547                     NI_NUMERICHOST|NI_NUMERICSERV);
1548
1549                 if (err != 0) {
1550                         if (err == EAI_SYSTEM)
1551                                 perror("getnameinfo EAI_SYSTEM");
1552                         else
1553                                 fprintf(stderr, "getnameinfo failed: %s\n",
1554                                     gai_strerror(err));
1555                         exit(2);
1556                 }
1557
1558                 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1559                 if (sock < 0)
1560                         perror("socket");
1561                 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1562                         if (errno == EBADF)
1563                                 exit(3);
1564                 }
1565         }
1566         exit(0);
1567 }
1568                 ],
1569                 [
1570                         AC_MSG_RESULT(yes)
1571                 ],
1572                 [
1573                         AC_MSG_RESULT(no)
1574                         AC_DEFINE(BROKEN_GETADDRINFO)
1575                 ]
1576         )
1577 fi
1578
1579 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1580     test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1581         AC_MSG_CHECKING(if getaddrinfo seems to work)
1582         AC_TRY_RUN(
1583                 [
1584 #include <stdio.h>
1585 #include <sys/socket.h>
1586 #include <netdb.h>
1587 #include <errno.h>
1588 #include <netinet/in.h>
1589
1590 #define TEST_PORT "2222"
1591
1592 int
1593 main(void)
1594 {
1595         int err, sock;
1596         struct addrinfo *gai_ai, *ai, hints;
1597         char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1598
1599         memset(&hints, 0, sizeof(hints));
1600         hints.ai_family = PF_UNSPEC;
1601         hints.ai_socktype = SOCK_STREAM;
1602         hints.ai_flags = AI_PASSIVE;
1603
1604         err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1605         if (err != 0) {
1606                 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1607                 exit(1);
1608         }
1609
1610         for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1611                 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1612                         continue;
1613
1614                 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1615                     sizeof(ntop), strport, sizeof(strport),
1616                     NI_NUMERICHOST|NI_NUMERICSERV);
1617
1618                 if (ai->ai_family == AF_INET && err != 0) {
1619                         perror("getnameinfo");
1620                         exit(2);
1621                 }
1622         }
1623         exit(0);
1624 }
1625                 ],
1626                 [
1627                         AC_MSG_RESULT(yes)
1628                         AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1629 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1630                 ],
1631                 [
1632                         AC_MSG_RESULT(no)
1633                         AC_DEFINE(BROKEN_GETADDRINFO)
1634                 ]
1635         )
1636 fi
1637
1638 if test "x$check_for_conflicting_getspnam" = "x1"; then
1639         AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1640         AC_COMPILE_IFELSE(
1641                 [
1642 #include <shadow.h>
1643 int main(void) {exit(0);}
1644                 ],
1645                 [
1646                         AC_MSG_RESULT(no)
1647                 ],
1648                 [
1649                         AC_MSG_RESULT(yes)
1650                         AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1651                             [Conflicting defs for getspnam])
1652                 ]
1653         )
1654 fi
1655
1656 AC_FUNC_GETPGRP
1657
1658 # Check for PAM libs
1659 PAM_MSG="no"
1660 AC_ARG_WITH(pam,
1661         [  --with-pam              Enable PAM support ],
1662         [
1663                 if test "x$withval" != "xno" ; then
1664                         if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1665                            test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1666                                 AC_MSG_ERROR([PAM headers not found])
1667                         fi
1668
1669                         AC_CHECK_LIB(dl, dlopen, , )
1670                         AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1671                         AC_CHECK_FUNCS(pam_getenvlist)
1672                         AC_CHECK_FUNCS(pam_putenv)
1673
1674                         PAM_MSG="yes"
1675
1676                         AC_DEFINE(USE_PAM)
1677                         if test $ac_cv_lib_dl_dlopen = yes; then
1678                                 LIBPAM="-lpam -ldl"
1679                         else
1680                                 LIBPAM="-lpam"
1681                         fi
1682                         AC_SUBST(LIBPAM)
1683                 fi
1684         ]
1685 )
1686
1687 # Check for older PAM
1688 if test "x$PAM_MSG" = "xyes" ; then
1689         # Check PAM strerror arguments (old PAM)
1690         AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1691         AC_TRY_COMPILE(
1692                 [
1693 #include <stdlib.h>
1694 #if defined(HAVE_SECURITY_PAM_APPL_H)
1695 #include <security/pam_appl.h>
1696 #elif defined (HAVE_PAM_PAM_APPL_H)
1697 #include <pam/pam_appl.h>
1698 #endif
1699                 ],
1700                 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1701                 [AC_MSG_RESULT(no)],
1702                 [
1703                         AC_DEFINE(HAVE_OLD_PAM)
1704                         AC_MSG_RESULT(yes)
1705                         PAM_MSG="yes (old library)"
1706                 ]
1707         )
1708 fi
1709
1710 # Search for OpenSSL
1711 saved_CPPFLAGS="$CPPFLAGS"
1712 saved_LDFLAGS="$LDFLAGS"
1713 AC_ARG_WITH(ssl-dir,
1714         [  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
1715         [
1716                 if test "x$withval" != "xno" ; then
1717                         case "$withval" in
1718                                 # Relative paths
1719                                 ./*|../*)       withval="`pwd`/$withval"
1720                         esac
1721                         if test -d "$withval/lib"; then
1722                                 if test -n "${need_dash_r}"; then
1723                                         LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1724                                 else
1725                                         LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1726                                 fi
1727                         else
1728                                 if test -n "${need_dash_r}"; then
1729                                         LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1730                                 else
1731                                         LDFLAGS="-L${withval} ${LDFLAGS}"
1732                                 fi
1733                         fi
1734                         if test -d "$withval/include"; then
1735                                 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1736                         else
1737                                 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1738                         fi
1739                 fi
1740         ]
1741 )
1742 if test -z "$GSI_LIBS" ; then
1743 LIBS="-lcrypto $LIBS"
1744 fi
1745 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1746         [
1747                 dnl Check default openssl install dir
1748                 if test -n "${need_dash_r}"; then
1749                         LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1750                 else
1751                         LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1752                 fi
1753                 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1754                 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1755                         [
1756                                 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1757                         ]
1758                 )
1759         ]
1760 )
1761
1762 # Determine OpenSSL header version
1763 AC_MSG_CHECKING([OpenSSL header version])
1764 AC_RUN_IFELSE(
1765         [AC_LANG_SOURCE([[
1766 #include <stdio.h>
1767 #include <string.h>
1768 #include <openssl/opensslv.h>
1769 #define DATA "conftest.sslincver"
1770 int main(void) {
1771         FILE *fd;
1772         int rc;
1773
1774         fd = fopen(DATA,"w");
1775         if(fd == NULL)
1776                 exit(1);
1777
1778         if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1779                 exit(1);
1780
1781         exit(0);
1782 }
1783         ]])],
1784         [
1785                 ssl_header_ver=`cat conftest.sslincver`
1786                 AC_MSG_RESULT($ssl_header_ver)
1787         ],
1788         [
1789                 AC_MSG_RESULT(not found)
1790                 AC_MSG_ERROR(OpenSSL version header not found.)
1791         ],
1792         [
1793                 AC_MSG_WARN([cross compiling: not checking])
1794         ]
1795 )
1796
1797 # Determine OpenSSL library version
1798 AC_MSG_CHECKING([OpenSSL library version])
1799 AC_RUN_IFELSE(
1800         [AC_LANG_SOURCE([[
1801 #include <stdio.h>
1802 #include <string.h>
1803 #include <openssl/opensslv.h>
1804 #include <openssl/crypto.h>
1805 #define DATA "conftest.ssllibver"
1806 int main(void) {
1807         FILE *fd;
1808         int rc;
1809
1810         fd = fopen(DATA,"w");
1811         if(fd == NULL)
1812                 exit(1);
1813
1814         if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1815                 exit(1);
1816
1817         exit(0);
1818 }
1819         ]])],
1820         [
1821                 ssl_library_ver=`cat conftest.ssllibver`
1822                 AC_MSG_RESULT($ssl_library_ver)
1823         ],
1824         [
1825                 AC_MSG_RESULT(not found)
1826                 AC_MSG_ERROR(OpenSSL library not found.)
1827         ],
1828         [
1829                 AC_MSG_WARN([cross compiling: not checking])
1830         ]
1831 )
1832
1833 # Sanity check OpenSSL headers
1834 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1835 AC_RUN_IFELSE(
1836         [AC_LANG_SOURCE([[
1837 #include <string.h>
1838 #include <openssl/opensslv.h>
1839 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1840         ]])],
1841         [
1842                 AC_MSG_RESULT(yes)
1843         ],
1844         [
1845                 AC_MSG_RESULT(no)
1846                 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1847 Check config.log for details.
1848 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1849         ],
1850         [
1851                 AC_MSG_WARN([cross compiling: not checking])
1852         ]
1853 )
1854
1855 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1856 # because the system crypt() is more featureful.
1857 if test "x$check_for_libcrypt_before" = "x1"; then
1858         AC_CHECK_LIB(crypt, crypt)
1859 fi
1860
1861 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1862 # version in OpenSSL.
1863 if test "x$check_for_libcrypt_later" = "x1"; then
1864         AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1865 fi
1866
1867 AC_CHECK_LIB(iaf, ia_openinfo)
1868
1869 ### Configure cryptographic random number support
1870
1871 # Check wheter OpenSSL seeds itself
1872 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1873 AC_RUN_IFELSE(
1874         [AC_LANG_SOURCE([[
1875 #include <string.h>
1876 #include <openssl/rand.h>
1877 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1878         ]])],
1879         [
1880                 OPENSSL_SEEDS_ITSELF=yes
1881                 AC_MSG_RESULT(yes)
1882         ],
1883         [
1884                 AC_MSG_RESULT(no)
1885                 # Default to use of the rand helper if OpenSSL doesn't
1886                 # seed itself
1887                 USE_RAND_HELPER=yes
1888         ],
1889         [
1890                 AC_MSG_WARN([cross compiling: assuming yes])
1891                 # This is safe, since all recent OpenSSL versions will
1892                 # complain at runtime if not seeded correctly.
1893                 OPENSSL_SEEDS_ITSELF=yes
1894         ]
1895 )
1896
1897
1898 # Do we want to force the use of the rand helper?
1899 AC_ARG_WITH(rand-helper,
1900         [  --with-rand-helper      Use subprocess to gather strong randomness ],
1901         [
1902                 if test "x$withval" = "xno" ; then
1903                         # Force use of OpenSSL's internal RNG, even if
1904                         # the previous test showed it to be unseeded.
1905                         if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1906                                 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1907                                 OPENSSL_SEEDS_ITSELF=yes
1908                                 USE_RAND_HELPER=""
1909                         fi
1910                 else
1911                         USE_RAND_HELPER=yes
1912                 fi
1913         ],
1914 )
1915
1916 # Which randomness source do we use?
1917 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1918         # OpenSSL only
1919         AC_DEFINE(OPENSSL_PRNG_ONLY)
1920         RAND_MSG="OpenSSL internal ONLY"
1921         INSTALL_SSH_RAND_HELPER=""
1922 elif test ! -z "$USE_RAND_HELPER" ; then
1923         # install rand helper
1924         RAND_MSG="ssh-rand-helper"
1925         INSTALL_SSH_RAND_HELPER="yes"
1926 fi
1927 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1928
1929 ### Configuration of ssh-rand-helper
1930
1931 # PRNGD TCP socket
1932 AC_ARG_WITH(prngd-port,
1933         [  --with-prngd-port=PORT  read entropy from PRNGD/EGD TCP localhost:PORT],
1934         [
1935                 case "$withval" in
1936                 no)
1937                         withval=""
1938                         ;;
1939                 [[0-9]]*)
1940                         ;;
1941                 *)
1942                         AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1943                         ;;
1944                 esac
1945                 if test ! -z "$withval" ; then
1946                         PRNGD_PORT="$withval"
1947                         AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1948                 fi
1949         ]
1950 )
1951
1952 # PRNGD Unix domain socket
1953 AC_ARG_WITH(prngd-socket,
1954         [  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1955         [
1956                 case "$withval" in
1957                 yes)
1958                         withval="/var/run/egd-pool"
1959                         ;;
1960                 no)
1961                         withval=""
1962                         ;;
1963                 /*)
1964                         ;;
1965                 *)
1966                         AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1967                         ;;
1968                 esac
1969
1970                 if test ! -z "$withval" ; then
1971                         if test ! -z "$PRNGD_PORT" ; then
1972                                 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1973                         fi
1974                         if test ! -r "$withval" ; then
1975                                 AC_MSG_WARN(Entropy socket is not readable)
1976                         fi
1977                         PRNGD_SOCKET="$withval"
1978                         AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1979                 fi
1980         ],
1981         [
1982                 # Check for existing socket only if we don't have a random device already
1983                 if test "$USE_RAND_HELPER" = yes ; then
1984                         AC_MSG_CHECKING(for PRNGD/EGD socket)
1985                         # Insert other locations here
1986                         for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1987                                 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1988                                         PRNGD_SOCKET="$sock"
1989                                         AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1990                                         break;
1991                                 fi
1992                         done
1993                         if test ! -z "$PRNGD_SOCKET" ; then
1994                                 AC_MSG_RESULT($PRNGD_SOCKET)
1995                         else
1996                                 AC_MSG_RESULT(not found)
1997                         fi
1998                 fi
1999         ]
2000 )
2001
2002 # Change default command timeout for hashing entropy source
2003 entropy_timeout=200
2004 AC_ARG_WITH(entropy-timeout,
2005         [  --with-entropy-timeout  Specify entropy gathering command timeout (msec)],
2006         [
2007                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
2008                     test "x${withval}" != "xyes"; then
2009                         entropy_timeout=$withval
2010                 fi
2011         ]
2012 )
2013 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
2014
2015 SSH_PRIVSEP_USER=sshd
2016 AC_ARG_WITH(privsep-user,
2017         [  --with-privsep-user=user Specify non-privileged user for privilege separation],
2018         [
2019                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
2020                     test "x${withval}" != "xyes"; then
2021                         SSH_PRIVSEP_USER=$withval
2022                 fi
2023         ]
2024 )
2025 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
2026 AC_SUBST(SSH_PRIVSEP_USER)
2027
2028 # We do this little dance with the search path to insure
2029 # that programs that we select for use by installed programs
2030 # (which may be run by the super-user) come from trusted
2031 # locations before they come from the user's private area.
2032 # This should help avoid accidentally configuring some
2033 # random version of a program in someone's personal bin.
2034
2035 OPATH=$PATH
2036 PATH=/bin:/usr/bin
2037 test -h /bin 2> /dev/null && PATH=/usr/bin
2038 test -d /sbin && PATH=$PATH:/sbin
2039 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2040 PATH=$PATH:/etc:$OPATH
2041
2042 # These programs are used by the command hashing source to gather entropy
2043 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2044 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2045 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2046 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2047 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2048 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2049 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2050 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2051 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2052 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2053 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2054 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2055 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2056 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2057 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2058 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2059 # restore PATH
2060 PATH=$OPATH
2061
2062 # Where does ssh-rand-helper get its randomness from?
2063 INSTALL_SSH_PRNG_CMDS=""
2064 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2065         if test ! -z "$PRNGD_PORT" ; then
2066                 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2067         elif test ! -z "$PRNGD_SOCKET" ; then
2068                 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2069         else
2070                 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2071                 RAND_HELPER_CMDHASH=yes
2072                 INSTALL_SSH_PRNG_CMDS="yes"
2073         fi
2074 fi
2075 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2076
2077
2078 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2079 if test ! -z "$SONY" ; then
2080   LIBS="$LIBS -liberty";
2081 fi
2082
2083 # Checks for data types
2084 AC_CHECK_SIZEOF(char, 1)
2085 AC_CHECK_SIZEOF(short int, 2)
2086 AC_CHECK_SIZEOF(int, 4)
2087 AC_CHECK_SIZEOF(long int, 4)
2088 AC_CHECK_SIZEOF(long long int, 8)
2089
2090 # Sanity check long long for some platforms (AIX)
2091 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2092         ac_cv_sizeof_long_long_int=0
2093 fi
2094
2095 # More checks for data types
2096 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2097         AC_TRY_COMPILE(
2098                 [ #include <sys/types.h> ],
2099                 [ u_int a; a = 1;],
2100                 [ ac_cv_have_u_int="yes" ],
2101                 [ ac_cv_have_u_int="no" ]
2102         )
2103 ])
2104 if test "x$ac_cv_have_u_int" = "xyes" ; then
2105         AC_DEFINE(HAVE_U_INT)
2106         have_u_int=1
2107 fi
2108
2109 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2110         AC_TRY_COMPILE(
2111                 [ #include <sys/types.h> ],
2112                 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2113                 [ ac_cv_have_intxx_t="yes" ],
2114                 [ ac_cv_have_intxx_t="no" ]
2115         )
2116 ])
2117 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2118         AC_DEFINE(HAVE_INTXX_T)
2119         have_intxx_t=1
2120 fi
2121
2122 if (test -z "$have_intxx_t" && \
2123            test "x$ac_cv_header_stdint_h" = "xyes")
2124 then
2125     AC_MSG_CHECKING([for intXX_t types in stdint.h])
2126         AC_TRY_COMPILE(
2127                 [ #include <stdint.h> ],
2128                 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2129                 [
2130                         AC_DEFINE(HAVE_INTXX_T)
2131                         AC_MSG_RESULT(yes)
2132                 ],
2133                 [ AC_MSG_RESULT(no) ]
2134         )
2135 fi
2136
2137 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2138         AC_TRY_COMPILE(
2139                 [
2140 #include <sys/types.h>
2141 #ifdef HAVE_STDINT_H
2142 # include <stdint.h>
2143 #endif
2144 #include <sys/socket.h>
2145 #ifdef HAVE_SYS_BITYPES_H
2146 # include <sys/bitypes.h>
2147 #endif
2148                 ],
2149                 [ int64_t a; a = 1;],
2150                 [ ac_cv_have_int64_t="yes" ],
2151                 [ ac_cv_have_int64_t="no" ]
2152         )
2153 ])
2154 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2155         AC_DEFINE(HAVE_INT64_T)
2156 fi
2157
2158 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2159         AC_TRY_COMPILE(
2160                 [ #include <sys/types.h> ],
2161                 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2162                 [ ac_cv_have_u_intxx_t="yes" ],
2163                 [ ac_cv_have_u_intxx_t="no" ]
2164         )
2165 ])
2166 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2167         AC_DEFINE(HAVE_U_INTXX_T)
2168         have_u_intxx_t=1
2169 fi
2170
2171 if test -z "$have_u_intxx_t" ; then
2172     AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2173         AC_TRY_COMPILE(
2174                 [ #include <sys/socket.h> ],
2175                 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2176                 [
2177                         AC_DEFINE(HAVE_U_INTXX_T)
2178                         AC_MSG_RESULT(yes)
2179                 ],
2180                 [ AC_MSG_RESULT(no) ]
2181         )
2182 fi
2183
2184 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2185         AC_TRY_COMPILE(
2186                 [ #include <sys/types.h> ],
2187                 [ u_int64_t a; a = 1;],
2188                 [ ac_cv_have_u_int64_t="yes" ],
2189                 [ ac_cv_have_u_int64_t="no" ]
2190         )
2191 ])
2192 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2193         AC_DEFINE(HAVE_U_INT64_T)
2194         have_u_int64_t=1
2195 fi
2196
2197 if test -z "$have_u_int64_t" ; then
2198     AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2199         AC_TRY_COMPILE(
2200                 [ #include <sys/bitypes.h> ],
2201                 [ u_int64_t a; a = 1],
2202                 [
2203                         AC_DEFINE(HAVE_U_INT64_T)
2204                         AC_MSG_RESULT(yes)
2205                 ],
2206                 [ AC_MSG_RESULT(no) ]
2207         )
2208 fi
2209
2210 if test -z "$have_u_intxx_t" ; then
2211         AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2212                 AC_TRY_COMPILE(
2213                         [
2214 #include <sys/types.h>
2215                         ],
2216                         [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2217                         [ ac_cv_have_uintxx_t="yes" ],
2218                         [ ac_cv_have_uintxx_t="no" ]
2219                 )
2220         ])
2221         if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2222                 AC_DEFINE(HAVE_UINTXX_T)
2223         fi
2224 fi
2225
2226 if test -z "$have_uintxx_t" ; then
2227     AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2228         AC_TRY_COMPILE(
2229                 [ #include <stdint.h> ],
2230                 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2231                 [
2232                         AC_DEFINE(HAVE_UINTXX_T)
2233                         AC_MSG_RESULT(yes)
2234                 ],
2235                 [ AC_MSG_RESULT(no) ]
2236         )
2237 fi
2238
2239 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2240            test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2241 then
2242         AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2243         AC_TRY_COMPILE(
2244                 [
2245 #include <sys/bitypes.h>
2246                 ],
2247                 [
2248                         int8_t a; int16_t b; int32_t c;
2249                         u_int8_t e; u_int16_t f; u_int32_t g;
2250                         a = b = c = e = f = g = 1;
2251                 ],
2252                 [
2253                         AC_DEFINE(HAVE_U_INTXX_T)
2254                         AC_DEFINE(HAVE_INTXX_T)
2255                         AC_MSG_RESULT(yes)
2256                 ],
2257                 [AC_MSG_RESULT(no)]
2258         )
2259 fi
2260
2261
2262 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2263         AC_TRY_COMPILE(
2264                 [
2265 #include <sys/types.h>
2266                 ],
2267                 [ u_char foo; foo = 125; ],
2268                 [ ac_cv_have_u_char="yes" ],
2269                 [ ac_cv_have_u_char="no" ]
2270         )
2271 ])
2272 if test "x$ac_cv_have_u_char" = "xyes" ; then
2273         AC_DEFINE(HAVE_U_CHAR)
2274 fi
2275
2276 TYPE_SOCKLEN_T
2277
2278 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2279
2280 AC_CHECK_TYPES(in_addr_t,,,
2281 [#include <sys/types.h>
2282 #include <netinet/in.h>])
2283
2284 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2285         AC_TRY_COMPILE(
2286                 [
2287 #include <sys/types.h>
2288                 ],
2289                 [ size_t foo; foo = 1235; ],
2290                 [ ac_cv_have_size_t="yes" ],
2291                 [ ac_cv_have_size_t="no" ]
2292         )
2293 ])
2294 if test "x$ac_cv_have_size_t" = "xyes" ; then
2295         AC_DEFINE(HAVE_SIZE_T)
2296 fi
2297
2298 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2299         AC_TRY_COMPILE(
2300                 [
2301 #include <sys/types.h>
2302                 ],
2303                 [ ssize_t foo; foo = 1235; ],
2304                 [ ac_cv_have_ssize_t="yes" ],
2305                 [ ac_cv_have_ssize_t="no" ]
2306         )
2307 ])
2308 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2309         AC_DEFINE(HAVE_SSIZE_T)
2310 fi
2311
2312 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2313         AC_TRY_COMPILE(
2314                 [
2315 #include <time.h>
2316                 ],
2317                 [ clock_t foo; foo = 1235; ],
2318                 [ ac_cv_have_clock_t="yes" ],
2319                 [ ac_cv_have_clock_t="no" ]
2320         )
2321 ])
2322 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2323         AC_DEFINE(HAVE_CLOCK_T)
2324 fi
2325
2326 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2327         AC_TRY_COMPILE(
2328                 [
2329 #include <sys/types.h>
2330 #include <sys/socket.h>
2331                 ],
2332                 [ sa_family_t foo; foo = 1235; ],
2333                 [ ac_cv_have_sa_family_t="yes" ],
2334                 [ AC_TRY_COMPILE(
2335                   [
2336 #include <sys/types.h>
2337 #include <sys/socket.h>
2338 #include <netinet/in.h>
2339                 ],
2340                 [ sa_family_t foo; foo = 1235; ],
2341                 [ ac_cv_have_sa_family_t="yes" ],
2342
2343                 [ ac_cv_have_sa_family_t="no" ]
2344         )]
2345         )
2346 ])
2347 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2348         AC_DEFINE(HAVE_SA_FAMILY_T)
2349 fi
2350
2351 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2352         AC_TRY_COMPILE(
2353                 [
2354 #include <sys/types.h>
2355                 ],
2356                 [ pid_t foo; foo = 1235; ],
2357                 [ ac_cv_have_pid_t="yes" ],
2358                 [ ac_cv_have_pid_t="no" ]
2359         )
2360 ])
2361 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2362         AC_DEFINE(HAVE_PID_T)
2363 fi
2364
2365 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2366         AC_TRY_COMPILE(
2367                 [
2368 #include <sys/types.h>
2369                 ],
2370                 [ mode_t foo; foo = 1235; ],
2371                 [ ac_cv_have_mode_t="yes" ],
2372                 [ ac_cv_have_mode_t="no" ]
2373         )
2374 ])
2375 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2376         AC_DEFINE(HAVE_MODE_T)
2377 fi
2378
2379
2380 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2381         AC_TRY_COMPILE(
2382                 [
2383 #include <sys/types.h>
2384 #include <sys/socket.h>
2385                 ],
2386                 [ struct sockaddr_storage s; ],
2387                 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2388                 [ ac_cv_have_struct_sockaddr_storage="no" ]
2389         )
2390 ])
2391 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2392         AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
2393 fi
2394
2395 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2396         AC_TRY_COMPILE(
2397                 [
2398 #include <sys/types.h>
2399 #include <netinet/in.h>
2400                 ],
2401                 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2402                 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2403                 [ ac_cv_have_struct_sockaddr_in6="no" ]
2404         )
2405 ])
2406 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2407         AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
2408 fi
2409
2410 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2411         AC_TRY_COMPILE(
2412                 [
2413 #include <sys/types.h>
2414 #include <netinet/in.h>
2415                 ],
2416                 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2417                 [ ac_cv_have_struct_in6_addr="yes" ],
2418                 [ ac_cv_have_struct_in6_addr="no" ]
2419         )
2420 ])
2421 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2422         AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
2423 fi
2424
2425 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2426         AC_TRY_COMPILE(
2427                 [
2428 #include <sys/types.h>
2429 #include <sys/socket.h>
2430 #include <netdb.h>
2431                 ],
2432                 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2433                 [ ac_cv_have_struct_addrinfo="yes" ],
2434                 [ ac_cv_have_struct_addrinfo="no" ]
2435         )
2436 ])
2437 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2438         AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2439 fi
2440
2441 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2442         AC_TRY_COMPILE(
2443                 [ #include <sys/time.h> ],
2444                 [ struct timeval tv; tv.tv_sec = 1;],
2445                 [ ac_cv_have_struct_timeval="yes" ],
2446                 [ ac_cv_have_struct_timeval="no" ]
2447         )
2448 ])
2449 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2450         AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2451         have_struct_timeval=1
2452 fi
2453
2454 AC_CHECK_TYPES(struct timespec)
2455
2456 # We need int64_t or else certian parts of the compile will fail.
2457 if test "x$ac_cv_have_int64_t" = "xno" && \
2458         test "x$ac_cv_sizeof_long_int" != "x8" && \
2459         test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2460         echo "OpenSSH requires int64_t support.  Contact your vendor or install"
2461         echo "an alternative compiler (I.E., GCC) before continuing."
2462         echo ""
2463         exit 1;
2464 else
2465 dnl test snprintf (broken on SCO w/gcc)
2466         AC_RUN_IFELSE(
2467                 [AC_LANG_SOURCE([[
2468 #include <stdio.h>
2469 #include <string.h>
2470 #ifdef HAVE_SNPRINTF
2471 main()
2472 {
2473         char buf[50];
2474         char expected_out[50];
2475         int mazsize = 50 ;
2476 #if (SIZEOF_LONG_INT == 8)
2477         long int num = 0x7fffffffffffffff;
2478 #else
2479         long long num = 0x7fffffffffffffffll;
2480 #endif
2481         strcpy(expected_out, "9223372036854775807");
2482         snprintf(buf, mazsize, "%lld", num);
2483         if(strcmp(buf, expected_out) != 0)
2484                 exit(1);
2485         exit(0);
2486 }
2487 #else
2488 main() { exit(0); }
2489 #endif
2490                 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2491                 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2492         )
2493 fi
2494
2495 dnl Checks for structure members
2496 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2497 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2498 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2499 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2500 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2501 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2502 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2503 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2504 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2505 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2506 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2507 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2508 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2509 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2510 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2511 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2512 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2513
2514 AC_CHECK_MEMBERS([struct stat.st_blksize])
2515
2516 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2517                 ac_cv_have_ss_family_in_struct_ss, [
2518         AC_TRY_COMPILE(
2519                 [
2520 #include <sys/types.h>
2521 #include <sys/socket.h>
2522                 ],
2523                 [ struct sockaddr_storage s; s.ss_family = 1; ],
2524                 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2525                 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2526         )
2527 ])
2528 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2529         AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2530 fi
2531
2532 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2533                 ac_cv_have___ss_family_in_struct_ss, [
2534         AC_TRY_COMPILE(
2535                 [
2536 #include <sys/types.h>
2537 #include <sys/socket.h>
2538                 ],
2539                 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2540                 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2541                 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2542         )
2543 ])
2544 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2545         AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2546 fi
2547
2548 AC_CACHE_CHECK([for pw_class field in struct passwd],
2549                 ac_cv_have_pw_class_in_struct_passwd, [
2550         AC_TRY_COMPILE(
2551                 [
2552 #include <pwd.h>
2553                 ],
2554                 [ struct passwd p; p.pw_class = 0; ],
2555                 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2556                 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2557         )
2558 ])
2559 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2560         AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2561 fi
2562
2563 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2564                 ac_cv_have_pw_expire_in_struct_passwd, [
2565         AC_TRY_COMPILE(
2566                 [
2567 #include <pwd.h>
2568                 ],
2569                 [ struct passwd p; p.pw_expire = 0; ],
2570                 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2571                 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2572         )
2573 ])
2574 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2575         AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2576 fi
2577
2578 AC_CACHE_CHECK([for pw_change field in struct passwd],
2579                 ac_cv_have_pw_change_in_struct_passwd, [
2580         AC_TRY_COMPILE(
2581                 [
2582 #include <pwd.h>
2583                 ],
2584                 [ struct passwd p; p.pw_change = 0; ],
2585                 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2586                 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2587         )
2588 ])
2589 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2590         AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2591 fi
2592
2593 dnl make sure we're using the real structure members and not defines
2594 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2595                 ac_cv_have_accrights_in_msghdr, [
2596         AC_COMPILE_IFELSE(
2597                 [
2598 #include <sys/types.h>
2599 #include <sys/socket.h>
2600 #include <sys/uio.h>
2601 int main() {
2602 #ifdef msg_accrights
2603 #error "msg_accrights is a macro"
2604 exit(1);
2605 #endif
2606 struct msghdr m;
2607 m.msg_accrights = 0;
2608 exit(0);
2609 }
2610                 ],
2611                 [ ac_cv_have_accrights_in_msghdr="yes" ],
2612                 [ ac_cv_have_accrights_in_msghdr="no" ]
2613         )
2614 ])
2615 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2616         AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2617 fi
2618
2619 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2620                 ac_cv_have_control_in_msghdr, [
2621         AC_COMPILE_IFELSE(
2622                 [
2623 #include <sys/types.h>
2624 #include <sys/socket.h>
2625 #include <sys/uio.h>
2626 int main() {
2627 #ifdef msg_control
2628 #error "msg_control is a macro"
2629 exit(1);
2630 #endif
2631 struct msghdr m;
2632 m.msg_control = 0;
2633 exit(0);
2634 }
2635                 ],
2636                 [ ac_cv_have_control_in_msghdr="yes" ],
2637                 [ ac_cv_have_control_in_msghdr="no" ]
2638         )
2639 ])
2640 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2641         AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2642 fi
2643
2644 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2645         AC_TRY_LINK([],
2646                 [ extern char *__progname; printf("%s", __progname); ],
2647                 [ ac_cv_libc_defines___progname="yes" ],
2648                 [ ac_cv_libc_defines___progname="no" ]
2649         )
2650 ])
2651 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2652         AC_DEFINE(HAVE___PROGNAME)
2653 fi
2654
2655 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2656         AC_TRY_LINK([
2657 #include <stdio.h>
2658 ],
2659                 [ printf("%s", __FUNCTION__); ],
2660                 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2661                 [ ac_cv_cc_implements___FUNCTION__="no" ]
2662         )
2663 ])
2664 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2665         AC_DEFINE(HAVE___FUNCTION__)
2666 fi
2667
2668 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2669         AC_TRY_LINK([
2670 #include <stdio.h>
2671 ],
2672                 [ printf("%s", __func__); ],
2673                 [ ac_cv_cc_implements___func__="yes" ],
2674                 [ ac_cv_cc_implements___func__="no" ]
2675         )
2676 ])
2677 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2678         AC_DEFINE(HAVE___func__)
2679 fi
2680
2681 AC_CACHE_CHECK([whether getopt has optreset support],
2682                 ac_cv_have_getopt_optreset, [
2683         AC_TRY_LINK(
2684                 [
2685 #include <getopt.h>
2686                 ],
2687                 [ extern int optreset; optreset = 0; ],
2688                 [ ac_cv_have_getopt_optreset="yes" ],
2689                 [ ac_cv_have_getopt_optreset="no" ]
2690         )
2691 ])
2692 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2693         AC_DEFINE(HAVE_GETOPT_OPTRESET)
2694 fi
2695
2696 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2697         AC_TRY_LINK([],
2698                 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2699                 [ ac_cv_libc_defines_sys_errlist="yes" ],
2700                 [ ac_cv_libc_defines_sys_errlist="no" ]
2701         )
2702 ])
2703 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2704         AC_DEFINE(HAVE_SYS_ERRLIST)
2705 fi
2706
2707
2708 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2709         AC_TRY_LINK([],
2710                 [ extern int sys_nerr; printf("%i", sys_nerr);],
2711                 [ ac_cv_libc_defines_sys_nerr="yes" ],
2712                 [ ac_cv_libc_defines_sys_nerr="no" ]
2713         )
2714 ])
2715 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2716         AC_DEFINE(HAVE_SYS_NERR)
2717 fi
2718
2719 SCARD_MSG="no"
2720 # Check whether user wants sectok support
2721 AC_ARG_WITH(sectok,
2722         [  --with-sectok           Enable smartcard support using libsectok],
2723         [
2724                 if test "x$withval" != "xno" ; then
2725                         if test "x$withval" != "xyes" ; then
2726                                 CPPFLAGS="$CPPFLAGS -I${withval}"
2727                                 LDFLAGS="$LDFLAGS -L${withval}"
2728                                 if test ! -z "$need_dash_r" ; then
2729                                         LDFLAGS="$LDFLAGS -R${withval}"
2730                                 fi
2731                                 if test ! -z "$blibpath" ; then
2732                                         blibpath="$blibpath:${withval}"
2733                                 fi
2734                         fi
2735                         AC_CHECK_HEADERS(sectok.h)
2736                         if test "$ac_cv_header_sectok_h" != yes; then
2737                                 AC_MSG_ERROR(Can't find sectok.h)
2738                         fi
2739                         AC_CHECK_LIB(sectok, sectok_open)
2740                         if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2741                                 AC_MSG_ERROR(Can't find libsectok)
2742                         fi
2743                         AC_DEFINE(SMARTCARD)
2744                         AC_DEFINE(USE_SECTOK)
2745                         SCARD_MSG="yes, using sectok"
2746                 fi
2747         ]
2748 )
2749
2750 # Check whether user wants OpenSC support
2751 OPENSC_CONFIG="no"
2752 AC_ARG_WITH(opensc,
2753         [--with-opensc[[=PFX]]       Enable smartcard support using OpenSC (optionally in PATH)],
2754         [
2755             if test "x$withval" != "xno" ; then
2756                 if test "x$withval" != "xyes" ; then
2757                         OPENSC_CONFIG=$withval/bin/opensc-config
2758                 else
2759                         AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2760                 fi
2761                 if test "$OPENSC_CONFIG" != "no"; then
2762                         LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2763                         LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2764                         CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2765                         LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2766                         AC_DEFINE(SMARTCARD)
2767                         AC_DEFINE(USE_OPENSC)
2768                         SCARD_MSG="yes, using OpenSC"
2769                 fi
2770             fi
2771         ]
2772 )
2773
2774 # Check libraries needed by DNS fingerprint support
2775 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2776         [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2777         [
2778                 # Needed by our getrrsetbyname()
2779                 AC_SEARCH_LIBS(res_query, resolv)
2780                 AC_SEARCH_LIBS(dn_expand, resolv)
2781                 AC_MSG_CHECKING(if res_query will link)
2782                 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2783                    [AC_MSG_RESULT(no)
2784                     saved_LIBS="$LIBS"
2785                     LIBS="$LIBS -lresolv"
2786                     AC_MSG_CHECKING(for res_query in -lresolv)
2787                     AC_LINK_IFELSE([
2788 #include <resolv.h>
2789 int main()
2790 {
2791         res_query (0, 0, 0, 0, 0);
2792         return 0;
2793 }
2794                         ],
2795                         [LIBS="$LIBS -lresolv"
2796                          AC_MSG_RESULT(yes)],
2797                         [LIBS="$saved_LIBS"
2798                          AC_MSG_RESULT(no)])
2799                     ])
2800                 AC_CHECK_FUNCS(_getshort _getlong)
2801                 AC_CHECK_DECLS([_getshort, _getlong], , ,
2802                     [#include <sys/types.h>
2803                     #include <arpa/nameser.h>])
2804                 AC_CHECK_MEMBER(HEADER.ad,
2805                         [AC_DEFINE(HAVE_HEADER_AD)],,
2806                         [#include <arpa/nameser.h>])
2807         ])
2808
2809 # Check whether user wants Kerberos 5 support
2810 KRB5_MSG="no"
2811 AC_ARG_WITH(kerberos5,
2812         [  --with-kerberos5=PATH   Enable Kerberos 5 support],
2813         [ if test "x$withval" != "xno" ; then
2814                 if test "x$withval" = "xyes" ; then
2815                         KRB5ROOT="/usr/local"
2816                 else
2817                         KRB5ROOT=${withval}
2818                 fi
2819
2820                 AC_DEFINE(KRB5)
2821                 KRB5_MSG="yes"
2822
2823                 AC_MSG_CHECKING(for krb5-config)
2824                 if test -x  $KRB5ROOT/bin/krb5-config ; then
2825                         KRB5CONF=$KRB5ROOT/bin/krb5-config
2826                         AC_MSG_RESULT($KRB5CONF)
2827
2828                         AC_MSG_CHECKING(for gssapi support)
2829                         if $KRB5CONF | grep gssapi >/dev/null ; then
2830                                 AC_MSG_RESULT(yes)
2831                                 AC_DEFINE(GSSAPI)
2832                                 k5confopts=gssapi
2833                         else
2834                                 AC_MSG_RESULT(no)
2835                                 k5confopts=""
2836                         fi
2837                         K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2838                         K5LIBS="`$KRB5CONF --libs $k5confopts`"
2839                         CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2840                         AC_MSG_CHECKING(whether we are using Heimdal)
2841                         AC_TRY_COMPILE([ #include <krb5.h> ],
2842                                        [ char *tmp = heimdal_version; ],
2843                                        [ AC_MSG_RESULT(yes)
2844                                          AC_DEFINE(HEIMDAL) ],
2845                                          AC_MSG_RESULT(no)
2846                         )
2847                 else
2848                         AC_MSG_RESULT(no)
2849                         CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2850                         LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2851                         AC_MSG_CHECKING(whether we are using Heimdal)
2852                         AC_TRY_COMPILE([ #include <krb5.h> ],
2853                                        [ char *tmp = heimdal_version; ],
2854                                        [ AC_MSG_RESULT(yes)
2855                                          AC_DEFINE(HEIMDAL)
2856                                          K5LIBS="-lkrb5 -ldes"
2857                                          K5LIBS="$K5LIBS -lcom_err -lasn1"
2858                                          AC_CHECK_LIB(roken, net_write,
2859                                            [K5LIBS="$K5LIBS -lroken"])
2860                                        ],
2861                                        [ AC_MSG_RESULT(no)
2862                                          K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2863                                        ]
2864                         )
2865                         AC_SEARCH_LIBS(dn_expand, resolv)
2866
2867                         AC_CHECK_LIB(gssapi,gss_init_sec_context,
2868                                 [ AC_DEFINE(GSSAPI)
2869                                   K5LIBS="-lgssapi $K5LIBS" ],
2870                                 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2871                                         [ AC_DEFINE(GSSAPI)
2872                                           K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2873                                         AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2874                                         $K5LIBS)
2875                                 ],
2876                                 $K5LIBS)
2877
2878                         AC_CHECK_HEADER(gssapi.h, ,
2879                                 [ unset ac_cv_header_gssapi_h
2880                                   CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2881                                   AC_CHECK_HEADERS(gssapi.h, ,
2882                                         AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2883                                   )
2884                                 ]
2885                         )
2886
2887                         oldCPP="$CPPFLAGS"
2888                         CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2889                         AC_CHECK_HEADER(gssapi_krb5.h, ,
2890                                         [ CPPFLAGS="$oldCPP" ])
2891
2892                         # If we're using some other GSSAPI
2893                         if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
2894                                 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support.  Use mechglue instead.])
2895                         fi
2896
2897                         if test -z "$GSSAPI"; then
2898                                 GSSAPI="KRB5";
2899                         fi
2900
2901                         oldCPP="$CPPFLAGS"
2902                         CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2903                         AC_CHECK_HEADER(gssapi_krb5.h, ,
2904                                         [ CPPFLAGS="$oldCPP" ])
2905
2906                 fi
2907                 if test ! -z "$need_dash_r" ; then
2908                         LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2909                 fi
2910                 if test ! -z "$blibpath" ; then
2911                         blibpath="$blibpath:${KRB5ROOT}/lib"
2912                 fi
2913         fi
2914
2915         AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2916         AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2917         AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2918
2919         LIBS="$LIBS $K5LIBS"
2920         AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2921         ]
2922 )
2923
2924 # Check whether user wants AFS_KRB5 support
2925 AFS_KRB5_MSG="no"
2926 AC_ARG_WITH(afs-krb5,
2927         [  --with-afs-krb5[[=AKLOG_PATH]]  Enable aklog to get token (default=/usr/bin/aklog).],
2928         [
2929                 if test "x$withval" != "xno" ; then
2930
2931                         if test "x$withval" != "xyes" ; then
2932                                 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval")
2933                         else
2934                                 AC_DEFINE_UNQUOTED(AKLOG_PATH, "/usr/bin/aklog")
2935                         fi
2936
2937                         if test -z "$KRB5ROOT" ; then
2938                                 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
2939                         fi
2940
2941                         LIBS="-lkrbafs -lkrb4 $LIBS"
2942                         if test ! -z "$AFS_LIBS" ; then
2943                                 LIBS="$LIBS $AFS_LIBS"
2944                         fi
2945                         AC_DEFINE(AFS_KRB5)
2946                         AFS_KRB5_MSG="yes"
2947                 fi
2948         ]
2949 )
2950
2951 AC_ARG_WITH(session-hooks,
2952         [  --with-session-hooks    Enable hooks for executing external commands                                       before/after a session],
2953         [ AC_DEFINE(SESSION_HOOKS) ]
2954 )
2955
2956 # Looking for programs, paths and files
2957
2958 PRIVSEP_PATH=/var/empty
2959 AC_ARG_WITH(privsep-path,
2960         [  --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2961         [
2962                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
2963                     test "x${withval}" != "xyes"; then
2964                         PRIVSEP_PATH=$withval
2965                 fi
2966         ]
2967 )
2968 AC_SUBST(PRIVSEP_PATH)
2969
2970 AC_ARG_WITH(xauth,
2971         [  --with-xauth=PATH       Specify path to xauth program ],
2972         [
2973                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
2974                     test "x${withval}" != "xyes"; then
2975                         xauth_path=$withval
2976                 fi
2977         ],
2978         [
2979                 TestPath="$PATH"
2980                 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2981                 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2982                 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2983                 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2984                 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2985                 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2986                         xauth_path="/usr/openwin/bin/xauth"
2987                 fi
2988         ]
2989 )
2990
2991 STRIP_OPT=-s
2992 AC_ARG_ENABLE(strip,
2993         [  --disable-strip         Disable calling strip(1) on install],
2994         [
2995                 if test "x$enableval" = "xno" ; then
2996                         STRIP_OPT=
2997                 fi
2998         ]
2999 )
3000 AC_SUBST(STRIP_OPT)
3001
3002 if test -z "$xauth_path" ; then
3003         XAUTH_PATH="undefined"
3004         AC_SUBST(XAUTH_PATH)
3005 else
3006         AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
3007         XAUTH_PATH=$xauth_path
3008         AC_SUBST(XAUTH_PATH)
3009 fi
3010
3011 # Check for mail directory (last resort if we cannot get it from headers)
3012 if test ! -z "$MAIL" ; then
3013         maildir=`dirname $MAIL`
3014         AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
3015 fi
3016
3017 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3018         AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3019         disable_ptmx_check=yes
3020 fi
3021 if test -z "$no_dev_ptmx" ; then
3022         if test "x$disable_ptmx_check" != "xyes" ; then
3023                 AC_CHECK_FILE("/dev/ptmx",
3024                         [
3025                                 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
3026                                 have_dev_ptmx=1
3027                         ]
3028                 )
3029         fi
3030 fi
3031
3032 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3033         AC_CHECK_FILE("/dev/ptc",
3034                 [
3035                         AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
3036                         have_dev_ptc=1
3037                 ]
3038         )
3039 else
3040         AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3041 fi
3042
3043 # Options from here on. Some of these are preset by platform above
3044 AC_ARG_WITH(mantype,
3045         [  --with-mantype=man|cat|doc  Set man page type],
3046         [
3047                 case "$withval" in
3048                 man|cat|doc)
3049                         MANTYPE=$withval
3050                         ;;
3051                 *)
3052                         AC_MSG_ERROR(invalid man type: $withval)
3053                         ;;
3054                 esac
3055         ]
3056 )
3057 if test -z "$MANTYPE"; then
3058         TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3059         AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3060         if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3061                 MANTYPE=doc
3062         elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3063                 MANTYPE=man
3064         else
3065                 MANTYPE=cat
3066         fi
3067 fi
3068 AC_SUBST(MANTYPE)
3069 if test "$MANTYPE" = "doc"; then
3070         mansubdir=man;
3071 else
3072         mansubdir=$MANTYPE;
3073 fi
3074 AC_SUBST(mansubdir)
3075
3076 # Check whether to enable MD5 passwords
3077 MD5_MSG="no"
3078 AC_ARG_WITH(md5-passwords,
3079         [  --with-md5-passwords    Enable use of MD5 passwords],
3080         [
3081                 if test "x$withval" != "xno" ; then
3082                         AC_DEFINE(HAVE_MD5_PASSWORDS)
3083                         MD5_MSG="yes"
3084                 fi
3085         ]
3086 )
3087
3088 # Whether to disable shadow password support
3089 AC_ARG_WITH(shadow,
3090         [  --without-shadow        Disable shadow password support],
3091         [
3092                 if test "x$withval" = "xno" ; then
3093                         AC_DEFINE(DISABLE_SHADOW)
3094                         disable_shadow=yes
3095                 fi
3096         ]
3097 )
3098
3099 if test -z "$disable_shadow" ; then
3100         AC_MSG_CHECKING([if the systems has expire shadow information])
3101         AC_TRY_COMPILE(
3102         [
3103 #include <sys/types.h>
3104 #include <shadow.h>
3105         struct spwd sp;
3106         ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3107         [ sp_expire_available=yes ], []
3108         )
3109
3110         if test "x$sp_expire_available" = "xyes" ; then
3111                 AC_MSG_RESULT(yes)
3112                 AC_DEFINE(HAS_SHADOW_EXPIRE)
3113         else
3114                 AC_MSG_RESULT(no)
3115         fi
3116 fi
3117
3118 # Use ip address instead of hostname in $DISPLAY
3119 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3120         DISPLAY_HACK_MSG="yes"
3121         AC_DEFINE(IPADDR_IN_DISPLAY)
3122 else
3123         DISPLAY_HACK_MSG="no"
3124         AC_ARG_WITH(ipaddr-display,
3125                 [  --with-ipaddr-display   Use ip address instead of hostname in \$DISPLAY],
3126                 [
3127                         if test "x$withval" != "xno" ; then
3128                                 AC_DEFINE(IPADDR_IN_DISPLAY)
3129                                 DISPLAY_HACK_MSG="yes"
3130                         fi
3131                 ]
3132         )
3133 fi
3134
3135 # check for /etc/default/login and use it if present.
3136 AC_ARG_ENABLE(etc-default-login,
3137         [  --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3138         [ if test "x$enableval" = "xno"; then
3139                 AC_MSG_NOTICE([/etc/default/login handling disabled])
3140                 etc_default_login=no
3141           else
3142                 etc_default_login=yes
3143           fi ],
3144         [ etc_default_login=yes ]
3145 )
3146
3147 if test "x$etc_default_login" != "xno"; then
3148         AC_CHECK_FILE("/etc/default/login",
3149             [ external_path_file=/etc/default/login ])
3150         if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3151         then
3152                 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
3153         elif test "x$external_path_file" = "x/etc/default/login"; then
3154                 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
3155         fi
3156 fi
3157
3158 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3159 if test $ac_cv_func_login_getcapbool = "yes" && \
3160         test $ac_cv_header_login_cap_h = "yes" ; then
3161         external_path_file=/etc/login.conf
3162 fi
3163
3164 # Whether to mess with the default path
3165 SERVER_PATH_MSG="(default)"
3166 AC_ARG_WITH(default-path,
3167         [  --with-default-path=    Specify default \$PATH environment for server],
3168         [
3169                 if test "x$external_path_file" = "x/etc/login.conf" ; then
3170                         AC_MSG_WARN([
3171 --with-default-path=PATH has no effect on this system.
3172 Edit /etc/login.conf instead.])
3173                 elif test "x$withval" != "xno" ; then
3174                         if test ! -z "$external_path_file" ; then
3175                                 AC_MSG_WARN([
3176 --with-default-path=PATH will only be used if PATH is not defined in
3177 $external_path_file .])
3178                         fi
3179                         user_path="$withval"
3180                         SERVER_PATH_MSG="$withval"
3181                 fi
3182         ],
3183         [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3184                 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3185         else
3186                 if test ! -z "$external_path_file" ; then
3187                         AC_MSG_WARN([
3188 If PATH is defined in $external_path_file, ensure the path to scp is included,
3189 otherwise scp will not work.])
3190                 fi
3191                 AC_TRY_RUN(
3192                         [
3193 /* find out what STDPATH is */
3194 #include <stdio.h>
3195 #ifdef HAVE_PATHS_H
3196 # include <paths.h>
3197 #endif
3198 #ifndef _PATH_STDPATH
3199 # ifdef _PATH_USERPATH  /* Irix */
3200 #  define _PATH_STDPATH _PATH_USERPATH
3201 # else
3202 #  define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3203 # endif
3204 #endif
3205 #include <sys/types.h>
3206 #include <sys/stat.h>
3207 #include <fcntl.h>
3208 #define DATA "conftest.stdpath"
3209
3210 main()
3211 {
3212         FILE *fd;
3213         int rc;
3214
3215         fd = fopen(DATA,"w");
3216         if(fd == NULL)
3217                 exit(1);
3218
3219         if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3220                 exit(1);
3221
3222         exit(0);
3223 }
3224                 ], [ user_path=`cat conftest.stdpath` ],
3225                 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3226                 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3227         )
3228 # make sure $bindir is in USER_PATH so scp will work
3229                 t_bindir=`eval echo ${bindir}`
3230                 case $t_bindir in
3231                         NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3232                 esac
3233                 case $t_bindir in
3234                         NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3235                 esac
3236                 echo $user_path | grep ":$t_bindir"  > /dev/null 2>&1
3237                 if test $? -ne 0  ; then
3238                         echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1
3239                         if test $? -ne 0  ; then
3240                                 user_path=$user_path:$t_bindir
3241                                 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3242                         fi
3243                 fi
3244         fi ]
3245 )
3246 if test "x$external_path_file" != "x/etc/login.conf" ; then
3247         AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
3248         AC_SUBST(user_path)
3249 fi
3250
3251 # Set superuser path separately to user path
3252 AC_ARG_WITH(superuser-path,
3253         [  --with-superuser-path=  Specify different path for super-user],
3254         [
3255                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3256                     test "x${withval}" != "xyes"; then
3257                         AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
3258                         superuser_path=$withval
3259                 fi
3260         ]
3261 )
3262
3263
3264 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3265 IPV4_IN6_HACK_MSG="no"
3266 AC_ARG_WITH(4in6,
3267         [  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
3268         [
3269                 if test "x$withval" != "xno" ; then
3270                         AC_MSG_RESULT(yes)
3271                         AC_DEFINE(IPV4_IN_IPV6)
3272                         IPV4_IN6_HACK_MSG="yes"
3273                 else
3274                         AC_MSG_RESULT(no)
3275                 fi
3276         ],[
3277                 if test "x$inet6_default_4in6" = "xyes"; then
3278                         AC_MSG_RESULT([yes (default)])
3279                         AC_DEFINE(IPV4_IN_IPV6)
3280                         IPV4_IN6_HACK_MSG="yes"
3281                 else
3282                         AC_MSG_RESULT([no (default)])
3283                 fi
3284         ]
3285 )
3286
3287 # Whether to enable BSD auth support
3288 BSD_AUTH_MSG=no
3289 AC_ARG_WITH(bsd-auth,
3290         [  --with-bsd-auth         Enable BSD auth support],
3291         [
3292                 if test "x$withval" != "xno" ; then
3293                         AC_DEFINE(BSD_AUTH)
3294                         BSD_AUTH_MSG=yes
3295                 fi
3296         ]
3297 )
3298
3299 # Where to place sshd.pid
3300 piddir=/var/run
3301 # make sure the directory exists
3302 if test ! -d $piddir ; then
3303         piddir=`eval echo ${sysconfdir}`
3304         case $piddir in
3305                 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3306         esac
3307 fi
3308
3309 AC_ARG_WITH(pid-dir,
3310         [  --with-pid-dir=PATH     Specify location of ssh.pid file],
3311         [
3312                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3313                     test "x${withval}" != "xyes"; then
3314                         piddir=$withval
3315                         if test ! -d $piddir ; then
3316                         AC_MSG_WARN([** no $piddir directory on this system **])
3317                         fi
3318                 fi
3319         ]
3320 )
3321
3322 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
3323 AC_SUBST(piddir)
3324
3325 dnl allow user to disable some login recording features
3326 AC_ARG_ENABLE(lastlog,
3327         [  --disable-lastlog       disable use of lastlog even if detected [no]],
3328         [
3329                 if test "x$enableval" = "xno" ; then
3330                         AC_DEFINE(DISABLE_LASTLOG)
3331                 fi
3332         ]
3333 )
3334 AC_ARG_ENABLE(utmp,
3335         [  --disable-utmp          disable use of utmp even if detected [no]],
3336         [
3337                 if test "x$enableval" = "xno" ; then
3338                         AC_DEFINE(DISABLE_UTMP)
3339                 fi
3340         ]
3341 )
3342 AC_ARG_ENABLE(utmpx,
3343         [  --disable-utmpx         disable use of utmpx even if detected [no]],
3344         [
3345                 if test "x$enableval" = "xno" ; then
3346                         AC_DEFINE(DISABLE_UTMPX)
3347                 fi
3348         ]
3349 )
3350 AC_ARG_ENABLE(wtmp,
3351         [  --disable-wtmp          disable use of wtmp even if detected [no]],
3352         [
3353                 if test "x$enableval" = "xno" ; then
3354                         AC_DEFINE(DISABLE_WTMP)
3355                 fi
3356         ]
3357 )
3358 AC_ARG_ENABLE(wtmpx,
3359         [  --disable-wtmpx         disable use of wtmpx even if detected [no]],
3360         [
3361                 if test "x$enableval" = "xno" ; then
3362                         AC_DEFINE(DISABLE_WTMPX)
3363                 fi
3364         ]
3365 )
3366 AC_ARG_ENABLE(libutil,
3367         [  --disable-libutil       disable use of libutil (login() etc.) [no]],
3368         [
3369                 if test "x$enableval" = "xno" ; then
3370                         AC_DEFINE(DISABLE_LOGIN)
3371                 fi
3372         ]
3373 )
3374 AC_ARG_ENABLE(pututline,
3375         [  --disable-pututline     disable use of pututline() etc. ([uw]tmp) [no]],
3376         [
3377                 if test "x$enableval" = "xno" ; then
3378                         AC_DEFINE(DISABLE_PUTUTLINE)
3379                 fi
3380         ]
3381 )
3382 AC_ARG_ENABLE(pututxline,
3383         [  --disable-pututxline    disable use of pututxline() etc. ([uw]tmpx) [no]],
3384         [
3385                 if test "x$enableval" = "xno" ; then
3386                         AC_DEFINE(DISABLE_PUTUTXLINE)
3387                 fi
3388         ]
3389 )
3390 AC_ARG_WITH(lastlog,
3391   [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3392         [
3393                 if test "x$withval" = "xno" ; then
3394                         AC_DEFINE(DISABLE_LASTLOG)
3395                 elif test -n "$withval"  &&  test "x${withval}" != "xyes"; then
3396                         conf_lastlog_location=$withval
3397                 fi
3398         ]
3399 )
3400
3401 dnl lastlog, [uw]tmpx? detection
3402 dnl  NOTE: set the paths in the platform section to avoid the
3403 dnl   need for command-line parameters
3404 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3405
3406 dnl lastlog detection
3407 dnl  NOTE: the code itself will detect if lastlog is a directory
3408 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3409 AC_TRY_COMPILE([
3410 #include <sys/types.h>
3411 #include <utmp.h>
3412 #ifdef HAVE_LASTLOG_H
3413 #  include <lastlog.h>
3414 #endif
3415 #ifdef HAVE_PATHS_H
3416 #  include <paths.h>
3417 #endif
3418 #ifdef HAVE_LOGIN_H
3419 # include <login.h>
3420 #endif
3421         ],
3422         [ char *lastlog = LASTLOG_FILE; ],
3423         [ AC_MSG_RESULT(yes) ],
3424         [
3425                 AC_MSG_RESULT(no)
3426                 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3427                 AC_TRY_COMPILE([
3428 #include <sys/types.h>
3429 #include <utmp.h>
3430 #ifdef HAVE_LASTLOG_H
3431 #  include <lastlog.h>
3432 #endif
3433 #ifdef HAVE_PATHS_H
3434 #  include <paths.h>
3435 #endif
3436                 ],
3437                 [ char *lastlog = _PATH_LASTLOG; ],
3438                 [ AC_MSG_RESULT(yes) ],
3439                 [
3440                         AC_MSG_RESULT(no)
3441                         system_lastlog_path=no
3442                 ])
3443         ]
3444 )
3445
3446 if test -z "$conf_lastlog_location"; then
3447         if test x"$system_lastlog_path" = x"no" ; then
3448                 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3449                                 if (test -d "$f" || test -f "$f") ; then
3450                                         conf_lastlog_location=$f
3451                                 fi
3452                 done
3453                 if test -z "$conf_lastlog_location"; then
3454                         AC_MSG_WARN([** Cannot find lastlog **])
3455                         dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3456                 fi
3457         fi
3458 fi
3459
3460 if test -n "$conf_lastlog_location"; then
3461         AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
3462 fi
3463
3464 dnl utmp detection
3465 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3466 AC_TRY_COMPILE([
3467 #include <sys/types.h>
3468 #include <utmp.h>
3469 #ifdef HAVE_PATHS_H
3470 #  include <paths.h>
3471 #endif
3472         ],
3473         [ char *utmp = UTMP_FILE; ],
3474         [ AC_MSG_RESULT(yes) ],
3475         [ AC_MSG_RESULT(no)
3476           system_utmp_path=no ]
3477 )
3478 if test -z "$conf_utmp_location"; then
3479         if test x"$system_utmp_path" = x"no" ; then
3480                 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3481                         if test -f $f ; then
3482                                 conf_utmp_location=$f
3483                         fi
3484                 done
3485                 if test -z "$conf_utmp_location"; then
3486                         AC_DEFINE(DISABLE_UTMP)
3487                 fi
3488         fi
3489 fi
3490 if test -n "$conf_utmp_location"; then
3491         AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3492 fi
3493
3494 dnl wtmp detection
3495 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3496 AC_TRY_COMPILE([
3497 #include <sys/types.h>
3498 #include <utmp.h>
3499 #ifdef HAVE_PATHS_H
3500 #  include <paths.h>
3501 #endif
3502         ],
3503         [ char *wtmp = WTMP_FILE; ],
3504         [ AC_MSG_RESULT(yes) ],
3505         [ AC_MSG_RESULT(no)
3506           system_wtmp_path=no ]
3507 )
3508 if test -z "$conf_wtmp_location"; then
3509         if test x"$system_wtmp_path" = x"no" ; then
3510                 for f in /usr/adm/wtmp /var/log/wtmp; do
3511                         if test -f $f ; then
3512                                 conf_wtmp_location=$f
3513                         fi
3514                 done
3515                 if test -z "$conf_wtmp_location"; then
3516                         AC_DEFINE(DISABLE_WTMP)
3517                 fi
3518         fi
3519 fi
3520 if test -n "$conf_wtmp_location"; then
3521         AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3522 fi
3523
3524
3525 dnl utmpx detection - I don't know any system so perverse as to require
3526 dnl  utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3527 dnl  there, though.
3528 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3529 AC_TRY_COMPILE([
3530 #include <sys/types.h>
3531 #include <utmp.h>
3532 #ifdef HAVE_UTMPX_H
3533 #include <utmpx.h>
3534 #endif
3535 #ifdef HAVE_PATHS_H
3536 #  include <paths.h>
3537 #endif
3538         ],
3539         [ char *utmpx = UTMPX_FILE; ],
3540         [ AC_MSG_RESULT(yes) ],
3541         [ AC_MSG_RESULT(no)
3542           system_utmpx_path=no ]
3543 )
3544 if test -z "$conf_utmpx_location"; then
3545         if test x"$system_utmpx_path" = x"no" ; then
3546                 AC_DEFINE(DISABLE_UTMPX)
3547         fi
3548 else
3549         AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3550 fi
3551
3552 dnl wtmpx detection
3553 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3554 AC_TRY_COMPILE([
3555 #include <sys/types.h>
3556 #include <utmp.h>
3557 #ifdef HAVE_UTMPX_H
3558 #include <utmpx.h>
3559 #endif
3560 #ifdef HAVE_PATHS_H
3561 #  include <paths.h>
3562 #endif
3563         ],
3564         [ char *wtmpx = WTMPX_FILE; ],
3565         [ AC_MSG_RESULT(yes) ],
3566         [ AC_MSG_RESULT(no)
3567           system_wtmpx_path=no ]
3568 )
3569 if test -z "$conf_wtmpx_location"; then
3570         if test x"$system_wtmpx_path" = x"no" ; then
3571                 AC_DEFINE(DISABLE_WTMPX)
3572         fi
3573 else
3574         AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3575 fi
3576
3577
3578 if test ! -z "$blibpath" ; then
3579         LDFLAGS="$LDFLAGS $blibflags$blibpath"
3580         AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3581 fi
3582
3583 dnl remove pam and dl because they are in $LIBPAM
3584 if test "$PAM_MSG" = yes ; then
3585         LIBS=`echo $LIBS | sed 's/-lpam //'`
3586 fi
3587 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3588         LIBS=`echo $LIBS | sed 's/-ldl //'`
3589 fi
3590
3591 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3592 dnl Add now.
3593 CFLAGS="$CFLAGS $werror_flags"
3594
3595 AC_EXEEXT
3596 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3597         scard/Makefile ssh_prng_cmds survey.sh])
3598 AC_OUTPUT
3599
3600 # Print summary of options
3601
3602 # Someone please show me a better way :)
3603 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3604 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3605 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3606 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3607 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3608 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3609 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3610 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3611 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3612 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3613
3614 echo ""
3615 echo "OpenSSH has been configured with the following options:"
3616 echo "                     User binaries: $B"
3617 echo "                   System binaries: $C"
3618 echo "               Configuration files: $D"
3619 echo "                   Askpass program: $E"
3620 echo "                      Manual pages: $F"
3621 echo "                          PID file: $G"
3622 echo "  Privilege separation chroot path: $H"
3623 if test "x$external_path_file" = "x/etc/login.conf" ; then
3624 echo "   At runtime, sshd will use the path defined in $external_path_file"
3625 echo "   Make sure the path to scp is present, otherwise scp will not work"
3626 else
3627 echo "            sshd default user PATH: $I"
3628         if test ! -z "$external_path_file"; then
3629 echo "   (If PATH is set in $external_path_file it will be used instead. If"
3630 echo "   used, ensure the path to scp is present, otherwise scp will not work.)"
3631         fi
3632 fi
3633 if test ! -z "$superuser_path" ; then
3634 echo "          sshd superuser user PATH: $J"
3635 fi
3636 echo "                    Manpage format: $MANTYPE"
3637 echo "                       PAM support: $PAM_MSG"
3638 echo "                 KerberosV support: $KRB5_MSG"
3639 echo "                 Smartcard support: $SCARD_MSG"
3640 echo "                     S/KEY support: $SKEY_MSG"
3641 echo "              TCP Wrappers support: $TCPW_MSG"
3642 echo "              MD5 password support: $MD5_MSG"
3643 echo "                   libedit support: $LIBEDIT_MSG"
3644 echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3645 echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3646 echo "                  BSD Auth support: $BSD_AUTH_MSG"
3647 echo "              Random number source: $RAND_MSG"
3648 if test ! -z "$USE_RAND_HELPER" ; then
3649 echo "     ssh-rand-helper collects from: $RAND_HELPER_MSG"
3650 fi
3651
3652 echo ""
3653
3654 echo "              Host: ${host}"
3655 echo "          Compiler: ${CC}"
3656 echo "    Compiler flags: ${CFLAGS}"
3657 echo "Preprocessor flags: ${CPPFLAGS}"
3658 echo "      Linker flags: ${LDFLAGS}"
3659 echo "         Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3660
3661 echo ""
3662
3663 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3664         echo "SVR4 style packages are supported with \"make package\""
3665         echo ""
3666 fi
3667
3668 if test "x$PAM_MSG" = "xyes" ; then
3669         echo "PAM is enabled. You may need to install a PAM control file "
3670         echo "for sshd, otherwise password authentication may fail. "
3671         echo "Example PAM control files can be found in the contrib/ "
3672         echo "subdirectory"
3673         echo ""
3674 fi
3675
3676 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3677         echo "WARNING: you are using the builtin random number collection "
3678         echo "service. Please read WARNING.RNG and request that your OS "
3679         echo "vendor includes kernel-based random number collection in "
3680         echo "future versions of your OS."
3681         echo ""
3682 fi
3683
3684 if test ! -z "$NO_PEERCHECK" ; then
3685         echo "WARNING: the operating system that you are using does not "
3686         echo "appear to support either the getpeereid() API nor the "
3687         echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3688         echo "enforce security checks to prevent unauthorised connections to "
3689         echo "ssh-agent. Their absence increases the risk that a malicious "
3690         echo "user can connect to your agent. "
3691         echo ""
3692 fi
3693
3694 if test "$AUDIT_MODULE" = "bsm" ; then
3695         echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3696         echo "See the Solaris section in README.platform for details."
3697 fi
This page took 0.419007 seconds and 5 git commands to generate.