]> andersk Git - openssh.git/blame - configure.ac
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- dtucker@cvs.openbsd.org 2007/12/28 15:32:24
[openssh.git] / configure.ac
CommitLineData
eb5d7ff6 1# $Id$
2b983b95 2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
0b202697 16
76e6410a 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
823221b2 18AC_REVISION($Revision$)
98a7c37b 19AC_CONFIG_SRCDIR([ssh.c])
5881cd60 20
21AC_CONFIG_HEADER(config.h)
b14b2ae7 22AC_PROG_CC
a7effaac 23AC_CANONICAL_HOST
cf0c5df5 24AC_C_BIGENDIAN
5881cd60 25
a0391976 26# Checks for programs.
4bbf95fa 27AC_PROG_AWK
4cca272e 28AC_PROG_CPP
5881cd60 29AC_PROG_RANLIB
cf8dd513 30AC_PROG_INSTALL
c9ecc3c7 31AC_PROG_EGREP
bee0a37e 32AC_PATH_PROG(AR, ar)
ddd8c95b 33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
13dd877b 35AC_PATH_PROGS(PERL, perl5 perl)
c3690df3 36AC_PATH_PROG(SED, sed)
a0f84251 37AC_SUBST(PERL)
ad85db64 38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
6958bd37 40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
6193497b 43AC_PATH_PROG(SH, sh)
a3245b92 44AC_SUBST(TEST_SHELL,sh)
f498ed15 45
9cefe228 46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
eeb27c78 52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
9cefe228 57
948fd8b9 58# System features
59AC_SYS_LARGEFILE
60
c193d002 61if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
2e73a022 65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
3466e002 67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
2e73a022 70else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76fi
77
37656beb 78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
3466e002 80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
37656beb 82fi
83
d423d822 84if test -z "$LD" ; then
85 LD=$CC
86fi
87AC_SUBST(LD)
82f4e93d 88
d423d822 89AC_C_INLINE
dfafb2e1 90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
aff51935 93if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
af40ca44 94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
eeee8237 95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
5fdabf45 96 case $GCC_VER in
0b9fdeb8 97 1.*) no_attrib_nonnull=1 ;;
98 2.8* | 2.9*)
99 CFLAGS="$CFLAGS -Wsign-compare"
100 no_attrib_nonnull=1
101 ;;
102 2.*) no_attrib_nonnull=1 ;;
dbf07ba2 103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
cd595991 104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 *) ;;
5fdabf45 106 esac
8a3ff1aa 107
eb5a7224 108 AC_MSG_CHECKING(if $GCC understands -fstack-protector-all)
109 saved_CFLAGS="$CFLAGS"
110 CFLAGS="$CFLAGS -fstack-protector-all"
111 AC_TRY_COMPILE([], [ int main(void){return 0;} ],
112 [ AC_MSG_RESULT(yes) ],
113 [ AC_MSG_RESULT(no)
114 CFLAGS="$saved_CFLAGS" ]
115 )
116
dfafb2e1 117 if test -z "$have_llong_max"; then
118 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
119 unset ac_cv_have_decl_LLONG_MAX
120 saved_CFLAGS="$CFLAGS"
121 CFLAGS="$CFLAGS -std=gnu99"
122 AC_CHECK_DECL(LLONG_MAX,
123 [have_llong_max=1],
124 [CFLAGS="$saved_CFLAGS"],
125 [#include <limits.h>]
126 )
127 fi
d423d822 128fi
129
0b9fdeb8 130if test "x$no_attrib_nonnull" != "x1" ; then
131 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
132fi
133
e6354014 134AC_ARG_WITH(rpath,
135 [ --without-rpath Disable auto-added -R linker paths],
136 [
82f4e93d 137 if test "x$withval" = "xno" ; then
e6354014 138 need_dash_r=""
139 fi
140 if test "x$withval" = "xyes" ; then
141 need_dash_r=1
142 fi
143 ]
144)
145
aa56f760 146# Allow user to specify flags
147AC_ARG_WITH(cflags,
148 [ --with-cflags Specify additional flags to pass to compiler],
149 [
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CFLAGS="$CFLAGS $withval"
153 fi
154 ]
155)
156AC_ARG_WITH(cppflags,
157 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
158 [
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 CPPFLAGS="$CPPFLAGS $withval"
162 fi
163 ]
164)
165AC_ARG_WITH(ldflags,
166 [ --with-ldflags Specify additional flags to pass to linker],
167 [
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LDFLAGS="$LDFLAGS $withval"
171 fi
172 ]
173)
174AC_ARG_WITH(libs,
175 [ --with-libs Specify additional libraries to link with],
176 [
177 if test -n "$withval" && test "x$withval" != "xno" && \
178 test "x${withval}" != "xyes"; then
179 LIBS="$LIBS $withval"
180 fi
181 ]
182)
183AC_ARG_WITH(Werror,
184 [ --with-Werror Build main code with -Werror],
185 [
186 if test -n "$withval" && test "x$withval" != "xno"; then
187 werror_flags="-Werror"
188 if test "x${withval}" != "xyes"; then
189 werror_flags="$withval"
190 fi
191 fi
192 ]
193)
194
195AC_CHECK_HEADERS( \
196 bstring.h \
197 crypt.h \
198 crypto/sha2.h \
199 dirent.h \
200 endian.h \
201 features.h \
202 fcntl.h \
203 floatingpoint.h \
204 getopt.h \
205 glob.h \
206 ia.h \
207 iaf.h \
208 limits.h \
209 login.h \
210 maillock.h \
211 ndir.h \
212 net/if_tun.h \
213 netdb.h \
214 netgroup.h \
215 pam/pam_appl.h \
216 paths.h \
6d39a5c4 217 poll.h \
aa56f760 218 pty.h \
219 readpassphrase.h \
220 rpc/types.h \
221 security/pam_appl.h \
222 sha2.h \
223 shadow.h \
224 stddef.h \
225 stdint.h \
226 string.h \
227 strings.h \
228 sys/audit.h \
229 sys/bitypes.h \
230 sys/bsdtty.h \
231 sys/cdefs.h \
232 sys/dir.h \
233 sys/mman.h \
234 sys/ndir.h \
8aa5db7d 235 sys/poll.h \
aa56f760 236 sys/prctl.h \
237 sys/pstat.h \
238 sys/select.h \
239 sys/stat.h \
240 sys/stream.h \
241 sys/stropts.h \
242 sys/strtio.h \
243 sys/sysmacros.h \
244 sys/time.h \
245 sys/timers.h \
246 sys/un.h \
247 time.h \
248 tmpdir.h \
249 ttyent.h \
40701614 250 ucred.h \
aa56f760 251 unistd.h \
252 usersec.h \
253 util.h \
254 utime.h \
255 utmp.h \
256 utmpx.h \
257 vis.h \
258)
259
260# lastlog.h requires sys/time.h to be included first on Solaris
261AC_CHECK_HEADERS(lastlog.h, [], [], [
262#ifdef HAVE_SYS_TIME_H
263# include <sys/time.h>
264#endif
265])
266
267# sys/ptms.h requires sys/stream.h to be included first on Solaris
268AC_CHECK_HEADERS(sys/ptms.h, [], [], [
269#ifdef HAVE_SYS_STREAM_H
270# include <sys/stream.h>
271#endif
272])
273
274# login_cap.h requires sys/types.h on NetBSD
275AC_CHECK_HEADERS(login_cap.h, [], [], [
276#include <sys/types.h>
277])
278
5b84789f 279# Messages for features tested for in target-specific section
280SIA_MSG="no"
281SPC_MSG="no"
282
a0391976 283# Check for some target-specific stuff
a7effaac 284case "$host" in
9d6b1b96 285*-*-aix*)
25a2779b 286 # Some versions of VAC won't allow macro redefinitions at
287 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
288 # particularly with older versions of vac or xlc.
289 # It also throws errors about null macro argments, but these are
290 # not fatal.
291 AC_MSG_CHECKING(if compiler allows macro redefinitions)
292 AC_COMPILE_IFELSE(
293 [AC_LANG_SOURCE([[
294#define testmacro foo
295#define testmacro bar
296int main(void) { exit(0); }
297 ]])],
298 [ AC_MSG_RESULT(yes) ],
299 [ AC_MSG_RESULT(no)
300 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
301 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
302 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
303 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
304 ]
305 )
306
aff51935 307 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
68ece370 308 if (test -z "$blibpath"); then
0a15d73b 309 blibpath="/usr/lib:/lib"
68ece370 310 fi
311 saved_LDFLAGS="$LDFLAGS"
e7479666 312 if test "$GCC" = "yes"; then
313 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
314 else
315 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
316 fi
317 for tryflags in $flags ;do
68ece370 318 if (test -z "$blibflags"); then
319 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
320 AC_TRY_LINK([], [], [blibflags=$tryflags])
321 fi
322 done
323 if (test -z "$blibflags"); then
324 AC_MSG_RESULT(not found)
325 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
326 else
327 AC_MSG_RESULT($blibflags)
bd499f9e 328 fi
68ece370 329 LDFLAGS="$saved_LDFLAGS"
e351e493 330 dnl Check for authenticate. Might be in libs.a on older AIXes
3466e002 331 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
332 [Define if you want to enable AIX4's authenticate function])],
0764e748 333 [AC_CHECK_LIB(s,authenticate,
e351e493 334 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
0764e748 335 LIBS="$LIBS -ls"
336 ])
337 ])
ba603e06 338 dnl Check for various auth function declarations in headers.
c85ed8e2 339 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
72ad335d 340 passwdexpired, setauthdb], , , [#include <usersec.h>])
e351e493 341 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
ba603e06 342 AC_CHECK_DECLS(loginfailed,
e351e493 343 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
344 AC_TRY_COMPILE(
f58c0e01 345 [#include <usersec.h>],
e351e493 346 [(void)loginfailed("user","host","tty",0);],
347 [AC_MSG_RESULT(yes)
3466e002 348 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
349 [Define if your AIX loginfailed() function
350 takes 4 arguments (AIX >= 5.2)])],
f58c0e01 351 [AC_MSG_RESULT(no)]
e351e493 352 )],
353 [],
354 [#include <usersec.h>]
355 )
2aa3a16c 356 AC_CHECK_FUNCS(setauthdb)
53c337ed 357 AC_CHECK_DECL(F_CLOSEM,
795e7517 358 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
53c337ed 359 [],
360 [ #include <limits.h>
361 #include <fcntl.h> ]
362 )
5ccf88cb 363 check_for_aix_broken_getaddrinfo=1
3466e002 364 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
365 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
366 [Define if your platform breaks doing a seteuid before a setuid])
367 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
368 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
a3cef3ca 369 dnl AIX handles lastlog as part of its login message
3466e002 370 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
371 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
372 [Some systems need a utmpx entry for /bin/login to work])
373 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
374 [Define to a Set Process Title type if your system is
375 supported by bsd-setproctitle.c])
961c2997 376 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
377 [AIX 5.2 and 5.3 (and presumably newer) require this])
ea8c44d9 378 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
9d6b1b96 379 ;;
3c62e7eb 380*-*-cygwin*)
a52997bd 381 check_for_libcrypt_later=1
04765d02 382 LIBS="$LIBS /usr/lib/textreadmode.o"
3466e002 383 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
384 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
385 AC_DEFINE(DISABLE_SHADOW, 1,
386 [Define if you want to disable shadow passwords])
387 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
388 [Define if your system choked on IP TOS setting])
389 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
390 [Define if X11 doesn't support AF_UNIX sockets on that system])
391 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
392 [Define if the concept of ports only accessible to
393 superusers isn't known])
394 AC_DEFINE(DISABLE_FD_PASSING, 1,
395 [Define if your platform needs to skip post auth
396 file descriptor passing])
3c62e7eb 397 ;;
d6fdb079 398*-*-dgux*)
399 AC_DEFINE(IP_TOS_IS_BROKEN)
0c6a72a5 400 AC_DEFINE(SETEUID_BREAKS_SETUID)
401 AC_DEFINE(BROKEN_SETREUID)
402 AC_DEFINE(BROKEN_SETREGID)
d6fdb079 403 ;;
39c98ef7 404*-*-darwin*)
33e2e066 405 AC_MSG_CHECKING(if we have working getaddrinfo)
406 AC_TRY_RUN([#include <mach-o/dyld.h>
407main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
408 exit(0);
409 else
410 exit(1);
411}], [AC_MSG_RESULT(working)],
412 [AC_MSG_RESULT(buggy)
3466e002 413 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
b27e573d 414 [AC_MSG_RESULT(assume it is working)])
635e0c42 415 AC_DEFINE(SETEUID_BREAKS_SETUID)
416 AC_DEFINE(BROKEN_SETREUID)
417 AC_DEFINE(BROKEN_SETREGID)
3466e002 418 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
419 [Define if your resolver libs need this for getrrsetbyname])
e02505e2 420 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
421 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
422 [Use tunnel device compatibility to OpenBSD])
423 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
424 [Prepend the address family to IP tunnel traffic])
39c98ef7 425 ;;
36f36ba3 426*-*-dragonfly*)
427 SSHDLIBS="$SSHDLIBS -lcrypt"
428 ;;
7d458c86 429*-*-hpux*)
430 # first we define all of the options common to all HP-UX releases
b8fea62d 431 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
44839801 432 IPADDR_IN_DISPLAY=yes
2b10f47a 433 AC_DEFINE(USE_PIPES)
3466e002 434 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
435 [Define if your login program cannot handle end of options ("--")])
a2572aa7 436 AC_DEFINE(LOGIN_NEEDS_UTMPX)
3466e002 437 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
438 [String used in /etc/passwd to denote locked account])
3a2b2b44 439 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
83f987c3 440 MAIL="/var/mail/username"
f75ca46d 441 LIBS="$LIBS -lsec"
7d458c86 442 AC_CHECK_LIB(xnet, t_error, ,
443 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
444
445 # next, we define all of the options specific to major releases
446 case "$host" in
447 *-*-hpux10*)
448 if test -z "$GCC"; then
449 CFLAGS="$CFLAGS -Ae"
450 fi
451 ;;
452 *-*-hpux11*)
3466e002 453 AC_DEFINE(PAM_SUN_CODEBASE, 1,
454 [Define if you are using Solaris-derived PAM which
455 passes pam_messages to the conversation function
456 with an extra level of indirection])
457 AC_DEFINE(DISABLE_UTMP, 1,
458 [Define if you don't want to use utmp])
7d458c86 459 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
460 check_for_hpux_broken_getaddrinfo=1
461 check_for_conflicting_getspnam=1
462 ;;
463 esac
464
465 # lastly, we define options specific to minor releases
466 case "$host" in
467 *-*-hpux10.26)
3466e002 468 AC_DEFINE(HAVE_SECUREWARE, 1,
469 [Define if you have SecureWare-based
470 protected password database])
7d458c86 471 disable_ptmx_check=yes
472 LIBS="$LIBS -lsecpw"
473 ;;
474 esac
2b763e31 475 ;;
d94aa2ae 476*-*-irix5*)
6ac7829a 477 PATH="$PATH:/usr/etc"
3466e002 478 AC_DEFINE(BROKEN_INET_NTOA, 1,
479 [Define if you system's inet_ntoa is busted
480 (e.g. Irix gcc issue)])
cb433561 481 AC_DEFINE(SETEUID_BREAKS_SETUID)
482 AC_DEFINE(BROKEN_SETREUID)
483 AC_DEFINE(BROKEN_SETREGID)
3466e002 484 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
485 [Define if you shouldn't strip 'tty' from your
486 ttyname in [uw]tmp])
3e6e3da0 487 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
b9795b89 488 ;;
489*-*-irix6*)
6ac7829a 490 PATH="$PATH:/usr/etc"
3466e002 491 AC_DEFINE(WITH_IRIX_ARRAY, 1,
492 [Define if you have/want arrays
493 (cluster-wide session managment, not C arrays)])
494 AC_DEFINE(WITH_IRIX_PROJECT, 1,
495 [Define if you want IRIX project management])
496 AC_DEFINE(WITH_IRIX_AUDIT, 1,
497 [Define if you want IRIX audit trails])
498 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
499 [Define if you want IRIX kernel jobs])])
416ed5a7 500 AC_DEFINE(BROKEN_INET_NTOA)
412c0eaa 501 AC_DEFINE(SETEUID_BREAKS_SETUID)
502 AC_DEFINE(BROKEN_SETREUID)
503 AC_DEFINE(BROKEN_SETREGID)
3466e002 504 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
0e8f4eba 505 AC_DEFINE(WITH_ABBREV_NO_TTY)
3e6e3da0 506 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
d94aa2ae 507 ;;
5cdfe03f 508*-*-linux*)
509 no_dev_ptmx=1
717057b6 510 check_for_libcrypt_later=1
eacb954e 511 check_for_openpty_ctty_bug=1
3466e002 512 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
513 AC_DEFINE(PAM_TTY_KLUDGE, 1,
514 [Work around problematic Linux PAM modules handling of PAM_TTY])
515 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
516 [String used in /etc/passwd to denote locked account])
3a2b2b44 517 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
3466e002 518 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
519 [Define to whatever link() returns for "not supported"
520 if it doesn't return EOPNOTSUPP.])
b6610e8f 521 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
3466e002 522 AC_DEFINE(USE_BTMP)
80faa19f 523 inet6_default_4in6=yes
bf7c1e6c 524 case `uname -r` in
ad84c479 525 1.*|2.0.*)
3466e002 526 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
527 [Define if cmsg_type is not passed correctly])
bf7c1e6c 528 ;;
bf7c1e6c 529 esac
c40f09ca 530 # tun(4) forwarding compat code
d91775e1 531 AC_CHECK_HEADERS(linux/if_tun.h)
b5081213 532 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
c40f09ca 533 AC_DEFINE(SSH_TUN_LINUX, 1,
534 [Open tunnel devices the Linux tun/tap way])
535 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
536 [Use tunnel device compatibility to OpenBSD])
537 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
538 [Prepend the address family to IP tunnel traffic])
539 fi
5cdfe03f 540 ;;
66d6c27e 541mips-sony-bsd|mips-sony-newsos4)
4b2cf3f1 542 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
66d6c27e 543 SONY=1
66d6c27e 544 ;;
d468fc76 545*-*-netbsd*)
33e2e066 546 check_for_libcrypt_before=1
82f4e93d 547 if test "x$withval" != "xno" ; then
e6354014 548 need_dash_r=1
549 fi
0f6cb079 550 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
551 AC_CHECK_HEADER([net/if_tap.h], ,
552 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
553 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
554 [Prepend the address family to IP tunnel traffic])
d468fc76 555 ;;
86b416a7 556*-*-freebsd*)
557 check_for_libcrypt_later=1
988c5031 558 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
0f6cb079 559 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
560 AC_CHECK_HEADER([net/if_tap.h], ,
561 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
86b416a7 562 ;;
8707b7eb 563*-*-bsdi*)
564 AC_DEFINE(SETEUID_BREAKS_SETUID)
565 AC_DEFINE(BROKEN_SETREUID)
566 AC_DEFINE(BROKEN_SETREGID)
567 ;;
729bfe59 568*-next-*)
729bfe59 569 conf_lastlog_location="/usr/adm/lastlog"
698d107e 570 conf_utmp_location=/etc/utmp
571 conf_wtmp_location=/usr/adm/wtmp
572 MAIL=/usr/spool/mail
3466e002 573 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
443172c4 574 AC_DEFINE(BROKEN_REALPATH)
00937921 575 AC_DEFINE(USE_PIPES)
3466e002 576 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
729bfe59 577 ;;
5b7b5e23 578*-*-openbsd*)
579 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
8034a348 580 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
0f6cb079 581 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
c79c4814 582 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
583 [syslog_r function is safe to use in in a signal handler])
5b7b5e23 584 ;;
9d6b1b96 585*-*-solaris*)
82f4e93d 586 if test "x$withval" != "xno" ; then
010e9d5b 587 need_dash_r=1
588 fi
adeebd37 589 AC_DEFINE(PAM_SUN_CODEBASE)
7e2d5fa4 590 AC_DEFINE(LOGIN_NEEDS_UTMPX)
3466e002 591 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
592 [Some versions of /bin/login need the TERM supplied
593 on the commandline])
7f0a4ff1 594 AC_DEFINE(PAM_TTY_KLUDGE)
3466e002 595 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
596 [Define if pam_chauthtok wants real uid set
597 to the unpriv'ed user])
3e6e3da0 598 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
ad84c479 599 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
3466e002 600 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
601 [Define if sshd somehow reacquires a controlling TTY
602 after setsid()])
795aa5f5 603 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
604 in case the name is longer than 8 chars])
95b99395 605 external_path_file=/etc/default/login
1d7b9b20 606 # hardwire lastlog location (can't detect it on some versions)
607 conf_lastlog_location="/var/adm/lastlog"
32c80420 608 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
609 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
610 if test "$sol2ver" -ge 8; then
611 AC_MSG_RESULT(yes)
612 AC_DEFINE(DISABLE_UTMP)
3466e002 613 AC_DEFINE(DISABLE_WTMP, 1,
614 [Define if you don't want to use wtmp])
32c80420 615 else
616 AC_MSG_RESULT(no)
617 fi
5b84789f 618 AC_ARG_WITH(solaris-contracts,
619 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
620 [
621 AC_CHECK_LIB(contract, ct_tmpl_activate,
622 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
623 [Define if you have Solaris process contracts])
624 SSHDLIBS="$SSHDLIBS -lcontract"
625 AC_SUBST(SSHDLIBS)
626 SPC_MSG="yes" ], )
627 ],
628 )
9d6b1b96 629 ;;
a423beaf 630*-*-sunos4*)
0c2fb82f 631 CPPFLAGS="$CPPFLAGS -DSUNOS4"
a423beaf 632 AC_CHECK_FUNCS(getpwanam)
adeebd37 633 AC_DEFINE(PAM_SUN_CODEBASE)
32eec038 634 conf_utmp_location=/etc/utmp
635 conf_wtmp_location=/var/adm/wtmp
636 conf_lastlog_location=/var/adm/lastlog
137d7b6c 637 AC_DEFINE(USE_PIPES)
a423beaf 638 ;;
6f68f28a 639*-ncr-sysv*)
98a7c37b 640 LIBS="$LIBS -lc89"
29525240 641 AC_DEFINE(USE_PIPES)
eabb99c6 642 AC_DEFINE(SSHD_ACQUIRES_CTTY)
6fb3618d 643 AC_DEFINE(SETEUID_BREAKS_SETUID)
644 AC_DEFINE(BROKEN_SETREUID)
645 AC_DEFINE(BROKEN_SETREGID)
6f68f28a 646 ;;
132dd316 647*-sni-sysv*)
c8c15bcb 648 # /usr/ucblib MUST NOT be searched on ReliantUNIX
e2798e96 649 AC_CHECK_LIB(dl, dlsym, ,)
d08db6d1 650 # -lresolv needs to be at the end of LIBS or DNS lookups break
651 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
9548d6c8 652 IPADDR_IN_DISPLAY=yes
653 AC_DEFINE(USE_PIPES)
132dd316 654 AC_DEFINE(IP_TOS_IS_BROKEN)
605369bb 655 AC_DEFINE(SETEUID_BREAKS_SETUID)
656 AC_DEFINE(BROKEN_SETREUID)
657 AC_DEFINE(BROKEN_SETREGID)
eabb99c6 658 AC_DEFINE(SSHD_ACQUIRES_CTTY)
95b99395 659 external_path_file=/etc/default/login
c8c15bcb 660 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
661 # Attention: always take care to bind libsocket and libnsl before libc,
662 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
132dd316 663 ;;
79a7ba96 664# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
77bb0bca 665*-*-sysv4.2*)
ed6553e2 666 AC_DEFINE(USE_PIPES)
7ed101c0 667 AC_DEFINE(SETEUID_BREAKS_SETUID)
668 AC_DEFINE(BROKEN_SETREUID)
669 AC_DEFINE(BROKEN_SETREGID)
46f853b9 670 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
e45da4d6 671 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
77bb0bca 672 ;;
79a7ba96 673# UnixWare 7.x, OpenUNIX 8
77bb0bca 674*-*-sysv5*)
d7d2cc6e 675 check_for_libcrypt_later=1
676 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
ed6553e2 677 AC_DEFINE(USE_PIPES)
7ed101c0 678 AC_DEFINE(SETEUID_BREAKS_SETUID)
679 AC_DEFINE(BROKEN_SETREUID)
680 AC_DEFINE(BROKEN_SETREGID)
3466e002 681 AC_DEFINE(PASSWD_NEEDS_USERNAME)
822015dd 682 case "$host" in
683 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
684 TEST_SHELL=/u95/bin/sh
3466e002 685 AC_DEFINE(BROKEN_LIBIAF, 1,
686 [ia_uinfo routines not supported by OS yet])
5cc6ddad 687 AC_DEFINE(BROKEN_UPDWTMPX)
822015dd 688 ;;
e45da4d6 689 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
690 ;;
822015dd 691 esac
77bb0bca 692 ;;
9d6b1b96 693*-*-sysv*)
9d6b1b96 694 ;;
79a7ba96 695# SCO UNIX and OEM versions of SCO UNIX
77bb0bca 696*-*-sco3.2v4*)
11cf4f1f 697 AC_MSG_ERROR("This Platform is no longer supported.")
77bb0bca 698 ;;
79a7ba96 699# SCO OpenServer 5.x
77bb0bca 700*-*-sco3.2v5*)
21710e39 701 if test -z "$GCC"; then
702 CFLAGS="$CFLAGS -belf"
703 fi
ed6553e2 704 LIBS="$LIBS -lprot -lx -ltinfo -lm"
509b1f88 705 no_dev_ptmx=1
ed6553e2 706 AC_DEFINE(USE_PIPES)
6e879cb4 707 AC_DEFINE(HAVE_SECUREWARE)
d287c664 708 AC_DEFINE(DISABLE_SHADOW)
94d8258b 709 AC_DEFINE(DISABLE_FD_PASSING)
7ed101c0 710 AC_DEFINE(SETEUID_BREAKS_SETUID)
711 AC_DEFINE(BROKEN_SETREUID)
712 AC_DEFINE(BROKEN_SETREGID)
bcebad47 713 AC_DEFINE(WITH_ABBREV_NO_TTY)
34f2baf0 714 AC_DEFINE(BROKEN_UPDWTMPX)
3466e002 715 AC_DEFINE(PASSWD_NEEDS_USERNAME)
aca75d94 716 AC_CHECK_FUNCS(getluid setluid)
533875af 717 MANTYPE=man
a3245b92 718 TEST_SHELL=ksh
509b1f88 719 ;;
ccbb983c 720*-*-unicosmk*)
3466e002 721 AC_DEFINE(NO_SSH_LASTLOG, 1,
722 [Define if you don't want to use lastlog in session.c])
c1ad5966 723 AC_DEFINE(SETEUID_BREAKS_SETUID)
724 AC_DEFINE(BROKEN_SETREUID)
725 AC_DEFINE(BROKEN_SETREGID)
ccbb983c 726 AC_DEFINE(USE_PIPES)
727 AC_DEFINE(DISABLE_FD_PASSING)
728 LDFLAGS="$LDFLAGS"
729 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
730 MANTYPE=cat
d262b7f2 731 ;;
7b9a8c6e 732*-*-unicosmp*)
c1ad5966 733 AC_DEFINE(SETEUID_BREAKS_SETUID)
734 AC_DEFINE(BROKEN_SETREUID)
735 AC_DEFINE(BROKEN_SETREGID)
7b9a8c6e 736 AC_DEFINE(WITH_ABBREV_NO_TTY)
737 AC_DEFINE(USE_PIPES)
738 AC_DEFINE(DISABLE_FD_PASSING)
739 LDFLAGS="$LDFLAGS"
c1ad5966 740 LIBS="$LIBS -lgen -lacid -ldb"
7b9a8c6e 741 MANTYPE=cat
742 ;;
ca5c7d6a 743*-*-unicos*)
c1ad5966 744 AC_DEFINE(SETEUID_BREAKS_SETUID)
745 AC_DEFINE(BROKEN_SETREUID)
746 AC_DEFINE(BROKEN_SETREGID)
ca5c7d6a 747 AC_DEFINE(USE_PIPES)
94d8258b 748 AC_DEFINE(DISABLE_FD_PASSING)
ef51930f 749 AC_DEFINE(NO_SSH_LASTLOG)
ccbb983c 750 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
751 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
752 MANTYPE=cat
a704dd54 753 ;;
4d33e531 754*-dec-osf*)
99c8ddac 755 AC_MSG_CHECKING(for Digital Unix SIA)
756 no_osfsia=""
757 AC_ARG_WITH(osfsia,
758 [ --with-osfsia Enable Digital Unix SIA],
759 [
760 if test "x$withval" = "xno" ; then
761 AC_MSG_RESULT(disabled)
762 no_osfsia=1
763 fi
764 ],
765 )
766 if test -z "$no_osfsia" ; then
4d33e531 767 if test -f /etc/sia/matrix.conf; then
768 AC_MSG_RESULT(yes)
3466e002 769 AC_DEFINE(HAVE_OSF_SIA, 1,
770 [Define if you have Digital Unix Security
771 Integration Architecture])
772 AC_DEFINE(DISABLE_LOGIN, 1,
773 [Define if you don't want to use your
774 system's login() call])
58d0df4e 775 AC_DEFINE(DISABLE_FD_PASSING)
4d33e531 776 LIBS="$LIBS -lsecurity -ldb -lm -laud"
5b84789f 777 SIA_MSG="yes"
4d33e531 778 else
779 AC_MSG_RESULT(no)
3466e002 780 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
781 [String used in /etc/passwd to denote locked account])
4d33e531 782 fi
783 fi
a6e67b60 784 AC_DEFINE(BROKEN_GETADDRINFO)
f4f2ff4f 785 AC_DEFINE(SETEUID_BREAKS_SETUID)
08da2d08 786 AC_DEFINE(BROKEN_SETREUID)
787 AC_DEFINE(BROKEN_SETREGID)
4d33e531 788 ;;
41cb4569 789
9c54c067 790*-*-nto-qnx*)
41cb4569 791 AC_DEFINE(USE_PIPES)
792 AC_DEFINE(NO_X11_UNIX_SOCKETS)
3466e002 793 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
794 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
795 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
9c54c067 796 AC_DEFINE(DISABLE_LASTLOG)
49c64dd6 797 AC_DEFINE(SSHD_ACQUIRES_CTTY)
86996ebe 798 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
0c7e8877 799 enable_etc_default_login=no # has incompatible /etc/default/login
575ee4c4 800 case "$host" in
801 *-*-nto-qnx6*)
802 AC_DEFINE(DISABLE_FD_PASSING)
803 ;;
804 esac
41cb4569 805 ;;
35fc74ed 806
807*-*-ultrix*)
3466e002 808 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
809 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
4b2cf3f1 810 AC_DEFINE(NEED_SETPGRP)
b5765e1d 811 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
812 ;;
157b6700 813
814*-*-lynxos)
815 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
3466e002 816 AC_DEFINE(MISSING_HOWMANY)
157b6700 817 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
818 ;;
a7effaac 819esac
820
c5829391 821AC_MSG_CHECKING(compiler and flags for sanity)
479cece8 822AC_RUN_IFELSE(
823 [AC_LANG_SOURCE([
c5829391 824#include <stdio.h>
825int main(){exit(0);}
479cece8 826 ])],
c5829391 827 [ AC_MSG_RESULT(yes) ],
828 [
829 AC_MSG_RESULT(no)
830 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1a01a50c 831 ],
832 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
c5829391 833)
834
b04a9f8c 835dnl Checks for header files.
a0391976 836# Checks for libraries.
98a7c37b 837AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
838AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
2c523de9 839
446227d6 840dnl IRIX and Solaris 2.5.1 have dirname() in libgen
841AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
842 AC_CHECK_LIB(gen, dirname,[
843 AC_CACHE_CHECK([for broken dirname],
844 ac_cv_have_broken_dirname, [
845 save_LIBS="$LIBS"
846 LIBS="$LIBS -lgen"
b0e7249f 847 AC_RUN_IFELSE(
848 [AC_LANG_SOURCE([[
446227d6 849#include <libgen.h>
850#include <string.h>
851
852int main(int argc, char **argv) {
853 char *s, buf[32];
854
855 strncpy(buf,"/etc", 32);
856 s = dirname(buf);
857 if (!s || strncmp(s, "/", 32) != 0) {
858 exit(1);
859 } else {
860 exit(0);
861 }
862}
b0e7249f 863 ]])],
864 [ ac_cv_have_broken_dirname="no" ],
865 [ ac_cv_have_broken_dirname="yes" ],
446227d6 866 [ ac_cv_have_broken_dirname="no" ],
446227d6 867 )
868 LIBS="$save_LIBS"
869 ])
870 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
871 LIBS="$LIBS -lgen"
872 AC_DEFINE(HAVE_DIRNAME)
873 AC_CHECK_HEADERS(libgen.h)
874 fi
875 ])
876])
877
878AC_CHECK_FUNC(getspnam, ,
879 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
3466e002 880AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
881 [Define if you have the basename function.]))
446227d6 882
98a7c37b 883dnl zlib is required
884AC_ARG_WITH(zlib,
885 [ --with-zlib=PATH Use zlib in PATH],
6dd05556 886 [ if test "x$withval" = "xno" ; then
887 AC_MSG_ERROR([*** zlib is required ***])
888 elif test "x$withval" != "xyes"; then
98a7c37b 889 if test -d "$withval/lib"; then
890 if test -n "${need_dash_r}"; then
5a162955 891 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
98a7c37b 892 else
5a162955 893 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
98a7c37b 894 fi
895 else
896 if test -n "${need_dash_r}"; then
5a162955 897 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
98a7c37b 898 else
5a162955 899 LDFLAGS="-L${withval} ${LDFLAGS}"
98a7c37b 900 fi
901 fi
902 if test -d "$withval/include"; then
5a162955 903 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
98a7c37b 904 else
5a162955 905 CPPFLAGS="-I${withval} ${CPPFLAGS}"
98a7c37b 906 fi
6dd05556 907 fi ]
98a7c37b 908)
909
0a15d73b 910AC_CHECK_LIB(z, deflate, ,
911 [
912 saved_CPPFLAGS="$CPPFLAGS"
913 saved_LDFLAGS="$LDFLAGS"
914 save_LIBS="$LIBS"
915 dnl Check default zlib install dir
916 if test -n "${need_dash_r}"; then
917 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
918 else
919 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
920 fi
921 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
922 LIBS="$LIBS -lz"
923 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
924 [
925 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
926 ]
927 )
928 ]
929)
4ad65809 930AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
8068d564 931
932AC_ARG_WITH(zlib-version-check,
933 [ --without-zlib-version-check Disable zlib version check],
934 [ if test "x$withval" = "xno" ; then
935 zlib_check_nonfatal=1
936 fi
937 ]
938)
939
5c7fc85d 940AC_MSG_CHECKING(for possibly buggy zlib)
479cece8 941AC_RUN_IFELSE([AC_LANG_SOURCE([[
5c7fc85d 942#include <stdio.h>
4ad65809 943#include <zlib.h>
944int main()
945{
5c7fc85d 946 int a=0, b=0, c=0, d=0, n, v;
947 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
948 if (n != 3 && n != 4)
4ad65809 949 exit(1);
5c7fc85d 950 v = a*1000000 + b*10000 + c*100 + d;
951 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
952
953 /* 1.1.4 is OK */
954 if (a == 1 && b == 1 && c >= 4)
4ad65809 955 exit(0);
5c7fc85d 956
0072b59d 957 /* 1.2.3 and up are OK */
958 if (v >= 1020300)
5c7fc85d 959 exit(0);
960
4ad65809 961 exit(2);
962}
479cece8 963 ]])],
5c7fc85d 964 AC_MSG_RESULT(no),
965 [ AC_MSG_RESULT(yes)
8068d564 966 if test -z "$zlib_check_nonfatal" ; then
967 AC_MSG_ERROR([*** zlib too old - check config.log ***
968Your reported zlib version has known security problems. It's possible your
969vendor has fixed these problems without changing the version number. If you
970are sure this is the case, you can disable the check by running
971"./configure --without-zlib-version-check".
6090bcfe 972If you are in doubt, upgrade zlib to version 1.2.3 or greater.
5c7fc85d 973See http://www.gzip.org/zlib/ for details.])
8068d564 974 else
975 AC_MSG_WARN([zlib version may have security problems])
976 fi
1a01a50c 977 ],
978 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
4ad65809 979)
48e7916f 980
2c523de9 981dnl UnixWare 2.x
aff51935 982AC_CHECK_FUNC(strcasecmp,
2c523de9 983 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
984)
23361281 985AC_CHECK_FUNCS(utimes,
cda1ebcb 986 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
987 LIBS="$LIBS -lc89"]) ]
2c523de9 988)
4cca272e 989
7c6d759d 990dnl Checks for libutil functions
991AC_CHECK_HEADERS(libutil.h)
3466e002 992AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
993 [Define if your libraries define login()])])
7c6d759d 994AC_CHECK_FUNCS(logout updwtmp logwtmp)
995
a738c3b0 996AC_FUNC_STRFTIME
997
84ceda19 998# Check for ALTDIRFUNC glob() extension
999AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1000AC_EGREP_CPP(FOUNDIT,
1001 [
1002 #include <glob.h>
1003 #ifdef GLOB_ALTDIRFUNC
1004 FOUNDIT
1005 #endif
aff51935 1006 ],
84ceda19 1007 [
3466e002 1008 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1009 [Define if your system glob() function has
1010 the GLOB_ALTDIRFUNC extension])
84ceda19 1011 AC_MSG_RESULT(yes)
1012 ],
1013 [
1014 AC_MSG_RESULT(no)
1015 ]
1016)
4cca272e 1017
40849fdb 1018# Check for g.gl_matchc glob() extension
1019AC_MSG_CHECKING(for gl_matchc field in glob_t)
d90b9f9a 1020AC_TRY_COMPILE(
13ff27b7 1021 [ #include <glob.h> ],
1022 [glob_t g; g.gl_matchc = 1;],
aff51935 1023 [
3466e002 1024 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1025 [Define if your system glob() function has
1026 gl_matchc options in glob_t])
aff51935 1027 AC_MSG_RESULT(yes)
1028 ],
1029 [
1030 AC_MSG_RESULT(no)
1031 ]
40849fdb 1032)
1033
78888bab 1034AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1035
edbe6722 1036AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1a01a50c 1037AC_RUN_IFELSE(
479cece8 1038 [AC_LANG_SOURCE([[
edbe6722 1039#include <sys/types.h>
1040#include <dirent.h>
aec4cb4f 1041int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
479cece8 1042 ]])],
aff51935 1043 [AC_MSG_RESULT(yes)],
edbe6722 1044 [
1045 AC_MSG_RESULT(no)
3466e002 1046 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
d08db6d1 1047 [Define if your struct dirent expects you to
3466e002 1048 allocate extra space for d_name])
1a01a50c 1049 ],
82f4e93d 1050 [
1a01a50c 1051 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1052 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
edbe6722 1053 ]
1054)
1055
419e26e7 1056AC_MSG_CHECKING([for /proc/pid/fd directory])
1057if test -d "/proc/$$/fd" ; then
3466e002 1058 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
419e26e7 1059 AC_MSG_RESULT(yes)
1060else
1061 AC_MSG_RESULT(no)
1062fi
1063
278588d8 1064# Check whether user wants S/Key support
aff51935 1065SKEY_MSG="no"
278588d8 1066AC_ARG_WITH(skey,
6ff3d0dc 1067 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
278588d8 1068 [
1069 if test "x$withval" != "xno" ; then
1070
1071 if test "x$withval" != "xyes" ; then
1072 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1073 LDFLAGS="$LDFLAGS -L${withval}/lib"
1074 fi
1075
3466e002 1076 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
278588d8 1077 LIBS="-lskey $LIBS"
aff51935 1078 SKEY_MSG="yes"
82f4e93d 1079
ddceb1c8 1080 AC_MSG_CHECKING([for s/key support])
b0e7249f 1081 AC_LINK_IFELSE(
1082 [AC_LANG_SOURCE([[
ddceb1c8 1083#include <stdio.h>
1084#include <skey.h>
aec4cb4f 1085int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
b0e7249f 1086 ]])],
ddceb1c8 1087 [AC_MSG_RESULT(yes)],
278588d8 1088 [
ddceb1c8 1089 AC_MSG_RESULT(no)
278588d8 1090 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1091 ])
141fc639 1092 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1093 AC_TRY_COMPILE(
1094 [#include <stdio.h>
1095 #include <skey.h>],
1096 [(void)skeychallenge(NULL,"name","",0);],
1097 [AC_MSG_RESULT(yes)
3466e002 1098 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1099 [Define if your skeychallenge()
1100 function takes 4 arguments (NetBSD)])],
141fc639 1101 [AC_MSG_RESULT(no)]
1102 )
278588d8 1103 fi
1104 ]
1105)
1106
1107# Check whether user wants TCP wrappers support
98a7c37b 1108TCPW_MSG="no"
278588d8 1109AC_ARG_WITH(tcp-wrappers,
6ff3d0dc 1110 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
278588d8 1111 [
1112 if test "x$withval" != "xno" ; then
1113 saved_LIBS="$LIBS"
98a7c37b 1114 saved_LDFLAGS="$LDFLAGS"
1115 saved_CPPFLAGS="$CPPFLAGS"
4b492aab 1116 if test -n "${withval}" && \
6cf0200f 1117 test "x${withval}" != "xyes"; then
98a7c37b 1118 if test -d "${withval}/lib"; then
1119 if test -n "${need_dash_r}"; then
5a162955 1120 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
98a7c37b 1121 else
5a162955 1122 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
98a7c37b 1123 fi
1124 else
1125 if test -n "${need_dash_r}"; then
5a162955 1126 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
98a7c37b 1127 else
5a162955 1128 LDFLAGS="-L${withval} ${LDFLAGS}"
98a7c37b 1129 fi
1130 fi
1131 if test -d "${withval}/include"; then
5a162955 1132 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
98a7c37b 1133 else
5a162955 1134 CPPFLAGS="-I${withval} ${CPPFLAGS}"
98a7c37b 1135 fi
98a7c37b 1136 fi
e54defb4 1137 LIBS="-lwrap $LIBS"
278588d8 1138 AC_MSG_CHECKING(for libwrap)
1139 AC_TRY_LINK(
1140 [
77f09220 1141#include <sys/types.h>
1142#include <sys/socket.h>
1143#include <netinet/in.h>
278588d8 1144#include <tcpd.h>
1145 int deny_severity = 0, allow_severity = 0;
1146 ],
1147 [hosts_access(0);],
1148 [
1149 AC_MSG_RESULT(yes)
3466e002 1150 AC_DEFINE(LIBWRAP, 1,
1151 [Define if you want
1152 TCP Wrappers support])
e54defb4 1153 SSHDLIBS="$SSHDLIBS -lwrap"
98a7c37b 1154 TCPW_MSG="yes"
278588d8 1155 ],
1156 [
1157 AC_MSG_ERROR([*** libwrap missing])
1158 ]
1159 )
ddceb1c8 1160 LIBS="$saved_LIBS"
278588d8 1161 fi
1162 ]
1163)
1164
59031773 1165# Check whether user wants libedit support
1166LIBEDIT_MSG="no"
1167AC_ARG_WITH(libedit,
6ff3d0dc 1168 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
59031773 1169 [ if test "x$withval" != "xno" ; then
737edf04 1170 if test "x$withval" != "xyes"; then
bb116c8e 1171 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1172 if test -n "${need_dash_r}"; then
1173 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1174 else
1175 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1176 fi
737edf04 1177 fi
59031773 1178 AC_CHECK_LIB(edit, el_init,
3466e002 1179 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
59031773 1180 LIBEDIT="-ledit -lcurses"
1181 LIBEDIT_MSG="yes"
1182 AC_SUBST(LIBEDIT)
1183 ],
737edf04 1184 [ AC_MSG_ERROR(libedit not found) ],
1185 [ -lcurses ]
59031773 1186 )
f47ddccb 1187 AC_MSG_CHECKING(if libedit version is compatible)
d92622f9 1188 AC_COMPILE_IFELSE(
1189 [AC_LANG_SOURCE([[
1190#include <histedit.h>
f47ddccb 1191int main(void)
1192{
1193 int i = H_SETSIZE;
1194 el_init("", NULL, NULL, NULL);
1195 exit(0);
1196}
d92622f9 1197 ]])],
f47ddccb 1198 [ AC_MSG_RESULT(yes) ],
1199 [ AC_MSG_RESULT(no)
1200 AC_MSG_ERROR(libedit version is not compatible) ]
1201 )
59031773 1202 fi ]
1203)
1204
7b578f7d 1205AUDIT_MODULE=none
1206AC_ARG_WITH(audit,
1207 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1208 [
1209 AC_MSG_CHECKING(for supported audit module)
1210 case "$withval" in
1211 bsm)
1212 AC_MSG_RESULT(bsm)
1213 AUDIT_MODULE=bsm
1214 dnl Checks for headers, libs and functions
1215 AC_CHECK_HEADERS(bsm/audit.h, [],
a01f637d 1216 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1217 [
1218#ifdef HAVE_TIME_H
1219# include <time.h>
1220#endif
1221 ]
1222)
7b578f7d 1223 AC_CHECK_LIB(bsm, getaudit, [],
1224 [AC_MSG_ERROR(BSM enabled and required library not found)])
1225 AC_CHECK_FUNCS(getaudit, [],
1226 [AC_MSG_ERROR(BSM enabled and required function not found)])
1227 # These are optional
7939c496 1228 AC_CHECK_FUNCS(getaudit_addr)
3466e002 1229 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
7b578f7d 1230 ;;
1231 debug)
1232 AUDIT_MODULE=debug
1233 AC_MSG_RESULT(debug)
3466e002 1234 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
7b578f7d 1235 ;;
a2b3321d 1236 no)
d92622f9 1237 AC_MSG_RESULT(no)
a2b3321d 1238 ;;
7b578f7d 1239 *)
1240 AC_MSG_ERROR([Unknown audit module $withval])
1241 ;;
1242 esac ]
1243)
1244
19160674 1245dnl Checks for library functions. Please keep in alphabetical order
b04a9f8c 1246AC_CHECK_FUNCS( \
1247 arc4random \
9a406e1e 1248 asprintf \
b04a9f8c 1249 b64_ntop \
1250 __b64_ntop \
1251 b64_pton \
1252 __b64_pton \
1253 bcopy \
1254 bindresvport_sa \
1255 clock \
1256 closefrom \
1257 dirfd \
b04a9f8c 1258 fchmod \
1259 fchown \
1260 freeaddrinfo \
1261 futimes \
1262 getaddrinfo \
1263 getcwd \
1264 getgrouplist \
1265 getnameinfo \
1266 getopt \
1267 getpeereid \
1961d660 1268 getpeerucred \
b04a9f8c 1269 _getpty \
1270 getrlimit \
1271 getttyent \
1272 glob \
1273 inet_aton \
1274 inet_ntoa \
1275 inet_ntop \
1276 innetgr \
1277 login_getcapbool \
1278 md5_crypt \
1279 memmove \
1280 mkdtemp \
1281 mmap \
1282 ngetaddrinfo \
1283 nsleep \
1284 ogetaddrinfo \
1285 openlog_r \
1286 openpty \
6d39a5c4 1287 poll \
b04a9f8c 1288 prctl \
1289 pstat \
1290 readpassphrase \
1291 realpath \
1292 recvmsg \
1293 rresvport_af \
1294 sendmsg \
1295 setdtablesize \
1296 setegid \
1297 setenv \
1298 seteuid \
1299 setgroups \
1300 setlogin \
1301 setpcred \
1302 setproctitle \
1303 setregid \
1304 setreuid \
1305 setrlimit \
1306 setsid \
1307 setvbuf \
1308 sigaction \
1309 sigvec \
1310 snprintf \
1311 socketpair \
1312 strdup \
1313 strerror \
1314 strlcat \
1315 strlcpy \
1316 strmode \
1317 strnvis \
1318 strtonum \
1e29a0c8 1319 strtoll \
b04a9f8c 1320 strtoul \
1aac2117 1321 swap32 \
b04a9f8c 1322 sysconf \
1323 tcgetpgrp \
1324 truncate \
1325 unsetenv \
1326 updwtmpx \
9a406e1e 1327 vasprintf \
b04a9f8c 1328 vhangup \
1329 vsnprintf \
1330 waitpid \
19160674 1331)
98a7c37b 1332
1a086f97 1333# IRIX has a const char return value for gai_strerror()
1334AC_CHECK_FUNCS(gai_strerror,[
1335 AC_DEFINE(HAVE_GAI_STRERROR)
1336 AC_TRY_COMPILE([
1337#include <sys/types.h>
1338#include <sys/socket.h>
1339#include <netdb.h>
1340
1341const char *gai_strerror(int);],[
1342char *str;
1343
1344str = gai_strerror(0);],[
1345 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1346 [Define if gai_strerror() returns const char *])])])
1347
3466e002 1348AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1349 [Some systems put nanosleep outside of libc]))
92b1decf 1350
309709db 1351dnl Make sure prototypes are defined for these before using them.
309709db 1352AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
0957c2cf 1353AC_CHECK_DECL(strsep,
1354 [AC_CHECK_FUNCS(strsep)],
1355 [],
1356 [
1357#ifdef HAVE_STRING_H
1358# include <string.h>
1359#endif
1360 ])
08412d26 1361
3490699c 1362dnl tcsendbreak might be a macro
1363AC_CHECK_DECL(tcsendbreak,
1364 [AC_DEFINE(HAVE_TCSENDBREAK)],
aff51935 1365 [AC_CHECK_FUNCS(tcsendbreak)],
3490699c 1366 [#include <termios.h>]
1367)
1368
41e0e158 1369AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1370
71f4c727 1371AC_CHECK_DECLS(SHUT_RD, , ,
1372 [
1373#include <sys/types.h>
1374#include <sys/socket.h>
1375 ])
956d6743 1376
1377AC_CHECK_DECLS(O_NONBLOCK, , ,
1378 [
1379#include <sys/types.h>
1380#ifdef HAVE_SYS_STAT_H
1381# include <sys/stat.h>
1382#endif
1383#ifdef HAVE_FCNTL_H
1384# include <fcntl.h>
1385#endif
1386 ])
1387
752994dd 1388AC_CHECK_DECLS(writev, , , [
1389#include <sys/types.h>
1390#include <sys/uio.h>
1391#include <unistd.h>
1392 ])
1393
0bf6279d 1394AC_CHECK_DECLS(MAXSYMLINKS, , , [
1395#include <sys/param.h>
1396 ])
1397
b41ece30 1398AC_CHECK_DECLS(offsetof, , , [
1399#include <stddef.h>
1400 ])
1401
3f176010 1402AC_CHECK_FUNCS(setresuid, [
1403 dnl Some platorms have setresuid that isn't implemented, test for this
1404 AC_MSG_CHECKING(if setresuid seems to work)
479cece8 1405 AC_RUN_IFELSE(
1406 [AC_LANG_SOURCE([[
9a3fe0e2 1407#include <stdlib.h>
1408#include <errno.h>
1409int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
479cece8 1410 ]])],
3f176010 1411 [AC_MSG_RESULT(yes)],
3466e002 1412 [AC_DEFINE(BROKEN_SETRESUID, 1,
1413 [Define if your setresuid() is broken])
1a01a50c 1414 AC_MSG_RESULT(not implemented)],
1415 [AC_MSG_WARN([cross compiling: not checking setresuid])]
3f176010 1416 )
1417])
9a3fe0e2 1418
3f176010 1419AC_CHECK_FUNCS(setresgid, [
1420 dnl Some platorms have setresgid that isn't implemented, test for this
1421 AC_MSG_CHECKING(if setresgid seems to work)
479cece8 1422 AC_RUN_IFELSE(
1423 [AC_LANG_SOURCE([[
9a3fe0e2 1424#include <stdlib.h>
1425#include <errno.h>
1426int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
479cece8 1427 ]])],
3f176010 1428 [AC_MSG_RESULT(yes)],
3466e002 1429 [AC_DEFINE(BROKEN_SETRESGID, 1,
1430 [Define if your setresgid() is broken])
1a01a50c 1431 AC_MSG_RESULT(not implemented)],
1432 [AC_MSG_WARN([cross compiling: not checking setresuid])]
3f176010 1433 )
1434])
9a3fe0e2 1435
2e73a022 1436dnl Checks for time functions
1d7b9b20 1437AC_CHECK_FUNCS(gettimeofday time)
2e73a022 1438dnl Checks for utmp functions
b03bd394 1439AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1d7b9b20 1440AC_CHECK_FUNCS(utmpname)
2e73a022 1441dnl Checks for utmpx functions
b03bd394 1442AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1d7b9b20 1443AC_CHECK_FUNCS(setutxent utmpxname)
76cd7316 1444
aff51935 1445AC_CHECK_FUNC(daemon,
3466e002 1446 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1447 [AC_CHECK_LIB(bsd, daemon,
1448 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
beb43d31 1449)
1450
aff51935 1451AC_CHECK_FUNC(getpagesize,
3466e002 1452 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1453 [Define if your libraries define getpagesize()])],
1454 [AC_CHECK_LIB(ucb, getpagesize,
1455 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
aa6bd60a 1456)
1457
2647ae26 1458# Check for broken snprintf
1459if test "x$ac_cv_func_snprintf" = "xyes" ; then
1460 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1a01a50c 1461 AC_RUN_IFELSE(
479cece8 1462 [AC_LANG_SOURCE([[
2647ae26 1463#include <stdio.h>
aec4cb4f 1464int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
479cece8 1465 ]])],
aff51935 1466 [AC_MSG_RESULT(yes)],
2647ae26 1467 [
1468 AC_MSG_RESULT(no)
3466e002 1469 AC_DEFINE(BROKEN_SNPRINTF, 1,
1470 [Define if your snprintf is busted])
2647ae26 1471 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1a01a50c 1472 ],
1473 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2647ae26 1474 )
1475fi
1476
9a406e1e 1477# If we don't have a working asprintf, then we strongly depend on vsnprintf
1478# returning the right thing on overflow: the number of characters it tried to
1479# create (as per SUSv3)
1480if test "x$ac_cv_func_asprintf" != "xyes" && \
1481 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1482 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1483 AC_RUN_IFELSE(
1484 [AC_LANG_SOURCE([[
1485#include <sys/types.h>
1486#include <stdio.h>
1487#include <stdarg.h>
1488
1489int x_snprintf(char *str,size_t count,const char *fmt,...)
1490{
1491 size_t ret; va_list ap;
1492 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1493 return ret;
1494}
1495int main(void)
1496{
1497 char x[1];
1498 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1499} ]])],
1500 [AC_MSG_RESULT(yes)],
1501 [
1502 AC_MSG_RESULT(no)
1503 AC_DEFINE(BROKEN_SNPRINTF, 1,
1504 [Define if your snprintf is busted])
1505 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1506 ],
1507 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1508 )
1509fi
1510
31b0732a 1511# On systems where [v]snprintf is broken, but is declared in stdio,
1512# check that the fmt argument is const char * or just char *.
1513# This is only useful for when BROKEN_SNPRINTF
1514AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1515AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1516 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1517 int main(void) { snprintf(0, 0, 0); }
1518 ]])],
1519 [AC_MSG_RESULT(yes)
1520 AC_DEFINE(SNPRINTF_CONST, [const],
1521 [Define as const if snprintf() can declare const char *fmt])],
1522 [AC_MSG_RESULT(no)
1523 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1524
2f6f9cff 1525# Check for missing getpeereid (or equiv) support
1526NO_PEERCHECK=""
1961d660 1527if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2f6f9cff 1528 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1529 AC_TRY_COMPILE(
1530 [#include <sys/types.h>
1531 #include <sys/socket.h>],
1532 [int i = SO_PEERCRED;],
62eb7db4 1533 [ AC_MSG_RESULT(yes)
3466e002 1534 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
62eb7db4 1535 ],
2f6f9cff 1536 [AC_MSG_RESULT(no)
1537 NO_PEERCHECK=1]
1538 )
1539fi
1540
70e7d0b0 1541dnl see whether mkstemp() requires XXXXXX
1542if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1543AC_MSG_CHECKING([for (overly) strict mkstemp])
b0e7249f 1544AC_RUN_IFELSE(
1545 [AC_LANG_SOURCE([[
70e7d0b0 1546#include <stdlib.h>
1547main() { char template[]="conftest.mkstemp-test";
1548if (mkstemp(template) == -1)
1549 exit(1);
1550unlink(template); exit(0);
1551}
b0e7249f 1552 ]])],
70e7d0b0 1553 [
1554 AC_MSG_RESULT(no)
1555 ],
aff51935 1556 [
70e7d0b0 1557 AC_MSG_RESULT(yes)
3466e002 1558 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
70e7d0b0 1559 ],
1560 [
1561 AC_MSG_RESULT(yes)
1562 AC_DEFINE(HAVE_STRICT_MKSTEMP)
aff51935 1563 ]
70e7d0b0 1564)
1565fi
1566
eacb954e 1567dnl make sure that openpty does not reacquire controlling terminal
1568if test ! -z "$check_for_openpty_ctty_bug"; then
1569 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
b0e7249f 1570 AC_RUN_IFELSE(
1571 [AC_LANG_SOURCE([[
eacb954e 1572#include <stdio.h>
1573#include <sys/fcntl.h>
1574#include <sys/types.h>
1575#include <sys/wait.h>
1576
1577int
1578main()
1579{
1580 pid_t pid;
1581 int fd, ptyfd, ttyfd, status;
1582
1583 pid = fork();
1584 if (pid < 0) { /* failed */
1585 exit(1);
1586 } else if (pid > 0) { /* parent */
1587 waitpid(pid, &status, 0);
aff51935 1588 if (WIFEXITED(status))
eacb954e 1589 exit(WEXITSTATUS(status));
1590 else
1591 exit(2);
1592 } else { /* child */
1593 close(0); close(1); close(2);
1594 setsid();
1595 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1596 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1597 if (fd >= 0)
1598 exit(3); /* Acquired ctty: broken */
1599 else
1600 exit(0); /* Did not acquire ctty: OK */
1601 }
1602}
b0e7249f 1603 ]])],
eacb954e 1604 [
1605 AC_MSG_RESULT(yes)
1606 ],
1607 [
1608 AC_MSG_RESULT(no)
1609 AC_DEFINE(SSHD_ACQUIRES_CTTY)
b0e7249f 1610 ],
1611 [
1612 AC_MSG_RESULT(cross-compiling, assuming yes)
eacb954e 1613 ]
1614 )
1615fi
1616
4b492aab 1617if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1618 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2fe51906 1619 AC_MSG_CHECKING(if getaddrinfo seems to work)
b0e7249f 1620 AC_RUN_IFELSE(
1621 [AC_LANG_SOURCE([[
2fe51906 1622#include <stdio.h>
1623#include <sys/socket.h>
1624#include <netdb.h>
1625#include <errno.h>
1626#include <netinet/in.h>
1627
1628#define TEST_PORT "2222"
1629
1630int
1631main(void)
1632{
1633 int err, sock;
1634 struct addrinfo *gai_ai, *ai, hints;
1635 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1636
1637 memset(&hints, 0, sizeof(hints));
1638 hints.ai_family = PF_UNSPEC;
1639 hints.ai_socktype = SOCK_STREAM;
1640 hints.ai_flags = AI_PASSIVE;
1641
1642 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1643 if (err != 0) {
1644 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1645 exit(1);
1646 }
1647
1648 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1649 if (ai->ai_family != AF_INET6)
1650 continue;
1651
1652 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1653 sizeof(ntop), strport, sizeof(strport),
1654 NI_NUMERICHOST|NI_NUMERICSERV);
1655
1656 if (err != 0) {
1657 if (err == EAI_SYSTEM)
1658 perror("getnameinfo EAI_SYSTEM");
1659 else
1660 fprintf(stderr, "getnameinfo failed: %s\n",
1661 gai_strerror(err));
1662 exit(2);
1663 }
1664
1665 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1666 if (sock < 0)
1667 perror("socket");
1668 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1669 if (errno == EBADF)
1670 exit(3);
1671 }
1672 }
1673 exit(0);
1674}
b0e7249f 1675 ]])],
2fe51906 1676 [
1677 AC_MSG_RESULT(yes)
1678 ],
1679 [
1680 AC_MSG_RESULT(no)
1681 AC_DEFINE(BROKEN_GETADDRINFO)
b0e7249f 1682 ],
1683 [
1684 AC_MSG_RESULT(cross-compiling, assuming yes)
2fe51906 1685 ]
1686 )
1687fi
1688
4b492aab 1689if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1690 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
5ccf88cb 1691 AC_MSG_CHECKING(if getaddrinfo seems to work)
b0e7249f 1692 AC_RUN_IFELSE(
1693 [AC_LANG_SOURCE([[
5ccf88cb 1694#include <stdio.h>
1695#include <sys/socket.h>
1696#include <netdb.h>
1697#include <errno.h>
1698#include <netinet/in.h>
1699
1700#define TEST_PORT "2222"
1701
1702int
1703main(void)
1704{
1705 int err, sock;
1706 struct addrinfo *gai_ai, *ai, hints;
1707 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1708
1709 memset(&hints, 0, sizeof(hints));
1710 hints.ai_family = PF_UNSPEC;
1711 hints.ai_socktype = SOCK_STREAM;
1712 hints.ai_flags = AI_PASSIVE;
1713
1714 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1715 if (err != 0) {
1716 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1717 exit(1);
1718 }
1719
1720 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1721 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1722 continue;
1723
1724 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1725 sizeof(ntop), strport, sizeof(strport),
1726 NI_NUMERICHOST|NI_NUMERICSERV);
1727
1728 if (ai->ai_family == AF_INET && err != 0) {
1729 perror("getnameinfo");
1730 exit(2);
1731 }
1732 }
1733 exit(0);
1734}
b0e7249f 1735 ]])],
5ccf88cb 1736 [
1737 AC_MSG_RESULT(yes)
3466e002 1738 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1739 [Define if you have a getaddrinfo that fails
1740 for the all-zeros IPv6 address])
5ccf88cb 1741 ],
1742 [
1743 AC_MSG_RESULT(no)
1744 AC_DEFINE(BROKEN_GETADDRINFO)
b0e7249f 1745 ],
ecd9ec09 1746 [
b0e7249f 1747 AC_MSG_RESULT(cross-compiling, assuming no)
5ccf88cb 1748 ]
1749 )
1750fi
1751
b29fd59f 1752if test "x$check_for_conflicting_getspnam" = "x1"; then
1753 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1754 AC_COMPILE_IFELSE(
1755 [
1756#include <shadow.h>
1757int main(void) {exit(0);}
1758 ],
1759 [
1760 AC_MSG_RESULT(no)
1761 ],
1762 [
1763 AC_MSG_RESULT(yes)
1764 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1765 [Conflicting defs for getspnam])
1766 ]
1767 )
1768fi
1769
7f8f5e00 1770AC_FUNC_GETPGRP
1771
5b991353 1772# Search for OpenSSL
1773saved_CPPFLAGS="$CPPFLAGS"
1774saved_LDFLAGS="$LDFLAGS"
a0391976 1775AC_ARG_WITH(ssl-dir,
1776 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1777 [
e9e4a1c7 1778 if test "x$withval" != "xno" ; then
99eb0f64 1779 case "$withval" in
1780 # Relative paths
1781 ./*|../*) withval="`pwd`/$withval"
1782 esac
5b991353 1783 if test -d "$withval/lib"; then
1784 if test -n "${need_dash_r}"; then
1785 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1786 else
1787 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
d6f13fbb 1788 fi
1789 else
5b991353 1790 if test -n "${need_dash_r}"; then
1791 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1792 else
1793 LDFLAGS="-L${withval} ${LDFLAGS}"
d6f13fbb 1794 fi
1795 fi
5b991353 1796 if test -d "$withval/include"; then
1797 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
d6f13fbb 1798 else
5b991353 1799 CPPFLAGS="-I${withval} ${CPPFLAGS}"
58d100bf 1800 fi
a0391976 1801 fi
5b991353 1802 ]
1803)
5486a457 1804LIBS="-lcrypto $LIBS"
3466e002 1805AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1806 [Define if your ssl headers are included
1807 with #include <openssl/header.h>]),
d45e3d76 1808 [
5b991353 1809 dnl Check default openssl install dir
1810 if test -n "${need_dash_r}"; then
1811 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
d45e3d76 1812 else
5b991353 1813 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
d45e3d76 1814 fi
5b991353 1815 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1816 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1817 [
1818 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1819 ]
1820 )
1821 ]
1822)
1823
cd018561 1824# Determine OpenSSL header version
1825AC_MSG_CHECKING([OpenSSL header version])
1a01a50c 1826AC_RUN_IFELSE(
479cece8 1827 [AC_LANG_SOURCE([[
cd018561 1828#include <stdio.h>
1829#include <string.h>
1830#include <openssl/opensslv.h>
1831#define DATA "conftest.sslincver"
1832int main(void) {
aff51935 1833 FILE *fd;
1834 int rc;
cd018561 1835
aff51935 1836 fd = fopen(DATA,"w");
1837 if(fd == NULL)
1838 exit(1);
cd018561 1839
1840 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1841 exit(1);
1842
1843 exit(0);
1844}
479cece8 1845 ]])],
cd018561 1846 [
1847 ssl_header_ver=`cat conftest.sslincver`
1848 AC_MSG_RESULT($ssl_header_ver)
1849 ],
1850 [
1851 AC_MSG_RESULT(not found)
1852 AC_MSG_ERROR(OpenSSL version header not found.)
1a01a50c 1853 ],
1854 [
1855 AC_MSG_WARN([cross compiling: not checking])
cd018561 1856 ]
1857)
1858
1859# Determine OpenSSL library version
1860AC_MSG_CHECKING([OpenSSL library version])
1a01a50c 1861AC_RUN_IFELSE(
479cece8 1862 [AC_LANG_SOURCE([[
cd018561 1863#include <stdio.h>
1864#include <string.h>
1865#include <openssl/opensslv.h>
1866#include <openssl/crypto.h>
1867#define DATA "conftest.ssllibver"
1868int main(void) {
aff51935 1869 FILE *fd;
1870 int rc;
cd018561 1871
aff51935 1872 fd = fopen(DATA,"w");
1873 if(fd == NULL)
1874 exit(1);
cd018561 1875
1876 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1877 exit(1);
1878
1879 exit(0);
1880}
479cece8 1881 ]])],
cd018561 1882 [
1883 ssl_library_ver=`cat conftest.ssllibver`
1884 AC_MSG_RESULT($ssl_library_ver)
1885 ],
1886 [
1887 AC_MSG_RESULT(not found)
1888 AC_MSG_ERROR(OpenSSL library not found.)
1a01a50c 1889 ],
1890 [
1891 AC_MSG_WARN([cross compiling: not checking])
cd018561 1892 ]
1893)
58d100bf 1894
1d42bcce 1895AC_ARG_WITH(openssl-header-check,
1896 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1897 [ if test "x$withval" = "xno" ; then
1898 openssl_check_nonfatal=1
1899 fi
1900 ]
1901)
1902
9780116c 1903# Sanity check OpenSSL headers
1904AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1a01a50c 1905AC_RUN_IFELSE(
479cece8 1906 [AC_LANG_SOURCE([[
9780116c 1907#include <string.h>
1908#include <openssl/opensslv.h>
aec4cb4f 1909int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
479cece8 1910 ]])],
9780116c 1911 [
1912 AC_MSG_RESULT(yes)
1913 ],
1914 [
1915 AC_MSG_RESULT(no)
1d42bcce 1916 if test "x$openssl_check_nonfatal" = "x"; then
1917 AC_MSG_ERROR([Your OpenSSL headers do not match your
1918library. Check config.log for details.
1919If you are sure your installation is consistent, you can disable the check
1920by running "./configure --without-openssl-header-check".
1921Also see contrib/findssl.sh for help identifying header/library mismatches.
1922])
1923 else
1924 AC_MSG_WARN([Your OpenSSL headers do not match your
1925library. Check config.log for details.
e15ba28b 1926Also see contrib/findssl.sh for help identifying header/library mismatches.])
1d42bcce 1927 fi
1a01a50c 1928 ],
1929 [
1930 AC_MSG_WARN([cross compiling: not checking])
9780116c 1931 ]
1932)
1933
282d6408 1934AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1935AC_LINK_IFELSE(
1936 [AC_LANG_SOURCE([[
1937#include <openssl/evp.h>
1938int main(void) { SSLeay_add_all_algorithms(); }
1939 ]])],
1940 [
1941 AC_MSG_RESULT(yes)
1942 ],
1943 [
1944 AC_MSG_RESULT(no)
1945 saved_LIBS="$LIBS"
1946 LIBS="$LIBS -ldl"
1947 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1948 AC_LINK_IFELSE(
1949 [AC_LANG_SOURCE([[
1950#include <openssl/evp.h>
1951int main(void) { SSLeay_add_all_algorithms(); }
1952 ]])],
1953 [
1954 AC_MSG_RESULT(yes)
1955 ],
1956 [
1957 AC_MSG_RESULT(no)
1958 LIBS="$saved_LIBS"
1959 ]
1960 )
1961 ]
1962)
1963
c7ad0d99 1964AC_ARG_WITH(ssl-engine,
1965 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1966 [ if test "x$withval" != "xno" ; then
1967 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1968 AC_TRY_COMPILE(
1969 [ #include <openssl/engine.h>],
1970 [
24b2647b 1971ENGINE_load_builtin_engines();ENGINE_register_all_complete();
c7ad0d99 1972 ],
1973 [ AC_MSG_RESULT(yes)
1974 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1975 [Enable OpenSSL engine support])
1976 ],
1977 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1978 )
1979 fi ]
1980)
1981
e5146707 1982# Check for OpenSSL without EVP_aes_{192,256}_cbc
1983AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3e05aa50 1984AC_LINK_IFELSE(
e5146707 1985 [AC_LANG_SOURCE([[
1986#include <string.h>
1987#include <openssl/evp.h>
300ea548 1988int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
e5146707 1989 ]])],
1990 [
1991 AC_MSG_RESULT(no)
1992 ],
1993 [
1994 AC_MSG_RESULT(yes)
1995 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1996 [libcrypto is missing AES 192 and 256 bit functions])
1997 ]
1998)
1999
5486a457 2000# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2001# because the system crypt() is more featureful.
2002if test "x$check_for_libcrypt_before" = "x1"; then
2003 AC_CHECK_LIB(crypt, crypt)
2004fi
2005
aff51935 2006# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
8087c5ee 2007# version in OpenSSL.
05114c74 2008if test "x$check_for_libcrypt_later" = "x1"; then
20cad736 2009 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
717057b6 2010fi
2011
13ff27b7 2012# Search for SHA256 support in libc and/or OpenSSL
2013AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2014
a03acb8f 2015saved_LIBS="$LIBS"
2016AC_CHECK_LIB(iaf, ia_openinfo, [
2017 LIBS="$LIBS -liaf"
d837615a 2018 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2019 AC_DEFINE(HAVE_LIBIAF, 1,
2020 [Define if system has libiaf that supports set_id])
2021 ])
a03acb8f 2022])
2023LIBS="$saved_LIBS"
f1b0ecc3 2024
2025### Configure cryptographic random number support
2026
2027# Check wheter OpenSSL seeds itself
2028AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1a01a50c 2029AC_RUN_IFELSE(
479cece8 2030 [AC_LANG_SOURCE([[
f1b0ecc3 2031#include <string.h>
2032#include <openssl/rand.h>
aec4cb4f 2033int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
479cece8 2034 ]])],
f1b0ecc3 2035 [
2036 OPENSSL_SEEDS_ITSELF=yes
2037 AC_MSG_RESULT(yes)
2038 ],
2039 [
2040 AC_MSG_RESULT(no)
2041 # Default to use of the rand helper if OpenSSL doesn't
2042 # seed itself
2043 USE_RAND_HELPER=yes
1a01a50c 2044 ],
2045 [
2046 AC_MSG_WARN([cross compiling: assuming yes])
2047 # This is safe, since all recent OpenSSL versions will
82f4e93d 2048 # complain at runtime if not seeded correctly.
1a01a50c 2049 OPENSSL_SEEDS_ITSELF=yes
f1b0ecc3 2050 ]
2051)
2052
a086f73b 2053# Check for PAM libs
2054PAM_MSG="no"
2055AC_ARG_WITH(pam,
2056 [ --with-pam Enable PAM support ],
2057 [
2058 if test "x$withval" != "xno" ; then
2059 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2060 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2061 AC_MSG_ERROR([PAM headers not found])
2062 fi
2063
2064 saved_LIBS="$LIBS"
2065 AC_CHECK_LIB(dl, dlopen, , )
2066 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2067 AC_CHECK_FUNCS(pam_getenvlist)
2068 AC_CHECK_FUNCS(pam_putenv)
2069 LIBS="$saved_LIBS"
2070
2071 PAM_MSG="yes"
2072
e54defb4 2073 SSHDLIBS="$SSHDLIBS -lpam"
a086f73b 2074 AC_DEFINE(USE_PAM, 1,
2075 [Define if you want to enable PAM support])
282d6408 2076
a086f73b 2077 if test $ac_cv_lib_dl_dlopen = yes; then
282d6408 2078 case "$LIBS" in
2079 *-ldl*)
2080 # libdl already in LIBS
2081 ;;
2082 *)
e54defb4 2083 SSHDLIBS="$SSHDLIBS -ldl"
282d6408 2084 ;;
2085 esac
a086f73b 2086 fi
a086f73b 2087 fi
2088 ]
2089)
2090
2091# Check for older PAM
2092if test "x$PAM_MSG" = "xyes" ; then
2093 # Check PAM strerror arguments (old PAM)
2094 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2095 AC_TRY_COMPILE(
2096 [
2097#include <stdlib.h>
2098#if defined(HAVE_SECURITY_PAM_APPL_H)
2099#include <security/pam_appl.h>
2100#elif defined (HAVE_PAM_PAM_APPL_H)
2101#include <pam/pam_appl.h>
2102#endif
2103 ],
2104 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2105 [AC_MSG_RESULT(no)],
2106 [
2107 AC_DEFINE(HAVE_OLD_PAM, 1,
2108 [Define if you have an old version of PAM
2109 which takes only one argument to pam_strerror])
2110 AC_MSG_RESULT(yes)
2111 PAM_MSG="yes (old library)"
2112 ]
2113 )
2114fi
f1b0ecc3 2115
2116# Do we want to force the use of the rand helper?
2117AC_ARG_WITH(rand-helper,
2118 [ --with-rand-helper Use subprocess to gather strong randomness ],
2119 [
2120 if test "x$withval" = "xno" ; then
aff51935 2121 # Force use of OpenSSL's internal RNG, even if
f1b0ecc3 2122 # the previous test showed it to be unseeded.
2123 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2124 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2125 OPENSSL_SEEDS_ITSELF=yes
2126 USE_RAND_HELPER=""
2127 fi
2128 else
2129 USE_RAND_HELPER=yes
2130 fi
2131 ],
82f4e93d 2132)
f1b0ecc3 2133
2134# Which randomness source do we use?
4b492aab 2135if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
f1b0ecc3 2136 # OpenSSL only
3466e002 2137 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2138 [Define if you want OpenSSL's internally seeded PRNG only])
f1b0ecc3 2139 RAND_MSG="OpenSSL internal ONLY"
2140 INSTALL_SSH_RAND_HELPER=""
70e2f2f3 2141elif test ! -z "$USE_RAND_HELPER" ; then
2142 # install rand helper
f1b0ecc3 2143 RAND_MSG="ssh-rand-helper"
2144 INSTALL_SSH_RAND_HELPER="yes"
2145fi
2146AC_SUBST(INSTALL_SSH_RAND_HELPER)
2147
2148### Configuration of ssh-rand-helper
2149
2150# PRNGD TCP socket
2151AC_ARG_WITH(prngd-port,
2152 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2153 [
eb5d7ff6 2154 case "$withval" in
2155 no)
2156 withval=""
2157 ;;
2158 [[0-9]]*)
2159 ;;
2160 *)
2161 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2162 ;;
2163 esac
2164 if test ! -z "$withval" ; then
f1b0ecc3 2165 PRNGD_PORT="$withval"
3466e002 2166 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2167 [Port number of PRNGD/EGD random number socket])
f1b0ecc3 2168 fi
2169 ]
2170)
2171
2172# PRNGD Unix domain socket
2173AC_ARG_WITH(prngd-socket,
2174 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2175 [
eb5d7ff6 2176 case "$withval" in
2177 yes)
f1b0ecc3 2178 withval="/var/run/egd-pool"
eb5d7ff6 2179 ;;
2180 no)
2181 withval=""
2182 ;;
2183 /*)
2184 ;;
2185 *)
2186 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2187 ;;
2188 esac
2189
2190 if test ! -z "$withval" ; then
f1b0ecc3 2191 if test ! -z "$PRNGD_PORT" ; then
2192 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2193 fi
906e811b 2194 if test ! -r "$withval" ; then
f1b0ecc3 2195 AC_MSG_WARN(Entropy socket is not readable)
2196 fi
2197 PRNGD_SOCKET="$withval"
3466e002 2198 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2199 [Location of PRNGD/EGD random number socket])
f1b0ecc3 2200 fi
ddceb1c8 2201 ],
2202 [
2203 # Check for existing socket only if we don't have a random device already
2204 if test "$USE_RAND_HELPER" = yes ; then
2205 AC_MSG_CHECKING(for PRNGD/EGD socket)
2206 # Insert other locations here
2207 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2208 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2209 PRNGD_SOCKET="$sock"
2210 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2211 break;
2212 fi
2213 done
2214 if test ! -z "$PRNGD_SOCKET" ; then
2215 AC_MSG_RESULT($PRNGD_SOCKET)
2216 else
2217 AC_MSG_RESULT(not found)
2218 fi
2219 fi
f1b0ecc3 2220 ]
2221)
2222
2223# Change default command timeout for hashing entropy source
2224entropy_timeout=200
2225AC_ARG_WITH(entropy-timeout,
2226 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2227 [
6cf0200f 2228 if test -n "$withval" && test "x$withval" != "xno" && \
2229 test "x${withval}" != "xyes"; then
f1b0ecc3 2230 entropy_timeout=$withval
2231 fi
82f4e93d 2232 ]
f1b0ecc3 2233)
3466e002 2234AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2235 [Builtin PRNG command timeout])
f1b0ecc3 2236
fd3cbf67 2237SSH_PRIVSEP_USER=sshd
9a0fbcb3 2238AC_ARG_WITH(privsep-user,
5222e7ef 2239 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
9a0fbcb3 2240 [
6cf0200f 2241 if test -n "$withval" && test "x$withval" != "xno" && \
2242 test "x${withval}" != "xyes"; then
fd3cbf67 2243 SSH_PRIVSEP_USER=$withval
9a0fbcb3 2244 fi
82f4e93d 2245 ]
9a0fbcb3 2246)
3466e002 2247AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2248 [non-privileged user for privilege separation])
fd3cbf67 2249AC_SUBST(SSH_PRIVSEP_USER)
9a0fbcb3 2250
81dadca3 2251# We do this little dance with the search path to insure
2252# that programs that we select for use by installed programs
2253# (which may be run by the super-user) come from trusted
2254# locations before they come from the user's private area.
2255# This should help avoid accidentally configuring some
2256# random version of a program in someone's personal bin.
2257
2258OPATH=$PATH
2259PATH=/bin:/usr/bin
f95c8ce8 2260test -h /bin 2> /dev/null && PATH=/usr/bin
81dadca3 2261test -d /sbin && PATH=$PATH:/sbin
2262test -d /usr/sbin && PATH=$PATH:/usr/sbin
2263PATH=$PATH:/etc:$OPATH
2264
aff51935 2265# These programs are used by the command hashing source to gather entropy
f1b0ecc3 2266OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2267OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2268OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2269OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2270OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2271OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2272OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2273OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2274OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2275OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2276OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2277OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2278OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2279OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2280OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2281OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
81dadca3 2282# restore PATH
2283PATH=$OPATH
f1b0ecc3 2284
2285# Where does ssh-rand-helper get its randomness from?
2286INSTALL_SSH_PRNG_CMDS=""
2287if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2288 if test ! -z "$PRNGD_PORT" ; then
2289 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2290 elif test ! -z "$PRNGD_SOCKET" ; then
2291 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2292 else
2293 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2294 RAND_HELPER_CMDHASH=yes
2295 INSTALL_SSH_PRNG_CMDS="yes"
2296 fi
2297fi
2298AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2299
2300
66d6c27e 2301# Cheap hack to ensure NEWS-OS libraries are arranged right.
2302if test ! -z "$SONY" ; then
2303 LIBS="$LIBS -liberty";
2304fi
2305
9a406e1e 2306# Check for long long datatypes
2307AC_CHECK_TYPES([long long, unsigned long long, long double])
2308
2309# Check datatype sizes
976f7e19 2310AC_CHECK_SIZEOF(char, 1)
2b942fe0 2311AC_CHECK_SIZEOF(short int, 2)
2312AC_CHECK_SIZEOF(int, 4)
2313AC_CHECK_SIZEOF(long int, 4)
2314AC_CHECK_SIZEOF(long long int, 8)
2315
52f1ccb2 2316# Sanity check long long for some platforms (AIX)
2317if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2318 ac_cv_sizeof_long_long_int=0
2319fi
2320
90f15776 2321# compute LLONG_MIN and LLONG_MAX if we don't know them.
2322if test -z "$have_llong_max"; then
2323 AC_MSG_CHECKING([for max value of long long])
2324 AC_RUN_IFELSE(
2325 [AC_LANG_SOURCE([[
2326#include <stdio.h>
2327/* Why is this so damn hard? */
2328#ifdef __GNUC__
2329# undef __GNUC__
2330#endif
2331#define __USE_ISOC99
2332#include <limits.h>
2333#define DATA "conftest.llminmax"
055252ed 2334#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2335
2336/*
2337 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2338 * we do this the hard way.
2339 */
2340static int
2341fprint_ll(FILE *f, long long n)
2342{
2343 unsigned int i;
2344 int l[sizeof(long long) * 8];
2345
2346 if (n < 0)
2347 if (fprintf(f, "-") < 0)
2348 return -1;
2349 for (i = 0; n != 0; i++) {
2350 l[i] = my_abs(n % 10);
2351 n /= 10;
2352 }
2353 do {
2354 if (fprintf(f, "%d", l[--i]) < 0)
2355 return -1;
2356 } while (i != 0);
2357 if (fprintf(f, " ") < 0)
2358 return -1;
2359 return 0;
2360}
2361
90f15776 2362int main(void) {
2363 FILE *f;
2364 long long i, llmin, llmax = 0;
2365
2366 if((f = fopen(DATA,"w")) == NULL)
2367 exit(1);
2368
2369#if defined(LLONG_MIN) && defined(LLONG_MAX)
2370 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2371 llmin = LLONG_MIN;
2372 llmax = LLONG_MAX;
2373#else
2374 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2375 /* This will work on one's complement and two's complement */
2376 for (i = 1; i > llmax; i <<= 1, i++)
2377 llmax = i;
2378 llmin = llmax + 1LL; /* wrap */
2379#endif
2380
2381 /* Sanity check */
2382 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
055252ed 2383 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2384 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
90f15776 2385 fprintf(f, "unknown unknown\n");
2386 exit(2);
2387 }
2388
055252ed 2389 if (fprint_ll(f, llmin) < 0)
90f15776 2390 exit(3);
055252ed 2391 if (fprint_ll(f, llmax) < 0)
2392 exit(4);
2393 if (fclose(f) < 0)
2394 exit(5);
90f15776 2395 exit(0);
2396}
2397 ]])],
2398 [
2399 llong_min=`$AWK '{print $1}' conftest.llminmax`
2400 llong_max=`$AWK '{print $2}' conftest.llminmax`
2401
90f15776 2402 AC_MSG_RESULT($llong_max)
2403 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2404 [max value of long long calculated by configure])
2405 AC_MSG_CHECKING([for min value of long long])
2406 AC_MSG_RESULT($llong_min)
2407 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2408 [min value of long long calculated by configure])
2409 ],
2410 [
2411 AC_MSG_RESULT(not found)
2412 ],
2413 [
2414 AC_MSG_WARN([cross compiling: not checking])
2415 ]
2416 )
2417fi
2418
2419
a0391976 2420# More checks for data types
14a9a859 2421AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2422 AC_TRY_COMPILE(
aff51935 2423 [ #include <sys/types.h> ],
2424 [ u_int a; a = 1;],
14a9a859 2425 [ ac_cv_have_u_int="yes" ],
2426 [ ac_cv_have_u_int="no" ]
2427 )
2428])
2429if test "x$ac_cv_have_u_int" = "xyes" ; then
3466e002 2430 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
14a9a859 2431 have_u_int=1
2432fi
2433
58d100bf 2434AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2435 AC_TRY_COMPILE(
aff51935 2436 [ #include <sys/types.h> ],
2437 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
58d100bf 2438 [ ac_cv_have_intxx_t="yes" ],
2439 [ ac_cv_have_intxx_t="no" ]
2440 )
2441])
2442if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3466e002 2443 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
58d100bf 2444 have_intxx_t=1
2445fi
41cb4569 2446
2447if (test -z "$have_intxx_t" && \
aff51935 2448 test "x$ac_cv_header_stdint_h" = "xyes")
41cb4569 2449then
2450 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2451 AC_TRY_COMPILE(
aff51935 2452 [ #include <stdint.h> ],
2453 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
41cb4569 2454 [
2455 AC_DEFINE(HAVE_INTXX_T)
2456 AC_MSG_RESULT(yes)
2457 ],
2458 [ AC_MSG_RESULT(no) ]
2459 )
2460fi
2461
bd590612 2462AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2463 AC_TRY_COMPILE(
1cbbe6c8 2464 [
2465#include <sys/types.h>
2466#ifdef HAVE_STDINT_H
2467# include <stdint.h>
2468#endif
2469#include <sys/socket.h>
2470#ifdef HAVE_SYS_BITYPES_H
2471# include <sys/bitypes.h>
2472#endif
aff51935 2473 ],
2474 [ int64_t a; a = 1;],
bd590612 2475 [ ac_cv_have_int64_t="yes" ],
2476 [ ac_cv_have_int64_t="no" ]
2477 )
2478])
2479if test "x$ac_cv_have_int64_t" = "xyes" ; then
3466e002 2480 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
ddceb1c8 2481fi
2482
58d100bf 2483AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2484 AC_TRY_COMPILE(
aff51935 2485 [ #include <sys/types.h> ],
2486 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
58d100bf 2487 [ ac_cv_have_u_intxx_t="yes" ],
2488 [ ac_cv_have_u_intxx_t="no" ]
2489 )
2490])
2491if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3466e002 2492 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
58d100bf 2493 have_u_intxx_t=1
2494fi
2b942fe0 2495
41cb4569 2496if test -z "$have_u_intxx_t" ; then
2497 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2498 AC_TRY_COMPILE(
aff51935 2499 [ #include <sys/socket.h> ],
2500 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
41cb4569 2501 [
2502 AC_DEFINE(HAVE_U_INTXX_T)
2503 AC_MSG_RESULT(yes)
2504 ],
2505 [ AC_MSG_RESULT(no) ]
2506 )
2507fi
2508
bd590612 2509AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2510 AC_TRY_COMPILE(
aff51935 2511 [ #include <sys/types.h> ],
2512 [ u_int64_t a; a = 1;],
bd590612 2513 [ ac_cv_have_u_int64_t="yes" ],
2514 [ ac_cv_have_u_int64_t="no" ]
2515 )
2516])
2517if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3466e002 2518 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
bd590612 2519 have_u_int64_t=1
2520fi
2521
ddceb1c8 2522if test -z "$have_u_int64_t" ; then
2523 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2524 AC_TRY_COMPILE(
aff51935 2525 [ #include <sys/bitypes.h> ],
ddceb1c8 2526 [ u_int64_t a; a = 1],
2527 [
2528 AC_DEFINE(HAVE_U_INT64_T)
2529 AC_MSG_RESULT(yes)
2530 ],
2531 [ AC_MSG_RESULT(no) ]
2532 )
2533fi
2534
41cb4569 2535if test -z "$have_u_intxx_t" ; then
2536 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2537 AC_TRY_COMPILE(
2538 [
2539#include <sys/types.h>
aff51935 2540 ],
2541 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
41cb4569 2542 [ ac_cv_have_uintxx_t="yes" ],
2543 [ ac_cv_have_uintxx_t="no" ]
2544 )
2545 ])
2546 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3466e002 2547 AC_DEFINE(HAVE_UINTXX_T, 1,
2548 [define if you have uintxx_t data type])
41cb4569 2549 fi
2550fi
2551
2552if test -z "$have_uintxx_t" ; then
2553 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2554 AC_TRY_COMPILE(
aff51935 2555 [ #include <stdint.h> ],
2556 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
41cb4569 2557 [
2558 AC_DEFINE(HAVE_UINTXX_T)
2559 AC_MSG_RESULT(yes)
2560 ],
2561 [ AC_MSG_RESULT(no) ]
2562 )
2563fi
2564
e5fe9a1f 2565if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
aff51935 2566 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
5cdfe03f 2567then
2568 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2569 AC_TRY_COMPILE(
58d100bf 2570 [
2571#include <sys/bitypes.h>
aff51935 2572 ],
5cdfe03f 2573 [
837c30b8 2574 int8_t a; int16_t b; int32_t c;
2575 u_int8_t e; u_int16_t f; u_int32_t g;
2576 a = b = c = e = f = g = 1;
aff51935 2577 ],
5cdfe03f 2578 [
2579 AC_DEFINE(HAVE_U_INTXX_T)
2580 AC_DEFINE(HAVE_INTXX_T)
2581 AC_MSG_RESULT(yes)
2582 ],
2583 [AC_MSG_RESULT(no)]
aff51935 2584 )
5cdfe03f 2585fi
2586
0362750e 2587
2588AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2589 AC_TRY_COMPILE(
2590 [
2591#include <sys/types.h>
2592 ],
2593 [ u_char foo; foo = 125; ],
2594 [ ac_cv_have_u_char="yes" ],
2595 [ ac_cv_have_u_char="no" ]
2596 )
2597])
2598if test "x$ac_cv_have_u_char" = "xyes" ; then
3466e002 2599 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
0362750e 2600fi
2601
98a7c37b 2602TYPE_SOCKLEN_T
2b942fe0 2603
2d16d9a3 2604AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
ddceb1c8 2605
777ece68 2606AC_CHECK_TYPES(in_addr_t,,,
2607[#include <sys/types.h>
2608#include <netinet/in.h>])
7b578f7d 2609
58d100bf 2610AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2611 AC_TRY_COMPILE(
2612 [
18ba2aab 2613#include <sys/types.h>
58d100bf 2614 ],
2615 [ size_t foo; foo = 1235; ],
2616 [ ac_cv_have_size_t="yes" ],
2617 [ ac_cv_have_size_t="no" ]
2618 )
2619])
2620if test "x$ac_cv_have_size_t" = "xyes" ; then
3466e002 2621 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
58d100bf 2622fi
ea1970a3 2623
c04f75f1 2624AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2625 AC_TRY_COMPILE(
2626 [
2627#include <sys/types.h>
2628 ],
2629 [ ssize_t foo; foo = 1235; ],
2630 [ ac_cv_have_ssize_t="yes" ],
2631 [ ac_cv_have_ssize_t="no" ]
2632 )
2633])
2634if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3466e002 2635 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
c04f75f1 2636fi
2637
f1c4659d 2638AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2639 AC_TRY_COMPILE(
2640 [
2641#include <time.h>
2642 ],
2643 [ clock_t foo; foo = 1235; ],
2644 [ ac_cv_have_clock_t="yes" ],
2645 [ ac_cv_have_clock_t="no" ]
2646 )
2647])
2648if test "x$ac_cv_have_clock_t" = "xyes" ; then
3466e002 2649 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
f1c4659d 2650fi
2651
1c04b088 2652AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2653 AC_TRY_COMPILE(
2654 [
2655#include <sys/types.h>
2656#include <sys/socket.h>
2657 ],
2658 [ sa_family_t foo; foo = 1235; ],
2659 [ ac_cv_have_sa_family_t="yes" ],
77bb0bca 2660 [ AC_TRY_COMPILE(
2661 [
2662#include <sys/types.h>
2663#include <sys/socket.h>
2664#include <netinet/in.h>
2665 ],
2666 [ sa_family_t foo; foo = 1235; ],
2667 [ ac_cv_have_sa_family_t="yes" ],
2668
1c04b088 2669 [ ac_cv_have_sa_family_t="no" ]
77bb0bca 2670 )]
1c04b088 2671 )
2672])
2673if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3466e002 2674 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2675 [define if you have sa_family_t data type])
1c04b088 2676fi
2677
729bfe59 2678AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2679 AC_TRY_COMPILE(
2680 [
2681#include <sys/types.h>
2682 ],
2683 [ pid_t foo; foo = 1235; ],
2684 [ ac_cv_have_pid_t="yes" ],
2685 [ ac_cv_have_pid_t="no" ]
2686 )
2687])
2688if test "x$ac_cv_have_pid_t" = "xyes" ; then
3466e002 2689 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
729bfe59 2690fi
2691
2692AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2693 AC_TRY_COMPILE(
2694 [
2695#include <sys/types.h>
2696 ],
2697 [ mode_t foo; foo = 1235; ],
2698 [ ac_cv_have_mode_t="yes" ],
2699 [ ac_cv_have_mode_t="no" ]
2700 )
2701])
2702if test "x$ac_cv_have_mode_t" = "xyes" ; then
3466e002 2703 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
729bfe59 2704fi
2705
e3a93db0 2706
58d100bf 2707AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2708 AC_TRY_COMPILE(
2709 [
18ba2aab 2710#include <sys/types.h>
2711#include <sys/socket.h>
58d100bf 2712 ],
2713 [ struct sockaddr_storage s; ],
2714 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2715 [ ac_cv_have_struct_sockaddr_storage="no" ]
2716 )
2717])
2718if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3466e002 2719 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2720 [define if you have struct sockaddr_storage data type])
58d100bf 2721fi
48e671d5 2722
58d100bf 2723AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2724 AC_TRY_COMPILE(
2725 [
cbd7492e 2726#include <sys/types.h>
58d100bf 2727#include <netinet/in.h>
2728 ],
2729 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2730 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2731 [ ac_cv_have_struct_sockaddr_in6="no" ]
2732 )
2733])
2734if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3466e002 2735 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2736 [define if you have struct sockaddr_in6 data type])
58d100bf 2737fi
48e671d5 2738
58d100bf 2739AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2740 AC_TRY_COMPILE(
2741 [
cbd7492e 2742#include <sys/types.h>
58d100bf 2743#include <netinet/in.h>
2744 ],
2745 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2746 [ ac_cv_have_struct_in6_addr="yes" ],
2747 [ ac_cv_have_struct_in6_addr="no" ]
2748 )
2749])
2750if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3466e002 2751 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2752 [define if you have struct in6_addr data type])
58d100bf 2753fi
48e671d5 2754
58d100bf 2755AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2756 AC_TRY_COMPILE(
2757 [
18ba2aab 2758#include <sys/types.h>
2759#include <sys/socket.h>
2760#include <netdb.h>
58d100bf 2761 ],
2762 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2763 [ ac_cv_have_struct_addrinfo="yes" ],
2764 [ ac_cv_have_struct_addrinfo="no" ]
2765 )
2766])
2767if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3466e002 2768 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2769 [define if you have struct addrinfo data type])
58d100bf 2770fi
2771
89c7e31c 2772AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2773 AC_TRY_COMPILE(
aff51935 2774 [ #include <sys/time.h> ],
2775 [ struct timeval tv; tv.tv_sec = 1;],
89c7e31c 2776 [ ac_cv_have_struct_timeval="yes" ],
2777 [ ac_cv_have_struct_timeval="no" ]
2778 )
2779])
2780if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3466e002 2781 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
89c7e31c 2782 have_struct_timeval=1
2783fi
2784
5271b55c 2785AC_CHECK_TYPES(struct timespec)
2786
85abc74b 2787# We need int64_t or else certian parts of the compile will fail.
4b492aab 2788if test "x$ac_cv_have_int64_t" = "xno" && \
2789 test "x$ac_cv_sizeof_long_int" != "x8" && \
2790 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
85abc74b 2791 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2792 echo "an alternative compiler (I.E., GCC) before continuing."
2793 echo ""
2794 exit 1;
733cf7f4 2795else
2796dnl test snprintf (broken on SCO w/gcc)
1a01a50c 2797 AC_RUN_IFELSE(
479cece8 2798 [AC_LANG_SOURCE([[
733cf7f4 2799#include <stdio.h>
2800#include <string.h>
2801#ifdef HAVE_SNPRINTF
2802main()
2803{
2804 char buf[50];
2805 char expected_out[50];
2806 int mazsize = 50 ;
2807#if (SIZEOF_LONG_INT == 8)
2808 long int num = 0x7fffffffffffffff;
2809#else
763a1a18 2810 long long num = 0x7fffffffffffffffll;
733cf7f4 2811#endif
2812 strcpy(expected_out, "9223372036854775807");
2813 snprintf(buf, mazsize, "%lld", num);
2814 if(strcmp(buf, expected_out) != 0)
aff51935 2815 exit(1);
733cf7f4 2816 exit(0);
2817}
2818#else
2819main() { exit(0); }
2820#endif
479cece8 2821 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
1a01a50c 2822 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
733cf7f4 2823 )
2c523de9 2824fi
2825
77bb0bca 2826dnl Checks for structure members
58d100bf 2827OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2828OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2829OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2830OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2831OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
25422c70 2832OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
58d100bf 2833OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2834OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
daaff4d5 2835OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
58d100bf 2836OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2837OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2838OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2839OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1d7b9b20 2840OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2841OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2842OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2843OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
98a7c37b 2844
2845AC_CHECK_MEMBERS([struct stat.st_blksize])
ccc45ee0 2846AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2847 [Define if we don't have struct __res_state in resolv.h])],
2848[
2849#include <stdio.h>
2850#if HAVE_SYS_TYPES_H
2851# include <sys/types.h>
2852#endif
2853#include <netinet/in.h>
2854#include <arpa/nameser.h>
2855#include <resolv.h>
2856])
1d7b9b20 2857
58d100bf 2858AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2859 ac_cv_have_ss_family_in_struct_ss, [
2860 AC_TRY_COMPILE(
2861 [
18ba2aab 2862#include <sys/types.h>
2863#include <sys/socket.h>
58d100bf 2864 ],
2865 [ struct sockaddr_storage s; s.ss_family = 1; ],
2866 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2867 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2868 )
2869])
2870if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3466e002 2871 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
58d100bf 2872fi
2873
58d100bf 2874AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2875 ac_cv_have___ss_family_in_struct_ss, [
2876 AC_TRY_COMPILE(
2877 [
18ba2aab 2878#include <sys/types.h>
2879#include <sys/socket.h>
58d100bf 2880 ],
2881 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2882 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2883 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2884 )
2885])
2886if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3466e002 2887 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2888 [Fields in struct sockaddr_storage])
58d100bf 2889fi
2890
2e73a022 2891AC_CACHE_CHECK([for pw_class field in struct passwd],
2892 ac_cv_have_pw_class_in_struct_passwd, [
2893 AC_TRY_COMPILE(
2894 [
2e73a022 2895#include <pwd.h>
2896 ],
97994d32 2897 [ struct passwd p; p.pw_class = 0; ],
2e73a022 2898 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2899 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2900 )
2901])
2902if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3466e002 2903 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2904 [Define if your password has a pw_class field])
2e73a022 2905fi
2906
7751d4eb 2907AC_CACHE_CHECK([for pw_expire field in struct passwd],
2908 ac_cv_have_pw_expire_in_struct_passwd, [
2909 AC_TRY_COMPILE(
2910 [
2911#include <pwd.h>
2912 ],
2913 [ struct passwd p; p.pw_expire = 0; ],
2914 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2915 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2916 )
2917])
2918if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3466e002 2919 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2920 [Define if your password has a pw_expire field])
7751d4eb 2921fi
2922
2923AC_CACHE_CHECK([for pw_change field in struct passwd],
2924 ac_cv_have_pw_change_in_struct_passwd, [
2925 AC_TRY_COMPILE(
2926 [
2927#include <pwd.h>
2928 ],
2929 [ struct passwd p; p.pw_change = 0; ],
2930 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2931 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2932 )
2933])
2934if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3466e002 2935 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2936 [Define if your password has a pw_change field])
7751d4eb 2937fi
58d100bf 2938
637f9177 2939dnl make sure we're using the real structure members and not defines
6f34652e 2940AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2941 ac_cv_have_accrights_in_msghdr, [
1a01a50c 2942 AC_COMPILE_IFELSE(
6f34652e 2943 [
f95c8ce8 2944#include <sys/types.h>
6f34652e 2945#include <sys/socket.h>
2946#include <sys/uio.h>
637f9177 2947int main() {
2948#ifdef msg_accrights
1a01a50c 2949#error "msg_accrights is a macro"
637f9177 2950exit(1);
2951#endif
2952struct msghdr m;
2953m.msg_accrights = 0;
2954exit(0);
2955}
6f34652e 2956 ],
6f34652e 2957 [ ac_cv_have_accrights_in_msghdr="yes" ],
2958 [ ac_cv_have_accrights_in_msghdr="no" ]
2959 )
2960])
2961if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3466e002 2962 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2963 [Define if your system uses access rights style
2964 file descriptor passing])
6f34652e 2965fi
2966
7176df4f 2967AC_CACHE_CHECK([for msg_control field in struct msghdr],
2968 ac_cv_have_control_in_msghdr, [
1a01a50c 2969 AC_COMPILE_IFELSE(
7176df4f 2970 [
f95c8ce8 2971#include <sys/types.h>
7176df4f 2972#include <sys/socket.h>
2973#include <sys/uio.h>
637f9177 2974int main() {
2975#ifdef msg_control
1a01a50c 2976#error "msg_control is a macro"
637f9177 2977exit(1);
2978#endif
2979struct msghdr m;
2980m.msg_control = 0;
2981exit(0);
2982}
7176df4f 2983 ],
7176df4f 2984 [ ac_cv_have_control_in_msghdr="yes" ],
2985 [ ac_cv_have_control_in_msghdr="no" ]
2986 )
2987])
2988if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3466e002 2989 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2990 [Define if your system uses ancillary data style
2991 file descriptor passing])
7176df4f 2992fi
2993
58d100bf 2994AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
aff51935 2995 AC_TRY_LINK([],
2996 [ extern char *__progname; printf("%s", __progname); ],
58d100bf 2997 [ ac_cv_libc_defines___progname="yes" ],
2998 [ ac_cv_libc_defines___progname="no" ]
2999 )
3000])
3001if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3466e002 3002 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
58d100bf 3003fi
8946db53 3004
c921ee00 3005AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3006 AC_TRY_LINK([
3007#include <stdio.h>
aff51935 3008],
3009 [ printf("%s", __FUNCTION__); ],
c921ee00 3010 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3011 [ ac_cv_cc_implements___FUNCTION__="no" ]
3012 )
3013])
3014if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3466e002 3015 AC_DEFINE(HAVE___FUNCTION__, 1,
3016 [Define if compiler implements __FUNCTION__])
c921ee00 3017fi
3018
3019AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3020 AC_TRY_LINK([
3021#include <stdio.h>
aff51935 3022],
3023 [ printf("%s", __func__); ],
c921ee00 3024 [ ac_cv_cc_implements___func__="yes" ],
3025 [ ac_cv_cc_implements___func__="no" ]
3026 )
3027])
3028if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3466e002 3029 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
c921ee00 3030fi
3031
9a406e1e 3032AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3033 AC_TRY_LINK(
3034 [#include <stdarg.h>
3035 va_list x,y;],
3036 [va_copy(x,y);],
3037 [ ac_cv_have_va_copy="yes" ],
3038 [ ac_cv_have_va_copy="no" ]
3039 )
3040])
3041if test "x$ac_cv_have_va_copy" = "xyes" ; then
3042 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3043fi
3044
3045AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3046 AC_TRY_LINK(
3047 [#include <stdarg.h>
3048 va_list x,y;],
3049 [__va_copy(x,y);],
3050 [ ac_cv_have___va_copy="yes" ],
3051 [ ac_cv_have___va_copy="no" ]
3052 )
3053])
3054if test "x$ac_cv_have___va_copy" = "xyes" ; then
3055 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3056fi
3057
1812a662 3058AC_CACHE_CHECK([whether getopt has optreset support],
3059 ac_cv_have_getopt_optreset, [
3060 AC_TRY_LINK(
3061 [
3062#include <getopt.h>
3063 ],
3064 [ extern int optreset; optreset = 0; ],
3065 [ ac_cv_have_getopt_optreset="yes" ],
3066 [ ac_cv_have_getopt_optreset="no" ]
3067 )
3068])
3069if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3466e002 3070 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3071 [Define if your getopt(3) defines and uses optreset])
1812a662 3072fi
a0391976 3073
819b676f 3074AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
aff51935 3075 AC_TRY_LINK([],
3076 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
819b676f 3077 [ ac_cv_libc_defines_sys_errlist="yes" ],
3078 [ ac_cv_libc_defines_sys_errlist="no" ]
3079 )
3080])
3081if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3466e002 3082 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3083 [Define if your system defines sys_errlist[]])
819b676f 3084fi
3085
3086
416ed5a7 3087AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
aff51935 3088 AC_TRY_LINK([],
3089 [ extern int sys_nerr; printf("%i", sys_nerr);],
416ed5a7 3090 [ ac_cv_libc_defines_sys_nerr="yes" ],
3091 [ ac_cv_libc_defines_sys_nerr="no" ]
3092 )
3093])
3094if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3466e002 3095 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
416ed5a7 3096fi
3097
aff51935 3098SCARD_MSG="no"
295c8801 3099# Check whether user wants sectok support
3100AC_ARG_WITH(sectok,
3101 [ --with-sectok Enable smartcard support using libsectok],
d0b19c95 3102 [
3103 if test "x$withval" != "xno" ; then
3104 if test "x$withval" != "xyes" ; then
3105 CPPFLAGS="$CPPFLAGS -I${withval}"
3106 LDFLAGS="$LDFLAGS -L${withval}"
3107 if test ! -z "$need_dash_r" ; then
3108 LDFLAGS="$LDFLAGS -R${withval}"
3109 fi
3110 if test ! -z "$blibpath" ; then
3111 blibpath="$blibpath:${withval}"
3112 fi
3113 fi
3114 AC_CHECK_HEADERS(sectok.h)
3115 if test "$ac_cv_header_sectok_h" != yes; then
3116 AC_MSG_ERROR(Can't find sectok.h)
3117 fi
3118 AC_CHECK_LIB(sectok, sectok_open)
3119 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3120 AC_MSG_ERROR(Can't find libsectok)
3121 fi
3466e002 3122 AC_DEFINE(SMARTCARD, 1,
3123 [Define if you want smartcard support])
3124 AC_DEFINE(USE_SECTOK, 1,
3125 [Define if you want smartcard support
3126 using sectok])
aff51935 3127 SCARD_MSG="yes, using sectok"
295c8801 3128 fi
3129 ]
3130)
3131
3132# Check whether user wants OpenSC support
987b458f 3133OPENSC_CONFIG="no"
295c8801 3134AC_ARG_WITH(opensc,
e47fb473 3135 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
987b458f 3136 [
3137 if test "x$withval" != "xno" ; then
3138 if test "x$withval" != "xyes" ; then
3139 OPENSC_CONFIG=$withval/bin/opensc-config
3140 else
3141 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3142 fi
3143 if test "$OPENSC_CONFIG" != "no"; then
3144 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3145 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3146 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
530456f4 3147 LIBS="$LIBS $LIBOPENSC_LIBS"
987b458f 3148 AC_DEFINE(SMARTCARD)
3466e002 3149 AC_DEFINE(USE_OPENSC, 1,
3150 [Define if you want smartcard support
3151 using OpenSC])
987b458f 3152 SCARD_MSG="yes, using OpenSC"
3153 fi
3154 fi
3155 ]
3156)
d0b19c95 3157
c31dc31c 3158# Check libraries needed by DNS fingerprint support
aff51935 3159AC_SEARCH_LIBS(getrrsetbyname, resolv,
3466e002 3160 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3161 [Define if getrrsetbyname() exists])],
3e05e934 3162 [
c31dc31c 3163 # Needed by our getrrsetbyname()
3164 AC_SEARCH_LIBS(res_query, resolv)
3165 AC_SEARCH_LIBS(dn_expand, resolv)
dabb524a 3166 AC_MSG_CHECKING(if res_query will link)
3167 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3168 [AC_MSG_RESULT(no)
3169 saved_LIBS="$LIBS"
3170 LIBS="$LIBS -lresolv"
3171 AC_MSG_CHECKING(for res_query in -lresolv)
3172 AC_LINK_IFELSE([
3173#include <resolv.h>
3174int main()
3175{
3176 res_query (0, 0, 0, 0, 0);
3177 return 0;
3178}
3179 ],
3180 [LIBS="$LIBS -lresolv"
3181 AC_MSG_RESULT(yes)],
3182 [LIBS="$saved_LIBS"
3183 AC_MSG_RESULT(no)])
3184 ])
c31dc31c 3185 AC_CHECK_FUNCS(_getshort _getlong)
1c829da5 3186 AC_CHECK_DECLS([_getshort, _getlong], , ,
b5765e1d 3187 [#include <sys/types.h>
3188 #include <arpa/nameser.h>])
c31dc31c 3189 AC_CHECK_MEMBER(HEADER.ad,
3466e002 3190 [AC_DEFINE(HAVE_HEADER_AD, 1,
3191 [Define if HEADER.ad exists in arpa/nameser.h])],,
c31dc31c 3192 [#include <arpa/nameser.h>])
3193 ])
3e05e934 3194
560acf80 3195AC_MSG_CHECKING(if struct __res_state _res is an extern)
3196AC_LINK_IFELSE([
3197#include <stdio.h>
3198#if HAVE_SYS_TYPES_H
3199# include <sys/types.h>
3200#endif
3201#include <netinet/in.h>
3202#include <arpa/nameser.h>
3203#include <resolv.h>
3204extern struct __res_state _res;
3205int main() { return 0; }
3206 ],
3207 [AC_MSG_RESULT(yes)
3208 AC_DEFINE(HAVE__RES_EXTERN, 1,
3209 [Define if you have struct __res_state _res as an extern])
3210 ],
3211 [ AC_MSG_RESULT(no) ]
3212)
3213
ef4d1846 3214# Check whether user wants SELinux support
3215SELINUX_MSG="no"
3216LIBSELINUX=""
3217AC_ARG_WITH(selinux,
3218 [ --with-selinux Enable SELinux support],
3219 [ if test "x$withval" != "xno" ; then
e54defb4 3220 save_LIBS="$LIBS"
ef4d1846 3221 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3222 SELINUX_MSG="yes"
3223 AC_CHECK_HEADER([selinux/selinux.h], ,
3224 AC_MSG_ERROR(SELinux support requires selinux.h header))
3225 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3226 AC_MSG_ERROR(SELinux support requires libselinux library))
e54defb4 3227 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
ef4d1846 3228 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
5ba277eb 3229 LIBS="$save_LIBS"
ef4d1846 3230 fi ]
3231)
ef4d1846 3232
12928e80 3233# Check whether user wants Kerberos 5 support
aff51935 3234KRB5_MSG="no"
12928e80 3235AC_ARG_WITH(kerberos5,
aff51935 3236 [ --with-kerberos5=PATH Enable Kerberos 5 support],
5585c441 3237 [ if test "x$withval" != "xno" ; then
3238 if test "x$withval" = "xyes" ; then
3239 KRB5ROOT="/usr/local"
3240 else
3241 KRB5ROOT=${withval}
3242 fi
3243
3466e002 3244 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
5585c441 3245 KRB5_MSG="yes"
3246
3247 AC_MSG_CHECKING(for krb5-config)
3248 if test -x $KRB5ROOT/bin/krb5-config ; then
3249 KRB5CONF=$KRB5ROOT/bin/krb5-config
3250 AC_MSG_RESULT($KRB5CONF)
3251
3252 AC_MSG_CHECKING(for gssapi support)
3253 if $KRB5CONF | grep gssapi >/dev/null ; then
3254 AC_MSG_RESULT(yes)
3466e002 3255 AC_DEFINE(GSSAPI, 1,
3256 [Define this if you want GSSAPI
3257 support in the version 2 protocol])
071970fb 3258 k5confopts=gssapi
aff51935 3259 else
5585c441 3260 AC_MSG_RESULT(no)
071970fb 3261 k5confopts=""
aff51935 3262 fi
071970fb 3263 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3264 K5LIBS="`$KRB5CONF --libs $k5confopts`"
5585c441 3265 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
5585c441 3266 AC_MSG_CHECKING(whether we are using Heimdal)
3267 AC_TRY_COMPILE([ #include <krb5.h> ],
3268 [ char *tmp = heimdal_version; ],
3269 [ AC_MSG_RESULT(yes)
3466e002 3270 AC_DEFINE(HEIMDAL, 1,
3271 [Define this if you are using the
3272 Heimdal version of Kerberos V5]) ],
5585c441 3273 AC_MSG_RESULT(no)
3274 )
3275 else
3276 AC_MSG_RESULT(no)
12928e80 3277 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
aff51935 3278 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
aff51935 3279 AC_MSG_CHECKING(whether we are using Heimdal)
3280 AC_TRY_COMPILE([ #include <krb5.h> ],
3281 [ char *tmp = heimdal_version; ],
3282 [ AC_MSG_RESULT(yes)
3283 AC_DEFINE(HEIMDAL)
41707f74 3284 K5LIBS="-lkrb5 -ldes"
3285 K5LIBS="$K5LIBS -lcom_err -lasn1"
82f4e93d 3286 AC_CHECK_LIB(roken, net_write,
41707f74 3287 [K5LIBS="$K5LIBS -lroken"])
aff51935 3288 ],
3289 [ AC_MSG_RESULT(no)
3290 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3291 ]
3292 )
4e00038c 3293 AC_SEARCH_LIBS(dn_expand, resolv)
12928e80 3294
749560dd 3295 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3296 [ AC_DEFINE(GSSAPI)
3297 K5LIBS="-lgssapi $K5LIBS" ],
3298 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3299 [ AC_DEFINE(GSSAPI)
aff51935 3300 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
749560dd 3301 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3302 $K5LIBS)
3303 ],
3304 $K5LIBS)
82f4e93d 3305
749560dd 3306 AC_CHECK_HEADER(gssapi.h, ,
3307 [ unset ac_cv_header_gssapi_h
aff51935 3308 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
749560dd 3309 AC_CHECK_HEADERS(gssapi.h, ,
3310 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
aff51935 3311 )
749560dd 3312 ]
3313 )
3314
3315 oldCPP="$CPPFLAGS"
3316 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3317 AC_CHECK_HEADER(gssapi_krb5.h, ,
3318 [ CPPFLAGS="$oldCPP" ])
3319
aff51935 3320 fi
5585c441 3321 if test ! -z "$need_dash_r" ; then
3322 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3323 fi
3324 if test ! -z "$blibpath" ; then
3325 blibpath="$blibpath:${KRB5ROOT}/lib"
3326 fi
071970fb 3327
f5555364 3328 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3329 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3330 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
071970fb 3331
f5555364 3332 LIBS="$LIBS $K5LIBS"
3466e002 3333 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3334 [Define this if you want to use libkafs' AFS support]))
f5555364 3335 fi
071970fb 3336 ]
12928e80 3337)
b5b68128 3338
a0391976 3339# Looking for programs, paths and files
a0391976 3340
ecac8ee5 3341PRIVSEP_PATH=/var/empty
3342AC_ARG_WITH(privsep-path,
cda1ebcb 3343 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
ecac8ee5 3344 [
6cf0200f 3345 if test -n "$withval" && test "x$withval" != "xno" && \
3346 test "x${withval}" != "xyes"; then
ecac8ee5 3347 PRIVSEP_PATH=$withval
3348 fi
3349 ]
3350)
3351AC_SUBST(PRIVSEP_PATH)
3352
a0391976 3353AC_ARG_WITH(xauth,
3354 [ --with-xauth=PATH Specify path to xauth program ],
3355 [
6cf0200f 3356 if test -n "$withval" && test "x$withval" != "xno" && \
3357 test "x${withval}" != "xyes"; then
cbd7492e 3358 xauth_path=$withval
a0391976 3359 fi
3360 ],
3361 [
2bf42e4a 3362 TestPath="$PATH"
3363 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3364 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3365 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3366 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3367 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
e5fe9a1f 3368 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
a0391976 3369 xauth_path="/usr/openwin/bin/xauth"
3370 fi
3371 ]
3372)
3373
65a4b4af 3374STRIP_OPT=-s
3375AC_ARG_ENABLE(strip,
3376 [ --disable-strip Disable calling strip(1) on install],
3377 [
3378 if test "x$enableval" = "xno" ; then
3379 STRIP_OPT=
3380 fi
3381 ]
3382)
3383AC_SUBST(STRIP_OPT)
3384
b3ec54b4 3385if test -z "$xauth_path" ; then
3386 XAUTH_PATH="undefined"
3387 AC_SUBST(XAUTH_PATH)
3388else
3466e002 3389 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3390 [Define if xauth is found in your path])
b3ec54b4 3391 XAUTH_PATH=$xauth_path
3392 AC_SUBST(XAUTH_PATH)
a0391976 3393fi
a0391976 3394
3395# Check for mail directory (last resort if we cannot get it from headers)
3396if test ! -z "$MAIL" ; then
3397 maildir=`dirname $MAIL`
3466e002 3398 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3399 [Set this to your mail directory if you don't have maillock.h])
a0391976 3400fi
3401
479cece8 3402if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
1a01a50c 3403 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3404 disable_ptmx_check=yes
3405fi
a0391976 3406if test -z "$no_dev_ptmx" ; then
6e879cb4 3407 if test "x$disable_ptmx_check" != "xyes" ; then
aff51935 3408 AC_CHECK_FILE("/dev/ptmx",
6e879cb4 3409 [
3466e002 3410 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3411 [Define if you have /dev/ptmx])
6e879cb4 3412 have_dev_ptmx=1
3413 ]
3414 )
3415 fi
3276571c 3416fi
1a01a50c 3417
479cece8 3418if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
1a01a50c 3419 AC_CHECK_FILE("/dev/ptc",
3420 [
3466e002 3421 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3422 [Define if you have /dev/ptc])
1a01a50c 3423 have_dev_ptc=1
3424 ]
3425 )
3426else
3427 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3428fi
3276571c 3429
a0391976 3430# Options from here on. Some of these are preset by platform above
fdf6b7aa 3431AC_ARG_WITH(mantype,
5d97cfbf 3432 [ --with-mantype=man|cat|doc Set man page type],
c54a6257 3433 [
5d97cfbf 3434 case "$withval" in
3435 man|cat|doc)
3436 MANTYPE=$withval
3437 ;;
3438 *)
3439 AC_MSG_ERROR(invalid man type: $withval)
3440 ;;
3441 esac
c54a6257 3442 ]
3443)
e0c4d3ac 3444if test -z "$MANTYPE"; then
2bf42e4a 3445 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3446 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
e0c4d3ac 3447 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3448 MANTYPE=doc
3449 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3450 MANTYPE=man
3451 else
3452 MANTYPE=cat
3453 fi
3454fi
c54a6257 3455AC_SUBST(MANTYPE)
e0c4d3ac 3456if test "$MANTYPE" = "doc"; then
3457 mansubdir=man;
3458else
3459 mansubdir=$MANTYPE;
3460fi
3461AC_SUBST(mansubdir)
0bc5b6fb 3462
a0391976 3463# Check whether to enable MD5 passwords
aff51935 3464MD5_MSG="no"
2ddcfdf3 3465AC_ARG_WITH(md5-passwords,
caf3bc51 3466 [ --with-md5-passwords Enable use of MD5 passwords],
0bc5b6fb 3467 [
bcf36c78 3468 if test "x$withval" != "xno" ; then
3466e002 3469 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3470 [Define if you want to allow MD5 passwords])
aff51935 3471 MD5_MSG="yes"
0bc5b6fb 3472 fi
3473 ]
caf3bc51 3474)
3475
a0391976 3476# Whether to disable shadow password support
a7effaac 3477AC_ARG_WITH(shadow,
3478 [ --without-shadow Disable shadow password support],
3479 [
82f4e93d 3480 if test "x$withval" = "xno" ; then
a7effaac 3481 AC_DEFINE(DISABLE_SHADOW)
4cb5ffa0 3482 disable_shadow=yes
a7effaac 3483 fi
3484 ]
3485)
3486
4cb5ffa0 3487if test -z "$disable_shadow" ; then
3488 AC_MSG_CHECKING([if the systems has expire shadow information])
3489 AC_TRY_COMPILE(
3490 [
3491#include <sys/types.h>
3492#include <shadow.h>
3493 struct spwd sp;
3494 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3495 [ sp_expire_available=yes ], []
3496 )
3497
3498 if test "x$sp_expire_available" = "xyes" ; then
3499 AC_MSG_RESULT(yes)
3466e002 3500 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3501 [Define if you want to use shadow password expire field])
4cb5ffa0 3502 else
3503 AC_MSG_RESULT(no)
3504 fi
3505fi
3506
a0391976 3507# Use ip address instead of hostname in $DISPLAY
44839801 3508if test ! -z "$IPADDR_IN_DISPLAY" ; then
3509 DISPLAY_HACK_MSG="yes"
3466e002 3510 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3511 [Define if you need to use IP address
3512 instead of hostname in $DISPLAY])
44839801 3513else
aff51935 3514 DISPLAY_HACK_MSG="no"
44839801 3515 AC_ARG_WITH(ipaddr-display,
3516 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3517 [
82f4e93d 3518 if test "x$withval" != "xno" ; then
44839801 3519 AC_DEFINE(IPADDR_IN_DISPLAY)
aff51935 3520 DISPLAY_HACK_MSG="yes"
44839801 3521 fi
3522 ]
3523 )
3524fi
a7effaac 3525
95b99395 3526# check for /etc/default/login and use it if present.
daa41e62 3527AC_ARG_ENABLE(etc-default-login,
6ff3d0dc 3528 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
694d0cef 3529 [ if test "x$enableval" = "xno"; then
3530 AC_MSG_NOTICE([/etc/default/login handling disabled])
3531 etc_default_login=no
3532 else
3533 etc_default_login=yes
3534 fi ],
b0e7249f 3535 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3536 then
3537 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3538 etc_default_login=no
3539 else
3540 etc_default_login=yes
3541 fi ]
694d0cef 3542)
95b99395 3543
694d0cef 3544if test "x$etc_default_login" != "xno"; then
3545 AC_CHECK_FILE("/etc/default/login",
3546 [ external_path_file=/etc/default/login ])
b0e7249f 3547 if test "x$external_path_file" = "x/etc/default/login"; then
3466e002 3548 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3549 [Define if your system has /etc/default/login])
1a01a50c 3550 fi
694d0cef 3551fi
95b99395 3552
8d184c09 3553dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4b492aab 3554if test $ac_cv_func_login_getcapbool = "yes" && \
3555 test $ac_cv_header_login_cap_h = "yes" ; then
95b99395 3556 external_path_file=/etc/login.conf
8d184c09 3557fi
95b99395 3558
a0391976 3559# Whether to mess with the default path
aff51935 3560SERVER_PATH_MSG="(default)"
c43d69a9 3561AC_ARG_WITH(default-path,
75817f90 3562 [ --with-default-path= Specify default \$PATH environment for server],
cb807f40 3563 [
95b99395 3564 if test "x$external_path_file" = "x/etc/login.conf" ; then
8d184c09 3565 AC_MSG_WARN([
3566--with-default-path=PATH has no effect on this system.
3567Edit /etc/login.conf instead.])
82f4e93d 3568 elif test "x$withval" != "xno" ; then
89bbd457 3569 if test ! -z "$external_path_file" ; then
95b99395 3570 AC_MSG_WARN([
3571--with-default-path=PATH will only be used if PATH is not defined in
3572$external_path_file .])
3573 fi
b2d818e6 3574 user_path="$withval"
aff51935 3575 SERVER_PATH_MSG="$withval"
cb807f40 3576 fi
b2d818e6 3577 ],
95b99395 3578 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3579 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
8d184c09 3580 else
89bbd457 3581 if test ! -z "$external_path_file" ; then
95b99395 3582 AC_MSG_WARN([
3583If PATH is defined in $external_path_file, ensure the path to scp is included,
3584otherwise scp will not work.])
3585 fi
b0e7249f 3586 AC_RUN_IFELSE(
3587 [AC_LANG_SOURCE([[
b2d818e6 3588/* find out what STDPATH is */
3589#include <stdio.h>
b2d818e6 3590#ifdef HAVE_PATHS_H
3591# include <paths.h>
3592#endif
3593#ifndef _PATH_STDPATH
d9a4e55b 3594# ifdef _PATH_USERPATH /* Irix */
3595# define _PATH_STDPATH _PATH_USERPATH
3596# else
3597# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3598# endif
b2d818e6 3599#endif
3600#include <sys/types.h>
3601#include <sys/stat.h>
3602#include <fcntl.h>
3603#define DATA "conftest.stdpath"
3604
3605main()
3606{
3607 FILE *fd;
3608 int rc;
82f4e93d 3609
b2d818e6 3610 fd = fopen(DATA,"w");
3611 if(fd == NULL)
3612 exit(1);
82f4e93d 3613
b2d818e6 3614 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3615 exit(1);
3616
3617 exit(0);
3618}
b0e7249f 3619 ]])],
3620 [ user_path=`cat conftest.stdpath` ],
b2d818e6 3621 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3622 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3623 )
3624# make sure $bindir is in USER_PATH so scp will work
3625 t_bindir=`eval echo ${bindir}`
3626 case $t_bindir in
3627 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3628 esac
3629 case $t_bindir in
3630 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3631 esac
3632 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3633 if test $? -ne 0 ; then
3634 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3635 if test $? -ne 0 ; then
3636 user_path=$user_path:$t_bindir
3637 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3638 fi
3639 fi
8d184c09 3640 fi ]
cb807f40 3641)
95b99395 3642if test "x$external_path_file" != "x/etc/login.conf" ; then
3466e002 3643 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
8d184c09 3644 AC_SUBST(user_path)
3645fi
cb807f40 3646
06617857 3647# Set superuser path separately to user path
06617857 3648AC_ARG_WITH(superuser-path,
3649 [ --with-superuser-path= Specify different path for super-user],
3650 [
6cf0200f 3651 if test -n "$withval" && test "x$withval" != "xno" && \
3652 test "x${withval}" != "xyes"; then
3466e002 3653 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3654 [Define if you want a different $PATH
3655 for the superuser])
06617857 3656 superuser_path=$withval
3657 fi
3658 ]
3659)
3660
3661
58d100bf 3662AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
aff51935 3663IPV4_IN6_HACK_MSG="no"
80faa19f 3664AC_ARG_WITH(4in6,
3665 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3666 [
3667 if test "x$withval" != "xno" ; then
3668 AC_MSG_RESULT(yes)
3466e002 3669 AC_DEFINE(IPV4_IN_IPV6, 1,
3670 [Detect IPv4 in IPv6 mapped addresses
3671 and treat as IPv4])
aff51935 3672 IPV4_IN6_HACK_MSG="yes"
80faa19f 3673 else
3674 AC_MSG_RESULT(no)
3675 fi
3676 ],[
3677 if test "x$inet6_default_4in6" = "xyes"; then
3678 AC_MSG_RESULT([yes (default)])
3679 AC_DEFINE(IPV4_IN_IPV6)
aff51935 3680 IPV4_IN6_HACK_MSG="yes"
80faa19f 3681 else
3682 AC_MSG_RESULT([no (default)])
3683 fi
3684 ]
3685)
3686
af774732 3687# Whether to enable BSD auth support
f1b0ecc3 3688BSD_AUTH_MSG=no
af774732 3689AC_ARG_WITH(bsd-auth,
3690 [ --with-bsd-auth Enable BSD auth support],
3691 [
82f4e93d 3692 if test "x$withval" != "xno" ; then
3466e002 3693 AC_DEFINE(BSD_AUTH, 1,
3694 [Define if you have BSD auth support])
f1b0ecc3 3695 BSD_AUTH_MSG=yes
af774732 3696 fi
3697 ]
3698)
3699
a0391976 3700# Where to place sshd.pid
19d9ac2a 3701piddir=/var/run
81dadca3 3702# make sure the directory exists
82f4e93d 3703if test ! -d $piddir ; then
81dadca3 3704 piddir=`eval echo ${sysconfdir}`
3705 case $piddir in
aff51935 3706 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
81dadca3 3707 esac
3708fi
3709
47e45e44 3710AC_ARG_WITH(pid-dir,
3711 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3712 [
6cf0200f 3713 if test -n "$withval" && test "x$withval" != "xno" && \
3714 test "x${withval}" != "xyes"; then
19d9ac2a 3715 piddir=$withval
82f4e93d 3716 if test ! -d $piddir ; then
81dadca3 3717 AC_MSG_WARN([** no $piddir directory on this system **])
3718 fi
47e45e44 3719 fi
3720 ]
3721)
b7a87eea 3722
3466e002 3723AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
19d9ac2a 3724AC_SUBST(piddir)
47e45e44 3725
1d7b9b20 3726dnl allow user to disable some login recording features
3727AC_ARG_ENABLE(lastlog,
bfd550a2 3728 [ --disable-lastlog disable use of lastlog even if detected [no]],
ddb154b3 3729 [
3730 if test "x$enableval" = "xno" ; then
3731 AC_DEFINE(DISABLE_LASTLOG)
3732 fi
3733 ]
1d7b9b20 3734)
3735AC_ARG_ENABLE(utmp,
bfd550a2 3736 [ --disable-utmp disable use of utmp even if detected [no]],
ddb154b3 3737 [
3738 if test "x$enableval" = "xno" ; then
3739 AC_DEFINE(DISABLE_UTMP)
3740 fi
3741 ]
1d7b9b20 3742)
3743AC_ARG_ENABLE(utmpx,
bfd550a2 3744 [ --disable-utmpx disable use of utmpx even if detected [no]],
ddb154b3 3745 [
3746 if test "x$enableval" = "xno" ; then
3466e002 3747 AC_DEFINE(DISABLE_UTMPX, 1,
3748 [Define if you don't want to use utmpx])
ddb154b3 3749 fi
3750 ]
1d7b9b20 3751)
3752AC_ARG_ENABLE(wtmp,
bfd550a2 3753 [ --disable-wtmp disable use of wtmp even if detected [no]],
ddb154b3 3754 [
3755 if test "x$enableval" = "xno" ; then
3756 AC_DEFINE(DISABLE_WTMP)
3757 fi
3758 ]
1d7b9b20 3759)
3760AC_ARG_ENABLE(wtmpx,
bfd550a2 3761 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
ddb154b3 3762 [
3763 if test "x$enableval" = "xno" ; then
3466e002 3764 AC_DEFINE(DISABLE_WTMPX, 1,
3765 [Define if you don't want to use wtmpx])
ddb154b3 3766 fi
3767 ]
1d7b9b20 3768)
3769AC_ARG_ENABLE(libutil,
bfd550a2 3770 [ --disable-libutil disable use of libutil (login() etc.) [no]],
ddb154b3 3771 [
3772 if test "x$enableval" = "xno" ; then
3773 AC_DEFINE(DISABLE_LOGIN)
3774 fi
3775 ]
1d7b9b20 3776)
3777AC_ARG_ENABLE(pututline,
bfd550a2 3778 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
ddb154b3 3779 [
3780 if test "x$enableval" = "xno" ; then
3466e002 3781 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3782 [Define if you don't want to use pututline()
3783 etc. to write [uw]tmp])
ddb154b3 3784 fi
3785 ]
1d7b9b20 3786)
3787AC_ARG_ENABLE(pututxline,
bfd550a2 3788 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
ddb154b3 3789 [
3790 if test "x$enableval" = "xno" ; then
3466e002 3791 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3792 [Define if you don't want to use pututxline()
3793 etc. to write [uw]tmpx])
ddb154b3 3794 fi
3795 ]
1d7b9b20 3796)
3797AC_ARG_WITH(lastlog,
bfd550a2 3798 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
8c89dd2b 3799 [
82f4e93d 3800 if test "x$withval" = "xno" ; then
8c89dd2b 3801 AC_DEFINE(DISABLE_LASTLOG)
6cf0200f 3802 elif test -n "$withval" && test "x${withval}" != "xyes"; then
8c89dd2b 3803 conf_lastlog_location=$withval
3804 fi
3805 ]
3806)
1d7b9b20 3807
3808dnl lastlog, [uw]tmpx? detection
3809dnl NOTE: set the paths in the platform section to avoid the
3810dnl need for command-line parameters
3811dnl lastlog and [uw]tmp are subject to a file search if all else fails
3812
3813dnl lastlog detection
3814dnl NOTE: the code itself will detect if lastlog is a directory
3815AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3816AC_TRY_COMPILE([
3817#include <sys/types.h>
3818#include <utmp.h>
3819#ifdef HAVE_LASTLOG_H
3820# include <lastlog.h>
3821#endif
d7c0f3d5 3822#ifdef HAVE_PATHS_H
1d7b9b20 3823# include <paths.h>
41cb4569 3824#endif
3825#ifdef HAVE_LOGIN_H
3826# include <login.h>
1d7b9b20 3827#endif
3828 ],
3829 [ char *lastlog = LASTLOG_FILE; ],
3830 [ AC_MSG_RESULT(yes) ],
d7c0f3d5 3831 [
3832 AC_MSG_RESULT(no)
3833 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3834 AC_TRY_COMPILE([
3835#include <sys/types.h>
3836#include <utmp.h>
3837#ifdef HAVE_LASTLOG_H
3838# include <lastlog.h>
3839#endif
3840#ifdef HAVE_PATHS_H
3841# include <paths.h>
3842#endif
3843 ],
3844 [ char *lastlog = _PATH_LASTLOG; ],
3845 [ AC_MSG_RESULT(yes) ],
3846 [
f282b668 3847 AC_MSG_RESULT(no)
d7c0f3d5 3848 system_lastlog_path=no
3849 ])
3850 ]
1d7b9b20 3851)
d7c0f3d5 3852
1d7b9b20 3853if test -z "$conf_lastlog_location"; then
3854 if test x"$system_lastlog_path" = x"no" ; then
3855 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
e5fe9a1f 3856 if (test -d "$f" || test -f "$f") ; then
1d7b9b20 3857 conf_lastlog_location=$f
3858 fi
3859 done
3860 if test -z "$conf_lastlog_location"; then
f8119cef 3861 AC_MSG_WARN([** Cannot find lastlog **])
3862 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
1d7b9b20 3863 fi
3864 fi
3865fi
3866
3867if test -n "$conf_lastlog_location"; then
3466e002 3868 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3869 [Define if you want to specify the path to your lastlog file])
82f4e93d 3870fi
1d7b9b20 3871
3872dnl utmp detection
3873AC_MSG_CHECKING([if your system defines UTMP_FILE])
3874AC_TRY_COMPILE([
3875#include <sys/types.h>
3876#include <utmp.h>
d7c0f3d5 3877#ifdef HAVE_PATHS_H
1d7b9b20 3878# include <paths.h>
3879#endif
3880 ],
3881 [ char *utmp = UTMP_FILE; ],
3882 [ AC_MSG_RESULT(yes) ],
3883 [ AC_MSG_RESULT(no)
3884 system_utmp_path=no ]
3885)
3886if test -z "$conf_utmp_location"; then
3887 if test x"$system_utmp_path" = x"no" ; then
3888 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3889 if test -f $f ; then
3890 conf_utmp_location=$f
3891 fi
3892 done
3893 if test -z "$conf_utmp_location"; then
3894 AC_DEFINE(DISABLE_UTMP)
3895 fi
3896 fi
3897fi
3898if test -n "$conf_utmp_location"; then
3466e002 3899 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3900 [Define if you want to specify the path to your utmp file])
82f4e93d 3901fi
1d7b9b20 3902
3903dnl wtmp detection
3904AC_MSG_CHECKING([if your system defines WTMP_FILE])
3905AC_TRY_COMPILE([
3906#include <sys/types.h>
3907#include <utmp.h>
d7c0f3d5 3908#ifdef HAVE_PATHS_H
1d7b9b20 3909# include <paths.h>
3910#endif
3911 ],
3912 [ char *wtmp = WTMP_FILE; ],
3913 [ AC_MSG_RESULT(yes) ],
3914 [ AC_MSG_RESULT(no)
3915 system_wtmp_path=no ]
3916)
3917if test -z "$conf_wtmp_location"; then
3918 if test x"$system_wtmp_path" = x"no" ; then
3919 for f in /usr/adm/wtmp /var/log/wtmp; do
3920 if test -f $f ; then
3921 conf_wtmp_location=$f
3922 fi
3923 done
3924 if test -z "$conf_wtmp_location"; then
3925 AC_DEFINE(DISABLE_WTMP)
3926 fi
3927 fi
3928fi
3929if test -n "$conf_wtmp_location"; then
3466e002 3930 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3931 [Define if you want to specify the path to your wtmp file])
82f4e93d 3932fi
1d7b9b20 3933
3934
3935dnl utmpx detection - I don't know any system so perverse as to require
3936dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3937dnl there, though.
3938AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3939AC_TRY_COMPILE([
3940#include <sys/types.h>
3941#include <utmp.h>
3942#ifdef HAVE_UTMPX_H
3943#include <utmpx.h>
3944#endif
d7c0f3d5 3945#ifdef HAVE_PATHS_H
1d7b9b20 3946# include <paths.h>
3947#endif
3948 ],
3949 [ char *utmpx = UTMPX_FILE; ],
3950 [ AC_MSG_RESULT(yes) ],
3951 [ AC_MSG_RESULT(no)
3952 system_utmpx_path=no ]
3953)
3954if test -z "$conf_utmpx_location"; then
3955 if test x"$system_utmpx_path" = x"no" ; then
3956 AC_DEFINE(DISABLE_UTMPX)
3957 fi
3958else
3466e002 3959 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3960 [Define if you want to specify the path to your utmpx file])
82f4e93d 3961fi
1d7b9b20 3962
3963dnl wtmpx detection
3964AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3965AC_TRY_COMPILE([
3966#include <sys/types.h>
3967#include <utmp.h>
3968#ifdef HAVE_UTMPX_H
3969#include <utmpx.h>
3970#endif
d7c0f3d5 3971#ifdef HAVE_PATHS_H
1d7b9b20 3972# include <paths.h>
3973#endif
3974 ],
3975 [ char *wtmpx = WTMPX_FILE; ],
3976 [ AC_MSG_RESULT(yes) ],
3977 [ AC_MSG_RESULT(no)
3978 system_wtmpx_path=no ]
3979)
3980if test -z "$conf_wtmpx_location"; then
3981 if test x"$system_wtmpx_path" = x"no" ; then
3982 AC_DEFINE(DISABLE_WTMPX)
3983 fi
3984else
3466e002 3985 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3986 [Define if you want to specify the path to your wtmpx file])
82f4e93d 3987fi
1d7b9b20 3988
b7a87eea 3989
bd499f9e 3990if test ! -z "$blibpath" ; then
68ece370 3991 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3992 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
bd499f9e 3993fi
3994
ed89c848 3995dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3996dnl Add now.
3997CFLAGS="$CFLAGS $werror_flags"
3998
3c62e7eb 3999AC_EXEEXT
29eadd7c 4000AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4001 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4002 scard/Makefile ssh_prng_cmds survey.sh])
98a7c37b 4003AC_OUTPUT
d3083fbd 4004
cbd7492e 4005# Print summary of options
4006
cbd7492e 4007# Someone please show me a better way :)
4008A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4009B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4010C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4011D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
f5665f6f 4012E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
e0c4d3ac 4013F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
cbd7492e 4014G=`eval echo ${piddir}` ; G=`eval echo ${G}`
ecac8ee5 4015H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4016I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4017J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
cbd7492e 4018
4019echo ""
26de7942 4020echo "OpenSSH has been configured with the following options:"
ecac8ee5 4021echo " User binaries: $B"
4022echo " System binaries: $C"
4023echo " Configuration files: $D"
4024echo " Askpass program: $E"
4025echo " Manual pages: $F"
4026echo " PID file: $G"
4027echo " Privilege separation chroot path: $H"
95b99395 4028if test "x$external_path_file" = "x/etc/login.conf" ; then
4029echo " At runtime, sshd will use the path defined in $external_path_file"
4030echo " Make sure the path to scp is present, otherwise scp will not work"
8d184c09 4031else
ecac8ee5 4032echo " sshd default user PATH: $I"
89bbd457 4033 if test ! -z "$external_path_file"; then
95b99395 4034echo " (If PATH is set in $external_path_file it will be used instead. If"
4035echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4036 fi
8d184c09 4037fi
06617857 4038if test ! -z "$superuser_path" ; then
ecac8ee5 4039echo " sshd superuser user PATH: $J"
4040fi
4041echo " Manpage format: $MANTYPE"
3e05e934 4042echo " PAM support: $PAM_MSG"
5b84789f 4043echo " OSF SIA support: $SIA_MSG"
ecac8ee5 4044echo " KerberosV support: $KRB5_MSG"
ef4d1846 4045echo " SELinux support: $SELINUX_MSG"
ecac8ee5 4046echo " Smartcard support: $SCARD_MSG"
ecac8ee5 4047echo " S/KEY support: $SKEY_MSG"
4048echo " TCP Wrappers support: $TCPW_MSG"
4049echo " MD5 password support: $MD5_MSG"
59031773 4050echo " libedit support: $LIBEDIT_MSG"
5b84789f 4051echo " Solaris process contract support: $SPC_MSG"
3deb1408 4052echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
ecac8ee5 4053echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4054echo " BSD Auth support: $BSD_AUTH_MSG"
4055echo " Random number source: $RAND_MSG"
f1b0ecc3 4056if test ! -z "$USE_RAND_HELPER" ; then
ecac8ee5 4057echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
af774732 4058fi
4059
cbd7492e 4060echo ""
4061
0c2fb82f 4062echo " Host: ${host}"
4063echo " Compiler: ${CC}"
4064echo " Compiler flags: ${CFLAGS}"
4065echo "Preprocessor flags: ${CPPFLAGS}"
4066echo " Linker flags: ${LDFLAGS}"
e54defb4 4067echo " Libraries: ${LIBS}"
4068if test ! -z "${SSHDLIBS}"; then
4069echo " +for sshd: ${SSHDLIBS}"
4070fi
cbd7492e 4071
4072echo ""
4073
9cefe228 4074if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
b3146b5f 4075 echo "SVR4 style packages are supported with \"make package\""
4076 echo ""
9cefe228 4077fi
4078
adeebd37 4079if test "x$PAM_MSG" = "xyes" ; then
f1b0ecc3 4080 echo "PAM is enabled. You may need to install a PAM control file "
4081 echo "for sshd, otherwise password authentication may fail. "
aff51935 4082 echo "Example PAM control files can be found in the contrib/ "
f1b0ecc3 4083 echo "subdirectory"
adeebd37 4084 echo ""
4085fi
4086
f1b0ecc3 4087if test ! -z "$RAND_HELPER_CMDHASH" ; then
4088 echo "WARNING: you are using the builtin random number collection "
4089 echo "service. Please read WARNING.RNG and request that your OS "
4090 echo "vendor includes kernel-based random number collection in "
4091 echo "future versions of your OS."
2c523de9 4092 echo ""
4093fi
af774732 4094
2f6f9cff 4095if test ! -z "$NO_PEERCHECK" ; then
1961d660 4096 echo "WARNING: the operating system that you are using does not"
4097 echo "appear to support getpeereid(), getpeerucred() or the"
4098 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4099 echo "enforce security checks to prevent unauthorised connections to"
4100 echo "ssh-agent. Their absence increases the risk that a malicious"
4101 echo "user can connect to your agent."
2f6f9cff 4102 echo ""
4103fi
4104
7b578f7d 4105if test "$AUDIT_MODULE" = "bsm" ; then
4106 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4107 echo "See the Solaris section in README.platform for details."
4108fi
git-cvsimport mirror of OpenSSH
This page took 1.064682 seconds and 5 git commands to generate.