]> andersk Git - openssh.git/blame - configure.ac
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- jmc@cvs.openbsd.org 2007/06/08 07:48:09
[openssh.git] / configure.ac
CommitLineData
eb5d7ff6 1# $Id$
2b983b95 2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
0b202697 16
76e6410a 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
823221b2 18AC_REVISION($Revision$)
98a7c37b 19AC_CONFIG_SRCDIR([ssh.c])
5881cd60 20
21AC_CONFIG_HEADER(config.h)
b14b2ae7 22AC_PROG_CC
a7effaac 23AC_CANONICAL_HOST
cf0c5df5 24AC_C_BIGENDIAN
5881cd60 25
a0391976 26# Checks for programs.
4bbf95fa 27AC_PROG_AWK
4cca272e 28AC_PROG_CPP
5881cd60 29AC_PROG_RANLIB
cf8dd513 30AC_PROG_INSTALL
c9ecc3c7 31AC_PROG_EGREP
bee0a37e 32AC_PATH_PROG(AR, ar)
ddd8c95b 33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
13dd877b 35AC_PATH_PROGS(PERL, perl5 perl)
c3690df3 36AC_PATH_PROG(SED, sed)
a0f84251 37AC_SUBST(PERL)
ad85db64 38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
6958bd37 40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
6193497b 43AC_PATH_PROG(SH, sh)
a3245b92 44AC_SUBST(TEST_SHELL,sh)
f498ed15 45
9cefe228 46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
eeb27c78 52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
9cefe228 57
948fd8b9 58# System features
59AC_SYS_LARGEFILE
60
c193d002 61if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
2e73a022 65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
3466e002 67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
2e73a022 70else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76fi
77
37656beb 78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
3466e002 80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
37656beb 82fi
83
d423d822 84if test -z "$LD" ; then
85 LD=$CC
86fi
87AC_SUBST(LD)
82f4e93d 88
d423d822 89AC_C_INLINE
dfafb2e1 90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
aff51935 93if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
af40ca44 94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
eeee8237 95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
5fdabf45 96 case $GCC_VER in
0b9fdeb8 97 1.*) no_attrib_nonnull=1 ;;
98 2.8* | 2.9*)
99 CFLAGS="$CFLAGS -Wsign-compare"
100 no_attrib_nonnull=1
101 ;;
102 2.*) no_attrib_nonnull=1 ;;
dbf07ba2 103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
cd595991 104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 *) ;;
5fdabf45 106 esac
8a3ff1aa 107
dfafb2e1 108 if test -z "$have_llong_max"; then
109 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
110 unset ac_cv_have_decl_LLONG_MAX
111 saved_CFLAGS="$CFLAGS"
112 CFLAGS="$CFLAGS -std=gnu99"
113 AC_CHECK_DECL(LLONG_MAX,
114 [have_llong_max=1],
115 [CFLAGS="$saved_CFLAGS"],
116 [#include <limits.h>]
117 )
118 fi
d423d822 119fi
120
0b9fdeb8 121if test "x$no_attrib_nonnull" != "x1" ; then
122 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
123fi
124
e6354014 125AC_ARG_WITH(rpath,
126 [ --without-rpath Disable auto-added -R linker paths],
127 [
82f4e93d 128 if test "x$withval" = "xno" ; then
e6354014 129 need_dash_r=""
130 fi
131 if test "x$withval" = "xyes" ; then
132 need_dash_r=1
133 fi
134 ]
135)
136
aa56f760 137# Allow user to specify flags
138AC_ARG_WITH(cflags,
139 [ --with-cflags Specify additional flags to pass to compiler],
140 [
141 if test -n "$withval" && test "x$withval" != "xno" && \
142 test "x${withval}" != "xyes"; then
143 CFLAGS="$CFLAGS $withval"
144 fi
145 ]
146)
147AC_ARG_WITH(cppflags,
148 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
149 [
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CPPFLAGS="$CPPFLAGS $withval"
153 fi
154 ]
155)
156AC_ARG_WITH(ldflags,
157 [ --with-ldflags Specify additional flags to pass to linker],
158 [
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 LDFLAGS="$LDFLAGS $withval"
162 fi
163 ]
164)
165AC_ARG_WITH(libs,
166 [ --with-libs Specify additional libraries to link with],
167 [
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LIBS="$LIBS $withval"
171 fi
172 ]
173)
174AC_ARG_WITH(Werror,
175 [ --with-Werror Build main code with -Werror],
176 [
177 if test -n "$withval" && test "x$withval" != "xno"; then
178 werror_flags="-Werror"
179 if test "x${withval}" != "xyes"; then
180 werror_flags="$withval"
181 fi
182 fi
183 ]
184)
185
186AC_CHECK_HEADERS( \
187 bstring.h \
188 crypt.h \
189 crypto/sha2.h \
190 dirent.h \
191 endian.h \
192 features.h \
193 fcntl.h \
194 floatingpoint.h \
195 getopt.h \
196 glob.h \
197 ia.h \
198 iaf.h \
199 limits.h \
200 login.h \
201 maillock.h \
202 ndir.h \
203 net/if_tun.h \
204 netdb.h \
205 netgroup.h \
206 pam/pam_appl.h \
207 paths.h \
208 pty.h \
209 readpassphrase.h \
210 rpc/types.h \
211 security/pam_appl.h \
212 sha2.h \
213 shadow.h \
214 stddef.h \
215 stdint.h \
216 string.h \
217 strings.h \
218 sys/audit.h \
219 sys/bitypes.h \
220 sys/bsdtty.h \
221 sys/cdefs.h \
222 sys/dir.h \
223 sys/mman.h \
224 sys/ndir.h \
225 sys/prctl.h \
226 sys/pstat.h \
227 sys/select.h \
228 sys/stat.h \
229 sys/stream.h \
230 sys/stropts.h \
231 sys/strtio.h \
232 sys/sysmacros.h \
233 sys/time.h \
234 sys/timers.h \
235 sys/un.h \
236 time.h \
237 tmpdir.h \
238 ttyent.h \
40701614 239 ucred.h \
aa56f760 240 unistd.h \
241 usersec.h \
242 util.h \
243 utime.h \
244 utmp.h \
245 utmpx.h \
246 vis.h \
247)
248
249# lastlog.h requires sys/time.h to be included first on Solaris
250AC_CHECK_HEADERS(lastlog.h, [], [], [
251#ifdef HAVE_SYS_TIME_H
252# include <sys/time.h>
253#endif
254])
255
256# sys/ptms.h requires sys/stream.h to be included first on Solaris
257AC_CHECK_HEADERS(sys/ptms.h, [], [], [
258#ifdef HAVE_SYS_STREAM_H
259# include <sys/stream.h>
260#endif
261])
262
263# login_cap.h requires sys/types.h on NetBSD
264AC_CHECK_HEADERS(login_cap.h, [], [], [
265#include <sys/types.h>
266])
267
5b84789f 268# Messages for features tested for in target-specific section
269SIA_MSG="no"
270SPC_MSG="no"
271
a0391976 272# Check for some target-specific stuff
a7effaac 273case "$host" in
9d6b1b96 274*-*-aix*)
25a2779b 275 # Some versions of VAC won't allow macro redefinitions at
276 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
277 # particularly with older versions of vac or xlc.
278 # It also throws errors about null macro argments, but these are
279 # not fatal.
280 AC_MSG_CHECKING(if compiler allows macro redefinitions)
281 AC_COMPILE_IFELSE(
282 [AC_LANG_SOURCE([[
283#define testmacro foo
284#define testmacro bar
285int main(void) { exit(0); }
286 ]])],
287 [ AC_MSG_RESULT(yes) ],
288 [ AC_MSG_RESULT(no)
289 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
290 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
291 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
292 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
293 ]
294 )
295
aff51935 296 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
68ece370 297 if (test -z "$blibpath"); then
0a15d73b 298 blibpath="/usr/lib:/lib"
68ece370 299 fi
300 saved_LDFLAGS="$LDFLAGS"
e7479666 301 if test "$GCC" = "yes"; then
302 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
303 else
304 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
305 fi
306 for tryflags in $flags ;do
68ece370 307 if (test -z "$blibflags"); then
308 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
309 AC_TRY_LINK([], [], [blibflags=$tryflags])
310 fi
311 done
312 if (test -z "$blibflags"); then
313 AC_MSG_RESULT(not found)
314 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
315 else
316 AC_MSG_RESULT($blibflags)
bd499f9e 317 fi
68ece370 318 LDFLAGS="$saved_LDFLAGS"
e351e493 319 dnl Check for authenticate. Might be in libs.a on older AIXes
3466e002 320 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
321 [Define if you want to enable AIX4's authenticate function])],
0764e748 322 [AC_CHECK_LIB(s,authenticate,
e351e493 323 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
0764e748 324 LIBS="$LIBS -ls"
325 ])
326 ])
ba603e06 327 dnl Check for various auth function declarations in headers.
c85ed8e2 328 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
72ad335d 329 passwdexpired, setauthdb], , , [#include <usersec.h>])
e351e493 330 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
ba603e06 331 AC_CHECK_DECLS(loginfailed,
e351e493 332 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
333 AC_TRY_COMPILE(
f58c0e01 334 [#include <usersec.h>],
e351e493 335 [(void)loginfailed("user","host","tty",0);],
336 [AC_MSG_RESULT(yes)
3466e002 337 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
338 [Define if your AIX loginfailed() function
339 takes 4 arguments (AIX >= 5.2)])],
f58c0e01 340 [AC_MSG_RESULT(no)]
e351e493 341 )],
342 [],
343 [#include <usersec.h>]
344 )
2aa3a16c 345 AC_CHECK_FUNCS(setauthdb)
53c337ed 346 AC_CHECK_DECL(F_CLOSEM,
795e7517 347 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
53c337ed 348 [],
349 [ #include <limits.h>
350 #include <fcntl.h> ]
351 )
5ccf88cb 352 check_for_aix_broken_getaddrinfo=1
3466e002 353 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
354 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
355 [Define if your platform breaks doing a seteuid before a setuid])
356 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
357 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
a3cef3ca 358 dnl AIX handles lastlog as part of its login message
3466e002 359 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
360 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
361 [Some systems need a utmpx entry for /bin/login to work])
362 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
363 [Define to a Set Process Title type if your system is
364 supported by bsd-setproctitle.c])
961c2997 365 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
366 [AIX 5.2 and 5.3 (and presumably newer) require this])
ea8c44d9 367 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
9d6b1b96 368 ;;
3c62e7eb 369*-*-cygwin*)
a52997bd 370 check_for_libcrypt_later=1
04765d02 371 LIBS="$LIBS /usr/lib/textreadmode.o"
3466e002 372 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
373 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
374 AC_DEFINE(DISABLE_SHADOW, 1,
375 [Define if you want to disable shadow passwords])
376 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
377 [Define if your system choked on IP TOS setting])
378 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
379 [Define if X11 doesn't support AF_UNIX sockets on that system])
380 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
381 [Define if the concept of ports only accessible to
382 superusers isn't known])
383 AC_DEFINE(DISABLE_FD_PASSING, 1,
384 [Define if your platform needs to skip post auth
385 file descriptor passing])
3c62e7eb 386 ;;
d6fdb079 387*-*-dgux*)
388 AC_DEFINE(IP_TOS_IS_BROKEN)
0c6a72a5 389 AC_DEFINE(SETEUID_BREAKS_SETUID)
390 AC_DEFINE(BROKEN_SETREUID)
391 AC_DEFINE(BROKEN_SETREGID)
d6fdb079 392 ;;
39c98ef7 393*-*-darwin*)
33e2e066 394 AC_MSG_CHECKING(if we have working getaddrinfo)
395 AC_TRY_RUN([#include <mach-o/dyld.h>
396main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
397 exit(0);
398 else
399 exit(1);
400}], [AC_MSG_RESULT(working)],
401 [AC_MSG_RESULT(buggy)
3466e002 402 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
b27e573d 403 [AC_MSG_RESULT(assume it is working)])
635e0c42 404 AC_DEFINE(SETEUID_BREAKS_SETUID)
405 AC_DEFINE(BROKEN_SETREUID)
406 AC_DEFINE(BROKEN_SETREGID)
3466e002 407 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
408 [Define if your resolver libs need this for getrrsetbyname])
e02505e2 409 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
410 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
411 [Use tunnel device compatibility to OpenBSD])
412 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
413 [Prepend the address family to IP tunnel traffic])
39c98ef7 414 ;;
36f36ba3 415*-*-dragonfly*)
416 SSHDLIBS="$SSHDLIBS -lcrypt"
417 ;;
7d458c86 418*-*-hpux*)
419 # first we define all of the options common to all HP-UX releases
b8fea62d 420 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
44839801 421 IPADDR_IN_DISPLAY=yes
2b10f47a 422 AC_DEFINE(USE_PIPES)
3466e002 423 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
424 [Define if your login program cannot handle end of options ("--")])
a2572aa7 425 AC_DEFINE(LOGIN_NEEDS_UTMPX)
3466e002 426 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
427 [String used in /etc/passwd to denote locked account])
3a2b2b44 428 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
83f987c3 429 MAIL="/var/mail/username"
f75ca46d 430 LIBS="$LIBS -lsec"
7d458c86 431 AC_CHECK_LIB(xnet, t_error, ,
432 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
433
434 # next, we define all of the options specific to major releases
435 case "$host" in
436 *-*-hpux10*)
437 if test -z "$GCC"; then
438 CFLAGS="$CFLAGS -Ae"
439 fi
440 ;;
441 *-*-hpux11*)
3466e002 442 AC_DEFINE(PAM_SUN_CODEBASE, 1,
443 [Define if you are using Solaris-derived PAM which
444 passes pam_messages to the conversation function
445 with an extra level of indirection])
446 AC_DEFINE(DISABLE_UTMP, 1,
447 [Define if you don't want to use utmp])
7d458c86 448 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
449 check_for_hpux_broken_getaddrinfo=1
450 check_for_conflicting_getspnam=1
451 ;;
452 esac
453
454 # lastly, we define options specific to minor releases
455 case "$host" in
456 *-*-hpux10.26)
3466e002 457 AC_DEFINE(HAVE_SECUREWARE, 1,
458 [Define if you have SecureWare-based
459 protected password database])
7d458c86 460 disable_ptmx_check=yes
461 LIBS="$LIBS -lsecpw"
462 ;;
463 esac
2b763e31 464 ;;
d94aa2ae 465*-*-irix5*)
6ac7829a 466 PATH="$PATH:/usr/etc"
3466e002 467 AC_DEFINE(BROKEN_INET_NTOA, 1,
468 [Define if you system's inet_ntoa is busted
469 (e.g. Irix gcc issue)])
cb433561 470 AC_DEFINE(SETEUID_BREAKS_SETUID)
471 AC_DEFINE(BROKEN_SETREUID)
472 AC_DEFINE(BROKEN_SETREGID)
3466e002 473 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
474 [Define if you shouldn't strip 'tty' from your
475 ttyname in [uw]tmp])
3e6e3da0 476 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
b9795b89 477 ;;
478*-*-irix6*)
6ac7829a 479 PATH="$PATH:/usr/etc"
3466e002 480 AC_DEFINE(WITH_IRIX_ARRAY, 1,
481 [Define if you have/want arrays
482 (cluster-wide session managment, not C arrays)])
483 AC_DEFINE(WITH_IRIX_PROJECT, 1,
484 [Define if you want IRIX project management])
485 AC_DEFINE(WITH_IRIX_AUDIT, 1,
486 [Define if you want IRIX audit trails])
487 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
488 [Define if you want IRIX kernel jobs])])
416ed5a7 489 AC_DEFINE(BROKEN_INET_NTOA)
412c0eaa 490 AC_DEFINE(SETEUID_BREAKS_SETUID)
491 AC_DEFINE(BROKEN_SETREUID)
492 AC_DEFINE(BROKEN_SETREGID)
3466e002 493 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
0e8f4eba 494 AC_DEFINE(WITH_ABBREV_NO_TTY)
3e6e3da0 495 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
d94aa2ae 496 ;;
5cdfe03f 497*-*-linux*)
498 no_dev_ptmx=1
717057b6 499 check_for_libcrypt_later=1
eacb954e 500 check_for_openpty_ctty_bug=1
3466e002 501 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
502 AC_DEFINE(PAM_TTY_KLUDGE, 1,
503 [Work around problematic Linux PAM modules handling of PAM_TTY])
504 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
505 [String used in /etc/passwd to denote locked account])
3a2b2b44 506 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
3466e002 507 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
508 [Define to whatever link() returns for "not supported"
509 if it doesn't return EOPNOTSUPP.])
b6610e8f 510 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
3466e002 511 AC_DEFINE(USE_BTMP)
80faa19f 512 inet6_default_4in6=yes
bf7c1e6c 513 case `uname -r` in
ad84c479 514 1.*|2.0.*)
3466e002 515 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
516 [Define if cmsg_type is not passed correctly])
bf7c1e6c 517 ;;
bf7c1e6c 518 esac
c40f09ca 519 # tun(4) forwarding compat code
d91775e1 520 AC_CHECK_HEADERS(linux/if_tun.h)
b5081213 521 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
c40f09ca 522 AC_DEFINE(SSH_TUN_LINUX, 1,
523 [Open tunnel devices the Linux tun/tap way])
524 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
525 [Use tunnel device compatibility to OpenBSD])
526 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
527 [Prepend the address family to IP tunnel traffic])
528 fi
5cdfe03f 529 ;;
66d6c27e 530mips-sony-bsd|mips-sony-newsos4)
4b2cf3f1 531 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
66d6c27e 532 SONY=1
66d6c27e 533 ;;
d468fc76 534*-*-netbsd*)
33e2e066 535 check_for_libcrypt_before=1
82f4e93d 536 if test "x$withval" != "xno" ; then
e6354014 537 need_dash_r=1
538 fi
0f6cb079 539 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
540 AC_CHECK_HEADER([net/if_tap.h], ,
541 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
542 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
543 [Prepend the address family to IP tunnel traffic])
d468fc76 544 ;;
86b416a7 545*-*-freebsd*)
546 check_for_libcrypt_later=1
988c5031 547 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
0f6cb079 548 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
549 AC_CHECK_HEADER([net/if_tap.h], ,
550 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
86b416a7 551 ;;
8707b7eb 552*-*-bsdi*)
553 AC_DEFINE(SETEUID_BREAKS_SETUID)
554 AC_DEFINE(BROKEN_SETREUID)
555 AC_DEFINE(BROKEN_SETREGID)
556 ;;
729bfe59 557*-next-*)
729bfe59 558 conf_lastlog_location="/usr/adm/lastlog"
698d107e 559 conf_utmp_location=/etc/utmp
560 conf_wtmp_location=/usr/adm/wtmp
561 MAIL=/usr/spool/mail
3466e002 562 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
443172c4 563 AC_DEFINE(BROKEN_REALPATH)
00937921 564 AC_DEFINE(USE_PIPES)
3466e002 565 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
729bfe59 566 ;;
5b7b5e23 567*-*-openbsd*)
568 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
8034a348 569 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
0f6cb079 570 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
c79c4814 571 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
572 [syslog_r function is safe to use in in a signal handler])
5b7b5e23 573 ;;
9d6b1b96 574*-*-solaris*)
82f4e93d 575 if test "x$withval" != "xno" ; then
010e9d5b 576 need_dash_r=1
577 fi
adeebd37 578 AC_DEFINE(PAM_SUN_CODEBASE)
7e2d5fa4 579 AC_DEFINE(LOGIN_NEEDS_UTMPX)
3466e002 580 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
581 [Some versions of /bin/login need the TERM supplied
582 on the commandline])
7f0a4ff1 583 AC_DEFINE(PAM_TTY_KLUDGE)
3466e002 584 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
585 [Define if pam_chauthtok wants real uid set
586 to the unpriv'ed user])
3e6e3da0 587 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
ad84c479 588 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
3466e002 589 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
590 [Define if sshd somehow reacquires a controlling TTY
591 after setsid()])
795aa5f5 592 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
593 in case the name is longer than 8 chars])
95b99395 594 external_path_file=/etc/default/login
1d7b9b20 595 # hardwire lastlog location (can't detect it on some versions)
596 conf_lastlog_location="/var/adm/lastlog"
32c80420 597 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
598 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
599 if test "$sol2ver" -ge 8; then
600 AC_MSG_RESULT(yes)
601 AC_DEFINE(DISABLE_UTMP)
3466e002 602 AC_DEFINE(DISABLE_WTMP, 1,
603 [Define if you don't want to use wtmp])
32c80420 604 else
605 AC_MSG_RESULT(no)
606 fi
5b84789f 607 AC_ARG_WITH(solaris-contracts,
608 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
609 [
610 AC_CHECK_LIB(contract, ct_tmpl_activate,
611 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
612 [Define if you have Solaris process contracts])
613 SSHDLIBS="$SSHDLIBS -lcontract"
614 AC_SUBST(SSHDLIBS)
615 SPC_MSG="yes" ], )
616 ],
617 )
9d6b1b96 618 ;;
a423beaf 619*-*-sunos4*)
0c2fb82f 620 CPPFLAGS="$CPPFLAGS -DSUNOS4"
a423beaf 621 AC_CHECK_FUNCS(getpwanam)
adeebd37 622 AC_DEFINE(PAM_SUN_CODEBASE)
32eec038 623 conf_utmp_location=/etc/utmp
624 conf_wtmp_location=/var/adm/wtmp
625 conf_lastlog_location=/var/adm/lastlog
137d7b6c 626 AC_DEFINE(USE_PIPES)
a423beaf 627 ;;
6f68f28a 628*-ncr-sysv*)
98a7c37b 629 LIBS="$LIBS -lc89"
29525240 630 AC_DEFINE(USE_PIPES)
eabb99c6 631 AC_DEFINE(SSHD_ACQUIRES_CTTY)
6fb3618d 632 AC_DEFINE(SETEUID_BREAKS_SETUID)
633 AC_DEFINE(BROKEN_SETREUID)
634 AC_DEFINE(BROKEN_SETREGID)
6f68f28a 635 ;;
132dd316 636*-sni-sysv*)
c8c15bcb 637 # /usr/ucblib MUST NOT be searched on ReliantUNIX
e2798e96 638 AC_CHECK_LIB(dl, dlsym, ,)
d08db6d1 639 # -lresolv needs to be at the end of LIBS or DNS lookups break
640 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
9548d6c8 641 IPADDR_IN_DISPLAY=yes
642 AC_DEFINE(USE_PIPES)
132dd316 643 AC_DEFINE(IP_TOS_IS_BROKEN)
605369bb 644 AC_DEFINE(SETEUID_BREAKS_SETUID)
645 AC_DEFINE(BROKEN_SETREUID)
646 AC_DEFINE(BROKEN_SETREGID)
eabb99c6 647 AC_DEFINE(SSHD_ACQUIRES_CTTY)
95b99395 648 external_path_file=/etc/default/login
c8c15bcb 649 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
650 # Attention: always take care to bind libsocket and libnsl before libc,
651 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
132dd316 652 ;;
79a7ba96 653# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
77bb0bca 654*-*-sysv4.2*)
ed6553e2 655 AC_DEFINE(USE_PIPES)
7ed101c0 656 AC_DEFINE(SETEUID_BREAKS_SETUID)
657 AC_DEFINE(BROKEN_SETREUID)
658 AC_DEFINE(BROKEN_SETREGID)
46f853b9 659 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
e45da4d6 660 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
77bb0bca 661 ;;
79a7ba96 662# UnixWare 7.x, OpenUNIX 8
77bb0bca 663*-*-sysv5*)
d7d2cc6e 664 check_for_libcrypt_later=1
665 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
ed6553e2 666 AC_DEFINE(USE_PIPES)
7ed101c0 667 AC_DEFINE(SETEUID_BREAKS_SETUID)
668 AC_DEFINE(BROKEN_SETREUID)
669 AC_DEFINE(BROKEN_SETREGID)
3466e002 670 AC_DEFINE(PASSWD_NEEDS_USERNAME)
822015dd 671 case "$host" in
672 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
673 TEST_SHELL=/u95/bin/sh
3466e002 674 AC_DEFINE(BROKEN_LIBIAF, 1,
675 [ia_uinfo routines not supported by OS yet])
5cc6ddad 676 AC_DEFINE(BROKEN_UPDWTMPX)
822015dd 677 ;;
e45da4d6 678 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
679 ;;
822015dd 680 esac
77bb0bca 681 ;;
9d6b1b96 682*-*-sysv*)
9d6b1b96 683 ;;
79a7ba96 684# SCO UNIX and OEM versions of SCO UNIX
77bb0bca 685*-*-sco3.2v4*)
11cf4f1f 686 AC_MSG_ERROR("This Platform is no longer supported.")
77bb0bca 687 ;;
79a7ba96 688# SCO OpenServer 5.x
77bb0bca 689*-*-sco3.2v5*)
21710e39 690 if test -z "$GCC"; then
691 CFLAGS="$CFLAGS -belf"
692 fi
ed6553e2 693 LIBS="$LIBS -lprot -lx -ltinfo -lm"
509b1f88 694 no_dev_ptmx=1
ed6553e2 695 AC_DEFINE(USE_PIPES)
6e879cb4 696 AC_DEFINE(HAVE_SECUREWARE)
d287c664 697 AC_DEFINE(DISABLE_SHADOW)
94d8258b 698 AC_DEFINE(DISABLE_FD_PASSING)
7ed101c0 699 AC_DEFINE(SETEUID_BREAKS_SETUID)
700 AC_DEFINE(BROKEN_SETREUID)
701 AC_DEFINE(BROKEN_SETREGID)
bcebad47 702 AC_DEFINE(WITH_ABBREV_NO_TTY)
34f2baf0 703 AC_DEFINE(BROKEN_UPDWTMPX)
3466e002 704 AC_DEFINE(PASSWD_NEEDS_USERNAME)
aca75d94 705 AC_CHECK_FUNCS(getluid setluid)
533875af 706 MANTYPE=man
a3245b92 707 TEST_SHELL=ksh
509b1f88 708 ;;
ccbb983c 709*-*-unicosmk*)
3466e002 710 AC_DEFINE(NO_SSH_LASTLOG, 1,
711 [Define if you don't want to use lastlog in session.c])
c1ad5966 712 AC_DEFINE(SETEUID_BREAKS_SETUID)
713 AC_DEFINE(BROKEN_SETREUID)
714 AC_DEFINE(BROKEN_SETREGID)
ccbb983c 715 AC_DEFINE(USE_PIPES)
716 AC_DEFINE(DISABLE_FD_PASSING)
717 LDFLAGS="$LDFLAGS"
718 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
719 MANTYPE=cat
d262b7f2 720 ;;
7b9a8c6e 721*-*-unicosmp*)
c1ad5966 722 AC_DEFINE(SETEUID_BREAKS_SETUID)
723 AC_DEFINE(BROKEN_SETREUID)
724 AC_DEFINE(BROKEN_SETREGID)
7b9a8c6e 725 AC_DEFINE(WITH_ABBREV_NO_TTY)
726 AC_DEFINE(USE_PIPES)
727 AC_DEFINE(DISABLE_FD_PASSING)
728 LDFLAGS="$LDFLAGS"
c1ad5966 729 LIBS="$LIBS -lgen -lacid -ldb"
7b9a8c6e 730 MANTYPE=cat
731 ;;
ca5c7d6a 732*-*-unicos*)
c1ad5966 733 AC_DEFINE(SETEUID_BREAKS_SETUID)
734 AC_DEFINE(BROKEN_SETREUID)
735 AC_DEFINE(BROKEN_SETREGID)
ca5c7d6a 736 AC_DEFINE(USE_PIPES)
94d8258b 737 AC_DEFINE(DISABLE_FD_PASSING)
ef51930f 738 AC_DEFINE(NO_SSH_LASTLOG)
ccbb983c 739 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
740 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
741 MANTYPE=cat
a704dd54 742 ;;
4d33e531 743*-dec-osf*)
99c8ddac 744 AC_MSG_CHECKING(for Digital Unix SIA)
745 no_osfsia=""
746 AC_ARG_WITH(osfsia,
747 [ --with-osfsia Enable Digital Unix SIA],
748 [
749 if test "x$withval" = "xno" ; then
750 AC_MSG_RESULT(disabled)
751 no_osfsia=1
752 fi
753 ],
754 )
755 if test -z "$no_osfsia" ; then
4d33e531 756 if test -f /etc/sia/matrix.conf; then
757 AC_MSG_RESULT(yes)
3466e002 758 AC_DEFINE(HAVE_OSF_SIA, 1,
759 [Define if you have Digital Unix Security
760 Integration Architecture])
761 AC_DEFINE(DISABLE_LOGIN, 1,
762 [Define if you don't want to use your
763 system's login() call])
58d0df4e 764 AC_DEFINE(DISABLE_FD_PASSING)
4d33e531 765 LIBS="$LIBS -lsecurity -ldb -lm -laud"
5b84789f 766 SIA_MSG="yes"
4d33e531 767 else
768 AC_MSG_RESULT(no)
3466e002 769 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
770 [String used in /etc/passwd to denote locked account])
4d33e531 771 fi
772 fi
a6e67b60 773 AC_DEFINE(BROKEN_GETADDRINFO)
f4f2ff4f 774 AC_DEFINE(SETEUID_BREAKS_SETUID)
08da2d08 775 AC_DEFINE(BROKEN_SETREUID)
776 AC_DEFINE(BROKEN_SETREGID)
4d33e531 777 ;;
41cb4569 778
9c54c067 779*-*-nto-qnx*)
41cb4569 780 AC_DEFINE(USE_PIPES)
781 AC_DEFINE(NO_X11_UNIX_SOCKETS)
3466e002 782 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
783 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
784 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
9c54c067 785 AC_DEFINE(DISABLE_LASTLOG)
49c64dd6 786 AC_DEFINE(SSHD_ACQUIRES_CTTY)
0c7e8877 787 enable_etc_default_login=no # has incompatible /etc/default/login
41cb4569 788 ;;
35fc74ed 789
790*-*-ultrix*)
3466e002 791 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
792 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
4b2cf3f1 793 AC_DEFINE(NEED_SETPGRP)
b5765e1d 794 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
795 ;;
157b6700 796
797*-*-lynxos)
798 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
3466e002 799 AC_DEFINE(MISSING_HOWMANY)
157b6700 800 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
801 ;;
a7effaac 802esac
803
c5829391 804AC_MSG_CHECKING(compiler and flags for sanity)
479cece8 805AC_RUN_IFELSE(
806 [AC_LANG_SOURCE([
c5829391 807#include <stdio.h>
808int main(){exit(0);}
479cece8 809 ])],
c5829391 810 [ AC_MSG_RESULT(yes) ],
811 [
812 AC_MSG_RESULT(no)
813 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1a01a50c 814 ],
815 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
c5829391 816)
817
b04a9f8c 818dnl Checks for header files.
a0391976 819# Checks for libraries.
98a7c37b 820AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
821AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
2c523de9 822
446227d6 823dnl IRIX and Solaris 2.5.1 have dirname() in libgen
824AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
825 AC_CHECK_LIB(gen, dirname,[
826 AC_CACHE_CHECK([for broken dirname],
827 ac_cv_have_broken_dirname, [
828 save_LIBS="$LIBS"
829 LIBS="$LIBS -lgen"
b0e7249f 830 AC_RUN_IFELSE(
831 [AC_LANG_SOURCE([[
446227d6 832#include <libgen.h>
833#include <string.h>
834
835int main(int argc, char **argv) {
836 char *s, buf[32];
837
838 strncpy(buf,"/etc", 32);
839 s = dirname(buf);
840 if (!s || strncmp(s, "/", 32) != 0) {
841 exit(1);
842 } else {
843 exit(0);
844 }
845}
b0e7249f 846 ]])],
847 [ ac_cv_have_broken_dirname="no" ],
848 [ ac_cv_have_broken_dirname="yes" ],
446227d6 849 [ ac_cv_have_broken_dirname="no" ],
446227d6 850 )
851 LIBS="$save_LIBS"
852 ])
853 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
854 LIBS="$LIBS -lgen"
855 AC_DEFINE(HAVE_DIRNAME)
856 AC_CHECK_HEADERS(libgen.h)
857 fi
858 ])
859])
860
861AC_CHECK_FUNC(getspnam, ,
862 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
3466e002 863AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
864 [Define if you have the basename function.]))
446227d6 865
98a7c37b 866dnl zlib is required
867AC_ARG_WITH(zlib,
868 [ --with-zlib=PATH Use zlib in PATH],
6dd05556 869 [ if test "x$withval" = "xno" ; then
870 AC_MSG_ERROR([*** zlib is required ***])
871 elif test "x$withval" != "xyes"; then
98a7c37b 872 if test -d "$withval/lib"; then
873 if test -n "${need_dash_r}"; then
5a162955 874 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
98a7c37b 875 else
5a162955 876 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
98a7c37b 877 fi
878 else
879 if test -n "${need_dash_r}"; then
5a162955 880 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
98a7c37b 881 else
5a162955 882 LDFLAGS="-L${withval} ${LDFLAGS}"
98a7c37b 883 fi
884 fi
885 if test -d "$withval/include"; then
5a162955 886 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
98a7c37b 887 else
5a162955 888 CPPFLAGS="-I${withval} ${CPPFLAGS}"
98a7c37b 889 fi
6dd05556 890 fi ]
98a7c37b 891)
892
0a15d73b 893AC_CHECK_LIB(z, deflate, ,
894 [
895 saved_CPPFLAGS="$CPPFLAGS"
896 saved_LDFLAGS="$LDFLAGS"
897 save_LIBS="$LIBS"
898 dnl Check default zlib install dir
899 if test -n "${need_dash_r}"; then
900 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
901 else
902 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
903 fi
904 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
905 LIBS="$LIBS -lz"
906 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
907 [
908 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
909 ]
910 )
911 ]
912)
4ad65809 913AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
8068d564 914
915AC_ARG_WITH(zlib-version-check,
916 [ --without-zlib-version-check Disable zlib version check],
917 [ if test "x$withval" = "xno" ; then
918 zlib_check_nonfatal=1
919 fi
920 ]
921)
922
5c7fc85d 923AC_MSG_CHECKING(for possibly buggy zlib)
479cece8 924AC_RUN_IFELSE([AC_LANG_SOURCE([[
5c7fc85d 925#include <stdio.h>
4ad65809 926#include <zlib.h>
927int main()
928{
5c7fc85d 929 int a=0, b=0, c=0, d=0, n, v;
930 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
931 if (n != 3 && n != 4)
4ad65809 932 exit(1);
5c7fc85d 933 v = a*1000000 + b*10000 + c*100 + d;
934 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
935
936 /* 1.1.4 is OK */
937 if (a == 1 && b == 1 && c >= 4)
4ad65809 938 exit(0);
5c7fc85d 939
0072b59d 940 /* 1.2.3 and up are OK */
941 if (v >= 1020300)
5c7fc85d 942 exit(0);
943
4ad65809 944 exit(2);
945}
479cece8 946 ]])],
5c7fc85d 947 AC_MSG_RESULT(no),
948 [ AC_MSG_RESULT(yes)
8068d564 949 if test -z "$zlib_check_nonfatal" ; then
950 AC_MSG_ERROR([*** zlib too old - check config.log ***
951Your reported zlib version has known security problems. It's possible your
952vendor has fixed these problems without changing the version number. If you
953are sure this is the case, you can disable the check by running
954"./configure --without-zlib-version-check".
6090bcfe 955If you are in doubt, upgrade zlib to version 1.2.3 or greater.
5c7fc85d 956See http://www.gzip.org/zlib/ for details.])
8068d564 957 else
958 AC_MSG_WARN([zlib version may have security problems])
959 fi
1a01a50c 960 ],
961 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
4ad65809 962)
48e7916f 963
2c523de9 964dnl UnixWare 2.x
aff51935 965AC_CHECK_FUNC(strcasecmp,
2c523de9 966 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
967)
23361281 968AC_CHECK_FUNCS(utimes,
cda1ebcb 969 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
970 LIBS="$LIBS -lc89"]) ]
2c523de9 971)
4cca272e 972
7c6d759d 973dnl Checks for libutil functions
974AC_CHECK_HEADERS(libutil.h)
3466e002 975AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
976 [Define if your libraries define login()])])
7c6d759d 977AC_CHECK_FUNCS(logout updwtmp logwtmp)
978
a738c3b0 979AC_FUNC_STRFTIME
980
84ceda19 981# Check for ALTDIRFUNC glob() extension
982AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
983AC_EGREP_CPP(FOUNDIT,
984 [
985 #include <glob.h>
986 #ifdef GLOB_ALTDIRFUNC
987 FOUNDIT
988 #endif
aff51935 989 ],
84ceda19 990 [
3466e002 991 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
992 [Define if your system glob() function has
993 the GLOB_ALTDIRFUNC extension])
84ceda19 994 AC_MSG_RESULT(yes)
995 ],
996 [
997 AC_MSG_RESULT(no)
998 ]
999)
4cca272e 1000
40849fdb 1001# Check for g.gl_matchc glob() extension
1002AC_MSG_CHECKING(for gl_matchc field in glob_t)
d90b9f9a 1003AC_TRY_COMPILE(
13ff27b7 1004 [ #include <glob.h> ],
1005 [glob_t g; g.gl_matchc = 1;],
aff51935 1006 [
3466e002 1007 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1008 [Define if your system glob() function has
1009 gl_matchc options in glob_t])
aff51935 1010 AC_MSG_RESULT(yes)
1011 ],
1012 [
1013 AC_MSG_RESULT(no)
1014 ]
40849fdb 1015)
1016
78888bab 1017AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1018
edbe6722 1019AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1a01a50c 1020AC_RUN_IFELSE(
479cece8 1021 [AC_LANG_SOURCE([[
edbe6722 1022#include <sys/types.h>
1023#include <dirent.h>
aec4cb4f 1024int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
479cece8 1025 ]])],
aff51935 1026 [AC_MSG_RESULT(yes)],
edbe6722 1027 [
1028 AC_MSG_RESULT(no)
3466e002 1029 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
d08db6d1 1030 [Define if your struct dirent expects you to
3466e002 1031 allocate extra space for d_name])
1a01a50c 1032 ],
82f4e93d 1033 [
1a01a50c 1034 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1035 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
edbe6722 1036 ]
1037)
1038
419e26e7 1039AC_MSG_CHECKING([for /proc/pid/fd directory])
1040if test -d "/proc/$$/fd" ; then
3466e002 1041 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
419e26e7 1042 AC_MSG_RESULT(yes)
1043else
1044 AC_MSG_RESULT(no)
1045fi
1046
278588d8 1047# Check whether user wants S/Key support
aff51935 1048SKEY_MSG="no"
278588d8 1049AC_ARG_WITH(skey,
6ff3d0dc 1050 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
278588d8 1051 [
1052 if test "x$withval" != "xno" ; then
1053
1054 if test "x$withval" != "xyes" ; then
1055 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1056 LDFLAGS="$LDFLAGS -L${withval}/lib"
1057 fi
1058
3466e002 1059 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
278588d8 1060 LIBS="-lskey $LIBS"
aff51935 1061 SKEY_MSG="yes"
82f4e93d 1062
ddceb1c8 1063 AC_MSG_CHECKING([for s/key support])
b0e7249f 1064 AC_LINK_IFELSE(
1065 [AC_LANG_SOURCE([[
ddceb1c8 1066#include <stdio.h>
1067#include <skey.h>
aec4cb4f 1068int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
b0e7249f 1069 ]])],
ddceb1c8 1070 [AC_MSG_RESULT(yes)],
278588d8 1071 [
ddceb1c8 1072 AC_MSG_RESULT(no)
278588d8 1073 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1074 ])
141fc639 1075 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1076 AC_TRY_COMPILE(
1077 [#include <stdio.h>
1078 #include <skey.h>],
1079 [(void)skeychallenge(NULL,"name","",0);],
1080 [AC_MSG_RESULT(yes)
3466e002 1081 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1082 [Define if your skeychallenge()
1083 function takes 4 arguments (NetBSD)])],
141fc639 1084 [AC_MSG_RESULT(no)]
1085 )
278588d8 1086 fi
1087 ]
1088)
1089
1090# Check whether user wants TCP wrappers support
98a7c37b 1091TCPW_MSG="no"
278588d8 1092AC_ARG_WITH(tcp-wrappers,
6ff3d0dc 1093 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
278588d8 1094 [
1095 if test "x$withval" != "xno" ; then
1096 saved_LIBS="$LIBS"
98a7c37b 1097 saved_LDFLAGS="$LDFLAGS"
1098 saved_CPPFLAGS="$CPPFLAGS"
4b492aab 1099 if test -n "${withval}" && \
6cf0200f 1100 test "x${withval}" != "xyes"; then
98a7c37b 1101 if test -d "${withval}/lib"; then
1102 if test -n "${need_dash_r}"; then
5a162955 1103 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
98a7c37b 1104 else
5a162955 1105 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
98a7c37b 1106 fi
1107 else
1108 if test -n "${need_dash_r}"; then
5a162955 1109 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
98a7c37b 1110 else
5a162955 1111 LDFLAGS="-L${withval} ${LDFLAGS}"
98a7c37b 1112 fi
1113 fi
1114 if test -d "${withval}/include"; then
5a162955 1115 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
98a7c37b 1116 else
5a162955 1117 CPPFLAGS="-I${withval} ${CPPFLAGS}"
98a7c37b 1118 fi
98a7c37b 1119 fi
e54defb4 1120 LIBS="-lwrap $LIBS"
278588d8 1121 AC_MSG_CHECKING(for libwrap)
1122 AC_TRY_LINK(
1123 [
77f09220 1124#include <sys/types.h>
1125#include <sys/socket.h>
1126#include <netinet/in.h>
278588d8 1127#include <tcpd.h>
1128 int deny_severity = 0, allow_severity = 0;
1129 ],
1130 [hosts_access(0);],
1131 [
1132 AC_MSG_RESULT(yes)
3466e002 1133 AC_DEFINE(LIBWRAP, 1,
1134 [Define if you want
1135 TCP Wrappers support])
e54defb4 1136 SSHDLIBS="$SSHDLIBS -lwrap"
98a7c37b 1137 TCPW_MSG="yes"
278588d8 1138 ],
1139 [
1140 AC_MSG_ERROR([*** libwrap missing])
1141 ]
1142 )
ddceb1c8 1143 LIBS="$saved_LIBS"
278588d8 1144 fi
1145 ]
1146)
1147
59031773 1148# Check whether user wants libedit support
1149LIBEDIT_MSG="no"
1150AC_ARG_WITH(libedit,
6ff3d0dc 1151 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
59031773 1152 [ if test "x$withval" != "xno" ; then
737edf04 1153 if test "x$withval" != "xyes"; then
bb116c8e 1154 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1155 if test -n "${need_dash_r}"; then
1156 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1157 else
1158 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1159 fi
737edf04 1160 fi
59031773 1161 AC_CHECK_LIB(edit, el_init,
3466e002 1162 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
59031773 1163 LIBEDIT="-ledit -lcurses"
1164 LIBEDIT_MSG="yes"
1165 AC_SUBST(LIBEDIT)
1166 ],
737edf04 1167 [ AC_MSG_ERROR(libedit not found) ],
1168 [ -lcurses ]
59031773 1169 )
f47ddccb 1170 AC_MSG_CHECKING(if libedit version is compatible)
d92622f9 1171 AC_COMPILE_IFELSE(
1172 [AC_LANG_SOURCE([[
1173#include <histedit.h>
f47ddccb 1174int main(void)
1175{
1176 int i = H_SETSIZE;
1177 el_init("", NULL, NULL, NULL);
1178 exit(0);
1179}
d92622f9 1180 ]])],
f47ddccb 1181 [ AC_MSG_RESULT(yes) ],
1182 [ AC_MSG_RESULT(no)
1183 AC_MSG_ERROR(libedit version is not compatible) ]
1184 )
59031773 1185 fi ]
1186)
1187
7b578f7d 1188AUDIT_MODULE=none
1189AC_ARG_WITH(audit,
1190 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1191 [
1192 AC_MSG_CHECKING(for supported audit module)
1193 case "$withval" in
1194 bsm)
1195 AC_MSG_RESULT(bsm)
1196 AUDIT_MODULE=bsm
1197 dnl Checks for headers, libs and functions
1198 AC_CHECK_HEADERS(bsm/audit.h, [],
a01f637d 1199 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1200 [
1201#ifdef HAVE_TIME_H
1202# include <time.h>
1203#endif
1204 ]
1205)
7b578f7d 1206 AC_CHECK_LIB(bsm, getaudit, [],
1207 [AC_MSG_ERROR(BSM enabled and required library not found)])
1208 AC_CHECK_FUNCS(getaudit, [],
1209 [AC_MSG_ERROR(BSM enabled and required function not found)])
1210 # These are optional
7939c496 1211 AC_CHECK_FUNCS(getaudit_addr)
3466e002 1212 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
7b578f7d 1213 ;;
1214 debug)
1215 AUDIT_MODULE=debug
1216 AC_MSG_RESULT(debug)
3466e002 1217 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
7b578f7d 1218 ;;
a2b3321d 1219 no)
d92622f9 1220 AC_MSG_RESULT(no)
a2b3321d 1221 ;;
7b578f7d 1222 *)
1223 AC_MSG_ERROR([Unknown audit module $withval])
1224 ;;
1225 esac ]
1226)
1227
19160674 1228dnl Checks for library functions. Please keep in alphabetical order
b04a9f8c 1229AC_CHECK_FUNCS( \
1230 arc4random \
9a406e1e 1231 asprintf \
b04a9f8c 1232 b64_ntop \
1233 __b64_ntop \
1234 b64_pton \
1235 __b64_pton \
1236 bcopy \
1237 bindresvport_sa \
1238 clock \
1239 closefrom \
1240 dirfd \
b04a9f8c 1241 fchmod \
1242 fchown \
1243 freeaddrinfo \
1244 futimes \
1245 getaddrinfo \
1246 getcwd \
1247 getgrouplist \
1248 getnameinfo \
1249 getopt \
1250 getpeereid \
1961d660 1251 getpeerucred \
b04a9f8c 1252 _getpty \
1253 getrlimit \
1254 getttyent \
1255 glob \
1256 inet_aton \
1257 inet_ntoa \
1258 inet_ntop \
1259 innetgr \
1260 login_getcapbool \
1261 md5_crypt \
1262 memmove \
1263 mkdtemp \
1264 mmap \
1265 ngetaddrinfo \
1266 nsleep \
1267 ogetaddrinfo \
1268 openlog_r \
1269 openpty \
1270 prctl \
1271 pstat \
1272 readpassphrase \
1273 realpath \
1274 recvmsg \
1275 rresvport_af \
1276 sendmsg \
1277 setdtablesize \
1278 setegid \
1279 setenv \
1280 seteuid \
1281 setgroups \
1282 setlogin \
1283 setpcred \
1284 setproctitle \
1285 setregid \
1286 setreuid \
1287 setrlimit \
1288 setsid \
1289 setvbuf \
1290 sigaction \
1291 sigvec \
1292 snprintf \
1293 socketpair \
1294 strdup \
1295 strerror \
1296 strlcat \
1297 strlcpy \
1298 strmode \
1299 strnvis \
1300 strtonum \
1e29a0c8 1301 strtoll \
b04a9f8c 1302 strtoul \
1303 sysconf \
1304 tcgetpgrp \
1305 truncate \
1306 unsetenv \
1307 updwtmpx \
9a406e1e 1308 vasprintf \
b04a9f8c 1309 vhangup \
1310 vsnprintf \
1311 waitpid \
19160674 1312)
98a7c37b 1313
1a086f97 1314# IRIX has a const char return value for gai_strerror()
1315AC_CHECK_FUNCS(gai_strerror,[
1316 AC_DEFINE(HAVE_GAI_STRERROR)
1317 AC_TRY_COMPILE([
1318#include <sys/types.h>
1319#include <sys/socket.h>
1320#include <netdb.h>
1321
1322const char *gai_strerror(int);],[
1323char *str;
1324
1325str = gai_strerror(0);],[
1326 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1327 [Define if gai_strerror() returns const char *])])])
1328
3466e002 1329AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1330 [Some systems put nanosleep outside of libc]))
92b1decf 1331
309709db 1332dnl Make sure prototypes are defined for these before using them.
309709db 1333AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
0957c2cf 1334AC_CHECK_DECL(strsep,
1335 [AC_CHECK_FUNCS(strsep)],
1336 [],
1337 [
1338#ifdef HAVE_STRING_H
1339# include <string.h>
1340#endif
1341 ])
08412d26 1342
3490699c 1343dnl tcsendbreak might be a macro
1344AC_CHECK_DECL(tcsendbreak,
1345 [AC_DEFINE(HAVE_TCSENDBREAK)],
aff51935 1346 [AC_CHECK_FUNCS(tcsendbreak)],
3490699c 1347 [#include <termios.h>]
1348)
1349
41e0e158 1350AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1351
71f4c727 1352AC_CHECK_DECLS(SHUT_RD, , ,
1353 [
1354#include <sys/types.h>
1355#include <sys/socket.h>
1356 ])
956d6743 1357
1358AC_CHECK_DECLS(O_NONBLOCK, , ,
1359 [
1360#include <sys/types.h>
1361#ifdef HAVE_SYS_STAT_H
1362# include <sys/stat.h>
1363#endif
1364#ifdef HAVE_FCNTL_H
1365# include <fcntl.h>
1366#endif
1367 ])
1368
752994dd 1369AC_CHECK_DECLS(writev, , , [
1370#include <sys/types.h>
1371#include <sys/uio.h>
1372#include <unistd.h>
1373 ])
1374
0bf6279d 1375AC_CHECK_DECLS(MAXSYMLINKS, , , [
1376#include <sys/param.h>
1377 ])
1378
b41ece30 1379AC_CHECK_DECLS(offsetof, , , [
1380#include <stddef.h>
1381 ])
1382
3f176010 1383AC_CHECK_FUNCS(setresuid, [
1384 dnl Some platorms have setresuid that isn't implemented, test for this
1385 AC_MSG_CHECKING(if setresuid seems to work)
479cece8 1386 AC_RUN_IFELSE(
1387 [AC_LANG_SOURCE([[
9a3fe0e2 1388#include <stdlib.h>
1389#include <errno.h>
1390int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
479cece8 1391 ]])],
3f176010 1392 [AC_MSG_RESULT(yes)],
3466e002 1393 [AC_DEFINE(BROKEN_SETRESUID, 1,
1394 [Define if your setresuid() is broken])
1a01a50c 1395 AC_MSG_RESULT(not implemented)],
1396 [AC_MSG_WARN([cross compiling: not checking setresuid])]
3f176010 1397 )
1398])
9a3fe0e2 1399
3f176010 1400AC_CHECK_FUNCS(setresgid, [
1401 dnl Some platorms have setresgid that isn't implemented, test for this
1402 AC_MSG_CHECKING(if setresgid seems to work)
479cece8 1403 AC_RUN_IFELSE(
1404 [AC_LANG_SOURCE([[
9a3fe0e2 1405#include <stdlib.h>
1406#include <errno.h>
1407int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
479cece8 1408 ]])],
3f176010 1409 [AC_MSG_RESULT(yes)],
3466e002 1410 [AC_DEFINE(BROKEN_SETRESGID, 1,
1411 [Define if your setresgid() is broken])
1a01a50c 1412 AC_MSG_RESULT(not implemented)],
1413 [AC_MSG_WARN([cross compiling: not checking setresuid])]
3f176010 1414 )
1415])
9a3fe0e2 1416
2e73a022 1417dnl Checks for time functions
1d7b9b20 1418AC_CHECK_FUNCS(gettimeofday time)
2e73a022 1419dnl Checks for utmp functions
b03bd394 1420AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1d7b9b20 1421AC_CHECK_FUNCS(utmpname)
2e73a022 1422dnl Checks for utmpx functions
b03bd394 1423AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1d7b9b20 1424AC_CHECK_FUNCS(setutxent utmpxname)
76cd7316 1425
aff51935 1426AC_CHECK_FUNC(daemon,
3466e002 1427 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1428 [AC_CHECK_LIB(bsd, daemon,
1429 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
beb43d31 1430)
1431
aff51935 1432AC_CHECK_FUNC(getpagesize,
3466e002 1433 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1434 [Define if your libraries define getpagesize()])],
1435 [AC_CHECK_LIB(ucb, getpagesize,
1436 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
aa6bd60a 1437)
1438
2647ae26 1439# Check for broken snprintf
1440if test "x$ac_cv_func_snprintf" = "xyes" ; then
1441 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1a01a50c 1442 AC_RUN_IFELSE(
479cece8 1443 [AC_LANG_SOURCE([[
2647ae26 1444#include <stdio.h>
aec4cb4f 1445int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
479cece8 1446 ]])],
aff51935 1447 [AC_MSG_RESULT(yes)],
2647ae26 1448 [
1449 AC_MSG_RESULT(no)
3466e002 1450 AC_DEFINE(BROKEN_SNPRINTF, 1,
1451 [Define if your snprintf is busted])
2647ae26 1452 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1a01a50c 1453 ],
1454 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2647ae26 1455 )
1456fi
1457
9a406e1e 1458# If we don't have a working asprintf, then we strongly depend on vsnprintf
1459# returning the right thing on overflow: the number of characters it tried to
1460# create (as per SUSv3)
1461if test "x$ac_cv_func_asprintf" != "xyes" && \
1462 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1463 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1464 AC_RUN_IFELSE(
1465 [AC_LANG_SOURCE([[
1466#include <sys/types.h>
1467#include <stdio.h>
1468#include <stdarg.h>
1469
1470int x_snprintf(char *str,size_t count,const char *fmt,...)
1471{
1472 size_t ret; va_list ap;
1473 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1474 return ret;
1475}
1476int main(void)
1477{
1478 char x[1];
1479 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1480} ]])],
1481 [AC_MSG_RESULT(yes)],
1482 [
1483 AC_MSG_RESULT(no)
1484 AC_DEFINE(BROKEN_SNPRINTF, 1,
1485 [Define if your snprintf is busted])
1486 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1487 ],
1488 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1489 )
1490fi
1491
31b0732a 1492# On systems where [v]snprintf is broken, but is declared in stdio,
1493# check that the fmt argument is const char * or just char *.
1494# This is only useful for when BROKEN_SNPRINTF
1495AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1496AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1497 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1498 int main(void) { snprintf(0, 0, 0); }
1499 ]])],
1500 [AC_MSG_RESULT(yes)
1501 AC_DEFINE(SNPRINTF_CONST, [const],
1502 [Define as const if snprintf() can declare const char *fmt])],
1503 [AC_MSG_RESULT(no)
1504 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1505
2f6f9cff 1506# Check for missing getpeereid (or equiv) support
1507NO_PEERCHECK=""
1961d660 1508if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2f6f9cff 1509 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1510 AC_TRY_COMPILE(
1511 [#include <sys/types.h>
1512 #include <sys/socket.h>],
1513 [int i = SO_PEERCRED;],
62eb7db4 1514 [ AC_MSG_RESULT(yes)
3466e002 1515 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
62eb7db4 1516 ],
2f6f9cff 1517 [AC_MSG_RESULT(no)
1518 NO_PEERCHECK=1]
1519 )
1520fi
1521
70e7d0b0 1522dnl see whether mkstemp() requires XXXXXX
1523if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1524AC_MSG_CHECKING([for (overly) strict mkstemp])
b0e7249f 1525AC_RUN_IFELSE(
1526 [AC_LANG_SOURCE([[
70e7d0b0 1527#include <stdlib.h>
1528main() { char template[]="conftest.mkstemp-test";
1529if (mkstemp(template) == -1)
1530 exit(1);
1531unlink(template); exit(0);
1532}
b0e7249f 1533 ]])],
70e7d0b0 1534 [
1535 AC_MSG_RESULT(no)
1536 ],
aff51935 1537 [
70e7d0b0 1538 AC_MSG_RESULT(yes)
3466e002 1539 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
70e7d0b0 1540 ],
1541 [
1542 AC_MSG_RESULT(yes)
1543 AC_DEFINE(HAVE_STRICT_MKSTEMP)
aff51935 1544 ]
70e7d0b0 1545)
1546fi
1547
eacb954e 1548dnl make sure that openpty does not reacquire controlling terminal
1549if test ! -z "$check_for_openpty_ctty_bug"; then
1550 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
b0e7249f 1551 AC_RUN_IFELSE(
1552 [AC_LANG_SOURCE([[
eacb954e 1553#include <stdio.h>
1554#include <sys/fcntl.h>
1555#include <sys/types.h>
1556#include <sys/wait.h>
1557
1558int
1559main()
1560{
1561 pid_t pid;
1562 int fd, ptyfd, ttyfd, status;
1563
1564 pid = fork();
1565 if (pid < 0) { /* failed */
1566 exit(1);
1567 } else if (pid > 0) { /* parent */
1568 waitpid(pid, &status, 0);
aff51935 1569 if (WIFEXITED(status))
eacb954e 1570 exit(WEXITSTATUS(status));
1571 else
1572 exit(2);
1573 } else { /* child */
1574 close(0); close(1); close(2);
1575 setsid();
1576 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1577 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1578 if (fd >= 0)
1579 exit(3); /* Acquired ctty: broken */
1580 else
1581 exit(0); /* Did not acquire ctty: OK */
1582 }
1583}
b0e7249f 1584 ]])],
eacb954e 1585 [
1586 AC_MSG_RESULT(yes)
1587 ],
1588 [
1589 AC_MSG_RESULT(no)
1590 AC_DEFINE(SSHD_ACQUIRES_CTTY)
b0e7249f 1591 ],
1592 [
1593 AC_MSG_RESULT(cross-compiling, assuming yes)
eacb954e 1594 ]
1595 )
1596fi
1597
4b492aab 1598if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1599 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2fe51906 1600 AC_MSG_CHECKING(if getaddrinfo seems to work)
b0e7249f 1601 AC_RUN_IFELSE(
1602 [AC_LANG_SOURCE([[
2fe51906 1603#include <stdio.h>
1604#include <sys/socket.h>
1605#include <netdb.h>
1606#include <errno.h>
1607#include <netinet/in.h>
1608
1609#define TEST_PORT "2222"
1610
1611int
1612main(void)
1613{
1614 int err, sock;
1615 struct addrinfo *gai_ai, *ai, hints;
1616 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1617
1618 memset(&hints, 0, sizeof(hints));
1619 hints.ai_family = PF_UNSPEC;
1620 hints.ai_socktype = SOCK_STREAM;
1621 hints.ai_flags = AI_PASSIVE;
1622
1623 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1624 if (err != 0) {
1625 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1626 exit(1);
1627 }
1628
1629 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1630 if (ai->ai_family != AF_INET6)
1631 continue;
1632
1633 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1634 sizeof(ntop), strport, sizeof(strport),
1635 NI_NUMERICHOST|NI_NUMERICSERV);
1636
1637 if (err != 0) {
1638 if (err == EAI_SYSTEM)
1639 perror("getnameinfo EAI_SYSTEM");
1640 else
1641 fprintf(stderr, "getnameinfo failed: %s\n",
1642 gai_strerror(err));
1643 exit(2);
1644 }
1645
1646 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1647 if (sock < 0)
1648 perror("socket");
1649 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1650 if (errno == EBADF)
1651 exit(3);
1652 }
1653 }
1654 exit(0);
1655}
b0e7249f 1656 ]])],
2fe51906 1657 [
1658 AC_MSG_RESULT(yes)
1659 ],
1660 [
1661 AC_MSG_RESULT(no)
1662 AC_DEFINE(BROKEN_GETADDRINFO)
b0e7249f 1663 ],
1664 [
1665 AC_MSG_RESULT(cross-compiling, assuming yes)
2fe51906 1666 ]
1667 )
1668fi
1669
4b492aab 1670if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1671 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
5ccf88cb 1672 AC_MSG_CHECKING(if getaddrinfo seems to work)
b0e7249f 1673 AC_RUN_IFELSE(
1674 [AC_LANG_SOURCE([[
5ccf88cb 1675#include <stdio.h>
1676#include <sys/socket.h>
1677#include <netdb.h>
1678#include <errno.h>
1679#include <netinet/in.h>
1680
1681#define TEST_PORT "2222"
1682
1683int
1684main(void)
1685{
1686 int err, sock;
1687 struct addrinfo *gai_ai, *ai, hints;
1688 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1689
1690 memset(&hints, 0, sizeof(hints));
1691 hints.ai_family = PF_UNSPEC;
1692 hints.ai_socktype = SOCK_STREAM;
1693 hints.ai_flags = AI_PASSIVE;
1694
1695 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1696 if (err != 0) {
1697 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1698 exit(1);
1699 }
1700
1701 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1702 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1703 continue;
1704
1705 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1706 sizeof(ntop), strport, sizeof(strport),
1707 NI_NUMERICHOST|NI_NUMERICSERV);
1708
1709 if (ai->ai_family == AF_INET && err != 0) {
1710 perror("getnameinfo");
1711 exit(2);
1712 }
1713 }
1714 exit(0);
1715}
b0e7249f 1716 ]])],
5ccf88cb 1717 [
1718 AC_MSG_RESULT(yes)
3466e002 1719 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1720 [Define if you have a getaddrinfo that fails
1721 for the all-zeros IPv6 address])
5ccf88cb 1722 ],
1723 [
1724 AC_MSG_RESULT(no)
1725 AC_DEFINE(BROKEN_GETADDRINFO)
b0e7249f 1726 ],
ecd9ec09 1727 [
b0e7249f 1728 AC_MSG_RESULT(cross-compiling, assuming no)
5ccf88cb 1729 ]
1730 )
1731fi
1732
b29fd59f 1733if test "x$check_for_conflicting_getspnam" = "x1"; then
1734 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1735 AC_COMPILE_IFELSE(
1736 [
1737#include <shadow.h>
1738int main(void) {exit(0);}
1739 ],
1740 [
1741 AC_MSG_RESULT(no)
1742 ],
1743 [
1744 AC_MSG_RESULT(yes)
1745 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1746 [Conflicting defs for getspnam])
1747 ]
1748 )
1749fi
1750
7f8f5e00 1751AC_FUNC_GETPGRP
1752
5b991353 1753# Search for OpenSSL
1754saved_CPPFLAGS="$CPPFLAGS"
1755saved_LDFLAGS="$LDFLAGS"
a0391976 1756AC_ARG_WITH(ssl-dir,
1757 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1758 [
e9e4a1c7 1759 if test "x$withval" != "xno" ; then
99eb0f64 1760 case "$withval" in
1761 # Relative paths
1762 ./*|../*) withval="`pwd`/$withval"
1763 esac
5b991353 1764 if test -d "$withval/lib"; then
1765 if test -n "${need_dash_r}"; then
1766 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1767 else
1768 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
d6f13fbb 1769 fi
1770 else
5b991353 1771 if test -n "${need_dash_r}"; then
1772 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1773 else
1774 LDFLAGS="-L${withval} ${LDFLAGS}"
d6f13fbb 1775 fi
1776 fi
5b991353 1777 if test -d "$withval/include"; then
1778 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
d6f13fbb 1779 else
5b991353 1780 CPPFLAGS="-I${withval} ${CPPFLAGS}"
58d100bf 1781 fi
a0391976 1782 fi
5b991353 1783 ]
1784)
5486a457 1785LIBS="-lcrypto $LIBS"
3466e002 1786AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1787 [Define if your ssl headers are included
1788 with #include <openssl/header.h>]),
d45e3d76 1789 [
5b991353 1790 dnl Check default openssl install dir
1791 if test -n "${need_dash_r}"; then
1792 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
d45e3d76 1793 else
5b991353 1794 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
d45e3d76 1795 fi
5b991353 1796 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1797 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1798 [
1799 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1800 ]
1801 )
1802 ]
1803)
1804
cd018561 1805# Determine OpenSSL header version
1806AC_MSG_CHECKING([OpenSSL header version])
1a01a50c 1807AC_RUN_IFELSE(
479cece8 1808 [AC_LANG_SOURCE([[
cd018561 1809#include <stdio.h>
1810#include <string.h>
1811#include <openssl/opensslv.h>
1812#define DATA "conftest.sslincver"
1813int main(void) {
aff51935 1814 FILE *fd;
1815 int rc;
cd018561 1816
aff51935 1817 fd = fopen(DATA,"w");
1818 if(fd == NULL)
1819 exit(1);
cd018561 1820
1821 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1822 exit(1);
1823
1824 exit(0);
1825}
479cece8 1826 ]])],
cd018561 1827 [
1828 ssl_header_ver=`cat conftest.sslincver`
1829 AC_MSG_RESULT($ssl_header_ver)
1830 ],
1831 [
1832 AC_MSG_RESULT(not found)
1833 AC_MSG_ERROR(OpenSSL version header not found.)
1a01a50c 1834 ],
1835 [
1836 AC_MSG_WARN([cross compiling: not checking])
cd018561 1837 ]
1838)
1839
1840# Determine OpenSSL library version
1841AC_MSG_CHECKING([OpenSSL library version])
1a01a50c 1842AC_RUN_IFELSE(
479cece8 1843 [AC_LANG_SOURCE([[
cd018561 1844#include <stdio.h>
1845#include <string.h>
1846#include <openssl/opensslv.h>
1847#include <openssl/crypto.h>
1848#define DATA "conftest.ssllibver"
1849int main(void) {
aff51935 1850 FILE *fd;
1851 int rc;
cd018561 1852
aff51935 1853 fd = fopen(DATA,"w");
1854 if(fd == NULL)
1855 exit(1);
cd018561 1856
1857 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1858 exit(1);
1859
1860 exit(0);
1861}
479cece8 1862 ]])],
cd018561 1863 [
1864 ssl_library_ver=`cat conftest.ssllibver`
1865 AC_MSG_RESULT($ssl_library_ver)
1866 ],
1867 [
1868 AC_MSG_RESULT(not found)
1869 AC_MSG_ERROR(OpenSSL library not found.)
1a01a50c 1870 ],
1871 [
1872 AC_MSG_WARN([cross compiling: not checking])
cd018561 1873 ]
1874)
58d100bf 1875
1d42bcce 1876AC_ARG_WITH(openssl-header-check,
1877 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1878 [ if test "x$withval" = "xno" ; then
1879 openssl_check_nonfatal=1
1880 fi
1881 ]
1882)
1883
9780116c 1884# Sanity check OpenSSL headers
1885AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1a01a50c 1886AC_RUN_IFELSE(
479cece8 1887 [AC_LANG_SOURCE([[
9780116c 1888#include <string.h>
1889#include <openssl/opensslv.h>
aec4cb4f 1890int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
479cece8 1891 ]])],
9780116c 1892 [
1893 AC_MSG_RESULT(yes)
1894 ],
1895 [
1896 AC_MSG_RESULT(no)
1d42bcce 1897 if test "x$openssl_check_nonfatal" = "x"; then
1898 AC_MSG_ERROR([Your OpenSSL headers do not match your
1899library. Check config.log for details.
1900If you are sure your installation is consistent, you can disable the check
1901by running "./configure --without-openssl-header-check".
1902Also see contrib/findssl.sh for help identifying header/library mismatches.
1903])
1904 else
1905 AC_MSG_WARN([Your OpenSSL headers do not match your
1906library. Check config.log for details.
e15ba28b 1907Also see contrib/findssl.sh for help identifying header/library mismatches.])
1d42bcce 1908 fi
1a01a50c 1909 ],
1910 [
1911 AC_MSG_WARN([cross compiling: not checking])
9780116c 1912 ]
1913)
1914
282d6408 1915AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1916AC_LINK_IFELSE(
1917 [AC_LANG_SOURCE([[
1918#include <openssl/evp.h>
1919int main(void) { SSLeay_add_all_algorithms(); }
1920 ]])],
1921 [
1922 AC_MSG_RESULT(yes)
1923 ],
1924 [
1925 AC_MSG_RESULT(no)
1926 saved_LIBS="$LIBS"
1927 LIBS="$LIBS -ldl"
1928 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1929 AC_LINK_IFELSE(
1930 [AC_LANG_SOURCE([[
1931#include <openssl/evp.h>
1932int main(void) { SSLeay_add_all_algorithms(); }
1933 ]])],
1934 [
1935 AC_MSG_RESULT(yes)
1936 ],
1937 [
1938 AC_MSG_RESULT(no)
1939 LIBS="$saved_LIBS"
1940 ]
1941 )
1942 ]
1943)
1944
c7ad0d99 1945AC_ARG_WITH(ssl-engine,
1946 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1947 [ if test "x$withval" != "xno" ; then
1948 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1949 AC_TRY_COMPILE(
1950 [ #include <openssl/engine.h>],
1951 [
24b2647b 1952ENGINE_load_builtin_engines();ENGINE_register_all_complete();
c7ad0d99 1953 ],
1954 [ AC_MSG_RESULT(yes)
1955 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1956 [Enable OpenSSL engine support])
1957 ],
1958 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1959 )
1960 fi ]
1961)
1962
e5146707 1963# Check for OpenSSL without EVP_aes_{192,256}_cbc
1964AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3e05aa50 1965AC_LINK_IFELSE(
e5146707 1966 [AC_LANG_SOURCE([[
1967#include <string.h>
1968#include <openssl/evp.h>
300ea548 1969int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
e5146707 1970 ]])],
1971 [
1972 AC_MSG_RESULT(no)
1973 ],
1974 [
1975 AC_MSG_RESULT(yes)
1976 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1977 [libcrypto is missing AES 192 and 256 bit functions])
1978 ]
1979)
1980
5486a457 1981# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1982# because the system crypt() is more featureful.
1983if test "x$check_for_libcrypt_before" = "x1"; then
1984 AC_CHECK_LIB(crypt, crypt)
1985fi
1986
aff51935 1987# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
8087c5ee 1988# version in OpenSSL.
05114c74 1989if test "x$check_for_libcrypt_later" = "x1"; then
20cad736 1990 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
717057b6 1991fi
1992
13ff27b7 1993# Search for SHA256 support in libc and/or OpenSSL
1994AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1995
a03acb8f 1996saved_LIBS="$LIBS"
1997AC_CHECK_LIB(iaf, ia_openinfo, [
1998 LIBS="$LIBS -liaf"
1999 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
2000])
2001LIBS="$saved_LIBS"
f1b0ecc3 2002
2003### Configure cryptographic random number support
2004
2005# Check wheter OpenSSL seeds itself
2006AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1a01a50c 2007AC_RUN_IFELSE(
479cece8 2008 [AC_LANG_SOURCE([[
f1b0ecc3 2009#include <string.h>
2010#include <openssl/rand.h>
aec4cb4f 2011int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
479cece8 2012 ]])],
f1b0ecc3 2013 [
2014 OPENSSL_SEEDS_ITSELF=yes
2015 AC_MSG_RESULT(yes)
2016 ],
2017 [
2018 AC_MSG_RESULT(no)
2019 # Default to use of the rand helper if OpenSSL doesn't
2020 # seed itself
2021 USE_RAND_HELPER=yes
1a01a50c 2022 ],
2023 [
2024 AC_MSG_WARN([cross compiling: assuming yes])
2025 # This is safe, since all recent OpenSSL versions will
82f4e93d 2026 # complain at runtime if not seeded correctly.
1a01a50c 2027 OPENSSL_SEEDS_ITSELF=yes
f1b0ecc3 2028 ]
2029)
2030
a086f73b 2031# Check for PAM libs
2032PAM_MSG="no"
2033AC_ARG_WITH(pam,
2034 [ --with-pam Enable PAM support ],
2035 [
2036 if test "x$withval" != "xno" ; then
2037 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2038 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2039 AC_MSG_ERROR([PAM headers not found])
2040 fi
2041
2042 saved_LIBS="$LIBS"
2043 AC_CHECK_LIB(dl, dlopen, , )
2044 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2045 AC_CHECK_FUNCS(pam_getenvlist)
2046 AC_CHECK_FUNCS(pam_putenv)
2047 LIBS="$saved_LIBS"
2048
2049 PAM_MSG="yes"
2050
e54defb4 2051 SSHDLIBS="$SSHDLIBS -lpam"
a086f73b 2052 AC_DEFINE(USE_PAM, 1,
2053 [Define if you want to enable PAM support])
282d6408 2054
a086f73b 2055 if test $ac_cv_lib_dl_dlopen = yes; then
282d6408 2056 case "$LIBS" in
2057 *-ldl*)
2058 # libdl already in LIBS
2059 ;;
2060 *)
e54defb4 2061 SSHDLIBS="$SSHDLIBS -ldl"
282d6408 2062 ;;
2063 esac
a086f73b 2064 fi
a086f73b 2065 fi
2066 ]
2067)
2068
2069# Check for older PAM
2070if test "x$PAM_MSG" = "xyes" ; then
2071 # Check PAM strerror arguments (old PAM)
2072 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2073 AC_TRY_COMPILE(
2074 [
2075#include <stdlib.h>
2076#if defined(HAVE_SECURITY_PAM_APPL_H)
2077#include <security/pam_appl.h>
2078#elif defined (HAVE_PAM_PAM_APPL_H)
2079#include <pam/pam_appl.h>
2080#endif
2081 ],
2082 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2083 [AC_MSG_RESULT(no)],
2084 [
2085 AC_DEFINE(HAVE_OLD_PAM, 1,
2086 [Define if you have an old version of PAM
2087 which takes only one argument to pam_strerror])
2088 AC_MSG_RESULT(yes)
2089 PAM_MSG="yes (old library)"
2090 ]
2091 )
2092fi
f1b0ecc3 2093
2094# Do we want to force the use of the rand helper?
2095AC_ARG_WITH(rand-helper,
2096 [ --with-rand-helper Use subprocess to gather strong randomness ],
2097 [
2098 if test "x$withval" = "xno" ; then
aff51935 2099 # Force use of OpenSSL's internal RNG, even if
f1b0ecc3 2100 # the previous test showed it to be unseeded.
2101 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2102 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2103 OPENSSL_SEEDS_ITSELF=yes
2104 USE_RAND_HELPER=""
2105 fi
2106 else
2107 USE_RAND_HELPER=yes
2108 fi
2109 ],
82f4e93d 2110)
f1b0ecc3 2111
2112# Which randomness source do we use?
4b492aab 2113if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
f1b0ecc3 2114 # OpenSSL only
3466e002 2115 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2116 [Define if you want OpenSSL's internally seeded PRNG only])
f1b0ecc3 2117 RAND_MSG="OpenSSL internal ONLY"
2118 INSTALL_SSH_RAND_HELPER=""
70e2f2f3 2119elif test ! -z "$USE_RAND_HELPER" ; then
2120 # install rand helper
f1b0ecc3 2121 RAND_MSG="ssh-rand-helper"
2122 INSTALL_SSH_RAND_HELPER="yes"
2123fi
2124AC_SUBST(INSTALL_SSH_RAND_HELPER)
2125
2126### Configuration of ssh-rand-helper
2127
2128# PRNGD TCP socket
2129AC_ARG_WITH(prngd-port,
2130 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2131 [
eb5d7ff6 2132 case "$withval" in
2133 no)
2134 withval=""
2135 ;;
2136 [[0-9]]*)
2137 ;;
2138 *)
2139 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2140 ;;
2141 esac
2142 if test ! -z "$withval" ; then
f1b0ecc3 2143 PRNGD_PORT="$withval"
3466e002 2144 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2145 [Port number of PRNGD/EGD random number socket])
f1b0ecc3 2146 fi
2147 ]
2148)
2149
2150# PRNGD Unix domain socket
2151AC_ARG_WITH(prngd-socket,
2152 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2153 [
eb5d7ff6 2154 case "$withval" in
2155 yes)
f1b0ecc3 2156 withval="/var/run/egd-pool"
eb5d7ff6 2157 ;;
2158 no)
2159 withval=""
2160 ;;
2161 /*)
2162 ;;
2163 *)
2164 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2165 ;;
2166 esac
2167
2168 if test ! -z "$withval" ; then
f1b0ecc3 2169 if test ! -z "$PRNGD_PORT" ; then
2170 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2171 fi
906e811b 2172 if test ! -r "$withval" ; then
f1b0ecc3 2173 AC_MSG_WARN(Entropy socket is not readable)
2174 fi
2175 PRNGD_SOCKET="$withval"
3466e002 2176 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2177 [Location of PRNGD/EGD random number socket])
f1b0ecc3 2178 fi
ddceb1c8 2179 ],
2180 [
2181 # Check for existing socket only if we don't have a random device already
2182 if test "$USE_RAND_HELPER" = yes ; then
2183 AC_MSG_CHECKING(for PRNGD/EGD socket)
2184 # Insert other locations here
2185 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2186 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2187 PRNGD_SOCKET="$sock"
2188 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2189 break;
2190 fi
2191 done
2192 if test ! -z "$PRNGD_SOCKET" ; then
2193 AC_MSG_RESULT($PRNGD_SOCKET)
2194 else
2195 AC_MSG_RESULT(not found)
2196 fi
2197 fi
f1b0ecc3 2198 ]
2199)
2200
2201# Change default command timeout for hashing entropy source
2202entropy_timeout=200
2203AC_ARG_WITH(entropy-timeout,
2204 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2205 [
6cf0200f 2206 if test -n "$withval" && test "x$withval" != "xno" && \
2207 test "x${withval}" != "xyes"; then
f1b0ecc3 2208 entropy_timeout=$withval
2209 fi
82f4e93d 2210 ]
f1b0ecc3 2211)
3466e002 2212AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2213 [Builtin PRNG command timeout])
f1b0ecc3 2214
fd3cbf67 2215SSH_PRIVSEP_USER=sshd
9a0fbcb3 2216AC_ARG_WITH(privsep-user,
5222e7ef 2217 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
9a0fbcb3 2218 [
6cf0200f 2219 if test -n "$withval" && test "x$withval" != "xno" && \
2220 test "x${withval}" != "xyes"; then
fd3cbf67 2221 SSH_PRIVSEP_USER=$withval
9a0fbcb3 2222 fi
82f4e93d 2223 ]
9a0fbcb3 2224)
3466e002 2225AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2226 [non-privileged user for privilege separation])
fd3cbf67 2227AC_SUBST(SSH_PRIVSEP_USER)
9a0fbcb3 2228
81dadca3 2229# We do this little dance with the search path to insure
2230# that programs that we select for use by installed programs
2231# (which may be run by the super-user) come from trusted
2232# locations before they come from the user's private area.
2233# This should help avoid accidentally configuring some
2234# random version of a program in someone's personal bin.
2235
2236OPATH=$PATH
2237PATH=/bin:/usr/bin
f95c8ce8 2238test -h /bin 2> /dev/null && PATH=/usr/bin
81dadca3 2239test -d /sbin && PATH=$PATH:/sbin
2240test -d /usr/sbin && PATH=$PATH:/usr/sbin
2241PATH=$PATH:/etc:$OPATH
2242
aff51935 2243# These programs are used by the command hashing source to gather entropy
f1b0ecc3 2244OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2245OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2246OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2247OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2248OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2249OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2250OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2251OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2252OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2253OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2254OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2255OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2256OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2257OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2258OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2259OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
81dadca3 2260# restore PATH
2261PATH=$OPATH
f1b0ecc3 2262
2263# Where does ssh-rand-helper get its randomness from?
2264INSTALL_SSH_PRNG_CMDS=""
2265if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2266 if test ! -z "$PRNGD_PORT" ; then
2267 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2268 elif test ! -z "$PRNGD_SOCKET" ; then
2269 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2270 else
2271 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2272 RAND_HELPER_CMDHASH=yes
2273 INSTALL_SSH_PRNG_CMDS="yes"
2274 fi
2275fi
2276AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2277
2278
66d6c27e 2279# Cheap hack to ensure NEWS-OS libraries are arranged right.
2280if test ! -z "$SONY" ; then
2281 LIBS="$LIBS -liberty";
2282fi
2283
9a406e1e 2284# Check for long long datatypes
2285AC_CHECK_TYPES([long long, unsigned long long, long double])
2286
2287# Check datatype sizes
976f7e19 2288AC_CHECK_SIZEOF(char, 1)
2b942fe0 2289AC_CHECK_SIZEOF(short int, 2)
2290AC_CHECK_SIZEOF(int, 4)
2291AC_CHECK_SIZEOF(long int, 4)
2292AC_CHECK_SIZEOF(long long int, 8)
2293
52f1ccb2 2294# Sanity check long long for some platforms (AIX)
2295if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2296 ac_cv_sizeof_long_long_int=0
2297fi
2298
90f15776 2299# compute LLONG_MIN and LLONG_MAX if we don't know them.
2300if test -z "$have_llong_max"; then
2301 AC_MSG_CHECKING([for max value of long long])
2302 AC_RUN_IFELSE(
2303 [AC_LANG_SOURCE([[
2304#include <stdio.h>
2305/* Why is this so damn hard? */
2306#ifdef __GNUC__
2307# undef __GNUC__
2308#endif
2309#define __USE_ISOC99
2310#include <limits.h>
2311#define DATA "conftest.llminmax"
055252ed 2312#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2313
2314/*
2315 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2316 * we do this the hard way.
2317 */
2318static int
2319fprint_ll(FILE *f, long long n)
2320{
2321 unsigned int i;
2322 int l[sizeof(long long) * 8];
2323
2324 if (n < 0)
2325 if (fprintf(f, "-") < 0)
2326 return -1;
2327 for (i = 0; n != 0; i++) {
2328 l[i] = my_abs(n % 10);
2329 n /= 10;
2330 }
2331 do {
2332 if (fprintf(f, "%d", l[--i]) < 0)
2333 return -1;
2334 } while (i != 0);
2335 if (fprintf(f, " ") < 0)
2336 return -1;
2337 return 0;
2338}
2339
90f15776 2340int main(void) {
2341 FILE *f;
2342 long long i, llmin, llmax = 0;
2343
2344 if((f = fopen(DATA,"w")) == NULL)
2345 exit(1);
2346
2347#if defined(LLONG_MIN) && defined(LLONG_MAX)
2348 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2349 llmin = LLONG_MIN;
2350 llmax = LLONG_MAX;
2351#else
2352 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2353 /* This will work on one's complement and two's complement */
2354 for (i = 1; i > llmax; i <<= 1, i++)
2355 llmax = i;
2356 llmin = llmax + 1LL; /* wrap */
2357#endif
2358
2359 /* Sanity check */
2360 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
055252ed 2361 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2362 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
90f15776 2363 fprintf(f, "unknown unknown\n");
2364 exit(2);
2365 }
2366
055252ed 2367 if (fprint_ll(f, llmin) < 0)
90f15776 2368 exit(3);
055252ed 2369 if (fprint_ll(f, llmax) < 0)
2370 exit(4);
2371 if (fclose(f) < 0)
2372 exit(5);
90f15776 2373 exit(0);
2374}
2375 ]])],
2376 [
2377 llong_min=`$AWK '{print $1}' conftest.llminmax`
2378 llong_max=`$AWK '{print $2}' conftest.llminmax`
2379
90f15776 2380 AC_MSG_RESULT($llong_max)
2381 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2382 [max value of long long calculated by configure])
2383 AC_MSG_CHECKING([for min value of long long])
2384 AC_MSG_RESULT($llong_min)
2385 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2386 [min value of long long calculated by configure])
2387 ],
2388 [
2389 AC_MSG_RESULT(not found)
2390 ],
2391 [
2392 AC_MSG_WARN([cross compiling: not checking])
2393 ]
2394 )
2395fi
2396
2397
a0391976 2398# More checks for data types
14a9a859 2399AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2400 AC_TRY_COMPILE(
aff51935 2401 [ #include <sys/types.h> ],
2402 [ u_int a; a = 1;],
14a9a859 2403 [ ac_cv_have_u_int="yes" ],
2404 [ ac_cv_have_u_int="no" ]
2405 )
2406])
2407if test "x$ac_cv_have_u_int" = "xyes" ; then
3466e002 2408 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
14a9a859 2409 have_u_int=1
2410fi
2411
58d100bf 2412AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2413 AC_TRY_COMPILE(
aff51935 2414 [ #include <sys/types.h> ],
2415 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
58d100bf 2416 [ ac_cv_have_intxx_t="yes" ],
2417 [ ac_cv_have_intxx_t="no" ]
2418 )
2419])
2420if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3466e002 2421 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
58d100bf 2422 have_intxx_t=1
2423fi
41cb4569 2424
2425if (test -z "$have_intxx_t" && \
aff51935 2426 test "x$ac_cv_header_stdint_h" = "xyes")
41cb4569 2427then
2428 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2429 AC_TRY_COMPILE(
aff51935 2430 [ #include <stdint.h> ],
2431 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
41cb4569 2432 [
2433 AC_DEFINE(HAVE_INTXX_T)
2434 AC_MSG_RESULT(yes)
2435 ],
2436 [ AC_MSG_RESULT(no) ]
2437 )
2438fi
2439
bd590612 2440AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2441 AC_TRY_COMPILE(
1cbbe6c8 2442 [
2443#include <sys/types.h>
2444#ifdef HAVE_STDINT_H
2445# include <stdint.h>
2446#endif
2447#include <sys/socket.h>
2448#ifdef HAVE_SYS_BITYPES_H
2449# include <sys/bitypes.h>
2450#endif
aff51935 2451 ],
2452 [ int64_t a; a = 1;],
bd590612 2453 [ ac_cv_have_int64_t="yes" ],
2454 [ ac_cv_have_int64_t="no" ]
2455 )
2456])
2457if test "x$ac_cv_have_int64_t" = "xyes" ; then
3466e002 2458 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
ddceb1c8 2459fi
2460
58d100bf 2461AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2462 AC_TRY_COMPILE(
aff51935 2463 [ #include <sys/types.h> ],
2464 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
58d100bf 2465 [ ac_cv_have_u_intxx_t="yes" ],
2466 [ ac_cv_have_u_intxx_t="no" ]
2467 )
2468])
2469if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3466e002 2470 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
58d100bf 2471 have_u_intxx_t=1
2472fi
2b942fe0 2473
41cb4569 2474if test -z "$have_u_intxx_t" ; then
2475 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2476 AC_TRY_COMPILE(
aff51935 2477 [ #include <sys/socket.h> ],
2478 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
41cb4569 2479 [
2480 AC_DEFINE(HAVE_U_INTXX_T)
2481 AC_MSG_RESULT(yes)
2482 ],
2483 [ AC_MSG_RESULT(no) ]
2484 )
2485fi
2486
bd590612 2487AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2488 AC_TRY_COMPILE(
aff51935 2489 [ #include <sys/types.h> ],
2490 [ u_int64_t a; a = 1;],
bd590612 2491 [ ac_cv_have_u_int64_t="yes" ],
2492 [ ac_cv_have_u_int64_t="no" ]
2493 )
2494])
2495if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3466e002 2496 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
bd590612 2497 have_u_int64_t=1
2498fi
2499
ddceb1c8 2500if test -z "$have_u_int64_t" ; then
2501 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2502 AC_TRY_COMPILE(
aff51935 2503 [ #include <sys/bitypes.h> ],
ddceb1c8 2504 [ u_int64_t a; a = 1],
2505 [
2506 AC_DEFINE(HAVE_U_INT64_T)
2507 AC_MSG_RESULT(yes)
2508 ],
2509 [ AC_MSG_RESULT(no) ]
2510 )
2511fi
2512
41cb4569 2513if test -z "$have_u_intxx_t" ; then
2514 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2515 AC_TRY_COMPILE(
2516 [
2517#include <sys/types.h>
aff51935 2518 ],
2519 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
41cb4569 2520 [ ac_cv_have_uintxx_t="yes" ],
2521 [ ac_cv_have_uintxx_t="no" ]
2522 )
2523 ])
2524 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3466e002 2525 AC_DEFINE(HAVE_UINTXX_T, 1,
2526 [define if you have uintxx_t data type])
41cb4569 2527 fi
2528fi
2529
2530if test -z "$have_uintxx_t" ; then
2531 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2532 AC_TRY_COMPILE(
aff51935 2533 [ #include <stdint.h> ],
2534 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
41cb4569 2535 [
2536 AC_DEFINE(HAVE_UINTXX_T)
2537 AC_MSG_RESULT(yes)
2538 ],
2539 [ AC_MSG_RESULT(no) ]
2540 )
2541fi
2542
e5fe9a1f 2543if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
aff51935 2544 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
5cdfe03f 2545then
2546 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2547 AC_TRY_COMPILE(
58d100bf 2548 [
2549#include <sys/bitypes.h>
aff51935 2550 ],
5cdfe03f 2551 [
837c30b8 2552 int8_t a; int16_t b; int32_t c;
2553 u_int8_t e; u_int16_t f; u_int32_t g;
2554 a = b = c = e = f = g = 1;
aff51935 2555 ],
5cdfe03f 2556 [
2557 AC_DEFINE(HAVE_U_INTXX_T)
2558 AC_DEFINE(HAVE_INTXX_T)
2559 AC_MSG_RESULT(yes)
2560 ],
2561 [AC_MSG_RESULT(no)]
aff51935 2562 )
5cdfe03f 2563fi
2564
0362750e 2565
2566AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2567 AC_TRY_COMPILE(
2568 [
2569#include <sys/types.h>
2570 ],
2571 [ u_char foo; foo = 125; ],
2572 [ ac_cv_have_u_char="yes" ],
2573 [ ac_cv_have_u_char="no" ]
2574 )
2575])
2576if test "x$ac_cv_have_u_char" = "xyes" ; then
3466e002 2577 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
0362750e 2578fi
2579
98a7c37b 2580TYPE_SOCKLEN_T
2b942fe0 2581
2d16d9a3 2582AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
ddceb1c8 2583
777ece68 2584AC_CHECK_TYPES(in_addr_t,,,
2585[#include <sys/types.h>
2586#include <netinet/in.h>])
7b578f7d 2587
58d100bf 2588AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2589 AC_TRY_COMPILE(
2590 [
18ba2aab 2591#include <sys/types.h>
58d100bf 2592 ],
2593 [ size_t foo; foo = 1235; ],
2594 [ ac_cv_have_size_t="yes" ],
2595 [ ac_cv_have_size_t="no" ]
2596 )
2597])
2598if test "x$ac_cv_have_size_t" = "xyes" ; then
3466e002 2599 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
58d100bf 2600fi
ea1970a3 2601
c04f75f1 2602AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2603 AC_TRY_COMPILE(
2604 [
2605#include <sys/types.h>
2606 ],
2607 [ ssize_t foo; foo = 1235; ],
2608 [ ac_cv_have_ssize_t="yes" ],
2609 [ ac_cv_have_ssize_t="no" ]
2610 )
2611])
2612if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3466e002 2613 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
c04f75f1 2614fi
2615
f1c4659d 2616AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2617 AC_TRY_COMPILE(
2618 [
2619#include <time.h>
2620 ],
2621 [ clock_t foo; foo = 1235; ],
2622 [ ac_cv_have_clock_t="yes" ],
2623 [ ac_cv_have_clock_t="no" ]
2624 )
2625])
2626if test "x$ac_cv_have_clock_t" = "xyes" ; then
3466e002 2627 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
f1c4659d 2628fi
2629
1c04b088 2630AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2631 AC_TRY_COMPILE(
2632 [
2633#include <sys/types.h>
2634#include <sys/socket.h>
2635 ],
2636 [ sa_family_t foo; foo = 1235; ],
2637 [ ac_cv_have_sa_family_t="yes" ],
77bb0bca 2638 [ AC_TRY_COMPILE(
2639 [
2640#include <sys/types.h>
2641#include <sys/socket.h>
2642#include <netinet/in.h>
2643 ],
2644 [ sa_family_t foo; foo = 1235; ],
2645 [ ac_cv_have_sa_family_t="yes" ],
2646
1c04b088 2647 [ ac_cv_have_sa_family_t="no" ]
77bb0bca 2648 )]
1c04b088 2649 )
2650])
2651if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3466e002 2652 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2653 [define if you have sa_family_t data type])
1c04b088 2654fi
2655
729bfe59 2656AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2657 AC_TRY_COMPILE(
2658 [
2659#include <sys/types.h>
2660 ],
2661 [ pid_t foo; foo = 1235; ],
2662 [ ac_cv_have_pid_t="yes" ],
2663 [ ac_cv_have_pid_t="no" ]
2664 )
2665])
2666if test "x$ac_cv_have_pid_t" = "xyes" ; then
3466e002 2667 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
729bfe59 2668fi
2669
2670AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2671 AC_TRY_COMPILE(
2672 [
2673#include <sys/types.h>
2674 ],
2675 [ mode_t foo; foo = 1235; ],
2676 [ ac_cv_have_mode_t="yes" ],
2677 [ ac_cv_have_mode_t="no" ]
2678 )
2679])
2680if test "x$ac_cv_have_mode_t" = "xyes" ; then
3466e002 2681 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
729bfe59 2682fi
2683
e3a93db0 2684
58d100bf 2685AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2686 AC_TRY_COMPILE(
2687 [
18ba2aab 2688#include <sys/types.h>
2689#include <sys/socket.h>
58d100bf 2690 ],
2691 [ struct sockaddr_storage s; ],
2692 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2693 [ ac_cv_have_struct_sockaddr_storage="no" ]
2694 )
2695])
2696if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3466e002 2697 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2698 [define if you have struct sockaddr_storage data type])
58d100bf 2699fi
48e671d5 2700
58d100bf 2701AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2702 AC_TRY_COMPILE(
2703 [
cbd7492e 2704#include <sys/types.h>
58d100bf 2705#include <netinet/in.h>
2706 ],
2707 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2708 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2709 [ ac_cv_have_struct_sockaddr_in6="no" ]
2710 )
2711])
2712if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3466e002 2713 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2714 [define if you have struct sockaddr_in6 data type])
58d100bf 2715fi
48e671d5 2716
58d100bf 2717AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2718 AC_TRY_COMPILE(
2719 [
cbd7492e 2720#include <sys/types.h>
58d100bf 2721#include <netinet/in.h>
2722 ],
2723 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2724 [ ac_cv_have_struct_in6_addr="yes" ],
2725 [ ac_cv_have_struct_in6_addr="no" ]
2726 )
2727])
2728if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3466e002 2729 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2730 [define if you have struct in6_addr data type])
58d100bf 2731fi
48e671d5 2732
58d100bf 2733AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2734 AC_TRY_COMPILE(
2735 [
18ba2aab 2736#include <sys/types.h>
2737#include <sys/socket.h>
2738#include <netdb.h>
58d100bf 2739 ],
2740 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2741 [ ac_cv_have_struct_addrinfo="yes" ],
2742 [ ac_cv_have_struct_addrinfo="no" ]
2743 )
2744])
2745if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3466e002 2746 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2747 [define if you have struct addrinfo data type])
58d100bf 2748fi
2749
89c7e31c 2750AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2751 AC_TRY_COMPILE(
aff51935 2752 [ #include <sys/time.h> ],
2753 [ struct timeval tv; tv.tv_sec = 1;],
89c7e31c 2754 [ ac_cv_have_struct_timeval="yes" ],
2755 [ ac_cv_have_struct_timeval="no" ]
2756 )
2757])
2758if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3466e002 2759 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
89c7e31c 2760 have_struct_timeval=1
2761fi
2762
5271b55c 2763AC_CHECK_TYPES(struct timespec)
2764
85abc74b 2765# We need int64_t or else certian parts of the compile will fail.
4b492aab 2766if test "x$ac_cv_have_int64_t" = "xno" && \
2767 test "x$ac_cv_sizeof_long_int" != "x8" && \
2768 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
85abc74b 2769 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2770 echo "an alternative compiler (I.E., GCC) before continuing."
2771 echo ""
2772 exit 1;
733cf7f4 2773else
2774dnl test snprintf (broken on SCO w/gcc)
1a01a50c 2775 AC_RUN_IFELSE(
479cece8 2776 [AC_LANG_SOURCE([[
733cf7f4 2777#include <stdio.h>
2778#include <string.h>
2779#ifdef HAVE_SNPRINTF
2780main()
2781{
2782 char buf[50];
2783 char expected_out[50];
2784 int mazsize = 50 ;
2785#if (SIZEOF_LONG_INT == 8)
2786 long int num = 0x7fffffffffffffff;
2787#else
763a1a18 2788 long long num = 0x7fffffffffffffffll;
733cf7f4 2789#endif
2790 strcpy(expected_out, "9223372036854775807");
2791 snprintf(buf, mazsize, "%lld", num);
2792 if(strcmp(buf, expected_out) != 0)
aff51935 2793 exit(1);
733cf7f4 2794 exit(0);
2795}
2796#else
2797main() { exit(0); }
2798#endif
479cece8 2799 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
1a01a50c 2800 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
733cf7f4 2801 )
2c523de9 2802fi
2803
77bb0bca 2804dnl Checks for structure members
58d100bf 2805OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2806OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2807OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2808OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2809OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
25422c70 2810OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
58d100bf 2811OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2812OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
daaff4d5 2813OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
58d100bf 2814OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2815OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2816OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2817OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1d7b9b20 2818OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2819OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2820OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2821OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
98a7c37b 2822
2823AC_CHECK_MEMBERS([struct stat.st_blksize])
ccc45ee0 2824AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2825 [Define if we don't have struct __res_state in resolv.h])],
2826[
2827#include <stdio.h>
2828#if HAVE_SYS_TYPES_H
2829# include <sys/types.h>
2830#endif
2831#include <netinet/in.h>
2832#include <arpa/nameser.h>
2833#include <resolv.h>
2834])
1d7b9b20 2835
58d100bf 2836AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2837 ac_cv_have_ss_family_in_struct_ss, [
2838 AC_TRY_COMPILE(
2839 [
18ba2aab 2840#include <sys/types.h>
2841#include <sys/socket.h>
58d100bf 2842 ],
2843 [ struct sockaddr_storage s; s.ss_family = 1; ],
2844 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2845 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2846 )
2847])
2848if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3466e002 2849 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
58d100bf 2850fi
2851
58d100bf 2852AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2853 ac_cv_have___ss_family_in_struct_ss, [
2854 AC_TRY_COMPILE(
2855 [
18ba2aab 2856#include <sys/types.h>
2857#include <sys/socket.h>
58d100bf 2858 ],
2859 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2860 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2861 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2862 )
2863])
2864if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3466e002 2865 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2866 [Fields in struct sockaddr_storage])
58d100bf 2867fi
2868
2e73a022 2869AC_CACHE_CHECK([for pw_class field in struct passwd],
2870 ac_cv_have_pw_class_in_struct_passwd, [
2871 AC_TRY_COMPILE(
2872 [
2e73a022 2873#include <pwd.h>
2874 ],
97994d32 2875 [ struct passwd p; p.pw_class = 0; ],
2e73a022 2876 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2877 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2878 )
2879])
2880if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3466e002 2881 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2882 [Define if your password has a pw_class field])
2e73a022 2883fi
2884
7751d4eb 2885AC_CACHE_CHECK([for pw_expire field in struct passwd],
2886 ac_cv_have_pw_expire_in_struct_passwd, [
2887 AC_TRY_COMPILE(
2888 [
2889#include <pwd.h>
2890 ],
2891 [ struct passwd p; p.pw_expire = 0; ],
2892 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2893 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2894 )
2895])
2896if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3466e002 2897 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2898 [Define if your password has a pw_expire field])
7751d4eb 2899fi
2900
2901AC_CACHE_CHECK([for pw_change field in struct passwd],
2902 ac_cv_have_pw_change_in_struct_passwd, [
2903 AC_TRY_COMPILE(
2904 [
2905#include <pwd.h>
2906 ],
2907 [ struct passwd p; p.pw_change = 0; ],
2908 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2909 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2910 )
2911])
2912if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3466e002 2913 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2914 [Define if your password has a pw_change field])
7751d4eb 2915fi
58d100bf 2916
637f9177 2917dnl make sure we're using the real structure members and not defines
6f34652e 2918AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2919 ac_cv_have_accrights_in_msghdr, [
1a01a50c 2920 AC_COMPILE_IFELSE(
6f34652e 2921 [
f95c8ce8 2922#include <sys/types.h>
6f34652e 2923#include <sys/socket.h>
2924#include <sys/uio.h>
637f9177 2925int main() {
2926#ifdef msg_accrights
1a01a50c 2927#error "msg_accrights is a macro"
637f9177 2928exit(1);
2929#endif
2930struct msghdr m;
2931m.msg_accrights = 0;
2932exit(0);
2933}
6f34652e 2934 ],
6f34652e 2935 [ ac_cv_have_accrights_in_msghdr="yes" ],
2936 [ ac_cv_have_accrights_in_msghdr="no" ]
2937 )
2938])
2939if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3466e002 2940 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2941 [Define if your system uses access rights style
2942 file descriptor passing])
6f34652e 2943fi
2944
7176df4f 2945AC_CACHE_CHECK([for msg_control field in struct msghdr],
2946 ac_cv_have_control_in_msghdr, [
1a01a50c 2947 AC_COMPILE_IFELSE(
7176df4f 2948 [
f95c8ce8 2949#include <sys/types.h>
7176df4f 2950#include <sys/socket.h>
2951#include <sys/uio.h>
637f9177 2952int main() {
2953#ifdef msg_control
1a01a50c 2954#error "msg_control is a macro"
637f9177 2955exit(1);
2956#endif
2957struct msghdr m;
2958m.msg_control = 0;
2959exit(0);
2960}
7176df4f 2961 ],
7176df4f 2962 [ ac_cv_have_control_in_msghdr="yes" ],
2963 [ ac_cv_have_control_in_msghdr="no" ]
2964 )
2965])
2966if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3466e002 2967 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2968 [Define if your system uses ancillary data style
2969 file descriptor passing])
7176df4f 2970fi
2971
58d100bf 2972AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
aff51935 2973 AC_TRY_LINK([],
2974 [ extern char *__progname; printf("%s", __progname); ],
58d100bf 2975 [ ac_cv_libc_defines___progname="yes" ],
2976 [ ac_cv_libc_defines___progname="no" ]
2977 )
2978])
2979if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3466e002 2980 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
58d100bf 2981fi
8946db53 2982
c921ee00 2983AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2984 AC_TRY_LINK([
2985#include <stdio.h>
aff51935 2986],
2987 [ printf("%s", __FUNCTION__); ],
c921ee00 2988 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2989 [ ac_cv_cc_implements___FUNCTION__="no" ]
2990 )
2991])
2992if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3466e002 2993 AC_DEFINE(HAVE___FUNCTION__, 1,
2994 [Define if compiler implements __FUNCTION__])
c921ee00 2995fi
2996
2997AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2998 AC_TRY_LINK([
2999#include <stdio.h>
aff51935 3000],
3001 [ printf("%s", __func__); ],
c921ee00 3002 [ ac_cv_cc_implements___func__="yes" ],
3003 [ ac_cv_cc_implements___func__="no" ]
3004 )
3005])
3006if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3466e002 3007 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
c921ee00 3008fi
3009
9a406e1e 3010AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3011 AC_TRY_LINK(
3012 [#include <stdarg.h>
3013 va_list x,y;],
3014 [va_copy(x,y);],
3015 [ ac_cv_have_va_copy="yes" ],
3016 [ ac_cv_have_va_copy="no" ]
3017 )
3018])
3019if test "x$ac_cv_have_va_copy" = "xyes" ; then
3020 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3021fi
3022
3023AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3024 AC_TRY_LINK(
3025 [#include <stdarg.h>
3026 va_list x,y;],
3027 [__va_copy(x,y);],
3028 [ ac_cv_have___va_copy="yes" ],
3029 [ ac_cv_have___va_copy="no" ]
3030 )
3031])
3032if test "x$ac_cv_have___va_copy" = "xyes" ; then
3033 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3034fi
3035
1812a662 3036AC_CACHE_CHECK([whether getopt has optreset support],
3037 ac_cv_have_getopt_optreset, [
3038 AC_TRY_LINK(
3039 [
3040#include <getopt.h>
3041 ],
3042 [ extern int optreset; optreset = 0; ],
3043 [ ac_cv_have_getopt_optreset="yes" ],
3044 [ ac_cv_have_getopt_optreset="no" ]
3045 )
3046])
3047if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3466e002 3048 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3049 [Define if your getopt(3) defines and uses optreset])
1812a662 3050fi
a0391976 3051
819b676f 3052AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
aff51935 3053 AC_TRY_LINK([],
3054 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
819b676f 3055 [ ac_cv_libc_defines_sys_errlist="yes" ],
3056 [ ac_cv_libc_defines_sys_errlist="no" ]
3057 )
3058])
3059if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3466e002 3060 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3061 [Define if your system defines sys_errlist[]])
819b676f 3062fi
3063
3064
416ed5a7 3065AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
aff51935 3066 AC_TRY_LINK([],
3067 [ extern int sys_nerr; printf("%i", sys_nerr);],
416ed5a7 3068 [ ac_cv_libc_defines_sys_nerr="yes" ],
3069 [ ac_cv_libc_defines_sys_nerr="no" ]
3070 )
3071])
3072if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3466e002 3073 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
416ed5a7 3074fi
3075
aff51935 3076SCARD_MSG="no"
295c8801 3077# Check whether user wants sectok support
3078AC_ARG_WITH(sectok,
3079 [ --with-sectok Enable smartcard support using libsectok],
d0b19c95 3080 [
3081 if test "x$withval" != "xno" ; then
3082 if test "x$withval" != "xyes" ; then
3083 CPPFLAGS="$CPPFLAGS -I${withval}"
3084 LDFLAGS="$LDFLAGS -L${withval}"
3085 if test ! -z "$need_dash_r" ; then
3086 LDFLAGS="$LDFLAGS -R${withval}"
3087 fi
3088 if test ! -z "$blibpath" ; then
3089 blibpath="$blibpath:${withval}"
3090 fi
3091 fi
3092 AC_CHECK_HEADERS(sectok.h)
3093 if test "$ac_cv_header_sectok_h" != yes; then
3094 AC_MSG_ERROR(Can't find sectok.h)
3095 fi
3096 AC_CHECK_LIB(sectok, sectok_open)
3097 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3098 AC_MSG_ERROR(Can't find libsectok)
3099 fi
3466e002 3100 AC_DEFINE(SMARTCARD, 1,
3101 [Define if you want smartcard support])
3102 AC_DEFINE(USE_SECTOK, 1,
3103 [Define if you want smartcard support
3104 using sectok])
aff51935 3105 SCARD_MSG="yes, using sectok"
295c8801 3106 fi
3107 ]
3108)
3109
3110# Check whether user wants OpenSC support
987b458f 3111OPENSC_CONFIG="no"
295c8801 3112AC_ARG_WITH(opensc,
e47fb473 3113 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
987b458f 3114 [
3115 if test "x$withval" != "xno" ; then
3116 if test "x$withval" != "xyes" ; then
3117 OPENSC_CONFIG=$withval/bin/opensc-config
3118 else
3119 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3120 fi
3121 if test "$OPENSC_CONFIG" != "no"; then
3122 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3123 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3124 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
530456f4 3125 LIBS="$LIBS $LIBOPENSC_LIBS"
987b458f 3126 AC_DEFINE(SMARTCARD)
3466e002 3127 AC_DEFINE(USE_OPENSC, 1,
3128 [Define if you want smartcard support
3129 using OpenSC])
987b458f 3130 SCARD_MSG="yes, using OpenSC"
3131 fi
3132 fi
3133 ]
3134)
d0b19c95 3135
c31dc31c 3136# Check libraries needed by DNS fingerprint support
aff51935 3137AC_SEARCH_LIBS(getrrsetbyname, resolv,
3466e002 3138 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3139 [Define if getrrsetbyname() exists])],
3e05e934 3140 [
c31dc31c 3141 # Needed by our getrrsetbyname()
3142 AC_SEARCH_LIBS(res_query, resolv)
3143 AC_SEARCH_LIBS(dn_expand, resolv)
dabb524a 3144 AC_MSG_CHECKING(if res_query will link)
3145 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3146 [AC_MSG_RESULT(no)
3147 saved_LIBS="$LIBS"
3148 LIBS="$LIBS -lresolv"
3149 AC_MSG_CHECKING(for res_query in -lresolv)
3150 AC_LINK_IFELSE([
3151#include <resolv.h>
3152int main()
3153{
3154 res_query (0, 0, 0, 0, 0);
3155 return 0;
3156}
3157 ],
3158 [LIBS="$LIBS -lresolv"
3159 AC_MSG_RESULT(yes)],
3160 [LIBS="$saved_LIBS"
3161 AC_MSG_RESULT(no)])
3162 ])
c31dc31c 3163 AC_CHECK_FUNCS(_getshort _getlong)
1c829da5 3164 AC_CHECK_DECLS([_getshort, _getlong], , ,
b5765e1d 3165 [#include <sys/types.h>
3166 #include <arpa/nameser.h>])
c31dc31c 3167 AC_CHECK_MEMBER(HEADER.ad,
3466e002 3168 [AC_DEFINE(HAVE_HEADER_AD, 1,
3169 [Define if HEADER.ad exists in arpa/nameser.h])],,
c31dc31c 3170 [#include <arpa/nameser.h>])
3171 ])
3e05e934 3172
560acf80 3173AC_MSG_CHECKING(if struct __res_state _res is an extern)
3174AC_LINK_IFELSE([
3175#include <stdio.h>
3176#if HAVE_SYS_TYPES_H
3177# include <sys/types.h>
3178#endif
3179#include <netinet/in.h>
3180#include <arpa/nameser.h>
3181#include <resolv.h>
3182extern struct __res_state _res;
3183int main() { return 0; }
3184 ],
3185 [AC_MSG_RESULT(yes)
3186 AC_DEFINE(HAVE__RES_EXTERN, 1,
3187 [Define if you have struct __res_state _res as an extern])
3188 ],
3189 [ AC_MSG_RESULT(no) ]
3190)
3191
ef4d1846 3192# Check whether user wants SELinux support
3193SELINUX_MSG="no"
3194LIBSELINUX=""
3195AC_ARG_WITH(selinux,
3196 [ --with-selinux Enable SELinux support],
3197 [ if test "x$withval" != "xno" ; then
e54defb4 3198 save_LIBS="$LIBS"
ef4d1846 3199 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3200 SELINUX_MSG="yes"
3201 AC_CHECK_HEADER([selinux/selinux.h], ,
3202 AC_MSG_ERROR(SELinux support requires selinux.h header))
3203 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3204 AC_MSG_ERROR(SELinux support requires libselinux library))
e54defb4 3205 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
ef4d1846 3206 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
5ba277eb 3207 LIBS="$save_LIBS"
ef4d1846 3208 fi ]
3209)
ef4d1846 3210
12928e80 3211# Check whether user wants Kerberos 5 support
aff51935 3212KRB5_MSG="no"
12928e80 3213AC_ARG_WITH(kerberos5,
aff51935 3214 [ --with-kerberos5=PATH Enable Kerberos 5 support],
5585c441 3215 [ if test "x$withval" != "xno" ; then
3216 if test "x$withval" = "xyes" ; then
3217 KRB5ROOT="/usr/local"
3218 else
3219 KRB5ROOT=${withval}
3220 fi
3221
3466e002 3222 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
5585c441 3223 KRB5_MSG="yes"
3224
3225 AC_MSG_CHECKING(for krb5-config)
3226 if test -x $KRB5ROOT/bin/krb5-config ; then
3227 KRB5CONF=$KRB5ROOT/bin/krb5-config
3228 AC_MSG_RESULT($KRB5CONF)
3229
3230 AC_MSG_CHECKING(for gssapi support)
3231 if $KRB5CONF | grep gssapi >/dev/null ; then
3232 AC_MSG_RESULT(yes)
3466e002 3233 AC_DEFINE(GSSAPI, 1,
3234 [Define this if you want GSSAPI
3235 support in the version 2 protocol])
071970fb 3236 k5confopts=gssapi
aff51935 3237 else
5585c441 3238 AC_MSG_RESULT(no)
071970fb 3239 k5confopts=""
aff51935 3240 fi
071970fb 3241 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3242 K5LIBS="`$KRB5CONF --libs $k5confopts`"
5585c441 3243 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
5585c441 3244 AC_MSG_CHECKING(whether we are using Heimdal)
3245 AC_TRY_COMPILE([ #include <krb5.h> ],
3246 [ char *tmp = heimdal_version; ],
3247 [ AC_MSG_RESULT(yes)
3466e002 3248 AC_DEFINE(HEIMDAL, 1,
3249 [Define this if you are using the
3250 Heimdal version of Kerberos V5]) ],
5585c441 3251 AC_MSG_RESULT(no)
3252 )
3253 else
3254 AC_MSG_RESULT(no)
12928e80 3255 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
aff51935 3256 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
aff51935 3257 AC_MSG_CHECKING(whether we are using Heimdal)
3258 AC_TRY_COMPILE([ #include <krb5.h> ],
3259 [ char *tmp = heimdal_version; ],
3260 [ AC_MSG_RESULT(yes)
3261 AC_DEFINE(HEIMDAL)
41707f74 3262 K5LIBS="-lkrb5 -ldes"
3263 K5LIBS="$K5LIBS -lcom_err -lasn1"
82f4e93d 3264 AC_CHECK_LIB(roken, net_write,
41707f74 3265 [K5LIBS="$K5LIBS -lroken"])
aff51935 3266 ],
3267 [ AC_MSG_RESULT(no)
3268 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3269 ]
3270 )
4e00038c 3271 AC_SEARCH_LIBS(dn_expand, resolv)
12928e80 3272
749560dd 3273 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3274 [ AC_DEFINE(GSSAPI)
3275 K5LIBS="-lgssapi $K5LIBS" ],
3276 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3277 [ AC_DEFINE(GSSAPI)
aff51935 3278 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
749560dd 3279 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3280 $K5LIBS)
3281 ],
3282 $K5LIBS)
82f4e93d 3283
749560dd 3284 AC_CHECK_HEADER(gssapi.h, ,
3285 [ unset ac_cv_header_gssapi_h
aff51935 3286 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
749560dd 3287 AC_CHECK_HEADERS(gssapi.h, ,
3288 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
aff51935 3289 )
749560dd 3290 ]
3291 )
3292
3293 oldCPP="$CPPFLAGS"
3294 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3295 AC_CHECK_HEADER(gssapi_krb5.h, ,
3296 [ CPPFLAGS="$oldCPP" ])
3297
aff51935 3298 fi
5585c441 3299 if test ! -z "$need_dash_r" ; then
3300 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3301 fi
3302 if test ! -z "$blibpath" ; then
3303 blibpath="$blibpath:${KRB5ROOT}/lib"
3304 fi
071970fb 3305
f5555364 3306 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3307 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3308 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
071970fb 3309
f5555364 3310 LIBS="$LIBS $K5LIBS"
3466e002 3311 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3312 [Define this if you want to use libkafs' AFS support]))
f5555364 3313 fi
071970fb 3314 ]
12928e80 3315)
b5b68128 3316
a0391976 3317# Looking for programs, paths and files
a0391976 3318
ecac8ee5 3319PRIVSEP_PATH=/var/empty
3320AC_ARG_WITH(privsep-path,
cda1ebcb 3321 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
ecac8ee5 3322 [
6cf0200f 3323 if test -n "$withval" && test "x$withval" != "xno" && \
3324 test "x${withval}" != "xyes"; then
ecac8ee5 3325 PRIVSEP_PATH=$withval
3326 fi
3327 ]
3328)
3329AC_SUBST(PRIVSEP_PATH)
3330
a0391976 3331AC_ARG_WITH(xauth,
3332 [ --with-xauth=PATH Specify path to xauth program ],
3333 [
6cf0200f 3334 if test -n "$withval" && test "x$withval" != "xno" && \
3335 test "x${withval}" != "xyes"; then
cbd7492e 3336 xauth_path=$withval
a0391976 3337 fi
3338 ],
3339 [
2bf42e4a 3340 TestPath="$PATH"
3341 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3342 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3343 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3344 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3345 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
e5fe9a1f 3346 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
a0391976 3347 xauth_path="/usr/openwin/bin/xauth"
3348 fi
3349 ]
3350)
3351
65a4b4af 3352STRIP_OPT=-s
3353AC_ARG_ENABLE(strip,
3354 [ --disable-strip Disable calling strip(1) on install],
3355 [
3356 if test "x$enableval" = "xno" ; then
3357 STRIP_OPT=
3358 fi
3359 ]
3360)
3361AC_SUBST(STRIP_OPT)
3362
b3ec54b4 3363if test -z "$xauth_path" ; then
3364 XAUTH_PATH="undefined"
3365 AC_SUBST(XAUTH_PATH)
3366else
3466e002 3367 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3368 [Define if xauth is found in your path])
b3ec54b4 3369 XAUTH_PATH=$xauth_path
3370 AC_SUBST(XAUTH_PATH)
a0391976 3371fi
a0391976 3372
3373# Check for mail directory (last resort if we cannot get it from headers)
3374if test ! -z "$MAIL" ; then
3375 maildir=`dirname $MAIL`
3466e002 3376 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3377 [Set this to your mail directory if you don't have maillock.h])
a0391976 3378fi
3379
479cece8 3380if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
1a01a50c 3381 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3382 disable_ptmx_check=yes
3383fi
a0391976 3384if test -z "$no_dev_ptmx" ; then
6e879cb4 3385 if test "x$disable_ptmx_check" != "xyes" ; then
aff51935 3386 AC_CHECK_FILE("/dev/ptmx",
6e879cb4 3387 [
3466e002 3388 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3389 [Define if you have /dev/ptmx])
6e879cb4 3390 have_dev_ptmx=1
3391 ]
3392 )
3393 fi
3276571c 3394fi
1a01a50c 3395
479cece8 3396if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
1a01a50c 3397 AC_CHECK_FILE("/dev/ptc",
3398 [
3466e002 3399 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3400 [Define if you have /dev/ptc])
1a01a50c 3401 have_dev_ptc=1
3402 ]
3403 )
3404else
3405 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3406fi
3276571c 3407
a0391976 3408# Options from here on. Some of these are preset by platform above
fdf6b7aa 3409AC_ARG_WITH(mantype,
5d97cfbf 3410 [ --with-mantype=man|cat|doc Set man page type],
c54a6257 3411 [
5d97cfbf 3412 case "$withval" in
3413 man|cat|doc)
3414 MANTYPE=$withval
3415 ;;
3416 *)
3417 AC_MSG_ERROR(invalid man type: $withval)
3418 ;;
3419 esac
c54a6257 3420 ]
3421)
e0c4d3ac 3422if test -z "$MANTYPE"; then
2bf42e4a 3423 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3424 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
e0c4d3ac 3425 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3426 MANTYPE=doc
3427 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3428 MANTYPE=man
3429 else
3430 MANTYPE=cat
3431 fi
3432fi
c54a6257 3433AC_SUBST(MANTYPE)
e0c4d3ac 3434if test "$MANTYPE" = "doc"; then
3435 mansubdir=man;
3436else
3437 mansubdir=$MANTYPE;
3438fi
3439AC_SUBST(mansubdir)
0bc5b6fb 3440
a0391976 3441# Check whether to enable MD5 passwords
aff51935 3442MD5_MSG="no"
2ddcfdf3 3443AC_ARG_WITH(md5-passwords,
caf3bc51 3444 [ --with-md5-passwords Enable use of MD5 passwords],
0bc5b6fb 3445 [
bcf36c78 3446 if test "x$withval" != "xno" ; then
3466e002 3447 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3448 [Define if you want to allow MD5 passwords])
aff51935 3449 MD5_MSG="yes"
0bc5b6fb 3450 fi
3451 ]
caf3bc51 3452)
3453
a0391976 3454# Whether to disable shadow password support
a7effaac 3455AC_ARG_WITH(shadow,
3456 [ --without-shadow Disable shadow password support],
3457 [
82f4e93d 3458 if test "x$withval" = "xno" ; then
a7effaac 3459 AC_DEFINE(DISABLE_SHADOW)
4cb5ffa0 3460 disable_shadow=yes
a7effaac 3461 fi
3462 ]
3463)
3464
4cb5ffa0 3465if test -z "$disable_shadow" ; then
3466 AC_MSG_CHECKING([if the systems has expire shadow information])
3467 AC_TRY_COMPILE(
3468 [
3469#include <sys/types.h>
3470#include <shadow.h>
3471 struct spwd sp;
3472 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3473 [ sp_expire_available=yes ], []
3474 )
3475
3476 if test "x$sp_expire_available" = "xyes" ; then
3477 AC_MSG_RESULT(yes)
3466e002 3478 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3479 [Define if you want to use shadow password expire field])
4cb5ffa0 3480 else
3481 AC_MSG_RESULT(no)
3482 fi
3483fi
3484
a0391976 3485# Use ip address instead of hostname in $DISPLAY
44839801 3486if test ! -z "$IPADDR_IN_DISPLAY" ; then
3487 DISPLAY_HACK_MSG="yes"
3466e002 3488 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3489 [Define if you need to use IP address
3490 instead of hostname in $DISPLAY])
44839801 3491else
aff51935 3492 DISPLAY_HACK_MSG="no"
44839801 3493 AC_ARG_WITH(ipaddr-display,
3494 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3495 [
82f4e93d 3496 if test "x$withval" != "xno" ; then
44839801 3497 AC_DEFINE(IPADDR_IN_DISPLAY)
aff51935 3498 DISPLAY_HACK_MSG="yes"
44839801 3499 fi
3500 ]
3501 )
3502fi
a7effaac 3503
95b99395 3504# check for /etc/default/login and use it if present.
daa41e62 3505AC_ARG_ENABLE(etc-default-login,
6ff3d0dc 3506 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
694d0cef 3507 [ if test "x$enableval" = "xno"; then
3508 AC_MSG_NOTICE([/etc/default/login handling disabled])
3509 etc_default_login=no
3510 else
3511 etc_default_login=yes
3512 fi ],
b0e7249f 3513 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3514 then
3515 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3516 etc_default_login=no
3517 else
3518 etc_default_login=yes
3519 fi ]
694d0cef 3520)
95b99395 3521
694d0cef 3522if test "x$etc_default_login" != "xno"; then
3523 AC_CHECK_FILE("/etc/default/login",
3524 [ external_path_file=/etc/default/login ])
b0e7249f 3525 if test "x$external_path_file" = "x/etc/default/login"; then
3466e002 3526 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3527 [Define if your system has /etc/default/login])
1a01a50c 3528 fi
694d0cef 3529fi
95b99395 3530
8d184c09 3531dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4b492aab 3532if test $ac_cv_func_login_getcapbool = "yes" && \
3533 test $ac_cv_header_login_cap_h = "yes" ; then
95b99395 3534 external_path_file=/etc/login.conf
8d184c09 3535fi
95b99395 3536
a0391976 3537# Whether to mess with the default path
aff51935 3538SERVER_PATH_MSG="(default)"
c43d69a9 3539AC_ARG_WITH(default-path,
75817f90 3540 [ --with-default-path= Specify default \$PATH environment for server],
cb807f40 3541 [
95b99395 3542 if test "x$external_path_file" = "x/etc/login.conf" ; then
8d184c09 3543 AC_MSG_WARN([
3544--with-default-path=PATH has no effect on this system.
3545Edit /etc/login.conf instead.])
82f4e93d 3546 elif test "x$withval" != "xno" ; then
89bbd457 3547 if test ! -z "$external_path_file" ; then
95b99395 3548 AC_MSG_WARN([
3549--with-default-path=PATH will only be used if PATH is not defined in
3550$external_path_file .])
3551 fi
b2d818e6 3552 user_path="$withval"
aff51935 3553 SERVER_PATH_MSG="$withval"
cb807f40 3554 fi
b2d818e6 3555 ],
95b99395 3556 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3557 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
8d184c09 3558 else
89bbd457 3559 if test ! -z "$external_path_file" ; then
95b99395 3560 AC_MSG_WARN([
3561If PATH is defined in $external_path_file, ensure the path to scp is included,
3562otherwise scp will not work.])
3563 fi
b0e7249f 3564 AC_RUN_IFELSE(
3565 [AC_LANG_SOURCE([[
b2d818e6 3566/* find out what STDPATH is */
3567#include <stdio.h>
b2d818e6 3568#ifdef HAVE_PATHS_H
3569# include <paths.h>
3570#endif
3571#ifndef _PATH_STDPATH
d9a4e55b 3572# ifdef _PATH_USERPATH /* Irix */
3573# define _PATH_STDPATH _PATH_USERPATH
3574# else
3575# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3576# endif
b2d818e6 3577#endif
3578#include <sys/types.h>
3579#include <sys/stat.h>
3580#include <fcntl.h>
3581#define DATA "conftest.stdpath"
3582
3583main()
3584{
3585 FILE *fd;
3586 int rc;
82f4e93d 3587
b2d818e6 3588 fd = fopen(DATA,"w");
3589 if(fd == NULL)
3590 exit(1);
82f4e93d 3591
b2d818e6 3592 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3593 exit(1);
3594
3595 exit(0);
3596}
b0e7249f 3597 ]])],
3598 [ user_path=`cat conftest.stdpath` ],
b2d818e6 3599 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3600 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3601 )
3602# make sure $bindir is in USER_PATH so scp will work
3603 t_bindir=`eval echo ${bindir}`
3604 case $t_bindir in
3605 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3606 esac
3607 case $t_bindir in
3608 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3609 esac
3610 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3611 if test $? -ne 0 ; then
3612 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3613 if test $? -ne 0 ; then
3614 user_path=$user_path:$t_bindir
3615 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3616 fi
3617 fi
8d184c09 3618 fi ]
cb807f40 3619)
95b99395 3620if test "x$external_path_file" != "x/etc/login.conf" ; then
3466e002 3621 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
8d184c09 3622 AC_SUBST(user_path)
3623fi
cb807f40 3624
06617857 3625# Set superuser path separately to user path
06617857 3626AC_ARG_WITH(superuser-path,
3627 [ --with-superuser-path= Specify different path for super-user],
3628 [
6cf0200f 3629 if test -n "$withval" && test "x$withval" != "xno" && \
3630 test "x${withval}" != "xyes"; then
3466e002 3631 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3632 [Define if you want a different $PATH
3633 for the superuser])
06617857 3634 superuser_path=$withval
3635 fi
3636 ]
3637)
3638
3639
58d100bf 3640AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
aff51935 3641IPV4_IN6_HACK_MSG="no"
80faa19f 3642AC_ARG_WITH(4in6,
3643 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3644 [
3645 if test "x$withval" != "xno" ; then
3646 AC_MSG_RESULT(yes)
3466e002 3647 AC_DEFINE(IPV4_IN_IPV6, 1,
3648 [Detect IPv4 in IPv6 mapped addresses
3649 and treat as IPv4])
aff51935 3650 IPV4_IN6_HACK_MSG="yes"
80faa19f 3651 else
3652 AC_MSG_RESULT(no)
3653 fi
3654 ],[
3655 if test "x$inet6_default_4in6" = "xyes"; then
3656 AC_MSG_RESULT([yes (default)])
3657 AC_DEFINE(IPV4_IN_IPV6)
aff51935 3658 IPV4_IN6_HACK_MSG="yes"
80faa19f 3659 else
3660 AC_MSG_RESULT([no (default)])
3661 fi
3662 ]
3663)
3664
af774732 3665# Whether to enable BSD auth support
f1b0ecc3 3666BSD_AUTH_MSG=no
af774732 3667AC_ARG_WITH(bsd-auth,
3668 [ --with-bsd-auth Enable BSD auth support],
3669 [
82f4e93d 3670 if test "x$withval" != "xno" ; then
3466e002 3671 AC_DEFINE(BSD_AUTH, 1,
3672 [Define if you have BSD auth support])
f1b0ecc3 3673 BSD_AUTH_MSG=yes
af774732 3674 fi
3675 ]
3676)
3677
a0391976 3678# Where to place sshd.pid
19d9ac2a 3679piddir=/var/run
81dadca3 3680# make sure the directory exists
82f4e93d 3681if test ! -d $piddir ; then
81dadca3 3682 piddir=`eval echo ${sysconfdir}`
3683 case $piddir in
aff51935 3684 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
81dadca3 3685 esac
3686fi
3687
47e45e44 3688AC_ARG_WITH(pid-dir,
3689 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3690 [
6cf0200f 3691 if test -n "$withval" && test "x$withval" != "xno" && \
3692 test "x${withval}" != "xyes"; then
19d9ac2a 3693 piddir=$withval
82f4e93d 3694 if test ! -d $piddir ; then
81dadca3 3695 AC_MSG_WARN([** no $piddir directory on this system **])
3696 fi
47e45e44 3697 fi
3698 ]
3699)
b7a87eea 3700
3466e002 3701AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
19d9ac2a 3702AC_SUBST(piddir)
47e45e44 3703
1d7b9b20 3704dnl allow user to disable some login recording features
3705AC_ARG_ENABLE(lastlog,
bfd550a2 3706 [ --disable-lastlog disable use of lastlog even if detected [no]],
ddb154b3 3707 [
3708 if test "x$enableval" = "xno" ; then
3709 AC_DEFINE(DISABLE_LASTLOG)
3710 fi
3711 ]
1d7b9b20 3712)
3713AC_ARG_ENABLE(utmp,
bfd550a2 3714 [ --disable-utmp disable use of utmp even if detected [no]],
ddb154b3 3715 [
3716 if test "x$enableval" = "xno" ; then
3717 AC_DEFINE(DISABLE_UTMP)
3718 fi
3719 ]
1d7b9b20 3720)
3721AC_ARG_ENABLE(utmpx,
bfd550a2 3722 [ --disable-utmpx disable use of utmpx even if detected [no]],
ddb154b3 3723 [
3724 if test "x$enableval" = "xno" ; then
3466e002 3725 AC_DEFINE(DISABLE_UTMPX, 1,
3726 [Define if you don't want to use utmpx])
ddb154b3 3727 fi
3728 ]
1d7b9b20 3729)
3730AC_ARG_ENABLE(wtmp,
bfd550a2 3731 [ --disable-wtmp disable use of wtmp even if detected [no]],
ddb154b3 3732 [
3733 if test "x$enableval" = "xno" ; then
3734 AC_DEFINE(DISABLE_WTMP)
3735 fi
3736 ]
1d7b9b20 3737)
3738AC_ARG_ENABLE(wtmpx,
bfd550a2 3739 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
ddb154b3 3740 [
3741 if test "x$enableval" = "xno" ; then
3466e002 3742 AC_DEFINE(DISABLE_WTMPX, 1,
3743 [Define if you don't want to use wtmpx])
ddb154b3 3744 fi
3745 ]
1d7b9b20 3746)
3747AC_ARG_ENABLE(libutil,
bfd550a2 3748 [ --disable-libutil disable use of libutil (login() etc.) [no]],
ddb154b3 3749 [
3750 if test "x$enableval" = "xno" ; then
3751 AC_DEFINE(DISABLE_LOGIN)
3752 fi
3753 ]
1d7b9b20 3754)
3755AC_ARG_ENABLE(pututline,
bfd550a2 3756 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
ddb154b3 3757 [
3758 if test "x$enableval" = "xno" ; then
3466e002 3759 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3760 [Define if you don't want to use pututline()
3761 etc. to write [uw]tmp])
ddb154b3 3762 fi
3763 ]
1d7b9b20 3764)
3765AC_ARG_ENABLE(pututxline,
bfd550a2 3766 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
ddb154b3 3767 [
3768 if test "x$enableval" = "xno" ; then
3466e002 3769 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3770 [Define if you don't want to use pututxline()
3771 etc. to write [uw]tmpx])
ddb154b3 3772 fi
3773 ]
1d7b9b20 3774)
3775AC_ARG_WITH(lastlog,
bfd550a2 3776 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
8c89dd2b 3777 [
82f4e93d 3778 if test "x$withval" = "xno" ; then
8c89dd2b 3779 AC_DEFINE(DISABLE_LASTLOG)
6cf0200f 3780 elif test -n "$withval" && test "x${withval}" != "xyes"; then
8c89dd2b 3781 conf_lastlog_location=$withval
3782 fi
3783 ]
3784)
1d7b9b20 3785
3786dnl lastlog, [uw]tmpx? detection
3787dnl NOTE: set the paths in the platform section to avoid the
3788dnl need for command-line parameters
3789dnl lastlog and [uw]tmp are subject to a file search if all else fails
3790
3791dnl lastlog detection
3792dnl NOTE: the code itself will detect if lastlog is a directory
3793AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3794AC_TRY_COMPILE([
3795#include <sys/types.h>
3796#include <utmp.h>
3797#ifdef HAVE_LASTLOG_H
3798# include <lastlog.h>
3799#endif
d7c0f3d5 3800#ifdef HAVE_PATHS_H
1d7b9b20 3801# include <paths.h>
41cb4569 3802#endif
3803#ifdef HAVE_LOGIN_H
3804# include <login.h>
1d7b9b20 3805#endif
3806 ],
3807 [ char *lastlog = LASTLOG_FILE; ],
3808 [ AC_MSG_RESULT(yes) ],
d7c0f3d5 3809 [
3810 AC_MSG_RESULT(no)
3811 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3812 AC_TRY_COMPILE([
3813#include <sys/types.h>
3814#include <utmp.h>
3815#ifdef HAVE_LASTLOG_H
3816# include <lastlog.h>
3817#endif
3818#ifdef HAVE_PATHS_H
3819# include <paths.h>
3820#endif
3821 ],
3822 [ char *lastlog = _PATH_LASTLOG; ],
3823 [ AC_MSG_RESULT(yes) ],
3824 [
f282b668 3825 AC_MSG_RESULT(no)
d7c0f3d5 3826 system_lastlog_path=no
3827 ])
3828 ]
1d7b9b20 3829)
d7c0f3d5 3830
1d7b9b20 3831if test -z "$conf_lastlog_location"; then
3832 if test x"$system_lastlog_path" = x"no" ; then
3833 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
e5fe9a1f 3834 if (test -d "$f" || test -f "$f") ; then
1d7b9b20 3835 conf_lastlog_location=$f
3836 fi
3837 done
3838 if test -z "$conf_lastlog_location"; then
f8119cef 3839 AC_MSG_WARN([** Cannot find lastlog **])
3840 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
1d7b9b20 3841 fi
3842 fi
3843fi
3844
3845if test -n "$conf_lastlog_location"; then
3466e002 3846 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3847 [Define if you want to specify the path to your lastlog file])
82f4e93d 3848fi
1d7b9b20 3849
3850dnl utmp detection
3851AC_MSG_CHECKING([if your system defines UTMP_FILE])
3852AC_TRY_COMPILE([
3853#include <sys/types.h>
3854#include <utmp.h>
d7c0f3d5 3855#ifdef HAVE_PATHS_H
1d7b9b20 3856# include <paths.h>
3857#endif
3858 ],
3859 [ char *utmp = UTMP_FILE; ],
3860 [ AC_MSG_RESULT(yes) ],
3861 [ AC_MSG_RESULT(no)
3862 system_utmp_path=no ]
3863)
3864if test -z "$conf_utmp_location"; then
3865 if test x"$system_utmp_path" = x"no" ; then
3866 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3867 if test -f $f ; then
3868 conf_utmp_location=$f
3869 fi
3870 done
3871 if test -z "$conf_utmp_location"; then
3872 AC_DEFINE(DISABLE_UTMP)
3873 fi
3874 fi
3875fi
3876if test -n "$conf_utmp_location"; then
3466e002 3877 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3878 [Define if you want to specify the path to your utmp file])
82f4e93d 3879fi
1d7b9b20 3880
3881dnl wtmp detection
3882AC_MSG_CHECKING([if your system defines WTMP_FILE])
3883AC_TRY_COMPILE([
3884#include <sys/types.h>
3885#include <utmp.h>
d7c0f3d5 3886#ifdef HAVE_PATHS_H
1d7b9b20 3887# include <paths.h>
3888#endif
3889 ],
3890 [ char *wtmp = WTMP_FILE; ],
3891 [ AC_MSG_RESULT(yes) ],
3892 [ AC_MSG_RESULT(no)
3893 system_wtmp_path=no ]
3894)
3895if test -z "$conf_wtmp_location"; then
3896 if test x"$system_wtmp_path" = x"no" ; then
3897 for f in /usr/adm/wtmp /var/log/wtmp; do
3898 if test -f $f ; then
3899 conf_wtmp_location=$f
3900 fi
3901 done
3902 if test -z "$conf_wtmp_location"; then
3903 AC_DEFINE(DISABLE_WTMP)
3904 fi
3905 fi
3906fi
3907if test -n "$conf_wtmp_location"; then
3466e002 3908 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3909 [Define if you want to specify the path to your wtmp file])
82f4e93d 3910fi
1d7b9b20 3911
3912
3913dnl utmpx detection - I don't know any system so perverse as to require
3914dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3915dnl there, though.
3916AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3917AC_TRY_COMPILE([
3918#include <sys/types.h>
3919#include <utmp.h>
3920#ifdef HAVE_UTMPX_H
3921#include <utmpx.h>
3922#endif
d7c0f3d5 3923#ifdef HAVE_PATHS_H
1d7b9b20 3924# include <paths.h>
3925#endif
3926 ],
3927 [ char *utmpx = UTMPX_FILE; ],
3928 [ AC_MSG_RESULT(yes) ],
3929 [ AC_MSG_RESULT(no)
3930 system_utmpx_path=no ]
3931)
3932if test -z "$conf_utmpx_location"; then
3933 if test x"$system_utmpx_path" = x"no" ; then
3934 AC_DEFINE(DISABLE_UTMPX)
3935 fi
3936else
3466e002 3937 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3938 [Define if you want to specify the path to your utmpx file])
82f4e93d 3939fi
1d7b9b20 3940
3941dnl wtmpx detection
3942AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3943AC_TRY_COMPILE([
3944#include <sys/types.h>
3945#include <utmp.h>
3946#ifdef HAVE_UTMPX_H
3947#include <utmpx.h>
3948#endif
d7c0f3d5 3949#ifdef HAVE_PATHS_H
1d7b9b20 3950# include <paths.h>
3951#endif
3952 ],
3953 [ char *wtmpx = WTMPX_FILE; ],
3954 [ AC_MSG_RESULT(yes) ],
3955 [ AC_MSG_RESULT(no)
3956 system_wtmpx_path=no ]
3957)
3958if test -z "$conf_wtmpx_location"; then
3959 if test x"$system_wtmpx_path" = x"no" ; then
3960 AC_DEFINE(DISABLE_WTMPX)
3961 fi
3962else
3466e002 3963 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3964 [Define if you want to specify the path to your wtmpx file])
82f4e93d 3965fi
1d7b9b20 3966
b7a87eea 3967
bd499f9e 3968if test ! -z "$blibpath" ; then
68ece370 3969 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3970 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
bd499f9e 3971fi
3972
ed89c848 3973dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3974dnl Add now.
3975CFLAGS="$CFLAGS $werror_flags"
3976
3c62e7eb 3977AC_EXEEXT
29eadd7c 3978AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3979 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3980 scard/Makefile ssh_prng_cmds survey.sh])
98a7c37b 3981AC_OUTPUT
d3083fbd 3982
cbd7492e 3983# Print summary of options
3984
cbd7492e 3985# Someone please show me a better way :)
3986A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3987B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3988C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3989D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
f5665f6f 3990E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
e0c4d3ac 3991F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
cbd7492e 3992G=`eval echo ${piddir}` ; G=`eval echo ${G}`
ecac8ee5 3993H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3994I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3995J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
cbd7492e 3996
3997echo ""
26de7942 3998echo "OpenSSH has been configured with the following options:"
ecac8ee5 3999echo " User binaries: $B"
4000echo " System binaries: $C"
4001echo " Configuration files: $D"
4002echo " Askpass program: $E"
4003echo " Manual pages: $F"
4004echo " PID file: $G"
4005echo " Privilege separation chroot path: $H"
95b99395 4006if test "x$external_path_file" = "x/etc/login.conf" ; then
4007echo " At runtime, sshd will use the path defined in $external_path_file"
4008echo " Make sure the path to scp is present, otherwise scp will not work"
8d184c09 4009else
ecac8ee5 4010echo " sshd default user PATH: $I"
89bbd457 4011 if test ! -z "$external_path_file"; then
95b99395 4012echo " (If PATH is set in $external_path_file it will be used instead. If"
4013echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4014 fi
8d184c09 4015fi
06617857 4016if test ! -z "$superuser_path" ; then
ecac8ee5 4017echo " sshd superuser user PATH: $J"
4018fi
4019echo " Manpage format: $MANTYPE"
3e05e934 4020echo " PAM support: $PAM_MSG"
5b84789f 4021echo " OSF SIA support: $SIA_MSG"
ecac8ee5 4022echo " KerberosV support: $KRB5_MSG"
ef4d1846 4023echo " SELinux support: $SELINUX_MSG"
ecac8ee5 4024echo " Smartcard support: $SCARD_MSG"
ecac8ee5 4025echo " S/KEY support: $SKEY_MSG"
4026echo " TCP Wrappers support: $TCPW_MSG"
4027echo " MD5 password support: $MD5_MSG"
59031773 4028echo " libedit support: $LIBEDIT_MSG"
5b84789f 4029echo " Solaris process contract support: $SPC_MSG"
3deb1408 4030echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
ecac8ee5 4031echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4032echo " BSD Auth support: $BSD_AUTH_MSG"
4033echo " Random number source: $RAND_MSG"
f1b0ecc3 4034if test ! -z "$USE_RAND_HELPER" ; then
ecac8ee5 4035echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
af774732 4036fi
4037
cbd7492e 4038echo ""
4039
0c2fb82f 4040echo " Host: ${host}"
4041echo " Compiler: ${CC}"
4042echo " Compiler flags: ${CFLAGS}"
4043echo "Preprocessor flags: ${CPPFLAGS}"
4044echo " Linker flags: ${LDFLAGS}"
e54defb4 4045echo " Libraries: ${LIBS}"
4046if test ! -z "${SSHDLIBS}"; then
4047echo " +for sshd: ${SSHDLIBS}"
4048fi
cbd7492e 4049
4050echo ""
4051
9cefe228 4052if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
b3146b5f 4053 echo "SVR4 style packages are supported with \"make package\""
4054 echo ""
9cefe228 4055fi
4056
adeebd37 4057if test "x$PAM_MSG" = "xyes" ; then
f1b0ecc3 4058 echo "PAM is enabled. You may need to install a PAM control file "
4059 echo "for sshd, otherwise password authentication may fail. "
aff51935 4060 echo "Example PAM control files can be found in the contrib/ "
f1b0ecc3 4061 echo "subdirectory"
adeebd37 4062 echo ""
4063fi
4064
f1b0ecc3 4065if test ! -z "$RAND_HELPER_CMDHASH" ; then
4066 echo "WARNING: you are using the builtin random number collection "
4067 echo "service. Please read WARNING.RNG and request that your OS "
4068 echo "vendor includes kernel-based random number collection in "
4069 echo "future versions of your OS."
2c523de9 4070 echo ""
4071fi
af774732 4072
2f6f9cff 4073if test ! -z "$NO_PEERCHECK" ; then
1961d660 4074 echo "WARNING: the operating system that you are using does not"
4075 echo "appear to support getpeereid(), getpeerucred() or the"
4076 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4077 echo "enforce security checks to prevent unauthorised connections to"
4078 echo "ssh-agent. Their absence increases the risk that a malicious"
4079 echo "user can connect to your agent."
2f6f9cff 4080 echo ""
4081fi
4082
7b578f7d 4083if test "$AUDIT_MODULE" = "bsm" ; then
4084 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4085 echo "See the Solaris section in README.platform for details."
4086fi
git-cvsimport mirror of OpenSSH
This page took 1.335935 seconds and 5 git commands to generate.