]> andersk Git - openssh.git/blame - configure.ac
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- djm@cvs.openbsd.org 2007/06/19 02:04:43
[openssh.git] / configure.ac
CommitLineData
eb5d7ff6 1# $Id$
2b983b95 2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
0b202697 16
76e6410a 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
823221b2 18AC_REVISION($Revision$)
98a7c37b 19AC_CONFIG_SRCDIR([ssh.c])
5881cd60 20
21AC_CONFIG_HEADER(config.h)
b14b2ae7 22AC_PROG_CC
a7effaac 23AC_CANONICAL_HOST
cf0c5df5 24AC_C_BIGENDIAN
5881cd60 25
a0391976 26# Checks for programs.
4bbf95fa 27AC_PROG_AWK
4cca272e 28AC_PROG_CPP
5881cd60 29AC_PROG_RANLIB
cf8dd513 30AC_PROG_INSTALL
c9ecc3c7 31AC_PROG_EGREP
bee0a37e 32AC_PATH_PROG(AR, ar)
ddd8c95b 33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
13dd877b 35AC_PATH_PROGS(PERL, perl5 perl)
c3690df3 36AC_PATH_PROG(SED, sed)
a0f84251 37AC_SUBST(PERL)
ad85db64 38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
6958bd37 40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
6193497b 43AC_PATH_PROG(SH, sh)
a3245b92 44AC_SUBST(TEST_SHELL,sh)
f498ed15 45
9cefe228 46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
eeb27c78 52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
9cefe228 57
948fd8b9 58# System features
59AC_SYS_LARGEFILE
60
c193d002 61if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
2e73a022 65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
3466e002 67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
2e73a022 70else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76fi
77
37656beb 78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
3466e002 80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
37656beb 82fi
83
d423d822 84if test -z "$LD" ; then
85 LD=$CC
86fi
87AC_SUBST(LD)
82f4e93d 88
d423d822 89AC_C_INLINE
dfafb2e1 90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
aff51935 93if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
af40ca44 94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
eeee8237 95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
5fdabf45 96 case $GCC_VER in
0b9fdeb8 97 1.*) no_attrib_nonnull=1 ;;
98 2.8* | 2.9*)
99 CFLAGS="$CFLAGS -Wsign-compare"
100 no_attrib_nonnull=1
101 ;;
102 2.*) no_attrib_nonnull=1 ;;
dbf07ba2 103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
cd595991 104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 *) ;;
5fdabf45 106 esac
8a3ff1aa 107
dfafb2e1 108 if test -z "$have_llong_max"; then
109 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
110 unset ac_cv_have_decl_LLONG_MAX
111 saved_CFLAGS="$CFLAGS"
112 CFLAGS="$CFLAGS -std=gnu99"
113 AC_CHECK_DECL(LLONG_MAX,
114 [have_llong_max=1],
115 [CFLAGS="$saved_CFLAGS"],
116 [#include <limits.h>]
117 )
118 fi
d423d822 119fi
120
0b9fdeb8 121if test "x$no_attrib_nonnull" != "x1" ; then
122 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
123fi
124
e6354014 125AC_ARG_WITH(rpath,
126 [ --without-rpath Disable auto-added -R linker paths],
127 [
82f4e93d 128 if test "x$withval" = "xno" ; then
e6354014 129 need_dash_r=""
130 fi
131 if test "x$withval" = "xyes" ; then
132 need_dash_r=1
133 fi
134 ]
135)
136
aa56f760 137# Allow user to specify flags
138AC_ARG_WITH(cflags,
139 [ --with-cflags Specify additional flags to pass to compiler],
140 [
141 if test -n "$withval" && test "x$withval" != "xno" && \
142 test "x${withval}" != "xyes"; then
143 CFLAGS="$CFLAGS $withval"
144 fi
145 ]
146)
147AC_ARG_WITH(cppflags,
148 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
149 [
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CPPFLAGS="$CPPFLAGS $withval"
153 fi
154 ]
155)
156AC_ARG_WITH(ldflags,
157 [ --with-ldflags Specify additional flags to pass to linker],
158 [
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 LDFLAGS="$LDFLAGS $withval"
162 fi
163 ]
164)
165AC_ARG_WITH(libs,
166 [ --with-libs Specify additional libraries to link with],
167 [
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LIBS="$LIBS $withval"
171 fi
172 ]
173)
174AC_ARG_WITH(Werror,
175 [ --with-Werror Build main code with -Werror],
176 [
177 if test -n "$withval" && test "x$withval" != "xno"; then
178 werror_flags="-Werror"
179 if test "x${withval}" != "xyes"; then
180 werror_flags="$withval"
181 fi
182 fi
183 ]
184)
185
186AC_CHECK_HEADERS( \
187 bstring.h \
188 crypt.h \
189 crypto/sha2.h \
190 dirent.h \
191 endian.h \
192 features.h \
193 fcntl.h \
194 floatingpoint.h \
195 getopt.h \
196 glob.h \
197 ia.h \
198 iaf.h \
199 limits.h \
200 login.h \
201 maillock.h \
202 ndir.h \
203 net/if_tun.h \
204 netdb.h \
205 netgroup.h \
206 pam/pam_appl.h \
207 paths.h \
208 pty.h \
209 readpassphrase.h \
210 rpc/types.h \
211 security/pam_appl.h \
212 sha2.h \
213 shadow.h \
214 stddef.h \
215 stdint.h \
216 string.h \
217 strings.h \
218 sys/audit.h \
219 sys/bitypes.h \
220 sys/bsdtty.h \
221 sys/cdefs.h \
222 sys/dir.h \
223 sys/mman.h \
224 sys/ndir.h \
225 sys/prctl.h \
226 sys/pstat.h \
227 sys/select.h \
228 sys/stat.h \
229 sys/stream.h \
230 sys/stropts.h \
231 sys/strtio.h \
232 sys/sysmacros.h \
233 sys/time.h \
234 sys/timers.h \
235 sys/un.h \
236 time.h \
237 tmpdir.h \
238 ttyent.h \
40701614 239 ucred.h \
aa56f760 240 unistd.h \
241 usersec.h \
242 util.h \
243 utime.h \
244 utmp.h \
245 utmpx.h \
246 vis.h \
247)
248
249# lastlog.h requires sys/time.h to be included first on Solaris
250AC_CHECK_HEADERS(lastlog.h, [], [], [
251#ifdef HAVE_SYS_TIME_H
252# include <sys/time.h>
253#endif
254])
255
256# sys/ptms.h requires sys/stream.h to be included first on Solaris
257AC_CHECK_HEADERS(sys/ptms.h, [], [], [
258#ifdef HAVE_SYS_STREAM_H
259# include <sys/stream.h>
260#endif
261])
262
263# login_cap.h requires sys/types.h on NetBSD
264AC_CHECK_HEADERS(login_cap.h, [], [], [
265#include <sys/types.h>
266])
267
5b84789f 268# Messages for features tested for in target-specific section
269SIA_MSG="no"
270SPC_MSG="no"
271
a0391976 272# Check for some target-specific stuff
a7effaac 273case "$host" in
9d6b1b96 274*-*-aix*)
25a2779b 275 # Some versions of VAC won't allow macro redefinitions at
276 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
277 # particularly with older versions of vac or xlc.
278 # It also throws errors about null macro argments, but these are
279 # not fatal.
280 AC_MSG_CHECKING(if compiler allows macro redefinitions)
281 AC_COMPILE_IFELSE(
282 [AC_LANG_SOURCE([[
283#define testmacro foo
284#define testmacro bar
285int main(void) { exit(0); }
286 ]])],
287 [ AC_MSG_RESULT(yes) ],
288 [ AC_MSG_RESULT(no)
289 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
290 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
291 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
292 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
293 ]
294 )
295
aff51935 296 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
68ece370 297 if (test -z "$blibpath"); then
0a15d73b 298 blibpath="/usr/lib:/lib"
68ece370 299 fi
300 saved_LDFLAGS="$LDFLAGS"
e7479666 301 if test "$GCC" = "yes"; then
302 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
303 else
304 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
305 fi
306 for tryflags in $flags ;do
68ece370 307 if (test -z "$blibflags"); then
308 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
309 AC_TRY_LINK([], [], [blibflags=$tryflags])
310 fi
311 done
312 if (test -z "$blibflags"); then
313 AC_MSG_RESULT(not found)
314 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
315 else
316 AC_MSG_RESULT($blibflags)
bd499f9e 317 fi
68ece370 318 LDFLAGS="$saved_LDFLAGS"
e351e493 319 dnl Check for authenticate. Might be in libs.a on older AIXes
3466e002 320 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
321 [Define if you want to enable AIX4's authenticate function])],
0764e748 322 [AC_CHECK_LIB(s,authenticate,
e351e493 323 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
0764e748 324 LIBS="$LIBS -ls"
325 ])
326 ])
ba603e06 327 dnl Check for various auth function declarations in headers.
c85ed8e2 328 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
72ad335d 329 passwdexpired, setauthdb], , , [#include <usersec.h>])
e351e493 330 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
ba603e06 331 AC_CHECK_DECLS(loginfailed,
e351e493 332 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
333 AC_TRY_COMPILE(
f58c0e01 334 [#include <usersec.h>],
e351e493 335 [(void)loginfailed("user","host","tty",0);],
336 [AC_MSG_RESULT(yes)
3466e002 337 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
338 [Define if your AIX loginfailed() function
339 takes 4 arguments (AIX >= 5.2)])],
f58c0e01 340 [AC_MSG_RESULT(no)]
e351e493 341 )],
342 [],
343 [#include <usersec.h>]
344 )
2aa3a16c 345 AC_CHECK_FUNCS(setauthdb)
53c337ed 346 AC_CHECK_DECL(F_CLOSEM,
795e7517 347 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
53c337ed 348 [],
349 [ #include <limits.h>
350 #include <fcntl.h> ]
351 )
5ccf88cb 352 check_for_aix_broken_getaddrinfo=1
3466e002 353 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
354 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
355 [Define if your platform breaks doing a seteuid before a setuid])
356 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
357 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
a3cef3ca 358 dnl AIX handles lastlog as part of its login message
3466e002 359 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
360 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
361 [Some systems need a utmpx entry for /bin/login to work])
362 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
363 [Define to a Set Process Title type if your system is
364 supported by bsd-setproctitle.c])
961c2997 365 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
366 [AIX 5.2 and 5.3 (and presumably newer) require this])
ea8c44d9 367 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
9d6b1b96 368 ;;
3c62e7eb 369*-*-cygwin*)
a52997bd 370 check_for_libcrypt_later=1
04765d02 371 LIBS="$LIBS /usr/lib/textreadmode.o"
3466e002 372 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
373 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
374 AC_DEFINE(DISABLE_SHADOW, 1,
375 [Define if you want to disable shadow passwords])
376 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
377 [Define if your system choked on IP TOS setting])
378 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
379 [Define if X11 doesn't support AF_UNIX sockets on that system])
380 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
381 [Define if the concept of ports only accessible to
382 superusers isn't known])
383 AC_DEFINE(DISABLE_FD_PASSING, 1,
384 [Define if your platform needs to skip post auth
385 file descriptor passing])
3c62e7eb 386 ;;
d6fdb079 387*-*-dgux*)
388 AC_DEFINE(IP_TOS_IS_BROKEN)
0c6a72a5 389 AC_DEFINE(SETEUID_BREAKS_SETUID)
390 AC_DEFINE(BROKEN_SETREUID)
391 AC_DEFINE(BROKEN_SETREGID)
d6fdb079 392 ;;
39c98ef7 393*-*-darwin*)
33e2e066 394 AC_MSG_CHECKING(if we have working getaddrinfo)
395 AC_TRY_RUN([#include <mach-o/dyld.h>
396main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
397 exit(0);
398 else
399 exit(1);
400}], [AC_MSG_RESULT(working)],
401 [AC_MSG_RESULT(buggy)
3466e002 402 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
b27e573d 403 [AC_MSG_RESULT(assume it is working)])
635e0c42 404 AC_DEFINE(SETEUID_BREAKS_SETUID)
405 AC_DEFINE(BROKEN_SETREUID)
406 AC_DEFINE(BROKEN_SETREGID)
3466e002 407 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
408 [Define if your resolver libs need this for getrrsetbyname])
e02505e2 409 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
410 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
411 [Use tunnel device compatibility to OpenBSD])
412 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
413 [Prepend the address family to IP tunnel traffic])
39c98ef7 414 ;;
36f36ba3 415*-*-dragonfly*)
416 SSHDLIBS="$SSHDLIBS -lcrypt"
417 ;;
7d458c86 418*-*-hpux*)
419 # first we define all of the options common to all HP-UX releases
b8fea62d 420 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
44839801 421 IPADDR_IN_DISPLAY=yes
2b10f47a 422 AC_DEFINE(USE_PIPES)
3466e002 423 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
424 [Define if your login program cannot handle end of options ("--")])
a2572aa7 425 AC_DEFINE(LOGIN_NEEDS_UTMPX)
3466e002 426 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
427 [String used in /etc/passwd to denote locked account])
3a2b2b44 428 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
83f987c3 429 MAIL="/var/mail/username"
f75ca46d 430 LIBS="$LIBS -lsec"
7d458c86 431 AC_CHECK_LIB(xnet, t_error, ,
432 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
433
434 # next, we define all of the options specific to major releases
435 case "$host" in
436 *-*-hpux10*)
437 if test -z "$GCC"; then
438 CFLAGS="$CFLAGS -Ae"
439 fi
440 ;;
441 *-*-hpux11*)
3466e002 442 AC_DEFINE(PAM_SUN_CODEBASE, 1,
443 [Define if you are using Solaris-derived PAM which
444 passes pam_messages to the conversation function
445 with an extra level of indirection])
446 AC_DEFINE(DISABLE_UTMP, 1,
447 [Define if you don't want to use utmp])
7d458c86 448 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
449 check_for_hpux_broken_getaddrinfo=1
450 check_for_conflicting_getspnam=1
451 ;;
452 esac
453
454 # lastly, we define options specific to minor releases
455 case "$host" in
456 *-*-hpux10.26)
3466e002 457 AC_DEFINE(HAVE_SECUREWARE, 1,
458 [Define if you have SecureWare-based
459 protected password database])
7d458c86 460 disable_ptmx_check=yes
461 LIBS="$LIBS -lsecpw"
462 ;;
463 esac
2b763e31 464 ;;
d94aa2ae 465*-*-irix5*)
6ac7829a 466 PATH="$PATH:/usr/etc"
3466e002 467 AC_DEFINE(BROKEN_INET_NTOA, 1,
468 [Define if you system's inet_ntoa is busted
469 (e.g. Irix gcc issue)])
cb433561 470 AC_DEFINE(SETEUID_BREAKS_SETUID)
471 AC_DEFINE(BROKEN_SETREUID)
472 AC_DEFINE(BROKEN_SETREGID)
3466e002 473 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
474 [Define if you shouldn't strip 'tty' from your
475 ttyname in [uw]tmp])
3e6e3da0 476 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
b9795b89 477 ;;
478*-*-irix6*)
6ac7829a 479 PATH="$PATH:/usr/etc"
3466e002 480 AC_DEFINE(WITH_IRIX_ARRAY, 1,
481 [Define if you have/want arrays
482 (cluster-wide session managment, not C arrays)])
483 AC_DEFINE(WITH_IRIX_PROJECT, 1,
484 [Define if you want IRIX project management])
485 AC_DEFINE(WITH_IRIX_AUDIT, 1,
486 [Define if you want IRIX audit trails])
487 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
488 [Define if you want IRIX kernel jobs])])
416ed5a7 489 AC_DEFINE(BROKEN_INET_NTOA)
412c0eaa 490 AC_DEFINE(SETEUID_BREAKS_SETUID)
491 AC_DEFINE(BROKEN_SETREUID)
492 AC_DEFINE(BROKEN_SETREGID)
3466e002 493 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
0e8f4eba 494 AC_DEFINE(WITH_ABBREV_NO_TTY)
3e6e3da0 495 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
d94aa2ae 496 ;;
5cdfe03f 497*-*-linux*)
498 no_dev_ptmx=1
717057b6 499 check_for_libcrypt_later=1
eacb954e 500 check_for_openpty_ctty_bug=1
3466e002 501 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
502 AC_DEFINE(PAM_TTY_KLUDGE, 1,
503 [Work around problematic Linux PAM modules handling of PAM_TTY])
504 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
505 [String used in /etc/passwd to denote locked account])
3a2b2b44 506 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
3466e002 507 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
508 [Define to whatever link() returns for "not supported"
509 if it doesn't return EOPNOTSUPP.])
b6610e8f 510 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
3466e002 511 AC_DEFINE(USE_BTMP)
80faa19f 512 inet6_default_4in6=yes
bf7c1e6c 513 case `uname -r` in
ad84c479 514 1.*|2.0.*)
3466e002 515 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
516 [Define if cmsg_type is not passed correctly])
bf7c1e6c 517 ;;
bf7c1e6c 518 esac
c40f09ca 519 # tun(4) forwarding compat code
d91775e1 520 AC_CHECK_HEADERS(linux/if_tun.h)
b5081213 521 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
c40f09ca 522 AC_DEFINE(SSH_TUN_LINUX, 1,
523 [Open tunnel devices the Linux tun/tap way])
524 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
525 [Use tunnel device compatibility to OpenBSD])
526 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
527 [Prepend the address family to IP tunnel traffic])
528 fi
5cdfe03f 529 ;;
66d6c27e 530mips-sony-bsd|mips-sony-newsos4)
4b2cf3f1 531 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
66d6c27e 532 SONY=1
66d6c27e 533 ;;
d468fc76 534*-*-netbsd*)
33e2e066 535 check_for_libcrypt_before=1
82f4e93d 536 if test "x$withval" != "xno" ; then
e6354014 537 need_dash_r=1
538 fi
0f6cb079 539 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
540 AC_CHECK_HEADER([net/if_tap.h], ,
541 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
542 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
543 [Prepend the address family to IP tunnel traffic])
d468fc76 544 ;;
86b416a7 545*-*-freebsd*)
546 check_for_libcrypt_later=1
988c5031 547 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
0f6cb079 548 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
549 AC_CHECK_HEADER([net/if_tap.h], ,
550 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
86b416a7 551 ;;
8707b7eb 552*-*-bsdi*)
553 AC_DEFINE(SETEUID_BREAKS_SETUID)
554 AC_DEFINE(BROKEN_SETREUID)
555 AC_DEFINE(BROKEN_SETREGID)
556 ;;
729bfe59 557*-next-*)
729bfe59 558 conf_lastlog_location="/usr/adm/lastlog"
698d107e 559 conf_utmp_location=/etc/utmp
560 conf_wtmp_location=/usr/adm/wtmp
561 MAIL=/usr/spool/mail
3466e002 562 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
443172c4 563 AC_DEFINE(BROKEN_REALPATH)
00937921 564 AC_DEFINE(USE_PIPES)
3466e002 565 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
729bfe59 566 ;;
5b7b5e23 567*-*-openbsd*)
568 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
8034a348 569 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
0f6cb079 570 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
c79c4814 571 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
572 [syslog_r function is safe to use in in a signal handler])
5b7b5e23 573 ;;
9d6b1b96 574*-*-solaris*)
82f4e93d 575 if test "x$withval" != "xno" ; then
010e9d5b 576 need_dash_r=1
577 fi
adeebd37 578 AC_DEFINE(PAM_SUN_CODEBASE)
7e2d5fa4 579 AC_DEFINE(LOGIN_NEEDS_UTMPX)
3466e002 580 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
581 [Some versions of /bin/login need the TERM supplied
582 on the commandline])
7f0a4ff1 583 AC_DEFINE(PAM_TTY_KLUDGE)
3466e002 584 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
585 [Define if pam_chauthtok wants real uid set
586 to the unpriv'ed user])
3e6e3da0 587 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
ad84c479 588 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
3466e002 589 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
590 [Define if sshd somehow reacquires a controlling TTY
591 after setsid()])
795aa5f5 592 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
593 in case the name is longer than 8 chars])
95b99395 594 external_path_file=/etc/default/login
1d7b9b20 595 # hardwire lastlog location (can't detect it on some versions)
596 conf_lastlog_location="/var/adm/lastlog"
32c80420 597 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
598 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
599 if test "$sol2ver" -ge 8; then
600 AC_MSG_RESULT(yes)
601 AC_DEFINE(DISABLE_UTMP)
3466e002 602 AC_DEFINE(DISABLE_WTMP, 1,
603 [Define if you don't want to use wtmp])
32c80420 604 else
605 AC_MSG_RESULT(no)
606 fi
5b84789f 607 AC_ARG_WITH(solaris-contracts,
608 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
609 [
610 AC_CHECK_LIB(contract, ct_tmpl_activate,
611 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
612 [Define if you have Solaris process contracts])
613 SSHDLIBS="$SSHDLIBS -lcontract"
614 AC_SUBST(SSHDLIBS)
615 SPC_MSG="yes" ], )
616 ],
617 )
9d6b1b96 618 ;;
a423beaf 619*-*-sunos4*)
0c2fb82f 620 CPPFLAGS="$CPPFLAGS -DSUNOS4"
a423beaf 621 AC_CHECK_FUNCS(getpwanam)
adeebd37 622 AC_DEFINE(PAM_SUN_CODEBASE)
32eec038 623 conf_utmp_location=/etc/utmp
624 conf_wtmp_location=/var/adm/wtmp
625 conf_lastlog_location=/var/adm/lastlog
137d7b6c 626 AC_DEFINE(USE_PIPES)
a423beaf 627 ;;
6f68f28a 628*-ncr-sysv*)
98a7c37b 629 LIBS="$LIBS -lc89"
29525240 630 AC_DEFINE(USE_PIPES)
eabb99c6 631 AC_DEFINE(SSHD_ACQUIRES_CTTY)
6fb3618d 632 AC_DEFINE(SETEUID_BREAKS_SETUID)
633 AC_DEFINE(BROKEN_SETREUID)
634 AC_DEFINE(BROKEN_SETREGID)
6f68f28a 635 ;;
132dd316 636*-sni-sysv*)
c8c15bcb 637 # /usr/ucblib MUST NOT be searched on ReliantUNIX
e2798e96 638 AC_CHECK_LIB(dl, dlsym, ,)
d08db6d1 639 # -lresolv needs to be at the end of LIBS or DNS lookups break
640 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
9548d6c8 641 IPADDR_IN_DISPLAY=yes
642 AC_DEFINE(USE_PIPES)
132dd316 643 AC_DEFINE(IP_TOS_IS_BROKEN)
605369bb 644 AC_DEFINE(SETEUID_BREAKS_SETUID)
645 AC_DEFINE(BROKEN_SETREUID)
646 AC_DEFINE(BROKEN_SETREGID)
eabb99c6 647 AC_DEFINE(SSHD_ACQUIRES_CTTY)
95b99395 648 external_path_file=/etc/default/login
c8c15bcb 649 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
650 # Attention: always take care to bind libsocket and libnsl before libc,
651 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
132dd316 652 ;;
79a7ba96 653# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
77bb0bca 654*-*-sysv4.2*)
ed6553e2 655 AC_DEFINE(USE_PIPES)
7ed101c0 656 AC_DEFINE(SETEUID_BREAKS_SETUID)
657 AC_DEFINE(BROKEN_SETREUID)
658 AC_DEFINE(BROKEN_SETREGID)
46f853b9 659 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
e45da4d6 660 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
77bb0bca 661 ;;
79a7ba96 662# UnixWare 7.x, OpenUNIX 8
77bb0bca 663*-*-sysv5*)
d7d2cc6e 664 check_for_libcrypt_later=1
665 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
ed6553e2 666 AC_DEFINE(USE_PIPES)
7ed101c0 667 AC_DEFINE(SETEUID_BREAKS_SETUID)
668 AC_DEFINE(BROKEN_SETREUID)
669 AC_DEFINE(BROKEN_SETREGID)
3466e002 670 AC_DEFINE(PASSWD_NEEDS_USERNAME)
822015dd 671 case "$host" in
672 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
673 TEST_SHELL=/u95/bin/sh
3466e002 674 AC_DEFINE(BROKEN_LIBIAF, 1,
675 [ia_uinfo routines not supported by OS yet])
5cc6ddad 676 AC_DEFINE(BROKEN_UPDWTMPX)
822015dd 677 ;;
e45da4d6 678 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
679 ;;
822015dd 680 esac
77bb0bca 681 ;;
9d6b1b96 682*-*-sysv*)
9d6b1b96 683 ;;
79a7ba96 684# SCO UNIX and OEM versions of SCO UNIX
77bb0bca 685*-*-sco3.2v4*)
11cf4f1f 686 AC_MSG_ERROR("This Platform is no longer supported.")
77bb0bca 687 ;;
79a7ba96 688# SCO OpenServer 5.x
77bb0bca 689*-*-sco3.2v5*)
21710e39 690 if test -z "$GCC"; then
691 CFLAGS="$CFLAGS -belf"
692 fi
ed6553e2 693 LIBS="$LIBS -lprot -lx -ltinfo -lm"
509b1f88 694 no_dev_ptmx=1
ed6553e2 695 AC_DEFINE(USE_PIPES)
6e879cb4 696 AC_DEFINE(HAVE_SECUREWARE)
d287c664 697 AC_DEFINE(DISABLE_SHADOW)
94d8258b 698 AC_DEFINE(DISABLE_FD_PASSING)
7ed101c0 699 AC_DEFINE(SETEUID_BREAKS_SETUID)
700 AC_DEFINE(BROKEN_SETREUID)
701 AC_DEFINE(BROKEN_SETREGID)
bcebad47 702 AC_DEFINE(WITH_ABBREV_NO_TTY)
34f2baf0 703 AC_DEFINE(BROKEN_UPDWTMPX)
3466e002 704 AC_DEFINE(PASSWD_NEEDS_USERNAME)
aca75d94 705 AC_CHECK_FUNCS(getluid setluid)
533875af 706 MANTYPE=man
a3245b92 707 TEST_SHELL=ksh
509b1f88 708 ;;
ccbb983c 709*-*-unicosmk*)
3466e002 710 AC_DEFINE(NO_SSH_LASTLOG, 1,
711 [Define if you don't want to use lastlog in session.c])
c1ad5966 712 AC_DEFINE(SETEUID_BREAKS_SETUID)
713 AC_DEFINE(BROKEN_SETREUID)
714 AC_DEFINE(BROKEN_SETREGID)
ccbb983c 715 AC_DEFINE(USE_PIPES)
716 AC_DEFINE(DISABLE_FD_PASSING)
717 LDFLAGS="$LDFLAGS"
718 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
719 MANTYPE=cat
d262b7f2 720 ;;
7b9a8c6e 721*-*-unicosmp*)
c1ad5966 722 AC_DEFINE(SETEUID_BREAKS_SETUID)
723 AC_DEFINE(BROKEN_SETREUID)
724 AC_DEFINE(BROKEN_SETREGID)
7b9a8c6e 725 AC_DEFINE(WITH_ABBREV_NO_TTY)
726 AC_DEFINE(USE_PIPES)
727 AC_DEFINE(DISABLE_FD_PASSING)
728 LDFLAGS="$LDFLAGS"
c1ad5966 729 LIBS="$LIBS -lgen -lacid -ldb"
7b9a8c6e 730 MANTYPE=cat
731 ;;
ca5c7d6a 732*-*-unicos*)
c1ad5966 733 AC_DEFINE(SETEUID_BREAKS_SETUID)
734 AC_DEFINE(BROKEN_SETREUID)
735 AC_DEFINE(BROKEN_SETREGID)
ca5c7d6a 736 AC_DEFINE(USE_PIPES)
94d8258b 737 AC_DEFINE(DISABLE_FD_PASSING)
ef51930f 738 AC_DEFINE(NO_SSH_LASTLOG)
ccbb983c 739 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
740 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
741 MANTYPE=cat
a704dd54 742 ;;
4d33e531 743*-dec-osf*)
99c8ddac 744 AC_MSG_CHECKING(for Digital Unix SIA)
745 no_osfsia=""
746 AC_ARG_WITH(osfsia,
747 [ --with-osfsia Enable Digital Unix SIA],
748 [
749 if test "x$withval" = "xno" ; then
750 AC_MSG_RESULT(disabled)
751 no_osfsia=1
752 fi
753 ],
754 )
755 if test -z "$no_osfsia" ; then
4d33e531 756 if test -f /etc/sia/matrix.conf; then
757 AC_MSG_RESULT(yes)
3466e002 758 AC_DEFINE(HAVE_OSF_SIA, 1,
759 [Define if you have Digital Unix Security
760 Integration Architecture])
761 AC_DEFINE(DISABLE_LOGIN, 1,
762 [Define if you don't want to use your
763 system's login() call])
58d0df4e 764 AC_DEFINE(DISABLE_FD_PASSING)
4d33e531 765 LIBS="$LIBS -lsecurity -ldb -lm -laud"
5b84789f 766 SIA_MSG="yes"
4d33e531 767 else
768 AC_MSG_RESULT(no)
3466e002 769 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
770 [String used in /etc/passwd to denote locked account])
4d33e531 771 fi
772 fi
a6e67b60 773 AC_DEFINE(BROKEN_GETADDRINFO)
f4f2ff4f 774 AC_DEFINE(SETEUID_BREAKS_SETUID)
08da2d08 775 AC_DEFINE(BROKEN_SETREUID)
776 AC_DEFINE(BROKEN_SETREGID)
4d33e531 777 ;;
41cb4569 778
9c54c067 779*-*-nto-qnx*)
41cb4569 780 AC_DEFINE(USE_PIPES)
781 AC_DEFINE(NO_X11_UNIX_SOCKETS)
3466e002 782 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
783 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
784 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
9c54c067 785 AC_DEFINE(DISABLE_LASTLOG)
49c64dd6 786 AC_DEFINE(SSHD_ACQUIRES_CTTY)
0c7e8877 787 enable_etc_default_login=no # has incompatible /etc/default/login
41cb4569 788 ;;
35fc74ed 789
790*-*-ultrix*)
3466e002 791 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
792 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
4b2cf3f1 793 AC_DEFINE(NEED_SETPGRP)
b5765e1d 794 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
795 ;;
157b6700 796
797*-*-lynxos)
798 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
3466e002 799 AC_DEFINE(MISSING_HOWMANY)
157b6700 800 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
801 ;;
a7effaac 802esac
803
c5829391 804AC_MSG_CHECKING(compiler and flags for sanity)
479cece8 805AC_RUN_IFELSE(
806 [AC_LANG_SOURCE([
c5829391 807#include <stdio.h>
808int main(){exit(0);}
479cece8 809 ])],
c5829391 810 [ AC_MSG_RESULT(yes) ],
811 [
812 AC_MSG_RESULT(no)
813 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1a01a50c 814 ],
815 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
c5829391 816)
817
b04a9f8c 818dnl Checks for header files.
a0391976 819# Checks for libraries.
98a7c37b 820AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
821AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
2c523de9 822
446227d6 823dnl IRIX and Solaris 2.5.1 have dirname() in libgen
824AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
825 AC_CHECK_LIB(gen, dirname,[
826 AC_CACHE_CHECK([for broken dirname],
827 ac_cv_have_broken_dirname, [
828 save_LIBS="$LIBS"
829 LIBS="$LIBS -lgen"
b0e7249f 830 AC_RUN_IFELSE(
831 [AC_LANG_SOURCE([[
446227d6 832#include <libgen.h>
833#include <string.h>
834
835int main(int argc, char **argv) {
836 char *s, buf[32];
837
838 strncpy(buf,"/etc", 32);
839 s = dirname(buf);
840 if (!s || strncmp(s, "/", 32) != 0) {
841 exit(1);
842 } else {
843 exit(0);
844 }
845}
b0e7249f 846 ]])],
847 [ ac_cv_have_broken_dirname="no" ],
848 [ ac_cv_have_broken_dirname="yes" ],
446227d6 849 [ ac_cv_have_broken_dirname="no" ],
446227d6 850 )
851 LIBS="$save_LIBS"
852 ])
853 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
854 LIBS="$LIBS -lgen"
855 AC_DEFINE(HAVE_DIRNAME)
856 AC_CHECK_HEADERS(libgen.h)
857 fi
858 ])
859])
860
861AC_CHECK_FUNC(getspnam, ,
862 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
3466e002 863AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
864 [Define if you have the basename function.]))
446227d6 865
98a7c37b 866dnl zlib is required
867AC_ARG_WITH(zlib,
868 [ --with-zlib=PATH Use zlib in PATH],
6dd05556 869 [ if test "x$withval" = "xno" ; then
870 AC_MSG_ERROR([*** zlib is required ***])
871 elif test "x$withval" != "xyes"; then
98a7c37b 872 if test -d "$withval/lib"; then
873 if test -n "${need_dash_r}"; then
5a162955 874 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
98a7c37b 875 else
5a162955 876 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
98a7c37b 877 fi
878 else
879 if test -n "${need_dash_r}"; then
5a162955 880 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
98a7c37b 881 else
5a162955 882 LDFLAGS="-L${withval} ${LDFLAGS}"
98a7c37b 883 fi
884 fi
885 if test -d "$withval/include"; then
5a162955 886 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
98a7c37b 887 else
5a162955 888 CPPFLAGS="-I${withval} ${CPPFLAGS}"
98a7c37b 889 fi
6dd05556 890 fi ]
98a7c37b 891)
892
0a15d73b 893AC_CHECK_LIB(z, deflate, ,
894 [
895 saved_CPPFLAGS="$CPPFLAGS"
896 saved_LDFLAGS="$LDFLAGS"
897 save_LIBS="$LIBS"
898 dnl Check default zlib install dir
899 if test -n "${need_dash_r}"; then
900 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
901 else
902 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
903 fi
904 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
905 LIBS="$LIBS -lz"
906 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
907 [
908 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
909 ]
910 )
911 ]
912)
4ad65809 913AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
8068d564 914
915AC_ARG_WITH(zlib-version-check,
916 [ --without-zlib-version-check Disable zlib version check],
917 [ if test "x$withval" = "xno" ; then
918 zlib_check_nonfatal=1
919 fi
920 ]
921)
922
5c7fc85d 923AC_MSG_CHECKING(for possibly buggy zlib)
479cece8 924AC_RUN_IFELSE([AC_LANG_SOURCE([[
5c7fc85d 925#include <stdio.h>
4ad65809 926#include <zlib.h>
927int main()
928{
5c7fc85d 929 int a=0, b=0, c=0, d=0, n, v;
930 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
931 if (n != 3 && n != 4)
4ad65809 932 exit(1);
5c7fc85d 933 v = a*1000000 + b*10000 + c*100 + d;
934 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
935
936 /* 1.1.4 is OK */
937 if (a == 1 && b == 1 && c >= 4)
4ad65809 938 exit(0);
5c7fc85d 939
0072b59d 940 /* 1.2.3 and up are OK */
941 if (v >= 1020300)
5c7fc85d 942 exit(0);
943
4ad65809 944 exit(2);
945}
479cece8 946 ]])],
5c7fc85d 947 AC_MSG_RESULT(no),
948 [ AC_MSG_RESULT(yes)
8068d564 949 if test -z "$zlib_check_nonfatal" ; then
950 AC_MSG_ERROR([*** zlib too old - check config.log ***
951Your reported zlib version has known security problems. It's possible your
952vendor has fixed these problems without changing the version number. If you
953are sure this is the case, you can disable the check by running
954"./configure --without-zlib-version-check".
6090bcfe 955If you are in doubt, upgrade zlib to version 1.2.3 or greater.
5c7fc85d 956See http://www.gzip.org/zlib/ for details.])
8068d564 957 else
958 AC_MSG_WARN([zlib version may have security problems])
959 fi
1a01a50c 960 ],
961 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
4ad65809 962)
48e7916f 963
2c523de9 964dnl UnixWare 2.x
aff51935 965AC_CHECK_FUNC(strcasecmp,
2c523de9 966 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
967)
23361281 968AC_CHECK_FUNCS(utimes,
cda1ebcb 969 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
970 LIBS="$LIBS -lc89"]) ]
2c523de9 971)
4cca272e 972
7c6d759d 973dnl Checks for libutil functions
974AC_CHECK_HEADERS(libutil.h)
3466e002 975AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
976 [Define if your libraries define login()])])
7c6d759d 977AC_CHECK_FUNCS(logout updwtmp logwtmp)
978
a738c3b0 979AC_FUNC_STRFTIME
980
84ceda19 981# Check for ALTDIRFUNC glob() extension
982AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
983AC_EGREP_CPP(FOUNDIT,
984 [
985 #include <glob.h>
986 #ifdef GLOB_ALTDIRFUNC
987 FOUNDIT
988 #endif
aff51935 989 ],
84ceda19 990 [
3466e002 991 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
992 [Define if your system glob() function has
993 the GLOB_ALTDIRFUNC extension])
84ceda19 994 AC_MSG_RESULT(yes)
995 ],
996 [
997 AC_MSG_RESULT(no)
998 ]
999)
4cca272e 1000
40849fdb 1001# Check for g.gl_matchc glob() extension
1002AC_MSG_CHECKING(for gl_matchc field in glob_t)
d90b9f9a 1003AC_TRY_COMPILE(
13ff27b7 1004 [ #include <glob.h> ],
1005 [glob_t g; g.gl_matchc = 1;],
aff51935 1006 [
3466e002 1007 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1008 [Define if your system glob() function has
1009 gl_matchc options in glob_t])
aff51935 1010 AC_MSG_RESULT(yes)
1011 ],
1012 [
1013 AC_MSG_RESULT(no)
1014 ]
40849fdb 1015)
1016
78888bab 1017AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1018
edbe6722 1019AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1a01a50c 1020AC_RUN_IFELSE(
479cece8 1021 [AC_LANG_SOURCE([[
edbe6722 1022#include <sys/types.h>
1023#include <dirent.h>
aec4cb4f 1024int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
479cece8 1025 ]])],
aff51935 1026 [AC_MSG_RESULT(yes)],
edbe6722 1027 [
1028 AC_MSG_RESULT(no)
3466e002 1029 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
d08db6d1 1030 [Define if your struct dirent expects you to
3466e002 1031 allocate extra space for d_name])
1a01a50c 1032 ],
82f4e93d 1033 [
1a01a50c 1034 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1035 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
edbe6722 1036 ]
1037)
1038
419e26e7 1039AC_MSG_CHECKING([for /proc/pid/fd directory])
1040if test -d "/proc/$$/fd" ; then
3466e002 1041 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
419e26e7 1042 AC_MSG_RESULT(yes)
1043else
1044 AC_MSG_RESULT(no)
1045fi
1046
278588d8 1047# Check whether user wants S/Key support
aff51935 1048SKEY_MSG="no"
278588d8 1049AC_ARG_WITH(skey,
6ff3d0dc 1050 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
278588d8 1051 [
1052 if test "x$withval" != "xno" ; then
1053
1054 if test "x$withval" != "xyes" ; then
1055 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1056 LDFLAGS="$LDFLAGS -L${withval}/lib"
1057 fi
1058
3466e002 1059 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
278588d8 1060 LIBS="-lskey $LIBS"
aff51935 1061 SKEY_MSG="yes"
82f4e93d 1062
ddceb1c8 1063 AC_MSG_CHECKING([for s/key support])
b0e7249f 1064 AC_LINK_IFELSE(
1065 [AC_LANG_SOURCE([[
ddceb1c8 1066#include <stdio.h>
1067#include <skey.h>
aec4cb4f 1068int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
b0e7249f 1069 ]])],
ddceb1c8 1070 [AC_MSG_RESULT(yes)],
278588d8 1071 [
ddceb1c8 1072 AC_MSG_RESULT(no)
278588d8 1073 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1074 ])
141fc639 1075 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1076 AC_TRY_COMPILE(
1077 [#include <stdio.h>
1078 #include <skey.h>],
1079 [(void)skeychallenge(NULL,"name","",0);],
1080 [AC_MSG_RESULT(yes)
3466e002 1081 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1082 [Define if your skeychallenge()
1083 function takes 4 arguments (NetBSD)])],
141fc639 1084 [AC_MSG_RESULT(no)]
1085 )
278588d8 1086 fi
1087 ]
1088)
1089
1090# Check whether user wants TCP wrappers support
98a7c37b 1091TCPW_MSG="no"
278588d8 1092AC_ARG_WITH(tcp-wrappers,
6ff3d0dc 1093 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
278588d8 1094 [
1095 if test "x$withval" != "xno" ; then
1096 saved_LIBS="$LIBS"
98a7c37b 1097 saved_LDFLAGS="$LDFLAGS"
1098 saved_CPPFLAGS="$CPPFLAGS"
4b492aab 1099 if test -n "${withval}" && \
6cf0200f 1100 test "x${withval}" != "xyes"; then
98a7c37b 1101 if test -d "${withval}/lib"; then
1102 if test -n "${need_dash_r}"; then
5a162955 1103 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
98a7c37b 1104 else
5a162955 1105 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
98a7c37b 1106 fi
1107 else
1108 if test -n "${need_dash_r}"; then
5a162955 1109 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
98a7c37b 1110 else
5a162955 1111 LDFLAGS="-L${withval} ${LDFLAGS}"
98a7c37b 1112 fi
1113 fi
1114 if test -d "${withval}/include"; then
5a162955 1115 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
98a7c37b 1116 else
5a162955 1117 CPPFLAGS="-I${withval} ${CPPFLAGS}"
98a7c37b 1118 fi
98a7c37b 1119 fi
e54defb4 1120 LIBS="-lwrap $LIBS"
278588d8 1121 AC_MSG_CHECKING(for libwrap)
1122 AC_TRY_LINK(
1123 [
77f09220 1124#include <sys/types.h>
1125#include <sys/socket.h>
1126#include <netinet/in.h>
278588d8 1127#include <tcpd.h>
1128 int deny_severity = 0, allow_severity = 0;
1129 ],
1130 [hosts_access(0);],
1131 [
1132 AC_MSG_RESULT(yes)
3466e002 1133 AC_DEFINE(LIBWRAP, 1,
1134 [Define if you want
1135 TCP Wrappers support])
e54defb4 1136 SSHDLIBS="$SSHDLIBS -lwrap"
98a7c37b 1137 TCPW_MSG="yes"
278588d8 1138 ],
1139 [
1140 AC_MSG_ERROR([*** libwrap missing])
1141 ]
1142 )
ddceb1c8 1143 LIBS="$saved_LIBS"
278588d8 1144 fi
1145 ]
1146)
1147
59031773 1148# Check whether user wants libedit support
1149LIBEDIT_MSG="no"
1150AC_ARG_WITH(libedit,
6ff3d0dc 1151 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
59031773 1152 [ if test "x$withval" != "xno" ; then
737edf04 1153 if test "x$withval" != "xyes"; then
bb116c8e 1154 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1155 if test -n "${need_dash_r}"; then
1156 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1157 else
1158 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1159 fi
737edf04 1160 fi
59031773 1161 AC_CHECK_LIB(edit, el_init,
3466e002 1162 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
59031773 1163 LIBEDIT="-ledit -lcurses"
1164 LIBEDIT_MSG="yes"
1165 AC_SUBST(LIBEDIT)
1166 ],
737edf04 1167 [ AC_MSG_ERROR(libedit not found) ],
1168 [ -lcurses ]
59031773 1169 )
f47ddccb 1170 AC_MSG_CHECKING(if libedit version is compatible)
d92622f9 1171 AC_COMPILE_IFELSE(
1172 [AC_LANG_SOURCE([[
1173#include <histedit.h>
f47ddccb 1174int main(void)
1175{
1176 int i = H_SETSIZE;
1177 el_init("", NULL, NULL, NULL);
1178 exit(0);
1179}
d92622f9 1180 ]])],
f47ddccb 1181 [ AC_MSG_RESULT(yes) ],
1182 [ AC_MSG_RESULT(no)
1183 AC_MSG_ERROR(libedit version is not compatible) ]
1184 )
59031773 1185 fi ]
1186)
1187
7b578f7d 1188AUDIT_MODULE=none
1189AC_ARG_WITH(audit,
1190 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1191 [
1192 AC_MSG_CHECKING(for supported audit module)
1193 case "$withval" in
1194 bsm)
1195 AC_MSG_RESULT(bsm)
1196 AUDIT_MODULE=bsm
1197 dnl Checks for headers, libs and functions
1198 AC_CHECK_HEADERS(bsm/audit.h, [],
a01f637d 1199 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1200 [
1201#ifdef HAVE_TIME_H
1202# include <time.h>
1203#endif
1204 ]
1205)
7b578f7d 1206 AC_CHECK_LIB(bsm, getaudit, [],
1207 [AC_MSG_ERROR(BSM enabled and required library not found)])
1208 AC_CHECK_FUNCS(getaudit, [],
1209 [AC_MSG_ERROR(BSM enabled and required function not found)])
1210 # These are optional
7939c496 1211 AC_CHECK_FUNCS(getaudit_addr)
3466e002 1212 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
7b578f7d 1213 ;;
1214 debug)
1215 AUDIT_MODULE=debug
1216 AC_MSG_RESULT(debug)
3466e002 1217 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
7b578f7d 1218 ;;
a2b3321d 1219 no)
d92622f9 1220 AC_MSG_RESULT(no)
a2b3321d 1221 ;;
7b578f7d 1222 *)
1223 AC_MSG_ERROR([Unknown audit module $withval])
1224 ;;
1225 esac ]
1226)
1227
19160674 1228dnl Checks for library functions. Please keep in alphabetical order
b04a9f8c 1229AC_CHECK_FUNCS( \
1230 arc4random \
9a406e1e 1231 asprintf \
b04a9f8c 1232 b64_ntop \
1233 __b64_ntop \
1234 b64_pton \
1235 __b64_pton \
1236 bcopy \
1237 bindresvport_sa \
1238 clock \
1239 closefrom \
1240 dirfd \
b04a9f8c 1241 fchmod \
1242 fchown \
1243 freeaddrinfo \
1244 futimes \
1245 getaddrinfo \
1246 getcwd \
1247 getgrouplist \
1248 getnameinfo \
1249 getopt \
1250 getpeereid \
1961d660 1251 getpeerucred \
b04a9f8c 1252 _getpty \
1253 getrlimit \
1254 getttyent \
1255 glob \
1256 inet_aton \
1257 inet_ntoa \
1258 inet_ntop \
1259 innetgr \
1260 login_getcapbool \
1261 md5_crypt \
1262 memmove \
1263 mkdtemp \
1264 mmap \
1265 ngetaddrinfo \
1266 nsleep \
1267 ogetaddrinfo \
1268 openlog_r \
1269 openpty \
1270 prctl \
1271 pstat \
1272 readpassphrase \
1273 realpath \
1274 recvmsg \
1275 rresvport_af \
1276 sendmsg \
1277 setdtablesize \
1278 setegid \
1279 setenv \
1280 seteuid \
1281 setgroups \
1282 setlogin \
1283 setpcred \
1284 setproctitle \
1285 setregid \
1286 setreuid \
1287 setrlimit \
1288 setsid \
1289 setvbuf \
1290 sigaction \
1291 sigvec \
1292 snprintf \
1293 socketpair \
1294 strdup \
1295 strerror \
1296 strlcat \
1297 strlcpy \
1298 strmode \
1299 strnvis \
1300 strtonum \
1e29a0c8 1301 strtoll \
b04a9f8c 1302 strtoul \
1aac2117 1303 swap32 \
b04a9f8c 1304 sysconf \
1305 tcgetpgrp \
1306 truncate \
1307 unsetenv \
1308 updwtmpx \
9a406e1e 1309 vasprintf \
b04a9f8c 1310 vhangup \
1311 vsnprintf \
1312 waitpid \
19160674 1313)
98a7c37b 1314
1a086f97 1315# IRIX has a const char return value for gai_strerror()
1316AC_CHECK_FUNCS(gai_strerror,[
1317 AC_DEFINE(HAVE_GAI_STRERROR)
1318 AC_TRY_COMPILE([
1319#include <sys/types.h>
1320#include <sys/socket.h>
1321#include <netdb.h>
1322
1323const char *gai_strerror(int);],[
1324char *str;
1325
1326str = gai_strerror(0);],[
1327 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1328 [Define if gai_strerror() returns const char *])])])
1329
3466e002 1330AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1331 [Some systems put nanosleep outside of libc]))
92b1decf 1332
309709db 1333dnl Make sure prototypes are defined for these before using them.
309709db 1334AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
0957c2cf 1335AC_CHECK_DECL(strsep,
1336 [AC_CHECK_FUNCS(strsep)],
1337 [],
1338 [
1339#ifdef HAVE_STRING_H
1340# include <string.h>
1341#endif
1342 ])
08412d26 1343
3490699c 1344dnl tcsendbreak might be a macro
1345AC_CHECK_DECL(tcsendbreak,
1346 [AC_DEFINE(HAVE_TCSENDBREAK)],
aff51935 1347 [AC_CHECK_FUNCS(tcsendbreak)],
3490699c 1348 [#include <termios.h>]
1349)
1350
41e0e158 1351AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1352
71f4c727 1353AC_CHECK_DECLS(SHUT_RD, , ,
1354 [
1355#include <sys/types.h>
1356#include <sys/socket.h>
1357 ])
956d6743 1358
1359AC_CHECK_DECLS(O_NONBLOCK, , ,
1360 [
1361#include <sys/types.h>
1362#ifdef HAVE_SYS_STAT_H
1363# include <sys/stat.h>
1364#endif
1365#ifdef HAVE_FCNTL_H
1366# include <fcntl.h>
1367#endif
1368 ])
1369
752994dd 1370AC_CHECK_DECLS(writev, , , [
1371#include <sys/types.h>
1372#include <sys/uio.h>
1373#include <unistd.h>
1374 ])
1375
0bf6279d 1376AC_CHECK_DECLS(MAXSYMLINKS, , , [
1377#include <sys/param.h>
1378 ])
1379
b41ece30 1380AC_CHECK_DECLS(offsetof, , , [
1381#include <stddef.h>
1382 ])
1383
3f176010 1384AC_CHECK_FUNCS(setresuid, [
1385 dnl Some platorms have setresuid that isn't implemented, test for this
1386 AC_MSG_CHECKING(if setresuid seems to work)
479cece8 1387 AC_RUN_IFELSE(
1388 [AC_LANG_SOURCE([[
9a3fe0e2 1389#include <stdlib.h>
1390#include <errno.h>
1391int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
479cece8 1392 ]])],
3f176010 1393 [AC_MSG_RESULT(yes)],
3466e002 1394 [AC_DEFINE(BROKEN_SETRESUID, 1,
1395 [Define if your setresuid() is broken])
1a01a50c 1396 AC_MSG_RESULT(not implemented)],
1397 [AC_MSG_WARN([cross compiling: not checking setresuid])]
3f176010 1398 )
1399])
9a3fe0e2 1400
3f176010 1401AC_CHECK_FUNCS(setresgid, [
1402 dnl Some platorms have setresgid that isn't implemented, test for this
1403 AC_MSG_CHECKING(if setresgid seems to work)
479cece8 1404 AC_RUN_IFELSE(
1405 [AC_LANG_SOURCE([[
9a3fe0e2 1406#include <stdlib.h>
1407#include <errno.h>
1408int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
479cece8 1409 ]])],
3f176010 1410 [AC_MSG_RESULT(yes)],
3466e002 1411 [AC_DEFINE(BROKEN_SETRESGID, 1,
1412 [Define if your setresgid() is broken])
1a01a50c 1413 AC_MSG_RESULT(not implemented)],
1414 [AC_MSG_WARN([cross compiling: not checking setresuid])]
3f176010 1415 )
1416])
9a3fe0e2 1417
2e73a022 1418dnl Checks for time functions
1d7b9b20 1419AC_CHECK_FUNCS(gettimeofday time)
2e73a022 1420dnl Checks for utmp functions
b03bd394 1421AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1d7b9b20 1422AC_CHECK_FUNCS(utmpname)
2e73a022 1423dnl Checks for utmpx functions
b03bd394 1424AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1d7b9b20 1425AC_CHECK_FUNCS(setutxent utmpxname)
76cd7316 1426
aff51935 1427AC_CHECK_FUNC(daemon,
3466e002 1428 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1429 [AC_CHECK_LIB(bsd, daemon,
1430 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
beb43d31 1431)
1432
aff51935 1433AC_CHECK_FUNC(getpagesize,
3466e002 1434 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1435 [Define if your libraries define getpagesize()])],
1436 [AC_CHECK_LIB(ucb, getpagesize,
1437 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
aa6bd60a 1438)
1439
2647ae26 1440# Check for broken snprintf
1441if test "x$ac_cv_func_snprintf" = "xyes" ; then
1442 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1a01a50c 1443 AC_RUN_IFELSE(
479cece8 1444 [AC_LANG_SOURCE([[
2647ae26 1445#include <stdio.h>
aec4cb4f 1446int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
479cece8 1447 ]])],
aff51935 1448 [AC_MSG_RESULT(yes)],
2647ae26 1449 [
1450 AC_MSG_RESULT(no)
3466e002 1451 AC_DEFINE(BROKEN_SNPRINTF, 1,
1452 [Define if your snprintf is busted])
2647ae26 1453 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1a01a50c 1454 ],
1455 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2647ae26 1456 )
1457fi
1458
9a406e1e 1459# If we don't have a working asprintf, then we strongly depend on vsnprintf
1460# returning the right thing on overflow: the number of characters it tried to
1461# create (as per SUSv3)
1462if test "x$ac_cv_func_asprintf" != "xyes" && \
1463 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1464 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1465 AC_RUN_IFELSE(
1466 [AC_LANG_SOURCE([[
1467#include <sys/types.h>
1468#include <stdio.h>
1469#include <stdarg.h>
1470
1471int x_snprintf(char *str,size_t count,const char *fmt,...)
1472{
1473 size_t ret; va_list ap;
1474 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1475 return ret;
1476}
1477int main(void)
1478{
1479 char x[1];
1480 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1481} ]])],
1482 [AC_MSG_RESULT(yes)],
1483 [
1484 AC_MSG_RESULT(no)
1485 AC_DEFINE(BROKEN_SNPRINTF, 1,
1486 [Define if your snprintf is busted])
1487 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1488 ],
1489 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1490 )
1491fi
1492
31b0732a 1493# On systems where [v]snprintf is broken, but is declared in stdio,
1494# check that the fmt argument is const char * or just char *.
1495# This is only useful for when BROKEN_SNPRINTF
1496AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1497AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1498 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1499 int main(void) { snprintf(0, 0, 0); }
1500 ]])],
1501 [AC_MSG_RESULT(yes)
1502 AC_DEFINE(SNPRINTF_CONST, [const],
1503 [Define as const if snprintf() can declare const char *fmt])],
1504 [AC_MSG_RESULT(no)
1505 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1506
2f6f9cff 1507# Check for missing getpeereid (or equiv) support
1508NO_PEERCHECK=""
1961d660 1509if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2f6f9cff 1510 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1511 AC_TRY_COMPILE(
1512 [#include <sys/types.h>
1513 #include <sys/socket.h>],
1514 [int i = SO_PEERCRED;],
62eb7db4 1515 [ AC_MSG_RESULT(yes)
3466e002 1516 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
62eb7db4 1517 ],
2f6f9cff 1518 [AC_MSG_RESULT(no)
1519 NO_PEERCHECK=1]
1520 )
1521fi
1522
70e7d0b0 1523dnl see whether mkstemp() requires XXXXXX
1524if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1525AC_MSG_CHECKING([for (overly) strict mkstemp])
b0e7249f 1526AC_RUN_IFELSE(
1527 [AC_LANG_SOURCE([[
70e7d0b0 1528#include <stdlib.h>
1529main() { char template[]="conftest.mkstemp-test";
1530if (mkstemp(template) == -1)
1531 exit(1);
1532unlink(template); exit(0);
1533}
b0e7249f 1534 ]])],
70e7d0b0 1535 [
1536 AC_MSG_RESULT(no)
1537 ],
aff51935 1538 [
70e7d0b0 1539 AC_MSG_RESULT(yes)
3466e002 1540 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
70e7d0b0 1541 ],
1542 [
1543 AC_MSG_RESULT(yes)
1544 AC_DEFINE(HAVE_STRICT_MKSTEMP)
aff51935 1545 ]
70e7d0b0 1546)
1547fi
1548
eacb954e 1549dnl make sure that openpty does not reacquire controlling terminal
1550if test ! -z "$check_for_openpty_ctty_bug"; then
1551 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
b0e7249f 1552 AC_RUN_IFELSE(
1553 [AC_LANG_SOURCE([[
eacb954e 1554#include <stdio.h>
1555#include <sys/fcntl.h>
1556#include <sys/types.h>
1557#include <sys/wait.h>
1558
1559int
1560main()
1561{
1562 pid_t pid;
1563 int fd, ptyfd, ttyfd, status;
1564
1565 pid = fork();
1566 if (pid < 0) { /* failed */
1567 exit(1);
1568 } else if (pid > 0) { /* parent */
1569 waitpid(pid, &status, 0);
aff51935 1570 if (WIFEXITED(status))
eacb954e 1571 exit(WEXITSTATUS(status));
1572 else
1573 exit(2);
1574 } else { /* child */
1575 close(0); close(1); close(2);
1576 setsid();
1577 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1578 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1579 if (fd >= 0)
1580 exit(3); /* Acquired ctty: broken */
1581 else
1582 exit(0); /* Did not acquire ctty: OK */
1583 }
1584}
b0e7249f 1585 ]])],
eacb954e 1586 [
1587 AC_MSG_RESULT(yes)
1588 ],
1589 [
1590 AC_MSG_RESULT(no)
1591 AC_DEFINE(SSHD_ACQUIRES_CTTY)
b0e7249f 1592 ],
1593 [
1594 AC_MSG_RESULT(cross-compiling, assuming yes)
eacb954e 1595 ]
1596 )
1597fi
1598
4b492aab 1599if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1600 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2fe51906 1601 AC_MSG_CHECKING(if getaddrinfo seems to work)
b0e7249f 1602 AC_RUN_IFELSE(
1603 [AC_LANG_SOURCE([[
2fe51906 1604#include <stdio.h>
1605#include <sys/socket.h>
1606#include <netdb.h>
1607#include <errno.h>
1608#include <netinet/in.h>
1609
1610#define TEST_PORT "2222"
1611
1612int
1613main(void)
1614{
1615 int err, sock;
1616 struct addrinfo *gai_ai, *ai, hints;
1617 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1618
1619 memset(&hints, 0, sizeof(hints));
1620 hints.ai_family = PF_UNSPEC;
1621 hints.ai_socktype = SOCK_STREAM;
1622 hints.ai_flags = AI_PASSIVE;
1623
1624 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1625 if (err != 0) {
1626 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1627 exit(1);
1628 }
1629
1630 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1631 if (ai->ai_family != AF_INET6)
1632 continue;
1633
1634 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1635 sizeof(ntop), strport, sizeof(strport),
1636 NI_NUMERICHOST|NI_NUMERICSERV);
1637
1638 if (err != 0) {
1639 if (err == EAI_SYSTEM)
1640 perror("getnameinfo EAI_SYSTEM");
1641 else
1642 fprintf(stderr, "getnameinfo failed: %s\n",
1643 gai_strerror(err));
1644 exit(2);
1645 }
1646
1647 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1648 if (sock < 0)
1649 perror("socket");
1650 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1651 if (errno == EBADF)
1652 exit(3);
1653 }
1654 }
1655 exit(0);
1656}
b0e7249f 1657 ]])],
2fe51906 1658 [
1659 AC_MSG_RESULT(yes)
1660 ],
1661 [
1662 AC_MSG_RESULT(no)
1663 AC_DEFINE(BROKEN_GETADDRINFO)
b0e7249f 1664 ],
1665 [
1666 AC_MSG_RESULT(cross-compiling, assuming yes)
2fe51906 1667 ]
1668 )
1669fi
1670
4b492aab 1671if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1672 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
5ccf88cb 1673 AC_MSG_CHECKING(if getaddrinfo seems to work)
b0e7249f 1674 AC_RUN_IFELSE(
1675 [AC_LANG_SOURCE([[
5ccf88cb 1676#include <stdio.h>
1677#include <sys/socket.h>
1678#include <netdb.h>
1679#include <errno.h>
1680#include <netinet/in.h>
1681
1682#define TEST_PORT "2222"
1683
1684int
1685main(void)
1686{
1687 int err, sock;
1688 struct addrinfo *gai_ai, *ai, hints;
1689 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1690
1691 memset(&hints, 0, sizeof(hints));
1692 hints.ai_family = PF_UNSPEC;
1693 hints.ai_socktype = SOCK_STREAM;
1694 hints.ai_flags = AI_PASSIVE;
1695
1696 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1697 if (err != 0) {
1698 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1699 exit(1);
1700 }
1701
1702 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1703 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1704 continue;
1705
1706 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1707 sizeof(ntop), strport, sizeof(strport),
1708 NI_NUMERICHOST|NI_NUMERICSERV);
1709
1710 if (ai->ai_family == AF_INET && err != 0) {
1711 perror("getnameinfo");
1712 exit(2);
1713 }
1714 }
1715 exit(0);
1716}
b0e7249f 1717 ]])],
5ccf88cb 1718 [
1719 AC_MSG_RESULT(yes)
3466e002 1720 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1721 [Define if you have a getaddrinfo that fails
1722 for the all-zeros IPv6 address])
5ccf88cb 1723 ],
1724 [
1725 AC_MSG_RESULT(no)
1726 AC_DEFINE(BROKEN_GETADDRINFO)
b0e7249f 1727 ],
ecd9ec09 1728 [
b0e7249f 1729 AC_MSG_RESULT(cross-compiling, assuming no)
5ccf88cb 1730 ]
1731 )
1732fi
1733
b29fd59f 1734if test "x$check_for_conflicting_getspnam" = "x1"; then
1735 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1736 AC_COMPILE_IFELSE(
1737 [
1738#include <shadow.h>
1739int main(void) {exit(0);}
1740 ],
1741 [
1742 AC_MSG_RESULT(no)
1743 ],
1744 [
1745 AC_MSG_RESULT(yes)
1746 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1747 [Conflicting defs for getspnam])
1748 ]
1749 )
1750fi
1751
7f8f5e00 1752AC_FUNC_GETPGRP
1753
5b991353 1754# Search for OpenSSL
1755saved_CPPFLAGS="$CPPFLAGS"
1756saved_LDFLAGS="$LDFLAGS"
a0391976 1757AC_ARG_WITH(ssl-dir,
1758 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1759 [
e9e4a1c7 1760 if test "x$withval" != "xno" ; then
99eb0f64 1761 case "$withval" in
1762 # Relative paths
1763 ./*|../*) withval="`pwd`/$withval"
1764 esac
5b991353 1765 if test -d "$withval/lib"; then
1766 if test -n "${need_dash_r}"; then
1767 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1768 else
1769 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
d6f13fbb 1770 fi
1771 else
5b991353 1772 if test -n "${need_dash_r}"; then
1773 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1774 else
1775 LDFLAGS="-L${withval} ${LDFLAGS}"
d6f13fbb 1776 fi
1777 fi
5b991353 1778 if test -d "$withval/include"; then
1779 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
d6f13fbb 1780 else
5b991353 1781 CPPFLAGS="-I${withval} ${CPPFLAGS}"
58d100bf 1782 fi
a0391976 1783 fi
5b991353 1784 ]
1785)
5486a457 1786LIBS="-lcrypto $LIBS"
3466e002 1787AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1788 [Define if your ssl headers are included
1789 with #include <openssl/header.h>]),
d45e3d76 1790 [
5b991353 1791 dnl Check default openssl install dir
1792 if test -n "${need_dash_r}"; then
1793 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
d45e3d76 1794 else
5b991353 1795 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
d45e3d76 1796 fi
5b991353 1797 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1798 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1799 [
1800 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1801 ]
1802 )
1803 ]
1804)
1805
cd018561 1806# Determine OpenSSL header version
1807AC_MSG_CHECKING([OpenSSL header version])
1a01a50c 1808AC_RUN_IFELSE(
479cece8 1809 [AC_LANG_SOURCE([[
cd018561 1810#include <stdio.h>
1811#include <string.h>
1812#include <openssl/opensslv.h>
1813#define DATA "conftest.sslincver"
1814int main(void) {
aff51935 1815 FILE *fd;
1816 int rc;
cd018561 1817
aff51935 1818 fd = fopen(DATA,"w");
1819 if(fd == NULL)
1820 exit(1);
cd018561 1821
1822 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1823 exit(1);
1824
1825 exit(0);
1826}
479cece8 1827 ]])],
cd018561 1828 [
1829 ssl_header_ver=`cat conftest.sslincver`
1830 AC_MSG_RESULT($ssl_header_ver)
1831 ],
1832 [
1833 AC_MSG_RESULT(not found)
1834 AC_MSG_ERROR(OpenSSL version header not found.)
1a01a50c 1835 ],
1836 [
1837 AC_MSG_WARN([cross compiling: not checking])
cd018561 1838 ]
1839)
1840
1841# Determine OpenSSL library version
1842AC_MSG_CHECKING([OpenSSL library version])
1a01a50c 1843AC_RUN_IFELSE(
479cece8 1844 [AC_LANG_SOURCE([[
cd018561 1845#include <stdio.h>
1846#include <string.h>
1847#include <openssl/opensslv.h>
1848#include <openssl/crypto.h>
1849#define DATA "conftest.ssllibver"
1850int main(void) {
aff51935 1851 FILE *fd;
1852 int rc;
cd018561 1853
aff51935 1854 fd = fopen(DATA,"w");
1855 if(fd == NULL)
1856 exit(1);
cd018561 1857
1858 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1859 exit(1);
1860
1861 exit(0);
1862}
479cece8 1863 ]])],
cd018561 1864 [
1865 ssl_library_ver=`cat conftest.ssllibver`
1866 AC_MSG_RESULT($ssl_library_ver)
1867 ],
1868 [
1869 AC_MSG_RESULT(not found)
1870 AC_MSG_ERROR(OpenSSL library not found.)
1a01a50c 1871 ],
1872 [
1873 AC_MSG_WARN([cross compiling: not checking])
cd018561 1874 ]
1875)
58d100bf 1876
1d42bcce 1877AC_ARG_WITH(openssl-header-check,
1878 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1879 [ if test "x$withval" = "xno" ; then
1880 openssl_check_nonfatal=1
1881 fi
1882 ]
1883)
1884
9780116c 1885# Sanity check OpenSSL headers
1886AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1a01a50c 1887AC_RUN_IFELSE(
479cece8 1888 [AC_LANG_SOURCE([[
9780116c 1889#include <string.h>
1890#include <openssl/opensslv.h>
aec4cb4f 1891int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
479cece8 1892 ]])],
9780116c 1893 [
1894 AC_MSG_RESULT(yes)
1895 ],
1896 [
1897 AC_MSG_RESULT(no)
1d42bcce 1898 if test "x$openssl_check_nonfatal" = "x"; then
1899 AC_MSG_ERROR([Your OpenSSL headers do not match your
1900library. Check config.log for details.
1901If you are sure your installation is consistent, you can disable the check
1902by running "./configure --without-openssl-header-check".
1903Also see contrib/findssl.sh for help identifying header/library mismatches.
1904])
1905 else
1906 AC_MSG_WARN([Your OpenSSL headers do not match your
1907library. Check config.log for details.
e15ba28b 1908Also see contrib/findssl.sh for help identifying header/library mismatches.])
1d42bcce 1909 fi
1a01a50c 1910 ],
1911 [
1912 AC_MSG_WARN([cross compiling: not checking])
9780116c 1913 ]
1914)
1915
282d6408 1916AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1917AC_LINK_IFELSE(
1918 [AC_LANG_SOURCE([[
1919#include <openssl/evp.h>
1920int main(void) { SSLeay_add_all_algorithms(); }
1921 ]])],
1922 [
1923 AC_MSG_RESULT(yes)
1924 ],
1925 [
1926 AC_MSG_RESULT(no)
1927 saved_LIBS="$LIBS"
1928 LIBS="$LIBS -ldl"
1929 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1930 AC_LINK_IFELSE(
1931 [AC_LANG_SOURCE([[
1932#include <openssl/evp.h>
1933int main(void) { SSLeay_add_all_algorithms(); }
1934 ]])],
1935 [
1936 AC_MSG_RESULT(yes)
1937 ],
1938 [
1939 AC_MSG_RESULT(no)
1940 LIBS="$saved_LIBS"
1941 ]
1942 )
1943 ]
1944)
1945
c7ad0d99 1946AC_ARG_WITH(ssl-engine,
1947 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1948 [ if test "x$withval" != "xno" ; then
1949 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1950 AC_TRY_COMPILE(
1951 [ #include <openssl/engine.h>],
1952 [
24b2647b 1953ENGINE_load_builtin_engines();ENGINE_register_all_complete();
c7ad0d99 1954 ],
1955 [ AC_MSG_RESULT(yes)
1956 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1957 [Enable OpenSSL engine support])
1958 ],
1959 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1960 )
1961 fi ]
1962)
1963
e5146707 1964# Check for OpenSSL without EVP_aes_{192,256}_cbc
1965AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3e05aa50 1966AC_LINK_IFELSE(
e5146707 1967 [AC_LANG_SOURCE([[
1968#include <string.h>
1969#include <openssl/evp.h>
300ea548 1970int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
e5146707 1971 ]])],
1972 [
1973 AC_MSG_RESULT(no)
1974 ],
1975 [
1976 AC_MSG_RESULT(yes)
1977 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1978 [libcrypto is missing AES 192 and 256 bit functions])
1979 ]
1980)
1981
5486a457 1982# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1983# because the system crypt() is more featureful.
1984if test "x$check_for_libcrypt_before" = "x1"; then
1985 AC_CHECK_LIB(crypt, crypt)
1986fi
1987
aff51935 1988# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
8087c5ee 1989# version in OpenSSL.
05114c74 1990if test "x$check_for_libcrypt_later" = "x1"; then
20cad736 1991 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
717057b6 1992fi
1993
13ff27b7 1994# Search for SHA256 support in libc and/or OpenSSL
1995AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1996
a03acb8f 1997saved_LIBS="$LIBS"
1998AC_CHECK_LIB(iaf, ia_openinfo, [
1999 LIBS="$LIBS -liaf"
2000 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
2001])
2002LIBS="$saved_LIBS"
f1b0ecc3 2003
2004### Configure cryptographic random number support
2005
2006# Check wheter OpenSSL seeds itself
2007AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1a01a50c 2008AC_RUN_IFELSE(
479cece8 2009 [AC_LANG_SOURCE([[
f1b0ecc3 2010#include <string.h>
2011#include <openssl/rand.h>
aec4cb4f 2012int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
479cece8 2013 ]])],
f1b0ecc3 2014 [
2015 OPENSSL_SEEDS_ITSELF=yes
2016 AC_MSG_RESULT(yes)
2017 ],
2018 [
2019 AC_MSG_RESULT(no)
2020 # Default to use of the rand helper if OpenSSL doesn't
2021 # seed itself
2022 USE_RAND_HELPER=yes
1a01a50c 2023 ],
2024 [
2025 AC_MSG_WARN([cross compiling: assuming yes])
2026 # This is safe, since all recent OpenSSL versions will
82f4e93d 2027 # complain at runtime if not seeded correctly.
1a01a50c 2028 OPENSSL_SEEDS_ITSELF=yes
f1b0ecc3 2029 ]
2030)
2031
a086f73b 2032# Check for PAM libs
2033PAM_MSG="no"
2034AC_ARG_WITH(pam,
2035 [ --with-pam Enable PAM support ],
2036 [
2037 if test "x$withval" != "xno" ; then
2038 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2039 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2040 AC_MSG_ERROR([PAM headers not found])
2041 fi
2042
2043 saved_LIBS="$LIBS"
2044 AC_CHECK_LIB(dl, dlopen, , )
2045 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2046 AC_CHECK_FUNCS(pam_getenvlist)
2047 AC_CHECK_FUNCS(pam_putenv)
2048 LIBS="$saved_LIBS"
2049
2050 PAM_MSG="yes"
2051
e54defb4 2052 SSHDLIBS="$SSHDLIBS -lpam"
a086f73b 2053 AC_DEFINE(USE_PAM, 1,
2054 [Define if you want to enable PAM support])
282d6408 2055
a086f73b 2056 if test $ac_cv_lib_dl_dlopen = yes; then
282d6408 2057 case "$LIBS" in
2058 *-ldl*)
2059 # libdl already in LIBS
2060 ;;
2061 *)
e54defb4 2062 SSHDLIBS="$SSHDLIBS -ldl"
282d6408 2063 ;;
2064 esac
a086f73b 2065 fi
a086f73b 2066 fi
2067 ]
2068)
2069
2070# Check for older PAM
2071if test "x$PAM_MSG" = "xyes" ; then
2072 # Check PAM strerror arguments (old PAM)
2073 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2074 AC_TRY_COMPILE(
2075 [
2076#include <stdlib.h>
2077#if defined(HAVE_SECURITY_PAM_APPL_H)
2078#include <security/pam_appl.h>
2079#elif defined (HAVE_PAM_PAM_APPL_H)
2080#include <pam/pam_appl.h>
2081#endif
2082 ],
2083 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2084 [AC_MSG_RESULT(no)],
2085 [
2086 AC_DEFINE(HAVE_OLD_PAM, 1,
2087 [Define if you have an old version of PAM
2088 which takes only one argument to pam_strerror])
2089 AC_MSG_RESULT(yes)
2090 PAM_MSG="yes (old library)"
2091 ]
2092 )
2093fi
f1b0ecc3 2094
2095# Do we want to force the use of the rand helper?
2096AC_ARG_WITH(rand-helper,
2097 [ --with-rand-helper Use subprocess to gather strong randomness ],
2098 [
2099 if test "x$withval" = "xno" ; then
aff51935 2100 # Force use of OpenSSL's internal RNG, even if
f1b0ecc3 2101 # the previous test showed it to be unseeded.
2102 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2103 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2104 OPENSSL_SEEDS_ITSELF=yes
2105 USE_RAND_HELPER=""
2106 fi
2107 else
2108 USE_RAND_HELPER=yes
2109 fi
2110 ],
82f4e93d 2111)
f1b0ecc3 2112
2113# Which randomness source do we use?
4b492aab 2114if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
f1b0ecc3 2115 # OpenSSL only
3466e002 2116 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2117 [Define if you want OpenSSL's internally seeded PRNG only])
f1b0ecc3 2118 RAND_MSG="OpenSSL internal ONLY"
2119 INSTALL_SSH_RAND_HELPER=""
70e2f2f3 2120elif test ! -z "$USE_RAND_HELPER" ; then
2121 # install rand helper
f1b0ecc3 2122 RAND_MSG="ssh-rand-helper"
2123 INSTALL_SSH_RAND_HELPER="yes"
2124fi
2125AC_SUBST(INSTALL_SSH_RAND_HELPER)
2126
2127### Configuration of ssh-rand-helper
2128
2129# PRNGD TCP socket
2130AC_ARG_WITH(prngd-port,
2131 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2132 [
eb5d7ff6 2133 case "$withval" in
2134 no)
2135 withval=""
2136 ;;
2137 [[0-9]]*)
2138 ;;
2139 *)
2140 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2141 ;;
2142 esac
2143 if test ! -z "$withval" ; then
f1b0ecc3 2144 PRNGD_PORT="$withval"
3466e002 2145 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2146 [Port number of PRNGD/EGD random number socket])
f1b0ecc3 2147 fi
2148 ]
2149)
2150
2151# PRNGD Unix domain socket
2152AC_ARG_WITH(prngd-socket,
2153 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2154 [
eb5d7ff6 2155 case "$withval" in
2156 yes)
f1b0ecc3 2157 withval="/var/run/egd-pool"
eb5d7ff6 2158 ;;
2159 no)
2160 withval=""
2161 ;;
2162 /*)
2163 ;;
2164 *)
2165 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2166 ;;
2167 esac
2168
2169 if test ! -z "$withval" ; then
f1b0ecc3 2170 if test ! -z "$PRNGD_PORT" ; then
2171 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2172 fi
906e811b 2173 if test ! -r "$withval" ; then
f1b0ecc3 2174 AC_MSG_WARN(Entropy socket is not readable)
2175 fi
2176 PRNGD_SOCKET="$withval"
3466e002 2177 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2178 [Location of PRNGD/EGD random number socket])
f1b0ecc3 2179 fi
ddceb1c8 2180 ],
2181 [
2182 # Check for existing socket only if we don't have a random device already
2183 if test "$USE_RAND_HELPER" = yes ; then
2184 AC_MSG_CHECKING(for PRNGD/EGD socket)
2185 # Insert other locations here
2186 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2187 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2188 PRNGD_SOCKET="$sock"
2189 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2190 break;
2191 fi
2192 done
2193 if test ! -z "$PRNGD_SOCKET" ; then
2194 AC_MSG_RESULT($PRNGD_SOCKET)
2195 else
2196 AC_MSG_RESULT(not found)
2197 fi
2198 fi
f1b0ecc3 2199 ]
2200)
2201
2202# Change default command timeout for hashing entropy source
2203entropy_timeout=200
2204AC_ARG_WITH(entropy-timeout,
2205 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2206 [
6cf0200f 2207 if test -n "$withval" && test "x$withval" != "xno" && \
2208 test "x${withval}" != "xyes"; then
f1b0ecc3 2209 entropy_timeout=$withval
2210 fi
82f4e93d 2211 ]
f1b0ecc3 2212)
3466e002 2213AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2214 [Builtin PRNG command timeout])
f1b0ecc3 2215
fd3cbf67 2216SSH_PRIVSEP_USER=sshd
9a0fbcb3 2217AC_ARG_WITH(privsep-user,
5222e7ef 2218 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
9a0fbcb3 2219 [
6cf0200f 2220 if test -n "$withval" && test "x$withval" != "xno" && \
2221 test "x${withval}" != "xyes"; then
fd3cbf67 2222 SSH_PRIVSEP_USER=$withval
9a0fbcb3 2223 fi
82f4e93d 2224 ]
9a0fbcb3 2225)
3466e002 2226AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2227 [non-privileged user for privilege separation])
fd3cbf67 2228AC_SUBST(SSH_PRIVSEP_USER)
9a0fbcb3 2229
81dadca3 2230# We do this little dance with the search path to insure
2231# that programs that we select for use by installed programs
2232# (which may be run by the super-user) come from trusted
2233# locations before they come from the user's private area.
2234# This should help avoid accidentally configuring some
2235# random version of a program in someone's personal bin.
2236
2237OPATH=$PATH
2238PATH=/bin:/usr/bin
f95c8ce8 2239test -h /bin 2> /dev/null && PATH=/usr/bin
81dadca3 2240test -d /sbin && PATH=$PATH:/sbin
2241test -d /usr/sbin && PATH=$PATH:/usr/sbin
2242PATH=$PATH:/etc:$OPATH
2243
aff51935 2244# These programs are used by the command hashing source to gather entropy
f1b0ecc3 2245OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2246OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2247OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2248OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2249OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2250OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2251OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2252OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2253OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2254OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2255OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2256OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2257OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2258OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2259OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2260OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
81dadca3 2261# restore PATH
2262PATH=$OPATH
f1b0ecc3 2263
2264# Where does ssh-rand-helper get its randomness from?
2265INSTALL_SSH_PRNG_CMDS=""
2266if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2267 if test ! -z "$PRNGD_PORT" ; then
2268 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2269 elif test ! -z "$PRNGD_SOCKET" ; then
2270 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2271 else
2272 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2273 RAND_HELPER_CMDHASH=yes
2274 INSTALL_SSH_PRNG_CMDS="yes"
2275 fi
2276fi
2277AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2278
2279
66d6c27e 2280# Cheap hack to ensure NEWS-OS libraries are arranged right.
2281if test ! -z "$SONY" ; then
2282 LIBS="$LIBS -liberty";
2283fi
2284
9a406e1e 2285# Check for long long datatypes
2286AC_CHECK_TYPES([long long, unsigned long long, long double])
2287
2288# Check datatype sizes
976f7e19 2289AC_CHECK_SIZEOF(char, 1)
2b942fe0 2290AC_CHECK_SIZEOF(short int, 2)
2291AC_CHECK_SIZEOF(int, 4)
2292AC_CHECK_SIZEOF(long int, 4)
2293AC_CHECK_SIZEOF(long long int, 8)
2294
52f1ccb2 2295# Sanity check long long for some platforms (AIX)
2296if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2297 ac_cv_sizeof_long_long_int=0
2298fi
2299
90f15776 2300# compute LLONG_MIN and LLONG_MAX if we don't know them.
2301if test -z "$have_llong_max"; then
2302 AC_MSG_CHECKING([for max value of long long])
2303 AC_RUN_IFELSE(
2304 [AC_LANG_SOURCE([[
2305#include <stdio.h>
2306/* Why is this so damn hard? */
2307#ifdef __GNUC__
2308# undef __GNUC__
2309#endif
2310#define __USE_ISOC99
2311#include <limits.h>
2312#define DATA "conftest.llminmax"
055252ed 2313#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2314
2315/*
2316 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2317 * we do this the hard way.
2318 */
2319static int
2320fprint_ll(FILE *f, long long n)
2321{
2322 unsigned int i;
2323 int l[sizeof(long long) * 8];
2324
2325 if (n < 0)
2326 if (fprintf(f, "-") < 0)
2327 return -1;
2328 for (i = 0; n != 0; i++) {
2329 l[i] = my_abs(n % 10);
2330 n /= 10;
2331 }
2332 do {
2333 if (fprintf(f, "%d", l[--i]) < 0)
2334 return -1;
2335 } while (i != 0);
2336 if (fprintf(f, " ") < 0)
2337 return -1;
2338 return 0;
2339}
2340
90f15776 2341int main(void) {
2342 FILE *f;
2343 long long i, llmin, llmax = 0;
2344
2345 if((f = fopen(DATA,"w")) == NULL)
2346 exit(1);
2347
2348#if defined(LLONG_MIN) && defined(LLONG_MAX)
2349 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2350 llmin = LLONG_MIN;
2351 llmax = LLONG_MAX;
2352#else
2353 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2354 /* This will work on one's complement and two's complement */
2355 for (i = 1; i > llmax; i <<= 1, i++)
2356 llmax = i;
2357 llmin = llmax + 1LL; /* wrap */
2358#endif
2359
2360 /* Sanity check */
2361 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
055252ed 2362 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2363 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
90f15776 2364 fprintf(f, "unknown unknown\n");
2365 exit(2);
2366 }
2367
055252ed 2368 if (fprint_ll(f, llmin) < 0)
90f15776 2369 exit(3);
055252ed 2370 if (fprint_ll(f, llmax) < 0)
2371 exit(4);
2372 if (fclose(f) < 0)
2373 exit(5);
90f15776 2374 exit(0);
2375}
2376 ]])],
2377 [
2378 llong_min=`$AWK '{print $1}' conftest.llminmax`
2379 llong_max=`$AWK '{print $2}' conftest.llminmax`
2380
90f15776 2381 AC_MSG_RESULT($llong_max)
2382 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2383 [max value of long long calculated by configure])
2384 AC_MSG_CHECKING([for min value of long long])
2385 AC_MSG_RESULT($llong_min)
2386 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2387 [min value of long long calculated by configure])
2388 ],
2389 [
2390 AC_MSG_RESULT(not found)
2391 ],
2392 [
2393 AC_MSG_WARN([cross compiling: not checking])
2394 ]
2395 )
2396fi
2397
2398
a0391976 2399# More checks for data types
14a9a859 2400AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2401 AC_TRY_COMPILE(
aff51935 2402 [ #include <sys/types.h> ],
2403 [ u_int a; a = 1;],
14a9a859 2404 [ ac_cv_have_u_int="yes" ],
2405 [ ac_cv_have_u_int="no" ]
2406 )
2407])
2408if test "x$ac_cv_have_u_int" = "xyes" ; then
3466e002 2409 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
14a9a859 2410 have_u_int=1
2411fi
2412
58d100bf 2413AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2414 AC_TRY_COMPILE(
aff51935 2415 [ #include <sys/types.h> ],
2416 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
58d100bf 2417 [ ac_cv_have_intxx_t="yes" ],
2418 [ ac_cv_have_intxx_t="no" ]
2419 )
2420])
2421if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3466e002 2422 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
58d100bf 2423 have_intxx_t=1
2424fi
41cb4569 2425
2426if (test -z "$have_intxx_t" && \
aff51935 2427 test "x$ac_cv_header_stdint_h" = "xyes")
41cb4569 2428then
2429 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2430 AC_TRY_COMPILE(
aff51935 2431 [ #include <stdint.h> ],
2432 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
41cb4569 2433 [
2434 AC_DEFINE(HAVE_INTXX_T)
2435 AC_MSG_RESULT(yes)
2436 ],
2437 [ AC_MSG_RESULT(no) ]
2438 )
2439fi
2440
bd590612 2441AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2442 AC_TRY_COMPILE(
1cbbe6c8 2443 [
2444#include <sys/types.h>
2445#ifdef HAVE_STDINT_H
2446# include <stdint.h>
2447#endif
2448#include <sys/socket.h>
2449#ifdef HAVE_SYS_BITYPES_H
2450# include <sys/bitypes.h>
2451#endif
aff51935 2452 ],
2453 [ int64_t a; a = 1;],
bd590612 2454 [ ac_cv_have_int64_t="yes" ],
2455 [ ac_cv_have_int64_t="no" ]
2456 )
2457])
2458if test "x$ac_cv_have_int64_t" = "xyes" ; then
3466e002 2459 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
ddceb1c8 2460fi
2461
58d100bf 2462AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2463 AC_TRY_COMPILE(
aff51935 2464 [ #include <sys/types.h> ],
2465 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
58d100bf 2466 [ ac_cv_have_u_intxx_t="yes" ],
2467 [ ac_cv_have_u_intxx_t="no" ]
2468 )
2469])
2470if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3466e002 2471 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
58d100bf 2472 have_u_intxx_t=1
2473fi
2b942fe0 2474
41cb4569 2475if test -z "$have_u_intxx_t" ; then
2476 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2477 AC_TRY_COMPILE(
aff51935 2478 [ #include <sys/socket.h> ],
2479 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
41cb4569 2480 [
2481 AC_DEFINE(HAVE_U_INTXX_T)
2482 AC_MSG_RESULT(yes)
2483 ],
2484 [ AC_MSG_RESULT(no) ]
2485 )
2486fi
2487
bd590612 2488AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2489 AC_TRY_COMPILE(
aff51935 2490 [ #include <sys/types.h> ],
2491 [ u_int64_t a; a = 1;],
bd590612 2492 [ ac_cv_have_u_int64_t="yes" ],
2493 [ ac_cv_have_u_int64_t="no" ]
2494 )
2495])
2496if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3466e002 2497 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
bd590612 2498 have_u_int64_t=1
2499fi
2500
ddceb1c8 2501if test -z "$have_u_int64_t" ; then
2502 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2503 AC_TRY_COMPILE(
aff51935 2504 [ #include <sys/bitypes.h> ],
ddceb1c8 2505 [ u_int64_t a; a = 1],
2506 [
2507 AC_DEFINE(HAVE_U_INT64_T)
2508 AC_MSG_RESULT(yes)
2509 ],
2510 [ AC_MSG_RESULT(no) ]
2511 )
2512fi
2513
41cb4569 2514if test -z "$have_u_intxx_t" ; then
2515 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2516 AC_TRY_COMPILE(
2517 [
2518#include <sys/types.h>
aff51935 2519 ],
2520 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
41cb4569 2521 [ ac_cv_have_uintxx_t="yes" ],
2522 [ ac_cv_have_uintxx_t="no" ]
2523 )
2524 ])
2525 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3466e002 2526 AC_DEFINE(HAVE_UINTXX_T, 1,
2527 [define if you have uintxx_t data type])
41cb4569 2528 fi
2529fi
2530
2531if test -z "$have_uintxx_t" ; then
2532 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2533 AC_TRY_COMPILE(
aff51935 2534 [ #include <stdint.h> ],
2535 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
41cb4569 2536 [
2537 AC_DEFINE(HAVE_UINTXX_T)
2538 AC_MSG_RESULT(yes)
2539 ],
2540 [ AC_MSG_RESULT(no) ]
2541 )
2542fi
2543
e5fe9a1f 2544if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
aff51935 2545 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
5cdfe03f 2546then
2547 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2548 AC_TRY_COMPILE(
58d100bf 2549 [
2550#include <sys/bitypes.h>
aff51935 2551 ],
5cdfe03f 2552 [
837c30b8 2553 int8_t a; int16_t b; int32_t c;
2554 u_int8_t e; u_int16_t f; u_int32_t g;
2555 a = b = c = e = f = g = 1;
aff51935 2556 ],
5cdfe03f 2557 [
2558 AC_DEFINE(HAVE_U_INTXX_T)
2559 AC_DEFINE(HAVE_INTXX_T)
2560 AC_MSG_RESULT(yes)
2561 ],
2562 [AC_MSG_RESULT(no)]
aff51935 2563 )
5cdfe03f 2564fi
2565
0362750e 2566
2567AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2568 AC_TRY_COMPILE(
2569 [
2570#include <sys/types.h>
2571 ],
2572 [ u_char foo; foo = 125; ],
2573 [ ac_cv_have_u_char="yes" ],
2574 [ ac_cv_have_u_char="no" ]
2575 )
2576])
2577if test "x$ac_cv_have_u_char" = "xyes" ; then
3466e002 2578 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
0362750e 2579fi
2580
98a7c37b 2581TYPE_SOCKLEN_T
2b942fe0 2582
2d16d9a3 2583AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
ddceb1c8 2584
777ece68 2585AC_CHECK_TYPES(in_addr_t,,,
2586[#include <sys/types.h>
2587#include <netinet/in.h>])
7b578f7d 2588
58d100bf 2589AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2590 AC_TRY_COMPILE(
2591 [
18ba2aab 2592#include <sys/types.h>
58d100bf 2593 ],
2594 [ size_t foo; foo = 1235; ],
2595 [ ac_cv_have_size_t="yes" ],
2596 [ ac_cv_have_size_t="no" ]
2597 )
2598])
2599if test "x$ac_cv_have_size_t" = "xyes" ; then
3466e002 2600 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
58d100bf 2601fi
ea1970a3 2602
c04f75f1 2603AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2604 AC_TRY_COMPILE(
2605 [
2606#include <sys/types.h>
2607 ],
2608 [ ssize_t foo; foo = 1235; ],
2609 [ ac_cv_have_ssize_t="yes" ],
2610 [ ac_cv_have_ssize_t="no" ]
2611 )
2612])
2613if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3466e002 2614 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
c04f75f1 2615fi
2616
f1c4659d 2617AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2618 AC_TRY_COMPILE(
2619 [
2620#include <time.h>
2621 ],
2622 [ clock_t foo; foo = 1235; ],
2623 [ ac_cv_have_clock_t="yes" ],
2624 [ ac_cv_have_clock_t="no" ]
2625 )
2626])
2627if test "x$ac_cv_have_clock_t" = "xyes" ; then
3466e002 2628 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
f1c4659d 2629fi
2630
1c04b088 2631AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2632 AC_TRY_COMPILE(
2633 [
2634#include <sys/types.h>
2635#include <sys/socket.h>
2636 ],
2637 [ sa_family_t foo; foo = 1235; ],
2638 [ ac_cv_have_sa_family_t="yes" ],
77bb0bca 2639 [ AC_TRY_COMPILE(
2640 [
2641#include <sys/types.h>
2642#include <sys/socket.h>
2643#include <netinet/in.h>
2644 ],
2645 [ sa_family_t foo; foo = 1235; ],
2646 [ ac_cv_have_sa_family_t="yes" ],
2647
1c04b088 2648 [ ac_cv_have_sa_family_t="no" ]
77bb0bca 2649 )]
1c04b088 2650 )
2651])
2652if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3466e002 2653 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2654 [define if you have sa_family_t data type])
1c04b088 2655fi
2656
729bfe59 2657AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2658 AC_TRY_COMPILE(
2659 [
2660#include <sys/types.h>
2661 ],
2662 [ pid_t foo; foo = 1235; ],
2663 [ ac_cv_have_pid_t="yes" ],
2664 [ ac_cv_have_pid_t="no" ]
2665 )
2666])
2667if test "x$ac_cv_have_pid_t" = "xyes" ; then
3466e002 2668 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
729bfe59 2669fi
2670
2671AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2672 AC_TRY_COMPILE(
2673 [
2674#include <sys/types.h>
2675 ],
2676 [ mode_t foo; foo = 1235; ],
2677 [ ac_cv_have_mode_t="yes" ],
2678 [ ac_cv_have_mode_t="no" ]
2679 )
2680])
2681if test "x$ac_cv_have_mode_t" = "xyes" ; then
3466e002 2682 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
729bfe59 2683fi
2684
e3a93db0 2685
58d100bf 2686AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2687 AC_TRY_COMPILE(
2688 [
18ba2aab 2689#include <sys/types.h>
2690#include <sys/socket.h>
58d100bf 2691 ],
2692 [ struct sockaddr_storage s; ],
2693 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2694 [ ac_cv_have_struct_sockaddr_storage="no" ]
2695 )
2696])
2697if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3466e002 2698 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2699 [define if you have struct sockaddr_storage data type])
58d100bf 2700fi
48e671d5 2701
58d100bf 2702AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2703 AC_TRY_COMPILE(
2704 [
cbd7492e 2705#include <sys/types.h>
58d100bf 2706#include <netinet/in.h>
2707 ],
2708 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2709 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2710 [ ac_cv_have_struct_sockaddr_in6="no" ]
2711 )
2712])
2713if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3466e002 2714 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2715 [define if you have struct sockaddr_in6 data type])
58d100bf 2716fi
48e671d5 2717
58d100bf 2718AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2719 AC_TRY_COMPILE(
2720 [
cbd7492e 2721#include <sys/types.h>
58d100bf 2722#include <netinet/in.h>
2723 ],
2724 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2725 [ ac_cv_have_struct_in6_addr="yes" ],
2726 [ ac_cv_have_struct_in6_addr="no" ]
2727 )
2728])
2729if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3466e002 2730 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2731 [define if you have struct in6_addr data type])
58d100bf 2732fi
48e671d5 2733
58d100bf 2734AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2735 AC_TRY_COMPILE(
2736 [
18ba2aab 2737#include <sys/types.h>
2738#include <sys/socket.h>
2739#include <netdb.h>
58d100bf 2740 ],
2741 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2742 [ ac_cv_have_struct_addrinfo="yes" ],
2743 [ ac_cv_have_struct_addrinfo="no" ]
2744 )
2745])
2746if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3466e002 2747 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2748 [define if you have struct addrinfo data type])
58d100bf 2749fi
2750
89c7e31c 2751AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2752 AC_TRY_COMPILE(
aff51935 2753 [ #include <sys/time.h> ],
2754 [ struct timeval tv; tv.tv_sec = 1;],
89c7e31c 2755 [ ac_cv_have_struct_timeval="yes" ],
2756 [ ac_cv_have_struct_timeval="no" ]
2757 )
2758])
2759if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3466e002 2760 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
89c7e31c 2761 have_struct_timeval=1
2762fi
2763
5271b55c 2764AC_CHECK_TYPES(struct timespec)
2765
85abc74b 2766# We need int64_t or else certian parts of the compile will fail.
4b492aab 2767if test "x$ac_cv_have_int64_t" = "xno" && \
2768 test "x$ac_cv_sizeof_long_int" != "x8" && \
2769 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
85abc74b 2770 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2771 echo "an alternative compiler (I.E., GCC) before continuing."
2772 echo ""
2773 exit 1;
733cf7f4 2774else
2775dnl test snprintf (broken on SCO w/gcc)
1a01a50c 2776 AC_RUN_IFELSE(
479cece8 2777 [AC_LANG_SOURCE([[
733cf7f4 2778#include <stdio.h>
2779#include <string.h>
2780#ifdef HAVE_SNPRINTF
2781main()
2782{
2783 char buf[50];
2784 char expected_out[50];
2785 int mazsize = 50 ;
2786#if (SIZEOF_LONG_INT == 8)
2787 long int num = 0x7fffffffffffffff;
2788#else
763a1a18 2789 long long num = 0x7fffffffffffffffll;
733cf7f4 2790#endif
2791 strcpy(expected_out, "9223372036854775807");
2792 snprintf(buf, mazsize, "%lld", num);
2793 if(strcmp(buf, expected_out) != 0)
aff51935 2794 exit(1);
733cf7f4 2795 exit(0);
2796}
2797#else
2798main() { exit(0); }
2799#endif
479cece8 2800 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
1a01a50c 2801 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
733cf7f4 2802 )
2c523de9 2803fi
2804
77bb0bca 2805dnl Checks for structure members
58d100bf 2806OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2807OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2808OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2809OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2810OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
25422c70 2811OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
58d100bf 2812OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2813OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
daaff4d5 2814OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
58d100bf 2815OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2816OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2817OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2818OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1d7b9b20 2819OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2820OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2821OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2822OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
98a7c37b 2823
2824AC_CHECK_MEMBERS([struct stat.st_blksize])
ccc45ee0 2825AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2826 [Define if we don't have struct __res_state in resolv.h])],
2827[
2828#include <stdio.h>
2829#if HAVE_SYS_TYPES_H
2830# include <sys/types.h>
2831#endif
2832#include <netinet/in.h>
2833#include <arpa/nameser.h>
2834#include <resolv.h>
2835])
1d7b9b20 2836
58d100bf 2837AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2838 ac_cv_have_ss_family_in_struct_ss, [
2839 AC_TRY_COMPILE(
2840 [
18ba2aab 2841#include <sys/types.h>
2842#include <sys/socket.h>
58d100bf 2843 ],
2844 [ struct sockaddr_storage s; s.ss_family = 1; ],
2845 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2846 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2847 )
2848])
2849if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3466e002 2850 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
58d100bf 2851fi
2852
58d100bf 2853AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2854 ac_cv_have___ss_family_in_struct_ss, [
2855 AC_TRY_COMPILE(
2856 [
18ba2aab 2857#include <sys/types.h>
2858#include <sys/socket.h>
58d100bf 2859 ],
2860 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2861 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2862 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2863 )
2864])
2865if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3466e002 2866 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2867 [Fields in struct sockaddr_storage])
58d100bf 2868fi
2869
2e73a022 2870AC_CACHE_CHECK([for pw_class field in struct passwd],
2871 ac_cv_have_pw_class_in_struct_passwd, [
2872 AC_TRY_COMPILE(
2873 [
2e73a022 2874#include <pwd.h>
2875 ],
97994d32 2876 [ struct passwd p; p.pw_class = 0; ],
2e73a022 2877 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2878 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2879 )
2880])
2881if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3466e002 2882 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2883 [Define if your password has a pw_class field])
2e73a022 2884fi
2885
7751d4eb 2886AC_CACHE_CHECK([for pw_expire field in struct passwd],
2887 ac_cv_have_pw_expire_in_struct_passwd, [
2888 AC_TRY_COMPILE(
2889 [
2890#include <pwd.h>
2891 ],
2892 [ struct passwd p; p.pw_expire = 0; ],
2893 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2894 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2895 )
2896])
2897if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3466e002 2898 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2899 [Define if your password has a pw_expire field])
7751d4eb 2900fi
2901
2902AC_CACHE_CHECK([for pw_change field in struct passwd],
2903 ac_cv_have_pw_change_in_struct_passwd, [
2904 AC_TRY_COMPILE(
2905 [
2906#include <pwd.h>
2907 ],
2908 [ struct passwd p; p.pw_change = 0; ],
2909 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2910 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2911 )
2912])
2913if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3466e002 2914 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2915 [Define if your password has a pw_change field])
7751d4eb 2916fi
58d100bf 2917
637f9177 2918dnl make sure we're using the real structure members and not defines
6f34652e 2919AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2920 ac_cv_have_accrights_in_msghdr, [
1a01a50c 2921 AC_COMPILE_IFELSE(
6f34652e 2922 [
f95c8ce8 2923#include <sys/types.h>
6f34652e 2924#include <sys/socket.h>
2925#include <sys/uio.h>
637f9177 2926int main() {
2927#ifdef msg_accrights
1a01a50c 2928#error "msg_accrights is a macro"
637f9177 2929exit(1);
2930#endif
2931struct msghdr m;
2932m.msg_accrights = 0;
2933exit(0);
2934}
6f34652e 2935 ],
6f34652e 2936 [ ac_cv_have_accrights_in_msghdr="yes" ],
2937 [ ac_cv_have_accrights_in_msghdr="no" ]
2938 )
2939])
2940if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3466e002 2941 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2942 [Define if your system uses access rights style
2943 file descriptor passing])
6f34652e 2944fi
2945
7176df4f 2946AC_CACHE_CHECK([for msg_control field in struct msghdr],
2947 ac_cv_have_control_in_msghdr, [
1a01a50c 2948 AC_COMPILE_IFELSE(
7176df4f 2949 [
f95c8ce8 2950#include <sys/types.h>
7176df4f 2951#include <sys/socket.h>
2952#include <sys/uio.h>
637f9177 2953int main() {
2954#ifdef msg_control
1a01a50c 2955#error "msg_control is a macro"
637f9177 2956exit(1);
2957#endif
2958struct msghdr m;
2959m.msg_control = 0;
2960exit(0);
2961}
7176df4f 2962 ],
7176df4f 2963 [ ac_cv_have_control_in_msghdr="yes" ],
2964 [ ac_cv_have_control_in_msghdr="no" ]
2965 )
2966])
2967if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3466e002 2968 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2969 [Define if your system uses ancillary data style
2970 file descriptor passing])
7176df4f 2971fi
2972
58d100bf 2973AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
aff51935 2974 AC_TRY_LINK([],
2975 [ extern char *__progname; printf("%s", __progname); ],
58d100bf 2976 [ ac_cv_libc_defines___progname="yes" ],
2977 [ ac_cv_libc_defines___progname="no" ]
2978 )
2979])
2980if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3466e002 2981 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
58d100bf 2982fi
8946db53 2983
c921ee00 2984AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2985 AC_TRY_LINK([
2986#include <stdio.h>
aff51935 2987],
2988 [ printf("%s", __FUNCTION__); ],
c921ee00 2989 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2990 [ ac_cv_cc_implements___FUNCTION__="no" ]
2991 )
2992])
2993if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3466e002 2994 AC_DEFINE(HAVE___FUNCTION__, 1,
2995 [Define if compiler implements __FUNCTION__])
c921ee00 2996fi
2997
2998AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2999 AC_TRY_LINK([
3000#include <stdio.h>
aff51935 3001],
3002 [ printf("%s", __func__); ],
c921ee00 3003 [ ac_cv_cc_implements___func__="yes" ],
3004 [ ac_cv_cc_implements___func__="no" ]
3005 )
3006])
3007if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3466e002 3008 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
c921ee00 3009fi
3010
9a406e1e 3011AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3012 AC_TRY_LINK(
3013 [#include <stdarg.h>
3014 va_list x,y;],
3015 [va_copy(x,y);],
3016 [ ac_cv_have_va_copy="yes" ],
3017 [ ac_cv_have_va_copy="no" ]
3018 )
3019])
3020if test "x$ac_cv_have_va_copy" = "xyes" ; then
3021 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3022fi
3023
3024AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3025 AC_TRY_LINK(
3026 [#include <stdarg.h>
3027 va_list x,y;],
3028 [__va_copy(x,y);],
3029 [ ac_cv_have___va_copy="yes" ],
3030 [ ac_cv_have___va_copy="no" ]
3031 )
3032])
3033if test "x$ac_cv_have___va_copy" = "xyes" ; then
3034 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3035fi
3036
1812a662 3037AC_CACHE_CHECK([whether getopt has optreset support],
3038 ac_cv_have_getopt_optreset, [
3039 AC_TRY_LINK(
3040 [
3041#include <getopt.h>
3042 ],
3043 [ extern int optreset; optreset = 0; ],
3044 [ ac_cv_have_getopt_optreset="yes" ],
3045 [ ac_cv_have_getopt_optreset="no" ]
3046 )
3047])
3048if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3466e002 3049 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3050 [Define if your getopt(3) defines and uses optreset])
1812a662 3051fi
a0391976 3052
819b676f 3053AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
aff51935 3054 AC_TRY_LINK([],
3055 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
819b676f 3056 [ ac_cv_libc_defines_sys_errlist="yes" ],
3057 [ ac_cv_libc_defines_sys_errlist="no" ]
3058 )
3059])
3060if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3466e002 3061 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3062 [Define if your system defines sys_errlist[]])
819b676f 3063fi
3064
3065
416ed5a7 3066AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
aff51935 3067 AC_TRY_LINK([],
3068 [ extern int sys_nerr; printf("%i", sys_nerr);],
416ed5a7 3069 [ ac_cv_libc_defines_sys_nerr="yes" ],
3070 [ ac_cv_libc_defines_sys_nerr="no" ]
3071 )
3072])
3073if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3466e002 3074 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
416ed5a7 3075fi
3076
aff51935 3077SCARD_MSG="no"
295c8801 3078# Check whether user wants sectok support
3079AC_ARG_WITH(sectok,
3080 [ --with-sectok Enable smartcard support using libsectok],
d0b19c95 3081 [
3082 if test "x$withval" != "xno" ; then
3083 if test "x$withval" != "xyes" ; then
3084 CPPFLAGS="$CPPFLAGS -I${withval}"
3085 LDFLAGS="$LDFLAGS -L${withval}"
3086 if test ! -z "$need_dash_r" ; then
3087 LDFLAGS="$LDFLAGS -R${withval}"
3088 fi
3089 if test ! -z "$blibpath" ; then
3090 blibpath="$blibpath:${withval}"
3091 fi
3092 fi
3093 AC_CHECK_HEADERS(sectok.h)
3094 if test "$ac_cv_header_sectok_h" != yes; then
3095 AC_MSG_ERROR(Can't find sectok.h)
3096 fi
3097 AC_CHECK_LIB(sectok, sectok_open)
3098 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3099 AC_MSG_ERROR(Can't find libsectok)
3100 fi
3466e002 3101 AC_DEFINE(SMARTCARD, 1,
3102 [Define if you want smartcard support])
3103 AC_DEFINE(USE_SECTOK, 1,
3104 [Define if you want smartcard support
3105 using sectok])
aff51935 3106 SCARD_MSG="yes, using sectok"
295c8801 3107 fi
3108 ]
3109)
3110
3111# Check whether user wants OpenSC support
987b458f 3112OPENSC_CONFIG="no"
295c8801 3113AC_ARG_WITH(opensc,
e47fb473 3114 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
987b458f 3115 [
3116 if test "x$withval" != "xno" ; then
3117 if test "x$withval" != "xyes" ; then
3118 OPENSC_CONFIG=$withval/bin/opensc-config
3119 else
3120 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3121 fi
3122 if test "$OPENSC_CONFIG" != "no"; then
3123 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3124 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3125 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
530456f4 3126 LIBS="$LIBS $LIBOPENSC_LIBS"
987b458f 3127 AC_DEFINE(SMARTCARD)
3466e002 3128 AC_DEFINE(USE_OPENSC, 1,
3129 [Define if you want smartcard support
3130 using OpenSC])
987b458f 3131 SCARD_MSG="yes, using OpenSC"
3132 fi
3133 fi
3134 ]
3135)
d0b19c95 3136
c31dc31c 3137# Check libraries needed by DNS fingerprint support
aff51935 3138AC_SEARCH_LIBS(getrrsetbyname, resolv,
3466e002 3139 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3140 [Define if getrrsetbyname() exists])],
3e05e934 3141 [
c31dc31c 3142 # Needed by our getrrsetbyname()
3143 AC_SEARCH_LIBS(res_query, resolv)
3144 AC_SEARCH_LIBS(dn_expand, resolv)
dabb524a 3145 AC_MSG_CHECKING(if res_query will link)
3146 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3147 [AC_MSG_RESULT(no)
3148 saved_LIBS="$LIBS"
3149 LIBS="$LIBS -lresolv"
3150 AC_MSG_CHECKING(for res_query in -lresolv)
3151 AC_LINK_IFELSE([
3152#include <resolv.h>
3153int main()
3154{
3155 res_query (0, 0, 0, 0, 0);
3156 return 0;
3157}
3158 ],
3159 [LIBS="$LIBS -lresolv"
3160 AC_MSG_RESULT(yes)],
3161 [LIBS="$saved_LIBS"
3162 AC_MSG_RESULT(no)])
3163 ])
c31dc31c 3164 AC_CHECK_FUNCS(_getshort _getlong)
1c829da5 3165 AC_CHECK_DECLS([_getshort, _getlong], , ,
b5765e1d 3166 [#include <sys/types.h>
3167 #include <arpa/nameser.h>])
c31dc31c 3168 AC_CHECK_MEMBER(HEADER.ad,
3466e002 3169 [AC_DEFINE(HAVE_HEADER_AD, 1,
3170 [Define if HEADER.ad exists in arpa/nameser.h])],,
c31dc31c 3171 [#include <arpa/nameser.h>])
3172 ])
3e05e934 3173
560acf80 3174AC_MSG_CHECKING(if struct __res_state _res is an extern)
3175AC_LINK_IFELSE([
3176#include <stdio.h>
3177#if HAVE_SYS_TYPES_H
3178# include <sys/types.h>
3179#endif
3180#include <netinet/in.h>
3181#include <arpa/nameser.h>
3182#include <resolv.h>
3183extern struct __res_state _res;
3184int main() { return 0; }
3185 ],
3186 [AC_MSG_RESULT(yes)
3187 AC_DEFINE(HAVE__RES_EXTERN, 1,
3188 [Define if you have struct __res_state _res as an extern])
3189 ],
3190 [ AC_MSG_RESULT(no) ]
3191)
3192
ef4d1846 3193# Check whether user wants SELinux support
3194SELINUX_MSG="no"
3195LIBSELINUX=""
3196AC_ARG_WITH(selinux,
3197 [ --with-selinux Enable SELinux support],
3198 [ if test "x$withval" != "xno" ; then
e54defb4 3199 save_LIBS="$LIBS"
ef4d1846 3200 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3201 SELINUX_MSG="yes"
3202 AC_CHECK_HEADER([selinux/selinux.h], ,
3203 AC_MSG_ERROR(SELinux support requires selinux.h header))
3204 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3205 AC_MSG_ERROR(SELinux support requires libselinux library))
e54defb4 3206 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
ef4d1846 3207 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
5ba277eb 3208 LIBS="$save_LIBS"
ef4d1846 3209 fi ]
3210)
ef4d1846 3211
12928e80 3212# Check whether user wants Kerberos 5 support
aff51935 3213KRB5_MSG="no"
12928e80 3214AC_ARG_WITH(kerberos5,
aff51935 3215 [ --with-kerberos5=PATH Enable Kerberos 5 support],
5585c441 3216 [ if test "x$withval" != "xno" ; then
3217 if test "x$withval" = "xyes" ; then
3218 KRB5ROOT="/usr/local"
3219 else
3220 KRB5ROOT=${withval}
3221 fi
3222
3466e002 3223 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
5585c441 3224 KRB5_MSG="yes"
3225
3226 AC_MSG_CHECKING(for krb5-config)
3227 if test -x $KRB5ROOT/bin/krb5-config ; then
3228 KRB5CONF=$KRB5ROOT/bin/krb5-config
3229 AC_MSG_RESULT($KRB5CONF)
3230
3231 AC_MSG_CHECKING(for gssapi support)
3232 if $KRB5CONF | grep gssapi >/dev/null ; then
3233 AC_MSG_RESULT(yes)
3466e002 3234 AC_DEFINE(GSSAPI, 1,
3235 [Define this if you want GSSAPI
3236 support in the version 2 protocol])
071970fb 3237 k5confopts=gssapi
aff51935 3238 else
5585c441 3239 AC_MSG_RESULT(no)
071970fb 3240 k5confopts=""
aff51935 3241 fi
071970fb 3242 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3243 K5LIBS="`$KRB5CONF --libs $k5confopts`"
5585c441 3244 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
5585c441 3245 AC_MSG_CHECKING(whether we are using Heimdal)
3246 AC_TRY_COMPILE([ #include <krb5.h> ],
3247 [ char *tmp = heimdal_version; ],
3248 [ AC_MSG_RESULT(yes)
3466e002 3249 AC_DEFINE(HEIMDAL, 1,
3250 [Define this if you are using the
3251 Heimdal version of Kerberos V5]) ],
5585c441 3252 AC_MSG_RESULT(no)
3253 )
3254 else
3255 AC_MSG_RESULT(no)
12928e80 3256 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
aff51935 3257 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
aff51935 3258 AC_MSG_CHECKING(whether we are using Heimdal)
3259 AC_TRY_COMPILE([ #include <krb5.h> ],
3260 [ char *tmp = heimdal_version; ],
3261 [ AC_MSG_RESULT(yes)
3262 AC_DEFINE(HEIMDAL)
41707f74 3263 K5LIBS="-lkrb5 -ldes"
3264 K5LIBS="$K5LIBS -lcom_err -lasn1"
82f4e93d 3265 AC_CHECK_LIB(roken, net_write,
41707f74 3266 [K5LIBS="$K5LIBS -lroken"])
aff51935 3267 ],
3268 [ AC_MSG_RESULT(no)
3269 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3270 ]
3271 )
4e00038c 3272 AC_SEARCH_LIBS(dn_expand, resolv)
12928e80 3273
749560dd 3274 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3275 [ AC_DEFINE(GSSAPI)
3276 K5LIBS="-lgssapi $K5LIBS" ],
3277 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3278 [ AC_DEFINE(GSSAPI)
aff51935 3279 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
749560dd 3280 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3281 $K5LIBS)
3282 ],
3283 $K5LIBS)
82f4e93d 3284
749560dd 3285 AC_CHECK_HEADER(gssapi.h, ,
3286 [ unset ac_cv_header_gssapi_h
aff51935 3287 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
749560dd 3288 AC_CHECK_HEADERS(gssapi.h, ,
3289 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
aff51935 3290 )
749560dd 3291 ]
3292 )
3293
3294 oldCPP="$CPPFLAGS"
3295 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3296 AC_CHECK_HEADER(gssapi_krb5.h, ,
3297 [ CPPFLAGS="$oldCPP" ])
3298
aff51935 3299 fi
5585c441 3300 if test ! -z "$need_dash_r" ; then
3301 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3302 fi
3303 if test ! -z "$blibpath" ; then
3304 blibpath="$blibpath:${KRB5ROOT}/lib"
3305 fi
071970fb 3306
f5555364 3307 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3308 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3309 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
071970fb 3310
f5555364 3311 LIBS="$LIBS $K5LIBS"
3466e002 3312 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3313 [Define this if you want to use libkafs' AFS support]))
f5555364 3314 fi
071970fb 3315 ]
12928e80 3316)
b5b68128 3317
a0391976 3318# Looking for programs, paths and files
a0391976 3319
ecac8ee5 3320PRIVSEP_PATH=/var/empty
3321AC_ARG_WITH(privsep-path,
cda1ebcb 3322 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
ecac8ee5 3323 [
6cf0200f 3324 if test -n "$withval" && test "x$withval" != "xno" && \
3325 test "x${withval}" != "xyes"; then
ecac8ee5 3326 PRIVSEP_PATH=$withval
3327 fi
3328 ]
3329)
3330AC_SUBST(PRIVSEP_PATH)
3331
a0391976 3332AC_ARG_WITH(xauth,
3333 [ --with-xauth=PATH Specify path to xauth program ],
3334 [
6cf0200f 3335 if test -n "$withval" && test "x$withval" != "xno" && \
3336 test "x${withval}" != "xyes"; then
cbd7492e 3337 xauth_path=$withval
a0391976 3338 fi
3339 ],
3340 [
2bf42e4a 3341 TestPath="$PATH"
3342 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3343 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3344 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3345 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3346 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
e5fe9a1f 3347 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
a0391976 3348 xauth_path="/usr/openwin/bin/xauth"
3349 fi
3350 ]
3351)
3352
65a4b4af 3353STRIP_OPT=-s
3354AC_ARG_ENABLE(strip,
3355 [ --disable-strip Disable calling strip(1) on install],
3356 [
3357 if test "x$enableval" = "xno" ; then
3358 STRIP_OPT=
3359 fi
3360 ]
3361)
3362AC_SUBST(STRIP_OPT)
3363
b3ec54b4 3364if test -z "$xauth_path" ; then
3365 XAUTH_PATH="undefined"
3366 AC_SUBST(XAUTH_PATH)
3367else
3466e002 3368 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3369 [Define if xauth is found in your path])
b3ec54b4 3370 XAUTH_PATH=$xauth_path
3371 AC_SUBST(XAUTH_PATH)
a0391976 3372fi
a0391976 3373
3374# Check for mail directory (last resort if we cannot get it from headers)
3375if test ! -z "$MAIL" ; then
3376 maildir=`dirname $MAIL`
3466e002 3377 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3378 [Set this to your mail directory if you don't have maillock.h])
a0391976 3379fi
3380
479cece8 3381if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
1a01a50c 3382 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3383 disable_ptmx_check=yes
3384fi
a0391976 3385if test -z "$no_dev_ptmx" ; then
6e879cb4 3386 if test "x$disable_ptmx_check" != "xyes" ; then
aff51935 3387 AC_CHECK_FILE("/dev/ptmx",
6e879cb4 3388 [
3466e002 3389 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3390 [Define if you have /dev/ptmx])
6e879cb4 3391 have_dev_ptmx=1
3392 ]
3393 )
3394 fi
3276571c 3395fi
1a01a50c 3396
479cece8 3397if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
1a01a50c 3398 AC_CHECK_FILE("/dev/ptc",
3399 [
3466e002 3400 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3401 [Define if you have /dev/ptc])
1a01a50c 3402 have_dev_ptc=1
3403 ]
3404 )
3405else
3406 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3407fi
3276571c 3408
a0391976 3409# Options from here on. Some of these are preset by platform above
fdf6b7aa 3410AC_ARG_WITH(mantype,
5d97cfbf 3411 [ --with-mantype=man|cat|doc Set man page type],
c54a6257 3412 [
5d97cfbf 3413 case "$withval" in
3414 man|cat|doc)
3415 MANTYPE=$withval
3416 ;;
3417 *)
3418 AC_MSG_ERROR(invalid man type: $withval)
3419 ;;
3420 esac
c54a6257 3421 ]
3422)
e0c4d3ac 3423if test -z "$MANTYPE"; then
2bf42e4a 3424 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3425 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
e0c4d3ac 3426 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3427 MANTYPE=doc
3428 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3429 MANTYPE=man
3430 else
3431 MANTYPE=cat
3432 fi
3433fi
c54a6257 3434AC_SUBST(MANTYPE)
e0c4d3ac 3435if test "$MANTYPE" = "doc"; then
3436 mansubdir=man;
3437else
3438 mansubdir=$MANTYPE;
3439fi
3440AC_SUBST(mansubdir)
0bc5b6fb 3441
a0391976 3442# Check whether to enable MD5 passwords
aff51935 3443MD5_MSG="no"
2ddcfdf3 3444AC_ARG_WITH(md5-passwords,
caf3bc51 3445 [ --with-md5-passwords Enable use of MD5 passwords],
0bc5b6fb 3446 [
bcf36c78 3447 if test "x$withval" != "xno" ; then
3466e002 3448 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3449 [Define if you want to allow MD5 passwords])
aff51935 3450 MD5_MSG="yes"
0bc5b6fb 3451 fi
3452 ]
caf3bc51 3453)
3454
a0391976 3455# Whether to disable shadow password support
a7effaac 3456AC_ARG_WITH(shadow,
3457 [ --without-shadow Disable shadow password support],
3458 [
82f4e93d 3459 if test "x$withval" = "xno" ; then
a7effaac 3460 AC_DEFINE(DISABLE_SHADOW)
4cb5ffa0 3461 disable_shadow=yes
a7effaac 3462 fi
3463 ]
3464)
3465
4cb5ffa0 3466if test -z "$disable_shadow" ; then
3467 AC_MSG_CHECKING([if the systems has expire shadow information])
3468 AC_TRY_COMPILE(
3469 [
3470#include <sys/types.h>
3471#include <shadow.h>
3472 struct spwd sp;
3473 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3474 [ sp_expire_available=yes ], []
3475 )
3476
3477 if test "x$sp_expire_available" = "xyes" ; then
3478 AC_MSG_RESULT(yes)
3466e002 3479 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3480 [Define if you want to use shadow password expire field])
4cb5ffa0 3481 else
3482 AC_MSG_RESULT(no)
3483 fi
3484fi
3485
a0391976 3486# Use ip address instead of hostname in $DISPLAY
44839801 3487if test ! -z "$IPADDR_IN_DISPLAY" ; then
3488 DISPLAY_HACK_MSG="yes"
3466e002 3489 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3490 [Define if you need to use IP address
3491 instead of hostname in $DISPLAY])
44839801 3492else
aff51935 3493 DISPLAY_HACK_MSG="no"
44839801 3494 AC_ARG_WITH(ipaddr-display,
3495 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3496 [
82f4e93d 3497 if test "x$withval" != "xno" ; then
44839801 3498 AC_DEFINE(IPADDR_IN_DISPLAY)
aff51935 3499 DISPLAY_HACK_MSG="yes"
44839801 3500 fi
3501 ]
3502 )
3503fi
a7effaac 3504
95b99395 3505# check for /etc/default/login and use it if present.
daa41e62 3506AC_ARG_ENABLE(etc-default-login,
6ff3d0dc 3507 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
694d0cef 3508 [ if test "x$enableval" = "xno"; then
3509 AC_MSG_NOTICE([/etc/default/login handling disabled])
3510 etc_default_login=no
3511 else
3512 etc_default_login=yes
3513 fi ],
b0e7249f 3514 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3515 then
3516 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3517 etc_default_login=no
3518 else
3519 etc_default_login=yes
3520 fi ]
694d0cef 3521)
95b99395 3522
694d0cef 3523if test "x$etc_default_login" != "xno"; then
3524 AC_CHECK_FILE("/etc/default/login",
3525 [ external_path_file=/etc/default/login ])
b0e7249f 3526 if test "x$external_path_file" = "x/etc/default/login"; then
3466e002 3527 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3528 [Define if your system has /etc/default/login])
1a01a50c 3529 fi
694d0cef 3530fi
95b99395 3531
8d184c09 3532dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4b492aab 3533if test $ac_cv_func_login_getcapbool = "yes" && \
3534 test $ac_cv_header_login_cap_h = "yes" ; then
95b99395 3535 external_path_file=/etc/login.conf
8d184c09 3536fi
95b99395 3537
a0391976 3538# Whether to mess with the default path
aff51935 3539SERVER_PATH_MSG="(default)"
c43d69a9 3540AC_ARG_WITH(default-path,
75817f90 3541 [ --with-default-path= Specify default \$PATH environment for server],
cb807f40 3542 [
95b99395 3543 if test "x$external_path_file" = "x/etc/login.conf" ; then
8d184c09 3544 AC_MSG_WARN([
3545--with-default-path=PATH has no effect on this system.
3546Edit /etc/login.conf instead.])
82f4e93d 3547 elif test "x$withval" != "xno" ; then
89bbd457 3548 if test ! -z "$external_path_file" ; then
95b99395 3549 AC_MSG_WARN([
3550--with-default-path=PATH will only be used if PATH is not defined in
3551$external_path_file .])
3552 fi
b2d818e6 3553 user_path="$withval"
aff51935 3554 SERVER_PATH_MSG="$withval"
cb807f40 3555 fi
b2d818e6 3556 ],
95b99395 3557 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3558 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
8d184c09 3559 else
89bbd457 3560 if test ! -z "$external_path_file" ; then
95b99395 3561 AC_MSG_WARN([
3562If PATH is defined in $external_path_file, ensure the path to scp is included,
3563otherwise scp will not work.])
3564 fi
b0e7249f 3565 AC_RUN_IFELSE(
3566 [AC_LANG_SOURCE([[
b2d818e6 3567/* find out what STDPATH is */
3568#include <stdio.h>
b2d818e6 3569#ifdef HAVE_PATHS_H
3570# include <paths.h>
3571#endif
3572#ifndef _PATH_STDPATH
d9a4e55b 3573# ifdef _PATH_USERPATH /* Irix */
3574# define _PATH_STDPATH _PATH_USERPATH
3575# else
3576# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3577# endif
b2d818e6 3578#endif
3579#include <sys/types.h>
3580#include <sys/stat.h>
3581#include <fcntl.h>
3582#define DATA "conftest.stdpath"
3583
3584main()
3585{
3586 FILE *fd;
3587 int rc;
82f4e93d 3588
b2d818e6 3589 fd = fopen(DATA,"w");
3590 if(fd == NULL)
3591 exit(1);
82f4e93d 3592
b2d818e6 3593 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3594 exit(1);
3595
3596 exit(0);
3597}
b0e7249f 3598 ]])],
3599 [ user_path=`cat conftest.stdpath` ],
b2d818e6 3600 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3601 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3602 )
3603# make sure $bindir is in USER_PATH so scp will work
3604 t_bindir=`eval echo ${bindir}`
3605 case $t_bindir in
3606 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3607 esac
3608 case $t_bindir in
3609 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3610 esac
3611 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3612 if test $? -ne 0 ; then
3613 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3614 if test $? -ne 0 ; then
3615 user_path=$user_path:$t_bindir
3616 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3617 fi
3618 fi
8d184c09 3619 fi ]
cb807f40 3620)
95b99395 3621if test "x$external_path_file" != "x/etc/login.conf" ; then
3466e002 3622 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
8d184c09 3623 AC_SUBST(user_path)
3624fi
cb807f40 3625
06617857 3626# Set superuser path separately to user path
06617857 3627AC_ARG_WITH(superuser-path,
3628 [ --with-superuser-path= Specify different path for super-user],
3629 [
6cf0200f 3630 if test -n "$withval" && test "x$withval" != "xno" && \
3631 test "x${withval}" != "xyes"; then
3466e002 3632 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3633 [Define if you want a different $PATH
3634 for the superuser])
06617857 3635 superuser_path=$withval
3636 fi
3637 ]
3638)
3639
3640
58d100bf 3641AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
aff51935 3642IPV4_IN6_HACK_MSG="no"
80faa19f 3643AC_ARG_WITH(4in6,
3644 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3645 [
3646 if test "x$withval" != "xno" ; then
3647 AC_MSG_RESULT(yes)
3466e002 3648 AC_DEFINE(IPV4_IN_IPV6, 1,
3649 [Detect IPv4 in IPv6 mapped addresses
3650 and treat as IPv4])
aff51935 3651 IPV4_IN6_HACK_MSG="yes"
80faa19f 3652 else
3653 AC_MSG_RESULT(no)
3654 fi
3655 ],[
3656 if test "x$inet6_default_4in6" = "xyes"; then
3657 AC_MSG_RESULT([yes (default)])
3658 AC_DEFINE(IPV4_IN_IPV6)
aff51935 3659 IPV4_IN6_HACK_MSG="yes"
80faa19f 3660 else
3661 AC_MSG_RESULT([no (default)])
3662 fi
3663 ]
3664)
3665
af774732 3666# Whether to enable BSD auth support
f1b0ecc3 3667BSD_AUTH_MSG=no
af774732 3668AC_ARG_WITH(bsd-auth,
3669 [ --with-bsd-auth Enable BSD auth support],
3670 [
82f4e93d 3671 if test "x$withval" != "xno" ; then
3466e002 3672 AC_DEFINE(BSD_AUTH, 1,
3673 [Define if you have BSD auth support])
f1b0ecc3 3674 BSD_AUTH_MSG=yes
af774732 3675 fi
3676 ]
3677)
3678
a0391976 3679# Where to place sshd.pid
19d9ac2a 3680piddir=/var/run
81dadca3 3681# make sure the directory exists
82f4e93d 3682if test ! -d $piddir ; then
81dadca3 3683 piddir=`eval echo ${sysconfdir}`
3684 case $piddir in
aff51935 3685 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
81dadca3 3686 esac
3687fi
3688
47e45e44 3689AC_ARG_WITH(pid-dir,
3690 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3691 [
6cf0200f 3692 if test -n "$withval" && test "x$withval" != "xno" && \
3693 test "x${withval}" != "xyes"; then
19d9ac2a 3694 piddir=$withval
82f4e93d 3695 if test ! -d $piddir ; then
81dadca3 3696 AC_MSG_WARN([** no $piddir directory on this system **])
3697 fi
47e45e44 3698 fi
3699 ]
3700)
b7a87eea 3701
3466e002 3702AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
19d9ac2a 3703AC_SUBST(piddir)
47e45e44 3704
1d7b9b20 3705dnl allow user to disable some login recording features
3706AC_ARG_ENABLE(lastlog,
bfd550a2 3707 [ --disable-lastlog disable use of lastlog even if detected [no]],
ddb154b3 3708 [
3709 if test "x$enableval" = "xno" ; then
3710 AC_DEFINE(DISABLE_LASTLOG)
3711 fi
3712 ]
1d7b9b20 3713)
3714AC_ARG_ENABLE(utmp,
bfd550a2 3715 [ --disable-utmp disable use of utmp even if detected [no]],
ddb154b3 3716 [
3717 if test "x$enableval" = "xno" ; then
3718 AC_DEFINE(DISABLE_UTMP)
3719 fi
3720 ]
1d7b9b20 3721)
3722AC_ARG_ENABLE(utmpx,
bfd550a2 3723 [ --disable-utmpx disable use of utmpx even if detected [no]],
ddb154b3 3724 [
3725 if test "x$enableval" = "xno" ; then
3466e002 3726 AC_DEFINE(DISABLE_UTMPX, 1,
3727 [Define if you don't want to use utmpx])
ddb154b3 3728 fi
3729 ]
1d7b9b20 3730)
3731AC_ARG_ENABLE(wtmp,
bfd550a2 3732 [ --disable-wtmp disable use of wtmp even if detected [no]],
ddb154b3 3733 [
3734 if test "x$enableval" = "xno" ; then
3735 AC_DEFINE(DISABLE_WTMP)
3736 fi
3737 ]
1d7b9b20 3738)
3739AC_ARG_ENABLE(wtmpx,
bfd550a2 3740 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
ddb154b3 3741 [
3742 if test "x$enableval" = "xno" ; then
3466e002 3743 AC_DEFINE(DISABLE_WTMPX, 1,
3744 [Define if you don't want to use wtmpx])
ddb154b3 3745 fi
3746 ]
1d7b9b20 3747)
3748AC_ARG_ENABLE(libutil,
bfd550a2 3749 [ --disable-libutil disable use of libutil (login() etc.) [no]],
ddb154b3 3750 [
3751 if test "x$enableval" = "xno" ; then
3752 AC_DEFINE(DISABLE_LOGIN)
3753 fi
3754 ]
1d7b9b20 3755)
3756AC_ARG_ENABLE(pututline,
bfd550a2 3757 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
ddb154b3 3758 [
3759 if test "x$enableval" = "xno" ; then
3466e002 3760 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3761 [Define if you don't want to use pututline()
3762 etc. to write [uw]tmp])
ddb154b3 3763 fi
3764 ]
1d7b9b20 3765)
3766AC_ARG_ENABLE(pututxline,
bfd550a2 3767 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
ddb154b3 3768 [
3769 if test "x$enableval" = "xno" ; then
3466e002 3770 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3771 [Define if you don't want to use pututxline()
3772 etc. to write [uw]tmpx])
ddb154b3 3773 fi
3774 ]
1d7b9b20 3775)
3776AC_ARG_WITH(lastlog,
bfd550a2 3777 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
8c89dd2b 3778 [
82f4e93d 3779 if test "x$withval" = "xno" ; then
8c89dd2b 3780 AC_DEFINE(DISABLE_LASTLOG)
6cf0200f 3781 elif test -n "$withval" && test "x${withval}" != "xyes"; then
8c89dd2b 3782 conf_lastlog_location=$withval
3783 fi
3784 ]
3785)
1d7b9b20 3786
3787dnl lastlog, [uw]tmpx? detection
3788dnl NOTE: set the paths in the platform section to avoid the
3789dnl need for command-line parameters
3790dnl lastlog and [uw]tmp are subject to a file search if all else fails
3791
3792dnl lastlog detection
3793dnl NOTE: the code itself will detect if lastlog is a directory
3794AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3795AC_TRY_COMPILE([
3796#include <sys/types.h>
3797#include <utmp.h>
3798#ifdef HAVE_LASTLOG_H
3799# include <lastlog.h>
3800#endif
d7c0f3d5 3801#ifdef HAVE_PATHS_H
1d7b9b20 3802# include <paths.h>
41cb4569 3803#endif
3804#ifdef HAVE_LOGIN_H
3805# include <login.h>
1d7b9b20 3806#endif
3807 ],
3808 [ char *lastlog = LASTLOG_FILE; ],
3809 [ AC_MSG_RESULT(yes) ],
d7c0f3d5 3810 [
3811 AC_MSG_RESULT(no)
3812 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3813 AC_TRY_COMPILE([
3814#include <sys/types.h>
3815#include <utmp.h>
3816#ifdef HAVE_LASTLOG_H
3817# include <lastlog.h>
3818#endif
3819#ifdef HAVE_PATHS_H
3820# include <paths.h>
3821#endif
3822 ],
3823 [ char *lastlog = _PATH_LASTLOG; ],
3824 [ AC_MSG_RESULT(yes) ],
3825 [
f282b668 3826 AC_MSG_RESULT(no)
d7c0f3d5 3827 system_lastlog_path=no
3828 ])
3829 ]
1d7b9b20 3830)
d7c0f3d5 3831
1d7b9b20 3832if test -z "$conf_lastlog_location"; then
3833 if test x"$system_lastlog_path" = x"no" ; then
3834 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
e5fe9a1f 3835 if (test -d "$f" || test -f "$f") ; then
1d7b9b20 3836 conf_lastlog_location=$f
3837 fi
3838 done
3839 if test -z "$conf_lastlog_location"; then
f8119cef 3840 AC_MSG_WARN([** Cannot find lastlog **])
3841 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
1d7b9b20 3842 fi
3843 fi
3844fi
3845
3846if test -n "$conf_lastlog_location"; then
3466e002 3847 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3848 [Define if you want to specify the path to your lastlog file])
82f4e93d 3849fi
1d7b9b20 3850
3851dnl utmp detection
3852AC_MSG_CHECKING([if your system defines UTMP_FILE])
3853AC_TRY_COMPILE([
3854#include <sys/types.h>
3855#include <utmp.h>
d7c0f3d5 3856#ifdef HAVE_PATHS_H
1d7b9b20 3857# include <paths.h>
3858#endif
3859 ],
3860 [ char *utmp = UTMP_FILE; ],
3861 [ AC_MSG_RESULT(yes) ],
3862 [ AC_MSG_RESULT(no)
3863 system_utmp_path=no ]
3864)
3865if test -z "$conf_utmp_location"; then
3866 if test x"$system_utmp_path" = x"no" ; then
3867 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3868 if test -f $f ; then
3869 conf_utmp_location=$f
3870 fi
3871 done
3872 if test -z "$conf_utmp_location"; then
3873 AC_DEFINE(DISABLE_UTMP)
3874 fi
3875 fi
3876fi
3877if test -n "$conf_utmp_location"; then
3466e002 3878 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3879 [Define if you want to specify the path to your utmp file])
82f4e93d 3880fi
1d7b9b20 3881
3882dnl wtmp detection
3883AC_MSG_CHECKING([if your system defines WTMP_FILE])
3884AC_TRY_COMPILE([
3885#include <sys/types.h>
3886#include <utmp.h>
d7c0f3d5 3887#ifdef HAVE_PATHS_H
1d7b9b20 3888# include <paths.h>
3889#endif
3890 ],
3891 [ char *wtmp = WTMP_FILE; ],
3892 [ AC_MSG_RESULT(yes) ],
3893 [ AC_MSG_RESULT(no)
3894 system_wtmp_path=no ]
3895)
3896if test -z "$conf_wtmp_location"; then
3897 if test x"$system_wtmp_path" = x"no" ; then
3898 for f in /usr/adm/wtmp /var/log/wtmp; do
3899 if test -f $f ; then
3900 conf_wtmp_location=$f
3901 fi
3902 done
3903 if test -z "$conf_wtmp_location"; then
3904 AC_DEFINE(DISABLE_WTMP)
3905 fi
3906 fi
3907fi
3908if test -n "$conf_wtmp_location"; then
3466e002 3909 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3910 [Define if you want to specify the path to your wtmp file])
82f4e93d 3911fi
1d7b9b20 3912
3913
3914dnl utmpx detection - I don't know any system so perverse as to require
3915dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3916dnl there, though.
3917AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3918AC_TRY_COMPILE([
3919#include <sys/types.h>
3920#include <utmp.h>
3921#ifdef HAVE_UTMPX_H
3922#include <utmpx.h>
3923#endif
d7c0f3d5 3924#ifdef HAVE_PATHS_H
1d7b9b20 3925# include <paths.h>
3926#endif
3927 ],
3928 [ char *utmpx = UTMPX_FILE; ],
3929 [ AC_MSG_RESULT(yes) ],
3930 [ AC_MSG_RESULT(no)
3931 system_utmpx_path=no ]
3932)
3933if test -z "$conf_utmpx_location"; then
3934 if test x"$system_utmpx_path" = x"no" ; then
3935 AC_DEFINE(DISABLE_UTMPX)
3936 fi
3937else
3466e002 3938 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3939 [Define if you want to specify the path to your utmpx file])
82f4e93d 3940fi
1d7b9b20 3941
3942dnl wtmpx detection
3943AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3944AC_TRY_COMPILE([
3945#include <sys/types.h>
3946#include <utmp.h>
3947#ifdef HAVE_UTMPX_H
3948#include <utmpx.h>
3949#endif
d7c0f3d5 3950#ifdef HAVE_PATHS_H
1d7b9b20 3951# include <paths.h>
3952#endif
3953 ],
3954 [ char *wtmpx = WTMPX_FILE; ],
3955 [ AC_MSG_RESULT(yes) ],
3956 [ AC_MSG_RESULT(no)
3957 system_wtmpx_path=no ]
3958)
3959if test -z "$conf_wtmpx_location"; then
3960 if test x"$system_wtmpx_path" = x"no" ; then
3961 AC_DEFINE(DISABLE_WTMPX)
3962 fi
3963else
3466e002 3964 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3965 [Define if you want to specify the path to your wtmpx file])
82f4e93d 3966fi
1d7b9b20 3967
b7a87eea 3968
bd499f9e 3969if test ! -z "$blibpath" ; then
68ece370 3970 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3971 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
bd499f9e 3972fi
3973
ed89c848 3974dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3975dnl Add now.
3976CFLAGS="$CFLAGS $werror_flags"
3977
3c62e7eb 3978AC_EXEEXT
29eadd7c 3979AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3980 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3981 scard/Makefile ssh_prng_cmds survey.sh])
98a7c37b 3982AC_OUTPUT
d3083fbd 3983
cbd7492e 3984# Print summary of options
3985
cbd7492e 3986# Someone please show me a better way :)
3987A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3988B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3989C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3990D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
f5665f6f 3991E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
e0c4d3ac 3992F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
cbd7492e 3993G=`eval echo ${piddir}` ; G=`eval echo ${G}`
ecac8ee5 3994H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3995I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3996J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
cbd7492e 3997
3998echo ""
26de7942 3999echo "OpenSSH has been configured with the following options:"
ecac8ee5 4000echo " User binaries: $B"
4001echo " System binaries: $C"
4002echo " Configuration files: $D"
4003echo " Askpass program: $E"
4004echo " Manual pages: $F"
4005echo " PID file: $G"
4006echo " Privilege separation chroot path: $H"
95b99395 4007if test "x$external_path_file" = "x/etc/login.conf" ; then
4008echo " At runtime, sshd will use the path defined in $external_path_file"
4009echo " Make sure the path to scp is present, otherwise scp will not work"
8d184c09 4010else
ecac8ee5 4011echo " sshd default user PATH: $I"
89bbd457 4012 if test ! -z "$external_path_file"; then
95b99395 4013echo " (If PATH is set in $external_path_file it will be used instead. If"
4014echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4015 fi
8d184c09 4016fi
06617857 4017if test ! -z "$superuser_path" ; then
ecac8ee5 4018echo " sshd superuser user PATH: $J"
4019fi
4020echo " Manpage format: $MANTYPE"
3e05e934 4021echo " PAM support: $PAM_MSG"
5b84789f 4022echo " OSF SIA support: $SIA_MSG"
ecac8ee5 4023echo " KerberosV support: $KRB5_MSG"
ef4d1846 4024echo " SELinux support: $SELINUX_MSG"
ecac8ee5 4025echo " Smartcard support: $SCARD_MSG"
ecac8ee5 4026echo " S/KEY support: $SKEY_MSG"
4027echo " TCP Wrappers support: $TCPW_MSG"
4028echo " MD5 password support: $MD5_MSG"
59031773 4029echo " libedit support: $LIBEDIT_MSG"
5b84789f 4030echo " Solaris process contract support: $SPC_MSG"
3deb1408 4031echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
ecac8ee5 4032echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4033echo " BSD Auth support: $BSD_AUTH_MSG"
4034echo " Random number source: $RAND_MSG"
f1b0ecc3 4035if test ! -z "$USE_RAND_HELPER" ; then
ecac8ee5 4036echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
af774732 4037fi
4038
cbd7492e 4039echo ""
4040
0c2fb82f 4041echo " Host: ${host}"
4042echo " Compiler: ${CC}"
4043echo " Compiler flags: ${CFLAGS}"
4044echo "Preprocessor flags: ${CPPFLAGS}"
4045echo " Linker flags: ${LDFLAGS}"
e54defb4 4046echo " Libraries: ${LIBS}"
4047if test ! -z "${SSHDLIBS}"; then
4048echo " +for sshd: ${SSHDLIBS}"
4049fi
cbd7492e 4050
4051echo ""
4052
9cefe228 4053if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
b3146b5f 4054 echo "SVR4 style packages are supported with \"make package\""
4055 echo ""
9cefe228 4056fi
4057
adeebd37 4058if test "x$PAM_MSG" = "xyes" ; then
f1b0ecc3 4059 echo "PAM is enabled. You may need to install a PAM control file "
4060 echo "for sshd, otherwise password authentication may fail. "
aff51935 4061 echo "Example PAM control files can be found in the contrib/ "
f1b0ecc3 4062 echo "subdirectory"
adeebd37 4063 echo ""
4064fi
4065
f1b0ecc3 4066if test ! -z "$RAND_HELPER_CMDHASH" ; then
4067 echo "WARNING: you are using the builtin random number collection "
4068 echo "service. Please read WARNING.RNG and request that your OS "
4069 echo "vendor includes kernel-based random number collection in "
4070 echo "future versions of your OS."
2c523de9 4071 echo ""
4072fi
af774732 4073
2f6f9cff 4074if test ! -z "$NO_PEERCHECK" ; then
1961d660 4075 echo "WARNING: the operating system that you are using does not"
4076 echo "appear to support getpeereid(), getpeerucred() or the"
4077 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4078 echo "enforce security checks to prevent unauthorised connections to"
4079 echo "ssh-agent. Their absence increases the risk that a malicious"
4080 echo "user can connect to your agent."
2f6f9cff 4081 echo ""
4082fi
4083
7b578f7d 4084if test "$AUDIT_MODULE" = "bsm" ; then
4085 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4086 echo "See the Solaris section in README.platform for details."
4087fi
git-cvsimport mirror of OpenSSH
This page took 1.274975 seconds and 5 git commands to generate.