]> andersk Git - openssh.git/blame - configure.ac
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c
[openssh.git] / configure.ac
CommitLineData
eb5d7ff6 1# $Id$
2b983b95 2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
0b202697 16
76e6410a 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
823221b2 18AC_REVISION($Revision$)
98a7c37b 19AC_CONFIG_SRCDIR([ssh.c])
5881cd60 20
21AC_CONFIG_HEADER(config.h)
b14b2ae7 22AC_PROG_CC
a7effaac 23AC_CANONICAL_HOST
cf0c5df5 24AC_C_BIGENDIAN
5881cd60 25
a0391976 26# Checks for programs.
4bbf95fa 27AC_PROG_AWK
4cca272e 28AC_PROG_CPP
5881cd60 29AC_PROG_RANLIB
cf8dd513 30AC_PROG_INSTALL
c9ecc3c7 31AC_PROG_EGREP
bee0a37e 32AC_PATH_PROG(AR, ar)
ddd8c95b 33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
13dd877b 35AC_PATH_PROGS(PERL, perl5 perl)
c3690df3 36AC_PATH_PROG(SED, sed)
a0f84251 37AC_SUBST(PERL)
ad85db64 38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
6958bd37 40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
6193497b 43AC_PATH_PROG(SH, sh)
a3245b92 44AC_SUBST(TEST_SHELL,sh)
f498ed15 45
9cefe228 46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
eeb27c78 52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
9cefe228 57
948fd8b9 58# System features
59AC_SYS_LARGEFILE
60
c193d002 61if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
2e73a022 65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
3466e002 67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
2e73a022 70else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76fi
77
37656beb 78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
3466e002 80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
37656beb 82fi
83
d423d822 84if test -z "$LD" ; then
85 LD=$CC
86fi
87AC_SUBST(LD)
82f4e93d 88
d423d822 89AC_C_INLINE
dfafb2e1 90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
aff51935 93if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
af40ca44 94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
eeee8237 95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
5fdabf45 96 case $GCC_VER in
97 1.*) ;;
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99 2.*) ;;
dbf07ba2 100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
cd595991 101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
102 *) ;;
5fdabf45 103 esac
8a3ff1aa 104
dfafb2e1 105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
111 [have_llong_max=1],
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
114 )
115 fi
d423d822 116fi
117
e6354014 118AC_ARG_WITH(rpath,
119 [ --without-rpath Disable auto-added -R linker paths],
120 [
82f4e93d 121 if test "x$withval" = "xno" ; then
e6354014 122 need_dash_r=""
123 fi
124 if test "x$withval" = "xyes" ; then
125 need_dash_r=1
126 fi
127 ]
128)
129
5b84789f 130# Messages for features tested for in target-specific section
131SIA_MSG="no"
132SPC_MSG="no"
133
a0391976 134# Check for some target-specific stuff
a7effaac 135case "$host" in
9d6b1b96 136*-*-aix*)
aff51935 137 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
68ece370 138 if (test -z "$blibpath"); then
0a15d73b 139 blibpath="/usr/lib:/lib"
68ece370 140 fi
141 saved_LDFLAGS="$LDFLAGS"
e7479666 142 if test "$GCC" = "yes"; then
143 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
144 else
145 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
146 fi
147 for tryflags in $flags ;do
68ece370 148 if (test -z "$blibflags"); then
149 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
150 AC_TRY_LINK([], [], [blibflags=$tryflags])
151 fi
152 done
153 if (test -z "$blibflags"); then
154 AC_MSG_RESULT(not found)
155 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
156 else
157 AC_MSG_RESULT($blibflags)
bd499f9e 158 fi
68ece370 159 LDFLAGS="$saved_LDFLAGS"
e351e493 160 dnl Check for authenticate. Might be in libs.a on older AIXes
3466e002 161 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
162 [Define if you want to enable AIX4's authenticate function])],
0764e748 163 [AC_CHECK_LIB(s,authenticate,
e351e493 164 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
0764e748 165 LIBS="$LIBS -ls"
166 ])
167 ])
ba603e06 168 dnl Check for various auth function declarations in headers.
c85ed8e2 169 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
72ad335d 170 passwdexpired, setauthdb], , , [#include <usersec.h>])
e351e493 171 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
ba603e06 172 AC_CHECK_DECLS(loginfailed,
e351e493 173 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
174 AC_TRY_COMPILE(
f58c0e01 175 [#include <usersec.h>],
e351e493 176 [(void)loginfailed("user","host","tty",0);],
177 [AC_MSG_RESULT(yes)
3466e002 178 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
179 [Define if your AIX loginfailed() function
180 takes 4 arguments (AIX >= 5.2)])],
f58c0e01 181 [AC_MSG_RESULT(no)]
e351e493 182 )],
183 [],
184 [#include <usersec.h>]
185 )
2aa3a16c 186 AC_CHECK_FUNCS(setauthdb)
53c337ed 187 AC_CHECK_DECL(F_CLOSEM,
795e7517 188 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
53c337ed 189 [],
190 [ #include <limits.h>
191 #include <fcntl.h> ]
192 )
5ccf88cb 193 check_for_aix_broken_getaddrinfo=1
3466e002 194 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
195 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
196 [Define if your platform breaks doing a seteuid before a setuid])
197 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
198 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
a3cef3ca 199 dnl AIX handles lastlog as part of its login message
3466e002 200 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
201 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
202 [Some systems need a utmpx entry for /bin/login to work])
203 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
204 [Define to a Set Process Title type if your system is
205 supported by bsd-setproctitle.c])
961c2997 206 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
207 [AIX 5.2 and 5.3 (and presumably newer) require this])
ea8c44d9 208 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
9d6b1b96 209 ;;
3c62e7eb 210*-*-cygwin*)
a52997bd 211 check_for_libcrypt_later=1
ffb8d130 212 LIBS="$LIBS /usr/lib/textmode.o"
3466e002 213 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
214 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
215 AC_DEFINE(DISABLE_SHADOW, 1,
216 [Define if you want to disable shadow passwords])
217 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
218 [Define if your system choked on IP TOS setting])
219 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
220 [Define if X11 doesn't support AF_UNIX sockets on that system])
221 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
222 [Define if the concept of ports only accessible to
223 superusers isn't known])
224 AC_DEFINE(DISABLE_FD_PASSING, 1,
225 [Define if your platform needs to skip post auth
226 file descriptor passing])
3c62e7eb 227 ;;
d6fdb079 228*-*-dgux*)
229 AC_DEFINE(IP_TOS_IS_BROKEN)
0c6a72a5 230 AC_DEFINE(SETEUID_BREAKS_SETUID)
231 AC_DEFINE(BROKEN_SETREUID)
232 AC_DEFINE(BROKEN_SETREGID)
d6fdb079 233 ;;
39c98ef7 234*-*-darwin*)
33e2e066 235 AC_MSG_CHECKING(if we have working getaddrinfo)
236 AC_TRY_RUN([#include <mach-o/dyld.h>
237main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
238 exit(0);
239 else
240 exit(1);
241}], [AC_MSG_RESULT(working)],
242 [AC_MSG_RESULT(buggy)
3466e002 243 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
b27e573d 244 [AC_MSG_RESULT(assume it is working)])
635e0c42 245 AC_DEFINE(SETEUID_BREAKS_SETUID)
246 AC_DEFINE(BROKEN_SETREUID)
247 AC_DEFINE(BROKEN_SETREGID)
3466e002 248 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
249 [Define if your resolver libs need this for getrrsetbyname])
e02505e2 250 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
251 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
252 [Use tunnel device compatibility to OpenBSD])
253 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
254 [Prepend the address family to IP tunnel traffic])
39c98ef7 255 ;;
7d458c86 256*-*-hpux*)
257 # first we define all of the options common to all HP-UX releases
b8fea62d 258 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
44839801 259 IPADDR_IN_DISPLAY=yes
2b10f47a 260 AC_DEFINE(USE_PIPES)
3466e002 261 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
262 [Define if your login program cannot handle end of options ("--")])
a2572aa7 263 AC_DEFINE(LOGIN_NEEDS_UTMPX)
3466e002 264 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
265 [String used in /etc/passwd to denote locked account])
3a2b2b44 266 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
83f987c3 267 MAIL="/var/mail/username"
f75ca46d 268 LIBS="$LIBS -lsec"
7d458c86 269 AC_CHECK_LIB(xnet, t_error, ,
270 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
271
272 # next, we define all of the options specific to major releases
273 case "$host" in
274 *-*-hpux10*)
275 if test -z "$GCC"; then
276 CFLAGS="$CFLAGS -Ae"
277 fi
278 ;;
279 *-*-hpux11*)
3466e002 280 AC_DEFINE(PAM_SUN_CODEBASE, 1,
281 [Define if you are using Solaris-derived PAM which
282 passes pam_messages to the conversation function
283 with an extra level of indirection])
284 AC_DEFINE(DISABLE_UTMP, 1,
285 [Define if you don't want to use utmp])
7d458c86 286 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
287 check_for_hpux_broken_getaddrinfo=1
288 check_for_conflicting_getspnam=1
289 ;;
290 esac
291
292 # lastly, we define options specific to minor releases
293 case "$host" in
294 *-*-hpux10.26)
3466e002 295 AC_DEFINE(HAVE_SECUREWARE, 1,
296 [Define if you have SecureWare-based
297 protected password database])
7d458c86 298 disable_ptmx_check=yes
299 LIBS="$LIBS -lsecpw"
300 ;;
301 esac
2b763e31 302 ;;
d94aa2ae 303*-*-irix5*)
6ac7829a 304 PATH="$PATH:/usr/etc"
3466e002 305 AC_DEFINE(BROKEN_INET_NTOA, 1,
306 [Define if you system's inet_ntoa is busted
307 (e.g. Irix gcc issue)])
cb433561 308 AC_DEFINE(SETEUID_BREAKS_SETUID)
309 AC_DEFINE(BROKEN_SETREUID)
310 AC_DEFINE(BROKEN_SETREGID)
3466e002 311 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
312 [Define if you shouldn't strip 'tty' from your
313 ttyname in [uw]tmp])
3e6e3da0 314 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
b9795b89 315 ;;
316*-*-irix6*)
6ac7829a 317 PATH="$PATH:/usr/etc"
3466e002 318 AC_DEFINE(WITH_IRIX_ARRAY, 1,
319 [Define if you have/want arrays
320 (cluster-wide session managment, not C arrays)])
321 AC_DEFINE(WITH_IRIX_PROJECT, 1,
322 [Define if you want IRIX project management])
323 AC_DEFINE(WITH_IRIX_AUDIT, 1,
324 [Define if you want IRIX audit trails])
325 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
326 [Define if you want IRIX kernel jobs])])
416ed5a7 327 AC_DEFINE(BROKEN_INET_NTOA)
412c0eaa 328 AC_DEFINE(SETEUID_BREAKS_SETUID)
329 AC_DEFINE(BROKEN_SETREUID)
330 AC_DEFINE(BROKEN_SETREGID)
3466e002 331 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
0e8f4eba 332 AC_DEFINE(WITH_ABBREV_NO_TTY)
3e6e3da0 333 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
d94aa2ae 334 ;;
5cdfe03f 335*-*-linux*)
336 no_dev_ptmx=1
717057b6 337 check_for_libcrypt_later=1
eacb954e 338 check_for_openpty_ctty_bug=1
3466e002 339 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
340 AC_DEFINE(PAM_TTY_KLUDGE, 1,
341 [Work around problematic Linux PAM modules handling of PAM_TTY])
342 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
343 [String used in /etc/passwd to denote locked account])
3a2b2b44 344 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
3466e002 345 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
346 [Define to whatever link() returns for "not supported"
347 if it doesn't return EOPNOTSUPP.])
b6610e8f 348 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
3466e002 349 AC_DEFINE(USE_BTMP)
80faa19f 350 inet6_default_4in6=yes
bf7c1e6c 351 case `uname -r` in
ad84c479 352 1.*|2.0.*)
3466e002 353 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
354 [Define if cmsg_type is not passed correctly])
bf7c1e6c 355 ;;
bf7c1e6c 356 esac
c40f09ca 357 # tun(4) forwarding compat code
d91775e1 358 AC_CHECK_HEADERS(linux/if_tun.h)
b5081213 359 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
c40f09ca 360 AC_DEFINE(SSH_TUN_LINUX, 1,
361 [Open tunnel devices the Linux tun/tap way])
362 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
363 [Use tunnel device compatibility to OpenBSD])
364 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
365 [Prepend the address family to IP tunnel traffic])
366 fi
5cdfe03f 367 ;;
66d6c27e 368mips-sony-bsd|mips-sony-newsos4)
4b2cf3f1 369 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
66d6c27e 370 SONY=1
66d6c27e 371 ;;
d468fc76 372*-*-netbsd*)
33e2e066 373 check_for_libcrypt_before=1
82f4e93d 374 if test "x$withval" != "xno" ; then
e6354014 375 need_dash_r=1
376 fi
0f6cb079 377 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
378 AC_CHECK_HEADER([net/if_tap.h], ,
379 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
380 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
381 [Prepend the address family to IP tunnel traffic])
d468fc76 382 ;;
86b416a7 383*-*-freebsd*)
384 check_for_libcrypt_later=1
988c5031 385 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
0f6cb079 386 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
387 AC_CHECK_HEADER([net/if_tap.h], ,
388 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
86b416a7 389 ;;
8707b7eb 390*-*-bsdi*)
391 AC_DEFINE(SETEUID_BREAKS_SETUID)
392 AC_DEFINE(BROKEN_SETREUID)
393 AC_DEFINE(BROKEN_SETREGID)
394 ;;
729bfe59 395*-next-*)
729bfe59 396 conf_lastlog_location="/usr/adm/lastlog"
698d107e 397 conf_utmp_location=/etc/utmp
398 conf_wtmp_location=/usr/adm/wtmp
399 MAIL=/usr/spool/mail
3466e002 400 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
443172c4 401 AC_DEFINE(BROKEN_REALPATH)
00937921 402 AC_DEFINE(USE_PIPES)
3466e002 403 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
729bfe59 404 ;;
5b7b5e23 405*-*-openbsd*)
406 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
8034a348 407 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
0f6cb079 408 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
c79c4814 409 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
410 [syslog_r function is safe to use in in a signal handler])
5b7b5e23 411 ;;
9d6b1b96 412*-*-solaris*)
82f4e93d 413 if test "x$withval" != "xno" ; then
010e9d5b 414 need_dash_r=1
415 fi
adeebd37 416 AC_DEFINE(PAM_SUN_CODEBASE)
7e2d5fa4 417 AC_DEFINE(LOGIN_NEEDS_UTMPX)
3466e002 418 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
419 [Some versions of /bin/login need the TERM supplied
420 on the commandline])
7f0a4ff1 421 AC_DEFINE(PAM_TTY_KLUDGE)
3466e002 422 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
423 [Define if pam_chauthtok wants real uid set
424 to the unpriv'ed user])
3e6e3da0 425 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
ad84c479 426 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
3466e002 427 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
428 [Define if sshd somehow reacquires a controlling TTY
429 after setsid()])
795aa5f5 430 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
431 in case the name is longer than 8 chars])
95b99395 432 external_path_file=/etc/default/login
1d7b9b20 433 # hardwire lastlog location (can't detect it on some versions)
434 conf_lastlog_location="/var/adm/lastlog"
32c80420 435 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
436 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
437 if test "$sol2ver" -ge 8; then
438 AC_MSG_RESULT(yes)
439 AC_DEFINE(DISABLE_UTMP)
3466e002 440 AC_DEFINE(DISABLE_WTMP, 1,
441 [Define if you don't want to use wtmp])
32c80420 442 else
443 AC_MSG_RESULT(no)
444 fi
5b84789f 445 AC_ARG_WITH(solaris-contracts,
446 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
447 [
448 AC_CHECK_LIB(contract, ct_tmpl_activate,
449 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
450 [Define if you have Solaris process contracts])
451 SSHDLIBS="$SSHDLIBS -lcontract"
452 AC_SUBST(SSHDLIBS)
453 SPC_MSG="yes" ], )
454 ],
455 )
9d6b1b96 456 ;;
a423beaf 457*-*-sunos4*)
0c2fb82f 458 CPPFLAGS="$CPPFLAGS -DSUNOS4"
a423beaf 459 AC_CHECK_FUNCS(getpwanam)
adeebd37 460 AC_DEFINE(PAM_SUN_CODEBASE)
32eec038 461 conf_utmp_location=/etc/utmp
462 conf_wtmp_location=/var/adm/wtmp
463 conf_lastlog_location=/var/adm/lastlog
137d7b6c 464 AC_DEFINE(USE_PIPES)
a423beaf 465 ;;
6f68f28a 466*-ncr-sysv*)
98a7c37b 467 LIBS="$LIBS -lc89"
29525240 468 AC_DEFINE(USE_PIPES)
eabb99c6 469 AC_DEFINE(SSHD_ACQUIRES_CTTY)
6fb3618d 470 AC_DEFINE(SETEUID_BREAKS_SETUID)
471 AC_DEFINE(BROKEN_SETREUID)
472 AC_DEFINE(BROKEN_SETREGID)
6f68f28a 473 ;;
132dd316 474*-sni-sysv*)
c8c15bcb 475 # /usr/ucblib MUST NOT be searched on ReliantUNIX
e2798e96 476 AC_CHECK_LIB(dl, dlsym, ,)
d08db6d1 477 # -lresolv needs to be at the end of LIBS or DNS lookups break
478 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
9548d6c8 479 IPADDR_IN_DISPLAY=yes
480 AC_DEFINE(USE_PIPES)
132dd316 481 AC_DEFINE(IP_TOS_IS_BROKEN)
605369bb 482 AC_DEFINE(SETEUID_BREAKS_SETUID)
483 AC_DEFINE(BROKEN_SETREUID)
484 AC_DEFINE(BROKEN_SETREGID)
eabb99c6 485 AC_DEFINE(SSHD_ACQUIRES_CTTY)
95b99395 486 external_path_file=/etc/default/login
c8c15bcb 487 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
488 # Attention: always take care to bind libsocket and libnsl before libc,
489 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
132dd316 490 ;;
79a7ba96 491# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
77bb0bca 492*-*-sysv4.2*)
9a406e1e 493 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
ed6553e2 494 AC_DEFINE(USE_PIPES)
7ed101c0 495 AC_DEFINE(SETEUID_BREAKS_SETUID)
496 AC_DEFINE(BROKEN_SETREUID)
497 AC_DEFINE(BROKEN_SETREGID)
46f853b9 498 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
e45da4d6 499 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
77bb0bca 500 ;;
79a7ba96 501# UnixWare 7.x, OpenUNIX 8
77bb0bca 502*-*-sysv5*)
d7d2cc6e 503 check_for_libcrypt_later=1
504 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
ed6553e2 505 AC_DEFINE(USE_PIPES)
7ed101c0 506 AC_DEFINE(SETEUID_BREAKS_SETUID)
507 AC_DEFINE(BROKEN_SETREUID)
508 AC_DEFINE(BROKEN_SETREGID)
3466e002 509 AC_DEFINE(PASSWD_NEEDS_USERNAME)
822015dd 510 case "$host" in
511 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
512 TEST_SHELL=/u95/bin/sh
3466e002 513 AC_DEFINE(BROKEN_LIBIAF, 1,
514 [ia_uinfo routines not supported by OS yet])
822015dd 515 ;;
e45da4d6 516 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
517 ;;
822015dd 518 esac
77bb0bca 519 ;;
9d6b1b96 520*-*-sysv*)
9d6b1b96 521 ;;
79a7ba96 522# SCO UNIX and OEM versions of SCO UNIX
77bb0bca 523*-*-sco3.2v4*)
11cf4f1f 524 AC_MSG_ERROR("This Platform is no longer supported.")
77bb0bca 525 ;;
79a7ba96 526# SCO OpenServer 5.x
77bb0bca 527*-*-sco3.2v5*)
21710e39 528 if test -z "$GCC"; then
529 CFLAGS="$CFLAGS -belf"
530 fi
ed6553e2 531 LIBS="$LIBS -lprot -lx -ltinfo -lm"
509b1f88 532 no_dev_ptmx=1
ed6553e2 533 AC_DEFINE(USE_PIPES)
6e879cb4 534 AC_DEFINE(HAVE_SECUREWARE)
d287c664 535 AC_DEFINE(DISABLE_SHADOW)
94d8258b 536 AC_DEFINE(DISABLE_FD_PASSING)
7ed101c0 537 AC_DEFINE(SETEUID_BREAKS_SETUID)
538 AC_DEFINE(BROKEN_SETREUID)
539 AC_DEFINE(BROKEN_SETREGID)
bcebad47 540 AC_DEFINE(WITH_ABBREV_NO_TTY)
34f2baf0 541 AC_DEFINE(BROKEN_UPDWTMPX)
3466e002 542 AC_DEFINE(PASSWD_NEEDS_USERNAME)
aca75d94 543 AC_CHECK_FUNCS(getluid setluid)
533875af 544 MANTYPE=man
a3245b92 545 TEST_SHELL=ksh
509b1f88 546 ;;
ccbb983c 547*-*-unicosmk*)
3466e002 548 AC_DEFINE(NO_SSH_LASTLOG, 1,
549 [Define if you don't want to use lastlog in session.c])
c1ad5966 550 AC_DEFINE(SETEUID_BREAKS_SETUID)
551 AC_DEFINE(BROKEN_SETREUID)
552 AC_DEFINE(BROKEN_SETREGID)
ccbb983c 553 AC_DEFINE(USE_PIPES)
554 AC_DEFINE(DISABLE_FD_PASSING)
555 LDFLAGS="$LDFLAGS"
556 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
557 MANTYPE=cat
d262b7f2 558 ;;
7b9a8c6e 559*-*-unicosmp*)
c1ad5966 560 AC_DEFINE(SETEUID_BREAKS_SETUID)
561 AC_DEFINE(BROKEN_SETREUID)
562 AC_DEFINE(BROKEN_SETREGID)
7b9a8c6e 563 AC_DEFINE(WITH_ABBREV_NO_TTY)
564 AC_DEFINE(USE_PIPES)
565 AC_DEFINE(DISABLE_FD_PASSING)
566 LDFLAGS="$LDFLAGS"
c1ad5966 567 LIBS="$LIBS -lgen -lacid -ldb"
7b9a8c6e 568 MANTYPE=cat
569 ;;
ca5c7d6a 570*-*-unicos*)
c1ad5966 571 AC_DEFINE(SETEUID_BREAKS_SETUID)
572 AC_DEFINE(BROKEN_SETREUID)
573 AC_DEFINE(BROKEN_SETREGID)
ca5c7d6a 574 AC_DEFINE(USE_PIPES)
94d8258b 575 AC_DEFINE(DISABLE_FD_PASSING)
ef51930f 576 AC_DEFINE(NO_SSH_LASTLOG)
ccbb983c 577 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
578 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
579 MANTYPE=cat
a704dd54 580 ;;
4d33e531 581*-dec-osf*)
99c8ddac 582 AC_MSG_CHECKING(for Digital Unix SIA)
583 no_osfsia=""
584 AC_ARG_WITH(osfsia,
585 [ --with-osfsia Enable Digital Unix SIA],
586 [
587 if test "x$withval" = "xno" ; then
588 AC_MSG_RESULT(disabled)
589 no_osfsia=1
590 fi
591 ],
592 )
593 if test -z "$no_osfsia" ; then
4d33e531 594 if test -f /etc/sia/matrix.conf; then
595 AC_MSG_RESULT(yes)
3466e002 596 AC_DEFINE(HAVE_OSF_SIA, 1,
597 [Define if you have Digital Unix Security
598 Integration Architecture])
599 AC_DEFINE(DISABLE_LOGIN, 1,
600 [Define if you don't want to use your
601 system's login() call])
58d0df4e 602 AC_DEFINE(DISABLE_FD_PASSING)
4d33e531 603 LIBS="$LIBS -lsecurity -ldb -lm -laud"
5b84789f 604 SIA_MSG="yes"
4d33e531 605 else
606 AC_MSG_RESULT(no)
3466e002 607 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
608 [String used in /etc/passwd to denote locked account])
4d33e531 609 fi
610 fi
a6e67b60 611 AC_DEFINE(BROKEN_GETADDRINFO)
f4f2ff4f 612 AC_DEFINE(SETEUID_BREAKS_SETUID)
08da2d08 613 AC_DEFINE(BROKEN_SETREUID)
614 AC_DEFINE(BROKEN_SETREGID)
4d33e531 615 ;;
41cb4569 616
9c54c067 617*-*-nto-qnx*)
41cb4569 618 AC_DEFINE(USE_PIPES)
619 AC_DEFINE(NO_X11_UNIX_SOCKETS)
3466e002 620 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
621 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
622 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
9c54c067 623 AC_DEFINE(DISABLE_LASTLOG)
49c64dd6 624 AC_DEFINE(SSHD_ACQUIRES_CTTY)
0c7e8877 625 enable_etc_default_login=no # has incompatible /etc/default/login
41cb4569 626 ;;
35fc74ed 627
628*-*-ultrix*)
3466e002 629 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
630 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
4b2cf3f1 631 AC_DEFINE(NEED_SETPGRP)
b5765e1d 632 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
633 ;;
157b6700 634
635*-*-lynxos)
636 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
3466e002 637 AC_DEFINE(MISSING_HOWMANY)
157b6700 638 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
639 ;;
a7effaac 640esac
641
8e7b16f8 642# Allow user to specify flags
643AC_ARG_WITH(cflags,
644 [ --with-cflags Specify additional flags to pass to compiler],
645 [
6cf0200f 646 if test -n "$withval" && test "x$withval" != "xno" && \
647 test "x${withval}" != "xyes"; then
8e7b16f8 648 CFLAGS="$CFLAGS $withval"
649 fi
82f4e93d 650 ]
8e7b16f8 651)
0c2fb82f 652AC_ARG_WITH(cppflags,
653 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
654 [
6cf0200f 655 if test -n "$withval" && test "x$withval" != "xno" && \
656 test "x${withval}" != "xyes"; then
0c2fb82f 657 CPPFLAGS="$CPPFLAGS $withval"
658 fi
659 ]
660)
8e7b16f8 661AC_ARG_WITH(ldflags,
97b378bf 662 [ --with-ldflags Specify additional flags to pass to linker],
8e7b16f8 663 [
6cf0200f 664 if test -n "$withval" && test "x$withval" != "xno" && \
665 test "x${withval}" != "xyes"; then
8e7b16f8 666 LDFLAGS="$LDFLAGS $withval"
667 fi
82f4e93d 668 ]
8e7b16f8 669)
670AC_ARG_WITH(libs,
671 [ --with-libs Specify additional libraries to link with],
672 [
6cf0200f 673 if test -n "$withval" && test "x$withval" != "xno" && \
674 test "x${withval}" != "xyes"; then
8e7b16f8 675 LIBS="$LIBS $withval"
676 fi
82f4e93d 677 ]
8e7b16f8 678)
ed89c848 679AC_ARG_WITH(Werror,
680 [ --with-Werror Build main code with -Werror],
681 [
682 if test -n "$withval" && test "x$withval" != "xno"; then
683 werror_flags="-Werror"
1012885d 684 if test "x${withval}" != "xyes"; then
ed89c848 685 werror_flags="$withval"
686 fi
687 fi
688 ]
689)
8e7b16f8 690
c5829391 691AC_MSG_CHECKING(compiler and flags for sanity)
479cece8 692AC_RUN_IFELSE(
693 [AC_LANG_SOURCE([
c5829391 694#include <stdio.h>
695int main(){exit(0);}
479cece8 696 ])],
c5829391 697 [ AC_MSG_RESULT(yes) ],
698 [
699 AC_MSG_RESULT(no)
700 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1a01a50c 701 ],
702 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
c5829391 703)
704
b04a9f8c 705dnl Checks for header files.
706AC_CHECK_HEADERS( \
707 bstring.h \
708 crypt.h \
2f360c89 709 crypto/sha2.h \
b04a9f8c 710 dirent.h \
711 endian.h \
712 features.h \
37259a8e 713 fcntl.h \
b04a9f8c 714 floatingpoint.h \
715 getopt.h \
716 glob.h \
717 ia.h \
4c653d8e 718 iaf.h \
b04a9f8c 719 limits.h \
720 login.h \
b04a9f8c 721 maillock.h \
722 ndir.h \
e02505e2 723 net/if_tun.h \
b04a9f8c 724 netdb.h \
725 netgroup.h \
b04a9f8c 726 pam/pam_appl.h \
727 paths.h \
728 pty.h \
729 readpassphrase.h \
730 rpc/types.h \
731 security/pam_appl.h \
f73e2ad7 732 sha2.h \
b04a9f8c 733 shadow.h \
734 stddef.h \
735 stdint.h \
0957c2cf 736 string.h \
b04a9f8c 737 strings.h \
738 sys/audit.h \
739 sys/bitypes.h \
740 sys/bsdtty.h \
741 sys/cdefs.h \
742 sys/dir.h \
743 sys/mman.h \
744 sys/ndir.h \
745 sys/prctl.h \
746 sys/pstat.h \
747 sys/select.h \
748 sys/stat.h \
749 sys/stream.h \
750 sys/stropts.h \
751 sys/strtio.h \
752 sys/sysmacros.h \
753 sys/time.h \
754 sys/timers.h \
755 sys/un.h \
756 time.h \
757 tmpdir.h \
758 ttyent.h \
25dd2ce6 759 unistd.h \
b04a9f8c 760 usersec.h \
761 util.h \
762 utime.h \
763 utmp.h \
764 utmpx.h \
ea76f54c 765 vis.h \
b04a9f8c 766)
ddceb1c8 767
823221b2 768# lastlog.h requires sys/time.h to be included first on Solaris
769AC_CHECK_HEADERS(lastlog.h, [], [], [
770#ifdef HAVE_SYS_TIME_H
771# include <sys/time.h>
772#endif
773])
774
765a24cd 775# sys/ptms.h requires sys/stream.h to be included first on Solaris
776AC_CHECK_HEADERS(sys/ptms.h, [], [], [
777#ifdef HAVE_SYS_STREAM_H
778# include <sys/stream.h>
779#endif
780])
781
3919d576 782# login_cap.h requires sys/types.h on NetBSD
783AC_CHECK_HEADERS(login_cap.h, [], [], [
784#include <sys/types.h>
785])
786
a0391976 787# Checks for libraries.
98a7c37b 788AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
789AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
2c523de9 790
446227d6 791dnl IRIX and Solaris 2.5.1 have dirname() in libgen
792AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
793 AC_CHECK_LIB(gen, dirname,[
794 AC_CACHE_CHECK([for broken dirname],
795 ac_cv_have_broken_dirname, [
796 save_LIBS="$LIBS"
797 LIBS="$LIBS -lgen"
b0e7249f 798 AC_RUN_IFELSE(
799 [AC_LANG_SOURCE([[
446227d6 800#include <libgen.h>
801#include <string.h>
802
803int main(int argc, char **argv) {
804 char *s, buf[32];
805
806 strncpy(buf,"/etc", 32);
807 s = dirname(buf);
808 if (!s || strncmp(s, "/", 32) != 0) {
809 exit(1);
810 } else {
811 exit(0);
812 }
813}
b0e7249f 814 ]])],
815 [ ac_cv_have_broken_dirname="no" ],
816 [ ac_cv_have_broken_dirname="yes" ],
446227d6 817 [ ac_cv_have_broken_dirname="no" ],
446227d6 818 )
819 LIBS="$save_LIBS"
820 ])
821 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
822 LIBS="$LIBS -lgen"
823 AC_DEFINE(HAVE_DIRNAME)
824 AC_CHECK_HEADERS(libgen.h)
825 fi
826 ])
827])
828
829AC_CHECK_FUNC(getspnam, ,
830 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
3466e002 831AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
832 [Define if you have the basename function.]))
446227d6 833
98a7c37b 834dnl zlib is required
835AC_ARG_WITH(zlib,
836 [ --with-zlib=PATH Use zlib in PATH],
6dd05556 837 [ if test "x$withval" = "xno" ; then
838 AC_MSG_ERROR([*** zlib is required ***])
839 elif test "x$withval" != "xyes"; then
98a7c37b 840 if test -d "$withval/lib"; then
841 if test -n "${need_dash_r}"; then
5a162955 842 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
98a7c37b 843 else
5a162955 844 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
98a7c37b 845 fi
846 else
847 if test -n "${need_dash_r}"; then
5a162955 848 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
98a7c37b 849 else
5a162955 850 LDFLAGS="-L${withval} ${LDFLAGS}"
98a7c37b 851 fi
852 fi
853 if test -d "$withval/include"; then
5a162955 854 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
98a7c37b 855 else
5a162955 856 CPPFLAGS="-I${withval} ${CPPFLAGS}"
98a7c37b 857 fi
6dd05556 858 fi ]
98a7c37b 859)
860
0a15d73b 861AC_CHECK_LIB(z, deflate, ,
862 [
863 saved_CPPFLAGS="$CPPFLAGS"
864 saved_LDFLAGS="$LDFLAGS"
865 save_LIBS="$LIBS"
866 dnl Check default zlib install dir
867 if test -n "${need_dash_r}"; then
868 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
869 else
870 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
871 fi
872 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
873 LIBS="$LIBS -lz"
874 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
875 [
876 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
877 ]
878 )
879 ]
880)
4ad65809 881AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
8068d564 882
883AC_ARG_WITH(zlib-version-check,
884 [ --without-zlib-version-check Disable zlib version check],
885 [ if test "x$withval" = "xno" ; then
886 zlib_check_nonfatal=1
887 fi
888 ]
889)
890
5c7fc85d 891AC_MSG_CHECKING(for possibly buggy zlib)
479cece8 892AC_RUN_IFELSE([AC_LANG_SOURCE([[
5c7fc85d 893#include <stdio.h>
4ad65809 894#include <zlib.h>
895int main()
896{
5c7fc85d 897 int a=0, b=0, c=0, d=0, n, v;
898 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
899 if (n != 3 && n != 4)
4ad65809 900 exit(1);
5c7fc85d 901 v = a*1000000 + b*10000 + c*100 + d;
902 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
903
904 /* 1.1.4 is OK */
905 if (a == 1 && b == 1 && c >= 4)
4ad65809 906 exit(0);
5c7fc85d 907
0072b59d 908 /* 1.2.3 and up are OK */
909 if (v >= 1020300)
5c7fc85d 910 exit(0);
911
4ad65809 912 exit(2);
913}
479cece8 914 ]])],
5c7fc85d 915 AC_MSG_RESULT(no),
916 [ AC_MSG_RESULT(yes)
8068d564 917 if test -z "$zlib_check_nonfatal" ; then
918 AC_MSG_ERROR([*** zlib too old - check config.log ***
919Your reported zlib version has known security problems. It's possible your
920vendor has fixed these problems without changing the version number. If you
921are sure this is the case, you can disable the check by running
922"./configure --without-zlib-version-check".
6090bcfe 923If you are in doubt, upgrade zlib to version 1.2.3 or greater.
5c7fc85d 924See http://www.gzip.org/zlib/ for details.])
8068d564 925 else
926 AC_MSG_WARN([zlib version may have security problems])
927 fi
1a01a50c 928 ],
929 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
4ad65809 930)
48e7916f 931
2c523de9 932dnl UnixWare 2.x
aff51935 933AC_CHECK_FUNC(strcasecmp,
2c523de9 934 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
935)
23361281 936AC_CHECK_FUNCS(utimes,
cda1ebcb 937 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
938 LIBS="$LIBS -lc89"]) ]
2c523de9 939)
4cca272e 940
7c6d759d 941dnl Checks for libutil functions
942AC_CHECK_HEADERS(libutil.h)
3466e002 943AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
944 [Define if your libraries define login()])])
7c6d759d 945AC_CHECK_FUNCS(logout updwtmp logwtmp)
946
a738c3b0 947AC_FUNC_STRFTIME
948
84ceda19 949# Check for ALTDIRFUNC glob() extension
950AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
951AC_EGREP_CPP(FOUNDIT,
952 [
953 #include <glob.h>
954 #ifdef GLOB_ALTDIRFUNC
955 FOUNDIT
956 #endif
aff51935 957 ],
84ceda19 958 [
3466e002 959 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
960 [Define if your system glob() function has
961 the GLOB_ALTDIRFUNC extension])
84ceda19 962 AC_MSG_RESULT(yes)
963 ],
964 [
965 AC_MSG_RESULT(no)
966 ]
967)
4cca272e 968
40849fdb 969# Check for g.gl_matchc glob() extension
970AC_MSG_CHECKING(for gl_matchc field in glob_t)
d90b9f9a 971AC_TRY_COMPILE(
13ff27b7 972 [ #include <glob.h> ],
973 [glob_t g; g.gl_matchc = 1;],
aff51935 974 [
3466e002 975 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
976 [Define if your system glob() function has
977 gl_matchc options in glob_t])
aff51935 978 AC_MSG_RESULT(yes)
979 ],
980 [
981 AC_MSG_RESULT(no)
982 ]
40849fdb 983)
984
78888bab 985AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
986
edbe6722 987AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1a01a50c 988AC_RUN_IFELSE(
479cece8 989 [AC_LANG_SOURCE([[
edbe6722 990#include <sys/types.h>
991#include <dirent.h>
aec4cb4f 992int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
479cece8 993 ]])],
aff51935 994 [AC_MSG_RESULT(yes)],
edbe6722 995 [
996 AC_MSG_RESULT(no)
3466e002 997 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
d08db6d1 998 [Define if your struct dirent expects you to
3466e002 999 allocate extra space for d_name])
1a01a50c 1000 ],
82f4e93d 1001 [
1a01a50c 1002 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1003 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
edbe6722 1004 ]
1005)
1006
419e26e7 1007AC_MSG_CHECKING([for /proc/pid/fd directory])
1008if test -d "/proc/$$/fd" ; then
3466e002 1009 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
419e26e7 1010 AC_MSG_RESULT(yes)
1011else
1012 AC_MSG_RESULT(no)
1013fi
1014
278588d8 1015# Check whether user wants S/Key support
aff51935 1016SKEY_MSG="no"
278588d8 1017AC_ARG_WITH(skey,
6ff3d0dc 1018 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
278588d8 1019 [
1020 if test "x$withval" != "xno" ; then
1021
1022 if test "x$withval" != "xyes" ; then
1023 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1024 LDFLAGS="$LDFLAGS -L${withval}/lib"
1025 fi
1026
3466e002 1027 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
278588d8 1028 LIBS="-lskey $LIBS"
aff51935 1029 SKEY_MSG="yes"
82f4e93d 1030
ddceb1c8 1031 AC_MSG_CHECKING([for s/key support])
b0e7249f 1032 AC_LINK_IFELSE(
1033 [AC_LANG_SOURCE([[
ddceb1c8 1034#include <stdio.h>
1035#include <skey.h>
aec4cb4f 1036int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
b0e7249f 1037 ]])],
ddceb1c8 1038 [AC_MSG_RESULT(yes)],
278588d8 1039 [
ddceb1c8 1040 AC_MSG_RESULT(no)
278588d8 1041 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1042 ])
141fc639 1043 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1044 AC_TRY_COMPILE(
1045 [#include <stdio.h>
1046 #include <skey.h>],
1047 [(void)skeychallenge(NULL,"name","",0);],
1048 [AC_MSG_RESULT(yes)
3466e002 1049 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1050 [Define if your skeychallenge()
1051 function takes 4 arguments (NetBSD)])],
141fc639 1052 [AC_MSG_RESULT(no)]
1053 )
278588d8 1054 fi
1055 ]
1056)
1057
1058# Check whether user wants TCP wrappers support
98a7c37b 1059TCPW_MSG="no"
278588d8 1060AC_ARG_WITH(tcp-wrappers,
6ff3d0dc 1061 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
278588d8 1062 [
1063 if test "x$withval" != "xno" ; then
1064 saved_LIBS="$LIBS"
98a7c37b 1065 saved_LDFLAGS="$LDFLAGS"
1066 saved_CPPFLAGS="$CPPFLAGS"
4b492aab 1067 if test -n "${withval}" && \
6cf0200f 1068 test "x${withval}" != "xyes"; then
98a7c37b 1069 if test -d "${withval}/lib"; then
1070 if test -n "${need_dash_r}"; then
5a162955 1071 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
98a7c37b 1072 else
5a162955 1073 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
98a7c37b 1074 fi
1075 else
1076 if test -n "${need_dash_r}"; then
5a162955 1077 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
98a7c37b 1078 else
5a162955 1079 LDFLAGS="-L${withval} ${LDFLAGS}"
98a7c37b 1080 fi
1081 fi
1082 if test -d "${withval}/include"; then
5a162955 1083 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
98a7c37b 1084 else
5a162955 1085 CPPFLAGS="-I${withval} ${CPPFLAGS}"
98a7c37b 1086 fi
98a7c37b 1087 fi
ddceb1c8 1088 LIBWRAP="-lwrap"
1089 LIBS="$LIBWRAP $LIBS"
278588d8 1090 AC_MSG_CHECKING(for libwrap)
1091 AC_TRY_LINK(
1092 [
77f09220 1093#include <sys/types.h>
1094#include <sys/socket.h>
1095#include <netinet/in.h>
278588d8 1096#include <tcpd.h>
1097 int deny_severity = 0, allow_severity = 0;
1098 ],
1099 [hosts_access(0);],
1100 [
1101 AC_MSG_RESULT(yes)
3466e002 1102 AC_DEFINE(LIBWRAP, 1,
1103 [Define if you want
1104 TCP Wrappers support])
ddceb1c8 1105 AC_SUBST(LIBWRAP)
98a7c37b 1106 TCPW_MSG="yes"
278588d8 1107 ],
1108 [
1109 AC_MSG_ERROR([*** libwrap missing])
1110 ]
1111 )
ddceb1c8 1112 LIBS="$saved_LIBS"
278588d8 1113 fi
1114 ]
1115)
1116
59031773 1117# Check whether user wants libedit support
1118LIBEDIT_MSG="no"
1119AC_ARG_WITH(libedit,
6ff3d0dc 1120 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
59031773 1121 [ if test "x$withval" != "xno" ; then
737edf04 1122 if test "x$withval" != "xyes"; then
bb116c8e 1123 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1124 if test -n "${need_dash_r}"; then
1125 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1126 else
1127 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1128 fi
737edf04 1129 fi
59031773 1130 AC_CHECK_LIB(edit, el_init,
3466e002 1131 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
59031773 1132 LIBEDIT="-ledit -lcurses"
1133 LIBEDIT_MSG="yes"
1134 AC_SUBST(LIBEDIT)
1135 ],
737edf04 1136 [ AC_MSG_ERROR(libedit not found) ],
1137 [ -lcurses ]
59031773 1138 )
f47ddccb 1139 AC_MSG_CHECKING(if libedit version is compatible)
d92622f9 1140 AC_COMPILE_IFELSE(
1141 [AC_LANG_SOURCE([[
1142#include <histedit.h>
f47ddccb 1143int main(void)
1144{
1145 int i = H_SETSIZE;
1146 el_init("", NULL, NULL, NULL);
1147 exit(0);
1148}
d92622f9 1149 ]])],
f47ddccb 1150 [ AC_MSG_RESULT(yes) ],
1151 [ AC_MSG_RESULT(no)
1152 AC_MSG_ERROR(libedit version is not compatible) ]
1153 )
59031773 1154 fi ]
1155)
1156
7b578f7d 1157AUDIT_MODULE=none
1158AC_ARG_WITH(audit,
1159 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1160 [
1161 AC_MSG_CHECKING(for supported audit module)
1162 case "$withval" in
1163 bsm)
1164 AC_MSG_RESULT(bsm)
1165 AUDIT_MODULE=bsm
1166 dnl Checks for headers, libs and functions
1167 AC_CHECK_HEADERS(bsm/audit.h, [],
1168 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1169 AC_CHECK_LIB(bsm, getaudit, [],
1170 [AC_MSG_ERROR(BSM enabled and required library not found)])
1171 AC_CHECK_FUNCS(getaudit, [],
1172 [AC_MSG_ERROR(BSM enabled and required function not found)])
1173 # These are optional
7939c496 1174 AC_CHECK_FUNCS(getaudit_addr)
3466e002 1175 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
7b578f7d 1176 ;;
1177 debug)
1178 AUDIT_MODULE=debug
1179 AC_MSG_RESULT(debug)
3466e002 1180 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
7b578f7d 1181 ;;
a2b3321d 1182 no)
d92622f9 1183 AC_MSG_RESULT(no)
a2b3321d 1184 ;;
7b578f7d 1185 *)
1186 AC_MSG_ERROR([Unknown audit module $withval])
1187 ;;
1188 esac ]
1189)
1190
19160674 1191dnl Checks for library functions. Please keep in alphabetical order
b04a9f8c 1192AC_CHECK_FUNCS( \
1193 arc4random \
9a406e1e 1194 asprintf \
b04a9f8c 1195 b64_ntop \
1196 __b64_ntop \
1197 b64_pton \
1198 __b64_pton \
1199 bcopy \
1200 bindresvport_sa \
1201 clock \
1202 closefrom \
1203 dirfd \
b04a9f8c 1204 fchmod \
1205 fchown \
1206 freeaddrinfo \
1207 futimes \
1208 getaddrinfo \
1209 getcwd \
1210 getgrouplist \
1211 getnameinfo \
1212 getopt \
1213 getpeereid \
1214 _getpty \
1215 getrlimit \
1216 getttyent \
1217 glob \
1218 inet_aton \
1219 inet_ntoa \
1220 inet_ntop \
1221 innetgr \
1222 login_getcapbool \
1223 md5_crypt \
1224 memmove \
1225 mkdtemp \
1226 mmap \
1227 ngetaddrinfo \
1228 nsleep \
1229 ogetaddrinfo \
1230 openlog_r \
1231 openpty \
1232 prctl \
1233 pstat \
1234 readpassphrase \
1235 realpath \
1236 recvmsg \
1237 rresvport_af \
1238 sendmsg \
1239 setdtablesize \
1240 setegid \
1241 setenv \
1242 seteuid \
1243 setgroups \
1244 setlogin \
1245 setpcred \
1246 setproctitle \
1247 setregid \
1248 setreuid \
1249 setrlimit \
1250 setsid \
1251 setvbuf \
1252 sigaction \
1253 sigvec \
1254 snprintf \
1255 socketpair \
1256 strdup \
1257 strerror \
1258 strlcat \
1259 strlcpy \
1260 strmode \
1261 strnvis \
1262 strtonum \
1e29a0c8 1263 strtoll \
b04a9f8c 1264 strtoul \
1265 sysconf \
1266 tcgetpgrp \
1267 truncate \
1268 unsetenv \
1269 updwtmpx \
9a406e1e 1270 vasprintf \
b04a9f8c 1271 vhangup \
1272 vsnprintf \
1273 waitpid \
19160674 1274)
98a7c37b 1275
1a086f97 1276# IRIX has a const char return value for gai_strerror()
1277AC_CHECK_FUNCS(gai_strerror,[
1278 AC_DEFINE(HAVE_GAI_STRERROR)
1279 AC_TRY_COMPILE([
1280#include <sys/types.h>
1281#include <sys/socket.h>
1282#include <netdb.h>
1283
1284const char *gai_strerror(int);],[
1285char *str;
1286
1287str = gai_strerror(0);],[
1288 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1289 [Define if gai_strerror() returns const char *])])])
1290
3466e002 1291AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1292 [Some systems put nanosleep outside of libc]))
92b1decf 1293
309709db 1294dnl Make sure prototypes are defined for these before using them.
309709db 1295AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
0957c2cf 1296AC_CHECK_DECL(strsep,
1297 [AC_CHECK_FUNCS(strsep)],
1298 [],
1299 [
1300#ifdef HAVE_STRING_H
1301# include <string.h>
1302#endif
1303 ])
08412d26 1304
3490699c 1305dnl tcsendbreak might be a macro
1306AC_CHECK_DECL(tcsendbreak,
1307 [AC_DEFINE(HAVE_TCSENDBREAK)],
aff51935 1308 [AC_CHECK_FUNCS(tcsendbreak)],
3490699c 1309 [#include <termios.h>]
1310)
1311
41e0e158 1312AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1313
71f4c727 1314AC_CHECK_DECLS(SHUT_RD, , ,
1315 [
1316#include <sys/types.h>
1317#include <sys/socket.h>
1318 ])
956d6743 1319
1320AC_CHECK_DECLS(O_NONBLOCK, , ,
1321 [
1322#include <sys/types.h>
1323#ifdef HAVE_SYS_STAT_H
1324# include <sys/stat.h>
1325#endif
1326#ifdef HAVE_FCNTL_H
1327# include <fcntl.h>
1328#endif
1329 ])
1330
3f176010 1331AC_CHECK_FUNCS(setresuid, [
1332 dnl Some platorms have setresuid that isn't implemented, test for this
1333 AC_MSG_CHECKING(if setresuid seems to work)
479cece8 1334 AC_RUN_IFELSE(
1335 [AC_LANG_SOURCE([[
9a3fe0e2 1336#include <stdlib.h>
1337#include <errno.h>
1338int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
479cece8 1339 ]])],
3f176010 1340 [AC_MSG_RESULT(yes)],
3466e002 1341 [AC_DEFINE(BROKEN_SETRESUID, 1,
1342 [Define if your setresuid() is broken])
1a01a50c 1343 AC_MSG_RESULT(not implemented)],
1344 [AC_MSG_WARN([cross compiling: not checking setresuid])]
3f176010 1345 )
1346])
9a3fe0e2 1347
3f176010 1348AC_CHECK_FUNCS(setresgid, [
1349 dnl Some platorms have setresgid that isn't implemented, test for this
1350 AC_MSG_CHECKING(if setresgid seems to work)
479cece8 1351 AC_RUN_IFELSE(
1352 [AC_LANG_SOURCE([[
9a3fe0e2 1353#include <stdlib.h>
1354#include <errno.h>
1355int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
479cece8 1356 ]])],
3f176010 1357 [AC_MSG_RESULT(yes)],
3466e002 1358 [AC_DEFINE(BROKEN_SETRESGID, 1,
1359 [Define if your setresgid() is broken])
1a01a50c 1360 AC_MSG_RESULT(not implemented)],
1361 [AC_MSG_WARN([cross compiling: not checking setresuid])]
3f176010 1362 )
1363])
9a3fe0e2 1364
2e73a022 1365dnl Checks for time functions
1d7b9b20 1366AC_CHECK_FUNCS(gettimeofday time)
2e73a022 1367dnl Checks for utmp functions
b03bd394 1368AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1d7b9b20 1369AC_CHECK_FUNCS(utmpname)
2e73a022 1370dnl Checks for utmpx functions
b03bd394 1371AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1d7b9b20 1372AC_CHECK_FUNCS(setutxent utmpxname)
76cd7316 1373
aff51935 1374AC_CHECK_FUNC(daemon,
3466e002 1375 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1376 [AC_CHECK_LIB(bsd, daemon,
1377 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
beb43d31 1378)
1379
aff51935 1380AC_CHECK_FUNC(getpagesize,
3466e002 1381 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1382 [Define if your libraries define getpagesize()])],
1383 [AC_CHECK_LIB(ucb, getpagesize,
1384 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
aa6bd60a 1385)
1386
2647ae26 1387# Check for broken snprintf
1388if test "x$ac_cv_func_snprintf" = "xyes" ; then
1389 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1a01a50c 1390 AC_RUN_IFELSE(
479cece8 1391 [AC_LANG_SOURCE([[
2647ae26 1392#include <stdio.h>
aec4cb4f 1393int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
479cece8 1394 ]])],
aff51935 1395 [AC_MSG_RESULT(yes)],
2647ae26 1396 [
1397 AC_MSG_RESULT(no)
3466e002 1398 AC_DEFINE(BROKEN_SNPRINTF, 1,
1399 [Define if your snprintf is busted])
2647ae26 1400 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1a01a50c 1401 ],
1402 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2647ae26 1403 )
1404fi
1405
9a406e1e 1406# If we don't have a working asprintf, then we strongly depend on vsnprintf
1407# returning the right thing on overflow: the number of characters it tried to
1408# create (as per SUSv3)
1409if test "x$ac_cv_func_asprintf" != "xyes" && \
1410 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1411 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1412 AC_RUN_IFELSE(
1413 [AC_LANG_SOURCE([[
1414#include <sys/types.h>
1415#include <stdio.h>
1416#include <stdarg.h>
1417
1418int x_snprintf(char *str,size_t count,const char *fmt,...)
1419{
1420 size_t ret; va_list ap;
1421 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1422 return ret;
1423}
1424int main(void)
1425{
1426 char x[1];
1427 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1428} ]])],
1429 [AC_MSG_RESULT(yes)],
1430 [
1431 AC_MSG_RESULT(no)
1432 AC_DEFINE(BROKEN_SNPRINTF, 1,
1433 [Define if your snprintf is busted])
1434 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1435 ],
1436 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1437 )
1438fi
1439
31b0732a 1440# On systems where [v]snprintf is broken, but is declared in stdio,
1441# check that the fmt argument is const char * or just char *.
1442# This is only useful for when BROKEN_SNPRINTF
1443AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1444AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1445 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1446 int main(void) { snprintf(0, 0, 0); }
1447 ]])],
1448 [AC_MSG_RESULT(yes)
1449 AC_DEFINE(SNPRINTF_CONST, [const],
1450 [Define as const if snprintf() can declare const char *fmt])],
1451 [AC_MSG_RESULT(no)
1452 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1453
2f6f9cff 1454# Check for missing getpeereid (or equiv) support
1455NO_PEERCHECK=""
1456if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1457 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1458 AC_TRY_COMPILE(
1459 [#include <sys/types.h>
1460 #include <sys/socket.h>],
1461 [int i = SO_PEERCRED;],
62eb7db4 1462 [ AC_MSG_RESULT(yes)
3466e002 1463 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
62eb7db4 1464 ],
2f6f9cff 1465 [AC_MSG_RESULT(no)
1466 NO_PEERCHECK=1]
1467 )
1468fi
1469
70e7d0b0 1470dnl see whether mkstemp() requires XXXXXX
1471if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1472AC_MSG_CHECKING([for (overly) strict mkstemp])
b0e7249f 1473AC_RUN_IFELSE(
1474 [AC_LANG_SOURCE([[
70e7d0b0 1475#include <stdlib.h>
1476main() { char template[]="conftest.mkstemp-test";
1477if (mkstemp(template) == -1)
1478 exit(1);
1479unlink(template); exit(0);
1480}
b0e7249f 1481 ]])],
70e7d0b0 1482 [
1483 AC_MSG_RESULT(no)
1484 ],
aff51935 1485 [
70e7d0b0 1486 AC_MSG_RESULT(yes)
3466e002 1487 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
70e7d0b0 1488 ],
1489 [
1490 AC_MSG_RESULT(yes)
1491 AC_DEFINE(HAVE_STRICT_MKSTEMP)
aff51935 1492 ]
70e7d0b0 1493)
1494fi
1495
eacb954e 1496dnl make sure that openpty does not reacquire controlling terminal
1497if test ! -z "$check_for_openpty_ctty_bug"; then
1498 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
b0e7249f 1499 AC_RUN_IFELSE(
1500 [AC_LANG_SOURCE([[
eacb954e 1501#include <stdio.h>
1502#include <sys/fcntl.h>
1503#include <sys/types.h>
1504#include <sys/wait.h>
1505
1506int
1507main()
1508{
1509 pid_t pid;
1510 int fd, ptyfd, ttyfd, status;
1511
1512 pid = fork();
1513 if (pid < 0) { /* failed */
1514 exit(1);
1515 } else if (pid > 0) { /* parent */
1516 waitpid(pid, &status, 0);
aff51935 1517 if (WIFEXITED(status))
eacb954e 1518 exit(WEXITSTATUS(status));
1519 else
1520 exit(2);
1521 } else { /* child */
1522 close(0); close(1); close(2);
1523 setsid();
1524 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1525 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1526 if (fd >= 0)
1527 exit(3); /* Acquired ctty: broken */
1528 else
1529 exit(0); /* Did not acquire ctty: OK */
1530 }
1531}
b0e7249f 1532 ]])],
eacb954e 1533 [
1534 AC_MSG_RESULT(yes)
1535 ],
1536 [
1537 AC_MSG_RESULT(no)
1538 AC_DEFINE(SSHD_ACQUIRES_CTTY)
b0e7249f 1539 ],
1540 [
1541 AC_MSG_RESULT(cross-compiling, assuming yes)
eacb954e 1542 ]
1543 )
1544fi
1545
4b492aab 1546if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1547 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2fe51906 1548 AC_MSG_CHECKING(if getaddrinfo seems to work)
b0e7249f 1549 AC_RUN_IFELSE(
1550 [AC_LANG_SOURCE([[
2fe51906 1551#include <stdio.h>
1552#include <sys/socket.h>
1553#include <netdb.h>
1554#include <errno.h>
1555#include <netinet/in.h>
1556
1557#define TEST_PORT "2222"
1558
1559int
1560main(void)
1561{
1562 int err, sock;
1563 struct addrinfo *gai_ai, *ai, hints;
1564 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1565
1566 memset(&hints, 0, sizeof(hints));
1567 hints.ai_family = PF_UNSPEC;
1568 hints.ai_socktype = SOCK_STREAM;
1569 hints.ai_flags = AI_PASSIVE;
1570
1571 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1572 if (err != 0) {
1573 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1574 exit(1);
1575 }
1576
1577 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1578 if (ai->ai_family != AF_INET6)
1579 continue;
1580
1581 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1582 sizeof(ntop), strport, sizeof(strport),
1583 NI_NUMERICHOST|NI_NUMERICSERV);
1584
1585 if (err != 0) {
1586 if (err == EAI_SYSTEM)
1587 perror("getnameinfo EAI_SYSTEM");
1588 else
1589 fprintf(stderr, "getnameinfo failed: %s\n",
1590 gai_strerror(err));
1591 exit(2);
1592 }
1593
1594 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1595 if (sock < 0)
1596 perror("socket");
1597 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1598 if (errno == EBADF)
1599 exit(3);
1600 }
1601 }
1602 exit(0);
1603}
b0e7249f 1604 ]])],
2fe51906 1605 [
1606 AC_MSG_RESULT(yes)
1607 ],
1608 [
1609 AC_MSG_RESULT(no)
1610 AC_DEFINE(BROKEN_GETADDRINFO)
b0e7249f 1611 ],
1612 [
1613 AC_MSG_RESULT(cross-compiling, assuming yes)
2fe51906 1614 ]
1615 )
1616fi
1617
4b492aab 1618if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1619 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
5ccf88cb 1620 AC_MSG_CHECKING(if getaddrinfo seems to work)
b0e7249f 1621 AC_RUN_IFELSE(
1622 [AC_LANG_SOURCE([[
5ccf88cb 1623#include <stdio.h>
1624#include <sys/socket.h>
1625#include <netdb.h>
1626#include <errno.h>
1627#include <netinet/in.h>
1628
1629#define TEST_PORT "2222"
1630
1631int
1632main(void)
1633{
1634 int err, sock;
1635 struct addrinfo *gai_ai, *ai, hints;
1636 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1637
1638 memset(&hints, 0, sizeof(hints));
1639 hints.ai_family = PF_UNSPEC;
1640 hints.ai_socktype = SOCK_STREAM;
1641 hints.ai_flags = AI_PASSIVE;
1642
1643 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1644 if (err != 0) {
1645 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1646 exit(1);
1647 }
1648
1649 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1650 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1651 continue;
1652
1653 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1654 sizeof(ntop), strport, sizeof(strport),
1655 NI_NUMERICHOST|NI_NUMERICSERV);
1656
1657 if (ai->ai_family == AF_INET && err != 0) {
1658 perror("getnameinfo");
1659 exit(2);
1660 }
1661 }
1662 exit(0);
1663}
b0e7249f 1664 ]])],
5ccf88cb 1665 [
1666 AC_MSG_RESULT(yes)
3466e002 1667 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1668 [Define if you have a getaddrinfo that fails
1669 for the all-zeros IPv6 address])
5ccf88cb 1670 ],
1671 [
1672 AC_MSG_RESULT(no)
1673 AC_DEFINE(BROKEN_GETADDRINFO)
b0e7249f 1674 ],
ecd9ec09 1675 [
b0e7249f 1676 AC_MSG_RESULT(cross-compiling, assuming no)
5ccf88cb 1677 ]
1678 )
1679fi
1680
b29fd59f 1681if test "x$check_for_conflicting_getspnam" = "x1"; then
1682 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1683 AC_COMPILE_IFELSE(
1684 [
1685#include <shadow.h>
1686int main(void) {exit(0);}
1687 ],
1688 [
1689 AC_MSG_RESULT(no)
1690 ],
1691 [
1692 AC_MSG_RESULT(yes)
1693 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1694 [Conflicting defs for getspnam])
1695 ]
1696 )
1697fi
1698
7f8f5e00 1699AC_FUNC_GETPGRP
1700
5b991353 1701# Search for OpenSSL
1702saved_CPPFLAGS="$CPPFLAGS"
1703saved_LDFLAGS="$LDFLAGS"
a0391976 1704AC_ARG_WITH(ssl-dir,
1705 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1706 [
e9e4a1c7 1707 if test "x$withval" != "xno" ; then
99eb0f64 1708 case "$withval" in
1709 # Relative paths
1710 ./*|../*) withval="`pwd`/$withval"
1711 esac
5b991353 1712 if test -d "$withval/lib"; then
1713 if test -n "${need_dash_r}"; then
1714 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1715 else
1716 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
d6f13fbb 1717 fi
1718 else
5b991353 1719 if test -n "${need_dash_r}"; then
1720 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1721 else
1722 LDFLAGS="-L${withval} ${LDFLAGS}"
d6f13fbb 1723 fi
1724 fi
5b991353 1725 if test -d "$withval/include"; then
1726 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
d6f13fbb 1727 else
5b991353 1728 CPPFLAGS="-I${withval} ${CPPFLAGS}"
58d100bf 1729 fi
a0391976 1730 fi
5b991353 1731 ]
1732)
5486a457 1733LIBS="-lcrypto $LIBS"
3466e002 1734AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1735 [Define if your ssl headers are included
1736 with #include <openssl/header.h>]),
d45e3d76 1737 [
5b991353 1738 dnl Check default openssl install dir
1739 if test -n "${need_dash_r}"; then
1740 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
d45e3d76 1741 else
5b991353 1742 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
d45e3d76 1743 fi
5b991353 1744 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1745 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1746 [
1747 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1748 ]
1749 )
1750 ]
1751)
1752
cd018561 1753# Determine OpenSSL header version
1754AC_MSG_CHECKING([OpenSSL header version])
1a01a50c 1755AC_RUN_IFELSE(
479cece8 1756 [AC_LANG_SOURCE([[
cd018561 1757#include <stdio.h>
1758#include <string.h>
1759#include <openssl/opensslv.h>
1760#define DATA "conftest.sslincver"
1761int main(void) {
aff51935 1762 FILE *fd;
1763 int rc;
cd018561 1764
aff51935 1765 fd = fopen(DATA,"w");
1766 if(fd == NULL)
1767 exit(1);
cd018561 1768
1769 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1770 exit(1);
1771
1772 exit(0);
1773}
479cece8 1774 ]])],
cd018561 1775 [
1776 ssl_header_ver=`cat conftest.sslincver`
1777 AC_MSG_RESULT($ssl_header_ver)
1778 ],
1779 [
1780 AC_MSG_RESULT(not found)
1781 AC_MSG_ERROR(OpenSSL version header not found.)
1a01a50c 1782 ],
1783 [
1784 AC_MSG_WARN([cross compiling: not checking])
cd018561 1785 ]
1786)
1787
1788# Determine OpenSSL library version
1789AC_MSG_CHECKING([OpenSSL library version])
1a01a50c 1790AC_RUN_IFELSE(
479cece8 1791 [AC_LANG_SOURCE([[
cd018561 1792#include <stdio.h>
1793#include <string.h>
1794#include <openssl/opensslv.h>
1795#include <openssl/crypto.h>
1796#define DATA "conftest.ssllibver"
1797int main(void) {
aff51935 1798 FILE *fd;
1799 int rc;
cd018561 1800
aff51935 1801 fd = fopen(DATA,"w");
1802 if(fd == NULL)
1803 exit(1);
cd018561 1804
1805 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1806 exit(1);
1807
1808 exit(0);
1809}
479cece8 1810 ]])],
cd018561 1811 [
1812 ssl_library_ver=`cat conftest.ssllibver`
1813 AC_MSG_RESULT($ssl_library_ver)
1814 ],
1815 [
1816 AC_MSG_RESULT(not found)
1817 AC_MSG_ERROR(OpenSSL library not found.)
1a01a50c 1818 ],
1819 [
1820 AC_MSG_WARN([cross compiling: not checking])
cd018561 1821 ]
1822)
58d100bf 1823
9780116c 1824# Sanity check OpenSSL headers
1825AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1a01a50c 1826AC_RUN_IFELSE(
479cece8 1827 [AC_LANG_SOURCE([[
9780116c 1828#include <string.h>
1829#include <openssl/opensslv.h>
aec4cb4f 1830int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
479cece8 1831 ]])],
9780116c 1832 [
1833 AC_MSG_RESULT(yes)
1834 ],
1835 [
1836 AC_MSG_RESULT(no)
e15ba28b 1837 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1838Check config.log for details.
1839Also see contrib/findssl.sh for help identifying header/library mismatches.])
1a01a50c 1840 ],
1841 [
1842 AC_MSG_WARN([cross compiling: not checking])
9780116c 1843 ]
1844)
1845
282d6408 1846AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1847AC_LINK_IFELSE(
1848 [AC_LANG_SOURCE([[
1849#include <openssl/evp.h>
1850int main(void) { SSLeay_add_all_algorithms(); }
1851 ]])],
1852 [
1853 AC_MSG_RESULT(yes)
1854 ],
1855 [
1856 AC_MSG_RESULT(no)
1857 saved_LIBS="$LIBS"
1858 LIBS="$LIBS -ldl"
1859 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1860 AC_LINK_IFELSE(
1861 [AC_LANG_SOURCE([[
1862#include <openssl/evp.h>
1863int main(void) { SSLeay_add_all_algorithms(); }
1864 ]])],
1865 [
1866 AC_MSG_RESULT(yes)
1867 ],
1868 [
1869 AC_MSG_RESULT(no)
1870 LIBS="$saved_LIBS"
1871 ]
1872 )
1873 ]
1874)
1875
c7ad0d99 1876AC_ARG_WITH(ssl-engine,
1877 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1878 [ if test "x$withval" != "xno" ; then
1879 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1880 AC_TRY_COMPILE(
1881 [ #include <openssl/engine.h>],
1882 [
1883int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1884 ],
1885 [ AC_MSG_RESULT(yes)
1886 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1887 [Enable OpenSSL engine support])
1888 ],
1889 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1890 )
1891 fi ]
1892)
1893
e5146707 1894# Check for OpenSSL without EVP_aes_{192,256}_cbc
1895AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3e05aa50 1896AC_LINK_IFELSE(
e5146707 1897 [AC_LANG_SOURCE([[
1898#include <string.h>
1899#include <openssl/evp.h>
300ea548 1900int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
e5146707 1901 ]])],
1902 [
1903 AC_MSG_RESULT(no)
1904 ],
1905 [
1906 AC_MSG_RESULT(yes)
1907 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1908 [libcrypto is missing AES 192 and 256 bit functions])
1909 ]
1910)
1911
5486a457 1912# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1913# because the system crypt() is more featureful.
1914if test "x$check_for_libcrypt_before" = "x1"; then
1915 AC_CHECK_LIB(crypt, crypt)
1916fi
1917
aff51935 1918# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
8087c5ee 1919# version in OpenSSL.
05114c74 1920if test "x$check_for_libcrypt_later" = "x1"; then
20cad736 1921 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
717057b6 1922fi
1923
13ff27b7 1924# Search for SHA256 support in libc and/or OpenSSL
1925AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1926
4c653d8e 1927AC_CHECK_LIB(iaf, ia_openinfo)
f1b0ecc3 1928
1929### Configure cryptographic random number support
1930
1931# Check wheter OpenSSL seeds itself
1932AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1a01a50c 1933AC_RUN_IFELSE(
479cece8 1934 [AC_LANG_SOURCE([[
f1b0ecc3 1935#include <string.h>
1936#include <openssl/rand.h>
aec4cb4f 1937int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
479cece8 1938 ]])],
f1b0ecc3 1939 [
1940 OPENSSL_SEEDS_ITSELF=yes
1941 AC_MSG_RESULT(yes)
1942 ],
1943 [
1944 AC_MSG_RESULT(no)
1945 # Default to use of the rand helper if OpenSSL doesn't
1946 # seed itself
1947 USE_RAND_HELPER=yes
1a01a50c 1948 ],
1949 [
1950 AC_MSG_WARN([cross compiling: assuming yes])
1951 # This is safe, since all recent OpenSSL versions will
82f4e93d 1952 # complain at runtime if not seeded correctly.
1a01a50c 1953 OPENSSL_SEEDS_ITSELF=yes
f1b0ecc3 1954 ]
1955)
1956
a086f73b 1957# Check for PAM libs
1958PAM_MSG="no"
1959AC_ARG_WITH(pam,
1960 [ --with-pam Enable PAM support ],
1961 [
1962 if test "x$withval" != "xno" ; then
1963 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1964 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1965 AC_MSG_ERROR([PAM headers not found])
1966 fi
1967
1968 saved_LIBS="$LIBS"
1969 AC_CHECK_LIB(dl, dlopen, , )
1970 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1971 AC_CHECK_FUNCS(pam_getenvlist)
1972 AC_CHECK_FUNCS(pam_putenv)
1973 LIBS="$saved_LIBS"
1974
1975 PAM_MSG="yes"
1976
282d6408 1977 LIBPAM="-lpam"
a086f73b 1978 AC_DEFINE(USE_PAM, 1,
1979 [Define if you want to enable PAM support])
282d6408 1980
a086f73b 1981 if test $ac_cv_lib_dl_dlopen = yes; then
282d6408 1982 case "$LIBS" in
1983 *-ldl*)
1984 # libdl already in LIBS
1985 ;;
1986 *)
08164407 1987 LIBPAM="$LIBPAM -ldl"
282d6408 1988 ;;
1989 esac
a086f73b 1990 fi
1991 AC_SUBST(LIBPAM)
1992 fi
1993 ]
1994)
1995
1996# Check for older PAM
1997if test "x$PAM_MSG" = "xyes" ; then
1998 # Check PAM strerror arguments (old PAM)
1999 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2000 AC_TRY_COMPILE(
2001 [
2002#include <stdlib.h>
2003#if defined(HAVE_SECURITY_PAM_APPL_H)
2004#include <security/pam_appl.h>
2005#elif defined (HAVE_PAM_PAM_APPL_H)
2006#include <pam/pam_appl.h>
2007#endif
2008 ],
2009 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2010 [AC_MSG_RESULT(no)],
2011 [
2012 AC_DEFINE(HAVE_OLD_PAM, 1,
2013 [Define if you have an old version of PAM
2014 which takes only one argument to pam_strerror])
2015 AC_MSG_RESULT(yes)
2016 PAM_MSG="yes (old library)"
2017 ]
2018 )
2019fi
f1b0ecc3 2020
2021# Do we want to force the use of the rand helper?
2022AC_ARG_WITH(rand-helper,
2023 [ --with-rand-helper Use subprocess to gather strong randomness ],
2024 [
2025 if test "x$withval" = "xno" ; then
aff51935 2026 # Force use of OpenSSL's internal RNG, even if
f1b0ecc3 2027 # the previous test showed it to be unseeded.
2028 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2029 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2030 OPENSSL_SEEDS_ITSELF=yes
2031 USE_RAND_HELPER=""
2032 fi
2033 else
2034 USE_RAND_HELPER=yes
2035 fi
2036 ],
82f4e93d 2037)
f1b0ecc3 2038
2039# Which randomness source do we use?
4b492aab 2040if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
f1b0ecc3 2041 # OpenSSL only
3466e002 2042 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2043 [Define if you want OpenSSL's internally seeded PRNG only])
f1b0ecc3 2044 RAND_MSG="OpenSSL internal ONLY"
2045 INSTALL_SSH_RAND_HELPER=""
70e2f2f3 2046elif test ! -z "$USE_RAND_HELPER" ; then
2047 # install rand helper
f1b0ecc3 2048 RAND_MSG="ssh-rand-helper"
2049 INSTALL_SSH_RAND_HELPER="yes"
2050fi
2051AC_SUBST(INSTALL_SSH_RAND_HELPER)
2052
2053### Configuration of ssh-rand-helper
2054
2055# PRNGD TCP socket
2056AC_ARG_WITH(prngd-port,
2057 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2058 [
eb5d7ff6 2059 case "$withval" in
2060 no)
2061 withval=""
2062 ;;
2063 [[0-9]]*)
2064 ;;
2065 *)
2066 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2067 ;;
2068 esac
2069 if test ! -z "$withval" ; then
f1b0ecc3 2070 PRNGD_PORT="$withval"
3466e002 2071 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2072 [Port number of PRNGD/EGD random number socket])
f1b0ecc3 2073 fi
2074 ]
2075)
2076
2077# PRNGD Unix domain socket
2078AC_ARG_WITH(prngd-socket,
2079 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2080 [
eb5d7ff6 2081 case "$withval" in
2082 yes)
f1b0ecc3 2083 withval="/var/run/egd-pool"
eb5d7ff6 2084 ;;
2085 no)
2086 withval=""
2087 ;;
2088 /*)
2089 ;;
2090 *)
2091 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2092 ;;
2093 esac
2094
2095 if test ! -z "$withval" ; then
f1b0ecc3 2096 if test ! -z "$PRNGD_PORT" ; then
2097 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2098 fi
906e811b 2099 if test ! -r "$withval" ; then
f1b0ecc3 2100 AC_MSG_WARN(Entropy socket is not readable)
2101 fi
2102 PRNGD_SOCKET="$withval"
3466e002 2103 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2104 [Location of PRNGD/EGD random number socket])
f1b0ecc3 2105 fi
ddceb1c8 2106 ],
2107 [
2108 # Check for existing socket only if we don't have a random device already
2109 if test "$USE_RAND_HELPER" = yes ; then
2110 AC_MSG_CHECKING(for PRNGD/EGD socket)
2111 # Insert other locations here
2112 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2113 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2114 PRNGD_SOCKET="$sock"
2115 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2116 break;
2117 fi
2118 done
2119 if test ! -z "$PRNGD_SOCKET" ; then
2120 AC_MSG_RESULT($PRNGD_SOCKET)
2121 else
2122 AC_MSG_RESULT(not found)
2123 fi
2124 fi
f1b0ecc3 2125 ]
2126)
2127
2128# Change default command timeout for hashing entropy source
2129entropy_timeout=200
2130AC_ARG_WITH(entropy-timeout,
2131 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2132 [
6cf0200f 2133 if test -n "$withval" && test "x$withval" != "xno" && \
2134 test "x${withval}" != "xyes"; then
f1b0ecc3 2135 entropy_timeout=$withval
2136 fi
82f4e93d 2137 ]
f1b0ecc3 2138)
3466e002 2139AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2140 [Builtin PRNG command timeout])
f1b0ecc3 2141
fd3cbf67 2142SSH_PRIVSEP_USER=sshd
9a0fbcb3 2143AC_ARG_WITH(privsep-user,
5222e7ef 2144 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
9a0fbcb3 2145 [
6cf0200f 2146 if test -n "$withval" && test "x$withval" != "xno" && \
2147 test "x${withval}" != "xyes"; then
fd3cbf67 2148 SSH_PRIVSEP_USER=$withval
9a0fbcb3 2149 fi
82f4e93d 2150 ]
9a0fbcb3 2151)
3466e002 2152AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2153 [non-privileged user for privilege separation])
fd3cbf67 2154AC_SUBST(SSH_PRIVSEP_USER)
9a0fbcb3 2155
81dadca3 2156# We do this little dance with the search path to insure
2157# that programs that we select for use by installed programs
2158# (which may be run by the super-user) come from trusted
2159# locations before they come from the user's private area.
2160# This should help avoid accidentally configuring some
2161# random version of a program in someone's personal bin.
2162
2163OPATH=$PATH
2164PATH=/bin:/usr/bin
f95c8ce8 2165test -h /bin 2> /dev/null && PATH=/usr/bin
81dadca3 2166test -d /sbin && PATH=$PATH:/sbin
2167test -d /usr/sbin && PATH=$PATH:/usr/sbin
2168PATH=$PATH:/etc:$OPATH
2169
aff51935 2170# These programs are used by the command hashing source to gather entropy
f1b0ecc3 2171OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2172OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2173OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2174OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2175OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2176OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2177OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2178OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2179OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2180OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2181OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2182OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2183OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2184OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2185OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2186OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
81dadca3 2187# restore PATH
2188PATH=$OPATH
f1b0ecc3 2189
2190# Where does ssh-rand-helper get its randomness from?
2191INSTALL_SSH_PRNG_CMDS=""
2192if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2193 if test ! -z "$PRNGD_PORT" ; then
2194 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2195 elif test ! -z "$PRNGD_SOCKET" ; then
2196 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2197 else
2198 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2199 RAND_HELPER_CMDHASH=yes
2200 INSTALL_SSH_PRNG_CMDS="yes"
2201 fi
2202fi
2203AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2204
2205
66d6c27e 2206# Cheap hack to ensure NEWS-OS libraries are arranged right.
2207if test ! -z "$SONY" ; then
2208 LIBS="$LIBS -liberty";
2209fi
2210
9a406e1e 2211# Check for long long datatypes
2212AC_CHECK_TYPES([long long, unsigned long long, long double])
2213
2214# Check datatype sizes
976f7e19 2215AC_CHECK_SIZEOF(char, 1)
2b942fe0 2216AC_CHECK_SIZEOF(short int, 2)
2217AC_CHECK_SIZEOF(int, 4)
2218AC_CHECK_SIZEOF(long int, 4)
2219AC_CHECK_SIZEOF(long long int, 8)
2220
52f1ccb2 2221# Sanity check long long for some platforms (AIX)
2222if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2223 ac_cv_sizeof_long_long_int=0
2224fi
2225
90f15776 2226# compute LLONG_MIN and LLONG_MAX if we don't know them.
2227if test -z "$have_llong_max"; then
2228 AC_MSG_CHECKING([for max value of long long])
2229 AC_RUN_IFELSE(
2230 [AC_LANG_SOURCE([[
2231#include <stdio.h>
2232/* Why is this so damn hard? */
2233#ifdef __GNUC__
2234# undef __GNUC__
2235#endif
2236#define __USE_ISOC99
2237#include <limits.h>
2238#define DATA "conftest.llminmax"
055252ed 2239#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2240
2241/*
2242 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2243 * we do this the hard way.
2244 */
2245static int
2246fprint_ll(FILE *f, long long n)
2247{
2248 unsigned int i;
2249 int l[sizeof(long long) * 8];
2250
2251 if (n < 0)
2252 if (fprintf(f, "-") < 0)
2253 return -1;
2254 for (i = 0; n != 0; i++) {
2255 l[i] = my_abs(n % 10);
2256 n /= 10;
2257 }
2258 do {
2259 if (fprintf(f, "%d", l[--i]) < 0)
2260 return -1;
2261 } while (i != 0);
2262 if (fprintf(f, " ") < 0)
2263 return -1;
2264 return 0;
2265}
2266
90f15776 2267int main(void) {
2268 FILE *f;
2269 long long i, llmin, llmax = 0;
2270
2271 if((f = fopen(DATA,"w")) == NULL)
2272 exit(1);
2273
2274#if defined(LLONG_MIN) && defined(LLONG_MAX)
2275 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2276 llmin = LLONG_MIN;
2277 llmax = LLONG_MAX;
2278#else
2279 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2280 /* This will work on one's complement and two's complement */
2281 for (i = 1; i > llmax; i <<= 1, i++)
2282 llmax = i;
2283 llmin = llmax + 1LL; /* wrap */
2284#endif
2285
2286 /* Sanity check */
2287 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
055252ed 2288 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2289 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
90f15776 2290 fprintf(f, "unknown unknown\n");
2291 exit(2);
2292 }
2293
055252ed 2294 if (fprint_ll(f, llmin) < 0)
90f15776 2295 exit(3);
055252ed 2296 if (fprint_ll(f, llmax) < 0)
2297 exit(4);
2298 if (fclose(f) < 0)
2299 exit(5);
90f15776 2300 exit(0);
2301}
2302 ]])],
2303 [
2304 llong_min=`$AWK '{print $1}' conftest.llminmax`
2305 llong_max=`$AWK '{print $2}' conftest.llminmax`
2306
90f15776 2307 AC_MSG_RESULT($llong_max)
2308 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2309 [max value of long long calculated by configure])
2310 AC_MSG_CHECKING([for min value of long long])
2311 AC_MSG_RESULT($llong_min)
2312 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2313 [min value of long long calculated by configure])
2314 ],
2315 [
2316 AC_MSG_RESULT(not found)
2317 ],
2318 [
2319 AC_MSG_WARN([cross compiling: not checking])
2320 ]
2321 )
2322fi
2323
2324
a0391976 2325# More checks for data types
14a9a859 2326AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2327 AC_TRY_COMPILE(
aff51935 2328 [ #include <sys/types.h> ],
2329 [ u_int a; a = 1;],
14a9a859 2330 [ ac_cv_have_u_int="yes" ],
2331 [ ac_cv_have_u_int="no" ]
2332 )
2333])
2334if test "x$ac_cv_have_u_int" = "xyes" ; then
3466e002 2335 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
14a9a859 2336 have_u_int=1
2337fi
2338
58d100bf 2339AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2340 AC_TRY_COMPILE(
aff51935 2341 [ #include <sys/types.h> ],
2342 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
58d100bf 2343 [ ac_cv_have_intxx_t="yes" ],
2344 [ ac_cv_have_intxx_t="no" ]
2345 )
2346])
2347if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3466e002 2348 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
58d100bf 2349 have_intxx_t=1
2350fi
41cb4569 2351
2352if (test -z "$have_intxx_t" && \
aff51935 2353 test "x$ac_cv_header_stdint_h" = "xyes")
41cb4569 2354then
2355 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2356 AC_TRY_COMPILE(
aff51935 2357 [ #include <stdint.h> ],
2358 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
41cb4569 2359 [
2360 AC_DEFINE(HAVE_INTXX_T)
2361 AC_MSG_RESULT(yes)
2362 ],
2363 [ AC_MSG_RESULT(no) ]
2364 )
2365fi
2366
bd590612 2367AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2368 AC_TRY_COMPILE(
1cbbe6c8 2369 [
2370#include <sys/types.h>
2371#ifdef HAVE_STDINT_H
2372# include <stdint.h>
2373#endif
2374#include <sys/socket.h>
2375#ifdef HAVE_SYS_BITYPES_H
2376# include <sys/bitypes.h>
2377#endif
aff51935 2378 ],
2379 [ int64_t a; a = 1;],
bd590612 2380 [ ac_cv_have_int64_t="yes" ],
2381 [ ac_cv_have_int64_t="no" ]
2382 )
2383])
2384if test "x$ac_cv_have_int64_t" = "xyes" ; then
3466e002 2385 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
ddceb1c8 2386fi
2387
58d100bf 2388AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2389 AC_TRY_COMPILE(
aff51935 2390 [ #include <sys/types.h> ],
2391 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
58d100bf 2392 [ ac_cv_have_u_intxx_t="yes" ],
2393 [ ac_cv_have_u_intxx_t="no" ]
2394 )
2395])
2396if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3466e002 2397 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
58d100bf 2398 have_u_intxx_t=1
2399fi
2b942fe0 2400
41cb4569 2401if test -z "$have_u_intxx_t" ; then
2402 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2403 AC_TRY_COMPILE(
aff51935 2404 [ #include <sys/socket.h> ],
2405 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
41cb4569 2406 [
2407 AC_DEFINE(HAVE_U_INTXX_T)
2408 AC_MSG_RESULT(yes)
2409 ],
2410 [ AC_MSG_RESULT(no) ]
2411 )
2412fi
2413
bd590612 2414AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2415 AC_TRY_COMPILE(
aff51935 2416 [ #include <sys/types.h> ],
2417 [ u_int64_t a; a = 1;],
bd590612 2418 [ ac_cv_have_u_int64_t="yes" ],
2419 [ ac_cv_have_u_int64_t="no" ]
2420 )
2421])
2422if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3466e002 2423 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
bd590612 2424 have_u_int64_t=1
2425fi
2426
ddceb1c8 2427if test -z "$have_u_int64_t" ; then
2428 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2429 AC_TRY_COMPILE(
aff51935 2430 [ #include <sys/bitypes.h> ],
ddceb1c8 2431 [ u_int64_t a; a = 1],
2432 [
2433 AC_DEFINE(HAVE_U_INT64_T)
2434 AC_MSG_RESULT(yes)
2435 ],
2436 [ AC_MSG_RESULT(no) ]
2437 )
2438fi
2439
41cb4569 2440if test -z "$have_u_intxx_t" ; then
2441 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2442 AC_TRY_COMPILE(
2443 [
2444#include <sys/types.h>
aff51935 2445 ],
2446 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
41cb4569 2447 [ ac_cv_have_uintxx_t="yes" ],
2448 [ ac_cv_have_uintxx_t="no" ]
2449 )
2450 ])
2451 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3466e002 2452 AC_DEFINE(HAVE_UINTXX_T, 1,
2453 [define if you have uintxx_t data type])
41cb4569 2454 fi
2455fi
2456
2457if test -z "$have_uintxx_t" ; then
2458 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2459 AC_TRY_COMPILE(
aff51935 2460 [ #include <stdint.h> ],
2461 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
41cb4569 2462 [
2463 AC_DEFINE(HAVE_UINTXX_T)
2464 AC_MSG_RESULT(yes)
2465 ],
2466 [ AC_MSG_RESULT(no) ]
2467 )
2468fi
2469
e5fe9a1f 2470if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
aff51935 2471 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
5cdfe03f 2472then
2473 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2474 AC_TRY_COMPILE(
58d100bf 2475 [
2476#include <sys/bitypes.h>
aff51935 2477 ],
5cdfe03f 2478 [
837c30b8 2479 int8_t a; int16_t b; int32_t c;
2480 u_int8_t e; u_int16_t f; u_int32_t g;
2481 a = b = c = e = f = g = 1;
aff51935 2482 ],
5cdfe03f 2483 [
2484 AC_DEFINE(HAVE_U_INTXX_T)
2485 AC_DEFINE(HAVE_INTXX_T)
2486 AC_MSG_RESULT(yes)
2487 ],
2488 [AC_MSG_RESULT(no)]
aff51935 2489 )
5cdfe03f 2490fi
2491
0362750e 2492
2493AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2494 AC_TRY_COMPILE(
2495 [
2496#include <sys/types.h>
2497 ],
2498 [ u_char foo; foo = 125; ],
2499 [ ac_cv_have_u_char="yes" ],
2500 [ ac_cv_have_u_char="no" ]
2501 )
2502])
2503if test "x$ac_cv_have_u_char" = "xyes" ; then
3466e002 2504 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
0362750e 2505fi
2506
98a7c37b 2507TYPE_SOCKLEN_T
2b942fe0 2508
2d16d9a3 2509AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
ddceb1c8 2510
777ece68 2511AC_CHECK_TYPES(in_addr_t,,,
2512[#include <sys/types.h>
2513#include <netinet/in.h>])
7b578f7d 2514
58d100bf 2515AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2516 AC_TRY_COMPILE(
2517 [
18ba2aab 2518#include <sys/types.h>
58d100bf 2519 ],
2520 [ size_t foo; foo = 1235; ],
2521 [ ac_cv_have_size_t="yes" ],
2522 [ ac_cv_have_size_t="no" ]
2523 )
2524])
2525if test "x$ac_cv_have_size_t" = "xyes" ; then
3466e002 2526 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
58d100bf 2527fi
ea1970a3 2528
c04f75f1 2529AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2530 AC_TRY_COMPILE(
2531 [
2532#include <sys/types.h>
2533 ],
2534 [ ssize_t foo; foo = 1235; ],
2535 [ ac_cv_have_ssize_t="yes" ],
2536 [ ac_cv_have_ssize_t="no" ]
2537 )
2538])
2539if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3466e002 2540 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
c04f75f1 2541fi
2542
f1c4659d 2543AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2544 AC_TRY_COMPILE(
2545 [
2546#include <time.h>
2547 ],
2548 [ clock_t foo; foo = 1235; ],
2549 [ ac_cv_have_clock_t="yes" ],
2550 [ ac_cv_have_clock_t="no" ]
2551 )
2552])
2553if test "x$ac_cv_have_clock_t" = "xyes" ; then
3466e002 2554 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
f1c4659d 2555fi
2556
1c04b088 2557AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2558 AC_TRY_COMPILE(
2559 [
2560#include <sys/types.h>
2561#include <sys/socket.h>
2562 ],
2563 [ sa_family_t foo; foo = 1235; ],
2564 [ ac_cv_have_sa_family_t="yes" ],
77bb0bca 2565 [ AC_TRY_COMPILE(
2566 [
2567#include <sys/types.h>
2568#include <sys/socket.h>
2569#include <netinet/in.h>
2570 ],
2571 [ sa_family_t foo; foo = 1235; ],
2572 [ ac_cv_have_sa_family_t="yes" ],
2573
1c04b088 2574 [ ac_cv_have_sa_family_t="no" ]
77bb0bca 2575 )]
1c04b088 2576 )
2577])
2578if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3466e002 2579 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2580 [define if you have sa_family_t data type])
1c04b088 2581fi
2582
729bfe59 2583AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2584 AC_TRY_COMPILE(
2585 [
2586#include <sys/types.h>
2587 ],
2588 [ pid_t foo; foo = 1235; ],
2589 [ ac_cv_have_pid_t="yes" ],
2590 [ ac_cv_have_pid_t="no" ]
2591 )
2592])
2593if test "x$ac_cv_have_pid_t" = "xyes" ; then
3466e002 2594 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
729bfe59 2595fi
2596
2597AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2598 AC_TRY_COMPILE(
2599 [
2600#include <sys/types.h>
2601 ],
2602 [ mode_t foo; foo = 1235; ],
2603 [ ac_cv_have_mode_t="yes" ],
2604 [ ac_cv_have_mode_t="no" ]
2605 )
2606])
2607if test "x$ac_cv_have_mode_t" = "xyes" ; then
3466e002 2608 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
729bfe59 2609fi
2610
e3a93db0 2611
58d100bf 2612AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2613 AC_TRY_COMPILE(
2614 [
18ba2aab 2615#include <sys/types.h>
2616#include <sys/socket.h>
58d100bf 2617 ],
2618 [ struct sockaddr_storage s; ],
2619 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2620 [ ac_cv_have_struct_sockaddr_storage="no" ]
2621 )
2622])
2623if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3466e002 2624 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2625 [define if you have struct sockaddr_storage data type])
58d100bf 2626fi
48e671d5 2627
58d100bf 2628AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2629 AC_TRY_COMPILE(
2630 [
cbd7492e 2631#include <sys/types.h>
58d100bf 2632#include <netinet/in.h>
2633 ],
2634 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2635 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2636 [ ac_cv_have_struct_sockaddr_in6="no" ]
2637 )
2638])
2639if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3466e002 2640 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2641 [define if you have struct sockaddr_in6 data type])
58d100bf 2642fi
48e671d5 2643
58d100bf 2644AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2645 AC_TRY_COMPILE(
2646 [
cbd7492e 2647#include <sys/types.h>
58d100bf 2648#include <netinet/in.h>
2649 ],
2650 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2651 [ ac_cv_have_struct_in6_addr="yes" ],
2652 [ ac_cv_have_struct_in6_addr="no" ]
2653 )
2654])
2655if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3466e002 2656 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2657 [define if you have struct in6_addr data type])
58d100bf 2658fi
48e671d5 2659
58d100bf 2660AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2661 AC_TRY_COMPILE(
2662 [
18ba2aab 2663#include <sys/types.h>
2664#include <sys/socket.h>
2665#include <netdb.h>
58d100bf 2666 ],
2667 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2668 [ ac_cv_have_struct_addrinfo="yes" ],
2669 [ ac_cv_have_struct_addrinfo="no" ]
2670 )
2671])
2672if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3466e002 2673 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2674 [define if you have struct addrinfo data type])
58d100bf 2675fi
2676
89c7e31c 2677AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2678 AC_TRY_COMPILE(
aff51935 2679 [ #include <sys/time.h> ],
2680 [ struct timeval tv; tv.tv_sec = 1;],
89c7e31c 2681 [ ac_cv_have_struct_timeval="yes" ],
2682 [ ac_cv_have_struct_timeval="no" ]
2683 )
2684])
2685if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3466e002 2686 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
89c7e31c 2687 have_struct_timeval=1
2688fi
2689
5271b55c 2690AC_CHECK_TYPES(struct timespec)
2691
85abc74b 2692# We need int64_t or else certian parts of the compile will fail.
4b492aab 2693if test "x$ac_cv_have_int64_t" = "xno" && \
2694 test "x$ac_cv_sizeof_long_int" != "x8" && \
2695 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
85abc74b 2696 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2697 echo "an alternative compiler (I.E., GCC) before continuing."
2698 echo ""
2699 exit 1;
733cf7f4 2700else
2701dnl test snprintf (broken on SCO w/gcc)
1a01a50c 2702 AC_RUN_IFELSE(
479cece8 2703 [AC_LANG_SOURCE([[
733cf7f4 2704#include <stdio.h>
2705#include <string.h>
2706#ifdef HAVE_SNPRINTF
2707main()
2708{
2709 char buf[50];
2710 char expected_out[50];
2711 int mazsize = 50 ;
2712#if (SIZEOF_LONG_INT == 8)
2713 long int num = 0x7fffffffffffffff;
2714#else
763a1a18 2715 long long num = 0x7fffffffffffffffll;
733cf7f4 2716#endif
2717 strcpy(expected_out, "9223372036854775807");
2718 snprintf(buf, mazsize, "%lld", num);
2719 if(strcmp(buf, expected_out) != 0)
aff51935 2720 exit(1);
733cf7f4 2721 exit(0);
2722}
2723#else
2724main() { exit(0); }
2725#endif
479cece8 2726 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
1a01a50c 2727 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
733cf7f4 2728 )
2c523de9 2729fi
2730
77bb0bca 2731dnl Checks for structure members
58d100bf 2732OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2733OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2734OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2735OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2736OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
25422c70 2737OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
58d100bf 2738OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2739OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
daaff4d5 2740OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
58d100bf 2741OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2742OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2743OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2744OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1d7b9b20 2745OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2746OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2747OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2748OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
98a7c37b 2749
2750AC_CHECK_MEMBERS([struct stat.st_blksize])
ccc45ee0 2751AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2752 [Define if we don't have struct __res_state in resolv.h])],
2753[
2754#include <stdio.h>
2755#if HAVE_SYS_TYPES_H
2756# include <sys/types.h>
2757#endif
2758#include <netinet/in.h>
2759#include <arpa/nameser.h>
2760#include <resolv.h>
2761])
1d7b9b20 2762
58d100bf 2763AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2764 ac_cv_have_ss_family_in_struct_ss, [
2765 AC_TRY_COMPILE(
2766 [
18ba2aab 2767#include <sys/types.h>
2768#include <sys/socket.h>
58d100bf 2769 ],
2770 [ struct sockaddr_storage s; s.ss_family = 1; ],
2771 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2772 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2773 )
2774])
2775if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3466e002 2776 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
58d100bf 2777fi
2778
58d100bf 2779AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2780 ac_cv_have___ss_family_in_struct_ss, [
2781 AC_TRY_COMPILE(
2782 [
18ba2aab 2783#include <sys/types.h>
2784#include <sys/socket.h>
58d100bf 2785 ],
2786 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2787 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2788 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2789 )
2790])
2791if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3466e002 2792 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2793 [Fields in struct sockaddr_storage])
58d100bf 2794fi
2795
2e73a022 2796AC_CACHE_CHECK([for pw_class field in struct passwd],
2797 ac_cv_have_pw_class_in_struct_passwd, [
2798 AC_TRY_COMPILE(
2799 [
2e73a022 2800#include <pwd.h>
2801 ],
97994d32 2802 [ struct passwd p; p.pw_class = 0; ],
2e73a022 2803 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2804 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2805 )
2806])
2807if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3466e002 2808 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2809 [Define if your password has a pw_class field])
2e73a022 2810fi
2811
7751d4eb 2812AC_CACHE_CHECK([for pw_expire field in struct passwd],
2813 ac_cv_have_pw_expire_in_struct_passwd, [
2814 AC_TRY_COMPILE(
2815 [
2816#include <pwd.h>
2817 ],
2818 [ struct passwd p; p.pw_expire = 0; ],
2819 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2820 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2821 )
2822])
2823if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3466e002 2824 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2825 [Define if your password has a pw_expire field])
7751d4eb 2826fi
2827
2828AC_CACHE_CHECK([for pw_change field in struct passwd],
2829 ac_cv_have_pw_change_in_struct_passwd, [
2830 AC_TRY_COMPILE(
2831 [
2832#include <pwd.h>
2833 ],
2834 [ struct passwd p; p.pw_change = 0; ],
2835 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2836 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2837 )
2838])
2839if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3466e002 2840 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2841 [Define if your password has a pw_change field])
7751d4eb 2842fi
58d100bf 2843
637f9177 2844dnl make sure we're using the real structure members and not defines
6f34652e 2845AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2846 ac_cv_have_accrights_in_msghdr, [
1a01a50c 2847 AC_COMPILE_IFELSE(
6f34652e 2848 [
f95c8ce8 2849#include <sys/types.h>
6f34652e 2850#include <sys/socket.h>
2851#include <sys/uio.h>
637f9177 2852int main() {
2853#ifdef msg_accrights
1a01a50c 2854#error "msg_accrights is a macro"
637f9177 2855exit(1);
2856#endif
2857struct msghdr m;
2858m.msg_accrights = 0;
2859exit(0);
2860}
6f34652e 2861 ],
6f34652e 2862 [ ac_cv_have_accrights_in_msghdr="yes" ],
2863 [ ac_cv_have_accrights_in_msghdr="no" ]
2864 )
2865])
2866if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3466e002 2867 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2868 [Define if your system uses access rights style
2869 file descriptor passing])
6f34652e 2870fi
2871
7176df4f 2872AC_CACHE_CHECK([for msg_control field in struct msghdr],
2873 ac_cv_have_control_in_msghdr, [
1a01a50c 2874 AC_COMPILE_IFELSE(
7176df4f 2875 [
f95c8ce8 2876#include <sys/types.h>
7176df4f 2877#include <sys/socket.h>
2878#include <sys/uio.h>
637f9177 2879int main() {
2880#ifdef msg_control
1a01a50c 2881#error "msg_control is a macro"
637f9177 2882exit(1);
2883#endif
2884struct msghdr m;
2885m.msg_control = 0;
2886exit(0);
2887}
7176df4f 2888 ],
7176df4f 2889 [ ac_cv_have_control_in_msghdr="yes" ],
2890 [ ac_cv_have_control_in_msghdr="no" ]
2891 )
2892])
2893if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3466e002 2894 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2895 [Define if your system uses ancillary data style
2896 file descriptor passing])
7176df4f 2897fi
2898
58d100bf 2899AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
aff51935 2900 AC_TRY_LINK([],
2901 [ extern char *__progname; printf("%s", __progname); ],
58d100bf 2902 [ ac_cv_libc_defines___progname="yes" ],
2903 [ ac_cv_libc_defines___progname="no" ]
2904 )
2905])
2906if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3466e002 2907 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
58d100bf 2908fi
8946db53 2909
c921ee00 2910AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2911 AC_TRY_LINK([
2912#include <stdio.h>
aff51935 2913],
2914 [ printf("%s", __FUNCTION__); ],
c921ee00 2915 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2916 [ ac_cv_cc_implements___FUNCTION__="no" ]
2917 )
2918])
2919if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3466e002 2920 AC_DEFINE(HAVE___FUNCTION__, 1,
2921 [Define if compiler implements __FUNCTION__])
c921ee00 2922fi
2923
2924AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2925 AC_TRY_LINK([
2926#include <stdio.h>
aff51935 2927],
2928 [ printf("%s", __func__); ],
c921ee00 2929 [ ac_cv_cc_implements___func__="yes" ],
2930 [ ac_cv_cc_implements___func__="no" ]
2931 )
2932])
2933if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3466e002 2934 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
c921ee00 2935fi
2936
9a406e1e 2937AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2938 AC_TRY_LINK(
2939 [#include <stdarg.h>
2940 va_list x,y;],
2941 [va_copy(x,y);],
2942 [ ac_cv_have_va_copy="yes" ],
2943 [ ac_cv_have_va_copy="no" ]
2944 )
2945])
2946if test "x$ac_cv_have_va_copy" = "xyes" ; then
2947 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2948fi
2949
2950AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2951 AC_TRY_LINK(
2952 [#include <stdarg.h>
2953 va_list x,y;],
2954 [__va_copy(x,y);],
2955 [ ac_cv_have___va_copy="yes" ],
2956 [ ac_cv_have___va_copy="no" ]
2957 )
2958])
2959if test "x$ac_cv_have___va_copy" = "xyes" ; then
2960 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2961fi
2962
1812a662 2963AC_CACHE_CHECK([whether getopt has optreset support],
2964 ac_cv_have_getopt_optreset, [
2965 AC_TRY_LINK(
2966 [
2967#include <getopt.h>
2968 ],
2969 [ extern int optreset; optreset = 0; ],
2970 [ ac_cv_have_getopt_optreset="yes" ],
2971 [ ac_cv_have_getopt_optreset="no" ]
2972 )
2973])
2974if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3466e002 2975 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2976 [Define if your getopt(3) defines and uses optreset])
1812a662 2977fi
a0391976 2978
819b676f 2979AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
aff51935 2980 AC_TRY_LINK([],
2981 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
819b676f 2982 [ ac_cv_libc_defines_sys_errlist="yes" ],
2983 [ ac_cv_libc_defines_sys_errlist="no" ]
2984 )
2985])
2986if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3466e002 2987 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2988 [Define if your system defines sys_errlist[]])
819b676f 2989fi
2990
2991
416ed5a7 2992AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
aff51935 2993 AC_TRY_LINK([],
2994 [ extern int sys_nerr; printf("%i", sys_nerr);],
416ed5a7 2995 [ ac_cv_libc_defines_sys_nerr="yes" ],
2996 [ ac_cv_libc_defines_sys_nerr="no" ]
2997 )
2998])
2999if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3466e002 3000 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
416ed5a7 3001fi
3002
aff51935 3003SCARD_MSG="no"
295c8801 3004# Check whether user wants sectok support
3005AC_ARG_WITH(sectok,
3006 [ --with-sectok Enable smartcard support using libsectok],
d0b19c95 3007 [
3008 if test "x$withval" != "xno" ; then
3009 if test "x$withval" != "xyes" ; then
3010 CPPFLAGS="$CPPFLAGS -I${withval}"
3011 LDFLAGS="$LDFLAGS -L${withval}"
3012 if test ! -z "$need_dash_r" ; then
3013 LDFLAGS="$LDFLAGS -R${withval}"
3014 fi
3015 if test ! -z "$blibpath" ; then
3016 blibpath="$blibpath:${withval}"
3017 fi
3018 fi
3019 AC_CHECK_HEADERS(sectok.h)
3020 if test "$ac_cv_header_sectok_h" != yes; then
3021 AC_MSG_ERROR(Can't find sectok.h)
3022 fi
3023 AC_CHECK_LIB(sectok, sectok_open)
3024 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3025 AC_MSG_ERROR(Can't find libsectok)
3026 fi
3466e002 3027 AC_DEFINE(SMARTCARD, 1,
3028 [Define if you want smartcard support])
3029 AC_DEFINE(USE_SECTOK, 1,
3030 [Define if you want smartcard support
3031 using sectok])
aff51935 3032 SCARD_MSG="yes, using sectok"
295c8801 3033 fi
3034 ]
3035)
3036
3037# Check whether user wants OpenSC support
987b458f 3038OPENSC_CONFIG="no"
295c8801 3039AC_ARG_WITH(opensc,
e47fb473 3040 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
987b458f 3041 [
3042 if test "x$withval" != "xno" ; then
3043 if test "x$withval" != "xyes" ; then
3044 OPENSC_CONFIG=$withval/bin/opensc-config
3045 else
3046 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3047 fi
3048 if test "$OPENSC_CONFIG" != "no"; then
3049 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3050 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3051 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3052 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
3053 AC_DEFINE(SMARTCARD)
3466e002 3054 AC_DEFINE(USE_OPENSC, 1,
3055 [Define if you want smartcard support
3056 using OpenSC])
987b458f 3057 SCARD_MSG="yes, using OpenSC"
3058 fi
3059 fi
3060 ]
3061)
d0b19c95 3062
c31dc31c 3063# Check libraries needed by DNS fingerprint support
aff51935 3064AC_SEARCH_LIBS(getrrsetbyname, resolv,
3466e002 3065 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3066 [Define if getrrsetbyname() exists])],
3e05e934 3067 [
c31dc31c 3068 # Needed by our getrrsetbyname()
3069 AC_SEARCH_LIBS(res_query, resolv)
3070 AC_SEARCH_LIBS(dn_expand, resolv)
dabb524a 3071 AC_MSG_CHECKING(if res_query will link)
3072 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3073 [AC_MSG_RESULT(no)
3074 saved_LIBS="$LIBS"
3075 LIBS="$LIBS -lresolv"
3076 AC_MSG_CHECKING(for res_query in -lresolv)
3077 AC_LINK_IFELSE([
3078#include <resolv.h>
3079int main()
3080{
3081 res_query (0, 0, 0, 0, 0);
3082 return 0;
3083}
3084 ],
3085 [LIBS="$LIBS -lresolv"
3086 AC_MSG_RESULT(yes)],
3087 [LIBS="$saved_LIBS"
3088 AC_MSG_RESULT(no)])
3089 ])
c31dc31c 3090 AC_CHECK_FUNCS(_getshort _getlong)
1c829da5 3091 AC_CHECK_DECLS([_getshort, _getlong], , ,
b5765e1d 3092 [#include <sys/types.h>
3093 #include <arpa/nameser.h>])
c31dc31c 3094 AC_CHECK_MEMBER(HEADER.ad,
3466e002 3095 [AC_DEFINE(HAVE_HEADER_AD, 1,
3096 [Define if HEADER.ad exists in arpa/nameser.h])],,
c31dc31c 3097 [#include <arpa/nameser.h>])
3098 ])
3e05e934 3099
ef4d1846 3100# Check whether user wants SELinux support
3101SELINUX_MSG="no"
3102LIBSELINUX=""
3103AC_ARG_WITH(selinux,
3104 [ --with-selinux Enable SELinux support],
3105 [ if test "x$withval" != "xno" ; then
3106 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3107 SELINUX_MSG="yes"
3108 AC_CHECK_HEADER([selinux/selinux.h], ,
3109 AC_MSG_ERROR(SELinux support requires selinux.h header))
3110 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3111 AC_MSG_ERROR(SELinux support requires libselinux library))
3112 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3113 fi ]
3114)
3115AC_SUBST(LIBSELINUX)
3116
12928e80 3117# Check whether user wants Kerberos 5 support
aff51935 3118KRB5_MSG="no"
12928e80 3119AC_ARG_WITH(kerberos5,
aff51935 3120 [ --with-kerberos5=PATH Enable Kerberos 5 support],
5585c441 3121 [ if test "x$withval" != "xno" ; then
3122 if test "x$withval" = "xyes" ; then
3123 KRB5ROOT="/usr/local"
3124 else
3125 KRB5ROOT=${withval}
3126 fi
3127
3466e002 3128 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
5585c441 3129 KRB5_MSG="yes"
3130
3131 AC_MSG_CHECKING(for krb5-config)
3132 if test -x $KRB5ROOT/bin/krb5-config ; then
3133 KRB5CONF=$KRB5ROOT/bin/krb5-config
3134 AC_MSG_RESULT($KRB5CONF)
3135
3136 AC_MSG_CHECKING(for gssapi support)
3137 if $KRB5CONF | grep gssapi >/dev/null ; then
3138 AC_MSG_RESULT(yes)
3466e002 3139 AC_DEFINE(GSSAPI, 1,
3140 [Define this if you want GSSAPI
3141 support in the version 2 protocol])
071970fb 3142 k5confopts=gssapi
aff51935 3143 else
5585c441 3144 AC_MSG_RESULT(no)
071970fb 3145 k5confopts=""
aff51935 3146 fi
071970fb 3147 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3148 K5LIBS="`$KRB5CONF --libs $k5confopts`"
5585c441 3149 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
5585c441 3150 AC_MSG_CHECKING(whether we are using Heimdal)
3151 AC_TRY_COMPILE([ #include <krb5.h> ],
3152 [ char *tmp = heimdal_version; ],
3153 [ AC_MSG_RESULT(yes)
3466e002 3154 AC_DEFINE(HEIMDAL, 1,
3155 [Define this if you are using the
3156 Heimdal version of Kerberos V5]) ],
5585c441 3157 AC_MSG_RESULT(no)
3158 )
3159 else
3160 AC_MSG_RESULT(no)
12928e80 3161 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
aff51935 3162 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
aff51935 3163 AC_MSG_CHECKING(whether we are using Heimdal)
3164 AC_TRY_COMPILE([ #include <krb5.h> ],
3165 [ char *tmp = heimdal_version; ],
3166 [ AC_MSG_RESULT(yes)
3167 AC_DEFINE(HEIMDAL)
41707f74 3168 K5LIBS="-lkrb5 -ldes"
3169 K5LIBS="$K5LIBS -lcom_err -lasn1"
82f4e93d 3170 AC_CHECK_LIB(roken, net_write,
41707f74 3171 [K5LIBS="$K5LIBS -lroken"])
aff51935 3172 ],
3173 [ AC_MSG_RESULT(no)
3174 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3175 ]
3176 )
4e00038c 3177 AC_SEARCH_LIBS(dn_expand, resolv)
12928e80 3178
749560dd 3179 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3180 [ AC_DEFINE(GSSAPI)
3181 K5LIBS="-lgssapi $K5LIBS" ],
3182 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3183 [ AC_DEFINE(GSSAPI)
aff51935 3184 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
749560dd 3185 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3186 $K5LIBS)
3187 ],
3188 $K5LIBS)
82f4e93d 3189
749560dd 3190 AC_CHECK_HEADER(gssapi.h, ,
3191 [ unset ac_cv_header_gssapi_h
aff51935 3192 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
749560dd 3193 AC_CHECK_HEADERS(gssapi.h, ,
3194 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
aff51935 3195 )
749560dd 3196 ]
3197 )
3198
3199 oldCPP="$CPPFLAGS"
3200 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3201 AC_CHECK_HEADER(gssapi_krb5.h, ,
3202 [ CPPFLAGS="$oldCPP" ])
3203
aff51935 3204 fi
5585c441 3205 if test ! -z "$need_dash_r" ; then
3206 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3207 fi
3208 if test ! -z "$blibpath" ; then
3209 blibpath="$blibpath:${KRB5ROOT}/lib"
3210 fi
071970fb 3211
f5555364 3212 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3213 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3214 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
071970fb 3215
f5555364 3216 LIBS="$LIBS $K5LIBS"
3466e002 3217 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3218 [Define this if you want to use libkafs' AFS support]))
f5555364 3219 fi
071970fb 3220 ]
12928e80 3221)
b5b68128 3222
a0391976 3223# Looking for programs, paths and files
a0391976 3224
ecac8ee5 3225PRIVSEP_PATH=/var/empty
3226AC_ARG_WITH(privsep-path,
cda1ebcb 3227 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
ecac8ee5 3228 [
6cf0200f 3229 if test -n "$withval" && test "x$withval" != "xno" && \
3230 test "x${withval}" != "xyes"; then
ecac8ee5 3231 PRIVSEP_PATH=$withval
3232 fi
3233 ]
3234)
3235AC_SUBST(PRIVSEP_PATH)
3236
a0391976 3237AC_ARG_WITH(xauth,
3238 [ --with-xauth=PATH Specify path to xauth program ],
3239 [
6cf0200f 3240 if test -n "$withval" && test "x$withval" != "xno" && \
3241 test "x${withval}" != "xyes"; then
cbd7492e 3242 xauth_path=$withval
a0391976 3243 fi
3244 ],
3245 [
2bf42e4a 3246 TestPath="$PATH"
3247 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3248 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3249 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3250 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3251 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
e5fe9a1f 3252 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
a0391976 3253 xauth_path="/usr/openwin/bin/xauth"
3254 fi
3255 ]
3256)
3257
65a4b4af 3258STRIP_OPT=-s
3259AC_ARG_ENABLE(strip,
3260 [ --disable-strip Disable calling strip(1) on install],
3261 [
3262 if test "x$enableval" = "xno" ; then
3263 STRIP_OPT=
3264 fi
3265 ]
3266)
3267AC_SUBST(STRIP_OPT)
3268
b3ec54b4 3269if test -z "$xauth_path" ; then
3270 XAUTH_PATH="undefined"
3271 AC_SUBST(XAUTH_PATH)
3272else
3466e002 3273 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3274 [Define if xauth is found in your path])
b3ec54b4 3275 XAUTH_PATH=$xauth_path
3276 AC_SUBST(XAUTH_PATH)
a0391976 3277fi
a0391976 3278
3279# Check for mail directory (last resort if we cannot get it from headers)
3280if test ! -z "$MAIL" ; then
3281 maildir=`dirname $MAIL`
3466e002 3282 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3283 [Set this to your mail directory if you don't have maillock.h])
a0391976 3284fi
3285
479cece8 3286if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
1a01a50c 3287 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3288 disable_ptmx_check=yes
3289fi
a0391976 3290if test -z "$no_dev_ptmx" ; then
6e879cb4 3291 if test "x$disable_ptmx_check" != "xyes" ; then
aff51935 3292 AC_CHECK_FILE("/dev/ptmx",
6e879cb4 3293 [
3466e002 3294 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3295 [Define if you have /dev/ptmx])
6e879cb4 3296 have_dev_ptmx=1
3297 ]
3298 )
3299 fi
3276571c 3300fi
1a01a50c 3301
479cece8 3302if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
1a01a50c 3303 AC_CHECK_FILE("/dev/ptc",
3304 [
3466e002 3305 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3306 [Define if you have /dev/ptc])
1a01a50c 3307 have_dev_ptc=1
3308 ]
3309 )
3310else
3311 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3312fi
3276571c 3313
a0391976 3314# Options from here on. Some of these are preset by platform above
fdf6b7aa 3315AC_ARG_WITH(mantype,
5d97cfbf 3316 [ --with-mantype=man|cat|doc Set man page type],
c54a6257 3317 [
5d97cfbf 3318 case "$withval" in
3319 man|cat|doc)
3320 MANTYPE=$withval
3321 ;;
3322 *)
3323 AC_MSG_ERROR(invalid man type: $withval)
3324 ;;
3325 esac
c54a6257 3326 ]
3327)
e0c4d3ac 3328if test -z "$MANTYPE"; then
2bf42e4a 3329 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3330 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
e0c4d3ac 3331 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3332 MANTYPE=doc
3333 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3334 MANTYPE=man
3335 else
3336 MANTYPE=cat
3337 fi
3338fi
c54a6257 3339AC_SUBST(MANTYPE)
e0c4d3ac 3340if test "$MANTYPE" = "doc"; then
3341 mansubdir=man;
3342else
3343 mansubdir=$MANTYPE;
3344fi
3345AC_SUBST(mansubdir)
0bc5b6fb 3346
a0391976 3347# Check whether to enable MD5 passwords
aff51935 3348MD5_MSG="no"
2ddcfdf3 3349AC_ARG_WITH(md5-passwords,
caf3bc51 3350 [ --with-md5-passwords Enable use of MD5 passwords],
0bc5b6fb 3351 [
bcf36c78 3352 if test "x$withval" != "xno" ; then
3466e002 3353 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3354 [Define if you want to allow MD5 passwords])
aff51935 3355 MD5_MSG="yes"
0bc5b6fb 3356 fi
3357 ]
caf3bc51 3358)
3359
a0391976 3360# Whether to disable shadow password support
a7effaac 3361AC_ARG_WITH(shadow,
3362 [ --without-shadow Disable shadow password support],
3363 [
82f4e93d 3364 if test "x$withval" = "xno" ; then
a7effaac 3365 AC_DEFINE(DISABLE_SHADOW)
4cb5ffa0 3366 disable_shadow=yes
a7effaac 3367 fi
3368 ]
3369)
3370
4cb5ffa0 3371if test -z "$disable_shadow" ; then
3372 AC_MSG_CHECKING([if the systems has expire shadow information])
3373 AC_TRY_COMPILE(
3374 [
3375#include <sys/types.h>
3376#include <shadow.h>
3377 struct spwd sp;
3378 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3379 [ sp_expire_available=yes ], []
3380 )
3381
3382 if test "x$sp_expire_available" = "xyes" ; then
3383 AC_MSG_RESULT(yes)
3466e002 3384 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3385 [Define if you want to use shadow password expire field])
4cb5ffa0 3386 else
3387 AC_MSG_RESULT(no)
3388 fi
3389fi
3390
a0391976 3391# Use ip address instead of hostname in $DISPLAY
44839801 3392if test ! -z "$IPADDR_IN_DISPLAY" ; then
3393 DISPLAY_HACK_MSG="yes"
3466e002 3394 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3395 [Define if you need to use IP address
3396 instead of hostname in $DISPLAY])
44839801 3397else
aff51935 3398 DISPLAY_HACK_MSG="no"
44839801 3399 AC_ARG_WITH(ipaddr-display,
3400 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3401 [
82f4e93d 3402 if test "x$withval" != "xno" ; then
44839801 3403 AC_DEFINE(IPADDR_IN_DISPLAY)
aff51935 3404 DISPLAY_HACK_MSG="yes"
44839801 3405 fi
3406 ]
3407 )
3408fi
a7effaac 3409
95b99395 3410# check for /etc/default/login and use it if present.
daa41e62 3411AC_ARG_ENABLE(etc-default-login,
6ff3d0dc 3412 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
694d0cef 3413 [ if test "x$enableval" = "xno"; then
3414 AC_MSG_NOTICE([/etc/default/login handling disabled])
3415 etc_default_login=no
3416 else
3417 etc_default_login=yes
3418 fi ],
b0e7249f 3419 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3420 then
3421 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3422 etc_default_login=no
3423 else
3424 etc_default_login=yes
3425 fi ]
694d0cef 3426)
95b99395 3427
694d0cef 3428if test "x$etc_default_login" != "xno"; then
3429 AC_CHECK_FILE("/etc/default/login",
3430 [ external_path_file=/etc/default/login ])
b0e7249f 3431 if test "x$external_path_file" = "x/etc/default/login"; then
3466e002 3432 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3433 [Define if your system has /etc/default/login])
1a01a50c 3434 fi
694d0cef 3435fi
95b99395 3436
8d184c09 3437dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4b492aab 3438if test $ac_cv_func_login_getcapbool = "yes" && \
3439 test $ac_cv_header_login_cap_h = "yes" ; then
95b99395 3440 external_path_file=/etc/login.conf
8d184c09 3441fi
95b99395 3442
a0391976 3443# Whether to mess with the default path
aff51935 3444SERVER_PATH_MSG="(default)"
c43d69a9 3445AC_ARG_WITH(default-path,
75817f90 3446 [ --with-default-path= Specify default \$PATH environment for server],
cb807f40 3447 [
95b99395 3448 if test "x$external_path_file" = "x/etc/login.conf" ; then
8d184c09 3449 AC_MSG_WARN([
3450--with-default-path=PATH has no effect on this system.
3451Edit /etc/login.conf instead.])
82f4e93d 3452 elif test "x$withval" != "xno" ; then
89bbd457 3453 if test ! -z "$external_path_file" ; then
95b99395 3454 AC_MSG_WARN([
3455--with-default-path=PATH will only be used if PATH is not defined in
3456$external_path_file .])
3457 fi
b2d818e6 3458 user_path="$withval"
aff51935 3459 SERVER_PATH_MSG="$withval"
cb807f40 3460 fi
b2d818e6 3461 ],
95b99395 3462 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3463 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
8d184c09 3464 else
89bbd457 3465 if test ! -z "$external_path_file" ; then
95b99395 3466 AC_MSG_WARN([
3467If PATH is defined in $external_path_file, ensure the path to scp is included,
3468otherwise scp will not work.])
3469 fi
b0e7249f 3470 AC_RUN_IFELSE(
3471 [AC_LANG_SOURCE([[
b2d818e6 3472/* find out what STDPATH is */
3473#include <stdio.h>
b2d818e6 3474#ifdef HAVE_PATHS_H
3475# include <paths.h>
3476#endif
3477#ifndef _PATH_STDPATH
d9a4e55b 3478# ifdef _PATH_USERPATH /* Irix */
3479# define _PATH_STDPATH _PATH_USERPATH
3480# else
3481# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3482# endif
b2d818e6 3483#endif
3484#include <sys/types.h>
3485#include <sys/stat.h>
3486#include <fcntl.h>
3487#define DATA "conftest.stdpath"
3488
3489main()
3490{
3491 FILE *fd;
3492 int rc;
82f4e93d 3493
b2d818e6 3494 fd = fopen(DATA,"w");
3495 if(fd == NULL)
3496 exit(1);
82f4e93d 3497
b2d818e6 3498 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3499 exit(1);
3500
3501 exit(0);
3502}
b0e7249f 3503 ]])],
3504 [ user_path=`cat conftest.stdpath` ],
b2d818e6 3505 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3506 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3507 )
3508# make sure $bindir is in USER_PATH so scp will work
3509 t_bindir=`eval echo ${bindir}`
3510 case $t_bindir in
3511 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3512 esac
3513 case $t_bindir in
3514 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3515 esac
3516 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3517 if test $? -ne 0 ; then
3518 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3519 if test $? -ne 0 ; then
3520 user_path=$user_path:$t_bindir
3521 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3522 fi
3523 fi
8d184c09 3524 fi ]
cb807f40 3525)
95b99395 3526if test "x$external_path_file" != "x/etc/login.conf" ; then
3466e002 3527 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
8d184c09 3528 AC_SUBST(user_path)
3529fi
cb807f40 3530
06617857 3531# Set superuser path separately to user path
06617857 3532AC_ARG_WITH(superuser-path,
3533 [ --with-superuser-path= Specify different path for super-user],
3534 [
6cf0200f 3535 if test -n "$withval" && test "x$withval" != "xno" && \
3536 test "x${withval}" != "xyes"; then
3466e002 3537 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3538 [Define if you want a different $PATH
3539 for the superuser])
06617857 3540 superuser_path=$withval
3541 fi
3542 ]
3543)
3544
3545
58d100bf 3546AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
aff51935 3547IPV4_IN6_HACK_MSG="no"
80faa19f 3548AC_ARG_WITH(4in6,
3549 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3550 [
3551 if test "x$withval" != "xno" ; then
3552 AC_MSG_RESULT(yes)
3466e002 3553 AC_DEFINE(IPV4_IN_IPV6, 1,
3554 [Detect IPv4 in IPv6 mapped addresses
3555 and treat as IPv4])
aff51935 3556 IPV4_IN6_HACK_MSG="yes"
80faa19f 3557 else
3558 AC_MSG_RESULT(no)
3559 fi
3560 ],[
3561 if test "x$inet6_default_4in6" = "xyes"; then
3562 AC_MSG_RESULT([yes (default)])
3563 AC_DEFINE(IPV4_IN_IPV6)
aff51935 3564 IPV4_IN6_HACK_MSG="yes"
80faa19f 3565 else
3566 AC_MSG_RESULT([no (default)])
3567 fi
3568 ]
3569)
3570
af774732 3571# Whether to enable BSD auth support
f1b0ecc3 3572BSD_AUTH_MSG=no
af774732 3573AC_ARG_WITH(bsd-auth,
3574 [ --with-bsd-auth Enable BSD auth support],
3575 [
82f4e93d 3576 if test "x$withval" != "xno" ; then
3466e002 3577 AC_DEFINE(BSD_AUTH, 1,
3578 [Define if you have BSD auth support])
f1b0ecc3 3579 BSD_AUTH_MSG=yes
af774732 3580 fi
3581 ]
3582)
3583
a0391976 3584# Where to place sshd.pid
19d9ac2a 3585piddir=/var/run
81dadca3 3586# make sure the directory exists
82f4e93d 3587if test ! -d $piddir ; then
81dadca3 3588 piddir=`eval echo ${sysconfdir}`
3589 case $piddir in
aff51935 3590 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
81dadca3 3591 esac
3592fi
3593
47e45e44 3594AC_ARG_WITH(pid-dir,
3595 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3596 [
6cf0200f 3597 if test -n "$withval" && test "x$withval" != "xno" && \
3598 test "x${withval}" != "xyes"; then
19d9ac2a 3599 piddir=$withval
82f4e93d 3600 if test ! -d $piddir ; then
81dadca3 3601 AC_MSG_WARN([** no $piddir directory on this system **])
3602 fi
47e45e44 3603 fi
3604 ]
3605)
b7a87eea 3606
3466e002 3607AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
19d9ac2a 3608AC_SUBST(piddir)
47e45e44 3609
1d7b9b20 3610dnl allow user to disable some login recording features
3611AC_ARG_ENABLE(lastlog,
bfd550a2 3612 [ --disable-lastlog disable use of lastlog even if detected [no]],
ddb154b3 3613 [
3614 if test "x$enableval" = "xno" ; then
3615 AC_DEFINE(DISABLE_LASTLOG)
3616 fi
3617 ]
1d7b9b20 3618)
3619AC_ARG_ENABLE(utmp,
bfd550a2 3620 [ --disable-utmp disable use of utmp even if detected [no]],
ddb154b3 3621 [
3622 if test "x$enableval" = "xno" ; then
3623 AC_DEFINE(DISABLE_UTMP)
3624 fi
3625 ]
1d7b9b20 3626)
3627AC_ARG_ENABLE(utmpx,
bfd550a2 3628 [ --disable-utmpx disable use of utmpx even if detected [no]],
ddb154b3 3629 [
3630 if test "x$enableval" = "xno" ; then
3466e002 3631 AC_DEFINE(DISABLE_UTMPX, 1,
3632 [Define if you don't want to use utmpx])
ddb154b3 3633 fi
3634 ]
1d7b9b20 3635)
3636AC_ARG_ENABLE(wtmp,
bfd550a2 3637 [ --disable-wtmp disable use of wtmp even if detected [no]],
ddb154b3 3638 [
3639 if test "x$enableval" = "xno" ; then
3640 AC_DEFINE(DISABLE_WTMP)
3641 fi
3642 ]
1d7b9b20 3643)
3644AC_ARG_ENABLE(wtmpx,
bfd550a2 3645 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
ddb154b3 3646 [
3647 if test "x$enableval" = "xno" ; then
3466e002 3648 AC_DEFINE(DISABLE_WTMPX, 1,
3649 [Define if you don't want to use wtmpx])
ddb154b3 3650 fi
3651 ]
1d7b9b20 3652)
3653AC_ARG_ENABLE(libutil,
bfd550a2 3654 [ --disable-libutil disable use of libutil (login() etc.) [no]],
ddb154b3 3655 [
3656 if test "x$enableval" = "xno" ; then
3657 AC_DEFINE(DISABLE_LOGIN)
3658 fi
3659 ]
1d7b9b20 3660)
3661AC_ARG_ENABLE(pututline,
bfd550a2 3662 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
ddb154b3 3663 [
3664 if test "x$enableval" = "xno" ; then
3466e002 3665 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3666 [Define if you don't want to use pututline()
3667 etc. to write [uw]tmp])
ddb154b3 3668 fi
3669 ]
1d7b9b20 3670)
3671AC_ARG_ENABLE(pututxline,
bfd550a2 3672 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
ddb154b3 3673 [
3674 if test "x$enableval" = "xno" ; then
3466e002 3675 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3676 [Define if you don't want to use pututxline()
3677 etc. to write [uw]tmpx])
ddb154b3 3678 fi
3679 ]
1d7b9b20 3680)
3681AC_ARG_WITH(lastlog,
bfd550a2 3682 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
8c89dd2b 3683 [
82f4e93d 3684 if test "x$withval" = "xno" ; then
8c89dd2b 3685 AC_DEFINE(DISABLE_LASTLOG)
6cf0200f 3686 elif test -n "$withval" && test "x${withval}" != "xyes"; then
8c89dd2b 3687 conf_lastlog_location=$withval
3688 fi
3689 ]
3690)
1d7b9b20 3691
3692dnl lastlog, [uw]tmpx? detection
3693dnl NOTE: set the paths in the platform section to avoid the
3694dnl need for command-line parameters
3695dnl lastlog and [uw]tmp are subject to a file search if all else fails
3696
3697dnl lastlog detection
3698dnl NOTE: the code itself will detect if lastlog is a directory
3699AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3700AC_TRY_COMPILE([
3701#include <sys/types.h>
3702#include <utmp.h>
3703#ifdef HAVE_LASTLOG_H
3704# include <lastlog.h>
3705#endif
d7c0f3d5 3706#ifdef HAVE_PATHS_H
1d7b9b20 3707# include <paths.h>
41cb4569 3708#endif
3709#ifdef HAVE_LOGIN_H
3710# include <login.h>
1d7b9b20 3711#endif
3712 ],
3713 [ char *lastlog = LASTLOG_FILE; ],
3714 [ AC_MSG_RESULT(yes) ],
d7c0f3d5 3715 [
3716 AC_MSG_RESULT(no)
3717 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3718 AC_TRY_COMPILE([
3719#include <sys/types.h>
3720#include <utmp.h>
3721#ifdef HAVE_LASTLOG_H
3722# include <lastlog.h>
3723#endif
3724#ifdef HAVE_PATHS_H
3725# include <paths.h>
3726#endif
3727 ],
3728 [ char *lastlog = _PATH_LASTLOG; ],
3729 [ AC_MSG_RESULT(yes) ],
3730 [
f282b668 3731 AC_MSG_RESULT(no)
d7c0f3d5 3732 system_lastlog_path=no
3733 ])
3734 ]
1d7b9b20 3735)
d7c0f3d5 3736
1d7b9b20 3737if test -z "$conf_lastlog_location"; then
3738 if test x"$system_lastlog_path" = x"no" ; then
3739 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
e5fe9a1f 3740 if (test -d "$f" || test -f "$f") ; then
1d7b9b20 3741 conf_lastlog_location=$f
3742 fi
3743 done
3744 if test -z "$conf_lastlog_location"; then
f8119cef 3745 AC_MSG_WARN([** Cannot find lastlog **])
3746 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
1d7b9b20 3747 fi
3748 fi
3749fi
3750
3751if test -n "$conf_lastlog_location"; then
3466e002 3752 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3753 [Define if you want to specify the path to your lastlog file])
82f4e93d 3754fi
1d7b9b20 3755
3756dnl utmp detection
3757AC_MSG_CHECKING([if your system defines UTMP_FILE])
3758AC_TRY_COMPILE([
3759#include <sys/types.h>
3760#include <utmp.h>
d7c0f3d5 3761#ifdef HAVE_PATHS_H
1d7b9b20 3762# include <paths.h>
3763#endif
3764 ],
3765 [ char *utmp = UTMP_FILE; ],
3766 [ AC_MSG_RESULT(yes) ],
3767 [ AC_MSG_RESULT(no)
3768 system_utmp_path=no ]
3769)
3770if test -z "$conf_utmp_location"; then
3771 if test x"$system_utmp_path" = x"no" ; then
3772 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3773 if test -f $f ; then
3774 conf_utmp_location=$f
3775 fi
3776 done
3777 if test -z "$conf_utmp_location"; then
3778 AC_DEFINE(DISABLE_UTMP)
3779 fi
3780 fi
3781fi
3782if test -n "$conf_utmp_location"; then
3466e002 3783 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3784 [Define if you want to specify the path to your utmp file])
82f4e93d 3785fi
1d7b9b20 3786
3787dnl wtmp detection
3788AC_MSG_CHECKING([if your system defines WTMP_FILE])
3789AC_TRY_COMPILE([
3790#include <sys/types.h>
3791#include <utmp.h>
d7c0f3d5 3792#ifdef HAVE_PATHS_H
1d7b9b20 3793# include <paths.h>
3794#endif
3795 ],
3796 [ char *wtmp = WTMP_FILE; ],
3797 [ AC_MSG_RESULT(yes) ],
3798 [ AC_MSG_RESULT(no)
3799 system_wtmp_path=no ]
3800)
3801if test -z "$conf_wtmp_location"; then
3802 if test x"$system_wtmp_path" = x"no" ; then
3803 for f in /usr/adm/wtmp /var/log/wtmp; do
3804 if test -f $f ; then
3805 conf_wtmp_location=$f
3806 fi
3807 done
3808 if test -z "$conf_wtmp_location"; then
3809 AC_DEFINE(DISABLE_WTMP)
3810 fi
3811 fi
3812fi
3813if test -n "$conf_wtmp_location"; then
3466e002 3814 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3815 [Define if you want to specify the path to your wtmp file])
82f4e93d 3816fi
1d7b9b20 3817
3818
3819dnl utmpx detection - I don't know any system so perverse as to require
3820dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3821dnl there, though.
3822AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3823AC_TRY_COMPILE([
3824#include <sys/types.h>
3825#include <utmp.h>
3826#ifdef HAVE_UTMPX_H
3827#include <utmpx.h>
3828#endif
d7c0f3d5 3829#ifdef HAVE_PATHS_H
1d7b9b20 3830# include <paths.h>
3831#endif
3832 ],
3833 [ char *utmpx = UTMPX_FILE; ],
3834 [ AC_MSG_RESULT(yes) ],
3835 [ AC_MSG_RESULT(no)
3836 system_utmpx_path=no ]
3837)
3838if test -z "$conf_utmpx_location"; then
3839 if test x"$system_utmpx_path" = x"no" ; then
3840 AC_DEFINE(DISABLE_UTMPX)
3841 fi
3842else
3466e002 3843 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3844 [Define if you want to specify the path to your utmpx file])
82f4e93d 3845fi
1d7b9b20 3846
3847dnl wtmpx detection
3848AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3849AC_TRY_COMPILE([
3850#include <sys/types.h>
3851#include <utmp.h>
3852#ifdef HAVE_UTMPX_H
3853#include <utmpx.h>
3854#endif
d7c0f3d5 3855#ifdef HAVE_PATHS_H
1d7b9b20 3856# include <paths.h>
3857#endif
3858 ],
3859 [ char *wtmpx = WTMPX_FILE; ],
3860 [ AC_MSG_RESULT(yes) ],
3861 [ AC_MSG_RESULT(no)
3862 system_wtmpx_path=no ]
3863)
3864if test -z "$conf_wtmpx_location"; then
3865 if test x"$system_wtmpx_path" = x"no" ; then
3866 AC_DEFINE(DISABLE_WTMPX)
3867 fi
3868else
3466e002 3869 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3870 [Define if you want to specify the path to your wtmpx file])
82f4e93d 3871fi
1d7b9b20 3872
b7a87eea 3873
bd499f9e 3874if test ! -z "$blibpath" ; then
68ece370 3875 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3876 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
bd499f9e 3877fi
3878
ed89c848 3879dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3880dnl Add now.
3881CFLAGS="$CFLAGS $werror_flags"
3882
3c62e7eb 3883AC_EXEEXT
d7cfdd7c 3884AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
46096a5b 3885 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
98a7c37b 3886AC_OUTPUT
d3083fbd 3887
cbd7492e 3888# Print summary of options
3889
cbd7492e 3890# Someone please show me a better way :)
3891A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3892B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3893C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3894D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
f5665f6f 3895E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
e0c4d3ac 3896F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
cbd7492e 3897G=`eval echo ${piddir}` ; G=`eval echo ${G}`
ecac8ee5 3898H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3899I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3900J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
cbd7492e 3901
3902echo ""
26de7942 3903echo "OpenSSH has been configured with the following options:"
ecac8ee5 3904echo " User binaries: $B"
3905echo " System binaries: $C"
3906echo " Configuration files: $D"
3907echo " Askpass program: $E"
3908echo " Manual pages: $F"
3909echo " PID file: $G"
3910echo " Privilege separation chroot path: $H"
95b99395 3911if test "x$external_path_file" = "x/etc/login.conf" ; then
3912echo " At runtime, sshd will use the path defined in $external_path_file"
3913echo " Make sure the path to scp is present, otherwise scp will not work"
8d184c09 3914else
ecac8ee5 3915echo " sshd default user PATH: $I"
89bbd457 3916 if test ! -z "$external_path_file"; then
95b99395 3917echo " (If PATH is set in $external_path_file it will be used instead. If"
3918echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3919 fi
8d184c09 3920fi
06617857 3921if test ! -z "$superuser_path" ; then
ecac8ee5 3922echo " sshd superuser user PATH: $J"
3923fi
3924echo " Manpage format: $MANTYPE"
3e05e934 3925echo " PAM support: $PAM_MSG"
5b84789f 3926echo " OSF SIA support: $SIA_MSG"
ecac8ee5 3927echo " KerberosV support: $KRB5_MSG"
ef4d1846 3928echo " SELinux support: $SELINUX_MSG"
ecac8ee5 3929echo " Smartcard support: $SCARD_MSG"
ecac8ee5 3930echo " S/KEY support: $SKEY_MSG"
3931echo " TCP Wrappers support: $TCPW_MSG"
3932echo " MD5 password support: $MD5_MSG"
59031773 3933echo " libedit support: $LIBEDIT_MSG"
5b84789f 3934echo " Solaris process contract support: $SPC_MSG"
3deb1408 3935echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
ecac8ee5 3936echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3937echo " BSD Auth support: $BSD_AUTH_MSG"
3938echo " Random number source: $RAND_MSG"
f1b0ecc3 3939if test ! -z "$USE_RAND_HELPER" ; then
ecac8ee5 3940echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
af774732 3941fi
3942
cbd7492e 3943echo ""
3944
0c2fb82f 3945echo " Host: ${host}"
3946echo " Compiler: ${CC}"
3947echo " Compiler flags: ${CFLAGS}"
3948echo "Preprocessor flags: ${CPPFLAGS}"
3949echo " Linker flags: ${LDFLAGS}"
ddceb1c8 3950echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
cbd7492e 3951
3952echo ""
3953
9cefe228 3954if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
b3146b5f 3955 echo "SVR4 style packages are supported with \"make package\""
3956 echo ""
9cefe228 3957fi
3958
adeebd37 3959if test "x$PAM_MSG" = "xyes" ; then
f1b0ecc3 3960 echo "PAM is enabled. You may need to install a PAM control file "
3961 echo "for sshd, otherwise password authentication may fail. "
aff51935 3962 echo "Example PAM control files can be found in the contrib/ "
f1b0ecc3 3963 echo "subdirectory"
adeebd37 3964 echo ""
3965fi
3966
f1b0ecc3 3967if test ! -z "$RAND_HELPER_CMDHASH" ; then
3968 echo "WARNING: you are using the builtin random number collection "
3969 echo "service. Please read WARNING.RNG and request that your OS "
3970 echo "vendor includes kernel-based random number collection in "
3971 echo "future versions of your OS."
2c523de9 3972 echo ""
3973fi
af774732 3974
2f6f9cff 3975if test ! -z "$NO_PEERCHECK" ; then
3976 echo "WARNING: the operating system that you are using does not "
3977 echo "appear to support either the getpeereid() API nor the "
3978 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3979 echo "enforce security checks to prevent unauthorised connections to "
3980 echo "ssh-agent. Their absence increases the risk that a malicious "
3981 echo "user can connect to your agent. "
3982 echo ""
3983fi
3984
7b578f7d 3985if test "$AUDIT_MODULE" = "bsm" ; then
3986 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3987 echo "See the Solaris section in README.platform for details."
3988fi
git-cvsimport mirror of OpenSSH
This page took 1.067677 seconds and 5 git commands to generate.