]> andersk Git - openssh.git/blame - configure.ac
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (dtucker) [auth-pam.c] Use sigdie here too. ok djm@
[openssh.git] / configure.ac
CommitLineData
eb5d7ff6 1# $Id$
2b983b95 2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
0b202697 16
76e6410a 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
823221b2 18AC_REVISION($Revision$)
98a7c37b 19AC_CONFIG_SRCDIR([ssh.c])
5881cd60 20
21AC_CONFIG_HEADER(config.h)
b14b2ae7 22AC_PROG_CC
a7effaac 23AC_CANONICAL_HOST
cf0c5df5 24AC_C_BIGENDIAN
5881cd60 25
a0391976 26# Checks for programs.
4bbf95fa 27AC_PROG_AWK
4cca272e 28AC_PROG_CPP
5881cd60 29AC_PROG_RANLIB
cf8dd513 30AC_PROG_INSTALL
c9ecc3c7 31AC_PROG_EGREP
bee0a37e 32AC_PATH_PROG(AR, ar)
ddd8c95b 33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
13dd877b 35AC_PATH_PROGS(PERL, perl5 perl)
c3690df3 36AC_PATH_PROG(SED, sed)
a0f84251 37AC_SUBST(PERL)
ad85db64 38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
6958bd37 40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
6193497b 43AC_PATH_PROG(SH, sh)
a3245b92 44AC_SUBST(TEST_SHELL,sh)
f498ed15 45
9cefe228 46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
eeb27c78 52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
9cefe228 57
948fd8b9 58# System features
59AC_SYS_LARGEFILE
60
c193d002 61if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
2e73a022 65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
3466e002 67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
2e73a022 70else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76fi
77
37656beb 78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
3466e002 80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
37656beb 82fi
83
d423d822 84if test -z "$LD" ; then
85 LD=$CC
86fi
87AC_SUBST(LD)
82f4e93d 88
d423d822 89AC_C_INLINE
dfafb2e1 90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
aff51935 93if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
af40ca44 94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
eeee8237 95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
5fdabf45 96 case $GCC_VER in
0b9fdeb8 97 1.*) no_attrib_nonnull=1 ;;
98 2.8* | 2.9*)
99 CFLAGS="$CFLAGS -Wsign-compare"
100 no_attrib_nonnull=1
101 ;;
102 2.*) no_attrib_nonnull=1 ;;
dbf07ba2 103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
cd595991 104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 *) ;;
5fdabf45 106 esac
8a3ff1aa 107
dfafb2e1 108 if test -z "$have_llong_max"; then
109 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
110 unset ac_cv_have_decl_LLONG_MAX
111 saved_CFLAGS="$CFLAGS"
112 CFLAGS="$CFLAGS -std=gnu99"
113 AC_CHECK_DECL(LLONG_MAX,
114 [have_llong_max=1],
115 [CFLAGS="$saved_CFLAGS"],
116 [#include <limits.h>]
117 )
118 fi
d423d822 119fi
120
0b9fdeb8 121if test "x$no_attrib_nonnull" != "x1" ; then
122 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
123fi
124
e6354014 125AC_ARG_WITH(rpath,
126 [ --without-rpath Disable auto-added -R linker paths],
127 [
82f4e93d 128 if test "x$withval" = "xno" ; then
e6354014 129 need_dash_r=""
130 fi
131 if test "x$withval" = "xyes" ; then
132 need_dash_r=1
133 fi
134 ]
135)
136
aa56f760 137# Allow user to specify flags
138AC_ARG_WITH(cflags,
139 [ --with-cflags Specify additional flags to pass to compiler],
140 [
141 if test -n "$withval" && test "x$withval" != "xno" && \
142 test "x${withval}" != "xyes"; then
143 CFLAGS="$CFLAGS $withval"
144 fi
145 ]
146)
147AC_ARG_WITH(cppflags,
148 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
149 [
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CPPFLAGS="$CPPFLAGS $withval"
153 fi
154 ]
155)
156AC_ARG_WITH(ldflags,
157 [ --with-ldflags Specify additional flags to pass to linker],
158 [
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 LDFLAGS="$LDFLAGS $withval"
162 fi
163 ]
164)
165AC_ARG_WITH(libs,
166 [ --with-libs Specify additional libraries to link with],
167 [
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LIBS="$LIBS $withval"
171 fi
172 ]
173)
174AC_ARG_WITH(Werror,
175 [ --with-Werror Build main code with -Werror],
176 [
177 if test -n "$withval" && test "x$withval" != "xno"; then
178 werror_flags="-Werror"
179 if test "x${withval}" != "xyes"; then
180 werror_flags="$withval"
181 fi
182 fi
183 ]
184)
185
186AC_CHECK_HEADERS( \
187 bstring.h \
188 crypt.h \
189 crypto/sha2.h \
190 dirent.h \
191 endian.h \
192 features.h \
193 fcntl.h \
194 floatingpoint.h \
195 getopt.h \
196 glob.h \
197 ia.h \
198 iaf.h \
199 limits.h \
200 login.h \
201 maillock.h \
202 ndir.h \
203 net/if_tun.h \
204 netdb.h \
205 netgroup.h \
206 pam/pam_appl.h \
207 paths.h \
6d39a5c4 208 poll.h \
aa56f760 209 pty.h \
210 readpassphrase.h \
211 rpc/types.h \
212 security/pam_appl.h \
213 sha2.h \
214 shadow.h \
215 stddef.h \
216 stdint.h \
217 string.h \
218 strings.h \
219 sys/audit.h \
220 sys/bitypes.h \
221 sys/bsdtty.h \
222 sys/cdefs.h \
223 sys/dir.h \
224 sys/mman.h \
225 sys/ndir.h \
226 sys/prctl.h \
227 sys/pstat.h \
228 sys/select.h \
229 sys/stat.h \
230 sys/stream.h \
231 sys/stropts.h \
232 sys/strtio.h \
233 sys/sysmacros.h \
234 sys/time.h \
235 sys/timers.h \
236 sys/un.h \
237 time.h \
238 tmpdir.h \
239 ttyent.h \
40701614 240 ucred.h \
aa56f760 241 unistd.h \
242 usersec.h \
243 util.h \
244 utime.h \
245 utmp.h \
246 utmpx.h \
247 vis.h \
248)
249
250# lastlog.h requires sys/time.h to be included first on Solaris
251AC_CHECK_HEADERS(lastlog.h, [], [], [
252#ifdef HAVE_SYS_TIME_H
253# include <sys/time.h>
254#endif
255])
256
257# sys/ptms.h requires sys/stream.h to be included first on Solaris
258AC_CHECK_HEADERS(sys/ptms.h, [], [], [
259#ifdef HAVE_SYS_STREAM_H
260# include <sys/stream.h>
261#endif
262])
263
264# login_cap.h requires sys/types.h on NetBSD
265AC_CHECK_HEADERS(login_cap.h, [], [], [
266#include <sys/types.h>
267])
268
5b84789f 269# Messages for features tested for in target-specific section
270SIA_MSG="no"
271SPC_MSG="no"
272
a0391976 273# Check for some target-specific stuff
a7effaac 274case "$host" in
9d6b1b96 275*-*-aix*)
25a2779b 276 # Some versions of VAC won't allow macro redefinitions at
277 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
278 # particularly with older versions of vac or xlc.
279 # It also throws errors about null macro argments, but these are
280 # not fatal.
281 AC_MSG_CHECKING(if compiler allows macro redefinitions)
282 AC_COMPILE_IFELSE(
283 [AC_LANG_SOURCE([[
284#define testmacro foo
285#define testmacro bar
286int main(void) { exit(0); }
287 ]])],
288 [ AC_MSG_RESULT(yes) ],
289 [ AC_MSG_RESULT(no)
290 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
291 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
292 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
293 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
294 ]
295 )
296
aff51935 297 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
68ece370 298 if (test -z "$blibpath"); then
0a15d73b 299 blibpath="/usr/lib:/lib"
68ece370 300 fi
301 saved_LDFLAGS="$LDFLAGS"
e7479666 302 if test "$GCC" = "yes"; then
303 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
304 else
305 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
306 fi
307 for tryflags in $flags ;do
68ece370 308 if (test -z "$blibflags"); then
309 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
310 AC_TRY_LINK([], [], [blibflags=$tryflags])
311 fi
312 done
313 if (test -z "$blibflags"); then
314 AC_MSG_RESULT(not found)
315 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
316 else
317 AC_MSG_RESULT($blibflags)
bd499f9e 318 fi
68ece370 319 LDFLAGS="$saved_LDFLAGS"
e351e493 320 dnl Check for authenticate. Might be in libs.a on older AIXes
3466e002 321 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
322 [Define if you want to enable AIX4's authenticate function])],
0764e748 323 [AC_CHECK_LIB(s,authenticate,
e351e493 324 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
0764e748 325 LIBS="$LIBS -ls"
326 ])
327 ])
ba603e06 328 dnl Check for various auth function declarations in headers.
c85ed8e2 329 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
72ad335d 330 passwdexpired, setauthdb], , , [#include <usersec.h>])
e351e493 331 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
ba603e06 332 AC_CHECK_DECLS(loginfailed,
e351e493 333 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
334 AC_TRY_COMPILE(
f58c0e01 335 [#include <usersec.h>],
e351e493 336 [(void)loginfailed("user","host","tty",0);],
337 [AC_MSG_RESULT(yes)
3466e002 338 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
339 [Define if your AIX loginfailed() function
340 takes 4 arguments (AIX >= 5.2)])],
f58c0e01 341 [AC_MSG_RESULT(no)]
e351e493 342 )],
343 [],
344 [#include <usersec.h>]
345 )
2aa3a16c 346 AC_CHECK_FUNCS(setauthdb)
53c337ed 347 AC_CHECK_DECL(F_CLOSEM,
795e7517 348 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
53c337ed 349 [],
350 [ #include <limits.h>
351 #include <fcntl.h> ]
352 )
5ccf88cb 353 check_for_aix_broken_getaddrinfo=1
3466e002 354 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
355 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
356 [Define if your platform breaks doing a seteuid before a setuid])
357 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
358 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
a3cef3ca 359 dnl AIX handles lastlog as part of its login message
3466e002 360 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
361 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
362 [Some systems need a utmpx entry for /bin/login to work])
363 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
364 [Define to a Set Process Title type if your system is
365 supported by bsd-setproctitle.c])
961c2997 366 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
367 [AIX 5.2 and 5.3 (and presumably newer) require this])
ea8c44d9 368 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
9d6b1b96 369 ;;
3c62e7eb 370*-*-cygwin*)
a52997bd 371 check_for_libcrypt_later=1
04765d02 372 LIBS="$LIBS /usr/lib/textreadmode.o"
3466e002 373 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
374 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
375 AC_DEFINE(DISABLE_SHADOW, 1,
376 [Define if you want to disable shadow passwords])
377 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
378 [Define if your system choked on IP TOS setting])
379 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
380 [Define if X11 doesn't support AF_UNIX sockets on that system])
381 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
382 [Define if the concept of ports only accessible to
383 superusers isn't known])
384 AC_DEFINE(DISABLE_FD_PASSING, 1,
385 [Define if your platform needs to skip post auth
386 file descriptor passing])
3c62e7eb 387 ;;
d6fdb079 388*-*-dgux*)
389 AC_DEFINE(IP_TOS_IS_BROKEN)
0c6a72a5 390 AC_DEFINE(SETEUID_BREAKS_SETUID)
391 AC_DEFINE(BROKEN_SETREUID)
392 AC_DEFINE(BROKEN_SETREGID)
d6fdb079 393 ;;
39c98ef7 394*-*-darwin*)
33e2e066 395 AC_MSG_CHECKING(if we have working getaddrinfo)
396 AC_TRY_RUN([#include <mach-o/dyld.h>
397main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
398 exit(0);
399 else
400 exit(1);
401}], [AC_MSG_RESULT(working)],
402 [AC_MSG_RESULT(buggy)
3466e002 403 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
b27e573d 404 [AC_MSG_RESULT(assume it is working)])
635e0c42 405 AC_DEFINE(SETEUID_BREAKS_SETUID)
406 AC_DEFINE(BROKEN_SETREUID)
407 AC_DEFINE(BROKEN_SETREGID)
3466e002 408 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
409 [Define if your resolver libs need this for getrrsetbyname])
e02505e2 410 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
411 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
412 [Use tunnel device compatibility to OpenBSD])
413 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
414 [Prepend the address family to IP tunnel traffic])
39c98ef7 415 ;;
36f36ba3 416*-*-dragonfly*)
417 SSHDLIBS="$SSHDLIBS -lcrypt"
418 ;;
7d458c86 419*-*-hpux*)
420 # first we define all of the options common to all HP-UX releases
b8fea62d 421 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
44839801 422 IPADDR_IN_DISPLAY=yes
2b10f47a 423 AC_DEFINE(USE_PIPES)
3466e002 424 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
425 [Define if your login program cannot handle end of options ("--")])
a2572aa7 426 AC_DEFINE(LOGIN_NEEDS_UTMPX)
3466e002 427 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
428 [String used in /etc/passwd to denote locked account])
3a2b2b44 429 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
83f987c3 430 MAIL="/var/mail/username"
f75ca46d 431 LIBS="$LIBS -lsec"
7d458c86 432 AC_CHECK_LIB(xnet, t_error, ,
433 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
434
435 # next, we define all of the options specific to major releases
436 case "$host" in
437 *-*-hpux10*)
438 if test -z "$GCC"; then
439 CFLAGS="$CFLAGS -Ae"
440 fi
441 ;;
442 *-*-hpux11*)
3466e002 443 AC_DEFINE(PAM_SUN_CODEBASE, 1,
444 [Define if you are using Solaris-derived PAM which
445 passes pam_messages to the conversation function
446 with an extra level of indirection])
447 AC_DEFINE(DISABLE_UTMP, 1,
448 [Define if you don't want to use utmp])
7d458c86 449 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
450 check_for_hpux_broken_getaddrinfo=1
451 check_for_conflicting_getspnam=1
452 ;;
453 esac
454
455 # lastly, we define options specific to minor releases
456 case "$host" in
457 *-*-hpux10.26)
3466e002 458 AC_DEFINE(HAVE_SECUREWARE, 1,
459 [Define if you have SecureWare-based
460 protected password database])
7d458c86 461 disable_ptmx_check=yes
462 LIBS="$LIBS -lsecpw"
463 ;;
464 esac
2b763e31 465 ;;
d94aa2ae 466*-*-irix5*)
6ac7829a 467 PATH="$PATH:/usr/etc"
3466e002 468 AC_DEFINE(BROKEN_INET_NTOA, 1,
469 [Define if you system's inet_ntoa is busted
470 (e.g. Irix gcc issue)])
cb433561 471 AC_DEFINE(SETEUID_BREAKS_SETUID)
472 AC_DEFINE(BROKEN_SETREUID)
473 AC_DEFINE(BROKEN_SETREGID)
3466e002 474 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
475 [Define if you shouldn't strip 'tty' from your
476 ttyname in [uw]tmp])
3e6e3da0 477 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
b9795b89 478 ;;
479*-*-irix6*)
6ac7829a 480 PATH="$PATH:/usr/etc"
3466e002 481 AC_DEFINE(WITH_IRIX_ARRAY, 1,
482 [Define if you have/want arrays
483 (cluster-wide session managment, not C arrays)])
484 AC_DEFINE(WITH_IRIX_PROJECT, 1,
485 [Define if you want IRIX project management])
486 AC_DEFINE(WITH_IRIX_AUDIT, 1,
487 [Define if you want IRIX audit trails])
488 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
489 [Define if you want IRIX kernel jobs])])
416ed5a7 490 AC_DEFINE(BROKEN_INET_NTOA)
412c0eaa 491 AC_DEFINE(SETEUID_BREAKS_SETUID)
492 AC_DEFINE(BROKEN_SETREUID)
493 AC_DEFINE(BROKEN_SETREGID)
3466e002 494 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
0e8f4eba 495 AC_DEFINE(WITH_ABBREV_NO_TTY)
3e6e3da0 496 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
d94aa2ae 497 ;;
5cdfe03f 498*-*-linux*)
499 no_dev_ptmx=1
717057b6 500 check_for_libcrypt_later=1
eacb954e 501 check_for_openpty_ctty_bug=1
3466e002 502 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
503 AC_DEFINE(PAM_TTY_KLUDGE, 1,
504 [Work around problematic Linux PAM modules handling of PAM_TTY])
505 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
506 [String used in /etc/passwd to denote locked account])
3a2b2b44 507 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
3466e002 508 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
509 [Define to whatever link() returns for "not supported"
510 if it doesn't return EOPNOTSUPP.])
b6610e8f 511 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
3466e002 512 AC_DEFINE(USE_BTMP)
80faa19f 513 inet6_default_4in6=yes
bf7c1e6c 514 case `uname -r` in
ad84c479 515 1.*|2.0.*)
3466e002 516 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
517 [Define if cmsg_type is not passed correctly])
bf7c1e6c 518 ;;
bf7c1e6c 519 esac
c40f09ca 520 # tun(4) forwarding compat code
d91775e1 521 AC_CHECK_HEADERS(linux/if_tun.h)
b5081213 522 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
c40f09ca 523 AC_DEFINE(SSH_TUN_LINUX, 1,
524 [Open tunnel devices the Linux tun/tap way])
525 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
526 [Use tunnel device compatibility to OpenBSD])
527 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
528 [Prepend the address family to IP tunnel traffic])
529 fi
5cdfe03f 530 ;;
66d6c27e 531mips-sony-bsd|mips-sony-newsos4)
4b2cf3f1 532 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
66d6c27e 533 SONY=1
66d6c27e 534 ;;
d468fc76 535*-*-netbsd*)
33e2e066 536 check_for_libcrypt_before=1
82f4e93d 537 if test "x$withval" != "xno" ; then
e6354014 538 need_dash_r=1
539 fi
0f6cb079 540 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
541 AC_CHECK_HEADER([net/if_tap.h], ,
542 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
543 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
544 [Prepend the address family to IP tunnel traffic])
d468fc76 545 ;;
86b416a7 546*-*-freebsd*)
547 check_for_libcrypt_later=1
988c5031 548 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
0f6cb079 549 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
550 AC_CHECK_HEADER([net/if_tap.h], ,
551 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
86b416a7 552 ;;
8707b7eb 553*-*-bsdi*)
554 AC_DEFINE(SETEUID_BREAKS_SETUID)
555 AC_DEFINE(BROKEN_SETREUID)
556 AC_DEFINE(BROKEN_SETREGID)
557 ;;
729bfe59 558*-next-*)
729bfe59 559 conf_lastlog_location="/usr/adm/lastlog"
698d107e 560 conf_utmp_location=/etc/utmp
561 conf_wtmp_location=/usr/adm/wtmp
562 MAIL=/usr/spool/mail
3466e002 563 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
443172c4 564 AC_DEFINE(BROKEN_REALPATH)
00937921 565 AC_DEFINE(USE_PIPES)
3466e002 566 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
729bfe59 567 ;;
5b7b5e23 568*-*-openbsd*)
569 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
8034a348 570 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
0f6cb079 571 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
c79c4814 572 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
573 [syslog_r function is safe to use in in a signal handler])
5b7b5e23 574 ;;
9d6b1b96 575*-*-solaris*)
82f4e93d 576 if test "x$withval" != "xno" ; then
010e9d5b 577 need_dash_r=1
578 fi
adeebd37 579 AC_DEFINE(PAM_SUN_CODEBASE)
7e2d5fa4 580 AC_DEFINE(LOGIN_NEEDS_UTMPX)
3466e002 581 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
582 [Some versions of /bin/login need the TERM supplied
583 on the commandline])
7f0a4ff1 584 AC_DEFINE(PAM_TTY_KLUDGE)
3466e002 585 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
586 [Define if pam_chauthtok wants real uid set
587 to the unpriv'ed user])
3e6e3da0 588 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
ad84c479 589 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
3466e002 590 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
591 [Define if sshd somehow reacquires a controlling TTY
592 after setsid()])
795aa5f5 593 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
594 in case the name is longer than 8 chars])
95b99395 595 external_path_file=/etc/default/login
1d7b9b20 596 # hardwire lastlog location (can't detect it on some versions)
597 conf_lastlog_location="/var/adm/lastlog"
32c80420 598 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
599 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
600 if test "$sol2ver" -ge 8; then
601 AC_MSG_RESULT(yes)
602 AC_DEFINE(DISABLE_UTMP)
3466e002 603 AC_DEFINE(DISABLE_WTMP, 1,
604 [Define if you don't want to use wtmp])
32c80420 605 else
606 AC_MSG_RESULT(no)
607 fi
5b84789f 608 AC_ARG_WITH(solaris-contracts,
609 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
610 [
611 AC_CHECK_LIB(contract, ct_tmpl_activate,
612 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
613 [Define if you have Solaris process contracts])
614 SSHDLIBS="$SSHDLIBS -lcontract"
615 AC_SUBST(SSHDLIBS)
616 SPC_MSG="yes" ], )
617 ],
618 )
9d6b1b96 619 ;;
a423beaf 620*-*-sunos4*)
0c2fb82f 621 CPPFLAGS="$CPPFLAGS -DSUNOS4"
a423beaf 622 AC_CHECK_FUNCS(getpwanam)
adeebd37 623 AC_DEFINE(PAM_SUN_CODEBASE)
32eec038 624 conf_utmp_location=/etc/utmp
625 conf_wtmp_location=/var/adm/wtmp
626 conf_lastlog_location=/var/adm/lastlog
137d7b6c 627 AC_DEFINE(USE_PIPES)
a423beaf 628 ;;
6f68f28a 629*-ncr-sysv*)
98a7c37b 630 LIBS="$LIBS -lc89"
29525240 631 AC_DEFINE(USE_PIPES)
eabb99c6 632 AC_DEFINE(SSHD_ACQUIRES_CTTY)
6fb3618d 633 AC_DEFINE(SETEUID_BREAKS_SETUID)
634 AC_DEFINE(BROKEN_SETREUID)
635 AC_DEFINE(BROKEN_SETREGID)
6f68f28a 636 ;;
132dd316 637*-sni-sysv*)
c8c15bcb 638 # /usr/ucblib MUST NOT be searched on ReliantUNIX
e2798e96 639 AC_CHECK_LIB(dl, dlsym, ,)
d08db6d1 640 # -lresolv needs to be at the end of LIBS or DNS lookups break
641 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
9548d6c8 642 IPADDR_IN_DISPLAY=yes
643 AC_DEFINE(USE_PIPES)
132dd316 644 AC_DEFINE(IP_TOS_IS_BROKEN)
605369bb 645 AC_DEFINE(SETEUID_BREAKS_SETUID)
646 AC_DEFINE(BROKEN_SETREUID)
647 AC_DEFINE(BROKEN_SETREGID)
eabb99c6 648 AC_DEFINE(SSHD_ACQUIRES_CTTY)
95b99395 649 external_path_file=/etc/default/login
c8c15bcb 650 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
651 # Attention: always take care to bind libsocket and libnsl before libc,
652 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
132dd316 653 ;;
79a7ba96 654# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
77bb0bca 655*-*-sysv4.2*)
ed6553e2 656 AC_DEFINE(USE_PIPES)
7ed101c0 657 AC_DEFINE(SETEUID_BREAKS_SETUID)
658 AC_DEFINE(BROKEN_SETREUID)
659 AC_DEFINE(BROKEN_SETREGID)
46f853b9 660 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
e45da4d6 661 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
77bb0bca 662 ;;
79a7ba96 663# UnixWare 7.x, OpenUNIX 8
77bb0bca 664*-*-sysv5*)
d7d2cc6e 665 check_for_libcrypt_later=1
666 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
ed6553e2 667 AC_DEFINE(USE_PIPES)
7ed101c0 668 AC_DEFINE(SETEUID_BREAKS_SETUID)
669 AC_DEFINE(BROKEN_SETREUID)
670 AC_DEFINE(BROKEN_SETREGID)
3466e002 671 AC_DEFINE(PASSWD_NEEDS_USERNAME)
822015dd 672 case "$host" in
673 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
674 TEST_SHELL=/u95/bin/sh
3466e002 675 AC_DEFINE(BROKEN_LIBIAF, 1,
676 [ia_uinfo routines not supported by OS yet])
5cc6ddad 677 AC_DEFINE(BROKEN_UPDWTMPX)
822015dd 678 ;;
e45da4d6 679 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
680 ;;
822015dd 681 esac
77bb0bca 682 ;;
9d6b1b96 683*-*-sysv*)
9d6b1b96 684 ;;
79a7ba96 685# SCO UNIX and OEM versions of SCO UNIX
77bb0bca 686*-*-sco3.2v4*)
11cf4f1f 687 AC_MSG_ERROR("This Platform is no longer supported.")
77bb0bca 688 ;;
79a7ba96 689# SCO OpenServer 5.x
77bb0bca 690*-*-sco3.2v5*)
21710e39 691 if test -z "$GCC"; then
692 CFLAGS="$CFLAGS -belf"
693 fi
ed6553e2 694 LIBS="$LIBS -lprot -lx -ltinfo -lm"
509b1f88 695 no_dev_ptmx=1
ed6553e2 696 AC_DEFINE(USE_PIPES)
6e879cb4 697 AC_DEFINE(HAVE_SECUREWARE)
d287c664 698 AC_DEFINE(DISABLE_SHADOW)
94d8258b 699 AC_DEFINE(DISABLE_FD_PASSING)
7ed101c0 700 AC_DEFINE(SETEUID_BREAKS_SETUID)
701 AC_DEFINE(BROKEN_SETREUID)
702 AC_DEFINE(BROKEN_SETREGID)
bcebad47 703 AC_DEFINE(WITH_ABBREV_NO_TTY)
34f2baf0 704 AC_DEFINE(BROKEN_UPDWTMPX)
3466e002 705 AC_DEFINE(PASSWD_NEEDS_USERNAME)
aca75d94 706 AC_CHECK_FUNCS(getluid setluid)
533875af 707 MANTYPE=man
a3245b92 708 TEST_SHELL=ksh
509b1f88 709 ;;
ccbb983c 710*-*-unicosmk*)
3466e002 711 AC_DEFINE(NO_SSH_LASTLOG, 1,
712 [Define if you don't want to use lastlog in session.c])
c1ad5966 713 AC_DEFINE(SETEUID_BREAKS_SETUID)
714 AC_DEFINE(BROKEN_SETREUID)
715 AC_DEFINE(BROKEN_SETREGID)
ccbb983c 716 AC_DEFINE(USE_PIPES)
717 AC_DEFINE(DISABLE_FD_PASSING)
718 LDFLAGS="$LDFLAGS"
719 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
720 MANTYPE=cat
d262b7f2 721 ;;
7b9a8c6e 722*-*-unicosmp*)
c1ad5966 723 AC_DEFINE(SETEUID_BREAKS_SETUID)
724 AC_DEFINE(BROKEN_SETREUID)
725 AC_DEFINE(BROKEN_SETREGID)
7b9a8c6e 726 AC_DEFINE(WITH_ABBREV_NO_TTY)
727 AC_DEFINE(USE_PIPES)
728 AC_DEFINE(DISABLE_FD_PASSING)
729 LDFLAGS="$LDFLAGS"
c1ad5966 730 LIBS="$LIBS -lgen -lacid -ldb"
7b9a8c6e 731 MANTYPE=cat
732 ;;
ca5c7d6a 733*-*-unicos*)
c1ad5966 734 AC_DEFINE(SETEUID_BREAKS_SETUID)
735 AC_DEFINE(BROKEN_SETREUID)
736 AC_DEFINE(BROKEN_SETREGID)
ca5c7d6a 737 AC_DEFINE(USE_PIPES)
94d8258b 738 AC_DEFINE(DISABLE_FD_PASSING)
ef51930f 739 AC_DEFINE(NO_SSH_LASTLOG)
ccbb983c 740 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
741 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
742 MANTYPE=cat
a704dd54 743 ;;
4d33e531 744*-dec-osf*)
99c8ddac 745 AC_MSG_CHECKING(for Digital Unix SIA)
746 no_osfsia=""
747 AC_ARG_WITH(osfsia,
748 [ --with-osfsia Enable Digital Unix SIA],
749 [
750 if test "x$withval" = "xno" ; then
751 AC_MSG_RESULT(disabled)
752 no_osfsia=1
753 fi
754 ],
755 )
756 if test -z "$no_osfsia" ; then
4d33e531 757 if test -f /etc/sia/matrix.conf; then
758 AC_MSG_RESULT(yes)
3466e002 759 AC_DEFINE(HAVE_OSF_SIA, 1,
760 [Define if you have Digital Unix Security
761 Integration Architecture])
762 AC_DEFINE(DISABLE_LOGIN, 1,
763 [Define if you don't want to use your
764 system's login() call])
58d0df4e 765 AC_DEFINE(DISABLE_FD_PASSING)
4d33e531 766 LIBS="$LIBS -lsecurity -ldb -lm -laud"
5b84789f 767 SIA_MSG="yes"
4d33e531 768 else
769 AC_MSG_RESULT(no)
3466e002 770 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
771 [String used in /etc/passwd to denote locked account])
4d33e531 772 fi
773 fi
a6e67b60 774 AC_DEFINE(BROKEN_GETADDRINFO)
f4f2ff4f 775 AC_DEFINE(SETEUID_BREAKS_SETUID)
08da2d08 776 AC_DEFINE(BROKEN_SETREUID)
777 AC_DEFINE(BROKEN_SETREGID)
4d33e531 778 ;;
41cb4569 779
9c54c067 780*-*-nto-qnx*)
41cb4569 781 AC_DEFINE(USE_PIPES)
782 AC_DEFINE(NO_X11_UNIX_SOCKETS)
3466e002 783 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
784 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
785 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
9c54c067 786 AC_DEFINE(DISABLE_LASTLOG)
49c64dd6 787 AC_DEFINE(SSHD_ACQUIRES_CTTY)
0c7e8877 788 enable_etc_default_login=no # has incompatible /etc/default/login
41cb4569 789 ;;
35fc74ed 790
791*-*-ultrix*)
3466e002 792 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
793 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
4b2cf3f1 794 AC_DEFINE(NEED_SETPGRP)
b5765e1d 795 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
796 ;;
157b6700 797
798*-*-lynxos)
799 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
3466e002 800 AC_DEFINE(MISSING_HOWMANY)
157b6700 801 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
802 ;;
a7effaac 803esac
804
c5829391 805AC_MSG_CHECKING(compiler and flags for sanity)
479cece8 806AC_RUN_IFELSE(
807 [AC_LANG_SOURCE([
c5829391 808#include <stdio.h>
809int main(){exit(0);}
479cece8 810 ])],
c5829391 811 [ AC_MSG_RESULT(yes) ],
812 [
813 AC_MSG_RESULT(no)
814 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1a01a50c 815 ],
816 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
c5829391 817)
818
b04a9f8c 819dnl Checks for header files.
a0391976 820# Checks for libraries.
98a7c37b 821AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
822AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
2c523de9 823
446227d6 824dnl IRIX and Solaris 2.5.1 have dirname() in libgen
825AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
826 AC_CHECK_LIB(gen, dirname,[
827 AC_CACHE_CHECK([for broken dirname],
828 ac_cv_have_broken_dirname, [
829 save_LIBS="$LIBS"
830 LIBS="$LIBS -lgen"
b0e7249f 831 AC_RUN_IFELSE(
832 [AC_LANG_SOURCE([[
446227d6 833#include <libgen.h>
834#include <string.h>
835
836int main(int argc, char **argv) {
837 char *s, buf[32];
838
839 strncpy(buf,"/etc", 32);
840 s = dirname(buf);
841 if (!s || strncmp(s, "/", 32) != 0) {
842 exit(1);
843 } else {
844 exit(0);
845 }
846}
b0e7249f 847 ]])],
848 [ ac_cv_have_broken_dirname="no" ],
849 [ ac_cv_have_broken_dirname="yes" ],
446227d6 850 [ ac_cv_have_broken_dirname="no" ],
446227d6 851 )
852 LIBS="$save_LIBS"
853 ])
854 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
855 LIBS="$LIBS -lgen"
856 AC_DEFINE(HAVE_DIRNAME)
857 AC_CHECK_HEADERS(libgen.h)
858 fi
859 ])
860])
861
862AC_CHECK_FUNC(getspnam, ,
863 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
3466e002 864AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
865 [Define if you have the basename function.]))
446227d6 866
98a7c37b 867dnl zlib is required
868AC_ARG_WITH(zlib,
869 [ --with-zlib=PATH Use zlib in PATH],
6dd05556 870 [ if test "x$withval" = "xno" ; then
871 AC_MSG_ERROR([*** zlib is required ***])
872 elif test "x$withval" != "xyes"; then
98a7c37b 873 if test -d "$withval/lib"; then
874 if test -n "${need_dash_r}"; then
5a162955 875 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
98a7c37b 876 else
5a162955 877 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
98a7c37b 878 fi
879 else
880 if test -n "${need_dash_r}"; then
5a162955 881 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
98a7c37b 882 else
5a162955 883 LDFLAGS="-L${withval} ${LDFLAGS}"
98a7c37b 884 fi
885 fi
886 if test -d "$withval/include"; then
5a162955 887 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
98a7c37b 888 else
5a162955 889 CPPFLAGS="-I${withval} ${CPPFLAGS}"
98a7c37b 890 fi
6dd05556 891 fi ]
98a7c37b 892)
893
0a15d73b 894AC_CHECK_LIB(z, deflate, ,
895 [
896 saved_CPPFLAGS="$CPPFLAGS"
897 saved_LDFLAGS="$LDFLAGS"
898 save_LIBS="$LIBS"
899 dnl Check default zlib install dir
900 if test -n "${need_dash_r}"; then
901 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
902 else
903 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
904 fi
905 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
906 LIBS="$LIBS -lz"
907 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
908 [
909 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
910 ]
911 )
912 ]
913)
4ad65809 914AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
8068d564 915
916AC_ARG_WITH(zlib-version-check,
917 [ --without-zlib-version-check Disable zlib version check],
918 [ if test "x$withval" = "xno" ; then
919 zlib_check_nonfatal=1
920 fi
921 ]
922)
923
5c7fc85d 924AC_MSG_CHECKING(for possibly buggy zlib)
479cece8 925AC_RUN_IFELSE([AC_LANG_SOURCE([[
5c7fc85d 926#include <stdio.h>
4ad65809 927#include <zlib.h>
928int main()
929{
5c7fc85d 930 int a=0, b=0, c=0, d=0, n, v;
931 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
932 if (n != 3 && n != 4)
4ad65809 933 exit(1);
5c7fc85d 934 v = a*1000000 + b*10000 + c*100 + d;
935 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
936
937 /* 1.1.4 is OK */
938 if (a == 1 && b == 1 && c >= 4)
4ad65809 939 exit(0);
5c7fc85d 940
0072b59d 941 /* 1.2.3 and up are OK */
942 if (v >= 1020300)
5c7fc85d 943 exit(0);
944
4ad65809 945 exit(2);
946}
479cece8 947 ]])],
5c7fc85d 948 AC_MSG_RESULT(no),
949 [ AC_MSG_RESULT(yes)
8068d564 950 if test -z "$zlib_check_nonfatal" ; then
951 AC_MSG_ERROR([*** zlib too old - check config.log ***
952Your reported zlib version has known security problems. It's possible your
953vendor has fixed these problems without changing the version number. If you
954are sure this is the case, you can disable the check by running
955"./configure --without-zlib-version-check".
6090bcfe 956If you are in doubt, upgrade zlib to version 1.2.3 or greater.
5c7fc85d 957See http://www.gzip.org/zlib/ for details.])
8068d564 958 else
959 AC_MSG_WARN([zlib version may have security problems])
960 fi
1a01a50c 961 ],
962 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
4ad65809 963)
48e7916f 964
2c523de9 965dnl UnixWare 2.x
aff51935 966AC_CHECK_FUNC(strcasecmp,
2c523de9 967 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
968)
23361281 969AC_CHECK_FUNCS(utimes,
cda1ebcb 970 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
971 LIBS="$LIBS -lc89"]) ]
2c523de9 972)
4cca272e 973
7c6d759d 974dnl Checks for libutil functions
975AC_CHECK_HEADERS(libutil.h)
3466e002 976AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
977 [Define if your libraries define login()])])
7c6d759d 978AC_CHECK_FUNCS(logout updwtmp logwtmp)
979
a738c3b0 980AC_FUNC_STRFTIME
981
84ceda19 982# Check for ALTDIRFUNC glob() extension
983AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
984AC_EGREP_CPP(FOUNDIT,
985 [
986 #include <glob.h>
987 #ifdef GLOB_ALTDIRFUNC
988 FOUNDIT
989 #endif
aff51935 990 ],
84ceda19 991 [
3466e002 992 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
993 [Define if your system glob() function has
994 the GLOB_ALTDIRFUNC extension])
84ceda19 995 AC_MSG_RESULT(yes)
996 ],
997 [
998 AC_MSG_RESULT(no)
999 ]
1000)
4cca272e 1001
40849fdb 1002# Check for g.gl_matchc glob() extension
1003AC_MSG_CHECKING(for gl_matchc field in glob_t)
d90b9f9a 1004AC_TRY_COMPILE(
13ff27b7 1005 [ #include <glob.h> ],
1006 [glob_t g; g.gl_matchc = 1;],
aff51935 1007 [
3466e002 1008 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1009 [Define if your system glob() function has
1010 gl_matchc options in glob_t])
aff51935 1011 AC_MSG_RESULT(yes)
1012 ],
1013 [
1014 AC_MSG_RESULT(no)
1015 ]
40849fdb 1016)
1017
78888bab 1018AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1019
edbe6722 1020AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1a01a50c 1021AC_RUN_IFELSE(
479cece8 1022 [AC_LANG_SOURCE([[
edbe6722 1023#include <sys/types.h>
1024#include <dirent.h>
aec4cb4f 1025int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
479cece8 1026 ]])],
aff51935 1027 [AC_MSG_RESULT(yes)],
edbe6722 1028 [
1029 AC_MSG_RESULT(no)
3466e002 1030 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
d08db6d1 1031 [Define if your struct dirent expects you to
3466e002 1032 allocate extra space for d_name])
1a01a50c 1033 ],
82f4e93d 1034 [
1a01a50c 1035 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1036 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
edbe6722 1037 ]
1038)
1039
419e26e7 1040AC_MSG_CHECKING([for /proc/pid/fd directory])
1041if test -d "/proc/$$/fd" ; then
3466e002 1042 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
419e26e7 1043 AC_MSG_RESULT(yes)
1044else
1045 AC_MSG_RESULT(no)
1046fi
1047
278588d8 1048# Check whether user wants S/Key support
aff51935 1049SKEY_MSG="no"
278588d8 1050AC_ARG_WITH(skey,
6ff3d0dc 1051 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
278588d8 1052 [
1053 if test "x$withval" != "xno" ; then
1054
1055 if test "x$withval" != "xyes" ; then
1056 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1057 LDFLAGS="$LDFLAGS -L${withval}/lib"
1058 fi
1059
3466e002 1060 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
278588d8 1061 LIBS="-lskey $LIBS"
aff51935 1062 SKEY_MSG="yes"
82f4e93d 1063
ddceb1c8 1064 AC_MSG_CHECKING([for s/key support])
b0e7249f 1065 AC_LINK_IFELSE(
1066 [AC_LANG_SOURCE([[
ddceb1c8 1067#include <stdio.h>
1068#include <skey.h>
aec4cb4f 1069int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
b0e7249f 1070 ]])],
ddceb1c8 1071 [AC_MSG_RESULT(yes)],
278588d8 1072 [
ddceb1c8 1073 AC_MSG_RESULT(no)
278588d8 1074 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1075 ])
141fc639 1076 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1077 AC_TRY_COMPILE(
1078 [#include <stdio.h>
1079 #include <skey.h>],
1080 [(void)skeychallenge(NULL,"name","",0);],
1081 [AC_MSG_RESULT(yes)
3466e002 1082 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1083 [Define if your skeychallenge()
1084 function takes 4 arguments (NetBSD)])],
141fc639 1085 [AC_MSG_RESULT(no)]
1086 )
278588d8 1087 fi
1088 ]
1089)
1090
1091# Check whether user wants TCP wrappers support
98a7c37b 1092TCPW_MSG="no"
278588d8 1093AC_ARG_WITH(tcp-wrappers,
6ff3d0dc 1094 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
278588d8 1095 [
1096 if test "x$withval" != "xno" ; then
1097 saved_LIBS="$LIBS"
98a7c37b 1098 saved_LDFLAGS="$LDFLAGS"
1099 saved_CPPFLAGS="$CPPFLAGS"
4b492aab 1100 if test -n "${withval}" && \
6cf0200f 1101 test "x${withval}" != "xyes"; then
98a7c37b 1102 if test -d "${withval}/lib"; then
1103 if test -n "${need_dash_r}"; then
5a162955 1104 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
98a7c37b 1105 else
5a162955 1106 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
98a7c37b 1107 fi
1108 else
1109 if test -n "${need_dash_r}"; then
5a162955 1110 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
98a7c37b 1111 else
5a162955 1112 LDFLAGS="-L${withval} ${LDFLAGS}"
98a7c37b 1113 fi
1114 fi
1115 if test -d "${withval}/include"; then
5a162955 1116 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
98a7c37b 1117 else
5a162955 1118 CPPFLAGS="-I${withval} ${CPPFLAGS}"
98a7c37b 1119 fi
98a7c37b 1120 fi
e54defb4 1121 LIBS="-lwrap $LIBS"
278588d8 1122 AC_MSG_CHECKING(for libwrap)
1123 AC_TRY_LINK(
1124 [
77f09220 1125#include <sys/types.h>
1126#include <sys/socket.h>
1127#include <netinet/in.h>
278588d8 1128#include <tcpd.h>
1129 int deny_severity = 0, allow_severity = 0;
1130 ],
1131 [hosts_access(0);],
1132 [
1133 AC_MSG_RESULT(yes)
3466e002 1134 AC_DEFINE(LIBWRAP, 1,
1135 [Define if you want
1136 TCP Wrappers support])
e54defb4 1137 SSHDLIBS="$SSHDLIBS -lwrap"
98a7c37b 1138 TCPW_MSG="yes"
278588d8 1139 ],
1140 [
1141 AC_MSG_ERROR([*** libwrap missing])
1142 ]
1143 )
ddceb1c8 1144 LIBS="$saved_LIBS"
278588d8 1145 fi
1146 ]
1147)
1148
59031773 1149# Check whether user wants libedit support
1150LIBEDIT_MSG="no"
1151AC_ARG_WITH(libedit,
6ff3d0dc 1152 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
59031773 1153 [ if test "x$withval" != "xno" ; then
737edf04 1154 if test "x$withval" != "xyes"; then
bb116c8e 1155 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1156 if test -n "${need_dash_r}"; then
1157 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1158 else
1159 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1160 fi
737edf04 1161 fi
59031773 1162 AC_CHECK_LIB(edit, el_init,
3466e002 1163 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
59031773 1164 LIBEDIT="-ledit -lcurses"
1165 LIBEDIT_MSG="yes"
1166 AC_SUBST(LIBEDIT)
1167 ],
737edf04 1168 [ AC_MSG_ERROR(libedit not found) ],
1169 [ -lcurses ]
59031773 1170 )
f47ddccb 1171 AC_MSG_CHECKING(if libedit version is compatible)
d92622f9 1172 AC_COMPILE_IFELSE(
1173 [AC_LANG_SOURCE([[
1174#include <histedit.h>
f47ddccb 1175int main(void)
1176{
1177 int i = H_SETSIZE;
1178 el_init("", NULL, NULL, NULL);
1179 exit(0);
1180}
d92622f9 1181 ]])],
f47ddccb 1182 [ AC_MSG_RESULT(yes) ],
1183 [ AC_MSG_RESULT(no)
1184 AC_MSG_ERROR(libedit version is not compatible) ]
1185 )
59031773 1186 fi ]
1187)
1188
7b578f7d 1189AUDIT_MODULE=none
1190AC_ARG_WITH(audit,
1191 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1192 [
1193 AC_MSG_CHECKING(for supported audit module)
1194 case "$withval" in
1195 bsm)
1196 AC_MSG_RESULT(bsm)
1197 AUDIT_MODULE=bsm
1198 dnl Checks for headers, libs and functions
1199 AC_CHECK_HEADERS(bsm/audit.h, [],
a01f637d 1200 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1201 [
1202#ifdef HAVE_TIME_H
1203# include <time.h>
1204#endif
1205 ]
1206)
7b578f7d 1207 AC_CHECK_LIB(bsm, getaudit, [],
1208 [AC_MSG_ERROR(BSM enabled and required library not found)])
1209 AC_CHECK_FUNCS(getaudit, [],
1210 [AC_MSG_ERROR(BSM enabled and required function not found)])
1211 # These are optional
7939c496 1212 AC_CHECK_FUNCS(getaudit_addr)
3466e002 1213 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
7b578f7d 1214 ;;
1215 debug)
1216 AUDIT_MODULE=debug
1217 AC_MSG_RESULT(debug)
3466e002 1218 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
7b578f7d 1219 ;;
a2b3321d 1220 no)
d92622f9 1221 AC_MSG_RESULT(no)
a2b3321d 1222 ;;
7b578f7d 1223 *)
1224 AC_MSG_ERROR([Unknown audit module $withval])
1225 ;;
1226 esac ]
1227)
1228
19160674 1229dnl Checks for library functions. Please keep in alphabetical order
b04a9f8c 1230AC_CHECK_FUNCS( \
1231 arc4random \
9a406e1e 1232 asprintf \
b04a9f8c 1233 b64_ntop \
1234 __b64_ntop \
1235 b64_pton \
1236 __b64_pton \
1237 bcopy \
1238 bindresvport_sa \
1239 clock \
1240 closefrom \
1241 dirfd \
b04a9f8c 1242 fchmod \
1243 fchown \
1244 freeaddrinfo \
1245 futimes \
1246 getaddrinfo \
1247 getcwd \
1248 getgrouplist \
1249 getnameinfo \
1250 getopt \
1251 getpeereid \
1961d660 1252 getpeerucred \
b04a9f8c 1253 _getpty \
1254 getrlimit \
1255 getttyent \
1256 glob \
1257 inet_aton \
1258 inet_ntoa \
1259 inet_ntop \
1260 innetgr \
1261 login_getcapbool \
1262 md5_crypt \
1263 memmove \
1264 mkdtemp \
1265 mmap \
1266 ngetaddrinfo \
1267 nsleep \
1268 ogetaddrinfo \
1269 openlog_r \
1270 openpty \
6d39a5c4 1271 poll \
b04a9f8c 1272 prctl \
1273 pstat \
1274 readpassphrase \
1275 realpath \
1276 recvmsg \
1277 rresvport_af \
1278 sendmsg \
1279 setdtablesize \
1280 setegid \
1281 setenv \
1282 seteuid \
1283 setgroups \
1284 setlogin \
1285 setpcred \
1286 setproctitle \
1287 setregid \
1288 setreuid \
1289 setrlimit \
1290 setsid \
1291 setvbuf \
1292 sigaction \
1293 sigvec \
1294 snprintf \
1295 socketpair \
1296 strdup \
1297 strerror \
1298 strlcat \
1299 strlcpy \
1300 strmode \
1301 strnvis \
1302 strtonum \
1e29a0c8 1303 strtoll \
b04a9f8c 1304 strtoul \
1aac2117 1305 swap32 \
b04a9f8c 1306 sysconf \
1307 tcgetpgrp \
1308 truncate \
1309 unsetenv \
1310 updwtmpx \
9a406e1e 1311 vasprintf \
b04a9f8c 1312 vhangup \
1313 vsnprintf \
1314 waitpid \
19160674 1315)
98a7c37b 1316
1a086f97 1317# IRIX has a const char return value for gai_strerror()
1318AC_CHECK_FUNCS(gai_strerror,[
1319 AC_DEFINE(HAVE_GAI_STRERROR)
1320 AC_TRY_COMPILE([
1321#include <sys/types.h>
1322#include <sys/socket.h>
1323#include <netdb.h>
1324
1325const char *gai_strerror(int);],[
1326char *str;
1327
1328str = gai_strerror(0);],[
1329 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1330 [Define if gai_strerror() returns const char *])])])
1331
3466e002 1332AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1333 [Some systems put nanosleep outside of libc]))
92b1decf 1334
309709db 1335dnl Make sure prototypes are defined for these before using them.
309709db 1336AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
0957c2cf 1337AC_CHECK_DECL(strsep,
1338 [AC_CHECK_FUNCS(strsep)],
1339 [],
1340 [
1341#ifdef HAVE_STRING_H
1342# include <string.h>
1343#endif
1344 ])
08412d26 1345
3490699c 1346dnl tcsendbreak might be a macro
1347AC_CHECK_DECL(tcsendbreak,
1348 [AC_DEFINE(HAVE_TCSENDBREAK)],
aff51935 1349 [AC_CHECK_FUNCS(tcsendbreak)],
3490699c 1350 [#include <termios.h>]
1351)
1352
41e0e158 1353AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1354
71f4c727 1355AC_CHECK_DECLS(SHUT_RD, , ,
1356 [
1357#include <sys/types.h>
1358#include <sys/socket.h>
1359 ])
956d6743 1360
1361AC_CHECK_DECLS(O_NONBLOCK, , ,
1362 [
1363#include <sys/types.h>
1364#ifdef HAVE_SYS_STAT_H
1365# include <sys/stat.h>
1366#endif
1367#ifdef HAVE_FCNTL_H
1368# include <fcntl.h>
1369#endif
1370 ])
1371
752994dd 1372AC_CHECK_DECLS(writev, , , [
1373#include <sys/types.h>
1374#include <sys/uio.h>
1375#include <unistd.h>
1376 ])
1377
0bf6279d 1378AC_CHECK_DECLS(MAXSYMLINKS, , , [
1379#include <sys/param.h>
1380 ])
1381
b41ece30 1382AC_CHECK_DECLS(offsetof, , , [
1383#include <stddef.h>
1384 ])
1385
3f176010 1386AC_CHECK_FUNCS(setresuid, [
1387 dnl Some platorms have setresuid that isn't implemented, test for this
1388 AC_MSG_CHECKING(if setresuid seems to work)
479cece8 1389 AC_RUN_IFELSE(
1390 [AC_LANG_SOURCE([[
9a3fe0e2 1391#include <stdlib.h>
1392#include <errno.h>
1393int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
479cece8 1394 ]])],
3f176010 1395 [AC_MSG_RESULT(yes)],
3466e002 1396 [AC_DEFINE(BROKEN_SETRESUID, 1,
1397 [Define if your setresuid() is broken])
1a01a50c 1398 AC_MSG_RESULT(not implemented)],
1399 [AC_MSG_WARN([cross compiling: not checking setresuid])]
3f176010 1400 )
1401])
9a3fe0e2 1402
3f176010 1403AC_CHECK_FUNCS(setresgid, [
1404 dnl Some platorms have setresgid that isn't implemented, test for this
1405 AC_MSG_CHECKING(if setresgid seems to work)
479cece8 1406 AC_RUN_IFELSE(
1407 [AC_LANG_SOURCE([[
9a3fe0e2 1408#include <stdlib.h>
1409#include <errno.h>
1410int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
479cece8 1411 ]])],
3f176010 1412 [AC_MSG_RESULT(yes)],
3466e002 1413 [AC_DEFINE(BROKEN_SETRESGID, 1,
1414 [Define if your setresgid() is broken])
1a01a50c 1415 AC_MSG_RESULT(not implemented)],
1416 [AC_MSG_WARN([cross compiling: not checking setresuid])]
3f176010 1417 )
1418])
9a3fe0e2 1419
2e73a022 1420dnl Checks for time functions
1d7b9b20 1421AC_CHECK_FUNCS(gettimeofday time)
2e73a022 1422dnl Checks for utmp functions
b03bd394 1423AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1d7b9b20 1424AC_CHECK_FUNCS(utmpname)
2e73a022 1425dnl Checks for utmpx functions
b03bd394 1426AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1d7b9b20 1427AC_CHECK_FUNCS(setutxent utmpxname)
76cd7316 1428
aff51935 1429AC_CHECK_FUNC(daemon,
3466e002 1430 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1431 [AC_CHECK_LIB(bsd, daemon,
1432 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
beb43d31 1433)
1434
aff51935 1435AC_CHECK_FUNC(getpagesize,
3466e002 1436 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1437 [Define if your libraries define getpagesize()])],
1438 [AC_CHECK_LIB(ucb, getpagesize,
1439 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
aa6bd60a 1440)
1441
2647ae26 1442# Check for broken snprintf
1443if test "x$ac_cv_func_snprintf" = "xyes" ; then
1444 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1a01a50c 1445 AC_RUN_IFELSE(
479cece8 1446 [AC_LANG_SOURCE([[
2647ae26 1447#include <stdio.h>
aec4cb4f 1448int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
479cece8 1449 ]])],
aff51935 1450 [AC_MSG_RESULT(yes)],
2647ae26 1451 [
1452 AC_MSG_RESULT(no)
3466e002 1453 AC_DEFINE(BROKEN_SNPRINTF, 1,
1454 [Define if your snprintf is busted])
2647ae26 1455 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1a01a50c 1456 ],
1457 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2647ae26 1458 )
1459fi
1460
9a406e1e 1461# If we don't have a working asprintf, then we strongly depend on vsnprintf
1462# returning the right thing on overflow: the number of characters it tried to
1463# create (as per SUSv3)
1464if test "x$ac_cv_func_asprintf" != "xyes" && \
1465 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1466 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1467 AC_RUN_IFELSE(
1468 [AC_LANG_SOURCE([[
1469#include <sys/types.h>
1470#include <stdio.h>
1471#include <stdarg.h>
1472
1473int x_snprintf(char *str,size_t count,const char *fmt,...)
1474{
1475 size_t ret; va_list ap;
1476 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1477 return ret;
1478}
1479int main(void)
1480{
1481 char x[1];
1482 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1483} ]])],
1484 [AC_MSG_RESULT(yes)],
1485 [
1486 AC_MSG_RESULT(no)
1487 AC_DEFINE(BROKEN_SNPRINTF, 1,
1488 [Define if your snprintf is busted])
1489 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1490 ],
1491 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1492 )
1493fi
1494
31b0732a 1495# On systems where [v]snprintf is broken, but is declared in stdio,
1496# check that the fmt argument is const char * or just char *.
1497# This is only useful for when BROKEN_SNPRINTF
1498AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1499AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1500 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1501 int main(void) { snprintf(0, 0, 0); }
1502 ]])],
1503 [AC_MSG_RESULT(yes)
1504 AC_DEFINE(SNPRINTF_CONST, [const],
1505 [Define as const if snprintf() can declare const char *fmt])],
1506 [AC_MSG_RESULT(no)
1507 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1508
2f6f9cff 1509# Check for missing getpeereid (or equiv) support
1510NO_PEERCHECK=""
1961d660 1511if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
2f6f9cff 1512 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1513 AC_TRY_COMPILE(
1514 [#include <sys/types.h>
1515 #include <sys/socket.h>],
1516 [int i = SO_PEERCRED;],
62eb7db4 1517 [ AC_MSG_RESULT(yes)
3466e002 1518 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
62eb7db4 1519 ],
2f6f9cff 1520 [AC_MSG_RESULT(no)
1521 NO_PEERCHECK=1]
1522 )
1523fi
1524
70e7d0b0 1525dnl see whether mkstemp() requires XXXXXX
1526if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1527AC_MSG_CHECKING([for (overly) strict mkstemp])
b0e7249f 1528AC_RUN_IFELSE(
1529 [AC_LANG_SOURCE([[
70e7d0b0 1530#include <stdlib.h>
1531main() { char template[]="conftest.mkstemp-test";
1532if (mkstemp(template) == -1)
1533 exit(1);
1534unlink(template); exit(0);
1535}
b0e7249f 1536 ]])],
70e7d0b0 1537 [
1538 AC_MSG_RESULT(no)
1539 ],
aff51935 1540 [
70e7d0b0 1541 AC_MSG_RESULT(yes)
3466e002 1542 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
70e7d0b0 1543 ],
1544 [
1545 AC_MSG_RESULT(yes)
1546 AC_DEFINE(HAVE_STRICT_MKSTEMP)
aff51935 1547 ]
70e7d0b0 1548)
1549fi
1550
eacb954e 1551dnl make sure that openpty does not reacquire controlling terminal
1552if test ! -z "$check_for_openpty_ctty_bug"; then
1553 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
b0e7249f 1554 AC_RUN_IFELSE(
1555 [AC_LANG_SOURCE([[
eacb954e 1556#include <stdio.h>
1557#include <sys/fcntl.h>
1558#include <sys/types.h>
1559#include <sys/wait.h>
1560
1561int
1562main()
1563{
1564 pid_t pid;
1565 int fd, ptyfd, ttyfd, status;
1566
1567 pid = fork();
1568 if (pid < 0) { /* failed */
1569 exit(1);
1570 } else if (pid > 0) { /* parent */
1571 waitpid(pid, &status, 0);
aff51935 1572 if (WIFEXITED(status))
eacb954e 1573 exit(WEXITSTATUS(status));
1574 else
1575 exit(2);
1576 } else { /* child */
1577 close(0); close(1); close(2);
1578 setsid();
1579 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1580 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1581 if (fd >= 0)
1582 exit(3); /* Acquired ctty: broken */
1583 else
1584 exit(0); /* Did not acquire ctty: OK */
1585 }
1586}
b0e7249f 1587 ]])],
eacb954e 1588 [
1589 AC_MSG_RESULT(yes)
1590 ],
1591 [
1592 AC_MSG_RESULT(no)
1593 AC_DEFINE(SSHD_ACQUIRES_CTTY)
b0e7249f 1594 ],
1595 [
1596 AC_MSG_RESULT(cross-compiling, assuming yes)
eacb954e 1597 ]
1598 )
1599fi
1600
4b492aab 1601if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1602 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2fe51906 1603 AC_MSG_CHECKING(if getaddrinfo seems to work)
b0e7249f 1604 AC_RUN_IFELSE(
1605 [AC_LANG_SOURCE([[
2fe51906 1606#include <stdio.h>
1607#include <sys/socket.h>
1608#include <netdb.h>
1609#include <errno.h>
1610#include <netinet/in.h>
1611
1612#define TEST_PORT "2222"
1613
1614int
1615main(void)
1616{
1617 int err, sock;
1618 struct addrinfo *gai_ai, *ai, hints;
1619 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1620
1621 memset(&hints, 0, sizeof(hints));
1622 hints.ai_family = PF_UNSPEC;
1623 hints.ai_socktype = SOCK_STREAM;
1624 hints.ai_flags = AI_PASSIVE;
1625
1626 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1627 if (err != 0) {
1628 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1629 exit(1);
1630 }
1631
1632 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1633 if (ai->ai_family != AF_INET6)
1634 continue;
1635
1636 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1637 sizeof(ntop), strport, sizeof(strport),
1638 NI_NUMERICHOST|NI_NUMERICSERV);
1639
1640 if (err != 0) {
1641 if (err == EAI_SYSTEM)
1642 perror("getnameinfo EAI_SYSTEM");
1643 else
1644 fprintf(stderr, "getnameinfo failed: %s\n",
1645 gai_strerror(err));
1646 exit(2);
1647 }
1648
1649 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1650 if (sock < 0)
1651 perror("socket");
1652 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1653 if (errno == EBADF)
1654 exit(3);
1655 }
1656 }
1657 exit(0);
1658}
b0e7249f 1659 ]])],
2fe51906 1660 [
1661 AC_MSG_RESULT(yes)
1662 ],
1663 [
1664 AC_MSG_RESULT(no)
1665 AC_DEFINE(BROKEN_GETADDRINFO)
b0e7249f 1666 ],
1667 [
1668 AC_MSG_RESULT(cross-compiling, assuming yes)
2fe51906 1669 ]
1670 )
1671fi
1672
4b492aab 1673if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1674 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
5ccf88cb 1675 AC_MSG_CHECKING(if getaddrinfo seems to work)
b0e7249f 1676 AC_RUN_IFELSE(
1677 [AC_LANG_SOURCE([[
5ccf88cb 1678#include <stdio.h>
1679#include <sys/socket.h>
1680#include <netdb.h>
1681#include <errno.h>
1682#include <netinet/in.h>
1683
1684#define TEST_PORT "2222"
1685
1686int
1687main(void)
1688{
1689 int err, sock;
1690 struct addrinfo *gai_ai, *ai, hints;
1691 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1692
1693 memset(&hints, 0, sizeof(hints));
1694 hints.ai_family = PF_UNSPEC;
1695 hints.ai_socktype = SOCK_STREAM;
1696 hints.ai_flags = AI_PASSIVE;
1697
1698 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1699 if (err != 0) {
1700 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1701 exit(1);
1702 }
1703
1704 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1705 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1706 continue;
1707
1708 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1709 sizeof(ntop), strport, sizeof(strport),
1710 NI_NUMERICHOST|NI_NUMERICSERV);
1711
1712 if (ai->ai_family == AF_INET && err != 0) {
1713 perror("getnameinfo");
1714 exit(2);
1715 }
1716 }
1717 exit(0);
1718}
b0e7249f 1719 ]])],
5ccf88cb 1720 [
1721 AC_MSG_RESULT(yes)
3466e002 1722 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1723 [Define if you have a getaddrinfo that fails
1724 for the all-zeros IPv6 address])
5ccf88cb 1725 ],
1726 [
1727 AC_MSG_RESULT(no)
1728 AC_DEFINE(BROKEN_GETADDRINFO)
b0e7249f 1729 ],
ecd9ec09 1730 [
b0e7249f 1731 AC_MSG_RESULT(cross-compiling, assuming no)
5ccf88cb 1732 ]
1733 )
1734fi
1735
b29fd59f 1736if test "x$check_for_conflicting_getspnam" = "x1"; then
1737 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1738 AC_COMPILE_IFELSE(
1739 [
1740#include <shadow.h>
1741int main(void) {exit(0);}
1742 ],
1743 [
1744 AC_MSG_RESULT(no)
1745 ],
1746 [
1747 AC_MSG_RESULT(yes)
1748 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1749 [Conflicting defs for getspnam])
1750 ]
1751 )
1752fi
1753
7f8f5e00 1754AC_FUNC_GETPGRP
1755
5b991353 1756# Search for OpenSSL
1757saved_CPPFLAGS="$CPPFLAGS"
1758saved_LDFLAGS="$LDFLAGS"
a0391976 1759AC_ARG_WITH(ssl-dir,
1760 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1761 [
e9e4a1c7 1762 if test "x$withval" != "xno" ; then
99eb0f64 1763 case "$withval" in
1764 # Relative paths
1765 ./*|../*) withval="`pwd`/$withval"
1766 esac
5b991353 1767 if test -d "$withval/lib"; then
1768 if test -n "${need_dash_r}"; then
1769 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1770 else
1771 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
d6f13fbb 1772 fi
1773 else
5b991353 1774 if test -n "${need_dash_r}"; then
1775 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1776 else
1777 LDFLAGS="-L${withval} ${LDFLAGS}"
d6f13fbb 1778 fi
1779 fi
5b991353 1780 if test -d "$withval/include"; then
1781 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
d6f13fbb 1782 else
5b991353 1783 CPPFLAGS="-I${withval} ${CPPFLAGS}"
58d100bf 1784 fi
a0391976 1785 fi
5b991353 1786 ]
1787)
5486a457 1788LIBS="-lcrypto $LIBS"
3466e002 1789AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1790 [Define if your ssl headers are included
1791 with #include <openssl/header.h>]),
d45e3d76 1792 [
5b991353 1793 dnl Check default openssl install dir
1794 if test -n "${need_dash_r}"; then
1795 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
d45e3d76 1796 else
5b991353 1797 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
d45e3d76 1798 fi
5b991353 1799 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1800 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1801 [
1802 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1803 ]
1804 )
1805 ]
1806)
1807
cd018561 1808# Determine OpenSSL header version
1809AC_MSG_CHECKING([OpenSSL header version])
1a01a50c 1810AC_RUN_IFELSE(
479cece8 1811 [AC_LANG_SOURCE([[
cd018561 1812#include <stdio.h>
1813#include <string.h>
1814#include <openssl/opensslv.h>
1815#define DATA "conftest.sslincver"
1816int main(void) {
aff51935 1817 FILE *fd;
1818 int rc;
cd018561 1819
aff51935 1820 fd = fopen(DATA,"w");
1821 if(fd == NULL)
1822 exit(1);
cd018561 1823
1824 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1825 exit(1);
1826
1827 exit(0);
1828}
479cece8 1829 ]])],
cd018561 1830 [
1831 ssl_header_ver=`cat conftest.sslincver`
1832 AC_MSG_RESULT($ssl_header_ver)
1833 ],
1834 [
1835 AC_MSG_RESULT(not found)
1836 AC_MSG_ERROR(OpenSSL version header not found.)
1a01a50c 1837 ],
1838 [
1839 AC_MSG_WARN([cross compiling: not checking])
cd018561 1840 ]
1841)
1842
1843# Determine OpenSSL library version
1844AC_MSG_CHECKING([OpenSSL library version])
1a01a50c 1845AC_RUN_IFELSE(
479cece8 1846 [AC_LANG_SOURCE([[
cd018561 1847#include <stdio.h>
1848#include <string.h>
1849#include <openssl/opensslv.h>
1850#include <openssl/crypto.h>
1851#define DATA "conftest.ssllibver"
1852int main(void) {
aff51935 1853 FILE *fd;
1854 int rc;
cd018561 1855
aff51935 1856 fd = fopen(DATA,"w");
1857 if(fd == NULL)
1858 exit(1);
cd018561 1859
1860 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1861 exit(1);
1862
1863 exit(0);
1864}
479cece8 1865 ]])],
cd018561 1866 [
1867 ssl_library_ver=`cat conftest.ssllibver`
1868 AC_MSG_RESULT($ssl_library_ver)
1869 ],
1870 [
1871 AC_MSG_RESULT(not found)
1872 AC_MSG_ERROR(OpenSSL library not found.)
1a01a50c 1873 ],
1874 [
1875 AC_MSG_WARN([cross compiling: not checking])
cd018561 1876 ]
1877)
58d100bf 1878
1d42bcce 1879AC_ARG_WITH(openssl-header-check,
1880 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1881 [ if test "x$withval" = "xno" ; then
1882 openssl_check_nonfatal=1
1883 fi
1884 ]
1885)
1886
9780116c 1887# Sanity check OpenSSL headers
1888AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1a01a50c 1889AC_RUN_IFELSE(
479cece8 1890 [AC_LANG_SOURCE([[
9780116c 1891#include <string.h>
1892#include <openssl/opensslv.h>
aec4cb4f 1893int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
479cece8 1894 ]])],
9780116c 1895 [
1896 AC_MSG_RESULT(yes)
1897 ],
1898 [
1899 AC_MSG_RESULT(no)
1d42bcce 1900 if test "x$openssl_check_nonfatal" = "x"; then
1901 AC_MSG_ERROR([Your OpenSSL headers do not match your
1902library. Check config.log for details.
1903If you are sure your installation is consistent, you can disable the check
1904by running "./configure --without-openssl-header-check".
1905Also see contrib/findssl.sh for help identifying header/library mismatches.
1906])
1907 else
1908 AC_MSG_WARN([Your OpenSSL headers do not match your
1909library. Check config.log for details.
e15ba28b 1910Also see contrib/findssl.sh for help identifying header/library mismatches.])
1d42bcce 1911 fi
1a01a50c 1912 ],
1913 [
1914 AC_MSG_WARN([cross compiling: not checking])
9780116c 1915 ]
1916)
1917
282d6408 1918AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1919AC_LINK_IFELSE(
1920 [AC_LANG_SOURCE([[
1921#include <openssl/evp.h>
1922int main(void) { SSLeay_add_all_algorithms(); }
1923 ]])],
1924 [
1925 AC_MSG_RESULT(yes)
1926 ],
1927 [
1928 AC_MSG_RESULT(no)
1929 saved_LIBS="$LIBS"
1930 LIBS="$LIBS -ldl"
1931 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1932 AC_LINK_IFELSE(
1933 [AC_LANG_SOURCE([[
1934#include <openssl/evp.h>
1935int main(void) { SSLeay_add_all_algorithms(); }
1936 ]])],
1937 [
1938 AC_MSG_RESULT(yes)
1939 ],
1940 [
1941 AC_MSG_RESULT(no)
1942 LIBS="$saved_LIBS"
1943 ]
1944 )
1945 ]
1946)
1947
c7ad0d99 1948AC_ARG_WITH(ssl-engine,
1949 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1950 [ if test "x$withval" != "xno" ; then
1951 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1952 AC_TRY_COMPILE(
1953 [ #include <openssl/engine.h>],
1954 [
24b2647b 1955ENGINE_load_builtin_engines();ENGINE_register_all_complete();
c7ad0d99 1956 ],
1957 [ AC_MSG_RESULT(yes)
1958 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1959 [Enable OpenSSL engine support])
1960 ],
1961 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1962 )
1963 fi ]
1964)
1965
e5146707 1966# Check for OpenSSL without EVP_aes_{192,256}_cbc
1967AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3e05aa50 1968AC_LINK_IFELSE(
e5146707 1969 [AC_LANG_SOURCE([[
1970#include <string.h>
1971#include <openssl/evp.h>
300ea548 1972int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
e5146707 1973 ]])],
1974 [
1975 AC_MSG_RESULT(no)
1976 ],
1977 [
1978 AC_MSG_RESULT(yes)
1979 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1980 [libcrypto is missing AES 192 and 256 bit functions])
1981 ]
1982)
1983
5486a457 1984# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1985# because the system crypt() is more featureful.
1986if test "x$check_for_libcrypt_before" = "x1"; then
1987 AC_CHECK_LIB(crypt, crypt)
1988fi
1989
aff51935 1990# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
8087c5ee 1991# version in OpenSSL.
05114c74 1992if test "x$check_for_libcrypt_later" = "x1"; then
20cad736 1993 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
717057b6 1994fi
1995
13ff27b7 1996# Search for SHA256 support in libc and/or OpenSSL
1997AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1998
a03acb8f 1999saved_LIBS="$LIBS"
2000AC_CHECK_LIB(iaf, ia_openinfo, [
2001 LIBS="$LIBS -liaf"
2002 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
2003])
2004LIBS="$saved_LIBS"
f1b0ecc3 2005
2006### Configure cryptographic random number support
2007
2008# Check wheter OpenSSL seeds itself
2009AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1a01a50c 2010AC_RUN_IFELSE(
479cece8 2011 [AC_LANG_SOURCE([[
f1b0ecc3 2012#include <string.h>
2013#include <openssl/rand.h>
aec4cb4f 2014int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
479cece8 2015 ]])],
f1b0ecc3 2016 [
2017 OPENSSL_SEEDS_ITSELF=yes
2018 AC_MSG_RESULT(yes)
2019 ],
2020 [
2021 AC_MSG_RESULT(no)
2022 # Default to use of the rand helper if OpenSSL doesn't
2023 # seed itself
2024 USE_RAND_HELPER=yes
1a01a50c 2025 ],
2026 [
2027 AC_MSG_WARN([cross compiling: assuming yes])
2028 # This is safe, since all recent OpenSSL versions will
82f4e93d 2029 # complain at runtime if not seeded correctly.
1a01a50c 2030 OPENSSL_SEEDS_ITSELF=yes
f1b0ecc3 2031 ]
2032)
2033
a086f73b 2034# Check for PAM libs
2035PAM_MSG="no"
2036AC_ARG_WITH(pam,
2037 [ --with-pam Enable PAM support ],
2038 [
2039 if test "x$withval" != "xno" ; then
2040 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2041 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2042 AC_MSG_ERROR([PAM headers not found])
2043 fi
2044
2045 saved_LIBS="$LIBS"
2046 AC_CHECK_LIB(dl, dlopen, , )
2047 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2048 AC_CHECK_FUNCS(pam_getenvlist)
2049 AC_CHECK_FUNCS(pam_putenv)
2050 LIBS="$saved_LIBS"
2051
2052 PAM_MSG="yes"
2053
e54defb4 2054 SSHDLIBS="$SSHDLIBS -lpam"
a086f73b 2055 AC_DEFINE(USE_PAM, 1,
2056 [Define if you want to enable PAM support])
282d6408 2057
a086f73b 2058 if test $ac_cv_lib_dl_dlopen = yes; then
282d6408 2059 case "$LIBS" in
2060 *-ldl*)
2061 # libdl already in LIBS
2062 ;;
2063 *)
e54defb4 2064 SSHDLIBS="$SSHDLIBS -ldl"
282d6408 2065 ;;
2066 esac
a086f73b 2067 fi
a086f73b 2068 fi
2069 ]
2070)
2071
2072# Check for older PAM
2073if test "x$PAM_MSG" = "xyes" ; then
2074 # Check PAM strerror arguments (old PAM)
2075 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2076 AC_TRY_COMPILE(
2077 [
2078#include <stdlib.h>
2079#if defined(HAVE_SECURITY_PAM_APPL_H)
2080#include <security/pam_appl.h>
2081#elif defined (HAVE_PAM_PAM_APPL_H)
2082#include <pam/pam_appl.h>
2083#endif
2084 ],
2085 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2086 [AC_MSG_RESULT(no)],
2087 [
2088 AC_DEFINE(HAVE_OLD_PAM, 1,
2089 [Define if you have an old version of PAM
2090 which takes only one argument to pam_strerror])
2091 AC_MSG_RESULT(yes)
2092 PAM_MSG="yes (old library)"
2093 ]
2094 )
2095fi
f1b0ecc3 2096
2097# Do we want to force the use of the rand helper?
2098AC_ARG_WITH(rand-helper,
2099 [ --with-rand-helper Use subprocess to gather strong randomness ],
2100 [
2101 if test "x$withval" = "xno" ; then
aff51935 2102 # Force use of OpenSSL's internal RNG, even if
f1b0ecc3 2103 # the previous test showed it to be unseeded.
2104 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2105 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2106 OPENSSL_SEEDS_ITSELF=yes
2107 USE_RAND_HELPER=""
2108 fi
2109 else
2110 USE_RAND_HELPER=yes
2111 fi
2112 ],
82f4e93d 2113)
f1b0ecc3 2114
2115# Which randomness source do we use?
4b492aab 2116if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
f1b0ecc3 2117 # OpenSSL only
3466e002 2118 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2119 [Define if you want OpenSSL's internally seeded PRNG only])
f1b0ecc3 2120 RAND_MSG="OpenSSL internal ONLY"
2121 INSTALL_SSH_RAND_HELPER=""
70e2f2f3 2122elif test ! -z "$USE_RAND_HELPER" ; then
2123 # install rand helper
f1b0ecc3 2124 RAND_MSG="ssh-rand-helper"
2125 INSTALL_SSH_RAND_HELPER="yes"
2126fi
2127AC_SUBST(INSTALL_SSH_RAND_HELPER)
2128
2129### Configuration of ssh-rand-helper
2130
2131# PRNGD TCP socket
2132AC_ARG_WITH(prngd-port,
2133 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2134 [
eb5d7ff6 2135 case "$withval" in
2136 no)
2137 withval=""
2138 ;;
2139 [[0-9]]*)
2140 ;;
2141 *)
2142 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2143 ;;
2144 esac
2145 if test ! -z "$withval" ; then
f1b0ecc3 2146 PRNGD_PORT="$withval"
3466e002 2147 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2148 [Port number of PRNGD/EGD random number socket])
f1b0ecc3 2149 fi
2150 ]
2151)
2152
2153# PRNGD Unix domain socket
2154AC_ARG_WITH(prngd-socket,
2155 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2156 [
eb5d7ff6 2157 case "$withval" in
2158 yes)
f1b0ecc3 2159 withval="/var/run/egd-pool"
eb5d7ff6 2160 ;;
2161 no)
2162 withval=""
2163 ;;
2164 /*)
2165 ;;
2166 *)
2167 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2168 ;;
2169 esac
2170
2171 if test ! -z "$withval" ; then
f1b0ecc3 2172 if test ! -z "$PRNGD_PORT" ; then
2173 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2174 fi
906e811b 2175 if test ! -r "$withval" ; then
f1b0ecc3 2176 AC_MSG_WARN(Entropy socket is not readable)
2177 fi
2178 PRNGD_SOCKET="$withval"
3466e002 2179 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2180 [Location of PRNGD/EGD random number socket])
f1b0ecc3 2181 fi
ddceb1c8 2182 ],
2183 [
2184 # Check for existing socket only if we don't have a random device already
2185 if test "$USE_RAND_HELPER" = yes ; then
2186 AC_MSG_CHECKING(for PRNGD/EGD socket)
2187 # Insert other locations here
2188 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2189 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2190 PRNGD_SOCKET="$sock"
2191 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2192 break;
2193 fi
2194 done
2195 if test ! -z "$PRNGD_SOCKET" ; then
2196 AC_MSG_RESULT($PRNGD_SOCKET)
2197 else
2198 AC_MSG_RESULT(not found)
2199 fi
2200 fi
f1b0ecc3 2201 ]
2202)
2203
2204# Change default command timeout for hashing entropy source
2205entropy_timeout=200
2206AC_ARG_WITH(entropy-timeout,
2207 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2208 [
6cf0200f 2209 if test -n "$withval" && test "x$withval" != "xno" && \
2210 test "x${withval}" != "xyes"; then
f1b0ecc3 2211 entropy_timeout=$withval
2212 fi
82f4e93d 2213 ]
f1b0ecc3 2214)
3466e002 2215AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2216 [Builtin PRNG command timeout])
f1b0ecc3 2217
fd3cbf67 2218SSH_PRIVSEP_USER=sshd
9a0fbcb3 2219AC_ARG_WITH(privsep-user,
5222e7ef 2220 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
9a0fbcb3 2221 [
6cf0200f 2222 if test -n "$withval" && test "x$withval" != "xno" && \
2223 test "x${withval}" != "xyes"; then
fd3cbf67 2224 SSH_PRIVSEP_USER=$withval
9a0fbcb3 2225 fi
82f4e93d 2226 ]
9a0fbcb3 2227)
3466e002 2228AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2229 [non-privileged user for privilege separation])
fd3cbf67 2230AC_SUBST(SSH_PRIVSEP_USER)
9a0fbcb3 2231
81dadca3 2232# We do this little dance with the search path to insure
2233# that programs that we select for use by installed programs
2234# (which may be run by the super-user) come from trusted
2235# locations before they come from the user's private area.
2236# This should help avoid accidentally configuring some
2237# random version of a program in someone's personal bin.
2238
2239OPATH=$PATH
2240PATH=/bin:/usr/bin
f95c8ce8 2241test -h /bin 2> /dev/null && PATH=/usr/bin
81dadca3 2242test -d /sbin && PATH=$PATH:/sbin
2243test -d /usr/sbin && PATH=$PATH:/usr/sbin
2244PATH=$PATH:/etc:$OPATH
2245
aff51935 2246# These programs are used by the command hashing source to gather entropy
f1b0ecc3 2247OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2248OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2249OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2250OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2251OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2252OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2253OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2254OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2255OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2256OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2257OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2258OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2259OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2260OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2261OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2262OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
81dadca3 2263# restore PATH
2264PATH=$OPATH
f1b0ecc3 2265
2266# Where does ssh-rand-helper get its randomness from?
2267INSTALL_SSH_PRNG_CMDS=""
2268if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2269 if test ! -z "$PRNGD_PORT" ; then
2270 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2271 elif test ! -z "$PRNGD_SOCKET" ; then
2272 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2273 else
2274 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2275 RAND_HELPER_CMDHASH=yes
2276 INSTALL_SSH_PRNG_CMDS="yes"
2277 fi
2278fi
2279AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2280
2281
66d6c27e 2282# Cheap hack to ensure NEWS-OS libraries are arranged right.
2283if test ! -z "$SONY" ; then
2284 LIBS="$LIBS -liberty";
2285fi
2286
9a406e1e 2287# Check for long long datatypes
2288AC_CHECK_TYPES([long long, unsigned long long, long double])
2289
2290# Check datatype sizes
976f7e19 2291AC_CHECK_SIZEOF(char, 1)
2b942fe0 2292AC_CHECK_SIZEOF(short int, 2)
2293AC_CHECK_SIZEOF(int, 4)
2294AC_CHECK_SIZEOF(long int, 4)
2295AC_CHECK_SIZEOF(long long int, 8)
2296
52f1ccb2 2297# Sanity check long long for some platforms (AIX)
2298if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2299 ac_cv_sizeof_long_long_int=0
2300fi
2301
90f15776 2302# compute LLONG_MIN and LLONG_MAX if we don't know them.
2303if test -z "$have_llong_max"; then
2304 AC_MSG_CHECKING([for max value of long long])
2305 AC_RUN_IFELSE(
2306 [AC_LANG_SOURCE([[
2307#include <stdio.h>
2308/* Why is this so damn hard? */
2309#ifdef __GNUC__
2310# undef __GNUC__
2311#endif
2312#define __USE_ISOC99
2313#include <limits.h>
2314#define DATA "conftest.llminmax"
055252ed 2315#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2316
2317/*
2318 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2319 * we do this the hard way.
2320 */
2321static int
2322fprint_ll(FILE *f, long long n)
2323{
2324 unsigned int i;
2325 int l[sizeof(long long) * 8];
2326
2327 if (n < 0)
2328 if (fprintf(f, "-") < 0)
2329 return -1;
2330 for (i = 0; n != 0; i++) {
2331 l[i] = my_abs(n % 10);
2332 n /= 10;
2333 }
2334 do {
2335 if (fprintf(f, "%d", l[--i]) < 0)
2336 return -1;
2337 } while (i != 0);
2338 if (fprintf(f, " ") < 0)
2339 return -1;
2340 return 0;
2341}
2342
90f15776 2343int main(void) {
2344 FILE *f;
2345 long long i, llmin, llmax = 0;
2346
2347 if((f = fopen(DATA,"w")) == NULL)
2348 exit(1);
2349
2350#if defined(LLONG_MIN) && defined(LLONG_MAX)
2351 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2352 llmin = LLONG_MIN;
2353 llmax = LLONG_MAX;
2354#else
2355 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2356 /* This will work on one's complement and two's complement */
2357 for (i = 1; i > llmax; i <<= 1, i++)
2358 llmax = i;
2359 llmin = llmax + 1LL; /* wrap */
2360#endif
2361
2362 /* Sanity check */
2363 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
055252ed 2364 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2365 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
90f15776 2366 fprintf(f, "unknown unknown\n");
2367 exit(2);
2368 }
2369
055252ed 2370 if (fprint_ll(f, llmin) < 0)
90f15776 2371 exit(3);
055252ed 2372 if (fprint_ll(f, llmax) < 0)
2373 exit(4);
2374 if (fclose(f) < 0)
2375 exit(5);
90f15776 2376 exit(0);
2377}
2378 ]])],
2379 [
2380 llong_min=`$AWK '{print $1}' conftest.llminmax`
2381 llong_max=`$AWK '{print $2}' conftest.llminmax`
2382
90f15776 2383 AC_MSG_RESULT($llong_max)
2384 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2385 [max value of long long calculated by configure])
2386 AC_MSG_CHECKING([for min value of long long])
2387 AC_MSG_RESULT($llong_min)
2388 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2389 [min value of long long calculated by configure])
2390 ],
2391 [
2392 AC_MSG_RESULT(not found)
2393 ],
2394 [
2395 AC_MSG_WARN([cross compiling: not checking])
2396 ]
2397 )
2398fi
2399
2400
a0391976 2401# More checks for data types
14a9a859 2402AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2403 AC_TRY_COMPILE(
aff51935 2404 [ #include <sys/types.h> ],
2405 [ u_int a; a = 1;],
14a9a859 2406 [ ac_cv_have_u_int="yes" ],
2407 [ ac_cv_have_u_int="no" ]
2408 )
2409])
2410if test "x$ac_cv_have_u_int" = "xyes" ; then
3466e002 2411 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
14a9a859 2412 have_u_int=1
2413fi
2414
58d100bf 2415AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2416 AC_TRY_COMPILE(
aff51935 2417 [ #include <sys/types.h> ],
2418 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
58d100bf 2419 [ ac_cv_have_intxx_t="yes" ],
2420 [ ac_cv_have_intxx_t="no" ]
2421 )
2422])
2423if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3466e002 2424 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
58d100bf 2425 have_intxx_t=1
2426fi
41cb4569 2427
2428if (test -z "$have_intxx_t" && \
aff51935 2429 test "x$ac_cv_header_stdint_h" = "xyes")
41cb4569 2430then
2431 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2432 AC_TRY_COMPILE(
aff51935 2433 [ #include <stdint.h> ],
2434 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
41cb4569 2435 [
2436 AC_DEFINE(HAVE_INTXX_T)
2437 AC_MSG_RESULT(yes)
2438 ],
2439 [ AC_MSG_RESULT(no) ]
2440 )
2441fi
2442
bd590612 2443AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2444 AC_TRY_COMPILE(
1cbbe6c8 2445 [
2446#include <sys/types.h>
2447#ifdef HAVE_STDINT_H
2448# include <stdint.h>
2449#endif
2450#include <sys/socket.h>
2451#ifdef HAVE_SYS_BITYPES_H
2452# include <sys/bitypes.h>
2453#endif
aff51935 2454 ],
2455 [ int64_t a; a = 1;],
bd590612 2456 [ ac_cv_have_int64_t="yes" ],
2457 [ ac_cv_have_int64_t="no" ]
2458 )
2459])
2460if test "x$ac_cv_have_int64_t" = "xyes" ; then
3466e002 2461 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
ddceb1c8 2462fi
2463
58d100bf 2464AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2465 AC_TRY_COMPILE(
aff51935 2466 [ #include <sys/types.h> ],
2467 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
58d100bf 2468 [ ac_cv_have_u_intxx_t="yes" ],
2469 [ ac_cv_have_u_intxx_t="no" ]
2470 )
2471])
2472if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3466e002 2473 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
58d100bf 2474 have_u_intxx_t=1
2475fi
2b942fe0 2476
41cb4569 2477if test -z "$have_u_intxx_t" ; then
2478 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2479 AC_TRY_COMPILE(
aff51935 2480 [ #include <sys/socket.h> ],
2481 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
41cb4569 2482 [
2483 AC_DEFINE(HAVE_U_INTXX_T)
2484 AC_MSG_RESULT(yes)
2485 ],
2486 [ AC_MSG_RESULT(no) ]
2487 )
2488fi
2489
bd590612 2490AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2491 AC_TRY_COMPILE(
aff51935 2492 [ #include <sys/types.h> ],
2493 [ u_int64_t a; a = 1;],
bd590612 2494 [ ac_cv_have_u_int64_t="yes" ],
2495 [ ac_cv_have_u_int64_t="no" ]
2496 )
2497])
2498if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3466e002 2499 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
bd590612 2500 have_u_int64_t=1
2501fi
2502
ddceb1c8 2503if test -z "$have_u_int64_t" ; then
2504 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2505 AC_TRY_COMPILE(
aff51935 2506 [ #include <sys/bitypes.h> ],
ddceb1c8 2507 [ u_int64_t a; a = 1],
2508 [
2509 AC_DEFINE(HAVE_U_INT64_T)
2510 AC_MSG_RESULT(yes)
2511 ],
2512 [ AC_MSG_RESULT(no) ]
2513 )
2514fi
2515
41cb4569 2516if test -z "$have_u_intxx_t" ; then
2517 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2518 AC_TRY_COMPILE(
2519 [
2520#include <sys/types.h>
aff51935 2521 ],
2522 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
41cb4569 2523 [ ac_cv_have_uintxx_t="yes" ],
2524 [ ac_cv_have_uintxx_t="no" ]
2525 )
2526 ])
2527 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3466e002 2528 AC_DEFINE(HAVE_UINTXX_T, 1,
2529 [define if you have uintxx_t data type])
41cb4569 2530 fi
2531fi
2532
2533if test -z "$have_uintxx_t" ; then
2534 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2535 AC_TRY_COMPILE(
aff51935 2536 [ #include <stdint.h> ],
2537 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
41cb4569 2538 [
2539 AC_DEFINE(HAVE_UINTXX_T)
2540 AC_MSG_RESULT(yes)
2541 ],
2542 [ AC_MSG_RESULT(no) ]
2543 )
2544fi
2545
e5fe9a1f 2546if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
aff51935 2547 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
5cdfe03f 2548then
2549 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2550 AC_TRY_COMPILE(
58d100bf 2551 [
2552#include <sys/bitypes.h>
aff51935 2553 ],
5cdfe03f 2554 [
837c30b8 2555 int8_t a; int16_t b; int32_t c;
2556 u_int8_t e; u_int16_t f; u_int32_t g;
2557 a = b = c = e = f = g = 1;
aff51935 2558 ],
5cdfe03f 2559 [
2560 AC_DEFINE(HAVE_U_INTXX_T)
2561 AC_DEFINE(HAVE_INTXX_T)
2562 AC_MSG_RESULT(yes)
2563 ],
2564 [AC_MSG_RESULT(no)]
aff51935 2565 )
5cdfe03f 2566fi
2567
0362750e 2568
2569AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2570 AC_TRY_COMPILE(
2571 [
2572#include <sys/types.h>
2573 ],
2574 [ u_char foo; foo = 125; ],
2575 [ ac_cv_have_u_char="yes" ],
2576 [ ac_cv_have_u_char="no" ]
2577 )
2578])
2579if test "x$ac_cv_have_u_char" = "xyes" ; then
3466e002 2580 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
0362750e 2581fi
2582
98a7c37b 2583TYPE_SOCKLEN_T
2b942fe0 2584
2d16d9a3 2585AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
ddceb1c8 2586
777ece68 2587AC_CHECK_TYPES(in_addr_t,,,
2588[#include <sys/types.h>
2589#include <netinet/in.h>])
7b578f7d 2590
58d100bf 2591AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2592 AC_TRY_COMPILE(
2593 [
18ba2aab 2594#include <sys/types.h>
58d100bf 2595 ],
2596 [ size_t foo; foo = 1235; ],
2597 [ ac_cv_have_size_t="yes" ],
2598 [ ac_cv_have_size_t="no" ]
2599 )
2600])
2601if test "x$ac_cv_have_size_t" = "xyes" ; then
3466e002 2602 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
58d100bf 2603fi
ea1970a3 2604
c04f75f1 2605AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2606 AC_TRY_COMPILE(
2607 [
2608#include <sys/types.h>
2609 ],
2610 [ ssize_t foo; foo = 1235; ],
2611 [ ac_cv_have_ssize_t="yes" ],
2612 [ ac_cv_have_ssize_t="no" ]
2613 )
2614])
2615if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3466e002 2616 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
c04f75f1 2617fi
2618
f1c4659d 2619AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2620 AC_TRY_COMPILE(
2621 [
2622#include <time.h>
2623 ],
2624 [ clock_t foo; foo = 1235; ],
2625 [ ac_cv_have_clock_t="yes" ],
2626 [ ac_cv_have_clock_t="no" ]
2627 )
2628])
2629if test "x$ac_cv_have_clock_t" = "xyes" ; then
3466e002 2630 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
f1c4659d 2631fi
2632
1c04b088 2633AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2634 AC_TRY_COMPILE(
2635 [
2636#include <sys/types.h>
2637#include <sys/socket.h>
2638 ],
2639 [ sa_family_t foo; foo = 1235; ],
2640 [ ac_cv_have_sa_family_t="yes" ],
77bb0bca 2641 [ AC_TRY_COMPILE(
2642 [
2643#include <sys/types.h>
2644#include <sys/socket.h>
2645#include <netinet/in.h>
2646 ],
2647 [ sa_family_t foo; foo = 1235; ],
2648 [ ac_cv_have_sa_family_t="yes" ],
2649
1c04b088 2650 [ ac_cv_have_sa_family_t="no" ]
77bb0bca 2651 )]
1c04b088 2652 )
2653])
2654if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3466e002 2655 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2656 [define if you have sa_family_t data type])
1c04b088 2657fi
2658
729bfe59 2659AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2660 AC_TRY_COMPILE(
2661 [
2662#include <sys/types.h>
2663 ],
2664 [ pid_t foo; foo = 1235; ],
2665 [ ac_cv_have_pid_t="yes" ],
2666 [ ac_cv_have_pid_t="no" ]
2667 )
2668])
2669if test "x$ac_cv_have_pid_t" = "xyes" ; then
3466e002 2670 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
729bfe59 2671fi
2672
2673AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2674 AC_TRY_COMPILE(
2675 [
2676#include <sys/types.h>
2677 ],
2678 [ mode_t foo; foo = 1235; ],
2679 [ ac_cv_have_mode_t="yes" ],
2680 [ ac_cv_have_mode_t="no" ]
2681 )
2682])
2683if test "x$ac_cv_have_mode_t" = "xyes" ; then
3466e002 2684 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
729bfe59 2685fi
2686
e3a93db0 2687
58d100bf 2688AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2689 AC_TRY_COMPILE(
2690 [
18ba2aab 2691#include <sys/types.h>
2692#include <sys/socket.h>
58d100bf 2693 ],
2694 [ struct sockaddr_storage s; ],
2695 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2696 [ ac_cv_have_struct_sockaddr_storage="no" ]
2697 )
2698])
2699if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3466e002 2700 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2701 [define if you have struct sockaddr_storage data type])
58d100bf 2702fi
48e671d5 2703
58d100bf 2704AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2705 AC_TRY_COMPILE(
2706 [
cbd7492e 2707#include <sys/types.h>
58d100bf 2708#include <netinet/in.h>
2709 ],
2710 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2711 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2712 [ ac_cv_have_struct_sockaddr_in6="no" ]
2713 )
2714])
2715if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3466e002 2716 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2717 [define if you have struct sockaddr_in6 data type])
58d100bf 2718fi
48e671d5 2719
58d100bf 2720AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2721 AC_TRY_COMPILE(
2722 [
cbd7492e 2723#include <sys/types.h>
58d100bf 2724#include <netinet/in.h>
2725 ],
2726 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2727 [ ac_cv_have_struct_in6_addr="yes" ],
2728 [ ac_cv_have_struct_in6_addr="no" ]
2729 )
2730])
2731if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3466e002 2732 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2733 [define if you have struct in6_addr data type])
58d100bf 2734fi
48e671d5 2735
58d100bf 2736AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2737 AC_TRY_COMPILE(
2738 [
18ba2aab 2739#include <sys/types.h>
2740#include <sys/socket.h>
2741#include <netdb.h>
58d100bf 2742 ],
2743 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2744 [ ac_cv_have_struct_addrinfo="yes" ],
2745 [ ac_cv_have_struct_addrinfo="no" ]
2746 )
2747])
2748if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3466e002 2749 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2750 [define if you have struct addrinfo data type])
58d100bf 2751fi
2752
89c7e31c 2753AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2754 AC_TRY_COMPILE(
aff51935 2755 [ #include <sys/time.h> ],
2756 [ struct timeval tv; tv.tv_sec = 1;],
89c7e31c 2757 [ ac_cv_have_struct_timeval="yes" ],
2758 [ ac_cv_have_struct_timeval="no" ]
2759 )
2760])
2761if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3466e002 2762 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
89c7e31c 2763 have_struct_timeval=1
2764fi
2765
5271b55c 2766AC_CHECK_TYPES(struct timespec)
2767
85abc74b 2768# We need int64_t or else certian parts of the compile will fail.
4b492aab 2769if test "x$ac_cv_have_int64_t" = "xno" && \
2770 test "x$ac_cv_sizeof_long_int" != "x8" && \
2771 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
85abc74b 2772 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2773 echo "an alternative compiler (I.E., GCC) before continuing."
2774 echo ""
2775 exit 1;
733cf7f4 2776else
2777dnl test snprintf (broken on SCO w/gcc)
1a01a50c 2778 AC_RUN_IFELSE(
479cece8 2779 [AC_LANG_SOURCE([[
733cf7f4 2780#include <stdio.h>
2781#include <string.h>
2782#ifdef HAVE_SNPRINTF
2783main()
2784{
2785 char buf[50];
2786 char expected_out[50];
2787 int mazsize = 50 ;
2788#if (SIZEOF_LONG_INT == 8)
2789 long int num = 0x7fffffffffffffff;
2790#else
763a1a18 2791 long long num = 0x7fffffffffffffffll;
733cf7f4 2792#endif
2793 strcpy(expected_out, "9223372036854775807");
2794 snprintf(buf, mazsize, "%lld", num);
2795 if(strcmp(buf, expected_out) != 0)
aff51935 2796 exit(1);
733cf7f4 2797 exit(0);
2798}
2799#else
2800main() { exit(0); }
2801#endif
479cece8 2802 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
1a01a50c 2803 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
733cf7f4 2804 )
2c523de9 2805fi
2806
77bb0bca 2807dnl Checks for structure members
58d100bf 2808OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2809OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2810OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2811OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2812OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
25422c70 2813OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
58d100bf 2814OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2815OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
daaff4d5 2816OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
58d100bf 2817OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2818OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2819OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2820OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1d7b9b20 2821OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2822OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2823OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2824OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
98a7c37b 2825
2826AC_CHECK_MEMBERS([struct stat.st_blksize])
ccc45ee0 2827AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2828 [Define if we don't have struct __res_state in resolv.h])],
2829[
2830#include <stdio.h>
2831#if HAVE_SYS_TYPES_H
2832# include <sys/types.h>
2833#endif
2834#include <netinet/in.h>
2835#include <arpa/nameser.h>
2836#include <resolv.h>
2837])
1d7b9b20 2838
58d100bf 2839AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2840 ac_cv_have_ss_family_in_struct_ss, [
2841 AC_TRY_COMPILE(
2842 [
18ba2aab 2843#include <sys/types.h>
2844#include <sys/socket.h>
58d100bf 2845 ],
2846 [ struct sockaddr_storage s; s.ss_family = 1; ],
2847 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2848 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2849 )
2850])
2851if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3466e002 2852 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
58d100bf 2853fi
2854
58d100bf 2855AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2856 ac_cv_have___ss_family_in_struct_ss, [
2857 AC_TRY_COMPILE(
2858 [
18ba2aab 2859#include <sys/types.h>
2860#include <sys/socket.h>
58d100bf 2861 ],
2862 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2863 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2864 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2865 )
2866])
2867if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3466e002 2868 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2869 [Fields in struct sockaddr_storage])
58d100bf 2870fi
2871
2e73a022 2872AC_CACHE_CHECK([for pw_class field in struct passwd],
2873 ac_cv_have_pw_class_in_struct_passwd, [
2874 AC_TRY_COMPILE(
2875 [
2e73a022 2876#include <pwd.h>
2877 ],
97994d32 2878 [ struct passwd p; p.pw_class = 0; ],
2e73a022 2879 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2880 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2881 )
2882])
2883if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3466e002 2884 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2885 [Define if your password has a pw_class field])
2e73a022 2886fi
2887
7751d4eb 2888AC_CACHE_CHECK([for pw_expire field in struct passwd],
2889 ac_cv_have_pw_expire_in_struct_passwd, [
2890 AC_TRY_COMPILE(
2891 [
2892#include <pwd.h>
2893 ],
2894 [ struct passwd p; p.pw_expire = 0; ],
2895 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2896 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2897 )
2898])
2899if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3466e002 2900 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2901 [Define if your password has a pw_expire field])
7751d4eb 2902fi
2903
2904AC_CACHE_CHECK([for pw_change field in struct passwd],
2905 ac_cv_have_pw_change_in_struct_passwd, [
2906 AC_TRY_COMPILE(
2907 [
2908#include <pwd.h>
2909 ],
2910 [ struct passwd p; p.pw_change = 0; ],
2911 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2912 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2913 )
2914])
2915if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3466e002 2916 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2917 [Define if your password has a pw_change field])
7751d4eb 2918fi
58d100bf 2919
637f9177 2920dnl make sure we're using the real structure members and not defines
6f34652e 2921AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2922 ac_cv_have_accrights_in_msghdr, [
1a01a50c 2923 AC_COMPILE_IFELSE(
6f34652e 2924 [
f95c8ce8 2925#include <sys/types.h>
6f34652e 2926#include <sys/socket.h>
2927#include <sys/uio.h>
637f9177 2928int main() {
2929#ifdef msg_accrights
1a01a50c 2930#error "msg_accrights is a macro"
637f9177 2931exit(1);
2932#endif
2933struct msghdr m;
2934m.msg_accrights = 0;
2935exit(0);
2936}
6f34652e 2937 ],
6f34652e 2938 [ ac_cv_have_accrights_in_msghdr="yes" ],
2939 [ ac_cv_have_accrights_in_msghdr="no" ]
2940 )
2941])
2942if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3466e002 2943 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2944 [Define if your system uses access rights style
2945 file descriptor passing])
6f34652e 2946fi
2947
7176df4f 2948AC_CACHE_CHECK([for msg_control field in struct msghdr],
2949 ac_cv_have_control_in_msghdr, [
1a01a50c 2950 AC_COMPILE_IFELSE(
7176df4f 2951 [
f95c8ce8 2952#include <sys/types.h>
7176df4f 2953#include <sys/socket.h>
2954#include <sys/uio.h>
637f9177 2955int main() {
2956#ifdef msg_control
1a01a50c 2957#error "msg_control is a macro"
637f9177 2958exit(1);
2959#endif
2960struct msghdr m;
2961m.msg_control = 0;
2962exit(0);
2963}
7176df4f 2964 ],
7176df4f 2965 [ ac_cv_have_control_in_msghdr="yes" ],
2966 [ ac_cv_have_control_in_msghdr="no" ]
2967 )
2968])
2969if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3466e002 2970 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2971 [Define if your system uses ancillary data style
2972 file descriptor passing])
7176df4f 2973fi
2974
58d100bf 2975AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
aff51935 2976 AC_TRY_LINK([],
2977 [ extern char *__progname; printf("%s", __progname); ],
58d100bf 2978 [ ac_cv_libc_defines___progname="yes" ],
2979 [ ac_cv_libc_defines___progname="no" ]
2980 )
2981])
2982if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3466e002 2983 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
58d100bf 2984fi
8946db53 2985
c921ee00 2986AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2987 AC_TRY_LINK([
2988#include <stdio.h>
aff51935 2989],
2990 [ printf("%s", __FUNCTION__); ],
c921ee00 2991 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2992 [ ac_cv_cc_implements___FUNCTION__="no" ]
2993 )
2994])
2995if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3466e002 2996 AC_DEFINE(HAVE___FUNCTION__, 1,
2997 [Define if compiler implements __FUNCTION__])
c921ee00 2998fi
2999
3000AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3001 AC_TRY_LINK([
3002#include <stdio.h>
aff51935 3003],
3004 [ printf("%s", __func__); ],
c921ee00 3005 [ ac_cv_cc_implements___func__="yes" ],
3006 [ ac_cv_cc_implements___func__="no" ]
3007 )
3008])
3009if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3466e002 3010 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
c921ee00 3011fi
3012
9a406e1e 3013AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3014 AC_TRY_LINK(
3015 [#include <stdarg.h>
3016 va_list x,y;],
3017 [va_copy(x,y);],
3018 [ ac_cv_have_va_copy="yes" ],
3019 [ ac_cv_have_va_copy="no" ]
3020 )
3021])
3022if test "x$ac_cv_have_va_copy" = "xyes" ; then
3023 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3024fi
3025
3026AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3027 AC_TRY_LINK(
3028 [#include <stdarg.h>
3029 va_list x,y;],
3030 [__va_copy(x,y);],
3031 [ ac_cv_have___va_copy="yes" ],
3032 [ ac_cv_have___va_copy="no" ]
3033 )
3034])
3035if test "x$ac_cv_have___va_copy" = "xyes" ; then
3036 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3037fi
3038
1812a662 3039AC_CACHE_CHECK([whether getopt has optreset support],
3040 ac_cv_have_getopt_optreset, [
3041 AC_TRY_LINK(
3042 [
3043#include <getopt.h>
3044 ],
3045 [ extern int optreset; optreset = 0; ],
3046 [ ac_cv_have_getopt_optreset="yes" ],
3047 [ ac_cv_have_getopt_optreset="no" ]
3048 )
3049])
3050if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3466e002 3051 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3052 [Define if your getopt(3) defines and uses optreset])
1812a662 3053fi
a0391976 3054
819b676f 3055AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
aff51935 3056 AC_TRY_LINK([],
3057 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
819b676f 3058 [ ac_cv_libc_defines_sys_errlist="yes" ],
3059 [ ac_cv_libc_defines_sys_errlist="no" ]
3060 )
3061])
3062if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3466e002 3063 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3064 [Define if your system defines sys_errlist[]])
819b676f 3065fi
3066
3067
416ed5a7 3068AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
aff51935 3069 AC_TRY_LINK([],
3070 [ extern int sys_nerr; printf("%i", sys_nerr);],
416ed5a7 3071 [ ac_cv_libc_defines_sys_nerr="yes" ],
3072 [ ac_cv_libc_defines_sys_nerr="no" ]
3073 )
3074])
3075if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3466e002 3076 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
416ed5a7 3077fi
3078
aff51935 3079SCARD_MSG="no"
295c8801 3080# Check whether user wants sectok support
3081AC_ARG_WITH(sectok,
3082 [ --with-sectok Enable smartcard support using libsectok],
d0b19c95 3083 [
3084 if test "x$withval" != "xno" ; then
3085 if test "x$withval" != "xyes" ; then
3086 CPPFLAGS="$CPPFLAGS -I${withval}"
3087 LDFLAGS="$LDFLAGS -L${withval}"
3088 if test ! -z "$need_dash_r" ; then
3089 LDFLAGS="$LDFLAGS -R${withval}"
3090 fi
3091 if test ! -z "$blibpath" ; then
3092 blibpath="$blibpath:${withval}"
3093 fi
3094 fi
3095 AC_CHECK_HEADERS(sectok.h)
3096 if test "$ac_cv_header_sectok_h" != yes; then
3097 AC_MSG_ERROR(Can't find sectok.h)
3098 fi
3099 AC_CHECK_LIB(sectok, sectok_open)
3100 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3101 AC_MSG_ERROR(Can't find libsectok)
3102 fi
3466e002 3103 AC_DEFINE(SMARTCARD, 1,
3104 [Define if you want smartcard support])
3105 AC_DEFINE(USE_SECTOK, 1,
3106 [Define if you want smartcard support
3107 using sectok])
aff51935 3108 SCARD_MSG="yes, using sectok"
295c8801 3109 fi
3110 ]
3111)
3112
3113# Check whether user wants OpenSC support
987b458f 3114OPENSC_CONFIG="no"
295c8801 3115AC_ARG_WITH(opensc,
e47fb473 3116 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
987b458f 3117 [
3118 if test "x$withval" != "xno" ; then
3119 if test "x$withval" != "xyes" ; then
3120 OPENSC_CONFIG=$withval/bin/opensc-config
3121 else
3122 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3123 fi
3124 if test "$OPENSC_CONFIG" != "no"; then
3125 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3126 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3127 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
530456f4 3128 LIBS="$LIBS $LIBOPENSC_LIBS"
987b458f 3129 AC_DEFINE(SMARTCARD)
3466e002 3130 AC_DEFINE(USE_OPENSC, 1,
3131 [Define if you want smartcard support
3132 using OpenSC])
987b458f 3133 SCARD_MSG="yes, using OpenSC"
3134 fi
3135 fi
3136 ]
3137)
d0b19c95 3138
c31dc31c 3139# Check libraries needed by DNS fingerprint support
aff51935 3140AC_SEARCH_LIBS(getrrsetbyname, resolv,
3466e002 3141 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3142 [Define if getrrsetbyname() exists])],
3e05e934 3143 [
c31dc31c 3144 # Needed by our getrrsetbyname()
3145 AC_SEARCH_LIBS(res_query, resolv)
3146 AC_SEARCH_LIBS(dn_expand, resolv)
dabb524a 3147 AC_MSG_CHECKING(if res_query will link)
3148 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3149 [AC_MSG_RESULT(no)
3150 saved_LIBS="$LIBS"
3151 LIBS="$LIBS -lresolv"
3152 AC_MSG_CHECKING(for res_query in -lresolv)
3153 AC_LINK_IFELSE([
3154#include <resolv.h>
3155int main()
3156{
3157 res_query (0, 0, 0, 0, 0);
3158 return 0;
3159}
3160 ],
3161 [LIBS="$LIBS -lresolv"
3162 AC_MSG_RESULT(yes)],
3163 [LIBS="$saved_LIBS"
3164 AC_MSG_RESULT(no)])
3165 ])
c31dc31c 3166 AC_CHECK_FUNCS(_getshort _getlong)
1c829da5 3167 AC_CHECK_DECLS([_getshort, _getlong], , ,
b5765e1d 3168 [#include <sys/types.h>
3169 #include <arpa/nameser.h>])
c31dc31c 3170 AC_CHECK_MEMBER(HEADER.ad,
3466e002 3171 [AC_DEFINE(HAVE_HEADER_AD, 1,
3172 [Define if HEADER.ad exists in arpa/nameser.h])],,
c31dc31c 3173 [#include <arpa/nameser.h>])
3174 ])
3e05e934 3175
560acf80 3176AC_MSG_CHECKING(if struct __res_state _res is an extern)
3177AC_LINK_IFELSE([
3178#include <stdio.h>
3179#if HAVE_SYS_TYPES_H
3180# include <sys/types.h>
3181#endif
3182#include <netinet/in.h>
3183#include <arpa/nameser.h>
3184#include <resolv.h>
3185extern struct __res_state _res;
3186int main() { return 0; }
3187 ],
3188 [AC_MSG_RESULT(yes)
3189 AC_DEFINE(HAVE__RES_EXTERN, 1,
3190 [Define if you have struct __res_state _res as an extern])
3191 ],
3192 [ AC_MSG_RESULT(no) ]
3193)
3194
ef4d1846 3195# Check whether user wants SELinux support
3196SELINUX_MSG="no"
3197LIBSELINUX=""
3198AC_ARG_WITH(selinux,
3199 [ --with-selinux Enable SELinux support],
3200 [ if test "x$withval" != "xno" ; then
e54defb4 3201 save_LIBS="$LIBS"
ef4d1846 3202 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3203 SELINUX_MSG="yes"
3204 AC_CHECK_HEADER([selinux/selinux.h], ,
3205 AC_MSG_ERROR(SELinux support requires selinux.h header))
3206 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3207 AC_MSG_ERROR(SELinux support requires libselinux library))
e54defb4 3208 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
ef4d1846 3209 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
5ba277eb 3210 LIBS="$save_LIBS"
ef4d1846 3211 fi ]
3212)
ef4d1846 3213
12928e80 3214# Check whether user wants Kerberos 5 support
aff51935 3215KRB5_MSG="no"
12928e80 3216AC_ARG_WITH(kerberos5,
aff51935 3217 [ --with-kerberos5=PATH Enable Kerberos 5 support],
5585c441 3218 [ if test "x$withval" != "xno" ; then
3219 if test "x$withval" = "xyes" ; then
3220 KRB5ROOT="/usr/local"
3221 else
3222 KRB5ROOT=${withval}
3223 fi
3224
3466e002 3225 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
5585c441 3226 KRB5_MSG="yes"
3227
3228 AC_MSG_CHECKING(for krb5-config)
3229 if test -x $KRB5ROOT/bin/krb5-config ; then
3230 KRB5CONF=$KRB5ROOT/bin/krb5-config
3231 AC_MSG_RESULT($KRB5CONF)
3232
3233 AC_MSG_CHECKING(for gssapi support)
3234 if $KRB5CONF | grep gssapi >/dev/null ; then
3235 AC_MSG_RESULT(yes)
3466e002 3236 AC_DEFINE(GSSAPI, 1,
3237 [Define this if you want GSSAPI
3238 support in the version 2 protocol])
071970fb 3239 k5confopts=gssapi
aff51935 3240 else
5585c441 3241 AC_MSG_RESULT(no)
071970fb 3242 k5confopts=""
aff51935 3243 fi
071970fb 3244 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3245 K5LIBS="`$KRB5CONF --libs $k5confopts`"
5585c441 3246 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
5585c441 3247 AC_MSG_CHECKING(whether we are using Heimdal)
3248 AC_TRY_COMPILE([ #include <krb5.h> ],
3249 [ char *tmp = heimdal_version; ],
3250 [ AC_MSG_RESULT(yes)
3466e002 3251 AC_DEFINE(HEIMDAL, 1,
3252 [Define this if you are using the
3253 Heimdal version of Kerberos V5]) ],
5585c441 3254 AC_MSG_RESULT(no)
3255 )
3256 else
3257 AC_MSG_RESULT(no)
12928e80 3258 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
aff51935 3259 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
aff51935 3260 AC_MSG_CHECKING(whether we are using Heimdal)
3261 AC_TRY_COMPILE([ #include <krb5.h> ],
3262 [ char *tmp = heimdal_version; ],
3263 [ AC_MSG_RESULT(yes)
3264 AC_DEFINE(HEIMDAL)
41707f74 3265 K5LIBS="-lkrb5 -ldes"
3266 K5LIBS="$K5LIBS -lcom_err -lasn1"
82f4e93d 3267 AC_CHECK_LIB(roken, net_write,
41707f74 3268 [K5LIBS="$K5LIBS -lroken"])
aff51935 3269 ],
3270 [ AC_MSG_RESULT(no)
3271 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3272 ]
3273 )
4e00038c 3274 AC_SEARCH_LIBS(dn_expand, resolv)
12928e80 3275
749560dd 3276 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3277 [ AC_DEFINE(GSSAPI)
3278 K5LIBS="-lgssapi $K5LIBS" ],
3279 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3280 [ AC_DEFINE(GSSAPI)
aff51935 3281 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
749560dd 3282 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3283 $K5LIBS)
3284 ],
3285 $K5LIBS)
82f4e93d 3286
749560dd 3287 AC_CHECK_HEADER(gssapi.h, ,
3288 [ unset ac_cv_header_gssapi_h
aff51935 3289 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
749560dd 3290 AC_CHECK_HEADERS(gssapi.h, ,
3291 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
aff51935 3292 )
749560dd 3293 ]
3294 )
3295
3296 oldCPP="$CPPFLAGS"
3297 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3298 AC_CHECK_HEADER(gssapi_krb5.h, ,
3299 [ CPPFLAGS="$oldCPP" ])
3300
aff51935 3301 fi
5585c441 3302 if test ! -z "$need_dash_r" ; then
3303 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3304 fi
3305 if test ! -z "$blibpath" ; then
3306 blibpath="$blibpath:${KRB5ROOT}/lib"
3307 fi
071970fb 3308
f5555364 3309 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3310 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3311 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
071970fb 3312
f5555364 3313 LIBS="$LIBS $K5LIBS"
3466e002 3314 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3315 [Define this if you want to use libkafs' AFS support]))
f5555364 3316 fi
071970fb 3317 ]
12928e80 3318)
b5b68128 3319
a0391976 3320# Looking for programs, paths and files
a0391976 3321
ecac8ee5 3322PRIVSEP_PATH=/var/empty
3323AC_ARG_WITH(privsep-path,
cda1ebcb 3324 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
ecac8ee5 3325 [
6cf0200f 3326 if test -n "$withval" && test "x$withval" != "xno" && \
3327 test "x${withval}" != "xyes"; then
ecac8ee5 3328 PRIVSEP_PATH=$withval
3329 fi
3330 ]
3331)
3332AC_SUBST(PRIVSEP_PATH)
3333
a0391976 3334AC_ARG_WITH(xauth,
3335 [ --with-xauth=PATH Specify path to xauth program ],
3336 [
6cf0200f 3337 if test -n "$withval" && test "x$withval" != "xno" && \
3338 test "x${withval}" != "xyes"; then
cbd7492e 3339 xauth_path=$withval
a0391976 3340 fi
3341 ],
3342 [
2bf42e4a 3343 TestPath="$PATH"
3344 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3345 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3346 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3347 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3348 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
e5fe9a1f 3349 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
a0391976 3350 xauth_path="/usr/openwin/bin/xauth"
3351 fi
3352 ]
3353)
3354
65a4b4af 3355STRIP_OPT=-s
3356AC_ARG_ENABLE(strip,
3357 [ --disable-strip Disable calling strip(1) on install],
3358 [
3359 if test "x$enableval" = "xno" ; then
3360 STRIP_OPT=
3361 fi
3362 ]
3363)
3364AC_SUBST(STRIP_OPT)
3365
b3ec54b4 3366if test -z "$xauth_path" ; then
3367 XAUTH_PATH="undefined"
3368 AC_SUBST(XAUTH_PATH)
3369else
3466e002 3370 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3371 [Define if xauth is found in your path])
b3ec54b4 3372 XAUTH_PATH=$xauth_path
3373 AC_SUBST(XAUTH_PATH)
a0391976 3374fi
a0391976 3375
3376# Check for mail directory (last resort if we cannot get it from headers)
3377if test ! -z "$MAIL" ; then
3378 maildir=`dirname $MAIL`
3466e002 3379 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3380 [Set this to your mail directory if you don't have maillock.h])
a0391976 3381fi
3382
479cece8 3383if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
1a01a50c 3384 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3385 disable_ptmx_check=yes
3386fi
a0391976 3387if test -z "$no_dev_ptmx" ; then
6e879cb4 3388 if test "x$disable_ptmx_check" != "xyes" ; then
aff51935 3389 AC_CHECK_FILE("/dev/ptmx",
6e879cb4 3390 [
3466e002 3391 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3392 [Define if you have /dev/ptmx])
6e879cb4 3393 have_dev_ptmx=1
3394 ]
3395 )
3396 fi
3276571c 3397fi
1a01a50c 3398
479cece8 3399if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
1a01a50c 3400 AC_CHECK_FILE("/dev/ptc",
3401 [
3466e002 3402 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3403 [Define if you have /dev/ptc])
1a01a50c 3404 have_dev_ptc=1
3405 ]
3406 )
3407else
3408 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3409fi
3276571c 3410
a0391976 3411# Options from here on. Some of these are preset by platform above
fdf6b7aa 3412AC_ARG_WITH(mantype,
5d97cfbf 3413 [ --with-mantype=man|cat|doc Set man page type],
c54a6257 3414 [
5d97cfbf 3415 case "$withval" in
3416 man|cat|doc)
3417 MANTYPE=$withval
3418 ;;
3419 *)
3420 AC_MSG_ERROR(invalid man type: $withval)
3421 ;;
3422 esac
c54a6257 3423 ]
3424)
e0c4d3ac 3425if test -z "$MANTYPE"; then
2bf42e4a 3426 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3427 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
e0c4d3ac 3428 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3429 MANTYPE=doc
3430 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3431 MANTYPE=man
3432 else
3433 MANTYPE=cat
3434 fi
3435fi
c54a6257 3436AC_SUBST(MANTYPE)
e0c4d3ac 3437if test "$MANTYPE" = "doc"; then
3438 mansubdir=man;
3439else
3440 mansubdir=$MANTYPE;
3441fi
3442AC_SUBST(mansubdir)
0bc5b6fb 3443
a0391976 3444# Check whether to enable MD5 passwords
aff51935 3445MD5_MSG="no"
2ddcfdf3 3446AC_ARG_WITH(md5-passwords,
caf3bc51 3447 [ --with-md5-passwords Enable use of MD5 passwords],
0bc5b6fb 3448 [
bcf36c78 3449 if test "x$withval" != "xno" ; then
3466e002 3450 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3451 [Define if you want to allow MD5 passwords])
aff51935 3452 MD5_MSG="yes"
0bc5b6fb 3453 fi
3454 ]
caf3bc51 3455)
3456
a0391976 3457# Whether to disable shadow password support
a7effaac 3458AC_ARG_WITH(shadow,
3459 [ --without-shadow Disable shadow password support],
3460 [
82f4e93d 3461 if test "x$withval" = "xno" ; then
a7effaac 3462 AC_DEFINE(DISABLE_SHADOW)
4cb5ffa0 3463 disable_shadow=yes
a7effaac 3464 fi
3465 ]
3466)
3467
4cb5ffa0 3468if test -z "$disable_shadow" ; then
3469 AC_MSG_CHECKING([if the systems has expire shadow information])
3470 AC_TRY_COMPILE(
3471 [
3472#include <sys/types.h>
3473#include <shadow.h>
3474 struct spwd sp;
3475 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3476 [ sp_expire_available=yes ], []
3477 )
3478
3479 if test "x$sp_expire_available" = "xyes" ; then
3480 AC_MSG_RESULT(yes)
3466e002 3481 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3482 [Define if you want to use shadow password expire field])
4cb5ffa0 3483 else
3484 AC_MSG_RESULT(no)
3485 fi
3486fi
3487
a0391976 3488# Use ip address instead of hostname in $DISPLAY
44839801 3489if test ! -z "$IPADDR_IN_DISPLAY" ; then
3490 DISPLAY_HACK_MSG="yes"
3466e002 3491 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3492 [Define if you need to use IP address
3493 instead of hostname in $DISPLAY])
44839801 3494else
aff51935 3495 DISPLAY_HACK_MSG="no"
44839801 3496 AC_ARG_WITH(ipaddr-display,
3497 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3498 [
82f4e93d 3499 if test "x$withval" != "xno" ; then
44839801 3500 AC_DEFINE(IPADDR_IN_DISPLAY)
aff51935 3501 DISPLAY_HACK_MSG="yes"
44839801 3502 fi
3503 ]
3504 )
3505fi
a7effaac 3506
95b99395 3507# check for /etc/default/login and use it if present.
daa41e62 3508AC_ARG_ENABLE(etc-default-login,
6ff3d0dc 3509 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
694d0cef 3510 [ if test "x$enableval" = "xno"; then
3511 AC_MSG_NOTICE([/etc/default/login handling disabled])
3512 etc_default_login=no
3513 else
3514 etc_default_login=yes
3515 fi ],
b0e7249f 3516 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3517 then
3518 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3519 etc_default_login=no
3520 else
3521 etc_default_login=yes
3522 fi ]
694d0cef 3523)
95b99395 3524
694d0cef 3525if test "x$etc_default_login" != "xno"; then
3526 AC_CHECK_FILE("/etc/default/login",
3527 [ external_path_file=/etc/default/login ])
b0e7249f 3528 if test "x$external_path_file" = "x/etc/default/login"; then
3466e002 3529 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3530 [Define if your system has /etc/default/login])
1a01a50c 3531 fi
694d0cef 3532fi
95b99395 3533
8d184c09 3534dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4b492aab 3535if test $ac_cv_func_login_getcapbool = "yes" && \
3536 test $ac_cv_header_login_cap_h = "yes" ; then
95b99395 3537 external_path_file=/etc/login.conf
8d184c09 3538fi
95b99395 3539
a0391976 3540# Whether to mess with the default path
aff51935 3541SERVER_PATH_MSG="(default)"
c43d69a9 3542AC_ARG_WITH(default-path,
75817f90 3543 [ --with-default-path= Specify default \$PATH environment for server],
cb807f40 3544 [
95b99395 3545 if test "x$external_path_file" = "x/etc/login.conf" ; then
8d184c09 3546 AC_MSG_WARN([
3547--with-default-path=PATH has no effect on this system.
3548Edit /etc/login.conf instead.])
82f4e93d 3549 elif test "x$withval" != "xno" ; then
89bbd457 3550 if test ! -z "$external_path_file" ; then
95b99395 3551 AC_MSG_WARN([
3552--with-default-path=PATH will only be used if PATH is not defined in
3553$external_path_file .])
3554 fi
b2d818e6 3555 user_path="$withval"
aff51935 3556 SERVER_PATH_MSG="$withval"
cb807f40 3557 fi
b2d818e6 3558 ],
95b99395 3559 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3560 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
8d184c09 3561 else
89bbd457 3562 if test ! -z "$external_path_file" ; then
95b99395 3563 AC_MSG_WARN([
3564If PATH is defined in $external_path_file, ensure the path to scp is included,
3565otherwise scp will not work.])
3566 fi
b0e7249f 3567 AC_RUN_IFELSE(
3568 [AC_LANG_SOURCE([[
b2d818e6 3569/* find out what STDPATH is */
3570#include <stdio.h>
b2d818e6 3571#ifdef HAVE_PATHS_H
3572# include <paths.h>
3573#endif
3574#ifndef _PATH_STDPATH
d9a4e55b 3575# ifdef _PATH_USERPATH /* Irix */
3576# define _PATH_STDPATH _PATH_USERPATH
3577# else
3578# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3579# endif
b2d818e6 3580#endif
3581#include <sys/types.h>
3582#include <sys/stat.h>
3583#include <fcntl.h>
3584#define DATA "conftest.stdpath"
3585
3586main()
3587{
3588 FILE *fd;
3589 int rc;
82f4e93d 3590
b2d818e6 3591 fd = fopen(DATA,"w");
3592 if(fd == NULL)
3593 exit(1);
82f4e93d 3594
b2d818e6 3595 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3596 exit(1);
3597
3598 exit(0);
3599}
b0e7249f 3600 ]])],
3601 [ user_path=`cat conftest.stdpath` ],
b2d818e6 3602 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3603 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3604 )
3605# make sure $bindir is in USER_PATH so scp will work
3606 t_bindir=`eval echo ${bindir}`
3607 case $t_bindir in
3608 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3609 esac
3610 case $t_bindir in
3611 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3612 esac
3613 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3614 if test $? -ne 0 ; then
3615 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3616 if test $? -ne 0 ; then
3617 user_path=$user_path:$t_bindir
3618 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3619 fi
3620 fi
8d184c09 3621 fi ]
cb807f40 3622)
95b99395 3623if test "x$external_path_file" != "x/etc/login.conf" ; then
3466e002 3624 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
8d184c09 3625 AC_SUBST(user_path)
3626fi
cb807f40 3627
06617857 3628# Set superuser path separately to user path
06617857 3629AC_ARG_WITH(superuser-path,
3630 [ --with-superuser-path= Specify different path for super-user],
3631 [
6cf0200f 3632 if test -n "$withval" && test "x$withval" != "xno" && \
3633 test "x${withval}" != "xyes"; then
3466e002 3634 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3635 [Define if you want a different $PATH
3636 for the superuser])
06617857 3637 superuser_path=$withval
3638 fi
3639 ]
3640)
3641
3642
58d100bf 3643AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
aff51935 3644IPV4_IN6_HACK_MSG="no"
80faa19f 3645AC_ARG_WITH(4in6,
3646 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3647 [
3648 if test "x$withval" != "xno" ; then
3649 AC_MSG_RESULT(yes)
3466e002 3650 AC_DEFINE(IPV4_IN_IPV6, 1,
3651 [Detect IPv4 in IPv6 mapped addresses
3652 and treat as IPv4])
aff51935 3653 IPV4_IN6_HACK_MSG="yes"
80faa19f 3654 else
3655 AC_MSG_RESULT(no)
3656 fi
3657 ],[
3658 if test "x$inet6_default_4in6" = "xyes"; then
3659 AC_MSG_RESULT([yes (default)])
3660 AC_DEFINE(IPV4_IN_IPV6)
aff51935 3661 IPV4_IN6_HACK_MSG="yes"
80faa19f 3662 else
3663 AC_MSG_RESULT([no (default)])
3664 fi
3665 ]
3666)
3667
af774732 3668# Whether to enable BSD auth support
f1b0ecc3 3669BSD_AUTH_MSG=no
af774732 3670AC_ARG_WITH(bsd-auth,
3671 [ --with-bsd-auth Enable BSD auth support],
3672 [
82f4e93d 3673 if test "x$withval" != "xno" ; then
3466e002 3674 AC_DEFINE(BSD_AUTH, 1,
3675 [Define if you have BSD auth support])
f1b0ecc3 3676 BSD_AUTH_MSG=yes
af774732 3677 fi
3678 ]
3679)
3680
a0391976 3681# Where to place sshd.pid
19d9ac2a 3682piddir=/var/run
81dadca3 3683# make sure the directory exists
82f4e93d 3684if test ! -d $piddir ; then
81dadca3 3685 piddir=`eval echo ${sysconfdir}`
3686 case $piddir in
aff51935 3687 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
81dadca3 3688 esac
3689fi
3690
47e45e44 3691AC_ARG_WITH(pid-dir,
3692 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3693 [
6cf0200f 3694 if test -n "$withval" && test "x$withval" != "xno" && \
3695 test "x${withval}" != "xyes"; then
19d9ac2a 3696 piddir=$withval
82f4e93d 3697 if test ! -d $piddir ; then
81dadca3 3698 AC_MSG_WARN([** no $piddir directory on this system **])
3699 fi
47e45e44 3700 fi
3701 ]
3702)
b7a87eea 3703
3466e002 3704AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
19d9ac2a 3705AC_SUBST(piddir)
47e45e44 3706
1d7b9b20 3707dnl allow user to disable some login recording features
3708AC_ARG_ENABLE(lastlog,
bfd550a2 3709 [ --disable-lastlog disable use of lastlog even if detected [no]],
ddb154b3 3710 [
3711 if test "x$enableval" = "xno" ; then
3712 AC_DEFINE(DISABLE_LASTLOG)
3713 fi
3714 ]
1d7b9b20 3715)
3716AC_ARG_ENABLE(utmp,
bfd550a2 3717 [ --disable-utmp disable use of utmp even if detected [no]],
ddb154b3 3718 [
3719 if test "x$enableval" = "xno" ; then
3720 AC_DEFINE(DISABLE_UTMP)
3721 fi
3722 ]
1d7b9b20 3723)
3724AC_ARG_ENABLE(utmpx,
bfd550a2 3725 [ --disable-utmpx disable use of utmpx even if detected [no]],
ddb154b3 3726 [
3727 if test "x$enableval" = "xno" ; then
3466e002 3728 AC_DEFINE(DISABLE_UTMPX, 1,
3729 [Define if you don't want to use utmpx])
ddb154b3 3730 fi
3731 ]
1d7b9b20 3732)
3733AC_ARG_ENABLE(wtmp,
bfd550a2 3734 [ --disable-wtmp disable use of wtmp even if detected [no]],
ddb154b3 3735 [
3736 if test "x$enableval" = "xno" ; then
3737 AC_DEFINE(DISABLE_WTMP)
3738 fi
3739 ]
1d7b9b20 3740)
3741AC_ARG_ENABLE(wtmpx,
bfd550a2 3742 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
ddb154b3 3743 [
3744 if test "x$enableval" = "xno" ; then
3466e002 3745 AC_DEFINE(DISABLE_WTMPX, 1,
3746 [Define if you don't want to use wtmpx])
ddb154b3 3747 fi
3748 ]
1d7b9b20 3749)
3750AC_ARG_ENABLE(libutil,
bfd550a2 3751 [ --disable-libutil disable use of libutil (login() etc.) [no]],
ddb154b3 3752 [
3753 if test "x$enableval" = "xno" ; then
3754 AC_DEFINE(DISABLE_LOGIN)
3755 fi
3756 ]
1d7b9b20 3757)
3758AC_ARG_ENABLE(pututline,
bfd550a2 3759 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
ddb154b3 3760 [
3761 if test "x$enableval" = "xno" ; then
3466e002 3762 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3763 [Define if you don't want to use pututline()
3764 etc. to write [uw]tmp])
ddb154b3 3765 fi
3766 ]
1d7b9b20 3767)
3768AC_ARG_ENABLE(pututxline,
bfd550a2 3769 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
ddb154b3 3770 [
3771 if test "x$enableval" = "xno" ; then
3466e002 3772 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3773 [Define if you don't want to use pututxline()
3774 etc. to write [uw]tmpx])
ddb154b3 3775 fi
3776 ]
1d7b9b20 3777)
3778AC_ARG_WITH(lastlog,
bfd550a2 3779 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
8c89dd2b 3780 [
82f4e93d 3781 if test "x$withval" = "xno" ; then
8c89dd2b 3782 AC_DEFINE(DISABLE_LASTLOG)
6cf0200f 3783 elif test -n "$withval" && test "x${withval}" != "xyes"; then
8c89dd2b 3784 conf_lastlog_location=$withval
3785 fi
3786 ]
3787)
1d7b9b20 3788
3789dnl lastlog, [uw]tmpx? detection
3790dnl NOTE: set the paths in the platform section to avoid the
3791dnl need for command-line parameters
3792dnl lastlog and [uw]tmp are subject to a file search if all else fails
3793
3794dnl lastlog detection
3795dnl NOTE: the code itself will detect if lastlog is a directory
3796AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3797AC_TRY_COMPILE([
3798#include <sys/types.h>
3799#include <utmp.h>
3800#ifdef HAVE_LASTLOG_H
3801# include <lastlog.h>
3802#endif
d7c0f3d5 3803#ifdef HAVE_PATHS_H
1d7b9b20 3804# include <paths.h>
41cb4569 3805#endif
3806#ifdef HAVE_LOGIN_H
3807# include <login.h>
1d7b9b20 3808#endif
3809 ],
3810 [ char *lastlog = LASTLOG_FILE; ],
3811 [ AC_MSG_RESULT(yes) ],
d7c0f3d5 3812 [
3813 AC_MSG_RESULT(no)
3814 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3815 AC_TRY_COMPILE([
3816#include <sys/types.h>
3817#include <utmp.h>
3818#ifdef HAVE_LASTLOG_H
3819# include <lastlog.h>
3820#endif
3821#ifdef HAVE_PATHS_H
3822# include <paths.h>
3823#endif
3824 ],
3825 [ char *lastlog = _PATH_LASTLOG; ],
3826 [ AC_MSG_RESULT(yes) ],
3827 [
f282b668 3828 AC_MSG_RESULT(no)
d7c0f3d5 3829 system_lastlog_path=no
3830 ])
3831 ]
1d7b9b20 3832)
d7c0f3d5 3833
1d7b9b20 3834if test -z "$conf_lastlog_location"; then
3835 if test x"$system_lastlog_path" = x"no" ; then
3836 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
e5fe9a1f 3837 if (test -d "$f" || test -f "$f") ; then
1d7b9b20 3838 conf_lastlog_location=$f
3839 fi
3840 done
3841 if test -z "$conf_lastlog_location"; then
f8119cef 3842 AC_MSG_WARN([** Cannot find lastlog **])
3843 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
1d7b9b20 3844 fi
3845 fi
3846fi
3847
3848if test -n "$conf_lastlog_location"; then
3466e002 3849 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3850 [Define if you want to specify the path to your lastlog file])
82f4e93d 3851fi
1d7b9b20 3852
3853dnl utmp detection
3854AC_MSG_CHECKING([if your system defines UTMP_FILE])
3855AC_TRY_COMPILE([
3856#include <sys/types.h>
3857#include <utmp.h>
d7c0f3d5 3858#ifdef HAVE_PATHS_H
1d7b9b20 3859# include <paths.h>
3860#endif
3861 ],
3862 [ char *utmp = UTMP_FILE; ],
3863 [ AC_MSG_RESULT(yes) ],
3864 [ AC_MSG_RESULT(no)
3865 system_utmp_path=no ]
3866)
3867if test -z "$conf_utmp_location"; then
3868 if test x"$system_utmp_path" = x"no" ; then
3869 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3870 if test -f $f ; then
3871 conf_utmp_location=$f
3872 fi
3873 done
3874 if test -z "$conf_utmp_location"; then
3875 AC_DEFINE(DISABLE_UTMP)
3876 fi
3877 fi
3878fi
3879if test -n "$conf_utmp_location"; then
3466e002 3880 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3881 [Define if you want to specify the path to your utmp file])
82f4e93d 3882fi
1d7b9b20 3883
3884dnl wtmp detection
3885AC_MSG_CHECKING([if your system defines WTMP_FILE])
3886AC_TRY_COMPILE([
3887#include <sys/types.h>
3888#include <utmp.h>
d7c0f3d5 3889#ifdef HAVE_PATHS_H
1d7b9b20 3890# include <paths.h>
3891#endif
3892 ],
3893 [ char *wtmp = WTMP_FILE; ],
3894 [ AC_MSG_RESULT(yes) ],
3895 [ AC_MSG_RESULT(no)
3896 system_wtmp_path=no ]
3897)
3898if test -z "$conf_wtmp_location"; then
3899 if test x"$system_wtmp_path" = x"no" ; then
3900 for f in /usr/adm/wtmp /var/log/wtmp; do
3901 if test -f $f ; then
3902 conf_wtmp_location=$f
3903 fi
3904 done
3905 if test -z "$conf_wtmp_location"; then
3906 AC_DEFINE(DISABLE_WTMP)
3907 fi
3908 fi
3909fi
3910if test -n "$conf_wtmp_location"; then
3466e002 3911 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3912 [Define if you want to specify the path to your wtmp file])
82f4e93d 3913fi
1d7b9b20 3914
3915
3916dnl utmpx detection - I don't know any system so perverse as to require
3917dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3918dnl there, though.
3919AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3920AC_TRY_COMPILE([
3921#include <sys/types.h>
3922#include <utmp.h>
3923#ifdef HAVE_UTMPX_H
3924#include <utmpx.h>
3925#endif
d7c0f3d5 3926#ifdef HAVE_PATHS_H
1d7b9b20 3927# include <paths.h>
3928#endif
3929 ],
3930 [ char *utmpx = UTMPX_FILE; ],
3931 [ AC_MSG_RESULT(yes) ],
3932 [ AC_MSG_RESULT(no)
3933 system_utmpx_path=no ]
3934)
3935if test -z "$conf_utmpx_location"; then
3936 if test x"$system_utmpx_path" = x"no" ; then
3937 AC_DEFINE(DISABLE_UTMPX)
3938 fi
3939else
3466e002 3940 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3941 [Define if you want to specify the path to your utmpx file])
82f4e93d 3942fi
1d7b9b20 3943
3944dnl wtmpx detection
3945AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3946AC_TRY_COMPILE([
3947#include <sys/types.h>
3948#include <utmp.h>
3949#ifdef HAVE_UTMPX_H
3950#include <utmpx.h>
3951#endif
d7c0f3d5 3952#ifdef HAVE_PATHS_H
1d7b9b20 3953# include <paths.h>
3954#endif
3955 ],
3956 [ char *wtmpx = WTMPX_FILE; ],
3957 [ AC_MSG_RESULT(yes) ],
3958 [ AC_MSG_RESULT(no)
3959 system_wtmpx_path=no ]
3960)
3961if test -z "$conf_wtmpx_location"; then
3962 if test x"$system_wtmpx_path" = x"no" ; then
3963 AC_DEFINE(DISABLE_WTMPX)
3964 fi
3965else
3466e002 3966 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3967 [Define if you want to specify the path to your wtmpx file])
82f4e93d 3968fi
1d7b9b20 3969
b7a87eea 3970
bd499f9e 3971if test ! -z "$blibpath" ; then
68ece370 3972 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3973 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
bd499f9e 3974fi
3975
ed89c848 3976dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3977dnl Add now.
3978CFLAGS="$CFLAGS $werror_flags"
3979
3c62e7eb 3980AC_EXEEXT
29eadd7c 3981AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3982 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3983 scard/Makefile ssh_prng_cmds survey.sh])
98a7c37b 3984AC_OUTPUT
d3083fbd 3985
cbd7492e 3986# Print summary of options
3987
cbd7492e 3988# Someone please show me a better way :)
3989A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3990B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3991C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3992D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
f5665f6f 3993E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
e0c4d3ac 3994F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
cbd7492e 3995G=`eval echo ${piddir}` ; G=`eval echo ${G}`
ecac8ee5 3996H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3997I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3998J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
cbd7492e 3999
4000echo ""
26de7942 4001echo "OpenSSH has been configured with the following options:"
ecac8ee5 4002echo " User binaries: $B"
4003echo " System binaries: $C"
4004echo " Configuration files: $D"
4005echo " Askpass program: $E"
4006echo " Manual pages: $F"
4007echo " PID file: $G"
4008echo " Privilege separation chroot path: $H"
95b99395 4009if test "x$external_path_file" = "x/etc/login.conf" ; then
4010echo " At runtime, sshd will use the path defined in $external_path_file"
4011echo " Make sure the path to scp is present, otherwise scp will not work"
8d184c09 4012else
ecac8ee5 4013echo " sshd default user PATH: $I"
89bbd457 4014 if test ! -z "$external_path_file"; then
95b99395 4015echo " (If PATH is set in $external_path_file it will be used instead. If"
4016echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4017 fi
8d184c09 4018fi
06617857 4019if test ! -z "$superuser_path" ; then
ecac8ee5 4020echo " sshd superuser user PATH: $J"
4021fi
4022echo " Manpage format: $MANTYPE"
3e05e934 4023echo " PAM support: $PAM_MSG"
5b84789f 4024echo " OSF SIA support: $SIA_MSG"
ecac8ee5 4025echo " KerberosV support: $KRB5_MSG"
ef4d1846 4026echo " SELinux support: $SELINUX_MSG"
ecac8ee5 4027echo " Smartcard support: $SCARD_MSG"
ecac8ee5 4028echo " S/KEY support: $SKEY_MSG"
4029echo " TCP Wrappers support: $TCPW_MSG"
4030echo " MD5 password support: $MD5_MSG"
59031773 4031echo " libedit support: $LIBEDIT_MSG"
5b84789f 4032echo " Solaris process contract support: $SPC_MSG"
3deb1408 4033echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
ecac8ee5 4034echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4035echo " BSD Auth support: $BSD_AUTH_MSG"
4036echo " Random number source: $RAND_MSG"
f1b0ecc3 4037if test ! -z "$USE_RAND_HELPER" ; then
ecac8ee5 4038echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
af774732 4039fi
4040
cbd7492e 4041echo ""
4042
0c2fb82f 4043echo " Host: ${host}"
4044echo " Compiler: ${CC}"
4045echo " Compiler flags: ${CFLAGS}"
4046echo "Preprocessor flags: ${CPPFLAGS}"
4047echo " Linker flags: ${LDFLAGS}"
e54defb4 4048echo " Libraries: ${LIBS}"
4049if test ! -z "${SSHDLIBS}"; then
4050echo " +for sshd: ${SSHDLIBS}"
4051fi
cbd7492e 4052
4053echo ""
4054
9cefe228 4055if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
b3146b5f 4056 echo "SVR4 style packages are supported with \"make package\""
4057 echo ""
9cefe228 4058fi
4059
adeebd37 4060if test "x$PAM_MSG" = "xyes" ; then
f1b0ecc3 4061 echo "PAM is enabled. You may need to install a PAM control file "
4062 echo "for sshd, otherwise password authentication may fail. "
aff51935 4063 echo "Example PAM control files can be found in the contrib/ "
f1b0ecc3 4064 echo "subdirectory"
adeebd37 4065 echo ""
4066fi
4067
f1b0ecc3 4068if test ! -z "$RAND_HELPER_CMDHASH" ; then
4069 echo "WARNING: you are using the builtin random number collection "
4070 echo "service. Please read WARNING.RNG and request that your OS "
4071 echo "vendor includes kernel-based random number collection in "
4072 echo "future versions of your OS."
2c523de9 4073 echo ""
4074fi
af774732 4075
2f6f9cff 4076if test ! -z "$NO_PEERCHECK" ; then
1961d660 4077 echo "WARNING: the operating system that you are using does not"
4078 echo "appear to support getpeereid(), getpeerucred() or the"
4079 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4080 echo "enforce security checks to prevent unauthorised connections to"
4081 echo "ssh-agent. Their absence increases the risk that a malicious"
4082 echo "user can connect to your agent."
2f6f9cff 4083 echo ""
4084fi
4085
7b578f7d 4086if test "$AUDIT_MODULE" = "bsm" ; then
4087 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4088 echo "See the Solaris section in README.platform for details."
4089fi
git-cvsimport mirror of OpenSSH
This page took 1.082237 seconds and 5 git commands to generate.