]> andersk Git - openssh.git/blame - configure.ac
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (dtucker) [INSTALL] Add info about audit support.
[openssh.git] / configure.ac
CommitLineData
eb5d7ff6 1# $Id$
2b983b95 2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
0b202697 16
76e6410a 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
823221b2 18AC_REVISION($Revision$)
98a7c37b 19AC_CONFIG_SRCDIR([ssh.c])
5881cd60 20
21AC_CONFIG_HEADER(config.h)
b14b2ae7 22AC_PROG_CC
a7effaac 23AC_CANONICAL_HOST
cf0c5df5 24AC_C_BIGENDIAN
5881cd60 25
a0391976 26# Checks for programs.
4bbf95fa 27AC_PROG_AWK
4cca272e 28AC_PROG_CPP
5881cd60 29AC_PROG_RANLIB
cf8dd513 30AC_PROG_INSTALL
c9ecc3c7 31AC_PROG_EGREP
bee0a37e 32AC_PATH_PROG(AR, ar)
ddd8c95b 33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
13dd877b 35AC_PATH_PROGS(PERL, perl5 perl)
c3690df3 36AC_PATH_PROG(SED, sed)
a0f84251 37AC_SUBST(PERL)
ad85db64 38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
6958bd37 40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
6193497b 43AC_PATH_PROG(SH, sh)
a3245b92 44AC_SUBST(TEST_SHELL,sh)
f498ed15 45
9cefe228 46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
eeb27c78 52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
9cefe228 57
948fd8b9 58# System features
59AC_SYS_LARGEFILE
60
c193d002 61if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
2e73a022 65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
3466e002 67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
2e73a022 70else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76fi
77
37656beb 78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
3466e002 80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
37656beb 82fi
83
d423d822 84if test -z "$LD" ; then
85 LD=$CC
86fi
87AC_SUBST(LD)
82f4e93d 88
d423d822 89AC_C_INLINE
dfafb2e1 90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
aff51935 93if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
af40ca44 94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
eeee8237 95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
5fdabf45 96 case $GCC_VER in
97 1.*) ;;
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99 2.*) ;;
dbf07ba2 100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
cd595991 101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
102 *) ;;
5fdabf45 103 esac
8a3ff1aa 104
dfafb2e1 105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
111 [have_llong_max=1],
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
114 )
115 fi
d423d822 116fi
117
e6354014 118AC_ARG_WITH(rpath,
119 [ --without-rpath Disable auto-added -R linker paths],
120 [
82f4e93d 121 if test "x$withval" = "xno" ; then
e6354014 122 need_dash_r=""
123 fi
124 if test "x$withval" = "xyes" ; then
125 need_dash_r=1
126 fi
127 ]
128)
129
5b84789f 130# Messages for features tested for in target-specific section
131SIA_MSG="no"
132SPC_MSG="no"
133
a0391976 134# Check for some target-specific stuff
a7effaac 135case "$host" in
9d6b1b96 136*-*-aix*)
aff51935 137 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
68ece370 138 if (test -z "$blibpath"); then
0a15d73b 139 blibpath="/usr/lib:/lib"
68ece370 140 fi
141 saved_LDFLAGS="$LDFLAGS"
e7479666 142 if test "$GCC" = "yes"; then
143 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
144 else
145 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
146 fi
147 for tryflags in $flags ;do
68ece370 148 if (test -z "$blibflags"); then
149 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
150 AC_TRY_LINK([], [], [blibflags=$tryflags])
151 fi
152 done
153 if (test -z "$blibflags"); then
154 AC_MSG_RESULT(not found)
155 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
156 else
157 AC_MSG_RESULT($blibflags)
bd499f9e 158 fi
68ece370 159 LDFLAGS="$saved_LDFLAGS"
e351e493 160 dnl Check for authenticate. Might be in libs.a on older AIXes
3466e002 161 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
162 [Define if you want to enable AIX4's authenticate function])],
0764e748 163 [AC_CHECK_LIB(s,authenticate,
e351e493 164 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
0764e748 165 LIBS="$LIBS -ls"
166 ])
167 ])
ba603e06 168 dnl Check for various auth function declarations in headers.
c85ed8e2 169 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
72ad335d 170 passwdexpired, setauthdb], , , [#include <usersec.h>])
e351e493 171 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
ba603e06 172 AC_CHECK_DECLS(loginfailed,
e351e493 173 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
174 AC_TRY_COMPILE(
f58c0e01 175 [#include <usersec.h>],
e351e493 176 [(void)loginfailed("user","host","tty",0);],
177 [AC_MSG_RESULT(yes)
3466e002 178 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
179 [Define if your AIX loginfailed() function
180 takes 4 arguments (AIX >= 5.2)])],
f58c0e01 181 [AC_MSG_RESULT(no)]
e351e493 182 )],
183 [],
184 [#include <usersec.h>]
185 )
2aa3a16c 186 AC_CHECK_FUNCS(setauthdb)
53c337ed 187 AC_CHECK_DECL(F_CLOSEM,
795e7517 188 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
53c337ed 189 [],
190 [ #include <limits.h>
191 #include <fcntl.h> ]
192 )
5ccf88cb 193 check_for_aix_broken_getaddrinfo=1
3466e002 194 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
195 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
196 [Define if your platform breaks doing a seteuid before a setuid])
197 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
198 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
a3cef3ca 199 dnl AIX handles lastlog as part of its login message
3466e002 200 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
201 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
202 [Some systems need a utmpx entry for /bin/login to work])
203 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
204 [Define to a Set Process Title type if your system is
205 supported by bsd-setproctitle.c])
961c2997 206 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
207 [AIX 5.2 and 5.3 (and presumably newer) require this])
ea8c44d9 208 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
9d6b1b96 209 ;;
3c62e7eb 210*-*-cygwin*)
a52997bd 211 check_for_libcrypt_later=1
ffb8d130 212 LIBS="$LIBS /usr/lib/textmode.o"
3466e002 213 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
214 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
215 AC_DEFINE(DISABLE_SHADOW, 1,
216 [Define if you want to disable shadow passwords])
217 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
218 [Define if your system choked on IP TOS setting])
219 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
220 [Define if X11 doesn't support AF_UNIX sockets on that system])
221 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
222 [Define if the concept of ports only accessible to
223 superusers isn't known])
224 AC_DEFINE(DISABLE_FD_PASSING, 1,
225 [Define if your platform needs to skip post auth
226 file descriptor passing])
3c62e7eb 227 ;;
d6fdb079 228*-*-dgux*)
229 AC_DEFINE(IP_TOS_IS_BROKEN)
0c6a72a5 230 AC_DEFINE(SETEUID_BREAKS_SETUID)
231 AC_DEFINE(BROKEN_SETREUID)
232 AC_DEFINE(BROKEN_SETREGID)
d6fdb079 233 ;;
39c98ef7 234*-*-darwin*)
33e2e066 235 AC_MSG_CHECKING(if we have working getaddrinfo)
236 AC_TRY_RUN([#include <mach-o/dyld.h>
237main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
238 exit(0);
239 else
240 exit(1);
241}], [AC_MSG_RESULT(working)],
242 [AC_MSG_RESULT(buggy)
3466e002 243 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
b27e573d 244 [AC_MSG_RESULT(assume it is working)])
635e0c42 245 AC_DEFINE(SETEUID_BREAKS_SETUID)
246 AC_DEFINE(BROKEN_SETREUID)
247 AC_DEFINE(BROKEN_SETREGID)
3466e002 248 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
249 [Define if your resolver libs need this for getrrsetbyname])
e02505e2 250 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
251 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
252 [Use tunnel device compatibility to OpenBSD])
253 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
254 [Prepend the address family to IP tunnel traffic])
39c98ef7 255 ;;
36f36ba3 256*-*-dragonfly*)
257 SSHDLIBS="$SSHDLIBS -lcrypt"
258 ;;
7d458c86 259*-*-hpux*)
260 # first we define all of the options common to all HP-UX releases
b8fea62d 261 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
44839801 262 IPADDR_IN_DISPLAY=yes
2b10f47a 263 AC_DEFINE(USE_PIPES)
3466e002 264 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
265 [Define if your login program cannot handle end of options ("--")])
a2572aa7 266 AC_DEFINE(LOGIN_NEEDS_UTMPX)
3466e002 267 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
268 [String used in /etc/passwd to denote locked account])
3a2b2b44 269 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
83f987c3 270 MAIL="/var/mail/username"
f75ca46d 271 LIBS="$LIBS -lsec"
7d458c86 272 AC_CHECK_LIB(xnet, t_error, ,
273 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
274
275 # next, we define all of the options specific to major releases
276 case "$host" in
277 *-*-hpux10*)
278 if test -z "$GCC"; then
279 CFLAGS="$CFLAGS -Ae"
280 fi
281 ;;
282 *-*-hpux11*)
3466e002 283 AC_DEFINE(PAM_SUN_CODEBASE, 1,
284 [Define if you are using Solaris-derived PAM which
285 passes pam_messages to the conversation function
286 with an extra level of indirection])
287 AC_DEFINE(DISABLE_UTMP, 1,
288 [Define if you don't want to use utmp])
7d458c86 289 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
290 check_for_hpux_broken_getaddrinfo=1
291 check_for_conflicting_getspnam=1
292 ;;
293 esac
294
295 # lastly, we define options specific to minor releases
296 case "$host" in
297 *-*-hpux10.26)
3466e002 298 AC_DEFINE(HAVE_SECUREWARE, 1,
299 [Define if you have SecureWare-based
300 protected password database])
7d458c86 301 disable_ptmx_check=yes
302 LIBS="$LIBS -lsecpw"
303 ;;
304 esac
2b763e31 305 ;;
d94aa2ae 306*-*-irix5*)
6ac7829a 307 PATH="$PATH:/usr/etc"
3466e002 308 AC_DEFINE(BROKEN_INET_NTOA, 1,
309 [Define if you system's inet_ntoa is busted
310 (e.g. Irix gcc issue)])
cb433561 311 AC_DEFINE(SETEUID_BREAKS_SETUID)
312 AC_DEFINE(BROKEN_SETREUID)
313 AC_DEFINE(BROKEN_SETREGID)
3466e002 314 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
315 [Define if you shouldn't strip 'tty' from your
316 ttyname in [uw]tmp])
3e6e3da0 317 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
b9795b89 318 ;;
319*-*-irix6*)
6ac7829a 320 PATH="$PATH:/usr/etc"
3466e002 321 AC_DEFINE(WITH_IRIX_ARRAY, 1,
322 [Define if you have/want arrays
323 (cluster-wide session managment, not C arrays)])
324 AC_DEFINE(WITH_IRIX_PROJECT, 1,
325 [Define if you want IRIX project management])
326 AC_DEFINE(WITH_IRIX_AUDIT, 1,
327 [Define if you want IRIX audit trails])
328 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
329 [Define if you want IRIX kernel jobs])])
416ed5a7 330 AC_DEFINE(BROKEN_INET_NTOA)
412c0eaa 331 AC_DEFINE(SETEUID_BREAKS_SETUID)
332 AC_DEFINE(BROKEN_SETREUID)
333 AC_DEFINE(BROKEN_SETREGID)
3466e002 334 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
0e8f4eba 335 AC_DEFINE(WITH_ABBREV_NO_TTY)
3e6e3da0 336 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
d94aa2ae 337 ;;
5cdfe03f 338*-*-linux*)
339 no_dev_ptmx=1
717057b6 340 check_for_libcrypt_later=1
eacb954e 341 check_for_openpty_ctty_bug=1
3466e002 342 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
343 AC_DEFINE(PAM_TTY_KLUDGE, 1,
344 [Work around problematic Linux PAM modules handling of PAM_TTY])
345 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
346 [String used in /etc/passwd to denote locked account])
3a2b2b44 347 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
3466e002 348 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
349 [Define to whatever link() returns for "not supported"
350 if it doesn't return EOPNOTSUPP.])
b6610e8f 351 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
3466e002 352 AC_DEFINE(USE_BTMP)
80faa19f 353 inet6_default_4in6=yes
bf7c1e6c 354 case `uname -r` in
ad84c479 355 1.*|2.0.*)
3466e002 356 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
357 [Define if cmsg_type is not passed correctly])
bf7c1e6c 358 ;;
bf7c1e6c 359 esac
c40f09ca 360 # tun(4) forwarding compat code
d91775e1 361 AC_CHECK_HEADERS(linux/if_tun.h)
b5081213 362 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
c40f09ca 363 AC_DEFINE(SSH_TUN_LINUX, 1,
364 [Open tunnel devices the Linux tun/tap way])
365 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
366 [Use tunnel device compatibility to OpenBSD])
367 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
368 [Prepend the address family to IP tunnel traffic])
369 fi
5cdfe03f 370 ;;
66d6c27e 371mips-sony-bsd|mips-sony-newsos4)
4b2cf3f1 372 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
66d6c27e 373 SONY=1
66d6c27e 374 ;;
d468fc76 375*-*-netbsd*)
33e2e066 376 check_for_libcrypt_before=1
82f4e93d 377 if test "x$withval" != "xno" ; then
e6354014 378 need_dash_r=1
379 fi
0f6cb079 380 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
381 AC_CHECK_HEADER([net/if_tap.h], ,
382 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
383 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
384 [Prepend the address family to IP tunnel traffic])
d468fc76 385 ;;
86b416a7 386*-*-freebsd*)
387 check_for_libcrypt_later=1
988c5031 388 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
0f6cb079 389 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
390 AC_CHECK_HEADER([net/if_tap.h], ,
391 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
86b416a7 392 ;;
8707b7eb 393*-*-bsdi*)
394 AC_DEFINE(SETEUID_BREAKS_SETUID)
395 AC_DEFINE(BROKEN_SETREUID)
396 AC_DEFINE(BROKEN_SETREGID)
397 ;;
729bfe59 398*-next-*)
729bfe59 399 conf_lastlog_location="/usr/adm/lastlog"
698d107e 400 conf_utmp_location=/etc/utmp
401 conf_wtmp_location=/usr/adm/wtmp
402 MAIL=/usr/spool/mail
3466e002 403 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
443172c4 404 AC_DEFINE(BROKEN_REALPATH)
00937921 405 AC_DEFINE(USE_PIPES)
3466e002 406 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
729bfe59 407 ;;
5b7b5e23 408*-*-openbsd*)
409 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
8034a348 410 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
0f6cb079 411 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
c79c4814 412 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
413 [syslog_r function is safe to use in in a signal handler])
5b7b5e23 414 ;;
9d6b1b96 415*-*-solaris*)
82f4e93d 416 if test "x$withval" != "xno" ; then
010e9d5b 417 need_dash_r=1
418 fi
adeebd37 419 AC_DEFINE(PAM_SUN_CODEBASE)
7e2d5fa4 420 AC_DEFINE(LOGIN_NEEDS_UTMPX)
3466e002 421 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
422 [Some versions of /bin/login need the TERM supplied
423 on the commandline])
7f0a4ff1 424 AC_DEFINE(PAM_TTY_KLUDGE)
3466e002 425 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
426 [Define if pam_chauthtok wants real uid set
427 to the unpriv'ed user])
3e6e3da0 428 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
ad84c479 429 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
3466e002 430 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
431 [Define if sshd somehow reacquires a controlling TTY
432 after setsid()])
795aa5f5 433 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
434 in case the name is longer than 8 chars])
95b99395 435 external_path_file=/etc/default/login
1d7b9b20 436 # hardwire lastlog location (can't detect it on some versions)
437 conf_lastlog_location="/var/adm/lastlog"
32c80420 438 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
439 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
440 if test "$sol2ver" -ge 8; then
441 AC_MSG_RESULT(yes)
442 AC_DEFINE(DISABLE_UTMP)
3466e002 443 AC_DEFINE(DISABLE_WTMP, 1,
444 [Define if you don't want to use wtmp])
32c80420 445 else
446 AC_MSG_RESULT(no)
447 fi
5b84789f 448 AC_ARG_WITH(solaris-contracts,
449 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
450 [
451 AC_CHECK_LIB(contract, ct_tmpl_activate,
452 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
453 [Define if you have Solaris process contracts])
454 SSHDLIBS="$SSHDLIBS -lcontract"
455 AC_SUBST(SSHDLIBS)
456 SPC_MSG="yes" ], )
457 ],
458 )
9d6b1b96 459 ;;
a423beaf 460*-*-sunos4*)
0c2fb82f 461 CPPFLAGS="$CPPFLAGS -DSUNOS4"
a423beaf 462 AC_CHECK_FUNCS(getpwanam)
adeebd37 463 AC_DEFINE(PAM_SUN_CODEBASE)
32eec038 464 conf_utmp_location=/etc/utmp
465 conf_wtmp_location=/var/adm/wtmp
466 conf_lastlog_location=/var/adm/lastlog
137d7b6c 467 AC_DEFINE(USE_PIPES)
a423beaf 468 ;;
6f68f28a 469*-ncr-sysv*)
98a7c37b 470 LIBS="$LIBS -lc89"
29525240 471 AC_DEFINE(USE_PIPES)
eabb99c6 472 AC_DEFINE(SSHD_ACQUIRES_CTTY)
6fb3618d 473 AC_DEFINE(SETEUID_BREAKS_SETUID)
474 AC_DEFINE(BROKEN_SETREUID)
475 AC_DEFINE(BROKEN_SETREGID)
6f68f28a 476 ;;
132dd316 477*-sni-sysv*)
c8c15bcb 478 # /usr/ucblib MUST NOT be searched on ReliantUNIX
e2798e96 479 AC_CHECK_LIB(dl, dlsym, ,)
d08db6d1 480 # -lresolv needs to be at the end of LIBS or DNS lookups break
481 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
9548d6c8 482 IPADDR_IN_DISPLAY=yes
483 AC_DEFINE(USE_PIPES)
132dd316 484 AC_DEFINE(IP_TOS_IS_BROKEN)
605369bb 485 AC_DEFINE(SETEUID_BREAKS_SETUID)
486 AC_DEFINE(BROKEN_SETREUID)
487 AC_DEFINE(BROKEN_SETREGID)
eabb99c6 488 AC_DEFINE(SSHD_ACQUIRES_CTTY)
95b99395 489 external_path_file=/etc/default/login
c8c15bcb 490 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
491 # Attention: always take care to bind libsocket and libnsl before libc,
492 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
132dd316 493 ;;
79a7ba96 494# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
77bb0bca 495*-*-sysv4.2*)
9a406e1e 496 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
ed6553e2 497 AC_DEFINE(USE_PIPES)
7ed101c0 498 AC_DEFINE(SETEUID_BREAKS_SETUID)
499 AC_DEFINE(BROKEN_SETREUID)
500 AC_DEFINE(BROKEN_SETREGID)
46f853b9 501 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
e45da4d6 502 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
77bb0bca 503 ;;
79a7ba96 504# UnixWare 7.x, OpenUNIX 8
77bb0bca 505*-*-sysv5*)
d7d2cc6e 506 check_for_libcrypt_later=1
507 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
ed6553e2 508 AC_DEFINE(USE_PIPES)
7ed101c0 509 AC_DEFINE(SETEUID_BREAKS_SETUID)
510 AC_DEFINE(BROKEN_SETREUID)
511 AC_DEFINE(BROKEN_SETREGID)
3466e002 512 AC_DEFINE(PASSWD_NEEDS_USERNAME)
822015dd 513 case "$host" in
514 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
515 TEST_SHELL=/u95/bin/sh
3466e002 516 AC_DEFINE(BROKEN_LIBIAF, 1,
517 [ia_uinfo routines not supported by OS yet])
5cc6ddad 518 AC_DEFINE(BROKEN_UPDWTMPX)
822015dd 519 ;;
e45da4d6 520 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
521 ;;
822015dd 522 esac
77bb0bca 523 ;;
9d6b1b96 524*-*-sysv*)
9d6b1b96 525 ;;
79a7ba96 526# SCO UNIX and OEM versions of SCO UNIX
77bb0bca 527*-*-sco3.2v4*)
11cf4f1f 528 AC_MSG_ERROR("This Platform is no longer supported.")
77bb0bca 529 ;;
79a7ba96 530# SCO OpenServer 5.x
77bb0bca 531*-*-sco3.2v5*)
21710e39 532 if test -z "$GCC"; then
533 CFLAGS="$CFLAGS -belf"
534 fi
ed6553e2 535 LIBS="$LIBS -lprot -lx -ltinfo -lm"
509b1f88 536 no_dev_ptmx=1
ed6553e2 537 AC_DEFINE(USE_PIPES)
6e879cb4 538 AC_DEFINE(HAVE_SECUREWARE)
d287c664 539 AC_DEFINE(DISABLE_SHADOW)
94d8258b 540 AC_DEFINE(DISABLE_FD_PASSING)
7ed101c0 541 AC_DEFINE(SETEUID_BREAKS_SETUID)
542 AC_DEFINE(BROKEN_SETREUID)
543 AC_DEFINE(BROKEN_SETREGID)
bcebad47 544 AC_DEFINE(WITH_ABBREV_NO_TTY)
34f2baf0 545 AC_DEFINE(BROKEN_UPDWTMPX)
3466e002 546 AC_DEFINE(PASSWD_NEEDS_USERNAME)
aca75d94 547 AC_CHECK_FUNCS(getluid setluid)
533875af 548 MANTYPE=man
a3245b92 549 TEST_SHELL=ksh
509b1f88 550 ;;
ccbb983c 551*-*-unicosmk*)
3466e002 552 AC_DEFINE(NO_SSH_LASTLOG, 1,
553 [Define if you don't want to use lastlog in session.c])
c1ad5966 554 AC_DEFINE(SETEUID_BREAKS_SETUID)
555 AC_DEFINE(BROKEN_SETREUID)
556 AC_DEFINE(BROKEN_SETREGID)
ccbb983c 557 AC_DEFINE(USE_PIPES)
558 AC_DEFINE(DISABLE_FD_PASSING)
559 LDFLAGS="$LDFLAGS"
560 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
561 MANTYPE=cat
d262b7f2 562 ;;
7b9a8c6e 563*-*-unicosmp*)
c1ad5966 564 AC_DEFINE(SETEUID_BREAKS_SETUID)
565 AC_DEFINE(BROKEN_SETREUID)
566 AC_DEFINE(BROKEN_SETREGID)
7b9a8c6e 567 AC_DEFINE(WITH_ABBREV_NO_TTY)
568 AC_DEFINE(USE_PIPES)
569 AC_DEFINE(DISABLE_FD_PASSING)
570 LDFLAGS="$LDFLAGS"
c1ad5966 571 LIBS="$LIBS -lgen -lacid -ldb"
7b9a8c6e 572 MANTYPE=cat
573 ;;
ca5c7d6a 574*-*-unicos*)
c1ad5966 575 AC_DEFINE(SETEUID_BREAKS_SETUID)
576 AC_DEFINE(BROKEN_SETREUID)
577 AC_DEFINE(BROKEN_SETREGID)
ca5c7d6a 578 AC_DEFINE(USE_PIPES)
94d8258b 579 AC_DEFINE(DISABLE_FD_PASSING)
ef51930f 580 AC_DEFINE(NO_SSH_LASTLOG)
ccbb983c 581 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
582 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
583 MANTYPE=cat
a704dd54 584 ;;
4d33e531 585*-dec-osf*)
99c8ddac 586 AC_MSG_CHECKING(for Digital Unix SIA)
587 no_osfsia=""
588 AC_ARG_WITH(osfsia,
589 [ --with-osfsia Enable Digital Unix SIA],
590 [
591 if test "x$withval" = "xno" ; then
592 AC_MSG_RESULT(disabled)
593 no_osfsia=1
594 fi
595 ],
596 )
597 if test -z "$no_osfsia" ; then
4d33e531 598 if test -f /etc/sia/matrix.conf; then
599 AC_MSG_RESULT(yes)
3466e002 600 AC_DEFINE(HAVE_OSF_SIA, 1,
601 [Define if you have Digital Unix Security
602 Integration Architecture])
603 AC_DEFINE(DISABLE_LOGIN, 1,
604 [Define if you don't want to use your
605 system's login() call])
58d0df4e 606 AC_DEFINE(DISABLE_FD_PASSING)
4d33e531 607 LIBS="$LIBS -lsecurity -ldb -lm -laud"
5b84789f 608 SIA_MSG="yes"
4d33e531 609 else
610 AC_MSG_RESULT(no)
3466e002 611 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
612 [String used in /etc/passwd to denote locked account])
4d33e531 613 fi
614 fi
a6e67b60 615 AC_DEFINE(BROKEN_GETADDRINFO)
f4f2ff4f 616 AC_DEFINE(SETEUID_BREAKS_SETUID)
08da2d08 617 AC_DEFINE(BROKEN_SETREUID)
618 AC_DEFINE(BROKEN_SETREGID)
4d33e531 619 ;;
41cb4569 620
9c54c067 621*-*-nto-qnx*)
41cb4569 622 AC_DEFINE(USE_PIPES)
623 AC_DEFINE(NO_X11_UNIX_SOCKETS)
3466e002 624 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
625 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
626 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
9c54c067 627 AC_DEFINE(DISABLE_LASTLOG)
49c64dd6 628 AC_DEFINE(SSHD_ACQUIRES_CTTY)
0c7e8877 629 enable_etc_default_login=no # has incompatible /etc/default/login
41cb4569 630 ;;
35fc74ed 631
632*-*-ultrix*)
3466e002 633 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
634 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
4b2cf3f1 635 AC_DEFINE(NEED_SETPGRP)
b5765e1d 636 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
637 ;;
157b6700 638
639*-*-lynxos)
640 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
3466e002 641 AC_DEFINE(MISSING_HOWMANY)
157b6700 642 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
643 ;;
a7effaac 644esac
645
8e7b16f8 646# Allow user to specify flags
647AC_ARG_WITH(cflags,
648 [ --with-cflags Specify additional flags to pass to compiler],
649 [
6cf0200f 650 if test -n "$withval" && test "x$withval" != "xno" && \
651 test "x${withval}" != "xyes"; then
8e7b16f8 652 CFLAGS="$CFLAGS $withval"
653 fi
82f4e93d 654 ]
8e7b16f8 655)
0c2fb82f 656AC_ARG_WITH(cppflags,
657 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
658 [
6cf0200f 659 if test -n "$withval" && test "x$withval" != "xno" && \
660 test "x${withval}" != "xyes"; then
0c2fb82f 661 CPPFLAGS="$CPPFLAGS $withval"
662 fi
663 ]
664)
8e7b16f8 665AC_ARG_WITH(ldflags,
97b378bf 666 [ --with-ldflags Specify additional flags to pass to linker],
8e7b16f8 667 [
6cf0200f 668 if test -n "$withval" && test "x$withval" != "xno" && \
669 test "x${withval}" != "xyes"; then
8e7b16f8 670 LDFLAGS="$LDFLAGS $withval"
671 fi
82f4e93d 672 ]
8e7b16f8 673)
674AC_ARG_WITH(libs,
675 [ --with-libs Specify additional libraries to link with],
676 [
6cf0200f 677 if test -n "$withval" && test "x$withval" != "xno" && \
678 test "x${withval}" != "xyes"; then
8e7b16f8 679 LIBS="$LIBS $withval"
680 fi
82f4e93d 681 ]
8e7b16f8 682)
ed89c848 683AC_ARG_WITH(Werror,
684 [ --with-Werror Build main code with -Werror],
685 [
686 if test -n "$withval" && test "x$withval" != "xno"; then
687 werror_flags="-Werror"
1012885d 688 if test "x${withval}" != "xyes"; then
ed89c848 689 werror_flags="$withval"
690 fi
691 fi
692 ]
693)
8e7b16f8 694
c5829391 695AC_MSG_CHECKING(compiler and flags for sanity)
479cece8 696AC_RUN_IFELSE(
697 [AC_LANG_SOURCE([
c5829391 698#include <stdio.h>
699int main(){exit(0);}
479cece8 700 ])],
c5829391 701 [ AC_MSG_RESULT(yes) ],
702 [
703 AC_MSG_RESULT(no)
704 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1a01a50c 705 ],
706 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
c5829391 707)
708
b04a9f8c 709dnl Checks for header files.
710AC_CHECK_HEADERS( \
711 bstring.h \
712 crypt.h \
2f360c89 713 crypto/sha2.h \
b04a9f8c 714 dirent.h \
715 endian.h \
716 features.h \
37259a8e 717 fcntl.h \
b04a9f8c 718 floatingpoint.h \
719 getopt.h \
720 glob.h \
721 ia.h \
4c653d8e 722 iaf.h \
b04a9f8c 723 limits.h \
724 login.h \
b04a9f8c 725 maillock.h \
726 ndir.h \
e02505e2 727 net/if_tun.h \
b04a9f8c 728 netdb.h \
729 netgroup.h \
b04a9f8c 730 pam/pam_appl.h \
731 paths.h \
732 pty.h \
733 readpassphrase.h \
734 rpc/types.h \
735 security/pam_appl.h \
f73e2ad7 736 sha2.h \
b04a9f8c 737 shadow.h \
738 stddef.h \
739 stdint.h \
0957c2cf 740 string.h \
b04a9f8c 741 strings.h \
742 sys/audit.h \
743 sys/bitypes.h \
744 sys/bsdtty.h \
745 sys/cdefs.h \
746 sys/dir.h \
747 sys/mman.h \
748 sys/ndir.h \
749 sys/prctl.h \
750 sys/pstat.h \
751 sys/select.h \
752 sys/stat.h \
753 sys/stream.h \
754 sys/stropts.h \
755 sys/strtio.h \
756 sys/sysmacros.h \
757 sys/time.h \
758 sys/timers.h \
759 sys/un.h \
760 time.h \
761 tmpdir.h \
762 ttyent.h \
25dd2ce6 763 unistd.h \
b04a9f8c 764 usersec.h \
765 util.h \
766 utime.h \
767 utmp.h \
768 utmpx.h \
ea76f54c 769 vis.h \
b04a9f8c 770)
ddceb1c8 771
823221b2 772# lastlog.h requires sys/time.h to be included first on Solaris
773AC_CHECK_HEADERS(lastlog.h, [], [], [
774#ifdef HAVE_SYS_TIME_H
775# include <sys/time.h>
776#endif
777])
778
765a24cd 779# sys/ptms.h requires sys/stream.h to be included first on Solaris
780AC_CHECK_HEADERS(sys/ptms.h, [], [], [
781#ifdef HAVE_SYS_STREAM_H
782# include <sys/stream.h>
783#endif
784])
785
3919d576 786# login_cap.h requires sys/types.h on NetBSD
787AC_CHECK_HEADERS(login_cap.h, [], [], [
788#include <sys/types.h>
789])
790
a0391976 791# Checks for libraries.
98a7c37b 792AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
793AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
2c523de9 794
446227d6 795dnl IRIX and Solaris 2.5.1 have dirname() in libgen
796AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
797 AC_CHECK_LIB(gen, dirname,[
798 AC_CACHE_CHECK([for broken dirname],
799 ac_cv_have_broken_dirname, [
800 save_LIBS="$LIBS"
801 LIBS="$LIBS -lgen"
b0e7249f 802 AC_RUN_IFELSE(
803 [AC_LANG_SOURCE([[
446227d6 804#include <libgen.h>
805#include <string.h>
806
807int main(int argc, char **argv) {
808 char *s, buf[32];
809
810 strncpy(buf,"/etc", 32);
811 s = dirname(buf);
812 if (!s || strncmp(s, "/", 32) != 0) {
813 exit(1);
814 } else {
815 exit(0);
816 }
817}
b0e7249f 818 ]])],
819 [ ac_cv_have_broken_dirname="no" ],
820 [ ac_cv_have_broken_dirname="yes" ],
446227d6 821 [ ac_cv_have_broken_dirname="no" ],
446227d6 822 )
823 LIBS="$save_LIBS"
824 ])
825 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
826 LIBS="$LIBS -lgen"
827 AC_DEFINE(HAVE_DIRNAME)
828 AC_CHECK_HEADERS(libgen.h)
829 fi
830 ])
831])
832
833AC_CHECK_FUNC(getspnam, ,
834 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
3466e002 835AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
836 [Define if you have the basename function.]))
446227d6 837
98a7c37b 838dnl zlib is required
839AC_ARG_WITH(zlib,
840 [ --with-zlib=PATH Use zlib in PATH],
6dd05556 841 [ if test "x$withval" = "xno" ; then
842 AC_MSG_ERROR([*** zlib is required ***])
843 elif test "x$withval" != "xyes"; then
98a7c37b 844 if test -d "$withval/lib"; then
845 if test -n "${need_dash_r}"; then
5a162955 846 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
98a7c37b 847 else
5a162955 848 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
98a7c37b 849 fi
850 else
851 if test -n "${need_dash_r}"; then
5a162955 852 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
98a7c37b 853 else
5a162955 854 LDFLAGS="-L${withval} ${LDFLAGS}"
98a7c37b 855 fi
856 fi
857 if test -d "$withval/include"; then
5a162955 858 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
98a7c37b 859 else
5a162955 860 CPPFLAGS="-I${withval} ${CPPFLAGS}"
98a7c37b 861 fi
6dd05556 862 fi ]
98a7c37b 863)
864
0a15d73b 865AC_CHECK_LIB(z, deflate, ,
866 [
867 saved_CPPFLAGS="$CPPFLAGS"
868 saved_LDFLAGS="$LDFLAGS"
869 save_LIBS="$LIBS"
870 dnl Check default zlib install dir
871 if test -n "${need_dash_r}"; then
872 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
873 else
874 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
875 fi
876 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
877 LIBS="$LIBS -lz"
878 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
879 [
880 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
881 ]
882 )
883 ]
884)
4ad65809 885AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
8068d564 886
887AC_ARG_WITH(zlib-version-check,
888 [ --without-zlib-version-check Disable zlib version check],
889 [ if test "x$withval" = "xno" ; then
890 zlib_check_nonfatal=1
891 fi
892 ]
893)
894
5c7fc85d 895AC_MSG_CHECKING(for possibly buggy zlib)
479cece8 896AC_RUN_IFELSE([AC_LANG_SOURCE([[
5c7fc85d 897#include <stdio.h>
4ad65809 898#include <zlib.h>
899int main()
900{
5c7fc85d 901 int a=0, b=0, c=0, d=0, n, v;
902 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
903 if (n != 3 && n != 4)
4ad65809 904 exit(1);
5c7fc85d 905 v = a*1000000 + b*10000 + c*100 + d;
906 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
907
908 /* 1.1.4 is OK */
909 if (a == 1 && b == 1 && c >= 4)
4ad65809 910 exit(0);
5c7fc85d 911
0072b59d 912 /* 1.2.3 and up are OK */
913 if (v >= 1020300)
5c7fc85d 914 exit(0);
915
4ad65809 916 exit(2);
917}
479cece8 918 ]])],
5c7fc85d 919 AC_MSG_RESULT(no),
920 [ AC_MSG_RESULT(yes)
8068d564 921 if test -z "$zlib_check_nonfatal" ; then
922 AC_MSG_ERROR([*** zlib too old - check config.log ***
923Your reported zlib version has known security problems. It's possible your
924vendor has fixed these problems without changing the version number. If you
925are sure this is the case, you can disable the check by running
926"./configure --without-zlib-version-check".
6090bcfe 927If you are in doubt, upgrade zlib to version 1.2.3 or greater.
5c7fc85d 928See http://www.gzip.org/zlib/ for details.])
8068d564 929 else
930 AC_MSG_WARN([zlib version may have security problems])
931 fi
1a01a50c 932 ],
933 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
4ad65809 934)
48e7916f 935
2c523de9 936dnl UnixWare 2.x
aff51935 937AC_CHECK_FUNC(strcasecmp,
2c523de9 938 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
939)
23361281 940AC_CHECK_FUNCS(utimes,
cda1ebcb 941 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
942 LIBS="$LIBS -lc89"]) ]
2c523de9 943)
4cca272e 944
7c6d759d 945dnl Checks for libutil functions
946AC_CHECK_HEADERS(libutil.h)
3466e002 947AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
948 [Define if your libraries define login()])])
7c6d759d 949AC_CHECK_FUNCS(logout updwtmp logwtmp)
950
a738c3b0 951AC_FUNC_STRFTIME
952
84ceda19 953# Check for ALTDIRFUNC glob() extension
954AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
955AC_EGREP_CPP(FOUNDIT,
956 [
957 #include <glob.h>
958 #ifdef GLOB_ALTDIRFUNC
959 FOUNDIT
960 #endif
aff51935 961 ],
84ceda19 962 [
3466e002 963 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
964 [Define if your system glob() function has
965 the GLOB_ALTDIRFUNC extension])
84ceda19 966 AC_MSG_RESULT(yes)
967 ],
968 [
969 AC_MSG_RESULT(no)
970 ]
971)
4cca272e 972
40849fdb 973# Check for g.gl_matchc glob() extension
974AC_MSG_CHECKING(for gl_matchc field in glob_t)
d90b9f9a 975AC_TRY_COMPILE(
13ff27b7 976 [ #include <glob.h> ],
977 [glob_t g; g.gl_matchc = 1;],
aff51935 978 [
3466e002 979 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
980 [Define if your system glob() function has
981 gl_matchc options in glob_t])
aff51935 982 AC_MSG_RESULT(yes)
983 ],
984 [
985 AC_MSG_RESULT(no)
986 ]
40849fdb 987)
988
78888bab 989AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
990
edbe6722 991AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1a01a50c 992AC_RUN_IFELSE(
479cece8 993 [AC_LANG_SOURCE([[
edbe6722 994#include <sys/types.h>
995#include <dirent.h>
aec4cb4f 996int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
479cece8 997 ]])],
aff51935 998 [AC_MSG_RESULT(yes)],
edbe6722 999 [
1000 AC_MSG_RESULT(no)
3466e002 1001 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
d08db6d1 1002 [Define if your struct dirent expects you to
3466e002 1003 allocate extra space for d_name])
1a01a50c 1004 ],
82f4e93d 1005 [
1a01a50c 1006 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1007 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
edbe6722 1008 ]
1009)
1010
419e26e7 1011AC_MSG_CHECKING([for /proc/pid/fd directory])
1012if test -d "/proc/$$/fd" ; then
3466e002 1013 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
419e26e7 1014 AC_MSG_RESULT(yes)
1015else
1016 AC_MSG_RESULT(no)
1017fi
1018
278588d8 1019# Check whether user wants S/Key support
aff51935 1020SKEY_MSG="no"
278588d8 1021AC_ARG_WITH(skey,
6ff3d0dc 1022 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
278588d8 1023 [
1024 if test "x$withval" != "xno" ; then
1025
1026 if test "x$withval" != "xyes" ; then
1027 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1028 LDFLAGS="$LDFLAGS -L${withval}/lib"
1029 fi
1030
3466e002 1031 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
278588d8 1032 LIBS="-lskey $LIBS"
aff51935 1033 SKEY_MSG="yes"
82f4e93d 1034
ddceb1c8 1035 AC_MSG_CHECKING([for s/key support])
b0e7249f 1036 AC_LINK_IFELSE(
1037 [AC_LANG_SOURCE([[
ddceb1c8 1038#include <stdio.h>
1039#include <skey.h>
aec4cb4f 1040int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
b0e7249f 1041 ]])],
ddceb1c8 1042 [AC_MSG_RESULT(yes)],
278588d8 1043 [
ddceb1c8 1044 AC_MSG_RESULT(no)
278588d8 1045 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1046 ])
141fc639 1047 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1048 AC_TRY_COMPILE(
1049 [#include <stdio.h>
1050 #include <skey.h>],
1051 [(void)skeychallenge(NULL,"name","",0);],
1052 [AC_MSG_RESULT(yes)
3466e002 1053 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1054 [Define if your skeychallenge()
1055 function takes 4 arguments (NetBSD)])],
141fc639 1056 [AC_MSG_RESULT(no)]
1057 )
278588d8 1058 fi
1059 ]
1060)
1061
1062# Check whether user wants TCP wrappers support
98a7c37b 1063TCPW_MSG="no"
278588d8 1064AC_ARG_WITH(tcp-wrappers,
6ff3d0dc 1065 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
278588d8 1066 [
1067 if test "x$withval" != "xno" ; then
1068 saved_LIBS="$LIBS"
98a7c37b 1069 saved_LDFLAGS="$LDFLAGS"
1070 saved_CPPFLAGS="$CPPFLAGS"
4b492aab 1071 if test -n "${withval}" && \
6cf0200f 1072 test "x${withval}" != "xyes"; then
98a7c37b 1073 if test -d "${withval}/lib"; then
1074 if test -n "${need_dash_r}"; then
5a162955 1075 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
98a7c37b 1076 else
5a162955 1077 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
98a7c37b 1078 fi
1079 else
1080 if test -n "${need_dash_r}"; then
5a162955 1081 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
98a7c37b 1082 else
5a162955 1083 LDFLAGS="-L${withval} ${LDFLAGS}"
98a7c37b 1084 fi
1085 fi
1086 if test -d "${withval}/include"; then
5a162955 1087 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
98a7c37b 1088 else
5a162955 1089 CPPFLAGS="-I${withval} ${CPPFLAGS}"
98a7c37b 1090 fi
98a7c37b 1091 fi
ddceb1c8 1092 LIBWRAP="-lwrap"
1093 LIBS="$LIBWRAP $LIBS"
278588d8 1094 AC_MSG_CHECKING(for libwrap)
1095 AC_TRY_LINK(
1096 [
77f09220 1097#include <sys/types.h>
1098#include <sys/socket.h>
1099#include <netinet/in.h>
278588d8 1100#include <tcpd.h>
1101 int deny_severity = 0, allow_severity = 0;
1102 ],
1103 [hosts_access(0);],
1104 [
1105 AC_MSG_RESULT(yes)
3466e002 1106 AC_DEFINE(LIBWRAP, 1,
1107 [Define if you want
1108 TCP Wrappers support])
ddceb1c8 1109 AC_SUBST(LIBWRAP)
98a7c37b 1110 TCPW_MSG="yes"
278588d8 1111 ],
1112 [
1113 AC_MSG_ERROR([*** libwrap missing])
1114 ]
1115 )
ddceb1c8 1116 LIBS="$saved_LIBS"
278588d8 1117 fi
1118 ]
1119)
1120
59031773 1121# Check whether user wants libedit support
1122LIBEDIT_MSG="no"
1123AC_ARG_WITH(libedit,
6ff3d0dc 1124 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
59031773 1125 [ if test "x$withval" != "xno" ; then
737edf04 1126 if test "x$withval" != "xyes"; then
bb116c8e 1127 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1128 if test -n "${need_dash_r}"; then
1129 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1130 else
1131 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1132 fi
737edf04 1133 fi
59031773 1134 AC_CHECK_LIB(edit, el_init,
3466e002 1135 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
59031773 1136 LIBEDIT="-ledit -lcurses"
1137 LIBEDIT_MSG="yes"
1138 AC_SUBST(LIBEDIT)
1139 ],
737edf04 1140 [ AC_MSG_ERROR(libedit not found) ],
1141 [ -lcurses ]
59031773 1142 )
f47ddccb 1143 AC_MSG_CHECKING(if libedit version is compatible)
d92622f9 1144 AC_COMPILE_IFELSE(
1145 [AC_LANG_SOURCE([[
1146#include <histedit.h>
f47ddccb 1147int main(void)
1148{
1149 int i = H_SETSIZE;
1150 el_init("", NULL, NULL, NULL);
1151 exit(0);
1152}
d92622f9 1153 ]])],
f47ddccb 1154 [ AC_MSG_RESULT(yes) ],
1155 [ AC_MSG_RESULT(no)
1156 AC_MSG_ERROR(libedit version is not compatible) ]
1157 )
59031773 1158 fi ]
1159)
1160
7b578f7d 1161AUDIT_MODULE=none
1162AC_ARG_WITH(audit,
1163 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1164 [
1165 AC_MSG_CHECKING(for supported audit module)
1166 case "$withval" in
1167 bsm)
1168 AC_MSG_RESULT(bsm)
1169 AUDIT_MODULE=bsm
1170 dnl Checks for headers, libs and functions
1171 AC_CHECK_HEADERS(bsm/audit.h, [],
a01f637d 1172 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1173 [
1174#ifdef HAVE_TIME_H
1175# include <time.h>
1176#endif
1177 ]
1178)
7b578f7d 1179 AC_CHECK_LIB(bsm, getaudit, [],
1180 [AC_MSG_ERROR(BSM enabled and required library not found)])
1181 AC_CHECK_FUNCS(getaudit, [],
1182 [AC_MSG_ERROR(BSM enabled and required function not found)])
1183 # These are optional
7939c496 1184 AC_CHECK_FUNCS(getaudit_addr)
3466e002 1185 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
7b578f7d 1186 ;;
1187 debug)
1188 AUDIT_MODULE=debug
1189 AC_MSG_RESULT(debug)
3466e002 1190 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
7b578f7d 1191 ;;
a2b3321d 1192 no)
d92622f9 1193 AC_MSG_RESULT(no)
a2b3321d 1194 ;;
7b578f7d 1195 *)
1196 AC_MSG_ERROR([Unknown audit module $withval])
1197 ;;
1198 esac ]
1199)
1200
19160674 1201dnl Checks for library functions. Please keep in alphabetical order
b04a9f8c 1202AC_CHECK_FUNCS( \
1203 arc4random \
9a406e1e 1204 asprintf \
b04a9f8c 1205 b64_ntop \
1206 __b64_ntop \
1207 b64_pton \
1208 __b64_pton \
1209 bcopy \
1210 bindresvport_sa \
1211 clock \
1212 closefrom \
1213 dirfd \
b04a9f8c 1214 fchmod \
1215 fchown \
1216 freeaddrinfo \
1217 futimes \
1218 getaddrinfo \
1219 getcwd \
1220 getgrouplist \
1221 getnameinfo \
1222 getopt \
1223 getpeereid \
1224 _getpty \
1225 getrlimit \
1226 getttyent \
1227 glob \
1228 inet_aton \
1229 inet_ntoa \
1230 inet_ntop \
1231 innetgr \
1232 login_getcapbool \
1233 md5_crypt \
1234 memmove \
1235 mkdtemp \
1236 mmap \
1237 ngetaddrinfo \
1238 nsleep \
1239 ogetaddrinfo \
1240 openlog_r \
1241 openpty \
1242 prctl \
1243 pstat \
1244 readpassphrase \
1245 realpath \
1246 recvmsg \
1247 rresvport_af \
1248 sendmsg \
1249 setdtablesize \
1250 setegid \
1251 setenv \
1252 seteuid \
1253 setgroups \
1254 setlogin \
1255 setpcred \
1256 setproctitle \
1257 setregid \
1258 setreuid \
1259 setrlimit \
1260 setsid \
1261 setvbuf \
1262 sigaction \
1263 sigvec \
1264 snprintf \
1265 socketpair \
1266 strdup \
1267 strerror \
1268 strlcat \
1269 strlcpy \
1270 strmode \
1271 strnvis \
1272 strtonum \
1e29a0c8 1273 strtoll \
b04a9f8c 1274 strtoul \
1275 sysconf \
1276 tcgetpgrp \
1277 truncate \
1278 unsetenv \
1279 updwtmpx \
9a406e1e 1280 vasprintf \
b04a9f8c 1281 vhangup \
1282 vsnprintf \
1283 waitpid \
19160674 1284)
98a7c37b 1285
1a086f97 1286# IRIX has a const char return value for gai_strerror()
1287AC_CHECK_FUNCS(gai_strerror,[
1288 AC_DEFINE(HAVE_GAI_STRERROR)
1289 AC_TRY_COMPILE([
1290#include <sys/types.h>
1291#include <sys/socket.h>
1292#include <netdb.h>
1293
1294const char *gai_strerror(int);],[
1295char *str;
1296
1297str = gai_strerror(0);],[
1298 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1299 [Define if gai_strerror() returns const char *])])])
1300
3466e002 1301AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1302 [Some systems put nanosleep outside of libc]))
92b1decf 1303
309709db 1304dnl Make sure prototypes are defined for these before using them.
309709db 1305AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
0957c2cf 1306AC_CHECK_DECL(strsep,
1307 [AC_CHECK_FUNCS(strsep)],
1308 [],
1309 [
1310#ifdef HAVE_STRING_H
1311# include <string.h>
1312#endif
1313 ])
08412d26 1314
3490699c 1315dnl tcsendbreak might be a macro
1316AC_CHECK_DECL(tcsendbreak,
1317 [AC_DEFINE(HAVE_TCSENDBREAK)],
aff51935 1318 [AC_CHECK_FUNCS(tcsendbreak)],
3490699c 1319 [#include <termios.h>]
1320)
1321
41e0e158 1322AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1323
71f4c727 1324AC_CHECK_DECLS(SHUT_RD, , ,
1325 [
1326#include <sys/types.h>
1327#include <sys/socket.h>
1328 ])
956d6743 1329
1330AC_CHECK_DECLS(O_NONBLOCK, , ,
1331 [
1332#include <sys/types.h>
1333#ifdef HAVE_SYS_STAT_H
1334# include <sys/stat.h>
1335#endif
1336#ifdef HAVE_FCNTL_H
1337# include <fcntl.h>
1338#endif
1339 ])
1340
752994dd 1341AC_CHECK_DECLS(writev, , , [
1342#include <sys/types.h>
1343#include <sys/uio.h>
1344#include <unistd.h>
1345 ])
1346
3f176010 1347AC_CHECK_FUNCS(setresuid, [
1348 dnl Some platorms have setresuid that isn't implemented, test for this
1349 AC_MSG_CHECKING(if setresuid seems to work)
479cece8 1350 AC_RUN_IFELSE(
1351 [AC_LANG_SOURCE([[
9a3fe0e2 1352#include <stdlib.h>
1353#include <errno.h>
1354int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
479cece8 1355 ]])],
3f176010 1356 [AC_MSG_RESULT(yes)],
3466e002 1357 [AC_DEFINE(BROKEN_SETRESUID, 1,
1358 [Define if your setresuid() is broken])
1a01a50c 1359 AC_MSG_RESULT(not implemented)],
1360 [AC_MSG_WARN([cross compiling: not checking setresuid])]
3f176010 1361 )
1362])
9a3fe0e2 1363
3f176010 1364AC_CHECK_FUNCS(setresgid, [
1365 dnl Some platorms have setresgid that isn't implemented, test for this
1366 AC_MSG_CHECKING(if setresgid seems to work)
479cece8 1367 AC_RUN_IFELSE(
1368 [AC_LANG_SOURCE([[
9a3fe0e2 1369#include <stdlib.h>
1370#include <errno.h>
1371int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
479cece8 1372 ]])],
3f176010 1373 [AC_MSG_RESULT(yes)],
3466e002 1374 [AC_DEFINE(BROKEN_SETRESGID, 1,
1375 [Define if your setresgid() is broken])
1a01a50c 1376 AC_MSG_RESULT(not implemented)],
1377 [AC_MSG_WARN([cross compiling: not checking setresuid])]
3f176010 1378 )
1379])
9a3fe0e2 1380
2e73a022 1381dnl Checks for time functions
1d7b9b20 1382AC_CHECK_FUNCS(gettimeofday time)
2e73a022 1383dnl Checks for utmp functions
b03bd394 1384AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1d7b9b20 1385AC_CHECK_FUNCS(utmpname)
2e73a022 1386dnl Checks for utmpx functions
b03bd394 1387AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1d7b9b20 1388AC_CHECK_FUNCS(setutxent utmpxname)
76cd7316 1389
aff51935 1390AC_CHECK_FUNC(daemon,
3466e002 1391 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1392 [AC_CHECK_LIB(bsd, daemon,
1393 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
beb43d31 1394)
1395
aff51935 1396AC_CHECK_FUNC(getpagesize,
3466e002 1397 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1398 [Define if your libraries define getpagesize()])],
1399 [AC_CHECK_LIB(ucb, getpagesize,
1400 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
aa6bd60a 1401)
1402
2647ae26 1403# Check for broken snprintf
1404if test "x$ac_cv_func_snprintf" = "xyes" ; then
1405 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1a01a50c 1406 AC_RUN_IFELSE(
479cece8 1407 [AC_LANG_SOURCE([[
2647ae26 1408#include <stdio.h>
aec4cb4f 1409int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
479cece8 1410 ]])],
aff51935 1411 [AC_MSG_RESULT(yes)],
2647ae26 1412 [
1413 AC_MSG_RESULT(no)
3466e002 1414 AC_DEFINE(BROKEN_SNPRINTF, 1,
1415 [Define if your snprintf is busted])
2647ae26 1416 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1a01a50c 1417 ],
1418 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2647ae26 1419 )
1420fi
1421
9a406e1e 1422# If we don't have a working asprintf, then we strongly depend on vsnprintf
1423# returning the right thing on overflow: the number of characters it tried to
1424# create (as per SUSv3)
1425if test "x$ac_cv_func_asprintf" != "xyes" && \
1426 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1427 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1428 AC_RUN_IFELSE(
1429 [AC_LANG_SOURCE([[
1430#include <sys/types.h>
1431#include <stdio.h>
1432#include <stdarg.h>
1433
1434int x_snprintf(char *str,size_t count,const char *fmt,...)
1435{
1436 size_t ret; va_list ap;
1437 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1438 return ret;
1439}
1440int main(void)
1441{
1442 char x[1];
1443 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1444} ]])],
1445 [AC_MSG_RESULT(yes)],
1446 [
1447 AC_MSG_RESULT(no)
1448 AC_DEFINE(BROKEN_SNPRINTF, 1,
1449 [Define if your snprintf is busted])
1450 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1451 ],
1452 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1453 )
1454fi
1455
31b0732a 1456# On systems where [v]snprintf is broken, but is declared in stdio,
1457# check that the fmt argument is const char * or just char *.
1458# This is only useful for when BROKEN_SNPRINTF
1459AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1460AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1461 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1462 int main(void) { snprintf(0, 0, 0); }
1463 ]])],
1464 [AC_MSG_RESULT(yes)
1465 AC_DEFINE(SNPRINTF_CONST, [const],
1466 [Define as const if snprintf() can declare const char *fmt])],
1467 [AC_MSG_RESULT(no)
1468 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1469
2f6f9cff 1470# Check for missing getpeereid (or equiv) support
1471NO_PEERCHECK=""
1472if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1473 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1474 AC_TRY_COMPILE(
1475 [#include <sys/types.h>
1476 #include <sys/socket.h>],
1477 [int i = SO_PEERCRED;],
62eb7db4 1478 [ AC_MSG_RESULT(yes)
3466e002 1479 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
62eb7db4 1480 ],
2f6f9cff 1481 [AC_MSG_RESULT(no)
1482 NO_PEERCHECK=1]
1483 )
1484fi
1485
70e7d0b0 1486dnl see whether mkstemp() requires XXXXXX
1487if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1488AC_MSG_CHECKING([for (overly) strict mkstemp])
b0e7249f 1489AC_RUN_IFELSE(
1490 [AC_LANG_SOURCE([[
70e7d0b0 1491#include <stdlib.h>
1492main() { char template[]="conftest.mkstemp-test";
1493if (mkstemp(template) == -1)
1494 exit(1);
1495unlink(template); exit(0);
1496}
b0e7249f 1497 ]])],
70e7d0b0 1498 [
1499 AC_MSG_RESULT(no)
1500 ],
aff51935 1501 [
70e7d0b0 1502 AC_MSG_RESULT(yes)
3466e002 1503 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
70e7d0b0 1504 ],
1505 [
1506 AC_MSG_RESULT(yes)
1507 AC_DEFINE(HAVE_STRICT_MKSTEMP)
aff51935 1508 ]
70e7d0b0 1509)
1510fi
1511
eacb954e 1512dnl make sure that openpty does not reacquire controlling terminal
1513if test ! -z "$check_for_openpty_ctty_bug"; then
1514 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
b0e7249f 1515 AC_RUN_IFELSE(
1516 [AC_LANG_SOURCE([[
eacb954e 1517#include <stdio.h>
1518#include <sys/fcntl.h>
1519#include <sys/types.h>
1520#include <sys/wait.h>
1521
1522int
1523main()
1524{
1525 pid_t pid;
1526 int fd, ptyfd, ttyfd, status;
1527
1528 pid = fork();
1529 if (pid < 0) { /* failed */
1530 exit(1);
1531 } else if (pid > 0) { /* parent */
1532 waitpid(pid, &status, 0);
aff51935 1533 if (WIFEXITED(status))
eacb954e 1534 exit(WEXITSTATUS(status));
1535 else
1536 exit(2);
1537 } else { /* child */
1538 close(0); close(1); close(2);
1539 setsid();
1540 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1541 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1542 if (fd >= 0)
1543 exit(3); /* Acquired ctty: broken */
1544 else
1545 exit(0); /* Did not acquire ctty: OK */
1546 }
1547}
b0e7249f 1548 ]])],
eacb954e 1549 [
1550 AC_MSG_RESULT(yes)
1551 ],
1552 [
1553 AC_MSG_RESULT(no)
1554 AC_DEFINE(SSHD_ACQUIRES_CTTY)
b0e7249f 1555 ],
1556 [
1557 AC_MSG_RESULT(cross-compiling, assuming yes)
eacb954e 1558 ]
1559 )
1560fi
1561
4b492aab 1562if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1563 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2fe51906 1564 AC_MSG_CHECKING(if getaddrinfo seems to work)
b0e7249f 1565 AC_RUN_IFELSE(
1566 [AC_LANG_SOURCE([[
2fe51906 1567#include <stdio.h>
1568#include <sys/socket.h>
1569#include <netdb.h>
1570#include <errno.h>
1571#include <netinet/in.h>
1572
1573#define TEST_PORT "2222"
1574
1575int
1576main(void)
1577{
1578 int err, sock;
1579 struct addrinfo *gai_ai, *ai, hints;
1580 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1581
1582 memset(&hints, 0, sizeof(hints));
1583 hints.ai_family = PF_UNSPEC;
1584 hints.ai_socktype = SOCK_STREAM;
1585 hints.ai_flags = AI_PASSIVE;
1586
1587 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1588 if (err != 0) {
1589 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1590 exit(1);
1591 }
1592
1593 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1594 if (ai->ai_family != AF_INET6)
1595 continue;
1596
1597 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1598 sizeof(ntop), strport, sizeof(strport),
1599 NI_NUMERICHOST|NI_NUMERICSERV);
1600
1601 if (err != 0) {
1602 if (err == EAI_SYSTEM)
1603 perror("getnameinfo EAI_SYSTEM");
1604 else
1605 fprintf(stderr, "getnameinfo failed: %s\n",
1606 gai_strerror(err));
1607 exit(2);
1608 }
1609
1610 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1611 if (sock < 0)
1612 perror("socket");
1613 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1614 if (errno == EBADF)
1615 exit(3);
1616 }
1617 }
1618 exit(0);
1619}
b0e7249f 1620 ]])],
2fe51906 1621 [
1622 AC_MSG_RESULT(yes)
1623 ],
1624 [
1625 AC_MSG_RESULT(no)
1626 AC_DEFINE(BROKEN_GETADDRINFO)
b0e7249f 1627 ],
1628 [
1629 AC_MSG_RESULT(cross-compiling, assuming yes)
2fe51906 1630 ]
1631 )
1632fi
1633
4b492aab 1634if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1635 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
5ccf88cb 1636 AC_MSG_CHECKING(if getaddrinfo seems to work)
b0e7249f 1637 AC_RUN_IFELSE(
1638 [AC_LANG_SOURCE([[
5ccf88cb 1639#include <stdio.h>
1640#include <sys/socket.h>
1641#include <netdb.h>
1642#include <errno.h>
1643#include <netinet/in.h>
1644
1645#define TEST_PORT "2222"
1646
1647int
1648main(void)
1649{
1650 int err, sock;
1651 struct addrinfo *gai_ai, *ai, hints;
1652 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1653
1654 memset(&hints, 0, sizeof(hints));
1655 hints.ai_family = PF_UNSPEC;
1656 hints.ai_socktype = SOCK_STREAM;
1657 hints.ai_flags = AI_PASSIVE;
1658
1659 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1660 if (err != 0) {
1661 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1662 exit(1);
1663 }
1664
1665 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1666 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1667 continue;
1668
1669 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1670 sizeof(ntop), strport, sizeof(strport),
1671 NI_NUMERICHOST|NI_NUMERICSERV);
1672
1673 if (ai->ai_family == AF_INET && err != 0) {
1674 perror("getnameinfo");
1675 exit(2);
1676 }
1677 }
1678 exit(0);
1679}
b0e7249f 1680 ]])],
5ccf88cb 1681 [
1682 AC_MSG_RESULT(yes)
3466e002 1683 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1684 [Define if you have a getaddrinfo that fails
1685 for the all-zeros IPv6 address])
5ccf88cb 1686 ],
1687 [
1688 AC_MSG_RESULT(no)
1689 AC_DEFINE(BROKEN_GETADDRINFO)
b0e7249f 1690 ],
ecd9ec09 1691 [
b0e7249f 1692 AC_MSG_RESULT(cross-compiling, assuming no)
5ccf88cb 1693 ]
1694 )
1695fi
1696
b29fd59f 1697if test "x$check_for_conflicting_getspnam" = "x1"; then
1698 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1699 AC_COMPILE_IFELSE(
1700 [
1701#include <shadow.h>
1702int main(void) {exit(0);}
1703 ],
1704 [
1705 AC_MSG_RESULT(no)
1706 ],
1707 [
1708 AC_MSG_RESULT(yes)
1709 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1710 [Conflicting defs for getspnam])
1711 ]
1712 )
1713fi
1714
7f8f5e00 1715AC_FUNC_GETPGRP
1716
5b991353 1717# Search for OpenSSL
1718saved_CPPFLAGS="$CPPFLAGS"
1719saved_LDFLAGS="$LDFLAGS"
a0391976 1720AC_ARG_WITH(ssl-dir,
1721 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1722 [
e9e4a1c7 1723 if test "x$withval" != "xno" ; then
99eb0f64 1724 case "$withval" in
1725 # Relative paths
1726 ./*|../*) withval="`pwd`/$withval"
1727 esac
5b991353 1728 if test -d "$withval/lib"; then
1729 if test -n "${need_dash_r}"; then
1730 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1731 else
1732 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
d6f13fbb 1733 fi
1734 else
5b991353 1735 if test -n "${need_dash_r}"; then
1736 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1737 else
1738 LDFLAGS="-L${withval} ${LDFLAGS}"
d6f13fbb 1739 fi
1740 fi
5b991353 1741 if test -d "$withval/include"; then
1742 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
d6f13fbb 1743 else
5b991353 1744 CPPFLAGS="-I${withval} ${CPPFLAGS}"
58d100bf 1745 fi
a0391976 1746 fi
5b991353 1747 ]
1748)
5486a457 1749LIBS="-lcrypto $LIBS"
3466e002 1750AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1751 [Define if your ssl headers are included
1752 with #include <openssl/header.h>]),
d45e3d76 1753 [
5b991353 1754 dnl Check default openssl install dir
1755 if test -n "${need_dash_r}"; then
1756 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
d45e3d76 1757 else
5b991353 1758 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
d45e3d76 1759 fi
5b991353 1760 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1761 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1762 [
1763 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1764 ]
1765 )
1766 ]
1767)
1768
cd018561 1769# Determine OpenSSL header version
1770AC_MSG_CHECKING([OpenSSL header version])
1a01a50c 1771AC_RUN_IFELSE(
479cece8 1772 [AC_LANG_SOURCE([[
cd018561 1773#include <stdio.h>
1774#include <string.h>
1775#include <openssl/opensslv.h>
1776#define DATA "conftest.sslincver"
1777int main(void) {
aff51935 1778 FILE *fd;
1779 int rc;
cd018561 1780
aff51935 1781 fd = fopen(DATA,"w");
1782 if(fd == NULL)
1783 exit(1);
cd018561 1784
1785 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1786 exit(1);
1787
1788 exit(0);
1789}
479cece8 1790 ]])],
cd018561 1791 [
1792 ssl_header_ver=`cat conftest.sslincver`
1793 AC_MSG_RESULT($ssl_header_ver)
1794 ],
1795 [
1796 AC_MSG_RESULT(not found)
1797 AC_MSG_ERROR(OpenSSL version header not found.)
1a01a50c 1798 ],
1799 [
1800 AC_MSG_WARN([cross compiling: not checking])
cd018561 1801 ]
1802)
1803
1804# Determine OpenSSL library version
1805AC_MSG_CHECKING([OpenSSL library version])
1a01a50c 1806AC_RUN_IFELSE(
479cece8 1807 [AC_LANG_SOURCE([[
cd018561 1808#include <stdio.h>
1809#include <string.h>
1810#include <openssl/opensslv.h>
1811#include <openssl/crypto.h>
1812#define DATA "conftest.ssllibver"
1813int main(void) {
aff51935 1814 FILE *fd;
1815 int rc;
cd018561 1816
aff51935 1817 fd = fopen(DATA,"w");
1818 if(fd == NULL)
1819 exit(1);
cd018561 1820
1821 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1822 exit(1);
1823
1824 exit(0);
1825}
479cece8 1826 ]])],
cd018561 1827 [
1828 ssl_library_ver=`cat conftest.ssllibver`
1829 AC_MSG_RESULT($ssl_library_ver)
1830 ],
1831 [
1832 AC_MSG_RESULT(not found)
1833 AC_MSG_ERROR(OpenSSL library not found.)
1a01a50c 1834 ],
1835 [
1836 AC_MSG_WARN([cross compiling: not checking])
cd018561 1837 ]
1838)
58d100bf 1839
9780116c 1840# Sanity check OpenSSL headers
1841AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1a01a50c 1842AC_RUN_IFELSE(
479cece8 1843 [AC_LANG_SOURCE([[
9780116c 1844#include <string.h>
1845#include <openssl/opensslv.h>
aec4cb4f 1846int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
479cece8 1847 ]])],
9780116c 1848 [
1849 AC_MSG_RESULT(yes)
1850 ],
1851 [
1852 AC_MSG_RESULT(no)
e15ba28b 1853 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1854Check config.log for details.
1855Also see contrib/findssl.sh for help identifying header/library mismatches.])
1a01a50c 1856 ],
1857 [
1858 AC_MSG_WARN([cross compiling: not checking])
9780116c 1859 ]
1860)
1861
282d6408 1862AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1863AC_LINK_IFELSE(
1864 [AC_LANG_SOURCE([[
1865#include <openssl/evp.h>
1866int main(void) { SSLeay_add_all_algorithms(); }
1867 ]])],
1868 [
1869 AC_MSG_RESULT(yes)
1870 ],
1871 [
1872 AC_MSG_RESULT(no)
1873 saved_LIBS="$LIBS"
1874 LIBS="$LIBS -ldl"
1875 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1876 AC_LINK_IFELSE(
1877 [AC_LANG_SOURCE([[
1878#include <openssl/evp.h>
1879int main(void) { SSLeay_add_all_algorithms(); }
1880 ]])],
1881 [
1882 AC_MSG_RESULT(yes)
1883 ],
1884 [
1885 AC_MSG_RESULT(no)
1886 LIBS="$saved_LIBS"
1887 ]
1888 )
1889 ]
1890)
1891
c7ad0d99 1892AC_ARG_WITH(ssl-engine,
1893 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1894 [ if test "x$withval" != "xno" ; then
1895 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1896 AC_TRY_COMPILE(
1897 [ #include <openssl/engine.h>],
1898 [
1899int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1900 ],
1901 [ AC_MSG_RESULT(yes)
1902 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1903 [Enable OpenSSL engine support])
1904 ],
1905 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1906 )
1907 fi ]
1908)
1909
e5146707 1910# Check for OpenSSL without EVP_aes_{192,256}_cbc
1911AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3e05aa50 1912AC_LINK_IFELSE(
e5146707 1913 [AC_LANG_SOURCE([[
1914#include <string.h>
1915#include <openssl/evp.h>
300ea548 1916int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
e5146707 1917 ]])],
1918 [
1919 AC_MSG_RESULT(no)
1920 ],
1921 [
1922 AC_MSG_RESULT(yes)
1923 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1924 [libcrypto is missing AES 192 and 256 bit functions])
1925 ]
1926)
1927
5486a457 1928# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1929# because the system crypt() is more featureful.
1930if test "x$check_for_libcrypt_before" = "x1"; then
1931 AC_CHECK_LIB(crypt, crypt)
1932fi
1933
aff51935 1934# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
8087c5ee 1935# version in OpenSSL.
05114c74 1936if test "x$check_for_libcrypt_later" = "x1"; then
20cad736 1937 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
717057b6 1938fi
1939
13ff27b7 1940# Search for SHA256 support in libc and/or OpenSSL
1941AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1942
4c653d8e 1943AC_CHECK_LIB(iaf, ia_openinfo)
f1b0ecc3 1944
1945### Configure cryptographic random number support
1946
1947# Check wheter OpenSSL seeds itself
1948AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1a01a50c 1949AC_RUN_IFELSE(
479cece8 1950 [AC_LANG_SOURCE([[
f1b0ecc3 1951#include <string.h>
1952#include <openssl/rand.h>
aec4cb4f 1953int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
479cece8 1954 ]])],
f1b0ecc3 1955 [
1956 OPENSSL_SEEDS_ITSELF=yes
1957 AC_MSG_RESULT(yes)
1958 ],
1959 [
1960 AC_MSG_RESULT(no)
1961 # Default to use of the rand helper if OpenSSL doesn't
1962 # seed itself
1963 USE_RAND_HELPER=yes
1a01a50c 1964 ],
1965 [
1966 AC_MSG_WARN([cross compiling: assuming yes])
1967 # This is safe, since all recent OpenSSL versions will
82f4e93d 1968 # complain at runtime if not seeded correctly.
1a01a50c 1969 OPENSSL_SEEDS_ITSELF=yes
f1b0ecc3 1970 ]
1971)
1972
a086f73b 1973# Check for PAM libs
1974PAM_MSG="no"
1975AC_ARG_WITH(pam,
1976 [ --with-pam Enable PAM support ],
1977 [
1978 if test "x$withval" != "xno" ; then
1979 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1980 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1981 AC_MSG_ERROR([PAM headers not found])
1982 fi
1983
1984 saved_LIBS="$LIBS"
1985 AC_CHECK_LIB(dl, dlopen, , )
1986 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1987 AC_CHECK_FUNCS(pam_getenvlist)
1988 AC_CHECK_FUNCS(pam_putenv)
1989 LIBS="$saved_LIBS"
1990
1991 PAM_MSG="yes"
1992
282d6408 1993 LIBPAM="-lpam"
a086f73b 1994 AC_DEFINE(USE_PAM, 1,
1995 [Define if you want to enable PAM support])
282d6408 1996
a086f73b 1997 if test $ac_cv_lib_dl_dlopen = yes; then
282d6408 1998 case "$LIBS" in
1999 *-ldl*)
2000 # libdl already in LIBS
2001 ;;
2002 *)
08164407 2003 LIBPAM="$LIBPAM -ldl"
282d6408 2004 ;;
2005 esac
a086f73b 2006 fi
2007 AC_SUBST(LIBPAM)
2008 fi
2009 ]
2010)
2011
2012# Check for older PAM
2013if test "x$PAM_MSG" = "xyes" ; then
2014 # Check PAM strerror arguments (old PAM)
2015 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2016 AC_TRY_COMPILE(
2017 [
2018#include <stdlib.h>
2019#if defined(HAVE_SECURITY_PAM_APPL_H)
2020#include <security/pam_appl.h>
2021#elif defined (HAVE_PAM_PAM_APPL_H)
2022#include <pam/pam_appl.h>
2023#endif
2024 ],
2025 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2026 [AC_MSG_RESULT(no)],
2027 [
2028 AC_DEFINE(HAVE_OLD_PAM, 1,
2029 [Define if you have an old version of PAM
2030 which takes only one argument to pam_strerror])
2031 AC_MSG_RESULT(yes)
2032 PAM_MSG="yes (old library)"
2033 ]
2034 )
2035fi
f1b0ecc3 2036
2037# Do we want to force the use of the rand helper?
2038AC_ARG_WITH(rand-helper,
2039 [ --with-rand-helper Use subprocess to gather strong randomness ],
2040 [
2041 if test "x$withval" = "xno" ; then
aff51935 2042 # Force use of OpenSSL's internal RNG, even if
f1b0ecc3 2043 # the previous test showed it to be unseeded.
2044 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2045 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2046 OPENSSL_SEEDS_ITSELF=yes
2047 USE_RAND_HELPER=""
2048 fi
2049 else
2050 USE_RAND_HELPER=yes
2051 fi
2052 ],
82f4e93d 2053)
f1b0ecc3 2054
2055# Which randomness source do we use?
4b492aab 2056if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
f1b0ecc3 2057 # OpenSSL only
3466e002 2058 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2059 [Define if you want OpenSSL's internally seeded PRNG only])
f1b0ecc3 2060 RAND_MSG="OpenSSL internal ONLY"
2061 INSTALL_SSH_RAND_HELPER=""
70e2f2f3 2062elif test ! -z "$USE_RAND_HELPER" ; then
2063 # install rand helper
f1b0ecc3 2064 RAND_MSG="ssh-rand-helper"
2065 INSTALL_SSH_RAND_HELPER="yes"
2066fi
2067AC_SUBST(INSTALL_SSH_RAND_HELPER)
2068
2069### Configuration of ssh-rand-helper
2070
2071# PRNGD TCP socket
2072AC_ARG_WITH(prngd-port,
2073 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2074 [
eb5d7ff6 2075 case "$withval" in
2076 no)
2077 withval=""
2078 ;;
2079 [[0-9]]*)
2080 ;;
2081 *)
2082 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2083 ;;
2084 esac
2085 if test ! -z "$withval" ; then
f1b0ecc3 2086 PRNGD_PORT="$withval"
3466e002 2087 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2088 [Port number of PRNGD/EGD random number socket])
f1b0ecc3 2089 fi
2090 ]
2091)
2092
2093# PRNGD Unix domain socket
2094AC_ARG_WITH(prngd-socket,
2095 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2096 [
eb5d7ff6 2097 case "$withval" in
2098 yes)
f1b0ecc3 2099 withval="/var/run/egd-pool"
eb5d7ff6 2100 ;;
2101 no)
2102 withval=""
2103 ;;
2104 /*)
2105 ;;
2106 *)
2107 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2108 ;;
2109 esac
2110
2111 if test ! -z "$withval" ; then
f1b0ecc3 2112 if test ! -z "$PRNGD_PORT" ; then
2113 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2114 fi
906e811b 2115 if test ! -r "$withval" ; then
f1b0ecc3 2116 AC_MSG_WARN(Entropy socket is not readable)
2117 fi
2118 PRNGD_SOCKET="$withval"
3466e002 2119 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2120 [Location of PRNGD/EGD random number socket])
f1b0ecc3 2121 fi
ddceb1c8 2122 ],
2123 [
2124 # Check for existing socket only if we don't have a random device already
2125 if test "$USE_RAND_HELPER" = yes ; then
2126 AC_MSG_CHECKING(for PRNGD/EGD socket)
2127 # Insert other locations here
2128 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2129 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2130 PRNGD_SOCKET="$sock"
2131 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2132 break;
2133 fi
2134 done
2135 if test ! -z "$PRNGD_SOCKET" ; then
2136 AC_MSG_RESULT($PRNGD_SOCKET)
2137 else
2138 AC_MSG_RESULT(not found)
2139 fi
2140 fi
f1b0ecc3 2141 ]
2142)
2143
2144# Change default command timeout for hashing entropy source
2145entropy_timeout=200
2146AC_ARG_WITH(entropy-timeout,
2147 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2148 [
6cf0200f 2149 if test -n "$withval" && test "x$withval" != "xno" && \
2150 test "x${withval}" != "xyes"; then
f1b0ecc3 2151 entropy_timeout=$withval
2152 fi
82f4e93d 2153 ]
f1b0ecc3 2154)
3466e002 2155AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2156 [Builtin PRNG command timeout])
f1b0ecc3 2157
fd3cbf67 2158SSH_PRIVSEP_USER=sshd
9a0fbcb3 2159AC_ARG_WITH(privsep-user,
5222e7ef 2160 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
9a0fbcb3 2161 [
6cf0200f 2162 if test -n "$withval" && test "x$withval" != "xno" && \
2163 test "x${withval}" != "xyes"; then
fd3cbf67 2164 SSH_PRIVSEP_USER=$withval
9a0fbcb3 2165 fi
82f4e93d 2166 ]
9a0fbcb3 2167)
3466e002 2168AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2169 [non-privileged user for privilege separation])
fd3cbf67 2170AC_SUBST(SSH_PRIVSEP_USER)
9a0fbcb3 2171
81dadca3 2172# We do this little dance with the search path to insure
2173# that programs that we select for use by installed programs
2174# (which may be run by the super-user) come from trusted
2175# locations before they come from the user's private area.
2176# This should help avoid accidentally configuring some
2177# random version of a program in someone's personal bin.
2178
2179OPATH=$PATH
2180PATH=/bin:/usr/bin
f95c8ce8 2181test -h /bin 2> /dev/null && PATH=/usr/bin
81dadca3 2182test -d /sbin && PATH=$PATH:/sbin
2183test -d /usr/sbin && PATH=$PATH:/usr/sbin
2184PATH=$PATH:/etc:$OPATH
2185
aff51935 2186# These programs are used by the command hashing source to gather entropy
f1b0ecc3 2187OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2188OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2189OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2190OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2191OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2192OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2193OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2194OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2195OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2196OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2197OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2198OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2199OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2200OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2201OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2202OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
81dadca3 2203# restore PATH
2204PATH=$OPATH
f1b0ecc3 2205
2206# Where does ssh-rand-helper get its randomness from?
2207INSTALL_SSH_PRNG_CMDS=""
2208if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2209 if test ! -z "$PRNGD_PORT" ; then
2210 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2211 elif test ! -z "$PRNGD_SOCKET" ; then
2212 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2213 else
2214 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2215 RAND_HELPER_CMDHASH=yes
2216 INSTALL_SSH_PRNG_CMDS="yes"
2217 fi
2218fi
2219AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2220
2221
66d6c27e 2222# Cheap hack to ensure NEWS-OS libraries are arranged right.
2223if test ! -z "$SONY" ; then
2224 LIBS="$LIBS -liberty";
2225fi
2226
9a406e1e 2227# Check for long long datatypes
2228AC_CHECK_TYPES([long long, unsigned long long, long double])
2229
2230# Check datatype sizes
976f7e19 2231AC_CHECK_SIZEOF(char, 1)
2b942fe0 2232AC_CHECK_SIZEOF(short int, 2)
2233AC_CHECK_SIZEOF(int, 4)
2234AC_CHECK_SIZEOF(long int, 4)
2235AC_CHECK_SIZEOF(long long int, 8)
2236
52f1ccb2 2237# Sanity check long long for some platforms (AIX)
2238if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2239 ac_cv_sizeof_long_long_int=0
2240fi
2241
90f15776 2242# compute LLONG_MIN and LLONG_MAX if we don't know them.
2243if test -z "$have_llong_max"; then
2244 AC_MSG_CHECKING([for max value of long long])
2245 AC_RUN_IFELSE(
2246 [AC_LANG_SOURCE([[
2247#include <stdio.h>
2248/* Why is this so damn hard? */
2249#ifdef __GNUC__
2250# undef __GNUC__
2251#endif
2252#define __USE_ISOC99
2253#include <limits.h>
2254#define DATA "conftest.llminmax"
055252ed 2255#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2256
2257/*
2258 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2259 * we do this the hard way.
2260 */
2261static int
2262fprint_ll(FILE *f, long long n)
2263{
2264 unsigned int i;
2265 int l[sizeof(long long) * 8];
2266
2267 if (n < 0)
2268 if (fprintf(f, "-") < 0)
2269 return -1;
2270 for (i = 0; n != 0; i++) {
2271 l[i] = my_abs(n % 10);
2272 n /= 10;
2273 }
2274 do {
2275 if (fprintf(f, "%d", l[--i]) < 0)
2276 return -1;
2277 } while (i != 0);
2278 if (fprintf(f, " ") < 0)
2279 return -1;
2280 return 0;
2281}
2282
90f15776 2283int main(void) {
2284 FILE *f;
2285 long long i, llmin, llmax = 0;
2286
2287 if((f = fopen(DATA,"w")) == NULL)
2288 exit(1);
2289
2290#if defined(LLONG_MIN) && defined(LLONG_MAX)
2291 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2292 llmin = LLONG_MIN;
2293 llmax = LLONG_MAX;
2294#else
2295 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2296 /* This will work on one's complement and two's complement */
2297 for (i = 1; i > llmax; i <<= 1, i++)
2298 llmax = i;
2299 llmin = llmax + 1LL; /* wrap */
2300#endif
2301
2302 /* Sanity check */
2303 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
055252ed 2304 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2305 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
90f15776 2306 fprintf(f, "unknown unknown\n");
2307 exit(2);
2308 }
2309
055252ed 2310 if (fprint_ll(f, llmin) < 0)
90f15776 2311 exit(3);
055252ed 2312 if (fprint_ll(f, llmax) < 0)
2313 exit(4);
2314 if (fclose(f) < 0)
2315 exit(5);
90f15776 2316 exit(0);
2317}
2318 ]])],
2319 [
2320 llong_min=`$AWK '{print $1}' conftest.llminmax`
2321 llong_max=`$AWK '{print $2}' conftest.llminmax`
2322
90f15776 2323 AC_MSG_RESULT($llong_max)
2324 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2325 [max value of long long calculated by configure])
2326 AC_MSG_CHECKING([for min value of long long])
2327 AC_MSG_RESULT($llong_min)
2328 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2329 [min value of long long calculated by configure])
2330 ],
2331 [
2332 AC_MSG_RESULT(not found)
2333 ],
2334 [
2335 AC_MSG_WARN([cross compiling: not checking])
2336 ]
2337 )
2338fi
2339
2340
a0391976 2341# More checks for data types
14a9a859 2342AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2343 AC_TRY_COMPILE(
aff51935 2344 [ #include <sys/types.h> ],
2345 [ u_int a; a = 1;],
14a9a859 2346 [ ac_cv_have_u_int="yes" ],
2347 [ ac_cv_have_u_int="no" ]
2348 )
2349])
2350if test "x$ac_cv_have_u_int" = "xyes" ; then
3466e002 2351 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
14a9a859 2352 have_u_int=1
2353fi
2354
58d100bf 2355AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2356 AC_TRY_COMPILE(
aff51935 2357 [ #include <sys/types.h> ],
2358 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
58d100bf 2359 [ ac_cv_have_intxx_t="yes" ],
2360 [ ac_cv_have_intxx_t="no" ]
2361 )
2362])
2363if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3466e002 2364 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
58d100bf 2365 have_intxx_t=1
2366fi
41cb4569 2367
2368if (test -z "$have_intxx_t" && \
aff51935 2369 test "x$ac_cv_header_stdint_h" = "xyes")
41cb4569 2370then
2371 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2372 AC_TRY_COMPILE(
aff51935 2373 [ #include <stdint.h> ],
2374 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
41cb4569 2375 [
2376 AC_DEFINE(HAVE_INTXX_T)
2377 AC_MSG_RESULT(yes)
2378 ],
2379 [ AC_MSG_RESULT(no) ]
2380 )
2381fi
2382
bd590612 2383AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2384 AC_TRY_COMPILE(
1cbbe6c8 2385 [
2386#include <sys/types.h>
2387#ifdef HAVE_STDINT_H
2388# include <stdint.h>
2389#endif
2390#include <sys/socket.h>
2391#ifdef HAVE_SYS_BITYPES_H
2392# include <sys/bitypes.h>
2393#endif
aff51935 2394 ],
2395 [ int64_t a; a = 1;],
bd590612 2396 [ ac_cv_have_int64_t="yes" ],
2397 [ ac_cv_have_int64_t="no" ]
2398 )
2399])
2400if test "x$ac_cv_have_int64_t" = "xyes" ; then
3466e002 2401 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
ddceb1c8 2402fi
2403
58d100bf 2404AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2405 AC_TRY_COMPILE(
aff51935 2406 [ #include <sys/types.h> ],
2407 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
58d100bf 2408 [ ac_cv_have_u_intxx_t="yes" ],
2409 [ ac_cv_have_u_intxx_t="no" ]
2410 )
2411])
2412if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3466e002 2413 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
58d100bf 2414 have_u_intxx_t=1
2415fi
2b942fe0 2416
41cb4569 2417if test -z "$have_u_intxx_t" ; then
2418 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2419 AC_TRY_COMPILE(
aff51935 2420 [ #include <sys/socket.h> ],
2421 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
41cb4569 2422 [
2423 AC_DEFINE(HAVE_U_INTXX_T)
2424 AC_MSG_RESULT(yes)
2425 ],
2426 [ AC_MSG_RESULT(no) ]
2427 )
2428fi
2429
bd590612 2430AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2431 AC_TRY_COMPILE(
aff51935 2432 [ #include <sys/types.h> ],
2433 [ u_int64_t a; a = 1;],
bd590612 2434 [ ac_cv_have_u_int64_t="yes" ],
2435 [ ac_cv_have_u_int64_t="no" ]
2436 )
2437])
2438if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3466e002 2439 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
bd590612 2440 have_u_int64_t=1
2441fi
2442
ddceb1c8 2443if test -z "$have_u_int64_t" ; then
2444 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2445 AC_TRY_COMPILE(
aff51935 2446 [ #include <sys/bitypes.h> ],
ddceb1c8 2447 [ u_int64_t a; a = 1],
2448 [
2449 AC_DEFINE(HAVE_U_INT64_T)
2450 AC_MSG_RESULT(yes)
2451 ],
2452 [ AC_MSG_RESULT(no) ]
2453 )
2454fi
2455
41cb4569 2456if test -z "$have_u_intxx_t" ; then
2457 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2458 AC_TRY_COMPILE(
2459 [
2460#include <sys/types.h>
aff51935 2461 ],
2462 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
41cb4569 2463 [ ac_cv_have_uintxx_t="yes" ],
2464 [ ac_cv_have_uintxx_t="no" ]
2465 )
2466 ])
2467 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3466e002 2468 AC_DEFINE(HAVE_UINTXX_T, 1,
2469 [define if you have uintxx_t data type])
41cb4569 2470 fi
2471fi
2472
2473if test -z "$have_uintxx_t" ; then
2474 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2475 AC_TRY_COMPILE(
aff51935 2476 [ #include <stdint.h> ],
2477 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
41cb4569 2478 [
2479 AC_DEFINE(HAVE_UINTXX_T)
2480 AC_MSG_RESULT(yes)
2481 ],
2482 [ AC_MSG_RESULT(no) ]
2483 )
2484fi
2485
e5fe9a1f 2486if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
aff51935 2487 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
5cdfe03f 2488then
2489 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2490 AC_TRY_COMPILE(
58d100bf 2491 [
2492#include <sys/bitypes.h>
aff51935 2493 ],
5cdfe03f 2494 [
837c30b8 2495 int8_t a; int16_t b; int32_t c;
2496 u_int8_t e; u_int16_t f; u_int32_t g;
2497 a = b = c = e = f = g = 1;
aff51935 2498 ],
5cdfe03f 2499 [
2500 AC_DEFINE(HAVE_U_INTXX_T)
2501 AC_DEFINE(HAVE_INTXX_T)
2502 AC_MSG_RESULT(yes)
2503 ],
2504 [AC_MSG_RESULT(no)]
aff51935 2505 )
5cdfe03f 2506fi
2507
0362750e 2508
2509AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2510 AC_TRY_COMPILE(
2511 [
2512#include <sys/types.h>
2513 ],
2514 [ u_char foo; foo = 125; ],
2515 [ ac_cv_have_u_char="yes" ],
2516 [ ac_cv_have_u_char="no" ]
2517 )
2518])
2519if test "x$ac_cv_have_u_char" = "xyes" ; then
3466e002 2520 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
0362750e 2521fi
2522
98a7c37b 2523TYPE_SOCKLEN_T
2b942fe0 2524
2d16d9a3 2525AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
ddceb1c8 2526
777ece68 2527AC_CHECK_TYPES(in_addr_t,,,
2528[#include <sys/types.h>
2529#include <netinet/in.h>])
7b578f7d 2530
58d100bf 2531AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2532 AC_TRY_COMPILE(
2533 [
18ba2aab 2534#include <sys/types.h>
58d100bf 2535 ],
2536 [ size_t foo; foo = 1235; ],
2537 [ ac_cv_have_size_t="yes" ],
2538 [ ac_cv_have_size_t="no" ]
2539 )
2540])
2541if test "x$ac_cv_have_size_t" = "xyes" ; then
3466e002 2542 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
58d100bf 2543fi
ea1970a3 2544
c04f75f1 2545AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2546 AC_TRY_COMPILE(
2547 [
2548#include <sys/types.h>
2549 ],
2550 [ ssize_t foo; foo = 1235; ],
2551 [ ac_cv_have_ssize_t="yes" ],
2552 [ ac_cv_have_ssize_t="no" ]
2553 )
2554])
2555if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3466e002 2556 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
c04f75f1 2557fi
2558
f1c4659d 2559AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2560 AC_TRY_COMPILE(
2561 [
2562#include <time.h>
2563 ],
2564 [ clock_t foo; foo = 1235; ],
2565 [ ac_cv_have_clock_t="yes" ],
2566 [ ac_cv_have_clock_t="no" ]
2567 )
2568])
2569if test "x$ac_cv_have_clock_t" = "xyes" ; then
3466e002 2570 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
f1c4659d 2571fi
2572
1c04b088 2573AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2574 AC_TRY_COMPILE(
2575 [
2576#include <sys/types.h>
2577#include <sys/socket.h>
2578 ],
2579 [ sa_family_t foo; foo = 1235; ],
2580 [ ac_cv_have_sa_family_t="yes" ],
77bb0bca 2581 [ AC_TRY_COMPILE(
2582 [
2583#include <sys/types.h>
2584#include <sys/socket.h>
2585#include <netinet/in.h>
2586 ],
2587 [ sa_family_t foo; foo = 1235; ],
2588 [ ac_cv_have_sa_family_t="yes" ],
2589
1c04b088 2590 [ ac_cv_have_sa_family_t="no" ]
77bb0bca 2591 )]
1c04b088 2592 )
2593])
2594if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3466e002 2595 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2596 [define if you have sa_family_t data type])
1c04b088 2597fi
2598
729bfe59 2599AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2600 AC_TRY_COMPILE(
2601 [
2602#include <sys/types.h>
2603 ],
2604 [ pid_t foo; foo = 1235; ],
2605 [ ac_cv_have_pid_t="yes" ],
2606 [ ac_cv_have_pid_t="no" ]
2607 )
2608])
2609if test "x$ac_cv_have_pid_t" = "xyes" ; then
3466e002 2610 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
729bfe59 2611fi
2612
2613AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2614 AC_TRY_COMPILE(
2615 [
2616#include <sys/types.h>
2617 ],
2618 [ mode_t foo; foo = 1235; ],
2619 [ ac_cv_have_mode_t="yes" ],
2620 [ ac_cv_have_mode_t="no" ]
2621 )
2622])
2623if test "x$ac_cv_have_mode_t" = "xyes" ; then
3466e002 2624 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
729bfe59 2625fi
2626
e3a93db0 2627
58d100bf 2628AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2629 AC_TRY_COMPILE(
2630 [
18ba2aab 2631#include <sys/types.h>
2632#include <sys/socket.h>
58d100bf 2633 ],
2634 [ struct sockaddr_storage s; ],
2635 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2636 [ ac_cv_have_struct_sockaddr_storage="no" ]
2637 )
2638])
2639if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3466e002 2640 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2641 [define if you have struct sockaddr_storage data type])
58d100bf 2642fi
48e671d5 2643
58d100bf 2644AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2645 AC_TRY_COMPILE(
2646 [
cbd7492e 2647#include <sys/types.h>
58d100bf 2648#include <netinet/in.h>
2649 ],
2650 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2651 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2652 [ ac_cv_have_struct_sockaddr_in6="no" ]
2653 )
2654])
2655if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3466e002 2656 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2657 [define if you have struct sockaddr_in6 data type])
58d100bf 2658fi
48e671d5 2659
58d100bf 2660AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2661 AC_TRY_COMPILE(
2662 [
cbd7492e 2663#include <sys/types.h>
58d100bf 2664#include <netinet/in.h>
2665 ],
2666 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2667 [ ac_cv_have_struct_in6_addr="yes" ],
2668 [ ac_cv_have_struct_in6_addr="no" ]
2669 )
2670])
2671if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3466e002 2672 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2673 [define if you have struct in6_addr data type])
58d100bf 2674fi
48e671d5 2675
58d100bf 2676AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2677 AC_TRY_COMPILE(
2678 [
18ba2aab 2679#include <sys/types.h>
2680#include <sys/socket.h>
2681#include <netdb.h>
58d100bf 2682 ],
2683 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2684 [ ac_cv_have_struct_addrinfo="yes" ],
2685 [ ac_cv_have_struct_addrinfo="no" ]
2686 )
2687])
2688if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3466e002 2689 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2690 [define if you have struct addrinfo data type])
58d100bf 2691fi
2692
89c7e31c 2693AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2694 AC_TRY_COMPILE(
aff51935 2695 [ #include <sys/time.h> ],
2696 [ struct timeval tv; tv.tv_sec = 1;],
89c7e31c 2697 [ ac_cv_have_struct_timeval="yes" ],
2698 [ ac_cv_have_struct_timeval="no" ]
2699 )
2700])
2701if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3466e002 2702 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
89c7e31c 2703 have_struct_timeval=1
2704fi
2705
5271b55c 2706AC_CHECK_TYPES(struct timespec)
2707
85abc74b 2708# We need int64_t or else certian parts of the compile will fail.
4b492aab 2709if test "x$ac_cv_have_int64_t" = "xno" && \
2710 test "x$ac_cv_sizeof_long_int" != "x8" && \
2711 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
85abc74b 2712 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2713 echo "an alternative compiler (I.E., GCC) before continuing."
2714 echo ""
2715 exit 1;
733cf7f4 2716else
2717dnl test snprintf (broken on SCO w/gcc)
1a01a50c 2718 AC_RUN_IFELSE(
479cece8 2719 [AC_LANG_SOURCE([[
733cf7f4 2720#include <stdio.h>
2721#include <string.h>
2722#ifdef HAVE_SNPRINTF
2723main()
2724{
2725 char buf[50];
2726 char expected_out[50];
2727 int mazsize = 50 ;
2728#if (SIZEOF_LONG_INT == 8)
2729 long int num = 0x7fffffffffffffff;
2730#else
763a1a18 2731 long long num = 0x7fffffffffffffffll;
733cf7f4 2732#endif
2733 strcpy(expected_out, "9223372036854775807");
2734 snprintf(buf, mazsize, "%lld", num);
2735 if(strcmp(buf, expected_out) != 0)
aff51935 2736 exit(1);
733cf7f4 2737 exit(0);
2738}
2739#else
2740main() { exit(0); }
2741#endif
479cece8 2742 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
1a01a50c 2743 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
733cf7f4 2744 )
2c523de9 2745fi
2746
77bb0bca 2747dnl Checks for structure members
58d100bf 2748OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2749OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2750OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2751OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2752OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
25422c70 2753OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
58d100bf 2754OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2755OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
daaff4d5 2756OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
58d100bf 2757OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2758OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2759OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2760OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1d7b9b20 2761OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2762OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2763OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2764OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
98a7c37b 2765
2766AC_CHECK_MEMBERS([struct stat.st_blksize])
ccc45ee0 2767AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2768 [Define if we don't have struct __res_state in resolv.h])],
2769[
2770#include <stdio.h>
2771#if HAVE_SYS_TYPES_H
2772# include <sys/types.h>
2773#endif
2774#include <netinet/in.h>
2775#include <arpa/nameser.h>
2776#include <resolv.h>
2777])
1d7b9b20 2778
58d100bf 2779AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2780 ac_cv_have_ss_family_in_struct_ss, [
2781 AC_TRY_COMPILE(
2782 [
18ba2aab 2783#include <sys/types.h>
2784#include <sys/socket.h>
58d100bf 2785 ],
2786 [ struct sockaddr_storage s; s.ss_family = 1; ],
2787 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2788 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2789 )
2790])
2791if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3466e002 2792 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
58d100bf 2793fi
2794
58d100bf 2795AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2796 ac_cv_have___ss_family_in_struct_ss, [
2797 AC_TRY_COMPILE(
2798 [
18ba2aab 2799#include <sys/types.h>
2800#include <sys/socket.h>
58d100bf 2801 ],
2802 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2803 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2804 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2805 )
2806])
2807if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3466e002 2808 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2809 [Fields in struct sockaddr_storage])
58d100bf 2810fi
2811
2e73a022 2812AC_CACHE_CHECK([for pw_class field in struct passwd],
2813 ac_cv_have_pw_class_in_struct_passwd, [
2814 AC_TRY_COMPILE(
2815 [
2e73a022 2816#include <pwd.h>
2817 ],
97994d32 2818 [ struct passwd p; p.pw_class = 0; ],
2e73a022 2819 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2820 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2821 )
2822])
2823if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3466e002 2824 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2825 [Define if your password has a pw_class field])
2e73a022 2826fi
2827
7751d4eb 2828AC_CACHE_CHECK([for pw_expire field in struct passwd],
2829 ac_cv_have_pw_expire_in_struct_passwd, [
2830 AC_TRY_COMPILE(
2831 [
2832#include <pwd.h>
2833 ],
2834 [ struct passwd p; p.pw_expire = 0; ],
2835 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2836 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2837 )
2838])
2839if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3466e002 2840 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2841 [Define if your password has a pw_expire field])
7751d4eb 2842fi
2843
2844AC_CACHE_CHECK([for pw_change field in struct passwd],
2845 ac_cv_have_pw_change_in_struct_passwd, [
2846 AC_TRY_COMPILE(
2847 [
2848#include <pwd.h>
2849 ],
2850 [ struct passwd p; p.pw_change = 0; ],
2851 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2852 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2853 )
2854])
2855if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3466e002 2856 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2857 [Define if your password has a pw_change field])
7751d4eb 2858fi
58d100bf 2859
637f9177 2860dnl make sure we're using the real structure members and not defines
6f34652e 2861AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2862 ac_cv_have_accrights_in_msghdr, [
1a01a50c 2863 AC_COMPILE_IFELSE(
6f34652e 2864 [
f95c8ce8 2865#include <sys/types.h>
6f34652e 2866#include <sys/socket.h>
2867#include <sys/uio.h>
637f9177 2868int main() {
2869#ifdef msg_accrights
1a01a50c 2870#error "msg_accrights is a macro"
637f9177 2871exit(1);
2872#endif
2873struct msghdr m;
2874m.msg_accrights = 0;
2875exit(0);
2876}
6f34652e 2877 ],
6f34652e 2878 [ ac_cv_have_accrights_in_msghdr="yes" ],
2879 [ ac_cv_have_accrights_in_msghdr="no" ]
2880 )
2881])
2882if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3466e002 2883 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2884 [Define if your system uses access rights style
2885 file descriptor passing])
6f34652e 2886fi
2887
7176df4f 2888AC_CACHE_CHECK([for msg_control field in struct msghdr],
2889 ac_cv_have_control_in_msghdr, [
1a01a50c 2890 AC_COMPILE_IFELSE(
7176df4f 2891 [
f95c8ce8 2892#include <sys/types.h>
7176df4f 2893#include <sys/socket.h>
2894#include <sys/uio.h>
637f9177 2895int main() {
2896#ifdef msg_control
1a01a50c 2897#error "msg_control is a macro"
637f9177 2898exit(1);
2899#endif
2900struct msghdr m;
2901m.msg_control = 0;
2902exit(0);
2903}
7176df4f 2904 ],
7176df4f 2905 [ ac_cv_have_control_in_msghdr="yes" ],
2906 [ ac_cv_have_control_in_msghdr="no" ]
2907 )
2908])
2909if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3466e002 2910 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2911 [Define if your system uses ancillary data style
2912 file descriptor passing])
7176df4f 2913fi
2914
58d100bf 2915AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
aff51935 2916 AC_TRY_LINK([],
2917 [ extern char *__progname; printf("%s", __progname); ],
58d100bf 2918 [ ac_cv_libc_defines___progname="yes" ],
2919 [ ac_cv_libc_defines___progname="no" ]
2920 )
2921])
2922if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3466e002 2923 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
58d100bf 2924fi
8946db53 2925
c921ee00 2926AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2927 AC_TRY_LINK([
2928#include <stdio.h>
aff51935 2929],
2930 [ printf("%s", __FUNCTION__); ],
c921ee00 2931 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2932 [ ac_cv_cc_implements___FUNCTION__="no" ]
2933 )
2934])
2935if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3466e002 2936 AC_DEFINE(HAVE___FUNCTION__, 1,
2937 [Define if compiler implements __FUNCTION__])
c921ee00 2938fi
2939
2940AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2941 AC_TRY_LINK([
2942#include <stdio.h>
aff51935 2943],
2944 [ printf("%s", __func__); ],
c921ee00 2945 [ ac_cv_cc_implements___func__="yes" ],
2946 [ ac_cv_cc_implements___func__="no" ]
2947 )
2948])
2949if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3466e002 2950 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
c921ee00 2951fi
2952
9a406e1e 2953AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2954 AC_TRY_LINK(
2955 [#include <stdarg.h>
2956 va_list x,y;],
2957 [va_copy(x,y);],
2958 [ ac_cv_have_va_copy="yes" ],
2959 [ ac_cv_have_va_copy="no" ]
2960 )
2961])
2962if test "x$ac_cv_have_va_copy" = "xyes" ; then
2963 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2964fi
2965
2966AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2967 AC_TRY_LINK(
2968 [#include <stdarg.h>
2969 va_list x,y;],
2970 [__va_copy(x,y);],
2971 [ ac_cv_have___va_copy="yes" ],
2972 [ ac_cv_have___va_copy="no" ]
2973 )
2974])
2975if test "x$ac_cv_have___va_copy" = "xyes" ; then
2976 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2977fi
2978
1812a662 2979AC_CACHE_CHECK([whether getopt has optreset support],
2980 ac_cv_have_getopt_optreset, [
2981 AC_TRY_LINK(
2982 [
2983#include <getopt.h>
2984 ],
2985 [ extern int optreset; optreset = 0; ],
2986 [ ac_cv_have_getopt_optreset="yes" ],
2987 [ ac_cv_have_getopt_optreset="no" ]
2988 )
2989])
2990if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3466e002 2991 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2992 [Define if your getopt(3) defines and uses optreset])
1812a662 2993fi
a0391976 2994
819b676f 2995AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
aff51935 2996 AC_TRY_LINK([],
2997 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
819b676f 2998 [ ac_cv_libc_defines_sys_errlist="yes" ],
2999 [ ac_cv_libc_defines_sys_errlist="no" ]
3000 )
3001])
3002if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3466e002 3003 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3004 [Define if your system defines sys_errlist[]])
819b676f 3005fi
3006
3007
416ed5a7 3008AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
aff51935 3009 AC_TRY_LINK([],
3010 [ extern int sys_nerr; printf("%i", sys_nerr);],
416ed5a7 3011 [ ac_cv_libc_defines_sys_nerr="yes" ],
3012 [ ac_cv_libc_defines_sys_nerr="no" ]
3013 )
3014])
3015if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3466e002 3016 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
416ed5a7 3017fi
3018
aff51935 3019SCARD_MSG="no"
295c8801 3020# Check whether user wants sectok support
3021AC_ARG_WITH(sectok,
3022 [ --with-sectok Enable smartcard support using libsectok],
d0b19c95 3023 [
3024 if test "x$withval" != "xno" ; then
3025 if test "x$withval" != "xyes" ; then
3026 CPPFLAGS="$CPPFLAGS -I${withval}"
3027 LDFLAGS="$LDFLAGS -L${withval}"
3028 if test ! -z "$need_dash_r" ; then
3029 LDFLAGS="$LDFLAGS -R${withval}"
3030 fi
3031 if test ! -z "$blibpath" ; then
3032 blibpath="$blibpath:${withval}"
3033 fi
3034 fi
3035 AC_CHECK_HEADERS(sectok.h)
3036 if test "$ac_cv_header_sectok_h" != yes; then
3037 AC_MSG_ERROR(Can't find sectok.h)
3038 fi
3039 AC_CHECK_LIB(sectok, sectok_open)
3040 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3041 AC_MSG_ERROR(Can't find libsectok)
3042 fi
3466e002 3043 AC_DEFINE(SMARTCARD, 1,
3044 [Define if you want smartcard support])
3045 AC_DEFINE(USE_SECTOK, 1,
3046 [Define if you want smartcard support
3047 using sectok])
aff51935 3048 SCARD_MSG="yes, using sectok"
295c8801 3049 fi
3050 ]
3051)
3052
3053# Check whether user wants OpenSC support
987b458f 3054OPENSC_CONFIG="no"
295c8801 3055AC_ARG_WITH(opensc,
e47fb473 3056 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
987b458f 3057 [
3058 if test "x$withval" != "xno" ; then
3059 if test "x$withval" != "xyes" ; then
3060 OPENSC_CONFIG=$withval/bin/opensc-config
3061 else
3062 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3063 fi
3064 if test "$OPENSC_CONFIG" != "no"; then
3065 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3066 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3067 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3068 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
3069 AC_DEFINE(SMARTCARD)
3466e002 3070 AC_DEFINE(USE_OPENSC, 1,
3071 [Define if you want smartcard support
3072 using OpenSC])
987b458f 3073 SCARD_MSG="yes, using OpenSC"
3074 fi
3075 fi
3076 ]
3077)
d0b19c95 3078
c31dc31c 3079# Check libraries needed by DNS fingerprint support
aff51935 3080AC_SEARCH_LIBS(getrrsetbyname, resolv,
3466e002 3081 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3082 [Define if getrrsetbyname() exists])],
3e05e934 3083 [
c31dc31c 3084 # Needed by our getrrsetbyname()
3085 AC_SEARCH_LIBS(res_query, resolv)
3086 AC_SEARCH_LIBS(dn_expand, resolv)
dabb524a 3087 AC_MSG_CHECKING(if res_query will link)
3088 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3089 [AC_MSG_RESULT(no)
3090 saved_LIBS="$LIBS"
3091 LIBS="$LIBS -lresolv"
3092 AC_MSG_CHECKING(for res_query in -lresolv)
3093 AC_LINK_IFELSE([
3094#include <resolv.h>
3095int main()
3096{
3097 res_query (0, 0, 0, 0, 0);
3098 return 0;
3099}
3100 ],
3101 [LIBS="$LIBS -lresolv"
3102 AC_MSG_RESULT(yes)],
3103 [LIBS="$saved_LIBS"
3104 AC_MSG_RESULT(no)])
3105 ])
c31dc31c 3106 AC_CHECK_FUNCS(_getshort _getlong)
1c829da5 3107 AC_CHECK_DECLS([_getshort, _getlong], , ,
b5765e1d 3108 [#include <sys/types.h>
3109 #include <arpa/nameser.h>])
c31dc31c 3110 AC_CHECK_MEMBER(HEADER.ad,
3466e002 3111 [AC_DEFINE(HAVE_HEADER_AD, 1,
3112 [Define if HEADER.ad exists in arpa/nameser.h])],,
c31dc31c 3113 [#include <arpa/nameser.h>])
3114 ])
3e05e934 3115
ef4d1846 3116# Check whether user wants SELinux support
3117SELINUX_MSG="no"
3118LIBSELINUX=""
3119AC_ARG_WITH(selinux,
3120 [ --with-selinux Enable SELinux support],
3121 [ if test "x$withval" != "xno" ; then
3122 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3123 SELINUX_MSG="yes"
3124 AC_CHECK_HEADER([selinux/selinux.h], ,
3125 AC_MSG_ERROR(SELinux support requires selinux.h header))
3126 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3127 AC_MSG_ERROR(SELinux support requires libselinux library))
3128 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3129 fi ]
3130)
3131AC_SUBST(LIBSELINUX)
3132
12928e80 3133# Check whether user wants Kerberos 5 support
aff51935 3134KRB5_MSG="no"
12928e80 3135AC_ARG_WITH(kerberos5,
aff51935 3136 [ --with-kerberos5=PATH Enable Kerberos 5 support],
5585c441 3137 [ if test "x$withval" != "xno" ; then
3138 if test "x$withval" = "xyes" ; then
3139 KRB5ROOT="/usr/local"
3140 else
3141 KRB5ROOT=${withval}
3142 fi
3143
3466e002 3144 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
5585c441 3145 KRB5_MSG="yes"
3146
3147 AC_MSG_CHECKING(for krb5-config)
3148 if test -x $KRB5ROOT/bin/krb5-config ; then
3149 KRB5CONF=$KRB5ROOT/bin/krb5-config
3150 AC_MSG_RESULT($KRB5CONF)
3151
3152 AC_MSG_CHECKING(for gssapi support)
3153 if $KRB5CONF | grep gssapi >/dev/null ; then
3154 AC_MSG_RESULT(yes)
3466e002 3155 AC_DEFINE(GSSAPI, 1,
3156 [Define this if you want GSSAPI
3157 support in the version 2 protocol])
071970fb 3158 k5confopts=gssapi
aff51935 3159 else
5585c441 3160 AC_MSG_RESULT(no)
071970fb 3161 k5confopts=""
aff51935 3162 fi
071970fb 3163 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3164 K5LIBS="`$KRB5CONF --libs $k5confopts`"
5585c441 3165 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
5585c441 3166 AC_MSG_CHECKING(whether we are using Heimdal)
3167 AC_TRY_COMPILE([ #include <krb5.h> ],
3168 [ char *tmp = heimdal_version; ],
3169 [ AC_MSG_RESULT(yes)
3466e002 3170 AC_DEFINE(HEIMDAL, 1,
3171 [Define this if you are using the
3172 Heimdal version of Kerberos V5]) ],
5585c441 3173 AC_MSG_RESULT(no)
3174 )
3175 else
3176 AC_MSG_RESULT(no)
12928e80 3177 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
aff51935 3178 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
aff51935 3179 AC_MSG_CHECKING(whether we are using Heimdal)
3180 AC_TRY_COMPILE([ #include <krb5.h> ],
3181 [ char *tmp = heimdal_version; ],
3182 [ AC_MSG_RESULT(yes)
3183 AC_DEFINE(HEIMDAL)
41707f74 3184 K5LIBS="-lkrb5 -ldes"
3185 K5LIBS="$K5LIBS -lcom_err -lasn1"
82f4e93d 3186 AC_CHECK_LIB(roken, net_write,
41707f74 3187 [K5LIBS="$K5LIBS -lroken"])
aff51935 3188 ],
3189 [ AC_MSG_RESULT(no)
3190 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3191 ]
3192 )
4e00038c 3193 AC_SEARCH_LIBS(dn_expand, resolv)
12928e80 3194
749560dd 3195 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3196 [ AC_DEFINE(GSSAPI)
3197 K5LIBS="-lgssapi $K5LIBS" ],
3198 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3199 [ AC_DEFINE(GSSAPI)
aff51935 3200 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
749560dd 3201 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3202 $K5LIBS)
3203 ],
3204 $K5LIBS)
82f4e93d 3205
749560dd 3206 AC_CHECK_HEADER(gssapi.h, ,
3207 [ unset ac_cv_header_gssapi_h
aff51935 3208 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
749560dd 3209 AC_CHECK_HEADERS(gssapi.h, ,
3210 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
aff51935 3211 )
749560dd 3212 ]
3213 )
3214
3215 oldCPP="$CPPFLAGS"
3216 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3217 AC_CHECK_HEADER(gssapi_krb5.h, ,
3218 [ CPPFLAGS="$oldCPP" ])
3219
aff51935 3220 fi
5585c441 3221 if test ! -z "$need_dash_r" ; then
3222 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3223 fi
3224 if test ! -z "$blibpath" ; then
3225 blibpath="$blibpath:${KRB5ROOT}/lib"
3226 fi
071970fb 3227
f5555364 3228 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3229 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3230 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
071970fb 3231
f5555364 3232 LIBS="$LIBS $K5LIBS"
3466e002 3233 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3234 [Define this if you want to use libkafs' AFS support]))
f5555364 3235 fi
071970fb 3236 ]
12928e80 3237)
b5b68128 3238
a0391976 3239# Looking for programs, paths and files
a0391976 3240
ecac8ee5 3241PRIVSEP_PATH=/var/empty
3242AC_ARG_WITH(privsep-path,
cda1ebcb 3243 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
ecac8ee5 3244 [
6cf0200f 3245 if test -n "$withval" && test "x$withval" != "xno" && \
3246 test "x${withval}" != "xyes"; then
ecac8ee5 3247 PRIVSEP_PATH=$withval
3248 fi
3249 ]
3250)
3251AC_SUBST(PRIVSEP_PATH)
3252
a0391976 3253AC_ARG_WITH(xauth,
3254 [ --with-xauth=PATH Specify path to xauth program ],
3255 [
6cf0200f 3256 if test -n "$withval" && test "x$withval" != "xno" && \
3257 test "x${withval}" != "xyes"; then
cbd7492e 3258 xauth_path=$withval
a0391976 3259 fi
3260 ],
3261 [
2bf42e4a 3262 TestPath="$PATH"
3263 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3264 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3265 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3266 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3267 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
e5fe9a1f 3268 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
a0391976 3269 xauth_path="/usr/openwin/bin/xauth"
3270 fi
3271 ]
3272)
3273
65a4b4af 3274STRIP_OPT=-s
3275AC_ARG_ENABLE(strip,
3276 [ --disable-strip Disable calling strip(1) on install],
3277 [
3278 if test "x$enableval" = "xno" ; then
3279 STRIP_OPT=
3280 fi
3281 ]
3282)
3283AC_SUBST(STRIP_OPT)
3284
b3ec54b4 3285if test -z "$xauth_path" ; then
3286 XAUTH_PATH="undefined"
3287 AC_SUBST(XAUTH_PATH)
3288else
3466e002 3289 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3290 [Define if xauth is found in your path])
b3ec54b4 3291 XAUTH_PATH=$xauth_path
3292 AC_SUBST(XAUTH_PATH)
a0391976 3293fi
a0391976 3294
3295# Check for mail directory (last resort if we cannot get it from headers)
3296if test ! -z "$MAIL" ; then
3297 maildir=`dirname $MAIL`
3466e002 3298 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3299 [Set this to your mail directory if you don't have maillock.h])
a0391976 3300fi
3301
479cece8 3302if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
1a01a50c 3303 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3304 disable_ptmx_check=yes
3305fi
a0391976 3306if test -z "$no_dev_ptmx" ; then
6e879cb4 3307 if test "x$disable_ptmx_check" != "xyes" ; then
aff51935 3308 AC_CHECK_FILE("/dev/ptmx",
6e879cb4 3309 [
3466e002 3310 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3311 [Define if you have /dev/ptmx])
6e879cb4 3312 have_dev_ptmx=1
3313 ]
3314 )
3315 fi
3276571c 3316fi
1a01a50c 3317
479cece8 3318if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
1a01a50c 3319 AC_CHECK_FILE("/dev/ptc",
3320 [
3466e002 3321 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3322 [Define if you have /dev/ptc])
1a01a50c 3323 have_dev_ptc=1
3324 ]
3325 )
3326else
3327 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3328fi
3276571c 3329
a0391976 3330# Options from here on. Some of these are preset by platform above
fdf6b7aa 3331AC_ARG_WITH(mantype,
5d97cfbf 3332 [ --with-mantype=man|cat|doc Set man page type],
c54a6257 3333 [
5d97cfbf 3334 case "$withval" in
3335 man|cat|doc)
3336 MANTYPE=$withval
3337 ;;
3338 *)
3339 AC_MSG_ERROR(invalid man type: $withval)
3340 ;;
3341 esac
c54a6257 3342 ]
3343)
e0c4d3ac 3344if test -z "$MANTYPE"; then
2bf42e4a 3345 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3346 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
e0c4d3ac 3347 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3348 MANTYPE=doc
3349 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3350 MANTYPE=man
3351 else
3352 MANTYPE=cat
3353 fi
3354fi
c54a6257 3355AC_SUBST(MANTYPE)
e0c4d3ac 3356if test "$MANTYPE" = "doc"; then
3357 mansubdir=man;
3358else
3359 mansubdir=$MANTYPE;
3360fi
3361AC_SUBST(mansubdir)
0bc5b6fb 3362
a0391976 3363# Check whether to enable MD5 passwords
aff51935 3364MD5_MSG="no"
2ddcfdf3 3365AC_ARG_WITH(md5-passwords,
caf3bc51 3366 [ --with-md5-passwords Enable use of MD5 passwords],
0bc5b6fb 3367 [
bcf36c78 3368 if test "x$withval" != "xno" ; then
3466e002 3369 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3370 [Define if you want to allow MD5 passwords])
aff51935 3371 MD5_MSG="yes"
0bc5b6fb 3372 fi
3373 ]
caf3bc51 3374)
3375
a0391976 3376# Whether to disable shadow password support
a7effaac 3377AC_ARG_WITH(shadow,
3378 [ --without-shadow Disable shadow password support],
3379 [
82f4e93d 3380 if test "x$withval" = "xno" ; then
a7effaac 3381 AC_DEFINE(DISABLE_SHADOW)
4cb5ffa0 3382 disable_shadow=yes
a7effaac 3383 fi
3384 ]
3385)
3386
4cb5ffa0 3387if test -z "$disable_shadow" ; then
3388 AC_MSG_CHECKING([if the systems has expire shadow information])
3389 AC_TRY_COMPILE(
3390 [
3391#include <sys/types.h>
3392#include <shadow.h>
3393 struct spwd sp;
3394 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3395 [ sp_expire_available=yes ], []
3396 )
3397
3398 if test "x$sp_expire_available" = "xyes" ; then
3399 AC_MSG_RESULT(yes)
3466e002 3400 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3401 [Define if you want to use shadow password expire field])
4cb5ffa0 3402 else
3403 AC_MSG_RESULT(no)
3404 fi
3405fi
3406
a0391976 3407# Use ip address instead of hostname in $DISPLAY
44839801 3408if test ! -z "$IPADDR_IN_DISPLAY" ; then
3409 DISPLAY_HACK_MSG="yes"
3466e002 3410 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3411 [Define if you need to use IP address
3412 instead of hostname in $DISPLAY])
44839801 3413else
aff51935 3414 DISPLAY_HACK_MSG="no"
44839801 3415 AC_ARG_WITH(ipaddr-display,
3416 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3417 [
82f4e93d 3418 if test "x$withval" != "xno" ; then
44839801 3419 AC_DEFINE(IPADDR_IN_DISPLAY)
aff51935 3420 DISPLAY_HACK_MSG="yes"
44839801 3421 fi
3422 ]
3423 )
3424fi
a7effaac 3425
95b99395 3426# check for /etc/default/login and use it if present.
daa41e62 3427AC_ARG_ENABLE(etc-default-login,
6ff3d0dc 3428 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
694d0cef 3429 [ if test "x$enableval" = "xno"; then
3430 AC_MSG_NOTICE([/etc/default/login handling disabled])
3431 etc_default_login=no
3432 else
3433 etc_default_login=yes
3434 fi ],
b0e7249f 3435 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3436 then
3437 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3438 etc_default_login=no
3439 else
3440 etc_default_login=yes
3441 fi ]
694d0cef 3442)
95b99395 3443
694d0cef 3444if test "x$etc_default_login" != "xno"; then
3445 AC_CHECK_FILE("/etc/default/login",
3446 [ external_path_file=/etc/default/login ])
b0e7249f 3447 if test "x$external_path_file" = "x/etc/default/login"; then
3466e002 3448 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3449 [Define if your system has /etc/default/login])
1a01a50c 3450 fi
694d0cef 3451fi
95b99395 3452
8d184c09 3453dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4b492aab 3454if test $ac_cv_func_login_getcapbool = "yes" && \
3455 test $ac_cv_header_login_cap_h = "yes" ; then
95b99395 3456 external_path_file=/etc/login.conf
8d184c09 3457fi
95b99395 3458
a0391976 3459# Whether to mess with the default path
aff51935 3460SERVER_PATH_MSG="(default)"
c43d69a9 3461AC_ARG_WITH(default-path,
75817f90 3462 [ --with-default-path= Specify default \$PATH environment for server],
cb807f40 3463 [
95b99395 3464 if test "x$external_path_file" = "x/etc/login.conf" ; then
8d184c09 3465 AC_MSG_WARN([
3466--with-default-path=PATH has no effect on this system.
3467Edit /etc/login.conf instead.])
82f4e93d 3468 elif test "x$withval" != "xno" ; then
89bbd457 3469 if test ! -z "$external_path_file" ; then
95b99395 3470 AC_MSG_WARN([
3471--with-default-path=PATH will only be used if PATH is not defined in
3472$external_path_file .])
3473 fi
b2d818e6 3474 user_path="$withval"
aff51935 3475 SERVER_PATH_MSG="$withval"
cb807f40 3476 fi
b2d818e6 3477 ],
95b99395 3478 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3479 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
8d184c09 3480 else
89bbd457 3481 if test ! -z "$external_path_file" ; then
95b99395 3482 AC_MSG_WARN([
3483If PATH is defined in $external_path_file, ensure the path to scp is included,
3484otherwise scp will not work.])
3485 fi
b0e7249f 3486 AC_RUN_IFELSE(
3487 [AC_LANG_SOURCE([[
b2d818e6 3488/* find out what STDPATH is */
3489#include <stdio.h>
b2d818e6 3490#ifdef HAVE_PATHS_H
3491# include <paths.h>
3492#endif
3493#ifndef _PATH_STDPATH
d9a4e55b 3494# ifdef _PATH_USERPATH /* Irix */
3495# define _PATH_STDPATH _PATH_USERPATH
3496# else
3497# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3498# endif
b2d818e6 3499#endif
3500#include <sys/types.h>
3501#include <sys/stat.h>
3502#include <fcntl.h>
3503#define DATA "conftest.stdpath"
3504
3505main()
3506{
3507 FILE *fd;
3508 int rc;
82f4e93d 3509
b2d818e6 3510 fd = fopen(DATA,"w");
3511 if(fd == NULL)
3512 exit(1);
82f4e93d 3513
b2d818e6 3514 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3515 exit(1);
3516
3517 exit(0);
3518}
b0e7249f 3519 ]])],
3520 [ user_path=`cat conftest.stdpath` ],
b2d818e6 3521 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3522 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3523 )
3524# make sure $bindir is in USER_PATH so scp will work
3525 t_bindir=`eval echo ${bindir}`
3526 case $t_bindir in
3527 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3528 esac
3529 case $t_bindir in
3530 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3531 esac
3532 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3533 if test $? -ne 0 ; then
3534 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3535 if test $? -ne 0 ; then
3536 user_path=$user_path:$t_bindir
3537 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3538 fi
3539 fi
8d184c09 3540 fi ]
cb807f40 3541)
95b99395 3542if test "x$external_path_file" != "x/etc/login.conf" ; then
3466e002 3543 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
8d184c09 3544 AC_SUBST(user_path)
3545fi
cb807f40 3546
06617857 3547# Set superuser path separately to user path
06617857 3548AC_ARG_WITH(superuser-path,
3549 [ --with-superuser-path= Specify different path for super-user],
3550 [
6cf0200f 3551 if test -n "$withval" && test "x$withval" != "xno" && \
3552 test "x${withval}" != "xyes"; then
3466e002 3553 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3554 [Define if you want a different $PATH
3555 for the superuser])
06617857 3556 superuser_path=$withval
3557 fi
3558 ]
3559)
3560
3561
58d100bf 3562AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
aff51935 3563IPV4_IN6_HACK_MSG="no"
80faa19f 3564AC_ARG_WITH(4in6,
3565 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3566 [
3567 if test "x$withval" != "xno" ; then
3568 AC_MSG_RESULT(yes)
3466e002 3569 AC_DEFINE(IPV4_IN_IPV6, 1,
3570 [Detect IPv4 in IPv6 mapped addresses
3571 and treat as IPv4])
aff51935 3572 IPV4_IN6_HACK_MSG="yes"
80faa19f 3573 else
3574 AC_MSG_RESULT(no)
3575 fi
3576 ],[
3577 if test "x$inet6_default_4in6" = "xyes"; then
3578 AC_MSG_RESULT([yes (default)])
3579 AC_DEFINE(IPV4_IN_IPV6)
aff51935 3580 IPV4_IN6_HACK_MSG="yes"
80faa19f 3581 else
3582 AC_MSG_RESULT([no (default)])
3583 fi
3584 ]
3585)
3586
af774732 3587# Whether to enable BSD auth support
f1b0ecc3 3588BSD_AUTH_MSG=no
af774732 3589AC_ARG_WITH(bsd-auth,
3590 [ --with-bsd-auth Enable BSD auth support],
3591 [
82f4e93d 3592 if test "x$withval" != "xno" ; then
3466e002 3593 AC_DEFINE(BSD_AUTH, 1,
3594 [Define if you have BSD auth support])
f1b0ecc3 3595 BSD_AUTH_MSG=yes
af774732 3596 fi
3597 ]
3598)
3599
a0391976 3600# Where to place sshd.pid
19d9ac2a 3601piddir=/var/run
81dadca3 3602# make sure the directory exists
82f4e93d 3603if test ! -d $piddir ; then
81dadca3 3604 piddir=`eval echo ${sysconfdir}`
3605 case $piddir in
aff51935 3606 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
81dadca3 3607 esac
3608fi
3609
47e45e44 3610AC_ARG_WITH(pid-dir,
3611 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3612 [
6cf0200f 3613 if test -n "$withval" && test "x$withval" != "xno" && \
3614 test "x${withval}" != "xyes"; then
19d9ac2a 3615 piddir=$withval
82f4e93d 3616 if test ! -d $piddir ; then
81dadca3 3617 AC_MSG_WARN([** no $piddir directory on this system **])
3618 fi
47e45e44 3619 fi
3620 ]
3621)
b7a87eea 3622
3466e002 3623AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
19d9ac2a 3624AC_SUBST(piddir)
47e45e44 3625
1d7b9b20 3626dnl allow user to disable some login recording features
3627AC_ARG_ENABLE(lastlog,
bfd550a2 3628 [ --disable-lastlog disable use of lastlog even if detected [no]],
ddb154b3 3629 [
3630 if test "x$enableval" = "xno" ; then
3631 AC_DEFINE(DISABLE_LASTLOG)
3632 fi
3633 ]
1d7b9b20 3634)
3635AC_ARG_ENABLE(utmp,
bfd550a2 3636 [ --disable-utmp disable use of utmp even if detected [no]],
ddb154b3 3637 [
3638 if test "x$enableval" = "xno" ; then
3639 AC_DEFINE(DISABLE_UTMP)
3640 fi
3641 ]
1d7b9b20 3642)
3643AC_ARG_ENABLE(utmpx,
bfd550a2 3644 [ --disable-utmpx disable use of utmpx even if detected [no]],
ddb154b3 3645 [
3646 if test "x$enableval" = "xno" ; then
3466e002 3647 AC_DEFINE(DISABLE_UTMPX, 1,
3648 [Define if you don't want to use utmpx])
ddb154b3 3649 fi
3650 ]
1d7b9b20 3651)
3652AC_ARG_ENABLE(wtmp,
bfd550a2 3653 [ --disable-wtmp disable use of wtmp even if detected [no]],
ddb154b3 3654 [
3655 if test "x$enableval" = "xno" ; then
3656 AC_DEFINE(DISABLE_WTMP)
3657 fi
3658 ]
1d7b9b20 3659)
3660AC_ARG_ENABLE(wtmpx,
bfd550a2 3661 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
ddb154b3 3662 [
3663 if test "x$enableval" = "xno" ; then
3466e002 3664 AC_DEFINE(DISABLE_WTMPX, 1,
3665 [Define if you don't want to use wtmpx])
ddb154b3 3666 fi
3667 ]
1d7b9b20 3668)
3669AC_ARG_ENABLE(libutil,
bfd550a2 3670 [ --disable-libutil disable use of libutil (login() etc.) [no]],
ddb154b3 3671 [
3672 if test "x$enableval" = "xno" ; then
3673 AC_DEFINE(DISABLE_LOGIN)
3674 fi
3675 ]
1d7b9b20 3676)
3677AC_ARG_ENABLE(pututline,
bfd550a2 3678 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
ddb154b3 3679 [
3680 if test "x$enableval" = "xno" ; then
3466e002 3681 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3682 [Define if you don't want to use pututline()
3683 etc. to write [uw]tmp])
ddb154b3 3684 fi
3685 ]
1d7b9b20 3686)
3687AC_ARG_ENABLE(pututxline,
bfd550a2 3688 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
ddb154b3 3689 [
3690 if test "x$enableval" = "xno" ; then
3466e002 3691 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3692 [Define if you don't want to use pututxline()
3693 etc. to write [uw]tmpx])
ddb154b3 3694 fi
3695 ]
1d7b9b20 3696)
3697AC_ARG_WITH(lastlog,
bfd550a2 3698 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
8c89dd2b 3699 [
82f4e93d 3700 if test "x$withval" = "xno" ; then
8c89dd2b 3701 AC_DEFINE(DISABLE_LASTLOG)
6cf0200f 3702 elif test -n "$withval" && test "x${withval}" != "xyes"; then
8c89dd2b 3703 conf_lastlog_location=$withval
3704 fi
3705 ]
3706)
1d7b9b20 3707
3708dnl lastlog, [uw]tmpx? detection
3709dnl NOTE: set the paths in the platform section to avoid the
3710dnl need for command-line parameters
3711dnl lastlog and [uw]tmp are subject to a file search if all else fails
3712
3713dnl lastlog detection
3714dnl NOTE: the code itself will detect if lastlog is a directory
3715AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3716AC_TRY_COMPILE([
3717#include <sys/types.h>
3718#include <utmp.h>
3719#ifdef HAVE_LASTLOG_H
3720# include <lastlog.h>
3721#endif
d7c0f3d5 3722#ifdef HAVE_PATHS_H
1d7b9b20 3723# include <paths.h>
41cb4569 3724#endif
3725#ifdef HAVE_LOGIN_H
3726# include <login.h>
1d7b9b20 3727#endif
3728 ],
3729 [ char *lastlog = LASTLOG_FILE; ],
3730 [ AC_MSG_RESULT(yes) ],
d7c0f3d5 3731 [
3732 AC_MSG_RESULT(no)
3733 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3734 AC_TRY_COMPILE([
3735#include <sys/types.h>
3736#include <utmp.h>
3737#ifdef HAVE_LASTLOG_H
3738# include <lastlog.h>
3739#endif
3740#ifdef HAVE_PATHS_H
3741# include <paths.h>
3742#endif
3743 ],
3744 [ char *lastlog = _PATH_LASTLOG; ],
3745 [ AC_MSG_RESULT(yes) ],
3746 [
f282b668 3747 AC_MSG_RESULT(no)
d7c0f3d5 3748 system_lastlog_path=no
3749 ])
3750 ]
1d7b9b20 3751)
d7c0f3d5 3752
1d7b9b20 3753if test -z "$conf_lastlog_location"; then
3754 if test x"$system_lastlog_path" = x"no" ; then
3755 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
e5fe9a1f 3756 if (test -d "$f" || test -f "$f") ; then
1d7b9b20 3757 conf_lastlog_location=$f
3758 fi
3759 done
3760 if test -z "$conf_lastlog_location"; then
f8119cef 3761 AC_MSG_WARN([** Cannot find lastlog **])
3762 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
1d7b9b20 3763 fi
3764 fi
3765fi
3766
3767if test -n "$conf_lastlog_location"; then
3466e002 3768 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3769 [Define if you want to specify the path to your lastlog file])
82f4e93d 3770fi
1d7b9b20 3771
3772dnl utmp detection
3773AC_MSG_CHECKING([if your system defines UTMP_FILE])
3774AC_TRY_COMPILE([
3775#include <sys/types.h>
3776#include <utmp.h>
d7c0f3d5 3777#ifdef HAVE_PATHS_H
1d7b9b20 3778# include <paths.h>
3779#endif
3780 ],
3781 [ char *utmp = UTMP_FILE; ],
3782 [ AC_MSG_RESULT(yes) ],
3783 [ AC_MSG_RESULT(no)
3784 system_utmp_path=no ]
3785)
3786if test -z "$conf_utmp_location"; then
3787 if test x"$system_utmp_path" = x"no" ; then
3788 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3789 if test -f $f ; then
3790 conf_utmp_location=$f
3791 fi
3792 done
3793 if test -z "$conf_utmp_location"; then
3794 AC_DEFINE(DISABLE_UTMP)
3795 fi
3796 fi
3797fi
3798if test -n "$conf_utmp_location"; then
3466e002 3799 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3800 [Define if you want to specify the path to your utmp file])
82f4e93d 3801fi
1d7b9b20 3802
3803dnl wtmp detection
3804AC_MSG_CHECKING([if your system defines WTMP_FILE])
3805AC_TRY_COMPILE([
3806#include <sys/types.h>
3807#include <utmp.h>
d7c0f3d5 3808#ifdef HAVE_PATHS_H
1d7b9b20 3809# include <paths.h>
3810#endif
3811 ],
3812 [ char *wtmp = WTMP_FILE; ],
3813 [ AC_MSG_RESULT(yes) ],
3814 [ AC_MSG_RESULT(no)
3815 system_wtmp_path=no ]
3816)
3817if test -z "$conf_wtmp_location"; then
3818 if test x"$system_wtmp_path" = x"no" ; then
3819 for f in /usr/adm/wtmp /var/log/wtmp; do
3820 if test -f $f ; then
3821 conf_wtmp_location=$f
3822 fi
3823 done
3824 if test -z "$conf_wtmp_location"; then
3825 AC_DEFINE(DISABLE_WTMP)
3826 fi
3827 fi
3828fi
3829if test -n "$conf_wtmp_location"; then
3466e002 3830 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3831 [Define if you want to specify the path to your wtmp file])
82f4e93d 3832fi
1d7b9b20 3833
3834
3835dnl utmpx detection - I don't know any system so perverse as to require
3836dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3837dnl there, though.
3838AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3839AC_TRY_COMPILE([
3840#include <sys/types.h>
3841#include <utmp.h>
3842#ifdef HAVE_UTMPX_H
3843#include <utmpx.h>
3844#endif
d7c0f3d5 3845#ifdef HAVE_PATHS_H
1d7b9b20 3846# include <paths.h>
3847#endif
3848 ],
3849 [ char *utmpx = UTMPX_FILE; ],
3850 [ AC_MSG_RESULT(yes) ],
3851 [ AC_MSG_RESULT(no)
3852 system_utmpx_path=no ]
3853)
3854if test -z "$conf_utmpx_location"; then
3855 if test x"$system_utmpx_path" = x"no" ; then
3856 AC_DEFINE(DISABLE_UTMPX)
3857 fi
3858else
3466e002 3859 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3860 [Define if you want to specify the path to your utmpx file])
82f4e93d 3861fi
1d7b9b20 3862
3863dnl wtmpx detection
3864AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3865AC_TRY_COMPILE([
3866#include <sys/types.h>
3867#include <utmp.h>
3868#ifdef HAVE_UTMPX_H
3869#include <utmpx.h>
3870#endif
d7c0f3d5 3871#ifdef HAVE_PATHS_H
1d7b9b20 3872# include <paths.h>
3873#endif
3874 ],
3875 [ char *wtmpx = WTMPX_FILE; ],
3876 [ AC_MSG_RESULT(yes) ],
3877 [ AC_MSG_RESULT(no)
3878 system_wtmpx_path=no ]
3879)
3880if test -z "$conf_wtmpx_location"; then
3881 if test x"$system_wtmpx_path" = x"no" ; then
3882 AC_DEFINE(DISABLE_WTMPX)
3883 fi
3884else
3466e002 3885 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3886 [Define if you want to specify the path to your wtmpx file])
82f4e93d 3887fi
1d7b9b20 3888
b7a87eea 3889
bd499f9e 3890if test ! -z "$blibpath" ; then
68ece370 3891 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3892 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
bd499f9e 3893fi
3894
ed89c848 3895dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3896dnl Add now.
3897CFLAGS="$CFLAGS $werror_flags"
3898
3c62e7eb 3899AC_EXEEXT
29eadd7c 3900AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3901 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3902 scard/Makefile ssh_prng_cmds survey.sh])
98a7c37b 3903AC_OUTPUT
d3083fbd 3904
cbd7492e 3905# Print summary of options
3906
cbd7492e 3907# Someone please show me a better way :)
3908A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3909B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3910C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3911D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
f5665f6f 3912E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
e0c4d3ac 3913F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
cbd7492e 3914G=`eval echo ${piddir}` ; G=`eval echo ${G}`
ecac8ee5 3915H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3916I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3917J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
cbd7492e 3918
3919echo ""
26de7942 3920echo "OpenSSH has been configured with the following options:"
ecac8ee5 3921echo " User binaries: $B"
3922echo " System binaries: $C"
3923echo " Configuration files: $D"
3924echo " Askpass program: $E"
3925echo " Manual pages: $F"
3926echo " PID file: $G"
3927echo " Privilege separation chroot path: $H"
95b99395 3928if test "x$external_path_file" = "x/etc/login.conf" ; then
3929echo " At runtime, sshd will use the path defined in $external_path_file"
3930echo " Make sure the path to scp is present, otherwise scp will not work"
8d184c09 3931else
ecac8ee5 3932echo " sshd default user PATH: $I"
89bbd457 3933 if test ! -z "$external_path_file"; then
95b99395 3934echo " (If PATH is set in $external_path_file it will be used instead. If"
3935echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3936 fi
8d184c09 3937fi
06617857 3938if test ! -z "$superuser_path" ; then
ecac8ee5 3939echo " sshd superuser user PATH: $J"
3940fi
3941echo " Manpage format: $MANTYPE"
3e05e934 3942echo " PAM support: $PAM_MSG"
5b84789f 3943echo " OSF SIA support: $SIA_MSG"
ecac8ee5 3944echo " KerberosV support: $KRB5_MSG"
ef4d1846 3945echo " SELinux support: $SELINUX_MSG"
ecac8ee5 3946echo " Smartcard support: $SCARD_MSG"
ecac8ee5 3947echo " S/KEY support: $SKEY_MSG"
3948echo " TCP Wrappers support: $TCPW_MSG"
3949echo " MD5 password support: $MD5_MSG"
59031773 3950echo " libedit support: $LIBEDIT_MSG"
5b84789f 3951echo " Solaris process contract support: $SPC_MSG"
3deb1408 3952echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
ecac8ee5 3953echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3954echo " BSD Auth support: $BSD_AUTH_MSG"
3955echo " Random number source: $RAND_MSG"
f1b0ecc3 3956if test ! -z "$USE_RAND_HELPER" ; then
ecac8ee5 3957echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
af774732 3958fi
3959
cbd7492e 3960echo ""
3961
0c2fb82f 3962echo " Host: ${host}"
3963echo " Compiler: ${CC}"
3964echo " Compiler flags: ${CFLAGS}"
3965echo "Preprocessor flags: ${CPPFLAGS}"
3966echo " Linker flags: ${LDFLAGS}"
ddceb1c8 3967echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
cbd7492e 3968
3969echo ""
3970
9cefe228 3971if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
b3146b5f 3972 echo "SVR4 style packages are supported with \"make package\""
3973 echo ""
9cefe228 3974fi
3975
adeebd37 3976if test "x$PAM_MSG" = "xyes" ; then
f1b0ecc3 3977 echo "PAM is enabled. You may need to install a PAM control file "
3978 echo "for sshd, otherwise password authentication may fail. "
aff51935 3979 echo "Example PAM control files can be found in the contrib/ "
f1b0ecc3 3980 echo "subdirectory"
adeebd37 3981 echo ""
3982fi
3983
f1b0ecc3 3984if test ! -z "$RAND_HELPER_CMDHASH" ; then
3985 echo "WARNING: you are using the builtin random number collection "
3986 echo "service. Please read WARNING.RNG and request that your OS "
3987 echo "vendor includes kernel-based random number collection in "
3988 echo "future versions of your OS."
2c523de9 3989 echo ""
3990fi
af774732 3991
2f6f9cff 3992if test ! -z "$NO_PEERCHECK" ; then
3993 echo "WARNING: the operating system that you are using does not "
3994 echo "appear to support either the getpeereid() API nor the "
3995 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3996 echo "enforce security checks to prevent unauthorised connections to "
3997 echo "ssh-agent. Their absence increases the risk that a malicious "
3998 echo "user can connect to your agent. "
3999 echo ""
4000fi
4001
7b578f7d 4002if test "$AUDIT_MODULE" = "bsm" ; then
4003 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4004 echo "See the Solaris section in README.platform for details."
4005fi
git-cvsimport mirror of OpenSSH
This page took 4.242426 seconds and 5 git commands to generate.