]> andersk Git - openssh.git/blame - configure.ac
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
[openssh.git] / configure.ac
CommitLineData
eb5d7ff6 1# $Id$
2b983b95 2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
0b202697 16
76e6410a 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
823221b2 18AC_REVISION($Revision$)
98a7c37b 19AC_CONFIG_SRCDIR([ssh.c])
5881cd60 20
21AC_CONFIG_HEADER(config.h)
b14b2ae7 22AC_PROG_CC
a7effaac 23AC_CANONICAL_HOST
cf0c5df5 24AC_C_BIGENDIAN
5881cd60 25
a0391976 26# Checks for programs.
4bbf95fa 27AC_PROG_AWK
4cca272e 28AC_PROG_CPP
5881cd60 29AC_PROG_RANLIB
cf8dd513 30AC_PROG_INSTALL
c9ecc3c7 31AC_PROG_EGREP
bee0a37e 32AC_PATH_PROG(AR, ar)
ddd8c95b 33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
13dd877b 35AC_PATH_PROGS(PERL, perl5 perl)
c3690df3 36AC_PATH_PROG(SED, sed)
a0f84251 37AC_SUBST(PERL)
ad85db64 38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
6958bd37 40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
6193497b 43AC_PATH_PROG(SH, sh)
a3245b92 44AC_SUBST(TEST_SHELL,sh)
f498ed15 45
9cefe228 46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
eeb27c78 52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
9cefe228 57
948fd8b9 58# System features
59AC_SYS_LARGEFILE
60
c193d002 61if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
2e73a022 65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
3466e002 67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
2e73a022 70else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76fi
77
37656beb 78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
3466e002 80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
37656beb 82fi
83
d423d822 84if test -z "$LD" ; then
85 LD=$CC
86fi
87AC_SUBST(LD)
82f4e93d 88
d423d822 89AC_C_INLINE
dfafb2e1 90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
aff51935 93if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
af40ca44 94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
eeee8237 95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
5fdabf45 96 case $GCC_VER in
97 1.*) ;;
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99 2.*) ;;
dbf07ba2 100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
cd595991 101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
102 *) ;;
5fdabf45 103 esac
8a3ff1aa 104
dfafb2e1 105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
111 [have_llong_max=1],
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
114 )
115 fi
d423d822 116fi
117
e6354014 118AC_ARG_WITH(rpath,
119 [ --without-rpath Disable auto-added -R linker paths],
120 [
82f4e93d 121 if test "x$withval" = "xno" ; then
e6354014 122 need_dash_r=""
123 fi
124 if test "x$withval" = "xyes" ; then
125 need_dash_r=1
126 fi
127 ]
128)
129
5b84789f 130# Messages for features tested for in target-specific section
131SIA_MSG="no"
132SPC_MSG="no"
133
a0391976 134# Check for some target-specific stuff
a7effaac 135case "$host" in
9d6b1b96 136*-*-aix*)
aff51935 137 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
68ece370 138 if (test -z "$blibpath"); then
0a15d73b 139 blibpath="/usr/lib:/lib"
68ece370 140 fi
141 saved_LDFLAGS="$LDFLAGS"
e7479666 142 if test "$GCC" = "yes"; then
143 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
144 else
145 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
146 fi
147 for tryflags in $flags ;do
68ece370 148 if (test -z "$blibflags"); then
149 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
150 AC_TRY_LINK([], [], [blibflags=$tryflags])
151 fi
152 done
153 if (test -z "$blibflags"); then
154 AC_MSG_RESULT(not found)
155 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
156 else
157 AC_MSG_RESULT($blibflags)
bd499f9e 158 fi
68ece370 159 LDFLAGS="$saved_LDFLAGS"
e351e493 160 dnl Check for authenticate. Might be in libs.a on older AIXes
3466e002 161 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
162 [Define if you want to enable AIX4's authenticate function])],
0764e748 163 [AC_CHECK_LIB(s,authenticate,
e351e493 164 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
0764e748 165 LIBS="$LIBS -ls"
166 ])
167 ])
ba603e06 168 dnl Check for various auth function declarations in headers.
c85ed8e2 169 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
72ad335d 170 passwdexpired, setauthdb], , , [#include <usersec.h>])
e351e493 171 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
ba603e06 172 AC_CHECK_DECLS(loginfailed,
e351e493 173 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
174 AC_TRY_COMPILE(
f58c0e01 175 [#include <usersec.h>],
e351e493 176 [(void)loginfailed("user","host","tty",0);],
177 [AC_MSG_RESULT(yes)
3466e002 178 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
179 [Define if your AIX loginfailed() function
180 takes 4 arguments (AIX >= 5.2)])],
f58c0e01 181 [AC_MSG_RESULT(no)]
e351e493 182 )],
183 [],
184 [#include <usersec.h>]
185 )
2aa3a16c 186 AC_CHECK_FUNCS(setauthdb)
53c337ed 187 AC_CHECK_DECL(F_CLOSEM,
795e7517 188 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
53c337ed 189 [],
190 [ #include <limits.h>
191 #include <fcntl.h> ]
192 )
5ccf88cb 193 check_for_aix_broken_getaddrinfo=1
3466e002 194 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
195 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
196 [Define if your platform breaks doing a seteuid before a setuid])
197 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
198 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
a3cef3ca 199 dnl AIX handles lastlog as part of its login message
3466e002 200 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
201 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
202 [Some systems need a utmpx entry for /bin/login to work])
203 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
204 [Define to a Set Process Title type if your system is
205 supported by bsd-setproctitle.c])
961c2997 206 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
207 [AIX 5.2 and 5.3 (and presumably newer) require this])
ea8c44d9 208 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
9d6b1b96 209 ;;
3c62e7eb 210*-*-cygwin*)
a52997bd 211 check_for_libcrypt_later=1
ffb8d130 212 LIBS="$LIBS /usr/lib/textmode.o"
3466e002 213 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
214 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
215 AC_DEFINE(DISABLE_SHADOW, 1,
216 [Define if you want to disable shadow passwords])
217 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
218 [Define if your system choked on IP TOS setting])
219 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
220 [Define if X11 doesn't support AF_UNIX sockets on that system])
221 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
222 [Define if the concept of ports only accessible to
223 superusers isn't known])
224 AC_DEFINE(DISABLE_FD_PASSING, 1,
225 [Define if your platform needs to skip post auth
226 file descriptor passing])
3c62e7eb 227 ;;
d6fdb079 228*-*-dgux*)
229 AC_DEFINE(IP_TOS_IS_BROKEN)
0c6a72a5 230 AC_DEFINE(SETEUID_BREAKS_SETUID)
231 AC_DEFINE(BROKEN_SETREUID)
232 AC_DEFINE(BROKEN_SETREGID)
d6fdb079 233 ;;
39c98ef7 234*-*-darwin*)
33e2e066 235 AC_MSG_CHECKING(if we have working getaddrinfo)
236 AC_TRY_RUN([#include <mach-o/dyld.h>
237main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
238 exit(0);
239 else
240 exit(1);
241}], [AC_MSG_RESULT(working)],
242 [AC_MSG_RESULT(buggy)
3466e002 243 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
b27e573d 244 [AC_MSG_RESULT(assume it is working)])
635e0c42 245 AC_DEFINE(SETEUID_BREAKS_SETUID)
246 AC_DEFINE(BROKEN_SETREUID)
247 AC_DEFINE(BROKEN_SETREGID)
3466e002 248 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
249 [Define if your resolver libs need this for getrrsetbyname])
e02505e2 250 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
251 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
252 [Use tunnel device compatibility to OpenBSD])
253 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
254 [Prepend the address family to IP tunnel traffic])
39c98ef7 255 ;;
7d458c86 256*-*-hpux*)
257 # first we define all of the options common to all HP-UX releases
b8fea62d 258 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
44839801 259 IPADDR_IN_DISPLAY=yes
2b10f47a 260 AC_DEFINE(USE_PIPES)
3466e002 261 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
262 [Define if your login program cannot handle end of options ("--")])
a2572aa7 263 AC_DEFINE(LOGIN_NEEDS_UTMPX)
3466e002 264 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
265 [String used in /etc/passwd to denote locked account])
3a2b2b44 266 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
83f987c3 267 MAIL="/var/mail/username"
f75ca46d 268 LIBS="$LIBS -lsec"
7d458c86 269 AC_CHECK_LIB(xnet, t_error, ,
270 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
271
272 # next, we define all of the options specific to major releases
273 case "$host" in
274 *-*-hpux10*)
275 if test -z "$GCC"; then
276 CFLAGS="$CFLAGS -Ae"
277 fi
278 ;;
279 *-*-hpux11*)
3466e002 280 AC_DEFINE(PAM_SUN_CODEBASE, 1,
281 [Define if you are using Solaris-derived PAM which
282 passes pam_messages to the conversation function
283 with an extra level of indirection])
284 AC_DEFINE(DISABLE_UTMP, 1,
285 [Define if you don't want to use utmp])
7d458c86 286 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
287 check_for_hpux_broken_getaddrinfo=1
288 check_for_conflicting_getspnam=1
289 ;;
290 esac
291
292 # lastly, we define options specific to minor releases
293 case "$host" in
294 *-*-hpux10.26)
3466e002 295 AC_DEFINE(HAVE_SECUREWARE, 1,
296 [Define if you have SecureWare-based
297 protected password database])
7d458c86 298 disable_ptmx_check=yes
299 LIBS="$LIBS -lsecpw"
300 ;;
301 esac
2b763e31 302 ;;
d94aa2ae 303*-*-irix5*)
6ac7829a 304 PATH="$PATH:/usr/etc"
3466e002 305 AC_DEFINE(BROKEN_INET_NTOA, 1,
306 [Define if you system's inet_ntoa is busted
307 (e.g. Irix gcc issue)])
cb433561 308 AC_DEFINE(SETEUID_BREAKS_SETUID)
309 AC_DEFINE(BROKEN_SETREUID)
310 AC_DEFINE(BROKEN_SETREGID)
3466e002 311 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
312 [Define if you shouldn't strip 'tty' from your
313 ttyname in [uw]tmp])
3e6e3da0 314 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
b9795b89 315 ;;
316*-*-irix6*)
6ac7829a 317 PATH="$PATH:/usr/etc"
3466e002 318 AC_DEFINE(WITH_IRIX_ARRAY, 1,
319 [Define if you have/want arrays
320 (cluster-wide session managment, not C arrays)])
321 AC_DEFINE(WITH_IRIX_PROJECT, 1,
322 [Define if you want IRIX project management])
323 AC_DEFINE(WITH_IRIX_AUDIT, 1,
324 [Define if you want IRIX audit trails])
325 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
326 [Define if you want IRIX kernel jobs])])
416ed5a7 327 AC_DEFINE(BROKEN_INET_NTOA)
412c0eaa 328 AC_DEFINE(SETEUID_BREAKS_SETUID)
329 AC_DEFINE(BROKEN_SETREUID)
330 AC_DEFINE(BROKEN_SETREGID)
3466e002 331 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
0e8f4eba 332 AC_DEFINE(WITH_ABBREV_NO_TTY)
3e6e3da0 333 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
d94aa2ae 334 ;;
5cdfe03f 335*-*-linux*)
336 no_dev_ptmx=1
717057b6 337 check_for_libcrypt_later=1
eacb954e 338 check_for_openpty_ctty_bug=1
3466e002 339 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
340 AC_DEFINE(PAM_TTY_KLUDGE, 1,
341 [Work around problematic Linux PAM modules handling of PAM_TTY])
342 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
343 [String used in /etc/passwd to denote locked account])
3a2b2b44 344 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
3466e002 345 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
346 [Define to whatever link() returns for "not supported"
347 if it doesn't return EOPNOTSUPP.])
b6610e8f 348 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
3466e002 349 AC_DEFINE(USE_BTMP)
80faa19f 350 inet6_default_4in6=yes
bf7c1e6c 351 case `uname -r` in
ad84c479 352 1.*|2.0.*)
3466e002 353 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
354 [Define if cmsg_type is not passed correctly])
bf7c1e6c 355 ;;
bf7c1e6c 356 esac
c40f09ca 357 # tun(4) forwarding compat code
d91775e1 358 AC_CHECK_HEADERS(linux/if_tun.h)
b5081213 359 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
c40f09ca 360 AC_DEFINE(SSH_TUN_LINUX, 1,
361 [Open tunnel devices the Linux tun/tap way])
362 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
363 [Use tunnel device compatibility to OpenBSD])
364 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
365 [Prepend the address family to IP tunnel traffic])
366 fi
5cdfe03f 367 ;;
66d6c27e 368mips-sony-bsd|mips-sony-newsos4)
4b2cf3f1 369 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
66d6c27e 370 SONY=1
66d6c27e 371 ;;
d468fc76 372*-*-netbsd*)
33e2e066 373 check_for_libcrypt_before=1
82f4e93d 374 if test "x$withval" != "xno" ; then
e6354014 375 need_dash_r=1
376 fi
0f6cb079 377 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
378 AC_CHECK_HEADER([net/if_tap.h], ,
379 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
380 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
381 [Prepend the address family to IP tunnel traffic])
d468fc76 382 ;;
86b416a7 383*-*-freebsd*)
384 check_for_libcrypt_later=1
988c5031 385 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
0f6cb079 386 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
387 AC_CHECK_HEADER([net/if_tap.h], ,
388 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
86b416a7 389 ;;
8707b7eb 390*-*-bsdi*)
391 AC_DEFINE(SETEUID_BREAKS_SETUID)
392 AC_DEFINE(BROKEN_SETREUID)
393 AC_DEFINE(BROKEN_SETREGID)
394 ;;
729bfe59 395*-next-*)
729bfe59 396 conf_lastlog_location="/usr/adm/lastlog"
698d107e 397 conf_utmp_location=/etc/utmp
398 conf_wtmp_location=/usr/adm/wtmp
399 MAIL=/usr/spool/mail
3466e002 400 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
443172c4 401 AC_DEFINE(BROKEN_REALPATH)
00937921 402 AC_DEFINE(USE_PIPES)
3466e002 403 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
729bfe59 404 ;;
5b7b5e23 405*-*-openbsd*)
406 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
8034a348 407 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
0f6cb079 408 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
c79c4814 409 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
410 [syslog_r function is safe to use in in a signal handler])
5b7b5e23 411 ;;
9d6b1b96 412*-*-solaris*)
82f4e93d 413 if test "x$withval" != "xno" ; then
010e9d5b 414 need_dash_r=1
415 fi
adeebd37 416 AC_DEFINE(PAM_SUN_CODEBASE)
7e2d5fa4 417 AC_DEFINE(LOGIN_NEEDS_UTMPX)
3466e002 418 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
419 [Some versions of /bin/login need the TERM supplied
420 on the commandline])
7f0a4ff1 421 AC_DEFINE(PAM_TTY_KLUDGE)
3466e002 422 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
423 [Define if pam_chauthtok wants real uid set
424 to the unpriv'ed user])
3e6e3da0 425 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
ad84c479 426 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
3466e002 427 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
428 [Define if sshd somehow reacquires a controlling TTY
429 after setsid()])
795aa5f5 430 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
431 in case the name is longer than 8 chars])
95b99395 432 external_path_file=/etc/default/login
1d7b9b20 433 # hardwire lastlog location (can't detect it on some versions)
434 conf_lastlog_location="/var/adm/lastlog"
32c80420 435 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
436 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
437 if test "$sol2ver" -ge 8; then
438 AC_MSG_RESULT(yes)
439 AC_DEFINE(DISABLE_UTMP)
3466e002 440 AC_DEFINE(DISABLE_WTMP, 1,
441 [Define if you don't want to use wtmp])
32c80420 442 else
443 AC_MSG_RESULT(no)
444 fi
5b84789f 445 AC_ARG_WITH(solaris-contracts,
446 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
447 [
448 AC_CHECK_LIB(contract, ct_tmpl_activate,
449 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
450 [Define if you have Solaris process contracts])
451 SSHDLIBS="$SSHDLIBS -lcontract"
452 AC_SUBST(SSHDLIBS)
453 SPC_MSG="yes" ], )
454 ],
455 )
9d6b1b96 456 ;;
a423beaf 457*-*-sunos4*)
0c2fb82f 458 CPPFLAGS="$CPPFLAGS -DSUNOS4"
a423beaf 459 AC_CHECK_FUNCS(getpwanam)
adeebd37 460 AC_DEFINE(PAM_SUN_CODEBASE)
32eec038 461 conf_utmp_location=/etc/utmp
462 conf_wtmp_location=/var/adm/wtmp
463 conf_lastlog_location=/var/adm/lastlog
137d7b6c 464 AC_DEFINE(USE_PIPES)
a423beaf 465 ;;
6f68f28a 466*-ncr-sysv*)
98a7c37b 467 LIBS="$LIBS -lc89"
29525240 468 AC_DEFINE(USE_PIPES)
eabb99c6 469 AC_DEFINE(SSHD_ACQUIRES_CTTY)
6fb3618d 470 AC_DEFINE(SETEUID_BREAKS_SETUID)
471 AC_DEFINE(BROKEN_SETREUID)
472 AC_DEFINE(BROKEN_SETREGID)
6f68f28a 473 ;;
132dd316 474*-sni-sysv*)
c8c15bcb 475 # /usr/ucblib MUST NOT be searched on ReliantUNIX
e2798e96 476 AC_CHECK_LIB(dl, dlsym, ,)
d08db6d1 477 # -lresolv needs to be at the end of LIBS or DNS lookups break
478 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
9548d6c8 479 IPADDR_IN_DISPLAY=yes
480 AC_DEFINE(USE_PIPES)
132dd316 481 AC_DEFINE(IP_TOS_IS_BROKEN)
605369bb 482 AC_DEFINE(SETEUID_BREAKS_SETUID)
483 AC_DEFINE(BROKEN_SETREUID)
484 AC_DEFINE(BROKEN_SETREGID)
eabb99c6 485 AC_DEFINE(SSHD_ACQUIRES_CTTY)
95b99395 486 external_path_file=/etc/default/login
c8c15bcb 487 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
488 # Attention: always take care to bind libsocket and libnsl before libc,
489 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
132dd316 490 ;;
79a7ba96 491# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
77bb0bca 492*-*-sysv4.2*)
9a406e1e 493 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
ed6553e2 494 AC_DEFINE(USE_PIPES)
7ed101c0 495 AC_DEFINE(SETEUID_BREAKS_SETUID)
496 AC_DEFINE(BROKEN_SETREUID)
497 AC_DEFINE(BROKEN_SETREGID)
46f853b9 498 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
e45da4d6 499 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
77bb0bca 500 ;;
79a7ba96 501# UnixWare 7.x, OpenUNIX 8
77bb0bca 502*-*-sysv5*)
d7d2cc6e 503 check_for_libcrypt_later=1
504 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
ed6553e2 505 AC_DEFINE(USE_PIPES)
7ed101c0 506 AC_DEFINE(SETEUID_BREAKS_SETUID)
507 AC_DEFINE(BROKEN_SETREUID)
508 AC_DEFINE(BROKEN_SETREGID)
3466e002 509 AC_DEFINE(PASSWD_NEEDS_USERNAME)
822015dd 510 case "$host" in
511 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
512 TEST_SHELL=/u95/bin/sh
3466e002 513 AC_DEFINE(BROKEN_LIBIAF, 1,
514 [ia_uinfo routines not supported by OS yet])
9286ecf2 515 AC_DEFINE(BROKEN_UPDWTMP, 1,
62143a41 516 [using updwtmp will corrupt wtmp entries])
822015dd 517 ;;
e45da4d6 518 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
519 ;;
822015dd 520 esac
77bb0bca 521 ;;
9d6b1b96 522*-*-sysv*)
9d6b1b96 523 ;;
79a7ba96 524# SCO UNIX and OEM versions of SCO UNIX
77bb0bca 525*-*-sco3.2v4*)
11cf4f1f 526 AC_MSG_ERROR("This Platform is no longer supported.")
77bb0bca 527 ;;
79a7ba96 528# SCO OpenServer 5.x
77bb0bca 529*-*-sco3.2v5*)
21710e39 530 if test -z "$GCC"; then
531 CFLAGS="$CFLAGS -belf"
532 fi
ed6553e2 533 LIBS="$LIBS -lprot -lx -ltinfo -lm"
509b1f88 534 no_dev_ptmx=1
ed6553e2 535 AC_DEFINE(USE_PIPES)
6e879cb4 536 AC_DEFINE(HAVE_SECUREWARE)
d287c664 537 AC_DEFINE(DISABLE_SHADOW)
94d8258b 538 AC_DEFINE(DISABLE_FD_PASSING)
7ed101c0 539 AC_DEFINE(SETEUID_BREAKS_SETUID)
540 AC_DEFINE(BROKEN_SETREUID)
541 AC_DEFINE(BROKEN_SETREGID)
bcebad47 542 AC_DEFINE(WITH_ABBREV_NO_TTY)
34f2baf0 543 AC_DEFINE(BROKEN_UPDWTMPX)
3466e002 544 AC_DEFINE(PASSWD_NEEDS_USERNAME)
aca75d94 545 AC_CHECK_FUNCS(getluid setluid)
533875af 546 MANTYPE=man
a3245b92 547 TEST_SHELL=ksh
509b1f88 548 ;;
ccbb983c 549*-*-unicosmk*)
3466e002 550 AC_DEFINE(NO_SSH_LASTLOG, 1,
551 [Define if you don't want to use lastlog in session.c])
c1ad5966 552 AC_DEFINE(SETEUID_BREAKS_SETUID)
553 AC_DEFINE(BROKEN_SETREUID)
554 AC_DEFINE(BROKEN_SETREGID)
ccbb983c 555 AC_DEFINE(USE_PIPES)
556 AC_DEFINE(DISABLE_FD_PASSING)
557 LDFLAGS="$LDFLAGS"
558 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
559 MANTYPE=cat
d262b7f2 560 ;;
7b9a8c6e 561*-*-unicosmp*)
c1ad5966 562 AC_DEFINE(SETEUID_BREAKS_SETUID)
563 AC_DEFINE(BROKEN_SETREUID)
564 AC_DEFINE(BROKEN_SETREGID)
7b9a8c6e 565 AC_DEFINE(WITH_ABBREV_NO_TTY)
566 AC_DEFINE(USE_PIPES)
567 AC_DEFINE(DISABLE_FD_PASSING)
568 LDFLAGS="$LDFLAGS"
c1ad5966 569 LIBS="$LIBS -lgen -lacid -ldb"
7b9a8c6e 570 MANTYPE=cat
571 ;;
ca5c7d6a 572*-*-unicos*)
c1ad5966 573 AC_DEFINE(SETEUID_BREAKS_SETUID)
574 AC_DEFINE(BROKEN_SETREUID)
575 AC_DEFINE(BROKEN_SETREGID)
ca5c7d6a 576 AC_DEFINE(USE_PIPES)
94d8258b 577 AC_DEFINE(DISABLE_FD_PASSING)
ef51930f 578 AC_DEFINE(NO_SSH_LASTLOG)
ccbb983c 579 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
580 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
581 MANTYPE=cat
a704dd54 582 ;;
4d33e531 583*-dec-osf*)
99c8ddac 584 AC_MSG_CHECKING(for Digital Unix SIA)
585 no_osfsia=""
586 AC_ARG_WITH(osfsia,
587 [ --with-osfsia Enable Digital Unix SIA],
588 [
589 if test "x$withval" = "xno" ; then
590 AC_MSG_RESULT(disabled)
591 no_osfsia=1
592 fi
593 ],
594 )
595 if test -z "$no_osfsia" ; then
4d33e531 596 if test -f /etc/sia/matrix.conf; then
597 AC_MSG_RESULT(yes)
3466e002 598 AC_DEFINE(HAVE_OSF_SIA, 1,
599 [Define if you have Digital Unix Security
600 Integration Architecture])
601 AC_DEFINE(DISABLE_LOGIN, 1,
602 [Define if you don't want to use your
603 system's login() call])
58d0df4e 604 AC_DEFINE(DISABLE_FD_PASSING)
4d33e531 605 LIBS="$LIBS -lsecurity -ldb -lm -laud"
5b84789f 606 SIA_MSG="yes"
4d33e531 607 else
608 AC_MSG_RESULT(no)
3466e002 609 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
610 [String used in /etc/passwd to denote locked account])
4d33e531 611 fi
612 fi
a6e67b60 613 AC_DEFINE(BROKEN_GETADDRINFO)
f4f2ff4f 614 AC_DEFINE(SETEUID_BREAKS_SETUID)
08da2d08 615 AC_DEFINE(BROKEN_SETREUID)
616 AC_DEFINE(BROKEN_SETREGID)
4d33e531 617 ;;
41cb4569 618
9c54c067 619*-*-nto-qnx*)
41cb4569 620 AC_DEFINE(USE_PIPES)
621 AC_DEFINE(NO_X11_UNIX_SOCKETS)
3466e002 622 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
623 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
624 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
9c54c067 625 AC_DEFINE(DISABLE_LASTLOG)
49c64dd6 626 AC_DEFINE(SSHD_ACQUIRES_CTTY)
0c7e8877 627 enable_etc_default_login=no # has incompatible /etc/default/login
41cb4569 628 ;;
35fc74ed 629
630*-*-ultrix*)
3466e002 631 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
632 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
4b2cf3f1 633 AC_DEFINE(NEED_SETPGRP)
b5765e1d 634 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
635 ;;
157b6700 636
637*-*-lynxos)
638 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
3466e002 639 AC_DEFINE(MISSING_HOWMANY)
157b6700 640 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
641 ;;
a7effaac 642esac
643
8e7b16f8 644# Allow user to specify flags
645AC_ARG_WITH(cflags,
646 [ --with-cflags Specify additional flags to pass to compiler],
647 [
6cf0200f 648 if test -n "$withval" && test "x$withval" != "xno" && \
649 test "x${withval}" != "xyes"; then
8e7b16f8 650 CFLAGS="$CFLAGS $withval"
651 fi
82f4e93d 652 ]
8e7b16f8 653)
0c2fb82f 654AC_ARG_WITH(cppflags,
655 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
656 [
6cf0200f 657 if test -n "$withval" && test "x$withval" != "xno" && \
658 test "x${withval}" != "xyes"; then
0c2fb82f 659 CPPFLAGS="$CPPFLAGS $withval"
660 fi
661 ]
662)
8e7b16f8 663AC_ARG_WITH(ldflags,
97b378bf 664 [ --with-ldflags Specify additional flags to pass to linker],
8e7b16f8 665 [
6cf0200f 666 if test -n "$withval" && test "x$withval" != "xno" && \
667 test "x${withval}" != "xyes"; then
8e7b16f8 668 LDFLAGS="$LDFLAGS $withval"
669 fi
82f4e93d 670 ]
8e7b16f8 671)
672AC_ARG_WITH(libs,
673 [ --with-libs Specify additional libraries to link with],
674 [
6cf0200f 675 if test -n "$withval" && test "x$withval" != "xno" && \
676 test "x${withval}" != "xyes"; then
8e7b16f8 677 LIBS="$LIBS $withval"
678 fi
82f4e93d 679 ]
8e7b16f8 680)
ed89c848 681AC_ARG_WITH(Werror,
682 [ --with-Werror Build main code with -Werror],
683 [
684 if test -n "$withval" && test "x$withval" != "xno"; then
685 werror_flags="-Werror"
1012885d 686 if test "x${withval}" != "xyes"; then
ed89c848 687 werror_flags="$withval"
688 fi
689 fi
690 ]
691)
8e7b16f8 692
c5829391 693AC_MSG_CHECKING(compiler and flags for sanity)
479cece8 694AC_RUN_IFELSE(
695 [AC_LANG_SOURCE([
c5829391 696#include <stdio.h>
697int main(){exit(0);}
479cece8 698 ])],
c5829391 699 [ AC_MSG_RESULT(yes) ],
700 [
701 AC_MSG_RESULT(no)
702 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1a01a50c 703 ],
704 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
c5829391 705)
706
b04a9f8c 707dnl Checks for header files.
708AC_CHECK_HEADERS( \
709 bstring.h \
710 crypt.h \
2f360c89 711 crypto/sha2.h \
b04a9f8c 712 dirent.h \
713 endian.h \
714 features.h \
37259a8e 715 fcntl.h \
b04a9f8c 716 floatingpoint.h \
717 getopt.h \
718 glob.h \
719 ia.h \
4c653d8e 720 iaf.h \
b04a9f8c 721 limits.h \
722 login.h \
b04a9f8c 723 maillock.h \
724 ndir.h \
e02505e2 725 net/if_tun.h \
b04a9f8c 726 netdb.h \
727 netgroup.h \
b04a9f8c 728 pam/pam_appl.h \
729 paths.h \
730 pty.h \
731 readpassphrase.h \
732 rpc/types.h \
733 security/pam_appl.h \
f73e2ad7 734 sha2.h \
b04a9f8c 735 shadow.h \
736 stddef.h \
737 stdint.h \
0957c2cf 738 string.h \
b04a9f8c 739 strings.h \
740 sys/audit.h \
741 sys/bitypes.h \
742 sys/bsdtty.h \
743 sys/cdefs.h \
744 sys/dir.h \
745 sys/mman.h \
746 sys/ndir.h \
747 sys/prctl.h \
748 sys/pstat.h \
749 sys/select.h \
750 sys/stat.h \
751 sys/stream.h \
752 sys/stropts.h \
753 sys/strtio.h \
754 sys/sysmacros.h \
755 sys/time.h \
756 sys/timers.h \
757 sys/un.h \
758 time.h \
759 tmpdir.h \
760 ttyent.h \
25dd2ce6 761 unistd.h \
b04a9f8c 762 usersec.h \
763 util.h \
764 utime.h \
765 utmp.h \
766 utmpx.h \
ea76f54c 767 vis.h \
b04a9f8c 768)
ddceb1c8 769
823221b2 770# lastlog.h requires sys/time.h to be included first on Solaris
771AC_CHECK_HEADERS(lastlog.h, [], [], [
772#ifdef HAVE_SYS_TIME_H
773# include <sys/time.h>
774#endif
775])
776
765a24cd 777# sys/ptms.h requires sys/stream.h to be included first on Solaris
778AC_CHECK_HEADERS(sys/ptms.h, [], [], [
779#ifdef HAVE_SYS_STREAM_H
780# include <sys/stream.h>
781#endif
782])
783
3919d576 784# login_cap.h requires sys/types.h on NetBSD
785AC_CHECK_HEADERS(login_cap.h, [], [], [
786#include <sys/types.h>
787])
788
a0391976 789# Checks for libraries.
98a7c37b 790AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
791AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
2c523de9 792
446227d6 793dnl IRIX and Solaris 2.5.1 have dirname() in libgen
794AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
795 AC_CHECK_LIB(gen, dirname,[
796 AC_CACHE_CHECK([for broken dirname],
797 ac_cv_have_broken_dirname, [
798 save_LIBS="$LIBS"
799 LIBS="$LIBS -lgen"
b0e7249f 800 AC_RUN_IFELSE(
801 [AC_LANG_SOURCE([[
446227d6 802#include <libgen.h>
803#include <string.h>
804
805int main(int argc, char **argv) {
806 char *s, buf[32];
807
808 strncpy(buf,"/etc", 32);
809 s = dirname(buf);
810 if (!s || strncmp(s, "/", 32) != 0) {
811 exit(1);
812 } else {
813 exit(0);
814 }
815}
b0e7249f 816 ]])],
817 [ ac_cv_have_broken_dirname="no" ],
818 [ ac_cv_have_broken_dirname="yes" ],
446227d6 819 [ ac_cv_have_broken_dirname="no" ],
446227d6 820 )
821 LIBS="$save_LIBS"
822 ])
823 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
824 LIBS="$LIBS -lgen"
825 AC_DEFINE(HAVE_DIRNAME)
826 AC_CHECK_HEADERS(libgen.h)
827 fi
828 ])
829])
830
831AC_CHECK_FUNC(getspnam, ,
832 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
3466e002 833AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
834 [Define if you have the basename function.]))
446227d6 835
98a7c37b 836dnl zlib is required
837AC_ARG_WITH(zlib,
838 [ --with-zlib=PATH Use zlib in PATH],
6dd05556 839 [ if test "x$withval" = "xno" ; then
840 AC_MSG_ERROR([*** zlib is required ***])
841 elif test "x$withval" != "xyes"; then
98a7c37b 842 if test -d "$withval/lib"; then
843 if test -n "${need_dash_r}"; then
5a162955 844 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
98a7c37b 845 else
5a162955 846 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
98a7c37b 847 fi
848 else
849 if test -n "${need_dash_r}"; then
5a162955 850 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
98a7c37b 851 else
5a162955 852 LDFLAGS="-L${withval} ${LDFLAGS}"
98a7c37b 853 fi
854 fi
855 if test -d "$withval/include"; then
5a162955 856 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
98a7c37b 857 else
5a162955 858 CPPFLAGS="-I${withval} ${CPPFLAGS}"
98a7c37b 859 fi
6dd05556 860 fi ]
98a7c37b 861)
862
0a15d73b 863AC_CHECK_LIB(z, deflate, ,
864 [
865 saved_CPPFLAGS="$CPPFLAGS"
866 saved_LDFLAGS="$LDFLAGS"
867 save_LIBS="$LIBS"
868 dnl Check default zlib install dir
869 if test -n "${need_dash_r}"; then
870 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
871 else
872 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
873 fi
874 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
875 LIBS="$LIBS -lz"
876 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
877 [
878 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
879 ]
880 )
881 ]
882)
4ad65809 883AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
8068d564 884
885AC_ARG_WITH(zlib-version-check,
886 [ --without-zlib-version-check Disable zlib version check],
887 [ if test "x$withval" = "xno" ; then
888 zlib_check_nonfatal=1
889 fi
890 ]
891)
892
5c7fc85d 893AC_MSG_CHECKING(for possibly buggy zlib)
479cece8 894AC_RUN_IFELSE([AC_LANG_SOURCE([[
5c7fc85d 895#include <stdio.h>
4ad65809 896#include <zlib.h>
897int main()
898{
5c7fc85d 899 int a=0, b=0, c=0, d=0, n, v;
900 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
901 if (n != 3 && n != 4)
4ad65809 902 exit(1);
5c7fc85d 903 v = a*1000000 + b*10000 + c*100 + d;
904 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
905
906 /* 1.1.4 is OK */
907 if (a == 1 && b == 1 && c >= 4)
4ad65809 908 exit(0);
5c7fc85d 909
0072b59d 910 /* 1.2.3 and up are OK */
911 if (v >= 1020300)
5c7fc85d 912 exit(0);
913
4ad65809 914 exit(2);
915}
479cece8 916 ]])],
5c7fc85d 917 AC_MSG_RESULT(no),
918 [ AC_MSG_RESULT(yes)
8068d564 919 if test -z "$zlib_check_nonfatal" ; then
920 AC_MSG_ERROR([*** zlib too old - check config.log ***
921Your reported zlib version has known security problems. It's possible your
922vendor has fixed these problems without changing the version number. If you
923are sure this is the case, you can disable the check by running
924"./configure --without-zlib-version-check".
6090bcfe 925If you are in doubt, upgrade zlib to version 1.2.3 or greater.
5c7fc85d 926See http://www.gzip.org/zlib/ for details.])
8068d564 927 else
928 AC_MSG_WARN([zlib version may have security problems])
929 fi
1a01a50c 930 ],
931 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
4ad65809 932)
48e7916f 933
2c523de9 934dnl UnixWare 2.x
aff51935 935AC_CHECK_FUNC(strcasecmp,
2c523de9 936 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
937)
23361281 938AC_CHECK_FUNCS(utimes,
cda1ebcb 939 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
940 LIBS="$LIBS -lc89"]) ]
2c523de9 941)
4cca272e 942
7c6d759d 943dnl Checks for libutil functions
944AC_CHECK_HEADERS(libutil.h)
3466e002 945AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
946 [Define if your libraries define login()])])
7c6d759d 947AC_CHECK_FUNCS(logout updwtmp logwtmp)
948
a738c3b0 949AC_FUNC_STRFTIME
950
84ceda19 951# Check for ALTDIRFUNC glob() extension
952AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
953AC_EGREP_CPP(FOUNDIT,
954 [
955 #include <glob.h>
956 #ifdef GLOB_ALTDIRFUNC
957 FOUNDIT
958 #endif
aff51935 959 ],
84ceda19 960 [
3466e002 961 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
962 [Define if your system glob() function has
963 the GLOB_ALTDIRFUNC extension])
84ceda19 964 AC_MSG_RESULT(yes)
965 ],
966 [
967 AC_MSG_RESULT(no)
968 ]
969)
4cca272e 970
40849fdb 971# Check for g.gl_matchc glob() extension
972AC_MSG_CHECKING(for gl_matchc field in glob_t)
d90b9f9a 973AC_TRY_COMPILE(
13ff27b7 974 [ #include <glob.h> ],
975 [glob_t g; g.gl_matchc = 1;],
aff51935 976 [
3466e002 977 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
978 [Define if your system glob() function has
979 gl_matchc options in glob_t])
aff51935 980 AC_MSG_RESULT(yes)
981 ],
982 [
983 AC_MSG_RESULT(no)
984 ]
40849fdb 985)
986
78888bab 987AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
988
edbe6722 989AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1a01a50c 990AC_RUN_IFELSE(
479cece8 991 [AC_LANG_SOURCE([[
edbe6722 992#include <sys/types.h>
993#include <dirent.h>
aec4cb4f 994int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
479cece8 995 ]])],
aff51935 996 [AC_MSG_RESULT(yes)],
edbe6722 997 [
998 AC_MSG_RESULT(no)
3466e002 999 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
d08db6d1 1000 [Define if your struct dirent expects you to
3466e002 1001 allocate extra space for d_name])
1a01a50c 1002 ],
82f4e93d 1003 [
1a01a50c 1004 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1005 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
edbe6722 1006 ]
1007)
1008
419e26e7 1009AC_MSG_CHECKING([for /proc/pid/fd directory])
1010if test -d "/proc/$$/fd" ; then
3466e002 1011 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
419e26e7 1012 AC_MSG_RESULT(yes)
1013else
1014 AC_MSG_RESULT(no)
1015fi
1016
278588d8 1017# Check whether user wants S/Key support
aff51935 1018SKEY_MSG="no"
278588d8 1019AC_ARG_WITH(skey,
6ff3d0dc 1020 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
278588d8 1021 [
1022 if test "x$withval" != "xno" ; then
1023
1024 if test "x$withval" != "xyes" ; then
1025 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1026 LDFLAGS="$LDFLAGS -L${withval}/lib"
1027 fi
1028
3466e002 1029 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
278588d8 1030 LIBS="-lskey $LIBS"
aff51935 1031 SKEY_MSG="yes"
82f4e93d 1032
ddceb1c8 1033 AC_MSG_CHECKING([for s/key support])
b0e7249f 1034 AC_LINK_IFELSE(
1035 [AC_LANG_SOURCE([[
ddceb1c8 1036#include <stdio.h>
1037#include <skey.h>
aec4cb4f 1038int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
b0e7249f 1039 ]])],
ddceb1c8 1040 [AC_MSG_RESULT(yes)],
278588d8 1041 [
ddceb1c8 1042 AC_MSG_RESULT(no)
278588d8 1043 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1044 ])
141fc639 1045 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1046 AC_TRY_COMPILE(
1047 [#include <stdio.h>
1048 #include <skey.h>],
1049 [(void)skeychallenge(NULL,"name","",0);],
1050 [AC_MSG_RESULT(yes)
3466e002 1051 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1052 [Define if your skeychallenge()
1053 function takes 4 arguments (NetBSD)])],
141fc639 1054 [AC_MSG_RESULT(no)]
1055 )
278588d8 1056 fi
1057 ]
1058)
1059
1060# Check whether user wants TCP wrappers support
98a7c37b 1061TCPW_MSG="no"
278588d8 1062AC_ARG_WITH(tcp-wrappers,
6ff3d0dc 1063 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
278588d8 1064 [
1065 if test "x$withval" != "xno" ; then
1066 saved_LIBS="$LIBS"
98a7c37b 1067 saved_LDFLAGS="$LDFLAGS"
1068 saved_CPPFLAGS="$CPPFLAGS"
4b492aab 1069 if test -n "${withval}" && \
6cf0200f 1070 test "x${withval}" != "xyes"; then
98a7c37b 1071 if test -d "${withval}/lib"; then
1072 if test -n "${need_dash_r}"; then
5a162955 1073 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
98a7c37b 1074 else
5a162955 1075 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
98a7c37b 1076 fi
1077 else
1078 if test -n "${need_dash_r}"; then
5a162955 1079 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
98a7c37b 1080 else
5a162955 1081 LDFLAGS="-L${withval} ${LDFLAGS}"
98a7c37b 1082 fi
1083 fi
1084 if test -d "${withval}/include"; then
5a162955 1085 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
98a7c37b 1086 else
5a162955 1087 CPPFLAGS="-I${withval} ${CPPFLAGS}"
98a7c37b 1088 fi
98a7c37b 1089 fi
ddceb1c8 1090 LIBWRAP="-lwrap"
1091 LIBS="$LIBWRAP $LIBS"
278588d8 1092 AC_MSG_CHECKING(for libwrap)
1093 AC_TRY_LINK(
1094 [
77f09220 1095#include <sys/types.h>
1096#include <sys/socket.h>
1097#include <netinet/in.h>
278588d8 1098#include <tcpd.h>
1099 int deny_severity = 0, allow_severity = 0;
1100 ],
1101 [hosts_access(0);],
1102 [
1103 AC_MSG_RESULT(yes)
3466e002 1104 AC_DEFINE(LIBWRAP, 1,
1105 [Define if you want
1106 TCP Wrappers support])
ddceb1c8 1107 AC_SUBST(LIBWRAP)
98a7c37b 1108 TCPW_MSG="yes"
278588d8 1109 ],
1110 [
1111 AC_MSG_ERROR([*** libwrap missing])
1112 ]
1113 )
ddceb1c8 1114 LIBS="$saved_LIBS"
278588d8 1115 fi
1116 ]
1117)
1118
59031773 1119# Check whether user wants libedit support
1120LIBEDIT_MSG="no"
1121AC_ARG_WITH(libedit,
6ff3d0dc 1122 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
59031773 1123 [ if test "x$withval" != "xno" ; then
737edf04 1124 if test "x$withval" != "xyes"; then
bb116c8e 1125 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1126 if test -n "${need_dash_r}"; then
1127 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1128 else
1129 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1130 fi
737edf04 1131 fi
59031773 1132 AC_CHECK_LIB(edit, el_init,
3466e002 1133 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
59031773 1134 LIBEDIT="-ledit -lcurses"
1135 LIBEDIT_MSG="yes"
1136 AC_SUBST(LIBEDIT)
1137 ],
737edf04 1138 [ AC_MSG_ERROR(libedit not found) ],
1139 [ -lcurses ]
59031773 1140 )
f47ddccb 1141 AC_MSG_CHECKING(if libedit version is compatible)
d92622f9 1142 AC_COMPILE_IFELSE(
1143 [AC_LANG_SOURCE([[
1144#include <histedit.h>
f47ddccb 1145int main(void)
1146{
1147 int i = H_SETSIZE;
1148 el_init("", NULL, NULL, NULL);
1149 exit(0);
1150}
d92622f9 1151 ]])],
f47ddccb 1152 [ AC_MSG_RESULT(yes) ],
1153 [ AC_MSG_RESULT(no)
1154 AC_MSG_ERROR(libedit version is not compatible) ]
1155 )
59031773 1156 fi ]
1157)
1158
7b578f7d 1159AUDIT_MODULE=none
1160AC_ARG_WITH(audit,
1161 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1162 [
1163 AC_MSG_CHECKING(for supported audit module)
1164 case "$withval" in
1165 bsm)
1166 AC_MSG_RESULT(bsm)
1167 AUDIT_MODULE=bsm
1168 dnl Checks for headers, libs and functions
1169 AC_CHECK_HEADERS(bsm/audit.h, [],
1170 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1171 AC_CHECK_LIB(bsm, getaudit, [],
1172 [AC_MSG_ERROR(BSM enabled and required library not found)])
1173 AC_CHECK_FUNCS(getaudit, [],
1174 [AC_MSG_ERROR(BSM enabled and required function not found)])
1175 # These are optional
7939c496 1176 AC_CHECK_FUNCS(getaudit_addr)
3466e002 1177 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
7b578f7d 1178 ;;
1179 debug)
1180 AUDIT_MODULE=debug
1181 AC_MSG_RESULT(debug)
3466e002 1182 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
7b578f7d 1183 ;;
a2b3321d 1184 no)
d92622f9 1185 AC_MSG_RESULT(no)
a2b3321d 1186 ;;
7b578f7d 1187 *)
1188 AC_MSG_ERROR([Unknown audit module $withval])
1189 ;;
1190 esac ]
1191)
1192
19160674 1193dnl Checks for library functions. Please keep in alphabetical order
b04a9f8c 1194AC_CHECK_FUNCS( \
1195 arc4random \
9a406e1e 1196 asprintf \
b04a9f8c 1197 b64_ntop \
1198 __b64_ntop \
1199 b64_pton \
1200 __b64_pton \
1201 bcopy \
1202 bindresvport_sa \
1203 clock \
1204 closefrom \
1205 dirfd \
b04a9f8c 1206 fchmod \
1207 fchown \
1208 freeaddrinfo \
1209 futimes \
1210 getaddrinfo \
1211 getcwd \
1212 getgrouplist \
1213 getnameinfo \
1214 getopt \
1215 getpeereid \
1216 _getpty \
1217 getrlimit \
1218 getttyent \
1219 glob \
1220 inet_aton \
1221 inet_ntoa \
1222 inet_ntop \
1223 innetgr \
1224 login_getcapbool \
1225 md5_crypt \
1226 memmove \
1227 mkdtemp \
1228 mmap \
1229 ngetaddrinfo \
1230 nsleep \
1231 ogetaddrinfo \
1232 openlog_r \
1233 openpty \
1234 prctl \
1235 pstat \
1236 readpassphrase \
1237 realpath \
1238 recvmsg \
1239 rresvport_af \
1240 sendmsg \
1241 setdtablesize \
1242 setegid \
1243 setenv \
1244 seteuid \
1245 setgroups \
1246 setlogin \
1247 setpcred \
1248 setproctitle \
1249 setregid \
1250 setreuid \
1251 setrlimit \
1252 setsid \
1253 setvbuf \
1254 sigaction \
1255 sigvec \
1256 snprintf \
1257 socketpair \
1258 strdup \
1259 strerror \
1260 strlcat \
1261 strlcpy \
1262 strmode \
1263 strnvis \
1264 strtonum \
1e29a0c8 1265 strtoll \
b04a9f8c 1266 strtoul \
1267 sysconf \
1268 tcgetpgrp \
1269 truncate \
1270 unsetenv \
1271 updwtmpx \
9a406e1e 1272 vasprintf \
b04a9f8c 1273 vhangup \
1274 vsnprintf \
1275 waitpid \
19160674 1276)
98a7c37b 1277
1a086f97 1278# IRIX has a const char return value for gai_strerror()
1279AC_CHECK_FUNCS(gai_strerror,[
1280 AC_DEFINE(HAVE_GAI_STRERROR)
1281 AC_TRY_COMPILE([
1282#include <sys/types.h>
1283#include <sys/socket.h>
1284#include <netdb.h>
1285
1286const char *gai_strerror(int);],[
1287char *str;
1288
1289str = gai_strerror(0);],[
1290 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1291 [Define if gai_strerror() returns const char *])])])
1292
3466e002 1293AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1294 [Some systems put nanosleep outside of libc]))
92b1decf 1295
309709db 1296dnl Make sure prototypes are defined for these before using them.
309709db 1297AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
0957c2cf 1298AC_CHECK_DECL(strsep,
1299 [AC_CHECK_FUNCS(strsep)],
1300 [],
1301 [
1302#ifdef HAVE_STRING_H
1303# include <string.h>
1304#endif
1305 ])
08412d26 1306
3490699c 1307dnl tcsendbreak might be a macro
1308AC_CHECK_DECL(tcsendbreak,
1309 [AC_DEFINE(HAVE_TCSENDBREAK)],
aff51935 1310 [AC_CHECK_FUNCS(tcsendbreak)],
3490699c 1311 [#include <termios.h>]
1312)
1313
41e0e158 1314AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1315
71f4c727 1316AC_CHECK_DECLS(SHUT_RD, , ,
1317 [
1318#include <sys/types.h>
1319#include <sys/socket.h>
1320 ])
956d6743 1321
1322AC_CHECK_DECLS(O_NONBLOCK, , ,
1323 [
1324#include <sys/types.h>
1325#ifdef HAVE_SYS_STAT_H
1326# include <sys/stat.h>
1327#endif
1328#ifdef HAVE_FCNTL_H
1329# include <fcntl.h>
1330#endif
1331 ])
1332
752994dd 1333AC_CHECK_DECLS(writev, , , [
1334#include <sys/types.h>
1335#include <sys/uio.h>
1336#include <unistd.h>
1337 ])
1338
3f176010 1339AC_CHECK_FUNCS(setresuid, [
1340 dnl Some platorms have setresuid that isn't implemented, test for this
1341 AC_MSG_CHECKING(if setresuid seems to work)
479cece8 1342 AC_RUN_IFELSE(
1343 [AC_LANG_SOURCE([[
9a3fe0e2 1344#include <stdlib.h>
1345#include <errno.h>
1346int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
479cece8 1347 ]])],
3f176010 1348 [AC_MSG_RESULT(yes)],
3466e002 1349 [AC_DEFINE(BROKEN_SETRESUID, 1,
1350 [Define if your setresuid() is broken])
1a01a50c 1351 AC_MSG_RESULT(not implemented)],
1352 [AC_MSG_WARN([cross compiling: not checking setresuid])]
3f176010 1353 )
1354])
9a3fe0e2 1355
3f176010 1356AC_CHECK_FUNCS(setresgid, [
1357 dnl Some platorms have setresgid that isn't implemented, test for this
1358 AC_MSG_CHECKING(if setresgid seems to work)
479cece8 1359 AC_RUN_IFELSE(
1360 [AC_LANG_SOURCE([[
9a3fe0e2 1361#include <stdlib.h>
1362#include <errno.h>
1363int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
479cece8 1364 ]])],
3f176010 1365 [AC_MSG_RESULT(yes)],
3466e002 1366 [AC_DEFINE(BROKEN_SETRESGID, 1,
1367 [Define if your setresgid() is broken])
1a01a50c 1368 AC_MSG_RESULT(not implemented)],
1369 [AC_MSG_WARN([cross compiling: not checking setresuid])]
3f176010 1370 )
1371])
9a3fe0e2 1372
2e73a022 1373dnl Checks for time functions
1d7b9b20 1374AC_CHECK_FUNCS(gettimeofday time)
2e73a022 1375dnl Checks for utmp functions
b03bd394 1376AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1d7b9b20 1377AC_CHECK_FUNCS(utmpname)
2e73a022 1378dnl Checks for utmpx functions
b03bd394 1379AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1d7b9b20 1380AC_CHECK_FUNCS(setutxent utmpxname)
76cd7316 1381
aff51935 1382AC_CHECK_FUNC(daemon,
3466e002 1383 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1384 [AC_CHECK_LIB(bsd, daemon,
1385 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
beb43d31 1386)
1387
aff51935 1388AC_CHECK_FUNC(getpagesize,
3466e002 1389 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1390 [Define if your libraries define getpagesize()])],
1391 [AC_CHECK_LIB(ucb, getpagesize,
1392 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
aa6bd60a 1393)
1394
2647ae26 1395# Check for broken snprintf
1396if test "x$ac_cv_func_snprintf" = "xyes" ; then
1397 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1a01a50c 1398 AC_RUN_IFELSE(
479cece8 1399 [AC_LANG_SOURCE([[
2647ae26 1400#include <stdio.h>
aec4cb4f 1401int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
479cece8 1402 ]])],
aff51935 1403 [AC_MSG_RESULT(yes)],
2647ae26 1404 [
1405 AC_MSG_RESULT(no)
3466e002 1406 AC_DEFINE(BROKEN_SNPRINTF, 1,
1407 [Define if your snprintf is busted])
2647ae26 1408 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1a01a50c 1409 ],
1410 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
2647ae26 1411 )
1412fi
1413
9a406e1e 1414# If we don't have a working asprintf, then we strongly depend on vsnprintf
1415# returning the right thing on overflow: the number of characters it tried to
1416# create (as per SUSv3)
1417if test "x$ac_cv_func_asprintf" != "xyes" && \
1418 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1419 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1420 AC_RUN_IFELSE(
1421 [AC_LANG_SOURCE([[
1422#include <sys/types.h>
1423#include <stdio.h>
1424#include <stdarg.h>
1425
1426int x_snprintf(char *str,size_t count,const char *fmt,...)
1427{
1428 size_t ret; va_list ap;
1429 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1430 return ret;
1431}
1432int main(void)
1433{
1434 char x[1];
1435 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1436} ]])],
1437 [AC_MSG_RESULT(yes)],
1438 [
1439 AC_MSG_RESULT(no)
1440 AC_DEFINE(BROKEN_SNPRINTF, 1,
1441 [Define if your snprintf is busted])
1442 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1443 ],
1444 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1445 )
1446fi
1447
31b0732a 1448# On systems where [v]snprintf is broken, but is declared in stdio,
1449# check that the fmt argument is const char * or just char *.
1450# This is only useful for when BROKEN_SNPRINTF
1451AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1452AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1453 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1454 int main(void) { snprintf(0, 0, 0); }
1455 ]])],
1456 [AC_MSG_RESULT(yes)
1457 AC_DEFINE(SNPRINTF_CONST, [const],
1458 [Define as const if snprintf() can declare const char *fmt])],
1459 [AC_MSG_RESULT(no)
1460 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1461
2f6f9cff 1462# Check for missing getpeereid (or equiv) support
1463NO_PEERCHECK=""
1464if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1465 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1466 AC_TRY_COMPILE(
1467 [#include <sys/types.h>
1468 #include <sys/socket.h>],
1469 [int i = SO_PEERCRED;],
62eb7db4 1470 [ AC_MSG_RESULT(yes)
3466e002 1471 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
62eb7db4 1472 ],
2f6f9cff 1473 [AC_MSG_RESULT(no)
1474 NO_PEERCHECK=1]
1475 )
1476fi
1477
70e7d0b0 1478dnl see whether mkstemp() requires XXXXXX
1479if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1480AC_MSG_CHECKING([for (overly) strict mkstemp])
b0e7249f 1481AC_RUN_IFELSE(
1482 [AC_LANG_SOURCE([[
70e7d0b0 1483#include <stdlib.h>
1484main() { char template[]="conftest.mkstemp-test";
1485if (mkstemp(template) == -1)
1486 exit(1);
1487unlink(template); exit(0);
1488}
b0e7249f 1489 ]])],
70e7d0b0 1490 [
1491 AC_MSG_RESULT(no)
1492 ],
aff51935 1493 [
70e7d0b0 1494 AC_MSG_RESULT(yes)
3466e002 1495 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
70e7d0b0 1496 ],
1497 [
1498 AC_MSG_RESULT(yes)
1499 AC_DEFINE(HAVE_STRICT_MKSTEMP)
aff51935 1500 ]
70e7d0b0 1501)
1502fi
1503
eacb954e 1504dnl make sure that openpty does not reacquire controlling terminal
1505if test ! -z "$check_for_openpty_ctty_bug"; then
1506 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
b0e7249f 1507 AC_RUN_IFELSE(
1508 [AC_LANG_SOURCE([[
eacb954e 1509#include <stdio.h>
1510#include <sys/fcntl.h>
1511#include <sys/types.h>
1512#include <sys/wait.h>
1513
1514int
1515main()
1516{
1517 pid_t pid;
1518 int fd, ptyfd, ttyfd, status;
1519
1520 pid = fork();
1521 if (pid < 0) { /* failed */
1522 exit(1);
1523 } else if (pid > 0) { /* parent */
1524 waitpid(pid, &status, 0);
aff51935 1525 if (WIFEXITED(status))
eacb954e 1526 exit(WEXITSTATUS(status));
1527 else
1528 exit(2);
1529 } else { /* child */
1530 close(0); close(1); close(2);
1531 setsid();
1532 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1533 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1534 if (fd >= 0)
1535 exit(3); /* Acquired ctty: broken */
1536 else
1537 exit(0); /* Did not acquire ctty: OK */
1538 }
1539}
b0e7249f 1540 ]])],
eacb954e 1541 [
1542 AC_MSG_RESULT(yes)
1543 ],
1544 [
1545 AC_MSG_RESULT(no)
1546 AC_DEFINE(SSHD_ACQUIRES_CTTY)
b0e7249f 1547 ],
1548 [
1549 AC_MSG_RESULT(cross-compiling, assuming yes)
eacb954e 1550 ]
1551 )
1552fi
1553
4b492aab 1554if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1555 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
2fe51906 1556 AC_MSG_CHECKING(if getaddrinfo seems to work)
b0e7249f 1557 AC_RUN_IFELSE(
1558 [AC_LANG_SOURCE([[
2fe51906 1559#include <stdio.h>
1560#include <sys/socket.h>
1561#include <netdb.h>
1562#include <errno.h>
1563#include <netinet/in.h>
1564
1565#define TEST_PORT "2222"
1566
1567int
1568main(void)
1569{
1570 int err, sock;
1571 struct addrinfo *gai_ai, *ai, hints;
1572 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1573
1574 memset(&hints, 0, sizeof(hints));
1575 hints.ai_family = PF_UNSPEC;
1576 hints.ai_socktype = SOCK_STREAM;
1577 hints.ai_flags = AI_PASSIVE;
1578
1579 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1580 if (err != 0) {
1581 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1582 exit(1);
1583 }
1584
1585 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1586 if (ai->ai_family != AF_INET6)
1587 continue;
1588
1589 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1590 sizeof(ntop), strport, sizeof(strport),
1591 NI_NUMERICHOST|NI_NUMERICSERV);
1592
1593 if (err != 0) {
1594 if (err == EAI_SYSTEM)
1595 perror("getnameinfo EAI_SYSTEM");
1596 else
1597 fprintf(stderr, "getnameinfo failed: %s\n",
1598 gai_strerror(err));
1599 exit(2);
1600 }
1601
1602 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1603 if (sock < 0)
1604 perror("socket");
1605 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1606 if (errno == EBADF)
1607 exit(3);
1608 }
1609 }
1610 exit(0);
1611}
b0e7249f 1612 ]])],
2fe51906 1613 [
1614 AC_MSG_RESULT(yes)
1615 ],
1616 [
1617 AC_MSG_RESULT(no)
1618 AC_DEFINE(BROKEN_GETADDRINFO)
b0e7249f 1619 ],
1620 [
1621 AC_MSG_RESULT(cross-compiling, assuming yes)
2fe51906 1622 ]
1623 )
1624fi
1625
4b492aab 1626if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1627 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
5ccf88cb 1628 AC_MSG_CHECKING(if getaddrinfo seems to work)
b0e7249f 1629 AC_RUN_IFELSE(
1630 [AC_LANG_SOURCE([[
5ccf88cb 1631#include <stdio.h>
1632#include <sys/socket.h>
1633#include <netdb.h>
1634#include <errno.h>
1635#include <netinet/in.h>
1636
1637#define TEST_PORT "2222"
1638
1639int
1640main(void)
1641{
1642 int err, sock;
1643 struct addrinfo *gai_ai, *ai, hints;
1644 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1645
1646 memset(&hints, 0, sizeof(hints));
1647 hints.ai_family = PF_UNSPEC;
1648 hints.ai_socktype = SOCK_STREAM;
1649 hints.ai_flags = AI_PASSIVE;
1650
1651 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1652 if (err != 0) {
1653 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1654 exit(1);
1655 }
1656
1657 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1658 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1659 continue;
1660
1661 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1662 sizeof(ntop), strport, sizeof(strport),
1663 NI_NUMERICHOST|NI_NUMERICSERV);
1664
1665 if (ai->ai_family == AF_INET && err != 0) {
1666 perror("getnameinfo");
1667 exit(2);
1668 }
1669 }
1670 exit(0);
1671}
b0e7249f 1672 ]])],
5ccf88cb 1673 [
1674 AC_MSG_RESULT(yes)
3466e002 1675 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1676 [Define if you have a getaddrinfo that fails
1677 for the all-zeros IPv6 address])
5ccf88cb 1678 ],
1679 [
1680 AC_MSG_RESULT(no)
1681 AC_DEFINE(BROKEN_GETADDRINFO)
b0e7249f 1682 ],
ecd9ec09 1683 [
b0e7249f 1684 AC_MSG_RESULT(cross-compiling, assuming no)
5ccf88cb 1685 ]
1686 )
1687fi
1688
b29fd59f 1689if test "x$check_for_conflicting_getspnam" = "x1"; then
1690 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1691 AC_COMPILE_IFELSE(
1692 [
1693#include <shadow.h>
1694int main(void) {exit(0);}
1695 ],
1696 [
1697 AC_MSG_RESULT(no)
1698 ],
1699 [
1700 AC_MSG_RESULT(yes)
1701 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1702 [Conflicting defs for getspnam])
1703 ]
1704 )
1705fi
1706
7f8f5e00 1707AC_FUNC_GETPGRP
1708
5b991353 1709# Search for OpenSSL
1710saved_CPPFLAGS="$CPPFLAGS"
1711saved_LDFLAGS="$LDFLAGS"
a0391976 1712AC_ARG_WITH(ssl-dir,
1713 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1714 [
e9e4a1c7 1715 if test "x$withval" != "xno" ; then
99eb0f64 1716 case "$withval" in
1717 # Relative paths
1718 ./*|../*) withval="`pwd`/$withval"
1719 esac
5b991353 1720 if test -d "$withval/lib"; then
1721 if test -n "${need_dash_r}"; then
1722 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1723 else
1724 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
d6f13fbb 1725 fi
1726 else
5b991353 1727 if test -n "${need_dash_r}"; then
1728 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1729 else
1730 LDFLAGS="-L${withval} ${LDFLAGS}"
d6f13fbb 1731 fi
1732 fi
5b991353 1733 if test -d "$withval/include"; then
1734 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
d6f13fbb 1735 else
5b991353 1736 CPPFLAGS="-I${withval} ${CPPFLAGS}"
58d100bf 1737 fi
a0391976 1738 fi
5b991353 1739 ]
1740)
5486a457 1741LIBS="-lcrypto $LIBS"
3466e002 1742AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1743 [Define if your ssl headers are included
1744 with #include <openssl/header.h>]),
d45e3d76 1745 [
5b991353 1746 dnl Check default openssl install dir
1747 if test -n "${need_dash_r}"; then
1748 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
d45e3d76 1749 else
5b991353 1750 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
d45e3d76 1751 fi
5b991353 1752 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1753 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1754 [
1755 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1756 ]
1757 )
1758 ]
1759)
1760
cd018561 1761# Determine OpenSSL header version
1762AC_MSG_CHECKING([OpenSSL header version])
1a01a50c 1763AC_RUN_IFELSE(
479cece8 1764 [AC_LANG_SOURCE([[
cd018561 1765#include <stdio.h>
1766#include <string.h>
1767#include <openssl/opensslv.h>
1768#define DATA "conftest.sslincver"
1769int main(void) {
aff51935 1770 FILE *fd;
1771 int rc;
cd018561 1772
aff51935 1773 fd = fopen(DATA,"w");
1774 if(fd == NULL)
1775 exit(1);
cd018561 1776
1777 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1778 exit(1);
1779
1780 exit(0);
1781}
479cece8 1782 ]])],
cd018561 1783 [
1784 ssl_header_ver=`cat conftest.sslincver`
1785 AC_MSG_RESULT($ssl_header_ver)
1786 ],
1787 [
1788 AC_MSG_RESULT(not found)
1789 AC_MSG_ERROR(OpenSSL version header not found.)
1a01a50c 1790 ],
1791 [
1792 AC_MSG_WARN([cross compiling: not checking])
cd018561 1793 ]
1794)
1795
1796# Determine OpenSSL library version
1797AC_MSG_CHECKING([OpenSSL library version])
1a01a50c 1798AC_RUN_IFELSE(
479cece8 1799 [AC_LANG_SOURCE([[
cd018561 1800#include <stdio.h>
1801#include <string.h>
1802#include <openssl/opensslv.h>
1803#include <openssl/crypto.h>
1804#define DATA "conftest.ssllibver"
1805int main(void) {
aff51935 1806 FILE *fd;
1807 int rc;
cd018561 1808
aff51935 1809 fd = fopen(DATA,"w");
1810 if(fd == NULL)
1811 exit(1);
cd018561 1812
1813 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1814 exit(1);
1815
1816 exit(0);
1817}
479cece8 1818 ]])],
cd018561 1819 [
1820 ssl_library_ver=`cat conftest.ssllibver`
1821 AC_MSG_RESULT($ssl_library_ver)
1822 ],
1823 [
1824 AC_MSG_RESULT(not found)
1825 AC_MSG_ERROR(OpenSSL library not found.)
1a01a50c 1826 ],
1827 [
1828 AC_MSG_WARN([cross compiling: not checking])
cd018561 1829 ]
1830)
58d100bf 1831
9780116c 1832# Sanity check OpenSSL headers
1833AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1a01a50c 1834AC_RUN_IFELSE(
479cece8 1835 [AC_LANG_SOURCE([[
9780116c 1836#include <string.h>
1837#include <openssl/opensslv.h>
aec4cb4f 1838int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
479cece8 1839 ]])],
9780116c 1840 [
1841 AC_MSG_RESULT(yes)
1842 ],
1843 [
1844 AC_MSG_RESULT(no)
e15ba28b 1845 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1846Check config.log for details.
1847Also see contrib/findssl.sh for help identifying header/library mismatches.])
1a01a50c 1848 ],
1849 [
1850 AC_MSG_WARN([cross compiling: not checking])
9780116c 1851 ]
1852)
1853
282d6408 1854AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1855AC_LINK_IFELSE(
1856 [AC_LANG_SOURCE([[
1857#include <openssl/evp.h>
1858int main(void) { SSLeay_add_all_algorithms(); }
1859 ]])],
1860 [
1861 AC_MSG_RESULT(yes)
1862 ],
1863 [
1864 AC_MSG_RESULT(no)
1865 saved_LIBS="$LIBS"
1866 LIBS="$LIBS -ldl"
1867 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1868 AC_LINK_IFELSE(
1869 [AC_LANG_SOURCE([[
1870#include <openssl/evp.h>
1871int main(void) { SSLeay_add_all_algorithms(); }
1872 ]])],
1873 [
1874 AC_MSG_RESULT(yes)
1875 ],
1876 [
1877 AC_MSG_RESULT(no)
1878 LIBS="$saved_LIBS"
1879 ]
1880 )
1881 ]
1882)
1883
c7ad0d99 1884AC_ARG_WITH(ssl-engine,
1885 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1886 [ if test "x$withval" != "xno" ; then
1887 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1888 AC_TRY_COMPILE(
1889 [ #include <openssl/engine.h>],
1890 [
1891int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1892 ],
1893 [ AC_MSG_RESULT(yes)
1894 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1895 [Enable OpenSSL engine support])
1896 ],
1897 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1898 )
1899 fi ]
1900)
1901
e5146707 1902# Check for OpenSSL without EVP_aes_{192,256}_cbc
1903AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
3e05aa50 1904AC_LINK_IFELSE(
e5146707 1905 [AC_LANG_SOURCE([[
1906#include <string.h>
1907#include <openssl/evp.h>
300ea548 1908int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
e5146707 1909 ]])],
1910 [
1911 AC_MSG_RESULT(no)
1912 ],
1913 [
1914 AC_MSG_RESULT(yes)
1915 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1916 [libcrypto is missing AES 192 and 256 bit functions])
1917 ]
1918)
1919
5486a457 1920# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1921# because the system crypt() is more featureful.
1922if test "x$check_for_libcrypt_before" = "x1"; then
1923 AC_CHECK_LIB(crypt, crypt)
1924fi
1925
aff51935 1926# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
8087c5ee 1927# version in OpenSSL.
05114c74 1928if test "x$check_for_libcrypt_later" = "x1"; then
20cad736 1929 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
717057b6 1930fi
1931
13ff27b7 1932# Search for SHA256 support in libc and/or OpenSSL
1933AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1934
4c653d8e 1935AC_CHECK_LIB(iaf, ia_openinfo)
f1b0ecc3 1936
1937### Configure cryptographic random number support
1938
1939# Check wheter OpenSSL seeds itself
1940AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1a01a50c 1941AC_RUN_IFELSE(
479cece8 1942 [AC_LANG_SOURCE([[
f1b0ecc3 1943#include <string.h>
1944#include <openssl/rand.h>
aec4cb4f 1945int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
479cece8 1946 ]])],
f1b0ecc3 1947 [
1948 OPENSSL_SEEDS_ITSELF=yes
1949 AC_MSG_RESULT(yes)
1950 ],
1951 [
1952 AC_MSG_RESULT(no)
1953 # Default to use of the rand helper if OpenSSL doesn't
1954 # seed itself
1955 USE_RAND_HELPER=yes
1a01a50c 1956 ],
1957 [
1958 AC_MSG_WARN([cross compiling: assuming yes])
1959 # This is safe, since all recent OpenSSL versions will
82f4e93d 1960 # complain at runtime if not seeded correctly.
1a01a50c 1961 OPENSSL_SEEDS_ITSELF=yes
f1b0ecc3 1962 ]
1963)
1964
a086f73b 1965# Check for PAM libs
1966PAM_MSG="no"
1967AC_ARG_WITH(pam,
1968 [ --with-pam Enable PAM support ],
1969 [
1970 if test "x$withval" != "xno" ; then
1971 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1972 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1973 AC_MSG_ERROR([PAM headers not found])
1974 fi
1975
1976 saved_LIBS="$LIBS"
1977 AC_CHECK_LIB(dl, dlopen, , )
1978 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1979 AC_CHECK_FUNCS(pam_getenvlist)
1980 AC_CHECK_FUNCS(pam_putenv)
1981 LIBS="$saved_LIBS"
1982
1983 PAM_MSG="yes"
1984
282d6408 1985 LIBPAM="-lpam"
a086f73b 1986 AC_DEFINE(USE_PAM, 1,
1987 [Define if you want to enable PAM support])
282d6408 1988
a086f73b 1989 if test $ac_cv_lib_dl_dlopen = yes; then
282d6408 1990 case "$LIBS" in
1991 *-ldl*)
1992 # libdl already in LIBS
1993 ;;
1994 *)
08164407 1995 LIBPAM="$LIBPAM -ldl"
282d6408 1996 ;;
1997 esac
a086f73b 1998 fi
1999 AC_SUBST(LIBPAM)
2000 fi
2001 ]
2002)
2003
2004# Check for older PAM
2005if test "x$PAM_MSG" = "xyes" ; then
2006 # Check PAM strerror arguments (old PAM)
2007 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2008 AC_TRY_COMPILE(
2009 [
2010#include <stdlib.h>
2011#if defined(HAVE_SECURITY_PAM_APPL_H)
2012#include <security/pam_appl.h>
2013#elif defined (HAVE_PAM_PAM_APPL_H)
2014#include <pam/pam_appl.h>
2015#endif
2016 ],
2017 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2018 [AC_MSG_RESULT(no)],
2019 [
2020 AC_DEFINE(HAVE_OLD_PAM, 1,
2021 [Define if you have an old version of PAM
2022 which takes only one argument to pam_strerror])
2023 AC_MSG_RESULT(yes)
2024 PAM_MSG="yes (old library)"
2025 ]
2026 )
2027fi
f1b0ecc3 2028
2029# Do we want to force the use of the rand helper?
2030AC_ARG_WITH(rand-helper,
2031 [ --with-rand-helper Use subprocess to gather strong randomness ],
2032 [
2033 if test "x$withval" = "xno" ; then
aff51935 2034 # Force use of OpenSSL's internal RNG, even if
f1b0ecc3 2035 # the previous test showed it to be unseeded.
2036 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2037 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2038 OPENSSL_SEEDS_ITSELF=yes
2039 USE_RAND_HELPER=""
2040 fi
2041 else
2042 USE_RAND_HELPER=yes
2043 fi
2044 ],
82f4e93d 2045)
f1b0ecc3 2046
2047# Which randomness source do we use?
4b492aab 2048if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
f1b0ecc3 2049 # OpenSSL only
3466e002 2050 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2051 [Define if you want OpenSSL's internally seeded PRNG only])
f1b0ecc3 2052 RAND_MSG="OpenSSL internal ONLY"
2053 INSTALL_SSH_RAND_HELPER=""
70e2f2f3 2054elif test ! -z "$USE_RAND_HELPER" ; then
2055 # install rand helper
f1b0ecc3 2056 RAND_MSG="ssh-rand-helper"
2057 INSTALL_SSH_RAND_HELPER="yes"
2058fi
2059AC_SUBST(INSTALL_SSH_RAND_HELPER)
2060
2061### Configuration of ssh-rand-helper
2062
2063# PRNGD TCP socket
2064AC_ARG_WITH(prngd-port,
2065 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2066 [
eb5d7ff6 2067 case "$withval" in
2068 no)
2069 withval=""
2070 ;;
2071 [[0-9]]*)
2072 ;;
2073 *)
2074 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2075 ;;
2076 esac
2077 if test ! -z "$withval" ; then
f1b0ecc3 2078 PRNGD_PORT="$withval"
3466e002 2079 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2080 [Port number of PRNGD/EGD random number socket])
f1b0ecc3 2081 fi
2082 ]
2083)
2084
2085# PRNGD Unix domain socket
2086AC_ARG_WITH(prngd-socket,
2087 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2088 [
eb5d7ff6 2089 case "$withval" in
2090 yes)
f1b0ecc3 2091 withval="/var/run/egd-pool"
eb5d7ff6 2092 ;;
2093 no)
2094 withval=""
2095 ;;
2096 /*)
2097 ;;
2098 *)
2099 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2100 ;;
2101 esac
2102
2103 if test ! -z "$withval" ; then
f1b0ecc3 2104 if test ! -z "$PRNGD_PORT" ; then
2105 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2106 fi
906e811b 2107 if test ! -r "$withval" ; then
f1b0ecc3 2108 AC_MSG_WARN(Entropy socket is not readable)
2109 fi
2110 PRNGD_SOCKET="$withval"
3466e002 2111 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2112 [Location of PRNGD/EGD random number socket])
f1b0ecc3 2113 fi
ddceb1c8 2114 ],
2115 [
2116 # Check for existing socket only if we don't have a random device already
2117 if test "$USE_RAND_HELPER" = yes ; then
2118 AC_MSG_CHECKING(for PRNGD/EGD socket)
2119 # Insert other locations here
2120 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2121 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2122 PRNGD_SOCKET="$sock"
2123 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2124 break;
2125 fi
2126 done
2127 if test ! -z "$PRNGD_SOCKET" ; then
2128 AC_MSG_RESULT($PRNGD_SOCKET)
2129 else
2130 AC_MSG_RESULT(not found)
2131 fi
2132 fi
f1b0ecc3 2133 ]
2134)
2135
2136# Change default command timeout for hashing entropy source
2137entropy_timeout=200
2138AC_ARG_WITH(entropy-timeout,
2139 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2140 [
6cf0200f 2141 if test -n "$withval" && test "x$withval" != "xno" && \
2142 test "x${withval}" != "xyes"; then
f1b0ecc3 2143 entropy_timeout=$withval
2144 fi
82f4e93d 2145 ]
f1b0ecc3 2146)
3466e002 2147AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2148 [Builtin PRNG command timeout])
f1b0ecc3 2149
fd3cbf67 2150SSH_PRIVSEP_USER=sshd
9a0fbcb3 2151AC_ARG_WITH(privsep-user,
5222e7ef 2152 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
9a0fbcb3 2153 [
6cf0200f 2154 if test -n "$withval" && test "x$withval" != "xno" && \
2155 test "x${withval}" != "xyes"; then
fd3cbf67 2156 SSH_PRIVSEP_USER=$withval
9a0fbcb3 2157 fi
82f4e93d 2158 ]
9a0fbcb3 2159)
3466e002 2160AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2161 [non-privileged user for privilege separation])
fd3cbf67 2162AC_SUBST(SSH_PRIVSEP_USER)
9a0fbcb3 2163
81dadca3 2164# We do this little dance with the search path to insure
2165# that programs that we select for use by installed programs
2166# (which may be run by the super-user) come from trusted
2167# locations before they come from the user's private area.
2168# This should help avoid accidentally configuring some
2169# random version of a program in someone's personal bin.
2170
2171OPATH=$PATH
2172PATH=/bin:/usr/bin
f95c8ce8 2173test -h /bin 2> /dev/null && PATH=/usr/bin
81dadca3 2174test -d /sbin && PATH=$PATH:/sbin
2175test -d /usr/sbin && PATH=$PATH:/usr/sbin
2176PATH=$PATH:/etc:$OPATH
2177
aff51935 2178# These programs are used by the command hashing source to gather entropy
f1b0ecc3 2179OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2180OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2181OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2182OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2183OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2184OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2185OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2186OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2187OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2188OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2189OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2190OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2191OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2192OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2193OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2194OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
81dadca3 2195# restore PATH
2196PATH=$OPATH
f1b0ecc3 2197
2198# Where does ssh-rand-helper get its randomness from?
2199INSTALL_SSH_PRNG_CMDS=""
2200if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2201 if test ! -z "$PRNGD_PORT" ; then
2202 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2203 elif test ! -z "$PRNGD_SOCKET" ; then
2204 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2205 else
2206 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2207 RAND_HELPER_CMDHASH=yes
2208 INSTALL_SSH_PRNG_CMDS="yes"
2209 fi
2210fi
2211AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2212
2213
66d6c27e 2214# Cheap hack to ensure NEWS-OS libraries are arranged right.
2215if test ! -z "$SONY" ; then
2216 LIBS="$LIBS -liberty";
2217fi
2218
9a406e1e 2219# Check for long long datatypes
2220AC_CHECK_TYPES([long long, unsigned long long, long double])
2221
2222# Check datatype sizes
976f7e19 2223AC_CHECK_SIZEOF(char, 1)
2b942fe0 2224AC_CHECK_SIZEOF(short int, 2)
2225AC_CHECK_SIZEOF(int, 4)
2226AC_CHECK_SIZEOF(long int, 4)
2227AC_CHECK_SIZEOF(long long int, 8)
2228
52f1ccb2 2229# Sanity check long long for some platforms (AIX)
2230if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2231 ac_cv_sizeof_long_long_int=0
2232fi
2233
90f15776 2234# compute LLONG_MIN and LLONG_MAX if we don't know them.
2235if test -z "$have_llong_max"; then
2236 AC_MSG_CHECKING([for max value of long long])
2237 AC_RUN_IFELSE(
2238 [AC_LANG_SOURCE([[
2239#include <stdio.h>
2240/* Why is this so damn hard? */
2241#ifdef __GNUC__
2242# undef __GNUC__
2243#endif
2244#define __USE_ISOC99
2245#include <limits.h>
2246#define DATA "conftest.llminmax"
055252ed 2247#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2248
2249/*
2250 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2251 * we do this the hard way.
2252 */
2253static int
2254fprint_ll(FILE *f, long long n)
2255{
2256 unsigned int i;
2257 int l[sizeof(long long) * 8];
2258
2259 if (n < 0)
2260 if (fprintf(f, "-") < 0)
2261 return -1;
2262 for (i = 0; n != 0; i++) {
2263 l[i] = my_abs(n % 10);
2264 n /= 10;
2265 }
2266 do {
2267 if (fprintf(f, "%d", l[--i]) < 0)
2268 return -1;
2269 } while (i != 0);
2270 if (fprintf(f, " ") < 0)
2271 return -1;
2272 return 0;
2273}
2274
90f15776 2275int main(void) {
2276 FILE *f;
2277 long long i, llmin, llmax = 0;
2278
2279 if((f = fopen(DATA,"w")) == NULL)
2280 exit(1);
2281
2282#if defined(LLONG_MIN) && defined(LLONG_MAX)
2283 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2284 llmin = LLONG_MIN;
2285 llmax = LLONG_MAX;
2286#else
2287 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2288 /* This will work on one's complement and two's complement */
2289 for (i = 1; i > llmax; i <<= 1, i++)
2290 llmax = i;
2291 llmin = llmax + 1LL; /* wrap */
2292#endif
2293
2294 /* Sanity check */
2295 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
055252ed 2296 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2297 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
90f15776 2298 fprintf(f, "unknown unknown\n");
2299 exit(2);
2300 }
2301
055252ed 2302 if (fprint_ll(f, llmin) < 0)
90f15776 2303 exit(3);
055252ed 2304 if (fprint_ll(f, llmax) < 0)
2305 exit(4);
2306 if (fclose(f) < 0)
2307 exit(5);
90f15776 2308 exit(0);
2309}
2310 ]])],
2311 [
2312 llong_min=`$AWK '{print $1}' conftest.llminmax`
2313 llong_max=`$AWK '{print $2}' conftest.llminmax`
2314
90f15776 2315 AC_MSG_RESULT($llong_max)
2316 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2317 [max value of long long calculated by configure])
2318 AC_MSG_CHECKING([for min value of long long])
2319 AC_MSG_RESULT($llong_min)
2320 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2321 [min value of long long calculated by configure])
2322 ],
2323 [
2324 AC_MSG_RESULT(not found)
2325 ],
2326 [
2327 AC_MSG_WARN([cross compiling: not checking])
2328 ]
2329 )
2330fi
2331
2332
a0391976 2333# More checks for data types
14a9a859 2334AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2335 AC_TRY_COMPILE(
aff51935 2336 [ #include <sys/types.h> ],
2337 [ u_int a; a = 1;],
14a9a859 2338 [ ac_cv_have_u_int="yes" ],
2339 [ ac_cv_have_u_int="no" ]
2340 )
2341])
2342if test "x$ac_cv_have_u_int" = "xyes" ; then
3466e002 2343 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
14a9a859 2344 have_u_int=1
2345fi
2346
58d100bf 2347AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2348 AC_TRY_COMPILE(
aff51935 2349 [ #include <sys/types.h> ],
2350 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
58d100bf 2351 [ ac_cv_have_intxx_t="yes" ],
2352 [ ac_cv_have_intxx_t="no" ]
2353 )
2354])
2355if test "x$ac_cv_have_intxx_t" = "xyes" ; then
3466e002 2356 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
58d100bf 2357 have_intxx_t=1
2358fi
41cb4569 2359
2360if (test -z "$have_intxx_t" && \
aff51935 2361 test "x$ac_cv_header_stdint_h" = "xyes")
41cb4569 2362then
2363 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2364 AC_TRY_COMPILE(
aff51935 2365 [ #include <stdint.h> ],
2366 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
41cb4569 2367 [
2368 AC_DEFINE(HAVE_INTXX_T)
2369 AC_MSG_RESULT(yes)
2370 ],
2371 [ AC_MSG_RESULT(no) ]
2372 )
2373fi
2374
bd590612 2375AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2376 AC_TRY_COMPILE(
1cbbe6c8 2377 [
2378#include <sys/types.h>
2379#ifdef HAVE_STDINT_H
2380# include <stdint.h>
2381#endif
2382#include <sys/socket.h>
2383#ifdef HAVE_SYS_BITYPES_H
2384# include <sys/bitypes.h>
2385#endif
aff51935 2386 ],
2387 [ int64_t a; a = 1;],
bd590612 2388 [ ac_cv_have_int64_t="yes" ],
2389 [ ac_cv_have_int64_t="no" ]
2390 )
2391])
2392if test "x$ac_cv_have_int64_t" = "xyes" ; then
3466e002 2393 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
ddceb1c8 2394fi
2395
58d100bf 2396AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2397 AC_TRY_COMPILE(
aff51935 2398 [ #include <sys/types.h> ],
2399 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
58d100bf 2400 [ ac_cv_have_u_intxx_t="yes" ],
2401 [ ac_cv_have_u_intxx_t="no" ]
2402 )
2403])
2404if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
3466e002 2405 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
58d100bf 2406 have_u_intxx_t=1
2407fi
2b942fe0 2408
41cb4569 2409if test -z "$have_u_intxx_t" ; then
2410 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2411 AC_TRY_COMPILE(
aff51935 2412 [ #include <sys/socket.h> ],
2413 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
41cb4569 2414 [
2415 AC_DEFINE(HAVE_U_INTXX_T)
2416 AC_MSG_RESULT(yes)
2417 ],
2418 [ AC_MSG_RESULT(no) ]
2419 )
2420fi
2421
bd590612 2422AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2423 AC_TRY_COMPILE(
aff51935 2424 [ #include <sys/types.h> ],
2425 [ u_int64_t a; a = 1;],
bd590612 2426 [ ac_cv_have_u_int64_t="yes" ],
2427 [ ac_cv_have_u_int64_t="no" ]
2428 )
2429])
2430if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
3466e002 2431 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
bd590612 2432 have_u_int64_t=1
2433fi
2434
ddceb1c8 2435if test -z "$have_u_int64_t" ; then
2436 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2437 AC_TRY_COMPILE(
aff51935 2438 [ #include <sys/bitypes.h> ],
ddceb1c8 2439 [ u_int64_t a; a = 1],
2440 [
2441 AC_DEFINE(HAVE_U_INT64_T)
2442 AC_MSG_RESULT(yes)
2443 ],
2444 [ AC_MSG_RESULT(no) ]
2445 )
2446fi
2447
41cb4569 2448if test -z "$have_u_intxx_t" ; then
2449 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2450 AC_TRY_COMPILE(
2451 [
2452#include <sys/types.h>
aff51935 2453 ],
2454 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
41cb4569 2455 [ ac_cv_have_uintxx_t="yes" ],
2456 [ ac_cv_have_uintxx_t="no" ]
2457 )
2458 ])
2459 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
3466e002 2460 AC_DEFINE(HAVE_UINTXX_T, 1,
2461 [define if you have uintxx_t data type])
41cb4569 2462 fi
2463fi
2464
2465if test -z "$have_uintxx_t" ; then
2466 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2467 AC_TRY_COMPILE(
aff51935 2468 [ #include <stdint.h> ],
2469 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
41cb4569 2470 [
2471 AC_DEFINE(HAVE_UINTXX_T)
2472 AC_MSG_RESULT(yes)
2473 ],
2474 [ AC_MSG_RESULT(no) ]
2475 )
2476fi
2477
e5fe9a1f 2478if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
aff51935 2479 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
5cdfe03f 2480then
2481 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2482 AC_TRY_COMPILE(
58d100bf 2483 [
2484#include <sys/bitypes.h>
aff51935 2485 ],
5cdfe03f 2486 [
837c30b8 2487 int8_t a; int16_t b; int32_t c;
2488 u_int8_t e; u_int16_t f; u_int32_t g;
2489 a = b = c = e = f = g = 1;
aff51935 2490 ],
5cdfe03f 2491 [
2492 AC_DEFINE(HAVE_U_INTXX_T)
2493 AC_DEFINE(HAVE_INTXX_T)
2494 AC_MSG_RESULT(yes)
2495 ],
2496 [AC_MSG_RESULT(no)]
aff51935 2497 )
5cdfe03f 2498fi
2499
0362750e 2500
2501AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2502 AC_TRY_COMPILE(
2503 [
2504#include <sys/types.h>
2505 ],
2506 [ u_char foo; foo = 125; ],
2507 [ ac_cv_have_u_char="yes" ],
2508 [ ac_cv_have_u_char="no" ]
2509 )
2510])
2511if test "x$ac_cv_have_u_char" = "xyes" ; then
3466e002 2512 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
0362750e 2513fi
2514
98a7c37b 2515TYPE_SOCKLEN_T
2b942fe0 2516
2d16d9a3 2517AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
ddceb1c8 2518
777ece68 2519AC_CHECK_TYPES(in_addr_t,,,
2520[#include <sys/types.h>
2521#include <netinet/in.h>])
7b578f7d 2522
58d100bf 2523AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2524 AC_TRY_COMPILE(
2525 [
18ba2aab 2526#include <sys/types.h>
58d100bf 2527 ],
2528 [ size_t foo; foo = 1235; ],
2529 [ ac_cv_have_size_t="yes" ],
2530 [ ac_cv_have_size_t="no" ]
2531 )
2532])
2533if test "x$ac_cv_have_size_t" = "xyes" ; then
3466e002 2534 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
58d100bf 2535fi
ea1970a3 2536
c04f75f1 2537AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2538 AC_TRY_COMPILE(
2539 [
2540#include <sys/types.h>
2541 ],
2542 [ ssize_t foo; foo = 1235; ],
2543 [ ac_cv_have_ssize_t="yes" ],
2544 [ ac_cv_have_ssize_t="no" ]
2545 )
2546])
2547if test "x$ac_cv_have_ssize_t" = "xyes" ; then
3466e002 2548 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
c04f75f1 2549fi
2550
f1c4659d 2551AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2552 AC_TRY_COMPILE(
2553 [
2554#include <time.h>
2555 ],
2556 [ clock_t foo; foo = 1235; ],
2557 [ ac_cv_have_clock_t="yes" ],
2558 [ ac_cv_have_clock_t="no" ]
2559 )
2560])
2561if test "x$ac_cv_have_clock_t" = "xyes" ; then
3466e002 2562 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
f1c4659d 2563fi
2564
1c04b088 2565AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2566 AC_TRY_COMPILE(
2567 [
2568#include <sys/types.h>
2569#include <sys/socket.h>
2570 ],
2571 [ sa_family_t foo; foo = 1235; ],
2572 [ ac_cv_have_sa_family_t="yes" ],
77bb0bca 2573 [ AC_TRY_COMPILE(
2574 [
2575#include <sys/types.h>
2576#include <sys/socket.h>
2577#include <netinet/in.h>
2578 ],
2579 [ sa_family_t foo; foo = 1235; ],
2580 [ ac_cv_have_sa_family_t="yes" ],
2581
1c04b088 2582 [ ac_cv_have_sa_family_t="no" ]
77bb0bca 2583 )]
1c04b088 2584 )
2585])
2586if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
3466e002 2587 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2588 [define if you have sa_family_t data type])
1c04b088 2589fi
2590
729bfe59 2591AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2592 AC_TRY_COMPILE(
2593 [
2594#include <sys/types.h>
2595 ],
2596 [ pid_t foo; foo = 1235; ],
2597 [ ac_cv_have_pid_t="yes" ],
2598 [ ac_cv_have_pid_t="no" ]
2599 )
2600])
2601if test "x$ac_cv_have_pid_t" = "xyes" ; then
3466e002 2602 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
729bfe59 2603fi
2604
2605AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2606 AC_TRY_COMPILE(
2607 [
2608#include <sys/types.h>
2609 ],
2610 [ mode_t foo; foo = 1235; ],
2611 [ ac_cv_have_mode_t="yes" ],
2612 [ ac_cv_have_mode_t="no" ]
2613 )
2614])
2615if test "x$ac_cv_have_mode_t" = "xyes" ; then
3466e002 2616 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
729bfe59 2617fi
2618
e3a93db0 2619
58d100bf 2620AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2621 AC_TRY_COMPILE(
2622 [
18ba2aab 2623#include <sys/types.h>
2624#include <sys/socket.h>
58d100bf 2625 ],
2626 [ struct sockaddr_storage s; ],
2627 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2628 [ ac_cv_have_struct_sockaddr_storage="no" ]
2629 )
2630])
2631if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3466e002 2632 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2633 [define if you have struct sockaddr_storage data type])
58d100bf 2634fi
48e671d5 2635
58d100bf 2636AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2637 AC_TRY_COMPILE(
2638 [
cbd7492e 2639#include <sys/types.h>
58d100bf 2640#include <netinet/in.h>
2641 ],
2642 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2643 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2644 [ ac_cv_have_struct_sockaddr_in6="no" ]
2645 )
2646])
2647if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3466e002 2648 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2649 [define if you have struct sockaddr_in6 data type])
58d100bf 2650fi
48e671d5 2651
58d100bf 2652AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2653 AC_TRY_COMPILE(
2654 [
cbd7492e 2655#include <sys/types.h>
58d100bf 2656#include <netinet/in.h>
2657 ],
2658 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2659 [ ac_cv_have_struct_in6_addr="yes" ],
2660 [ ac_cv_have_struct_in6_addr="no" ]
2661 )
2662])
2663if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3466e002 2664 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2665 [define if you have struct in6_addr data type])
58d100bf 2666fi
48e671d5 2667
58d100bf 2668AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2669 AC_TRY_COMPILE(
2670 [
18ba2aab 2671#include <sys/types.h>
2672#include <sys/socket.h>
2673#include <netdb.h>
58d100bf 2674 ],
2675 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2676 [ ac_cv_have_struct_addrinfo="yes" ],
2677 [ ac_cv_have_struct_addrinfo="no" ]
2678 )
2679])
2680if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3466e002 2681 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2682 [define if you have struct addrinfo data type])
58d100bf 2683fi
2684
89c7e31c 2685AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2686 AC_TRY_COMPILE(
aff51935 2687 [ #include <sys/time.h> ],
2688 [ struct timeval tv; tv.tv_sec = 1;],
89c7e31c 2689 [ ac_cv_have_struct_timeval="yes" ],
2690 [ ac_cv_have_struct_timeval="no" ]
2691 )
2692])
2693if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3466e002 2694 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
89c7e31c 2695 have_struct_timeval=1
2696fi
2697
5271b55c 2698AC_CHECK_TYPES(struct timespec)
2699
85abc74b 2700# We need int64_t or else certian parts of the compile will fail.
4b492aab 2701if test "x$ac_cv_have_int64_t" = "xno" && \
2702 test "x$ac_cv_sizeof_long_int" != "x8" && \
2703 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
85abc74b 2704 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2705 echo "an alternative compiler (I.E., GCC) before continuing."
2706 echo ""
2707 exit 1;
733cf7f4 2708else
2709dnl test snprintf (broken on SCO w/gcc)
1a01a50c 2710 AC_RUN_IFELSE(
479cece8 2711 [AC_LANG_SOURCE([[
733cf7f4 2712#include <stdio.h>
2713#include <string.h>
2714#ifdef HAVE_SNPRINTF
2715main()
2716{
2717 char buf[50];
2718 char expected_out[50];
2719 int mazsize = 50 ;
2720#if (SIZEOF_LONG_INT == 8)
2721 long int num = 0x7fffffffffffffff;
2722#else
763a1a18 2723 long long num = 0x7fffffffffffffffll;
733cf7f4 2724#endif
2725 strcpy(expected_out, "9223372036854775807");
2726 snprintf(buf, mazsize, "%lld", num);
2727 if(strcmp(buf, expected_out) != 0)
aff51935 2728 exit(1);
733cf7f4 2729 exit(0);
2730}
2731#else
2732main() { exit(0); }
2733#endif
479cece8 2734 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
1a01a50c 2735 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
733cf7f4 2736 )
2c523de9 2737fi
2738
77bb0bca 2739dnl Checks for structure members
58d100bf 2740OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2741OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2742OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2743OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2744OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
25422c70 2745OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
58d100bf 2746OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2747OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
daaff4d5 2748OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
58d100bf 2749OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2750OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2751OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2752OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
1d7b9b20 2753OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2754OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2755OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2756OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
98a7c37b 2757
2758AC_CHECK_MEMBERS([struct stat.st_blksize])
ccc45ee0 2759AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2760 [Define if we don't have struct __res_state in resolv.h])],
2761[
2762#include <stdio.h>
2763#if HAVE_SYS_TYPES_H
2764# include <sys/types.h>
2765#endif
2766#include <netinet/in.h>
2767#include <arpa/nameser.h>
2768#include <resolv.h>
2769])
1d7b9b20 2770
58d100bf 2771AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2772 ac_cv_have_ss_family_in_struct_ss, [
2773 AC_TRY_COMPILE(
2774 [
18ba2aab 2775#include <sys/types.h>
2776#include <sys/socket.h>
58d100bf 2777 ],
2778 [ struct sockaddr_storage s; s.ss_family = 1; ],
2779 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2780 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2781 )
2782])
2783if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3466e002 2784 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
58d100bf 2785fi
2786
58d100bf 2787AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2788 ac_cv_have___ss_family_in_struct_ss, [
2789 AC_TRY_COMPILE(
2790 [
18ba2aab 2791#include <sys/types.h>
2792#include <sys/socket.h>
58d100bf 2793 ],
2794 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2795 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2796 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2797 )
2798])
2799if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3466e002 2800 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2801 [Fields in struct sockaddr_storage])
58d100bf 2802fi
2803
2e73a022 2804AC_CACHE_CHECK([for pw_class field in struct passwd],
2805 ac_cv_have_pw_class_in_struct_passwd, [
2806 AC_TRY_COMPILE(
2807 [
2e73a022 2808#include <pwd.h>
2809 ],
97994d32 2810 [ struct passwd p; p.pw_class = 0; ],
2e73a022 2811 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2812 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2813 )
2814])
2815if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3466e002 2816 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2817 [Define if your password has a pw_class field])
2e73a022 2818fi
2819
7751d4eb 2820AC_CACHE_CHECK([for pw_expire field in struct passwd],
2821 ac_cv_have_pw_expire_in_struct_passwd, [
2822 AC_TRY_COMPILE(
2823 [
2824#include <pwd.h>
2825 ],
2826 [ struct passwd p; p.pw_expire = 0; ],
2827 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2828 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2829 )
2830])
2831if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3466e002 2832 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2833 [Define if your password has a pw_expire field])
7751d4eb 2834fi
2835
2836AC_CACHE_CHECK([for pw_change field in struct passwd],
2837 ac_cv_have_pw_change_in_struct_passwd, [
2838 AC_TRY_COMPILE(
2839 [
2840#include <pwd.h>
2841 ],
2842 [ struct passwd p; p.pw_change = 0; ],
2843 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2844 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2845 )
2846])
2847if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3466e002 2848 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2849 [Define if your password has a pw_change field])
7751d4eb 2850fi
58d100bf 2851
637f9177 2852dnl make sure we're using the real structure members and not defines
6f34652e 2853AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2854 ac_cv_have_accrights_in_msghdr, [
1a01a50c 2855 AC_COMPILE_IFELSE(
6f34652e 2856 [
f95c8ce8 2857#include <sys/types.h>
6f34652e 2858#include <sys/socket.h>
2859#include <sys/uio.h>
637f9177 2860int main() {
2861#ifdef msg_accrights
1a01a50c 2862#error "msg_accrights is a macro"
637f9177 2863exit(1);
2864#endif
2865struct msghdr m;
2866m.msg_accrights = 0;
2867exit(0);
2868}
6f34652e 2869 ],
6f34652e 2870 [ ac_cv_have_accrights_in_msghdr="yes" ],
2871 [ ac_cv_have_accrights_in_msghdr="no" ]
2872 )
2873])
2874if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3466e002 2875 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2876 [Define if your system uses access rights style
2877 file descriptor passing])
6f34652e 2878fi
2879
7176df4f 2880AC_CACHE_CHECK([for msg_control field in struct msghdr],
2881 ac_cv_have_control_in_msghdr, [
1a01a50c 2882 AC_COMPILE_IFELSE(
7176df4f 2883 [
f95c8ce8 2884#include <sys/types.h>
7176df4f 2885#include <sys/socket.h>
2886#include <sys/uio.h>
637f9177 2887int main() {
2888#ifdef msg_control
1a01a50c 2889#error "msg_control is a macro"
637f9177 2890exit(1);
2891#endif
2892struct msghdr m;
2893m.msg_control = 0;
2894exit(0);
2895}
7176df4f 2896 ],
7176df4f 2897 [ ac_cv_have_control_in_msghdr="yes" ],
2898 [ ac_cv_have_control_in_msghdr="no" ]
2899 )
2900])
2901if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3466e002 2902 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2903 [Define if your system uses ancillary data style
2904 file descriptor passing])
7176df4f 2905fi
2906
58d100bf 2907AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
aff51935 2908 AC_TRY_LINK([],
2909 [ extern char *__progname; printf("%s", __progname); ],
58d100bf 2910 [ ac_cv_libc_defines___progname="yes" ],
2911 [ ac_cv_libc_defines___progname="no" ]
2912 )
2913])
2914if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3466e002 2915 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
58d100bf 2916fi
8946db53 2917
c921ee00 2918AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2919 AC_TRY_LINK([
2920#include <stdio.h>
aff51935 2921],
2922 [ printf("%s", __FUNCTION__); ],
c921ee00 2923 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2924 [ ac_cv_cc_implements___FUNCTION__="no" ]
2925 )
2926])
2927if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3466e002 2928 AC_DEFINE(HAVE___FUNCTION__, 1,
2929 [Define if compiler implements __FUNCTION__])
c921ee00 2930fi
2931
2932AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2933 AC_TRY_LINK([
2934#include <stdio.h>
aff51935 2935],
2936 [ printf("%s", __func__); ],
c921ee00 2937 [ ac_cv_cc_implements___func__="yes" ],
2938 [ ac_cv_cc_implements___func__="no" ]
2939 )
2940])
2941if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3466e002 2942 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
c921ee00 2943fi
2944
9a406e1e 2945AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2946 AC_TRY_LINK(
2947 [#include <stdarg.h>
2948 va_list x,y;],
2949 [va_copy(x,y);],
2950 [ ac_cv_have_va_copy="yes" ],
2951 [ ac_cv_have_va_copy="no" ]
2952 )
2953])
2954if test "x$ac_cv_have_va_copy" = "xyes" ; then
2955 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2956fi
2957
2958AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2959 AC_TRY_LINK(
2960 [#include <stdarg.h>
2961 va_list x,y;],
2962 [__va_copy(x,y);],
2963 [ ac_cv_have___va_copy="yes" ],
2964 [ ac_cv_have___va_copy="no" ]
2965 )
2966])
2967if test "x$ac_cv_have___va_copy" = "xyes" ; then
2968 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2969fi
2970
1812a662 2971AC_CACHE_CHECK([whether getopt has optreset support],
2972 ac_cv_have_getopt_optreset, [
2973 AC_TRY_LINK(
2974 [
2975#include <getopt.h>
2976 ],
2977 [ extern int optreset; optreset = 0; ],
2978 [ ac_cv_have_getopt_optreset="yes" ],
2979 [ ac_cv_have_getopt_optreset="no" ]
2980 )
2981])
2982if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3466e002 2983 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2984 [Define if your getopt(3) defines and uses optreset])
1812a662 2985fi
a0391976 2986
819b676f 2987AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
aff51935 2988 AC_TRY_LINK([],
2989 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
819b676f 2990 [ ac_cv_libc_defines_sys_errlist="yes" ],
2991 [ ac_cv_libc_defines_sys_errlist="no" ]
2992 )
2993])
2994if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3466e002 2995 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2996 [Define if your system defines sys_errlist[]])
819b676f 2997fi
2998
2999
416ed5a7 3000AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
aff51935 3001 AC_TRY_LINK([],
3002 [ extern int sys_nerr; printf("%i", sys_nerr);],
416ed5a7 3003 [ ac_cv_libc_defines_sys_nerr="yes" ],
3004 [ ac_cv_libc_defines_sys_nerr="no" ]
3005 )
3006])
3007if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3466e002 3008 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
416ed5a7 3009fi
3010
aff51935 3011SCARD_MSG="no"
295c8801 3012# Check whether user wants sectok support
3013AC_ARG_WITH(sectok,
3014 [ --with-sectok Enable smartcard support using libsectok],
d0b19c95 3015 [
3016 if test "x$withval" != "xno" ; then
3017 if test "x$withval" != "xyes" ; then
3018 CPPFLAGS="$CPPFLAGS -I${withval}"
3019 LDFLAGS="$LDFLAGS -L${withval}"
3020 if test ! -z "$need_dash_r" ; then
3021 LDFLAGS="$LDFLAGS -R${withval}"
3022 fi
3023 if test ! -z "$blibpath" ; then
3024 blibpath="$blibpath:${withval}"
3025 fi
3026 fi
3027 AC_CHECK_HEADERS(sectok.h)
3028 if test "$ac_cv_header_sectok_h" != yes; then
3029 AC_MSG_ERROR(Can't find sectok.h)
3030 fi
3031 AC_CHECK_LIB(sectok, sectok_open)
3032 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3033 AC_MSG_ERROR(Can't find libsectok)
3034 fi
3466e002 3035 AC_DEFINE(SMARTCARD, 1,
3036 [Define if you want smartcard support])
3037 AC_DEFINE(USE_SECTOK, 1,
3038 [Define if you want smartcard support
3039 using sectok])
aff51935 3040 SCARD_MSG="yes, using sectok"
295c8801 3041 fi
3042 ]
3043)
3044
3045# Check whether user wants OpenSC support
987b458f 3046OPENSC_CONFIG="no"
295c8801 3047AC_ARG_WITH(opensc,
e47fb473 3048 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
987b458f 3049 [
3050 if test "x$withval" != "xno" ; then
3051 if test "x$withval" != "xyes" ; then
3052 OPENSC_CONFIG=$withval/bin/opensc-config
3053 else
3054 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3055 fi
3056 if test "$OPENSC_CONFIG" != "no"; then
3057 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3058 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3059 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3060 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
3061 AC_DEFINE(SMARTCARD)
3466e002 3062 AC_DEFINE(USE_OPENSC, 1,
3063 [Define if you want smartcard support
3064 using OpenSC])
987b458f 3065 SCARD_MSG="yes, using OpenSC"
3066 fi
3067 fi
3068 ]
3069)
d0b19c95 3070
c31dc31c 3071# Check libraries needed by DNS fingerprint support
aff51935 3072AC_SEARCH_LIBS(getrrsetbyname, resolv,
3466e002 3073 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3074 [Define if getrrsetbyname() exists])],
3e05e934 3075 [
c31dc31c 3076 # Needed by our getrrsetbyname()
3077 AC_SEARCH_LIBS(res_query, resolv)
3078 AC_SEARCH_LIBS(dn_expand, resolv)
dabb524a 3079 AC_MSG_CHECKING(if res_query will link)
3080 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3081 [AC_MSG_RESULT(no)
3082 saved_LIBS="$LIBS"
3083 LIBS="$LIBS -lresolv"
3084 AC_MSG_CHECKING(for res_query in -lresolv)
3085 AC_LINK_IFELSE([
3086#include <resolv.h>
3087int main()
3088{
3089 res_query (0, 0, 0, 0, 0);
3090 return 0;
3091}
3092 ],
3093 [LIBS="$LIBS -lresolv"
3094 AC_MSG_RESULT(yes)],
3095 [LIBS="$saved_LIBS"
3096 AC_MSG_RESULT(no)])
3097 ])
c31dc31c 3098 AC_CHECK_FUNCS(_getshort _getlong)
1c829da5 3099 AC_CHECK_DECLS([_getshort, _getlong], , ,
b5765e1d 3100 [#include <sys/types.h>
3101 #include <arpa/nameser.h>])
c31dc31c 3102 AC_CHECK_MEMBER(HEADER.ad,
3466e002 3103 [AC_DEFINE(HAVE_HEADER_AD, 1,
3104 [Define if HEADER.ad exists in arpa/nameser.h])],,
c31dc31c 3105 [#include <arpa/nameser.h>])
3106 ])
3e05e934 3107
ef4d1846 3108# Check whether user wants SELinux support
3109SELINUX_MSG="no"
3110LIBSELINUX=""
3111AC_ARG_WITH(selinux,
3112 [ --with-selinux Enable SELinux support],
3113 [ if test "x$withval" != "xno" ; then
3114 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3115 SELINUX_MSG="yes"
3116 AC_CHECK_HEADER([selinux/selinux.h], ,
3117 AC_MSG_ERROR(SELinux support requires selinux.h header))
3118 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3119 AC_MSG_ERROR(SELinux support requires libselinux library))
3120 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3121 fi ]
3122)
3123AC_SUBST(LIBSELINUX)
3124
12928e80 3125# Check whether user wants Kerberos 5 support
aff51935 3126KRB5_MSG="no"
12928e80 3127AC_ARG_WITH(kerberos5,
aff51935 3128 [ --with-kerberos5=PATH Enable Kerberos 5 support],
5585c441 3129 [ if test "x$withval" != "xno" ; then
3130 if test "x$withval" = "xyes" ; then
3131 KRB5ROOT="/usr/local"
3132 else
3133 KRB5ROOT=${withval}
3134 fi
3135
3466e002 3136 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
5585c441 3137 KRB5_MSG="yes"
3138
3139 AC_MSG_CHECKING(for krb5-config)
3140 if test -x $KRB5ROOT/bin/krb5-config ; then
3141 KRB5CONF=$KRB5ROOT/bin/krb5-config
3142 AC_MSG_RESULT($KRB5CONF)
3143
3144 AC_MSG_CHECKING(for gssapi support)
3145 if $KRB5CONF | grep gssapi >/dev/null ; then
3146 AC_MSG_RESULT(yes)
3466e002 3147 AC_DEFINE(GSSAPI, 1,
3148 [Define this if you want GSSAPI
3149 support in the version 2 protocol])
071970fb 3150 k5confopts=gssapi
aff51935 3151 else
5585c441 3152 AC_MSG_RESULT(no)
071970fb 3153 k5confopts=""
aff51935 3154 fi
071970fb 3155 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3156 K5LIBS="`$KRB5CONF --libs $k5confopts`"
5585c441 3157 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
5585c441 3158 AC_MSG_CHECKING(whether we are using Heimdal)
3159 AC_TRY_COMPILE([ #include <krb5.h> ],
3160 [ char *tmp = heimdal_version; ],
3161 [ AC_MSG_RESULT(yes)
3466e002 3162 AC_DEFINE(HEIMDAL, 1,
3163 [Define this if you are using the
3164 Heimdal version of Kerberos V5]) ],
5585c441 3165 AC_MSG_RESULT(no)
3166 )
3167 else
3168 AC_MSG_RESULT(no)
12928e80 3169 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
aff51935 3170 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
aff51935 3171 AC_MSG_CHECKING(whether we are using Heimdal)
3172 AC_TRY_COMPILE([ #include <krb5.h> ],
3173 [ char *tmp = heimdal_version; ],
3174 [ AC_MSG_RESULT(yes)
3175 AC_DEFINE(HEIMDAL)
41707f74 3176 K5LIBS="-lkrb5 -ldes"
3177 K5LIBS="$K5LIBS -lcom_err -lasn1"
82f4e93d 3178 AC_CHECK_LIB(roken, net_write,
41707f74 3179 [K5LIBS="$K5LIBS -lroken"])
aff51935 3180 ],
3181 [ AC_MSG_RESULT(no)
3182 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3183 ]
3184 )
4e00038c 3185 AC_SEARCH_LIBS(dn_expand, resolv)
12928e80 3186
749560dd 3187 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3188 [ AC_DEFINE(GSSAPI)
3189 K5LIBS="-lgssapi $K5LIBS" ],
3190 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3191 [ AC_DEFINE(GSSAPI)
aff51935 3192 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
749560dd 3193 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3194 $K5LIBS)
3195 ],
3196 $K5LIBS)
82f4e93d 3197
749560dd 3198 AC_CHECK_HEADER(gssapi.h, ,
3199 [ unset ac_cv_header_gssapi_h
aff51935 3200 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
749560dd 3201 AC_CHECK_HEADERS(gssapi.h, ,
3202 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
aff51935 3203 )
749560dd 3204 ]
3205 )
3206
3207 oldCPP="$CPPFLAGS"
3208 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3209 AC_CHECK_HEADER(gssapi_krb5.h, ,
3210 [ CPPFLAGS="$oldCPP" ])
3211
aff51935 3212 fi
5585c441 3213 if test ! -z "$need_dash_r" ; then
3214 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3215 fi
3216 if test ! -z "$blibpath" ; then
3217 blibpath="$blibpath:${KRB5ROOT}/lib"
3218 fi
071970fb 3219
f5555364 3220 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3221 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3222 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
071970fb 3223
f5555364 3224 LIBS="$LIBS $K5LIBS"
3466e002 3225 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3226 [Define this if you want to use libkafs' AFS support]))
f5555364 3227 fi
071970fb 3228 ]
12928e80 3229)
b5b68128 3230
a0391976 3231# Looking for programs, paths and files
a0391976 3232
ecac8ee5 3233PRIVSEP_PATH=/var/empty
3234AC_ARG_WITH(privsep-path,
cda1ebcb 3235 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
ecac8ee5 3236 [
6cf0200f 3237 if test -n "$withval" && test "x$withval" != "xno" && \
3238 test "x${withval}" != "xyes"; then
ecac8ee5 3239 PRIVSEP_PATH=$withval
3240 fi
3241 ]
3242)
3243AC_SUBST(PRIVSEP_PATH)
3244
a0391976 3245AC_ARG_WITH(xauth,
3246 [ --with-xauth=PATH Specify path to xauth program ],
3247 [
6cf0200f 3248 if test -n "$withval" && test "x$withval" != "xno" && \
3249 test "x${withval}" != "xyes"; then
cbd7492e 3250 xauth_path=$withval
a0391976 3251 fi
3252 ],
3253 [
2bf42e4a 3254 TestPath="$PATH"
3255 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3256 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3257 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3258 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3259 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
e5fe9a1f 3260 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
a0391976 3261 xauth_path="/usr/openwin/bin/xauth"
3262 fi
3263 ]
3264)
3265
65a4b4af 3266STRIP_OPT=-s
3267AC_ARG_ENABLE(strip,
3268 [ --disable-strip Disable calling strip(1) on install],
3269 [
3270 if test "x$enableval" = "xno" ; then
3271 STRIP_OPT=
3272 fi
3273 ]
3274)
3275AC_SUBST(STRIP_OPT)
3276
b3ec54b4 3277if test -z "$xauth_path" ; then
3278 XAUTH_PATH="undefined"
3279 AC_SUBST(XAUTH_PATH)
3280else
3466e002 3281 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3282 [Define if xauth is found in your path])
b3ec54b4 3283 XAUTH_PATH=$xauth_path
3284 AC_SUBST(XAUTH_PATH)
a0391976 3285fi
a0391976 3286
3287# Check for mail directory (last resort if we cannot get it from headers)
3288if test ! -z "$MAIL" ; then
3289 maildir=`dirname $MAIL`
3466e002 3290 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3291 [Set this to your mail directory if you don't have maillock.h])
a0391976 3292fi
3293
479cece8 3294if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
1a01a50c 3295 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3296 disable_ptmx_check=yes
3297fi
a0391976 3298if test -z "$no_dev_ptmx" ; then
6e879cb4 3299 if test "x$disable_ptmx_check" != "xyes" ; then
aff51935 3300 AC_CHECK_FILE("/dev/ptmx",
6e879cb4 3301 [
3466e002 3302 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3303 [Define if you have /dev/ptmx])
6e879cb4 3304 have_dev_ptmx=1
3305 ]
3306 )
3307 fi
3276571c 3308fi
1a01a50c 3309
479cece8 3310if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
1a01a50c 3311 AC_CHECK_FILE("/dev/ptc",
3312 [
3466e002 3313 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3314 [Define if you have /dev/ptc])
1a01a50c 3315 have_dev_ptc=1
3316 ]
3317 )
3318else
3319 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3320fi
3276571c 3321
a0391976 3322# Options from here on. Some of these are preset by platform above
fdf6b7aa 3323AC_ARG_WITH(mantype,
5d97cfbf 3324 [ --with-mantype=man|cat|doc Set man page type],
c54a6257 3325 [
5d97cfbf 3326 case "$withval" in
3327 man|cat|doc)
3328 MANTYPE=$withval
3329 ;;
3330 *)
3331 AC_MSG_ERROR(invalid man type: $withval)
3332 ;;
3333 esac
c54a6257 3334 ]
3335)
e0c4d3ac 3336if test -z "$MANTYPE"; then
2bf42e4a 3337 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3338 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
e0c4d3ac 3339 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3340 MANTYPE=doc
3341 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3342 MANTYPE=man
3343 else
3344 MANTYPE=cat
3345 fi
3346fi
c54a6257 3347AC_SUBST(MANTYPE)
e0c4d3ac 3348if test "$MANTYPE" = "doc"; then
3349 mansubdir=man;
3350else
3351 mansubdir=$MANTYPE;
3352fi
3353AC_SUBST(mansubdir)
0bc5b6fb 3354
a0391976 3355# Check whether to enable MD5 passwords
aff51935 3356MD5_MSG="no"
2ddcfdf3 3357AC_ARG_WITH(md5-passwords,
caf3bc51 3358 [ --with-md5-passwords Enable use of MD5 passwords],
0bc5b6fb 3359 [
bcf36c78 3360 if test "x$withval" != "xno" ; then
3466e002 3361 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3362 [Define if you want to allow MD5 passwords])
aff51935 3363 MD5_MSG="yes"
0bc5b6fb 3364 fi
3365 ]
caf3bc51 3366)
3367
a0391976 3368# Whether to disable shadow password support
a7effaac 3369AC_ARG_WITH(shadow,
3370 [ --without-shadow Disable shadow password support],
3371 [
82f4e93d 3372 if test "x$withval" = "xno" ; then
a7effaac 3373 AC_DEFINE(DISABLE_SHADOW)
4cb5ffa0 3374 disable_shadow=yes
a7effaac 3375 fi
3376 ]
3377)
3378
4cb5ffa0 3379if test -z "$disable_shadow" ; then
3380 AC_MSG_CHECKING([if the systems has expire shadow information])
3381 AC_TRY_COMPILE(
3382 [
3383#include <sys/types.h>
3384#include <shadow.h>
3385 struct spwd sp;
3386 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3387 [ sp_expire_available=yes ], []
3388 )
3389
3390 if test "x$sp_expire_available" = "xyes" ; then
3391 AC_MSG_RESULT(yes)
3466e002 3392 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3393 [Define if you want to use shadow password expire field])
4cb5ffa0 3394 else
3395 AC_MSG_RESULT(no)
3396 fi
3397fi
3398
a0391976 3399# Use ip address instead of hostname in $DISPLAY
44839801 3400if test ! -z "$IPADDR_IN_DISPLAY" ; then
3401 DISPLAY_HACK_MSG="yes"
3466e002 3402 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3403 [Define if you need to use IP address
3404 instead of hostname in $DISPLAY])
44839801 3405else
aff51935 3406 DISPLAY_HACK_MSG="no"
44839801 3407 AC_ARG_WITH(ipaddr-display,
3408 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3409 [
82f4e93d 3410 if test "x$withval" != "xno" ; then
44839801 3411 AC_DEFINE(IPADDR_IN_DISPLAY)
aff51935 3412 DISPLAY_HACK_MSG="yes"
44839801 3413 fi
3414 ]
3415 )
3416fi
a7effaac 3417
95b99395 3418# check for /etc/default/login and use it if present.
daa41e62 3419AC_ARG_ENABLE(etc-default-login,
6ff3d0dc 3420 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
694d0cef 3421 [ if test "x$enableval" = "xno"; then
3422 AC_MSG_NOTICE([/etc/default/login handling disabled])
3423 etc_default_login=no
3424 else
3425 etc_default_login=yes
3426 fi ],
b0e7249f 3427 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3428 then
3429 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3430 etc_default_login=no
3431 else
3432 etc_default_login=yes
3433 fi ]
694d0cef 3434)
95b99395 3435
694d0cef 3436if test "x$etc_default_login" != "xno"; then
3437 AC_CHECK_FILE("/etc/default/login",
3438 [ external_path_file=/etc/default/login ])
b0e7249f 3439 if test "x$external_path_file" = "x/etc/default/login"; then
3466e002 3440 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3441 [Define if your system has /etc/default/login])
1a01a50c 3442 fi
694d0cef 3443fi
95b99395 3444
8d184c09 3445dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
4b492aab 3446if test $ac_cv_func_login_getcapbool = "yes" && \
3447 test $ac_cv_header_login_cap_h = "yes" ; then
95b99395 3448 external_path_file=/etc/login.conf
8d184c09 3449fi
95b99395 3450
a0391976 3451# Whether to mess with the default path
aff51935 3452SERVER_PATH_MSG="(default)"
c43d69a9 3453AC_ARG_WITH(default-path,
75817f90 3454 [ --with-default-path= Specify default \$PATH environment for server],
cb807f40 3455 [
95b99395 3456 if test "x$external_path_file" = "x/etc/login.conf" ; then
8d184c09 3457 AC_MSG_WARN([
3458--with-default-path=PATH has no effect on this system.
3459Edit /etc/login.conf instead.])
82f4e93d 3460 elif test "x$withval" != "xno" ; then
89bbd457 3461 if test ! -z "$external_path_file" ; then
95b99395 3462 AC_MSG_WARN([
3463--with-default-path=PATH will only be used if PATH is not defined in
3464$external_path_file .])
3465 fi
b2d818e6 3466 user_path="$withval"
aff51935 3467 SERVER_PATH_MSG="$withval"
cb807f40 3468 fi
b2d818e6 3469 ],
95b99395 3470 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3471 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
8d184c09 3472 else
89bbd457 3473 if test ! -z "$external_path_file" ; then
95b99395 3474 AC_MSG_WARN([
3475If PATH is defined in $external_path_file, ensure the path to scp is included,
3476otherwise scp will not work.])
3477 fi
b0e7249f 3478 AC_RUN_IFELSE(
3479 [AC_LANG_SOURCE([[
b2d818e6 3480/* find out what STDPATH is */
3481#include <stdio.h>
b2d818e6 3482#ifdef HAVE_PATHS_H
3483# include <paths.h>
3484#endif
3485#ifndef _PATH_STDPATH
d9a4e55b 3486# ifdef _PATH_USERPATH /* Irix */
3487# define _PATH_STDPATH _PATH_USERPATH
3488# else
3489# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3490# endif
b2d818e6 3491#endif
3492#include <sys/types.h>
3493#include <sys/stat.h>
3494#include <fcntl.h>
3495#define DATA "conftest.stdpath"
3496
3497main()
3498{
3499 FILE *fd;
3500 int rc;
82f4e93d 3501
b2d818e6 3502 fd = fopen(DATA,"w");
3503 if(fd == NULL)
3504 exit(1);
82f4e93d 3505
b2d818e6 3506 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3507 exit(1);
3508
3509 exit(0);
3510}
b0e7249f 3511 ]])],
3512 [ user_path=`cat conftest.stdpath` ],
b2d818e6 3513 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3514 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3515 )
3516# make sure $bindir is in USER_PATH so scp will work
3517 t_bindir=`eval echo ${bindir}`
3518 case $t_bindir in
3519 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3520 esac
3521 case $t_bindir in
3522 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3523 esac
3524 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3525 if test $? -ne 0 ; then
3526 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3527 if test $? -ne 0 ; then
3528 user_path=$user_path:$t_bindir
3529 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3530 fi
3531 fi
8d184c09 3532 fi ]
cb807f40 3533)
95b99395 3534if test "x$external_path_file" != "x/etc/login.conf" ; then
3466e002 3535 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
8d184c09 3536 AC_SUBST(user_path)
3537fi
cb807f40 3538
06617857 3539# Set superuser path separately to user path
06617857 3540AC_ARG_WITH(superuser-path,
3541 [ --with-superuser-path= Specify different path for super-user],
3542 [
6cf0200f 3543 if test -n "$withval" && test "x$withval" != "xno" && \
3544 test "x${withval}" != "xyes"; then
3466e002 3545 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3546 [Define if you want a different $PATH
3547 for the superuser])
06617857 3548 superuser_path=$withval
3549 fi
3550 ]
3551)
3552
3553
58d100bf 3554AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
aff51935 3555IPV4_IN6_HACK_MSG="no"
80faa19f 3556AC_ARG_WITH(4in6,
3557 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3558 [
3559 if test "x$withval" != "xno" ; then
3560 AC_MSG_RESULT(yes)
3466e002 3561 AC_DEFINE(IPV4_IN_IPV6, 1,
3562 [Detect IPv4 in IPv6 mapped addresses
3563 and treat as IPv4])
aff51935 3564 IPV4_IN6_HACK_MSG="yes"
80faa19f 3565 else
3566 AC_MSG_RESULT(no)
3567 fi
3568 ],[
3569 if test "x$inet6_default_4in6" = "xyes"; then
3570 AC_MSG_RESULT([yes (default)])
3571 AC_DEFINE(IPV4_IN_IPV6)
aff51935 3572 IPV4_IN6_HACK_MSG="yes"
80faa19f 3573 else
3574 AC_MSG_RESULT([no (default)])
3575 fi
3576 ]
3577)
3578
af774732 3579# Whether to enable BSD auth support
f1b0ecc3 3580BSD_AUTH_MSG=no
af774732 3581AC_ARG_WITH(bsd-auth,
3582 [ --with-bsd-auth Enable BSD auth support],
3583 [
82f4e93d 3584 if test "x$withval" != "xno" ; then
3466e002 3585 AC_DEFINE(BSD_AUTH, 1,
3586 [Define if you have BSD auth support])
f1b0ecc3 3587 BSD_AUTH_MSG=yes
af774732 3588 fi
3589 ]
3590)
3591
a0391976 3592# Where to place sshd.pid
19d9ac2a 3593piddir=/var/run
81dadca3 3594# make sure the directory exists
82f4e93d 3595if test ! -d $piddir ; then
81dadca3 3596 piddir=`eval echo ${sysconfdir}`
3597 case $piddir in
aff51935 3598 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
81dadca3 3599 esac
3600fi
3601
47e45e44 3602AC_ARG_WITH(pid-dir,
3603 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3604 [
6cf0200f 3605 if test -n "$withval" && test "x$withval" != "xno" && \
3606 test "x${withval}" != "xyes"; then
19d9ac2a 3607 piddir=$withval
82f4e93d 3608 if test ! -d $piddir ; then
81dadca3 3609 AC_MSG_WARN([** no $piddir directory on this system **])
3610 fi
47e45e44 3611 fi
3612 ]
3613)
b7a87eea 3614
3466e002 3615AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
19d9ac2a 3616AC_SUBST(piddir)
47e45e44 3617
1d7b9b20 3618dnl allow user to disable some login recording features
3619AC_ARG_ENABLE(lastlog,
bfd550a2 3620 [ --disable-lastlog disable use of lastlog even if detected [no]],
ddb154b3 3621 [
3622 if test "x$enableval" = "xno" ; then
3623 AC_DEFINE(DISABLE_LASTLOG)
3624 fi
3625 ]
1d7b9b20 3626)
3627AC_ARG_ENABLE(utmp,
bfd550a2 3628 [ --disable-utmp disable use of utmp even if detected [no]],
ddb154b3 3629 [
3630 if test "x$enableval" = "xno" ; then
3631 AC_DEFINE(DISABLE_UTMP)
3632 fi
3633 ]
1d7b9b20 3634)
3635AC_ARG_ENABLE(utmpx,
bfd550a2 3636 [ --disable-utmpx disable use of utmpx even if detected [no]],
ddb154b3 3637 [
3638 if test "x$enableval" = "xno" ; then
3466e002 3639 AC_DEFINE(DISABLE_UTMPX, 1,
3640 [Define if you don't want to use utmpx])
ddb154b3 3641 fi
3642 ]
1d7b9b20 3643)
3644AC_ARG_ENABLE(wtmp,
bfd550a2 3645 [ --disable-wtmp disable use of wtmp even if detected [no]],
ddb154b3 3646 [
3647 if test "x$enableval" = "xno" ; then
3648 AC_DEFINE(DISABLE_WTMP)
3649 fi
3650 ]
1d7b9b20 3651)
3652AC_ARG_ENABLE(wtmpx,
bfd550a2 3653 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
ddb154b3 3654 [
3655 if test "x$enableval" = "xno" ; then
3466e002 3656 AC_DEFINE(DISABLE_WTMPX, 1,
3657 [Define if you don't want to use wtmpx])
ddb154b3 3658 fi
3659 ]
1d7b9b20 3660)
3661AC_ARG_ENABLE(libutil,
bfd550a2 3662 [ --disable-libutil disable use of libutil (login() etc.) [no]],
ddb154b3 3663 [
3664 if test "x$enableval" = "xno" ; then
3665 AC_DEFINE(DISABLE_LOGIN)
3666 fi
3667 ]
1d7b9b20 3668)
3669AC_ARG_ENABLE(pututline,
bfd550a2 3670 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
ddb154b3 3671 [
3672 if test "x$enableval" = "xno" ; then
3466e002 3673 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3674 [Define if you don't want to use pututline()
3675 etc. to write [uw]tmp])
ddb154b3 3676 fi
3677 ]
1d7b9b20 3678)
3679AC_ARG_ENABLE(pututxline,
bfd550a2 3680 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
ddb154b3 3681 [
3682 if test "x$enableval" = "xno" ; then
3466e002 3683 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3684 [Define if you don't want to use pututxline()
3685 etc. to write [uw]tmpx])
ddb154b3 3686 fi
3687 ]
1d7b9b20 3688)
3689AC_ARG_WITH(lastlog,
bfd550a2 3690 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
8c89dd2b 3691 [
82f4e93d 3692 if test "x$withval" = "xno" ; then
8c89dd2b 3693 AC_DEFINE(DISABLE_LASTLOG)
6cf0200f 3694 elif test -n "$withval" && test "x${withval}" != "xyes"; then
8c89dd2b 3695 conf_lastlog_location=$withval
3696 fi
3697 ]
3698)
1d7b9b20 3699
3700dnl lastlog, [uw]tmpx? detection
3701dnl NOTE: set the paths in the platform section to avoid the
3702dnl need for command-line parameters
3703dnl lastlog and [uw]tmp are subject to a file search if all else fails
3704
3705dnl lastlog detection
3706dnl NOTE: the code itself will detect if lastlog is a directory
3707AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3708AC_TRY_COMPILE([
3709#include <sys/types.h>
3710#include <utmp.h>
3711#ifdef HAVE_LASTLOG_H
3712# include <lastlog.h>
3713#endif
d7c0f3d5 3714#ifdef HAVE_PATHS_H
1d7b9b20 3715# include <paths.h>
41cb4569 3716#endif
3717#ifdef HAVE_LOGIN_H
3718# include <login.h>
1d7b9b20 3719#endif
3720 ],
3721 [ char *lastlog = LASTLOG_FILE; ],
3722 [ AC_MSG_RESULT(yes) ],
d7c0f3d5 3723 [
3724 AC_MSG_RESULT(no)
3725 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3726 AC_TRY_COMPILE([
3727#include <sys/types.h>
3728#include <utmp.h>
3729#ifdef HAVE_LASTLOG_H
3730# include <lastlog.h>
3731#endif
3732#ifdef HAVE_PATHS_H
3733# include <paths.h>
3734#endif
3735 ],
3736 [ char *lastlog = _PATH_LASTLOG; ],
3737 [ AC_MSG_RESULT(yes) ],
3738 [
f282b668 3739 AC_MSG_RESULT(no)
d7c0f3d5 3740 system_lastlog_path=no
3741 ])
3742 ]
1d7b9b20 3743)
d7c0f3d5 3744
1d7b9b20 3745if test -z "$conf_lastlog_location"; then
3746 if test x"$system_lastlog_path" = x"no" ; then
3747 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
e5fe9a1f 3748 if (test -d "$f" || test -f "$f") ; then
1d7b9b20 3749 conf_lastlog_location=$f
3750 fi
3751 done
3752 if test -z "$conf_lastlog_location"; then
f8119cef 3753 AC_MSG_WARN([** Cannot find lastlog **])
3754 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
1d7b9b20 3755 fi
3756 fi
3757fi
3758
3759if test -n "$conf_lastlog_location"; then
3466e002 3760 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3761 [Define if you want to specify the path to your lastlog file])
82f4e93d 3762fi
1d7b9b20 3763
3764dnl utmp detection
3765AC_MSG_CHECKING([if your system defines UTMP_FILE])
3766AC_TRY_COMPILE([
3767#include <sys/types.h>
3768#include <utmp.h>
d7c0f3d5 3769#ifdef HAVE_PATHS_H
1d7b9b20 3770# include <paths.h>
3771#endif
3772 ],
3773 [ char *utmp = UTMP_FILE; ],
3774 [ AC_MSG_RESULT(yes) ],
3775 [ AC_MSG_RESULT(no)
3776 system_utmp_path=no ]
3777)
3778if test -z "$conf_utmp_location"; then
3779 if test x"$system_utmp_path" = x"no" ; then
3780 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3781 if test -f $f ; then
3782 conf_utmp_location=$f
3783 fi
3784 done
3785 if test -z "$conf_utmp_location"; then
3786 AC_DEFINE(DISABLE_UTMP)
3787 fi
3788 fi
3789fi
3790if test -n "$conf_utmp_location"; then
3466e002 3791 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3792 [Define if you want to specify the path to your utmp file])
82f4e93d 3793fi
1d7b9b20 3794
3795dnl wtmp detection
3796AC_MSG_CHECKING([if your system defines WTMP_FILE])
3797AC_TRY_COMPILE([
3798#include <sys/types.h>
3799#include <utmp.h>
d7c0f3d5 3800#ifdef HAVE_PATHS_H
1d7b9b20 3801# include <paths.h>
3802#endif
3803 ],
3804 [ char *wtmp = WTMP_FILE; ],
3805 [ AC_MSG_RESULT(yes) ],
3806 [ AC_MSG_RESULT(no)
3807 system_wtmp_path=no ]
3808)
3809if test -z "$conf_wtmp_location"; then
3810 if test x"$system_wtmp_path" = x"no" ; then
3811 for f in /usr/adm/wtmp /var/log/wtmp; do
3812 if test -f $f ; then
3813 conf_wtmp_location=$f
3814 fi
3815 done
3816 if test -z "$conf_wtmp_location"; then
3817 AC_DEFINE(DISABLE_WTMP)
3818 fi
3819 fi
3820fi
3821if test -n "$conf_wtmp_location"; then
3466e002 3822 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3823 [Define if you want to specify the path to your wtmp file])
82f4e93d 3824fi
1d7b9b20 3825
3826
3827dnl utmpx detection - I don't know any system so perverse as to require
3828dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3829dnl there, though.
3830AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3831AC_TRY_COMPILE([
3832#include <sys/types.h>
3833#include <utmp.h>
3834#ifdef HAVE_UTMPX_H
3835#include <utmpx.h>
3836#endif
d7c0f3d5 3837#ifdef HAVE_PATHS_H
1d7b9b20 3838# include <paths.h>
3839#endif
3840 ],
3841 [ char *utmpx = UTMPX_FILE; ],
3842 [ AC_MSG_RESULT(yes) ],
3843 [ AC_MSG_RESULT(no)
3844 system_utmpx_path=no ]
3845)
3846if test -z "$conf_utmpx_location"; then
3847 if test x"$system_utmpx_path" = x"no" ; then
3848 AC_DEFINE(DISABLE_UTMPX)
3849 fi
3850else
3466e002 3851 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3852 [Define if you want to specify the path to your utmpx file])
82f4e93d 3853fi
1d7b9b20 3854
3855dnl wtmpx detection
3856AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3857AC_TRY_COMPILE([
3858#include <sys/types.h>
3859#include <utmp.h>
3860#ifdef HAVE_UTMPX_H
3861#include <utmpx.h>
3862#endif
d7c0f3d5 3863#ifdef HAVE_PATHS_H
1d7b9b20 3864# include <paths.h>
3865#endif
3866 ],
3867 [ char *wtmpx = WTMPX_FILE; ],
3868 [ AC_MSG_RESULT(yes) ],
3869 [ AC_MSG_RESULT(no)
3870 system_wtmpx_path=no ]
3871)
3872if test -z "$conf_wtmpx_location"; then
3873 if test x"$system_wtmpx_path" = x"no" ; then
3874 AC_DEFINE(DISABLE_WTMPX)
3875 fi
3876else
3466e002 3877 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3878 [Define if you want to specify the path to your wtmpx file])
82f4e93d 3879fi
1d7b9b20 3880
b7a87eea 3881
bd499f9e 3882if test ! -z "$blibpath" ; then
68ece370 3883 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3884 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
bd499f9e 3885fi
3886
ed89c848 3887dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3888dnl Add now.
3889CFLAGS="$CFLAGS $werror_flags"
3890
3c62e7eb 3891AC_EXEEXT
d7cfdd7c 3892AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
46096a5b 3893 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
98a7c37b 3894AC_OUTPUT
d3083fbd 3895
cbd7492e 3896# Print summary of options
3897
cbd7492e 3898# Someone please show me a better way :)
3899A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3900B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3901C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3902D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
f5665f6f 3903E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
e0c4d3ac 3904F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
cbd7492e 3905G=`eval echo ${piddir}` ; G=`eval echo ${G}`
ecac8ee5 3906H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3907I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3908J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
cbd7492e 3909
3910echo ""
26de7942 3911echo "OpenSSH has been configured with the following options:"
ecac8ee5 3912echo " User binaries: $B"
3913echo " System binaries: $C"
3914echo " Configuration files: $D"
3915echo " Askpass program: $E"
3916echo " Manual pages: $F"
3917echo " PID file: $G"
3918echo " Privilege separation chroot path: $H"
95b99395 3919if test "x$external_path_file" = "x/etc/login.conf" ; then
3920echo " At runtime, sshd will use the path defined in $external_path_file"
3921echo " Make sure the path to scp is present, otherwise scp will not work"
8d184c09 3922else
ecac8ee5 3923echo " sshd default user PATH: $I"
89bbd457 3924 if test ! -z "$external_path_file"; then
95b99395 3925echo " (If PATH is set in $external_path_file it will be used instead. If"
3926echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3927 fi
8d184c09 3928fi
06617857 3929if test ! -z "$superuser_path" ; then
ecac8ee5 3930echo " sshd superuser user PATH: $J"
3931fi
3932echo " Manpage format: $MANTYPE"
3e05e934 3933echo " PAM support: $PAM_MSG"
5b84789f 3934echo " OSF SIA support: $SIA_MSG"
ecac8ee5 3935echo " KerberosV support: $KRB5_MSG"
ef4d1846 3936echo " SELinux support: $SELINUX_MSG"
ecac8ee5 3937echo " Smartcard support: $SCARD_MSG"
ecac8ee5 3938echo " S/KEY support: $SKEY_MSG"
3939echo " TCP Wrappers support: $TCPW_MSG"
3940echo " MD5 password support: $MD5_MSG"
59031773 3941echo " libedit support: $LIBEDIT_MSG"
5b84789f 3942echo " Solaris process contract support: $SPC_MSG"
3deb1408 3943echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
ecac8ee5 3944echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3945echo " BSD Auth support: $BSD_AUTH_MSG"
3946echo " Random number source: $RAND_MSG"
f1b0ecc3 3947if test ! -z "$USE_RAND_HELPER" ; then
ecac8ee5 3948echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
af774732 3949fi
3950
cbd7492e 3951echo ""
3952
0c2fb82f 3953echo " Host: ${host}"
3954echo " Compiler: ${CC}"
3955echo " Compiler flags: ${CFLAGS}"
3956echo "Preprocessor flags: ${CPPFLAGS}"
3957echo " Linker flags: ${LDFLAGS}"
ddceb1c8 3958echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
cbd7492e 3959
3960echo ""
3961
9cefe228 3962if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
b3146b5f 3963 echo "SVR4 style packages are supported with \"make package\""
3964 echo ""
9cefe228 3965fi
3966
adeebd37 3967if test "x$PAM_MSG" = "xyes" ; then
f1b0ecc3 3968 echo "PAM is enabled. You may need to install a PAM control file "
3969 echo "for sshd, otherwise password authentication may fail. "
aff51935 3970 echo "Example PAM control files can be found in the contrib/ "
f1b0ecc3 3971 echo "subdirectory"
adeebd37 3972 echo ""
3973fi
3974
f1b0ecc3 3975if test ! -z "$RAND_HELPER_CMDHASH" ; then
3976 echo "WARNING: you are using the builtin random number collection "
3977 echo "service. Please read WARNING.RNG and request that your OS "
3978 echo "vendor includes kernel-based random number collection in "
3979 echo "future versions of your OS."
2c523de9 3980 echo ""
3981fi
af774732 3982
2f6f9cff 3983if test ! -z "$NO_PEERCHECK" ; then
3984 echo "WARNING: the operating system that you are using does not "
3985 echo "appear to support either the getpeereid() API nor the "
3986 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3987 echo "enforce security checks to prevent unauthorised connections to "
3988 echo "ssh-agent. Their absence increases the risk that a malicious "
3989 echo "user can connect to your agent. "
3990 echo ""
3991fi
3992
7b578f7d 3993if test "$AUDIT_MODULE" = "bsm" ; then
3994 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3995 echo "See the Solaris section in README.platform for details."
3996fi
git-cvsimport mirror of OpenSSH
This page took 1.038767 seconds and 5 git commands to generate.