]> andersk Git - openssh.git/blob - configure.ac
- (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
[openssh.git] / configure.ac
1 # $Id$
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
17 AC_INIT(OpenSSH, Portable)
18 AC_CONFIG_SRCDIR([ssh.c])
19
20 AC_CONFIG_HEADER(config.h)
21 AC_PROG_CC
22 AC_CANONICAL_HOST
23 AC_C_BIGENDIAN
24
25 # Checks for programs.
26 AC_PROG_AWK
27 AC_PROG_CPP
28 AC_PROG_RANLIB
29 AC_PROG_INSTALL
30 AC_PATH_PROG(AR, ar)
31 AC_PATH_PROG(CAT, cat)
32 AC_PATH_PROG(KILL, kill)
33 AC_PATH_PROGS(PERL, perl5 perl)
34 AC_PATH_PROG(SED, sed)
35 AC_SUBST(PERL)
36 AC_PATH_PROG(ENT, ent)
37 AC_SUBST(ENT)
38 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
39 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
40 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
41 AC_PATH_PROG(SH, sh)
42 AC_SUBST(TEST_SHELL,sh)
43
44 dnl for buildpkg.sh
45 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
46         [/usr/sbin${PATH_SEPARATOR}/etc])
47 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48         [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
50
51 # System features
52 AC_SYS_LARGEFILE
53
54 if test -z "$AR" ; then
55         AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
56 fi
57
58 # Use LOGIN_PROGRAM from environment if possible
59 if test ! -z "$LOGIN_PROGRAM" ; then
60         AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
61 else
62         # Search for login
63         AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
64         if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
65                 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
66         fi
67 fi
68
69 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70 if test ! -z "$PATH_PASSWD_PROG" ; then
71         AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
72 fi
73
74 if test -z "$LD" ; then
75         LD=$CC
76 fi
77 AC_SUBST(LD)
78
79 AC_C_INLINE
80 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81         CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
82 fi
83
84 AC_ARG_WITH(rpath,
85         [  --without-rpath         Disable auto-added -R linker paths],
86         [
87                 if test "x$withval" = "xno" ; then
88                         need_dash_r=""
89                 fi
90                 if test "x$withval" = "xyes" ; then
91                         need_dash_r=1
92                 fi
93         ]
94 )
95
96 # Check for some target-specific stuff
97 case "$host" in
98 *-*-aix*)
99         AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
100         if (test -z "$blibpath"); then
101                 blibpath="/usr/lib:/lib"
102         fi
103         saved_LDFLAGS="$LDFLAGS"
104         for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
105                 if (test -z "$blibflags"); then
106                         LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
107                         AC_TRY_LINK([], [], [blibflags=$tryflags])
108                 fi
109         done
110         if (test -z "$blibflags"); then
111                 AC_MSG_RESULT(not found)
112                 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
113         else
114                 AC_MSG_RESULT($blibflags)
115         fi
116         LDFLAGS="$saved_LDFLAGS"
117         dnl Check for authenticate.  Might be in libs.a on older AIXes
118         AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
119                 [AC_CHECK_LIB(s,authenticate,
120                         [ AC_DEFINE(WITH_AIXAUTHENTICATE)
121                                 LIBS="$LIBS -ls"
122                         ])
123                 ])
124         dnl Check for various auth function declarations in headers.
125         AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
126             passwdexpired], , , [#include <usersec.h>])
127         dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
128         AC_CHECK_DECLS(loginfailed,
129                  [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
130                   AC_TRY_COMPILE(
131                         [#include <usersec.h>],
132                         [(void)loginfailed("user","host","tty",0);],
133                         [AC_MSG_RESULT(yes)
134                          AC_DEFINE(AIX_LOGINFAILED_4ARG)],
135                         [AC_MSG_RESULT(no)]
136                 )],
137                 [],
138                 [#include <usersec.h>]
139         )
140         AC_CHECK_FUNCS(setauthdb)
141         check_for_aix_broken_getaddrinfo=1
142         AC_DEFINE(BROKEN_REALPATH)
143         AC_DEFINE(SETEUID_BREAKS_SETUID)
144         AC_DEFINE(BROKEN_SETREUID)
145         AC_DEFINE(BROKEN_SETREGID)
146         dnl AIX handles lastlog as part of its login message
147         AC_DEFINE(DISABLE_LASTLOG)
148         AC_DEFINE(LOGIN_NEEDS_UTMPX)
149         AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
150         ;;
151 *-*-cygwin*)
152         check_for_libcrypt_later=1
153         LIBS="$LIBS /usr/lib/textmode.o"
154         AC_DEFINE(HAVE_CYGWIN)
155         AC_DEFINE(USE_PIPES)
156         AC_DEFINE(DISABLE_SHADOW)
157         AC_DEFINE(IP_TOS_IS_BROKEN)
158         AC_DEFINE(NO_X11_UNIX_SOCKETS)
159         AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
160         AC_DEFINE(DISABLE_FD_PASSING)
161         ;;
162 *-*-dgux*)
163         AC_DEFINE(IP_TOS_IS_BROKEN)
164         AC_DEFINE(SETEUID_BREAKS_SETUID)
165         AC_DEFINE(BROKEN_SETREUID)
166         AC_DEFINE(BROKEN_SETREGID)
167         ;;
168 *-*-darwin*)
169         AC_MSG_CHECKING(if we have working getaddrinfo)
170         AC_TRY_RUN([#include <mach-o/dyld.h>
171 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
172                 exit(0);
173         else
174                 exit(1);
175 }], [AC_MSG_RESULT(working)],
176         [AC_MSG_RESULT(buggy)
177         AC_DEFINE(BROKEN_GETADDRINFO)],
178         [AC_MSG_RESULT(assume it is working)])
179         AC_DEFINE(SETEUID_BREAKS_SETUID)
180         AC_DEFINE(BROKEN_SETREUID)
181         AC_DEFINE(BROKEN_SETREGID)
182         AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
183         ;;
184 *-*-hpux10.26)
185         if test -z "$GCC"; then
186                 CFLAGS="$CFLAGS -Ae"
187         fi
188         CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
189         IPADDR_IN_DISPLAY=yes
190         AC_DEFINE(HAVE_SECUREWARE)
191         AC_DEFINE(USE_PIPES)
192         AC_DEFINE(LOGIN_NO_ENDOPT)
193         AC_DEFINE(LOGIN_NEEDS_UTMPX)
194         AC_DEFINE(LOCKED_PASSWD_STRING, "*")
195         AC_DEFINE(SPT_TYPE,SPT_PSTAT)
196         LIBS="$LIBS -lsec -lsecpw"
197         AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
198         disable_ptmx_check=yes
199         ;;
200 *-*-hpux10*)
201         if test -z "$GCC"; then
202                 CFLAGS="$CFLAGS -Ae"
203         fi
204         CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
205         IPADDR_IN_DISPLAY=yes
206         AC_DEFINE(USE_PIPES)
207         AC_DEFINE(LOGIN_NO_ENDOPT)
208         AC_DEFINE(LOGIN_NEEDS_UTMPX)
209         AC_DEFINE(LOCKED_PASSWD_STRING, "*")
210         AC_DEFINE(SPT_TYPE,SPT_PSTAT)
211         LIBS="$LIBS -lsec"
212         AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
213         ;;
214 *-*-hpux11*)
215         CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
216         IPADDR_IN_DISPLAY=yes
217         AC_DEFINE(PAM_SUN_CODEBASE)
218         AC_DEFINE(USE_PIPES)
219         AC_DEFINE(LOGIN_NO_ENDOPT)
220         AC_DEFINE(LOGIN_NEEDS_UTMPX)
221         AC_DEFINE(DISABLE_UTMP)
222         AC_DEFINE(LOCKED_PASSWD_STRING, "*")
223         AC_DEFINE(SPT_TYPE,SPT_PSTAT)
224         AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
225         check_for_hpux_broken_getaddrinfo=1
226         check_for_conflicting_getspnam=1
227         LIBS="$LIBS -lsec"
228         AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
229         ;;
230 *-*-irix5*)
231         PATH="$PATH:/usr/etc"
232         AC_DEFINE(BROKEN_INET_NTOA)
233         AC_DEFINE(SETEUID_BREAKS_SETUID)
234         AC_DEFINE(BROKEN_SETREUID)
235         AC_DEFINE(BROKEN_SETREGID)
236         AC_DEFINE(WITH_ABBREV_NO_TTY)
237         AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
238         ;;
239 *-*-irix6*)
240         PATH="$PATH:/usr/etc"
241         AC_DEFINE(WITH_IRIX_ARRAY)
242         AC_DEFINE(WITH_IRIX_PROJECT)
243         AC_DEFINE(WITH_IRIX_AUDIT)
244         AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
245         AC_DEFINE(BROKEN_INET_NTOA)
246         AC_DEFINE(SETEUID_BREAKS_SETUID)
247         AC_DEFINE(BROKEN_SETREUID)
248         AC_DEFINE(BROKEN_SETREGID)
249         AC_DEFINE(BROKEN_UPDWTMPX)
250         AC_DEFINE(WITH_ABBREV_NO_TTY)
251         AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
252         ;;
253 *-*-linux*)
254         no_dev_ptmx=1
255         check_for_libcrypt_later=1
256         check_for_openpty_ctty_bug=1
257         AC_DEFINE(DONT_TRY_OTHER_AF)
258         AC_DEFINE(PAM_TTY_KLUDGE)
259         AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
260         AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
261         AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
262         AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
263         AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
264         inet6_default_4in6=yes
265         case `uname -r` in
266         1.*|2.0.*)
267                 AC_DEFINE(BROKEN_CMSG_TYPE)
268                 ;;
269         esac
270         ;;
271 mips-sony-bsd|mips-sony-newsos4)
272         AC_DEFINE(HAVE_NEWS4)
273         SONY=1
274         ;;
275 *-*-netbsd*)
276         check_for_libcrypt_before=1
277         if test "x$withval" != "xno" ; then
278                 need_dash_r=1
279         fi
280         ;;
281 *-*-freebsd*)
282         check_for_libcrypt_later=1
283         ;;
284 *-*-bsdi*)
285         AC_DEFINE(SETEUID_BREAKS_SETUID)
286         AC_DEFINE(BROKEN_SETREUID)
287         AC_DEFINE(BROKEN_SETREGID)
288         ;;
289 *-next-*)
290         conf_lastlog_location="/usr/adm/lastlog"
291         conf_utmp_location=/etc/utmp
292         conf_wtmp_location=/usr/adm/wtmp
293         MAIL=/usr/spool/mail
294         AC_DEFINE(HAVE_NEXT)
295         AC_DEFINE(BROKEN_REALPATH)
296         AC_DEFINE(USE_PIPES)
297         AC_DEFINE(BROKEN_SAVED_UIDS)
298         ;;
299 *-*-solaris*)
300         if test "x$withval" != "xno" ; then
301                 need_dash_r=1
302         fi
303         AC_DEFINE(PAM_SUN_CODEBASE)
304         AC_DEFINE(LOGIN_NEEDS_UTMPX)
305         AC_DEFINE(LOGIN_NEEDS_TERM)
306         AC_DEFINE(PAM_TTY_KLUDGE)
307         AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
308         AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
309         # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
310         AC_DEFINE(SSHD_ACQUIRES_CTTY)
311         external_path_file=/etc/default/login
312         # hardwire lastlog location (can't detect it on some versions)
313         conf_lastlog_location="/var/adm/lastlog"
314         AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
315         sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
316         if test "$sol2ver" -ge 8; then
317                 AC_MSG_RESULT(yes)
318                 AC_DEFINE(DISABLE_UTMP)
319                 AC_DEFINE(DISABLE_WTMP)
320         else
321                 AC_MSG_RESULT(no)
322         fi
323         ;;
324 *-*-sunos4*)
325         CPPFLAGS="$CPPFLAGS -DSUNOS4"
326         AC_CHECK_FUNCS(getpwanam)
327         AC_DEFINE(PAM_SUN_CODEBASE)
328         conf_utmp_location=/etc/utmp
329         conf_wtmp_location=/var/adm/wtmp
330         conf_lastlog_location=/var/adm/lastlog
331         AC_DEFINE(USE_PIPES)
332         ;;
333 *-ncr-sysv*)
334         LIBS="$LIBS -lc89"
335         AC_DEFINE(USE_PIPES)
336         AC_DEFINE(SSHD_ACQUIRES_CTTY)
337         AC_DEFINE(SETEUID_BREAKS_SETUID)
338         AC_DEFINE(BROKEN_SETREUID)
339         AC_DEFINE(BROKEN_SETREGID)
340         ;;
341 *-sni-sysv*)
342         # /usr/ucblib MUST NOT be searched on ReliantUNIX
343         AC_CHECK_LIB(dl, dlsym, ,)
344         # -lresolv needs to be at then end of LIBS or DNS lookups break
345         AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
346         IPADDR_IN_DISPLAY=yes
347         AC_DEFINE(USE_PIPES)
348         AC_DEFINE(IP_TOS_IS_BROKEN)
349         AC_DEFINE(SETEUID_BREAKS_SETUID)
350         AC_DEFINE(BROKEN_SETREUID)
351         AC_DEFINE(BROKEN_SETREGID)
352         AC_DEFINE(SSHD_ACQUIRES_CTTY)
353         external_path_file=/etc/default/login
354         # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
355         # Attention: always take care to bind libsocket and libnsl before libc,
356         # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
357         ;;
358 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
359 *-*-sysv4.2*)
360         AC_DEFINE(USE_PIPES)
361         AC_DEFINE(SETEUID_BREAKS_SETUID)
362         AC_DEFINE(BROKEN_SETREUID)
363         AC_DEFINE(BROKEN_SETREGID)
364         ;;
365 # UnixWare 7.x, OpenUNIX 8
366 *-*-sysv5*)
367         AC_DEFINE(USE_PIPES)
368         AC_DEFINE(SETEUID_BREAKS_SETUID)
369         AC_DEFINE(BROKEN_SETREUID)
370         AC_DEFINE(BROKEN_SETREGID)
371         ;;
372 *-*-sysv*)
373         ;;
374 # SCO UNIX and OEM versions of SCO UNIX
375 *-*-sco3.2v4*)
376         AC_MSG_ERROR("This Platform is no longer supported.")
377         ;;
378 # SCO OpenServer 5.x
379 *-*-sco3.2v5*)
380         if test -z "$GCC"; then
381                 CFLAGS="$CFLAGS -belf"
382         fi
383         LIBS="$LIBS -lprot -lx -ltinfo -lm"
384         no_dev_ptmx=1
385         AC_DEFINE(USE_PIPES)
386         AC_DEFINE(HAVE_SECUREWARE)
387         AC_DEFINE(DISABLE_SHADOW)
388         AC_DEFINE(DISABLE_FD_PASSING)
389         AC_DEFINE(SETEUID_BREAKS_SETUID)
390         AC_DEFINE(BROKEN_SETREUID)
391         AC_DEFINE(BROKEN_SETREGID)
392         AC_DEFINE(WITH_ABBREV_NO_TTY)
393         AC_DEFINE(BROKEN_UPDWTMPX)
394         AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
395         AC_CHECK_FUNCS(getluid setluid)
396         MANTYPE=man
397         TEST_SHELL=ksh
398         ;;
399 *-*-unicosmk*)
400         AC_DEFINE(NO_SSH_LASTLOG)
401         AC_DEFINE(SETEUID_BREAKS_SETUID)
402         AC_DEFINE(BROKEN_SETREUID)
403         AC_DEFINE(BROKEN_SETREGID)
404         AC_DEFINE(USE_PIPES)
405         AC_DEFINE(DISABLE_FD_PASSING)
406         LDFLAGS="$LDFLAGS"
407         LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
408         MANTYPE=cat
409         ;;
410 *-*-unicosmp*)
411         AC_DEFINE(SETEUID_BREAKS_SETUID)
412         AC_DEFINE(BROKEN_SETREUID)
413         AC_DEFINE(BROKEN_SETREGID)
414         AC_DEFINE(WITH_ABBREV_NO_TTY)
415         AC_DEFINE(USE_PIPES)
416         AC_DEFINE(DISABLE_FD_PASSING)
417         LDFLAGS="$LDFLAGS"
418         LIBS="$LIBS -lgen -lacid -ldb"
419         MANTYPE=cat
420         ;;
421 *-*-unicos*)
422         AC_DEFINE(SETEUID_BREAKS_SETUID)
423         AC_DEFINE(BROKEN_SETREUID)
424         AC_DEFINE(BROKEN_SETREGID)
425         AC_DEFINE(USE_PIPES)
426         AC_DEFINE(DISABLE_FD_PASSING)
427         AC_DEFINE(NO_SSH_LASTLOG)
428         LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
429         LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
430         MANTYPE=cat
431         ;;
432 *-dec-osf*)
433         AC_MSG_CHECKING(for Digital Unix SIA)
434         no_osfsia=""
435         AC_ARG_WITH(osfsia,
436                 [  --with-osfsia           Enable Digital Unix SIA],
437                 [
438                         if test "x$withval" = "xno" ; then
439                                 AC_MSG_RESULT(disabled)
440                                 no_osfsia=1
441                         fi
442                 ],
443         )
444         if test -z "$no_osfsia" ; then
445                 if test -f /etc/sia/matrix.conf; then
446                         AC_MSG_RESULT(yes)
447                         AC_DEFINE(HAVE_OSF_SIA)
448                         AC_DEFINE(DISABLE_LOGIN)
449                         AC_DEFINE(DISABLE_FD_PASSING)
450                         LIBS="$LIBS -lsecurity -ldb -lm -laud"
451                 else
452                         AC_MSG_RESULT(no)
453                         AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
454                 fi
455         fi
456         AC_DEFINE(BROKEN_GETADDRINFO)
457         AC_DEFINE(SETEUID_BREAKS_SETUID)
458         AC_DEFINE(BROKEN_SETREUID)
459         AC_DEFINE(BROKEN_SETREGID)
460         ;;
461
462 *-*-nto-qnx)
463         AC_DEFINE(USE_PIPES)
464         AC_DEFINE(NO_X11_UNIX_SOCKETS)
465         AC_DEFINE(MISSING_NFDBITS)
466         AC_DEFINE(MISSING_HOWMANY)
467         AC_DEFINE(MISSING_FD_MASK)
468         ;;
469 esac
470
471 # Allow user to specify flags
472 AC_ARG_WITH(cflags,
473         [  --with-cflags           Specify additional flags to pass to compiler],
474         [
475                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
476                     test "x${withval}" != "xyes"; then
477                         CFLAGS="$CFLAGS $withval"
478                 fi
479         ]
480 )
481 AC_ARG_WITH(cppflags,
482         [  --with-cppflags         Specify additional flags to pass to preprocessor] ,
483         [
484                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
485                     test "x${withval}" != "xyes"; then
486                         CPPFLAGS="$CPPFLAGS $withval"
487                 fi
488         ]
489 )
490 AC_ARG_WITH(ldflags,
491         [  --with-ldflags          Specify additional flags to pass to linker],
492         [
493                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
494                     test "x${withval}" != "xyes"; then
495                         LDFLAGS="$LDFLAGS $withval"
496                 fi
497         ]
498 )
499 AC_ARG_WITH(libs,
500         [  --with-libs             Specify additional libraries to link with],
501         [
502                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
503                     test "x${withval}" != "xyes"; then
504                         LIBS="$LIBS $withval"
505                 fi
506         ]
507 )
508
509 AC_MSG_CHECKING(compiler and flags for sanity)
510 AC_RUN_IFELSE(
511         [AC_LANG_SOURCE([
512 #include <stdio.h>
513 int main(){exit(0);}
514         ])],
515         [       AC_MSG_RESULT(yes) ],
516         [
517                 AC_MSG_RESULT(no)
518                 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
519         ],
520         [       AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
521 )
522
523 # Checks for header files.
524 AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
525         floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
526         login_cap.h maillock.h ndir.h netdb.h netgroup.h \
527         netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
528         rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
529         strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
530         sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
531         sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
532         sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
533         time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
534
535 # sys/ptms.h requires sys/stream.h to be included first on Solaris
536 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
537 #ifdef HAVE_SYS_STREAM_H
538 # include <sys/stream.h>
539 #endif
540 ])
541
542 # Checks for libraries.
543 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
544 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
545
546 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
547 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
548         AC_CHECK_LIB(gen, dirname,[
549                 AC_CACHE_CHECK([for broken dirname],
550                         ac_cv_have_broken_dirname, [
551                         save_LIBS="$LIBS"
552                         LIBS="$LIBS -lgen"
553                         AC_TRY_RUN(
554                                 [
555 #include <libgen.h>
556 #include <string.h>
557
558 int main(int argc, char **argv) {
559     char *s, buf[32];
560
561     strncpy(buf,"/etc", 32);
562     s = dirname(buf);
563     if (!s || strncmp(s, "/", 32) != 0) {
564         exit(1);
565     } else {
566         exit(0);
567     }
568 }
569                                 ],
570                                 [ ac_cv_have_broken_dirname="no" ],
571                                 [ ac_cv_have_broken_dirname="yes" ]
572                         )
573                         LIBS="$save_LIBS"
574                 ])
575                 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
576                         LIBS="$LIBS -lgen"
577                         AC_DEFINE(HAVE_DIRNAME)
578                         AC_CHECK_HEADERS(libgen.h)
579                 fi
580         ])
581 ])
582
583 AC_CHECK_FUNC(getspnam, ,
584         AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
585 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
586
587 dnl zlib is required
588 AC_ARG_WITH(zlib,
589         [  --with-zlib=PATH        Use zlib in PATH],
590         [ if test "x$withval" = "xno" ; then
591                 AC_MSG_ERROR([*** zlib is required ***])
592           elif test "x$withval" != "xyes"; then
593                 if test -d "$withval/lib"; then
594                         if test -n "${need_dash_r}"; then
595                                 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
596                         else
597                                 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
598                         fi
599                 else
600                         if test -n "${need_dash_r}"; then
601                                 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
602                         else
603                                 LDFLAGS="-L${withval} ${LDFLAGS}"
604                         fi
605                 fi
606                 if test -d "$withval/include"; then
607                         CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
608                 else
609                         CPPFLAGS="-I${withval} ${CPPFLAGS}"
610                 fi
611         fi ]
612 )
613
614 AC_CHECK_LIB(z, deflate, ,
615         [
616                 saved_CPPFLAGS="$CPPFLAGS"
617                 saved_LDFLAGS="$LDFLAGS"
618                 save_LIBS="$LIBS"
619                 dnl Check default zlib install dir
620                 if test -n "${need_dash_r}"; then
621                         LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
622                 else
623                         LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
624                 fi
625                 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
626                 LIBS="$LIBS -lz"
627                 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
628                         [
629                                 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
630                         ]
631                 )
632         ]
633 )
634 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
635
636 AC_ARG_WITH(zlib-version-check,
637         [  --without-zlib-version-check Disable zlib version check],
638         [  if test "x$withval" = "xno" ; then
639                 zlib_check_nonfatal=1
640            fi
641         ]
642 )
643
644 AC_MSG_CHECKING(for zlib 1.1.4 or greater)
645 AC_RUN_IFELSE([AC_LANG_SOURCE([[
646 #include <zlib.h>
647 int main()
648 {
649         int a, b, c, v;
650         if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3)
651                 exit(1);
652         v = a*1000000 + b*1000 + c;
653         if (v >= 1001004)
654                 exit(0);
655         exit(2);
656 }
657         ]])],
658         AC_MSG_RESULT(yes),
659         [ AC_MSG_RESULT(no)
660           if test -z "$zlib_check_nonfatal" ; then
661                 AC_MSG_ERROR([*** zlib too old - check config.log ***
662 Your reported zlib version has known security problems.  It's possible your
663 vendor has fixed these problems without changing the version number.  If you
664 are sure this is the case, you can disable the check by running
665 "./configure --without-zlib-version-check".
666 If you are in doubt, upgrade zlib to version 1.1.4 or greater.])
667           else
668                 AC_MSG_WARN([zlib version may have security problems])
669           fi
670         ],
671         [       AC_MSG_WARN([cross compiling: not checking zlib version]) ]
672 )
673
674 dnl UnixWare 2.x
675 AC_CHECK_FUNC(strcasecmp,
676         [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
677 )
678 AC_CHECK_FUNC(utimes,
679         [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
680                                         LIBS="$LIBS -lc89"]) ]
681 )
682
683 dnl    Checks for libutil functions
684 AC_CHECK_HEADERS(libutil.h)
685 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
686 AC_CHECK_FUNCS(logout updwtmp logwtmp)
687
688 AC_FUNC_STRFTIME
689
690 # Check for ALTDIRFUNC glob() extension
691 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
692 AC_EGREP_CPP(FOUNDIT,
693         [
694                 #include <glob.h>
695                 #ifdef GLOB_ALTDIRFUNC
696                 FOUNDIT
697                 #endif
698         ],
699         [
700                 AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
701                 AC_MSG_RESULT(yes)
702         ],
703         [
704                 AC_MSG_RESULT(no)
705         ]
706 )
707
708 # Check for g.gl_matchc glob() extension
709 AC_MSG_CHECKING(for gl_matchc field in glob_t)
710 AC_EGREP_CPP(FOUNDIT,
711         [
712                 #include <glob.h>
713                 int main(void){glob_t g; g.gl_matchc = 1;}
714         ],
715         [
716                 AC_DEFINE(GLOB_HAS_GL_MATCHC)
717                 AC_MSG_RESULT(yes)
718         ],
719         [
720                 AC_MSG_RESULT(no)
721         ]
722 )
723
724 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
725 AC_RUN_IFELSE(
726         [AC_LANG_SOURCE([[
727 #include <sys/types.h>
728 #include <dirent.h>
729 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
730         ]])],
731         [AC_MSG_RESULT(yes)],
732         [
733                 AC_MSG_RESULT(no)
734                 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
735         ],
736         [
737                 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
738                 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
739         ]
740 )
741
742 AC_MSG_CHECKING([for /proc/pid/fd directory])
743 if test -d "/proc/$$/fd" ; then
744         AC_DEFINE(HAVE_PROC_PID)
745         AC_MSG_RESULT(yes)
746 else
747         AC_MSG_RESULT(no)
748 fi
749
750 # Check whether user wants S/Key support
751 SKEY_MSG="no"
752 AC_ARG_WITH(skey,
753         [  --with-skey[[=PATH]]      Enable S/Key support (optionally in PATH)],
754         [
755                 if test "x$withval" != "xno" ; then
756
757                         if test "x$withval" != "xyes" ; then
758                                 CPPFLAGS="$CPPFLAGS -I${withval}/include"
759                                 LDFLAGS="$LDFLAGS -L${withval}/lib"
760                         fi
761
762                         AC_DEFINE(SKEY)
763                         LIBS="-lskey $LIBS"
764                         SKEY_MSG="yes"
765
766                         AC_MSG_CHECKING([for s/key support])
767                         AC_TRY_RUN(
768                                 [
769 #include <stdio.h>
770 #include <skey.h>
771 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
772                                 ],
773                                 [AC_MSG_RESULT(yes)],
774                                 [
775                                         AC_MSG_RESULT(no)
776                                         AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
777                                 ])
778                         AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
779                         AC_TRY_COMPILE(
780                                 [#include <stdio.h>
781                                  #include <skey.h>],
782                                 [(void)skeychallenge(NULL,"name","",0);],
783                                 [AC_MSG_RESULT(yes)
784                                  AC_DEFINE(SKEYCHALLENGE_4ARG)],
785                                 [AC_MSG_RESULT(no)]
786                         )
787                 fi
788         ]
789 )
790
791 # Check whether user wants TCP wrappers support
792 TCPW_MSG="no"
793 AC_ARG_WITH(tcp-wrappers,
794         [  --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
795         [
796                 if test "x$withval" != "xno" ; then
797                         saved_LIBS="$LIBS"
798                         saved_LDFLAGS="$LDFLAGS"
799                         saved_CPPFLAGS="$CPPFLAGS"
800                         if test -n "${withval}" && \
801                             test "x${withval}" != "xyes"; then
802                                 if test -d "${withval}/lib"; then
803                                         if test -n "${need_dash_r}"; then
804                                                 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
805                                         else
806                                                 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
807                                         fi
808                                 else
809                                         if test -n "${need_dash_r}"; then
810                                                 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
811                                         else
812                                                 LDFLAGS="-L${withval} ${LDFLAGS}"
813                                         fi
814                                 fi
815                                 if test -d "${withval}/include"; then
816                                         CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
817                                 else
818                                         CPPFLAGS="-I${withval} ${CPPFLAGS}"
819                                 fi
820                         fi
821                         LIBWRAP="-lwrap"
822                         LIBS="$LIBWRAP $LIBS"
823                         AC_MSG_CHECKING(for libwrap)
824                         AC_TRY_LINK(
825                                 [
826 #include <sys/types.h>
827 #include <sys/socket.h>
828 #include <netinet/in.h>
829 #include <tcpd.h>
830                                         int deny_severity = 0, allow_severity = 0;
831                                 ],
832                                 [hosts_access(0);],
833                                 [
834                                         AC_MSG_RESULT(yes)
835                                         AC_DEFINE(LIBWRAP)
836                                         AC_SUBST(LIBWRAP)
837                                         TCPW_MSG="yes"
838                                 ],
839                                 [
840                                         AC_MSG_ERROR([*** libwrap missing])
841                                 ]
842                         )
843                         LIBS="$saved_LIBS"
844                 fi
845         ]
846 )
847
848 # Check whether user wants libedit support
849 LIBEDIT_MSG="no"
850 AC_ARG_WITH(libedit,
851         [  --with-libedit[[=PATH]]   Enable libedit support for sftp],
852         [ if test "x$withval" != "xno" ; then
853                 AC_CHECK_LIB(edit, el_init,
854                         [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
855                           LIBEDIT="-ledit -lcurses"
856                           LIBEDIT_MSG="yes"
857                           AC_SUBST(LIBEDIT)
858                         ],
859                         [], [-lcurses]
860                 )
861         fi ]
862 )
863
864 AUDIT_MODULE=none
865 AC_ARG_WITH(audit,
866         [  --with-audit=module     Enable EXPERIMENTAL audit support (modules=debug,bsm)],
867         [
868           AC_MSG_CHECKING(for supported audit module)
869           case "$withval" in
870           bsm)
871                 AC_MSG_RESULT(bsm)
872                 AUDIT_MODULE=bsm
873                 dnl    Checks for headers, libs and functions
874                 AC_CHECK_HEADERS(bsm/audit.h, [],
875                     [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
876                 AC_CHECK_LIB(bsm, getaudit, [],
877                     [AC_MSG_ERROR(BSM enabled and required library not found)])
878                 AC_CHECK_FUNCS(getaudit, [],
879                     [AC_MSG_ERROR(BSM enabled and required function not found)])
880                 # These are optional
881                 AC_CHECK_FUNCS(getaudit_addr)
882                 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
883                 ;;
884           debug)
885                 AUDIT_MODULE=debug
886                 AC_MSG_RESULT(debug)
887                 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
888                 ;;
889           *)
890                 AC_MSG_ERROR([Unknown audit module $withval])
891                 ;;
892         esac ]
893 )
894
895 dnl    Checks for library functions. Please keep in alphabetical order
896 AC_CHECK_FUNCS(\
897         arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
898         bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
899         freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
900         getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
901         inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
902         mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
903         pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
904         setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
905         setproctitle setregid setreuid setrlimit \
906         setsid setvbuf sigaction sigvec snprintf socketpair strerror \
907         strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \
908         truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
909 )
910
911 # IRIX has a const char return value for gai_strerror()
912 AC_CHECK_FUNCS(gai_strerror,[
913         AC_DEFINE(HAVE_GAI_STRERROR)
914         AC_TRY_COMPILE([
915 #include <sys/types.h>
916 #include <sys/socket.h>
917 #include <netdb.h>
918
919 const char *gai_strerror(int);],[
920 char *str;
921
922 str = gai_strerror(0);],[
923                 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
924                 [Define if gai_strerror() returns const char *])])])
925
926 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
927
928 dnl Make sure prototypes are defined for these before using them.
929 AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
930 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
931
932 dnl tcsendbreak might be a macro
933 AC_CHECK_DECL(tcsendbreak,
934         [AC_DEFINE(HAVE_TCSENDBREAK)],
935         [AC_CHECK_FUNCS(tcsendbreak)],
936         [#include <termios.h>]
937 )
938
939 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
940
941 AC_CHECK_FUNCS(setresuid, [
942         dnl Some platorms have setresuid that isn't implemented, test for this
943         AC_MSG_CHECKING(if setresuid seems to work)
944         AC_RUN_IFELSE(
945                 [AC_LANG_SOURCE([[
946 #include <stdlib.h>
947 #include <errno.h>
948 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
949                 ]])],
950                 [AC_MSG_RESULT(yes)],
951                 [AC_DEFINE(BROKEN_SETRESUID)
952                  AC_MSG_RESULT(not implemented)],
953                 [AC_MSG_WARN([cross compiling: not checking setresuid])]
954         )
955 ])
956
957 AC_CHECK_FUNCS(setresgid, [
958         dnl Some platorms have setresgid that isn't implemented, test for this
959         AC_MSG_CHECKING(if setresgid seems to work)
960         AC_RUN_IFELSE(
961                 [AC_LANG_SOURCE([[
962 #include <stdlib.h>
963 #include <errno.h>
964 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
965                 ]])],
966                 [AC_MSG_RESULT(yes)],
967                 [AC_DEFINE(BROKEN_SETRESGID)
968                  AC_MSG_RESULT(not implemented)],
969                 [AC_MSG_WARN([cross compiling: not checking setresuid])]
970         )
971 ])
972
973 dnl    Checks for time functions
974 AC_CHECK_FUNCS(gettimeofday time)
975 dnl    Checks for utmp functions
976 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
977 AC_CHECK_FUNCS(utmpname)
978 dnl    Checks for utmpx functions
979 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
980 AC_CHECK_FUNCS(setutxent utmpxname)
981
982 AC_CHECK_FUNC(daemon,
983         [AC_DEFINE(HAVE_DAEMON)],
984         [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
985 )
986
987 AC_CHECK_FUNC(getpagesize,
988         [AC_DEFINE(HAVE_GETPAGESIZE)],
989         [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
990 )
991
992 # Check for broken snprintf
993 if test "x$ac_cv_func_snprintf" = "xyes" ; then
994         AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
995         AC_RUN_IFELSE(
996                 [AC_LANG_SOURCE([[
997 #include <stdio.h>
998 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
999                 ]])],
1000                 [AC_MSG_RESULT(yes)],
1001                 [
1002                         AC_MSG_RESULT(no)
1003                         AC_DEFINE(BROKEN_SNPRINTF)
1004                         AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1005                 ],
1006                 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1007         )
1008 fi
1009
1010 # Check for missing getpeereid (or equiv) support
1011 NO_PEERCHECK=""
1012 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1013         AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1014         AC_TRY_COMPILE(
1015                 [#include <sys/types.h>
1016                  #include <sys/socket.h>],
1017                 [int i = SO_PEERCRED;],
1018                 [AC_MSG_RESULT(yes)],
1019                 [AC_MSG_RESULT(no)
1020                 NO_PEERCHECK=1]
1021         )
1022 fi
1023
1024 dnl see whether mkstemp() requires XXXXXX
1025 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1026 AC_MSG_CHECKING([for (overly) strict mkstemp])
1027 AC_TRY_RUN(
1028         [
1029 #include <stdlib.h>
1030 main() { char template[]="conftest.mkstemp-test";
1031 if (mkstemp(template) == -1)
1032         exit(1);
1033 unlink(template); exit(0);
1034 }
1035         ],
1036         [
1037                 AC_MSG_RESULT(no)
1038         ],
1039         [
1040                 AC_MSG_RESULT(yes)
1041                 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1042         ],
1043         [
1044                 AC_MSG_RESULT(yes)
1045                 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1046         ]
1047 )
1048 fi
1049
1050 dnl make sure that openpty does not reacquire controlling terminal
1051 if test ! -z "$check_for_openpty_ctty_bug"; then
1052         AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1053         AC_TRY_RUN(
1054                 [
1055 #include <stdio.h>
1056 #include <sys/fcntl.h>
1057 #include <sys/types.h>
1058 #include <sys/wait.h>
1059
1060 int
1061 main()
1062 {
1063         pid_t pid;
1064         int fd, ptyfd, ttyfd, status;
1065
1066         pid = fork();
1067         if (pid < 0) {          /* failed */
1068                 exit(1);
1069         } else if (pid > 0) {   /* parent */
1070                 waitpid(pid, &status, 0);
1071                 if (WIFEXITED(status))
1072                         exit(WEXITSTATUS(status));
1073                 else
1074                         exit(2);
1075         } else {                /* child */
1076                 close(0); close(1); close(2);
1077                 setsid();
1078                 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1079                 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1080                 if (fd >= 0)
1081                         exit(3);        /* Acquired ctty: broken */
1082                 else
1083                         exit(0);        /* Did not acquire ctty: OK */
1084         }
1085 }
1086                 ],
1087                 [
1088                         AC_MSG_RESULT(yes)
1089                 ],
1090                 [
1091                         AC_MSG_RESULT(no)
1092                         AC_DEFINE(SSHD_ACQUIRES_CTTY)
1093                 ]
1094         )
1095 fi
1096
1097 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1098     test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1099         AC_MSG_CHECKING(if getaddrinfo seems to work)
1100         AC_TRY_RUN(
1101                 [
1102 #include <stdio.h>
1103 #include <sys/socket.h>
1104 #include <netdb.h>
1105 #include <errno.h>
1106 #include <netinet/in.h>
1107
1108 #define TEST_PORT "2222"
1109
1110 int
1111 main(void)
1112 {
1113         int err, sock;
1114         struct addrinfo *gai_ai, *ai, hints;
1115         char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1116
1117         memset(&hints, 0, sizeof(hints));
1118         hints.ai_family = PF_UNSPEC;
1119         hints.ai_socktype = SOCK_STREAM;
1120         hints.ai_flags = AI_PASSIVE;
1121
1122         err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1123         if (err != 0) {
1124                 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1125                 exit(1);
1126         }
1127
1128         for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1129                 if (ai->ai_family != AF_INET6)
1130                         continue;
1131
1132                 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1133                     sizeof(ntop), strport, sizeof(strport),
1134                     NI_NUMERICHOST|NI_NUMERICSERV);
1135
1136                 if (err != 0) {
1137                         if (err == EAI_SYSTEM)
1138                                 perror("getnameinfo EAI_SYSTEM");
1139                         else
1140                                 fprintf(stderr, "getnameinfo failed: %s\n",
1141                                     gai_strerror(err));
1142                         exit(2);
1143                 }
1144
1145                 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1146                 if (sock < 0)
1147                         perror("socket");
1148                 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1149                         if (errno == EBADF)
1150                                 exit(3);
1151                 }
1152         }
1153         exit(0);
1154 }
1155                 ],
1156                 [
1157                         AC_MSG_RESULT(yes)
1158                 ],
1159                 [
1160                         AC_MSG_RESULT(no)
1161                         AC_DEFINE(BROKEN_GETADDRINFO)
1162                 ]
1163         )
1164 fi
1165
1166 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1167     test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1168         AC_MSG_CHECKING(if getaddrinfo seems to work)
1169         AC_TRY_RUN(
1170                 [
1171 #include <stdio.h>
1172 #include <sys/socket.h>
1173 #include <netdb.h>
1174 #include <errno.h>
1175 #include <netinet/in.h>
1176
1177 #define TEST_PORT "2222"
1178
1179 int
1180 main(void)
1181 {
1182         int err, sock;
1183         struct addrinfo *gai_ai, *ai, hints;
1184         char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1185
1186         memset(&hints, 0, sizeof(hints));
1187         hints.ai_family = PF_UNSPEC;
1188         hints.ai_socktype = SOCK_STREAM;
1189         hints.ai_flags = AI_PASSIVE;
1190
1191         err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1192         if (err != 0) {
1193                 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1194                 exit(1);
1195         }
1196
1197         for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1198                 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1199                         continue;
1200
1201                 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1202                     sizeof(ntop), strport, sizeof(strport),
1203                     NI_NUMERICHOST|NI_NUMERICSERV);
1204
1205                 if (ai->ai_family == AF_INET && err != 0) {
1206                         perror("getnameinfo");
1207                         exit(2);
1208                 }
1209         }
1210         exit(0);
1211 }
1212                 ],
1213                 [
1214                         AC_MSG_RESULT(yes)
1215                         AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
1216 [Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
1217                 ],
1218                 [
1219                         AC_MSG_RESULT(no)
1220                         AC_DEFINE(BROKEN_GETADDRINFO)
1221                 ]
1222         )
1223 fi
1224
1225 if test "x$check_for_conflicting_getspnam" = "x1"; then
1226         AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1227         AC_COMPILE_IFELSE(
1228                 [
1229 #include <shadow.h>
1230 int main(void) {exit(0);}
1231                 ],
1232                 [
1233                         AC_MSG_RESULT(no)
1234                 ],
1235                 [
1236                         AC_MSG_RESULT(yes)
1237                         AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1238                             [Conflicting defs for getspnam])
1239                 ]
1240         )
1241 fi
1242
1243 AC_FUNC_GETPGRP
1244
1245 # Check for PAM libs
1246 PAM_MSG="no"
1247 AC_ARG_WITH(pam,
1248         [  --with-pam              Enable PAM support ],
1249         [
1250                 if test "x$withval" != "xno" ; then
1251                         if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1252                            test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1253                                 AC_MSG_ERROR([PAM headers not found])
1254                         fi
1255
1256                         AC_CHECK_LIB(dl, dlopen, , )
1257                         AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1258                         AC_CHECK_FUNCS(pam_getenvlist)
1259                         AC_CHECK_FUNCS(pam_putenv)
1260
1261                         PAM_MSG="yes"
1262
1263                         AC_DEFINE(USE_PAM)
1264                         if test $ac_cv_lib_dl_dlopen = yes; then
1265                                 LIBPAM="-lpam -ldl"
1266                         else
1267                                 LIBPAM="-lpam"
1268                         fi
1269                         AC_SUBST(LIBPAM)
1270                 fi
1271         ]
1272 )
1273
1274 # Check for older PAM
1275 if test "x$PAM_MSG" = "xyes" ; then
1276         # Check PAM strerror arguments (old PAM)
1277         AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1278         AC_TRY_COMPILE(
1279                 [
1280 #include <stdlib.h>
1281 #if defined(HAVE_SECURITY_PAM_APPL_H)
1282 #include <security/pam_appl.h>
1283 #elif defined (HAVE_PAM_PAM_APPL_H)
1284 #include <pam/pam_appl.h>
1285 #endif
1286                 ],
1287                 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1288                 [AC_MSG_RESULT(no)],
1289                 [
1290                         AC_DEFINE(HAVE_OLD_PAM)
1291                         AC_MSG_RESULT(yes)
1292                         PAM_MSG="yes (old library)"
1293                 ]
1294         )
1295 fi
1296
1297 # Search for OpenSSL
1298 saved_CPPFLAGS="$CPPFLAGS"
1299 saved_LDFLAGS="$LDFLAGS"
1300 AC_ARG_WITH(ssl-dir,
1301         [  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
1302         [
1303                 if test "x$withval" != "xno" ; then
1304                         case "$withval" in
1305                                 # Relative paths
1306                                 ./*|../*)       withval="`pwd`/$withval"
1307                         esac
1308                         if test -d "$withval/lib"; then
1309                                 if test -n "${need_dash_r}"; then
1310                                         LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1311                                 else
1312                                         LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1313                                 fi
1314                         else
1315                                 if test -n "${need_dash_r}"; then
1316                                         LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1317                                 else
1318                                         LDFLAGS="-L${withval} ${LDFLAGS}"
1319                                 fi
1320                         fi
1321                         if test -d "$withval/include"; then
1322                                 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1323                         else
1324                                 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1325                         fi
1326                 fi
1327         ]
1328 )
1329 LIBS="-lcrypto $LIBS"
1330 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1331         [
1332                 dnl Check default openssl install dir
1333                 if test -n "${need_dash_r}"; then
1334                         LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1335                 else
1336                         LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1337                 fi
1338                 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1339                 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1340                         [
1341                                 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1342                         ]
1343                 )
1344         ]
1345 )
1346
1347 # Determine OpenSSL header version
1348 AC_MSG_CHECKING([OpenSSL header version])
1349 AC_RUN_IFELSE(
1350         [AC_LANG_SOURCE([[
1351 #include <stdio.h>
1352 #include <string.h>
1353 #include <openssl/opensslv.h>
1354 #define DATA "conftest.sslincver"
1355 int main(void) {
1356         FILE *fd;
1357         int rc;
1358
1359         fd = fopen(DATA,"w");
1360         if(fd == NULL)
1361                 exit(1);
1362
1363         if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1364                 exit(1);
1365
1366         exit(0);
1367 }
1368         ]])],
1369         [
1370                 ssl_header_ver=`cat conftest.sslincver`
1371                 AC_MSG_RESULT($ssl_header_ver)
1372         ],
1373         [
1374                 AC_MSG_RESULT(not found)
1375                 AC_MSG_ERROR(OpenSSL version header not found.)
1376         ],
1377         [
1378                 AC_MSG_WARN([cross compiling: not checking])
1379         ]
1380 )
1381
1382 # Determine OpenSSL library version
1383 AC_MSG_CHECKING([OpenSSL library version])
1384 AC_RUN_IFELSE(
1385         [AC_LANG_SOURCE([[
1386 #include <stdio.h>
1387 #include <string.h>
1388 #include <openssl/opensslv.h>
1389 #include <openssl/crypto.h>
1390 #define DATA "conftest.ssllibver"
1391 int main(void) {
1392         FILE *fd;
1393         int rc;
1394
1395         fd = fopen(DATA,"w");
1396         if(fd == NULL)
1397                 exit(1);
1398
1399         if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1400                 exit(1);
1401
1402         exit(0);
1403 }
1404         ]])],
1405         [
1406                 ssl_library_ver=`cat conftest.ssllibver`
1407                 AC_MSG_RESULT($ssl_library_ver)
1408         ],
1409         [
1410                 AC_MSG_RESULT(not found)
1411                 AC_MSG_ERROR(OpenSSL library not found.)
1412         ],
1413         [
1414                 AC_MSG_WARN([cross compiling: not checking])
1415         ]
1416 )
1417
1418 # Sanity check OpenSSL headers
1419 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1420 AC_RUN_IFELSE(
1421         [AC_LANG_SOURCE([[
1422 #include <string.h>
1423 #include <openssl/opensslv.h>
1424 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1425         ]])],
1426         [
1427                 AC_MSG_RESULT(yes)
1428         ],
1429         [
1430                 AC_MSG_RESULT(no)
1431                 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1432 Check config.log for details.
1433 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1434         ],
1435         [
1436                 AC_MSG_WARN([cross compiling: not checking])
1437         ]
1438 )
1439
1440 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1441 # because the system crypt() is more featureful.
1442 if test "x$check_for_libcrypt_before" = "x1"; then
1443         AC_CHECK_LIB(crypt, crypt)
1444 fi
1445
1446 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1447 # version in OpenSSL.
1448 if test "x$check_for_libcrypt_later" = "x1"; then
1449         AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1450 fi
1451
1452
1453 ### Configure cryptographic random number support
1454
1455 # Check wheter OpenSSL seeds itself
1456 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1457 AC_RUN_IFELSE(
1458         [AC_LANG_SOURCE([[
1459 #include <string.h>
1460 #include <openssl/rand.h>
1461 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1462         ]])],
1463         [
1464                 OPENSSL_SEEDS_ITSELF=yes
1465                 AC_MSG_RESULT(yes)
1466         ],
1467         [
1468                 AC_MSG_RESULT(no)
1469                 # Default to use of the rand helper if OpenSSL doesn't
1470                 # seed itself
1471                 USE_RAND_HELPER=yes
1472         ],
1473         [
1474                 AC_MSG_WARN([cross compiling: assuming yes])
1475                 # This is safe, since all recent OpenSSL versions will
1476                 # complain at runtime if not seeded correctly.
1477                 OPENSSL_SEEDS_ITSELF=yes
1478         ]
1479 )
1480
1481
1482 # Do we want to force the use of the rand helper?
1483 AC_ARG_WITH(rand-helper,
1484         [  --with-rand-helper      Use subprocess to gather strong randomness ],
1485         [
1486                 if test "x$withval" = "xno" ; then
1487                         # Force use of OpenSSL's internal RNG, even if
1488                         # the previous test showed it to be unseeded.
1489                         if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1490                                 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1491                                 OPENSSL_SEEDS_ITSELF=yes
1492                                 USE_RAND_HELPER=""
1493                         fi
1494                 else
1495                         USE_RAND_HELPER=yes
1496                 fi
1497         ],
1498 )
1499
1500 # Which randomness source do we use?
1501 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1502         # OpenSSL only
1503         AC_DEFINE(OPENSSL_PRNG_ONLY)
1504         RAND_MSG="OpenSSL internal ONLY"
1505         INSTALL_SSH_RAND_HELPER=""
1506 elif test ! -z "$USE_RAND_HELPER" ; then
1507         # install rand helper
1508         RAND_MSG="ssh-rand-helper"
1509         INSTALL_SSH_RAND_HELPER="yes"
1510 fi
1511 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1512
1513 ### Configuration of ssh-rand-helper
1514
1515 # PRNGD TCP socket
1516 AC_ARG_WITH(prngd-port,
1517         [  --with-prngd-port=PORT  read entropy from PRNGD/EGD TCP localhost:PORT],
1518         [
1519                 case "$withval" in
1520                 no)
1521                         withval=""
1522                         ;;
1523                 [[0-9]]*)
1524                         ;;
1525                 *)
1526                         AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
1527                         ;;
1528                 esac
1529                 if test ! -z "$withval" ; then
1530                         PRNGD_PORT="$withval"
1531                         AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
1532                 fi
1533         ]
1534 )
1535
1536 # PRNGD Unix domain socket
1537 AC_ARG_WITH(prngd-socket,
1538         [  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
1539         [
1540                 case "$withval" in
1541                 yes)
1542                         withval="/var/run/egd-pool"
1543                         ;;
1544                 no)
1545                         withval=""
1546                         ;;
1547                 /*)
1548                         ;;
1549                 *)
1550                         AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
1551                         ;;
1552                 esac
1553
1554                 if test ! -z "$withval" ; then
1555                         if test ! -z "$PRNGD_PORT" ; then
1556                                 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
1557                         fi
1558                         if test ! -r "$withval" ; then
1559                                 AC_MSG_WARN(Entropy socket is not readable)
1560                         fi
1561                         PRNGD_SOCKET="$withval"
1562                         AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1563                 fi
1564         ],
1565         [
1566                 # Check for existing socket only if we don't have a random device already
1567                 if test "$USE_RAND_HELPER" = yes ; then
1568                         AC_MSG_CHECKING(for PRNGD/EGD socket)
1569                         # Insert other locations here
1570                         for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
1571                                 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
1572                                         PRNGD_SOCKET="$sock"
1573                                         AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
1574                                         break;
1575                                 fi
1576                         done
1577                         if test ! -z "$PRNGD_SOCKET" ; then
1578                                 AC_MSG_RESULT($PRNGD_SOCKET)
1579                         else
1580                                 AC_MSG_RESULT(not found)
1581                         fi
1582                 fi
1583         ]
1584 )
1585
1586 # Change default command timeout for hashing entropy source
1587 entropy_timeout=200
1588 AC_ARG_WITH(entropy-timeout,
1589         [  --with-entropy-timeout  Specify entropy gathering command timeout (msec)],
1590         [
1591                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
1592                     test "x${withval}" != "xyes"; then
1593                         entropy_timeout=$withval
1594                 fi
1595         ]
1596 )
1597 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1598
1599 SSH_PRIVSEP_USER=sshd
1600 AC_ARG_WITH(privsep-user,
1601         [  --with-privsep-user=user Specify non-privileged user for privilege separation],
1602         [
1603                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
1604                     test "x${withval}" != "xyes"; then
1605                         SSH_PRIVSEP_USER=$withval
1606                 fi
1607         ]
1608 )
1609 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1610 AC_SUBST(SSH_PRIVSEP_USER)
1611
1612 # We do this little dance with the search path to insure
1613 # that programs that we select for use by installed programs
1614 # (which may be run by the super-user) come from trusted
1615 # locations before they come from the user's private area.
1616 # This should help avoid accidentally configuring some
1617 # random version of a program in someone's personal bin.
1618
1619 OPATH=$PATH
1620 PATH=/bin:/usr/bin
1621 test -h /bin 2> /dev/null && PATH=/usr/bin
1622 test -d /sbin && PATH=$PATH:/sbin
1623 test -d /usr/sbin && PATH=$PATH:/usr/sbin
1624 PATH=$PATH:/etc:$OPATH
1625
1626 # These programs are used by the command hashing source to gather entropy
1627 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
1628 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
1629 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
1630 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
1631 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
1632 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
1633 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
1634 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
1635 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
1636 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
1637 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
1638 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
1639 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
1640 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
1641 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
1642 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
1643 # restore PATH
1644 PATH=$OPATH
1645
1646 # Where does ssh-rand-helper get its randomness from?
1647 INSTALL_SSH_PRNG_CMDS=""
1648 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
1649         if test ! -z "$PRNGD_PORT" ; then
1650                 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
1651         elif test ! -z "$PRNGD_SOCKET" ; then
1652                 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
1653         else
1654                 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
1655                 RAND_HELPER_CMDHASH=yes
1656                 INSTALL_SSH_PRNG_CMDS="yes"
1657         fi
1658 fi
1659 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
1660
1661
1662 # Cheap hack to ensure NEWS-OS libraries are arranged right.
1663 if test ! -z "$SONY" ; then
1664   LIBS="$LIBS -liberty";
1665 fi
1666
1667 # Checks for data types
1668 AC_CHECK_SIZEOF(char, 1)
1669 AC_CHECK_SIZEOF(short int, 2)
1670 AC_CHECK_SIZEOF(int, 4)
1671 AC_CHECK_SIZEOF(long int, 4)
1672 AC_CHECK_SIZEOF(long long int, 8)
1673
1674 # Sanity check long long for some platforms (AIX)
1675 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1676         ac_cv_sizeof_long_long_int=0
1677 fi
1678
1679 # More checks for data types
1680 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1681         AC_TRY_COMPILE(
1682                 [ #include <sys/types.h> ],
1683                 [ u_int a; a = 1;],
1684                 [ ac_cv_have_u_int="yes" ],
1685                 [ ac_cv_have_u_int="no" ]
1686         )
1687 ])
1688 if test "x$ac_cv_have_u_int" = "xyes" ; then
1689         AC_DEFINE(HAVE_U_INT)
1690         have_u_int=1
1691 fi
1692
1693 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1694         AC_TRY_COMPILE(
1695                 [ #include <sys/types.h> ],
1696                 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1697                 [ ac_cv_have_intxx_t="yes" ],
1698                 [ ac_cv_have_intxx_t="no" ]
1699         )
1700 ])
1701 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1702         AC_DEFINE(HAVE_INTXX_T)
1703         have_intxx_t=1
1704 fi
1705
1706 if (test -z "$have_intxx_t" && \
1707            test "x$ac_cv_header_stdint_h" = "xyes")
1708 then
1709     AC_MSG_CHECKING([for intXX_t types in stdint.h])
1710         AC_TRY_COMPILE(
1711                 [ #include <stdint.h> ],
1712                 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
1713                 [
1714                         AC_DEFINE(HAVE_INTXX_T)
1715                         AC_MSG_RESULT(yes)
1716                 ],
1717                 [ AC_MSG_RESULT(no) ]
1718         )
1719 fi
1720
1721 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1722         AC_TRY_COMPILE(
1723                 [
1724 #include <sys/types.h>
1725 #ifdef HAVE_STDINT_H
1726 # include <stdint.h>
1727 #endif
1728 #include <sys/socket.h>
1729 #ifdef HAVE_SYS_BITYPES_H
1730 # include <sys/bitypes.h>
1731 #endif
1732                 ],
1733                 [ int64_t a; a = 1;],
1734                 [ ac_cv_have_int64_t="yes" ],
1735                 [ ac_cv_have_int64_t="no" ]
1736         )
1737 ])
1738 if test "x$ac_cv_have_int64_t" = "xyes" ; then
1739         AC_DEFINE(HAVE_INT64_T)
1740 fi
1741
1742 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
1743         AC_TRY_COMPILE(
1744                 [ #include <sys/types.h> ],
1745                 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1746                 [ ac_cv_have_u_intxx_t="yes" ],
1747                 [ ac_cv_have_u_intxx_t="no" ]
1748         )
1749 ])
1750 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
1751         AC_DEFINE(HAVE_U_INTXX_T)
1752         have_u_intxx_t=1
1753 fi
1754
1755 if test -z "$have_u_intxx_t" ; then
1756     AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
1757         AC_TRY_COMPILE(
1758                 [ #include <sys/socket.h> ],
1759                 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
1760                 [
1761                         AC_DEFINE(HAVE_U_INTXX_T)
1762                         AC_MSG_RESULT(yes)
1763                 ],
1764                 [ AC_MSG_RESULT(no) ]
1765         )
1766 fi
1767
1768 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
1769         AC_TRY_COMPILE(
1770                 [ #include <sys/types.h> ],
1771                 [ u_int64_t a; a = 1;],
1772                 [ ac_cv_have_u_int64_t="yes" ],
1773                 [ ac_cv_have_u_int64_t="no" ]
1774         )
1775 ])
1776 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
1777         AC_DEFINE(HAVE_U_INT64_T)
1778         have_u_int64_t=1
1779 fi
1780
1781 if test -z "$have_u_int64_t" ; then
1782     AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
1783         AC_TRY_COMPILE(
1784                 [ #include <sys/bitypes.h> ],
1785                 [ u_int64_t a; a = 1],
1786                 [
1787                         AC_DEFINE(HAVE_U_INT64_T)
1788                         AC_MSG_RESULT(yes)
1789                 ],
1790                 [ AC_MSG_RESULT(no) ]
1791         )
1792 fi
1793
1794 if test -z "$have_u_intxx_t" ; then
1795         AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
1796                 AC_TRY_COMPILE(
1797                         [
1798 #include <sys/types.h>
1799                         ],
1800                         [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
1801                         [ ac_cv_have_uintxx_t="yes" ],
1802                         [ ac_cv_have_uintxx_t="no" ]
1803                 )
1804         ])
1805         if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
1806                 AC_DEFINE(HAVE_UINTXX_T)
1807         fi
1808 fi
1809
1810 if test -z "$have_uintxx_t" ; then
1811     AC_MSG_CHECKING([for uintXX_t types in stdint.h])
1812         AC_TRY_COMPILE(
1813                 [ #include <stdint.h> ],
1814                 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
1815                 [
1816                         AC_DEFINE(HAVE_UINTXX_T)
1817                         AC_MSG_RESULT(yes)
1818                 ],
1819                 [ AC_MSG_RESULT(no) ]
1820         )
1821 fi
1822
1823 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
1824            test "x$ac_cv_header_sys_bitypes_h" = "xyes")
1825 then
1826         AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
1827         AC_TRY_COMPILE(
1828                 [
1829 #include <sys/bitypes.h>
1830                 ],
1831                 [
1832                         int8_t a; int16_t b; int32_t c;
1833                         u_int8_t e; u_int16_t f; u_int32_t g;
1834                         a = b = c = e = f = g = 1;
1835                 ],
1836                 [
1837                         AC_DEFINE(HAVE_U_INTXX_T)
1838                         AC_DEFINE(HAVE_INTXX_T)
1839                         AC_MSG_RESULT(yes)
1840                 ],
1841                 [AC_MSG_RESULT(no)]
1842         )
1843 fi
1844
1845
1846 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
1847         AC_TRY_COMPILE(
1848                 [
1849 #include <sys/types.h>
1850                 ],
1851                 [ u_char foo; foo = 125; ],
1852                 [ ac_cv_have_u_char="yes" ],
1853                 [ ac_cv_have_u_char="no" ]
1854         )
1855 ])
1856 if test "x$ac_cv_have_u_char" = "xyes" ; then
1857         AC_DEFINE(HAVE_U_CHAR)
1858 fi
1859
1860 TYPE_SOCKLEN_T
1861
1862 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
1863
1864 AC_CHECK_TYPES(in_addr_t,,,
1865 [#include <sys/types.h>
1866 #include <netinet/in.h>])
1867
1868 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
1869         AC_TRY_COMPILE(
1870                 [
1871 #include <sys/types.h>
1872                 ],
1873                 [ size_t foo; foo = 1235; ],
1874                 [ ac_cv_have_size_t="yes" ],
1875                 [ ac_cv_have_size_t="no" ]
1876         )
1877 ])
1878 if test "x$ac_cv_have_size_t" = "xyes" ; then
1879         AC_DEFINE(HAVE_SIZE_T)
1880 fi
1881
1882 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
1883         AC_TRY_COMPILE(
1884                 [
1885 #include <sys/types.h>
1886                 ],
1887                 [ ssize_t foo; foo = 1235; ],
1888                 [ ac_cv_have_ssize_t="yes" ],
1889                 [ ac_cv_have_ssize_t="no" ]
1890         )
1891 ])
1892 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
1893         AC_DEFINE(HAVE_SSIZE_T)
1894 fi
1895
1896 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
1897         AC_TRY_COMPILE(
1898                 [
1899 #include <time.h>
1900                 ],
1901                 [ clock_t foo; foo = 1235; ],
1902                 [ ac_cv_have_clock_t="yes" ],
1903                 [ ac_cv_have_clock_t="no" ]
1904         )
1905 ])
1906 if test "x$ac_cv_have_clock_t" = "xyes" ; then
1907         AC_DEFINE(HAVE_CLOCK_T)
1908 fi
1909
1910 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
1911         AC_TRY_COMPILE(
1912                 [
1913 #include <sys/types.h>
1914 #include <sys/socket.h>
1915                 ],
1916                 [ sa_family_t foo; foo = 1235; ],
1917                 [ ac_cv_have_sa_family_t="yes" ],
1918                 [ AC_TRY_COMPILE(
1919                   [
1920 #include <sys/types.h>
1921 #include <sys/socket.h>
1922 #include <netinet/in.h>
1923                 ],
1924                 [ sa_family_t foo; foo = 1235; ],
1925                 [ ac_cv_have_sa_family_t="yes" ],
1926
1927                 [ ac_cv_have_sa_family_t="no" ]
1928         )]
1929         )
1930 ])
1931 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
1932         AC_DEFINE(HAVE_SA_FAMILY_T)
1933 fi
1934
1935 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
1936         AC_TRY_COMPILE(
1937                 [
1938 #include <sys/types.h>
1939                 ],
1940                 [ pid_t foo; foo = 1235; ],
1941                 [ ac_cv_have_pid_t="yes" ],
1942                 [ ac_cv_have_pid_t="no" ]
1943         )
1944 ])
1945 if test "x$ac_cv_have_pid_t" = "xyes" ; then
1946         AC_DEFINE(HAVE_PID_T)
1947 fi
1948
1949 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
1950         AC_TRY_COMPILE(
1951                 [
1952 #include <sys/types.h>
1953                 ],
1954                 [ mode_t foo; foo = 1235; ],
1955                 [ ac_cv_have_mode_t="yes" ],
1956                 [ ac_cv_have_mode_t="no" ]
1957         )
1958 ])
1959 if test "x$ac_cv_have_mode_t" = "xyes" ; then
1960         AC_DEFINE(HAVE_MODE_T)
1961 fi
1962
1963
1964 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
1965         AC_TRY_COMPILE(
1966                 [
1967 #include <sys/types.h>
1968 #include <sys/socket.h>
1969                 ],
1970                 [ struct sockaddr_storage s; ],
1971                 [ ac_cv_have_struct_sockaddr_storage="yes" ],
1972                 [ ac_cv_have_struct_sockaddr_storage="no" ]
1973         )
1974 ])
1975 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
1976         AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
1977 fi
1978
1979 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
1980         AC_TRY_COMPILE(
1981                 [
1982 #include <sys/types.h>
1983 #include <netinet/in.h>
1984                 ],
1985                 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
1986                 [ ac_cv_have_struct_sockaddr_in6="yes" ],
1987                 [ ac_cv_have_struct_sockaddr_in6="no" ]
1988         )
1989 ])
1990 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
1991         AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
1992 fi
1993
1994 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
1995         AC_TRY_COMPILE(
1996                 [
1997 #include <sys/types.h>
1998 #include <netinet/in.h>
1999                 ],
2000                 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2001                 [ ac_cv_have_struct_in6_addr="yes" ],
2002                 [ ac_cv_have_struct_in6_addr="no" ]
2003         )
2004 ])
2005 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2006         AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
2007 fi
2008
2009 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2010         AC_TRY_COMPILE(
2011                 [
2012 #include <sys/types.h>
2013 #include <sys/socket.h>
2014 #include <netdb.h>
2015                 ],
2016                 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2017                 [ ac_cv_have_struct_addrinfo="yes" ],
2018                 [ ac_cv_have_struct_addrinfo="no" ]
2019         )
2020 ])
2021 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2022         AC_DEFINE(HAVE_STRUCT_ADDRINFO)
2023 fi
2024
2025 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2026         AC_TRY_COMPILE(
2027                 [ #include <sys/time.h> ],
2028                 [ struct timeval tv; tv.tv_sec = 1;],
2029                 [ ac_cv_have_struct_timeval="yes" ],
2030                 [ ac_cv_have_struct_timeval="no" ]
2031         )
2032 ])
2033 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2034         AC_DEFINE(HAVE_STRUCT_TIMEVAL)
2035         have_struct_timeval=1
2036 fi
2037
2038 AC_CHECK_TYPES(struct timespec)
2039
2040 # We need int64_t or else certian parts of the compile will fail.
2041 if test "x$ac_cv_have_int64_t" = "xno" && \
2042         test "x$ac_cv_sizeof_long_int" != "x8" && \
2043         test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2044         echo "OpenSSH requires int64_t support.  Contact your vendor or install"
2045         echo "an alternative compiler (I.E., GCC) before continuing."
2046         echo ""
2047         exit 1;
2048 else
2049 dnl test snprintf (broken on SCO w/gcc)
2050         AC_RUN_IFELSE(
2051                 [AC_LANG_SOURCE([[
2052 #include <stdio.h>
2053 #include <string.h>
2054 #ifdef HAVE_SNPRINTF
2055 main()
2056 {
2057         char buf[50];
2058         char expected_out[50];
2059         int mazsize = 50 ;
2060 #if (SIZEOF_LONG_INT == 8)
2061         long int num = 0x7fffffffffffffff;
2062 #else
2063         long long num = 0x7fffffffffffffffll;
2064 #endif
2065         strcpy(expected_out, "9223372036854775807");
2066         snprintf(buf, mazsize, "%lld", num);
2067         if(strcmp(buf, expected_out) != 0)
2068                 exit(1);
2069         exit(0);
2070 }
2071 #else
2072 main() { exit(0); }
2073 #endif
2074                 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2075                 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2076         )
2077 fi
2078
2079 dnl Checks for structure members
2080 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2081 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2082 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2083 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2084 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2085 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2086 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2087 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2088 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2089 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2090 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2091 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2092 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2093 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2094 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2095 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2096 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2097
2098 AC_CHECK_MEMBERS([struct stat.st_blksize])
2099
2100 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2101                 ac_cv_have_ss_family_in_struct_ss, [
2102         AC_TRY_COMPILE(
2103                 [
2104 #include <sys/types.h>
2105 #include <sys/socket.h>
2106                 ],
2107                 [ struct sockaddr_storage s; s.ss_family = 1; ],
2108                 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2109                 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2110         )
2111 ])
2112 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2113         AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
2114 fi
2115
2116 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2117                 ac_cv_have___ss_family_in_struct_ss, [
2118         AC_TRY_COMPILE(
2119                 [
2120 #include <sys/types.h>
2121 #include <sys/socket.h>
2122                 ],
2123                 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2124                 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2125                 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2126         )
2127 ])
2128 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2129         AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
2130 fi
2131
2132 AC_CACHE_CHECK([for pw_class field in struct passwd],
2133                 ac_cv_have_pw_class_in_struct_passwd, [
2134         AC_TRY_COMPILE(
2135                 [
2136 #include <pwd.h>
2137                 ],
2138                 [ struct passwd p; p.pw_class = 0; ],
2139                 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2140                 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2141         )
2142 ])
2143 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2144         AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
2145 fi
2146
2147 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2148                 ac_cv_have_pw_expire_in_struct_passwd, [
2149         AC_TRY_COMPILE(
2150                 [
2151 #include <pwd.h>
2152                 ],
2153                 [ struct passwd p; p.pw_expire = 0; ],
2154                 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2155                 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2156         )
2157 ])
2158 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2159         AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
2160 fi
2161
2162 AC_CACHE_CHECK([for pw_change field in struct passwd],
2163                 ac_cv_have_pw_change_in_struct_passwd, [
2164         AC_TRY_COMPILE(
2165                 [
2166 #include <pwd.h>
2167                 ],
2168                 [ struct passwd p; p.pw_change = 0; ],
2169                 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2170                 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2171         )
2172 ])
2173 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2174         AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
2175 fi
2176
2177 dnl make sure we're using the real structure members and not defines
2178 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2179                 ac_cv_have_accrights_in_msghdr, [
2180         AC_COMPILE_IFELSE(
2181                 [
2182 #include <sys/types.h>
2183 #include <sys/socket.h>
2184 #include <sys/uio.h>
2185 int main() {
2186 #ifdef msg_accrights
2187 #error "msg_accrights is a macro"
2188 exit(1);
2189 #endif
2190 struct msghdr m;
2191 m.msg_accrights = 0;
2192 exit(0);
2193 }
2194                 ],
2195                 [ ac_cv_have_accrights_in_msghdr="yes" ],
2196                 [ ac_cv_have_accrights_in_msghdr="no" ]
2197         )
2198 ])
2199 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2200         AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
2201 fi
2202
2203 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2204                 ac_cv_have_control_in_msghdr, [
2205         AC_COMPILE_IFELSE(
2206                 [
2207 #include <sys/types.h>
2208 #include <sys/socket.h>
2209 #include <sys/uio.h>
2210 int main() {
2211 #ifdef msg_control
2212 #error "msg_control is a macro"
2213 exit(1);
2214 #endif
2215 struct msghdr m;
2216 m.msg_control = 0;
2217 exit(0);
2218 }
2219                 ],
2220                 [ ac_cv_have_control_in_msghdr="yes" ],
2221                 [ ac_cv_have_control_in_msghdr="no" ]
2222         )
2223 ])
2224 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2225         AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
2226 fi
2227
2228 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2229         AC_TRY_LINK([],
2230                 [ extern char *__progname; printf("%s", __progname); ],
2231                 [ ac_cv_libc_defines___progname="yes" ],
2232                 [ ac_cv_libc_defines___progname="no" ]
2233         )
2234 ])
2235 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2236         AC_DEFINE(HAVE___PROGNAME)
2237 fi
2238
2239 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2240         AC_TRY_LINK([
2241 #include <stdio.h>
2242 ],
2243                 [ printf("%s", __FUNCTION__); ],
2244                 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2245                 [ ac_cv_cc_implements___FUNCTION__="no" ]
2246         )
2247 ])
2248 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2249         AC_DEFINE(HAVE___FUNCTION__)
2250 fi
2251
2252 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2253         AC_TRY_LINK([
2254 #include <stdio.h>
2255 ],
2256                 [ printf("%s", __func__); ],
2257                 [ ac_cv_cc_implements___func__="yes" ],
2258                 [ ac_cv_cc_implements___func__="no" ]
2259         )
2260 ])
2261 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2262         AC_DEFINE(HAVE___func__)
2263 fi
2264
2265 AC_CACHE_CHECK([whether getopt has optreset support],
2266                 ac_cv_have_getopt_optreset, [
2267         AC_TRY_LINK(
2268                 [
2269 #include <getopt.h>
2270                 ],
2271                 [ extern int optreset; optreset = 0; ],
2272                 [ ac_cv_have_getopt_optreset="yes" ],
2273                 [ ac_cv_have_getopt_optreset="no" ]
2274         )
2275 ])
2276 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2277         AC_DEFINE(HAVE_GETOPT_OPTRESET)
2278 fi
2279
2280 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2281         AC_TRY_LINK([],
2282                 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2283                 [ ac_cv_libc_defines_sys_errlist="yes" ],
2284                 [ ac_cv_libc_defines_sys_errlist="no" ]
2285         )
2286 ])
2287 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2288         AC_DEFINE(HAVE_SYS_ERRLIST)
2289 fi
2290
2291
2292 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2293         AC_TRY_LINK([],
2294                 [ extern int sys_nerr; printf("%i", sys_nerr);],
2295                 [ ac_cv_libc_defines_sys_nerr="yes" ],
2296                 [ ac_cv_libc_defines_sys_nerr="no" ]
2297         )
2298 ])
2299 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2300         AC_DEFINE(HAVE_SYS_NERR)
2301 fi
2302
2303 SCARD_MSG="no"
2304 # Check whether user wants sectok support
2305 AC_ARG_WITH(sectok,
2306         [  --with-sectok           Enable smartcard support using libsectok],
2307         [
2308                 if test "x$withval" != "xno" ; then
2309                         if test "x$withval" != "xyes" ; then
2310                                 CPPFLAGS="$CPPFLAGS -I${withval}"
2311                                 LDFLAGS="$LDFLAGS -L${withval}"
2312                                 if test ! -z "$need_dash_r" ; then
2313                                         LDFLAGS="$LDFLAGS -R${withval}"
2314                                 fi
2315                                 if test ! -z "$blibpath" ; then
2316                                         blibpath="$blibpath:${withval}"
2317                                 fi
2318                         fi
2319                         AC_CHECK_HEADERS(sectok.h)
2320                         if test "$ac_cv_header_sectok_h" != yes; then
2321                                 AC_MSG_ERROR(Can't find sectok.h)
2322                         fi
2323                         AC_CHECK_LIB(sectok, sectok_open)
2324                         if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2325                                 AC_MSG_ERROR(Can't find libsectok)
2326                         fi
2327                         AC_DEFINE(SMARTCARD)
2328                         AC_DEFINE(USE_SECTOK)
2329                         SCARD_MSG="yes, using sectok"
2330                 fi
2331         ]
2332 )
2333
2334 # Check whether user wants OpenSC support
2335 OPENSC_CONFIG="no"
2336 AC_ARG_WITH(opensc,
2337         [--with-opensc[[=PFX]]       Enable smartcard support using OpenSC (optionally in PATH)],
2338         [
2339             if test "x$withval" != "xno" ; then
2340                 if test "x$withval" != "xyes" ; then
2341                         OPENSC_CONFIG=$withval/bin/opensc-config
2342                 else
2343                         AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2344                 fi
2345                 if test "$OPENSC_CONFIG" != "no"; then
2346                         LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2347                         LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2348                         CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2349                         LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2350                         AC_DEFINE(SMARTCARD)
2351                         AC_DEFINE(USE_OPENSC)
2352                         SCARD_MSG="yes, using OpenSC"
2353                 fi
2354             fi
2355         ]
2356 )
2357
2358 # Check libraries needed by DNS fingerprint support
2359 AC_SEARCH_LIBS(getrrsetbyname, resolv,
2360         [AC_DEFINE(HAVE_GETRRSETBYNAME)],
2361         [
2362                 # Needed by our getrrsetbyname()
2363                 AC_SEARCH_LIBS(res_query, resolv)
2364                 AC_SEARCH_LIBS(dn_expand, resolv)
2365                 AC_MSG_CHECKING(if res_query will link)
2366                 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
2367                    [AC_MSG_RESULT(no)
2368                     saved_LIBS="$LIBS"
2369                     LIBS="$LIBS -lresolv"
2370                     AC_MSG_CHECKING(for res_query in -lresolv)
2371                     AC_LINK_IFELSE([
2372 #include <resolv.h>
2373 int main()
2374 {
2375         res_query (0, 0, 0, 0, 0);
2376         return 0;
2377 }
2378                         ],
2379                         [LIBS="$LIBS -lresolv"
2380                          AC_MSG_RESULT(yes)],
2381                         [LIBS="$saved_LIBS"
2382                          AC_MSG_RESULT(no)])
2383                     ])
2384                 AC_CHECK_FUNCS(_getshort _getlong)
2385                 AC_CHECK_MEMBER(HEADER.ad,
2386                         [AC_DEFINE(HAVE_HEADER_AD)],,
2387                         [#include <arpa/nameser.h>])
2388         ])
2389
2390 # Check whether user wants Kerberos 5 support
2391 KRB5_MSG="no"
2392 AC_ARG_WITH(kerberos5,
2393         [  --with-kerberos5=PATH   Enable Kerberos 5 support],
2394         [ if test "x$withval" != "xno" ; then
2395                 if test "x$withval" = "xyes" ; then
2396                         KRB5ROOT="/usr/local"
2397                 else
2398                         KRB5ROOT=${withval}
2399                 fi
2400
2401                 AC_DEFINE(KRB5)
2402                 KRB5_MSG="yes"
2403
2404                 AC_MSG_CHECKING(for krb5-config)
2405                 if test -x  $KRB5ROOT/bin/krb5-config ; then
2406                         KRB5CONF=$KRB5ROOT/bin/krb5-config
2407                         AC_MSG_RESULT($KRB5CONF)
2408
2409                         AC_MSG_CHECKING(for gssapi support)
2410                         if $KRB5CONF | grep gssapi >/dev/null ; then
2411                                 AC_MSG_RESULT(yes)
2412                                 AC_DEFINE(GSSAPI)
2413                                 k5confopts=gssapi
2414                         else
2415                                 AC_MSG_RESULT(no)
2416                                 k5confopts=""
2417                         fi
2418                         K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
2419                         K5LIBS="`$KRB5CONF --libs $k5confopts`"
2420                         CPPFLAGS="$CPPFLAGS $K5CFLAGS"
2421                         AC_MSG_CHECKING(whether we are using Heimdal)
2422                         AC_TRY_COMPILE([ #include <krb5.h> ],
2423                                        [ char *tmp = heimdal_version; ],
2424                                        [ AC_MSG_RESULT(yes)
2425                                          AC_DEFINE(HEIMDAL) ],
2426                                          AC_MSG_RESULT(no)
2427                         )
2428                 else
2429                         AC_MSG_RESULT(no)
2430                         CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
2431                         LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
2432                         AC_MSG_CHECKING(whether we are using Heimdal)
2433                         AC_TRY_COMPILE([ #include <krb5.h> ],
2434                                        [ char *tmp = heimdal_version; ],
2435                                        [ AC_MSG_RESULT(yes)
2436                                          AC_DEFINE(HEIMDAL)
2437                                          K5LIBS="-lkrb5 -ldes"
2438                                          K5LIBS="$K5LIBS -lcom_err -lasn1"
2439                                          AC_CHECK_LIB(roken, net_write,
2440                                            [K5LIBS="$K5LIBS -lroken"])
2441                                        ],
2442                                        [ AC_MSG_RESULT(no)
2443                                          K5LIBS="-lkrb5 -lk5crypto -lcom_err"
2444                                        ]
2445                         )
2446                         AC_SEARCH_LIBS(dn_expand, resolv)
2447
2448                         AC_CHECK_LIB(gssapi,gss_init_sec_context,
2449                                 [ AC_DEFINE(GSSAPI)
2450                                   K5LIBS="-lgssapi $K5LIBS" ],
2451                                 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
2452                                         [ AC_DEFINE(GSSAPI)
2453                                           K5LIBS="-lgssapi_krb5 $K5LIBS" ],
2454                                         AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
2455                                         $K5LIBS)
2456                                 ],
2457                                 $K5LIBS)
2458
2459                         AC_CHECK_HEADER(gssapi.h, ,
2460                                 [ unset ac_cv_header_gssapi_h
2461                                   CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2462                                   AC_CHECK_HEADERS(gssapi.h, ,
2463                                         AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
2464                                   )
2465                                 ]
2466                         )
2467
2468                         oldCPP="$CPPFLAGS"
2469                         CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
2470                         AC_CHECK_HEADER(gssapi_krb5.h, ,
2471                                         [ CPPFLAGS="$oldCPP" ])
2472
2473                 fi
2474                 if test ! -z "$need_dash_r" ; then
2475                         LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
2476                 fi
2477                 if test ! -z "$blibpath" ; then
2478                         blibpath="$blibpath:${KRB5ROOT}/lib"
2479                 fi
2480         fi
2481
2482         AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2483         AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2484         AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2485
2486         LIBS="$LIBS $K5LIBS"
2487         AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2488         AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2489         ]
2490 )
2491
2492 # Looking for programs, paths and files
2493
2494 PRIVSEP_PATH=/var/empty
2495 AC_ARG_WITH(privsep-path,
2496         [  --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2497         [
2498                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
2499                     test "x${withval}" != "xyes"; then
2500                         PRIVSEP_PATH=$withval
2501                 fi
2502         ]
2503 )
2504 AC_SUBST(PRIVSEP_PATH)
2505
2506 AC_ARG_WITH(xauth,
2507         [  --with-xauth=PATH       Specify path to xauth program ],
2508         [
2509                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
2510                     test "x${withval}" != "xyes"; then
2511                         xauth_path=$withval
2512                 fi
2513         ],
2514         [
2515                 TestPath="$PATH"
2516                 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
2517                 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
2518                 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
2519                 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
2520                 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
2521                 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
2522                         xauth_path="/usr/openwin/bin/xauth"
2523                 fi
2524         ]
2525 )
2526
2527 STRIP_OPT=-s
2528 AC_ARG_ENABLE(strip,
2529         [  --disable-strip         Disable calling strip(1) on install],
2530         [
2531                 if test "x$enableval" = "xno" ; then
2532                         STRIP_OPT=
2533                 fi
2534         ]
2535 )
2536 AC_SUBST(STRIP_OPT)
2537
2538 if test -z "$xauth_path" ; then
2539         XAUTH_PATH="undefined"
2540         AC_SUBST(XAUTH_PATH)
2541 else
2542         AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
2543         XAUTH_PATH=$xauth_path
2544         AC_SUBST(XAUTH_PATH)
2545 fi
2546
2547 # Check for mail directory (last resort if we cannot get it from headers)
2548 if test ! -z "$MAIL" ; then
2549         maildir=`dirname $MAIL`
2550         AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
2551 fi
2552
2553 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
2554         AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
2555         disable_ptmx_check=yes
2556 fi
2557 if test -z "$no_dev_ptmx" ; then
2558         if test "x$disable_ptmx_check" != "xyes" ; then
2559                 AC_CHECK_FILE("/dev/ptmx",
2560                         [
2561                                 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
2562                                 have_dev_ptmx=1
2563                         ]
2564                 )
2565         fi
2566 fi
2567
2568 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2569         AC_CHECK_FILE("/dev/ptc",
2570                 [
2571                         AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
2572                         have_dev_ptc=1
2573                 ]
2574         )
2575 else
2576         AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
2577 fi
2578
2579 # Options from here on. Some of these are preset by platform above
2580 AC_ARG_WITH(mantype,
2581         [  --with-mantype=man|cat|doc  Set man page type],
2582         [
2583                 case "$withval" in
2584                 man|cat|doc)
2585                         MANTYPE=$withval
2586                         ;;
2587                 *)
2588                         AC_MSG_ERROR(invalid man type: $withval)
2589                         ;;
2590                 esac
2591         ]
2592 )
2593 if test -z "$MANTYPE"; then
2594         TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
2595         AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
2596         if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
2597                 MANTYPE=doc
2598         elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
2599                 MANTYPE=man
2600         else
2601                 MANTYPE=cat
2602         fi
2603 fi
2604 AC_SUBST(MANTYPE)
2605 if test "$MANTYPE" = "doc"; then
2606         mansubdir=man;
2607 else
2608         mansubdir=$MANTYPE;
2609 fi
2610 AC_SUBST(mansubdir)
2611
2612 # Check whether to enable MD5 passwords
2613 MD5_MSG="no"
2614 AC_ARG_WITH(md5-passwords,
2615         [  --with-md5-passwords    Enable use of MD5 passwords],
2616         [
2617                 if test "x$withval" != "xno" ; then
2618                         AC_DEFINE(HAVE_MD5_PASSWORDS)
2619                         MD5_MSG="yes"
2620                 fi
2621         ]
2622 )
2623
2624 # Whether to disable shadow password support
2625 AC_ARG_WITH(shadow,
2626         [  --without-shadow        Disable shadow password support],
2627         [
2628                 if test "x$withval" = "xno" ; then
2629                         AC_DEFINE(DISABLE_SHADOW)
2630                         disable_shadow=yes
2631                 fi
2632         ]
2633 )
2634
2635 if test -z "$disable_shadow" ; then
2636         AC_MSG_CHECKING([if the systems has expire shadow information])
2637         AC_TRY_COMPILE(
2638         [
2639 #include <sys/types.h>
2640 #include <shadow.h>
2641         struct spwd sp;
2642         ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
2643         [ sp_expire_available=yes ], []
2644         )
2645
2646         if test "x$sp_expire_available" = "xyes" ; then
2647                 AC_MSG_RESULT(yes)
2648                 AC_DEFINE(HAS_SHADOW_EXPIRE)
2649         else
2650                 AC_MSG_RESULT(no)
2651         fi
2652 fi
2653
2654 # Use ip address instead of hostname in $DISPLAY
2655 if test ! -z "$IPADDR_IN_DISPLAY" ; then
2656         DISPLAY_HACK_MSG="yes"
2657         AC_DEFINE(IPADDR_IN_DISPLAY)
2658 else
2659         DISPLAY_HACK_MSG="no"
2660         AC_ARG_WITH(ipaddr-display,
2661                 [  --with-ipaddr-display   Use ip address instead of hostname in \$DISPLAY],
2662                 [
2663                         if test "x$withval" != "xno" ; then
2664                                 AC_DEFINE(IPADDR_IN_DISPLAY)
2665                                 DISPLAY_HACK_MSG="yes"
2666                         fi
2667                 ]
2668         )
2669 fi
2670
2671 # check for /etc/default/login and use it if present.
2672 AC_ARG_ENABLE(etc-default-login,
2673         [  --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
2674         [ if test "x$enableval" = "xno"; then
2675                 AC_MSG_NOTICE([/etc/default/login handling disabled])
2676                 etc_default_login=no
2677           else
2678                 etc_default_login=yes
2679           fi ],
2680         [ etc_default_login=yes ]
2681 )
2682
2683 if test "x$etc_default_login" != "xno"; then
2684         AC_CHECK_FILE("/etc/default/login",
2685             [ external_path_file=/etc/default/login ])
2686         if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
2687         then
2688                 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
2689         elif test "x$external_path_file" = "x/etc/default/login"; then
2690                 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2691         fi
2692 fi
2693
2694 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2695 if test $ac_cv_func_login_getcapbool = "yes" && \
2696         test $ac_cv_header_login_cap_h = "yes" ; then
2697         external_path_file=/etc/login.conf
2698 fi
2699
2700 # Whether to mess with the default path
2701 SERVER_PATH_MSG="(default)"
2702 AC_ARG_WITH(default-path,
2703         [  --with-default-path=    Specify default \$PATH environment for server],
2704         [
2705                 if test "x$external_path_file" = "x/etc/login.conf" ; then
2706                         AC_MSG_WARN([
2707 --with-default-path=PATH has no effect on this system.
2708 Edit /etc/login.conf instead.])
2709                 elif test "x$withval" != "xno" ; then
2710                         if test ! -z "$external_path_file" ; then
2711                                 AC_MSG_WARN([
2712 --with-default-path=PATH will only be used if PATH is not defined in
2713 $external_path_file .])
2714                         fi
2715                         user_path="$withval"
2716                         SERVER_PATH_MSG="$withval"
2717                 fi
2718         ],
2719         [ if test "x$external_path_file" = "x/etc/login.conf" ; then
2720                 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
2721         else
2722                 if test ! -z "$external_path_file" ; then
2723                         AC_MSG_WARN([
2724 If PATH is defined in $external_path_file, ensure the path to scp is included,
2725 otherwise scp will not work.])
2726                 fi
2727                 AC_TRY_RUN(
2728                         [
2729 /* find out what STDPATH is */
2730 #include <stdio.h>
2731 #ifdef HAVE_PATHS_H
2732 # include <paths.h>
2733 #endif
2734 #ifndef _PATH_STDPATH
2735 # ifdef _PATH_USERPATH  /* Irix */
2736 #  define _PATH_STDPATH _PATH_USERPATH
2737 # else
2738 #  define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
2739 # endif
2740 #endif
2741 #include <sys/types.h>
2742 #include <sys/stat.h>
2743 #include <fcntl.h>
2744 #define DATA "conftest.stdpath"
2745
2746 main()
2747 {
2748         FILE *fd;
2749         int rc;
2750
2751         fd = fopen(DATA,"w");
2752         if(fd == NULL)
2753                 exit(1);
2754
2755         if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2756                 exit(1);
2757
2758         exit(0);
2759 }
2760                 ], [ user_path=`cat conftest.stdpath` ],
2761                 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
2762                 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
2763         )
2764 # make sure $bindir is in USER_PATH so scp will work
2765                 t_bindir=`eval echo ${bindir}`
2766                 case $t_bindir in
2767                         NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
2768                 esac
2769                 case $t_bindir in
2770                         NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
2771                 esac
2772                 echo $user_path | grep ":$t_bindir"  > /dev/null 2>&1
2773                 if test $? -ne 0  ; then
2774                         echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1
2775                         if test $? -ne 0  ; then
2776                                 user_path=$user_path:$t_bindir
2777                                 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
2778                         fi
2779                 fi
2780         fi ]
2781 )
2782 if test "x$external_path_file" != "x/etc/login.conf" ; then
2783         AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
2784         AC_SUBST(user_path)
2785 fi
2786
2787 # Set superuser path separately to user path
2788 AC_ARG_WITH(superuser-path,
2789         [  --with-superuser-path=  Specify different path for super-user],
2790         [
2791                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
2792                     test "x${withval}" != "xyes"; then
2793                         AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2794                         superuser_path=$withval
2795                 fi
2796         ]
2797 )
2798
2799
2800 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
2801 IPV4_IN6_HACK_MSG="no"
2802 AC_ARG_WITH(4in6,
2803         [  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
2804         [
2805                 if test "x$withval" != "xno" ; then
2806                         AC_MSG_RESULT(yes)
2807                         AC_DEFINE(IPV4_IN_IPV6)
2808                         IPV4_IN6_HACK_MSG="yes"
2809                 else
2810                         AC_MSG_RESULT(no)
2811                 fi
2812         ],[
2813                 if test "x$inet6_default_4in6" = "xyes"; then
2814                         AC_MSG_RESULT([yes (default)])
2815                         AC_DEFINE(IPV4_IN_IPV6)
2816                         IPV4_IN6_HACK_MSG="yes"
2817                 else
2818                         AC_MSG_RESULT([no (default)])
2819                 fi
2820         ]
2821 )
2822
2823 # Whether to enable BSD auth support
2824 BSD_AUTH_MSG=no
2825 AC_ARG_WITH(bsd-auth,
2826         [  --with-bsd-auth         Enable BSD auth support],
2827         [
2828                 if test "x$withval" != "xno" ; then
2829                         AC_DEFINE(BSD_AUTH)
2830                         BSD_AUTH_MSG=yes
2831                 fi
2832         ]
2833 )
2834
2835 # Where to place sshd.pid
2836 piddir=/var/run
2837 # make sure the directory exists
2838 if test ! -d $piddir ; then
2839         piddir=`eval echo ${sysconfdir}`
2840         case $piddir in
2841                 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
2842         esac
2843 fi
2844
2845 AC_ARG_WITH(pid-dir,
2846         [  --with-pid-dir=PATH     Specify location of ssh.pid file],
2847         [
2848                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
2849                     test "x${withval}" != "xyes"; then
2850                         piddir=$withval
2851                         if test ! -d $piddir ; then
2852                         AC_MSG_WARN([** no $piddir directory on this system **])
2853                         fi
2854                 fi
2855         ]
2856 )
2857
2858 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
2859 AC_SUBST(piddir)
2860
2861 dnl allow user to disable some login recording features
2862 AC_ARG_ENABLE(lastlog,
2863         [  --disable-lastlog       disable use of lastlog even if detected [no]],
2864         [
2865                 if test "x$enableval" = "xno" ; then
2866                         AC_DEFINE(DISABLE_LASTLOG)
2867                 fi
2868         ]
2869 )
2870 AC_ARG_ENABLE(utmp,
2871         [  --disable-utmp          disable use of utmp even if detected [no]],
2872         [
2873                 if test "x$enableval" = "xno" ; then
2874                         AC_DEFINE(DISABLE_UTMP)
2875                 fi
2876         ]
2877 )
2878 AC_ARG_ENABLE(utmpx,
2879         [  --disable-utmpx         disable use of utmpx even if detected [no]],
2880         [
2881                 if test "x$enableval" = "xno" ; then
2882                         AC_DEFINE(DISABLE_UTMPX)
2883                 fi
2884         ]
2885 )
2886 AC_ARG_ENABLE(wtmp,
2887         [  --disable-wtmp          disable use of wtmp even if detected [no]],
2888         [
2889                 if test "x$enableval" = "xno" ; then
2890                         AC_DEFINE(DISABLE_WTMP)
2891                 fi
2892         ]
2893 )
2894 AC_ARG_ENABLE(wtmpx,
2895         [  --disable-wtmpx         disable use of wtmpx even if detected [no]],
2896         [
2897                 if test "x$enableval" = "xno" ; then
2898                         AC_DEFINE(DISABLE_WTMPX)
2899                 fi
2900         ]
2901 )
2902 AC_ARG_ENABLE(libutil,
2903         [  --disable-libutil       disable use of libutil (login() etc.) [no]],
2904         [
2905                 if test "x$enableval" = "xno" ; then
2906                         AC_DEFINE(DISABLE_LOGIN)
2907                 fi
2908         ]
2909 )
2910 AC_ARG_ENABLE(pututline,
2911         [  --disable-pututline     disable use of pututline() etc. ([uw]tmp) [no]],
2912         [
2913                 if test "x$enableval" = "xno" ; then
2914                         AC_DEFINE(DISABLE_PUTUTLINE)
2915                 fi
2916         ]
2917 )
2918 AC_ARG_ENABLE(pututxline,
2919         [  --disable-pututxline    disable use of pututxline() etc. ([uw]tmpx) [no]],
2920         [
2921                 if test "x$enableval" = "xno" ; then
2922                         AC_DEFINE(DISABLE_PUTUTXLINE)
2923                 fi
2924         ]
2925 )
2926 AC_ARG_WITH(lastlog,
2927   [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2928         [
2929                 if test "x$withval" = "xno" ; then
2930                         AC_DEFINE(DISABLE_LASTLOG)
2931                 elif test -n "$withval"  &&  test "x${withval}" != "xyes"; then
2932                         conf_lastlog_location=$withval
2933                 fi
2934         ]
2935 )
2936
2937 dnl lastlog, [uw]tmpx? detection
2938 dnl  NOTE: set the paths in the platform section to avoid the
2939 dnl   need for command-line parameters
2940 dnl lastlog and [uw]tmp are subject to a file search if all else fails
2941
2942 dnl lastlog detection
2943 dnl  NOTE: the code itself will detect if lastlog is a directory
2944 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
2945 AC_TRY_COMPILE([
2946 #include <sys/types.h>
2947 #include <utmp.h>
2948 #ifdef HAVE_LASTLOG_H
2949 #  include <lastlog.h>
2950 #endif
2951 #ifdef HAVE_PATHS_H
2952 #  include <paths.h>
2953 #endif
2954 #ifdef HAVE_LOGIN_H
2955 # include <login.h>
2956 #endif
2957         ],
2958         [ char *lastlog = LASTLOG_FILE; ],
2959         [ AC_MSG_RESULT(yes) ],
2960         [
2961                 AC_MSG_RESULT(no)
2962                 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
2963                 AC_TRY_COMPILE([
2964 #include <sys/types.h>
2965 #include <utmp.h>
2966 #ifdef HAVE_LASTLOG_H
2967 #  include <lastlog.h>
2968 #endif
2969 #ifdef HAVE_PATHS_H
2970 #  include <paths.h>
2971 #endif
2972                 ],
2973                 [ char *lastlog = _PATH_LASTLOG; ],
2974                 [ AC_MSG_RESULT(yes) ],
2975                 [
2976                         AC_MSG_RESULT(no)
2977                         system_lastlog_path=no
2978                 ])
2979         ]
2980 )
2981
2982 if test -z "$conf_lastlog_location"; then
2983         if test x"$system_lastlog_path" = x"no" ; then
2984                 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
2985                                 if (test -d "$f" || test -f "$f") ; then
2986                                         conf_lastlog_location=$f
2987                                 fi
2988                 done
2989                 if test -z "$conf_lastlog_location"; then
2990                         AC_MSG_WARN([** Cannot find lastlog **])
2991                         dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
2992                 fi
2993         fi
2994 fi
2995
2996 if test -n "$conf_lastlog_location"; then
2997         AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2998 fi
2999
3000 dnl utmp detection
3001 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3002 AC_TRY_COMPILE([
3003 #include <sys/types.h>
3004 #include <utmp.h>
3005 #ifdef HAVE_PATHS_H
3006 #  include <paths.h>
3007 #endif
3008         ],
3009         [ char *utmp = UTMP_FILE; ],
3010         [ AC_MSG_RESULT(yes) ],
3011         [ AC_MSG_RESULT(no)
3012           system_utmp_path=no ]
3013 )
3014 if test -z "$conf_utmp_location"; then
3015         if test x"$system_utmp_path" = x"no" ; then
3016                 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3017                         if test -f $f ; then
3018                                 conf_utmp_location=$f
3019                         fi
3020                 done
3021                 if test -z "$conf_utmp_location"; then
3022                         AC_DEFINE(DISABLE_UTMP)
3023                 fi
3024         fi
3025 fi
3026 if test -n "$conf_utmp_location"; then
3027         AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3028 fi
3029
3030 dnl wtmp detection
3031 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3032 AC_TRY_COMPILE([
3033 #include <sys/types.h>
3034 #include <utmp.h>
3035 #ifdef HAVE_PATHS_H
3036 #  include <paths.h>
3037 #endif
3038         ],
3039         [ char *wtmp = WTMP_FILE; ],
3040         [ AC_MSG_RESULT(yes) ],
3041         [ AC_MSG_RESULT(no)
3042           system_wtmp_path=no ]
3043 )
3044 if test -z "$conf_wtmp_location"; then
3045         if test x"$system_wtmp_path" = x"no" ; then
3046                 for f in /usr/adm/wtmp /var/log/wtmp; do
3047                         if test -f $f ; then
3048                                 conf_wtmp_location=$f
3049                         fi
3050                 done
3051                 if test -z "$conf_wtmp_location"; then
3052                         AC_DEFINE(DISABLE_WTMP)
3053                 fi
3054         fi
3055 fi
3056 if test -n "$conf_wtmp_location"; then
3057         AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3058 fi
3059
3060
3061 dnl utmpx detection - I don't know any system so perverse as to require
3062 dnl  utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3063 dnl  there, though.
3064 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3065 AC_TRY_COMPILE([
3066 #include <sys/types.h>
3067 #include <utmp.h>
3068 #ifdef HAVE_UTMPX_H
3069 #include <utmpx.h>
3070 #endif
3071 #ifdef HAVE_PATHS_H
3072 #  include <paths.h>
3073 #endif
3074         ],
3075         [ char *utmpx = UTMPX_FILE; ],
3076         [ AC_MSG_RESULT(yes) ],
3077         [ AC_MSG_RESULT(no)
3078           system_utmpx_path=no ]
3079 )
3080 if test -z "$conf_utmpx_location"; then
3081         if test x"$system_utmpx_path" = x"no" ; then
3082                 AC_DEFINE(DISABLE_UTMPX)
3083         fi
3084 else
3085         AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3086 fi
3087
3088 dnl wtmpx detection
3089 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3090 AC_TRY_COMPILE([
3091 #include <sys/types.h>
3092 #include <utmp.h>
3093 #ifdef HAVE_UTMPX_H
3094 #include <utmpx.h>
3095 #endif
3096 #ifdef HAVE_PATHS_H
3097 #  include <paths.h>
3098 #endif
3099         ],
3100         [ char *wtmpx = WTMPX_FILE; ],
3101         [ AC_MSG_RESULT(yes) ],
3102         [ AC_MSG_RESULT(no)
3103           system_wtmpx_path=no ]
3104 )
3105 if test -z "$conf_wtmpx_location"; then
3106         if test x"$system_wtmpx_path" = x"no" ; then
3107                 AC_DEFINE(DISABLE_WTMPX)
3108         fi
3109 else
3110         AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3111 fi
3112
3113
3114 if test ! -z "$blibpath" ; then
3115         LDFLAGS="$LDFLAGS $blibflags$blibpath"
3116         AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3117 fi
3118
3119 dnl remove pam and dl because they are in $LIBPAM
3120 if test "$PAM_MSG" = yes ; then
3121         LIBS=`echo $LIBS | sed 's/-lpam //'`
3122 fi
3123 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3124         LIBS=`echo $LIBS | sed 's/-ldl //'`
3125 fi
3126
3127 AC_EXEEXT
3128 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3129         scard/Makefile ssh_prng_cmds survey.sh])
3130 AC_OUTPUT
3131
3132 # Print summary of options
3133
3134 # Someone please show me a better way :)
3135 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3136 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3137 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3138 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3139 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3140 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3141 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3142 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3143 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3144 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3145
3146 echo ""
3147 echo "OpenSSH has been configured with the following options:"
3148 echo "                     User binaries: $B"
3149 echo "                   System binaries: $C"
3150 echo "               Configuration files: $D"
3151 echo "                   Askpass program: $E"
3152 echo "                      Manual pages: $F"
3153 echo "                          PID file: $G"
3154 echo "  Privilege separation chroot path: $H"
3155 if test "x$external_path_file" = "x/etc/login.conf" ; then
3156 echo "   At runtime, sshd will use the path defined in $external_path_file"
3157 echo "   Make sure the path to scp is present, otherwise scp will not work"
3158 else
3159 echo "            sshd default user PATH: $I"
3160         if test ! -z "$external_path_file"; then
3161 echo "   (If PATH is set in $external_path_file it will be used instead. If"
3162 echo "   used, ensure the path to scp is present, otherwise scp will not work.)"
3163         fi
3164 fi
3165 if test ! -z "$superuser_path" ; then
3166 echo "          sshd superuser user PATH: $J"
3167 fi
3168 echo "                    Manpage format: $MANTYPE"
3169 echo "                       PAM support: $PAM_MSG"
3170 echo "                 KerberosV support: $KRB5_MSG"
3171 echo "                 Smartcard support: $SCARD_MSG"
3172 echo "                     S/KEY support: $SKEY_MSG"
3173 echo "              TCP Wrappers support: $TCPW_MSG"
3174 echo "              MD5 password support: $MD5_MSG"
3175 echo "                   libedit support: $LIBEDIT_MSG"
3176 echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3177 echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3178 echo "                  BSD Auth support: $BSD_AUTH_MSG"
3179 echo "              Random number source: $RAND_MSG"
3180 if test ! -z "$USE_RAND_HELPER" ; then
3181 echo "     ssh-rand-helper collects from: $RAND_HELPER_MSG"
3182 fi
3183
3184 echo ""
3185
3186 echo "              Host: ${host}"
3187 echo "          Compiler: ${CC}"
3188 echo "    Compiler flags: ${CFLAGS}"
3189 echo "Preprocessor flags: ${CPPFLAGS}"
3190 echo "      Linker flags: ${LDFLAGS}"
3191 echo "         Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3192
3193 echo ""
3194
3195 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3196         echo "SVR4 style packages are supported with \"make package\""
3197         echo ""
3198 fi
3199
3200 if test "x$PAM_MSG" = "xyes" ; then
3201         echo "PAM is enabled. You may need to install a PAM control file "
3202         echo "for sshd, otherwise password authentication may fail. "
3203         echo "Example PAM control files can be found in the contrib/ "
3204         echo "subdirectory"
3205         echo ""
3206 fi
3207
3208 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3209         echo "WARNING: you are using the builtin random number collection "
3210         echo "service. Please read WARNING.RNG and request that your OS "
3211         echo "vendor includes kernel-based random number collection in "
3212         echo "future versions of your OS."
3213         echo ""
3214 fi
3215
3216 if test ! -z "$NO_PEERCHECK" ; then
3217         echo "WARNING: the operating system that you are using does not "
3218         echo "appear to support either the getpeereid() API nor the "
3219         echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3220         echo "enforce security checks to prevent unauthorised connections to "
3221         echo "ssh-agent. Their absence increases the risk that a malicious "
3222         echo "user can connect to your agent. "
3223         echo ""
3224 fi
3225
3226 if test "$AUDIT_MODULE" = "bsm" ; then
3227         echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3228         echo "See the Solaris section in README.platform for details."
3229 fi
This page took 1.209852 seconds and 5 git commands to generate.