]> andersk Git - openssh.git/blob - configure.ac
- (dtucker) [configure.ac] The BSM header test needs time.h in some cases.
[openssh.git] / configure.ac
1 # $Id$
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
20
21 AC_CONFIG_HEADER(config.h)
22 AC_PROG_CC
23 AC_CANONICAL_HOST
24 AC_C_BIGENDIAN
25
26 # Checks for programs.
27 AC_PROG_AWK
28 AC_PROG_CPP
29 AC_PROG_RANLIB
30 AC_PROG_INSTALL
31 AC_PROG_EGREP
32 AC_PATH_PROG(AR, ar)
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
37 AC_SUBST(PERL)
38 AC_PATH_PROG(ENT, ent)
39 AC_SUBST(ENT)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43 AC_PATH_PROG(SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
45
46 dnl for buildpkg.sh
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48         [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50         [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53         AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54 else
55         AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56 fi
57
58 # System features
59 AC_SYS_LARGEFILE
60
61 if test -z "$AR" ; then
62         AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63 fi
64
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67         AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68                 [If your header files don't define LOGIN_PROGRAM,
69                 then use this (detected) from environment and PATH])
70 else
71         # Search for login
72         AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73         if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74                 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75         fi
76 fi
77
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80         AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81                 [Full path of your "passwd" program])
82 fi
83
84 if test -z "$LD" ; then
85         LD=$CC
86 fi
87 AC_SUBST(LD)
88
89 AC_C_INLINE
90
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94         CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95         GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
96         case $GCC_VER in
97                 1.*) ;;
98                 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99                 2.*) ;;
100                 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101                 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
102                 *) ;;
103         esac
104
105         if test -z "$have_llong_max"; then
106                 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107                 unset ac_cv_have_decl_LLONG_MAX
108                 saved_CFLAGS="$CFLAGS"
109                 CFLAGS="$CFLAGS -std=gnu99"
110                 AC_CHECK_DECL(LLONG_MAX,
111                     [have_llong_max=1],
112                     [CFLAGS="$saved_CFLAGS"],
113                     [#include <limits.h>]
114                 )
115         fi
116 fi
117
118 AC_ARG_WITH(rpath,
119         [  --without-rpath         Disable auto-added -R linker paths],
120         [
121                 if test "x$withval" = "xno" ; then
122                         need_dash_r=""
123                 fi
124                 if test "x$withval" = "xyes" ; then
125                         need_dash_r=1
126                 fi
127         ]
128 )
129
130 # Messages for features tested for in target-specific section
131 SIA_MSG="no"
132 SPC_MSG="no"
133
134 # Check for some target-specific stuff
135 case "$host" in
136 *-*-aix*)
137         AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
138         if (test -z "$blibpath"); then
139                 blibpath="/usr/lib:/lib"
140         fi
141         saved_LDFLAGS="$LDFLAGS"
142         if test "$GCC" = "yes"; then
143                 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
144         else
145                 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
146         fi
147         for tryflags in $flags ;do
148                 if (test -z "$blibflags"); then
149                         LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
150                         AC_TRY_LINK([], [], [blibflags=$tryflags])
151                 fi
152         done
153         if (test -z "$blibflags"); then
154                 AC_MSG_RESULT(not found)
155                 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
156         else
157                 AC_MSG_RESULT($blibflags)
158         fi
159         LDFLAGS="$saved_LDFLAGS"
160         dnl Check for authenticate.  Might be in libs.a on older AIXes
161         AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
162                 [Define if you want to enable AIX4's authenticate function])],
163                 [AC_CHECK_LIB(s,authenticate,
164                         [ AC_DEFINE(WITH_AIXAUTHENTICATE)
165                                 LIBS="$LIBS -ls"
166                         ])
167                 ])
168         dnl Check for various auth function declarations in headers.
169         AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
170             passwdexpired, setauthdb], , , [#include <usersec.h>])
171         dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
172         AC_CHECK_DECLS(loginfailed,
173                  [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
174                   AC_TRY_COMPILE(
175                         [#include <usersec.h>],
176                         [(void)loginfailed("user","host","tty",0);],
177                         [AC_MSG_RESULT(yes)
178                          AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
179                                 [Define if your AIX loginfailed() function
180                                 takes 4 arguments (AIX >= 5.2)])],
181                         [AC_MSG_RESULT(no)]
182                 )],
183                 [],
184                 [#include <usersec.h>]
185         )
186         AC_CHECK_FUNCS(setauthdb)
187         AC_CHECK_DECL(F_CLOSEM,
188             AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
189             [],
190             [ #include <limits.h>
191               #include <fcntl.h> ]
192         )
193         check_for_aix_broken_getaddrinfo=1
194         AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
195         AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
196             [Define if your platform breaks doing a seteuid before a setuid])
197         AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
198         AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
199         dnl AIX handles lastlog as part of its login message
200         AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
201         AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
202                 [Some systems need a utmpx entry for /bin/login to work])
203         AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
204                 [Define to a Set Process Title type if your system is
205                 supported by bsd-setproctitle.c])
206         AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
207             [AIX 5.2 and 5.3 (and presumably newer) require this])
208         AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
209         ;;
210 *-*-cygwin*)
211         check_for_libcrypt_later=1
212         LIBS="$LIBS /usr/lib/textmode.o"
213         AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
214         AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
215         AC_DEFINE(DISABLE_SHADOW, 1,
216                 [Define if you want to disable shadow passwords])
217         AC_DEFINE(IP_TOS_IS_BROKEN, 1,
218                 [Define if your system choked on IP TOS setting])
219         AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
220                 [Define if X11 doesn't support AF_UNIX sockets on that system])
221         AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
222                 [Define if the concept of ports only accessible to
223                 superusers isn't known])
224         AC_DEFINE(DISABLE_FD_PASSING, 1,
225                 [Define if your platform needs to skip post auth
226                 file descriptor passing])
227         ;;
228 *-*-dgux*)
229         AC_DEFINE(IP_TOS_IS_BROKEN)
230         AC_DEFINE(SETEUID_BREAKS_SETUID)
231         AC_DEFINE(BROKEN_SETREUID)
232         AC_DEFINE(BROKEN_SETREGID)
233         ;;
234 *-*-darwin*)
235         AC_MSG_CHECKING(if we have working getaddrinfo)
236         AC_TRY_RUN([#include <mach-o/dyld.h>
237 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
238                 exit(0);
239         else
240                 exit(1);
241 }], [AC_MSG_RESULT(working)],
242         [AC_MSG_RESULT(buggy)
243         AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
244         [AC_MSG_RESULT(assume it is working)])
245         AC_DEFINE(SETEUID_BREAKS_SETUID)
246         AC_DEFINE(BROKEN_SETREUID)
247         AC_DEFINE(BROKEN_SETREGID)
248         AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
249                 [Define if your resolver libs need this for getrrsetbyname])
250         AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
251         AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
252             [Use tunnel device compatibility to OpenBSD])
253         AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
254             [Prepend the address family to IP tunnel traffic])
255         ;;
256 *-*-hpux*)
257         # first we define all of the options common to all HP-UX releases
258         CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
259         IPADDR_IN_DISPLAY=yes
260         AC_DEFINE(USE_PIPES)
261         AC_DEFINE(LOGIN_NO_ENDOPT, 1,
262             [Define if your login program cannot handle end of options ("--")])
263         AC_DEFINE(LOGIN_NEEDS_UTMPX)
264         AC_DEFINE(LOCKED_PASSWD_STRING, "*",
265                 [String used in /etc/passwd to denote locked account])
266         AC_DEFINE(SPT_TYPE,SPT_PSTAT)
267         MAIL="/var/mail/username"
268         LIBS="$LIBS -lsec"
269         AC_CHECK_LIB(xnet, t_error, ,
270             AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
271
272         # next, we define all of the options specific to major releases
273         case "$host" in
274         *-*-hpux10*)
275                 if test -z "$GCC"; then
276                         CFLAGS="$CFLAGS -Ae"
277                 fi
278                 ;;
279         *-*-hpux11*)
280                 AC_DEFINE(PAM_SUN_CODEBASE, 1,
281                         [Define if you are using Solaris-derived PAM which
282                         passes pam_messages to the conversation function
283                         with an extra level of indirection])
284                 AC_DEFINE(DISABLE_UTMP, 1,
285                         [Define if you don't want to use utmp])
286                 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
287                 check_for_hpux_broken_getaddrinfo=1
288                 check_for_conflicting_getspnam=1
289                 ;;
290         esac
291
292         # lastly, we define options specific to minor releases
293         case "$host" in
294         *-*-hpux10.26)
295                 AC_DEFINE(HAVE_SECUREWARE, 1,
296                         [Define if you have SecureWare-based
297                         protected password database])
298                 disable_ptmx_check=yes
299                 LIBS="$LIBS -lsecpw"
300                 ;;
301         esac
302         ;;
303 *-*-irix5*)
304         PATH="$PATH:/usr/etc"
305         AC_DEFINE(BROKEN_INET_NTOA, 1,
306                 [Define if you system's inet_ntoa is busted
307                 (e.g. Irix gcc issue)])
308         AC_DEFINE(SETEUID_BREAKS_SETUID)
309         AC_DEFINE(BROKEN_SETREUID)
310         AC_DEFINE(BROKEN_SETREGID)
311         AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
312                 [Define if you shouldn't strip 'tty' from your
313                 ttyname in [uw]tmp])
314         AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
315         ;;
316 *-*-irix6*)
317         PATH="$PATH:/usr/etc"
318         AC_DEFINE(WITH_IRIX_ARRAY, 1,
319                 [Define if you have/want arrays
320                 (cluster-wide session managment, not C arrays)])
321         AC_DEFINE(WITH_IRIX_PROJECT, 1,
322                 [Define if you want IRIX project management])
323         AC_DEFINE(WITH_IRIX_AUDIT, 1,
324                 [Define if you want IRIX audit trails])
325         AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
326                 [Define if you want IRIX kernel jobs])])
327         AC_DEFINE(BROKEN_INET_NTOA)
328         AC_DEFINE(SETEUID_BREAKS_SETUID)
329         AC_DEFINE(BROKEN_SETREUID)
330         AC_DEFINE(BROKEN_SETREGID)
331         AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
332         AC_DEFINE(WITH_ABBREV_NO_TTY)
333         AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
334         ;;
335 *-*-linux*)
336         no_dev_ptmx=1
337         check_for_libcrypt_later=1
338         check_for_openpty_ctty_bug=1
339         AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
340         AC_DEFINE(PAM_TTY_KLUDGE, 1,
341                 [Work around problematic Linux PAM modules handling of PAM_TTY])
342         AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
343                 [String used in /etc/passwd to denote locked account])
344         AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
345         AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
346                 [Define to whatever link() returns for "not supported"
347                 if it doesn't return EOPNOTSUPP.])
348         AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
349         AC_DEFINE(USE_BTMP)
350         inet6_default_4in6=yes
351         case `uname -r` in
352         1.*|2.0.*)
353                 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
354                         [Define if cmsg_type is not passed correctly])
355                 ;;
356         esac
357         # tun(4) forwarding compat code
358         AC_CHECK_HEADERS(linux/if_tun.h)
359         if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
360                 AC_DEFINE(SSH_TUN_LINUX, 1,
361                     [Open tunnel devices the Linux tun/tap way])
362                 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
363                     [Use tunnel device compatibility to OpenBSD])
364                 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
365                     [Prepend the address family to IP tunnel traffic])
366         fi
367         ;;
368 mips-sony-bsd|mips-sony-newsos4)
369         AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
370         SONY=1
371         ;;
372 *-*-netbsd*)
373         check_for_libcrypt_before=1
374         if test "x$withval" != "xno" ; then
375                 need_dash_r=1
376         fi
377         AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
378         AC_CHECK_HEADER([net/if_tap.h], ,
379             AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
380         AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
381             [Prepend the address family to IP tunnel traffic])
382         ;;
383 *-*-freebsd*)
384         check_for_libcrypt_later=1
385         AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
386         AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
387         AC_CHECK_HEADER([net/if_tap.h], ,
388             AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
389         ;;
390 *-*-bsdi*)
391         AC_DEFINE(SETEUID_BREAKS_SETUID)
392         AC_DEFINE(BROKEN_SETREUID)
393         AC_DEFINE(BROKEN_SETREGID)
394         ;;
395 *-next-*)
396         conf_lastlog_location="/usr/adm/lastlog"
397         conf_utmp_location=/etc/utmp
398         conf_wtmp_location=/usr/adm/wtmp
399         MAIL=/usr/spool/mail
400         AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
401         AC_DEFINE(BROKEN_REALPATH)
402         AC_DEFINE(USE_PIPES)
403         AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
404         ;;
405 *-*-openbsd*)
406         AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
407         AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
408         AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
409         AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
410             [syslog_r function is safe to use in in a signal handler])
411         ;;
412 *-*-solaris*)
413         if test "x$withval" != "xno" ; then
414                 need_dash_r=1
415         fi
416         AC_DEFINE(PAM_SUN_CODEBASE)
417         AC_DEFINE(LOGIN_NEEDS_UTMPX)
418         AC_DEFINE(LOGIN_NEEDS_TERM, 1,
419                 [Some versions of /bin/login need the TERM supplied
420                 on the commandline])
421         AC_DEFINE(PAM_TTY_KLUDGE)
422         AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
423                 [Define if pam_chauthtok wants real uid set
424                 to the unpriv'ed user])
425         AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
426         # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
427         AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
428                 [Define if sshd somehow reacquires a controlling TTY
429                 after setsid()])
430         AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
431                 in case the name is longer than 8 chars])
432         external_path_file=/etc/default/login
433         # hardwire lastlog location (can't detect it on some versions)
434         conf_lastlog_location="/var/adm/lastlog"
435         AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
436         sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
437         if test "$sol2ver" -ge 8; then
438                 AC_MSG_RESULT(yes)
439                 AC_DEFINE(DISABLE_UTMP)
440                 AC_DEFINE(DISABLE_WTMP, 1,
441                         [Define if you don't want to use wtmp])
442         else
443                 AC_MSG_RESULT(no)
444         fi
445         AC_ARG_WITH(solaris-contracts,
446                 [  --with-solaris-contracts Enable Solaris process contracts (experimental)],
447                 [
448                 AC_CHECK_LIB(contract, ct_tmpl_activate,
449                         [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
450                                 [Define if you have Solaris process contracts])
451                           SSHDLIBS="$SSHDLIBS -lcontract"
452                           AC_SUBST(SSHDLIBS)
453                           SPC_MSG="yes" ], )
454                 ],
455         )
456         ;;
457 *-*-sunos4*)
458         CPPFLAGS="$CPPFLAGS -DSUNOS4"
459         AC_CHECK_FUNCS(getpwanam)
460         AC_DEFINE(PAM_SUN_CODEBASE)
461         conf_utmp_location=/etc/utmp
462         conf_wtmp_location=/var/adm/wtmp
463         conf_lastlog_location=/var/adm/lastlog
464         AC_DEFINE(USE_PIPES)
465         ;;
466 *-ncr-sysv*)
467         LIBS="$LIBS -lc89"
468         AC_DEFINE(USE_PIPES)
469         AC_DEFINE(SSHD_ACQUIRES_CTTY)
470         AC_DEFINE(SETEUID_BREAKS_SETUID)
471         AC_DEFINE(BROKEN_SETREUID)
472         AC_DEFINE(BROKEN_SETREGID)
473         ;;
474 *-sni-sysv*)
475         # /usr/ucblib MUST NOT be searched on ReliantUNIX
476         AC_CHECK_LIB(dl, dlsym, ,)
477         # -lresolv needs to be at the end of LIBS or DNS lookups break
478         AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
479         IPADDR_IN_DISPLAY=yes
480         AC_DEFINE(USE_PIPES)
481         AC_DEFINE(IP_TOS_IS_BROKEN)
482         AC_DEFINE(SETEUID_BREAKS_SETUID)
483         AC_DEFINE(BROKEN_SETREUID)
484         AC_DEFINE(BROKEN_SETREGID)
485         AC_DEFINE(SSHD_ACQUIRES_CTTY)
486         external_path_file=/etc/default/login
487         # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
488         # Attention: always take care to bind libsocket and libnsl before libc,
489         # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
490         ;;
491 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
492 *-*-sysv4.2*)
493         CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
494         AC_DEFINE(USE_PIPES)
495         AC_DEFINE(SETEUID_BREAKS_SETUID)
496         AC_DEFINE(BROKEN_SETREUID)
497         AC_DEFINE(BROKEN_SETREGID)
498         AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
499         AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
500         ;;
501 # UnixWare 7.x, OpenUNIX 8
502 *-*-sysv5*)
503         check_for_libcrypt_later=1
504         AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
505         AC_DEFINE(USE_PIPES)
506         AC_DEFINE(SETEUID_BREAKS_SETUID)
507         AC_DEFINE(BROKEN_SETREUID)
508         AC_DEFINE(BROKEN_SETREGID)
509         AC_DEFINE(PASSWD_NEEDS_USERNAME)
510         case "$host" in
511         *-*-sysv5SCO_SV*)       # SCO OpenServer 6.x
512                 TEST_SHELL=/u95/bin/sh
513                 AC_DEFINE(BROKEN_LIBIAF, 1,
514                         [ia_uinfo routines not supported by OS yet])
515                 AC_DEFINE(BROKEN_UPDWTMPX)
516                 ;;
517         *)      AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
518                 ;;
519         esac
520         ;;
521 *-*-sysv*)
522         ;;
523 # SCO UNIX and OEM versions of SCO UNIX
524 *-*-sco3.2v4*)
525         AC_MSG_ERROR("This Platform is no longer supported.")
526         ;;
527 # SCO OpenServer 5.x
528 *-*-sco3.2v5*)
529         if test -z "$GCC"; then
530                 CFLAGS="$CFLAGS -belf"
531         fi
532         LIBS="$LIBS -lprot -lx -ltinfo -lm"
533         no_dev_ptmx=1
534         AC_DEFINE(USE_PIPES)
535         AC_DEFINE(HAVE_SECUREWARE)
536         AC_DEFINE(DISABLE_SHADOW)
537         AC_DEFINE(DISABLE_FD_PASSING)
538         AC_DEFINE(SETEUID_BREAKS_SETUID)
539         AC_DEFINE(BROKEN_SETREUID)
540         AC_DEFINE(BROKEN_SETREGID)
541         AC_DEFINE(WITH_ABBREV_NO_TTY)
542         AC_DEFINE(BROKEN_UPDWTMPX)
543         AC_DEFINE(PASSWD_NEEDS_USERNAME)
544         AC_CHECK_FUNCS(getluid setluid)
545         MANTYPE=man
546         TEST_SHELL=ksh
547         ;;
548 *-*-unicosmk*)
549         AC_DEFINE(NO_SSH_LASTLOG, 1,
550                 [Define if you don't want to use lastlog in session.c])
551         AC_DEFINE(SETEUID_BREAKS_SETUID)
552         AC_DEFINE(BROKEN_SETREUID)
553         AC_DEFINE(BROKEN_SETREGID)
554         AC_DEFINE(USE_PIPES)
555         AC_DEFINE(DISABLE_FD_PASSING)
556         LDFLAGS="$LDFLAGS"
557         LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
558         MANTYPE=cat
559         ;;
560 *-*-unicosmp*)
561         AC_DEFINE(SETEUID_BREAKS_SETUID)
562         AC_DEFINE(BROKEN_SETREUID)
563         AC_DEFINE(BROKEN_SETREGID)
564         AC_DEFINE(WITH_ABBREV_NO_TTY)
565         AC_DEFINE(USE_PIPES)
566         AC_DEFINE(DISABLE_FD_PASSING)
567         LDFLAGS="$LDFLAGS"
568         LIBS="$LIBS -lgen -lacid -ldb"
569         MANTYPE=cat
570         ;;
571 *-*-unicos*)
572         AC_DEFINE(SETEUID_BREAKS_SETUID)
573         AC_DEFINE(BROKEN_SETREUID)
574         AC_DEFINE(BROKEN_SETREGID)
575         AC_DEFINE(USE_PIPES)
576         AC_DEFINE(DISABLE_FD_PASSING)
577         AC_DEFINE(NO_SSH_LASTLOG)
578         LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
579         LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
580         MANTYPE=cat
581         ;;
582 *-dec-osf*)
583         AC_MSG_CHECKING(for Digital Unix SIA)
584         no_osfsia=""
585         AC_ARG_WITH(osfsia,
586                 [  --with-osfsia           Enable Digital Unix SIA],
587                 [
588                         if test "x$withval" = "xno" ; then
589                                 AC_MSG_RESULT(disabled)
590                                 no_osfsia=1
591                         fi
592                 ],
593         )
594         if test -z "$no_osfsia" ; then
595                 if test -f /etc/sia/matrix.conf; then
596                         AC_MSG_RESULT(yes)
597                         AC_DEFINE(HAVE_OSF_SIA, 1,
598                                 [Define if you have Digital Unix Security
599                                 Integration Architecture])
600                         AC_DEFINE(DISABLE_LOGIN, 1,
601                                 [Define if you don't want to use your
602                                 system's login() call])
603                         AC_DEFINE(DISABLE_FD_PASSING)
604                         LIBS="$LIBS -lsecurity -ldb -lm -laud"
605                         SIA_MSG="yes"
606                 else
607                         AC_MSG_RESULT(no)
608                         AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
609                           [String used in /etc/passwd to denote locked account])
610                 fi
611         fi
612         AC_DEFINE(BROKEN_GETADDRINFO)
613         AC_DEFINE(SETEUID_BREAKS_SETUID)
614         AC_DEFINE(BROKEN_SETREUID)
615         AC_DEFINE(BROKEN_SETREGID)
616         ;;
617
618 *-*-nto-qnx*)
619         AC_DEFINE(USE_PIPES)
620         AC_DEFINE(NO_X11_UNIX_SOCKETS)
621         AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
622         AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
623         AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
624         AC_DEFINE(DISABLE_LASTLOG)
625         AC_DEFINE(SSHD_ACQUIRES_CTTY)
626         enable_etc_default_login=no     # has incompatible /etc/default/login
627         ;;
628
629 *-*-ultrix*)
630         AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
631         AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
632         AC_DEFINE(NEED_SETPGRP)
633         AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
634         ;;
635
636 *-*-lynxos)
637         CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
638         AC_DEFINE(MISSING_HOWMANY)
639         AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
640         ;;
641 esac
642
643 # Allow user to specify flags
644 AC_ARG_WITH(cflags,
645         [  --with-cflags           Specify additional flags to pass to compiler],
646         [
647                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
648                     test "x${withval}" != "xyes"; then
649                         CFLAGS="$CFLAGS $withval"
650                 fi
651         ]
652 )
653 AC_ARG_WITH(cppflags,
654         [  --with-cppflags         Specify additional flags to pass to preprocessor] ,
655         [
656                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
657                     test "x${withval}" != "xyes"; then
658                         CPPFLAGS="$CPPFLAGS $withval"
659                 fi
660         ]
661 )
662 AC_ARG_WITH(ldflags,
663         [  --with-ldflags          Specify additional flags to pass to linker],
664         [
665                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
666                     test "x${withval}" != "xyes"; then
667                         LDFLAGS="$LDFLAGS $withval"
668                 fi
669         ]
670 )
671 AC_ARG_WITH(libs,
672         [  --with-libs             Specify additional libraries to link with],
673         [
674                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
675                     test "x${withval}" != "xyes"; then
676                         LIBS="$LIBS $withval"
677                 fi
678         ]
679 )
680 AC_ARG_WITH(Werror,
681         [  --with-Werror           Build main code with -Werror],
682         [
683                 if test -n "$withval"  &&  test "x$withval" != "xno"; then
684                         werror_flags="-Werror"
685                         if test "x${withval}" != "xyes"; then
686                                 werror_flags="$withval"
687                         fi
688                 fi
689         ]
690 )
691
692 AC_MSG_CHECKING(compiler and flags for sanity)
693 AC_RUN_IFELSE(
694         [AC_LANG_SOURCE([
695 #include <stdio.h>
696 int main(){exit(0);}
697         ])],
698         [       AC_MSG_RESULT(yes) ],
699         [
700                 AC_MSG_RESULT(no)
701                 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
702         ],
703         [       AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
704 )
705
706 dnl Checks for header files.
707 AC_CHECK_HEADERS( \
708         bstring.h \
709         crypt.h \
710         crypto/sha2.h \
711         dirent.h \
712         endian.h \
713         features.h \
714         fcntl.h \
715         floatingpoint.h \
716         getopt.h \
717         glob.h \
718         ia.h \
719         iaf.h \
720         limits.h \
721         login.h \
722         maillock.h \
723         ndir.h \
724         net/if_tun.h \
725         netdb.h \
726         netgroup.h \
727         pam/pam_appl.h \
728         paths.h \
729         pty.h \
730         readpassphrase.h \
731         rpc/types.h \
732         security/pam_appl.h \
733         sha2.h \
734         shadow.h \
735         stddef.h \
736         stdint.h \
737         string.h \
738         strings.h \
739         sys/audit.h \
740         sys/bitypes.h \
741         sys/bsdtty.h \
742         sys/cdefs.h \
743         sys/dir.h \
744         sys/mman.h \
745         sys/ndir.h \
746         sys/prctl.h \
747         sys/pstat.h \
748         sys/select.h \
749         sys/stat.h \
750         sys/stream.h \
751         sys/stropts.h \
752         sys/strtio.h \
753         sys/sysmacros.h \
754         sys/time.h \
755         sys/timers.h \
756         sys/un.h \
757         time.h \
758         tmpdir.h \
759         ttyent.h \
760         unistd.h \
761         usersec.h \
762         util.h \
763         utime.h \
764         utmp.h \
765         utmpx.h \
766         vis.h \
767 )
768
769 # lastlog.h requires sys/time.h to be included first on Solaris
770 AC_CHECK_HEADERS(lastlog.h, [], [], [
771 #ifdef HAVE_SYS_TIME_H
772 # include <sys/time.h>
773 #endif
774 ])
775
776 # sys/ptms.h requires sys/stream.h to be included first on Solaris
777 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
778 #ifdef HAVE_SYS_STREAM_H
779 # include <sys/stream.h>
780 #endif
781 ])
782
783 # login_cap.h requires sys/types.h on NetBSD
784 AC_CHECK_HEADERS(login_cap.h, [], [], [
785 #include <sys/types.h>
786 ])
787
788 # Checks for libraries.
789 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
790 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
791
792 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
793 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
794         AC_CHECK_LIB(gen, dirname,[
795                 AC_CACHE_CHECK([for broken dirname],
796                         ac_cv_have_broken_dirname, [
797                         save_LIBS="$LIBS"
798                         LIBS="$LIBS -lgen"
799                         AC_RUN_IFELSE(
800                                 [AC_LANG_SOURCE([[
801 #include <libgen.h>
802 #include <string.h>
803
804 int main(int argc, char **argv) {
805     char *s, buf[32];
806
807     strncpy(buf,"/etc", 32);
808     s = dirname(buf);
809     if (!s || strncmp(s, "/", 32) != 0) {
810         exit(1);
811     } else {
812         exit(0);
813     }
814 }
815                                 ]])],
816                                 [ ac_cv_have_broken_dirname="no" ],
817                                 [ ac_cv_have_broken_dirname="yes" ],
818                                 [ ac_cv_have_broken_dirname="no" ],
819                         )
820                         LIBS="$save_LIBS"
821                 ])
822                 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
823                         LIBS="$LIBS -lgen"
824                         AC_DEFINE(HAVE_DIRNAME)
825                         AC_CHECK_HEADERS(libgen.h)
826                 fi
827         ])
828 ])
829
830 AC_CHECK_FUNC(getspnam, ,
831         AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
832 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
833         [Define if you have the basename function.]))
834
835 dnl zlib is required
836 AC_ARG_WITH(zlib,
837         [  --with-zlib=PATH        Use zlib in PATH],
838         [ if test "x$withval" = "xno" ; then
839                 AC_MSG_ERROR([*** zlib is required ***])
840           elif test "x$withval" != "xyes"; then
841                 if test -d "$withval/lib"; then
842                         if test -n "${need_dash_r}"; then
843                                 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
844                         else
845                                 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
846                         fi
847                 else
848                         if test -n "${need_dash_r}"; then
849                                 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
850                         else
851                                 LDFLAGS="-L${withval} ${LDFLAGS}"
852                         fi
853                 fi
854                 if test -d "$withval/include"; then
855                         CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
856                 else
857                         CPPFLAGS="-I${withval} ${CPPFLAGS}"
858                 fi
859         fi ]
860 )
861
862 AC_CHECK_LIB(z, deflate, ,
863         [
864                 saved_CPPFLAGS="$CPPFLAGS"
865                 saved_LDFLAGS="$LDFLAGS"
866                 save_LIBS="$LIBS"
867                 dnl Check default zlib install dir
868                 if test -n "${need_dash_r}"; then
869                         LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
870                 else
871                         LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
872                 fi
873                 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
874                 LIBS="$LIBS -lz"
875                 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
876                         [
877                                 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
878                         ]
879                 )
880         ]
881 )
882 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
883
884 AC_ARG_WITH(zlib-version-check,
885         [  --without-zlib-version-check Disable zlib version check],
886         [  if test "x$withval" = "xno" ; then
887                 zlib_check_nonfatal=1
888            fi
889         ]
890 )
891
892 AC_MSG_CHECKING(for possibly buggy zlib)
893 AC_RUN_IFELSE([AC_LANG_SOURCE([[
894 #include <stdio.h>
895 #include <zlib.h>
896 int main()
897 {
898         int a=0, b=0, c=0, d=0, n, v;
899         n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
900         if (n != 3 && n != 4)
901                 exit(1);
902         v = a*1000000 + b*10000 + c*100 + d;
903         fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
904
905         /* 1.1.4 is OK */
906         if (a == 1 && b == 1 && c >= 4)
907                 exit(0);
908
909         /* 1.2.3 and up are OK */
910         if (v >= 1020300)
911                 exit(0);
912
913         exit(2);
914 }
915         ]])],
916         AC_MSG_RESULT(no),
917         [ AC_MSG_RESULT(yes)
918           if test -z "$zlib_check_nonfatal" ; then
919                 AC_MSG_ERROR([*** zlib too old - check config.log ***
920 Your reported zlib version has known security problems.  It's possible your
921 vendor has fixed these problems without changing the version number.  If you
922 are sure this is the case, you can disable the check by running
923 "./configure --without-zlib-version-check".
924 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
925 See http://www.gzip.org/zlib/ for details.])
926           else
927                 AC_MSG_WARN([zlib version may have security problems])
928           fi
929         ],
930         [       AC_MSG_WARN([cross compiling: not checking zlib version]) ]
931 )
932
933 dnl UnixWare 2.x
934 AC_CHECK_FUNC(strcasecmp,
935         [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
936 )
937 AC_CHECK_FUNCS(utimes,
938         [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
939                                         LIBS="$LIBS -lc89"]) ]
940 )
941
942 dnl    Checks for libutil functions
943 AC_CHECK_HEADERS(libutil.h)
944 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
945         [Define if your libraries define login()])])
946 AC_CHECK_FUNCS(logout updwtmp logwtmp)
947
948 AC_FUNC_STRFTIME
949
950 # Check for ALTDIRFUNC glob() extension
951 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
952 AC_EGREP_CPP(FOUNDIT,
953         [
954                 #include <glob.h>
955                 #ifdef GLOB_ALTDIRFUNC
956                 FOUNDIT
957                 #endif
958         ],
959         [
960                 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
961                         [Define if your system glob() function has
962                         the GLOB_ALTDIRFUNC extension])
963                 AC_MSG_RESULT(yes)
964         ],
965         [
966                 AC_MSG_RESULT(no)
967         ]
968 )
969
970 # Check for g.gl_matchc glob() extension
971 AC_MSG_CHECKING(for gl_matchc field in glob_t)
972 AC_TRY_COMPILE(
973         [ #include <glob.h> ],
974         [glob_t g; g.gl_matchc = 1;],
975         [
976                 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
977                         [Define if your system glob() function has
978                         gl_matchc options in glob_t])
979                 AC_MSG_RESULT(yes)
980         ],
981         [
982                 AC_MSG_RESULT(no)
983         ]
984 )
985
986 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
987
988 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
989 AC_RUN_IFELSE(
990         [AC_LANG_SOURCE([[
991 #include <sys/types.h>
992 #include <dirent.h>
993 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
994         ]])],
995         [AC_MSG_RESULT(yes)],
996         [
997                 AC_MSG_RESULT(no)
998                 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
999                         [Define if your struct dirent expects you to
1000                         allocate extra space for d_name])
1001         ],
1002         [
1003                 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1004                 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1005         ]
1006 )
1007
1008 AC_MSG_CHECKING([for /proc/pid/fd directory])
1009 if test -d "/proc/$$/fd" ; then
1010         AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1011         AC_MSG_RESULT(yes)
1012 else
1013         AC_MSG_RESULT(no)
1014 fi
1015
1016 # Check whether user wants S/Key support
1017 SKEY_MSG="no"
1018 AC_ARG_WITH(skey,
1019         [  --with-skey[[=PATH]]      Enable S/Key support (optionally in PATH)],
1020         [
1021                 if test "x$withval" != "xno" ; then
1022
1023                         if test "x$withval" != "xyes" ; then
1024                                 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1025                                 LDFLAGS="$LDFLAGS -L${withval}/lib"
1026                         fi
1027
1028                         AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1029                         LIBS="-lskey $LIBS"
1030                         SKEY_MSG="yes"
1031
1032                         AC_MSG_CHECKING([for s/key support])
1033                         AC_LINK_IFELSE(
1034                                 [AC_LANG_SOURCE([[
1035 #include <stdio.h>
1036 #include <skey.h>
1037 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1038                                 ]])],
1039                                 [AC_MSG_RESULT(yes)],
1040                                 [
1041                                         AC_MSG_RESULT(no)
1042                                         AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1043                                 ])
1044                         AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1045                         AC_TRY_COMPILE(
1046                                 [#include <stdio.h>
1047                                  #include <skey.h>],
1048                                 [(void)skeychallenge(NULL,"name","",0);],
1049                                 [AC_MSG_RESULT(yes)
1050                                  AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1051                                         [Define if your skeychallenge()
1052                                         function takes 4 arguments (NetBSD)])],
1053                                 [AC_MSG_RESULT(no)]
1054                         )
1055                 fi
1056         ]
1057 )
1058
1059 # Check whether user wants TCP wrappers support
1060 TCPW_MSG="no"
1061 AC_ARG_WITH(tcp-wrappers,
1062         [  --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1063         [
1064                 if test "x$withval" != "xno" ; then
1065                         saved_LIBS="$LIBS"
1066                         saved_LDFLAGS="$LDFLAGS"
1067                         saved_CPPFLAGS="$CPPFLAGS"
1068                         if test -n "${withval}" && \
1069                             test "x${withval}" != "xyes"; then
1070                                 if test -d "${withval}/lib"; then
1071                                         if test -n "${need_dash_r}"; then
1072                                                 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1073                                         else
1074                                                 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1075                                         fi
1076                                 else
1077                                         if test -n "${need_dash_r}"; then
1078                                                 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1079                                         else
1080                                                 LDFLAGS="-L${withval} ${LDFLAGS}"
1081                                         fi
1082                                 fi
1083                                 if test -d "${withval}/include"; then
1084                                         CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1085                                 else
1086                                         CPPFLAGS="-I${withval} ${CPPFLAGS}"
1087                                 fi
1088                         fi
1089                         LIBWRAP="-lwrap"
1090                         LIBS="$LIBWRAP $LIBS"
1091                         AC_MSG_CHECKING(for libwrap)
1092                         AC_TRY_LINK(
1093                                 [
1094 #include <sys/types.h>
1095 #include <sys/socket.h>
1096 #include <netinet/in.h>
1097 #include <tcpd.h>
1098                                         int deny_severity = 0, allow_severity = 0;
1099                                 ],
1100                                 [hosts_access(0);],
1101                                 [
1102                                         AC_MSG_RESULT(yes)
1103                                         AC_DEFINE(LIBWRAP, 1,
1104                                                 [Define if you want
1105                                                 TCP Wrappers support])
1106                                         AC_SUBST(LIBWRAP)
1107                                         TCPW_MSG="yes"
1108                                 ],
1109                                 [
1110                                         AC_MSG_ERROR([*** libwrap missing])
1111                                 ]
1112                         )
1113                         LIBS="$saved_LIBS"
1114                 fi
1115         ]
1116 )
1117
1118 # Check whether user wants libedit support
1119 LIBEDIT_MSG="no"
1120 AC_ARG_WITH(libedit,
1121         [  --with-libedit[[=PATH]]   Enable libedit support for sftp],
1122         [ if test "x$withval" != "xno" ; then
1123                 if test "x$withval" != "xyes"; then
1124                         CPPFLAGS="$CPPFLAGS -I${withval}/include"
1125                         if test -n "${need_dash_r}"; then
1126                                 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1127                         else
1128                                 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1129                         fi
1130                 fi
1131                 AC_CHECK_LIB(edit, el_init,
1132                         [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1133                           LIBEDIT="-ledit -lcurses"
1134                           LIBEDIT_MSG="yes"
1135                           AC_SUBST(LIBEDIT)
1136                         ],
1137                         [ AC_MSG_ERROR(libedit not found) ],
1138                         [ -lcurses ]
1139                 )
1140                 AC_MSG_CHECKING(if libedit version is compatible)
1141                 AC_COMPILE_IFELSE(
1142                     [AC_LANG_SOURCE([[
1143 #include <histedit.h>
1144 int main(void)
1145 {
1146         int i = H_SETSIZE;
1147         el_init("", NULL, NULL, NULL);
1148         exit(0);
1149 }
1150                     ]])],
1151                     [ AC_MSG_RESULT(yes) ],
1152                     [ AC_MSG_RESULT(no)
1153                       AC_MSG_ERROR(libedit version is not compatible) ]
1154                 )
1155         fi ]
1156 )
1157
1158 AUDIT_MODULE=none
1159 AC_ARG_WITH(audit,
1160         [  --with-audit=module     Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1161         [
1162           AC_MSG_CHECKING(for supported audit module)
1163           case "$withval" in
1164           bsm)
1165                 AC_MSG_RESULT(bsm)
1166                 AUDIT_MODULE=bsm
1167                 dnl    Checks for headers, libs and functions
1168                 AC_CHECK_HEADERS(bsm/audit.h, [],
1169                     [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1170                     [
1171 #ifdef HAVE_TIME_H
1172 # include <time.h>
1173 #endif
1174                     ]
1175 )
1176                 AC_CHECK_LIB(bsm, getaudit, [],
1177                     [AC_MSG_ERROR(BSM enabled and required library not found)])
1178                 AC_CHECK_FUNCS(getaudit, [],
1179                     [AC_MSG_ERROR(BSM enabled and required function not found)])
1180                 # These are optional
1181                 AC_CHECK_FUNCS(getaudit_addr)
1182                 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1183                 ;;
1184           debug)
1185                 AUDIT_MODULE=debug
1186                 AC_MSG_RESULT(debug)
1187                 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1188                 ;;
1189           no)
1190                 AC_MSG_RESULT(no)
1191                 ;;
1192           *)
1193                 AC_MSG_ERROR([Unknown audit module $withval])
1194                 ;;
1195         esac ]
1196 )
1197
1198 dnl    Checks for library functions. Please keep in alphabetical order
1199 AC_CHECK_FUNCS( \
1200         arc4random \
1201         asprintf \
1202         b64_ntop \
1203         __b64_ntop \
1204         b64_pton \
1205         __b64_pton \
1206         bcopy \
1207         bindresvport_sa \
1208         clock \
1209         closefrom \
1210         dirfd \
1211         fchmod \
1212         fchown \
1213         freeaddrinfo \
1214         futimes \
1215         getaddrinfo \
1216         getcwd \
1217         getgrouplist \
1218         getnameinfo \
1219         getopt \
1220         getpeereid \
1221         _getpty \
1222         getrlimit \
1223         getttyent \
1224         glob \
1225         inet_aton \
1226         inet_ntoa \
1227         inet_ntop \
1228         innetgr \
1229         login_getcapbool \
1230         md5_crypt \
1231         memmove \
1232         mkdtemp \
1233         mmap \
1234         ngetaddrinfo \
1235         nsleep \
1236         ogetaddrinfo \
1237         openlog_r \
1238         openpty \
1239         prctl \
1240         pstat \
1241         readpassphrase \
1242         realpath \
1243         recvmsg \
1244         rresvport_af \
1245         sendmsg \
1246         setdtablesize \
1247         setegid \
1248         setenv \
1249         seteuid \
1250         setgroups \
1251         setlogin \
1252         setpcred \
1253         setproctitle \
1254         setregid \
1255         setreuid \
1256         setrlimit \
1257         setsid \
1258         setvbuf \
1259         sigaction \
1260         sigvec \
1261         snprintf \
1262         socketpair \
1263         strdup \
1264         strerror \
1265         strlcat \
1266         strlcpy \
1267         strmode \
1268         strnvis \
1269         strtonum \
1270         strtoll \
1271         strtoul \
1272         sysconf \
1273         tcgetpgrp \
1274         truncate \
1275         unsetenv \
1276         updwtmpx \
1277         vasprintf \
1278         vhangup \
1279         vsnprintf \
1280         waitpid \
1281 )
1282
1283 # IRIX has a const char return value for gai_strerror()
1284 AC_CHECK_FUNCS(gai_strerror,[
1285         AC_DEFINE(HAVE_GAI_STRERROR)
1286         AC_TRY_COMPILE([
1287 #include <sys/types.h>
1288 #include <sys/socket.h>
1289 #include <netdb.h>
1290
1291 const char *gai_strerror(int);],[
1292 char *str;
1293
1294 str = gai_strerror(0);],[
1295                 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1296                 [Define if gai_strerror() returns const char *])])])
1297
1298 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1299         [Some systems put nanosleep outside of libc]))
1300
1301 dnl Make sure prototypes are defined for these before using them.
1302 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1303 AC_CHECK_DECL(strsep,
1304         [AC_CHECK_FUNCS(strsep)],
1305         [],
1306         [
1307 #ifdef HAVE_STRING_H
1308 # include <string.h>
1309 #endif
1310         ])
1311
1312 dnl tcsendbreak might be a macro
1313 AC_CHECK_DECL(tcsendbreak,
1314         [AC_DEFINE(HAVE_TCSENDBREAK)],
1315         [AC_CHECK_FUNCS(tcsendbreak)],
1316         [#include <termios.h>]
1317 )
1318
1319 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1320
1321 AC_CHECK_DECLS(SHUT_RD, , ,
1322         [
1323 #include <sys/types.h>
1324 #include <sys/socket.h>
1325         ])
1326
1327 AC_CHECK_DECLS(O_NONBLOCK, , ,
1328         [
1329 #include <sys/types.h>
1330 #ifdef HAVE_SYS_STAT_H
1331 # include <sys/stat.h>
1332 #endif
1333 #ifdef HAVE_FCNTL_H
1334 # include <fcntl.h>
1335 #endif
1336         ])
1337
1338 AC_CHECK_DECLS(writev, , , [
1339 #include <sys/types.h>
1340 #include <sys/uio.h>
1341 #include <unistd.h>
1342         ])
1343
1344 AC_CHECK_FUNCS(setresuid, [
1345         dnl Some platorms have setresuid that isn't implemented, test for this
1346         AC_MSG_CHECKING(if setresuid seems to work)
1347         AC_RUN_IFELSE(
1348                 [AC_LANG_SOURCE([[
1349 #include <stdlib.h>
1350 #include <errno.h>
1351 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1352                 ]])],
1353                 [AC_MSG_RESULT(yes)],
1354                 [AC_DEFINE(BROKEN_SETRESUID, 1,
1355                         [Define if your setresuid() is broken])
1356                  AC_MSG_RESULT(not implemented)],
1357                 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1358         )
1359 ])
1360
1361 AC_CHECK_FUNCS(setresgid, [
1362         dnl Some platorms have setresgid that isn't implemented, test for this
1363         AC_MSG_CHECKING(if setresgid seems to work)
1364         AC_RUN_IFELSE(
1365                 [AC_LANG_SOURCE([[
1366 #include <stdlib.h>
1367 #include <errno.h>
1368 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1369                 ]])],
1370                 [AC_MSG_RESULT(yes)],
1371                 [AC_DEFINE(BROKEN_SETRESGID, 1,
1372                         [Define if your setresgid() is broken])
1373                  AC_MSG_RESULT(not implemented)],
1374                 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1375         )
1376 ])
1377
1378 dnl    Checks for time functions
1379 AC_CHECK_FUNCS(gettimeofday time)
1380 dnl    Checks for utmp functions
1381 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1382 AC_CHECK_FUNCS(utmpname)
1383 dnl    Checks for utmpx functions
1384 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1385 AC_CHECK_FUNCS(setutxent utmpxname)
1386
1387 AC_CHECK_FUNC(daemon,
1388         [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1389         [AC_CHECK_LIB(bsd, daemon,
1390                 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1391 )
1392
1393 AC_CHECK_FUNC(getpagesize,
1394         [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1395                 [Define if your libraries define getpagesize()])],
1396         [AC_CHECK_LIB(ucb, getpagesize,
1397                 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1398 )
1399
1400 # Check for broken snprintf
1401 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1402         AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1403         AC_RUN_IFELSE(
1404                 [AC_LANG_SOURCE([[
1405 #include <stdio.h>
1406 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1407                 ]])],
1408                 [AC_MSG_RESULT(yes)],
1409                 [
1410                         AC_MSG_RESULT(no)
1411                         AC_DEFINE(BROKEN_SNPRINTF, 1,
1412                                 [Define if your snprintf is busted])
1413                         AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1414                 ],
1415                 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1416         )
1417 fi
1418
1419 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1420 # returning the right thing on overflow: the number of characters it tried to
1421 # create (as per SUSv3)
1422 if test "x$ac_cv_func_asprintf" != "xyes" && \
1423    test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1424         AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1425         AC_RUN_IFELSE(
1426                 [AC_LANG_SOURCE([[
1427 #include <sys/types.h>
1428 #include <stdio.h>
1429 #include <stdarg.h>
1430
1431 int x_snprintf(char *str,size_t count,const char *fmt,...)
1432 {
1433         size_t ret; va_list ap;
1434         va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1435         return ret;
1436 }
1437 int main(void)
1438 {
1439         char x[1];
1440         exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1441 } ]])],
1442                 [AC_MSG_RESULT(yes)],
1443                 [
1444                         AC_MSG_RESULT(no)
1445                         AC_DEFINE(BROKEN_SNPRINTF, 1,
1446                                 [Define if your snprintf is busted])
1447                         AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1448                 ],
1449                 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1450         )
1451 fi
1452
1453 # On systems where [v]snprintf is broken, but is declared in stdio,
1454 # check that the fmt argument is const char * or just char *.
1455 # This is only useful for when BROKEN_SNPRINTF
1456 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1457 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1458            int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1459            int main(void) { snprintf(0, 0, 0); } 
1460     ]])],
1461    [AC_MSG_RESULT(yes)
1462     AC_DEFINE(SNPRINTF_CONST, [const],
1463               [Define as const if snprintf() can declare const char *fmt])],
1464    [AC_MSG_RESULT(no)
1465     AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1466
1467 # Check for missing getpeereid (or equiv) support
1468 NO_PEERCHECK=""
1469 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1470         AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1471         AC_TRY_COMPILE(
1472                 [#include <sys/types.h>
1473                  #include <sys/socket.h>],
1474                 [int i = SO_PEERCRED;],
1475                 [ AC_MSG_RESULT(yes)
1476                   AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1477                 ],
1478                 [AC_MSG_RESULT(no)
1479                 NO_PEERCHECK=1]
1480         )
1481 fi
1482
1483 dnl see whether mkstemp() requires XXXXXX
1484 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1485 AC_MSG_CHECKING([for (overly) strict mkstemp])
1486 AC_RUN_IFELSE(
1487         [AC_LANG_SOURCE([[
1488 #include <stdlib.h>
1489 main() { char template[]="conftest.mkstemp-test";
1490 if (mkstemp(template) == -1)
1491         exit(1);
1492 unlink(template); exit(0);
1493 }
1494         ]])],
1495         [
1496                 AC_MSG_RESULT(no)
1497         ],
1498         [
1499                 AC_MSG_RESULT(yes)
1500                 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1501         ],
1502         [
1503                 AC_MSG_RESULT(yes)
1504                 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1505         ]
1506 )
1507 fi
1508
1509 dnl make sure that openpty does not reacquire controlling terminal
1510 if test ! -z "$check_for_openpty_ctty_bug"; then
1511         AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1512         AC_RUN_IFELSE(
1513                 [AC_LANG_SOURCE([[
1514 #include <stdio.h>
1515 #include <sys/fcntl.h>
1516 #include <sys/types.h>
1517 #include <sys/wait.h>
1518
1519 int
1520 main()
1521 {
1522         pid_t pid;
1523         int fd, ptyfd, ttyfd, status;
1524
1525         pid = fork();
1526         if (pid < 0) {          /* failed */
1527                 exit(1);
1528         } else if (pid > 0) {   /* parent */
1529                 waitpid(pid, &status, 0);
1530                 if (WIFEXITED(status))
1531                         exit(WEXITSTATUS(status));
1532                 else
1533                         exit(2);
1534         } else {                /* child */
1535                 close(0); close(1); close(2);
1536                 setsid();
1537                 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1538                 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1539                 if (fd >= 0)
1540                         exit(3);        /* Acquired ctty: broken */
1541                 else
1542                         exit(0);        /* Did not acquire ctty: OK */
1543         }
1544 }
1545                 ]])],
1546                 [
1547                         AC_MSG_RESULT(yes)
1548                 ],
1549                 [
1550                         AC_MSG_RESULT(no)
1551                         AC_DEFINE(SSHD_ACQUIRES_CTTY)
1552                 ],
1553                 [
1554                         AC_MSG_RESULT(cross-compiling, assuming yes)
1555                 ]
1556         )
1557 fi
1558
1559 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1560     test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1561         AC_MSG_CHECKING(if getaddrinfo seems to work)
1562         AC_RUN_IFELSE(
1563                 [AC_LANG_SOURCE([[
1564 #include <stdio.h>
1565 #include <sys/socket.h>
1566 #include <netdb.h>
1567 #include <errno.h>
1568 #include <netinet/in.h>
1569
1570 #define TEST_PORT "2222"
1571
1572 int
1573 main(void)
1574 {
1575         int err, sock;
1576         struct addrinfo *gai_ai, *ai, hints;
1577         char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1578
1579         memset(&hints, 0, sizeof(hints));
1580         hints.ai_family = PF_UNSPEC;
1581         hints.ai_socktype = SOCK_STREAM;
1582         hints.ai_flags = AI_PASSIVE;
1583
1584         err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1585         if (err != 0) {
1586                 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1587                 exit(1);
1588         }
1589
1590         for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1591                 if (ai->ai_family != AF_INET6)
1592                         continue;
1593
1594                 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1595                     sizeof(ntop), strport, sizeof(strport),
1596                     NI_NUMERICHOST|NI_NUMERICSERV);
1597
1598                 if (err != 0) {
1599                         if (err == EAI_SYSTEM)
1600                                 perror("getnameinfo EAI_SYSTEM");
1601                         else
1602                                 fprintf(stderr, "getnameinfo failed: %s\n",
1603                                     gai_strerror(err));
1604                         exit(2);
1605                 }
1606
1607                 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1608                 if (sock < 0)
1609                         perror("socket");
1610                 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1611                         if (errno == EBADF)
1612                                 exit(3);
1613                 }
1614         }
1615         exit(0);
1616 }
1617                 ]])],
1618                 [
1619                         AC_MSG_RESULT(yes)
1620                 ],
1621                 [
1622                         AC_MSG_RESULT(no)
1623                         AC_DEFINE(BROKEN_GETADDRINFO)
1624                 ],
1625                 [
1626                         AC_MSG_RESULT(cross-compiling, assuming yes)
1627                 ]
1628         )
1629 fi
1630
1631 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1632     test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1633         AC_MSG_CHECKING(if getaddrinfo seems to work)
1634         AC_RUN_IFELSE(
1635                 [AC_LANG_SOURCE([[
1636 #include <stdio.h>
1637 #include <sys/socket.h>
1638 #include <netdb.h>
1639 #include <errno.h>
1640 #include <netinet/in.h>
1641
1642 #define TEST_PORT "2222"
1643
1644 int
1645 main(void)
1646 {
1647         int err, sock;
1648         struct addrinfo *gai_ai, *ai, hints;
1649         char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1650
1651         memset(&hints, 0, sizeof(hints));
1652         hints.ai_family = PF_UNSPEC;
1653         hints.ai_socktype = SOCK_STREAM;
1654         hints.ai_flags = AI_PASSIVE;
1655
1656         err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1657         if (err != 0) {
1658                 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1659                 exit(1);
1660         }
1661
1662         for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1663                 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1664                         continue;
1665
1666                 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1667                     sizeof(ntop), strport, sizeof(strport),
1668                     NI_NUMERICHOST|NI_NUMERICSERV);
1669
1670                 if (ai->ai_family == AF_INET && err != 0) {
1671                         perror("getnameinfo");
1672                         exit(2);
1673                 }
1674         }
1675         exit(0);
1676 }
1677                 ]])],
1678                 [
1679                         AC_MSG_RESULT(yes)
1680                         AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1681                                 [Define if you have a getaddrinfo that fails
1682                                 for the all-zeros IPv6 address])
1683                 ],
1684                 [
1685                         AC_MSG_RESULT(no)
1686                         AC_DEFINE(BROKEN_GETADDRINFO)
1687                 ],
1688                 [
1689                         AC_MSG_RESULT(cross-compiling, assuming no)
1690                 ]
1691         )
1692 fi
1693
1694 if test "x$check_for_conflicting_getspnam" = "x1"; then
1695         AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1696         AC_COMPILE_IFELSE(
1697                 [
1698 #include <shadow.h>
1699 int main(void) {exit(0);}
1700                 ],
1701                 [
1702                         AC_MSG_RESULT(no)
1703                 ],
1704                 [
1705                         AC_MSG_RESULT(yes)
1706                         AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1707                             [Conflicting defs for getspnam])
1708                 ]
1709         )
1710 fi
1711
1712 AC_FUNC_GETPGRP
1713
1714 # Search for OpenSSL
1715 saved_CPPFLAGS="$CPPFLAGS"
1716 saved_LDFLAGS="$LDFLAGS"
1717 AC_ARG_WITH(ssl-dir,
1718         [  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
1719         [
1720                 if test "x$withval" != "xno" ; then
1721                         case "$withval" in
1722                                 # Relative paths
1723                                 ./*|../*)       withval="`pwd`/$withval"
1724                         esac
1725                         if test -d "$withval/lib"; then
1726                                 if test -n "${need_dash_r}"; then
1727                                         LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1728                                 else
1729                                         LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1730                                 fi
1731                         else
1732                                 if test -n "${need_dash_r}"; then
1733                                         LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1734                                 else
1735                                         LDFLAGS="-L${withval} ${LDFLAGS}"
1736                                 fi
1737                         fi
1738                         if test -d "$withval/include"; then
1739                                 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1740                         else
1741                                 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1742                         fi
1743                 fi
1744         ]
1745 )
1746 LIBS="-lcrypto $LIBS"
1747 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1748         [Define if your ssl headers are included
1749         with #include <openssl/header.h>]),
1750         [
1751                 dnl Check default openssl install dir
1752                 if test -n "${need_dash_r}"; then
1753                         LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1754                 else
1755                         LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1756                 fi
1757                 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1758                 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1759                         [
1760                                 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1761                         ]
1762                 )
1763         ]
1764 )
1765
1766 # Determine OpenSSL header version
1767 AC_MSG_CHECKING([OpenSSL header version])
1768 AC_RUN_IFELSE(
1769         [AC_LANG_SOURCE([[
1770 #include <stdio.h>
1771 #include <string.h>
1772 #include <openssl/opensslv.h>
1773 #define DATA "conftest.sslincver"
1774 int main(void) {
1775         FILE *fd;
1776         int rc;
1777
1778         fd = fopen(DATA,"w");
1779         if(fd == NULL)
1780                 exit(1);
1781
1782         if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1783                 exit(1);
1784
1785         exit(0);
1786 }
1787         ]])],
1788         [
1789                 ssl_header_ver=`cat conftest.sslincver`
1790                 AC_MSG_RESULT($ssl_header_ver)
1791         ],
1792         [
1793                 AC_MSG_RESULT(not found)
1794                 AC_MSG_ERROR(OpenSSL version header not found.)
1795         ],
1796         [
1797                 AC_MSG_WARN([cross compiling: not checking])
1798         ]
1799 )
1800
1801 # Determine OpenSSL library version
1802 AC_MSG_CHECKING([OpenSSL library version])
1803 AC_RUN_IFELSE(
1804         [AC_LANG_SOURCE([[
1805 #include <stdio.h>
1806 #include <string.h>
1807 #include <openssl/opensslv.h>
1808 #include <openssl/crypto.h>
1809 #define DATA "conftest.ssllibver"
1810 int main(void) {
1811         FILE *fd;
1812         int rc;
1813
1814         fd = fopen(DATA,"w");
1815         if(fd == NULL)
1816                 exit(1);
1817
1818         if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1819                 exit(1);
1820
1821         exit(0);
1822 }
1823         ]])],
1824         [
1825                 ssl_library_ver=`cat conftest.ssllibver`
1826                 AC_MSG_RESULT($ssl_library_ver)
1827         ],
1828         [
1829                 AC_MSG_RESULT(not found)
1830                 AC_MSG_ERROR(OpenSSL library not found.)
1831         ],
1832         [
1833                 AC_MSG_WARN([cross compiling: not checking])
1834         ]
1835 )
1836
1837 # Sanity check OpenSSL headers
1838 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1839 AC_RUN_IFELSE(
1840         [AC_LANG_SOURCE([[
1841 #include <string.h>
1842 #include <openssl/opensslv.h>
1843 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1844         ]])],
1845         [
1846                 AC_MSG_RESULT(yes)
1847         ],
1848         [
1849                 AC_MSG_RESULT(no)
1850                 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1851 Check config.log for details.
1852 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1853         ],
1854         [
1855                 AC_MSG_WARN([cross compiling: not checking])
1856         ]
1857 )
1858
1859 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1860 AC_LINK_IFELSE(
1861         [AC_LANG_SOURCE([[
1862 #include <openssl/evp.h>
1863 int main(void) { SSLeay_add_all_algorithms(); }
1864         ]])],
1865         [
1866                 AC_MSG_RESULT(yes)
1867         ],
1868         [
1869                 AC_MSG_RESULT(no)
1870                 saved_LIBS="$LIBS"
1871                 LIBS="$LIBS -ldl"
1872                 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1873                 AC_LINK_IFELSE(
1874                         [AC_LANG_SOURCE([[
1875 #include <openssl/evp.h>
1876 int main(void) { SSLeay_add_all_algorithms(); }
1877                         ]])],
1878                         [
1879                                 AC_MSG_RESULT(yes)
1880                         ],
1881                         [
1882                                 AC_MSG_RESULT(no)
1883                                 LIBS="$saved_LIBS"
1884                         ]
1885                 )
1886         ]
1887 )
1888
1889 AC_ARG_WITH(ssl-engine,
1890         [  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
1891         [ if test "x$withval" != "xno" ; then
1892                 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1893                 AC_TRY_COMPILE(
1894                         [ #include <openssl/engine.h>],
1895                         [
1896 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1897                         ],
1898                         [ AC_MSG_RESULT(yes)
1899                           AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1900                              [Enable OpenSSL engine support])
1901                         ],
1902                         [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1903                 )
1904           fi ]
1905 )
1906
1907 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1908 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1909 AC_LINK_IFELSE(
1910         [AC_LANG_SOURCE([[
1911 #include <string.h>
1912 #include <openssl/evp.h>
1913 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1914         ]])],
1915         [
1916                 AC_MSG_RESULT(no)
1917         ],
1918         [
1919                 AC_MSG_RESULT(yes)
1920                 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1921                     [libcrypto is missing AES 192 and 256 bit functions])
1922         ]
1923 )
1924
1925 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1926 # because the system crypt() is more featureful.
1927 if test "x$check_for_libcrypt_before" = "x1"; then
1928         AC_CHECK_LIB(crypt, crypt)
1929 fi
1930
1931 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1932 # version in OpenSSL.
1933 if test "x$check_for_libcrypt_later" = "x1"; then
1934         AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1935 fi
1936
1937 # Search for SHA256 support in libc and/or OpenSSL
1938 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1939
1940 AC_CHECK_LIB(iaf, ia_openinfo)
1941
1942 ### Configure cryptographic random number support
1943
1944 # Check wheter OpenSSL seeds itself
1945 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1946 AC_RUN_IFELSE(
1947         [AC_LANG_SOURCE([[
1948 #include <string.h>
1949 #include <openssl/rand.h>
1950 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1951         ]])],
1952         [
1953                 OPENSSL_SEEDS_ITSELF=yes
1954                 AC_MSG_RESULT(yes)
1955         ],
1956         [
1957                 AC_MSG_RESULT(no)
1958                 # Default to use of the rand helper if OpenSSL doesn't
1959                 # seed itself
1960                 USE_RAND_HELPER=yes
1961         ],
1962         [
1963                 AC_MSG_WARN([cross compiling: assuming yes])
1964                 # This is safe, since all recent OpenSSL versions will
1965                 # complain at runtime if not seeded correctly.
1966                 OPENSSL_SEEDS_ITSELF=yes
1967         ]
1968 )
1969
1970 # Check for PAM libs
1971 PAM_MSG="no"
1972 AC_ARG_WITH(pam,
1973         [  --with-pam              Enable PAM support ],
1974         [
1975                 if test "x$withval" != "xno" ; then
1976                         if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1977                            test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1978                                 AC_MSG_ERROR([PAM headers not found])
1979                         fi
1980
1981                         saved_LIBS="$LIBS"
1982                         AC_CHECK_LIB(dl, dlopen, , )
1983                         AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1984                         AC_CHECK_FUNCS(pam_getenvlist)
1985                         AC_CHECK_FUNCS(pam_putenv)
1986                         LIBS="$saved_LIBS"
1987
1988                         PAM_MSG="yes"
1989
1990                         LIBPAM="-lpam"
1991                         AC_DEFINE(USE_PAM, 1,
1992                                 [Define if you want to enable PAM support])
1993
1994                         if test $ac_cv_lib_dl_dlopen = yes; then
1995                                 case "$LIBS" in
1996                                 *-ldl*)
1997                                         # libdl already in LIBS
1998                                         ;;
1999                                 *)
2000                                         LIBPAM="$LIBPAM -ldl"
2001                                         ;;
2002                                 esac
2003                         fi
2004                         AC_SUBST(LIBPAM)
2005                 fi
2006         ]
2007 )
2008
2009 # Check for older PAM
2010 if test "x$PAM_MSG" = "xyes" ; then
2011         # Check PAM strerror arguments (old PAM)
2012         AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2013         AC_TRY_COMPILE(
2014                 [
2015 #include <stdlib.h>
2016 #if defined(HAVE_SECURITY_PAM_APPL_H)
2017 #include <security/pam_appl.h>
2018 #elif defined (HAVE_PAM_PAM_APPL_H)
2019 #include <pam/pam_appl.h>
2020 #endif
2021                 ],
2022                 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2023                 [AC_MSG_RESULT(no)],
2024                 [
2025                         AC_DEFINE(HAVE_OLD_PAM, 1,
2026                                 [Define if you have an old version of PAM
2027                                 which takes only one argument to pam_strerror])
2028                         AC_MSG_RESULT(yes)
2029                         PAM_MSG="yes (old library)"
2030                 ]
2031         )
2032 fi
2033
2034 # Do we want to force the use of the rand helper?
2035 AC_ARG_WITH(rand-helper,
2036         [  --with-rand-helper      Use subprocess to gather strong randomness ],
2037         [
2038                 if test "x$withval" = "xno" ; then
2039                         # Force use of OpenSSL's internal RNG, even if
2040                         # the previous test showed it to be unseeded.
2041                         if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2042                                 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2043                                 OPENSSL_SEEDS_ITSELF=yes
2044                                 USE_RAND_HELPER=""
2045                         fi
2046                 else
2047                         USE_RAND_HELPER=yes
2048                 fi
2049         ],
2050 )
2051
2052 # Which randomness source do we use?
2053 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2054         # OpenSSL only
2055         AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2056                 [Define if you want OpenSSL's internally seeded PRNG only])
2057         RAND_MSG="OpenSSL internal ONLY"
2058         INSTALL_SSH_RAND_HELPER=""
2059 elif test ! -z "$USE_RAND_HELPER" ; then
2060         # install rand helper
2061         RAND_MSG="ssh-rand-helper"
2062         INSTALL_SSH_RAND_HELPER="yes"
2063 fi
2064 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2065
2066 ### Configuration of ssh-rand-helper
2067
2068 # PRNGD TCP socket
2069 AC_ARG_WITH(prngd-port,
2070         [  --with-prngd-port=PORT  read entropy from PRNGD/EGD TCP localhost:PORT],
2071         [
2072                 case "$withval" in
2073                 no)
2074                         withval=""
2075                         ;;
2076                 [[0-9]]*)
2077                         ;;
2078                 *)
2079                         AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2080                         ;;
2081                 esac
2082                 if test ! -z "$withval" ; then
2083                         PRNGD_PORT="$withval"
2084                         AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2085                                 [Port number of PRNGD/EGD random number socket])
2086                 fi
2087         ]
2088 )
2089
2090 # PRNGD Unix domain socket
2091 AC_ARG_WITH(prngd-socket,
2092         [  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2093         [
2094                 case "$withval" in
2095                 yes)
2096                         withval="/var/run/egd-pool"
2097                         ;;
2098                 no)
2099                         withval=""
2100                         ;;
2101                 /*)
2102                         ;;
2103                 *)
2104                         AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2105                         ;;
2106                 esac
2107
2108                 if test ! -z "$withval" ; then
2109                         if test ! -z "$PRNGD_PORT" ; then
2110                                 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2111                         fi
2112                         if test ! -r "$withval" ; then
2113                                 AC_MSG_WARN(Entropy socket is not readable)
2114                         fi
2115                         PRNGD_SOCKET="$withval"
2116                         AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2117                                 [Location of PRNGD/EGD random number socket])
2118                 fi
2119         ],
2120         [
2121                 # Check for existing socket only if we don't have a random device already
2122                 if test "$USE_RAND_HELPER" = yes ; then
2123                         AC_MSG_CHECKING(for PRNGD/EGD socket)
2124                         # Insert other locations here
2125                         for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2126                                 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2127                                         PRNGD_SOCKET="$sock"
2128                                         AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2129                                         break;
2130                                 fi
2131                         done
2132                         if test ! -z "$PRNGD_SOCKET" ; then
2133                                 AC_MSG_RESULT($PRNGD_SOCKET)
2134                         else
2135                                 AC_MSG_RESULT(not found)
2136                         fi
2137                 fi
2138         ]
2139 )
2140
2141 # Change default command timeout for hashing entropy source
2142 entropy_timeout=200
2143 AC_ARG_WITH(entropy-timeout,
2144         [  --with-entropy-timeout  Specify entropy gathering command timeout (msec)],
2145         [
2146                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
2147                     test "x${withval}" != "xyes"; then
2148                         entropy_timeout=$withval
2149                 fi
2150         ]
2151 )
2152 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2153         [Builtin PRNG command timeout])
2154
2155 SSH_PRIVSEP_USER=sshd
2156 AC_ARG_WITH(privsep-user,
2157         [  --with-privsep-user=user Specify non-privileged user for privilege separation],
2158         [
2159                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
2160                     test "x${withval}" != "xyes"; then
2161                         SSH_PRIVSEP_USER=$withval
2162                 fi
2163         ]
2164 )
2165 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2166         [non-privileged user for privilege separation])
2167 AC_SUBST(SSH_PRIVSEP_USER)
2168
2169 # We do this little dance with the search path to insure
2170 # that programs that we select for use by installed programs
2171 # (which may be run by the super-user) come from trusted
2172 # locations before they come from the user's private area.
2173 # This should help avoid accidentally configuring some
2174 # random version of a program in someone's personal bin.
2175
2176 OPATH=$PATH
2177 PATH=/bin:/usr/bin
2178 test -h /bin 2> /dev/null && PATH=/usr/bin
2179 test -d /sbin && PATH=$PATH:/sbin
2180 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2181 PATH=$PATH:/etc:$OPATH
2182
2183 # These programs are used by the command hashing source to gather entropy
2184 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2185 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2186 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2187 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2188 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2189 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2190 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2191 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2192 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2193 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2194 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2195 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2196 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2197 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2198 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2199 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2200 # restore PATH
2201 PATH=$OPATH
2202
2203 # Where does ssh-rand-helper get its randomness from?
2204 INSTALL_SSH_PRNG_CMDS=""
2205 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2206         if test ! -z "$PRNGD_PORT" ; then
2207                 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2208         elif test ! -z "$PRNGD_SOCKET" ; then
2209                 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2210         else
2211                 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2212                 RAND_HELPER_CMDHASH=yes
2213                 INSTALL_SSH_PRNG_CMDS="yes"
2214         fi
2215 fi
2216 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2217
2218
2219 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2220 if test ! -z "$SONY" ; then
2221   LIBS="$LIBS -liberty";
2222 fi
2223
2224 # Check for  long long datatypes
2225 AC_CHECK_TYPES([long long, unsigned long long, long double])
2226
2227 # Check datatype sizes
2228 AC_CHECK_SIZEOF(char, 1)
2229 AC_CHECK_SIZEOF(short int, 2)
2230 AC_CHECK_SIZEOF(int, 4)
2231 AC_CHECK_SIZEOF(long int, 4)
2232 AC_CHECK_SIZEOF(long long int, 8)
2233
2234 # Sanity check long long for some platforms (AIX)
2235 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2236         ac_cv_sizeof_long_long_int=0
2237 fi
2238
2239 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2240 if test -z "$have_llong_max"; then
2241         AC_MSG_CHECKING([for max value of long long])
2242         AC_RUN_IFELSE(
2243                 [AC_LANG_SOURCE([[
2244 #include <stdio.h>
2245 /* Why is this so damn hard? */
2246 #ifdef __GNUC__
2247 # undef __GNUC__
2248 #endif
2249 #define __USE_ISOC99
2250 #include <limits.h>
2251 #define DATA "conftest.llminmax"
2252 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2253
2254 /*
2255  * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2256  * we do this the hard way.
2257  */
2258 static int
2259 fprint_ll(FILE *f, long long n)
2260 {
2261         unsigned int i;
2262         int l[sizeof(long long) * 8];
2263
2264         if (n < 0)
2265                 if (fprintf(f, "-") < 0)
2266                         return -1;
2267         for (i = 0; n != 0; i++) {
2268                 l[i] = my_abs(n % 10);
2269                 n /= 10;
2270         }
2271         do {
2272                 if (fprintf(f, "%d", l[--i]) < 0)
2273                         return -1;
2274         } while (i != 0);
2275         if (fprintf(f, " ") < 0)
2276                 return -1;
2277         return 0;
2278 }
2279
2280 int main(void) {
2281         FILE *f;
2282         long long i, llmin, llmax = 0;
2283
2284         if((f = fopen(DATA,"w")) == NULL)
2285                 exit(1);
2286
2287 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2288         fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2289         llmin = LLONG_MIN;
2290         llmax = LLONG_MAX;
2291 #else
2292         fprintf(stderr, "Calculating  LLONG_MIN and LLONG_MAX\n");
2293         /* This will work on one's complement and two's complement */
2294         for (i = 1; i > llmax; i <<= 1, i++)
2295                 llmax = i;
2296         llmin = llmax + 1LL;    /* wrap */
2297 #endif
2298
2299         /* Sanity check */
2300         if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2301             || llmax - 1 > llmax || llmin == llmax || llmin == 0
2302             || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2303                 fprintf(f, "unknown unknown\n");
2304                 exit(2);
2305         }
2306
2307         if (fprint_ll(f, llmin) < 0)
2308                 exit(3);
2309         if (fprint_ll(f, llmax) < 0)
2310                 exit(4);
2311         if (fclose(f) < 0)
2312                 exit(5);
2313         exit(0);
2314 }
2315                 ]])],
2316                 [
2317                         llong_min=`$AWK '{print $1}' conftest.llminmax`
2318                         llong_max=`$AWK '{print $2}' conftest.llminmax`
2319
2320                         AC_MSG_RESULT($llong_max)
2321                         AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2322                             [max value of long long calculated by configure])
2323                         AC_MSG_CHECKING([for min value of long long])
2324                         AC_MSG_RESULT($llong_min)
2325                         AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2326                             [min value of long long calculated by configure])
2327                 ],
2328                 [
2329                         AC_MSG_RESULT(not found)
2330                 ],
2331                 [
2332                         AC_MSG_WARN([cross compiling: not checking])
2333                 ]
2334         )
2335 fi
2336
2337
2338 # More checks for data types
2339 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2340         AC_TRY_COMPILE(
2341                 [ #include <sys/types.h> ],
2342                 [ u_int a; a = 1;],
2343                 [ ac_cv_have_u_int="yes" ],
2344                 [ ac_cv_have_u_int="no" ]
2345         )
2346 ])
2347 if test "x$ac_cv_have_u_int" = "xyes" ; then
2348         AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2349         have_u_int=1
2350 fi
2351
2352 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2353         AC_TRY_COMPILE(
2354                 [ #include <sys/types.h> ],
2355                 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2356                 [ ac_cv_have_intxx_t="yes" ],
2357                 [ ac_cv_have_intxx_t="no" ]
2358         )
2359 ])
2360 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2361         AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2362         have_intxx_t=1
2363 fi
2364
2365 if (test -z "$have_intxx_t" && \
2366            test "x$ac_cv_header_stdint_h" = "xyes")
2367 then
2368     AC_MSG_CHECKING([for intXX_t types in stdint.h])
2369         AC_TRY_COMPILE(
2370                 [ #include <stdint.h> ],
2371                 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2372                 [
2373                         AC_DEFINE(HAVE_INTXX_T)
2374                         AC_MSG_RESULT(yes)
2375                 ],
2376                 [ AC_MSG_RESULT(no) ]
2377         )
2378 fi
2379
2380 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2381         AC_TRY_COMPILE(
2382                 [
2383 #include <sys/types.h>
2384 #ifdef HAVE_STDINT_H
2385 # include <stdint.h>
2386 #endif
2387 #include <sys/socket.h>
2388 #ifdef HAVE_SYS_BITYPES_H
2389 # include <sys/bitypes.h>
2390 #endif
2391                 ],
2392                 [ int64_t a; a = 1;],
2393                 [ ac_cv_have_int64_t="yes" ],
2394                 [ ac_cv_have_int64_t="no" ]
2395         )
2396 ])
2397 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2398         AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2399 fi
2400
2401 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2402         AC_TRY_COMPILE(
2403                 [ #include <sys/types.h> ],
2404                 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2405                 [ ac_cv_have_u_intxx_t="yes" ],
2406                 [ ac_cv_have_u_intxx_t="no" ]
2407         )
2408 ])
2409 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2410         AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2411         have_u_intxx_t=1
2412 fi
2413
2414 if test -z "$have_u_intxx_t" ; then
2415     AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2416         AC_TRY_COMPILE(
2417                 [ #include <sys/socket.h> ],
2418                 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2419                 [
2420                         AC_DEFINE(HAVE_U_INTXX_T)
2421                         AC_MSG_RESULT(yes)
2422                 ],
2423                 [ AC_MSG_RESULT(no) ]
2424         )
2425 fi
2426
2427 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2428         AC_TRY_COMPILE(
2429                 [ #include <sys/types.h> ],
2430                 [ u_int64_t a; a = 1;],
2431                 [ ac_cv_have_u_int64_t="yes" ],
2432                 [ ac_cv_have_u_int64_t="no" ]
2433         )
2434 ])
2435 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2436         AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2437         have_u_int64_t=1
2438 fi
2439
2440 if test -z "$have_u_int64_t" ; then
2441     AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2442         AC_TRY_COMPILE(
2443                 [ #include <sys/bitypes.h> ],
2444                 [ u_int64_t a; a = 1],
2445                 [
2446                         AC_DEFINE(HAVE_U_INT64_T)
2447                         AC_MSG_RESULT(yes)
2448                 ],
2449                 [ AC_MSG_RESULT(no) ]
2450         )
2451 fi
2452
2453 if test -z "$have_u_intxx_t" ; then
2454         AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2455                 AC_TRY_COMPILE(
2456                         [
2457 #include <sys/types.h>
2458                         ],
2459                         [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2460                         [ ac_cv_have_uintxx_t="yes" ],
2461                         [ ac_cv_have_uintxx_t="no" ]
2462                 )
2463         ])
2464         if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2465                 AC_DEFINE(HAVE_UINTXX_T, 1,
2466                         [define if you have uintxx_t data type])
2467         fi
2468 fi
2469
2470 if test -z "$have_uintxx_t" ; then
2471     AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2472         AC_TRY_COMPILE(
2473                 [ #include <stdint.h> ],
2474                 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2475                 [
2476                         AC_DEFINE(HAVE_UINTXX_T)
2477                         AC_MSG_RESULT(yes)
2478                 ],
2479                 [ AC_MSG_RESULT(no) ]
2480         )
2481 fi
2482
2483 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2484            test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2485 then
2486         AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2487         AC_TRY_COMPILE(
2488                 [
2489 #include <sys/bitypes.h>
2490                 ],
2491                 [
2492                         int8_t a; int16_t b; int32_t c;
2493                         u_int8_t e; u_int16_t f; u_int32_t g;
2494                         a = b = c = e = f = g = 1;
2495                 ],
2496                 [
2497                         AC_DEFINE(HAVE_U_INTXX_T)
2498                         AC_DEFINE(HAVE_INTXX_T)
2499                         AC_MSG_RESULT(yes)
2500                 ],
2501                 [AC_MSG_RESULT(no)]
2502         )
2503 fi
2504
2505
2506 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2507         AC_TRY_COMPILE(
2508                 [
2509 #include <sys/types.h>
2510                 ],
2511                 [ u_char foo; foo = 125; ],
2512                 [ ac_cv_have_u_char="yes" ],
2513                 [ ac_cv_have_u_char="no" ]
2514         )
2515 ])
2516 if test "x$ac_cv_have_u_char" = "xyes" ; then
2517         AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2518 fi
2519
2520 TYPE_SOCKLEN_T
2521
2522 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2523
2524 AC_CHECK_TYPES(in_addr_t,,,
2525 [#include <sys/types.h>
2526 #include <netinet/in.h>])
2527
2528 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2529         AC_TRY_COMPILE(
2530                 [
2531 #include <sys/types.h>
2532                 ],
2533                 [ size_t foo; foo = 1235; ],
2534                 [ ac_cv_have_size_t="yes" ],
2535                 [ ac_cv_have_size_t="no" ]
2536         )
2537 ])
2538 if test "x$ac_cv_have_size_t" = "xyes" ; then
2539         AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2540 fi
2541
2542 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2543         AC_TRY_COMPILE(
2544                 [
2545 #include <sys/types.h>
2546                 ],
2547                 [ ssize_t foo; foo = 1235; ],
2548                 [ ac_cv_have_ssize_t="yes" ],
2549                 [ ac_cv_have_ssize_t="no" ]
2550         )
2551 ])
2552 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2553         AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2554 fi
2555
2556 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2557         AC_TRY_COMPILE(
2558                 [
2559 #include <time.h>
2560                 ],
2561                 [ clock_t foo; foo = 1235; ],
2562                 [ ac_cv_have_clock_t="yes" ],
2563                 [ ac_cv_have_clock_t="no" ]
2564         )
2565 ])
2566 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2567         AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2568 fi
2569
2570 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2571         AC_TRY_COMPILE(
2572                 [
2573 #include <sys/types.h>
2574 #include <sys/socket.h>
2575                 ],
2576                 [ sa_family_t foo; foo = 1235; ],
2577                 [ ac_cv_have_sa_family_t="yes" ],
2578                 [ AC_TRY_COMPILE(
2579                   [
2580 #include <sys/types.h>
2581 #include <sys/socket.h>
2582 #include <netinet/in.h>
2583                 ],
2584                 [ sa_family_t foo; foo = 1235; ],
2585                 [ ac_cv_have_sa_family_t="yes" ],
2586
2587                 [ ac_cv_have_sa_family_t="no" ]
2588         )]
2589         )
2590 ])
2591 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2592         AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2593                 [define if you have sa_family_t data type])
2594 fi
2595
2596 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2597         AC_TRY_COMPILE(
2598                 [
2599 #include <sys/types.h>
2600                 ],
2601                 [ pid_t foo; foo = 1235; ],
2602                 [ ac_cv_have_pid_t="yes" ],
2603                 [ ac_cv_have_pid_t="no" ]
2604         )
2605 ])
2606 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2607         AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2608 fi
2609
2610 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2611         AC_TRY_COMPILE(
2612                 [
2613 #include <sys/types.h>
2614                 ],
2615                 [ mode_t foo; foo = 1235; ],
2616                 [ ac_cv_have_mode_t="yes" ],
2617                 [ ac_cv_have_mode_t="no" ]
2618         )
2619 ])
2620 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2621         AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2622 fi
2623
2624
2625 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2626         AC_TRY_COMPILE(
2627                 [
2628 #include <sys/types.h>
2629 #include <sys/socket.h>
2630                 ],
2631                 [ struct sockaddr_storage s; ],
2632                 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2633                 [ ac_cv_have_struct_sockaddr_storage="no" ]
2634         )
2635 ])
2636 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2637         AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2638                 [define if you have struct sockaddr_storage data type])
2639 fi
2640
2641 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2642         AC_TRY_COMPILE(
2643                 [
2644 #include <sys/types.h>
2645 #include <netinet/in.h>
2646                 ],
2647                 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2648                 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2649                 [ ac_cv_have_struct_sockaddr_in6="no" ]
2650         )
2651 ])
2652 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2653         AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2654                 [define if you have struct sockaddr_in6 data type])
2655 fi
2656
2657 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2658         AC_TRY_COMPILE(
2659                 [
2660 #include <sys/types.h>
2661 #include <netinet/in.h>
2662                 ],
2663                 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2664                 [ ac_cv_have_struct_in6_addr="yes" ],
2665                 [ ac_cv_have_struct_in6_addr="no" ]
2666         )
2667 ])
2668 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2669         AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2670                 [define if you have struct in6_addr data type])
2671 fi
2672
2673 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2674         AC_TRY_COMPILE(
2675                 [
2676 #include <sys/types.h>
2677 #include <sys/socket.h>
2678 #include <netdb.h>
2679                 ],
2680                 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2681                 [ ac_cv_have_struct_addrinfo="yes" ],
2682                 [ ac_cv_have_struct_addrinfo="no" ]
2683         )
2684 ])
2685 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2686         AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2687                 [define if you have struct addrinfo data type])
2688 fi
2689
2690 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2691         AC_TRY_COMPILE(
2692                 [ #include <sys/time.h> ],
2693                 [ struct timeval tv; tv.tv_sec = 1;],
2694                 [ ac_cv_have_struct_timeval="yes" ],
2695                 [ ac_cv_have_struct_timeval="no" ]
2696         )
2697 ])
2698 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2699         AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2700         have_struct_timeval=1
2701 fi
2702
2703 AC_CHECK_TYPES(struct timespec)
2704
2705 # We need int64_t or else certian parts of the compile will fail.
2706 if test "x$ac_cv_have_int64_t" = "xno" && \
2707         test "x$ac_cv_sizeof_long_int" != "x8" && \
2708         test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2709         echo "OpenSSH requires int64_t support.  Contact your vendor or install"
2710         echo "an alternative compiler (I.E., GCC) before continuing."
2711         echo ""
2712         exit 1;
2713 else
2714 dnl test snprintf (broken on SCO w/gcc)
2715         AC_RUN_IFELSE(
2716                 [AC_LANG_SOURCE([[
2717 #include <stdio.h>
2718 #include <string.h>
2719 #ifdef HAVE_SNPRINTF
2720 main()
2721 {
2722         char buf[50];
2723         char expected_out[50];
2724         int mazsize = 50 ;
2725 #if (SIZEOF_LONG_INT == 8)
2726         long int num = 0x7fffffffffffffff;
2727 #else
2728         long long num = 0x7fffffffffffffffll;
2729 #endif
2730         strcpy(expected_out, "9223372036854775807");
2731         snprintf(buf, mazsize, "%lld", num);
2732         if(strcmp(buf, expected_out) != 0)
2733                 exit(1);
2734         exit(0);
2735 }
2736 #else
2737 main() { exit(0); }
2738 #endif
2739                 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2740                 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2741         )
2742 fi
2743
2744 dnl Checks for structure members
2745 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2746 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2747 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2748 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2749 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2750 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2751 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2752 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2753 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2754 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2755 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2756 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2757 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2758 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2759 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2760 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2761 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2762
2763 AC_CHECK_MEMBERS([struct stat.st_blksize])
2764 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2765         [Define if we don't have struct __res_state in resolv.h])],
2766 [
2767 #include <stdio.h>
2768 #if HAVE_SYS_TYPES_H
2769 # include <sys/types.h>
2770 #endif
2771 #include <netinet/in.h>
2772 #include <arpa/nameser.h>
2773 #include <resolv.h>
2774 ])
2775
2776 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2777                 ac_cv_have_ss_family_in_struct_ss, [
2778         AC_TRY_COMPILE(
2779                 [
2780 #include <sys/types.h>
2781 #include <sys/socket.h>
2782                 ],
2783                 [ struct sockaddr_storage s; s.ss_family = 1; ],
2784                 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2785                 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2786         )
2787 ])
2788 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2789         AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2790 fi
2791
2792 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2793                 ac_cv_have___ss_family_in_struct_ss, [
2794         AC_TRY_COMPILE(
2795                 [
2796 #include <sys/types.h>
2797 #include <sys/socket.h>
2798                 ],
2799                 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2800                 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2801                 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2802         )
2803 ])
2804 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2805         AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2806                 [Fields in struct sockaddr_storage])
2807 fi
2808
2809 AC_CACHE_CHECK([for pw_class field in struct passwd],
2810                 ac_cv_have_pw_class_in_struct_passwd, [
2811         AC_TRY_COMPILE(
2812                 [
2813 #include <pwd.h>
2814                 ],
2815                 [ struct passwd p; p.pw_class = 0; ],
2816                 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2817                 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2818         )
2819 ])
2820 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2821         AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2822                 [Define if your password has a pw_class field])
2823 fi
2824
2825 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2826                 ac_cv_have_pw_expire_in_struct_passwd, [
2827         AC_TRY_COMPILE(
2828                 [
2829 #include <pwd.h>
2830                 ],
2831                 [ struct passwd p; p.pw_expire = 0; ],
2832                 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2833                 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2834         )
2835 ])
2836 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2837         AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2838                 [Define if your password has a pw_expire field])
2839 fi
2840
2841 AC_CACHE_CHECK([for pw_change field in struct passwd],
2842                 ac_cv_have_pw_change_in_struct_passwd, [
2843         AC_TRY_COMPILE(
2844                 [
2845 #include <pwd.h>
2846                 ],
2847                 [ struct passwd p; p.pw_change = 0; ],
2848                 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2849                 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2850         )
2851 ])
2852 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2853         AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2854                 [Define if your password has a pw_change field])
2855 fi
2856
2857 dnl make sure we're using the real structure members and not defines
2858 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2859                 ac_cv_have_accrights_in_msghdr, [
2860         AC_COMPILE_IFELSE(
2861                 [
2862 #include <sys/types.h>
2863 #include <sys/socket.h>
2864 #include <sys/uio.h>
2865 int main() {
2866 #ifdef msg_accrights
2867 #error "msg_accrights is a macro"
2868 exit(1);
2869 #endif
2870 struct msghdr m;
2871 m.msg_accrights = 0;
2872 exit(0);
2873 }
2874                 ],
2875                 [ ac_cv_have_accrights_in_msghdr="yes" ],
2876                 [ ac_cv_have_accrights_in_msghdr="no" ]
2877         )
2878 ])
2879 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2880         AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2881                 [Define if your system uses access rights style
2882                 file descriptor passing])
2883 fi
2884
2885 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2886                 ac_cv_have_control_in_msghdr, [
2887         AC_COMPILE_IFELSE(
2888                 [
2889 #include <sys/types.h>
2890 #include <sys/socket.h>
2891 #include <sys/uio.h>
2892 int main() {
2893 #ifdef msg_control
2894 #error "msg_control is a macro"
2895 exit(1);
2896 #endif
2897 struct msghdr m;
2898 m.msg_control = 0;
2899 exit(0);
2900 }
2901                 ],
2902                 [ ac_cv_have_control_in_msghdr="yes" ],
2903                 [ ac_cv_have_control_in_msghdr="no" ]
2904         )
2905 ])
2906 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2907         AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2908                 [Define if your system uses ancillary data style
2909                 file descriptor passing])
2910 fi
2911
2912 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2913         AC_TRY_LINK([],
2914                 [ extern char *__progname; printf("%s", __progname); ],
2915                 [ ac_cv_libc_defines___progname="yes" ],
2916                 [ ac_cv_libc_defines___progname="no" ]
2917         )
2918 ])
2919 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2920         AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2921 fi
2922
2923 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2924         AC_TRY_LINK([
2925 #include <stdio.h>
2926 ],
2927                 [ printf("%s", __FUNCTION__); ],
2928                 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2929                 [ ac_cv_cc_implements___FUNCTION__="no" ]
2930         )
2931 ])
2932 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2933         AC_DEFINE(HAVE___FUNCTION__, 1,
2934                 [Define if compiler implements __FUNCTION__])
2935 fi
2936
2937 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2938         AC_TRY_LINK([
2939 #include <stdio.h>
2940 ],
2941                 [ printf("%s", __func__); ],
2942                 [ ac_cv_cc_implements___func__="yes" ],
2943                 [ ac_cv_cc_implements___func__="no" ]
2944         )
2945 ])
2946 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2947         AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2948 fi
2949
2950 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2951         AC_TRY_LINK(
2952                 [#include <stdarg.h>
2953                  va_list x,y;],
2954                 [va_copy(x,y);],
2955                 [ ac_cv_have_va_copy="yes" ],
2956                 [ ac_cv_have_va_copy="no" ]
2957         )
2958 ])
2959 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2960         AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2961 fi
2962
2963 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2964         AC_TRY_LINK(
2965                 [#include <stdarg.h>
2966                  va_list x,y;],
2967                 [__va_copy(x,y);],
2968                 [ ac_cv_have___va_copy="yes" ],
2969                 [ ac_cv_have___va_copy="no" ]
2970         )
2971 ])
2972 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2973         AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2974 fi
2975
2976 AC_CACHE_CHECK([whether getopt has optreset support],
2977                 ac_cv_have_getopt_optreset, [
2978         AC_TRY_LINK(
2979                 [
2980 #include <getopt.h>
2981                 ],
2982                 [ extern int optreset; optreset = 0; ],
2983                 [ ac_cv_have_getopt_optreset="yes" ],
2984                 [ ac_cv_have_getopt_optreset="no" ]
2985         )
2986 ])
2987 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2988         AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2989                 [Define if your getopt(3) defines and uses optreset])
2990 fi
2991
2992 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2993         AC_TRY_LINK([],
2994                 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2995                 [ ac_cv_libc_defines_sys_errlist="yes" ],
2996                 [ ac_cv_libc_defines_sys_errlist="no" ]
2997         )
2998 ])
2999 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3000         AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3001                 [Define if your system defines sys_errlist[]])
3002 fi
3003
3004
3005 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3006         AC_TRY_LINK([],
3007                 [ extern int sys_nerr; printf("%i", sys_nerr);],
3008                 [ ac_cv_libc_defines_sys_nerr="yes" ],
3009                 [ ac_cv_libc_defines_sys_nerr="no" ]
3010         )
3011 ])
3012 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3013         AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3014 fi
3015
3016 SCARD_MSG="no"
3017 # Check whether user wants sectok support
3018 AC_ARG_WITH(sectok,
3019         [  --with-sectok           Enable smartcard support using libsectok],
3020         [
3021                 if test "x$withval" != "xno" ; then
3022                         if test "x$withval" != "xyes" ; then
3023                                 CPPFLAGS="$CPPFLAGS -I${withval}"
3024                                 LDFLAGS="$LDFLAGS -L${withval}"
3025                                 if test ! -z "$need_dash_r" ; then
3026                                         LDFLAGS="$LDFLAGS -R${withval}"
3027                                 fi
3028                                 if test ! -z "$blibpath" ; then
3029                                         blibpath="$blibpath:${withval}"
3030                                 fi
3031                         fi
3032                         AC_CHECK_HEADERS(sectok.h)
3033                         if test "$ac_cv_header_sectok_h" != yes; then
3034                                 AC_MSG_ERROR(Can't find sectok.h)
3035                         fi
3036                         AC_CHECK_LIB(sectok, sectok_open)
3037                         if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3038                                 AC_MSG_ERROR(Can't find libsectok)
3039                         fi
3040                         AC_DEFINE(SMARTCARD, 1,
3041                                 [Define if you want smartcard support])
3042                         AC_DEFINE(USE_SECTOK, 1,
3043                                 [Define if you want smartcard support
3044                                 using sectok])
3045                         SCARD_MSG="yes, using sectok"
3046                 fi
3047         ]
3048 )
3049
3050 # Check whether user wants OpenSC support
3051 OPENSC_CONFIG="no"
3052 AC_ARG_WITH(opensc,
3053         [  --with-opensc[[=PFX]]     Enable smartcard support using OpenSC (optionally in PATH)],
3054         [
3055             if test "x$withval" != "xno" ; then
3056                 if test "x$withval" != "xyes" ; then
3057                         OPENSC_CONFIG=$withval/bin/opensc-config
3058                 else
3059                         AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3060                 fi
3061                 if test "$OPENSC_CONFIG" != "no"; then
3062                         LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3063                         LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3064                         CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3065                         LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
3066                         AC_DEFINE(SMARTCARD)
3067                         AC_DEFINE(USE_OPENSC, 1,
3068                                 [Define if you want smartcard support
3069                                 using OpenSC])
3070                         SCARD_MSG="yes, using OpenSC"
3071                 fi
3072             fi
3073         ]
3074 )
3075
3076 # Check libraries needed by DNS fingerprint support
3077 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3078         [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3079                 [Define if getrrsetbyname() exists])],
3080         [
3081                 # Needed by our getrrsetbyname()
3082                 AC_SEARCH_LIBS(res_query, resolv)
3083                 AC_SEARCH_LIBS(dn_expand, resolv)
3084                 AC_MSG_CHECKING(if res_query will link)
3085                 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3086                    [AC_MSG_RESULT(no)
3087                     saved_LIBS="$LIBS"
3088                     LIBS="$LIBS -lresolv"
3089                     AC_MSG_CHECKING(for res_query in -lresolv)
3090                     AC_LINK_IFELSE([
3091 #include <resolv.h>
3092 int main()
3093 {
3094         res_query (0, 0, 0, 0, 0);
3095         return 0;
3096 }
3097                         ],
3098                         [LIBS="$LIBS -lresolv"
3099                          AC_MSG_RESULT(yes)],
3100                         [LIBS="$saved_LIBS"
3101                          AC_MSG_RESULT(no)])
3102                     ])
3103                 AC_CHECK_FUNCS(_getshort _getlong)
3104                 AC_CHECK_DECLS([_getshort, _getlong], , ,
3105                     [#include <sys/types.h>
3106                     #include <arpa/nameser.h>])
3107                 AC_CHECK_MEMBER(HEADER.ad,
3108                         [AC_DEFINE(HAVE_HEADER_AD, 1,
3109                             [Define if HEADER.ad exists in arpa/nameser.h])],,
3110                         [#include <arpa/nameser.h>])
3111         ])
3112
3113 # Check whether user wants SELinux support
3114 SELINUX_MSG="no"
3115 LIBSELINUX=""
3116 AC_ARG_WITH(selinux,
3117         [  --with-selinux   Enable SELinux support],
3118         [ if test "x$withval" != "xno" ; then
3119                 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3120                 SELINUX_MSG="yes"
3121                 AC_CHECK_HEADER([selinux/selinux.h], ,
3122                     AC_MSG_ERROR(SELinux support requires selinux.h header))
3123                 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3124                     AC_MSG_ERROR(SELinux support requires libselinux library))
3125                 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3126         fi ]
3127 )
3128 AC_SUBST(LIBSELINUX)
3129
3130 # Check whether user wants Kerberos 5 support
3131 KRB5_MSG="no"
3132 AC_ARG_WITH(kerberos5,
3133         [  --with-kerberos5=PATH   Enable Kerberos 5 support],
3134         [ if test "x$withval" != "xno" ; then
3135                 if test "x$withval" = "xyes" ; then
3136                         KRB5ROOT="/usr/local"
3137                 else
3138                         KRB5ROOT=${withval}
3139                 fi
3140
3141                 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3142                 KRB5_MSG="yes"
3143
3144                 AC_MSG_CHECKING(for krb5-config)
3145                 if test -x  $KRB5ROOT/bin/krb5-config ; then
3146                         KRB5CONF=$KRB5ROOT/bin/krb5-config
3147                         AC_MSG_RESULT($KRB5CONF)
3148
3149                         AC_MSG_CHECKING(for gssapi support)
3150                         if $KRB5CONF | grep gssapi >/dev/null ; then
3151                                 AC_MSG_RESULT(yes)
3152                                 AC_DEFINE(GSSAPI, 1,
3153                                         [Define this if you want GSSAPI
3154                                         support in the version 2 protocol])
3155                                 k5confopts=gssapi
3156                         else
3157                                 AC_MSG_RESULT(no)
3158                                 k5confopts=""
3159                         fi
3160                         K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3161                         K5LIBS="`$KRB5CONF --libs $k5confopts`"
3162                         CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3163                         AC_MSG_CHECKING(whether we are using Heimdal)
3164                         AC_TRY_COMPILE([ #include <krb5.h> ],
3165                                        [ char *tmp = heimdal_version; ],
3166                                        [ AC_MSG_RESULT(yes)
3167                                          AC_DEFINE(HEIMDAL, 1,
3168                                         [Define this if you are using the
3169                                         Heimdal version of Kerberos V5]) ],
3170                                          AC_MSG_RESULT(no)
3171                         )
3172                 else
3173                         AC_MSG_RESULT(no)
3174                         CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3175                         LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3176                         AC_MSG_CHECKING(whether we are using Heimdal)
3177                         AC_TRY_COMPILE([ #include <krb5.h> ],
3178                                        [ char *tmp = heimdal_version; ],
3179                                        [ AC_MSG_RESULT(yes)
3180                                          AC_DEFINE(HEIMDAL)
3181                                          K5LIBS="-lkrb5 -ldes"
3182                                          K5LIBS="$K5LIBS -lcom_err -lasn1"
3183                                          AC_CHECK_LIB(roken, net_write,
3184                                            [K5LIBS="$K5LIBS -lroken"])
3185                                        ],
3186                                        [ AC_MSG_RESULT(no)
3187                                          K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3188                                        ]
3189                         )
3190                         AC_SEARCH_LIBS(dn_expand, resolv)
3191
3192                         AC_CHECK_LIB(gssapi,gss_init_sec_context,
3193                                 [ AC_DEFINE(GSSAPI)
3194                                   K5LIBS="-lgssapi $K5LIBS" ],
3195                                 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3196                                         [ AC_DEFINE(GSSAPI)
3197                                           K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3198                                         AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3199                                         $K5LIBS)
3200                                 ],
3201                                 $K5LIBS)
3202
3203                         AC_CHECK_HEADER(gssapi.h, ,
3204                                 [ unset ac_cv_header_gssapi_h
3205                                   CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3206                                   AC_CHECK_HEADERS(gssapi.h, ,
3207                                         AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3208                                   )
3209                                 ]
3210                         )
3211
3212                         oldCPP="$CPPFLAGS"
3213                         CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3214                         AC_CHECK_HEADER(gssapi_krb5.h, ,
3215                                         [ CPPFLAGS="$oldCPP" ])
3216
3217                 fi
3218                 if test ! -z "$need_dash_r" ; then
3219                         LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3220                 fi
3221                 if test ! -z "$blibpath" ; then
3222                         blibpath="$blibpath:${KRB5ROOT}/lib"
3223                 fi
3224
3225                 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3226                 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3227                 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3228
3229                 LIBS="$LIBS $K5LIBS"
3230                 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3231                         [Define this if you want to use libkafs' AFS support]))
3232         fi
3233         ]
3234 )
3235
3236 # Looking for programs, paths and files
3237
3238 PRIVSEP_PATH=/var/empty
3239 AC_ARG_WITH(privsep-path,
3240         [  --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3241         [
3242                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3243                     test "x${withval}" != "xyes"; then
3244                         PRIVSEP_PATH=$withval
3245                 fi
3246         ]
3247 )
3248 AC_SUBST(PRIVSEP_PATH)
3249
3250 AC_ARG_WITH(xauth,
3251         [  --with-xauth=PATH       Specify path to xauth program ],
3252         [
3253                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3254                     test "x${withval}" != "xyes"; then
3255                         xauth_path=$withval
3256                 fi
3257         ],
3258         [
3259                 TestPath="$PATH"
3260                 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3261                 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3262                 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3263                 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3264                 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3265                 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3266                         xauth_path="/usr/openwin/bin/xauth"
3267                 fi
3268         ]
3269 )
3270
3271 STRIP_OPT=-s
3272 AC_ARG_ENABLE(strip,
3273         [  --disable-strip         Disable calling strip(1) on install],
3274         [
3275                 if test "x$enableval" = "xno" ; then
3276                         STRIP_OPT=
3277                 fi
3278         ]
3279 )
3280 AC_SUBST(STRIP_OPT)
3281
3282 if test -z "$xauth_path" ; then
3283         XAUTH_PATH="undefined"
3284         AC_SUBST(XAUTH_PATH)
3285 else
3286         AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3287                 [Define if xauth is found in your path])
3288         XAUTH_PATH=$xauth_path
3289         AC_SUBST(XAUTH_PATH)
3290 fi
3291
3292 # Check for mail directory (last resort if we cannot get it from headers)
3293 if test ! -z "$MAIL" ; then
3294         maildir=`dirname $MAIL`
3295         AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3296                 [Set this to your mail directory if you don't have maillock.h])
3297 fi
3298
3299 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3300         AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3301         disable_ptmx_check=yes
3302 fi
3303 if test -z "$no_dev_ptmx" ; then
3304         if test "x$disable_ptmx_check" != "xyes" ; then
3305                 AC_CHECK_FILE("/dev/ptmx",
3306                         [
3307                                 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3308                                         [Define if you have /dev/ptmx])
3309                                 have_dev_ptmx=1
3310                         ]
3311                 )
3312         fi
3313 fi
3314
3315 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3316         AC_CHECK_FILE("/dev/ptc",
3317                 [
3318                         AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3319                                 [Define if you have /dev/ptc])
3320                         have_dev_ptc=1
3321                 ]
3322         )
3323 else
3324         AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3325 fi
3326
3327 # Options from here on. Some of these are preset by platform above
3328 AC_ARG_WITH(mantype,
3329         [  --with-mantype=man|cat|doc  Set man page type],
3330         [
3331                 case "$withval" in
3332                 man|cat|doc)
3333                         MANTYPE=$withval
3334                         ;;
3335                 *)
3336                         AC_MSG_ERROR(invalid man type: $withval)
3337                         ;;
3338                 esac
3339         ]
3340 )
3341 if test -z "$MANTYPE"; then
3342         TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3343         AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3344         if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3345                 MANTYPE=doc
3346         elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3347                 MANTYPE=man
3348         else
3349                 MANTYPE=cat
3350         fi
3351 fi
3352 AC_SUBST(MANTYPE)
3353 if test "$MANTYPE" = "doc"; then
3354         mansubdir=man;
3355 else
3356         mansubdir=$MANTYPE;
3357 fi
3358 AC_SUBST(mansubdir)
3359
3360 # Check whether to enable MD5 passwords
3361 MD5_MSG="no"
3362 AC_ARG_WITH(md5-passwords,
3363         [  --with-md5-passwords    Enable use of MD5 passwords],
3364         [
3365                 if test "x$withval" != "xno" ; then
3366                         AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3367                                 [Define if you want to allow MD5 passwords])
3368                         MD5_MSG="yes"
3369                 fi
3370         ]
3371 )
3372
3373 # Whether to disable shadow password support
3374 AC_ARG_WITH(shadow,
3375         [  --without-shadow        Disable shadow password support],
3376         [
3377                 if test "x$withval" = "xno" ; then
3378                         AC_DEFINE(DISABLE_SHADOW)
3379                         disable_shadow=yes
3380                 fi
3381         ]
3382 )
3383
3384 if test -z "$disable_shadow" ; then
3385         AC_MSG_CHECKING([if the systems has expire shadow information])
3386         AC_TRY_COMPILE(
3387         [
3388 #include <sys/types.h>
3389 #include <shadow.h>
3390         struct spwd sp;
3391         ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3392         [ sp_expire_available=yes ], []
3393         )
3394
3395         if test "x$sp_expire_available" = "xyes" ; then
3396                 AC_MSG_RESULT(yes)
3397                 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3398                     [Define if you want to use shadow password expire field])
3399         else
3400                 AC_MSG_RESULT(no)
3401         fi
3402 fi
3403
3404 # Use ip address instead of hostname in $DISPLAY
3405 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3406         DISPLAY_HACK_MSG="yes"
3407         AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3408                 [Define if you need to use IP address
3409                 instead of hostname in $DISPLAY])
3410 else
3411         DISPLAY_HACK_MSG="no"
3412         AC_ARG_WITH(ipaddr-display,
3413                 [  --with-ipaddr-display   Use ip address instead of hostname in \$DISPLAY],
3414                 [
3415                         if test "x$withval" != "xno" ; then
3416                                 AC_DEFINE(IPADDR_IN_DISPLAY)
3417                                 DISPLAY_HACK_MSG="yes"
3418                         fi
3419                 ]
3420         )
3421 fi
3422
3423 # check for /etc/default/login and use it if present.
3424 AC_ARG_ENABLE(etc-default-login,
3425         [  --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3426         [ if test "x$enableval" = "xno"; then
3427                 AC_MSG_NOTICE([/etc/default/login handling disabled])
3428                 etc_default_login=no
3429           else
3430                 etc_default_login=yes
3431           fi ],
3432         [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3433           then
3434                 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3435                 etc_default_login=no
3436           else
3437                 etc_default_login=yes
3438           fi ]
3439 )
3440
3441 if test "x$etc_default_login" != "xno"; then
3442         AC_CHECK_FILE("/etc/default/login",
3443             [ external_path_file=/etc/default/login ])
3444         if test "x$external_path_file" = "x/etc/default/login"; then
3445                 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3446                         [Define if your system has /etc/default/login])
3447         fi
3448 fi
3449
3450 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3451 if test $ac_cv_func_login_getcapbool = "yes" && \
3452         test $ac_cv_header_login_cap_h = "yes" ; then
3453         external_path_file=/etc/login.conf
3454 fi
3455
3456 # Whether to mess with the default path
3457 SERVER_PATH_MSG="(default)"
3458 AC_ARG_WITH(default-path,
3459         [  --with-default-path=    Specify default \$PATH environment for server],
3460         [
3461                 if test "x$external_path_file" = "x/etc/login.conf" ; then
3462                         AC_MSG_WARN([
3463 --with-default-path=PATH has no effect on this system.
3464 Edit /etc/login.conf instead.])
3465                 elif test "x$withval" != "xno" ; then
3466                         if test ! -z "$external_path_file" ; then
3467                                 AC_MSG_WARN([
3468 --with-default-path=PATH will only be used if PATH is not defined in
3469 $external_path_file .])
3470                         fi
3471                         user_path="$withval"
3472                         SERVER_PATH_MSG="$withval"
3473                 fi
3474         ],
3475         [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3476                 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3477         else
3478                 if test ! -z "$external_path_file" ; then
3479                         AC_MSG_WARN([
3480 If PATH is defined in $external_path_file, ensure the path to scp is included,
3481 otherwise scp will not work.])
3482                 fi
3483                 AC_RUN_IFELSE(
3484                         [AC_LANG_SOURCE([[
3485 /* find out what STDPATH is */
3486 #include <stdio.h>
3487 #ifdef HAVE_PATHS_H
3488 # include <paths.h>
3489 #endif
3490 #ifndef _PATH_STDPATH
3491 # ifdef _PATH_USERPATH  /* Irix */
3492 #  define _PATH_STDPATH _PATH_USERPATH
3493 # else
3494 #  define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3495 # endif
3496 #endif
3497 #include <sys/types.h>
3498 #include <sys/stat.h>
3499 #include <fcntl.h>
3500 #define DATA "conftest.stdpath"
3501
3502 main()
3503 {
3504         FILE *fd;
3505         int rc;
3506
3507         fd = fopen(DATA,"w");
3508         if(fd == NULL)
3509                 exit(1);
3510
3511         if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3512                 exit(1);
3513
3514         exit(0);
3515 }
3516                 ]])],
3517                 [ user_path=`cat conftest.stdpath` ],
3518                 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3519                 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3520         )
3521 # make sure $bindir is in USER_PATH so scp will work
3522                 t_bindir=`eval echo ${bindir}`
3523                 case $t_bindir in
3524                         NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3525                 esac
3526                 case $t_bindir in
3527                         NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3528                 esac
3529                 echo $user_path | grep ":$t_bindir"  > /dev/null 2>&1
3530                 if test $? -ne 0  ; then
3531                         echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1
3532                         if test $? -ne 0  ; then
3533                                 user_path=$user_path:$t_bindir
3534                                 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3535                         fi
3536                 fi
3537         fi ]
3538 )
3539 if test "x$external_path_file" != "x/etc/login.conf" ; then
3540         AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3541         AC_SUBST(user_path)
3542 fi
3543
3544 # Set superuser path separately to user path
3545 AC_ARG_WITH(superuser-path,
3546         [  --with-superuser-path=  Specify different path for super-user],
3547         [
3548                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3549                     test "x${withval}" != "xyes"; then
3550                         AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3551                                 [Define if you want a different $PATH
3552                                 for the superuser])
3553                         superuser_path=$withval
3554                 fi
3555         ]
3556 )
3557
3558
3559 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3560 IPV4_IN6_HACK_MSG="no"
3561 AC_ARG_WITH(4in6,
3562         [  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
3563         [
3564                 if test "x$withval" != "xno" ; then
3565                         AC_MSG_RESULT(yes)
3566                         AC_DEFINE(IPV4_IN_IPV6, 1,
3567                                 [Detect IPv4 in IPv6 mapped addresses
3568                                 and treat as IPv4])
3569                         IPV4_IN6_HACK_MSG="yes"
3570                 else
3571                         AC_MSG_RESULT(no)
3572                 fi
3573         ],[
3574                 if test "x$inet6_default_4in6" = "xyes"; then
3575                         AC_MSG_RESULT([yes (default)])
3576                         AC_DEFINE(IPV4_IN_IPV6)
3577                         IPV4_IN6_HACK_MSG="yes"
3578                 else
3579                         AC_MSG_RESULT([no (default)])
3580                 fi
3581         ]
3582 )
3583
3584 # Whether to enable BSD auth support
3585 BSD_AUTH_MSG=no
3586 AC_ARG_WITH(bsd-auth,
3587         [  --with-bsd-auth         Enable BSD auth support],
3588         [
3589                 if test "x$withval" != "xno" ; then
3590                         AC_DEFINE(BSD_AUTH, 1,
3591                                 [Define if you have BSD auth support])
3592                         BSD_AUTH_MSG=yes
3593                 fi
3594         ]
3595 )
3596
3597 # Where to place sshd.pid
3598 piddir=/var/run
3599 # make sure the directory exists
3600 if test ! -d $piddir ; then
3601         piddir=`eval echo ${sysconfdir}`
3602         case $piddir in
3603                 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3604         esac
3605 fi
3606
3607 AC_ARG_WITH(pid-dir,
3608         [  --with-pid-dir=PATH     Specify location of ssh.pid file],
3609         [
3610                 if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3611                     test "x${withval}" != "xyes"; then
3612                         piddir=$withval
3613                         if test ! -d $piddir ; then
3614                         AC_MSG_WARN([** no $piddir directory on this system **])
3615                         fi
3616                 fi
3617         ]
3618 )
3619
3620 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3621 AC_SUBST(piddir)
3622
3623 dnl allow user to disable some login recording features
3624 AC_ARG_ENABLE(lastlog,
3625         [  --disable-lastlog       disable use of lastlog even if detected [no]],
3626         [
3627                 if test "x$enableval" = "xno" ; then
3628                         AC_DEFINE(DISABLE_LASTLOG)
3629                 fi
3630         ]
3631 )
3632 AC_ARG_ENABLE(utmp,
3633         [  --disable-utmp          disable use of utmp even if detected [no]],
3634         [
3635                 if test "x$enableval" = "xno" ; then
3636                         AC_DEFINE(DISABLE_UTMP)
3637                 fi
3638         ]
3639 )
3640 AC_ARG_ENABLE(utmpx,
3641         [  --disable-utmpx         disable use of utmpx even if detected [no]],
3642         [
3643                 if test "x$enableval" = "xno" ; then
3644                         AC_DEFINE(DISABLE_UTMPX, 1,
3645                                 [Define if you don't want to use utmpx])
3646                 fi
3647         ]
3648 )
3649 AC_ARG_ENABLE(wtmp,
3650         [  --disable-wtmp          disable use of wtmp even if detected [no]],
3651         [
3652                 if test "x$enableval" = "xno" ; then
3653                         AC_DEFINE(DISABLE_WTMP)
3654                 fi
3655         ]
3656 )
3657 AC_ARG_ENABLE(wtmpx,
3658         [  --disable-wtmpx         disable use of wtmpx even if detected [no]],
3659         [
3660                 if test "x$enableval" = "xno" ; then
3661                         AC_DEFINE(DISABLE_WTMPX, 1,
3662                                 [Define if you don't want to use wtmpx])
3663                 fi
3664         ]
3665 )
3666 AC_ARG_ENABLE(libutil,
3667         [  --disable-libutil       disable use of libutil (login() etc.) [no]],
3668         [
3669                 if test "x$enableval" = "xno" ; then
3670                         AC_DEFINE(DISABLE_LOGIN)
3671                 fi
3672         ]
3673 )
3674 AC_ARG_ENABLE(pututline,
3675         [  --disable-pututline     disable use of pututline() etc. ([uw]tmp) [no]],
3676         [
3677                 if test "x$enableval" = "xno" ; then
3678                         AC_DEFINE(DISABLE_PUTUTLINE, 1,
3679                                 [Define if you don't want to use pututline()
3680                                 etc. to write [uw]tmp])
3681                 fi
3682         ]
3683 )
3684 AC_ARG_ENABLE(pututxline,
3685         [  --disable-pututxline    disable use of pututxline() etc. ([uw]tmpx) [no]],
3686         [
3687                 if test "x$enableval" = "xno" ; then
3688                         AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3689                                 [Define if you don't want to use pututxline()
3690                                 etc. to write [uw]tmpx])
3691                 fi
3692         ]
3693 )
3694 AC_ARG_WITH(lastlog,
3695   [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3696         [
3697                 if test "x$withval" = "xno" ; then
3698                         AC_DEFINE(DISABLE_LASTLOG)
3699                 elif test -n "$withval"  &&  test "x${withval}" != "xyes"; then
3700                         conf_lastlog_location=$withval
3701                 fi
3702         ]
3703 )
3704
3705 dnl lastlog, [uw]tmpx? detection
3706 dnl  NOTE: set the paths in the platform section to avoid the
3707 dnl   need for command-line parameters
3708 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3709
3710 dnl lastlog detection
3711 dnl  NOTE: the code itself will detect if lastlog is a directory
3712 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3713 AC_TRY_COMPILE([
3714 #include <sys/types.h>
3715 #include <utmp.h>
3716 #ifdef HAVE_LASTLOG_H
3717 #  include <lastlog.h>
3718 #endif
3719 #ifdef HAVE_PATHS_H
3720 #  include <paths.h>
3721 #endif
3722 #ifdef HAVE_LOGIN_H
3723 # include <login.h>
3724 #endif
3725         ],
3726         [ char *lastlog = LASTLOG_FILE; ],
3727         [ AC_MSG_RESULT(yes) ],
3728         [
3729                 AC_MSG_RESULT(no)
3730                 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3731                 AC_TRY_COMPILE([
3732 #include <sys/types.h>
3733 #include <utmp.h>
3734 #ifdef HAVE_LASTLOG_H
3735 #  include <lastlog.h>
3736 #endif
3737 #ifdef HAVE_PATHS_H
3738 #  include <paths.h>
3739 #endif
3740                 ],
3741                 [ char *lastlog = _PATH_LASTLOG; ],
3742                 [ AC_MSG_RESULT(yes) ],
3743                 [
3744                         AC_MSG_RESULT(no)
3745                         system_lastlog_path=no
3746                 ])
3747         ]
3748 )
3749
3750 if test -z "$conf_lastlog_location"; then
3751         if test x"$system_lastlog_path" = x"no" ; then
3752                 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3753                                 if (test -d "$f" || test -f "$f") ; then
3754                                         conf_lastlog_location=$f
3755                                 fi
3756                 done
3757                 if test -z "$conf_lastlog_location"; then
3758                         AC_MSG_WARN([** Cannot find lastlog **])
3759                         dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3760                 fi
3761         fi
3762 fi
3763
3764 if test -n "$conf_lastlog_location"; then
3765         AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3766                 [Define if you want to specify the path to your lastlog file])
3767 fi
3768
3769 dnl utmp detection
3770 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3771 AC_TRY_COMPILE([
3772 #include <sys/types.h>
3773 #include <utmp.h>
3774 #ifdef HAVE_PATHS_H
3775 #  include <paths.h>
3776 #endif
3777         ],
3778         [ char *utmp = UTMP_FILE; ],
3779         [ AC_MSG_RESULT(yes) ],
3780         [ AC_MSG_RESULT(no)
3781           system_utmp_path=no ]
3782 )
3783 if test -z "$conf_utmp_location"; then
3784         if test x"$system_utmp_path" = x"no" ; then
3785                 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3786                         if test -f $f ; then
3787                                 conf_utmp_location=$f
3788                         fi
3789                 done
3790                 if test -z "$conf_utmp_location"; then
3791                         AC_DEFINE(DISABLE_UTMP)
3792                 fi
3793         fi
3794 fi
3795 if test -n "$conf_utmp_location"; then
3796         AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3797                 [Define if you want to specify the path to your utmp file])
3798 fi
3799
3800 dnl wtmp detection
3801 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3802 AC_TRY_COMPILE([
3803 #include <sys/types.h>
3804 #include <utmp.h>
3805 #ifdef HAVE_PATHS_H
3806 #  include <paths.h>
3807 #endif
3808         ],
3809         [ char *wtmp = WTMP_FILE; ],
3810         [ AC_MSG_RESULT(yes) ],
3811         [ AC_MSG_RESULT(no)
3812           system_wtmp_path=no ]
3813 )
3814 if test -z "$conf_wtmp_location"; then
3815         if test x"$system_wtmp_path" = x"no" ; then
3816                 for f in /usr/adm/wtmp /var/log/wtmp; do
3817                         if test -f $f ; then
3818                                 conf_wtmp_location=$f
3819                         fi
3820                 done
3821                 if test -z "$conf_wtmp_location"; then
3822                         AC_DEFINE(DISABLE_WTMP)
3823                 fi
3824         fi
3825 fi
3826 if test -n "$conf_wtmp_location"; then
3827         AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3828                 [Define if you want to specify the path to your wtmp file])
3829 fi
3830
3831
3832 dnl utmpx detection - I don't know any system so perverse as to require
3833 dnl  utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3834 dnl  there, though.
3835 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3836 AC_TRY_COMPILE([
3837 #include <sys/types.h>
3838 #include <utmp.h>
3839 #ifdef HAVE_UTMPX_H
3840 #include <utmpx.h>
3841 #endif
3842 #ifdef HAVE_PATHS_H
3843 #  include <paths.h>
3844 #endif
3845         ],
3846         [ char *utmpx = UTMPX_FILE; ],
3847         [ AC_MSG_RESULT(yes) ],
3848         [ AC_MSG_RESULT(no)
3849           system_utmpx_path=no ]
3850 )
3851 if test -z "$conf_utmpx_location"; then
3852         if test x"$system_utmpx_path" = x"no" ; then
3853                 AC_DEFINE(DISABLE_UTMPX)
3854         fi
3855 else
3856         AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3857                 [Define if you want to specify the path to your utmpx file])
3858 fi
3859
3860 dnl wtmpx detection
3861 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3862 AC_TRY_COMPILE([
3863 #include <sys/types.h>
3864 #include <utmp.h>
3865 #ifdef HAVE_UTMPX_H
3866 #include <utmpx.h>
3867 #endif
3868 #ifdef HAVE_PATHS_H
3869 #  include <paths.h>
3870 #endif
3871         ],
3872         [ char *wtmpx = WTMPX_FILE; ],
3873         [ AC_MSG_RESULT(yes) ],
3874         [ AC_MSG_RESULT(no)
3875           system_wtmpx_path=no ]
3876 )
3877 if test -z "$conf_wtmpx_location"; then
3878         if test x"$system_wtmpx_path" = x"no" ; then
3879                 AC_DEFINE(DISABLE_WTMPX)
3880         fi
3881 else
3882         AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3883                 [Define if you want to specify the path to your wtmpx file])
3884 fi
3885
3886
3887 if test ! -z "$blibpath" ; then
3888         LDFLAGS="$LDFLAGS $blibflags$blibpath"
3889         AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3890 fi
3891
3892 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3893 dnl Add now.
3894 CFLAGS="$CFLAGS $werror_flags"
3895
3896 AC_EXEEXT
3897 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3898         openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
3899 AC_OUTPUT
3900
3901 # Print summary of options
3902
3903 # Someone please show me a better way :)
3904 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3905 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3906 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3907 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3908 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3909 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3910 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3911 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3912 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3913 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3914
3915 echo ""
3916 echo "OpenSSH has been configured with the following options:"
3917 echo "                     User binaries: $B"
3918 echo "                   System binaries: $C"
3919 echo "               Configuration files: $D"
3920 echo "                   Askpass program: $E"
3921 echo "                      Manual pages: $F"
3922 echo "                          PID file: $G"
3923 echo "  Privilege separation chroot path: $H"
3924 if test "x$external_path_file" = "x/etc/login.conf" ; then
3925 echo "   At runtime, sshd will use the path defined in $external_path_file"
3926 echo "   Make sure the path to scp is present, otherwise scp will not work"
3927 else
3928 echo "            sshd default user PATH: $I"
3929         if test ! -z "$external_path_file"; then
3930 echo "   (If PATH is set in $external_path_file it will be used instead. If"
3931 echo "   used, ensure the path to scp is present, otherwise scp will not work.)"
3932         fi
3933 fi
3934 if test ! -z "$superuser_path" ; then
3935 echo "          sshd superuser user PATH: $J"
3936 fi
3937 echo "                    Manpage format: $MANTYPE"
3938 echo "                       PAM support: $PAM_MSG"
3939 echo "                   OSF SIA support: $SIA_MSG"
3940 echo "                 KerberosV support: $KRB5_MSG"
3941 echo "                   SELinux support: $SELINUX_MSG"
3942 echo "                 Smartcard support: $SCARD_MSG"
3943 echo "                     S/KEY support: $SKEY_MSG"
3944 echo "              TCP Wrappers support: $TCPW_MSG"
3945 echo "              MD5 password support: $MD5_MSG"
3946 echo "                   libedit support: $LIBEDIT_MSG"
3947 echo "  Solaris process contract support: $SPC_MSG"
3948 echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3949 echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3950 echo "                  BSD Auth support: $BSD_AUTH_MSG"
3951 echo "              Random number source: $RAND_MSG"
3952 if test ! -z "$USE_RAND_HELPER" ; then
3953 echo "     ssh-rand-helper collects from: $RAND_HELPER_MSG"
3954 fi
3955
3956 echo ""
3957
3958 echo "              Host: ${host}"
3959 echo "          Compiler: ${CC}"
3960 echo "    Compiler flags: ${CFLAGS}"
3961 echo "Preprocessor flags: ${CPPFLAGS}"
3962 echo "      Linker flags: ${LDFLAGS}"
3963 echo "         Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3964
3965 echo ""
3966
3967 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3968         echo "SVR4 style packages are supported with \"make package\""
3969         echo ""
3970 fi
3971
3972 if test "x$PAM_MSG" = "xyes" ; then
3973         echo "PAM is enabled. You may need to install a PAM control file "
3974         echo "for sshd, otherwise password authentication may fail. "
3975         echo "Example PAM control files can be found in the contrib/ "
3976         echo "subdirectory"
3977         echo ""
3978 fi
3979
3980 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3981         echo "WARNING: you are using the builtin random number collection "
3982         echo "service. Please read WARNING.RNG and request that your OS "
3983         echo "vendor includes kernel-based random number collection in "
3984         echo "future versions of your OS."
3985         echo ""
3986 fi
3987
3988 if test ! -z "$NO_PEERCHECK" ; then
3989         echo "WARNING: the operating system that you are using does not "
3990         echo "appear to support either the getpeereid() API nor the "
3991         echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3992         echo "enforce security checks to prevent unauthorised connections to "
3993         echo "ssh-agent. Their absence increases the risk that a malicious "
3994         echo "user can connect to your agent. "
3995         echo ""
3996 fi
3997
3998 if test "$AUDIT_MODULE" = "bsm" ; then
3999         echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4000         echo "See the Solaris section in README.platform for details."
4001 fi
This page took 0.384036 seconds and 5 git commands to generate.