# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-AC_INIT(OpenSSH, Portable)
+AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
+AC_REVISION($Revision$)
AC_CONFIG_SRCDIR([ssh.c])
AC_CONFIG_HEADER(config.h)
AC_PROG_CPP
AC_PROG_RANLIB
AC_PROG_INSTALL
+AC_PROG_EGREP
AC_PATH_PROG(AR, ar)
AC_PATH_PROG(CAT, cat)
AC_PATH_PROG(KILL, kill)
AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
[/usr/sbin${PATH_SEPARATOR}/etc])
AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
+if test -x /sbin/sh; then
+ AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
+else
+ AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
+fi
# System features
AC_SYS_LARGEFILE
# Use LOGIN_PROGRAM from environment if possible
if test ! -z "$LOGIN_PROGRAM" ; then
- AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
+ AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
+ [If your header files don't define LOGIN_PROGRAM,
+ then use this (detected) from environment and PATH])
else
# Search for login
AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
if test ! -z "$PATH_PASSWD_PROG" ; then
- AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG")
+ AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
+ [Full path of your "passwd" program])
fi
if test -z "$LD" ; then
AC_SUBST(LD)
AC_C_INLINE
+
+AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
+
if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
- CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
+ CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
+ GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
+ case $GCC_VER in
+ 1.*) ;;
+ 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
+ 2.*) ;;
+ 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
+ 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
+ *) ;;
+ esac
- # Check for -std=gnu99 support (needed for LLONG_MIN/MAX on Linux)
- saved_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -std=gnu99"
- AC_MSG_CHECKING(whether cc accepts -std=gnu99 option)
- AC_TRY_COMPILE([], [return(0);], [AC_MSG_RESULT(yes)],
- [AC_MSG_RESULT(no)
- CFLAGS="$saved_CFLAGS"],
- )
+ if test -z "$have_llong_max"; then
+ # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
+ unset ac_cv_have_decl_LLONG_MAX
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -std=gnu99"
+ AC_CHECK_DECL(LLONG_MAX,
+ [have_llong_max=1],
+ [CFLAGS="$saved_CFLAGS"],
+ [#include <limits.h>]
+ )
+ fi
fi
AC_ARG_WITH(rpath,
fi
LDFLAGS="$saved_LDFLAGS"
dnl Check for authenticate. Might be in libs.a on older AIXes
- AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
+ AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
+ [Define if you want to enable AIX4's authenticate function])],
[AC_CHECK_LIB(s,authenticate,
[ AC_DEFINE(WITH_AIXAUTHENTICATE)
LIBS="$LIBS -ls"
[#include <usersec.h>],
[(void)loginfailed("user","host","tty",0);],
[AC_MSG_RESULT(yes)
- AC_DEFINE(AIX_LOGINFAILED_4ARG)],
+ AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
+ [Define if your AIX loginfailed() function
+ takes 4 arguments (AIX >= 5.2)])],
[AC_MSG_RESULT(no)]
)],
[],
)
AC_CHECK_FUNCS(setauthdb)
check_for_aix_broken_getaddrinfo=1
- AC_DEFINE(BROKEN_REALPATH)
- AC_DEFINE(SETEUID_BREAKS_SETUID)
- AC_DEFINE(BROKEN_SETREUID)
- AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
+ AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
+ [Define if your platform breaks doing a seteuid before a setuid])
+ AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
+ AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
dnl AIX handles lastlog as part of its login message
- AC_DEFINE(DISABLE_LASTLOG)
- AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
+ AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
+ AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
+ [Some systems need a utmpx entry for /bin/login to work])
+ AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
+ [Define to a Set Process Title type if your system is
+ supported by bsd-setproctitle.c])
+ AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
+ [AIX 5.2 and 5.3 (and presumably newer) require this])
+ AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
;;
*-*-cygwin*)
check_for_libcrypt_later=1
LIBS="$LIBS /usr/lib/textmode.o"
- AC_DEFINE(HAVE_CYGWIN)
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(DISABLE_SHADOW)
- AC_DEFINE(IP_TOS_IS_BROKEN)
- AC_DEFINE(NO_X11_UNIX_SOCKETS)
- AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
- AC_DEFINE(DISABLE_FD_PASSING)
+ AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
+ AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
+ AC_DEFINE(DISABLE_SHADOW, 1,
+ [Define if you want to disable shadow passwords])
+ AC_DEFINE(IP_TOS_IS_BROKEN, 1,
+ [Define if your system choked on IP TOS setting])
+ AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
+ [Define if X11 doesn't support AF_UNIX sockets on that system])
+ AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
+ [Define if the concept of ports only accessible to
+ superusers isn't known])
+ AC_DEFINE(DISABLE_FD_PASSING, 1,
+ [Define if your platform needs to skip post auth
+ file descriptor passing])
;;
*-*-dgux*)
AC_DEFINE(IP_TOS_IS_BROKEN)
exit(1);
}], [AC_MSG_RESULT(working)],
[AC_MSG_RESULT(buggy)
- AC_DEFINE(BROKEN_GETADDRINFO)],
+ AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
[AC_MSG_RESULT(assume it is working)])
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
+ AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
+ [Define if your resolver libs need this for getrrsetbyname])
+ AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
+ AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
+ [Use tunnel device compatibility to OpenBSD])
+ AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
+ [Prepend the address family to IP tunnel traffic])
;;
-*-*-hpux10.26)
- if test -z "$GCC"; then
- CFLAGS="$CFLAGS -Ae"
- fi
+*-*-hpux*)
+ # first we define all of the options common to all HP-UX releases
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
IPADDR_IN_DISPLAY=yes
- AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(USE_PIPES)
- AC_DEFINE(LOGIN_NO_ENDOPT)
+ AC_DEFINE(LOGIN_NO_ENDOPT, 1,
+ [Define if your login program cannot handle end of options ("--")])
AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(LOCKED_PASSWD_STRING, "*")
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*",
+ [String used in /etc/passwd to denote locked account])
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
- LIBS="$LIBS -lsec -lsecpw"
- AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
- disable_ptmx_check=yes
- ;;
-*-*-hpux10*)
- if test -z "$GCC"; then
- CFLAGS="$CFLAGS -Ae"
- fi
- CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
- IPADDR_IN_DISPLAY=yes
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(LOGIN_NO_ENDOPT)
- AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(LOCKED_PASSWD_STRING, "*")
- AC_DEFINE(SPT_TYPE,SPT_PSTAT)
- LIBS="$LIBS -lsec"
- AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
- ;;
-*-*-hpux11*)
- CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
- IPADDR_IN_DISPLAY=yes
- AC_DEFINE(PAM_SUN_CODEBASE)
- AC_DEFINE(USE_PIPES)
- AC_DEFINE(LOGIN_NO_ENDOPT)
- AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(DISABLE_UTMP)
- AC_DEFINE(LOCKED_PASSWD_STRING, "*")
- AC_DEFINE(SPT_TYPE,SPT_PSTAT)
- AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
- check_for_hpux_broken_getaddrinfo=1
- check_for_conflicting_getspnam=1
+ MAIL="/var/mail/username"
LIBS="$LIBS -lsec"
- AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
+ AC_CHECK_LIB(xnet, t_error, ,
+ AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
+
+ # next, we define all of the options specific to major releases
+ case "$host" in
+ *-*-hpux10*)
+ if test -z "$GCC"; then
+ CFLAGS="$CFLAGS -Ae"
+ fi
+ ;;
+ *-*-hpux11*)
+ AC_DEFINE(PAM_SUN_CODEBASE, 1,
+ [Define if you are using Solaris-derived PAM which
+ passes pam_messages to the conversation function
+ with an extra level of indirection])
+ AC_DEFINE(DISABLE_UTMP, 1,
+ [Define if you don't want to use utmp])
+ AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
+ check_for_hpux_broken_getaddrinfo=1
+ check_for_conflicting_getspnam=1
+ ;;
+ esac
+
+ # lastly, we define options specific to minor releases
+ case "$host" in
+ *-*-hpux10.26)
+ AC_DEFINE(HAVE_SECUREWARE, 1,
+ [Define if you have SecureWare-based
+ protected password database])
+ disable_ptmx_check=yes
+ LIBS="$LIBS -lsecpw"
+ ;;
+ esac
;;
*-*-irix5*)
PATH="$PATH:/usr/etc"
- AC_DEFINE(BROKEN_INET_NTOA)
+ AC_DEFINE(BROKEN_INET_NTOA, 1,
+ [Define if you system's inet_ntoa is busted
+ (e.g. Irix gcc issue)])
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE(WITH_ABBREV_NO_TTY)
+ AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
+ [Define if you shouldn't strip 'tty' from your
+ ttyname in [uw]tmp])
AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
*-*-irix6*)
PATH="$PATH:/usr/etc"
- AC_DEFINE(WITH_IRIX_ARRAY)
- AC_DEFINE(WITH_IRIX_PROJECT)
- AC_DEFINE(WITH_IRIX_AUDIT)
- AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
+ AC_DEFINE(WITH_IRIX_ARRAY, 1,
+ [Define if you have/want arrays
+ (cluster-wide session managment, not C arrays)])
+ AC_DEFINE(WITH_IRIX_PROJECT, 1,
+ [Define if you want IRIX project management])
+ AC_DEFINE(WITH_IRIX_AUDIT, 1,
+ [Define if you want IRIX audit trails])
+ AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
+ [Define if you want IRIX kernel jobs])])
AC_DEFINE(BROKEN_INET_NTOA)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE(BROKEN_UPDWTMPX)
+ AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
no_dev_ptmx=1
check_for_libcrypt_later=1
check_for_openpty_ctty_bug=1
- AC_DEFINE(DONT_TRY_OTHER_AF)
- AC_DEFINE(PAM_TTY_KLUDGE)
- AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
+ AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
+ AC_DEFINE(PAM_TTY_KLUDGE, 1,
+ [Work around problematic Linux PAM modules handling of PAM_TTY])
+ AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
+ [String used in /etc/passwd to denote locked account])
AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
- AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM)
+ AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
+ [Define to whatever link() returns for "not supported"
+ if it doesn't return EOPNOTSUPP.])
AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
- AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
+ AC_DEFINE(USE_BTMP)
inet6_default_4in6=yes
case `uname -r` in
1.*|2.0.*)
- AC_DEFINE(BROKEN_CMSG_TYPE)
+ AC_DEFINE(BROKEN_CMSG_TYPE, 1,
+ [Define if cmsg_type is not passed correctly])
;;
esac
+ # tun(4) forwarding compat code
+ AC_CHECK_HEADERS(linux/if_tun.h)
+ if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
+ AC_DEFINE(SSH_TUN_LINUX, 1,
+ [Open tunnel devices the Linux tun/tap way])
+ AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
+ [Use tunnel device compatibility to OpenBSD])
+ AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
+ [Prepend the address family to IP tunnel traffic])
+ fi
;;
mips-sony-bsd|mips-sony-newsos4)
- AC_DEFINE(HAVE_NEWS4)
+ AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
SONY=1
;;
*-*-netbsd*)
if test "x$withval" != "xno" ; then
need_dash_r=1
fi
+ AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
+ AC_CHECK_HEADER([net/if_tap.h], ,
+ AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
+ AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
+ [Prepend the address family to IP tunnel traffic])
;;
*-*-freebsd*)
check_for_libcrypt_later=1
+ AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
+ AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
+ AC_CHECK_HEADER([net/if_tap.h], ,
+ AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
;;
*-*-bsdi*)
AC_DEFINE(SETEUID_BREAKS_SETUID)
conf_utmp_location=/etc/utmp
conf_wtmp_location=/usr/adm/wtmp
MAIL=/usr/spool/mail
- AC_DEFINE(HAVE_NEXT)
+ AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
AC_DEFINE(BROKEN_REALPATH)
AC_DEFINE(USE_PIPES)
- AC_DEFINE(BROKEN_SAVED_UIDS)
+ AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
+ ;;
+*-*-openbsd*)
+ AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
+ AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
+ AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
;;
*-*-solaris*)
if test "x$withval" != "xno" ; then
fi
AC_DEFINE(PAM_SUN_CODEBASE)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
- AC_DEFINE(LOGIN_NEEDS_TERM)
+ AC_DEFINE(LOGIN_NEEDS_TERM, 1,
+ [Some versions of /bin/login need the TERM supplied
+ on the commandline])
AC_DEFINE(PAM_TTY_KLUDGE)
- AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID)
+ AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
+ [Define if pam_chauthtok wants real uid set
+ to the unpriv'ed user])
AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
- AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
+ [Define if sshd somehow reacquires a controlling TTY
+ after setsid()])
external_path_file=/etc/default/login
# hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog"
if test "$sol2ver" -ge 8; then
AC_MSG_RESULT(yes)
AC_DEFINE(DISABLE_UTMP)
- AC_DEFINE(DISABLE_WTMP)
+ AC_DEFINE(DISABLE_WTMP, 1,
+ [Define if you don't want to use wtmp])
else
AC_MSG_RESULT(no)
fi
*-sni-sysv*)
# /usr/ucblib MUST NOT be searched on ReliantUNIX
AC_CHECK_LIB(dl, dlsym, ,)
- # -lresolv needs to be at then end of LIBS or DNS lookups break
- AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ])
+ # -lresolv needs to be at the end of LIBS or DNS lookups break
+ AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
IPADDR_IN_DISPLAY=yes
AC_DEFINE(USE_PIPES)
AC_DEFINE(IP_TOS_IS_BROKEN)
;;
# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
*-*-sysv4.2*)
+ CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
AC_DEFINE(USE_PIPES)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
# UnixWare 7.x, OpenUNIX 8
*-*-sysv5*)
+ check_for_libcrypt_later=1
+ AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
AC_DEFINE(USE_PIPES)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
- AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
+ AC_DEFINE(PASSWD_NEEDS_USERNAME)
+ case "$host" in
+ *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
+ TEST_SHELL=/u95/bin/sh
+ AC_DEFINE(BROKEN_LIBIAF, 1,
+ [ia_uinfo routines not supported by OS yet])
+ ;;
+ *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
+ ;;
+ esac
;;
*-*-sysv*)
;;
AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_DEFINE(BROKEN_UPDWTMPX)
- AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
+ AC_DEFINE(PASSWD_NEEDS_USERNAME)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
TEST_SHELL=ksh
;;
*-*-unicosmk*)
- AC_DEFINE(NO_SSH_LASTLOG)
+ AC_DEFINE(NO_SSH_LASTLOG, 1,
+ [Define if you don't want to use lastlog in session.c])
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
if test -z "$no_osfsia" ; then
if test -f /etc/sia/matrix.conf; then
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_OSF_SIA)
- AC_DEFINE(DISABLE_LOGIN)
+ AC_DEFINE(HAVE_OSF_SIA, 1,
+ [Define if you have Digital Unix Security
+ Integration Architecture])
+ AC_DEFINE(DISABLE_LOGIN, 1,
+ [Define if you don't want to use your
+ system's login() call])
AC_DEFINE(DISABLE_FD_PASSING)
LIBS="$LIBS -lsecurity -ldb -lm -laud"
else
AC_MSG_RESULT(no)
- AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
+ AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
+ [String used in /etc/passwd to denote locked account])
fi
fi
AC_DEFINE(BROKEN_GETADDRINFO)
AC_DEFINE(BROKEN_SETREGID)
;;
-*-*-nto-qnx)
+*-*-nto-qnx*)
AC_DEFINE(USE_PIPES)
AC_DEFINE(NO_X11_UNIX_SOCKETS)
- AC_DEFINE(MISSING_NFDBITS)
- AC_DEFINE(MISSING_HOWMANY)
- AC_DEFINE(MISSING_FD_MASK)
+ AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
+ AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
+ AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
+ AC_DEFINE(DISABLE_LASTLOG)
+ AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ enable_etc_default_login=no # has incompatible /etc/default/login
+ ;;
+
+*-*-ultrix*)
+ AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
+ AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
+ AC_DEFINE(NEED_SETPGRP)
+ AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
;;
+
+*-*-lynxos)
+ CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
+ AC_DEFINE(MISSING_HOWMANY)
+ AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
+ ;;
esac
# Allow user to specify flags
fi
]
)
+AC_ARG_WITH(Werror,
+ [ --with-Werror Build main code with -Werror],
+ [
+ if test -n "$withval" && test "x$withval" != "xno"; then
+ werror_flags="-Werror"
+ if test "x${withval}" != "xyes"; then
+ werror_flags="$withval"
+ fi
+ fi
+ ]
+)
AC_MSG_CHECKING(compiler and flags for sanity)
AC_RUN_IFELSE(
[ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
)
-# Checks for header files.
-AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \
- floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \
- login_cap.h maillock.h ndir.h netdb.h netgroup.h \
- netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \
- rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
- strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \
- sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \
- sys/pstat.h sys/select.h sys/stat.h sys/stream.h \
- sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \
- time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
+dnl Checks for header files.
+AC_CHECK_HEADERS( \
+ bstring.h \
+ crypt.h \
+ crypto/sha2.h \
+ dirent.h \
+ endian.h \
+ features.h \
+ floatingpoint.h \
+ getopt.h \
+ glob.h \
+ ia.h \
+ iaf.h \
+ limits.h \
+ login.h \
+ maillock.h \
+ ndir.h \
+ net/if_tun.h \
+ netdb.h \
+ netgroup.h \
+ pam/pam_appl.h \
+ paths.h \
+ pty.h \
+ readpassphrase.h \
+ rpc/types.h \
+ security/pam_appl.h \
+ sha2.h \
+ shadow.h \
+ stddef.h \
+ stdint.h \
+ string.h \
+ strings.h \
+ sys/audit.h \
+ sys/bitypes.h \
+ sys/bsdtty.h \
+ sys/cdefs.h \
+ sys/dir.h \
+ sys/mman.h \
+ sys/ndir.h \
+ sys/prctl.h \
+ sys/pstat.h \
+ sys/select.h \
+ sys/stat.h \
+ sys/stream.h \
+ sys/stropts.h \
+ sys/strtio.h \
+ sys/sysmacros.h \
+ sys/time.h \
+ sys/timers.h \
+ sys/un.h \
+ time.h \
+ tmpdir.h \
+ ttyent.h \
+ unistd.h \
+ usersec.h \
+ util.h \
+ utime.h \
+ utmp.h \
+ utmpx.h \
+ vis.h \
+)
+
+# lastlog.h requires sys/time.h to be included first on Solaris
+AC_CHECK_HEADERS(lastlog.h, [], [], [
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+])
# sys/ptms.h requires sys/stream.h to be included first on Solaris
AC_CHECK_HEADERS(sys/ptms.h, [], [], [
#endif
])
+# login_cap.h requires sys/types.h on NetBSD
+AC_CHECK_HEADERS(login_cap.h, [], [], [
+#include <sys/types.h>
+])
+
# Checks for libraries.
AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
ac_cv_have_broken_dirname, [
save_LIBS="$LIBS"
LIBS="$LIBS -lgen"
- AC_TRY_RUN(
- [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <libgen.h>
#include <string.h>
exit(0);
}
}
- ],
+ ]])],
+ [ ac_cv_have_broken_dirname="no" ],
+ [ ac_cv_have_broken_dirname="yes" ],
[ ac_cv_have_broken_dirname="no" ],
- [ ac_cv_have_broken_dirname="yes" ]
)
LIBS="$save_LIBS"
])
AC_CHECK_FUNC(getspnam, ,
AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
-AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
+AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
+ [Define if you have the basename function.]))
dnl zlib is required
AC_ARG_WITH(zlib,
if (a == 1 && b == 1 && c >= 4)
exit(0);
- /* 1.2.1.2 and up are OK */
- if (v >= 1020102)
+ /* 1.2.3 and up are OK */
+ if (v >= 1020300)
exit(0);
exit(2);
vendor has fixed these problems without changing the version number. If you
are sure this is the case, you can disable the check by running
"./configure --without-zlib-version-check".
-If you are in doubt, upgrade zlib to version 1.2.1.2 or greater.
+If you are in doubt, upgrade zlib to version 1.2.3 or greater.
See http://www.gzip.org/zlib/ for details.])
else
AC_MSG_WARN([zlib version may have security problems])
AC_CHECK_FUNC(strcasecmp,
[], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
)
-AC_CHECK_FUNC(utimes,
+AC_CHECK_FUNCS(utimes,
[], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
LIBS="$LIBS -lc89"]) ]
)
dnl Checks for libutil functions
AC_CHECK_HEADERS(libutil.h)
-AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
+AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
+ [Define if your libraries define login()])])
AC_CHECK_FUNCS(logout updwtmp logwtmp)
AC_FUNC_STRFTIME
#endif
],
[
- AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
+ AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
+ [Define if your system glob() function has
+ the GLOB_ALTDIRFUNC extension])
AC_MSG_RESULT(yes)
],
[
# Check for g.gl_matchc glob() extension
AC_MSG_CHECKING(for gl_matchc field in glob_t)
-AC_EGREP_CPP(FOUNDIT,
+AC_TRY_COMPILE(
+ [ #include <glob.h> ],
+ [glob_t g; g.gl_matchc = 1;],
[
- #include <glob.h>
- int main(void){glob_t g; g.gl_matchc = 1;}
- ],
- [
- AC_DEFINE(GLOB_HAS_GL_MATCHC)
+ AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
+ [Define if your system glob() function has
+ gl_matchc options in glob_t])
AC_MSG_RESULT(yes)
],
[
[AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
- AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
+ AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
+ [Define if your struct dirent expects you to
+ allocate extra space for d_name])
],
[
AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
AC_MSG_CHECKING([for /proc/pid/fd directory])
if test -d "/proc/$$/fd" ; then
- AC_DEFINE(HAVE_PROC_PID)
+ AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
LDFLAGS="$LDFLAGS -L${withval}/lib"
fi
- AC_DEFINE(SKEY)
+ AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
LIBS="-lskey $LIBS"
SKEY_MSG="yes"
AC_MSG_CHECKING([for s/key support])
- AC_TRY_RUN(
- [
+ AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdio.h>
#include <skey.h>
int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
- ],
+ ]])],
[AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
#include <skey.h>],
[(void)skeychallenge(NULL,"name","",0);],
[AC_MSG_RESULT(yes)
- AC_DEFINE(SKEYCHALLENGE_4ARG)],
+ AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
+ [Define if your skeychallenge()
+ function takes 4 arguments (NetBSD)])],
[AC_MSG_RESULT(no)]
)
fi
[hosts_access(0);],
[
AC_MSG_RESULT(yes)
- AC_DEFINE(LIBWRAP)
+ AC_DEFINE(LIBWRAP, 1,
+ [Define if you want
+ TCP Wrappers support])
AC_SUBST(LIBWRAP)
TCPW_MSG="yes"
],
[ --with-libedit[[=PATH]] Enable libedit support for sftp],
[ if test "x$withval" != "xno" ; then
if test "x$withval" != "xyes"; then
- CPPFLAGS="$CPPFLAGS -I$withval/include"
- LDFLAGS="$LDFLAGS -L$withval/lib"
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
fi
AC_CHECK_LIB(edit, el_init,
- [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
+ [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
LIBEDIT="-ledit -lcurses"
LIBEDIT_MSG="yes"
AC_SUBST(LIBEDIT)
[ AC_MSG_ERROR(libedit not found) ],
[ -lcurses ]
)
+ AC_MSG_CHECKING(if libedit version is compatible)
+ AC_COMPILE_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <histedit.h>
+int main(void)
+{
+ int i = H_SETSIZE;
+ el_init("", NULL, NULL, NULL);
+ exit(0);
+}
+ ]])],
+ [ AC_MSG_RESULT(yes) ],
+ [ AC_MSG_RESULT(no)
+ AC_MSG_ERROR(libedit version is not compatible) ]
+ )
fi ]
)
[AC_MSG_ERROR(BSM enabled and required function not found)])
# These are optional
AC_CHECK_FUNCS(getaudit_addr)
- AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
+ AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
;;
debug)
AUDIT_MODULE=debug
AC_MSG_RESULT(debug)
- AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
+ AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
+ ;;
+ no)
+ AC_MSG_RESULT(no)
;;
*)
AC_MSG_ERROR([Unknown audit module $withval])
)
dnl Checks for library functions. Please keep in alphabetical order
-AC_CHECK_FUNCS(\
- arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
- bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \
- freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \
- getopt getpeereid _getpty getrlimit getttyent glob inet_aton \
- inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
- mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
- pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \
- setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
- setproctitle setregid setreuid setrlimit \
- setsid setvbuf sigaction sigvec snprintf socketpair strerror \
- strlcat strlcpy strmode strnvis strtonum strtoul sysconf tcgetpgrp \
- truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \
+AC_CHECK_FUNCS( \
+ arc4random \
+ asprintf \
+ b64_ntop \
+ __b64_ntop \
+ b64_pton \
+ __b64_pton \
+ bcopy \
+ bindresvport_sa \
+ clock \
+ closefrom \
+ dirfd \
+ fchmod \
+ fchown \
+ freeaddrinfo \
+ futimes \
+ getaddrinfo \
+ getcwd \
+ getgrouplist \
+ getnameinfo \
+ getopt \
+ getpeereid \
+ _getpty \
+ getrlimit \
+ getttyent \
+ glob \
+ inet_aton \
+ inet_ntoa \
+ inet_ntop \
+ innetgr \
+ login_getcapbool \
+ md5_crypt \
+ memmove \
+ mkdtemp \
+ mmap \
+ ngetaddrinfo \
+ nsleep \
+ ogetaddrinfo \
+ openlog_r \
+ openpty \
+ prctl \
+ pstat \
+ readpassphrase \
+ realpath \
+ recvmsg \
+ rresvport_af \
+ sendmsg \
+ setdtablesize \
+ setegid \
+ setenv \
+ seteuid \
+ setgroups \
+ setlogin \
+ setpcred \
+ setproctitle \
+ setregid \
+ setreuid \
+ setrlimit \
+ setsid \
+ setvbuf \
+ sigaction \
+ sigvec \
+ snprintf \
+ socketpair \
+ strdup \
+ strerror \
+ strlcat \
+ strlcpy \
+ strmode \
+ strnvis \
+ strtonum \
+ strtoll \
+ strtoul \
+ sysconf \
+ tcgetpgrp \
+ truncate \
+ unsetenv \
+ updwtmpx \
+ vasprintf \
+ vhangup \
+ vsnprintf \
+ waitpid \
)
# IRIX has a const char return value for gai_strerror()
AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
[Define if gai_strerror() returns const char *])])])
-AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
+AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
+ [Some systems put nanosleep outside of libc]))
dnl Make sure prototypes are defined for these before using them.
-AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
+AC_CHECK_DECL(strsep,
+ [AC_CHECK_FUNCS(strsep)],
+ [],
+ [
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif
+ ])
dnl tcsendbreak might be a macro
AC_CHECK_DECL(tcsendbreak,
int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
]])],
[AC_MSG_RESULT(yes)],
- [AC_DEFINE(BROKEN_SETRESUID)
+ [AC_DEFINE(BROKEN_SETRESUID, 1,
+ [Define if your setresuid() is broken])
AC_MSG_RESULT(not implemented)],
[AC_MSG_WARN([cross compiling: not checking setresuid])]
)
int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
]])],
[AC_MSG_RESULT(yes)],
- [AC_DEFINE(BROKEN_SETRESGID)
+ [AC_DEFINE(BROKEN_SETRESGID, 1,
+ [Define if your setresgid() is broken])
AC_MSG_RESULT(not implemented)],
[AC_MSG_WARN([cross compiling: not checking setresuid])]
)
AC_CHECK_FUNCS(setutxent utmpxname)
AC_CHECK_FUNC(daemon,
- [AC_DEFINE(HAVE_DAEMON)],
- [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
+ [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
+ [AC_CHECK_LIB(bsd, daemon,
+ [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
)
AC_CHECK_FUNC(getpagesize,
- [AC_DEFINE(HAVE_GETPAGESIZE)],
- [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
+ [AC_DEFINE(HAVE_GETPAGESIZE, 1,
+ [Define if your libraries define getpagesize()])],
+ [AC_CHECK_LIB(ucb, getpagesize,
+ [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
)
# Check for broken snprintf
[AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
- AC_DEFINE(BROKEN_SNPRINTF)
+ AC_DEFINE(BROKEN_SNPRINTF, 1,
+ [Define if your snprintf is busted])
AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
],
[ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
)
fi
+# If we don't have a working asprintf, then we strongly depend on vsnprintf
+# returning the right thing on overflow: the number of characters it tried to
+# create (as per SUSv3)
+if test "x$ac_cv_func_asprintf" != "xyes" && \
+ test "x$ac_cv_func_vsnprintf" = "xyes" ; then
+ AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdarg.h>
+
+int x_snprintf(char *str,size_t count,const char *fmt,...)
+{
+ size_t ret; va_list ap;
+ va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
+ return ret;
+}
+int main(void)
+{
+ char x[1];
+ exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
+} ]])],
+ [AC_MSG_RESULT(yes)],
+ [
+ AC_MSG_RESULT(no)
+ AC_DEFINE(BROKEN_SNPRINTF, 1,
+ [Define if your snprintf is busted])
+ AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
+ ],
+ [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
+ )
+fi
+
+# On systems where [v]snprintf is broken, but is declared in stdio,
+# check that the fmt argument is const char * or just char *.
+# This is only useful for when BROKEN_SNPRINTF
+AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
+AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
+ int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
+ int main(void) { snprintf(0, 0, 0); }
+ ]])],
+ [AC_MSG_RESULT(yes)
+ AC_DEFINE(SNPRINTF_CONST, [const],
+ [Define as const if snprintf() can declare const char *fmt])],
+ [AC_MSG_RESULT(no)
+ AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
+
# Check for missing getpeereid (or equiv) support
NO_PEERCHECK=""
if test "x$ac_cv_func_getpeereid" != "xyes" ; then
#include <sys/socket.h>],
[int i = SO_PEERCRED;],
[ AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option])
+ AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
],
[AC_MSG_RESULT(no)
NO_PEERCHECK=1]
dnl see whether mkstemp() requires XXXXXX
if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
AC_MSG_CHECKING([for (overly) strict mkstemp])
-AC_TRY_RUN(
- [
+AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdlib.h>
main() { char template[]="conftest.mkstemp-test";
if (mkstemp(template) == -1)
exit(1);
unlink(template); exit(0);
}
- ],
+ ]])],
[
AC_MSG_RESULT(no)
],
[
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_STRICT_MKSTEMP)
+ AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
],
[
AC_MSG_RESULT(yes)
dnl make sure that openpty does not reacquire controlling terminal
if test ! -z "$check_for_openpty_ctty_bug"; then
AC_MSG_CHECKING(if openpty correctly handles controlling tty)
- AC_TRY_RUN(
- [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdio.h>
#include <sys/fcntl.h>
#include <sys/types.h>
exit(0); /* Did not acquire ctty: OK */
}
}
- ],
+ ]])],
[
AC_MSG_RESULT(yes)
],
[
AC_MSG_RESULT(no)
AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ ],
+ [
+ AC_MSG_RESULT(cross-compiling, assuming yes)
]
)
fi
if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
AC_MSG_CHECKING(if getaddrinfo seems to work)
- AC_TRY_RUN(
- [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdio.h>
#include <sys/socket.h>
#include <netdb.h>
}
exit(0);
}
- ],
+ ]])],
[
AC_MSG_RESULT(yes)
],
[
AC_MSG_RESULT(no)
AC_DEFINE(BROKEN_GETADDRINFO)
+ ],
+ [
+ AC_MSG_RESULT(cross-compiling, assuming yes)
]
)
fi
if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
AC_MSG_CHECKING(if getaddrinfo seems to work)
- AC_TRY_RUN(
- [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
#include <stdio.h>
#include <sys/socket.h>
#include <netdb.h>
}
exit(0);
}
- ],
+ ]])],
[
AC_MSG_RESULT(yes)
- AC_DEFINE(AIX_GETNAMEINFO_HACK, [],
-[Define if you have a getaddrinfo that fails for the all-zeros IPv6 address])
+ AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
+ [Define if you have a getaddrinfo that fails
+ for the all-zeros IPv6 address])
],
[
AC_MSG_RESULT(no)
AC_DEFINE(BROKEN_GETADDRINFO)
+ ],
+ AC_MSG_RESULT(cross-compiling, assuming no)
]
)
fi
PAM_MSG="yes"
- AC_DEFINE(USE_PAM)
+ AC_DEFINE(USE_PAM, 1,
+ [Define if you want to enable PAM support])
if test $ac_cv_lib_dl_dlopen = yes; then
LIBPAM="-lpam -ldl"
else
[(void)pam_strerror((pam_handle_t *)NULL, -1);],
[AC_MSG_RESULT(no)],
[
- AC_DEFINE(HAVE_OLD_PAM)
+ AC_DEFINE(HAVE_OLD_PAM, 1,
+ [Define if you have an old version of PAM
+ which takes only one argument to pam_strerror])
AC_MSG_RESULT(yes)
PAM_MSG="yes (old library)"
]
]
)
LIBS="-lcrypto $LIBS"
-AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
+AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
+ [Define if your ssl headers are included
+ with #include <openssl/header.h>]),
[
dnl Check default openssl install dir
if test -n "${need_dash_r}"; then
]
)
+AC_ARG_WITH(ssl-engine,
+ [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
+ [ if test "x$withval" != "xno" ; then
+ AC_MSG_CHECKING(for OpenSSL ENGINE support)
+ AC_TRY_COMPILE(
+ [ #include <openssl/engine.h>],
+ [
+int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
+ ],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(USE_OPENSSL_ENGINE, 1,
+ [Enable OpenSSL engine support])
+ ],
+ [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
+ )
+ fi ]
+)
+
+# Check for OpenSSL without EVP_aes_{192,256}_cbc
+AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
+AC_COMPILE_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <string.h>
+#include <openssl/evp.h>
+int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
+ ]])],
+ [
+ AC_MSG_RESULT(no)
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
+ [libcrypto is missing AES 192 and 256 bit functions])
+ ]
+)
+
# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
# because the system crypt() is more featureful.
if test "x$check_for_libcrypt_before" = "x1"; then
AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
fi
+# Search for SHA256 support in libc and/or OpenSSL
+AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
+
+AC_CHECK_LIB(iaf, ia_openinfo)
### Configure cryptographic random number support
# Which randomness source do we use?
if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
# OpenSSL only
- AC_DEFINE(OPENSSL_PRNG_ONLY)
+ AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
+ [Define if you want OpenSSL's internally seeded PRNG only])
RAND_MSG="OpenSSL internal ONLY"
INSTALL_SSH_RAND_HELPER=""
elif test ! -z "$USE_RAND_HELPER" ; then
esac
if test ! -z "$withval" ; then
PRNGD_PORT="$withval"
- AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
+ AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
+ [Port number of PRNGD/EGD random number socket])
fi
]
)
AC_MSG_WARN(Entropy socket is not readable)
fi
PRNGD_SOCKET="$withval"
- AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
+ AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
+ [Location of PRNGD/EGD random number socket])
fi
],
[
fi
]
)
-AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
+AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
+ [Builtin PRNG command timeout])
SSH_PRIVSEP_USER=sshd
AC_ARG_WITH(privsep-user,
fi
]
)
-AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
+AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
+ [non-privileged user for privilege separation])
AC_SUBST(SSH_PRIVSEP_USER)
# We do this little dance with the search path to insure
LIBS="$LIBS -liberty";
fi
-# Checks for data types
+# Check for long long datatypes
+AC_CHECK_TYPES([long long, unsigned long long, long double])
+
+# Check datatype sizes
AC_CHECK_SIZEOF(char, 1)
AC_CHECK_SIZEOF(short int, 2)
AC_CHECK_SIZEOF(int, 4)
ac_cv_sizeof_long_long_int=0
fi
+# compute LLONG_MIN and LLONG_MAX if we don't know them.
+if test -z "$have_llong_max"; then
+ AC_MSG_CHECKING([for max value of long long])
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+/* Why is this so damn hard? */
+#ifdef __GNUC__
+# undef __GNUC__
+#endif
+#define __USE_ISOC99
+#include <limits.h>
+#define DATA "conftest.llminmax"
+#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
+
+/*
+ * printf in libc on some platforms (eg old Tru64) does not understand %lld so
+ * we do this the hard way.
+ */
+static int
+fprint_ll(FILE *f, long long n)
+{
+ unsigned int i;
+ int l[sizeof(long long) * 8];
+
+ if (n < 0)
+ if (fprintf(f, "-") < 0)
+ return -1;
+ for (i = 0; n != 0; i++) {
+ l[i] = my_abs(n % 10);
+ n /= 10;
+ }
+ do {
+ if (fprintf(f, "%d", l[--i]) < 0)
+ return -1;
+ } while (i != 0);
+ if (fprintf(f, " ") < 0)
+ return -1;
+ return 0;
+}
+
+int main(void) {
+ FILE *f;
+ long long i, llmin, llmax = 0;
+
+ if((f = fopen(DATA,"w")) == NULL)
+ exit(1);
+
+#if defined(LLONG_MIN) && defined(LLONG_MAX)
+ fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
+ llmin = LLONG_MIN;
+ llmax = LLONG_MAX;
+#else
+ fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
+ /* This will work on one's complement and two's complement */
+ for (i = 1; i > llmax; i <<= 1, i++)
+ llmax = i;
+ llmin = llmax + 1LL; /* wrap */
+#endif
+
+ /* Sanity check */
+ if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
+ || llmax - 1 > llmax || llmin == llmax || llmin == 0
+ || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
+ fprintf(f, "unknown unknown\n");
+ exit(2);
+ }
+
+ if (fprint_ll(f, llmin) < 0)
+ exit(3);
+ if (fprint_ll(f, llmax) < 0)
+ exit(4);
+ if (fclose(f) < 0)
+ exit(5);
+ exit(0);
+}
+ ]])],
+ [
+ llong_min=`$AWK '{print $1}' conftest.llminmax`
+ llong_max=`$AWK '{print $2}' conftest.llminmax`
+
+ AC_MSG_RESULT($llong_max)
+ AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
+ [max value of long long calculated by configure])
+ AC_MSG_CHECKING([for min value of long long])
+ AC_MSG_RESULT($llong_min)
+ AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
+ [min value of long long calculated by configure])
+ ],
+ [
+ AC_MSG_RESULT(not found)
+ ],
+ [
+ AC_MSG_WARN([cross compiling: not checking])
+ ]
+ )
+fi
+
+
# More checks for data types
AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
AC_TRY_COMPILE(
)
])
if test "x$ac_cv_have_u_int" = "xyes" ; then
- AC_DEFINE(HAVE_U_INT)
+ AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
have_u_int=1
fi
)
])
if test "x$ac_cv_have_intxx_t" = "xyes" ; then
- AC_DEFINE(HAVE_INTXX_T)
+ AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
have_intxx_t=1
fi
)
])
if test "x$ac_cv_have_int64_t" = "xyes" ; then
- AC_DEFINE(HAVE_INT64_T)
+ AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
fi
AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
)
])
if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
- AC_DEFINE(HAVE_U_INTXX_T)
+ AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
have_u_intxx_t=1
fi
)
])
if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
- AC_DEFINE(HAVE_U_INT64_T)
+ AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
have_u_int64_t=1
fi
)
])
if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
- AC_DEFINE(HAVE_UINTXX_T)
+ AC_DEFINE(HAVE_UINTXX_T, 1,
+ [define if you have uintxx_t data type])
fi
fi
)
])
if test "x$ac_cv_have_u_char" = "xyes" ; then
- AC_DEFINE(HAVE_U_CHAR)
+ AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
fi
TYPE_SOCKLEN_T
)
])
if test "x$ac_cv_have_size_t" = "xyes" ; then
- AC_DEFINE(HAVE_SIZE_T)
+ AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
fi
AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
)
])
if test "x$ac_cv_have_ssize_t" = "xyes" ; then
- AC_DEFINE(HAVE_SSIZE_T)
+ AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
fi
AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
)
])
if test "x$ac_cv_have_clock_t" = "xyes" ; then
- AC_DEFINE(HAVE_CLOCK_T)
+ AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
fi
AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
)
])
if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
- AC_DEFINE(HAVE_SA_FAMILY_T)
+ AC_DEFINE(HAVE_SA_FAMILY_T, 1,
+ [define if you have sa_family_t data type])
fi
AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
)
])
if test "x$ac_cv_have_pid_t" = "xyes" ; then
- AC_DEFINE(HAVE_PID_T)
+ AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
fi
AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
)
])
if test "x$ac_cv_have_mode_t" = "xyes" ; then
- AC_DEFINE(HAVE_MODE_T)
+ AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
fi
)
])
if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
+ AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
+ [define if you have struct sockaddr_storage data type])
fi
AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
)
])
if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
+ AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
+ [define if you have struct sockaddr_in6 data type])
fi
AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
)
])
if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
+ AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
+ [define if you have struct in6_addr data type])
fi
AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
)
])
if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_ADDRINFO)
+ AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
+ [define if you have struct addrinfo data type])
fi
AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
)
])
if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
- AC_DEFINE(HAVE_STRUCT_TIMEVAL)
+ AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
have_struct_timeval=1
fi
OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
AC_CHECK_MEMBERS([struct stat.st_blksize])
+AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
+ [Define if we don't have struct __res_state in resolv.h])],
+[
+#include <stdio.h>
+#if HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+])
AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
ac_cv_have_ss_family_in_struct_ss, [
)
])
if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
- AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
+ AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
fi
AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
)
])
if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
- AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
+ AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
+ [Fields in struct sockaddr_storage])
fi
AC_CACHE_CHECK([for pw_class field in struct passwd],
)
])
if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
- AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
+ AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
+ [Define if your password has a pw_class field])
fi
AC_CACHE_CHECK([for pw_expire field in struct passwd],
)
])
if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
- AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
+ AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
+ [Define if your password has a pw_expire field])
fi
AC_CACHE_CHECK([for pw_change field in struct passwd],
)
])
if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
- AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
+ AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
+ [Define if your password has a pw_change field])
fi
dnl make sure we're using the real structure members and not defines
)
])
if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
- AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR)
+ AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
+ [Define if your system uses access rights style
+ file descriptor passing])
fi
AC_CACHE_CHECK([for msg_control field in struct msghdr],
)
])
if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
- AC_DEFINE(HAVE_CONTROL_IN_MSGHDR)
+ AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
+ [Define if your system uses ancillary data style
+ file descriptor passing])
fi
AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
)
])
if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
- AC_DEFINE(HAVE___PROGNAME)
+ AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
fi
AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
)
])
if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
- AC_DEFINE(HAVE___FUNCTION__)
+ AC_DEFINE(HAVE___FUNCTION__, 1,
+ [Define if compiler implements __FUNCTION__])
fi
AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
)
])
if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
- AC_DEFINE(HAVE___func__)
+ AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
+fi
+
+AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
+ AC_TRY_LINK(
+ [#include <stdarg.h>
+ va_list x,y;],
+ [va_copy(x,y);],
+ [ ac_cv_have_va_copy="yes" ],
+ [ ac_cv_have_va_copy="no" ]
+ )
+])
+if test "x$ac_cv_have_va_copy" = "xyes" ; then
+ AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
+fi
+
+AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
+ AC_TRY_LINK(
+ [#include <stdarg.h>
+ va_list x,y;],
+ [__va_copy(x,y);],
+ [ ac_cv_have___va_copy="yes" ],
+ [ ac_cv_have___va_copy="no" ]
+ )
+])
+if test "x$ac_cv_have___va_copy" = "xyes" ; then
+ AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
fi
AC_CACHE_CHECK([whether getopt has optreset support],
)
])
if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
- AC_DEFINE(HAVE_GETOPT_OPTRESET)
+ AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
+ [Define if your getopt(3) defines and uses optreset])
fi
AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
)
])
if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
- AC_DEFINE(HAVE_SYS_ERRLIST)
+ AC_DEFINE(HAVE_SYS_ERRLIST, 1,
+ [Define if your system defines sys_errlist[]])
fi
)
])
if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
- AC_DEFINE(HAVE_SYS_NERR)
+ AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
fi
SCARD_MSG="no"
if test "$ac_cv_lib_sectok_sectok_open" != yes; then
AC_MSG_ERROR(Can't find libsectok)
fi
- AC_DEFINE(SMARTCARD)
- AC_DEFINE(USE_SECTOK)
+ AC_DEFINE(SMARTCARD, 1,
+ [Define if you want smartcard support])
+ AC_DEFINE(USE_SECTOK, 1,
+ [Define if you want smartcard support
+ using sectok])
SCARD_MSG="yes, using sectok"
fi
]
# Check whether user wants OpenSC support
OPENSC_CONFIG="no"
AC_ARG_WITH(opensc,
- [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
+ [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
[
if test "x$withval" != "xno" ; then
if test "x$withval" != "xyes" ; then
CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
AC_DEFINE(SMARTCARD)
- AC_DEFINE(USE_OPENSC)
+ AC_DEFINE(USE_OPENSC, 1,
+ [Define if you want smartcard support
+ using OpenSC])
SCARD_MSG="yes, using OpenSC"
fi
fi
# Check libraries needed by DNS fingerprint support
AC_SEARCH_LIBS(getrrsetbyname, resolv,
- [AC_DEFINE(HAVE_GETRRSETBYNAME)],
+ [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
+ [Define if getrrsetbyname() exists])],
[
# Needed by our getrrsetbyname()
AC_SEARCH_LIBS(res_query, resolv)
AC_MSG_RESULT(no)])
])
AC_CHECK_FUNCS(_getshort _getlong)
- AC_CHECK_DECLS([_getshort, _getlong])
+ AC_CHECK_DECLS([_getshort, _getlong], , ,
+ [#include <sys/types.h>
+ #include <arpa/nameser.h>])
AC_CHECK_MEMBER(HEADER.ad,
- [AC_DEFINE(HAVE_HEADER_AD)],,
+ [AC_DEFINE(HAVE_HEADER_AD, 1,
+ [Define if HEADER.ad exists in arpa/nameser.h])],,
[#include <arpa/nameser.h>])
])
+# Check whether user wants SELinux support
+SELINUX_MSG="no"
+LIBSELINUX=""
+AC_ARG_WITH(selinux,
+ [ --with-selinux Enable SELinux support],
+ [ if test "x$withval" != "xno" ; then
+ AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
+ SELINUX_MSG="yes"
+ AC_CHECK_HEADER([selinux/selinux.h], ,
+ AC_MSG_ERROR(SELinux support requires selinux.h header))
+ AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
+ AC_MSG_ERROR(SELinux support requires libselinux library))
+ AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
+ fi ]
+)
+AC_SUBST(LIBSELINUX)
+
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
KRB5ROOT=${withval}
fi
- AC_DEFINE(KRB5)
+ AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
KRB5_MSG="yes"
AC_MSG_CHECKING(for krb5-config)
AC_MSG_CHECKING(for gssapi support)
if $KRB5CONF | grep gssapi >/dev/null ; then
AC_MSG_RESULT(yes)
- AC_DEFINE(GSSAPI)
+ AC_DEFINE(GSSAPI, 1,
+ [Define this if you want GSSAPI
+ support in the version 2 protocol])
k5confopts=gssapi
else
AC_MSG_RESULT(no)
AC_TRY_COMPILE([ #include <krb5.h> ],
[ char *tmp = heimdal_version; ],
[ AC_MSG_RESULT(yes)
- AC_DEFINE(HEIMDAL) ],
+ AC_DEFINE(HEIMDAL, 1,
+ [Define this if you are using the
+ Heimdal version of Kerberos V5]) ],
AC_MSG_RESULT(no)
)
else
if test ! -z "$blibpath" ; then
blibpath="$blibpath:${KRB5ROOT}/lib"
fi
- fi
- AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
- AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
- AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
+ AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
+ AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
+ AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
- LIBS="$LIBS $K5LIBS"
- AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
- AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
+ LIBS="$LIBS $K5LIBS"
+ AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
+ [Define this if you want to use libkafs' AFS support]))
+ fi
]
)
XAUTH_PATH="undefined"
AC_SUBST(XAUTH_PATH)
else
- AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
+ AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
+ [Define if xauth is found in your path])
XAUTH_PATH=$xauth_path
AC_SUBST(XAUTH_PATH)
fi
# Check for mail directory (last resort if we cannot get it from headers)
if test ! -z "$MAIL" ; then
maildir=`dirname $MAIL`
- AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
+ AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
+ [Set this to your mail directory if you don't have maillock.h])
fi
if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
if test "x$disable_ptmx_check" != "xyes" ; then
AC_CHECK_FILE("/dev/ptmx",
[
- AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
+ AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
+ [Define if you have /dev/ptmx])
have_dev_ptmx=1
]
)
if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
AC_CHECK_FILE("/dev/ptc",
[
- AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
+ AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
+ [Define if you have /dev/ptc])
have_dev_ptc=1
]
)
[ --with-md5-passwords Enable use of MD5 passwords],
[
if test "x$withval" != "xno" ; then
- AC_DEFINE(HAVE_MD5_PASSWORDS)
+ AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
+ [Define if you want to allow MD5 passwords])
MD5_MSG="yes"
fi
]
if test "x$sp_expire_available" = "xyes" ; then
AC_MSG_RESULT(yes)
- AC_DEFINE(HAS_SHADOW_EXPIRE)
+ AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
+ [Define if you want to use shadow password expire field])
else
AC_MSG_RESULT(no)
fi
# Use ip address instead of hostname in $DISPLAY
if test ! -z "$IPADDR_IN_DISPLAY" ; then
DISPLAY_HACK_MSG="yes"
- AC_DEFINE(IPADDR_IN_DISPLAY)
+ AC_DEFINE(IPADDR_IN_DISPLAY, 1,
+ [Define if you need to use IP address
+ instead of hostname in $DISPLAY])
else
DISPLAY_HACK_MSG="no"
AC_ARG_WITH(ipaddr-display,
else
etc_default_login=yes
fi ],
- [ etc_default_login=yes ]
+ [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
+ then
+ AC_MSG_WARN([cross compiling: not checking /etc/default/login])
+ etc_default_login=no
+ else
+ etc_default_login=yes
+ fi ]
)
if test "x$etc_default_login" != "xno"; then
AC_CHECK_FILE("/etc/default/login",
[ external_path_file=/etc/default/login ])
- if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
- then
- AC_MSG_WARN([cross compiling: Disabling /etc/default/login test])
- elif test "x$external_path_file" = "x/etc/default/login"; then
- AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
+ if test "x$external_path_file" = "x/etc/default/login"; then
+ AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
+ [Define if your system has /etc/default/login])
fi
fi
If PATH is defined in $external_path_file, ensure the path to scp is included,
otherwise scp will not work.])
fi
- AC_TRY_RUN(
- [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
/* find out what STDPATH is */
#include <stdio.h>
#ifdef HAVE_PATHS_H
exit(0);
}
- ], [ user_path=`cat conftest.stdpath` ],
+ ]])],
+ [ user_path=`cat conftest.stdpath` ],
[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
)
fi ]
)
if test "x$external_path_file" != "x/etc/login.conf" ; then
- AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
+ AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
AC_SUBST(user_path)
fi
[
if test -n "$withval" && test "x$withval" != "xno" && \
test "x${withval}" != "xyes"; then
- AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
+ AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
+ [Define if you want a different $PATH
+ for the superuser])
superuser_path=$withval
fi
]
[
if test "x$withval" != "xno" ; then
AC_MSG_RESULT(yes)
- AC_DEFINE(IPV4_IN_IPV6)
+ AC_DEFINE(IPV4_IN_IPV6, 1,
+ [Detect IPv4 in IPv6 mapped addresses
+ and treat as IPv4])
IPV4_IN6_HACK_MSG="yes"
else
AC_MSG_RESULT(no)
[ --with-bsd-auth Enable BSD auth support],
[
if test "x$withval" != "xno" ; then
- AC_DEFINE(BSD_AUTH)
+ AC_DEFINE(BSD_AUTH, 1,
+ [Define if you have BSD auth support])
BSD_AUTH_MSG=yes
fi
]
]
)
-AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
+AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
AC_SUBST(piddir)
dnl allow user to disable some login recording features
[ --disable-utmpx disable use of utmpx even if detected [no]],
[
if test "x$enableval" = "xno" ; then
- AC_DEFINE(DISABLE_UTMPX)
+ AC_DEFINE(DISABLE_UTMPX, 1,
+ [Define if you don't want to use utmpx])
fi
]
)
[ --disable-wtmpx disable use of wtmpx even if detected [no]],
[
if test "x$enableval" = "xno" ; then
- AC_DEFINE(DISABLE_WTMPX)
+ AC_DEFINE(DISABLE_WTMPX, 1,
+ [Define if you don't want to use wtmpx])
fi
]
)
[ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
[
if test "x$enableval" = "xno" ; then
- AC_DEFINE(DISABLE_PUTUTLINE)
+ AC_DEFINE(DISABLE_PUTUTLINE, 1,
+ [Define if you don't want to use pututline()
+ etc. to write [uw]tmp])
fi
]
)
[ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
[
if test "x$enableval" = "xno" ; then
- AC_DEFINE(DISABLE_PUTUTXLINE)
+ AC_DEFINE(DISABLE_PUTUTXLINE, 1,
+ [Define if you don't want to use pututxline()
+ etc. to write [uw]tmpx])
fi
]
)
fi
if test -n "$conf_lastlog_location"; then
- AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
+ AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
+ [Define if you want to specify the path to your lastlog file])
fi
dnl utmp detection
fi
fi
if test -n "$conf_utmp_location"; then
- AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
+ AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
+ [Define if you want to specify the path to your utmp file])
fi
dnl wtmp detection
fi
fi
if test -n "$conf_wtmp_location"; then
- AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
+ AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
+ [Define if you want to specify the path to your wtmp file])
fi
AC_DEFINE(DISABLE_UTMPX)
fi
else
- AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
+ AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
+ [Define if you want to specify the path to your utmpx file])
fi
dnl wtmpx detection
AC_DEFINE(DISABLE_WTMPX)
fi
else
- AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
+ AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
+ [Define if you want to specify the path to your wtmpx file])
fi
LIBS=`echo $LIBS | sed 's/-ldl //'`
fi
+dnl Adding -Werror to CFLAGS early prevents configure tests from running.
+dnl Add now.
+CFLAGS="$CFLAGS $werror_flags"
+
AC_EXEEXT
AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
- scard/Makefile ssh_prng_cmds survey.sh])
+ openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
AC_OUTPUT
# Print summary of options
echo " Manpage format: $MANTYPE"
echo " PAM support: $PAM_MSG"
echo " KerberosV support: $KRB5_MSG"
+echo " SELinux support: $SELINUX_MSG"
echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
andersk / openssh.git / blobdiff