| blob | 88a248fb5a12999b0166b2a256ed364b1e054ebc |
1 # $Id: configure.ac,v 1.431 2009/12/07 00:15:43 dtucker Exp $
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.431 $)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
22 AC_PROG_CC
23 AC_CANONICAL_HOST
24 AC_C_BIGENDIAN
26 # Checks for programs.
27 AC_PROG_AWK
28 AC_PROG_CPP
29 AC_PROG_RANLIB
30 AC_PROG_INSTALL
31 AC_PROG_EGREP
32 AC_PATH_PROG(AR, ar)
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
37 AC_SUBST(PERL)
38 AC_PATH_PROG(ENT, ent)
39 AC_SUBST(ENT)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43 AC_PATH_PROG(SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
46 dnl for buildpkg.sh
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54 else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56 fi
58 # System features
59 AC_SYS_LARGEFILE
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63 fi
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
70 else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76 fi
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
82 fi
84 if test -z "$LD" ; then
85 LD=$CC
86 fi
87 AC_SUBST(LD)
89 AC_C_INLINE
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 use_stack_protector=1
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
97 use_stack_protector=0
98 fi ])
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
103 case $GCC_VER in
104 1.*) no_attrib_nonnull=1 ;;
105 2.8* | 2.9*)
106 CFLAGS="$CFLAGS -Wsign-compare"
107 no_attrib_nonnull=1
108 ;;
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
112 *) ;;
113 esac
115 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
116 saved_CFLAGS="$CFLAGS"
117 CFLAGS="$CFLAGS -fno-builtin-memset"
118 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
119 #include <string.h>
120 int main(void){char b[10]; memset(b, 0, sizeof(b));}
121 ]])],
122 [ AC_MSG_RESULT(yes) ],
123 [ AC_MSG_RESULT(no)
124 CFLAGS="$saved_CFLAGS" ]
125 )
127 # -fstack-protector-all doesn't always work for some GCC versions
128 # and/or platforms, so we test if we can. If it's not supported
129 # on a given platform gcc will emit a warning so we use -Werror.
130 if test "x$use_stack_protector" = "x1"; then
131 for t in -fstack-protector-all -fstack-protector; do
132 AC_MSG_CHECKING(if $CC supports $t)
133 saved_CFLAGS="$CFLAGS"
134 saved_LDFLAGS="$LDFLAGS"
135 CFLAGS="$CFLAGS $t -Werror"
136 LDFLAGS="$LDFLAGS $t -Werror"
137 AC_LINK_IFELSE(
138 [AC_LANG_SOURCE([
139 #include <stdio.h>
140 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
141 ])],
142 [ AC_MSG_RESULT(yes)
143 CFLAGS="$saved_CFLAGS $t"
144 LDFLAGS="$saved_LDFLAGS $t"
145 AC_MSG_CHECKING(if $t works)
146 AC_RUN_IFELSE(
147 [AC_LANG_SOURCE([
148 #include <stdio.h>
149 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
150 ])],
151 [ AC_MSG_RESULT(yes)
152 break ],
153 [ AC_MSG_RESULT(no) ],
154 [ AC_MSG_WARN([cross compiling: cannot test])
155 break ]
156 )
157 ],
158 [ AC_MSG_RESULT(no) ]
159 )
160 CFLAGS="$saved_CFLAGS"
161 LDFLAGS="$saved_LDFLAGS"
162 done
163 fi
165 if test -z "$have_llong_max"; then
166 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
167 unset ac_cv_have_decl_LLONG_MAX
168 saved_CFLAGS="$CFLAGS"
169 CFLAGS="$CFLAGS -std=gnu99"
170 AC_CHECK_DECL(LLONG_MAX,
171 [have_llong_max=1],
172 [CFLAGS="$saved_CFLAGS"],
173 [#include <limits.h>]
174 )
175 fi
176 fi
178 if test "x$no_attrib_nonnull" != "x1" ; then
179 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
180 fi
182 AC_ARG_WITH(rpath,
183 [ --without-rpath Disable auto-added -R linker paths],
184 [
185 if test "x$withval" = "xno" ; then
186 need_dash_r=""
187 fi
188 if test "x$withval" = "xyes" ; then
189 need_dash_r=1
190 fi
191 ]
192 )
194 # Allow user to specify flags
195 AC_ARG_WITH(cflags,
196 [ --with-cflags Specify additional flags to pass to compiler],
197 [
198 if test -n "$withval" && test "x$withval" != "xno" && \
199 test "x${withval}" != "xyes"; then
200 CFLAGS="$CFLAGS $withval"
201 fi
202 ]
203 )
204 AC_ARG_WITH(cppflags,
205 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
206 [
207 if test -n "$withval" && test "x$withval" != "xno" && \
208 test "x${withval}" != "xyes"; then
209 CPPFLAGS="$CPPFLAGS $withval"
210 fi
211 ]
212 )
213 AC_ARG_WITH(ldflags,
214 [ --with-ldflags Specify additional flags to pass to linker],
215 [
216 if test -n "$withval" && test "x$withval" != "xno" && \
217 test "x${withval}" != "xyes"; then
218 LDFLAGS="$LDFLAGS $withval"
219 fi
220 ]
221 )
222 AC_ARG_WITH(libs,
223 [ --with-libs Specify additional libraries to link with],
224 [
225 if test -n "$withval" && test "x$withval" != "xno" && \
226 test "x${withval}" != "xyes"; then
227 LIBS="$LIBS $withval"
228 fi
229 ]
230 )
231 AC_ARG_WITH(Werror,
232 [ --with-Werror Build main code with -Werror],
233 [
234 if test -n "$withval" && test "x$withval" != "xno"; then
235 werror_flags="-Werror"
236 if test "x${withval}" != "xyes"; then
237 werror_flags="$withval"
238 fi
239 fi
240 ]
241 )
243 AC_CHECK_HEADERS( \
244 bstring.h \
245 crypt.h \
246 crypto/sha2.h \
247 dirent.h \
248 endian.h \
249 features.h \
250 fcntl.h \
251 floatingpoint.h \
252 getopt.h \
253 glob.h \
254 ia.h \
255 iaf.h \
256 limits.h \
257 login.h \
258 maillock.h \
259 ndir.h \
260 net/if_tun.h \
261 netdb.h \
262 netgroup.h \
263 pam/pam_appl.h \
264 paths.h \
265 poll.h \
266 pty.h \
267 readpassphrase.h \
268 rpc/types.h \
269 security/pam_appl.h \
270 sha2.h \
271 shadow.h \
272 stddef.h \
273 stdint.h \
274 string.h \
275 strings.h \
276 sys/audit.h \
277 sys/bitypes.h \
278 sys/bsdtty.h \
279 sys/cdefs.h \
280 sys/dir.h \
281 sys/mman.h \
282 sys/ndir.h \
283 sys/poll.h \
284 sys/prctl.h \
285 sys/pstat.h \
286 sys/select.h \
287 sys/stat.h \
288 sys/stream.h \
289 sys/stropts.h \
290 sys/strtio.h \
291 sys/statvfs.h \
292 sys/sysmacros.h \
293 sys/time.h \
294 sys/timers.h \
295 sys/un.h \
296 time.h \
297 tmpdir.h \
298 ttyent.h \
299 ucred.h \
300 unistd.h \
301 usersec.h \
302 util.h \
303 utime.h \
304 utmp.h \
305 utmpx.h \
306 vis.h \
307 )
309 # lastlog.h requires sys/time.h to be included first on Solaris
310 AC_CHECK_HEADERS(lastlog.h, [], [], [
311 #ifdef HAVE_SYS_TIME_H
312 # include <sys/time.h>
313 #endif
314 ])
316 # sys/ptms.h requires sys/stream.h to be included first on Solaris
317 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
318 #ifdef HAVE_SYS_STREAM_H
319 # include <sys/stream.h>
320 #endif
321 ])
323 # login_cap.h requires sys/types.h on NetBSD
324 AC_CHECK_HEADERS(login_cap.h, [], [], [
325 #include <sys/types.h>
326 ])
328 # older BSDs need sys/param.h before sys/mount.h
329 AC_CHECK_HEADERS(sys/mount.h, [], [], [
330 #include <sys/param.h>
331 ])
333 # Messages for features tested for in target-specific section
334 SIA_MSG="no"
335 SPC_MSG="no"
337 # Check for some target-specific stuff
338 case "$host" in
339 *-*-aix*)
340 # Some versions of VAC won't allow macro redefinitions at
341 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
342 # particularly with older versions of vac or xlc.
343 # It also throws errors about null macro argments, but these are
344 # not fatal.
345 AC_MSG_CHECKING(if compiler allows macro redefinitions)
346 AC_COMPILE_IFELSE(
347 [AC_LANG_SOURCE([[
348 #define testmacro foo
349 #define testmacro bar
350 int main(void) { exit(0); }
351 ]])],
352 [ AC_MSG_RESULT(yes) ],
353 [ AC_MSG_RESULT(no)
354 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
355 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
356 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
357 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
358 ]
359 )
361 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
362 if (test -z "$blibpath"); then
363 blibpath="/usr/lib:/lib"
364 fi
365 saved_LDFLAGS="$LDFLAGS"
366 if test "$GCC" = "yes"; then
367 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
368 else
369 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
370 fi
371 for tryflags in $flags ;do
372 if (test -z "$blibflags"); then
373 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
374 AC_TRY_LINK([], [], [blibflags=$tryflags])
375 fi
376 done
377 if (test -z "$blibflags"); then
378 AC_MSG_RESULT(not found)
379 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
380 else
381 AC_MSG_RESULT($blibflags)
382 fi
383 LDFLAGS="$saved_LDFLAGS"
384 dnl Check for authenticate. Might be in libs.a on older AIXes
385 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
386 [Define if you want to enable AIX4's authenticate function])],
387 [AC_CHECK_LIB(s,authenticate,
388 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
389 LIBS="$LIBS -ls"
390 ])
391 ])
392 dnl Check for various auth function declarations in headers.
393 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
394 passwdexpired, setauthdb], , , [#include <usersec.h>])
395 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
396 AC_CHECK_DECLS(loginfailed,
397 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
398 AC_TRY_COMPILE(
399 [#include <usersec.h>],
400 [(void)loginfailed("user","host","tty",0);],
401 [AC_MSG_RESULT(yes)
402 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
403 [Define if your AIX loginfailed() function
404 takes 4 arguments (AIX >= 5.2)])],
405 [AC_MSG_RESULT(no)]
406 )],
407 [],
408 [#include <usersec.h>]
409 )
410 AC_CHECK_FUNCS(getgrset setauthdb)
411 AC_CHECK_DECL(F_CLOSEM,
412 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
413 [],
414 [ #include <limits.h>
415 #include <fcntl.h> ]
416 )
417 check_for_aix_broken_getaddrinfo=1
418 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
419 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
420 [Define if your platform breaks doing a seteuid before a setuid])
421 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
422 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
423 dnl AIX handles lastlog as part of its login message
424 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
425 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
426 [Some systems need a utmpx entry for /bin/login to work])
427 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
428 [Define to a Set Process Title type if your system is
429 supported by bsd-setproctitle.c])
430 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
431 [AIX 5.2 and 5.3 (and presumably newer) require this])
432 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
433 ;;
434 *-*-cygwin*)
435 check_for_libcrypt_later=1
436 LIBS="$LIBS /usr/lib/textreadmode.o"
437 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
438 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
439 AC_DEFINE(DISABLE_SHADOW, 1,
440 [Define if you want to disable shadow passwords])
441 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
442 [Define if X11 doesn't support AF_UNIX sockets on that system])
443 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
444 [Define if the concept of ports only accessible to
445 superusers isn't known])
446 AC_DEFINE(DISABLE_FD_PASSING, 1,
447 [Define if your platform needs to skip post auth
448 file descriptor passing])
449 AC_DEFINE(SSH_IOBUFSZ, 65536, [Windows is sensitive to read buffer size])
450 ;;
451 *-*-dgux*)
452 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
453 [Define if your system choked on IP TOS setting])
454 AC_DEFINE(SETEUID_BREAKS_SETUID)
455 AC_DEFINE(BROKEN_SETREUID)
456 AC_DEFINE(BROKEN_SETREGID)
457 ;;
458 *-*-darwin*)
459 AC_MSG_CHECKING(if we have working getaddrinfo)
460 AC_TRY_RUN([#include <mach-o/dyld.h>
461 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
462 exit(0);
463 else
464 exit(1);
465 }], [AC_MSG_RESULT(working)],
466 [AC_MSG_RESULT(buggy)
467 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
468 [AC_MSG_RESULT(assume it is working)])
469 AC_DEFINE(SETEUID_BREAKS_SETUID)
470 AC_DEFINE(BROKEN_SETREUID)
471 AC_DEFINE(BROKEN_SETREGID)
472 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
473 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
474 [Define if your resolver libs need this for getrrsetbyname])
475 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
476 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
477 [Use tunnel device compatibility to OpenBSD])
478 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
479 [Prepend the address family to IP tunnel traffic])
480 m4_pattern_allow(AU_IPv)
481 AC_CHECK_DECL(AU_IPv4, [],
482 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
483 [#include <bsm/audit.h>]
484 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
485 [Define if pututxline updates lastlog too])
486 )
487 ;;
488 *-*-dragonfly*)
489 SSHDLIBS="$SSHDLIBS -lcrypt"
490 ;;
491 *-*-hpux*)
492 # first we define all of the options common to all HP-UX releases
493 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
494 IPADDR_IN_DISPLAY=yes
495 AC_DEFINE(USE_PIPES)
496 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
497 [Define if your login program cannot handle end of options ("--")])
498 AC_DEFINE(LOGIN_NEEDS_UTMPX)
499 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
500 [String used in /etc/passwd to denote locked account])
501 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
502 MAIL="/var/mail/username"
503 LIBS="$LIBS -lsec"
504 AC_CHECK_LIB(xnet, t_error, ,
505 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
507 # next, we define all of the options specific to major releases
508 case "$host" in
509 *-*-hpux10*)
510 if test -z "$GCC"; then
511 CFLAGS="$CFLAGS -Ae"
512 fi
513 ;;
514 *-*-hpux11*)
515 AC_DEFINE(PAM_SUN_CODEBASE, 1,
516 [Define if you are using Solaris-derived PAM which
517 passes pam_messages to the conversation function
518 with an extra level of indirection])
519 AC_DEFINE(DISABLE_UTMP, 1,
520 [Define if you don't want to use utmp])
521 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
522 check_for_hpux_broken_getaddrinfo=1
523 check_for_conflicting_getspnam=1
524 ;;
525 esac
527 # lastly, we define options specific to minor releases
528 case "$host" in
529 *-*-hpux10.26)
530 AC_DEFINE(HAVE_SECUREWARE, 1,
531 [Define if you have SecureWare-based
532 protected password database])
533 disable_ptmx_check=yes
534 LIBS="$LIBS -lsecpw"
535 ;;
536 esac
537 ;;
538 *-*-irix5*)
539 PATH="$PATH:/usr/etc"
540 AC_DEFINE(BROKEN_INET_NTOA, 1,
541 [Define if you system's inet_ntoa is busted
542 (e.g. Irix gcc issue)])
543 AC_DEFINE(SETEUID_BREAKS_SETUID)
544 AC_DEFINE(BROKEN_SETREUID)
545 AC_DEFINE(BROKEN_SETREGID)
546 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
547 [Define if you shouldn't strip 'tty' from your
548 ttyname in [uw]tmp])
549 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
550 ;;
551 *-*-irix6*)
552 PATH="$PATH:/usr/etc"
553 AC_DEFINE(WITH_IRIX_ARRAY, 1,
554 [Define if you have/want arrays
555 (cluster-wide session managment, not C arrays)])
556 AC_DEFINE(WITH_IRIX_PROJECT, 1,
557 [Define if you want IRIX project management])
558 AC_DEFINE(WITH_IRIX_AUDIT, 1,
559 [Define if you want IRIX audit trails])
560 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
561 [Define if you want IRIX kernel jobs])])
562 AC_DEFINE(BROKEN_INET_NTOA)
563 AC_DEFINE(SETEUID_BREAKS_SETUID)
564 AC_DEFINE(BROKEN_SETREUID)
565 AC_DEFINE(BROKEN_SETREGID)
566 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
567 AC_DEFINE(WITH_ABBREV_NO_TTY)
568 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
569 ;;
570 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
571 check_for_libcrypt_later=1
572 AC_DEFINE(PAM_TTY_KLUDGE)
573 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
574 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
575 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
576 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
577 ;;
578 *-*-linux*)
579 no_dev_ptmx=1
580 check_for_libcrypt_later=1
581 check_for_openpty_ctty_bug=1
582 AC_DEFINE(PAM_TTY_KLUDGE, 1,
583 [Work around problematic Linux PAM modules handling of PAM_TTY])
584 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
585 [String used in /etc/passwd to denote locked account])
586 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
587 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
588 [Define to whatever link() returns for "not supported"
589 if it doesn't return EOPNOTSUPP.])
590 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
591 AC_DEFINE(USE_BTMP)
592 inet6_default_4in6=yes
593 case `uname -r` in
594 1.*|2.0.*)
595 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
596 [Define if cmsg_type is not passed correctly])
597 ;;
598 esac
599 # tun(4) forwarding compat code
600 AC_CHECK_HEADERS(linux/if_tun.h)
601 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
602 AC_DEFINE(SSH_TUN_LINUX, 1,
603 [Open tunnel devices the Linux tun/tap way])
604 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
605 [Use tunnel device compatibility to OpenBSD])
606 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
607 [Prepend the address family to IP tunnel traffic])
608 fi
609 ;;
610 mips-sony-bsd|mips-sony-newsos4)
611 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
612 SONY=1
613 ;;
614 *-*-netbsd*)
615 check_for_libcrypt_before=1
616 if test "x$withval" != "xno" ; then
617 need_dash_r=1
618 fi
619 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
620 AC_CHECK_HEADER([net/if_tap.h], ,
621 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
622 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
623 [Prepend the address family to IP tunnel traffic])
624 ;;
625 *-*-freebsd*)
626 check_for_libcrypt_later=1
627 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
628 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
629 AC_CHECK_HEADER([net/if_tap.h], ,
630 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
631 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
632 ;;
633 *-*-bsdi*)
634 AC_DEFINE(SETEUID_BREAKS_SETUID)
635 AC_DEFINE(BROKEN_SETREUID)
636 AC_DEFINE(BROKEN_SETREGID)
637 ;;
638 *-next-*)
639 conf_lastlog_location="/usr/adm/lastlog"
640 conf_utmp_location=/etc/utmp
641 conf_wtmp_location=/usr/adm/wtmp
642 MAIL=/usr/spool/mail
643 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
644 AC_DEFINE(BROKEN_REALPATH)
645 AC_DEFINE(USE_PIPES)
646 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
647 ;;
648 *-*-openbsd*)
649 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
650 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
651 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
652 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
653 [syslog_r function is safe to use in in a signal handler])
654 ;;
655 *-*-solaris*)
656 if test "x$withval" != "xno" ; then
657 need_dash_r=1
658 fi
659 AC_DEFINE(PAM_SUN_CODEBASE)
660 AC_DEFINE(LOGIN_NEEDS_UTMPX)
661 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
662 [Some versions of /bin/login need the TERM supplied
663 on the commandline])
664 AC_DEFINE(PAM_TTY_KLUDGE)
665 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
666 [Define if pam_chauthtok wants real uid set
667 to the unpriv'ed user])
668 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
669 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
670 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
671 [Define if sshd somehow reacquires a controlling TTY
672 after setsid()])
673 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
674 in case the name is longer than 8 chars])
675 AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
676 external_path_file=/etc/default/login
677 # hardwire lastlog location (can't detect it on some versions)
678 conf_lastlog_location="/var/adm/lastlog"
679 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
680 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
681 if test "$sol2ver" -ge 8; then
682 AC_MSG_RESULT(yes)
683 AC_DEFINE(DISABLE_UTMP)
684 AC_DEFINE(DISABLE_WTMP, 1,
685 [Define if you don't want to use wtmp])
686 else
687 AC_MSG_RESULT(no)
688 fi
689 AC_ARG_WITH(solaris-contracts,
690 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
691 [
692 AC_CHECK_LIB(contract, ct_tmpl_activate,
693 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
694 [Define if you have Solaris process contracts])
695 SSHDLIBS="$SSHDLIBS -lcontract"
696 AC_SUBST(SSHDLIBS)
697 SPC_MSG="yes" ], )
698 ],
699 )
700 ;;
701 *-*-sunos4*)
702 CPPFLAGS="$CPPFLAGS -DSUNOS4"
703 AC_CHECK_FUNCS(getpwanam)
704 AC_DEFINE(PAM_SUN_CODEBASE)
705 conf_utmp_location=/etc/utmp
706 conf_wtmp_location=/var/adm/wtmp
707 conf_lastlog_location=/var/adm/lastlog
708 AC_DEFINE(USE_PIPES)
709 ;;
710 *-ncr-sysv*)
711 LIBS="$LIBS -lc89"
712 AC_DEFINE(USE_PIPES)
713 AC_DEFINE(SSHD_ACQUIRES_CTTY)
714 AC_DEFINE(SETEUID_BREAKS_SETUID)
715 AC_DEFINE(BROKEN_SETREUID)
716 AC_DEFINE(BROKEN_SETREGID)
717 ;;
718 *-sni-sysv*)
719 # /usr/ucblib MUST NOT be searched on ReliantUNIX
720 AC_CHECK_LIB(dl, dlsym, ,)
721 # -lresolv needs to be at the end of LIBS or DNS lookups break
722 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
723 IPADDR_IN_DISPLAY=yes
724 AC_DEFINE(USE_PIPES)
725 AC_DEFINE(IP_TOS_IS_BROKEN)
726 AC_DEFINE(SETEUID_BREAKS_SETUID)
727 AC_DEFINE(BROKEN_SETREUID)
728 AC_DEFINE(BROKEN_SETREGID)
729 AC_DEFINE(SSHD_ACQUIRES_CTTY)
730 external_path_file=/etc/default/login
731 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
732 # Attention: always take care to bind libsocket and libnsl before libc,
733 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
734 ;;
735 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
736 *-*-sysv4.2*)
737 AC_DEFINE(USE_PIPES)
738 AC_DEFINE(SETEUID_BREAKS_SETUID)
739 AC_DEFINE(BROKEN_SETREUID)
740 AC_DEFINE(BROKEN_SETREGID)
741 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
742 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
743 ;;
744 # UnixWare 7.x, OpenUNIX 8
745 *-*-sysv5*)
746 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
747 AC_DEFINE(USE_PIPES)
748 AC_DEFINE(SETEUID_BREAKS_SETUID)
749 AC_DEFINE(BROKEN_SETREUID)
750 AC_DEFINE(BROKEN_SETREGID)
751 AC_DEFINE(PASSWD_NEEDS_USERNAME)
752 case "$host" in
753 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
754 TEST_SHELL=/u95/bin/sh
755 AC_DEFINE(BROKEN_LIBIAF, 1,
756 [ia_uinfo routines not supported by OS yet])
757 AC_DEFINE(BROKEN_UPDWTMPX)
758 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
759 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
760 AC_DEFINE(HAVE_SECUREWARE)
761 AC_DEFINE(DISABLE_SHADOW)
762 ],,)
763 ;;
764 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
765 check_for_libcrypt_later=1
766 ;;
767 esac
768 ;;
769 *-*-sysv*)
770 ;;
771 # SCO UNIX and OEM versions of SCO UNIX
772 *-*-sco3.2v4*)
773 AC_MSG_ERROR("This Platform is no longer supported.")
774 ;;
775 # SCO OpenServer 5.x
776 *-*-sco3.2v5*)
777 if test -z "$GCC"; then
778 CFLAGS="$CFLAGS -belf"
779 fi
780 LIBS="$LIBS -lprot -lx -ltinfo -lm"
781 no_dev_ptmx=1
782 AC_DEFINE(USE_PIPES)
783 AC_DEFINE(HAVE_SECUREWARE)
784 AC_DEFINE(DISABLE_SHADOW)
785 AC_DEFINE(DISABLE_FD_PASSING)
786 AC_DEFINE(SETEUID_BREAKS_SETUID)
787 AC_DEFINE(BROKEN_SETREUID)
788 AC_DEFINE(BROKEN_SETREGID)
789 AC_DEFINE(WITH_ABBREV_NO_TTY)
790 AC_DEFINE(BROKEN_UPDWTMPX)
791 AC_DEFINE(PASSWD_NEEDS_USERNAME)
792 AC_CHECK_FUNCS(getluid setluid)
793 MANTYPE=man
794 TEST_SHELL=ksh
795 ;;
796 *-*-unicosmk*)
797 AC_DEFINE(NO_SSH_LASTLOG, 1,
798 [Define if you don't want to use lastlog in session.c])
799 AC_DEFINE(SETEUID_BREAKS_SETUID)
800 AC_DEFINE(BROKEN_SETREUID)
801 AC_DEFINE(BROKEN_SETREGID)
802 AC_DEFINE(USE_PIPES)
803 AC_DEFINE(DISABLE_FD_PASSING)
804 LDFLAGS="$LDFLAGS"
805 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
806 MANTYPE=cat
807 ;;
808 *-*-unicosmp*)
809 AC_DEFINE(SETEUID_BREAKS_SETUID)
810 AC_DEFINE(BROKEN_SETREUID)
811 AC_DEFINE(BROKEN_SETREGID)
812 AC_DEFINE(WITH_ABBREV_NO_TTY)
813 AC_DEFINE(USE_PIPES)
814 AC_DEFINE(DISABLE_FD_PASSING)
815 LDFLAGS="$LDFLAGS"
816 LIBS="$LIBS -lgen -lacid -ldb"
817 MANTYPE=cat
818 ;;
819 *-*-unicos*)
820 AC_DEFINE(SETEUID_BREAKS_SETUID)
821 AC_DEFINE(BROKEN_SETREUID)
822 AC_DEFINE(BROKEN_SETREGID)
823 AC_DEFINE(USE_PIPES)
824 AC_DEFINE(DISABLE_FD_PASSING)
825 AC_DEFINE(NO_SSH_LASTLOG)
826 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
827 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
828 MANTYPE=cat
829 ;;
830 *-dec-osf*)
831 AC_MSG_CHECKING(for Digital Unix SIA)
832 no_osfsia=""
833 AC_ARG_WITH(osfsia,
834 [ --with-osfsia Enable Digital Unix SIA],
835 [
836 if test "x$withval" = "xno" ; then
837 AC_MSG_RESULT(disabled)
838 no_osfsia=1
839 fi
840 ],
841 )
842 if test -z "$no_osfsia" ; then
843 if test -f /etc/sia/matrix.conf; then
844 AC_MSG_RESULT(yes)
845 AC_DEFINE(HAVE_OSF_SIA, 1,
846 [Define if you have Digital Unix Security
847 Integration Architecture])
848 AC_DEFINE(DISABLE_LOGIN, 1,
849 [Define if you don't want to use your
850 system's login() call])
851 AC_DEFINE(DISABLE_FD_PASSING)
852 LIBS="$LIBS -lsecurity -ldb -lm -laud"
853 SIA_MSG="yes"
854 else
855 AC_MSG_RESULT(no)
856 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
857 [String used in /etc/passwd to denote locked account])
858 fi
859 fi
860 AC_DEFINE(BROKEN_GETADDRINFO)
861 AC_DEFINE(SETEUID_BREAKS_SETUID)
862 AC_DEFINE(BROKEN_SETREUID)
863 AC_DEFINE(BROKEN_SETREGID)
864 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
865 ;;
867 *-*-nto-qnx*)
868 AC_DEFINE(USE_PIPES)
869 AC_DEFINE(NO_X11_UNIX_SOCKETS)
870 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
871 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
872 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
873 AC_DEFINE(DISABLE_LASTLOG)
874 AC_DEFINE(SSHD_ACQUIRES_CTTY)
875 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
876 enable_etc_default_login=no # has incompatible /etc/default/login
877 case "$host" in
878 *-*-nto-qnx6*)
879 AC_DEFINE(DISABLE_FD_PASSING)
880 ;;
881 esac
882 ;;
884 *-*-ultrix*)
885 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
886 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
887 AC_DEFINE(NEED_SETPGRP)
888 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
889 ;;
891 *-*-lynxos)
892 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
893 AC_DEFINE(MISSING_HOWMANY)
894 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
895 ;;
896 esac
898 AC_MSG_CHECKING(compiler and flags for sanity)
899 AC_RUN_IFELSE(
900 [AC_LANG_SOURCE([
901 #include <stdio.h>
902 int main(){exit(0);}
903 ])],
904 [ AC_MSG_RESULT(yes) ],
905 [
906 AC_MSG_RESULT(no)
907 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
908 ],
909 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
910 )
912 dnl Checks for header files.
913 # Checks for libraries.
914 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
915 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
917 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
918 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
919 AC_CHECK_LIB(gen, dirname,[
920 AC_CACHE_CHECK([for broken dirname],
921 ac_cv_have_broken_dirname, [
922 save_LIBS="$LIBS"
923 LIBS="$LIBS -lgen"
924 AC_RUN_IFELSE(
925 [AC_LANG_SOURCE([[
926 #include <libgen.h>
927 #include <string.h>
929 int main(int argc, char **argv) {
930 char *s, buf[32];
932 strncpy(buf,"/etc", 32);
933 s = dirname(buf);
934 if (!s || strncmp(s, "/", 32) != 0) {
935 exit(1);
936 } else {
937 exit(0);
938 }
939 }
940 ]])],
941 [ ac_cv_have_broken_dirname="no" ],
942 [ ac_cv_have_broken_dirname="yes" ],
943 [ ac_cv_have_broken_dirname="no" ],
944 )
945 LIBS="$save_LIBS"
946 ])
947 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
948 LIBS="$LIBS -lgen"
949 AC_DEFINE(HAVE_DIRNAME)
950 AC_CHECK_HEADERS(libgen.h)
951 fi
952 ])
953 ])
955 AC_CHECK_FUNC(getspnam, ,
956 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
957 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
958 [Define if you have the basename function.]))
960 dnl zlib is required
961 AC_ARG_WITH(zlib,
962 [ --with-zlib=PATH Use zlib in PATH],
963 [ if test "x$withval" = "xno" ; then
964 AC_MSG_ERROR([*** zlib is required ***])
965 elif test "x$withval" != "xyes"; then
966 if test -d "$withval/lib"; then
967 if test -n "${need_dash_r}"; then
968 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
969 else
970 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
971 fi
972 else
973 if test -n "${need_dash_r}"; then
974 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
975 else
976 LDFLAGS="-L${withval} ${LDFLAGS}"
977 fi
978 fi
979 if test -d "$withval/include"; then
980 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
981 else
982 CPPFLAGS="-I${withval} ${CPPFLAGS}"
983 fi
984 fi ]
985 )
987 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
988 AC_CHECK_LIB(z, deflate, ,
989 [
990 saved_CPPFLAGS="$CPPFLAGS"
991 saved_LDFLAGS="$LDFLAGS"
992 save_LIBS="$LIBS"
993 dnl Check default zlib install dir
994 if test -n "${need_dash_r}"; then
995 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
996 else
997 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
998 fi
999 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1000 LIBS="$LIBS -lz"
1001 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1002 [
1003 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1004 ]
1005 )
1006 ]
1007 )
1009 AC_ARG_WITH(zlib-version-check,
1010 [ --without-zlib-version-check Disable zlib version check],
1011 [ if test "x$withval" = "xno" ; then
1012 zlib_check_nonfatal=1
1013 fi
1014 ]
1015 )
1017 AC_MSG_CHECKING(for possibly buggy zlib)
1018 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1019 #include <stdio.h>
1020 #include <zlib.h>
1021 int main()
1022 {
1023 int a=0, b=0, c=0, d=0, n, v;
1024 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1025 if (n != 3 && n != 4)
1026 exit(1);
1027 v = a*1000000 + b*10000 + c*100 + d;
1028 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1030 /* 1.1.4 is OK */
1031 if (a == 1 && b == 1 && c >= 4)
1032 exit(0);
1034 /* 1.2.3 and up are OK */
1035 if (v >= 1020300)
1036 exit(0);
1038 exit(2);
1039 }
1040 ]])],
1041 AC_MSG_RESULT(no),
1042 [ AC_MSG_RESULT(yes)
1043 if test -z "$zlib_check_nonfatal" ; then
1044 AC_MSG_ERROR([*** zlib too old - check config.log ***
1045 Your reported zlib version has known security problems. It's possible your
1046 vendor has fixed these problems without changing the version number. If you
1047 are sure this is the case, you can disable the check by running
1048 "./configure --without-zlib-version-check".
1049 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1050 See http://www.gzip.org/zlib/ for details.])
1051 else
1052 AC_MSG_WARN([zlib version may have security problems])
1053 fi
1054 ],
1055 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1056 )
1058 dnl UnixWare 2.x
1059 AC_CHECK_FUNC(strcasecmp,
1060 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1061 )
1062 AC_CHECK_FUNCS(utimes,
1063 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1064 LIBS="$LIBS -lc89"]) ]
1065 )
1067 dnl Checks for libutil functions
1068 AC_CHECK_HEADERS(libutil.h)
1069 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1070 [Define if your libraries define login()])])
1071 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1073 AC_FUNC_STRFTIME
1075 # Check for ALTDIRFUNC glob() extension
1076 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1077 AC_EGREP_CPP(FOUNDIT,
1078 [
1079 #include <glob.h>
1080 #ifdef GLOB_ALTDIRFUNC
1081 FOUNDIT
1082 #endif
1083 ],
1084 [
1085 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1086 [Define if your system glob() function has
1087 the GLOB_ALTDIRFUNC extension])
1088 AC_MSG_RESULT(yes)
1089 ],
1090 [
1091 AC_MSG_RESULT(no)
1092 ]
1093 )
1095 # Check for g.gl_matchc glob() extension
1096 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1097 AC_TRY_COMPILE(
1098 [ #include <glob.h> ],
1099 [glob_t g; g.gl_matchc = 1;],
1100 [
1101 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1102 [Define if your system glob() function has
1103 gl_matchc options in glob_t])
1104 AC_MSG_RESULT(yes)
1105 ],
1106 [
1107 AC_MSG_RESULT(no)
1108 ]
1109 )
1111 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1113 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1114 AC_RUN_IFELSE(
1115 [AC_LANG_SOURCE([[
1116 #include <sys/types.h>
1117 #include <dirent.h>
1118 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1119 ]])],
1120 [AC_MSG_RESULT(yes)],
1121 [
1122 AC_MSG_RESULT(no)
1123 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1124 [Define if your struct dirent expects you to
1125 allocate extra space for d_name])
1126 ],
1127 [
1128 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1129 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1130 ]
1131 )
1133 AC_MSG_CHECKING([for /proc/pid/fd directory])
1134 if test -d "/proc/$$/fd" ; then
1135 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1136 AC_MSG_RESULT(yes)
1137 else
1138 AC_MSG_RESULT(no)
1139 fi
1141 # Check whether user wants S/Key support
1142 SKEY_MSG="no"
1143 AC_ARG_WITH(skey,
1144 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1145 [
1146 if test "x$withval" != "xno" ; then
1148 if test "x$withval" != "xyes" ; then
1149 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1150 LDFLAGS="$LDFLAGS -L${withval}/lib"
1151 fi
1153 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1154 LIBS="-lskey $LIBS"
1155 SKEY_MSG="yes"
1157 AC_MSG_CHECKING([for s/key support])
1158 AC_LINK_IFELSE(
1159 [AC_LANG_SOURCE([[
1160 #include <stdio.h>
1161 #include <skey.h>
1162 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1163 ]])],
1164 [AC_MSG_RESULT(yes)],
1165 [
1166 AC_MSG_RESULT(no)
1167 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1168 ])
1169 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1170 AC_TRY_COMPILE(
1171 [#include <stdio.h>
1172 #include <skey.h>],
1173 [(void)skeychallenge(NULL,"name","",0);],
1174 [AC_MSG_RESULT(yes)
1175 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1176 [Define if your skeychallenge()
1177 function takes 4 arguments (NetBSD)])],
1178 [AC_MSG_RESULT(no)]
1179 )
1180 fi
1181 ]
1182 )
1184 # Check whether user wants TCP wrappers support
1185 TCPW_MSG="no"
1186 AC_ARG_WITH(tcp-wrappers,
1187 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1188 [
1189 if test "x$withval" != "xno" ; then
1190 saved_LIBS="$LIBS"
1191 saved_LDFLAGS="$LDFLAGS"
1192 saved_CPPFLAGS="$CPPFLAGS"
1193 if test -n "${withval}" && \
1194 test "x${withval}" != "xyes"; then
1195 if test -d "${withval}/lib"; then
1196 if test -n "${need_dash_r}"; then
1197 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1198 else
1199 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1200 fi
1201 else
1202 if test -n "${need_dash_r}"; then
1203 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1204 else
1205 LDFLAGS="-L${withval} ${LDFLAGS}"
1206 fi
1207 fi
1208 if test -d "${withval}/include"; then
1209 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1210 else
1211 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1212 fi
1213 fi
1214 LIBS="-lwrap $LIBS"
1215 AC_MSG_CHECKING(for libwrap)
1216 AC_TRY_LINK(
1217 [
1218 #include <sys/types.h>
1219 #include <sys/socket.h>
1220 #include <netinet/in.h>
1221 #include <tcpd.h>
1222 int deny_severity = 0, allow_severity = 0;
1223 ],
1224 [hosts_access(0);],
1225 [
1226 AC_MSG_RESULT(yes)
1227 AC_DEFINE(LIBWRAP, 1,
1228 [Define if you want
1229 TCP Wrappers support])
1230 SSHDLIBS="$SSHDLIBS -lwrap"
1231 TCPW_MSG="yes"
1232 ],
1233 [
1234 AC_MSG_ERROR([*** libwrap missing])
1235 ]
1236 )
1237 LIBS="$saved_LIBS"
1238 fi
1239 ]
1240 )
1242 # Check whether user wants libedit support
1243 LIBEDIT_MSG="no"
1244 AC_ARG_WITH(libedit,
1245 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1246 [ if test "x$withval" != "xno" ; then
1247 if test "x$withval" != "xyes"; then
1248 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1249 if test -n "${need_dash_r}"; then
1250 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1251 else
1252 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1253 fi
1254 fi
1255 AC_CHECK_LIB(edit, el_init,
1256 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1257 LIBEDIT="-ledit -lcurses"
1258 LIBEDIT_MSG="yes"
1259 AC_SUBST(LIBEDIT)
1260 ],
1261 [ AC_MSG_ERROR(libedit not found) ],
1262 [ -lcurses ]
1263 )
1264 AC_MSG_CHECKING(if libedit version is compatible)
1265 AC_COMPILE_IFELSE(
1266 [AC_LANG_SOURCE([[
1267 #include <histedit.h>
1268 int main(void)
1269 {
1270 int i = H_SETSIZE;
1271 el_init("", NULL, NULL, NULL);
1272 exit(0);
1273 }
1274 ]])],
1275 [ AC_MSG_RESULT(yes) ],
1276 [ AC_MSG_RESULT(no)
1277 AC_MSG_ERROR(libedit version is not compatible) ]
1278 )
1279 fi ]
1280 )
1282 AUDIT_MODULE=none
1283 AC_ARG_WITH(audit,
1284 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1285 [
1286 AC_MSG_CHECKING(for supported audit module)
1287 case "$withval" in
1288 bsm)
1289 AC_MSG_RESULT(bsm)
1290 AUDIT_MODULE=bsm
1291 dnl Checks for headers, libs and functions
1292 AC_CHECK_HEADERS(bsm/audit.h, [],
1293 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1294 [
1295 #ifdef HAVE_TIME_H
1296 # include <time.h>
1297 #endif
1298 ]
1299 )
1300 AC_CHECK_LIB(bsm, getaudit, [],
1301 [AC_MSG_ERROR(BSM enabled and required library not found)])
1302 AC_CHECK_FUNCS(getaudit, [],
1303 [AC_MSG_ERROR(BSM enabled and required function not found)])
1304 # These are optional
1305 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1306 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1307 ;;
1308 debug)
1309 AUDIT_MODULE=debug
1310 AC_MSG_RESULT(debug)
1311 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1312 ;;
1313 no)
1314 AC_MSG_RESULT(no)
1315 ;;
1316 *)
1317 AC_MSG_ERROR([Unknown audit module $withval])
1318 ;;
1319 esac ]
1320 )
1322 dnl Checks for library functions. Please keep in alphabetical order
1323 AC_CHECK_FUNCS( \
1324 arc4random \
1325 arc4random_buf \
1326 arc4random_uniform \
1327 asprintf \
1328 b64_ntop \
1329 __b64_ntop \
1330 b64_pton \
1331 __b64_pton \
1332 bcopy \
1333 bindresvport_sa \
1334 clock \
1335 closefrom \
1336 dirfd \
1337 fchmod \
1338 fchown \
1339 freeaddrinfo \
1340 fstatvfs \
1341 futimes \
1342 getaddrinfo \
1343 getcwd \
1344 getgrouplist \
1345 getnameinfo \
1346 getopt \
1347 getpeereid \
1348 getpeerucred \
1349 _getpty \
1350 getrlimit \
1351 getttyent \
1352 glob \
1353 inet_aton \
1354 inet_ntoa \
1355 inet_ntop \
1356 innetgr \
1357 login_getcapbool \
1358 md5_crypt \
1359 memmove \
1360 mkdtemp \
1361 mmap \
1362 ngetaddrinfo \
1363 nsleep \
1364 ogetaddrinfo \
1365 openlog_r \
1366 openpty \
1367 poll \
1368 prctl \
1369 pstat \
1370 readpassphrase \
1371 realpath \
1372 recvmsg \
1373 rresvport_af \
1374 sendmsg \
1375 setdtablesize \
1376 setegid \
1377 setenv \
1378 seteuid \
1379 setgroups \
1380 setlogin \
1381 setpcred \
1382 setproctitle \
1383 setregid \
1384 setreuid \
1385 setrlimit \
1386 setsid \
1387 setvbuf \
1388 sigaction \
1389 sigvec \
1390 snprintf \
1391 socketpair \
1392 statfs \
1393 statvfs \
1394 strdup \
1395 strerror \
1396 strlcat \
1397 strlcpy \
1398 strmode \
1399 strnvis \
1400 strtonum \
1401 strtoll \
1402 strtoul \
1403 swap32 \
1404 sysconf \
1405 tcgetpgrp \
1406 truncate \
1407 unsetenv \
1408 updwtmpx \
1409 vasprintf \
1410 vhangup \
1411 vsnprintf \
1412 waitpid \
1413 )
1415 # IRIX has a const char return value for gai_strerror()
1416 AC_CHECK_FUNCS(gai_strerror,[
1417 AC_DEFINE(HAVE_GAI_STRERROR)
1418 AC_TRY_COMPILE([
1419 #include <sys/types.h>
1420 #include <sys/socket.h>
1421 #include <netdb.h>
1423 const char *gai_strerror(int);],[
1424 char *str;
1426 str = gai_strerror(0);],[
1427 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1428 [Define if gai_strerror() returns const char *])])])
1430 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1431 [Some systems put nanosleep outside of libc]))
1433 dnl Make sure prototypes are defined for these before using them.
1434 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1435 AC_CHECK_DECL(strsep,
1436 [AC_CHECK_FUNCS(strsep)],
1437 [],
1438 [
1439 #ifdef HAVE_STRING_H
1440 # include <string.h>
1441 #endif
1442 ])
1444 dnl tcsendbreak might be a macro
1445 AC_CHECK_DECL(tcsendbreak,
1446 [AC_DEFINE(HAVE_TCSENDBREAK)],
1447 [AC_CHECK_FUNCS(tcsendbreak)],
1448 [#include <termios.h>]
1449 )
1451 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1453 AC_CHECK_DECLS(SHUT_RD, , ,
1454 [
1455 #include <sys/types.h>
1456 #include <sys/socket.h>
1457 ])
1459 AC_CHECK_DECLS(O_NONBLOCK, , ,
1460 [
1461 #include <sys/types.h>
1462 #ifdef HAVE_SYS_STAT_H
1463 # include <sys/stat.h>
1464 #endif
1465 #ifdef HAVE_FCNTL_H
1466 # include <fcntl.h>
1467 #endif
1468 ])
1470 AC_CHECK_DECLS(writev, , , [
1471 #include <sys/types.h>
1472 #include <sys/uio.h>
1473 #include <unistd.h>
1474 ])
1476 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1477 #include <sys/param.h>
1478 ])
1480 AC_CHECK_DECLS(offsetof, , , [
1481 #include <stddef.h>
1482 ])
1484 AC_CHECK_FUNCS(setresuid, [
1485 dnl Some platorms have setresuid that isn't implemented, test for this
1486 AC_MSG_CHECKING(if setresuid seems to work)
1487 AC_RUN_IFELSE(
1488 [AC_LANG_SOURCE([[
1489 #include <stdlib.h>
1490 #include <errno.h>
1491 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1492 ]])],
1493 [AC_MSG_RESULT(yes)],
1494 [AC_DEFINE(BROKEN_SETRESUID, 1,
1495 [Define if your setresuid() is broken])
1496 AC_MSG_RESULT(not implemented)],
1497 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1498 )
1499 ])
1501 AC_CHECK_FUNCS(setresgid, [
1502 dnl Some platorms have setresgid that isn't implemented, test for this
1503 AC_MSG_CHECKING(if setresgid seems to work)
1504 AC_RUN_IFELSE(
1505 [AC_LANG_SOURCE([[
1506 #include <stdlib.h>
1507 #include <errno.h>
1508 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1509 ]])],
1510 [AC_MSG_RESULT(yes)],
1511 [AC_DEFINE(BROKEN_SETRESGID, 1,
1512 [Define if your setresgid() is broken])
1513 AC_MSG_RESULT(not implemented)],
1514 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1515 )
1516 ])
1518 dnl Checks for time functions
1519 AC_CHECK_FUNCS(gettimeofday time)
1520 dnl Checks for utmp functions
1521 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1522 AC_CHECK_FUNCS(utmpname)
1523 dnl Checks for utmpx functions
1524 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1525 AC_CHECK_FUNCS(setutxent utmpxname)
1526 dnl Checks for lastlog functions
1527 AC_CHECK_FUNCS(getlastlogxbyname)
1529 AC_CHECK_FUNC(daemon,
1530 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1531 [AC_CHECK_LIB(bsd, daemon,
1532 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1533 )
1535 AC_CHECK_FUNC(getpagesize,
1536 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1537 [Define if your libraries define getpagesize()])],
1538 [AC_CHECK_LIB(ucb, getpagesize,
1539 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1540 )
1542 # Check for broken snprintf
1543 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1544 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1545 AC_RUN_IFELSE(
1546 [AC_LANG_SOURCE([[
1547 #include <stdio.h>
1548 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1549 ]])],
1550 [AC_MSG_RESULT(yes)],
1551 [
1552 AC_MSG_RESULT(no)
1553 AC_DEFINE(BROKEN_SNPRINTF, 1,
1554 [Define if your snprintf is busted])
1555 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1556 ],
1557 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1558 )
1559 fi
1561 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1562 # returning the right thing on overflow: the number of characters it tried to
1563 # create (as per SUSv3)
1564 if test "x$ac_cv_func_asprintf" != "xyes" && \
1565 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1566 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1567 AC_RUN_IFELSE(
1568 [AC_LANG_SOURCE([[
1569 #include <sys/types.h>
1570 #include <stdio.h>
1571 #include <stdarg.h>
1573 int x_snprintf(char *str,size_t count,const char *fmt,...)
1574 {
1575 size_t ret; va_list ap;
1576 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1577 return ret;
1578 }
1579 int main(void)
1580 {
1581 char x[1];
1582 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1583 } ]])],
1584 [AC_MSG_RESULT(yes)],
1585 [
1586 AC_MSG_RESULT(no)
1587 AC_DEFINE(BROKEN_SNPRINTF, 1,
1588 [Define if your snprintf is busted])
1589 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1590 ],
1591 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1592 )
1593 fi
1595 # On systems where [v]snprintf is broken, but is declared in stdio,
1596 # check that the fmt argument is const char * or just char *.
1597 # This is only useful for when BROKEN_SNPRINTF
1598 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1599 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1600 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1601 int main(void) { snprintf(0, 0, 0); }
1602 ]])],
1603 [AC_MSG_RESULT(yes)
1604 AC_DEFINE(SNPRINTF_CONST, [const],
1605 [Define as const if snprintf() can declare const char *fmt])],
1606 [AC_MSG_RESULT(no)
1607 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1609 # Check for missing getpeereid (or equiv) support
1610 NO_PEERCHECK=""
1611 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1612 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1613 AC_TRY_COMPILE(
1614 [#include <sys/types.h>
1615 #include <sys/socket.h>],
1616 [int i = SO_PEERCRED;],
1617 [ AC_MSG_RESULT(yes)
1618 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1619 ],
1620 [AC_MSG_RESULT(no)
1621 NO_PEERCHECK=1]
1622 )
1623 fi
1625 dnl see whether mkstemp() requires XXXXXX
1626 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1627 AC_MSG_CHECKING([for (overly) strict mkstemp])
1628 AC_RUN_IFELSE(
1629 [AC_LANG_SOURCE([[
1630 #include <stdlib.h>
1631 main() { char template[]="conftest.mkstemp-test";
1632 if (mkstemp(template) == -1)
1633 exit(1);
1634 unlink(template); exit(0);
1635 }
1636 ]])],
1637 [
1638 AC_MSG_RESULT(no)
1639 ],
1640 [
1641 AC_MSG_RESULT(yes)
1642 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1643 ],
1644 [
1645 AC_MSG_RESULT(yes)
1646 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1647 ]
1648 )
1649 fi
1651 dnl make sure that openpty does not reacquire controlling terminal
1652 if test ! -z "$check_for_openpty_ctty_bug"; then
1653 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1654 AC_RUN_IFELSE(
1655 [AC_LANG_SOURCE([[
1656 #include <stdio.h>
1657 #include <sys/fcntl.h>
1658 #include <sys/types.h>
1659 #include <sys/wait.h>
1661 int
1662 main()
1663 {
1664 pid_t pid;
1665 int fd, ptyfd, ttyfd, status;
1667 pid = fork();
1668 if (pid < 0) { /* failed */
1669 exit(1);
1670 } else if (pid > 0) { /* parent */
1671 waitpid(pid, &status, 0);
1672 if (WIFEXITED(status))
1673 exit(WEXITSTATUS(status));
1674 else
1675 exit(2);
1676 } else { /* child */
1677 close(0); close(1); close(2);
1678 setsid();
1679 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1680 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1681 if (fd >= 0)
1682 exit(3); /* Acquired ctty: broken */
1683 else
1684 exit(0); /* Did not acquire ctty: OK */
1685 }
1686 }
1687 ]])],
1688 [
1689 AC_MSG_RESULT(yes)
1690 ],
1691 [
1692 AC_MSG_RESULT(no)
1693 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1694 ],
1695 [
1696 AC_MSG_RESULT(cross-compiling, assuming yes)
1697 ]
1698 )
1699 fi
1701 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1702 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1703 AC_MSG_CHECKING(if getaddrinfo seems to work)
1704 AC_RUN_IFELSE(
1705 [AC_LANG_SOURCE([[
1706 #include <stdio.h>
1707 #include <sys/socket.h>
1708 #include <netdb.h>
1709 #include <errno.h>
1710 #include <netinet/in.h>
1712 #define TEST_PORT "2222"
1714 int
1715 main(void)
1716 {
1717 int err, sock;
1718 struct addrinfo *gai_ai, *ai, hints;
1719 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1721 memset(&hints, 0, sizeof(hints));
1722 hints.ai_family = PF_UNSPEC;
1723 hints.ai_socktype = SOCK_STREAM;
1724 hints.ai_flags = AI_PASSIVE;
1726 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1727 if (err != 0) {
1728 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1729 exit(1);
1730 }
1732 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1733 if (ai->ai_family != AF_INET6)
1734 continue;
1736 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1737 sizeof(ntop), strport, sizeof(strport),
1738 NI_NUMERICHOST|NI_NUMERICSERV);
1740 if (err != 0) {
1741 if (err == EAI_SYSTEM)
1742 perror("getnameinfo EAI_SYSTEM");
1743 else
1744 fprintf(stderr, "getnameinfo failed: %s\n",
1745 gai_strerror(err));
1746 exit(2);
1747 }
1749 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1750 if (sock < 0)
1751 perror("socket");
1752 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1753 if (errno == EBADF)
1754 exit(3);
1755 }
1756 }
1757 exit(0);
1758 }
1759 ]])],
1760 [
1761 AC_MSG_RESULT(yes)
1762 ],
1763 [
1764 AC_MSG_RESULT(no)
1765 AC_DEFINE(BROKEN_GETADDRINFO)
1766 ],
1767 [
1768 AC_MSG_RESULT(cross-compiling, assuming yes)
1769 ]
1770 )
1771 fi
1773 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1774 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1775 AC_MSG_CHECKING(if getaddrinfo seems to work)
1776 AC_RUN_IFELSE(
1777 [AC_LANG_SOURCE([[
1778 #include <stdio.h>
1779 #include <sys/socket.h>
1780 #include <netdb.h>
1781 #include <errno.h>
1782 #include <netinet/in.h>
1784 #define TEST_PORT "2222"
1786 int
1787 main(void)
1788 {
1789 int err, sock;
1790 struct addrinfo *gai_ai, *ai, hints;
1791 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1793 memset(&hints, 0, sizeof(hints));
1794 hints.ai_family = PF_UNSPEC;
1795 hints.ai_socktype = SOCK_STREAM;
1796 hints.ai_flags = AI_PASSIVE;
1798 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1799 if (err != 0) {
1800 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1801 exit(1);
1802 }
1804 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1805 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1806 continue;
1808 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1809 sizeof(ntop), strport, sizeof(strport),
1810 NI_NUMERICHOST|NI_NUMERICSERV);
1812 if (ai->ai_family == AF_INET && err != 0) {
1813 perror("getnameinfo");
1814 exit(2);
1815 }
1816 }
1817 exit(0);
1818 }
1819 ]])],
1820 [
1821 AC_MSG_RESULT(yes)
1822 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1823 [Define if you have a getaddrinfo that fails
1824 for the all-zeros IPv6 address])
1825 ],
1826 [
1827 AC_MSG_RESULT(no)
1828 AC_DEFINE(BROKEN_GETADDRINFO)
1829 ],
1830 [
1831 AC_MSG_RESULT(cross-compiling, assuming no)
1832 ]
1833 )
1834 fi
1836 if test "x$check_for_conflicting_getspnam" = "x1"; then
1837 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1838 AC_COMPILE_IFELSE(
1839 [
1840 #include <shadow.h>
1841 int main(void) {exit(0);}
1842 ],
1843 [
1844 AC_MSG_RESULT(no)
1845 ],
1846 [
1847 AC_MSG_RESULT(yes)
1848 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1849 [Conflicting defs for getspnam])
1850 ]
1851 )
1852 fi
1854 AC_FUNC_GETPGRP
1856 # Search for OpenSSL
1857 saved_CPPFLAGS="$CPPFLAGS"
1858 saved_LDFLAGS="$LDFLAGS"
1859 AC_ARG_WITH(ssl-dir,
1860 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1861 [
1862 if test "x$withval" != "xno" ; then
1863 case "$withval" in
1864 # Relative paths
1865 ./*|../*) withval="`pwd`/$withval"
1866 esac
1867 if test -d "$withval/lib"; then
1868 if test -n "${need_dash_r}"; then
1869 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1870 else
1871 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1872 fi
1873 else
1874 if test -n "${need_dash_r}"; then
1875 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1876 else
1877 LDFLAGS="-L${withval} ${LDFLAGS}"
1878 fi
1879 fi
1880 if test -d "$withval/include"; then
1881 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1882 else
1883 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1884 fi
1885 fi
1886 ]
1887 )
1888 LIBS="-lcrypto $LIBS"
1889 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1890 [Define if your ssl headers are included
1891 with #include <openssl/header.h>]),
1892 [
1893 dnl Check default openssl install dir
1894 if test -n "${need_dash_r}"; then
1895 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1896 else
1897 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1898 fi
1899 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1900 AC_CHECK_HEADER([openssl/opensslv.h], ,
1901 AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
1902 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1903 [
1904 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1905 ]
1906 )
1907 ]
1908 )
1910 # Determine OpenSSL header version
1911 AC_MSG_CHECKING([OpenSSL header version])
1912 AC_RUN_IFELSE(
1913 [AC_LANG_SOURCE([[
1914 #include <stdio.h>
1915 #include <string.h>
1916 #include <openssl/opensslv.h>
1917 #define DATA "conftest.sslincver"
1918 int main(void) {
1919 FILE *fd;
1920 int rc;
1922 fd = fopen(DATA,"w");
1923 if(fd == NULL)
1924 exit(1);
1926 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1927 exit(1);
1929 exit(0);
1930 }
1931 ]])],
1932 [
1933 ssl_header_ver=`cat conftest.sslincver`
1934 AC_MSG_RESULT($ssl_header_ver)
1935 ],
1936 [
1937 AC_MSG_RESULT(not found)
1938 AC_MSG_ERROR(OpenSSL version header not found.)
1939 ],
1940 [
1941 AC_MSG_WARN([cross compiling: not checking])
1942 ]
1943 )
1945 # Determine OpenSSL library version
1946 AC_MSG_CHECKING([OpenSSL library version])
1947 AC_RUN_IFELSE(
1948 [AC_LANG_SOURCE([[
1949 #include <stdio.h>
1950 #include <string.h>
1951 #include <openssl/opensslv.h>
1952 #include <openssl/crypto.h>
1953 #define DATA "conftest.ssllibver"
1954 int main(void) {
1955 FILE *fd;
1956 int rc;
1958 fd = fopen(DATA,"w");
1959 if(fd == NULL)
1960 exit(1);
1962 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1963 exit(1);
1965 exit(0);
1966 }
1967 ]])],
1968 [
1969 ssl_library_ver=`cat conftest.ssllibver`
1970 AC_MSG_RESULT($ssl_library_ver)
1971 ],
1972 [
1973 AC_MSG_RESULT(not found)
1974 AC_MSG_ERROR(OpenSSL library not found.)
1975 ],
1976 [
1977 AC_MSG_WARN([cross compiling: not checking])
1978 ]
1979 )
1981 AC_ARG_WITH(openssl-header-check,
1982 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1983 [ if test "x$withval" = "xno" ; then
1984 openssl_check_nonfatal=1
1985 fi
1986 ]
1987 )
1989 # Sanity check OpenSSL headers
1990 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1991 AC_RUN_IFELSE(
1992 [AC_LANG_SOURCE([[
1993 #include <string.h>
1994 #include <openssl/opensslv.h>
1995 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1996 ]])],
1997 [
1998 AC_MSG_RESULT(yes)
1999 ],
2000 [
2001 AC_MSG_RESULT(no)
2002 if test "x$openssl_check_nonfatal" = "x"; then
2003 AC_MSG_ERROR([Your OpenSSL headers do not match your
2004 library. Check config.log for details.
2005 If you are sure your installation is consistent, you can disable the check
2006 by running "./configure --without-openssl-header-check".
2007 Also see contrib/findssl.sh for help identifying header/library mismatches.
2008 ])
2009 else
2010 AC_MSG_WARN([Your OpenSSL headers do not match your
2011 library. Check config.log for details.
2012 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2013 fi
2014 ],
2015 [
2016 AC_MSG_WARN([cross compiling: not checking])
2017 ]
2018 )
2020 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2021 AC_LINK_IFELSE(
2022 [AC_LANG_SOURCE([[
2023 #include <openssl/evp.h>
2024 int main(void) { SSLeay_add_all_algorithms(); }
2025 ]])],
2026 [
2027 AC_MSG_RESULT(yes)
2028 ],
2029 [
2030 AC_MSG_RESULT(no)
2031 saved_LIBS="$LIBS"
2032 LIBS="$LIBS -ldl"
2033 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2034 AC_LINK_IFELSE(
2035 [AC_LANG_SOURCE([[
2036 #include <openssl/evp.h>
2037 int main(void) { SSLeay_add_all_algorithms(); }
2038 ]])],
2039 [
2040 AC_MSG_RESULT(yes)
2041 ],
2042 [
2043 AC_MSG_RESULT(no)
2044 LIBS="$saved_LIBS"
2045 ]
2046 )
2047 ]
2048 )
2050 AC_ARG_WITH(ssl-engine,
2051 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2052 [ if test "x$withval" != "xno" ; then
2053 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2054 AC_TRY_COMPILE(
2055 [ #include <openssl/engine.h>],
2056 [
2057 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2058 ],
2059 [ AC_MSG_RESULT(yes)
2060 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2061 [Enable OpenSSL engine support])
2062 ],
2063 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2064 )
2065 fi ]
2066 )
2068 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2069 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2070 AC_LINK_IFELSE(
2071 [AC_LANG_SOURCE([[
2072 #include <string.h>
2073 #include <openssl/evp.h>
2074 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2075 ]])],
2076 [
2077 AC_MSG_RESULT(no)
2078 ],
2079 [
2080 AC_MSG_RESULT(yes)
2081 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2082 [libcrypto is missing AES 192 and 256 bit functions])
2083 ]
2084 )
2086 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2087 AC_LINK_IFELSE(
2088 [AC_LANG_SOURCE([[
2089 #include <string.h>
2090 #include <openssl/evp.h>
2091 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2092 ]])],
2093 [
2094 AC_MSG_RESULT(yes)
2095 ],
2096 [
2097 AC_MSG_RESULT(no)
2098 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2099 [Define if EVP_DigestUpdate returns void])
2100 ]
2101 )
2103 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2104 # because the system crypt() is more featureful.
2105 if test "x$check_for_libcrypt_before" = "x1"; then
2106 AC_CHECK_LIB(crypt, crypt)
2107 fi
2109 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2110 # version in OpenSSL.
2111 if test "x$check_for_libcrypt_later" = "x1"; then
2112 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2113 fi
2115 # Search for SHA256 support in libc and/or OpenSSL
2116 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2118 saved_LIBS="$LIBS"
2119 AC_CHECK_LIB(iaf, ia_openinfo, [
2120 LIBS="$LIBS -liaf"
2121 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2122 AC_DEFINE(HAVE_LIBIAF, 1,
2123 [Define if system has libiaf that supports set_id])
2124 ])
2125 ])
2126 LIBS="$saved_LIBS"
2128 ### Configure cryptographic random number support
2130 # Check wheter OpenSSL seeds itself
2131 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2132 AC_RUN_IFELSE(
2133 [AC_LANG_SOURCE([[
2134 #include <string.h>
2135 #include <openssl/rand.h>
2136 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2137 ]])],
2138 [
2139 OPENSSL_SEEDS_ITSELF=yes
2140 AC_MSG_RESULT(yes)
2141 ],
2142 [
2143 AC_MSG_RESULT(no)
2144 # Default to use of the rand helper if OpenSSL doesn't
2145 # seed itself
2146 USE_RAND_HELPER=yes
2147 ],
2148 [
2149 AC_MSG_WARN([cross compiling: assuming yes])
2150 # This is safe, since all recent OpenSSL versions will
2151 # complain at runtime if not seeded correctly.
2152 OPENSSL_SEEDS_ITSELF=yes
2153 ]
2154 )
2156 # Check for PAM libs
2157 PAM_MSG="no"
2158 AC_ARG_WITH(pam,
2159 [ --with-pam Enable PAM support ],
2160 [
2161 if test "x$withval" != "xno" ; then
2162 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2163 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2164 AC_MSG_ERROR([PAM headers not found])
2165 fi
2167 saved_LIBS="$LIBS"
2168 AC_CHECK_LIB(dl, dlopen, , )
2169 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2170 AC_CHECK_FUNCS(pam_getenvlist)
2171 AC_CHECK_FUNCS(pam_putenv)
2172 LIBS="$saved_LIBS"
2174 PAM_MSG="yes"
2176 SSHDLIBS="$SSHDLIBS -lpam"
2177 AC_DEFINE(USE_PAM, 1,
2178 [Define if you want to enable PAM support])
2180 if test $ac_cv_lib_dl_dlopen = yes; then
2181 case "$LIBS" in
2182 *-ldl*)
2183 # libdl already in LIBS
2184 ;;
2185 *)
2186 SSHDLIBS="$SSHDLIBS -ldl"
2187 ;;
2188 esac
2189 fi
2190 fi
2191 ]
2192 )
2194 # Check for older PAM
2195 if test "x$PAM_MSG" = "xyes" ; then
2196 # Check PAM strerror arguments (old PAM)
2197 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2198 AC_TRY_COMPILE(
2199 [
2200 #include <stdlib.h>
2201 #if defined(HAVE_SECURITY_PAM_APPL_H)
2202 #include <security/pam_appl.h>
2203 #elif defined (HAVE_PAM_PAM_APPL_H)
2204 #include <pam/pam_appl.h>
2205 #endif
2206 ],
2207 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2208 [AC_MSG_RESULT(no)],
2209 [
2210 AC_DEFINE(HAVE_OLD_PAM, 1,
2211 [Define if you have an old version of PAM
2212 which takes only one argument to pam_strerror])
2213 AC_MSG_RESULT(yes)
2214 PAM_MSG="yes (old library)"
2215 ]
2216 )
2217 fi
2219 # Do we want to force the use of the rand helper?
2220 AC_ARG_WITH(rand-helper,
2221 [ --with-rand-helper Use subprocess to gather strong randomness ],
2222 [
2223 if test "x$withval" = "xno" ; then
2224 # Force use of OpenSSL's internal RNG, even if
2225 # the previous test showed it to be unseeded.
2226 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2227 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2228 OPENSSL_SEEDS_ITSELF=yes
2229 USE_RAND_HELPER=""
2230 fi
2231 else
2232 USE_RAND_HELPER=yes
2233 fi
2234 ],
2235 )
2237 # Which randomness source do we use?
2238 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2239 # OpenSSL only
2240 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2241 [Define if you want OpenSSL's internally seeded PRNG only])
2242 RAND_MSG="OpenSSL internal ONLY"
2243 INSTALL_SSH_RAND_HELPER=""
2244 elif test ! -z "$USE_RAND_HELPER" ; then
2245 # install rand helper
2246 RAND_MSG="ssh-rand-helper"
2247 INSTALL_SSH_RAND_HELPER="yes"
2248 fi
2249 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2251 ### Configuration of ssh-rand-helper
2253 # PRNGD TCP socket
2254 AC_ARG_WITH(prngd-port,
2255 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2256 [
2257 case "$withval" in
2258 no)
2259 withval=""
2260 ;;
2261 [[0-9]]*)
2262 ;;
2263 *)
2264 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2265 ;;
2266 esac
2267 if test ! -z "$withval" ; then
2268 PRNGD_PORT="$withval"
2269 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2270 [Port number of PRNGD/EGD random number socket])
2271 fi
2272 ]
2273 )
2275 # PRNGD Unix domain socket
2276 AC_ARG_WITH(prngd-socket,
2277 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2278 [
2279 case "$withval" in
2280 yes)
2281 withval="/var/run/egd-pool"
2282 ;;
2283 no)
2284 withval=""
2285 ;;
2286 /*)
2287 ;;
2288 *)
2289 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2290 ;;
2291 esac
2293 if test ! -z "$withval" ; then
2294 if test ! -z "$PRNGD_PORT" ; then
2295 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2296 fi
2297 if test ! -r "$withval" ; then
2298 AC_MSG_WARN(Entropy socket is not readable)
2299 fi
2300 PRNGD_SOCKET="$withval"
2301 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2302 [Location of PRNGD/EGD random number socket])
2303 fi
2304 ],
2305 [
2306 # Check for existing socket only if we don't have a random device already
2307 if test "$USE_RAND_HELPER" = yes ; then
2308 AC_MSG_CHECKING(for PRNGD/EGD socket)
2309 # Insert other locations here
2310 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2311 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2312 PRNGD_SOCKET="$sock"
2313 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2314 break;
2315 fi
2316 done
2317 if test ! -z "$PRNGD_SOCKET" ; then
2318 AC_MSG_RESULT($PRNGD_SOCKET)
2319 else
2320 AC_MSG_RESULT(not found)
2321 fi
2322 fi
2323 ]
2324 )
2326 # Change default command timeout for hashing entropy source
2327 entropy_timeout=200
2328 AC_ARG_WITH(entropy-timeout,
2329 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2330 [
2331 if test -n "$withval" && test "x$withval" != "xno" && \
2332 test "x${withval}" != "xyes"; then
2333 entropy_timeout=$withval
2334 fi
2335 ]
2336 )
2337 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2338 [Builtin PRNG command timeout])
2340 SSH_PRIVSEP_USER=sshd
2341 AC_ARG_WITH(privsep-user,
2342 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2343 [
2344 if test -n "$withval" && test "x$withval" != "xno" && \
2345 test "x${withval}" != "xyes"; then
2346 SSH_PRIVSEP_USER=$withval
2347 fi
2348 ]
2349 )
2350 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2351 [non-privileged user for privilege separation])
2352 AC_SUBST(SSH_PRIVSEP_USER)
2354 # We do this little dance with the search path to insure
2355 # that programs that we select for use by installed programs
2356 # (which may be run by the super-user) come from trusted
2357 # locations before they come from the user's private area.
2358 # This should help avoid accidentally configuring some
2359 # random version of a program in someone's personal bin.
2361 OPATH=$PATH
2362 PATH=/bin:/usr/bin
2363 test -h /bin 2> /dev/null && PATH=/usr/bin
2364 test -d /sbin && PATH=$PATH:/sbin
2365 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2366 PATH=$PATH:/etc:$OPATH
2368 # These programs are used by the command hashing source to gather entropy
2369 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2370 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2371 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2372 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2373 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2374 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2375 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2376 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2377 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2378 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2379 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2380 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2381 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2382 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2383 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2384 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2385 # restore PATH
2386 PATH=$OPATH
2388 # Where does ssh-rand-helper get its randomness from?
2389 INSTALL_SSH_PRNG_CMDS=""
2390 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2391 if test ! -z "$PRNGD_PORT" ; then
2392 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2393 elif test ! -z "$PRNGD_SOCKET" ; then
2394 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2395 else
2396 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2397 RAND_HELPER_CMDHASH=yes
2398 INSTALL_SSH_PRNG_CMDS="yes"
2399 fi
2400 fi
2401 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2404 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2405 if test ! -z "$SONY" ; then
2406 LIBS="$LIBS -liberty";
2407 fi
2409 # Check for long long datatypes
2410 AC_CHECK_TYPES([long long, unsigned long long, long double])
2412 # Check datatype sizes
2413 AC_CHECK_SIZEOF(char, 1)
2414 AC_CHECK_SIZEOF(short int, 2)
2415 AC_CHECK_SIZEOF(int, 4)
2416 AC_CHECK_SIZEOF(long int, 4)
2417 AC_CHECK_SIZEOF(long long int, 8)
2419 # Sanity check long long for some platforms (AIX)
2420 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2421 ac_cv_sizeof_long_long_int=0
2422 fi
2424 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2425 if test -z "$have_llong_max"; then
2426 AC_MSG_CHECKING([for max value of long long])
2427 AC_RUN_IFELSE(
2428 [AC_LANG_SOURCE([[
2429 #include <stdio.h>
2430 /* Why is this so damn hard? */
2431 #ifdef __GNUC__
2432 # undef __GNUC__
2433 #endif
2434 #define __USE_ISOC99
2435 #include <limits.h>
2436 #define DATA "conftest.llminmax"
2437 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2439 /*
2440 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2441 * we do this the hard way.
2442 */
2443 static int
2444 fprint_ll(FILE *f, long long n)
2445 {
2446 unsigned int i;
2447 int l[sizeof(long long) * 8];
2449 if (n < 0)
2450 if (fprintf(f, "-") < 0)
2451 return -1;
2452 for (i = 0; n != 0; i++) {
2453 l[i] = my_abs(n % 10);
2454 n /= 10;
2455 }
2456 do {
2457 if (fprintf(f, "%d", l[--i]) < 0)
2458 return -1;
2459 } while (i != 0);
2460 if (fprintf(f, " ") < 0)
2461 return -1;
2462 return 0;
2463 }
2465 int main(void) {
2466 FILE *f;
2467 long long i, llmin, llmax = 0;
2469 if((f = fopen(DATA,"w")) == NULL)
2470 exit(1);
2472 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2473 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2474 llmin = LLONG_MIN;
2475 llmax = LLONG_MAX;
2476 #else
2477 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2478 /* This will work on one's complement and two's complement */
2479 for (i = 1; i > llmax; i <<= 1, i++)
2480 llmax = i;
2481 llmin = llmax + 1LL; /* wrap */
2482 #endif
2484 /* Sanity check */
2485 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2486 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2487 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2488 fprintf(f, "unknown unknown\n");
2489 exit(2);
2490 }
2492 if (fprint_ll(f, llmin) < 0)
2493 exit(3);
2494 if (fprint_ll(f, llmax) < 0)
2495 exit(4);
2496 if (fclose(f) < 0)
2497 exit(5);
2498 exit(0);
2499 }
2500 ]])],
2501 [
2502 llong_min=`$AWK '{print $1}' conftest.llminmax`
2503 llong_max=`$AWK '{print $2}' conftest.llminmax`
2505 AC_MSG_RESULT($llong_max)
2506 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2507 [max value of long long calculated by configure])
2508 AC_MSG_CHECKING([for min value of long long])
2509 AC_MSG_RESULT($llong_min)
2510 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2511 [min value of long long calculated by configure])
2512 ],
2513 [
2514 AC_MSG_RESULT(not found)
2515 ],
2516 [
2517 AC_MSG_WARN([cross compiling: not checking])
2518 ]
2519 )
2520 fi
2523 # More checks for data types
2524 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2525 AC_TRY_COMPILE(
2526 [ #include <sys/types.h> ],
2527 [ u_int a; a = 1;],
2528 [ ac_cv_have_u_int="yes" ],
2529 [ ac_cv_have_u_int="no" ]
2530 )
2531 ])
2532 if test "x$ac_cv_have_u_int" = "xyes" ; then
2533 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2534 have_u_int=1
2535 fi
2537 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2538 AC_TRY_COMPILE(
2539 [ #include <sys/types.h> ],
2540 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2541 [ ac_cv_have_intxx_t="yes" ],
2542 [ ac_cv_have_intxx_t="no" ]
2543 )
2544 ])
2545 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2546 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2547 have_intxx_t=1
2548 fi
2550 if (test -z "$have_intxx_t" && \
2551 test "x$ac_cv_header_stdint_h" = "xyes")
2552 then
2553 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2554 AC_TRY_COMPILE(
2555 [ #include <stdint.h> ],
2556 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2557 [
2558 AC_DEFINE(HAVE_INTXX_T)
2559 AC_MSG_RESULT(yes)
2560 ],
2561 [ AC_MSG_RESULT(no) ]
2562 )
2563 fi
2565 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2566 AC_TRY_COMPILE(
2567 [
2568 #include <sys/types.h>
2569 #ifdef HAVE_STDINT_H
2570 # include <stdint.h>
2571 #endif
2572 #include <sys/socket.h>
2573 #ifdef HAVE_SYS_BITYPES_H
2574 # include <sys/bitypes.h>
2575 #endif
2576 ],
2577 [ int64_t a; a = 1;],
2578 [ ac_cv_have_int64_t="yes" ],
2579 [ ac_cv_have_int64_t="no" ]
2580 )
2581 ])
2582 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2583 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2584 fi
2586 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2587 AC_TRY_COMPILE(
2588 [ #include <sys/types.h> ],
2589 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2590 [ ac_cv_have_u_intxx_t="yes" ],
2591 [ ac_cv_have_u_intxx_t="no" ]
2592 )
2593 ])
2594 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2595 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2596 have_u_intxx_t=1
2597 fi
2599 if test -z "$have_u_intxx_t" ; then
2600 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2601 AC_TRY_COMPILE(
2602 [ #include <sys/socket.h> ],
2603 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2604 [
2605 AC_DEFINE(HAVE_U_INTXX_T)
2606 AC_MSG_RESULT(yes)
2607 ],
2608 [ AC_MSG_RESULT(no) ]
2609 )
2610 fi
2612 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2613 AC_TRY_COMPILE(
2614 [ #include <sys/types.h> ],
2615 [ u_int64_t a; a = 1;],
2616 [ ac_cv_have_u_int64_t="yes" ],
2617 [ ac_cv_have_u_int64_t="no" ]
2618 )
2619 ])
2620 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2621 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2622 have_u_int64_t=1
2623 fi
2625 if test -z "$have_u_int64_t" ; then
2626 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2627 AC_TRY_COMPILE(
2628 [ #include <sys/bitypes.h> ],
2629 [ u_int64_t a; a = 1],
2630 [
2631 AC_DEFINE(HAVE_U_INT64_T)
2632 AC_MSG_RESULT(yes)
2633 ],
2634 [ AC_MSG_RESULT(no) ]
2635 )
2636 fi
2638 if test -z "$have_u_intxx_t" ; then
2639 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2640 AC_TRY_COMPILE(
2641 [
2642 #include <sys/types.h>
2643 ],
2644 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2645 [ ac_cv_have_uintxx_t="yes" ],
2646 [ ac_cv_have_uintxx_t="no" ]
2647 )
2648 ])
2649 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2650 AC_DEFINE(HAVE_UINTXX_T, 1,
2651 [define if you have uintxx_t data type])
2652 fi
2653 fi
2655 if test -z "$have_uintxx_t" ; then
2656 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2657 AC_TRY_COMPILE(
2658 [ #include <stdint.h> ],
2659 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2660 [
2661 AC_DEFINE(HAVE_UINTXX_T)
2662 AC_MSG_RESULT(yes)
2663 ],
2664 [ AC_MSG_RESULT(no) ]
2665 )
2666 fi
2668 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2669 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2670 then
2671 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2672 AC_TRY_COMPILE(
2673 [
2674 #include <sys/bitypes.h>
2675 ],
2676 [
2677 int8_t a; int16_t b; int32_t c;
2678 u_int8_t e; u_int16_t f; u_int32_t g;
2679 a = b = c = e = f = g = 1;
2680 ],
2681 [
2682 AC_DEFINE(HAVE_U_INTXX_T)
2683 AC_DEFINE(HAVE_INTXX_T)
2684 AC_MSG_RESULT(yes)
2685 ],
2686 [AC_MSG_RESULT(no)]
2687 )
2688 fi
2691 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2692 AC_TRY_COMPILE(
2693 [
2694 #include <sys/types.h>
2695 ],
2696 [ u_char foo; foo = 125; ],
2697 [ ac_cv_have_u_char="yes" ],
2698 [ ac_cv_have_u_char="no" ]
2699 )
2700 ])
2701 if test "x$ac_cv_have_u_char" = "xyes" ; then
2702 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2703 fi
2705 TYPE_SOCKLEN_T
2707 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2708 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2709 #include <sys/types.h>
2710 #ifdef HAVE_SYS_BITYPES_H
2711 #include <sys/bitypes.h>
2712 #endif
2713 #ifdef HAVE_SYS_STATFS_H
2714 #include <sys/statfs.h>
2715 #endif
2716 #ifdef HAVE_SYS_STATVFS_H
2717 #include <sys/statvfs.h>
2718 #endif
2719 ])
2721 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2722 [#include <sys/types.h>
2723 #include <netinet/in.h>])
2725 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2726 AC_TRY_COMPILE(
2727 [
2728 #include <sys/types.h>
2729 ],
2730 [ size_t foo; foo = 1235; ],
2731 [ ac_cv_have_size_t="yes" ],
2732 [ ac_cv_have_size_t="no" ]
2733 )
2734 ])
2735 if test "x$ac_cv_have_size_t" = "xyes" ; then
2736 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2737 fi
2739 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2740 AC_TRY_COMPILE(
2741 [
2742 #include <sys/types.h>
2743 ],
2744 [ ssize_t foo; foo = 1235; ],
2745 [ ac_cv_have_ssize_t="yes" ],
2746 [ ac_cv_have_ssize_t="no" ]
2747 )
2748 ])
2749 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2750 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2751 fi
2753 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2754 AC_TRY_COMPILE(
2755 [
2756 #include <time.h>
2757 ],
2758 [ clock_t foo; foo = 1235; ],
2759 [ ac_cv_have_clock_t="yes" ],
2760 [ ac_cv_have_clock_t="no" ]
2761 )
2762 ])
2763 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2764 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2765 fi
2767 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2768 AC_TRY_COMPILE(
2769 [
2770 #include <sys/types.h>
2771 #include <sys/socket.h>
2772 ],
2773 [ sa_family_t foo; foo = 1235; ],
2774 [ ac_cv_have_sa_family_t="yes" ],
2775 [ AC_TRY_COMPILE(
2776 [
2777 #include <sys/types.h>
2778 #include <sys/socket.h>
2779 #include <netinet/in.h>
2780 ],
2781 [ sa_family_t foo; foo = 1235; ],
2782 [ ac_cv_have_sa_family_t="yes" ],
2784 [ ac_cv_have_sa_family_t="no" ]
2785 )]
2786 )
2787 ])
2788 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2789 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2790 [define if you have sa_family_t data type])
2791 fi
2793 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2794 AC_TRY_COMPILE(
2795 [
2796 #include <sys/types.h>
2797 ],
2798 [ pid_t foo; foo = 1235; ],
2799 [ ac_cv_have_pid_t="yes" ],
2800 [ ac_cv_have_pid_t="no" ]
2801 )
2802 ])
2803 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2804 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2805 fi
2807 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2808 AC_TRY_COMPILE(
2809 [
2810 #include <sys/types.h>
2811 ],
2812 [ mode_t foo; foo = 1235; ],
2813 [ ac_cv_have_mode_t="yes" ],
2814 [ ac_cv_have_mode_t="no" ]
2815 )
2816 ])
2817 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2818 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2819 fi
2822 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2823 AC_TRY_COMPILE(
2824 [
2825 #include <sys/types.h>
2826 #include <sys/socket.h>
2827 ],
2828 [ struct sockaddr_storage s; ],
2829 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2830 [ ac_cv_have_struct_sockaddr_storage="no" ]
2831 )
2832 ])
2833 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2834 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2835 [define if you have struct sockaddr_storage data type])
2836 fi
2838 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2839 AC_TRY_COMPILE(
2840 [
2841 #include <sys/types.h>
2842 #include <netinet/in.h>
2843 ],
2844 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2845 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2846 [ ac_cv_have_struct_sockaddr_in6="no" ]
2847 )
2848 ])
2849 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2850 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2851 [define if you have struct sockaddr_in6 data type])
2852 fi
2854 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2855 AC_TRY_COMPILE(
2856 [
2857 #include <sys/types.h>
2858 #include <netinet/in.h>
2859 ],
2860 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2861 [ ac_cv_have_struct_in6_addr="yes" ],
2862 [ ac_cv_have_struct_in6_addr="no" ]
2863 )
2864 ])
2865 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2866 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2867 [define if you have struct in6_addr data type])
2869 dnl Now check for sin6_scope_id
2870 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
2871 [
2872 #ifdef HAVE_SYS_TYPES_H
2873 #include <sys/types.h>
2874 #endif
2875 #include <netinet/in.h>
2876 ])
2877 fi
2879 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2880 AC_TRY_COMPILE(
2881 [
2882 #include <sys/types.h>
2883 #include <sys/socket.h>
2884 #include <netdb.h>
2885 ],
2886 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2887 [ ac_cv_have_struct_addrinfo="yes" ],
2888 [ ac_cv_have_struct_addrinfo="no" ]
2889 )
2890 ])
2891 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2892 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2893 [define if you have struct addrinfo data type])
2894 fi
2896 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2897 AC_TRY_COMPILE(
2898 [ #include <sys/time.h> ],
2899 [ struct timeval tv; tv.tv_sec = 1;],
2900 [ ac_cv_have_struct_timeval="yes" ],
2901 [ ac_cv_have_struct_timeval="no" ]
2902 )
2903 ])
2904 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2905 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2906 have_struct_timeval=1
2907 fi
2909 AC_CHECK_TYPES(struct timespec)
2911 # We need int64_t or else certian parts of the compile will fail.
2912 if test "x$ac_cv_have_int64_t" = "xno" && \
2913 test "x$ac_cv_sizeof_long_int" != "x8" && \
2914 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2915 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2916 echo "an alternative compiler (I.E., GCC) before continuing."
2917 echo ""
2918 exit 1;
2919 else
2920 dnl test snprintf (broken on SCO w/gcc)
2921 AC_RUN_IFELSE(
2922 [AC_LANG_SOURCE([[
2923 #include <stdio.h>
2924 #include <string.h>
2925 #ifdef HAVE_SNPRINTF
2926 main()
2927 {
2928 char buf[50];
2929 char expected_out[50];
2930 int mazsize = 50 ;
2931 #if (SIZEOF_LONG_INT == 8)
2932 long int num = 0x7fffffffffffffff;
2933 #else
2934 long long num = 0x7fffffffffffffffll;
2935 #endif
2936 strcpy(expected_out, "9223372036854775807");
2937 snprintf(buf, mazsize, "%lld", num);
2938 if(strcmp(buf, expected_out) != 0)
2939 exit(1);
2940 exit(0);
2941 }
2942 #else
2943 main() { exit(0); }
2944 #endif
2945 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2946 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2947 )
2948 fi
2950 dnl Checks for structure members
2951 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2952 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2953 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2954 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2955 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2956 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2957 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2958 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2959 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2960 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2961 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2962 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2963 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2964 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2965 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2966 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2967 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2969 AC_CHECK_MEMBERS([struct stat.st_blksize])
2970 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2971 [Define if we don't have struct __res_state in resolv.h])],
2972 [
2973 #include <stdio.h>
2974 #if HAVE_SYS_TYPES_H
2975 # include <sys/types.h>
2976 #endif
2977 #include <netinet/in.h>
2978 #include <arpa/nameser.h>
2979 #include <resolv.h>
2980 ])
2982 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2983 ac_cv_have_ss_family_in_struct_ss, [
2984 AC_TRY_COMPILE(
2985 [
2986 #include <sys/types.h>
2987 #include <sys/socket.h>
2988 ],
2989 [ struct sockaddr_storage s; s.ss_family = 1; ],
2990 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2991 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2992 )
2993 ])
2994 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2995 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2996 fi
2998 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2999 ac_cv_have___ss_family_in_struct_ss, [
3000 AC_TRY_COMPILE(
3001 [
3002 #include <sys/types.h>
3003 #include <sys/socket.h>
3004 ],
3005 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3006 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3007 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3008 )
3009 ])
3010 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3011 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3012 [Fields in struct sockaddr_storage])
3013 fi
3015 AC_CACHE_CHECK([for pw_class field in struct passwd],
3016 ac_cv_have_pw_class_in_struct_passwd, [
3017 AC_TRY_COMPILE(
3018 [
3019 #include <pwd.h>
3020 ],
3021 [ struct passwd p; p.pw_class = 0; ],
3022 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3023 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3024 )
3025 ])
3026 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3027 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3028 [Define if your password has a pw_class field])
3029 fi
3031 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3032 ac_cv_have_pw_expire_in_struct_passwd, [
3033 AC_TRY_COMPILE(
3034 [
3035 #include <pwd.h>
3036 ],
3037 [ struct passwd p; p.pw_expire = 0; ],
3038 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3039 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3040 )
3041 ])
3042 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3043 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3044 [Define if your password has a pw_expire field])
3045 fi
3047 AC_CACHE_CHECK([for pw_change field in struct passwd],
3048 ac_cv_have_pw_change_in_struct_passwd, [
3049 AC_TRY_COMPILE(
3050 [
3051 #include <pwd.h>
3052 ],
3053 [ struct passwd p; p.pw_change = 0; ],
3054 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3055 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3056 )
3057 ])
3058 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3059 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3060 [Define if your password has a pw_change field])
3061 fi
3063 dnl make sure we're using the real structure members and not defines
3064 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3065 ac_cv_have_accrights_in_msghdr, [
3066 AC_COMPILE_IFELSE(
3067 [
3068 #include <sys/types.h>
3069 #include <sys/socket.h>
3070 #include <sys/uio.h>
3071 int main() {
3072 #ifdef msg_accrights
3073 #error "msg_accrights is a macro"
3074 exit(1);
3075 #endif
3076 struct msghdr m;
3077 m.msg_accrights = 0;
3078 exit(0);
3079 }
3080 ],
3081 [ ac_cv_have_accrights_in_msghdr="yes" ],
3082 [ ac_cv_have_accrights_in_msghdr="no" ]
3083 )
3084 ])
3085 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3086 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3087 [Define if your system uses access rights style
3088 file descriptor passing])
3089 fi
3091 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3092 AC_TRY_COMPILE([
3093 #include <sys/types.h>
3094 #include <sys/stat.h>
3095 #ifdef HAVE_SYS_TIME_H
3096 # include <sys/time.h>
3097 #endif
3098 #ifdef HAVE_SYS_MOUNT_H
3099 #include <sys/mount.h>
3100 #endif
3101 #ifdef HAVE_SYS_STATVFS_H
3102 #include <sys/statvfs.h>
3103 #endif
3104 ], [struct statvfs s; s.f_fsid = 0;],
3105 [ AC_MSG_RESULT(yes) ],
3106 [ AC_MSG_RESULT(no)
3108 AC_MSG_CHECKING(if fsid_t has member val)
3109 AC_TRY_COMPILE([
3110 #include <sys/types.h>
3111 #include <sys/statvfs.h>],
3112 [fsid_t t; t.val[0] = 0;],
3113 [ AC_MSG_RESULT(yes)
3114 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3115 [ AC_MSG_RESULT(no) ])
3117 AC_MSG_CHECKING(if f_fsid has member __val)
3118 AC_TRY_COMPILE([
3119 #include <sys/types.h>
3120 #include <sys/statvfs.h>],
3121 [fsid_t t; t.__val[0] = 0;],
3122 [ AC_MSG_RESULT(yes)
3123 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3124 [ AC_MSG_RESULT(no) ])
3125 ])
3127 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3128 ac_cv_have_control_in_msghdr, [
3129 AC_COMPILE_IFELSE(
3130 [
3131 #include <sys/types.h>
3132 #include <sys/socket.h>
3133 #include <sys/uio.h>
3134 int main() {
3135 #ifdef msg_control
3136 #error "msg_control is a macro"
3137 exit(1);
3138 #endif
3139 struct msghdr m;
3140 m.msg_control = 0;
3141 exit(0);
3142 }
3143 ],
3144 [ ac_cv_have_control_in_msghdr="yes" ],
3145 [ ac_cv_have_control_in_msghdr="no" ]
3146 )
3147 ])
3148 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3149 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3150 [Define if your system uses ancillary data style
3151 file descriptor passing])
3152 fi
3154 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3155 AC_TRY_LINK([],
3156 [ extern char *__progname; printf("%s", __progname); ],
3157 [ ac_cv_libc_defines___progname="yes" ],
3158 [ ac_cv_libc_defines___progname="no" ]
3159 )
3160 ])
3161 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3162 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3163 fi
3165 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3166 AC_TRY_LINK([
3167 #include <stdio.h>
3168 ],
3169 [ printf("%s", __FUNCTION__); ],
3170 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3171 [ ac_cv_cc_implements___FUNCTION__="no" ]
3172 )
3173 ])
3174 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3175 AC_DEFINE(HAVE___FUNCTION__, 1,
3176 [Define if compiler implements __FUNCTION__])
3177 fi
3179 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3180 AC_TRY_LINK([
3181 #include <stdio.h>
3182 ],
3183 [ printf("%s", __func__); ],
3184 [ ac_cv_cc_implements___func__="yes" ],
3185 [ ac_cv_cc_implements___func__="no" ]
3186 )
3187 ])
3188 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3189 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3190 fi
3192 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3193 AC_TRY_LINK(
3194 [#include <stdarg.h>
3195 va_list x,y;],
3196 [va_copy(x,y);],
3197 [ ac_cv_have_va_copy="yes" ],
3198 [ ac_cv_have_va_copy="no" ]
3199 )
3200 ])
3201 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3202 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3203 fi
3205 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3206 AC_TRY_LINK(
3207 [#include <stdarg.h>
3208 va_list x,y;],
3209 [__va_copy(x,y);],
3210 [ ac_cv_have___va_copy="yes" ],
3211 [ ac_cv_have___va_copy="no" ]
3212 )
3213 ])
3214 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3215 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3216 fi
3218 AC_CACHE_CHECK([whether getopt has optreset support],
3219 ac_cv_have_getopt_optreset, [
3220 AC_TRY_LINK(
3221 [
3222 #include <getopt.h>
3223 ],
3224 [ extern int optreset; optreset = 0; ],
3225 [ ac_cv_have_getopt_optreset="yes" ],
3226 [ ac_cv_have_getopt_optreset="no" ]
3227 )
3228 ])
3229 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3230 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3231 [Define if your getopt(3) defines and uses optreset])
3232 fi
3234 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3235 AC_TRY_LINK([],
3236 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3237 [ ac_cv_libc_defines_sys_errlist="yes" ],
3238 [ ac_cv_libc_defines_sys_errlist="no" ]
3239 )
3240 ])
3241 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3242 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3243 [Define if your system defines sys_errlist[]])
3244 fi
3247 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3248 AC_TRY_LINK([],
3249 [ extern int sys_nerr; printf("%i", sys_nerr);],
3250 [ ac_cv_libc_defines_sys_nerr="yes" ],
3251 [ ac_cv_libc_defines_sys_nerr="no" ]
3252 )
3253 ])
3254 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3255 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3256 fi
3258 SCARD_MSG="no"
3259 # Check whether user wants sectok support
3260 AC_ARG_WITH(sectok,
3261 [ --with-sectok Enable smartcard support using libsectok],
3262 [
3263 if test "x$withval" != "xno" ; then
3264 if test "x$withval" != "xyes" ; then
3265 CPPFLAGS="$CPPFLAGS -I${withval}"
3266 LDFLAGS="$LDFLAGS -L${withval}"
3267 if test ! -z "$need_dash_r" ; then
3268 LDFLAGS="$LDFLAGS -R${withval}"
3269 fi
3270 if test ! -z "$blibpath" ; then
3271 blibpath="$blibpath:${withval}"
3272 fi
3273 fi
3274 AC_CHECK_HEADERS(sectok.h)
3275 if test "$ac_cv_header_sectok_h" != yes; then
3276 AC_MSG_ERROR(Can't find sectok.h)
3277 fi
3278 AC_CHECK_LIB(sectok, sectok_open)
3279 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3280 AC_MSG_ERROR(Can't find libsectok)
3281 fi
3282 AC_DEFINE(SMARTCARD, 1,
3283 [Define if you want smartcard support])
3284 AC_DEFINE(USE_SECTOK, 1,
3285 [Define if you want smartcard support
3286 using sectok])
3287 SCARD_MSG="yes, using sectok"
3288 fi
3289 ]
3290 )
3292 # Check whether user wants OpenSC support
3293 OPENSC_CONFIG="no"
3294 AC_ARG_WITH(opensc,
3295 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3296 [
3297 if test "x$withval" != "xno" ; then
3298 AC_PATH_PROG(PKGCONFIG, pkg-config, no)
3299 AC_MSG_CHECKING(how to get opensc config)
3300 if test "x$withval" != "xyes" -a "x$PKGCONFIG" = "xno"; then
3301 OPENSC_CONFIG="$withval/bin/opensc-config"
3302 elif test -f "$withval/src/libopensc/libopensc.pc"; then
3303 OPENSC_CONFIG="$PKGCONFIG $withval/src/libopensc/libopensc.pc"
3304 elif test "x$PKGCONFIG" != "xno"; then
3305 OPENSC_CONFIG="$PKGCONFIG libopensc"
3306 else
3307 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3308 fi
3309 AC_MSG_RESULT($OPENSC_CONFIG)
3310 if test "$OPENSC_CONFIG" != "no"; then
3311 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3312 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3313 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3314 LIBS="$LIBS $LIBOPENSC_LIBS"
3315 AC_DEFINE(SMARTCARD)
3316 AC_DEFINE(USE_OPENSC, 1,
3317 [Define if you want smartcard support
3318 using OpenSC])
3319 SCARD_MSG="yes, using OpenSC"
3320 fi
3321 fi
3322 ]
3323 )
3325 # Check libraries needed by DNS fingerprint support
3326 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3327 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3328 [Define if getrrsetbyname() exists])],
3329 [
3330 # Needed by our getrrsetbyname()
3331 AC_SEARCH_LIBS(res_query, resolv)
3332 AC_SEARCH_LIBS(dn_expand, resolv)
3333 AC_MSG_CHECKING(if res_query will link)
3334 AC_LINK_IFELSE([
3335 #include "confdefs.h"
3336 #include <sys/types.h>
3337 #include <netinet/in.h>
3338 #include <arpa/nameser.h>
3339 #include <netdb.h>
3340 #include <resolv.h>
3341 int main()
3342 {
3343 res_query (0, 0, 0, 0, 0);
3344 return 0;
3345 }
3346 ],
3347 AC_MSG_RESULT(yes),
3348 [AC_MSG_RESULT(no)
3349 saved_LIBS="$LIBS"
3350 LIBS="$LIBS -lresolv"
3351 AC_MSG_CHECKING(for res_query in -lresolv)
3352 AC_LINK_IFELSE([
3353 #include "confdefs.h"
3354 #include <sys/types.h>
3355 #include <netinet/in.h>
3356 #include <arpa/nameser.h>
3357 #include <netdb.h>
3358 #include <resolv.h>
3359 int main()
3360 {
3361 res_query (0, 0, 0, 0, 0);
3362 return 0;
3363 }
3364 ],
3365 [AC_MSG_RESULT(yes)],
3366 [LIBS="$saved_LIBS"
3367 AC_MSG_RESULT(no)])
3368 ])
3369 AC_CHECK_FUNCS(_getshort _getlong)
3370 AC_CHECK_DECLS([_getshort, _getlong], , ,
3371 [#include <sys/types.h>
3372 #include <arpa/nameser.h>])
3373 AC_CHECK_MEMBER(HEADER.ad,
3374 [AC_DEFINE(HAVE_HEADER_AD, 1,
3375 [Define if HEADER.ad exists in arpa/nameser.h])],,
3376 [#include <arpa/nameser.h>])
3377 ])
3379 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3380 AC_LINK_IFELSE([
3381 #include <stdio.h>
3382 #if HAVE_SYS_TYPES_H
3383 # include <sys/types.h>
3384 #endif
3385 #include <netinet/in.h>
3386 #include <arpa/nameser.h>
3387 #include <resolv.h>
3388 extern struct __res_state _res;
3389 int main() { return 0; }
3390 ],
3391 [AC_MSG_RESULT(yes)
3392 AC_DEFINE(HAVE__RES_EXTERN, 1,
3393 [Define if you have struct __res_state _res as an extern])
3394 ],
3395 [ AC_MSG_RESULT(no) ]
3396 )
3398 # Check whether user wants SELinux support
3399 SELINUX_MSG="no"
3400 LIBSELINUX=""
3401 AC_ARG_WITH(selinux,
3402 [ --with-selinux Enable SELinux support],
3403 [ if test "x$withval" != "xno" ; then
3404 save_LIBS="$LIBS"
3405 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3406 SELINUX_MSG="yes"
3407 AC_CHECK_HEADER([selinux/selinux.h], ,
3408 AC_MSG_ERROR(SELinux support requires selinux.h header))
3409 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3410 AC_MSG_ERROR(SELinux support requires libselinux library))
3411 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3412 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3413 LIBS="$save_LIBS"
3414 fi ]
3415 )
3417 # Check whether user wants Kerberos 5 support
3418 KRB5_MSG="no"
3419 AC_ARG_WITH(kerberos5,
3420 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3421 [ if test "x$withval" != "xno" ; then
3422 if test "x$withval" = "xyes" ; then
3423 KRB5ROOT="/usr/local"
3424 else
3425 KRB5ROOT=${withval}
3426 fi
3428 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3429 KRB5_MSG="yes"
3431 AC_PATH_PROG([KRB5CONF],[krb5-config],
3432 [$KRB5ROOT/bin/krb5-config],
3433 [$KRB5ROOT/bin:$PATH])
3434 if test -x $KRB5CONF ; then
3436 AC_MSG_CHECKING(for gssapi support)
3437 if $KRB5CONF | grep gssapi >/dev/null ; then
3438 AC_MSG_RESULT(yes)
3439 AC_DEFINE(GSSAPI, 1,
3440 [Define this if you want GSSAPI
3441 support in the version 2 protocol])
3442 k5confopts=gssapi
3443 else
3444 AC_MSG_RESULT(no)
3445 k5confopts=""
3446 fi
3447 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3448 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3449 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3450 AC_MSG_CHECKING(whether we are using Heimdal)
3451 AC_TRY_COMPILE([ #include <krb5.h> ],
3452 [ char *tmp = heimdal_version; ],
3453 [ AC_MSG_RESULT(yes)
3454 AC_DEFINE(HEIMDAL, 1,
3455 [Define this if you are using the
3456 Heimdal version of Kerberos V5]) ],
3457 AC_MSG_RESULT(no)
3458 )
3459 else
3460 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3461 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3462 AC_MSG_CHECKING(whether we are using Heimdal)
3463 AC_TRY_COMPILE([ #include <krb5.h> ],
3464 [ char *tmp = heimdal_version; ],
3465 [ AC_MSG_RESULT(yes)
3466 AC_DEFINE(HEIMDAL)
3467 K5LIBS="-lkrb5 -ldes"
3468 K5LIBS="$K5LIBS -lcom_err -lasn1"
3469 AC_CHECK_LIB(roken, net_write,
3470 [K5LIBS="$K5LIBS -lroken"])
3471 ],
3472 [ AC_MSG_RESULT(no)
3473 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3474 ]
3475 )
3476 AC_SEARCH_LIBS(dn_expand, resolv)
3478 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3479 [ AC_DEFINE(GSSAPI)
3480 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3481 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3482 [ AC_DEFINE(GSSAPI)
3483 K5LIBS="-lgssapi $K5LIBS" ],
3484 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3485 $K5LIBS)
3486 ],
3487 $K5LIBS)
3489 AC_CHECK_HEADER(gssapi.h, ,
3490 [ unset ac_cv_header_gssapi_h
3491 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3492 AC_CHECK_HEADERS(gssapi.h, ,
3493 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3494 )
3495 ]
3496 )
3498 oldCPP="$CPPFLAGS"
3499 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3500 AC_CHECK_HEADER(gssapi_krb5.h, ,
3501 [ CPPFLAGS="$oldCPP" ])
3503 fi
3504 if test ! -z "$need_dash_r" ; then
3505 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3506 fi
3507 if test ! -z "$blibpath" ; then
3508 blibpath="$blibpath:${KRB5ROOT}/lib"
3509 fi
3511 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3512 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3513 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3515 LIBS="$LIBS $K5LIBS"
3516 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3517 [Define this if you want to use libkafs' AFS support]))
3518 fi
3519 ]
3520 )
3522 # Looking for programs, paths and files
3524 PRIVSEP_PATH=/var/empty
3525 AC_ARG_WITH(privsep-path,
3526 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3527 [
3528 if test -n "$withval" && test "x$withval" != "xno" && \
3529 test "x${withval}" != "xyes"; then
3530 PRIVSEP_PATH=$withval
3531 fi
3532 ]
3533 )
3534 AC_SUBST(PRIVSEP_PATH)
3536 AC_ARG_WITH(xauth,
3537 [ --with-xauth=PATH Specify path to xauth program ],
3538 [
3539 if test -n "$withval" && test "x$withval" != "xno" && \
3540 test "x${withval}" != "xyes"; then
3541 xauth_path=$withval
3542 fi
3543 ],
3544 [
3545 TestPath="$PATH"
3546 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3547 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3548 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3549 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3550 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3551 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3552 xauth_path="/usr/openwin/bin/xauth"
3553 fi
3554 ]
3555 )
3557 STRIP_OPT=-s
3558 AC_ARG_ENABLE(strip,
3559 [ --disable-strip Disable calling strip(1) on install],
3560 [
3561 if test "x$enableval" = "xno" ; then
3562 STRIP_OPT=
3563 fi
3564 ]
3565 )
3566 AC_SUBST(STRIP_OPT)
3568 if test -z "$xauth_path" ; then
3569 XAUTH_PATH="undefined"
3570 AC_SUBST(XAUTH_PATH)
3571 else
3572 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3573 [Define if xauth is found in your path])
3574 XAUTH_PATH=$xauth_path
3575 AC_SUBST(XAUTH_PATH)
3576 fi
3578 # Check for mail directory (last resort if we cannot get it from headers)
3579 if test ! -z "$MAIL" ; then
3580 maildir=`dirname $MAIL`
3581 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3582 [Set this to your mail directory if you don't have maillock.h])
3583 fi
3585 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3586 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3587 disable_ptmx_check=yes
3588 fi
3589 if test -z "$no_dev_ptmx" ; then
3590 if test "x$disable_ptmx_check" != "xyes" ; then
3591 AC_CHECK_FILE("/dev/ptmx",
3592 [
3593 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3594 [Define if you have /dev/ptmx])
3595 have_dev_ptmx=1
3596 ]
3597 )
3598 fi
3599 fi
3601 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3602 AC_CHECK_FILE("/dev/ptc",
3603 [
3604 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3605 [Define if you have /dev/ptc])
3606 have_dev_ptc=1
3607 ]
3608 )
3609 else
3610 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3611 fi
3613 # Options from here on. Some of these are preset by platform above
3614 AC_ARG_WITH(mantype,
3615 [ --with-mantype=man|cat|doc Set man page type],
3616 [
3617 case "$withval" in
3618 man|cat|doc)
3619 MANTYPE=$withval
3620 ;;
3621 *)
3622 AC_MSG_ERROR(invalid man type: $withval)
3623 ;;
3624 esac
3625 ]
3626 )
3627 if test -z "$MANTYPE"; then
3628 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3629 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3630 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3631 MANTYPE=doc
3632 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3633 MANTYPE=man
3634 else
3635 MANTYPE=cat
3636 fi
3637 fi
3638 AC_SUBST(MANTYPE)
3639 if test "$MANTYPE" = "doc"; then
3640 mansubdir=man;
3641 else
3642 mansubdir=$MANTYPE;
3643 fi
3644 AC_SUBST(mansubdir)
3646 # Check whether to enable MD5 passwords
3647 MD5_MSG="no"
3648 AC_ARG_WITH(md5-passwords,
3649 [ --with-md5-passwords Enable use of MD5 passwords],
3650 [
3651 if test "x$withval" != "xno" ; then
3652 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3653 [Define if you want to allow MD5 passwords])
3654 MD5_MSG="yes"
3655 fi
3656 ]
3657 )
3659 # Whether to disable shadow password support
3660 AC_ARG_WITH(shadow,
3661 [ --without-shadow Disable shadow password support],
3662 [
3663 if test "x$withval" = "xno" ; then
3664 AC_DEFINE(DISABLE_SHADOW)
3665 disable_shadow=yes
3666 fi
3667 ]
3668 )
3670 if test -z "$disable_shadow" ; then
3671 AC_MSG_CHECKING([if the systems has expire shadow information])
3672 AC_TRY_COMPILE(
3673 [
3674 #include <sys/types.h>
3675 #include <shadow.h>
3676 struct spwd sp;
3677 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3678 [ sp_expire_available=yes ], []
3679 )
3681 if test "x$sp_expire_available" = "xyes" ; then
3682 AC_MSG_RESULT(yes)
3683 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3684 [Define if you want to use shadow password expire field])
3685 else
3686 AC_MSG_RESULT(no)
3687 fi
3688 fi
3690 # Use ip address instead of hostname in $DISPLAY
3691 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3692 DISPLAY_HACK_MSG="yes"
3693 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3694 [Define if you need to use IP address
3695 instead of hostname in $DISPLAY])
3696 else
3697 DISPLAY_HACK_MSG="no"
3698 AC_ARG_WITH(ipaddr-display,
3699 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3700 [
3701 if test "x$withval" != "xno" ; then
3702 AC_DEFINE(IPADDR_IN_DISPLAY)
3703 DISPLAY_HACK_MSG="yes"
3704 fi
3705 ]
3706 )
3707 fi
3709 # check for /etc/default/login and use it if present.
3710 AC_ARG_ENABLE(etc-default-login,
3711 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3712 [ if test "x$enableval" = "xno"; then
3713 AC_MSG_NOTICE([/etc/default/login handling disabled])
3714 etc_default_login=no
3715 else
3716 etc_default_login=yes
3717 fi ],
3718 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3719 then
3720 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3721 etc_default_login=no
3722 else
3723 etc_default_login=yes
3724 fi ]
3725 )
3727 if test "x$etc_default_login" != "xno"; then
3728 AC_CHECK_FILE("/etc/default/login",
3729 [ external_path_file=/etc/default/login ])
3730 if test "x$external_path_file" = "x/etc/default/login"; then
3731 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3732 [Define if your system has /etc/default/login])
3733 fi
3734 fi
3736 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3737 if test $ac_cv_func_login_getcapbool = "yes" && \
3738 test $ac_cv_header_login_cap_h = "yes" ; then
3739 external_path_file=/etc/login.conf
3740 fi
3742 # Whether to mess with the default path
3743 SERVER_PATH_MSG="(default)"
3744 AC_ARG_WITH(default-path,
3745 [ --with-default-path= Specify default \$PATH environment for server],
3746 [
3747 if test "x$external_path_file" = "x/etc/login.conf" ; then
3748 AC_MSG_WARN([
3749 --with-default-path=PATH has no effect on this system.
3750 Edit /etc/login.conf instead.])
3751 elif test "x$withval" != "xno" ; then
3752 if test ! -z "$external_path_file" ; then
3753 AC_MSG_WARN([
3754 --with-default-path=PATH will only be used if PATH is not defined in
3755 $external_path_file .])
3756 fi
3757 user_path="$withval"
3758 SERVER_PATH_MSG="$withval"
3759 fi
3760 ],
3761 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3762 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3763 else
3764 if test ! -z "$external_path_file" ; then
3765 AC_MSG_WARN([
3766 If PATH is defined in $external_path_file, ensure the path to scp is included,
3767 otherwise scp will not work.])
3768 fi
3769 AC_RUN_IFELSE(
3770 [AC_LANG_SOURCE([[
3771 /* find out what STDPATH is */
3772 #include <stdio.h>
3773 #ifdef HAVE_PATHS_H
3774 # include <paths.h>
3775 #endif
3776 #ifndef _PATH_STDPATH
3777 # ifdef _PATH_USERPATH /* Irix */
3778 # define _PATH_STDPATH _PATH_USERPATH
3779 # else
3780 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3781 # endif
3782 #endif
3783 #include <sys/types.h>
3784 #include <sys/stat.h>
3785 #include <fcntl.h>
3786 #define DATA "conftest.stdpath"
3788 main()
3789 {
3790 FILE *fd;
3791 int rc;
3793 fd = fopen(DATA,"w");
3794 if(fd == NULL)
3795 exit(1);
3797 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3798 exit(1);
3800 exit(0);
3801 }
3802 ]])],
3803 [ user_path=`cat conftest.stdpath` ],
3804 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3805 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3806 )
3807 # make sure $bindir is in USER_PATH so scp will work
3808 t_bindir=`eval echo ${bindir}`
3809 case $t_bindir in
3810 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3811 esac
3812 case $t_bindir in
3813 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3814 esac
3815 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3816 if test $? -ne 0 ; then
3817 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3818 if test $? -ne 0 ; then
3819 user_path=$user_path:$t_bindir
3820 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3821 fi
3822 fi
3823 fi ]
3824 )
3825 if test "x$external_path_file" != "x/etc/login.conf" ; then
3826 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3827 AC_SUBST(user_path)
3828 fi
3830 # Set superuser path separately to user path
3831 AC_ARG_WITH(superuser-path,
3832 [ --with-superuser-path= Specify different path for super-user],
3833 [
3834 if test -n "$withval" && test "x$withval" != "xno" && \
3835 test "x${withval}" != "xyes"; then
3836 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3837 [Define if you want a different $PATH
3838 for the superuser])
3839 superuser_path=$withval
3840 fi
3841 ]
3842 )
3845 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3846 IPV4_IN6_HACK_MSG="no"
3847 AC_ARG_WITH(4in6,
3848 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3849 [
3850 if test "x$withval" != "xno" ; then
3851 AC_MSG_RESULT(yes)
3852 AC_DEFINE(IPV4_IN_IPV6, 1,
3853 [Detect IPv4 in IPv6 mapped addresses
3854 and treat as IPv4])
3855 IPV4_IN6_HACK_MSG="yes"
3856 else
3857 AC_MSG_RESULT(no)
3858 fi
3859 ],[
3860 if test "x$inet6_default_4in6" = "xyes"; then
3861 AC_MSG_RESULT([yes (default)])
3862 AC_DEFINE(IPV4_IN_IPV6)
3863 IPV4_IN6_HACK_MSG="yes"
3864 else
3865 AC_MSG_RESULT([no (default)])
3866 fi
3867 ]
3868 )
3870 # Whether to enable BSD auth support
3871 BSD_AUTH_MSG=no
3872 AC_ARG_WITH(bsd-auth,
3873 [ --with-bsd-auth Enable BSD auth support],
3874 [
3875 if test "x$withval" != "xno" ; then
3876 AC_DEFINE(BSD_AUTH, 1,
3877 [Define if you have BSD auth support])
3878 BSD_AUTH_MSG=yes
3879 fi
3880 ]
3881 )
3883 # Where to place sshd.pid
3884 piddir=/var/run
3885 # make sure the directory exists
3886 if test ! -d $piddir ; then
3887 piddir=`eval echo ${sysconfdir}`
3888 case $piddir in
3889 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3890 esac
3891 fi
3893 AC_ARG_WITH(pid-dir,
3894 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3895 [
3896 if test -n "$withval" && test "x$withval" != "xno" && \
3897 test "x${withval}" != "xyes"; then
3898 piddir=$withval
3899 if test ! -d $piddir ; then
3900 AC_MSG_WARN([** no $piddir directory on this system **])
3901 fi
3902 fi
3903 ]
3904 )
3906 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3907 AC_SUBST(piddir)
3909 dnl allow user to disable some login recording features
3910 AC_ARG_ENABLE(lastlog,
3911 [ --disable-lastlog disable use of lastlog even if detected [no]],
3912 [
3913 if test "x$enableval" = "xno" ; then
3914 AC_DEFINE(DISABLE_LASTLOG)
3915 fi
3916 ]
3917 )
3918 AC_ARG_ENABLE(utmp,
3919 [ --disable-utmp disable use of utmp even if detected [no]],
3920 [
3921 if test "x$enableval" = "xno" ; then
3922 AC_DEFINE(DISABLE_UTMP)
3923 fi
3924 ]
3925 )
3926 AC_ARG_ENABLE(utmpx,
3927 [ --disable-utmpx disable use of utmpx even if detected [no]],
3928 [
3929 if test "x$enableval" = "xno" ; then
3930 AC_DEFINE(DISABLE_UTMPX, 1,
3931 [Define if you don't want to use utmpx])
3932 fi
3933 ]
3934 )
3935 AC_ARG_ENABLE(wtmp,
3936 [ --disable-wtmp disable use of wtmp even if detected [no]],
3937 [
3938 if test "x$enableval" = "xno" ; then
3939 AC_DEFINE(DISABLE_WTMP)
3940 fi
3941 ]
3942 )
3943 AC_ARG_ENABLE(wtmpx,
3944 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3945 [
3946 if test "x$enableval" = "xno" ; then
3947 AC_DEFINE(DISABLE_WTMPX, 1,
3948 [Define if you don't want to use wtmpx])
3949 fi
3950 ]
3951 )
3952 AC_ARG_ENABLE(libutil,
3953 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3954 [
3955 if test "x$enableval" = "xno" ; then
3956 AC_DEFINE(DISABLE_LOGIN)
3957 fi
3958 ]
3959 )
3960 AC_ARG_ENABLE(pututline,
3961 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3962 [
3963 if test "x$enableval" = "xno" ; then
3964 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3965 [Define if you don't want to use pututline()
3966 etc. to write [uw]tmp])
3967 fi
3968 ]
3969 )
3970 AC_ARG_ENABLE(pututxline,
3971 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3972 [
3973 if test "x$enableval" = "xno" ; then
3974 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3975 [Define if you don't want to use pututxline()
3976 etc. to write [uw]tmpx])
3977 fi
3978 ]
3979 )
3980 AC_ARG_WITH(lastlog,
3981 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3982 [
3983 if test "x$withval" = "xno" ; then
3984 AC_DEFINE(DISABLE_LASTLOG)
3985 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3986 conf_lastlog_location=$withval
3987 fi
3988 ]
3989 )
3991 dnl lastlog, [uw]tmpx? detection
3992 dnl NOTE: set the paths in the platform section to avoid the
3993 dnl need for command-line parameters
3994 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3996 dnl lastlog detection
3997 dnl NOTE: the code itself will detect if lastlog is a directory
3998 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3999 AC_TRY_COMPILE([
4000 #include <sys/types.h>
4001 #include <utmp.h>
4002 #ifdef HAVE_LASTLOG_H
4003 # include <lastlog.h>
4004 #endif
4005 #ifdef HAVE_PATHS_H
4006 # include <paths.h>
4007 #endif
4008 #ifdef HAVE_LOGIN_H
4009 # include <login.h>
4010 #endif
4011 ],
4012 [ char *lastlog = LASTLOG_FILE; ],
4013 [ AC_MSG_RESULT(yes) ],
4014 [
4015 AC_MSG_RESULT(no)
4016 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4017 AC_TRY_COMPILE([
4018 #include <sys/types.h>
4019 #include <utmp.h>
4020 #ifdef HAVE_LASTLOG_H
4021 # include <lastlog.h>
4022 #endif
4023 #ifdef HAVE_PATHS_H
4024 # include <paths.h>
4025 #endif
4026 ],
4027 [ char *lastlog = _PATH_LASTLOG; ],
4028 [ AC_MSG_RESULT(yes) ],
4029 [
4030 AC_MSG_RESULT(no)
4031 system_lastlog_path=no
4032 ])
4033 ]
4034 )
4036 if test -z "$conf_lastlog_location"; then
4037 if test x"$system_lastlog_path" = x"no" ; then
4038 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4039 if (test -d "$f" || test -f "$f") ; then
4040 conf_lastlog_location=$f
4041 fi
4042 done
4043 if test -z "$conf_lastlog_location"; then
4044 AC_MSG_WARN([** Cannot find lastlog **])
4045 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4046 fi
4047 fi
4048 fi
4050 if test -n "$conf_lastlog_location"; then
4051 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4052 [Define if you want to specify the path to your lastlog file])
4053 fi
4055 dnl utmp detection
4056 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4057 AC_TRY_COMPILE([
4058 #include <sys/types.h>
4059 #include <utmp.h>
4060 #ifdef HAVE_PATHS_H
4061 # include <paths.h>
4062 #endif
4063 ],
4064 [ char *utmp = UTMP_FILE; ],
4065 [ AC_MSG_RESULT(yes) ],
4066 [ AC_MSG_RESULT(no)
4067 system_utmp_path=no ]
4068 )
4069 if test -z "$conf_utmp_location"; then
4070 if test x"$system_utmp_path" = x"no" ; then
4071 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4072 if test -f $f ; then
4073 conf_utmp_location=$f
4074 fi
4075 done
4076 if test -z "$conf_utmp_location"; then
4077 AC_DEFINE(DISABLE_UTMP)
4078 fi
4079 fi
4080 fi
4081 if test -n "$conf_utmp_location"; then
4082 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4083 [Define if you want to specify the path to your utmp file])
4084 fi
4086 dnl wtmp detection
4087 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4088 AC_TRY_COMPILE([
4089 #include <sys/types.h>
4090 #include <utmp.h>
4091 #ifdef HAVE_PATHS_H
4092 # include <paths.h>
4093 #endif
4094 ],
4095 [ char *wtmp = WTMP_FILE; ],
4096 [ AC_MSG_RESULT(yes) ],
4097 [ AC_MSG_RESULT(no)
4098 system_wtmp_path=no ]
4099 )
4100 if test -z "$conf_wtmp_location"; then
4101 if test x"$system_wtmp_path" = x"no" ; then
4102 for f in /usr/adm/wtmp /var/log/wtmp; do
4103 if test -f $f ; then
4104 conf_wtmp_location=$f
4105 fi
4106 done
4107 if test -z "$conf_wtmp_location"; then
4108 AC_DEFINE(DISABLE_WTMP)
4109 fi
4110 fi
4111 fi
4112 if test -n "$conf_wtmp_location"; then
4113 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4114 [Define if you want to specify the path to your wtmp file])
4115 fi
4118 dnl utmpx detection - I don't know any system so perverse as to require
4119 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4120 dnl there, though.
4121 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4122 AC_TRY_COMPILE([
4123 #include <sys/types.h>
4124 #include <utmp.h>
4125 #ifdef HAVE_UTMPX_H
4126 #include <utmpx.h>
4127 #endif
4128 #ifdef HAVE_PATHS_H
4129 # include <paths.h>
4130 #endif
4131 ],
4132 [ char *utmpx = UTMPX_FILE; ],
4133 [ AC_MSG_RESULT(yes) ],
4134 [ AC_MSG_RESULT(no)
4135 system_utmpx_path=no ]
4136 )
4137 if test -z "$conf_utmpx_location"; then
4138 if test x"$system_utmpx_path" = x"no" ; then
4139 AC_DEFINE(DISABLE_UTMPX)
4140 fi
4141 else
4142 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4143 [Define if you want to specify the path to your utmpx file])
4144 fi
4146 dnl wtmpx detection
4147 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4148 AC_TRY_COMPILE([
4149 #include <sys/types.h>
4150 #include <utmp.h>
4151 #ifdef HAVE_UTMPX_H
4152 #include <utmpx.h>
4153 #endif
4154 #ifdef HAVE_PATHS_H
4155 # include <paths.h>
4156 #endif
4157 ],
4158 [ char *wtmpx = WTMPX_FILE; ],
4159 [ AC_MSG_RESULT(yes) ],
4160 [ AC_MSG_RESULT(no)
4161 system_wtmpx_path=no ]
4162 )
4163 if test -z "$conf_wtmpx_location"; then
4164 if test x"$system_wtmpx_path" = x"no" ; then
4165 AC_DEFINE(DISABLE_WTMPX)
4166 fi
4167 else
4168 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4169 [Define if you want to specify the path to your wtmpx file])
4170 fi
4173 if test ! -z "$blibpath" ; then
4174 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4175 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4176 fi
4178 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4179 dnl Add now.
4180 CFLAGS="$CFLAGS $werror_flags"
4182 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4183 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4184 AC_SUBST(TEST_SSH_IPV6, no)
4185 else
4186 AC_SUBST(TEST_SSH_IPV6, yes)
4187 fi
4189 AC_EXEEXT
4190 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4191 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4192 scard/Makefile ssh_prng_cmds survey.sh])
4193 AC_OUTPUT
4195 # Print summary of options
4197 # Someone please show me a better way :)
4198 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4199 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4200 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4201 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4202 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4203 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4204 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4205 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4206 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4207 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4209 echo ""
4210 echo "OpenSSH has been configured with the following options:"
4211 echo " User binaries: $B"
4212 echo " System binaries: $C"
4213 echo " Configuration files: $D"
4214 echo " Askpass program: $E"
4215 echo " Manual pages: $F"
4216 echo " PID file: $G"
4217 echo " Privilege separation chroot path: $H"
4218 if test "x$external_path_file" = "x/etc/login.conf" ; then
4219 echo " At runtime, sshd will use the path defined in $external_path_file"
4220 echo " Make sure the path to scp is present, otherwise scp will not work"
4221 else
4222 echo " sshd default user PATH: $I"
4223 if test ! -z "$external_path_file"; then
4224 echo " (If PATH is set in $external_path_file it will be used instead. If"
4225 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4226 fi
4227 fi
4228 if test ! -z "$superuser_path" ; then
4229 echo " sshd superuser user PATH: $J"
4230 fi
4231 echo " Manpage format: $MANTYPE"
4232 echo " PAM support: $PAM_MSG"
4233 echo " OSF SIA support: $SIA_MSG"
4234 echo " KerberosV support: $KRB5_MSG"
4235 echo " SELinux support: $SELINUX_MSG"
4236 echo " Smartcard support: $SCARD_MSG"
4237 echo " S/KEY support: $SKEY_MSG"
4238 echo " TCP Wrappers support: $TCPW_MSG"
4239 echo " MD5 password support: $MD5_MSG"
4240 echo " libedit support: $LIBEDIT_MSG"
4241 echo " Solaris process contract support: $SPC_MSG"
4242 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4243 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4244 echo " BSD Auth support: $BSD_AUTH_MSG"
4245 echo " Random number source: $RAND_MSG"
4246 if test ! -z "$USE_RAND_HELPER" ; then
4247 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4248 fi
4250 echo ""
4252 echo " Host: ${host}"
4253 echo " Compiler: ${CC}"
4254 echo " Compiler flags: ${CFLAGS}"
4255 echo "Preprocessor flags: ${CPPFLAGS}"
4256 echo " Linker flags: ${LDFLAGS}"
4257 echo " Libraries: ${LIBS}"
4258 if test ! -z "${SSHDLIBS}"; then
4259 echo " +for sshd: ${SSHDLIBS}"
4260 fi
4262 echo ""
4264 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4265 echo "SVR4 style packages are supported with \"make package\""
4266 echo ""
4267 fi
4269 if test "x$PAM_MSG" = "xyes" ; then
4270 echo "PAM is enabled. You may need to install a PAM control file "
4271 echo "for sshd, otherwise password authentication may fail. "
4272 echo "Example PAM control files can be found in the contrib/ "
4273 echo "subdirectory"
4274 echo ""
4275 fi
4277 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4278 echo "WARNING: you are using the builtin random number collection "
4279 echo "service. Please read WARNING.RNG and request that your OS "
4280 echo "vendor includes kernel-based random number collection in "
4281 echo "future versions of your OS."
4282 echo ""
4283 fi
4285 if test ! -z "$NO_PEERCHECK" ; then
4286 echo "WARNING: the operating system that you are using does not"
4287 echo "appear to support getpeereid(), getpeerucred() or the"
4288 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4289 echo "enforce security checks to prevent unauthorised connections to"
4290 echo "ssh-agent. Their absence increases the risk that a malicious"
4291 echo "user can connect to your agent."
4292 echo ""
4293 fi
4295 if test "$AUDIT_MODULE" = "bsm" ; then
4296 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4297 echo "See the Solaris section in README.platform for details."
4298 fi