| blob | 331fb4572464b57343ec78fc1ab5de9630c5f37b |
1 # $Id: configure.ac,v 1.445 2010/03/09 09:42:31 dtucker Exp $
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.445 $)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
22 AC_PROG_CC
23 AC_CANONICAL_HOST
24 AC_C_BIGENDIAN
26 # Checks for programs.
27 AC_PROG_AWK
28 AC_PROG_CPP
29 AC_PROG_RANLIB
30 AC_PROG_INSTALL
31 AC_PROG_EGREP
32 AC_PATH_PROG(AR, ar)
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
37 AC_SUBST(PERL)
38 AC_PATH_PROG(ENT, ent)
39 AC_SUBST(ENT)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43 AC_PATH_PROG(SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
46 dnl for buildpkg.sh
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54 else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56 fi
58 # System features
59 AC_SYS_LARGEFILE
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63 fi
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
70 else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76 fi
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
82 fi
84 if test -z "$LD" ; then
85 LD=$CC
86 fi
87 AC_SUBST(LD)
89 AC_C_INLINE
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 use_stack_protector=1
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
97 use_stack_protector=0
98 fi ])
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
103 case $GCC_VER in
104 1.*) no_attrib_nonnull=1 ;;
105 2.8* | 2.9*)
106 CFLAGS="$CFLAGS -Wsign-compare"
107 no_attrib_nonnull=1
108 ;;
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-strict-aliasing" ;;
112 *) ;;
113 esac
115 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
116 saved_CFLAGS="$CFLAGS"
117 CFLAGS="$CFLAGS -fno-builtin-memset"
118 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
119 #include <string.h>
120 int main(void){char b[10]; memset(b, 0, sizeof(b));}
121 ]])],
122 [ AC_MSG_RESULT(yes) ],
123 [ AC_MSG_RESULT(no)
124 CFLAGS="$saved_CFLAGS" ]
125 )
127 # -fstack-protector-all doesn't always work for some GCC versions
128 # and/or platforms, so we test if we can. If it's not supported
129 # on a given platform gcc will emit a warning so we use -Werror.
130 if test "x$use_stack_protector" = "x1"; then
131 for t in -fstack-protector-all -fstack-protector; do
132 AC_MSG_CHECKING(if $CC supports $t)
133 saved_CFLAGS="$CFLAGS"
134 saved_LDFLAGS="$LDFLAGS"
135 CFLAGS="$CFLAGS $t -Werror"
136 LDFLAGS="$LDFLAGS $t -Werror"
137 AC_LINK_IFELSE(
138 [AC_LANG_SOURCE([
139 #include <stdio.h>
140 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
141 ])],
142 [ AC_MSG_RESULT(yes)
143 CFLAGS="$saved_CFLAGS $t"
144 LDFLAGS="$saved_LDFLAGS $t"
145 AC_MSG_CHECKING(if $t works)
146 AC_RUN_IFELSE(
147 [AC_LANG_SOURCE([
148 #include <stdio.h>
149 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
150 ])],
151 [ AC_MSG_RESULT(yes)
152 break ],
153 [ AC_MSG_RESULT(no) ],
154 [ AC_MSG_WARN([cross compiling: cannot test])
155 break ]
156 )
157 ],
158 [ AC_MSG_RESULT(no) ]
159 )
160 CFLAGS="$saved_CFLAGS"
161 LDFLAGS="$saved_LDFLAGS"
162 done
163 fi
165 if test -z "$have_llong_max"; then
166 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
167 unset ac_cv_have_decl_LLONG_MAX
168 saved_CFLAGS="$CFLAGS"
169 CFLAGS="$CFLAGS -std=gnu99"
170 AC_CHECK_DECL(LLONG_MAX,
171 [have_llong_max=1],
172 [CFLAGS="$saved_CFLAGS"],
173 [#include <limits.h>]
174 )
175 fi
176 fi
178 if test "x$no_attrib_nonnull" != "x1" ; then
179 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
180 fi
182 AC_ARG_WITH(rpath,
183 [ --without-rpath Disable auto-added -R linker paths],
184 [
185 if test "x$withval" = "xno" ; then
186 need_dash_r=""
187 fi
188 if test "x$withval" = "xyes" ; then
189 need_dash_r=1
190 fi
191 ]
192 )
194 # Allow user to specify flags
195 AC_ARG_WITH(cflags,
196 [ --with-cflags Specify additional flags to pass to compiler],
197 [
198 if test -n "$withval" && test "x$withval" != "xno" && \
199 test "x${withval}" != "xyes"; then
200 CFLAGS="$CFLAGS $withval"
201 fi
202 ]
203 )
204 AC_ARG_WITH(cppflags,
205 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
206 [
207 if test -n "$withval" && test "x$withval" != "xno" && \
208 test "x${withval}" != "xyes"; then
209 CPPFLAGS="$CPPFLAGS $withval"
210 fi
211 ]
212 )
213 AC_ARG_WITH(ldflags,
214 [ --with-ldflags Specify additional flags to pass to linker],
215 [
216 if test -n "$withval" && test "x$withval" != "xno" && \
217 test "x${withval}" != "xyes"; then
218 LDFLAGS="$LDFLAGS $withval"
219 fi
220 ]
221 )
222 AC_ARG_WITH(libs,
223 [ --with-libs Specify additional libraries to link with],
224 [
225 if test -n "$withval" && test "x$withval" != "xno" && \
226 test "x${withval}" != "xyes"; then
227 LIBS="$LIBS $withval"
228 fi
229 ]
230 )
231 AC_ARG_WITH(Werror,
232 [ --with-Werror Build main code with -Werror],
233 [
234 if test -n "$withval" && test "x$withval" != "xno"; then
235 werror_flags="-Werror"
236 if test "x${withval}" != "xyes"; then
237 werror_flags="$withval"
238 fi
239 fi
240 ]
241 )
243 AC_CHECK_HEADERS( \
244 bstring.h \
245 crypt.h \
246 crypto/sha2.h \
247 dirent.h \
248 endian.h \
249 features.h \
250 fcntl.h \
251 floatingpoint.h \
252 getopt.h \
253 glob.h \
254 ia.h \
255 iaf.h \
256 limits.h \
257 login.h \
258 maillock.h \
259 ndir.h \
260 net/if_tun.h \
261 netdb.h \
262 netgroup.h \
263 pam/pam_appl.h \
264 paths.h \
265 poll.h \
266 pty.h \
267 readpassphrase.h \
268 rpc/types.h \
269 security/pam_appl.h \
270 sha2.h \
271 shadow.h \
272 stddef.h \
273 stdint.h \
274 string.h \
275 strings.h \
276 sys/audit.h \
277 sys/bitypes.h \
278 sys/bsdtty.h \
279 sys/cdefs.h \
280 sys/dir.h \
281 sys/mman.h \
282 sys/ndir.h \
283 sys/poll.h \
284 sys/prctl.h \
285 sys/pstat.h \
286 sys/select.h \
287 sys/stat.h \
288 sys/stream.h \
289 sys/stropts.h \
290 sys/strtio.h \
291 sys/statvfs.h \
292 sys/sysmacros.h \
293 sys/time.h \
294 sys/timers.h \
295 sys/un.h \
296 time.h \
297 tmpdir.h \
298 ttyent.h \
299 ucred.h \
300 unistd.h \
301 usersec.h \
302 util.h \
303 utime.h \
304 utmp.h \
305 utmpx.h \
306 vis.h \
307 )
309 # lastlog.h requires sys/time.h to be included first on Solaris
310 AC_CHECK_HEADERS(lastlog.h, [], [], [
311 #ifdef HAVE_SYS_TIME_H
312 # include <sys/time.h>
313 #endif
314 ])
316 # sys/ptms.h requires sys/stream.h to be included first on Solaris
317 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
318 #ifdef HAVE_SYS_STREAM_H
319 # include <sys/stream.h>
320 #endif
321 ])
323 # login_cap.h requires sys/types.h on NetBSD
324 AC_CHECK_HEADERS(login_cap.h, [], [], [
325 #include <sys/types.h>
326 ])
328 # older BSDs need sys/param.h before sys/mount.h
329 AC_CHECK_HEADERS(sys/mount.h, [], [], [
330 #include <sys/param.h>
331 ])
333 # Messages for features tested for in target-specific section
334 SIA_MSG="no"
335 SPC_MSG="no"
337 # Check for some target-specific stuff
338 case "$host" in
339 *-*-aix*)
340 # Some versions of VAC won't allow macro redefinitions at
341 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
342 # particularly with older versions of vac or xlc.
343 # It also throws errors about null macro argments, but these are
344 # not fatal.
345 AC_MSG_CHECKING(if compiler allows macro redefinitions)
346 AC_COMPILE_IFELSE(
347 [AC_LANG_SOURCE([[
348 #define testmacro foo
349 #define testmacro bar
350 int main(void) { exit(0); }
351 ]])],
352 [ AC_MSG_RESULT(yes) ],
353 [ AC_MSG_RESULT(no)
354 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
355 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
356 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
357 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
358 ]
359 )
361 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
362 if (test -z "$blibpath"); then
363 blibpath="/usr/lib:/lib"
364 fi
365 saved_LDFLAGS="$LDFLAGS"
366 if test "$GCC" = "yes"; then
367 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
368 else
369 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
370 fi
371 for tryflags in $flags ;do
372 if (test -z "$blibflags"); then
373 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
374 AC_TRY_LINK([], [], [blibflags=$tryflags])
375 fi
376 done
377 if (test -z "$blibflags"); then
378 AC_MSG_RESULT(not found)
379 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
380 else
381 AC_MSG_RESULT($blibflags)
382 fi
383 LDFLAGS="$saved_LDFLAGS"
384 dnl Check for authenticate. Might be in libs.a on older AIXes
385 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
386 [Define if you want to enable AIX4's authenticate function])],
387 [AC_CHECK_LIB(s,authenticate,
388 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
389 LIBS="$LIBS -ls"
390 ])
391 ])
392 dnl Check for various auth function declarations in headers.
393 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
394 passwdexpired, setauthdb], , , [#include <usersec.h>])
395 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
396 AC_CHECK_DECLS(loginfailed,
397 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
398 AC_TRY_COMPILE(
399 [#include <usersec.h>],
400 [(void)loginfailed("user","host","tty",0);],
401 [AC_MSG_RESULT(yes)
402 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
403 [Define if your AIX loginfailed() function
404 takes 4 arguments (AIX >= 5.2)])],
405 [AC_MSG_RESULT(no)]
406 )],
407 [],
408 [#include <usersec.h>]
409 )
410 AC_CHECK_FUNCS(getgrset setauthdb)
411 AC_CHECK_DECL(F_CLOSEM,
412 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
413 [],
414 [ #include <limits.h>
415 #include <fcntl.h> ]
416 )
417 check_for_aix_broken_getaddrinfo=1
418 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
419 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
420 [Define if your platform breaks doing a seteuid before a setuid])
421 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
422 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
423 dnl AIX handles lastlog as part of its login message
424 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
425 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
426 [Some systems need a utmpx entry for /bin/login to work])
427 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
428 [Define to a Set Process Title type if your system is
429 supported by bsd-setproctitle.c])
430 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
431 [AIX 5.2 and 5.3 (and presumably newer) require this])
432 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
433 ;;
434 *-*-cygwin*)
435 check_for_libcrypt_later=1
436 LIBS="$LIBS /usr/lib/textreadmode.o"
437 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
438 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
439 AC_DEFINE(DISABLE_SHADOW, 1,
440 [Define if you want to disable shadow passwords])
441 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
442 [Define if X11 doesn't support AF_UNIX sockets on that system])
443 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
444 [Define if the concept of ports only accessible to
445 superusers isn't known])
446 AC_DEFINE(DISABLE_FD_PASSING, 1,
447 [Define if your platform needs to skip post auth
448 file descriptor passing])
449 AC_DEFINE(SSH_IOBUFSZ, 65535, [Windows is sensitive to read buffer size])
450 ;;
451 *-*-dgux*)
452 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
453 [Define if your system choked on IP TOS setting])
454 AC_DEFINE(SETEUID_BREAKS_SETUID)
455 AC_DEFINE(BROKEN_SETREUID)
456 AC_DEFINE(BROKEN_SETREGID)
457 ;;
458 *-*-darwin*)
459 AC_MSG_CHECKING(if we have working getaddrinfo)
460 AC_TRY_RUN([#include <mach-o/dyld.h>
461 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
462 exit(0);
463 else
464 exit(1);
465 }], [AC_MSG_RESULT(working)],
466 [AC_MSG_RESULT(buggy)
467 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
468 [AC_MSG_RESULT(assume it is working)])
469 AC_DEFINE(SETEUID_BREAKS_SETUID)
470 AC_DEFINE(BROKEN_SETREUID)
471 AC_DEFINE(BROKEN_SETREGID)
472 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
473 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
474 [Define if your resolver libs need this for getrrsetbyname])
475 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
476 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
477 [Use tunnel device compatibility to OpenBSD])
478 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
479 [Prepend the address family to IP tunnel traffic])
480 m4_pattern_allow(AU_IPv)
481 AC_CHECK_DECL(AU_IPv4, [],
482 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
483 [#include <bsm/audit.h>]
484 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
485 [Define if pututxline updates lastlog too])
486 )
487 ;;
488 *-*-dragonfly*)
489 SSHDLIBS="$SSHDLIBS -lcrypt"
490 ;;
491 *-*-hpux*)
492 # first we define all of the options common to all HP-UX releases
493 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
494 IPADDR_IN_DISPLAY=yes
495 AC_DEFINE(USE_PIPES)
496 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
497 [Define if your login program cannot handle end of options ("--")])
498 AC_DEFINE(LOGIN_NEEDS_UTMPX)
499 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
500 [String used in /etc/passwd to denote locked account])
501 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
502 MAIL="/var/mail/username"
503 LIBS="$LIBS -lsec"
504 AC_CHECK_LIB(xnet, t_error, ,
505 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
507 # next, we define all of the options specific to major releases
508 case "$host" in
509 *-*-hpux10*)
510 if test -z "$GCC"; then
511 CFLAGS="$CFLAGS -Ae"
512 fi
513 ;;
514 *-*-hpux11*)
515 AC_DEFINE(PAM_SUN_CODEBASE, 1,
516 [Define if you are using Solaris-derived PAM which
517 passes pam_messages to the conversation function
518 with an extra level of indirection])
519 AC_DEFINE(DISABLE_UTMP, 1,
520 [Define if you don't want to use utmp])
521 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
522 check_for_hpux_broken_getaddrinfo=1
523 check_for_conflicting_getspnam=1
524 ;;
525 esac
527 # lastly, we define options specific to minor releases
528 case "$host" in
529 *-*-hpux10.26)
530 AC_DEFINE(HAVE_SECUREWARE, 1,
531 [Define if you have SecureWare-based
532 protected password database])
533 disable_ptmx_check=yes
534 LIBS="$LIBS -lsecpw"
535 ;;
536 esac
537 ;;
538 *-*-irix5*)
539 PATH="$PATH:/usr/etc"
540 AC_DEFINE(BROKEN_INET_NTOA, 1,
541 [Define if you system's inet_ntoa is busted
542 (e.g. Irix gcc issue)])
543 AC_DEFINE(SETEUID_BREAKS_SETUID)
544 AC_DEFINE(BROKEN_SETREUID)
545 AC_DEFINE(BROKEN_SETREGID)
546 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
547 [Define if you shouldn't strip 'tty' from your
548 ttyname in [uw]tmp])
549 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
550 ;;
551 *-*-irix6*)
552 PATH="$PATH:/usr/etc"
553 AC_DEFINE(WITH_IRIX_ARRAY, 1,
554 [Define if you have/want arrays
555 (cluster-wide session managment, not C arrays)])
556 AC_DEFINE(WITH_IRIX_PROJECT, 1,
557 [Define if you want IRIX project management])
558 AC_DEFINE(WITH_IRIX_AUDIT, 1,
559 [Define if you want IRIX audit trails])
560 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
561 [Define if you want IRIX kernel jobs])])
562 AC_DEFINE(BROKEN_INET_NTOA)
563 AC_DEFINE(SETEUID_BREAKS_SETUID)
564 AC_DEFINE(BROKEN_SETREUID)
565 AC_DEFINE(BROKEN_SETREGID)
566 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
567 AC_DEFINE(WITH_ABBREV_NO_TTY)
568 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
569 ;;
570 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
571 check_for_libcrypt_later=1
572 AC_DEFINE(PAM_TTY_KLUDGE)
573 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
574 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
575 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
576 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
577 ;;
578 *-*-linux*)
579 no_dev_ptmx=1
580 check_for_libcrypt_later=1
581 check_for_openpty_ctty_bug=1
582 AC_DEFINE(PAM_TTY_KLUDGE, 1,
583 [Work around problematic Linux PAM modules handling of PAM_TTY])
584 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
585 [String used in /etc/passwd to denote locked account])
586 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
587 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
588 [Define to whatever link() returns for "not supported"
589 if it doesn't return EOPNOTSUPP.])
590 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
591 AC_DEFINE(USE_BTMP)
592 AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer])
593 inet6_default_4in6=yes
594 case `uname -r` in
595 1.*|2.0.*)
596 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
597 [Define if cmsg_type is not passed correctly])
598 ;;
599 esac
600 # tun(4) forwarding compat code
601 AC_CHECK_HEADERS(linux/if_tun.h)
602 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
603 AC_DEFINE(SSH_TUN_LINUX, 1,
604 [Open tunnel devices the Linux tun/tap way])
605 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
606 [Use tunnel device compatibility to OpenBSD])
607 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
608 [Prepend the address family to IP tunnel traffic])
609 fi
610 ;;
611 mips-sony-bsd|mips-sony-newsos4)
612 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
613 SONY=1
614 ;;
615 *-*-netbsd*)
616 check_for_libcrypt_before=1
617 if test "x$withval" != "xno" ; then
618 need_dash_r=1
619 fi
620 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
621 AC_CHECK_HEADER([net/if_tap.h], ,
622 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
623 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
624 [Prepend the address family to IP tunnel traffic])
625 ;;
626 *-*-freebsd*)
627 check_for_libcrypt_later=1
628 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
629 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
630 AC_CHECK_HEADER([net/if_tap.h], ,
631 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
632 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
633 ;;
634 *-*-bsdi*)
635 AC_DEFINE(SETEUID_BREAKS_SETUID)
636 AC_DEFINE(BROKEN_SETREUID)
637 AC_DEFINE(BROKEN_SETREGID)
638 ;;
639 *-next-*)
640 conf_lastlog_location="/usr/adm/lastlog"
641 conf_utmp_location=/etc/utmp
642 conf_wtmp_location=/usr/adm/wtmp
643 MAIL=/usr/spool/mail
644 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
645 AC_DEFINE(BROKEN_REALPATH)
646 AC_DEFINE(USE_PIPES)
647 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
648 ;;
649 *-*-openbsd*)
650 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
651 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
652 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
653 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
654 [syslog_r function is safe to use in in a signal handler])
655 ;;
656 *-*-solaris*)
657 if test "x$withval" != "xno" ; then
658 need_dash_r=1
659 fi
660 AC_DEFINE(PAM_SUN_CODEBASE)
661 AC_DEFINE(LOGIN_NEEDS_UTMPX)
662 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
663 [Some versions of /bin/login need the TERM supplied
664 on the commandline])
665 AC_DEFINE(PAM_TTY_KLUDGE)
666 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
667 [Define if pam_chauthtok wants real uid set
668 to the unpriv'ed user])
669 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
670 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
671 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
672 [Define if sshd somehow reacquires a controlling TTY
673 after setsid()])
674 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
675 in case the name is longer than 8 chars])
676 AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
677 external_path_file=/etc/default/login
678 # hardwire lastlog location (can't detect it on some versions)
679 conf_lastlog_location="/var/adm/lastlog"
680 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
681 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
682 if test "$sol2ver" -ge 8; then
683 AC_MSG_RESULT(yes)
684 AC_DEFINE(DISABLE_UTMP)
685 AC_DEFINE(DISABLE_WTMP, 1,
686 [Define if you don't want to use wtmp])
687 else
688 AC_MSG_RESULT(no)
689 fi
690 AC_ARG_WITH(solaris-contracts,
691 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
692 [
693 AC_CHECK_LIB(contract, ct_tmpl_activate,
694 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
695 [Define if you have Solaris process contracts])
696 SSHDLIBS="$SSHDLIBS -lcontract"
697 AC_SUBST(SSHDLIBS)
698 SPC_MSG="yes" ], )
699 ],
700 )
701 ;;
702 *-*-sunos4*)
703 CPPFLAGS="$CPPFLAGS -DSUNOS4"
704 AC_CHECK_FUNCS(getpwanam)
705 AC_DEFINE(PAM_SUN_CODEBASE)
706 conf_utmp_location=/etc/utmp
707 conf_wtmp_location=/var/adm/wtmp
708 conf_lastlog_location=/var/adm/lastlog
709 AC_DEFINE(USE_PIPES)
710 ;;
711 *-ncr-sysv*)
712 LIBS="$LIBS -lc89"
713 AC_DEFINE(USE_PIPES)
714 AC_DEFINE(SSHD_ACQUIRES_CTTY)
715 AC_DEFINE(SETEUID_BREAKS_SETUID)
716 AC_DEFINE(BROKEN_SETREUID)
717 AC_DEFINE(BROKEN_SETREGID)
718 ;;
719 *-sni-sysv*)
720 # /usr/ucblib MUST NOT be searched on ReliantUNIX
721 AC_CHECK_LIB(dl, dlsym, ,)
722 # -lresolv needs to be at the end of LIBS or DNS lookups break
723 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
724 IPADDR_IN_DISPLAY=yes
725 AC_DEFINE(USE_PIPES)
726 AC_DEFINE(IP_TOS_IS_BROKEN)
727 AC_DEFINE(SETEUID_BREAKS_SETUID)
728 AC_DEFINE(BROKEN_SETREUID)
729 AC_DEFINE(BROKEN_SETREGID)
730 AC_DEFINE(SSHD_ACQUIRES_CTTY)
731 external_path_file=/etc/default/login
732 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
733 # Attention: always take care to bind libsocket and libnsl before libc,
734 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
735 ;;
736 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
737 *-*-sysv4.2*)
738 AC_DEFINE(USE_PIPES)
739 AC_DEFINE(SETEUID_BREAKS_SETUID)
740 AC_DEFINE(BROKEN_SETREUID)
741 AC_DEFINE(BROKEN_SETREGID)
742 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
743 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
744 ;;
745 # UnixWare 7.x, OpenUNIX 8
746 *-*-sysv5*)
747 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
748 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
749 AC_DEFINE(USE_PIPES)
750 AC_DEFINE(SETEUID_BREAKS_SETUID)
751 AC_DEFINE(BROKEN_GETADDRINFO)
752 AC_DEFINE(BROKEN_SETREUID)
753 AC_DEFINE(BROKEN_SETREGID)
754 AC_DEFINE(PASSWD_NEEDS_USERNAME)
755 case "$host" in
756 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
757 TEST_SHELL=/u95/bin/sh
758 AC_DEFINE(BROKEN_LIBIAF, 1,
759 [ia_uinfo routines not supported by OS yet])
760 AC_DEFINE(BROKEN_UPDWTMPX)
761 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
762 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
763 AC_DEFINE(HAVE_SECUREWARE)
764 AC_DEFINE(DISABLE_SHADOW)
765 ],,)
766 ;;
767 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
768 check_for_libcrypt_later=1
769 ;;
770 esac
771 ;;
772 *-*-sysv*)
773 ;;
774 # SCO UNIX and OEM versions of SCO UNIX
775 *-*-sco3.2v4*)
776 AC_MSG_ERROR("This Platform is no longer supported.")
777 ;;
778 # SCO OpenServer 5.x
779 *-*-sco3.2v5*)
780 if test -z "$GCC"; then
781 CFLAGS="$CFLAGS -belf"
782 fi
783 LIBS="$LIBS -lprot -lx -ltinfo -lm"
784 no_dev_ptmx=1
785 AC_DEFINE(USE_PIPES)
786 AC_DEFINE(HAVE_SECUREWARE)
787 AC_DEFINE(DISABLE_SHADOW)
788 AC_DEFINE(DISABLE_FD_PASSING)
789 AC_DEFINE(SETEUID_BREAKS_SETUID)
790 AC_DEFINE(BROKEN_GETADDRINFO)
791 AC_DEFINE(BROKEN_SETREUID)
792 AC_DEFINE(BROKEN_SETREGID)
793 AC_DEFINE(WITH_ABBREV_NO_TTY)
794 AC_DEFINE(BROKEN_UPDWTMPX)
795 AC_DEFINE(PASSWD_NEEDS_USERNAME)
796 AC_CHECK_FUNCS(getluid setluid)
797 MANTYPE=man
798 TEST_SHELL=ksh
799 ;;
800 *-*-unicosmk*)
801 AC_DEFINE(NO_SSH_LASTLOG, 1,
802 [Define if you don't want to use lastlog in session.c])
803 AC_DEFINE(SETEUID_BREAKS_SETUID)
804 AC_DEFINE(BROKEN_SETREUID)
805 AC_DEFINE(BROKEN_SETREGID)
806 AC_DEFINE(USE_PIPES)
807 AC_DEFINE(DISABLE_FD_PASSING)
808 LDFLAGS="$LDFLAGS"
809 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
810 MANTYPE=cat
811 ;;
812 *-*-unicosmp*)
813 AC_DEFINE(SETEUID_BREAKS_SETUID)
814 AC_DEFINE(BROKEN_SETREUID)
815 AC_DEFINE(BROKEN_SETREGID)
816 AC_DEFINE(WITH_ABBREV_NO_TTY)
817 AC_DEFINE(USE_PIPES)
818 AC_DEFINE(DISABLE_FD_PASSING)
819 LDFLAGS="$LDFLAGS"
820 LIBS="$LIBS -lgen -lacid -ldb"
821 MANTYPE=cat
822 ;;
823 *-*-unicos*)
824 AC_DEFINE(SETEUID_BREAKS_SETUID)
825 AC_DEFINE(BROKEN_SETREUID)
826 AC_DEFINE(BROKEN_SETREGID)
827 AC_DEFINE(USE_PIPES)
828 AC_DEFINE(DISABLE_FD_PASSING)
829 AC_DEFINE(NO_SSH_LASTLOG)
830 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
831 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
832 MANTYPE=cat
833 ;;
834 *-dec-osf*)
835 AC_MSG_CHECKING(for Digital Unix SIA)
836 no_osfsia=""
837 AC_ARG_WITH(osfsia,
838 [ --with-osfsia Enable Digital Unix SIA],
839 [
840 if test "x$withval" = "xno" ; then
841 AC_MSG_RESULT(disabled)
842 no_osfsia=1
843 fi
844 ],
845 )
846 if test -z "$no_osfsia" ; then
847 if test -f /etc/sia/matrix.conf; then
848 AC_MSG_RESULT(yes)
849 AC_DEFINE(HAVE_OSF_SIA, 1,
850 [Define if you have Digital Unix Security
851 Integration Architecture])
852 AC_DEFINE(DISABLE_LOGIN, 1,
853 [Define if you don't want to use your
854 system's login() call])
855 AC_DEFINE(DISABLE_FD_PASSING)
856 LIBS="$LIBS -lsecurity -ldb -lm -laud"
857 SIA_MSG="yes"
858 else
859 AC_MSG_RESULT(no)
860 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
861 [String used in /etc/passwd to denote locked account])
862 fi
863 fi
864 AC_DEFINE(BROKEN_GETADDRINFO)
865 AC_DEFINE(SETEUID_BREAKS_SETUID)
866 AC_DEFINE(BROKEN_SETREUID)
867 AC_DEFINE(BROKEN_SETREGID)
868 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
869 ;;
871 *-*-nto-qnx*)
872 AC_DEFINE(USE_PIPES)
873 AC_DEFINE(NO_X11_UNIX_SOCKETS)
874 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
875 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
876 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
877 AC_DEFINE(DISABLE_LASTLOG)
878 AC_DEFINE(SSHD_ACQUIRES_CTTY)
879 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
880 enable_etc_default_login=no # has incompatible /etc/default/login
881 case "$host" in
882 *-*-nto-qnx6*)
883 AC_DEFINE(DISABLE_FD_PASSING)
884 ;;
885 esac
886 ;;
888 *-*-ultrix*)
889 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
890 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
891 AC_DEFINE(NEED_SETPGRP)
892 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
893 ;;
895 *-*-lynxos)
896 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
897 AC_DEFINE(MISSING_HOWMANY)
898 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
899 ;;
900 esac
902 AC_MSG_CHECKING(compiler and flags for sanity)
903 AC_RUN_IFELSE(
904 [AC_LANG_SOURCE([
905 #include <stdio.h>
906 int main(){exit(0);}
907 ])],
908 [ AC_MSG_RESULT(yes) ],
909 [
910 AC_MSG_RESULT(no)
911 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
912 ],
913 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
914 )
916 dnl Checks for header files.
917 # Checks for libraries.
918 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
919 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
921 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
922 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
923 AC_CHECK_LIB(gen, dirname,[
924 AC_CACHE_CHECK([for broken dirname],
925 ac_cv_have_broken_dirname, [
926 save_LIBS="$LIBS"
927 LIBS="$LIBS -lgen"
928 AC_RUN_IFELSE(
929 [AC_LANG_SOURCE([[
930 #include <libgen.h>
931 #include <string.h>
933 int main(int argc, char **argv) {
934 char *s, buf[32];
936 strncpy(buf,"/etc", 32);
937 s = dirname(buf);
938 if (!s || strncmp(s, "/", 32) != 0) {
939 exit(1);
940 } else {
941 exit(0);
942 }
943 }
944 ]])],
945 [ ac_cv_have_broken_dirname="no" ],
946 [ ac_cv_have_broken_dirname="yes" ],
947 [ ac_cv_have_broken_dirname="no" ],
948 )
949 LIBS="$save_LIBS"
950 ])
951 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
952 LIBS="$LIBS -lgen"
953 AC_DEFINE(HAVE_DIRNAME)
954 AC_CHECK_HEADERS(libgen.h)
955 fi
956 ])
957 ])
959 AC_CHECK_FUNC(getspnam, ,
960 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
961 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
962 [Define if you have the basename function.]))
964 dnl zlib is required
965 AC_ARG_WITH(zlib,
966 [ --with-zlib=PATH Use zlib in PATH],
967 [ if test "x$withval" = "xno" ; then
968 AC_MSG_ERROR([*** zlib is required ***])
969 elif test "x$withval" != "xyes"; then
970 if test -d "$withval/lib"; then
971 if test -n "${need_dash_r}"; then
972 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
973 else
974 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
975 fi
976 else
977 if test -n "${need_dash_r}"; then
978 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
979 else
980 LDFLAGS="-L${withval} ${LDFLAGS}"
981 fi
982 fi
983 if test -d "$withval/include"; then
984 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
985 else
986 CPPFLAGS="-I${withval} ${CPPFLAGS}"
987 fi
988 fi ]
989 )
991 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
992 AC_CHECK_LIB(z, deflate, ,
993 [
994 saved_CPPFLAGS="$CPPFLAGS"
995 saved_LDFLAGS="$LDFLAGS"
996 save_LIBS="$LIBS"
997 dnl Check default zlib install dir
998 if test -n "${need_dash_r}"; then
999 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1000 else
1001 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1002 fi
1003 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1004 LIBS="$LIBS -lz"
1005 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1006 [
1007 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1008 ]
1009 )
1010 ]
1011 )
1013 AC_ARG_WITH(zlib-version-check,
1014 [ --without-zlib-version-check Disable zlib version check],
1015 [ if test "x$withval" = "xno" ; then
1016 zlib_check_nonfatal=1
1017 fi
1018 ]
1019 )
1021 AC_MSG_CHECKING(for possibly buggy zlib)
1022 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1023 #include <stdio.h>
1024 #include <zlib.h>
1025 int main()
1026 {
1027 int a=0, b=0, c=0, d=0, n, v;
1028 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1029 if (n != 3 && n != 4)
1030 exit(1);
1031 v = a*1000000 + b*10000 + c*100 + d;
1032 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1034 /* 1.1.4 is OK */
1035 if (a == 1 && b == 1 && c >= 4)
1036 exit(0);
1038 /* 1.2.3 and up are OK */
1039 if (v >= 1020300)
1040 exit(0);
1042 exit(2);
1043 }
1044 ]])],
1045 AC_MSG_RESULT(no),
1046 [ AC_MSG_RESULT(yes)
1047 if test -z "$zlib_check_nonfatal" ; then
1048 AC_MSG_ERROR([*** zlib too old - check config.log ***
1049 Your reported zlib version has known security problems. It's possible your
1050 vendor has fixed these problems without changing the version number. If you
1051 are sure this is the case, you can disable the check by running
1052 "./configure --without-zlib-version-check".
1053 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1054 See http://www.gzip.org/zlib/ for details.])
1055 else
1056 AC_MSG_WARN([zlib version may have security problems])
1057 fi
1058 ],
1059 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1060 )
1062 dnl UnixWare 2.x
1063 AC_CHECK_FUNC(strcasecmp,
1064 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1065 )
1066 AC_CHECK_FUNCS(utimes,
1067 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1068 LIBS="$LIBS -lc89"]) ]
1069 )
1071 dnl Checks for libutil functions
1072 AC_CHECK_HEADERS(libutil.h)
1073 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1074 [Define if your libraries define login()])])
1075 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1077 AC_FUNC_STRFTIME
1079 # Check for ALTDIRFUNC glob() extension
1080 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1081 AC_EGREP_CPP(FOUNDIT,
1082 [
1083 #include <glob.h>
1084 #ifdef GLOB_ALTDIRFUNC
1085 FOUNDIT
1086 #endif
1087 ],
1088 [
1089 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1090 [Define if your system glob() function has
1091 the GLOB_ALTDIRFUNC extension])
1092 AC_MSG_RESULT(yes)
1093 ],
1094 [
1095 AC_MSG_RESULT(no)
1096 ]
1097 )
1099 # Check for g.gl_matchc glob() extension
1100 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1101 AC_TRY_COMPILE(
1102 [ #include <glob.h> ],
1103 [glob_t g; g.gl_matchc = 1;],
1104 [
1105 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1106 [Define if your system glob() function has
1107 gl_matchc options in glob_t])
1108 AC_MSG_RESULT(yes)
1109 ],
1110 [
1111 AC_MSG_RESULT(no)
1112 ]
1113 )
1115 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1117 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1118 AC_RUN_IFELSE(
1119 [AC_LANG_SOURCE([[
1120 #include <sys/types.h>
1121 #include <dirent.h>
1122 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1123 ]])],
1124 [AC_MSG_RESULT(yes)],
1125 [
1126 AC_MSG_RESULT(no)
1127 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1128 [Define if your struct dirent expects you to
1129 allocate extra space for d_name])
1130 ],
1131 [
1132 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1133 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1134 ]
1135 )
1137 AC_MSG_CHECKING([for /proc/pid/fd directory])
1138 if test -d "/proc/$$/fd" ; then
1139 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1140 AC_MSG_RESULT(yes)
1141 else
1142 AC_MSG_RESULT(no)
1143 fi
1145 # Check whether user wants S/Key support
1146 SKEY_MSG="no"
1147 AC_ARG_WITH(skey,
1148 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1149 [
1150 if test "x$withval" != "xno" ; then
1152 if test "x$withval" != "xyes" ; then
1153 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1154 LDFLAGS="$LDFLAGS -L${withval}/lib"
1155 fi
1157 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1158 LIBS="-lskey $LIBS"
1159 SKEY_MSG="yes"
1161 AC_MSG_CHECKING([for s/key support])
1162 AC_LINK_IFELSE(
1163 [AC_LANG_SOURCE([[
1164 #include <stdio.h>
1165 #include <skey.h>
1166 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1167 ]])],
1168 [AC_MSG_RESULT(yes)],
1169 [
1170 AC_MSG_RESULT(no)
1171 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1172 ])
1173 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1174 AC_TRY_COMPILE(
1175 [#include <stdio.h>
1176 #include <skey.h>],
1177 [(void)skeychallenge(NULL,"name","",0);],
1178 [AC_MSG_RESULT(yes)
1179 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1180 [Define if your skeychallenge()
1181 function takes 4 arguments (NetBSD)])],
1182 [AC_MSG_RESULT(no)]
1183 )
1184 fi
1185 ]
1186 )
1188 # Check whether user wants TCP wrappers support
1189 TCPW_MSG="no"
1190 AC_ARG_WITH(tcp-wrappers,
1191 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1192 [
1193 if test "x$withval" != "xno" ; then
1194 saved_LIBS="$LIBS"
1195 saved_LDFLAGS="$LDFLAGS"
1196 saved_CPPFLAGS="$CPPFLAGS"
1197 if test -n "${withval}" && \
1198 test "x${withval}" != "xyes"; then
1199 if test -d "${withval}/lib"; then
1200 if test -n "${need_dash_r}"; then
1201 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1202 else
1203 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1204 fi
1205 else
1206 if test -n "${need_dash_r}"; then
1207 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1208 else
1209 LDFLAGS="-L${withval} ${LDFLAGS}"
1210 fi
1211 fi
1212 if test -d "${withval}/include"; then
1213 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1214 else
1215 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1216 fi
1217 fi
1218 LIBS="-lwrap $LIBS"
1219 AC_MSG_CHECKING(for libwrap)
1220 AC_TRY_LINK(
1221 [
1222 #include <sys/types.h>
1223 #include <sys/socket.h>
1224 #include <netinet/in.h>
1225 #include <tcpd.h>
1226 int deny_severity = 0, allow_severity = 0;
1227 ],
1228 [hosts_access(0);],
1229 [
1230 AC_MSG_RESULT(yes)
1231 AC_DEFINE(LIBWRAP, 1,
1232 [Define if you want
1233 TCP Wrappers support])
1234 SSHDLIBS="$SSHDLIBS -lwrap"
1235 TCPW_MSG="yes"
1236 ],
1237 [
1238 AC_MSG_ERROR([*** libwrap missing])
1239 ]
1240 )
1241 LIBS="$saved_LIBS"
1242 fi
1243 ]
1244 )
1246 # Check whether user wants libedit support
1247 LIBEDIT_MSG="no"
1248 AC_ARG_WITH(libedit,
1249 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1250 [ if test "x$withval" != "xno" ; then
1251 if test "x$withval" != "xyes"; then
1252 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1253 if test -n "${need_dash_r}"; then
1254 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1255 else
1256 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1257 fi
1258 fi
1259 AC_CHECK_LIB(edit, el_init,
1260 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1261 LIBEDIT="-ledit -lcurses"
1262 LIBEDIT_MSG="yes"
1263 AC_SUBST(LIBEDIT)
1264 ],
1265 [ AC_MSG_ERROR(libedit not found) ],
1266 [ -lcurses ]
1267 )
1268 AC_MSG_CHECKING(if libedit version is compatible)
1269 AC_COMPILE_IFELSE(
1270 [AC_LANG_SOURCE([[
1271 #include <histedit.h>
1272 int main(void)
1273 {
1274 int i = H_SETSIZE;
1275 el_init("", NULL, NULL, NULL);
1276 exit(0);
1277 }
1278 ]])],
1279 [ AC_MSG_RESULT(yes) ],
1280 [ AC_MSG_RESULT(no)
1281 AC_MSG_ERROR(libedit version is not compatible) ]
1282 )
1283 fi ]
1284 )
1286 AUDIT_MODULE=none
1287 AC_ARG_WITH(audit,
1288 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1289 [
1290 AC_MSG_CHECKING(for supported audit module)
1291 case "$withval" in
1292 bsm)
1293 AC_MSG_RESULT(bsm)
1294 AUDIT_MODULE=bsm
1295 dnl Checks for headers, libs and functions
1296 AC_CHECK_HEADERS(bsm/audit.h, [],
1297 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1298 [
1299 #ifdef HAVE_TIME_H
1300 # include <time.h>
1301 #endif
1302 ]
1303 )
1304 AC_CHECK_LIB(bsm, getaudit, [],
1305 [AC_MSG_ERROR(BSM enabled and required library not found)])
1306 AC_CHECK_FUNCS(getaudit, [],
1307 [AC_MSG_ERROR(BSM enabled and required function not found)])
1308 # These are optional
1309 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1310 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1311 ;;
1312 debug)
1313 AUDIT_MODULE=debug
1314 AC_MSG_RESULT(debug)
1315 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1316 ;;
1317 no)
1318 AC_MSG_RESULT(no)
1319 ;;
1320 *)
1321 AC_MSG_ERROR([Unknown audit module $withval])
1322 ;;
1323 esac ]
1324 )
1326 dnl Checks for library functions. Please keep in alphabetical order
1327 AC_CHECK_FUNCS( \
1328 arc4random \
1329 arc4random_buf \
1330 arc4random_uniform \
1331 asprintf \
1332 b64_ntop \
1333 __b64_ntop \
1334 b64_pton \
1335 __b64_pton \
1336 bcopy \
1337 bindresvport_sa \
1338 clock \
1339 closefrom \
1340 dirfd \
1341 fchmod \
1342 fchown \
1343 freeaddrinfo \
1344 fstatvfs \
1345 futimes \
1346 getaddrinfo \
1347 getcwd \
1348 getgrouplist \
1349 getnameinfo \
1350 getopt \
1351 getpeereid \
1352 getpeerucred \
1353 _getpty \
1354 getrlimit \
1355 getttyent \
1356 glob \
1357 group_from_gid \
1358 inet_aton \
1359 inet_ntoa \
1360 inet_ntop \
1361 innetgr \
1362 login_getcapbool \
1363 md5_crypt \
1364 memmove \
1365 mkdtemp \
1366 mmap \
1367 ngetaddrinfo \
1368 nsleep \
1369 ogetaddrinfo \
1370 openlog_r \
1371 openpty \
1372 poll \
1373 prctl \
1374 pstat \
1375 readpassphrase \
1376 realpath \
1377 recvmsg \
1378 rresvport_af \
1379 sendmsg \
1380 setdtablesize \
1381 setegid \
1382 setenv \
1383 seteuid \
1384 setgroupent \
1385 setgroups \
1386 setlogin \
1387 setpassent\
1388 setpcred \
1389 setproctitle \
1390 setregid \
1391 setreuid \
1392 setrlimit \
1393 setsid \
1394 setvbuf \
1395 sigaction \
1396 sigvec \
1397 snprintf \
1398 socketpair \
1399 statfs \
1400 statvfs \
1401 strdup \
1402 strerror \
1403 strlcat \
1404 strlcpy \
1405 strmode \
1406 strnvis \
1407 strtonum \
1408 strtoll \
1409 strtoul \
1410 swap32 \
1411 sysconf \
1412 tcgetpgrp \
1413 truncate \
1414 unsetenv \
1415 updwtmpx \
1416 user_from_uid \
1417 vasprintf \
1418 vhangup \
1419 vsnprintf \
1420 waitpid \
1421 )
1423 # PKCS#11 support requires dlopen() and co
1424 AC_SEARCH_LIBS(dlopen, dl,
1425 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
1426 )
1428 # IRIX has a const char return value for gai_strerror()
1429 AC_CHECK_FUNCS(gai_strerror,[
1430 AC_DEFINE(HAVE_GAI_STRERROR)
1431 AC_TRY_COMPILE([
1432 #include <sys/types.h>
1433 #include <sys/socket.h>
1434 #include <netdb.h>
1436 const char *gai_strerror(int);],[
1437 char *str;
1439 str = gai_strerror(0);],[
1440 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1441 [Define if gai_strerror() returns const char *])])])
1443 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1444 [Some systems put nanosleep outside of libc]))
1446 dnl Make sure prototypes are defined for these before using them.
1447 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1448 AC_CHECK_DECL(strsep,
1449 [AC_CHECK_FUNCS(strsep)],
1450 [],
1451 [
1452 #ifdef HAVE_STRING_H
1453 # include <string.h>
1454 #endif
1455 ])
1457 dnl tcsendbreak might be a macro
1458 AC_CHECK_DECL(tcsendbreak,
1459 [AC_DEFINE(HAVE_TCSENDBREAK)],
1460 [AC_CHECK_FUNCS(tcsendbreak)],
1461 [#include <termios.h>]
1462 )
1464 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1466 AC_CHECK_DECLS(SHUT_RD, , ,
1467 [
1468 #include <sys/types.h>
1469 #include <sys/socket.h>
1470 ])
1472 AC_CHECK_DECLS(O_NONBLOCK, , ,
1473 [
1474 #include <sys/types.h>
1475 #ifdef HAVE_SYS_STAT_H
1476 # include <sys/stat.h>
1477 #endif
1478 #ifdef HAVE_FCNTL_H
1479 # include <fcntl.h>
1480 #endif
1481 ])
1483 AC_CHECK_DECLS(writev, , , [
1484 #include <sys/types.h>
1485 #include <sys/uio.h>
1486 #include <unistd.h>
1487 ])
1489 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1490 #include <sys/param.h>
1491 ])
1493 AC_CHECK_DECLS(offsetof, , , [
1494 #include <stddef.h>
1495 ])
1497 AC_CHECK_FUNCS(setresuid, [
1498 dnl Some platorms have setresuid that isn't implemented, test for this
1499 AC_MSG_CHECKING(if setresuid seems to work)
1500 AC_RUN_IFELSE(
1501 [AC_LANG_SOURCE([[
1502 #include <stdlib.h>
1503 #include <errno.h>
1504 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1505 ]])],
1506 [AC_MSG_RESULT(yes)],
1507 [AC_DEFINE(BROKEN_SETRESUID, 1,
1508 [Define if your setresuid() is broken])
1509 AC_MSG_RESULT(not implemented)],
1510 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1511 )
1512 ])
1514 AC_CHECK_FUNCS(setresgid, [
1515 dnl Some platorms have setresgid that isn't implemented, test for this
1516 AC_MSG_CHECKING(if setresgid seems to work)
1517 AC_RUN_IFELSE(
1518 [AC_LANG_SOURCE([[
1519 #include <stdlib.h>
1520 #include <errno.h>
1521 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1522 ]])],
1523 [AC_MSG_RESULT(yes)],
1524 [AC_DEFINE(BROKEN_SETRESGID, 1,
1525 [Define if your setresgid() is broken])
1526 AC_MSG_RESULT(not implemented)],
1527 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1528 )
1529 ])
1531 dnl Checks for time functions
1532 AC_CHECK_FUNCS(gettimeofday time)
1533 dnl Checks for utmp functions
1534 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1535 AC_CHECK_FUNCS(utmpname)
1536 dnl Checks for utmpx functions
1537 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1538 AC_CHECK_FUNCS(setutxent utmpxname)
1539 dnl Checks for lastlog functions
1540 AC_CHECK_FUNCS(getlastlogxbyname)
1542 AC_CHECK_FUNC(daemon,
1543 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1544 [AC_CHECK_LIB(bsd, daemon,
1545 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1546 )
1548 AC_CHECK_FUNC(getpagesize,
1549 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1550 [Define if your libraries define getpagesize()])],
1551 [AC_CHECK_LIB(ucb, getpagesize,
1552 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1553 )
1555 # Check for broken snprintf
1556 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1557 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1558 AC_RUN_IFELSE(
1559 [AC_LANG_SOURCE([[
1560 #include <stdio.h>
1561 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1562 ]])],
1563 [AC_MSG_RESULT(yes)],
1564 [
1565 AC_MSG_RESULT(no)
1566 AC_DEFINE(BROKEN_SNPRINTF, 1,
1567 [Define if your snprintf is busted])
1568 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1569 ],
1570 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1571 )
1572 fi
1574 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1575 # returning the right thing on overflow: the number of characters it tried to
1576 # create (as per SUSv3)
1577 if test "x$ac_cv_func_asprintf" != "xyes" && \
1578 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1579 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1580 AC_RUN_IFELSE(
1581 [AC_LANG_SOURCE([[
1582 #include <sys/types.h>
1583 #include <stdio.h>
1584 #include <stdarg.h>
1586 int x_snprintf(char *str,size_t count,const char *fmt,...)
1587 {
1588 size_t ret; va_list ap;
1589 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1590 return ret;
1591 }
1592 int main(void)
1593 {
1594 char x[1];
1595 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1596 } ]])],
1597 [AC_MSG_RESULT(yes)],
1598 [
1599 AC_MSG_RESULT(no)
1600 AC_DEFINE(BROKEN_SNPRINTF, 1,
1601 [Define if your snprintf is busted])
1602 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1603 ],
1604 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1605 )
1606 fi
1608 # On systems where [v]snprintf is broken, but is declared in stdio,
1609 # check that the fmt argument is const char * or just char *.
1610 # This is only useful for when BROKEN_SNPRINTF
1611 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1612 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1613 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1614 int main(void) { snprintf(0, 0, 0); }
1615 ]])],
1616 [AC_MSG_RESULT(yes)
1617 AC_DEFINE(SNPRINTF_CONST, [const],
1618 [Define as const if snprintf() can declare const char *fmt])],
1619 [AC_MSG_RESULT(no)
1620 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1622 # Check for missing getpeereid (or equiv) support
1623 NO_PEERCHECK=""
1624 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1625 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1626 AC_TRY_COMPILE(
1627 [#include <sys/types.h>
1628 #include <sys/socket.h>],
1629 [int i = SO_PEERCRED;],
1630 [ AC_MSG_RESULT(yes)
1631 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1632 ],
1633 [AC_MSG_RESULT(no)
1634 NO_PEERCHECK=1]
1635 )
1636 fi
1638 dnl see whether mkstemp() requires XXXXXX
1639 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1640 AC_MSG_CHECKING([for (overly) strict mkstemp])
1641 AC_RUN_IFELSE(
1642 [AC_LANG_SOURCE([[
1643 #include <stdlib.h>
1644 main() { char template[]="conftest.mkstemp-test";
1645 if (mkstemp(template) == -1)
1646 exit(1);
1647 unlink(template); exit(0);
1648 }
1649 ]])],
1650 [
1651 AC_MSG_RESULT(no)
1652 ],
1653 [
1654 AC_MSG_RESULT(yes)
1655 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1656 ],
1657 [
1658 AC_MSG_RESULT(yes)
1659 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1660 ]
1661 )
1662 fi
1664 dnl make sure that openpty does not reacquire controlling terminal
1665 if test ! -z "$check_for_openpty_ctty_bug"; then
1666 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1667 AC_RUN_IFELSE(
1668 [AC_LANG_SOURCE([[
1669 #include <stdio.h>
1670 #include <sys/fcntl.h>
1671 #include <sys/types.h>
1672 #include <sys/wait.h>
1674 int
1675 main()
1676 {
1677 pid_t pid;
1678 int fd, ptyfd, ttyfd, status;
1680 pid = fork();
1681 if (pid < 0) { /* failed */
1682 exit(1);
1683 } else if (pid > 0) { /* parent */
1684 waitpid(pid, &status, 0);
1685 if (WIFEXITED(status))
1686 exit(WEXITSTATUS(status));
1687 else
1688 exit(2);
1689 } else { /* child */
1690 close(0); close(1); close(2);
1691 setsid();
1692 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1693 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1694 if (fd >= 0)
1695 exit(3); /* Acquired ctty: broken */
1696 else
1697 exit(0); /* Did not acquire ctty: OK */
1698 }
1699 }
1700 ]])],
1701 [
1702 AC_MSG_RESULT(yes)
1703 ],
1704 [
1705 AC_MSG_RESULT(no)
1706 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1707 ],
1708 [
1709 AC_MSG_RESULT(cross-compiling, assuming yes)
1710 ]
1711 )
1712 fi
1714 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1715 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1716 AC_MSG_CHECKING(if getaddrinfo seems to work)
1717 AC_RUN_IFELSE(
1718 [AC_LANG_SOURCE([[
1719 #include <stdio.h>
1720 #include <sys/socket.h>
1721 #include <netdb.h>
1722 #include <errno.h>
1723 #include <netinet/in.h>
1725 #define TEST_PORT "2222"
1727 int
1728 main(void)
1729 {
1730 int err, sock;
1731 struct addrinfo *gai_ai, *ai, hints;
1732 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1734 memset(&hints, 0, sizeof(hints));
1735 hints.ai_family = PF_UNSPEC;
1736 hints.ai_socktype = SOCK_STREAM;
1737 hints.ai_flags = AI_PASSIVE;
1739 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1740 if (err != 0) {
1741 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1742 exit(1);
1743 }
1745 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1746 if (ai->ai_family != AF_INET6)
1747 continue;
1749 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1750 sizeof(ntop), strport, sizeof(strport),
1751 NI_NUMERICHOST|NI_NUMERICSERV);
1753 if (err != 0) {
1754 if (err == EAI_SYSTEM)
1755 perror("getnameinfo EAI_SYSTEM");
1756 else
1757 fprintf(stderr, "getnameinfo failed: %s\n",
1758 gai_strerror(err));
1759 exit(2);
1760 }
1762 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1763 if (sock < 0)
1764 perror("socket");
1765 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1766 if (errno == EBADF)
1767 exit(3);
1768 }
1769 }
1770 exit(0);
1771 }
1772 ]])],
1773 [
1774 AC_MSG_RESULT(yes)
1775 ],
1776 [
1777 AC_MSG_RESULT(no)
1778 AC_DEFINE(BROKEN_GETADDRINFO)
1779 ],
1780 [
1781 AC_MSG_RESULT(cross-compiling, assuming yes)
1782 ]
1783 )
1784 fi
1786 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1787 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1788 AC_MSG_CHECKING(if getaddrinfo seems to work)
1789 AC_RUN_IFELSE(
1790 [AC_LANG_SOURCE([[
1791 #include <stdio.h>
1792 #include <sys/socket.h>
1793 #include <netdb.h>
1794 #include <errno.h>
1795 #include <netinet/in.h>
1797 #define TEST_PORT "2222"
1799 int
1800 main(void)
1801 {
1802 int err, sock;
1803 struct addrinfo *gai_ai, *ai, hints;
1804 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1806 memset(&hints, 0, sizeof(hints));
1807 hints.ai_family = PF_UNSPEC;
1808 hints.ai_socktype = SOCK_STREAM;
1809 hints.ai_flags = AI_PASSIVE;
1811 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1812 if (err != 0) {
1813 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1814 exit(1);
1815 }
1817 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1818 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1819 continue;
1821 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1822 sizeof(ntop), strport, sizeof(strport),
1823 NI_NUMERICHOST|NI_NUMERICSERV);
1825 if (ai->ai_family == AF_INET && err != 0) {
1826 perror("getnameinfo");
1827 exit(2);
1828 }
1829 }
1830 exit(0);
1831 }
1832 ]])],
1833 [
1834 AC_MSG_RESULT(yes)
1835 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1836 [Define if you have a getaddrinfo that fails
1837 for the all-zeros IPv6 address])
1838 ],
1839 [
1840 AC_MSG_RESULT(no)
1841 AC_DEFINE(BROKEN_GETADDRINFO)
1842 ],
1843 [
1844 AC_MSG_RESULT(cross-compiling, assuming no)
1845 ]
1846 )
1847 fi
1849 if test "x$check_for_conflicting_getspnam" = "x1"; then
1850 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1851 AC_COMPILE_IFELSE(
1852 [
1853 #include <shadow.h>
1854 int main(void) {exit(0);}
1855 ],
1856 [
1857 AC_MSG_RESULT(no)
1858 ],
1859 [
1860 AC_MSG_RESULT(yes)
1861 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1862 [Conflicting defs for getspnam])
1863 ]
1864 )
1865 fi
1867 AC_FUNC_GETPGRP
1869 # Search for OpenSSL
1870 saved_CPPFLAGS="$CPPFLAGS"
1871 saved_LDFLAGS="$LDFLAGS"
1872 AC_ARG_WITH(ssl-dir,
1873 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1874 [
1875 if test "x$withval" != "xno" ; then
1876 case "$withval" in
1877 # Relative paths
1878 ./*|../*) withval="`pwd`/$withval"
1879 esac
1880 if test -d "$withval/lib"; then
1881 if test -n "${need_dash_r}"; then
1882 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1883 else
1884 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1885 fi
1886 else
1887 if test -n "${need_dash_r}"; then
1888 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1889 else
1890 LDFLAGS="-L${withval} ${LDFLAGS}"
1891 fi
1892 fi
1893 if test -d "$withval/include"; then
1894 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1895 else
1896 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1897 fi
1898 fi
1899 ]
1900 )
1901 LIBS="-lcrypto $LIBS"
1902 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1903 [Define if your ssl headers are included
1904 with #include <openssl/header.h>]),
1905 [
1906 dnl Check default openssl install dir
1907 if test -n "${need_dash_r}"; then
1908 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1909 else
1910 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1911 fi
1912 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1913 AC_CHECK_HEADER([openssl/opensslv.h], ,
1914 AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
1915 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1916 [
1917 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1918 ]
1919 )
1920 ]
1921 )
1923 # Determine OpenSSL header version
1924 AC_MSG_CHECKING([OpenSSL header version])
1925 AC_RUN_IFELSE(
1926 [AC_LANG_SOURCE([[
1927 #include <stdio.h>
1928 #include <string.h>
1929 #include <openssl/opensslv.h>
1930 #define DATA "conftest.sslincver"
1931 int main(void) {
1932 FILE *fd;
1933 int rc;
1935 fd = fopen(DATA,"w");
1936 if(fd == NULL)
1937 exit(1);
1939 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1940 exit(1);
1942 exit(0);
1943 }
1944 ]])],
1945 [
1946 ssl_header_ver=`cat conftest.sslincver`
1947 AC_MSG_RESULT($ssl_header_ver)
1948 ],
1949 [
1950 AC_MSG_RESULT(not found)
1951 AC_MSG_ERROR(OpenSSL version header not found.)
1952 ],
1953 [
1954 AC_MSG_WARN([cross compiling: not checking])
1955 ]
1956 )
1958 # Determine OpenSSL library version
1959 AC_MSG_CHECKING([OpenSSL library version])
1960 AC_RUN_IFELSE(
1961 [AC_LANG_SOURCE([[
1962 #include <stdio.h>
1963 #include <string.h>
1964 #include <openssl/opensslv.h>
1965 #include <openssl/crypto.h>
1966 #define DATA "conftest.ssllibver"
1967 int main(void) {
1968 FILE *fd;
1969 int rc;
1971 fd = fopen(DATA,"w");
1972 if(fd == NULL)
1973 exit(1);
1975 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1976 exit(1);
1978 exit(0);
1979 }
1980 ]])],
1981 [
1982 ssl_library_ver=`cat conftest.ssllibver`
1983 AC_MSG_RESULT($ssl_library_ver)
1984 ],
1985 [
1986 AC_MSG_RESULT(not found)
1987 AC_MSG_ERROR(OpenSSL library not found.)
1988 ],
1989 [
1990 AC_MSG_WARN([cross compiling: not checking])
1991 ]
1992 )
1994 AC_ARG_WITH(openssl-header-check,
1995 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1996 [ if test "x$withval" = "xno" ; then
1997 openssl_check_nonfatal=1
1998 fi
1999 ]
2000 )
2002 # Sanity check OpenSSL headers
2003 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2004 AC_RUN_IFELSE(
2005 [AC_LANG_SOURCE([[
2006 #include <string.h>
2007 #include <openssl/opensslv.h>
2008 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2009 ]])],
2010 [
2011 AC_MSG_RESULT(yes)
2012 ],
2013 [
2014 AC_MSG_RESULT(no)
2015 if test "x$openssl_check_nonfatal" = "x"; then
2016 AC_MSG_ERROR([Your OpenSSL headers do not match your
2017 library. Check config.log for details.
2018 If you are sure your installation is consistent, you can disable the check
2019 by running "./configure --without-openssl-header-check".
2020 Also see contrib/findssl.sh for help identifying header/library mismatches.
2021 ])
2022 else
2023 AC_MSG_WARN([Your OpenSSL headers do not match your
2024 library. Check config.log for details.
2025 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2026 fi
2027 ],
2028 [
2029 AC_MSG_WARN([cross compiling: not checking])
2030 ]
2031 )
2033 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2034 AC_LINK_IFELSE(
2035 [AC_LANG_SOURCE([[
2036 #include <openssl/evp.h>
2037 int main(void) { SSLeay_add_all_algorithms(); }
2038 ]])],
2039 [
2040 AC_MSG_RESULT(yes)
2041 ],
2042 [
2043 AC_MSG_RESULT(no)
2044 saved_LIBS="$LIBS"
2045 LIBS="$LIBS -ldl"
2046 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2047 AC_LINK_IFELSE(
2048 [AC_LANG_SOURCE([[
2049 #include <openssl/evp.h>
2050 int main(void) { SSLeay_add_all_algorithms(); }
2051 ]])],
2052 [
2053 AC_MSG_RESULT(yes)
2054 ],
2055 [
2056 AC_MSG_RESULT(no)
2057 LIBS="$saved_LIBS"
2058 ]
2059 )
2060 ]
2061 )
2063 AC_ARG_WITH(ssl-engine,
2064 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2065 [ if test "x$withval" != "xno" ; then
2066 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2067 AC_TRY_COMPILE(
2068 [ #include <openssl/engine.h>],
2069 [
2070 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2071 ],
2072 [ AC_MSG_RESULT(yes)
2073 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2074 [Enable OpenSSL engine support])
2075 ],
2076 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2077 )
2078 fi ]
2079 )
2081 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2082 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2083 AC_LINK_IFELSE(
2084 [AC_LANG_SOURCE([[
2085 #include <string.h>
2086 #include <openssl/evp.h>
2087 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2088 ]])],
2089 [
2090 AC_MSG_RESULT(no)
2091 ],
2092 [
2093 AC_MSG_RESULT(yes)
2094 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2095 [libcrypto is missing AES 192 and 256 bit functions])
2096 ]
2097 )
2099 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2100 AC_LINK_IFELSE(
2101 [AC_LANG_SOURCE([[
2102 #include <string.h>
2103 #include <openssl/evp.h>
2104 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2105 ]])],
2106 [
2107 AC_MSG_RESULT(yes)
2108 ],
2109 [
2110 AC_MSG_RESULT(no)
2111 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2112 [Define if EVP_DigestUpdate returns void])
2113 ]
2114 )
2116 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2117 # because the system crypt() is more featureful.
2118 if test "x$check_for_libcrypt_before" = "x1"; then
2119 AC_CHECK_LIB(crypt, crypt)
2120 fi
2122 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2123 # version in OpenSSL.
2124 if test "x$check_for_libcrypt_later" = "x1"; then
2125 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2126 fi
2128 # Search for SHA256 support in libc and/or OpenSSL
2129 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2131 saved_LIBS="$LIBS"
2132 AC_CHECK_LIB(iaf, ia_openinfo, [
2133 LIBS="$LIBS -liaf"
2134 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2135 AC_DEFINE(HAVE_LIBIAF, 1,
2136 [Define if system has libiaf that supports set_id])
2137 ])
2138 ])
2139 LIBS="$saved_LIBS"
2141 ### Configure cryptographic random number support
2143 # Check wheter OpenSSL seeds itself
2144 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2145 AC_RUN_IFELSE(
2146 [AC_LANG_SOURCE([[
2147 #include <string.h>
2148 #include <openssl/rand.h>
2149 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2150 ]])],
2151 [
2152 OPENSSL_SEEDS_ITSELF=yes
2153 AC_MSG_RESULT(yes)
2154 ],
2155 [
2156 AC_MSG_RESULT(no)
2157 # Default to use of the rand helper if OpenSSL doesn't
2158 # seed itself
2159 USE_RAND_HELPER=yes
2160 ],
2161 [
2162 AC_MSG_WARN([cross compiling: assuming yes])
2163 # This is safe, since all recent OpenSSL versions will
2164 # complain at runtime if not seeded correctly.
2165 OPENSSL_SEEDS_ITSELF=yes
2166 ]
2167 )
2169 # Check for PAM libs
2170 PAM_MSG="no"
2171 AC_ARG_WITH(pam,
2172 [ --with-pam Enable PAM support ],
2173 [
2174 if test "x$withval" != "xno" ; then
2175 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2176 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2177 AC_MSG_ERROR([PAM headers not found])
2178 fi
2180 saved_LIBS="$LIBS"
2181 AC_CHECK_LIB(dl, dlopen, , )
2182 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2183 AC_CHECK_FUNCS(pam_getenvlist)
2184 AC_CHECK_FUNCS(pam_putenv)
2185 LIBS="$saved_LIBS"
2187 PAM_MSG="yes"
2189 SSHDLIBS="$SSHDLIBS -lpam"
2190 AC_DEFINE(USE_PAM, 1,
2191 [Define if you want to enable PAM support])
2193 if test $ac_cv_lib_dl_dlopen = yes; then
2194 case "$LIBS" in
2195 *-ldl*)
2196 # libdl already in LIBS
2197 ;;
2198 *)
2199 SSHDLIBS="$SSHDLIBS -ldl"
2200 ;;
2201 esac
2202 fi
2203 fi
2204 ]
2205 )
2207 # Check for older PAM
2208 if test "x$PAM_MSG" = "xyes" ; then
2209 # Check PAM strerror arguments (old PAM)
2210 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2211 AC_TRY_COMPILE(
2212 [
2213 #include <stdlib.h>
2214 #if defined(HAVE_SECURITY_PAM_APPL_H)
2215 #include <security/pam_appl.h>
2216 #elif defined (HAVE_PAM_PAM_APPL_H)
2217 #include <pam/pam_appl.h>
2218 #endif
2219 ],
2220 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2221 [AC_MSG_RESULT(no)],
2222 [
2223 AC_DEFINE(HAVE_OLD_PAM, 1,
2224 [Define if you have an old version of PAM
2225 which takes only one argument to pam_strerror])
2226 AC_MSG_RESULT(yes)
2227 PAM_MSG="yes (old library)"
2228 ]
2229 )
2230 fi
2232 # Do we want to force the use of the rand helper?
2233 AC_ARG_WITH(rand-helper,
2234 [ --with-rand-helper Use subprocess to gather strong randomness ],
2235 [
2236 if test "x$withval" = "xno" ; then
2237 # Force use of OpenSSL's internal RNG, even if
2238 # the previous test showed it to be unseeded.
2239 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2240 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2241 OPENSSL_SEEDS_ITSELF=yes
2242 USE_RAND_HELPER=""
2243 fi
2244 else
2245 USE_RAND_HELPER=yes
2246 fi
2247 ],
2248 )
2250 # Which randomness source do we use?
2251 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2252 # OpenSSL only
2253 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2254 [Define if you want OpenSSL's internally seeded PRNG only])
2255 RAND_MSG="OpenSSL internal ONLY"
2256 INSTALL_SSH_RAND_HELPER=""
2257 elif test ! -z "$USE_RAND_HELPER" ; then
2258 # install rand helper
2259 RAND_MSG="ssh-rand-helper"
2260 INSTALL_SSH_RAND_HELPER="yes"
2261 fi
2262 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2264 ### Configuration of ssh-rand-helper
2266 # PRNGD TCP socket
2267 AC_ARG_WITH(prngd-port,
2268 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2269 [
2270 case "$withval" in
2271 no)
2272 withval=""
2273 ;;
2274 [[0-9]]*)
2275 ;;
2276 *)
2277 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2278 ;;
2279 esac
2280 if test ! -z "$withval" ; then
2281 PRNGD_PORT="$withval"
2282 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2283 [Port number of PRNGD/EGD random number socket])
2284 fi
2285 ]
2286 )
2288 # PRNGD Unix domain socket
2289 AC_ARG_WITH(prngd-socket,
2290 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2291 [
2292 case "$withval" in
2293 yes)
2294 withval="/var/run/egd-pool"
2295 ;;
2296 no)
2297 withval=""
2298 ;;
2299 /*)
2300 ;;
2301 *)
2302 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2303 ;;
2304 esac
2306 if test ! -z "$withval" ; then
2307 if test ! -z "$PRNGD_PORT" ; then
2308 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2309 fi
2310 if test ! -r "$withval" ; then
2311 AC_MSG_WARN(Entropy socket is not readable)
2312 fi
2313 PRNGD_SOCKET="$withval"
2314 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2315 [Location of PRNGD/EGD random number socket])
2316 fi
2317 ],
2318 [
2319 # Check for existing socket only if we don't have a random device already
2320 if test "$USE_RAND_HELPER" = yes ; then
2321 AC_MSG_CHECKING(for PRNGD/EGD socket)
2322 # Insert other locations here
2323 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2324 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2325 PRNGD_SOCKET="$sock"
2326 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2327 break;
2328 fi
2329 done
2330 if test ! -z "$PRNGD_SOCKET" ; then
2331 AC_MSG_RESULT($PRNGD_SOCKET)
2332 else
2333 AC_MSG_RESULT(not found)
2334 fi
2335 fi
2336 ]
2337 )
2339 # Change default command timeout for hashing entropy source
2340 entropy_timeout=200
2341 AC_ARG_WITH(entropy-timeout,
2342 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2343 [
2344 if test -n "$withval" && test "x$withval" != "xno" && \
2345 test "x${withval}" != "xyes"; then
2346 entropy_timeout=$withval
2347 fi
2348 ]
2349 )
2350 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2351 [Builtin PRNG command timeout])
2353 SSH_PRIVSEP_USER=sshd
2354 AC_ARG_WITH(privsep-user,
2355 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2356 [
2357 if test -n "$withval" && test "x$withval" != "xno" && \
2358 test "x${withval}" != "xyes"; then
2359 SSH_PRIVSEP_USER=$withval
2360 fi
2361 ]
2362 )
2363 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2364 [non-privileged user for privilege separation])
2365 AC_SUBST(SSH_PRIVSEP_USER)
2367 # We do this little dance with the search path to insure
2368 # that programs that we select for use by installed programs
2369 # (which may be run by the super-user) come from trusted
2370 # locations before they come from the user's private area.
2371 # This should help avoid accidentally configuring some
2372 # random version of a program in someone's personal bin.
2374 OPATH=$PATH
2375 PATH=/bin:/usr/bin
2376 test -h /bin 2> /dev/null && PATH=/usr/bin
2377 test -d /sbin && PATH=$PATH:/sbin
2378 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2379 PATH=$PATH:/etc:$OPATH
2381 # These programs are used by the command hashing source to gather entropy
2382 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2383 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2384 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2385 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2386 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2387 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2388 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2389 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2390 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2391 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2392 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2393 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2394 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2395 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2396 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2397 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2398 # restore PATH
2399 PATH=$OPATH
2401 # Where does ssh-rand-helper get its randomness from?
2402 INSTALL_SSH_PRNG_CMDS=""
2403 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2404 if test ! -z "$PRNGD_PORT" ; then
2405 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2406 elif test ! -z "$PRNGD_SOCKET" ; then
2407 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2408 else
2409 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2410 RAND_HELPER_CMDHASH=yes
2411 INSTALL_SSH_PRNG_CMDS="yes"
2412 fi
2413 fi
2414 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2417 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2418 if test ! -z "$SONY" ; then
2419 LIBS="$LIBS -liberty";
2420 fi
2422 # Check for long long datatypes
2423 AC_CHECK_TYPES([long long, unsigned long long, long double])
2425 # Check datatype sizes
2426 AC_CHECK_SIZEOF(char, 1)
2427 AC_CHECK_SIZEOF(short int, 2)
2428 AC_CHECK_SIZEOF(int, 4)
2429 AC_CHECK_SIZEOF(long int, 4)
2430 AC_CHECK_SIZEOF(long long int, 8)
2432 # Sanity check long long for some platforms (AIX)
2433 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2434 ac_cv_sizeof_long_long_int=0
2435 fi
2437 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2438 if test -z "$have_llong_max"; then
2439 AC_MSG_CHECKING([for max value of long long])
2440 AC_RUN_IFELSE(
2441 [AC_LANG_SOURCE([[
2442 #include <stdio.h>
2443 /* Why is this so damn hard? */
2444 #ifdef __GNUC__
2445 # undef __GNUC__
2446 #endif
2447 #define __USE_ISOC99
2448 #include <limits.h>
2449 #define DATA "conftest.llminmax"
2450 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2452 /*
2453 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2454 * we do this the hard way.
2455 */
2456 static int
2457 fprint_ll(FILE *f, long long n)
2458 {
2459 unsigned int i;
2460 int l[sizeof(long long) * 8];
2462 if (n < 0)
2463 if (fprintf(f, "-") < 0)
2464 return -1;
2465 for (i = 0; n != 0; i++) {
2466 l[i] = my_abs(n % 10);
2467 n /= 10;
2468 }
2469 do {
2470 if (fprintf(f, "%d", l[--i]) < 0)
2471 return -1;
2472 } while (i != 0);
2473 if (fprintf(f, " ") < 0)
2474 return -1;
2475 return 0;
2476 }
2478 int main(void) {
2479 FILE *f;
2480 long long i, llmin, llmax = 0;
2482 if((f = fopen(DATA,"w")) == NULL)
2483 exit(1);
2485 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2486 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2487 llmin = LLONG_MIN;
2488 llmax = LLONG_MAX;
2489 #else
2490 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2491 /* This will work on one's complement and two's complement */
2492 for (i = 1; i > llmax; i <<= 1, i++)
2493 llmax = i;
2494 llmin = llmax + 1LL; /* wrap */
2495 #endif
2497 /* Sanity check */
2498 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2499 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2500 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2501 fprintf(f, "unknown unknown\n");
2502 exit(2);
2503 }
2505 if (fprint_ll(f, llmin) < 0)
2506 exit(3);
2507 if (fprint_ll(f, llmax) < 0)
2508 exit(4);
2509 if (fclose(f) < 0)
2510 exit(5);
2511 exit(0);
2512 }
2513 ]])],
2514 [
2515 llong_min=`$AWK '{print $1}' conftest.llminmax`
2516 llong_max=`$AWK '{print $2}' conftest.llminmax`
2518 AC_MSG_RESULT($llong_max)
2519 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2520 [max value of long long calculated by configure])
2521 AC_MSG_CHECKING([for min value of long long])
2522 AC_MSG_RESULT($llong_min)
2523 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2524 [min value of long long calculated by configure])
2525 ],
2526 [
2527 AC_MSG_RESULT(not found)
2528 ],
2529 [
2530 AC_MSG_WARN([cross compiling: not checking])
2531 ]
2532 )
2533 fi
2536 # More checks for data types
2537 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2538 AC_TRY_COMPILE(
2539 [ #include <sys/types.h> ],
2540 [ u_int a; a = 1;],
2541 [ ac_cv_have_u_int="yes" ],
2542 [ ac_cv_have_u_int="no" ]
2543 )
2544 ])
2545 if test "x$ac_cv_have_u_int" = "xyes" ; then
2546 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2547 have_u_int=1
2548 fi
2550 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2551 AC_TRY_COMPILE(
2552 [ #include <sys/types.h> ],
2553 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2554 [ ac_cv_have_intxx_t="yes" ],
2555 [ ac_cv_have_intxx_t="no" ]
2556 )
2557 ])
2558 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2559 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2560 have_intxx_t=1
2561 fi
2563 if (test -z "$have_intxx_t" && \
2564 test "x$ac_cv_header_stdint_h" = "xyes")
2565 then
2566 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2567 AC_TRY_COMPILE(
2568 [ #include <stdint.h> ],
2569 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2570 [
2571 AC_DEFINE(HAVE_INTXX_T)
2572 AC_MSG_RESULT(yes)
2573 ],
2574 [ AC_MSG_RESULT(no) ]
2575 )
2576 fi
2578 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2579 AC_TRY_COMPILE(
2580 [
2581 #include <sys/types.h>
2582 #ifdef HAVE_STDINT_H
2583 # include <stdint.h>
2584 #endif
2585 #include <sys/socket.h>
2586 #ifdef HAVE_SYS_BITYPES_H
2587 # include <sys/bitypes.h>
2588 #endif
2589 ],
2590 [ int64_t a; a = 1;],
2591 [ ac_cv_have_int64_t="yes" ],
2592 [ ac_cv_have_int64_t="no" ]
2593 )
2594 ])
2595 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2596 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2597 fi
2599 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2600 AC_TRY_COMPILE(
2601 [ #include <sys/types.h> ],
2602 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2603 [ ac_cv_have_u_intxx_t="yes" ],
2604 [ ac_cv_have_u_intxx_t="no" ]
2605 )
2606 ])
2607 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2608 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2609 have_u_intxx_t=1
2610 fi
2612 if test -z "$have_u_intxx_t" ; then
2613 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2614 AC_TRY_COMPILE(
2615 [ #include <sys/socket.h> ],
2616 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2617 [
2618 AC_DEFINE(HAVE_U_INTXX_T)
2619 AC_MSG_RESULT(yes)
2620 ],
2621 [ AC_MSG_RESULT(no) ]
2622 )
2623 fi
2625 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2626 AC_TRY_COMPILE(
2627 [ #include <sys/types.h> ],
2628 [ u_int64_t a; a = 1;],
2629 [ ac_cv_have_u_int64_t="yes" ],
2630 [ ac_cv_have_u_int64_t="no" ]
2631 )
2632 ])
2633 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2634 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2635 have_u_int64_t=1
2636 fi
2638 if test -z "$have_u_int64_t" ; then
2639 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2640 AC_TRY_COMPILE(
2641 [ #include <sys/bitypes.h> ],
2642 [ u_int64_t a; a = 1],
2643 [
2644 AC_DEFINE(HAVE_U_INT64_T)
2645 AC_MSG_RESULT(yes)
2646 ],
2647 [ AC_MSG_RESULT(no) ]
2648 )
2649 fi
2651 if test -z "$have_u_intxx_t" ; then
2652 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2653 AC_TRY_COMPILE(
2654 [
2655 #include <sys/types.h>
2656 ],
2657 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2658 [ ac_cv_have_uintxx_t="yes" ],
2659 [ ac_cv_have_uintxx_t="no" ]
2660 )
2661 ])
2662 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2663 AC_DEFINE(HAVE_UINTXX_T, 1,
2664 [define if you have uintxx_t data type])
2665 fi
2666 fi
2668 if test -z "$have_uintxx_t" ; then
2669 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2670 AC_TRY_COMPILE(
2671 [ #include <stdint.h> ],
2672 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2673 [
2674 AC_DEFINE(HAVE_UINTXX_T)
2675 AC_MSG_RESULT(yes)
2676 ],
2677 [ AC_MSG_RESULT(no) ]
2678 )
2679 fi
2681 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2682 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2683 then
2684 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2685 AC_TRY_COMPILE(
2686 [
2687 #include <sys/bitypes.h>
2688 ],
2689 [
2690 int8_t a; int16_t b; int32_t c;
2691 u_int8_t e; u_int16_t f; u_int32_t g;
2692 a = b = c = e = f = g = 1;
2693 ],
2694 [
2695 AC_DEFINE(HAVE_U_INTXX_T)
2696 AC_DEFINE(HAVE_INTXX_T)
2697 AC_MSG_RESULT(yes)
2698 ],
2699 [AC_MSG_RESULT(no)]
2700 )
2701 fi
2704 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2705 AC_TRY_COMPILE(
2706 [
2707 #include <sys/types.h>
2708 ],
2709 [ u_char foo; foo = 125; ],
2710 [ ac_cv_have_u_char="yes" ],
2711 [ ac_cv_have_u_char="no" ]
2712 )
2713 ])
2714 if test "x$ac_cv_have_u_char" = "xyes" ; then
2715 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2716 fi
2718 TYPE_SOCKLEN_T
2720 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2721 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2722 #include <sys/types.h>
2723 #ifdef HAVE_SYS_BITYPES_H
2724 #include <sys/bitypes.h>
2725 #endif
2726 #ifdef HAVE_SYS_STATFS_H
2727 #include <sys/statfs.h>
2728 #endif
2729 #ifdef HAVE_SYS_STATVFS_H
2730 #include <sys/statvfs.h>
2731 #endif
2732 ])
2734 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2735 [#include <sys/types.h>
2736 #include <netinet/in.h>])
2738 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2739 AC_TRY_COMPILE(
2740 [
2741 #include <sys/types.h>
2742 ],
2743 [ size_t foo; foo = 1235; ],
2744 [ ac_cv_have_size_t="yes" ],
2745 [ ac_cv_have_size_t="no" ]
2746 )
2747 ])
2748 if test "x$ac_cv_have_size_t" = "xyes" ; then
2749 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2750 fi
2752 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2753 AC_TRY_COMPILE(
2754 [
2755 #include <sys/types.h>
2756 ],
2757 [ ssize_t foo; foo = 1235; ],
2758 [ ac_cv_have_ssize_t="yes" ],
2759 [ ac_cv_have_ssize_t="no" ]
2760 )
2761 ])
2762 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2763 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2764 fi
2766 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2767 AC_TRY_COMPILE(
2768 [
2769 #include <time.h>
2770 ],
2771 [ clock_t foo; foo = 1235; ],
2772 [ ac_cv_have_clock_t="yes" ],
2773 [ ac_cv_have_clock_t="no" ]
2774 )
2775 ])
2776 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2777 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2778 fi
2780 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2781 AC_TRY_COMPILE(
2782 [
2783 #include <sys/types.h>
2784 #include <sys/socket.h>
2785 ],
2786 [ sa_family_t foo; foo = 1235; ],
2787 [ ac_cv_have_sa_family_t="yes" ],
2788 [ AC_TRY_COMPILE(
2789 [
2790 #include <sys/types.h>
2791 #include <sys/socket.h>
2792 #include <netinet/in.h>
2793 ],
2794 [ sa_family_t foo; foo = 1235; ],
2795 [ ac_cv_have_sa_family_t="yes" ],
2797 [ ac_cv_have_sa_family_t="no" ]
2798 )]
2799 )
2800 ])
2801 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2802 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2803 [define if you have sa_family_t data type])
2804 fi
2806 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2807 AC_TRY_COMPILE(
2808 [
2809 #include <sys/types.h>
2810 ],
2811 [ pid_t foo; foo = 1235; ],
2812 [ ac_cv_have_pid_t="yes" ],
2813 [ ac_cv_have_pid_t="no" ]
2814 )
2815 ])
2816 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2817 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2818 fi
2820 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2821 AC_TRY_COMPILE(
2822 [
2823 #include <sys/types.h>
2824 ],
2825 [ mode_t foo; foo = 1235; ],
2826 [ ac_cv_have_mode_t="yes" ],
2827 [ ac_cv_have_mode_t="no" ]
2828 )
2829 ])
2830 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2831 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2832 fi
2835 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2836 AC_TRY_COMPILE(
2837 [
2838 #include <sys/types.h>
2839 #include <sys/socket.h>
2840 ],
2841 [ struct sockaddr_storage s; ],
2842 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2843 [ ac_cv_have_struct_sockaddr_storage="no" ]
2844 )
2845 ])
2846 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2847 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2848 [define if you have struct sockaddr_storage data type])
2849 fi
2851 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2852 AC_TRY_COMPILE(
2853 [
2854 #include <sys/types.h>
2855 #include <netinet/in.h>
2856 ],
2857 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2858 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2859 [ ac_cv_have_struct_sockaddr_in6="no" ]
2860 )
2861 ])
2862 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2863 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2864 [define if you have struct sockaddr_in6 data type])
2865 fi
2867 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2868 AC_TRY_COMPILE(
2869 [
2870 #include <sys/types.h>
2871 #include <netinet/in.h>
2872 ],
2873 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2874 [ ac_cv_have_struct_in6_addr="yes" ],
2875 [ ac_cv_have_struct_in6_addr="no" ]
2876 )
2877 ])
2878 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2879 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2880 [define if you have struct in6_addr data type])
2882 dnl Now check for sin6_scope_id
2883 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
2884 [
2885 #ifdef HAVE_SYS_TYPES_H
2886 #include <sys/types.h>
2887 #endif
2888 #include <netinet/in.h>
2889 ])
2890 fi
2892 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2893 AC_TRY_COMPILE(
2894 [
2895 #include <sys/types.h>
2896 #include <sys/socket.h>
2897 #include <netdb.h>
2898 ],
2899 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2900 [ ac_cv_have_struct_addrinfo="yes" ],
2901 [ ac_cv_have_struct_addrinfo="no" ]
2902 )
2903 ])
2904 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2905 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2906 [define if you have struct addrinfo data type])
2907 fi
2909 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2910 AC_TRY_COMPILE(
2911 [ #include <sys/time.h> ],
2912 [ struct timeval tv; tv.tv_sec = 1;],
2913 [ ac_cv_have_struct_timeval="yes" ],
2914 [ ac_cv_have_struct_timeval="no" ]
2915 )
2916 ])
2917 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2918 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2919 have_struct_timeval=1
2920 fi
2922 AC_CHECK_TYPES(struct timespec)
2924 # We need int64_t or else certian parts of the compile will fail.
2925 if test "x$ac_cv_have_int64_t" = "xno" && \
2926 test "x$ac_cv_sizeof_long_int" != "x8" && \
2927 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2928 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2929 echo "an alternative compiler (I.E., GCC) before continuing."
2930 echo ""
2931 exit 1;
2932 else
2933 dnl test snprintf (broken on SCO w/gcc)
2934 AC_RUN_IFELSE(
2935 [AC_LANG_SOURCE([[
2936 #include <stdio.h>
2937 #include <string.h>
2938 #ifdef HAVE_SNPRINTF
2939 main()
2940 {
2941 char buf[50];
2942 char expected_out[50];
2943 int mazsize = 50 ;
2944 #if (SIZEOF_LONG_INT == 8)
2945 long int num = 0x7fffffffffffffff;
2946 #else
2947 long long num = 0x7fffffffffffffffll;
2948 #endif
2949 strcpy(expected_out, "9223372036854775807");
2950 snprintf(buf, mazsize, "%lld", num);
2951 if(strcmp(buf, expected_out) != 0)
2952 exit(1);
2953 exit(0);
2954 }
2955 #else
2956 main() { exit(0); }
2957 #endif
2958 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2959 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2960 )
2961 fi
2963 dnl Checks for structure members
2964 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2965 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2966 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2967 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2968 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2969 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2970 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2971 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2972 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2973 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2974 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2975 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2976 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2977 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2978 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2979 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2980 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2982 AC_CHECK_MEMBERS([struct stat.st_blksize])
2983 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2984 [Define if we don't have struct __res_state in resolv.h])],
2985 [
2986 #include <stdio.h>
2987 #if HAVE_SYS_TYPES_H
2988 # include <sys/types.h>
2989 #endif
2990 #include <netinet/in.h>
2991 #include <arpa/nameser.h>
2992 #include <resolv.h>
2993 ])
2995 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2996 ac_cv_have_ss_family_in_struct_ss, [
2997 AC_TRY_COMPILE(
2998 [
2999 #include <sys/types.h>
3000 #include <sys/socket.h>
3001 ],
3002 [ struct sockaddr_storage s; s.ss_family = 1; ],
3003 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3004 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3005 )
3006 ])
3007 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3008 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3009 fi
3011 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3012 ac_cv_have___ss_family_in_struct_ss, [
3013 AC_TRY_COMPILE(
3014 [
3015 #include <sys/types.h>
3016 #include <sys/socket.h>
3017 ],
3018 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3019 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3020 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3021 )
3022 ])
3023 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3024 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3025 [Fields in struct sockaddr_storage])
3026 fi
3028 AC_CACHE_CHECK([for pw_class field in struct passwd],
3029 ac_cv_have_pw_class_in_struct_passwd, [
3030 AC_TRY_COMPILE(
3031 [
3032 #include <pwd.h>
3033 ],
3034 [ struct passwd p; p.pw_class = 0; ],
3035 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3036 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3037 )
3038 ])
3039 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3040 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3041 [Define if your password has a pw_class field])
3042 fi
3044 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3045 ac_cv_have_pw_expire_in_struct_passwd, [
3046 AC_TRY_COMPILE(
3047 [
3048 #include <pwd.h>
3049 ],
3050 [ struct passwd p; p.pw_expire = 0; ],
3051 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3052 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3053 )
3054 ])
3055 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3056 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3057 [Define if your password has a pw_expire field])
3058 fi
3060 AC_CACHE_CHECK([for pw_change field in struct passwd],
3061 ac_cv_have_pw_change_in_struct_passwd, [
3062 AC_TRY_COMPILE(
3063 [
3064 #include <pwd.h>
3065 ],
3066 [ struct passwd p; p.pw_change = 0; ],
3067 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3068 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3069 )
3070 ])
3071 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3072 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3073 [Define if your password has a pw_change field])
3074 fi
3076 dnl make sure we're using the real structure members and not defines
3077 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3078 ac_cv_have_accrights_in_msghdr, [
3079 AC_COMPILE_IFELSE(
3080 [
3081 #include <sys/types.h>
3082 #include <sys/socket.h>
3083 #include <sys/uio.h>
3084 int main() {
3085 #ifdef msg_accrights
3086 #error "msg_accrights is a macro"
3087 exit(1);
3088 #endif
3089 struct msghdr m;
3090 m.msg_accrights = 0;
3091 exit(0);
3092 }
3093 ],
3094 [ ac_cv_have_accrights_in_msghdr="yes" ],
3095 [ ac_cv_have_accrights_in_msghdr="no" ]
3096 )
3097 ])
3098 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3099 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3100 [Define if your system uses access rights style
3101 file descriptor passing])
3102 fi
3104 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3105 AC_TRY_COMPILE([
3106 #include <sys/types.h>
3107 #include <sys/stat.h>
3108 #ifdef HAVE_SYS_TIME_H
3109 # include <sys/time.h>
3110 #endif
3111 #ifdef HAVE_SYS_MOUNT_H
3112 #include <sys/mount.h>
3113 #endif
3114 #ifdef HAVE_SYS_STATVFS_H
3115 #include <sys/statvfs.h>
3116 #endif
3117 ], [struct statvfs s; s.f_fsid = 0;],
3118 [ AC_MSG_RESULT(yes) ],
3119 [ AC_MSG_RESULT(no)
3121 AC_MSG_CHECKING(if fsid_t has member val)
3122 AC_TRY_COMPILE([
3123 #include <sys/types.h>
3124 #include <sys/statvfs.h>],
3125 [fsid_t t; t.val[0] = 0;],
3126 [ AC_MSG_RESULT(yes)
3127 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3128 [ AC_MSG_RESULT(no) ])
3130 AC_MSG_CHECKING(if f_fsid has member __val)
3131 AC_TRY_COMPILE([
3132 #include <sys/types.h>
3133 #include <sys/statvfs.h>],
3134 [fsid_t t; t.__val[0] = 0;],
3135 [ AC_MSG_RESULT(yes)
3136 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3137 [ AC_MSG_RESULT(no) ])
3138 ])
3140 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3141 ac_cv_have_control_in_msghdr, [
3142 AC_COMPILE_IFELSE(
3143 [
3144 #include <sys/types.h>
3145 #include <sys/socket.h>
3146 #include <sys/uio.h>
3147 int main() {
3148 #ifdef msg_control
3149 #error "msg_control is a macro"
3150 exit(1);
3151 #endif
3152 struct msghdr m;
3153 m.msg_control = 0;
3154 exit(0);
3155 }
3156 ],
3157 [ ac_cv_have_control_in_msghdr="yes" ],
3158 [ ac_cv_have_control_in_msghdr="no" ]
3159 )
3160 ])
3161 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3162 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3163 [Define if your system uses ancillary data style
3164 file descriptor passing])
3165 fi
3167 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3168 AC_TRY_LINK([],
3169 [ extern char *__progname; printf("%s", __progname); ],
3170 [ ac_cv_libc_defines___progname="yes" ],
3171 [ ac_cv_libc_defines___progname="no" ]
3172 )
3173 ])
3174 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3175 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3176 fi
3178 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3179 AC_TRY_LINK([
3180 #include <stdio.h>
3181 ],
3182 [ printf("%s", __FUNCTION__); ],
3183 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3184 [ ac_cv_cc_implements___FUNCTION__="no" ]
3185 )
3186 ])
3187 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3188 AC_DEFINE(HAVE___FUNCTION__, 1,
3189 [Define if compiler implements __FUNCTION__])
3190 fi
3192 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3193 AC_TRY_LINK([
3194 #include <stdio.h>
3195 ],
3196 [ printf("%s", __func__); ],
3197 [ ac_cv_cc_implements___func__="yes" ],
3198 [ ac_cv_cc_implements___func__="no" ]
3199 )
3200 ])
3201 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3202 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3203 fi
3205 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3206 AC_TRY_LINK(
3207 [#include <stdarg.h>
3208 va_list x,y;],
3209 [va_copy(x,y);],
3210 [ ac_cv_have_va_copy="yes" ],
3211 [ ac_cv_have_va_copy="no" ]
3212 )
3213 ])
3214 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3215 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3216 fi
3218 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3219 AC_TRY_LINK(
3220 [#include <stdarg.h>
3221 va_list x,y;],
3222 [__va_copy(x,y);],
3223 [ ac_cv_have___va_copy="yes" ],
3224 [ ac_cv_have___va_copy="no" ]
3225 )
3226 ])
3227 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3228 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3229 fi
3231 AC_CACHE_CHECK([whether getopt has optreset support],
3232 ac_cv_have_getopt_optreset, [
3233 AC_TRY_LINK(
3234 [
3235 #include <getopt.h>
3236 ],
3237 [ extern int optreset; optreset = 0; ],
3238 [ ac_cv_have_getopt_optreset="yes" ],
3239 [ ac_cv_have_getopt_optreset="no" ]
3240 )
3241 ])
3242 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3243 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3244 [Define if your getopt(3) defines and uses optreset])
3245 fi
3247 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3248 AC_TRY_LINK([],
3249 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3250 [ ac_cv_libc_defines_sys_errlist="yes" ],
3251 [ ac_cv_libc_defines_sys_errlist="no" ]
3252 )
3253 ])
3254 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3255 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3256 [Define if your system defines sys_errlist[]])
3257 fi
3260 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3261 AC_TRY_LINK([],
3262 [ extern int sys_nerr; printf("%i", sys_nerr);],
3263 [ ac_cv_libc_defines_sys_nerr="yes" ],
3264 [ ac_cv_libc_defines_sys_nerr="no" ]
3265 )
3266 ])
3267 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3268 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3269 fi
3271 # Check libraries needed by DNS fingerprint support
3272 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3273 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3274 [Define if getrrsetbyname() exists])],
3275 [
3276 # Needed by our getrrsetbyname()
3277 AC_SEARCH_LIBS(res_query, resolv)
3278 AC_SEARCH_LIBS(dn_expand, resolv)
3279 AC_MSG_CHECKING(if res_query will link)
3280 AC_LINK_IFELSE([
3281 #include "confdefs.h"
3282 #include <sys/types.h>
3283 #include <netinet/in.h>
3284 #include <arpa/nameser.h>
3285 #include <netdb.h>
3286 #include <resolv.h>
3287 int main()
3288 {
3289 res_query (0, 0, 0, 0, 0);
3290 return 0;
3291 }
3292 ],
3293 AC_MSG_RESULT(yes),
3294 [AC_MSG_RESULT(no)
3295 saved_LIBS="$LIBS"
3296 LIBS="$LIBS -lresolv"
3297 AC_MSG_CHECKING(for res_query in -lresolv)
3298 AC_LINK_IFELSE([
3299 #include "confdefs.h"
3300 #include <sys/types.h>
3301 #include <netinet/in.h>
3302 #include <arpa/nameser.h>
3303 #include <netdb.h>
3304 #include <resolv.h>
3305 int main()
3306 {
3307 res_query (0, 0, 0, 0, 0);
3308 return 0;
3309 }
3310 ],
3311 [AC_MSG_RESULT(yes)],
3312 [LIBS="$saved_LIBS"
3313 AC_MSG_RESULT(no)])
3314 ])
3315 AC_CHECK_FUNCS(_getshort _getlong)
3316 AC_CHECK_DECLS([_getshort, _getlong], , ,
3317 [#include <sys/types.h>
3318 #include <arpa/nameser.h>])
3319 AC_CHECK_MEMBER(HEADER.ad,
3320 [AC_DEFINE(HAVE_HEADER_AD, 1,
3321 [Define if HEADER.ad exists in arpa/nameser.h])],,
3322 [#include <arpa/nameser.h>])
3323 ])
3325 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3326 AC_LINK_IFELSE([
3327 #include <stdio.h>
3328 #if HAVE_SYS_TYPES_H
3329 # include <sys/types.h>
3330 #endif
3331 #include <netinet/in.h>
3332 #include <arpa/nameser.h>
3333 #include <resolv.h>
3334 extern struct __res_state _res;
3335 int main() { return 0; }
3336 ],
3337 [AC_MSG_RESULT(yes)
3338 AC_DEFINE(HAVE__RES_EXTERN, 1,
3339 [Define if you have struct __res_state _res as an extern])
3340 ],
3341 [ AC_MSG_RESULT(no) ]
3342 )
3344 # Check whether user wants SELinux support
3345 SELINUX_MSG="no"
3346 LIBSELINUX=""
3347 AC_ARG_WITH(selinux,
3348 [ --with-selinux Enable SELinux support],
3349 [ if test "x$withval" != "xno" ; then
3350 save_LIBS="$LIBS"
3351 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3352 SELINUX_MSG="yes"
3353 AC_CHECK_HEADER([selinux/selinux.h], ,
3354 AC_MSG_ERROR(SELinux support requires selinux.h header))
3355 AC_CHECK_LIB(selinux, setexeccon,
3356 [ LIBSELINUX="-lselinux"
3357 LIBS="$LIBS -lselinux"
3358 ],
3359 AC_MSG_ERROR(SELinux support requires libselinux library))
3360 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3361 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3362 LIBS="$save_LIBS"
3363 fi ]
3364 )
3366 # Check whether user wants Kerberos 5 support
3367 KRB5_MSG="no"
3368 AC_ARG_WITH(kerberos5,
3369 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3370 [ if test "x$withval" != "xno" ; then
3371 if test "x$withval" = "xyes" ; then
3372 KRB5ROOT="/usr/local"
3373 else
3374 KRB5ROOT=${withval}
3375 fi
3377 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3378 KRB5_MSG="yes"
3380 AC_PATH_PROG([KRB5CONF],[krb5-config],
3381 [$KRB5ROOT/bin/krb5-config],
3382 [$KRB5ROOT/bin:$PATH])
3383 if test -x $KRB5CONF ; then
3385 AC_MSG_CHECKING(for gssapi support)
3386 if $KRB5CONF | grep gssapi >/dev/null ; then
3387 AC_MSG_RESULT(yes)
3388 AC_DEFINE(GSSAPI, 1,
3389 [Define this if you want GSSAPI
3390 support in the version 2 protocol])
3391 k5confopts=gssapi
3392 else
3393 AC_MSG_RESULT(no)
3394 k5confopts=""
3395 fi
3396 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3397 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3398 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3399 AC_MSG_CHECKING(whether we are using Heimdal)
3400 AC_TRY_COMPILE([ #include <krb5.h> ],
3401 [ char *tmp = heimdal_version; ],
3402 [ AC_MSG_RESULT(yes)
3403 AC_DEFINE(HEIMDAL, 1,
3404 [Define this if you are using the
3405 Heimdal version of Kerberos V5]) ],
3406 AC_MSG_RESULT(no)
3407 )
3408 else
3409 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3410 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3411 AC_MSG_CHECKING(whether we are using Heimdal)
3412 AC_TRY_COMPILE([ #include <krb5.h> ],
3413 [ char *tmp = heimdal_version; ],
3414 [ AC_MSG_RESULT(yes)
3415 AC_DEFINE(HEIMDAL)
3416 K5LIBS="-lkrb5 -ldes"
3417 K5LIBS="$K5LIBS -lcom_err -lasn1"
3418 AC_CHECK_LIB(roken, net_write,
3419 [K5LIBS="$K5LIBS -lroken"])
3420 ],
3421 [ AC_MSG_RESULT(no)
3422 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3423 ]
3424 )
3425 AC_SEARCH_LIBS(dn_expand, resolv)
3427 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3428 [ AC_DEFINE(GSSAPI)
3429 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3430 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3431 [ AC_DEFINE(GSSAPI)
3432 K5LIBS="-lgssapi $K5LIBS" ],
3433 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3434 $K5LIBS)
3435 ],
3436 $K5LIBS)
3438 AC_CHECK_HEADER(gssapi.h, ,
3439 [ unset ac_cv_header_gssapi_h
3440 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3441 AC_CHECK_HEADERS(gssapi.h, ,
3442 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3443 )
3444 ]
3445 )
3447 oldCPP="$CPPFLAGS"
3448 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3449 AC_CHECK_HEADER(gssapi_krb5.h, ,
3450 [ CPPFLAGS="$oldCPP" ])
3452 fi
3453 if test ! -z "$need_dash_r" ; then
3454 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3455 fi
3456 if test ! -z "$blibpath" ; then
3457 blibpath="$blibpath:${KRB5ROOT}/lib"
3458 fi
3460 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3461 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3462 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3464 LIBS="$LIBS $K5LIBS"
3465 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3466 [Define this if you want to use libkafs' AFS support]))
3467 fi
3468 ]
3469 )
3471 # Looking for programs, paths and files
3473 PRIVSEP_PATH=/var/empty
3474 AC_ARG_WITH(privsep-path,
3475 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3476 [
3477 if test -n "$withval" && test "x$withval" != "xno" && \
3478 test "x${withval}" != "xyes"; then
3479 PRIVSEP_PATH=$withval
3480 fi
3481 ]
3482 )
3483 AC_SUBST(PRIVSEP_PATH)
3485 AC_ARG_WITH(xauth,
3486 [ --with-xauth=PATH Specify path to xauth program ],
3487 [
3488 if test -n "$withval" && test "x$withval" != "xno" && \
3489 test "x${withval}" != "xyes"; then
3490 xauth_path=$withval
3491 fi
3492 ],
3493 [
3494 TestPath="$PATH"
3495 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3496 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3497 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3498 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3499 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3500 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3501 xauth_path="/usr/openwin/bin/xauth"
3502 fi
3503 ]
3504 )
3506 STRIP_OPT=-s
3507 AC_ARG_ENABLE(strip,
3508 [ --disable-strip Disable calling strip(1) on install],
3509 [
3510 if test "x$enableval" = "xno" ; then
3511 STRIP_OPT=
3512 fi
3513 ]
3514 )
3515 AC_SUBST(STRIP_OPT)
3517 if test -z "$xauth_path" ; then
3518 XAUTH_PATH="undefined"
3519 AC_SUBST(XAUTH_PATH)
3520 else
3521 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3522 [Define if xauth is found in your path])
3523 XAUTH_PATH=$xauth_path
3524 AC_SUBST(XAUTH_PATH)
3525 fi
3527 # Check for mail directory (last resort if we cannot get it from headers)
3528 if test ! -z "$MAIL" ; then
3529 maildir=`dirname $MAIL`
3530 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3531 [Set this to your mail directory if you don't have maillock.h])
3532 fi
3534 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3535 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3536 disable_ptmx_check=yes
3537 fi
3538 if test -z "$no_dev_ptmx" ; then
3539 if test "x$disable_ptmx_check" != "xyes" ; then
3540 AC_CHECK_FILE("/dev/ptmx",
3541 [
3542 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3543 [Define if you have /dev/ptmx])
3544 have_dev_ptmx=1
3545 ]
3546 )
3547 fi
3548 fi
3550 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3551 AC_CHECK_FILE("/dev/ptc",
3552 [
3553 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3554 [Define if you have /dev/ptc])
3555 have_dev_ptc=1
3556 ]
3557 )
3558 else
3559 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3560 fi
3562 # Options from here on. Some of these are preset by platform above
3563 AC_ARG_WITH(mantype,
3564 [ --with-mantype=man|cat|doc Set man page type],
3565 [
3566 case "$withval" in
3567 man|cat|doc)
3568 MANTYPE=$withval
3569 ;;
3570 *)
3571 AC_MSG_ERROR(invalid man type: $withval)
3572 ;;
3573 esac
3574 ]
3575 )
3576 if test -z "$MANTYPE"; then
3577 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3578 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3579 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3580 MANTYPE=doc
3581 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3582 MANTYPE=man
3583 else
3584 MANTYPE=cat
3585 fi
3586 fi
3587 AC_SUBST(MANTYPE)
3588 if test "$MANTYPE" = "doc"; then
3589 mansubdir=man;
3590 else
3591 mansubdir=$MANTYPE;
3592 fi
3593 AC_SUBST(mansubdir)
3595 # Check whether to enable MD5 passwords
3596 MD5_MSG="no"
3597 AC_ARG_WITH(md5-passwords,
3598 [ --with-md5-passwords Enable use of MD5 passwords],
3599 [
3600 if test "x$withval" != "xno" ; then
3601 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3602 [Define if you want to allow MD5 passwords])
3603 MD5_MSG="yes"
3604 fi
3605 ]
3606 )
3608 # Whether to disable shadow password support
3609 AC_ARG_WITH(shadow,
3610 [ --without-shadow Disable shadow password support],
3611 [
3612 if test "x$withval" = "xno" ; then
3613 AC_DEFINE(DISABLE_SHADOW)
3614 disable_shadow=yes
3615 fi
3616 ]
3617 )
3619 if test -z "$disable_shadow" ; then
3620 AC_MSG_CHECKING([if the systems has expire shadow information])
3621 AC_TRY_COMPILE(
3622 [
3623 #include <sys/types.h>
3624 #include <shadow.h>
3625 struct spwd sp;
3626 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3627 [ sp_expire_available=yes ], []
3628 )
3630 if test "x$sp_expire_available" = "xyes" ; then
3631 AC_MSG_RESULT(yes)
3632 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3633 [Define if you want to use shadow password expire field])
3634 else
3635 AC_MSG_RESULT(no)
3636 fi
3637 fi
3639 # Use ip address instead of hostname in $DISPLAY
3640 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3641 DISPLAY_HACK_MSG="yes"
3642 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3643 [Define if you need to use IP address
3644 instead of hostname in $DISPLAY])
3645 else
3646 DISPLAY_HACK_MSG="no"
3647 AC_ARG_WITH(ipaddr-display,
3648 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3649 [
3650 if test "x$withval" != "xno" ; then
3651 AC_DEFINE(IPADDR_IN_DISPLAY)
3652 DISPLAY_HACK_MSG="yes"
3653 fi
3654 ]
3655 )
3656 fi
3658 # check for /etc/default/login and use it if present.
3659 AC_ARG_ENABLE(etc-default-login,
3660 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3661 [ if test "x$enableval" = "xno"; then
3662 AC_MSG_NOTICE([/etc/default/login handling disabled])
3663 etc_default_login=no
3664 else
3665 etc_default_login=yes
3666 fi ],
3667 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3668 then
3669 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3670 etc_default_login=no
3671 else
3672 etc_default_login=yes
3673 fi ]
3674 )
3676 if test "x$etc_default_login" != "xno"; then
3677 AC_CHECK_FILE("/etc/default/login",
3678 [ external_path_file=/etc/default/login ])
3679 if test "x$external_path_file" = "x/etc/default/login"; then
3680 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3681 [Define if your system has /etc/default/login])
3682 fi
3683 fi
3685 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3686 if test $ac_cv_func_login_getcapbool = "yes" && \
3687 test $ac_cv_header_login_cap_h = "yes" ; then
3688 external_path_file=/etc/login.conf
3689 fi
3691 # Whether to mess with the default path
3692 SERVER_PATH_MSG="(default)"
3693 AC_ARG_WITH(default-path,
3694 [ --with-default-path= Specify default \$PATH environment for server],
3695 [
3696 if test "x$external_path_file" = "x/etc/login.conf" ; then
3697 AC_MSG_WARN([
3698 --with-default-path=PATH has no effect on this system.
3699 Edit /etc/login.conf instead.])
3700 elif test "x$withval" != "xno" ; then
3701 if test ! -z "$external_path_file" ; then
3702 AC_MSG_WARN([
3703 --with-default-path=PATH will only be used if PATH is not defined in
3704 $external_path_file .])
3705 fi
3706 user_path="$withval"
3707 SERVER_PATH_MSG="$withval"
3708 fi
3709 ],
3710 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3711 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3712 else
3713 if test ! -z "$external_path_file" ; then
3714 AC_MSG_WARN([
3715 If PATH is defined in $external_path_file, ensure the path to scp is included,
3716 otherwise scp will not work.])
3717 fi
3718 AC_RUN_IFELSE(
3719 [AC_LANG_SOURCE([[
3720 /* find out what STDPATH is */
3721 #include <stdio.h>
3722 #ifdef HAVE_PATHS_H
3723 # include <paths.h>
3724 #endif
3725 #ifndef _PATH_STDPATH
3726 # ifdef _PATH_USERPATH /* Irix */
3727 # define _PATH_STDPATH _PATH_USERPATH
3728 # else
3729 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3730 # endif
3731 #endif
3732 #include <sys/types.h>
3733 #include <sys/stat.h>
3734 #include <fcntl.h>
3735 #define DATA "conftest.stdpath"
3737 main()
3738 {
3739 FILE *fd;
3740 int rc;
3742 fd = fopen(DATA,"w");
3743 if(fd == NULL)
3744 exit(1);
3746 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3747 exit(1);
3749 exit(0);
3750 }
3751 ]])],
3752 [ user_path=`cat conftest.stdpath` ],
3753 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3754 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3755 )
3756 # make sure $bindir is in USER_PATH so scp will work
3757 t_bindir=`eval echo ${bindir}`
3758 case $t_bindir in
3759 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3760 esac
3761 case $t_bindir in
3762 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3763 esac
3764 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3765 if test $? -ne 0 ; then
3766 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3767 if test $? -ne 0 ; then
3768 user_path=$user_path:$t_bindir
3769 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3770 fi
3771 fi
3772 fi ]
3773 )
3774 if test "x$external_path_file" != "x/etc/login.conf" ; then
3775 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3776 AC_SUBST(user_path)
3777 fi
3779 # Set superuser path separately to user path
3780 AC_ARG_WITH(superuser-path,
3781 [ --with-superuser-path= Specify different path for super-user],
3782 [
3783 if test -n "$withval" && test "x$withval" != "xno" && \
3784 test "x${withval}" != "xyes"; then
3785 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3786 [Define if you want a different $PATH
3787 for the superuser])
3788 superuser_path=$withval
3789 fi
3790 ]
3791 )
3794 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3795 IPV4_IN6_HACK_MSG="no"
3796 AC_ARG_WITH(4in6,
3797 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3798 [
3799 if test "x$withval" != "xno" ; then
3800 AC_MSG_RESULT(yes)
3801 AC_DEFINE(IPV4_IN_IPV6, 1,
3802 [Detect IPv4 in IPv6 mapped addresses
3803 and treat as IPv4])
3804 IPV4_IN6_HACK_MSG="yes"
3805 else
3806 AC_MSG_RESULT(no)
3807 fi
3808 ],[
3809 if test "x$inet6_default_4in6" = "xyes"; then
3810 AC_MSG_RESULT([yes (default)])
3811 AC_DEFINE(IPV4_IN_IPV6)
3812 IPV4_IN6_HACK_MSG="yes"
3813 else
3814 AC_MSG_RESULT([no (default)])
3815 fi
3816 ]
3817 )
3819 # Whether to enable BSD auth support
3820 BSD_AUTH_MSG=no
3821 AC_ARG_WITH(bsd-auth,
3822 [ --with-bsd-auth Enable BSD auth support],
3823 [
3824 if test "x$withval" != "xno" ; then
3825 AC_DEFINE(BSD_AUTH, 1,
3826 [Define if you have BSD auth support])
3827 BSD_AUTH_MSG=yes
3828 fi
3829 ]
3830 )
3832 # Where to place sshd.pid
3833 piddir=/var/run
3834 # make sure the directory exists
3835 if test ! -d $piddir ; then
3836 piddir=`eval echo ${sysconfdir}`
3837 case $piddir in
3838 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3839 esac
3840 fi
3842 AC_ARG_WITH(pid-dir,
3843 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3844 [
3845 if test -n "$withval" && test "x$withval" != "xno" && \
3846 test "x${withval}" != "xyes"; then
3847 piddir=$withval
3848 if test ! -d $piddir ; then
3849 AC_MSG_WARN([** no $piddir directory on this system **])
3850 fi
3851 fi
3852 ]
3853 )
3855 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3856 AC_SUBST(piddir)
3858 dnl allow user to disable some login recording features
3859 AC_ARG_ENABLE(lastlog,
3860 [ --disable-lastlog disable use of lastlog even if detected [no]],
3861 [
3862 if test "x$enableval" = "xno" ; then
3863 AC_DEFINE(DISABLE_LASTLOG)
3864 fi
3865 ]
3866 )
3867 AC_ARG_ENABLE(utmp,
3868 [ --disable-utmp disable use of utmp even if detected [no]],
3869 [
3870 if test "x$enableval" = "xno" ; then
3871 AC_DEFINE(DISABLE_UTMP)
3872 fi
3873 ]
3874 )
3875 AC_ARG_ENABLE(utmpx,
3876 [ --disable-utmpx disable use of utmpx even if detected [no]],
3877 [
3878 if test "x$enableval" = "xno" ; then
3879 AC_DEFINE(DISABLE_UTMPX, 1,
3880 [Define if you don't want to use utmpx])
3881 fi
3882 ]
3883 )
3884 AC_ARG_ENABLE(wtmp,
3885 [ --disable-wtmp disable use of wtmp even if detected [no]],
3886 [
3887 if test "x$enableval" = "xno" ; then
3888 AC_DEFINE(DISABLE_WTMP)
3889 fi
3890 ]
3891 )
3892 AC_ARG_ENABLE(wtmpx,
3893 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3894 [
3895 if test "x$enableval" = "xno" ; then
3896 AC_DEFINE(DISABLE_WTMPX, 1,
3897 [Define if you don't want to use wtmpx])
3898 fi
3899 ]
3900 )
3901 AC_ARG_ENABLE(libutil,
3902 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3903 [
3904 if test "x$enableval" = "xno" ; then
3905 AC_DEFINE(DISABLE_LOGIN)
3906 fi
3907 ]
3908 )
3909 AC_ARG_ENABLE(pututline,
3910 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3911 [
3912 if test "x$enableval" = "xno" ; then
3913 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3914 [Define if you don't want to use pututline()
3915 etc. to write [uw]tmp])
3916 fi
3917 ]
3918 )
3919 AC_ARG_ENABLE(pututxline,
3920 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3921 [
3922 if test "x$enableval" = "xno" ; then
3923 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3924 [Define if you don't want to use pututxline()
3925 etc. to write [uw]tmpx])
3926 fi
3927 ]
3928 )
3929 AC_ARG_WITH(lastlog,
3930 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3931 [
3932 if test "x$withval" = "xno" ; then
3933 AC_DEFINE(DISABLE_LASTLOG)
3934 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3935 conf_lastlog_location=$withval
3936 fi
3937 ]
3938 )
3940 dnl lastlog, [uw]tmpx? detection
3941 dnl NOTE: set the paths in the platform section to avoid the
3942 dnl need for command-line parameters
3943 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3945 dnl lastlog detection
3946 dnl NOTE: the code itself will detect if lastlog is a directory
3947 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3948 AC_TRY_COMPILE([
3949 #include <sys/types.h>
3950 #include <utmp.h>
3951 #ifdef HAVE_LASTLOG_H
3952 # include <lastlog.h>
3953 #endif
3954 #ifdef HAVE_PATHS_H
3955 # include <paths.h>
3956 #endif
3957 #ifdef HAVE_LOGIN_H
3958 # include <login.h>
3959 #endif
3960 ],
3961 [ char *lastlog = LASTLOG_FILE; ],
3962 [ AC_MSG_RESULT(yes) ],
3963 [
3964 AC_MSG_RESULT(no)
3965 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3966 AC_TRY_COMPILE([
3967 #include <sys/types.h>
3968 #include <utmp.h>
3969 #ifdef HAVE_LASTLOG_H
3970 # include <lastlog.h>
3971 #endif
3972 #ifdef HAVE_PATHS_H
3973 # include <paths.h>
3974 #endif
3975 ],
3976 [ char *lastlog = _PATH_LASTLOG; ],
3977 [ AC_MSG_RESULT(yes) ],
3978 [
3979 AC_MSG_RESULT(no)
3980 system_lastlog_path=no
3981 ])
3982 ]
3983 )
3985 if test -z "$conf_lastlog_location"; then
3986 if test x"$system_lastlog_path" = x"no" ; then
3987 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3988 if (test -d "$f" || test -f "$f") ; then
3989 conf_lastlog_location=$f
3990 fi
3991 done
3992 if test -z "$conf_lastlog_location"; then
3993 AC_MSG_WARN([** Cannot find lastlog **])
3994 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3995 fi
3996 fi
3997 fi
3999 if test -n "$conf_lastlog_location"; then
4000 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4001 [Define if you want to specify the path to your lastlog file])
4002 fi
4004 dnl utmp detection
4005 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4006 AC_TRY_COMPILE([
4007 #include <sys/types.h>
4008 #include <utmp.h>
4009 #ifdef HAVE_PATHS_H
4010 # include <paths.h>
4011 #endif
4012 ],
4013 [ char *utmp = UTMP_FILE; ],
4014 [ AC_MSG_RESULT(yes) ],
4015 [ AC_MSG_RESULT(no)
4016 system_utmp_path=no ]
4017 )
4018 if test -z "$conf_utmp_location"; then
4019 if test x"$system_utmp_path" = x"no" ; then
4020 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4021 if test -f $f ; then
4022 conf_utmp_location=$f
4023 fi
4024 done
4025 if test -z "$conf_utmp_location"; then
4026 AC_DEFINE(DISABLE_UTMP)
4027 fi
4028 fi
4029 fi
4030 if test -n "$conf_utmp_location"; then
4031 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4032 [Define if you want to specify the path to your utmp file])
4033 fi
4035 dnl wtmp detection
4036 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4037 AC_TRY_COMPILE([
4038 #include <sys/types.h>
4039 #include <utmp.h>
4040 #ifdef HAVE_PATHS_H
4041 # include <paths.h>
4042 #endif
4043 ],
4044 [ char *wtmp = WTMP_FILE; ],
4045 [ AC_MSG_RESULT(yes) ],
4046 [ AC_MSG_RESULT(no)
4047 system_wtmp_path=no ]
4048 )
4049 if test -z "$conf_wtmp_location"; then
4050 if test x"$system_wtmp_path" = x"no" ; then
4051 for f in /usr/adm/wtmp /var/log/wtmp; do
4052 if test -f $f ; then
4053 conf_wtmp_location=$f
4054 fi
4055 done
4056 if test -z "$conf_wtmp_location"; then
4057 AC_DEFINE(DISABLE_WTMP)
4058 fi
4059 fi
4060 fi
4061 if test -n "$conf_wtmp_location"; then
4062 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4063 [Define if you want to specify the path to your wtmp file])
4064 fi
4067 dnl utmpx detection - I don't know any system so perverse as to require
4068 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4069 dnl there, though.
4070 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4071 AC_TRY_COMPILE([
4072 #include <sys/types.h>
4073 #include <utmp.h>
4074 #ifdef HAVE_UTMPX_H
4075 #include <utmpx.h>
4076 #endif
4077 #ifdef HAVE_PATHS_H
4078 # include <paths.h>
4079 #endif
4080 ],
4081 [ char *utmpx = UTMPX_FILE; ],
4082 [ AC_MSG_RESULT(yes) ],
4083 [ AC_MSG_RESULT(no)
4084 system_utmpx_path=no ]
4085 )
4086 if test -z "$conf_utmpx_location"; then
4087 if test x"$system_utmpx_path" = x"no" ; then
4088 AC_DEFINE(DISABLE_UTMPX)
4089 fi
4090 else
4091 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4092 [Define if you want to specify the path to your utmpx file])
4093 fi
4095 dnl wtmpx detection
4096 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4097 AC_TRY_COMPILE([
4098 #include <sys/types.h>
4099 #include <utmp.h>
4100 #ifdef HAVE_UTMPX_H
4101 #include <utmpx.h>
4102 #endif
4103 #ifdef HAVE_PATHS_H
4104 # include <paths.h>
4105 #endif
4106 ],
4107 [ char *wtmpx = WTMPX_FILE; ],
4108 [ AC_MSG_RESULT(yes) ],
4109 [ AC_MSG_RESULT(no)
4110 system_wtmpx_path=no ]
4111 )
4112 if test -z "$conf_wtmpx_location"; then
4113 if test x"$system_wtmpx_path" = x"no" ; then
4114 AC_DEFINE(DISABLE_WTMPX)
4115 fi
4116 else
4117 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4118 [Define if you want to specify the path to your wtmpx file])
4119 fi
4122 if test ! -z "$blibpath" ; then
4123 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4124 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4125 fi
4127 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4128 dnl Add now.
4129 CFLAGS="$CFLAGS $werror_flags"
4131 AC_CHECK_DECL(BROKEN_GETADDRINFO,
4132 AC_SUBST(TEST_SSH_IPV6, no),
4133 AC_SUBST(TEST_SSH_IPV6, yes)
4134 )
4136 AC_EXEEXT
4137 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4138 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4139 ssh_prng_cmds survey.sh])
4140 AC_OUTPUT
4142 # Print summary of options
4144 # Someone please show me a better way :)
4145 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4146 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4147 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4148 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4149 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4150 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4151 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4152 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4153 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4154 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4156 echo ""
4157 echo "OpenSSH has been configured with the following options:"
4158 echo " User binaries: $B"
4159 echo " System binaries: $C"
4160 echo " Configuration files: $D"
4161 echo " Askpass program: $E"
4162 echo " Manual pages: $F"
4163 echo " PID file: $G"
4164 echo " Privilege separation chroot path: $H"
4165 if test "x$external_path_file" = "x/etc/login.conf" ; then
4166 echo " At runtime, sshd will use the path defined in $external_path_file"
4167 echo " Make sure the path to scp is present, otherwise scp will not work"
4168 else
4169 echo " sshd default user PATH: $I"
4170 if test ! -z "$external_path_file"; then
4171 echo " (If PATH is set in $external_path_file it will be used instead. If"
4172 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4173 fi
4174 fi
4175 if test ! -z "$superuser_path" ; then
4176 echo " sshd superuser user PATH: $J"
4177 fi
4178 echo " Manpage format: $MANTYPE"
4179 echo " PAM support: $PAM_MSG"
4180 echo " OSF SIA support: $SIA_MSG"
4181 echo " KerberosV support: $KRB5_MSG"
4182 echo " SELinux support: $SELINUX_MSG"
4183 echo " Smartcard support: $SCARD_MSG"
4184 echo " S/KEY support: $SKEY_MSG"
4185 echo " TCP Wrappers support: $TCPW_MSG"
4186 echo " MD5 password support: $MD5_MSG"
4187 echo " libedit support: $LIBEDIT_MSG"
4188 echo " Solaris process contract support: $SPC_MSG"
4189 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4190 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4191 echo " BSD Auth support: $BSD_AUTH_MSG"
4192 echo " Random number source: $RAND_MSG"
4193 if test ! -z "$USE_RAND_HELPER" ; then
4194 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4195 fi
4197 echo ""
4199 echo " Host: ${host}"
4200 echo " Compiler: ${CC}"
4201 echo " Compiler flags: ${CFLAGS}"
4202 echo "Preprocessor flags: ${CPPFLAGS}"
4203 echo " Linker flags: ${LDFLAGS}"
4204 echo " Libraries: ${LIBS}"
4205 if test ! -z "${SSHDLIBS}"; then
4206 echo " +for sshd: ${SSHDLIBS}"
4207 fi
4209 echo ""
4211 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4212 echo "SVR4 style packages are supported with \"make package\""
4213 echo ""
4214 fi
4216 if test "x$PAM_MSG" = "xyes" ; then
4217 echo "PAM is enabled. You may need to install a PAM control file "
4218 echo "for sshd, otherwise password authentication may fail. "
4219 echo "Example PAM control files can be found in the contrib/ "
4220 echo "subdirectory"
4221 echo ""
4222 fi
4224 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4225 echo "WARNING: you are using the builtin random number collection "
4226 echo "service. Please read WARNING.RNG and request that your OS "
4227 echo "vendor includes kernel-based random number collection in "
4228 echo "future versions of your OS."
4229 echo ""
4230 fi
4232 if test ! -z "$NO_PEERCHECK" ; then
4233 echo "WARNING: the operating system that you are using does not"
4234 echo "appear to support getpeereid(), getpeerucred() or the"
4235 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4236 echo "enforce security checks to prevent unauthorised connections to"
4237 echo "ssh-agent. Their absence increases the risk that a malicious"
4238 echo "user can connect to your agent."
4239 echo ""
4240 fi
4242 if test "$AUDIT_MODULE" = "bsm" ; then
4243 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4244 echo "See the Solaris section in README.platform for details."
4245 fi