| blob | 637e7b536fd443ef0ca68b1033da2b9a0c57b5af |
1 # $Id: configure.ac,v 1.451 2010/08/16 03:15:23 dtucker Exp $
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.451 $)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
22 AC_PROG_CC
23 AC_CANONICAL_HOST
24 AC_C_BIGENDIAN
26 # Checks for programs.
27 AC_PROG_AWK
28 AC_PROG_CPP
29 AC_PROG_RANLIB
30 AC_PROG_INSTALL
31 AC_PROG_EGREP
32 AC_PATH_PROG(AR, ar)
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
37 AC_SUBST(PERL)
38 AC_PATH_PROG(ENT, ent)
39 AC_SUBST(ENT)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43 AC_PATH_PROG(SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
46 dnl for buildpkg.sh
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54 else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56 fi
58 # System features
59 AC_SYS_LARGEFILE
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63 fi
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
70 else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76 fi
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
82 fi
84 if test -z "$LD" ; then
85 LD=$CC
86 fi
87 AC_SUBST(LD)
89 AC_C_INLINE
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 use_stack_protector=1
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
97 use_stack_protector=0
98 fi ])
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
103 case $GCC_VER in
104 1.*) no_attrib_nonnull=1 ;;
105 2.8* | 2.9*)
106 CFLAGS="$CFLAGS -Wsign-compare"
107 no_attrib_nonnull=1
108 ;;
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-strict-aliasing" ;;
112 *) ;;
113 esac
115 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
116 saved_CFLAGS="$CFLAGS"
117 CFLAGS="$CFLAGS -fno-builtin-memset"
118 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
119 #include <string.h>
120 int main(void){char b[10]; memset(b, 0, sizeof(b));}
121 ]])],
122 [ AC_MSG_RESULT(yes) ],
123 [ AC_MSG_RESULT(no)
124 CFLAGS="$saved_CFLAGS" ]
125 )
127 # -fstack-protector-all doesn't always work for some GCC versions
128 # and/or platforms, so we test if we can. If it's not supported
129 # on a given platform gcc will emit a warning so we use -Werror.
130 if test "x$use_stack_protector" = "x1"; then
131 for t in -fstack-protector-all -fstack-protector; do
132 AC_MSG_CHECKING(if $CC supports $t)
133 saved_CFLAGS="$CFLAGS"
134 saved_LDFLAGS="$LDFLAGS"
135 CFLAGS="$CFLAGS $t -Werror"
136 LDFLAGS="$LDFLAGS $t -Werror"
137 AC_LINK_IFELSE(
138 [AC_LANG_SOURCE([
139 #include <stdio.h>
140 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
141 ])],
142 [ AC_MSG_RESULT(yes)
143 CFLAGS="$saved_CFLAGS $t"
144 LDFLAGS="$saved_LDFLAGS $t"
145 AC_MSG_CHECKING(if $t works)
146 AC_RUN_IFELSE(
147 [AC_LANG_SOURCE([
148 #include <stdio.h>
149 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
150 ])],
151 [ AC_MSG_RESULT(yes)
152 break ],
153 [ AC_MSG_RESULT(no) ],
154 [ AC_MSG_WARN([cross compiling: cannot test])
155 break ]
156 )
157 ],
158 [ AC_MSG_RESULT(no) ]
159 )
160 CFLAGS="$saved_CFLAGS"
161 LDFLAGS="$saved_LDFLAGS"
162 done
163 fi
165 if test -z "$have_llong_max"; then
166 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
167 unset ac_cv_have_decl_LLONG_MAX
168 saved_CFLAGS="$CFLAGS"
169 CFLAGS="$CFLAGS -std=gnu99"
170 AC_CHECK_DECL(LLONG_MAX,
171 [have_llong_max=1],
172 [CFLAGS="$saved_CFLAGS"],
173 [#include <limits.h>]
174 )
175 fi
176 fi
178 if test "x$no_attrib_nonnull" != "x1" ; then
179 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
180 fi
182 AC_ARG_WITH(rpath,
183 [ --without-rpath Disable auto-added -R linker paths],
184 [
185 if test "x$withval" = "xno" ; then
186 need_dash_r=""
187 fi
188 if test "x$withval" = "xyes" ; then
189 need_dash_r=1
190 fi
191 ]
192 )
194 # Allow user to specify flags
195 AC_ARG_WITH(cflags,
196 [ --with-cflags Specify additional flags to pass to compiler],
197 [
198 if test -n "$withval" && test "x$withval" != "xno" && \
199 test "x${withval}" != "xyes"; then
200 CFLAGS="$CFLAGS $withval"
201 fi
202 ]
203 )
204 AC_ARG_WITH(cppflags,
205 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
206 [
207 if test -n "$withval" && test "x$withval" != "xno" && \
208 test "x${withval}" != "xyes"; then
209 CPPFLAGS="$CPPFLAGS $withval"
210 fi
211 ]
212 )
213 AC_ARG_WITH(ldflags,
214 [ --with-ldflags Specify additional flags to pass to linker],
215 [
216 if test -n "$withval" && test "x$withval" != "xno" && \
217 test "x${withval}" != "xyes"; then
218 LDFLAGS="$LDFLAGS $withval"
219 fi
220 ]
221 )
222 AC_ARG_WITH(libs,
223 [ --with-libs Specify additional libraries to link with],
224 [
225 if test -n "$withval" && test "x$withval" != "xno" && \
226 test "x${withval}" != "xyes"; then
227 LIBS="$LIBS $withval"
228 fi
229 ]
230 )
231 AC_ARG_WITH(Werror,
232 [ --with-Werror Build main code with -Werror],
233 [
234 if test -n "$withval" && test "x$withval" != "xno"; then
235 werror_flags="-Werror"
236 if test "x${withval}" != "xyes"; then
237 werror_flags="$withval"
238 fi
239 fi
240 ]
241 )
243 AC_CHECK_HEADERS( \
244 bstring.h \
245 crypt.h \
246 crypto/sha2.h \
247 dirent.h \
248 endian.h \
249 features.h \
250 fcntl.h \
251 floatingpoint.h \
252 getopt.h \
253 glob.h \
254 ia.h \
255 iaf.h \
256 limits.h \
257 login.h \
258 maillock.h \
259 ndir.h \
260 net/if_tun.h \
261 netdb.h \
262 netgroup.h \
263 pam/pam_appl.h \
264 paths.h \
265 poll.h \
266 pty.h \
267 readpassphrase.h \
268 rpc/types.h \
269 security/pam_appl.h \
270 sha2.h \
271 shadow.h \
272 stddef.h \
273 stdint.h \
274 string.h \
275 strings.h \
276 sys/audit.h \
277 sys/bitypes.h \
278 sys/bsdtty.h \
279 sys/cdefs.h \
280 sys/dir.h \
281 sys/mman.h \
282 sys/ndir.h \
283 sys/poll.h \
284 sys/prctl.h \
285 sys/pstat.h \
286 sys/select.h \
287 sys/stat.h \
288 sys/stream.h \
289 sys/stropts.h \
290 sys/strtio.h \
291 sys/statvfs.h \
292 sys/sysmacros.h \
293 sys/time.h \
294 sys/timers.h \
295 sys/un.h \
296 time.h \
297 tmpdir.h \
298 ttyent.h \
299 ucred.h \
300 unistd.h \
301 usersec.h \
302 util.h \
303 utime.h \
304 utmp.h \
305 utmpx.h \
306 vis.h \
307 )
309 # lastlog.h requires sys/time.h to be included first on Solaris
310 AC_CHECK_HEADERS(lastlog.h, [], [], [
311 #ifdef HAVE_SYS_TIME_H
312 # include <sys/time.h>
313 #endif
314 ])
316 # sys/ptms.h requires sys/stream.h to be included first on Solaris
317 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
318 #ifdef HAVE_SYS_STREAM_H
319 # include <sys/stream.h>
320 #endif
321 ])
323 # login_cap.h requires sys/types.h on NetBSD
324 AC_CHECK_HEADERS(login_cap.h, [], [], [
325 #include <sys/types.h>
326 ])
328 # older BSDs need sys/param.h before sys/mount.h
329 AC_CHECK_HEADERS(sys/mount.h, [], [], [
330 #include <sys/param.h>
331 ])
333 # Messages for features tested for in target-specific section
334 SIA_MSG="no"
335 SPC_MSG="no"
337 # Check for some target-specific stuff
338 case "$host" in
339 *-*-aix*)
340 # Some versions of VAC won't allow macro redefinitions at
341 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
342 # particularly with older versions of vac or xlc.
343 # It also throws errors about null macro argments, but these are
344 # not fatal.
345 AC_MSG_CHECKING(if compiler allows macro redefinitions)
346 AC_COMPILE_IFELSE(
347 [AC_LANG_SOURCE([[
348 #define testmacro foo
349 #define testmacro bar
350 int main(void) { exit(0); }
351 ]])],
352 [ AC_MSG_RESULT(yes) ],
353 [ AC_MSG_RESULT(no)
354 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
355 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
356 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
357 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
358 ]
359 )
361 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
362 if (test -z "$blibpath"); then
363 blibpath="/usr/lib:/lib"
364 fi
365 saved_LDFLAGS="$LDFLAGS"
366 if test "$GCC" = "yes"; then
367 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
368 else
369 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
370 fi
371 for tryflags in $flags ;do
372 if (test -z "$blibflags"); then
373 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
374 AC_TRY_LINK([], [], [blibflags=$tryflags])
375 fi
376 done
377 if (test -z "$blibflags"); then
378 AC_MSG_RESULT(not found)
379 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
380 else
381 AC_MSG_RESULT($blibflags)
382 fi
383 LDFLAGS="$saved_LDFLAGS"
384 dnl Check for authenticate. Might be in libs.a on older AIXes
385 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
386 [Define if you want to enable AIX4's authenticate function])],
387 [AC_CHECK_LIB(s,authenticate,
388 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
389 LIBS="$LIBS -ls"
390 ])
391 ])
392 dnl Check for various auth function declarations in headers.
393 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
394 passwdexpired, setauthdb], , , [#include <usersec.h>])
395 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
396 AC_CHECK_DECLS(loginfailed,
397 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
398 AC_TRY_COMPILE(
399 [#include <usersec.h>],
400 [(void)loginfailed("user","host","tty",0);],
401 [AC_MSG_RESULT(yes)
402 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
403 [Define if your AIX loginfailed() function
404 takes 4 arguments (AIX >= 5.2)])],
405 [AC_MSG_RESULT(no)]
406 )],
407 [],
408 [#include <usersec.h>]
409 )
410 AC_CHECK_FUNCS(getgrset setauthdb)
411 AC_CHECK_DECL(F_CLOSEM,
412 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
413 [],
414 [ #include <limits.h>
415 #include <fcntl.h> ]
416 )
417 check_for_aix_broken_getaddrinfo=1
418 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
419 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
420 [Define if your platform breaks doing a seteuid before a setuid])
421 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
422 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
423 dnl AIX handles lastlog as part of its login message
424 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
425 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
426 [Some systems need a utmpx entry for /bin/login to work])
427 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
428 [Define to a Set Process Title type if your system is
429 supported by bsd-setproctitle.c])
430 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
431 [AIX 5.2 and 5.3 (and presumably newer) require this])
432 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
433 ;;
434 *-*-cygwin*)
435 check_for_libcrypt_later=1
436 LIBS="$LIBS /usr/lib/textreadmode.o"
437 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
438 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
439 AC_DEFINE(DISABLE_SHADOW, 1,
440 [Define if you want to disable shadow passwords])
441 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
442 [Define if X11 doesn't support AF_UNIX sockets on that system])
443 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
444 [Define if the concept of ports only accessible to
445 superusers isn't known])
446 AC_DEFINE(DISABLE_FD_PASSING, 1,
447 [Define if your platform needs to skip post auth
448 file descriptor passing])
449 AC_DEFINE(SSH_IOBUFSZ, 65535, [Windows is sensitive to read buffer size])
450 ;;
451 *-*-dgux*)
452 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
453 [Define if your system choked on IP TOS setting])
454 AC_DEFINE(SETEUID_BREAKS_SETUID)
455 AC_DEFINE(BROKEN_SETREUID)
456 AC_DEFINE(BROKEN_SETREGID)
457 ;;
458 *-*-darwin*)
459 AC_MSG_CHECKING(if we have working getaddrinfo)
460 AC_TRY_RUN([#include <mach-o/dyld.h>
461 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
462 exit(0);
463 else
464 exit(1);
465 }], [AC_MSG_RESULT(working)],
466 [AC_MSG_RESULT(buggy)
467 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
468 [AC_MSG_RESULT(assume it is working)])
469 AC_DEFINE(SETEUID_BREAKS_SETUID)
470 AC_DEFINE(BROKEN_SETREUID)
471 AC_DEFINE(BROKEN_SETREGID)
472 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
473 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
474 [Define if your resolver libs need this for getrrsetbyname])
475 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
476 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
477 [Use tunnel device compatibility to OpenBSD])
478 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
479 [Prepend the address family to IP tunnel traffic])
480 m4_pattern_allow(AU_IPv)
481 AC_CHECK_DECL(AU_IPv4, [],
482 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
483 [#include <bsm/audit.h>]
484 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
485 [Define if pututxline updates lastlog too])
486 )
487 ;;
488 *-*-dragonfly*)
489 SSHDLIBS="$SSHDLIBS -lcrypt"
490 ;;
491 *-*-haiku*)
492 LIBS="$LIBS -lbsd "
493 AC_CHECK_LIB(network, socket)
494 AC_DEFINE(HAVE_U_INT64_T)
495 MANTYPE=man
496 ;;
497 *-*-hpux*)
498 # first we define all of the options common to all HP-UX releases
499 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
500 IPADDR_IN_DISPLAY=yes
501 AC_DEFINE(USE_PIPES)
502 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
503 [Define if your login program cannot handle end of options ("--")])
504 AC_DEFINE(LOGIN_NEEDS_UTMPX)
505 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
506 [String used in /etc/passwd to denote locked account])
507 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
508 MAIL="/var/mail/username"
509 LIBS="$LIBS -lsec"
510 AC_CHECK_LIB(xnet, t_error, ,
511 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
513 # next, we define all of the options specific to major releases
514 case "$host" in
515 *-*-hpux10*)
516 if test -z "$GCC"; then
517 CFLAGS="$CFLAGS -Ae"
518 fi
519 ;;
520 *-*-hpux11*)
521 AC_DEFINE(PAM_SUN_CODEBASE, 1,
522 [Define if you are using Solaris-derived PAM which
523 passes pam_messages to the conversation function
524 with an extra level of indirection])
525 AC_DEFINE(DISABLE_UTMP, 1,
526 [Define if you don't want to use utmp])
527 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
528 check_for_hpux_broken_getaddrinfo=1
529 check_for_conflicting_getspnam=1
530 ;;
531 esac
533 # lastly, we define options specific to minor releases
534 case "$host" in
535 *-*-hpux10.26)
536 AC_DEFINE(HAVE_SECUREWARE, 1,
537 [Define if you have SecureWare-based
538 protected password database])
539 disable_ptmx_check=yes
540 LIBS="$LIBS -lsecpw"
541 ;;
542 esac
543 ;;
544 *-*-irix5*)
545 PATH="$PATH:/usr/etc"
546 AC_DEFINE(BROKEN_INET_NTOA, 1,
547 [Define if you system's inet_ntoa is busted
548 (e.g. Irix gcc issue)])
549 AC_DEFINE(SETEUID_BREAKS_SETUID)
550 AC_DEFINE(BROKEN_SETREUID)
551 AC_DEFINE(BROKEN_SETREGID)
552 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
553 [Define if you shouldn't strip 'tty' from your
554 ttyname in [uw]tmp])
555 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
556 ;;
557 *-*-irix6*)
558 PATH="$PATH:/usr/etc"
559 AC_DEFINE(WITH_IRIX_ARRAY, 1,
560 [Define if you have/want arrays
561 (cluster-wide session managment, not C arrays)])
562 AC_DEFINE(WITH_IRIX_PROJECT, 1,
563 [Define if you want IRIX project management])
564 AC_DEFINE(WITH_IRIX_AUDIT, 1,
565 [Define if you want IRIX audit trails])
566 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
567 [Define if you want IRIX kernel jobs])])
568 AC_DEFINE(BROKEN_INET_NTOA)
569 AC_DEFINE(SETEUID_BREAKS_SETUID)
570 AC_DEFINE(BROKEN_SETREUID)
571 AC_DEFINE(BROKEN_SETREGID)
572 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
573 AC_DEFINE(WITH_ABBREV_NO_TTY)
574 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
575 ;;
576 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
577 check_for_libcrypt_later=1
578 AC_DEFINE(PAM_TTY_KLUDGE)
579 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
580 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
581 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
582 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
583 ;;
584 *-*-linux*)
585 no_dev_ptmx=1
586 check_for_libcrypt_later=1
587 check_for_openpty_ctty_bug=1
588 AC_DEFINE(PAM_TTY_KLUDGE, 1,
589 [Work around problematic Linux PAM modules handling of PAM_TTY])
590 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
591 [String used in /etc/passwd to denote locked account])
592 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
593 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
594 [Define to whatever link() returns for "not supported"
595 if it doesn't return EOPNOTSUPP.])
596 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
597 AC_DEFINE(USE_BTMP)
598 AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer])
599 inet6_default_4in6=yes
600 case `uname -r` in
601 1.*|2.0.*)
602 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
603 [Define if cmsg_type is not passed correctly])
604 ;;
605 esac
606 # tun(4) forwarding compat code
607 AC_CHECK_HEADERS(linux/if_tun.h)
608 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
609 AC_DEFINE(SSH_TUN_LINUX, 1,
610 [Open tunnel devices the Linux tun/tap way])
611 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
612 [Use tunnel device compatibility to OpenBSD])
613 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
614 [Prepend the address family to IP tunnel traffic])
615 fi
616 ;;
617 mips-sony-bsd|mips-sony-newsos4)
618 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
619 SONY=1
620 ;;
621 *-*-netbsd*)
622 check_for_libcrypt_before=1
623 if test "x$withval" != "xno" ; then
624 need_dash_r=1
625 fi
626 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
627 AC_CHECK_HEADER([net/if_tap.h], ,
628 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
629 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
630 [Prepend the address family to IP tunnel traffic])
631 ;;
632 *-*-freebsd*)
633 check_for_libcrypt_later=1
634 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
635 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
636 AC_CHECK_HEADER([net/if_tap.h], ,
637 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
638 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
639 ;;
640 *-*-bsdi*)
641 AC_DEFINE(SETEUID_BREAKS_SETUID)
642 AC_DEFINE(BROKEN_SETREUID)
643 AC_DEFINE(BROKEN_SETREGID)
644 ;;
645 *-next-*)
646 conf_lastlog_location="/usr/adm/lastlog"
647 conf_utmp_location=/etc/utmp
648 conf_wtmp_location=/usr/adm/wtmp
649 MAIL=/usr/spool/mail
650 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
651 AC_DEFINE(BROKEN_REALPATH)
652 AC_DEFINE(USE_PIPES)
653 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
654 ;;
655 *-*-openbsd*)
656 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
657 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
658 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
659 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
660 [syslog_r function is safe to use in in a signal handler])
661 ;;
662 *-*-solaris*)
663 if test "x$withval" != "xno" ; then
664 need_dash_r=1
665 fi
666 AC_DEFINE(PAM_SUN_CODEBASE)
667 AC_DEFINE(LOGIN_NEEDS_UTMPX)
668 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
669 [Some versions of /bin/login need the TERM supplied
670 on the commandline])
671 AC_DEFINE(PAM_TTY_KLUDGE)
672 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
673 [Define if pam_chauthtok wants real uid set
674 to the unpriv'ed user])
675 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
676 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
677 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
678 [Define if sshd somehow reacquires a controlling TTY
679 after setsid()])
680 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
681 in case the name is longer than 8 chars])
682 AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
683 external_path_file=/etc/default/login
684 # hardwire lastlog location (can't detect it on some versions)
685 conf_lastlog_location="/var/adm/lastlog"
686 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
687 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
688 if test "$sol2ver" -ge 8; then
689 AC_MSG_RESULT(yes)
690 AC_DEFINE(DISABLE_UTMP)
691 AC_DEFINE(DISABLE_WTMP, 1,
692 [Define if you don't want to use wtmp])
693 else
694 AC_MSG_RESULT(no)
695 fi
696 AC_ARG_WITH(solaris-contracts,
697 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
698 [
699 AC_CHECK_LIB(contract, ct_tmpl_activate,
700 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
701 [Define if you have Solaris process contracts])
702 SSHDLIBS="$SSHDLIBS -lcontract"
703 AC_SUBST(SSHDLIBS)
704 SPC_MSG="yes" ], )
705 ],
706 )
707 ;;
708 *-*-sunos4*)
709 CPPFLAGS="$CPPFLAGS -DSUNOS4"
710 AC_CHECK_FUNCS(getpwanam)
711 AC_DEFINE(PAM_SUN_CODEBASE)
712 conf_utmp_location=/etc/utmp
713 conf_wtmp_location=/var/adm/wtmp
714 conf_lastlog_location=/var/adm/lastlog
715 AC_DEFINE(USE_PIPES)
716 ;;
717 *-ncr-sysv*)
718 LIBS="$LIBS -lc89"
719 AC_DEFINE(USE_PIPES)
720 AC_DEFINE(SSHD_ACQUIRES_CTTY)
721 AC_DEFINE(SETEUID_BREAKS_SETUID)
722 AC_DEFINE(BROKEN_SETREUID)
723 AC_DEFINE(BROKEN_SETREGID)
724 ;;
725 *-sni-sysv*)
726 # /usr/ucblib MUST NOT be searched on ReliantUNIX
727 AC_CHECK_LIB(dl, dlsym, ,)
728 # -lresolv needs to be at the end of LIBS or DNS lookups break
729 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
730 IPADDR_IN_DISPLAY=yes
731 AC_DEFINE(USE_PIPES)
732 AC_DEFINE(IP_TOS_IS_BROKEN)
733 AC_DEFINE(SETEUID_BREAKS_SETUID)
734 AC_DEFINE(BROKEN_SETREUID)
735 AC_DEFINE(BROKEN_SETREGID)
736 AC_DEFINE(SSHD_ACQUIRES_CTTY)
737 external_path_file=/etc/default/login
738 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
739 # Attention: always take care to bind libsocket and libnsl before libc,
740 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
741 ;;
742 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
743 *-*-sysv4.2*)
744 AC_DEFINE(USE_PIPES)
745 AC_DEFINE(SETEUID_BREAKS_SETUID)
746 AC_DEFINE(BROKEN_SETREUID)
747 AC_DEFINE(BROKEN_SETREGID)
748 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
749 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
750 ;;
751 # UnixWare 7.x, OpenUNIX 8
752 *-*-sysv5*)
753 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
754 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
755 AC_DEFINE(USE_PIPES)
756 AC_DEFINE(SETEUID_BREAKS_SETUID)
757 AC_DEFINE(BROKEN_GETADDRINFO)
758 AC_DEFINE(BROKEN_SETREUID)
759 AC_DEFINE(BROKEN_SETREGID)
760 AC_DEFINE(PASSWD_NEEDS_USERNAME)
761 case "$host" in
762 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
763 TEST_SHELL=/u95/bin/sh
764 AC_DEFINE(BROKEN_LIBIAF, 1,
765 [ia_uinfo routines not supported by OS yet])
766 AC_DEFINE(BROKEN_UPDWTMPX)
767 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
768 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
769 AC_DEFINE(HAVE_SECUREWARE)
770 AC_DEFINE(DISABLE_SHADOW)
771 ],,)
772 ;;
773 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
774 check_for_libcrypt_later=1
775 ;;
776 esac
777 ;;
778 *-*-sysv*)
779 ;;
780 # SCO UNIX and OEM versions of SCO UNIX
781 *-*-sco3.2v4*)
782 AC_MSG_ERROR("This Platform is no longer supported.")
783 ;;
784 # SCO OpenServer 5.x
785 *-*-sco3.2v5*)
786 if test -z "$GCC"; then
787 CFLAGS="$CFLAGS -belf"
788 fi
789 LIBS="$LIBS -lprot -lx -ltinfo -lm"
790 no_dev_ptmx=1
791 AC_DEFINE(USE_PIPES)
792 AC_DEFINE(HAVE_SECUREWARE)
793 AC_DEFINE(DISABLE_SHADOW)
794 AC_DEFINE(DISABLE_FD_PASSING)
795 AC_DEFINE(SETEUID_BREAKS_SETUID)
796 AC_DEFINE(BROKEN_GETADDRINFO)
797 AC_DEFINE(BROKEN_SETREUID)
798 AC_DEFINE(BROKEN_SETREGID)
799 AC_DEFINE(WITH_ABBREV_NO_TTY)
800 AC_DEFINE(BROKEN_UPDWTMPX)
801 AC_DEFINE(PASSWD_NEEDS_USERNAME)
802 AC_CHECK_FUNCS(getluid setluid)
803 MANTYPE=man
804 TEST_SHELL=ksh
805 ;;
806 *-*-unicosmk*)
807 AC_DEFINE(NO_SSH_LASTLOG, 1,
808 [Define if you don't want to use lastlog in session.c])
809 AC_DEFINE(SETEUID_BREAKS_SETUID)
810 AC_DEFINE(BROKEN_SETREUID)
811 AC_DEFINE(BROKEN_SETREGID)
812 AC_DEFINE(USE_PIPES)
813 AC_DEFINE(DISABLE_FD_PASSING)
814 LDFLAGS="$LDFLAGS"
815 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
816 MANTYPE=cat
817 ;;
818 *-*-unicosmp*)
819 AC_DEFINE(SETEUID_BREAKS_SETUID)
820 AC_DEFINE(BROKEN_SETREUID)
821 AC_DEFINE(BROKEN_SETREGID)
822 AC_DEFINE(WITH_ABBREV_NO_TTY)
823 AC_DEFINE(USE_PIPES)
824 AC_DEFINE(DISABLE_FD_PASSING)
825 LDFLAGS="$LDFLAGS"
826 LIBS="$LIBS -lgen -lacid -ldb"
827 MANTYPE=cat
828 ;;
829 *-*-unicos*)
830 AC_DEFINE(SETEUID_BREAKS_SETUID)
831 AC_DEFINE(BROKEN_SETREUID)
832 AC_DEFINE(BROKEN_SETREGID)
833 AC_DEFINE(USE_PIPES)
834 AC_DEFINE(DISABLE_FD_PASSING)
835 AC_DEFINE(NO_SSH_LASTLOG)
836 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
837 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
838 MANTYPE=cat
839 ;;
840 *-dec-osf*)
841 AC_MSG_CHECKING(for Digital Unix SIA)
842 no_osfsia=""
843 AC_ARG_WITH(osfsia,
844 [ --with-osfsia Enable Digital Unix SIA],
845 [
846 if test "x$withval" = "xno" ; then
847 AC_MSG_RESULT(disabled)
848 no_osfsia=1
849 fi
850 ],
851 )
852 if test -z "$no_osfsia" ; then
853 if test -f /etc/sia/matrix.conf; then
854 AC_MSG_RESULT(yes)
855 AC_DEFINE(HAVE_OSF_SIA, 1,
856 [Define if you have Digital Unix Security
857 Integration Architecture])
858 AC_DEFINE(DISABLE_LOGIN, 1,
859 [Define if you don't want to use your
860 system's login() call])
861 AC_DEFINE(DISABLE_FD_PASSING)
862 LIBS="$LIBS -lsecurity -ldb -lm -laud"
863 SIA_MSG="yes"
864 else
865 AC_MSG_RESULT(no)
866 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
867 [String used in /etc/passwd to denote locked account])
868 fi
869 fi
870 AC_DEFINE(BROKEN_GETADDRINFO)
871 AC_DEFINE(SETEUID_BREAKS_SETUID)
872 AC_DEFINE(BROKEN_SETREUID)
873 AC_DEFINE(BROKEN_SETREGID)
874 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
875 ;;
877 *-*-nto-qnx*)
878 AC_DEFINE(USE_PIPES)
879 AC_DEFINE(NO_X11_UNIX_SOCKETS)
880 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
881 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
882 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
883 AC_DEFINE(DISABLE_LASTLOG)
884 AC_DEFINE(SSHD_ACQUIRES_CTTY)
885 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
886 enable_etc_default_login=no # has incompatible /etc/default/login
887 case "$host" in
888 *-*-nto-qnx6*)
889 AC_DEFINE(DISABLE_FD_PASSING)
890 ;;
891 esac
892 ;;
894 *-*-ultrix*)
895 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
896 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
897 AC_DEFINE(NEED_SETPGRP)
898 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
899 ;;
901 *-*-lynxos)
902 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
903 AC_DEFINE(MISSING_HOWMANY)
904 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
905 ;;
906 esac
908 AC_MSG_CHECKING(compiler and flags for sanity)
909 AC_RUN_IFELSE(
910 [AC_LANG_SOURCE([
911 #include <stdio.h>
912 int main(){exit(0);}
913 ])],
914 [ AC_MSG_RESULT(yes) ],
915 [
916 AC_MSG_RESULT(no)
917 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
918 ],
919 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
920 )
922 dnl Checks for header files.
923 # Checks for libraries.
924 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
925 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
927 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
928 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
929 AC_CHECK_LIB(gen, dirname,[
930 AC_CACHE_CHECK([for broken dirname],
931 ac_cv_have_broken_dirname, [
932 save_LIBS="$LIBS"
933 LIBS="$LIBS -lgen"
934 AC_RUN_IFELSE(
935 [AC_LANG_SOURCE([[
936 #include <libgen.h>
937 #include <string.h>
939 int main(int argc, char **argv) {
940 char *s, buf[32];
942 strncpy(buf,"/etc", 32);
943 s = dirname(buf);
944 if (!s || strncmp(s, "/", 32) != 0) {
945 exit(1);
946 } else {
947 exit(0);
948 }
949 }
950 ]])],
951 [ ac_cv_have_broken_dirname="no" ],
952 [ ac_cv_have_broken_dirname="yes" ],
953 [ ac_cv_have_broken_dirname="no" ],
954 )
955 LIBS="$save_LIBS"
956 ])
957 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
958 LIBS="$LIBS -lgen"
959 AC_DEFINE(HAVE_DIRNAME)
960 AC_CHECK_HEADERS(libgen.h)
961 fi
962 ])
963 ])
965 AC_CHECK_FUNC(getspnam, ,
966 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
967 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
968 [Define if you have the basename function.]))
970 dnl zlib is required
971 AC_ARG_WITH(zlib,
972 [ --with-zlib=PATH Use zlib in PATH],
973 [ if test "x$withval" = "xno" ; then
974 AC_MSG_ERROR([*** zlib is required ***])
975 elif test "x$withval" != "xyes"; then
976 if test -d "$withval/lib"; then
977 if test -n "${need_dash_r}"; then
978 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
979 else
980 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
981 fi
982 else
983 if test -n "${need_dash_r}"; then
984 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
985 else
986 LDFLAGS="-L${withval} ${LDFLAGS}"
987 fi
988 fi
989 if test -d "$withval/include"; then
990 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
991 else
992 CPPFLAGS="-I${withval} ${CPPFLAGS}"
993 fi
994 fi ]
995 )
997 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
998 AC_CHECK_LIB(z, deflate, ,
999 [
1000 saved_CPPFLAGS="$CPPFLAGS"
1001 saved_LDFLAGS="$LDFLAGS"
1002 save_LIBS="$LIBS"
1003 dnl Check default zlib install dir
1004 if test -n "${need_dash_r}"; then
1005 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1006 else
1007 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1008 fi
1009 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1010 LIBS="$LIBS -lz"
1011 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1012 [
1013 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1014 ]
1015 )
1016 ]
1017 )
1019 AC_ARG_WITH(zlib-version-check,
1020 [ --without-zlib-version-check Disable zlib version check],
1021 [ if test "x$withval" = "xno" ; then
1022 zlib_check_nonfatal=1
1023 fi
1024 ]
1025 )
1027 AC_MSG_CHECKING(for possibly buggy zlib)
1028 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1029 #include <stdio.h>
1030 #include <zlib.h>
1031 int main()
1032 {
1033 int a=0, b=0, c=0, d=0, n, v;
1034 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1035 if (n != 3 && n != 4)
1036 exit(1);
1037 v = a*1000000 + b*10000 + c*100 + d;
1038 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1040 /* 1.1.4 is OK */
1041 if (a == 1 && b == 1 && c >= 4)
1042 exit(0);
1044 /* 1.2.3 and up are OK */
1045 if (v >= 1020300)
1046 exit(0);
1048 exit(2);
1049 }
1050 ]])],
1051 AC_MSG_RESULT(no),
1052 [ AC_MSG_RESULT(yes)
1053 if test -z "$zlib_check_nonfatal" ; then
1054 AC_MSG_ERROR([*** zlib too old - check config.log ***
1055 Your reported zlib version has known security problems. It's possible your
1056 vendor has fixed these problems without changing the version number. If you
1057 are sure this is the case, you can disable the check by running
1058 "./configure --without-zlib-version-check".
1059 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1060 See http://www.gzip.org/zlib/ for details.])
1061 else
1062 AC_MSG_WARN([zlib version may have security problems])
1063 fi
1064 ],
1065 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1066 )
1068 dnl UnixWare 2.x
1069 AC_CHECK_FUNC(strcasecmp,
1070 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1071 )
1072 AC_CHECK_FUNCS(utimes,
1073 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1074 LIBS="$LIBS -lc89"]) ]
1075 )
1077 dnl Checks for libutil functions
1078 AC_CHECK_HEADERS(libutil.h)
1079 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1080 [Define if your libraries define login()])])
1081 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1083 AC_FUNC_STRFTIME
1085 # Check for ALTDIRFUNC glob() extension
1086 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1087 AC_EGREP_CPP(FOUNDIT,
1088 [
1089 #include <glob.h>
1090 #ifdef GLOB_ALTDIRFUNC
1091 FOUNDIT
1092 #endif
1093 ],
1094 [
1095 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1096 [Define if your system glob() function has
1097 the GLOB_ALTDIRFUNC extension])
1098 AC_MSG_RESULT(yes)
1099 ],
1100 [
1101 AC_MSG_RESULT(no)
1102 ]
1103 )
1105 # Check for g.gl_matchc glob() extension
1106 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1107 AC_TRY_COMPILE(
1108 [ #include <glob.h> ],
1109 [glob_t g; g.gl_matchc = 1;],
1110 [
1111 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1112 [Define if your system glob() function has
1113 gl_matchc options in glob_t])
1114 AC_MSG_RESULT(yes)
1115 ],
1116 [
1117 AC_MSG_RESULT(no)
1118 ]
1119 )
1121 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1123 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1124 AC_RUN_IFELSE(
1125 [AC_LANG_SOURCE([[
1126 #include <sys/types.h>
1127 #include <dirent.h>
1128 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1129 ]])],
1130 [AC_MSG_RESULT(yes)],
1131 [
1132 AC_MSG_RESULT(no)
1133 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1134 [Define if your struct dirent expects you to
1135 allocate extra space for d_name])
1136 ],
1137 [
1138 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1139 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1140 ]
1141 )
1143 AC_MSG_CHECKING([for /proc/pid/fd directory])
1144 if test -d "/proc/$$/fd" ; then
1145 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1146 AC_MSG_RESULT(yes)
1147 else
1148 AC_MSG_RESULT(no)
1149 fi
1151 # Check whether user wants S/Key support
1152 SKEY_MSG="no"
1153 AC_ARG_WITH(skey,
1154 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1155 [
1156 if test "x$withval" != "xno" ; then
1158 if test "x$withval" != "xyes" ; then
1159 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1160 LDFLAGS="$LDFLAGS -L${withval}/lib"
1161 fi
1163 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1164 LIBS="-lskey $LIBS"
1165 SKEY_MSG="yes"
1167 AC_MSG_CHECKING([for s/key support])
1168 AC_LINK_IFELSE(
1169 [AC_LANG_SOURCE([[
1170 #include <stdio.h>
1171 #include <skey.h>
1172 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1173 ]])],
1174 [AC_MSG_RESULT(yes)],
1175 [
1176 AC_MSG_RESULT(no)
1177 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1178 ])
1179 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1180 AC_TRY_COMPILE(
1181 [#include <stdio.h>
1182 #include <skey.h>],
1183 [(void)skeychallenge(NULL,"name","",0);],
1184 [AC_MSG_RESULT(yes)
1185 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1186 [Define if your skeychallenge()
1187 function takes 4 arguments (NetBSD)])],
1188 [AC_MSG_RESULT(no)]
1189 )
1190 fi
1191 ]
1192 )
1194 # Check whether user wants TCP wrappers support
1195 TCPW_MSG="no"
1196 AC_ARG_WITH(tcp-wrappers,
1197 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1198 [
1199 if test "x$withval" != "xno" ; then
1200 saved_LIBS="$LIBS"
1201 saved_LDFLAGS="$LDFLAGS"
1202 saved_CPPFLAGS="$CPPFLAGS"
1203 if test -n "${withval}" && \
1204 test "x${withval}" != "xyes"; then
1205 if test -d "${withval}/lib"; then
1206 if test -n "${need_dash_r}"; then
1207 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1208 else
1209 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1210 fi
1211 else
1212 if test -n "${need_dash_r}"; then
1213 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1214 else
1215 LDFLAGS="-L${withval} ${LDFLAGS}"
1216 fi
1217 fi
1218 if test -d "${withval}/include"; then
1219 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1220 else
1221 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1222 fi
1223 fi
1224 LIBS="-lwrap $LIBS"
1225 AC_MSG_CHECKING(for libwrap)
1226 AC_TRY_LINK(
1227 [
1228 #include <sys/types.h>
1229 #include <sys/socket.h>
1230 #include <netinet/in.h>
1231 #include <tcpd.h>
1232 int deny_severity = 0, allow_severity = 0;
1233 ],
1234 [hosts_access(0);],
1235 [
1236 AC_MSG_RESULT(yes)
1237 AC_DEFINE(LIBWRAP, 1,
1238 [Define if you want
1239 TCP Wrappers support])
1240 SSHDLIBS="$SSHDLIBS -lwrap"
1241 TCPW_MSG="yes"
1242 ],
1243 [
1244 AC_MSG_ERROR([*** libwrap missing])
1245 ]
1246 )
1247 LIBS="$saved_LIBS"
1248 fi
1249 ]
1250 )
1252 # Check whether user wants libedit support
1253 LIBEDIT_MSG="no"
1254 AC_ARG_WITH(libedit,
1255 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1256 [ if test "x$withval" != "xno" ; then
1257 if test "x$withval" = "xyes" ; then
1258 AC_PATH_PROG(PKGCONFIG, pkg-config, no)
1259 if test "x$PKGCONFIG" != "xno"; then
1260 AC_MSG_CHECKING(if $PKGCONFIG knows about libedit)
1261 if "$PKGCONFIG" libedit; then
1262 AC_MSG_RESULT(yes)
1263 use_pkgconfig_for_libedit=yes
1264 else
1265 AC_MSG_RESULT(no)
1266 fi
1267 fi
1268 else
1269 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1270 if test -n "${need_dash_r}"; then
1271 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1272 else
1273 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1274 fi
1275 fi
1276 if test "x$use_pkgconfig_for_libedit" == "xyes"; then
1277 LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
1278 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1279 else
1280 LIBEDIT="-ledit -lcurses"
1281 fi
1282 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1283 AC_CHECK_LIB(edit, el_init,
1284 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1285 LIBEDIT_MSG="yes"
1286 AC_SUBST(LIBEDIT)
1287 ],
1288 [ AC_MSG_ERROR(libedit not found) ],
1289 [ $OTHERLIBS ]
1290 )
1291 AC_MSG_CHECKING(if libedit version is compatible)
1292 AC_COMPILE_IFELSE(
1293 [AC_LANG_SOURCE([[
1294 #include <histedit.h>
1295 int main(void)
1296 {
1297 int i = H_SETSIZE;
1298 el_init("", NULL, NULL, NULL);
1299 exit(0);
1300 }
1301 ]])],
1302 [ AC_MSG_RESULT(yes) ],
1303 [ AC_MSG_RESULT(no)
1304 AC_MSG_ERROR(libedit version is not compatible) ]
1305 )
1306 fi ]
1307 )
1309 AUDIT_MODULE=none
1310 AC_ARG_WITH(audit,
1311 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1312 [
1313 AC_MSG_CHECKING(for supported audit module)
1314 case "$withval" in
1315 bsm)
1316 AC_MSG_RESULT(bsm)
1317 AUDIT_MODULE=bsm
1318 dnl Checks for headers, libs and functions
1319 AC_CHECK_HEADERS(bsm/audit.h, [],
1320 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1321 [
1322 #ifdef HAVE_TIME_H
1323 # include <time.h>
1324 #endif
1325 ]
1326 )
1327 AC_CHECK_LIB(bsm, getaudit, [],
1328 [AC_MSG_ERROR(BSM enabled and required library not found)])
1329 AC_CHECK_FUNCS(getaudit, [],
1330 [AC_MSG_ERROR(BSM enabled and required function not found)])
1331 # These are optional
1332 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1333 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1334 ;;
1335 debug)
1336 AUDIT_MODULE=debug
1337 AC_MSG_RESULT(debug)
1338 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1339 ;;
1340 no)
1341 AC_MSG_RESULT(no)
1342 ;;
1343 *)
1344 AC_MSG_ERROR([Unknown audit module $withval])
1345 ;;
1346 esac ]
1347 )
1349 dnl Checks for library functions. Please keep in alphabetical order
1350 AC_CHECK_FUNCS( \
1351 arc4random \
1352 arc4random_buf \
1353 arc4random_uniform \
1354 asprintf \
1355 b64_ntop \
1356 __b64_ntop \
1357 b64_pton \
1358 __b64_pton \
1359 bcopy \
1360 bindresvport_sa \
1361 clock \
1362 closefrom \
1363 dirfd \
1364 fchmod \
1365 fchown \
1366 freeaddrinfo \
1367 fstatvfs \
1368 futimes \
1369 getaddrinfo \
1370 getcwd \
1371 getgrouplist \
1372 getnameinfo \
1373 getopt \
1374 getpeereid \
1375 getpeerucred \
1376 _getpty \
1377 getrlimit \
1378 getttyent \
1379 glob \
1380 group_from_gid \
1381 inet_aton \
1382 inet_ntoa \
1383 inet_ntop \
1384 innetgr \
1385 login_getcapbool \
1386 md5_crypt \
1387 memmove \
1388 mkdtemp \
1389 mmap \
1390 ngetaddrinfo \
1391 nsleep \
1392 ogetaddrinfo \
1393 openlog_r \
1394 openpty \
1395 poll \
1396 prctl \
1397 pstat \
1398 readpassphrase \
1399 realpath \
1400 recvmsg \
1401 rresvport_af \
1402 sendmsg \
1403 setdtablesize \
1404 setegid \
1405 setenv \
1406 seteuid \
1407 setgroupent \
1408 setgroups \
1409 setlogin \
1410 setpassent\
1411 setpcred \
1412 setproctitle \
1413 setregid \
1414 setreuid \
1415 setrlimit \
1416 setsid \
1417 setvbuf \
1418 sigaction \
1419 sigvec \
1420 snprintf \
1421 socketpair \
1422 statfs \
1423 statvfs \
1424 strdup \
1425 strerror \
1426 strlcat \
1427 strlcpy \
1428 strmode \
1429 strnvis \
1430 strptime \
1431 strtonum \
1432 strtoll \
1433 strtoul \
1434 swap32 \
1435 sysconf \
1436 tcgetpgrp \
1437 truncate \
1438 unsetenv \
1439 updwtmpx \
1440 user_from_uid \
1441 vasprintf \
1442 vhangup \
1443 vsnprintf \
1444 waitpid \
1445 )
1447 # PKCS#11 support requires dlopen() and co
1448 AC_SEARCH_LIBS(dlopen, dl,
1449 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
1450 )
1452 # IRIX has a const char return value for gai_strerror()
1453 AC_CHECK_FUNCS(gai_strerror,[
1454 AC_DEFINE(HAVE_GAI_STRERROR)
1455 AC_TRY_COMPILE([
1456 #include <sys/types.h>
1457 #include <sys/socket.h>
1458 #include <netdb.h>
1460 const char *gai_strerror(int);],[
1461 char *str;
1463 str = gai_strerror(0);],[
1464 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1465 [Define if gai_strerror() returns const char *])])])
1467 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1468 [Some systems put nanosleep outside of libc]))
1470 dnl Make sure prototypes are defined for these before using them.
1471 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1472 AC_CHECK_DECL(strsep,
1473 [AC_CHECK_FUNCS(strsep)],
1474 [],
1475 [
1476 #ifdef HAVE_STRING_H
1477 # include <string.h>
1478 #endif
1479 ])
1481 dnl tcsendbreak might be a macro
1482 AC_CHECK_DECL(tcsendbreak,
1483 [AC_DEFINE(HAVE_TCSENDBREAK)],
1484 [AC_CHECK_FUNCS(tcsendbreak)],
1485 [#include <termios.h>]
1486 )
1488 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1490 AC_CHECK_DECLS(SHUT_RD, , ,
1491 [
1492 #include <sys/types.h>
1493 #include <sys/socket.h>
1494 ])
1496 AC_CHECK_DECLS(O_NONBLOCK, , ,
1497 [
1498 #include <sys/types.h>
1499 #ifdef HAVE_SYS_STAT_H
1500 # include <sys/stat.h>
1501 #endif
1502 #ifdef HAVE_FCNTL_H
1503 # include <fcntl.h>
1504 #endif
1505 ])
1507 AC_CHECK_DECLS(writev, , , [
1508 #include <sys/types.h>
1509 #include <sys/uio.h>
1510 #include <unistd.h>
1511 ])
1513 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1514 #include <sys/param.h>
1515 ])
1517 AC_CHECK_DECLS(offsetof, , , [
1518 #include <stddef.h>
1519 ])
1521 AC_CHECK_FUNCS(setresuid, [
1522 dnl Some platorms have setresuid that isn't implemented, test for this
1523 AC_MSG_CHECKING(if setresuid seems to work)
1524 AC_RUN_IFELSE(
1525 [AC_LANG_SOURCE([[
1526 #include <stdlib.h>
1527 #include <errno.h>
1528 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1529 ]])],
1530 [AC_MSG_RESULT(yes)],
1531 [AC_DEFINE(BROKEN_SETRESUID, 1,
1532 [Define if your setresuid() is broken])
1533 AC_MSG_RESULT(not implemented)],
1534 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1535 )
1536 ])
1538 AC_CHECK_FUNCS(setresgid, [
1539 dnl Some platorms have setresgid that isn't implemented, test for this
1540 AC_MSG_CHECKING(if setresgid seems to work)
1541 AC_RUN_IFELSE(
1542 [AC_LANG_SOURCE([[
1543 #include <stdlib.h>
1544 #include <errno.h>
1545 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1546 ]])],
1547 [AC_MSG_RESULT(yes)],
1548 [AC_DEFINE(BROKEN_SETRESGID, 1,
1549 [Define if your setresgid() is broken])
1550 AC_MSG_RESULT(not implemented)],
1551 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1552 )
1553 ])
1555 dnl Checks for time functions
1556 AC_CHECK_FUNCS(gettimeofday time)
1557 dnl Checks for utmp functions
1558 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1559 AC_CHECK_FUNCS(utmpname)
1560 dnl Checks for utmpx functions
1561 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline getutxuser pututxline)
1562 AC_CHECK_FUNCS(setutxdb setutxent utmpxname)
1563 dnl Checks for lastlog functions
1564 AC_CHECK_FUNCS(getlastlogxbyname)
1566 AC_CHECK_FUNC(daemon,
1567 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1568 [AC_CHECK_LIB(bsd, daemon,
1569 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1570 )
1572 AC_CHECK_FUNC(getpagesize,
1573 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1574 [Define if your libraries define getpagesize()])],
1575 [AC_CHECK_LIB(ucb, getpagesize,
1576 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1577 )
1579 # Check for broken snprintf
1580 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1581 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1582 AC_RUN_IFELSE(
1583 [AC_LANG_SOURCE([[
1584 #include <stdio.h>
1585 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1586 ]])],
1587 [AC_MSG_RESULT(yes)],
1588 [
1589 AC_MSG_RESULT(no)
1590 AC_DEFINE(BROKEN_SNPRINTF, 1,
1591 [Define if your snprintf is busted])
1592 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1593 ],
1594 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1595 )
1596 fi
1598 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1599 # returning the right thing on overflow: the number of characters it tried to
1600 # create (as per SUSv3)
1601 if test "x$ac_cv_func_asprintf" != "xyes" && \
1602 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1603 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1604 AC_RUN_IFELSE(
1605 [AC_LANG_SOURCE([[
1606 #include <sys/types.h>
1607 #include <stdio.h>
1608 #include <stdarg.h>
1610 int x_snprintf(char *str,size_t count,const char *fmt,...)
1611 {
1612 size_t ret; va_list ap;
1613 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1614 return ret;
1615 }
1616 int main(void)
1617 {
1618 char x[1];
1619 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1620 } ]])],
1621 [AC_MSG_RESULT(yes)],
1622 [
1623 AC_MSG_RESULT(no)
1624 AC_DEFINE(BROKEN_SNPRINTF, 1,
1625 [Define if your snprintf is busted])
1626 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1627 ],
1628 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1629 )
1630 fi
1632 # On systems where [v]snprintf is broken, but is declared in stdio,
1633 # check that the fmt argument is const char * or just char *.
1634 # This is only useful for when BROKEN_SNPRINTF
1635 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1636 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1637 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1638 int main(void) { snprintf(0, 0, 0); }
1639 ]])],
1640 [AC_MSG_RESULT(yes)
1641 AC_DEFINE(SNPRINTF_CONST, [const],
1642 [Define as const if snprintf() can declare const char *fmt])],
1643 [AC_MSG_RESULT(no)
1644 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1646 # Check for missing getpeereid (or equiv) support
1647 NO_PEERCHECK=""
1648 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1649 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1650 AC_TRY_COMPILE(
1651 [#include <sys/types.h>
1652 #include <sys/socket.h>],
1653 [int i = SO_PEERCRED;],
1654 [ AC_MSG_RESULT(yes)
1655 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1656 ],
1657 [AC_MSG_RESULT(no)
1658 NO_PEERCHECK=1]
1659 )
1660 fi
1662 dnl see whether mkstemp() requires XXXXXX
1663 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1664 AC_MSG_CHECKING([for (overly) strict mkstemp])
1665 AC_RUN_IFELSE(
1666 [AC_LANG_SOURCE([[
1667 #include <stdlib.h>
1668 main() { char template[]="conftest.mkstemp-test";
1669 if (mkstemp(template) == -1)
1670 exit(1);
1671 unlink(template); exit(0);
1672 }
1673 ]])],
1674 [
1675 AC_MSG_RESULT(no)
1676 ],
1677 [
1678 AC_MSG_RESULT(yes)
1679 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1680 ],
1681 [
1682 AC_MSG_RESULT(yes)
1683 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1684 ]
1685 )
1686 fi
1688 dnl make sure that openpty does not reacquire controlling terminal
1689 if test ! -z "$check_for_openpty_ctty_bug"; then
1690 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1691 AC_RUN_IFELSE(
1692 [AC_LANG_SOURCE([[
1693 #include <stdio.h>
1694 #include <sys/fcntl.h>
1695 #include <sys/types.h>
1696 #include <sys/wait.h>
1698 int
1699 main()
1700 {
1701 pid_t pid;
1702 int fd, ptyfd, ttyfd, status;
1704 pid = fork();
1705 if (pid < 0) { /* failed */
1706 exit(1);
1707 } else if (pid > 0) { /* parent */
1708 waitpid(pid, &status, 0);
1709 if (WIFEXITED(status))
1710 exit(WEXITSTATUS(status));
1711 else
1712 exit(2);
1713 } else { /* child */
1714 close(0); close(1); close(2);
1715 setsid();
1716 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1717 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1718 if (fd >= 0)
1719 exit(3); /* Acquired ctty: broken */
1720 else
1721 exit(0); /* Did not acquire ctty: OK */
1722 }
1723 }
1724 ]])],
1725 [
1726 AC_MSG_RESULT(yes)
1727 ],
1728 [
1729 AC_MSG_RESULT(no)
1730 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1731 ],
1732 [
1733 AC_MSG_RESULT(cross-compiling, assuming yes)
1734 ]
1735 )
1736 fi
1738 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1739 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1740 AC_MSG_CHECKING(if getaddrinfo seems to work)
1741 AC_RUN_IFELSE(
1742 [AC_LANG_SOURCE([[
1743 #include <stdio.h>
1744 #include <sys/socket.h>
1745 #include <netdb.h>
1746 #include <errno.h>
1747 #include <netinet/in.h>
1749 #define TEST_PORT "2222"
1751 int
1752 main(void)
1753 {
1754 int err, sock;
1755 struct addrinfo *gai_ai, *ai, hints;
1756 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1758 memset(&hints, 0, sizeof(hints));
1759 hints.ai_family = PF_UNSPEC;
1760 hints.ai_socktype = SOCK_STREAM;
1761 hints.ai_flags = AI_PASSIVE;
1763 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1764 if (err != 0) {
1765 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1766 exit(1);
1767 }
1769 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1770 if (ai->ai_family != AF_INET6)
1771 continue;
1773 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1774 sizeof(ntop), strport, sizeof(strport),
1775 NI_NUMERICHOST|NI_NUMERICSERV);
1777 if (err != 0) {
1778 if (err == EAI_SYSTEM)
1779 perror("getnameinfo EAI_SYSTEM");
1780 else
1781 fprintf(stderr, "getnameinfo failed: %s\n",
1782 gai_strerror(err));
1783 exit(2);
1784 }
1786 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1787 if (sock < 0)
1788 perror("socket");
1789 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1790 if (errno == EBADF)
1791 exit(3);
1792 }
1793 }
1794 exit(0);
1795 }
1796 ]])],
1797 [
1798 AC_MSG_RESULT(yes)
1799 ],
1800 [
1801 AC_MSG_RESULT(no)
1802 AC_DEFINE(BROKEN_GETADDRINFO)
1803 ],
1804 [
1805 AC_MSG_RESULT(cross-compiling, assuming yes)
1806 ]
1807 )
1808 fi
1810 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1811 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1812 AC_MSG_CHECKING(if getaddrinfo seems to work)
1813 AC_RUN_IFELSE(
1814 [AC_LANG_SOURCE([[
1815 #include <stdio.h>
1816 #include <sys/socket.h>
1817 #include <netdb.h>
1818 #include <errno.h>
1819 #include <netinet/in.h>
1821 #define TEST_PORT "2222"
1823 int
1824 main(void)
1825 {
1826 int err, sock;
1827 struct addrinfo *gai_ai, *ai, hints;
1828 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1830 memset(&hints, 0, sizeof(hints));
1831 hints.ai_family = PF_UNSPEC;
1832 hints.ai_socktype = SOCK_STREAM;
1833 hints.ai_flags = AI_PASSIVE;
1835 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1836 if (err != 0) {
1837 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1838 exit(1);
1839 }
1841 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1842 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1843 continue;
1845 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1846 sizeof(ntop), strport, sizeof(strport),
1847 NI_NUMERICHOST|NI_NUMERICSERV);
1849 if (ai->ai_family == AF_INET && err != 0) {
1850 perror("getnameinfo");
1851 exit(2);
1852 }
1853 }
1854 exit(0);
1855 }
1856 ]])],
1857 [
1858 AC_MSG_RESULT(yes)
1859 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1860 [Define if you have a getaddrinfo that fails
1861 for the all-zeros IPv6 address])
1862 ],
1863 [
1864 AC_MSG_RESULT(no)
1865 AC_DEFINE(BROKEN_GETADDRINFO)
1866 ],
1867 [
1868 AC_MSG_RESULT(cross-compiling, assuming no)
1869 ]
1870 )
1871 fi
1873 if test "x$check_for_conflicting_getspnam" = "x1"; then
1874 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1875 AC_COMPILE_IFELSE(
1876 [
1877 #include <shadow.h>
1878 int main(void) {exit(0);}
1879 ],
1880 [
1881 AC_MSG_RESULT(no)
1882 ],
1883 [
1884 AC_MSG_RESULT(yes)
1885 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1886 [Conflicting defs for getspnam])
1887 ]
1888 )
1889 fi
1891 AC_FUNC_GETPGRP
1893 # Search for OpenSSL
1894 saved_CPPFLAGS="$CPPFLAGS"
1895 saved_LDFLAGS="$LDFLAGS"
1896 AC_ARG_WITH(ssl-dir,
1897 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1898 [
1899 if test "x$withval" != "xno" ; then
1900 case "$withval" in
1901 # Relative paths
1902 ./*|../*) withval="`pwd`/$withval"
1903 esac
1904 if test -d "$withval/lib"; then
1905 if test -n "${need_dash_r}"; then
1906 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1907 else
1908 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1909 fi
1910 elif test -d "$withval/lib64"; then
1911 if test -n "${need_dash_r}"; then
1912 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
1913 else
1914 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
1915 fi
1916 else
1917 if test -n "${need_dash_r}"; then
1918 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1919 else
1920 LDFLAGS="-L${withval} ${LDFLAGS}"
1921 fi
1922 fi
1923 if test -d "$withval/include"; then
1924 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1925 else
1926 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1927 fi
1928 fi
1929 ]
1930 )
1931 LIBS="-lcrypto $LIBS"
1932 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1933 [Define if your ssl headers are included
1934 with #include <openssl/header.h>]),
1935 [
1936 dnl Check default openssl install dir
1937 if test -n "${need_dash_r}"; then
1938 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1939 else
1940 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1941 fi
1942 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1943 AC_CHECK_HEADER([openssl/opensslv.h], ,
1944 AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
1945 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1946 [
1947 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1948 ]
1949 )
1950 ]
1951 )
1953 # Determine OpenSSL header version
1954 AC_MSG_CHECKING([OpenSSL header version])
1955 AC_RUN_IFELSE(
1956 [AC_LANG_SOURCE([[
1957 #include <stdio.h>
1958 #include <string.h>
1959 #include <openssl/opensslv.h>
1960 #define DATA "conftest.sslincver"
1961 int main(void) {
1962 FILE *fd;
1963 int rc;
1965 fd = fopen(DATA,"w");
1966 if(fd == NULL)
1967 exit(1);
1969 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1970 exit(1);
1972 exit(0);
1973 }
1974 ]])],
1975 [
1976 ssl_header_ver=`cat conftest.sslincver`
1977 AC_MSG_RESULT($ssl_header_ver)
1978 ],
1979 [
1980 AC_MSG_RESULT(not found)
1981 AC_MSG_ERROR(OpenSSL version header not found.)
1982 ],
1983 [
1984 AC_MSG_WARN([cross compiling: not checking])
1985 ]
1986 )
1988 # Determine OpenSSL library version
1989 AC_MSG_CHECKING([OpenSSL library version])
1990 AC_RUN_IFELSE(
1991 [AC_LANG_SOURCE([[
1992 #include <stdio.h>
1993 #include <string.h>
1994 #include <openssl/opensslv.h>
1995 #include <openssl/crypto.h>
1996 #define DATA "conftest.ssllibver"
1997 int main(void) {
1998 FILE *fd;
1999 int rc;
2001 fd = fopen(DATA,"w");
2002 if(fd == NULL)
2003 exit(1);
2005 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2006 exit(1);
2008 exit(0);
2009 }
2010 ]])],
2011 [
2012 ssl_library_ver=`cat conftest.ssllibver`
2013 AC_MSG_RESULT($ssl_library_ver)
2014 ],
2015 [
2016 AC_MSG_RESULT(not found)
2017 AC_MSG_ERROR(OpenSSL library not found.)
2018 ],
2019 [
2020 AC_MSG_WARN([cross compiling: not checking])
2021 ]
2022 )
2024 AC_ARG_WITH(openssl-header-check,
2025 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2026 [ if test "x$withval" = "xno" ; then
2027 openssl_check_nonfatal=1
2028 fi
2029 ]
2030 )
2032 # Sanity check OpenSSL headers
2033 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2034 AC_RUN_IFELSE(
2035 [AC_LANG_SOURCE([[
2036 #include <string.h>
2037 #include <openssl/opensslv.h>
2038 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2039 ]])],
2040 [
2041 AC_MSG_RESULT(yes)
2042 ],
2043 [
2044 AC_MSG_RESULT(no)
2045 if test "x$openssl_check_nonfatal" = "x"; then
2046 AC_MSG_ERROR([Your OpenSSL headers do not match your
2047 library. Check config.log for details.
2048 If you are sure your installation is consistent, you can disable the check
2049 by running "./configure --without-openssl-header-check".
2050 Also see contrib/findssl.sh for help identifying header/library mismatches.
2051 ])
2052 else
2053 AC_MSG_WARN([Your OpenSSL headers do not match your
2054 library. Check config.log for details.
2055 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2056 fi
2057 ],
2058 [
2059 AC_MSG_WARN([cross compiling: not checking])
2060 ]
2061 )
2063 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2064 AC_LINK_IFELSE(
2065 [AC_LANG_SOURCE([[
2066 #include <openssl/evp.h>
2067 int main(void) { SSLeay_add_all_algorithms(); }
2068 ]])],
2069 [
2070 AC_MSG_RESULT(yes)
2071 ],
2072 [
2073 AC_MSG_RESULT(no)
2074 saved_LIBS="$LIBS"
2075 LIBS="$LIBS -ldl"
2076 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2077 AC_LINK_IFELSE(
2078 [AC_LANG_SOURCE([[
2079 #include <openssl/evp.h>
2080 int main(void) { SSLeay_add_all_algorithms(); }
2081 ]])],
2082 [
2083 AC_MSG_RESULT(yes)
2084 ],
2085 [
2086 AC_MSG_RESULT(no)
2087 LIBS="$saved_LIBS"
2088 ]
2089 )
2090 ]
2091 )
2093 AC_ARG_WITH(ssl-engine,
2094 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2095 [ if test "x$withval" != "xno" ; then
2096 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2097 AC_TRY_COMPILE(
2098 [ #include <openssl/engine.h>],
2099 [
2100 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2101 ],
2102 [ AC_MSG_RESULT(yes)
2103 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2104 [Enable OpenSSL engine support])
2105 ],
2106 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2107 )
2108 fi ]
2109 )
2111 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2112 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2113 AC_LINK_IFELSE(
2114 [AC_LANG_SOURCE([[
2115 #include <string.h>
2116 #include <openssl/evp.h>
2117 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2118 ]])],
2119 [
2120 AC_MSG_RESULT(no)
2121 ],
2122 [
2123 AC_MSG_RESULT(yes)
2124 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2125 [libcrypto is missing AES 192 and 256 bit functions])
2126 ]
2127 )
2129 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2130 AC_LINK_IFELSE(
2131 [AC_LANG_SOURCE([[
2132 #include <string.h>
2133 #include <openssl/evp.h>
2134 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2135 ]])],
2136 [
2137 AC_MSG_RESULT(yes)
2138 ],
2139 [
2140 AC_MSG_RESULT(no)
2141 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2142 [Define if EVP_DigestUpdate returns void])
2143 ]
2144 )
2146 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2147 # because the system crypt() is more featureful.
2148 if test "x$check_for_libcrypt_before" = "x1"; then
2149 AC_CHECK_LIB(crypt, crypt)
2150 fi
2152 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2153 # version in OpenSSL.
2154 if test "x$check_for_libcrypt_later" = "x1"; then
2155 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2156 fi
2158 # Search for SHA256 support in libc and/or OpenSSL
2159 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2161 saved_LIBS="$LIBS"
2162 AC_CHECK_LIB(iaf, ia_openinfo, [
2163 LIBS="$LIBS -liaf"
2164 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2165 AC_DEFINE(HAVE_LIBIAF, 1,
2166 [Define if system has libiaf that supports set_id])
2167 ])
2168 ])
2169 LIBS="$saved_LIBS"
2171 ### Configure cryptographic random number support
2173 # Check wheter OpenSSL seeds itself
2174 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2175 AC_RUN_IFELSE(
2176 [AC_LANG_SOURCE([[
2177 #include <string.h>
2178 #include <openssl/rand.h>
2179 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2180 ]])],
2181 [
2182 OPENSSL_SEEDS_ITSELF=yes
2183 AC_MSG_RESULT(yes)
2184 ],
2185 [
2186 AC_MSG_RESULT(no)
2187 # Default to use of the rand helper if OpenSSL doesn't
2188 # seed itself
2189 USE_RAND_HELPER=yes
2190 ],
2191 [
2192 AC_MSG_WARN([cross compiling: assuming yes])
2193 # This is safe, since all recent OpenSSL versions will
2194 # complain at runtime if not seeded correctly.
2195 OPENSSL_SEEDS_ITSELF=yes
2196 ]
2197 )
2199 # Check for PAM libs
2200 PAM_MSG="no"
2201 AC_ARG_WITH(pam,
2202 [ --with-pam Enable PAM support ],
2203 [
2204 if test "x$withval" != "xno" ; then
2205 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2206 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2207 AC_MSG_ERROR([PAM headers not found])
2208 fi
2210 saved_LIBS="$LIBS"
2211 AC_CHECK_LIB(dl, dlopen, , )
2212 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2213 AC_CHECK_FUNCS(pam_getenvlist)
2214 AC_CHECK_FUNCS(pam_putenv)
2215 LIBS="$saved_LIBS"
2217 PAM_MSG="yes"
2219 SSHDLIBS="$SSHDLIBS -lpam"
2220 AC_DEFINE(USE_PAM, 1,
2221 [Define if you want to enable PAM support])
2223 if test $ac_cv_lib_dl_dlopen = yes; then
2224 case "$LIBS" in
2225 *-ldl*)
2226 # libdl already in LIBS
2227 ;;
2228 *)
2229 SSHDLIBS="$SSHDLIBS -ldl"
2230 ;;
2231 esac
2232 fi
2233 fi
2234 ]
2235 )
2237 # Check for older PAM
2238 if test "x$PAM_MSG" = "xyes" ; then
2239 # Check PAM strerror arguments (old PAM)
2240 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2241 AC_TRY_COMPILE(
2242 [
2243 #include <stdlib.h>
2244 #if defined(HAVE_SECURITY_PAM_APPL_H)
2245 #include <security/pam_appl.h>
2246 #elif defined (HAVE_PAM_PAM_APPL_H)
2247 #include <pam/pam_appl.h>
2248 #endif
2249 ],
2250 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2251 [AC_MSG_RESULT(no)],
2252 [
2253 AC_DEFINE(HAVE_OLD_PAM, 1,
2254 [Define if you have an old version of PAM
2255 which takes only one argument to pam_strerror])
2256 AC_MSG_RESULT(yes)
2257 PAM_MSG="yes (old library)"
2258 ]
2259 )
2260 fi
2262 # Do we want to force the use of the rand helper?
2263 AC_ARG_WITH(rand-helper,
2264 [ --with-rand-helper Use subprocess to gather strong randomness ],
2265 [
2266 if test "x$withval" = "xno" ; then
2267 # Force use of OpenSSL's internal RNG, even if
2268 # the previous test showed it to be unseeded.
2269 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2270 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2271 OPENSSL_SEEDS_ITSELF=yes
2272 USE_RAND_HELPER=""
2273 fi
2274 else
2275 USE_RAND_HELPER=yes
2276 fi
2277 ],
2278 )
2280 # Which randomness source do we use?
2281 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2282 # OpenSSL only
2283 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2284 [Define if you want OpenSSL's internally seeded PRNG only])
2285 RAND_MSG="OpenSSL internal ONLY"
2286 INSTALL_SSH_RAND_HELPER=""
2287 elif test ! -z "$USE_RAND_HELPER" ; then
2288 # install rand helper
2289 RAND_MSG="ssh-rand-helper"
2290 INSTALL_SSH_RAND_HELPER="yes"
2291 fi
2292 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2294 ### Configuration of ssh-rand-helper
2296 # PRNGD TCP socket
2297 AC_ARG_WITH(prngd-port,
2298 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2299 [
2300 case "$withval" in
2301 no)
2302 withval=""
2303 ;;
2304 [[0-9]]*)
2305 ;;
2306 *)
2307 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2308 ;;
2309 esac
2310 if test ! -z "$withval" ; then
2311 PRNGD_PORT="$withval"
2312 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2313 [Port number of PRNGD/EGD random number socket])
2314 fi
2315 ]
2316 )
2318 # PRNGD Unix domain socket
2319 AC_ARG_WITH(prngd-socket,
2320 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2321 [
2322 case "$withval" in
2323 yes)
2324 withval="/var/run/egd-pool"
2325 ;;
2326 no)
2327 withval=""
2328 ;;
2329 /*)
2330 ;;
2331 *)
2332 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2333 ;;
2334 esac
2336 if test ! -z "$withval" ; then
2337 if test ! -z "$PRNGD_PORT" ; then
2338 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2339 fi
2340 if test ! -r "$withval" ; then
2341 AC_MSG_WARN(Entropy socket is not readable)
2342 fi
2343 PRNGD_SOCKET="$withval"
2344 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2345 [Location of PRNGD/EGD random number socket])
2346 fi
2347 ],
2348 [
2349 # Check for existing socket only if we don't have a random device already
2350 if test "$USE_RAND_HELPER" = yes ; then
2351 AC_MSG_CHECKING(for PRNGD/EGD socket)
2352 # Insert other locations here
2353 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2354 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2355 PRNGD_SOCKET="$sock"
2356 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2357 break;
2358 fi
2359 done
2360 if test ! -z "$PRNGD_SOCKET" ; then
2361 AC_MSG_RESULT($PRNGD_SOCKET)
2362 else
2363 AC_MSG_RESULT(not found)
2364 fi
2365 fi
2366 ]
2367 )
2369 # Change default command timeout for hashing entropy source
2370 entropy_timeout=200
2371 AC_ARG_WITH(entropy-timeout,
2372 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2373 [
2374 if test -n "$withval" && test "x$withval" != "xno" && \
2375 test "x${withval}" != "xyes"; then
2376 entropy_timeout=$withval
2377 fi
2378 ]
2379 )
2380 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2381 [Builtin PRNG command timeout])
2383 SSH_PRIVSEP_USER=sshd
2384 AC_ARG_WITH(privsep-user,
2385 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2386 [
2387 if test -n "$withval" && test "x$withval" != "xno" && \
2388 test "x${withval}" != "xyes"; then
2389 SSH_PRIVSEP_USER=$withval
2390 fi
2391 ]
2392 )
2393 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2394 [non-privileged user for privilege separation])
2395 AC_SUBST(SSH_PRIVSEP_USER)
2397 # We do this little dance with the search path to insure
2398 # that programs that we select for use by installed programs
2399 # (which may be run by the super-user) come from trusted
2400 # locations before they come from the user's private area.
2401 # This should help avoid accidentally configuring some
2402 # random version of a program in someone's personal bin.
2404 OPATH=$PATH
2405 PATH=/bin:/usr/bin
2406 test -h /bin 2> /dev/null && PATH=/usr/bin
2407 test -d /sbin && PATH=$PATH:/sbin
2408 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2409 PATH=$PATH:/etc:$OPATH
2411 # These programs are used by the command hashing source to gather entropy
2412 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2413 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2414 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2415 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2416 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2417 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2418 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2419 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2420 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2421 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2422 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2423 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2424 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2425 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2426 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2427 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2428 # restore PATH
2429 PATH=$OPATH
2431 # Where does ssh-rand-helper get its randomness from?
2432 INSTALL_SSH_PRNG_CMDS=""
2433 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2434 if test ! -z "$PRNGD_PORT" ; then
2435 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2436 elif test ! -z "$PRNGD_SOCKET" ; then
2437 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2438 else
2439 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2440 RAND_HELPER_CMDHASH=yes
2441 INSTALL_SSH_PRNG_CMDS="yes"
2442 fi
2443 fi
2444 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2447 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2448 if test ! -z "$SONY" ; then
2449 LIBS="$LIBS -liberty";
2450 fi
2452 # Check for long long datatypes
2453 AC_CHECK_TYPES([long long, unsigned long long, long double])
2455 # Check datatype sizes
2456 AC_CHECK_SIZEOF(char, 1)
2457 AC_CHECK_SIZEOF(short int, 2)
2458 AC_CHECK_SIZEOF(int, 4)
2459 AC_CHECK_SIZEOF(long int, 4)
2460 AC_CHECK_SIZEOF(long long int, 8)
2462 # Sanity check long long for some platforms (AIX)
2463 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2464 ac_cv_sizeof_long_long_int=0
2465 fi
2467 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2468 if test -z "$have_llong_max"; then
2469 AC_MSG_CHECKING([for max value of long long])
2470 AC_RUN_IFELSE(
2471 [AC_LANG_SOURCE([[
2472 #include <stdio.h>
2473 /* Why is this so damn hard? */
2474 #ifdef __GNUC__
2475 # undef __GNUC__
2476 #endif
2477 #define __USE_ISOC99
2478 #include <limits.h>
2479 #define DATA "conftest.llminmax"
2480 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2482 /*
2483 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2484 * we do this the hard way.
2485 */
2486 static int
2487 fprint_ll(FILE *f, long long n)
2488 {
2489 unsigned int i;
2490 int l[sizeof(long long) * 8];
2492 if (n < 0)
2493 if (fprintf(f, "-") < 0)
2494 return -1;
2495 for (i = 0; n != 0; i++) {
2496 l[i] = my_abs(n % 10);
2497 n /= 10;
2498 }
2499 do {
2500 if (fprintf(f, "%d", l[--i]) < 0)
2501 return -1;
2502 } while (i != 0);
2503 if (fprintf(f, " ") < 0)
2504 return -1;
2505 return 0;
2506 }
2508 int main(void) {
2509 FILE *f;
2510 long long i, llmin, llmax = 0;
2512 if((f = fopen(DATA,"w")) == NULL)
2513 exit(1);
2515 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2516 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2517 llmin = LLONG_MIN;
2518 llmax = LLONG_MAX;
2519 #else
2520 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2521 /* This will work on one's complement and two's complement */
2522 for (i = 1; i > llmax; i <<= 1, i++)
2523 llmax = i;
2524 llmin = llmax + 1LL; /* wrap */
2525 #endif
2527 /* Sanity check */
2528 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2529 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2530 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2531 fprintf(f, "unknown unknown\n");
2532 exit(2);
2533 }
2535 if (fprint_ll(f, llmin) < 0)
2536 exit(3);
2537 if (fprint_ll(f, llmax) < 0)
2538 exit(4);
2539 if (fclose(f) < 0)
2540 exit(5);
2541 exit(0);
2542 }
2543 ]])],
2544 [
2545 llong_min=`$AWK '{print $1}' conftest.llminmax`
2546 llong_max=`$AWK '{print $2}' conftest.llminmax`
2548 AC_MSG_RESULT($llong_max)
2549 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2550 [max value of long long calculated by configure])
2551 AC_MSG_CHECKING([for min value of long long])
2552 AC_MSG_RESULT($llong_min)
2553 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2554 [min value of long long calculated by configure])
2555 ],
2556 [
2557 AC_MSG_RESULT(not found)
2558 ],
2559 [
2560 AC_MSG_WARN([cross compiling: not checking])
2561 ]
2562 )
2563 fi
2566 # More checks for data types
2567 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2568 AC_TRY_COMPILE(
2569 [ #include <sys/types.h> ],
2570 [ u_int a; a = 1;],
2571 [ ac_cv_have_u_int="yes" ],
2572 [ ac_cv_have_u_int="no" ]
2573 )
2574 ])
2575 if test "x$ac_cv_have_u_int" = "xyes" ; then
2576 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2577 have_u_int=1
2578 fi
2580 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2581 AC_TRY_COMPILE(
2582 [ #include <sys/types.h> ],
2583 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2584 [ ac_cv_have_intxx_t="yes" ],
2585 [ ac_cv_have_intxx_t="no" ]
2586 )
2587 ])
2588 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2589 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2590 have_intxx_t=1
2591 fi
2593 if (test -z "$have_intxx_t" && \
2594 test "x$ac_cv_header_stdint_h" = "xyes")
2595 then
2596 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2597 AC_TRY_COMPILE(
2598 [ #include <stdint.h> ],
2599 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2600 [
2601 AC_DEFINE(HAVE_INTXX_T)
2602 AC_MSG_RESULT(yes)
2603 ],
2604 [ AC_MSG_RESULT(no) ]
2605 )
2606 fi
2608 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2609 AC_TRY_COMPILE(
2610 [
2611 #include <sys/types.h>
2612 #ifdef HAVE_STDINT_H
2613 # include <stdint.h>
2614 #endif
2615 #include <sys/socket.h>
2616 #ifdef HAVE_SYS_BITYPES_H
2617 # include <sys/bitypes.h>
2618 #endif
2619 ],
2620 [ int64_t a; a = 1;],
2621 [ ac_cv_have_int64_t="yes" ],
2622 [ ac_cv_have_int64_t="no" ]
2623 )
2624 ])
2625 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2626 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2627 fi
2629 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2630 AC_TRY_COMPILE(
2631 [ #include <sys/types.h> ],
2632 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2633 [ ac_cv_have_u_intxx_t="yes" ],
2634 [ ac_cv_have_u_intxx_t="no" ]
2635 )
2636 ])
2637 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2638 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2639 have_u_intxx_t=1
2640 fi
2642 if test -z "$have_u_intxx_t" ; then
2643 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2644 AC_TRY_COMPILE(
2645 [ #include <sys/socket.h> ],
2646 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2647 [
2648 AC_DEFINE(HAVE_U_INTXX_T)
2649 AC_MSG_RESULT(yes)
2650 ],
2651 [ AC_MSG_RESULT(no) ]
2652 )
2653 fi
2655 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2656 AC_TRY_COMPILE(
2657 [ #include <sys/types.h> ],
2658 [ u_int64_t a; a = 1;],
2659 [ ac_cv_have_u_int64_t="yes" ],
2660 [ ac_cv_have_u_int64_t="no" ]
2661 )
2662 ])
2663 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2664 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2665 have_u_int64_t=1
2666 fi
2668 if test -z "$have_u_int64_t" ; then
2669 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2670 AC_TRY_COMPILE(
2671 [ #include <sys/bitypes.h> ],
2672 [ u_int64_t a; a = 1],
2673 [
2674 AC_DEFINE(HAVE_U_INT64_T)
2675 AC_MSG_RESULT(yes)
2676 ],
2677 [ AC_MSG_RESULT(no) ]
2678 )
2679 fi
2681 if test -z "$have_u_intxx_t" ; then
2682 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2683 AC_TRY_COMPILE(
2684 [
2685 #include <sys/types.h>
2686 ],
2687 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2688 [ ac_cv_have_uintxx_t="yes" ],
2689 [ ac_cv_have_uintxx_t="no" ]
2690 )
2691 ])
2692 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2693 AC_DEFINE(HAVE_UINTXX_T, 1,
2694 [define if you have uintxx_t data type])
2695 fi
2696 fi
2698 if test -z "$have_uintxx_t" ; then
2699 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2700 AC_TRY_COMPILE(
2701 [ #include <stdint.h> ],
2702 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2703 [
2704 AC_DEFINE(HAVE_UINTXX_T)
2705 AC_MSG_RESULT(yes)
2706 ],
2707 [ AC_MSG_RESULT(no) ]
2708 )
2709 fi
2711 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2712 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2713 then
2714 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2715 AC_TRY_COMPILE(
2716 [
2717 #include <sys/bitypes.h>
2718 ],
2719 [
2720 int8_t a; int16_t b; int32_t c;
2721 u_int8_t e; u_int16_t f; u_int32_t g;
2722 a = b = c = e = f = g = 1;
2723 ],
2724 [
2725 AC_DEFINE(HAVE_U_INTXX_T)
2726 AC_DEFINE(HAVE_INTXX_T)
2727 AC_MSG_RESULT(yes)
2728 ],
2729 [AC_MSG_RESULT(no)]
2730 )
2731 fi
2734 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2735 AC_TRY_COMPILE(
2736 [
2737 #include <sys/types.h>
2738 ],
2739 [ u_char foo; foo = 125; ],
2740 [ ac_cv_have_u_char="yes" ],
2741 [ ac_cv_have_u_char="no" ]
2742 )
2743 ])
2744 if test "x$ac_cv_have_u_char" = "xyes" ; then
2745 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2746 fi
2748 TYPE_SOCKLEN_T
2750 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2751 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2752 #include <sys/types.h>
2753 #ifdef HAVE_SYS_BITYPES_H
2754 #include <sys/bitypes.h>
2755 #endif
2756 #ifdef HAVE_SYS_STATFS_H
2757 #include <sys/statfs.h>
2758 #endif
2759 #ifdef HAVE_SYS_STATVFS_H
2760 #include <sys/statvfs.h>
2761 #endif
2762 ])
2764 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2765 [#include <sys/types.h>
2766 #include <netinet/in.h>])
2768 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2769 AC_TRY_COMPILE(
2770 [
2771 #include <sys/types.h>
2772 ],
2773 [ size_t foo; foo = 1235; ],
2774 [ ac_cv_have_size_t="yes" ],
2775 [ ac_cv_have_size_t="no" ]
2776 )
2777 ])
2778 if test "x$ac_cv_have_size_t" = "xyes" ; then
2779 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2780 fi
2782 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2783 AC_TRY_COMPILE(
2784 [
2785 #include <sys/types.h>
2786 ],
2787 [ ssize_t foo; foo = 1235; ],
2788 [ ac_cv_have_ssize_t="yes" ],
2789 [ ac_cv_have_ssize_t="no" ]
2790 )
2791 ])
2792 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2793 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2794 fi
2796 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2797 AC_TRY_COMPILE(
2798 [
2799 #include <time.h>
2800 ],
2801 [ clock_t foo; foo = 1235; ],
2802 [ ac_cv_have_clock_t="yes" ],
2803 [ ac_cv_have_clock_t="no" ]
2804 )
2805 ])
2806 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2807 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2808 fi
2810 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2811 AC_TRY_COMPILE(
2812 [
2813 #include <sys/types.h>
2814 #include <sys/socket.h>
2815 ],
2816 [ sa_family_t foo; foo = 1235; ],
2817 [ ac_cv_have_sa_family_t="yes" ],
2818 [ AC_TRY_COMPILE(
2819 [
2820 #include <sys/types.h>
2821 #include <sys/socket.h>
2822 #include <netinet/in.h>
2823 ],
2824 [ sa_family_t foo; foo = 1235; ],
2825 [ ac_cv_have_sa_family_t="yes" ],
2827 [ ac_cv_have_sa_family_t="no" ]
2828 )]
2829 )
2830 ])
2831 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2832 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2833 [define if you have sa_family_t data type])
2834 fi
2836 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2837 AC_TRY_COMPILE(
2838 [
2839 #include <sys/types.h>
2840 ],
2841 [ pid_t foo; foo = 1235; ],
2842 [ ac_cv_have_pid_t="yes" ],
2843 [ ac_cv_have_pid_t="no" ]
2844 )
2845 ])
2846 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2847 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2848 fi
2850 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2851 AC_TRY_COMPILE(
2852 [
2853 #include <sys/types.h>
2854 ],
2855 [ mode_t foo; foo = 1235; ],
2856 [ ac_cv_have_mode_t="yes" ],
2857 [ ac_cv_have_mode_t="no" ]
2858 )
2859 ])
2860 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2861 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2862 fi
2865 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2866 AC_TRY_COMPILE(
2867 [
2868 #include <sys/types.h>
2869 #include <sys/socket.h>
2870 ],
2871 [ struct sockaddr_storage s; ],
2872 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2873 [ ac_cv_have_struct_sockaddr_storage="no" ]
2874 )
2875 ])
2876 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2877 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2878 [define if you have struct sockaddr_storage data type])
2879 fi
2881 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2882 AC_TRY_COMPILE(
2883 [
2884 #include <sys/types.h>
2885 #include <netinet/in.h>
2886 ],
2887 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2888 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2889 [ ac_cv_have_struct_sockaddr_in6="no" ]
2890 )
2891 ])
2892 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2893 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2894 [define if you have struct sockaddr_in6 data type])
2895 fi
2897 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2898 AC_TRY_COMPILE(
2899 [
2900 #include <sys/types.h>
2901 #include <netinet/in.h>
2902 ],
2903 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2904 [ ac_cv_have_struct_in6_addr="yes" ],
2905 [ ac_cv_have_struct_in6_addr="no" ]
2906 )
2907 ])
2908 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2909 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2910 [define if you have struct in6_addr data type])
2912 dnl Now check for sin6_scope_id
2913 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
2914 [
2915 #ifdef HAVE_SYS_TYPES_H
2916 #include <sys/types.h>
2917 #endif
2918 #include <netinet/in.h>
2919 ])
2920 fi
2922 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2923 AC_TRY_COMPILE(
2924 [
2925 #include <sys/types.h>
2926 #include <sys/socket.h>
2927 #include <netdb.h>
2928 ],
2929 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2930 [ ac_cv_have_struct_addrinfo="yes" ],
2931 [ ac_cv_have_struct_addrinfo="no" ]
2932 )
2933 ])
2934 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2935 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2936 [define if you have struct addrinfo data type])
2937 fi
2939 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2940 AC_TRY_COMPILE(
2941 [ #include <sys/time.h> ],
2942 [ struct timeval tv; tv.tv_sec = 1;],
2943 [ ac_cv_have_struct_timeval="yes" ],
2944 [ ac_cv_have_struct_timeval="no" ]
2945 )
2946 ])
2947 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2948 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2949 have_struct_timeval=1
2950 fi
2952 AC_CHECK_TYPES(struct timespec)
2954 # We need int64_t or else certian parts of the compile will fail.
2955 if test "x$ac_cv_have_int64_t" = "xno" && \
2956 test "x$ac_cv_sizeof_long_int" != "x8" && \
2957 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2958 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2959 echo "an alternative compiler (I.E., GCC) before continuing."
2960 echo ""
2961 exit 1;
2962 else
2963 dnl test snprintf (broken on SCO w/gcc)
2964 AC_RUN_IFELSE(
2965 [AC_LANG_SOURCE([[
2966 #include <stdio.h>
2967 #include <string.h>
2968 #ifdef HAVE_SNPRINTF
2969 main()
2970 {
2971 char buf[50];
2972 char expected_out[50];
2973 int mazsize = 50 ;
2974 #if (SIZEOF_LONG_INT == 8)
2975 long int num = 0x7fffffffffffffff;
2976 #else
2977 long long num = 0x7fffffffffffffffll;
2978 #endif
2979 strcpy(expected_out, "9223372036854775807");
2980 snprintf(buf, mazsize, "%lld", num);
2981 if(strcmp(buf, expected_out) != 0)
2982 exit(1);
2983 exit(0);
2984 }
2985 #else
2986 main() { exit(0); }
2987 #endif
2988 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2989 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2990 )
2991 fi
2993 dnl Checks for structure members
2994 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2995 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2996 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2997 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2998 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2999 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3000 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3001 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3002 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3003 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3004 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3005 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3006 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3007 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3008 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3009 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3010 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3012 AC_CHECK_MEMBERS([struct stat.st_blksize])
3013 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3014 [Define if we don't have struct __res_state in resolv.h])],
3015 [
3016 #include <stdio.h>
3017 #if HAVE_SYS_TYPES_H
3018 # include <sys/types.h>
3019 #endif
3020 #include <netinet/in.h>
3021 #include <arpa/nameser.h>
3022 #include <resolv.h>
3023 ])
3025 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3026 ac_cv_have_ss_family_in_struct_ss, [
3027 AC_TRY_COMPILE(
3028 [
3029 #include <sys/types.h>
3030 #include <sys/socket.h>
3031 ],
3032 [ struct sockaddr_storage s; s.ss_family = 1; ],
3033 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3034 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3035 )
3036 ])
3037 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3038 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3039 fi
3041 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3042 ac_cv_have___ss_family_in_struct_ss, [
3043 AC_TRY_COMPILE(
3044 [
3045 #include <sys/types.h>
3046 #include <sys/socket.h>
3047 ],
3048 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3049 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3050 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3051 )
3052 ])
3053 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3054 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3055 [Fields in struct sockaddr_storage])
3056 fi
3058 AC_CACHE_CHECK([for pw_class field in struct passwd],
3059 ac_cv_have_pw_class_in_struct_passwd, [
3060 AC_TRY_COMPILE(
3061 [
3062 #include <pwd.h>
3063 ],
3064 [ struct passwd p; p.pw_class = 0; ],
3065 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3066 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3067 )
3068 ])
3069 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3070 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3071 [Define if your password has a pw_class field])
3072 fi
3074 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3075 ac_cv_have_pw_expire_in_struct_passwd, [
3076 AC_TRY_COMPILE(
3077 [
3078 #include <pwd.h>
3079 ],
3080 [ struct passwd p; p.pw_expire = 0; ],
3081 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3082 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3083 )
3084 ])
3085 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3086 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3087 [Define if your password has a pw_expire field])
3088 fi
3090 AC_CACHE_CHECK([for pw_change field in struct passwd],
3091 ac_cv_have_pw_change_in_struct_passwd, [
3092 AC_TRY_COMPILE(
3093 [
3094 #include <pwd.h>
3095 ],
3096 [ struct passwd p; p.pw_change = 0; ],
3097 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3098 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3099 )
3100 ])
3101 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3102 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3103 [Define if your password has a pw_change field])
3104 fi
3106 dnl make sure we're using the real structure members and not defines
3107 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3108 ac_cv_have_accrights_in_msghdr, [
3109 AC_COMPILE_IFELSE(
3110 [
3111 #include <sys/types.h>
3112 #include <sys/socket.h>
3113 #include <sys/uio.h>
3114 int main() {
3115 #ifdef msg_accrights
3116 #error "msg_accrights is a macro"
3117 exit(1);
3118 #endif
3119 struct msghdr m;
3120 m.msg_accrights = 0;
3121 exit(0);
3122 }
3123 ],
3124 [ ac_cv_have_accrights_in_msghdr="yes" ],
3125 [ ac_cv_have_accrights_in_msghdr="no" ]
3126 )
3127 ])
3128 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3129 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3130 [Define if your system uses access rights style
3131 file descriptor passing])
3132 fi
3134 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3135 AC_TRY_COMPILE([
3136 #include <sys/types.h>
3137 #include <sys/stat.h>
3138 #ifdef HAVE_SYS_TIME_H
3139 # include <sys/time.h>
3140 #endif
3141 #ifdef HAVE_SYS_MOUNT_H
3142 #include <sys/mount.h>
3143 #endif
3144 #ifdef HAVE_SYS_STATVFS_H
3145 #include <sys/statvfs.h>
3146 #endif
3147 ], [struct statvfs s; s.f_fsid = 0;],
3148 [ AC_MSG_RESULT(yes) ],
3149 [ AC_MSG_RESULT(no)
3151 AC_MSG_CHECKING(if fsid_t has member val)
3152 AC_TRY_COMPILE([
3153 #include <sys/types.h>
3154 #include <sys/statvfs.h>],
3155 [fsid_t t; t.val[0] = 0;],
3156 [ AC_MSG_RESULT(yes)
3157 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3158 [ AC_MSG_RESULT(no) ])
3160 AC_MSG_CHECKING(if f_fsid has member __val)
3161 AC_TRY_COMPILE([
3162 #include <sys/types.h>
3163 #include <sys/statvfs.h>],
3164 [fsid_t t; t.__val[0] = 0;],
3165 [ AC_MSG_RESULT(yes)
3166 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3167 [ AC_MSG_RESULT(no) ])
3168 ])
3170 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3171 ac_cv_have_control_in_msghdr, [
3172 AC_COMPILE_IFELSE(
3173 [
3174 #include <sys/types.h>
3175 #include <sys/socket.h>
3176 #include <sys/uio.h>
3177 int main() {
3178 #ifdef msg_control
3179 #error "msg_control is a macro"
3180 exit(1);
3181 #endif
3182 struct msghdr m;
3183 m.msg_control = 0;
3184 exit(0);
3185 }
3186 ],
3187 [ ac_cv_have_control_in_msghdr="yes" ],
3188 [ ac_cv_have_control_in_msghdr="no" ]
3189 )
3190 ])
3191 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3192 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3193 [Define if your system uses ancillary data style
3194 file descriptor passing])
3195 fi
3197 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3198 AC_TRY_LINK([],
3199 [ extern char *__progname; printf("%s", __progname); ],
3200 [ ac_cv_libc_defines___progname="yes" ],
3201 [ ac_cv_libc_defines___progname="no" ]
3202 )
3203 ])
3204 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3205 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3206 fi
3208 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3209 AC_TRY_LINK([
3210 #include <stdio.h>
3211 ],
3212 [ printf("%s", __FUNCTION__); ],
3213 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3214 [ ac_cv_cc_implements___FUNCTION__="no" ]
3215 )
3216 ])
3217 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3218 AC_DEFINE(HAVE___FUNCTION__, 1,
3219 [Define if compiler implements __FUNCTION__])
3220 fi
3222 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3223 AC_TRY_LINK([
3224 #include <stdio.h>
3225 ],
3226 [ printf("%s", __func__); ],
3227 [ ac_cv_cc_implements___func__="yes" ],
3228 [ ac_cv_cc_implements___func__="no" ]
3229 )
3230 ])
3231 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3232 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3233 fi
3235 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3236 AC_TRY_LINK(
3237 [#include <stdarg.h>
3238 va_list x,y;],
3239 [va_copy(x,y);],
3240 [ ac_cv_have_va_copy="yes" ],
3241 [ ac_cv_have_va_copy="no" ]
3242 )
3243 ])
3244 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3245 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3246 fi
3248 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3249 AC_TRY_LINK(
3250 [#include <stdarg.h>
3251 va_list x,y;],
3252 [__va_copy(x,y);],
3253 [ ac_cv_have___va_copy="yes" ],
3254 [ ac_cv_have___va_copy="no" ]
3255 )
3256 ])
3257 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3258 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3259 fi
3261 AC_CACHE_CHECK([whether getopt has optreset support],
3262 ac_cv_have_getopt_optreset, [
3263 AC_TRY_LINK(
3264 [
3265 #include <getopt.h>
3266 ],
3267 [ extern int optreset; optreset = 0; ],
3268 [ ac_cv_have_getopt_optreset="yes" ],
3269 [ ac_cv_have_getopt_optreset="no" ]
3270 )
3271 ])
3272 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3273 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3274 [Define if your getopt(3) defines and uses optreset])
3275 fi
3277 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3278 AC_TRY_LINK([],
3279 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3280 [ ac_cv_libc_defines_sys_errlist="yes" ],
3281 [ ac_cv_libc_defines_sys_errlist="no" ]
3282 )
3283 ])
3284 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3285 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3286 [Define if your system defines sys_errlist[]])
3287 fi
3290 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3291 AC_TRY_LINK([],
3292 [ extern int sys_nerr; printf("%i", sys_nerr);],
3293 [ ac_cv_libc_defines_sys_nerr="yes" ],
3294 [ ac_cv_libc_defines_sys_nerr="no" ]
3295 )
3296 ])
3297 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3298 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3299 fi
3301 # Check libraries needed by DNS fingerprint support
3302 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3303 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3304 [Define if getrrsetbyname() exists])],
3305 [
3306 # Needed by our getrrsetbyname()
3307 AC_SEARCH_LIBS(res_query, resolv)
3308 AC_SEARCH_LIBS(dn_expand, resolv)
3309 AC_MSG_CHECKING(if res_query will link)
3310 AC_LINK_IFELSE([
3311 #include "confdefs.h"
3312 #include <sys/types.h>
3313 #include <netinet/in.h>
3314 #include <arpa/nameser.h>
3315 #include <netdb.h>
3316 #include <resolv.h>
3317 int main()
3318 {
3319 res_query (0, 0, 0, 0, 0);
3320 return 0;
3321 }
3322 ],
3323 AC_MSG_RESULT(yes),
3324 [AC_MSG_RESULT(no)
3325 saved_LIBS="$LIBS"
3326 LIBS="$LIBS -lresolv"
3327 AC_MSG_CHECKING(for res_query in -lresolv)
3328 AC_LINK_IFELSE([
3329 #include "confdefs.h"
3330 #include <sys/types.h>
3331 #include <netinet/in.h>
3332 #include <arpa/nameser.h>
3333 #include <netdb.h>
3334 #include <resolv.h>
3335 int main()
3336 {
3337 res_query (0, 0, 0, 0, 0);
3338 return 0;
3339 }
3340 ],
3341 [AC_MSG_RESULT(yes)],
3342 [LIBS="$saved_LIBS"
3343 AC_MSG_RESULT(no)])
3344 ])
3345 AC_CHECK_FUNCS(_getshort _getlong)
3346 AC_CHECK_DECLS([_getshort, _getlong], , ,
3347 [#include <sys/types.h>
3348 #include <arpa/nameser.h>])
3349 AC_CHECK_MEMBER(HEADER.ad,
3350 [AC_DEFINE(HAVE_HEADER_AD, 1,
3351 [Define if HEADER.ad exists in arpa/nameser.h])],,
3352 [#include <arpa/nameser.h>])
3353 ])
3355 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3356 AC_LINK_IFELSE([
3357 #include <stdio.h>
3358 #if HAVE_SYS_TYPES_H
3359 # include <sys/types.h>
3360 #endif
3361 #include <netinet/in.h>
3362 #include <arpa/nameser.h>
3363 #include <resolv.h>
3364 extern struct __res_state _res;
3365 int main() { return 0; }
3366 ],
3367 [AC_MSG_RESULT(yes)
3368 AC_DEFINE(HAVE__RES_EXTERN, 1,
3369 [Define if you have struct __res_state _res as an extern])
3370 ],
3371 [ AC_MSG_RESULT(no) ]
3372 )
3374 # Check whether user wants SELinux support
3375 SELINUX_MSG="no"
3376 LIBSELINUX=""
3377 AC_ARG_WITH(selinux,
3378 [ --with-selinux Enable SELinux support],
3379 [ if test "x$withval" != "xno" ; then
3380 save_LIBS="$LIBS"
3381 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3382 SELINUX_MSG="yes"
3383 AC_CHECK_HEADER([selinux/selinux.h], ,
3384 AC_MSG_ERROR(SELinux support requires selinux.h header))
3385 AC_CHECK_LIB(selinux, setexeccon,
3386 [ LIBSELINUX="-lselinux"
3387 LIBS="$LIBS -lselinux"
3388 ],
3389 AC_MSG_ERROR(SELinux support requires libselinux library))
3390 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3391 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3392 LIBS="$save_LIBS"
3393 fi ]
3394 )
3396 # Check whether user wants Kerberos 5 support
3397 KRB5_MSG="no"
3398 AC_ARG_WITH(kerberos5,
3399 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3400 [ if test "x$withval" != "xno" ; then
3401 if test "x$withval" = "xyes" ; then
3402 KRB5ROOT="/usr/local"
3403 else
3404 KRB5ROOT=${withval}
3405 fi
3407 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3408 KRB5_MSG="yes"
3410 AC_PATH_PROG([KRB5CONF],[krb5-config],
3411 [$KRB5ROOT/bin/krb5-config],
3412 [$KRB5ROOT/bin:$PATH])
3413 if test -x $KRB5CONF ; then
3415 AC_MSG_CHECKING(for gssapi support)
3416 if $KRB5CONF | grep gssapi >/dev/null ; then
3417 AC_MSG_RESULT(yes)
3418 AC_DEFINE(GSSAPI, 1,
3419 [Define this if you want GSSAPI
3420 support in the version 2 protocol])
3421 k5confopts=gssapi
3422 else
3423 AC_MSG_RESULT(no)
3424 k5confopts=""
3425 fi
3426 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3427 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3428 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3429 AC_MSG_CHECKING(whether we are using Heimdal)
3430 AC_TRY_COMPILE([ #include <krb5.h> ],
3431 [ char *tmp = heimdal_version; ],
3432 [ AC_MSG_RESULT(yes)
3433 AC_DEFINE(HEIMDAL, 1,
3434 [Define this if you are using the
3435 Heimdal version of Kerberos V5]) ],
3436 AC_MSG_RESULT(no)
3437 )
3438 else
3439 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3440 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3441 AC_MSG_CHECKING(whether we are using Heimdal)
3442 AC_TRY_COMPILE([ #include <krb5.h> ],
3443 [ char *tmp = heimdal_version; ],
3444 [ AC_MSG_RESULT(yes)
3445 AC_DEFINE(HEIMDAL)
3446 K5LIBS="-lkrb5 -ldes"
3447 K5LIBS="$K5LIBS -lcom_err -lasn1"
3448 AC_CHECK_LIB(roken, net_write,
3449 [K5LIBS="$K5LIBS -lroken"])
3450 ],
3451 [ AC_MSG_RESULT(no)
3452 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3453 ]
3454 )
3455 AC_SEARCH_LIBS(dn_expand, resolv)
3457 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3458 [ AC_DEFINE(GSSAPI)
3459 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3460 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3461 [ AC_DEFINE(GSSAPI)
3462 K5LIBS="-lgssapi $K5LIBS" ],
3463 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3464 $K5LIBS)
3465 ],
3466 $K5LIBS)
3468 AC_CHECK_HEADER(gssapi.h, ,
3469 [ unset ac_cv_header_gssapi_h
3470 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3471 AC_CHECK_HEADERS(gssapi.h, ,
3472 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3473 )
3474 ]
3475 )
3477 oldCPP="$CPPFLAGS"
3478 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3479 AC_CHECK_HEADER(gssapi_krb5.h, ,
3480 [ CPPFLAGS="$oldCPP" ])
3482 fi
3483 if test ! -z "$need_dash_r" ; then
3484 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3485 fi
3486 if test ! -z "$blibpath" ; then
3487 blibpath="$blibpath:${KRB5ROOT}/lib"
3488 fi
3490 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3491 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3492 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3494 LIBS="$LIBS $K5LIBS"
3495 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3496 [Define this if you want to use libkafs' AFS support]))
3497 fi
3498 ]
3499 )
3501 # Looking for programs, paths and files
3503 PRIVSEP_PATH=/var/empty
3504 AC_ARG_WITH(privsep-path,
3505 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3506 [
3507 if test -n "$withval" && test "x$withval" != "xno" && \
3508 test "x${withval}" != "xyes"; then
3509 PRIVSEP_PATH=$withval
3510 fi
3511 ]
3512 )
3513 AC_SUBST(PRIVSEP_PATH)
3515 AC_ARG_WITH(xauth,
3516 [ --with-xauth=PATH Specify path to xauth program ],
3517 [
3518 if test -n "$withval" && test "x$withval" != "xno" && \
3519 test "x${withval}" != "xyes"; then
3520 xauth_path=$withval
3521 fi
3522 ],
3523 [
3524 TestPath="$PATH"
3525 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3526 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3527 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3528 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3529 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3530 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3531 xauth_path="/usr/openwin/bin/xauth"
3532 fi
3533 ]
3534 )
3536 STRIP_OPT=-s
3537 AC_ARG_ENABLE(strip,
3538 [ --disable-strip Disable calling strip(1) on install],
3539 [
3540 if test "x$enableval" = "xno" ; then
3541 STRIP_OPT=
3542 fi
3543 ]
3544 )
3545 AC_SUBST(STRIP_OPT)
3547 if test -z "$xauth_path" ; then
3548 XAUTH_PATH="undefined"
3549 AC_SUBST(XAUTH_PATH)
3550 else
3551 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3552 [Define if xauth is found in your path])
3553 XAUTH_PATH=$xauth_path
3554 AC_SUBST(XAUTH_PATH)
3555 fi
3557 # Check for mail directory (last resort if we cannot get it from headers)
3558 if test ! -z "$MAIL" ; then
3559 maildir=`dirname $MAIL`
3560 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3561 [Set this to your mail directory if you don't have maillock.h])
3562 fi
3564 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3565 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3566 disable_ptmx_check=yes
3567 fi
3568 if test -z "$no_dev_ptmx" ; then
3569 if test "x$disable_ptmx_check" != "xyes" ; then
3570 AC_CHECK_FILE("/dev/ptmx",
3571 [
3572 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3573 [Define if you have /dev/ptmx])
3574 have_dev_ptmx=1
3575 ]
3576 )
3577 fi
3578 fi
3580 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3581 AC_CHECK_FILE("/dev/ptc",
3582 [
3583 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3584 [Define if you have /dev/ptc])
3585 have_dev_ptc=1
3586 ]
3587 )
3588 else
3589 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3590 fi
3592 # Options from here on. Some of these are preset by platform above
3593 AC_ARG_WITH(mantype,
3594 [ --with-mantype=man|cat|doc Set man page type],
3595 [
3596 case "$withval" in
3597 man|cat|doc)
3598 MANTYPE=$withval
3599 ;;
3600 *)
3601 AC_MSG_ERROR(invalid man type: $withval)
3602 ;;
3603 esac
3604 ]
3605 )
3606 if test -z "$MANTYPE"; then
3607 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3608 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3609 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3610 MANTYPE=doc
3611 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3612 MANTYPE=man
3613 else
3614 MANTYPE=cat
3615 fi
3616 fi
3617 AC_SUBST(MANTYPE)
3618 if test "$MANTYPE" = "doc"; then
3619 mansubdir=man;
3620 else
3621 mansubdir=$MANTYPE;
3622 fi
3623 AC_SUBST(mansubdir)
3625 # Check whether to enable MD5 passwords
3626 MD5_MSG="no"
3627 AC_ARG_WITH(md5-passwords,
3628 [ --with-md5-passwords Enable use of MD5 passwords],
3629 [
3630 if test "x$withval" != "xno" ; then
3631 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3632 [Define if you want to allow MD5 passwords])
3633 MD5_MSG="yes"
3634 fi
3635 ]
3636 )
3638 # Whether to disable shadow password support
3639 AC_ARG_WITH(shadow,
3640 [ --without-shadow Disable shadow password support],
3641 [
3642 if test "x$withval" = "xno" ; then
3643 AC_DEFINE(DISABLE_SHADOW)
3644 disable_shadow=yes
3645 fi
3646 ]
3647 )
3649 if test -z "$disable_shadow" ; then
3650 AC_MSG_CHECKING([if the systems has expire shadow information])
3651 AC_TRY_COMPILE(
3652 [
3653 #include <sys/types.h>
3654 #include <shadow.h>
3655 struct spwd sp;
3656 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3657 [ sp_expire_available=yes ], []
3658 )
3660 if test "x$sp_expire_available" = "xyes" ; then
3661 AC_MSG_RESULT(yes)
3662 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3663 [Define if you want to use shadow password expire field])
3664 else
3665 AC_MSG_RESULT(no)
3666 fi
3667 fi
3669 # Use ip address instead of hostname in $DISPLAY
3670 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3671 DISPLAY_HACK_MSG="yes"
3672 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3673 [Define if you need to use IP address
3674 instead of hostname in $DISPLAY])
3675 else
3676 DISPLAY_HACK_MSG="no"
3677 AC_ARG_WITH(ipaddr-display,
3678 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3679 [
3680 if test "x$withval" != "xno" ; then
3681 AC_DEFINE(IPADDR_IN_DISPLAY)
3682 DISPLAY_HACK_MSG="yes"
3683 fi
3684 ]
3685 )
3686 fi
3688 # check for /etc/default/login and use it if present.
3689 AC_ARG_ENABLE(etc-default-login,
3690 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3691 [ if test "x$enableval" = "xno"; then
3692 AC_MSG_NOTICE([/etc/default/login handling disabled])
3693 etc_default_login=no
3694 else
3695 etc_default_login=yes
3696 fi ],
3697 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3698 then
3699 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3700 etc_default_login=no
3701 else
3702 etc_default_login=yes
3703 fi ]
3704 )
3706 if test "x$etc_default_login" != "xno"; then
3707 AC_CHECK_FILE("/etc/default/login",
3708 [ external_path_file=/etc/default/login ])
3709 if test "x$external_path_file" = "x/etc/default/login"; then
3710 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3711 [Define if your system has /etc/default/login])
3712 fi
3713 fi
3715 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3716 if test $ac_cv_func_login_getcapbool = "yes" && \
3717 test $ac_cv_header_login_cap_h = "yes" ; then
3718 external_path_file=/etc/login.conf
3719 fi
3721 # Whether to mess with the default path
3722 SERVER_PATH_MSG="(default)"
3723 AC_ARG_WITH(default-path,
3724 [ --with-default-path= Specify default \$PATH environment for server],
3725 [
3726 if test "x$external_path_file" = "x/etc/login.conf" ; then
3727 AC_MSG_WARN([
3728 --with-default-path=PATH has no effect on this system.
3729 Edit /etc/login.conf instead.])
3730 elif test "x$withval" != "xno" ; then
3731 if test ! -z "$external_path_file" ; then
3732 AC_MSG_WARN([
3733 --with-default-path=PATH will only be used if PATH is not defined in
3734 $external_path_file .])
3735 fi
3736 user_path="$withval"
3737 SERVER_PATH_MSG="$withval"
3738 fi
3739 ],
3740 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3741 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3742 else
3743 if test ! -z "$external_path_file" ; then
3744 AC_MSG_WARN([
3745 If PATH is defined in $external_path_file, ensure the path to scp is included,
3746 otherwise scp will not work.])
3747 fi
3748 AC_RUN_IFELSE(
3749 [AC_LANG_SOURCE([[
3750 /* find out what STDPATH is */
3751 #include <stdio.h>
3752 #ifdef HAVE_PATHS_H
3753 # include <paths.h>
3754 #endif
3755 #ifndef _PATH_STDPATH
3756 # ifdef _PATH_USERPATH /* Irix */
3757 # define _PATH_STDPATH _PATH_USERPATH
3758 # else
3759 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3760 # endif
3761 #endif
3762 #include <sys/types.h>
3763 #include <sys/stat.h>
3764 #include <fcntl.h>
3765 #define DATA "conftest.stdpath"
3767 main()
3768 {
3769 FILE *fd;
3770 int rc;
3772 fd = fopen(DATA,"w");
3773 if(fd == NULL)
3774 exit(1);
3776 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3777 exit(1);
3779 exit(0);
3780 }
3781 ]])],
3782 [ user_path=`cat conftest.stdpath` ],
3783 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3784 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3785 )
3786 # make sure $bindir is in USER_PATH so scp will work
3787 t_bindir=`eval echo ${bindir}`
3788 case $t_bindir in
3789 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3790 esac
3791 case $t_bindir in
3792 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3793 esac
3794 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3795 if test $? -ne 0 ; then
3796 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3797 if test $? -ne 0 ; then
3798 user_path=$user_path:$t_bindir
3799 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3800 fi
3801 fi
3802 fi ]
3803 )
3804 if test "x$external_path_file" != "x/etc/login.conf" ; then
3805 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3806 AC_SUBST(user_path)
3807 fi
3809 # Set superuser path separately to user path
3810 AC_ARG_WITH(superuser-path,
3811 [ --with-superuser-path= Specify different path for super-user],
3812 [
3813 if test -n "$withval" && test "x$withval" != "xno" && \
3814 test "x${withval}" != "xyes"; then
3815 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3816 [Define if you want a different $PATH
3817 for the superuser])
3818 superuser_path=$withval
3819 fi
3820 ]
3821 )
3824 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3825 IPV4_IN6_HACK_MSG="no"
3826 AC_ARG_WITH(4in6,
3827 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3828 [
3829 if test "x$withval" != "xno" ; then
3830 AC_MSG_RESULT(yes)
3831 AC_DEFINE(IPV4_IN_IPV6, 1,
3832 [Detect IPv4 in IPv6 mapped addresses
3833 and treat as IPv4])
3834 IPV4_IN6_HACK_MSG="yes"
3835 else
3836 AC_MSG_RESULT(no)
3837 fi
3838 ],[
3839 if test "x$inet6_default_4in6" = "xyes"; then
3840 AC_MSG_RESULT([yes (default)])
3841 AC_DEFINE(IPV4_IN_IPV6)
3842 IPV4_IN6_HACK_MSG="yes"
3843 else
3844 AC_MSG_RESULT([no (default)])
3845 fi
3846 ]
3847 )
3849 # Whether to enable BSD auth support
3850 BSD_AUTH_MSG=no
3851 AC_ARG_WITH(bsd-auth,
3852 [ --with-bsd-auth Enable BSD auth support],
3853 [
3854 if test "x$withval" != "xno" ; then
3855 AC_DEFINE(BSD_AUTH, 1,
3856 [Define if you have BSD auth support])
3857 BSD_AUTH_MSG=yes
3858 fi
3859 ]
3860 )
3862 # Where to place sshd.pid
3863 piddir=/var/run
3864 # make sure the directory exists
3865 if test ! -d $piddir ; then
3866 piddir=`eval echo ${sysconfdir}`
3867 case $piddir in
3868 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3869 esac
3870 fi
3872 AC_ARG_WITH(pid-dir,
3873 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3874 [
3875 if test -n "$withval" && test "x$withval" != "xno" && \
3876 test "x${withval}" != "xyes"; then
3877 piddir=$withval
3878 if test ! -d $piddir ; then
3879 AC_MSG_WARN([** no $piddir directory on this system **])
3880 fi
3881 fi
3882 ]
3883 )
3885 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3886 AC_SUBST(piddir)
3888 dnl allow user to disable some login recording features
3889 AC_ARG_ENABLE(lastlog,
3890 [ --disable-lastlog disable use of lastlog even if detected [no]],
3891 [
3892 if test "x$enableval" = "xno" ; then
3893 AC_DEFINE(DISABLE_LASTLOG)
3894 fi
3895 ]
3896 )
3897 AC_ARG_ENABLE(utmp,
3898 [ --disable-utmp disable use of utmp even if detected [no]],
3899 [
3900 if test "x$enableval" = "xno" ; then
3901 AC_DEFINE(DISABLE_UTMP)
3902 fi
3903 ]
3904 )
3905 AC_ARG_ENABLE(utmpx,
3906 [ --disable-utmpx disable use of utmpx even if detected [no]],
3907 [
3908 if test "x$enableval" = "xno" ; then
3909 AC_DEFINE(DISABLE_UTMPX, 1,
3910 [Define if you don't want to use utmpx])
3911 fi
3912 ]
3913 )
3914 AC_ARG_ENABLE(wtmp,
3915 [ --disable-wtmp disable use of wtmp even if detected [no]],
3916 [
3917 if test "x$enableval" = "xno" ; then
3918 AC_DEFINE(DISABLE_WTMP)
3919 fi
3920 ]
3921 )
3922 AC_ARG_ENABLE(wtmpx,
3923 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3924 [
3925 if test "x$enableval" = "xno" ; then
3926 AC_DEFINE(DISABLE_WTMPX, 1,
3927 [Define if you don't want to use wtmpx])
3928 fi
3929 ]
3930 )
3931 AC_ARG_ENABLE(libutil,
3932 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3933 [
3934 if test "x$enableval" = "xno" ; then
3935 AC_DEFINE(DISABLE_LOGIN)
3936 fi
3937 ]
3938 )
3939 AC_ARG_ENABLE(pututline,
3940 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3941 [
3942 if test "x$enableval" = "xno" ; then
3943 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3944 [Define if you don't want to use pututline()
3945 etc. to write [uw]tmp])
3946 fi
3947 ]
3948 )
3949 AC_ARG_ENABLE(pututxline,
3950 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3951 [
3952 if test "x$enableval" = "xno" ; then
3953 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3954 [Define if you don't want to use pututxline()
3955 etc. to write [uw]tmpx])
3956 fi
3957 ]
3958 )
3959 AC_ARG_WITH(lastlog,
3960 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3961 [
3962 if test "x$withval" = "xno" ; then
3963 AC_DEFINE(DISABLE_LASTLOG)
3964 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3965 conf_lastlog_location=$withval
3966 fi
3967 ]
3968 )
3970 dnl lastlog, [uw]tmpx? detection
3971 dnl NOTE: set the paths in the platform section to avoid the
3972 dnl need for command-line parameters
3973 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3975 dnl lastlog detection
3976 dnl NOTE: the code itself will detect if lastlog is a directory
3977 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3978 AC_TRY_COMPILE([
3979 #include <sys/types.h>
3980 #include <utmp.h>
3981 #ifdef HAVE_LASTLOG_H
3982 # include <lastlog.h>
3983 #endif
3984 #ifdef HAVE_PATHS_H
3985 # include <paths.h>
3986 #endif
3987 #ifdef HAVE_LOGIN_H
3988 # include <login.h>
3989 #endif
3990 ],
3991 [ char *lastlog = LASTLOG_FILE; ],
3992 [ AC_MSG_RESULT(yes) ],
3993 [
3994 AC_MSG_RESULT(no)
3995 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3996 AC_TRY_COMPILE([
3997 #include <sys/types.h>
3998 #include <utmp.h>
3999 #ifdef HAVE_LASTLOG_H
4000 # include <lastlog.h>
4001 #endif
4002 #ifdef HAVE_PATHS_H
4003 # include <paths.h>
4004 #endif
4005 ],
4006 [ char *lastlog = _PATH_LASTLOG; ],
4007 [ AC_MSG_RESULT(yes) ],
4008 [
4009 AC_MSG_RESULT(no)
4010 system_lastlog_path=no
4011 ])
4012 ]
4013 )
4015 if test -z "$conf_lastlog_location"; then
4016 if test x"$system_lastlog_path" = x"no" ; then
4017 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4018 if (test -d "$f" || test -f "$f") ; then
4019 conf_lastlog_location=$f
4020 fi
4021 done
4022 if test -z "$conf_lastlog_location"; then
4023 AC_MSG_WARN([** Cannot find lastlog **])
4024 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4025 fi
4026 fi
4027 fi
4029 if test -n "$conf_lastlog_location"; then
4030 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4031 [Define if you want to specify the path to your lastlog file])
4032 fi
4034 dnl utmp detection
4035 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4036 AC_TRY_COMPILE([
4037 #include <sys/types.h>
4038 #include <utmp.h>
4039 #ifdef HAVE_PATHS_H
4040 # include <paths.h>
4041 #endif
4042 ],
4043 [ char *utmp = UTMP_FILE; ],
4044 [ AC_MSG_RESULT(yes) ],
4045 [ AC_MSG_RESULT(no)
4046 system_utmp_path=no ]
4047 )
4048 if test -z "$conf_utmp_location"; then
4049 if test x"$system_utmp_path" = x"no" ; then
4050 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4051 if test -f $f ; then
4052 conf_utmp_location=$f
4053 fi
4054 done
4055 if test -z "$conf_utmp_location"; then
4056 AC_DEFINE(DISABLE_UTMP)
4057 fi
4058 fi
4059 fi
4060 if test -n "$conf_utmp_location"; then
4061 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4062 [Define if you want to specify the path to your utmp file])
4063 fi
4065 dnl wtmp detection
4066 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4067 AC_TRY_COMPILE([
4068 #include <sys/types.h>
4069 #include <utmp.h>
4070 #ifdef HAVE_PATHS_H
4071 # include <paths.h>
4072 #endif
4073 ],
4074 [ char *wtmp = WTMP_FILE; ],
4075 [ AC_MSG_RESULT(yes) ],
4076 [ AC_MSG_RESULT(no)
4077 system_wtmp_path=no ]
4078 )
4079 if test -z "$conf_wtmp_location"; then
4080 if test x"$system_wtmp_path" = x"no" ; then
4081 for f in /usr/adm/wtmp /var/log/wtmp; do
4082 if test -f $f ; then
4083 conf_wtmp_location=$f
4084 fi
4085 done
4086 if test -z "$conf_wtmp_location"; then
4087 AC_DEFINE(DISABLE_WTMP)
4088 fi
4089 fi
4090 fi
4091 if test -n "$conf_wtmp_location"; then
4092 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4093 [Define if you want to specify the path to your wtmp file])
4094 fi
4097 dnl wtmpx detection
4098 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4099 AC_TRY_COMPILE([
4100 #include <sys/types.h>
4101 #include <utmp.h>
4102 #ifdef HAVE_UTMPX_H
4103 #include <utmpx.h>
4104 #endif
4105 #ifdef HAVE_PATHS_H
4106 # include <paths.h>
4107 #endif
4108 ],
4109 [ char *wtmpx = WTMPX_FILE; ],
4110 [ AC_MSG_RESULT(yes) ],
4111 [ AC_MSG_RESULT(no)
4112 system_wtmpx_path=no ]
4113 )
4114 if test -z "$conf_wtmpx_location"; then
4115 if test x"$system_wtmpx_path" = x"no" ; then
4116 AC_DEFINE(DISABLE_WTMPX)
4117 fi
4118 else
4119 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4120 [Define if you want to specify the path to your wtmpx file])
4121 fi
4124 if test ! -z "$blibpath" ; then
4125 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4126 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4127 fi
4129 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4130 dnl Add now.
4131 CFLAGS="$CFLAGS $werror_flags"
4133 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4134 TEST_SSH_IPV6=no
4135 else
4136 TEST_SSH_IPV6=yes
4137 fi
4138 AC_CHECK_DECL(BROKEN_GETADDRINFO, TEST_SSH_IPV6=no)
4139 AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6)
4141 AC_EXEEXT
4142 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4143 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4144 ssh_prng_cmds survey.sh])
4145 AC_OUTPUT
4147 # Print summary of options
4149 # Someone please show me a better way :)
4150 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4151 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4152 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4153 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4154 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4155 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4156 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4157 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4158 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4159 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4161 echo ""
4162 echo "OpenSSH has been configured with the following options:"
4163 echo " User binaries: $B"
4164 echo " System binaries: $C"
4165 echo " Configuration files: $D"
4166 echo " Askpass program: $E"
4167 echo " Manual pages: $F"
4168 echo " PID file: $G"
4169 echo " Privilege separation chroot path: $H"
4170 if test "x$external_path_file" = "x/etc/login.conf" ; then
4171 echo " At runtime, sshd will use the path defined in $external_path_file"
4172 echo " Make sure the path to scp is present, otherwise scp will not work"
4173 else
4174 echo " sshd default user PATH: $I"
4175 if test ! -z "$external_path_file"; then
4176 echo " (If PATH is set in $external_path_file it will be used instead. If"
4177 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4178 fi
4179 fi
4180 if test ! -z "$superuser_path" ; then
4181 echo " sshd superuser user PATH: $J"
4182 fi
4183 echo " Manpage format: $MANTYPE"
4184 echo " PAM support: $PAM_MSG"
4185 echo " OSF SIA support: $SIA_MSG"
4186 echo " KerberosV support: $KRB5_MSG"
4187 echo " SELinux support: $SELINUX_MSG"
4188 echo " Smartcard support: $SCARD_MSG"
4189 echo " S/KEY support: $SKEY_MSG"
4190 echo " TCP Wrappers support: $TCPW_MSG"
4191 echo " MD5 password support: $MD5_MSG"
4192 echo " libedit support: $LIBEDIT_MSG"
4193 echo " Solaris process contract support: $SPC_MSG"
4194 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4195 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4196 echo " BSD Auth support: $BSD_AUTH_MSG"
4197 echo " Random number source: $RAND_MSG"
4198 if test ! -z "$USE_RAND_HELPER" ; then
4199 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4200 fi
4202 echo ""
4204 echo " Host: ${host}"
4205 echo " Compiler: ${CC}"
4206 echo " Compiler flags: ${CFLAGS}"
4207 echo "Preprocessor flags: ${CPPFLAGS}"
4208 echo " Linker flags: ${LDFLAGS}"
4209 echo " Libraries: ${LIBS}"
4210 if test ! -z "${SSHDLIBS}"; then
4211 echo " +for sshd: ${SSHDLIBS}"
4212 fi
4214 echo ""
4216 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4217 echo "SVR4 style packages are supported with \"make package\""
4218 echo ""
4219 fi
4221 if test "x$PAM_MSG" = "xyes" ; then
4222 echo "PAM is enabled. You may need to install a PAM control file "
4223 echo "for sshd, otherwise password authentication may fail. "
4224 echo "Example PAM control files can be found in the contrib/ "
4225 echo "subdirectory"
4226 echo ""
4227 fi
4229 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4230 echo "WARNING: you are using the builtin random number collection "
4231 echo "service. Please read WARNING.RNG and request that your OS "
4232 echo "vendor includes kernel-based random number collection in "
4233 echo "future versions of your OS."
4234 echo ""
4235 fi
4237 if test ! -z "$NO_PEERCHECK" ; then
4238 echo "WARNING: the operating system that you are using does not"
4239 echo "appear to support getpeereid(), getpeerucred() or the"
4240 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4241 echo "enforce security checks to prevent unauthorised connections to"
4242 echo "ssh-agent. Their absence increases the risk that a malicious"
4243 echo "user can connect to your agent."
4244 echo ""
4245 fi
4247 if test "$AUDIT_MODULE" = "bsm" ; then
4248 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4249 echo "See the Solaris section in README.platform for details."
4250 fi