| blob | 3373dadc774010fc50a49aad1adbcffa01cb69b9 |
1 # $Id: configure.ac,v 1.347 2006/07/12 09:02:57 dtucker Exp $
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.347 $)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
22 AC_PROG_CC
23 AC_CANONICAL_HOST
24 AC_C_BIGENDIAN
26 # Checks for programs.
27 AC_PROG_AWK
28 AC_PROG_CPP
29 AC_PROG_RANLIB
30 AC_PROG_INSTALL
31 AC_PROG_EGREP
32 AC_PATH_PROG(AR, ar)
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
37 AC_SUBST(PERL)
38 AC_PATH_PROG(ENT, ent)
39 AC_SUBST(ENT)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43 AC_PATH_PROG(SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
46 dnl for buildpkg.sh
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54 else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56 fi
58 # System features
59 AC_SYS_LARGEFILE
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63 fi
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
70 else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76 fi
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
82 fi
84 if test -z "$LD" ; then
85 LD=$CC
86 fi
87 AC_SUBST(LD)
89 AC_C_INLINE
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
96 case $GCC_VER in
97 1.*) ;;
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99 2.*) ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
102 *) ;;
103 esac
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
111 [have_llong_max=1],
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
114 )
115 fi
116 fi
118 AC_ARG_WITH(rpath,
119 [ --without-rpath Disable auto-added -R linker paths],
120 [
121 if test "x$withval" = "xno" ; then
122 need_dash_r=""
123 fi
124 if test "x$withval" = "xyes" ; then
125 need_dash_r=1
126 fi
127 ]
128 )
130 # Check for some target-specific stuff
131 case "$host" in
132 *-*-aix*)
133 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
134 if (test -z "$blibpath"); then
135 blibpath="/usr/lib:/lib"
136 fi
137 saved_LDFLAGS="$LDFLAGS"
138 if test "$GCC" = "yes"; then
139 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
140 else
141 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
142 fi
143 for tryflags in $flags ;do
144 if (test -z "$blibflags"); then
145 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
146 AC_TRY_LINK([], [], [blibflags=$tryflags])
147 fi
148 done
149 if (test -z "$blibflags"); then
150 AC_MSG_RESULT(not found)
151 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
152 else
153 AC_MSG_RESULT($blibflags)
154 fi
155 LDFLAGS="$saved_LDFLAGS"
156 dnl Check for authenticate. Might be in libs.a on older AIXes
157 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
158 [Define if you want to enable AIX4's authenticate function])],
159 [AC_CHECK_LIB(s,authenticate,
160 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
161 LIBS="$LIBS -ls"
162 ])
163 ])
164 dnl Check for various auth function declarations in headers.
165 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
166 passwdexpired, setauthdb], , , [#include <usersec.h>])
167 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
168 AC_CHECK_DECLS(loginfailed,
169 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
170 AC_TRY_COMPILE(
171 [#include <usersec.h>],
172 [(void)loginfailed("user","host","tty",0);],
173 [AC_MSG_RESULT(yes)
174 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
175 [Define if your AIX loginfailed() function
176 takes 4 arguments (AIX >= 5.2)])],
177 [AC_MSG_RESULT(no)]
178 )],
179 [],
180 [#include <usersec.h>]
181 )
182 AC_CHECK_FUNCS(setauthdb)
183 check_for_aix_broken_getaddrinfo=1
184 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
185 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
186 [Define if your platform breaks doing a seteuid before a setuid])
187 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
188 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
189 dnl AIX handles lastlog as part of its login message
190 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
191 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
192 [Some systems need a utmpx entry for /bin/login to work])
193 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
194 [Define to a Set Process Title type if your system is
195 supported by bsd-setproctitle.c])
196 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
197 [AIX 5.2 and 5.3 (and presumably newer) require this])
198 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
199 ;;
200 *-*-cygwin*)
201 check_for_libcrypt_later=1
202 LIBS="$LIBS /usr/lib/textmode.o"
203 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
204 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
205 AC_DEFINE(DISABLE_SHADOW, 1,
206 [Define if you want to disable shadow passwords])
207 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
208 [Define if your system choked on IP TOS setting])
209 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
210 [Define if X11 doesn't support AF_UNIX sockets on that system])
211 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
212 [Define if the concept of ports only accessible to
213 superusers isn't known])
214 AC_DEFINE(DISABLE_FD_PASSING, 1,
215 [Define if your platform needs to skip post auth
216 file descriptor passing])
217 ;;
218 *-*-dgux*)
219 AC_DEFINE(IP_TOS_IS_BROKEN)
220 AC_DEFINE(SETEUID_BREAKS_SETUID)
221 AC_DEFINE(BROKEN_SETREUID)
222 AC_DEFINE(BROKEN_SETREGID)
223 ;;
224 *-*-darwin*)
225 AC_MSG_CHECKING(if we have working getaddrinfo)
226 AC_TRY_RUN([#include <mach-o/dyld.h>
227 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
228 exit(0);
229 else
230 exit(1);
231 }], [AC_MSG_RESULT(working)],
232 [AC_MSG_RESULT(buggy)
233 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
234 [AC_MSG_RESULT(assume it is working)])
235 AC_DEFINE(SETEUID_BREAKS_SETUID)
236 AC_DEFINE(BROKEN_SETREUID)
237 AC_DEFINE(BROKEN_SETREGID)
238 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
239 [Define if your resolver libs need this for getrrsetbyname])
240 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
241 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
242 [Use tunnel device compatibility to OpenBSD])
243 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
244 [Prepend the address family to IP tunnel traffic])
245 ;;
246 *-*-hpux*)
247 # first we define all of the options common to all HP-UX releases
248 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
249 IPADDR_IN_DISPLAY=yes
250 AC_DEFINE(USE_PIPES)
251 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
252 [Define if your login program cannot handle end of options ("--")])
253 AC_DEFINE(LOGIN_NEEDS_UTMPX)
254 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
255 [String used in /etc/passwd to denote locked account])
256 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
257 MAIL="/var/mail/username"
258 LIBS="$LIBS -lsec"
259 AC_CHECK_LIB(xnet, t_error, ,
260 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
262 # next, we define all of the options specific to major releases
263 case "$host" in
264 *-*-hpux10*)
265 if test -z "$GCC"; then
266 CFLAGS="$CFLAGS -Ae"
267 fi
268 ;;
269 *-*-hpux11*)
270 AC_DEFINE(PAM_SUN_CODEBASE, 1,
271 [Define if you are using Solaris-derived PAM which
272 passes pam_messages to the conversation function
273 with an extra level of indirection])
274 AC_DEFINE(DISABLE_UTMP, 1,
275 [Define if you don't want to use utmp])
276 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
277 check_for_hpux_broken_getaddrinfo=1
278 check_for_conflicting_getspnam=1
279 ;;
280 esac
282 # lastly, we define options specific to minor releases
283 case "$host" in
284 *-*-hpux10.26)
285 AC_DEFINE(HAVE_SECUREWARE, 1,
286 [Define if you have SecureWare-based
287 protected password database])
288 disable_ptmx_check=yes
289 LIBS="$LIBS -lsecpw"
290 ;;
291 esac
292 ;;
293 *-*-irix5*)
294 PATH="$PATH:/usr/etc"
295 AC_DEFINE(BROKEN_INET_NTOA, 1,
296 [Define if you system's inet_ntoa is busted
297 (e.g. Irix gcc issue)])
298 AC_DEFINE(SETEUID_BREAKS_SETUID)
299 AC_DEFINE(BROKEN_SETREUID)
300 AC_DEFINE(BROKEN_SETREGID)
301 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
302 [Define if you shouldn't strip 'tty' from your
303 ttyname in [uw]tmp])
304 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
305 ;;
306 *-*-irix6*)
307 PATH="$PATH:/usr/etc"
308 AC_DEFINE(WITH_IRIX_ARRAY, 1,
309 [Define if you have/want arrays
310 (cluster-wide session managment, not C arrays)])
311 AC_DEFINE(WITH_IRIX_PROJECT, 1,
312 [Define if you want IRIX project management])
313 AC_DEFINE(WITH_IRIX_AUDIT, 1,
314 [Define if you want IRIX audit trails])
315 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
316 [Define if you want IRIX kernel jobs])])
317 AC_DEFINE(BROKEN_INET_NTOA)
318 AC_DEFINE(SETEUID_BREAKS_SETUID)
319 AC_DEFINE(BROKEN_SETREUID)
320 AC_DEFINE(BROKEN_SETREGID)
321 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
322 AC_DEFINE(WITH_ABBREV_NO_TTY)
323 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
324 ;;
325 *-*-linux*)
326 no_dev_ptmx=1
327 check_for_libcrypt_later=1
328 check_for_openpty_ctty_bug=1
329 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
330 AC_DEFINE(PAM_TTY_KLUDGE, 1,
331 [Work around problematic Linux PAM modules handling of PAM_TTY])
332 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
333 [String used in /etc/passwd to denote locked account])
334 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
335 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
336 [Define to whatever link() returns for "not supported"
337 if it doesn't return EOPNOTSUPP.])
338 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
339 AC_DEFINE(USE_BTMP)
340 inet6_default_4in6=yes
341 case `uname -r` in
342 1.*|2.0.*)
343 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
344 [Define if cmsg_type is not passed correctly])
345 ;;
346 esac
347 # tun(4) forwarding compat code
348 AC_CHECK_HEADERS(linux/if_tun.h)
349 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
350 AC_DEFINE(SSH_TUN_LINUX, 1,
351 [Open tunnel devices the Linux tun/tap way])
352 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
353 [Use tunnel device compatibility to OpenBSD])
354 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
355 [Prepend the address family to IP tunnel traffic])
356 fi
357 ;;
358 mips-sony-bsd|mips-sony-newsos4)
359 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
360 SONY=1
361 ;;
362 *-*-netbsd*)
363 check_for_libcrypt_before=1
364 if test "x$withval" != "xno" ; then
365 need_dash_r=1
366 fi
367 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
368 AC_CHECK_HEADER([net/if_tap.h], ,
369 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
370 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
371 [Prepend the address family to IP tunnel traffic])
372 ;;
373 *-*-freebsd*)
374 check_for_libcrypt_later=1
375 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
376 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
377 AC_CHECK_HEADER([net/if_tap.h], ,
378 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
379 ;;
380 *-*-bsdi*)
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
384 ;;
385 *-next-*)
386 conf_lastlog_location="/usr/adm/lastlog"
387 conf_utmp_location=/etc/utmp
388 conf_wtmp_location=/usr/adm/wtmp
389 MAIL=/usr/spool/mail
390 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
391 AC_DEFINE(BROKEN_REALPATH)
392 AC_DEFINE(USE_PIPES)
393 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
394 ;;
395 *-*-openbsd*)
396 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
397 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
398 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
399 ;;
400 *-*-solaris*)
401 if test "x$withval" != "xno" ; then
402 need_dash_r=1
403 fi
404 AC_DEFINE(PAM_SUN_CODEBASE)
405 AC_DEFINE(LOGIN_NEEDS_UTMPX)
406 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
407 [Some versions of /bin/login need the TERM supplied
408 on the commandline])
409 AC_DEFINE(PAM_TTY_KLUDGE)
410 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
411 [Define if pam_chauthtok wants real uid set
412 to the unpriv'ed user])
413 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
414 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
415 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
416 [Define if sshd somehow reacquires a controlling TTY
417 after setsid()])
418 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
419 in case the name is longer than 8 chars])
420 external_path_file=/etc/default/login
421 # hardwire lastlog location (can't detect it on some versions)
422 conf_lastlog_location="/var/adm/lastlog"
423 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
424 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
425 if test "$sol2ver" -ge 8; then
426 AC_MSG_RESULT(yes)
427 AC_DEFINE(DISABLE_UTMP)
428 AC_DEFINE(DISABLE_WTMP, 1,
429 [Define if you don't want to use wtmp])
430 else
431 AC_MSG_RESULT(no)
432 fi
433 ;;
434 *-*-sunos4*)
435 CPPFLAGS="$CPPFLAGS -DSUNOS4"
436 AC_CHECK_FUNCS(getpwanam)
437 AC_DEFINE(PAM_SUN_CODEBASE)
438 conf_utmp_location=/etc/utmp
439 conf_wtmp_location=/var/adm/wtmp
440 conf_lastlog_location=/var/adm/lastlog
441 AC_DEFINE(USE_PIPES)
442 ;;
443 *-ncr-sysv*)
444 LIBS="$LIBS -lc89"
445 AC_DEFINE(USE_PIPES)
446 AC_DEFINE(SSHD_ACQUIRES_CTTY)
447 AC_DEFINE(SETEUID_BREAKS_SETUID)
448 AC_DEFINE(BROKEN_SETREUID)
449 AC_DEFINE(BROKEN_SETREGID)
450 ;;
451 *-sni-sysv*)
452 # /usr/ucblib MUST NOT be searched on ReliantUNIX
453 AC_CHECK_LIB(dl, dlsym, ,)
454 # -lresolv needs to be at the end of LIBS or DNS lookups break
455 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
456 IPADDR_IN_DISPLAY=yes
457 AC_DEFINE(USE_PIPES)
458 AC_DEFINE(IP_TOS_IS_BROKEN)
459 AC_DEFINE(SETEUID_BREAKS_SETUID)
460 AC_DEFINE(BROKEN_SETREUID)
461 AC_DEFINE(BROKEN_SETREGID)
462 AC_DEFINE(SSHD_ACQUIRES_CTTY)
463 external_path_file=/etc/default/login
464 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
465 # Attention: always take care to bind libsocket and libnsl before libc,
466 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
467 ;;
468 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
469 *-*-sysv4.2*)
470 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
471 AC_DEFINE(USE_PIPES)
472 AC_DEFINE(SETEUID_BREAKS_SETUID)
473 AC_DEFINE(BROKEN_SETREUID)
474 AC_DEFINE(BROKEN_SETREGID)
475 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
476 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
477 ;;
478 # UnixWare 7.x, OpenUNIX 8
479 *-*-sysv5*)
480 check_for_libcrypt_later=1
481 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
482 AC_DEFINE(USE_PIPES)
483 AC_DEFINE(SETEUID_BREAKS_SETUID)
484 AC_DEFINE(BROKEN_SETREUID)
485 AC_DEFINE(BROKEN_SETREGID)
486 AC_DEFINE(PASSWD_NEEDS_USERNAME)
487 case "$host" in
488 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
489 TEST_SHELL=/u95/bin/sh
490 AC_DEFINE(BROKEN_LIBIAF, 1,
491 [ia_uinfo routines not supported by OS yet])
492 ;;
493 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
494 ;;
495 esac
496 ;;
497 *-*-sysv*)
498 ;;
499 # SCO UNIX and OEM versions of SCO UNIX
500 *-*-sco3.2v4*)
501 AC_MSG_ERROR("This Platform is no longer supported.")
502 ;;
503 # SCO OpenServer 5.x
504 *-*-sco3.2v5*)
505 if test -z "$GCC"; then
506 CFLAGS="$CFLAGS -belf"
507 fi
508 LIBS="$LIBS -lprot -lx -ltinfo -lm"
509 no_dev_ptmx=1
510 AC_DEFINE(USE_PIPES)
511 AC_DEFINE(HAVE_SECUREWARE)
512 AC_DEFINE(DISABLE_SHADOW)
513 AC_DEFINE(DISABLE_FD_PASSING)
514 AC_DEFINE(SETEUID_BREAKS_SETUID)
515 AC_DEFINE(BROKEN_SETREUID)
516 AC_DEFINE(BROKEN_SETREGID)
517 AC_DEFINE(WITH_ABBREV_NO_TTY)
518 AC_DEFINE(BROKEN_UPDWTMPX)
519 AC_DEFINE(PASSWD_NEEDS_USERNAME)
520 AC_CHECK_FUNCS(getluid setluid)
521 MANTYPE=man
522 TEST_SHELL=ksh
523 ;;
524 *-*-unicosmk*)
525 AC_DEFINE(NO_SSH_LASTLOG, 1,
526 [Define if you don't want to use lastlog in session.c])
527 AC_DEFINE(SETEUID_BREAKS_SETUID)
528 AC_DEFINE(BROKEN_SETREUID)
529 AC_DEFINE(BROKEN_SETREGID)
530 AC_DEFINE(USE_PIPES)
531 AC_DEFINE(DISABLE_FD_PASSING)
532 LDFLAGS="$LDFLAGS"
533 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
534 MANTYPE=cat
535 ;;
536 *-*-unicosmp*)
537 AC_DEFINE(SETEUID_BREAKS_SETUID)
538 AC_DEFINE(BROKEN_SETREUID)
539 AC_DEFINE(BROKEN_SETREGID)
540 AC_DEFINE(WITH_ABBREV_NO_TTY)
541 AC_DEFINE(USE_PIPES)
542 AC_DEFINE(DISABLE_FD_PASSING)
543 LDFLAGS="$LDFLAGS"
544 LIBS="$LIBS -lgen -lacid -ldb"
545 MANTYPE=cat
546 ;;
547 *-*-unicos*)
548 AC_DEFINE(SETEUID_BREAKS_SETUID)
549 AC_DEFINE(BROKEN_SETREUID)
550 AC_DEFINE(BROKEN_SETREGID)
551 AC_DEFINE(USE_PIPES)
552 AC_DEFINE(DISABLE_FD_PASSING)
553 AC_DEFINE(NO_SSH_LASTLOG)
554 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
555 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
556 MANTYPE=cat
557 ;;
558 *-dec-osf*)
559 AC_MSG_CHECKING(for Digital Unix SIA)
560 no_osfsia=""
561 AC_ARG_WITH(osfsia,
562 [ --with-osfsia Enable Digital Unix SIA],
563 [
564 if test "x$withval" = "xno" ; then
565 AC_MSG_RESULT(disabled)
566 no_osfsia=1
567 fi
568 ],
569 )
570 if test -z "$no_osfsia" ; then
571 if test -f /etc/sia/matrix.conf; then
572 AC_MSG_RESULT(yes)
573 AC_DEFINE(HAVE_OSF_SIA, 1,
574 [Define if you have Digital Unix Security
575 Integration Architecture])
576 AC_DEFINE(DISABLE_LOGIN, 1,
577 [Define if you don't want to use your
578 system's login() call])
579 AC_DEFINE(DISABLE_FD_PASSING)
580 LIBS="$LIBS -lsecurity -ldb -lm -laud"
581 else
582 AC_MSG_RESULT(no)
583 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
584 [String used in /etc/passwd to denote locked account])
585 fi
586 fi
587 AC_DEFINE(BROKEN_GETADDRINFO)
588 AC_DEFINE(SETEUID_BREAKS_SETUID)
589 AC_DEFINE(BROKEN_SETREUID)
590 AC_DEFINE(BROKEN_SETREGID)
591 ;;
593 *-*-nto-qnx*)
594 AC_DEFINE(USE_PIPES)
595 AC_DEFINE(NO_X11_UNIX_SOCKETS)
596 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
597 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
598 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
599 AC_DEFINE(DISABLE_LASTLOG)
600 AC_DEFINE(SSHD_ACQUIRES_CTTY)
601 enable_etc_default_login=no # has incompatible /etc/default/login
602 ;;
604 *-*-ultrix*)
605 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
606 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
607 AC_DEFINE(NEED_SETPGRP)
608 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
609 ;;
611 *-*-lynxos)
612 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
613 AC_DEFINE(MISSING_HOWMANY)
614 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
615 ;;
616 esac
618 # Allow user to specify flags
619 AC_ARG_WITH(cflags,
620 [ --with-cflags Specify additional flags to pass to compiler],
621 [
622 if test -n "$withval" && test "x$withval" != "xno" && \
623 test "x${withval}" != "xyes"; then
624 CFLAGS="$CFLAGS $withval"
625 fi
626 ]
627 )
628 AC_ARG_WITH(cppflags,
629 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
630 [
631 if test -n "$withval" && test "x$withval" != "xno" && \
632 test "x${withval}" != "xyes"; then
633 CPPFLAGS="$CPPFLAGS $withval"
634 fi
635 ]
636 )
637 AC_ARG_WITH(ldflags,
638 [ --with-ldflags Specify additional flags to pass to linker],
639 [
640 if test -n "$withval" && test "x$withval" != "xno" && \
641 test "x${withval}" != "xyes"; then
642 LDFLAGS="$LDFLAGS $withval"
643 fi
644 ]
645 )
646 AC_ARG_WITH(libs,
647 [ --with-libs Specify additional libraries to link with],
648 [
649 if test -n "$withval" && test "x$withval" != "xno" && \
650 test "x${withval}" != "xyes"; then
651 LIBS="$LIBS $withval"
652 fi
653 ]
654 )
655 AC_ARG_WITH(Werror,
656 [ --with-Werror Build main code with -Werror],
657 [
658 if test -n "$withval" && test "x$withval" != "xno"; then
659 werror_flags="-Werror"
660 if test "x${withval}" != "xyes"; then
661 werror_flags="$withval"
662 fi
663 fi
664 ]
665 )
667 AC_MSG_CHECKING(compiler and flags for sanity)
668 AC_RUN_IFELSE(
669 [AC_LANG_SOURCE([
670 #include <stdio.h>
671 int main(){exit(0);}
672 ])],
673 [ AC_MSG_RESULT(yes) ],
674 [
675 AC_MSG_RESULT(no)
676 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
677 ],
678 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
679 )
681 dnl Checks for header files.
682 AC_CHECK_HEADERS( \
683 bstring.h \
684 crypt.h \
685 crypto/sha2.h \
686 dirent.h \
687 endian.h \
688 features.h \
689 fcntl.h \
690 floatingpoint.h \
691 getopt.h \
692 glob.h \
693 ia.h \
694 iaf.h \
695 limits.h \
696 login.h \
697 maillock.h \
698 ndir.h \
699 net/if_tun.h \
700 netdb.h \
701 netgroup.h \
702 pam/pam_appl.h \
703 paths.h \
704 pty.h \
705 readpassphrase.h \
706 rpc/types.h \
707 security/pam_appl.h \
708 sha2.h \
709 shadow.h \
710 stddef.h \
711 stdint.h \
712 string.h \
713 strings.h \
714 sys/audit.h \
715 sys/bitypes.h \
716 sys/bsdtty.h \
717 sys/cdefs.h \
718 sys/dir.h \
719 sys/mman.h \
720 sys/ndir.h \
721 sys/prctl.h \
722 sys/pstat.h \
723 sys/select.h \
724 sys/stat.h \
725 sys/stream.h \
726 sys/stropts.h \
727 sys/strtio.h \
728 sys/sysmacros.h \
729 sys/time.h \
730 sys/timers.h \
731 sys/un.h \
732 time.h \
733 tmpdir.h \
734 ttyent.h \
735 unistd.h \
736 usersec.h \
737 util.h \
738 utime.h \
739 utmp.h \
740 utmpx.h \
741 vis.h \
742 )
744 # lastlog.h requires sys/time.h to be included first on Solaris
745 AC_CHECK_HEADERS(lastlog.h, [], [], [
746 #ifdef HAVE_SYS_TIME_H
747 # include <sys/time.h>
748 #endif
749 ])
751 # sys/ptms.h requires sys/stream.h to be included first on Solaris
752 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
753 #ifdef HAVE_SYS_STREAM_H
754 # include <sys/stream.h>
755 #endif
756 ])
758 # login_cap.h requires sys/types.h on NetBSD
759 AC_CHECK_HEADERS(login_cap.h, [], [], [
760 #include <sys/types.h>
761 ])
763 # Checks for libraries.
764 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
765 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
767 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
768 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
769 AC_CHECK_LIB(gen, dirname,[
770 AC_CACHE_CHECK([for broken dirname],
771 ac_cv_have_broken_dirname, [
772 save_LIBS="$LIBS"
773 LIBS="$LIBS -lgen"
774 AC_RUN_IFELSE(
775 [AC_LANG_SOURCE([[
776 #include <libgen.h>
777 #include <string.h>
779 int main(int argc, char **argv) {
780 char *s, buf[32];
782 strncpy(buf,"/etc", 32);
783 s = dirname(buf);
784 if (!s || strncmp(s, "/", 32) != 0) {
785 exit(1);
786 } else {
787 exit(0);
788 }
789 }
790 ]])],
791 [ ac_cv_have_broken_dirname="no" ],
792 [ ac_cv_have_broken_dirname="yes" ],
793 [ ac_cv_have_broken_dirname="no" ],
794 )
795 LIBS="$save_LIBS"
796 ])
797 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
798 LIBS="$LIBS -lgen"
799 AC_DEFINE(HAVE_DIRNAME)
800 AC_CHECK_HEADERS(libgen.h)
801 fi
802 ])
803 ])
805 AC_CHECK_FUNC(getspnam, ,
806 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
807 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
808 [Define if you have the basename function.]))
810 dnl zlib is required
811 AC_ARG_WITH(zlib,
812 [ --with-zlib=PATH Use zlib in PATH],
813 [ if test "x$withval" = "xno" ; then
814 AC_MSG_ERROR([*** zlib is required ***])
815 elif test "x$withval" != "xyes"; then
816 if test -d "$withval/lib"; then
817 if test -n "${need_dash_r}"; then
818 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
819 else
820 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
821 fi
822 else
823 if test -n "${need_dash_r}"; then
824 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
825 else
826 LDFLAGS="-L${withval} ${LDFLAGS}"
827 fi
828 fi
829 if test -d "$withval/include"; then
830 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
831 else
832 CPPFLAGS="-I${withval} ${CPPFLAGS}"
833 fi
834 fi ]
835 )
837 AC_CHECK_LIB(z, deflate, ,
838 [
839 saved_CPPFLAGS="$CPPFLAGS"
840 saved_LDFLAGS="$LDFLAGS"
841 save_LIBS="$LIBS"
842 dnl Check default zlib install dir
843 if test -n "${need_dash_r}"; then
844 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
845 else
846 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
847 fi
848 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
849 LIBS="$LIBS -lz"
850 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
851 [
852 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
853 ]
854 )
855 ]
856 )
857 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
859 AC_ARG_WITH(zlib-version-check,
860 [ --without-zlib-version-check Disable zlib version check],
861 [ if test "x$withval" = "xno" ; then
862 zlib_check_nonfatal=1
863 fi
864 ]
865 )
867 AC_MSG_CHECKING(for possibly buggy zlib)
868 AC_RUN_IFELSE([AC_LANG_SOURCE([[
869 #include <stdio.h>
870 #include <zlib.h>
871 int main()
872 {
873 int a=0, b=0, c=0, d=0, n, v;
874 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
875 if (n != 3 && n != 4)
876 exit(1);
877 v = a*1000000 + b*10000 + c*100 + d;
878 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
880 /* 1.1.4 is OK */
881 if (a == 1 && b == 1 && c >= 4)
882 exit(0);
884 /* 1.2.3 and up are OK */
885 if (v >= 1020300)
886 exit(0);
888 exit(2);
889 }
890 ]])],
891 AC_MSG_RESULT(no),
892 [ AC_MSG_RESULT(yes)
893 if test -z "$zlib_check_nonfatal" ; then
894 AC_MSG_ERROR([*** zlib too old - check config.log ***
895 Your reported zlib version has known security problems. It's possible your
896 vendor has fixed these problems without changing the version number. If you
897 are sure this is the case, you can disable the check by running
898 "./configure --without-zlib-version-check".
899 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
900 See http://www.gzip.org/zlib/ for details.])
901 else
902 AC_MSG_WARN([zlib version may have security problems])
903 fi
904 ],
905 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
906 )
908 dnl UnixWare 2.x
909 AC_CHECK_FUNC(strcasecmp,
910 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
911 )
912 AC_CHECK_FUNCS(utimes,
913 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
914 LIBS="$LIBS -lc89"]) ]
915 )
917 dnl Checks for libutil functions
918 AC_CHECK_HEADERS(libutil.h)
919 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
920 [Define if your libraries define login()])])
921 AC_CHECK_FUNCS(logout updwtmp logwtmp)
923 AC_FUNC_STRFTIME
925 # Check for ALTDIRFUNC glob() extension
926 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
927 AC_EGREP_CPP(FOUNDIT,
928 [
929 #include <glob.h>
930 #ifdef GLOB_ALTDIRFUNC
931 FOUNDIT
932 #endif
933 ],
934 [
935 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
936 [Define if your system glob() function has
937 the GLOB_ALTDIRFUNC extension])
938 AC_MSG_RESULT(yes)
939 ],
940 [
941 AC_MSG_RESULT(no)
942 ]
943 )
945 # Check for g.gl_matchc glob() extension
946 AC_MSG_CHECKING(for gl_matchc field in glob_t)
947 AC_TRY_COMPILE(
948 [ #include <glob.h> ],
949 [glob_t g; g.gl_matchc = 1;],
950 [
951 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
952 [Define if your system glob() function has
953 gl_matchc options in glob_t])
954 AC_MSG_RESULT(yes)
955 ],
956 [
957 AC_MSG_RESULT(no)
958 ]
959 )
961 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
962 AC_RUN_IFELSE(
963 [AC_LANG_SOURCE([[
964 #include <sys/types.h>
965 #include <dirent.h>
966 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
967 ]])],
968 [AC_MSG_RESULT(yes)],
969 [
970 AC_MSG_RESULT(no)
971 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
972 [Define if your struct dirent expects you to
973 allocate extra space for d_name])
974 ],
975 [
976 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
977 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
978 ]
979 )
981 AC_MSG_CHECKING([for /proc/pid/fd directory])
982 if test -d "/proc/$$/fd" ; then
983 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
984 AC_MSG_RESULT(yes)
985 else
986 AC_MSG_RESULT(no)
987 fi
989 # Check whether user wants S/Key support
990 SKEY_MSG="no"
991 AC_ARG_WITH(skey,
992 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
993 [
994 if test "x$withval" != "xno" ; then
996 if test "x$withval" != "xyes" ; then
997 CPPFLAGS="$CPPFLAGS -I${withval}/include"
998 LDFLAGS="$LDFLAGS -L${withval}/lib"
999 fi
1001 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1002 LIBS="-lskey $LIBS"
1003 SKEY_MSG="yes"
1005 AC_MSG_CHECKING([for s/key support])
1006 AC_LINK_IFELSE(
1007 [AC_LANG_SOURCE([[
1008 #include <stdio.h>
1009 #include <skey.h>
1010 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1011 ]])],
1012 [AC_MSG_RESULT(yes)],
1013 [
1014 AC_MSG_RESULT(no)
1015 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1016 ])
1017 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1018 AC_TRY_COMPILE(
1019 [#include <stdio.h>
1020 #include <skey.h>],
1021 [(void)skeychallenge(NULL,"name","",0);],
1022 [AC_MSG_RESULT(yes)
1023 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1024 [Define if your skeychallenge()
1025 function takes 4 arguments (NetBSD)])],
1026 [AC_MSG_RESULT(no)]
1027 )
1028 fi
1029 ]
1030 )
1032 # Check whether user wants TCP wrappers support
1033 TCPW_MSG="no"
1034 AC_ARG_WITH(tcp-wrappers,
1035 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1036 [
1037 if test "x$withval" != "xno" ; then
1038 saved_LIBS="$LIBS"
1039 saved_LDFLAGS="$LDFLAGS"
1040 saved_CPPFLAGS="$CPPFLAGS"
1041 if test -n "${withval}" && \
1042 test "x${withval}" != "xyes"; then
1043 if test -d "${withval}/lib"; then
1044 if test -n "${need_dash_r}"; then
1045 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1046 else
1047 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1048 fi
1049 else
1050 if test -n "${need_dash_r}"; then
1051 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1052 else
1053 LDFLAGS="-L${withval} ${LDFLAGS}"
1054 fi
1055 fi
1056 if test -d "${withval}/include"; then
1057 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1058 else
1059 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1060 fi
1061 fi
1062 LIBWRAP="-lwrap"
1063 LIBS="$LIBWRAP $LIBS"
1064 AC_MSG_CHECKING(for libwrap)
1065 AC_TRY_LINK(
1066 [
1067 #include <sys/types.h>
1068 #include <sys/socket.h>
1069 #include <netinet/in.h>
1070 #include <tcpd.h>
1071 int deny_severity = 0, allow_severity = 0;
1072 ],
1073 [hosts_access(0);],
1074 [
1075 AC_MSG_RESULT(yes)
1076 AC_DEFINE(LIBWRAP, 1,
1077 [Define if you want
1078 TCP Wrappers support])
1079 AC_SUBST(LIBWRAP)
1080 TCPW_MSG="yes"
1081 ],
1082 [
1083 AC_MSG_ERROR([*** libwrap missing])
1084 ]
1085 )
1086 LIBS="$saved_LIBS"
1087 fi
1088 ]
1089 )
1091 # Check whether user wants libedit support
1092 LIBEDIT_MSG="no"
1093 AC_ARG_WITH(libedit,
1094 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1095 [ if test "x$withval" != "xno" ; then
1096 if test "x$withval" != "xyes"; then
1097 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1098 if test -n "${need_dash_r}"; then
1099 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1100 else
1101 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1102 fi
1103 fi
1104 AC_CHECK_LIB(edit, el_init,
1105 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1106 LIBEDIT="-ledit -lcurses"
1107 LIBEDIT_MSG="yes"
1108 AC_SUBST(LIBEDIT)
1109 ],
1110 [ AC_MSG_ERROR(libedit not found) ],
1111 [ -lcurses ]
1112 )
1113 AC_MSG_CHECKING(if libedit version is compatible)
1114 AC_COMPILE_IFELSE(
1115 [AC_LANG_SOURCE([[
1116 #include <histedit.h>
1117 int main(void)
1118 {
1119 int i = H_SETSIZE;
1120 el_init("", NULL, NULL, NULL);
1121 exit(0);
1122 }
1123 ]])],
1124 [ AC_MSG_RESULT(yes) ],
1125 [ AC_MSG_RESULT(no)
1126 AC_MSG_ERROR(libedit version is not compatible) ]
1127 )
1128 fi ]
1129 )
1131 AUDIT_MODULE=none
1132 AC_ARG_WITH(audit,
1133 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1134 [
1135 AC_MSG_CHECKING(for supported audit module)
1136 case "$withval" in
1137 bsm)
1138 AC_MSG_RESULT(bsm)
1139 AUDIT_MODULE=bsm
1140 dnl Checks for headers, libs and functions
1141 AC_CHECK_HEADERS(bsm/audit.h, [],
1142 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1143 AC_CHECK_LIB(bsm, getaudit, [],
1144 [AC_MSG_ERROR(BSM enabled and required library not found)])
1145 AC_CHECK_FUNCS(getaudit, [],
1146 [AC_MSG_ERROR(BSM enabled and required function not found)])
1147 # These are optional
1148 AC_CHECK_FUNCS(getaudit_addr)
1149 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1150 ;;
1151 debug)
1152 AUDIT_MODULE=debug
1153 AC_MSG_RESULT(debug)
1154 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1155 ;;
1156 no)
1157 AC_MSG_RESULT(no)
1158 ;;
1159 *)
1160 AC_MSG_ERROR([Unknown audit module $withval])
1161 ;;
1162 esac ]
1163 )
1165 dnl Checks for library functions. Please keep in alphabetical order
1166 AC_CHECK_FUNCS( \
1167 arc4random \
1168 asprintf \
1169 b64_ntop \
1170 __b64_ntop \
1171 b64_pton \
1172 __b64_pton \
1173 bcopy \
1174 bindresvport_sa \
1175 clock \
1176 closefrom \
1177 dirfd \
1178 fchmod \
1179 fchown \
1180 freeaddrinfo \
1181 futimes \
1182 getaddrinfo \
1183 getcwd \
1184 getgrouplist \
1185 getnameinfo \
1186 getopt \
1187 getpeereid \
1188 _getpty \
1189 getrlimit \
1190 getttyent \
1191 glob \
1192 inet_aton \
1193 inet_ntoa \
1194 inet_ntop \
1195 innetgr \
1196 login_getcapbool \
1197 md5_crypt \
1198 memmove \
1199 mkdtemp \
1200 mmap \
1201 ngetaddrinfo \
1202 nsleep \
1203 ogetaddrinfo \
1204 openlog_r \
1205 openpty \
1206 prctl \
1207 pstat \
1208 readpassphrase \
1209 realpath \
1210 recvmsg \
1211 rresvport_af \
1212 sendmsg \
1213 setdtablesize \
1214 setegid \
1215 setenv \
1216 seteuid \
1217 setgroups \
1218 setlogin \
1219 setpcred \
1220 setproctitle \
1221 setregid \
1222 setreuid \
1223 setrlimit \
1224 setsid \
1225 setvbuf \
1226 sigaction \
1227 sigvec \
1228 snprintf \
1229 socketpair \
1230 strdup \
1231 strerror \
1232 strlcat \
1233 strlcpy \
1234 strmode \
1235 strnvis \
1236 strtonum \
1237 strtoll \
1238 strtoul \
1239 sysconf \
1240 tcgetpgrp \
1241 truncate \
1242 unsetenv \
1243 updwtmpx \
1244 vasprintf \
1245 vhangup \
1246 vsnprintf \
1247 waitpid \
1248 )
1250 # IRIX has a const char return value for gai_strerror()
1251 AC_CHECK_FUNCS(gai_strerror,[
1252 AC_DEFINE(HAVE_GAI_STRERROR)
1253 AC_TRY_COMPILE([
1254 #include <sys/types.h>
1255 #include <sys/socket.h>
1256 #include <netdb.h>
1258 const char *gai_strerror(int);],[
1259 char *str;
1261 str = gai_strerror(0);],[
1262 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1263 [Define if gai_strerror() returns const char *])])])
1265 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1266 [Some systems put nanosleep outside of libc]))
1268 dnl Make sure prototypes are defined for these before using them.
1269 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1270 AC_CHECK_DECL(strsep,
1271 [AC_CHECK_FUNCS(strsep)],
1272 [],
1273 [
1274 #ifdef HAVE_STRING_H
1275 # include <string.h>
1276 #endif
1277 ])
1279 dnl tcsendbreak might be a macro
1280 AC_CHECK_DECL(tcsendbreak,
1281 [AC_DEFINE(HAVE_TCSENDBREAK)],
1282 [AC_CHECK_FUNCS(tcsendbreak)],
1283 [#include <termios.h>]
1284 )
1286 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1288 AC_CHECK_DECLS(SHUT_RD, , ,
1289 [
1290 #include <sys/types.h>
1291 #include <sys/socket.h>
1292 ])
1294 AC_CHECK_DECLS(O_NONBLOCK, , ,
1295 [
1296 #include <sys/types.h>
1297 #ifdef HAVE_SYS_STAT_H
1298 # include <sys/stat.h>
1299 #endif
1300 #ifdef HAVE_FCNTL_H
1301 # include <fcntl.h>
1302 #endif
1303 ])
1305 AC_CHECK_FUNCS(setresuid, [
1306 dnl Some platorms have setresuid that isn't implemented, test for this
1307 AC_MSG_CHECKING(if setresuid seems to work)
1308 AC_RUN_IFELSE(
1309 [AC_LANG_SOURCE([[
1310 #include <stdlib.h>
1311 #include <errno.h>
1312 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1313 ]])],
1314 [AC_MSG_RESULT(yes)],
1315 [AC_DEFINE(BROKEN_SETRESUID, 1,
1316 [Define if your setresuid() is broken])
1317 AC_MSG_RESULT(not implemented)],
1318 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1319 )
1320 ])
1322 AC_CHECK_FUNCS(setresgid, [
1323 dnl Some platorms have setresgid that isn't implemented, test for this
1324 AC_MSG_CHECKING(if setresgid seems to work)
1325 AC_RUN_IFELSE(
1326 [AC_LANG_SOURCE([[
1327 #include <stdlib.h>
1328 #include <errno.h>
1329 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1330 ]])],
1331 [AC_MSG_RESULT(yes)],
1332 [AC_DEFINE(BROKEN_SETRESGID, 1,
1333 [Define if your setresgid() is broken])
1334 AC_MSG_RESULT(not implemented)],
1335 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1336 )
1337 ])
1339 dnl Checks for time functions
1340 AC_CHECK_FUNCS(gettimeofday time)
1341 dnl Checks for utmp functions
1342 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1343 AC_CHECK_FUNCS(utmpname)
1344 dnl Checks for utmpx functions
1345 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1346 AC_CHECK_FUNCS(setutxent utmpxname)
1348 AC_CHECK_FUNC(daemon,
1349 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1350 [AC_CHECK_LIB(bsd, daemon,
1351 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1352 )
1354 AC_CHECK_FUNC(getpagesize,
1355 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1356 [Define if your libraries define getpagesize()])],
1357 [AC_CHECK_LIB(ucb, getpagesize,
1358 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1359 )
1361 # Check for broken snprintf
1362 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1363 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1364 AC_RUN_IFELSE(
1365 [AC_LANG_SOURCE([[
1366 #include <stdio.h>
1367 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1368 ]])],
1369 [AC_MSG_RESULT(yes)],
1370 [
1371 AC_MSG_RESULT(no)
1372 AC_DEFINE(BROKEN_SNPRINTF, 1,
1373 [Define if your snprintf is busted])
1374 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1375 ],
1376 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1377 )
1378 fi
1380 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1381 # returning the right thing on overflow: the number of characters it tried to
1382 # create (as per SUSv3)
1383 if test "x$ac_cv_func_asprintf" != "xyes" && \
1384 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1385 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1386 AC_RUN_IFELSE(
1387 [AC_LANG_SOURCE([[
1388 #include <sys/types.h>
1389 #include <stdio.h>
1390 #include <stdarg.h>
1392 int x_snprintf(char *str,size_t count,const char *fmt,...)
1393 {
1394 size_t ret; va_list ap;
1395 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1396 return ret;
1397 }
1398 int main(void)
1399 {
1400 char x[1];
1401 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1402 } ]])],
1403 [AC_MSG_RESULT(yes)],
1404 [
1405 AC_MSG_RESULT(no)
1406 AC_DEFINE(BROKEN_SNPRINTF, 1,
1407 [Define if your snprintf is busted])
1408 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1409 ],
1410 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1411 )
1412 fi
1414 # On systems where [v]snprintf is broken, but is declared in stdio,
1415 # check that the fmt argument is const char * or just char *.
1416 # This is only useful for when BROKEN_SNPRINTF
1417 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1418 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1419 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1420 int main(void) { snprintf(0, 0, 0); }
1421 ]])],
1422 [AC_MSG_RESULT(yes)
1423 AC_DEFINE(SNPRINTF_CONST, [const],
1424 [Define as const if snprintf() can declare const char *fmt])],
1425 [AC_MSG_RESULT(no)
1426 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1428 # Check for missing getpeereid (or equiv) support
1429 NO_PEERCHECK=""
1430 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1431 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1432 AC_TRY_COMPILE(
1433 [#include <sys/types.h>
1434 #include <sys/socket.h>],
1435 [int i = SO_PEERCRED;],
1436 [ AC_MSG_RESULT(yes)
1437 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1438 ],
1439 [AC_MSG_RESULT(no)
1440 NO_PEERCHECK=1]
1441 )
1442 fi
1444 dnl see whether mkstemp() requires XXXXXX
1445 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1446 AC_MSG_CHECKING([for (overly) strict mkstemp])
1447 AC_RUN_IFELSE(
1448 [AC_LANG_SOURCE([[
1449 #include <stdlib.h>
1450 main() { char template[]="conftest.mkstemp-test";
1451 if (mkstemp(template) == -1)
1452 exit(1);
1453 unlink(template); exit(0);
1454 }
1455 ]])],
1456 [
1457 AC_MSG_RESULT(no)
1458 ],
1459 [
1460 AC_MSG_RESULT(yes)
1461 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1462 ],
1463 [
1464 AC_MSG_RESULT(yes)
1465 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1466 ]
1467 )
1468 fi
1470 dnl make sure that openpty does not reacquire controlling terminal
1471 if test ! -z "$check_for_openpty_ctty_bug"; then
1472 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1473 AC_RUN_IFELSE(
1474 [AC_LANG_SOURCE([[
1475 #include <stdio.h>
1476 #include <sys/fcntl.h>
1477 #include <sys/types.h>
1478 #include <sys/wait.h>
1480 int
1481 main()
1482 {
1483 pid_t pid;
1484 int fd, ptyfd, ttyfd, status;
1486 pid = fork();
1487 if (pid < 0) { /* failed */
1488 exit(1);
1489 } else if (pid > 0) { /* parent */
1490 waitpid(pid, &status, 0);
1491 if (WIFEXITED(status))
1492 exit(WEXITSTATUS(status));
1493 else
1494 exit(2);
1495 } else { /* child */
1496 close(0); close(1); close(2);
1497 setsid();
1498 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1499 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1500 if (fd >= 0)
1501 exit(3); /* Acquired ctty: broken */
1502 else
1503 exit(0); /* Did not acquire ctty: OK */
1504 }
1505 }
1506 ]])],
1507 [
1508 AC_MSG_RESULT(yes)
1509 ],
1510 [
1511 AC_MSG_RESULT(no)
1512 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1513 ],
1514 [
1515 AC_MSG_RESULT(cross-compiling, assuming yes)
1516 ]
1517 )
1518 fi
1520 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1521 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1522 AC_MSG_CHECKING(if getaddrinfo seems to work)
1523 AC_RUN_IFELSE(
1524 [AC_LANG_SOURCE([[
1525 #include <stdio.h>
1526 #include <sys/socket.h>
1527 #include <netdb.h>
1528 #include <errno.h>
1529 #include <netinet/in.h>
1531 #define TEST_PORT "2222"
1533 int
1534 main(void)
1535 {
1536 int err, sock;
1537 struct addrinfo *gai_ai, *ai, hints;
1538 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1540 memset(&hints, 0, sizeof(hints));
1541 hints.ai_family = PF_UNSPEC;
1542 hints.ai_socktype = SOCK_STREAM;
1543 hints.ai_flags = AI_PASSIVE;
1545 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1546 if (err != 0) {
1547 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1548 exit(1);
1549 }
1551 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1552 if (ai->ai_family != AF_INET6)
1553 continue;
1555 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1556 sizeof(ntop), strport, sizeof(strport),
1557 NI_NUMERICHOST|NI_NUMERICSERV);
1559 if (err != 0) {
1560 if (err == EAI_SYSTEM)
1561 perror("getnameinfo EAI_SYSTEM");
1562 else
1563 fprintf(stderr, "getnameinfo failed: %s\n",
1564 gai_strerror(err));
1565 exit(2);
1566 }
1568 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1569 if (sock < 0)
1570 perror("socket");
1571 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1572 if (errno == EBADF)
1573 exit(3);
1574 }
1575 }
1576 exit(0);
1577 }
1578 ]])],
1579 [
1580 AC_MSG_RESULT(yes)
1581 ],
1582 [
1583 AC_MSG_RESULT(no)
1584 AC_DEFINE(BROKEN_GETADDRINFO)
1585 ],
1586 [
1587 AC_MSG_RESULT(cross-compiling, assuming yes)
1588 ]
1589 )
1590 fi
1592 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1593 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1594 AC_MSG_CHECKING(if getaddrinfo seems to work)
1595 AC_RUN_IFELSE(
1596 [AC_LANG_SOURCE([[
1597 #include <stdio.h>
1598 #include <sys/socket.h>
1599 #include <netdb.h>
1600 #include <errno.h>
1601 #include <netinet/in.h>
1603 #define TEST_PORT "2222"
1605 int
1606 main(void)
1607 {
1608 int err, sock;
1609 struct addrinfo *gai_ai, *ai, hints;
1610 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1612 memset(&hints, 0, sizeof(hints));
1613 hints.ai_family = PF_UNSPEC;
1614 hints.ai_socktype = SOCK_STREAM;
1615 hints.ai_flags = AI_PASSIVE;
1617 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1618 if (err != 0) {
1619 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1620 exit(1);
1621 }
1623 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1624 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1625 continue;
1627 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1628 sizeof(ntop), strport, sizeof(strport),
1629 NI_NUMERICHOST|NI_NUMERICSERV);
1631 if (ai->ai_family == AF_INET && err != 0) {
1632 perror("getnameinfo");
1633 exit(2);
1634 }
1635 }
1636 exit(0);
1637 }
1638 ]])],
1639 [
1640 AC_MSG_RESULT(yes)
1641 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1642 [Define if you have a getaddrinfo that fails
1643 for the all-zeros IPv6 address])
1644 ],
1645 [
1646 AC_MSG_RESULT(no)
1647 AC_DEFINE(BROKEN_GETADDRINFO)
1648 ],
1649 [
1650 AC_MSG_RESULT(cross-compiling, assuming no)
1651 ]
1652 )
1653 fi
1655 if test "x$check_for_conflicting_getspnam" = "x1"; then
1656 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1657 AC_COMPILE_IFELSE(
1658 [
1659 #include <shadow.h>
1660 int main(void) {exit(0);}
1661 ],
1662 [
1663 AC_MSG_RESULT(no)
1664 ],
1665 [
1666 AC_MSG_RESULT(yes)
1667 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1668 [Conflicting defs for getspnam])
1669 ]
1670 )
1671 fi
1673 AC_FUNC_GETPGRP
1675 # Check for PAM libs
1676 PAM_MSG="no"
1677 AC_ARG_WITH(pam,
1678 [ --with-pam Enable PAM support ],
1679 [
1680 if test "x$withval" != "xno" ; then
1681 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1682 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1683 AC_MSG_ERROR([PAM headers not found])
1684 fi
1686 AC_CHECK_LIB(dl, dlopen, , )
1687 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1688 AC_CHECK_FUNCS(pam_getenvlist)
1689 AC_CHECK_FUNCS(pam_putenv)
1691 PAM_MSG="yes"
1693 AC_DEFINE(USE_PAM, 1,
1694 [Define if you want to enable PAM support])
1695 if test $ac_cv_lib_dl_dlopen = yes; then
1696 LIBPAM="-lpam -ldl"
1697 else
1698 LIBPAM="-lpam"
1699 fi
1700 AC_SUBST(LIBPAM)
1701 fi
1702 ]
1703 )
1705 # Check for older PAM
1706 if test "x$PAM_MSG" = "xyes" ; then
1707 # Check PAM strerror arguments (old PAM)
1708 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1709 AC_TRY_COMPILE(
1710 [
1711 #include <stdlib.h>
1712 #if defined(HAVE_SECURITY_PAM_APPL_H)
1713 #include <security/pam_appl.h>
1714 #elif defined (HAVE_PAM_PAM_APPL_H)
1715 #include <pam/pam_appl.h>
1716 #endif
1717 ],
1718 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1719 [AC_MSG_RESULT(no)],
1720 [
1721 AC_DEFINE(HAVE_OLD_PAM, 1,
1722 [Define if you have an old version of PAM
1723 which takes only one argument to pam_strerror])
1724 AC_MSG_RESULT(yes)
1725 PAM_MSG="yes (old library)"
1726 ]
1727 )
1728 fi
1730 # Search for OpenSSL
1731 saved_CPPFLAGS="$CPPFLAGS"
1732 saved_LDFLAGS="$LDFLAGS"
1733 AC_ARG_WITH(ssl-dir,
1734 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1735 [
1736 if test "x$withval" != "xno" ; then
1737 case "$withval" in
1738 # Relative paths
1739 ./*|../*) withval="`pwd`/$withval"
1740 esac
1741 if test -d "$withval/lib"; then
1742 if test -n "${need_dash_r}"; then
1743 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1744 else
1745 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1746 fi
1747 else
1748 if test -n "${need_dash_r}"; then
1749 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1750 else
1751 LDFLAGS="-L${withval} ${LDFLAGS}"
1752 fi
1753 fi
1754 if test -d "$withval/include"; then
1755 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1756 else
1757 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1758 fi
1759 fi
1760 ]
1761 )
1762 LIBS="-lcrypto $LIBS"
1763 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1764 [Define if your ssl headers are included
1765 with #include <openssl/header.h>]),
1766 [
1767 dnl Check default openssl install dir
1768 if test -n "${need_dash_r}"; then
1769 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1770 else
1771 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1772 fi
1773 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1774 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1775 [
1776 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1777 ]
1778 )
1779 ]
1780 )
1782 # Determine OpenSSL header version
1783 AC_MSG_CHECKING([OpenSSL header version])
1784 AC_RUN_IFELSE(
1785 [AC_LANG_SOURCE([[
1786 #include <stdio.h>
1787 #include <string.h>
1788 #include <openssl/opensslv.h>
1789 #define DATA "conftest.sslincver"
1790 int main(void) {
1791 FILE *fd;
1792 int rc;
1794 fd = fopen(DATA,"w");
1795 if(fd == NULL)
1796 exit(1);
1798 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1799 exit(1);
1801 exit(0);
1802 }
1803 ]])],
1804 [
1805 ssl_header_ver=`cat conftest.sslincver`
1806 AC_MSG_RESULT($ssl_header_ver)
1807 ],
1808 [
1809 AC_MSG_RESULT(not found)
1810 AC_MSG_ERROR(OpenSSL version header not found.)
1811 ],
1812 [
1813 AC_MSG_WARN([cross compiling: not checking])
1814 ]
1815 )
1817 # Determine OpenSSL library version
1818 AC_MSG_CHECKING([OpenSSL library version])
1819 AC_RUN_IFELSE(
1820 [AC_LANG_SOURCE([[
1821 #include <stdio.h>
1822 #include <string.h>
1823 #include <openssl/opensslv.h>
1824 #include <openssl/crypto.h>
1825 #define DATA "conftest.ssllibver"
1826 int main(void) {
1827 FILE *fd;
1828 int rc;
1830 fd = fopen(DATA,"w");
1831 if(fd == NULL)
1832 exit(1);
1834 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1835 exit(1);
1837 exit(0);
1838 }
1839 ]])],
1840 [
1841 ssl_library_ver=`cat conftest.ssllibver`
1842 AC_MSG_RESULT($ssl_library_ver)
1843 ],
1844 [
1845 AC_MSG_RESULT(not found)
1846 AC_MSG_ERROR(OpenSSL library not found.)
1847 ],
1848 [
1849 AC_MSG_WARN([cross compiling: not checking])
1850 ]
1851 )
1853 # Sanity check OpenSSL headers
1854 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1855 AC_RUN_IFELSE(
1856 [AC_LANG_SOURCE([[
1857 #include <string.h>
1858 #include <openssl/opensslv.h>
1859 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1860 ]])],
1861 [
1862 AC_MSG_RESULT(yes)
1863 ],
1864 [
1865 AC_MSG_RESULT(no)
1866 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1867 Check config.log for details.
1868 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1869 ],
1870 [
1871 AC_MSG_WARN([cross compiling: not checking])
1872 ]
1873 )
1875 AC_ARG_WITH(ssl-engine,
1876 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1877 [ if test "x$withval" != "xno" ; then
1878 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1879 AC_TRY_COMPILE(
1880 [ #include <openssl/engine.h>],
1881 [
1882 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1883 ],
1884 [ AC_MSG_RESULT(yes)
1885 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1886 [Enable OpenSSL engine support])
1887 ],
1888 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1889 )
1890 fi ]
1891 )
1893 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1894 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1895 AC_COMPILE_IFELSE(
1896 [AC_LANG_SOURCE([[
1897 #include <string.h>
1898 #include <openssl/evp.h>
1899 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1900 ]])],
1901 [
1902 AC_MSG_RESULT(no)
1903 ],
1904 [
1905 AC_MSG_RESULT(yes)
1906 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1907 [libcrypto is missing AES 192 and 256 bit functions])
1908 ]
1909 )
1911 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1912 # because the system crypt() is more featureful.
1913 if test "x$check_for_libcrypt_before" = "x1"; then
1914 AC_CHECK_LIB(crypt, crypt)
1915 fi
1917 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1918 # version in OpenSSL.
1919 if test "x$check_for_libcrypt_later" = "x1"; then
1920 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1921 fi
1923 # Search for SHA256 support in libc and/or OpenSSL
1924 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1926 AC_CHECK_LIB(iaf, ia_openinfo)
1928 ### Configure cryptographic random number support
1930 # Check wheter OpenSSL seeds itself
1931 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1932 AC_RUN_IFELSE(
1933 [AC_LANG_SOURCE([[
1934 #include <string.h>
1935 #include <openssl/rand.h>
1936 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1937 ]])],
1938 [
1939 OPENSSL_SEEDS_ITSELF=yes
1940 AC_MSG_RESULT(yes)
1941 ],
1942 [
1943 AC_MSG_RESULT(no)
1944 # Default to use of the rand helper if OpenSSL doesn't
1945 # seed itself
1946 USE_RAND_HELPER=yes
1947 ],
1948 [
1949 AC_MSG_WARN([cross compiling: assuming yes])
1950 # This is safe, since all recent OpenSSL versions will
1951 # complain at runtime if not seeded correctly.
1952 OPENSSL_SEEDS_ITSELF=yes
1953 ]
1954 )
1957 # Do we want to force the use of the rand helper?
1958 AC_ARG_WITH(rand-helper,
1959 [ --with-rand-helper Use subprocess to gather strong randomness ],
1960 [
1961 if test "x$withval" = "xno" ; then
1962 # Force use of OpenSSL's internal RNG, even if
1963 # the previous test showed it to be unseeded.
1964 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1965 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1966 OPENSSL_SEEDS_ITSELF=yes
1967 USE_RAND_HELPER=""
1968 fi
1969 else
1970 USE_RAND_HELPER=yes
1971 fi
1972 ],
1973 )
1975 # Which randomness source do we use?
1976 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1977 # OpenSSL only
1978 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1979 [Define if you want OpenSSL's internally seeded PRNG only])
1980 RAND_MSG="OpenSSL internal ONLY"
1981 INSTALL_SSH_RAND_HELPER=""
1982 elif test ! -z "$USE_RAND_HELPER" ; then
1983 # install rand helper
1984 RAND_MSG="ssh-rand-helper"
1985 INSTALL_SSH_RAND_HELPER="yes"
1986 fi
1987 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1989 ### Configuration of ssh-rand-helper
1991 # PRNGD TCP socket
1992 AC_ARG_WITH(prngd-port,
1993 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
1994 [
1995 case "$withval" in
1996 no)
1997 withval=""
1998 ;;
1999 [[0-9]]*)
2000 ;;
2001 *)
2002 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2003 ;;
2004 esac
2005 if test ! -z "$withval" ; then
2006 PRNGD_PORT="$withval"
2007 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2008 [Port number of PRNGD/EGD random number socket])
2009 fi
2010 ]
2011 )
2013 # PRNGD Unix domain socket
2014 AC_ARG_WITH(prngd-socket,
2015 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2016 [
2017 case "$withval" in
2018 yes)
2019 withval="/var/run/egd-pool"
2020 ;;
2021 no)
2022 withval=""
2023 ;;
2024 /*)
2025 ;;
2026 *)
2027 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2028 ;;
2029 esac
2031 if test ! -z "$withval" ; then
2032 if test ! -z "$PRNGD_PORT" ; then
2033 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2034 fi
2035 if test ! -r "$withval" ; then
2036 AC_MSG_WARN(Entropy socket is not readable)
2037 fi
2038 PRNGD_SOCKET="$withval"
2039 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2040 [Location of PRNGD/EGD random number socket])
2041 fi
2042 ],
2043 [
2044 # Check for existing socket only if we don't have a random device already
2045 if test "$USE_RAND_HELPER" = yes ; then
2046 AC_MSG_CHECKING(for PRNGD/EGD socket)
2047 # Insert other locations here
2048 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2049 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2050 PRNGD_SOCKET="$sock"
2051 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2052 break;
2053 fi
2054 done
2055 if test ! -z "$PRNGD_SOCKET" ; then
2056 AC_MSG_RESULT($PRNGD_SOCKET)
2057 else
2058 AC_MSG_RESULT(not found)
2059 fi
2060 fi
2061 ]
2062 )
2064 # Change default command timeout for hashing entropy source
2065 entropy_timeout=200
2066 AC_ARG_WITH(entropy-timeout,
2067 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2068 [
2069 if test -n "$withval" && test "x$withval" != "xno" && \
2070 test "x${withval}" != "xyes"; then
2071 entropy_timeout=$withval
2072 fi
2073 ]
2074 )
2075 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2076 [Builtin PRNG command timeout])
2078 SSH_PRIVSEP_USER=sshd
2079 AC_ARG_WITH(privsep-user,
2080 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2081 [
2082 if test -n "$withval" && test "x$withval" != "xno" && \
2083 test "x${withval}" != "xyes"; then
2084 SSH_PRIVSEP_USER=$withval
2085 fi
2086 ]
2087 )
2088 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2089 [non-privileged user for privilege separation])
2090 AC_SUBST(SSH_PRIVSEP_USER)
2092 # We do this little dance with the search path to insure
2093 # that programs that we select for use by installed programs
2094 # (which may be run by the super-user) come from trusted
2095 # locations before they come from the user's private area.
2096 # This should help avoid accidentally configuring some
2097 # random version of a program in someone's personal bin.
2099 OPATH=$PATH
2100 PATH=/bin:/usr/bin
2101 test -h /bin 2> /dev/null && PATH=/usr/bin
2102 test -d /sbin && PATH=$PATH:/sbin
2103 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2104 PATH=$PATH:/etc:$OPATH
2106 # These programs are used by the command hashing source to gather entropy
2107 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2108 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2109 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2110 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2111 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2112 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2113 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2114 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2115 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2116 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2117 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2118 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2119 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2120 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2121 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2122 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2123 # restore PATH
2124 PATH=$OPATH
2126 # Where does ssh-rand-helper get its randomness from?
2127 INSTALL_SSH_PRNG_CMDS=""
2128 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2129 if test ! -z "$PRNGD_PORT" ; then
2130 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2131 elif test ! -z "$PRNGD_SOCKET" ; then
2132 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2133 else
2134 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2135 RAND_HELPER_CMDHASH=yes
2136 INSTALL_SSH_PRNG_CMDS="yes"
2137 fi
2138 fi
2139 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2142 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2143 if test ! -z "$SONY" ; then
2144 LIBS="$LIBS -liberty";
2145 fi
2147 # Check for long long datatypes
2148 AC_CHECK_TYPES([long long, unsigned long long, long double])
2150 # Check datatype sizes
2151 AC_CHECK_SIZEOF(char, 1)
2152 AC_CHECK_SIZEOF(short int, 2)
2153 AC_CHECK_SIZEOF(int, 4)
2154 AC_CHECK_SIZEOF(long int, 4)
2155 AC_CHECK_SIZEOF(long long int, 8)
2157 # Sanity check long long for some platforms (AIX)
2158 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2159 ac_cv_sizeof_long_long_int=0
2160 fi
2162 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2163 if test -z "$have_llong_max"; then
2164 AC_MSG_CHECKING([for max value of long long])
2165 AC_RUN_IFELSE(
2166 [AC_LANG_SOURCE([[
2167 #include <stdio.h>
2168 /* Why is this so damn hard? */
2169 #ifdef __GNUC__
2170 # undef __GNUC__
2171 #endif
2172 #define __USE_ISOC99
2173 #include <limits.h>
2174 #define DATA "conftest.llminmax"
2175 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2177 /*
2178 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2179 * we do this the hard way.
2180 */
2181 static int
2182 fprint_ll(FILE *f, long long n)
2183 {
2184 unsigned int i;
2185 int l[sizeof(long long) * 8];
2187 if (n < 0)
2188 if (fprintf(f, "-") < 0)
2189 return -1;
2190 for (i = 0; n != 0; i++) {
2191 l[i] = my_abs(n % 10);
2192 n /= 10;
2193 }
2194 do {
2195 if (fprintf(f, "%d", l[--i]) < 0)
2196 return -1;
2197 } while (i != 0);
2198 if (fprintf(f, " ") < 0)
2199 return -1;
2200 return 0;
2201 }
2203 int main(void) {
2204 FILE *f;
2205 long long i, llmin, llmax = 0;
2207 if((f = fopen(DATA,"w")) == NULL)
2208 exit(1);
2210 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2211 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2212 llmin = LLONG_MIN;
2213 llmax = LLONG_MAX;
2214 #else
2215 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2216 /* This will work on one's complement and two's complement */
2217 for (i = 1; i > llmax; i <<= 1, i++)
2218 llmax = i;
2219 llmin = llmax + 1LL; /* wrap */
2220 #endif
2222 /* Sanity check */
2223 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2224 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2225 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2226 fprintf(f, "unknown unknown\n");
2227 exit(2);
2228 }
2230 if (fprint_ll(f, llmin) < 0)
2231 exit(3);
2232 if (fprint_ll(f, llmax) < 0)
2233 exit(4);
2234 if (fclose(f) < 0)
2235 exit(5);
2236 exit(0);
2237 }
2238 ]])],
2239 [
2240 llong_min=`$AWK '{print $1}' conftest.llminmax`
2241 llong_max=`$AWK '{print $2}' conftest.llminmax`
2243 AC_MSG_RESULT($llong_max)
2244 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2245 [max value of long long calculated by configure])
2246 AC_MSG_CHECKING([for min value of long long])
2247 AC_MSG_RESULT($llong_min)
2248 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2249 [min value of long long calculated by configure])
2250 ],
2251 [
2252 AC_MSG_RESULT(not found)
2253 ],
2254 [
2255 AC_MSG_WARN([cross compiling: not checking])
2256 ]
2257 )
2258 fi
2261 # More checks for data types
2262 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2263 AC_TRY_COMPILE(
2264 [ #include <sys/types.h> ],
2265 [ u_int a; a = 1;],
2266 [ ac_cv_have_u_int="yes" ],
2267 [ ac_cv_have_u_int="no" ]
2268 )
2269 ])
2270 if test "x$ac_cv_have_u_int" = "xyes" ; then
2271 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2272 have_u_int=1
2273 fi
2275 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2276 AC_TRY_COMPILE(
2277 [ #include <sys/types.h> ],
2278 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2279 [ ac_cv_have_intxx_t="yes" ],
2280 [ ac_cv_have_intxx_t="no" ]
2281 )
2282 ])
2283 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2284 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2285 have_intxx_t=1
2286 fi
2288 if (test -z "$have_intxx_t" && \
2289 test "x$ac_cv_header_stdint_h" = "xyes")
2290 then
2291 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2292 AC_TRY_COMPILE(
2293 [ #include <stdint.h> ],
2294 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2295 [
2296 AC_DEFINE(HAVE_INTXX_T)
2297 AC_MSG_RESULT(yes)
2298 ],
2299 [ AC_MSG_RESULT(no) ]
2300 )
2301 fi
2303 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2304 AC_TRY_COMPILE(
2305 [
2306 #include <sys/types.h>
2307 #ifdef HAVE_STDINT_H
2308 # include <stdint.h>
2309 #endif
2310 #include <sys/socket.h>
2311 #ifdef HAVE_SYS_BITYPES_H
2312 # include <sys/bitypes.h>
2313 #endif
2314 ],
2315 [ int64_t a; a = 1;],
2316 [ ac_cv_have_int64_t="yes" ],
2317 [ ac_cv_have_int64_t="no" ]
2318 )
2319 ])
2320 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2321 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2322 fi
2324 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2325 AC_TRY_COMPILE(
2326 [ #include <sys/types.h> ],
2327 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2328 [ ac_cv_have_u_intxx_t="yes" ],
2329 [ ac_cv_have_u_intxx_t="no" ]
2330 )
2331 ])
2332 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2333 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2334 have_u_intxx_t=1
2335 fi
2337 if test -z "$have_u_intxx_t" ; then
2338 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2339 AC_TRY_COMPILE(
2340 [ #include <sys/socket.h> ],
2341 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2342 [
2343 AC_DEFINE(HAVE_U_INTXX_T)
2344 AC_MSG_RESULT(yes)
2345 ],
2346 [ AC_MSG_RESULT(no) ]
2347 )
2348 fi
2350 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2351 AC_TRY_COMPILE(
2352 [ #include <sys/types.h> ],
2353 [ u_int64_t a; a = 1;],
2354 [ ac_cv_have_u_int64_t="yes" ],
2355 [ ac_cv_have_u_int64_t="no" ]
2356 )
2357 ])
2358 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2359 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2360 have_u_int64_t=1
2361 fi
2363 if test -z "$have_u_int64_t" ; then
2364 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2365 AC_TRY_COMPILE(
2366 [ #include <sys/bitypes.h> ],
2367 [ u_int64_t a; a = 1],
2368 [
2369 AC_DEFINE(HAVE_U_INT64_T)
2370 AC_MSG_RESULT(yes)
2371 ],
2372 [ AC_MSG_RESULT(no) ]
2373 )
2374 fi
2376 if test -z "$have_u_intxx_t" ; then
2377 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2378 AC_TRY_COMPILE(
2379 [
2380 #include <sys/types.h>
2381 ],
2382 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2383 [ ac_cv_have_uintxx_t="yes" ],
2384 [ ac_cv_have_uintxx_t="no" ]
2385 )
2386 ])
2387 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2388 AC_DEFINE(HAVE_UINTXX_T, 1,
2389 [define if you have uintxx_t data type])
2390 fi
2391 fi
2393 if test -z "$have_uintxx_t" ; then
2394 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2395 AC_TRY_COMPILE(
2396 [ #include <stdint.h> ],
2397 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2398 [
2399 AC_DEFINE(HAVE_UINTXX_T)
2400 AC_MSG_RESULT(yes)
2401 ],
2402 [ AC_MSG_RESULT(no) ]
2403 )
2404 fi
2406 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2407 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2408 then
2409 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2410 AC_TRY_COMPILE(
2411 [
2412 #include <sys/bitypes.h>
2413 ],
2414 [
2415 int8_t a; int16_t b; int32_t c;
2416 u_int8_t e; u_int16_t f; u_int32_t g;
2417 a = b = c = e = f = g = 1;
2418 ],
2419 [
2420 AC_DEFINE(HAVE_U_INTXX_T)
2421 AC_DEFINE(HAVE_INTXX_T)
2422 AC_MSG_RESULT(yes)
2423 ],
2424 [AC_MSG_RESULT(no)]
2425 )
2426 fi
2429 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2430 AC_TRY_COMPILE(
2431 [
2432 #include <sys/types.h>
2433 ],
2434 [ u_char foo; foo = 125; ],
2435 [ ac_cv_have_u_char="yes" ],
2436 [ ac_cv_have_u_char="no" ]
2437 )
2438 ])
2439 if test "x$ac_cv_have_u_char" = "xyes" ; then
2440 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2441 fi
2443 TYPE_SOCKLEN_T
2445 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2447 AC_CHECK_TYPES(in_addr_t,,,
2448 [#include <sys/types.h>
2449 #include <netinet/in.h>])
2451 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2452 AC_TRY_COMPILE(
2453 [
2454 #include <sys/types.h>
2455 ],
2456 [ size_t foo; foo = 1235; ],
2457 [ ac_cv_have_size_t="yes" ],
2458 [ ac_cv_have_size_t="no" ]
2459 )
2460 ])
2461 if test "x$ac_cv_have_size_t" = "xyes" ; then
2462 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2463 fi
2465 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2466 AC_TRY_COMPILE(
2467 [
2468 #include <sys/types.h>
2469 ],
2470 [ ssize_t foo; foo = 1235; ],
2471 [ ac_cv_have_ssize_t="yes" ],
2472 [ ac_cv_have_ssize_t="no" ]
2473 )
2474 ])
2475 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2476 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2477 fi
2479 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2480 AC_TRY_COMPILE(
2481 [
2482 #include <time.h>
2483 ],
2484 [ clock_t foo; foo = 1235; ],
2485 [ ac_cv_have_clock_t="yes" ],
2486 [ ac_cv_have_clock_t="no" ]
2487 )
2488 ])
2489 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2490 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2491 fi
2493 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2494 AC_TRY_COMPILE(
2495 [
2496 #include <sys/types.h>
2497 #include <sys/socket.h>
2498 ],
2499 [ sa_family_t foo; foo = 1235; ],
2500 [ ac_cv_have_sa_family_t="yes" ],
2501 [ AC_TRY_COMPILE(
2502 [
2503 #include <sys/types.h>
2504 #include <sys/socket.h>
2505 #include <netinet/in.h>
2506 ],
2507 [ sa_family_t foo; foo = 1235; ],
2508 [ ac_cv_have_sa_family_t="yes" ],
2510 [ ac_cv_have_sa_family_t="no" ]
2511 )]
2512 )
2513 ])
2514 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2515 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2516 [define if you have sa_family_t data type])
2517 fi
2519 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2520 AC_TRY_COMPILE(
2521 [
2522 #include <sys/types.h>
2523 ],
2524 [ pid_t foo; foo = 1235; ],
2525 [ ac_cv_have_pid_t="yes" ],
2526 [ ac_cv_have_pid_t="no" ]
2527 )
2528 ])
2529 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2530 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2531 fi
2533 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2534 AC_TRY_COMPILE(
2535 [
2536 #include <sys/types.h>
2537 ],
2538 [ mode_t foo; foo = 1235; ],
2539 [ ac_cv_have_mode_t="yes" ],
2540 [ ac_cv_have_mode_t="no" ]
2541 )
2542 ])
2543 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2544 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2545 fi
2548 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2549 AC_TRY_COMPILE(
2550 [
2551 #include <sys/types.h>
2552 #include <sys/socket.h>
2553 ],
2554 [ struct sockaddr_storage s; ],
2555 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2556 [ ac_cv_have_struct_sockaddr_storage="no" ]
2557 )
2558 ])
2559 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2560 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2561 [define if you have struct sockaddr_storage data type])
2562 fi
2564 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2565 AC_TRY_COMPILE(
2566 [
2567 #include <sys/types.h>
2568 #include <netinet/in.h>
2569 ],
2570 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2571 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2572 [ ac_cv_have_struct_sockaddr_in6="no" ]
2573 )
2574 ])
2575 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2576 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2577 [define if you have struct sockaddr_in6 data type])
2578 fi
2580 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2581 AC_TRY_COMPILE(
2582 [
2583 #include <sys/types.h>
2584 #include <netinet/in.h>
2585 ],
2586 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2587 [ ac_cv_have_struct_in6_addr="yes" ],
2588 [ ac_cv_have_struct_in6_addr="no" ]
2589 )
2590 ])
2591 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2592 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2593 [define if you have struct in6_addr data type])
2594 fi
2596 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2597 AC_TRY_COMPILE(
2598 [
2599 #include <sys/types.h>
2600 #include <sys/socket.h>
2601 #include <netdb.h>
2602 ],
2603 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2604 [ ac_cv_have_struct_addrinfo="yes" ],
2605 [ ac_cv_have_struct_addrinfo="no" ]
2606 )
2607 ])
2608 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2609 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2610 [define if you have struct addrinfo data type])
2611 fi
2613 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2614 AC_TRY_COMPILE(
2615 [ #include <sys/time.h> ],
2616 [ struct timeval tv; tv.tv_sec = 1;],
2617 [ ac_cv_have_struct_timeval="yes" ],
2618 [ ac_cv_have_struct_timeval="no" ]
2619 )
2620 ])
2621 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2622 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2623 have_struct_timeval=1
2624 fi
2626 AC_CHECK_TYPES(struct timespec)
2628 # We need int64_t or else certian parts of the compile will fail.
2629 if test "x$ac_cv_have_int64_t" = "xno" && \
2630 test "x$ac_cv_sizeof_long_int" != "x8" && \
2631 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2632 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2633 echo "an alternative compiler (I.E., GCC) before continuing."
2634 echo ""
2635 exit 1;
2636 else
2637 dnl test snprintf (broken on SCO w/gcc)
2638 AC_RUN_IFELSE(
2639 [AC_LANG_SOURCE([[
2640 #include <stdio.h>
2641 #include <string.h>
2642 #ifdef HAVE_SNPRINTF
2643 main()
2644 {
2645 char buf[50];
2646 char expected_out[50];
2647 int mazsize = 50 ;
2648 #if (SIZEOF_LONG_INT == 8)
2649 long int num = 0x7fffffffffffffff;
2650 #else
2651 long long num = 0x7fffffffffffffffll;
2652 #endif
2653 strcpy(expected_out, "9223372036854775807");
2654 snprintf(buf, mazsize, "%lld", num);
2655 if(strcmp(buf, expected_out) != 0)
2656 exit(1);
2657 exit(0);
2658 }
2659 #else
2660 main() { exit(0); }
2661 #endif
2662 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2663 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2664 )
2665 fi
2667 dnl Checks for structure members
2668 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2669 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2670 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2671 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2672 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2673 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2674 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2675 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2676 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2677 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2678 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2679 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2680 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2681 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2682 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2683 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2684 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2686 AC_CHECK_MEMBERS([struct stat.st_blksize])
2687 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2688 [Define if we don't have struct __res_state in resolv.h])],
2689 [
2690 #include <stdio.h>
2691 #if HAVE_SYS_TYPES_H
2692 # include <sys/types.h>
2693 #endif
2694 #include <netinet/in.h>
2695 #include <arpa/nameser.h>
2696 #include <resolv.h>
2697 ])
2699 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2700 ac_cv_have_ss_family_in_struct_ss, [
2701 AC_TRY_COMPILE(
2702 [
2703 #include <sys/types.h>
2704 #include <sys/socket.h>
2705 ],
2706 [ struct sockaddr_storage s; s.ss_family = 1; ],
2707 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2708 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2709 )
2710 ])
2711 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2712 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2713 fi
2715 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2716 ac_cv_have___ss_family_in_struct_ss, [
2717 AC_TRY_COMPILE(
2718 [
2719 #include <sys/types.h>
2720 #include <sys/socket.h>
2721 ],
2722 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2723 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2724 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2725 )
2726 ])
2727 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2728 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2729 [Fields in struct sockaddr_storage])
2730 fi
2732 AC_CACHE_CHECK([for pw_class field in struct passwd],
2733 ac_cv_have_pw_class_in_struct_passwd, [
2734 AC_TRY_COMPILE(
2735 [
2736 #include <pwd.h>
2737 ],
2738 [ struct passwd p; p.pw_class = 0; ],
2739 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2740 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2741 )
2742 ])
2743 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2744 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2745 [Define if your password has a pw_class field])
2746 fi
2748 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2749 ac_cv_have_pw_expire_in_struct_passwd, [
2750 AC_TRY_COMPILE(
2751 [
2752 #include <pwd.h>
2753 ],
2754 [ struct passwd p; p.pw_expire = 0; ],
2755 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2756 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2757 )
2758 ])
2759 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2760 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2761 [Define if your password has a pw_expire field])
2762 fi
2764 AC_CACHE_CHECK([for pw_change field in struct passwd],
2765 ac_cv_have_pw_change_in_struct_passwd, [
2766 AC_TRY_COMPILE(
2767 [
2768 #include <pwd.h>
2769 ],
2770 [ struct passwd p; p.pw_change = 0; ],
2771 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2772 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2773 )
2774 ])
2775 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2776 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2777 [Define if your password has a pw_change field])
2778 fi
2780 dnl make sure we're using the real structure members and not defines
2781 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2782 ac_cv_have_accrights_in_msghdr, [
2783 AC_COMPILE_IFELSE(
2784 [
2785 #include <sys/types.h>
2786 #include <sys/socket.h>
2787 #include <sys/uio.h>
2788 int main() {
2789 #ifdef msg_accrights
2790 #error "msg_accrights is a macro"
2791 exit(1);
2792 #endif
2793 struct msghdr m;
2794 m.msg_accrights = 0;
2795 exit(0);
2796 }
2797 ],
2798 [ ac_cv_have_accrights_in_msghdr="yes" ],
2799 [ ac_cv_have_accrights_in_msghdr="no" ]
2800 )
2801 ])
2802 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2803 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2804 [Define if your system uses access rights style
2805 file descriptor passing])
2806 fi
2808 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2809 ac_cv_have_control_in_msghdr, [
2810 AC_COMPILE_IFELSE(
2811 [
2812 #include <sys/types.h>
2813 #include <sys/socket.h>
2814 #include <sys/uio.h>
2815 int main() {
2816 #ifdef msg_control
2817 #error "msg_control is a macro"
2818 exit(1);
2819 #endif
2820 struct msghdr m;
2821 m.msg_control = 0;
2822 exit(0);
2823 }
2824 ],
2825 [ ac_cv_have_control_in_msghdr="yes" ],
2826 [ ac_cv_have_control_in_msghdr="no" ]
2827 )
2828 ])
2829 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2830 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2831 [Define if your system uses ancillary data style
2832 file descriptor passing])
2833 fi
2835 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2836 AC_TRY_LINK([],
2837 [ extern char *__progname; printf("%s", __progname); ],
2838 [ ac_cv_libc_defines___progname="yes" ],
2839 [ ac_cv_libc_defines___progname="no" ]
2840 )
2841 ])
2842 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2843 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2844 fi
2846 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2847 AC_TRY_LINK([
2848 #include <stdio.h>
2849 ],
2850 [ printf("%s", __FUNCTION__); ],
2851 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2852 [ ac_cv_cc_implements___FUNCTION__="no" ]
2853 )
2854 ])
2855 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2856 AC_DEFINE(HAVE___FUNCTION__, 1,
2857 [Define if compiler implements __FUNCTION__])
2858 fi
2860 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2861 AC_TRY_LINK([
2862 #include <stdio.h>
2863 ],
2864 [ printf("%s", __func__); ],
2865 [ ac_cv_cc_implements___func__="yes" ],
2866 [ ac_cv_cc_implements___func__="no" ]
2867 )
2868 ])
2869 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2870 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2871 fi
2873 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2874 AC_TRY_LINK(
2875 [#include <stdarg.h>
2876 va_list x,y;],
2877 [va_copy(x,y);],
2878 [ ac_cv_have_va_copy="yes" ],
2879 [ ac_cv_have_va_copy="no" ]
2880 )
2881 ])
2882 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2883 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2884 fi
2886 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2887 AC_TRY_LINK(
2888 [#include <stdarg.h>
2889 va_list x,y;],
2890 [__va_copy(x,y);],
2891 [ ac_cv_have___va_copy="yes" ],
2892 [ ac_cv_have___va_copy="no" ]
2893 )
2894 ])
2895 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2896 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2897 fi
2899 AC_CACHE_CHECK([whether getopt has optreset support],
2900 ac_cv_have_getopt_optreset, [
2901 AC_TRY_LINK(
2902 [
2903 #include <getopt.h>
2904 ],
2905 [ extern int optreset; optreset = 0; ],
2906 [ ac_cv_have_getopt_optreset="yes" ],
2907 [ ac_cv_have_getopt_optreset="no" ]
2908 )
2909 ])
2910 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2911 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2912 [Define if your getopt(3) defines and uses optreset])
2913 fi
2915 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2916 AC_TRY_LINK([],
2917 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2918 [ ac_cv_libc_defines_sys_errlist="yes" ],
2919 [ ac_cv_libc_defines_sys_errlist="no" ]
2920 )
2921 ])
2922 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2923 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2924 [Define if your system defines sys_errlist[]])
2925 fi
2928 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2929 AC_TRY_LINK([],
2930 [ extern int sys_nerr; printf("%i", sys_nerr);],
2931 [ ac_cv_libc_defines_sys_nerr="yes" ],
2932 [ ac_cv_libc_defines_sys_nerr="no" ]
2933 )
2934 ])
2935 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2936 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2937 fi
2939 SCARD_MSG="no"
2940 # Check whether user wants sectok support
2941 AC_ARG_WITH(sectok,
2942 [ --with-sectok Enable smartcard support using libsectok],
2943 [
2944 if test "x$withval" != "xno" ; then
2945 if test "x$withval" != "xyes" ; then
2946 CPPFLAGS="$CPPFLAGS -I${withval}"
2947 LDFLAGS="$LDFLAGS -L${withval}"
2948 if test ! -z "$need_dash_r" ; then
2949 LDFLAGS="$LDFLAGS -R${withval}"
2950 fi
2951 if test ! -z "$blibpath" ; then
2952 blibpath="$blibpath:${withval}"
2953 fi
2954 fi
2955 AC_CHECK_HEADERS(sectok.h)
2956 if test "$ac_cv_header_sectok_h" != yes; then
2957 AC_MSG_ERROR(Can't find sectok.h)
2958 fi
2959 AC_CHECK_LIB(sectok, sectok_open)
2960 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2961 AC_MSG_ERROR(Can't find libsectok)
2962 fi
2963 AC_DEFINE(SMARTCARD, 1,
2964 [Define if you want smartcard support])
2965 AC_DEFINE(USE_SECTOK, 1,
2966 [Define if you want smartcard support
2967 using sectok])
2968 SCARD_MSG="yes, using sectok"
2969 fi
2970 ]
2971 )
2973 # Check whether user wants OpenSC support
2974 OPENSC_CONFIG="no"
2975 AC_ARG_WITH(opensc,
2976 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2977 [
2978 if test "x$withval" != "xno" ; then
2979 if test "x$withval" != "xyes" ; then
2980 OPENSC_CONFIG=$withval/bin/opensc-config
2981 else
2982 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2983 fi
2984 if test "$OPENSC_CONFIG" != "no"; then
2985 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2986 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2987 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2988 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2989 AC_DEFINE(SMARTCARD)
2990 AC_DEFINE(USE_OPENSC, 1,
2991 [Define if you want smartcard support
2992 using OpenSC])
2993 SCARD_MSG="yes, using OpenSC"
2994 fi
2995 fi
2996 ]
2997 )
2999 # Check libraries needed by DNS fingerprint support
3000 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3001 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3002 [Define if getrrsetbyname() exists])],
3003 [
3004 # Needed by our getrrsetbyname()
3005 AC_SEARCH_LIBS(res_query, resolv)
3006 AC_SEARCH_LIBS(dn_expand, resolv)
3007 AC_MSG_CHECKING(if res_query will link)
3008 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3009 [AC_MSG_RESULT(no)
3010 saved_LIBS="$LIBS"
3011 LIBS="$LIBS -lresolv"
3012 AC_MSG_CHECKING(for res_query in -lresolv)
3013 AC_LINK_IFELSE([
3014 #include <resolv.h>
3015 int main()
3016 {
3017 res_query (0, 0, 0, 0, 0);
3018 return 0;
3019 }
3020 ],
3021 [LIBS="$LIBS -lresolv"
3022 AC_MSG_RESULT(yes)],
3023 [LIBS="$saved_LIBS"
3024 AC_MSG_RESULT(no)])
3025 ])
3026 AC_CHECK_FUNCS(_getshort _getlong)
3027 AC_CHECK_DECLS([_getshort, _getlong], , ,
3028 [#include <sys/types.h>
3029 #include <arpa/nameser.h>])
3030 AC_CHECK_MEMBER(HEADER.ad,
3031 [AC_DEFINE(HAVE_HEADER_AD, 1,
3032 [Define if HEADER.ad exists in arpa/nameser.h])],,
3033 [#include <arpa/nameser.h>])
3034 ])
3036 # Check whether user wants SELinux support
3037 SELINUX_MSG="no"
3038 LIBSELINUX=""
3039 AC_ARG_WITH(selinux,
3040 [ --with-selinux Enable SELinux support],
3041 [ if test "x$withval" != "xno" ; then
3042 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3043 SELINUX_MSG="yes"
3044 AC_CHECK_HEADER([selinux/selinux.h], ,
3045 AC_MSG_ERROR(SELinux support requires selinux.h header))
3046 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3047 AC_MSG_ERROR(SELinux support requires libselinux library))
3048 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3049 fi ]
3050 )
3051 AC_SUBST(LIBSELINUX)
3053 # Check whether user wants Kerberos 5 support
3054 KRB5_MSG="no"
3055 AC_ARG_WITH(kerberos5,
3056 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3057 [ if test "x$withval" != "xno" ; then
3058 if test "x$withval" = "xyes" ; then
3059 KRB5ROOT="/usr/local"
3060 else
3061 KRB5ROOT=${withval}
3062 fi
3064 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3065 KRB5_MSG="yes"
3067 AC_MSG_CHECKING(for krb5-config)
3068 if test -x $KRB5ROOT/bin/krb5-config ; then
3069 KRB5CONF=$KRB5ROOT/bin/krb5-config
3070 AC_MSG_RESULT($KRB5CONF)
3072 AC_MSG_CHECKING(for gssapi support)
3073 if $KRB5CONF | grep gssapi >/dev/null ; then
3074 AC_MSG_RESULT(yes)
3075 AC_DEFINE(GSSAPI, 1,
3076 [Define this if you want GSSAPI
3077 support in the version 2 protocol])
3078 k5confopts=gssapi
3079 else
3080 AC_MSG_RESULT(no)
3081 k5confopts=""
3082 fi
3083 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3084 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3085 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3086 AC_MSG_CHECKING(whether we are using Heimdal)
3087 AC_TRY_COMPILE([ #include <krb5.h> ],
3088 [ char *tmp = heimdal_version; ],
3089 [ AC_MSG_RESULT(yes)
3090 AC_DEFINE(HEIMDAL, 1,
3091 [Define this if you are using the
3092 Heimdal version of Kerberos V5]) ],
3093 AC_MSG_RESULT(no)
3094 )
3095 else
3096 AC_MSG_RESULT(no)
3097 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3098 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3099 AC_MSG_CHECKING(whether we are using Heimdal)
3100 AC_TRY_COMPILE([ #include <krb5.h> ],
3101 [ char *tmp = heimdal_version; ],
3102 [ AC_MSG_RESULT(yes)
3103 AC_DEFINE(HEIMDAL)
3104 K5LIBS="-lkrb5 -ldes"
3105 K5LIBS="$K5LIBS -lcom_err -lasn1"
3106 AC_CHECK_LIB(roken, net_write,
3107 [K5LIBS="$K5LIBS -lroken"])
3108 ],
3109 [ AC_MSG_RESULT(no)
3110 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3111 ]
3112 )
3113 AC_SEARCH_LIBS(dn_expand, resolv)
3115 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3116 [ AC_DEFINE(GSSAPI)
3117 K5LIBS="-lgssapi $K5LIBS" ],
3118 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3119 [ AC_DEFINE(GSSAPI)
3120 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3121 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3122 $K5LIBS)
3123 ],
3124 $K5LIBS)
3126 AC_CHECK_HEADER(gssapi.h, ,
3127 [ unset ac_cv_header_gssapi_h
3128 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3129 AC_CHECK_HEADERS(gssapi.h, ,
3130 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3131 )
3132 ]
3133 )
3135 oldCPP="$CPPFLAGS"
3136 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3137 AC_CHECK_HEADER(gssapi_krb5.h, ,
3138 [ CPPFLAGS="$oldCPP" ])
3140 fi
3141 if test ! -z "$need_dash_r" ; then
3142 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3143 fi
3144 if test ! -z "$blibpath" ; then
3145 blibpath="$blibpath:${KRB5ROOT}/lib"
3146 fi
3148 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3149 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3150 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3152 LIBS="$LIBS $K5LIBS"
3153 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3154 [Define this if you want to use libkafs' AFS support]))
3155 fi
3156 ]
3157 )
3159 # Looking for programs, paths and files
3161 PRIVSEP_PATH=/var/empty
3162 AC_ARG_WITH(privsep-path,
3163 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3164 [
3165 if test -n "$withval" && test "x$withval" != "xno" && \
3166 test "x${withval}" != "xyes"; then
3167 PRIVSEP_PATH=$withval
3168 fi
3169 ]
3170 )
3171 AC_SUBST(PRIVSEP_PATH)
3173 AC_ARG_WITH(xauth,
3174 [ --with-xauth=PATH Specify path to xauth program ],
3175 [
3176 if test -n "$withval" && test "x$withval" != "xno" && \
3177 test "x${withval}" != "xyes"; then
3178 xauth_path=$withval
3179 fi
3180 ],
3181 [
3182 TestPath="$PATH"
3183 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3184 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3185 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3186 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3187 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3188 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3189 xauth_path="/usr/openwin/bin/xauth"
3190 fi
3191 ]
3192 )
3194 STRIP_OPT=-s
3195 AC_ARG_ENABLE(strip,
3196 [ --disable-strip Disable calling strip(1) on install],
3197 [
3198 if test "x$enableval" = "xno" ; then
3199 STRIP_OPT=
3200 fi
3201 ]
3202 )
3203 AC_SUBST(STRIP_OPT)
3205 if test -z "$xauth_path" ; then
3206 XAUTH_PATH="undefined"
3207 AC_SUBST(XAUTH_PATH)
3208 else
3209 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3210 [Define if xauth is found in your path])
3211 XAUTH_PATH=$xauth_path
3212 AC_SUBST(XAUTH_PATH)
3213 fi
3215 # Check for mail directory (last resort if we cannot get it from headers)
3216 if test ! -z "$MAIL" ; then
3217 maildir=`dirname $MAIL`
3218 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3219 [Set this to your mail directory if you don't have maillock.h])
3220 fi
3222 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3223 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3224 disable_ptmx_check=yes
3225 fi
3226 if test -z "$no_dev_ptmx" ; then
3227 if test "x$disable_ptmx_check" != "xyes" ; then
3228 AC_CHECK_FILE("/dev/ptmx",
3229 [
3230 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3231 [Define if you have /dev/ptmx])
3232 have_dev_ptmx=1
3233 ]
3234 )
3235 fi
3236 fi
3238 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3239 AC_CHECK_FILE("/dev/ptc",
3240 [
3241 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3242 [Define if you have /dev/ptc])
3243 have_dev_ptc=1
3244 ]
3245 )
3246 else
3247 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3248 fi
3250 # Options from here on. Some of these are preset by platform above
3251 AC_ARG_WITH(mantype,
3252 [ --with-mantype=man|cat|doc Set man page type],
3253 [
3254 case "$withval" in
3255 man|cat|doc)
3256 MANTYPE=$withval
3257 ;;
3258 *)
3259 AC_MSG_ERROR(invalid man type: $withval)
3260 ;;
3261 esac
3262 ]
3263 )
3264 if test -z "$MANTYPE"; then
3265 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3266 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3267 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3268 MANTYPE=doc
3269 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3270 MANTYPE=man
3271 else
3272 MANTYPE=cat
3273 fi
3274 fi
3275 AC_SUBST(MANTYPE)
3276 if test "$MANTYPE" = "doc"; then
3277 mansubdir=man;
3278 else
3279 mansubdir=$MANTYPE;
3280 fi
3281 AC_SUBST(mansubdir)
3283 # Check whether to enable MD5 passwords
3284 MD5_MSG="no"
3285 AC_ARG_WITH(md5-passwords,
3286 [ --with-md5-passwords Enable use of MD5 passwords],
3287 [
3288 if test "x$withval" != "xno" ; then
3289 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3290 [Define if you want to allow MD5 passwords])
3291 MD5_MSG="yes"
3292 fi
3293 ]
3294 )
3296 # Whether to disable shadow password support
3297 AC_ARG_WITH(shadow,
3298 [ --without-shadow Disable shadow password support],
3299 [
3300 if test "x$withval" = "xno" ; then
3301 AC_DEFINE(DISABLE_SHADOW)
3302 disable_shadow=yes
3303 fi
3304 ]
3305 )
3307 if test -z "$disable_shadow" ; then
3308 AC_MSG_CHECKING([if the systems has expire shadow information])
3309 AC_TRY_COMPILE(
3310 [
3311 #include <sys/types.h>
3312 #include <shadow.h>
3313 struct spwd sp;
3314 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3315 [ sp_expire_available=yes ], []
3316 )
3318 if test "x$sp_expire_available" = "xyes" ; then
3319 AC_MSG_RESULT(yes)
3320 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3321 [Define if you want to use shadow password expire field])
3322 else
3323 AC_MSG_RESULT(no)
3324 fi
3325 fi
3327 # Use ip address instead of hostname in $DISPLAY
3328 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3329 DISPLAY_HACK_MSG="yes"
3330 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3331 [Define if you need to use IP address
3332 instead of hostname in $DISPLAY])
3333 else
3334 DISPLAY_HACK_MSG="no"
3335 AC_ARG_WITH(ipaddr-display,
3336 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3337 [
3338 if test "x$withval" != "xno" ; then
3339 AC_DEFINE(IPADDR_IN_DISPLAY)
3340 DISPLAY_HACK_MSG="yes"
3341 fi
3342 ]
3343 )
3344 fi
3346 # check for /etc/default/login and use it if present.
3347 AC_ARG_ENABLE(etc-default-login,
3348 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3349 [ if test "x$enableval" = "xno"; then
3350 AC_MSG_NOTICE([/etc/default/login handling disabled])
3351 etc_default_login=no
3352 else
3353 etc_default_login=yes
3354 fi ],
3355 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3356 then
3357 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3358 etc_default_login=no
3359 else
3360 etc_default_login=yes
3361 fi ]
3362 )
3364 if test "x$etc_default_login" != "xno"; then
3365 AC_CHECK_FILE("/etc/default/login",
3366 [ external_path_file=/etc/default/login ])
3367 if test "x$external_path_file" = "x/etc/default/login"; then
3368 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3369 [Define if your system has /etc/default/login])
3370 fi
3371 fi
3373 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3374 if test $ac_cv_func_login_getcapbool = "yes" && \
3375 test $ac_cv_header_login_cap_h = "yes" ; then
3376 external_path_file=/etc/login.conf
3377 fi
3379 # Whether to mess with the default path
3380 SERVER_PATH_MSG="(default)"
3381 AC_ARG_WITH(default-path,
3382 [ --with-default-path= Specify default \$PATH environment for server],
3383 [
3384 if test "x$external_path_file" = "x/etc/login.conf" ; then
3385 AC_MSG_WARN([
3386 --with-default-path=PATH has no effect on this system.
3387 Edit /etc/login.conf instead.])
3388 elif test "x$withval" != "xno" ; then
3389 if test ! -z "$external_path_file" ; then
3390 AC_MSG_WARN([
3391 --with-default-path=PATH will only be used if PATH is not defined in
3392 $external_path_file .])
3393 fi
3394 user_path="$withval"
3395 SERVER_PATH_MSG="$withval"
3396 fi
3397 ],
3398 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3399 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3400 else
3401 if test ! -z "$external_path_file" ; then
3402 AC_MSG_WARN([
3403 If PATH is defined in $external_path_file, ensure the path to scp is included,
3404 otherwise scp will not work.])
3405 fi
3406 AC_RUN_IFELSE(
3407 [AC_LANG_SOURCE([[
3408 /* find out what STDPATH is */
3409 #include <stdio.h>
3410 #ifdef HAVE_PATHS_H
3411 # include <paths.h>
3412 #endif
3413 #ifndef _PATH_STDPATH
3414 # ifdef _PATH_USERPATH /* Irix */
3415 # define _PATH_STDPATH _PATH_USERPATH
3416 # else
3417 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3418 # endif
3419 #endif
3420 #include <sys/types.h>
3421 #include <sys/stat.h>
3422 #include <fcntl.h>
3423 #define DATA "conftest.stdpath"
3425 main()
3426 {
3427 FILE *fd;
3428 int rc;
3430 fd = fopen(DATA,"w");
3431 if(fd == NULL)
3432 exit(1);
3434 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3435 exit(1);
3437 exit(0);
3438 }
3439 ]])],
3440 [ user_path=`cat conftest.stdpath` ],
3441 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3442 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3443 )
3444 # make sure $bindir is in USER_PATH so scp will work
3445 t_bindir=`eval echo ${bindir}`
3446 case $t_bindir in
3447 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3448 esac
3449 case $t_bindir in
3450 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3451 esac
3452 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3453 if test $? -ne 0 ; then
3454 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3455 if test $? -ne 0 ; then
3456 user_path=$user_path:$t_bindir
3457 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3458 fi
3459 fi
3460 fi ]
3461 )
3462 if test "x$external_path_file" != "x/etc/login.conf" ; then
3463 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3464 AC_SUBST(user_path)
3465 fi
3467 # Set superuser path separately to user path
3468 AC_ARG_WITH(superuser-path,
3469 [ --with-superuser-path= Specify different path for super-user],
3470 [
3471 if test -n "$withval" && test "x$withval" != "xno" && \
3472 test "x${withval}" != "xyes"; then
3473 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3474 [Define if you want a different $PATH
3475 for the superuser])
3476 superuser_path=$withval
3477 fi
3478 ]
3479 )
3482 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3483 IPV4_IN6_HACK_MSG="no"
3484 AC_ARG_WITH(4in6,
3485 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3486 [
3487 if test "x$withval" != "xno" ; then
3488 AC_MSG_RESULT(yes)
3489 AC_DEFINE(IPV4_IN_IPV6, 1,
3490 [Detect IPv4 in IPv6 mapped addresses
3491 and treat as IPv4])
3492 IPV4_IN6_HACK_MSG="yes"
3493 else
3494 AC_MSG_RESULT(no)
3495 fi
3496 ],[
3497 if test "x$inet6_default_4in6" = "xyes"; then
3498 AC_MSG_RESULT([yes (default)])
3499 AC_DEFINE(IPV4_IN_IPV6)
3500 IPV4_IN6_HACK_MSG="yes"
3501 else
3502 AC_MSG_RESULT([no (default)])
3503 fi
3504 ]
3505 )
3507 # Whether to enable BSD auth support
3508 BSD_AUTH_MSG=no
3509 AC_ARG_WITH(bsd-auth,
3510 [ --with-bsd-auth Enable BSD auth support],
3511 [
3512 if test "x$withval" != "xno" ; then
3513 AC_DEFINE(BSD_AUTH, 1,
3514 [Define if you have BSD auth support])
3515 BSD_AUTH_MSG=yes
3516 fi
3517 ]
3518 )
3520 # Where to place sshd.pid
3521 piddir=/var/run
3522 # make sure the directory exists
3523 if test ! -d $piddir ; then
3524 piddir=`eval echo ${sysconfdir}`
3525 case $piddir in
3526 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3527 esac
3528 fi
3530 AC_ARG_WITH(pid-dir,
3531 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3532 [
3533 if test -n "$withval" && test "x$withval" != "xno" && \
3534 test "x${withval}" != "xyes"; then
3535 piddir=$withval
3536 if test ! -d $piddir ; then
3537 AC_MSG_WARN([** no $piddir directory on this system **])
3538 fi
3539 fi
3540 ]
3541 )
3543 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3544 AC_SUBST(piddir)
3546 dnl allow user to disable some login recording features
3547 AC_ARG_ENABLE(lastlog,
3548 [ --disable-lastlog disable use of lastlog even if detected [no]],
3549 [
3550 if test "x$enableval" = "xno" ; then
3551 AC_DEFINE(DISABLE_LASTLOG)
3552 fi
3553 ]
3554 )
3555 AC_ARG_ENABLE(utmp,
3556 [ --disable-utmp disable use of utmp even if detected [no]],
3557 [
3558 if test "x$enableval" = "xno" ; then
3559 AC_DEFINE(DISABLE_UTMP)
3560 fi
3561 ]
3562 )
3563 AC_ARG_ENABLE(utmpx,
3564 [ --disable-utmpx disable use of utmpx even if detected [no]],
3565 [
3566 if test "x$enableval" = "xno" ; then
3567 AC_DEFINE(DISABLE_UTMPX, 1,
3568 [Define if you don't want to use utmpx])
3569 fi
3570 ]
3571 )
3572 AC_ARG_ENABLE(wtmp,
3573 [ --disable-wtmp disable use of wtmp even if detected [no]],
3574 [
3575 if test "x$enableval" = "xno" ; then
3576 AC_DEFINE(DISABLE_WTMP)
3577 fi
3578 ]
3579 )
3580 AC_ARG_ENABLE(wtmpx,
3581 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3582 [
3583 if test "x$enableval" = "xno" ; then
3584 AC_DEFINE(DISABLE_WTMPX, 1,
3585 [Define if you don't want to use wtmpx])
3586 fi
3587 ]
3588 )
3589 AC_ARG_ENABLE(libutil,
3590 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3591 [
3592 if test "x$enableval" = "xno" ; then
3593 AC_DEFINE(DISABLE_LOGIN)
3594 fi
3595 ]
3596 )
3597 AC_ARG_ENABLE(pututline,
3598 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3599 [
3600 if test "x$enableval" = "xno" ; then
3601 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3602 [Define if you don't want to use pututline()
3603 etc. to write [uw]tmp])
3604 fi
3605 ]
3606 )
3607 AC_ARG_ENABLE(pututxline,
3608 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3609 [
3610 if test "x$enableval" = "xno" ; then
3611 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3612 [Define if you don't want to use pututxline()
3613 etc. to write [uw]tmpx])
3614 fi
3615 ]
3616 )
3617 AC_ARG_WITH(lastlog,
3618 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3619 [
3620 if test "x$withval" = "xno" ; then
3621 AC_DEFINE(DISABLE_LASTLOG)
3622 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3623 conf_lastlog_location=$withval
3624 fi
3625 ]
3626 )
3628 dnl lastlog, [uw]tmpx? detection
3629 dnl NOTE: set the paths in the platform section to avoid the
3630 dnl need for command-line parameters
3631 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3633 dnl lastlog detection
3634 dnl NOTE: the code itself will detect if lastlog is a directory
3635 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3636 AC_TRY_COMPILE([
3637 #include <sys/types.h>
3638 #include <utmp.h>
3639 #ifdef HAVE_LASTLOG_H
3640 # include <lastlog.h>
3641 #endif
3642 #ifdef HAVE_PATHS_H
3643 # include <paths.h>
3644 #endif
3645 #ifdef HAVE_LOGIN_H
3646 # include <login.h>
3647 #endif
3648 ],
3649 [ char *lastlog = LASTLOG_FILE; ],
3650 [ AC_MSG_RESULT(yes) ],
3651 [
3652 AC_MSG_RESULT(no)
3653 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3654 AC_TRY_COMPILE([
3655 #include <sys/types.h>
3656 #include <utmp.h>
3657 #ifdef HAVE_LASTLOG_H
3658 # include <lastlog.h>
3659 #endif
3660 #ifdef HAVE_PATHS_H
3661 # include <paths.h>
3662 #endif
3663 ],
3664 [ char *lastlog = _PATH_LASTLOG; ],
3665 [ AC_MSG_RESULT(yes) ],
3666 [
3667 AC_MSG_RESULT(no)
3668 system_lastlog_path=no
3669 ])
3670 ]
3671 )
3673 if test -z "$conf_lastlog_location"; then
3674 if test x"$system_lastlog_path" = x"no" ; then
3675 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3676 if (test -d "$f" || test -f "$f") ; then
3677 conf_lastlog_location=$f
3678 fi
3679 done
3680 if test -z "$conf_lastlog_location"; then
3681 AC_MSG_WARN([** Cannot find lastlog **])
3682 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3683 fi
3684 fi
3685 fi
3687 if test -n "$conf_lastlog_location"; then
3688 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3689 [Define if you want to specify the path to your lastlog file])
3690 fi
3692 dnl utmp detection
3693 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3694 AC_TRY_COMPILE([
3695 #include <sys/types.h>
3696 #include <utmp.h>
3697 #ifdef HAVE_PATHS_H
3698 # include <paths.h>
3699 #endif
3700 ],
3701 [ char *utmp = UTMP_FILE; ],
3702 [ AC_MSG_RESULT(yes) ],
3703 [ AC_MSG_RESULT(no)
3704 system_utmp_path=no ]
3705 )
3706 if test -z "$conf_utmp_location"; then
3707 if test x"$system_utmp_path" = x"no" ; then
3708 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3709 if test -f $f ; then
3710 conf_utmp_location=$f
3711 fi
3712 done
3713 if test -z "$conf_utmp_location"; then
3714 AC_DEFINE(DISABLE_UTMP)
3715 fi
3716 fi
3717 fi
3718 if test -n "$conf_utmp_location"; then
3719 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3720 [Define if you want to specify the path to your utmp file])
3721 fi
3723 dnl wtmp detection
3724 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3725 AC_TRY_COMPILE([
3726 #include <sys/types.h>
3727 #include <utmp.h>
3728 #ifdef HAVE_PATHS_H
3729 # include <paths.h>
3730 #endif
3731 ],
3732 [ char *wtmp = WTMP_FILE; ],
3733 [ AC_MSG_RESULT(yes) ],
3734 [ AC_MSG_RESULT(no)
3735 system_wtmp_path=no ]
3736 )
3737 if test -z "$conf_wtmp_location"; then
3738 if test x"$system_wtmp_path" = x"no" ; then
3739 for f in /usr/adm/wtmp /var/log/wtmp; do
3740 if test -f $f ; then
3741 conf_wtmp_location=$f
3742 fi
3743 done
3744 if test -z "$conf_wtmp_location"; then
3745 AC_DEFINE(DISABLE_WTMP)
3746 fi
3747 fi
3748 fi
3749 if test -n "$conf_wtmp_location"; then
3750 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3751 [Define if you want to specify the path to your wtmp file])
3752 fi
3755 dnl utmpx detection - I don't know any system so perverse as to require
3756 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3757 dnl there, though.
3758 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3759 AC_TRY_COMPILE([
3760 #include <sys/types.h>
3761 #include <utmp.h>
3762 #ifdef HAVE_UTMPX_H
3763 #include <utmpx.h>
3764 #endif
3765 #ifdef HAVE_PATHS_H
3766 # include <paths.h>
3767 #endif
3768 ],
3769 [ char *utmpx = UTMPX_FILE; ],
3770 [ AC_MSG_RESULT(yes) ],
3771 [ AC_MSG_RESULT(no)
3772 system_utmpx_path=no ]
3773 )
3774 if test -z "$conf_utmpx_location"; then
3775 if test x"$system_utmpx_path" = x"no" ; then
3776 AC_DEFINE(DISABLE_UTMPX)
3777 fi
3778 else
3779 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3780 [Define if you want to specify the path to your utmpx file])
3781 fi
3783 dnl wtmpx detection
3784 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3785 AC_TRY_COMPILE([
3786 #include <sys/types.h>
3787 #include <utmp.h>
3788 #ifdef HAVE_UTMPX_H
3789 #include <utmpx.h>
3790 #endif
3791 #ifdef HAVE_PATHS_H
3792 # include <paths.h>
3793 #endif
3794 ],
3795 [ char *wtmpx = WTMPX_FILE; ],
3796 [ AC_MSG_RESULT(yes) ],
3797 [ AC_MSG_RESULT(no)
3798 system_wtmpx_path=no ]
3799 )
3800 if test -z "$conf_wtmpx_location"; then
3801 if test x"$system_wtmpx_path" = x"no" ; then
3802 AC_DEFINE(DISABLE_WTMPX)
3803 fi
3804 else
3805 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3806 [Define if you want to specify the path to your wtmpx file])
3807 fi
3810 if test ! -z "$blibpath" ; then
3811 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3812 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3813 fi
3815 dnl remove pam and dl because they are in $LIBPAM
3816 if test "$PAM_MSG" = yes ; then
3817 LIBS=`echo $LIBS | sed 's/-lpam //'`
3818 fi
3819 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3820 LIBS=`echo $LIBS | sed 's/-ldl //'`
3821 fi
3823 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3824 dnl Add now.
3825 CFLAGS="$CFLAGS $werror_flags"
3827 AC_EXEEXT
3828 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3829 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
3830 AC_OUTPUT
3832 # Print summary of options
3834 # Someone please show me a better way :)
3835 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3836 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3837 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3838 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3839 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3840 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3841 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3842 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3843 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3844 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3846 echo ""
3847 echo "OpenSSH has been configured with the following options:"
3848 echo " User binaries: $B"
3849 echo " System binaries: $C"
3850 echo " Configuration files: $D"
3851 echo " Askpass program: $E"
3852 echo " Manual pages: $F"
3853 echo " PID file: $G"
3854 echo " Privilege separation chroot path: $H"
3855 if test "x$external_path_file" = "x/etc/login.conf" ; then
3856 echo " At runtime, sshd will use the path defined in $external_path_file"
3857 echo " Make sure the path to scp is present, otherwise scp will not work"
3858 else
3859 echo " sshd default user PATH: $I"
3860 if test ! -z "$external_path_file"; then
3861 echo " (If PATH is set in $external_path_file it will be used instead. If"
3862 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3863 fi
3864 fi
3865 if test ! -z "$superuser_path" ; then
3866 echo " sshd superuser user PATH: $J"
3867 fi
3868 echo " Manpage format: $MANTYPE"
3869 echo " PAM support: $PAM_MSG"
3870 echo " KerberosV support: $KRB5_MSG"
3871 echo " SELinux support: $SELINUX_MSG"
3872 echo " Smartcard support: $SCARD_MSG"
3873 echo " S/KEY support: $SKEY_MSG"
3874 echo " TCP Wrappers support: $TCPW_MSG"
3875 echo " MD5 password support: $MD5_MSG"
3876 echo " libedit support: $LIBEDIT_MSG"
3877 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3878 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3879 echo " BSD Auth support: $BSD_AUTH_MSG"
3880 echo " Random number source: $RAND_MSG"
3881 if test ! -z "$USE_RAND_HELPER" ; then
3882 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3883 fi
3885 echo ""
3887 echo " Host: ${host}"
3888 echo " Compiler: ${CC}"
3889 echo " Compiler flags: ${CFLAGS}"
3890 echo "Preprocessor flags: ${CPPFLAGS}"
3891 echo " Linker flags: ${LDFLAGS}"
3892 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3894 echo ""
3896 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3897 echo "SVR4 style packages are supported with \"make package\""
3898 echo ""
3899 fi
3901 if test "x$PAM_MSG" = "xyes" ; then
3902 echo "PAM is enabled. You may need to install a PAM control file "
3903 echo "for sshd, otherwise password authentication may fail. "
3904 echo "Example PAM control files can be found in the contrib/ "
3905 echo "subdirectory"
3906 echo ""
3907 fi
3909 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3910 echo "WARNING: you are using the builtin random number collection "
3911 echo "service. Please read WARNING.RNG and request that your OS "
3912 echo "vendor includes kernel-based random number collection in "
3913 echo "future versions of your OS."
3914 echo ""
3915 fi
3917 if test ! -z "$NO_PEERCHECK" ; then
3918 echo "WARNING: the operating system that you are using does not "
3919 echo "appear to support either the getpeereid() API nor the "
3920 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3921 echo "enforce security checks to prevent unauthorised connections to "
3922 echo "ssh-agent. Their absence increases the risk that a malicious "
3923 echo "user can connect to your agent. "
3924 echo ""
3925 fi
3927 if test "$AUDIT_MODULE" = "bsm" ; then
3928 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3929 echo "See the Solaris section in README.platform for details."
3930 fi