| blob | 94f049fc670a721f2ab1feb81226c3b544de79ce |
1 # $Id: configure.ac,v 1.432 2009/12/08 02:39:48 dtucker Exp $
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.432 $)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
22 AC_PROG_CC
23 AC_CANONICAL_HOST
24 AC_C_BIGENDIAN
26 # Checks for programs.
27 AC_PROG_AWK
28 AC_PROG_CPP
29 AC_PROG_RANLIB
30 AC_PROG_INSTALL
31 AC_PROG_EGREP
32 AC_PATH_PROG(AR, ar)
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
37 AC_SUBST(PERL)
38 AC_PATH_PROG(ENT, ent)
39 AC_SUBST(ENT)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43 AC_PATH_PROG(SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
46 dnl for buildpkg.sh
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54 else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56 fi
58 # System features
59 AC_SYS_LARGEFILE
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63 fi
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
70 else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76 fi
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
82 fi
84 if test -z "$LD" ; then
85 LD=$CC
86 fi
87 AC_SUBST(LD)
89 AC_C_INLINE
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 use_stack_protector=1
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
97 use_stack_protector=0
98 fi ])
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
103 case $GCC_VER in
104 1.*) no_attrib_nonnull=1 ;;
105 2.8* | 2.9*)
106 CFLAGS="$CFLAGS -Wsign-compare"
107 no_attrib_nonnull=1
108 ;;
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
112 *) ;;
113 esac
115 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
116 saved_CFLAGS="$CFLAGS"
117 CFLAGS="$CFLAGS -fno-builtin-memset"
118 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
119 #include <string.h>
120 int main(void){char b[10]; memset(b, 0, sizeof(b));}
121 ]])],
122 [ AC_MSG_RESULT(yes) ],
123 [ AC_MSG_RESULT(no)
124 CFLAGS="$saved_CFLAGS" ]
125 )
127 # -fstack-protector-all doesn't always work for some GCC versions
128 # and/or platforms, so we test if we can. If it's not supported
129 # on a given platform gcc will emit a warning so we use -Werror.
130 if test "x$use_stack_protector" = "x1"; then
131 for t in -fstack-protector-all -fstack-protector; do
132 AC_MSG_CHECKING(if $CC supports $t)
133 saved_CFLAGS="$CFLAGS"
134 saved_LDFLAGS="$LDFLAGS"
135 CFLAGS="$CFLAGS $t -Werror"
136 LDFLAGS="$LDFLAGS $t -Werror"
137 AC_LINK_IFELSE(
138 [AC_LANG_SOURCE([
139 #include <stdio.h>
140 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
141 ])],
142 [ AC_MSG_RESULT(yes)
143 CFLAGS="$saved_CFLAGS $t"
144 LDFLAGS="$saved_LDFLAGS $t"
145 AC_MSG_CHECKING(if $t works)
146 AC_RUN_IFELSE(
147 [AC_LANG_SOURCE([
148 #include <stdio.h>
149 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
150 ])],
151 [ AC_MSG_RESULT(yes)
152 break ],
153 [ AC_MSG_RESULT(no) ],
154 [ AC_MSG_WARN([cross compiling: cannot test])
155 break ]
156 )
157 ],
158 [ AC_MSG_RESULT(no) ]
159 )
160 CFLAGS="$saved_CFLAGS"
161 LDFLAGS="$saved_LDFLAGS"
162 done
163 fi
165 if test -z "$have_llong_max"; then
166 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
167 unset ac_cv_have_decl_LLONG_MAX
168 saved_CFLAGS="$CFLAGS"
169 CFLAGS="$CFLAGS -std=gnu99"
170 AC_CHECK_DECL(LLONG_MAX,
171 [have_llong_max=1],
172 [CFLAGS="$saved_CFLAGS"],
173 [#include <limits.h>]
174 )
175 fi
176 fi
178 if test "x$no_attrib_nonnull" != "x1" ; then
179 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
180 fi
182 AC_ARG_WITH(rpath,
183 [ --without-rpath Disable auto-added -R linker paths],
184 [
185 if test "x$withval" = "xno" ; then
186 need_dash_r=""
187 fi
188 if test "x$withval" = "xyes" ; then
189 need_dash_r=1
190 fi
191 ]
192 )
194 # Allow user to specify flags
195 AC_ARG_WITH(cflags,
196 [ --with-cflags Specify additional flags to pass to compiler],
197 [
198 if test -n "$withval" && test "x$withval" != "xno" && \
199 test "x${withval}" != "xyes"; then
200 CFLAGS="$CFLAGS $withval"
201 fi
202 ]
203 )
204 AC_ARG_WITH(cppflags,
205 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
206 [
207 if test -n "$withval" && test "x$withval" != "xno" && \
208 test "x${withval}" != "xyes"; then
209 CPPFLAGS="$CPPFLAGS $withval"
210 fi
211 ]
212 )
213 AC_ARG_WITH(ldflags,
214 [ --with-ldflags Specify additional flags to pass to linker],
215 [
216 if test -n "$withval" && test "x$withval" != "xno" && \
217 test "x${withval}" != "xyes"; then
218 LDFLAGS="$LDFLAGS $withval"
219 fi
220 ]
221 )
222 AC_ARG_WITH(libs,
223 [ --with-libs Specify additional libraries to link with],
224 [
225 if test -n "$withval" && test "x$withval" != "xno" && \
226 test "x${withval}" != "xyes"; then
227 LIBS="$LIBS $withval"
228 fi
229 ]
230 )
231 AC_ARG_WITH(Werror,
232 [ --with-Werror Build main code with -Werror],
233 [
234 if test -n "$withval" && test "x$withval" != "xno"; then
235 werror_flags="-Werror"
236 if test "x${withval}" != "xyes"; then
237 werror_flags="$withval"
238 fi
239 fi
240 ]
241 )
243 AC_CHECK_HEADERS( \
244 bstring.h \
245 crypt.h \
246 crypto/sha2.h \
247 dirent.h \
248 endian.h \
249 features.h \
250 fcntl.h \
251 floatingpoint.h \
252 getopt.h \
253 glob.h \
254 ia.h \
255 iaf.h \
256 limits.h \
257 login.h \
258 maillock.h \
259 ndir.h \
260 net/if_tun.h \
261 netdb.h \
262 netgroup.h \
263 pam/pam_appl.h \
264 paths.h \
265 poll.h \
266 pty.h \
267 readpassphrase.h \
268 rpc/types.h \
269 security/pam_appl.h \
270 sha2.h \
271 shadow.h \
272 stddef.h \
273 stdint.h \
274 string.h \
275 strings.h \
276 sys/audit.h \
277 sys/bitypes.h \
278 sys/bsdtty.h \
279 sys/cdefs.h \
280 sys/dir.h \
281 sys/mman.h \
282 sys/ndir.h \
283 sys/poll.h \
284 sys/prctl.h \
285 sys/pstat.h \
286 sys/select.h \
287 sys/stat.h \
288 sys/stream.h \
289 sys/stropts.h \
290 sys/strtio.h \
291 sys/statvfs.h \
292 sys/sysmacros.h \
293 sys/time.h \
294 sys/timers.h \
295 sys/un.h \
296 time.h \
297 tmpdir.h \
298 ttyent.h \
299 ucred.h \
300 unistd.h \
301 usersec.h \
302 util.h \
303 utime.h \
304 utmp.h \
305 utmpx.h \
306 vis.h \
307 )
309 # lastlog.h requires sys/time.h to be included first on Solaris
310 AC_CHECK_HEADERS(lastlog.h, [], [], [
311 #ifdef HAVE_SYS_TIME_H
312 # include <sys/time.h>
313 #endif
314 ])
316 # sys/ptms.h requires sys/stream.h to be included first on Solaris
317 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
318 #ifdef HAVE_SYS_STREAM_H
319 # include <sys/stream.h>
320 #endif
321 ])
323 # login_cap.h requires sys/types.h on NetBSD
324 AC_CHECK_HEADERS(login_cap.h, [], [], [
325 #include <sys/types.h>
326 ])
328 # older BSDs need sys/param.h before sys/mount.h
329 AC_CHECK_HEADERS(sys/mount.h, [], [], [
330 #include <sys/param.h>
331 ])
333 # Messages for features tested for in target-specific section
334 SIA_MSG="no"
335 SPC_MSG="no"
337 # Check for some target-specific stuff
338 case "$host" in
339 *-*-aix*)
340 # Some versions of VAC won't allow macro redefinitions at
341 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
342 # particularly with older versions of vac or xlc.
343 # It also throws errors about null macro argments, but these are
344 # not fatal.
345 AC_MSG_CHECKING(if compiler allows macro redefinitions)
346 AC_COMPILE_IFELSE(
347 [AC_LANG_SOURCE([[
348 #define testmacro foo
349 #define testmacro bar
350 int main(void) { exit(0); }
351 ]])],
352 [ AC_MSG_RESULT(yes) ],
353 [ AC_MSG_RESULT(no)
354 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
355 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
356 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
357 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
358 ]
359 )
361 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
362 if (test -z "$blibpath"); then
363 blibpath="/usr/lib:/lib"
364 fi
365 saved_LDFLAGS="$LDFLAGS"
366 if test "$GCC" = "yes"; then
367 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
368 else
369 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
370 fi
371 for tryflags in $flags ;do
372 if (test -z "$blibflags"); then
373 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
374 AC_TRY_LINK([], [], [blibflags=$tryflags])
375 fi
376 done
377 if (test -z "$blibflags"); then
378 AC_MSG_RESULT(not found)
379 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
380 else
381 AC_MSG_RESULT($blibflags)
382 fi
383 LDFLAGS="$saved_LDFLAGS"
384 dnl Check for authenticate. Might be in libs.a on older AIXes
385 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
386 [Define if you want to enable AIX4's authenticate function])],
387 [AC_CHECK_LIB(s,authenticate,
388 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
389 LIBS="$LIBS -ls"
390 ])
391 ])
392 dnl Check for various auth function declarations in headers.
393 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
394 passwdexpired, setauthdb], , , [#include <usersec.h>])
395 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
396 AC_CHECK_DECLS(loginfailed,
397 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
398 AC_TRY_COMPILE(
399 [#include <usersec.h>],
400 [(void)loginfailed("user","host","tty",0);],
401 [AC_MSG_RESULT(yes)
402 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
403 [Define if your AIX loginfailed() function
404 takes 4 arguments (AIX >= 5.2)])],
405 [AC_MSG_RESULT(no)]
406 )],
407 [],
408 [#include <usersec.h>]
409 )
410 AC_CHECK_FUNCS(getgrset setauthdb)
411 AC_CHECK_DECL(F_CLOSEM,
412 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
413 [],
414 [ #include <limits.h>
415 #include <fcntl.h> ]
416 )
417 check_for_aix_broken_getaddrinfo=1
418 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
419 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
420 [Define if your platform breaks doing a seteuid before a setuid])
421 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
422 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
423 dnl AIX handles lastlog as part of its login message
424 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
425 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
426 [Some systems need a utmpx entry for /bin/login to work])
427 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
428 [Define to a Set Process Title type if your system is
429 supported by bsd-setproctitle.c])
430 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
431 [AIX 5.2 and 5.3 (and presumably newer) require this])
432 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
433 ;;
434 *-*-cygwin*)
435 check_for_libcrypt_later=1
436 LIBS="$LIBS /usr/lib/textreadmode.o"
437 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
438 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
439 AC_DEFINE(DISABLE_SHADOW, 1,
440 [Define if you want to disable shadow passwords])
441 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
442 [Define if X11 doesn't support AF_UNIX sockets on that system])
443 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
444 [Define if the concept of ports only accessible to
445 superusers isn't known])
446 AC_DEFINE(DISABLE_FD_PASSING, 1,
447 [Define if your platform needs to skip post auth
448 file descriptor passing])
449 AC_DEFINE(SSH_IOBUFSZ, 65536, [Windows is sensitive to read buffer size])
450 ;;
451 *-*-dgux*)
452 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
453 [Define if your system choked on IP TOS setting])
454 AC_DEFINE(SETEUID_BREAKS_SETUID)
455 AC_DEFINE(BROKEN_SETREUID)
456 AC_DEFINE(BROKEN_SETREGID)
457 ;;
458 *-*-darwin*)
459 AC_MSG_CHECKING(if we have working getaddrinfo)
460 AC_TRY_RUN([#include <mach-o/dyld.h>
461 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
462 exit(0);
463 else
464 exit(1);
465 }], [AC_MSG_RESULT(working)],
466 [AC_MSG_RESULT(buggy)
467 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
468 [AC_MSG_RESULT(assume it is working)])
469 AC_DEFINE(SETEUID_BREAKS_SETUID)
470 AC_DEFINE(BROKEN_SETREUID)
471 AC_DEFINE(BROKEN_SETREGID)
472 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
473 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
474 [Define if your resolver libs need this for getrrsetbyname])
475 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
476 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
477 [Use tunnel device compatibility to OpenBSD])
478 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
479 [Prepend the address family to IP tunnel traffic])
480 m4_pattern_allow(AU_IPv)
481 AC_CHECK_DECL(AU_IPv4, [],
482 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
483 [#include <bsm/audit.h>]
484 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
485 [Define if pututxline updates lastlog too])
486 )
487 ;;
488 *-*-dragonfly*)
489 SSHDLIBS="$SSHDLIBS -lcrypt"
490 ;;
491 *-*-hpux*)
492 # first we define all of the options common to all HP-UX releases
493 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
494 IPADDR_IN_DISPLAY=yes
495 AC_DEFINE(USE_PIPES)
496 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
497 [Define if your login program cannot handle end of options ("--")])
498 AC_DEFINE(LOGIN_NEEDS_UTMPX)
499 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
500 [String used in /etc/passwd to denote locked account])
501 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
502 MAIL="/var/mail/username"
503 LIBS="$LIBS -lsec"
504 AC_CHECK_LIB(xnet, t_error, ,
505 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
507 # next, we define all of the options specific to major releases
508 case "$host" in
509 *-*-hpux10*)
510 if test -z "$GCC"; then
511 CFLAGS="$CFLAGS -Ae"
512 fi
513 ;;
514 *-*-hpux11*)
515 AC_DEFINE(PAM_SUN_CODEBASE, 1,
516 [Define if you are using Solaris-derived PAM which
517 passes pam_messages to the conversation function
518 with an extra level of indirection])
519 AC_DEFINE(DISABLE_UTMP, 1,
520 [Define if you don't want to use utmp])
521 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
522 check_for_hpux_broken_getaddrinfo=1
523 check_for_conflicting_getspnam=1
524 ;;
525 esac
527 # lastly, we define options specific to minor releases
528 case "$host" in
529 *-*-hpux10.26)
530 AC_DEFINE(HAVE_SECUREWARE, 1,
531 [Define if you have SecureWare-based
532 protected password database])
533 disable_ptmx_check=yes
534 LIBS="$LIBS -lsecpw"
535 ;;
536 esac
537 ;;
538 *-*-irix5*)
539 PATH="$PATH:/usr/etc"
540 AC_DEFINE(BROKEN_INET_NTOA, 1,
541 [Define if you system's inet_ntoa is busted
542 (e.g. Irix gcc issue)])
543 AC_DEFINE(SETEUID_BREAKS_SETUID)
544 AC_DEFINE(BROKEN_SETREUID)
545 AC_DEFINE(BROKEN_SETREGID)
546 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
547 [Define if you shouldn't strip 'tty' from your
548 ttyname in [uw]tmp])
549 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
550 ;;
551 *-*-irix6*)
552 PATH="$PATH:/usr/etc"
553 AC_DEFINE(WITH_IRIX_ARRAY, 1,
554 [Define if you have/want arrays
555 (cluster-wide session managment, not C arrays)])
556 AC_DEFINE(WITH_IRIX_PROJECT, 1,
557 [Define if you want IRIX project management])
558 AC_DEFINE(WITH_IRIX_AUDIT, 1,
559 [Define if you want IRIX audit trails])
560 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
561 [Define if you want IRIX kernel jobs])])
562 AC_DEFINE(BROKEN_INET_NTOA)
563 AC_DEFINE(SETEUID_BREAKS_SETUID)
564 AC_DEFINE(BROKEN_SETREUID)
565 AC_DEFINE(BROKEN_SETREGID)
566 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
567 AC_DEFINE(WITH_ABBREV_NO_TTY)
568 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
569 ;;
570 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
571 check_for_libcrypt_later=1
572 AC_DEFINE(PAM_TTY_KLUDGE)
573 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
574 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
575 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
576 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
577 ;;
578 *-*-linux*)
579 no_dev_ptmx=1
580 check_for_libcrypt_later=1
581 check_for_openpty_ctty_bug=1
582 AC_DEFINE(PAM_TTY_KLUDGE, 1,
583 [Work around problematic Linux PAM modules handling of PAM_TTY])
584 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
585 [String used in /etc/passwd to denote locked account])
586 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
587 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
588 [Define to whatever link() returns for "not supported"
589 if it doesn't return EOPNOTSUPP.])
590 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
591 AC_DEFINE(USE_BTMP)
592 AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer])
593 inet6_default_4in6=yes
594 case `uname -r` in
595 1.*|2.0.*)
596 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
597 [Define if cmsg_type is not passed correctly])
598 ;;
599 esac
600 # tun(4) forwarding compat code
601 AC_CHECK_HEADERS(linux/if_tun.h)
602 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
603 AC_DEFINE(SSH_TUN_LINUX, 1,
604 [Open tunnel devices the Linux tun/tap way])
605 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
606 [Use tunnel device compatibility to OpenBSD])
607 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
608 [Prepend the address family to IP tunnel traffic])
609 fi
610 ;;
611 mips-sony-bsd|mips-sony-newsos4)
612 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
613 SONY=1
614 ;;
615 *-*-netbsd*)
616 check_for_libcrypt_before=1
617 if test "x$withval" != "xno" ; then
618 need_dash_r=1
619 fi
620 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
621 AC_CHECK_HEADER([net/if_tap.h], ,
622 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
623 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
624 [Prepend the address family to IP tunnel traffic])
625 ;;
626 *-*-freebsd*)
627 check_for_libcrypt_later=1
628 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
629 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
630 AC_CHECK_HEADER([net/if_tap.h], ,
631 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
632 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
633 ;;
634 *-*-bsdi*)
635 AC_DEFINE(SETEUID_BREAKS_SETUID)
636 AC_DEFINE(BROKEN_SETREUID)
637 AC_DEFINE(BROKEN_SETREGID)
638 ;;
639 *-next-*)
640 conf_lastlog_location="/usr/adm/lastlog"
641 conf_utmp_location=/etc/utmp
642 conf_wtmp_location=/usr/adm/wtmp
643 MAIL=/usr/spool/mail
644 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
645 AC_DEFINE(BROKEN_REALPATH)
646 AC_DEFINE(USE_PIPES)
647 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
648 ;;
649 *-*-openbsd*)
650 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
651 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
652 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
653 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
654 [syslog_r function is safe to use in in a signal handler])
655 ;;
656 *-*-solaris*)
657 if test "x$withval" != "xno" ; then
658 need_dash_r=1
659 fi
660 AC_DEFINE(PAM_SUN_CODEBASE)
661 AC_DEFINE(LOGIN_NEEDS_UTMPX)
662 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
663 [Some versions of /bin/login need the TERM supplied
664 on the commandline])
665 AC_DEFINE(PAM_TTY_KLUDGE)
666 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
667 [Define if pam_chauthtok wants real uid set
668 to the unpriv'ed user])
669 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
670 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
671 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
672 [Define if sshd somehow reacquires a controlling TTY
673 after setsid()])
674 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
675 in case the name is longer than 8 chars])
676 AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
677 external_path_file=/etc/default/login
678 # hardwire lastlog location (can't detect it on some versions)
679 conf_lastlog_location="/var/adm/lastlog"
680 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
681 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
682 if test "$sol2ver" -ge 8; then
683 AC_MSG_RESULT(yes)
684 AC_DEFINE(DISABLE_UTMP)
685 AC_DEFINE(DISABLE_WTMP, 1,
686 [Define if you don't want to use wtmp])
687 else
688 AC_MSG_RESULT(no)
689 fi
690 AC_ARG_WITH(solaris-contracts,
691 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
692 [
693 AC_CHECK_LIB(contract, ct_tmpl_activate,
694 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
695 [Define if you have Solaris process contracts])
696 SSHDLIBS="$SSHDLIBS -lcontract"
697 AC_SUBST(SSHDLIBS)
698 SPC_MSG="yes" ], )
699 ],
700 )
701 ;;
702 *-*-sunos4*)
703 CPPFLAGS="$CPPFLAGS -DSUNOS4"
704 AC_CHECK_FUNCS(getpwanam)
705 AC_DEFINE(PAM_SUN_CODEBASE)
706 conf_utmp_location=/etc/utmp
707 conf_wtmp_location=/var/adm/wtmp
708 conf_lastlog_location=/var/adm/lastlog
709 AC_DEFINE(USE_PIPES)
710 ;;
711 *-ncr-sysv*)
712 LIBS="$LIBS -lc89"
713 AC_DEFINE(USE_PIPES)
714 AC_DEFINE(SSHD_ACQUIRES_CTTY)
715 AC_DEFINE(SETEUID_BREAKS_SETUID)
716 AC_DEFINE(BROKEN_SETREUID)
717 AC_DEFINE(BROKEN_SETREGID)
718 ;;
719 *-sni-sysv*)
720 # /usr/ucblib MUST NOT be searched on ReliantUNIX
721 AC_CHECK_LIB(dl, dlsym, ,)
722 # -lresolv needs to be at the end of LIBS or DNS lookups break
723 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
724 IPADDR_IN_DISPLAY=yes
725 AC_DEFINE(USE_PIPES)
726 AC_DEFINE(IP_TOS_IS_BROKEN)
727 AC_DEFINE(SETEUID_BREAKS_SETUID)
728 AC_DEFINE(BROKEN_SETREUID)
729 AC_DEFINE(BROKEN_SETREGID)
730 AC_DEFINE(SSHD_ACQUIRES_CTTY)
731 external_path_file=/etc/default/login
732 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
733 # Attention: always take care to bind libsocket and libnsl before libc,
734 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
735 ;;
736 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
737 *-*-sysv4.2*)
738 AC_DEFINE(USE_PIPES)
739 AC_DEFINE(SETEUID_BREAKS_SETUID)
740 AC_DEFINE(BROKEN_SETREUID)
741 AC_DEFINE(BROKEN_SETREGID)
742 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
743 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
744 ;;
745 # UnixWare 7.x, OpenUNIX 8
746 *-*-sysv5*)
747 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
748 AC_DEFINE(USE_PIPES)
749 AC_DEFINE(SETEUID_BREAKS_SETUID)
750 AC_DEFINE(BROKEN_SETREUID)
751 AC_DEFINE(BROKEN_SETREGID)
752 AC_DEFINE(PASSWD_NEEDS_USERNAME)
753 case "$host" in
754 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
755 TEST_SHELL=/u95/bin/sh
756 AC_DEFINE(BROKEN_LIBIAF, 1,
757 [ia_uinfo routines not supported by OS yet])
758 AC_DEFINE(BROKEN_UPDWTMPX)
759 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
760 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
761 AC_DEFINE(HAVE_SECUREWARE)
762 AC_DEFINE(DISABLE_SHADOW)
763 ],,)
764 ;;
765 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
766 check_for_libcrypt_later=1
767 ;;
768 esac
769 ;;
770 *-*-sysv*)
771 ;;
772 # SCO UNIX and OEM versions of SCO UNIX
773 *-*-sco3.2v4*)
774 AC_MSG_ERROR("This Platform is no longer supported.")
775 ;;
776 # SCO OpenServer 5.x
777 *-*-sco3.2v5*)
778 if test -z "$GCC"; then
779 CFLAGS="$CFLAGS -belf"
780 fi
781 LIBS="$LIBS -lprot -lx -ltinfo -lm"
782 no_dev_ptmx=1
783 AC_DEFINE(USE_PIPES)
784 AC_DEFINE(HAVE_SECUREWARE)
785 AC_DEFINE(DISABLE_SHADOW)
786 AC_DEFINE(DISABLE_FD_PASSING)
787 AC_DEFINE(SETEUID_BREAKS_SETUID)
788 AC_DEFINE(BROKEN_SETREUID)
789 AC_DEFINE(BROKEN_SETREGID)
790 AC_DEFINE(WITH_ABBREV_NO_TTY)
791 AC_DEFINE(BROKEN_UPDWTMPX)
792 AC_DEFINE(PASSWD_NEEDS_USERNAME)
793 AC_CHECK_FUNCS(getluid setluid)
794 MANTYPE=man
795 TEST_SHELL=ksh
796 ;;
797 *-*-unicosmk*)
798 AC_DEFINE(NO_SSH_LASTLOG, 1,
799 [Define if you don't want to use lastlog in session.c])
800 AC_DEFINE(SETEUID_BREAKS_SETUID)
801 AC_DEFINE(BROKEN_SETREUID)
802 AC_DEFINE(BROKEN_SETREGID)
803 AC_DEFINE(USE_PIPES)
804 AC_DEFINE(DISABLE_FD_PASSING)
805 LDFLAGS="$LDFLAGS"
806 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
807 MANTYPE=cat
808 ;;
809 *-*-unicosmp*)
810 AC_DEFINE(SETEUID_BREAKS_SETUID)
811 AC_DEFINE(BROKEN_SETREUID)
812 AC_DEFINE(BROKEN_SETREGID)
813 AC_DEFINE(WITH_ABBREV_NO_TTY)
814 AC_DEFINE(USE_PIPES)
815 AC_DEFINE(DISABLE_FD_PASSING)
816 LDFLAGS="$LDFLAGS"
817 LIBS="$LIBS -lgen -lacid -ldb"
818 MANTYPE=cat
819 ;;
820 *-*-unicos*)
821 AC_DEFINE(SETEUID_BREAKS_SETUID)
822 AC_DEFINE(BROKEN_SETREUID)
823 AC_DEFINE(BROKEN_SETREGID)
824 AC_DEFINE(USE_PIPES)
825 AC_DEFINE(DISABLE_FD_PASSING)
826 AC_DEFINE(NO_SSH_LASTLOG)
827 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
828 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
829 MANTYPE=cat
830 ;;
831 *-dec-osf*)
832 AC_MSG_CHECKING(for Digital Unix SIA)
833 no_osfsia=""
834 AC_ARG_WITH(osfsia,
835 [ --with-osfsia Enable Digital Unix SIA],
836 [
837 if test "x$withval" = "xno" ; then
838 AC_MSG_RESULT(disabled)
839 no_osfsia=1
840 fi
841 ],
842 )
843 if test -z "$no_osfsia" ; then
844 if test -f /etc/sia/matrix.conf; then
845 AC_MSG_RESULT(yes)
846 AC_DEFINE(HAVE_OSF_SIA, 1,
847 [Define if you have Digital Unix Security
848 Integration Architecture])
849 AC_DEFINE(DISABLE_LOGIN, 1,
850 [Define if you don't want to use your
851 system's login() call])
852 AC_DEFINE(DISABLE_FD_PASSING)
853 LIBS="$LIBS -lsecurity -ldb -lm -laud"
854 SIA_MSG="yes"
855 else
856 AC_MSG_RESULT(no)
857 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
858 [String used in /etc/passwd to denote locked account])
859 fi
860 fi
861 AC_DEFINE(BROKEN_GETADDRINFO)
862 AC_DEFINE(SETEUID_BREAKS_SETUID)
863 AC_DEFINE(BROKEN_SETREUID)
864 AC_DEFINE(BROKEN_SETREGID)
865 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
866 ;;
868 *-*-nto-qnx*)
869 AC_DEFINE(USE_PIPES)
870 AC_DEFINE(NO_X11_UNIX_SOCKETS)
871 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
872 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
873 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
874 AC_DEFINE(DISABLE_LASTLOG)
875 AC_DEFINE(SSHD_ACQUIRES_CTTY)
876 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
877 enable_etc_default_login=no # has incompatible /etc/default/login
878 case "$host" in
879 *-*-nto-qnx6*)
880 AC_DEFINE(DISABLE_FD_PASSING)
881 ;;
882 esac
883 ;;
885 *-*-ultrix*)
886 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
887 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
888 AC_DEFINE(NEED_SETPGRP)
889 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
890 ;;
892 *-*-lynxos)
893 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
894 AC_DEFINE(MISSING_HOWMANY)
895 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
896 ;;
897 esac
899 AC_MSG_CHECKING(compiler and flags for sanity)
900 AC_RUN_IFELSE(
901 [AC_LANG_SOURCE([
902 #include <stdio.h>
903 int main(){exit(0);}
904 ])],
905 [ AC_MSG_RESULT(yes) ],
906 [
907 AC_MSG_RESULT(no)
908 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
909 ],
910 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
911 )
913 dnl Checks for header files.
914 # Checks for libraries.
915 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
916 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
918 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
919 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
920 AC_CHECK_LIB(gen, dirname,[
921 AC_CACHE_CHECK([for broken dirname],
922 ac_cv_have_broken_dirname, [
923 save_LIBS="$LIBS"
924 LIBS="$LIBS -lgen"
925 AC_RUN_IFELSE(
926 [AC_LANG_SOURCE([[
927 #include <libgen.h>
928 #include <string.h>
930 int main(int argc, char **argv) {
931 char *s, buf[32];
933 strncpy(buf,"/etc", 32);
934 s = dirname(buf);
935 if (!s || strncmp(s, "/", 32) != 0) {
936 exit(1);
937 } else {
938 exit(0);
939 }
940 }
941 ]])],
942 [ ac_cv_have_broken_dirname="no" ],
943 [ ac_cv_have_broken_dirname="yes" ],
944 [ ac_cv_have_broken_dirname="no" ],
945 )
946 LIBS="$save_LIBS"
947 ])
948 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
949 LIBS="$LIBS -lgen"
950 AC_DEFINE(HAVE_DIRNAME)
951 AC_CHECK_HEADERS(libgen.h)
952 fi
953 ])
954 ])
956 AC_CHECK_FUNC(getspnam, ,
957 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
958 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
959 [Define if you have the basename function.]))
961 dnl zlib is required
962 AC_ARG_WITH(zlib,
963 [ --with-zlib=PATH Use zlib in PATH],
964 [ if test "x$withval" = "xno" ; then
965 AC_MSG_ERROR([*** zlib is required ***])
966 elif test "x$withval" != "xyes"; then
967 if test -d "$withval/lib"; then
968 if test -n "${need_dash_r}"; then
969 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
970 else
971 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
972 fi
973 else
974 if test -n "${need_dash_r}"; then
975 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
976 else
977 LDFLAGS="-L${withval} ${LDFLAGS}"
978 fi
979 fi
980 if test -d "$withval/include"; then
981 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
982 else
983 CPPFLAGS="-I${withval} ${CPPFLAGS}"
984 fi
985 fi ]
986 )
988 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
989 AC_CHECK_LIB(z, deflate, ,
990 [
991 saved_CPPFLAGS="$CPPFLAGS"
992 saved_LDFLAGS="$LDFLAGS"
993 save_LIBS="$LIBS"
994 dnl Check default zlib install dir
995 if test -n "${need_dash_r}"; then
996 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
997 else
998 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
999 fi
1000 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1001 LIBS="$LIBS -lz"
1002 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1003 [
1004 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1005 ]
1006 )
1007 ]
1008 )
1010 AC_ARG_WITH(zlib-version-check,
1011 [ --without-zlib-version-check Disable zlib version check],
1012 [ if test "x$withval" = "xno" ; then
1013 zlib_check_nonfatal=1
1014 fi
1015 ]
1016 )
1018 AC_MSG_CHECKING(for possibly buggy zlib)
1019 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1020 #include <stdio.h>
1021 #include <zlib.h>
1022 int main()
1023 {
1024 int a=0, b=0, c=0, d=0, n, v;
1025 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1026 if (n != 3 && n != 4)
1027 exit(1);
1028 v = a*1000000 + b*10000 + c*100 + d;
1029 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1031 /* 1.1.4 is OK */
1032 if (a == 1 && b == 1 && c >= 4)
1033 exit(0);
1035 /* 1.2.3 and up are OK */
1036 if (v >= 1020300)
1037 exit(0);
1039 exit(2);
1040 }
1041 ]])],
1042 AC_MSG_RESULT(no),
1043 [ AC_MSG_RESULT(yes)
1044 if test -z "$zlib_check_nonfatal" ; then
1045 AC_MSG_ERROR([*** zlib too old - check config.log ***
1046 Your reported zlib version has known security problems. It's possible your
1047 vendor has fixed these problems without changing the version number. If you
1048 are sure this is the case, you can disable the check by running
1049 "./configure --without-zlib-version-check".
1050 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1051 See http://www.gzip.org/zlib/ for details.])
1052 else
1053 AC_MSG_WARN([zlib version may have security problems])
1054 fi
1055 ],
1056 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1057 )
1059 dnl UnixWare 2.x
1060 AC_CHECK_FUNC(strcasecmp,
1061 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1062 )
1063 AC_CHECK_FUNCS(utimes,
1064 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1065 LIBS="$LIBS -lc89"]) ]
1066 )
1068 dnl Checks for libutil functions
1069 AC_CHECK_HEADERS(libutil.h)
1070 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1071 [Define if your libraries define login()])])
1072 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1074 AC_FUNC_STRFTIME
1076 # Check for ALTDIRFUNC glob() extension
1077 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1078 AC_EGREP_CPP(FOUNDIT,
1079 [
1080 #include <glob.h>
1081 #ifdef GLOB_ALTDIRFUNC
1082 FOUNDIT
1083 #endif
1084 ],
1085 [
1086 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1087 [Define if your system glob() function has
1088 the GLOB_ALTDIRFUNC extension])
1089 AC_MSG_RESULT(yes)
1090 ],
1091 [
1092 AC_MSG_RESULT(no)
1093 ]
1094 )
1096 # Check for g.gl_matchc glob() extension
1097 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1098 AC_TRY_COMPILE(
1099 [ #include <glob.h> ],
1100 [glob_t g; g.gl_matchc = 1;],
1101 [
1102 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1103 [Define if your system glob() function has
1104 gl_matchc options in glob_t])
1105 AC_MSG_RESULT(yes)
1106 ],
1107 [
1108 AC_MSG_RESULT(no)
1109 ]
1110 )
1112 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1114 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1115 AC_RUN_IFELSE(
1116 [AC_LANG_SOURCE([[
1117 #include <sys/types.h>
1118 #include <dirent.h>
1119 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1120 ]])],
1121 [AC_MSG_RESULT(yes)],
1122 [
1123 AC_MSG_RESULT(no)
1124 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1125 [Define if your struct dirent expects you to
1126 allocate extra space for d_name])
1127 ],
1128 [
1129 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1130 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1131 ]
1132 )
1134 AC_MSG_CHECKING([for /proc/pid/fd directory])
1135 if test -d "/proc/$$/fd" ; then
1136 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1137 AC_MSG_RESULT(yes)
1138 else
1139 AC_MSG_RESULT(no)
1140 fi
1142 # Check whether user wants S/Key support
1143 SKEY_MSG="no"
1144 AC_ARG_WITH(skey,
1145 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1146 [
1147 if test "x$withval" != "xno" ; then
1149 if test "x$withval" != "xyes" ; then
1150 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1151 LDFLAGS="$LDFLAGS -L${withval}/lib"
1152 fi
1154 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1155 LIBS="-lskey $LIBS"
1156 SKEY_MSG="yes"
1158 AC_MSG_CHECKING([for s/key support])
1159 AC_LINK_IFELSE(
1160 [AC_LANG_SOURCE([[
1161 #include <stdio.h>
1162 #include <skey.h>
1163 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1164 ]])],
1165 [AC_MSG_RESULT(yes)],
1166 [
1167 AC_MSG_RESULT(no)
1168 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1169 ])
1170 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1171 AC_TRY_COMPILE(
1172 [#include <stdio.h>
1173 #include <skey.h>],
1174 [(void)skeychallenge(NULL,"name","",0);],
1175 [AC_MSG_RESULT(yes)
1176 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1177 [Define if your skeychallenge()
1178 function takes 4 arguments (NetBSD)])],
1179 [AC_MSG_RESULT(no)]
1180 )
1181 fi
1182 ]
1183 )
1185 # Check whether user wants TCP wrappers support
1186 TCPW_MSG="no"
1187 AC_ARG_WITH(tcp-wrappers,
1188 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1189 [
1190 if test "x$withval" != "xno" ; then
1191 saved_LIBS="$LIBS"
1192 saved_LDFLAGS="$LDFLAGS"
1193 saved_CPPFLAGS="$CPPFLAGS"
1194 if test -n "${withval}" && \
1195 test "x${withval}" != "xyes"; then
1196 if test -d "${withval}/lib"; then
1197 if test -n "${need_dash_r}"; then
1198 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1199 else
1200 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1201 fi
1202 else
1203 if test -n "${need_dash_r}"; then
1204 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1205 else
1206 LDFLAGS="-L${withval} ${LDFLAGS}"
1207 fi
1208 fi
1209 if test -d "${withval}/include"; then
1210 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1211 else
1212 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1213 fi
1214 fi
1215 LIBS="-lwrap $LIBS"
1216 AC_MSG_CHECKING(for libwrap)
1217 AC_TRY_LINK(
1218 [
1219 #include <sys/types.h>
1220 #include <sys/socket.h>
1221 #include <netinet/in.h>
1222 #include <tcpd.h>
1223 int deny_severity = 0, allow_severity = 0;
1224 ],
1225 [hosts_access(0);],
1226 [
1227 AC_MSG_RESULT(yes)
1228 AC_DEFINE(LIBWRAP, 1,
1229 [Define if you want
1230 TCP Wrappers support])
1231 SSHDLIBS="$SSHDLIBS -lwrap"
1232 TCPW_MSG="yes"
1233 ],
1234 [
1235 AC_MSG_ERROR([*** libwrap missing])
1236 ]
1237 )
1238 LIBS="$saved_LIBS"
1239 fi
1240 ]
1241 )
1243 # Check whether user wants libedit support
1244 LIBEDIT_MSG="no"
1245 AC_ARG_WITH(libedit,
1246 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1247 [ if test "x$withval" != "xno" ; then
1248 if test "x$withval" != "xyes"; then
1249 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1250 if test -n "${need_dash_r}"; then
1251 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1252 else
1253 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1254 fi
1255 fi
1256 AC_CHECK_LIB(edit, el_init,
1257 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1258 LIBEDIT="-ledit -lcurses"
1259 LIBEDIT_MSG="yes"
1260 AC_SUBST(LIBEDIT)
1261 ],
1262 [ AC_MSG_ERROR(libedit not found) ],
1263 [ -lcurses ]
1264 )
1265 AC_MSG_CHECKING(if libedit version is compatible)
1266 AC_COMPILE_IFELSE(
1267 [AC_LANG_SOURCE([[
1268 #include <histedit.h>
1269 int main(void)
1270 {
1271 int i = H_SETSIZE;
1272 el_init("", NULL, NULL, NULL);
1273 exit(0);
1274 }
1275 ]])],
1276 [ AC_MSG_RESULT(yes) ],
1277 [ AC_MSG_RESULT(no)
1278 AC_MSG_ERROR(libedit version is not compatible) ]
1279 )
1280 fi ]
1281 )
1283 AUDIT_MODULE=none
1284 AC_ARG_WITH(audit,
1285 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1286 [
1287 AC_MSG_CHECKING(for supported audit module)
1288 case "$withval" in
1289 bsm)
1290 AC_MSG_RESULT(bsm)
1291 AUDIT_MODULE=bsm
1292 dnl Checks for headers, libs and functions
1293 AC_CHECK_HEADERS(bsm/audit.h, [],
1294 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1295 [
1296 #ifdef HAVE_TIME_H
1297 # include <time.h>
1298 #endif
1299 ]
1300 )
1301 AC_CHECK_LIB(bsm, getaudit, [],
1302 [AC_MSG_ERROR(BSM enabled and required library not found)])
1303 AC_CHECK_FUNCS(getaudit, [],
1304 [AC_MSG_ERROR(BSM enabled and required function not found)])
1305 # These are optional
1306 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1307 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1308 ;;
1309 debug)
1310 AUDIT_MODULE=debug
1311 AC_MSG_RESULT(debug)
1312 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1313 ;;
1314 no)
1315 AC_MSG_RESULT(no)
1316 ;;
1317 *)
1318 AC_MSG_ERROR([Unknown audit module $withval])
1319 ;;
1320 esac ]
1321 )
1323 dnl Checks for library functions. Please keep in alphabetical order
1324 AC_CHECK_FUNCS( \
1325 arc4random \
1326 arc4random_buf \
1327 arc4random_uniform \
1328 asprintf \
1329 b64_ntop \
1330 __b64_ntop \
1331 b64_pton \
1332 __b64_pton \
1333 bcopy \
1334 bindresvport_sa \
1335 clock \
1336 closefrom \
1337 dirfd \
1338 fchmod \
1339 fchown \
1340 freeaddrinfo \
1341 fstatvfs \
1342 futimes \
1343 getaddrinfo \
1344 getcwd \
1345 getgrouplist \
1346 getnameinfo \
1347 getopt \
1348 getpeereid \
1349 getpeerucred \
1350 _getpty \
1351 getrlimit \
1352 getttyent \
1353 glob \
1354 inet_aton \
1355 inet_ntoa \
1356 inet_ntop \
1357 innetgr \
1358 login_getcapbool \
1359 md5_crypt \
1360 memmove \
1361 mkdtemp \
1362 mmap \
1363 ngetaddrinfo \
1364 nsleep \
1365 ogetaddrinfo \
1366 openlog_r \
1367 openpty \
1368 poll \
1369 prctl \
1370 pstat \
1371 readpassphrase \
1372 realpath \
1373 recvmsg \
1374 rresvport_af \
1375 sendmsg \
1376 setdtablesize \
1377 setegid \
1378 setenv \
1379 seteuid \
1380 setgroups \
1381 setlogin \
1382 setpcred \
1383 setproctitle \
1384 setregid \
1385 setreuid \
1386 setrlimit \
1387 setsid \
1388 setvbuf \
1389 sigaction \
1390 sigvec \
1391 snprintf \
1392 socketpair \
1393 statfs \
1394 statvfs \
1395 strdup \
1396 strerror \
1397 strlcat \
1398 strlcpy \
1399 strmode \
1400 strnvis \
1401 strtonum \
1402 strtoll \
1403 strtoul \
1404 swap32 \
1405 sysconf \
1406 tcgetpgrp \
1407 truncate \
1408 unsetenv \
1409 updwtmpx \
1410 vasprintf \
1411 vhangup \
1412 vsnprintf \
1413 waitpid \
1414 )
1416 # IRIX has a const char return value for gai_strerror()
1417 AC_CHECK_FUNCS(gai_strerror,[
1418 AC_DEFINE(HAVE_GAI_STRERROR)
1419 AC_TRY_COMPILE([
1420 #include <sys/types.h>
1421 #include <sys/socket.h>
1422 #include <netdb.h>
1424 const char *gai_strerror(int);],[
1425 char *str;
1427 str = gai_strerror(0);],[
1428 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1429 [Define if gai_strerror() returns const char *])])])
1431 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1432 [Some systems put nanosleep outside of libc]))
1434 dnl Make sure prototypes are defined for these before using them.
1435 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1436 AC_CHECK_DECL(strsep,
1437 [AC_CHECK_FUNCS(strsep)],
1438 [],
1439 [
1440 #ifdef HAVE_STRING_H
1441 # include <string.h>
1442 #endif
1443 ])
1445 dnl tcsendbreak might be a macro
1446 AC_CHECK_DECL(tcsendbreak,
1447 [AC_DEFINE(HAVE_TCSENDBREAK)],
1448 [AC_CHECK_FUNCS(tcsendbreak)],
1449 [#include <termios.h>]
1450 )
1452 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1454 AC_CHECK_DECLS(SHUT_RD, , ,
1455 [
1456 #include <sys/types.h>
1457 #include <sys/socket.h>
1458 ])
1460 AC_CHECK_DECLS(O_NONBLOCK, , ,
1461 [
1462 #include <sys/types.h>
1463 #ifdef HAVE_SYS_STAT_H
1464 # include <sys/stat.h>
1465 #endif
1466 #ifdef HAVE_FCNTL_H
1467 # include <fcntl.h>
1468 #endif
1469 ])
1471 AC_CHECK_DECLS(writev, , , [
1472 #include <sys/types.h>
1473 #include <sys/uio.h>
1474 #include <unistd.h>
1475 ])
1477 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1478 #include <sys/param.h>
1479 ])
1481 AC_CHECK_DECLS(offsetof, , , [
1482 #include <stddef.h>
1483 ])
1485 AC_CHECK_FUNCS(setresuid, [
1486 dnl Some platorms have setresuid that isn't implemented, test for this
1487 AC_MSG_CHECKING(if setresuid seems to work)
1488 AC_RUN_IFELSE(
1489 [AC_LANG_SOURCE([[
1490 #include <stdlib.h>
1491 #include <errno.h>
1492 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1493 ]])],
1494 [AC_MSG_RESULT(yes)],
1495 [AC_DEFINE(BROKEN_SETRESUID, 1,
1496 [Define if your setresuid() is broken])
1497 AC_MSG_RESULT(not implemented)],
1498 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1499 )
1500 ])
1502 AC_CHECK_FUNCS(setresgid, [
1503 dnl Some platorms have setresgid that isn't implemented, test for this
1504 AC_MSG_CHECKING(if setresgid seems to work)
1505 AC_RUN_IFELSE(
1506 [AC_LANG_SOURCE([[
1507 #include <stdlib.h>
1508 #include <errno.h>
1509 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1510 ]])],
1511 [AC_MSG_RESULT(yes)],
1512 [AC_DEFINE(BROKEN_SETRESGID, 1,
1513 [Define if your setresgid() is broken])
1514 AC_MSG_RESULT(not implemented)],
1515 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1516 )
1517 ])
1519 dnl Checks for time functions
1520 AC_CHECK_FUNCS(gettimeofday time)
1521 dnl Checks for utmp functions
1522 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1523 AC_CHECK_FUNCS(utmpname)
1524 dnl Checks for utmpx functions
1525 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1526 AC_CHECK_FUNCS(setutxent utmpxname)
1527 dnl Checks for lastlog functions
1528 AC_CHECK_FUNCS(getlastlogxbyname)
1530 AC_CHECK_FUNC(daemon,
1531 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1532 [AC_CHECK_LIB(bsd, daemon,
1533 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1534 )
1536 AC_CHECK_FUNC(getpagesize,
1537 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1538 [Define if your libraries define getpagesize()])],
1539 [AC_CHECK_LIB(ucb, getpagesize,
1540 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1541 )
1543 # Check for broken snprintf
1544 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1545 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1546 AC_RUN_IFELSE(
1547 [AC_LANG_SOURCE([[
1548 #include <stdio.h>
1549 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1550 ]])],
1551 [AC_MSG_RESULT(yes)],
1552 [
1553 AC_MSG_RESULT(no)
1554 AC_DEFINE(BROKEN_SNPRINTF, 1,
1555 [Define if your snprintf is busted])
1556 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1557 ],
1558 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1559 )
1560 fi
1562 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1563 # returning the right thing on overflow: the number of characters it tried to
1564 # create (as per SUSv3)
1565 if test "x$ac_cv_func_asprintf" != "xyes" && \
1566 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1567 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1568 AC_RUN_IFELSE(
1569 [AC_LANG_SOURCE([[
1570 #include <sys/types.h>
1571 #include <stdio.h>
1572 #include <stdarg.h>
1574 int x_snprintf(char *str,size_t count,const char *fmt,...)
1575 {
1576 size_t ret; va_list ap;
1577 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1578 return ret;
1579 }
1580 int main(void)
1581 {
1582 char x[1];
1583 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1584 } ]])],
1585 [AC_MSG_RESULT(yes)],
1586 [
1587 AC_MSG_RESULT(no)
1588 AC_DEFINE(BROKEN_SNPRINTF, 1,
1589 [Define if your snprintf is busted])
1590 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1591 ],
1592 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1593 )
1594 fi
1596 # On systems where [v]snprintf is broken, but is declared in stdio,
1597 # check that the fmt argument is const char * or just char *.
1598 # This is only useful for when BROKEN_SNPRINTF
1599 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1600 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1601 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1602 int main(void) { snprintf(0, 0, 0); }
1603 ]])],
1604 [AC_MSG_RESULT(yes)
1605 AC_DEFINE(SNPRINTF_CONST, [const],
1606 [Define as const if snprintf() can declare const char *fmt])],
1607 [AC_MSG_RESULT(no)
1608 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1610 # Check for missing getpeereid (or equiv) support
1611 NO_PEERCHECK=""
1612 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1613 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1614 AC_TRY_COMPILE(
1615 [#include <sys/types.h>
1616 #include <sys/socket.h>],
1617 [int i = SO_PEERCRED;],
1618 [ AC_MSG_RESULT(yes)
1619 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1620 ],
1621 [AC_MSG_RESULT(no)
1622 NO_PEERCHECK=1]
1623 )
1624 fi
1626 dnl see whether mkstemp() requires XXXXXX
1627 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1628 AC_MSG_CHECKING([for (overly) strict mkstemp])
1629 AC_RUN_IFELSE(
1630 [AC_LANG_SOURCE([[
1631 #include <stdlib.h>
1632 main() { char template[]="conftest.mkstemp-test";
1633 if (mkstemp(template) == -1)
1634 exit(1);
1635 unlink(template); exit(0);
1636 }
1637 ]])],
1638 [
1639 AC_MSG_RESULT(no)
1640 ],
1641 [
1642 AC_MSG_RESULT(yes)
1643 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1644 ],
1645 [
1646 AC_MSG_RESULT(yes)
1647 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1648 ]
1649 )
1650 fi
1652 dnl make sure that openpty does not reacquire controlling terminal
1653 if test ! -z "$check_for_openpty_ctty_bug"; then
1654 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1655 AC_RUN_IFELSE(
1656 [AC_LANG_SOURCE([[
1657 #include <stdio.h>
1658 #include <sys/fcntl.h>
1659 #include <sys/types.h>
1660 #include <sys/wait.h>
1662 int
1663 main()
1664 {
1665 pid_t pid;
1666 int fd, ptyfd, ttyfd, status;
1668 pid = fork();
1669 if (pid < 0) { /* failed */
1670 exit(1);
1671 } else if (pid > 0) { /* parent */
1672 waitpid(pid, &status, 0);
1673 if (WIFEXITED(status))
1674 exit(WEXITSTATUS(status));
1675 else
1676 exit(2);
1677 } else { /* child */
1678 close(0); close(1); close(2);
1679 setsid();
1680 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1681 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1682 if (fd >= 0)
1683 exit(3); /* Acquired ctty: broken */
1684 else
1685 exit(0); /* Did not acquire ctty: OK */
1686 }
1687 }
1688 ]])],
1689 [
1690 AC_MSG_RESULT(yes)
1691 ],
1692 [
1693 AC_MSG_RESULT(no)
1694 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1695 ],
1696 [
1697 AC_MSG_RESULT(cross-compiling, assuming yes)
1698 ]
1699 )
1700 fi
1702 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1703 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1704 AC_MSG_CHECKING(if getaddrinfo seems to work)
1705 AC_RUN_IFELSE(
1706 [AC_LANG_SOURCE([[
1707 #include <stdio.h>
1708 #include <sys/socket.h>
1709 #include <netdb.h>
1710 #include <errno.h>
1711 #include <netinet/in.h>
1713 #define TEST_PORT "2222"
1715 int
1716 main(void)
1717 {
1718 int err, sock;
1719 struct addrinfo *gai_ai, *ai, hints;
1720 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1722 memset(&hints, 0, sizeof(hints));
1723 hints.ai_family = PF_UNSPEC;
1724 hints.ai_socktype = SOCK_STREAM;
1725 hints.ai_flags = AI_PASSIVE;
1727 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1728 if (err != 0) {
1729 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1730 exit(1);
1731 }
1733 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1734 if (ai->ai_family != AF_INET6)
1735 continue;
1737 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1738 sizeof(ntop), strport, sizeof(strport),
1739 NI_NUMERICHOST|NI_NUMERICSERV);
1741 if (err != 0) {
1742 if (err == EAI_SYSTEM)
1743 perror("getnameinfo EAI_SYSTEM");
1744 else
1745 fprintf(stderr, "getnameinfo failed: %s\n",
1746 gai_strerror(err));
1747 exit(2);
1748 }
1750 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1751 if (sock < 0)
1752 perror("socket");
1753 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1754 if (errno == EBADF)
1755 exit(3);
1756 }
1757 }
1758 exit(0);
1759 }
1760 ]])],
1761 [
1762 AC_MSG_RESULT(yes)
1763 ],
1764 [
1765 AC_MSG_RESULT(no)
1766 AC_DEFINE(BROKEN_GETADDRINFO)
1767 ],
1768 [
1769 AC_MSG_RESULT(cross-compiling, assuming yes)
1770 ]
1771 )
1772 fi
1774 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1775 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1776 AC_MSG_CHECKING(if getaddrinfo seems to work)
1777 AC_RUN_IFELSE(
1778 [AC_LANG_SOURCE([[
1779 #include <stdio.h>
1780 #include <sys/socket.h>
1781 #include <netdb.h>
1782 #include <errno.h>
1783 #include <netinet/in.h>
1785 #define TEST_PORT "2222"
1787 int
1788 main(void)
1789 {
1790 int err, sock;
1791 struct addrinfo *gai_ai, *ai, hints;
1792 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1794 memset(&hints, 0, sizeof(hints));
1795 hints.ai_family = PF_UNSPEC;
1796 hints.ai_socktype = SOCK_STREAM;
1797 hints.ai_flags = AI_PASSIVE;
1799 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1800 if (err != 0) {
1801 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1802 exit(1);
1803 }
1805 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1806 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1807 continue;
1809 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1810 sizeof(ntop), strport, sizeof(strport),
1811 NI_NUMERICHOST|NI_NUMERICSERV);
1813 if (ai->ai_family == AF_INET && err != 0) {
1814 perror("getnameinfo");
1815 exit(2);
1816 }
1817 }
1818 exit(0);
1819 }
1820 ]])],
1821 [
1822 AC_MSG_RESULT(yes)
1823 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1824 [Define if you have a getaddrinfo that fails
1825 for the all-zeros IPv6 address])
1826 ],
1827 [
1828 AC_MSG_RESULT(no)
1829 AC_DEFINE(BROKEN_GETADDRINFO)
1830 ],
1831 [
1832 AC_MSG_RESULT(cross-compiling, assuming no)
1833 ]
1834 )
1835 fi
1837 if test "x$check_for_conflicting_getspnam" = "x1"; then
1838 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1839 AC_COMPILE_IFELSE(
1840 [
1841 #include <shadow.h>
1842 int main(void) {exit(0);}
1843 ],
1844 [
1845 AC_MSG_RESULT(no)
1846 ],
1847 [
1848 AC_MSG_RESULT(yes)
1849 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1850 [Conflicting defs for getspnam])
1851 ]
1852 )
1853 fi
1855 AC_FUNC_GETPGRP
1857 # Search for OpenSSL
1858 saved_CPPFLAGS="$CPPFLAGS"
1859 saved_LDFLAGS="$LDFLAGS"
1860 AC_ARG_WITH(ssl-dir,
1861 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1862 [
1863 if test "x$withval" != "xno" ; then
1864 case "$withval" in
1865 # Relative paths
1866 ./*|../*) withval="`pwd`/$withval"
1867 esac
1868 if test -d "$withval/lib"; then
1869 if test -n "${need_dash_r}"; then
1870 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1871 else
1872 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1873 fi
1874 else
1875 if test -n "${need_dash_r}"; then
1876 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1877 else
1878 LDFLAGS="-L${withval} ${LDFLAGS}"
1879 fi
1880 fi
1881 if test -d "$withval/include"; then
1882 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1883 else
1884 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1885 fi
1886 fi
1887 ]
1888 )
1889 LIBS="-lcrypto $LIBS"
1890 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1891 [Define if your ssl headers are included
1892 with #include <openssl/header.h>]),
1893 [
1894 dnl Check default openssl install dir
1895 if test -n "${need_dash_r}"; then
1896 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1897 else
1898 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1899 fi
1900 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1901 AC_CHECK_HEADER([openssl/opensslv.h], ,
1902 AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
1903 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1904 [
1905 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1906 ]
1907 )
1908 ]
1909 )
1911 # Determine OpenSSL header version
1912 AC_MSG_CHECKING([OpenSSL header version])
1913 AC_RUN_IFELSE(
1914 [AC_LANG_SOURCE([[
1915 #include <stdio.h>
1916 #include <string.h>
1917 #include <openssl/opensslv.h>
1918 #define DATA "conftest.sslincver"
1919 int main(void) {
1920 FILE *fd;
1921 int rc;
1923 fd = fopen(DATA,"w");
1924 if(fd == NULL)
1925 exit(1);
1927 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1928 exit(1);
1930 exit(0);
1931 }
1932 ]])],
1933 [
1934 ssl_header_ver=`cat conftest.sslincver`
1935 AC_MSG_RESULT($ssl_header_ver)
1936 ],
1937 [
1938 AC_MSG_RESULT(not found)
1939 AC_MSG_ERROR(OpenSSL version header not found.)
1940 ],
1941 [
1942 AC_MSG_WARN([cross compiling: not checking])
1943 ]
1944 )
1946 # Determine OpenSSL library version
1947 AC_MSG_CHECKING([OpenSSL library version])
1948 AC_RUN_IFELSE(
1949 [AC_LANG_SOURCE([[
1950 #include <stdio.h>
1951 #include <string.h>
1952 #include <openssl/opensslv.h>
1953 #include <openssl/crypto.h>
1954 #define DATA "conftest.ssllibver"
1955 int main(void) {
1956 FILE *fd;
1957 int rc;
1959 fd = fopen(DATA,"w");
1960 if(fd == NULL)
1961 exit(1);
1963 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1964 exit(1);
1966 exit(0);
1967 }
1968 ]])],
1969 [
1970 ssl_library_ver=`cat conftest.ssllibver`
1971 AC_MSG_RESULT($ssl_library_ver)
1972 ],
1973 [
1974 AC_MSG_RESULT(not found)
1975 AC_MSG_ERROR(OpenSSL library not found.)
1976 ],
1977 [
1978 AC_MSG_WARN([cross compiling: not checking])
1979 ]
1980 )
1982 AC_ARG_WITH(openssl-header-check,
1983 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1984 [ if test "x$withval" = "xno" ; then
1985 openssl_check_nonfatal=1
1986 fi
1987 ]
1988 )
1990 # Sanity check OpenSSL headers
1991 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1992 AC_RUN_IFELSE(
1993 [AC_LANG_SOURCE([[
1994 #include <string.h>
1995 #include <openssl/opensslv.h>
1996 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1997 ]])],
1998 [
1999 AC_MSG_RESULT(yes)
2000 ],
2001 [
2002 AC_MSG_RESULT(no)
2003 if test "x$openssl_check_nonfatal" = "x"; then
2004 AC_MSG_ERROR([Your OpenSSL headers do not match your
2005 library. Check config.log for details.
2006 If you are sure your installation is consistent, you can disable the check
2007 by running "./configure --without-openssl-header-check".
2008 Also see contrib/findssl.sh for help identifying header/library mismatches.
2009 ])
2010 else
2011 AC_MSG_WARN([Your OpenSSL headers do not match your
2012 library. Check config.log for details.
2013 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2014 fi
2015 ],
2016 [
2017 AC_MSG_WARN([cross compiling: not checking])
2018 ]
2019 )
2021 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2022 AC_LINK_IFELSE(
2023 [AC_LANG_SOURCE([[
2024 #include <openssl/evp.h>
2025 int main(void) { SSLeay_add_all_algorithms(); }
2026 ]])],
2027 [
2028 AC_MSG_RESULT(yes)
2029 ],
2030 [
2031 AC_MSG_RESULT(no)
2032 saved_LIBS="$LIBS"
2033 LIBS="$LIBS -ldl"
2034 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2035 AC_LINK_IFELSE(
2036 [AC_LANG_SOURCE([[
2037 #include <openssl/evp.h>
2038 int main(void) { SSLeay_add_all_algorithms(); }
2039 ]])],
2040 [
2041 AC_MSG_RESULT(yes)
2042 ],
2043 [
2044 AC_MSG_RESULT(no)
2045 LIBS="$saved_LIBS"
2046 ]
2047 )
2048 ]
2049 )
2051 AC_ARG_WITH(ssl-engine,
2052 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2053 [ if test "x$withval" != "xno" ; then
2054 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2055 AC_TRY_COMPILE(
2056 [ #include <openssl/engine.h>],
2057 [
2058 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2059 ],
2060 [ AC_MSG_RESULT(yes)
2061 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2062 [Enable OpenSSL engine support])
2063 ],
2064 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2065 )
2066 fi ]
2067 )
2069 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2070 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2071 AC_LINK_IFELSE(
2072 [AC_LANG_SOURCE([[
2073 #include <string.h>
2074 #include <openssl/evp.h>
2075 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2076 ]])],
2077 [
2078 AC_MSG_RESULT(no)
2079 ],
2080 [
2081 AC_MSG_RESULT(yes)
2082 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2083 [libcrypto is missing AES 192 and 256 bit functions])
2084 ]
2085 )
2087 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2088 AC_LINK_IFELSE(
2089 [AC_LANG_SOURCE([[
2090 #include <string.h>
2091 #include <openssl/evp.h>
2092 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2093 ]])],
2094 [
2095 AC_MSG_RESULT(yes)
2096 ],
2097 [
2098 AC_MSG_RESULT(no)
2099 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2100 [Define if EVP_DigestUpdate returns void])
2101 ]
2102 )
2104 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2105 # because the system crypt() is more featureful.
2106 if test "x$check_for_libcrypt_before" = "x1"; then
2107 AC_CHECK_LIB(crypt, crypt)
2108 fi
2110 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2111 # version in OpenSSL.
2112 if test "x$check_for_libcrypt_later" = "x1"; then
2113 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2114 fi
2116 # Search for SHA256 support in libc and/or OpenSSL
2117 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2119 saved_LIBS="$LIBS"
2120 AC_CHECK_LIB(iaf, ia_openinfo, [
2121 LIBS="$LIBS -liaf"
2122 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2123 AC_DEFINE(HAVE_LIBIAF, 1,
2124 [Define if system has libiaf that supports set_id])
2125 ])
2126 ])
2127 LIBS="$saved_LIBS"
2129 ### Configure cryptographic random number support
2131 # Check wheter OpenSSL seeds itself
2132 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2133 AC_RUN_IFELSE(
2134 [AC_LANG_SOURCE([[
2135 #include <string.h>
2136 #include <openssl/rand.h>
2137 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2138 ]])],
2139 [
2140 OPENSSL_SEEDS_ITSELF=yes
2141 AC_MSG_RESULT(yes)
2142 ],
2143 [
2144 AC_MSG_RESULT(no)
2145 # Default to use of the rand helper if OpenSSL doesn't
2146 # seed itself
2147 USE_RAND_HELPER=yes
2148 ],
2149 [
2150 AC_MSG_WARN([cross compiling: assuming yes])
2151 # This is safe, since all recent OpenSSL versions will
2152 # complain at runtime if not seeded correctly.
2153 OPENSSL_SEEDS_ITSELF=yes
2154 ]
2155 )
2157 # Check for PAM libs
2158 PAM_MSG="no"
2159 AC_ARG_WITH(pam,
2160 [ --with-pam Enable PAM support ],
2161 [
2162 if test "x$withval" != "xno" ; then
2163 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2164 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2165 AC_MSG_ERROR([PAM headers not found])
2166 fi
2168 saved_LIBS="$LIBS"
2169 AC_CHECK_LIB(dl, dlopen, , )
2170 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2171 AC_CHECK_FUNCS(pam_getenvlist)
2172 AC_CHECK_FUNCS(pam_putenv)
2173 LIBS="$saved_LIBS"
2175 PAM_MSG="yes"
2177 SSHDLIBS="$SSHDLIBS -lpam"
2178 AC_DEFINE(USE_PAM, 1,
2179 [Define if you want to enable PAM support])
2181 if test $ac_cv_lib_dl_dlopen = yes; then
2182 case "$LIBS" in
2183 *-ldl*)
2184 # libdl already in LIBS
2185 ;;
2186 *)
2187 SSHDLIBS="$SSHDLIBS -ldl"
2188 ;;
2189 esac
2190 fi
2191 fi
2192 ]
2193 )
2195 # Check for older PAM
2196 if test "x$PAM_MSG" = "xyes" ; then
2197 # Check PAM strerror arguments (old PAM)
2198 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2199 AC_TRY_COMPILE(
2200 [
2201 #include <stdlib.h>
2202 #if defined(HAVE_SECURITY_PAM_APPL_H)
2203 #include <security/pam_appl.h>
2204 #elif defined (HAVE_PAM_PAM_APPL_H)
2205 #include <pam/pam_appl.h>
2206 #endif
2207 ],
2208 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2209 [AC_MSG_RESULT(no)],
2210 [
2211 AC_DEFINE(HAVE_OLD_PAM, 1,
2212 [Define if you have an old version of PAM
2213 which takes only one argument to pam_strerror])
2214 AC_MSG_RESULT(yes)
2215 PAM_MSG="yes (old library)"
2216 ]
2217 )
2218 fi
2220 # Do we want to force the use of the rand helper?
2221 AC_ARG_WITH(rand-helper,
2222 [ --with-rand-helper Use subprocess to gather strong randomness ],
2223 [
2224 if test "x$withval" = "xno" ; then
2225 # Force use of OpenSSL's internal RNG, even if
2226 # the previous test showed it to be unseeded.
2227 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2228 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2229 OPENSSL_SEEDS_ITSELF=yes
2230 USE_RAND_HELPER=""
2231 fi
2232 else
2233 USE_RAND_HELPER=yes
2234 fi
2235 ],
2236 )
2238 # Which randomness source do we use?
2239 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2240 # OpenSSL only
2241 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2242 [Define if you want OpenSSL's internally seeded PRNG only])
2243 RAND_MSG="OpenSSL internal ONLY"
2244 INSTALL_SSH_RAND_HELPER=""
2245 elif test ! -z "$USE_RAND_HELPER" ; then
2246 # install rand helper
2247 RAND_MSG="ssh-rand-helper"
2248 INSTALL_SSH_RAND_HELPER="yes"
2249 fi
2250 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2252 ### Configuration of ssh-rand-helper
2254 # PRNGD TCP socket
2255 AC_ARG_WITH(prngd-port,
2256 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2257 [
2258 case "$withval" in
2259 no)
2260 withval=""
2261 ;;
2262 [[0-9]]*)
2263 ;;
2264 *)
2265 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2266 ;;
2267 esac
2268 if test ! -z "$withval" ; then
2269 PRNGD_PORT="$withval"
2270 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2271 [Port number of PRNGD/EGD random number socket])
2272 fi
2273 ]
2274 )
2276 # PRNGD Unix domain socket
2277 AC_ARG_WITH(prngd-socket,
2278 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2279 [
2280 case "$withval" in
2281 yes)
2282 withval="/var/run/egd-pool"
2283 ;;
2284 no)
2285 withval=""
2286 ;;
2287 /*)
2288 ;;
2289 *)
2290 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2291 ;;
2292 esac
2294 if test ! -z "$withval" ; then
2295 if test ! -z "$PRNGD_PORT" ; then
2296 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2297 fi
2298 if test ! -r "$withval" ; then
2299 AC_MSG_WARN(Entropy socket is not readable)
2300 fi
2301 PRNGD_SOCKET="$withval"
2302 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2303 [Location of PRNGD/EGD random number socket])
2304 fi
2305 ],
2306 [
2307 # Check for existing socket only if we don't have a random device already
2308 if test "$USE_RAND_HELPER" = yes ; then
2309 AC_MSG_CHECKING(for PRNGD/EGD socket)
2310 # Insert other locations here
2311 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2312 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2313 PRNGD_SOCKET="$sock"
2314 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2315 break;
2316 fi
2317 done
2318 if test ! -z "$PRNGD_SOCKET" ; then
2319 AC_MSG_RESULT($PRNGD_SOCKET)
2320 else
2321 AC_MSG_RESULT(not found)
2322 fi
2323 fi
2324 ]
2325 )
2327 # Change default command timeout for hashing entropy source
2328 entropy_timeout=200
2329 AC_ARG_WITH(entropy-timeout,
2330 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2331 [
2332 if test -n "$withval" && test "x$withval" != "xno" && \
2333 test "x${withval}" != "xyes"; then
2334 entropy_timeout=$withval
2335 fi
2336 ]
2337 )
2338 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2339 [Builtin PRNG command timeout])
2341 SSH_PRIVSEP_USER=sshd
2342 AC_ARG_WITH(privsep-user,
2343 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2344 [
2345 if test -n "$withval" && test "x$withval" != "xno" && \
2346 test "x${withval}" != "xyes"; then
2347 SSH_PRIVSEP_USER=$withval
2348 fi
2349 ]
2350 )
2351 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2352 [non-privileged user for privilege separation])
2353 AC_SUBST(SSH_PRIVSEP_USER)
2355 # We do this little dance with the search path to insure
2356 # that programs that we select for use by installed programs
2357 # (which may be run by the super-user) come from trusted
2358 # locations before they come from the user's private area.
2359 # This should help avoid accidentally configuring some
2360 # random version of a program in someone's personal bin.
2362 OPATH=$PATH
2363 PATH=/bin:/usr/bin
2364 test -h /bin 2> /dev/null && PATH=/usr/bin
2365 test -d /sbin && PATH=$PATH:/sbin
2366 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2367 PATH=$PATH:/etc:$OPATH
2369 # These programs are used by the command hashing source to gather entropy
2370 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2371 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2372 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2373 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2374 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2375 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2376 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2377 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2378 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2379 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2380 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2381 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2382 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2383 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2384 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2385 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2386 # restore PATH
2387 PATH=$OPATH
2389 # Where does ssh-rand-helper get its randomness from?
2390 INSTALL_SSH_PRNG_CMDS=""
2391 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2392 if test ! -z "$PRNGD_PORT" ; then
2393 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2394 elif test ! -z "$PRNGD_SOCKET" ; then
2395 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2396 else
2397 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2398 RAND_HELPER_CMDHASH=yes
2399 INSTALL_SSH_PRNG_CMDS="yes"
2400 fi
2401 fi
2402 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2405 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2406 if test ! -z "$SONY" ; then
2407 LIBS="$LIBS -liberty";
2408 fi
2410 # Check for long long datatypes
2411 AC_CHECK_TYPES([long long, unsigned long long, long double])
2413 # Check datatype sizes
2414 AC_CHECK_SIZEOF(char, 1)
2415 AC_CHECK_SIZEOF(short int, 2)
2416 AC_CHECK_SIZEOF(int, 4)
2417 AC_CHECK_SIZEOF(long int, 4)
2418 AC_CHECK_SIZEOF(long long int, 8)
2420 # Sanity check long long for some platforms (AIX)
2421 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2422 ac_cv_sizeof_long_long_int=0
2423 fi
2425 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2426 if test -z "$have_llong_max"; then
2427 AC_MSG_CHECKING([for max value of long long])
2428 AC_RUN_IFELSE(
2429 [AC_LANG_SOURCE([[
2430 #include <stdio.h>
2431 /* Why is this so damn hard? */
2432 #ifdef __GNUC__
2433 # undef __GNUC__
2434 #endif
2435 #define __USE_ISOC99
2436 #include <limits.h>
2437 #define DATA "conftest.llminmax"
2438 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2440 /*
2441 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2442 * we do this the hard way.
2443 */
2444 static int
2445 fprint_ll(FILE *f, long long n)
2446 {
2447 unsigned int i;
2448 int l[sizeof(long long) * 8];
2450 if (n < 0)
2451 if (fprintf(f, "-") < 0)
2452 return -1;
2453 for (i = 0; n != 0; i++) {
2454 l[i] = my_abs(n % 10);
2455 n /= 10;
2456 }
2457 do {
2458 if (fprintf(f, "%d", l[--i]) < 0)
2459 return -1;
2460 } while (i != 0);
2461 if (fprintf(f, " ") < 0)
2462 return -1;
2463 return 0;
2464 }
2466 int main(void) {
2467 FILE *f;
2468 long long i, llmin, llmax = 0;
2470 if((f = fopen(DATA,"w")) == NULL)
2471 exit(1);
2473 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2474 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2475 llmin = LLONG_MIN;
2476 llmax = LLONG_MAX;
2477 #else
2478 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2479 /* This will work on one's complement and two's complement */
2480 for (i = 1; i > llmax; i <<= 1, i++)
2481 llmax = i;
2482 llmin = llmax + 1LL; /* wrap */
2483 #endif
2485 /* Sanity check */
2486 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2487 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2488 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2489 fprintf(f, "unknown unknown\n");
2490 exit(2);
2491 }
2493 if (fprint_ll(f, llmin) < 0)
2494 exit(3);
2495 if (fprint_ll(f, llmax) < 0)
2496 exit(4);
2497 if (fclose(f) < 0)
2498 exit(5);
2499 exit(0);
2500 }
2501 ]])],
2502 [
2503 llong_min=`$AWK '{print $1}' conftest.llminmax`
2504 llong_max=`$AWK '{print $2}' conftest.llminmax`
2506 AC_MSG_RESULT($llong_max)
2507 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2508 [max value of long long calculated by configure])
2509 AC_MSG_CHECKING([for min value of long long])
2510 AC_MSG_RESULT($llong_min)
2511 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2512 [min value of long long calculated by configure])
2513 ],
2514 [
2515 AC_MSG_RESULT(not found)
2516 ],
2517 [
2518 AC_MSG_WARN([cross compiling: not checking])
2519 ]
2520 )
2521 fi
2524 # More checks for data types
2525 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2526 AC_TRY_COMPILE(
2527 [ #include <sys/types.h> ],
2528 [ u_int a; a = 1;],
2529 [ ac_cv_have_u_int="yes" ],
2530 [ ac_cv_have_u_int="no" ]
2531 )
2532 ])
2533 if test "x$ac_cv_have_u_int" = "xyes" ; then
2534 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2535 have_u_int=1
2536 fi
2538 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2539 AC_TRY_COMPILE(
2540 [ #include <sys/types.h> ],
2541 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2542 [ ac_cv_have_intxx_t="yes" ],
2543 [ ac_cv_have_intxx_t="no" ]
2544 )
2545 ])
2546 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2547 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2548 have_intxx_t=1
2549 fi
2551 if (test -z "$have_intxx_t" && \
2552 test "x$ac_cv_header_stdint_h" = "xyes")
2553 then
2554 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2555 AC_TRY_COMPILE(
2556 [ #include <stdint.h> ],
2557 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2558 [
2559 AC_DEFINE(HAVE_INTXX_T)
2560 AC_MSG_RESULT(yes)
2561 ],
2562 [ AC_MSG_RESULT(no) ]
2563 )
2564 fi
2566 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2567 AC_TRY_COMPILE(
2568 [
2569 #include <sys/types.h>
2570 #ifdef HAVE_STDINT_H
2571 # include <stdint.h>
2572 #endif
2573 #include <sys/socket.h>
2574 #ifdef HAVE_SYS_BITYPES_H
2575 # include <sys/bitypes.h>
2576 #endif
2577 ],
2578 [ int64_t a; a = 1;],
2579 [ ac_cv_have_int64_t="yes" ],
2580 [ ac_cv_have_int64_t="no" ]
2581 )
2582 ])
2583 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2584 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2585 fi
2587 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2588 AC_TRY_COMPILE(
2589 [ #include <sys/types.h> ],
2590 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2591 [ ac_cv_have_u_intxx_t="yes" ],
2592 [ ac_cv_have_u_intxx_t="no" ]
2593 )
2594 ])
2595 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2596 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2597 have_u_intxx_t=1
2598 fi
2600 if test -z "$have_u_intxx_t" ; then
2601 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2602 AC_TRY_COMPILE(
2603 [ #include <sys/socket.h> ],
2604 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2605 [
2606 AC_DEFINE(HAVE_U_INTXX_T)
2607 AC_MSG_RESULT(yes)
2608 ],
2609 [ AC_MSG_RESULT(no) ]
2610 )
2611 fi
2613 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2614 AC_TRY_COMPILE(
2615 [ #include <sys/types.h> ],
2616 [ u_int64_t a; a = 1;],
2617 [ ac_cv_have_u_int64_t="yes" ],
2618 [ ac_cv_have_u_int64_t="no" ]
2619 )
2620 ])
2621 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2622 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2623 have_u_int64_t=1
2624 fi
2626 if test -z "$have_u_int64_t" ; then
2627 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2628 AC_TRY_COMPILE(
2629 [ #include <sys/bitypes.h> ],
2630 [ u_int64_t a; a = 1],
2631 [
2632 AC_DEFINE(HAVE_U_INT64_T)
2633 AC_MSG_RESULT(yes)
2634 ],
2635 [ AC_MSG_RESULT(no) ]
2636 )
2637 fi
2639 if test -z "$have_u_intxx_t" ; then
2640 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2641 AC_TRY_COMPILE(
2642 [
2643 #include <sys/types.h>
2644 ],
2645 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2646 [ ac_cv_have_uintxx_t="yes" ],
2647 [ ac_cv_have_uintxx_t="no" ]
2648 )
2649 ])
2650 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2651 AC_DEFINE(HAVE_UINTXX_T, 1,
2652 [define if you have uintxx_t data type])
2653 fi
2654 fi
2656 if test -z "$have_uintxx_t" ; then
2657 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2658 AC_TRY_COMPILE(
2659 [ #include <stdint.h> ],
2660 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2661 [
2662 AC_DEFINE(HAVE_UINTXX_T)
2663 AC_MSG_RESULT(yes)
2664 ],
2665 [ AC_MSG_RESULT(no) ]
2666 )
2667 fi
2669 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2670 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2671 then
2672 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2673 AC_TRY_COMPILE(
2674 [
2675 #include <sys/bitypes.h>
2676 ],
2677 [
2678 int8_t a; int16_t b; int32_t c;
2679 u_int8_t e; u_int16_t f; u_int32_t g;
2680 a = b = c = e = f = g = 1;
2681 ],
2682 [
2683 AC_DEFINE(HAVE_U_INTXX_T)
2684 AC_DEFINE(HAVE_INTXX_T)
2685 AC_MSG_RESULT(yes)
2686 ],
2687 [AC_MSG_RESULT(no)]
2688 )
2689 fi
2692 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2693 AC_TRY_COMPILE(
2694 [
2695 #include <sys/types.h>
2696 ],
2697 [ u_char foo; foo = 125; ],
2698 [ ac_cv_have_u_char="yes" ],
2699 [ ac_cv_have_u_char="no" ]
2700 )
2701 ])
2702 if test "x$ac_cv_have_u_char" = "xyes" ; then
2703 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2704 fi
2706 TYPE_SOCKLEN_T
2708 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2709 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2710 #include <sys/types.h>
2711 #ifdef HAVE_SYS_BITYPES_H
2712 #include <sys/bitypes.h>
2713 #endif
2714 #ifdef HAVE_SYS_STATFS_H
2715 #include <sys/statfs.h>
2716 #endif
2717 #ifdef HAVE_SYS_STATVFS_H
2718 #include <sys/statvfs.h>
2719 #endif
2720 ])
2722 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2723 [#include <sys/types.h>
2724 #include <netinet/in.h>])
2726 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2727 AC_TRY_COMPILE(
2728 [
2729 #include <sys/types.h>
2730 ],
2731 [ size_t foo; foo = 1235; ],
2732 [ ac_cv_have_size_t="yes" ],
2733 [ ac_cv_have_size_t="no" ]
2734 )
2735 ])
2736 if test "x$ac_cv_have_size_t" = "xyes" ; then
2737 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2738 fi
2740 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2741 AC_TRY_COMPILE(
2742 [
2743 #include <sys/types.h>
2744 ],
2745 [ ssize_t foo; foo = 1235; ],
2746 [ ac_cv_have_ssize_t="yes" ],
2747 [ ac_cv_have_ssize_t="no" ]
2748 )
2749 ])
2750 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2751 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2752 fi
2754 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2755 AC_TRY_COMPILE(
2756 [
2757 #include <time.h>
2758 ],
2759 [ clock_t foo; foo = 1235; ],
2760 [ ac_cv_have_clock_t="yes" ],
2761 [ ac_cv_have_clock_t="no" ]
2762 )
2763 ])
2764 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2765 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2766 fi
2768 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2769 AC_TRY_COMPILE(
2770 [
2771 #include <sys/types.h>
2772 #include <sys/socket.h>
2773 ],
2774 [ sa_family_t foo; foo = 1235; ],
2775 [ ac_cv_have_sa_family_t="yes" ],
2776 [ AC_TRY_COMPILE(
2777 [
2778 #include <sys/types.h>
2779 #include <sys/socket.h>
2780 #include <netinet/in.h>
2781 ],
2782 [ sa_family_t foo; foo = 1235; ],
2783 [ ac_cv_have_sa_family_t="yes" ],
2785 [ ac_cv_have_sa_family_t="no" ]
2786 )]
2787 )
2788 ])
2789 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2790 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2791 [define if you have sa_family_t data type])
2792 fi
2794 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2795 AC_TRY_COMPILE(
2796 [
2797 #include <sys/types.h>
2798 ],
2799 [ pid_t foo; foo = 1235; ],
2800 [ ac_cv_have_pid_t="yes" ],
2801 [ ac_cv_have_pid_t="no" ]
2802 )
2803 ])
2804 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2805 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2806 fi
2808 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2809 AC_TRY_COMPILE(
2810 [
2811 #include <sys/types.h>
2812 ],
2813 [ mode_t foo; foo = 1235; ],
2814 [ ac_cv_have_mode_t="yes" ],
2815 [ ac_cv_have_mode_t="no" ]
2816 )
2817 ])
2818 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2819 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2820 fi
2823 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2824 AC_TRY_COMPILE(
2825 [
2826 #include <sys/types.h>
2827 #include <sys/socket.h>
2828 ],
2829 [ struct sockaddr_storage s; ],
2830 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2831 [ ac_cv_have_struct_sockaddr_storage="no" ]
2832 )
2833 ])
2834 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2835 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2836 [define if you have struct sockaddr_storage data type])
2837 fi
2839 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2840 AC_TRY_COMPILE(
2841 [
2842 #include <sys/types.h>
2843 #include <netinet/in.h>
2844 ],
2845 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2846 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2847 [ ac_cv_have_struct_sockaddr_in6="no" ]
2848 )
2849 ])
2850 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2851 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2852 [define if you have struct sockaddr_in6 data type])
2853 fi
2855 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2856 AC_TRY_COMPILE(
2857 [
2858 #include <sys/types.h>
2859 #include <netinet/in.h>
2860 ],
2861 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2862 [ ac_cv_have_struct_in6_addr="yes" ],
2863 [ ac_cv_have_struct_in6_addr="no" ]
2864 )
2865 ])
2866 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2867 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2868 [define if you have struct in6_addr data type])
2870 dnl Now check for sin6_scope_id
2871 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
2872 [
2873 #ifdef HAVE_SYS_TYPES_H
2874 #include <sys/types.h>
2875 #endif
2876 #include <netinet/in.h>
2877 ])
2878 fi
2880 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2881 AC_TRY_COMPILE(
2882 [
2883 #include <sys/types.h>
2884 #include <sys/socket.h>
2885 #include <netdb.h>
2886 ],
2887 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2888 [ ac_cv_have_struct_addrinfo="yes" ],
2889 [ ac_cv_have_struct_addrinfo="no" ]
2890 )
2891 ])
2892 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2893 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2894 [define if you have struct addrinfo data type])
2895 fi
2897 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2898 AC_TRY_COMPILE(
2899 [ #include <sys/time.h> ],
2900 [ struct timeval tv; tv.tv_sec = 1;],
2901 [ ac_cv_have_struct_timeval="yes" ],
2902 [ ac_cv_have_struct_timeval="no" ]
2903 )
2904 ])
2905 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2906 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2907 have_struct_timeval=1
2908 fi
2910 AC_CHECK_TYPES(struct timespec)
2912 # We need int64_t or else certian parts of the compile will fail.
2913 if test "x$ac_cv_have_int64_t" = "xno" && \
2914 test "x$ac_cv_sizeof_long_int" != "x8" && \
2915 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2916 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2917 echo "an alternative compiler (I.E., GCC) before continuing."
2918 echo ""
2919 exit 1;
2920 else
2921 dnl test snprintf (broken on SCO w/gcc)
2922 AC_RUN_IFELSE(
2923 [AC_LANG_SOURCE([[
2924 #include <stdio.h>
2925 #include <string.h>
2926 #ifdef HAVE_SNPRINTF
2927 main()
2928 {
2929 char buf[50];
2930 char expected_out[50];
2931 int mazsize = 50 ;
2932 #if (SIZEOF_LONG_INT == 8)
2933 long int num = 0x7fffffffffffffff;
2934 #else
2935 long long num = 0x7fffffffffffffffll;
2936 #endif
2937 strcpy(expected_out, "9223372036854775807");
2938 snprintf(buf, mazsize, "%lld", num);
2939 if(strcmp(buf, expected_out) != 0)
2940 exit(1);
2941 exit(0);
2942 }
2943 #else
2944 main() { exit(0); }
2945 #endif
2946 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2947 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2948 )
2949 fi
2951 dnl Checks for structure members
2952 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2953 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2954 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2955 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2956 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2957 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2958 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2959 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2960 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2961 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2962 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2963 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2964 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2965 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2966 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2967 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2968 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2970 AC_CHECK_MEMBERS([struct stat.st_blksize])
2971 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2972 [Define if we don't have struct __res_state in resolv.h])],
2973 [
2974 #include <stdio.h>
2975 #if HAVE_SYS_TYPES_H
2976 # include <sys/types.h>
2977 #endif
2978 #include <netinet/in.h>
2979 #include <arpa/nameser.h>
2980 #include <resolv.h>
2981 ])
2983 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2984 ac_cv_have_ss_family_in_struct_ss, [
2985 AC_TRY_COMPILE(
2986 [
2987 #include <sys/types.h>
2988 #include <sys/socket.h>
2989 ],
2990 [ struct sockaddr_storage s; s.ss_family = 1; ],
2991 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2992 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2993 )
2994 ])
2995 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2996 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2997 fi
2999 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3000 ac_cv_have___ss_family_in_struct_ss, [
3001 AC_TRY_COMPILE(
3002 [
3003 #include <sys/types.h>
3004 #include <sys/socket.h>
3005 ],
3006 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3007 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3008 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3009 )
3010 ])
3011 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3012 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3013 [Fields in struct sockaddr_storage])
3014 fi
3016 AC_CACHE_CHECK([for pw_class field in struct passwd],
3017 ac_cv_have_pw_class_in_struct_passwd, [
3018 AC_TRY_COMPILE(
3019 [
3020 #include <pwd.h>
3021 ],
3022 [ struct passwd p; p.pw_class = 0; ],
3023 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3024 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3025 )
3026 ])
3027 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3028 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3029 [Define if your password has a pw_class field])
3030 fi
3032 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3033 ac_cv_have_pw_expire_in_struct_passwd, [
3034 AC_TRY_COMPILE(
3035 [
3036 #include <pwd.h>
3037 ],
3038 [ struct passwd p; p.pw_expire = 0; ],
3039 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3040 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3041 )
3042 ])
3043 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3044 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3045 [Define if your password has a pw_expire field])
3046 fi
3048 AC_CACHE_CHECK([for pw_change field in struct passwd],
3049 ac_cv_have_pw_change_in_struct_passwd, [
3050 AC_TRY_COMPILE(
3051 [
3052 #include <pwd.h>
3053 ],
3054 [ struct passwd p; p.pw_change = 0; ],
3055 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3056 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3057 )
3058 ])
3059 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3060 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3061 [Define if your password has a pw_change field])
3062 fi
3064 dnl make sure we're using the real structure members and not defines
3065 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3066 ac_cv_have_accrights_in_msghdr, [
3067 AC_COMPILE_IFELSE(
3068 [
3069 #include <sys/types.h>
3070 #include <sys/socket.h>
3071 #include <sys/uio.h>
3072 int main() {
3073 #ifdef msg_accrights
3074 #error "msg_accrights is a macro"
3075 exit(1);
3076 #endif
3077 struct msghdr m;
3078 m.msg_accrights = 0;
3079 exit(0);
3080 }
3081 ],
3082 [ ac_cv_have_accrights_in_msghdr="yes" ],
3083 [ ac_cv_have_accrights_in_msghdr="no" ]
3084 )
3085 ])
3086 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3087 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3088 [Define if your system uses access rights style
3089 file descriptor passing])
3090 fi
3092 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3093 AC_TRY_COMPILE([
3094 #include <sys/types.h>
3095 #include <sys/stat.h>
3096 #ifdef HAVE_SYS_TIME_H
3097 # include <sys/time.h>
3098 #endif
3099 #ifdef HAVE_SYS_MOUNT_H
3100 #include <sys/mount.h>
3101 #endif
3102 #ifdef HAVE_SYS_STATVFS_H
3103 #include <sys/statvfs.h>
3104 #endif
3105 ], [struct statvfs s; s.f_fsid = 0;],
3106 [ AC_MSG_RESULT(yes) ],
3107 [ AC_MSG_RESULT(no)
3109 AC_MSG_CHECKING(if fsid_t has member val)
3110 AC_TRY_COMPILE([
3111 #include <sys/types.h>
3112 #include <sys/statvfs.h>],
3113 [fsid_t t; t.val[0] = 0;],
3114 [ AC_MSG_RESULT(yes)
3115 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3116 [ AC_MSG_RESULT(no) ])
3118 AC_MSG_CHECKING(if f_fsid has member __val)
3119 AC_TRY_COMPILE([
3120 #include <sys/types.h>
3121 #include <sys/statvfs.h>],
3122 [fsid_t t; t.__val[0] = 0;],
3123 [ AC_MSG_RESULT(yes)
3124 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3125 [ AC_MSG_RESULT(no) ])
3126 ])
3128 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3129 ac_cv_have_control_in_msghdr, [
3130 AC_COMPILE_IFELSE(
3131 [
3132 #include <sys/types.h>
3133 #include <sys/socket.h>
3134 #include <sys/uio.h>
3135 int main() {
3136 #ifdef msg_control
3137 #error "msg_control is a macro"
3138 exit(1);
3139 #endif
3140 struct msghdr m;
3141 m.msg_control = 0;
3142 exit(0);
3143 }
3144 ],
3145 [ ac_cv_have_control_in_msghdr="yes" ],
3146 [ ac_cv_have_control_in_msghdr="no" ]
3147 )
3148 ])
3149 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3150 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3151 [Define if your system uses ancillary data style
3152 file descriptor passing])
3153 fi
3155 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3156 AC_TRY_LINK([],
3157 [ extern char *__progname; printf("%s", __progname); ],
3158 [ ac_cv_libc_defines___progname="yes" ],
3159 [ ac_cv_libc_defines___progname="no" ]
3160 )
3161 ])
3162 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3163 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3164 fi
3166 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3167 AC_TRY_LINK([
3168 #include <stdio.h>
3169 ],
3170 [ printf("%s", __FUNCTION__); ],
3171 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3172 [ ac_cv_cc_implements___FUNCTION__="no" ]
3173 )
3174 ])
3175 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3176 AC_DEFINE(HAVE___FUNCTION__, 1,
3177 [Define if compiler implements __FUNCTION__])
3178 fi
3180 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3181 AC_TRY_LINK([
3182 #include <stdio.h>
3183 ],
3184 [ printf("%s", __func__); ],
3185 [ ac_cv_cc_implements___func__="yes" ],
3186 [ ac_cv_cc_implements___func__="no" ]
3187 )
3188 ])
3189 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3190 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3191 fi
3193 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3194 AC_TRY_LINK(
3195 [#include <stdarg.h>
3196 va_list x,y;],
3197 [va_copy(x,y);],
3198 [ ac_cv_have_va_copy="yes" ],
3199 [ ac_cv_have_va_copy="no" ]
3200 )
3201 ])
3202 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3203 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3204 fi
3206 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3207 AC_TRY_LINK(
3208 [#include <stdarg.h>
3209 va_list x,y;],
3210 [__va_copy(x,y);],
3211 [ ac_cv_have___va_copy="yes" ],
3212 [ ac_cv_have___va_copy="no" ]
3213 )
3214 ])
3215 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3216 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3217 fi
3219 AC_CACHE_CHECK([whether getopt has optreset support],
3220 ac_cv_have_getopt_optreset, [
3221 AC_TRY_LINK(
3222 [
3223 #include <getopt.h>
3224 ],
3225 [ extern int optreset; optreset = 0; ],
3226 [ ac_cv_have_getopt_optreset="yes" ],
3227 [ ac_cv_have_getopt_optreset="no" ]
3228 )
3229 ])
3230 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3231 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3232 [Define if your getopt(3) defines and uses optreset])
3233 fi
3235 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3236 AC_TRY_LINK([],
3237 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3238 [ ac_cv_libc_defines_sys_errlist="yes" ],
3239 [ ac_cv_libc_defines_sys_errlist="no" ]
3240 )
3241 ])
3242 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3243 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3244 [Define if your system defines sys_errlist[]])
3245 fi
3248 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3249 AC_TRY_LINK([],
3250 [ extern int sys_nerr; printf("%i", sys_nerr);],
3251 [ ac_cv_libc_defines_sys_nerr="yes" ],
3252 [ ac_cv_libc_defines_sys_nerr="no" ]
3253 )
3254 ])
3255 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3256 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3257 fi
3259 SCARD_MSG="no"
3260 # Check whether user wants sectok support
3261 AC_ARG_WITH(sectok,
3262 [ --with-sectok Enable smartcard support using libsectok],
3263 [
3264 if test "x$withval" != "xno" ; then
3265 if test "x$withval" != "xyes" ; then
3266 CPPFLAGS="$CPPFLAGS -I${withval}"
3267 LDFLAGS="$LDFLAGS -L${withval}"
3268 if test ! -z "$need_dash_r" ; then
3269 LDFLAGS="$LDFLAGS -R${withval}"
3270 fi
3271 if test ! -z "$blibpath" ; then
3272 blibpath="$blibpath:${withval}"
3273 fi
3274 fi
3275 AC_CHECK_HEADERS(sectok.h)
3276 if test "$ac_cv_header_sectok_h" != yes; then
3277 AC_MSG_ERROR(Can't find sectok.h)
3278 fi
3279 AC_CHECK_LIB(sectok, sectok_open)
3280 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3281 AC_MSG_ERROR(Can't find libsectok)
3282 fi
3283 AC_DEFINE(SMARTCARD, 1,
3284 [Define if you want smartcard support])
3285 AC_DEFINE(USE_SECTOK, 1,
3286 [Define if you want smartcard support
3287 using sectok])
3288 SCARD_MSG="yes, using sectok"
3289 fi
3290 ]
3291 )
3293 # Check whether user wants OpenSC support
3294 OPENSC_CONFIG="no"
3295 AC_ARG_WITH(opensc,
3296 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3297 [
3298 if test "x$withval" != "xno" ; then
3299 AC_PATH_PROG(PKGCONFIG, pkg-config, no)
3300 AC_MSG_CHECKING(how to get opensc config)
3301 if test "x$withval" != "xyes" -a "x$PKGCONFIG" = "xno"; then
3302 OPENSC_CONFIG="$withval/bin/opensc-config"
3303 elif test -f "$withval/src/libopensc/libopensc.pc"; then
3304 OPENSC_CONFIG="$PKGCONFIG $withval/src/libopensc/libopensc.pc"
3305 elif test "x$PKGCONFIG" != "xno"; then
3306 OPENSC_CONFIG="$PKGCONFIG libopensc"
3307 else
3308 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3309 fi
3310 AC_MSG_RESULT($OPENSC_CONFIG)
3311 if test "$OPENSC_CONFIG" != "no"; then
3312 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3313 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3314 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3315 LIBS="$LIBS $LIBOPENSC_LIBS"
3316 AC_DEFINE(SMARTCARD)
3317 AC_DEFINE(USE_OPENSC, 1,
3318 [Define if you want smartcard support
3319 using OpenSC])
3320 SCARD_MSG="yes, using OpenSC"
3321 fi
3322 fi
3323 ]
3324 )
3326 # Check libraries needed by DNS fingerprint support
3327 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3328 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3329 [Define if getrrsetbyname() exists])],
3330 [
3331 # Needed by our getrrsetbyname()
3332 AC_SEARCH_LIBS(res_query, resolv)
3333 AC_SEARCH_LIBS(dn_expand, resolv)
3334 AC_MSG_CHECKING(if res_query will link)
3335 AC_LINK_IFELSE([
3336 #include "confdefs.h"
3337 #include <sys/types.h>
3338 #include <netinet/in.h>
3339 #include <arpa/nameser.h>
3340 #include <netdb.h>
3341 #include <resolv.h>
3342 int main()
3343 {
3344 res_query (0, 0, 0, 0, 0);
3345 return 0;
3346 }
3347 ],
3348 AC_MSG_RESULT(yes),
3349 [AC_MSG_RESULT(no)
3350 saved_LIBS="$LIBS"
3351 LIBS="$LIBS -lresolv"
3352 AC_MSG_CHECKING(for res_query in -lresolv)
3353 AC_LINK_IFELSE([
3354 #include "confdefs.h"
3355 #include <sys/types.h>
3356 #include <netinet/in.h>
3357 #include <arpa/nameser.h>
3358 #include <netdb.h>
3359 #include <resolv.h>
3360 int main()
3361 {
3362 res_query (0, 0, 0, 0, 0);
3363 return 0;
3364 }
3365 ],
3366 [AC_MSG_RESULT(yes)],
3367 [LIBS="$saved_LIBS"
3368 AC_MSG_RESULT(no)])
3369 ])
3370 AC_CHECK_FUNCS(_getshort _getlong)
3371 AC_CHECK_DECLS([_getshort, _getlong], , ,
3372 [#include <sys/types.h>
3373 #include <arpa/nameser.h>])
3374 AC_CHECK_MEMBER(HEADER.ad,
3375 [AC_DEFINE(HAVE_HEADER_AD, 1,
3376 [Define if HEADER.ad exists in arpa/nameser.h])],,
3377 [#include <arpa/nameser.h>])
3378 ])
3380 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3381 AC_LINK_IFELSE([
3382 #include <stdio.h>
3383 #if HAVE_SYS_TYPES_H
3384 # include <sys/types.h>
3385 #endif
3386 #include <netinet/in.h>
3387 #include <arpa/nameser.h>
3388 #include <resolv.h>
3389 extern struct __res_state _res;
3390 int main() { return 0; }
3391 ],
3392 [AC_MSG_RESULT(yes)
3393 AC_DEFINE(HAVE__RES_EXTERN, 1,
3394 [Define if you have struct __res_state _res as an extern])
3395 ],
3396 [ AC_MSG_RESULT(no) ]
3397 )
3399 # Check whether user wants SELinux support
3400 SELINUX_MSG="no"
3401 LIBSELINUX=""
3402 AC_ARG_WITH(selinux,
3403 [ --with-selinux Enable SELinux support],
3404 [ if test "x$withval" != "xno" ; then
3405 save_LIBS="$LIBS"
3406 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3407 SELINUX_MSG="yes"
3408 AC_CHECK_HEADER([selinux/selinux.h], ,
3409 AC_MSG_ERROR(SELinux support requires selinux.h header))
3410 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3411 AC_MSG_ERROR(SELinux support requires libselinux library))
3412 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3413 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3414 LIBS="$save_LIBS"
3415 fi ]
3416 )
3418 # Check whether user wants Kerberos 5 support
3419 KRB5_MSG="no"
3420 AC_ARG_WITH(kerberos5,
3421 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3422 [ if test "x$withval" != "xno" ; then
3423 if test "x$withval" = "xyes" ; then
3424 KRB5ROOT="/usr/local"
3425 else
3426 KRB5ROOT=${withval}
3427 fi
3429 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3430 KRB5_MSG="yes"
3432 AC_PATH_PROG([KRB5CONF],[krb5-config],
3433 [$KRB5ROOT/bin/krb5-config],
3434 [$KRB5ROOT/bin:$PATH])
3435 if test -x $KRB5CONF ; then
3437 AC_MSG_CHECKING(for gssapi support)
3438 if $KRB5CONF | grep gssapi >/dev/null ; then
3439 AC_MSG_RESULT(yes)
3440 AC_DEFINE(GSSAPI, 1,
3441 [Define this if you want GSSAPI
3442 support in the version 2 protocol])
3443 k5confopts=gssapi
3444 else
3445 AC_MSG_RESULT(no)
3446 k5confopts=""
3447 fi
3448 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3449 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3450 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3451 AC_MSG_CHECKING(whether we are using Heimdal)
3452 AC_TRY_COMPILE([ #include <krb5.h> ],
3453 [ char *tmp = heimdal_version; ],
3454 [ AC_MSG_RESULT(yes)
3455 AC_DEFINE(HEIMDAL, 1,
3456 [Define this if you are using the
3457 Heimdal version of Kerberos V5]) ],
3458 AC_MSG_RESULT(no)
3459 )
3460 else
3461 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3462 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3463 AC_MSG_CHECKING(whether we are using Heimdal)
3464 AC_TRY_COMPILE([ #include <krb5.h> ],
3465 [ char *tmp = heimdal_version; ],
3466 [ AC_MSG_RESULT(yes)
3467 AC_DEFINE(HEIMDAL)
3468 K5LIBS="-lkrb5 -ldes"
3469 K5LIBS="$K5LIBS -lcom_err -lasn1"
3470 AC_CHECK_LIB(roken, net_write,
3471 [K5LIBS="$K5LIBS -lroken"])
3472 ],
3473 [ AC_MSG_RESULT(no)
3474 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3475 ]
3476 )
3477 AC_SEARCH_LIBS(dn_expand, resolv)
3479 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3480 [ AC_DEFINE(GSSAPI)
3481 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3482 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3483 [ AC_DEFINE(GSSAPI)
3484 K5LIBS="-lgssapi $K5LIBS" ],
3485 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3486 $K5LIBS)
3487 ],
3488 $K5LIBS)
3490 AC_CHECK_HEADER(gssapi.h, ,
3491 [ unset ac_cv_header_gssapi_h
3492 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3493 AC_CHECK_HEADERS(gssapi.h, ,
3494 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3495 )
3496 ]
3497 )
3499 oldCPP="$CPPFLAGS"
3500 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3501 AC_CHECK_HEADER(gssapi_krb5.h, ,
3502 [ CPPFLAGS="$oldCPP" ])
3504 fi
3505 if test ! -z "$need_dash_r" ; then
3506 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3507 fi
3508 if test ! -z "$blibpath" ; then
3509 blibpath="$blibpath:${KRB5ROOT}/lib"
3510 fi
3512 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3513 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3514 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3516 LIBS="$LIBS $K5LIBS"
3517 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3518 [Define this if you want to use libkafs' AFS support]))
3519 fi
3520 ]
3521 )
3523 # Looking for programs, paths and files
3525 PRIVSEP_PATH=/var/empty
3526 AC_ARG_WITH(privsep-path,
3527 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3528 [
3529 if test -n "$withval" && test "x$withval" != "xno" && \
3530 test "x${withval}" != "xyes"; then
3531 PRIVSEP_PATH=$withval
3532 fi
3533 ]
3534 )
3535 AC_SUBST(PRIVSEP_PATH)
3537 AC_ARG_WITH(xauth,
3538 [ --with-xauth=PATH Specify path to xauth program ],
3539 [
3540 if test -n "$withval" && test "x$withval" != "xno" && \
3541 test "x${withval}" != "xyes"; then
3542 xauth_path=$withval
3543 fi
3544 ],
3545 [
3546 TestPath="$PATH"
3547 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3548 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3549 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3550 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3551 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3552 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3553 xauth_path="/usr/openwin/bin/xauth"
3554 fi
3555 ]
3556 )
3558 STRIP_OPT=-s
3559 AC_ARG_ENABLE(strip,
3560 [ --disable-strip Disable calling strip(1) on install],
3561 [
3562 if test "x$enableval" = "xno" ; then
3563 STRIP_OPT=
3564 fi
3565 ]
3566 )
3567 AC_SUBST(STRIP_OPT)
3569 if test -z "$xauth_path" ; then
3570 XAUTH_PATH="undefined"
3571 AC_SUBST(XAUTH_PATH)
3572 else
3573 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3574 [Define if xauth is found in your path])
3575 XAUTH_PATH=$xauth_path
3576 AC_SUBST(XAUTH_PATH)
3577 fi
3579 # Check for mail directory (last resort if we cannot get it from headers)
3580 if test ! -z "$MAIL" ; then
3581 maildir=`dirname $MAIL`
3582 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3583 [Set this to your mail directory if you don't have maillock.h])
3584 fi
3586 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3587 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3588 disable_ptmx_check=yes
3589 fi
3590 if test -z "$no_dev_ptmx" ; then
3591 if test "x$disable_ptmx_check" != "xyes" ; then
3592 AC_CHECK_FILE("/dev/ptmx",
3593 [
3594 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3595 [Define if you have /dev/ptmx])
3596 have_dev_ptmx=1
3597 ]
3598 )
3599 fi
3600 fi
3602 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3603 AC_CHECK_FILE("/dev/ptc",
3604 [
3605 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3606 [Define if you have /dev/ptc])
3607 have_dev_ptc=1
3608 ]
3609 )
3610 else
3611 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3612 fi
3614 # Options from here on. Some of these are preset by platform above
3615 AC_ARG_WITH(mantype,
3616 [ --with-mantype=man|cat|doc Set man page type],
3617 [
3618 case "$withval" in
3619 man|cat|doc)
3620 MANTYPE=$withval
3621 ;;
3622 *)
3623 AC_MSG_ERROR(invalid man type: $withval)
3624 ;;
3625 esac
3626 ]
3627 )
3628 if test -z "$MANTYPE"; then
3629 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3630 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3631 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3632 MANTYPE=doc
3633 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3634 MANTYPE=man
3635 else
3636 MANTYPE=cat
3637 fi
3638 fi
3639 AC_SUBST(MANTYPE)
3640 if test "$MANTYPE" = "doc"; then
3641 mansubdir=man;
3642 else
3643 mansubdir=$MANTYPE;
3644 fi
3645 AC_SUBST(mansubdir)
3647 # Check whether to enable MD5 passwords
3648 MD5_MSG="no"
3649 AC_ARG_WITH(md5-passwords,
3650 [ --with-md5-passwords Enable use of MD5 passwords],
3651 [
3652 if test "x$withval" != "xno" ; then
3653 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3654 [Define if you want to allow MD5 passwords])
3655 MD5_MSG="yes"
3656 fi
3657 ]
3658 )
3660 # Whether to disable shadow password support
3661 AC_ARG_WITH(shadow,
3662 [ --without-shadow Disable shadow password support],
3663 [
3664 if test "x$withval" = "xno" ; then
3665 AC_DEFINE(DISABLE_SHADOW)
3666 disable_shadow=yes
3667 fi
3668 ]
3669 )
3671 if test -z "$disable_shadow" ; then
3672 AC_MSG_CHECKING([if the systems has expire shadow information])
3673 AC_TRY_COMPILE(
3674 [
3675 #include <sys/types.h>
3676 #include <shadow.h>
3677 struct spwd sp;
3678 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3679 [ sp_expire_available=yes ], []
3680 )
3682 if test "x$sp_expire_available" = "xyes" ; then
3683 AC_MSG_RESULT(yes)
3684 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3685 [Define if you want to use shadow password expire field])
3686 else
3687 AC_MSG_RESULT(no)
3688 fi
3689 fi
3691 # Use ip address instead of hostname in $DISPLAY
3692 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3693 DISPLAY_HACK_MSG="yes"
3694 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3695 [Define if you need to use IP address
3696 instead of hostname in $DISPLAY])
3697 else
3698 DISPLAY_HACK_MSG="no"
3699 AC_ARG_WITH(ipaddr-display,
3700 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3701 [
3702 if test "x$withval" != "xno" ; then
3703 AC_DEFINE(IPADDR_IN_DISPLAY)
3704 DISPLAY_HACK_MSG="yes"
3705 fi
3706 ]
3707 )
3708 fi
3710 # check for /etc/default/login and use it if present.
3711 AC_ARG_ENABLE(etc-default-login,
3712 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3713 [ if test "x$enableval" = "xno"; then
3714 AC_MSG_NOTICE([/etc/default/login handling disabled])
3715 etc_default_login=no
3716 else
3717 etc_default_login=yes
3718 fi ],
3719 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3720 then
3721 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3722 etc_default_login=no
3723 else
3724 etc_default_login=yes
3725 fi ]
3726 )
3728 if test "x$etc_default_login" != "xno"; then
3729 AC_CHECK_FILE("/etc/default/login",
3730 [ external_path_file=/etc/default/login ])
3731 if test "x$external_path_file" = "x/etc/default/login"; then
3732 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3733 [Define if your system has /etc/default/login])
3734 fi
3735 fi
3737 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3738 if test $ac_cv_func_login_getcapbool = "yes" && \
3739 test $ac_cv_header_login_cap_h = "yes" ; then
3740 external_path_file=/etc/login.conf
3741 fi
3743 # Whether to mess with the default path
3744 SERVER_PATH_MSG="(default)"
3745 AC_ARG_WITH(default-path,
3746 [ --with-default-path= Specify default \$PATH environment for server],
3747 [
3748 if test "x$external_path_file" = "x/etc/login.conf" ; then
3749 AC_MSG_WARN([
3750 --with-default-path=PATH has no effect on this system.
3751 Edit /etc/login.conf instead.])
3752 elif test "x$withval" != "xno" ; then
3753 if test ! -z "$external_path_file" ; then
3754 AC_MSG_WARN([
3755 --with-default-path=PATH will only be used if PATH is not defined in
3756 $external_path_file .])
3757 fi
3758 user_path="$withval"
3759 SERVER_PATH_MSG="$withval"
3760 fi
3761 ],
3762 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3763 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3764 else
3765 if test ! -z "$external_path_file" ; then
3766 AC_MSG_WARN([
3767 If PATH is defined in $external_path_file, ensure the path to scp is included,
3768 otherwise scp will not work.])
3769 fi
3770 AC_RUN_IFELSE(
3771 [AC_LANG_SOURCE([[
3772 /* find out what STDPATH is */
3773 #include <stdio.h>
3774 #ifdef HAVE_PATHS_H
3775 # include <paths.h>
3776 #endif
3777 #ifndef _PATH_STDPATH
3778 # ifdef _PATH_USERPATH /* Irix */
3779 # define _PATH_STDPATH _PATH_USERPATH
3780 # else
3781 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3782 # endif
3783 #endif
3784 #include <sys/types.h>
3785 #include <sys/stat.h>
3786 #include <fcntl.h>
3787 #define DATA "conftest.stdpath"
3789 main()
3790 {
3791 FILE *fd;
3792 int rc;
3794 fd = fopen(DATA,"w");
3795 if(fd == NULL)
3796 exit(1);
3798 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3799 exit(1);
3801 exit(0);
3802 }
3803 ]])],
3804 [ user_path=`cat conftest.stdpath` ],
3805 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3806 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3807 )
3808 # make sure $bindir is in USER_PATH so scp will work
3809 t_bindir=`eval echo ${bindir}`
3810 case $t_bindir in
3811 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3812 esac
3813 case $t_bindir in
3814 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3815 esac
3816 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3817 if test $? -ne 0 ; then
3818 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3819 if test $? -ne 0 ; then
3820 user_path=$user_path:$t_bindir
3821 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3822 fi
3823 fi
3824 fi ]
3825 )
3826 if test "x$external_path_file" != "x/etc/login.conf" ; then
3827 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3828 AC_SUBST(user_path)
3829 fi
3831 # Set superuser path separately to user path
3832 AC_ARG_WITH(superuser-path,
3833 [ --with-superuser-path= Specify different path for super-user],
3834 [
3835 if test -n "$withval" && test "x$withval" != "xno" && \
3836 test "x${withval}" != "xyes"; then
3837 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3838 [Define if you want a different $PATH
3839 for the superuser])
3840 superuser_path=$withval
3841 fi
3842 ]
3843 )
3846 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3847 IPV4_IN6_HACK_MSG="no"
3848 AC_ARG_WITH(4in6,
3849 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3850 [
3851 if test "x$withval" != "xno" ; then
3852 AC_MSG_RESULT(yes)
3853 AC_DEFINE(IPV4_IN_IPV6, 1,
3854 [Detect IPv4 in IPv6 mapped addresses
3855 and treat as IPv4])
3856 IPV4_IN6_HACK_MSG="yes"
3857 else
3858 AC_MSG_RESULT(no)
3859 fi
3860 ],[
3861 if test "x$inet6_default_4in6" = "xyes"; then
3862 AC_MSG_RESULT([yes (default)])
3863 AC_DEFINE(IPV4_IN_IPV6)
3864 IPV4_IN6_HACK_MSG="yes"
3865 else
3866 AC_MSG_RESULT([no (default)])
3867 fi
3868 ]
3869 )
3871 # Whether to enable BSD auth support
3872 BSD_AUTH_MSG=no
3873 AC_ARG_WITH(bsd-auth,
3874 [ --with-bsd-auth Enable BSD auth support],
3875 [
3876 if test "x$withval" != "xno" ; then
3877 AC_DEFINE(BSD_AUTH, 1,
3878 [Define if you have BSD auth support])
3879 BSD_AUTH_MSG=yes
3880 fi
3881 ]
3882 )
3884 # Where to place sshd.pid
3885 piddir=/var/run
3886 # make sure the directory exists
3887 if test ! -d $piddir ; then
3888 piddir=`eval echo ${sysconfdir}`
3889 case $piddir in
3890 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3891 esac
3892 fi
3894 AC_ARG_WITH(pid-dir,
3895 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3896 [
3897 if test -n "$withval" && test "x$withval" != "xno" && \
3898 test "x${withval}" != "xyes"; then
3899 piddir=$withval
3900 if test ! -d $piddir ; then
3901 AC_MSG_WARN([** no $piddir directory on this system **])
3902 fi
3903 fi
3904 ]
3905 )
3907 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3908 AC_SUBST(piddir)
3910 dnl allow user to disable some login recording features
3911 AC_ARG_ENABLE(lastlog,
3912 [ --disable-lastlog disable use of lastlog even if detected [no]],
3913 [
3914 if test "x$enableval" = "xno" ; then
3915 AC_DEFINE(DISABLE_LASTLOG)
3916 fi
3917 ]
3918 )
3919 AC_ARG_ENABLE(utmp,
3920 [ --disable-utmp disable use of utmp even if detected [no]],
3921 [
3922 if test "x$enableval" = "xno" ; then
3923 AC_DEFINE(DISABLE_UTMP)
3924 fi
3925 ]
3926 )
3927 AC_ARG_ENABLE(utmpx,
3928 [ --disable-utmpx disable use of utmpx even if detected [no]],
3929 [
3930 if test "x$enableval" = "xno" ; then
3931 AC_DEFINE(DISABLE_UTMPX, 1,
3932 [Define if you don't want to use utmpx])
3933 fi
3934 ]
3935 )
3936 AC_ARG_ENABLE(wtmp,
3937 [ --disable-wtmp disable use of wtmp even if detected [no]],
3938 [
3939 if test "x$enableval" = "xno" ; then
3940 AC_DEFINE(DISABLE_WTMP)
3941 fi
3942 ]
3943 )
3944 AC_ARG_ENABLE(wtmpx,
3945 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3946 [
3947 if test "x$enableval" = "xno" ; then
3948 AC_DEFINE(DISABLE_WTMPX, 1,
3949 [Define if you don't want to use wtmpx])
3950 fi
3951 ]
3952 )
3953 AC_ARG_ENABLE(libutil,
3954 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3955 [
3956 if test "x$enableval" = "xno" ; then
3957 AC_DEFINE(DISABLE_LOGIN)
3958 fi
3959 ]
3960 )
3961 AC_ARG_ENABLE(pututline,
3962 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3963 [
3964 if test "x$enableval" = "xno" ; then
3965 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3966 [Define if you don't want to use pututline()
3967 etc. to write [uw]tmp])
3968 fi
3969 ]
3970 )
3971 AC_ARG_ENABLE(pututxline,
3972 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3973 [
3974 if test "x$enableval" = "xno" ; then
3975 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3976 [Define if you don't want to use pututxline()
3977 etc. to write [uw]tmpx])
3978 fi
3979 ]
3980 )
3981 AC_ARG_WITH(lastlog,
3982 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3983 [
3984 if test "x$withval" = "xno" ; then
3985 AC_DEFINE(DISABLE_LASTLOG)
3986 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3987 conf_lastlog_location=$withval
3988 fi
3989 ]
3990 )
3992 dnl lastlog, [uw]tmpx? detection
3993 dnl NOTE: set the paths in the platform section to avoid the
3994 dnl need for command-line parameters
3995 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3997 dnl lastlog detection
3998 dnl NOTE: the code itself will detect if lastlog is a directory
3999 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4000 AC_TRY_COMPILE([
4001 #include <sys/types.h>
4002 #include <utmp.h>
4003 #ifdef HAVE_LASTLOG_H
4004 # include <lastlog.h>
4005 #endif
4006 #ifdef HAVE_PATHS_H
4007 # include <paths.h>
4008 #endif
4009 #ifdef HAVE_LOGIN_H
4010 # include <login.h>
4011 #endif
4012 ],
4013 [ char *lastlog = LASTLOG_FILE; ],
4014 [ AC_MSG_RESULT(yes) ],
4015 [
4016 AC_MSG_RESULT(no)
4017 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4018 AC_TRY_COMPILE([
4019 #include <sys/types.h>
4020 #include <utmp.h>
4021 #ifdef HAVE_LASTLOG_H
4022 # include <lastlog.h>
4023 #endif
4024 #ifdef HAVE_PATHS_H
4025 # include <paths.h>
4026 #endif
4027 ],
4028 [ char *lastlog = _PATH_LASTLOG; ],
4029 [ AC_MSG_RESULT(yes) ],
4030 [
4031 AC_MSG_RESULT(no)
4032 system_lastlog_path=no
4033 ])
4034 ]
4035 )
4037 if test -z "$conf_lastlog_location"; then
4038 if test x"$system_lastlog_path" = x"no" ; then
4039 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4040 if (test -d "$f" || test -f "$f") ; then
4041 conf_lastlog_location=$f
4042 fi
4043 done
4044 if test -z "$conf_lastlog_location"; then
4045 AC_MSG_WARN([** Cannot find lastlog **])
4046 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4047 fi
4048 fi
4049 fi
4051 if test -n "$conf_lastlog_location"; then
4052 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4053 [Define if you want to specify the path to your lastlog file])
4054 fi
4056 dnl utmp detection
4057 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4058 AC_TRY_COMPILE([
4059 #include <sys/types.h>
4060 #include <utmp.h>
4061 #ifdef HAVE_PATHS_H
4062 # include <paths.h>
4063 #endif
4064 ],
4065 [ char *utmp = UTMP_FILE; ],
4066 [ AC_MSG_RESULT(yes) ],
4067 [ AC_MSG_RESULT(no)
4068 system_utmp_path=no ]
4069 )
4070 if test -z "$conf_utmp_location"; then
4071 if test x"$system_utmp_path" = x"no" ; then
4072 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4073 if test -f $f ; then
4074 conf_utmp_location=$f
4075 fi
4076 done
4077 if test -z "$conf_utmp_location"; then
4078 AC_DEFINE(DISABLE_UTMP)
4079 fi
4080 fi
4081 fi
4082 if test -n "$conf_utmp_location"; then
4083 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4084 [Define if you want to specify the path to your utmp file])
4085 fi
4087 dnl wtmp detection
4088 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4089 AC_TRY_COMPILE([
4090 #include <sys/types.h>
4091 #include <utmp.h>
4092 #ifdef HAVE_PATHS_H
4093 # include <paths.h>
4094 #endif
4095 ],
4096 [ char *wtmp = WTMP_FILE; ],
4097 [ AC_MSG_RESULT(yes) ],
4098 [ AC_MSG_RESULT(no)
4099 system_wtmp_path=no ]
4100 )
4101 if test -z "$conf_wtmp_location"; then
4102 if test x"$system_wtmp_path" = x"no" ; then
4103 for f in /usr/adm/wtmp /var/log/wtmp; do
4104 if test -f $f ; then
4105 conf_wtmp_location=$f
4106 fi
4107 done
4108 if test -z "$conf_wtmp_location"; then
4109 AC_DEFINE(DISABLE_WTMP)
4110 fi
4111 fi
4112 fi
4113 if test -n "$conf_wtmp_location"; then
4114 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4115 [Define if you want to specify the path to your wtmp file])
4116 fi
4119 dnl utmpx detection - I don't know any system so perverse as to require
4120 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4121 dnl there, though.
4122 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4123 AC_TRY_COMPILE([
4124 #include <sys/types.h>
4125 #include <utmp.h>
4126 #ifdef HAVE_UTMPX_H
4127 #include <utmpx.h>
4128 #endif
4129 #ifdef HAVE_PATHS_H
4130 # include <paths.h>
4131 #endif
4132 ],
4133 [ char *utmpx = UTMPX_FILE; ],
4134 [ AC_MSG_RESULT(yes) ],
4135 [ AC_MSG_RESULT(no)
4136 system_utmpx_path=no ]
4137 )
4138 if test -z "$conf_utmpx_location"; then
4139 if test x"$system_utmpx_path" = x"no" ; then
4140 AC_DEFINE(DISABLE_UTMPX)
4141 fi
4142 else
4143 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4144 [Define if you want to specify the path to your utmpx file])
4145 fi
4147 dnl wtmpx detection
4148 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4149 AC_TRY_COMPILE([
4150 #include <sys/types.h>
4151 #include <utmp.h>
4152 #ifdef HAVE_UTMPX_H
4153 #include <utmpx.h>
4154 #endif
4155 #ifdef HAVE_PATHS_H
4156 # include <paths.h>
4157 #endif
4158 ],
4159 [ char *wtmpx = WTMPX_FILE; ],
4160 [ AC_MSG_RESULT(yes) ],
4161 [ AC_MSG_RESULT(no)
4162 system_wtmpx_path=no ]
4163 )
4164 if test -z "$conf_wtmpx_location"; then
4165 if test x"$system_wtmpx_path" = x"no" ; then
4166 AC_DEFINE(DISABLE_WTMPX)
4167 fi
4168 else
4169 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4170 [Define if you want to specify the path to your wtmpx file])
4171 fi
4174 if test ! -z "$blibpath" ; then
4175 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4176 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4177 fi
4179 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4180 dnl Add now.
4181 CFLAGS="$CFLAGS $werror_flags"
4183 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4184 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4185 AC_SUBST(TEST_SSH_IPV6, no)
4186 else
4187 AC_SUBST(TEST_SSH_IPV6, yes)
4188 fi
4190 AC_EXEEXT
4191 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4192 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4193 scard/Makefile ssh_prng_cmds survey.sh])
4194 AC_OUTPUT
4196 # Print summary of options
4198 # Someone please show me a better way :)
4199 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4200 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4201 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4202 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4203 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4204 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4205 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4206 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4207 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4208 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4210 echo ""
4211 echo "OpenSSH has been configured with the following options:"
4212 echo " User binaries: $B"
4213 echo " System binaries: $C"
4214 echo " Configuration files: $D"
4215 echo " Askpass program: $E"
4216 echo " Manual pages: $F"
4217 echo " PID file: $G"
4218 echo " Privilege separation chroot path: $H"
4219 if test "x$external_path_file" = "x/etc/login.conf" ; then
4220 echo " At runtime, sshd will use the path defined in $external_path_file"
4221 echo " Make sure the path to scp is present, otherwise scp will not work"
4222 else
4223 echo " sshd default user PATH: $I"
4224 if test ! -z "$external_path_file"; then
4225 echo " (If PATH is set in $external_path_file it will be used instead. If"
4226 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4227 fi
4228 fi
4229 if test ! -z "$superuser_path" ; then
4230 echo " sshd superuser user PATH: $J"
4231 fi
4232 echo " Manpage format: $MANTYPE"
4233 echo " PAM support: $PAM_MSG"
4234 echo " OSF SIA support: $SIA_MSG"
4235 echo " KerberosV support: $KRB5_MSG"
4236 echo " SELinux support: $SELINUX_MSG"
4237 echo " Smartcard support: $SCARD_MSG"
4238 echo " S/KEY support: $SKEY_MSG"
4239 echo " TCP Wrappers support: $TCPW_MSG"
4240 echo " MD5 password support: $MD5_MSG"
4241 echo " libedit support: $LIBEDIT_MSG"
4242 echo " Solaris process contract support: $SPC_MSG"
4243 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4244 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4245 echo " BSD Auth support: $BSD_AUTH_MSG"
4246 echo " Random number source: $RAND_MSG"
4247 if test ! -z "$USE_RAND_HELPER" ; then
4248 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4249 fi
4251 echo ""
4253 echo " Host: ${host}"
4254 echo " Compiler: ${CC}"
4255 echo " Compiler flags: ${CFLAGS}"
4256 echo "Preprocessor flags: ${CPPFLAGS}"
4257 echo " Linker flags: ${LDFLAGS}"
4258 echo " Libraries: ${LIBS}"
4259 if test ! -z "${SSHDLIBS}"; then
4260 echo " +for sshd: ${SSHDLIBS}"
4261 fi
4263 echo ""
4265 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4266 echo "SVR4 style packages are supported with \"make package\""
4267 echo ""
4268 fi
4270 if test "x$PAM_MSG" = "xyes" ; then
4271 echo "PAM is enabled. You may need to install a PAM control file "
4272 echo "for sshd, otherwise password authentication may fail. "
4273 echo "Example PAM control files can be found in the contrib/ "
4274 echo "subdirectory"
4275 echo ""
4276 fi
4278 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4279 echo "WARNING: you are using the builtin random number collection "
4280 echo "service. Please read WARNING.RNG and request that your OS "
4281 echo "vendor includes kernel-based random number collection in "
4282 echo "future versions of your OS."
4283 echo ""
4284 fi
4286 if test ! -z "$NO_PEERCHECK" ; then
4287 echo "WARNING: the operating system that you are using does not"
4288 echo "appear to support getpeereid(), getpeerucred() or the"
4289 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4290 echo "enforce security checks to prevent unauthorised connections to"
4291 echo "ssh-agent. Their absence increases the risk that a malicious"
4292 echo "user can connect to your agent."
4293 echo ""
4294 fi
4296 if test "$AUDIT_MODULE" = "bsm" ; then
4297 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4298 echo "See the Solaris section in README.platform for details."
4299 fi