| blob | 3d4d11c92045a6d05e6d46340e70380200838cf8 |
1 # $Id: configure.ac,v 1.464 2011/01/13 06:35:46 tim Exp $
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.464 $)
19 AC_CONFIG_SRCDIR([ssh.c])
21 # local macros
22 AC_DEFUN([OPENSSH_CHECK_CFLAG_COMPILE], [{
23 AC_MSG_CHECKING([if $CC supports $1])
24 saved_CFLAGS="$CFLAGS"
25 CFLAGS="$CFLAGS $1"
26 AC_COMPILE_IFELSE([void main(void) { return 0; }],
27 [ AC_MSG_RESULT(yes) ],
28 [ AC_MSG_RESULT(no)
29 CFLAGS="$saved_CFLAGS" ]
30 )
31 }])
33 AC_CONFIG_HEADER(config.h)
34 AC_PROG_CC
35 AC_CANONICAL_HOST
36 AC_C_BIGENDIAN
38 # Checks for programs.
39 AC_PROG_AWK
40 AC_PROG_CPP
41 AC_PROG_RANLIB
42 AC_PROG_INSTALL
43 AC_PROG_EGREP
44 AC_PATH_PROG(AR, ar)
45 AC_PATH_PROG(CAT, cat)
46 AC_PATH_PROG(KILL, kill)
47 AC_PATH_PROGS(PERL, perl5 perl)
48 AC_PATH_PROG(SED, sed)
49 AC_SUBST(PERL)
50 AC_PATH_PROG(ENT, ent)
51 AC_SUBST(ENT)
52 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
53 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
54 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
55 AC_PATH_PROG(SH, sh)
56 AC_PATH_PROG(GROFF, groff)
57 AC_PATH_PROG(NROFF, nroff)
58 AC_PATH_PROG(MANDOC, mandoc)
59 AC_SUBST(TEST_SHELL,sh)
61 dnl select manpage formatter
62 if test "x$MANDOC" != "x" ; then
63 MANFMT="$MANDOC"
64 elif test "x$NROFF" != "x" ; then
65 MANFMT="$NROFF -mandoc"
66 elif test "x$GROFF" != "x" ; then
67 MANFMT="$GROFF -mandoc -Tascii"
68 else
69 AC_MSG_WARN([no manpage formatted found])
70 MANFMT="false"
71 fi
72 AC_SUBST(MANFMT)
74 dnl for buildpkg.sh
75 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
76 [/usr/sbin${PATH_SEPARATOR}/etc])
77 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
78 [/usr/sbin${PATH_SEPARATOR}/etc])
79 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
80 if test -x /sbin/sh; then
81 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
82 else
83 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
84 fi
86 # System features
87 AC_SYS_LARGEFILE
89 if test -z "$AR" ; then
90 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
91 fi
93 # Use LOGIN_PROGRAM from environment if possible
94 if test ! -z "$LOGIN_PROGRAM" ; then
95 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
96 [If your header files don't define LOGIN_PROGRAM,
97 then use this (detected) from environment and PATH])
98 else
99 # Search for login
100 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
101 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
102 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
103 fi
104 fi
106 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
107 if test ! -z "$PATH_PASSWD_PROG" ; then
108 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
109 [Full path of your "passwd" program])
110 fi
112 if test -z "$LD" ; then
113 LD=$CC
114 fi
115 AC_SUBST(LD)
117 AC_C_INLINE
119 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
121 use_stack_protector=1
122 AC_ARG_WITH(stackprotect,
123 [ --without-stackprotect Don't use compiler's stack protection], [
124 if test "x$withval" = "xno"; then
125 use_stack_protector=0
126 fi ])
129 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
130 OPENSSH_CHECK_CFLAG_COMPILE([-Wall])
131 OPENSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
132 OPENSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
133 OPENSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
134 OPENSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
135 OPENSSH_CHECK_CFLAG_COMPILE([-Wno-pointer-sign])
136 OPENSSH_CHECK_CFLAG_COMPILE([-Wno-unused-result])
137 OPENSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
138 AC_MSG_CHECKING(gcc version)
139 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
140 case $GCC_VER in
141 1.*) no_attrib_nonnull=1 ;;
142 2.8* | 2.9*)
143 no_attrib_nonnull=1
144 ;;
145 2.*) no_attrib_nonnull=1 ;;
146 *) ;;
147 esac
148 AC_MSG_RESULT($GCC_VER)
150 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
151 saved_CFLAGS="$CFLAGS"
152 CFLAGS="$CFLAGS -fno-builtin-memset"
153 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
154 #include <string.h>
155 int main(void){char b[10]; memset(b, 0, sizeof(b));}
156 ]])],
157 [ AC_MSG_RESULT(yes) ],
158 [ AC_MSG_RESULT(no)
159 CFLAGS="$saved_CFLAGS" ]
160 )
162 # -fstack-protector-all doesn't always work for some GCC versions
163 # and/or platforms, so we test if we can. If it's not supported
164 # on a given platform gcc will emit a warning so we use -Werror.
165 if test "x$use_stack_protector" = "x1"; then
166 for t in -fstack-protector-all -fstack-protector; do
167 AC_MSG_CHECKING(if $CC supports $t)
168 saved_CFLAGS="$CFLAGS"
169 saved_LDFLAGS="$LDFLAGS"
170 CFLAGS="$CFLAGS $t -Werror"
171 LDFLAGS="$LDFLAGS $t -Werror"
172 AC_LINK_IFELSE(
173 [AC_LANG_SOURCE([
174 #include <stdio.h>
175 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
176 ])],
177 [ AC_MSG_RESULT(yes)
178 CFLAGS="$saved_CFLAGS $t"
179 LDFLAGS="$saved_LDFLAGS $t"
180 AC_MSG_CHECKING(if $t works)
181 AC_RUN_IFELSE(
182 [AC_LANG_SOURCE([
183 #include <stdio.h>
184 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
185 ])],
186 [ AC_MSG_RESULT(yes)
187 break ],
188 [ AC_MSG_RESULT(no) ],
189 [ AC_MSG_WARN([cross compiling: cannot test])
190 break ]
191 )
192 ],
193 [ AC_MSG_RESULT(no) ]
194 )
195 CFLAGS="$saved_CFLAGS"
196 LDFLAGS="$saved_LDFLAGS"
197 done
198 fi
200 if test -z "$have_llong_max"; then
201 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
202 unset ac_cv_have_decl_LLONG_MAX
203 saved_CFLAGS="$CFLAGS"
204 CFLAGS="$CFLAGS -std=gnu99"
205 AC_CHECK_DECL(LLONG_MAX,
206 [have_llong_max=1],
207 [CFLAGS="$saved_CFLAGS"],
208 [#include <limits.h>]
209 )
210 fi
211 fi
213 if test "x$no_attrib_nonnull" != "x1" ; then
214 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
215 fi
217 AC_ARG_WITH(rpath,
218 [ --without-rpath Disable auto-added -R linker paths],
219 [
220 if test "x$withval" = "xno" ; then
221 need_dash_r=""
222 fi
223 if test "x$withval" = "xyes" ; then
224 need_dash_r=1
225 fi
226 ]
227 )
229 # Allow user to specify flags
230 AC_ARG_WITH(cflags,
231 [ --with-cflags Specify additional flags to pass to compiler],
232 [
233 if test -n "$withval" && test "x$withval" != "xno" && \
234 test "x${withval}" != "xyes"; then
235 CFLAGS="$CFLAGS $withval"
236 fi
237 ]
238 )
239 AC_ARG_WITH(cppflags,
240 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
241 [
242 if test -n "$withval" && test "x$withval" != "xno" && \
243 test "x${withval}" != "xyes"; then
244 CPPFLAGS="$CPPFLAGS $withval"
245 fi
246 ]
247 )
248 AC_ARG_WITH(ldflags,
249 [ --with-ldflags Specify additional flags to pass to linker],
250 [
251 if test -n "$withval" && test "x$withval" != "xno" && \
252 test "x${withval}" != "xyes"; then
253 LDFLAGS="$LDFLAGS $withval"
254 fi
255 ]
256 )
257 AC_ARG_WITH(libs,
258 [ --with-libs Specify additional libraries to link with],
259 [
260 if test -n "$withval" && test "x$withval" != "xno" && \
261 test "x${withval}" != "xyes"; then
262 LIBS="$LIBS $withval"
263 fi
264 ]
265 )
266 AC_ARG_WITH(Werror,
267 [ --with-Werror Build main code with -Werror],
268 [
269 if test -n "$withval" && test "x$withval" != "xno"; then
270 werror_flags="-Werror"
271 if test "x${withval}" != "xyes"; then
272 werror_flags="$withval"
273 fi
274 fi
275 ]
276 )
278 AC_CHECK_HEADERS( \
279 bstring.h \
280 crypt.h \
281 crypto/sha2.h \
282 dirent.h \
283 endian.h \
284 features.h \
285 fcntl.h \
286 floatingpoint.h \
287 getopt.h \
288 glob.h \
289 ia.h \
290 iaf.h \
291 limits.h \
292 login.h \
293 maillock.h \
294 ndir.h \
295 net/if_tun.h \
296 netdb.h \
297 netgroup.h \
298 pam/pam_appl.h \
299 paths.h \
300 poll.h \
301 pty.h \
302 readpassphrase.h \
303 rpc/types.h \
304 security/pam_appl.h \
305 sha2.h \
306 shadow.h \
307 stddef.h \
308 stdint.h \
309 string.h \
310 strings.h \
311 sys/audit.h \
312 sys/bitypes.h \
313 sys/bsdtty.h \
314 sys/cdefs.h \
315 sys/dir.h \
316 sys/mman.h \
317 sys/ndir.h \
318 sys/poll.h \
319 sys/prctl.h \
320 sys/pstat.h \
321 sys/select.h \
322 sys/stat.h \
323 sys/stream.h \
324 sys/stropts.h \
325 sys/strtio.h \
326 sys/statvfs.h \
327 sys/sysmacros.h \
328 sys/time.h \
329 sys/timers.h \
330 sys/un.h \
331 time.h \
332 tmpdir.h \
333 ttyent.h \
334 ucred.h \
335 unistd.h \
336 usersec.h \
337 util.h \
338 utime.h \
339 utmp.h \
340 utmpx.h \
341 vis.h \
342 )
344 # lastlog.h requires sys/time.h to be included first on Solaris
345 AC_CHECK_HEADERS(lastlog.h, [], [], [
346 #ifdef HAVE_SYS_TIME_H
347 # include <sys/time.h>
348 #endif
349 ])
351 # sys/ptms.h requires sys/stream.h to be included first on Solaris
352 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
353 #ifdef HAVE_SYS_STREAM_H
354 # include <sys/stream.h>
355 #endif
356 ])
358 # login_cap.h requires sys/types.h on NetBSD
359 AC_CHECK_HEADERS(login_cap.h, [], [], [
360 #include <sys/types.h>
361 ])
363 # older BSDs need sys/param.h before sys/mount.h
364 AC_CHECK_HEADERS(sys/mount.h, [], [], [
365 #include <sys/param.h>
366 ])
368 # Messages for features tested for in target-specific section
369 SIA_MSG="no"
370 SPC_MSG="no"
371 SP_MSG="no"
373 # Check for some target-specific stuff
374 case "$host" in
375 *-*-aix*)
376 # Some versions of VAC won't allow macro redefinitions at
377 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
378 # particularly with older versions of vac or xlc.
379 # It also throws errors about null macro argments, but these are
380 # not fatal.
381 AC_MSG_CHECKING(if compiler allows macro redefinitions)
382 AC_COMPILE_IFELSE(
383 [AC_LANG_SOURCE([[
384 #define testmacro foo
385 #define testmacro bar
386 int main(void) { exit(0); }
387 ]])],
388 [ AC_MSG_RESULT(yes) ],
389 [ AC_MSG_RESULT(no)
390 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
391 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
392 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
393 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
394 ]
395 )
397 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
398 if (test -z "$blibpath"); then
399 blibpath="/usr/lib:/lib"
400 fi
401 saved_LDFLAGS="$LDFLAGS"
402 if test "$GCC" = "yes"; then
403 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
404 else
405 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
406 fi
407 for tryflags in $flags ;do
408 if (test -z "$blibflags"); then
409 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
410 AC_TRY_LINK([], [], [blibflags=$tryflags])
411 fi
412 done
413 if (test -z "$blibflags"); then
414 AC_MSG_RESULT(not found)
415 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
416 else
417 AC_MSG_RESULT($blibflags)
418 fi
419 LDFLAGS="$saved_LDFLAGS"
420 dnl Check for authenticate. Might be in libs.a on older AIXes
421 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
422 [Define if you want to enable AIX4's authenticate function])],
423 [AC_CHECK_LIB(s,authenticate,
424 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
425 LIBS="$LIBS -ls"
426 ])
427 ])
428 dnl Check for various auth function declarations in headers.
429 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
430 passwdexpired, setauthdb], , , [#include <usersec.h>])
431 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
432 AC_CHECK_DECLS(loginfailed,
433 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
434 AC_TRY_COMPILE(
435 [#include <usersec.h>],
436 [(void)loginfailed("user","host","tty",0);],
437 [AC_MSG_RESULT(yes)
438 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
439 [Define if your AIX loginfailed() function
440 takes 4 arguments (AIX >= 5.2)])],
441 [AC_MSG_RESULT(no)]
442 )],
443 [],
444 [#include <usersec.h>]
445 )
446 AC_CHECK_FUNCS(getgrset setauthdb)
447 AC_CHECK_DECL(F_CLOSEM,
448 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
449 [],
450 [ #include <limits.h>
451 #include <fcntl.h> ]
452 )
453 check_for_aix_broken_getaddrinfo=1
454 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
455 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
456 [Define if your platform breaks doing a seteuid before a setuid])
457 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
458 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
459 dnl AIX handles lastlog as part of its login message
460 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
461 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
462 [Some systems need a utmpx entry for /bin/login to work])
463 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
464 [Define to a Set Process Title type if your system is
465 supported by bsd-setproctitle.c])
466 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
467 [AIX 5.2 and 5.3 (and presumably newer) require this])
468 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
469 ;;
470 *-*-cygwin*)
471 check_for_libcrypt_later=1
472 LIBS="$LIBS /usr/lib/textreadmode.o"
473 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
474 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
475 AC_DEFINE(DISABLE_SHADOW, 1,
476 [Define if you want to disable shadow passwords])
477 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
478 [Define if X11 doesn't support AF_UNIX sockets on that system])
479 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
480 [Define if the concept of ports only accessible to
481 superusers isn't known])
482 AC_DEFINE(DISABLE_FD_PASSING, 1,
483 [Define if your platform needs to skip post auth
484 file descriptor passing])
485 AC_DEFINE(SSH_IOBUFSZ, 65535, [Windows is sensitive to read buffer size])
486 ;;
487 *-*-dgux*)
488 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
489 [Define if your system choked on IP TOS setting])
490 AC_DEFINE(SETEUID_BREAKS_SETUID)
491 AC_DEFINE(BROKEN_SETREUID)
492 AC_DEFINE(BROKEN_SETREGID)
493 ;;
494 *-*-darwin*)
495 AC_MSG_CHECKING(if we have working getaddrinfo)
496 AC_TRY_RUN([#include <mach-o/dyld.h>
497 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
498 exit(0);
499 else
500 exit(1);
501 }], [AC_MSG_RESULT(working)],
502 [AC_MSG_RESULT(buggy)
503 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
504 [AC_MSG_RESULT(assume it is working)])
505 AC_DEFINE(SETEUID_BREAKS_SETUID)
506 AC_DEFINE(BROKEN_SETREUID)
507 AC_DEFINE(BROKEN_SETREGID)
508 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
509 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
510 [Define if your resolver libs need this for getrrsetbyname])
511 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
512 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
513 [Use tunnel device compatibility to OpenBSD])
514 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
515 [Prepend the address family to IP tunnel traffic])
516 m4_pattern_allow(AU_IPv)
517 AC_CHECK_DECL(AU_IPv4, [],
518 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
519 [#include <bsm/audit.h>]
520 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
521 [Define if pututxline updates lastlog too])
522 )
523 ;;
524 *-*-dragonfly*)
525 SSHDLIBS="$SSHDLIBS -lcrypt"
526 ;;
527 *-*-haiku*)
528 LIBS="$LIBS -lbsd "
529 AC_CHECK_LIB(network, socket)
530 AC_DEFINE(HAVE_U_INT64_T)
531 MANTYPE=man
532 ;;
533 *-*-hpux*)
534 # first we define all of the options common to all HP-UX releases
535 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
536 IPADDR_IN_DISPLAY=yes
537 AC_DEFINE(USE_PIPES)
538 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
539 [Define if your login program cannot handle end of options ("--")])
540 AC_DEFINE(LOGIN_NEEDS_UTMPX)
541 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
542 [String used in /etc/passwd to denote locked account])
543 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
544 MAIL="/var/mail/username"
545 LIBS="$LIBS -lsec"
546 AC_CHECK_LIB(xnet, t_error, ,
547 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
549 # next, we define all of the options specific to major releases
550 case "$host" in
551 *-*-hpux10*)
552 if test -z "$GCC"; then
553 CFLAGS="$CFLAGS -Ae"
554 fi
555 ;;
556 *-*-hpux11*)
557 AC_DEFINE(PAM_SUN_CODEBASE, 1,
558 [Define if you are using Solaris-derived PAM which
559 passes pam_messages to the conversation function
560 with an extra level of indirection])
561 AC_DEFINE(DISABLE_UTMP, 1,
562 [Define if you don't want to use utmp])
563 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
564 check_for_hpux_broken_getaddrinfo=1
565 check_for_conflicting_getspnam=1
566 ;;
567 esac
569 # lastly, we define options specific to minor releases
570 case "$host" in
571 *-*-hpux10.26)
572 AC_DEFINE(HAVE_SECUREWARE, 1,
573 [Define if you have SecureWare-based
574 protected password database])
575 disable_ptmx_check=yes
576 LIBS="$LIBS -lsecpw"
577 ;;
578 esac
579 ;;
580 *-*-irix5*)
581 PATH="$PATH:/usr/etc"
582 AC_DEFINE(BROKEN_INET_NTOA, 1,
583 [Define if you system's inet_ntoa is busted
584 (e.g. Irix gcc issue)])
585 AC_DEFINE(SETEUID_BREAKS_SETUID)
586 AC_DEFINE(BROKEN_SETREUID)
587 AC_DEFINE(BROKEN_SETREGID)
588 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
589 [Define if you shouldn't strip 'tty' from your
590 ttyname in [uw]tmp])
591 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
592 ;;
593 *-*-irix6*)
594 PATH="$PATH:/usr/etc"
595 AC_DEFINE(WITH_IRIX_ARRAY, 1,
596 [Define if you have/want arrays
597 (cluster-wide session managment, not C arrays)])
598 AC_DEFINE(WITH_IRIX_PROJECT, 1,
599 [Define if you want IRIX project management])
600 AC_DEFINE(WITH_IRIX_AUDIT, 1,
601 [Define if you want IRIX audit trails])
602 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
603 [Define if you want IRIX kernel jobs])])
604 AC_DEFINE(BROKEN_INET_NTOA)
605 AC_DEFINE(SETEUID_BREAKS_SETUID)
606 AC_DEFINE(BROKEN_SETREUID)
607 AC_DEFINE(BROKEN_SETREGID)
608 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
609 AC_DEFINE(WITH_ABBREV_NO_TTY)
610 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
611 ;;
612 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
613 check_for_libcrypt_later=1
614 AC_DEFINE(PAM_TTY_KLUDGE)
615 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
616 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
617 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
618 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
619 ;;
620 *-*-linux*)
621 no_dev_ptmx=1
622 check_for_libcrypt_later=1
623 check_for_openpty_ctty_bug=1
624 AC_DEFINE(PAM_TTY_KLUDGE, 1,
625 [Work around problematic Linux PAM modules handling of PAM_TTY])
626 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
627 [String used in /etc/passwd to denote locked account])
628 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
629 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
630 [Define to whatever link() returns for "not supported"
631 if it doesn't return EOPNOTSUPP.])
632 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
633 AC_DEFINE(USE_BTMP)
634 AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer])
635 inet6_default_4in6=yes
636 case `uname -r` in
637 1.*|2.0.*)
638 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
639 [Define if cmsg_type is not passed correctly])
640 ;;
641 esac
642 # tun(4) forwarding compat code
643 AC_CHECK_HEADERS(linux/if_tun.h)
644 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
645 AC_DEFINE(SSH_TUN_LINUX, 1,
646 [Open tunnel devices the Linux tun/tap way])
647 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
648 [Use tunnel device compatibility to OpenBSD])
649 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
650 [Prepend the address family to IP tunnel traffic])
651 fi
652 ;;
653 mips-sony-bsd|mips-sony-newsos4)
654 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
655 SONY=1
656 ;;
657 *-*-netbsd*)
658 check_for_libcrypt_before=1
659 if test "x$withval" != "xno" ; then
660 need_dash_r=1
661 fi
662 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
663 AC_CHECK_HEADER([net/if_tap.h], ,
664 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
665 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
666 [Prepend the address family to IP tunnel traffic])
667 ;;
668 *-*-freebsd*)
669 check_for_libcrypt_later=1
670 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
671 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
672 AC_CHECK_HEADER([net/if_tap.h], ,
673 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
674 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
675 ;;
676 *-*-bsdi*)
677 AC_DEFINE(SETEUID_BREAKS_SETUID)
678 AC_DEFINE(BROKEN_SETREUID)
679 AC_DEFINE(BROKEN_SETREGID)
680 ;;
681 *-next-*)
682 conf_lastlog_location="/usr/adm/lastlog"
683 conf_utmp_location=/etc/utmp
684 conf_wtmp_location=/usr/adm/wtmp
685 MAIL=/usr/spool/mail
686 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
687 AC_DEFINE(BROKEN_REALPATH)
688 AC_DEFINE(USE_PIPES)
689 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
690 ;;
691 *-*-openbsd*)
692 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
693 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
694 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
695 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
696 [syslog_r function is safe to use in in a signal handler])
697 ;;
698 *-*-solaris*)
699 if test "x$withval" != "xno" ; then
700 need_dash_r=1
701 fi
702 AC_DEFINE(PAM_SUN_CODEBASE)
703 AC_DEFINE(LOGIN_NEEDS_UTMPX)
704 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
705 [Some versions of /bin/login need the TERM supplied
706 on the commandline])
707 AC_DEFINE(PAM_TTY_KLUDGE)
708 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
709 [Define if pam_chauthtok wants real uid set
710 to the unpriv'ed user])
711 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
712 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
713 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
714 [Define if sshd somehow reacquires a controlling TTY
715 after setsid()])
716 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
717 in case the name is longer than 8 chars])
718 AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
719 external_path_file=/etc/default/login
720 # hardwire lastlog location (can't detect it on some versions)
721 conf_lastlog_location="/var/adm/lastlog"
722 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
723 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
724 if test "$sol2ver" -ge 8; then
725 AC_MSG_RESULT(yes)
726 AC_DEFINE(DISABLE_UTMP)
727 AC_DEFINE(DISABLE_WTMP, 1,
728 [Define if you don't want to use wtmp])
729 else
730 AC_MSG_RESULT(no)
731 fi
732 AC_ARG_WITH(solaris-contracts,
733 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
734 [
735 AC_CHECK_LIB(contract, ct_tmpl_activate,
736 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
737 [Define if you have Solaris process contracts])
738 SSHDLIBS="$SSHDLIBS -lcontract"
739 AC_SUBST(SSHDLIBS)
740 SPC_MSG="yes" ], )
741 ],
742 )
743 AC_ARG_WITH(solaris-projects,
744 [ --with-solaris-projects Enable Solaris projects (experimental)],
745 [
746 AC_CHECK_LIB(project, setproject,
747 [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
748 [Define if you have Solaris projects])
749 SSHDLIBS="$SSHDLIBS -lproject"
750 AC_SUBST(SSHDLIBS)
751 SP_MSG="yes" ], )
752 ],
753 )
754 ;;
755 *-*-sunos4*)
756 CPPFLAGS="$CPPFLAGS -DSUNOS4"
757 AC_CHECK_FUNCS(getpwanam)
758 AC_DEFINE(PAM_SUN_CODEBASE)
759 conf_utmp_location=/etc/utmp
760 conf_wtmp_location=/var/adm/wtmp
761 conf_lastlog_location=/var/adm/lastlog
762 AC_DEFINE(USE_PIPES)
763 ;;
764 *-ncr-sysv*)
765 LIBS="$LIBS -lc89"
766 AC_DEFINE(USE_PIPES)
767 AC_DEFINE(SSHD_ACQUIRES_CTTY)
768 AC_DEFINE(SETEUID_BREAKS_SETUID)
769 AC_DEFINE(BROKEN_SETREUID)
770 AC_DEFINE(BROKEN_SETREGID)
771 ;;
772 *-sni-sysv*)
773 # /usr/ucblib MUST NOT be searched on ReliantUNIX
774 AC_CHECK_LIB(dl, dlsym, ,)
775 # -lresolv needs to be at the end of LIBS or DNS lookups break
776 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
777 IPADDR_IN_DISPLAY=yes
778 AC_DEFINE(USE_PIPES)
779 AC_DEFINE(IP_TOS_IS_BROKEN)
780 AC_DEFINE(SETEUID_BREAKS_SETUID)
781 AC_DEFINE(BROKEN_SETREUID)
782 AC_DEFINE(BROKEN_SETREGID)
783 AC_DEFINE(SSHD_ACQUIRES_CTTY)
784 external_path_file=/etc/default/login
785 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
786 # Attention: always take care to bind libsocket and libnsl before libc,
787 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
788 ;;
789 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
790 *-*-sysv4.2*)
791 AC_DEFINE(USE_PIPES)
792 AC_DEFINE(SETEUID_BREAKS_SETUID)
793 AC_DEFINE(BROKEN_SETREUID)
794 AC_DEFINE(BROKEN_SETREGID)
795 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
796 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
797 ;;
798 # UnixWare 7.x, OpenUNIX 8
799 *-*-sysv5*)
800 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
801 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
802 AC_DEFINE(USE_PIPES)
803 AC_DEFINE(SETEUID_BREAKS_SETUID)
804 AC_DEFINE(BROKEN_GETADDRINFO)
805 AC_DEFINE(BROKEN_SETREUID)
806 AC_DEFINE(BROKEN_SETREGID)
807 AC_DEFINE(PASSWD_NEEDS_USERNAME)
808 case "$host" in
809 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
810 TEST_SHELL=/u95/bin/sh
811 AC_DEFINE(BROKEN_LIBIAF, 1,
812 [ia_uinfo routines not supported by OS yet])
813 AC_DEFINE(BROKEN_UPDWTMPX)
814 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
815 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
816 AC_DEFINE(HAVE_SECUREWARE)
817 AC_DEFINE(DISABLE_SHADOW)
818 ],,)
819 ;;
820 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
821 check_for_libcrypt_later=1
822 ;;
823 esac
824 ;;
825 *-*-sysv*)
826 ;;
827 # SCO UNIX and OEM versions of SCO UNIX
828 *-*-sco3.2v4*)
829 AC_MSG_ERROR("This Platform is no longer supported.")
830 ;;
831 # SCO OpenServer 5.x
832 *-*-sco3.2v5*)
833 if test -z "$GCC"; then
834 CFLAGS="$CFLAGS -belf"
835 fi
836 LIBS="$LIBS -lprot -lx -ltinfo -lm"
837 no_dev_ptmx=1
838 AC_DEFINE(USE_PIPES)
839 AC_DEFINE(HAVE_SECUREWARE)
840 AC_DEFINE(DISABLE_SHADOW)
841 AC_DEFINE(DISABLE_FD_PASSING)
842 AC_DEFINE(SETEUID_BREAKS_SETUID)
843 AC_DEFINE(BROKEN_GETADDRINFO)
844 AC_DEFINE(BROKEN_SETREUID)
845 AC_DEFINE(BROKEN_SETREGID)
846 AC_DEFINE(WITH_ABBREV_NO_TTY)
847 AC_DEFINE(BROKEN_UPDWTMPX)
848 AC_DEFINE(PASSWD_NEEDS_USERNAME)
849 AC_CHECK_FUNCS(getluid setluid)
850 MANTYPE=man
851 TEST_SHELL=ksh
852 ;;
853 *-*-unicosmk*)
854 AC_DEFINE(NO_SSH_LASTLOG, 1,
855 [Define if you don't want to use lastlog in session.c])
856 AC_DEFINE(SETEUID_BREAKS_SETUID)
857 AC_DEFINE(BROKEN_SETREUID)
858 AC_DEFINE(BROKEN_SETREGID)
859 AC_DEFINE(USE_PIPES)
860 AC_DEFINE(DISABLE_FD_PASSING)
861 LDFLAGS="$LDFLAGS"
862 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
863 MANTYPE=cat
864 ;;
865 *-*-unicosmp*)
866 AC_DEFINE(SETEUID_BREAKS_SETUID)
867 AC_DEFINE(BROKEN_SETREUID)
868 AC_DEFINE(BROKEN_SETREGID)
869 AC_DEFINE(WITH_ABBREV_NO_TTY)
870 AC_DEFINE(USE_PIPES)
871 AC_DEFINE(DISABLE_FD_PASSING)
872 LDFLAGS="$LDFLAGS"
873 LIBS="$LIBS -lgen -lacid -ldb"
874 MANTYPE=cat
875 ;;
876 *-*-unicos*)
877 AC_DEFINE(SETEUID_BREAKS_SETUID)
878 AC_DEFINE(BROKEN_SETREUID)
879 AC_DEFINE(BROKEN_SETREGID)
880 AC_DEFINE(USE_PIPES)
881 AC_DEFINE(DISABLE_FD_PASSING)
882 AC_DEFINE(NO_SSH_LASTLOG)
883 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
884 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
885 MANTYPE=cat
886 ;;
887 *-dec-osf*)
888 AC_MSG_CHECKING(for Digital Unix SIA)
889 no_osfsia=""
890 AC_ARG_WITH(osfsia,
891 [ --with-osfsia Enable Digital Unix SIA],
892 [
893 if test "x$withval" = "xno" ; then
894 AC_MSG_RESULT(disabled)
895 no_osfsia=1
896 fi
897 ],
898 )
899 if test -z "$no_osfsia" ; then
900 if test -f /etc/sia/matrix.conf; then
901 AC_MSG_RESULT(yes)
902 AC_DEFINE(HAVE_OSF_SIA, 1,
903 [Define if you have Digital Unix Security
904 Integration Architecture])
905 AC_DEFINE(DISABLE_LOGIN, 1,
906 [Define if you don't want to use your
907 system's login() call])
908 AC_DEFINE(DISABLE_FD_PASSING)
909 LIBS="$LIBS -lsecurity -ldb -lm -laud"
910 SIA_MSG="yes"
911 else
912 AC_MSG_RESULT(no)
913 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
914 [String used in /etc/passwd to denote locked account])
915 fi
916 fi
917 AC_DEFINE(BROKEN_GETADDRINFO)
918 AC_DEFINE(SETEUID_BREAKS_SETUID)
919 AC_DEFINE(BROKEN_SETREUID)
920 AC_DEFINE(BROKEN_SETREGID)
921 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
922 ;;
924 *-*-nto-qnx*)
925 AC_DEFINE(USE_PIPES)
926 AC_DEFINE(NO_X11_UNIX_SOCKETS)
927 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
928 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
929 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
930 AC_DEFINE(DISABLE_LASTLOG)
931 AC_DEFINE(SSHD_ACQUIRES_CTTY)
932 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
933 enable_etc_default_login=no # has incompatible /etc/default/login
934 case "$host" in
935 *-*-nto-qnx6*)
936 AC_DEFINE(DISABLE_FD_PASSING)
937 ;;
938 esac
939 ;;
941 *-*-ultrix*)
942 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
943 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
944 AC_DEFINE(NEED_SETPGRP)
945 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
946 ;;
948 *-*-lynxos)
949 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
950 AC_DEFINE(MISSING_HOWMANY)
951 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
952 ;;
953 esac
955 AC_MSG_CHECKING(compiler and flags for sanity)
956 AC_RUN_IFELSE(
957 [AC_LANG_SOURCE([
958 #include <stdio.h>
959 int main(){exit(0);}
960 ])],
961 [ AC_MSG_RESULT(yes) ],
962 [
963 AC_MSG_RESULT(no)
964 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
965 ],
966 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
967 )
969 dnl Checks for header files.
970 # Checks for libraries.
971 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
972 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
974 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
975 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
976 AC_CHECK_LIB(gen, dirname,[
977 AC_CACHE_CHECK([for broken dirname],
978 ac_cv_have_broken_dirname, [
979 save_LIBS="$LIBS"
980 LIBS="$LIBS -lgen"
981 AC_RUN_IFELSE(
982 [AC_LANG_SOURCE([[
983 #include <libgen.h>
984 #include <string.h>
986 int main(int argc, char **argv) {
987 char *s, buf[32];
989 strncpy(buf,"/etc", 32);
990 s = dirname(buf);
991 if (!s || strncmp(s, "/", 32) != 0) {
992 exit(1);
993 } else {
994 exit(0);
995 }
996 }
997 ]])],
998 [ ac_cv_have_broken_dirname="no" ],
999 [ ac_cv_have_broken_dirname="yes" ],
1000 [ ac_cv_have_broken_dirname="no" ],
1001 )
1002 LIBS="$save_LIBS"
1003 ])
1004 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1005 LIBS="$LIBS -lgen"
1006 AC_DEFINE(HAVE_DIRNAME)
1007 AC_CHECK_HEADERS(libgen.h)
1008 fi
1009 ])
1010 ])
1012 AC_CHECK_FUNC(getspnam, ,
1013 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
1014 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
1015 [Define if you have the basename function.]))
1017 dnl zlib is required
1018 AC_ARG_WITH(zlib,
1019 [ --with-zlib=PATH Use zlib in PATH],
1020 [ if test "x$withval" = "xno" ; then
1021 AC_MSG_ERROR([*** zlib is required ***])
1022 elif test "x$withval" != "xyes"; then
1023 if test -d "$withval/lib"; then
1024 if test -n "${need_dash_r}"; then
1025 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1026 else
1027 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1028 fi
1029 else
1030 if test -n "${need_dash_r}"; then
1031 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1032 else
1033 LDFLAGS="-L${withval} ${LDFLAGS}"
1034 fi
1035 fi
1036 if test -d "$withval/include"; then
1037 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1038 else
1039 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1040 fi
1041 fi ]
1042 )
1044 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1045 AC_CHECK_LIB(z, deflate, ,
1046 [
1047 saved_CPPFLAGS="$CPPFLAGS"
1048 saved_LDFLAGS="$LDFLAGS"
1049 save_LIBS="$LIBS"
1050 dnl Check default zlib install dir
1051 if test -n "${need_dash_r}"; then
1052 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1053 else
1054 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1055 fi
1056 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1057 LIBS="$LIBS -lz"
1058 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1059 [
1060 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1061 ]
1062 )
1063 ]
1064 )
1066 AC_ARG_WITH(zlib-version-check,
1067 [ --without-zlib-version-check Disable zlib version check],
1068 [ if test "x$withval" = "xno" ; then
1069 zlib_check_nonfatal=1
1070 fi
1071 ]
1072 )
1074 AC_MSG_CHECKING(for possibly buggy zlib)
1075 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1076 #include <stdio.h>
1077 #include <zlib.h>
1078 int main()
1079 {
1080 int a=0, b=0, c=0, d=0, n, v;
1081 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1082 if (n != 3 && n != 4)
1083 exit(1);
1084 v = a*1000000 + b*10000 + c*100 + d;
1085 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1087 /* 1.1.4 is OK */
1088 if (a == 1 && b == 1 && c >= 4)
1089 exit(0);
1091 /* 1.2.3 and up are OK */
1092 if (v >= 1020300)
1093 exit(0);
1095 exit(2);
1096 }
1097 ]])],
1098 AC_MSG_RESULT(no),
1099 [ AC_MSG_RESULT(yes)
1100 if test -z "$zlib_check_nonfatal" ; then
1101 AC_MSG_ERROR([*** zlib too old - check config.log ***
1102 Your reported zlib version has known security problems. It's possible your
1103 vendor has fixed these problems without changing the version number. If you
1104 are sure this is the case, you can disable the check by running
1105 "./configure --without-zlib-version-check".
1106 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1107 See http://www.gzip.org/zlib/ for details.])
1108 else
1109 AC_MSG_WARN([zlib version may have security problems])
1110 fi
1111 ],
1112 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1113 )
1115 dnl UnixWare 2.x
1116 AC_CHECK_FUNC(strcasecmp,
1117 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1118 )
1119 AC_CHECK_FUNCS(utimes,
1120 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1121 LIBS="$LIBS -lc89"]) ]
1122 )
1124 dnl Checks for libutil functions
1125 AC_CHECK_HEADERS(libutil.h)
1126 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1127 [Define if your libraries define login()])])
1128 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1130 AC_FUNC_STRFTIME
1132 # Check for ALTDIRFUNC glob() extension
1133 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1134 AC_EGREP_CPP(FOUNDIT,
1135 [
1136 #include <glob.h>
1137 #ifdef GLOB_ALTDIRFUNC
1138 FOUNDIT
1139 #endif
1140 ],
1141 [
1142 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1143 [Define if your system glob() function has
1144 the GLOB_ALTDIRFUNC extension])
1145 AC_MSG_RESULT(yes)
1146 ],
1147 [
1148 AC_MSG_RESULT(no)
1149 ]
1150 )
1152 # Check for g.gl_matchc glob() extension
1153 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1154 AC_TRY_COMPILE(
1155 [ #include <glob.h> ],
1156 [glob_t g; g.gl_matchc = 1;],
1157 [
1158 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1159 [Define if your system glob() function has
1160 gl_matchc options in glob_t])
1161 AC_MSG_RESULT(yes)
1162 ],
1163 [
1164 AC_MSG_RESULT(no)
1165 ]
1166 )
1168 # Check for g.gl_statv glob() extension
1169 AC_MSG_CHECKING(for gl_statv and GLOB_KEEPSTAT extensions for glob)
1170 AC_TRY_COMPILE(
1171 [ #include <glob.h> ],
1172 [
1173 #ifndef GLOB_KEEPSTAT
1174 #error "glob does not support GLOB_KEEPSTAT extension"
1175 #endif
1176 glob_t g;
1177 g.gl_statv = NULL;
1178 ],
1179 [
1180 AC_DEFINE(GLOB_HAS_GL_STATV, 1,
1181 [Define if your system glob() function has
1182 gl_statv options in glob_t])
1183 AC_MSG_RESULT(yes)
1184 ],
1185 [
1186 AC_MSG_RESULT(no)
1187 ]
1188 )
1190 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1192 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1193 AC_RUN_IFELSE(
1194 [AC_LANG_SOURCE([[
1195 #include <sys/types.h>
1196 #include <dirent.h>
1197 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1198 ]])],
1199 [AC_MSG_RESULT(yes)],
1200 [
1201 AC_MSG_RESULT(no)
1202 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1203 [Define if your struct dirent expects you to
1204 allocate extra space for d_name])
1205 ],
1206 [
1207 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1208 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1209 ]
1210 )
1212 AC_MSG_CHECKING([for /proc/pid/fd directory])
1213 if test -d "/proc/$$/fd" ; then
1214 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1215 AC_MSG_RESULT(yes)
1216 else
1217 AC_MSG_RESULT(no)
1218 fi
1220 # Check whether user wants S/Key support
1221 SKEY_MSG="no"
1222 AC_ARG_WITH(skey,
1223 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1224 [
1225 if test "x$withval" != "xno" ; then
1227 if test "x$withval" != "xyes" ; then
1228 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1229 LDFLAGS="$LDFLAGS -L${withval}/lib"
1230 fi
1232 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1233 LIBS="-lskey $LIBS"
1234 SKEY_MSG="yes"
1236 AC_MSG_CHECKING([for s/key support])
1237 AC_LINK_IFELSE(
1238 [AC_LANG_SOURCE([[
1239 #include <stdio.h>
1240 #include <skey.h>
1241 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1242 ]])],
1243 [AC_MSG_RESULT(yes)],
1244 [
1245 AC_MSG_RESULT(no)
1246 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1247 ])
1248 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1249 AC_TRY_COMPILE(
1250 [#include <stdio.h>
1251 #include <skey.h>],
1252 [(void)skeychallenge(NULL,"name","",0);],
1253 [AC_MSG_RESULT(yes)
1254 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1255 [Define if your skeychallenge()
1256 function takes 4 arguments (NetBSD)])],
1257 [AC_MSG_RESULT(no)]
1258 )
1259 fi
1260 ]
1261 )
1263 # Check whether user wants TCP wrappers support
1264 TCPW_MSG="no"
1265 AC_ARG_WITH(tcp-wrappers,
1266 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1267 [
1268 if test "x$withval" != "xno" ; then
1269 saved_LIBS="$LIBS"
1270 saved_LDFLAGS="$LDFLAGS"
1271 saved_CPPFLAGS="$CPPFLAGS"
1272 if test -n "${withval}" && \
1273 test "x${withval}" != "xyes"; then
1274 if test -d "${withval}/lib"; then
1275 if test -n "${need_dash_r}"; then
1276 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1277 else
1278 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1279 fi
1280 else
1281 if test -n "${need_dash_r}"; then
1282 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1283 else
1284 LDFLAGS="-L${withval} ${LDFLAGS}"
1285 fi
1286 fi
1287 if test -d "${withval}/include"; then
1288 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1289 else
1290 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1291 fi
1292 fi
1293 LIBS="-lwrap $LIBS"
1294 AC_MSG_CHECKING(for libwrap)
1295 AC_TRY_LINK(
1296 [
1297 #include <sys/types.h>
1298 #include <sys/socket.h>
1299 #include <netinet/in.h>
1300 #include <tcpd.h>
1301 int deny_severity = 0, allow_severity = 0;
1302 ],
1303 [hosts_access(0);],
1304 [
1305 AC_MSG_RESULT(yes)
1306 AC_DEFINE(LIBWRAP, 1,
1307 [Define if you want
1308 TCP Wrappers support])
1309 SSHDLIBS="$SSHDLIBS -lwrap"
1310 TCPW_MSG="yes"
1311 ],
1312 [
1313 AC_MSG_ERROR([*** libwrap missing])
1314 ]
1315 )
1316 LIBS="$saved_LIBS"
1317 fi
1318 ]
1319 )
1321 # Check whether user wants libedit support
1322 LIBEDIT_MSG="no"
1323 AC_ARG_WITH(libedit,
1324 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1325 [ if test "x$withval" != "xno" ; then
1326 if test "x$withval" = "xyes" ; then
1327 AC_PATH_PROG(PKGCONFIG, pkg-config, no)
1328 if test "x$PKGCONFIG" != "xno"; then
1329 AC_MSG_CHECKING(if $PKGCONFIG knows about libedit)
1330 if "$PKGCONFIG" libedit; then
1331 AC_MSG_RESULT(yes)
1332 use_pkgconfig_for_libedit=yes
1333 else
1334 AC_MSG_RESULT(no)
1335 fi
1336 fi
1337 else
1338 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1339 if test -n "${need_dash_r}"; then
1340 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1341 else
1342 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1343 fi
1344 fi
1345 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1346 LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
1347 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1348 else
1349 LIBEDIT="-ledit -lcurses"
1350 fi
1351 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1352 AC_CHECK_LIB(edit, el_init,
1353 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1354 LIBEDIT_MSG="yes"
1355 AC_SUBST(LIBEDIT)
1356 ],
1357 [ AC_MSG_ERROR(libedit not found) ],
1358 [ $OTHERLIBS ]
1359 )
1360 AC_MSG_CHECKING(if libedit version is compatible)
1361 AC_COMPILE_IFELSE(
1362 [AC_LANG_SOURCE([[
1363 #include <histedit.h>
1364 int main(void)
1365 {
1366 int i = H_SETSIZE;
1367 el_init("", NULL, NULL, NULL);
1368 exit(0);
1369 }
1370 ]])],
1371 [ AC_MSG_RESULT(yes) ],
1372 [ AC_MSG_RESULT(no)
1373 AC_MSG_ERROR(libedit version is not compatible) ]
1374 )
1375 fi ]
1376 )
1378 AUDIT_MODULE=none
1379 AC_ARG_WITH(audit,
1380 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1381 [
1382 AC_MSG_CHECKING(for supported audit module)
1383 case "$withval" in
1384 bsm)
1385 AC_MSG_RESULT(bsm)
1386 AUDIT_MODULE=bsm
1387 dnl Checks for headers, libs and functions
1388 AC_CHECK_HEADERS(bsm/audit.h, [],
1389 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1390 [
1391 #ifdef HAVE_TIME_H
1392 # include <time.h>
1393 #endif
1394 ]
1395 )
1396 AC_CHECK_LIB(bsm, getaudit, [],
1397 [AC_MSG_ERROR(BSM enabled and required library not found)])
1398 AC_CHECK_FUNCS(getaudit, [],
1399 [AC_MSG_ERROR(BSM enabled and required function not found)])
1400 # These are optional
1401 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1402 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1403 ;;
1404 debug)
1405 AUDIT_MODULE=debug
1406 AC_MSG_RESULT(debug)
1407 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1408 ;;
1409 no)
1410 AC_MSG_RESULT(no)
1411 ;;
1412 *)
1413 AC_MSG_ERROR([Unknown audit module $withval])
1414 ;;
1415 esac ]
1416 )
1418 dnl Checks for library functions. Please keep in alphabetical order
1419 AC_CHECK_FUNCS( \
1420 arc4random \
1421 arc4random_buf \
1422 arc4random_uniform \
1423 asprintf \
1424 b64_ntop \
1425 __b64_ntop \
1426 b64_pton \
1427 __b64_pton \
1428 bcopy \
1429 bindresvport_sa \
1430 clock \
1431 closefrom \
1432 dirfd \
1433 fchmod \
1434 fchown \
1435 freeaddrinfo \
1436 fstatvfs \
1437 futimes \
1438 getaddrinfo \
1439 getcwd \
1440 getgrouplist \
1441 getnameinfo \
1442 getopt \
1443 getpeereid \
1444 getpeerucred \
1445 _getpty \
1446 getrlimit \
1447 getttyent \
1448 glob \
1449 group_from_gid \
1450 inet_aton \
1451 inet_ntoa \
1452 inet_ntop \
1453 innetgr \
1454 login_getcapbool \
1455 md5_crypt \
1456 memmove \
1457 mkdtemp \
1458 mmap \
1459 ngetaddrinfo \
1460 nsleep \
1461 ogetaddrinfo \
1462 openlog_r \
1463 openpty \
1464 poll \
1465 prctl \
1466 pstat \
1467 readpassphrase \
1468 realpath \
1469 recvmsg \
1470 rresvport_af \
1471 sendmsg \
1472 setdtablesize \
1473 setegid \
1474 setenv \
1475 seteuid \
1476 setgroupent \
1477 setgroups \
1478 setlogin \
1479 setpassent\
1480 setpcred \
1481 setproctitle \
1482 setregid \
1483 setreuid \
1484 setrlimit \
1485 setsid \
1486 setvbuf \
1487 sigaction \
1488 sigvec \
1489 snprintf \
1490 socketpair \
1491 statfs \
1492 statvfs \
1493 strdup \
1494 strerror \
1495 strlcat \
1496 strlcpy \
1497 strmode \
1498 strnvis \
1499 strptime \
1500 strtonum \
1501 strtoll \
1502 strtoul \
1503 swap32 \
1504 sysconf \
1505 tcgetpgrp \
1506 timingsafe_bcmp \
1507 truncate \
1508 unsetenv \
1509 updwtmpx \
1510 user_from_uid \
1511 vasprintf \
1512 vhangup \
1513 vsnprintf \
1514 waitpid \
1515 )
1517 AC_LINK_IFELSE(
1518 [
1519 #include <ctype.h>
1520 int main(void)
1521 {
1522 return (isblank('a'));
1523 }
1524 ],
1525 [AC_DEFINE(HAVE_ISBLANK, 1, [Define if you have isblank(3C).])
1526 ])
1528 # PKCS#11 support requires dlopen() and co
1529 AC_SEARCH_LIBS(dlopen, dl,
1530 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
1531 )
1533 # IRIX has a const char return value for gai_strerror()
1534 AC_CHECK_FUNCS(gai_strerror,[
1535 AC_DEFINE(HAVE_GAI_STRERROR)
1536 AC_TRY_COMPILE([
1537 #include <sys/types.h>
1538 #include <sys/socket.h>
1539 #include <netdb.h>
1541 const char *gai_strerror(int);],[
1542 char *str;
1544 str = gai_strerror(0);],[
1545 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1546 [Define if gai_strerror() returns const char *])])])
1548 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1549 [Some systems put nanosleep outside of libc]))
1551 dnl Make sure prototypes are defined for these before using them.
1552 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1553 AC_CHECK_DECL(strsep,
1554 [AC_CHECK_FUNCS(strsep)],
1555 [],
1556 [
1557 #ifdef HAVE_STRING_H
1558 # include <string.h>
1559 #endif
1560 ])
1562 dnl tcsendbreak might be a macro
1563 AC_CHECK_DECL(tcsendbreak,
1564 [AC_DEFINE(HAVE_TCSENDBREAK)],
1565 [AC_CHECK_FUNCS(tcsendbreak)],
1566 [#include <termios.h>]
1567 )
1569 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1571 AC_CHECK_DECLS(SHUT_RD, , ,
1572 [
1573 #include <sys/types.h>
1574 #include <sys/socket.h>
1575 ])
1577 AC_CHECK_DECLS(O_NONBLOCK, , ,
1578 [
1579 #include <sys/types.h>
1580 #ifdef HAVE_SYS_STAT_H
1581 # include <sys/stat.h>
1582 #endif
1583 #ifdef HAVE_FCNTL_H
1584 # include <fcntl.h>
1585 #endif
1586 ])
1588 AC_CHECK_DECLS(writev, , , [
1589 #include <sys/types.h>
1590 #include <sys/uio.h>
1591 #include <unistd.h>
1592 ])
1594 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1595 #include <sys/param.h>
1596 ])
1598 AC_CHECK_DECLS(offsetof, , , [
1599 #include <stddef.h>
1600 ])
1602 AC_CHECK_FUNCS(setresuid, [
1603 dnl Some platorms have setresuid that isn't implemented, test for this
1604 AC_MSG_CHECKING(if setresuid seems to work)
1605 AC_RUN_IFELSE(
1606 [AC_LANG_SOURCE([[
1607 #include <stdlib.h>
1608 #include <errno.h>
1609 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1610 ]])],
1611 [AC_MSG_RESULT(yes)],
1612 [AC_DEFINE(BROKEN_SETRESUID, 1,
1613 [Define if your setresuid() is broken])
1614 AC_MSG_RESULT(not implemented)],
1615 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1616 )
1617 ])
1619 AC_CHECK_FUNCS(setresgid, [
1620 dnl Some platorms have setresgid that isn't implemented, test for this
1621 AC_MSG_CHECKING(if setresgid seems to work)
1622 AC_RUN_IFELSE(
1623 [AC_LANG_SOURCE([[
1624 #include <stdlib.h>
1625 #include <errno.h>
1626 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1627 ]])],
1628 [AC_MSG_RESULT(yes)],
1629 [AC_DEFINE(BROKEN_SETRESGID, 1,
1630 [Define if your setresgid() is broken])
1631 AC_MSG_RESULT(not implemented)],
1632 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1633 )
1634 ])
1636 dnl Checks for time functions
1637 AC_CHECK_FUNCS(gettimeofday time)
1638 dnl Checks for utmp functions
1639 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1640 AC_CHECK_FUNCS(utmpname)
1641 dnl Checks for utmpx functions
1642 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline getutxuser pututxline)
1643 AC_CHECK_FUNCS(setutxdb setutxent utmpxname)
1644 dnl Checks for lastlog functions
1645 AC_CHECK_FUNCS(getlastlogxbyname)
1647 AC_CHECK_FUNC(daemon,
1648 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1649 [AC_CHECK_LIB(bsd, daemon,
1650 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1651 )
1653 AC_CHECK_FUNC(getpagesize,
1654 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1655 [Define if your libraries define getpagesize()])],
1656 [AC_CHECK_LIB(ucb, getpagesize,
1657 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1658 )
1660 # Check for broken snprintf
1661 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1662 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1663 AC_RUN_IFELSE(
1664 [AC_LANG_SOURCE([[
1665 #include <stdio.h>
1666 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1667 ]])],
1668 [AC_MSG_RESULT(yes)],
1669 [
1670 AC_MSG_RESULT(no)
1671 AC_DEFINE(BROKEN_SNPRINTF, 1,
1672 [Define if your snprintf is busted])
1673 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1674 ],
1675 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1676 )
1677 fi
1679 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1680 # returning the right thing on overflow: the number of characters it tried to
1681 # create (as per SUSv3)
1682 if test "x$ac_cv_func_asprintf" != "xyes" && \
1683 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1684 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1685 AC_RUN_IFELSE(
1686 [AC_LANG_SOURCE([[
1687 #include <sys/types.h>
1688 #include <stdio.h>
1689 #include <stdarg.h>
1691 int x_snprintf(char *str,size_t count,const char *fmt,...)
1692 {
1693 size_t ret; va_list ap;
1694 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1695 return ret;
1696 }
1697 int main(void)
1698 {
1699 char x[1];
1700 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1701 } ]])],
1702 [AC_MSG_RESULT(yes)],
1703 [
1704 AC_MSG_RESULT(no)
1705 AC_DEFINE(BROKEN_SNPRINTF, 1,
1706 [Define if your snprintf is busted])
1707 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1708 ],
1709 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1710 )
1711 fi
1713 # On systems where [v]snprintf is broken, but is declared in stdio,
1714 # check that the fmt argument is const char * or just char *.
1715 # This is only useful for when BROKEN_SNPRINTF
1716 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1717 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1718 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1719 int main(void) { snprintf(0, 0, 0); }
1720 ]])],
1721 [AC_MSG_RESULT(yes)
1722 AC_DEFINE(SNPRINTF_CONST, [const],
1723 [Define as const if snprintf() can declare const char *fmt])],
1724 [AC_MSG_RESULT(no)
1725 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1727 # Check for missing getpeereid (or equiv) support
1728 NO_PEERCHECK=""
1729 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1730 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1731 AC_TRY_COMPILE(
1732 [#include <sys/types.h>
1733 #include <sys/socket.h>],
1734 [int i = SO_PEERCRED;],
1735 [ AC_MSG_RESULT(yes)
1736 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1737 ],
1738 [AC_MSG_RESULT(no)
1739 NO_PEERCHECK=1]
1740 )
1741 fi
1743 dnl see whether mkstemp() requires XXXXXX
1744 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1745 AC_MSG_CHECKING([for (overly) strict mkstemp])
1746 AC_RUN_IFELSE(
1747 [AC_LANG_SOURCE([[
1748 #include <stdlib.h>
1749 main() { char template[]="conftest.mkstemp-test";
1750 if (mkstemp(template) == -1)
1751 exit(1);
1752 unlink(template); exit(0);
1753 }
1754 ]])],
1755 [
1756 AC_MSG_RESULT(no)
1757 ],
1758 [
1759 AC_MSG_RESULT(yes)
1760 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1761 ],
1762 [
1763 AC_MSG_RESULT(yes)
1764 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1765 ]
1766 )
1767 fi
1769 dnl make sure that openpty does not reacquire controlling terminal
1770 if test ! -z "$check_for_openpty_ctty_bug"; then
1771 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1772 AC_RUN_IFELSE(
1773 [AC_LANG_SOURCE([[
1774 #include <stdio.h>
1775 #include <sys/fcntl.h>
1776 #include <sys/types.h>
1777 #include <sys/wait.h>
1779 int
1780 main()
1781 {
1782 pid_t pid;
1783 int fd, ptyfd, ttyfd, status;
1785 pid = fork();
1786 if (pid < 0) { /* failed */
1787 exit(1);
1788 } else if (pid > 0) { /* parent */
1789 waitpid(pid, &status, 0);
1790 if (WIFEXITED(status))
1791 exit(WEXITSTATUS(status));
1792 else
1793 exit(2);
1794 } else { /* child */
1795 close(0); close(1); close(2);
1796 setsid();
1797 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1798 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1799 if (fd >= 0)
1800 exit(3); /* Acquired ctty: broken */
1801 else
1802 exit(0); /* Did not acquire ctty: OK */
1803 }
1804 }
1805 ]])],
1806 [
1807 AC_MSG_RESULT(yes)
1808 ],
1809 [
1810 AC_MSG_RESULT(no)
1811 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1812 ],
1813 [
1814 AC_MSG_RESULT(cross-compiling, assuming yes)
1815 ]
1816 )
1817 fi
1819 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1820 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1821 AC_MSG_CHECKING(if getaddrinfo seems to work)
1822 AC_RUN_IFELSE(
1823 [AC_LANG_SOURCE([[
1824 #include <stdio.h>
1825 #include <sys/socket.h>
1826 #include <netdb.h>
1827 #include <errno.h>
1828 #include <netinet/in.h>
1830 #define TEST_PORT "2222"
1832 int
1833 main(void)
1834 {
1835 int err, sock;
1836 struct addrinfo *gai_ai, *ai, hints;
1837 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1839 memset(&hints, 0, sizeof(hints));
1840 hints.ai_family = PF_UNSPEC;
1841 hints.ai_socktype = SOCK_STREAM;
1842 hints.ai_flags = AI_PASSIVE;
1844 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1845 if (err != 0) {
1846 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1847 exit(1);
1848 }
1850 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1851 if (ai->ai_family != AF_INET6)
1852 continue;
1854 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1855 sizeof(ntop), strport, sizeof(strport),
1856 NI_NUMERICHOST|NI_NUMERICSERV);
1858 if (err != 0) {
1859 if (err == EAI_SYSTEM)
1860 perror("getnameinfo EAI_SYSTEM");
1861 else
1862 fprintf(stderr, "getnameinfo failed: %s\n",
1863 gai_strerror(err));
1864 exit(2);
1865 }
1867 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1868 if (sock < 0)
1869 perror("socket");
1870 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1871 if (errno == EBADF)
1872 exit(3);
1873 }
1874 }
1875 exit(0);
1876 }
1877 ]])],
1878 [
1879 AC_MSG_RESULT(yes)
1880 ],
1881 [
1882 AC_MSG_RESULT(no)
1883 AC_DEFINE(BROKEN_GETADDRINFO)
1884 ],
1885 [
1886 AC_MSG_RESULT(cross-compiling, assuming yes)
1887 ]
1888 )
1889 fi
1891 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1892 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1893 AC_MSG_CHECKING(if getaddrinfo seems to work)
1894 AC_RUN_IFELSE(
1895 [AC_LANG_SOURCE([[
1896 #include <stdio.h>
1897 #include <sys/socket.h>
1898 #include <netdb.h>
1899 #include <errno.h>
1900 #include <netinet/in.h>
1902 #define TEST_PORT "2222"
1904 int
1905 main(void)
1906 {
1907 int err, sock;
1908 struct addrinfo *gai_ai, *ai, hints;
1909 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1911 memset(&hints, 0, sizeof(hints));
1912 hints.ai_family = PF_UNSPEC;
1913 hints.ai_socktype = SOCK_STREAM;
1914 hints.ai_flags = AI_PASSIVE;
1916 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1917 if (err != 0) {
1918 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1919 exit(1);
1920 }
1922 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1923 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1924 continue;
1926 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1927 sizeof(ntop), strport, sizeof(strport),
1928 NI_NUMERICHOST|NI_NUMERICSERV);
1930 if (ai->ai_family == AF_INET && err != 0) {
1931 perror("getnameinfo");
1932 exit(2);
1933 }
1934 }
1935 exit(0);
1936 }
1937 ]])],
1938 [
1939 AC_MSG_RESULT(yes)
1940 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1941 [Define if you have a getaddrinfo that fails
1942 for the all-zeros IPv6 address])
1943 ],
1944 [
1945 AC_MSG_RESULT(no)
1946 AC_DEFINE(BROKEN_GETADDRINFO)
1947 ],
1948 [
1949 AC_MSG_RESULT(cross-compiling, assuming no)
1950 ]
1951 )
1952 fi
1954 if test "x$check_for_conflicting_getspnam" = "x1"; then
1955 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1956 AC_COMPILE_IFELSE(
1957 [
1958 #include <shadow.h>
1959 int main(void) {exit(0);}
1960 ],
1961 [
1962 AC_MSG_RESULT(no)
1963 ],
1964 [
1965 AC_MSG_RESULT(yes)
1966 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1967 [Conflicting defs for getspnam])
1968 ]
1969 )
1970 fi
1972 AC_FUNC_GETPGRP
1974 # Search for OpenSSL
1975 saved_CPPFLAGS="$CPPFLAGS"
1976 saved_LDFLAGS="$LDFLAGS"
1977 AC_ARG_WITH(ssl-dir,
1978 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1979 [
1980 if test "x$withval" != "xno" ; then
1981 case "$withval" in
1982 # Relative paths
1983 ./*|../*) withval="`pwd`/$withval"
1984 esac
1985 if test -d "$withval/lib"; then
1986 if test -n "${need_dash_r}"; then
1987 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1988 else
1989 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1990 fi
1991 elif test -d "$withval/lib64"; then
1992 if test -n "${need_dash_r}"; then
1993 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
1994 else
1995 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
1996 fi
1997 else
1998 if test -n "${need_dash_r}"; then
1999 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2000 else
2001 LDFLAGS="-L${withval} ${LDFLAGS}"
2002 fi
2003 fi
2004 if test -d "$withval/include"; then
2005 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2006 else
2007 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2008 fi
2009 fi
2010 ]
2011 )
2012 LIBS="-lcrypto $LIBS"
2013 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
2014 [Define if your ssl headers are included
2015 with #include <openssl/header.h>]),
2016 [
2017 dnl Check default openssl install dir
2018 if test -n "${need_dash_r}"; then
2019 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2020 else
2021 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2022 fi
2023 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2024 AC_CHECK_HEADER([openssl/opensslv.h], ,
2025 AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
2026 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2027 [
2028 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2029 ]
2030 )
2031 ]
2032 )
2034 # Determine OpenSSL header version
2035 AC_MSG_CHECKING([OpenSSL header version])
2036 AC_RUN_IFELSE(
2037 [AC_LANG_SOURCE([[
2038 #include <stdio.h>
2039 #include <string.h>
2040 #include <openssl/opensslv.h>
2041 #define DATA "conftest.sslincver"
2042 int main(void) {
2043 FILE *fd;
2044 int rc;
2046 fd = fopen(DATA,"w");
2047 if(fd == NULL)
2048 exit(1);
2050 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2051 exit(1);
2053 exit(0);
2054 }
2055 ]])],
2056 [
2057 ssl_header_ver=`cat conftest.sslincver`
2058 AC_MSG_RESULT($ssl_header_ver)
2059 ],
2060 [
2061 AC_MSG_RESULT(not found)
2062 AC_MSG_ERROR(OpenSSL version header not found.)
2063 ],
2064 [
2065 AC_MSG_WARN([cross compiling: not checking])
2066 ]
2067 )
2069 # Determine OpenSSL library version
2070 AC_MSG_CHECKING([OpenSSL library version])
2071 AC_RUN_IFELSE(
2072 [AC_LANG_SOURCE([[
2073 #include <stdio.h>
2074 #include <string.h>
2075 #include <openssl/opensslv.h>
2076 #include <openssl/crypto.h>
2077 #define DATA "conftest.ssllibver"
2078 int main(void) {
2079 FILE *fd;
2080 int rc;
2082 fd = fopen(DATA,"w");
2083 if(fd == NULL)
2084 exit(1);
2086 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2087 exit(1);
2089 exit(0);
2090 }
2091 ]])],
2092 [
2093 ssl_library_ver=`cat conftest.ssllibver`
2094 AC_MSG_RESULT($ssl_library_ver)
2095 ],
2096 [
2097 AC_MSG_RESULT(not found)
2098 AC_MSG_ERROR(OpenSSL library not found.)
2099 ],
2100 [
2101 AC_MSG_WARN([cross compiling: not checking])
2102 ]
2103 )
2105 AC_ARG_WITH(openssl-header-check,
2106 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2107 [ if test "x$withval" = "xno" ; then
2108 openssl_check_nonfatal=1
2109 fi
2110 ]
2111 )
2113 # Sanity check OpenSSL headers
2114 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2115 AC_RUN_IFELSE(
2116 [AC_LANG_SOURCE([[
2117 #include <string.h>
2118 #include <openssl/opensslv.h>
2119 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2120 ]])],
2121 [
2122 AC_MSG_RESULT(yes)
2123 ],
2124 [
2125 AC_MSG_RESULT(no)
2126 if test "x$openssl_check_nonfatal" = "x"; then
2127 AC_MSG_ERROR([Your OpenSSL headers do not match your
2128 library. Check config.log for details.
2129 If you are sure your installation is consistent, you can disable the check
2130 by running "./configure --without-openssl-header-check".
2131 Also see contrib/findssl.sh for help identifying header/library mismatches.
2132 ])
2133 else
2134 AC_MSG_WARN([Your OpenSSL headers do not match your
2135 library. Check config.log for details.
2136 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2137 fi
2138 ],
2139 [
2140 AC_MSG_WARN([cross compiling: not checking])
2141 ]
2142 )
2144 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2145 AC_LINK_IFELSE(
2146 [AC_LANG_SOURCE([[
2147 #include <openssl/evp.h>
2148 int main(void) { SSLeay_add_all_algorithms(); }
2149 ]])],
2150 [
2151 AC_MSG_RESULT(yes)
2152 ],
2153 [
2154 AC_MSG_RESULT(no)
2155 saved_LIBS="$LIBS"
2156 LIBS="$LIBS -ldl"
2157 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2158 AC_LINK_IFELSE(
2159 [AC_LANG_SOURCE([[
2160 #include <openssl/evp.h>
2161 int main(void) { SSLeay_add_all_algorithms(); }
2162 ]])],
2163 [
2164 AC_MSG_RESULT(yes)
2165 ],
2166 [
2167 AC_MSG_RESULT(no)
2168 LIBS="$saved_LIBS"
2169 ]
2170 )
2171 ]
2172 )
2174 AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex)
2176 AC_ARG_WITH(ssl-engine,
2177 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2178 [ if test "x$withval" != "xno" ; then
2179 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2180 AC_TRY_COMPILE(
2181 [ #include <openssl/engine.h>],
2182 [
2183 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2184 ],
2185 [ AC_MSG_RESULT(yes)
2186 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2187 [Enable OpenSSL engine support])
2188 ],
2189 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2190 )
2191 fi ]
2192 )
2194 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2195 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2196 AC_LINK_IFELSE(
2197 [AC_LANG_SOURCE([[
2198 #include <string.h>
2199 #include <openssl/evp.h>
2200 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2201 ]])],
2202 [
2203 AC_MSG_RESULT(no)
2204 ],
2205 [
2206 AC_MSG_RESULT(yes)
2207 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2208 [libcrypto is missing AES 192 and 256 bit functions])
2209 ]
2210 )
2212 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2213 AC_LINK_IFELSE(
2214 [AC_LANG_SOURCE([[
2215 #include <string.h>
2216 #include <openssl/evp.h>
2217 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2218 ]])],
2219 [
2220 AC_MSG_RESULT(yes)
2221 ],
2222 [
2223 AC_MSG_RESULT(no)
2224 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2225 [Define if EVP_DigestUpdate returns void])
2226 ]
2227 )
2229 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2230 # because the system crypt() is more featureful.
2231 if test "x$check_for_libcrypt_before" = "x1"; then
2232 AC_CHECK_LIB(crypt, crypt)
2233 fi
2235 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2236 # version in OpenSSL.
2237 if test "x$check_for_libcrypt_later" = "x1"; then
2238 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2239 fi
2241 # Search for SHA256 support in libc and/or OpenSSL
2242 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2244 # Check complete ECC support in OpenSSL
2245 AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
2246 AC_LINK_IFELSE(
2247 [AC_LANG_SOURCE([[
2248 #include <openssl/ec.h>
2249 #include <openssl/evp.h>
2250 #include <openssl/objects.h>
2251 int main(void) {
2252 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2253 const EVP_MD *m = EVP_sha512(); /* We need this too */
2254 }
2255 ]])],
2256 [
2257 AC_MSG_RESULT(yes)
2258 AC_DEFINE(OPENSSL_HAS_ECC, 1,
2259 [libcrypto includes complete ECC support])
2260 TEST_SSH_ECC=yes
2261 COMMENT_OUT_ECC=""
2262 ],
2263 [
2264 AC_MSG_RESULT(no)
2265 TEST_SSH_ECC=no
2266 COMMENT_OUT_ECC="#no ecc#"
2267 ]
2268 )
2269 AC_SUBST(TEST_SSH_ECC)
2270 AC_SUBST(COMMENT_OUT_ECC)
2272 saved_LIBS="$LIBS"
2273 AC_CHECK_LIB(iaf, ia_openinfo, [
2274 LIBS="$LIBS -liaf"
2275 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2276 AC_DEFINE(HAVE_LIBIAF, 1,
2277 [Define if system has libiaf that supports set_id])
2278 ])
2279 ])
2280 LIBS="$saved_LIBS"
2282 ### Configure cryptographic random number support
2284 # Check wheter OpenSSL seeds itself
2285 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2286 AC_RUN_IFELSE(
2287 [AC_LANG_SOURCE([[
2288 #include <string.h>
2289 #include <openssl/rand.h>
2290 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2291 ]])],
2292 [
2293 OPENSSL_SEEDS_ITSELF=yes
2294 AC_MSG_RESULT(yes)
2295 ],
2296 [
2297 AC_MSG_RESULT(no)
2298 # Default to use of the rand helper if OpenSSL doesn't
2299 # seed itself
2300 USE_RAND_HELPER=yes
2301 ],
2302 [
2303 AC_MSG_WARN([cross compiling: assuming yes])
2304 # This is safe, since all recent OpenSSL versions will
2305 # complain at runtime if not seeded correctly.
2306 OPENSSL_SEEDS_ITSELF=yes
2307 ]
2308 )
2310 # Check for PAM libs
2311 PAM_MSG="no"
2312 AC_ARG_WITH(pam,
2313 [ --with-pam Enable PAM support ],
2314 [
2315 if test "x$withval" != "xno" ; then
2316 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2317 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2318 AC_MSG_ERROR([PAM headers not found])
2319 fi
2321 saved_LIBS="$LIBS"
2322 AC_CHECK_LIB(dl, dlopen, , )
2323 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2324 AC_CHECK_FUNCS(pam_getenvlist)
2325 AC_CHECK_FUNCS(pam_putenv)
2326 LIBS="$saved_LIBS"
2328 PAM_MSG="yes"
2330 SSHDLIBS="$SSHDLIBS -lpam"
2331 AC_DEFINE(USE_PAM, 1,
2332 [Define if you want to enable PAM support])
2334 if test $ac_cv_lib_dl_dlopen = yes; then
2335 case "$LIBS" in
2336 *-ldl*)
2337 # libdl already in LIBS
2338 ;;
2339 *)
2340 SSHDLIBS="$SSHDLIBS -ldl"
2341 ;;
2342 esac
2343 fi
2344 fi
2345 ]
2346 )
2348 # Check for older PAM
2349 if test "x$PAM_MSG" = "xyes" ; then
2350 # Check PAM strerror arguments (old PAM)
2351 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2352 AC_TRY_COMPILE(
2353 [
2354 #include <stdlib.h>
2355 #if defined(HAVE_SECURITY_PAM_APPL_H)
2356 #include <security/pam_appl.h>
2357 #elif defined (HAVE_PAM_PAM_APPL_H)
2358 #include <pam/pam_appl.h>
2359 #endif
2360 ],
2361 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2362 [AC_MSG_RESULT(no)],
2363 [
2364 AC_DEFINE(HAVE_OLD_PAM, 1,
2365 [Define if you have an old version of PAM
2366 which takes only one argument to pam_strerror])
2367 AC_MSG_RESULT(yes)
2368 PAM_MSG="yes (old library)"
2369 ]
2370 )
2371 fi
2373 # Do we want to force the use of the rand helper?
2374 AC_ARG_WITH(rand-helper,
2375 [ --with-rand-helper Use subprocess to gather strong randomness ],
2376 [
2377 if test "x$withval" = "xno" ; then
2378 # Force use of OpenSSL's internal RNG, even if
2379 # the previous test showed it to be unseeded.
2380 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2381 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2382 OPENSSL_SEEDS_ITSELF=yes
2383 USE_RAND_HELPER=""
2384 fi
2385 else
2386 USE_RAND_HELPER=yes
2387 fi
2388 ],
2389 )
2391 # Which randomness source do we use?
2392 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2393 # OpenSSL only
2394 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2395 [Define if you want OpenSSL's internally seeded PRNG only])
2396 RAND_MSG="OpenSSL internal ONLY"
2397 INSTALL_SSH_RAND_HELPER=""
2398 elif test ! -z "$USE_RAND_HELPER" ; then
2399 # install rand helper
2400 RAND_MSG="ssh-rand-helper"
2401 INSTALL_SSH_RAND_HELPER="yes"
2402 fi
2403 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2405 ### Configuration of ssh-rand-helper
2407 # PRNGD TCP socket
2408 AC_ARG_WITH(prngd-port,
2409 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2410 [
2411 case "$withval" in
2412 no)
2413 withval=""
2414 ;;
2415 [[0-9]]*)
2416 ;;
2417 *)
2418 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2419 ;;
2420 esac
2421 if test ! -z "$withval" ; then
2422 PRNGD_PORT="$withval"
2423 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2424 [Port number of PRNGD/EGD random number socket])
2425 fi
2426 ]
2427 )
2429 # PRNGD Unix domain socket
2430 AC_ARG_WITH(prngd-socket,
2431 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2432 [
2433 case "$withval" in
2434 yes)
2435 withval="/var/run/egd-pool"
2436 ;;
2437 no)
2438 withval=""
2439 ;;
2440 /*)
2441 ;;
2442 *)
2443 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2444 ;;
2445 esac
2447 if test ! -z "$withval" ; then
2448 if test ! -z "$PRNGD_PORT" ; then
2449 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2450 fi
2451 if test ! -r "$withval" ; then
2452 AC_MSG_WARN(Entropy socket is not readable)
2453 fi
2454 PRNGD_SOCKET="$withval"
2455 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2456 [Location of PRNGD/EGD random number socket])
2457 fi
2458 ],
2459 [
2460 # Check for existing socket only if we don't have a random device already
2461 if test "$USE_RAND_HELPER" = yes ; then
2462 AC_MSG_CHECKING(for PRNGD/EGD socket)
2463 # Insert other locations here
2464 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2465 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2466 PRNGD_SOCKET="$sock"
2467 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2468 break;
2469 fi
2470 done
2471 if test ! -z "$PRNGD_SOCKET" ; then
2472 AC_MSG_RESULT($PRNGD_SOCKET)
2473 else
2474 AC_MSG_RESULT(not found)
2475 fi
2476 fi
2477 ]
2478 )
2480 # Change default command timeout for hashing entropy source
2481 entropy_timeout=200
2482 AC_ARG_WITH(entropy-timeout,
2483 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2484 [
2485 if test -n "$withval" && test "x$withval" != "xno" && \
2486 test "x${withval}" != "xyes"; then
2487 entropy_timeout=$withval
2488 fi
2489 ]
2490 )
2491 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2492 [Builtin PRNG command timeout])
2494 SSH_PRIVSEP_USER=sshd
2495 AC_ARG_WITH(privsep-user,
2496 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2497 [
2498 if test -n "$withval" && test "x$withval" != "xno" && \
2499 test "x${withval}" != "xyes"; then
2500 SSH_PRIVSEP_USER=$withval
2501 fi
2502 ]
2503 )
2504 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2505 [non-privileged user for privilege separation])
2506 AC_SUBST(SSH_PRIVSEP_USER)
2508 # We do this little dance with the search path to insure
2509 # that programs that we select for use by installed programs
2510 # (which may be run by the super-user) come from trusted
2511 # locations before they come from the user's private area.
2512 # This should help avoid accidentally configuring some
2513 # random version of a program in someone's personal bin.
2515 OPATH=$PATH
2516 PATH=/bin:/usr/bin
2517 test -h /bin 2> /dev/null && PATH=/usr/bin
2518 test -d /sbin && PATH=$PATH:/sbin
2519 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2520 PATH=$PATH:/etc:$OPATH
2522 # These programs are used by the command hashing source to gather entropy
2523 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2524 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2525 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2526 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2527 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2528 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2529 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2530 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2531 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2532 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2533 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2534 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2535 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2536 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2537 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2538 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2539 # restore PATH
2540 PATH=$OPATH
2542 # Where does ssh-rand-helper get its randomness from?
2543 INSTALL_SSH_PRNG_CMDS=""
2544 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2545 if test ! -z "$PRNGD_PORT" ; then
2546 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2547 elif test ! -z "$PRNGD_SOCKET" ; then
2548 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2549 else
2550 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2551 RAND_HELPER_CMDHASH=yes
2552 INSTALL_SSH_PRNG_CMDS="yes"
2553 fi
2554 fi
2555 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2558 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2559 if test ! -z "$SONY" ; then
2560 LIBS="$LIBS -liberty";
2561 fi
2563 # Check for long long datatypes
2564 AC_CHECK_TYPES([long long, unsigned long long, long double])
2566 # Check datatype sizes
2567 AC_CHECK_SIZEOF(char, 1)
2568 AC_CHECK_SIZEOF(short int, 2)
2569 AC_CHECK_SIZEOF(int, 4)
2570 AC_CHECK_SIZEOF(long int, 4)
2571 AC_CHECK_SIZEOF(long long int, 8)
2573 # Sanity check long long for some platforms (AIX)
2574 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2575 ac_cv_sizeof_long_long_int=0
2576 fi
2578 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2579 if test -z "$have_llong_max"; then
2580 AC_MSG_CHECKING([for max value of long long])
2581 AC_RUN_IFELSE(
2582 [AC_LANG_SOURCE([[
2583 #include <stdio.h>
2584 /* Why is this so damn hard? */
2585 #ifdef __GNUC__
2586 # undef __GNUC__
2587 #endif
2588 #define __USE_ISOC99
2589 #include <limits.h>
2590 #define DATA "conftest.llminmax"
2591 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2593 /*
2594 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2595 * we do this the hard way.
2596 */
2597 static int
2598 fprint_ll(FILE *f, long long n)
2599 {
2600 unsigned int i;
2601 int l[sizeof(long long) * 8];
2603 if (n < 0)
2604 if (fprintf(f, "-") < 0)
2605 return -1;
2606 for (i = 0; n != 0; i++) {
2607 l[i] = my_abs(n % 10);
2608 n /= 10;
2609 }
2610 do {
2611 if (fprintf(f, "%d", l[--i]) < 0)
2612 return -1;
2613 } while (i != 0);
2614 if (fprintf(f, " ") < 0)
2615 return -1;
2616 return 0;
2617 }
2619 int main(void) {
2620 FILE *f;
2621 long long i, llmin, llmax = 0;
2623 if((f = fopen(DATA,"w")) == NULL)
2624 exit(1);
2626 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2627 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2628 llmin = LLONG_MIN;
2629 llmax = LLONG_MAX;
2630 #else
2631 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2632 /* This will work on one's complement and two's complement */
2633 for (i = 1; i > llmax; i <<= 1, i++)
2634 llmax = i;
2635 llmin = llmax + 1LL; /* wrap */
2636 #endif
2638 /* Sanity check */
2639 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2640 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2641 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2642 fprintf(f, "unknown unknown\n");
2643 exit(2);
2644 }
2646 if (fprint_ll(f, llmin) < 0)
2647 exit(3);
2648 if (fprint_ll(f, llmax) < 0)
2649 exit(4);
2650 if (fclose(f) < 0)
2651 exit(5);
2652 exit(0);
2653 }
2654 ]])],
2655 [
2656 llong_min=`$AWK '{print $1}' conftest.llminmax`
2657 llong_max=`$AWK '{print $2}' conftest.llminmax`
2659 AC_MSG_RESULT($llong_max)
2660 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2661 [max value of long long calculated by configure])
2662 AC_MSG_CHECKING([for min value of long long])
2663 AC_MSG_RESULT($llong_min)
2664 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2665 [min value of long long calculated by configure])
2666 ],
2667 [
2668 AC_MSG_RESULT(not found)
2669 ],
2670 [
2671 AC_MSG_WARN([cross compiling: not checking])
2672 ]
2673 )
2674 fi
2677 # More checks for data types
2678 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2679 AC_TRY_COMPILE(
2680 [ #include <sys/types.h> ],
2681 [ u_int a; a = 1;],
2682 [ ac_cv_have_u_int="yes" ],
2683 [ ac_cv_have_u_int="no" ]
2684 )
2685 ])
2686 if test "x$ac_cv_have_u_int" = "xyes" ; then
2687 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2688 have_u_int=1
2689 fi
2691 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2692 AC_TRY_COMPILE(
2693 [ #include <sys/types.h> ],
2694 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2695 [ ac_cv_have_intxx_t="yes" ],
2696 [ ac_cv_have_intxx_t="no" ]
2697 )
2698 ])
2699 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2700 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2701 have_intxx_t=1
2702 fi
2704 if (test -z "$have_intxx_t" && \
2705 test "x$ac_cv_header_stdint_h" = "xyes")
2706 then
2707 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2708 AC_TRY_COMPILE(
2709 [ #include <stdint.h> ],
2710 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2711 [
2712 AC_DEFINE(HAVE_INTXX_T)
2713 AC_MSG_RESULT(yes)
2714 ],
2715 [ AC_MSG_RESULT(no) ]
2716 )
2717 fi
2719 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2720 AC_TRY_COMPILE(
2721 [
2722 #include <sys/types.h>
2723 #ifdef HAVE_STDINT_H
2724 # include <stdint.h>
2725 #endif
2726 #include <sys/socket.h>
2727 #ifdef HAVE_SYS_BITYPES_H
2728 # include <sys/bitypes.h>
2729 #endif
2730 ],
2731 [ int64_t a; a = 1;],
2732 [ ac_cv_have_int64_t="yes" ],
2733 [ ac_cv_have_int64_t="no" ]
2734 )
2735 ])
2736 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2737 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2738 fi
2740 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2741 AC_TRY_COMPILE(
2742 [ #include <sys/types.h> ],
2743 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2744 [ ac_cv_have_u_intxx_t="yes" ],
2745 [ ac_cv_have_u_intxx_t="no" ]
2746 )
2747 ])
2748 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2749 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2750 have_u_intxx_t=1
2751 fi
2753 if test -z "$have_u_intxx_t" ; then
2754 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2755 AC_TRY_COMPILE(
2756 [ #include <sys/socket.h> ],
2757 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2758 [
2759 AC_DEFINE(HAVE_U_INTXX_T)
2760 AC_MSG_RESULT(yes)
2761 ],
2762 [ AC_MSG_RESULT(no) ]
2763 )
2764 fi
2766 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2767 AC_TRY_COMPILE(
2768 [ #include <sys/types.h> ],
2769 [ u_int64_t a; a = 1;],
2770 [ ac_cv_have_u_int64_t="yes" ],
2771 [ ac_cv_have_u_int64_t="no" ]
2772 )
2773 ])
2774 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2775 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2776 have_u_int64_t=1
2777 fi
2779 if test -z "$have_u_int64_t" ; then
2780 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2781 AC_TRY_COMPILE(
2782 [ #include <sys/bitypes.h> ],
2783 [ u_int64_t a; a = 1],
2784 [
2785 AC_DEFINE(HAVE_U_INT64_T)
2786 AC_MSG_RESULT(yes)
2787 ],
2788 [ AC_MSG_RESULT(no) ]
2789 )
2790 fi
2792 if test -z "$have_u_intxx_t" ; then
2793 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2794 AC_TRY_COMPILE(
2795 [
2796 #include <sys/types.h>
2797 ],
2798 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2799 [ ac_cv_have_uintxx_t="yes" ],
2800 [ ac_cv_have_uintxx_t="no" ]
2801 )
2802 ])
2803 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2804 AC_DEFINE(HAVE_UINTXX_T, 1,
2805 [define if you have uintxx_t data type])
2806 fi
2807 fi
2809 if test -z "$have_uintxx_t" ; then
2810 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2811 AC_TRY_COMPILE(
2812 [ #include <stdint.h> ],
2813 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2814 [
2815 AC_DEFINE(HAVE_UINTXX_T)
2816 AC_MSG_RESULT(yes)
2817 ],
2818 [ AC_MSG_RESULT(no) ]
2819 )
2820 fi
2822 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2823 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2824 then
2825 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2826 AC_TRY_COMPILE(
2827 [
2828 #include <sys/bitypes.h>
2829 ],
2830 [
2831 int8_t a; int16_t b; int32_t c;
2832 u_int8_t e; u_int16_t f; u_int32_t g;
2833 a = b = c = e = f = g = 1;
2834 ],
2835 [
2836 AC_DEFINE(HAVE_U_INTXX_T)
2837 AC_DEFINE(HAVE_INTXX_T)
2838 AC_MSG_RESULT(yes)
2839 ],
2840 [AC_MSG_RESULT(no)]
2841 )
2842 fi
2845 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2846 AC_TRY_COMPILE(
2847 [
2848 #include <sys/types.h>
2849 ],
2850 [ u_char foo; foo = 125; ],
2851 [ ac_cv_have_u_char="yes" ],
2852 [ ac_cv_have_u_char="no" ]
2853 )
2854 ])
2855 if test "x$ac_cv_have_u_char" = "xyes" ; then
2856 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2857 fi
2859 TYPE_SOCKLEN_T
2861 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2862 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2863 #include <sys/types.h>
2864 #ifdef HAVE_SYS_BITYPES_H
2865 #include <sys/bitypes.h>
2866 #endif
2867 #ifdef HAVE_SYS_STATFS_H
2868 #include <sys/statfs.h>
2869 #endif
2870 #ifdef HAVE_SYS_STATVFS_H
2871 #include <sys/statvfs.h>
2872 #endif
2873 ])
2875 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2876 [#include <sys/types.h>
2877 #include <netinet/in.h>])
2879 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2880 AC_TRY_COMPILE(
2881 [
2882 #include <sys/types.h>
2883 ],
2884 [ size_t foo; foo = 1235; ],
2885 [ ac_cv_have_size_t="yes" ],
2886 [ ac_cv_have_size_t="no" ]
2887 )
2888 ])
2889 if test "x$ac_cv_have_size_t" = "xyes" ; then
2890 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2891 fi
2893 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2894 AC_TRY_COMPILE(
2895 [
2896 #include <sys/types.h>
2897 ],
2898 [ ssize_t foo; foo = 1235; ],
2899 [ ac_cv_have_ssize_t="yes" ],
2900 [ ac_cv_have_ssize_t="no" ]
2901 )
2902 ])
2903 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2904 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2905 fi
2907 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2908 AC_TRY_COMPILE(
2909 [
2910 #include <time.h>
2911 ],
2912 [ clock_t foo; foo = 1235; ],
2913 [ ac_cv_have_clock_t="yes" ],
2914 [ ac_cv_have_clock_t="no" ]
2915 )
2916 ])
2917 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2918 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2919 fi
2921 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2922 AC_TRY_COMPILE(
2923 [
2924 #include <sys/types.h>
2925 #include <sys/socket.h>
2926 ],
2927 [ sa_family_t foo; foo = 1235; ],
2928 [ ac_cv_have_sa_family_t="yes" ],
2929 [ AC_TRY_COMPILE(
2930 [
2931 #include <sys/types.h>
2932 #include <sys/socket.h>
2933 #include <netinet/in.h>
2934 ],
2935 [ sa_family_t foo; foo = 1235; ],
2936 [ ac_cv_have_sa_family_t="yes" ],
2938 [ ac_cv_have_sa_family_t="no" ]
2939 )]
2940 )
2941 ])
2942 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2943 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2944 [define if you have sa_family_t data type])
2945 fi
2947 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2948 AC_TRY_COMPILE(
2949 [
2950 #include <sys/types.h>
2951 ],
2952 [ pid_t foo; foo = 1235; ],
2953 [ ac_cv_have_pid_t="yes" ],
2954 [ ac_cv_have_pid_t="no" ]
2955 )
2956 ])
2957 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2958 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2959 fi
2961 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2962 AC_TRY_COMPILE(
2963 [
2964 #include <sys/types.h>
2965 ],
2966 [ mode_t foo; foo = 1235; ],
2967 [ ac_cv_have_mode_t="yes" ],
2968 [ ac_cv_have_mode_t="no" ]
2969 )
2970 ])
2971 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2972 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2973 fi
2976 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2977 AC_TRY_COMPILE(
2978 [
2979 #include <sys/types.h>
2980 #include <sys/socket.h>
2981 ],
2982 [ struct sockaddr_storage s; ],
2983 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2984 [ ac_cv_have_struct_sockaddr_storage="no" ]
2985 )
2986 ])
2987 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2988 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2989 [define if you have struct sockaddr_storage data type])
2990 fi
2992 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2993 AC_TRY_COMPILE(
2994 [
2995 #include <sys/types.h>
2996 #include <netinet/in.h>
2997 ],
2998 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2999 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3000 [ ac_cv_have_struct_sockaddr_in6="no" ]
3001 )
3002 ])
3003 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3004 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
3005 [define if you have struct sockaddr_in6 data type])
3006 fi
3008 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3009 AC_TRY_COMPILE(
3010 [
3011 #include <sys/types.h>
3012 #include <netinet/in.h>
3013 ],
3014 [ struct in6_addr s; s.s6_addr[0] = 0; ],
3015 [ ac_cv_have_struct_in6_addr="yes" ],
3016 [ ac_cv_have_struct_in6_addr="no" ]
3017 )
3018 ])
3019 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3020 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
3021 [define if you have struct in6_addr data type])
3023 dnl Now check for sin6_scope_id
3024 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
3025 [
3026 #ifdef HAVE_SYS_TYPES_H
3027 #include <sys/types.h>
3028 #endif
3029 #include <netinet/in.h>
3030 ])
3031 fi
3033 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3034 AC_TRY_COMPILE(
3035 [
3036 #include <sys/types.h>
3037 #include <sys/socket.h>
3038 #include <netdb.h>
3039 ],
3040 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
3041 [ ac_cv_have_struct_addrinfo="yes" ],
3042 [ ac_cv_have_struct_addrinfo="no" ]
3043 )
3044 ])
3045 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3046 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
3047 [define if you have struct addrinfo data type])
3048 fi
3050 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3051 AC_TRY_COMPILE(
3052 [ #include <sys/time.h> ],
3053 [ struct timeval tv; tv.tv_sec = 1;],
3054 [ ac_cv_have_struct_timeval="yes" ],
3055 [ ac_cv_have_struct_timeval="no" ]
3056 )
3057 ])
3058 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3059 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3060 have_struct_timeval=1
3061 fi
3063 AC_CHECK_TYPES(struct timespec)
3065 # We need int64_t or else certian parts of the compile will fail.
3066 if test "x$ac_cv_have_int64_t" = "xno" && \
3067 test "x$ac_cv_sizeof_long_int" != "x8" && \
3068 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3069 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3070 echo "an alternative compiler (I.E., GCC) before continuing."
3071 echo ""
3072 exit 1;
3073 else
3074 dnl test snprintf (broken on SCO w/gcc)
3075 AC_RUN_IFELSE(
3076 [AC_LANG_SOURCE([[
3077 #include <stdio.h>
3078 #include <string.h>
3079 #ifdef HAVE_SNPRINTF
3080 main()
3081 {
3082 char buf[50];
3083 char expected_out[50];
3084 int mazsize = 50 ;
3085 #if (SIZEOF_LONG_INT == 8)
3086 long int num = 0x7fffffffffffffff;
3087 #else
3088 long long num = 0x7fffffffffffffffll;
3089 #endif
3090 strcpy(expected_out, "9223372036854775807");
3091 snprintf(buf, mazsize, "%lld", num);
3092 if(strcmp(buf, expected_out) != 0)
3093 exit(1);
3094 exit(0);
3095 }
3096 #else
3097 main() { exit(0); }
3098 #endif
3099 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3100 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3101 )
3102 fi
3104 dnl Checks for structure members
3105 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3106 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3107 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3108 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3109 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3110 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3111 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3112 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3113 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3114 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3115 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3116 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3117 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3118 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3119 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3120 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3121 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3123 AC_CHECK_MEMBERS([struct stat.st_blksize])
3124 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3125 [Define if we don't have struct __res_state in resolv.h])],
3126 [
3127 #include <stdio.h>
3128 #if HAVE_SYS_TYPES_H
3129 # include <sys/types.h>
3130 #endif
3131 #include <netinet/in.h>
3132 #include <arpa/nameser.h>
3133 #include <resolv.h>
3134 ])
3136 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3137 ac_cv_have_ss_family_in_struct_ss, [
3138 AC_TRY_COMPILE(
3139 [
3140 #include <sys/types.h>
3141 #include <sys/socket.h>
3142 ],
3143 [ struct sockaddr_storage s; s.ss_family = 1; ],
3144 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3145 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3146 )
3147 ])
3148 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3149 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3150 fi
3152 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3153 ac_cv_have___ss_family_in_struct_ss, [
3154 AC_TRY_COMPILE(
3155 [
3156 #include <sys/types.h>
3157 #include <sys/socket.h>
3158 ],
3159 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3160 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3161 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3162 )
3163 ])
3164 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3165 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3166 [Fields in struct sockaddr_storage])
3167 fi
3169 AC_CACHE_CHECK([for pw_class field in struct passwd],
3170 ac_cv_have_pw_class_in_struct_passwd, [
3171 AC_TRY_COMPILE(
3172 [
3173 #include <pwd.h>
3174 ],
3175 [ struct passwd p; p.pw_class = 0; ],
3176 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3177 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3178 )
3179 ])
3180 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3181 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3182 [Define if your password has a pw_class field])
3183 fi
3185 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3186 ac_cv_have_pw_expire_in_struct_passwd, [
3187 AC_TRY_COMPILE(
3188 [
3189 #include <pwd.h>
3190 ],
3191 [ struct passwd p; p.pw_expire = 0; ],
3192 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3193 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3194 )
3195 ])
3196 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3197 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3198 [Define if your password has a pw_expire field])
3199 fi
3201 AC_CACHE_CHECK([for pw_change field in struct passwd],
3202 ac_cv_have_pw_change_in_struct_passwd, [
3203 AC_TRY_COMPILE(
3204 [
3205 #include <pwd.h>
3206 ],
3207 [ struct passwd p; p.pw_change = 0; ],
3208 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3209 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3210 )
3211 ])
3212 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3213 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3214 [Define if your password has a pw_change field])
3215 fi
3217 dnl make sure we're using the real structure members and not defines
3218 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3219 ac_cv_have_accrights_in_msghdr, [
3220 AC_COMPILE_IFELSE(
3221 [
3222 #include <sys/types.h>
3223 #include <sys/socket.h>
3224 #include <sys/uio.h>
3225 int main() {
3226 #ifdef msg_accrights
3227 #error "msg_accrights is a macro"
3228 exit(1);
3229 #endif
3230 struct msghdr m;
3231 m.msg_accrights = 0;
3232 exit(0);
3233 }
3234 ],
3235 [ ac_cv_have_accrights_in_msghdr="yes" ],
3236 [ ac_cv_have_accrights_in_msghdr="no" ]
3237 )
3238 ])
3239 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3240 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3241 [Define if your system uses access rights style
3242 file descriptor passing])
3243 fi
3245 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3246 AC_TRY_COMPILE([
3247 #include <sys/types.h>
3248 #include <sys/stat.h>
3249 #ifdef HAVE_SYS_TIME_H
3250 # include <sys/time.h>
3251 #endif
3252 #ifdef HAVE_SYS_MOUNT_H
3253 #include <sys/mount.h>
3254 #endif
3255 #ifdef HAVE_SYS_STATVFS_H
3256 #include <sys/statvfs.h>
3257 #endif
3258 ], [struct statvfs s; s.f_fsid = 0;],
3259 [ AC_MSG_RESULT(yes) ],
3260 [ AC_MSG_RESULT(no)
3262 AC_MSG_CHECKING(if fsid_t has member val)
3263 AC_TRY_COMPILE([
3264 #include <sys/types.h>
3265 #include <sys/statvfs.h>],
3266 [fsid_t t; t.val[0] = 0;],
3267 [ AC_MSG_RESULT(yes)
3268 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3269 [ AC_MSG_RESULT(no) ])
3271 AC_MSG_CHECKING(if f_fsid has member __val)
3272 AC_TRY_COMPILE([
3273 #include <sys/types.h>
3274 #include <sys/statvfs.h>],
3275 [fsid_t t; t.__val[0] = 0;],
3276 [ AC_MSG_RESULT(yes)
3277 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3278 [ AC_MSG_RESULT(no) ])
3279 ])
3281 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3282 ac_cv_have_control_in_msghdr, [
3283 AC_COMPILE_IFELSE(
3284 [
3285 #include <sys/types.h>
3286 #include <sys/socket.h>
3287 #include <sys/uio.h>
3288 int main() {
3289 #ifdef msg_control
3290 #error "msg_control is a macro"
3291 exit(1);
3292 #endif
3293 struct msghdr m;
3294 m.msg_control = 0;
3295 exit(0);
3296 }
3297 ],
3298 [ ac_cv_have_control_in_msghdr="yes" ],
3299 [ ac_cv_have_control_in_msghdr="no" ]
3300 )
3301 ])
3302 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3303 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3304 [Define if your system uses ancillary data style
3305 file descriptor passing])
3306 fi
3308 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3309 AC_TRY_LINK([],
3310 [ extern char *__progname; printf("%s", __progname); ],
3311 [ ac_cv_libc_defines___progname="yes" ],
3312 [ ac_cv_libc_defines___progname="no" ]
3313 )
3314 ])
3315 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3316 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3317 fi
3319 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3320 AC_TRY_LINK([
3321 #include <stdio.h>
3322 ],
3323 [ printf("%s", __FUNCTION__); ],
3324 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3325 [ ac_cv_cc_implements___FUNCTION__="no" ]
3326 )
3327 ])
3328 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3329 AC_DEFINE(HAVE___FUNCTION__, 1,
3330 [Define if compiler implements __FUNCTION__])
3331 fi
3333 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3334 AC_TRY_LINK([
3335 #include <stdio.h>
3336 ],
3337 [ printf("%s", __func__); ],
3338 [ ac_cv_cc_implements___func__="yes" ],
3339 [ ac_cv_cc_implements___func__="no" ]
3340 )
3341 ])
3342 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3343 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3344 fi
3346 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3347 AC_TRY_LINK(
3348 [#include <stdarg.h>
3349 va_list x,y;],
3350 [va_copy(x,y);],
3351 [ ac_cv_have_va_copy="yes" ],
3352 [ ac_cv_have_va_copy="no" ]
3353 )
3354 ])
3355 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3356 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3357 fi
3359 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3360 AC_TRY_LINK(
3361 [#include <stdarg.h>
3362 va_list x,y;],
3363 [__va_copy(x,y);],
3364 [ ac_cv_have___va_copy="yes" ],
3365 [ ac_cv_have___va_copy="no" ]
3366 )
3367 ])
3368 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3369 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3370 fi
3372 AC_CACHE_CHECK([whether getopt has optreset support],
3373 ac_cv_have_getopt_optreset, [
3374 AC_TRY_LINK(
3375 [
3376 #include <getopt.h>
3377 ],
3378 [ extern int optreset; optreset = 0; ],
3379 [ ac_cv_have_getopt_optreset="yes" ],
3380 [ ac_cv_have_getopt_optreset="no" ]
3381 )
3382 ])
3383 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3384 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3385 [Define if your getopt(3) defines and uses optreset])
3386 fi
3388 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3389 AC_TRY_LINK([],
3390 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3391 [ ac_cv_libc_defines_sys_errlist="yes" ],
3392 [ ac_cv_libc_defines_sys_errlist="no" ]
3393 )
3394 ])
3395 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3396 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3397 [Define if your system defines sys_errlist[]])
3398 fi
3401 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3402 AC_TRY_LINK([],
3403 [ extern int sys_nerr; printf("%i", sys_nerr);],
3404 [ ac_cv_libc_defines_sys_nerr="yes" ],
3405 [ ac_cv_libc_defines_sys_nerr="no" ]
3406 )
3407 ])
3408 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3409 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3410 fi
3412 # Check libraries needed by DNS fingerprint support
3413 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3414 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3415 [Define if getrrsetbyname() exists])],
3416 [
3417 # Needed by our getrrsetbyname()
3418 AC_SEARCH_LIBS(res_query, resolv)
3419 AC_SEARCH_LIBS(dn_expand, resolv)
3420 AC_MSG_CHECKING(if res_query will link)
3421 AC_LINK_IFELSE([
3422 #include "confdefs.h"
3423 #include <sys/types.h>
3424 #include <netinet/in.h>
3425 #include <arpa/nameser.h>
3426 #include <netdb.h>
3427 #include <resolv.h>
3428 int main()
3429 {
3430 res_query (0, 0, 0, 0, 0);
3431 return 0;
3432 }
3433 ],
3434 AC_MSG_RESULT(yes),
3435 [AC_MSG_RESULT(no)
3436 saved_LIBS="$LIBS"
3437 LIBS="$LIBS -lresolv"
3438 AC_MSG_CHECKING(for res_query in -lresolv)
3439 AC_LINK_IFELSE([
3440 #include "confdefs.h"
3441 #include <sys/types.h>
3442 #include <netinet/in.h>
3443 #include <arpa/nameser.h>
3444 #include <netdb.h>
3445 #include <resolv.h>
3446 int main()
3447 {
3448 res_query (0, 0, 0, 0, 0);
3449 return 0;
3450 }
3451 ],
3452 [AC_MSG_RESULT(yes)],
3453 [LIBS="$saved_LIBS"
3454 AC_MSG_RESULT(no)])
3455 ])
3456 AC_CHECK_FUNCS(_getshort _getlong)
3457 AC_CHECK_DECLS([_getshort, _getlong], , ,
3458 [#include <sys/types.h>
3459 #include <arpa/nameser.h>])
3460 AC_CHECK_MEMBER(HEADER.ad,
3461 [AC_DEFINE(HAVE_HEADER_AD, 1,
3462 [Define if HEADER.ad exists in arpa/nameser.h])],,
3463 [#include <arpa/nameser.h>])
3464 ])
3466 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3467 AC_LINK_IFELSE([
3468 #include <stdio.h>
3469 #if HAVE_SYS_TYPES_H
3470 # include <sys/types.h>
3471 #endif
3472 #include <netinet/in.h>
3473 #include <arpa/nameser.h>
3474 #include <resolv.h>
3475 extern struct __res_state _res;
3476 int main() { return 0; }
3477 ],
3478 [AC_MSG_RESULT(yes)
3479 AC_DEFINE(HAVE__RES_EXTERN, 1,
3480 [Define if you have struct __res_state _res as an extern])
3481 ],
3482 [ AC_MSG_RESULT(no) ]
3483 )
3485 # Check whether user wants SELinux support
3486 SELINUX_MSG="no"
3487 LIBSELINUX=""
3488 AC_ARG_WITH(selinux,
3489 [ --with-selinux Enable SELinux support],
3490 [ if test "x$withval" != "xno" ; then
3491 save_LIBS="$LIBS"
3492 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3493 SELINUX_MSG="yes"
3494 AC_CHECK_HEADER([selinux/selinux.h], ,
3495 AC_MSG_ERROR(SELinux support requires selinux.h header))
3496 AC_CHECK_LIB(selinux, setexeccon,
3497 [ LIBSELINUX="-lselinux"
3498 LIBS="$LIBS -lselinux"
3499 ],
3500 AC_MSG_ERROR(SELinux support requires libselinux library))
3501 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3502 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3503 LIBS="$save_LIBS"
3504 fi ]
3505 )
3507 # Check whether user wants Kerberos 5 support
3508 KRB5_MSG="no"
3509 AC_ARG_WITH(kerberos5,
3510 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3511 [ if test "x$withval" != "xno" ; then
3512 if test "x$withval" = "xyes" ; then
3513 KRB5ROOT="/usr/local"
3514 else
3515 KRB5ROOT=${withval}
3516 fi
3518 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3519 KRB5_MSG="yes"
3521 AC_PATH_PROG([KRB5CONF],[krb5-config],
3522 [$KRB5ROOT/bin/krb5-config],
3523 [$KRB5ROOT/bin:$PATH])
3524 if test -x $KRB5CONF ; then
3526 AC_MSG_CHECKING(for gssapi support)
3527 if $KRB5CONF | grep gssapi >/dev/null ; then
3528 AC_MSG_RESULT(yes)
3529 AC_DEFINE(GSSAPI, 1,
3530 [Define this if you want GSSAPI
3531 support in the version 2 protocol])
3532 k5confopts=gssapi
3533 else
3534 AC_MSG_RESULT(no)
3535 k5confopts=""
3536 fi
3537 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3538 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3539 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3540 AC_MSG_CHECKING(whether we are using Heimdal)
3541 AC_TRY_COMPILE([ #include <krb5.h> ],
3542 [ char *tmp = heimdal_version; ],
3543 [ AC_MSG_RESULT(yes)
3544 AC_DEFINE(HEIMDAL, 1,
3545 [Define this if you are using the
3546 Heimdal version of Kerberos V5]) ],
3547 AC_MSG_RESULT(no)
3548 )
3549 else
3550 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3551 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3552 AC_MSG_CHECKING(whether we are using Heimdal)
3553 AC_TRY_COMPILE([ #include <krb5.h> ],
3554 [ char *tmp = heimdal_version; ],
3555 [ AC_MSG_RESULT(yes)
3556 AC_DEFINE(HEIMDAL)
3557 K5LIBS="-lkrb5"
3558 K5LIBS="$K5LIBS -lcom_err -lasn1"
3559 AC_CHECK_LIB(roken, net_write,
3560 [K5LIBS="$K5LIBS -lroken"])
3561 AC_CHECK_LIB(des, des_cbc_encrypt,
3562 [K5LIBS="$K5LIBS -ldes"])
3563 ],
3564 [ AC_MSG_RESULT(no)
3565 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3566 ]
3567 )
3568 AC_SEARCH_LIBS(dn_expand, resolv)
3570 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3571 [ AC_DEFINE(GSSAPI)
3572 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3573 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3574 [ AC_DEFINE(GSSAPI)
3575 K5LIBS="-lgssapi $K5LIBS" ],
3576 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3577 $K5LIBS)
3578 ],
3579 $K5LIBS)
3581 AC_CHECK_HEADER(gssapi.h, ,
3582 [ unset ac_cv_header_gssapi_h
3583 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3584 AC_CHECK_HEADERS(gssapi.h, ,
3585 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3586 )
3587 ]
3588 )
3590 oldCPP="$CPPFLAGS"
3591 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3592 AC_CHECK_HEADER(gssapi_krb5.h, ,
3593 [ CPPFLAGS="$oldCPP" ])
3595 fi
3596 if test ! -z "$need_dash_r" ; then
3597 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3598 fi
3599 if test ! -z "$blibpath" ; then
3600 blibpath="$blibpath:${KRB5ROOT}/lib"
3601 fi
3603 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3604 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3605 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3607 LIBS="$LIBS $K5LIBS"
3608 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3609 [Define this if you want to use libkafs' AFS support]))
3610 fi
3611 ]
3612 )
3614 # Looking for programs, paths and files
3616 PRIVSEP_PATH=/var/empty
3617 AC_ARG_WITH(privsep-path,
3618 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3619 [
3620 if test -n "$withval" && test "x$withval" != "xno" && \
3621 test "x${withval}" != "xyes"; then
3622 PRIVSEP_PATH=$withval
3623 fi
3624 ]
3625 )
3626 AC_SUBST(PRIVSEP_PATH)
3628 AC_ARG_WITH(xauth,
3629 [ --with-xauth=PATH Specify path to xauth program ],
3630 [
3631 if test -n "$withval" && test "x$withval" != "xno" && \
3632 test "x${withval}" != "xyes"; then
3633 xauth_path=$withval
3634 fi
3635 ],
3636 [
3637 TestPath="$PATH"
3638 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3639 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3640 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3641 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3642 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3643 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3644 xauth_path="/usr/openwin/bin/xauth"
3645 fi
3646 ]
3647 )
3649 STRIP_OPT=-s
3650 AC_ARG_ENABLE(strip,
3651 [ --disable-strip Disable calling strip(1) on install],
3652 [
3653 if test "x$enableval" = "xno" ; then
3654 STRIP_OPT=
3655 fi
3656 ]
3657 )
3658 AC_SUBST(STRIP_OPT)
3660 if test -z "$xauth_path" ; then
3661 XAUTH_PATH="undefined"
3662 AC_SUBST(XAUTH_PATH)
3663 else
3664 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3665 [Define if xauth is found in your path])
3666 XAUTH_PATH=$xauth_path
3667 AC_SUBST(XAUTH_PATH)
3668 fi
3670 # Check for mail directory (last resort if we cannot get it from headers)
3671 if test ! -z "$MAIL" ; then
3672 maildir=`dirname $MAIL`
3673 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3674 [Set this to your mail directory if you don't have maillock.h])
3675 fi
3677 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3678 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3679 disable_ptmx_check=yes
3680 fi
3681 if test -z "$no_dev_ptmx" ; then
3682 if test "x$disable_ptmx_check" != "xyes" ; then
3683 AC_CHECK_FILE("/dev/ptmx",
3684 [
3685 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3686 [Define if you have /dev/ptmx])
3687 have_dev_ptmx=1
3688 ]
3689 )
3690 fi
3691 fi
3693 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3694 AC_CHECK_FILE("/dev/ptc",
3695 [
3696 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3697 [Define if you have /dev/ptc])
3698 have_dev_ptc=1
3699 ]
3700 )
3701 else
3702 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3703 fi
3705 # Options from here on. Some of these are preset by platform above
3706 AC_ARG_WITH(mantype,
3707 [ --with-mantype=man|cat|doc Set man page type],
3708 [
3709 case "$withval" in
3710 man|cat|doc)
3711 MANTYPE=$withval
3712 ;;
3713 *)
3714 AC_MSG_ERROR(invalid man type: $withval)
3715 ;;
3716 esac
3717 ]
3718 )
3719 if test -z "$MANTYPE"; then
3720 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3721 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3722 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3723 MANTYPE=doc
3724 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3725 MANTYPE=man
3726 else
3727 MANTYPE=cat
3728 fi
3729 fi
3730 AC_SUBST(MANTYPE)
3731 if test "$MANTYPE" = "doc"; then
3732 mansubdir=man;
3733 else
3734 mansubdir=$MANTYPE;
3735 fi
3736 AC_SUBST(mansubdir)
3738 # Check whether to enable MD5 passwords
3739 MD5_MSG="no"
3740 AC_ARG_WITH(md5-passwords,
3741 [ --with-md5-passwords Enable use of MD5 passwords],
3742 [
3743 if test "x$withval" != "xno" ; then
3744 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3745 [Define if you want to allow MD5 passwords])
3746 MD5_MSG="yes"
3747 fi
3748 ]
3749 )
3751 # Whether to disable shadow password support
3752 AC_ARG_WITH(shadow,
3753 [ --without-shadow Disable shadow password support],
3754 [
3755 if test "x$withval" = "xno" ; then
3756 AC_DEFINE(DISABLE_SHADOW)
3757 disable_shadow=yes
3758 fi
3759 ]
3760 )
3762 if test -z "$disable_shadow" ; then
3763 AC_MSG_CHECKING([if the systems has expire shadow information])
3764 AC_TRY_COMPILE(
3765 [
3766 #include <sys/types.h>
3767 #include <shadow.h>
3768 struct spwd sp;
3769 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3770 [ sp_expire_available=yes ], []
3771 )
3773 if test "x$sp_expire_available" = "xyes" ; then
3774 AC_MSG_RESULT(yes)
3775 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3776 [Define if you want to use shadow password expire field])
3777 else
3778 AC_MSG_RESULT(no)
3779 fi
3780 fi
3782 # Use ip address instead of hostname in $DISPLAY
3783 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3784 DISPLAY_HACK_MSG="yes"
3785 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3786 [Define if you need to use IP address
3787 instead of hostname in $DISPLAY])
3788 else
3789 DISPLAY_HACK_MSG="no"
3790 AC_ARG_WITH(ipaddr-display,
3791 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3792 [
3793 if test "x$withval" != "xno" ; then
3794 AC_DEFINE(IPADDR_IN_DISPLAY)
3795 DISPLAY_HACK_MSG="yes"
3796 fi
3797 ]
3798 )
3799 fi
3801 # check for /etc/default/login and use it if present.
3802 AC_ARG_ENABLE(etc-default-login,
3803 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3804 [ if test "x$enableval" = "xno"; then
3805 AC_MSG_NOTICE([/etc/default/login handling disabled])
3806 etc_default_login=no
3807 else
3808 etc_default_login=yes
3809 fi ],
3810 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3811 then
3812 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3813 etc_default_login=no
3814 else
3815 etc_default_login=yes
3816 fi ]
3817 )
3819 if test "x$etc_default_login" != "xno"; then
3820 AC_CHECK_FILE("/etc/default/login",
3821 [ external_path_file=/etc/default/login ])
3822 if test "x$external_path_file" = "x/etc/default/login"; then
3823 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3824 [Define if your system has /etc/default/login])
3825 fi
3826 fi
3828 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3829 if test $ac_cv_func_login_getcapbool = "yes" && \
3830 test $ac_cv_header_login_cap_h = "yes" ; then
3831 external_path_file=/etc/login.conf
3832 fi
3834 # Whether to mess with the default path
3835 SERVER_PATH_MSG="(default)"
3836 AC_ARG_WITH(default-path,
3837 [ --with-default-path= Specify default \$PATH environment for server],
3838 [
3839 if test "x$external_path_file" = "x/etc/login.conf" ; then
3840 AC_MSG_WARN([
3841 --with-default-path=PATH has no effect on this system.
3842 Edit /etc/login.conf instead.])
3843 elif test "x$withval" != "xno" ; then
3844 if test ! -z "$external_path_file" ; then
3845 AC_MSG_WARN([
3846 --with-default-path=PATH will only be used if PATH is not defined in
3847 $external_path_file .])
3848 fi
3849 user_path="$withval"
3850 SERVER_PATH_MSG="$withval"
3851 fi
3852 ],
3853 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3854 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3855 else
3856 if test ! -z "$external_path_file" ; then
3857 AC_MSG_WARN([
3858 If PATH is defined in $external_path_file, ensure the path to scp is included,
3859 otherwise scp will not work.])
3860 fi
3861 AC_RUN_IFELSE(
3862 [AC_LANG_SOURCE([[
3863 /* find out what STDPATH is */
3864 #include <stdio.h>
3865 #ifdef HAVE_PATHS_H
3866 # include <paths.h>
3867 #endif
3868 #ifndef _PATH_STDPATH
3869 # ifdef _PATH_USERPATH /* Irix */
3870 # define _PATH_STDPATH _PATH_USERPATH
3871 # else
3872 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3873 # endif
3874 #endif
3875 #include <sys/types.h>
3876 #include <sys/stat.h>
3877 #include <fcntl.h>
3878 #define DATA "conftest.stdpath"
3880 main()
3881 {
3882 FILE *fd;
3883 int rc;
3885 fd = fopen(DATA,"w");
3886 if(fd == NULL)
3887 exit(1);
3889 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3890 exit(1);
3892 exit(0);
3893 }
3894 ]])],
3895 [ user_path=`cat conftest.stdpath` ],
3896 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3897 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3898 )
3899 # make sure $bindir is in USER_PATH so scp will work
3900 t_bindir=`eval echo ${bindir}`
3901 case $t_bindir in
3902 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3903 esac
3904 case $t_bindir in
3905 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3906 esac
3907 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3908 if test $? -ne 0 ; then
3909 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3910 if test $? -ne 0 ; then
3911 user_path=$user_path:$t_bindir
3912 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3913 fi
3914 fi
3915 fi ]
3916 )
3917 if test "x$external_path_file" != "x/etc/login.conf" ; then
3918 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3919 AC_SUBST(user_path)
3920 fi
3922 # Set superuser path separately to user path
3923 AC_ARG_WITH(superuser-path,
3924 [ --with-superuser-path= Specify different path for super-user],
3925 [
3926 if test -n "$withval" && test "x$withval" != "xno" && \
3927 test "x${withval}" != "xyes"; then
3928 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3929 [Define if you want a different $PATH
3930 for the superuser])
3931 superuser_path=$withval
3932 fi
3933 ]
3934 )
3937 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3938 IPV4_IN6_HACK_MSG="no"
3939 AC_ARG_WITH(4in6,
3940 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3941 [
3942 if test "x$withval" != "xno" ; then
3943 AC_MSG_RESULT(yes)
3944 AC_DEFINE(IPV4_IN_IPV6, 1,
3945 [Detect IPv4 in IPv6 mapped addresses
3946 and treat as IPv4])
3947 IPV4_IN6_HACK_MSG="yes"
3948 else
3949 AC_MSG_RESULT(no)
3950 fi
3951 ],[
3952 if test "x$inet6_default_4in6" = "xyes"; then
3953 AC_MSG_RESULT([yes (default)])
3954 AC_DEFINE(IPV4_IN_IPV6)
3955 IPV4_IN6_HACK_MSG="yes"
3956 else
3957 AC_MSG_RESULT([no (default)])
3958 fi
3959 ]
3960 )
3962 # Whether to enable BSD auth support
3963 BSD_AUTH_MSG=no
3964 AC_ARG_WITH(bsd-auth,
3965 [ --with-bsd-auth Enable BSD auth support],
3966 [
3967 if test "x$withval" != "xno" ; then
3968 AC_DEFINE(BSD_AUTH, 1,
3969 [Define if you have BSD auth support])
3970 BSD_AUTH_MSG=yes
3971 fi
3972 ]
3973 )
3975 # Where to place sshd.pid
3976 piddir=/var/run
3977 # make sure the directory exists
3978 if test ! -d $piddir ; then
3979 piddir=`eval echo ${sysconfdir}`
3980 case $piddir in
3981 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3982 esac
3983 fi
3985 AC_ARG_WITH(pid-dir,
3986 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3987 [
3988 if test -n "$withval" && test "x$withval" != "xno" && \
3989 test "x${withval}" != "xyes"; then
3990 piddir=$withval
3991 if test ! -d $piddir ; then
3992 AC_MSG_WARN([** no $piddir directory on this system **])
3993 fi
3994 fi
3995 ]
3996 )
3998 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3999 AC_SUBST(piddir)
4001 dnl allow user to disable some login recording features
4002 AC_ARG_ENABLE(lastlog,
4003 [ --disable-lastlog disable use of lastlog even if detected [no]],
4004 [
4005 if test "x$enableval" = "xno" ; then
4006 AC_DEFINE(DISABLE_LASTLOG)
4007 fi
4008 ]
4009 )
4010 AC_ARG_ENABLE(utmp,
4011 [ --disable-utmp disable use of utmp even if detected [no]],
4012 [
4013 if test "x$enableval" = "xno" ; then
4014 AC_DEFINE(DISABLE_UTMP)
4015 fi
4016 ]
4017 )
4018 AC_ARG_ENABLE(utmpx,
4019 [ --disable-utmpx disable use of utmpx even if detected [no]],
4020 [
4021 if test "x$enableval" = "xno" ; then
4022 AC_DEFINE(DISABLE_UTMPX, 1,
4023 [Define if you don't want to use utmpx])
4024 fi
4025 ]
4026 )
4027 AC_ARG_ENABLE(wtmp,
4028 [ --disable-wtmp disable use of wtmp even if detected [no]],
4029 [
4030 if test "x$enableval" = "xno" ; then
4031 AC_DEFINE(DISABLE_WTMP)
4032 fi
4033 ]
4034 )
4035 AC_ARG_ENABLE(wtmpx,
4036 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4037 [
4038 if test "x$enableval" = "xno" ; then
4039 AC_DEFINE(DISABLE_WTMPX, 1,
4040 [Define if you don't want to use wtmpx])
4041 fi
4042 ]
4043 )
4044 AC_ARG_ENABLE(libutil,
4045 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4046 [
4047 if test "x$enableval" = "xno" ; then
4048 AC_DEFINE(DISABLE_LOGIN)
4049 fi
4050 ]
4051 )
4052 AC_ARG_ENABLE(pututline,
4053 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4054 [
4055 if test "x$enableval" = "xno" ; then
4056 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4057 [Define if you don't want to use pututline()
4058 etc. to write [uw]tmp])
4059 fi
4060 ]
4061 )
4062 AC_ARG_ENABLE(pututxline,
4063 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4064 [
4065 if test "x$enableval" = "xno" ; then
4066 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4067 [Define if you don't want to use pututxline()
4068 etc. to write [uw]tmpx])
4069 fi
4070 ]
4071 )
4072 AC_ARG_WITH(lastlog,
4073 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4074 [
4075 if test "x$withval" = "xno" ; then
4076 AC_DEFINE(DISABLE_LASTLOG)
4077 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4078 conf_lastlog_location=$withval
4079 fi
4080 ]
4081 )
4083 dnl lastlog, [uw]tmpx? detection
4084 dnl NOTE: set the paths in the platform section to avoid the
4085 dnl need for command-line parameters
4086 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4088 dnl lastlog detection
4089 dnl NOTE: the code itself will detect if lastlog is a directory
4090 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4091 AC_TRY_COMPILE([
4092 #include <sys/types.h>
4093 #include <utmp.h>
4094 #ifdef HAVE_LASTLOG_H
4095 # include <lastlog.h>
4096 #endif
4097 #ifdef HAVE_PATHS_H
4098 # include <paths.h>
4099 #endif
4100 #ifdef HAVE_LOGIN_H
4101 # include <login.h>
4102 #endif
4103 ],
4104 [ char *lastlog = LASTLOG_FILE; ],
4105 [ AC_MSG_RESULT(yes) ],
4106 [
4107 AC_MSG_RESULT(no)
4108 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4109 AC_TRY_COMPILE([
4110 #include <sys/types.h>
4111 #include <utmp.h>
4112 #ifdef HAVE_LASTLOG_H
4113 # include <lastlog.h>
4114 #endif
4115 #ifdef HAVE_PATHS_H
4116 # include <paths.h>
4117 #endif
4118 ],
4119 [ char *lastlog = _PATH_LASTLOG; ],
4120 [ AC_MSG_RESULT(yes) ],
4121 [
4122 AC_MSG_RESULT(no)
4123 system_lastlog_path=no
4124 ])
4125 ]
4126 )
4128 if test -z "$conf_lastlog_location"; then
4129 if test x"$system_lastlog_path" = x"no" ; then
4130 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4131 if (test -d "$f" || test -f "$f") ; then
4132 conf_lastlog_location=$f
4133 fi
4134 done
4135 if test -z "$conf_lastlog_location"; then
4136 AC_MSG_WARN([** Cannot find lastlog **])
4137 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4138 fi
4139 fi
4140 fi
4142 if test -n "$conf_lastlog_location"; then
4143 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4144 [Define if you want to specify the path to your lastlog file])
4145 fi
4147 dnl utmp detection
4148 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4149 AC_TRY_COMPILE([
4150 #include <sys/types.h>
4151 #include <utmp.h>
4152 #ifdef HAVE_PATHS_H
4153 # include <paths.h>
4154 #endif
4155 ],
4156 [ char *utmp = UTMP_FILE; ],
4157 [ AC_MSG_RESULT(yes) ],
4158 [ AC_MSG_RESULT(no)
4159 system_utmp_path=no ]
4160 )
4161 if test -z "$conf_utmp_location"; then
4162 if test x"$system_utmp_path" = x"no" ; then
4163 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4164 if test -f $f ; then
4165 conf_utmp_location=$f
4166 fi
4167 done
4168 if test -z "$conf_utmp_location"; then
4169 AC_DEFINE(DISABLE_UTMP)
4170 fi
4171 fi
4172 fi
4173 if test -n "$conf_utmp_location"; then
4174 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4175 [Define if you want to specify the path to your utmp file])
4176 fi
4178 dnl wtmp detection
4179 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4180 AC_TRY_COMPILE([
4181 #include <sys/types.h>
4182 #include <utmp.h>
4183 #ifdef HAVE_PATHS_H
4184 # include <paths.h>
4185 #endif
4186 ],
4187 [ char *wtmp = WTMP_FILE; ],
4188 [ AC_MSG_RESULT(yes) ],
4189 [ AC_MSG_RESULT(no)
4190 system_wtmp_path=no ]
4191 )
4192 if test -z "$conf_wtmp_location"; then
4193 if test x"$system_wtmp_path" = x"no" ; then
4194 for f in /usr/adm/wtmp /var/log/wtmp; do
4195 if test -f $f ; then
4196 conf_wtmp_location=$f
4197 fi
4198 done
4199 if test -z "$conf_wtmp_location"; then
4200 AC_DEFINE(DISABLE_WTMP)
4201 fi
4202 fi
4203 fi
4204 if test -n "$conf_wtmp_location"; then
4205 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4206 [Define if you want to specify the path to your wtmp file])
4207 fi
4210 dnl wtmpx detection
4211 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4212 AC_TRY_COMPILE([
4213 #include <sys/types.h>
4214 #include <utmp.h>
4215 #ifdef HAVE_UTMPX_H
4216 #include <utmpx.h>
4217 #endif
4218 #ifdef HAVE_PATHS_H
4219 # include <paths.h>
4220 #endif
4221 ],
4222 [ char *wtmpx = WTMPX_FILE; ],
4223 [ AC_MSG_RESULT(yes) ],
4224 [ AC_MSG_RESULT(no)
4225 system_wtmpx_path=no ]
4226 )
4227 if test -z "$conf_wtmpx_location"; then
4228 if test x"$system_wtmpx_path" = x"no" ; then
4229 AC_DEFINE(DISABLE_WTMPX)
4230 fi
4231 else
4232 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4233 [Define if you want to specify the path to your wtmpx file])
4234 fi
4237 if test ! -z "$blibpath" ; then
4238 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4239 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4240 fi
4242 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4243 dnl Add now.
4244 CFLAGS="$CFLAGS $werror_flags"
4246 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4247 TEST_SSH_IPV6=no
4248 else
4249 TEST_SSH_IPV6=yes
4250 fi
4251 AC_CHECK_DECL(BROKEN_GETADDRINFO, TEST_SSH_IPV6=no)
4252 AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6)
4254 AC_EXEEXT
4255 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4256 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4257 ssh_prng_cmds survey.sh])
4258 AC_OUTPUT
4260 # Print summary of options
4262 # Someone please show me a better way :)
4263 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4264 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4265 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4266 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4267 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4268 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4269 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4270 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4271 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4272 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4274 echo ""
4275 echo "OpenSSH has been configured with the following options:"
4276 echo " User binaries: $B"
4277 echo " System binaries: $C"
4278 echo " Configuration files: $D"
4279 echo " Askpass program: $E"
4280 echo " Manual pages: $F"
4281 echo " PID file: $G"
4282 echo " Privilege separation chroot path: $H"
4283 if test "x$external_path_file" = "x/etc/login.conf" ; then
4284 echo " At runtime, sshd will use the path defined in $external_path_file"
4285 echo " Make sure the path to scp is present, otherwise scp will not work"
4286 else
4287 echo " sshd default user PATH: $I"
4288 if test ! -z "$external_path_file"; then
4289 echo " (If PATH is set in $external_path_file it will be used instead. If"
4290 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4291 fi
4292 fi
4293 if test ! -z "$superuser_path" ; then
4294 echo " sshd superuser user PATH: $J"
4295 fi
4296 echo " Manpage format: $MANTYPE"
4297 echo " PAM support: $PAM_MSG"
4298 echo " OSF SIA support: $SIA_MSG"
4299 echo " KerberosV support: $KRB5_MSG"
4300 echo " SELinux support: $SELINUX_MSG"
4301 echo " Smartcard support: $SCARD_MSG"
4302 echo " S/KEY support: $SKEY_MSG"
4303 echo " TCP Wrappers support: $TCPW_MSG"
4304 echo " MD5 password support: $MD5_MSG"
4305 echo " libedit support: $LIBEDIT_MSG"
4306 echo " Solaris process contract support: $SPC_MSG"
4307 echo " Solaris project support: $SP_MSG"
4308 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4309 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4310 echo " BSD Auth support: $BSD_AUTH_MSG"
4311 echo " Random number source: $RAND_MSG"
4312 if test ! -z "$USE_RAND_HELPER" ; then
4313 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4314 fi
4316 echo ""
4318 echo " Host: ${host}"
4319 echo " Compiler: ${CC}"
4320 echo " Compiler flags: ${CFLAGS}"
4321 echo "Preprocessor flags: ${CPPFLAGS}"
4322 echo " Linker flags: ${LDFLAGS}"
4323 echo " Libraries: ${LIBS}"
4324 if test ! -z "${SSHDLIBS}"; then
4325 echo " +for sshd: ${SSHDLIBS}"
4326 fi
4328 echo ""
4330 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4331 echo "SVR4 style packages are supported with \"make package\""
4332 echo ""
4333 fi
4335 if test "x$PAM_MSG" = "xyes" ; then
4336 echo "PAM is enabled. You may need to install a PAM control file "
4337 echo "for sshd, otherwise password authentication may fail. "
4338 echo "Example PAM control files can be found in the contrib/ "
4339 echo "subdirectory"
4340 echo ""
4341 fi
4343 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4344 echo "WARNING: you are using the builtin random number collection "
4345 echo "service. Please read WARNING.RNG and request that your OS "
4346 echo "vendor includes kernel-based random number collection in "
4347 echo "future versions of your OS."
4348 echo ""
4349 fi
4351 if test ! -z "$NO_PEERCHECK" ; then
4352 echo "WARNING: the operating system that you are using does not"
4353 echo "appear to support getpeereid(), getpeerucred() or the"
4354 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4355 echo "enforce security checks to prevent unauthorised connections to"
4356 echo "ssh-agent. Their absence increases the risk that a malicious"
4357 echo "user can connect to your agent."
4358 echo ""
4359 fi
4361 if test "$AUDIT_MODULE" = "bsm" ; then
4362 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4363 echo "See the Solaris section in README.platform for details."
4364 fi