| blob | c8d90ea0dfe0850f2b0f4b063dd74e02fa53c564 |
1 # $Id: configure.ac,v 1.471 2011/01/26 20:38:58 tim Exp $
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18 AC_REVISION($Revision: 1.471 $)
19 AC_CONFIG_SRCDIR([ssh.c])
20 AC_LANG([C])
22 # local macros
23 AC_DEFUN([OPENSSH_CHECK_CFLAG_COMPILE], [{
24 AC_MSG_CHECKING([if $CC supports $1])
25 saved_CFLAGS="$CFLAGS"
26 CFLAGS="$CFLAGS $1"
27 AC_COMPILE_IFELSE([void main(void) { return 0; }],
28 [ AC_MSG_RESULT([yes]) ],
29 [ AC_MSG_RESULT([no])
30 CFLAGS="$saved_CFLAGS" ]
31 )
32 }])
34 AC_CONFIG_HEADER([config.h])
35 AC_PROG_CC
36 AC_CANONICAL_HOST
37 AC_C_BIGENDIAN
39 # Checks for programs.
40 AC_PROG_AWK
41 AC_PROG_CPP
42 AC_PROG_RANLIB
43 AC_PROG_INSTALL
44 AC_PROG_EGREP
45 AC_PATH_PROG([AR], [ar])
46 AC_PATH_PROG([CAT], [cat])
47 AC_PATH_PROG([KILL], [kill])
48 AC_PATH_PROGS([PERL], [perl5 perl])
49 AC_PATH_PROG([SED], [sed])
50 AC_SUBST([PERL])
51 AC_PATH_PROG([ENT], [ent])
52 AC_SUBST([ENT])
53 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
54 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
55 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
56 AC_PATH_PROG([SH], [sh])
57 AC_PATH_PROG([GROFF], [groff])
58 AC_PATH_PROG([NROFF], [nroff])
59 AC_PATH_PROG([MANDOC], [mandoc])
60 AC_SUBST([TEST_SHELL], [sh])
62 dnl select manpage formatter
63 if test "x$MANDOC" != "x" ; then
64 MANFMT="$MANDOC"
65 elif test "x$NROFF" != "x" ; then
66 MANFMT="$NROFF -mandoc"
67 elif test "x$GROFF" != "x" ; then
68 MANFMT="$GROFF -mandoc -Tascii"
69 else
70 AC_MSG_WARN([no manpage formatted found])
71 MANFMT="false"
72 fi
73 AC_SUBST([MANFMT])
75 dnl for buildpkg.sh
76 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
77 [/usr/sbin${PATH_SEPARATOR}/etc])
78 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
79 [/usr/sbin${PATH_SEPARATOR}/etc])
80 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
81 if test -x /sbin/sh; then
82 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
83 else
84 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
85 fi
87 # System features
88 AC_SYS_LARGEFILE
90 if test -z "$AR" ; then
91 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
92 fi
94 # Use LOGIN_PROGRAM from environment if possible
95 if test ! -z "$LOGIN_PROGRAM" ; then
96 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
97 [If your header files don't define LOGIN_PROGRAM,
98 then use this (detected) from environment and PATH])
99 else
100 # Search for login
101 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
102 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
103 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
104 fi
105 fi
107 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
108 if test ! -z "$PATH_PASSWD_PROG" ; then
109 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
110 [Full path of your "passwd" program])
111 fi
113 if test -z "$LD" ; then
114 LD=$CC
115 fi
116 AC_SUBST([LD])
118 AC_C_INLINE
120 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
122 use_stack_protector=1
123 AC_ARG_WITH([stackprotect],
124 [ --without-stackprotect Don't use compiler's stack protection], [
125 if test "x$withval" = "xno"; then
126 use_stack_protector=0
127 fi ])
130 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
131 OPENSSH_CHECK_CFLAG_COMPILE([-Wall])
132 OPENSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
133 OPENSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
134 OPENSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
135 OPENSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
136 OPENSSH_CHECK_CFLAG_COMPILE([-Wno-pointer-sign])
137 OPENSSH_CHECK_CFLAG_COMPILE([-Wno-unused-result])
138 OPENSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
139 AC_MSG_CHECKING([gcc version])
140 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
141 case $GCC_VER in
142 1.*) no_attrib_nonnull=1 ;;
143 2.8* | 2.9*)
144 no_attrib_nonnull=1
145 ;;
146 2.*) no_attrib_nonnull=1 ;;
147 *) ;;
148 esac
149 AC_MSG_RESULT([$GCC_VER])
151 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
152 saved_CFLAGS="$CFLAGS"
153 CFLAGS="$CFLAGS -fno-builtin-memset"
154 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
155 [[ char b[10]; memset(b, 0, sizeof(b)); ]])],
156 [ AC_MSG_RESULT([yes]) ],
157 [ AC_MSG_RESULT([no])
158 CFLAGS="$saved_CFLAGS" ]
159 )
161 # -fstack-protector-all doesn't always work for some GCC versions
162 # and/or platforms, so we test if we can. If it's not supported
163 # on a given platform gcc will emit a warning so we use -Werror.
164 if test "x$use_stack_protector" = "x1"; then
165 for t in -fstack-protector-all -fstack-protector; do
166 AC_MSG_CHECKING([if $CC supports $t])
167 saved_CFLAGS="$CFLAGS"
168 saved_LDFLAGS="$LDFLAGS"
169 CFLAGS="$CFLAGS $t -Werror"
170 LDFLAGS="$LDFLAGS $t -Werror"
171 AC_LINK_IFELSE(
172 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
173 [[
174 char x[256];
175 snprintf(x, sizeof(x), "XXX");
176 ]])],
177 [ AC_MSG_RESULT([yes])
178 CFLAGS="$saved_CFLAGS $t"
179 LDFLAGS="$saved_LDFLAGS $t"
180 AC_MSG_CHECKING([if $t works])
181 AC_RUN_IFELSE(
182 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
183 [[
184 char x[256];
185 snprintf(x, sizeof(x), "XXX");
186 ]])],
187 [ AC_MSG_RESULT([yes])
188 break ],
189 [ AC_MSG_RESULT([no]) ],
190 [ AC_MSG_WARN([cross compiling: cannot test])
191 break ]
192 )
193 ],
194 [ AC_MSG_RESULT([no]) ]
195 )
196 CFLAGS="$saved_CFLAGS"
197 LDFLAGS="$saved_LDFLAGS"
198 done
199 fi
201 if test -z "$have_llong_max"; then
202 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
203 unset ac_cv_have_decl_LLONG_MAX
204 saved_CFLAGS="$CFLAGS"
205 CFLAGS="$CFLAGS -std=gnu99"
206 AC_CHECK_DECL([LLONG_MAX],
207 [have_llong_max=1],
208 [CFLAGS="$saved_CFLAGS"],
209 [#include <limits.h>]
210 )
211 fi
212 fi
214 if test "x$no_attrib_nonnull" != "x1" ; then
215 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
216 fi
218 AC_ARG_WITH([rpath],
219 [ --without-rpath Disable auto-added -R linker paths],
220 [
221 if test "x$withval" = "xno" ; then
222 need_dash_r=""
223 fi
224 if test "x$withval" = "xyes" ; then
225 need_dash_r=1
226 fi
227 ]
228 )
230 # Allow user to specify flags
231 AC_ARG_WITH([cflags],
232 [ --with-cflags Specify additional flags to pass to compiler],
233 [
234 if test -n "$withval" && test "x$withval" != "xno" && \
235 test "x${withval}" != "xyes"; then
236 CFLAGS="$CFLAGS $withval"
237 fi
238 ]
239 )
240 AC_ARG_WITH([cppflags],
241 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
242 [
243 if test -n "$withval" && test "x$withval" != "xno" && \
244 test "x${withval}" != "xyes"; then
245 CPPFLAGS="$CPPFLAGS $withval"
246 fi
247 ]
248 )
249 AC_ARG_WITH([ldflags],
250 [ --with-ldflags Specify additional flags to pass to linker],
251 [
252 if test -n "$withval" && test "x$withval" != "xno" && \
253 test "x${withval}" != "xyes"; then
254 LDFLAGS="$LDFLAGS $withval"
255 fi
256 ]
257 )
258 AC_ARG_WITH([libs],
259 [ --with-libs Specify additional libraries to link with],
260 [
261 if test -n "$withval" && test "x$withval" != "xno" && \
262 test "x${withval}" != "xyes"; then
263 LIBS="$LIBS $withval"
264 fi
265 ]
266 )
267 AC_ARG_WITH([Werror],
268 [ --with-Werror Build main code with -Werror],
269 [
270 if test -n "$withval" && test "x$withval" != "xno"; then
271 werror_flags="-Werror"
272 if test "x${withval}" != "xyes"; then
273 werror_flags="$withval"
274 fi
275 fi
276 ]
277 )
279 AC_CHECK_HEADERS([ \
280 bstring.h \
281 crypt.h \
282 crypto/sha2.h \
283 dirent.h \
284 endian.h \
285 features.h \
286 fcntl.h \
287 floatingpoint.h \
288 getopt.h \
289 glob.h \
290 ia.h \
291 iaf.h \
292 limits.h \
293 login.h \
294 maillock.h \
295 ndir.h \
296 net/if_tun.h \
297 netdb.h \
298 netgroup.h \
299 pam/pam_appl.h \
300 paths.h \
301 poll.h \
302 pty.h \
303 readpassphrase.h \
304 rpc/types.h \
305 security/pam_appl.h \
306 sha2.h \
307 shadow.h \
308 stddef.h \
309 stdint.h \
310 string.h \
311 strings.h \
312 sys/audit.h \
313 sys/bitypes.h \
314 sys/bsdtty.h \
315 sys/cdefs.h \
316 sys/dir.h \
317 sys/mman.h \
318 sys/ndir.h \
319 sys/poll.h \
320 sys/prctl.h \
321 sys/pstat.h \
322 sys/select.h \
323 sys/stat.h \
324 sys/stream.h \
325 sys/stropts.h \
326 sys/strtio.h \
327 sys/statvfs.h \
328 sys/sysmacros.h \
329 sys/time.h \
330 sys/timers.h \
331 sys/un.h \
332 time.h \
333 tmpdir.h \
334 ttyent.h \
335 ucred.h \
336 unistd.h \
337 usersec.h \
338 util.h \
339 utime.h \
340 utmp.h \
341 utmpx.h \
342 vis.h \
343 ])
345 # lastlog.h requires sys/time.h to be included first on Solaris
346 AC_CHECK_HEADERS([lastlog.h], [], [], [
347 #ifdef HAVE_SYS_TIME_H
348 # include <sys/time.h>
349 #endif
350 ])
352 # sys/ptms.h requires sys/stream.h to be included first on Solaris
353 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
354 #ifdef HAVE_SYS_STREAM_H
355 # include <sys/stream.h>
356 #endif
357 ])
359 # login_cap.h requires sys/types.h on NetBSD
360 AC_CHECK_HEADERS([login_cap.h], [], [], [
361 #include <sys/types.h>
362 ])
364 # older BSDs need sys/param.h before sys/mount.h
365 AC_CHECK_HEADERS([sys/mount.h], [], [], [
366 #include <sys/param.h>
367 ])
369 # Messages for features tested for in target-specific section
370 SIA_MSG="no"
371 SPC_MSG="no"
372 SP_MSG="no"
374 # Check for some target-specific stuff
375 case "$host" in
376 *-*-aix*)
377 # Some versions of VAC won't allow macro redefinitions at
378 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
379 # particularly with older versions of vac or xlc.
380 # It also throws errors about null macro argments, but these are
381 # not fatal.
382 AC_MSG_CHECKING([if compiler allows macro redefinitions])
383 AC_COMPILE_IFELSE(
384 [AC_LANG_PROGRAM([[
385 #define testmacro foo
386 #define testmacro bar]],
387 [[ exit(0); ]])],
388 [ AC_MSG_RESULT([yes]) ],
389 [ AC_MSG_RESULT([no])
390 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
391 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
392 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
393 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
394 ]
395 )
397 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
398 if (test -z "$blibpath"); then
399 blibpath="/usr/lib:/lib"
400 fi
401 saved_LDFLAGS="$LDFLAGS"
402 if test "$GCC" = "yes"; then
403 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
404 else
405 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
406 fi
407 for tryflags in $flags ;do
408 if (test -z "$blibflags"); then
409 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
410 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
411 [blibflags=$tryflags], [])
412 fi
413 done
414 if (test -z "$blibflags"); then
415 AC_MSG_RESULT([not found])
416 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
417 else
418 AC_MSG_RESULT([$blibflags])
419 fi
420 LDFLAGS="$saved_LDFLAGS"
421 dnl Check for authenticate. Might be in libs.a on older AIXes
422 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
423 [Define if you want to enable AIX4's authenticate function])],
424 [AC_CHECK_LIB([s], [authenticate],
425 [ AC_DEFINE([WITH_AIXAUTHENTICATE])
426 LIBS="$LIBS -ls"
427 ])
428 ])
429 dnl Check for various auth function declarations in headers.
430 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
431 passwdexpired, setauthdb], , , [#include <usersec.h>])
432 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
433 AC_CHECK_DECLS([loginfailed],
434 [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
435 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
436 [[ (void)loginfailed("user","host","tty",0); ]])],
437 [AC_MSG_RESULT([yes])
438 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
439 [Define if your AIX loginfailed() function
440 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
441 ])],
442 [],
443 [#include <usersec.h>]
444 )
445 AC_CHECK_FUNCS([getgrset setauthdb])
446 AC_CHECK_DECL([F_CLOSEM],
447 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
448 [],
449 [ #include <limits.h>
450 #include <fcntl.h> ]
451 )
452 check_for_aix_broken_getaddrinfo=1
453 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
454 AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
455 [Define if your platform breaks doing a seteuid before a setuid])
456 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
457 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
458 dnl AIX handles lastlog as part of its login message
459 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
460 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
461 [Some systems need a utmpx entry for /bin/login to work])
462 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
463 [Define to a Set Process Title type if your system is
464 supported by bsd-setproctitle.c])
465 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
466 [AIX 5.2 and 5.3 (and presumably newer) require this])
467 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
468 ;;
469 *-*-cygwin*)
470 check_for_libcrypt_later=1
471 LIBS="$LIBS /usr/lib/textreadmode.o"
472 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
473 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
474 AC_DEFINE([DISABLE_SHADOW], [1],
475 [Define if you want to disable shadow passwords])
476 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
477 [Define if X11 doesn't support AF_UNIX sockets on that system])
478 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
479 [Define if the concept of ports only accessible to
480 superusers isn't known])
481 AC_DEFINE([DISABLE_FD_PASSING], [1],
482 [Define if your platform needs to skip post auth
483 file descriptor passing])
484 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
485 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
486 ;;
487 *-*-dgux*)
488 AC_DEFINE([IP_TOS_IS_BROKEN], [1],
489 [Define if your system choked on IP TOS setting])
490 AC_DEFINE([SETEUID_BREAKS_SETUID])
491 AC_DEFINE([BROKEN_SETREUID])
492 AC_DEFINE([BROKEN_SETREGID])
493 ;;
494 *-*-darwin*)
495 AC_MSG_CHECKING([if we have working getaddrinfo])
496 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
497 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
498 exit(0);
499 else
500 exit(1);
501 }
502 ]])],
503 [AC_MSG_RESULT([working])],
504 [AC_MSG_RESULT([buggy])
505 AC_DEFINE([BROKEN_GETADDRINFO], [1],
506 [getaddrinfo is broken (if present)])
507 ],
508 [AC_MSG_RESULT([assume it is working])])
509 AC_DEFINE([SETEUID_BREAKS_SETUID])
510 AC_DEFINE([BROKEN_SETREUID])
511 AC_DEFINE([BROKEN_SETREGID])
512 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
513 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
514 [Define if your resolver libs need this for getrrsetbyname])
515 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
516 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
517 [Use tunnel device compatibility to OpenBSD])
518 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
519 [Prepend the address family to IP tunnel traffic])
520 m4_pattern_allow([AU_IPv])
521 AC_CHECK_DECL([AU_IPv4], [],
522 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
523 [#include <bsm/audit.h>]
524 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
525 [Define if pututxline updates lastlog too])
526 )
527 ;;
528 *-*-dragonfly*)
529 SSHDLIBS="$SSHDLIBS -lcrypt"
530 ;;
531 *-*-haiku*)
532 LIBS="$LIBS -lbsd "
533 AC_CHECK_LIB([network], [socket])
534 AC_DEFINE([HAVE_U_INT64_T])
535 MANTYPE=man
536 ;;
537 *-*-hpux*)
538 # first we define all of the options common to all HP-UX releases
539 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
540 IPADDR_IN_DISPLAY=yes
541 AC_DEFINE([USE_PIPES])
542 AC_DEFINE([LOGIN_NO_ENDOPT], [1],
543 [Define if your login program cannot handle end of options ("--")])
544 AC_DEFINE([LOGIN_NEEDS_UTMPX])
545 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
546 [String used in /etc/passwd to denote locked account])
547 AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
548 MAIL="/var/mail/username"
549 LIBS="$LIBS -lsec"
550 AC_CHECK_LIB([xnet], [t_error], ,
551 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
553 # next, we define all of the options specific to major releases
554 case "$host" in
555 *-*-hpux10*)
556 if test -z "$GCC"; then
557 CFLAGS="$CFLAGS -Ae"
558 fi
559 ;;
560 *-*-hpux11*)
561 AC_DEFINE([PAM_SUN_CODEBASE], [1],
562 [Define if you are using Solaris-derived PAM which
563 passes pam_messages to the conversation function
564 with an extra level of indirection])
565 AC_DEFINE([DISABLE_UTMP], [1],
566 [Define if you don't want to use utmp])
567 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
568 check_for_hpux_broken_getaddrinfo=1
569 check_for_conflicting_getspnam=1
570 ;;
571 esac
573 # lastly, we define options specific to minor releases
574 case "$host" in
575 *-*-hpux10.26)
576 AC_DEFINE([HAVE_SECUREWARE], [1],
577 [Define if you have SecureWare-based
578 protected password database])
579 disable_ptmx_check=yes
580 LIBS="$LIBS -lsecpw"
581 ;;
582 esac
583 ;;
584 *-*-irix5*)
585 PATH="$PATH:/usr/etc"
586 AC_DEFINE([BROKEN_INET_NTOA], [1],
587 [Define if you system's inet_ntoa is busted
588 (e.g. Irix gcc issue)])
589 AC_DEFINE([SETEUID_BREAKS_SETUID])
590 AC_DEFINE([BROKEN_SETREUID])
591 AC_DEFINE([BROKEN_SETREGID])
592 AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
593 [Define if you shouldn't strip 'tty' from your
594 ttyname in [uw]tmp])
595 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
596 ;;
597 *-*-irix6*)
598 PATH="$PATH:/usr/etc"
599 AC_DEFINE([WITH_IRIX_ARRAY], [1],
600 [Define if you have/want arrays
601 (cluster-wide session managment, not C arrays)])
602 AC_DEFINE([WITH_IRIX_PROJECT], [1],
603 [Define if you want IRIX project management])
604 AC_DEFINE([WITH_IRIX_AUDIT], [1],
605 [Define if you want IRIX audit trails])
606 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
607 [Define if you want IRIX kernel jobs])])
608 AC_DEFINE([BROKEN_INET_NTOA])
609 AC_DEFINE([SETEUID_BREAKS_SETUID])
610 AC_DEFINE([BROKEN_SETREUID])
611 AC_DEFINE([BROKEN_SETREGID])
612 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
613 AC_DEFINE([WITH_ABBREV_NO_TTY])
614 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
615 ;;
616 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
617 check_for_libcrypt_later=1
618 AC_DEFINE([PAM_TTY_KLUDGE])
619 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
620 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
621 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
622 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
623 ;;
624 *-*-linux*)
625 no_dev_ptmx=1
626 check_for_libcrypt_later=1
627 check_for_openpty_ctty_bug=1
628 AC_DEFINE([PAM_TTY_KLUDGE], [1],
629 [Work around problematic Linux PAM modules handling of PAM_TTY])
630 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
631 [String used in /etc/passwd to denote locked account])
632 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
633 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
634 [Define to whatever link() returns for "not supported"
635 if it doesn't return EOPNOTSUPP.])
636 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
637 AC_DEFINE([USE_BTMP])
638 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
639 inet6_default_4in6=yes
640 case `uname -r` in
641 1.*|2.0.*)
642 AC_DEFINE([BROKEN_CMSG_TYPE], [1],
643 [Define if cmsg_type is not passed correctly])
644 ;;
645 esac
646 # tun(4) forwarding compat code
647 AC_CHECK_HEADERS([linux/if_tun.h])
648 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
649 AC_DEFINE([SSH_TUN_LINUX], [1],
650 [Open tunnel devices the Linux tun/tap way])
651 AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
652 [Use tunnel device compatibility to OpenBSD])
653 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
654 [Prepend the address family to IP tunnel traffic])
655 fi
656 ;;
657 mips-sony-bsd|mips-sony-newsos4)
658 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
659 SONY=1
660 ;;
661 *-*-netbsd*)
662 check_for_libcrypt_before=1
663 if test "x$withval" != "xno" ; then
664 need_dash_r=1
665 fi
666 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
667 AC_CHECK_HEADER([net/if_tap.h], ,
668 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
669 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
670 [Prepend the address family to IP tunnel traffic])
671 ;;
672 *-*-freebsd*)
673 check_for_libcrypt_later=1
674 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
675 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
676 AC_CHECK_HEADER([net/if_tap.h], ,
677 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
678 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
679 ;;
680 *-*-bsdi*)
681 AC_DEFINE([SETEUID_BREAKS_SETUID])
682 AC_DEFINE([BROKEN_SETREUID])
683 AC_DEFINE([BROKEN_SETREGID])
684 ;;
685 *-next-*)
686 conf_lastlog_location="/usr/adm/lastlog"
687 conf_utmp_location=/etc/utmp
688 conf_wtmp_location=/usr/adm/wtmp
689 MAIL=/usr/spool/mail
690 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
691 AC_DEFINE([BROKEN_REALPATH])
692 AC_DEFINE([USE_PIPES])
693 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
694 ;;
695 *-*-openbsd*)
696 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
697 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
698 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
699 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
700 [syslog_r function is safe to use in in a signal handler])
701 ;;
702 *-*-solaris*)
703 if test "x$withval" != "xno" ; then
704 need_dash_r=1
705 fi
706 AC_DEFINE([PAM_SUN_CODEBASE])
707 AC_DEFINE([LOGIN_NEEDS_UTMPX])
708 AC_DEFINE([LOGIN_NEEDS_TERM], [1],
709 [Some versions of /bin/login need the TERM supplied
710 on the commandline])
711 AC_DEFINE([PAM_TTY_KLUDGE])
712 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
713 [Define if pam_chauthtok wants real uid set
714 to the unpriv'ed user])
715 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
716 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
717 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
718 [Define if sshd somehow reacquires a controlling TTY
719 after setsid()])
720 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
721 in case the name is longer than 8 chars])
722 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
723 external_path_file=/etc/default/login
724 # hardwire lastlog location (can't detect it on some versions)
725 conf_lastlog_location="/var/adm/lastlog"
726 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
727 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
728 if test "$sol2ver" -ge 8; then
729 AC_MSG_RESULT([yes])
730 AC_DEFINE([DISABLE_UTMP])
731 AC_DEFINE([DISABLE_WTMP], [1],
732 [Define if you don't want to use wtmp])
733 else
734 AC_MSG_RESULT([no])
735 fi
736 AC_ARG_WITH([solaris-contracts],
737 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
738 [
739 AC_CHECK_LIB([contract], [ct_tmpl_activate],
740 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
741 [Define if you have Solaris process contracts])
742 SSHDLIBS="$SSHDLIBS -lcontract"
743 SPC_MSG="yes" ], )
744 ],
745 )
746 AC_ARG_WITH([solaris-projects],
747 [ --with-solaris-projects Enable Solaris projects (experimental)],
748 [
749 AC_CHECK_LIB([project], [setproject],
750 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
751 [Define if you have Solaris projects])
752 SSHDLIBS="$SSHDLIBS -lproject"
753 SP_MSG="yes" ], )
754 ],
755 )
756 ;;
757 *-*-sunos4*)
758 CPPFLAGS="$CPPFLAGS -DSUNOS4"
759 AC_CHECK_FUNCS([getpwanam])
760 AC_DEFINE([PAM_SUN_CODEBASE])
761 conf_utmp_location=/etc/utmp
762 conf_wtmp_location=/var/adm/wtmp
763 conf_lastlog_location=/var/adm/lastlog
764 AC_DEFINE([USE_PIPES])
765 ;;
766 *-ncr-sysv*)
767 LIBS="$LIBS -lc89"
768 AC_DEFINE([USE_PIPES])
769 AC_DEFINE([SSHD_ACQUIRES_CTTY])
770 AC_DEFINE([SETEUID_BREAKS_SETUID])
771 AC_DEFINE([BROKEN_SETREUID])
772 AC_DEFINE([BROKEN_SETREGID])
773 ;;
774 *-sni-sysv*)
775 # /usr/ucblib MUST NOT be searched on ReliantUNIX
776 AC_CHECK_LIB([dl], [dlsym], ,)
777 # -lresolv needs to be at the end of LIBS or DNS lookups break
778 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
779 IPADDR_IN_DISPLAY=yes
780 AC_DEFINE([USE_PIPES])
781 AC_DEFINE([IP_TOS_IS_BROKEN])
782 AC_DEFINE([SETEUID_BREAKS_SETUID])
783 AC_DEFINE([BROKEN_SETREUID])
784 AC_DEFINE([BROKEN_SETREGID])
785 AC_DEFINE([SSHD_ACQUIRES_CTTY])
786 external_path_file=/etc/default/login
787 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
788 # Attention: always take care to bind libsocket and libnsl before libc,
789 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
790 ;;
791 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
792 *-*-sysv4.2*)
793 AC_DEFINE([USE_PIPES])
794 AC_DEFINE([SETEUID_BREAKS_SETUID])
795 AC_DEFINE([BROKEN_SETREUID])
796 AC_DEFINE([BROKEN_SETREGID])
797 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
798 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
799 ;;
800 # UnixWare 7.x, OpenUNIX 8
801 *-*-sysv5*)
802 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
803 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
804 AC_DEFINE([USE_PIPES])
805 AC_DEFINE([SETEUID_BREAKS_SETUID])
806 AC_DEFINE([BROKEN_GETADDRINFO])
807 AC_DEFINE([BROKEN_SETREUID])
808 AC_DEFINE([BROKEN_SETREGID])
809 AC_DEFINE([PASSWD_NEEDS_USERNAME])
810 case "$host" in
811 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
812 TEST_SHELL=/u95/bin/sh
813 AC_DEFINE([BROKEN_LIBIAF], [1],
814 [ia_uinfo routines not supported by OS yet])
815 AC_DEFINE([BROKEN_UPDWTMPX])
816 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
817 AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
818 AC_DEFINE([HAVE_SECUREWARE])
819 AC_DEFINE([DISABLE_SHADOW])
820 ], , )
821 ;;
822 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
823 check_for_libcrypt_later=1
824 ;;
825 esac
826 ;;
827 *-*-sysv*)
828 ;;
829 # SCO UNIX and OEM versions of SCO UNIX
830 *-*-sco3.2v4*)
831 AC_MSG_ERROR("This Platform is no longer supported.")
832 ;;
833 # SCO OpenServer 5.x
834 *-*-sco3.2v5*)
835 if test -z "$GCC"; then
836 CFLAGS="$CFLAGS -belf"
837 fi
838 LIBS="$LIBS -lprot -lx -ltinfo -lm"
839 no_dev_ptmx=1
840 AC_DEFINE([USE_PIPES])
841 AC_DEFINE([HAVE_SECUREWARE])
842 AC_DEFINE([DISABLE_SHADOW])
843 AC_DEFINE([DISABLE_FD_PASSING])
844 AC_DEFINE([SETEUID_BREAKS_SETUID])
845 AC_DEFINE([BROKEN_GETADDRINFO])
846 AC_DEFINE([BROKEN_SETREUID])
847 AC_DEFINE([BROKEN_SETREGID])
848 AC_DEFINE([WITH_ABBREV_NO_TTY])
849 AC_DEFINE([BROKEN_UPDWTMPX])
850 AC_DEFINE([PASSWD_NEEDS_USERNAME])
851 AC_CHECK_FUNCS([getluid setluid])
852 MANTYPE=man
853 TEST_SHELL=ksh
854 ;;
855 *-*-unicosmk*)
856 AC_DEFINE([NO_SSH_LASTLOG], [1],
857 [Define if you don't want to use lastlog in session.c])
858 AC_DEFINE([SETEUID_BREAKS_SETUID])
859 AC_DEFINE([BROKEN_SETREUID])
860 AC_DEFINE([BROKEN_SETREGID])
861 AC_DEFINE([USE_PIPES])
862 AC_DEFINE([DISABLE_FD_PASSING])
863 LDFLAGS="$LDFLAGS"
864 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
865 MANTYPE=cat
866 ;;
867 *-*-unicosmp*)
868 AC_DEFINE([SETEUID_BREAKS_SETUID])
869 AC_DEFINE([BROKEN_SETREUID])
870 AC_DEFINE([BROKEN_SETREGID])
871 AC_DEFINE([WITH_ABBREV_NO_TTY])
872 AC_DEFINE([USE_PIPES])
873 AC_DEFINE([DISABLE_FD_PASSING])
874 LDFLAGS="$LDFLAGS"
875 LIBS="$LIBS -lgen -lacid -ldb"
876 MANTYPE=cat
877 ;;
878 *-*-unicos*)
879 AC_DEFINE([SETEUID_BREAKS_SETUID])
880 AC_DEFINE([BROKEN_SETREUID])
881 AC_DEFINE([BROKEN_SETREGID])
882 AC_DEFINE([USE_PIPES])
883 AC_DEFINE([DISABLE_FD_PASSING])
884 AC_DEFINE([NO_SSH_LASTLOG])
885 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
886 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
887 MANTYPE=cat
888 ;;
889 *-dec-osf*)
890 AC_MSG_CHECKING([for Digital Unix SIA])
891 no_osfsia=""
892 AC_ARG_WITH([osfsia],
893 [ --with-osfsia Enable Digital Unix SIA],
894 [
895 if test "x$withval" = "xno" ; then
896 AC_MSG_RESULT([disabled])
897 no_osfsia=1
898 fi
899 ],
900 )
901 if test -z "$no_osfsia" ; then
902 if test -f /etc/sia/matrix.conf; then
903 AC_MSG_RESULT([yes])
904 AC_DEFINE([HAVE_OSF_SIA], [1],
905 [Define if you have Digital Unix Security
906 Integration Architecture])
907 AC_DEFINE([DISABLE_LOGIN], [1],
908 [Define if you don't want to use your
909 system's login() call])
910 AC_DEFINE([DISABLE_FD_PASSING])
911 LIBS="$LIBS -lsecurity -ldb -lm -laud"
912 SIA_MSG="yes"
913 else
914 AC_MSG_RESULT([no])
915 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
916 [String used in /etc/passwd to denote locked account])
917 fi
918 fi
919 AC_DEFINE([BROKEN_GETADDRINFO])
920 AC_DEFINE([SETEUID_BREAKS_SETUID])
921 AC_DEFINE([BROKEN_SETREUID])
922 AC_DEFINE([BROKEN_SETREGID])
923 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
924 ;;
926 *-*-nto-qnx*)
927 AC_DEFINE([USE_PIPES])
928 AC_DEFINE([NO_X11_UNIX_SOCKETS])
929 AC_DEFINE([MISSING_NFDBITS], [1], [Define on *nto-qnx systems])
930 AC_DEFINE([MISSING_HOWMANY], [1], [Define on *nto-qnx systems])
931 AC_DEFINE([MISSING_FD_MASK], [1], [Define on *nto-qnx systems])
932 AC_DEFINE([DISABLE_LASTLOG])
933 AC_DEFINE([SSHD_ACQUIRES_CTTY])
934 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
935 enable_etc_default_login=no # has incompatible /etc/default/login
936 case "$host" in
937 *-*-nto-qnx6*)
938 AC_DEFINE([DISABLE_FD_PASSING])
939 ;;
940 esac
941 ;;
943 *-*-ultrix*)
944 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
945 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
946 AC_DEFINE([NEED_SETPGRP])
947 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
948 ;;
950 *-*-lynxos)
951 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
952 AC_DEFINE([MISSING_HOWMANY])
953 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
954 ;;
955 esac
957 AC_MSG_CHECKING([compiler and flags for sanity])
958 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
959 [ AC_MSG_RESULT([yes]) ],
960 [
961 AC_MSG_RESULT([no])
962 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
963 ],
964 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
965 )
967 dnl Checks for header files.
968 # Checks for libraries.
969 AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
970 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
972 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
973 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
974 AC_CHECK_LIB([gen], [dirname], [
975 AC_CACHE_CHECK([for broken dirname],
976 ac_cv_have_broken_dirname, [
977 save_LIBS="$LIBS"
978 LIBS="$LIBS -lgen"
979 AC_RUN_IFELSE(
980 [AC_LANG_SOURCE([[
981 #include <libgen.h>
982 #include <string.h>
984 int main(int argc, char **argv) {
985 char *s, buf[32];
987 strncpy(buf,"/etc", 32);
988 s = dirname(buf);
989 if (!s || strncmp(s, "/", 32) != 0) {
990 exit(1);
991 } else {
992 exit(0);
993 }
994 }
995 ]])],
996 [ ac_cv_have_broken_dirname="no" ],
997 [ ac_cv_have_broken_dirname="yes" ],
998 [ ac_cv_have_broken_dirname="no" ],
999 )
1000 LIBS="$save_LIBS"
1001 ])
1002 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1003 LIBS="$LIBS -lgen"
1004 AC_DEFINE([HAVE_DIRNAME])
1005 AC_CHECK_HEADERS([libgen.h])
1006 fi
1007 ])
1008 ])
1010 AC_CHECK_FUNC([getspnam], ,
1011 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
1012 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
1013 [Define if you have the basename function.])])
1015 dnl zlib is required
1016 AC_ARG_WITH([zlib],
1017 [ --with-zlib=PATH Use zlib in PATH],
1018 [ if test "x$withval" = "xno" ; then
1019 AC_MSG_ERROR([*** zlib is required ***])
1020 elif test "x$withval" != "xyes"; then
1021 if test -d "$withval/lib"; then
1022 if test -n "${need_dash_r}"; then
1023 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1024 else
1025 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1026 fi
1027 else
1028 if test -n "${need_dash_r}"; then
1029 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1030 else
1031 LDFLAGS="-L${withval} ${LDFLAGS}"
1032 fi
1033 fi
1034 if test -d "$withval/include"; then
1035 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1036 else
1037 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1038 fi
1039 fi ]
1040 )
1042 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
1043 AC_CHECK_LIB([z], [deflate], ,
1044 [
1045 saved_CPPFLAGS="$CPPFLAGS"
1046 saved_LDFLAGS="$LDFLAGS"
1047 save_LIBS="$LIBS"
1048 dnl Check default zlib install dir
1049 if test -n "${need_dash_r}"; then
1050 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1051 else
1052 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1053 fi
1054 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1055 LIBS="$LIBS -lz"
1056 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
1057 [
1058 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1059 ]
1060 )
1061 ]
1062 )
1064 AC_ARG_WITH([zlib-version-check],
1065 [ --without-zlib-version-check Disable zlib version check],
1066 [ if test "x$withval" = "xno" ; then
1067 zlib_check_nonfatal=1
1068 fi
1069 ]
1070 )
1072 AC_MSG_CHECKING([for possibly buggy zlib])
1073 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
1074 #include <stdio.h>
1075 #include <zlib.h>
1076 ]],
1077 [[
1078 int a=0, b=0, c=0, d=0, n, v;
1079 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1080 if (n != 3 && n != 4)
1081 exit(1);
1082 v = a*1000000 + b*10000 + c*100 + d;
1083 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1085 /* 1.1.4 is OK */
1086 if (a == 1 && b == 1 && c >= 4)
1087 exit(0);
1089 /* 1.2.3 and up are OK */
1090 if (v >= 1020300)
1091 exit(0);
1093 exit(2);
1094 ]])],
1095 AC_MSG_RESULT([no]),
1096 [ AC_MSG_RESULT([yes])
1097 if test -z "$zlib_check_nonfatal" ; then
1098 AC_MSG_ERROR([*** zlib too old - check config.log ***
1099 Your reported zlib version has known security problems. It's possible your
1100 vendor has fixed these problems without changing the version number. If you
1101 are sure this is the case, you can disable the check by running
1102 "./configure --without-zlib-version-check".
1103 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1104 See http://www.gzip.org/zlib/ for details.])
1105 else
1106 AC_MSG_WARN([zlib version may have security problems])
1107 fi
1108 ],
1109 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1110 )
1112 dnl UnixWare 2.x
1113 AC_CHECK_FUNC([strcasecmp],
1114 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
1115 )
1116 AC_CHECK_FUNCS([utimes],
1117 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
1118 LIBS="$LIBS -lc89"]) ]
1119 )
1121 dnl Checks for libutil functions
1122 AC_CHECK_HEADERS([libutil.h])
1123 AC_SEARCH_LIBS([login], [util bsd], [AC_DEFINE([HAVE_LOGIN], [1],
1124 [Define if your libraries define login()])])
1125 AC_CHECK_FUNCS([fmt_scaled logout updwtmp logwtmp])
1127 AC_FUNC_STRFTIME
1129 # Check for ALTDIRFUNC glob() extension
1130 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
1131 AC_EGREP_CPP([FOUNDIT],
1132 [
1133 #include <glob.h>
1134 #ifdef GLOB_ALTDIRFUNC
1135 FOUNDIT
1136 #endif
1137 ],
1138 [
1139 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
1140 [Define if your system glob() function has
1141 the GLOB_ALTDIRFUNC extension])
1142 AC_MSG_RESULT([yes])
1143 ],
1144 [
1145 AC_MSG_RESULT([no])
1146 ]
1147 )
1149 # Check for g.gl_matchc glob() extension
1150 AC_MSG_CHECKING([for gl_matchc field in glob_t])
1151 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
1152 [[ glob_t g; g.gl_matchc = 1; ]])],
1153 [
1154 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
1155 [Define if your system glob() function has
1156 gl_matchc options in glob_t])
1157 AC_MSG_RESULT([yes])
1158 ], [
1159 AC_MSG_RESULT([no])
1160 ])
1162 # Check for g.gl_statv glob() extension
1163 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
1164 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
1165 #ifndef GLOB_KEEPSTAT
1166 #error "glob does not support GLOB_KEEPSTAT extension"
1167 #endif
1168 glob_t g;
1169 g.gl_statv = NULL;
1170 ]])],
1171 [
1172 AC_DEFINE([GLOB_HAS_GL_STATV], [1],
1173 [Define if your system glob() function has
1174 gl_statv options in glob_t])
1175 AC_MSG_RESULT([yes])
1176 ], [
1177 AC_MSG_RESULT([no])
1179 ])
1181 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
1183 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1184 AC_RUN_IFELSE(
1185 [AC_LANG_PROGRAM([[
1186 #include <sys/types.h>
1187 #include <dirent.h>]],
1188 [[
1189 struct dirent d;
1190 exit(sizeof(d.d_name)<=sizeof(char));
1191 ]])],
1192 [AC_MSG_RESULT([yes])],
1193 [
1194 AC_MSG_RESULT([no])
1195 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
1196 [Define if your struct dirent expects you to
1197 allocate extra space for d_name])
1198 ],
1199 [
1200 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1201 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
1202 ]
1203 )
1205 AC_MSG_CHECKING([for /proc/pid/fd directory])
1206 if test -d "/proc/$$/fd" ; then
1207 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
1208 AC_MSG_RESULT([yes])
1209 else
1210 AC_MSG_RESULT([no])
1211 fi
1213 # Check whether user wants S/Key support
1214 SKEY_MSG="no"
1215 AC_ARG_WITH([skey],
1216 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1217 [
1218 if test "x$withval" != "xno" ; then
1220 if test "x$withval" != "xyes" ; then
1221 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1222 LDFLAGS="$LDFLAGS -L${withval}/lib"
1223 fi
1225 AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
1226 LIBS="-lskey $LIBS"
1227 SKEY_MSG="yes"
1229 AC_MSG_CHECKING([for s/key support])
1230 AC_LINK_IFELSE(
1231 [AC_LANG_PROGRAM([[
1232 #include <stdio.h>
1233 #include <skey.h>
1234 ]], [[
1235 char *ff = skey_keyinfo(""); ff="";
1236 exit(0);
1237 ]])],
1238 [AC_MSG_RESULT([yes])],
1239 [
1240 AC_MSG_RESULT([no])
1241 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1242 ])
1243 AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
1244 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1245 #include <stdio.h>
1246 #include <skey.h>
1247 ]], [[
1248 (void)skeychallenge(NULL,"name","",0);
1249 ]])],
1250 [
1251 AC_MSG_RESULT([yes])
1252 AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
1253 [Define if your skeychallenge()
1254 function takes 4 arguments (NetBSD)])],
1255 [
1256 AC_MSG_RESULT([no])
1257 ])
1258 fi
1259 ]
1260 )
1262 # Check whether user wants TCP wrappers support
1263 TCPW_MSG="no"
1264 AC_ARG_WITH([tcp-wrappers],
1265 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1266 [
1267 if test "x$withval" != "xno" ; then
1268 saved_LIBS="$LIBS"
1269 saved_LDFLAGS="$LDFLAGS"
1270 saved_CPPFLAGS="$CPPFLAGS"
1271 if test -n "${withval}" && \
1272 test "x${withval}" != "xyes"; then
1273 if test -d "${withval}/lib"; then
1274 if test -n "${need_dash_r}"; then
1275 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1276 else
1277 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1278 fi
1279 else
1280 if test -n "${need_dash_r}"; then
1281 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1282 else
1283 LDFLAGS="-L${withval} ${LDFLAGS}"
1284 fi
1285 fi
1286 if test -d "${withval}/include"; then
1287 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1288 else
1289 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1290 fi
1291 fi
1292 LIBS="-lwrap $LIBS"
1293 AC_MSG_CHECKING([for libwrap])
1294 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
1295 #include <sys/types.h>
1296 #include <sys/socket.h>
1297 #include <netinet/in.h>
1298 #include <tcpd.h>
1299 int deny_severity = 0, allow_severity = 0;
1300 ]], [[
1301 hosts_access(0);
1302 ]])], [
1303 AC_MSG_RESULT([yes])
1304 AC_DEFINE([LIBWRAP], [1],
1305 [Define if you want
1306 TCP Wrappers support])
1307 SSHDLIBS="$SSHDLIBS -lwrap"
1308 TCPW_MSG="yes"
1309 ], [
1310 AC_MSG_ERROR([*** libwrap missing])
1312 ])
1313 LIBS="$saved_LIBS"
1314 fi
1315 ]
1316 )
1318 # Check whether user wants libedit support
1319 LIBEDIT_MSG="no"
1320 AC_ARG_WITH([libedit],
1321 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1322 [ if test "x$withval" != "xno" ; then
1323 if test "x$withval" = "xyes" ; then
1324 AC_PATH_PROG([PKGCONFIG], [pkg-config], [no])
1325 if test "x$PKGCONFIG" != "xno"; then
1326 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
1327 if "$PKGCONFIG" libedit; then
1328 AC_MSG_RESULT([yes])
1329 use_pkgconfig_for_libedit=yes
1330 else
1331 AC_MSG_RESULT([no])
1332 fi
1333 fi
1334 else
1335 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1336 if test -n "${need_dash_r}"; then
1337 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1338 else
1339 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1340 fi
1341 fi
1342 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1343 LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
1344 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1345 else
1346 LIBEDIT="-ledit -lcurses"
1347 fi
1348 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1349 AC_CHECK_LIB([edit], [el_init],
1350 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
1351 LIBEDIT_MSG="yes"
1352 AC_SUBST([LIBEDIT])
1353 ],
1354 [ AC_MSG_ERROR([libedit not found]) ],
1355 [ $OTHERLIBS ]
1356 )
1357 AC_MSG_CHECKING([if libedit version is compatible])
1358 AC_COMPILE_IFELSE(
1359 [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
1360 [[
1361 int i = H_SETSIZE;
1362 el_init("", NULL, NULL, NULL);
1363 exit(0);
1364 ]])],
1365 [ AC_MSG_RESULT([yes]) ],
1366 [ AC_MSG_RESULT([no])
1367 AC_MSG_ERROR([libedit version is not compatible]) ]
1368 )
1369 fi ]
1370 )
1372 AUDIT_MODULE=none
1373 AC_ARG_WITH([audit],
1374 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1375 [
1376 AC_MSG_CHECKING([for supported audit module])
1377 case "$withval" in
1378 bsm)
1379 AC_MSG_RESULT([bsm])
1380 AUDIT_MODULE=bsm
1381 dnl Checks for headers, libs and functions
1382 AC_CHECK_HEADERS([bsm/audit.h], [],
1383 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
1384 [
1385 #ifdef HAVE_TIME_H
1386 # include <time.h>
1387 #endif
1388 ]
1389 )
1390 AC_CHECK_LIB([bsm], [getaudit], [],
1391 [AC_MSG_ERROR([BSM enabled and required library not found])])
1392 AC_CHECK_FUNCS([getaudit], [],
1393 [AC_MSG_ERROR([BSM enabled and required function not found])])
1394 # These are optional
1395 AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
1396 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
1397 ;;
1398 linux)
1399 AC_MSG_RESULT([linux])
1400 AUDIT_MODULE=linux
1401 dnl Checks for headers, libs and functions
1402 AC_CHECK_HEADERS([libaudit.h])
1403 SSHDLIBS="$SSHDLIBS -laudit"
1404 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
1405 ;;
1406 debug)
1407 AUDIT_MODULE=debug
1408 AC_MSG_RESULT([debug])
1409 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
1410 ;;
1411 no)
1412 AC_MSG_RESULT([no])
1413 ;;
1414 *)
1415 AC_MSG_ERROR([Unknown audit module $withval])
1416 ;;
1417 esac ]
1418 )
1420 dnl Checks for library functions. Please keep in alphabetical order
1421 AC_CHECK_FUNCS([ \
1422 arc4random \
1423 arc4random_buf \
1424 arc4random_uniform \
1425 asprintf \
1426 b64_ntop \
1427 __b64_ntop \
1428 b64_pton \
1429 __b64_pton \
1430 bcopy \
1431 bindresvport_sa \
1432 clock \
1433 closefrom \
1434 dirfd \
1435 fchmod \
1436 fchown \
1437 freeaddrinfo \
1438 fstatvfs \
1439 futimes \
1440 getaddrinfo \
1441 getcwd \
1442 getgrouplist \
1443 getnameinfo \
1444 getopt \
1445 getpeereid \
1446 getpeerucred \
1447 _getpty \
1448 getrlimit \
1449 getttyent \
1450 glob \
1451 group_from_gid \
1452 inet_aton \
1453 inet_ntoa \
1454 inet_ntop \
1455 innetgr \
1456 login_getcapbool \
1457 md5_crypt \
1458 memmove \
1459 mkdtemp \
1460 mmap \
1461 ngetaddrinfo \
1462 nsleep \
1463 ogetaddrinfo \
1464 openlog_r \
1465 openpty \
1466 poll \
1467 prctl \
1468 pstat \
1469 readpassphrase \
1470 realpath \
1471 recvmsg \
1472 rresvport_af \
1473 sendmsg \
1474 setdtablesize \
1475 setegid \
1476 setenv \
1477 seteuid \
1478 setgroupent \
1479 setgroups \
1480 setlogin \
1481 setpassent\
1482 setpcred \
1483 setproctitle \
1484 setregid \
1485 setreuid \
1486 setrlimit \
1487 setsid \
1488 setvbuf \
1489 sigaction \
1490 sigvec \
1491 snprintf \
1492 socketpair \
1493 statfs \
1494 statvfs \
1495 strdup \
1496 strerror \
1497 strlcat \
1498 strlcpy \
1499 strmode \
1500 strnvis \
1501 strptime \
1502 strtonum \
1503 strtoll \
1504 strtoul \
1505 swap32 \
1506 sysconf \
1507 tcgetpgrp \
1508 timingsafe_bcmp \
1509 truncate \
1510 unsetenv \
1511 updwtmpx \
1512 user_from_uid \
1513 vasprintf \
1514 vhangup \
1515 vsnprintf \
1516 waitpid \
1517 ])
1519 AC_LINK_IFELSE(
1520 [AC_LANG_PROGRAM(
1521 [[ #include <ctype.h> ]],
1522 [[ return (isblank('a')); ]])],
1523 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
1524 ])
1526 # PKCS#11 support requires dlopen() and co
1527 AC_SEARCH_LIBS([dlopen], [dl],
1528 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
1529 )
1531 # IRIX has a const char return value for gai_strerror()
1532 AC_CHECK_FUNCS([gai_strerror], [
1533 AC_DEFINE([HAVE_GAI_STRERROR])
1534 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1535 #include <sys/types.h>
1536 #include <sys/socket.h>
1537 #include <netdb.h>
1539 const char *gai_strerror(int);
1540 ]], [[
1541 char *str;
1542 str = gai_strerror(0);
1543 ]])], [
1544 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
1545 [Define if gai_strerror() returns const char *])], [])])
1547 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
1548 [Some systems put nanosleep outside of libc])])
1550 dnl Make sure prototypes are defined for these before using them.
1551 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
1552 AC_CHECK_DECL([strsep],
1553 [AC_CHECK_FUNCS([strsep])],
1554 [],
1555 [
1556 #ifdef HAVE_STRING_H
1557 # include <string.h>
1558 #endif
1559 ])
1561 dnl tcsendbreak might be a macro
1562 AC_CHECK_DECL([tcsendbreak],
1563 [AC_DEFINE([HAVE_TCSENDBREAK])],
1564 [AC_CHECK_FUNCS([tcsendbreak])],
1565 [#include <termios.h>]
1566 )
1568 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
1570 AC_CHECK_DECLS([SHUT_RD], , ,
1571 [
1572 #include <sys/types.h>
1573 #include <sys/socket.h>
1574 ])
1576 AC_CHECK_DECLS([O_NONBLOCK], , ,
1577 [
1578 #include <sys/types.h>
1579 #ifdef HAVE_SYS_STAT_H
1580 # include <sys/stat.h>
1581 #endif
1582 #ifdef HAVE_FCNTL_H
1583 # include <fcntl.h>
1584 #endif
1585 ])
1587 AC_CHECK_DECLS([writev], , , [
1588 #include <sys/types.h>
1589 #include <sys/uio.h>
1590 #include <unistd.h>
1591 ])
1593 AC_CHECK_DECLS([MAXSYMLINKS], , , [
1594 #include <sys/param.h>
1595 ])
1597 AC_CHECK_DECLS([offsetof], , , [
1598 #include <stddef.h>
1599 ])
1601 AC_CHECK_FUNCS([setresuid], [
1602 dnl Some platorms have setresuid that isn't implemented, test for this
1603 AC_MSG_CHECKING([if setresuid seems to work])
1604 AC_RUN_IFELSE(
1605 [AC_LANG_PROGRAM([[
1606 #include <stdlib.h>
1607 #include <errno.h>
1608 ]], [[
1609 errno=0;
1610 setresuid(0,0,0);
1611 if (errno==ENOSYS)
1612 exit(1);
1613 else
1614 exit(0);
1615 ]])],
1616 [AC_MSG_RESULT([yes])],
1617 [AC_DEFINE([BROKEN_SETRESUID], [1],
1618 [Define if your setresuid() is broken])
1619 AC_MSG_RESULT([not implemented])],
1620 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1621 )
1622 ])
1624 AC_CHECK_FUNCS([setresgid], [
1625 dnl Some platorms have setresgid that isn't implemented, test for this
1626 AC_MSG_CHECKING([if setresgid seems to work])
1627 AC_RUN_IFELSE(
1628 [AC_LANG_PROGRAM([[
1629 #include <stdlib.h>
1630 #include <errno.h>
1631 ]], [[
1632 errno=0;
1633 setresgid(0,0,0);
1634 if (errno==ENOSYS)
1635 exit(1);
1636 else
1637 exit(0);
1638 ]])],
1639 [AC_MSG_RESULT([yes])],
1640 [AC_DEFINE([BROKEN_SETRESGID], [1],
1641 [Define if your setresgid() is broken])
1642 AC_MSG_RESULT([not implemented])],
1643 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1644 )
1645 ])
1647 dnl Checks for time functions
1648 AC_CHECK_FUNCS([gettimeofday time])
1649 dnl Checks for utmp functions
1650 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
1651 AC_CHECK_FUNCS([utmpname])
1652 dnl Checks for utmpx functions
1653 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
1654 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
1655 dnl Checks for lastlog functions
1656 AC_CHECK_FUNCS([getlastlogxbyname])
1658 AC_CHECK_FUNC([daemon],
1659 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
1660 [AC_CHECK_LIB([bsd], [daemon],
1661 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
1662 )
1664 AC_CHECK_FUNC([getpagesize],
1665 [AC_DEFINE([HAVE_GETPAGESIZE], [1],
1666 [Define if your libraries define getpagesize()])],
1667 [AC_CHECK_LIB([ucb], [getpagesize],
1668 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
1669 )
1671 # Check for broken snprintf
1672 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1673 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1674 AC_RUN_IFELSE(
1675 [AC_LANG_PROGRAM([[ #include <stdio.h> ]],
1676 [[
1677 char b[5];
1678 snprintf(b,5,"123456789");
1679 exit(b[4]!='\0');
1680 ]])],
1681 [AC_MSG_RESULT([yes])],
1682 [
1683 AC_MSG_RESULT([no])
1684 AC_DEFINE([BROKEN_SNPRINTF], [1],
1685 [Define if your snprintf is busted])
1686 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1687 ],
1688 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1689 )
1690 fi
1692 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1693 # returning the right thing on overflow: the number of characters it tried to
1694 # create (as per SUSv3)
1695 if test "x$ac_cv_func_asprintf" != "xyes" && \
1696 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1697 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1698 AC_RUN_IFELSE(
1699 [AC_LANG_PROGRAM([[
1700 #include <sys/types.h>
1701 #include <stdio.h>
1702 #include <stdarg.h>
1704 int x_snprintf(char *str,size_t count,const char *fmt,...)
1705 {
1706 size_t ret; va_list ap;
1707 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1708 return ret;
1709 }
1710 ]], [[
1711 char x[1];
1712 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1713 ]])],
1714 [AC_MSG_RESULT([yes])],
1715 [
1716 AC_MSG_RESULT([no])
1717 AC_DEFINE([BROKEN_SNPRINTF], [1],
1718 [Define if your snprintf is busted])
1719 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1720 ],
1721 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1722 )
1723 fi
1725 # On systems where [v]snprintf is broken, but is declared in stdio,
1726 # check that the fmt argument is const char * or just char *.
1727 # This is only useful for when BROKEN_SNPRINTF
1728 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1729 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1730 #include <stdio.h>
1731 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1732 ]], [[
1733 snprintf(0, 0, 0);
1734 ]])],
1735 [AC_MSG_RESULT([yes])
1736 AC_DEFINE([SNPRINTF_CONST], [const],
1737 [Define as const if snprintf() can declare const char *fmt])],
1738 [AC_MSG_RESULT([no])
1739 AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
1741 # Check for missing getpeereid (or equiv) support
1742 NO_PEERCHECK=""
1743 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1744 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1745 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1746 #include <sys/types.h>
1747 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
1748 [ AC_MSG_RESULT([yes])
1749 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
1750 ], [AC_MSG_RESULT([no])
1751 NO_PEERCHECK=1
1752 ])
1753 fi
1755 dnl see whether mkstemp() requires XXXXXX
1756 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1757 AC_MSG_CHECKING([for (overly) strict mkstemp])
1758 AC_RUN_IFELSE(
1759 [AC_LANG_PROGRAM([[
1760 #include <stdlib.h>
1761 ]], [[
1762 char template[]="conftest.mkstemp-test";
1763 if (mkstemp(template) == -1)
1764 exit(1);
1765 unlink(template);
1766 exit(0);
1767 ]])],
1768 [
1769 AC_MSG_RESULT([no])
1770 ],
1771 [
1772 AC_MSG_RESULT([yes])
1773 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
1774 ],
1775 [
1776 AC_MSG_RESULT([yes])
1777 AC_DEFINE([HAVE_STRICT_MKSTEMP])
1778 ]
1779 )
1780 fi
1782 dnl make sure that openpty does not reacquire controlling terminal
1783 if test ! -z "$check_for_openpty_ctty_bug"; then
1784 AC_MSG_CHECKING([if openpty correctly handles controlling tty])
1785 AC_RUN_IFELSE(
1786 [AC_LANG_PROGRAM([[
1787 #include <stdio.h>
1788 #include <sys/fcntl.h>
1789 #include <sys/types.h>
1790 #include <sys/wait.h>
1791 ]], [[
1792 pid_t pid;
1793 int fd, ptyfd, ttyfd, status;
1795 pid = fork();
1796 if (pid < 0) { /* failed */
1797 exit(1);
1798 } else if (pid > 0) { /* parent */
1799 waitpid(pid, &status, 0);
1800 if (WIFEXITED(status))
1801 exit(WEXITSTATUS(status));
1802 else
1803 exit(2);
1804 } else { /* child */
1805 close(0); close(1); close(2);
1806 setsid();
1807 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1808 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1809 if (fd >= 0)
1810 exit(3); /* Acquired ctty: broken */
1811 else
1812 exit(0); /* Did not acquire ctty: OK */
1813 }
1814 ]])],
1815 [
1816 AC_MSG_RESULT([yes])
1817 ],
1818 [
1819 AC_MSG_RESULT([no])
1820 AC_DEFINE([SSHD_ACQUIRES_CTTY])
1821 ],
1822 [
1823 AC_MSG_RESULT([cross-compiling, assuming yes])
1824 ]
1825 )
1826 fi
1828 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1829 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1830 AC_MSG_CHECKING([if getaddrinfo seems to work])
1831 AC_RUN_IFELSE(
1832 [AC_LANG_PROGRAM([[
1833 #include <stdio.h>
1834 #include <sys/socket.h>
1835 #include <netdb.h>
1836 #include <errno.h>
1837 #include <netinet/in.h>
1839 #define TEST_PORT "2222"
1840 ]], [[
1841 int err, sock;
1842 struct addrinfo *gai_ai, *ai, hints;
1843 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1845 memset(&hints, 0, sizeof(hints));
1846 hints.ai_family = PF_UNSPEC;
1847 hints.ai_socktype = SOCK_STREAM;
1848 hints.ai_flags = AI_PASSIVE;
1850 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1851 if (err != 0) {
1852 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1853 exit(1);
1854 }
1856 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1857 if (ai->ai_family != AF_INET6)
1858 continue;
1860 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1861 sizeof(ntop), strport, sizeof(strport),
1862 NI_NUMERICHOST|NI_NUMERICSERV);
1864 if (err != 0) {
1865 if (err == EAI_SYSTEM)
1866 perror("getnameinfo EAI_SYSTEM");
1867 else
1868 fprintf(stderr, "getnameinfo failed: %s\n",
1869 gai_strerror(err));
1870 exit(2);
1871 }
1873 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1874 if (sock < 0)
1875 perror("socket");
1876 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1877 if (errno == EBADF)
1878 exit(3);
1879 }
1880 }
1881 exit(0);
1882 ]])],
1883 [
1884 AC_MSG_RESULT([yes])
1885 ],
1886 [
1887 AC_MSG_RESULT([no])
1888 AC_DEFINE([BROKEN_GETADDRINFO])
1889 ],
1890 [
1891 AC_MSG_RESULT([cross-compiling, assuming yes])
1892 ]
1893 )
1894 fi
1896 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1897 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1898 AC_MSG_CHECKING([if getaddrinfo seems to work])
1899 AC_RUN_IFELSE(
1900 [AC_LANG_PROGRAM([[
1901 #include <stdio.h>
1902 #include <sys/socket.h>
1903 #include <netdb.h>
1904 #include <errno.h>
1905 #include <netinet/in.h>
1907 #define TEST_PORT "2222"
1908 ]], [[
1909 int err, sock;
1910 struct addrinfo *gai_ai, *ai, hints;
1911 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1913 memset(&hints, 0, sizeof(hints));
1914 hints.ai_family = PF_UNSPEC;
1915 hints.ai_socktype = SOCK_STREAM;
1916 hints.ai_flags = AI_PASSIVE;
1918 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1919 if (err != 0) {
1920 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1921 exit(1);
1922 }
1924 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1925 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1926 continue;
1928 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1929 sizeof(ntop), strport, sizeof(strport),
1930 NI_NUMERICHOST|NI_NUMERICSERV);
1932 if (ai->ai_family == AF_INET && err != 0) {
1933 perror("getnameinfo");
1934 exit(2);
1935 }
1936 }
1937 exit(0);
1938 ]])],
1939 [
1940 AC_MSG_RESULT([yes])
1941 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
1942 [Define if you have a getaddrinfo that fails
1943 for the all-zeros IPv6 address])
1944 ],
1945 [
1946 AC_MSG_RESULT([no])
1947 AC_DEFINE([BROKEN_GETADDRINFO])
1948 ],
1949 [
1950 AC_MSG_RESULT([cross-compiling, assuming no])
1951 ]
1952 )
1953 fi
1955 if test "x$check_for_conflicting_getspnam" = "x1"; then
1956 AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
1957 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
1958 [[ exit(0); ]])],
1959 [
1960 AC_MSG_RESULT([no])
1961 ],
1962 [
1963 AC_MSG_RESULT([yes])
1964 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
1965 [Conflicting defs for getspnam])
1966 ]
1967 )
1968 fi
1970 AC_FUNC_GETPGRP
1972 # Search for OpenSSL
1973 saved_CPPFLAGS="$CPPFLAGS"
1974 saved_LDFLAGS="$LDFLAGS"
1975 AC_ARG_WITH([ssl-dir],
1976 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1977 [
1978 if test "x$withval" != "xno" ; then
1979 case "$withval" in
1980 # Relative paths
1981 ./*|../*) withval="`pwd`/$withval"
1982 esac
1983 if test -d "$withval/lib"; then
1984 if test -n "${need_dash_r}"; then
1985 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1986 else
1987 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1988 fi
1989 elif test -d "$withval/lib64"; then
1990 if test -n "${need_dash_r}"; then
1991 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
1992 else
1993 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
1994 fi
1995 else
1996 if test -n "${need_dash_r}"; then
1997 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1998 else
1999 LDFLAGS="-L${withval} ${LDFLAGS}"
2000 fi
2001 fi
2002 if test -d "$withval/include"; then
2003 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2004 else
2005 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2006 fi
2007 fi
2008 ]
2009 )
2010 LIBS="-lcrypto $LIBS"
2011 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
2012 [Define if your ssl headers are included
2013 with #include <openssl/header.h>])],
2014 [
2015 dnl Check default openssl install dir
2016 if test -n "${need_dash_r}"; then
2017 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2018 else
2019 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2020 fi
2021 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2022 AC_CHECK_HEADER([openssl/opensslv.h], ,
2023 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
2024 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
2025 [
2026 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2027 ]
2028 )
2029 ]
2030 )
2032 # Determine OpenSSL header version
2033 AC_MSG_CHECKING([OpenSSL header version])
2034 AC_RUN_IFELSE(
2035 [AC_LANG_PROGRAM([[
2036 #include <stdio.h>
2037 #include <string.h>
2038 #include <openssl/opensslv.h>
2039 #define DATA "conftest.sslincver"
2040 ]], [[
2041 FILE *fd;
2042 int rc;
2044 fd = fopen(DATA,"w");
2045 if(fd == NULL)
2046 exit(1);
2048 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2049 exit(1);
2051 exit(0);
2052 ]])],
2053 [
2054 ssl_header_ver=`cat conftest.sslincver`
2055 AC_MSG_RESULT([$ssl_header_ver])
2056 ],
2057 [
2058 AC_MSG_RESULT([not found])
2059 AC_MSG_ERROR([OpenSSL version header not found.])
2060 ],
2061 [
2062 AC_MSG_WARN([cross compiling: not checking])
2063 ]
2064 )
2066 # Determine OpenSSL library version
2067 AC_MSG_CHECKING([OpenSSL library version])
2068 AC_RUN_IFELSE(
2069 [AC_LANG_PROGRAM([[
2070 #include <stdio.h>
2071 #include <string.h>
2072 #include <openssl/opensslv.h>
2073 #include <openssl/crypto.h>
2074 #define DATA "conftest.ssllibver"
2075 ]], [[
2076 FILE *fd;
2077 int rc;
2079 fd = fopen(DATA,"w");
2080 if(fd == NULL)
2081 exit(1);
2083 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2084 exit(1);
2086 exit(0);
2087 ]])],
2088 [
2089 ssl_library_ver=`cat conftest.ssllibver`
2090 AC_MSG_RESULT([$ssl_library_ver])
2091 ],
2092 [
2093 AC_MSG_RESULT([not found])
2094 AC_MSG_ERROR([OpenSSL library not found.])
2095 ],
2096 [
2097 AC_MSG_WARN([cross compiling: not checking])
2098 ]
2099 )
2101 AC_ARG_WITH([openssl-header-check],
2102 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2103 [ if test "x$withval" = "xno" ; then
2104 openssl_check_nonfatal=1
2105 fi
2106 ]
2107 )
2109 # Sanity check OpenSSL headers
2110 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2111 AC_RUN_IFELSE(
2112 [AC_LANG_PROGRAM([[
2113 #include <string.h>
2114 #include <openssl/opensslv.h>
2115 ]], [[
2116 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
2117 ]])],
2118 [
2119 AC_MSG_RESULT([yes])
2120 ],
2121 [
2122 AC_MSG_RESULT([no])
2123 if test "x$openssl_check_nonfatal" = "x"; then
2124 AC_MSG_ERROR([Your OpenSSL headers do not match your
2125 library. Check config.log for details.
2126 If you are sure your installation is consistent, you can disable the check
2127 by running "./configure --without-openssl-header-check".
2128 Also see contrib/findssl.sh for help identifying header/library mismatches.
2129 ])
2130 else
2131 AC_MSG_WARN([Your OpenSSL headers do not match your
2132 library. Check config.log for details.
2133 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2134 fi
2135 ],
2136 [
2137 AC_MSG_WARN([cross compiling: not checking])
2138 ]
2139 )
2141 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2142 AC_LINK_IFELSE(
2143 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2144 [[ SSLeay_add_all_algorithms(); ]])],
2145 [
2146 AC_MSG_RESULT([yes])
2147 ],
2148 [
2149 AC_MSG_RESULT([no])
2150 saved_LIBS="$LIBS"
2151 LIBS="$LIBS -ldl"
2152 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2153 AC_LINK_IFELSE(
2154 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
2155 [[ SSLeay_add_all_algorithms(); ]])],
2156 [
2157 AC_MSG_RESULT([yes])
2158 ],
2159 [
2160 AC_MSG_RESULT([no])
2161 LIBS="$saved_LIBS"
2162 ]
2163 )
2164 ]
2165 )
2167 AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method])
2169 AC_ARG_WITH([ssl-engine],
2170 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2171 [ if test "x$withval" != "xno" ; then
2172 AC_MSG_CHECKING([for OpenSSL ENGINE support])
2173 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2174 #include <openssl/engine.h>
2175 ]], [[
2176 ENGINE_load_builtin_engines();
2177 ENGINE_register_all_complete();
2178 ]])],
2179 [ AC_MSG_RESULT([yes])
2180 AC_DEFINE([USE_OPENSSL_ENGINE], [1],
2181 [Enable OpenSSL engine support])
2182 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
2183 ])
2184 fi ]
2185 )
2187 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2188 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2189 AC_LINK_IFELSE(
2190 [AC_LANG_PROGRAM([[
2191 #include <string.h>
2192 #include <openssl/evp.h>
2193 ]], [[
2194 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
2195 ]])],
2196 [
2197 AC_MSG_RESULT([no])
2198 ],
2199 [
2200 AC_MSG_RESULT([yes])
2201 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
2202 [libcrypto is missing AES 192 and 256 bit functions])
2203 ]
2204 )
2206 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2207 AC_LINK_IFELSE(
2208 [AC_LANG_PROGRAM([[
2209 #include <string.h>
2210 #include <openssl/evp.h>
2211 ]], [[
2212 if(EVP_DigestUpdate(NULL, NULL,0))
2213 exit(0);
2214 ]])],
2215 [
2216 AC_MSG_RESULT([yes])
2217 ],
2218 [
2219 AC_MSG_RESULT([no])
2220 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
2221 [Define if EVP_DigestUpdate returns void])
2222 ]
2223 )
2225 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2226 # because the system crypt() is more featureful.
2227 if test "x$check_for_libcrypt_before" = "x1"; then
2228 AC_CHECK_LIB([crypt], [crypt])
2229 fi
2231 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2232 # version in OpenSSL.
2233 if test "x$check_for_libcrypt_later" = "x1"; then
2234 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
2235 fi
2237 # Search for SHA256 support in libc and/or OpenSSL
2238 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], [TEST_SSH_SHA256=yes],
2239 [TEST_SSH_SHA256=no])
2240 AC_SUBST([TEST_SSH_SHA256])
2242 # Check complete ECC support in OpenSSL
2243 AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
2244 AC_LINK_IFELSE(
2245 [AC_LANG_PROGRAM([[
2246 #include <openssl/ec.h>
2247 #include <openssl/ecdh.h>
2248 #include <openssl/ecdsa.h>
2249 #include <openssl/evp.h>
2250 #include <openssl/objects.h>
2251 #include <openssl/opensslv.h>
2252 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
2253 # error "OpenSSL < 0.9.8g has unreliable ECC code"
2254 #endif
2255 ]], [[
2256 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2257 const EVP_MD *m = EVP_sha512(); /* We need this too */
2258 ]])],
2259 [
2260 AC_MSG_RESULT([yes])
2261 AC_DEFINE([OPENSSL_HAS_ECC], [1],
2262 [libcrypto includes complete ECC support])
2263 TEST_SSH_ECC=yes
2264 COMMENT_OUT_ECC=""
2265 ],
2266 [
2267 AC_MSG_RESULT([no])
2268 TEST_SSH_ECC=no
2269 COMMENT_OUT_ECC="#no ecc#"
2270 ]
2271 )
2272 AC_SUBST([TEST_SSH_ECC])
2273 AC_SUBST([COMMENT_OUT_ECC])
2275 saved_LIBS="$LIBS"
2276 AC_CHECK_LIB([iaf], [ia_openinfo], [
2277 LIBS="$LIBS -liaf"
2278 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
2279 AC_DEFINE([HAVE_LIBIAF], [1],
2280 [Define if system has libiaf that supports set_id])
2281 ])
2282 ])
2283 LIBS="$saved_LIBS"
2285 ### Configure cryptographic random number support
2287 # Check wheter OpenSSL seeds itself
2288 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2289 AC_RUN_IFELSE(
2290 [AC_LANG_PROGRAM([[
2291 #include <string.h>
2292 #include <openssl/rand.h>
2293 ]], [[
2294 exit(RAND_status() == 1 ? 0 : 1);
2295 ]])],
2296 [
2297 OPENSSL_SEEDS_ITSELF=yes
2298 AC_MSG_RESULT([yes])
2299 ],
2300 [
2301 AC_MSG_RESULT([no])
2302 # Default to use of the rand helper if OpenSSL doesn't
2303 # seed itself
2304 USE_RAND_HELPER=yes
2305 ],
2306 [
2307 AC_MSG_WARN([cross compiling: assuming yes])
2308 # This is safe, since all recent OpenSSL versions will
2309 # complain at runtime if not seeded correctly.
2310 OPENSSL_SEEDS_ITSELF=yes
2311 ]
2312 )
2314 # Check for PAM libs
2315 PAM_MSG="no"
2316 AC_ARG_WITH([pam],
2317 [ --with-pam Enable PAM support ],
2318 [
2319 if test "x$withval" != "xno" ; then
2320 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2321 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2322 AC_MSG_ERROR([PAM headers not found])
2323 fi
2325 saved_LIBS="$LIBS"
2326 AC_CHECK_LIB([dl], [dlopen], , )
2327 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
2328 AC_CHECK_FUNCS([pam_getenvlist])
2329 AC_CHECK_FUNCS([pam_putenv])
2330 LIBS="$saved_LIBS"
2332 PAM_MSG="yes"
2334 SSHDLIBS="$SSHDLIBS -lpam"
2335 AC_DEFINE([USE_PAM], [1],
2336 [Define if you want to enable PAM support])
2338 if test $ac_cv_lib_dl_dlopen = yes; then
2339 case "$LIBS" in
2340 *-ldl*)
2341 # libdl already in LIBS
2342 ;;
2343 *)
2344 SSHDLIBS="$SSHDLIBS -ldl"
2345 ;;
2346 esac
2347 fi
2348 fi
2349 ]
2350 )
2352 # Check for older PAM
2353 if test "x$PAM_MSG" = "xyes" ; then
2354 # Check PAM strerror arguments (old PAM)
2355 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2356 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2357 #include <stdlib.h>
2358 #if defined(HAVE_SECURITY_PAM_APPL_H)
2359 #include <security/pam_appl.h>
2360 #elif defined (HAVE_PAM_PAM_APPL_H)
2361 #include <pam/pam_appl.h>
2362 #endif
2363 ]], [[
2364 (void)pam_strerror((pam_handle_t *)NULL, -1);
2365 ]])], [AC_MSG_RESULT([no])], [
2366 AC_DEFINE([HAVE_OLD_PAM], [1],
2367 [Define if you have an old version of PAM
2368 which takes only one argument to pam_strerror])
2369 AC_MSG_RESULT([yes])
2370 PAM_MSG="yes (old library)"
2372 ])
2373 fi
2375 # Do we want to force the use of the rand helper?
2376 AC_ARG_WITH([rand-helper],
2377 [ --with-rand-helper Use subprocess to gather strong randomness ],
2378 [
2379 if test "x$withval" = "xno" ; then
2380 # Force use of OpenSSL's internal RNG, even if
2381 # the previous test showed it to be unseeded.
2382 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2383 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2384 OPENSSL_SEEDS_ITSELF=yes
2385 USE_RAND_HELPER=""
2386 fi
2387 else
2388 USE_RAND_HELPER=yes
2389 fi
2390 ],
2391 )
2393 # Which randomness source do we use?
2394 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2395 # OpenSSL only
2396 AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
2397 [Define if you want OpenSSL's internally seeded PRNG only])
2398 RAND_MSG="OpenSSL internal ONLY"
2399 INSTALL_SSH_RAND_HELPER=""
2400 elif test ! -z "$USE_RAND_HELPER" ; then
2401 # install rand helper
2402 RAND_MSG="ssh-rand-helper"
2403 INSTALL_SSH_RAND_HELPER="yes"
2404 fi
2405 AC_SUBST([INSTALL_SSH_RAND_HELPER])
2407 ### Configuration of ssh-rand-helper
2409 # PRNGD TCP socket
2410 AC_ARG_WITH([prngd-port],
2411 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2412 [
2413 case "$withval" in
2414 no)
2415 withval=""
2416 ;;
2417 [[0-9]]*)
2418 ;;
2419 *)
2420 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
2421 ;;
2422 esac
2423 if test ! -z "$withval" ; then
2424 PRNGD_PORT="$withval"
2425 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
2426 [Port number of PRNGD/EGD random number socket])
2427 fi
2428 ]
2429 )
2431 # PRNGD Unix domain socket
2432 AC_ARG_WITH([prngd-socket],
2433 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2434 [
2435 case "$withval" in
2436 yes)
2437 withval="/var/run/egd-pool"
2438 ;;
2439 no)
2440 withval=""
2441 ;;
2442 /*)
2443 ;;
2444 *)
2445 AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
2446 ;;
2447 esac
2449 if test ! -z "$withval" ; then
2450 if test ! -z "$PRNGD_PORT" ; then
2451 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
2452 fi
2453 if test ! -r "$withval" ; then
2454 AC_MSG_WARN([Entropy socket is not readable])
2455 fi
2456 PRNGD_SOCKET="$withval"
2457 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
2458 [Location of PRNGD/EGD random number socket])
2459 fi
2460 ],
2461 [
2462 # Check for existing socket only if we don't have a random device already
2463 if test "$USE_RAND_HELPER" = yes ; then
2464 AC_MSG_CHECKING([for PRNGD/EGD socket])
2465 # Insert other locations here
2466 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2467 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2468 PRNGD_SOCKET="$sock"
2469 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
2470 break;
2471 fi
2472 done
2473 if test ! -z "$PRNGD_SOCKET" ; then
2474 AC_MSG_RESULT([$PRNGD_SOCKET])
2475 else
2476 AC_MSG_RESULT([not found])
2477 fi
2478 fi
2479 ]
2480 )
2482 # Change default command timeout for hashing entropy source
2483 entropy_timeout=200
2484 AC_ARG_WITH([entropy-timeout],
2485 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2486 [
2487 if test -n "$withval" && test "x$withval" != "xno" && \
2488 test "x${withval}" != "xyes"; then
2489 entropy_timeout=$withval
2490 fi
2491 ]
2492 )
2493 AC_DEFINE_UNQUOTED([ENTROPY_TIMEOUT_MSEC], [$entropy_timeout],
2494 [Builtin PRNG command timeout])
2496 SSH_PRIVSEP_USER=sshd
2497 AC_ARG_WITH([privsep-user],
2498 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2499 [
2500 if test -n "$withval" && test "x$withval" != "xno" && \
2501 test "x${withval}" != "xyes"; then
2502 SSH_PRIVSEP_USER=$withval
2503 fi
2504 ]
2505 )
2506 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
2507 [non-privileged user for privilege separation])
2508 AC_SUBST([SSH_PRIVSEP_USER])
2510 # We do this little dance with the search path to insure
2511 # that programs that we select for use by installed programs
2512 # (which may be run by the super-user) come from trusted
2513 # locations before they come from the user's private area.
2514 # This should help avoid accidentally configuring some
2515 # random version of a program in someone's personal bin.
2517 OPATH=$PATH
2518 PATH=/bin:/usr/bin
2519 test -h /bin 2> /dev/null && PATH=/usr/bin
2520 test -d /sbin && PATH=$PATH:/sbin
2521 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2522 PATH=$PATH:/etc:$OPATH
2524 # These programs are used by the command hashing source to gather entropy
2525 OSSH_PATH_ENTROPY_PROG([PROG_LS], [ls])
2526 OSSH_PATH_ENTROPY_PROG([PROG_NETSTAT], [netstat])
2527 OSSH_PATH_ENTROPY_PROG([PROG_ARP], [arp])
2528 OSSH_PATH_ENTROPY_PROG([PROG_IFCONFIG], [ifconfig])
2529 OSSH_PATH_ENTROPY_PROG([PROG_JSTAT], [jstat])
2530 OSSH_PATH_ENTROPY_PROG([PROG_PS], [ps])
2531 OSSH_PATH_ENTROPY_PROG([PROG_SAR], [sar])
2532 OSSH_PATH_ENTROPY_PROG([PROG_W], [w])
2533 OSSH_PATH_ENTROPY_PROG([PROG_WHO], [who])
2534 OSSH_PATH_ENTROPY_PROG([PROG_LAST], [last])
2535 OSSH_PATH_ENTROPY_PROG([PROG_LASTLOG], [lastlog])
2536 OSSH_PATH_ENTROPY_PROG([PROG_DF], [df])
2537 OSSH_PATH_ENTROPY_PROG([PROG_VMSTAT], [vmstat])
2538 OSSH_PATH_ENTROPY_PROG([PROG_UPTIME], [uptime])
2539 OSSH_PATH_ENTROPY_PROG([PROG_IPCS], [ipcs])
2540 OSSH_PATH_ENTROPY_PROG([PROG_TAIL], [tail])
2541 # restore PATH
2542 PATH=$OPATH
2544 # Where does ssh-rand-helper get its randomness from?
2545 INSTALL_SSH_PRNG_CMDS=""
2546 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2547 if test ! -z "$PRNGD_PORT" ; then
2548 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2549 elif test ! -z "$PRNGD_SOCKET" ; then
2550 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2551 else
2552 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2553 RAND_HELPER_CMDHASH=yes
2554 INSTALL_SSH_PRNG_CMDS="yes"
2555 fi
2556 fi
2557 AC_SUBST([INSTALL_SSH_PRNG_CMDS])
2560 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2561 if test ! -z "$SONY" ; then
2562 LIBS="$LIBS -liberty";
2563 fi
2565 # Check for long long datatypes
2566 AC_CHECK_TYPES([long long, unsigned long long, long double])
2568 # Check datatype sizes
2569 AC_CHECK_SIZEOF([char], [1])
2570 AC_CHECK_SIZEOF([short int], [2])
2571 AC_CHECK_SIZEOF([int], [4])
2572 AC_CHECK_SIZEOF([long int], [4])
2573 AC_CHECK_SIZEOF([long long int], [8])
2575 # Sanity check long long for some platforms (AIX)
2576 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2577 ac_cv_sizeof_long_long_int=0
2578 fi
2580 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2581 if test -z "$have_llong_max"; then
2582 AC_MSG_CHECKING([for max value of long long])
2583 AC_RUN_IFELSE(
2584 [AC_LANG_PROGRAM([[
2585 #include <stdio.h>
2586 /* Why is this so damn hard? */
2587 #ifdef __GNUC__
2588 # undef __GNUC__
2589 #endif
2590 #define __USE_ISOC99
2591 #include <limits.h>
2592 #define DATA "conftest.llminmax"
2593 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2595 /*
2596 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2597 * we do this the hard way.
2598 */
2599 static int
2600 fprint_ll(FILE *f, long long n)
2601 {
2602 unsigned int i;
2603 int l[sizeof(long long) * 8];
2605 if (n < 0)
2606 if (fprintf(f, "-") < 0)
2607 return -1;
2608 for (i = 0; n != 0; i++) {
2609 l[i] = my_abs(n % 10);
2610 n /= 10;
2611 }
2612 do {
2613 if (fprintf(f, "%d", l[--i]) < 0)
2614 return -1;
2615 } while (i != 0);
2616 if (fprintf(f, " ") < 0)
2617 return -1;
2618 return 0;
2619 }
2620 ]], [[
2621 FILE *f;
2622 long long i, llmin, llmax = 0;
2624 if((f = fopen(DATA,"w")) == NULL)
2625 exit(1);
2627 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2628 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2629 llmin = LLONG_MIN;
2630 llmax = LLONG_MAX;
2631 #else
2632 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2633 /* This will work on one's complement and two's complement */
2634 for (i = 1; i > llmax; i <<= 1, i++)
2635 llmax = i;
2636 llmin = llmax + 1LL; /* wrap */
2637 #endif
2639 /* Sanity check */
2640 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2641 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2642 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2643 fprintf(f, "unknown unknown\n");
2644 exit(2);
2645 }
2647 if (fprint_ll(f, llmin) < 0)
2648 exit(3);
2649 if (fprint_ll(f, llmax) < 0)
2650 exit(4);
2651 if (fclose(f) < 0)
2652 exit(5);
2653 exit(0);
2654 ]])],
2655 [
2656 llong_min=`$AWK '{print $1}' conftest.llminmax`
2657 llong_max=`$AWK '{print $2}' conftest.llminmax`
2659 AC_MSG_RESULT([$llong_max])
2660 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
2661 [max value of long long calculated by configure])
2662 AC_MSG_CHECKING([for min value of long long])
2663 AC_MSG_RESULT([$llong_min])
2664 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
2665 [min value of long long calculated by configure])
2666 ],
2667 [
2668 AC_MSG_RESULT([not found])
2669 ],
2670 [
2671 AC_MSG_WARN([cross compiling: not checking])
2672 ]
2673 )
2674 fi
2677 # More checks for data types
2678 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2679 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2680 [[ u_int a; a = 1;]])],
2681 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no"
2682 ])
2683 ])
2684 if test "x$ac_cv_have_u_int" = "xyes" ; then
2685 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
2686 have_u_int=1
2687 fi
2689 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2690 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2691 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
2692 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no"
2693 ])
2694 ])
2695 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2696 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
2697 have_intxx_t=1
2698 fi
2700 if (test -z "$have_intxx_t" && \
2701 test "x$ac_cv_header_stdint_h" = "xyes")
2702 then
2703 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2704 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
2705 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
2706 [
2707 AC_DEFINE([HAVE_INTXX_T])
2708 AC_MSG_RESULT([yes])
2709 ], [ AC_MSG_RESULT([no])
2710 ])
2711 fi
2713 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2714 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2715 #include <sys/types.h>
2716 #ifdef HAVE_STDINT_H
2717 # include <stdint.h>
2718 #endif
2719 #include <sys/socket.h>
2720 #ifdef HAVE_SYS_BITYPES_H
2721 # include <sys/bitypes.h>
2722 #endif
2723 ]], [[
2724 int64_t a; a = 1;
2725 ]])],
2726 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no"
2727 ])
2728 ])
2729 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2730 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
2731 fi
2733 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2734 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2735 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
2736 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no"
2737 ])
2738 ])
2739 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2740 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
2741 have_u_intxx_t=1
2742 fi
2744 if test -z "$have_u_intxx_t" ; then
2745 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2746 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
2747 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
2748 [
2749 AC_DEFINE([HAVE_U_INTXX_T])
2750 AC_MSG_RESULT([yes])
2751 ], [ AC_MSG_RESULT([no])
2752 ])
2753 fi
2755 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2756 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2757 [[ u_int64_t a; a = 1;]])],
2758 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no"
2759 ])
2760 ])
2761 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2762 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
2763 have_u_int64_t=1
2764 fi
2766 if test -z "$have_u_int64_t" ; then
2767 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2768 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
2769 [[ u_int64_t a; a = 1]])],
2770 [
2771 AC_DEFINE([HAVE_U_INT64_T])
2772 AC_MSG_RESULT([yes])
2773 ], [ AC_MSG_RESULT([no])
2774 ])
2775 fi
2777 if test -z "$have_u_intxx_t" ; then
2778 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2779 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2780 #include <sys/types.h>
2781 ]], [[
2782 uint8_t a;
2783 uint16_t b;
2784 uint32_t c;
2785 a = b = c = 1;
2786 ]])],
2787 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no"
2788 ])
2789 ])
2790 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2791 AC_DEFINE([HAVE_UINTXX_T], [1],
2792 [define if you have uintxx_t data type])
2793 fi
2794 fi
2796 if test -z "$have_uintxx_t" ; then
2797 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2798 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
2799 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
2800 [
2801 AC_DEFINE([HAVE_UINTXX_T])
2802 AC_MSG_RESULT([yes])
2803 ], [ AC_MSG_RESULT([no])
2804 ])
2805 fi
2807 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2808 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2809 then
2810 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2811 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2812 #include <sys/bitypes.h>
2813 ]], [[
2814 int8_t a; int16_t b; int32_t c;
2815 u_int8_t e; u_int16_t f; u_int32_t g;
2816 a = b = c = e = f = g = 1;
2817 ]])],
2818 [
2819 AC_DEFINE([HAVE_U_INTXX_T])
2820 AC_DEFINE([HAVE_INTXX_T])
2821 AC_MSG_RESULT([yes])
2822 ], [AC_MSG_RESULT([no])
2823 ])
2824 fi
2827 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2828 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2829 [[ u_char foo; foo = 125; ]])],
2830 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no"
2831 ])
2832 ])
2833 if test "x$ac_cv_have_u_char" = "xyes" ; then
2834 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
2835 fi
2837 TYPE_SOCKLEN_T
2839 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
2840 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
2841 #include <sys/types.h>
2842 #ifdef HAVE_SYS_BITYPES_H
2843 #include <sys/bitypes.h>
2844 #endif
2845 #ifdef HAVE_SYS_STATFS_H
2846 #include <sys/statfs.h>
2847 #endif
2848 #ifdef HAVE_SYS_STATVFS_H
2849 #include <sys/statvfs.h>
2850 #endif
2851 ])
2853 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
2854 [#include <sys/types.h>
2855 #include <netinet/in.h>])
2857 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2858 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2859 [[ size_t foo; foo = 1235; ]])],
2860 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no"
2861 ])
2862 ])
2863 if test "x$ac_cv_have_size_t" = "xyes" ; then
2864 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
2865 fi
2867 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2868 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2869 [[ ssize_t foo; foo = 1235; ]])],
2870 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no"
2871 ])
2872 ])
2873 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2874 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
2875 fi
2877 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2878 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
2879 [[ clock_t foo; foo = 1235; ]])],
2880 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no"
2881 ])
2882 ])
2883 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2884 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
2885 fi
2887 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2888 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2889 #include <sys/types.h>
2890 #include <sys/socket.h>
2891 ]], [[ sa_family_t foo; foo = 1235; ]])],
2892 [ ac_cv_have_sa_family_t="yes" ],
2893 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2894 #include <sys/types.h>
2895 #include <sys/socket.h>
2896 #include <netinet/in.h>
2897 ]], [[ sa_family_t foo; foo = 1235; ]])],
2898 [ ac_cv_have_sa_family_t="yes" ],
2899 [ ac_cv_have_sa_family_t="no" ]
2900 )
2901 ])
2902 ])
2903 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2904 AC_DEFINE([HAVE_SA_FAMILY_T], [1],
2905 [define if you have sa_family_t data type])
2906 fi
2908 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2909 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2910 [[ pid_t foo; foo = 1235; ]])],
2911 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no"
2912 ])
2913 ])
2914 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2915 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
2916 fi
2918 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2919 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
2920 [[ mode_t foo; foo = 1235; ]])],
2921 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no"
2922 ])
2923 ])
2924 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2925 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
2926 fi
2929 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2930 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2931 #include <sys/types.h>
2932 #include <sys/socket.h>
2933 ]], [[ struct sockaddr_storage s; ]])],
2934 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2935 [ ac_cv_have_struct_sockaddr_storage="no"
2936 ])
2937 ])
2938 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2939 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
2940 [define if you have struct sockaddr_storage data type])
2941 fi
2943 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2944 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2945 #include <sys/types.h>
2946 #include <netinet/in.h>
2947 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
2948 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2949 [ ac_cv_have_struct_sockaddr_in6="no"
2950 ])
2951 ])
2952 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2953 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
2954 [define if you have struct sockaddr_in6 data type])
2955 fi
2957 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2958 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2959 #include <sys/types.h>
2960 #include <netinet/in.h>
2961 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
2962 [ ac_cv_have_struct_in6_addr="yes" ],
2963 [ ac_cv_have_struct_in6_addr="no"
2964 ])
2965 ])
2966 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2967 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
2968 [define if you have struct in6_addr data type])
2970 dnl Now check for sin6_scope_id
2971 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
2972 [
2973 #ifdef HAVE_SYS_TYPES_H
2974 #include <sys/types.h>
2975 #endif
2976 #include <netinet/in.h>
2977 ])
2978 fi
2980 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2981 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
2982 #include <sys/types.h>
2983 #include <sys/socket.h>
2984 #include <netdb.h>
2985 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
2986 [ ac_cv_have_struct_addrinfo="yes" ],
2987 [ ac_cv_have_struct_addrinfo="no"
2988 ])
2989 ])
2990 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2991 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
2992 [define if you have struct addrinfo data type])
2993 fi
2995 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2996 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
2997 [[ struct timeval tv; tv.tv_sec = 1;]])],
2998 [ ac_cv_have_struct_timeval="yes" ],
2999 [ ac_cv_have_struct_timeval="no"
3000 ])
3001 ])
3002 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3003 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
3004 have_struct_timeval=1
3005 fi
3007 AC_CHECK_TYPES([struct timespec])
3009 # We need int64_t or else certian parts of the compile will fail.
3010 if test "x$ac_cv_have_int64_t" = "xno" && \
3011 test "x$ac_cv_sizeof_long_int" != "x8" && \
3012 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3013 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3014 echo "an alternative compiler (I.E., GCC) before continuing."
3015 echo ""
3016 exit 1;
3017 else
3018 dnl test snprintf (broken on SCO w/gcc)
3019 AC_RUN_IFELSE(
3020 [AC_LANG_SOURCE([[
3021 #include <stdio.h>
3022 #include <string.h>
3023 #ifdef HAVE_SNPRINTF
3024 main()
3025 {
3026 char buf[50];
3027 char expected_out[50];
3028 int mazsize = 50 ;
3029 #if (SIZEOF_LONG_INT == 8)
3030 long int num = 0x7fffffffffffffff;
3031 #else
3032 long long num = 0x7fffffffffffffffll;
3033 #endif
3034 strcpy(expected_out, "9223372036854775807");
3035 snprintf(buf, mazsize, "%lld", num);
3036 if(strcmp(buf, expected_out) != 0)
3037 exit(1);
3038 exit(0);
3039 }
3040 #else
3041 main() { exit(0); }
3042 #endif
3043 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
3044 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3045 )
3046 fi
3048 dnl Checks for structure members
3049 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
3050 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
3051 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
3052 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
3053 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
3054 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
3055 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
3056 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
3057 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
3058 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
3059 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
3060 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
3061 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
3062 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
3063 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
3064 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
3065 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
3067 AC_CHECK_MEMBERS([struct stat.st_blksize])
3068 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
3069 [Define if we don't have struct __res_state in resolv.h])],
3070 [
3071 #include <stdio.h>
3072 #if HAVE_SYS_TYPES_H
3073 # include <sys/types.h>
3074 #endif
3075 #include <netinet/in.h>
3076 #include <arpa/nameser.h>
3077 #include <resolv.h>
3078 ])
3080 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3081 ac_cv_have_ss_family_in_struct_ss, [
3082 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3083 #include <sys/types.h>
3084 #include <sys/socket.h>
3085 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
3086 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3087 [ ac_cv_have_ss_family_in_struct_ss="no" ])
3088 ])
3089 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3090 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
3091 fi
3093 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3094 ac_cv_have___ss_family_in_struct_ss, [
3095 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3096 #include <sys/types.h>
3097 #include <sys/socket.h>
3098 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
3099 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3100 [ ac_cv_have___ss_family_in_struct_ss="no"
3101 ])
3102 ])
3103 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3104 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
3105 [Fields in struct sockaddr_storage])
3106 fi
3108 AC_CACHE_CHECK([for pw_class field in struct passwd],
3109 ac_cv_have_pw_class_in_struct_passwd, [
3110 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3111 [[ struct passwd p; p.pw_class = 0; ]])],
3112 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3113 [ ac_cv_have_pw_class_in_struct_passwd="no"
3114 ])
3115 ])
3116 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3117 AC_DEFINE([HAVE_PW_CLASS_IN_PASSWD], [1],
3118 [Define if your password has a pw_class field])
3119 fi
3121 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3122 ac_cv_have_pw_expire_in_struct_passwd, [
3123 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3124 [[ struct passwd p; p.pw_expire = 0; ]])],
3125 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3126 [ ac_cv_have_pw_expire_in_struct_passwd="no"
3127 ])
3128 ])
3129 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3130 AC_DEFINE([HAVE_PW_EXPIRE_IN_PASSWD], [1],
3131 [Define if your password has a pw_expire field])
3132 fi
3134 AC_CACHE_CHECK([for pw_change field in struct passwd],
3135 ac_cv_have_pw_change_in_struct_passwd, [
3136 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
3137 [[ struct passwd p; p.pw_change = 0; ]])],
3138 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3139 [ ac_cv_have_pw_change_in_struct_passwd="no"
3140 ])
3141 ])
3142 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3143 AC_DEFINE([HAVE_PW_CHANGE_IN_PASSWD], [1],
3144 [Define if your password has a pw_change field])
3145 fi
3147 dnl make sure we're using the real structure members and not defines
3148 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3149 ac_cv_have_accrights_in_msghdr, [
3150 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3151 #include <sys/types.h>
3152 #include <sys/socket.h>
3153 #include <sys/uio.h>
3154 ]], [[
3155 #ifdef msg_accrights
3156 #error "msg_accrights is a macro"
3157 exit(1);
3158 #endif
3159 struct msghdr m;
3160 m.msg_accrights = 0;
3161 exit(0);
3162 ]])],
3163 [ ac_cv_have_accrights_in_msghdr="yes" ],
3164 [ ac_cv_have_accrights_in_msghdr="no" ]
3165 )
3166 ])
3167 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3168 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
3169 [Define if your system uses access rights style
3170 file descriptor passing])
3171 fi
3173 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3174 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3175 #include <sys/types.h>
3176 #include <sys/stat.h>
3177 #ifdef HAVE_SYS_TIME_H
3178 # include <sys/time.h>
3179 #endif
3180 #ifdef HAVE_SYS_MOUNT_H
3181 #include <sys/mount.h>
3182 #endif
3183 #ifdef HAVE_SYS_STATVFS_H
3184 #include <sys/statvfs.h>
3185 #endif
3186 ]], [[ struct statvfs s; s.f_fsid = 0; ]])],
3187 [ AC_MSG_RESULT([yes]) ],
3188 [ AC_MSG_RESULT([no])
3190 AC_MSG_CHECKING([if fsid_t has member val])
3191 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3192 #include <sys/types.h>
3193 #include <sys/statvfs.h>
3194 ]], [[ fsid_t t; t.val[0] = 0; ]])],
3195 [ AC_MSG_RESULT([yes])
3196 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
3197 [ AC_MSG_RESULT([no]) ])
3199 AC_MSG_CHECKING([if f_fsid has member __val])
3200 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3201 #include <sys/types.h>
3202 #include <sys/statvfs.h>
3203 ]], [[ fsid_t t; t.__val[0] = 0; ]])],
3204 [ AC_MSG_RESULT([yes])
3205 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
3206 [ AC_MSG_RESULT([no]) ])
3207 ])
3209 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3210 ac_cv_have_control_in_msghdr, [
3211 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3212 #include <sys/types.h>
3213 #include <sys/socket.h>
3214 #include <sys/uio.h>
3215 ]], [[
3216 #ifdef msg_control
3217 #error "msg_control is a macro"
3218 exit(1);
3219 #endif
3220 struct msghdr m;
3221 m.msg_control = 0;
3222 exit(0);
3223 ]])],
3224 [ ac_cv_have_control_in_msghdr="yes" ],
3225 [ ac_cv_have_control_in_msghdr="no" ]
3226 )
3227 ])
3228 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3229 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
3230 [Define if your system uses ancillary data style
3231 file descriptor passing])
3232 fi
3234 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3235 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3236 [[ extern char *__progname; printf("%s", __progname); ]])],
3237 [ ac_cv_libc_defines___progname="yes" ],
3238 [ ac_cv_libc_defines___progname="no"
3239 ])
3240 ])
3241 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3242 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
3243 fi
3245 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3246 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3247 [[ printf("%s", __FUNCTION__); ]])],
3248 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3249 [ ac_cv_cc_implements___FUNCTION__="no"
3250 ])
3251 ])
3252 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3253 AC_DEFINE([HAVE___FUNCTION__], [1],
3254 [Define if compiler implements __FUNCTION__])
3255 fi
3257 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3258 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
3259 [[ printf("%s", __func__); ]])],
3260 [ ac_cv_cc_implements___func__="yes" ],
3261 [ ac_cv_cc_implements___func__="no"
3262 ])
3263 ])
3264 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3265 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
3266 fi
3268 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3269 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3270 #include <stdarg.h>
3271 va_list x,y;
3272 ]], [[ va_copy(x,y); ]])],
3273 [ ac_cv_have_va_copy="yes" ],
3274 [ ac_cv_have_va_copy="no"
3275 ])
3276 ])
3277 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3278 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
3279 fi
3281 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3282 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3283 #include <stdarg.h>
3284 va_list x,y;
3285 ]], [[ __va_copy(x,y); ]])],
3286 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
3287 ])
3288 ])
3289 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3290 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
3291 fi
3293 AC_CACHE_CHECK([whether getopt has optreset support],
3294 ac_cv_have_getopt_optreset, [
3295 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
3296 [[ extern int optreset; optreset = 0; ]])],
3297 [ ac_cv_have_getopt_optreset="yes" ],
3298 [ ac_cv_have_getopt_optreset="no"
3299 ])
3300 ])
3301 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3302 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
3303 [Define if your getopt(3) defines and uses optreset])
3304 fi
3306 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3307 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3308 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
3309 [ ac_cv_libc_defines_sys_errlist="yes" ],
3310 [ ac_cv_libc_defines_sys_errlist="no"
3311 ])
3312 ])
3313 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3314 AC_DEFINE([HAVE_SYS_ERRLIST], [1],
3315 [Define if your system defines sys_errlist[]])
3316 fi
3319 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3320 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
3321 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
3322 [ ac_cv_libc_defines_sys_nerr="yes" ],
3323 [ ac_cv_libc_defines_sys_nerr="no"
3324 ])
3325 ])
3326 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3327 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
3328 fi
3330 # Check libraries needed by DNS fingerprint support
3331 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
3332 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
3333 [Define if getrrsetbyname() exists])],
3334 [
3335 # Needed by our getrrsetbyname()
3336 AC_SEARCH_LIBS([res_query], [resolv])
3337 AC_SEARCH_LIBS([dn_expand], [resolv])
3338 AC_MSG_CHECKING([if res_query will link])
3339 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3340 #include <sys/types.h>
3341 #include <netinet/in.h>
3342 #include <arpa/nameser.h>
3343 #include <netdb.h>
3344 #include <resolv.h>
3345 ]], [[
3346 res_query (0, 0, 0, 0, 0);
3347 ]])],
3348 AC_MSG_RESULT([yes]),
3349 [AC_MSG_RESULT([no])
3350 saved_LIBS="$LIBS"
3351 LIBS="$LIBS -lresolv"
3352 AC_MSG_CHECKING([for res_query in -lresolv])
3353 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3354 #include <sys/types.h>
3355 #include <netinet/in.h>
3356 #include <arpa/nameser.h>
3357 #include <netdb.h>
3358 #include <resolv.h>
3359 ]], [[
3360 res_query (0, 0, 0, 0, 0);
3361 ]])],
3362 [AC_MSG_RESULT([yes])],
3363 [LIBS="$saved_LIBS"
3364 AC_MSG_RESULT([no])])
3365 ])
3366 AC_CHECK_FUNCS([_getshort _getlong])
3367 AC_CHECK_DECLS([_getshort, _getlong], , ,
3368 [#include <sys/types.h>
3369 #include <arpa/nameser.h>])
3370 AC_CHECK_MEMBER([HEADER.ad],
3371 [AC_DEFINE([HAVE_HEADER_AD], [1],
3372 [Define if HEADER.ad exists in arpa/nameser.h])], ,
3373 [#include <arpa/nameser.h>])
3374 ])
3376 AC_MSG_CHECKING([if struct __res_state _res is an extern])
3377 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
3378 #include <stdio.h>
3379 #if HAVE_SYS_TYPES_H
3380 # include <sys/types.h>
3381 #endif
3382 #include <netinet/in.h>
3383 #include <arpa/nameser.h>
3384 #include <resolv.h>
3385 extern struct __res_state _res;
3386 ]], [[ ]])],
3387 [AC_MSG_RESULT([yes])
3388 AC_DEFINE([HAVE__RES_EXTERN], [1],
3389 [Define if you have struct __res_state _res as an extern])
3390 ],
3391 [ AC_MSG_RESULT([no]) ]
3392 )
3394 # Check whether user wants SELinux support
3395 SELINUX_MSG="no"
3396 LIBSELINUX=""
3397 AC_ARG_WITH([selinux],
3398 [ --with-selinux Enable SELinux support],
3399 [ if test "x$withval" != "xno" ; then
3400 save_LIBS="$LIBS"
3401 AC_DEFINE([WITH_SELINUX], [1],
3402 [Define if you want SELinux support.])
3403 SELINUX_MSG="yes"
3404 AC_CHECK_HEADER([selinux/selinux.h], ,
3405 AC_MSG_ERROR([SELinux support requires selinux.h header]))
3406 AC_CHECK_LIB([selinux], [setexeccon],
3407 [ LIBSELINUX="-lselinux"
3408 LIBS="$LIBS -lselinux"
3409 ],
3410 AC_MSG_ERROR([SELinux support requires libselinux library]))
3411 SSHLIBS="$SSHLIBS $LIBSELINUX"
3412 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3413 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
3414 LIBS="$save_LIBS"
3415 fi ]
3416 )
3417 AC_SUBST([SSHLIBS])
3418 AC_SUBST([SSHDLIBS])
3420 # Check whether user wants Kerberos 5 support
3421 KRB5_MSG="no"
3422 AC_ARG_WITH([kerberos5],
3423 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3424 [ if test "x$withval" != "xno" ; then
3425 if test "x$withval" = "xyes" ; then
3426 KRB5ROOT="/usr/local"
3427 else
3428 KRB5ROOT=${withval}
3429 fi
3431 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
3432 KRB5_MSG="yes"
3434 AC_PATH_PROG([KRB5CONF], [krb5-config],
3435 [$KRB5ROOT/bin/krb5-config],
3436 [$KRB5ROOT/bin:$PATH])
3437 if test -x $KRB5CONF ; then
3439 AC_MSG_CHECKING([for gssapi support])
3440 if $KRB5CONF | grep gssapi >/dev/null ; then
3441 AC_MSG_RESULT([yes])
3442 AC_DEFINE([GSSAPI], [1],
3443 [Define this if you want GSSAPI
3444 support in the version 2 protocol])
3445 k5confopts=gssapi
3446 else
3447 AC_MSG_RESULT([no])
3448 k5confopts=""
3449 fi
3450 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3451 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3452 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3453 AC_MSG_CHECKING([whether we are using Heimdal])
3454 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3455 ]], [[ char *tmp = heimdal_version; ]])],
3456 [ AC_MSG_RESULT([yes])
3457 AC_DEFINE([HEIMDAL], [1],
3458 [Define this if you are using the Heimdal
3459 version of Kerberos V5]) ],
3460 [AC_MSG_RESULT([no])
3461 ])
3462 else
3463 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3464 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3465 AC_MSG_CHECKING([whether we are using Heimdal])
3466 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
3467 ]], [[ char *tmp = heimdal_version; ]])],
3468 [ AC_MSG_RESULT([yes])
3469 AC_DEFINE([HEIMDAL])
3470 K5LIBS="-lkrb5"
3471 K5LIBS="$K5LIBS -lcom_err -lasn1"
3472 AC_CHECK_LIB([roken], [net_write],
3473 [K5LIBS="$K5LIBS -lroken"])
3474 AC_CHECK_LIB([des], [des_cbc_encrypt],
3475 [K5LIBS="$K5LIBS -ldes"])
3476 ], [ AC_MSG_RESULT([no])
3477 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3479 ])
3480 AC_SEARCH_LIBS([dn_expand], [resolv])
3482 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
3483 [ AC_DEFINE([GSSAPI])
3484 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3485 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
3486 [ AC_DEFINE([GSSAPI])
3487 K5LIBS="-lgssapi $K5LIBS" ],
3488 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3489 $K5LIBS)
3490 ],
3491 $K5LIBS)
3493 AC_CHECK_HEADER([gssapi.h], ,
3494 [ unset ac_cv_header_gssapi_h
3495 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3496 AC_CHECK_HEADERS([gssapi.h], ,
3497 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3498 )
3499 ]
3500 )
3502 oldCPP="$CPPFLAGS"
3503 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3504 AC_CHECK_HEADER([gssapi_krb5.h], ,
3505 [ CPPFLAGS="$oldCPP" ])
3507 fi
3508 if test ! -z "$need_dash_r" ; then
3509 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3510 fi
3511 if test ! -z "$blibpath" ; then
3512 blibpath="$blibpath:${KRB5ROOT}/lib"
3513 fi
3515 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
3516 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
3517 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
3519 LIBS="$LIBS $K5LIBS"
3520 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
3521 [Define this if you want to use libkafs' AFS support])])
3522 fi
3523 ]
3524 )
3526 # Looking for programs, paths and files
3528 PRIVSEP_PATH=/var/empty
3529 AC_ARG_WITH([privsep-path],
3530 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3531 [
3532 if test -n "$withval" && test "x$withval" != "xno" && \
3533 test "x${withval}" != "xyes"; then
3534 PRIVSEP_PATH=$withval
3535 fi
3536 ]
3537 )
3538 AC_SUBST([PRIVSEP_PATH])
3540 AC_ARG_WITH([xauth],
3541 [ --with-xauth=PATH Specify path to xauth program ],
3542 [
3543 if test -n "$withval" && test "x$withval" != "xno" && \
3544 test "x${withval}" != "xyes"; then
3545 xauth_path=$withval
3546 fi
3547 ],
3548 [
3549 TestPath="$PATH"
3550 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3551 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3552 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3553 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3554 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
3555 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3556 xauth_path="/usr/openwin/bin/xauth"
3557 fi
3558 ]
3559 )
3561 STRIP_OPT=-s
3562 AC_ARG_ENABLE([strip],
3563 [ --disable-strip Disable calling strip(1) on install],
3564 [
3565 if test "x$enableval" = "xno" ; then
3566 STRIP_OPT=
3567 fi
3568 ]
3569 )
3570 AC_SUBST([STRIP_OPT])
3572 if test -z "$xauth_path" ; then
3573 XAUTH_PATH="undefined"
3574 AC_SUBST([XAUTH_PATH])
3575 else
3576 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
3577 [Define if xauth is found in your path])
3578 XAUTH_PATH=$xauth_path
3579 AC_SUBST([XAUTH_PATH])
3580 fi
3582 # Check for mail directory (last resort if we cannot get it from headers)
3583 if test ! -z "$MAIL" ; then
3584 maildir=`dirname $MAIL`
3585 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"],
3586 [Set this to your mail directory if you don't have maillock.h])
3587 fi
3589 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3590 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3591 disable_ptmx_check=yes
3592 fi
3593 if test -z "$no_dev_ptmx" ; then
3594 if test "x$disable_ptmx_check" != "xyes" ; then
3595 AC_CHECK_FILE(["/dev/ptmx"],
3596 [
3597 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
3598 [Define if you have /dev/ptmx])
3599 have_dev_ptmx=1
3600 ]
3601 )
3602 fi
3603 fi
3605 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3606 AC_CHECK_FILE(["/dev/ptc"],
3607 [
3608 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
3609 [Define if you have /dev/ptc])
3610 have_dev_ptc=1
3611 ]
3612 )
3613 else
3614 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3615 fi
3617 # Options from here on. Some of these are preset by platform above
3618 AC_ARG_WITH([mantype],
3619 [ --with-mantype=man|cat|doc Set man page type],
3620 [
3621 case "$withval" in
3622 man|cat|doc)
3623 MANTYPE=$withval
3624 ;;
3625 *)
3626 AC_MSG_ERROR([invalid man type: $withval])
3627 ;;
3628 esac
3629 ]
3630 )
3631 if test -z "$MANTYPE"; then
3632 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3633 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
3634 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3635 MANTYPE=doc
3636 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3637 MANTYPE=man
3638 else
3639 MANTYPE=cat
3640 fi
3641 fi
3642 AC_SUBST([MANTYPE])
3643 if test "$MANTYPE" = "doc"; then
3644 mansubdir=man;
3645 else
3646 mansubdir=$MANTYPE;
3647 fi
3648 AC_SUBST([mansubdir])
3650 # Check whether to enable MD5 passwords
3651 MD5_MSG="no"
3652 AC_ARG_WITH([md5-passwords],
3653 [ --with-md5-passwords Enable use of MD5 passwords],
3654 [
3655 if test "x$withval" != "xno" ; then
3656 AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
3657 [Define if you want to allow MD5 passwords])
3658 MD5_MSG="yes"
3659 fi
3660 ]
3661 )
3663 # Whether to disable shadow password support
3664 AC_ARG_WITH([shadow],
3665 [ --without-shadow Disable shadow password support],
3666 [
3667 if test "x$withval" = "xno" ; then
3668 AC_DEFINE([DISABLE_SHADOW])
3669 disable_shadow=yes
3670 fi
3671 ]
3672 )
3674 if test -z "$disable_shadow" ; then
3675 AC_MSG_CHECKING([if the systems has expire shadow information])
3676 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3677 #include <sys/types.h>
3678 #include <shadow.h>
3679 struct spwd sp;
3680 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
3681 [ sp_expire_available=yes ], [
3682 ])
3684 if test "x$sp_expire_available" = "xyes" ; then
3685 AC_MSG_RESULT([yes])
3686 AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
3687 [Define if you want to use shadow password expire field])
3688 else
3689 AC_MSG_RESULT([no])
3690 fi
3691 fi
3693 # Use ip address instead of hostname in $DISPLAY
3694 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3695 DISPLAY_HACK_MSG="yes"
3696 AC_DEFINE([IPADDR_IN_DISPLAY], [1],
3697 [Define if you need to use IP address
3698 instead of hostname in $DISPLAY])
3699 else
3700 DISPLAY_HACK_MSG="no"
3701 AC_ARG_WITH([ipaddr-display],
3702 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3703 [
3704 if test "x$withval" != "xno" ; then
3705 AC_DEFINE([IPADDR_IN_DISPLAY])
3706 DISPLAY_HACK_MSG="yes"
3707 fi
3708 ]
3709 )
3710 fi
3712 # check for /etc/default/login and use it if present.
3713 AC_ARG_ENABLE([etc-default-login],
3714 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3715 [ if test "x$enableval" = "xno"; then
3716 AC_MSG_NOTICE([/etc/default/login handling disabled])
3717 etc_default_login=no
3718 else
3719 etc_default_login=yes
3720 fi ],
3721 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3722 then
3723 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3724 etc_default_login=no
3725 else
3726 etc_default_login=yes
3727 fi ]
3728 )
3730 if test "x$etc_default_login" != "xno"; then
3731 AC_CHECK_FILE(["/etc/default/login"],
3732 [ external_path_file=/etc/default/login ])
3733 if test "x$external_path_file" = "x/etc/default/login"; then
3734 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
3735 [Define if your system has /etc/default/login])
3736 fi
3737 fi
3739 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3740 if test $ac_cv_func_login_getcapbool = "yes" && \
3741 test $ac_cv_header_login_cap_h = "yes" ; then
3742 external_path_file=/etc/login.conf
3743 fi
3745 # Whether to mess with the default path
3746 SERVER_PATH_MSG="(default)"
3747 AC_ARG_WITH([default-path],
3748 [ --with-default-path= Specify default \$PATH environment for server],
3749 [
3750 if test "x$external_path_file" = "x/etc/login.conf" ; then
3751 AC_MSG_WARN([
3752 --with-default-path=PATH has no effect on this system.
3753 Edit /etc/login.conf instead.])
3754 elif test "x$withval" != "xno" ; then
3755 if test ! -z "$external_path_file" ; then
3756 AC_MSG_WARN([
3757 --with-default-path=PATH will only be used if PATH is not defined in
3758 $external_path_file .])
3759 fi
3760 user_path="$withval"
3761 SERVER_PATH_MSG="$withval"
3762 fi
3763 ],
3764 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3765 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3766 else
3767 if test ! -z "$external_path_file" ; then
3768 AC_MSG_WARN([
3769 If PATH is defined in $external_path_file, ensure the path to scp is included,
3770 otherwise scp will not work.])
3771 fi
3772 AC_RUN_IFELSE(
3773 [AC_LANG_PROGRAM([[
3774 /* find out what STDPATH is */
3775 #include <stdio.h>
3776 #ifdef HAVE_PATHS_H
3777 # include <paths.h>
3778 #endif
3779 #ifndef _PATH_STDPATH
3780 # ifdef _PATH_USERPATH /* Irix */
3781 # define _PATH_STDPATH _PATH_USERPATH
3782 # else
3783 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3784 # endif
3785 #endif
3786 #include <sys/types.h>
3787 #include <sys/stat.h>
3788 #include <fcntl.h>
3789 #define DATA "conftest.stdpath"
3790 ]], [[
3791 FILE *fd;
3792 int rc;
3794 fd = fopen(DATA,"w");
3795 if(fd == NULL)
3796 exit(1);
3798 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3799 exit(1);
3801 exit(0);
3802 ]])],
3803 [ user_path=`cat conftest.stdpath` ],
3804 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3805 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3806 )
3807 # make sure $bindir is in USER_PATH so scp will work
3808 t_bindir=`eval echo ${bindir}`
3809 case $t_bindir in
3810 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3811 esac
3812 case $t_bindir in
3813 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3814 esac
3815 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3816 if test $? -ne 0 ; then
3817 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3818 if test $? -ne 0 ; then
3819 user_path=$user_path:$t_bindir
3820 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
3821 fi
3822 fi
3823 fi ]
3824 )
3825 if test "x$external_path_file" != "x/etc/login.conf" ; then
3826 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
3827 AC_SUBST([user_path])
3828 fi
3830 # Set superuser path separately to user path
3831 AC_ARG_WITH([superuser-path],
3832 [ --with-superuser-path= Specify different path for super-user],
3833 [
3834 if test -n "$withval" && test "x$withval" != "xno" && \
3835 test "x${withval}" != "xyes"; then
3836 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
3837 [Define if you want a different $PATH
3838 for the superuser])
3839 superuser_path=$withval
3840 fi
3841 ]
3842 )
3845 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3846 IPV4_IN6_HACK_MSG="no"
3847 AC_ARG_WITH(4in6,
3848 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3849 [
3850 if test "x$withval" != "xno" ; then
3851 AC_MSG_RESULT([yes])
3852 AC_DEFINE([IPV4_IN_IPV6], [1],
3853 [Detect IPv4 in IPv6 mapped addresses
3854 and treat as IPv4])
3855 IPV4_IN6_HACK_MSG="yes"
3856 else
3857 AC_MSG_RESULT([no])
3858 fi
3859 ], [
3860 if test "x$inet6_default_4in6" = "xyes"; then
3861 AC_MSG_RESULT([yes (default)])
3862 AC_DEFINE([IPV4_IN_IPV6])
3863 IPV4_IN6_HACK_MSG="yes"
3864 else
3865 AC_MSG_RESULT([no (default)])
3866 fi
3867 ]
3868 )
3870 # Whether to enable BSD auth support
3871 BSD_AUTH_MSG=no
3872 AC_ARG_WITH([bsd-auth],
3873 [ --with-bsd-auth Enable BSD auth support],
3874 [
3875 if test "x$withval" != "xno" ; then
3876 AC_DEFINE([BSD_AUTH], [1],
3877 [Define if you have BSD auth support])
3878 BSD_AUTH_MSG=yes
3879 fi
3880 ]
3881 )
3883 # Where to place sshd.pid
3884 piddir=/var/run
3885 # make sure the directory exists
3886 if test ! -d $piddir ; then
3887 piddir=`eval echo ${sysconfdir}`
3888 case $piddir in
3889 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3890 esac
3891 fi
3893 AC_ARG_WITH([pid-dir],
3894 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3895 [
3896 if test -n "$withval" && test "x$withval" != "xno" && \
3897 test "x${withval}" != "xyes"; then
3898 piddir=$withval
3899 if test ! -d $piddir ; then
3900 AC_MSG_WARN([** no $piddir directory on this system **])
3901 fi
3902 fi
3903 ]
3904 )
3906 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"],
3907 [Specify location of ssh.pid])
3908 AC_SUBST([piddir])
3910 dnl allow user to disable some login recording features
3911 AC_ARG_ENABLE([lastlog],
3912 [ --disable-lastlog disable use of lastlog even if detected [no]],
3913 [
3914 if test "x$enableval" = "xno" ; then
3915 AC_DEFINE([DISABLE_LASTLOG])
3916 fi
3917 ]
3918 )
3919 AC_ARG_ENABLE([utmp],
3920 [ --disable-utmp disable use of utmp even if detected [no]],
3921 [
3922 if test "x$enableval" = "xno" ; then
3923 AC_DEFINE([DISABLE_UTMP])
3924 fi
3925 ]
3926 )
3927 AC_ARG_ENABLE([utmpx],
3928 [ --disable-utmpx disable use of utmpx even if detected [no]],
3929 [
3930 if test "x$enableval" = "xno" ; then
3931 AC_DEFINE([DISABLE_UTMPX], [1],
3932 [Define if you don't want to use utmpx])
3933 fi
3934 ]
3935 )
3936 AC_ARG_ENABLE([wtmp],
3937 [ --disable-wtmp disable use of wtmp even if detected [no]],
3938 [
3939 if test "x$enableval" = "xno" ; then
3940 AC_DEFINE([DISABLE_WTMP])
3941 fi
3942 ]
3943 )
3944 AC_ARG_ENABLE([wtmpx],
3945 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3946 [
3947 if test "x$enableval" = "xno" ; then
3948 AC_DEFINE([DISABLE_WTMPX], [1],
3949 [Define if you don't want to use wtmpx])
3950 fi
3951 ]
3952 )
3953 AC_ARG_ENABLE([libutil],
3954 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3955 [
3956 if test "x$enableval" = "xno" ; then
3957 AC_DEFINE([DISABLE_LOGIN])
3958 fi
3959 ]
3960 )
3961 AC_ARG_ENABLE([pututline],
3962 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3963 [
3964 if test "x$enableval" = "xno" ; then
3965 AC_DEFINE([DISABLE_PUTUTLINE], [1],
3966 [Define if you don't want to use pututline()
3967 etc. to write [uw]tmp])
3968 fi
3969 ]
3970 )
3971 AC_ARG_ENABLE([pututxline],
3972 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3973 [
3974 if test "x$enableval" = "xno" ; then
3975 AC_DEFINE([DISABLE_PUTUTXLINE], [1],
3976 [Define if you don't want to use pututxline()
3977 etc. to write [uw]tmpx])
3978 fi
3979 ]
3980 )
3981 AC_ARG_WITH([lastlog],
3982 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3983 [
3984 if test "x$withval" = "xno" ; then
3985 AC_DEFINE([DISABLE_LASTLOG])
3986 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3987 conf_lastlog_location=$withval
3988 fi
3989 ]
3990 )
3992 dnl lastlog, [uw]tmpx? detection
3993 dnl NOTE: set the paths in the platform section to avoid the
3994 dnl need for command-line parameters
3995 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3997 dnl lastlog detection
3998 dnl NOTE: the code itself will detect if lastlog is a directory
3999 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4000 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4001 #include <sys/types.h>
4002 #include <utmp.h>
4003 #ifdef HAVE_LASTLOG_H
4004 # include <lastlog.h>
4005 #endif
4006 #ifdef HAVE_PATHS_H
4007 # include <paths.h>
4008 #endif
4009 #ifdef HAVE_LOGIN_H
4010 # include <login.h>
4011 #endif
4012 ]], [[ char *lastlog = LASTLOG_FILE; ]])],
4013 [ AC_MSG_RESULT([yes]) ],
4014 [
4015 AC_MSG_RESULT([no])
4016 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4017 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4018 #include <sys/types.h>
4019 #include <utmp.h>
4020 #ifdef HAVE_LASTLOG_H
4021 # include <lastlog.h>
4022 #endif
4023 #ifdef HAVE_PATHS_H
4024 # include <paths.h>
4025 #endif
4026 ]], [[ char *lastlog = _PATH_LASTLOG; ]])],
4027 [ AC_MSG_RESULT([yes]) ],
4028 [
4029 AC_MSG_RESULT([no])
4030 system_lastlog_path=no
4031 ])
4032 ])
4034 if test -z "$conf_lastlog_location"; then
4035 if test x"$system_lastlog_path" = x"no" ; then
4036 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4037 if (test -d "$f" || test -f "$f") ; then
4038 conf_lastlog_location=$f
4039 fi
4040 done
4041 if test -z "$conf_lastlog_location"; then
4042 AC_MSG_WARN([** Cannot find lastlog **])
4043 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4044 fi
4045 fi
4046 fi
4048 if test -n "$conf_lastlog_location"; then
4049 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
4050 [Define if you want to specify the path to your lastlog file])
4051 fi
4053 dnl utmp detection
4054 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4055 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4056 #include <sys/types.h>
4057 #include <utmp.h>
4058 #ifdef HAVE_PATHS_H
4059 # include <paths.h>
4060 #endif
4061 ]], [[ char *utmp = UTMP_FILE; ]])],
4062 [ AC_MSG_RESULT([yes]) ],
4063 [ AC_MSG_RESULT([no])
4064 system_utmp_path=no
4065 ])
4066 if test -z "$conf_utmp_location"; then
4067 if test x"$system_utmp_path" = x"no" ; then
4068 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4069 if test -f $f ; then
4070 conf_utmp_location=$f
4071 fi
4072 done
4073 if test -z "$conf_utmp_location"; then
4074 AC_DEFINE([DISABLE_UTMP])
4075 fi
4076 fi
4077 fi
4078 if test -n "$conf_utmp_location"; then
4079 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
4080 [Define if you want to specify the path to your utmp file])
4081 fi
4083 dnl wtmp detection
4084 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4085 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4086 #include <sys/types.h>
4087 #include <utmp.h>
4088 #ifdef HAVE_PATHS_H
4089 # include <paths.h>
4090 #endif
4091 ]], [[ char *wtmp = WTMP_FILE; ]])],
4092 [ AC_MSG_RESULT([yes]) ],
4093 [ AC_MSG_RESULT([no])
4094 system_wtmp_path=no
4095 ])
4096 if test -z "$conf_wtmp_location"; then
4097 if test x"$system_wtmp_path" = x"no" ; then
4098 for f in /usr/adm/wtmp /var/log/wtmp; do
4099 if test -f $f ; then
4100 conf_wtmp_location=$f
4101 fi
4102 done
4103 if test -z "$conf_wtmp_location"; then
4104 AC_DEFINE([DISABLE_WTMP])
4105 fi
4106 fi
4107 fi
4108 if test -n "$conf_wtmp_location"; then
4109 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
4110 [Define if you want to specify the path to your wtmp file])
4111 fi
4114 dnl wtmpx detection
4115 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4116 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
4117 #include <sys/types.h>
4118 #include <utmp.h>
4119 #ifdef HAVE_UTMPX_H
4120 #include <utmpx.h>
4121 #endif
4122 #ifdef HAVE_PATHS_H
4123 # include <paths.h>
4124 #endif
4125 ]], [[ char *wtmpx = WTMPX_FILE; ]])],
4126 [ AC_MSG_RESULT([yes]) ],
4127 [ AC_MSG_RESULT([no])
4128 system_wtmpx_path=no
4129 ])
4130 if test -z "$conf_wtmpx_location"; then
4131 if test x"$system_wtmpx_path" = x"no" ; then
4132 AC_DEFINE([DISABLE_WTMPX])
4133 fi
4134 else
4135 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
4136 [Define if you want to specify the path to your wtmpx file])
4137 fi
4140 if test ! -z "$blibpath" ; then
4141 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4142 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4143 fi
4145 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4146 dnl Add now.
4147 CFLAGS="$CFLAGS $werror_flags"
4149 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4150 TEST_SSH_IPV6=no
4151 else
4152 TEST_SSH_IPV6=yes
4153 fi
4154 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no])
4155 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
4157 AC_EXEEXT
4158 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4159 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4160 ssh_prng_cmds survey.sh])
4161 AC_OUTPUT
4163 # Print summary of options
4165 # Someone please show me a better way :)
4166 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4167 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4168 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4169 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4170 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4171 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4172 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4173 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4174 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4175 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4177 echo ""
4178 echo "OpenSSH has been configured with the following options:"
4179 echo " User binaries: $B"
4180 echo " System binaries: $C"
4181 echo " Configuration files: $D"
4182 echo " Askpass program: $E"
4183 echo " Manual pages: $F"
4184 echo " PID file: $G"
4185 echo " Privilege separation chroot path: $H"
4186 if test "x$external_path_file" = "x/etc/login.conf" ; then
4187 echo " At runtime, sshd will use the path defined in $external_path_file"
4188 echo " Make sure the path to scp is present, otherwise scp will not work"
4189 else
4190 echo " sshd default user PATH: $I"
4191 if test ! -z "$external_path_file"; then
4192 echo " (If PATH is set in $external_path_file it will be used instead. If"
4193 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4194 fi
4195 fi
4196 if test ! -z "$superuser_path" ; then
4197 echo " sshd superuser user PATH: $J"
4198 fi
4199 echo " Manpage format: $MANTYPE"
4200 echo " PAM support: $PAM_MSG"
4201 echo " OSF SIA support: $SIA_MSG"
4202 echo " KerberosV support: $KRB5_MSG"
4203 echo " SELinux support: $SELINUX_MSG"
4204 echo " Smartcard support: $SCARD_MSG"
4205 echo " S/KEY support: $SKEY_MSG"
4206 echo " TCP Wrappers support: $TCPW_MSG"
4207 echo " MD5 password support: $MD5_MSG"
4208 echo " libedit support: $LIBEDIT_MSG"
4209 echo " Solaris process contract support: $SPC_MSG"
4210 echo " Solaris project support: $SP_MSG"
4211 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4212 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4213 echo " BSD Auth support: $BSD_AUTH_MSG"
4214 echo " Random number source: $RAND_MSG"
4215 if test ! -z "$USE_RAND_HELPER" ; then
4216 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4217 fi
4219 echo ""
4221 echo " Host: ${host}"
4222 echo " Compiler: ${CC}"
4223 echo " Compiler flags: ${CFLAGS}"
4224 echo "Preprocessor flags: ${CPPFLAGS}"
4225 echo " Linker flags: ${LDFLAGS}"
4226 echo " Libraries: ${LIBS}"
4227 if test ! -z "${SSHDLIBS}"; then
4228 echo " +for sshd: ${SSHDLIBS}"
4229 fi
4230 if test ! -z "${SSHLIBS}"; then
4231 echo " +for ssh: ${SSHLIBS}"
4232 fi
4234 echo ""
4236 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4237 echo "SVR4 style packages are supported with \"make package\""
4238 echo ""
4239 fi
4241 if test "x$PAM_MSG" = "xyes" ; then
4242 echo "PAM is enabled. You may need to install a PAM control file "
4243 echo "for sshd, otherwise password authentication may fail. "
4244 echo "Example PAM control files can be found in the contrib/ "
4245 echo "subdirectory"
4246 echo ""
4247 fi
4249 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4250 echo "WARNING: you are using the builtin random number collection "
4251 echo "service. Please read WARNING.RNG and request that your OS "
4252 echo "vendor includes kernel-based random number collection in "
4253 echo "future versions of your OS."
4254 echo ""
4255 fi
4257 if test ! -z "$NO_PEERCHECK" ; then
4258 echo "WARNING: the operating system that you are using does not"
4259 echo "appear to support getpeereid(), getpeerucred() or the"
4260 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4261 echo "enforce security checks to prevent unauthorised connections to"
4262 echo "ssh-agent. Their absence increases the risk that a malicious"
4263 echo "user can connect to your agent."
4264 echo ""
4265 fi
4267 if test "$AUDIT_MODULE" = "bsm" ; then
4268 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4269 echo "See the Solaris section in README.platform for details."
4270 fi