| blob | 3293e61c6b417c5487d724db9478896367314ff9 |
1 # $Id: configure.ac,v 1.435 2010/01/15 01:38:30 dtucker Exp $
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.435 $)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
22 AC_PROG_CC
23 AC_CANONICAL_HOST
24 AC_C_BIGENDIAN
26 # Checks for programs.
27 AC_PROG_AWK
28 AC_PROG_CPP
29 AC_PROG_RANLIB
30 AC_PROG_INSTALL
31 AC_PROG_EGREP
32 AC_PATH_PROG(AR, ar)
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
37 AC_SUBST(PERL)
38 AC_PATH_PROG(ENT, ent)
39 AC_SUBST(ENT)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43 AC_PATH_PROG(SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
46 dnl for buildpkg.sh
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54 else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56 fi
58 # System features
59 AC_SYS_LARGEFILE
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63 fi
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
70 else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76 fi
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
82 fi
84 if test -z "$LD" ; then
85 LD=$CC
86 fi
87 AC_SUBST(LD)
89 AC_C_INLINE
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 use_stack_protector=1
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
97 use_stack_protector=0
98 fi ])
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
103 case $GCC_VER in
104 1.*) no_attrib_nonnull=1 ;;
105 2.8* | 2.9*)
106 CFLAGS="$CFLAGS -Wsign-compare"
107 no_attrib_nonnull=1
108 ;;
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
112 *) ;;
113 esac
115 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
116 saved_CFLAGS="$CFLAGS"
117 CFLAGS="$CFLAGS -fno-builtin-memset"
118 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
119 #include <string.h>
120 int main(void){char b[10]; memset(b, 0, sizeof(b));}
121 ]])],
122 [ AC_MSG_RESULT(yes) ],
123 [ AC_MSG_RESULT(no)
124 CFLAGS="$saved_CFLAGS" ]
125 )
127 # -fstack-protector-all doesn't always work for some GCC versions
128 # and/or platforms, so we test if we can. If it's not supported
129 # on a given platform gcc will emit a warning so we use -Werror.
130 if test "x$use_stack_protector" = "x1"; then
131 for t in -fstack-protector-all -fstack-protector; do
132 AC_MSG_CHECKING(if $CC supports $t)
133 saved_CFLAGS="$CFLAGS"
134 saved_LDFLAGS="$LDFLAGS"
135 CFLAGS="$CFLAGS $t -Werror"
136 LDFLAGS="$LDFLAGS $t -Werror"
137 AC_LINK_IFELSE(
138 [AC_LANG_SOURCE([
139 #include <stdio.h>
140 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
141 ])],
142 [ AC_MSG_RESULT(yes)
143 CFLAGS="$saved_CFLAGS $t"
144 LDFLAGS="$saved_LDFLAGS $t"
145 AC_MSG_CHECKING(if $t works)
146 AC_RUN_IFELSE(
147 [AC_LANG_SOURCE([
148 #include <stdio.h>
149 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
150 ])],
151 [ AC_MSG_RESULT(yes)
152 break ],
153 [ AC_MSG_RESULT(no) ],
154 [ AC_MSG_WARN([cross compiling: cannot test])
155 break ]
156 )
157 ],
158 [ AC_MSG_RESULT(no) ]
159 )
160 CFLAGS="$saved_CFLAGS"
161 LDFLAGS="$saved_LDFLAGS"
162 done
163 fi
165 if test -z "$have_llong_max"; then
166 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
167 unset ac_cv_have_decl_LLONG_MAX
168 saved_CFLAGS="$CFLAGS"
169 CFLAGS="$CFLAGS -std=gnu99"
170 AC_CHECK_DECL(LLONG_MAX,
171 [have_llong_max=1],
172 [CFLAGS="$saved_CFLAGS"],
173 [#include <limits.h>]
174 )
175 fi
176 fi
178 if test "x$no_attrib_nonnull" != "x1" ; then
179 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
180 fi
182 AC_ARG_WITH(rpath,
183 [ --without-rpath Disable auto-added -R linker paths],
184 [
185 if test "x$withval" = "xno" ; then
186 need_dash_r=""
187 fi
188 if test "x$withval" = "xyes" ; then
189 need_dash_r=1
190 fi
191 ]
192 )
194 # Allow user to specify flags
195 AC_ARG_WITH(cflags,
196 [ --with-cflags Specify additional flags to pass to compiler],
197 [
198 if test -n "$withval" && test "x$withval" != "xno" && \
199 test "x${withval}" != "xyes"; then
200 CFLAGS="$CFLAGS $withval"
201 fi
202 ]
203 )
204 AC_ARG_WITH(cppflags,
205 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
206 [
207 if test -n "$withval" && test "x$withval" != "xno" && \
208 test "x${withval}" != "xyes"; then
209 CPPFLAGS="$CPPFLAGS $withval"
210 fi
211 ]
212 )
213 AC_ARG_WITH(ldflags,
214 [ --with-ldflags Specify additional flags to pass to linker],
215 [
216 if test -n "$withval" && test "x$withval" != "xno" && \
217 test "x${withval}" != "xyes"; then
218 LDFLAGS="$LDFLAGS $withval"
219 fi
220 ]
221 )
222 AC_ARG_WITH(libs,
223 [ --with-libs Specify additional libraries to link with],
224 [
225 if test -n "$withval" && test "x$withval" != "xno" && \
226 test "x${withval}" != "xyes"; then
227 LIBS="$LIBS $withval"
228 fi
229 ]
230 )
231 AC_ARG_WITH(Werror,
232 [ --with-Werror Build main code with -Werror],
233 [
234 if test -n "$withval" && test "x$withval" != "xno"; then
235 werror_flags="-Werror"
236 if test "x${withval}" != "xyes"; then
237 werror_flags="$withval"
238 fi
239 fi
240 ]
241 )
243 AC_CHECK_HEADERS( \
244 bstring.h \
245 crypt.h \
246 crypto/sha2.h \
247 dirent.h \
248 endian.h \
249 features.h \
250 fcntl.h \
251 floatingpoint.h \
252 getopt.h \
253 glob.h \
254 ia.h \
255 iaf.h \
256 limits.h \
257 login.h \
258 maillock.h \
259 ndir.h \
260 net/if_tun.h \
261 netdb.h \
262 netgroup.h \
263 pam/pam_appl.h \
264 paths.h \
265 poll.h \
266 pty.h \
267 readpassphrase.h \
268 rpc/types.h \
269 security/pam_appl.h \
270 sha2.h \
271 shadow.h \
272 stddef.h \
273 stdint.h \
274 string.h \
275 strings.h \
276 sys/audit.h \
277 sys/bitypes.h \
278 sys/bsdtty.h \
279 sys/cdefs.h \
280 sys/dir.h \
281 sys/mman.h \
282 sys/ndir.h \
283 sys/poll.h \
284 sys/prctl.h \
285 sys/pstat.h \
286 sys/select.h \
287 sys/stat.h \
288 sys/stream.h \
289 sys/stropts.h \
290 sys/strtio.h \
291 sys/statvfs.h \
292 sys/sysmacros.h \
293 sys/time.h \
294 sys/timers.h \
295 sys/un.h \
296 time.h \
297 tmpdir.h \
298 ttyent.h \
299 ucred.h \
300 unistd.h \
301 usersec.h \
302 util.h \
303 utime.h \
304 utmp.h \
305 utmpx.h \
306 vis.h \
307 )
309 # lastlog.h requires sys/time.h to be included first on Solaris
310 AC_CHECK_HEADERS(lastlog.h, [], [], [
311 #ifdef HAVE_SYS_TIME_H
312 # include <sys/time.h>
313 #endif
314 ])
316 # sys/ptms.h requires sys/stream.h to be included first on Solaris
317 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
318 #ifdef HAVE_SYS_STREAM_H
319 # include <sys/stream.h>
320 #endif
321 ])
323 # login_cap.h requires sys/types.h on NetBSD
324 AC_CHECK_HEADERS(login_cap.h, [], [], [
325 #include <sys/types.h>
326 ])
328 # older BSDs need sys/param.h before sys/mount.h
329 AC_CHECK_HEADERS(sys/mount.h, [], [], [
330 #include <sys/param.h>
331 ])
333 # Messages for features tested for in target-specific section
334 SIA_MSG="no"
335 SPC_MSG="no"
337 # Check for some target-specific stuff
338 case "$host" in
339 *-*-aix*)
340 # Some versions of VAC won't allow macro redefinitions at
341 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
342 # particularly with older versions of vac or xlc.
343 # It also throws errors about null macro argments, but these are
344 # not fatal.
345 AC_MSG_CHECKING(if compiler allows macro redefinitions)
346 AC_COMPILE_IFELSE(
347 [AC_LANG_SOURCE([[
348 #define testmacro foo
349 #define testmacro bar
350 int main(void) { exit(0); }
351 ]])],
352 [ AC_MSG_RESULT(yes) ],
353 [ AC_MSG_RESULT(no)
354 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
355 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
356 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
357 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
358 ]
359 )
361 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
362 if (test -z "$blibpath"); then
363 blibpath="/usr/lib:/lib"
364 fi
365 saved_LDFLAGS="$LDFLAGS"
366 if test "$GCC" = "yes"; then
367 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
368 else
369 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
370 fi
371 for tryflags in $flags ;do
372 if (test -z "$blibflags"); then
373 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
374 AC_TRY_LINK([], [], [blibflags=$tryflags])
375 fi
376 done
377 if (test -z "$blibflags"); then
378 AC_MSG_RESULT(not found)
379 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
380 else
381 AC_MSG_RESULT($blibflags)
382 fi
383 LDFLAGS="$saved_LDFLAGS"
384 dnl Check for authenticate. Might be in libs.a on older AIXes
385 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
386 [Define if you want to enable AIX4's authenticate function])],
387 [AC_CHECK_LIB(s,authenticate,
388 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
389 LIBS="$LIBS -ls"
390 ])
391 ])
392 dnl Check for various auth function declarations in headers.
393 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
394 passwdexpired, setauthdb], , , [#include <usersec.h>])
395 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
396 AC_CHECK_DECLS(loginfailed,
397 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
398 AC_TRY_COMPILE(
399 [#include <usersec.h>],
400 [(void)loginfailed("user","host","tty",0);],
401 [AC_MSG_RESULT(yes)
402 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
403 [Define if your AIX loginfailed() function
404 takes 4 arguments (AIX >= 5.2)])],
405 [AC_MSG_RESULT(no)]
406 )],
407 [],
408 [#include <usersec.h>]
409 )
410 AC_CHECK_FUNCS(getgrset setauthdb)
411 AC_CHECK_DECL(F_CLOSEM,
412 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
413 [],
414 [ #include <limits.h>
415 #include <fcntl.h> ]
416 )
417 check_for_aix_broken_getaddrinfo=1
418 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
419 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
420 [Define if your platform breaks doing a seteuid before a setuid])
421 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
422 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
423 dnl AIX handles lastlog as part of its login message
424 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
425 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
426 [Some systems need a utmpx entry for /bin/login to work])
427 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
428 [Define to a Set Process Title type if your system is
429 supported by bsd-setproctitle.c])
430 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
431 [AIX 5.2 and 5.3 (and presumably newer) require this])
432 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
433 ;;
434 *-*-cygwin*)
435 check_for_libcrypt_later=1
436 LIBS="$LIBS /usr/lib/textreadmode.o"
437 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
438 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
439 AC_DEFINE(DISABLE_SHADOW, 1,
440 [Define if you want to disable shadow passwords])
441 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
442 [Define if X11 doesn't support AF_UNIX sockets on that system])
443 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
444 [Define if the concept of ports only accessible to
445 superusers isn't known])
446 AC_DEFINE(DISABLE_FD_PASSING, 1,
447 [Define if your platform needs to skip post auth
448 file descriptor passing])
449 AC_DEFINE(SSH_IOBUFSZ, 65536, [Windows is sensitive to read buffer size])
450 ;;
451 *-*-dgux*)
452 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
453 [Define if your system choked on IP TOS setting])
454 AC_DEFINE(SETEUID_BREAKS_SETUID)
455 AC_DEFINE(BROKEN_SETREUID)
456 AC_DEFINE(BROKEN_SETREGID)
457 ;;
458 *-*-darwin*)
459 AC_MSG_CHECKING(if we have working getaddrinfo)
460 AC_TRY_RUN([#include <mach-o/dyld.h>
461 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
462 exit(0);
463 else
464 exit(1);
465 }], [AC_MSG_RESULT(working)],
466 [AC_MSG_RESULT(buggy)
467 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
468 [AC_MSG_RESULT(assume it is working)])
469 AC_DEFINE(SETEUID_BREAKS_SETUID)
470 AC_DEFINE(BROKEN_SETREUID)
471 AC_DEFINE(BROKEN_SETREGID)
472 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
473 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
474 [Define if your resolver libs need this for getrrsetbyname])
475 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
476 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
477 [Use tunnel device compatibility to OpenBSD])
478 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
479 [Prepend the address family to IP tunnel traffic])
480 m4_pattern_allow(AU_IPv)
481 AC_CHECK_DECL(AU_IPv4, [],
482 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
483 [#include <bsm/audit.h>]
484 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
485 [Define if pututxline updates lastlog too])
486 )
487 ;;
488 *-*-dragonfly*)
489 SSHDLIBS="$SSHDLIBS -lcrypt"
490 ;;
491 *-*-hpux*)
492 # first we define all of the options common to all HP-UX releases
493 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
494 IPADDR_IN_DISPLAY=yes
495 AC_DEFINE(USE_PIPES)
496 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
497 [Define if your login program cannot handle end of options ("--")])
498 AC_DEFINE(LOGIN_NEEDS_UTMPX)
499 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
500 [String used in /etc/passwd to denote locked account])
501 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
502 MAIL="/var/mail/username"
503 LIBS="$LIBS -lsec"
504 AC_CHECK_LIB(xnet, t_error, ,
505 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
507 # next, we define all of the options specific to major releases
508 case "$host" in
509 *-*-hpux10*)
510 if test -z "$GCC"; then
511 CFLAGS="$CFLAGS -Ae"
512 fi
513 ;;
514 *-*-hpux11*)
515 AC_DEFINE(PAM_SUN_CODEBASE, 1,
516 [Define if you are using Solaris-derived PAM which
517 passes pam_messages to the conversation function
518 with an extra level of indirection])
519 AC_DEFINE(DISABLE_UTMP, 1,
520 [Define if you don't want to use utmp])
521 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
522 check_for_hpux_broken_getaddrinfo=1
523 check_for_conflicting_getspnam=1
524 ;;
525 esac
527 # lastly, we define options specific to minor releases
528 case "$host" in
529 *-*-hpux10.26)
530 AC_DEFINE(HAVE_SECUREWARE, 1,
531 [Define if you have SecureWare-based
532 protected password database])
533 disable_ptmx_check=yes
534 LIBS="$LIBS -lsecpw"
535 ;;
536 esac
537 ;;
538 *-*-irix5*)
539 PATH="$PATH:/usr/etc"
540 AC_DEFINE(BROKEN_INET_NTOA, 1,
541 [Define if you system's inet_ntoa is busted
542 (e.g. Irix gcc issue)])
543 AC_DEFINE(SETEUID_BREAKS_SETUID)
544 AC_DEFINE(BROKEN_SETREUID)
545 AC_DEFINE(BROKEN_SETREGID)
546 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
547 [Define if you shouldn't strip 'tty' from your
548 ttyname in [uw]tmp])
549 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
550 ;;
551 *-*-irix6*)
552 PATH="$PATH:/usr/etc"
553 AC_DEFINE(WITH_IRIX_ARRAY, 1,
554 [Define if you have/want arrays
555 (cluster-wide session managment, not C arrays)])
556 AC_DEFINE(WITH_IRIX_PROJECT, 1,
557 [Define if you want IRIX project management])
558 AC_DEFINE(WITH_IRIX_AUDIT, 1,
559 [Define if you want IRIX audit trails])
560 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
561 [Define if you want IRIX kernel jobs])])
562 AC_DEFINE(BROKEN_INET_NTOA)
563 AC_DEFINE(SETEUID_BREAKS_SETUID)
564 AC_DEFINE(BROKEN_SETREUID)
565 AC_DEFINE(BROKEN_SETREGID)
566 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
567 AC_DEFINE(WITH_ABBREV_NO_TTY)
568 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
569 ;;
570 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
571 check_for_libcrypt_later=1
572 AC_DEFINE(PAM_TTY_KLUDGE)
573 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
574 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
575 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
576 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
577 ;;
578 *-*-linux*)
579 no_dev_ptmx=1
580 check_for_libcrypt_later=1
581 check_for_openpty_ctty_bug=1
582 AC_DEFINE(PAM_TTY_KLUDGE, 1,
583 [Work around problematic Linux PAM modules handling of PAM_TTY])
584 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
585 [String used in /etc/passwd to denote locked account])
586 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
587 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
588 [Define to whatever link() returns for "not supported"
589 if it doesn't return EOPNOTSUPP.])
590 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
591 AC_DEFINE(USE_BTMP)
592 AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer])
593 inet6_default_4in6=yes
594 case `uname -r` in
595 1.*|2.0.*)
596 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
597 [Define if cmsg_type is not passed correctly])
598 ;;
599 esac
600 # tun(4) forwarding compat code
601 AC_CHECK_HEADERS(linux/if_tun.h)
602 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
603 AC_DEFINE(SSH_TUN_LINUX, 1,
604 [Open tunnel devices the Linux tun/tap way])
605 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
606 [Use tunnel device compatibility to OpenBSD])
607 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
608 [Prepend the address family to IP tunnel traffic])
609 fi
610 ;;
611 mips-sony-bsd|mips-sony-newsos4)
612 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
613 SONY=1
614 ;;
615 *-*-netbsd*)
616 check_for_libcrypt_before=1
617 if test "x$withval" != "xno" ; then
618 need_dash_r=1
619 fi
620 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
621 AC_CHECK_HEADER([net/if_tap.h], ,
622 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
623 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
624 [Prepend the address family to IP tunnel traffic])
625 ;;
626 *-*-freebsd*)
627 check_for_libcrypt_later=1
628 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
629 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
630 AC_CHECK_HEADER([net/if_tap.h], ,
631 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
632 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
633 ;;
634 *-*-bsdi*)
635 AC_DEFINE(SETEUID_BREAKS_SETUID)
636 AC_DEFINE(BROKEN_SETREUID)
637 AC_DEFINE(BROKEN_SETREGID)
638 ;;
639 *-next-*)
640 conf_lastlog_location="/usr/adm/lastlog"
641 conf_utmp_location=/etc/utmp
642 conf_wtmp_location=/usr/adm/wtmp
643 MAIL=/usr/spool/mail
644 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
645 AC_DEFINE(BROKEN_REALPATH)
646 AC_DEFINE(USE_PIPES)
647 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
648 ;;
649 *-*-openbsd*)
650 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
651 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
652 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
653 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
654 [syslog_r function is safe to use in in a signal handler])
655 ;;
656 *-*-solaris*)
657 if test "x$withval" != "xno" ; then
658 need_dash_r=1
659 fi
660 AC_DEFINE(PAM_SUN_CODEBASE)
661 AC_DEFINE(LOGIN_NEEDS_UTMPX)
662 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
663 [Some versions of /bin/login need the TERM supplied
664 on the commandline])
665 AC_DEFINE(PAM_TTY_KLUDGE)
666 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
667 [Define if pam_chauthtok wants real uid set
668 to the unpriv'ed user])
669 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
670 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
671 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
672 [Define if sshd somehow reacquires a controlling TTY
673 after setsid()])
674 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
675 in case the name is longer than 8 chars])
676 AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
677 external_path_file=/etc/default/login
678 # hardwire lastlog location (can't detect it on some versions)
679 conf_lastlog_location="/var/adm/lastlog"
680 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
681 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
682 if test "$sol2ver" -ge 8; then
683 AC_MSG_RESULT(yes)
684 AC_DEFINE(DISABLE_UTMP)
685 AC_DEFINE(DISABLE_WTMP, 1,
686 [Define if you don't want to use wtmp])
687 else
688 AC_MSG_RESULT(no)
689 fi
690 AC_ARG_WITH(solaris-contracts,
691 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
692 [
693 AC_CHECK_LIB(contract, ct_tmpl_activate,
694 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
695 [Define if you have Solaris process contracts])
696 SSHDLIBS="$SSHDLIBS -lcontract"
697 AC_SUBST(SSHDLIBS)
698 SPC_MSG="yes" ], )
699 ],
700 )
701 ;;
702 *-*-sunos4*)
703 CPPFLAGS="$CPPFLAGS -DSUNOS4"
704 AC_CHECK_FUNCS(getpwanam)
705 AC_DEFINE(PAM_SUN_CODEBASE)
706 conf_utmp_location=/etc/utmp
707 conf_wtmp_location=/var/adm/wtmp
708 conf_lastlog_location=/var/adm/lastlog
709 AC_DEFINE(USE_PIPES)
710 ;;
711 *-ncr-sysv*)
712 LIBS="$LIBS -lc89"
713 AC_DEFINE(USE_PIPES)
714 AC_DEFINE(SSHD_ACQUIRES_CTTY)
715 AC_DEFINE(SETEUID_BREAKS_SETUID)
716 AC_DEFINE(BROKEN_SETREUID)
717 AC_DEFINE(BROKEN_SETREGID)
718 ;;
719 *-sni-sysv*)
720 # /usr/ucblib MUST NOT be searched on ReliantUNIX
721 AC_CHECK_LIB(dl, dlsym, ,)
722 # -lresolv needs to be at the end of LIBS or DNS lookups break
723 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
724 IPADDR_IN_DISPLAY=yes
725 AC_DEFINE(USE_PIPES)
726 AC_DEFINE(IP_TOS_IS_BROKEN)
727 AC_DEFINE(SETEUID_BREAKS_SETUID)
728 AC_DEFINE(BROKEN_SETREUID)
729 AC_DEFINE(BROKEN_SETREGID)
730 AC_DEFINE(SSHD_ACQUIRES_CTTY)
731 external_path_file=/etc/default/login
732 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
733 # Attention: always take care to bind libsocket and libnsl before libc,
734 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
735 ;;
736 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
737 *-*-sysv4.2*)
738 AC_DEFINE(USE_PIPES)
739 AC_DEFINE(SETEUID_BREAKS_SETUID)
740 AC_DEFINE(BROKEN_SETREUID)
741 AC_DEFINE(BROKEN_SETREGID)
742 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
743 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
744 ;;
745 # UnixWare 7.x, OpenUNIX 8
746 *-*-sysv5*)
747 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
748 AC_DEFINE(USE_PIPES)
749 AC_DEFINE(SETEUID_BREAKS_SETUID)
750 AC_DEFINE(BROKEN_SETREUID)
751 AC_DEFINE(BROKEN_SETREGID)
752 AC_DEFINE(PASSWD_NEEDS_USERNAME)
753 case "$host" in
754 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
755 TEST_SHELL=/u95/bin/sh
756 AC_DEFINE(BROKEN_LIBIAF, 1,
757 [ia_uinfo routines not supported by OS yet])
758 AC_DEFINE(BROKEN_UPDWTMPX)
759 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
760 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
761 AC_DEFINE(HAVE_SECUREWARE)
762 AC_DEFINE(DISABLE_SHADOW)
763 ],,)
764 ;;
765 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
766 check_for_libcrypt_later=1
767 ;;
768 esac
769 ;;
770 *-*-sysv*)
771 ;;
772 # SCO UNIX and OEM versions of SCO UNIX
773 *-*-sco3.2v4*)
774 AC_MSG_ERROR("This Platform is no longer supported.")
775 ;;
776 # SCO OpenServer 5.x
777 *-*-sco3.2v5*)
778 if test -z "$GCC"; then
779 CFLAGS="$CFLAGS -belf"
780 fi
781 LIBS="$LIBS -lprot -lx -ltinfo -lm"
782 no_dev_ptmx=1
783 AC_DEFINE(USE_PIPES)
784 AC_DEFINE(HAVE_SECUREWARE)
785 AC_DEFINE(DISABLE_SHADOW)
786 AC_DEFINE(DISABLE_FD_PASSING)
787 AC_DEFINE(SETEUID_BREAKS_SETUID)
788 AC_DEFINE(BROKEN_SETREUID)
789 AC_DEFINE(BROKEN_SETREGID)
790 AC_DEFINE(WITH_ABBREV_NO_TTY)
791 AC_DEFINE(BROKEN_UPDWTMPX)
792 AC_DEFINE(PASSWD_NEEDS_USERNAME)
793 AC_CHECK_FUNCS(getluid setluid)
794 MANTYPE=man
795 TEST_SHELL=ksh
796 ;;
797 *-*-unicosmk*)
798 AC_DEFINE(NO_SSH_LASTLOG, 1,
799 [Define if you don't want to use lastlog in session.c])
800 AC_DEFINE(SETEUID_BREAKS_SETUID)
801 AC_DEFINE(BROKEN_SETREUID)
802 AC_DEFINE(BROKEN_SETREGID)
803 AC_DEFINE(USE_PIPES)
804 AC_DEFINE(DISABLE_FD_PASSING)
805 LDFLAGS="$LDFLAGS"
806 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
807 MANTYPE=cat
808 ;;
809 *-*-unicosmp*)
810 AC_DEFINE(SETEUID_BREAKS_SETUID)
811 AC_DEFINE(BROKEN_SETREUID)
812 AC_DEFINE(BROKEN_SETREGID)
813 AC_DEFINE(WITH_ABBREV_NO_TTY)
814 AC_DEFINE(USE_PIPES)
815 AC_DEFINE(DISABLE_FD_PASSING)
816 LDFLAGS="$LDFLAGS"
817 LIBS="$LIBS -lgen -lacid -ldb"
818 MANTYPE=cat
819 ;;
820 *-*-unicos*)
821 AC_DEFINE(SETEUID_BREAKS_SETUID)
822 AC_DEFINE(BROKEN_SETREUID)
823 AC_DEFINE(BROKEN_SETREGID)
824 AC_DEFINE(USE_PIPES)
825 AC_DEFINE(DISABLE_FD_PASSING)
826 AC_DEFINE(NO_SSH_LASTLOG)
827 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
828 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
829 MANTYPE=cat
830 ;;
831 *-dec-osf*)
832 AC_MSG_CHECKING(for Digital Unix SIA)
833 no_osfsia=""
834 AC_ARG_WITH(osfsia,
835 [ --with-osfsia Enable Digital Unix SIA],
836 [
837 if test "x$withval" = "xno" ; then
838 AC_MSG_RESULT(disabled)
839 no_osfsia=1
840 fi
841 ],
842 )
843 if test -z "$no_osfsia" ; then
844 if test -f /etc/sia/matrix.conf; then
845 AC_MSG_RESULT(yes)
846 AC_DEFINE(HAVE_OSF_SIA, 1,
847 [Define if you have Digital Unix Security
848 Integration Architecture])
849 AC_DEFINE(DISABLE_LOGIN, 1,
850 [Define if you don't want to use your
851 system's login() call])
852 AC_DEFINE(DISABLE_FD_PASSING)
853 LIBS="$LIBS -lsecurity -ldb -lm -laud"
854 SIA_MSG="yes"
855 else
856 AC_MSG_RESULT(no)
857 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
858 [String used in /etc/passwd to denote locked account])
859 fi
860 fi
861 AC_DEFINE(BROKEN_GETADDRINFO)
862 AC_DEFINE(SETEUID_BREAKS_SETUID)
863 AC_DEFINE(BROKEN_SETREUID)
864 AC_DEFINE(BROKEN_SETREGID)
865 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
866 ;;
868 *-*-nto-qnx*)
869 AC_DEFINE(USE_PIPES)
870 AC_DEFINE(NO_X11_UNIX_SOCKETS)
871 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
872 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
873 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
874 AC_DEFINE(DISABLE_LASTLOG)
875 AC_DEFINE(SSHD_ACQUIRES_CTTY)
876 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
877 enable_etc_default_login=no # has incompatible /etc/default/login
878 case "$host" in
879 *-*-nto-qnx6*)
880 AC_DEFINE(DISABLE_FD_PASSING)
881 ;;
882 esac
883 ;;
885 *-*-ultrix*)
886 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
887 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
888 AC_DEFINE(NEED_SETPGRP)
889 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
890 ;;
892 *-*-lynxos)
893 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
894 AC_DEFINE(MISSING_HOWMANY)
895 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
896 ;;
897 esac
899 AC_MSG_CHECKING(compiler and flags for sanity)
900 AC_RUN_IFELSE(
901 [AC_LANG_SOURCE([
902 #include <stdio.h>
903 int main(){exit(0);}
904 ])],
905 [ AC_MSG_RESULT(yes) ],
906 [
907 AC_MSG_RESULT(no)
908 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
909 ],
910 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
911 )
913 dnl Checks for header files.
914 # Checks for libraries.
915 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
916 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
918 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
919 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
920 AC_CHECK_LIB(gen, dirname,[
921 AC_CACHE_CHECK([for broken dirname],
922 ac_cv_have_broken_dirname, [
923 save_LIBS="$LIBS"
924 LIBS="$LIBS -lgen"
925 AC_RUN_IFELSE(
926 [AC_LANG_SOURCE([[
927 #include <libgen.h>
928 #include <string.h>
930 int main(int argc, char **argv) {
931 char *s, buf[32];
933 strncpy(buf,"/etc", 32);
934 s = dirname(buf);
935 if (!s || strncmp(s, "/", 32) != 0) {
936 exit(1);
937 } else {
938 exit(0);
939 }
940 }
941 ]])],
942 [ ac_cv_have_broken_dirname="no" ],
943 [ ac_cv_have_broken_dirname="yes" ],
944 [ ac_cv_have_broken_dirname="no" ],
945 )
946 LIBS="$save_LIBS"
947 ])
948 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
949 LIBS="$LIBS -lgen"
950 AC_DEFINE(HAVE_DIRNAME)
951 AC_CHECK_HEADERS(libgen.h)
952 fi
953 ])
954 ])
956 AC_CHECK_FUNC(getspnam, ,
957 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
958 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
959 [Define if you have the basename function.]))
961 dnl zlib is required
962 AC_ARG_WITH(zlib,
963 [ --with-zlib=PATH Use zlib in PATH],
964 [ if test "x$withval" = "xno" ; then
965 AC_MSG_ERROR([*** zlib is required ***])
966 elif test "x$withval" != "xyes"; then
967 if test -d "$withval/lib"; then
968 if test -n "${need_dash_r}"; then
969 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
970 else
971 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
972 fi
973 else
974 if test -n "${need_dash_r}"; then
975 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
976 else
977 LDFLAGS="-L${withval} ${LDFLAGS}"
978 fi
979 fi
980 if test -d "$withval/include"; then
981 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
982 else
983 CPPFLAGS="-I${withval} ${CPPFLAGS}"
984 fi
985 fi ]
986 )
988 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
989 AC_CHECK_LIB(z, deflate, ,
990 [
991 saved_CPPFLAGS="$CPPFLAGS"
992 saved_LDFLAGS="$LDFLAGS"
993 save_LIBS="$LIBS"
994 dnl Check default zlib install dir
995 if test -n "${need_dash_r}"; then
996 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
997 else
998 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
999 fi
1000 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1001 LIBS="$LIBS -lz"
1002 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1003 [
1004 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1005 ]
1006 )
1007 ]
1008 )
1010 AC_ARG_WITH(zlib-version-check,
1011 [ --without-zlib-version-check Disable zlib version check],
1012 [ if test "x$withval" = "xno" ; then
1013 zlib_check_nonfatal=1
1014 fi
1015 ]
1016 )
1018 AC_MSG_CHECKING(for possibly buggy zlib)
1019 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1020 #include <stdio.h>
1021 #include <zlib.h>
1022 int main()
1023 {
1024 int a=0, b=0, c=0, d=0, n, v;
1025 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1026 if (n != 3 && n != 4)
1027 exit(1);
1028 v = a*1000000 + b*10000 + c*100 + d;
1029 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1031 /* 1.1.4 is OK */
1032 if (a == 1 && b == 1 && c >= 4)
1033 exit(0);
1035 /* 1.2.3 and up are OK */
1036 if (v >= 1020300)
1037 exit(0);
1039 exit(2);
1040 }
1041 ]])],
1042 AC_MSG_RESULT(no),
1043 [ AC_MSG_RESULT(yes)
1044 if test -z "$zlib_check_nonfatal" ; then
1045 AC_MSG_ERROR([*** zlib too old - check config.log ***
1046 Your reported zlib version has known security problems. It's possible your
1047 vendor has fixed these problems without changing the version number. If you
1048 are sure this is the case, you can disable the check by running
1049 "./configure --without-zlib-version-check".
1050 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1051 See http://www.gzip.org/zlib/ for details.])
1052 else
1053 AC_MSG_WARN([zlib version may have security problems])
1054 fi
1055 ],
1056 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1057 )
1059 dnl UnixWare 2.x
1060 AC_CHECK_FUNC(strcasecmp,
1061 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1062 )
1063 AC_CHECK_FUNCS(utimes,
1064 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1065 LIBS="$LIBS -lc89"]) ]
1066 )
1068 dnl Checks for libutil functions
1069 AC_CHECK_HEADERS(libutil.h)
1070 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1071 [Define if your libraries define login()])])
1072 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1074 AC_FUNC_STRFTIME
1076 # Check for ALTDIRFUNC glob() extension
1077 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1078 AC_EGREP_CPP(FOUNDIT,
1079 [
1080 #include <glob.h>
1081 #ifdef GLOB_ALTDIRFUNC
1082 FOUNDIT
1083 #endif
1084 ],
1085 [
1086 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1087 [Define if your system glob() function has
1088 the GLOB_ALTDIRFUNC extension])
1089 AC_MSG_RESULT(yes)
1090 ],
1091 [
1092 AC_MSG_RESULT(no)
1093 ]
1094 )
1096 # Check for g.gl_matchc glob() extension
1097 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1098 AC_TRY_COMPILE(
1099 [ #include <glob.h> ],
1100 [glob_t g; g.gl_matchc = 1;],
1101 [
1102 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1103 [Define if your system glob() function has
1104 gl_matchc options in glob_t])
1105 AC_MSG_RESULT(yes)
1106 ],
1107 [
1108 AC_MSG_RESULT(no)
1109 ]
1110 )
1112 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1114 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1115 AC_RUN_IFELSE(
1116 [AC_LANG_SOURCE([[
1117 #include <sys/types.h>
1118 #include <dirent.h>
1119 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1120 ]])],
1121 [AC_MSG_RESULT(yes)],
1122 [
1123 AC_MSG_RESULT(no)
1124 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1125 [Define if your struct dirent expects you to
1126 allocate extra space for d_name])
1127 ],
1128 [
1129 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1130 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1131 ]
1132 )
1134 AC_MSG_CHECKING([for /proc/pid/fd directory])
1135 if test -d "/proc/$$/fd" ; then
1136 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1137 AC_MSG_RESULT(yes)
1138 else
1139 AC_MSG_RESULT(no)
1140 fi
1142 # Check whether user wants S/Key support
1143 SKEY_MSG="no"
1144 AC_ARG_WITH(skey,
1145 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1146 [
1147 if test "x$withval" != "xno" ; then
1149 if test "x$withval" != "xyes" ; then
1150 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1151 LDFLAGS="$LDFLAGS -L${withval}/lib"
1152 fi
1154 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1155 LIBS="-lskey $LIBS"
1156 SKEY_MSG="yes"
1158 AC_MSG_CHECKING([for s/key support])
1159 AC_LINK_IFELSE(
1160 [AC_LANG_SOURCE([[
1161 #include <stdio.h>
1162 #include <skey.h>
1163 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1164 ]])],
1165 [AC_MSG_RESULT(yes)],
1166 [
1167 AC_MSG_RESULT(no)
1168 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1169 ])
1170 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1171 AC_TRY_COMPILE(
1172 [#include <stdio.h>
1173 #include <skey.h>],
1174 [(void)skeychallenge(NULL,"name","",0);],
1175 [AC_MSG_RESULT(yes)
1176 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1177 [Define if your skeychallenge()
1178 function takes 4 arguments (NetBSD)])],
1179 [AC_MSG_RESULT(no)]
1180 )
1181 fi
1182 ]
1183 )
1185 # Check whether user wants TCP wrappers support
1186 TCPW_MSG="no"
1187 AC_ARG_WITH(tcp-wrappers,
1188 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1189 [
1190 if test "x$withval" != "xno" ; then
1191 saved_LIBS="$LIBS"
1192 saved_LDFLAGS="$LDFLAGS"
1193 saved_CPPFLAGS="$CPPFLAGS"
1194 if test -n "${withval}" && \
1195 test "x${withval}" != "xyes"; then
1196 if test -d "${withval}/lib"; then
1197 if test -n "${need_dash_r}"; then
1198 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1199 else
1200 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1201 fi
1202 else
1203 if test -n "${need_dash_r}"; then
1204 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1205 else
1206 LDFLAGS="-L${withval} ${LDFLAGS}"
1207 fi
1208 fi
1209 if test -d "${withval}/include"; then
1210 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1211 else
1212 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1213 fi
1214 fi
1215 LIBS="-lwrap $LIBS"
1216 AC_MSG_CHECKING(for libwrap)
1217 AC_TRY_LINK(
1218 [
1219 #include <sys/types.h>
1220 #include <sys/socket.h>
1221 #include <netinet/in.h>
1222 #include <tcpd.h>
1223 int deny_severity = 0, allow_severity = 0;
1224 ],
1225 [hosts_access(0);],
1226 [
1227 AC_MSG_RESULT(yes)
1228 AC_DEFINE(LIBWRAP, 1,
1229 [Define if you want
1230 TCP Wrappers support])
1231 SSHDLIBS="$SSHDLIBS -lwrap"
1232 TCPW_MSG="yes"
1233 ],
1234 [
1235 AC_MSG_ERROR([*** libwrap missing])
1236 ]
1237 )
1238 LIBS="$saved_LIBS"
1239 fi
1240 ]
1241 )
1243 # Check whether user wants libedit support
1244 LIBEDIT_MSG="no"
1245 AC_ARG_WITH(libedit,
1246 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1247 [ if test "x$withval" != "xno" ; then
1248 if test "x$withval" != "xyes"; then
1249 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1250 if test -n "${need_dash_r}"; then
1251 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1252 else
1253 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1254 fi
1255 fi
1256 AC_CHECK_LIB(edit, el_init,
1257 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1258 LIBEDIT="-ledit -lcurses"
1259 LIBEDIT_MSG="yes"
1260 AC_SUBST(LIBEDIT)
1261 ],
1262 [ AC_MSG_ERROR(libedit not found) ],
1263 [ -lcurses ]
1264 )
1265 AC_MSG_CHECKING(if libedit version is compatible)
1266 AC_COMPILE_IFELSE(
1267 [AC_LANG_SOURCE([[
1268 #include <histedit.h>
1269 int main(void)
1270 {
1271 int i = H_SETSIZE;
1272 el_init("", NULL, NULL, NULL);
1273 exit(0);
1274 }
1275 ]])],
1276 [ AC_MSG_RESULT(yes) ],
1277 [ AC_MSG_RESULT(no)
1278 AC_MSG_ERROR(libedit version is not compatible) ]
1279 )
1280 fi ]
1281 )
1283 AUDIT_MODULE=none
1284 AC_ARG_WITH(audit,
1285 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1286 [
1287 AC_MSG_CHECKING(for supported audit module)
1288 case "$withval" in
1289 bsm)
1290 AC_MSG_RESULT(bsm)
1291 AUDIT_MODULE=bsm
1292 dnl Checks for headers, libs and functions
1293 AC_CHECK_HEADERS(bsm/audit.h, [],
1294 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1295 [
1296 #ifdef HAVE_TIME_H
1297 # include <time.h>
1298 #endif
1299 ]
1300 )
1301 AC_CHECK_LIB(bsm, getaudit, [],
1302 [AC_MSG_ERROR(BSM enabled and required library not found)])
1303 AC_CHECK_FUNCS(getaudit, [],
1304 [AC_MSG_ERROR(BSM enabled and required function not found)])
1305 # These are optional
1306 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1307 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1308 ;;
1309 debug)
1310 AUDIT_MODULE=debug
1311 AC_MSG_RESULT(debug)
1312 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1313 ;;
1314 no)
1315 AC_MSG_RESULT(no)
1316 ;;
1317 *)
1318 AC_MSG_ERROR([Unknown audit module $withval])
1319 ;;
1320 esac ]
1321 )
1323 dnl Checks for library functions. Please keep in alphabetical order
1324 AC_CHECK_FUNCS( \
1325 arc4random \
1326 arc4random_buf \
1327 arc4random_uniform \
1328 asprintf \
1329 b64_ntop \
1330 __b64_ntop \
1331 b64_pton \
1332 __b64_pton \
1333 bcopy \
1334 bindresvport_sa \
1335 clock \
1336 closefrom \
1337 dirfd \
1338 fchmod \
1339 fchown \
1340 freeaddrinfo \
1341 fstatvfs \
1342 futimes \
1343 getaddrinfo \
1344 getcwd \
1345 getgrouplist \
1346 getnameinfo \
1347 getopt \
1348 getpeereid \
1349 getpeerucred \
1350 _getpty \
1351 getrlimit \
1352 getttyent \
1353 glob \
1354 group_from_gid \
1355 inet_aton \
1356 inet_ntoa \
1357 inet_ntop \
1358 innetgr \
1359 login_getcapbool \
1360 md5_crypt \
1361 memmove \
1362 mkdtemp \
1363 mmap \
1364 ngetaddrinfo \
1365 nsleep \
1366 ogetaddrinfo \
1367 openlog_r \
1368 openpty \
1369 poll \
1370 prctl \
1371 pstat \
1372 readpassphrase \
1373 realpath \
1374 recvmsg \
1375 rresvport_af \
1376 sendmsg \
1377 setdtablesize \
1378 setegid \
1379 setenv \
1380 seteuid \
1381 setgroupent \
1382 setgroups \
1383 setlogin \
1384 setpassent\
1385 setpcred \
1386 setproctitle \
1387 setregid \
1388 setreuid \
1389 setrlimit \
1390 setsid \
1391 setvbuf \
1392 sigaction \
1393 sigvec \
1394 snprintf \
1395 socketpair \
1396 statfs \
1397 statvfs \
1398 strdup \
1399 strerror \
1400 strlcat \
1401 strlcpy \
1402 strmode \
1403 strnvis \
1404 strtonum \
1405 strtoll \
1406 strtoul \
1407 swap32 \
1408 sysconf \
1409 tcgetpgrp \
1410 truncate \
1411 unsetenv \
1412 updwtmpx \
1413 user_from_uid \
1414 vasprintf \
1415 vhangup \
1416 vsnprintf \
1417 waitpid \
1418 )
1420 # IRIX has a const char return value for gai_strerror()
1421 AC_CHECK_FUNCS(gai_strerror,[
1422 AC_DEFINE(HAVE_GAI_STRERROR)
1423 AC_TRY_COMPILE([
1424 #include <sys/types.h>
1425 #include <sys/socket.h>
1426 #include <netdb.h>
1428 const char *gai_strerror(int);],[
1429 char *str;
1431 str = gai_strerror(0);],[
1432 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1433 [Define if gai_strerror() returns const char *])])])
1435 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1436 [Some systems put nanosleep outside of libc]))
1438 dnl Make sure prototypes are defined for these before using them.
1439 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1440 AC_CHECK_DECL(strsep,
1441 [AC_CHECK_FUNCS(strsep)],
1442 [],
1443 [
1444 #ifdef HAVE_STRING_H
1445 # include <string.h>
1446 #endif
1447 ])
1449 dnl tcsendbreak might be a macro
1450 AC_CHECK_DECL(tcsendbreak,
1451 [AC_DEFINE(HAVE_TCSENDBREAK)],
1452 [AC_CHECK_FUNCS(tcsendbreak)],
1453 [#include <termios.h>]
1454 )
1456 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1458 AC_CHECK_DECLS(SHUT_RD, , ,
1459 [
1460 #include <sys/types.h>
1461 #include <sys/socket.h>
1462 ])
1464 AC_CHECK_DECLS(O_NONBLOCK, , ,
1465 [
1466 #include <sys/types.h>
1467 #ifdef HAVE_SYS_STAT_H
1468 # include <sys/stat.h>
1469 #endif
1470 #ifdef HAVE_FCNTL_H
1471 # include <fcntl.h>
1472 #endif
1473 ])
1475 AC_CHECK_DECLS(writev, , , [
1476 #include <sys/types.h>
1477 #include <sys/uio.h>
1478 #include <unistd.h>
1479 ])
1481 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1482 #include <sys/param.h>
1483 ])
1485 AC_CHECK_DECLS(offsetof, , , [
1486 #include <stddef.h>
1487 ])
1489 AC_CHECK_FUNCS(setresuid, [
1490 dnl Some platorms have setresuid that isn't implemented, test for this
1491 AC_MSG_CHECKING(if setresuid seems to work)
1492 AC_RUN_IFELSE(
1493 [AC_LANG_SOURCE([[
1494 #include <stdlib.h>
1495 #include <errno.h>
1496 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1497 ]])],
1498 [AC_MSG_RESULT(yes)],
1499 [AC_DEFINE(BROKEN_SETRESUID, 1,
1500 [Define if your setresuid() is broken])
1501 AC_MSG_RESULT(not implemented)],
1502 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1503 )
1504 ])
1506 AC_CHECK_FUNCS(setresgid, [
1507 dnl Some platorms have setresgid that isn't implemented, test for this
1508 AC_MSG_CHECKING(if setresgid seems to work)
1509 AC_RUN_IFELSE(
1510 [AC_LANG_SOURCE([[
1511 #include <stdlib.h>
1512 #include <errno.h>
1513 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1514 ]])],
1515 [AC_MSG_RESULT(yes)],
1516 [AC_DEFINE(BROKEN_SETRESGID, 1,
1517 [Define if your setresgid() is broken])
1518 AC_MSG_RESULT(not implemented)],
1519 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1520 )
1521 ])
1523 dnl Checks for time functions
1524 AC_CHECK_FUNCS(gettimeofday time)
1525 dnl Checks for utmp functions
1526 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1527 AC_CHECK_FUNCS(utmpname)
1528 dnl Checks for utmpx functions
1529 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1530 AC_CHECK_FUNCS(setutxent utmpxname)
1531 dnl Checks for lastlog functions
1532 AC_CHECK_FUNCS(getlastlogxbyname)
1534 AC_CHECK_FUNC(daemon,
1535 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1536 [AC_CHECK_LIB(bsd, daemon,
1537 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1538 )
1540 AC_CHECK_FUNC(getpagesize,
1541 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1542 [Define if your libraries define getpagesize()])],
1543 [AC_CHECK_LIB(ucb, getpagesize,
1544 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1545 )
1547 # Check for broken snprintf
1548 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1549 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1550 AC_RUN_IFELSE(
1551 [AC_LANG_SOURCE([[
1552 #include <stdio.h>
1553 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1554 ]])],
1555 [AC_MSG_RESULT(yes)],
1556 [
1557 AC_MSG_RESULT(no)
1558 AC_DEFINE(BROKEN_SNPRINTF, 1,
1559 [Define if your snprintf is busted])
1560 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1561 ],
1562 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1563 )
1564 fi
1566 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1567 # returning the right thing on overflow: the number of characters it tried to
1568 # create (as per SUSv3)
1569 if test "x$ac_cv_func_asprintf" != "xyes" && \
1570 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1571 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1572 AC_RUN_IFELSE(
1573 [AC_LANG_SOURCE([[
1574 #include <sys/types.h>
1575 #include <stdio.h>
1576 #include <stdarg.h>
1578 int x_snprintf(char *str,size_t count,const char *fmt,...)
1579 {
1580 size_t ret; va_list ap;
1581 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1582 return ret;
1583 }
1584 int main(void)
1585 {
1586 char x[1];
1587 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1588 } ]])],
1589 [AC_MSG_RESULT(yes)],
1590 [
1591 AC_MSG_RESULT(no)
1592 AC_DEFINE(BROKEN_SNPRINTF, 1,
1593 [Define if your snprintf is busted])
1594 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1595 ],
1596 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1597 )
1598 fi
1600 # On systems where [v]snprintf is broken, but is declared in stdio,
1601 # check that the fmt argument is const char * or just char *.
1602 # This is only useful for when BROKEN_SNPRINTF
1603 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1604 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1605 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1606 int main(void) { snprintf(0, 0, 0); }
1607 ]])],
1608 [AC_MSG_RESULT(yes)
1609 AC_DEFINE(SNPRINTF_CONST, [const],
1610 [Define as const if snprintf() can declare const char *fmt])],
1611 [AC_MSG_RESULT(no)
1612 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1614 # Check for missing getpeereid (or equiv) support
1615 NO_PEERCHECK=""
1616 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1617 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1618 AC_TRY_COMPILE(
1619 [#include <sys/types.h>
1620 #include <sys/socket.h>],
1621 [int i = SO_PEERCRED;],
1622 [ AC_MSG_RESULT(yes)
1623 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1624 ],
1625 [AC_MSG_RESULT(no)
1626 NO_PEERCHECK=1]
1627 )
1628 fi
1630 dnl see whether mkstemp() requires XXXXXX
1631 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1632 AC_MSG_CHECKING([for (overly) strict mkstemp])
1633 AC_RUN_IFELSE(
1634 [AC_LANG_SOURCE([[
1635 #include <stdlib.h>
1636 main() { char template[]="conftest.mkstemp-test";
1637 if (mkstemp(template) == -1)
1638 exit(1);
1639 unlink(template); exit(0);
1640 }
1641 ]])],
1642 [
1643 AC_MSG_RESULT(no)
1644 ],
1645 [
1646 AC_MSG_RESULT(yes)
1647 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1648 ],
1649 [
1650 AC_MSG_RESULT(yes)
1651 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1652 ]
1653 )
1654 fi
1656 dnl make sure that openpty does not reacquire controlling terminal
1657 if test ! -z "$check_for_openpty_ctty_bug"; then
1658 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1659 AC_RUN_IFELSE(
1660 [AC_LANG_SOURCE([[
1661 #include <stdio.h>
1662 #include <sys/fcntl.h>
1663 #include <sys/types.h>
1664 #include <sys/wait.h>
1666 int
1667 main()
1668 {
1669 pid_t pid;
1670 int fd, ptyfd, ttyfd, status;
1672 pid = fork();
1673 if (pid < 0) { /* failed */
1674 exit(1);
1675 } else if (pid > 0) { /* parent */
1676 waitpid(pid, &status, 0);
1677 if (WIFEXITED(status))
1678 exit(WEXITSTATUS(status));
1679 else
1680 exit(2);
1681 } else { /* child */
1682 close(0); close(1); close(2);
1683 setsid();
1684 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1685 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1686 if (fd >= 0)
1687 exit(3); /* Acquired ctty: broken */
1688 else
1689 exit(0); /* Did not acquire ctty: OK */
1690 }
1691 }
1692 ]])],
1693 [
1694 AC_MSG_RESULT(yes)
1695 ],
1696 [
1697 AC_MSG_RESULT(no)
1698 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1699 ],
1700 [
1701 AC_MSG_RESULT(cross-compiling, assuming yes)
1702 ]
1703 )
1704 fi
1706 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1707 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1708 AC_MSG_CHECKING(if getaddrinfo seems to work)
1709 AC_RUN_IFELSE(
1710 [AC_LANG_SOURCE([[
1711 #include <stdio.h>
1712 #include <sys/socket.h>
1713 #include <netdb.h>
1714 #include <errno.h>
1715 #include <netinet/in.h>
1717 #define TEST_PORT "2222"
1719 int
1720 main(void)
1721 {
1722 int err, sock;
1723 struct addrinfo *gai_ai, *ai, hints;
1724 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1726 memset(&hints, 0, sizeof(hints));
1727 hints.ai_family = PF_UNSPEC;
1728 hints.ai_socktype = SOCK_STREAM;
1729 hints.ai_flags = AI_PASSIVE;
1731 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1732 if (err != 0) {
1733 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1734 exit(1);
1735 }
1737 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1738 if (ai->ai_family != AF_INET6)
1739 continue;
1741 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1742 sizeof(ntop), strport, sizeof(strport),
1743 NI_NUMERICHOST|NI_NUMERICSERV);
1745 if (err != 0) {
1746 if (err == EAI_SYSTEM)
1747 perror("getnameinfo EAI_SYSTEM");
1748 else
1749 fprintf(stderr, "getnameinfo failed: %s\n",
1750 gai_strerror(err));
1751 exit(2);
1752 }
1754 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1755 if (sock < 0)
1756 perror("socket");
1757 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1758 if (errno == EBADF)
1759 exit(3);
1760 }
1761 }
1762 exit(0);
1763 }
1764 ]])],
1765 [
1766 AC_MSG_RESULT(yes)
1767 ],
1768 [
1769 AC_MSG_RESULT(no)
1770 AC_DEFINE(BROKEN_GETADDRINFO)
1771 ],
1772 [
1773 AC_MSG_RESULT(cross-compiling, assuming yes)
1774 ]
1775 )
1776 fi
1778 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1779 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1780 AC_MSG_CHECKING(if getaddrinfo seems to work)
1781 AC_RUN_IFELSE(
1782 [AC_LANG_SOURCE([[
1783 #include <stdio.h>
1784 #include <sys/socket.h>
1785 #include <netdb.h>
1786 #include <errno.h>
1787 #include <netinet/in.h>
1789 #define TEST_PORT "2222"
1791 int
1792 main(void)
1793 {
1794 int err, sock;
1795 struct addrinfo *gai_ai, *ai, hints;
1796 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1798 memset(&hints, 0, sizeof(hints));
1799 hints.ai_family = PF_UNSPEC;
1800 hints.ai_socktype = SOCK_STREAM;
1801 hints.ai_flags = AI_PASSIVE;
1803 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1804 if (err != 0) {
1805 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1806 exit(1);
1807 }
1809 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1810 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1811 continue;
1813 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1814 sizeof(ntop), strport, sizeof(strport),
1815 NI_NUMERICHOST|NI_NUMERICSERV);
1817 if (ai->ai_family == AF_INET && err != 0) {
1818 perror("getnameinfo");
1819 exit(2);
1820 }
1821 }
1822 exit(0);
1823 }
1824 ]])],
1825 [
1826 AC_MSG_RESULT(yes)
1827 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1828 [Define if you have a getaddrinfo that fails
1829 for the all-zeros IPv6 address])
1830 ],
1831 [
1832 AC_MSG_RESULT(no)
1833 AC_DEFINE(BROKEN_GETADDRINFO)
1834 ],
1835 [
1836 AC_MSG_RESULT(cross-compiling, assuming no)
1837 ]
1838 )
1839 fi
1841 if test "x$check_for_conflicting_getspnam" = "x1"; then
1842 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1843 AC_COMPILE_IFELSE(
1844 [
1845 #include <shadow.h>
1846 int main(void) {exit(0);}
1847 ],
1848 [
1849 AC_MSG_RESULT(no)
1850 ],
1851 [
1852 AC_MSG_RESULT(yes)
1853 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1854 [Conflicting defs for getspnam])
1855 ]
1856 )
1857 fi
1859 AC_FUNC_GETPGRP
1861 # Search for OpenSSL
1862 saved_CPPFLAGS="$CPPFLAGS"
1863 saved_LDFLAGS="$LDFLAGS"
1864 AC_ARG_WITH(ssl-dir,
1865 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1866 [
1867 if test "x$withval" != "xno" ; then
1868 case "$withval" in
1869 # Relative paths
1870 ./*|../*) withval="`pwd`/$withval"
1871 esac
1872 if test -d "$withval/lib"; then
1873 if test -n "${need_dash_r}"; then
1874 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1875 else
1876 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1877 fi
1878 else
1879 if test -n "${need_dash_r}"; then
1880 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1881 else
1882 LDFLAGS="-L${withval} ${LDFLAGS}"
1883 fi
1884 fi
1885 if test -d "$withval/include"; then
1886 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1887 else
1888 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1889 fi
1890 fi
1891 ]
1892 )
1893 LIBS="-lcrypto $LIBS"
1894 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1895 [Define if your ssl headers are included
1896 with #include <openssl/header.h>]),
1897 [
1898 dnl Check default openssl install dir
1899 if test -n "${need_dash_r}"; then
1900 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1901 else
1902 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1903 fi
1904 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1905 AC_CHECK_HEADER([openssl/opensslv.h], ,
1906 AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
1907 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1908 [
1909 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1910 ]
1911 )
1912 ]
1913 )
1915 # Determine OpenSSL header version
1916 AC_MSG_CHECKING([OpenSSL header version])
1917 AC_RUN_IFELSE(
1918 [AC_LANG_SOURCE([[
1919 #include <stdio.h>
1920 #include <string.h>
1921 #include <openssl/opensslv.h>
1922 #define DATA "conftest.sslincver"
1923 int main(void) {
1924 FILE *fd;
1925 int rc;
1927 fd = fopen(DATA,"w");
1928 if(fd == NULL)
1929 exit(1);
1931 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1932 exit(1);
1934 exit(0);
1935 }
1936 ]])],
1937 [
1938 ssl_header_ver=`cat conftest.sslincver`
1939 AC_MSG_RESULT($ssl_header_ver)
1940 ],
1941 [
1942 AC_MSG_RESULT(not found)
1943 AC_MSG_ERROR(OpenSSL version header not found.)
1944 ],
1945 [
1946 AC_MSG_WARN([cross compiling: not checking])
1947 ]
1948 )
1950 # Determine OpenSSL library version
1951 AC_MSG_CHECKING([OpenSSL library version])
1952 AC_RUN_IFELSE(
1953 [AC_LANG_SOURCE([[
1954 #include <stdio.h>
1955 #include <string.h>
1956 #include <openssl/opensslv.h>
1957 #include <openssl/crypto.h>
1958 #define DATA "conftest.ssllibver"
1959 int main(void) {
1960 FILE *fd;
1961 int rc;
1963 fd = fopen(DATA,"w");
1964 if(fd == NULL)
1965 exit(1);
1967 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1968 exit(1);
1970 exit(0);
1971 }
1972 ]])],
1973 [
1974 ssl_library_ver=`cat conftest.ssllibver`
1975 AC_MSG_RESULT($ssl_library_ver)
1976 ],
1977 [
1978 AC_MSG_RESULT(not found)
1979 AC_MSG_ERROR(OpenSSL library not found.)
1980 ],
1981 [
1982 AC_MSG_WARN([cross compiling: not checking])
1983 ]
1984 )
1986 AC_ARG_WITH(openssl-header-check,
1987 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1988 [ if test "x$withval" = "xno" ; then
1989 openssl_check_nonfatal=1
1990 fi
1991 ]
1992 )
1994 # Sanity check OpenSSL headers
1995 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1996 AC_RUN_IFELSE(
1997 [AC_LANG_SOURCE([[
1998 #include <string.h>
1999 #include <openssl/opensslv.h>
2000 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2001 ]])],
2002 [
2003 AC_MSG_RESULT(yes)
2004 ],
2005 [
2006 AC_MSG_RESULT(no)
2007 if test "x$openssl_check_nonfatal" = "x"; then
2008 AC_MSG_ERROR([Your OpenSSL headers do not match your
2009 library. Check config.log for details.
2010 If you are sure your installation is consistent, you can disable the check
2011 by running "./configure --without-openssl-header-check".
2012 Also see contrib/findssl.sh for help identifying header/library mismatches.
2013 ])
2014 else
2015 AC_MSG_WARN([Your OpenSSL headers do not match your
2016 library. Check config.log for details.
2017 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2018 fi
2019 ],
2020 [
2021 AC_MSG_WARN([cross compiling: not checking])
2022 ]
2023 )
2025 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2026 AC_LINK_IFELSE(
2027 [AC_LANG_SOURCE([[
2028 #include <openssl/evp.h>
2029 int main(void) { SSLeay_add_all_algorithms(); }
2030 ]])],
2031 [
2032 AC_MSG_RESULT(yes)
2033 ],
2034 [
2035 AC_MSG_RESULT(no)
2036 saved_LIBS="$LIBS"
2037 LIBS="$LIBS -ldl"
2038 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2039 AC_LINK_IFELSE(
2040 [AC_LANG_SOURCE([[
2041 #include <openssl/evp.h>
2042 int main(void) { SSLeay_add_all_algorithms(); }
2043 ]])],
2044 [
2045 AC_MSG_RESULT(yes)
2046 ],
2047 [
2048 AC_MSG_RESULT(no)
2049 LIBS="$saved_LIBS"
2050 ]
2051 )
2052 ]
2053 )
2055 AC_ARG_WITH(ssl-engine,
2056 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2057 [ if test "x$withval" != "xno" ; then
2058 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2059 AC_TRY_COMPILE(
2060 [ #include <openssl/engine.h>],
2061 [
2062 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2063 ],
2064 [ AC_MSG_RESULT(yes)
2065 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2066 [Enable OpenSSL engine support])
2067 ],
2068 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2069 )
2070 fi ]
2071 )
2073 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2074 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2075 AC_LINK_IFELSE(
2076 [AC_LANG_SOURCE([[
2077 #include <string.h>
2078 #include <openssl/evp.h>
2079 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2080 ]])],
2081 [
2082 AC_MSG_RESULT(no)
2083 ],
2084 [
2085 AC_MSG_RESULT(yes)
2086 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2087 [libcrypto is missing AES 192 and 256 bit functions])
2088 ]
2089 )
2091 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2092 AC_LINK_IFELSE(
2093 [AC_LANG_SOURCE([[
2094 #include <string.h>
2095 #include <openssl/evp.h>
2096 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2097 ]])],
2098 [
2099 AC_MSG_RESULT(yes)
2100 ],
2101 [
2102 AC_MSG_RESULT(no)
2103 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2104 [Define if EVP_DigestUpdate returns void])
2105 ]
2106 )
2108 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2109 # because the system crypt() is more featureful.
2110 if test "x$check_for_libcrypt_before" = "x1"; then
2111 AC_CHECK_LIB(crypt, crypt)
2112 fi
2114 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2115 # version in OpenSSL.
2116 if test "x$check_for_libcrypt_later" = "x1"; then
2117 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2118 fi
2120 # Search for SHA256 support in libc and/or OpenSSL
2121 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2123 saved_LIBS="$LIBS"
2124 AC_CHECK_LIB(iaf, ia_openinfo, [
2125 LIBS="$LIBS -liaf"
2126 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2127 AC_DEFINE(HAVE_LIBIAF, 1,
2128 [Define if system has libiaf that supports set_id])
2129 ])
2130 ])
2131 LIBS="$saved_LIBS"
2133 ### Configure cryptographic random number support
2135 # Check wheter OpenSSL seeds itself
2136 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2137 AC_RUN_IFELSE(
2138 [AC_LANG_SOURCE([[
2139 #include <string.h>
2140 #include <openssl/rand.h>
2141 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2142 ]])],
2143 [
2144 OPENSSL_SEEDS_ITSELF=yes
2145 AC_MSG_RESULT(yes)
2146 ],
2147 [
2148 AC_MSG_RESULT(no)
2149 # Default to use of the rand helper if OpenSSL doesn't
2150 # seed itself
2151 USE_RAND_HELPER=yes
2152 ],
2153 [
2154 AC_MSG_WARN([cross compiling: assuming yes])
2155 # This is safe, since all recent OpenSSL versions will
2156 # complain at runtime if not seeded correctly.
2157 OPENSSL_SEEDS_ITSELF=yes
2158 ]
2159 )
2161 # Check for PAM libs
2162 PAM_MSG="no"
2163 AC_ARG_WITH(pam,
2164 [ --with-pam Enable PAM support ],
2165 [
2166 if test "x$withval" != "xno" ; then
2167 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2168 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2169 AC_MSG_ERROR([PAM headers not found])
2170 fi
2172 saved_LIBS="$LIBS"
2173 AC_CHECK_LIB(dl, dlopen, , )
2174 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2175 AC_CHECK_FUNCS(pam_getenvlist)
2176 AC_CHECK_FUNCS(pam_putenv)
2177 LIBS="$saved_LIBS"
2179 PAM_MSG="yes"
2181 SSHDLIBS="$SSHDLIBS -lpam"
2182 AC_DEFINE(USE_PAM, 1,
2183 [Define if you want to enable PAM support])
2185 if test $ac_cv_lib_dl_dlopen = yes; then
2186 case "$LIBS" in
2187 *-ldl*)
2188 # libdl already in LIBS
2189 ;;
2190 *)
2191 SSHDLIBS="$SSHDLIBS -ldl"
2192 ;;
2193 esac
2194 fi
2195 fi
2196 ]
2197 )
2199 # Check for older PAM
2200 if test "x$PAM_MSG" = "xyes" ; then
2201 # Check PAM strerror arguments (old PAM)
2202 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2203 AC_TRY_COMPILE(
2204 [
2205 #include <stdlib.h>
2206 #if defined(HAVE_SECURITY_PAM_APPL_H)
2207 #include <security/pam_appl.h>
2208 #elif defined (HAVE_PAM_PAM_APPL_H)
2209 #include <pam/pam_appl.h>
2210 #endif
2211 ],
2212 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2213 [AC_MSG_RESULT(no)],
2214 [
2215 AC_DEFINE(HAVE_OLD_PAM, 1,
2216 [Define if you have an old version of PAM
2217 which takes only one argument to pam_strerror])
2218 AC_MSG_RESULT(yes)
2219 PAM_MSG="yes (old library)"
2220 ]
2221 )
2222 fi
2224 # Do we want to force the use of the rand helper?
2225 AC_ARG_WITH(rand-helper,
2226 [ --with-rand-helper Use subprocess to gather strong randomness ],
2227 [
2228 if test "x$withval" = "xno" ; then
2229 # Force use of OpenSSL's internal RNG, even if
2230 # the previous test showed it to be unseeded.
2231 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2232 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2233 OPENSSL_SEEDS_ITSELF=yes
2234 USE_RAND_HELPER=""
2235 fi
2236 else
2237 USE_RAND_HELPER=yes
2238 fi
2239 ],
2240 )
2242 # Which randomness source do we use?
2243 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2244 # OpenSSL only
2245 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2246 [Define if you want OpenSSL's internally seeded PRNG only])
2247 RAND_MSG="OpenSSL internal ONLY"
2248 INSTALL_SSH_RAND_HELPER=""
2249 elif test ! -z "$USE_RAND_HELPER" ; then
2250 # install rand helper
2251 RAND_MSG="ssh-rand-helper"
2252 INSTALL_SSH_RAND_HELPER="yes"
2253 fi
2254 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2256 ### Configuration of ssh-rand-helper
2258 # PRNGD TCP socket
2259 AC_ARG_WITH(prngd-port,
2260 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2261 [
2262 case "$withval" in
2263 no)
2264 withval=""
2265 ;;
2266 [[0-9]]*)
2267 ;;
2268 *)
2269 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2270 ;;
2271 esac
2272 if test ! -z "$withval" ; then
2273 PRNGD_PORT="$withval"
2274 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2275 [Port number of PRNGD/EGD random number socket])
2276 fi
2277 ]
2278 )
2280 # PRNGD Unix domain socket
2281 AC_ARG_WITH(prngd-socket,
2282 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2283 [
2284 case "$withval" in
2285 yes)
2286 withval="/var/run/egd-pool"
2287 ;;
2288 no)
2289 withval=""
2290 ;;
2291 /*)
2292 ;;
2293 *)
2294 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2295 ;;
2296 esac
2298 if test ! -z "$withval" ; then
2299 if test ! -z "$PRNGD_PORT" ; then
2300 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2301 fi
2302 if test ! -r "$withval" ; then
2303 AC_MSG_WARN(Entropy socket is not readable)
2304 fi
2305 PRNGD_SOCKET="$withval"
2306 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2307 [Location of PRNGD/EGD random number socket])
2308 fi
2309 ],
2310 [
2311 # Check for existing socket only if we don't have a random device already
2312 if test "$USE_RAND_HELPER" = yes ; then
2313 AC_MSG_CHECKING(for PRNGD/EGD socket)
2314 # Insert other locations here
2315 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2316 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2317 PRNGD_SOCKET="$sock"
2318 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2319 break;
2320 fi
2321 done
2322 if test ! -z "$PRNGD_SOCKET" ; then
2323 AC_MSG_RESULT($PRNGD_SOCKET)
2324 else
2325 AC_MSG_RESULT(not found)
2326 fi
2327 fi
2328 ]
2329 )
2331 # Change default command timeout for hashing entropy source
2332 entropy_timeout=200
2333 AC_ARG_WITH(entropy-timeout,
2334 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2335 [
2336 if test -n "$withval" && test "x$withval" != "xno" && \
2337 test "x${withval}" != "xyes"; then
2338 entropy_timeout=$withval
2339 fi
2340 ]
2341 )
2342 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2343 [Builtin PRNG command timeout])
2345 SSH_PRIVSEP_USER=sshd
2346 AC_ARG_WITH(privsep-user,
2347 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2348 [
2349 if test -n "$withval" && test "x$withval" != "xno" && \
2350 test "x${withval}" != "xyes"; then
2351 SSH_PRIVSEP_USER=$withval
2352 fi
2353 ]
2354 )
2355 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2356 [non-privileged user for privilege separation])
2357 AC_SUBST(SSH_PRIVSEP_USER)
2359 # We do this little dance with the search path to insure
2360 # that programs that we select for use by installed programs
2361 # (which may be run by the super-user) come from trusted
2362 # locations before they come from the user's private area.
2363 # This should help avoid accidentally configuring some
2364 # random version of a program in someone's personal bin.
2366 OPATH=$PATH
2367 PATH=/bin:/usr/bin
2368 test -h /bin 2> /dev/null && PATH=/usr/bin
2369 test -d /sbin && PATH=$PATH:/sbin
2370 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2371 PATH=$PATH:/etc:$OPATH
2373 # These programs are used by the command hashing source to gather entropy
2374 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2375 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2376 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2377 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2378 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2379 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2380 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2381 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2382 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2383 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2384 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2385 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2386 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2387 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2388 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2389 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2390 # restore PATH
2391 PATH=$OPATH
2393 # Where does ssh-rand-helper get its randomness from?
2394 INSTALL_SSH_PRNG_CMDS=""
2395 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2396 if test ! -z "$PRNGD_PORT" ; then
2397 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2398 elif test ! -z "$PRNGD_SOCKET" ; then
2399 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2400 else
2401 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2402 RAND_HELPER_CMDHASH=yes
2403 INSTALL_SSH_PRNG_CMDS="yes"
2404 fi
2405 fi
2406 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2409 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2410 if test ! -z "$SONY" ; then
2411 LIBS="$LIBS -liberty";
2412 fi
2414 # Check for long long datatypes
2415 AC_CHECK_TYPES([long long, unsigned long long, long double])
2417 # Check datatype sizes
2418 AC_CHECK_SIZEOF(char, 1)
2419 AC_CHECK_SIZEOF(short int, 2)
2420 AC_CHECK_SIZEOF(int, 4)
2421 AC_CHECK_SIZEOF(long int, 4)
2422 AC_CHECK_SIZEOF(long long int, 8)
2424 # Sanity check long long for some platforms (AIX)
2425 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2426 ac_cv_sizeof_long_long_int=0
2427 fi
2429 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2430 if test -z "$have_llong_max"; then
2431 AC_MSG_CHECKING([for max value of long long])
2432 AC_RUN_IFELSE(
2433 [AC_LANG_SOURCE([[
2434 #include <stdio.h>
2435 /* Why is this so damn hard? */
2436 #ifdef __GNUC__
2437 # undef __GNUC__
2438 #endif
2439 #define __USE_ISOC99
2440 #include <limits.h>
2441 #define DATA "conftest.llminmax"
2442 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2444 /*
2445 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2446 * we do this the hard way.
2447 */
2448 static int
2449 fprint_ll(FILE *f, long long n)
2450 {
2451 unsigned int i;
2452 int l[sizeof(long long) * 8];
2454 if (n < 0)
2455 if (fprintf(f, "-") < 0)
2456 return -1;
2457 for (i = 0; n != 0; i++) {
2458 l[i] = my_abs(n % 10);
2459 n /= 10;
2460 }
2461 do {
2462 if (fprintf(f, "%d", l[--i]) < 0)
2463 return -1;
2464 } while (i != 0);
2465 if (fprintf(f, " ") < 0)
2466 return -1;
2467 return 0;
2468 }
2470 int main(void) {
2471 FILE *f;
2472 long long i, llmin, llmax = 0;
2474 if((f = fopen(DATA,"w")) == NULL)
2475 exit(1);
2477 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2478 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2479 llmin = LLONG_MIN;
2480 llmax = LLONG_MAX;
2481 #else
2482 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2483 /* This will work on one's complement and two's complement */
2484 for (i = 1; i > llmax; i <<= 1, i++)
2485 llmax = i;
2486 llmin = llmax + 1LL; /* wrap */
2487 #endif
2489 /* Sanity check */
2490 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2491 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2492 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2493 fprintf(f, "unknown unknown\n");
2494 exit(2);
2495 }
2497 if (fprint_ll(f, llmin) < 0)
2498 exit(3);
2499 if (fprint_ll(f, llmax) < 0)
2500 exit(4);
2501 if (fclose(f) < 0)
2502 exit(5);
2503 exit(0);
2504 }
2505 ]])],
2506 [
2507 llong_min=`$AWK '{print $1}' conftest.llminmax`
2508 llong_max=`$AWK '{print $2}' conftest.llminmax`
2510 AC_MSG_RESULT($llong_max)
2511 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2512 [max value of long long calculated by configure])
2513 AC_MSG_CHECKING([for min value of long long])
2514 AC_MSG_RESULT($llong_min)
2515 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2516 [min value of long long calculated by configure])
2517 ],
2518 [
2519 AC_MSG_RESULT(not found)
2520 ],
2521 [
2522 AC_MSG_WARN([cross compiling: not checking])
2523 ]
2524 )
2525 fi
2528 # More checks for data types
2529 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2530 AC_TRY_COMPILE(
2531 [ #include <sys/types.h> ],
2532 [ u_int a; a = 1;],
2533 [ ac_cv_have_u_int="yes" ],
2534 [ ac_cv_have_u_int="no" ]
2535 )
2536 ])
2537 if test "x$ac_cv_have_u_int" = "xyes" ; then
2538 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2539 have_u_int=1
2540 fi
2542 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2543 AC_TRY_COMPILE(
2544 [ #include <sys/types.h> ],
2545 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2546 [ ac_cv_have_intxx_t="yes" ],
2547 [ ac_cv_have_intxx_t="no" ]
2548 )
2549 ])
2550 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2551 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2552 have_intxx_t=1
2553 fi
2555 if (test -z "$have_intxx_t" && \
2556 test "x$ac_cv_header_stdint_h" = "xyes")
2557 then
2558 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2559 AC_TRY_COMPILE(
2560 [ #include <stdint.h> ],
2561 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2562 [
2563 AC_DEFINE(HAVE_INTXX_T)
2564 AC_MSG_RESULT(yes)
2565 ],
2566 [ AC_MSG_RESULT(no) ]
2567 )
2568 fi
2570 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2571 AC_TRY_COMPILE(
2572 [
2573 #include <sys/types.h>
2574 #ifdef HAVE_STDINT_H
2575 # include <stdint.h>
2576 #endif
2577 #include <sys/socket.h>
2578 #ifdef HAVE_SYS_BITYPES_H
2579 # include <sys/bitypes.h>
2580 #endif
2581 ],
2582 [ int64_t a; a = 1;],
2583 [ ac_cv_have_int64_t="yes" ],
2584 [ ac_cv_have_int64_t="no" ]
2585 )
2586 ])
2587 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2588 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2589 fi
2591 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2592 AC_TRY_COMPILE(
2593 [ #include <sys/types.h> ],
2594 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2595 [ ac_cv_have_u_intxx_t="yes" ],
2596 [ ac_cv_have_u_intxx_t="no" ]
2597 )
2598 ])
2599 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2600 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2601 have_u_intxx_t=1
2602 fi
2604 if test -z "$have_u_intxx_t" ; then
2605 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2606 AC_TRY_COMPILE(
2607 [ #include <sys/socket.h> ],
2608 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2609 [
2610 AC_DEFINE(HAVE_U_INTXX_T)
2611 AC_MSG_RESULT(yes)
2612 ],
2613 [ AC_MSG_RESULT(no) ]
2614 )
2615 fi
2617 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2618 AC_TRY_COMPILE(
2619 [ #include <sys/types.h> ],
2620 [ u_int64_t a; a = 1;],
2621 [ ac_cv_have_u_int64_t="yes" ],
2622 [ ac_cv_have_u_int64_t="no" ]
2623 )
2624 ])
2625 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2626 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2627 have_u_int64_t=1
2628 fi
2630 if test -z "$have_u_int64_t" ; then
2631 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2632 AC_TRY_COMPILE(
2633 [ #include <sys/bitypes.h> ],
2634 [ u_int64_t a; a = 1],
2635 [
2636 AC_DEFINE(HAVE_U_INT64_T)
2637 AC_MSG_RESULT(yes)
2638 ],
2639 [ AC_MSG_RESULT(no) ]
2640 )
2641 fi
2643 if test -z "$have_u_intxx_t" ; then
2644 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2645 AC_TRY_COMPILE(
2646 [
2647 #include <sys/types.h>
2648 ],
2649 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2650 [ ac_cv_have_uintxx_t="yes" ],
2651 [ ac_cv_have_uintxx_t="no" ]
2652 )
2653 ])
2654 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2655 AC_DEFINE(HAVE_UINTXX_T, 1,
2656 [define if you have uintxx_t data type])
2657 fi
2658 fi
2660 if test -z "$have_uintxx_t" ; then
2661 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2662 AC_TRY_COMPILE(
2663 [ #include <stdint.h> ],
2664 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2665 [
2666 AC_DEFINE(HAVE_UINTXX_T)
2667 AC_MSG_RESULT(yes)
2668 ],
2669 [ AC_MSG_RESULT(no) ]
2670 )
2671 fi
2673 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2674 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2675 then
2676 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2677 AC_TRY_COMPILE(
2678 [
2679 #include <sys/bitypes.h>
2680 ],
2681 [
2682 int8_t a; int16_t b; int32_t c;
2683 u_int8_t e; u_int16_t f; u_int32_t g;
2684 a = b = c = e = f = g = 1;
2685 ],
2686 [
2687 AC_DEFINE(HAVE_U_INTXX_T)
2688 AC_DEFINE(HAVE_INTXX_T)
2689 AC_MSG_RESULT(yes)
2690 ],
2691 [AC_MSG_RESULT(no)]
2692 )
2693 fi
2696 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2697 AC_TRY_COMPILE(
2698 [
2699 #include <sys/types.h>
2700 ],
2701 [ u_char foo; foo = 125; ],
2702 [ ac_cv_have_u_char="yes" ],
2703 [ ac_cv_have_u_char="no" ]
2704 )
2705 ])
2706 if test "x$ac_cv_have_u_char" = "xyes" ; then
2707 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2708 fi
2710 TYPE_SOCKLEN_T
2712 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2713 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2714 #include <sys/types.h>
2715 #ifdef HAVE_SYS_BITYPES_H
2716 #include <sys/bitypes.h>
2717 #endif
2718 #ifdef HAVE_SYS_STATFS_H
2719 #include <sys/statfs.h>
2720 #endif
2721 #ifdef HAVE_SYS_STATVFS_H
2722 #include <sys/statvfs.h>
2723 #endif
2724 ])
2726 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2727 [#include <sys/types.h>
2728 #include <netinet/in.h>])
2730 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2731 AC_TRY_COMPILE(
2732 [
2733 #include <sys/types.h>
2734 ],
2735 [ size_t foo; foo = 1235; ],
2736 [ ac_cv_have_size_t="yes" ],
2737 [ ac_cv_have_size_t="no" ]
2738 )
2739 ])
2740 if test "x$ac_cv_have_size_t" = "xyes" ; then
2741 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2742 fi
2744 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2745 AC_TRY_COMPILE(
2746 [
2747 #include <sys/types.h>
2748 ],
2749 [ ssize_t foo; foo = 1235; ],
2750 [ ac_cv_have_ssize_t="yes" ],
2751 [ ac_cv_have_ssize_t="no" ]
2752 )
2753 ])
2754 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2755 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2756 fi
2758 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2759 AC_TRY_COMPILE(
2760 [
2761 #include <time.h>
2762 ],
2763 [ clock_t foo; foo = 1235; ],
2764 [ ac_cv_have_clock_t="yes" ],
2765 [ ac_cv_have_clock_t="no" ]
2766 )
2767 ])
2768 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2769 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2770 fi
2772 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2773 AC_TRY_COMPILE(
2774 [
2775 #include <sys/types.h>
2776 #include <sys/socket.h>
2777 ],
2778 [ sa_family_t foo; foo = 1235; ],
2779 [ ac_cv_have_sa_family_t="yes" ],
2780 [ AC_TRY_COMPILE(
2781 [
2782 #include <sys/types.h>
2783 #include <sys/socket.h>
2784 #include <netinet/in.h>
2785 ],
2786 [ sa_family_t foo; foo = 1235; ],
2787 [ ac_cv_have_sa_family_t="yes" ],
2789 [ ac_cv_have_sa_family_t="no" ]
2790 )]
2791 )
2792 ])
2793 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2794 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2795 [define if you have sa_family_t data type])
2796 fi
2798 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2799 AC_TRY_COMPILE(
2800 [
2801 #include <sys/types.h>
2802 ],
2803 [ pid_t foo; foo = 1235; ],
2804 [ ac_cv_have_pid_t="yes" ],
2805 [ ac_cv_have_pid_t="no" ]
2806 )
2807 ])
2808 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2809 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2810 fi
2812 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2813 AC_TRY_COMPILE(
2814 [
2815 #include <sys/types.h>
2816 ],
2817 [ mode_t foo; foo = 1235; ],
2818 [ ac_cv_have_mode_t="yes" ],
2819 [ ac_cv_have_mode_t="no" ]
2820 )
2821 ])
2822 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2823 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2824 fi
2827 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2828 AC_TRY_COMPILE(
2829 [
2830 #include <sys/types.h>
2831 #include <sys/socket.h>
2832 ],
2833 [ struct sockaddr_storage s; ],
2834 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2835 [ ac_cv_have_struct_sockaddr_storage="no" ]
2836 )
2837 ])
2838 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2839 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2840 [define if you have struct sockaddr_storage data type])
2841 fi
2843 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2844 AC_TRY_COMPILE(
2845 [
2846 #include <sys/types.h>
2847 #include <netinet/in.h>
2848 ],
2849 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2850 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2851 [ ac_cv_have_struct_sockaddr_in6="no" ]
2852 )
2853 ])
2854 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2855 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2856 [define if you have struct sockaddr_in6 data type])
2857 fi
2859 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2860 AC_TRY_COMPILE(
2861 [
2862 #include <sys/types.h>
2863 #include <netinet/in.h>
2864 ],
2865 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2866 [ ac_cv_have_struct_in6_addr="yes" ],
2867 [ ac_cv_have_struct_in6_addr="no" ]
2868 )
2869 ])
2870 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2871 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2872 [define if you have struct in6_addr data type])
2874 dnl Now check for sin6_scope_id
2875 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
2876 [
2877 #ifdef HAVE_SYS_TYPES_H
2878 #include <sys/types.h>
2879 #endif
2880 #include <netinet/in.h>
2881 ])
2882 fi
2884 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2885 AC_TRY_COMPILE(
2886 [
2887 #include <sys/types.h>
2888 #include <sys/socket.h>
2889 #include <netdb.h>
2890 ],
2891 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2892 [ ac_cv_have_struct_addrinfo="yes" ],
2893 [ ac_cv_have_struct_addrinfo="no" ]
2894 )
2895 ])
2896 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2897 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2898 [define if you have struct addrinfo data type])
2899 fi
2901 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2902 AC_TRY_COMPILE(
2903 [ #include <sys/time.h> ],
2904 [ struct timeval tv; tv.tv_sec = 1;],
2905 [ ac_cv_have_struct_timeval="yes" ],
2906 [ ac_cv_have_struct_timeval="no" ]
2907 )
2908 ])
2909 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2910 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2911 have_struct_timeval=1
2912 fi
2914 AC_CHECK_TYPES(struct timespec)
2916 # We need int64_t or else certian parts of the compile will fail.
2917 if test "x$ac_cv_have_int64_t" = "xno" && \
2918 test "x$ac_cv_sizeof_long_int" != "x8" && \
2919 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2920 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2921 echo "an alternative compiler (I.E., GCC) before continuing."
2922 echo ""
2923 exit 1;
2924 else
2925 dnl test snprintf (broken on SCO w/gcc)
2926 AC_RUN_IFELSE(
2927 [AC_LANG_SOURCE([[
2928 #include <stdio.h>
2929 #include <string.h>
2930 #ifdef HAVE_SNPRINTF
2931 main()
2932 {
2933 char buf[50];
2934 char expected_out[50];
2935 int mazsize = 50 ;
2936 #if (SIZEOF_LONG_INT == 8)
2937 long int num = 0x7fffffffffffffff;
2938 #else
2939 long long num = 0x7fffffffffffffffll;
2940 #endif
2941 strcpy(expected_out, "9223372036854775807");
2942 snprintf(buf, mazsize, "%lld", num);
2943 if(strcmp(buf, expected_out) != 0)
2944 exit(1);
2945 exit(0);
2946 }
2947 #else
2948 main() { exit(0); }
2949 #endif
2950 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2951 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2952 )
2953 fi
2955 dnl Checks for structure members
2956 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2957 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2958 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2959 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2960 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2961 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2962 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2963 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2964 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2965 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2966 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2967 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2968 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2969 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2970 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2971 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2972 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2974 AC_CHECK_MEMBERS([struct stat.st_blksize])
2975 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2976 [Define if we don't have struct __res_state in resolv.h])],
2977 [
2978 #include <stdio.h>
2979 #if HAVE_SYS_TYPES_H
2980 # include <sys/types.h>
2981 #endif
2982 #include <netinet/in.h>
2983 #include <arpa/nameser.h>
2984 #include <resolv.h>
2985 ])
2987 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2988 ac_cv_have_ss_family_in_struct_ss, [
2989 AC_TRY_COMPILE(
2990 [
2991 #include <sys/types.h>
2992 #include <sys/socket.h>
2993 ],
2994 [ struct sockaddr_storage s; s.ss_family = 1; ],
2995 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2996 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2997 )
2998 ])
2999 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3000 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3001 fi
3003 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3004 ac_cv_have___ss_family_in_struct_ss, [
3005 AC_TRY_COMPILE(
3006 [
3007 #include <sys/types.h>
3008 #include <sys/socket.h>
3009 ],
3010 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3011 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3012 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3013 )
3014 ])
3015 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3016 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3017 [Fields in struct sockaddr_storage])
3018 fi
3020 AC_CACHE_CHECK([for pw_class field in struct passwd],
3021 ac_cv_have_pw_class_in_struct_passwd, [
3022 AC_TRY_COMPILE(
3023 [
3024 #include <pwd.h>
3025 ],
3026 [ struct passwd p; p.pw_class = 0; ],
3027 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3028 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3029 )
3030 ])
3031 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3032 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3033 [Define if your password has a pw_class field])
3034 fi
3036 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3037 ac_cv_have_pw_expire_in_struct_passwd, [
3038 AC_TRY_COMPILE(
3039 [
3040 #include <pwd.h>
3041 ],
3042 [ struct passwd p; p.pw_expire = 0; ],
3043 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3044 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3045 )
3046 ])
3047 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3048 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3049 [Define if your password has a pw_expire field])
3050 fi
3052 AC_CACHE_CHECK([for pw_change field in struct passwd],
3053 ac_cv_have_pw_change_in_struct_passwd, [
3054 AC_TRY_COMPILE(
3055 [
3056 #include <pwd.h>
3057 ],
3058 [ struct passwd p; p.pw_change = 0; ],
3059 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3060 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3061 )
3062 ])
3063 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3064 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3065 [Define if your password has a pw_change field])
3066 fi
3068 dnl make sure we're using the real structure members and not defines
3069 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3070 ac_cv_have_accrights_in_msghdr, [
3071 AC_COMPILE_IFELSE(
3072 [
3073 #include <sys/types.h>
3074 #include <sys/socket.h>
3075 #include <sys/uio.h>
3076 int main() {
3077 #ifdef msg_accrights
3078 #error "msg_accrights is a macro"
3079 exit(1);
3080 #endif
3081 struct msghdr m;
3082 m.msg_accrights = 0;
3083 exit(0);
3084 }
3085 ],
3086 [ ac_cv_have_accrights_in_msghdr="yes" ],
3087 [ ac_cv_have_accrights_in_msghdr="no" ]
3088 )
3089 ])
3090 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3091 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3092 [Define if your system uses access rights style
3093 file descriptor passing])
3094 fi
3096 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3097 AC_TRY_COMPILE([
3098 #include <sys/types.h>
3099 #include <sys/stat.h>
3100 #ifdef HAVE_SYS_TIME_H
3101 # include <sys/time.h>
3102 #endif
3103 #ifdef HAVE_SYS_MOUNT_H
3104 #include <sys/mount.h>
3105 #endif
3106 #ifdef HAVE_SYS_STATVFS_H
3107 #include <sys/statvfs.h>
3108 #endif
3109 ], [struct statvfs s; s.f_fsid = 0;],
3110 [ AC_MSG_RESULT(yes) ],
3111 [ AC_MSG_RESULT(no)
3113 AC_MSG_CHECKING(if fsid_t has member val)
3114 AC_TRY_COMPILE([
3115 #include <sys/types.h>
3116 #include <sys/statvfs.h>],
3117 [fsid_t t; t.val[0] = 0;],
3118 [ AC_MSG_RESULT(yes)
3119 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3120 [ AC_MSG_RESULT(no) ])
3122 AC_MSG_CHECKING(if f_fsid has member __val)
3123 AC_TRY_COMPILE([
3124 #include <sys/types.h>
3125 #include <sys/statvfs.h>],
3126 [fsid_t t; t.__val[0] = 0;],
3127 [ AC_MSG_RESULT(yes)
3128 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3129 [ AC_MSG_RESULT(no) ])
3130 ])
3132 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3133 ac_cv_have_control_in_msghdr, [
3134 AC_COMPILE_IFELSE(
3135 [
3136 #include <sys/types.h>
3137 #include <sys/socket.h>
3138 #include <sys/uio.h>
3139 int main() {
3140 #ifdef msg_control
3141 #error "msg_control is a macro"
3142 exit(1);
3143 #endif
3144 struct msghdr m;
3145 m.msg_control = 0;
3146 exit(0);
3147 }
3148 ],
3149 [ ac_cv_have_control_in_msghdr="yes" ],
3150 [ ac_cv_have_control_in_msghdr="no" ]
3151 )
3152 ])
3153 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3154 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3155 [Define if your system uses ancillary data style
3156 file descriptor passing])
3157 fi
3159 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3160 AC_TRY_LINK([],
3161 [ extern char *__progname; printf("%s", __progname); ],
3162 [ ac_cv_libc_defines___progname="yes" ],
3163 [ ac_cv_libc_defines___progname="no" ]
3164 )
3165 ])
3166 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3167 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3168 fi
3170 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3171 AC_TRY_LINK([
3172 #include <stdio.h>
3173 ],
3174 [ printf("%s", __FUNCTION__); ],
3175 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3176 [ ac_cv_cc_implements___FUNCTION__="no" ]
3177 )
3178 ])
3179 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3180 AC_DEFINE(HAVE___FUNCTION__, 1,
3181 [Define if compiler implements __FUNCTION__])
3182 fi
3184 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3185 AC_TRY_LINK([
3186 #include <stdio.h>
3187 ],
3188 [ printf("%s", __func__); ],
3189 [ ac_cv_cc_implements___func__="yes" ],
3190 [ ac_cv_cc_implements___func__="no" ]
3191 )
3192 ])
3193 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3194 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3195 fi
3197 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3198 AC_TRY_LINK(
3199 [#include <stdarg.h>
3200 va_list x,y;],
3201 [va_copy(x,y);],
3202 [ ac_cv_have_va_copy="yes" ],
3203 [ ac_cv_have_va_copy="no" ]
3204 )
3205 ])
3206 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3207 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3208 fi
3210 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3211 AC_TRY_LINK(
3212 [#include <stdarg.h>
3213 va_list x,y;],
3214 [__va_copy(x,y);],
3215 [ ac_cv_have___va_copy="yes" ],
3216 [ ac_cv_have___va_copy="no" ]
3217 )
3218 ])
3219 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3220 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3221 fi
3223 AC_CACHE_CHECK([whether getopt has optreset support],
3224 ac_cv_have_getopt_optreset, [
3225 AC_TRY_LINK(
3226 [
3227 #include <getopt.h>
3228 ],
3229 [ extern int optreset; optreset = 0; ],
3230 [ ac_cv_have_getopt_optreset="yes" ],
3231 [ ac_cv_have_getopt_optreset="no" ]
3232 )
3233 ])
3234 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3235 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3236 [Define if your getopt(3) defines and uses optreset])
3237 fi
3239 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3240 AC_TRY_LINK([],
3241 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3242 [ ac_cv_libc_defines_sys_errlist="yes" ],
3243 [ ac_cv_libc_defines_sys_errlist="no" ]
3244 )
3245 ])
3246 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3247 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3248 [Define if your system defines sys_errlist[]])
3249 fi
3252 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3253 AC_TRY_LINK([],
3254 [ extern int sys_nerr; printf("%i", sys_nerr);],
3255 [ ac_cv_libc_defines_sys_nerr="yes" ],
3256 [ ac_cv_libc_defines_sys_nerr="no" ]
3257 )
3258 ])
3259 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3260 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3261 fi
3263 SCARD_MSG="no"
3264 # Check whether user wants sectok support
3265 AC_ARG_WITH(sectok,
3266 [ --with-sectok Enable smartcard support using libsectok],
3267 [
3268 if test "x$withval" != "xno" ; then
3269 if test "x$withval" != "xyes" ; then
3270 CPPFLAGS="$CPPFLAGS -I${withval}"
3271 LDFLAGS="$LDFLAGS -L${withval}"
3272 if test ! -z "$need_dash_r" ; then
3273 LDFLAGS="$LDFLAGS -R${withval}"
3274 fi
3275 if test ! -z "$blibpath" ; then
3276 blibpath="$blibpath:${withval}"
3277 fi
3278 fi
3279 AC_CHECK_HEADERS(sectok.h)
3280 if test "$ac_cv_header_sectok_h" != yes; then
3281 AC_MSG_ERROR(Can't find sectok.h)
3282 fi
3283 AC_CHECK_LIB(sectok, sectok_open)
3284 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3285 AC_MSG_ERROR(Can't find libsectok)
3286 fi
3287 AC_DEFINE(SMARTCARD, 1,
3288 [Define if you want smartcard support])
3289 AC_DEFINE(USE_SECTOK, 1,
3290 [Define if you want smartcard support
3291 using sectok])
3292 SCARD_MSG="yes, using sectok"
3293 fi
3294 ]
3295 )
3297 # Check whether user wants OpenSC support
3298 OPENSC_CONFIG="no"
3299 AC_ARG_WITH(opensc,
3300 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3301 [
3302 if test "x$withval" != "xno" ; then
3303 AC_PATH_PROG(PKGCONFIG, pkg-config, no)
3304 AC_MSG_CHECKING(how to get opensc config)
3305 if test "x$withval" != "xyes" -a "x$PKGCONFIG" = "xno"; then
3306 OPENSC_CONFIG="$withval/bin/opensc-config"
3307 elif test -f "$withval/src/libopensc/libopensc.pc"; then
3308 OPENSC_CONFIG="$PKGCONFIG $withval/src/libopensc/libopensc.pc"
3309 elif test "x$PKGCONFIG" != "xno"; then
3310 OPENSC_CONFIG="$PKGCONFIG libopensc"
3311 else
3312 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3313 fi
3314 AC_MSG_RESULT($OPENSC_CONFIG)
3315 if test "$OPENSC_CONFIG" != "no"; then
3316 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3317 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3318 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3319 LIBS="$LIBS $LIBOPENSC_LIBS"
3320 AC_DEFINE(SMARTCARD)
3321 AC_DEFINE(USE_OPENSC, 1,
3322 [Define if you want smartcard support
3323 using OpenSC])
3324 SCARD_MSG="yes, using OpenSC"
3325 fi
3326 fi
3327 ]
3328 )
3330 # Check libraries needed by DNS fingerprint support
3331 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3332 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3333 [Define if getrrsetbyname() exists])],
3334 [
3335 # Needed by our getrrsetbyname()
3336 AC_SEARCH_LIBS(res_query, resolv)
3337 AC_SEARCH_LIBS(dn_expand, resolv)
3338 AC_MSG_CHECKING(if res_query will link)
3339 AC_LINK_IFELSE([
3340 #include "confdefs.h"
3341 #include <sys/types.h>
3342 #include <netinet/in.h>
3343 #include <arpa/nameser.h>
3344 #include <netdb.h>
3345 #include <resolv.h>
3346 int main()
3347 {
3348 res_query (0, 0, 0, 0, 0);
3349 return 0;
3350 }
3351 ],
3352 AC_MSG_RESULT(yes),
3353 [AC_MSG_RESULT(no)
3354 saved_LIBS="$LIBS"
3355 LIBS="$LIBS -lresolv"
3356 AC_MSG_CHECKING(for res_query in -lresolv)
3357 AC_LINK_IFELSE([
3358 #include "confdefs.h"
3359 #include <sys/types.h>
3360 #include <netinet/in.h>
3361 #include <arpa/nameser.h>
3362 #include <netdb.h>
3363 #include <resolv.h>
3364 int main()
3365 {
3366 res_query (0, 0, 0, 0, 0);
3367 return 0;
3368 }
3369 ],
3370 [AC_MSG_RESULT(yes)],
3371 [LIBS="$saved_LIBS"
3372 AC_MSG_RESULT(no)])
3373 ])
3374 AC_CHECK_FUNCS(_getshort _getlong)
3375 AC_CHECK_DECLS([_getshort, _getlong], , ,
3376 [#include <sys/types.h>
3377 #include <arpa/nameser.h>])
3378 AC_CHECK_MEMBER(HEADER.ad,
3379 [AC_DEFINE(HAVE_HEADER_AD, 1,
3380 [Define if HEADER.ad exists in arpa/nameser.h])],,
3381 [#include <arpa/nameser.h>])
3382 ])
3384 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3385 AC_LINK_IFELSE([
3386 #include <stdio.h>
3387 #if HAVE_SYS_TYPES_H
3388 # include <sys/types.h>
3389 #endif
3390 #include <netinet/in.h>
3391 #include <arpa/nameser.h>
3392 #include <resolv.h>
3393 extern struct __res_state _res;
3394 int main() { return 0; }
3395 ],
3396 [AC_MSG_RESULT(yes)
3397 AC_DEFINE(HAVE__RES_EXTERN, 1,
3398 [Define if you have struct __res_state _res as an extern])
3399 ],
3400 [ AC_MSG_RESULT(no) ]
3401 )
3403 # Check whether user wants SELinux support
3404 SELINUX_MSG="no"
3405 LIBSELINUX=""
3406 AC_ARG_WITH(selinux,
3407 [ --with-selinux Enable SELinux support],
3408 [ if test "x$withval" != "xno" ; then
3409 save_LIBS="$LIBS"
3410 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3411 SELINUX_MSG="yes"
3412 AC_CHECK_HEADER([selinux/selinux.h], ,
3413 AC_MSG_ERROR(SELinux support requires selinux.h header))
3414 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3415 AC_MSG_ERROR(SELinux support requires libselinux library))
3416 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3417 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3418 LIBS="$save_LIBS"
3419 fi ]
3420 )
3422 # Check whether user wants Kerberos 5 support
3423 KRB5_MSG="no"
3424 AC_ARG_WITH(kerberos5,
3425 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3426 [ if test "x$withval" != "xno" ; then
3427 if test "x$withval" = "xyes" ; then
3428 KRB5ROOT="/usr/local"
3429 else
3430 KRB5ROOT=${withval}
3431 fi
3433 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3434 KRB5_MSG="yes"
3436 AC_PATH_PROG([KRB5CONF],[krb5-config],
3437 [$KRB5ROOT/bin/krb5-config],
3438 [$KRB5ROOT/bin:$PATH])
3439 if test -x $KRB5CONF ; then
3441 AC_MSG_CHECKING(for gssapi support)
3442 if $KRB5CONF | grep gssapi >/dev/null ; then
3443 AC_MSG_RESULT(yes)
3444 AC_DEFINE(GSSAPI, 1,
3445 [Define this if you want GSSAPI
3446 support in the version 2 protocol])
3447 k5confopts=gssapi
3448 else
3449 AC_MSG_RESULT(no)
3450 k5confopts=""
3451 fi
3452 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3453 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3454 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3455 AC_MSG_CHECKING(whether we are using Heimdal)
3456 AC_TRY_COMPILE([ #include <krb5.h> ],
3457 [ char *tmp = heimdal_version; ],
3458 [ AC_MSG_RESULT(yes)
3459 AC_DEFINE(HEIMDAL, 1,
3460 [Define this if you are using the
3461 Heimdal version of Kerberos V5]) ],
3462 AC_MSG_RESULT(no)
3463 )
3464 else
3465 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3466 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3467 AC_MSG_CHECKING(whether we are using Heimdal)
3468 AC_TRY_COMPILE([ #include <krb5.h> ],
3469 [ char *tmp = heimdal_version; ],
3470 [ AC_MSG_RESULT(yes)
3471 AC_DEFINE(HEIMDAL)
3472 K5LIBS="-lkrb5 -ldes"
3473 K5LIBS="$K5LIBS -lcom_err -lasn1"
3474 AC_CHECK_LIB(roken, net_write,
3475 [K5LIBS="$K5LIBS -lroken"])
3476 ],
3477 [ AC_MSG_RESULT(no)
3478 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3479 ]
3480 )
3481 AC_SEARCH_LIBS(dn_expand, resolv)
3483 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3484 [ AC_DEFINE(GSSAPI)
3485 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3486 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3487 [ AC_DEFINE(GSSAPI)
3488 K5LIBS="-lgssapi $K5LIBS" ],
3489 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3490 $K5LIBS)
3491 ],
3492 $K5LIBS)
3494 AC_CHECK_HEADER(gssapi.h, ,
3495 [ unset ac_cv_header_gssapi_h
3496 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3497 AC_CHECK_HEADERS(gssapi.h, ,
3498 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3499 )
3500 ]
3501 )
3503 oldCPP="$CPPFLAGS"
3504 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3505 AC_CHECK_HEADER(gssapi_krb5.h, ,
3506 [ CPPFLAGS="$oldCPP" ])
3508 fi
3509 if test ! -z "$need_dash_r" ; then
3510 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3511 fi
3512 if test ! -z "$blibpath" ; then
3513 blibpath="$blibpath:${KRB5ROOT}/lib"
3514 fi
3516 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3517 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3518 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3520 LIBS="$LIBS $K5LIBS"
3521 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3522 [Define this if you want to use libkafs' AFS support]))
3523 fi
3524 ]
3525 )
3527 # Looking for programs, paths and files
3529 PRIVSEP_PATH=/var/empty
3530 AC_ARG_WITH(privsep-path,
3531 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3532 [
3533 if test -n "$withval" && test "x$withval" != "xno" && \
3534 test "x${withval}" != "xyes"; then
3535 PRIVSEP_PATH=$withval
3536 fi
3537 ]
3538 )
3539 AC_SUBST(PRIVSEP_PATH)
3541 AC_ARG_WITH(xauth,
3542 [ --with-xauth=PATH Specify path to xauth program ],
3543 [
3544 if test -n "$withval" && test "x$withval" != "xno" && \
3545 test "x${withval}" != "xyes"; then
3546 xauth_path=$withval
3547 fi
3548 ],
3549 [
3550 TestPath="$PATH"
3551 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3552 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3553 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3554 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3555 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3556 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3557 xauth_path="/usr/openwin/bin/xauth"
3558 fi
3559 ]
3560 )
3562 STRIP_OPT=-s
3563 AC_ARG_ENABLE(strip,
3564 [ --disable-strip Disable calling strip(1) on install],
3565 [
3566 if test "x$enableval" = "xno" ; then
3567 STRIP_OPT=
3568 fi
3569 ]
3570 )
3571 AC_SUBST(STRIP_OPT)
3573 if test -z "$xauth_path" ; then
3574 XAUTH_PATH="undefined"
3575 AC_SUBST(XAUTH_PATH)
3576 else
3577 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3578 [Define if xauth is found in your path])
3579 XAUTH_PATH=$xauth_path
3580 AC_SUBST(XAUTH_PATH)
3581 fi
3583 # Check for mail directory (last resort if we cannot get it from headers)
3584 if test ! -z "$MAIL" ; then
3585 maildir=`dirname $MAIL`
3586 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3587 [Set this to your mail directory if you don't have maillock.h])
3588 fi
3590 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3591 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3592 disable_ptmx_check=yes
3593 fi
3594 if test -z "$no_dev_ptmx" ; then
3595 if test "x$disable_ptmx_check" != "xyes" ; then
3596 AC_CHECK_FILE("/dev/ptmx",
3597 [
3598 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3599 [Define if you have /dev/ptmx])
3600 have_dev_ptmx=1
3601 ]
3602 )
3603 fi
3604 fi
3606 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3607 AC_CHECK_FILE("/dev/ptc",
3608 [
3609 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3610 [Define if you have /dev/ptc])
3611 have_dev_ptc=1
3612 ]
3613 )
3614 else
3615 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3616 fi
3618 # Options from here on. Some of these are preset by platform above
3619 AC_ARG_WITH(mantype,
3620 [ --with-mantype=man|cat|doc Set man page type],
3621 [
3622 case "$withval" in
3623 man|cat|doc)
3624 MANTYPE=$withval
3625 ;;
3626 *)
3627 AC_MSG_ERROR(invalid man type: $withval)
3628 ;;
3629 esac
3630 ]
3631 )
3632 if test -z "$MANTYPE"; then
3633 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3634 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3635 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3636 MANTYPE=doc
3637 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3638 MANTYPE=man
3639 else
3640 MANTYPE=cat
3641 fi
3642 fi
3643 AC_SUBST(MANTYPE)
3644 if test "$MANTYPE" = "doc"; then
3645 mansubdir=man;
3646 else
3647 mansubdir=$MANTYPE;
3648 fi
3649 AC_SUBST(mansubdir)
3651 # Check whether to enable MD5 passwords
3652 MD5_MSG="no"
3653 AC_ARG_WITH(md5-passwords,
3654 [ --with-md5-passwords Enable use of MD5 passwords],
3655 [
3656 if test "x$withval" != "xno" ; then
3657 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3658 [Define if you want to allow MD5 passwords])
3659 MD5_MSG="yes"
3660 fi
3661 ]
3662 )
3664 # Whether to disable shadow password support
3665 AC_ARG_WITH(shadow,
3666 [ --without-shadow Disable shadow password support],
3667 [
3668 if test "x$withval" = "xno" ; then
3669 AC_DEFINE(DISABLE_SHADOW)
3670 disable_shadow=yes
3671 fi
3672 ]
3673 )
3675 if test -z "$disable_shadow" ; then
3676 AC_MSG_CHECKING([if the systems has expire shadow information])
3677 AC_TRY_COMPILE(
3678 [
3679 #include <sys/types.h>
3680 #include <shadow.h>
3681 struct spwd sp;
3682 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3683 [ sp_expire_available=yes ], []
3684 )
3686 if test "x$sp_expire_available" = "xyes" ; then
3687 AC_MSG_RESULT(yes)
3688 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3689 [Define if you want to use shadow password expire field])
3690 else
3691 AC_MSG_RESULT(no)
3692 fi
3693 fi
3695 # Use ip address instead of hostname in $DISPLAY
3696 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3697 DISPLAY_HACK_MSG="yes"
3698 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3699 [Define if you need to use IP address
3700 instead of hostname in $DISPLAY])
3701 else
3702 DISPLAY_HACK_MSG="no"
3703 AC_ARG_WITH(ipaddr-display,
3704 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3705 [
3706 if test "x$withval" != "xno" ; then
3707 AC_DEFINE(IPADDR_IN_DISPLAY)
3708 DISPLAY_HACK_MSG="yes"
3709 fi
3710 ]
3711 )
3712 fi
3714 # check for /etc/default/login and use it if present.
3715 AC_ARG_ENABLE(etc-default-login,
3716 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3717 [ if test "x$enableval" = "xno"; then
3718 AC_MSG_NOTICE([/etc/default/login handling disabled])
3719 etc_default_login=no
3720 else
3721 etc_default_login=yes
3722 fi ],
3723 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3724 then
3725 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3726 etc_default_login=no
3727 else
3728 etc_default_login=yes
3729 fi ]
3730 )
3732 if test "x$etc_default_login" != "xno"; then
3733 AC_CHECK_FILE("/etc/default/login",
3734 [ external_path_file=/etc/default/login ])
3735 if test "x$external_path_file" = "x/etc/default/login"; then
3736 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3737 [Define if your system has /etc/default/login])
3738 fi
3739 fi
3741 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3742 if test $ac_cv_func_login_getcapbool = "yes" && \
3743 test $ac_cv_header_login_cap_h = "yes" ; then
3744 external_path_file=/etc/login.conf
3745 fi
3747 # Whether to mess with the default path
3748 SERVER_PATH_MSG="(default)"
3749 AC_ARG_WITH(default-path,
3750 [ --with-default-path= Specify default \$PATH environment for server],
3751 [
3752 if test "x$external_path_file" = "x/etc/login.conf" ; then
3753 AC_MSG_WARN([
3754 --with-default-path=PATH has no effect on this system.
3755 Edit /etc/login.conf instead.])
3756 elif test "x$withval" != "xno" ; then
3757 if test ! -z "$external_path_file" ; then
3758 AC_MSG_WARN([
3759 --with-default-path=PATH will only be used if PATH is not defined in
3760 $external_path_file .])
3761 fi
3762 user_path="$withval"
3763 SERVER_PATH_MSG="$withval"
3764 fi
3765 ],
3766 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3767 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3768 else
3769 if test ! -z "$external_path_file" ; then
3770 AC_MSG_WARN([
3771 If PATH is defined in $external_path_file, ensure the path to scp is included,
3772 otherwise scp will not work.])
3773 fi
3774 AC_RUN_IFELSE(
3775 [AC_LANG_SOURCE([[
3776 /* find out what STDPATH is */
3777 #include <stdio.h>
3778 #ifdef HAVE_PATHS_H
3779 # include <paths.h>
3780 #endif
3781 #ifndef _PATH_STDPATH
3782 # ifdef _PATH_USERPATH /* Irix */
3783 # define _PATH_STDPATH _PATH_USERPATH
3784 # else
3785 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3786 # endif
3787 #endif
3788 #include <sys/types.h>
3789 #include <sys/stat.h>
3790 #include <fcntl.h>
3791 #define DATA "conftest.stdpath"
3793 main()
3794 {
3795 FILE *fd;
3796 int rc;
3798 fd = fopen(DATA,"w");
3799 if(fd == NULL)
3800 exit(1);
3802 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3803 exit(1);
3805 exit(0);
3806 }
3807 ]])],
3808 [ user_path=`cat conftest.stdpath` ],
3809 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3810 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3811 )
3812 # make sure $bindir is in USER_PATH so scp will work
3813 t_bindir=`eval echo ${bindir}`
3814 case $t_bindir in
3815 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3816 esac
3817 case $t_bindir in
3818 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3819 esac
3820 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3821 if test $? -ne 0 ; then
3822 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3823 if test $? -ne 0 ; then
3824 user_path=$user_path:$t_bindir
3825 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3826 fi
3827 fi
3828 fi ]
3829 )
3830 if test "x$external_path_file" != "x/etc/login.conf" ; then
3831 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3832 AC_SUBST(user_path)
3833 fi
3835 # Set superuser path separately to user path
3836 AC_ARG_WITH(superuser-path,
3837 [ --with-superuser-path= Specify different path for super-user],
3838 [
3839 if test -n "$withval" && test "x$withval" != "xno" && \
3840 test "x${withval}" != "xyes"; then
3841 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3842 [Define if you want a different $PATH
3843 for the superuser])
3844 superuser_path=$withval
3845 fi
3846 ]
3847 )
3850 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3851 IPV4_IN6_HACK_MSG="no"
3852 AC_ARG_WITH(4in6,
3853 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3854 [
3855 if test "x$withval" != "xno" ; then
3856 AC_MSG_RESULT(yes)
3857 AC_DEFINE(IPV4_IN_IPV6, 1,
3858 [Detect IPv4 in IPv6 mapped addresses
3859 and treat as IPv4])
3860 IPV4_IN6_HACK_MSG="yes"
3861 else
3862 AC_MSG_RESULT(no)
3863 fi
3864 ],[
3865 if test "x$inet6_default_4in6" = "xyes"; then
3866 AC_MSG_RESULT([yes (default)])
3867 AC_DEFINE(IPV4_IN_IPV6)
3868 IPV4_IN6_HACK_MSG="yes"
3869 else
3870 AC_MSG_RESULT([no (default)])
3871 fi
3872 ]
3873 )
3875 # Whether to enable BSD auth support
3876 BSD_AUTH_MSG=no
3877 AC_ARG_WITH(bsd-auth,
3878 [ --with-bsd-auth Enable BSD auth support],
3879 [
3880 if test "x$withval" != "xno" ; then
3881 AC_DEFINE(BSD_AUTH, 1,
3882 [Define if you have BSD auth support])
3883 BSD_AUTH_MSG=yes
3884 fi
3885 ]
3886 )
3888 # Where to place sshd.pid
3889 piddir=/var/run
3890 # make sure the directory exists
3891 if test ! -d $piddir ; then
3892 piddir=`eval echo ${sysconfdir}`
3893 case $piddir in
3894 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3895 esac
3896 fi
3898 AC_ARG_WITH(pid-dir,
3899 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3900 [
3901 if test -n "$withval" && test "x$withval" != "xno" && \
3902 test "x${withval}" != "xyes"; then
3903 piddir=$withval
3904 if test ! -d $piddir ; then
3905 AC_MSG_WARN([** no $piddir directory on this system **])
3906 fi
3907 fi
3908 ]
3909 )
3911 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3912 AC_SUBST(piddir)
3914 dnl allow user to disable some login recording features
3915 AC_ARG_ENABLE(lastlog,
3916 [ --disable-lastlog disable use of lastlog even if detected [no]],
3917 [
3918 if test "x$enableval" = "xno" ; then
3919 AC_DEFINE(DISABLE_LASTLOG)
3920 fi
3921 ]
3922 )
3923 AC_ARG_ENABLE(utmp,
3924 [ --disable-utmp disable use of utmp even if detected [no]],
3925 [
3926 if test "x$enableval" = "xno" ; then
3927 AC_DEFINE(DISABLE_UTMP)
3928 fi
3929 ]
3930 )
3931 AC_ARG_ENABLE(utmpx,
3932 [ --disable-utmpx disable use of utmpx even if detected [no]],
3933 [
3934 if test "x$enableval" = "xno" ; then
3935 AC_DEFINE(DISABLE_UTMPX, 1,
3936 [Define if you don't want to use utmpx])
3937 fi
3938 ]
3939 )
3940 AC_ARG_ENABLE(wtmp,
3941 [ --disable-wtmp disable use of wtmp even if detected [no]],
3942 [
3943 if test "x$enableval" = "xno" ; then
3944 AC_DEFINE(DISABLE_WTMP)
3945 fi
3946 ]
3947 )
3948 AC_ARG_ENABLE(wtmpx,
3949 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3950 [
3951 if test "x$enableval" = "xno" ; then
3952 AC_DEFINE(DISABLE_WTMPX, 1,
3953 [Define if you don't want to use wtmpx])
3954 fi
3955 ]
3956 )
3957 AC_ARG_ENABLE(libutil,
3958 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3959 [
3960 if test "x$enableval" = "xno" ; then
3961 AC_DEFINE(DISABLE_LOGIN)
3962 fi
3963 ]
3964 )
3965 AC_ARG_ENABLE(pututline,
3966 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3967 [
3968 if test "x$enableval" = "xno" ; then
3969 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3970 [Define if you don't want to use pututline()
3971 etc. to write [uw]tmp])
3972 fi
3973 ]
3974 )
3975 AC_ARG_ENABLE(pututxline,
3976 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3977 [
3978 if test "x$enableval" = "xno" ; then
3979 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3980 [Define if you don't want to use pututxline()
3981 etc. to write [uw]tmpx])
3982 fi
3983 ]
3984 )
3985 AC_ARG_WITH(lastlog,
3986 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3987 [
3988 if test "x$withval" = "xno" ; then
3989 AC_DEFINE(DISABLE_LASTLOG)
3990 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3991 conf_lastlog_location=$withval
3992 fi
3993 ]
3994 )
3996 dnl lastlog, [uw]tmpx? detection
3997 dnl NOTE: set the paths in the platform section to avoid the
3998 dnl need for command-line parameters
3999 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4001 dnl lastlog detection
4002 dnl NOTE: the code itself will detect if lastlog is a directory
4003 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4004 AC_TRY_COMPILE([
4005 #include <sys/types.h>
4006 #include <utmp.h>
4007 #ifdef HAVE_LASTLOG_H
4008 # include <lastlog.h>
4009 #endif
4010 #ifdef HAVE_PATHS_H
4011 # include <paths.h>
4012 #endif
4013 #ifdef HAVE_LOGIN_H
4014 # include <login.h>
4015 #endif
4016 ],
4017 [ char *lastlog = LASTLOG_FILE; ],
4018 [ AC_MSG_RESULT(yes) ],
4019 [
4020 AC_MSG_RESULT(no)
4021 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4022 AC_TRY_COMPILE([
4023 #include <sys/types.h>
4024 #include <utmp.h>
4025 #ifdef HAVE_LASTLOG_H
4026 # include <lastlog.h>
4027 #endif
4028 #ifdef HAVE_PATHS_H
4029 # include <paths.h>
4030 #endif
4031 ],
4032 [ char *lastlog = _PATH_LASTLOG; ],
4033 [ AC_MSG_RESULT(yes) ],
4034 [
4035 AC_MSG_RESULT(no)
4036 system_lastlog_path=no
4037 ])
4038 ]
4039 )
4041 if test -z "$conf_lastlog_location"; then
4042 if test x"$system_lastlog_path" = x"no" ; then
4043 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4044 if (test -d "$f" || test -f "$f") ; then
4045 conf_lastlog_location=$f
4046 fi
4047 done
4048 if test -z "$conf_lastlog_location"; then
4049 AC_MSG_WARN([** Cannot find lastlog **])
4050 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4051 fi
4052 fi
4053 fi
4055 if test -n "$conf_lastlog_location"; then
4056 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4057 [Define if you want to specify the path to your lastlog file])
4058 fi
4060 dnl utmp detection
4061 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4062 AC_TRY_COMPILE([
4063 #include <sys/types.h>
4064 #include <utmp.h>
4065 #ifdef HAVE_PATHS_H
4066 # include <paths.h>
4067 #endif
4068 ],
4069 [ char *utmp = UTMP_FILE; ],
4070 [ AC_MSG_RESULT(yes) ],
4071 [ AC_MSG_RESULT(no)
4072 system_utmp_path=no ]
4073 )
4074 if test -z "$conf_utmp_location"; then
4075 if test x"$system_utmp_path" = x"no" ; then
4076 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4077 if test -f $f ; then
4078 conf_utmp_location=$f
4079 fi
4080 done
4081 if test -z "$conf_utmp_location"; then
4082 AC_DEFINE(DISABLE_UTMP)
4083 fi
4084 fi
4085 fi
4086 if test -n "$conf_utmp_location"; then
4087 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4088 [Define if you want to specify the path to your utmp file])
4089 fi
4091 dnl wtmp detection
4092 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4093 AC_TRY_COMPILE([
4094 #include <sys/types.h>
4095 #include <utmp.h>
4096 #ifdef HAVE_PATHS_H
4097 # include <paths.h>
4098 #endif
4099 ],
4100 [ char *wtmp = WTMP_FILE; ],
4101 [ AC_MSG_RESULT(yes) ],
4102 [ AC_MSG_RESULT(no)
4103 system_wtmp_path=no ]
4104 )
4105 if test -z "$conf_wtmp_location"; then
4106 if test x"$system_wtmp_path" = x"no" ; then
4107 for f in /usr/adm/wtmp /var/log/wtmp; do
4108 if test -f $f ; then
4109 conf_wtmp_location=$f
4110 fi
4111 done
4112 if test -z "$conf_wtmp_location"; then
4113 AC_DEFINE(DISABLE_WTMP)
4114 fi
4115 fi
4116 fi
4117 if test -n "$conf_wtmp_location"; then
4118 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4119 [Define if you want to specify the path to your wtmp file])
4120 fi
4123 dnl utmpx detection - I don't know any system so perverse as to require
4124 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4125 dnl there, though.
4126 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4127 AC_TRY_COMPILE([
4128 #include <sys/types.h>
4129 #include <utmp.h>
4130 #ifdef HAVE_UTMPX_H
4131 #include <utmpx.h>
4132 #endif
4133 #ifdef HAVE_PATHS_H
4134 # include <paths.h>
4135 #endif
4136 ],
4137 [ char *utmpx = UTMPX_FILE; ],
4138 [ AC_MSG_RESULT(yes) ],
4139 [ AC_MSG_RESULT(no)
4140 system_utmpx_path=no ]
4141 )
4142 if test -z "$conf_utmpx_location"; then
4143 if test x"$system_utmpx_path" = x"no" ; then
4144 AC_DEFINE(DISABLE_UTMPX)
4145 fi
4146 else
4147 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4148 [Define if you want to specify the path to your utmpx file])
4149 fi
4151 dnl wtmpx detection
4152 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4153 AC_TRY_COMPILE([
4154 #include <sys/types.h>
4155 #include <utmp.h>
4156 #ifdef HAVE_UTMPX_H
4157 #include <utmpx.h>
4158 #endif
4159 #ifdef HAVE_PATHS_H
4160 # include <paths.h>
4161 #endif
4162 ],
4163 [ char *wtmpx = WTMPX_FILE; ],
4164 [ AC_MSG_RESULT(yes) ],
4165 [ AC_MSG_RESULT(no)
4166 system_wtmpx_path=no ]
4167 )
4168 if test -z "$conf_wtmpx_location"; then
4169 if test x"$system_wtmpx_path" = x"no" ; then
4170 AC_DEFINE(DISABLE_WTMPX)
4171 fi
4172 else
4173 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4174 [Define if you want to specify the path to your wtmpx file])
4175 fi
4178 if test ! -z "$blibpath" ; then
4179 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4180 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4181 fi
4183 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4184 dnl Add now.
4185 CFLAGS="$CFLAGS $werror_flags"
4187 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4188 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4189 AC_SUBST(TEST_SSH_IPV6, no)
4190 else
4191 AC_SUBST(TEST_SSH_IPV6, yes)
4192 fi
4194 AC_EXEEXT
4195 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4196 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4197 scard/Makefile ssh_prng_cmds survey.sh])
4198 AC_OUTPUT
4200 # Print summary of options
4202 # Someone please show me a better way :)
4203 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4204 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4205 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4206 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4207 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4208 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4209 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4210 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4211 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4212 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4214 echo ""
4215 echo "OpenSSH has been configured with the following options:"
4216 echo " User binaries: $B"
4217 echo " System binaries: $C"
4218 echo " Configuration files: $D"
4219 echo " Askpass program: $E"
4220 echo " Manual pages: $F"
4221 echo " PID file: $G"
4222 echo " Privilege separation chroot path: $H"
4223 if test "x$external_path_file" = "x/etc/login.conf" ; then
4224 echo " At runtime, sshd will use the path defined in $external_path_file"
4225 echo " Make sure the path to scp is present, otherwise scp will not work"
4226 else
4227 echo " sshd default user PATH: $I"
4228 if test ! -z "$external_path_file"; then
4229 echo " (If PATH is set in $external_path_file it will be used instead. If"
4230 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4231 fi
4232 fi
4233 if test ! -z "$superuser_path" ; then
4234 echo " sshd superuser user PATH: $J"
4235 fi
4236 echo " Manpage format: $MANTYPE"
4237 echo " PAM support: $PAM_MSG"
4238 echo " OSF SIA support: $SIA_MSG"
4239 echo " KerberosV support: $KRB5_MSG"
4240 echo " SELinux support: $SELINUX_MSG"
4241 echo " Smartcard support: $SCARD_MSG"
4242 echo " S/KEY support: $SKEY_MSG"
4243 echo " TCP Wrappers support: $TCPW_MSG"
4244 echo " MD5 password support: $MD5_MSG"
4245 echo " libedit support: $LIBEDIT_MSG"
4246 echo " Solaris process contract support: $SPC_MSG"
4247 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4248 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4249 echo " BSD Auth support: $BSD_AUTH_MSG"
4250 echo " Random number source: $RAND_MSG"
4251 if test ! -z "$USE_RAND_HELPER" ; then
4252 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4253 fi
4255 echo ""
4257 echo " Host: ${host}"
4258 echo " Compiler: ${CC}"
4259 echo " Compiler flags: ${CFLAGS}"
4260 echo "Preprocessor flags: ${CPPFLAGS}"
4261 echo " Linker flags: ${LDFLAGS}"
4262 echo " Libraries: ${LIBS}"
4263 if test ! -z "${SSHDLIBS}"; then
4264 echo " +for sshd: ${SSHDLIBS}"
4265 fi
4267 echo ""
4269 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4270 echo "SVR4 style packages are supported with \"make package\""
4271 echo ""
4272 fi
4274 if test "x$PAM_MSG" = "xyes" ; then
4275 echo "PAM is enabled. You may need to install a PAM control file "
4276 echo "for sshd, otherwise password authentication may fail. "
4277 echo "Example PAM control files can be found in the contrib/ "
4278 echo "subdirectory"
4279 echo ""
4280 fi
4282 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4283 echo "WARNING: you are using the builtin random number collection "
4284 echo "service. Please read WARNING.RNG and request that your OS "
4285 echo "vendor includes kernel-based random number collection in "
4286 echo "future versions of your OS."
4287 echo ""
4288 fi
4290 if test ! -z "$NO_PEERCHECK" ; then
4291 echo "WARNING: the operating system that you are using does not"
4292 echo "appear to support getpeereid(), getpeerucred() or the"
4293 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4294 echo "enforce security checks to prevent unauthorised connections to"
4295 echo "ssh-agent. Their absence increases the risk that a malicious"
4296 echo "user can connect to your agent."
4297 echo ""
4298 fi
4300 if test "$AUDIT_MODULE" = "bsm" ; then
4301 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4302 echo "See the Solaris section in README.platform for details."
4303 fi