| blob | a2b23635599d30af9e58346b08755ceeda000d05 |
1 # $Id: configure.ac,v 1.372 2007/03/05 00:51:27 djm Exp $
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.372 $)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
22 AC_PROG_CC
23 AC_CANONICAL_HOST
24 AC_C_BIGENDIAN
26 # Checks for programs.
27 AC_PROG_AWK
28 AC_PROG_CPP
29 AC_PROG_RANLIB
30 AC_PROG_INSTALL
31 AC_PROG_EGREP
32 AC_PATH_PROG(AR, ar)
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
37 AC_SUBST(PERL)
38 AC_PATH_PROG(ENT, ent)
39 AC_SUBST(ENT)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43 AC_PATH_PROG(SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
46 dnl for buildpkg.sh
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54 else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56 fi
58 # System features
59 AC_SYS_LARGEFILE
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63 fi
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
70 else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76 fi
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
82 fi
84 if test -z "$LD" ; then
85 LD=$CC
86 fi
87 AC_SUBST(LD)
89 AC_C_INLINE
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
96 case $GCC_VER in
97 1.*) ;;
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99 2.*) ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
102 *) ;;
103 esac
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
111 [have_llong_max=1],
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
114 )
115 fi
116 fi
118 AC_ARG_WITH(rpath,
119 [ --without-rpath Disable auto-added -R linker paths],
120 [
121 if test "x$withval" = "xno" ; then
122 need_dash_r=""
123 fi
124 if test "x$withval" = "xyes" ; then
125 need_dash_r=1
126 fi
127 ]
128 )
130 # Allow user to specify flags
131 AC_ARG_WITH(cflags,
132 [ --with-cflags Specify additional flags to pass to compiler],
133 [
134 if test -n "$withval" && test "x$withval" != "xno" && \
135 test "x${withval}" != "xyes"; then
136 CFLAGS="$CFLAGS $withval"
137 fi
138 ]
139 )
140 AC_ARG_WITH(cppflags,
141 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
142 [
143 if test -n "$withval" && test "x$withval" != "xno" && \
144 test "x${withval}" != "xyes"; then
145 CPPFLAGS="$CPPFLAGS $withval"
146 fi
147 ]
148 )
149 AC_ARG_WITH(ldflags,
150 [ --with-ldflags Specify additional flags to pass to linker],
151 [
152 if test -n "$withval" && test "x$withval" != "xno" && \
153 test "x${withval}" != "xyes"; then
154 LDFLAGS="$LDFLAGS $withval"
155 fi
156 ]
157 )
158 AC_ARG_WITH(libs,
159 [ --with-libs Specify additional libraries to link with],
160 [
161 if test -n "$withval" && test "x$withval" != "xno" && \
162 test "x${withval}" != "xyes"; then
163 LIBS="$LIBS $withval"
164 fi
165 ]
166 )
167 AC_ARG_WITH(Werror,
168 [ --with-Werror Build main code with -Werror],
169 [
170 if test -n "$withval" && test "x$withval" != "xno"; then
171 werror_flags="-Werror"
172 if test "x${withval}" != "xyes"; then
173 werror_flags="$withval"
174 fi
175 fi
176 ]
177 )
179 AC_CHECK_HEADERS( \
180 bstring.h \
181 crypt.h \
182 crypto/sha2.h \
183 dirent.h \
184 endian.h \
185 features.h \
186 fcntl.h \
187 floatingpoint.h \
188 getopt.h \
189 glob.h \
190 ia.h \
191 iaf.h \
192 limits.h \
193 login.h \
194 maillock.h \
195 ndir.h \
196 net/if_tun.h \
197 netdb.h \
198 netgroup.h \
199 pam/pam_appl.h \
200 paths.h \
201 pty.h \
202 readpassphrase.h \
203 rpc/types.h \
204 security/pam_appl.h \
205 sha2.h \
206 shadow.h \
207 stddef.h \
208 stdint.h \
209 string.h \
210 strings.h \
211 sys/audit.h \
212 sys/bitypes.h \
213 sys/bsdtty.h \
214 sys/cdefs.h \
215 sys/dir.h \
216 sys/mman.h \
217 sys/ndir.h \
218 sys/prctl.h \
219 sys/pstat.h \
220 sys/select.h \
221 sys/stat.h \
222 sys/stream.h \
223 sys/stropts.h \
224 sys/strtio.h \
225 sys/sysmacros.h \
226 sys/time.h \
227 sys/timers.h \
228 sys/un.h \
229 time.h \
230 tmpdir.h \
231 ttyent.h \
232 unistd.h \
233 usersec.h \
234 util.h \
235 utime.h \
236 utmp.h \
237 utmpx.h \
238 vis.h \
239 )
241 # lastlog.h requires sys/time.h to be included first on Solaris
242 AC_CHECK_HEADERS(lastlog.h, [], [], [
243 #ifdef HAVE_SYS_TIME_H
244 # include <sys/time.h>
245 #endif
246 ])
248 # sys/ptms.h requires sys/stream.h to be included first on Solaris
249 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
250 #ifdef HAVE_SYS_STREAM_H
251 # include <sys/stream.h>
252 #endif
253 ])
255 # login_cap.h requires sys/types.h on NetBSD
256 AC_CHECK_HEADERS(login_cap.h, [], [], [
257 #include <sys/types.h>
258 ])
260 # Messages for features tested for in target-specific section
261 SIA_MSG="no"
262 SPC_MSG="no"
264 # Check for some target-specific stuff
265 case "$host" in
266 *-*-aix*)
267 # Some versions of VAC won't allow macro redefinitions at
268 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
269 # particularly with older versions of vac or xlc.
270 # It also throws errors about null macro argments, but these are
271 # not fatal.
272 AC_MSG_CHECKING(if compiler allows macro redefinitions)
273 AC_COMPILE_IFELSE(
274 [AC_LANG_SOURCE([[
275 #define testmacro foo
276 #define testmacro bar
277 int main(void) { exit(0); }
278 ]])],
279 [ AC_MSG_RESULT(yes) ],
280 [ AC_MSG_RESULT(no)
281 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
282 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
283 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
284 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
285 ]
286 )
288 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
289 if (test -z "$blibpath"); then
290 blibpath="/usr/lib:/lib"
291 fi
292 saved_LDFLAGS="$LDFLAGS"
293 if test "$GCC" = "yes"; then
294 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
295 else
296 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
297 fi
298 for tryflags in $flags ;do
299 if (test -z "$blibflags"); then
300 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
301 AC_TRY_LINK([], [], [blibflags=$tryflags])
302 fi
303 done
304 if (test -z "$blibflags"); then
305 AC_MSG_RESULT(not found)
306 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
307 else
308 AC_MSG_RESULT($blibflags)
309 fi
310 LDFLAGS="$saved_LDFLAGS"
311 dnl Check for authenticate. Might be in libs.a on older AIXes
312 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
313 [Define if you want to enable AIX4's authenticate function])],
314 [AC_CHECK_LIB(s,authenticate,
315 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
316 LIBS="$LIBS -ls"
317 ])
318 ])
319 dnl Check for various auth function declarations in headers.
320 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
321 passwdexpired, setauthdb], , , [#include <usersec.h>])
322 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
323 AC_CHECK_DECLS(loginfailed,
324 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
325 AC_TRY_COMPILE(
326 [#include <usersec.h>],
327 [(void)loginfailed("user","host","tty",0);],
328 [AC_MSG_RESULT(yes)
329 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
330 [Define if your AIX loginfailed() function
331 takes 4 arguments (AIX >= 5.2)])],
332 [AC_MSG_RESULT(no)]
333 )],
334 [],
335 [#include <usersec.h>]
336 )
337 AC_CHECK_FUNCS(setauthdb)
338 AC_CHECK_DECL(F_CLOSEM,
339 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
340 [],
341 [ #include <limits.h>
342 #include <fcntl.h> ]
343 )
344 check_for_aix_broken_getaddrinfo=1
345 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
346 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
347 [Define if your platform breaks doing a seteuid before a setuid])
348 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
349 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
350 dnl AIX handles lastlog as part of its login message
351 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
352 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
353 [Some systems need a utmpx entry for /bin/login to work])
354 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
355 [Define to a Set Process Title type if your system is
356 supported by bsd-setproctitle.c])
357 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
358 [AIX 5.2 and 5.3 (and presumably newer) require this])
359 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
360 ;;
361 *-*-cygwin*)
362 check_for_libcrypt_later=1
363 LIBS="$LIBS /usr/lib/textreadmode.o"
364 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
365 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
366 AC_DEFINE(DISABLE_SHADOW, 1,
367 [Define if you want to disable shadow passwords])
368 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
369 [Define if your system choked on IP TOS setting])
370 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
371 [Define if X11 doesn't support AF_UNIX sockets on that system])
372 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
373 [Define if the concept of ports only accessible to
374 superusers isn't known])
375 AC_DEFINE(DISABLE_FD_PASSING, 1,
376 [Define if your platform needs to skip post auth
377 file descriptor passing])
378 ;;
379 *-*-dgux*)
380 AC_DEFINE(IP_TOS_IS_BROKEN)
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
384 ;;
385 *-*-darwin*)
386 AC_MSG_CHECKING(if we have working getaddrinfo)
387 AC_TRY_RUN([#include <mach-o/dyld.h>
388 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
389 exit(0);
390 else
391 exit(1);
392 }], [AC_MSG_RESULT(working)],
393 [AC_MSG_RESULT(buggy)
394 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
395 [AC_MSG_RESULT(assume it is working)])
396 AC_DEFINE(SETEUID_BREAKS_SETUID)
397 AC_DEFINE(BROKEN_SETREUID)
398 AC_DEFINE(BROKEN_SETREGID)
399 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
400 [Define if your resolver libs need this for getrrsetbyname])
401 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
402 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
403 [Use tunnel device compatibility to OpenBSD])
404 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
405 [Prepend the address family to IP tunnel traffic])
406 ;;
407 *-*-dragonfly*)
408 SSHDLIBS="$SSHDLIBS -lcrypt"
409 ;;
410 *-*-hpux*)
411 # first we define all of the options common to all HP-UX releases
412 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
413 IPADDR_IN_DISPLAY=yes
414 AC_DEFINE(USE_PIPES)
415 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
416 [Define if your login program cannot handle end of options ("--")])
417 AC_DEFINE(LOGIN_NEEDS_UTMPX)
418 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
419 [String used in /etc/passwd to denote locked account])
420 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
421 MAIL="/var/mail/username"
422 LIBS="$LIBS -lsec"
423 AC_CHECK_LIB(xnet, t_error, ,
424 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
426 # next, we define all of the options specific to major releases
427 case "$host" in
428 *-*-hpux10*)
429 if test -z "$GCC"; then
430 CFLAGS="$CFLAGS -Ae"
431 fi
432 ;;
433 *-*-hpux11*)
434 AC_DEFINE(PAM_SUN_CODEBASE, 1,
435 [Define if you are using Solaris-derived PAM which
436 passes pam_messages to the conversation function
437 with an extra level of indirection])
438 AC_DEFINE(DISABLE_UTMP, 1,
439 [Define if you don't want to use utmp])
440 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
441 check_for_hpux_broken_getaddrinfo=1
442 check_for_conflicting_getspnam=1
443 ;;
444 esac
446 # lastly, we define options specific to minor releases
447 case "$host" in
448 *-*-hpux10.26)
449 AC_DEFINE(HAVE_SECUREWARE, 1,
450 [Define if you have SecureWare-based
451 protected password database])
452 disable_ptmx_check=yes
453 LIBS="$LIBS -lsecpw"
454 ;;
455 esac
456 ;;
457 *-*-irix5*)
458 PATH="$PATH:/usr/etc"
459 AC_DEFINE(BROKEN_INET_NTOA, 1,
460 [Define if you system's inet_ntoa is busted
461 (e.g. Irix gcc issue)])
462 AC_DEFINE(SETEUID_BREAKS_SETUID)
463 AC_DEFINE(BROKEN_SETREUID)
464 AC_DEFINE(BROKEN_SETREGID)
465 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
466 [Define if you shouldn't strip 'tty' from your
467 ttyname in [uw]tmp])
468 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
469 ;;
470 *-*-irix6*)
471 PATH="$PATH:/usr/etc"
472 AC_DEFINE(WITH_IRIX_ARRAY, 1,
473 [Define if you have/want arrays
474 (cluster-wide session managment, not C arrays)])
475 AC_DEFINE(WITH_IRIX_PROJECT, 1,
476 [Define if you want IRIX project management])
477 AC_DEFINE(WITH_IRIX_AUDIT, 1,
478 [Define if you want IRIX audit trails])
479 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
480 [Define if you want IRIX kernel jobs])])
481 AC_DEFINE(BROKEN_INET_NTOA)
482 AC_DEFINE(SETEUID_BREAKS_SETUID)
483 AC_DEFINE(BROKEN_SETREUID)
484 AC_DEFINE(BROKEN_SETREGID)
485 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
486 AC_DEFINE(WITH_ABBREV_NO_TTY)
487 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
488 ;;
489 *-*-linux*)
490 no_dev_ptmx=1
491 check_for_libcrypt_later=1
492 check_for_openpty_ctty_bug=1
493 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
494 AC_DEFINE(PAM_TTY_KLUDGE, 1,
495 [Work around problematic Linux PAM modules handling of PAM_TTY])
496 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
497 [String used in /etc/passwd to denote locked account])
498 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
499 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
500 [Define to whatever link() returns for "not supported"
501 if it doesn't return EOPNOTSUPP.])
502 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
503 AC_DEFINE(USE_BTMP)
504 inet6_default_4in6=yes
505 case `uname -r` in
506 1.*|2.0.*)
507 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
508 [Define if cmsg_type is not passed correctly])
509 ;;
510 esac
511 # tun(4) forwarding compat code
512 AC_CHECK_HEADERS(linux/if_tun.h)
513 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
514 AC_DEFINE(SSH_TUN_LINUX, 1,
515 [Open tunnel devices the Linux tun/tap way])
516 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
517 [Use tunnel device compatibility to OpenBSD])
518 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
519 [Prepend the address family to IP tunnel traffic])
520 fi
521 ;;
522 mips-sony-bsd|mips-sony-newsos4)
523 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
524 SONY=1
525 ;;
526 *-*-netbsd*)
527 check_for_libcrypt_before=1
528 if test "x$withval" != "xno" ; then
529 need_dash_r=1
530 fi
531 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
532 AC_CHECK_HEADER([net/if_tap.h], ,
533 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
534 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
535 [Prepend the address family to IP tunnel traffic])
536 ;;
537 *-*-freebsd*)
538 check_for_libcrypt_later=1
539 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
540 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
541 AC_CHECK_HEADER([net/if_tap.h], ,
542 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
543 ;;
544 *-*-bsdi*)
545 AC_DEFINE(SETEUID_BREAKS_SETUID)
546 AC_DEFINE(BROKEN_SETREUID)
547 AC_DEFINE(BROKEN_SETREGID)
548 ;;
549 *-next-*)
550 conf_lastlog_location="/usr/adm/lastlog"
551 conf_utmp_location=/etc/utmp
552 conf_wtmp_location=/usr/adm/wtmp
553 MAIL=/usr/spool/mail
554 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
555 AC_DEFINE(BROKEN_REALPATH)
556 AC_DEFINE(USE_PIPES)
557 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
558 ;;
559 *-*-openbsd*)
560 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
561 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
562 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
563 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
564 [syslog_r function is safe to use in in a signal handler])
565 ;;
566 *-*-solaris*)
567 if test "x$withval" != "xno" ; then
568 need_dash_r=1
569 fi
570 AC_DEFINE(PAM_SUN_CODEBASE)
571 AC_DEFINE(LOGIN_NEEDS_UTMPX)
572 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
573 [Some versions of /bin/login need the TERM supplied
574 on the commandline])
575 AC_DEFINE(PAM_TTY_KLUDGE)
576 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
577 [Define if pam_chauthtok wants real uid set
578 to the unpriv'ed user])
579 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
580 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
581 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
582 [Define if sshd somehow reacquires a controlling TTY
583 after setsid()])
584 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
585 in case the name is longer than 8 chars])
586 external_path_file=/etc/default/login
587 # hardwire lastlog location (can't detect it on some versions)
588 conf_lastlog_location="/var/adm/lastlog"
589 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
590 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
591 if test "$sol2ver" -ge 8; then
592 AC_MSG_RESULT(yes)
593 AC_DEFINE(DISABLE_UTMP)
594 AC_DEFINE(DISABLE_WTMP, 1,
595 [Define if you don't want to use wtmp])
596 else
597 AC_MSG_RESULT(no)
598 fi
599 AC_ARG_WITH(solaris-contracts,
600 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
601 [
602 AC_CHECK_LIB(contract, ct_tmpl_activate,
603 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
604 [Define if you have Solaris process contracts])
605 SSHDLIBS="$SSHDLIBS -lcontract"
606 AC_SUBST(SSHDLIBS)
607 SPC_MSG="yes" ], )
608 ],
609 )
610 ;;
611 *-*-sunos4*)
612 CPPFLAGS="$CPPFLAGS -DSUNOS4"
613 AC_CHECK_FUNCS(getpwanam)
614 AC_DEFINE(PAM_SUN_CODEBASE)
615 conf_utmp_location=/etc/utmp
616 conf_wtmp_location=/var/adm/wtmp
617 conf_lastlog_location=/var/adm/lastlog
618 AC_DEFINE(USE_PIPES)
619 ;;
620 *-ncr-sysv*)
621 LIBS="$LIBS -lc89"
622 AC_DEFINE(USE_PIPES)
623 AC_DEFINE(SSHD_ACQUIRES_CTTY)
624 AC_DEFINE(SETEUID_BREAKS_SETUID)
625 AC_DEFINE(BROKEN_SETREUID)
626 AC_DEFINE(BROKEN_SETREGID)
627 ;;
628 *-sni-sysv*)
629 # /usr/ucblib MUST NOT be searched on ReliantUNIX
630 AC_CHECK_LIB(dl, dlsym, ,)
631 # -lresolv needs to be at the end of LIBS or DNS lookups break
632 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
633 IPADDR_IN_DISPLAY=yes
634 AC_DEFINE(USE_PIPES)
635 AC_DEFINE(IP_TOS_IS_BROKEN)
636 AC_DEFINE(SETEUID_BREAKS_SETUID)
637 AC_DEFINE(BROKEN_SETREUID)
638 AC_DEFINE(BROKEN_SETREGID)
639 AC_DEFINE(SSHD_ACQUIRES_CTTY)
640 external_path_file=/etc/default/login
641 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
642 # Attention: always take care to bind libsocket and libnsl before libc,
643 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
644 ;;
645 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
646 *-*-sysv4.2*)
647 AC_DEFINE(USE_PIPES)
648 AC_DEFINE(SETEUID_BREAKS_SETUID)
649 AC_DEFINE(BROKEN_SETREUID)
650 AC_DEFINE(BROKEN_SETREGID)
651 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
652 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
653 ;;
654 # UnixWare 7.x, OpenUNIX 8
655 *-*-sysv5*)
656 check_for_libcrypt_later=1
657 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
658 AC_DEFINE(USE_PIPES)
659 AC_DEFINE(SETEUID_BREAKS_SETUID)
660 AC_DEFINE(BROKEN_SETREUID)
661 AC_DEFINE(BROKEN_SETREGID)
662 AC_DEFINE(PASSWD_NEEDS_USERNAME)
663 case "$host" in
664 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
665 TEST_SHELL=/u95/bin/sh
666 AC_DEFINE(BROKEN_LIBIAF, 1,
667 [ia_uinfo routines not supported by OS yet])
668 AC_DEFINE(BROKEN_UPDWTMPX)
669 ;;
670 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
671 ;;
672 esac
673 ;;
674 *-*-sysv*)
675 ;;
676 # SCO UNIX and OEM versions of SCO UNIX
677 *-*-sco3.2v4*)
678 AC_MSG_ERROR("This Platform is no longer supported.")
679 ;;
680 # SCO OpenServer 5.x
681 *-*-sco3.2v5*)
682 if test -z "$GCC"; then
683 CFLAGS="$CFLAGS -belf"
684 fi
685 LIBS="$LIBS -lprot -lx -ltinfo -lm"
686 no_dev_ptmx=1
687 AC_DEFINE(USE_PIPES)
688 AC_DEFINE(HAVE_SECUREWARE)
689 AC_DEFINE(DISABLE_SHADOW)
690 AC_DEFINE(DISABLE_FD_PASSING)
691 AC_DEFINE(SETEUID_BREAKS_SETUID)
692 AC_DEFINE(BROKEN_SETREUID)
693 AC_DEFINE(BROKEN_SETREGID)
694 AC_DEFINE(WITH_ABBREV_NO_TTY)
695 AC_DEFINE(BROKEN_UPDWTMPX)
696 AC_DEFINE(PASSWD_NEEDS_USERNAME)
697 AC_CHECK_FUNCS(getluid setluid)
698 MANTYPE=man
699 TEST_SHELL=ksh
700 ;;
701 *-*-unicosmk*)
702 AC_DEFINE(NO_SSH_LASTLOG, 1,
703 [Define if you don't want to use lastlog in session.c])
704 AC_DEFINE(SETEUID_BREAKS_SETUID)
705 AC_DEFINE(BROKEN_SETREUID)
706 AC_DEFINE(BROKEN_SETREGID)
707 AC_DEFINE(USE_PIPES)
708 AC_DEFINE(DISABLE_FD_PASSING)
709 LDFLAGS="$LDFLAGS"
710 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
711 MANTYPE=cat
712 ;;
713 *-*-unicosmp*)
714 AC_DEFINE(SETEUID_BREAKS_SETUID)
715 AC_DEFINE(BROKEN_SETREUID)
716 AC_DEFINE(BROKEN_SETREGID)
717 AC_DEFINE(WITH_ABBREV_NO_TTY)
718 AC_DEFINE(USE_PIPES)
719 AC_DEFINE(DISABLE_FD_PASSING)
720 LDFLAGS="$LDFLAGS"
721 LIBS="$LIBS -lgen -lacid -ldb"
722 MANTYPE=cat
723 ;;
724 *-*-unicos*)
725 AC_DEFINE(SETEUID_BREAKS_SETUID)
726 AC_DEFINE(BROKEN_SETREUID)
727 AC_DEFINE(BROKEN_SETREGID)
728 AC_DEFINE(USE_PIPES)
729 AC_DEFINE(DISABLE_FD_PASSING)
730 AC_DEFINE(NO_SSH_LASTLOG)
731 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
732 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
733 MANTYPE=cat
734 ;;
735 *-dec-osf*)
736 AC_MSG_CHECKING(for Digital Unix SIA)
737 no_osfsia=""
738 AC_ARG_WITH(osfsia,
739 [ --with-osfsia Enable Digital Unix SIA],
740 [
741 if test "x$withval" = "xno" ; then
742 AC_MSG_RESULT(disabled)
743 no_osfsia=1
744 fi
745 ],
746 )
747 if test -z "$no_osfsia" ; then
748 if test -f /etc/sia/matrix.conf; then
749 AC_MSG_RESULT(yes)
750 AC_DEFINE(HAVE_OSF_SIA, 1,
751 [Define if you have Digital Unix Security
752 Integration Architecture])
753 AC_DEFINE(DISABLE_LOGIN, 1,
754 [Define if you don't want to use your
755 system's login() call])
756 AC_DEFINE(DISABLE_FD_PASSING)
757 LIBS="$LIBS -lsecurity -ldb -lm -laud"
758 SIA_MSG="yes"
759 else
760 AC_MSG_RESULT(no)
761 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
762 [String used in /etc/passwd to denote locked account])
763 fi
764 fi
765 AC_DEFINE(BROKEN_GETADDRINFO)
766 AC_DEFINE(SETEUID_BREAKS_SETUID)
767 AC_DEFINE(BROKEN_SETREUID)
768 AC_DEFINE(BROKEN_SETREGID)
769 ;;
771 *-*-nto-qnx*)
772 AC_DEFINE(USE_PIPES)
773 AC_DEFINE(NO_X11_UNIX_SOCKETS)
774 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
775 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
776 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
777 AC_DEFINE(DISABLE_LASTLOG)
778 AC_DEFINE(SSHD_ACQUIRES_CTTY)
779 enable_etc_default_login=no # has incompatible /etc/default/login
780 ;;
782 *-*-ultrix*)
783 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
784 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
785 AC_DEFINE(NEED_SETPGRP)
786 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
787 ;;
789 *-*-lynxos)
790 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
791 AC_DEFINE(MISSING_HOWMANY)
792 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
793 ;;
794 esac
796 AC_MSG_CHECKING(compiler and flags for sanity)
797 AC_RUN_IFELSE(
798 [AC_LANG_SOURCE([
799 #include <stdio.h>
800 int main(){exit(0);}
801 ])],
802 [ AC_MSG_RESULT(yes) ],
803 [
804 AC_MSG_RESULT(no)
805 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
806 ],
807 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
808 )
810 dnl Checks for header files.
811 # Checks for libraries.
812 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
813 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
815 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
816 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
817 AC_CHECK_LIB(gen, dirname,[
818 AC_CACHE_CHECK([for broken dirname],
819 ac_cv_have_broken_dirname, [
820 save_LIBS="$LIBS"
821 LIBS="$LIBS -lgen"
822 AC_RUN_IFELSE(
823 [AC_LANG_SOURCE([[
824 #include <libgen.h>
825 #include <string.h>
827 int main(int argc, char **argv) {
828 char *s, buf[32];
830 strncpy(buf,"/etc", 32);
831 s = dirname(buf);
832 if (!s || strncmp(s, "/", 32) != 0) {
833 exit(1);
834 } else {
835 exit(0);
836 }
837 }
838 ]])],
839 [ ac_cv_have_broken_dirname="no" ],
840 [ ac_cv_have_broken_dirname="yes" ],
841 [ ac_cv_have_broken_dirname="no" ],
842 )
843 LIBS="$save_LIBS"
844 ])
845 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
846 LIBS="$LIBS -lgen"
847 AC_DEFINE(HAVE_DIRNAME)
848 AC_CHECK_HEADERS(libgen.h)
849 fi
850 ])
851 ])
853 AC_CHECK_FUNC(getspnam, ,
854 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
855 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
856 [Define if you have the basename function.]))
858 dnl zlib is required
859 AC_ARG_WITH(zlib,
860 [ --with-zlib=PATH Use zlib in PATH],
861 [ if test "x$withval" = "xno" ; then
862 AC_MSG_ERROR([*** zlib is required ***])
863 elif test "x$withval" != "xyes"; then
864 if test -d "$withval/lib"; then
865 if test -n "${need_dash_r}"; then
866 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
867 else
868 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
869 fi
870 else
871 if test -n "${need_dash_r}"; then
872 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
873 else
874 LDFLAGS="-L${withval} ${LDFLAGS}"
875 fi
876 fi
877 if test -d "$withval/include"; then
878 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
879 else
880 CPPFLAGS="-I${withval} ${CPPFLAGS}"
881 fi
882 fi ]
883 )
885 AC_CHECK_LIB(z, deflate, ,
886 [
887 saved_CPPFLAGS="$CPPFLAGS"
888 saved_LDFLAGS="$LDFLAGS"
889 save_LIBS="$LIBS"
890 dnl Check default zlib install dir
891 if test -n "${need_dash_r}"; then
892 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
893 else
894 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
895 fi
896 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
897 LIBS="$LIBS -lz"
898 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
899 [
900 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
901 ]
902 )
903 ]
904 )
905 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
907 AC_ARG_WITH(zlib-version-check,
908 [ --without-zlib-version-check Disable zlib version check],
909 [ if test "x$withval" = "xno" ; then
910 zlib_check_nonfatal=1
911 fi
912 ]
913 )
915 AC_MSG_CHECKING(for possibly buggy zlib)
916 AC_RUN_IFELSE([AC_LANG_SOURCE([[
917 #include <stdio.h>
918 #include <zlib.h>
919 int main()
920 {
921 int a=0, b=0, c=0, d=0, n, v;
922 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
923 if (n != 3 && n != 4)
924 exit(1);
925 v = a*1000000 + b*10000 + c*100 + d;
926 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
928 /* 1.1.4 is OK */
929 if (a == 1 && b == 1 && c >= 4)
930 exit(0);
932 /* 1.2.3 and up are OK */
933 if (v >= 1020300)
934 exit(0);
936 exit(2);
937 }
938 ]])],
939 AC_MSG_RESULT(no),
940 [ AC_MSG_RESULT(yes)
941 if test -z "$zlib_check_nonfatal" ; then
942 AC_MSG_ERROR([*** zlib too old - check config.log ***
943 Your reported zlib version has known security problems. It's possible your
944 vendor has fixed these problems without changing the version number. If you
945 are sure this is the case, you can disable the check by running
946 "./configure --without-zlib-version-check".
947 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
948 See http://www.gzip.org/zlib/ for details.])
949 else
950 AC_MSG_WARN([zlib version may have security problems])
951 fi
952 ],
953 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
954 )
956 dnl UnixWare 2.x
957 AC_CHECK_FUNC(strcasecmp,
958 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
959 )
960 AC_CHECK_FUNCS(utimes,
961 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
962 LIBS="$LIBS -lc89"]) ]
963 )
965 dnl Checks for libutil functions
966 AC_CHECK_HEADERS(libutil.h)
967 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
968 [Define if your libraries define login()])])
969 AC_CHECK_FUNCS(logout updwtmp logwtmp)
971 AC_FUNC_STRFTIME
973 # Check for ALTDIRFUNC glob() extension
974 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
975 AC_EGREP_CPP(FOUNDIT,
976 [
977 #include <glob.h>
978 #ifdef GLOB_ALTDIRFUNC
979 FOUNDIT
980 #endif
981 ],
982 [
983 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
984 [Define if your system glob() function has
985 the GLOB_ALTDIRFUNC extension])
986 AC_MSG_RESULT(yes)
987 ],
988 [
989 AC_MSG_RESULT(no)
990 ]
991 )
993 # Check for g.gl_matchc glob() extension
994 AC_MSG_CHECKING(for gl_matchc field in glob_t)
995 AC_TRY_COMPILE(
996 [ #include <glob.h> ],
997 [glob_t g; g.gl_matchc = 1;],
998 [
999 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1000 [Define if your system glob() function has
1001 gl_matchc options in glob_t])
1002 AC_MSG_RESULT(yes)
1003 ],
1004 [
1005 AC_MSG_RESULT(no)
1006 ]
1007 )
1009 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1011 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1012 AC_RUN_IFELSE(
1013 [AC_LANG_SOURCE([[
1014 #include <sys/types.h>
1015 #include <dirent.h>
1016 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1017 ]])],
1018 [AC_MSG_RESULT(yes)],
1019 [
1020 AC_MSG_RESULT(no)
1021 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1022 [Define if your struct dirent expects you to
1023 allocate extra space for d_name])
1024 ],
1025 [
1026 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1027 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1028 ]
1029 )
1031 AC_MSG_CHECKING([for /proc/pid/fd directory])
1032 if test -d "/proc/$$/fd" ; then
1033 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1034 AC_MSG_RESULT(yes)
1035 else
1036 AC_MSG_RESULT(no)
1037 fi
1039 # Check whether user wants S/Key support
1040 SKEY_MSG="no"
1041 AC_ARG_WITH(skey,
1042 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1043 [
1044 if test "x$withval" != "xno" ; then
1046 if test "x$withval" != "xyes" ; then
1047 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1048 LDFLAGS="$LDFLAGS -L${withval}/lib"
1049 fi
1051 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1052 LIBS="-lskey $LIBS"
1053 SKEY_MSG="yes"
1055 AC_MSG_CHECKING([for s/key support])
1056 AC_LINK_IFELSE(
1057 [AC_LANG_SOURCE([[
1058 #include <stdio.h>
1059 #include <skey.h>
1060 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1061 ]])],
1062 [AC_MSG_RESULT(yes)],
1063 [
1064 AC_MSG_RESULT(no)
1065 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1066 ])
1067 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1068 AC_TRY_COMPILE(
1069 [#include <stdio.h>
1070 #include <skey.h>],
1071 [(void)skeychallenge(NULL,"name","",0);],
1072 [AC_MSG_RESULT(yes)
1073 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1074 [Define if your skeychallenge()
1075 function takes 4 arguments (NetBSD)])],
1076 [AC_MSG_RESULT(no)]
1077 )
1078 fi
1079 ]
1080 )
1082 # Check whether user wants TCP wrappers support
1083 TCPW_MSG="no"
1084 AC_ARG_WITH(tcp-wrappers,
1085 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1086 [
1087 if test "x$withval" != "xno" ; then
1088 saved_LIBS="$LIBS"
1089 saved_LDFLAGS="$LDFLAGS"
1090 saved_CPPFLAGS="$CPPFLAGS"
1091 if test -n "${withval}" && \
1092 test "x${withval}" != "xyes"; then
1093 if test -d "${withval}/lib"; then
1094 if test -n "${need_dash_r}"; then
1095 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1096 else
1097 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1098 fi
1099 else
1100 if test -n "${need_dash_r}"; then
1101 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1102 else
1103 LDFLAGS="-L${withval} ${LDFLAGS}"
1104 fi
1105 fi
1106 if test -d "${withval}/include"; then
1107 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1108 else
1109 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1110 fi
1111 fi
1112 LIBWRAP="-lwrap"
1113 LIBS="$LIBWRAP $LIBS"
1114 AC_MSG_CHECKING(for libwrap)
1115 AC_TRY_LINK(
1116 [
1117 #include <sys/types.h>
1118 #include <sys/socket.h>
1119 #include <netinet/in.h>
1120 #include <tcpd.h>
1121 int deny_severity = 0, allow_severity = 0;
1122 ],
1123 [hosts_access(0);],
1124 [
1125 AC_MSG_RESULT(yes)
1126 AC_DEFINE(LIBWRAP, 1,
1127 [Define if you want
1128 TCP Wrappers support])
1129 AC_SUBST(LIBWRAP)
1130 TCPW_MSG="yes"
1131 ],
1132 [
1133 AC_MSG_ERROR([*** libwrap missing])
1134 ]
1135 )
1136 LIBS="$saved_LIBS"
1137 fi
1138 ]
1139 )
1141 # Check whether user wants libedit support
1142 LIBEDIT_MSG="no"
1143 AC_ARG_WITH(libedit,
1144 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1145 [ if test "x$withval" != "xno" ; then
1146 if test "x$withval" != "xyes"; then
1147 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1148 if test -n "${need_dash_r}"; then
1149 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1150 else
1151 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1152 fi
1153 fi
1154 AC_CHECK_LIB(edit, el_init,
1155 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1156 LIBEDIT="-ledit -lcurses"
1157 LIBEDIT_MSG="yes"
1158 AC_SUBST(LIBEDIT)
1159 ],
1160 [ AC_MSG_ERROR(libedit not found) ],
1161 [ -lcurses ]
1162 )
1163 AC_MSG_CHECKING(if libedit version is compatible)
1164 AC_COMPILE_IFELSE(
1165 [AC_LANG_SOURCE([[
1166 #include <histedit.h>
1167 int main(void)
1168 {
1169 int i = H_SETSIZE;
1170 el_init("", NULL, NULL, NULL);
1171 exit(0);
1172 }
1173 ]])],
1174 [ AC_MSG_RESULT(yes) ],
1175 [ AC_MSG_RESULT(no)
1176 AC_MSG_ERROR(libedit version is not compatible) ]
1177 )
1178 fi ]
1179 )
1181 AUDIT_MODULE=none
1182 AC_ARG_WITH(audit,
1183 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1184 [
1185 AC_MSG_CHECKING(for supported audit module)
1186 case "$withval" in
1187 bsm)
1188 AC_MSG_RESULT(bsm)
1189 AUDIT_MODULE=bsm
1190 dnl Checks for headers, libs and functions
1191 AC_CHECK_HEADERS(bsm/audit.h, [],
1192 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1193 [
1194 #ifdef HAVE_TIME_H
1195 # include <time.h>
1196 #endif
1197 ]
1198 )
1199 AC_CHECK_LIB(bsm, getaudit, [],
1200 [AC_MSG_ERROR(BSM enabled and required library not found)])
1201 AC_CHECK_FUNCS(getaudit, [],
1202 [AC_MSG_ERROR(BSM enabled and required function not found)])
1203 # These are optional
1204 AC_CHECK_FUNCS(getaudit_addr)
1205 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1206 ;;
1207 debug)
1208 AUDIT_MODULE=debug
1209 AC_MSG_RESULT(debug)
1210 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1211 ;;
1212 no)
1213 AC_MSG_RESULT(no)
1214 ;;
1215 *)
1216 AC_MSG_ERROR([Unknown audit module $withval])
1217 ;;
1218 esac ]
1219 )
1221 dnl Checks for library functions. Please keep in alphabetical order
1222 AC_CHECK_FUNCS( \
1223 arc4random \
1224 asprintf \
1225 b64_ntop \
1226 __b64_ntop \
1227 b64_pton \
1228 __b64_pton \
1229 bcopy \
1230 bindresvport_sa \
1231 clock \
1232 closefrom \
1233 dirfd \
1234 fchmod \
1235 fchown \
1236 freeaddrinfo \
1237 futimes \
1238 getaddrinfo \
1239 getcwd \
1240 getgrouplist \
1241 getnameinfo \
1242 getopt \
1243 getpeereid \
1244 _getpty \
1245 getrlimit \
1246 getttyent \
1247 glob \
1248 inet_aton \
1249 inet_ntoa \
1250 inet_ntop \
1251 innetgr \
1252 login_getcapbool \
1253 md5_crypt \
1254 memmove \
1255 mkdtemp \
1256 mmap \
1257 ngetaddrinfo \
1258 nsleep \
1259 ogetaddrinfo \
1260 openlog_r \
1261 openpty \
1262 prctl \
1263 pstat \
1264 readpassphrase \
1265 realpath \
1266 recvmsg \
1267 rresvport_af \
1268 sendmsg \
1269 setdtablesize \
1270 setegid \
1271 setenv \
1272 seteuid \
1273 setgroups \
1274 setlogin \
1275 setpcred \
1276 setproctitle \
1277 setregid \
1278 setreuid \
1279 setrlimit \
1280 setsid \
1281 setvbuf \
1282 sigaction \
1283 sigvec \
1284 snprintf \
1285 socketpair \
1286 strdup \
1287 strerror \
1288 strlcat \
1289 strlcpy \
1290 strmode \
1291 strnvis \
1292 strtonum \
1293 strtoll \
1294 strtoul \
1295 sysconf \
1296 tcgetpgrp \
1297 truncate \
1298 unsetenv \
1299 updwtmpx \
1300 vasprintf \
1301 vhangup \
1302 vsnprintf \
1303 waitpid \
1304 )
1306 # IRIX has a const char return value for gai_strerror()
1307 AC_CHECK_FUNCS(gai_strerror,[
1308 AC_DEFINE(HAVE_GAI_STRERROR)
1309 AC_TRY_COMPILE([
1310 #include <sys/types.h>
1311 #include <sys/socket.h>
1312 #include <netdb.h>
1314 const char *gai_strerror(int);],[
1315 char *str;
1317 str = gai_strerror(0);],[
1318 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1319 [Define if gai_strerror() returns const char *])])])
1321 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1322 [Some systems put nanosleep outside of libc]))
1324 dnl Make sure prototypes are defined for these before using them.
1325 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1326 AC_CHECK_DECL(strsep,
1327 [AC_CHECK_FUNCS(strsep)],
1328 [],
1329 [
1330 #ifdef HAVE_STRING_H
1331 # include <string.h>
1332 #endif
1333 ])
1335 dnl tcsendbreak might be a macro
1336 AC_CHECK_DECL(tcsendbreak,
1337 [AC_DEFINE(HAVE_TCSENDBREAK)],
1338 [AC_CHECK_FUNCS(tcsendbreak)],
1339 [#include <termios.h>]
1340 )
1342 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1344 AC_CHECK_DECLS(SHUT_RD, , ,
1345 [
1346 #include <sys/types.h>
1347 #include <sys/socket.h>
1348 ])
1350 AC_CHECK_DECLS(O_NONBLOCK, , ,
1351 [
1352 #include <sys/types.h>
1353 #ifdef HAVE_SYS_STAT_H
1354 # include <sys/stat.h>
1355 #endif
1356 #ifdef HAVE_FCNTL_H
1357 # include <fcntl.h>
1358 #endif
1359 ])
1361 AC_CHECK_DECLS(writev, , , [
1362 #include <sys/types.h>
1363 #include <sys/uio.h>
1364 #include <unistd.h>
1365 ])
1367 AC_CHECK_FUNCS(setresuid, [
1368 dnl Some platorms have setresuid that isn't implemented, test for this
1369 AC_MSG_CHECKING(if setresuid seems to work)
1370 AC_RUN_IFELSE(
1371 [AC_LANG_SOURCE([[
1372 #include <stdlib.h>
1373 #include <errno.h>
1374 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1375 ]])],
1376 [AC_MSG_RESULT(yes)],
1377 [AC_DEFINE(BROKEN_SETRESUID, 1,
1378 [Define if your setresuid() is broken])
1379 AC_MSG_RESULT(not implemented)],
1380 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1381 )
1382 ])
1384 AC_CHECK_FUNCS(setresgid, [
1385 dnl Some platorms have setresgid that isn't implemented, test for this
1386 AC_MSG_CHECKING(if setresgid seems to work)
1387 AC_RUN_IFELSE(
1388 [AC_LANG_SOURCE([[
1389 #include <stdlib.h>
1390 #include <errno.h>
1391 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1392 ]])],
1393 [AC_MSG_RESULT(yes)],
1394 [AC_DEFINE(BROKEN_SETRESGID, 1,
1395 [Define if your setresgid() is broken])
1396 AC_MSG_RESULT(not implemented)],
1397 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1398 )
1399 ])
1401 dnl Checks for time functions
1402 AC_CHECK_FUNCS(gettimeofday time)
1403 dnl Checks for utmp functions
1404 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1405 AC_CHECK_FUNCS(utmpname)
1406 dnl Checks for utmpx functions
1407 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1408 AC_CHECK_FUNCS(setutxent utmpxname)
1410 AC_CHECK_FUNC(daemon,
1411 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1412 [AC_CHECK_LIB(bsd, daemon,
1413 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1414 )
1416 AC_CHECK_FUNC(getpagesize,
1417 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1418 [Define if your libraries define getpagesize()])],
1419 [AC_CHECK_LIB(ucb, getpagesize,
1420 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1421 )
1423 # Check for broken snprintf
1424 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1425 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1426 AC_RUN_IFELSE(
1427 [AC_LANG_SOURCE([[
1428 #include <stdio.h>
1429 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1430 ]])],
1431 [AC_MSG_RESULT(yes)],
1432 [
1433 AC_MSG_RESULT(no)
1434 AC_DEFINE(BROKEN_SNPRINTF, 1,
1435 [Define if your snprintf is busted])
1436 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1437 ],
1438 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1439 )
1440 fi
1442 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1443 # returning the right thing on overflow: the number of characters it tried to
1444 # create (as per SUSv3)
1445 if test "x$ac_cv_func_asprintf" != "xyes" && \
1446 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1447 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1448 AC_RUN_IFELSE(
1449 [AC_LANG_SOURCE([[
1450 #include <sys/types.h>
1451 #include <stdio.h>
1452 #include <stdarg.h>
1454 int x_snprintf(char *str,size_t count,const char *fmt,...)
1455 {
1456 size_t ret; va_list ap;
1457 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1458 return ret;
1459 }
1460 int main(void)
1461 {
1462 char x[1];
1463 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1464 } ]])],
1465 [AC_MSG_RESULT(yes)],
1466 [
1467 AC_MSG_RESULT(no)
1468 AC_DEFINE(BROKEN_SNPRINTF, 1,
1469 [Define if your snprintf is busted])
1470 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1471 ],
1472 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1473 )
1474 fi
1476 # On systems where [v]snprintf is broken, but is declared in stdio,
1477 # check that the fmt argument is const char * or just char *.
1478 # This is only useful for when BROKEN_SNPRINTF
1479 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1480 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1481 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1482 int main(void) { snprintf(0, 0, 0); }
1483 ]])],
1484 [AC_MSG_RESULT(yes)
1485 AC_DEFINE(SNPRINTF_CONST, [const],
1486 [Define as const if snprintf() can declare const char *fmt])],
1487 [AC_MSG_RESULT(no)
1488 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1490 # Check for missing getpeereid (or equiv) support
1491 NO_PEERCHECK=""
1492 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1493 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1494 AC_TRY_COMPILE(
1495 [#include <sys/types.h>
1496 #include <sys/socket.h>],
1497 [int i = SO_PEERCRED;],
1498 [ AC_MSG_RESULT(yes)
1499 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1500 ],
1501 [AC_MSG_RESULT(no)
1502 NO_PEERCHECK=1]
1503 )
1504 fi
1506 dnl see whether mkstemp() requires XXXXXX
1507 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1508 AC_MSG_CHECKING([for (overly) strict mkstemp])
1509 AC_RUN_IFELSE(
1510 [AC_LANG_SOURCE([[
1511 #include <stdlib.h>
1512 main() { char template[]="conftest.mkstemp-test";
1513 if (mkstemp(template) == -1)
1514 exit(1);
1515 unlink(template); exit(0);
1516 }
1517 ]])],
1518 [
1519 AC_MSG_RESULT(no)
1520 ],
1521 [
1522 AC_MSG_RESULT(yes)
1523 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1524 ],
1525 [
1526 AC_MSG_RESULT(yes)
1527 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1528 ]
1529 )
1530 fi
1532 dnl make sure that openpty does not reacquire controlling terminal
1533 if test ! -z "$check_for_openpty_ctty_bug"; then
1534 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1535 AC_RUN_IFELSE(
1536 [AC_LANG_SOURCE([[
1537 #include <stdio.h>
1538 #include <sys/fcntl.h>
1539 #include <sys/types.h>
1540 #include <sys/wait.h>
1542 int
1543 main()
1544 {
1545 pid_t pid;
1546 int fd, ptyfd, ttyfd, status;
1548 pid = fork();
1549 if (pid < 0) { /* failed */
1550 exit(1);
1551 } else if (pid > 0) { /* parent */
1552 waitpid(pid, &status, 0);
1553 if (WIFEXITED(status))
1554 exit(WEXITSTATUS(status));
1555 else
1556 exit(2);
1557 } else { /* child */
1558 close(0); close(1); close(2);
1559 setsid();
1560 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1561 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1562 if (fd >= 0)
1563 exit(3); /* Acquired ctty: broken */
1564 else
1565 exit(0); /* Did not acquire ctty: OK */
1566 }
1567 }
1568 ]])],
1569 [
1570 AC_MSG_RESULT(yes)
1571 ],
1572 [
1573 AC_MSG_RESULT(no)
1574 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1575 ],
1576 [
1577 AC_MSG_RESULT(cross-compiling, assuming yes)
1578 ]
1579 )
1580 fi
1582 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1583 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1584 AC_MSG_CHECKING(if getaddrinfo seems to work)
1585 AC_RUN_IFELSE(
1586 [AC_LANG_SOURCE([[
1587 #include <stdio.h>
1588 #include <sys/socket.h>
1589 #include <netdb.h>
1590 #include <errno.h>
1591 #include <netinet/in.h>
1593 #define TEST_PORT "2222"
1595 int
1596 main(void)
1597 {
1598 int err, sock;
1599 struct addrinfo *gai_ai, *ai, hints;
1600 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1602 memset(&hints, 0, sizeof(hints));
1603 hints.ai_family = PF_UNSPEC;
1604 hints.ai_socktype = SOCK_STREAM;
1605 hints.ai_flags = AI_PASSIVE;
1607 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1608 if (err != 0) {
1609 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1610 exit(1);
1611 }
1613 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1614 if (ai->ai_family != AF_INET6)
1615 continue;
1617 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1618 sizeof(ntop), strport, sizeof(strport),
1619 NI_NUMERICHOST|NI_NUMERICSERV);
1621 if (err != 0) {
1622 if (err == EAI_SYSTEM)
1623 perror("getnameinfo EAI_SYSTEM");
1624 else
1625 fprintf(stderr, "getnameinfo failed: %s\n",
1626 gai_strerror(err));
1627 exit(2);
1628 }
1630 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1631 if (sock < 0)
1632 perror("socket");
1633 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1634 if (errno == EBADF)
1635 exit(3);
1636 }
1637 }
1638 exit(0);
1639 }
1640 ]])],
1641 [
1642 AC_MSG_RESULT(yes)
1643 ],
1644 [
1645 AC_MSG_RESULT(no)
1646 AC_DEFINE(BROKEN_GETADDRINFO)
1647 ],
1648 [
1649 AC_MSG_RESULT(cross-compiling, assuming yes)
1650 ]
1651 )
1652 fi
1654 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1655 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1656 AC_MSG_CHECKING(if getaddrinfo seems to work)
1657 AC_RUN_IFELSE(
1658 [AC_LANG_SOURCE([[
1659 #include <stdio.h>
1660 #include <sys/socket.h>
1661 #include <netdb.h>
1662 #include <errno.h>
1663 #include <netinet/in.h>
1665 #define TEST_PORT "2222"
1667 int
1668 main(void)
1669 {
1670 int err, sock;
1671 struct addrinfo *gai_ai, *ai, hints;
1672 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1674 memset(&hints, 0, sizeof(hints));
1675 hints.ai_family = PF_UNSPEC;
1676 hints.ai_socktype = SOCK_STREAM;
1677 hints.ai_flags = AI_PASSIVE;
1679 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1680 if (err != 0) {
1681 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1682 exit(1);
1683 }
1685 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1686 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1687 continue;
1689 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1690 sizeof(ntop), strport, sizeof(strport),
1691 NI_NUMERICHOST|NI_NUMERICSERV);
1693 if (ai->ai_family == AF_INET && err != 0) {
1694 perror("getnameinfo");
1695 exit(2);
1696 }
1697 }
1698 exit(0);
1699 }
1700 ]])],
1701 [
1702 AC_MSG_RESULT(yes)
1703 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1704 [Define if you have a getaddrinfo that fails
1705 for the all-zeros IPv6 address])
1706 ],
1707 [
1708 AC_MSG_RESULT(no)
1709 AC_DEFINE(BROKEN_GETADDRINFO)
1710 ],
1711 [
1712 AC_MSG_RESULT(cross-compiling, assuming no)
1713 ]
1714 )
1715 fi
1717 if test "x$check_for_conflicting_getspnam" = "x1"; then
1718 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1719 AC_COMPILE_IFELSE(
1720 [
1721 #include <shadow.h>
1722 int main(void) {exit(0);}
1723 ],
1724 [
1725 AC_MSG_RESULT(no)
1726 ],
1727 [
1728 AC_MSG_RESULT(yes)
1729 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1730 [Conflicting defs for getspnam])
1731 ]
1732 )
1733 fi
1735 AC_FUNC_GETPGRP
1737 # Search for OpenSSL
1738 saved_CPPFLAGS="$CPPFLAGS"
1739 saved_LDFLAGS="$LDFLAGS"
1740 AC_ARG_WITH(ssl-dir,
1741 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1742 [
1743 if test "x$withval" != "xno" ; then
1744 case "$withval" in
1745 # Relative paths
1746 ./*|../*) withval="`pwd`/$withval"
1747 esac
1748 if test -d "$withval/lib"; then
1749 if test -n "${need_dash_r}"; then
1750 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1751 else
1752 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1753 fi
1754 else
1755 if test -n "${need_dash_r}"; then
1756 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1757 else
1758 LDFLAGS="-L${withval} ${LDFLAGS}"
1759 fi
1760 fi
1761 if test -d "$withval/include"; then
1762 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1763 else
1764 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1765 fi
1766 fi
1767 ]
1768 )
1769 LIBS="-lcrypto $LIBS"
1770 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1771 [Define if your ssl headers are included
1772 with #include <openssl/header.h>]),
1773 [
1774 dnl Check default openssl install dir
1775 if test -n "${need_dash_r}"; then
1776 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1777 else
1778 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1779 fi
1780 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1781 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1782 [
1783 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1784 ]
1785 )
1786 ]
1787 )
1789 # Determine OpenSSL header version
1790 AC_MSG_CHECKING([OpenSSL header version])
1791 AC_RUN_IFELSE(
1792 [AC_LANG_SOURCE([[
1793 #include <stdio.h>
1794 #include <string.h>
1795 #include <openssl/opensslv.h>
1796 #define DATA "conftest.sslincver"
1797 int main(void) {
1798 FILE *fd;
1799 int rc;
1801 fd = fopen(DATA,"w");
1802 if(fd == NULL)
1803 exit(1);
1805 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1806 exit(1);
1808 exit(0);
1809 }
1810 ]])],
1811 [
1812 ssl_header_ver=`cat conftest.sslincver`
1813 AC_MSG_RESULT($ssl_header_ver)
1814 ],
1815 [
1816 AC_MSG_RESULT(not found)
1817 AC_MSG_ERROR(OpenSSL version header not found.)
1818 ],
1819 [
1820 AC_MSG_WARN([cross compiling: not checking])
1821 ]
1822 )
1824 # Determine OpenSSL library version
1825 AC_MSG_CHECKING([OpenSSL library version])
1826 AC_RUN_IFELSE(
1827 [AC_LANG_SOURCE([[
1828 #include <stdio.h>
1829 #include <string.h>
1830 #include <openssl/opensslv.h>
1831 #include <openssl/crypto.h>
1832 #define DATA "conftest.ssllibver"
1833 int main(void) {
1834 FILE *fd;
1835 int rc;
1837 fd = fopen(DATA,"w");
1838 if(fd == NULL)
1839 exit(1);
1841 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1842 exit(1);
1844 exit(0);
1845 }
1846 ]])],
1847 [
1848 ssl_library_ver=`cat conftest.ssllibver`
1849 AC_MSG_RESULT($ssl_library_ver)
1850 ],
1851 [
1852 AC_MSG_RESULT(not found)
1853 AC_MSG_ERROR(OpenSSL library not found.)
1854 ],
1855 [
1856 AC_MSG_WARN([cross compiling: not checking])
1857 ]
1858 )
1860 AC_ARG_WITH(openssl-header-check,
1861 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1862 [ if test "x$withval" = "xno" ; then
1863 openssl_check_nonfatal=1
1864 fi
1865 ]
1866 )
1868 # Sanity check OpenSSL headers
1869 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1870 AC_RUN_IFELSE(
1871 [AC_LANG_SOURCE([[
1872 #include <string.h>
1873 #include <openssl/opensslv.h>
1874 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1875 ]])],
1876 [
1877 AC_MSG_RESULT(yes)
1878 ],
1879 [
1880 AC_MSG_RESULT(no)
1881 if test "x$openssl_check_nonfatal" = "x"; then
1882 AC_MSG_ERROR([Your OpenSSL headers do not match your
1883 library. Check config.log for details.
1884 If you are sure your installation is consistent, you can disable the check
1885 by running "./configure --without-openssl-header-check".
1886 Also see contrib/findssl.sh for help identifying header/library mismatches.
1887 ])
1888 else
1889 AC_MSG_WARN([Your OpenSSL headers do not match your
1890 library. Check config.log for details.
1891 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1892 fi
1893 ],
1894 [
1895 AC_MSG_WARN([cross compiling: not checking])
1896 ]
1897 )
1899 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1900 AC_LINK_IFELSE(
1901 [AC_LANG_SOURCE([[
1902 #include <openssl/evp.h>
1903 int main(void) { SSLeay_add_all_algorithms(); }
1904 ]])],
1905 [
1906 AC_MSG_RESULT(yes)
1907 ],
1908 [
1909 AC_MSG_RESULT(no)
1910 saved_LIBS="$LIBS"
1911 LIBS="$LIBS -ldl"
1912 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1913 AC_LINK_IFELSE(
1914 [AC_LANG_SOURCE([[
1915 #include <openssl/evp.h>
1916 int main(void) { SSLeay_add_all_algorithms(); }
1917 ]])],
1918 [
1919 AC_MSG_RESULT(yes)
1920 ],
1921 [
1922 AC_MSG_RESULT(no)
1923 LIBS="$saved_LIBS"
1924 ]
1925 )
1926 ]
1927 )
1929 AC_ARG_WITH(ssl-engine,
1930 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1931 [ if test "x$withval" != "xno" ; then
1932 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1933 AC_TRY_COMPILE(
1934 [ #include <openssl/engine.h>],
1935 [
1936 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1937 ],
1938 [ AC_MSG_RESULT(yes)
1939 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1940 [Enable OpenSSL engine support])
1941 ],
1942 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1943 )
1944 fi ]
1945 )
1947 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1948 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1949 AC_LINK_IFELSE(
1950 [AC_LANG_SOURCE([[
1951 #include <string.h>
1952 #include <openssl/evp.h>
1953 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1954 ]])],
1955 [
1956 AC_MSG_RESULT(no)
1957 ],
1958 [
1959 AC_MSG_RESULT(yes)
1960 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1961 [libcrypto is missing AES 192 and 256 bit functions])
1962 ]
1963 )
1965 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1966 # because the system crypt() is more featureful.
1967 if test "x$check_for_libcrypt_before" = "x1"; then
1968 AC_CHECK_LIB(crypt, crypt)
1969 fi
1971 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1972 # version in OpenSSL.
1973 if test "x$check_for_libcrypt_later" = "x1"; then
1974 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1975 fi
1977 # Search for SHA256 support in libc and/or OpenSSL
1978 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1980 AC_CHECK_LIB(iaf, ia_openinfo)
1982 ### Configure cryptographic random number support
1984 # Check wheter OpenSSL seeds itself
1985 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1986 AC_RUN_IFELSE(
1987 [AC_LANG_SOURCE([[
1988 #include <string.h>
1989 #include <openssl/rand.h>
1990 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1991 ]])],
1992 [
1993 OPENSSL_SEEDS_ITSELF=yes
1994 AC_MSG_RESULT(yes)
1995 ],
1996 [
1997 AC_MSG_RESULT(no)
1998 # Default to use of the rand helper if OpenSSL doesn't
1999 # seed itself
2000 USE_RAND_HELPER=yes
2001 ],
2002 [
2003 AC_MSG_WARN([cross compiling: assuming yes])
2004 # This is safe, since all recent OpenSSL versions will
2005 # complain at runtime if not seeded correctly.
2006 OPENSSL_SEEDS_ITSELF=yes
2007 ]
2008 )
2010 # Check for PAM libs
2011 PAM_MSG="no"
2012 AC_ARG_WITH(pam,
2013 [ --with-pam Enable PAM support ],
2014 [
2015 if test "x$withval" != "xno" ; then
2016 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2017 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2018 AC_MSG_ERROR([PAM headers not found])
2019 fi
2021 saved_LIBS="$LIBS"
2022 AC_CHECK_LIB(dl, dlopen, , )
2023 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2024 AC_CHECK_FUNCS(pam_getenvlist)
2025 AC_CHECK_FUNCS(pam_putenv)
2026 LIBS="$saved_LIBS"
2028 PAM_MSG="yes"
2030 LIBPAM="-lpam"
2031 AC_DEFINE(USE_PAM, 1,
2032 [Define if you want to enable PAM support])
2034 if test $ac_cv_lib_dl_dlopen = yes; then
2035 case "$LIBS" in
2036 *-ldl*)
2037 # libdl already in LIBS
2038 ;;
2039 *)
2040 LIBPAM="$LIBPAM -ldl"
2041 ;;
2042 esac
2043 fi
2044 AC_SUBST(LIBPAM)
2045 fi
2046 ]
2047 )
2049 # Check for older PAM
2050 if test "x$PAM_MSG" = "xyes" ; then
2051 # Check PAM strerror arguments (old PAM)
2052 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2053 AC_TRY_COMPILE(
2054 [
2055 #include <stdlib.h>
2056 #if defined(HAVE_SECURITY_PAM_APPL_H)
2057 #include <security/pam_appl.h>
2058 #elif defined (HAVE_PAM_PAM_APPL_H)
2059 #include <pam/pam_appl.h>
2060 #endif
2061 ],
2062 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2063 [AC_MSG_RESULT(no)],
2064 [
2065 AC_DEFINE(HAVE_OLD_PAM, 1,
2066 [Define if you have an old version of PAM
2067 which takes only one argument to pam_strerror])
2068 AC_MSG_RESULT(yes)
2069 PAM_MSG="yes (old library)"
2070 ]
2071 )
2072 fi
2074 # Do we want to force the use of the rand helper?
2075 AC_ARG_WITH(rand-helper,
2076 [ --with-rand-helper Use subprocess to gather strong randomness ],
2077 [
2078 if test "x$withval" = "xno" ; then
2079 # Force use of OpenSSL's internal RNG, even if
2080 # the previous test showed it to be unseeded.
2081 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2082 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2083 OPENSSL_SEEDS_ITSELF=yes
2084 USE_RAND_HELPER=""
2085 fi
2086 else
2087 USE_RAND_HELPER=yes
2088 fi
2089 ],
2090 )
2092 # Which randomness source do we use?
2093 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2094 # OpenSSL only
2095 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2096 [Define if you want OpenSSL's internally seeded PRNG only])
2097 RAND_MSG="OpenSSL internal ONLY"
2098 INSTALL_SSH_RAND_HELPER=""
2099 elif test ! -z "$USE_RAND_HELPER" ; then
2100 # install rand helper
2101 RAND_MSG="ssh-rand-helper"
2102 INSTALL_SSH_RAND_HELPER="yes"
2103 fi
2104 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2106 ### Configuration of ssh-rand-helper
2108 # PRNGD TCP socket
2109 AC_ARG_WITH(prngd-port,
2110 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2111 [
2112 case "$withval" in
2113 no)
2114 withval=""
2115 ;;
2116 [[0-9]]*)
2117 ;;
2118 *)
2119 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2120 ;;
2121 esac
2122 if test ! -z "$withval" ; then
2123 PRNGD_PORT="$withval"
2124 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2125 [Port number of PRNGD/EGD random number socket])
2126 fi
2127 ]
2128 )
2130 # PRNGD Unix domain socket
2131 AC_ARG_WITH(prngd-socket,
2132 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2133 [
2134 case "$withval" in
2135 yes)
2136 withval="/var/run/egd-pool"
2137 ;;
2138 no)
2139 withval=""
2140 ;;
2141 /*)
2142 ;;
2143 *)
2144 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2145 ;;
2146 esac
2148 if test ! -z "$withval" ; then
2149 if test ! -z "$PRNGD_PORT" ; then
2150 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2151 fi
2152 if test ! -r "$withval" ; then
2153 AC_MSG_WARN(Entropy socket is not readable)
2154 fi
2155 PRNGD_SOCKET="$withval"
2156 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2157 [Location of PRNGD/EGD random number socket])
2158 fi
2159 ],
2160 [
2161 # Check for existing socket only if we don't have a random device already
2162 if test "$USE_RAND_HELPER" = yes ; then
2163 AC_MSG_CHECKING(for PRNGD/EGD socket)
2164 # Insert other locations here
2165 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2166 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2167 PRNGD_SOCKET="$sock"
2168 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2169 break;
2170 fi
2171 done
2172 if test ! -z "$PRNGD_SOCKET" ; then
2173 AC_MSG_RESULT($PRNGD_SOCKET)
2174 else
2175 AC_MSG_RESULT(not found)
2176 fi
2177 fi
2178 ]
2179 )
2181 # Change default command timeout for hashing entropy source
2182 entropy_timeout=200
2183 AC_ARG_WITH(entropy-timeout,
2184 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2185 [
2186 if test -n "$withval" && test "x$withval" != "xno" && \
2187 test "x${withval}" != "xyes"; then
2188 entropy_timeout=$withval
2189 fi
2190 ]
2191 )
2192 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2193 [Builtin PRNG command timeout])
2195 SSH_PRIVSEP_USER=sshd
2196 AC_ARG_WITH(privsep-user,
2197 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2198 [
2199 if test -n "$withval" && test "x$withval" != "xno" && \
2200 test "x${withval}" != "xyes"; then
2201 SSH_PRIVSEP_USER=$withval
2202 fi
2203 ]
2204 )
2205 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2206 [non-privileged user for privilege separation])
2207 AC_SUBST(SSH_PRIVSEP_USER)
2209 # We do this little dance with the search path to insure
2210 # that programs that we select for use by installed programs
2211 # (which may be run by the super-user) come from trusted
2212 # locations before they come from the user's private area.
2213 # This should help avoid accidentally configuring some
2214 # random version of a program in someone's personal bin.
2216 OPATH=$PATH
2217 PATH=/bin:/usr/bin
2218 test -h /bin 2> /dev/null && PATH=/usr/bin
2219 test -d /sbin && PATH=$PATH:/sbin
2220 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2221 PATH=$PATH:/etc:$OPATH
2223 # These programs are used by the command hashing source to gather entropy
2224 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2225 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2226 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2227 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2228 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2229 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2230 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2231 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2232 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2233 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2234 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2235 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2236 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2237 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2238 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2239 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2240 # restore PATH
2241 PATH=$OPATH
2243 # Where does ssh-rand-helper get its randomness from?
2244 INSTALL_SSH_PRNG_CMDS=""
2245 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2246 if test ! -z "$PRNGD_PORT" ; then
2247 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2248 elif test ! -z "$PRNGD_SOCKET" ; then
2249 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2250 else
2251 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2252 RAND_HELPER_CMDHASH=yes
2253 INSTALL_SSH_PRNG_CMDS="yes"
2254 fi
2255 fi
2256 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2259 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2260 if test ! -z "$SONY" ; then
2261 LIBS="$LIBS -liberty";
2262 fi
2264 # Check for long long datatypes
2265 AC_CHECK_TYPES([long long, unsigned long long, long double])
2267 # Check datatype sizes
2268 AC_CHECK_SIZEOF(char, 1)
2269 AC_CHECK_SIZEOF(short int, 2)
2270 AC_CHECK_SIZEOF(int, 4)
2271 AC_CHECK_SIZEOF(long int, 4)
2272 AC_CHECK_SIZEOF(long long int, 8)
2274 # Sanity check long long for some platforms (AIX)
2275 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2276 ac_cv_sizeof_long_long_int=0
2277 fi
2279 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2280 if test -z "$have_llong_max"; then
2281 AC_MSG_CHECKING([for max value of long long])
2282 AC_RUN_IFELSE(
2283 [AC_LANG_SOURCE([[
2284 #include <stdio.h>
2285 /* Why is this so damn hard? */
2286 #ifdef __GNUC__
2287 # undef __GNUC__
2288 #endif
2289 #define __USE_ISOC99
2290 #include <limits.h>
2291 #define DATA "conftest.llminmax"
2292 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2294 /*
2295 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2296 * we do this the hard way.
2297 */
2298 static int
2299 fprint_ll(FILE *f, long long n)
2300 {
2301 unsigned int i;
2302 int l[sizeof(long long) * 8];
2304 if (n < 0)
2305 if (fprintf(f, "-") < 0)
2306 return -1;
2307 for (i = 0; n != 0; i++) {
2308 l[i] = my_abs(n % 10);
2309 n /= 10;
2310 }
2311 do {
2312 if (fprintf(f, "%d", l[--i]) < 0)
2313 return -1;
2314 } while (i != 0);
2315 if (fprintf(f, " ") < 0)
2316 return -1;
2317 return 0;
2318 }
2320 int main(void) {
2321 FILE *f;
2322 long long i, llmin, llmax = 0;
2324 if((f = fopen(DATA,"w")) == NULL)
2325 exit(1);
2327 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2328 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2329 llmin = LLONG_MIN;
2330 llmax = LLONG_MAX;
2331 #else
2332 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2333 /* This will work on one's complement and two's complement */
2334 for (i = 1; i > llmax; i <<= 1, i++)
2335 llmax = i;
2336 llmin = llmax + 1LL; /* wrap */
2337 #endif
2339 /* Sanity check */
2340 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2341 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2342 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2343 fprintf(f, "unknown unknown\n");
2344 exit(2);
2345 }
2347 if (fprint_ll(f, llmin) < 0)
2348 exit(3);
2349 if (fprint_ll(f, llmax) < 0)
2350 exit(4);
2351 if (fclose(f) < 0)
2352 exit(5);
2353 exit(0);
2354 }
2355 ]])],
2356 [
2357 llong_min=`$AWK '{print $1}' conftest.llminmax`
2358 llong_max=`$AWK '{print $2}' conftest.llminmax`
2360 AC_MSG_RESULT($llong_max)
2361 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2362 [max value of long long calculated by configure])
2363 AC_MSG_CHECKING([for min value of long long])
2364 AC_MSG_RESULT($llong_min)
2365 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2366 [min value of long long calculated by configure])
2367 ],
2368 [
2369 AC_MSG_RESULT(not found)
2370 ],
2371 [
2372 AC_MSG_WARN([cross compiling: not checking])
2373 ]
2374 )
2375 fi
2378 # More checks for data types
2379 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2380 AC_TRY_COMPILE(
2381 [ #include <sys/types.h> ],
2382 [ u_int a; a = 1;],
2383 [ ac_cv_have_u_int="yes" ],
2384 [ ac_cv_have_u_int="no" ]
2385 )
2386 ])
2387 if test "x$ac_cv_have_u_int" = "xyes" ; then
2388 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2389 have_u_int=1
2390 fi
2392 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2393 AC_TRY_COMPILE(
2394 [ #include <sys/types.h> ],
2395 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2396 [ ac_cv_have_intxx_t="yes" ],
2397 [ ac_cv_have_intxx_t="no" ]
2398 )
2399 ])
2400 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2401 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2402 have_intxx_t=1
2403 fi
2405 if (test -z "$have_intxx_t" && \
2406 test "x$ac_cv_header_stdint_h" = "xyes")
2407 then
2408 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2409 AC_TRY_COMPILE(
2410 [ #include <stdint.h> ],
2411 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2412 [
2413 AC_DEFINE(HAVE_INTXX_T)
2414 AC_MSG_RESULT(yes)
2415 ],
2416 [ AC_MSG_RESULT(no) ]
2417 )
2418 fi
2420 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2421 AC_TRY_COMPILE(
2422 [
2423 #include <sys/types.h>
2424 #ifdef HAVE_STDINT_H
2425 # include <stdint.h>
2426 #endif
2427 #include <sys/socket.h>
2428 #ifdef HAVE_SYS_BITYPES_H
2429 # include <sys/bitypes.h>
2430 #endif
2431 ],
2432 [ int64_t a; a = 1;],
2433 [ ac_cv_have_int64_t="yes" ],
2434 [ ac_cv_have_int64_t="no" ]
2435 )
2436 ])
2437 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2438 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2439 fi
2441 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2442 AC_TRY_COMPILE(
2443 [ #include <sys/types.h> ],
2444 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2445 [ ac_cv_have_u_intxx_t="yes" ],
2446 [ ac_cv_have_u_intxx_t="no" ]
2447 )
2448 ])
2449 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2450 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2451 have_u_intxx_t=1
2452 fi
2454 if test -z "$have_u_intxx_t" ; then
2455 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2456 AC_TRY_COMPILE(
2457 [ #include <sys/socket.h> ],
2458 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2459 [
2460 AC_DEFINE(HAVE_U_INTXX_T)
2461 AC_MSG_RESULT(yes)
2462 ],
2463 [ AC_MSG_RESULT(no) ]
2464 )
2465 fi
2467 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2468 AC_TRY_COMPILE(
2469 [ #include <sys/types.h> ],
2470 [ u_int64_t a; a = 1;],
2471 [ ac_cv_have_u_int64_t="yes" ],
2472 [ ac_cv_have_u_int64_t="no" ]
2473 )
2474 ])
2475 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2476 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2477 have_u_int64_t=1
2478 fi
2480 if test -z "$have_u_int64_t" ; then
2481 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2482 AC_TRY_COMPILE(
2483 [ #include <sys/bitypes.h> ],
2484 [ u_int64_t a; a = 1],
2485 [
2486 AC_DEFINE(HAVE_U_INT64_T)
2487 AC_MSG_RESULT(yes)
2488 ],
2489 [ AC_MSG_RESULT(no) ]
2490 )
2491 fi
2493 if test -z "$have_u_intxx_t" ; then
2494 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2495 AC_TRY_COMPILE(
2496 [
2497 #include <sys/types.h>
2498 ],
2499 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2500 [ ac_cv_have_uintxx_t="yes" ],
2501 [ ac_cv_have_uintxx_t="no" ]
2502 )
2503 ])
2504 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2505 AC_DEFINE(HAVE_UINTXX_T, 1,
2506 [define if you have uintxx_t data type])
2507 fi
2508 fi
2510 if test -z "$have_uintxx_t" ; then
2511 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2512 AC_TRY_COMPILE(
2513 [ #include <stdint.h> ],
2514 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2515 [
2516 AC_DEFINE(HAVE_UINTXX_T)
2517 AC_MSG_RESULT(yes)
2518 ],
2519 [ AC_MSG_RESULT(no) ]
2520 )
2521 fi
2523 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2524 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2525 then
2526 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2527 AC_TRY_COMPILE(
2528 [
2529 #include <sys/bitypes.h>
2530 ],
2531 [
2532 int8_t a; int16_t b; int32_t c;
2533 u_int8_t e; u_int16_t f; u_int32_t g;
2534 a = b = c = e = f = g = 1;
2535 ],
2536 [
2537 AC_DEFINE(HAVE_U_INTXX_T)
2538 AC_DEFINE(HAVE_INTXX_T)
2539 AC_MSG_RESULT(yes)
2540 ],
2541 [AC_MSG_RESULT(no)]
2542 )
2543 fi
2546 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2547 AC_TRY_COMPILE(
2548 [
2549 #include <sys/types.h>
2550 ],
2551 [ u_char foo; foo = 125; ],
2552 [ ac_cv_have_u_char="yes" ],
2553 [ ac_cv_have_u_char="no" ]
2554 )
2555 ])
2556 if test "x$ac_cv_have_u_char" = "xyes" ; then
2557 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2558 fi
2560 TYPE_SOCKLEN_T
2562 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2564 AC_CHECK_TYPES(in_addr_t,,,
2565 [#include <sys/types.h>
2566 #include <netinet/in.h>])
2568 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2569 AC_TRY_COMPILE(
2570 [
2571 #include <sys/types.h>
2572 ],
2573 [ size_t foo; foo = 1235; ],
2574 [ ac_cv_have_size_t="yes" ],
2575 [ ac_cv_have_size_t="no" ]
2576 )
2577 ])
2578 if test "x$ac_cv_have_size_t" = "xyes" ; then
2579 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2580 fi
2582 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2583 AC_TRY_COMPILE(
2584 [
2585 #include <sys/types.h>
2586 ],
2587 [ ssize_t foo; foo = 1235; ],
2588 [ ac_cv_have_ssize_t="yes" ],
2589 [ ac_cv_have_ssize_t="no" ]
2590 )
2591 ])
2592 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2593 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2594 fi
2596 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2597 AC_TRY_COMPILE(
2598 [
2599 #include <time.h>
2600 ],
2601 [ clock_t foo; foo = 1235; ],
2602 [ ac_cv_have_clock_t="yes" ],
2603 [ ac_cv_have_clock_t="no" ]
2604 )
2605 ])
2606 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2607 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2608 fi
2610 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2611 AC_TRY_COMPILE(
2612 [
2613 #include <sys/types.h>
2614 #include <sys/socket.h>
2615 ],
2616 [ sa_family_t foo; foo = 1235; ],
2617 [ ac_cv_have_sa_family_t="yes" ],
2618 [ AC_TRY_COMPILE(
2619 [
2620 #include <sys/types.h>
2621 #include <sys/socket.h>
2622 #include <netinet/in.h>
2623 ],
2624 [ sa_family_t foo; foo = 1235; ],
2625 [ ac_cv_have_sa_family_t="yes" ],
2627 [ ac_cv_have_sa_family_t="no" ]
2628 )]
2629 )
2630 ])
2631 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2632 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2633 [define if you have sa_family_t data type])
2634 fi
2636 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2637 AC_TRY_COMPILE(
2638 [
2639 #include <sys/types.h>
2640 ],
2641 [ pid_t foo; foo = 1235; ],
2642 [ ac_cv_have_pid_t="yes" ],
2643 [ ac_cv_have_pid_t="no" ]
2644 )
2645 ])
2646 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2647 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2648 fi
2650 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2651 AC_TRY_COMPILE(
2652 [
2653 #include <sys/types.h>
2654 ],
2655 [ mode_t foo; foo = 1235; ],
2656 [ ac_cv_have_mode_t="yes" ],
2657 [ ac_cv_have_mode_t="no" ]
2658 )
2659 ])
2660 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2661 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2662 fi
2665 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2666 AC_TRY_COMPILE(
2667 [
2668 #include <sys/types.h>
2669 #include <sys/socket.h>
2670 ],
2671 [ struct sockaddr_storage s; ],
2672 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2673 [ ac_cv_have_struct_sockaddr_storage="no" ]
2674 )
2675 ])
2676 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2677 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2678 [define if you have struct sockaddr_storage data type])
2679 fi
2681 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2682 AC_TRY_COMPILE(
2683 [
2684 #include <sys/types.h>
2685 #include <netinet/in.h>
2686 ],
2687 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2688 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2689 [ ac_cv_have_struct_sockaddr_in6="no" ]
2690 )
2691 ])
2692 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2693 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2694 [define if you have struct sockaddr_in6 data type])
2695 fi
2697 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2698 AC_TRY_COMPILE(
2699 [
2700 #include <sys/types.h>
2701 #include <netinet/in.h>
2702 ],
2703 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2704 [ ac_cv_have_struct_in6_addr="yes" ],
2705 [ ac_cv_have_struct_in6_addr="no" ]
2706 )
2707 ])
2708 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2709 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2710 [define if you have struct in6_addr data type])
2711 fi
2713 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2714 AC_TRY_COMPILE(
2715 [
2716 #include <sys/types.h>
2717 #include <sys/socket.h>
2718 #include <netdb.h>
2719 ],
2720 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2721 [ ac_cv_have_struct_addrinfo="yes" ],
2722 [ ac_cv_have_struct_addrinfo="no" ]
2723 )
2724 ])
2725 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2726 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2727 [define if you have struct addrinfo data type])
2728 fi
2730 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2731 AC_TRY_COMPILE(
2732 [ #include <sys/time.h> ],
2733 [ struct timeval tv; tv.tv_sec = 1;],
2734 [ ac_cv_have_struct_timeval="yes" ],
2735 [ ac_cv_have_struct_timeval="no" ]
2736 )
2737 ])
2738 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2739 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2740 have_struct_timeval=1
2741 fi
2743 AC_CHECK_TYPES(struct timespec)
2745 # We need int64_t or else certian parts of the compile will fail.
2746 if test "x$ac_cv_have_int64_t" = "xno" && \
2747 test "x$ac_cv_sizeof_long_int" != "x8" && \
2748 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2749 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2750 echo "an alternative compiler (I.E., GCC) before continuing."
2751 echo ""
2752 exit 1;
2753 else
2754 dnl test snprintf (broken on SCO w/gcc)
2755 AC_RUN_IFELSE(
2756 [AC_LANG_SOURCE([[
2757 #include <stdio.h>
2758 #include <string.h>
2759 #ifdef HAVE_SNPRINTF
2760 main()
2761 {
2762 char buf[50];
2763 char expected_out[50];
2764 int mazsize = 50 ;
2765 #if (SIZEOF_LONG_INT == 8)
2766 long int num = 0x7fffffffffffffff;
2767 #else
2768 long long num = 0x7fffffffffffffffll;
2769 #endif
2770 strcpy(expected_out, "9223372036854775807");
2771 snprintf(buf, mazsize, "%lld", num);
2772 if(strcmp(buf, expected_out) != 0)
2773 exit(1);
2774 exit(0);
2775 }
2776 #else
2777 main() { exit(0); }
2778 #endif
2779 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2780 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2781 )
2782 fi
2784 dnl Checks for structure members
2785 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2786 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2787 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2788 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2789 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2790 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2791 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2792 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2793 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2794 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2795 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2796 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2797 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2798 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2799 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2800 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2801 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2803 AC_CHECK_MEMBERS([struct stat.st_blksize])
2804 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2805 [Define if we don't have struct __res_state in resolv.h])],
2806 [
2807 #include <stdio.h>
2808 #if HAVE_SYS_TYPES_H
2809 # include <sys/types.h>
2810 #endif
2811 #include <netinet/in.h>
2812 #include <arpa/nameser.h>
2813 #include <resolv.h>
2814 ])
2816 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2817 ac_cv_have_ss_family_in_struct_ss, [
2818 AC_TRY_COMPILE(
2819 [
2820 #include <sys/types.h>
2821 #include <sys/socket.h>
2822 ],
2823 [ struct sockaddr_storage s; s.ss_family = 1; ],
2824 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2825 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2826 )
2827 ])
2828 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2829 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2830 fi
2832 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2833 ac_cv_have___ss_family_in_struct_ss, [
2834 AC_TRY_COMPILE(
2835 [
2836 #include <sys/types.h>
2837 #include <sys/socket.h>
2838 ],
2839 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2840 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2841 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2842 )
2843 ])
2844 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2845 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2846 [Fields in struct sockaddr_storage])
2847 fi
2849 AC_CACHE_CHECK([for pw_class field in struct passwd],
2850 ac_cv_have_pw_class_in_struct_passwd, [
2851 AC_TRY_COMPILE(
2852 [
2853 #include <pwd.h>
2854 ],
2855 [ struct passwd p; p.pw_class = 0; ],
2856 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2857 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2858 )
2859 ])
2860 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2861 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2862 [Define if your password has a pw_class field])
2863 fi
2865 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2866 ac_cv_have_pw_expire_in_struct_passwd, [
2867 AC_TRY_COMPILE(
2868 [
2869 #include <pwd.h>
2870 ],
2871 [ struct passwd p; p.pw_expire = 0; ],
2872 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2873 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2874 )
2875 ])
2876 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2877 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2878 [Define if your password has a pw_expire field])
2879 fi
2881 AC_CACHE_CHECK([for pw_change field in struct passwd],
2882 ac_cv_have_pw_change_in_struct_passwd, [
2883 AC_TRY_COMPILE(
2884 [
2885 #include <pwd.h>
2886 ],
2887 [ struct passwd p; p.pw_change = 0; ],
2888 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2889 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2890 )
2891 ])
2892 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2893 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2894 [Define if your password has a pw_change field])
2895 fi
2897 dnl make sure we're using the real structure members and not defines
2898 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2899 ac_cv_have_accrights_in_msghdr, [
2900 AC_COMPILE_IFELSE(
2901 [
2902 #include <sys/types.h>
2903 #include <sys/socket.h>
2904 #include <sys/uio.h>
2905 int main() {
2906 #ifdef msg_accrights
2907 #error "msg_accrights is a macro"
2908 exit(1);
2909 #endif
2910 struct msghdr m;
2911 m.msg_accrights = 0;
2912 exit(0);
2913 }
2914 ],
2915 [ ac_cv_have_accrights_in_msghdr="yes" ],
2916 [ ac_cv_have_accrights_in_msghdr="no" ]
2917 )
2918 ])
2919 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2920 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2921 [Define if your system uses access rights style
2922 file descriptor passing])
2923 fi
2925 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2926 ac_cv_have_control_in_msghdr, [
2927 AC_COMPILE_IFELSE(
2928 [
2929 #include <sys/types.h>
2930 #include <sys/socket.h>
2931 #include <sys/uio.h>
2932 int main() {
2933 #ifdef msg_control
2934 #error "msg_control is a macro"
2935 exit(1);
2936 #endif
2937 struct msghdr m;
2938 m.msg_control = 0;
2939 exit(0);
2940 }
2941 ],
2942 [ ac_cv_have_control_in_msghdr="yes" ],
2943 [ ac_cv_have_control_in_msghdr="no" ]
2944 )
2945 ])
2946 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2947 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2948 [Define if your system uses ancillary data style
2949 file descriptor passing])
2950 fi
2952 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2953 AC_TRY_LINK([],
2954 [ extern char *__progname; printf("%s", __progname); ],
2955 [ ac_cv_libc_defines___progname="yes" ],
2956 [ ac_cv_libc_defines___progname="no" ]
2957 )
2958 ])
2959 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2960 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2961 fi
2963 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2964 AC_TRY_LINK([
2965 #include <stdio.h>
2966 ],
2967 [ printf("%s", __FUNCTION__); ],
2968 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2969 [ ac_cv_cc_implements___FUNCTION__="no" ]
2970 )
2971 ])
2972 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2973 AC_DEFINE(HAVE___FUNCTION__, 1,
2974 [Define if compiler implements __FUNCTION__])
2975 fi
2977 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2978 AC_TRY_LINK([
2979 #include <stdio.h>
2980 ],
2981 [ printf("%s", __func__); ],
2982 [ ac_cv_cc_implements___func__="yes" ],
2983 [ ac_cv_cc_implements___func__="no" ]
2984 )
2985 ])
2986 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2987 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2988 fi
2990 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2991 AC_TRY_LINK(
2992 [#include <stdarg.h>
2993 va_list x,y;],
2994 [va_copy(x,y);],
2995 [ ac_cv_have_va_copy="yes" ],
2996 [ ac_cv_have_va_copy="no" ]
2997 )
2998 ])
2999 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3000 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3001 fi
3003 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3004 AC_TRY_LINK(
3005 [#include <stdarg.h>
3006 va_list x,y;],
3007 [__va_copy(x,y);],
3008 [ ac_cv_have___va_copy="yes" ],
3009 [ ac_cv_have___va_copy="no" ]
3010 )
3011 ])
3012 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3013 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3014 fi
3016 AC_CACHE_CHECK([whether getopt has optreset support],
3017 ac_cv_have_getopt_optreset, [
3018 AC_TRY_LINK(
3019 [
3020 #include <getopt.h>
3021 ],
3022 [ extern int optreset; optreset = 0; ],
3023 [ ac_cv_have_getopt_optreset="yes" ],
3024 [ ac_cv_have_getopt_optreset="no" ]
3025 )
3026 ])
3027 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3028 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3029 [Define if your getopt(3) defines and uses optreset])
3030 fi
3032 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3033 AC_TRY_LINK([],
3034 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3035 [ ac_cv_libc_defines_sys_errlist="yes" ],
3036 [ ac_cv_libc_defines_sys_errlist="no" ]
3037 )
3038 ])
3039 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3040 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3041 [Define if your system defines sys_errlist[]])
3042 fi
3045 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3046 AC_TRY_LINK([],
3047 [ extern int sys_nerr; printf("%i", sys_nerr);],
3048 [ ac_cv_libc_defines_sys_nerr="yes" ],
3049 [ ac_cv_libc_defines_sys_nerr="no" ]
3050 )
3051 ])
3052 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3053 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3054 fi
3056 SCARD_MSG="no"
3057 # Check whether user wants sectok support
3058 AC_ARG_WITH(sectok,
3059 [ --with-sectok Enable smartcard support using libsectok],
3060 [
3061 if test "x$withval" != "xno" ; then
3062 if test "x$withval" != "xyes" ; then
3063 CPPFLAGS="$CPPFLAGS -I${withval}"
3064 LDFLAGS="$LDFLAGS -L${withval}"
3065 if test ! -z "$need_dash_r" ; then
3066 LDFLAGS="$LDFLAGS -R${withval}"
3067 fi
3068 if test ! -z "$blibpath" ; then
3069 blibpath="$blibpath:${withval}"
3070 fi
3071 fi
3072 AC_CHECK_HEADERS(sectok.h)
3073 if test "$ac_cv_header_sectok_h" != yes; then
3074 AC_MSG_ERROR(Can't find sectok.h)
3075 fi
3076 AC_CHECK_LIB(sectok, sectok_open)
3077 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3078 AC_MSG_ERROR(Can't find libsectok)
3079 fi
3080 AC_DEFINE(SMARTCARD, 1,
3081 [Define if you want smartcard support])
3082 AC_DEFINE(USE_SECTOK, 1,
3083 [Define if you want smartcard support
3084 using sectok])
3085 SCARD_MSG="yes, using sectok"
3086 fi
3087 ]
3088 )
3090 # Check whether user wants OpenSC support
3091 OPENSC_CONFIG="no"
3092 AC_ARG_WITH(opensc,
3093 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3094 [
3095 if test "x$withval" != "xno" ; then
3096 if test "x$withval" != "xyes" ; then
3097 OPENSC_CONFIG=$withval/bin/opensc-config
3098 else
3099 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3100 fi
3101 if test "$OPENSC_CONFIG" != "no"; then
3102 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3103 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3104 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3105 LIBS="$LIBS $LIBOPENSC_LIBS"
3106 AC_DEFINE(SMARTCARD)
3107 AC_DEFINE(USE_OPENSC, 1,
3108 [Define if you want smartcard support
3109 using OpenSC])
3110 SCARD_MSG="yes, using OpenSC"
3111 fi
3112 fi
3113 ]
3114 )
3116 # Check libraries needed by DNS fingerprint support
3117 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3118 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3119 [Define if getrrsetbyname() exists])],
3120 [
3121 # Needed by our getrrsetbyname()
3122 AC_SEARCH_LIBS(res_query, resolv)
3123 AC_SEARCH_LIBS(dn_expand, resolv)
3124 AC_MSG_CHECKING(if res_query will link)
3125 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3126 [AC_MSG_RESULT(no)
3127 saved_LIBS="$LIBS"
3128 LIBS="$LIBS -lresolv"
3129 AC_MSG_CHECKING(for res_query in -lresolv)
3130 AC_LINK_IFELSE([
3131 #include <resolv.h>
3132 int main()
3133 {
3134 res_query (0, 0, 0, 0, 0);
3135 return 0;
3136 }
3137 ],
3138 [LIBS="$LIBS -lresolv"
3139 AC_MSG_RESULT(yes)],
3140 [LIBS="$saved_LIBS"
3141 AC_MSG_RESULT(no)])
3142 ])
3143 AC_CHECK_FUNCS(_getshort _getlong)
3144 AC_CHECK_DECLS([_getshort, _getlong], , ,
3145 [#include <sys/types.h>
3146 #include <arpa/nameser.h>])
3147 AC_CHECK_MEMBER(HEADER.ad,
3148 [AC_DEFINE(HAVE_HEADER_AD, 1,
3149 [Define if HEADER.ad exists in arpa/nameser.h])],,
3150 [#include <arpa/nameser.h>])
3151 ])
3153 # Check whether user wants SELinux support
3154 SELINUX_MSG="no"
3155 LIBSELINUX=""
3156 AC_ARG_WITH(selinux,
3157 [ --with-selinux Enable SELinux support],
3158 [ if test "x$withval" != "xno" ; then
3159 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3160 SELINUX_MSG="yes"
3161 AC_CHECK_HEADER([selinux/selinux.h], ,
3162 AC_MSG_ERROR(SELinux support requires selinux.h header))
3163 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3164 AC_MSG_ERROR(SELinux support requires libselinux library))
3165 save_LIBS="$LIBS"
3166 LIBS="$LIBS $LIBSELINUX"
3167 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3168 LIBS="$save_LIBS"
3169 fi ]
3170 )
3171 AC_SUBST(LIBSELINUX)
3173 # Check whether user wants Kerberos 5 support
3174 KRB5_MSG="no"
3175 AC_ARG_WITH(kerberos5,
3176 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3177 [ if test "x$withval" != "xno" ; then
3178 if test "x$withval" = "xyes" ; then
3179 KRB5ROOT="/usr/local"
3180 else
3181 KRB5ROOT=${withval}
3182 fi
3184 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3185 KRB5_MSG="yes"
3187 AC_MSG_CHECKING(for krb5-config)
3188 if test -x $KRB5ROOT/bin/krb5-config ; then
3189 KRB5CONF=$KRB5ROOT/bin/krb5-config
3190 AC_MSG_RESULT($KRB5CONF)
3192 AC_MSG_CHECKING(for gssapi support)
3193 if $KRB5CONF | grep gssapi >/dev/null ; then
3194 AC_MSG_RESULT(yes)
3195 AC_DEFINE(GSSAPI, 1,
3196 [Define this if you want GSSAPI
3197 support in the version 2 protocol])
3198 k5confopts=gssapi
3199 else
3200 AC_MSG_RESULT(no)
3201 k5confopts=""
3202 fi
3203 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3204 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3205 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3206 AC_MSG_CHECKING(whether we are using Heimdal)
3207 AC_TRY_COMPILE([ #include <krb5.h> ],
3208 [ char *tmp = heimdal_version; ],
3209 [ AC_MSG_RESULT(yes)
3210 AC_DEFINE(HEIMDAL, 1,
3211 [Define this if you are using the
3212 Heimdal version of Kerberos V5]) ],
3213 AC_MSG_RESULT(no)
3214 )
3215 else
3216 AC_MSG_RESULT(no)
3217 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3218 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3219 AC_MSG_CHECKING(whether we are using Heimdal)
3220 AC_TRY_COMPILE([ #include <krb5.h> ],
3221 [ char *tmp = heimdal_version; ],
3222 [ AC_MSG_RESULT(yes)
3223 AC_DEFINE(HEIMDAL)
3224 K5LIBS="-lkrb5 -ldes"
3225 K5LIBS="$K5LIBS -lcom_err -lasn1"
3226 AC_CHECK_LIB(roken, net_write,
3227 [K5LIBS="$K5LIBS -lroken"])
3228 ],
3229 [ AC_MSG_RESULT(no)
3230 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3231 ]
3232 )
3233 AC_SEARCH_LIBS(dn_expand, resolv)
3235 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3236 [ AC_DEFINE(GSSAPI)
3237 K5LIBS="-lgssapi $K5LIBS" ],
3238 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3239 [ AC_DEFINE(GSSAPI)
3240 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3241 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3242 $K5LIBS)
3243 ],
3244 $K5LIBS)
3246 AC_CHECK_HEADER(gssapi.h, ,
3247 [ unset ac_cv_header_gssapi_h
3248 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3249 AC_CHECK_HEADERS(gssapi.h, ,
3250 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3251 )
3252 ]
3253 )
3255 oldCPP="$CPPFLAGS"
3256 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3257 AC_CHECK_HEADER(gssapi_krb5.h, ,
3258 [ CPPFLAGS="$oldCPP" ])
3260 fi
3261 if test ! -z "$need_dash_r" ; then
3262 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3263 fi
3264 if test ! -z "$blibpath" ; then
3265 blibpath="$blibpath:${KRB5ROOT}/lib"
3266 fi
3268 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3269 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3270 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3272 LIBS="$LIBS $K5LIBS"
3273 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3274 [Define this if you want to use libkafs' AFS support]))
3275 fi
3276 ]
3277 )
3279 # Looking for programs, paths and files
3281 PRIVSEP_PATH=/var/empty
3282 AC_ARG_WITH(privsep-path,
3283 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3284 [
3285 if test -n "$withval" && test "x$withval" != "xno" && \
3286 test "x${withval}" != "xyes"; then
3287 PRIVSEP_PATH=$withval
3288 fi
3289 ]
3290 )
3291 AC_SUBST(PRIVSEP_PATH)
3293 AC_ARG_WITH(xauth,
3294 [ --with-xauth=PATH Specify path to xauth program ],
3295 [
3296 if test -n "$withval" && test "x$withval" != "xno" && \
3297 test "x${withval}" != "xyes"; then
3298 xauth_path=$withval
3299 fi
3300 ],
3301 [
3302 TestPath="$PATH"
3303 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3304 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3305 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3306 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3307 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3308 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3309 xauth_path="/usr/openwin/bin/xauth"
3310 fi
3311 ]
3312 )
3314 STRIP_OPT=-s
3315 AC_ARG_ENABLE(strip,
3316 [ --disable-strip Disable calling strip(1) on install],
3317 [
3318 if test "x$enableval" = "xno" ; then
3319 STRIP_OPT=
3320 fi
3321 ]
3322 )
3323 AC_SUBST(STRIP_OPT)
3325 if test -z "$xauth_path" ; then
3326 XAUTH_PATH="undefined"
3327 AC_SUBST(XAUTH_PATH)
3328 else
3329 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3330 [Define if xauth is found in your path])
3331 XAUTH_PATH=$xauth_path
3332 AC_SUBST(XAUTH_PATH)
3333 fi
3335 # Check for mail directory (last resort if we cannot get it from headers)
3336 if test ! -z "$MAIL" ; then
3337 maildir=`dirname $MAIL`
3338 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3339 [Set this to your mail directory if you don't have maillock.h])
3340 fi
3342 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3343 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3344 disable_ptmx_check=yes
3345 fi
3346 if test -z "$no_dev_ptmx" ; then
3347 if test "x$disable_ptmx_check" != "xyes" ; then
3348 AC_CHECK_FILE("/dev/ptmx",
3349 [
3350 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3351 [Define if you have /dev/ptmx])
3352 have_dev_ptmx=1
3353 ]
3354 )
3355 fi
3356 fi
3358 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3359 AC_CHECK_FILE("/dev/ptc",
3360 [
3361 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3362 [Define if you have /dev/ptc])
3363 have_dev_ptc=1
3364 ]
3365 )
3366 else
3367 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3368 fi
3370 # Options from here on. Some of these are preset by platform above
3371 AC_ARG_WITH(mantype,
3372 [ --with-mantype=man|cat|doc Set man page type],
3373 [
3374 case "$withval" in
3375 man|cat|doc)
3376 MANTYPE=$withval
3377 ;;
3378 *)
3379 AC_MSG_ERROR(invalid man type: $withval)
3380 ;;
3381 esac
3382 ]
3383 )
3384 if test -z "$MANTYPE"; then
3385 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3386 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3387 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3388 MANTYPE=doc
3389 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3390 MANTYPE=man
3391 else
3392 MANTYPE=cat
3393 fi
3394 fi
3395 AC_SUBST(MANTYPE)
3396 if test "$MANTYPE" = "doc"; then
3397 mansubdir=man;
3398 else
3399 mansubdir=$MANTYPE;
3400 fi
3401 AC_SUBST(mansubdir)
3403 # Check whether to enable MD5 passwords
3404 MD5_MSG="no"
3405 AC_ARG_WITH(md5-passwords,
3406 [ --with-md5-passwords Enable use of MD5 passwords],
3407 [
3408 if test "x$withval" != "xno" ; then
3409 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3410 [Define if you want to allow MD5 passwords])
3411 MD5_MSG="yes"
3412 fi
3413 ]
3414 )
3416 # Whether to disable shadow password support
3417 AC_ARG_WITH(shadow,
3418 [ --without-shadow Disable shadow password support],
3419 [
3420 if test "x$withval" = "xno" ; then
3421 AC_DEFINE(DISABLE_SHADOW)
3422 disable_shadow=yes
3423 fi
3424 ]
3425 )
3427 if test -z "$disable_shadow" ; then
3428 AC_MSG_CHECKING([if the systems has expire shadow information])
3429 AC_TRY_COMPILE(
3430 [
3431 #include <sys/types.h>
3432 #include <shadow.h>
3433 struct spwd sp;
3434 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3435 [ sp_expire_available=yes ], []
3436 )
3438 if test "x$sp_expire_available" = "xyes" ; then
3439 AC_MSG_RESULT(yes)
3440 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3441 [Define if you want to use shadow password expire field])
3442 else
3443 AC_MSG_RESULT(no)
3444 fi
3445 fi
3447 # Use ip address instead of hostname in $DISPLAY
3448 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3449 DISPLAY_HACK_MSG="yes"
3450 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3451 [Define if you need to use IP address
3452 instead of hostname in $DISPLAY])
3453 else
3454 DISPLAY_HACK_MSG="no"
3455 AC_ARG_WITH(ipaddr-display,
3456 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3457 [
3458 if test "x$withval" != "xno" ; then
3459 AC_DEFINE(IPADDR_IN_DISPLAY)
3460 DISPLAY_HACK_MSG="yes"
3461 fi
3462 ]
3463 )
3464 fi
3466 # check for /etc/default/login and use it if present.
3467 AC_ARG_ENABLE(etc-default-login,
3468 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3469 [ if test "x$enableval" = "xno"; then
3470 AC_MSG_NOTICE([/etc/default/login handling disabled])
3471 etc_default_login=no
3472 else
3473 etc_default_login=yes
3474 fi ],
3475 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3476 then
3477 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3478 etc_default_login=no
3479 else
3480 etc_default_login=yes
3481 fi ]
3482 )
3484 if test "x$etc_default_login" != "xno"; then
3485 AC_CHECK_FILE("/etc/default/login",
3486 [ external_path_file=/etc/default/login ])
3487 if test "x$external_path_file" = "x/etc/default/login"; then
3488 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3489 [Define if your system has /etc/default/login])
3490 fi
3491 fi
3493 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3494 if test $ac_cv_func_login_getcapbool = "yes" && \
3495 test $ac_cv_header_login_cap_h = "yes" ; then
3496 external_path_file=/etc/login.conf
3497 fi
3499 # Whether to mess with the default path
3500 SERVER_PATH_MSG="(default)"
3501 AC_ARG_WITH(default-path,
3502 [ --with-default-path= Specify default \$PATH environment for server],
3503 [
3504 if test "x$external_path_file" = "x/etc/login.conf" ; then
3505 AC_MSG_WARN([
3506 --with-default-path=PATH has no effect on this system.
3507 Edit /etc/login.conf instead.])
3508 elif test "x$withval" != "xno" ; then
3509 if test ! -z "$external_path_file" ; then
3510 AC_MSG_WARN([
3511 --with-default-path=PATH will only be used if PATH is not defined in
3512 $external_path_file .])
3513 fi
3514 user_path="$withval"
3515 SERVER_PATH_MSG="$withval"
3516 fi
3517 ],
3518 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3519 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3520 else
3521 if test ! -z "$external_path_file" ; then
3522 AC_MSG_WARN([
3523 If PATH is defined in $external_path_file, ensure the path to scp is included,
3524 otherwise scp will not work.])
3525 fi
3526 AC_RUN_IFELSE(
3527 [AC_LANG_SOURCE([[
3528 /* find out what STDPATH is */
3529 #include <stdio.h>
3530 #ifdef HAVE_PATHS_H
3531 # include <paths.h>
3532 #endif
3533 #ifndef _PATH_STDPATH
3534 # ifdef _PATH_USERPATH /* Irix */
3535 # define _PATH_STDPATH _PATH_USERPATH
3536 # else
3537 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3538 # endif
3539 #endif
3540 #include <sys/types.h>
3541 #include <sys/stat.h>
3542 #include <fcntl.h>
3543 #define DATA "conftest.stdpath"
3545 main()
3546 {
3547 FILE *fd;
3548 int rc;
3550 fd = fopen(DATA,"w");
3551 if(fd == NULL)
3552 exit(1);
3554 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3555 exit(1);
3557 exit(0);
3558 }
3559 ]])],
3560 [ user_path=`cat conftest.stdpath` ],
3561 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3562 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3563 )
3564 # make sure $bindir is in USER_PATH so scp will work
3565 t_bindir=`eval echo ${bindir}`
3566 case $t_bindir in
3567 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3568 esac
3569 case $t_bindir in
3570 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3571 esac
3572 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3573 if test $? -ne 0 ; then
3574 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3575 if test $? -ne 0 ; then
3576 user_path=$user_path:$t_bindir
3577 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3578 fi
3579 fi
3580 fi ]
3581 )
3582 if test "x$external_path_file" != "x/etc/login.conf" ; then
3583 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3584 AC_SUBST(user_path)
3585 fi
3587 # Set superuser path separately to user path
3588 AC_ARG_WITH(superuser-path,
3589 [ --with-superuser-path= Specify different path for super-user],
3590 [
3591 if test -n "$withval" && test "x$withval" != "xno" && \
3592 test "x${withval}" != "xyes"; then
3593 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3594 [Define if you want a different $PATH
3595 for the superuser])
3596 superuser_path=$withval
3597 fi
3598 ]
3599 )
3602 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3603 IPV4_IN6_HACK_MSG="no"
3604 AC_ARG_WITH(4in6,
3605 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3606 [
3607 if test "x$withval" != "xno" ; then
3608 AC_MSG_RESULT(yes)
3609 AC_DEFINE(IPV4_IN_IPV6, 1,
3610 [Detect IPv4 in IPv6 mapped addresses
3611 and treat as IPv4])
3612 IPV4_IN6_HACK_MSG="yes"
3613 else
3614 AC_MSG_RESULT(no)
3615 fi
3616 ],[
3617 if test "x$inet6_default_4in6" = "xyes"; then
3618 AC_MSG_RESULT([yes (default)])
3619 AC_DEFINE(IPV4_IN_IPV6)
3620 IPV4_IN6_HACK_MSG="yes"
3621 else
3622 AC_MSG_RESULT([no (default)])
3623 fi
3624 ]
3625 )
3627 # Whether to enable BSD auth support
3628 BSD_AUTH_MSG=no
3629 AC_ARG_WITH(bsd-auth,
3630 [ --with-bsd-auth Enable BSD auth support],
3631 [
3632 if test "x$withval" != "xno" ; then
3633 AC_DEFINE(BSD_AUTH, 1,
3634 [Define if you have BSD auth support])
3635 BSD_AUTH_MSG=yes
3636 fi
3637 ]
3638 )
3640 # Where to place sshd.pid
3641 piddir=/var/run
3642 # make sure the directory exists
3643 if test ! -d $piddir ; then
3644 piddir=`eval echo ${sysconfdir}`
3645 case $piddir in
3646 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3647 esac
3648 fi
3650 AC_ARG_WITH(pid-dir,
3651 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3652 [
3653 if test -n "$withval" && test "x$withval" != "xno" && \
3654 test "x${withval}" != "xyes"; then
3655 piddir=$withval
3656 if test ! -d $piddir ; then
3657 AC_MSG_WARN([** no $piddir directory on this system **])
3658 fi
3659 fi
3660 ]
3661 )
3663 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3664 AC_SUBST(piddir)
3666 dnl allow user to disable some login recording features
3667 AC_ARG_ENABLE(lastlog,
3668 [ --disable-lastlog disable use of lastlog even if detected [no]],
3669 [
3670 if test "x$enableval" = "xno" ; then
3671 AC_DEFINE(DISABLE_LASTLOG)
3672 fi
3673 ]
3674 )
3675 AC_ARG_ENABLE(utmp,
3676 [ --disable-utmp disable use of utmp even if detected [no]],
3677 [
3678 if test "x$enableval" = "xno" ; then
3679 AC_DEFINE(DISABLE_UTMP)
3680 fi
3681 ]
3682 )
3683 AC_ARG_ENABLE(utmpx,
3684 [ --disable-utmpx disable use of utmpx even if detected [no]],
3685 [
3686 if test "x$enableval" = "xno" ; then
3687 AC_DEFINE(DISABLE_UTMPX, 1,
3688 [Define if you don't want to use utmpx])
3689 fi
3690 ]
3691 )
3692 AC_ARG_ENABLE(wtmp,
3693 [ --disable-wtmp disable use of wtmp even if detected [no]],
3694 [
3695 if test "x$enableval" = "xno" ; then
3696 AC_DEFINE(DISABLE_WTMP)
3697 fi
3698 ]
3699 )
3700 AC_ARG_ENABLE(wtmpx,
3701 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3702 [
3703 if test "x$enableval" = "xno" ; then
3704 AC_DEFINE(DISABLE_WTMPX, 1,
3705 [Define if you don't want to use wtmpx])
3706 fi
3707 ]
3708 )
3709 AC_ARG_ENABLE(libutil,
3710 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3711 [
3712 if test "x$enableval" = "xno" ; then
3713 AC_DEFINE(DISABLE_LOGIN)
3714 fi
3715 ]
3716 )
3717 AC_ARG_ENABLE(pututline,
3718 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3719 [
3720 if test "x$enableval" = "xno" ; then
3721 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3722 [Define if you don't want to use pututline()
3723 etc. to write [uw]tmp])
3724 fi
3725 ]
3726 )
3727 AC_ARG_ENABLE(pututxline,
3728 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3729 [
3730 if test "x$enableval" = "xno" ; then
3731 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3732 [Define if you don't want to use pututxline()
3733 etc. to write [uw]tmpx])
3734 fi
3735 ]
3736 )
3737 AC_ARG_WITH(lastlog,
3738 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3739 [
3740 if test "x$withval" = "xno" ; then
3741 AC_DEFINE(DISABLE_LASTLOG)
3742 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3743 conf_lastlog_location=$withval
3744 fi
3745 ]
3746 )
3748 dnl lastlog, [uw]tmpx? detection
3749 dnl NOTE: set the paths in the platform section to avoid the
3750 dnl need for command-line parameters
3751 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3753 dnl lastlog detection
3754 dnl NOTE: the code itself will detect if lastlog is a directory
3755 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3756 AC_TRY_COMPILE([
3757 #include <sys/types.h>
3758 #include <utmp.h>
3759 #ifdef HAVE_LASTLOG_H
3760 # include <lastlog.h>
3761 #endif
3762 #ifdef HAVE_PATHS_H
3763 # include <paths.h>
3764 #endif
3765 #ifdef HAVE_LOGIN_H
3766 # include <login.h>
3767 #endif
3768 ],
3769 [ char *lastlog = LASTLOG_FILE; ],
3770 [ AC_MSG_RESULT(yes) ],
3771 [
3772 AC_MSG_RESULT(no)
3773 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3774 AC_TRY_COMPILE([
3775 #include <sys/types.h>
3776 #include <utmp.h>
3777 #ifdef HAVE_LASTLOG_H
3778 # include <lastlog.h>
3779 #endif
3780 #ifdef HAVE_PATHS_H
3781 # include <paths.h>
3782 #endif
3783 ],
3784 [ char *lastlog = _PATH_LASTLOG; ],
3785 [ AC_MSG_RESULT(yes) ],
3786 [
3787 AC_MSG_RESULT(no)
3788 system_lastlog_path=no
3789 ])
3790 ]
3791 )
3793 if test -z "$conf_lastlog_location"; then
3794 if test x"$system_lastlog_path" = x"no" ; then
3795 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3796 if (test -d "$f" || test -f "$f") ; then
3797 conf_lastlog_location=$f
3798 fi
3799 done
3800 if test -z "$conf_lastlog_location"; then
3801 AC_MSG_WARN([** Cannot find lastlog **])
3802 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3803 fi
3804 fi
3805 fi
3807 if test -n "$conf_lastlog_location"; then
3808 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3809 [Define if you want to specify the path to your lastlog file])
3810 fi
3812 dnl utmp detection
3813 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3814 AC_TRY_COMPILE([
3815 #include <sys/types.h>
3816 #include <utmp.h>
3817 #ifdef HAVE_PATHS_H
3818 # include <paths.h>
3819 #endif
3820 ],
3821 [ char *utmp = UTMP_FILE; ],
3822 [ AC_MSG_RESULT(yes) ],
3823 [ AC_MSG_RESULT(no)
3824 system_utmp_path=no ]
3825 )
3826 if test -z "$conf_utmp_location"; then
3827 if test x"$system_utmp_path" = x"no" ; then
3828 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3829 if test -f $f ; then
3830 conf_utmp_location=$f
3831 fi
3832 done
3833 if test -z "$conf_utmp_location"; then
3834 AC_DEFINE(DISABLE_UTMP)
3835 fi
3836 fi
3837 fi
3838 if test -n "$conf_utmp_location"; then
3839 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3840 [Define if you want to specify the path to your utmp file])
3841 fi
3843 dnl wtmp detection
3844 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3845 AC_TRY_COMPILE([
3846 #include <sys/types.h>
3847 #include <utmp.h>
3848 #ifdef HAVE_PATHS_H
3849 # include <paths.h>
3850 #endif
3851 ],
3852 [ char *wtmp = WTMP_FILE; ],
3853 [ AC_MSG_RESULT(yes) ],
3854 [ AC_MSG_RESULT(no)
3855 system_wtmp_path=no ]
3856 )
3857 if test -z "$conf_wtmp_location"; then
3858 if test x"$system_wtmp_path" = x"no" ; then
3859 for f in /usr/adm/wtmp /var/log/wtmp; do
3860 if test -f $f ; then
3861 conf_wtmp_location=$f
3862 fi
3863 done
3864 if test -z "$conf_wtmp_location"; then
3865 AC_DEFINE(DISABLE_WTMP)
3866 fi
3867 fi
3868 fi
3869 if test -n "$conf_wtmp_location"; then
3870 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3871 [Define if you want to specify the path to your wtmp file])
3872 fi
3875 dnl utmpx detection - I don't know any system so perverse as to require
3876 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3877 dnl there, though.
3878 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3879 AC_TRY_COMPILE([
3880 #include <sys/types.h>
3881 #include <utmp.h>
3882 #ifdef HAVE_UTMPX_H
3883 #include <utmpx.h>
3884 #endif
3885 #ifdef HAVE_PATHS_H
3886 # include <paths.h>
3887 #endif
3888 ],
3889 [ char *utmpx = UTMPX_FILE; ],
3890 [ AC_MSG_RESULT(yes) ],
3891 [ AC_MSG_RESULT(no)
3892 system_utmpx_path=no ]
3893 )
3894 if test -z "$conf_utmpx_location"; then
3895 if test x"$system_utmpx_path" = x"no" ; then
3896 AC_DEFINE(DISABLE_UTMPX)
3897 fi
3898 else
3899 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3900 [Define if you want to specify the path to your utmpx file])
3901 fi
3903 dnl wtmpx detection
3904 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3905 AC_TRY_COMPILE([
3906 #include <sys/types.h>
3907 #include <utmp.h>
3908 #ifdef HAVE_UTMPX_H
3909 #include <utmpx.h>
3910 #endif
3911 #ifdef HAVE_PATHS_H
3912 # include <paths.h>
3913 #endif
3914 ],
3915 [ char *wtmpx = WTMPX_FILE; ],
3916 [ AC_MSG_RESULT(yes) ],
3917 [ AC_MSG_RESULT(no)
3918 system_wtmpx_path=no ]
3919 )
3920 if test -z "$conf_wtmpx_location"; then
3921 if test x"$system_wtmpx_path" = x"no" ; then
3922 AC_DEFINE(DISABLE_WTMPX)
3923 fi
3924 else
3925 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3926 [Define if you want to specify the path to your wtmpx file])
3927 fi
3930 if test ! -z "$blibpath" ; then
3931 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3932 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3933 fi
3935 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3936 dnl Add now.
3937 CFLAGS="$CFLAGS $werror_flags"
3939 AC_EXEEXT
3940 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3941 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3942 scard/Makefile ssh_prng_cmds survey.sh])
3943 AC_OUTPUT
3945 # Print summary of options
3947 # Someone please show me a better way :)
3948 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3949 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3950 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3951 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3952 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3953 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3954 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3955 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3956 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3957 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3959 echo ""
3960 echo "OpenSSH has been configured with the following options:"
3961 echo " User binaries: $B"
3962 echo " System binaries: $C"
3963 echo " Configuration files: $D"
3964 echo " Askpass program: $E"
3965 echo " Manual pages: $F"
3966 echo " PID file: $G"
3967 echo " Privilege separation chroot path: $H"
3968 if test "x$external_path_file" = "x/etc/login.conf" ; then
3969 echo " At runtime, sshd will use the path defined in $external_path_file"
3970 echo " Make sure the path to scp is present, otherwise scp will not work"
3971 else
3972 echo " sshd default user PATH: $I"
3973 if test ! -z "$external_path_file"; then
3974 echo " (If PATH is set in $external_path_file it will be used instead. If"
3975 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3976 fi
3977 fi
3978 if test ! -z "$superuser_path" ; then
3979 echo " sshd superuser user PATH: $J"
3980 fi
3981 echo " Manpage format: $MANTYPE"
3982 echo " PAM support: $PAM_MSG"
3983 echo " OSF SIA support: $SIA_MSG"
3984 echo " KerberosV support: $KRB5_MSG"
3985 echo " SELinux support: $SELINUX_MSG"
3986 echo " Smartcard support: $SCARD_MSG"
3987 echo " S/KEY support: $SKEY_MSG"
3988 echo " TCP Wrappers support: $TCPW_MSG"
3989 echo " MD5 password support: $MD5_MSG"
3990 echo " libedit support: $LIBEDIT_MSG"
3991 echo " Solaris process contract support: $SPC_MSG"
3992 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3993 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3994 echo " BSD Auth support: $BSD_AUTH_MSG"
3995 echo " Random number source: $RAND_MSG"
3996 if test ! -z "$USE_RAND_HELPER" ; then
3997 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3998 fi
4000 echo ""
4002 echo " Host: ${host}"
4003 echo " Compiler: ${CC}"
4004 echo " Compiler flags: ${CFLAGS}"
4005 echo "Preprocessor flags: ${CPPFLAGS}"
4006 echo " Linker flags: ${LDFLAGS}"
4007 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
4009 echo ""
4011 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4012 echo "SVR4 style packages are supported with \"make package\""
4013 echo ""
4014 fi
4016 if test "x$PAM_MSG" = "xyes" ; then
4017 echo "PAM is enabled. You may need to install a PAM control file "
4018 echo "for sshd, otherwise password authentication may fail. "
4019 echo "Example PAM control files can be found in the contrib/ "
4020 echo "subdirectory"
4021 echo ""
4022 fi
4024 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4025 echo "WARNING: you are using the builtin random number collection "
4026 echo "service. Please read WARNING.RNG and request that your OS "
4027 echo "vendor includes kernel-based random number collection in "
4028 echo "future versions of your OS."
4029 echo ""
4030 fi
4032 if test ! -z "$NO_PEERCHECK" ; then
4033 echo "WARNING: the operating system that you are using does not "
4034 echo "appear to support either the getpeereid() API nor the "
4035 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4036 echo "enforce security checks to prevent unauthorised connections to "
4037 echo "ssh-agent. Their absence increases the risk that a malicious "
4038 echo "user can connect to your agent. "
4039 echo ""
4040 fi
4042 if test "$AUDIT_MODULE" = "bsm" ; then
4043 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4044 echo "See the Solaris section in README.platform for details."
4045 fi