| blob | 0ea76c8fd1367ca585d63b4335d70b03d672285a |
1 # $Id: configure.ac,v 1.459 2010/12/04 12:20:50 dtucker Exp $
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.459 $)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
22 AC_PROG_CC
23 AC_CANONICAL_HOST
24 AC_C_BIGENDIAN
26 # Checks for programs.
27 AC_PROG_AWK
28 AC_PROG_CPP
29 AC_PROG_RANLIB
30 AC_PROG_INSTALL
31 AC_PROG_EGREP
32 AC_PATH_PROG(AR, ar)
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
37 AC_SUBST(PERL)
38 AC_PATH_PROG(ENT, ent)
39 AC_SUBST(ENT)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43 AC_PATH_PROG(SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
46 dnl for buildpkg.sh
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54 else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56 fi
58 # System features
59 AC_SYS_LARGEFILE
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63 fi
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
70 else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76 fi
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
82 fi
84 if test -z "$LD" ; then
85 LD=$CC
86 fi
87 AC_SUBST(LD)
89 AC_C_INLINE
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 use_stack_protector=1
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
97 use_stack_protector=0
98 fi ])
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
103 case $GCC_VER in
104 1.*) no_attrib_nonnull=1 ;;
105 2.8* | 2.9*)
106 CFLAGS="$CFLAGS -Wsign-compare"
107 no_attrib_nonnull=1
108 ;;
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-strict-aliasing" ;;
112 *) ;;
113 esac
115 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
116 saved_CFLAGS="$CFLAGS"
117 CFLAGS="$CFLAGS -fno-builtin-memset"
118 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
119 #include <string.h>
120 int main(void){char b[10]; memset(b, 0, sizeof(b));}
121 ]])],
122 [ AC_MSG_RESULT(yes) ],
123 [ AC_MSG_RESULT(no)
124 CFLAGS="$saved_CFLAGS" ]
125 )
127 # -fstack-protector-all doesn't always work for some GCC versions
128 # and/or platforms, so we test if we can. If it's not supported
129 # on a given platform gcc will emit a warning so we use -Werror.
130 if test "x$use_stack_protector" = "x1"; then
131 for t in -fstack-protector-all -fstack-protector; do
132 AC_MSG_CHECKING(if $CC supports $t)
133 saved_CFLAGS="$CFLAGS"
134 saved_LDFLAGS="$LDFLAGS"
135 CFLAGS="$CFLAGS $t -Werror"
136 LDFLAGS="$LDFLAGS $t -Werror"
137 AC_LINK_IFELSE(
138 [AC_LANG_SOURCE([
139 #include <stdio.h>
140 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
141 ])],
142 [ AC_MSG_RESULT(yes)
143 CFLAGS="$saved_CFLAGS $t"
144 LDFLAGS="$saved_LDFLAGS $t"
145 AC_MSG_CHECKING(if $t works)
146 AC_RUN_IFELSE(
147 [AC_LANG_SOURCE([
148 #include <stdio.h>
149 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
150 ])],
151 [ AC_MSG_RESULT(yes)
152 break ],
153 [ AC_MSG_RESULT(no) ],
154 [ AC_MSG_WARN([cross compiling: cannot test])
155 break ]
156 )
157 ],
158 [ AC_MSG_RESULT(no) ]
159 )
160 CFLAGS="$saved_CFLAGS"
161 LDFLAGS="$saved_LDFLAGS"
162 done
163 fi
165 if test -z "$have_llong_max"; then
166 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
167 unset ac_cv_have_decl_LLONG_MAX
168 saved_CFLAGS="$CFLAGS"
169 CFLAGS="$CFLAGS -std=gnu99"
170 AC_CHECK_DECL(LLONG_MAX,
171 [have_llong_max=1],
172 [CFLAGS="$saved_CFLAGS"],
173 [#include <limits.h>]
174 )
175 fi
176 fi
178 if test "x$no_attrib_nonnull" != "x1" ; then
179 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
180 fi
182 AC_ARG_WITH(rpath,
183 [ --without-rpath Disable auto-added -R linker paths],
184 [
185 if test "x$withval" = "xno" ; then
186 need_dash_r=""
187 fi
188 if test "x$withval" = "xyes" ; then
189 need_dash_r=1
190 fi
191 ]
192 )
194 # Allow user to specify flags
195 AC_ARG_WITH(cflags,
196 [ --with-cflags Specify additional flags to pass to compiler],
197 [
198 if test -n "$withval" && test "x$withval" != "xno" && \
199 test "x${withval}" != "xyes"; then
200 CFLAGS="$CFLAGS $withval"
201 fi
202 ]
203 )
204 AC_ARG_WITH(cppflags,
205 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
206 [
207 if test -n "$withval" && test "x$withval" != "xno" && \
208 test "x${withval}" != "xyes"; then
209 CPPFLAGS="$CPPFLAGS $withval"
210 fi
211 ]
212 )
213 AC_ARG_WITH(ldflags,
214 [ --with-ldflags Specify additional flags to pass to linker],
215 [
216 if test -n "$withval" && test "x$withval" != "xno" && \
217 test "x${withval}" != "xyes"; then
218 LDFLAGS="$LDFLAGS $withval"
219 fi
220 ]
221 )
222 AC_ARG_WITH(libs,
223 [ --with-libs Specify additional libraries to link with],
224 [
225 if test -n "$withval" && test "x$withval" != "xno" && \
226 test "x${withval}" != "xyes"; then
227 LIBS="$LIBS $withval"
228 fi
229 ]
230 )
231 AC_ARG_WITH(Werror,
232 [ --with-Werror Build main code with -Werror],
233 [
234 if test -n "$withval" && test "x$withval" != "xno"; then
235 werror_flags="-Werror"
236 if test "x${withval}" != "xyes"; then
237 werror_flags="$withval"
238 fi
239 fi
240 ]
241 )
243 AC_CHECK_HEADERS( \
244 bstring.h \
245 crypt.h \
246 crypto/sha2.h \
247 dirent.h \
248 endian.h \
249 features.h \
250 fcntl.h \
251 floatingpoint.h \
252 getopt.h \
253 glob.h \
254 ia.h \
255 iaf.h \
256 limits.h \
257 login.h \
258 maillock.h \
259 ndir.h \
260 net/if_tun.h \
261 netdb.h \
262 netgroup.h \
263 pam/pam_appl.h \
264 paths.h \
265 poll.h \
266 pty.h \
267 readpassphrase.h \
268 rpc/types.h \
269 security/pam_appl.h \
270 sha2.h \
271 shadow.h \
272 stddef.h \
273 stdint.h \
274 string.h \
275 strings.h \
276 sys/audit.h \
277 sys/bitypes.h \
278 sys/bsdtty.h \
279 sys/cdefs.h \
280 sys/dir.h \
281 sys/mman.h \
282 sys/ndir.h \
283 sys/poll.h \
284 sys/prctl.h \
285 sys/pstat.h \
286 sys/select.h \
287 sys/stat.h \
288 sys/stream.h \
289 sys/stropts.h \
290 sys/strtio.h \
291 sys/statvfs.h \
292 sys/sysmacros.h \
293 sys/time.h \
294 sys/timers.h \
295 sys/un.h \
296 time.h \
297 tmpdir.h \
298 ttyent.h \
299 ucred.h \
300 unistd.h \
301 usersec.h \
302 util.h \
303 utime.h \
304 utmp.h \
305 utmpx.h \
306 vis.h \
307 )
309 # lastlog.h requires sys/time.h to be included first on Solaris
310 AC_CHECK_HEADERS(lastlog.h, [], [], [
311 #ifdef HAVE_SYS_TIME_H
312 # include <sys/time.h>
313 #endif
314 ])
316 # sys/ptms.h requires sys/stream.h to be included first on Solaris
317 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
318 #ifdef HAVE_SYS_STREAM_H
319 # include <sys/stream.h>
320 #endif
321 ])
323 # login_cap.h requires sys/types.h on NetBSD
324 AC_CHECK_HEADERS(login_cap.h, [], [], [
325 #include <sys/types.h>
326 ])
328 # older BSDs need sys/param.h before sys/mount.h
329 AC_CHECK_HEADERS(sys/mount.h, [], [], [
330 #include <sys/param.h>
331 ])
333 # Messages for features tested for in target-specific section
334 SIA_MSG="no"
335 SPC_MSG="no"
336 SP_MSG="no"
338 # Check for some target-specific stuff
339 case "$host" in
340 *-*-aix*)
341 # Some versions of VAC won't allow macro redefinitions at
342 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
343 # particularly with older versions of vac or xlc.
344 # It also throws errors about null macro argments, but these are
345 # not fatal.
346 AC_MSG_CHECKING(if compiler allows macro redefinitions)
347 AC_COMPILE_IFELSE(
348 [AC_LANG_SOURCE([[
349 #define testmacro foo
350 #define testmacro bar
351 int main(void) { exit(0); }
352 ]])],
353 [ AC_MSG_RESULT(yes) ],
354 [ AC_MSG_RESULT(no)
355 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
356 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
357 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
358 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
359 ]
360 )
362 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
363 if (test -z "$blibpath"); then
364 blibpath="/usr/lib:/lib"
365 fi
366 saved_LDFLAGS="$LDFLAGS"
367 if test "$GCC" = "yes"; then
368 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
369 else
370 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
371 fi
372 for tryflags in $flags ;do
373 if (test -z "$blibflags"); then
374 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
375 AC_TRY_LINK([], [], [blibflags=$tryflags])
376 fi
377 done
378 if (test -z "$blibflags"); then
379 AC_MSG_RESULT(not found)
380 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
381 else
382 AC_MSG_RESULT($blibflags)
383 fi
384 LDFLAGS="$saved_LDFLAGS"
385 dnl Check for authenticate. Might be in libs.a on older AIXes
386 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
387 [Define if you want to enable AIX4's authenticate function])],
388 [AC_CHECK_LIB(s,authenticate,
389 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
390 LIBS="$LIBS -ls"
391 ])
392 ])
393 dnl Check for various auth function declarations in headers.
394 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
395 passwdexpired, setauthdb], , , [#include <usersec.h>])
396 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
397 AC_CHECK_DECLS(loginfailed,
398 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
399 AC_TRY_COMPILE(
400 [#include <usersec.h>],
401 [(void)loginfailed("user","host","tty",0);],
402 [AC_MSG_RESULT(yes)
403 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
404 [Define if your AIX loginfailed() function
405 takes 4 arguments (AIX >= 5.2)])],
406 [AC_MSG_RESULT(no)]
407 )],
408 [],
409 [#include <usersec.h>]
410 )
411 AC_CHECK_FUNCS(getgrset setauthdb)
412 AC_CHECK_DECL(F_CLOSEM,
413 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
414 [],
415 [ #include <limits.h>
416 #include <fcntl.h> ]
417 )
418 check_for_aix_broken_getaddrinfo=1
419 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
420 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
421 [Define if your platform breaks doing a seteuid before a setuid])
422 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
423 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
424 dnl AIX handles lastlog as part of its login message
425 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
426 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
427 [Some systems need a utmpx entry for /bin/login to work])
428 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
429 [Define to a Set Process Title type if your system is
430 supported by bsd-setproctitle.c])
431 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
432 [AIX 5.2 and 5.3 (and presumably newer) require this])
433 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
434 ;;
435 *-*-cygwin*)
436 check_for_libcrypt_later=1
437 LIBS="$LIBS /usr/lib/textreadmode.o"
438 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
439 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
440 AC_DEFINE(DISABLE_SHADOW, 1,
441 [Define if you want to disable shadow passwords])
442 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
443 [Define if X11 doesn't support AF_UNIX sockets on that system])
444 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
445 [Define if the concept of ports only accessible to
446 superusers isn't known])
447 AC_DEFINE(DISABLE_FD_PASSING, 1,
448 [Define if your platform needs to skip post auth
449 file descriptor passing])
450 AC_DEFINE(SSH_IOBUFSZ, 65535, [Windows is sensitive to read buffer size])
451 ;;
452 *-*-dgux*)
453 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
454 [Define if your system choked on IP TOS setting])
455 AC_DEFINE(SETEUID_BREAKS_SETUID)
456 AC_DEFINE(BROKEN_SETREUID)
457 AC_DEFINE(BROKEN_SETREGID)
458 ;;
459 *-*-darwin*)
460 AC_MSG_CHECKING(if we have working getaddrinfo)
461 AC_TRY_RUN([#include <mach-o/dyld.h>
462 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
463 exit(0);
464 else
465 exit(1);
466 }], [AC_MSG_RESULT(working)],
467 [AC_MSG_RESULT(buggy)
468 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
469 [AC_MSG_RESULT(assume it is working)])
470 AC_DEFINE(SETEUID_BREAKS_SETUID)
471 AC_DEFINE(BROKEN_SETREUID)
472 AC_DEFINE(BROKEN_SETREGID)
473 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
474 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
475 [Define if your resolver libs need this for getrrsetbyname])
476 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
477 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
478 [Use tunnel device compatibility to OpenBSD])
479 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
480 [Prepend the address family to IP tunnel traffic])
481 m4_pattern_allow(AU_IPv)
482 AC_CHECK_DECL(AU_IPv4, [],
483 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
484 [#include <bsm/audit.h>]
485 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
486 [Define if pututxline updates lastlog too])
487 )
488 ;;
489 *-*-dragonfly*)
490 SSHDLIBS="$SSHDLIBS -lcrypt"
491 ;;
492 *-*-haiku*)
493 LIBS="$LIBS -lbsd "
494 AC_CHECK_LIB(network, socket)
495 AC_DEFINE(HAVE_U_INT64_T)
496 MANTYPE=man
497 ;;
498 *-*-hpux*)
499 # first we define all of the options common to all HP-UX releases
500 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
501 IPADDR_IN_DISPLAY=yes
502 AC_DEFINE(USE_PIPES)
503 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
504 [Define if your login program cannot handle end of options ("--")])
505 AC_DEFINE(LOGIN_NEEDS_UTMPX)
506 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
507 [String used in /etc/passwd to denote locked account])
508 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
509 MAIL="/var/mail/username"
510 LIBS="$LIBS -lsec"
511 AC_CHECK_LIB(xnet, t_error, ,
512 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
514 # next, we define all of the options specific to major releases
515 case "$host" in
516 *-*-hpux10*)
517 if test -z "$GCC"; then
518 CFLAGS="$CFLAGS -Ae"
519 fi
520 ;;
521 *-*-hpux11*)
522 AC_DEFINE(PAM_SUN_CODEBASE, 1,
523 [Define if you are using Solaris-derived PAM which
524 passes pam_messages to the conversation function
525 with an extra level of indirection])
526 AC_DEFINE(DISABLE_UTMP, 1,
527 [Define if you don't want to use utmp])
528 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
529 check_for_hpux_broken_getaddrinfo=1
530 check_for_conflicting_getspnam=1
531 ;;
532 esac
534 # lastly, we define options specific to minor releases
535 case "$host" in
536 *-*-hpux10.26)
537 AC_DEFINE(HAVE_SECUREWARE, 1,
538 [Define if you have SecureWare-based
539 protected password database])
540 disable_ptmx_check=yes
541 LIBS="$LIBS -lsecpw"
542 ;;
543 esac
544 ;;
545 *-*-irix5*)
546 PATH="$PATH:/usr/etc"
547 AC_DEFINE(BROKEN_INET_NTOA, 1,
548 [Define if you system's inet_ntoa is busted
549 (e.g. Irix gcc issue)])
550 AC_DEFINE(SETEUID_BREAKS_SETUID)
551 AC_DEFINE(BROKEN_SETREUID)
552 AC_DEFINE(BROKEN_SETREGID)
553 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
554 [Define if you shouldn't strip 'tty' from your
555 ttyname in [uw]tmp])
556 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
557 ;;
558 *-*-irix6*)
559 PATH="$PATH:/usr/etc"
560 AC_DEFINE(WITH_IRIX_ARRAY, 1,
561 [Define if you have/want arrays
562 (cluster-wide session managment, not C arrays)])
563 AC_DEFINE(WITH_IRIX_PROJECT, 1,
564 [Define if you want IRIX project management])
565 AC_DEFINE(WITH_IRIX_AUDIT, 1,
566 [Define if you want IRIX audit trails])
567 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
568 [Define if you want IRIX kernel jobs])])
569 AC_DEFINE(BROKEN_INET_NTOA)
570 AC_DEFINE(SETEUID_BREAKS_SETUID)
571 AC_DEFINE(BROKEN_SETREUID)
572 AC_DEFINE(BROKEN_SETREGID)
573 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
574 AC_DEFINE(WITH_ABBREV_NO_TTY)
575 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
576 ;;
577 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
578 check_for_libcrypt_later=1
579 AC_DEFINE(PAM_TTY_KLUDGE)
580 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
581 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
582 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
583 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
584 ;;
585 *-*-linux*)
586 no_dev_ptmx=1
587 check_for_libcrypt_later=1
588 check_for_openpty_ctty_bug=1
589 AC_DEFINE(PAM_TTY_KLUDGE, 1,
590 [Work around problematic Linux PAM modules handling of PAM_TTY])
591 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
592 [String used in /etc/passwd to denote locked account])
593 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
594 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
595 [Define to whatever link() returns for "not supported"
596 if it doesn't return EOPNOTSUPP.])
597 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
598 AC_DEFINE(USE_BTMP)
599 AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer])
600 inet6_default_4in6=yes
601 case `uname -r` in
602 1.*|2.0.*)
603 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
604 [Define if cmsg_type is not passed correctly])
605 ;;
606 esac
607 # tun(4) forwarding compat code
608 AC_CHECK_HEADERS(linux/if_tun.h)
609 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
610 AC_DEFINE(SSH_TUN_LINUX, 1,
611 [Open tunnel devices the Linux tun/tap way])
612 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
613 [Use tunnel device compatibility to OpenBSD])
614 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
615 [Prepend the address family to IP tunnel traffic])
616 fi
617 ;;
618 mips-sony-bsd|mips-sony-newsos4)
619 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
620 SONY=1
621 ;;
622 *-*-netbsd*)
623 check_for_libcrypt_before=1
624 if test "x$withval" != "xno" ; then
625 need_dash_r=1
626 fi
627 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
628 AC_CHECK_HEADER([net/if_tap.h], ,
629 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
630 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
631 [Prepend the address family to IP tunnel traffic])
632 ;;
633 *-*-freebsd*)
634 check_for_libcrypt_later=1
635 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
636 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
637 AC_CHECK_HEADER([net/if_tap.h], ,
638 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
639 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
640 ;;
641 *-*-bsdi*)
642 AC_DEFINE(SETEUID_BREAKS_SETUID)
643 AC_DEFINE(BROKEN_SETREUID)
644 AC_DEFINE(BROKEN_SETREGID)
645 ;;
646 *-next-*)
647 conf_lastlog_location="/usr/adm/lastlog"
648 conf_utmp_location=/etc/utmp
649 conf_wtmp_location=/usr/adm/wtmp
650 MAIL=/usr/spool/mail
651 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
652 AC_DEFINE(BROKEN_REALPATH)
653 AC_DEFINE(USE_PIPES)
654 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
655 ;;
656 *-*-openbsd*)
657 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
658 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
659 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
660 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
661 [syslog_r function is safe to use in in a signal handler])
662 ;;
663 *-*-solaris*)
664 if test "x$withval" != "xno" ; then
665 need_dash_r=1
666 fi
667 AC_DEFINE(PAM_SUN_CODEBASE)
668 AC_DEFINE(LOGIN_NEEDS_UTMPX)
669 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
670 [Some versions of /bin/login need the TERM supplied
671 on the commandline])
672 AC_DEFINE(PAM_TTY_KLUDGE)
673 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
674 [Define if pam_chauthtok wants real uid set
675 to the unpriv'ed user])
676 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
677 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
678 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
679 [Define if sshd somehow reacquires a controlling TTY
680 after setsid()])
681 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
682 in case the name is longer than 8 chars])
683 AC_DEFINE(BROKEN_TCGETATTR_ICANON, 1, [tcgetattr with ICANON may hang])
684 external_path_file=/etc/default/login
685 # hardwire lastlog location (can't detect it on some versions)
686 conf_lastlog_location="/var/adm/lastlog"
687 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
688 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
689 if test "$sol2ver" -ge 8; then
690 AC_MSG_RESULT(yes)
691 AC_DEFINE(DISABLE_UTMP)
692 AC_DEFINE(DISABLE_WTMP, 1,
693 [Define if you don't want to use wtmp])
694 else
695 AC_MSG_RESULT(no)
696 fi
697 AC_ARG_WITH(solaris-contracts,
698 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
699 [
700 AC_CHECK_LIB(contract, ct_tmpl_activate,
701 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
702 [Define if you have Solaris process contracts])
703 SSHDLIBS="$SSHDLIBS -lcontract"
704 AC_SUBST(SSHDLIBS)
705 SPC_MSG="yes" ], )
706 ],
707 )
708 AC_ARG_WITH(solaris-projects,
709 [ --with-solaris-projects Enable Solaris projects (experimental)],
710 [
711 AC_CHECK_LIB(project, setproject,
712 [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
713 [Define if you have Solaris projects])
714 SSHDLIBS="$SSHDLIBS -lproject"
715 AC_SUBST(SSHDLIBS)
716 SP_MSG="yes" ], )
717 ],
718 )
719 ;;
720 *-*-sunos4*)
721 CPPFLAGS="$CPPFLAGS -DSUNOS4"
722 AC_CHECK_FUNCS(getpwanam)
723 AC_DEFINE(PAM_SUN_CODEBASE)
724 conf_utmp_location=/etc/utmp
725 conf_wtmp_location=/var/adm/wtmp
726 conf_lastlog_location=/var/adm/lastlog
727 AC_DEFINE(USE_PIPES)
728 ;;
729 *-ncr-sysv*)
730 LIBS="$LIBS -lc89"
731 AC_DEFINE(USE_PIPES)
732 AC_DEFINE(SSHD_ACQUIRES_CTTY)
733 AC_DEFINE(SETEUID_BREAKS_SETUID)
734 AC_DEFINE(BROKEN_SETREUID)
735 AC_DEFINE(BROKEN_SETREGID)
736 ;;
737 *-sni-sysv*)
738 # /usr/ucblib MUST NOT be searched on ReliantUNIX
739 AC_CHECK_LIB(dl, dlsym, ,)
740 # -lresolv needs to be at the end of LIBS or DNS lookups break
741 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
742 IPADDR_IN_DISPLAY=yes
743 AC_DEFINE(USE_PIPES)
744 AC_DEFINE(IP_TOS_IS_BROKEN)
745 AC_DEFINE(SETEUID_BREAKS_SETUID)
746 AC_DEFINE(BROKEN_SETREUID)
747 AC_DEFINE(BROKEN_SETREGID)
748 AC_DEFINE(SSHD_ACQUIRES_CTTY)
749 external_path_file=/etc/default/login
750 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
751 # Attention: always take care to bind libsocket and libnsl before libc,
752 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
753 ;;
754 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
755 *-*-sysv4.2*)
756 AC_DEFINE(USE_PIPES)
757 AC_DEFINE(SETEUID_BREAKS_SETUID)
758 AC_DEFINE(BROKEN_SETREUID)
759 AC_DEFINE(BROKEN_SETREGID)
760 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
761 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
762 ;;
763 # UnixWare 7.x, OpenUNIX 8
764 *-*-sysv5*)
765 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
766 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
767 AC_DEFINE(USE_PIPES)
768 AC_DEFINE(SETEUID_BREAKS_SETUID)
769 AC_DEFINE(BROKEN_GETADDRINFO)
770 AC_DEFINE(BROKEN_SETREUID)
771 AC_DEFINE(BROKEN_SETREGID)
772 AC_DEFINE(PASSWD_NEEDS_USERNAME)
773 case "$host" in
774 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
775 TEST_SHELL=/u95/bin/sh
776 AC_DEFINE(BROKEN_LIBIAF, 1,
777 [ia_uinfo routines not supported by OS yet])
778 AC_DEFINE(BROKEN_UPDWTMPX)
779 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
780 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
781 AC_DEFINE(HAVE_SECUREWARE)
782 AC_DEFINE(DISABLE_SHADOW)
783 ],,)
784 ;;
785 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
786 check_for_libcrypt_later=1
787 ;;
788 esac
789 ;;
790 *-*-sysv*)
791 ;;
792 # SCO UNIX and OEM versions of SCO UNIX
793 *-*-sco3.2v4*)
794 AC_MSG_ERROR("This Platform is no longer supported.")
795 ;;
796 # SCO OpenServer 5.x
797 *-*-sco3.2v5*)
798 if test -z "$GCC"; then
799 CFLAGS="$CFLAGS -belf"
800 fi
801 LIBS="$LIBS -lprot -lx -ltinfo -lm"
802 no_dev_ptmx=1
803 AC_DEFINE(USE_PIPES)
804 AC_DEFINE(HAVE_SECUREWARE)
805 AC_DEFINE(DISABLE_SHADOW)
806 AC_DEFINE(DISABLE_FD_PASSING)
807 AC_DEFINE(SETEUID_BREAKS_SETUID)
808 AC_DEFINE(BROKEN_GETADDRINFO)
809 AC_DEFINE(BROKEN_SETREUID)
810 AC_DEFINE(BROKEN_SETREGID)
811 AC_DEFINE(WITH_ABBREV_NO_TTY)
812 AC_DEFINE(BROKEN_UPDWTMPX)
813 AC_DEFINE(PASSWD_NEEDS_USERNAME)
814 AC_CHECK_FUNCS(getluid setluid)
815 MANTYPE=man
816 TEST_SHELL=ksh
817 ;;
818 *-*-unicosmk*)
819 AC_DEFINE(NO_SSH_LASTLOG, 1,
820 [Define if you don't want to use lastlog in session.c])
821 AC_DEFINE(SETEUID_BREAKS_SETUID)
822 AC_DEFINE(BROKEN_SETREUID)
823 AC_DEFINE(BROKEN_SETREGID)
824 AC_DEFINE(USE_PIPES)
825 AC_DEFINE(DISABLE_FD_PASSING)
826 LDFLAGS="$LDFLAGS"
827 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
828 MANTYPE=cat
829 ;;
830 *-*-unicosmp*)
831 AC_DEFINE(SETEUID_BREAKS_SETUID)
832 AC_DEFINE(BROKEN_SETREUID)
833 AC_DEFINE(BROKEN_SETREGID)
834 AC_DEFINE(WITH_ABBREV_NO_TTY)
835 AC_DEFINE(USE_PIPES)
836 AC_DEFINE(DISABLE_FD_PASSING)
837 LDFLAGS="$LDFLAGS"
838 LIBS="$LIBS -lgen -lacid -ldb"
839 MANTYPE=cat
840 ;;
841 *-*-unicos*)
842 AC_DEFINE(SETEUID_BREAKS_SETUID)
843 AC_DEFINE(BROKEN_SETREUID)
844 AC_DEFINE(BROKEN_SETREGID)
845 AC_DEFINE(USE_PIPES)
846 AC_DEFINE(DISABLE_FD_PASSING)
847 AC_DEFINE(NO_SSH_LASTLOG)
848 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
849 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
850 MANTYPE=cat
851 ;;
852 *-dec-osf*)
853 AC_MSG_CHECKING(for Digital Unix SIA)
854 no_osfsia=""
855 AC_ARG_WITH(osfsia,
856 [ --with-osfsia Enable Digital Unix SIA],
857 [
858 if test "x$withval" = "xno" ; then
859 AC_MSG_RESULT(disabled)
860 no_osfsia=1
861 fi
862 ],
863 )
864 if test -z "$no_osfsia" ; then
865 if test -f /etc/sia/matrix.conf; then
866 AC_MSG_RESULT(yes)
867 AC_DEFINE(HAVE_OSF_SIA, 1,
868 [Define if you have Digital Unix Security
869 Integration Architecture])
870 AC_DEFINE(DISABLE_LOGIN, 1,
871 [Define if you don't want to use your
872 system's login() call])
873 AC_DEFINE(DISABLE_FD_PASSING)
874 LIBS="$LIBS -lsecurity -ldb -lm -laud"
875 SIA_MSG="yes"
876 else
877 AC_MSG_RESULT(no)
878 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
879 [String used in /etc/passwd to denote locked account])
880 fi
881 fi
882 AC_DEFINE(BROKEN_GETADDRINFO)
883 AC_DEFINE(SETEUID_BREAKS_SETUID)
884 AC_DEFINE(BROKEN_SETREUID)
885 AC_DEFINE(BROKEN_SETREGID)
886 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
887 ;;
889 *-*-nto-qnx*)
890 AC_DEFINE(USE_PIPES)
891 AC_DEFINE(NO_X11_UNIX_SOCKETS)
892 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
893 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
894 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
895 AC_DEFINE(DISABLE_LASTLOG)
896 AC_DEFINE(SSHD_ACQUIRES_CTTY)
897 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
898 enable_etc_default_login=no # has incompatible /etc/default/login
899 case "$host" in
900 *-*-nto-qnx6*)
901 AC_DEFINE(DISABLE_FD_PASSING)
902 ;;
903 esac
904 ;;
906 *-*-ultrix*)
907 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
908 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
909 AC_DEFINE(NEED_SETPGRP)
910 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
911 ;;
913 *-*-lynxos)
914 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
915 AC_DEFINE(MISSING_HOWMANY)
916 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
917 ;;
918 esac
920 AC_MSG_CHECKING(compiler and flags for sanity)
921 AC_RUN_IFELSE(
922 [AC_LANG_SOURCE([
923 #include <stdio.h>
924 int main(){exit(0);}
925 ])],
926 [ AC_MSG_RESULT(yes) ],
927 [
928 AC_MSG_RESULT(no)
929 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
930 ],
931 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
932 )
934 dnl Checks for header files.
935 # Checks for libraries.
936 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
937 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
939 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
940 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
941 AC_CHECK_LIB(gen, dirname,[
942 AC_CACHE_CHECK([for broken dirname],
943 ac_cv_have_broken_dirname, [
944 save_LIBS="$LIBS"
945 LIBS="$LIBS -lgen"
946 AC_RUN_IFELSE(
947 [AC_LANG_SOURCE([[
948 #include <libgen.h>
949 #include <string.h>
951 int main(int argc, char **argv) {
952 char *s, buf[32];
954 strncpy(buf,"/etc", 32);
955 s = dirname(buf);
956 if (!s || strncmp(s, "/", 32) != 0) {
957 exit(1);
958 } else {
959 exit(0);
960 }
961 }
962 ]])],
963 [ ac_cv_have_broken_dirname="no" ],
964 [ ac_cv_have_broken_dirname="yes" ],
965 [ ac_cv_have_broken_dirname="no" ],
966 )
967 LIBS="$save_LIBS"
968 ])
969 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
970 LIBS="$LIBS -lgen"
971 AC_DEFINE(HAVE_DIRNAME)
972 AC_CHECK_HEADERS(libgen.h)
973 fi
974 ])
975 ])
977 AC_CHECK_FUNC(getspnam, ,
978 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
979 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
980 [Define if you have the basename function.]))
982 dnl zlib is required
983 AC_ARG_WITH(zlib,
984 [ --with-zlib=PATH Use zlib in PATH],
985 [ if test "x$withval" = "xno" ; then
986 AC_MSG_ERROR([*** zlib is required ***])
987 elif test "x$withval" != "xyes"; then
988 if test -d "$withval/lib"; then
989 if test -n "${need_dash_r}"; then
990 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
991 else
992 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
993 fi
994 else
995 if test -n "${need_dash_r}"; then
996 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
997 else
998 LDFLAGS="-L${withval} ${LDFLAGS}"
999 fi
1000 fi
1001 if test -d "$withval/include"; then
1002 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1003 else
1004 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1005 fi
1006 fi ]
1007 )
1009 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1010 AC_CHECK_LIB(z, deflate, ,
1011 [
1012 saved_CPPFLAGS="$CPPFLAGS"
1013 saved_LDFLAGS="$LDFLAGS"
1014 save_LIBS="$LIBS"
1015 dnl Check default zlib install dir
1016 if test -n "${need_dash_r}"; then
1017 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1018 else
1019 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1020 fi
1021 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1022 LIBS="$LIBS -lz"
1023 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1024 [
1025 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1026 ]
1027 )
1028 ]
1029 )
1031 AC_ARG_WITH(zlib-version-check,
1032 [ --without-zlib-version-check Disable zlib version check],
1033 [ if test "x$withval" = "xno" ; then
1034 zlib_check_nonfatal=1
1035 fi
1036 ]
1037 )
1039 AC_MSG_CHECKING(for possibly buggy zlib)
1040 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1041 #include <stdio.h>
1042 #include <zlib.h>
1043 int main()
1044 {
1045 int a=0, b=0, c=0, d=0, n, v;
1046 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1047 if (n != 3 && n != 4)
1048 exit(1);
1049 v = a*1000000 + b*10000 + c*100 + d;
1050 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1052 /* 1.1.4 is OK */
1053 if (a == 1 && b == 1 && c >= 4)
1054 exit(0);
1056 /* 1.2.3 and up are OK */
1057 if (v >= 1020300)
1058 exit(0);
1060 exit(2);
1061 }
1062 ]])],
1063 AC_MSG_RESULT(no),
1064 [ AC_MSG_RESULT(yes)
1065 if test -z "$zlib_check_nonfatal" ; then
1066 AC_MSG_ERROR([*** zlib too old - check config.log ***
1067 Your reported zlib version has known security problems. It's possible your
1068 vendor has fixed these problems without changing the version number. If you
1069 are sure this is the case, you can disable the check by running
1070 "./configure --without-zlib-version-check".
1071 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1072 See http://www.gzip.org/zlib/ for details.])
1073 else
1074 AC_MSG_WARN([zlib version may have security problems])
1075 fi
1076 ],
1077 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1078 )
1080 dnl UnixWare 2.x
1081 AC_CHECK_FUNC(strcasecmp,
1082 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1083 )
1084 AC_CHECK_FUNCS(utimes,
1085 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1086 LIBS="$LIBS -lc89"]) ]
1087 )
1089 dnl Checks for libutil functions
1090 AC_CHECK_HEADERS(libutil.h)
1091 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1092 [Define if your libraries define login()])])
1093 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1095 AC_FUNC_STRFTIME
1097 # Check for ALTDIRFUNC glob() extension
1098 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1099 AC_EGREP_CPP(FOUNDIT,
1100 [
1101 #include <glob.h>
1102 #ifdef GLOB_ALTDIRFUNC
1103 FOUNDIT
1104 #endif
1105 ],
1106 [
1107 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1108 [Define if your system glob() function has
1109 the GLOB_ALTDIRFUNC extension])
1110 AC_MSG_RESULT(yes)
1111 ],
1112 [
1113 AC_MSG_RESULT(no)
1114 ]
1115 )
1117 # Check for g.gl_matchc glob() extension
1118 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1119 AC_TRY_COMPILE(
1120 [ #include <glob.h> ],
1121 [glob_t g; g.gl_matchc = 1;],
1122 [
1123 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1124 [Define if your system glob() function has
1125 gl_matchc options in glob_t])
1126 AC_MSG_RESULT(yes)
1127 ],
1128 [
1129 AC_MSG_RESULT(no)
1130 ]
1131 )
1133 # Check for g.gl_statv glob() extension
1134 AC_MSG_CHECKING(for gl_statv and GLOB_KEEPSTAT extensions for glob)
1135 AC_TRY_COMPILE(
1136 [ #include <glob.h> ],
1137 [
1138 #ifndef GLOB_KEEPSTAT
1139 #error "glob does not support GLOB_KEEPSTAT extension"
1140 #endif
1141 glob_t g;
1142 g.gl_statv = NULL;
1143 ],
1144 [
1145 AC_DEFINE(GLOB_HAS_GL_STATV, 1,
1146 [Define if your system glob() function has
1147 gl_statv options in glob_t])
1148 AC_MSG_RESULT(yes)
1149 ],
1150 [
1151 AC_MSG_RESULT(no)
1152 ]
1153 )
1155 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1157 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1158 AC_RUN_IFELSE(
1159 [AC_LANG_SOURCE([[
1160 #include <sys/types.h>
1161 #include <dirent.h>
1162 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1163 ]])],
1164 [AC_MSG_RESULT(yes)],
1165 [
1166 AC_MSG_RESULT(no)
1167 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1168 [Define if your struct dirent expects you to
1169 allocate extra space for d_name])
1170 ],
1171 [
1172 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1173 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1174 ]
1175 )
1177 AC_MSG_CHECKING([for /proc/pid/fd directory])
1178 if test -d "/proc/$$/fd" ; then
1179 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1180 AC_MSG_RESULT(yes)
1181 else
1182 AC_MSG_RESULT(no)
1183 fi
1185 # Check whether user wants S/Key support
1186 SKEY_MSG="no"
1187 AC_ARG_WITH(skey,
1188 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1189 [
1190 if test "x$withval" != "xno" ; then
1192 if test "x$withval" != "xyes" ; then
1193 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1194 LDFLAGS="$LDFLAGS -L${withval}/lib"
1195 fi
1197 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1198 LIBS="-lskey $LIBS"
1199 SKEY_MSG="yes"
1201 AC_MSG_CHECKING([for s/key support])
1202 AC_LINK_IFELSE(
1203 [AC_LANG_SOURCE([[
1204 #include <stdio.h>
1205 #include <skey.h>
1206 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1207 ]])],
1208 [AC_MSG_RESULT(yes)],
1209 [
1210 AC_MSG_RESULT(no)
1211 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1212 ])
1213 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1214 AC_TRY_COMPILE(
1215 [#include <stdio.h>
1216 #include <skey.h>],
1217 [(void)skeychallenge(NULL,"name","",0);],
1218 [AC_MSG_RESULT(yes)
1219 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1220 [Define if your skeychallenge()
1221 function takes 4 arguments (NetBSD)])],
1222 [AC_MSG_RESULT(no)]
1223 )
1224 fi
1225 ]
1226 )
1228 # Check whether user wants TCP wrappers support
1229 TCPW_MSG="no"
1230 AC_ARG_WITH(tcp-wrappers,
1231 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1232 [
1233 if test "x$withval" != "xno" ; then
1234 saved_LIBS="$LIBS"
1235 saved_LDFLAGS="$LDFLAGS"
1236 saved_CPPFLAGS="$CPPFLAGS"
1237 if test -n "${withval}" && \
1238 test "x${withval}" != "xyes"; then
1239 if test -d "${withval}/lib"; then
1240 if test -n "${need_dash_r}"; then
1241 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1242 else
1243 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1244 fi
1245 else
1246 if test -n "${need_dash_r}"; then
1247 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1248 else
1249 LDFLAGS="-L${withval} ${LDFLAGS}"
1250 fi
1251 fi
1252 if test -d "${withval}/include"; then
1253 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1254 else
1255 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1256 fi
1257 fi
1258 LIBS="-lwrap $LIBS"
1259 AC_MSG_CHECKING(for libwrap)
1260 AC_TRY_LINK(
1261 [
1262 #include <sys/types.h>
1263 #include <sys/socket.h>
1264 #include <netinet/in.h>
1265 #include <tcpd.h>
1266 int deny_severity = 0, allow_severity = 0;
1267 ],
1268 [hosts_access(0);],
1269 [
1270 AC_MSG_RESULT(yes)
1271 AC_DEFINE(LIBWRAP, 1,
1272 [Define if you want
1273 TCP Wrappers support])
1274 SSHDLIBS="$SSHDLIBS -lwrap"
1275 TCPW_MSG="yes"
1276 ],
1277 [
1278 AC_MSG_ERROR([*** libwrap missing])
1279 ]
1280 )
1281 LIBS="$saved_LIBS"
1282 fi
1283 ]
1284 )
1286 # Check whether user wants libedit support
1287 LIBEDIT_MSG="no"
1288 AC_ARG_WITH(libedit,
1289 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1290 [ if test "x$withval" != "xno" ; then
1291 if test "x$withval" = "xyes" ; then
1292 AC_PATH_PROG(PKGCONFIG, pkg-config, no)
1293 if test "x$PKGCONFIG" != "xno"; then
1294 AC_MSG_CHECKING(if $PKGCONFIG knows about libedit)
1295 if "$PKGCONFIG" libedit; then
1296 AC_MSG_RESULT(yes)
1297 use_pkgconfig_for_libedit=yes
1298 else
1299 AC_MSG_RESULT(no)
1300 fi
1301 fi
1302 else
1303 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1304 if test -n "${need_dash_r}"; then
1305 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1306 else
1307 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1308 fi
1309 fi
1310 if test "x$use_pkgconfig_for_libedit" = "xyes"; then
1311 LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
1312 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
1313 else
1314 LIBEDIT="-ledit -lcurses"
1315 fi
1316 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
1317 AC_CHECK_LIB(edit, el_init,
1318 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1319 LIBEDIT_MSG="yes"
1320 AC_SUBST(LIBEDIT)
1321 ],
1322 [ AC_MSG_ERROR(libedit not found) ],
1323 [ $OTHERLIBS ]
1324 )
1325 AC_MSG_CHECKING(if libedit version is compatible)
1326 AC_COMPILE_IFELSE(
1327 [AC_LANG_SOURCE([[
1328 #include <histedit.h>
1329 int main(void)
1330 {
1331 int i = H_SETSIZE;
1332 el_init("", NULL, NULL, NULL);
1333 exit(0);
1334 }
1335 ]])],
1336 [ AC_MSG_RESULT(yes) ],
1337 [ AC_MSG_RESULT(no)
1338 AC_MSG_ERROR(libedit version is not compatible) ]
1339 )
1340 fi ]
1341 )
1343 AUDIT_MODULE=none
1344 AC_ARG_WITH(audit,
1345 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1346 [
1347 AC_MSG_CHECKING(for supported audit module)
1348 case "$withval" in
1349 bsm)
1350 AC_MSG_RESULT(bsm)
1351 AUDIT_MODULE=bsm
1352 dnl Checks for headers, libs and functions
1353 AC_CHECK_HEADERS(bsm/audit.h, [],
1354 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1355 [
1356 #ifdef HAVE_TIME_H
1357 # include <time.h>
1358 #endif
1359 ]
1360 )
1361 AC_CHECK_LIB(bsm, getaudit, [],
1362 [AC_MSG_ERROR(BSM enabled and required library not found)])
1363 AC_CHECK_FUNCS(getaudit, [],
1364 [AC_MSG_ERROR(BSM enabled and required function not found)])
1365 # These are optional
1366 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1367 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1368 ;;
1369 debug)
1370 AUDIT_MODULE=debug
1371 AC_MSG_RESULT(debug)
1372 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1373 ;;
1374 no)
1375 AC_MSG_RESULT(no)
1376 ;;
1377 *)
1378 AC_MSG_ERROR([Unknown audit module $withval])
1379 ;;
1380 esac ]
1381 )
1383 dnl Checks for library functions. Please keep in alphabetical order
1384 AC_CHECK_FUNCS( \
1385 arc4random \
1386 arc4random_buf \
1387 arc4random_uniform \
1388 asprintf \
1389 b64_ntop \
1390 __b64_ntop \
1391 b64_pton \
1392 __b64_pton \
1393 bcopy \
1394 bindresvport_sa \
1395 clock \
1396 closefrom \
1397 dirfd \
1398 fchmod \
1399 fchown \
1400 freeaddrinfo \
1401 fstatvfs \
1402 futimes \
1403 getaddrinfo \
1404 getcwd \
1405 getgrouplist \
1406 getnameinfo \
1407 getopt \
1408 getpeereid \
1409 getpeerucred \
1410 _getpty \
1411 getrlimit \
1412 getttyent \
1413 glob \
1414 group_from_gid \
1415 inet_aton \
1416 inet_ntoa \
1417 inet_ntop \
1418 innetgr \
1419 login_getcapbool \
1420 md5_crypt \
1421 memmove \
1422 mkdtemp \
1423 mmap \
1424 ngetaddrinfo \
1425 nsleep \
1426 ogetaddrinfo \
1427 openlog_r \
1428 openpty \
1429 poll \
1430 prctl \
1431 pstat \
1432 readpassphrase \
1433 realpath \
1434 recvmsg \
1435 rresvport_af \
1436 sendmsg \
1437 setdtablesize \
1438 setegid \
1439 setenv \
1440 seteuid \
1441 setgroupent \
1442 setgroups \
1443 setlogin \
1444 setpassent\
1445 setpcred \
1446 setproctitle \
1447 setregid \
1448 setreuid \
1449 setrlimit \
1450 setsid \
1451 setvbuf \
1452 sigaction \
1453 sigvec \
1454 snprintf \
1455 socketpair \
1456 statfs \
1457 statvfs \
1458 strdup \
1459 strerror \
1460 strlcat \
1461 strlcpy \
1462 strmode \
1463 strnvis \
1464 strptime \
1465 strtonum \
1466 strtoll \
1467 strtoul \
1468 swap32 \
1469 sysconf \
1470 tcgetpgrp \
1471 timingsafe_bcmp \
1472 truncate \
1473 unsetenv \
1474 updwtmpx \
1475 user_from_uid \
1476 vasprintf \
1477 vhangup \
1478 vsnprintf \
1479 waitpid \
1480 )
1482 AC_LINK_IFELSE(
1483 [
1484 #include <ctype.h>
1485 int main(void)
1486 {
1487 return (isblank('a'));
1488 }
1489 ],
1490 [AC_DEFINE(HAVE_ISBLANK, 1, [Define if you have isblank(3C).])
1491 ])
1493 # PKCS#11 support requires dlopen() and co
1494 AC_SEARCH_LIBS(dlopen, dl,
1495 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
1496 )
1498 # IRIX has a const char return value for gai_strerror()
1499 AC_CHECK_FUNCS(gai_strerror,[
1500 AC_DEFINE(HAVE_GAI_STRERROR)
1501 AC_TRY_COMPILE([
1502 #include <sys/types.h>
1503 #include <sys/socket.h>
1504 #include <netdb.h>
1506 const char *gai_strerror(int);],[
1507 char *str;
1509 str = gai_strerror(0);],[
1510 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1511 [Define if gai_strerror() returns const char *])])])
1513 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1514 [Some systems put nanosleep outside of libc]))
1516 dnl Make sure prototypes are defined for these before using them.
1517 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1518 AC_CHECK_DECL(strsep,
1519 [AC_CHECK_FUNCS(strsep)],
1520 [],
1521 [
1522 #ifdef HAVE_STRING_H
1523 # include <string.h>
1524 #endif
1525 ])
1527 dnl tcsendbreak might be a macro
1528 AC_CHECK_DECL(tcsendbreak,
1529 [AC_DEFINE(HAVE_TCSENDBREAK)],
1530 [AC_CHECK_FUNCS(tcsendbreak)],
1531 [#include <termios.h>]
1532 )
1534 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1536 AC_CHECK_DECLS(SHUT_RD, , ,
1537 [
1538 #include <sys/types.h>
1539 #include <sys/socket.h>
1540 ])
1542 AC_CHECK_DECLS(O_NONBLOCK, , ,
1543 [
1544 #include <sys/types.h>
1545 #ifdef HAVE_SYS_STAT_H
1546 # include <sys/stat.h>
1547 #endif
1548 #ifdef HAVE_FCNTL_H
1549 # include <fcntl.h>
1550 #endif
1551 ])
1553 AC_CHECK_DECLS(writev, , , [
1554 #include <sys/types.h>
1555 #include <sys/uio.h>
1556 #include <unistd.h>
1557 ])
1559 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1560 #include <sys/param.h>
1561 ])
1563 AC_CHECK_DECLS(offsetof, , , [
1564 #include <stddef.h>
1565 ])
1567 AC_CHECK_FUNCS(setresuid, [
1568 dnl Some platorms have setresuid that isn't implemented, test for this
1569 AC_MSG_CHECKING(if setresuid seems to work)
1570 AC_RUN_IFELSE(
1571 [AC_LANG_SOURCE([[
1572 #include <stdlib.h>
1573 #include <errno.h>
1574 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1575 ]])],
1576 [AC_MSG_RESULT(yes)],
1577 [AC_DEFINE(BROKEN_SETRESUID, 1,
1578 [Define if your setresuid() is broken])
1579 AC_MSG_RESULT(not implemented)],
1580 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1581 )
1582 ])
1584 AC_CHECK_FUNCS(setresgid, [
1585 dnl Some platorms have setresgid that isn't implemented, test for this
1586 AC_MSG_CHECKING(if setresgid seems to work)
1587 AC_RUN_IFELSE(
1588 [AC_LANG_SOURCE([[
1589 #include <stdlib.h>
1590 #include <errno.h>
1591 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1592 ]])],
1593 [AC_MSG_RESULT(yes)],
1594 [AC_DEFINE(BROKEN_SETRESGID, 1,
1595 [Define if your setresgid() is broken])
1596 AC_MSG_RESULT(not implemented)],
1597 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1598 )
1599 ])
1601 dnl Checks for time functions
1602 AC_CHECK_FUNCS(gettimeofday time)
1603 dnl Checks for utmp functions
1604 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1605 AC_CHECK_FUNCS(utmpname)
1606 dnl Checks for utmpx functions
1607 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline getutxuser pututxline)
1608 AC_CHECK_FUNCS(setutxdb setutxent utmpxname)
1609 dnl Checks for lastlog functions
1610 AC_CHECK_FUNCS(getlastlogxbyname)
1612 AC_CHECK_FUNC(daemon,
1613 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1614 [AC_CHECK_LIB(bsd, daemon,
1615 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1616 )
1618 AC_CHECK_FUNC(getpagesize,
1619 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1620 [Define if your libraries define getpagesize()])],
1621 [AC_CHECK_LIB(ucb, getpagesize,
1622 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1623 )
1625 # Check for broken snprintf
1626 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1627 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1628 AC_RUN_IFELSE(
1629 [AC_LANG_SOURCE([[
1630 #include <stdio.h>
1631 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1632 ]])],
1633 [AC_MSG_RESULT(yes)],
1634 [
1635 AC_MSG_RESULT(no)
1636 AC_DEFINE(BROKEN_SNPRINTF, 1,
1637 [Define if your snprintf is busted])
1638 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1639 ],
1640 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1641 )
1642 fi
1644 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1645 # returning the right thing on overflow: the number of characters it tried to
1646 # create (as per SUSv3)
1647 if test "x$ac_cv_func_asprintf" != "xyes" && \
1648 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1649 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1650 AC_RUN_IFELSE(
1651 [AC_LANG_SOURCE([[
1652 #include <sys/types.h>
1653 #include <stdio.h>
1654 #include <stdarg.h>
1656 int x_snprintf(char *str,size_t count,const char *fmt,...)
1657 {
1658 size_t ret; va_list ap;
1659 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1660 return ret;
1661 }
1662 int main(void)
1663 {
1664 char x[1];
1665 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1666 } ]])],
1667 [AC_MSG_RESULT(yes)],
1668 [
1669 AC_MSG_RESULT(no)
1670 AC_DEFINE(BROKEN_SNPRINTF, 1,
1671 [Define if your snprintf is busted])
1672 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1673 ],
1674 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1675 )
1676 fi
1678 # On systems where [v]snprintf is broken, but is declared in stdio,
1679 # check that the fmt argument is const char * or just char *.
1680 # This is only useful for when BROKEN_SNPRINTF
1681 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1682 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1683 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1684 int main(void) { snprintf(0, 0, 0); }
1685 ]])],
1686 [AC_MSG_RESULT(yes)
1687 AC_DEFINE(SNPRINTF_CONST, [const],
1688 [Define as const if snprintf() can declare const char *fmt])],
1689 [AC_MSG_RESULT(no)
1690 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1692 # Check for missing getpeereid (or equiv) support
1693 NO_PEERCHECK=""
1694 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1695 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1696 AC_TRY_COMPILE(
1697 [#include <sys/types.h>
1698 #include <sys/socket.h>],
1699 [int i = SO_PEERCRED;],
1700 [ AC_MSG_RESULT(yes)
1701 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1702 ],
1703 [AC_MSG_RESULT(no)
1704 NO_PEERCHECK=1]
1705 )
1706 fi
1708 dnl see whether mkstemp() requires XXXXXX
1709 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1710 AC_MSG_CHECKING([for (overly) strict mkstemp])
1711 AC_RUN_IFELSE(
1712 [AC_LANG_SOURCE([[
1713 #include <stdlib.h>
1714 main() { char template[]="conftest.mkstemp-test";
1715 if (mkstemp(template) == -1)
1716 exit(1);
1717 unlink(template); exit(0);
1718 }
1719 ]])],
1720 [
1721 AC_MSG_RESULT(no)
1722 ],
1723 [
1724 AC_MSG_RESULT(yes)
1725 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1726 ],
1727 [
1728 AC_MSG_RESULT(yes)
1729 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1730 ]
1731 )
1732 fi
1734 dnl make sure that openpty does not reacquire controlling terminal
1735 if test ! -z "$check_for_openpty_ctty_bug"; then
1736 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1737 AC_RUN_IFELSE(
1738 [AC_LANG_SOURCE([[
1739 #include <stdio.h>
1740 #include <sys/fcntl.h>
1741 #include <sys/types.h>
1742 #include <sys/wait.h>
1744 int
1745 main()
1746 {
1747 pid_t pid;
1748 int fd, ptyfd, ttyfd, status;
1750 pid = fork();
1751 if (pid < 0) { /* failed */
1752 exit(1);
1753 } else if (pid > 0) { /* parent */
1754 waitpid(pid, &status, 0);
1755 if (WIFEXITED(status))
1756 exit(WEXITSTATUS(status));
1757 else
1758 exit(2);
1759 } else { /* child */
1760 close(0); close(1); close(2);
1761 setsid();
1762 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1763 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1764 if (fd >= 0)
1765 exit(3); /* Acquired ctty: broken */
1766 else
1767 exit(0); /* Did not acquire ctty: OK */
1768 }
1769 }
1770 ]])],
1771 [
1772 AC_MSG_RESULT(yes)
1773 ],
1774 [
1775 AC_MSG_RESULT(no)
1776 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1777 ],
1778 [
1779 AC_MSG_RESULT(cross-compiling, assuming yes)
1780 ]
1781 )
1782 fi
1784 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1785 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1786 AC_MSG_CHECKING(if getaddrinfo seems to work)
1787 AC_RUN_IFELSE(
1788 [AC_LANG_SOURCE([[
1789 #include <stdio.h>
1790 #include <sys/socket.h>
1791 #include <netdb.h>
1792 #include <errno.h>
1793 #include <netinet/in.h>
1795 #define TEST_PORT "2222"
1797 int
1798 main(void)
1799 {
1800 int err, sock;
1801 struct addrinfo *gai_ai, *ai, hints;
1802 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1804 memset(&hints, 0, sizeof(hints));
1805 hints.ai_family = PF_UNSPEC;
1806 hints.ai_socktype = SOCK_STREAM;
1807 hints.ai_flags = AI_PASSIVE;
1809 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1810 if (err != 0) {
1811 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1812 exit(1);
1813 }
1815 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1816 if (ai->ai_family != AF_INET6)
1817 continue;
1819 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1820 sizeof(ntop), strport, sizeof(strport),
1821 NI_NUMERICHOST|NI_NUMERICSERV);
1823 if (err != 0) {
1824 if (err == EAI_SYSTEM)
1825 perror("getnameinfo EAI_SYSTEM");
1826 else
1827 fprintf(stderr, "getnameinfo failed: %s\n",
1828 gai_strerror(err));
1829 exit(2);
1830 }
1832 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1833 if (sock < 0)
1834 perror("socket");
1835 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1836 if (errno == EBADF)
1837 exit(3);
1838 }
1839 }
1840 exit(0);
1841 }
1842 ]])],
1843 [
1844 AC_MSG_RESULT(yes)
1845 ],
1846 [
1847 AC_MSG_RESULT(no)
1848 AC_DEFINE(BROKEN_GETADDRINFO)
1849 ],
1850 [
1851 AC_MSG_RESULT(cross-compiling, assuming yes)
1852 ]
1853 )
1854 fi
1856 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1857 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1858 AC_MSG_CHECKING(if getaddrinfo seems to work)
1859 AC_RUN_IFELSE(
1860 [AC_LANG_SOURCE([[
1861 #include <stdio.h>
1862 #include <sys/socket.h>
1863 #include <netdb.h>
1864 #include <errno.h>
1865 #include <netinet/in.h>
1867 #define TEST_PORT "2222"
1869 int
1870 main(void)
1871 {
1872 int err, sock;
1873 struct addrinfo *gai_ai, *ai, hints;
1874 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1876 memset(&hints, 0, sizeof(hints));
1877 hints.ai_family = PF_UNSPEC;
1878 hints.ai_socktype = SOCK_STREAM;
1879 hints.ai_flags = AI_PASSIVE;
1881 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1882 if (err != 0) {
1883 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1884 exit(1);
1885 }
1887 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1888 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1889 continue;
1891 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1892 sizeof(ntop), strport, sizeof(strport),
1893 NI_NUMERICHOST|NI_NUMERICSERV);
1895 if (ai->ai_family == AF_INET && err != 0) {
1896 perror("getnameinfo");
1897 exit(2);
1898 }
1899 }
1900 exit(0);
1901 }
1902 ]])],
1903 [
1904 AC_MSG_RESULT(yes)
1905 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1906 [Define if you have a getaddrinfo that fails
1907 for the all-zeros IPv6 address])
1908 ],
1909 [
1910 AC_MSG_RESULT(no)
1911 AC_DEFINE(BROKEN_GETADDRINFO)
1912 ],
1913 [
1914 AC_MSG_RESULT(cross-compiling, assuming no)
1915 ]
1916 )
1917 fi
1919 if test "x$check_for_conflicting_getspnam" = "x1"; then
1920 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1921 AC_COMPILE_IFELSE(
1922 [
1923 #include <shadow.h>
1924 int main(void) {exit(0);}
1925 ],
1926 [
1927 AC_MSG_RESULT(no)
1928 ],
1929 [
1930 AC_MSG_RESULT(yes)
1931 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1932 [Conflicting defs for getspnam])
1933 ]
1934 )
1935 fi
1937 AC_FUNC_GETPGRP
1939 # Search for OpenSSL
1940 saved_CPPFLAGS="$CPPFLAGS"
1941 saved_LDFLAGS="$LDFLAGS"
1942 AC_ARG_WITH(ssl-dir,
1943 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1944 [
1945 if test "x$withval" != "xno" ; then
1946 case "$withval" in
1947 # Relative paths
1948 ./*|../*) withval="`pwd`/$withval"
1949 esac
1950 if test -d "$withval/lib"; then
1951 if test -n "${need_dash_r}"; then
1952 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1953 else
1954 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1955 fi
1956 elif test -d "$withval/lib64"; then
1957 if test -n "${need_dash_r}"; then
1958 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
1959 else
1960 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
1961 fi
1962 else
1963 if test -n "${need_dash_r}"; then
1964 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1965 else
1966 LDFLAGS="-L${withval} ${LDFLAGS}"
1967 fi
1968 fi
1969 if test -d "$withval/include"; then
1970 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1971 else
1972 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1973 fi
1974 fi
1975 ]
1976 )
1977 LIBS="-lcrypto $LIBS"
1978 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1979 [Define if your ssl headers are included
1980 with #include <openssl/header.h>]),
1981 [
1982 dnl Check default openssl install dir
1983 if test -n "${need_dash_r}"; then
1984 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1985 else
1986 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1987 fi
1988 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1989 AC_CHECK_HEADER([openssl/opensslv.h], ,
1990 AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***]))
1991 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1992 [
1993 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1994 ]
1995 )
1996 ]
1997 )
1999 # Determine OpenSSL header version
2000 AC_MSG_CHECKING([OpenSSL header version])
2001 AC_RUN_IFELSE(
2002 [AC_LANG_SOURCE([[
2003 #include <stdio.h>
2004 #include <string.h>
2005 #include <openssl/opensslv.h>
2006 #define DATA "conftest.sslincver"
2007 int main(void) {
2008 FILE *fd;
2009 int rc;
2011 fd = fopen(DATA,"w");
2012 if(fd == NULL)
2013 exit(1);
2015 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2016 exit(1);
2018 exit(0);
2019 }
2020 ]])],
2021 [
2022 ssl_header_ver=`cat conftest.sslincver`
2023 AC_MSG_RESULT($ssl_header_ver)
2024 ],
2025 [
2026 AC_MSG_RESULT(not found)
2027 AC_MSG_ERROR(OpenSSL version header not found.)
2028 ],
2029 [
2030 AC_MSG_WARN([cross compiling: not checking])
2031 ]
2032 )
2034 # Determine OpenSSL library version
2035 AC_MSG_CHECKING([OpenSSL library version])
2036 AC_RUN_IFELSE(
2037 [AC_LANG_SOURCE([[
2038 #include <stdio.h>
2039 #include <string.h>
2040 #include <openssl/opensslv.h>
2041 #include <openssl/crypto.h>
2042 #define DATA "conftest.ssllibver"
2043 int main(void) {
2044 FILE *fd;
2045 int rc;
2047 fd = fopen(DATA,"w");
2048 if(fd == NULL)
2049 exit(1);
2051 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2052 exit(1);
2054 exit(0);
2055 }
2056 ]])],
2057 [
2058 ssl_library_ver=`cat conftest.ssllibver`
2059 AC_MSG_RESULT($ssl_library_ver)
2060 ],
2061 [
2062 AC_MSG_RESULT(not found)
2063 AC_MSG_ERROR(OpenSSL library not found.)
2064 ],
2065 [
2066 AC_MSG_WARN([cross compiling: not checking])
2067 ]
2068 )
2070 AC_ARG_WITH(openssl-header-check,
2071 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2072 [ if test "x$withval" = "xno" ; then
2073 openssl_check_nonfatal=1
2074 fi
2075 ]
2076 )
2078 # Sanity check OpenSSL headers
2079 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2080 AC_RUN_IFELSE(
2081 [AC_LANG_SOURCE([[
2082 #include <string.h>
2083 #include <openssl/opensslv.h>
2084 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2085 ]])],
2086 [
2087 AC_MSG_RESULT(yes)
2088 ],
2089 [
2090 AC_MSG_RESULT(no)
2091 if test "x$openssl_check_nonfatal" = "x"; then
2092 AC_MSG_ERROR([Your OpenSSL headers do not match your
2093 library. Check config.log for details.
2094 If you are sure your installation is consistent, you can disable the check
2095 by running "./configure --without-openssl-header-check".
2096 Also see contrib/findssl.sh for help identifying header/library mismatches.
2097 ])
2098 else
2099 AC_MSG_WARN([Your OpenSSL headers do not match your
2100 library. Check config.log for details.
2101 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2102 fi
2103 ],
2104 [
2105 AC_MSG_WARN([cross compiling: not checking])
2106 ]
2107 )
2109 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2110 AC_LINK_IFELSE(
2111 [AC_LANG_SOURCE([[
2112 #include <openssl/evp.h>
2113 int main(void) { SSLeay_add_all_algorithms(); }
2114 ]])],
2115 [
2116 AC_MSG_RESULT(yes)
2117 ],
2118 [
2119 AC_MSG_RESULT(no)
2120 saved_LIBS="$LIBS"
2121 LIBS="$LIBS -ldl"
2122 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2123 AC_LINK_IFELSE(
2124 [AC_LANG_SOURCE([[
2125 #include <openssl/evp.h>
2126 int main(void) { SSLeay_add_all_algorithms(); }
2127 ]])],
2128 [
2129 AC_MSG_RESULT(yes)
2130 ],
2131 [
2132 AC_MSG_RESULT(no)
2133 LIBS="$saved_LIBS"
2134 ]
2135 )
2136 ]
2137 )
2139 AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex)
2141 AC_ARG_WITH(ssl-engine,
2142 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2143 [ if test "x$withval" != "xno" ; then
2144 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2145 AC_TRY_COMPILE(
2146 [ #include <openssl/engine.h>],
2147 [
2148 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2149 ],
2150 [ AC_MSG_RESULT(yes)
2151 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2152 [Enable OpenSSL engine support])
2153 ],
2154 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2155 )
2156 fi ]
2157 )
2159 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2160 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2161 AC_LINK_IFELSE(
2162 [AC_LANG_SOURCE([[
2163 #include <string.h>
2164 #include <openssl/evp.h>
2165 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2166 ]])],
2167 [
2168 AC_MSG_RESULT(no)
2169 ],
2170 [
2171 AC_MSG_RESULT(yes)
2172 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2173 [libcrypto is missing AES 192 and 256 bit functions])
2174 ]
2175 )
2177 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2178 AC_LINK_IFELSE(
2179 [AC_LANG_SOURCE([[
2180 #include <string.h>
2181 #include <openssl/evp.h>
2182 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2183 ]])],
2184 [
2185 AC_MSG_RESULT(yes)
2186 ],
2187 [
2188 AC_MSG_RESULT(no)
2189 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2190 [Define if EVP_DigestUpdate returns void])
2191 ]
2192 )
2194 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2195 # because the system crypt() is more featureful.
2196 if test "x$check_for_libcrypt_before" = "x1"; then
2197 AC_CHECK_LIB(crypt, crypt)
2198 fi
2200 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2201 # version in OpenSSL.
2202 if test "x$check_for_libcrypt_later" = "x1"; then
2203 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2204 fi
2206 # Search for SHA256 support in libc and/or OpenSSL
2207 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2209 # Check complete ECC support in OpenSSL
2210 AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
2211 AC_LINK_IFELSE(
2212 [AC_LANG_SOURCE([[
2213 #include <openssl/ec.h>
2214 #include <openssl/evp.h>
2215 #include <openssl/objects.h>
2216 int main(void) {
2217 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
2218 const EVP_MD *m = EVP_sha512(); /* We need this too */
2219 }
2220 ]])],
2221 [
2222 AC_MSG_RESULT(yes)
2223 AC_DEFINE(OPENSSL_HAS_ECC, 1,
2224 [libcrypto includes complete ECC support])
2225 TEST_SSH_ECC=yes
2226 ],
2227 [
2228 AC_MSG_RESULT(no)
2229 TEST_SSH_ECC=no
2230 ]
2231 )
2232 AC_SUBST(TEST_SSH_ECC)
2234 saved_LIBS="$LIBS"
2235 AC_CHECK_LIB(iaf, ia_openinfo, [
2236 LIBS="$LIBS -liaf"
2237 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2238 AC_DEFINE(HAVE_LIBIAF, 1,
2239 [Define if system has libiaf that supports set_id])
2240 ])
2241 ])
2242 LIBS="$saved_LIBS"
2244 ### Configure cryptographic random number support
2246 # Check wheter OpenSSL seeds itself
2247 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2248 AC_RUN_IFELSE(
2249 [AC_LANG_SOURCE([[
2250 #include <string.h>
2251 #include <openssl/rand.h>
2252 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2253 ]])],
2254 [
2255 OPENSSL_SEEDS_ITSELF=yes
2256 AC_MSG_RESULT(yes)
2257 ],
2258 [
2259 AC_MSG_RESULT(no)
2260 # Default to use of the rand helper if OpenSSL doesn't
2261 # seed itself
2262 USE_RAND_HELPER=yes
2263 ],
2264 [
2265 AC_MSG_WARN([cross compiling: assuming yes])
2266 # This is safe, since all recent OpenSSL versions will
2267 # complain at runtime if not seeded correctly.
2268 OPENSSL_SEEDS_ITSELF=yes
2269 ]
2270 )
2272 # Check for PAM libs
2273 PAM_MSG="no"
2274 AC_ARG_WITH(pam,
2275 [ --with-pam Enable PAM support ],
2276 [
2277 if test "x$withval" != "xno" ; then
2278 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2279 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2280 AC_MSG_ERROR([PAM headers not found])
2281 fi
2283 saved_LIBS="$LIBS"
2284 AC_CHECK_LIB(dl, dlopen, , )
2285 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2286 AC_CHECK_FUNCS(pam_getenvlist)
2287 AC_CHECK_FUNCS(pam_putenv)
2288 LIBS="$saved_LIBS"
2290 PAM_MSG="yes"
2292 SSHDLIBS="$SSHDLIBS -lpam"
2293 AC_DEFINE(USE_PAM, 1,
2294 [Define if you want to enable PAM support])
2296 if test $ac_cv_lib_dl_dlopen = yes; then
2297 case "$LIBS" in
2298 *-ldl*)
2299 # libdl already in LIBS
2300 ;;
2301 *)
2302 SSHDLIBS="$SSHDLIBS -ldl"
2303 ;;
2304 esac
2305 fi
2306 fi
2307 ]
2308 )
2310 # Check for older PAM
2311 if test "x$PAM_MSG" = "xyes" ; then
2312 # Check PAM strerror arguments (old PAM)
2313 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2314 AC_TRY_COMPILE(
2315 [
2316 #include <stdlib.h>
2317 #if defined(HAVE_SECURITY_PAM_APPL_H)
2318 #include <security/pam_appl.h>
2319 #elif defined (HAVE_PAM_PAM_APPL_H)
2320 #include <pam/pam_appl.h>
2321 #endif
2322 ],
2323 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2324 [AC_MSG_RESULT(no)],
2325 [
2326 AC_DEFINE(HAVE_OLD_PAM, 1,
2327 [Define if you have an old version of PAM
2328 which takes only one argument to pam_strerror])
2329 AC_MSG_RESULT(yes)
2330 PAM_MSG="yes (old library)"
2331 ]
2332 )
2333 fi
2335 # Do we want to force the use of the rand helper?
2336 AC_ARG_WITH(rand-helper,
2337 [ --with-rand-helper Use subprocess to gather strong randomness ],
2338 [
2339 if test "x$withval" = "xno" ; then
2340 # Force use of OpenSSL's internal RNG, even if
2341 # the previous test showed it to be unseeded.
2342 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2343 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2344 OPENSSL_SEEDS_ITSELF=yes
2345 USE_RAND_HELPER=""
2346 fi
2347 else
2348 USE_RAND_HELPER=yes
2349 fi
2350 ],
2351 )
2353 # Which randomness source do we use?
2354 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2355 # OpenSSL only
2356 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2357 [Define if you want OpenSSL's internally seeded PRNG only])
2358 RAND_MSG="OpenSSL internal ONLY"
2359 INSTALL_SSH_RAND_HELPER=""
2360 elif test ! -z "$USE_RAND_HELPER" ; then
2361 # install rand helper
2362 RAND_MSG="ssh-rand-helper"
2363 INSTALL_SSH_RAND_HELPER="yes"
2364 fi
2365 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2367 ### Configuration of ssh-rand-helper
2369 # PRNGD TCP socket
2370 AC_ARG_WITH(prngd-port,
2371 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2372 [
2373 case "$withval" in
2374 no)
2375 withval=""
2376 ;;
2377 [[0-9]]*)
2378 ;;
2379 *)
2380 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2381 ;;
2382 esac
2383 if test ! -z "$withval" ; then
2384 PRNGD_PORT="$withval"
2385 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2386 [Port number of PRNGD/EGD random number socket])
2387 fi
2388 ]
2389 )
2391 # PRNGD Unix domain socket
2392 AC_ARG_WITH(prngd-socket,
2393 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2394 [
2395 case "$withval" in
2396 yes)
2397 withval="/var/run/egd-pool"
2398 ;;
2399 no)
2400 withval=""
2401 ;;
2402 /*)
2403 ;;
2404 *)
2405 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2406 ;;
2407 esac
2409 if test ! -z "$withval" ; then
2410 if test ! -z "$PRNGD_PORT" ; then
2411 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2412 fi
2413 if test ! -r "$withval" ; then
2414 AC_MSG_WARN(Entropy socket is not readable)
2415 fi
2416 PRNGD_SOCKET="$withval"
2417 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2418 [Location of PRNGD/EGD random number socket])
2419 fi
2420 ],
2421 [
2422 # Check for existing socket only if we don't have a random device already
2423 if test "$USE_RAND_HELPER" = yes ; then
2424 AC_MSG_CHECKING(for PRNGD/EGD socket)
2425 # Insert other locations here
2426 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2427 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2428 PRNGD_SOCKET="$sock"
2429 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2430 break;
2431 fi
2432 done
2433 if test ! -z "$PRNGD_SOCKET" ; then
2434 AC_MSG_RESULT($PRNGD_SOCKET)
2435 else
2436 AC_MSG_RESULT(not found)
2437 fi
2438 fi
2439 ]
2440 )
2442 # Change default command timeout for hashing entropy source
2443 entropy_timeout=200
2444 AC_ARG_WITH(entropy-timeout,
2445 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2446 [
2447 if test -n "$withval" && test "x$withval" != "xno" && \
2448 test "x${withval}" != "xyes"; then
2449 entropy_timeout=$withval
2450 fi
2451 ]
2452 )
2453 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2454 [Builtin PRNG command timeout])
2456 SSH_PRIVSEP_USER=sshd
2457 AC_ARG_WITH(privsep-user,
2458 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2459 [
2460 if test -n "$withval" && test "x$withval" != "xno" && \
2461 test "x${withval}" != "xyes"; then
2462 SSH_PRIVSEP_USER=$withval
2463 fi
2464 ]
2465 )
2466 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2467 [non-privileged user for privilege separation])
2468 AC_SUBST(SSH_PRIVSEP_USER)
2470 # We do this little dance with the search path to insure
2471 # that programs that we select for use by installed programs
2472 # (which may be run by the super-user) come from trusted
2473 # locations before they come from the user's private area.
2474 # This should help avoid accidentally configuring some
2475 # random version of a program in someone's personal bin.
2477 OPATH=$PATH
2478 PATH=/bin:/usr/bin
2479 test -h /bin 2> /dev/null && PATH=/usr/bin
2480 test -d /sbin && PATH=$PATH:/sbin
2481 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2482 PATH=$PATH:/etc:$OPATH
2484 # These programs are used by the command hashing source to gather entropy
2485 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2486 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2487 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2488 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2489 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2490 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2491 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2492 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2493 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2494 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2495 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2496 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2497 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2498 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2499 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2500 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2501 # restore PATH
2502 PATH=$OPATH
2504 # Where does ssh-rand-helper get its randomness from?
2505 INSTALL_SSH_PRNG_CMDS=""
2506 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2507 if test ! -z "$PRNGD_PORT" ; then
2508 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2509 elif test ! -z "$PRNGD_SOCKET" ; then
2510 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2511 else
2512 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2513 RAND_HELPER_CMDHASH=yes
2514 INSTALL_SSH_PRNG_CMDS="yes"
2515 fi
2516 fi
2517 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2520 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2521 if test ! -z "$SONY" ; then
2522 LIBS="$LIBS -liberty";
2523 fi
2525 # Check for long long datatypes
2526 AC_CHECK_TYPES([long long, unsigned long long, long double])
2528 # Check datatype sizes
2529 AC_CHECK_SIZEOF(char, 1)
2530 AC_CHECK_SIZEOF(short int, 2)
2531 AC_CHECK_SIZEOF(int, 4)
2532 AC_CHECK_SIZEOF(long int, 4)
2533 AC_CHECK_SIZEOF(long long int, 8)
2535 # Sanity check long long for some platforms (AIX)
2536 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2537 ac_cv_sizeof_long_long_int=0
2538 fi
2540 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2541 if test -z "$have_llong_max"; then
2542 AC_MSG_CHECKING([for max value of long long])
2543 AC_RUN_IFELSE(
2544 [AC_LANG_SOURCE([[
2545 #include <stdio.h>
2546 /* Why is this so damn hard? */
2547 #ifdef __GNUC__
2548 # undef __GNUC__
2549 #endif
2550 #define __USE_ISOC99
2551 #include <limits.h>
2552 #define DATA "conftest.llminmax"
2553 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2555 /*
2556 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2557 * we do this the hard way.
2558 */
2559 static int
2560 fprint_ll(FILE *f, long long n)
2561 {
2562 unsigned int i;
2563 int l[sizeof(long long) * 8];
2565 if (n < 0)
2566 if (fprintf(f, "-") < 0)
2567 return -1;
2568 for (i = 0; n != 0; i++) {
2569 l[i] = my_abs(n % 10);
2570 n /= 10;
2571 }
2572 do {
2573 if (fprintf(f, "%d", l[--i]) < 0)
2574 return -1;
2575 } while (i != 0);
2576 if (fprintf(f, " ") < 0)
2577 return -1;
2578 return 0;
2579 }
2581 int main(void) {
2582 FILE *f;
2583 long long i, llmin, llmax = 0;
2585 if((f = fopen(DATA,"w")) == NULL)
2586 exit(1);
2588 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2589 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2590 llmin = LLONG_MIN;
2591 llmax = LLONG_MAX;
2592 #else
2593 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2594 /* This will work on one's complement and two's complement */
2595 for (i = 1; i > llmax; i <<= 1, i++)
2596 llmax = i;
2597 llmin = llmax + 1LL; /* wrap */
2598 #endif
2600 /* Sanity check */
2601 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2602 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2603 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2604 fprintf(f, "unknown unknown\n");
2605 exit(2);
2606 }
2608 if (fprint_ll(f, llmin) < 0)
2609 exit(3);
2610 if (fprint_ll(f, llmax) < 0)
2611 exit(4);
2612 if (fclose(f) < 0)
2613 exit(5);
2614 exit(0);
2615 }
2616 ]])],
2617 [
2618 llong_min=`$AWK '{print $1}' conftest.llminmax`
2619 llong_max=`$AWK '{print $2}' conftest.llminmax`
2621 AC_MSG_RESULT($llong_max)
2622 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2623 [max value of long long calculated by configure])
2624 AC_MSG_CHECKING([for min value of long long])
2625 AC_MSG_RESULT($llong_min)
2626 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2627 [min value of long long calculated by configure])
2628 ],
2629 [
2630 AC_MSG_RESULT(not found)
2631 ],
2632 [
2633 AC_MSG_WARN([cross compiling: not checking])
2634 ]
2635 )
2636 fi
2639 # More checks for data types
2640 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2641 AC_TRY_COMPILE(
2642 [ #include <sys/types.h> ],
2643 [ u_int a; a = 1;],
2644 [ ac_cv_have_u_int="yes" ],
2645 [ ac_cv_have_u_int="no" ]
2646 )
2647 ])
2648 if test "x$ac_cv_have_u_int" = "xyes" ; then
2649 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2650 have_u_int=1
2651 fi
2653 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2654 AC_TRY_COMPILE(
2655 [ #include <sys/types.h> ],
2656 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2657 [ ac_cv_have_intxx_t="yes" ],
2658 [ ac_cv_have_intxx_t="no" ]
2659 )
2660 ])
2661 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2662 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2663 have_intxx_t=1
2664 fi
2666 if (test -z "$have_intxx_t" && \
2667 test "x$ac_cv_header_stdint_h" = "xyes")
2668 then
2669 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2670 AC_TRY_COMPILE(
2671 [ #include <stdint.h> ],
2672 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2673 [
2674 AC_DEFINE(HAVE_INTXX_T)
2675 AC_MSG_RESULT(yes)
2676 ],
2677 [ AC_MSG_RESULT(no) ]
2678 )
2679 fi
2681 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2682 AC_TRY_COMPILE(
2683 [
2684 #include <sys/types.h>
2685 #ifdef HAVE_STDINT_H
2686 # include <stdint.h>
2687 #endif
2688 #include <sys/socket.h>
2689 #ifdef HAVE_SYS_BITYPES_H
2690 # include <sys/bitypes.h>
2691 #endif
2692 ],
2693 [ int64_t a; a = 1;],
2694 [ ac_cv_have_int64_t="yes" ],
2695 [ ac_cv_have_int64_t="no" ]
2696 )
2697 ])
2698 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2699 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2700 fi
2702 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2703 AC_TRY_COMPILE(
2704 [ #include <sys/types.h> ],
2705 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2706 [ ac_cv_have_u_intxx_t="yes" ],
2707 [ ac_cv_have_u_intxx_t="no" ]
2708 )
2709 ])
2710 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2711 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2712 have_u_intxx_t=1
2713 fi
2715 if test -z "$have_u_intxx_t" ; then
2716 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2717 AC_TRY_COMPILE(
2718 [ #include <sys/socket.h> ],
2719 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2720 [
2721 AC_DEFINE(HAVE_U_INTXX_T)
2722 AC_MSG_RESULT(yes)
2723 ],
2724 [ AC_MSG_RESULT(no) ]
2725 )
2726 fi
2728 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2729 AC_TRY_COMPILE(
2730 [ #include <sys/types.h> ],
2731 [ u_int64_t a; a = 1;],
2732 [ ac_cv_have_u_int64_t="yes" ],
2733 [ ac_cv_have_u_int64_t="no" ]
2734 )
2735 ])
2736 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2737 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2738 have_u_int64_t=1
2739 fi
2741 if test -z "$have_u_int64_t" ; then
2742 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2743 AC_TRY_COMPILE(
2744 [ #include <sys/bitypes.h> ],
2745 [ u_int64_t a; a = 1],
2746 [
2747 AC_DEFINE(HAVE_U_INT64_T)
2748 AC_MSG_RESULT(yes)
2749 ],
2750 [ AC_MSG_RESULT(no) ]
2751 )
2752 fi
2754 if test -z "$have_u_intxx_t" ; then
2755 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2756 AC_TRY_COMPILE(
2757 [
2758 #include <sys/types.h>
2759 ],
2760 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2761 [ ac_cv_have_uintxx_t="yes" ],
2762 [ ac_cv_have_uintxx_t="no" ]
2763 )
2764 ])
2765 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2766 AC_DEFINE(HAVE_UINTXX_T, 1,
2767 [define if you have uintxx_t data type])
2768 fi
2769 fi
2771 if test -z "$have_uintxx_t" ; then
2772 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2773 AC_TRY_COMPILE(
2774 [ #include <stdint.h> ],
2775 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2776 [
2777 AC_DEFINE(HAVE_UINTXX_T)
2778 AC_MSG_RESULT(yes)
2779 ],
2780 [ AC_MSG_RESULT(no) ]
2781 )
2782 fi
2784 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2785 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2786 then
2787 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2788 AC_TRY_COMPILE(
2789 [
2790 #include <sys/bitypes.h>
2791 ],
2792 [
2793 int8_t a; int16_t b; int32_t c;
2794 u_int8_t e; u_int16_t f; u_int32_t g;
2795 a = b = c = e = f = g = 1;
2796 ],
2797 [
2798 AC_DEFINE(HAVE_U_INTXX_T)
2799 AC_DEFINE(HAVE_INTXX_T)
2800 AC_MSG_RESULT(yes)
2801 ],
2802 [AC_MSG_RESULT(no)]
2803 )
2804 fi
2807 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2808 AC_TRY_COMPILE(
2809 [
2810 #include <sys/types.h>
2811 ],
2812 [ u_char foo; foo = 125; ],
2813 [ ac_cv_have_u_char="yes" ],
2814 [ ac_cv_have_u_char="no" ]
2815 )
2816 ])
2817 if test "x$ac_cv_have_u_char" = "xyes" ; then
2818 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2819 fi
2821 TYPE_SOCKLEN_T
2823 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2824 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2825 #include <sys/types.h>
2826 #ifdef HAVE_SYS_BITYPES_H
2827 #include <sys/bitypes.h>
2828 #endif
2829 #ifdef HAVE_SYS_STATFS_H
2830 #include <sys/statfs.h>
2831 #endif
2832 #ifdef HAVE_SYS_STATVFS_H
2833 #include <sys/statvfs.h>
2834 #endif
2835 ])
2837 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2838 [#include <sys/types.h>
2839 #include <netinet/in.h>])
2841 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2842 AC_TRY_COMPILE(
2843 [
2844 #include <sys/types.h>
2845 ],
2846 [ size_t foo; foo = 1235; ],
2847 [ ac_cv_have_size_t="yes" ],
2848 [ ac_cv_have_size_t="no" ]
2849 )
2850 ])
2851 if test "x$ac_cv_have_size_t" = "xyes" ; then
2852 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2853 fi
2855 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2856 AC_TRY_COMPILE(
2857 [
2858 #include <sys/types.h>
2859 ],
2860 [ ssize_t foo; foo = 1235; ],
2861 [ ac_cv_have_ssize_t="yes" ],
2862 [ ac_cv_have_ssize_t="no" ]
2863 )
2864 ])
2865 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2866 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2867 fi
2869 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2870 AC_TRY_COMPILE(
2871 [
2872 #include <time.h>
2873 ],
2874 [ clock_t foo; foo = 1235; ],
2875 [ ac_cv_have_clock_t="yes" ],
2876 [ ac_cv_have_clock_t="no" ]
2877 )
2878 ])
2879 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2880 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2881 fi
2883 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2884 AC_TRY_COMPILE(
2885 [
2886 #include <sys/types.h>
2887 #include <sys/socket.h>
2888 ],
2889 [ sa_family_t foo; foo = 1235; ],
2890 [ ac_cv_have_sa_family_t="yes" ],
2891 [ AC_TRY_COMPILE(
2892 [
2893 #include <sys/types.h>
2894 #include <sys/socket.h>
2895 #include <netinet/in.h>
2896 ],
2897 [ sa_family_t foo; foo = 1235; ],
2898 [ ac_cv_have_sa_family_t="yes" ],
2900 [ ac_cv_have_sa_family_t="no" ]
2901 )]
2902 )
2903 ])
2904 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2905 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2906 [define if you have sa_family_t data type])
2907 fi
2909 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2910 AC_TRY_COMPILE(
2911 [
2912 #include <sys/types.h>
2913 ],
2914 [ pid_t foo; foo = 1235; ],
2915 [ ac_cv_have_pid_t="yes" ],
2916 [ ac_cv_have_pid_t="no" ]
2917 )
2918 ])
2919 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2920 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2921 fi
2923 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2924 AC_TRY_COMPILE(
2925 [
2926 #include <sys/types.h>
2927 ],
2928 [ mode_t foo; foo = 1235; ],
2929 [ ac_cv_have_mode_t="yes" ],
2930 [ ac_cv_have_mode_t="no" ]
2931 )
2932 ])
2933 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2934 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2935 fi
2938 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2939 AC_TRY_COMPILE(
2940 [
2941 #include <sys/types.h>
2942 #include <sys/socket.h>
2943 ],
2944 [ struct sockaddr_storage s; ],
2945 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2946 [ ac_cv_have_struct_sockaddr_storage="no" ]
2947 )
2948 ])
2949 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2950 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2951 [define if you have struct sockaddr_storage data type])
2952 fi
2954 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2955 AC_TRY_COMPILE(
2956 [
2957 #include <sys/types.h>
2958 #include <netinet/in.h>
2959 ],
2960 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2961 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2962 [ ac_cv_have_struct_sockaddr_in6="no" ]
2963 )
2964 ])
2965 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2966 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2967 [define if you have struct sockaddr_in6 data type])
2968 fi
2970 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2971 AC_TRY_COMPILE(
2972 [
2973 #include <sys/types.h>
2974 #include <netinet/in.h>
2975 ],
2976 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2977 [ ac_cv_have_struct_in6_addr="yes" ],
2978 [ ac_cv_have_struct_in6_addr="no" ]
2979 )
2980 ])
2981 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2982 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2983 [define if you have struct in6_addr data type])
2985 dnl Now check for sin6_scope_id
2986 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
2987 [
2988 #ifdef HAVE_SYS_TYPES_H
2989 #include <sys/types.h>
2990 #endif
2991 #include <netinet/in.h>
2992 ])
2993 fi
2995 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2996 AC_TRY_COMPILE(
2997 [
2998 #include <sys/types.h>
2999 #include <sys/socket.h>
3000 #include <netdb.h>
3001 ],
3002 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
3003 [ ac_cv_have_struct_addrinfo="yes" ],
3004 [ ac_cv_have_struct_addrinfo="no" ]
3005 )
3006 ])
3007 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3008 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
3009 [define if you have struct addrinfo data type])
3010 fi
3012 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3013 AC_TRY_COMPILE(
3014 [ #include <sys/time.h> ],
3015 [ struct timeval tv; tv.tv_sec = 1;],
3016 [ ac_cv_have_struct_timeval="yes" ],
3017 [ ac_cv_have_struct_timeval="no" ]
3018 )
3019 ])
3020 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3021 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3022 have_struct_timeval=1
3023 fi
3025 AC_CHECK_TYPES(struct timespec)
3027 # We need int64_t or else certian parts of the compile will fail.
3028 if test "x$ac_cv_have_int64_t" = "xno" && \
3029 test "x$ac_cv_sizeof_long_int" != "x8" && \
3030 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3031 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3032 echo "an alternative compiler (I.E., GCC) before continuing."
3033 echo ""
3034 exit 1;
3035 else
3036 dnl test snprintf (broken on SCO w/gcc)
3037 AC_RUN_IFELSE(
3038 [AC_LANG_SOURCE([[
3039 #include <stdio.h>
3040 #include <string.h>
3041 #ifdef HAVE_SNPRINTF
3042 main()
3043 {
3044 char buf[50];
3045 char expected_out[50];
3046 int mazsize = 50 ;
3047 #if (SIZEOF_LONG_INT == 8)
3048 long int num = 0x7fffffffffffffff;
3049 #else
3050 long long num = 0x7fffffffffffffffll;
3051 #endif
3052 strcpy(expected_out, "9223372036854775807");
3053 snprintf(buf, mazsize, "%lld", num);
3054 if(strcmp(buf, expected_out) != 0)
3055 exit(1);
3056 exit(0);
3057 }
3058 #else
3059 main() { exit(0); }
3060 #endif
3061 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3062 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3063 )
3064 fi
3066 dnl Checks for structure members
3067 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3068 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3069 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3070 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3071 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3072 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3073 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3074 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3075 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3076 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3077 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3078 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3079 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3080 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3081 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3082 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3083 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3085 AC_CHECK_MEMBERS([struct stat.st_blksize])
3086 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3087 [Define if we don't have struct __res_state in resolv.h])],
3088 [
3089 #include <stdio.h>
3090 #if HAVE_SYS_TYPES_H
3091 # include <sys/types.h>
3092 #endif
3093 #include <netinet/in.h>
3094 #include <arpa/nameser.h>
3095 #include <resolv.h>
3096 ])
3098 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3099 ac_cv_have_ss_family_in_struct_ss, [
3100 AC_TRY_COMPILE(
3101 [
3102 #include <sys/types.h>
3103 #include <sys/socket.h>
3104 ],
3105 [ struct sockaddr_storage s; s.ss_family = 1; ],
3106 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3107 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3108 )
3109 ])
3110 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3111 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3112 fi
3114 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3115 ac_cv_have___ss_family_in_struct_ss, [
3116 AC_TRY_COMPILE(
3117 [
3118 #include <sys/types.h>
3119 #include <sys/socket.h>
3120 ],
3121 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3122 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3123 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3124 )
3125 ])
3126 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3127 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3128 [Fields in struct sockaddr_storage])
3129 fi
3131 AC_CACHE_CHECK([for pw_class field in struct passwd],
3132 ac_cv_have_pw_class_in_struct_passwd, [
3133 AC_TRY_COMPILE(
3134 [
3135 #include <pwd.h>
3136 ],
3137 [ struct passwd p; p.pw_class = 0; ],
3138 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3139 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3140 )
3141 ])
3142 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3143 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3144 [Define if your password has a pw_class field])
3145 fi
3147 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3148 ac_cv_have_pw_expire_in_struct_passwd, [
3149 AC_TRY_COMPILE(
3150 [
3151 #include <pwd.h>
3152 ],
3153 [ struct passwd p; p.pw_expire = 0; ],
3154 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3155 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3156 )
3157 ])
3158 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3159 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3160 [Define if your password has a pw_expire field])
3161 fi
3163 AC_CACHE_CHECK([for pw_change field in struct passwd],
3164 ac_cv_have_pw_change_in_struct_passwd, [
3165 AC_TRY_COMPILE(
3166 [
3167 #include <pwd.h>
3168 ],
3169 [ struct passwd p; p.pw_change = 0; ],
3170 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3171 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3172 )
3173 ])
3174 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3175 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3176 [Define if your password has a pw_change field])
3177 fi
3179 dnl make sure we're using the real structure members and not defines
3180 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3181 ac_cv_have_accrights_in_msghdr, [
3182 AC_COMPILE_IFELSE(
3183 [
3184 #include <sys/types.h>
3185 #include <sys/socket.h>
3186 #include <sys/uio.h>
3187 int main() {
3188 #ifdef msg_accrights
3189 #error "msg_accrights is a macro"
3190 exit(1);
3191 #endif
3192 struct msghdr m;
3193 m.msg_accrights = 0;
3194 exit(0);
3195 }
3196 ],
3197 [ ac_cv_have_accrights_in_msghdr="yes" ],
3198 [ ac_cv_have_accrights_in_msghdr="no" ]
3199 )
3200 ])
3201 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3202 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3203 [Define if your system uses access rights style
3204 file descriptor passing])
3205 fi
3207 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3208 AC_TRY_COMPILE([
3209 #include <sys/types.h>
3210 #include <sys/stat.h>
3211 #ifdef HAVE_SYS_TIME_H
3212 # include <sys/time.h>
3213 #endif
3214 #ifdef HAVE_SYS_MOUNT_H
3215 #include <sys/mount.h>
3216 #endif
3217 #ifdef HAVE_SYS_STATVFS_H
3218 #include <sys/statvfs.h>
3219 #endif
3220 ], [struct statvfs s; s.f_fsid = 0;],
3221 [ AC_MSG_RESULT(yes) ],
3222 [ AC_MSG_RESULT(no)
3224 AC_MSG_CHECKING(if fsid_t has member val)
3225 AC_TRY_COMPILE([
3226 #include <sys/types.h>
3227 #include <sys/statvfs.h>],
3228 [fsid_t t; t.val[0] = 0;],
3229 [ AC_MSG_RESULT(yes)
3230 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3231 [ AC_MSG_RESULT(no) ])
3233 AC_MSG_CHECKING(if f_fsid has member __val)
3234 AC_TRY_COMPILE([
3235 #include <sys/types.h>
3236 #include <sys/statvfs.h>],
3237 [fsid_t t; t.__val[0] = 0;],
3238 [ AC_MSG_RESULT(yes)
3239 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3240 [ AC_MSG_RESULT(no) ])
3241 ])
3243 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3244 ac_cv_have_control_in_msghdr, [
3245 AC_COMPILE_IFELSE(
3246 [
3247 #include <sys/types.h>
3248 #include <sys/socket.h>
3249 #include <sys/uio.h>
3250 int main() {
3251 #ifdef msg_control
3252 #error "msg_control is a macro"
3253 exit(1);
3254 #endif
3255 struct msghdr m;
3256 m.msg_control = 0;
3257 exit(0);
3258 }
3259 ],
3260 [ ac_cv_have_control_in_msghdr="yes" ],
3261 [ ac_cv_have_control_in_msghdr="no" ]
3262 )
3263 ])
3264 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3265 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3266 [Define if your system uses ancillary data style
3267 file descriptor passing])
3268 fi
3270 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3271 AC_TRY_LINK([],
3272 [ extern char *__progname; printf("%s", __progname); ],
3273 [ ac_cv_libc_defines___progname="yes" ],
3274 [ ac_cv_libc_defines___progname="no" ]
3275 )
3276 ])
3277 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3278 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3279 fi
3281 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3282 AC_TRY_LINK([
3283 #include <stdio.h>
3284 ],
3285 [ printf("%s", __FUNCTION__); ],
3286 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3287 [ ac_cv_cc_implements___FUNCTION__="no" ]
3288 )
3289 ])
3290 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3291 AC_DEFINE(HAVE___FUNCTION__, 1,
3292 [Define if compiler implements __FUNCTION__])
3293 fi
3295 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3296 AC_TRY_LINK([
3297 #include <stdio.h>
3298 ],
3299 [ printf("%s", __func__); ],
3300 [ ac_cv_cc_implements___func__="yes" ],
3301 [ ac_cv_cc_implements___func__="no" ]
3302 )
3303 ])
3304 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3305 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3306 fi
3308 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3309 AC_TRY_LINK(
3310 [#include <stdarg.h>
3311 va_list x,y;],
3312 [va_copy(x,y);],
3313 [ ac_cv_have_va_copy="yes" ],
3314 [ ac_cv_have_va_copy="no" ]
3315 )
3316 ])
3317 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3318 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3319 fi
3321 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3322 AC_TRY_LINK(
3323 [#include <stdarg.h>
3324 va_list x,y;],
3325 [__va_copy(x,y);],
3326 [ ac_cv_have___va_copy="yes" ],
3327 [ ac_cv_have___va_copy="no" ]
3328 )
3329 ])
3330 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3331 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3332 fi
3334 AC_CACHE_CHECK([whether getopt has optreset support],
3335 ac_cv_have_getopt_optreset, [
3336 AC_TRY_LINK(
3337 [
3338 #include <getopt.h>
3339 ],
3340 [ extern int optreset; optreset = 0; ],
3341 [ ac_cv_have_getopt_optreset="yes" ],
3342 [ ac_cv_have_getopt_optreset="no" ]
3343 )
3344 ])
3345 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3346 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3347 [Define if your getopt(3) defines and uses optreset])
3348 fi
3350 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3351 AC_TRY_LINK([],
3352 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3353 [ ac_cv_libc_defines_sys_errlist="yes" ],
3354 [ ac_cv_libc_defines_sys_errlist="no" ]
3355 )
3356 ])
3357 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3358 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3359 [Define if your system defines sys_errlist[]])
3360 fi
3363 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3364 AC_TRY_LINK([],
3365 [ extern int sys_nerr; printf("%i", sys_nerr);],
3366 [ ac_cv_libc_defines_sys_nerr="yes" ],
3367 [ ac_cv_libc_defines_sys_nerr="no" ]
3368 )
3369 ])
3370 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3371 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3372 fi
3374 # Check libraries needed by DNS fingerprint support
3375 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3376 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3377 [Define if getrrsetbyname() exists])],
3378 [
3379 # Needed by our getrrsetbyname()
3380 AC_SEARCH_LIBS(res_query, resolv)
3381 AC_SEARCH_LIBS(dn_expand, resolv)
3382 AC_MSG_CHECKING(if res_query will link)
3383 AC_LINK_IFELSE([
3384 #include "confdefs.h"
3385 #include <sys/types.h>
3386 #include <netinet/in.h>
3387 #include <arpa/nameser.h>
3388 #include <netdb.h>
3389 #include <resolv.h>
3390 int main()
3391 {
3392 res_query (0, 0, 0, 0, 0);
3393 return 0;
3394 }
3395 ],
3396 AC_MSG_RESULT(yes),
3397 [AC_MSG_RESULT(no)
3398 saved_LIBS="$LIBS"
3399 LIBS="$LIBS -lresolv"
3400 AC_MSG_CHECKING(for res_query in -lresolv)
3401 AC_LINK_IFELSE([
3402 #include "confdefs.h"
3403 #include <sys/types.h>
3404 #include <netinet/in.h>
3405 #include <arpa/nameser.h>
3406 #include <netdb.h>
3407 #include <resolv.h>
3408 int main()
3409 {
3410 res_query (0, 0, 0, 0, 0);
3411 return 0;
3412 }
3413 ],
3414 [AC_MSG_RESULT(yes)],
3415 [LIBS="$saved_LIBS"
3416 AC_MSG_RESULT(no)])
3417 ])
3418 AC_CHECK_FUNCS(_getshort _getlong)
3419 AC_CHECK_DECLS([_getshort, _getlong], , ,
3420 [#include <sys/types.h>
3421 #include <arpa/nameser.h>])
3422 AC_CHECK_MEMBER(HEADER.ad,
3423 [AC_DEFINE(HAVE_HEADER_AD, 1,
3424 [Define if HEADER.ad exists in arpa/nameser.h])],,
3425 [#include <arpa/nameser.h>])
3426 ])
3428 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3429 AC_LINK_IFELSE([
3430 #include <stdio.h>
3431 #if HAVE_SYS_TYPES_H
3432 # include <sys/types.h>
3433 #endif
3434 #include <netinet/in.h>
3435 #include <arpa/nameser.h>
3436 #include <resolv.h>
3437 extern struct __res_state _res;
3438 int main() { return 0; }
3439 ],
3440 [AC_MSG_RESULT(yes)
3441 AC_DEFINE(HAVE__RES_EXTERN, 1,
3442 [Define if you have struct __res_state _res as an extern])
3443 ],
3444 [ AC_MSG_RESULT(no) ]
3445 )
3447 # Check whether user wants SELinux support
3448 SELINUX_MSG="no"
3449 LIBSELINUX=""
3450 AC_ARG_WITH(selinux,
3451 [ --with-selinux Enable SELinux support],
3452 [ if test "x$withval" != "xno" ; then
3453 save_LIBS="$LIBS"
3454 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3455 SELINUX_MSG="yes"
3456 AC_CHECK_HEADER([selinux/selinux.h], ,
3457 AC_MSG_ERROR(SELinux support requires selinux.h header))
3458 AC_CHECK_LIB(selinux, setexeccon,
3459 [ LIBSELINUX="-lselinux"
3460 LIBS="$LIBS -lselinux"
3461 ],
3462 AC_MSG_ERROR(SELinux support requires libselinux library))
3463 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3464 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3465 LIBS="$save_LIBS"
3466 fi ]
3467 )
3469 # Check whether user wants Kerberos 5 support
3470 KRB5_MSG="no"
3471 AC_ARG_WITH(kerberos5,
3472 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3473 [ if test "x$withval" != "xno" ; then
3474 if test "x$withval" = "xyes" ; then
3475 KRB5ROOT="/usr/local"
3476 else
3477 KRB5ROOT=${withval}
3478 fi
3480 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3481 KRB5_MSG="yes"
3483 AC_PATH_PROG([KRB5CONF],[krb5-config],
3484 [$KRB5ROOT/bin/krb5-config],
3485 [$KRB5ROOT/bin:$PATH])
3486 if test -x $KRB5CONF ; then
3488 AC_MSG_CHECKING(for gssapi support)
3489 if $KRB5CONF | grep gssapi >/dev/null ; then
3490 AC_MSG_RESULT(yes)
3491 AC_DEFINE(GSSAPI, 1,
3492 [Define this if you want GSSAPI
3493 support in the version 2 protocol])
3494 k5confopts=gssapi
3495 else
3496 AC_MSG_RESULT(no)
3497 k5confopts=""
3498 fi
3499 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3500 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3501 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3502 AC_MSG_CHECKING(whether we are using Heimdal)
3503 AC_TRY_COMPILE([ #include <krb5.h> ],
3504 [ char *tmp = heimdal_version; ],
3505 [ AC_MSG_RESULT(yes)
3506 AC_DEFINE(HEIMDAL, 1,
3507 [Define this if you are using the
3508 Heimdal version of Kerberos V5]) ],
3509 AC_MSG_RESULT(no)
3510 )
3511 else
3512 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3513 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3514 AC_MSG_CHECKING(whether we are using Heimdal)
3515 AC_TRY_COMPILE([ #include <krb5.h> ],
3516 [ char *tmp = heimdal_version; ],
3517 [ AC_MSG_RESULT(yes)
3518 AC_DEFINE(HEIMDAL)
3519 K5LIBS="-lkrb5 -ldes"
3520 K5LIBS="$K5LIBS -lcom_err -lasn1"
3521 AC_CHECK_LIB(roken, net_write,
3522 [K5LIBS="$K5LIBS -lroken"])
3523 ],
3524 [ AC_MSG_RESULT(no)
3525 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3526 ]
3527 )
3528 AC_SEARCH_LIBS(dn_expand, resolv)
3530 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3531 [ AC_DEFINE(GSSAPI)
3532 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3533 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3534 [ AC_DEFINE(GSSAPI)
3535 K5LIBS="-lgssapi $K5LIBS" ],
3536 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3537 $K5LIBS)
3538 ],
3539 $K5LIBS)
3541 AC_CHECK_HEADER(gssapi.h, ,
3542 [ unset ac_cv_header_gssapi_h
3543 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3544 AC_CHECK_HEADERS(gssapi.h, ,
3545 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3546 )
3547 ]
3548 )
3550 oldCPP="$CPPFLAGS"
3551 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3552 AC_CHECK_HEADER(gssapi_krb5.h, ,
3553 [ CPPFLAGS="$oldCPP" ])
3555 fi
3556 if test ! -z "$need_dash_r" ; then
3557 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3558 fi
3559 if test ! -z "$blibpath" ; then
3560 blibpath="$blibpath:${KRB5ROOT}/lib"
3561 fi
3563 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3564 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3565 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3567 LIBS="$LIBS $K5LIBS"
3568 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3569 [Define this if you want to use libkafs' AFS support]))
3570 fi
3571 ]
3572 )
3574 # Looking for programs, paths and files
3576 PRIVSEP_PATH=/var/empty
3577 AC_ARG_WITH(privsep-path,
3578 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3579 [
3580 if test -n "$withval" && test "x$withval" != "xno" && \
3581 test "x${withval}" != "xyes"; then
3582 PRIVSEP_PATH=$withval
3583 fi
3584 ]
3585 )
3586 AC_SUBST(PRIVSEP_PATH)
3588 AC_ARG_WITH(xauth,
3589 [ --with-xauth=PATH Specify path to xauth program ],
3590 [
3591 if test -n "$withval" && test "x$withval" != "xno" && \
3592 test "x${withval}" != "xyes"; then
3593 xauth_path=$withval
3594 fi
3595 ],
3596 [
3597 TestPath="$PATH"
3598 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3599 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3600 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3601 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3602 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3603 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3604 xauth_path="/usr/openwin/bin/xauth"
3605 fi
3606 ]
3607 )
3609 STRIP_OPT=-s
3610 AC_ARG_ENABLE(strip,
3611 [ --disable-strip Disable calling strip(1) on install],
3612 [
3613 if test "x$enableval" = "xno" ; then
3614 STRIP_OPT=
3615 fi
3616 ]
3617 )
3618 AC_SUBST(STRIP_OPT)
3620 if test -z "$xauth_path" ; then
3621 XAUTH_PATH="undefined"
3622 AC_SUBST(XAUTH_PATH)
3623 else
3624 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3625 [Define if xauth is found in your path])
3626 XAUTH_PATH=$xauth_path
3627 AC_SUBST(XAUTH_PATH)
3628 fi
3630 # Check for mail directory (last resort if we cannot get it from headers)
3631 if test ! -z "$MAIL" ; then
3632 maildir=`dirname $MAIL`
3633 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3634 [Set this to your mail directory if you don't have maillock.h])
3635 fi
3637 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3638 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3639 disable_ptmx_check=yes
3640 fi
3641 if test -z "$no_dev_ptmx" ; then
3642 if test "x$disable_ptmx_check" != "xyes" ; then
3643 AC_CHECK_FILE("/dev/ptmx",
3644 [
3645 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3646 [Define if you have /dev/ptmx])
3647 have_dev_ptmx=1
3648 ]
3649 )
3650 fi
3651 fi
3653 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3654 AC_CHECK_FILE("/dev/ptc",
3655 [
3656 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3657 [Define if you have /dev/ptc])
3658 have_dev_ptc=1
3659 ]
3660 )
3661 else
3662 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3663 fi
3665 # Options from here on. Some of these are preset by platform above
3666 AC_ARG_WITH(mantype,
3667 [ --with-mantype=man|cat|doc Set man page type],
3668 [
3669 case "$withval" in
3670 man|cat|doc)
3671 MANTYPE=$withval
3672 ;;
3673 *)
3674 AC_MSG_ERROR(invalid man type: $withval)
3675 ;;
3676 esac
3677 ]
3678 )
3679 if test -z "$MANTYPE"; then
3680 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3681 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3682 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3683 MANTYPE=doc
3684 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3685 MANTYPE=man
3686 else
3687 MANTYPE=cat
3688 fi
3689 fi
3690 AC_SUBST(MANTYPE)
3691 if test "$MANTYPE" = "doc"; then
3692 mansubdir=man;
3693 else
3694 mansubdir=$MANTYPE;
3695 fi
3696 AC_SUBST(mansubdir)
3698 # Check whether to enable MD5 passwords
3699 MD5_MSG="no"
3700 AC_ARG_WITH(md5-passwords,
3701 [ --with-md5-passwords Enable use of MD5 passwords],
3702 [
3703 if test "x$withval" != "xno" ; then
3704 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3705 [Define if you want to allow MD5 passwords])
3706 MD5_MSG="yes"
3707 fi
3708 ]
3709 )
3711 # Whether to disable shadow password support
3712 AC_ARG_WITH(shadow,
3713 [ --without-shadow Disable shadow password support],
3714 [
3715 if test "x$withval" = "xno" ; then
3716 AC_DEFINE(DISABLE_SHADOW)
3717 disable_shadow=yes
3718 fi
3719 ]
3720 )
3722 if test -z "$disable_shadow" ; then
3723 AC_MSG_CHECKING([if the systems has expire shadow information])
3724 AC_TRY_COMPILE(
3725 [
3726 #include <sys/types.h>
3727 #include <shadow.h>
3728 struct spwd sp;
3729 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3730 [ sp_expire_available=yes ], []
3731 )
3733 if test "x$sp_expire_available" = "xyes" ; then
3734 AC_MSG_RESULT(yes)
3735 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3736 [Define if you want to use shadow password expire field])
3737 else
3738 AC_MSG_RESULT(no)
3739 fi
3740 fi
3742 # Use ip address instead of hostname in $DISPLAY
3743 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3744 DISPLAY_HACK_MSG="yes"
3745 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3746 [Define if you need to use IP address
3747 instead of hostname in $DISPLAY])
3748 else
3749 DISPLAY_HACK_MSG="no"
3750 AC_ARG_WITH(ipaddr-display,
3751 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3752 [
3753 if test "x$withval" != "xno" ; then
3754 AC_DEFINE(IPADDR_IN_DISPLAY)
3755 DISPLAY_HACK_MSG="yes"
3756 fi
3757 ]
3758 )
3759 fi
3761 # check for /etc/default/login and use it if present.
3762 AC_ARG_ENABLE(etc-default-login,
3763 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3764 [ if test "x$enableval" = "xno"; then
3765 AC_MSG_NOTICE([/etc/default/login handling disabled])
3766 etc_default_login=no
3767 else
3768 etc_default_login=yes
3769 fi ],
3770 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3771 then
3772 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3773 etc_default_login=no
3774 else
3775 etc_default_login=yes
3776 fi ]
3777 )
3779 if test "x$etc_default_login" != "xno"; then
3780 AC_CHECK_FILE("/etc/default/login",
3781 [ external_path_file=/etc/default/login ])
3782 if test "x$external_path_file" = "x/etc/default/login"; then
3783 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3784 [Define if your system has /etc/default/login])
3785 fi
3786 fi
3788 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3789 if test $ac_cv_func_login_getcapbool = "yes" && \
3790 test $ac_cv_header_login_cap_h = "yes" ; then
3791 external_path_file=/etc/login.conf
3792 fi
3794 # Whether to mess with the default path
3795 SERVER_PATH_MSG="(default)"
3796 AC_ARG_WITH(default-path,
3797 [ --with-default-path= Specify default \$PATH environment for server],
3798 [
3799 if test "x$external_path_file" = "x/etc/login.conf" ; then
3800 AC_MSG_WARN([
3801 --with-default-path=PATH has no effect on this system.
3802 Edit /etc/login.conf instead.])
3803 elif test "x$withval" != "xno" ; then
3804 if test ! -z "$external_path_file" ; then
3805 AC_MSG_WARN([
3806 --with-default-path=PATH will only be used if PATH is not defined in
3807 $external_path_file .])
3808 fi
3809 user_path="$withval"
3810 SERVER_PATH_MSG="$withval"
3811 fi
3812 ],
3813 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3814 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3815 else
3816 if test ! -z "$external_path_file" ; then
3817 AC_MSG_WARN([
3818 If PATH is defined in $external_path_file, ensure the path to scp is included,
3819 otherwise scp will not work.])
3820 fi
3821 AC_RUN_IFELSE(
3822 [AC_LANG_SOURCE([[
3823 /* find out what STDPATH is */
3824 #include <stdio.h>
3825 #ifdef HAVE_PATHS_H
3826 # include <paths.h>
3827 #endif
3828 #ifndef _PATH_STDPATH
3829 # ifdef _PATH_USERPATH /* Irix */
3830 # define _PATH_STDPATH _PATH_USERPATH
3831 # else
3832 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3833 # endif
3834 #endif
3835 #include <sys/types.h>
3836 #include <sys/stat.h>
3837 #include <fcntl.h>
3838 #define DATA "conftest.stdpath"
3840 main()
3841 {
3842 FILE *fd;
3843 int rc;
3845 fd = fopen(DATA,"w");
3846 if(fd == NULL)
3847 exit(1);
3849 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3850 exit(1);
3852 exit(0);
3853 }
3854 ]])],
3855 [ user_path=`cat conftest.stdpath` ],
3856 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3857 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3858 )
3859 # make sure $bindir is in USER_PATH so scp will work
3860 t_bindir=`eval echo ${bindir}`
3861 case $t_bindir in
3862 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3863 esac
3864 case $t_bindir in
3865 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3866 esac
3867 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3868 if test $? -ne 0 ; then
3869 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3870 if test $? -ne 0 ; then
3871 user_path=$user_path:$t_bindir
3872 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3873 fi
3874 fi
3875 fi ]
3876 )
3877 if test "x$external_path_file" != "x/etc/login.conf" ; then
3878 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3879 AC_SUBST(user_path)
3880 fi
3882 # Set superuser path separately to user path
3883 AC_ARG_WITH(superuser-path,
3884 [ --with-superuser-path= Specify different path for super-user],
3885 [
3886 if test -n "$withval" && test "x$withval" != "xno" && \
3887 test "x${withval}" != "xyes"; then
3888 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3889 [Define if you want a different $PATH
3890 for the superuser])
3891 superuser_path=$withval
3892 fi
3893 ]
3894 )
3897 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3898 IPV4_IN6_HACK_MSG="no"
3899 AC_ARG_WITH(4in6,
3900 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3901 [
3902 if test "x$withval" != "xno" ; then
3903 AC_MSG_RESULT(yes)
3904 AC_DEFINE(IPV4_IN_IPV6, 1,
3905 [Detect IPv4 in IPv6 mapped addresses
3906 and treat as IPv4])
3907 IPV4_IN6_HACK_MSG="yes"
3908 else
3909 AC_MSG_RESULT(no)
3910 fi
3911 ],[
3912 if test "x$inet6_default_4in6" = "xyes"; then
3913 AC_MSG_RESULT([yes (default)])
3914 AC_DEFINE(IPV4_IN_IPV6)
3915 IPV4_IN6_HACK_MSG="yes"
3916 else
3917 AC_MSG_RESULT([no (default)])
3918 fi
3919 ]
3920 )
3922 # Whether to enable BSD auth support
3923 BSD_AUTH_MSG=no
3924 AC_ARG_WITH(bsd-auth,
3925 [ --with-bsd-auth Enable BSD auth support],
3926 [
3927 if test "x$withval" != "xno" ; then
3928 AC_DEFINE(BSD_AUTH, 1,
3929 [Define if you have BSD auth support])
3930 BSD_AUTH_MSG=yes
3931 fi
3932 ]
3933 )
3935 # Where to place sshd.pid
3936 piddir=/var/run
3937 # make sure the directory exists
3938 if test ! -d $piddir ; then
3939 piddir=`eval echo ${sysconfdir}`
3940 case $piddir in
3941 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3942 esac
3943 fi
3945 AC_ARG_WITH(pid-dir,
3946 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3947 [
3948 if test -n "$withval" && test "x$withval" != "xno" && \
3949 test "x${withval}" != "xyes"; then
3950 piddir=$withval
3951 if test ! -d $piddir ; then
3952 AC_MSG_WARN([** no $piddir directory on this system **])
3953 fi
3954 fi
3955 ]
3956 )
3958 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3959 AC_SUBST(piddir)
3961 dnl allow user to disable some login recording features
3962 AC_ARG_ENABLE(lastlog,
3963 [ --disable-lastlog disable use of lastlog even if detected [no]],
3964 [
3965 if test "x$enableval" = "xno" ; then
3966 AC_DEFINE(DISABLE_LASTLOG)
3967 fi
3968 ]
3969 )
3970 AC_ARG_ENABLE(utmp,
3971 [ --disable-utmp disable use of utmp even if detected [no]],
3972 [
3973 if test "x$enableval" = "xno" ; then
3974 AC_DEFINE(DISABLE_UTMP)
3975 fi
3976 ]
3977 )
3978 AC_ARG_ENABLE(utmpx,
3979 [ --disable-utmpx disable use of utmpx even if detected [no]],
3980 [
3981 if test "x$enableval" = "xno" ; then
3982 AC_DEFINE(DISABLE_UTMPX, 1,
3983 [Define if you don't want to use utmpx])
3984 fi
3985 ]
3986 )
3987 AC_ARG_ENABLE(wtmp,
3988 [ --disable-wtmp disable use of wtmp even if detected [no]],
3989 [
3990 if test "x$enableval" = "xno" ; then
3991 AC_DEFINE(DISABLE_WTMP)
3992 fi
3993 ]
3994 )
3995 AC_ARG_ENABLE(wtmpx,
3996 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3997 [
3998 if test "x$enableval" = "xno" ; then
3999 AC_DEFINE(DISABLE_WTMPX, 1,
4000 [Define if you don't want to use wtmpx])
4001 fi
4002 ]
4003 )
4004 AC_ARG_ENABLE(libutil,
4005 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4006 [
4007 if test "x$enableval" = "xno" ; then
4008 AC_DEFINE(DISABLE_LOGIN)
4009 fi
4010 ]
4011 )
4012 AC_ARG_ENABLE(pututline,
4013 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4014 [
4015 if test "x$enableval" = "xno" ; then
4016 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4017 [Define if you don't want to use pututline()
4018 etc. to write [uw]tmp])
4019 fi
4020 ]
4021 )
4022 AC_ARG_ENABLE(pututxline,
4023 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4024 [
4025 if test "x$enableval" = "xno" ; then
4026 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4027 [Define if you don't want to use pututxline()
4028 etc. to write [uw]tmpx])
4029 fi
4030 ]
4031 )
4032 AC_ARG_WITH(lastlog,
4033 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4034 [
4035 if test "x$withval" = "xno" ; then
4036 AC_DEFINE(DISABLE_LASTLOG)
4037 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4038 conf_lastlog_location=$withval
4039 fi
4040 ]
4041 )
4043 dnl lastlog, [uw]tmpx? detection
4044 dnl NOTE: set the paths in the platform section to avoid the
4045 dnl need for command-line parameters
4046 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4048 dnl lastlog detection
4049 dnl NOTE: the code itself will detect if lastlog is a directory
4050 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4051 AC_TRY_COMPILE([
4052 #include <sys/types.h>
4053 #include <utmp.h>
4054 #ifdef HAVE_LASTLOG_H
4055 # include <lastlog.h>
4056 #endif
4057 #ifdef HAVE_PATHS_H
4058 # include <paths.h>
4059 #endif
4060 #ifdef HAVE_LOGIN_H
4061 # include <login.h>
4062 #endif
4063 ],
4064 [ char *lastlog = LASTLOG_FILE; ],
4065 [ AC_MSG_RESULT(yes) ],
4066 [
4067 AC_MSG_RESULT(no)
4068 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4069 AC_TRY_COMPILE([
4070 #include <sys/types.h>
4071 #include <utmp.h>
4072 #ifdef HAVE_LASTLOG_H
4073 # include <lastlog.h>
4074 #endif
4075 #ifdef HAVE_PATHS_H
4076 # include <paths.h>
4077 #endif
4078 ],
4079 [ char *lastlog = _PATH_LASTLOG; ],
4080 [ AC_MSG_RESULT(yes) ],
4081 [
4082 AC_MSG_RESULT(no)
4083 system_lastlog_path=no
4084 ])
4085 ]
4086 )
4088 if test -z "$conf_lastlog_location"; then
4089 if test x"$system_lastlog_path" = x"no" ; then
4090 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4091 if (test -d "$f" || test -f "$f") ; then
4092 conf_lastlog_location=$f
4093 fi
4094 done
4095 if test -z "$conf_lastlog_location"; then
4096 AC_MSG_WARN([** Cannot find lastlog **])
4097 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4098 fi
4099 fi
4100 fi
4102 if test -n "$conf_lastlog_location"; then
4103 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4104 [Define if you want to specify the path to your lastlog file])
4105 fi
4107 dnl utmp detection
4108 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4109 AC_TRY_COMPILE([
4110 #include <sys/types.h>
4111 #include <utmp.h>
4112 #ifdef HAVE_PATHS_H
4113 # include <paths.h>
4114 #endif
4115 ],
4116 [ char *utmp = UTMP_FILE; ],
4117 [ AC_MSG_RESULT(yes) ],
4118 [ AC_MSG_RESULT(no)
4119 system_utmp_path=no ]
4120 )
4121 if test -z "$conf_utmp_location"; then
4122 if test x"$system_utmp_path" = x"no" ; then
4123 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4124 if test -f $f ; then
4125 conf_utmp_location=$f
4126 fi
4127 done
4128 if test -z "$conf_utmp_location"; then
4129 AC_DEFINE(DISABLE_UTMP)
4130 fi
4131 fi
4132 fi
4133 if test -n "$conf_utmp_location"; then
4134 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4135 [Define if you want to specify the path to your utmp file])
4136 fi
4138 dnl wtmp detection
4139 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4140 AC_TRY_COMPILE([
4141 #include <sys/types.h>
4142 #include <utmp.h>
4143 #ifdef HAVE_PATHS_H
4144 # include <paths.h>
4145 #endif
4146 ],
4147 [ char *wtmp = WTMP_FILE; ],
4148 [ AC_MSG_RESULT(yes) ],
4149 [ AC_MSG_RESULT(no)
4150 system_wtmp_path=no ]
4151 )
4152 if test -z "$conf_wtmp_location"; then
4153 if test x"$system_wtmp_path" = x"no" ; then
4154 for f in /usr/adm/wtmp /var/log/wtmp; do
4155 if test -f $f ; then
4156 conf_wtmp_location=$f
4157 fi
4158 done
4159 if test -z "$conf_wtmp_location"; then
4160 AC_DEFINE(DISABLE_WTMP)
4161 fi
4162 fi
4163 fi
4164 if test -n "$conf_wtmp_location"; then
4165 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4166 [Define if you want to specify the path to your wtmp file])
4167 fi
4170 dnl wtmpx detection
4171 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4172 AC_TRY_COMPILE([
4173 #include <sys/types.h>
4174 #include <utmp.h>
4175 #ifdef HAVE_UTMPX_H
4176 #include <utmpx.h>
4177 #endif
4178 #ifdef HAVE_PATHS_H
4179 # include <paths.h>
4180 #endif
4181 ],
4182 [ char *wtmpx = WTMPX_FILE; ],
4183 [ AC_MSG_RESULT(yes) ],
4184 [ AC_MSG_RESULT(no)
4185 system_wtmpx_path=no ]
4186 )
4187 if test -z "$conf_wtmpx_location"; then
4188 if test x"$system_wtmpx_path" = x"no" ; then
4189 AC_DEFINE(DISABLE_WTMPX)
4190 fi
4191 else
4192 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4193 [Define if you want to specify the path to your wtmpx file])
4194 fi
4197 if test ! -z "$blibpath" ; then
4198 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4199 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4200 fi
4202 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4203 dnl Add now.
4204 CFLAGS="$CFLAGS $werror_flags"
4206 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4207 TEST_SSH_IPV6=no
4208 else
4209 TEST_SSH_IPV6=yes
4210 fi
4211 AC_CHECK_DECL(BROKEN_GETADDRINFO, TEST_SSH_IPV6=no)
4212 AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6)
4214 AC_EXEEXT
4215 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4216 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4217 ssh_prng_cmds survey.sh])
4218 AC_OUTPUT
4220 # Print summary of options
4222 # Someone please show me a better way :)
4223 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4224 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4225 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4226 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4227 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4228 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4229 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4230 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4231 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4232 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4234 echo ""
4235 echo "OpenSSH has been configured with the following options:"
4236 echo " User binaries: $B"
4237 echo " System binaries: $C"
4238 echo " Configuration files: $D"
4239 echo " Askpass program: $E"
4240 echo " Manual pages: $F"
4241 echo " PID file: $G"
4242 echo " Privilege separation chroot path: $H"
4243 if test "x$external_path_file" = "x/etc/login.conf" ; then
4244 echo " At runtime, sshd will use the path defined in $external_path_file"
4245 echo " Make sure the path to scp is present, otherwise scp will not work"
4246 else
4247 echo " sshd default user PATH: $I"
4248 if test ! -z "$external_path_file"; then
4249 echo " (If PATH is set in $external_path_file it will be used instead. If"
4250 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4251 fi
4252 fi
4253 if test ! -z "$superuser_path" ; then
4254 echo " sshd superuser user PATH: $J"
4255 fi
4256 echo " Manpage format: $MANTYPE"
4257 echo " PAM support: $PAM_MSG"
4258 echo " OSF SIA support: $SIA_MSG"
4259 echo " KerberosV support: $KRB5_MSG"
4260 echo " SELinux support: $SELINUX_MSG"
4261 echo " Smartcard support: $SCARD_MSG"
4262 echo " S/KEY support: $SKEY_MSG"
4263 echo " TCP Wrappers support: $TCPW_MSG"
4264 echo " MD5 password support: $MD5_MSG"
4265 echo " libedit support: $LIBEDIT_MSG"
4266 echo " Solaris process contract support: $SPC_MSG"
4267 echo " Solaris project support: $SP_MSG"
4268 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4269 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4270 echo " BSD Auth support: $BSD_AUTH_MSG"
4271 echo " Random number source: $RAND_MSG"
4272 if test ! -z "$USE_RAND_HELPER" ; then
4273 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4274 fi
4276 echo ""
4278 echo " Host: ${host}"
4279 echo " Compiler: ${CC}"
4280 echo " Compiler flags: ${CFLAGS}"
4281 echo "Preprocessor flags: ${CPPFLAGS}"
4282 echo " Linker flags: ${LDFLAGS}"
4283 echo " Libraries: ${LIBS}"
4284 if test ! -z "${SSHDLIBS}"; then
4285 echo " +for sshd: ${SSHDLIBS}"
4286 fi
4288 echo ""
4290 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4291 echo "SVR4 style packages are supported with \"make package\""
4292 echo ""
4293 fi
4295 if test "x$PAM_MSG" = "xyes" ; then
4296 echo "PAM is enabled. You may need to install a PAM control file "
4297 echo "for sshd, otherwise password authentication may fail. "
4298 echo "Example PAM control files can be found in the contrib/ "
4299 echo "subdirectory"
4300 echo ""
4301 fi
4303 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4304 echo "WARNING: you are using the builtin random number collection "
4305 echo "service. Please read WARNING.RNG and request that your OS "
4306 echo "vendor includes kernel-based random number collection in "
4307 echo "future versions of your OS."
4308 echo ""
4309 fi
4311 if test ! -z "$NO_PEERCHECK" ; then
4312 echo "WARNING: the operating system that you are using does not"
4313 echo "appear to support getpeereid(), getpeerucred() or the"
4314 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4315 echo "enforce security checks to prevent unauthorised connections to"
4316 echo "ssh-agent. Their absence increases the risk that a malicious"
4317 echo "user can connect to your agent."
4318 echo ""
4319 fi
4321 if test "$AUDIT_MODULE" = "bsm" ; then
4322 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4323 echo "See the Solaris section in README.platform for details."
4324 fi