| blob | 140c62838083cca89e587b6d560bf8395e191991 |
1 # $Id: configure.ac,v 1.420 2009/06/16 06:11:02 dtucker Exp $
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.420 $)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
22 AC_PROG_CC
23 AC_CANONICAL_HOST
24 AC_C_BIGENDIAN
26 # Checks for programs.
27 AC_PROG_AWK
28 AC_PROG_CPP
29 AC_PROG_RANLIB
30 AC_PROG_INSTALL
31 AC_PROG_EGREP
32 AC_PATH_PROG(AR, ar)
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
37 AC_SUBST(PERL)
38 AC_PATH_PROG(ENT, ent)
39 AC_SUBST(ENT)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43 AC_PATH_PROG(SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
46 dnl for buildpkg.sh
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54 else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56 fi
58 # System features
59 AC_SYS_LARGEFILE
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63 fi
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
70 else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76 fi
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
82 fi
84 if test -z "$LD" ; then
85 LD=$CC
86 fi
87 AC_SUBST(LD)
89 AC_C_INLINE
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 use_stack_protector=1
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
97 use_stack_protector=0
98 fi ])
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
103 case $GCC_VER in
104 1.*) no_attrib_nonnull=1 ;;
105 2.8* | 2.9*)
106 CFLAGS="$CFLAGS -Wsign-compare"
107 no_attrib_nonnull=1
108 ;;
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
112 *) ;;
113 esac
115 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
116 saved_CFLAGS="$CFLAGS"
117 CFLAGS="$CFLAGS -fno-builtin-memset"
118 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
119 #include <string.h>
120 int main(void){char b[10]; memset(b, 0, sizeof(b));}
121 ]])],
122 [ AC_MSG_RESULT(yes) ],
123 [ AC_MSG_RESULT(no)
124 CFLAGS="$saved_CFLAGS" ]
125 )
127 # -fstack-protector-all doesn't always work for some GCC versions
128 # and/or platforms, so we test if we can. If it's not supported
129 # on a given platform gcc will emit a warning so we use -Werror.
130 if test "x$use_stack_protector" = "x1"; then
131 for t in -fstack-protector-all -fstack-protector; do
132 AC_MSG_CHECKING(if $CC supports $t)
133 saved_CFLAGS="$CFLAGS"
134 saved_LDFLAGS="$LDFLAGS"
135 CFLAGS="$CFLAGS $t -Werror"
136 LDFLAGS="$LDFLAGS $t -Werror"
137 AC_LINK_IFELSE(
138 [AC_LANG_SOURCE([
139 #include <stdio.h>
140 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
141 ])],
142 [ AC_MSG_RESULT(yes)
143 CFLAGS="$saved_CFLAGS $t"
144 LDFLAGS="$saved_LDFLAGS $t"
145 AC_MSG_CHECKING(if $t works)
146 AC_RUN_IFELSE(
147 [AC_LANG_SOURCE([
148 #include <stdio.h>
149 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
150 ])],
151 [ AC_MSG_RESULT(yes)
152 break ],
153 [ AC_MSG_RESULT(no) ],
154 [ AC_MSG_WARN([cross compiling: cannot test])
155 break ]
156 )
157 ],
158 [ AC_MSG_RESULT(no) ]
159 )
160 CFLAGS="$saved_CFLAGS"
161 LDFLAGS="$saved_LDFLAGS"
162 done
163 fi
165 if test -z "$have_llong_max"; then
166 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
167 unset ac_cv_have_decl_LLONG_MAX
168 saved_CFLAGS="$CFLAGS"
169 CFLAGS="$CFLAGS -std=gnu99"
170 AC_CHECK_DECL(LLONG_MAX,
171 [have_llong_max=1],
172 [CFLAGS="$saved_CFLAGS"],
173 [#include <limits.h>]
174 )
175 fi
176 fi
178 if test "x$no_attrib_nonnull" != "x1" ; then
179 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
180 fi
182 AC_ARG_WITH(rpath,
183 [ --without-rpath Disable auto-added -R linker paths],
184 [
185 if test "x$withval" = "xno" ; then
186 need_dash_r=""
187 fi
188 if test "x$withval" = "xyes" ; then
189 need_dash_r=1
190 fi
191 ]
192 )
194 # Allow user to specify flags
195 AC_ARG_WITH(cflags,
196 [ --with-cflags Specify additional flags to pass to compiler],
197 [
198 if test -n "$withval" && test "x$withval" != "xno" && \
199 test "x${withval}" != "xyes"; then
200 CFLAGS="$CFLAGS $withval"
201 fi
202 ]
203 )
204 AC_ARG_WITH(cppflags,
205 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
206 [
207 if test -n "$withval" && test "x$withval" != "xno" && \
208 test "x${withval}" != "xyes"; then
209 CPPFLAGS="$CPPFLAGS $withval"
210 fi
211 ]
212 )
213 AC_ARG_WITH(ldflags,
214 [ --with-ldflags Specify additional flags to pass to linker],
215 [
216 if test -n "$withval" && test "x$withval" != "xno" && \
217 test "x${withval}" != "xyes"; then
218 LDFLAGS="$LDFLAGS $withval"
219 fi
220 ]
221 )
222 AC_ARG_WITH(libs,
223 [ --with-libs Specify additional libraries to link with],
224 [
225 if test -n "$withval" && test "x$withval" != "xno" && \
226 test "x${withval}" != "xyes"; then
227 LIBS="$LIBS $withval"
228 fi
229 ]
230 )
231 AC_ARG_WITH(Werror,
232 [ --with-Werror Build main code with -Werror],
233 [
234 if test -n "$withval" && test "x$withval" != "xno"; then
235 werror_flags="-Werror"
236 if test "x${withval}" != "xyes"; then
237 werror_flags="$withval"
238 fi
239 fi
240 ]
241 )
243 AC_CHECK_HEADERS( \
244 bstring.h \
245 crypt.h \
246 crypto/sha2.h \
247 dirent.h \
248 endian.h \
249 features.h \
250 fcntl.h \
251 floatingpoint.h \
252 getopt.h \
253 glob.h \
254 ia.h \
255 iaf.h \
256 limits.h \
257 login.h \
258 maillock.h \
259 ndir.h \
260 net/if_tun.h \
261 netdb.h \
262 netgroup.h \
263 pam/pam_appl.h \
264 paths.h \
265 poll.h \
266 pty.h \
267 readpassphrase.h \
268 rpc/types.h \
269 security/pam_appl.h \
270 sha2.h \
271 shadow.h \
272 stddef.h \
273 stdint.h \
274 string.h \
275 strings.h \
276 sys/audit.h \
277 sys/bitypes.h \
278 sys/bsdtty.h \
279 sys/cdefs.h \
280 sys/dir.h \
281 sys/mman.h \
282 sys/mount.h \
283 sys/ndir.h \
284 sys/poll.h \
285 sys/prctl.h \
286 sys/pstat.h \
287 sys/select.h \
288 sys/stat.h \
289 sys/stream.h \
290 sys/stropts.h \
291 sys/strtio.h \
292 sys/statvfs.h \
293 sys/sysmacros.h \
294 sys/time.h \
295 sys/timers.h \
296 sys/un.h \
297 time.h \
298 tmpdir.h \
299 ttyent.h \
300 ucred.h \
301 unistd.h \
302 usersec.h \
303 util.h \
304 utime.h \
305 utmp.h \
306 utmpx.h \
307 vis.h \
308 )
310 # lastlog.h requires sys/time.h to be included first on Solaris
311 AC_CHECK_HEADERS(lastlog.h, [], [], [
312 #ifdef HAVE_SYS_TIME_H
313 # include <sys/time.h>
314 #endif
315 ])
317 # sys/ptms.h requires sys/stream.h to be included first on Solaris
318 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
319 #ifdef HAVE_SYS_STREAM_H
320 # include <sys/stream.h>
321 #endif
322 ])
324 # login_cap.h requires sys/types.h on NetBSD
325 AC_CHECK_HEADERS(login_cap.h, [], [], [
326 #include <sys/types.h>
327 ])
329 # Messages for features tested for in target-specific section
330 SIA_MSG="no"
331 SPC_MSG="no"
333 # Check for some target-specific stuff
334 case "$host" in
335 *-*-aix*)
336 # Some versions of VAC won't allow macro redefinitions at
337 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
338 # particularly with older versions of vac or xlc.
339 # It also throws errors about null macro argments, but these are
340 # not fatal.
341 AC_MSG_CHECKING(if compiler allows macro redefinitions)
342 AC_COMPILE_IFELSE(
343 [AC_LANG_SOURCE([[
344 #define testmacro foo
345 #define testmacro bar
346 int main(void) { exit(0); }
347 ]])],
348 [ AC_MSG_RESULT(yes) ],
349 [ AC_MSG_RESULT(no)
350 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
351 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
352 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
353 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
354 ]
355 )
357 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
358 if (test -z "$blibpath"); then
359 blibpath="/usr/lib:/lib"
360 fi
361 saved_LDFLAGS="$LDFLAGS"
362 if test "$GCC" = "yes"; then
363 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
364 else
365 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
366 fi
367 for tryflags in $flags ;do
368 if (test -z "$blibflags"); then
369 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
370 AC_TRY_LINK([], [], [blibflags=$tryflags])
371 fi
372 done
373 if (test -z "$blibflags"); then
374 AC_MSG_RESULT(not found)
375 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
376 else
377 AC_MSG_RESULT($blibflags)
378 fi
379 LDFLAGS="$saved_LDFLAGS"
380 dnl Check for authenticate. Might be in libs.a on older AIXes
381 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
382 [Define if you want to enable AIX4's authenticate function])],
383 [AC_CHECK_LIB(s,authenticate,
384 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
385 LIBS="$LIBS -ls"
386 ])
387 ])
388 dnl Check for various auth function declarations in headers.
389 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
390 passwdexpired, setauthdb], , , [#include <usersec.h>])
391 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
392 AC_CHECK_DECLS(loginfailed,
393 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
394 AC_TRY_COMPILE(
395 [#include <usersec.h>],
396 [(void)loginfailed("user","host","tty",0);],
397 [AC_MSG_RESULT(yes)
398 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
399 [Define if your AIX loginfailed() function
400 takes 4 arguments (AIX >= 5.2)])],
401 [AC_MSG_RESULT(no)]
402 )],
403 [],
404 [#include <usersec.h>]
405 )
406 AC_CHECK_FUNCS(getgrset setauthdb)
407 AC_CHECK_DECL(F_CLOSEM,
408 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
409 [],
410 [ #include <limits.h>
411 #include <fcntl.h> ]
412 )
413 check_for_aix_broken_getaddrinfo=1
414 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
415 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
416 [Define if your platform breaks doing a seteuid before a setuid])
417 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
418 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
419 dnl AIX handles lastlog as part of its login message
420 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
421 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
422 [Some systems need a utmpx entry for /bin/login to work])
423 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
424 [Define to a Set Process Title type if your system is
425 supported by bsd-setproctitle.c])
426 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
427 [AIX 5.2 and 5.3 (and presumably newer) require this])
428 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
429 ;;
430 *-*-cygwin*)
431 check_for_libcrypt_later=1
432 LIBS="$LIBS /usr/lib/textreadmode.o"
433 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
434 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
435 AC_DEFINE(DISABLE_SHADOW, 1,
436 [Define if you want to disable shadow passwords])
437 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
438 [Define if X11 doesn't support AF_UNIX sockets on that system])
439 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
440 [Define if the concept of ports only accessible to
441 superusers isn't known])
442 AC_DEFINE(DISABLE_FD_PASSING, 1,
443 [Define if your platform needs to skip post auth
444 file descriptor passing])
445 ;;
446 *-*-dgux*)
447 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
448 [Define if your system choked on IP TOS setting])
449 AC_DEFINE(SETEUID_BREAKS_SETUID)
450 AC_DEFINE(BROKEN_SETREUID)
451 AC_DEFINE(BROKEN_SETREGID)
452 ;;
453 *-*-darwin*)
454 AC_MSG_CHECKING(if we have working getaddrinfo)
455 AC_TRY_RUN([#include <mach-o/dyld.h>
456 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
457 exit(0);
458 else
459 exit(1);
460 }], [AC_MSG_RESULT(working)],
461 [AC_MSG_RESULT(buggy)
462 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
463 [AC_MSG_RESULT(assume it is working)])
464 AC_DEFINE(SETEUID_BREAKS_SETUID)
465 AC_DEFINE(BROKEN_SETREUID)
466 AC_DEFINE(BROKEN_SETREGID)
467 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
468 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
469 [Define if your resolver libs need this for getrrsetbyname])
470 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
471 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
472 [Use tunnel device compatibility to OpenBSD])
473 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
474 [Prepend the address family to IP tunnel traffic])
475 m4_pattern_allow(AU_IPv)
476 AC_CHECK_DECL(AU_IPv4, [],
477 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
478 [#include <bsm/audit.h>]
479 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
480 [Define if pututxline updates lastlog too])
481 )
482 ;;
483 *-*-dragonfly*)
484 SSHDLIBS="$SSHDLIBS -lcrypt"
485 ;;
486 *-*-hpux*)
487 # first we define all of the options common to all HP-UX releases
488 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
489 IPADDR_IN_DISPLAY=yes
490 AC_DEFINE(USE_PIPES)
491 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
492 [Define if your login program cannot handle end of options ("--")])
493 AC_DEFINE(LOGIN_NEEDS_UTMPX)
494 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
495 [String used in /etc/passwd to denote locked account])
496 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
497 MAIL="/var/mail/username"
498 LIBS="$LIBS -lsec"
499 AC_CHECK_LIB(xnet, t_error, ,
500 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
502 # next, we define all of the options specific to major releases
503 case "$host" in
504 *-*-hpux10*)
505 if test -z "$GCC"; then
506 CFLAGS="$CFLAGS -Ae"
507 fi
508 ;;
509 *-*-hpux11*)
510 AC_DEFINE(PAM_SUN_CODEBASE, 1,
511 [Define if you are using Solaris-derived PAM which
512 passes pam_messages to the conversation function
513 with an extra level of indirection])
514 AC_DEFINE(DISABLE_UTMP, 1,
515 [Define if you don't want to use utmp])
516 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
517 check_for_hpux_broken_getaddrinfo=1
518 check_for_conflicting_getspnam=1
519 ;;
520 esac
522 # lastly, we define options specific to minor releases
523 case "$host" in
524 *-*-hpux10.26)
525 AC_DEFINE(HAVE_SECUREWARE, 1,
526 [Define if you have SecureWare-based
527 protected password database])
528 disable_ptmx_check=yes
529 LIBS="$LIBS -lsecpw"
530 ;;
531 esac
532 ;;
533 *-*-irix5*)
534 PATH="$PATH:/usr/etc"
535 AC_DEFINE(BROKEN_INET_NTOA, 1,
536 [Define if you system's inet_ntoa is busted
537 (e.g. Irix gcc issue)])
538 AC_DEFINE(SETEUID_BREAKS_SETUID)
539 AC_DEFINE(BROKEN_SETREUID)
540 AC_DEFINE(BROKEN_SETREGID)
541 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
542 [Define if you shouldn't strip 'tty' from your
543 ttyname in [uw]tmp])
544 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
545 ;;
546 *-*-irix6*)
547 PATH="$PATH:/usr/etc"
548 AC_DEFINE(WITH_IRIX_ARRAY, 1,
549 [Define if you have/want arrays
550 (cluster-wide session managment, not C arrays)])
551 AC_DEFINE(WITH_IRIX_PROJECT, 1,
552 [Define if you want IRIX project management])
553 AC_DEFINE(WITH_IRIX_AUDIT, 1,
554 [Define if you want IRIX audit trails])
555 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
556 [Define if you want IRIX kernel jobs])])
557 AC_DEFINE(BROKEN_INET_NTOA)
558 AC_DEFINE(SETEUID_BREAKS_SETUID)
559 AC_DEFINE(BROKEN_SETREUID)
560 AC_DEFINE(BROKEN_SETREGID)
561 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
562 AC_DEFINE(WITH_ABBREV_NO_TTY)
563 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
564 ;;
565 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
566 check_for_libcrypt_later=1
567 AC_DEFINE(PAM_TTY_KLUDGE)
568 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
569 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
570 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
571 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
572 ;;
573 *-*-linux*)
574 no_dev_ptmx=1
575 check_for_libcrypt_later=1
576 check_for_openpty_ctty_bug=1
577 AC_DEFINE(PAM_TTY_KLUDGE, 1,
578 [Work around problematic Linux PAM modules handling of PAM_TTY])
579 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
580 [String used in /etc/passwd to denote locked account])
581 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
582 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
583 [Define to whatever link() returns for "not supported"
584 if it doesn't return EOPNOTSUPP.])
585 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
586 AC_DEFINE(USE_BTMP)
587 inet6_default_4in6=yes
588 case `uname -r` in
589 1.*|2.0.*)
590 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
591 [Define if cmsg_type is not passed correctly])
592 ;;
593 esac
594 # tun(4) forwarding compat code
595 AC_CHECK_HEADERS(linux/if_tun.h)
596 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
597 AC_DEFINE(SSH_TUN_LINUX, 1,
598 [Open tunnel devices the Linux tun/tap way])
599 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
600 [Use tunnel device compatibility to OpenBSD])
601 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
602 [Prepend the address family to IP tunnel traffic])
603 fi
604 ;;
605 mips-sony-bsd|mips-sony-newsos4)
606 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
607 SONY=1
608 ;;
609 *-*-netbsd*)
610 check_for_libcrypt_before=1
611 if test "x$withval" != "xno" ; then
612 need_dash_r=1
613 fi
614 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
615 AC_CHECK_HEADER([net/if_tap.h], ,
616 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
617 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
618 [Prepend the address family to IP tunnel traffic])
619 ;;
620 *-*-freebsd*)
621 check_for_libcrypt_later=1
622 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
623 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
624 AC_CHECK_HEADER([net/if_tap.h], ,
625 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
626 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
627 ;;
628 *-*-bsdi*)
629 AC_DEFINE(SETEUID_BREAKS_SETUID)
630 AC_DEFINE(BROKEN_SETREUID)
631 AC_DEFINE(BROKEN_SETREGID)
632 ;;
633 *-next-*)
634 conf_lastlog_location="/usr/adm/lastlog"
635 conf_utmp_location=/etc/utmp
636 conf_wtmp_location=/usr/adm/wtmp
637 MAIL=/usr/spool/mail
638 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
639 AC_DEFINE(BROKEN_REALPATH)
640 AC_DEFINE(USE_PIPES)
641 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
642 ;;
643 *-*-openbsd*)
644 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
645 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
646 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
647 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
648 [syslog_r function is safe to use in in a signal handler])
649 ;;
650 *-*-solaris*)
651 if test "x$withval" != "xno" ; then
652 need_dash_r=1
653 fi
654 AC_DEFINE(PAM_SUN_CODEBASE)
655 AC_DEFINE(LOGIN_NEEDS_UTMPX)
656 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
657 [Some versions of /bin/login need the TERM supplied
658 on the commandline])
659 AC_DEFINE(PAM_TTY_KLUDGE)
660 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
661 [Define if pam_chauthtok wants real uid set
662 to the unpriv'ed user])
663 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
664 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
665 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
666 [Define if sshd somehow reacquires a controlling TTY
667 after setsid()])
668 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
669 in case the name is longer than 8 chars])
670 external_path_file=/etc/default/login
671 # hardwire lastlog location (can't detect it on some versions)
672 conf_lastlog_location="/var/adm/lastlog"
673 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
674 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
675 if test "$sol2ver" -ge 8; then
676 AC_MSG_RESULT(yes)
677 AC_DEFINE(DISABLE_UTMP)
678 AC_DEFINE(DISABLE_WTMP, 1,
679 [Define if you don't want to use wtmp])
680 else
681 AC_MSG_RESULT(no)
682 fi
683 AC_ARG_WITH(solaris-contracts,
684 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
685 [
686 AC_CHECK_LIB(contract, ct_tmpl_activate,
687 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
688 [Define if you have Solaris process contracts])
689 SSHDLIBS="$SSHDLIBS -lcontract"
690 AC_SUBST(SSHDLIBS)
691 SPC_MSG="yes" ], )
692 ],
693 )
694 ;;
695 *-*-sunos4*)
696 CPPFLAGS="$CPPFLAGS -DSUNOS4"
697 AC_CHECK_FUNCS(getpwanam)
698 AC_DEFINE(PAM_SUN_CODEBASE)
699 conf_utmp_location=/etc/utmp
700 conf_wtmp_location=/var/adm/wtmp
701 conf_lastlog_location=/var/adm/lastlog
702 AC_DEFINE(USE_PIPES)
703 ;;
704 *-ncr-sysv*)
705 LIBS="$LIBS -lc89"
706 AC_DEFINE(USE_PIPES)
707 AC_DEFINE(SSHD_ACQUIRES_CTTY)
708 AC_DEFINE(SETEUID_BREAKS_SETUID)
709 AC_DEFINE(BROKEN_SETREUID)
710 AC_DEFINE(BROKEN_SETREGID)
711 ;;
712 *-sni-sysv*)
713 # /usr/ucblib MUST NOT be searched on ReliantUNIX
714 AC_CHECK_LIB(dl, dlsym, ,)
715 # -lresolv needs to be at the end of LIBS or DNS lookups break
716 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
717 IPADDR_IN_DISPLAY=yes
718 AC_DEFINE(USE_PIPES)
719 AC_DEFINE(IP_TOS_IS_BROKEN)
720 AC_DEFINE(SETEUID_BREAKS_SETUID)
721 AC_DEFINE(BROKEN_SETREUID)
722 AC_DEFINE(BROKEN_SETREGID)
723 AC_DEFINE(SSHD_ACQUIRES_CTTY)
724 external_path_file=/etc/default/login
725 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
726 # Attention: always take care to bind libsocket and libnsl before libc,
727 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
728 ;;
729 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
730 *-*-sysv4.2*)
731 AC_DEFINE(USE_PIPES)
732 AC_DEFINE(SETEUID_BREAKS_SETUID)
733 AC_DEFINE(BROKEN_SETREUID)
734 AC_DEFINE(BROKEN_SETREGID)
735 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
736 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
737 ;;
738 # UnixWare 7.x, OpenUNIX 8
739 *-*-sysv5*)
740 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
741 AC_DEFINE(USE_PIPES)
742 AC_DEFINE(SETEUID_BREAKS_SETUID)
743 AC_DEFINE(BROKEN_SETREUID)
744 AC_DEFINE(BROKEN_SETREGID)
745 AC_DEFINE(PASSWD_NEEDS_USERNAME)
746 case "$host" in
747 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
748 TEST_SHELL=/u95/bin/sh
749 AC_DEFINE(BROKEN_LIBIAF, 1,
750 [ia_uinfo routines not supported by OS yet])
751 AC_DEFINE(BROKEN_UPDWTMPX)
752 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
753 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
754 AC_DEFINE(HAVE_SECUREWARE)
755 AC_DEFINE(DISABLE_SHADOW)
756 ],,)
757 ;;
758 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
759 check_for_libcrypt_later=1
760 ;;
761 esac
762 ;;
763 *-*-sysv*)
764 ;;
765 # SCO UNIX and OEM versions of SCO UNIX
766 *-*-sco3.2v4*)
767 AC_MSG_ERROR("This Platform is no longer supported.")
768 ;;
769 # SCO OpenServer 5.x
770 *-*-sco3.2v5*)
771 if test -z "$GCC"; then
772 CFLAGS="$CFLAGS -belf"
773 fi
774 LIBS="$LIBS -lprot -lx -ltinfo -lm"
775 no_dev_ptmx=1
776 AC_DEFINE(USE_PIPES)
777 AC_DEFINE(HAVE_SECUREWARE)
778 AC_DEFINE(DISABLE_SHADOW)
779 AC_DEFINE(DISABLE_FD_PASSING)
780 AC_DEFINE(SETEUID_BREAKS_SETUID)
781 AC_DEFINE(BROKEN_SETREUID)
782 AC_DEFINE(BROKEN_SETREGID)
783 AC_DEFINE(WITH_ABBREV_NO_TTY)
784 AC_DEFINE(BROKEN_UPDWTMPX)
785 AC_DEFINE(PASSWD_NEEDS_USERNAME)
786 AC_CHECK_FUNCS(getluid setluid)
787 MANTYPE=man
788 TEST_SHELL=ksh
789 ;;
790 *-*-unicosmk*)
791 AC_DEFINE(NO_SSH_LASTLOG, 1,
792 [Define if you don't want to use lastlog in session.c])
793 AC_DEFINE(SETEUID_BREAKS_SETUID)
794 AC_DEFINE(BROKEN_SETREUID)
795 AC_DEFINE(BROKEN_SETREGID)
796 AC_DEFINE(USE_PIPES)
797 AC_DEFINE(DISABLE_FD_PASSING)
798 LDFLAGS="$LDFLAGS"
799 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
800 MANTYPE=cat
801 ;;
802 *-*-unicosmp*)
803 AC_DEFINE(SETEUID_BREAKS_SETUID)
804 AC_DEFINE(BROKEN_SETREUID)
805 AC_DEFINE(BROKEN_SETREGID)
806 AC_DEFINE(WITH_ABBREV_NO_TTY)
807 AC_DEFINE(USE_PIPES)
808 AC_DEFINE(DISABLE_FD_PASSING)
809 LDFLAGS="$LDFLAGS"
810 LIBS="$LIBS -lgen -lacid -ldb"
811 MANTYPE=cat
812 ;;
813 *-*-unicos*)
814 AC_DEFINE(SETEUID_BREAKS_SETUID)
815 AC_DEFINE(BROKEN_SETREUID)
816 AC_DEFINE(BROKEN_SETREGID)
817 AC_DEFINE(USE_PIPES)
818 AC_DEFINE(DISABLE_FD_PASSING)
819 AC_DEFINE(NO_SSH_LASTLOG)
820 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
821 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
822 MANTYPE=cat
823 ;;
824 *-dec-osf*)
825 AC_MSG_CHECKING(for Digital Unix SIA)
826 no_osfsia=""
827 AC_ARG_WITH(osfsia,
828 [ --with-osfsia Enable Digital Unix SIA],
829 [
830 if test "x$withval" = "xno" ; then
831 AC_MSG_RESULT(disabled)
832 no_osfsia=1
833 fi
834 ],
835 )
836 if test -z "$no_osfsia" ; then
837 if test -f /etc/sia/matrix.conf; then
838 AC_MSG_RESULT(yes)
839 AC_DEFINE(HAVE_OSF_SIA, 1,
840 [Define if you have Digital Unix Security
841 Integration Architecture])
842 AC_DEFINE(DISABLE_LOGIN, 1,
843 [Define if you don't want to use your
844 system's login() call])
845 AC_DEFINE(DISABLE_FD_PASSING)
846 LIBS="$LIBS -lsecurity -ldb -lm -laud"
847 SIA_MSG="yes"
848 else
849 AC_MSG_RESULT(no)
850 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
851 [String used in /etc/passwd to denote locked account])
852 fi
853 fi
854 AC_DEFINE(BROKEN_GETADDRINFO)
855 AC_DEFINE(SETEUID_BREAKS_SETUID)
856 AC_DEFINE(BROKEN_SETREUID)
857 AC_DEFINE(BROKEN_SETREGID)
858 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
859 ;;
861 *-*-nto-qnx*)
862 AC_DEFINE(USE_PIPES)
863 AC_DEFINE(NO_X11_UNIX_SOCKETS)
864 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
865 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
866 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
867 AC_DEFINE(DISABLE_LASTLOG)
868 AC_DEFINE(SSHD_ACQUIRES_CTTY)
869 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
870 enable_etc_default_login=no # has incompatible /etc/default/login
871 case "$host" in
872 *-*-nto-qnx6*)
873 AC_DEFINE(DISABLE_FD_PASSING)
874 ;;
875 esac
876 ;;
878 *-*-ultrix*)
879 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
880 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
881 AC_DEFINE(NEED_SETPGRP)
882 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
883 ;;
885 *-*-lynxos)
886 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
887 AC_DEFINE(MISSING_HOWMANY)
888 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
889 ;;
890 esac
892 AC_MSG_CHECKING(compiler and flags for sanity)
893 AC_RUN_IFELSE(
894 [AC_LANG_SOURCE([
895 #include <stdio.h>
896 int main(){exit(0);}
897 ])],
898 [ AC_MSG_RESULT(yes) ],
899 [
900 AC_MSG_RESULT(no)
901 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
902 ],
903 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
904 )
906 dnl Checks for header files.
907 # Checks for libraries.
908 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
909 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
911 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
912 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
913 AC_CHECK_LIB(gen, dirname,[
914 AC_CACHE_CHECK([for broken dirname],
915 ac_cv_have_broken_dirname, [
916 save_LIBS="$LIBS"
917 LIBS="$LIBS -lgen"
918 AC_RUN_IFELSE(
919 [AC_LANG_SOURCE([[
920 #include <libgen.h>
921 #include <string.h>
923 int main(int argc, char **argv) {
924 char *s, buf[32];
926 strncpy(buf,"/etc", 32);
927 s = dirname(buf);
928 if (!s || strncmp(s, "/", 32) != 0) {
929 exit(1);
930 } else {
931 exit(0);
932 }
933 }
934 ]])],
935 [ ac_cv_have_broken_dirname="no" ],
936 [ ac_cv_have_broken_dirname="yes" ],
937 [ ac_cv_have_broken_dirname="no" ],
938 )
939 LIBS="$save_LIBS"
940 ])
941 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
942 LIBS="$LIBS -lgen"
943 AC_DEFINE(HAVE_DIRNAME)
944 AC_CHECK_HEADERS(libgen.h)
945 fi
946 ])
947 ])
949 AC_CHECK_FUNC(getspnam, ,
950 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
951 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
952 [Define if you have the basename function.]))
954 dnl zlib is required
955 AC_ARG_WITH(zlib,
956 [ --with-zlib=PATH Use zlib in PATH],
957 [ if test "x$withval" = "xno" ; then
958 AC_MSG_ERROR([*** zlib is required ***])
959 elif test "x$withval" != "xyes"; then
960 if test -d "$withval/lib"; then
961 if test -n "${need_dash_r}"; then
962 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
963 else
964 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
965 fi
966 else
967 if test -n "${need_dash_r}"; then
968 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
969 else
970 LDFLAGS="-L${withval} ${LDFLAGS}"
971 fi
972 fi
973 if test -d "$withval/include"; then
974 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
975 else
976 CPPFLAGS="-I${withval} ${CPPFLAGS}"
977 fi
978 fi ]
979 )
981 AC_CHECK_LIB(z, deflate, ,
982 [
983 saved_CPPFLAGS="$CPPFLAGS"
984 saved_LDFLAGS="$LDFLAGS"
985 save_LIBS="$LIBS"
986 dnl Check default zlib install dir
987 if test -n "${need_dash_r}"; then
988 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
989 else
990 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
991 fi
992 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
993 LIBS="$LIBS -lz"
994 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
995 [
996 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
997 ]
998 )
999 ]
1000 )
1001 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1003 AC_ARG_WITH(zlib-version-check,
1004 [ --without-zlib-version-check Disable zlib version check],
1005 [ if test "x$withval" = "xno" ; then
1006 zlib_check_nonfatal=1
1007 fi
1008 ]
1009 )
1011 AC_MSG_CHECKING(for possibly buggy zlib)
1012 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1013 #include <stdio.h>
1014 #include <zlib.h>
1015 int main()
1016 {
1017 int a=0, b=0, c=0, d=0, n, v;
1018 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1019 if (n != 3 && n != 4)
1020 exit(1);
1021 v = a*1000000 + b*10000 + c*100 + d;
1022 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1024 /* 1.1.4 is OK */
1025 if (a == 1 && b == 1 && c >= 4)
1026 exit(0);
1028 /* 1.2.3 and up are OK */
1029 if (v >= 1020300)
1030 exit(0);
1032 exit(2);
1033 }
1034 ]])],
1035 AC_MSG_RESULT(no),
1036 [ AC_MSG_RESULT(yes)
1037 if test -z "$zlib_check_nonfatal" ; then
1038 AC_MSG_ERROR([*** zlib too old - check config.log ***
1039 Your reported zlib version has known security problems. It's possible your
1040 vendor has fixed these problems without changing the version number. If you
1041 are sure this is the case, you can disable the check by running
1042 "./configure --without-zlib-version-check".
1043 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1044 See http://www.gzip.org/zlib/ for details.])
1045 else
1046 AC_MSG_WARN([zlib version may have security problems])
1047 fi
1048 ],
1049 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1050 )
1052 dnl UnixWare 2.x
1053 AC_CHECK_FUNC(strcasecmp,
1054 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1055 )
1056 AC_CHECK_FUNCS(utimes,
1057 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1058 LIBS="$LIBS -lc89"]) ]
1059 )
1061 dnl Checks for libutil functions
1062 AC_CHECK_HEADERS(libutil.h)
1063 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1064 [Define if your libraries define login()])])
1065 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1067 AC_FUNC_STRFTIME
1069 # Check for ALTDIRFUNC glob() extension
1070 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1071 AC_EGREP_CPP(FOUNDIT,
1072 [
1073 #include <glob.h>
1074 #ifdef GLOB_ALTDIRFUNC
1075 FOUNDIT
1076 #endif
1077 ],
1078 [
1079 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1080 [Define if your system glob() function has
1081 the GLOB_ALTDIRFUNC extension])
1082 AC_MSG_RESULT(yes)
1083 ],
1084 [
1085 AC_MSG_RESULT(no)
1086 ]
1087 )
1089 # Check for g.gl_matchc glob() extension
1090 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1091 AC_TRY_COMPILE(
1092 [ #include <glob.h> ],
1093 [glob_t g; g.gl_matchc = 1;],
1094 [
1095 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1096 [Define if your system glob() function has
1097 gl_matchc options in glob_t])
1098 AC_MSG_RESULT(yes)
1099 ],
1100 [
1101 AC_MSG_RESULT(no)
1102 ]
1103 )
1105 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1107 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1108 AC_RUN_IFELSE(
1109 [AC_LANG_SOURCE([[
1110 #include <sys/types.h>
1111 #include <dirent.h>
1112 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1113 ]])],
1114 [AC_MSG_RESULT(yes)],
1115 [
1116 AC_MSG_RESULT(no)
1117 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1118 [Define if your struct dirent expects you to
1119 allocate extra space for d_name])
1120 ],
1121 [
1122 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1123 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1124 ]
1125 )
1127 AC_MSG_CHECKING([for /proc/pid/fd directory])
1128 if test -d "/proc/$$/fd" ; then
1129 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1130 AC_MSG_RESULT(yes)
1131 else
1132 AC_MSG_RESULT(no)
1133 fi
1135 # Check whether user wants S/Key support
1136 SKEY_MSG="no"
1137 AC_ARG_WITH(skey,
1138 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1139 [
1140 if test "x$withval" != "xno" ; then
1142 if test "x$withval" != "xyes" ; then
1143 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1144 LDFLAGS="$LDFLAGS -L${withval}/lib"
1145 fi
1147 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1148 LIBS="-lskey $LIBS"
1149 SKEY_MSG="yes"
1151 AC_MSG_CHECKING([for s/key support])
1152 AC_LINK_IFELSE(
1153 [AC_LANG_SOURCE([[
1154 #include <stdio.h>
1155 #include <skey.h>
1156 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1157 ]])],
1158 [AC_MSG_RESULT(yes)],
1159 [
1160 AC_MSG_RESULT(no)
1161 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1162 ])
1163 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1164 AC_TRY_COMPILE(
1165 [#include <stdio.h>
1166 #include <skey.h>],
1167 [(void)skeychallenge(NULL,"name","",0);],
1168 [AC_MSG_RESULT(yes)
1169 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1170 [Define if your skeychallenge()
1171 function takes 4 arguments (NetBSD)])],
1172 [AC_MSG_RESULT(no)]
1173 )
1174 fi
1175 ]
1176 )
1178 # Check whether user wants TCP wrappers support
1179 TCPW_MSG="no"
1180 AC_ARG_WITH(tcp-wrappers,
1181 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1182 [
1183 if test "x$withval" != "xno" ; then
1184 saved_LIBS="$LIBS"
1185 saved_LDFLAGS="$LDFLAGS"
1186 saved_CPPFLAGS="$CPPFLAGS"
1187 if test -n "${withval}" && \
1188 test "x${withval}" != "xyes"; then
1189 if test -d "${withval}/lib"; then
1190 if test -n "${need_dash_r}"; then
1191 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1192 else
1193 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1194 fi
1195 else
1196 if test -n "${need_dash_r}"; then
1197 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1198 else
1199 LDFLAGS="-L${withval} ${LDFLAGS}"
1200 fi
1201 fi
1202 if test -d "${withval}/include"; then
1203 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1204 else
1205 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1206 fi
1207 fi
1208 LIBS="-lwrap $LIBS"
1209 AC_MSG_CHECKING(for libwrap)
1210 AC_TRY_LINK(
1211 [
1212 #include <sys/types.h>
1213 #include <sys/socket.h>
1214 #include <netinet/in.h>
1215 #include <tcpd.h>
1216 int deny_severity = 0, allow_severity = 0;
1217 ],
1218 [hosts_access(0);],
1219 [
1220 AC_MSG_RESULT(yes)
1221 AC_DEFINE(LIBWRAP, 1,
1222 [Define if you want
1223 TCP Wrappers support])
1224 SSHDLIBS="$SSHDLIBS -lwrap"
1225 TCPW_MSG="yes"
1226 ],
1227 [
1228 AC_MSG_ERROR([*** libwrap missing])
1229 ]
1230 )
1231 LIBS="$saved_LIBS"
1232 fi
1233 ]
1234 )
1236 # Check whether user wants libedit support
1237 LIBEDIT_MSG="no"
1238 AC_ARG_WITH(libedit,
1239 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1240 [ if test "x$withval" != "xno" ; then
1241 if test "x$withval" != "xyes"; then
1242 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1243 if test -n "${need_dash_r}"; then
1244 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1245 else
1246 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1247 fi
1248 fi
1249 AC_CHECK_LIB(edit, el_init,
1250 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1251 LIBEDIT="-ledit -lcurses"
1252 LIBEDIT_MSG="yes"
1253 AC_SUBST(LIBEDIT)
1254 ],
1255 [ AC_MSG_ERROR(libedit not found) ],
1256 [ -lcurses ]
1257 )
1258 AC_MSG_CHECKING(if libedit version is compatible)
1259 AC_COMPILE_IFELSE(
1260 [AC_LANG_SOURCE([[
1261 #include <histedit.h>
1262 int main(void)
1263 {
1264 int i = H_SETSIZE;
1265 el_init("", NULL, NULL, NULL);
1266 exit(0);
1267 }
1268 ]])],
1269 [ AC_MSG_RESULT(yes) ],
1270 [ AC_MSG_RESULT(no)
1271 AC_MSG_ERROR(libedit version is not compatible) ]
1272 )
1273 fi ]
1274 )
1276 AUDIT_MODULE=none
1277 AC_ARG_WITH(audit,
1278 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1279 [
1280 AC_MSG_CHECKING(for supported audit module)
1281 case "$withval" in
1282 bsm)
1283 AC_MSG_RESULT(bsm)
1284 AUDIT_MODULE=bsm
1285 dnl Checks for headers, libs and functions
1286 AC_CHECK_HEADERS(bsm/audit.h, [],
1287 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1288 [
1289 #ifdef HAVE_TIME_H
1290 # include <time.h>
1291 #endif
1292 ]
1293 )
1294 AC_CHECK_LIB(bsm, getaudit, [],
1295 [AC_MSG_ERROR(BSM enabled and required library not found)])
1296 AC_CHECK_FUNCS(getaudit, [],
1297 [AC_MSG_ERROR(BSM enabled and required function not found)])
1298 # These are optional
1299 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1300 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1301 ;;
1302 debug)
1303 AUDIT_MODULE=debug
1304 AC_MSG_RESULT(debug)
1305 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1306 ;;
1307 no)
1308 AC_MSG_RESULT(no)
1309 ;;
1310 *)
1311 AC_MSG_ERROR([Unknown audit module $withval])
1312 ;;
1313 esac ]
1314 )
1316 dnl Checks for library functions. Please keep in alphabetical order
1317 AC_CHECK_FUNCS( \
1318 arc4random \
1319 arc4random_buf \
1320 arc4random_uniform \
1321 asprintf \
1322 b64_ntop \
1323 __b64_ntop \
1324 b64_pton \
1325 __b64_pton \
1326 bcopy \
1327 bindresvport_sa \
1328 clock \
1329 closefrom \
1330 dirfd \
1331 fchmod \
1332 fchown \
1333 freeaddrinfo \
1334 fstatvfs \
1335 futimes \
1336 getaddrinfo \
1337 getcwd \
1338 getgrouplist \
1339 getnameinfo \
1340 getopt \
1341 getpeereid \
1342 getpeerucred \
1343 _getpty \
1344 getrlimit \
1345 getttyent \
1346 glob \
1347 inet_aton \
1348 inet_ntoa \
1349 inet_ntop \
1350 innetgr \
1351 login_getcapbool \
1352 md5_crypt \
1353 memmove \
1354 mkdtemp \
1355 mmap \
1356 ngetaddrinfo \
1357 nsleep \
1358 ogetaddrinfo \
1359 openlog_r \
1360 openpty \
1361 poll \
1362 prctl \
1363 pstat \
1364 readpassphrase \
1365 realpath \
1366 recvmsg \
1367 rresvport_af \
1368 sendmsg \
1369 setdtablesize \
1370 setegid \
1371 setenv \
1372 seteuid \
1373 setgroups \
1374 setlogin \
1375 setpcred \
1376 setproctitle \
1377 setregid \
1378 setreuid \
1379 setrlimit \
1380 setsid \
1381 setvbuf \
1382 sigaction \
1383 sigvec \
1384 snprintf \
1385 socketpair \
1386 statfs \
1387 statvfs \
1388 strdup \
1389 strerror \
1390 strlcat \
1391 strlcpy \
1392 strmode \
1393 strnvis \
1394 strtonum \
1395 strtoll \
1396 strtoul \
1397 swap32 \
1398 sysconf \
1399 tcgetpgrp \
1400 truncate \
1401 unsetenv \
1402 updwtmpx \
1403 vasprintf \
1404 vhangup \
1405 vsnprintf \
1406 waitpid \
1407 )
1409 # IRIX has a const char return value for gai_strerror()
1410 AC_CHECK_FUNCS(gai_strerror,[
1411 AC_DEFINE(HAVE_GAI_STRERROR)
1412 AC_TRY_COMPILE([
1413 #include <sys/types.h>
1414 #include <sys/socket.h>
1415 #include <netdb.h>
1417 const char *gai_strerror(int);],[
1418 char *str;
1420 str = gai_strerror(0);],[
1421 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1422 [Define if gai_strerror() returns const char *])])])
1424 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1425 [Some systems put nanosleep outside of libc]))
1427 dnl Make sure prototypes are defined for these before using them.
1428 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1429 AC_CHECK_DECL(strsep,
1430 [AC_CHECK_FUNCS(strsep)],
1431 [],
1432 [
1433 #ifdef HAVE_STRING_H
1434 # include <string.h>
1435 #endif
1436 ])
1438 dnl tcsendbreak might be a macro
1439 AC_CHECK_DECL(tcsendbreak,
1440 [AC_DEFINE(HAVE_TCSENDBREAK)],
1441 [AC_CHECK_FUNCS(tcsendbreak)],
1442 [#include <termios.h>]
1443 )
1445 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1447 AC_CHECK_DECLS(SHUT_RD, , ,
1448 [
1449 #include <sys/types.h>
1450 #include <sys/socket.h>
1451 ])
1453 AC_CHECK_DECLS(O_NONBLOCK, , ,
1454 [
1455 #include <sys/types.h>
1456 #ifdef HAVE_SYS_STAT_H
1457 # include <sys/stat.h>
1458 #endif
1459 #ifdef HAVE_FCNTL_H
1460 # include <fcntl.h>
1461 #endif
1462 ])
1464 AC_CHECK_DECLS(writev, , , [
1465 #include <sys/types.h>
1466 #include <sys/uio.h>
1467 #include <unistd.h>
1468 ])
1470 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1471 #include <sys/param.h>
1472 ])
1474 AC_CHECK_DECLS(offsetof, , , [
1475 #include <stddef.h>
1476 ])
1478 AC_CHECK_FUNCS(setresuid, [
1479 dnl Some platorms have setresuid that isn't implemented, test for this
1480 AC_MSG_CHECKING(if setresuid seems to work)
1481 AC_RUN_IFELSE(
1482 [AC_LANG_SOURCE([[
1483 #include <stdlib.h>
1484 #include <errno.h>
1485 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1486 ]])],
1487 [AC_MSG_RESULT(yes)],
1488 [AC_DEFINE(BROKEN_SETRESUID, 1,
1489 [Define if your setresuid() is broken])
1490 AC_MSG_RESULT(not implemented)],
1491 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1492 )
1493 ])
1495 AC_CHECK_FUNCS(setresgid, [
1496 dnl Some platorms have setresgid that isn't implemented, test for this
1497 AC_MSG_CHECKING(if setresgid seems to work)
1498 AC_RUN_IFELSE(
1499 [AC_LANG_SOURCE([[
1500 #include <stdlib.h>
1501 #include <errno.h>
1502 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1503 ]])],
1504 [AC_MSG_RESULT(yes)],
1505 [AC_DEFINE(BROKEN_SETRESGID, 1,
1506 [Define if your setresgid() is broken])
1507 AC_MSG_RESULT(not implemented)],
1508 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1509 )
1510 ])
1512 dnl Checks for time functions
1513 AC_CHECK_FUNCS(gettimeofday time)
1514 dnl Checks for utmp functions
1515 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1516 AC_CHECK_FUNCS(utmpname)
1517 dnl Checks for utmpx functions
1518 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1519 AC_CHECK_FUNCS(setutxent utmpxname)
1520 dnl Checks for lastlog functions
1521 AC_CHECK_FUNCS(getlastlogxbyname)
1523 AC_CHECK_FUNC(daemon,
1524 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1525 [AC_CHECK_LIB(bsd, daemon,
1526 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1527 )
1529 AC_CHECK_FUNC(getpagesize,
1530 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1531 [Define if your libraries define getpagesize()])],
1532 [AC_CHECK_LIB(ucb, getpagesize,
1533 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1534 )
1536 # Check for broken snprintf
1537 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1538 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1539 AC_RUN_IFELSE(
1540 [AC_LANG_SOURCE([[
1541 #include <stdio.h>
1542 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1543 ]])],
1544 [AC_MSG_RESULT(yes)],
1545 [
1546 AC_MSG_RESULT(no)
1547 AC_DEFINE(BROKEN_SNPRINTF, 1,
1548 [Define if your snprintf is busted])
1549 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1550 ],
1551 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1552 )
1553 fi
1555 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1556 # returning the right thing on overflow: the number of characters it tried to
1557 # create (as per SUSv3)
1558 if test "x$ac_cv_func_asprintf" != "xyes" && \
1559 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1560 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1561 AC_RUN_IFELSE(
1562 [AC_LANG_SOURCE([[
1563 #include <sys/types.h>
1564 #include <stdio.h>
1565 #include <stdarg.h>
1567 int x_snprintf(char *str,size_t count,const char *fmt,...)
1568 {
1569 size_t ret; va_list ap;
1570 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1571 return ret;
1572 }
1573 int main(void)
1574 {
1575 char x[1];
1576 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1577 } ]])],
1578 [AC_MSG_RESULT(yes)],
1579 [
1580 AC_MSG_RESULT(no)
1581 AC_DEFINE(BROKEN_SNPRINTF, 1,
1582 [Define if your snprintf is busted])
1583 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1584 ],
1585 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1586 )
1587 fi
1589 # On systems where [v]snprintf is broken, but is declared in stdio,
1590 # check that the fmt argument is const char * or just char *.
1591 # This is only useful for when BROKEN_SNPRINTF
1592 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1593 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1594 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1595 int main(void) { snprintf(0, 0, 0); }
1596 ]])],
1597 [AC_MSG_RESULT(yes)
1598 AC_DEFINE(SNPRINTF_CONST, [const],
1599 [Define as const if snprintf() can declare const char *fmt])],
1600 [AC_MSG_RESULT(no)
1601 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1603 # Check for missing getpeereid (or equiv) support
1604 NO_PEERCHECK=""
1605 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1606 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1607 AC_TRY_COMPILE(
1608 [#include <sys/types.h>
1609 #include <sys/socket.h>],
1610 [int i = SO_PEERCRED;],
1611 [ AC_MSG_RESULT(yes)
1612 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1613 ],
1614 [AC_MSG_RESULT(no)
1615 NO_PEERCHECK=1]
1616 )
1617 fi
1619 dnl see whether mkstemp() requires XXXXXX
1620 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1621 AC_MSG_CHECKING([for (overly) strict mkstemp])
1622 AC_RUN_IFELSE(
1623 [AC_LANG_SOURCE([[
1624 #include <stdlib.h>
1625 main() { char template[]="conftest.mkstemp-test";
1626 if (mkstemp(template) == -1)
1627 exit(1);
1628 unlink(template); exit(0);
1629 }
1630 ]])],
1631 [
1632 AC_MSG_RESULT(no)
1633 ],
1634 [
1635 AC_MSG_RESULT(yes)
1636 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1637 ],
1638 [
1639 AC_MSG_RESULT(yes)
1640 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1641 ]
1642 )
1643 fi
1645 dnl make sure that openpty does not reacquire controlling terminal
1646 if test ! -z "$check_for_openpty_ctty_bug"; then
1647 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1648 AC_RUN_IFELSE(
1649 [AC_LANG_SOURCE([[
1650 #include <stdio.h>
1651 #include <sys/fcntl.h>
1652 #include <sys/types.h>
1653 #include <sys/wait.h>
1655 int
1656 main()
1657 {
1658 pid_t pid;
1659 int fd, ptyfd, ttyfd, status;
1661 pid = fork();
1662 if (pid < 0) { /* failed */
1663 exit(1);
1664 } else if (pid > 0) { /* parent */
1665 waitpid(pid, &status, 0);
1666 if (WIFEXITED(status))
1667 exit(WEXITSTATUS(status));
1668 else
1669 exit(2);
1670 } else { /* child */
1671 close(0); close(1); close(2);
1672 setsid();
1673 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1674 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1675 if (fd >= 0)
1676 exit(3); /* Acquired ctty: broken */
1677 else
1678 exit(0); /* Did not acquire ctty: OK */
1679 }
1680 }
1681 ]])],
1682 [
1683 AC_MSG_RESULT(yes)
1684 ],
1685 [
1686 AC_MSG_RESULT(no)
1687 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1688 ],
1689 [
1690 AC_MSG_RESULT(cross-compiling, assuming yes)
1691 ]
1692 )
1693 fi
1695 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1696 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1697 AC_MSG_CHECKING(if getaddrinfo seems to work)
1698 AC_RUN_IFELSE(
1699 [AC_LANG_SOURCE([[
1700 #include <stdio.h>
1701 #include <sys/socket.h>
1702 #include <netdb.h>
1703 #include <errno.h>
1704 #include <netinet/in.h>
1706 #define TEST_PORT "2222"
1708 int
1709 main(void)
1710 {
1711 int err, sock;
1712 struct addrinfo *gai_ai, *ai, hints;
1713 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1715 memset(&hints, 0, sizeof(hints));
1716 hints.ai_family = PF_UNSPEC;
1717 hints.ai_socktype = SOCK_STREAM;
1718 hints.ai_flags = AI_PASSIVE;
1720 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1721 if (err != 0) {
1722 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1723 exit(1);
1724 }
1726 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1727 if (ai->ai_family != AF_INET6)
1728 continue;
1730 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1731 sizeof(ntop), strport, sizeof(strport),
1732 NI_NUMERICHOST|NI_NUMERICSERV);
1734 if (err != 0) {
1735 if (err == EAI_SYSTEM)
1736 perror("getnameinfo EAI_SYSTEM");
1737 else
1738 fprintf(stderr, "getnameinfo failed: %s\n",
1739 gai_strerror(err));
1740 exit(2);
1741 }
1743 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1744 if (sock < 0)
1745 perror("socket");
1746 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1747 if (errno == EBADF)
1748 exit(3);
1749 }
1750 }
1751 exit(0);
1752 }
1753 ]])],
1754 [
1755 AC_MSG_RESULT(yes)
1756 ],
1757 [
1758 AC_MSG_RESULT(no)
1759 AC_DEFINE(BROKEN_GETADDRINFO)
1760 ],
1761 [
1762 AC_MSG_RESULT(cross-compiling, assuming yes)
1763 ]
1764 )
1765 fi
1767 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1768 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1769 AC_MSG_CHECKING(if getaddrinfo seems to work)
1770 AC_RUN_IFELSE(
1771 [AC_LANG_SOURCE([[
1772 #include <stdio.h>
1773 #include <sys/socket.h>
1774 #include <netdb.h>
1775 #include <errno.h>
1776 #include <netinet/in.h>
1778 #define TEST_PORT "2222"
1780 int
1781 main(void)
1782 {
1783 int err, sock;
1784 struct addrinfo *gai_ai, *ai, hints;
1785 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1787 memset(&hints, 0, sizeof(hints));
1788 hints.ai_family = PF_UNSPEC;
1789 hints.ai_socktype = SOCK_STREAM;
1790 hints.ai_flags = AI_PASSIVE;
1792 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1793 if (err != 0) {
1794 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1795 exit(1);
1796 }
1798 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1799 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1800 continue;
1802 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1803 sizeof(ntop), strport, sizeof(strport),
1804 NI_NUMERICHOST|NI_NUMERICSERV);
1806 if (ai->ai_family == AF_INET && err != 0) {
1807 perror("getnameinfo");
1808 exit(2);
1809 }
1810 }
1811 exit(0);
1812 }
1813 ]])],
1814 [
1815 AC_MSG_RESULT(yes)
1816 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1817 [Define if you have a getaddrinfo that fails
1818 for the all-zeros IPv6 address])
1819 ],
1820 [
1821 AC_MSG_RESULT(no)
1822 AC_DEFINE(BROKEN_GETADDRINFO)
1823 ],
1824 [
1825 AC_MSG_RESULT(cross-compiling, assuming no)
1826 ]
1827 )
1828 fi
1830 if test "x$check_for_conflicting_getspnam" = "x1"; then
1831 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1832 AC_COMPILE_IFELSE(
1833 [
1834 #include <shadow.h>
1835 int main(void) {exit(0);}
1836 ],
1837 [
1838 AC_MSG_RESULT(no)
1839 ],
1840 [
1841 AC_MSG_RESULT(yes)
1842 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1843 [Conflicting defs for getspnam])
1844 ]
1845 )
1846 fi
1848 AC_FUNC_GETPGRP
1850 # Search for OpenSSL
1851 saved_CPPFLAGS="$CPPFLAGS"
1852 saved_LDFLAGS="$LDFLAGS"
1853 AC_ARG_WITH(ssl-dir,
1854 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1855 [
1856 if test "x$withval" != "xno" ; then
1857 case "$withval" in
1858 # Relative paths
1859 ./*|../*) withval="`pwd`/$withval"
1860 esac
1861 if test -d "$withval/lib"; then
1862 if test -n "${need_dash_r}"; then
1863 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1864 else
1865 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1866 fi
1867 else
1868 if test -n "${need_dash_r}"; then
1869 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1870 else
1871 LDFLAGS="-L${withval} ${LDFLAGS}"
1872 fi
1873 fi
1874 if test -d "$withval/include"; then
1875 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1876 else
1877 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1878 fi
1879 fi
1880 ]
1881 )
1882 LIBS="-lcrypto $LIBS"
1883 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1884 [Define if your ssl headers are included
1885 with #include <openssl/header.h>]),
1886 [
1887 dnl Check default openssl install dir
1888 if test -n "${need_dash_r}"; then
1889 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1890 else
1891 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1892 fi
1893 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1894 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1895 [
1896 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1897 ]
1898 )
1899 ]
1900 )
1902 # Determine OpenSSL header version
1903 AC_MSG_CHECKING([OpenSSL header version])
1904 AC_RUN_IFELSE(
1905 [AC_LANG_SOURCE([[
1906 #include <stdio.h>
1907 #include <string.h>
1908 #include <openssl/opensslv.h>
1909 #define DATA "conftest.sslincver"
1910 int main(void) {
1911 FILE *fd;
1912 int rc;
1914 fd = fopen(DATA,"w");
1915 if(fd == NULL)
1916 exit(1);
1918 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1919 exit(1);
1921 exit(0);
1922 }
1923 ]])],
1924 [
1925 ssl_header_ver=`cat conftest.sslincver`
1926 AC_MSG_RESULT($ssl_header_ver)
1927 ],
1928 [
1929 AC_MSG_RESULT(not found)
1930 AC_MSG_ERROR(OpenSSL version header not found.)
1931 ],
1932 [
1933 AC_MSG_WARN([cross compiling: not checking])
1934 ]
1935 )
1937 # Determine OpenSSL library version
1938 AC_MSG_CHECKING([OpenSSL library version])
1939 AC_RUN_IFELSE(
1940 [AC_LANG_SOURCE([[
1941 #include <stdio.h>
1942 #include <string.h>
1943 #include <openssl/opensslv.h>
1944 #include <openssl/crypto.h>
1945 #define DATA "conftest.ssllibver"
1946 int main(void) {
1947 FILE *fd;
1948 int rc;
1950 fd = fopen(DATA,"w");
1951 if(fd == NULL)
1952 exit(1);
1954 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1955 exit(1);
1957 exit(0);
1958 }
1959 ]])],
1960 [
1961 ssl_library_ver=`cat conftest.ssllibver`
1962 AC_MSG_RESULT($ssl_library_ver)
1963 ],
1964 [
1965 AC_MSG_RESULT(not found)
1966 AC_MSG_ERROR(OpenSSL library not found.)
1967 ],
1968 [
1969 AC_MSG_WARN([cross compiling: not checking])
1970 ]
1971 )
1973 AC_ARG_WITH(openssl-header-check,
1974 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1975 [ if test "x$withval" = "xno" ; then
1976 openssl_check_nonfatal=1
1977 fi
1978 ]
1979 )
1981 # Sanity check OpenSSL headers
1982 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1983 AC_RUN_IFELSE(
1984 [AC_LANG_SOURCE([[
1985 #include <string.h>
1986 #include <openssl/opensslv.h>
1987 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1988 ]])],
1989 [
1990 AC_MSG_RESULT(yes)
1991 ],
1992 [
1993 AC_MSG_RESULT(no)
1994 if test "x$openssl_check_nonfatal" = "x"; then
1995 AC_MSG_ERROR([Your OpenSSL headers do not match your
1996 library. Check config.log for details.
1997 If you are sure your installation is consistent, you can disable the check
1998 by running "./configure --without-openssl-header-check".
1999 Also see contrib/findssl.sh for help identifying header/library mismatches.
2000 ])
2001 else
2002 AC_MSG_WARN([Your OpenSSL headers do not match your
2003 library. Check config.log for details.
2004 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2005 fi
2006 ],
2007 [
2008 AC_MSG_WARN([cross compiling: not checking])
2009 ]
2010 )
2012 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2013 AC_LINK_IFELSE(
2014 [AC_LANG_SOURCE([[
2015 #include <openssl/evp.h>
2016 int main(void) { SSLeay_add_all_algorithms(); }
2017 ]])],
2018 [
2019 AC_MSG_RESULT(yes)
2020 ],
2021 [
2022 AC_MSG_RESULT(no)
2023 saved_LIBS="$LIBS"
2024 LIBS="$LIBS -ldl"
2025 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2026 AC_LINK_IFELSE(
2027 [AC_LANG_SOURCE([[
2028 #include <openssl/evp.h>
2029 int main(void) { SSLeay_add_all_algorithms(); }
2030 ]])],
2031 [
2032 AC_MSG_RESULT(yes)
2033 ],
2034 [
2035 AC_MSG_RESULT(no)
2036 LIBS="$saved_LIBS"
2037 ]
2038 )
2039 ]
2040 )
2042 AC_ARG_WITH(ssl-engine,
2043 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2044 [ if test "x$withval" != "xno" ; then
2045 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2046 AC_TRY_COMPILE(
2047 [ #include <openssl/engine.h>],
2048 [
2049 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2050 ],
2051 [ AC_MSG_RESULT(yes)
2052 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2053 [Enable OpenSSL engine support])
2054 ],
2055 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2056 )
2057 fi ]
2058 )
2060 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2061 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2062 AC_LINK_IFELSE(
2063 [AC_LANG_SOURCE([[
2064 #include <string.h>
2065 #include <openssl/evp.h>
2066 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2067 ]])],
2068 [
2069 AC_MSG_RESULT(no)
2070 ],
2071 [
2072 AC_MSG_RESULT(yes)
2073 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2074 [libcrypto is missing AES 192 and 256 bit functions])
2075 ]
2076 )
2078 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2079 AC_LINK_IFELSE(
2080 [AC_LANG_SOURCE([[
2081 #include <string.h>
2082 #include <openssl/evp.h>
2083 int main(void) { if(EVP_DigestUpdate(NULL, NULL,0)) exit(0); }
2084 ]])],
2085 [
2086 AC_MSG_RESULT(yes)
2087 ],
2088 [
2089 AC_MSG_RESULT(no)
2090 AC_DEFINE(OPENSSL_EVP_DIGESTUPDATE_VOID, 1,
2091 [Define if EVP_DigestUpdate returns void])
2092 ]
2093 )
2095 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2096 # because the system crypt() is more featureful.
2097 if test "x$check_for_libcrypt_before" = "x1"; then
2098 AC_CHECK_LIB(crypt, crypt)
2099 fi
2101 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2102 # version in OpenSSL.
2103 if test "x$check_for_libcrypt_later" = "x1"; then
2104 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2105 fi
2107 # Search for SHA256 support in libc and/or OpenSSL
2108 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2110 saved_LIBS="$LIBS"
2111 AC_CHECK_LIB(iaf, ia_openinfo, [
2112 LIBS="$LIBS -liaf"
2113 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2114 AC_DEFINE(HAVE_LIBIAF, 1,
2115 [Define if system has libiaf that supports set_id])
2116 ])
2117 ])
2118 LIBS="$saved_LIBS"
2120 ### Configure cryptographic random number support
2122 # Check wheter OpenSSL seeds itself
2123 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2124 AC_RUN_IFELSE(
2125 [AC_LANG_SOURCE([[
2126 #include <string.h>
2127 #include <openssl/rand.h>
2128 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2129 ]])],
2130 [
2131 OPENSSL_SEEDS_ITSELF=yes
2132 AC_MSG_RESULT(yes)
2133 ],
2134 [
2135 AC_MSG_RESULT(no)
2136 # Default to use of the rand helper if OpenSSL doesn't
2137 # seed itself
2138 USE_RAND_HELPER=yes
2139 ],
2140 [
2141 AC_MSG_WARN([cross compiling: assuming yes])
2142 # This is safe, since all recent OpenSSL versions will
2143 # complain at runtime if not seeded correctly.
2144 OPENSSL_SEEDS_ITSELF=yes
2145 ]
2146 )
2148 # Check for PAM libs
2149 PAM_MSG="no"
2150 AC_ARG_WITH(pam,
2151 [ --with-pam Enable PAM support ],
2152 [
2153 if test "x$withval" != "xno" ; then
2154 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2155 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2156 AC_MSG_ERROR([PAM headers not found])
2157 fi
2159 saved_LIBS="$LIBS"
2160 AC_CHECK_LIB(dl, dlopen, , )
2161 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2162 AC_CHECK_FUNCS(pam_getenvlist)
2163 AC_CHECK_FUNCS(pam_putenv)
2164 LIBS="$saved_LIBS"
2166 PAM_MSG="yes"
2168 SSHDLIBS="$SSHDLIBS -lpam"
2169 AC_DEFINE(USE_PAM, 1,
2170 [Define if you want to enable PAM support])
2172 if test $ac_cv_lib_dl_dlopen = yes; then
2173 case "$LIBS" in
2174 *-ldl*)
2175 # libdl already in LIBS
2176 ;;
2177 *)
2178 SSHDLIBS="$SSHDLIBS -ldl"
2179 ;;
2180 esac
2181 fi
2182 fi
2183 ]
2184 )
2186 # Check for older PAM
2187 if test "x$PAM_MSG" = "xyes" ; then
2188 # Check PAM strerror arguments (old PAM)
2189 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2190 AC_TRY_COMPILE(
2191 [
2192 #include <stdlib.h>
2193 #if defined(HAVE_SECURITY_PAM_APPL_H)
2194 #include <security/pam_appl.h>
2195 #elif defined (HAVE_PAM_PAM_APPL_H)
2196 #include <pam/pam_appl.h>
2197 #endif
2198 ],
2199 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2200 [AC_MSG_RESULT(no)],
2201 [
2202 AC_DEFINE(HAVE_OLD_PAM, 1,
2203 [Define if you have an old version of PAM
2204 which takes only one argument to pam_strerror])
2205 AC_MSG_RESULT(yes)
2206 PAM_MSG="yes (old library)"
2207 ]
2208 )
2209 fi
2211 # Do we want to force the use of the rand helper?
2212 AC_ARG_WITH(rand-helper,
2213 [ --with-rand-helper Use subprocess to gather strong randomness ],
2214 [
2215 if test "x$withval" = "xno" ; then
2216 # Force use of OpenSSL's internal RNG, even if
2217 # the previous test showed it to be unseeded.
2218 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2219 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2220 OPENSSL_SEEDS_ITSELF=yes
2221 USE_RAND_HELPER=""
2222 fi
2223 else
2224 USE_RAND_HELPER=yes
2225 fi
2226 ],
2227 )
2229 # Which randomness source do we use?
2230 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2231 # OpenSSL only
2232 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2233 [Define if you want OpenSSL's internally seeded PRNG only])
2234 RAND_MSG="OpenSSL internal ONLY"
2235 INSTALL_SSH_RAND_HELPER=""
2236 elif test ! -z "$USE_RAND_HELPER" ; then
2237 # install rand helper
2238 RAND_MSG="ssh-rand-helper"
2239 INSTALL_SSH_RAND_HELPER="yes"
2240 fi
2241 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2243 ### Configuration of ssh-rand-helper
2245 # PRNGD TCP socket
2246 AC_ARG_WITH(prngd-port,
2247 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2248 [
2249 case "$withval" in
2250 no)
2251 withval=""
2252 ;;
2253 [[0-9]]*)
2254 ;;
2255 *)
2256 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2257 ;;
2258 esac
2259 if test ! -z "$withval" ; then
2260 PRNGD_PORT="$withval"
2261 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2262 [Port number of PRNGD/EGD random number socket])
2263 fi
2264 ]
2265 )
2267 # PRNGD Unix domain socket
2268 AC_ARG_WITH(prngd-socket,
2269 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2270 [
2271 case "$withval" in
2272 yes)
2273 withval="/var/run/egd-pool"
2274 ;;
2275 no)
2276 withval=""
2277 ;;
2278 /*)
2279 ;;
2280 *)
2281 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2282 ;;
2283 esac
2285 if test ! -z "$withval" ; then
2286 if test ! -z "$PRNGD_PORT" ; then
2287 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2288 fi
2289 if test ! -r "$withval" ; then
2290 AC_MSG_WARN(Entropy socket is not readable)
2291 fi
2292 PRNGD_SOCKET="$withval"
2293 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2294 [Location of PRNGD/EGD random number socket])
2295 fi
2296 ],
2297 [
2298 # Check for existing socket only if we don't have a random device already
2299 if test "$USE_RAND_HELPER" = yes ; then
2300 AC_MSG_CHECKING(for PRNGD/EGD socket)
2301 # Insert other locations here
2302 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2303 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2304 PRNGD_SOCKET="$sock"
2305 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2306 break;
2307 fi
2308 done
2309 if test ! -z "$PRNGD_SOCKET" ; then
2310 AC_MSG_RESULT($PRNGD_SOCKET)
2311 else
2312 AC_MSG_RESULT(not found)
2313 fi
2314 fi
2315 ]
2316 )
2318 # Change default command timeout for hashing entropy source
2319 entropy_timeout=200
2320 AC_ARG_WITH(entropy-timeout,
2321 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2322 [
2323 if test -n "$withval" && test "x$withval" != "xno" && \
2324 test "x${withval}" != "xyes"; then
2325 entropy_timeout=$withval
2326 fi
2327 ]
2328 )
2329 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2330 [Builtin PRNG command timeout])
2332 SSH_PRIVSEP_USER=sshd
2333 AC_ARG_WITH(privsep-user,
2334 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2335 [
2336 if test -n "$withval" && test "x$withval" != "xno" && \
2337 test "x${withval}" != "xyes"; then
2338 SSH_PRIVSEP_USER=$withval
2339 fi
2340 ]
2341 )
2342 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2343 [non-privileged user for privilege separation])
2344 AC_SUBST(SSH_PRIVSEP_USER)
2346 # We do this little dance with the search path to insure
2347 # that programs that we select for use by installed programs
2348 # (which may be run by the super-user) come from trusted
2349 # locations before they come from the user's private area.
2350 # This should help avoid accidentally configuring some
2351 # random version of a program in someone's personal bin.
2353 OPATH=$PATH
2354 PATH=/bin:/usr/bin
2355 test -h /bin 2> /dev/null && PATH=/usr/bin
2356 test -d /sbin && PATH=$PATH:/sbin
2357 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2358 PATH=$PATH:/etc:$OPATH
2360 # These programs are used by the command hashing source to gather entropy
2361 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2362 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2363 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2364 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2365 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2366 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2367 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2368 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2369 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2370 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2371 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2372 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2373 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2374 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2375 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2376 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2377 # restore PATH
2378 PATH=$OPATH
2380 # Where does ssh-rand-helper get its randomness from?
2381 INSTALL_SSH_PRNG_CMDS=""
2382 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2383 if test ! -z "$PRNGD_PORT" ; then
2384 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2385 elif test ! -z "$PRNGD_SOCKET" ; then
2386 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2387 else
2388 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2389 RAND_HELPER_CMDHASH=yes
2390 INSTALL_SSH_PRNG_CMDS="yes"
2391 fi
2392 fi
2393 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2396 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2397 if test ! -z "$SONY" ; then
2398 LIBS="$LIBS -liberty";
2399 fi
2401 # Check for long long datatypes
2402 AC_CHECK_TYPES([long long, unsigned long long, long double])
2404 # Check datatype sizes
2405 AC_CHECK_SIZEOF(char, 1)
2406 AC_CHECK_SIZEOF(short int, 2)
2407 AC_CHECK_SIZEOF(int, 4)
2408 AC_CHECK_SIZEOF(long int, 4)
2409 AC_CHECK_SIZEOF(long long int, 8)
2411 # Sanity check long long for some platforms (AIX)
2412 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2413 ac_cv_sizeof_long_long_int=0
2414 fi
2416 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2417 if test -z "$have_llong_max"; then
2418 AC_MSG_CHECKING([for max value of long long])
2419 AC_RUN_IFELSE(
2420 [AC_LANG_SOURCE([[
2421 #include <stdio.h>
2422 /* Why is this so damn hard? */
2423 #ifdef __GNUC__
2424 # undef __GNUC__
2425 #endif
2426 #define __USE_ISOC99
2427 #include <limits.h>
2428 #define DATA "conftest.llminmax"
2429 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2431 /*
2432 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2433 * we do this the hard way.
2434 */
2435 static int
2436 fprint_ll(FILE *f, long long n)
2437 {
2438 unsigned int i;
2439 int l[sizeof(long long) * 8];
2441 if (n < 0)
2442 if (fprintf(f, "-") < 0)
2443 return -1;
2444 for (i = 0; n != 0; i++) {
2445 l[i] = my_abs(n % 10);
2446 n /= 10;
2447 }
2448 do {
2449 if (fprintf(f, "%d", l[--i]) < 0)
2450 return -1;
2451 } while (i != 0);
2452 if (fprintf(f, " ") < 0)
2453 return -1;
2454 return 0;
2455 }
2457 int main(void) {
2458 FILE *f;
2459 long long i, llmin, llmax = 0;
2461 if((f = fopen(DATA,"w")) == NULL)
2462 exit(1);
2464 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2465 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2466 llmin = LLONG_MIN;
2467 llmax = LLONG_MAX;
2468 #else
2469 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2470 /* This will work on one's complement and two's complement */
2471 for (i = 1; i > llmax; i <<= 1, i++)
2472 llmax = i;
2473 llmin = llmax + 1LL; /* wrap */
2474 #endif
2476 /* Sanity check */
2477 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2478 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2479 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2480 fprintf(f, "unknown unknown\n");
2481 exit(2);
2482 }
2484 if (fprint_ll(f, llmin) < 0)
2485 exit(3);
2486 if (fprint_ll(f, llmax) < 0)
2487 exit(4);
2488 if (fclose(f) < 0)
2489 exit(5);
2490 exit(0);
2491 }
2492 ]])],
2493 [
2494 llong_min=`$AWK '{print $1}' conftest.llminmax`
2495 llong_max=`$AWK '{print $2}' conftest.llminmax`
2497 AC_MSG_RESULT($llong_max)
2498 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2499 [max value of long long calculated by configure])
2500 AC_MSG_CHECKING([for min value of long long])
2501 AC_MSG_RESULT($llong_min)
2502 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2503 [min value of long long calculated by configure])
2504 ],
2505 [
2506 AC_MSG_RESULT(not found)
2507 ],
2508 [
2509 AC_MSG_WARN([cross compiling: not checking])
2510 ]
2511 )
2512 fi
2515 # More checks for data types
2516 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2517 AC_TRY_COMPILE(
2518 [ #include <sys/types.h> ],
2519 [ u_int a; a = 1;],
2520 [ ac_cv_have_u_int="yes" ],
2521 [ ac_cv_have_u_int="no" ]
2522 )
2523 ])
2524 if test "x$ac_cv_have_u_int" = "xyes" ; then
2525 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2526 have_u_int=1
2527 fi
2529 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2530 AC_TRY_COMPILE(
2531 [ #include <sys/types.h> ],
2532 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2533 [ ac_cv_have_intxx_t="yes" ],
2534 [ ac_cv_have_intxx_t="no" ]
2535 )
2536 ])
2537 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2538 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2539 have_intxx_t=1
2540 fi
2542 if (test -z "$have_intxx_t" && \
2543 test "x$ac_cv_header_stdint_h" = "xyes")
2544 then
2545 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2546 AC_TRY_COMPILE(
2547 [ #include <stdint.h> ],
2548 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2549 [
2550 AC_DEFINE(HAVE_INTXX_T)
2551 AC_MSG_RESULT(yes)
2552 ],
2553 [ AC_MSG_RESULT(no) ]
2554 )
2555 fi
2557 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2558 AC_TRY_COMPILE(
2559 [
2560 #include <sys/types.h>
2561 #ifdef HAVE_STDINT_H
2562 # include <stdint.h>
2563 #endif
2564 #include <sys/socket.h>
2565 #ifdef HAVE_SYS_BITYPES_H
2566 # include <sys/bitypes.h>
2567 #endif
2568 ],
2569 [ int64_t a; a = 1;],
2570 [ ac_cv_have_int64_t="yes" ],
2571 [ ac_cv_have_int64_t="no" ]
2572 )
2573 ])
2574 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2575 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2576 fi
2578 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2579 AC_TRY_COMPILE(
2580 [ #include <sys/types.h> ],
2581 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2582 [ ac_cv_have_u_intxx_t="yes" ],
2583 [ ac_cv_have_u_intxx_t="no" ]
2584 )
2585 ])
2586 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2587 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2588 have_u_intxx_t=1
2589 fi
2591 if test -z "$have_u_intxx_t" ; then
2592 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2593 AC_TRY_COMPILE(
2594 [ #include <sys/socket.h> ],
2595 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2596 [
2597 AC_DEFINE(HAVE_U_INTXX_T)
2598 AC_MSG_RESULT(yes)
2599 ],
2600 [ AC_MSG_RESULT(no) ]
2601 )
2602 fi
2604 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2605 AC_TRY_COMPILE(
2606 [ #include <sys/types.h> ],
2607 [ u_int64_t a; a = 1;],
2608 [ ac_cv_have_u_int64_t="yes" ],
2609 [ ac_cv_have_u_int64_t="no" ]
2610 )
2611 ])
2612 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2613 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2614 have_u_int64_t=1
2615 fi
2617 if test -z "$have_u_int64_t" ; then
2618 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2619 AC_TRY_COMPILE(
2620 [ #include <sys/bitypes.h> ],
2621 [ u_int64_t a; a = 1],
2622 [
2623 AC_DEFINE(HAVE_U_INT64_T)
2624 AC_MSG_RESULT(yes)
2625 ],
2626 [ AC_MSG_RESULT(no) ]
2627 )
2628 fi
2630 if test -z "$have_u_intxx_t" ; then
2631 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2632 AC_TRY_COMPILE(
2633 [
2634 #include <sys/types.h>
2635 ],
2636 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2637 [ ac_cv_have_uintxx_t="yes" ],
2638 [ ac_cv_have_uintxx_t="no" ]
2639 )
2640 ])
2641 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2642 AC_DEFINE(HAVE_UINTXX_T, 1,
2643 [define if you have uintxx_t data type])
2644 fi
2645 fi
2647 if test -z "$have_uintxx_t" ; then
2648 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2649 AC_TRY_COMPILE(
2650 [ #include <stdint.h> ],
2651 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2652 [
2653 AC_DEFINE(HAVE_UINTXX_T)
2654 AC_MSG_RESULT(yes)
2655 ],
2656 [ AC_MSG_RESULT(no) ]
2657 )
2658 fi
2660 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2661 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2662 then
2663 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2664 AC_TRY_COMPILE(
2665 [
2666 #include <sys/bitypes.h>
2667 ],
2668 [
2669 int8_t a; int16_t b; int32_t c;
2670 u_int8_t e; u_int16_t f; u_int32_t g;
2671 a = b = c = e = f = g = 1;
2672 ],
2673 [
2674 AC_DEFINE(HAVE_U_INTXX_T)
2675 AC_DEFINE(HAVE_INTXX_T)
2676 AC_MSG_RESULT(yes)
2677 ],
2678 [AC_MSG_RESULT(no)]
2679 )
2680 fi
2683 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2684 AC_TRY_COMPILE(
2685 [
2686 #include <sys/types.h>
2687 ],
2688 [ u_char foo; foo = 125; ],
2689 [ ac_cv_have_u_char="yes" ],
2690 [ ac_cv_have_u_char="no" ]
2691 )
2692 ])
2693 if test "x$ac_cv_have_u_char" = "xyes" ; then
2694 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2695 fi
2697 TYPE_SOCKLEN_T
2699 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2700 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2701 #include <sys/types.h>
2702 #ifdef HAVE_SYS_BITYPES_H
2703 #include <sys/bitypes.h>
2704 #endif
2705 #ifdef HAVE_SYS_STATFS_H
2706 #include <sys/statfs.h>
2707 #endif
2708 #ifdef HAVE_SYS_STATVFS_H
2709 #include <sys/statvfs.h>
2710 #endif
2711 ])
2713 AC_CHECK_TYPES([in_addr_t, in_port_t],,,
2714 [#include <sys/types.h>
2715 #include <netinet/in.h>])
2717 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2718 AC_TRY_COMPILE(
2719 [
2720 #include <sys/types.h>
2721 ],
2722 [ size_t foo; foo = 1235; ],
2723 [ ac_cv_have_size_t="yes" ],
2724 [ ac_cv_have_size_t="no" ]
2725 )
2726 ])
2727 if test "x$ac_cv_have_size_t" = "xyes" ; then
2728 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2729 fi
2731 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2732 AC_TRY_COMPILE(
2733 [
2734 #include <sys/types.h>
2735 ],
2736 [ ssize_t foo; foo = 1235; ],
2737 [ ac_cv_have_ssize_t="yes" ],
2738 [ ac_cv_have_ssize_t="no" ]
2739 )
2740 ])
2741 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2742 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2743 fi
2745 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2746 AC_TRY_COMPILE(
2747 [
2748 #include <time.h>
2749 ],
2750 [ clock_t foo; foo = 1235; ],
2751 [ ac_cv_have_clock_t="yes" ],
2752 [ ac_cv_have_clock_t="no" ]
2753 )
2754 ])
2755 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2756 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2757 fi
2759 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2760 AC_TRY_COMPILE(
2761 [
2762 #include <sys/types.h>
2763 #include <sys/socket.h>
2764 ],
2765 [ sa_family_t foo; foo = 1235; ],
2766 [ ac_cv_have_sa_family_t="yes" ],
2767 [ AC_TRY_COMPILE(
2768 [
2769 #include <sys/types.h>
2770 #include <sys/socket.h>
2771 #include <netinet/in.h>
2772 ],
2773 [ sa_family_t foo; foo = 1235; ],
2774 [ ac_cv_have_sa_family_t="yes" ],
2776 [ ac_cv_have_sa_family_t="no" ]
2777 )]
2778 )
2779 ])
2780 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2781 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2782 [define if you have sa_family_t data type])
2783 fi
2785 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2786 AC_TRY_COMPILE(
2787 [
2788 #include <sys/types.h>
2789 ],
2790 [ pid_t foo; foo = 1235; ],
2791 [ ac_cv_have_pid_t="yes" ],
2792 [ ac_cv_have_pid_t="no" ]
2793 )
2794 ])
2795 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2796 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2797 fi
2799 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2800 AC_TRY_COMPILE(
2801 [
2802 #include <sys/types.h>
2803 ],
2804 [ mode_t foo; foo = 1235; ],
2805 [ ac_cv_have_mode_t="yes" ],
2806 [ ac_cv_have_mode_t="no" ]
2807 )
2808 ])
2809 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2810 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2811 fi
2814 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2815 AC_TRY_COMPILE(
2816 [
2817 #include <sys/types.h>
2818 #include <sys/socket.h>
2819 ],
2820 [ struct sockaddr_storage s; ],
2821 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2822 [ ac_cv_have_struct_sockaddr_storage="no" ]
2823 )
2824 ])
2825 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2826 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2827 [define if you have struct sockaddr_storage data type])
2828 fi
2830 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2831 AC_TRY_COMPILE(
2832 [
2833 #include <sys/types.h>
2834 #include <netinet/in.h>
2835 ],
2836 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2837 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2838 [ ac_cv_have_struct_sockaddr_in6="no" ]
2839 )
2840 ])
2841 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2842 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2843 [define if you have struct sockaddr_in6 data type])
2844 fi
2846 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2847 AC_TRY_COMPILE(
2848 [
2849 #include <sys/types.h>
2850 #include <netinet/in.h>
2851 ],
2852 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2853 [ ac_cv_have_struct_in6_addr="yes" ],
2854 [ ac_cv_have_struct_in6_addr="no" ]
2855 )
2856 ])
2857 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2858 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2859 [define if you have struct in6_addr data type])
2861 dnl Now check for sin6_scope_id
2862 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
2863 [
2864 #ifdef HAVE_SYS_TYPES_H
2865 #include <sys/types.h>
2866 #endif
2867 #include <netinet/in.h>
2868 ])
2869 fi
2871 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2872 AC_TRY_COMPILE(
2873 [
2874 #include <sys/types.h>
2875 #include <sys/socket.h>
2876 #include <netdb.h>
2877 ],
2878 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2879 [ ac_cv_have_struct_addrinfo="yes" ],
2880 [ ac_cv_have_struct_addrinfo="no" ]
2881 )
2882 ])
2883 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2884 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2885 [define if you have struct addrinfo data type])
2886 fi
2888 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2889 AC_TRY_COMPILE(
2890 [ #include <sys/time.h> ],
2891 [ struct timeval tv; tv.tv_sec = 1;],
2892 [ ac_cv_have_struct_timeval="yes" ],
2893 [ ac_cv_have_struct_timeval="no" ]
2894 )
2895 ])
2896 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2897 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2898 have_struct_timeval=1
2899 fi
2901 AC_CHECK_TYPES(struct timespec)
2903 # We need int64_t or else certian parts of the compile will fail.
2904 if test "x$ac_cv_have_int64_t" = "xno" && \
2905 test "x$ac_cv_sizeof_long_int" != "x8" && \
2906 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2907 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2908 echo "an alternative compiler (I.E., GCC) before continuing."
2909 echo ""
2910 exit 1;
2911 else
2912 dnl test snprintf (broken on SCO w/gcc)
2913 AC_RUN_IFELSE(
2914 [AC_LANG_SOURCE([[
2915 #include <stdio.h>
2916 #include <string.h>
2917 #ifdef HAVE_SNPRINTF
2918 main()
2919 {
2920 char buf[50];
2921 char expected_out[50];
2922 int mazsize = 50 ;
2923 #if (SIZEOF_LONG_INT == 8)
2924 long int num = 0x7fffffffffffffff;
2925 #else
2926 long long num = 0x7fffffffffffffffll;
2927 #endif
2928 strcpy(expected_out, "9223372036854775807");
2929 snprintf(buf, mazsize, "%lld", num);
2930 if(strcmp(buf, expected_out) != 0)
2931 exit(1);
2932 exit(0);
2933 }
2934 #else
2935 main() { exit(0); }
2936 #endif
2937 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2938 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2939 )
2940 fi
2942 dnl Checks for structure members
2943 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2944 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2945 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2946 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2947 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2948 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2949 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2950 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2951 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2952 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2953 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2954 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2955 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2956 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2957 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2958 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2959 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2961 AC_CHECK_MEMBERS([struct stat.st_blksize])
2962 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2963 [Define if we don't have struct __res_state in resolv.h])],
2964 [
2965 #include <stdio.h>
2966 #if HAVE_SYS_TYPES_H
2967 # include <sys/types.h>
2968 #endif
2969 #include <netinet/in.h>
2970 #include <arpa/nameser.h>
2971 #include <resolv.h>
2972 ])
2974 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2975 ac_cv_have_ss_family_in_struct_ss, [
2976 AC_TRY_COMPILE(
2977 [
2978 #include <sys/types.h>
2979 #include <sys/socket.h>
2980 ],
2981 [ struct sockaddr_storage s; s.ss_family = 1; ],
2982 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2983 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2984 )
2985 ])
2986 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2987 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2988 fi
2990 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2991 ac_cv_have___ss_family_in_struct_ss, [
2992 AC_TRY_COMPILE(
2993 [
2994 #include <sys/types.h>
2995 #include <sys/socket.h>
2996 ],
2997 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2998 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2999 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3000 )
3001 ])
3002 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3003 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3004 [Fields in struct sockaddr_storage])
3005 fi
3007 AC_CACHE_CHECK([for pw_class field in struct passwd],
3008 ac_cv_have_pw_class_in_struct_passwd, [
3009 AC_TRY_COMPILE(
3010 [
3011 #include <pwd.h>
3012 ],
3013 [ struct passwd p; p.pw_class = 0; ],
3014 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3015 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3016 )
3017 ])
3018 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3019 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3020 [Define if your password has a pw_class field])
3021 fi
3023 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3024 ac_cv_have_pw_expire_in_struct_passwd, [
3025 AC_TRY_COMPILE(
3026 [
3027 #include <pwd.h>
3028 ],
3029 [ struct passwd p; p.pw_expire = 0; ],
3030 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3031 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3032 )
3033 ])
3034 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3035 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3036 [Define if your password has a pw_expire field])
3037 fi
3039 AC_CACHE_CHECK([for pw_change field in struct passwd],
3040 ac_cv_have_pw_change_in_struct_passwd, [
3041 AC_TRY_COMPILE(
3042 [
3043 #include <pwd.h>
3044 ],
3045 [ struct passwd p; p.pw_change = 0; ],
3046 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3047 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3048 )
3049 ])
3050 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3051 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3052 [Define if your password has a pw_change field])
3053 fi
3055 dnl make sure we're using the real structure members and not defines
3056 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3057 ac_cv_have_accrights_in_msghdr, [
3058 AC_COMPILE_IFELSE(
3059 [
3060 #include <sys/types.h>
3061 #include <sys/socket.h>
3062 #include <sys/uio.h>
3063 int main() {
3064 #ifdef msg_accrights
3065 #error "msg_accrights is a macro"
3066 exit(1);
3067 #endif
3068 struct msghdr m;
3069 m.msg_accrights = 0;
3070 exit(0);
3071 }
3072 ],
3073 [ ac_cv_have_accrights_in_msghdr="yes" ],
3074 [ ac_cv_have_accrights_in_msghdr="no" ]
3075 )
3076 ])
3077 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3078 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3079 [Define if your system uses access rights style
3080 file descriptor passing])
3081 fi
3083 AC_MSG_CHECKING(if struct statvfs.f_fsid is integral type)
3084 AC_TRY_COMPILE([
3085 #include <sys/types.h>
3086 #include <sys/stat.h>
3087 #ifdef HAVE_SYS_TIME_H
3088 # include <sys/time.h>
3089 #endif
3090 #ifdef HAVE_SYS_MOUNT_H
3091 #include <sys/mount.h>
3092 #endif
3093 #ifdef HAVE_SYS_STATVFS_H
3094 #include <sys/statvfs.h>
3095 #endif
3096 ], [struct statvfs s; s.f_fsid = 0;],
3097 [ AC_MSG_RESULT(yes) ],
3098 [ AC_MSG_RESULT(no)
3100 AC_MSG_CHECKING(if fsid_t has member val)
3101 AC_TRY_COMPILE([
3102 #include <sys/types.h>
3103 #include <sys/statvfs.h>],
3104 [fsid_t t; t.val[0] = 0;],
3105 [ AC_MSG_RESULT(yes)
3106 AC_DEFINE(FSID_HAS_VAL, 1, fsid_t has member val) ],
3107 [ AC_MSG_RESULT(no) ])
3109 AC_MSG_CHECKING(if f_fsid has member __val)
3110 AC_TRY_COMPILE([
3111 #include <sys/types.h>
3112 #include <sys/statvfs.h>],
3113 [fsid_t t; t.__val[0] = 0;],
3114 [ AC_MSG_RESULT(yes)
3115 AC_DEFINE(FSID_HAS___VAL, 1, fsid_t has member __val) ],
3116 [ AC_MSG_RESULT(no) ])
3117 ])
3119 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3120 ac_cv_have_control_in_msghdr, [
3121 AC_COMPILE_IFELSE(
3122 [
3123 #include <sys/types.h>
3124 #include <sys/socket.h>
3125 #include <sys/uio.h>
3126 int main() {
3127 #ifdef msg_control
3128 #error "msg_control is a macro"
3129 exit(1);
3130 #endif
3131 struct msghdr m;
3132 m.msg_control = 0;
3133 exit(0);
3134 }
3135 ],
3136 [ ac_cv_have_control_in_msghdr="yes" ],
3137 [ ac_cv_have_control_in_msghdr="no" ]
3138 )
3139 ])
3140 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3141 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3142 [Define if your system uses ancillary data style
3143 file descriptor passing])
3144 fi
3146 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3147 AC_TRY_LINK([],
3148 [ extern char *__progname; printf("%s", __progname); ],
3149 [ ac_cv_libc_defines___progname="yes" ],
3150 [ ac_cv_libc_defines___progname="no" ]
3151 )
3152 ])
3153 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3154 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3155 fi
3157 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3158 AC_TRY_LINK([
3159 #include <stdio.h>
3160 ],
3161 [ printf("%s", __FUNCTION__); ],
3162 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3163 [ ac_cv_cc_implements___FUNCTION__="no" ]
3164 )
3165 ])
3166 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3167 AC_DEFINE(HAVE___FUNCTION__, 1,
3168 [Define if compiler implements __FUNCTION__])
3169 fi
3171 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3172 AC_TRY_LINK([
3173 #include <stdio.h>
3174 ],
3175 [ printf("%s", __func__); ],
3176 [ ac_cv_cc_implements___func__="yes" ],
3177 [ ac_cv_cc_implements___func__="no" ]
3178 )
3179 ])
3180 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3181 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3182 fi
3184 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3185 AC_TRY_LINK(
3186 [#include <stdarg.h>
3187 va_list x,y;],
3188 [va_copy(x,y);],
3189 [ ac_cv_have_va_copy="yes" ],
3190 [ ac_cv_have_va_copy="no" ]
3191 )
3192 ])
3193 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3194 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3195 fi
3197 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3198 AC_TRY_LINK(
3199 [#include <stdarg.h>
3200 va_list x,y;],
3201 [__va_copy(x,y);],
3202 [ ac_cv_have___va_copy="yes" ],
3203 [ ac_cv_have___va_copy="no" ]
3204 )
3205 ])
3206 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3207 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3208 fi
3210 AC_CACHE_CHECK([whether getopt has optreset support],
3211 ac_cv_have_getopt_optreset, [
3212 AC_TRY_LINK(
3213 [
3214 #include <getopt.h>
3215 ],
3216 [ extern int optreset; optreset = 0; ],
3217 [ ac_cv_have_getopt_optreset="yes" ],
3218 [ ac_cv_have_getopt_optreset="no" ]
3219 )
3220 ])
3221 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3222 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3223 [Define if your getopt(3) defines and uses optreset])
3224 fi
3226 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3227 AC_TRY_LINK([],
3228 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3229 [ ac_cv_libc_defines_sys_errlist="yes" ],
3230 [ ac_cv_libc_defines_sys_errlist="no" ]
3231 )
3232 ])
3233 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3234 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3235 [Define if your system defines sys_errlist[]])
3236 fi
3239 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3240 AC_TRY_LINK([],
3241 [ extern int sys_nerr; printf("%i", sys_nerr);],
3242 [ ac_cv_libc_defines_sys_nerr="yes" ],
3243 [ ac_cv_libc_defines_sys_nerr="no" ]
3244 )
3245 ])
3246 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3247 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3248 fi
3250 SCARD_MSG="no"
3251 # Check whether user wants sectok support
3252 AC_ARG_WITH(sectok,
3253 [ --with-sectok Enable smartcard support using libsectok],
3254 [
3255 if test "x$withval" != "xno" ; then
3256 if test "x$withval" != "xyes" ; then
3257 CPPFLAGS="$CPPFLAGS -I${withval}"
3258 LDFLAGS="$LDFLAGS -L${withval}"
3259 if test ! -z "$need_dash_r" ; then
3260 LDFLAGS="$LDFLAGS -R${withval}"
3261 fi
3262 if test ! -z "$blibpath" ; then
3263 blibpath="$blibpath:${withval}"
3264 fi
3265 fi
3266 AC_CHECK_HEADERS(sectok.h)
3267 if test "$ac_cv_header_sectok_h" != yes; then
3268 AC_MSG_ERROR(Can't find sectok.h)
3269 fi
3270 AC_CHECK_LIB(sectok, sectok_open)
3271 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3272 AC_MSG_ERROR(Can't find libsectok)
3273 fi
3274 AC_DEFINE(SMARTCARD, 1,
3275 [Define if you want smartcard support])
3276 AC_DEFINE(USE_SECTOK, 1,
3277 [Define if you want smartcard support
3278 using sectok])
3279 SCARD_MSG="yes, using sectok"
3280 fi
3281 ]
3282 )
3284 # Check whether user wants OpenSC support
3285 OPENSC_CONFIG="no"
3286 AC_ARG_WITH(opensc,
3287 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3288 [
3289 if test "x$withval" != "xno" ; then
3290 if test "x$withval" != "xyes" ; then
3291 OPENSC_CONFIG=$withval/bin/opensc-config
3292 else
3293 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3294 fi
3295 if test "$OPENSC_CONFIG" != "no"; then
3296 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3297 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3298 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3299 LIBS="$LIBS $LIBOPENSC_LIBS"
3300 AC_DEFINE(SMARTCARD)
3301 AC_DEFINE(USE_OPENSC, 1,
3302 [Define if you want smartcard support
3303 using OpenSC])
3304 SCARD_MSG="yes, using OpenSC"
3305 fi
3306 fi
3307 ]
3308 )
3310 # Check libraries needed by DNS fingerprint support
3311 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3312 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3313 [Define if getrrsetbyname() exists])],
3314 [
3315 # Needed by our getrrsetbyname()
3316 AC_SEARCH_LIBS(res_query, resolv)
3317 AC_SEARCH_LIBS(dn_expand, resolv)
3318 AC_MSG_CHECKING(if res_query will link)
3319 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3320 [AC_MSG_RESULT(no)
3321 saved_LIBS="$LIBS"
3322 LIBS="$LIBS -lresolv"
3323 AC_MSG_CHECKING(for res_query in -lresolv)
3324 AC_LINK_IFELSE([
3325 #include <resolv.h>
3326 int main()
3327 {
3328 res_query (0, 0, 0, 0, 0);
3329 return 0;
3330 }
3331 ],
3332 [LIBS="$LIBS -lresolv"
3333 AC_MSG_RESULT(yes)],
3334 [LIBS="$saved_LIBS"
3335 AC_MSG_RESULT(no)])
3336 ])
3337 AC_CHECK_FUNCS(_getshort _getlong)
3338 AC_CHECK_DECLS([_getshort, _getlong], , ,
3339 [#include <sys/types.h>
3340 #include <arpa/nameser.h>])
3341 AC_CHECK_MEMBER(HEADER.ad,
3342 [AC_DEFINE(HAVE_HEADER_AD, 1,
3343 [Define if HEADER.ad exists in arpa/nameser.h])],,
3344 [#include <arpa/nameser.h>])
3345 ])
3347 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3348 AC_LINK_IFELSE([
3349 #include <stdio.h>
3350 #if HAVE_SYS_TYPES_H
3351 # include <sys/types.h>
3352 #endif
3353 #include <netinet/in.h>
3354 #include <arpa/nameser.h>
3355 #include <resolv.h>
3356 extern struct __res_state _res;
3357 int main() { return 0; }
3358 ],
3359 [AC_MSG_RESULT(yes)
3360 AC_DEFINE(HAVE__RES_EXTERN, 1,
3361 [Define if you have struct __res_state _res as an extern])
3362 ],
3363 [ AC_MSG_RESULT(no) ]
3364 )
3366 # Check whether user wants SELinux support
3367 SELINUX_MSG="no"
3368 LIBSELINUX=""
3369 AC_ARG_WITH(selinux,
3370 [ --with-selinux Enable SELinux support],
3371 [ if test "x$withval" != "xno" ; then
3372 save_LIBS="$LIBS"
3373 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3374 SELINUX_MSG="yes"
3375 AC_CHECK_HEADER([selinux/selinux.h], ,
3376 AC_MSG_ERROR(SELinux support requires selinux.h header))
3377 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3378 AC_MSG_ERROR(SELinux support requires libselinux library))
3379 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3380 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3381 LIBS="$save_LIBS"
3382 fi ]
3383 )
3385 # Check whether user wants Kerberos 5 support
3386 KRB5_MSG="no"
3387 AC_ARG_WITH(kerberos5,
3388 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3389 [ if test "x$withval" != "xno" ; then
3390 if test "x$withval" = "xyes" ; then
3391 KRB5ROOT="/usr/local"
3392 else
3393 KRB5ROOT=${withval}
3394 fi
3396 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3397 KRB5_MSG="yes"
3399 AC_MSG_CHECKING(for krb5-config)
3400 if test -x $KRB5ROOT/bin/krb5-config ; then
3401 KRB5CONF=$KRB5ROOT/bin/krb5-config
3402 AC_MSG_RESULT($KRB5CONF)
3404 AC_MSG_CHECKING(for gssapi support)
3405 if $KRB5CONF | grep gssapi >/dev/null ; then
3406 AC_MSG_RESULT(yes)
3407 AC_DEFINE(GSSAPI, 1,
3408 [Define this if you want GSSAPI
3409 support in the version 2 protocol])
3410 k5confopts=gssapi
3411 else
3412 AC_MSG_RESULT(no)
3413 k5confopts=""
3414 fi
3415 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3416 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3417 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3418 AC_MSG_CHECKING(whether we are using Heimdal)
3419 AC_TRY_COMPILE([ #include <krb5.h> ],
3420 [ char *tmp = heimdal_version; ],
3421 [ AC_MSG_RESULT(yes)
3422 AC_DEFINE(HEIMDAL, 1,
3423 [Define this if you are using the
3424 Heimdal version of Kerberos V5]) ],
3425 AC_MSG_RESULT(no)
3426 )
3427 else
3428 AC_MSG_RESULT(no)
3429 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3430 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3431 AC_MSG_CHECKING(whether we are using Heimdal)
3432 AC_TRY_COMPILE([ #include <krb5.h> ],
3433 [ char *tmp = heimdal_version; ],
3434 [ AC_MSG_RESULT(yes)
3435 AC_DEFINE(HEIMDAL)
3436 K5LIBS="-lkrb5 -ldes"
3437 K5LIBS="$K5LIBS -lcom_err -lasn1"
3438 AC_CHECK_LIB(roken, net_write,
3439 [K5LIBS="$K5LIBS -lroken"])
3440 ],
3441 [ AC_MSG_RESULT(no)
3442 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3443 ]
3444 )
3445 AC_SEARCH_LIBS(dn_expand, resolv)
3447 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3448 [ AC_DEFINE(GSSAPI)
3449 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3450 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3451 [ AC_DEFINE(GSSAPI)
3452 K5LIBS="-lgssapi $K5LIBS" ],
3453 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3454 $K5LIBS)
3455 ],
3456 $K5LIBS)
3458 AC_CHECK_HEADER(gssapi.h, ,
3459 [ unset ac_cv_header_gssapi_h
3460 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3461 AC_CHECK_HEADERS(gssapi.h, ,
3462 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3463 )
3464 ]
3465 )
3467 oldCPP="$CPPFLAGS"
3468 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3469 AC_CHECK_HEADER(gssapi_krb5.h, ,
3470 [ CPPFLAGS="$oldCPP" ])
3472 fi
3473 if test ! -z "$need_dash_r" ; then
3474 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3475 fi
3476 if test ! -z "$blibpath" ; then
3477 blibpath="$blibpath:${KRB5ROOT}/lib"
3478 fi
3480 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3481 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3482 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3484 LIBS="$LIBS $K5LIBS"
3485 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3486 [Define this if you want to use libkafs' AFS support]))
3487 fi
3488 ]
3489 )
3491 # Looking for programs, paths and files
3493 PRIVSEP_PATH=/var/empty
3494 AC_ARG_WITH(privsep-path,
3495 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3496 [
3497 if test -n "$withval" && test "x$withval" != "xno" && \
3498 test "x${withval}" != "xyes"; then
3499 PRIVSEP_PATH=$withval
3500 fi
3501 ]
3502 )
3503 AC_SUBST(PRIVSEP_PATH)
3505 AC_ARG_WITH(xauth,
3506 [ --with-xauth=PATH Specify path to xauth program ],
3507 [
3508 if test -n "$withval" && test "x$withval" != "xno" && \
3509 test "x${withval}" != "xyes"; then
3510 xauth_path=$withval
3511 fi
3512 ],
3513 [
3514 TestPath="$PATH"
3515 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3516 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3517 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3518 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3519 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3520 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3521 xauth_path="/usr/openwin/bin/xauth"
3522 fi
3523 ]
3524 )
3526 STRIP_OPT=-s
3527 AC_ARG_ENABLE(strip,
3528 [ --disable-strip Disable calling strip(1) on install],
3529 [
3530 if test "x$enableval" = "xno" ; then
3531 STRIP_OPT=
3532 fi
3533 ]
3534 )
3535 AC_SUBST(STRIP_OPT)
3537 if test -z "$xauth_path" ; then
3538 XAUTH_PATH="undefined"
3539 AC_SUBST(XAUTH_PATH)
3540 else
3541 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3542 [Define if xauth is found in your path])
3543 XAUTH_PATH=$xauth_path
3544 AC_SUBST(XAUTH_PATH)
3545 fi
3547 # Check for mail directory (last resort if we cannot get it from headers)
3548 if test ! -z "$MAIL" ; then
3549 maildir=`dirname $MAIL`
3550 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3551 [Set this to your mail directory if you don't have maillock.h])
3552 fi
3554 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3555 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3556 disable_ptmx_check=yes
3557 fi
3558 if test -z "$no_dev_ptmx" ; then
3559 if test "x$disable_ptmx_check" != "xyes" ; then
3560 AC_CHECK_FILE("/dev/ptmx",
3561 [
3562 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3563 [Define if you have /dev/ptmx])
3564 have_dev_ptmx=1
3565 ]
3566 )
3567 fi
3568 fi
3570 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3571 AC_CHECK_FILE("/dev/ptc",
3572 [
3573 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3574 [Define if you have /dev/ptc])
3575 have_dev_ptc=1
3576 ]
3577 )
3578 else
3579 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3580 fi
3582 # Options from here on. Some of these are preset by platform above
3583 AC_ARG_WITH(mantype,
3584 [ --with-mantype=man|cat|doc Set man page type],
3585 [
3586 case "$withval" in
3587 man|cat|doc)
3588 MANTYPE=$withval
3589 ;;
3590 *)
3591 AC_MSG_ERROR(invalid man type: $withval)
3592 ;;
3593 esac
3594 ]
3595 )
3596 if test -z "$MANTYPE"; then
3597 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3598 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3599 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3600 MANTYPE=doc
3601 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3602 MANTYPE=man
3603 else
3604 MANTYPE=cat
3605 fi
3606 fi
3607 AC_SUBST(MANTYPE)
3608 if test "$MANTYPE" = "doc"; then
3609 mansubdir=man;
3610 else
3611 mansubdir=$MANTYPE;
3612 fi
3613 AC_SUBST(mansubdir)
3615 # Check whether to enable MD5 passwords
3616 MD5_MSG="no"
3617 AC_ARG_WITH(md5-passwords,
3618 [ --with-md5-passwords Enable use of MD5 passwords],
3619 [
3620 if test "x$withval" != "xno" ; then
3621 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3622 [Define if you want to allow MD5 passwords])
3623 MD5_MSG="yes"
3624 fi
3625 ]
3626 )
3628 # Whether to disable shadow password support
3629 AC_ARG_WITH(shadow,
3630 [ --without-shadow Disable shadow password support],
3631 [
3632 if test "x$withval" = "xno" ; then
3633 AC_DEFINE(DISABLE_SHADOW)
3634 disable_shadow=yes
3635 fi
3636 ]
3637 )
3639 if test -z "$disable_shadow" ; then
3640 AC_MSG_CHECKING([if the systems has expire shadow information])
3641 AC_TRY_COMPILE(
3642 [
3643 #include <sys/types.h>
3644 #include <shadow.h>
3645 struct spwd sp;
3646 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3647 [ sp_expire_available=yes ], []
3648 )
3650 if test "x$sp_expire_available" = "xyes" ; then
3651 AC_MSG_RESULT(yes)
3652 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3653 [Define if you want to use shadow password expire field])
3654 else
3655 AC_MSG_RESULT(no)
3656 fi
3657 fi
3659 # Use ip address instead of hostname in $DISPLAY
3660 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3661 DISPLAY_HACK_MSG="yes"
3662 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3663 [Define if you need to use IP address
3664 instead of hostname in $DISPLAY])
3665 else
3666 DISPLAY_HACK_MSG="no"
3667 AC_ARG_WITH(ipaddr-display,
3668 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3669 [
3670 if test "x$withval" != "xno" ; then
3671 AC_DEFINE(IPADDR_IN_DISPLAY)
3672 DISPLAY_HACK_MSG="yes"
3673 fi
3674 ]
3675 )
3676 fi
3678 # check for /etc/default/login and use it if present.
3679 AC_ARG_ENABLE(etc-default-login,
3680 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3681 [ if test "x$enableval" = "xno"; then
3682 AC_MSG_NOTICE([/etc/default/login handling disabled])
3683 etc_default_login=no
3684 else
3685 etc_default_login=yes
3686 fi ],
3687 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3688 then
3689 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3690 etc_default_login=no
3691 else
3692 etc_default_login=yes
3693 fi ]
3694 )
3696 if test "x$etc_default_login" != "xno"; then
3697 AC_CHECK_FILE("/etc/default/login",
3698 [ external_path_file=/etc/default/login ])
3699 if test "x$external_path_file" = "x/etc/default/login"; then
3700 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3701 [Define if your system has /etc/default/login])
3702 fi
3703 fi
3705 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3706 if test $ac_cv_func_login_getcapbool = "yes" && \
3707 test $ac_cv_header_login_cap_h = "yes" ; then
3708 external_path_file=/etc/login.conf
3709 fi
3711 # Whether to mess with the default path
3712 SERVER_PATH_MSG="(default)"
3713 AC_ARG_WITH(default-path,
3714 [ --with-default-path= Specify default \$PATH environment for server],
3715 [
3716 if test "x$external_path_file" = "x/etc/login.conf" ; then
3717 AC_MSG_WARN([
3718 --with-default-path=PATH has no effect on this system.
3719 Edit /etc/login.conf instead.])
3720 elif test "x$withval" != "xno" ; then
3721 if test ! -z "$external_path_file" ; then
3722 AC_MSG_WARN([
3723 --with-default-path=PATH will only be used if PATH is not defined in
3724 $external_path_file .])
3725 fi
3726 user_path="$withval"
3727 SERVER_PATH_MSG="$withval"
3728 fi
3729 ],
3730 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3731 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3732 else
3733 if test ! -z "$external_path_file" ; then
3734 AC_MSG_WARN([
3735 If PATH is defined in $external_path_file, ensure the path to scp is included,
3736 otherwise scp will not work.])
3737 fi
3738 AC_RUN_IFELSE(
3739 [AC_LANG_SOURCE([[
3740 /* find out what STDPATH is */
3741 #include <stdio.h>
3742 #ifdef HAVE_PATHS_H
3743 # include <paths.h>
3744 #endif
3745 #ifndef _PATH_STDPATH
3746 # ifdef _PATH_USERPATH /* Irix */
3747 # define _PATH_STDPATH _PATH_USERPATH
3748 # else
3749 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3750 # endif
3751 #endif
3752 #include <sys/types.h>
3753 #include <sys/stat.h>
3754 #include <fcntl.h>
3755 #define DATA "conftest.stdpath"
3757 main()
3758 {
3759 FILE *fd;
3760 int rc;
3762 fd = fopen(DATA,"w");
3763 if(fd == NULL)
3764 exit(1);
3766 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3767 exit(1);
3769 exit(0);
3770 }
3771 ]])],
3772 [ user_path=`cat conftest.stdpath` ],
3773 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3774 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3775 )
3776 # make sure $bindir is in USER_PATH so scp will work
3777 t_bindir=`eval echo ${bindir}`
3778 case $t_bindir in
3779 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3780 esac
3781 case $t_bindir in
3782 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3783 esac
3784 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3785 if test $? -ne 0 ; then
3786 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3787 if test $? -ne 0 ; then
3788 user_path=$user_path:$t_bindir
3789 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3790 fi
3791 fi
3792 fi ]
3793 )
3794 if test "x$external_path_file" != "x/etc/login.conf" ; then
3795 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3796 AC_SUBST(user_path)
3797 fi
3799 # Set superuser path separately to user path
3800 AC_ARG_WITH(superuser-path,
3801 [ --with-superuser-path= Specify different path for super-user],
3802 [
3803 if test -n "$withval" && test "x$withval" != "xno" && \
3804 test "x${withval}" != "xyes"; then
3805 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3806 [Define if you want a different $PATH
3807 for the superuser])
3808 superuser_path=$withval
3809 fi
3810 ]
3811 )
3814 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3815 IPV4_IN6_HACK_MSG="no"
3816 AC_ARG_WITH(4in6,
3817 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3818 [
3819 if test "x$withval" != "xno" ; then
3820 AC_MSG_RESULT(yes)
3821 AC_DEFINE(IPV4_IN_IPV6, 1,
3822 [Detect IPv4 in IPv6 mapped addresses
3823 and treat as IPv4])
3824 IPV4_IN6_HACK_MSG="yes"
3825 else
3826 AC_MSG_RESULT(no)
3827 fi
3828 ],[
3829 if test "x$inet6_default_4in6" = "xyes"; then
3830 AC_MSG_RESULT([yes (default)])
3831 AC_DEFINE(IPV4_IN_IPV6)
3832 IPV4_IN6_HACK_MSG="yes"
3833 else
3834 AC_MSG_RESULT([no (default)])
3835 fi
3836 ]
3837 )
3839 # Whether to enable BSD auth support
3840 BSD_AUTH_MSG=no
3841 AC_ARG_WITH(bsd-auth,
3842 [ --with-bsd-auth Enable BSD auth support],
3843 [
3844 if test "x$withval" != "xno" ; then
3845 AC_DEFINE(BSD_AUTH, 1,
3846 [Define if you have BSD auth support])
3847 BSD_AUTH_MSG=yes
3848 fi
3849 ]
3850 )
3852 # Where to place sshd.pid
3853 piddir=/var/run
3854 # make sure the directory exists
3855 if test ! -d $piddir ; then
3856 piddir=`eval echo ${sysconfdir}`
3857 case $piddir in
3858 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3859 esac
3860 fi
3862 AC_ARG_WITH(pid-dir,
3863 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3864 [
3865 if test -n "$withval" && test "x$withval" != "xno" && \
3866 test "x${withval}" != "xyes"; then
3867 piddir=$withval
3868 if test ! -d $piddir ; then
3869 AC_MSG_WARN([** no $piddir directory on this system **])
3870 fi
3871 fi
3872 ]
3873 )
3875 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3876 AC_SUBST(piddir)
3878 dnl allow user to disable some login recording features
3879 AC_ARG_ENABLE(lastlog,
3880 [ --disable-lastlog disable use of lastlog even if detected [no]],
3881 [
3882 if test "x$enableval" = "xno" ; then
3883 AC_DEFINE(DISABLE_LASTLOG)
3884 fi
3885 ]
3886 )
3887 AC_ARG_ENABLE(utmp,
3888 [ --disable-utmp disable use of utmp even if detected [no]],
3889 [
3890 if test "x$enableval" = "xno" ; then
3891 AC_DEFINE(DISABLE_UTMP)
3892 fi
3893 ]
3894 )
3895 AC_ARG_ENABLE(utmpx,
3896 [ --disable-utmpx disable use of utmpx even if detected [no]],
3897 [
3898 if test "x$enableval" = "xno" ; then
3899 AC_DEFINE(DISABLE_UTMPX, 1,
3900 [Define if you don't want to use utmpx])
3901 fi
3902 ]
3903 )
3904 AC_ARG_ENABLE(wtmp,
3905 [ --disable-wtmp disable use of wtmp even if detected [no]],
3906 [
3907 if test "x$enableval" = "xno" ; then
3908 AC_DEFINE(DISABLE_WTMP)
3909 fi
3910 ]
3911 )
3912 AC_ARG_ENABLE(wtmpx,
3913 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3914 [
3915 if test "x$enableval" = "xno" ; then
3916 AC_DEFINE(DISABLE_WTMPX, 1,
3917 [Define if you don't want to use wtmpx])
3918 fi
3919 ]
3920 )
3921 AC_ARG_ENABLE(libutil,
3922 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3923 [
3924 if test "x$enableval" = "xno" ; then
3925 AC_DEFINE(DISABLE_LOGIN)
3926 fi
3927 ]
3928 )
3929 AC_ARG_ENABLE(pututline,
3930 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3931 [
3932 if test "x$enableval" = "xno" ; then
3933 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3934 [Define if you don't want to use pututline()
3935 etc. to write [uw]tmp])
3936 fi
3937 ]
3938 )
3939 AC_ARG_ENABLE(pututxline,
3940 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3941 [
3942 if test "x$enableval" = "xno" ; then
3943 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3944 [Define if you don't want to use pututxline()
3945 etc. to write [uw]tmpx])
3946 fi
3947 ]
3948 )
3949 AC_ARG_WITH(lastlog,
3950 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3951 [
3952 if test "x$withval" = "xno" ; then
3953 AC_DEFINE(DISABLE_LASTLOG)
3954 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3955 conf_lastlog_location=$withval
3956 fi
3957 ]
3958 )
3960 dnl lastlog, [uw]tmpx? detection
3961 dnl NOTE: set the paths in the platform section to avoid the
3962 dnl need for command-line parameters
3963 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3965 dnl lastlog detection
3966 dnl NOTE: the code itself will detect if lastlog is a directory
3967 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3968 AC_TRY_COMPILE([
3969 #include <sys/types.h>
3970 #include <utmp.h>
3971 #ifdef HAVE_LASTLOG_H
3972 # include <lastlog.h>
3973 #endif
3974 #ifdef HAVE_PATHS_H
3975 # include <paths.h>
3976 #endif
3977 #ifdef HAVE_LOGIN_H
3978 # include <login.h>
3979 #endif
3980 ],
3981 [ char *lastlog = LASTLOG_FILE; ],
3982 [ AC_MSG_RESULT(yes) ],
3983 [
3984 AC_MSG_RESULT(no)
3985 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3986 AC_TRY_COMPILE([
3987 #include <sys/types.h>
3988 #include <utmp.h>
3989 #ifdef HAVE_LASTLOG_H
3990 # include <lastlog.h>
3991 #endif
3992 #ifdef HAVE_PATHS_H
3993 # include <paths.h>
3994 #endif
3995 ],
3996 [ char *lastlog = _PATH_LASTLOG; ],
3997 [ AC_MSG_RESULT(yes) ],
3998 [
3999 AC_MSG_RESULT(no)
4000 system_lastlog_path=no
4001 ])
4002 ]
4003 )
4005 if test -z "$conf_lastlog_location"; then
4006 if test x"$system_lastlog_path" = x"no" ; then
4007 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4008 if (test -d "$f" || test -f "$f") ; then
4009 conf_lastlog_location=$f
4010 fi
4011 done
4012 if test -z "$conf_lastlog_location"; then
4013 AC_MSG_WARN([** Cannot find lastlog **])
4014 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4015 fi
4016 fi
4017 fi
4019 if test -n "$conf_lastlog_location"; then
4020 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4021 [Define if you want to specify the path to your lastlog file])
4022 fi
4024 dnl utmp detection
4025 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4026 AC_TRY_COMPILE([
4027 #include <sys/types.h>
4028 #include <utmp.h>
4029 #ifdef HAVE_PATHS_H
4030 # include <paths.h>
4031 #endif
4032 ],
4033 [ char *utmp = UTMP_FILE; ],
4034 [ AC_MSG_RESULT(yes) ],
4035 [ AC_MSG_RESULT(no)
4036 system_utmp_path=no ]
4037 )
4038 if test -z "$conf_utmp_location"; then
4039 if test x"$system_utmp_path" = x"no" ; then
4040 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4041 if test -f $f ; then
4042 conf_utmp_location=$f
4043 fi
4044 done
4045 if test -z "$conf_utmp_location"; then
4046 AC_DEFINE(DISABLE_UTMP)
4047 fi
4048 fi
4049 fi
4050 if test -n "$conf_utmp_location"; then
4051 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4052 [Define if you want to specify the path to your utmp file])
4053 fi
4055 dnl wtmp detection
4056 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4057 AC_TRY_COMPILE([
4058 #include <sys/types.h>
4059 #include <utmp.h>
4060 #ifdef HAVE_PATHS_H
4061 # include <paths.h>
4062 #endif
4063 ],
4064 [ char *wtmp = WTMP_FILE; ],
4065 [ AC_MSG_RESULT(yes) ],
4066 [ AC_MSG_RESULT(no)
4067 system_wtmp_path=no ]
4068 )
4069 if test -z "$conf_wtmp_location"; then
4070 if test x"$system_wtmp_path" = x"no" ; then
4071 for f in /usr/adm/wtmp /var/log/wtmp; do
4072 if test -f $f ; then
4073 conf_wtmp_location=$f
4074 fi
4075 done
4076 if test -z "$conf_wtmp_location"; then
4077 AC_DEFINE(DISABLE_WTMP)
4078 fi
4079 fi
4080 fi
4081 if test -n "$conf_wtmp_location"; then
4082 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4083 [Define if you want to specify the path to your wtmp file])
4084 fi
4087 dnl utmpx detection - I don't know any system so perverse as to require
4088 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4089 dnl there, though.
4090 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4091 AC_TRY_COMPILE([
4092 #include <sys/types.h>
4093 #include <utmp.h>
4094 #ifdef HAVE_UTMPX_H
4095 #include <utmpx.h>
4096 #endif
4097 #ifdef HAVE_PATHS_H
4098 # include <paths.h>
4099 #endif
4100 ],
4101 [ char *utmpx = UTMPX_FILE; ],
4102 [ AC_MSG_RESULT(yes) ],
4103 [ AC_MSG_RESULT(no)
4104 system_utmpx_path=no ]
4105 )
4106 if test -z "$conf_utmpx_location"; then
4107 if test x"$system_utmpx_path" = x"no" ; then
4108 AC_DEFINE(DISABLE_UTMPX)
4109 fi
4110 else
4111 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4112 [Define if you want to specify the path to your utmpx file])
4113 fi
4115 dnl wtmpx detection
4116 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4117 AC_TRY_COMPILE([
4118 #include <sys/types.h>
4119 #include <utmp.h>
4120 #ifdef HAVE_UTMPX_H
4121 #include <utmpx.h>
4122 #endif
4123 #ifdef HAVE_PATHS_H
4124 # include <paths.h>
4125 #endif
4126 ],
4127 [ char *wtmpx = WTMPX_FILE; ],
4128 [ AC_MSG_RESULT(yes) ],
4129 [ AC_MSG_RESULT(no)
4130 system_wtmpx_path=no ]
4131 )
4132 if test -z "$conf_wtmpx_location"; then
4133 if test x"$system_wtmpx_path" = x"no" ; then
4134 AC_DEFINE(DISABLE_WTMPX)
4135 fi
4136 else
4137 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4138 [Define if you want to specify the path to your wtmpx file])
4139 fi
4142 if test ! -z "$blibpath" ; then
4143 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4144 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4145 fi
4147 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4148 dnl Add now.
4149 CFLAGS="$CFLAGS $werror_flags"
4151 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4152 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4153 AC_SUBST(TEST_SSH_IPV6, no)
4154 else
4155 AC_SUBST(TEST_SSH_IPV6, yes)
4156 fi
4158 AC_EXEEXT
4159 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4160 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4161 scard/Makefile ssh_prng_cmds survey.sh])
4162 AC_OUTPUT
4164 # Print summary of options
4166 # Someone please show me a better way :)
4167 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4168 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4169 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4170 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4171 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4172 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4173 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4174 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4175 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4176 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4178 echo ""
4179 echo "OpenSSH has been configured with the following options:"
4180 echo " User binaries: $B"
4181 echo " System binaries: $C"
4182 echo " Configuration files: $D"
4183 echo " Askpass program: $E"
4184 echo " Manual pages: $F"
4185 echo " PID file: $G"
4186 echo " Privilege separation chroot path: $H"
4187 if test "x$external_path_file" = "x/etc/login.conf" ; then
4188 echo " At runtime, sshd will use the path defined in $external_path_file"
4189 echo " Make sure the path to scp is present, otherwise scp will not work"
4190 else
4191 echo " sshd default user PATH: $I"
4192 if test ! -z "$external_path_file"; then
4193 echo " (If PATH is set in $external_path_file it will be used instead. If"
4194 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4195 fi
4196 fi
4197 if test ! -z "$superuser_path" ; then
4198 echo " sshd superuser user PATH: $J"
4199 fi
4200 echo " Manpage format: $MANTYPE"
4201 echo " PAM support: $PAM_MSG"
4202 echo " OSF SIA support: $SIA_MSG"
4203 echo " KerberosV support: $KRB5_MSG"
4204 echo " SELinux support: $SELINUX_MSG"
4205 echo " Smartcard support: $SCARD_MSG"
4206 echo " S/KEY support: $SKEY_MSG"
4207 echo " TCP Wrappers support: $TCPW_MSG"
4208 echo " MD5 password support: $MD5_MSG"
4209 echo " libedit support: $LIBEDIT_MSG"
4210 echo " Solaris process contract support: $SPC_MSG"
4211 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4212 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4213 echo " BSD Auth support: $BSD_AUTH_MSG"
4214 echo " Random number source: $RAND_MSG"
4215 if test ! -z "$USE_RAND_HELPER" ; then
4216 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4217 fi
4219 echo ""
4221 echo " Host: ${host}"
4222 echo " Compiler: ${CC}"
4223 echo " Compiler flags: ${CFLAGS}"
4224 echo "Preprocessor flags: ${CPPFLAGS}"
4225 echo " Linker flags: ${LDFLAGS}"
4226 echo " Libraries: ${LIBS}"
4227 if test ! -z "${SSHDLIBS}"; then
4228 echo " +for sshd: ${SSHDLIBS}"
4229 fi
4231 echo ""
4233 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4234 echo "SVR4 style packages are supported with \"make package\""
4235 echo ""
4236 fi
4238 if test "x$PAM_MSG" = "xyes" ; then
4239 echo "PAM is enabled. You may need to install a PAM control file "
4240 echo "for sshd, otherwise password authentication may fail. "
4241 echo "Example PAM control files can be found in the contrib/ "
4242 echo "subdirectory"
4243 echo ""
4244 fi
4246 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4247 echo "WARNING: you are using the builtin random number collection "
4248 echo "service. Please read WARNING.RNG and request that your OS "
4249 echo "vendor includes kernel-based random number collection in "
4250 echo "future versions of your OS."
4251 echo ""
4252 fi
4254 if test ! -z "$NO_PEERCHECK" ; then
4255 echo "WARNING: the operating system that you are using does not"
4256 echo "appear to support getpeereid(), getpeerucred() or the"
4257 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4258 echo "enforce security checks to prevent unauthorised connections to"
4259 echo "ssh-agent. Their absence increases the risk that a malicious"
4260 echo "user can connect to your agent."
4261 echo ""
4262 fi
4264 if test "$AUDIT_MODULE" = "bsm" ; then
4265 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4266 echo "See the Solaris section in README.platform for details."
4267 fi