| blob | 9d30bff6131d97315ceeba80d768c2d9bfa097ed |
1 # $Id: configure.ac,v 1.351 2006/08/18 22:38:23 djm Exp $
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.351 $)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
22 AC_PROG_CC
23 AC_CANONICAL_HOST
24 AC_C_BIGENDIAN
26 # Checks for programs.
27 AC_PROG_AWK
28 AC_PROG_CPP
29 AC_PROG_RANLIB
30 AC_PROG_INSTALL
31 AC_PROG_EGREP
32 AC_PATH_PROG(AR, ar)
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
37 AC_SUBST(PERL)
38 AC_PATH_PROG(ENT, ent)
39 AC_SUBST(ENT)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43 AC_PATH_PROG(SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
46 dnl for buildpkg.sh
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54 else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56 fi
58 # System features
59 AC_SYS_LARGEFILE
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63 fi
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
70 else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76 fi
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
82 fi
84 if test -z "$LD" ; then
85 LD=$CC
86 fi
87 AC_SUBST(LD)
89 AC_C_INLINE
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
96 case $GCC_VER in
97 1.*) ;;
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99 2.*) ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
102 *) ;;
103 esac
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
111 [have_llong_max=1],
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
114 )
115 fi
116 fi
118 AC_ARG_WITH(rpath,
119 [ --without-rpath Disable auto-added -R linker paths],
120 [
121 if test "x$withval" = "xno" ; then
122 need_dash_r=""
123 fi
124 if test "x$withval" = "xyes" ; then
125 need_dash_r=1
126 fi
127 ]
128 )
130 # Check for some target-specific stuff
131 case "$host" in
132 *-*-aix*)
133 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
134 if (test -z "$blibpath"); then
135 blibpath="/usr/lib:/lib"
136 fi
137 saved_LDFLAGS="$LDFLAGS"
138 if test "$GCC" = "yes"; then
139 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
140 else
141 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
142 fi
143 for tryflags in $flags ;do
144 if (test -z "$blibflags"); then
145 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
146 AC_TRY_LINK([], [], [blibflags=$tryflags])
147 fi
148 done
149 if (test -z "$blibflags"); then
150 AC_MSG_RESULT(not found)
151 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
152 else
153 AC_MSG_RESULT($blibflags)
154 fi
155 LDFLAGS="$saved_LDFLAGS"
156 dnl Check for authenticate. Might be in libs.a on older AIXes
157 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
158 [Define if you want to enable AIX4's authenticate function])],
159 [AC_CHECK_LIB(s,authenticate,
160 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
161 LIBS="$LIBS -ls"
162 ])
163 ])
164 dnl Check for various auth function declarations in headers.
165 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
166 passwdexpired, setauthdb], , , [#include <usersec.h>])
167 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
168 AC_CHECK_DECLS(loginfailed,
169 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
170 AC_TRY_COMPILE(
171 [#include <usersec.h>],
172 [(void)loginfailed("user","host","tty",0);],
173 [AC_MSG_RESULT(yes)
174 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
175 [Define if your AIX loginfailed() function
176 takes 4 arguments (AIX >= 5.2)])],
177 [AC_MSG_RESULT(no)]
178 )],
179 [],
180 [#include <usersec.h>]
181 )
182 AC_CHECK_FUNCS(setauthdb)
183 AC_CHECK_DECL(F_CLOSEM,
184 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
185 [],
186 [ #include <limits.h>
187 #include <fcntl.h> ]
188 )
189 check_for_aix_broken_getaddrinfo=1
190 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
191 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
192 [Define if your platform breaks doing a seteuid before a setuid])
193 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
194 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
195 dnl AIX handles lastlog as part of its login message
196 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
197 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
198 [Some systems need a utmpx entry for /bin/login to work])
199 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
200 [Define to a Set Process Title type if your system is
201 supported by bsd-setproctitle.c])
202 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
203 [AIX 5.2 and 5.3 (and presumably newer) require this])
204 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
205 ;;
206 *-*-cygwin*)
207 check_for_libcrypt_later=1
208 LIBS="$LIBS /usr/lib/textmode.o"
209 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
210 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
211 AC_DEFINE(DISABLE_SHADOW, 1,
212 [Define if you want to disable shadow passwords])
213 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
214 [Define if your system choked on IP TOS setting])
215 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
216 [Define if X11 doesn't support AF_UNIX sockets on that system])
217 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
218 [Define if the concept of ports only accessible to
219 superusers isn't known])
220 AC_DEFINE(DISABLE_FD_PASSING, 1,
221 [Define if your platform needs to skip post auth
222 file descriptor passing])
223 ;;
224 *-*-dgux*)
225 AC_DEFINE(IP_TOS_IS_BROKEN)
226 AC_DEFINE(SETEUID_BREAKS_SETUID)
227 AC_DEFINE(BROKEN_SETREUID)
228 AC_DEFINE(BROKEN_SETREGID)
229 ;;
230 *-*-darwin*)
231 AC_MSG_CHECKING(if we have working getaddrinfo)
232 AC_TRY_RUN([#include <mach-o/dyld.h>
233 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
234 exit(0);
235 else
236 exit(1);
237 }], [AC_MSG_RESULT(working)],
238 [AC_MSG_RESULT(buggy)
239 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
240 [AC_MSG_RESULT(assume it is working)])
241 AC_DEFINE(SETEUID_BREAKS_SETUID)
242 AC_DEFINE(BROKEN_SETREUID)
243 AC_DEFINE(BROKEN_SETREGID)
244 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
245 [Define if your resolver libs need this for getrrsetbyname])
246 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
247 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
248 [Use tunnel device compatibility to OpenBSD])
249 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
250 [Prepend the address family to IP tunnel traffic])
251 ;;
252 *-*-hpux*)
253 # first we define all of the options common to all HP-UX releases
254 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
255 IPADDR_IN_DISPLAY=yes
256 AC_DEFINE(USE_PIPES)
257 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
258 [Define if your login program cannot handle end of options ("--")])
259 AC_DEFINE(LOGIN_NEEDS_UTMPX)
260 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
261 [String used in /etc/passwd to denote locked account])
262 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
263 MAIL="/var/mail/username"
264 LIBS="$LIBS -lsec"
265 AC_CHECK_LIB(xnet, t_error, ,
266 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
268 # next, we define all of the options specific to major releases
269 case "$host" in
270 *-*-hpux10*)
271 if test -z "$GCC"; then
272 CFLAGS="$CFLAGS -Ae"
273 fi
274 ;;
275 *-*-hpux11*)
276 AC_DEFINE(PAM_SUN_CODEBASE, 1,
277 [Define if you are using Solaris-derived PAM which
278 passes pam_messages to the conversation function
279 with an extra level of indirection])
280 AC_DEFINE(DISABLE_UTMP, 1,
281 [Define if you don't want to use utmp])
282 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
283 check_for_hpux_broken_getaddrinfo=1
284 check_for_conflicting_getspnam=1
285 ;;
286 esac
288 # lastly, we define options specific to minor releases
289 case "$host" in
290 *-*-hpux10.26)
291 AC_DEFINE(HAVE_SECUREWARE, 1,
292 [Define if you have SecureWare-based
293 protected password database])
294 disable_ptmx_check=yes
295 LIBS="$LIBS -lsecpw"
296 ;;
297 esac
298 ;;
299 *-*-irix5*)
300 PATH="$PATH:/usr/etc"
301 AC_DEFINE(BROKEN_INET_NTOA, 1,
302 [Define if you system's inet_ntoa is busted
303 (e.g. Irix gcc issue)])
304 AC_DEFINE(SETEUID_BREAKS_SETUID)
305 AC_DEFINE(BROKEN_SETREUID)
306 AC_DEFINE(BROKEN_SETREGID)
307 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
308 [Define if you shouldn't strip 'tty' from your
309 ttyname in [uw]tmp])
310 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
311 ;;
312 *-*-irix6*)
313 PATH="$PATH:/usr/etc"
314 AC_DEFINE(WITH_IRIX_ARRAY, 1,
315 [Define if you have/want arrays
316 (cluster-wide session managment, not C arrays)])
317 AC_DEFINE(WITH_IRIX_PROJECT, 1,
318 [Define if you want IRIX project management])
319 AC_DEFINE(WITH_IRIX_AUDIT, 1,
320 [Define if you want IRIX audit trails])
321 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
322 [Define if you want IRIX kernel jobs])])
323 AC_DEFINE(BROKEN_INET_NTOA)
324 AC_DEFINE(SETEUID_BREAKS_SETUID)
325 AC_DEFINE(BROKEN_SETREUID)
326 AC_DEFINE(BROKEN_SETREGID)
327 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
328 AC_DEFINE(WITH_ABBREV_NO_TTY)
329 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
330 ;;
331 *-*-linux*)
332 no_dev_ptmx=1
333 check_for_libcrypt_later=1
334 check_for_openpty_ctty_bug=1
335 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
336 AC_DEFINE(PAM_TTY_KLUDGE, 1,
337 [Work around problematic Linux PAM modules handling of PAM_TTY])
338 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
339 [String used in /etc/passwd to denote locked account])
340 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
341 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
342 [Define to whatever link() returns for "not supported"
343 if it doesn't return EOPNOTSUPP.])
344 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
345 AC_DEFINE(USE_BTMP)
346 inet6_default_4in6=yes
347 case `uname -r` in
348 1.*|2.0.*)
349 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
350 [Define if cmsg_type is not passed correctly])
351 ;;
352 esac
353 # tun(4) forwarding compat code
354 AC_CHECK_HEADERS(linux/if_tun.h)
355 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
356 AC_DEFINE(SSH_TUN_LINUX, 1,
357 [Open tunnel devices the Linux tun/tap way])
358 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
359 [Use tunnel device compatibility to OpenBSD])
360 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
361 [Prepend the address family to IP tunnel traffic])
362 fi
363 ;;
364 mips-sony-bsd|mips-sony-newsos4)
365 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
366 SONY=1
367 ;;
368 *-*-netbsd*)
369 check_for_libcrypt_before=1
370 if test "x$withval" != "xno" ; then
371 need_dash_r=1
372 fi
373 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
374 AC_CHECK_HEADER([net/if_tap.h], ,
375 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
376 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
377 [Prepend the address family to IP tunnel traffic])
378 ;;
379 *-*-freebsd*)
380 check_for_libcrypt_later=1
381 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
382 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
383 AC_CHECK_HEADER([net/if_tap.h], ,
384 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
385 ;;
386 *-*-bsdi*)
387 AC_DEFINE(SETEUID_BREAKS_SETUID)
388 AC_DEFINE(BROKEN_SETREUID)
389 AC_DEFINE(BROKEN_SETREGID)
390 ;;
391 *-next-*)
392 conf_lastlog_location="/usr/adm/lastlog"
393 conf_utmp_location=/etc/utmp
394 conf_wtmp_location=/usr/adm/wtmp
395 MAIL=/usr/spool/mail
396 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
397 AC_DEFINE(BROKEN_REALPATH)
398 AC_DEFINE(USE_PIPES)
399 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
400 ;;
401 *-*-openbsd*)
402 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
403 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
404 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
405 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
406 [syslog_r function is safe to use in in a signal handler])
407 ;;
408 *-*-solaris*)
409 if test "x$withval" != "xno" ; then
410 need_dash_r=1
411 fi
412 AC_DEFINE(PAM_SUN_CODEBASE)
413 AC_DEFINE(LOGIN_NEEDS_UTMPX)
414 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
415 [Some versions of /bin/login need the TERM supplied
416 on the commandline])
417 AC_DEFINE(PAM_TTY_KLUDGE)
418 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
419 [Define if pam_chauthtok wants real uid set
420 to the unpriv'ed user])
421 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
422 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
423 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
424 [Define if sshd somehow reacquires a controlling TTY
425 after setsid()])
426 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
427 in case the name is longer than 8 chars])
428 external_path_file=/etc/default/login
429 # hardwire lastlog location (can't detect it on some versions)
430 conf_lastlog_location="/var/adm/lastlog"
431 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
432 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
433 if test "$sol2ver" -ge 8; then
434 AC_MSG_RESULT(yes)
435 AC_DEFINE(DISABLE_UTMP)
436 AC_DEFINE(DISABLE_WTMP, 1,
437 [Define if you don't want to use wtmp])
438 else
439 AC_MSG_RESULT(no)
440 fi
441 ;;
442 *-*-sunos4*)
443 CPPFLAGS="$CPPFLAGS -DSUNOS4"
444 AC_CHECK_FUNCS(getpwanam)
445 AC_DEFINE(PAM_SUN_CODEBASE)
446 conf_utmp_location=/etc/utmp
447 conf_wtmp_location=/var/adm/wtmp
448 conf_lastlog_location=/var/adm/lastlog
449 AC_DEFINE(USE_PIPES)
450 ;;
451 *-ncr-sysv*)
452 LIBS="$LIBS -lc89"
453 AC_DEFINE(USE_PIPES)
454 AC_DEFINE(SSHD_ACQUIRES_CTTY)
455 AC_DEFINE(SETEUID_BREAKS_SETUID)
456 AC_DEFINE(BROKEN_SETREUID)
457 AC_DEFINE(BROKEN_SETREGID)
458 ;;
459 *-sni-sysv*)
460 # /usr/ucblib MUST NOT be searched on ReliantUNIX
461 AC_CHECK_LIB(dl, dlsym, ,)
462 # -lresolv needs to be at the end of LIBS or DNS lookups break
463 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
464 IPADDR_IN_DISPLAY=yes
465 AC_DEFINE(USE_PIPES)
466 AC_DEFINE(IP_TOS_IS_BROKEN)
467 AC_DEFINE(SETEUID_BREAKS_SETUID)
468 AC_DEFINE(BROKEN_SETREUID)
469 AC_DEFINE(BROKEN_SETREGID)
470 AC_DEFINE(SSHD_ACQUIRES_CTTY)
471 external_path_file=/etc/default/login
472 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
473 # Attention: always take care to bind libsocket and libnsl before libc,
474 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
475 ;;
476 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
477 *-*-sysv4.2*)
478 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
479 AC_DEFINE(USE_PIPES)
480 AC_DEFINE(SETEUID_BREAKS_SETUID)
481 AC_DEFINE(BROKEN_SETREUID)
482 AC_DEFINE(BROKEN_SETREGID)
483 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
484 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
485 ;;
486 # UnixWare 7.x, OpenUNIX 8
487 *-*-sysv5*)
488 check_for_libcrypt_later=1
489 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
490 AC_DEFINE(USE_PIPES)
491 AC_DEFINE(SETEUID_BREAKS_SETUID)
492 AC_DEFINE(BROKEN_SETREUID)
493 AC_DEFINE(BROKEN_SETREGID)
494 AC_DEFINE(PASSWD_NEEDS_USERNAME)
495 case "$host" in
496 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
497 TEST_SHELL=/u95/bin/sh
498 AC_DEFINE(BROKEN_LIBIAF, 1,
499 [ia_uinfo routines not supported by OS yet])
500 ;;
501 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
502 ;;
503 esac
504 ;;
505 *-*-sysv*)
506 ;;
507 # SCO UNIX and OEM versions of SCO UNIX
508 *-*-sco3.2v4*)
509 AC_MSG_ERROR("This Platform is no longer supported.")
510 ;;
511 # SCO OpenServer 5.x
512 *-*-sco3.2v5*)
513 if test -z "$GCC"; then
514 CFLAGS="$CFLAGS -belf"
515 fi
516 LIBS="$LIBS -lprot -lx -ltinfo -lm"
517 no_dev_ptmx=1
518 AC_DEFINE(USE_PIPES)
519 AC_DEFINE(HAVE_SECUREWARE)
520 AC_DEFINE(DISABLE_SHADOW)
521 AC_DEFINE(DISABLE_FD_PASSING)
522 AC_DEFINE(SETEUID_BREAKS_SETUID)
523 AC_DEFINE(BROKEN_SETREUID)
524 AC_DEFINE(BROKEN_SETREGID)
525 AC_DEFINE(WITH_ABBREV_NO_TTY)
526 AC_DEFINE(BROKEN_UPDWTMPX)
527 AC_DEFINE(PASSWD_NEEDS_USERNAME)
528 AC_CHECK_FUNCS(getluid setluid)
529 MANTYPE=man
530 TEST_SHELL=ksh
531 ;;
532 *-*-unicosmk*)
533 AC_DEFINE(NO_SSH_LASTLOG, 1,
534 [Define if you don't want to use lastlog in session.c])
535 AC_DEFINE(SETEUID_BREAKS_SETUID)
536 AC_DEFINE(BROKEN_SETREUID)
537 AC_DEFINE(BROKEN_SETREGID)
538 AC_DEFINE(USE_PIPES)
539 AC_DEFINE(DISABLE_FD_PASSING)
540 LDFLAGS="$LDFLAGS"
541 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
542 MANTYPE=cat
543 ;;
544 *-*-unicosmp*)
545 AC_DEFINE(SETEUID_BREAKS_SETUID)
546 AC_DEFINE(BROKEN_SETREUID)
547 AC_DEFINE(BROKEN_SETREGID)
548 AC_DEFINE(WITH_ABBREV_NO_TTY)
549 AC_DEFINE(USE_PIPES)
550 AC_DEFINE(DISABLE_FD_PASSING)
551 LDFLAGS="$LDFLAGS"
552 LIBS="$LIBS -lgen -lacid -ldb"
553 MANTYPE=cat
554 ;;
555 *-*-unicos*)
556 AC_DEFINE(SETEUID_BREAKS_SETUID)
557 AC_DEFINE(BROKEN_SETREUID)
558 AC_DEFINE(BROKEN_SETREGID)
559 AC_DEFINE(USE_PIPES)
560 AC_DEFINE(DISABLE_FD_PASSING)
561 AC_DEFINE(NO_SSH_LASTLOG)
562 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
563 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
564 MANTYPE=cat
565 ;;
566 *-dec-osf*)
567 AC_MSG_CHECKING(for Digital Unix SIA)
568 no_osfsia=""
569 AC_ARG_WITH(osfsia,
570 [ --with-osfsia Enable Digital Unix SIA],
571 [
572 if test "x$withval" = "xno" ; then
573 AC_MSG_RESULT(disabled)
574 no_osfsia=1
575 fi
576 ],
577 )
578 if test -z "$no_osfsia" ; then
579 if test -f /etc/sia/matrix.conf; then
580 AC_MSG_RESULT(yes)
581 AC_DEFINE(HAVE_OSF_SIA, 1,
582 [Define if you have Digital Unix Security
583 Integration Architecture])
584 AC_DEFINE(DISABLE_LOGIN, 1,
585 [Define if you don't want to use your
586 system's login() call])
587 AC_DEFINE(DISABLE_FD_PASSING)
588 LIBS="$LIBS -lsecurity -ldb -lm -laud"
589 else
590 AC_MSG_RESULT(no)
591 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
592 [String used in /etc/passwd to denote locked account])
593 fi
594 fi
595 AC_DEFINE(BROKEN_GETADDRINFO)
596 AC_DEFINE(SETEUID_BREAKS_SETUID)
597 AC_DEFINE(BROKEN_SETREUID)
598 AC_DEFINE(BROKEN_SETREGID)
599 ;;
601 *-*-nto-qnx*)
602 AC_DEFINE(USE_PIPES)
603 AC_DEFINE(NO_X11_UNIX_SOCKETS)
604 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
605 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
606 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
607 AC_DEFINE(DISABLE_LASTLOG)
608 AC_DEFINE(SSHD_ACQUIRES_CTTY)
609 enable_etc_default_login=no # has incompatible /etc/default/login
610 ;;
612 *-*-ultrix*)
613 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
614 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
615 AC_DEFINE(NEED_SETPGRP)
616 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
617 ;;
619 *-*-lynxos)
620 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
621 AC_DEFINE(MISSING_HOWMANY)
622 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
623 ;;
624 esac
626 # Allow user to specify flags
627 AC_ARG_WITH(cflags,
628 [ --with-cflags Specify additional flags to pass to compiler],
629 [
630 if test -n "$withval" && test "x$withval" != "xno" && \
631 test "x${withval}" != "xyes"; then
632 CFLAGS="$CFLAGS $withval"
633 fi
634 ]
635 )
636 AC_ARG_WITH(cppflags,
637 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
638 [
639 if test -n "$withval" && test "x$withval" != "xno" && \
640 test "x${withval}" != "xyes"; then
641 CPPFLAGS="$CPPFLAGS $withval"
642 fi
643 ]
644 )
645 AC_ARG_WITH(ldflags,
646 [ --with-ldflags Specify additional flags to pass to linker],
647 [
648 if test -n "$withval" && test "x$withval" != "xno" && \
649 test "x${withval}" != "xyes"; then
650 LDFLAGS="$LDFLAGS $withval"
651 fi
652 ]
653 )
654 AC_ARG_WITH(libs,
655 [ --with-libs Specify additional libraries to link with],
656 [
657 if test -n "$withval" && test "x$withval" != "xno" && \
658 test "x${withval}" != "xyes"; then
659 LIBS="$LIBS $withval"
660 fi
661 ]
662 )
663 AC_ARG_WITH(Werror,
664 [ --with-Werror Build main code with -Werror],
665 [
666 if test -n "$withval" && test "x$withval" != "xno"; then
667 werror_flags="-Werror"
668 if test "x${withval}" != "xyes"; then
669 werror_flags="$withval"
670 fi
671 fi
672 ]
673 )
675 AC_MSG_CHECKING(compiler and flags for sanity)
676 AC_RUN_IFELSE(
677 [AC_LANG_SOURCE([
678 #include <stdio.h>
679 int main(){exit(0);}
680 ])],
681 [ AC_MSG_RESULT(yes) ],
682 [
683 AC_MSG_RESULT(no)
684 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
685 ],
686 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
687 )
689 dnl Checks for header files.
690 AC_CHECK_HEADERS( \
691 bstring.h \
692 crypt.h \
693 crypto/sha2.h \
694 dirent.h \
695 endian.h \
696 features.h \
697 fcntl.h \
698 floatingpoint.h \
699 getopt.h \
700 glob.h \
701 ia.h \
702 iaf.h \
703 limits.h \
704 login.h \
705 maillock.h \
706 ndir.h \
707 net/if_tun.h \
708 netdb.h \
709 netgroup.h \
710 pam/pam_appl.h \
711 paths.h \
712 pty.h \
713 readpassphrase.h \
714 rpc/types.h \
715 security/pam_appl.h \
716 sha2.h \
717 shadow.h \
718 stddef.h \
719 stdint.h \
720 string.h \
721 strings.h \
722 sys/audit.h \
723 sys/bitypes.h \
724 sys/bsdtty.h \
725 sys/cdefs.h \
726 sys/dir.h \
727 sys/mman.h \
728 sys/ndir.h \
729 sys/prctl.h \
730 sys/pstat.h \
731 sys/select.h \
732 sys/stat.h \
733 sys/stream.h \
734 sys/stropts.h \
735 sys/strtio.h \
736 sys/sysmacros.h \
737 sys/time.h \
738 sys/timers.h \
739 sys/un.h \
740 time.h \
741 tmpdir.h \
742 ttyent.h \
743 unistd.h \
744 usersec.h \
745 util.h \
746 utime.h \
747 utmp.h \
748 utmpx.h \
749 vis.h \
750 )
752 # lastlog.h requires sys/time.h to be included first on Solaris
753 AC_CHECK_HEADERS(lastlog.h, [], [], [
754 #ifdef HAVE_SYS_TIME_H
755 # include <sys/time.h>
756 #endif
757 ])
759 # sys/ptms.h requires sys/stream.h to be included first on Solaris
760 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
761 #ifdef HAVE_SYS_STREAM_H
762 # include <sys/stream.h>
763 #endif
764 ])
766 # login_cap.h requires sys/types.h on NetBSD
767 AC_CHECK_HEADERS(login_cap.h, [], [], [
768 #include <sys/types.h>
769 ])
771 # Checks for libraries.
772 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
773 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
775 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
776 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
777 AC_CHECK_LIB(gen, dirname,[
778 AC_CACHE_CHECK([for broken dirname],
779 ac_cv_have_broken_dirname, [
780 save_LIBS="$LIBS"
781 LIBS="$LIBS -lgen"
782 AC_RUN_IFELSE(
783 [AC_LANG_SOURCE([[
784 #include <libgen.h>
785 #include <string.h>
787 int main(int argc, char **argv) {
788 char *s, buf[32];
790 strncpy(buf,"/etc", 32);
791 s = dirname(buf);
792 if (!s || strncmp(s, "/", 32) != 0) {
793 exit(1);
794 } else {
795 exit(0);
796 }
797 }
798 ]])],
799 [ ac_cv_have_broken_dirname="no" ],
800 [ ac_cv_have_broken_dirname="yes" ],
801 [ ac_cv_have_broken_dirname="no" ],
802 )
803 LIBS="$save_LIBS"
804 ])
805 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
806 LIBS="$LIBS -lgen"
807 AC_DEFINE(HAVE_DIRNAME)
808 AC_CHECK_HEADERS(libgen.h)
809 fi
810 ])
811 ])
813 AC_CHECK_FUNC(getspnam, ,
814 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
815 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
816 [Define if you have the basename function.]))
818 dnl zlib is required
819 AC_ARG_WITH(zlib,
820 [ --with-zlib=PATH Use zlib in PATH],
821 [ if test "x$withval" = "xno" ; then
822 AC_MSG_ERROR([*** zlib is required ***])
823 elif test "x$withval" != "xyes"; then
824 if test -d "$withval/lib"; then
825 if test -n "${need_dash_r}"; then
826 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
827 else
828 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
829 fi
830 else
831 if test -n "${need_dash_r}"; then
832 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
833 else
834 LDFLAGS="-L${withval} ${LDFLAGS}"
835 fi
836 fi
837 if test -d "$withval/include"; then
838 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
839 else
840 CPPFLAGS="-I${withval} ${CPPFLAGS}"
841 fi
842 fi ]
843 )
845 AC_CHECK_LIB(z, deflate, ,
846 [
847 saved_CPPFLAGS="$CPPFLAGS"
848 saved_LDFLAGS="$LDFLAGS"
849 save_LIBS="$LIBS"
850 dnl Check default zlib install dir
851 if test -n "${need_dash_r}"; then
852 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
853 else
854 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
855 fi
856 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
857 LIBS="$LIBS -lz"
858 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
859 [
860 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
861 ]
862 )
863 ]
864 )
865 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
867 AC_ARG_WITH(zlib-version-check,
868 [ --without-zlib-version-check Disable zlib version check],
869 [ if test "x$withval" = "xno" ; then
870 zlib_check_nonfatal=1
871 fi
872 ]
873 )
875 AC_MSG_CHECKING(for possibly buggy zlib)
876 AC_RUN_IFELSE([AC_LANG_SOURCE([[
877 #include <stdio.h>
878 #include <zlib.h>
879 int main()
880 {
881 int a=0, b=0, c=0, d=0, n, v;
882 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
883 if (n != 3 && n != 4)
884 exit(1);
885 v = a*1000000 + b*10000 + c*100 + d;
886 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
888 /* 1.1.4 is OK */
889 if (a == 1 && b == 1 && c >= 4)
890 exit(0);
892 /* 1.2.3 and up are OK */
893 if (v >= 1020300)
894 exit(0);
896 exit(2);
897 }
898 ]])],
899 AC_MSG_RESULT(no),
900 [ AC_MSG_RESULT(yes)
901 if test -z "$zlib_check_nonfatal" ; then
902 AC_MSG_ERROR([*** zlib too old - check config.log ***
903 Your reported zlib version has known security problems. It's possible your
904 vendor has fixed these problems without changing the version number. If you
905 are sure this is the case, you can disable the check by running
906 "./configure --without-zlib-version-check".
907 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
908 See http://www.gzip.org/zlib/ for details.])
909 else
910 AC_MSG_WARN([zlib version may have security problems])
911 fi
912 ],
913 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
914 )
916 dnl UnixWare 2.x
917 AC_CHECK_FUNC(strcasecmp,
918 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
919 )
920 AC_CHECK_FUNCS(utimes,
921 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
922 LIBS="$LIBS -lc89"]) ]
923 )
925 dnl Checks for libutil functions
926 AC_CHECK_HEADERS(libutil.h)
927 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
928 [Define if your libraries define login()])])
929 AC_CHECK_FUNCS(logout updwtmp logwtmp)
931 AC_FUNC_STRFTIME
933 # Check for ALTDIRFUNC glob() extension
934 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
935 AC_EGREP_CPP(FOUNDIT,
936 [
937 #include <glob.h>
938 #ifdef GLOB_ALTDIRFUNC
939 FOUNDIT
940 #endif
941 ],
942 [
943 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
944 [Define if your system glob() function has
945 the GLOB_ALTDIRFUNC extension])
946 AC_MSG_RESULT(yes)
947 ],
948 [
949 AC_MSG_RESULT(no)
950 ]
951 )
953 # Check for g.gl_matchc glob() extension
954 AC_MSG_CHECKING(for gl_matchc field in glob_t)
955 AC_TRY_COMPILE(
956 [ #include <glob.h> ],
957 [glob_t g; g.gl_matchc = 1;],
958 [
959 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
960 [Define if your system glob() function has
961 gl_matchc options in glob_t])
962 AC_MSG_RESULT(yes)
963 ],
964 [
965 AC_MSG_RESULT(no)
966 ]
967 )
969 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
970 AC_RUN_IFELSE(
971 [AC_LANG_SOURCE([[
972 #include <sys/types.h>
973 #include <dirent.h>
974 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
975 ]])],
976 [AC_MSG_RESULT(yes)],
977 [
978 AC_MSG_RESULT(no)
979 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
980 [Define if your struct dirent expects you to
981 allocate extra space for d_name])
982 ],
983 [
984 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
985 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
986 ]
987 )
989 AC_MSG_CHECKING([for /proc/pid/fd directory])
990 if test -d "/proc/$$/fd" ; then
991 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
992 AC_MSG_RESULT(yes)
993 else
994 AC_MSG_RESULT(no)
995 fi
997 # Check whether user wants S/Key support
998 SKEY_MSG="no"
999 AC_ARG_WITH(skey,
1000 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1001 [
1002 if test "x$withval" != "xno" ; then
1004 if test "x$withval" != "xyes" ; then
1005 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1006 LDFLAGS="$LDFLAGS -L${withval}/lib"
1007 fi
1009 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1010 LIBS="-lskey $LIBS"
1011 SKEY_MSG="yes"
1013 AC_MSG_CHECKING([for s/key support])
1014 AC_LINK_IFELSE(
1015 [AC_LANG_SOURCE([[
1016 #include <stdio.h>
1017 #include <skey.h>
1018 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1019 ]])],
1020 [AC_MSG_RESULT(yes)],
1021 [
1022 AC_MSG_RESULT(no)
1023 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1024 ])
1025 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1026 AC_TRY_COMPILE(
1027 [#include <stdio.h>
1028 #include <skey.h>],
1029 [(void)skeychallenge(NULL,"name","",0);],
1030 [AC_MSG_RESULT(yes)
1031 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1032 [Define if your skeychallenge()
1033 function takes 4 arguments (NetBSD)])],
1034 [AC_MSG_RESULT(no)]
1035 )
1036 fi
1037 ]
1038 )
1040 # Check whether user wants TCP wrappers support
1041 TCPW_MSG="no"
1042 AC_ARG_WITH(tcp-wrappers,
1043 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1044 [
1045 if test "x$withval" != "xno" ; then
1046 saved_LIBS="$LIBS"
1047 saved_LDFLAGS="$LDFLAGS"
1048 saved_CPPFLAGS="$CPPFLAGS"
1049 if test -n "${withval}" && \
1050 test "x${withval}" != "xyes"; then
1051 if test -d "${withval}/lib"; then
1052 if test -n "${need_dash_r}"; then
1053 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1054 else
1055 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1056 fi
1057 else
1058 if test -n "${need_dash_r}"; then
1059 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1060 else
1061 LDFLAGS="-L${withval} ${LDFLAGS}"
1062 fi
1063 fi
1064 if test -d "${withval}/include"; then
1065 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1066 else
1067 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1068 fi
1069 fi
1070 LIBWRAP="-lwrap"
1071 LIBS="$LIBWRAP $LIBS"
1072 AC_MSG_CHECKING(for libwrap)
1073 AC_TRY_LINK(
1074 [
1075 #include <sys/types.h>
1076 #include <sys/socket.h>
1077 #include <netinet/in.h>
1078 #include <tcpd.h>
1079 int deny_severity = 0, allow_severity = 0;
1080 ],
1081 [hosts_access(0);],
1082 [
1083 AC_MSG_RESULT(yes)
1084 AC_DEFINE(LIBWRAP, 1,
1085 [Define if you want
1086 TCP Wrappers support])
1087 AC_SUBST(LIBWRAP)
1088 TCPW_MSG="yes"
1089 ],
1090 [
1091 AC_MSG_ERROR([*** libwrap missing])
1092 ]
1093 )
1094 LIBS="$saved_LIBS"
1095 fi
1096 ]
1097 )
1099 # Check whether user wants libedit support
1100 LIBEDIT_MSG="no"
1101 AC_ARG_WITH(libedit,
1102 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1103 [ if test "x$withval" != "xno" ; then
1104 if test "x$withval" != "xyes"; then
1105 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1106 if test -n "${need_dash_r}"; then
1107 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1108 else
1109 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1110 fi
1111 fi
1112 AC_CHECK_LIB(edit, el_init,
1113 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1114 LIBEDIT="-ledit -lcurses"
1115 LIBEDIT_MSG="yes"
1116 AC_SUBST(LIBEDIT)
1117 ],
1118 [ AC_MSG_ERROR(libedit not found) ],
1119 [ -lcurses ]
1120 )
1121 AC_MSG_CHECKING(if libedit version is compatible)
1122 AC_COMPILE_IFELSE(
1123 [AC_LANG_SOURCE([[
1124 #include <histedit.h>
1125 int main(void)
1126 {
1127 int i = H_SETSIZE;
1128 el_init("", NULL, NULL, NULL);
1129 exit(0);
1130 }
1131 ]])],
1132 [ AC_MSG_RESULT(yes) ],
1133 [ AC_MSG_RESULT(no)
1134 AC_MSG_ERROR(libedit version is not compatible) ]
1135 )
1136 fi ]
1137 )
1139 AUDIT_MODULE=none
1140 AC_ARG_WITH(audit,
1141 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1142 [
1143 AC_MSG_CHECKING(for supported audit module)
1144 case "$withval" in
1145 bsm)
1146 AC_MSG_RESULT(bsm)
1147 AUDIT_MODULE=bsm
1148 dnl Checks for headers, libs and functions
1149 AC_CHECK_HEADERS(bsm/audit.h, [],
1150 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
1151 AC_CHECK_LIB(bsm, getaudit, [],
1152 [AC_MSG_ERROR(BSM enabled and required library not found)])
1153 AC_CHECK_FUNCS(getaudit, [],
1154 [AC_MSG_ERROR(BSM enabled and required function not found)])
1155 # These are optional
1156 AC_CHECK_FUNCS(getaudit_addr)
1157 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1158 ;;
1159 debug)
1160 AUDIT_MODULE=debug
1161 AC_MSG_RESULT(debug)
1162 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1163 ;;
1164 no)
1165 AC_MSG_RESULT(no)
1166 ;;
1167 *)
1168 AC_MSG_ERROR([Unknown audit module $withval])
1169 ;;
1170 esac ]
1171 )
1173 dnl Checks for library functions. Please keep in alphabetical order
1174 AC_CHECK_FUNCS( \
1175 arc4random \
1176 asprintf \
1177 b64_ntop \
1178 __b64_ntop \
1179 b64_pton \
1180 __b64_pton \
1181 bcopy \
1182 bindresvport_sa \
1183 clock \
1184 closefrom \
1185 dirfd \
1186 fchmod \
1187 fchown \
1188 freeaddrinfo \
1189 futimes \
1190 getaddrinfo \
1191 getcwd \
1192 getgrouplist \
1193 getnameinfo \
1194 getopt \
1195 getpeereid \
1196 _getpty \
1197 getrlimit \
1198 getttyent \
1199 glob \
1200 inet_aton \
1201 inet_ntoa \
1202 inet_ntop \
1203 innetgr \
1204 login_getcapbool \
1205 md5_crypt \
1206 memmove \
1207 mkdtemp \
1208 mmap \
1209 ngetaddrinfo \
1210 nsleep \
1211 ogetaddrinfo \
1212 openlog_r \
1213 openpty \
1214 prctl \
1215 pstat \
1216 readpassphrase \
1217 realpath \
1218 recvmsg \
1219 rresvport_af \
1220 sendmsg \
1221 setdtablesize \
1222 setegid \
1223 setenv \
1224 seteuid \
1225 setgroups \
1226 setlogin \
1227 setpcred \
1228 setproctitle \
1229 setregid \
1230 setreuid \
1231 setrlimit \
1232 setsid \
1233 setvbuf \
1234 sigaction \
1235 sigvec \
1236 snprintf \
1237 socketpair \
1238 strdup \
1239 strerror \
1240 strlcat \
1241 strlcpy \
1242 strmode \
1243 strnvis \
1244 strtonum \
1245 strtoll \
1246 strtoul \
1247 sysconf \
1248 tcgetpgrp \
1249 truncate \
1250 unsetenv \
1251 updwtmpx \
1252 vasprintf \
1253 vhangup \
1254 vsnprintf \
1255 waitpid \
1256 )
1258 # IRIX has a const char return value for gai_strerror()
1259 AC_CHECK_FUNCS(gai_strerror,[
1260 AC_DEFINE(HAVE_GAI_STRERROR)
1261 AC_TRY_COMPILE([
1262 #include <sys/types.h>
1263 #include <sys/socket.h>
1264 #include <netdb.h>
1266 const char *gai_strerror(int);],[
1267 char *str;
1269 str = gai_strerror(0);],[
1270 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1271 [Define if gai_strerror() returns const char *])])])
1273 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1274 [Some systems put nanosleep outside of libc]))
1276 dnl Make sure prototypes are defined for these before using them.
1277 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1278 AC_CHECK_DECL(strsep,
1279 [AC_CHECK_FUNCS(strsep)],
1280 [],
1281 [
1282 #ifdef HAVE_STRING_H
1283 # include <string.h>
1284 #endif
1285 ])
1287 dnl tcsendbreak might be a macro
1288 AC_CHECK_DECL(tcsendbreak,
1289 [AC_DEFINE(HAVE_TCSENDBREAK)],
1290 [AC_CHECK_FUNCS(tcsendbreak)],
1291 [#include <termios.h>]
1292 )
1294 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1296 AC_CHECK_DECLS(SHUT_RD, , ,
1297 [
1298 #include <sys/types.h>
1299 #include <sys/socket.h>
1300 ])
1302 AC_CHECK_DECLS(O_NONBLOCK, , ,
1303 [
1304 #include <sys/types.h>
1305 #ifdef HAVE_SYS_STAT_H
1306 # include <sys/stat.h>
1307 #endif
1308 #ifdef HAVE_FCNTL_H
1309 # include <fcntl.h>
1310 #endif
1311 ])
1313 AC_CHECK_FUNCS(setresuid, [
1314 dnl Some platorms have setresuid that isn't implemented, test for this
1315 AC_MSG_CHECKING(if setresuid seems to work)
1316 AC_RUN_IFELSE(
1317 [AC_LANG_SOURCE([[
1318 #include <stdlib.h>
1319 #include <errno.h>
1320 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1321 ]])],
1322 [AC_MSG_RESULT(yes)],
1323 [AC_DEFINE(BROKEN_SETRESUID, 1,
1324 [Define if your setresuid() is broken])
1325 AC_MSG_RESULT(not implemented)],
1326 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1327 )
1328 ])
1330 AC_CHECK_FUNCS(setresgid, [
1331 dnl Some platorms have setresgid that isn't implemented, test for this
1332 AC_MSG_CHECKING(if setresgid seems to work)
1333 AC_RUN_IFELSE(
1334 [AC_LANG_SOURCE([[
1335 #include <stdlib.h>
1336 #include <errno.h>
1337 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1338 ]])],
1339 [AC_MSG_RESULT(yes)],
1340 [AC_DEFINE(BROKEN_SETRESGID, 1,
1341 [Define if your setresgid() is broken])
1342 AC_MSG_RESULT(not implemented)],
1343 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1344 )
1345 ])
1347 dnl Checks for time functions
1348 AC_CHECK_FUNCS(gettimeofday time)
1349 dnl Checks for utmp functions
1350 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1351 AC_CHECK_FUNCS(utmpname)
1352 dnl Checks for utmpx functions
1353 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1354 AC_CHECK_FUNCS(setutxent utmpxname)
1356 AC_CHECK_FUNC(daemon,
1357 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1358 [AC_CHECK_LIB(bsd, daemon,
1359 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1360 )
1362 AC_CHECK_FUNC(getpagesize,
1363 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1364 [Define if your libraries define getpagesize()])],
1365 [AC_CHECK_LIB(ucb, getpagesize,
1366 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1367 )
1369 # Check for broken snprintf
1370 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1371 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1372 AC_RUN_IFELSE(
1373 [AC_LANG_SOURCE([[
1374 #include <stdio.h>
1375 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1376 ]])],
1377 [AC_MSG_RESULT(yes)],
1378 [
1379 AC_MSG_RESULT(no)
1380 AC_DEFINE(BROKEN_SNPRINTF, 1,
1381 [Define if your snprintf is busted])
1382 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1383 ],
1384 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1385 )
1386 fi
1388 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1389 # returning the right thing on overflow: the number of characters it tried to
1390 # create (as per SUSv3)
1391 if test "x$ac_cv_func_asprintf" != "xyes" && \
1392 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1393 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1394 AC_RUN_IFELSE(
1395 [AC_LANG_SOURCE([[
1396 #include <sys/types.h>
1397 #include <stdio.h>
1398 #include <stdarg.h>
1400 int x_snprintf(char *str,size_t count,const char *fmt,...)
1401 {
1402 size_t ret; va_list ap;
1403 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1404 return ret;
1405 }
1406 int main(void)
1407 {
1408 char x[1];
1409 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1410 } ]])],
1411 [AC_MSG_RESULT(yes)],
1412 [
1413 AC_MSG_RESULT(no)
1414 AC_DEFINE(BROKEN_SNPRINTF, 1,
1415 [Define if your snprintf is busted])
1416 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1417 ],
1418 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1419 )
1420 fi
1422 # On systems where [v]snprintf is broken, but is declared in stdio,
1423 # check that the fmt argument is const char * or just char *.
1424 # This is only useful for when BROKEN_SNPRINTF
1425 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1426 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1427 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1428 int main(void) { snprintf(0, 0, 0); }
1429 ]])],
1430 [AC_MSG_RESULT(yes)
1431 AC_DEFINE(SNPRINTF_CONST, [const],
1432 [Define as const if snprintf() can declare const char *fmt])],
1433 [AC_MSG_RESULT(no)
1434 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1436 # Check for missing getpeereid (or equiv) support
1437 NO_PEERCHECK=""
1438 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1439 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1440 AC_TRY_COMPILE(
1441 [#include <sys/types.h>
1442 #include <sys/socket.h>],
1443 [int i = SO_PEERCRED;],
1444 [ AC_MSG_RESULT(yes)
1445 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1446 ],
1447 [AC_MSG_RESULT(no)
1448 NO_PEERCHECK=1]
1449 )
1450 fi
1452 dnl see whether mkstemp() requires XXXXXX
1453 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1454 AC_MSG_CHECKING([for (overly) strict mkstemp])
1455 AC_RUN_IFELSE(
1456 [AC_LANG_SOURCE([[
1457 #include <stdlib.h>
1458 main() { char template[]="conftest.mkstemp-test";
1459 if (mkstemp(template) == -1)
1460 exit(1);
1461 unlink(template); exit(0);
1462 }
1463 ]])],
1464 [
1465 AC_MSG_RESULT(no)
1466 ],
1467 [
1468 AC_MSG_RESULT(yes)
1469 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1470 ],
1471 [
1472 AC_MSG_RESULT(yes)
1473 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1474 ]
1475 )
1476 fi
1478 dnl make sure that openpty does not reacquire controlling terminal
1479 if test ! -z "$check_for_openpty_ctty_bug"; then
1480 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1481 AC_RUN_IFELSE(
1482 [AC_LANG_SOURCE([[
1483 #include <stdio.h>
1484 #include <sys/fcntl.h>
1485 #include <sys/types.h>
1486 #include <sys/wait.h>
1488 int
1489 main()
1490 {
1491 pid_t pid;
1492 int fd, ptyfd, ttyfd, status;
1494 pid = fork();
1495 if (pid < 0) { /* failed */
1496 exit(1);
1497 } else if (pid > 0) { /* parent */
1498 waitpid(pid, &status, 0);
1499 if (WIFEXITED(status))
1500 exit(WEXITSTATUS(status));
1501 else
1502 exit(2);
1503 } else { /* child */
1504 close(0); close(1); close(2);
1505 setsid();
1506 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1507 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1508 if (fd >= 0)
1509 exit(3); /* Acquired ctty: broken */
1510 else
1511 exit(0); /* Did not acquire ctty: OK */
1512 }
1513 }
1514 ]])],
1515 [
1516 AC_MSG_RESULT(yes)
1517 ],
1518 [
1519 AC_MSG_RESULT(no)
1520 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1521 ],
1522 [
1523 AC_MSG_RESULT(cross-compiling, assuming yes)
1524 ]
1525 )
1526 fi
1528 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1529 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1530 AC_MSG_CHECKING(if getaddrinfo seems to work)
1531 AC_RUN_IFELSE(
1532 [AC_LANG_SOURCE([[
1533 #include <stdio.h>
1534 #include <sys/socket.h>
1535 #include <netdb.h>
1536 #include <errno.h>
1537 #include <netinet/in.h>
1539 #define TEST_PORT "2222"
1541 int
1542 main(void)
1543 {
1544 int err, sock;
1545 struct addrinfo *gai_ai, *ai, hints;
1546 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1548 memset(&hints, 0, sizeof(hints));
1549 hints.ai_family = PF_UNSPEC;
1550 hints.ai_socktype = SOCK_STREAM;
1551 hints.ai_flags = AI_PASSIVE;
1553 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1554 if (err != 0) {
1555 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1556 exit(1);
1557 }
1559 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1560 if (ai->ai_family != AF_INET6)
1561 continue;
1563 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1564 sizeof(ntop), strport, sizeof(strport),
1565 NI_NUMERICHOST|NI_NUMERICSERV);
1567 if (err != 0) {
1568 if (err == EAI_SYSTEM)
1569 perror("getnameinfo EAI_SYSTEM");
1570 else
1571 fprintf(stderr, "getnameinfo failed: %s\n",
1572 gai_strerror(err));
1573 exit(2);
1574 }
1576 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1577 if (sock < 0)
1578 perror("socket");
1579 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1580 if (errno == EBADF)
1581 exit(3);
1582 }
1583 }
1584 exit(0);
1585 }
1586 ]])],
1587 [
1588 AC_MSG_RESULT(yes)
1589 ],
1590 [
1591 AC_MSG_RESULT(no)
1592 AC_DEFINE(BROKEN_GETADDRINFO)
1593 ],
1594 [
1595 AC_MSG_RESULT(cross-compiling, assuming yes)
1596 ]
1597 )
1598 fi
1600 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1601 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1602 AC_MSG_CHECKING(if getaddrinfo seems to work)
1603 AC_RUN_IFELSE(
1604 [AC_LANG_SOURCE([[
1605 #include <stdio.h>
1606 #include <sys/socket.h>
1607 #include <netdb.h>
1608 #include <errno.h>
1609 #include <netinet/in.h>
1611 #define TEST_PORT "2222"
1613 int
1614 main(void)
1615 {
1616 int err, sock;
1617 struct addrinfo *gai_ai, *ai, hints;
1618 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1620 memset(&hints, 0, sizeof(hints));
1621 hints.ai_family = PF_UNSPEC;
1622 hints.ai_socktype = SOCK_STREAM;
1623 hints.ai_flags = AI_PASSIVE;
1625 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1626 if (err != 0) {
1627 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1628 exit(1);
1629 }
1631 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1632 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1633 continue;
1635 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1636 sizeof(ntop), strport, sizeof(strport),
1637 NI_NUMERICHOST|NI_NUMERICSERV);
1639 if (ai->ai_family == AF_INET && err != 0) {
1640 perror("getnameinfo");
1641 exit(2);
1642 }
1643 }
1644 exit(0);
1645 }
1646 ]])],
1647 [
1648 AC_MSG_RESULT(yes)
1649 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1650 [Define if you have a getaddrinfo that fails
1651 for the all-zeros IPv6 address])
1652 ],
1653 [
1654 AC_MSG_RESULT(no)
1655 AC_DEFINE(BROKEN_GETADDRINFO)
1656 ],
1657 [
1658 AC_MSG_RESULT(cross-compiling, assuming no)
1659 ]
1660 )
1661 fi
1663 if test "x$check_for_conflicting_getspnam" = "x1"; then
1664 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1665 AC_COMPILE_IFELSE(
1666 [
1667 #include <shadow.h>
1668 int main(void) {exit(0);}
1669 ],
1670 [
1671 AC_MSG_RESULT(no)
1672 ],
1673 [
1674 AC_MSG_RESULT(yes)
1675 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1676 [Conflicting defs for getspnam])
1677 ]
1678 )
1679 fi
1681 AC_FUNC_GETPGRP
1683 # Check for PAM libs
1684 PAM_MSG="no"
1685 AC_ARG_WITH(pam,
1686 [ --with-pam Enable PAM support ],
1687 [
1688 if test "x$withval" != "xno" ; then
1689 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1690 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1691 AC_MSG_ERROR([PAM headers not found])
1692 fi
1694 AC_CHECK_LIB(dl, dlopen, , )
1695 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1696 AC_CHECK_FUNCS(pam_getenvlist)
1697 AC_CHECK_FUNCS(pam_putenv)
1699 PAM_MSG="yes"
1701 AC_DEFINE(USE_PAM, 1,
1702 [Define if you want to enable PAM support])
1703 if test $ac_cv_lib_dl_dlopen = yes; then
1704 LIBPAM="-lpam -ldl"
1705 else
1706 LIBPAM="-lpam"
1707 fi
1708 AC_SUBST(LIBPAM)
1709 fi
1710 ]
1711 )
1713 # Check for older PAM
1714 if test "x$PAM_MSG" = "xyes" ; then
1715 # Check PAM strerror arguments (old PAM)
1716 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
1717 AC_TRY_COMPILE(
1718 [
1719 #include <stdlib.h>
1720 #if defined(HAVE_SECURITY_PAM_APPL_H)
1721 #include <security/pam_appl.h>
1722 #elif defined (HAVE_PAM_PAM_APPL_H)
1723 #include <pam/pam_appl.h>
1724 #endif
1725 ],
1726 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1727 [AC_MSG_RESULT(no)],
1728 [
1729 AC_DEFINE(HAVE_OLD_PAM, 1,
1730 [Define if you have an old version of PAM
1731 which takes only one argument to pam_strerror])
1732 AC_MSG_RESULT(yes)
1733 PAM_MSG="yes (old library)"
1734 ]
1735 )
1736 fi
1738 # Search for OpenSSL
1739 saved_CPPFLAGS="$CPPFLAGS"
1740 saved_LDFLAGS="$LDFLAGS"
1741 AC_ARG_WITH(ssl-dir,
1742 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1743 [
1744 if test "x$withval" != "xno" ; then
1745 case "$withval" in
1746 # Relative paths
1747 ./*|../*) withval="`pwd`/$withval"
1748 esac
1749 if test -d "$withval/lib"; then
1750 if test -n "${need_dash_r}"; then
1751 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1752 else
1753 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1754 fi
1755 else
1756 if test -n "${need_dash_r}"; then
1757 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1758 else
1759 LDFLAGS="-L${withval} ${LDFLAGS}"
1760 fi
1761 fi
1762 if test -d "$withval/include"; then
1763 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1764 else
1765 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1766 fi
1767 fi
1768 ]
1769 )
1770 LIBS="-lcrypto $LIBS"
1771 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1772 [Define if your ssl headers are included
1773 with #include <openssl/header.h>]),
1774 [
1775 dnl Check default openssl install dir
1776 if test -n "${need_dash_r}"; then
1777 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1778 else
1779 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1780 fi
1781 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1782 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1783 [
1784 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1785 ]
1786 )
1787 ]
1788 )
1790 # Determine OpenSSL header version
1791 AC_MSG_CHECKING([OpenSSL header version])
1792 AC_RUN_IFELSE(
1793 [AC_LANG_SOURCE([[
1794 #include <stdio.h>
1795 #include <string.h>
1796 #include <openssl/opensslv.h>
1797 #define DATA "conftest.sslincver"
1798 int main(void) {
1799 FILE *fd;
1800 int rc;
1802 fd = fopen(DATA,"w");
1803 if(fd == NULL)
1804 exit(1);
1806 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1807 exit(1);
1809 exit(0);
1810 }
1811 ]])],
1812 [
1813 ssl_header_ver=`cat conftest.sslincver`
1814 AC_MSG_RESULT($ssl_header_ver)
1815 ],
1816 [
1817 AC_MSG_RESULT(not found)
1818 AC_MSG_ERROR(OpenSSL version header not found.)
1819 ],
1820 [
1821 AC_MSG_WARN([cross compiling: not checking])
1822 ]
1823 )
1825 # Determine OpenSSL library version
1826 AC_MSG_CHECKING([OpenSSL library version])
1827 AC_RUN_IFELSE(
1828 [AC_LANG_SOURCE([[
1829 #include <stdio.h>
1830 #include <string.h>
1831 #include <openssl/opensslv.h>
1832 #include <openssl/crypto.h>
1833 #define DATA "conftest.ssllibver"
1834 int main(void) {
1835 FILE *fd;
1836 int rc;
1838 fd = fopen(DATA,"w");
1839 if(fd == NULL)
1840 exit(1);
1842 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1843 exit(1);
1845 exit(0);
1846 }
1847 ]])],
1848 [
1849 ssl_library_ver=`cat conftest.ssllibver`
1850 AC_MSG_RESULT($ssl_library_ver)
1851 ],
1852 [
1853 AC_MSG_RESULT(not found)
1854 AC_MSG_ERROR(OpenSSL library not found.)
1855 ],
1856 [
1857 AC_MSG_WARN([cross compiling: not checking])
1858 ]
1859 )
1861 # Sanity check OpenSSL headers
1862 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1863 AC_RUN_IFELSE(
1864 [AC_LANG_SOURCE([[
1865 #include <string.h>
1866 #include <openssl/opensslv.h>
1867 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1868 ]])],
1869 [
1870 AC_MSG_RESULT(yes)
1871 ],
1872 [
1873 AC_MSG_RESULT(no)
1874 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1875 Check config.log for details.
1876 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1877 ],
1878 [
1879 AC_MSG_WARN([cross compiling: not checking])
1880 ]
1881 )
1883 AC_ARG_WITH(ssl-engine,
1884 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1885 [ if test "x$withval" != "xno" ; then
1886 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1887 AC_TRY_COMPILE(
1888 [ #include <openssl/engine.h>],
1889 [
1890 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1891 ],
1892 [ AC_MSG_RESULT(yes)
1893 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1894 [Enable OpenSSL engine support])
1895 ],
1896 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1897 )
1898 fi ]
1899 )
1901 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1902 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1903 AC_LINK_IFELSE(
1904 [AC_LANG_SOURCE([[
1905 #include <string.h>
1906 #include <openssl/evp.h>
1907 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1908 ]])],
1909 [
1910 AC_MSG_RESULT(no)
1911 ],
1912 [
1913 AC_MSG_RESULT(yes)
1914 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1915 [libcrypto is missing AES 192 and 256 bit functions])
1916 ]
1917 )
1919 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1920 # because the system crypt() is more featureful.
1921 if test "x$check_for_libcrypt_before" = "x1"; then
1922 AC_CHECK_LIB(crypt, crypt)
1923 fi
1925 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1926 # version in OpenSSL.
1927 if test "x$check_for_libcrypt_later" = "x1"; then
1928 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1929 fi
1931 # Search for SHA256 support in libc and/or OpenSSL
1932 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1934 AC_CHECK_LIB(iaf, ia_openinfo)
1936 ### Configure cryptographic random number support
1938 # Check wheter OpenSSL seeds itself
1939 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1940 AC_RUN_IFELSE(
1941 [AC_LANG_SOURCE([[
1942 #include <string.h>
1943 #include <openssl/rand.h>
1944 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1945 ]])],
1946 [
1947 OPENSSL_SEEDS_ITSELF=yes
1948 AC_MSG_RESULT(yes)
1949 ],
1950 [
1951 AC_MSG_RESULT(no)
1952 # Default to use of the rand helper if OpenSSL doesn't
1953 # seed itself
1954 USE_RAND_HELPER=yes
1955 ],
1956 [
1957 AC_MSG_WARN([cross compiling: assuming yes])
1958 # This is safe, since all recent OpenSSL versions will
1959 # complain at runtime if not seeded correctly.
1960 OPENSSL_SEEDS_ITSELF=yes
1961 ]
1962 )
1965 # Do we want to force the use of the rand helper?
1966 AC_ARG_WITH(rand-helper,
1967 [ --with-rand-helper Use subprocess to gather strong randomness ],
1968 [
1969 if test "x$withval" = "xno" ; then
1970 # Force use of OpenSSL's internal RNG, even if
1971 # the previous test showed it to be unseeded.
1972 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
1973 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
1974 OPENSSL_SEEDS_ITSELF=yes
1975 USE_RAND_HELPER=""
1976 fi
1977 else
1978 USE_RAND_HELPER=yes
1979 fi
1980 ],
1981 )
1983 # Which randomness source do we use?
1984 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1985 # OpenSSL only
1986 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1987 [Define if you want OpenSSL's internally seeded PRNG only])
1988 RAND_MSG="OpenSSL internal ONLY"
1989 INSTALL_SSH_RAND_HELPER=""
1990 elif test ! -z "$USE_RAND_HELPER" ; then
1991 # install rand helper
1992 RAND_MSG="ssh-rand-helper"
1993 INSTALL_SSH_RAND_HELPER="yes"
1994 fi
1995 AC_SUBST(INSTALL_SSH_RAND_HELPER)
1997 ### Configuration of ssh-rand-helper
1999 # PRNGD TCP socket
2000 AC_ARG_WITH(prngd-port,
2001 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2002 [
2003 case "$withval" in
2004 no)
2005 withval=""
2006 ;;
2007 [[0-9]]*)
2008 ;;
2009 *)
2010 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2011 ;;
2012 esac
2013 if test ! -z "$withval" ; then
2014 PRNGD_PORT="$withval"
2015 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2016 [Port number of PRNGD/EGD random number socket])
2017 fi
2018 ]
2019 )
2021 # PRNGD Unix domain socket
2022 AC_ARG_WITH(prngd-socket,
2023 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2024 [
2025 case "$withval" in
2026 yes)
2027 withval="/var/run/egd-pool"
2028 ;;
2029 no)
2030 withval=""
2031 ;;
2032 /*)
2033 ;;
2034 *)
2035 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2036 ;;
2037 esac
2039 if test ! -z "$withval" ; then
2040 if test ! -z "$PRNGD_PORT" ; then
2041 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2042 fi
2043 if test ! -r "$withval" ; then
2044 AC_MSG_WARN(Entropy socket is not readable)
2045 fi
2046 PRNGD_SOCKET="$withval"
2047 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2048 [Location of PRNGD/EGD random number socket])
2049 fi
2050 ],
2051 [
2052 # Check for existing socket only if we don't have a random device already
2053 if test "$USE_RAND_HELPER" = yes ; then
2054 AC_MSG_CHECKING(for PRNGD/EGD socket)
2055 # Insert other locations here
2056 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2057 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2058 PRNGD_SOCKET="$sock"
2059 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2060 break;
2061 fi
2062 done
2063 if test ! -z "$PRNGD_SOCKET" ; then
2064 AC_MSG_RESULT($PRNGD_SOCKET)
2065 else
2066 AC_MSG_RESULT(not found)
2067 fi
2068 fi
2069 ]
2070 )
2072 # Change default command timeout for hashing entropy source
2073 entropy_timeout=200
2074 AC_ARG_WITH(entropy-timeout,
2075 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2076 [
2077 if test -n "$withval" && test "x$withval" != "xno" && \
2078 test "x${withval}" != "xyes"; then
2079 entropy_timeout=$withval
2080 fi
2081 ]
2082 )
2083 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2084 [Builtin PRNG command timeout])
2086 SSH_PRIVSEP_USER=sshd
2087 AC_ARG_WITH(privsep-user,
2088 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2089 [
2090 if test -n "$withval" && test "x$withval" != "xno" && \
2091 test "x${withval}" != "xyes"; then
2092 SSH_PRIVSEP_USER=$withval
2093 fi
2094 ]
2095 )
2096 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2097 [non-privileged user for privilege separation])
2098 AC_SUBST(SSH_PRIVSEP_USER)
2100 # We do this little dance with the search path to insure
2101 # that programs that we select for use by installed programs
2102 # (which may be run by the super-user) come from trusted
2103 # locations before they come from the user's private area.
2104 # This should help avoid accidentally configuring some
2105 # random version of a program in someone's personal bin.
2107 OPATH=$PATH
2108 PATH=/bin:/usr/bin
2109 test -h /bin 2> /dev/null && PATH=/usr/bin
2110 test -d /sbin && PATH=$PATH:/sbin
2111 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2112 PATH=$PATH:/etc:$OPATH
2114 # These programs are used by the command hashing source to gather entropy
2115 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2116 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2117 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2118 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2119 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2120 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2121 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2122 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2123 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2124 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2125 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2126 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2127 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2128 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2129 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2130 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2131 # restore PATH
2132 PATH=$OPATH
2134 # Where does ssh-rand-helper get its randomness from?
2135 INSTALL_SSH_PRNG_CMDS=""
2136 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2137 if test ! -z "$PRNGD_PORT" ; then
2138 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2139 elif test ! -z "$PRNGD_SOCKET" ; then
2140 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2141 else
2142 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2143 RAND_HELPER_CMDHASH=yes
2144 INSTALL_SSH_PRNG_CMDS="yes"
2145 fi
2146 fi
2147 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2150 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2151 if test ! -z "$SONY" ; then
2152 LIBS="$LIBS -liberty";
2153 fi
2155 # Check for long long datatypes
2156 AC_CHECK_TYPES([long long, unsigned long long, long double])
2158 # Check datatype sizes
2159 AC_CHECK_SIZEOF(char, 1)
2160 AC_CHECK_SIZEOF(short int, 2)
2161 AC_CHECK_SIZEOF(int, 4)
2162 AC_CHECK_SIZEOF(long int, 4)
2163 AC_CHECK_SIZEOF(long long int, 8)
2165 # Sanity check long long for some platforms (AIX)
2166 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2167 ac_cv_sizeof_long_long_int=0
2168 fi
2170 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2171 if test -z "$have_llong_max"; then
2172 AC_MSG_CHECKING([for max value of long long])
2173 AC_RUN_IFELSE(
2174 [AC_LANG_SOURCE([[
2175 #include <stdio.h>
2176 /* Why is this so damn hard? */
2177 #ifdef __GNUC__
2178 # undef __GNUC__
2179 #endif
2180 #define __USE_ISOC99
2181 #include <limits.h>
2182 #define DATA "conftest.llminmax"
2183 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2185 /*
2186 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2187 * we do this the hard way.
2188 */
2189 static int
2190 fprint_ll(FILE *f, long long n)
2191 {
2192 unsigned int i;
2193 int l[sizeof(long long) * 8];
2195 if (n < 0)
2196 if (fprintf(f, "-") < 0)
2197 return -1;
2198 for (i = 0; n != 0; i++) {
2199 l[i] = my_abs(n % 10);
2200 n /= 10;
2201 }
2202 do {
2203 if (fprintf(f, "%d", l[--i]) < 0)
2204 return -1;
2205 } while (i != 0);
2206 if (fprintf(f, " ") < 0)
2207 return -1;
2208 return 0;
2209 }
2211 int main(void) {
2212 FILE *f;
2213 long long i, llmin, llmax = 0;
2215 if((f = fopen(DATA,"w")) == NULL)
2216 exit(1);
2218 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2219 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2220 llmin = LLONG_MIN;
2221 llmax = LLONG_MAX;
2222 #else
2223 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2224 /* This will work on one's complement and two's complement */
2225 for (i = 1; i > llmax; i <<= 1, i++)
2226 llmax = i;
2227 llmin = llmax + 1LL; /* wrap */
2228 #endif
2230 /* Sanity check */
2231 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2232 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2233 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2234 fprintf(f, "unknown unknown\n");
2235 exit(2);
2236 }
2238 if (fprint_ll(f, llmin) < 0)
2239 exit(3);
2240 if (fprint_ll(f, llmax) < 0)
2241 exit(4);
2242 if (fclose(f) < 0)
2243 exit(5);
2244 exit(0);
2245 }
2246 ]])],
2247 [
2248 llong_min=`$AWK '{print $1}' conftest.llminmax`
2249 llong_max=`$AWK '{print $2}' conftest.llminmax`
2251 AC_MSG_RESULT($llong_max)
2252 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2253 [max value of long long calculated by configure])
2254 AC_MSG_CHECKING([for min value of long long])
2255 AC_MSG_RESULT($llong_min)
2256 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2257 [min value of long long calculated by configure])
2258 ],
2259 [
2260 AC_MSG_RESULT(not found)
2261 ],
2262 [
2263 AC_MSG_WARN([cross compiling: not checking])
2264 ]
2265 )
2266 fi
2269 # More checks for data types
2270 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2271 AC_TRY_COMPILE(
2272 [ #include <sys/types.h> ],
2273 [ u_int a; a = 1;],
2274 [ ac_cv_have_u_int="yes" ],
2275 [ ac_cv_have_u_int="no" ]
2276 )
2277 ])
2278 if test "x$ac_cv_have_u_int" = "xyes" ; then
2279 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2280 have_u_int=1
2281 fi
2283 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2284 AC_TRY_COMPILE(
2285 [ #include <sys/types.h> ],
2286 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2287 [ ac_cv_have_intxx_t="yes" ],
2288 [ ac_cv_have_intxx_t="no" ]
2289 )
2290 ])
2291 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2292 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2293 have_intxx_t=1
2294 fi
2296 if (test -z "$have_intxx_t" && \
2297 test "x$ac_cv_header_stdint_h" = "xyes")
2298 then
2299 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2300 AC_TRY_COMPILE(
2301 [ #include <stdint.h> ],
2302 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2303 [
2304 AC_DEFINE(HAVE_INTXX_T)
2305 AC_MSG_RESULT(yes)
2306 ],
2307 [ AC_MSG_RESULT(no) ]
2308 )
2309 fi
2311 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2312 AC_TRY_COMPILE(
2313 [
2314 #include <sys/types.h>
2315 #ifdef HAVE_STDINT_H
2316 # include <stdint.h>
2317 #endif
2318 #include <sys/socket.h>
2319 #ifdef HAVE_SYS_BITYPES_H
2320 # include <sys/bitypes.h>
2321 #endif
2322 ],
2323 [ int64_t a; a = 1;],
2324 [ ac_cv_have_int64_t="yes" ],
2325 [ ac_cv_have_int64_t="no" ]
2326 )
2327 ])
2328 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2329 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2330 fi
2332 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2333 AC_TRY_COMPILE(
2334 [ #include <sys/types.h> ],
2335 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2336 [ ac_cv_have_u_intxx_t="yes" ],
2337 [ ac_cv_have_u_intxx_t="no" ]
2338 )
2339 ])
2340 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2341 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2342 have_u_intxx_t=1
2343 fi
2345 if test -z "$have_u_intxx_t" ; then
2346 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2347 AC_TRY_COMPILE(
2348 [ #include <sys/socket.h> ],
2349 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2350 [
2351 AC_DEFINE(HAVE_U_INTXX_T)
2352 AC_MSG_RESULT(yes)
2353 ],
2354 [ AC_MSG_RESULT(no) ]
2355 )
2356 fi
2358 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2359 AC_TRY_COMPILE(
2360 [ #include <sys/types.h> ],
2361 [ u_int64_t a; a = 1;],
2362 [ ac_cv_have_u_int64_t="yes" ],
2363 [ ac_cv_have_u_int64_t="no" ]
2364 )
2365 ])
2366 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2367 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2368 have_u_int64_t=1
2369 fi
2371 if test -z "$have_u_int64_t" ; then
2372 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2373 AC_TRY_COMPILE(
2374 [ #include <sys/bitypes.h> ],
2375 [ u_int64_t a; a = 1],
2376 [
2377 AC_DEFINE(HAVE_U_INT64_T)
2378 AC_MSG_RESULT(yes)
2379 ],
2380 [ AC_MSG_RESULT(no) ]
2381 )
2382 fi
2384 if test -z "$have_u_intxx_t" ; then
2385 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2386 AC_TRY_COMPILE(
2387 [
2388 #include <sys/types.h>
2389 ],
2390 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2391 [ ac_cv_have_uintxx_t="yes" ],
2392 [ ac_cv_have_uintxx_t="no" ]
2393 )
2394 ])
2395 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2396 AC_DEFINE(HAVE_UINTXX_T, 1,
2397 [define if you have uintxx_t data type])
2398 fi
2399 fi
2401 if test -z "$have_uintxx_t" ; then
2402 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2403 AC_TRY_COMPILE(
2404 [ #include <stdint.h> ],
2405 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2406 [
2407 AC_DEFINE(HAVE_UINTXX_T)
2408 AC_MSG_RESULT(yes)
2409 ],
2410 [ AC_MSG_RESULT(no) ]
2411 )
2412 fi
2414 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2415 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2416 then
2417 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2418 AC_TRY_COMPILE(
2419 [
2420 #include <sys/bitypes.h>
2421 ],
2422 [
2423 int8_t a; int16_t b; int32_t c;
2424 u_int8_t e; u_int16_t f; u_int32_t g;
2425 a = b = c = e = f = g = 1;
2426 ],
2427 [
2428 AC_DEFINE(HAVE_U_INTXX_T)
2429 AC_DEFINE(HAVE_INTXX_T)
2430 AC_MSG_RESULT(yes)
2431 ],
2432 [AC_MSG_RESULT(no)]
2433 )
2434 fi
2437 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2438 AC_TRY_COMPILE(
2439 [
2440 #include <sys/types.h>
2441 ],
2442 [ u_char foo; foo = 125; ],
2443 [ ac_cv_have_u_char="yes" ],
2444 [ ac_cv_have_u_char="no" ]
2445 )
2446 ])
2447 if test "x$ac_cv_have_u_char" = "xyes" ; then
2448 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2449 fi
2451 TYPE_SOCKLEN_T
2453 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2455 AC_CHECK_TYPES(in_addr_t,,,
2456 [#include <sys/types.h>
2457 #include <netinet/in.h>])
2459 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2460 AC_TRY_COMPILE(
2461 [
2462 #include <sys/types.h>
2463 ],
2464 [ size_t foo; foo = 1235; ],
2465 [ ac_cv_have_size_t="yes" ],
2466 [ ac_cv_have_size_t="no" ]
2467 )
2468 ])
2469 if test "x$ac_cv_have_size_t" = "xyes" ; then
2470 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2471 fi
2473 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2474 AC_TRY_COMPILE(
2475 [
2476 #include <sys/types.h>
2477 ],
2478 [ ssize_t foo; foo = 1235; ],
2479 [ ac_cv_have_ssize_t="yes" ],
2480 [ ac_cv_have_ssize_t="no" ]
2481 )
2482 ])
2483 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2484 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2485 fi
2487 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2488 AC_TRY_COMPILE(
2489 [
2490 #include <time.h>
2491 ],
2492 [ clock_t foo; foo = 1235; ],
2493 [ ac_cv_have_clock_t="yes" ],
2494 [ ac_cv_have_clock_t="no" ]
2495 )
2496 ])
2497 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2498 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2499 fi
2501 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2502 AC_TRY_COMPILE(
2503 [
2504 #include <sys/types.h>
2505 #include <sys/socket.h>
2506 ],
2507 [ sa_family_t foo; foo = 1235; ],
2508 [ ac_cv_have_sa_family_t="yes" ],
2509 [ AC_TRY_COMPILE(
2510 [
2511 #include <sys/types.h>
2512 #include <sys/socket.h>
2513 #include <netinet/in.h>
2514 ],
2515 [ sa_family_t foo; foo = 1235; ],
2516 [ ac_cv_have_sa_family_t="yes" ],
2518 [ ac_cv_have_sa_family_t="no" ]
2519 )]
2520 )
2521 ])
2522 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2523 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2524 [define if you have sa_family_t data type])
2525 fi
2527 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2528 AC_TRY_COMPILE(
2529 [
2530 #include <sys/types.h>
2531 ],
2532 [ pid_t foo; foo = 1235; ],
2533 [ ac_cv_have_pid_t="yes" ],
2534 [ ac_cv_have_pid_t="no" ]
2535 )
2536 ])
2537 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2538 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2539 fi
2541 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2542 AC_TRY_COMPILE(
2543 [
2544 #include <sys/types.h>
2545 ],
2546 [ mode_t foo; foo = 1235; ],
2547 [ ac_cv_have_mode_t="yes" ],
2548 [ ac_cv_have_mode_t="no" ]
2549 )
2550 ])
2551 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2552 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2553 fi
2556 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2557 AC_TRY_COMPILE(
2558 [
2559 #include <sys/types.h>
2560 #include <sys/socket.h>
2561 ],
2562 [ struct sockaddr_storage s; ],
2563 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2564 [ ac_cv_have_struct_sockaddr_storage="no" ]
2565 )
2566 ])
2567 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2568 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2569 [define if you have struct sockaddr_storage data type])
2570 fi
2572 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2573 AC_TRY_COMPILE(
2574 [
2575 #include <sys/types.h>
2576 #include <netinet/in.h>
2577 ],
2578 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2579 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2580 [ ac_cv_have_struct_sockaddr_in6="no" ]
2581 )
2582 ])
2583 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2584 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2585 [define if you have struct sockaddr_in6 data type])
2586 fi
2588 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2589 AC_TRY_COMPILE(
2590 [
2591 #include <sys/types.h>
2592 #include <netinet/in.h>
2593 ],
2594 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2595 [ ac_cv_have_struct_in6_addr="yes" ],
2596 [ ac_cv_have_struct_in6_addr="no" ]
2597 )
2598 ])
2599 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2600 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2601 [define if you have struct in6_addr data type])
2602 fi
2604 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2605 AC_TRY_COMPILE(
2606 [
2607 #include <sys/types.h>
2608 #include <sys/socket.h>
2609 #include <netdb.h>
2610 ],
2611 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2612 [ ac_cv_have_struct_addrinfo="yes" ],
2613 [ ac_cv_have_struct_addrinfo="no" ]
2614 )
2615 ])
2616 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2617 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2618 [define if you have struct addrinfo data type])
2619 fi
2621 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2622 AC_TRY_COMPILE(
2623 [ #include <sys/time.h> ],
2624 [ struct timeval tv; tv.tv_sec = 1;],
2625 [ ac_cv_have_struct_timeval="yes" ],
2626 [ ac_cv_have_struct_timeval="no" ]
2627 )
2628 ])
2629 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2630 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2631 have_struct_timeval=1
2632 fi
2634 AC_CHECK_TYPES(struct timespec)
2636 # We need int64_t or else certian parts of the compile will fail.
2637 if test "x$ac_cv_have_int64_t" = "xno" && \
2638 test "x$ac_cv_sizeof_long_int" != "x8" && \
2639 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2640 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2641 echo "an alternative compiler (I.E., GCC) before continuing."
2642 echo ""
2643 exit 1;
2644 else
2645 dnl test snprintf (broken on SCO w/gcc)
2646 AC_RUN_IFELSE(
2647 [AC_LANG_SOURCE([[
2648 #include <stdio.h>
2649 #include <string.h>
2650 #ifdef HAVE_SNPRINTF
2651 main()
2652 {
2653 char buf[50];
2654 char expected_out[50];
2655 int mazsize = 50 ;
2656 #if (SIZEOF_LONG_INT == 8)
2657 long int num = 0x7fffffffffffffff;
2658 #else
2659 long long num = 0x7fffffffffffffffll;
2660 #endif
2661 strcpy(expected_out, "9223372036854775807");
2662 snprintf(buf, mazsize, "%lld", num);
2663 if(strcmp(buf, expected_out) != 0)
2664 exit(1);
2665 exit(0);
2666 }
2667 #else
2668 main() { exit(0); }
2669 #endif
2670 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2671 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2672 )
2673 fi
2675 dnl Checks for structure members
2676 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2677 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2678 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2679 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2680 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2681 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2682 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2683 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2684 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2685 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2686 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2687 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2688 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2689 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2690 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2691 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2692 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2694 AC_CHECK_MEMBERS([struct stat.st_blksize])
2695 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2696 [Define if we don't have struct __res_state in resolv.h])],
2697 [
2698 #include <stdio.h>
2699 #if HAVE_SYS_TYPES_H
2700 # include <sys/types.h>
2701 #endif
2702 #include <netinet/in.h>
2703 #include <arpa/nameser.h>
2704 #include <resolv.h>
2705 ])
2707 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2708 ac_cv_have_ss_family_in_struct_ss, [
2709 AC_TRY_COMPILE(
2710 [
2711 #include <sys/types.h>
2712 #include <sys/socket.h>
2713 ],
2714 [ struct sockaddr_storage s; s.ss_family = 1; ],
2715 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2716 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2717 )
2718 ])
2719 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2720 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2721 fi
2723 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2724 ac_cv_have___ss_family_in_struct_ss, [
2725 AC_TRY_COMPILE(
2726 [
2727 #include <sys/types.h>
2728 #include <sys/socket.h>
2729 ],
2730 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2731 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2732 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2733 )
2734 ])
2735 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2736 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2737 [Fields in struct sockaddr_storage])
2738 fi
2740 AC_CACHE_CHECK([for pw_class field in struct passwd],
2741 ac_cv_have_pw_class_in_struct_passwd, [
2742 AC_TRY_COMPILE(
2743 [
2744 #include <pwd.h>
2745 ],
2746 [ struct passwd p; p.pw_class = 0; ],
2747 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2748 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2749 )
2750 ])
2751 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2752 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2753 [Define if your password has a pw_class field])
2754 fi
2756 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2757 ac_cv_have_pw_expire_in_struct_passwd, [
2758 AC_TRY_COMPILE(
2759 [
2760 #include <pwd.h>
2761 ],
2762 [ struct passwd p; p.pw_expire = 0; ],
2763 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2764 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2765 )
2766 ])
2767 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2768 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2769 [Define if your password has a pw_expire field])
2770 fi
2772 AC_CACHE_CHECK([for pw_change field in struct passwd],
2773 ac_cv_have_pw_change_in_struct_passwd, [
2774 AC_TRY_COMPILE(
2775 [
2776 #include <pwd.h>
2777 ],
2778 [ struct passwd p; p.pw_change = 0; ],
2779 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2780 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2781 )
2782 ])
2783 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2784 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2785 [Define if your password has a pw_change field])
2786 fi
2788 dnl make sure we're using the real structure members and not defines
2789 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2790 ac_cv_have_accrights_in_msghdr, [
2791 AC_COMPILE_IFELSE(
2792 [
2793 #include <sys/types.h>
2794 #include <sys/socket.h>
2795 #include <sys/uio.h>
2796 int main() {
2797 #ifdef msg_accrights
2798 #error "msg_accrights is a macro"
2799 exit(1);
2800 #endif
2801 struct msghdr m;
2802 m.msg_accrights = 0;
2803 exit(0);
2804 }
2805 ],
2806 [ ac_cv_have_accrights_in_msghdr="yes" ],
2807 [ ac_cv_have_accrights_in_msghdr="no" ]
2808 )
2809 ])
2810 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2811 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2812 [Define if your system uses access rights style
2813 file descriptor passing])
2814 fi
2816 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2817 ac_cv_have_control_in_msghdr, [
2818 AC_COMPILE_IFELSE(
2819 [
2820 #include <sys/types.h>
2821 #include <sys/socket.h>
2822 #include <sys/uio.h>
2823 int main() {
2824 #ifdef msg_control
2825 #error "msg_control is a macro"
2826 exit(1);
2827 #endif
2828 struct msghdr m;
2829 m.msg_control = 0;
2830 exit(0);
2831 }
2832 ],
2833 [ ac_cv_have_control_in_msghdr="yes" ],
2834 [ ac_cv_have_control_in_msghdr="no" ]
2835 )
2836 ])
2837 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2838 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2839 [Define if your system uses ancillary data style
2840 file descriptor passing])
2841 fi
2843 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2844 AC_TRY_LINK([],
2845 [ extern char *__progname; printf("%s", __progname); ],
2846 [ ac_cv_libc_defines___progname="yes" ],
2847 [ ac_cv_libc_defines___progname="no" ]
2848 )
2849 ])
2850 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2851 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2852 fi
2854 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2855 AC_TRY_LINK([
2856 #include <stdio.h>
2857 ],
2858 [ printf("%s", __FUNCTION__); ],
2859 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2860 [ ac_cv_cc_implements___FUNCTION__="no" ]
2861 )
2862 ])
2863 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2864 AC_DEFINE(HAVE___FUNCTION__, 1,
2865 [Define if compiler implements __FUNCTION__])
2866 fi
2868 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2869 AC_TRY_LINK([
2870 #include <stdio.h>
2871 ],
2872 [ printf("%s", __func__); ],
2873 [ ac_cv_cc_implements___func__="yes" ],
2874 [ ac_cv_cc_implements___func__="no" ]
2875 )
2876 ])
2877 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2878 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2879 fi
2881 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2882 AC_TRY_LINK(
2883 [#include <stdarg.h>
2884 va_list x,y;],
2885 [va_copy(x,y);],
2886 [ ac_cv_have_va_copy="yes" ],
2887 [ ac_cv_have_va_copy="no" ]
2888 )
2889 ])
2890 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2891 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2892 fi
2894 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2895 AC_TRY_LINK(
2896 [#include <stdarg.h>
2897 va_list x,y;],
2898 [__va_copy(x,y);],
2899 [ ac_cv_have___va_copy="yes" ],
2900 [ ac_cv_have___va_copy="no" ]
2901 )
2902 ])
2903 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2904 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2905 fi
2907 AC_CACHE_CHECK([whether getopt has optreset support],
2908 ac_cv_have_getopt_optreset, [
2909 AC_TRY_LINK(
2910 [
2911 #include <getopt.h>
2912 ],
2913 [ extern int optreset; optreset = 0; ],
2914 [ ac_cv_have_getopt_optreset="yes" ],
2915 [ ac_cv_have_getopt_optreset="no" ]
2916 )
2917 ])
2918 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2919 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2920 [Define if your getopt(3) defines and uses optreset])
2921 fi
2923 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2924 AC_TRY_LINK([],
2925 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2926 [ ac_cv_libc_defines_sys_errlist="yes" ],
2927 [ ac_cv_libc_defines_sys_errlist="no" ]
2928 )
2929 ])
2930 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2931 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2932 [Define if your system defines sys_errlist[]])
2933 fi
2936 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2937 AC_TRY_LINK([],
2938 [ extern int sys_nerr; printf("%i", sys_nerr);],
2939 [ ac_cv_libc_defines_sys_nerr="yes" ],
2940 [ ac_cv_libc_defines_sys_nerr="no" ]
2941 )
2942 ])
2943 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2944 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2945 fi
2947 SCARD_MSG="no"
2948 # Check whether user wants sectok support
2949 AC_ARG_WITH(sectok,
2950 [ --with-sectok Enable smartcard support using libsectok],
2951 [
2952 if test "x$withval" != "xno" ; then
2953 if test "x$withval" != "xyes" ; then
2954 CPPFLAGS="$CPPFLAGS -I${withval}"
2955 LDFLAGS="$LDFLAGS -L${withval}"
2956 if test ! -z "$need_dash_r" ; then
2957 LDFLAGS="$LDFLAGS -R${withval}"
2958 fi
2959 if test ! -z "$blibpath" ; then
2960 blibpath="$blibpath:${withval}"
2961 fi
2962 fi
2963 AC_CHECK_HEADERS(sectok.h)
2964 if test "$ac_cv_header_sectok_h" != yes; then
2965 AC_MSG_ERROR(Can't find sectok.h)
2966 fi
2967 AC_CHECK_LIB(sectok, sectok_open)
2968 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2969 AC_MSG_ERROR(Can't find libsectok)
2970 fi
2971 AC_DEFINE(SMARTCARD, 1,
2972 [Define if you want smartcard support])
2973 AC_DEFINE(USE_SECTOK, 1,
2974 [Define if you want smartcard support
2975 using sectok])
2976 SCARD_MSG="yes, using sectok"
2977 fi
2978 ]
2979 )
2981 # Check whether user wants OpenSC support
2982 OPENSC_CONFIG="no"
2983 AC_ARG_WITH(opensc,
2984 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2985 [
2986 if test "x$withval" != "xno" ; then
2987 if test "x$withval" != "xyes" ; then
2988 OPENSC_CONFIG=$withval/bin/opensc-config
2989 else
2990 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2991 fi
2992 if test "$OPENSC_CONFIG" != "no"; then
2993 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2994 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2995 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2996 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2997 AC_DEFINE(SMARTCARD)
2998 AC_DEFINE(USE_OPENSC, 1,
2999 [Define if you want smartcard support
3000 using OpenSC])
3001 SCARD_MSG="yes, using OpenSC"
3002 fi
3003 fi
3004 ]
3005 )
3007 # Check libraries needed by DNS fingerprint support
3008 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3009 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3010 [Define if getrrsetbyname() exists])],
3011 [
3012 # Needed by our getrrsetbyname()
3013 AC_SEARCH_LIBS(res_query, resolv)
3014 AC_SEARCH_LIBS(dn_expand, resolv)
3015 AC_MSG_CHECKING(if res_query will link)
3016 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3017 [AC_MSG_RESULT(no)
3018 saved_LIBS="$LIBS"
3019 LIBS="$LIBS -lresolv"
3020 AC_MSG_CHECKING(for res_query in -lresolv)
3021 AC_LINK_IFELSE([
3022 #include <resolv.h>
3023 int main()
3024 {
3025 res_query (0, 0, 0, 0, 0);
3026 return 0;
3027 }
3028 ],
3029 [LIBS="$LIBS -lresolv"
3030 AC_MSG_RESULT(yes)],
3031 [LIBS="$saved_LIBS"
3032 AC_MSG_RESULT(no)])
3033 ])
3034 AC_CHECK_FUNCS(_getshort _getlong)
3035 AC_CHECK_DECLS([_getshort, _getlong], , ,
3036 [#include <sys/types.h>
3037 #include <arpa/nameser.h>])
3038 AC_CHECK_MEMBER(HEADER.ad,
3039 [AC_DEFINE(HAVE_HEADER_AD, 1,
3040 [Define if HEADER.ad exists in arpa/nameser.h])],,
3041 [#include <arpa/nameser.h>])
3042 ])
3044 # Check whether user wants SELinux support
3045 SELINUX_MSG="no"
3046 LIBSELINUX=""
3047 AC_ARG_WITH(selinux,
3048 [ --with-selinux Enable SELinux support],
3049 [ if test "x$withval" != "xno" ; then
3050 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3051 SELINUX_MSG="yes"
3052 AC_CHECK_HEADER([selinux/selinux.h], ,
3053 AC_MSG_ERROR(SELinux support requires selinux.h header))
3054 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3055 AC_MSG_ERROR(SELinux support requires libselinux library))
3056 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3057 fi ]
3058 )
3059 AC_SUBST(LIBSELINUX)
3061 # Check whether user wants Kerberos 5 support
3062 KRB5_MSG="no"
3063 AC_ARG_WITH(kerberos5,
3064 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3065 [ if test "x$withval" != "xno" ; then
3066 if test "x$withval" = "xyes" ; then
3067 KRB5ROOT="/usr/local"
3068 else
3069 KRB5ROOT=${withval}
3070 fi
3072 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3073 KRB5_MSG="yes"
3075 AC_MSG_CHECKING(for krb5-config)
3076 if test -x $KRB5ROOT/bin/krb5-config ; then
3077 KRB5CONF=$KRB5ROOT/bin/krb5-config
3078 AC_MSG_RESULT($KRB5CONF)
3080 AC_MSG_CHECKING(for gssapi support)
3081 if $KRB5CONF | grep gssapi >/dev/null ; then
3082 AC_MSG_RESULT(yes)
3083 AC_DEFINE(GSSAPI, 1,
3084 [Define this if you want GSSAPI
3085 support in the version 2 protocol])
3086 k5confopts=gssapi
3087 else
3088 AC_MSG_RESULT(no)
3089 k5confopts=""
3090 fi
3091 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3092 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3093 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3094 AC_MSG_CHECKING(whether we are using Heimdal)
3095 AC_TRY_COMPILE([ #include <krb5.h> ],
3096 [ char *tmp = heimdal_version; ],
3097 [ AC_MSG_RESULT(yes)
3098 AC_DEFINE(HEIMDAL, 1,
3099 [Define this if you are using the
3100 Heimdal version of Kerberos V5]) ],
3101 AC_MSG_RESULT(no)
3102 )
3103 else
3104 AC_MSG_RESULT(no)
3105 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3106 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3107 AC_MSG_CHECKING(whether we are using Heimdal)
3108 AC_TRY_COMPILE([ #include <krb5.h> ],
3109 [ char *tmp = heimdal_version; ],
3110 [ AC_MSG_RESULT(yes)
3111 AC_DEFINE(HEIMDAL)
3112 K5LIBS="-lkrb5 -ldes"
3113 K5LIBS="$K5LIBS -lcom_err -lasn1"
3114 AC_CHECK_LIB(roken, net_write,
3115 [K5LIBS="$K5LIBS -lroken"])
3116 ],
3117 [ AC_MSG_RESULT(no)
3118 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3119 ]
3120 )
3121 AC_SEARCH_LIBS(dn_expand, resolv)
3123 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3124 [ AC_DEFINE(GSSAPI)
3125 K5LIBS="-lgssapi $K5LIBS" ],
3126 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3127 [ AC_DEFINE(GSSAPI)
3128 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3129 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3130 $K5LIBS)
3131 ],
3132 $K5LIBS)
3134 AC_CHECK_HEADER(gssapi.h, ,
3135 [ unset ac_cv_header_gssapi_h
3136 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3137 AC_CHECK_HEADERS(gssapi.h, ,
3138 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3139 )
3140 ]
3141 )
3143 oldCPP="$CPPFLAGS"
3144 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3145 AC_CHECK_HEADER(gssapi_krb5.h, ,
3146 [ CPPFLAGS="$oldCPP" ])
3148 fi
3149 if test ! -z "$need_dash_r" ; then
3150 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3151 fi
3152 if test ! -z "$blibpath" ; then
3153 blibpath="$blibpath:${KRB5ROOT}/lib"
3154 fi
3156 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3157 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3158 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3160 LIBS="$LIBS $K5LIBS"
3161 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3162 [Define this if you want to use libkafs' AFS support]))
3163 fi
3164 ]
3165 )
3167 # Looking for programs, paths and files
3169 PRIVSEP_PATH=/var/empty
3170 AC_ARG_WITH(privsep-path,
3171 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3172 [
3173 if test -n "$withval" && test "x$withval" != "xno" && \
3174 test "x${withval}" != "xyes"; then
3175 PRIVSEP_PATH=$withval
3176 fi
3177 ]
3178 )
3179 AC_SUBST(PRIVSEP_PATH)
3181 AC_ARG_WITH(xauth,
3182 [ --with-xauth=PATH Specify path to xauth program ],
3183 [
3184 if test -n "$withval" && test "x$withval" != "xno" && \
3185 test "x${withval}" != "xyes"; then
3186 xauth_path=$withval
3187 fi
3188 ],
3189 [
3190 TestPath="$PATH"
3191 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3192 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3193 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3194 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3195 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3196 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3197 xauth_path="/usr/openwin/bin/xauth"
3198 fi
3199 ]
3200 )
3202 STRIP_OPT=-s
3203 AC_ARG_ENABLE(strip,
3204 [ --disable-strip Disable calling strip(1) on install],
3205 [
3206 if test "x$enableval" = "xno" ; then
3207 STRIP_OPT=
3208 fi
3209 ]
3210 )
3211 AC_SUBST(STRIP_OPT)
3213 if test -z "$xauth_path" ; then
3214 XAUTH_PATH="undefined"
3215 AC_SUBST(XAUTH_PATH)
3216 else
3217 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3218 [Define if xauth is found in your path])
3219 XAUTH_PATH=$xauth_path
3220 AC_SUBST(XAUTH_PATH)
3221 fi
3223 # Check for mail directory (last resort if we cannot get it from headers)
3224 if test ! -z "$MAIL" ; then
3225 maildir=`dirname $MAIL`
3226 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3227 [Set this to your mail directory if you don't have maillock.h])
3228 fi
3230 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3231 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3232 disable_ptmx_check=yes
3233 fi
3234 if test -z "$no_dev_ptmx" ; then
3235 if test "x$disable_ptmx_check" != "xyes" ; then
3236 AC_CHECK_FILE("/dev/ptmx",
3237 [
3238 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3239 [Define if you have /dev/ptmx])
3240 have_dev_ptmx=1
3241 ]
3242 )
3243 fi
3244 fi
3246 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3247 AC_CHECK_FILE("/dev/ptc",
3248 [
3249 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3250 [Define if you have /dev/ptc])
3251 have_dev_ptc=1
3252 ]
3253 )
3254 else
3255 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3256 fi
3258 # Options from here on. Some of these are preset by platform above
3259 AC_ARG_WITH(mantype,
3260 [ --with-mantype=man|cat|doc Set man page type],
3261 [
3262 case "$withval" in
3263 man|cat|doc)
3264 MANTYPE=$withval
3265 ;;
3266 *)
3267 AC_MSG_ERROR(invalid man type: $withval)
3268 ;;
3269 esac
3270 ]
3271 )
3272 if test -z "$MANTYPE"; then
3273 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3274 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3275 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3276 MANTYPE=doc
3277 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3278 MANTYPE=man
3279 else
3280 MANTYPE=cat
3281 fi
3282 fi
3283 AC_SUBST(MANTYPE)
3284 if test "$MANTYPE" = "doc"; then
3285 mansubdir=man;
3286 else
3287 mansubdir=$MANTYPE;
3288 fi
3289 AC_SUBST(mansubdir)
3291 # Check whether to enable MD5 passwords
3292 MD5_MSG="no"
3293 AC_ARG_WITH(md5-passwords,
3294 [ --with-md5-passwords Enable use of MD5 passwords],
3295 [
3296 if test "x$withval" != "xno" ; then
3297 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3298 [Define if you want to allow MD5 passwords])
3299 MD5_MSG="yes"
3300 fi
3301 ]
3302 )
3304 # Whether to disable shadow password support
3305 AC_ARG_WITH(shadow,
3306 [ --without-shadow Disable shadow password support],
3307 [
3308 if test "x$withval" = "xno" ; then
3309 AC_DEFINE(DISABLE_SHADOW)
3310 disable_shadow=yes
3311 fi
3312 ]
3313 )
3315 if test -z "$disable_shadow" ; then
3316 AC_MSG_CHECKING([if the systems has expire shadow information])
3317 AC_TRY_COMPILE(
3318 [
3319 #include <sys/types.h>
3320 #include <shadow.h>
3321 struct spwd sp;
3322 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3323 [ sp_expire_available=yes ], []
3324 )
3326 if test "x$sp_expire_available" = "xyes" ; then
3327 AC_MSG_RESULT(yes)
3328 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3329 [Define if you want to use shadow password expire field])
3330 else
3331 AC_MSG_RESULT(no)
3332 fi
3333 fi
3335 # Use ip address instead of hostname in $DISPLAY
3336 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3337 DISPLAY_HACK_MSG="yes"
3338 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3339 [Define if you need to use IP address
3340 instead of hostname in $DISPLAY])
3341 else
3342 DISPLAY_HACK_MSG="no"
3343 AC_ARG_WITH(ipaddr-display,
3344 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3345 [
3346 if test "x$withval" != "xno" ; then
3347 AC_DEFINE(IPADDR_IN_DISPLAY)
3348 DISPLAY_HACK_MSG="yes"
3349 fi
3350 ]
3351 )
3352 fi
3354 # check for /etc/default/login and use it if present.
3355 AC_ARG_ENABLE(etc-default-login,
3356 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3357 [ if test "x$enableval" = "xno"; then
3358 AC_MSG_NOTICE([/etc/default/login handling disabled])
3359 etc_default_login=no
3360 else
3361 etc_default_login=yes
3362 fi ],
3363 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3364 then
3365 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3366 etc_default_login=no
3367 else
3368 etc_default_login=yes
3369 fi ]
3370 )
3372 if test "x$etc_default_login" != "xno"; then
3373 AC_CHECK_FILE("/etc/default/login",
3374 [ external_path_file=/etc/default/login ])
3375 if test "x$external_path_file" = "x/etc/default/login"; then
3376 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3377 [Define if your system has /etc/default/login])
3378 fi
3379 fi
3381 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3382 if test $ac_cv_func_login_getcapbool = "yes" && \
3383 test $ac_cv_header_login_cap_h = "yes" ; then
3384 external_path_file=/etc/login.conf
3385 fi
3387 # Whether to mess with the default path
3388 SERVER_PATH_MSG="(default)"
3389 AC_ARG_WITH(default-path,
3390 [ --with-default-path= Specify default \$PATH environment for server],
3391 [
3392 if test "x$external_path_file" = "x/etc/login.conf" ; then
3393 AC_MSG_WARN([
3394 --with-default-path=PATH has no effect on this system.
3395 Edit /etc/login.conf instead.])
3396 elif test "x$withval" != "xno" ; then
3397 if test ! -z "$external_path_file" ; then
3398 AC_MSG_WARN([
3399 --with-default-path=PATH will only be used if PATH is not defined in
3400 $external_path_file .])
3401 fi
3402 user_path="$withval"
3403 SERVER_PATH_MSG="$withval"
3404 fi
3405 ],
3406 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3407 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3408 else
3409 if test ! -z "$external_path_file" ; then
3410 AC_MSG_WARN([
3411 If PATH is defined in $external_path_file, ensure the path to scp is included,
3412 otherwise scp will not work.])
3413 fi
3414 AC_RUN_IFELSE(
3415 [AC_LANG_SOURCE([[
3416 /* find out what STDPATH is */
3417 #include <stdio.h>
3418 #ifdef HAVE_PATHS_H
3419 # include <paths.h>
3420 #endif
3421 #ifndef _PATH_STDPATH
3422 # ifdef _PATH_USERPATH /* Irix */
3423 # define _PATH_STDPATH _PATH_USERPATH
3424 # else
3425 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3426 # endif
3427 #endif
3428 #include <sys/types.h>
3429 #include <sys/stat.h>
3430 #include <fcntl.h>
3431 #define DATA "conftest.stdpath"
3433 main()
3434 {
3435 FILE *fd;
3436 int rc;
3438 fd = fopen(DATA,"w");
3439 if(fd == NULL)
3440 exit(1);
3442 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3443 exit(1);
3445 exit(0);
3446 }
3447 ]])],
3448 [ user_path=`cat conftest.stdpath` ],
3449 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3450 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3451 )
3452 # make sure $bindir is in USER_PATH so scp will work
3453 t_bindir=`eval echo ${bindir}`
3454 case $t_bindir in
3455 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3456 esac
3457 case $t_bindir in
3458 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3459 esac
3460 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3461 if test $? -ne 0 ; then
3462 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3463 if test $? -ne 0 ; then
3464 user_path=$user_path:$t_bindir
3465 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3466 fi
3467 fi
3468 fi ]
3469 )
3470 if test "x$external_path_file" != "x/etc/login.conf" ; then
3471 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3472 AC_SUBST(user_path)
3473 fi
3475 # Set superuser path separately to user path
3476 AC_ARG_WITH(superuser-path,
3477 [ --with-superuser-path= Specify different path for super-user],
3478 [
3479 if test -n "$withval" && test "x$withval" != "xno" && \
3480 test "x${withval}" != "xyes"; then
3481 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3482 [Define if you want a different $PATH
3483 for the superuser])
3484 superuser_path=$withval
3485 fi
3486 ]
3487 )
3490 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3491 IPV4_IN6_HACK_MSG="no"
3492 AC_ARG_WITH(4in6,
3493 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3494 [
3495 if test "x$withval" != "xno" ; then
3496 AC_MSG_RESULT(yes)
3497 AC_DEFINE(IPV4_IN_IPV6, 1,
3498 [Detect IPv4 in IPv6 mapped addresses
3499 and treat as IPv4])
3500 IPV4_IN6_HACK_MSG="yes"
3501 else
3502 AC_MSG_RESULT(no)
3503 fi
3504 ],[
3505 if test "x$inet6_default_4in6" = "xyes"; then
3506 AC_MSG_RESULT([yes (default)])
3507 AC_DEFINE(IPV4_IN_IPV6)
3508 IPV4_IN6_HACK_MSG="yes"
3509 else
3510 AC_MSG_RESULT([no (default)])
3511 fi
3512 ]
3513 )
3515 # Whether to enable BSD auth support
3516 BSD_AUTH_MSG=no
3517 AC_ARG_WITH(bsd-auth,
3518 [ --with-bsd-auth Enable BSD auth support],
3519 [
3520 if test "x$withval" != "xno" ; then
3521 AC_DEFINE(BSD_AUTH, 1,
3522 [Define if you have BSD auth support])
3523 BSD_AUTH_MSG=yes
3524 fi
3525 ]
3526 )
3528 # Where to place sshd.pid
3529 piddir=/var/run
3530 # make sure the directory exists
3531 if test ! -d $piddir ; then
3532 piddir=`eval echo ${sysconfdir}`
3533 case $piddir in
3534 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3535 esac
3536 fi
3538 AC_ARG_WITH(pid-dir,
3539 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3540 [
3541 if test -n "$withval" && test "x$withval" != "xno" && \
3542 test "x${withval}" != "xyes"; then
3543 piddir=$withval
3544 if test ! -d $piddir ; then
3545 AC_MSG_WARN([** no $piddir directory on this system **])
3546 fi
3547 fi
3548 ]
3549 )
3551 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3552 AC_SUBST(piddir)
3554 dnl allow user to disable some login recording features
3555 AC_ARG_ENABLE(lastlog,
3556 [ --disable-lastlog disable use of lastlog even if detected [no]],
3557 [
3558 if test "x$enableval" = "xno" ; then
3559 AC_DEFINE(DISABLE_LASTLOG)
3560 fi
3561 ]
3562 )
3563 AC_ARG_ENABLE(utmp,
3564 [ --disable-utmp disable use of utmp even if detected [no]],
3565 [
3566 if test "x$enableval" = "xno" ; then
3567 AC_DEFINE(DISABLE_UTMP)
3568 fi
3569 ]
3570 )
3571 AC_ARG_ENABLE(utmpx,
3572 [ --disable-utmpx disable use of utmpx even if detected [no]],
3573 [
3574 if test "x$enableval" = "xno" ; then
3575 AC_DEFINE(DISABLE_UTMPX, 1,
3576 [Define if you don't want to use utmpx])
3577 fi
3578 ]
3579 )
3580 AC_ARG_ENABLE(wtmp,
3581 [ --disable-wtmp disable use of wtmp even if detected [no]],
3582 [
3583 if test "x$enableval" = "xno" ; then
3584 AC_DEFINE(DISABLE_WTMP)
3585 fi
3586 ]
3587 )
3588 AC_ARG_ENABLE(wtmpx,
3589 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3590 [
3591 if test "x$enableval" = "xno" ; then
3592 AC_DEFINE(DISABLE_WTMPX, 1,
3593 [Define if you don't want to use wtmpx])
3594 fi
3595 ]
3596 )
3597 AC_ARG_ENABLE(libutil,
3598 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3599 [
3600 if test "x$enableval" = "xno" ; then
3601 AC_DEFINE(DISABLE_LOGIN)
3602 fi
3603 ]
3604 )
3605 AC_ARG_ENABLE(pututline,
3606 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3607 [
3608 if test "x$enableval" = "xno" ; then
3609 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3610 [Define if you don't want to use pututline()
3611 etc. to write [uw]tmp])
3612 fi
3613 ]
3614 )
3615 AC_ARG_ENABLE(pututxline,
3616 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3617 [
3618 if test "x$enableval" = "xno" ; then
3619 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3620 [Define if you don't want to use pututxline()
3621 etc. to write [uw]tmpx])
3622 fi
3623 ]
3624 )
3625 AC_ARG_WITH(lastlog,
3626 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3627 [
3628 if test "x$withval" = "xno" ; then
3629 AC_DEFINE(DISABLE_LASTLOG)
3630 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3631 conf_lastlog_location=$withval
3632 fi
3633 ]
3634 )
3636 dnl lastlog, [uw]tmpx? detection
3637 dnl NOTE: set the paths in the platform section to avoid the
3638 dnl need for command-line parameters
3639 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3641 dnl lastlog detection
3642 dnl NOTE: the code itself will detect if lastlog is a directory
3643 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3644 AC_TRY_COMPILE([
3645 #include <sys/types.h>
3646 #include <utmp.h>
3647 #ifdef HAVE_LASTLOG_H
3648 # include <lastlog.h>
3649 #endif
3650 #ifdef HAVE_PATHS_H
3651 # include <paths.h>
3652 #endif
3653 #ifdef HAVE_LOGIN_H
3654 # include <login.h>
3655 #endif
3656 ],
3657 [ char *lastlog = LASTLOG_FILE; ],
3658 [ AC_MSG_RESULT(yes) ],
3659 [
3660 AC_MSG_RESULT(no)
3661 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3662 AC_TRY_COMPILE([
3663 #include <sys/types.h>
3664 #include <utmp.h>
3665 #ifdef HAVE_LASTLOG_H
3666 # include <lastlog.h>
3667 #endif
3668 #ifdef HAVE_PATHS_H
3669 # include <paths.h>
3670 #endif
3671 ],
3672 [ char *lastlog = _PATH_LASTLOG; ],
3673 [ AC_MSG_RESULT(yes) ],
3674 [
3675 AC_MSG_RESULT(no)
3676 system_lastlog_path=no
3677 ])
3678 ]
3679 )
3681 if test -z "$conf_lastlog_location"; then
3682 if test x"$system_lastlog_path" = x"no" ; then
3683 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3684 if (test -d "$f" || test -f "$f") ; then
3685 conf_lastlog_location=$f
3686 fi
3687 done
3688 if test -z "$conf_lastlog_location"; then
3689 AC_MSG_WARN([** Cannot find lastlog **])
3690 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3691 fi
3692 fi
3693 fi
3695 if test -n "$conf_lastlog_location"; then
3696 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3697 [Define if you want to specify the path to your lastlog file])
3698 fi
3700 dnl utmp detection
3701 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3702 AC_TRY_COMPILE([
3703 #include <sys/types.h>
3704 #include <utmp.h>
3705 #ifdef HAVE_PATHS_H
3706 # include <paths.h>
3707 #endif
3708 ],
3709 [ char *utmp = UTMP_FILE; ],
3710 [ AC_MSG_RESULT(yes) ],
3711 [ AC_MSG_RESULT(no)
3712 system_utmp_path=no ]
3713 )
3714 if test -z "$conf_utmp_location"; then
3715 if test x"$system_utmp_path" = x"no" ; then
3716 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3717 if test -f $f ; then
3718 conf_utmp_location=$f
3719 fi
3720 done
3721 if test -z "$conf_utmp_location"; then
3722 AC_DEFINE(DISABLE_UTMP)
3723 fi
3724 fi
3725 fi
3726 if test -n "$conf_utmp_location"; then
3727 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3728 [Define if you want to specify the path to your utmp file])
3729 fi
3731 dnl wtmp detection
3732 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3733 AC_TRY_COMPILE([
3734 #include <sys/types.h>
3735 #include <utmp.h>
3736 #ifdef HAVE_PATHS_H
3737 # include <paths.h>
3738 #endif
3739 ],
3740 [ char *wtmp = WTMP_FILE; ],
3741 [ AC_MSG_RESULT(yes) ],
3742 [ AC_MSG_RESULT(no)
3743 system_wtmp_path=no ]
3744 )
3745 if test -z "$conf_wtmp_location"; then
3746 if test x"$system_wtmp_path" = x"no" ; then
3747 for f in /usr/adm/wtmp /var/log/wtmp; do
3748 if test -f $f ; then
3749 conf_wtmp_location=$f
3750 fi
3751 done
3752 if test -z "$conf_wtmp_location"; then
3753 AC_DEFINE(DISABLE_WTMP)
3754 fi
3755 fi
3756 fi
3757 if test -n "$conf_wtmp_location"; then
3758 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3759 [Define if you want to specify the path to your wtmp file])
3760 fi
3763 dnl utmpx detection - I don't know any system so perverse as to require
3764 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3765 dnl there, though.
3766 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3767 AC_TRY_COMPILE([
3768 #include <sys/types.h>
3769 #include <utmp.h>
3770 #ifdef HAVE_UTMPX_H
3771 #include <utmpx.h>
3772 #endif
3773 #ifdef HAVE_PATHS_H
3774 # include <paths.h>
3775 #endif
3776 ],
3777 [ char *utmpx = UTMPX_FILE; ],
3778 [ AC_MSG_RESULT(yes) ],
3779 [ AC_MSG_RESULT(no)
3780 system_utmpx_path=no ]
3781 )
3782 if test -z "$conf_utmpx_location"; then
3783 if test x"$system_utmpx_path" = x"no" ; then
3784 AC_DEFINE(DISABLE_UTMPX)
3785 fi
3786 else
3787 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3788 [Define if you want to specify the path to your utmpx file])
3789 fi
3791 dnl wtmpx detection
3792 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3793 AC_TRY_COMPILE([
3794 #include <sys/types.h>
3795 #include <utmp.h>
3796 #ifdef HAVE_UTMPX_H
3797 #include <utmpx.h>
3798 #endif
3799 #ifdef HAVE_PATHS_H
3800 # include <paths.h>
3801 #endif
3802 ],
3803 [ char *wtmpx = WTMPX_FILE; ],
3804 [ AC_MSG_RESULT(yes) ],
3805 [ AC_MSG_RESULT(no)
3806 system_wtmpx_path=no ]
3807 )
3808 if test -z "$conf_wtmpx_location"; then
3809 if test x"$system_wtmpx_path" = x"no" ; then
3810 AC_DEFINE(DISABLE_WTMPX)
3811 fi
3812 else
3813 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3814 [Define if you want to specify the path to your wtmpx file])
3815 fi
3818 if test ! -z "$blibpath" ; then
3819 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3820 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3821 fi
3823 dnl remove pam and dl because they are in $LIBPAM
3824 if test "$PAM_MSG" = yes ; then
3825 LIBS=`echo $LIBS | sed 's/-lpam //'`
3826 fi
3827 if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3828 LIBS=`echo $LIBS | sed 's/-ldl //'`
3829 fi
3831 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3832 dnl Add now.
3833 CFLAGS="$CFLAGS $werror_flags"
3835 AC_EXEEXT
3836 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3837 openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
3838 AC_OUTPUT
3840 # Print summary of options
3842 # Someone please show me a better way :)
3843 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3844 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3845 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3846 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3847 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3848 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3849 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3850 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3851 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3852 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3854 echo ""
3855 echo "OpenSSH has been configured with the following options:"
3856 echo " User binaries: $B"
3857 echo " System binaries: $C"
3858 echo " Configuration files: $D"
3859 echo " Askpass program: $E"
3860 echo " Manual pages: $F"
3861 echo " PID file: $G"
3862 echo " Privilege separation chroot path: $H"
3863 if test "x$external_path_file" = "x/etc/login.conf" ; then
3864 echo " At runtime, sshd will use the path defined in $external_path_file"
3865 echo " Make sure the path to scp is present, otherwise scp will not work"
3866 else
3867 echo " sshd default user PATH: $I"
3868 if test ! -z "$external_path_file"; then
3869 echo " (If PATH is set in $external_path_file it will be used instead. If"
3870 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3871 fi
3872 fi
3873 if test ! -z "$superuser_path" ; then
3874 echo " sshd superuser user PATH: $J"
3875 fi
3876 echo " Manpage format: $MANTYPE"
3877 echo " PAM support: $PAM_MSG"
3878 echo " KerberosV support: $KRB5_MSG"
3879 echo " SELinux support: $SELINUX_MSG"
3880 echo " Smartcard support: $SCARD_MSG"
3881 echo " S/KEY support: $SKEY_MSG"
3882 echo " TCP Wrappers support: $TCPW_MSG"
3883 echo " MD5 password support: $MD5_MSG"
3884 echo " libedit support: $LIBEDIT_MSG"
3885 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3886 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3887 echo " BSD Auth support: $BSD_AUTH_MSG"
3888 echo " Random number source: $RAND_MSG"
3889 if test ! -z "$USE_RAND_HELPER" ; then
3890 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3891 fi
3893 echo ""
3895 echo " Host: ${host}"
3896 echo " Compiler: ${CC}"
3897 echo " Compiler flags: ${CFLAGS}"
3898 echo "Preprocessor flags: ${CPPFLAGS}"
3899 echo " Linker flags: ${LDFLAGS}"
3900 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3902 echo ""
3904 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3905 echo "SVR4 style packages are supported with \"make package\""
3906 echo ""
3907 fi
3909 if test "x$PAM_MSG" = "xyes" ; then
3910 echo "PAM is enabled. You may need to install a PAM control file "
3911 echo "for sshd, otherwise password authentication may fail. "
3912 echo "Example PAM control files can be found in the contrib/ "
3913 echo "subdirectory"
3914 echo ""
3915 fi
3917 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3918 echo "WARNING: you are using the builtin random number collection "
3919 echo "service. Please read WARNING.RNG and request that your OS "
3920 echo "vendor includes kernel-based random number collection in "
3921 echo "future versions of your OS."
3922 echo ""
3923 fi
3925 if test ! -z "$NO_PEERCHECK" ; then
3926 echo "WARNING: the operating system that you are using does not "
3927 echo "appear to support either the getpeereid() API nor the "
3928 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3929 echo "enforce security checks to prevent unauthorised connections to "
3930 echo "ssh-agent. Their absence increases the risk that a malicious "
3931 echo "user can connect to your agent. "
3932 echo ""
3933 fi
3935 if test "$AUDIT_MODULE" = "bsm" ; then
3936 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
3937 echo "See the Solaris section in README.platform for details."
3938 fi