| blob | cfc5d594a3f79e9666eceb33fd703848761cf074 |
1 # $Id: configure.ac,v 1.364 2006/09/12 11:54:11 djm Exp $
2 #
3 # Copyright (c) 1999-2004 Damien Miller
4 #
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
8 #
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision: 1.364 $)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
22 AC_PROG_CC
23 AC_CANONICAL_HOST
24 AC_C_BIGENDIAN
26 # Checks for programs.
27 AC_PROG_AWK
28 AC_PROG_CPP
29 AC_PROG_RANLIB
30 AC_PROG_INSTALL
31 AC_PROG_EGREP
32 AC_PATH_PROG(AR, ar)
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
37 AC_SUBST(PERL)
38 AC_PATH_PROG(ENT, ent)
39 AC_SUBST(ENT)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43 AC_PATH_PROG(SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
46 dnl for buildpkg.sh
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54 else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56 fi
58 # System features
59 AC_SYS_LARGEFILE
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63 fi
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
70 else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76 fi
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
82 fi
84 if test -z "$LD" ; then
85 LD=$CC
86 fi
87 AC_SUBST(LD)
89 AC_C_INLINE
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
96 case $GCC_VER in
97 1.*) ;;
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99 2.*) ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
102 *) ;;
103 esac
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
111 [have_llong_max=1],
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
114 )
115 fi
116 fi
118 AC_ARG_WITH(rpath,
119 [ --without-rpath Disable auto-added -R linker paths],
120 [
121 if test "x$withval" = "xno" ; then
122 need_dash_r=""
123 fi
124 if test "x$withval" = "xyes" ; then
125 need_dash_r=1
126 fi
127 ]
128 )
130 # Messages for features tested for in target-specific section
131 SIA_MSG="no"
132 SPC_MSG="no"
134 # Check for some target-specific stuff
135 case "$host" in
136 *-*-aix*)
137 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
138 if (test -z "$blibpath"); then
139 blibpath="/usr/lib:/lib"
140 fi
141 saved_LDFLAGS="$LDFLAGS"
142 if test "$GCC" = "yes"; then
143 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
144 else
145 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
146 fi
147 for tryflags in $flags ;do
148 if (test -z "$blibflags"); then
149 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
150 AC_TRY_LINK([], [], [blibflags=$tryflags])
151 fi
152 done
153 if (test -z "$blibflags"); then
154 AC_MSG_RESULT(not found)
155 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
156 else
157 AC_MSG_RESULT($blibflags)
158 fi
159 LDFLAGS="$saved_LDFLAGS"
160 dnl Check for authenticate. Might be in libs.a on older AIXes
161 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
162 [Define if you want to enable AIX4's authenticate function])],
163 [AC_CHECK_LIB(s,authenticate,
164 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
165 LIBS="$LIBS -ls"
166 ])
167 ])
168 dnl Check for various auth function declarations in headers.
169 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
170 passwdexpired, setauthdb], , , [#include <usersec.h>])
171 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
172 AC_CHECK_DECLS(loginfailed,
173 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
174 AC_TRY_COMPILE(
175 [#include <usersec.h>],
176 [(void)loginfailed("user","host","tty",0);],
177 [AC_MSG_RESULT(yes)
178 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
179 [Define if your AIX loginfailed() function
180 takes 4 arguments (AIX >= 5.2)])],
181 [AC_MSG_RESULT(no)]
182 )],
183 [],
184 [#include <usersec.h>]
185 )
186 AC_CHECK_FUNCS(setauthdb)
187 AC_CHECK_DECL(F_CLOSEM,
188 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
189 [],
190 [ #include <limits.h>
191 #include <fcntl.h> ]
192 )
193 check_for_aix_broken_getaddrinfo=1
194 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
195 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
196 [Define if your platform breaks doing a seteuid before a setuid])
197 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
198 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
199 dnl AIX handles lastlog as part of its login message
200 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
201 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
202 [Some systems need a utmpx entry for /bin/login to work])
203 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
204 [Define to a Set Process Title type if your system is
205 supported by bsd-setproctitle.c])
206 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
207 [AIX 5.2 and 5.3 (and presumably newer) require this])
208 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
209 ;;
210 *-*-cygwin*)
211 check_for_libcrypt_later=1
212 LIBS="$LIBS /usr/lib/textmode.o"
213 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
214 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
215 AC_DEFINE(DISABLE_SHADOW, 1,
216 [Define if you want to disable shadow passwords])
217 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
218 [Define if your system choked on IP TOS setting])
219 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
220 [Define if X11 doesn't support AF_UNIX sockets on that system])
221 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
222 [Define if the concept of ports only accessible to
223 superusers isn't known])
224 AC_DEFINE(DISABLE_FD_PASSING, 1,
225 [Define if your platform needs to skip post auth
226 file descriptor passing])
227 ;;
228 *-*-dgux*)
229 AC_DEFINE(IP_TOS_IS_BROKEN)
230 AC_DEFINE(SETEUID_BREAKS_SETUID)
231 AC_DEFINE(BROKEN_SETREUID)
232 AC_DEFINE(BROKEN_SETREGID)
233 ;;
234 *-*-darwin*)
235 AC_MSG_CHECKING(if we have working getaddrinfo)
236 AC_TRY_RUN([#include <mach-o/dyld.h>
237 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
238 exit(0);
239 else
240 exit(1);
241 }], [AC_MSG_RESULT(working)],
242 [AC_MSG_RESULT(buggy)
243 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
244 [AC_MSG_RESULT(assume it is working)])
245 AC_DEFINE(SETEUID_BREAKS_SETUID)
246 AC_DEFINE(BROKEN_SETREUID)
247 AC_DEFINE(BROKEN_SETREGID)
248 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
249 [Define if your resolver libs need this for getrrsetbyname])
250 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
251 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
252 [Use tunnel device compatibility to OpenBSD])
253 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
254 [Prepend the address family to IP tunnel traffic])
255 ;;
256 *-*-dragonfly*)
257 SSHDLIBS="$SSHDLIBS -lcrypt"
258 ;;
259 *-*-hpux*)
260 # first we define all of the options common to all HP-UX releases
261 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
262 IPADDR_IN_DISPLAY=yes
263 AC_DEFINE(USE_PIPES)
264 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
265 [Define if your login program cannot handle end of options ("--")])
266 AC_DEFINE(LOGIN_NEEDS_UTMPX)
267 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
268 [String used in /etc/passwd to denote locked account])
269 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
270 MAIL="/var/mail/username"
271 LIBS="$LIBS -lsec"
272 AC_CHECK_LIB(xnet, t_error, ,
273 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
275 # next, we define all of the options specific to major releases
276 case "$host" in
277 *-*-hpux10*)
278 if test -z "$GCC"; then
279 CFLAGS="$CFLAGS -Ae"
280 fi
281 ;;
282 *-*-hpux11*)
283 AC_DEFINE(PAM_SUN_CODEBASE, 1,
284 [Define if you are using Solaris-derived PAM which
285 passes pam_messages to the conversation function
286 with an extra level of indirection])
287 AC_DEFINE(DISABLE_UTMP, 1,
288 [Define if you don't want to use utmp])
289 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
290 check_for_hpux_broken_getaddrinfo=1
291 check_for_conflicting_getspnam=1
292 ;;
293 esac
295 # lastly, we define options specific to minor releases
296 case "$host" in
297 *-*-hpux10.26)
298 AC_DEFINE(HAVE_SECUREWARE, 1,
299 [Define if you have SecureWare-based
300 protected password database])
301 disable_ptmx_check=yes
302 LIBS="$LIBS -lsecpw"
303 ;;
304 esac
305 ;;
306 *-*-irix5*)
307 PATH="$PATH:/usr/etc"
308 AC_DEFINE(BROKEN_INET_NTOA, 1,
309 [Define if you system's inet_ntoa is busted
310 (e.g. Irix gcc issue)])
311 AC_DEFINE(SETEUID_BREAKS_SETUID)
312 AC_DEFINE(BROKEN_SETREUID)
313 AC_DEFINE(BROKEN_SETREGID)
314 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
315 [Define if you shouldn't strip 'tty' from your
316 ttyname in [uw]tmp])
317 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
318 ;;
319 *-*-irix6*)
320 PATH="$PATH:/usr/etc"
321 AC_DEFINE(WITH_IRIX_ARRAY, 1,
322 [Define if you have/want arrays
323 (cluster-wide session managment, not C arrays)])
324 AC_DEFINE(WITH_IRIX_PROJECT, 1,
325 [Define if you want IRIX project management])
326 AC_DEFINE(WITH_IRIX_AUDIT, 1,
327 [Define if you want IRIX audit trails])
328 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
329 [Define if you want IRIX kernel jobs])])
330 AC_DEFINE(BROKEN_INET_NTOA)
331 AC_DEFINE(SETEUID_BREAKS_SETUID)
332 AC_DEFINE(BROKEN_SETREUID)
333 AC_DEFINE(BROKEN_SETREGID)
334 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
335 AC_DEFINE(WITH_ABBREV_NO_TTY)
336 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
337 ;;
338 *-*-linux*)
339 no_dev_ptmx=1
340 check_for_libcrypt_later=1
341 check_for_openpty_ctty_bug=1
342 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
343 AC_DEFINE(PAM_TTY_KLUDGE, 1,
344 [Work around problematic Linux PAM modules handling of PAM_TTY])
345 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
346 [String used in /etc/passwd to denote locked account])
347 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
348 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
349 [Define to whatever link() returns for "not supported"
350 if it doesn't return EOPNOTSUPP.])
351 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
352 AC_DEFINE(USE_BTMP)
353 inet6_default_4in6=yes
354 case `uname -r` in
355 1.*|2.0.*)
356 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
357 [Define if cmsg_type is not passed correctly])
358 ;;
359 esac
360 # tun(4) forwarding compat code
361 AC_CHECK_HEADERS(linux/if_tun.h)
362 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
363 AC_DEFINE(SSH_TUN_LINUX, 1,
364 [Open tunnel devices the Linux tun/tap way])
365 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
366 [Use tunnel device compatibility to OpenBSD])
367 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
368 [Prepend the address family to IP tunnel traffic])
369 fi
370 ;;
371 mips-sony-bsd|mips-sony-newsos4)
372 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
373 SONY=1
374 ;;
375 *-*-netbsd*)
376 check_for_libcrypt_before=1
377 if test "x$withval" != "xno" ; then
378 need_dash_r=1
379 fi
380 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
381 AC_CHECK_HEADER([net/if_tap.h], ,
382 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
383 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
384 [Prepend the address family to IP tunnel traffic])
385 ;;
386 *-*-freebsd*)
387 check_for_libcrypt_later=1
388 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
389 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
390 AC_CHECK_HEADER([net/if_tap.h], ,
391 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
392 ;;
393 *-*-bsdi*)
394 AC_DEFINE(SETEUID_BREAKS_SETUID)
395 AC_DEFINE(BROKEN_SETREUID)
396 AC_DEFINE(BROKEN_SETREGID)
397 ;;
398 *-next-*)
399 conf_lastlog_location="/usr/adm/lastlog"
400 conf_utmp_location=/etc/utmp
401 conf_wtmp_location=/usr/adm/wtmp
402 MAIL=/usr/spool/mail
403 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
404 AC_DEFINE(BROKEN_REALPATH)
405 AC_DEFINE(USE_PIPES)
406 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
407 ;;
408 *-*-openbsd*)
409 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
410 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
411 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
412 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
413 [syslog_r function is safe to use in in a signal handler])
414 ;;
415 *-*-solaris*)
416 if test "x$withval" != "xno" ; then
417 need_dash_r=1
418 fi
419 AC_DEFINE(PAM_SUN_CODEBASE)
420 AC_DEFINE(LOGIN_NEEDS_UTMPX)
421 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
422 [Some versions of /bin/login need the TERM supplied
423 on the commandline])
424 AC_DEFINE(PAM_TTY_KLUDGE)
425 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
426 [Define if pam_chauthtok wants real uid set
427 to the unpriv'ed user])
428 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
429 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
430 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
431 [Define if sshd somehow reacquires a controlling TTY
432 after setsid()])
433 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
434 in case the name is longer than 8 chars])
435 external_path_file=/etc/default/login
436 # hardwire lastlog location (can't detect it on some versions)
437 conf_lastlog_location="/var/adm/lastlog"
438 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
439 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
440 if test "$sol2ver" -ge 8; then
441 AC_MSG_RESULT(yes)
442 AC_DEFINE(DISABLE_UTMP)
443 AC_DEFINE(DISABLE_WTMP, 1,
444 [Define if you don't want to use wtmp])
445 else
446 AC_MSG_RESULT(no)
447 fi
448 AC_ARG_WITH(solaris-contracts,
449 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
450 [
451 AC_CHECK_LIB(contract, ct_tmpl_activate,
452 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
453 [Define if you have Solaris process contracts])
454 SSHDLIBS="$SSHDLIBS -lcontract"
455 AC_SUBST(SSHDLIBS)
456 SPC_MSG="yes" ], )
457 ],
458 )
459 ;;
460 *-*-sunos4*)
461 CPPFLAGS="$CPPFLAGS -DSUNOS4"
462 AC_CHECK_FUNCS(getpwanam)
463 AC_DEFINE(PAM_SUN_CODEBASE)
464 conf_utmp_location=/etc/utmp
465 conf_wtmp_location=/var/adm/wtmp
466 conf_lastlog_location=/var/adm/lastlog
467 AC_DEFINE(USE_PIPES)
468 ;;
469 *-ncr-sysv*)
470 LIBS="$LIBS -lc89"
471 AC_DEFINE(USE_PIPES)
472 AC_DEFINE(SSHD_ACQUIRES_CTTY)
473 AC_DEFINE(SETEUID_BREAKS_SETUID)
474 AC_DEFINE(BROKEN_SETREUID)
475 AC_DEFINE(BROKEN_SETREGID)
476 ;;
477 *-sni-sysv*)
478 # /usr/ucblib MUST NOT be searched on ReliantUNIX
479 AC_CHECK_LIB(dl, dlsym, ,)
480 # -lresolv needs to be at the end of LIBS or DNS lookups break
481 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
482 IPADDR_IN_DISPLAY=yes
483 AC_DEFINE(USE_PIPES)
484 AC_DEFINE(IP_TOS_IS_BROKEN)
485 AC_DEFINE(SETEUID_BREAKS_SETUID)
486 AC_DEFINE(BROKEN_SETREUID)
487 AC_DEFINE(BROKEN_SETREGID)
488 AC_DEFINE(SSHD_ACQUIRES_CTTY)
489 external_path_file=/etc/default/login
490 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
491 # Attention: always take care to bind libsocket and libnsl before libc,
492 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
493 ;;
494 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
495 *-*-sysv4.2*)
496 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
497 AC_DEFINE(USE_PIPES)
498 AC_DEFINE(SETEUID_BREAKS_SETUID)
499 AC_DEFINE(BROKEN_SETREUID)
500 AC_DEFINE(BROKEN_SETREGID)
501 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
502 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
503 ;;
504 # UnixWare 7.x, OpenUNIX 8
505 *-*-sysv5*)
506 check_for_libcrypt_later=1
507 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
508 AC_DEFINE(USE_PIPES)
509 AC_DEFINE(SETEUID_BREAKS_SETUID)
510 AC_DEFINE(BROKEN_SETREUID)
511 AC_DEFINE(BROKEN_SETREGID)
512 AC_DEFINE(PASSWD_NEEDS_USERNAME)
513 case "$host" in
514 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
515 TEST_SHELL=/u95/bin/sh
516 AC_DEFINE(BROKEN_LIBIAF, 1,
517 [ia_uinfo routines not supported by OS yet])
518 AC_DEFINE(BROKEN_UPDWTMPX)
519 ;;
520 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
521 ;;
522 esac
523 ;;
524 *-*-sysv*)
525 ;;
526 # SCO UNIX and OEM versions of SCO UNIX
527 *-*-sco3.2v4*)
528 AC_MSG_ERROR("This Platform is no longer supported.")
529 ;;
530 # SCO OpenServer 5.x
531 *-*-sco3.2v5*)
532 if test -z "$GCC"; then
533 CFLAGS="$CFLAGS -belf"
534 fi
535 LIBS="$LIBS -lprot -lx -ltinfo -lm"
536 no_dev_ptmx=1
537 AC_DEFINE(USE_PIPES)
538 AC_DEFINE(HAVE_SECUREWARE)
539 AC_DEFINE(DISABLE_SHADOW)
540 AC_DEFINE(DISABLE_FD_PASSING)
541 AC_DEFINE(SETEUID_BREAKS_SETUID)
542 AC_DEFINE(BROKEN_SETREUID)
543 AC_DEFINE(BROKEN_SETREGID)
544 AC_DEFINE(WITH_ABBREV_NO_TTY)
545 AC_DEFINE(BROKEN_UPDWTMPX)
546 AC_DEFINE(PASSWD_NEEDS_USERNAME)
547 AC_CHECK_FUNCS(getluid setluid)
548 MANTYPE=man
549 TEST_SHELL=ksh
550 ;;
551 *-*-unicosmk*)
552 AC_DEFINE(NO_SSH_LASTLOG, 1,
553 [Define if you don't want to use lastlog in session.c])
554 AC_DEFINE(SETEUID_BREAKS_SETUID)
555 AC_DEFINE(BROKEN_SETREUID)
556 AC_DEFINE(BROKEN_SETREGID)
557 AC_DEFINE(USE_PIPES)
558 AC_DEFINE(DISABLE_FD_PASSING)
559 LDFLAGS="$LDFLAGS"
560 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
561 MANTYPE=cat
562 ;;
563 *-*-unicosmp*)
564 AC_DEFINE(SETEUID_BREAKS_SETUID)
565 AC_DEFINE(BROKEN_SETREUID)
566 AC_DEFINE(BROKEN_SETREGID)
567 AC_DEFINE(WITH_ABBREV_NO_TTY)
568 AC_DEFINE(USE_PIPES)
569 AC_DEFINE(DISABLE_FD_PASSING)
570 LDFLAGS="$LDFLAGS"
571 LIBS="$LIBS -lgen -lacid -ldb"
572 MANTYPE=cat
573 ;;
574 *-*-unicos*)
575 AC_DEFINE(SETEUID_BREAKS_SETUID)
576 AC_DEFINE(BROKEN_SETREUID)
577 AC_DEFINE(BROKEN_SETREGID)
578 AC_DEFINE(USE_PIPES)
579 AC_DEFINE(DISABLE_FD_PASSING)
580 AC_DEFINE(NO_SSH_LASTLOG)
581 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
582 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
583 MANTYPE=cat
584 ;;
585 *-dec-osf*)
586 AC_MSG_CHECKING(for Digital Unix SIA)
587 no_osfsia=""
588 AC_ARG_WITH(osfsia,
589 [ --with-osfsia Enable Digital Unix SIA],
590 [
591 if test "x$withval" = "xno" ; then
592 AC_MSG_RESULT(disabled)
593 no_osfsia=1
594 fi
595 ],
596 )
597 if test -z "$no_osfsia" ; then
598 if test -f /etc/sia/matrix.conf; then
599 AC_MSG_RESULT(yes)
600 AC_DEFINE(HAVE_OSF_SIA, 1,
601 [Define if you have Digital Unix Security
602 Integration Architecture])
603 AC_DEFINE(DISABLE_LOGIN, 1,
604 [Define if you don't want to use your
605 system's login() call])
606 AC_DEFINE(DISABLE_FD_PASSING)
607 LIBS="$LIBS -lsecurity -ldb -lm -laud"
608 SIA_MSG="yes"
609 else
610 AC_MSG_RESULT(no)
611 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
612 [String used in /etc/passwd to denote locked account])
613 fi
614 fi
615 AC_DEFINE(BROKEN_GETADDRINFO)
616 AC_DEFINE(SETEUID_BREAKS_SETUID)
617 AC_DEFINE(BROKEN_SETREUID)
618 AC_DEFINE(BROKEN_SETREGID)
619 ;;
621 *-*-nto-qnx*)
622 AC_DEFINE(USE_PIPES)
623 AC_DEFINE(NO_X11_UNIX_SOCKETS)
624 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
625 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
626 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
627 AC_DEFINE(DISABLE_LASTLOG)
628 AC_DEFINE(SSHD_ACQUIRES_CTTY)
629 enable_etc_default_login=no # has incompatible /etc/default/login
630 ;;
632 *-*-ultrix*)
633 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
634 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
635 AC_DEFINE(NEED_SETPGRP)
636 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
637 ;;
639 *-*-lynxos)
640 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
641 AC_DEFINE(MISSING_HOWMANY)
642 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
643 ;;
644 esac
646 # Allow user to specify flags
647 AC_ARG_WITH(cflags,
648 [ --with-cflags Specify additional flags to pass to compiler],
649 [
650 if test -n "$withval" && test "x$withval" != "xno" && \
651 test "x${withval}" != "xyes"; then
652 CFLAGS="$CFLAGS $withval"
653 fi
654 ]
655 )
656 AC_ARG_WITH(cppflags,
657 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
658 [
659 if test -n "$withval" && test "x$withval" != "xno" && \
660 test "x${withval}" != "xyes"; then
661 CPPFLAGS="$CPPFLAGS $withval"
662 fi
663 ]
664 )
665 AC_ARG_WITH(ldflags,
666 [ --with-ldflags Specify additional flags to pass to linker],
667 [
668 if test -n "$withval" && test "x$withval" != "xno" && \
669 test "x${withval}" != "xyes"; then
670 LDFLAGS="$LDFLAGS $withval"
671 fi
672 ]
673 )
674 AC_ARG_WITH(libs,
675 [ --with-libs Specify additional libraries to link with],
676 [
677 if test -n "$withval" && test "x$withval" != "xno" && \
678 test "x${withval}" != "xyes"; then
679 LIBS="$LIBS $withval"
680 fi
681 ]
682 )
683 AC_ARG_WITH(Werror,
684 [ --with-Werror Build main code with -Werror],
685 [
686 if test -n "$withval" && test "x$withval" != "xno"; then
687 werror_flags="-Werror"
688 if test "x${withval}" != "xyes"; then
689 werror_flags="$withval"
690 fi
691 fi
692 ]
693 )
695 AC_MSG_CHECKING(compiler and flags for sanity)
696 AC_RUN_IFELSE(
697 [AC_LANG_SOURCE([
698 #include <stdio.h>
699 int main(){exit(0);}
700 ])],
701 [ AC_MSG_RESULT(yes) ],
702 [
703 AC_MSG_RESULT(no)
704 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
705 ],
706 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
707 )
709 dnl Checks for header files.
710 AC_CHECK_HEADERS( \
711 bstring.h \
712 crypt.h \
713 crypto/sha2.h \
714 dirent.h \
715 endian.h \
716 features.h \
717 fcntl.h \
718 floatingpoint.h \
719 getopt.h \
720 glob.h \
721 ia.h \
722 iaf.h \
723 limits.h \
724 login.h \
725 maillock.h \
726 ndir.h \
727 net/if_tun.h \
728 netdb.h \
729 netgroup.h \
730 pam/pam_appl.h \
731 paths.h \
732 pty.h \
733 readpassphrase.h \
734 rpc/types.h \
735 security/pam_appl.h \
736 sha2.h \
737 shadow.h \
738 stddef.h \
739 stdint.h \
740 string.h \
741 strings.h \
742 sys/audit.h \
743 sys/bitypes.h \
744 sys/bsdtty.h \
745 sys/cdefs.h \
746 sys/dir.h \
747 sys/mman.h \
748 sys/ndir.h \
749 sys/prctl.h \
750 sys/pstat.h \
751 sys/select.h \
752 sys/stat.h \
753 sys/stream.h \
754 sys/stropts.h \
755 sys/strtio.h \
756 sys/sysmacros.h \
757 sys/time.h \
758 sys/timers.h \
759 sys/un.h \
760 time.h \
761 tmpdir.h \
762 ttyent.h \
763 unistd.h \
764 usersec.h \
765 util.h \
766 utime.h \
767 utmp.h \
768 utmpx.h \
769 vis.h \
770 )
772 # lastlog.h requires sys/time.h to be included first on Solaris
773 AC_CHECK_HEADERS(lastlog.h, [], [], [
774 #ifdef HAVE_SYS_TIME_H
775 # include <sys/time.h>
776 #endif
777 ])
779 # sys/ptms.h requires sys/stream.h to be included first on Solaris
780 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
781 #ifdef HAVE_SYS_STREAM_H
782 # include <sys/stream.h>
783 #endif
784 ])
786 # login_cap.h requires sys/types.h on NetBSD
787 AC_CHECK_HEADERS(login_cap.h, [], [], [
788 #include <sys/types.h>
789 ])
791 # Checks for libraries.
792 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
793 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
795 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
796 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
797 AC_CHECK_LIB(gen, dirname,[
798 AC_CACHE_CHECK([for broken dirname],
799 ac_cv_have_broken_dirname, [
800 save_LIBS="$LIBS"
801 LIBS="$LIBS -lgen"
802 AC_RUN_IFELSE(
803 [AC_LANG_SOURCE([[
804 #include <libgen.h>
805 #include <string.h>
807 int main(int argc, char **argv) {
808 char *s, buf[32];
810 strncpy(buf,"/etc", 32);
811 s = dirname(buf);
812 if (!s || strncmp(s, "/", 32) != 0) {
813 exit(1);
814 } else {
815 exit(0);
816 }
817 }
818 ]])],
819 [ ac_cv_have_broken_dirname="no" ],
820 [ ac_cv_have_broken_dirname="yes" ],
821 [ ac_cv_have_broken_dirname="no" ],
822 )
823 LIBS="$save_LIBS"
824 ])
825 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
826 LIBS="$LIBS -lgen"
827 AC_DEFINE(HAVE_DIRNAME)
828 AC_CHECK_HEADERS(libgen.h)
829 fi
830 ])
831 ])
833 AC_CHECK_FUNC(getspnam, ,
834 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
835 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
836 [Define if you have the basename function.]))
838 dnl zlib is required
839 AC_ARG_WITH(zlib,
840 [ --with-zlib=PATH Use zlib in PATH],
841 [ if test "x$withval" = "xno" ; then
842 AC_MSG_ERROR([*** zlib is required ***])
843 elif test "x$withval" != "xyes"; then
844 if test -d "$withval/lib"; then
845 if test -n "${need_dash_r}"; then
846 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
847 else
848 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
849 fi
850 else
851 if test -n "${need_dash_r}"; then
852 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
853 else
854 LDFLAGS="-L${withval} ${LDFLAGS}"
855 fi
856 fi
857 if test -d "$withval/include"; then
858 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
859 else
860 CPPFLAGS="-I${withval} ${CPPFLAGS}"
861 fi
862 fi ]
863 )
865 AC_CHECK_LIB(z, deflate, ,
866 [
867 saved_CPPFLAGS="$CPPFLAGS"
868 saved_LDFLAGS="$LDFLAGS"
869 save_LIBS="$LIBS"
870 dnl Check default zlib install dir
871 if test -n "${need_dash_r}"; then
872 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
873 else
874 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
875 fi
876 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
877 LIBS="$LIBS -lz"
878 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
879 [
880 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
881 ]
882 )
883 ]
884 )
885 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
887 AC_ARG_WITH(zlib-version-check,
888 [ --without-zlib-version-check Disable zlib version check],
889 [ if test "x$withval" = "xno" ; then
890 zlib_check_nonfatal=1
891 fi
892 ]
893 )
895 AC_MSG_CHECKING(for possibly buggy zlib)
896 AC_RUN_IFELSE([AC_LANG_SOURCE([[
897 #include <stdio.h>
898 #include <zlib.h>
899 int main()
900 {
901 int a=0, b=0, c=0, d=0, n, v;
902 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
903 if (n != 3 && n != 4)
904 exit(1);
905 v = a*1000000 + b*10000 + c*100 + d;
906 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
908 /* 1.1.4 is OK */
909 if (a == 1 && b == 1 && c >= 4)
910 exit(0);
912 /* 1.2.3 and up are OK */
913 if (v >= 1020300)
914 exit(0);
916 exit(2);
917 }
918 ]])],
919 AC_MSG_RESULT(no),
920 [ AC_MSG_RESULT(yes)
921 if test -z "$zlib_check_nonfatal" ; then
922 AC_MSG_ERROR([*** zlib too old - check config.log ***
923 Your reported zlib version has known security problems. It's possible your
924 vendor has fixed these problems without changing the version number. If you
925 are sure this is the case, you can disable the check by running
926 "./configure --without-zlib-version-check".
927 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
928 See http://www.gzip.org/zlib/ for details.])
929 else
930 AC_MSG_WARN([zlib version may have security problems])
931 fi
932 ],
933 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
934 )
936 dnl UnixWare 2.x
937 AC_CHECK_FUNC(strcasecmp,
938 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
939 )
940 AC_CHECK_FUNCS(utimes,
941 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
942 LIBS="$LIBS -lc89"]) ]
943 )
945 dnl Checks for libutil functions
946 AC_CHECK_HEADERS(libutil.h)
947 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
948 [Define if your libraries define login()])])
949 AC_CHECK_FUNCS(logout updwtmp logwtmp)
951 AC_FUNC_STRFTIME
953 # Check for ALTDIRFUNC glob() extension
954 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
955 AC_EGREP_CPP(FOUNDIT,
956 [
957 #include <glob.h>
958 #ifdef GLOB_ALTDIRFUNC
959 FOUNDIT
960 #endif
961 ],
962 [
963 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
964 [Define if your system glob() function has
965 the GLOB_ALTDIRFUNC extension])
966 AC_MSG_RESULT(yes)
967 ],
968 [
969 AC_MSG_RESULT(no)
970 ]
971 )
973 # Check for g.gl_matchc glob() extension
974 AC_MSG_CHECKING(for gl_matchc field in glob_t)
975 AC_TRY_COMPILE(
976 [ #include <glob.h> ],
977 [glob_t g; g.gl_matchc = 1;],
978 [
979 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
980 [Define if your system glob() function has
981 gl_matchc options in glob_t])
982 AC_MSG_RESULT(yes)
983 ],
984 [
985 AC_MSG_RESULT(no)
986 ]
987 )
989 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
991 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
992 AC_RUN_IFELSE(
993 [AC_LANG_SOURCE([[
994 #include <sys/types.h>
995 #include <dirent.h>
996 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
997 ]])],
998 [AC_MSG_RESULT(yes)],
999 [
1000 AC_MSG_RESULT(no)
1001 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1002 [Define if your struct dirent expects you to
1003 allocate extra space for d_name])
1004 ],
1005 [
1006 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1007 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1008 ]
1009 )
1011 AC_MSG_CHECKING([for /proc/pid/fd directory])
1012 if test -d "/proc/$$/fd" ; then
1013 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1014 AC_MSG_RESULT(yes)
1015 else
1016 AC_MSG_RESULT(no)
1017 fi
1019 # Check whether user wants S/Key support
1020 SKEY_MSG="no"
1021 AC_ARG_WITH(skey,
1022 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1023 [
1024 if test "x$withval" != "xno" ; then
1026 if test "x$withval" != "xyes" ; then
1027 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1028 LDFLAGS="$LDFLAGS -L${withval}/lib"
1029 fi
1031 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1032 LIBS="-lskey $LIBS"
1033 SKEY_MSG="yes"
1035 AC_MSG_CHECKING([for s/key support])
1036 AC_LINK_IFELSE(
1037 [AC_LANG_SOURCE([[
1038 #include <stdio.h>
1039 #include <skey.h>
1040 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1041 ]])],
1042 [AC_MSG_RESULT(yes)],
1043 [
1044 AC_MSG_RESULT(no)
1045 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1046 ])
1047 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1048 AC_TRY_COMPILE(
1049 [#include <stdio.h>
1050 #include <skey.h>],
1051 [(void)skeychallenge(NULL,"name","",0);],
1052 [AC_MSG_RESULT(yes)
1053 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1054 [Define if your skeychallenge()
1055 function takes 4 arguments (NetBSD)])],
1056 [AC_MSG_RESULT(no)]
1057 )
1058 fi
1059 ]
1060 )
1062 # Check whether user wants TCP wrappers support
1063 TCPW_MSG="no"
1064 AC_ARG_WITH(tcp-wrappers,
1065 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1066 [
1067 if test "x$withval" != "xno" ; then
1068 saved_LIBS="$LIBS"
1069 saved_LDFLAGS="$LDFLAGS"
1070 saved_CPPFLAGS="$CPPFLAGS"
1071 if test -n "${withval}" && \
1072 test "x${withval}" != "xyes"; then
1073 if test -d "${withval}/lib"; then
1074 if test -n "${need_dash_r}"; then
1075 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1076 else
1077 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1078 fi
1079 else
1080 if test -n "${need_dash_r}"; then
1081 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1082 else
1083 LDFLAGS="-L${withval} ${LDFLAGS}"
1084 fi
1085 fi
1086 if test -d "${withval}/include"; then
1087 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1088 else
1089 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1090 fi
1091 fi
1092 LIBWRAP="-lwrap"
1093 LIBS="$LIBWRAP $LIBS"
1094 AC_MSG_CHECKING(for libwrap)
1095 AC_TRY_LINK(
1096 [
1097 #include <sys/types.h>
1098 #include <sys/socket.h>
1099 #include <netinet/in.h>
1100 #include <tcpd.h>
1101 int deny_severity = 0, allow_severity = 0;
1102 ],
1103 [hosts_access(0);],
1104 [
1105 AC_MSG_RESULT(yes)
1106 AC_DEFINE(LIBWRAP, 1,
1107 [Define if you want
1108 TCP Wrappers support])
1109 AC_SUBST(LIBWRAP)
1110 TCPW_MSG="yes"
1111 ],
1112 [
1113 AC_MSG_ERROR([*** libwrap missing])
1114 ]
1115 )
1116 LIBS="$saved_LIBS"
1117 fi
1118 ]
1119 )
1121 # Check whether user wants libedit support
1122 LIBEDIT_MSG="no"
1123 AC_ARG_WITH(libedit,
1124 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1125 [ if test "x$withval" != "xno" ; then
1126 if test "x$withval" != "xyes"; then
1127 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1128 if test -n "${need_dash_r}"; then
1129 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1130 else
1131 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1132 fi
1133 fi
1134 AC_CHECK_LIB(edit, el_init,
1135 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1136 LIBEDIT="-ledit -lcurses"
1137 LIBEDIT_MSG="yes"
1138 AC_SUBST(LIBEDIT)
1139 ],
1140 [ AC_MSG_ERROR(libedit not found) ],
1141 [ -lcurses ]
1142 )
1143 AC_MSG_CHECKING(if libedit version is compatible)
1144 AC_COMPILE_IFELSE(
1145 [AC_LANG_SOURCE([[
1146 #include <histedit.h>
1147 int main(void)
1148 {
1149 int i = H_SETSIZE;
1150 el_init("", NULL, NULL, NULL);
1151 exit(0);
1152 }
1153 ]])],
1154 [ AC_MSG_RESULT(yes) ],
1155 [ AC_MSG_RESULT(no)
1156 AC_MSG_ERROR(libedit version is not compatible) ]
1157 )
1158 fi ]
1159 )
1161 AUDIT_MODULE=none
1162 AC_ARG_WITH(audit,
1163 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1164 [
1165 AC_MSG_CHECKING(for supported audit module)
1166 case "$withval" in
1167 bsm)
1168 AC_MSG_RESULT(bsm)
1169 AUDIT_MODULE=bsm
1170 dnl Checks for headers, libs and functions
1171 AC_CHECK_HEADERS(bsm/audit.h, [],
1172 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1173 [
1174 #ifdef HAVE_TIME_H
1175 # include <time.h>
1176 #endif
1177 ]
1178 )
1179 AC_CHECK_LIB(bsm, getaudit, [],
1180 [AC_MSG_ERROR(BSM enabled and required library not found)])
1181 AC_CHECK_FUNCS(getaudit, [],
1182 [AC_MSG_ERROR(BSM enabled and required function not found)])
1183 # These are optional
1184 AC_CHECK_FUNCS(getaudit_addr)
1185 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1186 ;;
1187 debug)
1188 AUDIT_MODULE=debug
1189 AC_MSG_RESULT(debug)
1190 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1191 ;;
1192 no)
1193 AC_MSG_RESULT(no)
1194 ;;
1195 *)
1196 AC_MSG_ERROR([Unknown audit module $withval])
1197 ;;
1198 esac ]
1199 )
1201 dnl Checks for library functions. Please keep in alphabetical order
1202 AC_CHECK_FUNCS( \
1203 arc4random \
1204 asprintf \
1205 b64_ntop \
1206 __b64_ntop \
1207 b64_pton \
1208 __b64_pton \
1209 bcopy \
1210 bindresvport_sa \
1211 clock \
1212 closefrom \
1213 dirfd \
1214 fchmod \
1215 fchown \
1216 freeaddrinfo \
1217 futimes \
1218 getaddrinfo \
1219 getcwd \
1220 getgrouplist \
1221 getnameinfo \
1222 getopt \
1223 getpeereid \
1224 _getpty \
1225 getrlimit \
1226 getttyent \
1227 glob \
1228 inet_aton \
1229 inet_ntoa \
1230 inet_ntop \
1231 innetgr \
1232 login_getcapbool \
1233 md5_crypt \
1234 memmove \
1235 mkdtemp \
1236 mmap \
1237 ngetaddrinfo \
1238 nsleep \
1239 ogetaddrinfo \
1240 openlog_r \
1241 openpty \
1242 prctl \
1243 pstat \
1244 readpassphrase \
1245 realpath \
1246 recvmsg \
1247 rresvport_af \
1248 sendmsg \
1249 setdtablesize \
1250 setegid \
1251 setenv \
1252 seteuid \
1253 setgroups \
1254 setlogin \
1255 setpcred \
1256 setproctitle \
1257 setregid \
1258 setreuid \
1259 setrlimit \
1260 setsid \
1261 setvbuf \
1262 sigaction \
1263 sigvec \
1264 snprintf \
1265 socketpair \
1266 strdup \
1267 strerror \
1268 strlcat \
1269 strlcpy \
1270 strmode \
1271 strnvis \
1272 strtonum \
1273 strtoll \
1274 strtoul \
1275 sysconf \
1276 tcgetpgrp \
1277 truncate \
1278 unsetenv \
1279 updwtmpx \
1280 vasprintf \
1281 vhangup \
1282 vsnprintf \
1283 waitpid \
1284 )
1286 # IRIX has a const char return value for gai_strerror()
1287 AC_CHECK_FUNCS(gai_strerror,[
1288 AC_DEFINE(HAVE_GAI_STRERROR)
1289 AC_TRY_COMPILE([
1290 #include <sys/types.h>
1291 #include <sys/socket.h>
1292 #include <netdb.h>
1294 const char *gai_strerror(int);],[
1295 char *str;
1297 str = gai_strerror(0);],[
1298 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1299 [Define if gai_strerror() returns const char *])])])
1301 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1302 [Some systems put nanosleep outside of libc]))
1304 dnl Make sure prototypes are defined for these before using them.
1305 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1306 AC_CHECK_DECL(strsep,
1307 [AC_CHECK_FUNCS(strsep)],
1308 [],
1309 [
1310 #ifdef HAVE_STRING_H
1311 # include <string.h>
1312 #endif
1313 ])
1315 dnl tcsendbreak might be a macro
1316 AC_CHECK_DECL(tcsendbreak,
1317 [AC_DEFINE(HAVE_TCSENDBREAK)],
1318 [AC_CHECK_FUNCS(tcsendbreak)],
1319 [#include <termios.h>]
1320 )
1322 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1324 AC_CHECK_DECLS(SHUT_RD, , ,
1325 [
1326 #include <sys/types.h>
1327 #include <sys/socket.h>
1328 ])
1330 AC_CHECK_DECLS(O_NONBLOCK, , ,
1331 [
1332 #include <sys/types.h>
1333 #ifdef HAVE_SYS_STAT_H
1334 # include <sys/stat.h>
1335 #endif
1336 #ifdef HAVE_FCNTL_H
1337 # include <fcntl.h>
1338 #endif
1339 ])
1341 AC_CHECK_DECLS(writev, , , [
1342 #include <sys/types.h>
1343 #include <sys/uio.h>
1344 #include <unistd.h>
1345 ])
1347 AC_CHECK_FUNCS(setresuid, [
1348 dnl Some platorms have setresuid that isn't implemented, test for this
1349 AC_MSG_CHECKING(if setresuid seems to work)
1350 AC_RUN_IFELSE(
1351 [AC_LANG_SOURCE([[
1352 #include <stdlib.h>
1353 #include <errno.h>
1354 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1355 ]])],
1356 [AC_MSG_RESULT(yes)],
1357 [AC_DEFINE(BROKEN_SETRESUID, 1,
1358 [Define if your setresuid() is broken])
1359 AC_MSG_RESULT(not implemented)],
1360 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1361 )
1362 ])
1364 AC_CHECK_FUNCS(setresgid, [
1365 dnl Some platorms have setresgid that isn't implemented, test for this
1366 AC_MSG_CHECKING(if setresgid seems to work)
1367 AC_RUN_IFELSE(
1368 [AC_LANG_SOURCE([[
1369 #include <stdlib.h>
1370 #include <errno.h>
1371 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1372 ]])],
1373 [AC_MSG_RESULT(yes)],
1374 [AC_DEFINE(BROKEN_SETRESGID, 1,
1375 [Define if your setresgid() is broken])
1376 AC_MSG_RESULT(not implemented)],
1377 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1378 )
1379 ])
1381 dnl Checks for time functions
1382 AC_CHECK_FUNCS(gettimeofday time)
1383 dnl Checks for utmp functions
1384 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1385 AC_CHECK_FUNCS(utmpname)
1386 dnl Checks for utmpx functions
1387 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1388 AC_CHECK_FUNCS(setutxent utmpxname)
1390 AC_CHECK_FUNC(daemon,
1391 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1392 [AC_CHECK_LIB(bsd, daemon,
1393 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1394 )
1396 AC_CHECK_FUNC(getpagesize,
1397 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1398 [Define if your libraries define getpagesize()])],
1399 [AC_CHECK_LIB(ucb, getpagesize,
1400 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1401 )
1403 # Check for broken snprintf
1404 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1405 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1406 AC_RUN_IFELSE(
1407 [AC_LANG_SOURCE([[
1408 #include <stdio.h>
1409 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1410 ]])],
1411 [AC_MSG_RESULT(yes)],
1412 [
1413 AC_MSG_RESULT(no)
1414 AC_DEFINE(BROKEN_SNPRINTF, 1,
1415 [Define if your snprintf is busted])
1416 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1417 ],
1418 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1419 )
1420 fi
1422 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1423 # returning the right thing on overflow: the number of characters it tried to
1424 # create (as per SUSv3)
1425 if test "x$ac_cv_func_asprintf" != "xyes" && \
1426 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1427 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1428 AC_RUN_IFELSE(
1429 [AC_LANG_SOURCE([[
1430 #include <sys/types.h>
1431 #include <stdio.h>
1432 #include <stdarg.h>
1434 int x_snprintf(char *str,size_t count,const char *fmt,...)
1435 {
1436 size_t ret; va_list ap;
1437 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1438 return ret;
1439 }
1440 int main(void)
1441 {
1442 char x[1];
1443 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1444 } ]])],
1445 [AC_MSG_RESULT(yes)],
1446 [
1447 AC_MSG_RESULT(no)
1448 AC_DEFINE(BROKEN_SNPRINTF, 1,
1449 [Define if your snprintf is busted])
1450 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1451 ],
1452 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1453 )
1454 fi
1456 # On systems where [v]snprintf is broken, but is declared in stdio,
1457 # check that the fmt argument is const char * or just char *.
1458 # This is only useful for when BROKEN_SNPRINTF
1459 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1460 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1461 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1462 int main(void) { snprintf(0, 0, 0); }
1463 ]])],
1464 [AC_MSG_RESULT(yes)
1465 AC_DEFINE(SNPRINTF_CONST, [const],
1466 [Define as const if snprintf() can declare const char *fmt])],
1467 [AC_MSG_RESULT(no)
1468 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1470 # Check for missing getpeereid (or equiv) support
1471 NO_PEERCHECK=""
1472 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1473 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1474 AC_TRY_COMPILE(
1475 [#include <sys/types.h>
1476 #include <sys/socket.h>],
1477 [int i = SO_PEERCRED;],
1478 [ AC_MSG_RESULT(yes)
1479 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1480 ],
1481 [AC_MSG_RESULT(no)
1482 NO_PEERCHECK=1]
1483 )
1484 fi
1486 dnl see whether mkstemp() requires XXXXXX
1487 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1488 AC_MSG_CHECKING([for (overly) strict mkstemp])
1489 AC_RUN_IFELSE(
1490 [AC_LANG_SOURCE([[
1491 #include <stdlib.h>
1492 main() { char template[]="conftest.mkstemp-test";
1493 if (mkstemp(template) == -1)
1494 exit(1);
1495 unlink(template); exit(0);
1496 }
1497 ]])],
1498 [
1499 AC_MSG_RESULT(no)
1500 ],
1501 [
1502 AC_MSG_RESULT(yes)
1503 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1504 ],
1505 [
1506 AC_MSG_RESULT(yes)
1507 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1508 ]
1509 )
1510 fi
1512 dnl make sure that openpty does not reacquire controlling terminal
1513 if test ! -z "$check_for_openpty_ctty_bug"; then
1514 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1515 AC_RUN_IFELSE(
1516 [AC_LANG_SOURCE([[
1517 #include <stdio.h>
1518 #include <sys/fcntl.h>
1519 #include <sys/types.h>
1520 #include <sys/wait.h>
1522 int
1523 main()
1524 {
1525 pid_t pid;
1526 int fd, ptyfd, ttyfd, status;
1528 pid = fork();
1529 if (pid < 0) { /* failed */
1530 exit(1);
1531 } else if (pid > 0) { /* parent */
1532 waitpid(pid, &status, 0);
1533 if (WIFEXITED(status))
1534 exit(WEXITSTATUS(status));
1535 else
1536 exit(2);
1537 } else { /* child */
1538 close(0); close(1); close(2);
1539 setsid();
1540 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1541 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1542 if (fd >= 0)
1543 exit(3); /* Acquired ctty: broken */
1544 else
1545 exit(0); /* Did not acquire ctty: OK */
1546 }
1547 }
1548 ]])],
1549 [
1550 AC_MSG_RESULT(yes)
1551 ],
1552 [
1553 AC_MSG_RESULT(no)
1554 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1555 ],
1556 [
1557 AC_MSG_RESULT(cross-compiling, assuming yes)
1558 ]
1559 )
1560 fi
1562 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1563 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1564 AC_MSG_CHECKING(if getaddrinfo seems to work)
1565 AC_RUN_IFELSE(
1566 [AC_LANG_SOURCE([[
1567 #include <stdio.h>
1568 #include <sys/socket.h>
1569 #include <netdb.h>
1570 #include <errno.h>
1571 #include <netinet/in.h>
1573 #define TEST_PORT "2222"
1575 int
1576 main(void)
1577 {
1578 int err, sock;
1579 struct addrinfo *gai_ai, *ai, hints;
1580 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1582 memset(&hints, 0, sizeof(hints));
1583 hints.ai_family = PF_UNSPEC;
1584 hints.ai_socktype = SOCK_STREAM;
1585 hints.ai_flags = AI_PASSIVE;
1587 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1588 if (err != 0) {
1589 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1590 exit(1);
1591 }
1593 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1594 if (ai->ai_family != AF_INET6)
1595 continue;
1597 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1598 sizeof(ntop), strport, sizeof(strport),
1599 NI_NUMERICHOST|NI_NUMERICSERV);
1601 if (err != 0) {
1602 if (err == EAI_SYSTEM)
1603 perror("getnameinfo EAI_SYSTEM");
1604 else
1605 fprintf(stderr, "getnameinfo failed: %s\n",
1606 gai_strerror(err));
1607 exit(2);
1608 }
1610 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1611 if (sock < 0)
1612 perror("socket");
1613 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1614 if (errno == EBADF)
1615 exit(3);
1616 }
1617 }
1618 exit(0);
1619 }
1620 ]])],
1621 [
1622 AC_MSG_RESULT(yes)
1623 ],
1624 [
1625 AC_MSG_RESULT(no)
1626 AC_DEFINE(BROKEN_GETADDRINFO)
1627 ],
1628 [
1629 AC_MSG_RESULT(cross-compiling, assuming yes)
1630 ]
1631 )
1632 fi
1634 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1635 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1636 AC_MSG_CHECKING(if getaddrinfo seems to work)
1637 AC_RUN_IFELSE(
1638 [AC_LANG_SOURCE([[
1639 #include <stdio.h>
1640 #include <sys/socket.h>
1641 #include <netdb.h>
1642 #include <errno.h>
1643 #include <netinet/in.h>
1645 #define TEST_PORT "2222"
1647 int
1648 main(void)
1649 {
1650 int err, sock;
1651 struct addrinfo *gai_ai, *ai, hints;
1652 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1654 memset(&hints, 0, sizeof(hints));
1655 hints.ai_family = PF_UNSPEC;
1656 hints.ai_socktype = SOCK_STREAM;
1657 hints.ai_flags = AI_PASSIVE;
1659 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1660 if (err != 0) {
1661 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1662 exit(1);
1663 }
1665 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1666 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1667 continue;
1669 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1670 sizeof(ntop), strport, sizeof(strport),
1671 NI_NUMERICHOST|NI_NUMERICSERV);
1673 if (ai->ai_family == AF_INET && err != 0) {
1674 perror("getnameinfo");
1675 exit(2);
1676 }
1677 }
1678 exit(0);
1679 }
1680 ]])],
1681 [
1682 AC_MSG_RESULT(yes)
1683 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1684 [Define if you have a getaddrinfo that fails
1685 for the all-zeros IPv6 address])
1686 ],
1687 [
1688 AC_MSG_RESULT(no)
1689 AC_DEFINE(BROKEN_GETADDRINFO)
1690 ],
1691 [
1692 AC_MSG_RESULT(cross-compiling, assuming no)
1693 ]
1694 )
1695 fi
1697 if test "x$check_for_conflicting_getspnam" = "x1"; then
1698 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1699 AC_COMPILE_IFELSE(
1700 [
1701 #include <shadow.h>
1702 int main(void) {exit(0);}
1703 ],
1704 [
1705 AC_MSG_RESULT(no)
1706 ],
1707 [
1708 AC_MSG_RESULT(yes)
1709 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1710 [Conflicting defs for getspnam])
1711 ]
1712 )
1713 fi
1715 AC_FUNC_GETPGRP
1717 # Search for OpenSSL
1718 saved_CPPFLAGS="$CPPFLAGS"
1719 saved_LDFLAGS="$LDFLAGS"
1720 AC_ARG_WITH(ssl-dir,
1721 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1722 [
1723 if test "x$withval" != "xno" ; then
1724 case "$withval" in
1725 # Relative paths
1726 ./*|../*) withval="`pwd`/$withval"
1727 esac
1728 if test -d "$withval/lib"; then
1729 if test -n "${need_dash_r}"; then
1730 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1731 else
1732 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1733 fi
1734 else
1735 if test -n "${need_dash_r}"; then
1736 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1737 else
1738 LDFLAGS="-L${withval} ${LDFLAGS}"
1739 fi
1740 fi
1741 if test -d "$withval/include"; then
1742 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1743 else
1744 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1745 fi
1746 fi
1747 ]
1748 )
1749 LIBS="-lcrypto $LIBS"
1750 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1751 [Define if your ssl headers are included
1752 with #include <openssl/header.h>]),
1753 [
1754 dnl Check default openssl install dir
1755 if test -n "${need_dash_r}"; then
1756 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1757 else
1758 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1759 fi
1760 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1761 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1762 [
1763 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1764 ]
1765 )
1766 ]
1767 )
1769 # Determine OpenSSL header version
1770 AC_MSG_CHECKING([OpenSSL header version])
1771 AC_RUN_IFELSE(
1772 [AC_LANG_SOURCE([[
1773 #include <stdio.h>
1774 #include <string.h>
1775 #include <openssl/opensslv.h>
1776 #define DATA "conftest.sslincver"
1777 int main(void) {
1778 FILE *fd;
1779 int rc;
1781 fd = fopen(DATA,"w");
1782 if(fd == NULL)
1783 exit(1);
1785 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1786 exit(1);
1788 exit(0);
1789 }
1790 ]])],
1791 [
1792 ssl_header_ver=`cat conftest.sslincver`
1793 AC_MSG_RESULT($ssl_header_ver)
1794 ],
1795 [
1796 AC_MSG_RESULT(not found)
1797 AC_MSG_ERROR(OpenSSL version header not found.)
1798 ],
1799 [
1800 AC_MSG_WARN([cross compiling: not checking])
1801 ]
1802 )
1804 # Determine OpenSSL library version
1805 AC_MSG_CHECKING([OpenSSL library version])
1806 AC_RUN_IFELSE(
1807 [AC_LANG_SOURCE([[
1808 #include <stdio.h>
1809 #include <string.h>
1810 #include <openssl/opensslv.h>
1811 #include <openssl/crypto.h>
1812 #define DATA "conftest.ssllibver"
1813 int main(void) {
1814 FILE *fd;
1815 int rc;
1817 fd = fopen(DATA,"w");
1818 if(fd == NULL)
1819 exit(1);
1821 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1822 exit(1);
1824 exit(0);
1825 }
1826 ]])],
1827 [
1828 ssl_library_ver=`cat conftest.ssllibver`
1829 AC_MSG_RESULT($ssl_library_ver)
1830 ],
1831 [
1832 AC_MSG_RESULT(not found)
1833 AC_MSG_ERROR(OpenSSL library not found.)
1834 ],
1835 [
1836 AC_MSG_WARN([cross compiling: not checking])
1837 ]
1838 )
1840 # Sanity check OpenSSL headers
1841 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1842 AC_RUN_IFELSE(
1843 [AC_LANG_SOURCE([[
1844 #include <string.h>
1845 #include <openssl/opensslv.h>
1846 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1847 ]])],
1848 [
1849 AC_MSG_RESULT(yes)
1850 ],
1851 [
1852 AC_MSG_RESULT(no)
1853 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1854 Check config.log for details.
1855 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1856 ],
1857 [
1858 AC_MSG_WARN([cross compiling: not checking])
1859 ]
1860 )
1862 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1863 AC_LINK_IFELSE(
1864 [AC_LANG_SOURCE([[
1865 #include <openssl/evp.h>
1866 int main(void) { SSLeay_add_all_algorithms(); }
1867 ]])],
1868 [
1869 AC_MSG_RESULT(yes)
1870 ],
1871 [
1872 AC_MSG_RESULT(no)
1873 saved_LIBS="$LIBS"
1874 LIBS="$LIBS -ldl"
1875 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1876 AC_LINK_IFELSE(
1877 [AC_LANG_SOURCE([[
1878 #include <openssl/evp.h>
1879 int main(void) { SSLeay_add_all_algorithms(); }
1880 ]])],
1881 [
1882 AC_MSG_RESULT(yes)
1883 ],
1884 [
1885 AC_MSG_RESULT(no)
1886 LIBS="$saved_LIBS"
1887 ]
1888 )
1889 ]
1890 )
1892 AC_ARG_WITH(ssl-engine,
1893 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1894 [ if test "x$withval" != "xno" ; then
1895 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1896 AC_TRY_COMPILE(
1897 [ #include <openssl/engine.h>],
1898 [
1899 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1900 ],
1901 [ AC_MSG_RESULT(yes)
1902 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1903 [Enable OpenSSL engine support])
1904 ],
1905 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1906 )
1907 fi ]
1908 )
1910 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1911 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1912 AC_LINK_IFELSE(
1913 [AC_LANG_SOURCE([[
1914 #include <string.h>
1915 #include <openssl/evp.h>
1916 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1917 ]])],
1918 [
1919 AC_MSG_RESULT(no)
1920 ],
1921 [
1922 AC_MSG_RESULT(yes)
1923 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1924 [libcrypto is missing AES 192 and 256 bit functions])
1925 ]
1926 )
1928 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1929 # because the system crypt() is more featureful.
1930 if test "x$check_for_libcrypt_before" = "x1"; then
1931 AC_CHECK_LIB(crypt, crypt)
1932 fi
1934 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1935 # version in OpenSSL.
1936 if test "x$check_for_libcrypt_later" = "x1"; then
1937 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1938 fi
1940 # Search for SHA256 support in libc and/or OpenSSL
1941 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1943 AC_CHECK_LIB(iaf, ia_openinfo)
1945 ### Configure cryptographic random number support
1947 # Check wheter OpenSSL seeds itself
1948 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1949 AC_RUN_IFELSE(
1950 [AC_LANG_SOURCE([[
1951 #include <string.h>
1952 #include <openssl/rand.h>
1953 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1954 ]])],
1955 [
1956 OPENSSL_SEEDS_ITSELF=yes
1957 AC_MSG_RESULT(yes)
1958 ],
1959 [
1960 AC_MSG_RESULT(no)
1961 # Default to use of the rand helper if OpenSSL doesn't
1962 # seed itself
1963 USE_RAND_HELPER=yes
1964 ],
1965 [
1966 AC_MSG_WARN([cross compiling: assuming yes])
1967 # This is safe, since all recent OpenSSL versions will
1968 # complain at runtime if not seeded correctly.
1969 OPENSSL_SEEDS_ITSELF=yes
1970 ]
1971 )
1973 # Check for PAM libs
1974 PAM_MSG="no"
1975 AC_ARG_WITH(pam,
1976 [ --with-pam Enable PAM support ],
1977 [
1978 if test "x$withval" != "xno" ; then
1979 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
1980 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
1981 AC_MSG_ERROR([PAM headers not found])
1982 fi
1984 saved_LIBS="$LIBS"
1985 AC_CHECK_LIB(dl, dlopen, , )
1986 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
1987 AC_CHECK_FUNCS(pam_getenvlist)
1988 AC_CHECK_FUNCS(pam_putenv)
1989 LIBS="$saved_LIBS"
1991 PAM_MSG="yes"
1993 LIBPAM="-lpam"
1994 AC_DEFINE(USE_PAM, 1,
1995 [Define if you want to enable PAM support])
1997 if test $ac_cv_lib_dl_dlopen = yes; then
1998 case "$LIBS" in
1999 *-ldl*)
2000 # libdl already in LIBS
2001 ;;
2002 *)
2003 LIBPAM="$LIBPAM -ldl"
2004 ;;
2005 esac
2006 fi
2007 AC_SUBST(LIBPAM)
2008 fi
2009 ]
2010 )
2012 # Check for older PAM
2013 if test "x$PAM_MSG" = "xyes" ; then
2014 # Check PAM strerror arguments (old PAM)
2015 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2016 AC_TRY_COMPILE(
2017 [
2018 #include <stdlib.h>
2019 #if defined(HAVE_SECURITY_PAM_APPL_H)
2020 #include <security/pam_appl.h>
2021 #elif defined (HAVE_PAM_PAM_APPL_H)
2022 #include <pam/pam_appl.h>
2023 #endif
2024 ],
2025 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2026 [AC_MSG_RESULT(no)],
2027 [
2028 AC_DEFINE(HAVE_OLD_PAM, 1,
2029 [Define if you have an old version of PAM
2030 which takes only one argument to pam_strerror])
2031 AC_MSG_RESULT(yes)
2032 PAM_MSG="yes (old library)"
2033 ]
2034 )
2035 fi
2037 # Do we want to force the use of the rand helper?
2038 AC_ARG_WITH(rand-helper,
2039 [ --with-rand-helper Use subprocess to gather strong randomness ],
2040 [
2041 if test "x$withval" = "xno" ; then
2042 # Force use of OpenSSL's internal RNG, even if
2043 # the previous test showed it to be unseeded.
2044 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2045 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2046 OPENSSL_SEEDS_ITSELF=yes
2047 USE_RAND_HELPER=""
2048 fi
2049 else
2050 USE_RAND_HELPER=yes
2051 fi
2052 ],
2053 )
2055 # Which randomness source do we use?
2056 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2057 # OpenSSL only
2058 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2059 [Define if you want OpenSSL's internally seeded PRNG only])
2060 RAND_MSG="OpenSSL internal ONLY"
2061 INSTALL_SSH_RAND_HELPER=""
2062 elif test ! -z "$USE_RAND_HELPER" ; then
2063 # install rand helper
2064 RAND_MSG="ssh-rand-helper"
2065 INSTALL_SSH_RAND_HELPER="yes"
2066 fi
2067 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2069 ### Configuration of ssh-rand-helper
2071 # PRNGD TCP socket
2072 AC_ARG_WITH(prngd-port,
2073 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2074 [
2075 case "$withval" in
2076 no)
2077 withval=""
2078 ;;
2079 [[0-9]]*)
2080 ;;
2081 *)
2082 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2083 ;;
2084 esac
2085 if test ! -z "$withval" ; then
2086 PRNGD_PORT="$withval"
2087 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2088 [Port number of PRNGD/EGD random number socket])
2089 fi
2090 ]
2091 )
2093 # PRNGD Unix domain socket
2094 AC_ARG_WITH(prngd-socket,
2095 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2096 [
2097 case "$withval" in
2098 yes)
2099 withval="/var/run/egd-pool"
2100 ;;
2101 no)
2102 withval=""
2103 ;;
2104 /*)
2105 ;;
2106 *)
2107 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2108 ;;
2109 esac
2111 if test ! -z "$withval" ; then
2112 if test ! -z "$PRNGD_PORT" ; then
2113 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2114 fi
2115 if test ! -r "$withval" ; then
2116 AC_MSG_WARN(Entropy socket is not readable)
2117 fi
2118 PRNGD_SOCKET="$withval"
2119 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2120 [Location of PRNGD/EGD random number socket])
2121 fi
2122 ],
2123 [
2124 # Check for existing socket only if we don't have a random device already
2125 if test "$USE_RAND_HELPER" = yes ; then
2126 AC_MSG_CHECKING(for PRNGD/EGD socket)
2127 # Insert other locations here
2128 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2129 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2130 PRNGD_SOCKET="$sock"
2131 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2132 break;
2133 fi
2134 done
2135 if test ! -z "$PRNGD_SOCKET" ; then
2136 AC_MSG_RESULT($PRNGD_SOCKET)
2137 else
2138 AC_MSG_RESULT(not found)
2139 fi
2140 fi
2141 ]
2142 )
2144 # Change default command timeout for hashing entropy source
2145 entropy_timeout=200
2146 AC_ARG_WITH(entropy-timeout,
2147 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2148 [
2149 if test -n "$withval" && test "x$withval" != "xno" && \
2150 test "x${withval}" != "xyes"; then
2151 entropy_timeout=$withval
2152 fi
2153 ]
2154 )
2155 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2156 [Builtin PRNG command timeout])
2158 SSH_PRIVSEP_USER=sshd
2159 AC_ARG_WITH(privsep-user,
2160 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2161 [
2162 if test -n "$withval" && test "x$withval" != "xno" && \
2163 test "x${withval}" != "xyes"; then
2164 SSH_PRIVSEP_USER=$withval
2165 fi
2166 ]
2167 )
2168 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2169 [non-privileged user for privilege separation])
2170 AC_SUBST(SSH_PRIVSEP_USER)
2172 # We do this little dance with the search path to insure
2173 # that programs that we select for use by installed programs
2174 # (which may be run by the super-user) come from trusted
2175 # locations before they come from the user's private area.
2176 # This should help avoid accidentally configuring some
2177 # random version of a program in someone's personal bin.
2179 OPATH=$PATH
2180 PATH=/bin:/usr/bin
2181 test -h /bin 2> /dev/null && PATH=/usr/bin
2182 test -d /sbin && PATH=$PATH:/sbin
2183 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2184 PATH=$PATH:/etc:$OPATH
2186 # These programs are used by the command hashing source to gather entropy
2187 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2188 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2189 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2190 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2191 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2192 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2193 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2194 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2195 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2196 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2197 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2198 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2199 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2200 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2201 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2202 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2203 # restore PATH
2204 PATH=$OPATH
2206 # Where does ssh-rand-helper get its randomness from?
2207 INSTALL_SSH_PRNG_CMDS=""
2208 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2209 if test ! -z "$PRNGD_PORT" ; then
2210 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2211 elif test ! -z "$PRNGD_SOCKET" ; then
2212 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2213 else
2214 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2215 RAND_HELPER_CMDHASH=yes
2216 INSTALL_SSH_PRNG_CMDS="yes"
2217 fi
2218 fi
2219 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2222 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2223 if test ! -z "$SONY" ; then
2224 LIBS="$LIBS -liberty";
2225 fi
2227 # Check for long long datatypes
2228 AC_CHECK_TYPES([long long, unsigned long long, long double])
2230 # Check datatype sizes
2231 AC_CHECK_SIZEOF(char, 1)
2232 AC_CHECK_SIZEOF(short int, 2)
2233 AC_CHECK_SIZEOF(int, 4)
2234 AC_CHECK_SIZEOF(long int, 4)
2235 AC_CHECK_SIZEOF(long long int, 8)
2237 # Sanity check long long for some platforms (AIX)
2238 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2239 ac_cv_sizeof_long_long_int=0
2240 fi
2242 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2243 if test -z "$have_llong_max"; then
2244 AC_MSG_CHECKING([for max value of long long])
2245 AC_RUN_IFELSE(
2246 [AC_LANG_SOURCE([[
2247 #include <stdio.h>
2248 /* Why is this so damn hard? */
2249 #ifdef __GNUC__
2250 # undef __GNUC__
2251 #endif
2252 #define __USE_ISOC99
2253 #include <limits.h>
2254 #define DATA "conftest.llminmax"
2255 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2257 /*
2258 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2259 * we do this the hard way.
2260 */
2261 static int
2262 fprint_ll(FILE *f, long long n)
2263 {
2264 unsigned int i;
2265 int l[sizeof(long long) * 8];
2267 if (n < 0)
2268 if (fprintf(f, "-") < 0)
2269 return -1;
2270 for (i = 0; n != 0; i++) {
2271 l[i] = my_abs(n % 10);
2272 n /= 10;
2273 }
2274 do {
2275 if (fprintf(f, "%d", l[--i]) < 0)
2276 return -1;
2277 } while (i != 0);
2278 if (fprintf(f, " ") < 0)
2279 return -1;
2280 return 0;
2281 }
2283 int main(void) {
2284 FILE *f;
2285 long long i, llmin, llmax = 0;
2287 if((f = fopen(DATA,"w")) == NULL)
2288 exit(1);
2290 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2291 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2292 llmin = LLONG_MIN;
2293 llmax = LLONG_MAX;
2294 #else
2295 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2296 /* This will work on one's complement and two's complement */
2297 for (i = 1; i > llmax; i <<= 1, i++)
2298 llmax = i;
2299 llmin = llmax + 1LL; /* wrap */
2300 #endif
2302 /* Sanity check */
2303 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2304 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2305 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2306 fprintf(f, "unknown unknown\n");
2307 exit(2);
2308 }
2310 if (fprint_ll(f, llmin) < 0)
2311 exit(3);
2312 if (fprint_ll(f, llmax) < 0)
2313 exit(4);
2314 if (fclose(f) < 0)
2315 exit(5);
2316 exit(0);
2317 }
2318 ]])],
2319 [
2320 llong_min=`$AWK '{print $1}' conftest.llminmax`
2321 llong_max=`$AWK '{print $2}' conftest.llminmax`
2323 AC_MSG_RESULT($llong_max)
2324 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2325 [max value of long long calculated by configure])
2326 AC_MSG_CHECKING([for min value of long long])
2327 AC_MSG_RESULT($llong_min)
2328 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2329 [min value of long long calculated by configure])
2330 ],
2331 [
2332 AC_MSG_RESULT(not found)
2333 ],
2334 [
2335 AC_MSG_WARN([cross compiling: not checking])
2336 ]
2337 )
2338 fi
2341 # More checks for data types
2342 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2343 AC_TRY_COMPILE(
2344 [ #include <sys/types.h> ],
2345 [ u_int a; a = 1;],
2346 [ ac_cv_have_u_int="yes" ],
2347 [ ac_cv_have_u_int="no" ]
2348 )
2349 ])
2350 if test "x$ac_cv_have_u_int" = "xyes" ; then
2351 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2352 have_u_int=1
2353 fi
2355 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2356 AC_TRY_COMPILE(
2357 [ #include <sys/types.h> ],
2358 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2359 [ ac_cv_have_intxx_t="yes" ],
2360 [ ac_cv_have_intxx_t="no" ]
2361 )
2362 ])
2363 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2364 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2365 have_intxx_t=1
2366 fi
2368 if (test -z "$have_intxx_t" && \
2369 test "x$ac_cv_header_stdint_h" = "xyes")
2370 then
2371 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2372 AC_TRY_COMPILE(
2373 [ #include <stdint.h> ],
2374 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2375 [
2376 AC_DEFINE(HAVE_INTXX_T)
2377 AC_MSG_RESULT(yes)
2378 ],
2379 [ AC_MSG_RESULT(no) ]
2380 )
2381 fi
2383 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2384 AC_TRY_COMPILE(
2385 [
2386 #include <sys/types.h>
2387 #ifdef HAVE_STDINT_H
2388 # include <stdint.h>
2389 #endif
2390 #include <sys/socket.h>
2391 #ifdef HAVE_SYS_BITYPES_H
2392 # include <sys/bitypes.h>
2393 #endif
2394 ],
2395 [ int64_t a; a = 1;],
2396 [ ac_cv_have_int64_t="yes" ],
2397 [ ac_cv_have_int64_t="no" ]
2398 )
2399 ])
2400 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2401 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2402 fi
2404 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2405 AC_TRY_COMPILE(
2406 [ #include <sys/types.h> ],
2407 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2408 [ ac_cv_have_u_intxx_t="yes" ],
2409 [ ac_cv_have_u_intxx_t="no" ]
2410 )
2411 ])
2412 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2413 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2414 have_u_intxx_t=1
2415 fi
2417 if test -z "$have_u_intxx_t" ; then
2418 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2419 AC_TRY_COMPILE(
2420 [ #include <sys/socket.h> ],
2421 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2422 [
2423 AC_DEFINE(HAVE_U_INTXX_T)
2424 AC_MSG_RESULT(yes)
2425 ],
2426 [ AC_MSG_RESULT(no) ]
2427 )
2428 fi
2430 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2431 AC_TRY_COMPILE(
2432 [ #include <sys/types.h> ],
2433 [ u_int64_t a; a = 1;],
2434 [ ac_cv_have_u_int64_t="yes" ],
2435 [ ac_cv_have_u_int64_t="no" ]
2436 )
2437 ])
2438 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2439 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2440 have_u_int64_t=1
2441 fi
2443 if test -z "$have_u_int64_t" ; then
2444 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2445 AC_TRY_COMPILE(
2446 [ #include <sys/bitypes.h> ],
2447 [ u_int64_t a; a = 1],
2448 [
2449 AC_DEFINE(HAVE_U_INT64_T)
2450 AC_MSG_RESULT(yes)
2451 ],
2452 [ AC_MSG_RESULT(no) ]
2453 )
2454 fi
2456 if test -z "$have_u_intxx_t" ; then
2457 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2458 AC_TRY_COMPILE(
2459 [
2460 #include <sys/types.h>
2461 ],
2462 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2463 [ ac_cv_have_uintxx_t="yes" ],
2464 [ ac_cv_have_uintxx_t="no" ]
2465 )
2466 ])
2467 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2468 AC_DEFINE(HAVE_UINTXX_T, 1,
2469 [define if you have uintxx_t data type])
2470 fi
2471 fi
2473 if test -z "$have_uintxx_t" ; then
2474 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2475 AC_TRY_COMPILE(
2476 [ #include <stdint.h> ],
2477 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2478 [
2479 AC_DEFINE(HAVE_UINTXX_T)
2480 AC_MSG_RESULT(yes)
2481 ],
2482 [ AC_MSG_RESULT(no) ]
2483 )
2484 fi
2486 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2487 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2488 then
2489 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2490 AC_TRY_COMPILE(
2491 [
2492 #include <sys/bitypes.h>
2493 ],
2494 [
2495 int8_t a; int16_t b; int32_t c;
2496 u_int8_t e; u_int16_t f; u_int32_t g;
2497 a = b = c = e = f = g = 1;
2498 ],
2499 [
2500 AC_DEFINE(HAVE_U_INTXX_T)
2501 AC_DEFINE(HAVE_INTXX_T)
2502 AC_MSG_RESULT(yes)
2503 ],
2504 [AC_MSG_RESULT(no)]
2505 )
2506 fi
2509 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2510 AC_TRY_COMPILE(
2511 [
2512 #include <sys/types.h>
2513 ],
2514 [ u_char foo; foo = 125; ],
2515 [ ac_cv_have_u_char="yes" ],
2516 [ ac_cv_have_u_char="no" ]
2517 )
2518 ])
2519 if test "x$ac_cv_have_u_char" = "xyes" ; then
2520 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2521 fi
2523 TYPE_SOCKLEN_T
2525 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2527 AC_CHECK_TYPES(in_addr_t,,,
2528 [#include <sys/types.h>
2529 #include <netinet/in.h>])
2531 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2532 AC_TRY_COMPILE(
2533 [
2534 #include <sys/types.h>
2535 ],
2536 [ size_t foo; foo = 1235; ],
2537 [ ac_cv_have_size_t="yes" ],
2538 [ ac_cv_have_size_t="no" ]
2539 )
2540 ])
2541 if test "x$ac_cv_have_size_t" = "xyes" ; then
2542 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2543 fi
2545 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2546 AC_TRY_COMPILE(
2547 [
2548 #include <sys/types.h>
2549 ],
2550 [ ssize_t foo; foo = 1235; ],
2551 [ ac_cv_have_ssize_t="yes" ],
2552 [ ac_cv_have_ssize_t="no" ]
2553 )
2554 ])
2555 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2556 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2557 fi
2559 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2560 AC_TRY_COMPILE(
2561 [
2562 #include <time.h>
2563 ],
2564 [ clock_t foo; foo = 1235; ],
2565 [ ac_cv_have_clock_t="yes" ],
2566 [ ac_cv_have_clock_t="no" ]
2567 )
2568 ])
2569 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2570 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2571 fi
2573 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2574 AC_TRY_COMPILE(
2575 [
2576 #include <sys/types.h>
2577 #include <sys/socket.h>
2578 ],
2579 [ sa_family_t foo; foo = 1235; ],
2580 [ ac_cv_have_sa_family_t="yes" ],
2581 [ AC_TRY_COMPILE(
2582 [
2583 #include <sys/types.h>
2584 #include <sys/socket.h>
2585 #include <netinet/in.h>
2586 ],
2587 [ sa_family_t foo; foo = 1235; ],
2588 [ ac_cv_have_sa_family_t="yes" ],
2590 [ ac_cv_have_sa_family_t="no" ]
2591 )]
2592 )
2593 ])
2594 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2595 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2596 [define if you have sa_family_t data type])
2597 fi
2599 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2600 AC_TRY_COMPILE(
2601 [
2602 #include <sys/types.h>
2603 ],
2604 [ pid_t foo; foo = 1235; ],
2605 [ ac_cv_have_pid_t="yes" ],
2606 [ ac_cv_have_pid_t="no" ]
2607 )
2608 ])
2609 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2610 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2611 fi
2613 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2614 AC_TRY_COMPILE(
2615 [
2616 #include <sys/types.h>
2617 ],
2618 [ mode_t foo; foo = 1235; ],
2619 [ ac_cv_have_mode_t="yes" ],
2620 [ ac_cv_have_mode_t="no" ]
2621 )
2622 ])
2623 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2624 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2625 fi
2628 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2629 AC_TRY_COMPILE(
2630 [
2631 #include <sys/types.h>
2632 #include <sys/socket.h>
2633 ],
2634 [ struct sockaddr_storage s; ],
2635 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2636 [ ac_cv_have_struct_sockaddr_storage="no" ]
2637 )
2638 ])
2639 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2640 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2641 [define if you have struct sockaddr_storage data type])
2642 fi
2644 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2645 AC_TRY_COMPILE(
2646 [
2647 #include <sys/types.h>
2648 #include <netinet/in.h>
2649 ],
2650 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2651 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2652 [ ac_cv_have_struct_sockaddr_in6="no" ]
2653 )
2654 ])
2655 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2656 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2657 [define if you have struct sockaddr_in6 data type])
2658 fi
2660 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2661 AC_TRY_COMPILE(
2662 [
2663 #include <sys/types.h>
2664 #include <netinet/in.h>
2665 ],
2666 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2667 [ ac_cv_have_struct_in6_addr="yes" ],
2668 [ ac_cv_have_struct_in6_addr="no" ]
2669 )
2670 ])
2671 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2672 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2673 [define if you have struct in6_addr data type])
2674 fi
2676 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2677 AC_TRY_COMPILE(
2678 [
2679 #include <sys/types.h>
2680 #include <sys/socket.h>
2681 #include <netdb.h>
2682 ],
2683 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2684 [ ac_cv_have_struct_addrinfo="yes" ],
2685 [ ac_cv_have_struct_addrinfo="no" ]
2686 )
2687 ])
2688 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2689 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2690 [define if you have struct addrinfo data type])
2691 fi
2693 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2694 AC_TRY_COMPILE(
2695 [ #include <sys/time.h> ],
2696 [ struct timeval tv; tv.tv_sec = 1;],
2697 [ ac_cv_have_struct_timeval="yes" ],
2698 [ ac_cv_have_struct_timeval="no" ]
2699 )
2700 ])
2701 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2702 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2703 have_struct_timeval=1
2704 fi
2706 AC_CHECK_TYPES(struct timespec)
2708 # We need int64_t or else certian parts of the compile will fail.
2709 if test "x$ac_cv_have_int64_t" = "xno" && \
2710 test "x$ac_cv_sizeof_long_int" != "x8" && \
2711 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2712 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2713 echo "an alternative compiler (I.E., GCC) before continuing."
2714 echo ""
2715 exit 1;
2716 else
2717 dnl test snprintf (broken on SCO w/gcc)
2718 AC_RUN_IFELSE(
2719 [AC_LANG_SOURCE([[
2720 #include <stdio.h>
2721 #include <string.h>
2722 #ifdef HAVE_SNPRINTF
2723 main()
2724 {
2725 char buf[50];
2726 char expected_out[50];
2727 int mazsize = 50 ;
2728 #if (SIZEOF_LONG_INT == 8)
2729 long int num = 0x7fffffffffffffff;
2730 #else
2731 long long num = 0x7fffffffffffffffll;
2732 #endif
2733 strcpy(expected_out, "9223372036854775807");
2734 snprintf(buf, mazsize, "%lld", num);
2735 if(strcmp(buf, expected_out) != 0)
2736 exit(1);
2737 exit(0);
2738 }
2739 #else
2740 main() { exit(0); }
2741 #endif
2742 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2743 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2744 )
2745 fi
2747 dnl Checks for structure members
2748 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2749 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2750 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2751 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2752 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2753 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2754 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2755 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2756 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2757 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2758 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2759 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2760 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2761 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2762 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2763 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2764 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2766 AC_CHECK_MEMBERS([struct stat.st_blksize])
2767 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2768 [Define if we don't have struct __res_state in resolv.h])],
2769 [
2770 #include <stdio.h>
2771 #if HAVE_SYS_TYPES_H
2772 # include <sys/types.h>
2773 #endif
2774 #include <netinet/in.h>
2775 #include <arpa/nameser.h>
2776 #include <resolv.h>
2777 ])
2779 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2780 ac_cv_have_ss_family_in_struct_ss, [
2781 AC_TRY_COMPILE(
2782 [
2783 #include <sys/types.h>
2784 #include <sys/socket.h>
2785 ],
2786 [ struct sockaddr_storage s; s.ss_family = 1; ],
2787 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2788 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2789 )
2790 ])
2791 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2792 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2793 fi
2795 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2796 ac_cv_have___ss_family_in_struct_ss, [
2797 AC_TRY_COMPILE(
2798 [
2799 #include <sys/types.h>
2800 #include <sys/socket.h>
2801 ],
2802 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2803 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2804 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2805 )
2806 ])
2807 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2808 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2809 [Fields in struct sockaddr_storage])
2810 fi
2812 AC_CACHE_CHECK([for pw_class field in struct passwd],
2813 ac_cv_have_pw_class_in_struct_passwd, [
2814 AC_TRY_COMPILE(
2815 [
2816 #include <pwd.h>
2817 ],
2818 [ struct passwd p; p.pw_class = 0; ],
2819 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2820 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2821 )
2822 ])
2823 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2824 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2825 [Define if your password has a pw_class field])
2826 fi
2828 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2829 ac_cv_have_pw_expire_in_struct_passwd, [
2830 AC_TRY_COMPILE(
2831 [
2832 #include <pwd.h>
2833 ],
2834 [ struct passwd p; p.pw_expire = 0; ],
2835 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2836 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2837 )
2838 ])
2839 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2840 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2841 [Define if your password has a pw_expire field])
2842 fi
2844 AC_CACHE_CHECK([for pw_change field in struct passwd],
2845 ac_cv_have_pw_change_in_struct_passwd, [
2846 AC_TRY_COMPILE(
2847 [
2848 #include <pwd.h>
2849 ],
2850 [ struct passwd p; p.pw_change = 0; ],
2851 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2852 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2853 )
2854 ])
2855 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2856 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2857 [Define if your password has a pw_change field])
2858 fi
2860 dnl make sure we're using the real structure members and not defines
2861 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2862 ac_cv_have_accrights_in_msghdr, [
2863 AC_COMPILE_IFELSE(
2864 [
2865 #include <sys/types.h>
2866 #include <sys/socket.h>
2867 #include <sys/uio.h>
2868 int main() {
2869 #ifdef msg_accrights
2870 #error "msg_accrights is a macro"
2871 exit(1);
2872 #endif
2873 struct msghdr m;
2874 m.msg_accrights = 0;
2875 exit(0);
2876 }
2877 ],
2878 [ ac_cv_have_accrights_in_msghdr="yes" ],
2879 [ ac_cv_have_accrights_in_msghdr="no" ]
2880 )
2881 ])
2882 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2883 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2884 [Define if your system uses access rights style
2885 file descriptor passing])
2886 fi
2888 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2889 ac_cv_have_control_in_msghdr, [
2890 AC_COMPILE_IFELSE(
2891 [
2892 #include <sys/types.h>
2893 #include <sys/socket.h>
2894 #include <sys/uio.h>
2895 int main() {
2896 #ifdef msg_control
2897 #error "msg_control is a macro"
2898 exit(1);
2899 #endif
2900 struct msghdr m;
2901 m.msg_control = 0;
2902 exit(0);
2903 }
2904 ],
2905 [ ac_cv_have_control_in_msghdr="yes" ],
2906 [ ac_cv_have_control_in_msghdr="no" ]
2907 )
2908 ])
2909 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2910 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2911 [Define if your system uses ancillary data style
2912 file descriptor passing])
2913 fi
2915 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2916 AC_TRY_LINK([],
2917 [ extern char *__progname; printf("%s", __progname); ],
2918 [ ac_cv_libc_defines___progname="yes" ],
2919 [ ac_cv_libc_defines___progname="no" ]
2920 )
2921 ])
2922 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2923 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2924 fi
2926 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2927 AC_TRY_LINK([
2928 #include <stdio.h>
2929 ],
2930 [ printf("%s", __FUNCTION__); ],
2931 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2932 [ ac_cv_cc_implements___FUNCTION__="no" ]
2933 )
2934 ])
2935 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2936 AC_DEFINE(HAVE___FUNCTION__, 1,
2937 [Define if compiler implements __FUNCTION__])
2938 fi
2940 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2941 AC_TRY_LINK([
2942 #include <stdio.h>
2943 ],
2944 [ printf("%s", __func__); ],
2945 [ ac_cv_cc_implements___func__="yes" ],
2946 [ ac_cv_cc_implements___func__="no" ]
2947 )
2948 ])
2949 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2950 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2951 fi
2953 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2954 AC_TRY_LINK(
2955 [#include <stdarg.h>
2956 va_list x,y;],
2957 [va_copy(x,y);],
2958 [ ac_cv_have_va_copy="yes" ],
2959 [ ac_cv_have_va_copy="no" ]
2960 )
2961 ])
2962 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2963 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2964 fi
2966 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2967 AC_TRY_LINK(
2968 [#include <stdarg.h>
2969 va_list x,y;],
2970 [__va_copy(x,y);],
2971 [ ac_cv_have___va_copy="yes" ],
2972 [ ac_cv_have___va_copy="no" ]
2973 )
2974 ])
2975 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2976 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2977 fi
2979 AC_CACHE_CHECK([whether getopt has optreset support],
2980 ac_cv_have_getopt_optreset, [
2981 AC_TRY_LINK(
2982 [
2983 #include <getopt.h>
2984 ],
2985 [ extern int optreset; optreset = 0; ],
2986 [ ac_cv_have_getopt_optreset="yes" ],
2987 [ ac_cv_have_getopt_optreset="no" ]
2988 )
2989 ])
2990 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2991 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2992 [Define if your getopt(3) defines and uses optreset])
2993 fi
2995 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2996 AC_TRY_LINK([],
2997 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
2998 [ ac_cv_libc_defines_sys_errlist="yes" ],
2999 [ ac_cv_libc_defines_sys_errlist="no" ]
3000 )
3001 ])
3002 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3003 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3004 [Define if your system defines sys_errlist[]])
3005 fi
3008 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3009 AC_TRY_LINK([],
3010 [ extern int sys_nerr; printf("%i", sys_nerr);],
3011 [ ac_cv_libc_defines_sys_nerr="yes" ],
3012 [ ac_cv_libc_defines_sys_nerr="no" ]
3013 )
3014 ])
3015 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3016 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3017 fi
3019 SCARD_MSG="no"
3020 # Check whether user wants sectok support
3021 AC_ARG_WITH(sectok,
3022 [ --with-sectok Enable smartcard support using libsectok],
3023 [
3024 if test "x$withval" != "xno" ; then
3025 if test "x$withval" != "xyes" ; then
3026 CPPFLAGS="$CPPFLAGS -I${withval}"
3027 LDFLAGS="$LDFLAGS -L${withval}"
3028 if test ! -z "$need_dash_r" ; then
3029 LDFLAGS="$LDFLAGS -R${withval}"
3030 fi
3031 if test ! -z "$blibpath" ; then
3032 blibpath="$blibpath:${withval}"
3033 fi
3034 fi
3035 AC_CHECK_HEADERS(sectok.h)
3036 if test "$ac_cv_header_sectok_h" != yes; then
3037 AC_MSG_ERROR(Can't find sectok.h)
3038 fi
3039 AC_CHECK_LIB(sectok, sectok_open)
3040 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3041 AC_MSG_ERROR(Can't find libsectok)
3042 fi
3043 AC_DEFINE(SMARTCARD, 1,
3044 [Define if you want smartcard support])
3045 AC_DEFINE(USE_SECTOK, 1,
3046 [Define if you want smartcard support
3047 using sectok])
3048 SCARD_MSG="yes, using sectok"
3049 fi
3050 ]
3051 )
3053 # Check whether user wants OpenSC support
3054 OPENSC_CONFIG="no"
3055 AC_ARG_WITH(opensc,
3056 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3057 [
3058 if test "x$withval" != "xno" ; then
3059 if test "x$withval" != "xyes" ; then
3060 OPENSC_CONFIG=$withval/bin/opensc-config
3061 else
3062 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3063 fi
3064 if test "$OPENSC_CONFIG" != "no"; then
3065 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3066 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3067 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3068 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
3069 AC_DEFINE(SMARTCARD)
3070 AC_DEFINE(USE_OPENSC, 1,
3071 [Define if you want smartcard support
3072 using OpenSC])
3073 SCARD_MSG="yes, using OpenSC"
3074 fi
3075 fi
3076 ]
3077 )
3079 # Check libraries needed by DNS fingerprint support
3080 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3081 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3082 [Define if getrrsetbyname() exists])],
3083 [
3084 # Needed by our getrrsetbyname()
3085 AC_SEARCH_LIBS(res_query, resolv)
3086 AC_SEARCH_LIBS(dn_expand, resolv)
3087 AC_MSG_CHECKING(if res_query will link)
3088 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3089 [AC_MSG_RESULT(no)
3090 saved_LIBS="$LIBS"
3091 LIBS="$LIBS -lresolv"
3092 AC_MSG_CHECKING(for res_query in -lresolv)
3093 AC_LINK_IFELSE([
3094 #include <resolv.h>
3095 int main()
3096 {
3097 res_query (0, 0, 0, 0, 0);
3098 return 0;
3099 }
3100 ],
3101 [LIBS="$LIBS -lresolv"
3102 AC_MSG_RESULT(yes)],
3103 [LIBS="$saved_LIBS"
3104 AC_MSG_RESULT(no)])
3105 ])
3106 AC_CHECK_FUNCS(_getshort _getlong)
3107 AC_CHECK_DECLS([_getshort, _getlong], , ,
3108 [#include <sys/types.h>
3109 #include <arpa/nameser.h>])
3110 AC_CHECK_MEMBER(HEADER.ad,
3111 [AC_DEFINE(HAVE_HEADER_AD, 1,
3112 [Define if HEADER.ad exists in arpa/nameser.h])],,
3113 [#include <arpa/nameser.h>])
3114 ])
3116 # Check whether user wants SELinux support
3117 SELINUX_MSG="no"
3118 LIBSELINUX=""
3119 AC_ARG_WITH(selinux,
3120 [ --with-selinux Enable SELinux support],
3121 [ if test "x$withval" != "xno" ; then
3122 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3123 SELINUX_MSG="yes"
3124 AC_CHECK_HEADER([selinux/selinux.h], ,
3125 AC_MSG_ERROR(SELinux support requires selinux.h header))
3126 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3127 AC_MSG_ERROR(SELinux support requires libselinux library))
3128 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3129 fi ]
3130 )
3131 AC_SUBST(LIBSELINUX)
3133 # Check whether user wants Kerberos 5 support
3134 KRB5_MSG="no"
3135 AC_ARG_WITH(kerberos5,
3136 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3137 [ if test "x$withval" != "xno" ; then
3138 if test "x$withval" = "xyes" ; then
3139 KRB5ROOT="/usr/local"
3140 else
3141 KRB5ROOT=${withval}
3142 fi
3144 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3145 KRB5_MSG="yes"
3147 AC_MSG_CHECKING(for krb5-config)
3148 if test -x $KRB5ROOT/bin/krb5-config ; then
3149 KRB5CONF=$KRB5ROOT/bin/krb5-config
3150 AC_MSG_RESULT($KRB5CONF)
3152 AC_MSG_CHECKING(for gssapi support)
3153 if $KRB5CONF | grep gssapi >/dev/null ; then
3154 AC_MSG_RESULT(yes)
3155 AC_DEFINE(GSSAPI, 1,
3156 [Define this if you want GSSAPI
3157 support in the version 2 protocol])
3158 k5confopts=gssapi
3159 else
3160 AC_MSG_RESULT(no)
3161 k5confopts=""
3162 fi
3163 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3164 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3165 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3166 AC_MSG_CHECKING(whether we are using Heimdal)
3167 AC_TRY_COMPILE([ #include <krb5.h> ],
3168 [ char *tmp = heimdal_version; ],
3169 [ AC_MSG_RESULT(yes)
3170 AC_DEFINE(HEIMDAL, 1,
3171 [Define this if you are using the
3172 Heimdal version of Kerberos V5]) ],
3173 AC_MSG_RESULT(no)
3174 )
3175 else
3176 AC_MSG_RESULT(no)
3177 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3178 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3179 AC_MSG_CHECKING(whether we are using Heimdal)
3180 AC_TRY_COMPILE([ #include <krb5.h> ],
3181 [ char *tmp = heimdal_version; ],
3182 [ AC_MSG_RESULT(yes)
3183 AC_DEFINE(HEIMDAL)
3184 K5LIBS="-lkrb5 -ldes"
3185 K5LIBS="$K5LIBS -lcom_err -lasn1"
3186 AC_CHECK_LIB(roken, net_write,
3187 [K5LIBS="$K5LIBS -lroken"])
3188 ],
3189 [ AC_MSG_RESULT(no)
3190 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3191 ]
3192 )
3193 AC_SEARCH_LIBS(dn_expand, resolv)
3195 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3196 [ AC_DEFINE(GSSAPI)
3197 K5LIBS="-lgssapi $K5LIBS" ],
3198 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3199 [ AC_DEFINE(GSSAPI)
3200 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3201 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3202 $K5LIBS)
3203 ],
3204 $K5LIBS)
3206 AC_CHECK_HEADER(gssapi.h, ,
3207 [ unset ac_cv_header_gssapi_h
3208 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3209 AC_CHECK_HEADERS(gssapi.h, ,
3210 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3211 )
3212 ]
3213 )
3215 oldCPP="$CPPFLAGS"
3216 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3217 AC_CHECK_HEADER(gssapi_krb5.h, ,
3218 [ CPPFLAGS="$oldCPP" ])
3220 fi
3221 if test ! -z "$need_dash_r" ; then
3222 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3223 fi
3224 if test ! -z "$blibpath" ; then
3225 blibpath="$blibpath:${KRB5ROOT}/lib"
3226 fi
3228 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3229 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3230 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3232 LIBS="$LIBS $K5LIBS"
3233 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3234 [Define this if you want to use libkafs' AFS support]))
3235 fi
3236 ]
3237 )
3239 # Looking for programs, paths and files
3241 PRIVSEP_PATH=/var/empty
3242 AC_ARG_WITH(privsep-path,
3243 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3244 [
3245 if test -n "$withval" && test "x$withval" != "xno" && \
3246 test "x${withval}" != "xyes"; then
3247 PRIVSEP_PATH=$withval
3248 fi
3249 ]
3250 )
3251 AC_SUBST(PRIVSEP_PATH)
3253 AC_ARG_WITH(xauth,
3254 [ --with-xauth=PATH Specify path to xauth program ],
3255 [
3256 if test -n "$withval" && test "x$withval" != "xno" && \
3257 test "x${withval}" != "xyes"; then
3258 xauth_path=$withval
3259 fi
3260 ],
3261 [
3262 TestPath="$PATH"
3263 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3264 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3265 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3266 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3267 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3268 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3269 xauth_path="/usr/openwin/bin/xauth"
3270 fi
3271 ]
3272 )
3274 STRIP_OPT=-s
3275 AC_ARG_ENABLE(strip,
3276 [ --disable-strip Disable calling strip(1) on install],
3277 [
3278 if test "x$enableval" = "xno" ; then
3279 STRIP_OPT=
3280 fi
3281 ]
3282 )
3283 AC_SUBST(STRIP_OPT)
3285 if test -z "$xauth_path" ; then
3286 XAUTH_PATH="undefined"
3287 AC_SUBST(XAUTH_PATH)
3288 else
3289 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3290 [Define if xauth is found in your path])
3291 XAUTH_PATH=$xauth_path
3292 AC_SUBST(XAUTH_PATH)
3293 fi
3295 # Check for mail directory (last resort if we cannot get it from headers)
3296 if test ! -z "$MAIL" ; then
3297 maildir=`dirname $MAIL`
3298 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3299 [Set this to your mail directory if you don't have maillock.h])
3300 fi
3302 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3303 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3304 disable_ptmx_check=yes
3305 fi
3306 if test -z "$no_dev_ptmx" ; then
3307 if test "x$disable_ptmx_check" != "xyes" ; then
3308 AC_CHECK_FILE("/dev/ptmx",
3309 [
3310 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3311 [Define if you have /dev/ptmx])
3312 have_dev_ptmx=1
3313 ]
3314 )
3315 fi
3316 fi
3318 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3319 AC_CHECK_FILE("/dev/ptc",
3320 [
3321 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3322 [Define if you have /dev/ptc])
3323 have_dev_ptc=1
3324 ]
3325 )
3326 else
3327 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3328 fi
3330 # Options from here on. Some of these are preset by platform above
3331 AC_ARG_WITH(mantype,
3332 [ --with-mantype=man|cat|doc Set man page type],
3333 [
3334 case "$withval" in
3335 man|cat|doc)
3336 MANTYPE=$withval
3337 ;;
3338 *)
3339 AC_MSG_ERROR(invalid man type: $withval)
3340 ;;
3341 esac
3342 ]
3343 )
3344 if test -z "$MANTYPE"; then
3345 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3346 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3347 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3348 MANTYPE=doc
3349 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3350 MANTYPE=man
3351 else
3352 MANTYPE=cat
3353 fi
3354 fi
3355 AC_SUBST(MANTYPE)
3356 if test "$MANTYPE" = "doc"; then
3357 mansubdir=man;
3358 else
3359 mansubdir=$MANTYPE;
3360 fi
3361 AC_SUBST(mansubdir)
3363 # Check whether to enable MD5 passwords
3364 MD5_MSG="no"
3365 AC_ARG_WITH(md5-passwords,
3366 [ --with-md5-passwords Enable use of MD5 passwords],
3367 [
3368 if test "x$withval" != "xno" ; then
3369 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3370 [Define if you want to allow MD5 passwords])
3371 MD5_MSG="yes"
3372 fi
3373 ]
3374 )
3376 # Whether to disable shadow password support
3377 AC_ARG_WITH(shadow,
3378 [ --without-shadow Disable shadow password support],
3379 [
3380 if test "x$withval" = "xno" ; then
3381 AC_DEFINE(DISABLE_SHADOW)
3382 disable_shadow=yes
3383 fi
3384 ]
3385 )
3387 if test -z "$disable_shadow" ; then
3388 AC_MSG_CHECKING([if the systems has expire shadow information])
3389 AC_TRY_COMPILE(
3390 [
3391 #include <sys/types.h>
3392 #include <shadow.h>
3393 struct spwd sp;
3394 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3395 [ sp_expire_available=yes ], []
3396 )
3398 if test "x$sp_expire_available" = "xyes" ; then
3399 AC_MSG_RESULT(yes)
3400 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3401 [Define if you want to use shadow password expire field])
3402 else
3403 AC_MSG_RESULT(no)
3404 fi
3405 fi
3407 # Use ip address instead of hostname in $DISPLAY
3408 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3409 DISPLAY_HACK_MSG="yes"
3410 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3411 [Define if you need to use IP address
3412 instead of hostname in $DISPLAY])
3413 else
3414 DISPLAY_HACK_MSG="no"
3415 AC_ARG_WITH(ipaddr-display,
3416 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3417 [
3418 if test "x$withval" != "xno" ; then
3419 AC_DEFINE(IPADDR_IN_DISPLAY)
3420 DISPLAY_HACK_MSG="yes"
3421 fi
3422 ]
3423 )
3424 fi
3426 # check for /etc/default/login and use it if present.
3427 AC_ARG_ENABLE(etc-default-login,
3428 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3429 [ if test "x$enableval" = "xno"; then
3430 AC_MSG_NOTICE([/etc/default/login handling disabled])
3431 etc_default_login=no
3432 else
3433 etc_default_login=yes
3434 fi ],
3435 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3436 then
3437 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3438 etc_default_login=no
3439 else
3440 etc_default_login=yes
3441 fi ]
3442 )
3444 if test "x$etc_default_login" != "xno"; then
3445 AC_CHECK_FILE("/etc/default/login",
3446 [ external_path_file=/etc/default/login ])
3447 if test "x$external_path_file" = "x/etc/default/login"; then
3448 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3449 [Define if your system has /etc/default/login])
3450 fi
3451 fi
3453 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3454 if test $ac_cv_func_login_getcapbool = "yes" && \
3455 test $ac_cv_header_login_cap_h = "yes" ; then
3456 external_path_file=/etc/login.conf
3457 fi
3459 # Whether to mess with the default path
3460 SERVER_PATH_MSG="(default)"
3461 AC_ARG_WITH(default-path,
3462 [ --with-default-path= Specify default \$PATH environment for server],
3463 [
3464 if test "x$external_path_file" = "x/etc/login.conf" ; then
3465 AC_MSG_WARN([
3466 --with-default-path=PATH has no effect on this system.
3467 Edit /etc/login.conf instead.])
3468 elif test "x$withval" != "xno" ; then
3469 if test ! -z "$external_path_file" ; then
3470 AC_MSG_WARN([
3471 --with-default-path=PATH will only be used if PATH is not defined in
3472 $external_path_file .])
3473 fi
3474 user_path="$withval"
3475 SERVER_PATH_MSG="$withval"
3476 fi
3477 ],
3478 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3479 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3480 else
3481 if test ! -z "$external_path_file" ; then
3482 AC_MSG_WARN([
3483 If PATH is defined in $external_path_file, ensure the path to scp is included,
3484 otherwise scp will not work.])
3485 fi
3486 AC_RUN_IFELSE(
3487 [AC_LANG_SOURCE([[
3488 /* find out what STDPATH is */
3489 #include <stdio.h>
3490 #ifdef HAVE_PATHS_H
3491 # include <paths.h>
3492 #endif
3493 #ifndef _PATH_STDPATH
3494 # ifdef _PATH_USERPATH /* Irix */
3495 # define _PATH_STDPATH _PATH_USERPATH
3496 # else
3497 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3498 # endif
3499 #endif
3500 #include <sys/types.h>
3501 #include <sys/stat.h>
3502 #include <fcntl.h>
3503 #define DATA "conftest.stdpath"
3505 main()
3506 {
3507 FILE *fd;
3508 int rc;
3510 fd = fopen(DATA,"w");
3511 if(fd == NULL)
3512 exit(1);
3514 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3515 exit(1);
3517 exit(0);
3518 }
3519 ]])],
3520 [ user_path=`cat conftest.stdpath` ],
3521 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3522 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3523 )
3524 # make sure $bindir is in USER_PATH so scp will work
3525 t_bindir=`eval echo ${bindir}`
3526 case $t_bindir in
3527 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3528 esac
3529 case $t_bindir in
3530 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3531 esac
3532 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3533 if test $? -ne 0 ; then
3534 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3535 if test $? -ne 0 ; then
3536 user_path=$user_path:$t_bindir
3537 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3538 fi
3539 fi
3540 fi ]
3541 )
3542 if test "x$external_path_file" != "x/etc/login.conf" ; then
3543 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3544 AC_SUBST(user_path)
3545 fi
3547 # Set superuser path separately to user path
3548 AC_ARG_WITH(superuser-path,
3549 [ --with-superuser-path= Specify different path for super-user],
3550 [
3551 if test -n "$withval" && test "x$withval" != "xno" && \
3552 test "x${withval}" != "xyes"; then
3553 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3554 [Define if you want a different $PATH
3555 for the superuser])
3556 superuser_path=$withval
3557 fi
3558 ]
3559 )
3562 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3563 IPV4_IN6_HACK_MSG="no"
3564 AC_ARG_WITH(4in6,
3565 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3566 [
3567 if test "x$withval" != "xno" ; then
3568 AC_MSG_RESULT(yes)
3569 AC_DEFINE(IPV4_IN_IPV6, 1,
3570 [Detect IPv4 in IPv6 mapped addresses
3571 and treat as IPv4])
3572 IPV4_IN6_HACK_MSG="yes"
3573 else
3574 AC_MSG_RESULT(no)
3575 fi
3576 ],[
3577 if test "x$inet6_default_4in6" = "xyes"; then
3578 AC_MSG_RESULT([yes (default)])
3579 AC_DEFINE(IPV4_IN_IPV6)
3580 IPV4_IN6_HACK_MSG="yes"
3581 else
3582 AC_MSG_RESULT([no (default)])
3583 fi
3584 ]
3585 )
3587 # Whether to enable BSD auth support
3588 BSD_AUTH_MSG=no
3589 AC_ARG_WITH(bsd-auth,
3590 [ --with-bsd-auth Enable BSD auth support],
3591 [
3592 if test "x$withval" != "xno" ; then
3593 AC_DEFINE(BSD_AUTH, 1,
3594 [Define if you have BSD auth support])
3595 BSD_AUTH_MSG=yes
3596 fi
3597 ]
3598 )
3600 # Where to place sshd.pid
3601 piddir=/var/run
3602 # make sure the directory exists
3603 if test ! -d $piddir ; then
3604 piddir=`eval echo ${sysconfdir}`
3605 case $piddir in
3606 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3607 esac
3608 fi
3610 AC_ARG_WITH(pid-dir,
3611 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3612 [
3613 if test -n "$withval" && test "x$withval" != "xno" && \
3614 test "x${withval}" != "xyes"; then
3615 piddir=$withval
3616 if test ! -d $piddir ; then
3617 AC_MSG_WARN([** no $piddir directory on this system **])
3618 fi
3619 fi
3620 ]
3621 )
3623 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3624 AC_SUBST(piddir)
3626 dnl allow user to disable some login recording features
3627 AC_ARG_ENABLE(lastlog,
3628 [ --disable-lastlog disable use of lastlog even if detected [no]],
3629 [
3630 if test "x$enableval" = "xno" ; then
3631 AC_DEFINE(DISABLE_LASTLOG)
3632 fi
3633 ]
3634 )
3635 AC_ARG_ENABLE(utmp,
3636 [ --disable-utmp disable use of utmp even if detected [no]],
3637 [
3638 if test "x$enableval" = "xno" ; then
3639 AC_DEFINE(DISABLE_UTMP)
3640 fi
3641 ]
3642 )
3643 AC_ARG_ENABLE(utmpx,
3644 [ --disable-utmpx disable use of utmpx even if detected [no]],
3645 [
3646 if test "x$enableval" = "xno" ; then
3647 AC_DEFINE(DISABLE_UTMPX, 1,
3648 [Define if you don't want to use utmpx])
3649 fi
3650 ]
3651 )
3652 AC_ARG_ENABLE(wtmp,
3653 [ --disable-wtmp disable use of wtmp even if detected [no]],
3654 [
3655 if test "x$enableval" = "xno" ; then
3656 AC_DEFINE(DISABLE_WTMP)
3657 fi
3658 ]
3659 )
3660 AC_ARG_ENABLE(wtmpx,
3661 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3662 [
3663 if test "x$enableval" = "xno" ; then
3664 AC_DEFINE(DISABLE_WTMPX, 1,
3665 [Define if you don't want to use wtmpx])
3666 fi
3667 ]
3668 )
3669 AC_ARG_ENABLE(libutil,
3670 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3671 [
3672 if test "x$enableval" = "xno" ; then
3673 AC_DEFINE(DISABLE_LOGIN)
3674 fi
3675 ]
3676 )
3677 AC_ARG_ENABLE(pututline,
3678 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3679 [
3680 if test "x$enableval" = "xno" ; then
3681 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3682 [Define if you don't want to use pututline()
3683 etc. to write [uw]tmp])
3684 fi
3685 ]
3686 )
3687 AC_ARG_ENABLE(pututxline,
3688 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3689 [
3690 if test "x$enableval" = "xno" ; then
3691 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3692 [Define if you don't want to use pututxline()
3693 etc. to write [uw]tmpx])
3694 fi
3695 ]
3696 )
3697 AC_ARG_WITH(lastlog,
3698 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3699 [
3700 if test "x$withval" = "xno" ; then
3701 AC_DEFINE(DISABLE_LASTLOG)
3702 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3703 conf_lastlog_location=$withval
3704 fi
3705 ]
3706 )
3708 dnl lastlog, [uw]tmpx? detection
3709 dnl NOTE: set the paths in the platform section to avoid the
3710 dnl need for command-line parameters
3711 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3713 dnl lastlog detection
3714 dnl NOTE: the code itself will detect if lastlog is a directory
3715 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3716 AC_TRY_COMPILE([
3717 #include <sys/types.h>
3718 #include <utmp.h>
3719 #ifdef HAVE_LASTLOG_H
3720 # include <lastlog.h>
3721 #endif
3722 #ifdef HAVE_PATHS_H
3723 # include <paths.h>
3724 #endif
3725 #ifdef HAVE_LOGIN_H
3726 # include <login.h>
3727 #endif
3728 ],
3729 [ char *lastlog = LASTLOG_FILE; ],
3730 [ AC_MSG_RESULT(yes) ],
3731 [
3732 AC_MSG_RESULT(no)
3733 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3734 AC_TRY_COMPILE([
3735 #include <sys/types.h>
3736 #include <utmp.h>
3737 #ifdef HAVE_LASTLOG_H
3738 # include <lastlog.h>
3739 #endif
3740 #ifdef HAVE_PATHS_H
3741 # include <paths.h>
3742 #endif
3743 ],
3744 [ char *lastlog = _PATH_LASTLOG; ],
3745 [ AC_MSG_RESULT(yes) ],
3746 [
3747 AC_MSG_RESULT(no)
3748 system_lastlog_path=no
3749 ])
3750 ]
3751 )
3753 if test -z "$conf_lastlog_location"; then
3754 if test x"$system_lastlog_path" = x"no" ; then
3755 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3756 if (test -d "$f" || test -f "$f") ; then
3757 conf_lastlog_location=$f
3758 fi
3759 done
3760 if test -z "$conf_lastlog_location"; then
3761 AC_MSG_WARN([** Cannot find lastlog **])
3762 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3763 fi
3764 fi
3765 fi
3767 if test -n "$conf_lastlog_location"; then
3768 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3769 [Define if you want to specify the path to your lastlog file])
3770 fi
3772 dnl utmp detection
3773 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3774 AC_TRY_COMPILE([
3775 #include <sys/types.h>
3776 #include <utmp.h>
3777 #ifdef HAVE_PATHS_H
3778 # include <paths.h>
3779 #endif
3780 ],
3781 [ char *utmp = UTMP_FILE; ],
3782 [ AC_MSG_RESULT(yes) ],
3783 [ AC_MSG_RESULT(no)
3784 system_utmp_path=no ]
3785 )
3786 if test -z "$conf_utmp_location"; then
3787 if test x"$system_utmp_path" = x"no" ; then
3788 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3789 if test -f $f ; then
3790 conf_utmp_location=$f
3791 fi
3792 done
3793 if test -z "$conf_utmp_location"; then
3794 AC_DEFINE(DISABLE_UTMP)
3795 fi
3796 fi
3797 fi
3798 if test -n "$conf_utmp_location"; then
3799 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3800 [Define if you want to specify the path to your utmp file])
3801 fi
3803 dnl wtmp detection
3804 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3805 AC_TRY_COMPILE([
3806 #include <sys/types.h>
3807 #include <utmp.h>
3808 #ifdef HAVE_PATHS_H
3809 # include <paths.h>
3810 #endif
3811 ],
3812 [ char *wtmp = WTMP_FILE; ],
3813 [ AC_MSG_RESULT(yes) ],
3814 [ AC_MSG_RESULT(no)
3815 system_wtmp_path=no ]
3816 )
3817 if test -z "$conf_wtmp_location"; then
3818 if test x"$system_wtmp_path" = x"no" ; then
3819 for f in /usr/adm/wtmp /var/log/wtmp; do
3820 if test -f $f ; then
3821 conf_wtmp_location=$f
3822 fi
3823 done
3824 if test -z "$conf_wtmp_location"; then
3825 AC_DEFINE(DISABLE_WTMP)
3826 fi
3827 fi
3828 fi
3829 if test -n "$conf_wtmp_location"; then
3830 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3831 [Define if you want to specify the path to your wtmp file])
3832 fi
3835 dnl utmpx detection - I don't know any system so perverse as to require
3836 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3837 dnl there, though.
3838 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3839 AC_TRY_COMPILE([
3840 #include <sys/types.h>
3841 #include <utmp.h>
3842 #ifdef HAVE_UTMPX_H
3843 #include <utmpx.h>
3844 #endif
3845 #ifdef HAVE_PATHS_H
3846 # include <paths.h>
3847 #endif
3848 ],
3849 [ char *utmpx = UTMPX_FILE; ],
3850 [ AC_MSG_RESULT(yes) ],
3851 [ AC_MSG_RESULT(no)
3852 system_utmpx_path=no ]
3853 )
3854 if test -z "$conf_utmpx_location"; then
3855 if test x"$system_utmpx_path" = x"no" ; then
3856 AC_DEFINE(DISABLE_UTMPX)
3857 fi
3858 else
3859 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3860 [Define if you want to specify the path to your utmpx file])
3861 fi
3863 dnl wtmpx detection
3864 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3865 AC_TRY_COMPILE([
3866 #include <sys/types.h>
3867 #include <utmp.h>
3868 #ifdef HAVE_UTMPX_H
3869 #include <utmpx.h>
3870 #endif
3871 #ifdef HAVE_PATHS_H
3872 # include <paths.h>
3873 #endif
3874 ],
3875 [ char *wtmpx = WTMPX_FILE; ],
3876 [ AC_MSG_RESULT(yes) ],
3877 [ AC_MSG_RESULT(no)
3878 system_wtmpx_path=no ]
3879 )
3880 if test -z "$conf_wtmpx_location"; then
3881 if test x"$system_wtmpx_path" = x"no" ; then
3882 AC_DEFINE(DISABLE_WTMPX)
3883 fi
3884 else
3885 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3886 [Define if you want to specify the path to your wtmpx file])
3887 fi
3890 if test ! -z "$blibpath" ; then
3891 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3892 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3893 fi
3895 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3896 dnl Add now.
3897 CFLAGS="$CFLAGS $werror_flags"
3899 AC_EXEEXT
3900 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3901 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3902 scard/Makefile ssh_prng_cmds survey.sh])
3903 AC_OUTPUT
3905 # Print summary of options
3907 # Someone please show me a better way :)
3908 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3909 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3910 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3911 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3912 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3913 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3914 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3915 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3916 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3917 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3919 echo ""
3920 echo "OpenSSH has been configured with the following options:"
3921 echo " User binaries: $B"
3922 echo " System binaries: $C"
3923 echo " Configuration files: $D"
3924 echo " Askpass program: $E"
3925 echo " Manual pages: $F"
3926 echo " PID file: $G"
3927 echo " Privilege separation chroot path: $H"
3928 if test "x$external_path_file" = "x/etc/login.conf" ; then
3929 echo " At runtime, sshd will use the path defined in $external_path_file"
3930 echo " Make sure the path to scp is present, otherwise scp will not work"
3931 else
3932 echo " sshd default user PATH: $I"
3933 if test ! -z "$external_path_file"; then
3934 echo " (If PATH is set in $external_path_file it will be used instead. If"
3935 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3936 fi
3937 fi
3938 if test ! -z "$superuser_path" ; then
3939 echo " sshd superuser user PATH: $J"
3940 fi
3941 echo " Manpage format: $MANTYPE"
3942 echo " PAM support: $PAM_MSG"
3943 echo " OSF SIA support: $SIA_MSG"
3944 echo " KerberosV support: $KRB5_MSG"
3945 echo " SELinux support: $SELINUX_MSG"
3946 echo " Smartcard support: $SCARD_MSG"
3947 echo " S/KEY support: $SKEY_MSG"
3948 echo " TCP Wrappers support: $TCPW_MSG"
3949 echo " MD5 password support: $MD5_MSG"
3950 echo " libedit support: $LIBEDIT_MSG"
3951 echo " Solaris process contract support: $SPC_MSG"
3952 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3953 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3954 echo " BSD Auth support: $BSD_AUTH_MSG"
3955 echo " Random number source: $RAND_MSG"
3956 if test ! -z "$USE_RAND_HELPER" ; then
3957 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3958 fi
3960 echo ""
3962 echo " Host: ${host}"
3963 echo " Compiler: ${CC}"
3964 echo " Compiler flags: ${CFLAGS}"
3965 echo "Preprocessor flags: ${CPPFLAGS}"
3966 echo " Linker flags: ${LDFLAGS}"
3967 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3969 echo ""
3971 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3972 echo "SVR4 style packages are supported with \"make package\""
3973 echo ""
3974 fi
3976 if test "x$PAM_MSG" = "xyes" ; then
3977 echo "PAM is enabled. You may need to install a PAM control file "
3978 echo "for sshd, otherwise password authentication may fail. "
3979 echo "Example PAM control files can be found in the contrib/ "
3980 echo "subdirectory"
3981 echo ""
3982 fi
3984 if test ! -z "$RAND_HELPER_CMDHASH" ; then
3985 echo "WARNING: you are using the builtin random number collection "
3986 echo "service. Please read WARNING.RNG and request that your OS "
3987 echo "vendor includes kernel-based random number collection in "
3988 echo "future versions of your OS."
3989 echo ""
3990 fi
3992 if test ! -z "$NO_PEERCHECK" ; then
3993 echo "WARNING: the operating system that you are using does not "
3994 echo "appear to support either the getpeereid() API nor the "
3995 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
3996 echo "enforce security checks to prevent unauthorised connections to "
3997 echo "ssh-agent. Their absence increases the risk that a malicious "
3998 echo "user can connect to your agent. "
3999 echo ""
4000 fi
4002 if test "$AUDIT_MODULE" = "bsm" ; then
4003 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4004 echo "See the Solaris section in README.platform for details."
4005 fi