Cross Reference: /freebsd-11.0-release/crypto/openssh/configure.ac

Deleted Added

sdiff udiff text old ( 180751 ) new ( 189006 )

full compact

1# $Id: configure.ac,v 1.409 2008/07/09 11:07:19 djm Exp $
2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18AC_REVISION($Revision: 1.409 $)
19AC_CONFIG_SRCDIR([ssh.c])
20
21AC_CONFIG_HEADER(config.h)
22AC_PROG_CC
23AC_CANONICAL_HOST
24AC_C_BIGENDIAN
25
26# Checks for programs.
27AC_PROG_AWK
28AC_PROG_CPP
29AC_PROG_RANLIB
30AC_PROG_INSTALL
31AC_PROG_EGREP
32AC_PATH_PROG(AR, ar)
33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
35AC_PATH_PROGS(PERL, perl5 perl)
36AC_PATH_PROG(SED, sed)
37AC_SUBST(PERL)
38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43AC_PATH_PROG(SH, sh)
44AC_SUBST(TEST_SHELL,sh)
45
46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
57
58# System features
59AC_SYS_LARGEFILE
60
61if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
70else
71 # Search for login
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75 fi
76fi
77
78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
82fi
83
84if test -z "$LD" ; then
85 LD=$CC
86fi
87AC_SUBST(LD)
88
89AC_C_INLINE
90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
93use_stack_protector=1
94AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
97 use_stack_protector=0
98 fi ])
99
100if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
103 case $GCC_VER in
104 1.*) no_attrib_nonnull=1 ;;
105 2.8* | 2.9*)
106 CFLAGS="$CFLAGS -Wsign-compare"
107 no_attrib_nonnull=1
108 ;;
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
112 *) ;;
113 esac
114
115 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
116 saved_CFLAGS="$CFLAGS"
117 CFLAGS="$CFLAGS -fno-builtin-memset"
118 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
119#include <string.h>
120int main(void){char b[10]; memset(b, 0, sizeof(b));}
121 ]])],
122 [ AC_MSG_RESULT(yes) ],
123 [ AC_MSG_RESULT(no)
124 CFLAGS="$saved_CFLAGS" ]
125)
126
127 # -fstack-protector-all doesn't always work for some GCC versions
128 # and/or platforms, so we test if we can. If it's not supported
129 # on a give platform gcc will emit a warning so we use -Werror.
130 if test "x$use_stack_protector" = "x1"; then
131 for t in -fstack-protector-all -fstack-protector; do
132 AC_MSG_CHECKING(if $CC supports $t)
133 saved_CFLAGS="$CFLAGS"
134 saved_LDFLAGS="$LDFLAGS"
135 CFLAGS="$CFLAGS $t -Werror"
136 LDFLAGS="$LDFLAGS $t -Werror"
137 AC_LINK_IFELSE(
138 [AC_LANG_SOURCE([
139#include <stdlib.h>
140int main(void){return 0;}
141 ])],
142 [ AC_MSG_RESULT(yes)
143 CFLAGS="$saved_CFLAGS $t"
144 LDFLAGS="$saved_LDFLAGS $t"
145 AC_MSG_CHECKING(if $t works)
146 AC_RUN_IFELSE(
147 [AC_LANG_SOURCE([
148#include <stdlib.h>
149int main(void){exit(0);}
150 ])],
151 [ AC_MSG_RESULT(yes)
152 break ],
153 [ AC_MSG_RESULT(no) ],
154 [ AC_MSG_WARN([cross compiling: cannot test])
155 break ]
156 )
157 ],
158 [ AC_MSG_RESULT(no) ]
159 )
160 CFLAGS="$saved_CFLAGS"
161 LDFLAGS="$saved_LDFLAGS"
162 done
163 fi
164
165 if test -z "$have_llong_max"; then
166 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
167 unset ac_cv_have_decl_LLONG_MAX
168 saved_CFLAGS="$CFLAGS"
169 CFLAGS="$CFLAGS -std=gnu99"
170 AC_CHECK_DECL(LLONG_MAX,
171 [have_llong_max=1],
172 [CFLAGS="$saved_CFLAGS"],
173 [#include <limits.h>]
174 )
175 fi
176fi
177
178if test "x$no_attrib_nonnull" != "x1" ; then
179 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
180fi
181
182AC_ARG_WITH(rpath,
183 [ --without-rpath Disable auto-added -R linker paths],
184 [
185 if test "x$withval" = "xno" ; then
186 need_dash_r=""
187 fi
188 if test "x$withval" = "xyes" ; then
189 need_dash_r=1
190 fi
191 ]
192)
193
194# Allow user to specify flags
195AC_ARG_WITH(cflags,
196 [ --with-cflags Specify additional flags to pass to compiler],
197 [
198 if test -n "$withval" && test "x$withval" != "xno" && \
199 test "x${withval}" != "xyes"; then
200 CFLAGS="$CFLAGS $withval"
201 fi
202 ]
203)
204AC_ARG_WITH(cppflags,
205 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
206 [
207 if test -n "$withval" && test "x$withval" != "xno" && \
208 test "x${withval}" != "xyes"; then
209 CPPFLAGS="$CPPFLAGS $withval"
210 fi
211 ]
212)
213AC_ARG_WITH(ldflags,
214 [ --with-ldflags Specify additional flags to pass to linker],
215 [
216 if test -n "$withval" && test "x$withval" != "xno" && \
217 test "x${withval}" != "xyes"; then
218 LDFLAGS="$LDFLAGS $withval"
219 fi
220 ]
221)
222AC_ARG_WITH(libs,
223 [ --with-libs Specify additional libraries to link with],
224 [
225 if test -n "$withval" && test "x$withval" != "xno" && \
226 test "x${withval}" != "xyes"; then
227 LIBS="$LIBS $withval"
228 fi
229 ]
230)
231AC_ARG_WITH(Werror,
232 [ --with-Werror Build main code with -Werror],
233 [
234 if test -n "$withval" && test "x$withval" != "xno"; then
235 werror_flags="-Werror"
236 if test "x${withval}" != "xyes"; then
237 werror_flags="$withval"
238 fi
239 fi
240 ]
241)
242
243AC_CHECK_HEADERS( \
244 bstring.h \
245 crypt.h \
246 crypto/sha2.h \
247 dirent.h \
248 endian.h \
249 features.h \
250 fcntl.h \
251 floatingpoint.h \
252 getopt.h \
253 glob.h \
254 ia.h \
255 iaf.h \
256 limits.h \
257 login.h \
258 maillock.h \
259 ndir.h \
260 net/if_tun.h \
261 netdb.h \
262 netgroup.h \
263 pam/pam_appl.h \
264 paths.h \
265 poll.h \
266 pty.h \
267 readpassphrase.h \
268 rpc/types.h \
269 security/pam_appl.h \
270 sha2.h \
271 shadow.h \
272 stddef.h \
273 stdint.h \
274 string.h \
275 strings.h \
276 sys/audit.h \
277 sys/bitypes.h \
278 sys/bsdtty.h \
279 sys/cdefs.h \
280 sys/dir.h \
281 sys/mman.h \
282 sys/mount.h \
283 sys/ndir.h \
284 sys/poll.h \
285 sys/prctl.h \
286 sys/pstat.h \
287 sys/select.h \
288 sys/stat.h \
289 sys/stream.h \
290 sys/stropts.h \
291 sys/strtio.h \
292 sys/statvfs.h \
293 sys/sysmacros.h \
294 sys/time.h \
295 sys/timers.h \
296 sys/un.h \
297 time.h \
298 tmpdir.h \
299 ttyent.h \
300 ucred.h \
301 unistd.h \
302 usersec.h \
303 util.h \
304 utime.h \
305 utmp.h \
306 utmpx.h \
307 vis.h \
308)
309
310# lastlog.h requires sys/time.h to be included first on Solaris
311AC_CHECK_HEADERS(lastlog.h, [], [], [
312#ifdef HAVE_SYS_TIME_H
313# include <sys/time.h>
314#endif
315])
316
317# sys/ptms.h requires sys/stream.h to be included first on Solaris
318AC_CHECK_HEADERS(sys/ptms.h, [], [], [
319#ifdef HAVE_SYS_STREAM_H
320# include <sys/stream.h>
321#endif
322])
323
324# login_cap.h requires sys/types.h on NetBSD
325AC_CHECK_HEADERS(login_cap.h, [], [], [
326#include <sys/types.h>
327])
328
329# Messages for features tested for in target-specific section
330SIA_MSG="no"
331SPC_MSG="no"
332
333# Check for some target-specific stuff
334case "$host" in
335*-*-aix*)
336 # Some versions of VAC won't allow macro redefinitions at
337 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
338 # particularly with older versions of vac or xlc.
339 # It also throws errors about null macro argments, but these are
340 # not fatal.
341 AC_MSG_CHECKING(if compiler allows macro redefinitions)
342 AC_COMPILE_IFELSE(
343 [AC_LANG_SOURCE([[
344#define testmacro foo
345#define testmacro bar
346int main(void) { exit(0); }
347 ]])],
348 [ AC_MSG_RESULT(yes) ],
349 [ AC_MSG_RESULT(no)
350 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
351 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
352 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
353 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
354 ]
355 )
356
357 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
358 if (test -z "$blibpath"); then
359 blibpath="/usr/lib:/lib"
360 fi
361 saved_LDFLAGS="$LDFLAGS"
362 if test "$GCC" = "yes"; then
363 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
364 else
365 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
366 fi
367 for tryflags in $flags ;do
368 if (test -z "$blibflags"); then
369 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
370 AC_TRY_LINK([], [], [blibflags=$tryflags])
371 fi
372 done
373 if (test -z "$blibflags"); then
374 AC_MSG_RESULT(not found)
375 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
376 else
377 AC_MSG_RESULT($blibflags)
378 fi
379 LDFLAGS="$saved_LDFLAGS"
380 dnl Check for authenticate. Might be in libs.a on older AIXes
381 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
382 [Define if you want to enable AIX4's authenticate function])],
383 [AC_CHECK_LIB(s,authenticate,
384 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
385 LIBS="$LIBS -ls"
386 ])
387 ])
388 dnl Check for various auth function declarations in headers.
389 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
390 passwdexpired, setauthdb], , , [#include <usersec.h>])
391 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
392 AC_CHECK_DECLS(loginfailed,
393 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
394 AC_TRY_COMPILE(
395 [#include <usersec.h>],
396 [(void)loginfailed("user","host","tty",0);],
397 [AC_MSG_RESULT(yes)
398 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
399 [Define if your AIX loginfailed() function
400 takes 4 arguments (AIX >= 5.2)])],
401 [AC_MSG_RESULT(no)]
402 )],
403 [],
404 [#include <usersec.h>]
405 )
406 AC_CHECK_FUNCS(getgrset setauthdb)
407 AC_CHECK_DECL(F_CLOSEM,
408 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
409 [],
410 [ #include <limits.h>
411 #include <fcntl.h> ]
412 )
413 check_for_aix_broken_getaddrinfo=1
414 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
415 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
416 [Define if your platform breaks doing a seteuid before a setuid])
417 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
418 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
419 dnl AIX handles lastlog as part of its login message
420 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
421 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
422 [Some systems need a utmpx entry for /bin/login to work])
423 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
424 [Define to a Set Process Title type if your system is
425 supported by bsd-setproctitle.c])
426 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
427 [AIX 5.2 and 5.3 (and presumably newer) require this])
428 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
429 ;;
430*-*-cygwin*)
431 check_for_libcrypt_later=1
432 LIBS="$LIBS /usr/lib/textreadmode.o"
433 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
434 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
435 AC_DEFINE(DISABLE_SHADOW, 1,
436 [Define if you want to disable shadow passwords])
437 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
438 [Define if your system choked on IP TOS setting])
439 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
440 [Define if X11 doesn't support AF_UNIX sockets on that system])
441 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
442 [Define if the concept of ports only accessible to
443 superusers isn't known])
444 AC_DEFINE(DISABLE_FD_PASSING, 1,
445 [Define if your platform needs to skip post auth
446 file descriptor passing])
447 ;;
448*-*-dgux*)
449 AC_DEFINE(IP_TOS_IS_BROKEN)
450 AC_DEFINE(SETEUID_BREAKS_SETUID)
451 AC_DEFINE(BROKEN_SETREUID)
452 AC_DEFINE(BROKEN_SETREGID)
453 ;;
454*-*-darwin*)
455 AC_MSG_CHECKING(if we have working getaddrinfo)
456 AC_TRY_RUN([#include <mach-o/dyld.h>
457main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
458 exit(0);
459 else
460 exit(1);
461}], [AC_MSG_RESULT(working)],
462 [AC_MSG_RESULT(buggy)
463 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
464 [AC_MSG_RESULT(assume it is working)])
465 AC_DEFINE(SETEUID_BREAKS_SETUID)
466 AC_DEFINE(BROKEN_SETREUID)
467 AC_DEFINE(BROKEN_SETREGID)
468 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
469 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
470 [Define if your resolver libs need this for getrrsetbyname])
471 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
472 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
473 [Use tunnel device compatibility to OpenBSD])
474 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
475 [Prepend the address family to IP tunnel traffic])
476 m4_pattern_allow(AU_IPv)
477 AC_CHECK_DECL(AU_IPv4, [],
478 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
479 [#include <bsm/audit.h>]
480 )
481 ;;
482*-*-dragonfly*)
483 SSHDLIBS="$SSHDLIBS -lcrypt"
484 ;;
485*-*-hpux*)
486 # first we define all of the options common to all HP-UX releases
487 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
488 IPADDR_IN_DISPLAY=yes
489 AC_DEFINE(USE_PIPES)
490 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
491 [Define if your login program cannot handle end of options ("--")])
492 AC_DEFINE(LOGIN_NEEDS_UTMPX)
493 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
494 [String used in /etc/passwd to denote locked account])
495 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
496 MAIL="/var/mail/username"
497 LIBS="$LIBS -lsec"
498 AC_CHECK_LIB(xnet, t_error, ,
499 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
500
501 # next, we define all of the options specific to major releases
502 case "$host" in
503 *-*-hpux10*)
504 if test -z "$GCC"; then
505 CFLAGS="$CFLAGS -Ae"
506 fi
507 ;;
508 *-*-hpux11*)
509 AC_DEFINE(PAM_SUN_CODEBASE, 1,
510 [Define if you are using Solaris-derived PAM which
511 passes pam_messages to the conversation function
512 with an extra level of indirection])
513 AC_DEFINE(DISABLE_UTMP, 1,
514 [Define if you don't want to use utmp])
515 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
516 check_for_hpux_broken_getaddrinfo=1
517 check_for_conflicting_getspnam=1
518 ;;
519 esac
520
521 # lastly, we define options specific to minor releases
522 case "$host" in
523 *-*-hpux10.26)
524 AC_DEFINE(HAVE_SECUREWARE, 1,
525 [Define if you have SecureWare-based
526 protected password database])
527 disable_ptmx_check=yes
528 LIBS="$LIBS -lsecpw"
529 ;;
530 esac
531 ;;
532*-*-irix5*)
533 PATH="$PATH:/usr/etc"
534 AC_DEFINE(BROKEN_INET_NTOA, 1,
535 [Define if you system's inet_ntoa is busted
536 (e.g. Irix gcc issue)])
537 AC_DEFINE(SETEUID_BREAKS_SETUID)
538 AC_DEFINE(BROKEN_SETREUID)
539 AC_DEFINE(BROKEN_SETREGID)
540 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
541 [Define if you shouldn't strip 'tty' from your
542 ttyname in [uw]tmp])
543 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
544 ;;
545*-*-irix6*)
546 PATH="$PATH:/usr/etc"
547 AC_DEFINE(WITH_IRIX_ARRAY, 1,
548 [Define if you have/want arrays
549 (cluster-wide session managment, not C arrays)])
550 AC_DEFINE(WITH_IRIX_PROJECT, 1,
551 [Define if you want IRIX project management])
552 AC_DEFINE(WITH_IRIX_AUDIT, 1,
553 [Define if you want IRIX audit trails])
554 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
555 [Define if you want IRIX kernel jobs])])
556 AC_DEFINE(BROKEN_INET_NTOA)
557 AC_DEFINE(SETEUID_BREAKS_SETUID)
558 AC_DEFINE(BROKEN_SETREUID)
559 AC_DEFINE(BROKEN_SETREGID)
560 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
561 AC_DEFINE(WITH_ABBREV_NO_TTY)
562 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
563 ;;
564*-*-linux*)
565 no_dev_ptmx=1
566 check_for_libcrypt_later=1
567 check_for_openpty_ctty_bug=1
568 AC_DEFINE(PAM_TTY_KLUDGE, 1,
569 [Work around problematic Linux PAM modules handling of PAM_TTY])
570 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
571 [String used in /etc/passwd to denote locked account])
572 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
573 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
574 [Define to whatever link() returns for "not supported"
575 if it doesn't return EOPNOTSUPP.])
576 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
577 AC_DEFINE(USE_BTMP)
578 inet6_default_4in6=yes
579 case `uname -r` in
580 1.*|2.0.*)
581 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
582 [Define if cmsg_type is not passed correctly])
583 ;;
584 esac
585 # tun(4) forwarding compat code
586 AC_CHECK_HEADERS(linux/if_tun.h)
587 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
588 AC_DEFINE(SSH_TUN_LINUX, 1,
589 [Open tunnel devices the Linux tun/tap way])
590 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
591 [Use tunnel device compatibility to OpenBSD])
592 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
593 [Prepend the address family to IP tunnel traffic])
594 fi
595 ;;
596mips-sony-bsd|mips-sony-newsos4)
597 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
598 SONY=1
599 ;;
600*-*-netbsd*)
601 check_for_libcrypt_before=1
602 if test "x$withval" != "xno" ; then
603 need_dash_r=1
604 fi
605 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
606 AC_CHECK_HEADER([net/if_tap.h], ,
607 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
608 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
609 [Prepend the address family to IP tunnel traffic])
610 ;;
611*-*-freebsd*)
612 check_for_libcrypt_later=1
613 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
614 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
615 AC_CHECK_HEADER([net/if_tap.h], ,
616 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
617 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
618 ;;
619*-*-bsdi*)
620 AC_DEFINE(SETEUID_BREAKS_SETUID)
621 AC_DEFINE(BROKEN_SETREUID)
622 AC_DEFINE(BROKEN_SETREGID)
623 ;;
624*-next-*)
625 conf_lastlog_location="/usr/adm/lastlog"
626 conf_utmp_location=/etc/utmp
627 conf_wtmp_location=/usr/adm/wtmp
628 MAIL=/usr/spool/mail
629 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
630 AC_DEFINE(BROKEN_REALPATH)
631 AC_DEFINE(USE_PIPES)
632 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
633 ;;
634*-*-openbsd*)
635 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
636 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
637 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
638 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
639 [syslog_r function is safe to use in in a signal handler])
640 ;;
641*-*-solaris*)
642 if test "x$withval" != "xno" ; then
643 need_dash_r=1
644 fi
645 AC_DEFINE(PAM_SUN_CODEBASE)
646 AC_DEFINE(LOGIN_NEEDS_UTMPX)
647 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
648 [Some versions of /bin/login need the TERM supplied
649 on the commandline])
650 AC_DEFINE(PAM_TTY_KLUDGE)
651 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
652 [Define if pam_chauthtok wants real uid set
653 to the unpriv'ed user])
654 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
655 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
656 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
657 [Define if sshd somehow reacquires a controlling TTY
658 after setsid()])
659 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
660 in case the name is longer than 8 chars])
661 external_path_file=/etc/default/login
662 # hardwire lastlog location (can't detect it on some versions)
663 conf_lastlog_location="/var/adm/lastlog"
664 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
665 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
666 if test "$sol2ver" -ge 8; then
667 AC_MSG_RESULT(yes)
668 AC_DEFINE(DISABLE_UTMP)
669 AC_DEFINE(DISABLE_WTMP, 1,
670 [Define if you don't want to use wtmp])
671 else
672 AC_MSG_RESULT(no)
673 fi
674 AC_ARG_WITH(solaris-contracts,
675 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
676 [
677 AC_CHECK_LIB(contract, ct_tmpl_activate,
678 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
679 [Define if you have Solaris process contracts])
680 SSHDLIBS="$SSHDLIBS -lcontract"
681 AC_SUBST(SSHDLIBS)
682 SPC_MSG="yes" ], )
683 ],
684 )
685 ;;
686*-*-sunos4*)
687 CPPFLAGS="$CPPFLAGS -DSUNOS4"
688 AC_CHECK_FUNCS(getpwanam)
689 AC_DEFINE(PAM_SUN_CODEBASE)
690 conf_utmp_location=/etc/utmp
691 conf_wtmp_location=/var/adm/wtmp
692 conf_lastlog_location=/var/adm/lastlog
693 AC_DEFINE(USE_PIPES)
694 ;;
695*-ncr-sysv*)
696 LIBS="$LIBS -lc89"
697 AC_DEFINE(USE_PIPES)
698 AC_DEFINE(SSHD_ACQUIRES_CTTY)
699 AC_DEFINE(SETEUID_BREAKS_SETUID)
700 AC_DEFINE(BROKEN_SETREUID)
701 AC_DEFINE(BROKEN_SETREGID)
702 ;;
703*-sni-sysv*)
704 # /usr/ucblib MUST NOT be searched on ReliantUNIX
705 AC_CHECK_LIB(dl, dlsym, ,)
706 # -lresolv needs to be at the end of LIBS or DNS lookups break
707 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
708 IPADDR_IN_DISPLAY=yes
709 AC_DEFINE(USE_PIPES)
710 AC_DEFINE(IP_TOS_IS_BROKEN)
711 AC_DEFINE(SETEUID_BREAKS_SETUID)
712 AC_DEFINE(BROKEN_SETREUID)
713 AC_DEFINE(BROKEN_SETREGID)
714 AC_DEFINE(SSHD_ACQUIRES_CTTY)
715 external_path_file=/etc/default/login
716 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
717 # Attention: always take care to bind libsocket and libnsl before libc,
718 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
719 ;;
720# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
721*-*-sysv4.2*)
722 AC_DEFINE(USE_PIPES)
723 AC_DEFINE(SETEUID_BREAKS_SETUID)
724 AC_DEFINE(BROKEN_SETREUID)
725 AC_DEFINE(BROKEN_SETREGID)
726 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
727 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
728 ;;
729# UnixWare 7.x, OpenUNIX 8
730*-*-sysv5*)
731 check_for_libcrypt_later=1
732 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
733 AC_DEFINE(USE_PIPES)
734 AC_DEFINE(SETEUID_BREAKS_SETUID)
735 AC_DEFINE(BROKEN_SETREUID)
736 AC_DEFINE(BROKEN_SETREGID)
737 AC_DEFINE(PASSWD_NEEDS_USERNAME)
738 case "$host" in
739 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
740 TEST_SHELL=/u95/bin/sh
741 AC_DEFINE(BROKEN_LIBIAF, 1,
742 [ia_uinfo routines not supported by OS yet])
743 AC_DEFINE(BROKEN_UPDWTMPX)
744 ;;
745 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
746 ;;
747 esac
748 ;;
749*-*-sysv*)
750 ;;
751# SCO UNIX and OEM versions of SCO UNIX
752*-*-sco3.2v4*)
753 AC_MSG_ERROR("This Platform is no longer supported.")
754 ;;
755# SCO OpenServer 5.x
756*-*-sco3.2v5*)
757 if test -z "$GCC"; then
758 CFLAGS="$CFLAGS -belf"
759 fi
760 LIBS="$LIBS -lprot -lx -ltinfo -lm"
761 no_dev_ptmx=1
762 AC_DEFINE(USE_PIPES)
763 AC_DEFINE(HAVE_SECUREWARE)
764 AC_DEFINE(DISABLE_SHADOW)
765 AC_DEFINE(DISABLE_FD_PASSING)
766 AC_DEFINE(SETEUID_BREAKS_SETUID)
767 AC_DEFINE(BROKEN_SETREUID)
768 AC_DEFINE(BROKEN_SETREGID)
769 AC_DEFINE(WITH_ABBREV_NO_TTY)
770 AC_DEFINE(BROKEN_UPDWTMPX)
771 AC_DEFINE(PASSWD_NEEDS_USERNAME)
772 AC_CHECK_FUNCS(getluid setluid)
773 MANTYPE=man
774 TEST_SHELL=ksh
775 ;;
776*-*-unicosmk*)
777 AC_DEFINE(NO_SSH_LASTLOG, 1,
778 [Define if you don't want to use lastlog in session.c])
779 AC_DEFINE(SETEUID_BREAKS_SETUID)
780 AC_DEFINE(BROKEN_SETREUID)
781 AC_DEFINE(BROKEN_SETREGID)
782 AC_DEFINE(USE_PIPES)
783 AC_DEFINE(DISABLE_FD_PASSING)
784 LDFLAGS="$LDFLAGS"
785 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
786 MANTYPE=cat
787 ;;
788*-*-unicosmp*)
789 AC_DEFINE(SETEUID_BREAKS_SETUID)
790 AC_DEFINE(BROKEN_SETREUID)
791 AC_DEFINE(BROKEN_SETREGID)
792 AC_DEFINE(WITH_ABBREV_NO_TTY)
793 AC_DEFINE(USE_PIPES)
794 AC_DEFINE(DISABLE_FD_PASSING)
795 LDFLAGS="$LDFLAGS"
796 LIBS="$LIBS -lgen -lacid -ldb"
797 MANTYPE=cat
798 ;;
799*-*-unicos*)
800 AC_DEFINE(SETEUID_BREAKS_SETUID)
801 AC_DEFINE(BROKEN_SETREUID)
802 AC_DEFINE(BROKEN_SETREGID)
803 AC_DEFINE(USE_PIPES)
804 AC_DEFINE(DISABLE_FD_PASSING)
805 AC_DEFINE(NO_SSH_LASTLOG)
806 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
807 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
808 MANTYPE=cat
809 ;;
810*-dec-osf*)
811 AC_MSG_CHECKING(for Digital Unix SIA)
812 no_osfsia=""
813 AC_ARG_WITH(osfsia,
814 [ --with-osfsia Enable Digital Unix SIA],
815 [
816 if test "x$withval" = "xno" ; then
817 AC_MSG_RESULT(disabled)
818 no_osfsia=1
819 fi
820 ],
821 )
822 if test -z "$no_osfsia" ; then
823 if test -f /etc/sia/matrix.conf; then
824 AC_MSG_RESULT(yes)
825 AC_DEFINE(HAVE_OSF_SIA, 1,
826 [Define if you have Digital Unix Security
827 Integration Architecture])
828 AC_DEFINE(DISABLE_LOGIN, 1,
829 [Define if you don't want to use your
830 system's login() call])
831 AC_DEFINE(DISABLE_FD_PASSING)
832 LIBS="$LIBS -lsecurity -ldb -lm -laud"
833 SIA_MSG="yes"
834 else
835 AC_MSG_RESULT(no)
836 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
837 [String used in /etc/passwd to denote locked account])
838 fi
839 fi
840 AC_DEFINE(BROKEN_GETADDRINFO)
841 AC_DEFINE(SETEUID_BREAKS_SETUID)
842 AC_DEFINE(BROKEN_SETREUID)
843 AC_DEFINE(BROKEN_SETREGID)
844 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
845 ;;
846
847*-*-nto-qnx*)
848 AC_DEFINE(USE_PIPES)
849 AC_DEFINE(NO_X11_UNIX_SOCKETS)
850 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
851 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
852 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
853 AC_DEFINE(DISABLE_LASTLOG)
854 AC_DEFINE(SSHD_ACQUIRES_CTTY)
855 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
856 enable_etc_default_login=no # has incompatible /etc/default/login
857 case "$host" in
858 *-*-nto-qnx6*)
859 AC_DEFINE(DISABLE_FD_PASSING)
860 ;;
861 esac
862 ;;
863
864*-*-ultrix*)
865 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
866 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
867 AC_DEFINE(NEED_SETPGRP)
868 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
869 ;;
870
871*-*-lynxos)
872 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
873 AC_DEFINE(MISSING_HOWMANY)
874 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
875 ;;
876esac
877
878AC_MSG_CHECKING(compiler and flags for sanity)
879AC_RUN_IFELSE(
880 [AC_LANG_SOURCE([
881#include <stdio.h>
882int main(){exit(0);}
883 ])],
884 [ AC_MSG_RESULT(yes) ],
885 [
886 AC_MSG_RESULT(no)
887 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
888 ],
889 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
890)
891
892dnl Checks for header files.
893# Checks for libraries.
894AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
895AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
896
897dnl IRIX and Solaris 2.5.1 have dirname() in libgen
898AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
899 AC_CHECK_LIB(gen, dirname,[
900 AC_CACHE_CHECK([for broken dirname],
901 ac_cv_have_broken_dirname, [
902 save_LIBS="$LIBS"
903 LIBS="$LIBS -lgen"
904 AC_RUN_IFELSE(
905 [AC_LANG_SOURCE([[
906#include <libgen.h>
907#include <string.h>
908
909int main(int argc, char **argv) {
910 char *s, buf[32];
911
912 strncpy(buf,"/etc", 32);
913 s = dirname(buf);
914 if (!s || strncmp(s, "/", 32) != 0) {
915 exit(1);
916 } else {
917 exit(0);
918 }
919}
920 ]])],
921 [ ac_cv_have_broken_dirname="no" ],
922 [ ac_cv_have_broken_dirname="yes" ],
923 [ ac_cv_have_broken_dirname="no" ],
924 )
925 LIBS="$save_LIBS"
926 ])
927 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
928 LIBS="$LIBS -lgen"
929 AC_DEFINE(HAVE_DIRNAME)
930 AC_CHECK_HEADERS(libgen.h)
931 fi
932 ])
933])
934
935AC_CHECK_FUNC(getspnam, ,
936 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
937AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
938 [Define if you have the basename function.]))
939
940dnl zlib is required
941AC_ARG_WITH(zlib,
942 [ --with-zlib=PATH Use zlib in PATH],
943 [ if test "x$withval" = "xno" ; then
944 AC_MSG_ERROR([*** zlib is required ***])
945 elif test "x$withval" != "xyes"; then
946 if test -d "$withval/lib"; then
947 if test -n "${need_dash_r}"; then
948 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
949 else
950 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
951 fi
952 else
953 if test -n "${need_dash_r}"; then
954 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
955 else
956 LDFLAGS="-L${withval} ${LDFLAGS}"
957 fi
958 fi
959 if test -d "$withval/include"; then
960 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
961 else
962 CPPFLAGS="-I${withval} ${CPPFLAGS}"
963 fi
964 fi ]
965)
966
967AC_CHECK_LIB(z, deflate, ,
968 [
969 saved_CPPFLAGS="$CPPFLAGS"
970 saved_LDFLAGS="$LDFLAGS"
971 save_LIBS="$LIBS"
972 dnl Check default zlib install dir
973 if test -n "${need_dash_r}"; then
974 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
975 else
976 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
977 fi
978 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
979 LIBS="$LIBS -lz"
980 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
981 [
982 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
983 ]
984 )
985 ]
986)
987AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
988
989AC_ARG_WITH(zlib-version-check,
990 [ --without-zlib-version-check Disable zlib version check],
991 [ if test "x$withval" = "xno" ; then
992 zlib_check_nonfatal=1
993 fi
994 ]
995)
996
997AC_MSG_CHECKING(for possibly buggy zlib)
998AC_RUN_IFELSE([AC_LANG_SOURCE([[
999#include <stdio.h>
1000#include <zlib.h>
1001int main()
1002{
1003 int a=0, b=0, c=0, d=0, n, v;
1004 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1005 if (n != 3 && n != 4)
1006 exit(1);
1007 v = a*1000000 + b*10000 + c*100 + d;
1008 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1009
1010 /* 1.1.4 is OK */
1011 if (a == 1 && b == 1 && c >= 4)
1012 exit(0);
1013
1014 /* 1.2.3 and up are OK */
1015 if (v >= 1020300)
1016 exit(0);
1017
1018 exit(2);
1019}
1020 ]])],
1021 AC_MSG_RESULT(no),
1022 [ AC_MSG_RESULT(yes)
1023 if test -z "$zlib_check_nonfatal" ; then
1024 AC_MSG_ERROR([*** zlib too old - check config.log ***
1025Your reported zlib version has known security problems. It's possible your
1026vendor has fixed these problems without changing the version number. If you
1027are sure this is the case, you can disable the check by running
1028"./configure --without-zlib-version-check".
1029If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1030See http://www.gzip.org/zlib/ for details.])
1031 else
1032 AC_MSG_WARN([zlib version may have security problems])
1033 fi
1034 ],
1035 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1036)
1037
1038dnl UnixWare 2.x
1039AC_CHECK_FUNC(strcasecmp,
1040 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1041)
1042AC_CHECK_FUNCS(utimes,
1043 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1044 LIBS="$LIBS -lc89"]) ]
1045)
1046
1047dnl Checks for libutil functions
1048AC_CHECK_HEADERS(libutil.h)
1049AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1050 [Define if your libraries define login()])])
1051AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1052
1053AC_FUNC_STRFTIME
1054
1055# Check for ALTDIRFUNC glob() extension
1056AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1057AC_EGREP_CPP(FOUNDIT,
1058 [
1059 #include <glob.h>
1060 #ifdef GLOB_ALTDIRFUNC
1061 FOUNDIT
1062 #endif
1063 ],
1064 [
1065 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1066 [Define if your system glob() function has
1067 the GLOB_ALTDIRFUNC extension])
1068 AC_MSG_RESULT(yes)
1069 ],
1070 [
1071 AC_MSG_RESULT(no)
1072 ]
1073)
1074
1075# Check for g.gl_matchc glob() extension
1076AC_MSG_CHECKING(for gl_matchc field in glob_t)
1077AC_TRY_COMPILE(
1078 [ #include <glob.h> ],
1079 [glob_t g; g.gl_matchc = 1;],
1080 [
1081 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1082 [Define if your system glob() function has
1083 gl_matchc options in glob_t])
1084 AC_MSG_RESULT(yes)
1085 ],
1086 [
1087 AC_MSG_RESULT(no)
1088 ]
1089)
1090
1091AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1092
1093AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1094AC_RUN_IFELSE(
1095 [AC_LANG_SOURCE([[
1096#include <sys/types.h>
1097#include <dirent.h>
1098int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1099 ]])],
1100 [AC_MSG_RESULT(yes)],
1101 [
1102 AC_MSG_RESULT(no)
1103 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1104 [Define if your struct dirent expects you to
1105 allocate extra space for d_name])
1106 ],
1107 [
1108 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1109 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1110 ]
1111)
1112
1113AC_MSG_CHECKING([for /proc/pid/fd directory])
1114if test -d "/proc/$$/fd" ; then
1115 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1116 AC_MSG_RESULT(yes)
1117else
1118 AC_MSG_RESULT(no)
1119fi
1120
1121# Check whether user wants S/Key support
1122SKEY_MSG="no"
1123AC_ARG_WITH(skey,
1124 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1125 [
1126 if test "x$withval" != "xno" ; then
1127
1128 if test "x$withval" != "xyes" ; then
1129 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1130 LDFLAGS="$LDFLAGS -L${withval}/lib"
1131 fi
1132
1133 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1134 LIBS="-lskey $LIBS"
1135 SKEY_MSG="yes"
1136
1137 AC_MSG_CHECKING([for s/key support])
1138 AC_LINK_IFELSE(
1139 [AC_LANG_SOURCE([[
1140#include <stdio.h>
1141#include <skey.h>
1142int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1143 ]])],
1144 [AC_MSG_RESULT(yes)],
1145 [
1146 AC_MSG_RESULT(no)
1147 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1148 ])
1149 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1150 AC_TRY_COMPILE(
1151 [#include <stdio.h>
1152 #include <skey.h>],
1153 [(void)skeychallenge(NULL,"name","",0);],
1154 [AC_MSG_RESULT(yes)
1155 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1156 [Define if your skeychallenge()
1157 function takes 4 arguments (NetBSD)])],
1158 [AC_MSG_RESULT(no)]
1159 )
1160 fi
1161 ]
1162)
1163
1164# Check whether user wants TCP wrappers support
1165TCPW_MSG="no"
1166AC_ARG_WITH(tcp-wrappers,
1167 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1168 [
1169 if test "x$withval" != "xno" ; then
1170 saved_LIBS="$LIBS"
1171 saved_LDFLAGS="$LDFLAGS"
1172 saved_CPPFLAGS="$CPPFLAGS"
1173 if test -n "${withval}" && \
1174 test "x${withval}" != "xyes"; then
1175 if test -d "${withval}/lib"; then
1176 if test -n "${need_dash_r}"; then
1177 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1178 else
1179 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1180 fi
1181 else
1182 if test -n "${need_dash_r}"; then
1183 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1184 else
1185 LDFLAGS="-L${withval} ${LDFLAGS}"
1186 fi
1187 fi
1188 if test -d "${withval}/include"; then
1189 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1190 else
1191 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1192 fi
1193 fi
1194 LIBS="-lwrap $LIBS"
1195 AC_MSG_CHECKING(for libwrap)
1196 AC_TRY_LINK(
1197 [
1198#include <sys/types.h>
1199#include <sys/socket.h>
1200#include <netinet/in.h>
1201#include <tcpd.h>
1202 int deny_severity = 0, allow_severity = 0;
1203 ],
1204 [hosts_access(0);],
1205 [
1206 AC_MSG_RESULT(yes)
1207 AC_DEFINE(LIBWRAP, 1,
1208 [Define if you want
1209 TCP Wrappers support])
1210 SSHDLIBS="$SSHDLIBS -lwrap"
1211 TCPW_MSG="yes"
1212 ],
1213 [
1214 AC_MSG_ERROR([*** libwrap missing])
1215 ]
1216 )
1217 LIBS="$saved_LIBS"
1218 fi
1219 ]
1220)
1221
1222# Check whether user wants libedit support
1223LIBEDIT_MSG="no"
1224AC_ARG_WITH(libedit,
1225 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1226 [ if test "x$withval" != "xno" ; then
1227 if test "x$withval" != "xyes"; then
1228 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1229 if test -n "${need_dash_r}"; then
1230 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1231 else
1232 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1233 fi
1234 fi
1235 AC_CHECK_LIB(edit, el_init,
1236 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1237 LIBEDIT="-ledit -lcurses"
1238 LIBEDIT_MSG="yes"
1239 AC_SUBST(LIBEDIT)
1240 ],
1241 [ AC_MSG_ERROR(libedit not found) ],
1242 [ -lcurses ]
1243 )
1244 AC_MSG_CHECKING(if libedit version is compatible)
1245 AC_COMPILE_IFELSE(
1246 [AC_LANG_SOURCE([[
1247#include <histedit.h>
1248int main(void)
1249{
1250 int i = H_SETSIZE;
1251 el_init("", NULL, NULL, NULL);
1252 exit(0);
1253}
1254 ]])],
1255 [ AC_MSG_RESULT(yes) ],
1256 [ AC_MSG_RESULT(no)
1257 AC_MSG_ERROR(libedit version is not compatible) ]
1258 )
1259 fi ]
1260)
1261
1262AUDIT_MODULE=none
1263AC_ARG_WITH(audit,
1264 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1265 [
1266 AC_MSG_CHECKING(for supported audit module)
1267 case "$withval" in
1268 bsm)
1269 AC_MSG_RESULT(bsm)
1270 AUDIT_MODULE=bsm
1271 dnl Checks for headers, libs and functions
1272 AC_CHECK_HEADERS(bsm/audit.h, [],
1273 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1274 [
1275#ifdef HAVE_TIME_H
1276# include <time.h>
1277#endif
1278 ]
1279)
1280 AC_CHECK_LIB(bsm, getaudit, [],
1281 [AC_MSG_ERROR(BSM enabled and required library not found)])
1282 AC_CHECK_FUNCS(getaudit, [],
1283 [AC_MSG_ERROR(BSM enabled and required function not found)])
1284 # These are optional
1285 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1286 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1287 ;;
1288 debug)
1289 AUDIT_MODULE=debug
1290 AC_MSG_RESULT(debug)
1291 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1292 ;;
1293 no)
1294 AC_MSG_RESULT(no)
1295 ;;
1296 *)
1297 AC_MSG_ERROR([Unknown audit module $withval])
1298 ;;
1299 esac ]
1300)
1301
1302dnl Checks for library functions. Please keep in alphabetical order
1303AC_CHECK_FUNCS( \
1304 arc4random \
1305 arc4random_buf \
1306 arc4random_uniform \
1307 asprintf \
1308 b64_ntop \
1309 __b64_ntop \
1310 b64_pton \
1311 __b64_pton \
1312 bcopy \
1313 bindresvport_sa \
1314 clock \
1315 closefrom \
1316 dirfd \
1317 fchmod \
1318 fchown \
1319 freeaddrinfo \
1320 fstatvfs \
1321 futimes \
1322 getaddrinfo \
1323 getcwd \
1324 getgrouplist \
1325 getnameinfo \
1326 getopt \
1327 getpeereid \
1328 getpeerucred \
1329 _getpty \
1330 getrlimit \
1331 getttyent \
1332 glob \
1333 inet_aton \
1334 inet_ntoa \
1335 inet_ntop \
1336 innetgr \
1337 login_getcapbool \
1338 md5_crypt \
1339 memmove \
1340 mkdtemp \
1341 mmap \
1342 ngetaddrinfo \
1343 nsleep \
1344 ogetaddrinfo \
1345 openlog_r \
1346 openpty \
1347 poll \
1348 prctl \
1349 pstat \
1350 readpassphrase \
1351 realpath \
1352 recvmsg \
1353 rresvport_af \
1354 sendmsg \
1355 setdtablesize \
1356 setegid \
1357 setenv \
1358 seteuid \
1359 setgroups \
1360 setlogin \
1361 setpcred \
1362 setproctitle \
1363 setregid \
1364 setreuid \
1365 setrlimit \
1366 setsid \
1367 setvbuf \
1368 sigaction \
1369 sigvec \
1370 snprintf \
1371 socketpair \
1372 statfs \
1373 statvfs \
1374 strdup \
1375 strerror \
1376 strlcat \
1377 strlcpy \
1378 strmode \
1379 strnvis \
1380 strtonum \
1381 strtoll \
1382 strtoul \
1383 swap32 \
1384 sysconf \
1385 tcgetpgrp \
1386 truncate \
1387 unsetenv \
1388 updwtmpx \
1389 vasprintf \
1390 vhangup \
1391 vsnprintf \
1392 waitpid \
1393)
1394
1395# IRIX has a const char return value for gai_strerror()
1396AC_CHECK_FUNCS(gai_strerror,[
1397 AC_DEFINE(HAVE_GAI_STRERROR)
1398 AC_TRY_COMPILE([
1399#include <sys/types.h>
1400#include <sys/socket.h>
1401#include <netdb.h>
1402
1403const char *gai_strerror(int);],[
1404char *str;
1405
1406str = gai_strerror(0);],[
1407 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1408 [Define if gai_strerror() returns const char *])])])
1409
1410AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1411 [Some systems put nanosleep outside of libc]))
1412
1413dnl Make sure prototypes are defined for these before using them.
1414AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1415AC_CHECK_DECL(strsep,
1416 [AC_CHECK_FUNCS(strsep)],
1417 [],
1418 [
1419#ifdef HAVE_STRING_H
1420# include <string.h>
1421#endif
1422 ])
1423
1424dnl tcsendbreak might be a macro
1425AC_CHECK_DECL(tcsendbreak,
1426 [AC_DEFINE(HAVE_TCSENDBREAK)],
1427 [AC_CHECK_FUNCS(tcsendbreak)],
1428 [#include <termios.h>]
1429)
1430
1431AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1432
1433AC_CHECK_DECLS(SHUT_RD, , ,
1434 [
1435#include <sys/types.h>
1436#include <sys/socket.h>
1437 ])
1438
1439AC_CHECK_DECLS(O_NONBLOCK, , ,
1440 [
1441#include <sys/types.h>
1442#ifdef HAVE_SYS_STAT_H
1443# include <sys/stat.h>
1444#endif
1445#ifdef HAVE_FCNTL_H
1446# include <fcntl.h>
1447#endif
1448 ])
1449
1450AC_CHECK_DECLS(writev, , , [
1451#include <sys/types.h>
1452#include <sys/uio.h>
1453#include <unistd.h>
1454 ])
1455
1456AC_CHECK_DECLS(MAXSYMLINKS, , , [
1457#include <sys/param.h>
1458 ])
1459
1460AC_CHECK_DECLS(offsetof, , , [
1461#include <stddef.h>
1462 ])
1463
1464AC_CHECK_FUNCS(setresuid, [
1465 dnl Some platorms have setresuid that isn't implemented, test for this
1466 AC_MSG_CHECKING(if setresuid seems to work)
1467 AC_RUN_IFELSE(
1468 [AC_LANG_SOURCE([[
1469#include <stdlib.h>
1470#include <errno.h>
1471int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1472 ]])],
1473 [AC_MSG_RESULT(yes)],
1474 [AC_DEFINE(BROKEN_SETRESUID, 1,
1475 [Define if your setresuid() is broken])
1476 AC_MSG_RESULT(not implemented)],
1477 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1478 )
1479])
1480
1481AC_CHECK_FUNCS(setresgid, [
1482 dnl Some platorms have setresgid that isn't implemented, test for this
1483 AC_MSG_CHECKING(if setresgid seems to work)
1484 AC_RUN_IFELSE(
1485 [AC_LANG_SOURCE([[
1486#include <stdlib.h>
1487#include <errno.h>
1488int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1489 ]])],
1490 [AC_MSG_RESULT(yes)],
1491 [AC_DEFINE(BROKEN_SETRESGID, 1,
1492 [Define if your setresgid() is broken])
1493 AC_MSG_RESULT(not implemented)],
1494 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1495 )
1496])
1497
1498dnl Checks for time functions
1499AC_CHECK_FUNCS(gettimeofday time)
1500dnl Checks for utmp functions
1501AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1502AC_CHECK_FUNCS(utmpname)
1503dnl Checks for utmpx functions
1504AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1505AC_CHECK_FUNCS(setutxent utmpxname)
1506
1507AC_CHECK_FUNC(daemon,
1508 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1509 [AC_CHECK_LIB(bsd, daemon,
1510 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1511)
1512
1513AC_CHECK_FUNC(getpagesize,
1514 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1515 [Define if your libraries define getpagesize()])],
1516 [AC_CHECK_LIB(ucb, getpagesize,
1517 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1518)
1519
1520# Check for broken snprintf
1521if test "x$ac_cv_func_snprintf" = "xyes" ; then
1522 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1523 AC_RUN_IFELSE(
1524 [AC_LANG_SOURCE([[
1525#include <stdio.h>
1526int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1527 ]])],
1528 [AC_MSG_RESULT(yes)],
1529 [
1530 AC_MSG_RESULT(no)
1531 AC_DEFINE(BROKEN_SNPRINTF, 1,
1532 [Define if your snprintf is busted])
1533 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1534 ],
1535 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1536 )
1537fi
1538
1539# If we don't have a working asprintf, then we strongly depend on vsnprintf
1540# returning the right thing on overflow: the number of characters it tried to
1541# create (as per SUSv3)
1542if test "x$ac_cv_func_asprintf" != "xyes" && \
1543 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1544 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1545 AC_RUN_IFELSE(
1546 [AC_LANG_SOURCE([[
1547#include <sys/types.h>
1548#include <stdio.h>
1549#include <stdarg.h>
1550
1551int x_snprintf(char *str,size_t count,const char *fmt,...)
1552{
1553 size_t ret; va_list ap;
1554 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1555 return ret;
1556}
1557int main(void)
1558{
1559 char x[1];
1560 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1561} ]])],
1562 [AC_MSG_RESULT(yes)],
1563 [
1564 AC_MSG_RESULT(no)
1565 AC_DEFINE(BROKEN_SNPRINTF, 1,
1566 [Define if your snprintf is busted])
1567 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1568 ],
1569 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1570 )
1571fi
1572
1573# On systems where [v]snprintf is broken, but is declared in stdio,
1574# check that the fmt argument is const char * or just char *.
1575# This is only useful for when BROKEN_SNPRINTF
1576AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1577AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1578 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1579 int main(void) { snprintf(0, 0, 0); }
1580 ]])],
1581 [AC_MSG_RESULT(yes)
1582 AC_DEFINE(SNPRINTF_CONST, [const],
1583 [Define as const if snprintf() can declare const char *fmt])],
1584 [AC_MSG_RESULT(no)
1585 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1586
1587# Check for missing getpeereid (or equiv) support
1588NO_PEERCHECK=""
1589if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1590 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1591 AC_TRY_COMPILE(
1592 [#include <sys/types.h>
1593 #include <sys/socket.h>],
1594 [int i = SO_PEERCRED;],
1595 [ AC_MSG_RESULT(yes)
1596 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1597 ],
1598 [AC_MSG_RESULT(no)
1599 NO_PEERCHECK=1]
1600 )
1601fi
1602
1603dnl see whether mkstemp() requires XXXXXX
1604if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1605AC_MSG_CHECKING([for (overly) strict mkstemp])
1606AC_RUN_IFELSE(
1607 [AC_LANG_SOURCE([[
1608#include <stdlib.h>
1609main() { char template[]="conftest.mkstemp-test";
1610if (mkstemp(template) == -1)
1611 exit(1);
1612unlink(template); exit(0);
1613}
1614 ]])],
1615 [
1616 AC_MSG_RESULT(no)
1617 ],
1618 [
1619 AC_MSG_RESULT(yes)
1620 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1621 ],
1622 [
1623 AC_MSG_RESULT(yes)
1624 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1625 ]
1626)
1627fi
1628
1629dnl make sure that openpty does not reacquire controlling terminal
1630if test ! -z "$check_for_openpty_ctty_bug"; then
1631 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1632 AC_RUN_IFELSE(
1633 [AC_LANG_SOURCE([[
1634#include <stdio.h>
1635#include <sys/fcntl.h>
1636#include <sys/types.h>
1637#include <sys/wait.h>
1638
1639int
1640main()
1641{
1642 pid_t pid;
1643 int fd, ptyfd, ttyfd, status;
1644
1645 pid = fork();
1646 if (pid < 0) { /* failed */
1647 exit(1);
1648 } else if (pid > 0) { /* parent */
1649 waitpid(pid, &status, 0);
1650 if (WIFEXITED(status))
1651 exit(WEXITSTATUS(status));
1652 else
1653 exit(2);
1654 } else { /* child */
1655 close(0); close(1); close(2);
1656 setsid();
1657 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1658 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1659 if (fd >= 0)
1660 exit(3); /* Acquired ctty: broken */
1661 else
1662 exit(0); /* Did not acquire ctty: OK */
1663 }
1664}
1665 ]])],
1666 [
1667 AC_MSG_RESULT(yes)
1668 ],
1669 [
1670 AC_MSG_RESULT(no)
1671 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1672 ],
1673 [
1674 AC_MSG_RESULT(cross-compiling, assuming yes)
1675 ]
1676 )
1677fi
1678
1679if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1680 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1681 AC_MSG_CHECKING(if getaddrinfo seems to work)
1682 AC_RUN_IFELSE(
1683 [AC_LANG_SOURCE([[
1684#include <stdio.h>
1685#include <sys/socket.h>
1686#include <netdb.h>
1687#include <errno.h>
1688#include <netinet/in.h>
1689
1690#define TEST_PORT "2222"
1691
1692int
1693main(void)
1694{
1695 int err, sock;
1696 struct addrinfo *gai_ai, *ai, hints;
1697 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1698
1699 memset(&hints, 0, sizeof(hints));
1700 hints.ai_family = PF_UNSPEC;
1701 hints.ai_socktype = SOCK_STREAM;
1702 hints.ai_flags = AI_PASSIVE;
1703
1704 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1705 if (err != 0) {
1706 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1707 exit(1);
1708 }
1709
1710 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1711 if (ai->ai_family != AF_INET6)
1712 continue;
1713
1714 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1715 sizeof(ntop), strport, sizeof(strport),
1716 NI_NUMERICHOST|NI_NUMERICSERV);
1717
1718 if (err != 0) {
1719 if (err == EAI_SYSTEM)
1720 perror("getnameinfo EAI_SYSTEM");
1721 else
1722 fprintf(stderr, "getnameinfo failed: %s\n",
1723 gai_strerror(err));
1724 exit(2);
1725 }
1726
1727 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1728 if (sock < 0)
1729 perror("socket");
1730 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1731 if (errno == EBADF)
1732 exit(3);
1733 }
1734 }
1735 exit(0);
1736}
1737 ]])],
1738 [
1739 AC_MSG_RESULT(yes)
1740 ],
1741 [
1742 AC_MSG_RESULT(no)
1743 AC_DEFINE(BROKEN_GETADDRINFO)
1744 ],
1745 [
1746 AC_MSG_RESULT(cross-compiling, assuming yes)
1747 ]
1748 )
1749fi
1750
1751if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1752 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1753 AC_MSG_CHECKING(if getaddrinfo seems to work)
1754 AC_RUN_IFELSE(
1755 [AC_LANG_SOURCE([[
1756#include <stdio.h>
1757#include <sys/socket.h>
1758#include <netdb.h>
1759#include <errno.h>
1760#include <netinet/in.h>
1761
1762#define TEST_PORT "2222"
1763
1764int
1765main(void)
1766{
1767 int err, sock;
1768 struct addrinfo *gai_ai, *ai, hints;
1769 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1770
1771 memset(&hints, 0, sizeof(hints));
1772 hints.ai_family = PF_UNSPEC;
1773 hints.ai_socktype = SOCK_STREAM;
1774 hints.ai_flags = AI_PASSIVE;
1775
1776 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1777 if (err != 0) {
1778 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1779 exit(1);
1780 }
1781
1782 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1783 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1784 continue;
1785
1786 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1787 sizeof(ntop), strport, sizeof(strport),
1788 NI_NUMERICHOST|NI_NUMERICSERV);
1789
1790 if (ai->ai_family == AF_INET && err != 0) {
1791 perror("getnameinfo");
1792 exit(2);
1793 }
1794 }
1795 exit(0);
1796}
1797 ]])],
1798 [
1799 AC_MSG_RESULT(yes)
1800 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1801 [Define if you have a getaddrinfo that fails
1802 for the all-zeros IPv6 address])
1803 ],
1804 [
1805 AC_MSG_RESULT(no)
1806 AC_DEFINE(BROKEN_GETADDRINFO)
1807 ],
1808 [
1809 AC_MSG_RESULT(cross-compiling, assuming no)
1810 ]
1811 )
1812fi
1813
1814if test "x$check_for_conflicting_getspnam" = "x1"; then
1815 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1816 AC_COMPILE_IFELSE(
1817 [
1818#include <shadow.h>
1819int main(void) {exit(0);}
1820 ],
1821 [
1822 AC_MSG_RESULT(no)
1823 ],
1824 [
1825 AC_MSG_RESULT(yes)
1826 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1827 [Conflicting defs for getspnam])
1828 ]
1829 )
1830fi
1831
1832AC_FUNC_GETPGRP
1833
1834# Search for OpenSSL
1835saved_CPPFLAGS="$CPPFLAGS"
1836saved_LDFLAGS="$LDFLAGS"
1837AC_ARG_WITH(ssl-dir,
1838 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1839 [
1840 if test "x$withval" != "xno" ; then
1841 case "$withval" in
1842 # Relative paths
1843 ./*|../*) withval="`pwd`/$withval"
1844 esac
1845 if test -d "$withval/lib"; then
1846 if test -n "${need_dash_r}"; then
1847 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1848 else
1849 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1850 fi
1851 else
1852 if test -n "${need_dash_r}"; then
1853 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1854 else
1855 LDFLAGS="-L${withval} ${LDFLAGS}"
1856 fi
1857 fi
1858 if test -d "$withval/include"; then
1859 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1860 else
1861 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1862 fi
1863 fi
1864 ]
1865)
1866LIBS="-lcrypto $LIBS"
1867AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1868 [Define if your ssl headers are included
1869 with #include <openssl/header.h>]),
1870 [
1871 dnl Check default openssl install dir
1872 if test -n "${need_dash_r}"; then
1873 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1874 else
1875 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1876 fi
1877 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1878 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1879 [
1880 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1881 ]
1882 )
1883 ]
1884)
1885
1886# Determine OpenSSL header version
1887AC_MSG_CHECKING([OpenSSL header version])
1888AC_RUN_IFELSE(
1889 [AC_LANG_SOURCE([[
1890#include <stdio.h>
1891#include <string.h>
1892#include <openssl/opensslv.h>
1893#define DATA "conftest.sslincver"
1894int main(void) {
1895 FILE *fd;
1896 int rc;
1897
1898 fd = fopen(DATA,"w");
1899 if(fd == NULL)
1900 exit(1);
1901
1902 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1903 exit(1);
1904
1905 exit(0);
1906}
1907 ]])],
1908 [
1909 ssl_header_ver=`cat conftest.sslincver`
1910 AC_MSG_RESULT($ssl_header_ver)
1911 ],
1912 [
1913 AC_MSG_RESULT(not found)
1914 AC_MSG_ERROR(OpenSSL version header not found.)
1915 ],
1916 [
1917 AC_MSG_WARN([cross compiling: not checking])
1918 ]
1919)
1920
1921# Determine OpenSSL library version
1922AC_MSG_CHECKING([OpenSSL library version])
1923AC_RUN_IFELSE(
1924 [AC_LANG_SOURCE([[
1925#include <stdio.h>
1926#include <string.h>
1927#include <openssl/opensslv.h>
1928#include <openssl/crypto.h>
1929#define DATA "conftest.ssllibver"
1930int main(void) {
1931 FILE *fd;
1932 int rc;
1933
1934 fd = fopen(DATA,"w");
1935 if(fd == NULL)
1936 exit(1);
1937
1938 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1939 exit(1);
1940
1941 exit(0);
1942}
1943 ]])],
1944 [
1945 ssl_library_ver=`cat conftest.ssllibver`
1946 AC_MSG_RESULT($ssl_library_ver)
1947 ],
1948 [
1949 AC_MSG_RESULT(not found)
1950 AC_MSG_ERROR(OpenSSL library not found.)
1951 ],
1952 [
1953 AC_MSG_WARN([cross compiling: not checking])
1954 ]
1955)
1956
1957AC_ARG_WITH(openssl-header-check,
1958 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1959 [ if test "x$withval" = "xno" ; then
1960 openssl_check_nonfatal=1
1961 fi
1962 ]
1963)
1964
1965# Sanity check OpenSSL headers
1966AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1967AC_RUN_IFELSE(
1968 [AC_LANG_SOURCE([[
1969#include <string.h>
1970#include <openssl/opensslv.h>
1971int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1972 ]])],
1973 [
1974 AC_MSG_RESULT(yes)
1975 ],
1976 [
1977 AC_MSG_RESULT(no)
1978 if test "x$openssl_check_nonfatal" = "x"; then
1979 AC_MSG_ERROR([Your OpenSSL headers do not match your
1980library. Check config.log for details.
1981If you are sure your installation is consistent, you can disable the check
1982by running "./configure --without-openssl-header-check".
1983Also see contrib/findssl.sh for help identifying header/library mismatches.
1984])
1985 else
1986 AC_MSG_WARN([Your OpenSSL headers do not match your
1987library. Check config.log for details.
1988Also see contrib/findssl.sh for help identifying header/library mismatches.])
1989 fi
1990 ],
1991 [
1992 AC_MSG_WARN([cross compiling: not checking])
1993 ]
1994)
1995
1996AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1997AC_LINK_IFELSE(
1998 [AC_LANG_SOURCE([[
1999#include <openssl/evp.h>
2000int main(void) { SSLeay_add_all_algorithms(); }
2001 ]])],
2002 [
2003 AC_MSG_RESULT(yes)
2004 ],
2005 [
2006 AC_MSG_RESULT(no)
2007 saved_LIBS="$LIBS"
2008 LIBS="$LIBS -ldl"
2009 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2010 AC_LINK_IFELSE(
2011 [AC_LANG_SOURCE([[
2012#include <openssl/evp.h>
2013int main(void) { SSLeay_add_all_algorithms(); }
2014 ]])],
2015 [
2016 AC_MSG_RESULT(yes)
2017 ],
2018 [
2019 AC_MSG_RESULT(no)
2020 LIBS="$saved_LIBS"
2021 ]
2022 )
2023 ]
2024)
2025
2026AC_ARG_WITH(ssl-engine,
2027 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2028 [ if test "x$withval" != "xno" ; then
2029 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2030 AC_TRY_COMPILE(
2031 [ #include <openssl/engine.h>],
2032 [
2033ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2034 ],
2035 [ AC_MSG_RESULT(yes)
2036 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2037 [Enable OpenSSL engine support])
2038 ],
2039 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2040 )
2041 fi ]
2042)
2043
2044# Check for OpenSSL without EVP_aes_{192,256}_cbc
2045AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2046AC_LINK_IFELSE(
2047 [AC_LANG_SOURCE([[
2048#include <string.h>
2049#include <openssl/evp.h>
2050int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2051 ]])],
2052 [
2053 AC_MSG_RESULT(no)
2054 ],
2055 [
2056 AC_MSG_RESULT(yes)
2057 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2058 [libcrypto is missing AES 192 and 256 bit functions])
2059 ]
2060)
2061
2062# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2063# because the system crypt() is more featureful.
2064if test "x$check_for_libcrypt_before" = "x1"; then
2065 AC_CHECK_LIB(crypt, crypt)
2066fi
2067
2068# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2069# version in OpenSSL.
2070if test "x$check_for_libcrypt_later" = "x1"; then
2071 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2072fi
2073
2074# Search for SHA256 support in libc and/or OpenSSL
2075AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2076
2077saved_LIBS="$LIBS"
2078AC_CHECK_LIB(iaf, ia_openinfo, [
2079 LIBS="$LIBS -liaf"
2080 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2081 AC_DEFINE(HAVE_LIBIAF, 1,
2082 [Define if system has libiaf that supports set_id])
2083 ])
2084])
2085LIBS="$saved_LIBS"
2086
2087### Configure cryptographic random number support
2088
2089# Check wheter OpenSSL seeds itself
2090AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2091AC_RUN_IFELSE(
2092 [AC_LANG_SOURCE([[
2093#include <string.h>
2094#include <openssl/rand.h>
2095int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2096 ]])],
2097 [
2098 OPENSSL_SEEDS_ITSELF=yes
2099 AC_MSG_RESULT(yes)
2100 ],
2101 [
2102 AC_MSG_RESULT(no)
2103 # Default to use of the rand helper if OpenSSL doesn't
2104 # seed itself
2105 USE_RAND_HELPER=yes
2106 ],
2107 [
2108 AC_MSG_WARN([cross compiling: assuming yes])
2109 # This is safe, since all recent OpenSSL versions will
2110 # complain at runtime if not seeded correctly.
2111 OPENSSL_SEEDS_ITSELF=yes
2112 ]
2113)
2114
2115# Check for PAM libs
2116PAM_MSG="no"
2117AC_ARG_WITH(pam,
2118 [ --with-pam Enable PAM support ],
2119 [
2120 if test "x$withval" != "xno" ; then
2121 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2122 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2123 AC_MSG_ERROR([PAM headers not found])
2124 fi
2125
2126 saved_LIBS="$LIBS"
2127 AC_CHECK_LIB(dl, dlopen, , )
2128 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2129 AC_CHECK_FUNCS(pam_getenvlist)
2130 AC_CHECK_FUNCS(pam_putenv)
2131 LIBS="$saved_LIBS"
2132
2133 PAM_MSG="yes"
2134
2135 SSHDLIBS="$SSHDLIBS -lpam"
2136 AC_DEFINE(USE_PAM, 1,
2137 [Define if you want to enable PAM support])
2138
2139 if test $ac_cv_lib_dl_dlopen = yes; then
2140 case "$LIBS" in
2141 *-ldl*)
2142 # libdl already in LIBS
2143 ;;
2144 *)
2145 SSHDLIBS="$SSHDLIBS -ldl"
2146 ;;
2147 esac
2148 fi
2149 fi
2150 ]
2151)
2152
2153# Check for older PAM
2154if test "x$PAM_MSG" = "xyes" ; then
2155 # Check PAM strerror arguments (old PAM)
2156 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2157 AC_TRY_COMPILE(
2158 [
2159#include <stdlib.h>
2160#if defined(HAVE_SECURITY_PAM_APPL_H)
2161#include <security/pam_appl.h>
2162#elif defined (HAVE_PAM_PAM_APPL_H)
2163#include <pam/pam_appl.h>
2164#endif
2165 ],
2166 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2167 [AC_MSG_RESULT(no)],
2168 [
2169 AC_DEFINE(HAVE_OLD_PAM, 1,
2170 [Define if you have an old version of PAM
2171 which takes only one argument to pam_strerror])
2172 AC_MSG_RESULT(yes)
2173 PAM_MSG="yes (old library)"
2174 ]
2175 )
2176fi
2177
2178# Do we want to force the use of the rand helper?
2179AC_ARG_WITH(rand-helper,
2180 [ --with-rand-helper Use subprocess to gather strong randomness ],
2181 [
2182 if test "x$withval" = "xno" ; then
2183 # Force use of OpenSSL's internal RNG, even if
2184 # the previous test showed it to be unseeded.
2185 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2186 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2187 OPENSSL_SEEDS_ITSELF=yes
2188 USE_RAND_HELPER=""
2189 fi
2190 else
2191 USE_RAND_HELPER=yes
2192 fi
2193 ],
2194)
2195
2196# Which randomness source do we use?
2197if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2198 # OpenSSL only
2199 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2200 [Define if you want OpenSSL's internally seeded PRNG only])
2201 RAND_MSG="OpenSSL internal ONLY"
2202 INSTALL_SSH_RAND_HELPER=""
2203elif test ! -z "$USE_RAND_HELPER" ; then
2204 # install rand helper
2205 RAND_MSG="ssh-rand-helper"
2206 INSTALL_SSH_RAND_HELPER="yes"
2207fi
2208AC_SUBST(INSTALL_SSH_RAND_HELPER)
2209
2210### Configuration of ssh-rand-helper
2211
2212# PRNGD TCP socket
2213AC_ARG_WITH(prngd-port,
2214 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2215 [
2216 case "$withval" in
2217 no)
2218 withval=""
2219 ;;
2220 [[0-9]]*)
2221 ;;
2222 *)
2223 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2224 ;;
2225 esac
2226 if test ! -z "$withval" ; then
2227 PRNGD_PORT="$withval"
2228 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2229 [Port number of PRNGD/EGD random number socket])
2230 fi
2231 ]
2232)
2233
2234# PRNGD Unix domain socket
2235AC_ARG_WITH(prngd-socket,
2236 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2237 [
2238 case "$withval" in
2239 yes)
2240 withval="/var/run/egd-pool"
2241 ;;
2242 no)
2243 withval=""
2244 ;;
2245 /*)
2246 ;;
2247 *)
2248 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2249 ;;
2250 esac
2251
2252 if test ! -z "$withval" ; then
2253 if test ! -z "$PRNGD_PORT" ; then
2254 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2255 fi
2256 if test ! -r "$withval" ; then
2257 AC_MSG_WARN(Entropy socket is not readable)
2258 fi
2259 PRNGD_SOCKET="$withval"
2260 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2261 [Location of PRNGD/EGD random number socket])
2262 fi
2263 ],
2264 [
2265 # Check for existing socket only if we don't have a random device already
2266 if test "$USE_RAND_HELPER" = yes ; then
2267 AC_MSG_CHECKING(for PRNGD/EGD socket)
2268 # Insert other locations here
2269 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2270 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2271 PRNGD_SOCKET="$sock"
2272 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2273 break;
2274 fi
2275 done
2276 if test ! -z "$PRNGD_SOCKET" ; then
2277 AC_MSG_RESULT($PRNGD_SOCKET)
2278 else
2279 AC_MSG_RESULT(not found)
2280 fi
2281 fi
2282 ]
2283)
2284
2285# Change default command timeout for hashing entropy source
2286entropy_timeout=200
2287AC_ARG_WITH(entropy-timeout,
2288 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2289 [
2290 if test -n "$withval" && test "x$withval" != "xno" && \
2291 test "x${withval}" != "xyes"; then
2292 entropy_timeout=$withval
2293 fi
2294 ]
2295)
2296AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2297 [Builtin PRNG command timeout])
2298
2299SSH_PRIVSEP_USER=sshd
2300AC_ARG_WITH(privsep-user,
2301 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2302 [
2303 if test -n "$withval" && test "x$withval" != "xno" && \
2304 test "x${withval}" != "xyes"; then
2305 SSH_PRIVSEP_USER=$withval
2306 fi
2307 ]
2308)
2309AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2310 [non-privileged user for privilege separation])
2311AC_SUBST(SSH_PRIVSEP_USER)
2312
2313# We do this little dance with the search path to insure
2314# that programs that we select for use by installed programs
2315# (which may be run by the super-user) come from trusted
2316# locations before they come from the user's private area.
2317# This should help avoid accidentally configuring some
2318# random version of a program in someone's personal bin.
2319
2320OPATH=$PATH
2321PATH=/bin:/usr/bin
2322test -h /bin 2> /dev/null && PATH=/usr/bin
2323test -d /sbin && PATH=$PATH:/sbin
2324test -d /usr/sbin && PATH=$PATH:/usr/sbin
2325PATH=$PATH:/etc:$OPATH
2326
2327# These programs are used by the command hashing source to gather entropy
2328OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2329OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2330OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2331OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2332OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2333OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2334OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2335OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2336OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2337OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2338OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2339OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2340OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2341OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2342OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2343OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2344# restore PATH
2345PATH=$OPATH
2346
2347# Where does ssh-rand-helper get its randomness from?
2348INSTALL_SSH_PRNG_CMDS=""
2349if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2350 if test ! -z "$PRNGD_PORT" ; then
2351 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2352 elif test ! -z "$PRNGD_SOCKET" ; then
2353 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2354 else
2355 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2356 RAND_HELPER_CMDHASH=yes
2357 INSTALL_SSH_PRNG_CMDS="yes"
2358 fi
2359fi
2360AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2361
2362
2363# Cheap hack to ensure NEWS-OS libraries are arranged right.
2364if test ! -z "$SONY" ; then
2365 LIBS="$LIBS -liberty";
2366fi
2367
2368# Check for long long datatypes
2369AC_CHECK_TYPES([long long, unsigned long long, long double])
2370
2371# Check datatype sizes
2372AC_CHECK_SIZEOF(char, 1)
2373AC_CHECK_SIZEOF(short int, 2)
2374AC_CHECK_SIZEOF(int, 4)
2375AC_CHECK_SIZEOF(long int, 4)
2376AC_CHECK_SIZEOF(long long int, 8)
2377
2378# Sanity check long long for some platforms (AIX)
2379if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2380 ac_cv_sizeof_long_long_int=0
2381fi
2382
2383# compute LLONG_MIN and LLONG_MAX if we don't know them.
2384if test -z "$have_llong_max"; then
2385 AC_MSG_CHECKING([for max value of long long])
2386 AC_RUN_IFELSE(
2387 [AC_LANG_SOURCE([[
2388#include <stdio.h>
2389/* Why is this so damn hard? */
2390#ifdef __GNUC__
2391# undef __GNUC__
2392#endif
2393#define __USE_ISOC99
2394#include <limits.h>
2395#define DATA "conftest.llminmax"
2396#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2397
2398/*
2399 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2400 * we do this the hard way.
2401 */
2402static int
2403fprint_ll(FILE *f, long long n)
2404{
2405 unsigned int i;
2406 int l[sizeof(long long) * 8];
2407
2408 if (n < 0)
2409 if (fprintf(f, "-") < 0)
2410 return -1;
2411 for (i = 0; n != 0; i++) {
2412 l[i] = my_abs(n % 10);
2413 n /= 10;
2414 }
2415 do {
2416 if (fprintf(f, "%d", l[--i]) < 0)
2417 return -1;
2418 } while (i != 0);
2419 if (fprintf(f, " ") < 0)
2420 return -1;
2421 return 0;
2422}
2423
2424int main(void) {
2425 FILE *f;
2426 long long i, llmin, llmax = 0;
2427
2428 if((f = fopen(DATA,"w")) == NULL)
2429 exit(1);
2430
2431#if defined(LLONG_MIN) && defined(LLONG_MAX)
2432 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2433 llmin = LLONG_MIN;
2434 llmax = LLONG_MAX;
2435#else
2436 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2437 /* This will work on one's complement and two's complement */
2438 for (i = 1; i > llmax; i <<= 1, i++)
2439 llmax = i;
2440 llmin = llmax + 1LL; /* wrap */
2441#endif
2442
2443 /* Sanity check */
2444 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2445 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2446 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2447 fprintf(f, "unknown unknown\n");
2448 exit(2);
2449 }
2450
2451 if (fprint_ll(f, llmin) < 0)
2452 exit(3);
2453 if (fprint_ll(f, llmax) < 0)
2454 exit(4);
2455 if (fclose(f) < 0)
2456 exit(5);
2457 exit(0);
2458}
2459 ]])],
2460 [
2461 llong_min=`$AWK '{print $1}' conftest.llminmax`
2462 llong_max=`$AWK '{print $2}' conftest.llminmax`
2463
2464 AC_MSG_RESULT($llong_max)
2465 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2466 [max value of long long calculated by configure])
2467 AC_MSG_CHECKING([for min value of long long])
2468 AC_MSG_RESULT($llong_min)
2469 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2470 [min value of long long calculated by configure])
2471 ],
2472 [
2473 AC_MSG_RESULT(not found)
2474 ],
2475 [
2476 AC_MSG_WARN([cross compiling: not checking])
2477 ]
2478 )
2479fi
2480
2481
2482# More checks for data types
2483AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2484 AC_TRY_COMPILE(
2485 [ #include <sys/types.h> ],
2486 [ u_int a; a = 1;],
2487 [ ac_cv_have_u_int="yes" ],
2488 [ ac_cv_have_u_int="no" ]
2489 )
2490])
2491if test "x$ac_cv_have_u_int" = "xyes" ; then
2492 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2493 have_u_int=1
2494fi
2495
2496AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2497 AC_TRY_COMPILE(
2498 [ #include <sys/types.h> ],
2499 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2500 [ ac_cv_have_intxx_t="yes" ],
2501 [ ac_cv_have_intxx_t="no" ]
2502 )
2503])
2504if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2505 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2506 have_intxx_t=1
2507fi
2508
2509if (test -z "$have_intxx_t" && \
2510 test "x$ac_cv_header_stdint_h" = "xyes")
2511then
2512 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2513 AC_TRY_COMPILE(
2514 [ #include <stdint.h> ],
2515 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2516 [
2517 AC_DEFINE(HAVE_INTXX_T)
2518 AC_MSG_RESULT(yes)
2519 ],
2520 [ AC_MSG_RESULT(no) ]
2521 )
2522fi
2523
2524AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2525 AC_TRY_COMPILE(
2526 [
2527#include <sys/types.h>
2528#ifdef HAVE_STDINT_H
2529# include <stdint.h>
2530#endif
2531#include <sys/socket.h>
2532#ifdef HAVE_SYS_BITYPES_H
2533# include <sys/bitypes.h>
2534#endif
2535 ],
2536 [ int64_t a; a = 1;],
2537 [ ac_cv_have_int64_t="yes" ],
2538 [ ac_cv_have_int64_t="no" ]
2539 )
2540])
2541if test "x$ac_cv_have_int64_t" = "xyes" ; then
2542 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2543fi
2544
2545AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2546 AC_TRY_COMPILE(
2547 [ #include <sys/types.h> ],
2548 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2549 [ ac_cv_have_u_intxx_t="yes" ],
2550 [ ac_cv_have_u_intxx_t="no" ]
2551 )
2552])
2553if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2554 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2555 have_u_intxx_t=1
2556fi
2557
2558if test -z "$have_u_intxx_t" ; then
2559 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2560 AC_TRY_COMPILE(
2561 [ #include <sys/socket.h> ],
2562 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2563 [
2564 AC_DEFINE(HAVE_U_INTXX_T)
2565 AC_MSG_RESULT(yes)
2566 ],
2567 [ AC_MSG_RESULT(no) ]
2568 )
2569fi
2570
2571AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2572 AC_TRY_COMPILE(
2573 [ #include <sys/types.h> ],
2574 [ u_int64_t a; a = 1;],
2575 [ ac_cv_have_u_int64_t="yes" ],
2576 [ ac_cv_have_u_int64_t="no" ]
2577 )
2578])
2579if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2580 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2581 have_u_int64_t=1
2582fi
2583
2584if test -z "$have_u_int64_t" ; then
2585 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2586 AC_TRY_COMPILE(
2587 [ #include <sys/bitypes.h> ],
2588 [ u_int64_t a; a = 1],
2589 [
2590 AC_DEFINE(HAVE_U_INT64_T)
2591 AC_MSG_RESULT(yes)
2592 ],
2593 [ AC_MSG_RESULT(no) ]
2594 )
2595fi
2596
2597if test -z "$have_u_intxx_t" ; then
2598 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2599 AC_TRY_COMPILE(
2600 [
2601#include <sys/types.h>
2602 ],
2603 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2604 [ ac_cv_have_uintxx_t="yes" ],
2605 [ ac_cv_have_uintxx_t="no" ]
2606 )
2607 ])
2608 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2609 AC_DEFINE(HAVE_UINTXX_T, 1,
2610 [define if you have uintxx_t data type])
2611 fi
2612fi
2613
2614if test -z "$have_uintxx_t" ; then
2615 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2616 AC_TRY_COMPILE(
2617 [ #include <stdint.h> ],
2618 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2619 [
2620 AC_DEFINE(HAVE_UINTXX_T)
2621 AC_MSG_RESULT(yes)
2622 ],
2623 [ AC_MSG_RESULT(no) ]
2624 )
2625fi
2626
2627if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2628 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2629then
2630 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2631 AC_TRY_COMPILE(
2632 [
2633#include <sys/bitypes.h>
2634 ],
2635 [
2636 int8_t a; int16_t b; int32_t c;
2637 u_int8_t e; u_int16_t f; u_int32_t g;
2638 a = b = c = e = f = g = 1;
2639 ],
2640 [
2641 AC_DEFINE(HAVE_U_INTXX_T)
2642 AC_DEFINE(HAVE_INTXX_T)
2643 AC_MSG_RESULT(yes)
2644 ],
2645 [AC_MSG_RESULT(no)]
2646 )
2647fi
2648
2649
2650AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2651 AC_TRY_COMPILE(
2652 [
2653#include <sys/types.h>
2654 ],
2655 [ u_char foo; foo = 125; ],
2656 [ ac_cv_have_u_char="yes" ],
2657 [ ac_cv_have_u_char="no" ]
2658 )
2659])
2660if test "x$ac_cv_have_u_char" = "xyes" ; then
2661 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2662fi
2663
2664TYPE_SOCKLEN_T
2665
2666AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2667AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2668#include <sys/types.h>
2669#ifdef HAVE_SYS_BITYPES_H
2670#include <sys/bitypes.h>
2671#endif
2672#ifdef HAVE_SYS_STATFS_H
2673#include <sys/statfs.h>
2674#endif
2675#ifdef HAVE_SYS_STATVFS_H
2676#include <sys/statvfs.h>
2677#endif
2678])
2679
2680AC_CHECK_TYPES(in_addr_t,,,
2681[#include <sys/types.h>
2682#include <netinet/in.h>])
2683
2684AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2685 AC_TRY_COMPILE(
2686 [
2687#include <sys/types.h>
2688 ],
2689 [ size_t foo; foo = 1235; ],
2690 [ ac_cv_have_size_t="yes" ],
2691 [ ac_cv_have_size_t="no" ]
2692 )
2693])
2694if test "x$ac_cv_have_size_t" = "xyes" ; then
2695 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2696fi
2697
2698AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2699 AC_TRY_COMPILE(
2700 [
2701#include <sys/types.h>
2702 ],
2703 [ ssize_t foo; foo = 1235; ],
2704 [ ac_cv_have_ssize_t="yes" ],
2705 [ ac_cv_have_ssize_t="no" ]
2706 )
2707])
2708if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2709 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2710fi
2711
2712AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2713 AC_TRY_COMPILE(
2714 [
2715#include <time.h>
2716 ],
2717 [ clock_t foo; foo = 1235; ],
2718 [ ac_cv_have_clock_t="yes" ],
2719 [ ac_cv_have_clock_t="no" ]
2720 )
2721])
2722if test "x$ac_cv_have_clock_t" = "xyes" ; then
2723 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2724fi
2725
2726AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2727 AC_TRY_COMPILE(
2728 [
2729#include <sys/types.h>
2730#include <sys/socket.h>
2731 ],
2732 [ sa_family_t foo; foo = 1235; ],
2733 [ ac_cv_have_sa_family_t="yes" ],
2734 [ AC_TRY_COMPILE(
2735 [
2736#include <sys/types.h>
2737#include <sys/socket.h>
2738#include <netinet/in.h>
2739 ],
2740 [ sa_family_t foo; foo = 1235; ],
2741 [ ac_cv_have_sa_family_t="yes" ],
2742
2743 [ ac_cv_have_sa_family_t="no" ]
2744 )]
2745 )
2746])
2747if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2748 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2749 [define if you have sa_family_t data type])
2750fi
2751
2752AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2753 AC_TRY_COMPILE(
2754 [
2755#include <sys/types.h>
2756 ],
2757 [ pid_t foo; foo = 1235; ],
2758 [ ac_cv_have_pid_t="yes" ],
2759 [ ac_cv_have_pid_t="no" ]
2760 )
2761])
2762if test "x$ac_cv_have_pid_t" = "xyes" ; then
2763 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2764fi
2765
2766AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2767 AC_TRY_COMPILE(
2768 [
2769#include <sys/types.h>
2770 ],
2771 [ mode_t foo; foo = 1235; ],
2772 [ ac_cv_have_mode_t="yes" ],
2773 [ ac_cv_have_mode_t="no" ]
2774 )
2775])
2776if test "x$ac_cv_have_mode_t" = "xyes" ; then
2777 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2778fi
2779
2780
2781AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2782 AC_TRY_COMPILE(
2783 [
2784#include <sys/types.h>
2785#include <sys/socket.h>
2786 ],
2787 [ struct sockaddr_storage s; ],
2788 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2789 [ ac_cv_have_struct_sockaddr_storage="no" ]
2790 )
2791])
2792if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2793 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2794 [define if you have struct sockaddr_storage data type])
2795fi
2796
2797AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2798 AC_TRY_COMPILE(
2799 [
2800#include <sys/types.h>
2801#include <netinet/in.h>
2802 ],
2803 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2804 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2805 [ ac_cv_have_struct_sockaddr_in6="no" ]
2806 )
2807])
2808if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2809 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2810 [define if you have struct sockaddr_in6 data type])
2811fi
2812
2813AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2814 AC_TRY_COMPILE(
2815 [
2816#include <sys/types.h>
2817#include <netinet/in.h>
2818 ],
2819 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2820 [ ac_cv_have_struct_in6_addr="yes" ],
2821 [ ac_cv_have_struct_in6_addr="no" ]
2822 )
2823])
2824if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2825 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2826 [define if you have struct in6_addr data type])
2827fi
2828
2829AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2830 AC_TRY_COMPILE(
2831 [
2832#include <sys/types.h>
2833#include <sys/socket.h>
2834#include <netdb.h>
2835 ],
2836 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2837 [ ac_cv_have_struct_addrinfo="yes" ],
2838 [ ac_cv_have_struct_addrinfo="no" ]
2839 )
2840])
2841if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2842 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2843 [define if you have struct addrinfo data type])
2844fi
2845
2846AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2847 AC_TRY_COMPILE(
2848 [ #include <sys/time.h> ],
2849 [ struct timeval tv; tv.tv_sec = 1;],
2850 [ ac_cv_have_struct_timeval="yes" ],
2851 [ ac_cv_have_struct_timeval="no" ]
2852 )
2853])
2854if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2855 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2856 have_struct_timeval=1
2857fi
2858
2859AC_CHECK_TYPES(struct timespec)
2860
2861# We need int64_t or else certian parts of the compile will fail.
2862if test "x$ac_cv_have_int64_t" = "xno" && \
2863 test "x$ac_cv_sizeof_long_int" != "x8" && \
2864 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2865 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2866 echo "an alternative compiler (I.E., GCC) before continuing."
2867 echo ""
2868 exit 1;
2869else
2870dnl test snprintf (broken on SCO w/gcc)
2871 AC_RUN_IFELSE(
2872 [AC_LANG_SOURCE([[
2873#include <stdio.h>
2874#include <string.h>
2875#ifdef HAVE_SNPRINTF
2876main()
2877{
2878 char buf[50];
2879 char expected_out[50];
2880 int mazsize = 50 ;
2881#if (SIZEOF_LONG_INT == 8)
2882 long int num = 0x7fffffffffffffff;
2883#else
2884 long long num = 0x7fffffffffffffffll;
2885#endif
2886 strcpy(expected_out, "9223372036854775807");
2887 snprintf(buf, mazsize, "%lld", num);
2888 if(strcmp(buf, expected_out) != 0)
2889 exit(1);
2890 exit(0);
2891}
2892#else
2893main() { exit(0); }
2894#endif
2895 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2896 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2897 )
2898fi
2899
2900dnl Checks for structure members
2901OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2902OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2903OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2904OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2905OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2906OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2907OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2908OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2909OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2910OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2911OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2912OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2913OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2914OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2915OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2916OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2917OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2918
2919AC_CHECK_MEMBERS([struct stat.st_blksize])
2920AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2921 [Define if we don't have struct __res_state in resolv.h])],
2922[
2923#include <stdio.h>
2924#if HAVE_SYS_TYPES_H
2925# include <sys/types.h>
2926#endif
2927#include <netinet/in.h>
2928#include <arpa/nameser.h>
2929#include <resolv.h>
2930])
2931
2932AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2933 ac_cv_have_ss_family_in_struct_ss, [
2934 AC_TRY_COMPILE(
2935 [
2936#include <sys/types.h>
2937#include <sys/socket.h>
2938 ],
2939 [ struct sockaddr_storage s; s.ss_family = 1; ],
2940 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2941 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2942 )
2943])
2944if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2945 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2946fi
2947
2948AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2949 ac_cv_have___ss_family_in_struct_ss, [
2950 AC_TRY_COMPILE(
2951 [
2952#include <sys/types.h>
2953#include <sys/socket.h>
2954 ],
2955 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2956 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2957 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2958 )
2959])
2960if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2961 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2962 [Fields in struct sockaddr_storage])
2963fi
2964
2965AC_CACHE_CHECK([for pw_class field in struct passwd],
2966 ac_cv_have_pw_class_in_struct_passwd, [
2967 AC_TRY_COMPILE(
2968 [
2969#include <pwd.h>
2970 ],
2971 [ struct passwd p; p.pw_class = 0; ],
2972 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2973 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2974 )
2975])
2976if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2977 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2978 [Define if your password has a pw_class field])
2979fi
2980
2981AC_CACHE_CHECK([for pw_expire field in struct passwd],
2982 ac_cv_have_pw_expire_in_struct_passwd, [
2983 AC_TRY_COMPILE(
2984 [
2985#include <pwd.h>
2986 ],
2987 [ struct passwd p; p.pw_expire = 0; ],
2988 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2989 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2990 )
2991])
2992if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2993 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2994 [Define if your password has a pw_expire field])
2995fi
2996
2997AC_CACHE_CHECK([for pw_change field in struct passwd],
2998 ac_cv_have_pw_change_in_struct_passwd, [
2999 AC_TRY_COMPILE(
3000 [
3001#include <pwd.h>
3002 ],
3003 [ struct passwd p; p.pw_change = 0; ],
3004 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3005 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3006 )
3007])
3008if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3009 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3010 [Define if your password has a pw_change field])
3011fi
3012
3013dnl make sure we're using the real structure members and not defines
3014AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3015 ac_cv_have_accrights_in_msghdr, [
3016 AC_COMPILE_IFELSE(
3017 [
3018#include <sys/types.h>
3019#include <sys/socket.h>
3020#include <sys/uio.h>
3021int main() {
3022#ifdef msg_accrights
3023#error "msg_accrights is a macro"
3024exit(1);
3025#endif
3026struct msghdr m;
3027m.msg_accrights = 0;
3028exit(0);
3029}
3030 ],
3031 [ ac_cv_have_accrights_in_msghdr="yes" ],
3032 [ ac_cv_have_accrights_in_msghdr="no" ]
3033 )
3034])
3035if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3036 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3037 [Define if your system uses access rights style
3038 file descriptor passing])
3039fi
3040
3041AC_MSG_CHECKING(if f_fsid has val members)
3042AC_TRY_COMPILE([
3043#include <sys/types.h>
3044#include <sys/statvfs.h>],
3045[struct fsid_t t; t.val[0] = 0;],
3046 [ AC_MSG_RESULT(yes)
3047 AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
3048 [ AC_MSG_RESULT(no) ]
3049)
3050
3051AC_CACHE_CHECK([for msg_control field in struct msghdr],
3052 ac_cv_have_control_in_msghdr, [
3053 AC_COMPILE_IFELSE(
3054 [
3055#include <sys/types.h>
3056#include <sys/socket.h>
3057#include <sys/uio.h>
3058int main() {
3059#ifdef msg_control
3060#error "msg_control is a macro"
3061exit(1);
3062#endif
3063struct msghdr m;
3064m.msg_control = 0;
3065exit(0);
3066}
3067 ],
3068 [ ac_cv_have_control_in_msghdr="yes" ],
3069 [ ac_cv_have_control_in_msghdr="no" ]
3070 )
3071])
3072if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3073 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3074 [Define if your system uses ancillary data style
3075 file descriptor passing])
3076fi
3077
3078AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3079 AC_TRY_LINK([],
3080 [ extern char *__progname; printf("%s", __progname); ],
3081 [ ac_cv_libc_defines___progname="yes" ],
3082 [ ac_cv_libc_defines___progname="no" ]
3083 )
3084])
3085if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3086 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3087fi
3088
3089AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3090 AC_TRY_LINK([
3091#include <stdio.h>
3092],
3093 [ printf("%s", __FUNCTION__); ],
3094 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3095 [ ac_cv_cc_implements___FUNCTION__="no" ]
3096 )
3097])
3098if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3099 AC_DEFINE(HAVE___FUNCTION__, 1,
3100 [Define if compiler implements __FUNCTION__])
3101fi
3102
3103AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3104 AC_TRY_LINK([
3105#include <stdio.h>
3106],
3107 [ printf("%s", __func__); ],
3108 [ ac_cv_cc_implements___func__="yes" ],
3109 [ ac_cv_cc_implements___func__="no" ]
3110 )
3111])
3112if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3113 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3114fi
3115
3116AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3117 AC_TRY_LINK(
3118 [#include <stdarg.h>
3119 va_list x,y;],
3120 [va_copy(x,y);],
3121 [ ac_cv_have_va_copy="yes" ],
3122 [ ac_cv_have_va_copy="no" ]
3123 )
3124])
3125if test "x$ac_cv_have_va_copy" = "xyes" ; then
3126 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3127fi
3128
3129AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3130 AC_TRY_LINK(
3131 [#include <stdarg.h>
3132 va_list x,y;],
3133 [__va_copy(x,y);],
3134 [ ac_cv_have___va_copy="yes" ],
3135 [ ac_cv_have___va_copy="no" ]
3136 )
3137])
3138if test "x$ac_cv_have___va_copy" = "xyes" ; then
3139 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3140fi
3141
3142AC_CACHE_CHECK([whether getopt has optreset support],
3143 ac_cv_have_getopt_optreset, [
3144 AC_TRY_LINK(
3145 [
3146#include <getopt.h>
3147 ],
3148 [ extern int optreset; optreset = 0; ],
3149 [ ac_cv_have_getopt_optreset="yes" ],
3150 [ ac_cv_have_getopt_optreset="no" ]
3151 )
3152])
3153if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3154 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3155 [Define if your getopt(3) defines and uses optreset])
3156fi
3157
3158AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3159 AC_TRY_LINK([],
3160 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3161 [ ac_cv_libc_defines_sys_errlist="yes" ],
3162 [ ac_cv_libc_defines_sys_errlist="no" ]
3163 )
3164])
3165if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3166 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3167 [Define if your system defines sys_errlist[]])
3168fi
3169
3170
3171AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3172 AC_TRY_LINK([],
3173 [ extern int sys_nerr; printf("%i", sys_nerr);],
3174 [ ac_cv_libc_defines_sys_nerr="yes" ],
3175 [ ac_cv_libc_defines_sys_nerr="no" ]
3176 )
3177])
3178if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3179 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3180fi
3181
3182SCARD_MSG="no"
3183# Check whether user wants sectok support
3184AC_ARG_WITH(sectok,
3185 [ --with-sectok Enable smartcard support using libsectok],
3186 [
3187 if test "x$withval" != "xno" ; then
3188 if test "x$withval" != "xyes" ; then
3189 CPPFLAGS="$CPPFLAGS -I${withval}"
3190 LDFLAGS="$LDFLAGS -L${withval}"
3191 if test ! -z "$need_dash_r" ; then
3192 LDFLAGS="$LDFLAGS -R${withval}"
3193 fi
3194 if test ! -z "$blibpath" ; then
3195 blibpath="$blibpath:${withval}"
3196 fi
3197 fi
3198 AC_CHECK_HEADERS(sectok.h)
3199 if test "$ac_cv_header_sectok_h" != yes; then
3200 AC_MSG_ERROR(Can't find sectok.h)
3201 fi
3202 AC_CHECK_LIB(sectok, sectok_open)
3203 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3204 AC_MSG_ERROR(Can't find libsectok)
3205 fi
3206 AC_DEFINE(SMARTCARD, 1,
3207 [Define if you want smartcard support])
3208 AC_DEFINE(USE_SECTOK, 1,
3209 [Define if you want smartcard support
3210 using sectok])
3211 SCARD_MSG="yes, using sectok"
3212 fi
3213 ]
3214)
3215
3216# Check whether user wants OpenSC support
3217OPENSC_CONFIG="no"
3218AC_ARG_WITH(opensc,
3219 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3220 [
3221 if test "x$withval" != "xno" ; then
3222 if test "x$withval" != "xyes" ; then
3223 OPENSC_CONFIG=$withval/bin/opensc-config
3224 else
3225 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3226 fi
3227 if test "$OPENSC_CONFIG" != "no"; then
3228 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3229 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3230 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3231 LIBS="$LIBS $LIBOPENSC_LIBS"
3232 AC_DEFINE(SMARTCARD)
3233 AC_DEFINE(USE_OPENSC, 1,
3234 [Define if you want smartcard support
3235 using OpenSC])
3236 SCARD_MSG="yes, using OpenSC"
3237 fi
3238 fi
3239 ]
3240)
3241
3242# Check libraries needed by DNS fingerprint support
3243AC_SEARCH_LIBS(getrrsetbyname, resolv,
3244 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3245 [Define if getrrsetbyname() exists])],
3246 [
3247 # Needed by our getrrsetbyname()
3248 AC_SEARCH_LIBS(res_query, resolv)
3249 AC_SEARCH_LIBS(dn_expand, resolv)
3250 AC_MSG_CHECKING(if res_query will link)
3251 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3252 [AC_MSG_RESULT(no)
3253 saved_LIBS="$LIBS"
3254 LIBS="$LIBS -lresolv"
3255 AC_MSG_CHECKING(for res_query in -lresolv)
3256 AC_LINK_IFELSE([
3257#include <resolv.h>
3258int main()
3259{
3260 res_query (0, 0, 0, 0, 0);
3261 return 0;
3262}
3263 ],
3264 [LIBS="$LIBS -lresolv"
3265 AC_MSG_RESULT(yes)],
3266 [LIBS="$saved_LIBS"
3267 AC_MSG_RESULT(no)])
3268 ])
3269 AC_CHECK_FUNCS(_getshort _getlong)
3270 AC_CHECK_DECLS([_getshort, _getlong], , ,
3271 [#include <sys/types.h>
3272 #include <arpa/nameser.h>])
3273 AC_CHECK_MEMBER(HEADER.ad,
3274 [AC_DEFINE(HAVE_HEADER_AD, 1,
3275 [Define if HEADER.ad exists in arpa/nameser.h])],,
3276 [#include <arpa/nameser.h>])
3277 ])
3278
3279AC_MSG_CHECKING(if struct __res_state _res is an extern)
3280AC_LINK_IFELSE([
3281#include <stdio.h>
3282#if HAVE_SYS_TYPES_H
3283# include <sys/types.h>
3284#endif
3285#include <netinet/in.h>
3286#include <arpa/nameser.h>
3287#include <resolv.h>
3288extern struct __res_state _res;
3289int main() { return 0; }
3290 ],
3291 [AC_MSG_RESULT(yes)
3292 AC_DEFINE(HAVE__RES_EXTERN, 1,
3293 [Define if you have struct __res_state _res as an extern])
3294 ],
3295 [ AC_MSG_RESULT(no) ]
3296)
3297
3298# Check whether user wants SELinux support
3299SELINUX_MSG="no"
3300LIBSELINUX=""
3301AC_ARG_WITH(selinux,
3302 [ --with-selinux Enable SELinux support],
3303 [ if test "x$withval" != "xno" ; then
3304 save_LIBS="$LIBS"
3305 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3306 SELINUX_MSG="yes"
3307 AC_CHECK_HEADER([selinux/selinux.h], ,
3308 AC_MSG_ERROR(SELinux support requires selinux.h header))
3309 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3310 AC_MSG_ERROR(SELinux support requires libselinux library))
3311 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3312 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3313 LIBS="$save_LIBS"
3314 fi ]
3315)
3316
3317# Check whether user wants Kerberos 5 support
3318KRB5_MSG="no"
3319AC_ARG_WITH(kerberos5,
3320 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3321 [ if test "x$withval" != "xno" ; then
3322 if test "x$withval" = "xyes" ; then
3323 KRB5ROOT="/usr/local"
3324 else
3325 KRB5ROOT=${withval}
3326 fi
3327
3328 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3329 KRB5_MSG="yes"
3330
3331 AC_MSG_CHECKING(for krb5-config)
3332 if test -x $KRB5ROOT/bin/krb5-config ; then
3333 KRB5CONF=$KRB5ROOT/bin/krb5-config
3334 AC_MSG_RESULT($KRB5CONF)
3335
3336 AC_MSG_CHECKING(for gssapi support)
3337 if $KRB5CONF | grep gssapi >/dev/null ; then
3338 AC_MSG_RESULT(yes)
3339 AC_DEFINE(GSSAPI, 1,
3340 [Define this if you want GSSAPI
3341 support in the version 2 protocol])
3342 k5confopts=gssapi
3343 else
3344 AC_MSG_RESULT(no)
3345 k5confopts=""
3346 fi
3347 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3348 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3349 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3350 AC_MSG_CHECKING(whether we are using Heimdal)
3351 AC_TRY_COMPILE([ #include <krb5.h> ],
3352 [ char *tmp = heimdal_version; ],
3353 [ AC_MSG_RESULT(yes)
3354 AC_DEFINE(HEIMDAL, 1,
3355 [Define this if you are using the
3356 Heimdal version of Kerberos V5]) ],
3357 AC_MSG_RESULT(no)
3358 )
3359 else
3360 AC_MSG_RESULT(no)
3361 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3362 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3363 AC_MSG_CHECKING(whether we are using Heimdal)
3364 AC_TRY_COMPILE([ #include <krb5.h> ],
3365 [ char *tmp = heimdal_version; ],
3366 [ AC_MSG_RESULT(yes)
3367 AC_DEFINE(HEIMDAL)
3368 K5LIBS="-lkrb5 -ldes"
3369 K5LIBS="$K5LIBS -lcom_err -lasn1"
3370 AC_CHECK_LIB(roken, net_write,
3371 [K5LIBS="$K5LIBS -lroken"])
3372 ],
3373 [ AC_MSG_RESULT(no)
3374 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3375 ]
3376 )
3377 AC_SEARCH_LIBS(dn_expand, resolv)
3378
3379 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3380 [ AC_DEFINE(GSSAPI)
3381 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3382 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3383 [ AC_DEFINE(GSSAPI)
3384 K5LIBS="-lgssapi $K5LIBS" ],
3385 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3386 $K5LIBS)
3387 ],
3388 $K5LIBS)
3389
3390 AC_CHECK_HEADER(gssapi.h, ,
3391 [ unset ac_cv_header_gssapi_h
3392 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3393 AC_CHECK_HEADERS(gssapi.h, ,
3394 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3395 )
3396 ]
3397 )
3398
3399 oldCPP="$CPPFLAGS"
3400 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3401 AC_CHECK_HEADER(gssapi_krb5.h, ,
3402 [ CPPFLAGS="$oldCPP" ])
3403
3404 fi
3405 if test ! -z "$need_dash_r" ; then
3406 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3407 fi
3408 if test ! -z "$blibpath" ; then
3409 blibpath="$blibpath:${KRB5ROOT}/lib"
3410 fi
3411
3412 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3413 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3414 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3415
3416 LIBS="$LIBS $K5LIBS"
3417 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3418 [Define this if you want to use libkafs' AFS support]))
3419 fi
3420 ]
3421)
3422
3423# Looking for programs, paths and files
3424
3425PRIVSEP_PATH=/var/empty
3426AC_ARG_WITH(privsep-path,
3427 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3428 [
3429 if test -n "$withval" && test "x$withval" != "xno" && \
3430 test "x${withval}" != "xyes"; then
3431 PRIVSEP_PATH=$withval
3432 fi
3433 ]
3434)
3435AC_SUBST(PRIVSEP_PATH)
3436
3437AC_ARG_WITH(xauth,
3438 [ --with-xauth=PATH Specify path to xauth program ],
3439 [
3440 if test -n "$withval" && test "x$withval" != "xno" && \
3441 test "x${withval}" != "xyes"; then
3442 xauth_path=$withval
3443 fi
3444 ],
3445 [
3446 TestPath="$PATH"
3447 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3448 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3449 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3450 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3451 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3452 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3453 xauth_path="/usr/openwin/bin/xauth"
3454 fi
3455 ]
3456)
3457
3458STRIP_OPT=-s
3459AC_ARG_ENABLE(strip,
3460 [ --disable-strip Disable calling strip(1) on install],
3461 [
3462 if test "x$enableval" = "xno" ; then
3463 STRIP_OPT=
3464 fi
3465 ]
3466)
3467AC_SUBST(STRIP_OPT)
3468
3469if test -z "$xauth_path" ; then
3470 XAUTH_PATH="undefined"
3471 AC_SUBST(XAUTH_PATH)
3472else
3473 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3474 [Define if xauth is found in your path])
3475 XAUTH_PATH=$xauth_path
3476 AC_SUBST(XAUTH_PATH)
3477fi
3478
3479# Check for mail directory (last resort if we cannot get it from headers)
3480if test ! -z "$MAIL" ; then
3481 maildir=`dirname $MAIL`
3482 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3483 [Set this to your mail directory if you don't have maillock.h])
3484fi
3485
3486if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3487 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3488 disable_ptmx_check=yes
3489fi
3490if test -z "$no_dev_ptmx" ; then
3491 if test "x$disable_ptmx_check" != "xyes" ; then
3492 AC_CHECK_FILE("/dev/ptmx",
3493 [
3494 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3495 [Define if you have /dev/ptmx])
3496 have_dev_ptmx=1
3497 ]
3498 )
3499 fi
3500fi
3501
3502if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3503 AC_CHECK_FILE("/dev/ptc",
3504 [
3505 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3506 [Define if you have /dev/ptc])
3507 have_dev_ptc=1
3508 ]
3509 )
3510else
3511 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3512fi
3513
3514# Options from here on. Some of these are preset by platform above
3515AC_ARG_WITH(mantype,
3516 [ --with-mantype=man|cat|doc Set man page type],
3517 [
3518 case "$withval" in
3519 man|cat|doc)
3520 MANTYPE=$withval
3521 ;;
3522 *)
3523 AC_MSG_ERROR(invalid man type: $withval)
3524 ;;
3525 esac
3526 ]
3527)
3528if test -z "$MANTYPE"; then
3529 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3530 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3531 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3532 MANTYPE=doc
3533 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3534 MANTYPE=man
3535 else
3536 MANTYPE=cat
3537 fi
3538fi
3539AC_SUBST(MANTYPE)
3540if test "$MANTYPE" = "doc"; then
3541 mansubdir=man;
3542else
3543 mansubdir=$MANTYPE;
3544fi
3545AC_SUBST(mansubdir)
3546
3547# Check whether to enable MD5 passwords
3548MD5_MSG="no"
3549AC_ARG_WITH(md5-passwords,
3550 [ --with-md5-passwords Enable use of MD5 passwords],
3551 [
3552 if test "x$withval" != "xno" ; then
3553 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3554 [Define if you want to allow MD5 passwords])
3555 MD5_MSG="yes"
3556 fi
3557 ]
3558)
3559
3560# Whether to disable shadow password support
3561AC_ARG_WITH(shadow,
3562 [ --without-shadow Disable shadow password support],
3563 [
3564 if test "x$withval" = "xno" ; then
3565 AC_DEFINE(DISABLE_SHADOW)
3566 disable_shadow=yes
3567 fi
3568 ]
3569)
3570
3571if test -z "$disable_shadow" ; then
3572 AC_MSG_CHECKING([if the systems has expire shadow information])
3573 AC_TRY_COMPILE(
3574 [
3575#include <sys/types.h>
3576#include <shadow.h>
3577 struct spwd sp;
3578 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3579 [ sp_expire_available=yes ], []
3580 )
3581
3582 if test "x$sp_expire_available" = "xyes" ; then
3583 AC_MSG_RESULT(yes)
3584 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3585 [Define if you want to use shadow password expire field])
3586 else
3587 AC_MSG_RESULT(no)
3588 fi
3589fi
3590
3591# Use ip address instead of hostname in $DISPLAY
3592if test ! -z "$IPADDR_IN_DISPLAY" ; then
3593 DISPLAY_HACK_MSG="yes"
3594 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3595 [Define if you need to use IP address
3596 instead of hostname in $DISPLAY])
3597else
3598 DISPLAY_HACK_MSG="no"
3599 AC_ARG_WITH(ipaddr-display,
3600 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3601 [
3602 if test "x$withval" != "xno" ; then
3603 AC_DEFINE(IPADDR_IN_DISPLAY)
3604 DISPLAY_HACK_MSG="yes"
3605 fi
3606 ]
3607 )
3608fi
3609
3610# check for /etc/default/login and use it if present.
3611AC_ARG_ENABLE(etc-default-login,
3612 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3613 [ if test "x$enableval" = "xno"; then
3614 AC_MSG_NOTICE([/etc/default/login handling disabled])
3615 etc_default_login=no
3616 else
3617 etc_default_login=yes
3618 fi ],
3619 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3620 then
3621 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3622 etc_default_login=no
3623 else
3624 etc_default_login=yes
3625 fi ]
3626)
3627
3628if test "x$etc_default_login" != "xno"; then
3629 AC_CHECK_FILE("/etc/default/login",
3630 [ external_path_file=/etc/default/login ])
3631 if test "x$external_path_file" = "x/etc/default/login"; then
3632 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3633 [Define if your system has /etc/default/login])
3634 fi
3635fi
3636
3637dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3638if test $ac_cv_func_login_getcapbool = "yes" && \
3639 test $ac_cv_header_login_cap_h = "yes" ; then
3640 external_path_file=/etc/login.conf
3641fi
3642
3643# Whether to mess with the default path
3644SERVER_PATH_MSG="(default)"
3645AC_ARG_WITH(default-path,
3646 [ --with-default-path= Specify default \$PATH environment for server],
3647 [
3648 if test "x$external_path_file" = "x/etc/login.conf" ; then
3649 AC_MSG_WARN([
3650--with-default-path=PATH has no effect on this system.
3651Edit /etc/login.conf instead.])
3652 elif test "x$withval" != "xno" ; then
3653 if test ! -z "$external_path_file" ; then
3654 AC_MSG_WARN([
3655--with-default-path=PATH will only be used if PATH is not defined in
3656$external_path_file .])
3657 fi
3658 user_path="$withval"
3659 SERVER_PATH_MSG="$withval"
3660 fi
3661 ],
3662 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3663 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3664 else
3665 if test ! -z "$external_path_file" ; then
3666 AC_MSG_WARN([
3667If PATH is defined in $external_path_file, ensure the path to scp is included,
3668otherwise scp will not work.])
3669 fi
3670 AC_RUN_IFELSE(
3671 [AC_LANG_SOURCE([[
3672/* find out what STDPATH is */
3673#include <stdio.h>
3674#ifdef HAVE_PATHS_H
3675# include <paths.h>
3676#endif
3677#ifndef _PATH_STDPATH
3678# ifdef _PATH_USERPATH /* Irix */
3679# define _PATH_STDPATH _PATH_USERPATH
3680# else
3681# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3682# endif
3683#endif
3684#include <sys/types.h>
3685#include <sys/stat.h>
3686#include <fcntl.h>
3687#define DATA "conftest.stdpath"
3688
3689main()
3690{
3691 FILE *fd;
3692 int rc;
3693
3694 fd = fopen(DATA,"w");
3695 if(fd == NULL)
3696 exit(1);
3697
3698 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3699 exit(1);
3700
3701 exit(0);
3702}
3703 ]])],
3704 [ user_path=`cat conftest.stdpath` ],
3705 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3706 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3707 )
3708# make sure $bindir is in USER_PATH so scp will work
3709 t_bindir=`eval echo ${bindir}`
3710 case $t_bindir in
3711 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3712 esac
3713 case $t_bindir in
3714 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3715 esac
3716 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3717 if test $? -ne 0 ; then
3718 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3719 if test $? -ne 0 ; then
3720 user_path=$user_path:$t_bindir
3721 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3722 fi
3723 fi
3724 fi ]
3725)
3726if test "x$external_path_file" != "x/etc/login.conf" ; then
3727 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3728 AC_SUBST(user_path)
3729fi
3730
3731# Set superuser path separately to user path
3732AC_ARG_WITH(superuser-path,
3733 [ --with-superuser-path= Specify different path for super-user],
3734 [
3735 if test -n "$withval" && test "x$withval" != "xno" && \
3736 test "x${withval}" != "xyes"; then
3737 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3738 [Define if you want a different $PATH
3739 for the superuser])
3740 superuser_path=$withval
3741 fi
3742 ]
3743)
3744
3745
3746AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3747IPV4_IN6_HACK_MSG="no"
3748AC_ARG_WITH(4in6,
3749 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3750 [
3751 if test "x$withval" != "xno" ; then
3752 AC_MSG_RESULT(yes)
3753 AC_DEFINE(IPV4_IN_IPV6, 1,
3754 [Detect IPv4 in IPv6 mapped addresses
3755 and treat as IPv4])
3756 IPV4_IN6_HACK_MSG="yes"
3757 else
3758 AC_MSG_RESULT(no)
3759 fi
3760 ],[
3761 if test "x$inet6_default_4in6" = "xyes"; then
3762 AC_MSG_RESULT([yes (default)])
3763 AC_DEFINE(IPV4_IN_IPV6)
3764 IPV4_IN6_HACK_MSG="yes"
3765 else
3766 AC_MSG_RESULT([no (default)])
3767 fi
3768 ]
3769)
3770
3771# Whether to enable BSD auth support
3772BSD_AUTH_MSG=no
3773AC_ARG_WITH(bsd-auth,
3774 [ --with-bsd-auth Enable BSD auth support],
3775 [
3776 if test "x$withval" != "xno" ; then
3777 AC_DEFINE(BSD_AUTH, 1,
3778 [Define if you have BSD auth support])
3779 BSD_AUTH_MSG=yes
3780 fi
3781 ]
3782)
3783
3784# Where to place sshd.pid
3785piddir=/var/run
3786# make sure the directory exists
3787if test ! -d $piddir ; then
3788 piddir=`eval echo ${sysconfdir}`
3789 case $piddir in
3790 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3791 esac
3792fi
3793
3794AC_ARG_WITH(pid-dir,
3795 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3796 [
3797 if test -n "$withval" && test "x$withval" != "xno" && \
3798 test "x${withval}" != "xyes"; then
3799 piddir=$withval
3800 if test ! -d $piddir ; then
3801 AC_MSG_WARN([** no $piddir directory on this system **])
3802 fi
3803 fi
3804 ]
3805)
3806
3807AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3808AC_SUBST(piddir)
3809
3810dnl allow user to disable some login recording features
3811AC_ARG_ENABLE(lastlog,
3812 [ --disable-lastlog disable use of lastlog even if detected [no]],
3813 [
3814 if test "x$enableval" = "xno" ; then
3815 AC_DEFINE(DISABLE_LASTLOG)
3816 fi
3817 ]
3818)
3819AC_ARG_ENABLE(utmp,
3820 [ --disable-utmp disable use of utmp even if detected [no]],
3821 [
3822 if test "x$enableval" = "xno" ; then
3823 AC_DEFINE(DISABLE_UTMP)
3824 fi
3825 ]
3826)
3827AC_ARG_ENABLE(utmpx,
3828 [ --disable-utmpx disable use of utmpx even if detected [no]],
3829 [
3830 if test "x$enableval" = "xno" ; then
3831 AC_DEFINE(DISABLE_UTMPX, 1,
3832 [Define if you don't want to use utmpx])
3833 fi
3834 ]
3835)
3836AC_ARG_ENABLE(wtmp,
3837 [ --disable-wtmp disable use of wtmp even if detected [no]],
3838 [
3839 if test "x$enableval" = "xno" ; then
3840 AC_DEFINE(DISABLE_WTMP)
3841 fi
3842 ]
3843)
3844AC_ARG_ENABLE(wtmpx,
3845 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3846 [
3847 if test "x$enableval" = "xno" ; then
3848 AC_DEFINE(DISABLE_WTMPX, 1,
3849 [Define if you don't want to use wtmpx])
3850 fi
3851 ]
3852)
3853AC_ARG_ENABLE(libutil,
3854 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3855 [
3856 if test "x$enableval" = "xno" ; then
3857 AC_DEFINE(DISABLE_LOGIN)
3858 fi
3859 ]
3860)
3861AC_ARG_ENABLE(pututline,
3862 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3863 [
3864 if test "x$enableval" = "xno" ; then
3865 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3866 [Define if you don't want to use pututline()
3867 etc. to write [uw]tmp])
3868 fi
3869 ]
3870)
3871AC_ARG_ENABLE(pututxline,
3872 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3873 [
3874 if test "x$enableval" = "xno" ; then
3875 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3876 [Define if you don't want to use pututxline()
3877 etc. to write [uw]tmpx])
3878 fi
3879 ]
3880)
3881AC_ARG_WITH(lastlog,
3882 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3883 [
3884 if test "x$withval" = "xno" ; then
3885 AC_DEFINE(DISABLE_LASTLOG)
3886 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3887 conf_lastlog_location=$withval
3888 fi
3889 ]
3890)
3891
3892dnl lastlog, [uw]tmpx? detection
3893dnl NOTE: set the paths in the platform section to avoid the
3894dnl need for command-line parameters
3895dnl lastlog and [uw]tmp are subject to a file search if all else fails
3896
3897dnl lastlog detection
3898dnl NOTE: the code itself will detect if lastlog is a directory
3899AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3900AC_TRY_COMPILE([
3901#include <sys/types.h>
3902#include <utmp.h>
3903#ifdef HAVE_LASTLOG_H
3904# include <lastlog.h>
3905#endif
3906#ifdef HAVE_PATHS_H
3907# include <paths.h>
3908#endif
3909#ifdef HAVE_LOGIN_H
3910# include <login.h>
3911#endif
3912 ],
3913 [ char *lastlog = LASTLOG_FILE; ],
3914 [ AC_MSG_RESULT(yes) ],
3915 [
3916 AC_MSG_RESULT(no)
3917 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3918 AC_TRY_COMPILE([
3919#include <sys/types.h>
3920#include <utmp.h>
3921#ifdef HAVE_LASTLOG_H
3922# include <lastlog.h>
3923#endif
3924#ifdef HAVE_PATHS_H
3925# include <paths.h>
3926#endif
3927 ],
3928 [ char *lastlog = _PATH_LASTLOG; ],
3929 [ AC_MSG_RESULT(yes) ],
3930 [
3931 AC_MSG_RESULT(no)
3932 system_lastlog_path=no
3933 ])
3934 ]
3935)
3936
3937if test -z "$conf_lastlog_location"; then
3938 if test x"$system_lastlog_path" = x"no" ; then
3939 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3940 if (test -d "$f" || test -f "$f") ; then
3941 conf_lastlog_location=$f
3942 fi
3943 done
3944 if test -z "$conf_lastlog_location"; then
3945 AC_MSG_WARN([** Cannot find lastlog **])
3946 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3947 fi
3948 fi
3949fi
3950
3951if test -n "$conf_lastlog_location"; then
3952 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3953 [Define if you want to specify the path to your lastlog file])
3954fi
3955
3956dnl utmp detection
3957AC_MSG_CHECKING([if your system defines UTMP_FILE])
3958AC_TRY_COMPILE([
3959#include <sys/types.h>
3960#include <utmp.h>
3961#ifdef HAVE_PATHS_H
3962# include <paths.h>
3963#endif
3964 ],
3965 [ char *utmp = UTMP_FILE; ],
3966 [ AC_MSG_RESULT(yes) ],
3967 [ AC_MSG_RESULT(no)
3968 system_utmp_path=no ]
3969)
3970if test -z "$conf_utmp_location"; then
3971 if test x"$system_utmp_path" = x"no" ; then
3972 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3973 if test -f $f ; then
3974 conf_utmp_location=$f
3975 fi
3976 done
3977 if test -z "$conf_utmp_location"; then
3978 AC_DEFINE(DISABLE_UTMP)
3979 fi
3980 fi
3981fi
3982if test -n "$conf_utmp_location"; then
3983 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3984 [Define if you want to specify the path to your utmp file])
3985fi
3986
3987dnl wtmp detection
3988AC_MSG_CHECKING([if your system defines WTMP_FILE])
3989AC_TRY_COMPILE([
3990#include <sys/types.h>
3991#include <utmp.h>
3992#ifdef HAVE_PATHS_H
3993# include <paths.h>
3994#endif
3995 ],
3996 [ char *wtmp = WTMP_FILE; ],
3997 [ AC_MSG_RESULT(yes) ],
3998 [ AC_MSG_RESULT(no)
3999 system_wtmp_path=no ]
4000)
4001if test -z "$conf_wtmp_location"; then
4002 if test x"$system_wtmp_path" = x"no" ; then
4003 for f in /usr/adm/wtmp /var/log/wtmp; do
4004 if test -f $f ; then
4005 conf_wtmp_location=$f
4006 fi
4007 done
4008 if test -z "$conf_wtmp_location"; then
4009 AC_DEFINE(DISABLE_WTMP)
4010 fi
4011 fi
4012fi
4013if test -n "$conf_wtmp_location"; then
4014 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4015 [Define if you want to specify the path to your wtmp file])
4016fi
4017
4018
4019dnl utmpx detection - I don't know any system so perverse as to require
4020dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4021dnl there, though.
4022AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4023AC_TRY_COMPILE([
4024#include <sys/types.h>
4025#include <utmp.h>
4026#ifdef HAVE_UTMPX_H
4027#include <utmpx.h>
4028#endif
4029#ifdef HAVE_PATHS_H
4030# include <paths.h>
4031#endif
4032 ],
4033 [ char *utmpx = UTMPX_FILE; ],
4034 [ AC_MSG_RESULT(yes) ],
4035 [ AC_MSG_RESULT(no)
4036 system_utmpx_path=no ]
4037)
4038if test -z "$conf_utmpx_location"; then
4039 if test x"$system_utmpx_path" = x"no" ; then
4040 AC_DEFINE(DISABLE_UTMPX)
4041 fi
4042else
4043 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4044 [Define if you want to specify the path to your utmpx file])
4045fi
4046
4047dnl wtmpx detection
4048AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4049AC_TRY_COMPILE([
4050#include <sys/types.h>
4051#include <utmp.h>
4052#ifdef HAVE_UTMPX_H
4053#include <utmpx.h>
4054#endif
4055#ifdef HAVE_PATHS_H
4056# include <paths.h>
4057#endif
4058 ],
4059 [ char *wtmpx = WTMPX_FILE; ],
4060 [ AC_MSG_RESULT(yes) ],
4061 [ AC_MSG_RESULT(no)
4062 system_wtmpx_path=no ]
4063)
4064if test -z "$conf_wtmpx_location"; then
4065 if test x"$system_wtmpx_path" = x"no" ; then
4066 AC_DEFINE(DISABLE_WTMPX)
4067 fi
4068else
4069 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4070 [Define if you want to specify the path to your wtmpx file])
4071fi
4072
4073
4074if test ! -z "$blibpath" ; then
4075 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4076 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4077fi
4078
4079dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4080dnl Add now.
4081CFLAGS="$CFLAGS $werror_flags"
4082
4083if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4084 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4085 AC_SUBST(TEST_SSH_IPV6, no)
4086else
4087 AC_SUBST(TEST_SSH_IPV6, yes)
4088fi
4089
4090AC_EXEEXT
4091AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4092 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4093 scard/Makefile ssh_prng_cmds survey.sh])
4094AC_OUTPUT
4095
4096# Print summary of options
4097
4098# Someone please show me a better way :)
4099A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4100B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4101C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4102D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4103E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4104F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4105G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4106H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4107I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4108J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4109
4110echo ""
4111echo "OpenSSH has been configured with the following options:"
4112echo " User binaries: $B"
4113echo " System binaries: $C"
4114echo " Configuration files: $D"
4115echo " Askpass program: $E"
4116echo " Manual pages: $F"
4117echo " PID file: $G"
4118echo " Privilege separation chroot path: $H"
4119if test "x$external_path_file" = "x/etc/login.conf" ; then
4120echo " At runtime, sshd will use the path defined in $external_path_file"
4121echo " Make sure the path to scp is present, otherwise scp will not work"
4122else
4123echo " sshd default user PATH: $I"
4124 if test ! -z "$external_path_file"; then
4125echo " (If PATH is set in $external_path_file it will be used instead. If"
4126echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4127 fi
4128fi
4129if test ! -z "$superuser_path" ; then
4130echo " sshd superuser user PATH: $J"
4131fi
4132echo " Manpage format: $MANTYPE"
4133echo " PAM support: $PAM_MSG"
4134echo " OSF SIA support: $SIA_MSG"
4135echo " KerberosV support: $KRB5_MSG"
4136echo " SELinux support: $SELINUX_MSG"
4137echo " Smartcard support: $SCARD_MSG"
4138echo " S/KEY support: $SKEY_MSG"
4139echo " TCP Wrappers support: $TCPW_MSG"
4140echo " MD5 password support: $MD5_MSG"
4141echo " libedit support: $LIBEDIT_MSG"
4142echo " Solaris process contract support: $SPC_MSG"
4143echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4144echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4145echo " BSD Auth support: $BSD_AUTH_MSG"
4146echo " Random number source: $RAND_MSG"
4147if test ! -z "$USE_RAND_HELPER" ; then
4148echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4149fi
4150
4151echo ""
4152
4153echo " Host: ${host}"
4154echo " Compiler: ${CC}"
4155echo " Compiler flags: ${CFLAGS}"
4156echo "Preprocessor flags: ${CPPFLAGS}"
4157echo " Linker flags: ${LDFLAGS}"
4158echo " Libraries: ${LIBS}"
4159if test ! -z "${SSHDLIBS}"; then
4160echo " +for sshd: ${SSHDLIBS}"
4161fi
4162
4163echo ""
4164
4165if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4166 echo "SVR4 style packages are supported with \"make package\""
4167 echo ""
4168fi
4169
4170if test "x$PAM_MSG" = "xyes" ; then
4171 echo "PAM is enabled. You may need to install a PAM control file "
4172 echo "for sshd, otherwise password authentication may fail. "
4173 echo "Example PAM control files can be found in the contrib/ "
4174 echo "subdirectory"
4175 echo ""
4176fi
4177
4178if test ! -z "$RAND_HELPER_CMDHASH" ; then
4179 echo "WARNING: you are using the builtin random number collection "
4180 echo "service. Please read WARNING.RNG and request that your OS "
4181 echo "vendor includes kernel-based random number collection in "
4182 echo "future versions of your OS."
4183 echo ""
4184fi
4185
4186if test ! -z "$NO_PEERCHECK" ; then
4187 echo "WARNING: the operating system that you are using does not"
4188 echo "appear to support getpeereid(), getpeerucred() or the"
4189 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4190 echo "enforce security checks to prevent unauthorised connections to"
4191 echo "ssh-agent. Their absence increases the risk that a malicious"
4192 echo "user can connect to your agent."
4193 echo ""
4194fi
4195
4196if test "$AUDIT_MODULE" = "bsm" ; then
4197 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4198 echo "See the Solaris section in README.platform for details."
4199fi