configure.ac revision 149749
1# $Id: configure.ac,v 1.292 2005/08/31 16:59:49 tim Exp $ 2# 3# Copyright (c) 1999-2004 Damien Miller 4# 5# Permission to use, copy, modify, and distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) 18AC_CONFIG_SRCDIR([ssh.c]) 19 20AC_CONFIG_HEADER(config.h) 21AC_PROG_CC 22AC_CANONICAL_HOST 23AC_C_BIGENDIAN 24 25# Checks for programs. 26AC_PROG_AWK 27AC_PROG_CPP 28AC_PROG_RANLIB 29AC_PROG_INSTALL 30AC_PATH_PROG(AR, ar) 31AC_PATH_PROG(CAT, cat) 32AC_PATH_PROG(KILL, kill) 33AC_PATH_PROGS(PERL, perl5 perl) 34AC_PATH_PROG(SED, sed) 35AC_SUBST(PERL) 36AC_PATH_PROG(ENT, ent) 37AC_SUBST(ENT) 38AC_PATH_PROG(TEST_MINUS_S_SH, bash) 39AC_PATH_PROG(TEST_MINUS_S_SH, ksh) 40AC_PATH_PROG(TEST_MINUS_S_SH, sh) 41AC_PATH_PROG(SH, sh) 42AC_SUBST(TEST_SHELL,sh) 43 44dnl for buildpkg.sh 45AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd, 46 [/usr/sbin${PATH_SEPARATOR}/etc]) 47AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd, 48 [/usr/sbin${PATH_SEPARATOR}/etc]) 49AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no) 50 51# System features 52AC_SYS_LARGEFILE 53 54if test -z "$AR" ; then 55 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 56fi 57 58# Use LOGIN_PROGRAM from environment if possible 59if test ! -z "$LOGIN_PROGRAM" ; then 60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM") 61else 62 # Search for login 63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login) 64 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then 65 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK") 66 fi 67fi 68 69AC_PATH_PROG(PATH_PASSWD_PROG, passwd) 70if test ! -z "$PATH_PASSWD_PROG" ; then 71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG") 72fi 73 74if test -z "$LD" ; then 75 LD=$CC 76fi 77AC_SUBST(LD) 78 79AC_C_INLINE 80 81AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>]) 82 83if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 84 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized" 85 GCC_VER=`$CC --version` 86 case $GCC_VER in 87 1.*) ;; 88 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;; 89 2.*) ;; 90 *) CFLAGS="$CFLAGS -Wsign-compare" ;; 91 esac 92 93 if test -z "$have_llong_max"; then 94 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 95 unset ac_cv_have_decl_LLONG_MAX 96 saved_CFLAGS="$CFLAGS" 97 CFLAGS="$CFLAGS -std=gnu99" 98 AC_CHECK_DECL(LLONG_MAX, 99 [have_llong_max=1], 100 [CFLAGS="$saved_CFLAGS"], 101 [#include <limits.h>] 102 ) 103 fi 104fi 105 106if test -z "$have_llong_max"; then 107 AC_MSG_CHECKING([for max value of long long]) 108 AC_RUN_IFELSE( 109 [AC_LANG_SOURCE([[ 110#include <stdio.h> 111/* Why is this so damn hard? */ 112#ifdef __GNUC__ 113# undef __GNUC__ 114#endif 115#define __USE_ISOC99 116#include <limits.h> 117#define DATA "conftest.llminmax" 118int main(void) { 119 FILE *f; 120 long long i, llmin, llmax = 0; 121 122 if((f = fopen(DATA,"w")) == NULL) 123 exit(1); 124 125#if defined(LLONG_MIN) && defined(LLONG_MAX) 126 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 127 llmin = LLONG_MIN; 128 llmax = LLONG_MAX; 129#else 130 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 131 /* This will work on one's complement and two's complement */ 132 for (i = 1; i > llmax; i <<= 1, i++) 133 llmax = i; 134 llmin = llmax + 1LL; /* wrap */ 135#endif 136 137 /* Sanity check */ 138 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 139 || llmax - 1 > llmax) { 140 fprintf(f, "unknown unknown\n"); 141 exit(2); 142 } 143 144 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0) 145 exit(3); 146 147 exit(0); 148} 149 ]])], 150 [ 151 llong_min=`$AWK '{print $1}' conftest.llminmax` 152 llong_max=`$AWK '{print $2}' conftest.llminmax` 153 AC_MSG_RESULT($llong_max) 154 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL], 155 [max value of long long calculated by configure]) 156 AC_MSG_CHECKING([for min value of long long]) 157 AC_MSG_RESULT($llong_min) 158 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL], 159 [min value of long long calculated by configure]) 160 ], 161 [ 162 AC_MSG_RESULT(not found) 163 ], 164 [ 165 AC_MSG_WARN([cross compiling: not checking]) 166 ] 167 ) 168fi 169 170AC_ARG_WITH(rpath, 171 [ --without-rpath Disable auto-added -R linker paths], 172 [ 173 if test "x$withval" = "xno" ; then 174 need_dash_r="" 175 fi 176 if test "x$withval" = "xyes" ; then 177 need_dash_r=1 178 fi 179 ] 180) 181 182# Check for some target-specific stuff 183case "$host" in 184*-*-aix*) 185 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 186 if (test -z "$blibpath"); then 187 blibpath="/usr/lib:/lib" 188 fi 189 saved_LDFLAGS="$LDFLAGS" 190 for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do 191 if (test -z "$blibflags"); then 192 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 193 AC_TRY_LINK([], [], [blibflags=$tryflags]) 194 fi 195 done 196 if (test -z "$blibflags"); then 197 AC_MSG_RESULT(not found) 198 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 199 else 200 AC_MSG_RESULT($blibflags) 201 fi 202 LDFLAGS="$saved_LDFLAGS" 203 dnl Check for authenticate. Might be in libs.a on older AIXes 204 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)], 205 [AC_CHECK_LIB(s,authenticate, 206 [ AC_DEFINE(WITH_AIXAUTHENTICATE) 207 LIBS="$LIBS -ls" 208 ]) 209 ]) 210 dnl Check for various auth function declarations in headers. 211 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 212 passwdexpired, setauthdb], , , [#include <usersec.h>]) 213 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 214 AC_CHECK_DECLS(loginfailed, 215 [AC_MSG_CHECKING(if loginfailed takes 4 arguments) 216 AC_TRY_COMPILE( 217 [#include <usersec.h>], 218 [(void)loginfailed("user","host","tty",0);], 219 [AC_MSG_RESULT(yes) 220 AC_DEFINE(AIX_LOGINFAILED_4ARG)], 221 [AC_MSG_RESULT(no)] 222 )], 223 [], 224 [#include <usersec.h>] 225 ) 226 AC_CHECK_FUNCS(setauthdb) 227 check_for_aix_broken_getaddrinfo=1 228 AC_DEFINE(BROKEN_REALPATH) 229 AC_DEFINE(SETEUID_BREAKS_SETUID) 230 AC_DEFINE(BROKEN_SETREUID) 231 AC_DEFINE(BROKEN_SETREGID) 232 dnl AIX handles lastlog as part of its login message 233 AC_DEFINE(DISABLE_LASTLOG) 234 AC_DEFINE(LOGIN_NEEDS_UTMPX) 235 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) 236 ;; 237*-*-cygwin*) 238 check_for_libcrypt_later=1 239 LIBS="$LIBS /usr/lib/textmode.o" 240 AC_DEFINE(HAVE_CYGWIN) 241 AC_DEFINE(USE_PIPES) 242 AC_DEFINE(DISABLE_SHADOW) 243 AC_DEFINE(IP_TOS_IS_BROKEN) 244 AC_DEFINE(NO_X11_UNIX_SOCKETS) 245 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) 246 AC_DEFINE(DISABLE_FD_PASSING) 247 ;; 248*-*-dgux*) 249 AC_DEFINE(IP_TOS_IS_BROKEN) 250 AC_DEFINE(SETEUID_BREAKS_SETUID) 251 AC_DEFINE(BROKEN_SETREUID) 252 AC_DEFINE(BROKEN_SETREGID) 253 ;; 254*-*-darwin*) 255 AC_MSG_CHECKING(if we have working getaddrinfo) 256 AC_TRY_RUN([#include <mach-o/dyld.h> 257main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 258 exit(0); 259 else 260 exit(1); 261}], [AC_MSG_RESULT(working)], 262 [AC_MSG_RESULT(buggy) 263 AC_DEFINE(BROKEN_GETADDRINFO)], 264 [AC_MSG_RESULT(assume it is working)]) 265 AC_DEFINE(SETEUID_BREAKS_SETUID) 266 AC_DEFINE(BROKEN_SETREUID) 267 AC_DEFINE(BROKEN_SETREGID) 268 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1) 269 ;; 270*-*-hpux*) 271 # first we define all of the options common to all HP-UX releases 272 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 273 IPADDR_IN_DISPLAY=yes 274 AC_DEFINE(USE_PIPES) 275 AC_DEFINE(LOGIN_NO_ENDOPT) 276 AC_DEFINE(LOGIN_NEEDS_UTMPX) 277 AC_DEFINE(LOCKED_PASSWD_STRING, "*") 278 AC_DEFINE(SPT_TYPE,SPT_PSTAT) 279 LIBS="$LIBS -lsec" 280 AC_CHECK_LIB(xnet, t_error, , 281 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) 282 283 # next, we define all of the options specific to major releases 284 case "$host" in 285 *-*-hpux10*) 286 if test -z "$GCC"; then 287 CFLAGS="$CFLAGS -Ae" 288 fi 289 ;; 290 *-*-hpux11*) 291 AC_DEFINE(PAM_SUN_CODEBASE) 292 AC_DEFINE(DISABLE_UTMP) 293 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) 294 check_for_hpux_broken_getaddrinfo=1 295 check_for_conflicting_getspnam=1 296 ;; 297 esac 298 299 # lastly, we define options specific to minor releases 300 case "$host" in 301 *-*-hpux10.26) 302 AC_DEFINE(HAVE_SECUREWARE) 303 disable_ptmx_check=yes 304 LIBS="$LIBS -lsecpw" 305 ;; 306 esac 307 ;; 308*-*-irix5*) 309 PATH="$PATH:/usr/etc" 310 AC_DEFINE(BROKEN_INET_NTOA) 311 AC_DEFINE(SETEUID_BREAKS_SETUID) 312 AC_DEFINE(BROKEN_SETREUID) 313 AC_DEFINE(BROKEN_SETREGID) 314 AC_DEFINE(WITH_ABBREV_NO_TTY) 315 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") 316 ;; 317*-*-irix6*) 318 PATH="$PATH:/usr/etc" 319 AC_DEFINE(WITH_IRIX_ARRAY) 320 AC_DEFINE(WITH_IRIX_PROJECT) 321 AC_DEFINE(WITH_IRIX_AUDIT) 322 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)]) 323 AC_DEFINE(BROKEN_INET_NTOA) 324 AC_DEFINE(SETEUID_BREAKS_SETUID) 325 AC_DEFINE(BROKEN_SETREUID) 326 AC_DEFINE(BROKEN_SETREGID) 327 AC_DEFINE(BROKEN_UPDWTMPX) 328 AC_DEFINE(WITH_ABBREV_NO_TTY) 329 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") 330 ;; 331*-*-linux*) 332 no_dev_ptmx=1 333 check_for_libcrypt_later=1 334 check_for_openpty_ctty_bug=1 335 AC_DEFINE(DONT_TRY_OTHER_AF) 336 AC_DEFINE(PAM_TTY_KLUDGE) 337 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!") 338 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) 339 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM) 340 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts]) 341 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) 342 inet6_default_4in6=yes 343 case `uname -r` in 344 1.*|2.0.*) 345 AC_DEFINE(BROKEN_CMSG_TYPE) 346 ;; 347 esac 348 ;; 349mips-sony-bsd|mips-sony-newsos4) 350 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty]) 351 SONY=1 352 ;; 353*-*-netbsd*) 354 check_for_libcrypt_before=1 355 if test "x$withval" != "xno" ; then 356 need_dash_r=1 357 fi 358 ;; 359*-*-freebsd*) 360 check_for_libcrypt_later=1 361 ;; 362*-*-bsdi*) 363 AC_DEFINE(SETEUID_BREAKS_SETUID) 364 AC_DEFINE(BROKEN_SETREUID) 365 AC_DEFINE(BROKEN_SETREGID) 366 ;; 367*-next-*) 368 conf_lastlog_location="/usr/adm/lastlog" 369 conf_utmp_location=/etc/utmp 370 conf_wtmp_location=/usr/adm/wtmp 371 MAIL=/usr/spool/mail 372 AC_DEFINE(HAVE_NEXT) 373 AC_DEFINE(BROKEN_REALPATH) 374 AC_DEFINE(USE_PIPES) 375 AC_DEFINE(BROKEN_SAVED_UIDS) 376 ;; 377*-*-openbsd*) 378 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel]) 379 ;; 380*-*-solaris*) 381 if test "x$withval" != "xno" ; then 382 need_dash_r=1 383 fi 384 AC_DEFINE(PAM_SUN_CODEBASE) 385 AC_DEFINE(LOGIN_NEEDS_UTMPX) 386 AC_DEFINE(LOGIN_NEEDS_TERM) 387 AC_DEFINE(PAM_TTY_KLUDGE) 388 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID) 389 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") 390 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 391 AC_DEFINE(SSHD_ACQUIRES_CTTY) 392 external_path_file=/etc/default/login 393 # hardwire lastlog location (can't detect it on some versions) 394 conf_lastlog_location="/var/adm/lastlog" 395 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x) 396 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 397 if test "$sol2ver" -ge 8; then 398 AC_MSG_RESULT(yes) 399 AC_DEFINE(DISABLE_UTMP) 400 AC_DEFINE(DISABLE_WTMP) 401 else 402 AC_MSG_RESULT(no) 403 fi 404 ;; 405*-*-sunos4*) 406 CPPFLAGS="$CPPFLAGS -DSUNOS4" 407 AC_CHECK_FUNCS(getpwanam) 408 AC_DEFINE(PAM_SUN_CODEBASE) 409 conf_utmp_location=/etc/utmp 410 conf_wtmp_location=/var/adm/wtmp 411 conf_lastlog_location=/var/adm/lastlog 412 AC_DEFINE(USE_PIPES) 413 ;; 414*-ncr-sysv*) 415 LIBS="$LIBS -lc89" 416 AC_DEFINE(USE_PIPES) 417 AC_DEFINE(SSHD_ACQUIRES_CTTY) 418 AC_DEFINE(SETEUID_BREAKS_SETUID) 419 AC_DEFINE(BROKEN_SETREUID) 420 AC_DEFINE(BROKEN_SETREGID) 421 ;; 422*-sni-sysv*) 423 # /usr/ucblib MUST NOT be searched on ReliantUNIX 424 AC_CHECK_LIB(dl, dlsym, ,) 425 # -lresolv needs to be at then end of LIBS or DNS lookups break 426 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ]) 427 IPADDR_IN_DISPLAY=yes 428 AC_DEFINE(USE_PIPES) 429 AC_DEFINE(IP_TOS_IS_BROKEN) 430 AC_DEFINE(SETEUID_BREAKS_SETUID) 431 AC_DEFINE(BROKEN_SETREUID) 432 AC_DEFINE(BROKEN_SETREGID) 433 AC_DEFINE(SSHD_ACQUIRES_CTTY) 434 external_path_file=/etc/default/login 435 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 436 # Attention: always take care to bind libsocket and libnsl before libc, 437 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 438 ;; 439# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 440*-*-sysv4.2*) 441 AC_DEFINE(USE_PIPES) 442 AC_DEFINE(SETEUID_BREAKS_SETUID) 443 AC_DEFINE(BROKEN_SETREUID) 444 AC_DEFINE(BROKEN_SETREGID) 445 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) 446 ;; 447# UnixWare 7.x, OpenUNIX 8 448*-*-sysv5*) 449 check_for_libcrypt_later=1 450 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars]) 451 AC_DEFINE(USE_PIPES) 452 AC_DEFINE(SETEUID_BREAKS_SETUID) 453 AC_DEFINE(BROKEN_SETREUID) 454 AC_DEFINE(BROKEN_SETREGID) 455 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) 456 case "$host" in 457 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 458 TEST_SHELL=/u95/bin/sh 459 AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet]) 460 ;; 461 esac 462 ;; 463*-*-sysv*) 464 ;; 465# SCO UNIX and OEM versions of SCO UNIX 466*-*-sco3.2v4*) 467 AC_MSG_ERROR("This Platform is no longer supported.") 468 ;; 469# SCO OpenServer 5.x 470*-*-sco3.2v5*) 471 if test -z "$GCC"; then 472 CFLAGS="$CFLAGS -belf" 473 fi 474 LIBS="$LIBS -lprot -lx -ltinfo -lm" 475 no_dev_ptmx=1 476 AC_DEFINE(USE_PIPES) 477 AC_DEFINE(HAVE_SECUREWARE) 478 AC_DEFINE(DISABLE_SHADOW) 479 AC_DEFINE(DISABLE_FD_PASSING) 480 AC_DEFINE(SETEUID_BREAKS_SETUID) 481 AC_DEFINE(BROKEN_SETREUID) 482 AC_DEFINE(BROKEN_SETREGID) 483 AC_DEFINE(WITH_ABBREV_NO_TTY) 484 AC_DEFINE(BROKEN_UPDWTMPX) 485 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) 486 AC_CHECK_FUNCS(getluid setluid) 487 MANTYPE=man 488 TEST_SHELL=ksh 489 ;; 490*-*-unicosmk*) 491 AC_DEFINE(NO_SSH_LASTLOG) 492 AC_DEFINE(SETEUID_BREAKS_SETUID) 493 AC_DEFINE(BROKEN_SETREUID) 494 AC_DEFINE(BROKEN_SETREGID) 495 AC_DEFINE(USE_PIPES) 496 AC_DEFINE(DISABLE_FD_PASSING) 497 LDFLAGS="$LDFLAGS" 498 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 499 MANTYPE=cat 500 ;; 501*-*-unicosmp*) 502 AC_DEFINE(SETEUID_BREAKS_SETUID) 503 AC_DEFINE(BROKEN_SETREUID) 504 AC_DEFINE(BROKEN_SETREGID) 505 AC_DEFINE(WITH_ABBREV_NO_TTY) 506 AC_DEFINE(USE_PIPES) 507 AC_DEFINE(DISABLE_FD_PASSING) 508 LDFLAGS="$LDFLAGS" 509 LIBS="$LIBS -lgen -lacid -ldb" 510 MANTYPE=cat 511 ;; 512*-*-unicos*) 513 AC_DEFINE(SETEUID_BREAKS_SETUID) 514 AC_DEFINE(BROKEN_SETREUID) 515 AC_DEFINE(BROKEN_SETREGID) 516 AC_DEFINE(USE_PIPES) 517 AC_DEFINE(DISABLE_FD_PASSING) 518 AC_DEFINE(NO_SSH_LASTLOG) 519 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" 520 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 521 MANTYPE=cat 522 ;; 523*-dec-osf*) 524 AC_MSG_CHECKING(for Digital Unix SIA) 525 no_osfsia="" 526 AC_ARG_WITH(osfsia, 527 [ --with-osfsia Enable Digital Unix SIA], 528 [ 529 if test "x$withval" = "xno" ; then 530 AC_MSG_RESULT(disabled) 531 no_osfsia=1 532 fi 533 ], 534 ) 535 if test -z "$no_osfsia" ; then 536 if test -f /etc/sia/matrix.conf; then 537 AC_MSG_RESULT(yes) 538 AC_DEFINE(HAVE_OSF_SIA) 539 AC_DEFINE(DISABLE_LOGIN) 540 AC_DEFINE(DISABLE_FD_PASSING) 541 LIBS="$LIBS -lsecurity -ldb -lm -laud" 542 else 543 AC_MSG_RESULT(no) 544 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin") 545 fi 546 fi 547 AC_DEFINE(BROKEN_GETADDRINFO) 548 AC_DEFINE(SETEUID_BREAKS_SETUID) 549 AC_DEFINE(BROKEN_SETREUID) 550 AC_DEFINE(BROKEN_SETREGID) 551 ;; 552 553*-*-nto-qnx) 554 AC_DEFINE(USE_PIPES) 555 AC_DEFINE(NO_X11_UNIX_SOCKETS) 556 AC_DEFINE(MISSING_NFDBITS) 557 AC_DEFINE(MISSING_HOWMANY) 558 AC_DEFINE(MISSING_FD_MASK) 559 ;; 560 561*-*-ultrix*) 562 AC_DEFINE(BROKEN_GETGROUPS, [], [getgroups(0,NULL) will return -1]) 563 AC_DEFINE(BROKEN_MMAP, [], [Ultrix mmap can't map files]) 564 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty]) 565 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix]) 566 ;; 567 568*-*-lynxos) 569 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 570 AC_DEFINE(MISSING_HOWMANY) 571 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation]) 572 ;; 573esac 574 575# Allow user to specify flags 576AC_ARG_WITH(cflags, 577 [ --with-cflags Specify additional flags to pass to compiler], 578 [ 579 if test -n "$withval" && test "x$withval" != "xno" && \ 580 test "x${withval}" != "xyes"; then 581 CFLAGS="$CFLAGS $withval" 582 fi 583 ] 584) 585AC_ARG_WITH(cppflags, 586 [ --with-cppflags Specify additional flags to pass to preprocessor] , 587 [ 588 if test -n "$withval" && test "x$withval" != "xno" && \ 589 test "x${withval}" != "xyes"; then 590 CPPFLAGS="$CPPFLAGS $withval" 591 fi 592 ] 593) 594AC_ARG_WITH(ldflags, 595 [ --with-ldflags Specify additional flags to pass to linker], 596 [ 597 if test -n "$withval" && test "x$withval" != "xno" && \ 598 test "x${withval}" != "xyes"; then 599 LDFLAGS="$LDFLAGS $withval" 600 fi 601 ] 602) 603AC_ARG_WITH(libs, 604 [ --with-libs Specify additional libraries to link with], 605 [ 606 if test -n "$withval" && test "x$withval" != "xno" && \ 607 test "x${withval}" != "xyes"; then 608 LIBS="$LIBS $withval" 609 fi 610 ] 611) 612AC_ARG_WITH(Werror, 613 [ --with-Werror Build main code with -Werror], 614 [ 615 if test -n "$withval" && test "x$withval" != "xno"; then 616 werror_flags="-Werror" 617 if "x${withval}" != "xyes"; then 618 werror_flags="$withval" 619 fi 620 fi 621 ] 622) 623 624AC_MSG_CHECKING(compiler and flags for sanity) 625AC_RUN_IFELSE( 626 [AC_LANG_SOURCE([ 627#include <stdio.h> 628int main(){exit(0);} 629 ])], 630 [ AC_MSG_RESULT(yes) ], 631 [ 632 AC_MSG_RESULT(no) 633 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 634 ], 635 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 636) 637 638dnl Checks for header files. 639AC_CHECK_HEADERS( \ 640 bstring.h \ 641 crypt.h \ 642 dirent.h \ 643 endian.h \ 644 features.h \ 645 floatingpoint.h \ 646 getopt.h \ 647 glob.h \ 648 ia.h \ 649 iaf.h \ 650 lastlog.h \ 651 limits.h \ 652 login.h \ 653 login_cap.h \ 654 maillock.h \ 655 ndir.h \ 656 netdb.h \ 657 netgroup.h \ 658 netinet/in_systm.h \ 659 pam/pam_appl.h \ 660 paths.h \ 661 pty.h \ 662 readpassphrase.h \ 663 rpc/types.h \ 664 security/pam_appl.h \ 665 shadow.h \ 666 stddef.h \ 667 stdint.h \ 668 string.h \ 669 strings.h \ 670 sys/audit.h \ 671 sys/bitypes.h \ 672 sys/bsdtty.h \ 673 sys/cdefs.h \ 674 sys/dir.h \ 675 sys/mman.h \ 676 sys/ndir.h \ 677 sys/prctl.h \ 678 sys/pstat.h \ 679 sys/select.h \ 680 sys/stat.h \ 681 sys/stream.h \ 682 sys/stropts.h \ 683 sys/strtio.h \ 684 sys/sysmacros.h \ 685 sys/time.h \ 686 sys/timers.h \ 687 sys/un.h \ 688 time.h \ 689 tmpdir.h \ 690 ttyent.h \ 691 unistd.h \ 692 usersec.h \ 693 util.h \ 694 utime.h \ 695 utmp.h \ 696 utmpx.h \ 697 vis.h \ 698) 699 700# sys/ptms.h requires sys/stream.h to be included first on Solaris 701AC_CHECK_HEADERS(sys/ptms.h, [], [], [ 702#ifdef HAVE_SYS_STREAM_H 703# include <sys/stream.h> 704#endif 705]) 706 707# Checks for libraries. 708AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) 709AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) 710 711dnl IRIX and Solaris 2.5.1 have dirname() in libgen 712AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ 713 AC_CHECK_LIB(gen, dirname,[ 714 AC_CACHE_CHECK([for broken dirname], 715 ac_cv_have_broken_dirname, [ 716 save_LIBS="$LIBS" 717 LIBS="$LIBS -lgen" 718 AC_TRY_RUN( 719 [ 720#include <libgen.h> 721#include <string.h> 722 723int main(int argc, char **argv) { 724 char *s, buf[32]; 725 726 strncpy(buf,"/etc", 32); 727 s = dirname(buf); 728 if (!s || strncmp(s, "/", 32) != 0) { 729 exit(1); 730 } else { 731 exit(0); 732 } 733} 734 ], 735 [ ac_cv_have_broken_dirname="no" ], 736 [ ac_cv_have_broken_dirname="yes" ] 737 ) 738 LIBS="$save_LIBS" 739 ]) 740 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 741 LIBS="$LIBS -lgen" 742 AC_DEFINE(HAVE_DIRNAME) 743 AC_CHECK_HEADERS(libgen.h) 744 fi 745 ]) 746]) 747 748AC_CHECK_FUNC(getspnam, , 749 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen")) 750AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME)) 751 752dnl zlib is required 753AC_ARG_WITH(zlib, 754 [ --with-zlib=PATH Use zlib in PATH], 755 [ if test "x$withval" = "xno" ; then 756 AC_MSG_ERROR([*** zlib is required ***]) 757 elif test "x$withval" != "xyes"; then 758 if test -d "$withval/lib"; then 759 if test -n "${need_dash_r}"; then 760 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 761 else 762 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 763 fi 764 else 765 if test -n "${need_dash_r}"; then 766 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 767 else 768 LDFLAGS="-L${withval} ${LDFLAGS}" 769 fi 770 fi 771 if test -d "$withval/include"; then 772 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 773 else 774 CPPFLAGS="-I${withval} ${CPPFLAGS}" 775 fi 776 fi ] 777) 778 779AC_CHECK_LIB(z, deflate, , 780 [ 781 saved_CPPFLAGS="$CPPFLAGS" 782 saved_LDFLAGS="$LDFLAGS" 783 save_LIBS="$LIBS" 784 dnl Check default zlib install dir 785 if test -n "${need_dash_r}"; then 786 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 787 else 788 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 789 fi 790 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 791 LIBS="$LIBS -lz" 792 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ), 793 [ 794 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 795 ] 796 ) 797 ] 798) 799AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])) 800 801AC_ARG_WITH(zlib-version-check, 802 [ --without-zlib-version-check Disable zlib version check], 803 [ if test "x$withval" = "xno" ; then 804 zlib_check_nonfatal=1 805 fi 806 ] 807) 808 809AC_MSG_CHECKING(for possibly buggy zlib) 810AC_RUN_IFELSE([AC_LANG_SOURCE([[ 811#include <stdio.h> 812#include <zlib.h> 813int main() 814{ 815 int a=0, b=0, c=0, d=0, n, v; 816 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 817 if (n != 3 && n != 4) 818 exit(1); 819 v = a*1000000 + b*10000 + c*100 + d; 820 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 821 822 /* 1.1.4 is OK */ 823 if (a == 1 && b == 1 && c >= 4) 824 exit(0); 825 826 /* 1.2.3 and up are OK */ 827 if (v >= 1020300) 828 exit(0); 829 830 exit(2); 831} 832 ]])], 833 AC_MSG_RESULT(no), 834 [ AC_MSG_RESULT(yes) 835 if test -z "$zlib_check_nonfatal" ; then 836 AC_MSG_ERROR([*** zlib too old - check config.log *** 837Your reported zlib version has known security problems. It's possible your 838vendor has fixed these problems without changing the version number. If you 839are sure this is the case, you can disable the check by running 840"./configure --without-zlib-version-check". 841If you are in doubt, upgrade zlib to version 1.2.3 or greater. 842See http://www.gzip.org/zlib/ for details.]) 843 else 844 AC_MSG_WARN([zlib version may have security problems]) 845 fi 846 ], 847 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 848) 849 850dnl UnixWare 2.x 851AC_CHECK_FUNC(strcasecmp, 852 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ] 853) 854AC_CHECK_FUNC(utimes, 855 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES) 856 LIBS="$LIBS -lc89"]) ] 857) 858 859dnl Checks for libutil functions 860AC_CHECK_HEADERS(libutil.h) 861AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)]) 862AC_CHECK_FUNCS(logout updwtmp logwtmp) 863 864AC_FUNC_STRFTIME 865 866# Check for ALTDIRFUNC glob() extension 867AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support) 868AC_EGREP_CPP(FOUNDIT, 869 [ 870 #include <glob.h> 871 #ifdef GLOB_ALTDIRFUNC 872 FOUNDIT 873 #endif 874 ], 875 [ 876 AC_DEFINE(GLOB_HAS_ALTDIRFUNC) 877 AC_MSG_RESULT(yes) 878 ], 879 [ 880 AC_MSG_RESULT(no) 881 ] 882) 883 884# Check for g.gl_matchc glob() extension 885AC_MSG_CHECKING(for gl_matchc field in glob_t) 886AC_EGREP_CPP(FOUNDIT, 887 [ 888 #include <glob.h> 889 int main(void){glob_t g; g.gl_matchc = 1;} 890 ], 891 [ 892 AC_DEFINE(GLOB_HAS_GL_MATCHC) 893 AC_MSG_RESULT(yes) 894 ], 895 [ 896 AC_MSG_RESULT(no) 897 ] 898) 899 900AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 901AC_RUN_IFELSE( 902 [AC_LANG_SOURCE([[ 903#include <sys/types.h> 904#include <dirent.h> 905int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} 906 ]])], 907 [AC_MSG_RESULT(yes)], 908 [ 909 AC_MSG_RESULT(no) 910 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) 911 ], 912 [ 913 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 914 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) 915 ] 916) 917 918AC_MSG_CHECKING([for /proc/pid/fd directory]) 919if test -d "/proc/$$/fd" ; then 920 AC_DEFINE(HAVE_PROC_PID) 921 AC_MSG_RESULT(yes) 922else 923 AC_MSG_RESULT(no) 924fi 925 926# Check whether user wants S/Key support 927SKEY_MSG="no" 928AC_ARG_WITH(skey, 929 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], 930 [ 931 if test "x$withval" != "xno" ; then 932 933 if test "x$withval" != "xyes" ; then 934 CPPFLAGS="$CPPFLAGS -I${withval}/include" 935 LDFLAGS="$LDFLAGS -L${withval}/lib" 936 fi 937 938 AC_DEFINE(SKEY) 939 LIBS="-lskey $LIBS" 940 SKEY_MSG="yes" 941 942 AC_MSG_CHECKING([for s/key support]) 943 AC_TRY_RUN( 944 [ 945#include <stdio.h> 946#include <skey.h> 947int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } 948 ], 949 [AC_MSG_RESULT(yes)], 950 [ 951 AC_MSG_RESULT(no) 952 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 953 ]) 954 AC_MSG_CHECKING(if skeychallenge takes 4 arguments) 955 AC_TRY_COMPILE( 956 [#include <stdio.h> 957 #include <skey.h>], 958 [(void)skeychallenge(NULL,"name","",0);], 959 [AC_MSG_RESULT(yes) 960 AC_DEFINE(SKEYCHALLENGE_4ARG)], 961 [AC_MSG_RESULT(no)] 962 ) 963 fi 964 ] 965) 966 967# Check whether user wants TCP wrappers support 968TCPW_MSG="no" 969AC_ARG_WITH(tcp-wrappers, 970 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 971 [ 972 if test "x$withval" != "xno" ; then 973 saved_LIBS="$LIBS" 974 saved_LDFLAGS="$LDFLAGS" 975 saved_CPPFLAGS="$CPPFLAGS" 976 if test -n "${withval}" && \ 977 test "x${withval}" != "xyes"; then 978 if test -d "${withval}/lib"; then 979 if test -n "${need_dash_r}"; then 980 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 981 else 982 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 983 fi 984 else 985 if test -n "${need_dash_r}"; then 986 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 987 else 988 LDFLAGS="-L${withval} ${LDFLAGS}" 989 fi 990 fi 991 if test -d "${withval}/include"; then 992 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 993 else 994 CPPFLAGS="-I${withval} ${CPPFLAGS}" 995 fi 996 fi 997 LIBWRAP="-lwrap" 998 LIBS="$LIBWRAP $LIBS" 999 AC_MSG_CHECKING(for libwrap) 1000 AC_TRY_LINK( 1001 [ 1002#include <sys/types.h> 1003#include <sys/socket.h> 1004#include <netinet/in.h> 1005#include <tcpd.h> 1006 int deny_severity = 0, allow_severity = 0; 1007 ], 1008 [hosts_access(0);], 1009 [ 1010 AC_MSG_RESULT(yes) 1011 AC_DEFINE(LIBWRAP) 1012 AC_SUBST(LIBWRAP) 1013 TCPW_MSG="yes" 1014 ], 1015 [ 1016 AC_MSG_ERROR([*** libwrap missing]) 1017 ] 1018 ) 1019 LIBS="$saved_LIBS" 1020 fi 1021 ] 1022) 1023 1024# Check whether user wants libedit support 1025LIBEDIT_MSG="no" 1026AC_ARG_WITH(libedit, 1027 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1028 [ if test "x$withval" != "xno" ; then 1029 if test "x$withval" != "xyes"; then 1030 CPPFLAGS="$CPPFLAGS -I$withval/include" 1031 LDFLAGS="$LDFLAGS -L$withval/lib" 1032 fi 1033 AC_CHECK_LIB(edit, el_init, 1034 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp]) 1035 LIBEDIT="-ledit -lcurses" 1036 LIBEDIT_MSG="yes" 1037 AC_SUBST(LIBEDIT) 1038 ], 1039 [ AC_MSG_ERROR(libedit not found) ], 1040 [ -lcurses ] 1041 ) 1042 AC_MSG_CHECKING(if libedit version is compatible) 1043 AC_COMPILE_IFELSE( 1044 [AC_LANG_SOURCE([[ 1045#include <histedit.h> 1046int main(void) 1047{ 1048 int i = H_SETSIZE; 1049 el_init("", NULL, NULL, NULL); 1050 exit(0); 1051} 1052 ]])], 1053 [ AC_MSG_RESULT(yes) ], 1054 [ AC_MSG_RESULT(no) 1055 AC_MSG_ERROR(libedit version is not compatible) ] 1056 ) 1057 fi ] 1058) 1059 1060AUDIT_MODULE=none 1061AC_ARG_WITH(audit, 1062 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)], 1063 [ 1064 AC_MSG_CHECKING(for supported audit module) 1065 case "$withval" in 1066 bsm) 1067 AC_MSG_RESULT(bsm) 1068 AUDIT_MODULE=bsm 1069 dnl Checks for headers, libs and functions 1070 AC_CHECK_HEADERS(bsm/audit.h, [], 1071 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)]) 1072 AC_CHECK_LIB(bsm, getaudit, [], 1073 [AC_MSG_ERROR(BSM enabled and required library not found)]) 1074 AC_CHECK_FUNCS(getaudit, [], 1075 [AC_MSG_ERROR(BSM enabled and required function not found)]) 1076 # These are optional 1077 AC_CHECK_FUNCS(getaudit_addr) 1078 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module]) 1079 ;; 1080 debug) 1081 AUDIT_MODULE=debug 1082 AC_MSG_RESULT(debug) 1083 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module) 1084 ;; 1085 no) 1086 AC_MSG_RESULT(no) 1087 ;; 1088 *) 1089 AC_MSG_ERROR([Unknown audit module $withval]) 1090 ;; 1091 esac ] 1092) 1093 1094dnl Checks for library functions. Please keep in alphabetical order 1095AC_CHECK_FUNCS( \ 1096 arc4random \ 1097 b64_ntop \ 1098 __b64_ntop \ 1099 b64_pton \ 1100 __b64_pton \ 1101 bcopy \ 1102 bindresvport_sa \ 1103 clock \ 1104 closefrom \ 1105 dirfd \ 1106 fchmod \ 1107 fchown \ 1108 freeaddrinfo \ 1109 futimes \ 1110 getaddrinfo \ 1111 getcwd \ 1112 getgrouplist \ 1113 getnameinfo \ 1114 getopt \ 1115 getpeereid \ 1116 _getpty \ 1117 getrlimit \ 1118 getttyent \ 1119 glob \ 1120 inet_aton \ 1121 inet_ntoa \ 1122 inet_ntop \ 1123 innetgr \ 1124 login_getcapbool \ 1125 md5_crypt \ 1126 memmove \ 1127 mkdtemp \ 1128 mmap \ 1129 ngetaddrinfo \ 1130 nsleep \ 1131 ogetaddrinfo \ 1132 openlog_r \ 1133 openpty \ 1134 prctl \ 1135 pstat \ 1136 readpassphrase \ 1137 realpath \ 1138 recvmsg \ 1139 rresvport_af \ 1140 sendmsg \ 1141 setdtablesize \ 1142 setegid \ 1143 setenv \ 1144 seteuid \ 1145 setgroups \ 1146 setlogin \ 1147 setpcred \ 1148 setproctitle \ 1149 setregid \ 1150 setreuid \ 1151 setrlimit \ 1152 setsid \ 1153 setvbuf \ 1154 sigaction \ 1155 sigvec \ 1156 snprintf \ 1157 socketpair \ 1158 strdup \ 1159 strerror \ 1160 strlcat \ 1161 strlcpy \ 1162 strmode \ 1163 strnvis \ 1164 strtonum \ 1165 strtoll \ 1166 strtoul \ 1167 sysconf \ 1168 tcgetpgrp \ 1169 truncate \ 1170 unsetenv \ 1171 updwtmpx \ 1172 utimes \ 1173 vhangup \ 1174 vsnprintf \ 1175 waitpid \ 1176) 1177 1178# IRIX has a const char return value for gai_strerror() 1179AC_CHECK_FUNCS(gai_strerror,[ 1180 AC_DEFINE(HAVE_GAI_STRERROR) 1181 AC_TRY_COMPILE([ 1182#include <sys/types.h> 1183#include <sys/socket.h> 1184#include <netdb.h> 1185 1186const char *gai_strerror(int);],[ 1187char *str; 1188 1189str = gai_strerror(0);],[ 1190 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1, 1191 [Define if gai_strerror() returns const char *])])]) 1192 1193AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP)) 1194 1195dnl Make sure prototypes are defined for these before using them. 1196AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)]) 1197AC_CHECK_DECL(strsep, 1198 [AC_CHECK_FUNCS(strsep)], 1199 [], 1200 [ 1201#ifdef HAVE_STRING_H 1202# include <string.h> 1203#endif 1204 ]) 1205 1206dnl tcsendbreak might be a macro 1207AC_CHECK_DECL(tcsendbreak, 1208 [AC_DEFINE(HAVE_TCSENDBREAK)], 1209 [AC_CHECK_FUNCS(tcsendbreak)], 1210 [#include <termios.h>] 1211) 1212 1213AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>]) 1214 1215AC_CHECK_FUNCS(setresuid, [ 1216 dnl Some platorms have setresuid that isn't implemented, test for this 1217 AC_MSG_CHECKING(if setresuid seems to work) 1218 AC_RUN_IFELSE( 1219 [AC_LANG_SOURCE([[ 1220#include <stdlib.h> 1221#include <errno.h> 1222int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} 1223 ]])], 1224 [AC_MSG_RESULT(yes)], 1225 [AC_DEFINE(BROKEN_SETRESUID) 1226 AC_MSG_RESULT(not implemented)], 1227 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1228 ) 1229]) 1230 1231AC_CHECK_FUNCS(setresgid, [ 1232 dnl Some platorms have setresgid that isn't implemented, test for this 1233 AC_MSG_CHECKING(if setresgid seems to work) 1234 AC_RUN_IFELSE( 1235 [AC_LANG_SOURCE([[ 1236#include <stdlib.h> 1237#include <errno.h> 1238int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} 1239 ]])], 1240 [AC_MSG_RESULT(yes)], 1241 [AC_DEFINE(BROKEN_SETRESGID) 1242 AC_MSG_RESULT(not implemented)], 1243 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1244 ) 1245]) 1246 1247dnl Checks for time functions 1248AC_CHECK_FUNCS(gettimeofday time) 1249dnl Checks for utmp functions 1250AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent) 1251AC_CHECK_FUNCS(utmpname) 1252dnl Checks for utmpx functions 1253AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) 1254AC_CHECK_FUNCS(setutxent utmpxname) 1255 1256AC_CHECK_FUNC(daemon, 1257 [AC_DEFINE(HAVE_DAEMON)], 1258 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])] 1259) 1260 1261AC_CHECK_FUNC(getpagesize, 1262 [AC_DEFINE(HAVE_GETPAGESIZE)], 1263 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])] 1264) 1265 1266# Check for broken snprintf 1267if test "x$ac_cv_func_snprintf" = "xyes" ; then 1268 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 1269 AC_RUN_IFELSE( 1270 [AC_LANG_SOURCE([[ 1271#include <stdio.h> 1272int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} 1273 ]])], 1274 [AC_MSG_RESULT(yes)], 1275 [ 1276 AC_MSG_RESULT(no) 1277 AC_DEFINE(BROKEN_SNPRINTF) 1278 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 1279 ], 1280 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 1281 ) 1282fi 1283 1284# Check for missing getpeereid (or equiv) support 1285NO_PEERCHECK="" 1286if test "x$ac_cv_func_getpeereid" != "xyes" ; then 1287 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 1288 AC_TRY_COMPILE( 1289 [#include <sys/types.h> 1290 #include <sys/socket.h>], 1291 [int i = SO_PEERCRED;], 1292 [ AC_MSG_RESULT(yes) 1293 AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option]) 1294 ], 1295 [AC_MSG_RESULT(no) 1296 NO_PEERCHECK=1] 1297 ) 1298fi 1299 1300dnl see whether mkstemp() requires XXXXXX 1301if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 1302AC_MSG_CHECKING([for (overly) strict mkstemp]) 1303AC_TRY_RUN( 1304 [ 1305#include <stdlib.h> 1306main() { char template[]="conftest.mkstemp-test"; 1307if (mkstemp(template) == -1) 1308 exit(1); 1309unlink(template); exit(0); 1310} 1311 ], 1312 [ 1313 AC_MSG_RESULT(no) 1314 ], 1315 [ 1316 AC_MSG_RESULT(yes) 1317 AC_DEFINE(HAVE_STRICT_MKSTEMP) 1318 ], 1319 [ 1320 AC_MSG_RESULT(yes) 1321 AC_DEFINE(HAVE_STRICT_MKSTEMP) 1322 ] 1323) 1324fi 1325 1326dnl make sure that openpty does not reacquire controlling terminal 1327if test ! -z "$check_for_openpty_ctty_bug"; then 1328 AC_MSG_CHECKING(if openpty correctly handles controlling tty) 1329 AC_TRY_RUN( 1330 [ 1331#include <stdio.h> 1332#include <sys/fcntl.h> 1333#include <sys/types.h> 1334#include <sys/wait.h> 1335 1336int 1337main() 1338{ 1339 pid_t pid; 1340 int fd, ptyfd, ttyfd, status; 1341 1342 pid = fork(); 1343 if (pid < 0) { /* failed */ 1344 exit(1); 1345 } else if (pid > 0) { /* parent */ 1346 waitpid(pid, &status, 0); 1347 if (WIFEXITED(status)) 1348 exit(WEXITSTATUS(status)); 1349 else 1350 exit(2); 1351 } else { /* child */ 1352 close(0); close(1); close(2); 1353 setsid(); 1354 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 1355 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 1356 if (fd >= 0) 1357 exit(3); /* Acquired ctty: broken */ 1358 else 1359 exit(0); /* Did not acquire ctty: OK */ 1360 } 1361} 1362 ], 1363 [ 1364 AC_MSG_RESULT(yes) 1365 ], 1366 [ 1367 AC_MSG_RESULT(no) 1368 AC_DEFINE(SSHD_ACQUIRES_CTTY) 1369 ] 1370 ) 1371fi 1372 1373if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 1374 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 1375 AC_MSG_CHECKING(if getaddrinfo seems to work) 1376 AC_TRY_RUN( 1377 [ 1378#include <stdio.h> 1379#include <sys/socket.h> 1380#include <netdb.h> 1381#include <errno.h> 1382#include <netinet/in.h> 1383 1384#define TEST_PORT "2222" 1385 1386int 1387main(void) 1388{ 1389 int err, sock; 1390 struct addrinfo *gai_ai, *ai, hints; 1391 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 1392 1393 memset(&hints, 0, sizeof(hints)); 1394 hints.ai_family = PF_UNSPEC; 1395 hints.ai_socktype = SOCK_STREAM; 1396 hints.ai_flags = AI_PASSIVE; 1397 1398 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 1399 if (err != 0) { 1400 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 1401 exit(1); 1402 } 1403 1404 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 1405 if (ai->ai_family != AF_INET6) 1406 continue; 1407 1408 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 1409 sizeof(ntop), strport, sizeof(strport), 1410 NI_NUMERICHOST|NI_NUMERICSERV); 1411 1412 if (err != 0) { 1413 if (err == EAI_SYSTEM) 1414 perror("getnameinfo EAI_SYSTEM"); 1415 else 1416 fprintf(stderr, "getnameinfo failed: %s\n", 1417 gai_strerror(err)); 1418 exit(2); 1419 } 1420 1421 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 1422 if (sock < 0) 1423 perror("socket"); 1424 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 1425 if (errno == EBADF) 1426 exit(3); 1427 } 1428 } 1429 exit(0); 1430} 1431 ], 1432 [ 1433 AC_MSG_RESULT(yes) 1434 ], 1435 [ 1436 AC_MSG_RESULT(no) 1437 AC_DEFINE(BROKEN_GETADDRINFO) 1438 ] 1439 ) 1440fi 1441 1442if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 1443 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 1444 AC_MSG_CHECKING(if getaddrinfo seems to work) 1445 AC_TRY_RUN( 1446 [ 1447#include <stdio.h> 1448#include <sys/socket.h> 1449#include <netdb.h> 1450#include <errno.h> 1451#include <netinet/in.h> 1452 1453#define TEST_PORT "2222" 1454 1455int 1456main(void) 1457{ 1458 int err, sock; 1459 struct addrinfo *gai_ai, *ai, hints; 1460 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 1461 1462 memset(&hints, 0, sizeof(hints)); 1463 hints.ai_family = PF_UNSPEC; 1464 hints.ai_socktype = SOCK_STREAM; 1465 hints.ai_flags = AI_PASSIVE; 1466 1467 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 1468 if (err != 0) { 1469 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 1470 exit(1); 1471 } 1472 1473 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 1474 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 1475 continue; 1476 1477 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 1478 sizeof(ntop), strport, sizeof(strport), 1479 NI_NUMERICHOST|NI_NUMERICSERV); 1480 1481 if (ai->ai_family == AF_INET && err != 0) { 1482 perror("getnameinfo"); 1483 exit(2); 1484 } 1485 } 1486 exit(0); 1487} 1488 ], 1489 [ 1490 AC_MSG_RESULT(yes) 1491 AC_DEFINE(AIX_GETNAMEINFO_HACK, [], 1492[Define if you have a getaddrinfo that fails for the all-zeros IPv6 address]) 1493 ], 1494 [ 1495 AC_MSG_RESULT(no) 1496 AC_DEFINE(BROKEN_GETADDRINFO) 1497 ] 1498 ) 1499fi 1500 1501if test "x$check_for_conflicting_getspnam" = "x1"; then 1502 AC_MSG_CHECKING(for conflicting getspnam in shadow.h) 1503 AC_COMPILE_IFELSE( 1504 [ 1505#include <shadow.h> 1506int main(void) {exit(0);} 1507 ], 1508 [ 1509 AC_MSG_RESULT(no) 1510 ], 1511 [ 1512 AC_MSG_RESULT(yes) 1513 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1, 1514 [Conflicting defs for getspnam]) 1515 ] 1516 ) 1517fi 1518 1519AC_FUNC_GETPGRP 1520 1521# Check for PAM libs 1522PAM_MSG="no" 1523AC_ARG_WITH(pam, 1524 [ --with-pam Enable PAM support ], 1525 [ 1526 if test "x$withval" != "xno" ; then 1527 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 1528 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 1529 AC_MSG_ERROR([PAM headers not found]) 1530 fi 1531 1532 AC_CHECK_LIB(dl, dlopen, , ) 1533 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing])) 1534 AC_CHECK_FUNCS(pam_getenvlist) 1535 AC_CHECK_FUNCS(pam_putenv) 1536 1537 PAM_MSG="yes" 1538 1539 AC_DEFINE(USE_PAM) 1540 if test $ac_cv_lib_dl_dlopen = yes; then 1541 LIBPAM="-lpam -ldl" 1542 else 1543 LIBPAM="-lpam" 1544 fi 1545 AC_SUBST(LIBPAM) 1546 fi 1547 ] 1548) 1549 1550# Check for older PAM 1551if test "x$PAM_MSG" = "xyes" ; then 1552 # Check PAM strerror arguments (old PAM) 1553 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 1554 AC_TRY_COMPILE( 1555 [ 1556#include <stdlib.h> 1557#if defined(HAVE_SECURITY_PAM_APPL_H) 1558#include <security/pam_appl.h> 1559#elif defined (HAVE_PAM_PAM_APPL_H) 1560#include <pam/pam_appl.h> 1561#endif 1562 ], 1563 [(void)pam_strerror((pam_handle_t *)NULL, -1);], 1564 [AC_MSG_RESULT(no)], 1565 [ 1566 AC_DEFINE(HAVE_OLD_PAM) 1567 AC_MSG_RESULT(yes) 1568 PAM_MSG="yes (old library)" 1569 ] 1570 ) 1571fi 1572 1573# Search for OpenSSL 1574saved_CPPFLAGS="$CPPFLAGS" 1575saved_LDFLAGS="$LDFLAGS" 1576AC_ARG_WITH(ssl-dir, 1577 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 1578 [ 1579 if test "x$withval" != "xno" ; then 1580 case "$withval" in 1581 # Relative paths 1582 ./*|../*) withval="`pwd`/$withval" 1583 esac 1584 if test -d "$withval/lib"; then 1585 if test -n "${need_dash_r}"; then 1586 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1587 else 1588 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1589 fi 1590 else 1591 if test -n "${need_dash_r}"; then 1592 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1593 else 1594 LDFLAGS="-L${withval} ${LDFLAGS}" 1595 fi 1596 fi 1597 if test -d "$withval/include"; then 1598 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1599 else 1600 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1601 fi 1602 fi 1603 ] 1604) 1605LIBS="-lcrypto $LIBS" 1606AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), 1607 [ 1608 dnl Check default openssl install dir 1609 if test -n "${need_dash_r}"; then 1610 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 1611 else 1612 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 1613 fi 1614 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 1615 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), 1616 [ 1617 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 1618 ] 1619 ) 1620 ] 1621) 1622 1623# Determine OpenSSL header version 1624AC_MSG_CHECKING([OpenSSL header version]) 1625AC_RUN_IFELSE( 1626 [AC_LANG_SOURCE([[ 1627#include <stdio.h> 1628#include <string.h> 1629#include <openssl/opensslv.h> 1630#define DATA "conftest.sslincver" 1631int main(void) { 1632 FILE *fd; 1633 int rc; 1634 1635 fd = fopen(DATA,"w"); 1636 if(fd == NULL) 1637 exit(1); 1638 1639 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) 1640 exit(1); 1641 1642 exit(0); 1643} 1644 ]])], 1645 [ 1646 ssl_header_ver=`cat conftest.sslincver` 1647 AC_MSG_RESULT($ssl_header_ver) 1648 ], 1649 [ 1650 AC_MSG_RESULT(not found) 1651 AC_MSG_ERROR(OpenSSL version header not found.) 1652 ], 1653 [ 1654 AC_MSG_WARN([cross compiling: not checking]) 1655 ] 1656) 1657 1658# Determine OpenSSL library version 1659AC_MSG_CHECKING([OpenSSL library version]) 1660AC_RUN_IFELSE( 1661 [AC_LANG_SOURCE([[ 1662#include <stdio.h> 1663#include <string.h> 1664#include <openssl/opensslv.h> 1665#include <openssl/crypto.h> 1666#define DATA "conftest.ssllibver" 1667int main(void) { 1668 FILE *fd; 1669 int rc; 1670 1671 fd = fopen(DATA,"w"); 1672 if(fd == NULL) 1673 exit(1); 1674 1675 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) 1676 exit(1); 1677 1678 exit(0); 1679} 1680 ]])], 1681 [ 1682 ssl_library_ver=`cat conftest.ssllibver` 1683 AC_MSG_RESULT($ssl_library_ver) 1684 ], 1685 [ 1686 AC_MSG_RESULT(not found) 1687 AC_MSG_ERROR(OpenSSL library not found.) 1688 ], 1689 [ 1690 AC_MSG_WARN([cross compiling: not checking]) 1691 ] 1692) 1693 1694# Sanity check OpenSSL headers 1695AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 1696AC_RUN_IFELSE( 1697 [AC_LANG_SOURCE([[ 1698#include <string.h> 1699#include <openssl/opensslv.h> 1700int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } 1701 ]])], 1702 [ 1703 AC_MSG_RESULT(yes) 1704 ], 1705 [ 1706 AC_MSG_RESULT(no) 1707 AC_MSG_ERROR([Your OpenSSL headers do not match your library. 1708Check config.log for details. 1709Also see contrib/findssl.sh for help identifying header/library mismatches.]) 1710 ], 1711 [ 1712 AC_MSG_WARN([cross compiling: not checking]) 1713 ] 1714) 1715 1716# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 1717# because the system crypt() is more featureful. 1718if test "x$check_for_libcrypt_before" = "x1"; then 1719 AC_CHECK_LIB(crypt, crypt) 1720fi 1721 1722# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 1723# version in OpenSSL. 1724if test "x$check_for_libcrypt_later" = "x1"; then 1725 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") 1726fi 1727 1728AC_CHECK_LIB(iaf, ia_openinfo) 1729 1730### Configure cryptographic random number support 1731 1732# Check wheter OpenSSL seeds itself 1733AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 1734AC_RUN_IFELSE( 1735 [AC_LANG_SOURCE([[ 1736#include <string.h> 1737#include <openssl/rand.h> 1738int main(void) { exit(RAND_status() == 1 ? 0 : 1); } 1739 ]])], 1740 [ 1741 OPENSSL_SEEDS_ITSELF=yes 1742 AC_MSG_RESULT(yes) 1743 ], 1744 [ 1745 AC_MSG_RESULT(no) 1746 # Default to use of the rand helper if OpenSSL doesn't 1747 # seed itself 1748 USE_RAND_HELPER=yes 1749 ], 1750 [ 1751 AC_MSG_WARN([cross compiling: assuming yes]) 1752 # This is safe, since all recent OpenSSL versions will 1753 # complain at runtime if not seeded correctly. 1754 OPENSSL_SEEDS_ITSELF=yes 1755 ] 1756) 1757 1758 1759# Do we want to force the use of the rand helper? 1760AC_ARG_WITH(rand-helper, 1761 [ --with-rand-helper Use subprocess to gather strong randomness ], 1762 [ 1763 if test "x$withval" = "xno" ; then 1764 # Force use of OpenSSL's internal RNG, even if 1765 # the previous test showed it to be unseeded. 1766 if test -z "$OPENSSL_SEEDS_ITSELF" ; then 1767 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG]) 1768 OPENSSL_SEEDS_ITSELF=yes 1769 USE_RAND_HELPER="" 1770 fi 1771 else 1772 USE_RAND_HELPER=yes 1773 fi 1774 ], 1775) 1776 1777# Which randomness source do we use? 1778if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then 1779 # OpenSSL only 1780 AC_DEFINE(OPENSSL_PRNG_ONLY) 1781 RAND_MSG="OpenSSL internal ONLY" 1782 INSTALL_SSH_RAND_HELPER="" 1783elif test ! -z "$USE_RAND_HELPER" ; then 1784 # install rand helper 1785 RAND_MSG="ssh-rand-helper" 1786 INSTALL_SSH_RAND_HELPER="yes" 1787fi 1788AC_SUBST(INSTALL_SSH_RAND_HELPER) 1789 1790### Configuration of ssh-rand-helper 1791 1792# PRNGD TCP socket 1793AC_ARG_WITH(prngd-port, 1794 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 1795 [ 1796 case "$withval" in 1797 no) 1798 withval="" 1799 ;; 1800 [[0-9]]*) 1801 ;; 1802 *) 1803 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port) 1804 ;; 1805 esac 1806 if test ! -z "$withval" ; then 1807 PRNGD_PORT="$withval" 1808 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT) 1809 fi 1810 ] 1811) 1812 1813# PRNGD Unix domain socket 1814AC_ARG_WITH(prngd-socket, 1815 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 1816 [ 1817 case "$withval" in 1818 yes) 1819 withval="/var/run/egd-pool" 1820 ;; 1821 no) 1822 withval="" 1823 ;; 1824 /*) 1825 ;; 1826 *) 1827 AC_MSG_ERROR(You must specify an absolute path to the entropy socket) 1828 ;; 1829 esac 1830 1831 if test ! -z "$withval" ; then 1832 if test ! -z "$PRNGD_PORT" ; then 1833 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket) 1834 fi 1835 if test ! -r "$withval" ; then 1836 AC_MSG_WARN(Entropy socket is not readable) 1837 fi 1838 PRNGD_SOCKET="$withval" 1839 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET") 1840 fi 1841 ], 1842 [ 1843 # Check for existing socket only if we don't have a random device already 1844 if test "$USE_RAND_HELPER" = yes ; then 1845 AC_MSG_CHECKING(for PRNGD/EGD socket) 1846 # Insert other locations here 1847 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 1848 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 1849 PRNGD_SOCKET="$sock" 1850 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET") 1851 break; 1852 fi 1853 done 1854 if test ! -z "$PRNGD_SOCKET" ; then 1855 AC_MSG_RESULT($PRNGD_SOCKET) 1856 else 1857 AC_MSG_RESULT(not found) 1858 fi 1859 fi 1860 ] 1861) 1862 1863# Change default command timeout for hashing entropy source 1864entropy_timeout=200 1865AC_ARG_WITH(entropy-timeout, 1866 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)], 1867 [ 1868 if test -n "$withval" && test "x$withval" != "xno" && \ 1869 test "x${withval}" != "xyes"; then 1870 entropy_timeout=$withval 1871 fi 1872 ] 1873) 1874AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout) 1875 1876SSH_PRIVSEP_USER=sshd 1877AC_ARG_WITH(privsep-user, 1878 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 1879 [ 1880 if test -n "$withval" && test "x$withval" != "xno" && \ 1881 test "x${withval}" != "xyes"; then 1882 SSH_PRIVSEP_USER=$withval 1883 fi 1884 ] 1885) 1886AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER") 1887AC_SUBST(SSH_PRIVSEP_USER) 1888 1889# We do this little dance with the search path to insure 1890# that programs that we select for use by installed programs 1891# (which may be run by the super-user) come from trusted 1892# locations before they come from the user's private area. 1893# This should help avoid accidentally configuring some 1894# random version of a program in someone's personal bin. 1895 1896OPATH=$PATH 1897PATH=/bin:/usr/bin 1898test -h /bin 2> /dev/null && PATH=/usr/bin 1899test -d /sbin && PATH=$PATH:/sbin 1900test -d /usr/sbin && PATH=$PATH:/usr/sbin 1901PATH=$PATH:/etc:$OPATH 1902 1903# These programs are used by the command hashing source to gather entropy 1904OSSH_PATH_ENTROPY_PROG(PROG_LS, ls) 1905OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat) 1906OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp) 1907OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig) 1908OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat) 1909OSSH_PATH_ENTROPY_PROG(PROG_PS, ps) 1910OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar) 1911OSSH_PATH_ENTROPY_PROG(PROG_W, w) 1912OSSH_PATH_ENTROPY_PROG(PROG_WHO, who) 1913OSSH_PATH_ENTROPY_PROG(PROG_LAST, last) 1914OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog) 1915OSSH_PATH_ENTROPY_PROG(PROG_DF, df) 1916OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat) 1917OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime) 1918OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs) 1919OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail) 1920# restore PATH 1921PATH=$OPATH 1922 1923# Where does ssh-rand-helper get its randomness from? 1924INSTALL_SSH_PRNG_CMDS="" 1925if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then 1926 if test ! -z "$PRNGD_PORT" ; then 1927 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT" 1928 elif test ! -z "$PRNGD_SOCKET" ; then 1929 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\"" 1930 else 1931 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)" 1932 RAND_HELPER_CMDHASH=yes 1933 INSTALL_SSH_PRNG_CMDS="yes" 1934 fi 1935fi 1936AC_SUBST(INSTALL_SSH_PRNG_CMDS) 1937 1938 1939# Cheap hack to ensure NEWS-OS libraries are arranged right. 1940if test ! -z "$SONY" ; then 1941 LIBS="$LIBS -liberty"; 1942fi 1943 1944# Checks for data types 1945AC_CHECK_SIZEOF(char, 1) 1946AC_CHECK_SIZEOF(short int, 2) 1947AC_CHECK_SIZEOF(int, 4) 1948AC_CHECK_SIZEOF(long int, 4) 1949AC_CHECK_SIZEOF(long long int, 8) 1950 1951# Sanity check long long for some platforms (AIX) 1952if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 1953 ac_cv_sizeof_long_long_int=0 1954fi 1955 1956# More checks for data types 1957AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 1958 AC_TRY_COMPILE( 1959 [ #include <sys/types.h> ], 1960 [ u_int a; a = 1;], 1961 [ ac_cv_have_u_int="yes" ], 1962 [ ac_cv_have_u_int="no" ] 1963 ) 1964]) 1965if test "x$ac_cv_have_u_int" = "xyes" ; then 1966 AC_DEFINE(HAVE_U_INT) 1967 have_u_int=1 1968fi 1969 1970AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 1971 AC_TRY_COMPILE( 1972 [ #include <sys/types.h> ], 1973 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], 1974 [ ac_cv_have_intxx_t="yes" ], 1975 [ ac_cv_have_intxx_t="no" ] 1976 ) 1977]) 1978if test "x$ac_cv_have_intxx_t" = "xyes" ; then 1979 AC_DEFINE(HAVE_INTXX_T) 1980 have_intxx_t=1 1981fi 1982 1983if (test -z "$have_intxx_t" && \ 1984 test "x$ac_cv_header_stdint_h" = "xyes") 1985then 1986 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 1987 AC_TRY_COMPILE( 1988 [ #include <stdint.h> ], 1989 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], 1990 [ 1991 AC_DEFINE(HAVE_INTXX_T) 1992 AC_MSG_RESULT(yes) 1993 ], 1994 [ AC_MSG_RESULT(no) ] 1995 ) 1996fi 1997 1998AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 1999 AC_TRY_COMPILE( 2000 [ 2001#include <sys/types.h> 2002#ifdef HAVE_STDINT_H 2003# include <stdint.h> 2004#endif 2005#include <sys/socket.h> 2006#ifdef HAVE_SYS_BITYPES_H 2007# include <sys/bitypes.h> 2008#endif 2009 ], 2010 [ int64_t a; a = 1;], 2011 [ ac_cv_have_int64_t="yes" ], 2012 [ ac_cv_have_int64_t="no" ] 2013 ) 2014]) 2015if test "x$ac_cv_have_int64_t" = "xyes" ; then 2016 AC_DEFINE(HAVE_INT64_T) 2017fi 2018 2019AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 2020 AC_TRY_COMPILE( 2021 [ #include <sys/types.h> ], 2022 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], 2023 [ ac_cv_have_u_intxx_t="yes" ], 2024 [ ac_cv_have_u_intxx_t="no" ] 2025 ) 2026]) 2027if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 2028 AC_DEFINE(HAVE_U_INTXX_T) 2029 have_u_intxx_t=1 2030fi 2031 2032if test -z "$have_u_intxx_t" ; then 2033 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 2034 AC_TRY_COMPILE( 2035 [ #include <sys/socket.h> ], 2036 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], 2037 [ 2038 AC_DEFINE(HAVE_U_INTXX_T) 2039 AC_MSG_RESULT(yes) 2040 ], 2041 [ AC_MSG_RESULT(no) ] 2042 ) 2043fi 2044 2045AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 2046 AC_TRY_COMPILE( 2047 [ #include <sys/types.h> ], 2048 [ u_int64_t a; a = 1;], 2049 [ ac_cv_have_u_int64_t="yes" ], 2050 [ ac_cv_have_u_int64_t="no" ] 2051 ) 2052]) 2053if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 2054 AC_DEFINE(HAVE_U_INT64_T) 2055 have_u_int64_t=1 2056fi 2057 2058if test -z "$have_u_int64_t" ; then 2059 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 2060 AC_TRY_COMPILE( 2061 [ #include <sys/bitypes.h> ], 2062 [ u_int64_t a; a = 1], 2063 [ 2064 AC_DEFINE(HAVE_U_INT64_T) 2065 AC_MSG_RESULT(yes) 2066 ], 2067 [ AC_MSG_RESULT(no) ] 2068 ) 2069fi 2070 2071if test -z "$have_u_intxx_t" ; then 2072 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 2073 AC_TRY_COMPILE( 2074 [ 2075#include <sys/types.h> 2076 ], 2077 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ], 2078 [ ac_cv_have_uintxx_t="yes" ], 2079 [ ac_cv_have_uintxx_t="no" ] 2080 ) 2081 ]) 2082 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 2083 AC_DEFINE(HAVE_UINTXX_T) 2084 fi 2085fi 2086 2087if test -z "$have_uintxx_t" ; then 2088 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 2089 AC_TRY_COMPILE( 2090 [ #include <stdint.h> ], 2091 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;], 2092 [ 2093 AC_DEFINE(HAVE_UINTXX_T) 2094 AC_MSG_RESULT(yes) 2095 ], 2096 [ AC_MSG_RESULT(no) ] 2097 ) 2098fi 2099 2100if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 2101 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 2102then 2103 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 2104 AC_TRY_COMPILE( 2105 [ 2106#include <sys/bitypes.h> 2107 ], 2108 [ 2109 int8_t a; int16_t b; int32_t c; 2110 u_int8_t e; u_int16_t f; u_int32_t g; 2111 a = b = c = e = f = g = 1; 2112 ], 2113 [ 2114 AC_DEFINE(HAVE_U_INTXX_T) 2115 AC_DEFINE(HAVE_INTXX_T) 2116 AC_MSG_RESULT(yes) 2117 ], 2118 [AC_MSG_RESULT(no)] 2119 ) 2120fi 2121 2122 2123AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 2124 AC_TRY_COMPILE( 2125 [ 2126#include <sys/types.h> 2127 ], 2128 [ u_char foo; foo = 125; ], 2129 [ ac_cv_have_u_char="yes" ], 2130 [ ac_cv_have_u_char="no" ] 2131 ) 2132]) 2133if test "x$ac_cv_have_u_char" = "xyes" ; then 2134 AC_DEFINE(HAVE_U_CHAR) 2135fi 2136 2137TYPE_SOCKLEN_T 2138 2139AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>]) 2140 2141AC_CHECK_TYPES(in_addr_t,,, 2142[#include <sys/types.h> 2143#include <netinet/in.h>]) 2144 2145AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 2146 AC_TRY_COMPILE( 2147 [ 2148#include <sys/types.h> 2149 ], 2150 [ size_t foo; foo = 1235; ], 2151 [ ac_cv_have_size_t="yes" ], 2152 [ ac_cv_have_size_t="no" ] 2153 ) 2154]) 2155if test "x$ac_cv_have_size_t" = "xyes" ; then 2156 AC_DEFINE(HAVE_SIZE_T) 2157fi 2158 2159AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 2160 AC_TRY_COMPILE( 2161 [ 2162#include <sys/types.h> 2163 ], 2164 [ ssize_t foo; foo = 1235; ], 2165 [ ac_cv_have_ssize_t="yes" ], 2166 [ ac_cv_have_ssize_t="no" ] 2167 ) 2168]) 2169if test "x$ac_cv_have_ssize_t" = "xyes" ; then 2170 AC_DEFINE(HAVE_SSIZE_T) 2171fi 2172 2173AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 2174 AC_TRY_COMPILE( 2175 [ 2176#include <time.h> 2177 ], 2178 [ clock_t foo; foo = 1235; ], 2179 [ ac_cv_have_clock_t="yes" ], 2180 [ ac_cv_have_clock_t="no" ] 2181 ) 2182]) 2183if test "x$ac_cv_have_clock_t" = "xyes" ; then 2184 AC_DEFINE(HAVE_CLOCK_T) 2185fi 2186 2187AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 2188 AC_TRY_COMPILE( 2189 [ 2190#include <sys/types.h> 2191#include <sys/socket.h> 2192 ], 2193 [ sa_family_t foo; foo = 1235; ], 2194 [ ac_cv_have_sa_family_t="yes" ], 2195 [ AC_TRY_COMPILE( 2196 [ 2197#include <sys/types.h> 2198#include <sys/socket.h> 2199#include <netinet/in.h> 2200 ], 2201 [ sa_family_t foo; foo = 1235; ], 2202 [ ac_cv_have_sa_family_t="yes" ], 2203 2204 [ ac_cv_have_sa_family_t="no" ] 2205 )] 2206 ) 2207]) 2208if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 2209 AC_DEFINE(HAVE_SA_FAMILY_T) 2210fi 2211 2212AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 2213 AC_TRY_COMPILE( 2214 [ 2215#include <sys/types.h> 2216 ], 2217 [ pid_t foo; foo = 1235; ], 2218 [ ac_cv_have_pid_t="yes" ], 2219 [ ac_cv_have_pid_t="no" ] 2220 ) 2221]) 2222if test "x$ac_cv_have_pid_t" = "xyes" ; then 2223 AC_DEFINE(HAVE_PID_T) 2224fi 2225 2226AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 2227 AC_TRY_COMPILE( 2228 [ 2229#include <sys/types.h> 2230 ], 2231 [ mode_t foo; foo = 1235; ], 2232 [ ac_cv_have_mode_t="yes" ], 2233 [ ac_cv_have_mode_t="no" ] 2234 ) 2235]) 2236if test "x$ac_cv_have_mode_t" = "xyes" ; then 2237 AC_DEFINE(HAVE_MODE_T) 2238fi 2239 2240 2241AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 2242 AC_TRY_COMPILE( 2243 [ 2244#include <sys/types.h> 2245#include <sys/socket.h> 2246 ], 2247 [ struct sockaddr_storage s; ], 2248 [ ac_cv_have_struct_sockaddr_storage="yes" ], 2249 [ ac_cv_have_struct_sockaddr_storage="no" ] 2250 ) 2251]) 2252if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 2253 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE) 2254fi 2255 2256AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 2257 AC_TRY_COMPILE( 2258 [ 2259#include <sys/types.h> 2260#include <netinet/in.h> 2261 ], 2262 [ struct sockaddr_in6 s; s.sin6_family = 0; ], 2263 [ ac_cv_have_struct_sockaddr_in6="yes" ], 2264 [ ac_cv_have_struct_sockaddr_in6="no" ] 2265 ) 2266]) 2267if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 2268 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6) 2269fi 2270 2271AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 2272 AC_TRY_COMPILE( 2273 [ 2274#include <sys/types.h> 2275#include <netinet/in.h> 2276 ], 2277 [ struct in6_addr s; s.s6_addr[0] = 0; ], 2278 [ ac_cv_have_struct_in6_addr="yes" ], 2279 [ ac_cv_have_struct_in6_addr="no" ] 2280 ) 2281]) 2282if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 2283 AC_DEFINE(HAVE_STRUCT_IN6_ADDR) 2284fi 2285 2286AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 2287 AC_TRY_COMPILE( 2288 [ 2289#include <sys/types.h> 2290#include <sys/socket.h> 2291#include <netdb.h> 2292 ], 2293 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ], 2294 [ ac_cv_have_struct_addrinfo="yes" ], 2295 [ ac_cv_have_struct_addrinfo="no" ] 2296 ) 2297]) 2298if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 2299 AC_DEFINE(HAVE_STRUCT_ADDRINFO) 2300fi 2301 2302AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 2303 AC_TRY_COMPILE( 2304 [ #include <sys/time.h> ], 2305 [ struct timeval tv; tv.tv_sec = 1;], 2306 [ ac_cv_have_struct_timeval="yes" ], 2307 [ ac_cv_have_struct_timeval="no" ] 2308 ) 2309]) 2310if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 2311 AC_DEFINE(HAVE_STRUCT_TIMEVAL) 2312 have_struct_timeval=1 2313fi 2314 2315AC_CHECK_TYPES(struct timespec) 2316 2317# We need int64_t or else certian parts of the compile will fail. 2318if test "x$ac_cv_have_int64_t" = "xno" && \ 2319 test "x$ac_cv_sizeof_long_int" != "x8" && \ 2320 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 2321 echo "OpenSSH requires int64_t support. Contact your vendor or install" 2322 echo "an alternative compiler (I.E., GCC) before continuing." 2323 echo "" 2324 exit 1; 2325else 2326dnl test snprintf (broken on SCO w/gcc) 2327 AC_RUN_IFELSE( 2328 [AC_LANG_SOURCE([[ 2329#include <stdio.h> 2330#include <string.h> 2331#ifdef HAVE_SNPRINTF 2332main() 2333{ 2334 char buf[50]; 2335 char expected_out[50]; 2336 int mazsize = 50 ; 2337#if (SIZEOF_LONG_INT == 8) 2338 long int num = 0x7fffffffffffffff; 2339#else 2340 long long num = 0x7fffffffffffffffll; 2341#endif 2342 strcpy(expected_out, "9223372036854775807"); 2343 snprintf(buf, mazsize, "%lld", num); 2344 if(strcmp(buf, expected_out) != 0) 2345 exit(1); 2346 exit(0); 2347} 2348#else 2349main() { exit(0); } 2350#endif 2351 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ], 2352 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 2353 ) 2354fi 2355 2356dnl Checks for structure members 2357OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP) 2358OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX) 2359OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX) 2360OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP) 2361OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP) 2362OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX) 2363OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP) 2364OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP) 2365OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX) 2366OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP) 2367OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX) 2368OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP) 2369OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX) 2370OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP) 2371OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP) 2372OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX) 2373OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX) 2374 2375AC_CHECK_MEMBERS([struct stat.st_blksize]) 2376 2377AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 2378 ac_cv_have_ss_family_in_struct_ss, [ 2379 AC_TRY_COMPILE( 2380 [ 2381#include <sys/types.h> 2382#include <sys/socket.h> 2383 ], 2384 [ struct sockaddr_storage s; s.ss_family = 1; ], 2385 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 2386 [ ac_cv_have_ss_family_in_struct_ss="no" ], 2387 ) 2388]) 2389if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 2390 AC_DEFINE(HAVE_SS_FAMILY_IN_SS) 2391fi 2392 2393AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 2394 ac_cv_have___ss_family_in_struct_ss, [ 2395 AC_TRY_COMPILE( 2396 [ 2397#include <sys/types.h> 2398#include <sys/socket.h> 2399 ], 2400 [ struct sockaddr_storage s; s.__ss_family = 1; ], 2401 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 2402 [ ac_cv_have___ss_family_in_struct_ss="no" ] 2403 ) 2404]) 2405if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 2406 AC_DEFINE(HAVE___SS_FAMILY_IN_SS) 2407fi 2408 2409AC_CACHE_CHECK([for pw_class field in struct passwd], 2410 ac_cv_have_pw_class_in_struct_passwd, [ 2411 AC_TRY_COMPILE( 2412 [ 2413#include <pwd.h> 2414 ], 2415 [ struct passwd p; p.pw_class = 0; ], 2416 [ ac_cv_have_pw_class_in_struct_passwd="yes" ], 2417 [ ac_cv_have_pw_class_in_struct_passwd="no" ] 2418 ) 2419]) 2420if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then 2421 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD) 2422fi 2423 2424AC_CACHE_CHECK([for pw_expire field in struct passwd], 2425 ac_cv_have_pw_expire_in_struct_passwd, [ 2426 AC_TRY_COMPILE( 2427 [ 2428#include <pwd.h> 2429 ], 2430 [ struct passwd p; p.pw_expire = 0; ], 2431 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ], 2432 [ ac_cv_have_pw_expire_in_struct_passwd="no" ] 2433 ) 2434]) 2435if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then 2436 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD) 2437fi 2438 2439AC_CACHE_CHECK([for pw_change field in struct passwd], 2440 ac_cv_have_pw_change_in_struct_passwd, [ 2441 AC_TRY_COMPILE( 2442 [ 2443#include <pwd.h> 2444 ], 2445 [ struct passwd p; p.pw_change = 0; ], 2446 [ ac_cv_have_pw_change_in_struct_passwd="yes" ], 2447 [ ac_cv_have_pw_change_in_struct_passwd="no" ] 2448 ) 2449]) 2450if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then 2451 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD) 2452fi 2453 2454dnl make sure we're using the real structure members and not defines 2455AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 2456 ac_cv_have_accrights_in_msghdr, [ 2457 AC_COMPILE_IFELSE( 2458 [ 2459#include <sys/types.h> 2460#include <sys/socket.h> 2461#include <sys/uio.h> 2462int main() { 2463#ifdef msg_accrights 2464#error "msg_accrights is a macro" 2465exit(1); 2466#endif 2467struct msghdr m; 2468m.msg_accrights = 0; 2469exit(0); 2470} 2471 ], 2472 [ ac_cv_have_accrights_in_msghdr="yes" ], 2473 [ ac_cv_have_accrights_in_msghdr="no" ] 2474 ) 2475]) 2476if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 2477 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR) 2478fi 2479 2480AC_CACHE_CHECK([for msg_control field in struct msghdr], 2481 ac_cv_have_control_in_msghdr, [ 2482 AC_COMPILE_IFELSE( 2483 [ 2484#include <sys/types.h> 2485#include <sys/socket.h> 2486#include <sys/uio.h> 2487int main() { 2488#ifdef msg_control 2489#error "msg_control is a macro" 2490exit(1); 2491#endif 2492struct msghdr m; 2493m.msg_control = 0; 2494exit(0); 2495} 2496 ], 2497 [ ac_cv_have_control_in_msghdr="yes" ], 2498 [ ac_cv_have_control_in_msghdr="no" ] 2499 ) 2500]) 2501if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 2502 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR) 2503fi 2504 2505AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 2506 AC_TRY_LINK([], 2507 [ extern char *__progname; printf("%s", __progname); ], 2508 [ ac_cv_libc_defines___progname="yes" ], 2509 [ ac_cv_libc_defines___progname="no" ] 2510 ) 2511]) 2512if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 2513 AC_DEFINE(HAVE___PROGNAME) 2514fi 2515 2516AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 2517 AC_TRY_LINK([ 2518#include <stdio.h> 2519], 2520 [ printf("%s", __FUNCTION__); ], 2521 [ ac_cv_cc_implements___FUNCTION__="yes" ], 2522 [ ac_cv_cc_implements___FUNCTION__="no" ] 2523 ) 2524]) 2525if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 2526 AC_DEFINE(HAVE___FUNCTION__) 2527fi 2528 2529AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 2530 AC_TRY_LINK([ 2531#include <stdio.h> 2532], 2533 [ printf("%s", __func__); ], 2534 [ ac_cv_cc_implements___func__="yes" ], 2535 [ ac_cv_cc_implements___func__="no" ] 2536 ) 2537]) 2538if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 2539 AC_DEFINE(HAVE___func__) 2540fi 2541 2542AC_CACHE_CHECK([whether getopt has optreset support], 2543 ac_cv_have_getopt_optreset, [ 2544 AC_TRY_LINK( 2545 [ 2546#include <getopt.h> 2547 ], 2548 [ extern int optreset; optreset = 0; ], 2549 [ ac_cv_have_getopt_optreset="yes" ], 2550 [ ac_cv_have_getopt_optreset="no" ] 2551 ) 2552]) 2553if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 2554 AC_DEFINE(HAVE_GETOPT_OPTRESET) 2555fi 2556 2557AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 2558 AC_TRY_LINK([], 2559 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);], 2560 [ ac_cv_libc_defines_sys_errlist="yes" ], 2561 [ ac_cv_libc_defines_sys_errlist="no" ] 2562 ) 2563]) 2564if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 2565 AC_DEFINE(HAVE_SYS_ERRLIST) 2566fi 2567 2568 2569AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 2570 AC_TRY_LINK([], 2571 [ extern int sys_nerr; printf("%i", sys_nerr);], 2572 [ ac_cv_libc_defines_sys_nerr="yes" ], 2573 [ ac_cv_libc_defines_sys_nerr="no" ] 2574 ) 2575]) 2576if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 2577 AC_DEFINE(HAVE_SYS_NERR) 2578fi 2579 2580SCARD_MSG="no" 2581# Check whether user wants sectok support 2582AC_ARG_WITH(sectok, 2583 [ --with-sectok Enable smartcard support using libsectok], 2584 [ 2585 if test "x$withval" != "xno" ; then 2586 if test "x$withval" != "xyes" ; then 2587 CPPFLAGS="$CPPFLAGS -I${withval}" 2588 LDFLAGS="$LDFLAGS -L${withval}" 2589 if test ! -z "$need_dash_r" ; then 2590 LDFLAGS="$LDFLAGS -R${withval}" 2591 fi 2592 if test ! -z "$blibpath" ; then 2593 blibpath="$blibpath:${withval}" 2594 fi 2595 fi 2596 AC_CHECK_HEADERS(sectok.h) 2597 if test "$ac_cv_header_sectok_h" != yes; then 2598 AC_MSG_ERROR(Can't find sectok.h) 2599 fi 2600 AC_CHECK_LIB(sectok, sectok_open) 2601 if test "$ac_cv_lib_sectok_sectok_open" != yes; then 2602 AC_MSG_ERROR(Can't find libsectok) 2603 fi 2604 AC_DEFINE(SMARTCARD) 2605 AC_DEFINE(USE_SECTOK) 2606 SCARD_MSG="yes, using sectok" 2607 fi 2608 ] 2609) 2610 2611# Check whether user wants OpenSC support 2612OPENSC_CONFIG="no" 2613AC_ARG_WITH(opensc, 2614 [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)], 2615 [ 2616 if test "x$withval" != "xno" ; then 2617 if test "x$withval" != "xyes" ; then 2618 OPENSC_CONFIG=$withval/bin/opensc-config 2619 else 2620 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no) 2621 fi 2622 if test "$OPENSC_CONFIG" != "no"; then 2623 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags` 2624 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs` 2625 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" 2626 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS" 2627 AC_DEFINE(SMARTCARD) 2628 AC_DEFINE(USE_OPENSC) 2629 SCARD_MSG="yes, using OpenSC" 2630 fi 2631 fi 2632 ] 2633) 2634 2635# Check libraries needed by DNS fingerprint support 2636AC_SEARCH_LIBS(getrrsetbyname, resolv, 2637 [AC_DEFINE(HAVE_GETRRSETBYNAME)], 2638 [ 2639 # Needed by our getrrsetbyname() 2640 AC_SEARCH_LIBS(res_query, resolv) 2641 AC_SEARCH_LIBS(dn_expand, resolv) 2642 AC_MSG_CHECKING(if res_query will link) 2643 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes), 2644 [AC_MSG_RESULT(no) 2645 saved_LIBS="$LIBS" 2646 LIBS="$LIBS -lresolv" 2647 AC_MSG_CHECKING(for res_query in -lresolv) 2648 AC_LINK_IFELSE([ 2649#include <resolv.h> 2650int main() 2651{ 2652 res_query (0, 0, 0, 0, 0); 2653 return 0; 2654} 2655 ], 2656 [LIBS="$LIBS -lresolv" 2657 AC_MSG_RESULT(yes)], 2658 [LIBS="$saved_LIBS" 2659 AC_MSG_RESULT(no)]) 2660 ]) 2661 AC_CHECK_FUNCS(_getshort _getlong) 2662 AC_CHECK_DECLS([_getshort, _getlong], , , 2663 [#include <sys/types.h> 2664 #include <arpa/nameser.h>]) 2665 AC_CHECK_MEMBER(HEADER.ad, 2666 [AC_DEFINE(HAVE_HEADER_AD)],, 2667 [#include <arpa/nameser.h>]) 2668 ]) 2669 2670# Check whether user wants Kerberos 5 support 2671KRB5_MSG="no" 2672AC_ARG_WITH(kerberos5, 2673 [ --with-kerberos5=PATH Enable Kerberos 5 support], 2674 [ if test "x$withval" != "xno" ; then 2675 if test "x$withval" = "xyes" ; then 2676 KRB5ROOT="/usr/local" 2677 else 2678 KRB5ROOT=${withval} 2679 fi 2680 2681 AC_DEFINE(KRB5) 2682 KRB5_MSG="yes" 2683 2684 AC_MSG_CHECKING(for krb5-config) 2685 if test -x $KRB5ROOT/bin/krb5-config ; then 2686 KRB5CONF=$KRB5ROOT/bin/krb5-config 2687 AC_MSG_RESULT($KRB5CONF) 2688 2689 AC_MSG_CHECKING(for gssapi support) 2690 if $KRB5CONF | grep gssapi >/dev/null ; then 2691 AC_MSG_RESULT(yes) 2692 AC_DEFINE(GSSAPI) 2693 k5confopts=gssapi 2694 else 2695 AC_MSG_RESULT(no) 2696 k5confopts="" 2697 fi 2698 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`" 2699 K5LIBS="`$KRB5CONF --libs $k5confopts`" 2700 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 2701 AC_MSG_CHECKING(whether we are using Heimdal) 2702 AC_TRY_COMPILE([ #include <krb5.h> ], 2703 [ char *tmp = heimdal_version; ], 2704 [ AC_MSG_RESULT(yes) 2705 AC_DEFINE(HEIMDAL) ], 2706 AC_MSG_RESULT(no) 2707 ) 2708 else 2709 AC_MSG_RESULT(no) 2710 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 2711 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 2712 AC_MSG_CHECKING(whether we are using Heimdal) 2713 AC_TRY_COMPILE([ #include <krb5.h> ], 2714 [ char *tmp = heimdal_version; ], 2715 [ AC_MSG_RESULT(yes) 2716 AC_DEFINE(HEIMDAL) 2717 K5LIBS="-lkrb5 -ldes" 2718 K5LIBS="$K5LIBS -lcom_err -lasn1" 2719 AC_CHECK_LIB(roken, net_write, 2720 [K5LIBS="$K5LIBS -lroken"]) 2721 ], 2722 [ AC_MSG_RESULT(no) 2723 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 2724 ] 2725 ) 2726 AC_SEARCH_LIBS(dn_expand, resolv) 2727 2728 AC_CHECK_LIB(gssapi,gss_init_sec_context, 2729 [ AC_DEFINE(GSSAPI) 2730 K5LIBS="-lgssapi $K5LIBS" ], 2731 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context, 2732 [ AC_DEFINE(GSSAPI) 2733 K5LIBS="-lgssapi_krb5 $K5LIBS" ], 2734 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]), 2735 $K5LIBS) 2736 ], 2737 $K5LIBS) 2738 2739 AC_CHECK_HEADER(gssapi.h, , 2740 [ unset ac_cv_header_gssapi_h 2741 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 2742 AC_CHECK_HEADERS(gssapi.h, , 2743 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 2744 ) 2745 ] 2746 ) 2747 2748 oldCPP="$CPPFLAGS" 2749 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 2750 AC_CHECK_HEADER(gssapi_krb5.h, , 2751 [ CPPFLAGS="$oldCPP" ]) 2752 2753 fi 2754 if test ! -z "$need_dash_r" ; then 2755 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 2756 fi 2757 if test ! -z "$blibpath" ; then 2758 blibpath="$blibpath:${KRB5ROOT}/lib" 2759 fi 2760 fi 2761 2762 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h) 2763 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h) 2764 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h) 2765 2766 LIBS="$LIBS $K5LIBS" 2767 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS)) 2768 ] 2769) 2770 2771# Looking for programs, paths and files 2772 2773PRIVSEP_PATH=/var/empty 2774AC_ARG_WITH(privsep-path, 2775 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 2776 [ 2777 if test -n "$withval" && test "x$withval" != "xno" && \ 2778 test "x${withval}" != "xyes"; then 2779 PRIVSEP_PATH=$withval 2780 fi 2781 ] 2782) 2783AC_SUBST(PRIVSEP_PATH) 2784 2785AC_ARG_WITH(xauth, 2786 [ --with-xauth=PATH Specify path to xauth program ], 2787 [ 2788 if test -n "$withval" && test "x$withval" != "xno" && \ 2789 test "x${withval}" != "xyes"; then 2790 xauth_path=$withval 2791 fi 2792 ], 2793 [ 2794 TestPath="$PATH" 2795 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 2796 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 2797 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 2798 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 2799 AC_PATH_PROG(xauth_path, xauth, , $TestPath) 2800 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 2801 xauth_path="/usr/openwin/bin/xauth" 2802 fi 2803 ] 2804) 2805 2806STRIP_OPT=-s 2807AC_ARG_ENABLE(strip, 2808 [ --disable-strip Disable calling strip(1) on install], 2809 [ 2810 if test "x$enableval" = "xno" ; then 2811 STRIP_OPT= 2812 fi 2813 ] 2814) 2815AC_SUBST(STRIP_OPT) 2816 2817if test -z "$xauth_path" ; then 2818 XAUTH_PATH="undefined" 2819 AC_SUBST(XAUTH_PATH) 2820else 2821 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path") 2822 XAUTH_PATH=$xauth_path 2823 AC_SUBST(XAUTH_PATH) 2824fi 2825 2826# Check for mail directory (last resort if we cannot get it from headers) 2827if test ! -z "$MAIL" ; then 2828 maildir=`dirname $MAIL` 2829 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir") 2830fi 2831 2832if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 2833 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 2834 disable_ptmx_check=yes 2835fi 2836if test -z "$no_dev_ptmx" ; then 2837 if test "x$disable_ptmx_check" != "xyes" ; then 2838 AC_CHECK_FILE("/dev/ptmx", 2839 [ 2840 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX) 2841 have_dev_ptmx=1 2842 ] 2843 ) 2844 fi 2845fi 2846 2847if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 2848 AC_CHECK_FILE("/dev/ptc", 2849 [ 2850 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) 2851 have_dev_ptc=1 2852 ] 2853 ) 2854else 2855 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 2856fi 2857 2858# Options from here on. Some of these are preset by platform above 2859AC_ARG_WITH(mantype, 2860 [ --with-mantype=man|cat|doc Set man page type], 2861 [ 2862 case "$withval" in 2863 man|cat|doc) 2864 MANTYPE=$withval 2865 ;; 2866 *) 2867 AC_MSG_ERROR(invalid man type: $withval) 2868 ;; 2869 esac 2870 ] 2871) 2872if test -z "$MANTYPE"; then 2873 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 2874 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath) 2875 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 2876 MANTYPE=doc 2877 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 2878 MANTYPE=man 2879 else 2880 MANTYPE=cat 2881 fi 2882fi 2883AC_SUBST(MANTYPE) 2884if test "$MANTYPE" = "doc"; then 2885 mansubdir=man; 2886else 2887 mansubdir=$MANTYPE; 2888fi 2889AC_SUBST(mansubdir) 2890 2891# Check whether to enable MD5 passwords 2892MD5_MSG="no" 2893AC_ARG_WITH(md5-passwords, 2894 [ --with-md5-passwords Enable use of MD5 passwords], 2895 [ 2896 if test "x$withval" != "xno" ; then 2897 AC_DEFINE(HAVE_MD5_PASSWORDS) 2898 MD5_MSG="yes" 2899 fi 2900 ] 2901) 2902 2903# Whether to disable shadow password support 2904AC_ARG_WITH(shadow, 2905 [ --without-shadow Disable shadow password support], 2906 [ 2907 if test "x$withval" = "xno" ; then 2908 AC_DEFINE(DISABLE_SHADOW) 2909 disable_shadow=yes 2910 fi 2911 ] 2912) 2913 2914if test -z "$disable_shadow" ; then 2915 AC_MSG_CHECKING([if the systems has expire shadow information]) 2916 AC_TRY_COMPILE( 2917 [ 2918#include <sys/types.h> 2919#include <shadow.h> 2920 struct spwd sp; 2921 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ], 2922 [ sp_expire_available=yes ], [] 2923 ) 2924 2925 if test "x$sp_expire_available" = "xyes" ; then 2926 AC_MSG_RESULT(yes) 2927 AC_DEFINE(HAS_SHADOW_EXPIRE) 2928 else 2929 AC_MSG_RESULT(no) 2930 fi 2931fi 2932 2933# Use ip address instead of hostname in $DISPLAY 2934if test ! -z "$IPADDR_IN_DISPLAY" ; then 2935 DISPLAY_HACK_MSG="yes" 2936 AC_DEFINE(IPADDR_IN_DISPLAY) 2937else 2938 DISPLAY_HACK_MSG="no" 2939 AC_ARG_WITH(ipaddr-display, 2940 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], 2941 [ 2942 if test "x$withval" != "xno" ; then 2943 AC_DEFINE(IPADDR_IN_DISPLAY) 2944 DISPLAY_HACK_MSG="yes" 2945 fi 2946 ] 2947 ) 2948fi 2949 2950# check for /etc/default/login and use it if present. 2951AC_ARG_ENABLE(etc-default-login, 2952 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 2953 [ if test "x$enableval" = "xno"; then 2954 AC_MSG_NOTICE([/etc/default/login handling disabled]) 2955 etc_default_login=no 2956 else 2957 etc_default_login=yes 2958 fi ], 2959 [ etc_default_login=yes ] 2960) 2961 2962if test "x$etc_default_login" != "xno"; then 2963 AC_CHECK_FILE("/etc/default/login", 2964 [ external_path_file=/etc/default/login ]) 2965 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 2966 then 2967 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test]) 2968 elif test "x$external_path_file" = "x/etc/default/login"; then 2969 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) 2970 fi 2971fi 2972 2973dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 2974if test $ac_cv_func_login_getcapbool = "yes" && \ 2975 test $ac_cv_header_login_cap_h = "yes" ; then 2976 external_path_file=/etc/login.conf 2977fi 2978 2979# Whether to mess with the default path 2980SERVER_PATH_MSG="(default)" 2981AC_ARG_WITH(default-path, 2982 [ --with-default-path= Specify default \$PATH environment for server], 2983 [ 2984 if test "x$external_path_file" = "x/etc/login.conf" ; then 2985 AC_MSG_WARN([ 2986--with-default-path=PATH has no effect on this system. 2987Edit /etc/login.conf instead.]) 2988 elif test "x$withval" != "xno" ; then 2989 if test ! -z "$external_path_file" ; then 2990 AC_MSG_WARN([ 2991--with-default-path=PATH will only be used if PATH is not defined in 2992$external_path_file .]) 2993 fi 2994 user_path="$withval" 2995 SERVER_PATH_MSG="$withval" 2996 fi 2997 ], 2998 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 2999 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 3000 else 3001 if test ! -z "$external_path_file" ; then 3002 AC_MSG_WARN([ 3003If PATH is defined in $external_path_file, ensure the path to scp is included, 3004otherwise scp will not work.]) 3005 fi 3006 AC_TRY_RUN( 3007 [ 3008/* find out what STDPATH is */ 3009#include <stdio.h> 3010#ifdef HAVE_PATHS_H 3011# include <paths.h> 3012#endif 3013#ifndef _PATH_STDPATH 3014# ifdef _PATH_USERPATH /* Irix */ 3015# define _PATH_STDPATH _PATH_USERPATH 3016# else 3017# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 3018# endif 3019#endif 3020#include <sys/types.h> 3021#include <sys/stat.h> 3022#include <fcntl.h> 3023#define DATA "conftest.stdpath" 3024 3025main() 3026{ 3027 FILE *fd; 3028 int rc; 3029 3030 fd = fopen(DATA,"w"); 3031 if(fd == NULL) 3032 exit(1); 3033 3034 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 3035 exit(1); 3036 3037 exit(0); 3038} 3039 ], [ user_path=`cat conftest.stdpath` ], 3040 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 3041 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 3042 ) 3043# make sure $bindir is in USER_PATH so scp will work 3044 t_bindir=`eval echo ${bindir}` 3045 case $t_bindir in 3046 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 3047 esac 3048 case $t_bindir in 3049 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 3050 esac 3051 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 3052 if test $? -ne 0 ; then 3053 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 3054 if test $? -ne 0 ; then 3055 user_path=$user_path:$t_bindir 3056 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work) 3057 fi 3058 fi 3059 fi ] 3060) 3061if test "x$external_path_file" != "x/etc/login.conf" ; then 3062 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path") 3063 AC_SUBST(user_path) 3064fi 3065 3066# Set superuser path separately to user path 3067AC_ARG_WITH(superuser-path, 3068 [ --with-superuser-path= Specify different path for super-user], 3069 [ 3070 if test -n "$withval" && test "x$withval" != "xno" && \ 3071 test "x${withval}" != "xyes"; then 3072 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval") 3073 superuser_path=$withval 3074 fi 3075 ] 3076) 3077 3078 3079AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 3080IPV4_IN6_HACK_MSG="no" 3081AC_ARG_WITH(4in6, 3082 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 3083 [ 3084 if test "x$withval" != "xno" ; then 3085 AC_MSG_RESULT(yes) 3086 AC_DEFINE(IPV4_IN_IPV6) 3087 IPV4_IN6_HACK_MSG="yes" 3088 else 3089 AC_MSG_RESULT(no) 3090 fi 3091 ],[ 3092 if test "x$inet6_default_4in6" = "xyes"; then 3093 AC_MSG_RESULT([yes (default)]) 3094 AC_DEFINE(IPV4_IN_IPV6) 3095 IPV4_IN6_HACK_MSG="yes" 3096 else 3097 AC_MSG_RESULT([no (default)]) 3098 fi 3099 ] 3100) 3101 3102# Whether to enable BSD auth support 3103BSD_AUTH_MSG=no 3104AC_ARG_WITH(bsd-auth, 3105 [ --with-bsd-auth Enable BSD auth support], 3106 [ 3107 if test "x$withval" != "xno" ; then 3108 AC_DEFINE(BSD_AUTH) 3109 BSD_AUTH_MSG=yes 3110 fi 3111 ] 3112) 3113 3114# Where to place sshd.pid 3115piddir=/var/run 3116# make sure the directory exists 3117if test ! -d $piddir ; then 3118 piddir=`eval echo ${sysconfdir}` 3119 case $piddir in 3120 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 3121 esac 3122fi 3123 3124AC_ARG_WITH(pid-dir, 3125 [ --with-pid-dir=PATH Specify location of ssh.pid file], 3126 [ 3127 if test -n "$withval" && test "x$withval" != "xno" && \ 3128 test "x${withval}" != "xyes"; then 3129 piddir=$withval 3130 if test ! -d $piddir ; then 3131 AC_MSG_WARN([** no $piddir directory on this system **]) 3132 fi 3133 fi 3134 ] 3135) 3136 3137AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir") 3138AC_SUBST(piddir) 3139 3140dnl allow user to disable some login recording features 3141AC_ARG_ENABLE(lastlog, 3142 [ --disable-lastlog disable use of lastlog even if detected [no]], 3143 [ 3144 if test "x$enableval" = "xno" ; then 3145 AC_DEFINE(DISABLE_LASTLOG) 3146 fi 3147 ] 3148) 3149AC_ARG_ENABLE(utmp, 3150 [ --disable-utmp disable use of utmp even if detected [no]], 3151 [ 3152 if test "x$enableval" = "xno" ; then 3153 AC_DEFINE(DISABLE_UTMP) 3154 fi 3155 ] 3156) 3157AC_ARG_ENABLE(utmpx, 3158 [ --disable-utmpx disable use of utmpx even if detected [no]], 3159 [ 3160 if test "x$enableval" = "xno" ; then 3161 AC_DEFINE(DISABLE_UTMPX) 3162 fi 3163 ] 3164) 3165AC_ARG_ENABLE(wtmp, 3166 [ --disable-wtmp disable use of wtmp even if detected [no]], 3167 [ 3168 if test "x$enableval" = "xno" ; then 3169 AC_DEFINE(DISABLE_WTMP) 3170 fi 3171 ] 3172) 3173AC_ARG_ENABLE(wtmpx, 3174 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 3175 [ 3176 if test "x$enableval" = "xno" ; then 3177 AC_DEFINE(DISABLE_WTMPX) 3178 fi 3179 ] 3180) 3181AC_ARG_ENABLE(libutil, 3182 [ --disable-libutil disable use of libutil (login() etc.) [no]], 3183 [ 3184 if test "x$enableval" = "xno" ; then 3185 AC_DEFINE(DISABLE_LOGIN) 3186 fi 3187 ] 3188) 3189AC_ARG_ENABLE(pututline, 3190 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 3191 [ 3192 if test "x$enableval" = "xno" ; then 3193 AC_DEFINE(DISABLE_PUTUTLINE) 3194 fi 3195 ] 3196) 3197AC_ARG_ENABLE(pututxline, 3198 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 3199 [ 3200 if test "x$enableval" = "xno" ; then 3201 AC_DEFINE(DISABLE_PUTUTXLINE) 3202 fi 3203 ] 3204) 3205AC_ARG_WITH(lastlog, 3206 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 3207 [ 3208 if test "x$withval" = "xno" ; then 3209 AC_DEFINE(DISABLE_LASTLOG) 3210 elif test -n "$withval" && test "x${withval}" != "xyes"; then 3211 conf_lastlog_location=$withval 3212 fi 3213 ] 3214) 3215 3216dnl lastlog, [uw]tmpx? detection 3217dnl NOTE: set the paths in the platform section to avoid the 3218dnl need for command-line parameters 3219dnl lastlog and [uw]tmp are subject to a file search if all else fails 3220 3221dnl lastlog detection 3222dnl NOTE: the code itself will detect if lastlog is a directory 3223AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 3224AC_TRY_COMPILE([ 3225#include <sys/types.h> 3226#include <utmp.h> 3227#ifdef HAVE_LASTLOG_H 3228# include <lastlog.h> 3229#endif 3230#ifdef HAVE_PATHS_H 3231# include <paths.h> 3232#endif 3233#ifdef HAVE_LOGIN_H 3234# include <login.h> 3235#endif 3236 ], 3237 [ char *lastlog = LASTLOG_FILE; ], 3238 [ AC_MSG_RESULT(yes) ], 3239 [ 3240 AC_MSG_RESULT(no) 3241 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 3242 AC_TRY_COMPILE([ 3243#include <sys/types.h> 3244#include <utmp.h> 3245#ifdef HAVE_LASTLOG_H 3246# include <lastlog.h> 3247#endif 3248#ifdef HAVE_PATHS_H 3249# include <paths.h> 3250#endif 3251 ], 3252 [ char *lastlog = _PATH_LASTLOG; ], 3253 [ AC_MSG_RESULT(yes) ], 3254 [ 3255 AC_MSG_RESULT(no) 3256 system_lastlog_path=no 3257 ]) 3258 ] 3259) 3260 3261if test -z "$conf_lastlog_location"; then 3262 if test x"$system_lastlog_path" = x"no" ; then 3263 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 3264 if (test -d "$f" || test -f "$f") ; then 3265 conf_lastlog_location=$f 3266 fi 3267 done 3268 if test -z "$conf_lastlog_location"; then 3269 AC_MSG_WARN([** Cannot find lastlog **]) 3270 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 3271 fi 3272 fi 3273fi 3274 3275if test -n "$conf_lastlog_location"; then 3276 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location") 3277fi 3278 3279dnl utmp detection 3280AC_MSG_CHECKING([if your system defines UTMP_FILE]) 3281AC_TRY_COMPILE([ 3282#include <sys/types.h> 3283#include <utmp.h> 3284#ifdef HAVE_PATHS_H 3285# include <paths.h> 3286#endif 3287 ], 3288 [ char *utmp = UTMP_FILE; ], 3289 [ AC_MSG_RESULT(yes) ], 3290 [ AC_MSG_RESULT(no) 3291 system_utmp_path=no ] 3292) 3293if test -z "$conf_utmp_location"; then 3294 if test x"$system_utmp_path" = x"no" ; then 3295 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 3296 if test -f $f ; then 3297 conf_utmp_location=$f 3298 fi 3299 done 3300 if test -z "$conf_utmp_location"; then 3301 AC_DEFINE(DISABLE_UTMP) 3302 fi 3303 fi 3304fi 3305if test -n "$conf_utmp_location"; then 3306 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location") 3307fi 3308 3309dnl wtmp detection 3310AC_MSG_CHECKING([if your system defines WTMP_FILE]) 3311AC_TRY_COMPILE([ 3312#include <sys/types.h> 3313#include <utmp.h> 3314#ifdef HAVE_PATHS_H 3315# include <paths.h> 3316#endif 3317 ], 3318 [ char *wtmp = WTMP_FILE; ], 3319 [ AC_MSG_RESULT(yes) ], 3320 [ AC_MSG_RESULT(no) 3321 system_wtmp_path=no ] 3322) 3323if test -z "$conf_wtmp_location"; then 3324 if test x"$system_wtmp_path" = x"no" ; then 3325 for f in /usr/adm/wtmp /var/log/wtmp; do 3326 if test -f $f ; then 3327 conf_wtmp_location=$f 3328 fi 3329 done 3330 if test -z "$conf_wtmp_location"; then 3331 AC_DEFINE(DISABLE_WTMP) 3332 fi 3333 fi 3334fi 3335if test -n "$conf_wtmp_location"; then 3336 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location") 3337fi 3338 3339 3340dnl utmpx detection - I don't know any system so perverse as to require 3341dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out 3342dnl there, though. 3343AC_MSG_CHECKING([if your system defines UTMPX_FILE]) 3344AC_TRY_COMPILE([ 3345#include <sys/types.h> 3346#include <utmp.h> 3347#ifdef HAVE_UTMPX_H 3348#include <utmpx.h> 3349#endif 3350#ifdef HAVE_PATHS_H 3351# include <paths.h> 3352#endif 3353 ], 3354 [ char *utmpx = UTMPX_FILE; ], 3355 [ AC_MSG_RESULT(yes) ], 3356 [ AC_MSG_RESULT(no) 3357 system_utmpx_path=no ] 3358) 3359if test -z "$conf_utmpx_location"; then 3360 if test x"$system_utmpx_path" = x"no" ; then 3361 AC_DEFINE(DISABLE_UTMPX) 3362 fi 3363else 3364 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location") 3365fi 3366 3367dnl wtmpx detection 3368AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 3369AC_TRY_COMPILE([ 3370#include <sys/types.h> 3371#include <utmp.h> 3372#ifdef HAVE_UTMPX_H 3373#include <utmpx.h> 3374#endif 3375#ifdef HAVE_PATHS_H 3376# include <paths.h> 3377#endif 3378 ], 3379 [ char *wtmpx = WTMPX_FILE; ], 3380 [ AC_MSG_RESULT(yes) ], 3381 [ AC_MSG_RESULT(no) 3382 system_wtmpx_path=no ] 3383) 3384if test -z "$conf_wtmpx_location"; then 3385 if test x"$system_wtmpx_path" = x"no" ; then 3386 AC_DEFINE(DISABLE_WTMPX) 3387 fi 3388else 3389 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location") 3390fi 3391 3392 3393if test ! -z "$blibpath" ; then 3394 LDFLAGS="$LDFLAGS $blibflags$blibpath" 3395 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 3396fi 3397 3398dnl remove pam and dl because they are in $LIBPAM 3399if test "$PAM_MSG" = yes ; then 3400 LIBS=`echo $LIBS | sed 's/-lpam //'` 3401fi 3402if test "$ac_cv_lib_pam_pam_set_item" = yes ; then 3403 LIBS=`echo $LIBS | sed 's/-ldl //'` 3404fi 3405 3406dnl Adding -Werror to CFLAGS early prevents configure tests from running. 3407dnl Add now. 3408CFLAGS="$CFLAGS $werror_flags" 3409 3410AC_EXEEXT 3411AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \ 3412 scard/Makefile ssh_prng_cmds survey.sh]) 3413AC_OUTPUT 3414 3415# Print summary of options 3416 3417# Someone please show me a better way :) 3418A=`eval echo ${prefix}` ; A=`eval echo ${A}` 3419B=`eval echo ${bindir}` ; B=`eval echo ${B}` 3420C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 3421D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 3422E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 3423F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 3424G=`eval echo ${piddir}` ; G=`eval echo ${G}` 3425H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 3426I=`eval echo ${user_path}` ; I=`eval echo ${I}` 3427J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 3428 3429echo "" 3430echo "OpenSSH has been configured with the following options:" 3431echo " User binaries: $B" 3432echo " System binaries: $C" 3433echo " Configuration files: $D" 3434echo " Askpass program: $E" 3435echo " Manual pages: $F" 3436echo " PID file: $G" 3437echo " Privilege separation chroot path: $H" 3438if test "x$external_path_file" = "x/etc/login.conf" ; then 3439echo " At runtime, sshd will use the path defined in $external_path_file" 3440echo " Make sure the path to scp is present, otherwise scp will not work" 3441else 3442echo " sshd default user PATH: $I" 3443 if test ! -z "$external_path_file"; then 3444echo " (If PATH is set in $external_path_file it will be used instead. If" 3445echo " used, ensure the path to scp is present, otherwise scp will not work.)" 3446 fi 3447fi 3448if test ! -z "$superuser_path" ; then 3449echo " sshd superuser user PATH: $J" 3450fi 3451echo " Manpage format: $MANTYPE" 3452echo " PAM support: $PAM_MSG" 3453echo " KerberosV support: $KRB5_MSG" 3454echo " Smartcard support: $SCARD_MSG" 3455echo " S/KEY support: $SKEY_MSG" 3456echo " TCP Wrappers support: $TCPW_MSG" 3457echo " MD5 password support: $MD5_MSG" 3458echo " libedit support: $LIBEDIT_MSG" 3459echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 3460echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 3461echo " BSD Auth support: $BSD_AUTH_MSG" 3462echo " Random number source: $RAND_MSG" 3463if test ! -z "$USE_RAND_HELPER" ; then 3464echo " ssh-rand-helper collects from: $RAND_HELPER_MSG" 3465fi 3466 3467echo "" 3468 3469echo " Host: ${host}" 3470echo " Compiler: ${CC}" 3471echo " Compiler flags: ${CFLAGS}" 3472echo "Preprocessor flags: ${CPPFLAGS}" 3473echo " Linker flags: ${LDFLAGS}" 3474echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}" 3475 3476echo "" 3477 3478if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 3479 echo "SVR4 style packages are supported with \"make package\"" 3480 echo "" 3481fi 3482 3483if test "x$PAM_MSG" = "xyes" ; then 3484 echo "PAM is enabled. You may need to install a PAM control file " 3485 echo "for sshd, otherwise password authentication may fail. " 3486 echo "Example PAM control files can be found in the contrib/ " 3487 echo "subdirectory" 3488 echo "" 3489fi 3490 3491if test ! -z "$RAND_HELPER_CMDHASH" ; then 3492 echo "WARNING: you are using the builtin random number collection " 3493 echo "service. Please read WARNING.RNG and request that your OS " 3494 echo "vendor includes kernel-based random number collection in " 3495 echo "future versions of your OS." 3496 echo "" 3497fi 3498 3499if test ! -z "$NO_PEERCHECK" ; then 3500 echo "WARNING: the operating system that you are using does not " 3501 echo "appear to support either the getpeereid() API nor the " 3502 echo "SO_PEERCRED getsockopt() option. These facilities are used to " 3503 echo "enforce security checks to prevent unauthorised connections to " 3504 echo "ssh-agent. Their absence increases the risk that a malicious " 3505 echo "user can connect to your agent. " 3506 echo "" 3507fi 3508 3509if test "$AUDIT_MODULE" = "bsm" ; then 3510 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 3511 echo "See the Solaris section in README.platform for details." 3512fi 3513