xref: /freebsd/crypto/openssh/configure.ac (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1# $Id: configure.ac,v 1.370 2006/10/06 23:07:21 dtucker Exp $
2#
3# Copyright (c) 1999-2004 Damien Miller
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18AC_REVISION($Revision: 1.370 $)
19AC_CONFIG_SRCDIR([ssh.c])
20
21AC_CONFIG_HEADER(config.h)
22AC_PROG_CC
23AC_CANONICAL_HOST
24AC_C_BIGENDIAN
25
26# Checks for programs.
27AC_PROG_AWK
28AC_PROG_CPP
29AC_PROG_RANLIB
30AC_PROG_INSTALL
31AC_PROG_EGREP
32AC_PATH_PROG(AR, ar)
33AC_PATH_PROG(CAT, cat)
34AC_PATH_PROG(KILL, kill)
35AC_PATH_PROGS(PERL, perl5 perl)
36AC_PATH_PROG(SED, sed)
37AC_SUBST(PERL)
38AC_PATH_PROG(ENT, ent)
39AC_SUBST(ENT)
40AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42AC_PATH_PROG(TEST_MINUS_S_SH, sh)
43AC_PATH_PROG(SH, sh)
44AC_SUBST(TEST_SHELL,sh)
45
46dnl for buildpkg.sh
47AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48	[/usr/sbin${PATH_SEPARATOR}/etc])
49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50	[/usr/sbin${PATH_SEPARATOR}/etc])
51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52if test -x /sbin/sh; then
53	AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55	AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
57
58# System features
59AC_SYS_LARGEFILE
60
61if test -z "$AR" ; then
62	AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
63fi
64
65# Use LOGIN_PROGRAM from environment if possible
66if test ! -z "$LOGIN_PROGRAM" ; then
67	AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68		[If your header files don't define LOGIN_PROGRAM,
69		then use this (detected) from environment and PATH])
70else
71	# Search for login
72	AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73	if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74		AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
75	fi
76fi
77
78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79if test ! -z "$PATH_PASSWD_PROG" ; then
80	AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81		[Full path of your "passwd" program])
82fi
83
84if test -z "$LD" ; then
85	LD=$CC
86fi
87AC_SUBST(LD)
88
89AC_C_INLINE
90
91AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
92
93if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94	CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95	GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
96	case $GCC_VER in
97		1.*) ;;
98		2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
99		2.*) ;;
100		3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101		4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
102		*) ;;
103	esac
104
105	if test -z "$have_llong_max"; then
106		# retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107		unset ac_cv_have_decl_LLONG_MAX
108		saved_CFLAGS="$CFLAGS"
109		CFLAGS="$CFLAGS -std=gnu99"
110		AC_CHECK_DECL(LLONG_MAX,
111		    [have_llong_max=1],
112		    [CFLAGS="$saved_CFLAGS"],
113		    [#include <limits.h>]
114		)
115	fi
116fi
117
118AC_ARG_WITH(rpath,
119	[  --without-rpath         Disable auto-added -R linker paths],
120	[
121		if test "x$withval" = "xno" ; then
122			need_dash_r=""
123		fi
124		if test "x$withval" = "xyes" ; then
125			need_dash_r=1
126		fi
127	]
128)
129
130# Allow user to specify flags
131AC_ARG_WITH(cflags,
132	[  --with-cflags           Specify additional flags to pass to compiler],
133	[
134		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
135		    test "x${withval}" != "xyes"; then
136			CFLAGS="$CFLAGS $withval"
137		fi
138	]
139)
140AC_ARG_WITH(cppflags,
141	[  --with-cppflags         Specify additional flags to pass to preprocessor] ,
142	[
143		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
144		    test "x${withval}" != "xyes"; then
145			CPPFLAGS="$CPPFLAGS $withval"
146		fi
147	]
148)
149AC_ARG_WITH(ldflags,
150	[  --with-ldflags          Specify additional flags to pass to linker],
151	[
152		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
153		    test "x${withval}" != "xyes"; then
154			LDFLAGS="$LDFLAGS $withval"
155		fi
156	]
157)
158AC_ARG_WITH(libs,
159	[  --with-libs             Specify additional libraries to link with],
160	[
161		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
162		    test "x${withval}" != "xyes"; then
163			LIBS="$LIBS $withval"
164		fi
165	]
166)
167AC_ARG_WITH(Werror,
168	[  --with-Werror           Build main code with -Werror],
169	[
170		if test -n "$withval"  &&  test "x$withval" != "xno"; then
171			werror_flags="-Werror"
172			if test "x${withval}" != "xyes"; then
173				werror_flags="$withval"
174			fi
175		fi
176	]
177)
178
179AC_CHECK_HEADERS( \
180	bstring.h \
181	crypt.h \
182	crypto/sha2.h \
183	dirent.h \
184	endian.h \
185	features.h \
186	fcntl.h \
187	floatingpoint.h \
188	getopt.h \
189	glob.h \
190	ia.h \
191	iaf.h \
192	limits.h \
193	login.h \
194	maillock.h \
195	ndir.h \
196	net/if_tun.h \
197	netdb.h \
198	netgroup.h \
199	pam/pam_appl.h \
200	paths.h \
201	pty.h \
202	readpassphrase.h \
203	rpc/types.h \
204	security/pam_appl.h \
205	sha2.h \
206	shadow.h \
207	stddef.h \
208	stdint.h \
209	string.h \
210	strings.h \
211	sys/audit.h \
212	sys/bitypes.h \
213	sys/bsdtty.h \
214	sys/cdefs.h \
215	sys/dir.h \
216	sys/mman.h \
217	sys/ndir.h \
218	sys/prctl.h \
219	sys/pstat.h \
220	sys/select.h \
221	sys/stat.h \
222	sys/stream.h \
223	sys/stropts.h \
224	sys/strtio.h \
225	sys/sysmacros.h \
226	sys/time.h \
227	sys/timers.h \
228	sys/un.h \
229	time.h \
230	tmpdir.h \
231	ttyent.h \
232	unistd.h \
233	usersec.h \
234	util.h \
235	utime.h \
236	utmp.h \
237	utmpx.h \
238	vis.h \
239)
240
241# lastlog.h requires sys/time.h to be included first on Solaris
242AC_CHECK_HEADERS(lastlog.h, [], [], [
243#ifdef HAVE_SYS_TIME_H
244# include <sys/time.h>
245#endif
246])
247
248# sys/ptms.h requires sys/stream.h to be included first on Solaris
249AC_CHECK_HEADERS(sys/ptms.h, [], [], [
250#ifdef HAVE_SYS_STREAM_H
251# include <sys/stream.h>
252#endif
253])
254
255# login_cap.h requires sys/types.h on NetBSD
256AC_CHECK_HEADERS(login_cap.h, [], [], [
257#include <sys/types.h>
258])
259
260# Messages for features tested for in target-specific section
261SIA_MSG="no"
262SPC_MSG="no"
263
264# Check for some target-specific stuff
265case "$host" in
266*-*-aix*)
267	# Some versions of VAC won't allow macro redefinitions at
268	# -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
269	# particularly with older versions of vac or xlc.
270	# It also throws errors about null macro argments, but these are
271	# not fatal.
272	AC_MSG_CHECKING(if compiler allows macro redefinitions)
273	AC_COMPILE_IFELSE(
274	    [AC_LANG_SOURCE([[
275#define testmacro foo
276#define testmacro bar
277int main(void) { exit(0); }
278	    ]])],
279	    [ AC_MSG_RESULT(yes) ],
280	    [ AC_MSG_RESULT(no)
281	      CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
282	      LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
283	      CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
284	      CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
285	    ]
286	)
287
288	AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
289	if (test -z "$blibpath"); then
290		blibpath="/usr/lib:/lib"
291	fi
292	saved_LDFLAGS="$LDFLAGS"
293	if test "$GCC" = "yes"; then
294		flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
295	else
296		flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
297	fi
298	for tryflags in $flags ;do
299		if (test -z "$blibflags"); then
300			LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
301			AC_TRY_LINK([], [], [blibflags=$tryflags])
302		fi
303	done
304	if (test -z "$blibflags"); then
305		AC_MSG_RESULT(not found)
306		AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
307	else
308		AC_MSG_RESULT($blibflags)
309	fi
310	LDFLAGS="$saved_LDFLAGS"
311	dnl Check for authenticate.  Might be in libs.a on older AIXes
312	AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
313		[Define if you want to enable AIX4's authenticate function])],
314		[AC_CHECK_LIB(s,authenticate,
315			[ AC_DEFINE(WITH_AIXAUTHENTICATE)
316				LIBS="$LIBS -ls"
317			])
318		])
319	dnl Check for various auth function declarations in headers.
320	AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
321	    passwdexpired, setauthdb], , , [#include <usersec.h>])
322	dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
323	AC_CHECK_DECLS(loginfailed,
324		 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
325		  AC_TRY_COMPILE(
326			[#include <usersec.h>],
327			[(void)loginfailed("user","host","tty",0);],
328			[AC_MSG_RESULT(yes)
329			 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
330				[Define if your AIX loginfailed() function
331				takes 4 arguments (AIX >= 5.2)])],
332			[AC_MSG_RESULT(no)]
333		)],
334		[],
335		[#include <usersec.h>]
336	)
337	AC_CHECK_FUNCS(setauthdb)
338	AC_CHECK_DECL(F_CLOSEM,
339	    AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
340	    [],
341	    [ #include <limits.h>
342	      #include <fcntl.h> ]
343	)
344	check_for_aix_broken_getaddrinfo=1
345	AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
346	AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
347	    [Define if your platform breaks doing a seteuid before a setuid])
348	AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
349	AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
350	dnl AIX handles lastlog as part of its login message
351	AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
352	AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
353		[Some systems need a utmpx entry for /bin/login to work])
354	AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
355		[Define to a Set Process Title type if your system is
356		supported by bsd-setproctitle.c])
357	AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
358	    [AIX 5.2 and 5.3 (and presumably newer) require this])
359	AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
360	;;
361*-*-cygwin*)
362	check_for_libcrypt_later=1
363	LIBS="$LIBS /usr/lib/textmode.o"
364	AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
365	AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
366	AC_DEFINE(DISABLE_SHADOW, 1,
367		[Define if you want to disable shadow passwords])
368	AC_DEFINE(IP_TOS_IS_BROKEN, 1,
369		[Define if your system choked on IP TOS setting])
370	AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
371		[Define if X11 doesn't support AF_UNIX sockets on that system])
372	AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
373		[Define if the concept of ports only accessible to
374		superusers isn't known])
375	AC_DEFINE(DISABLE_FD_PASSING, 1,
376		[Define if your platform needs to skip post auth
377		file descriptor passing])
378	;;
379*-*-dgux*)
380	AC_DEFINE(IP_TOS_IS_BROKEN)
381	AC_DEFINE(SETEUID_BREAKS_SETUID)
382	AC_DEFINE(BROKEN_SETREUID)
383	AC_DEFINE(BROKEN_SETREGID)
384	;;
385*-*-darwin*)
386	AC_MSG_CHECKING(if we have working getaddrinfo)
387	AC_TRY_RUN([#include <mach-o/dyld.h>
388main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
389		exit(0);
390	else
391		exit(1);
392}], [AC_MSG_RESULT(working)],
393	[AC_MSG_RESULT(buggy)
394	AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
395	[AC_MSG_RESULT(assume it is working)])
396	AC_DEFINE(SETEUID_BREAKS_SETUID)
397	AC_DEFINE(BROKEN_SETREUID)
398	AC_DEFINE(BROKEN_SETREGID)
399	AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
400		[Define if your resolver libs need this for getrrsetbyname])
401	AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
402	AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
403	    [Use tunnel device compatibility to OpenBSD])
404	AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
405	    [Prepend the address family to IP tunnel traffic])
406	;;
407*-*-dragonfly*)
408	SSHDLIBS="$SSHDLIBS -lcrypt"
409	;;
410*-*-hpux*)
411	# first we define all of the options common to all HP-UX releases
412	CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
413	IPADDR_IN_DISPLAY=yes
414	AC_DEFINE(USE_PIPES)
415	AC_DEFINE(LOGIN_NO_ENDOPT, 1,
416	    [Define if your login program cannot handle end of options ("--")])
417	AC_DEFINE(LOGIN_NEEDS_UTMPX)
418	AC_DEFINE(LOCKED_PASSWD_STRING, "*",
419		[String used in /etc/passwd to denote locked account])
420	AC_DEFINE(SPT_TYPE,SPT_PSTAT)
421	MAIL="/var/mail/username"
422	LIBS="$LIBS -lsec"
423	AC_CHECK_LIB(xnet, t_error, ,
424	    AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
425
426	# next, we define all of the options specific to major releases
427	case "$host" in
428	*-*-hpux10*)
429		if test -z "$GCC"; then
430			CFLAGS="$CFLAGS -Ae"
431		fi
432		;;
433	*-*-hpux11*)
434		AC_DEFINE(PAM_SUN_CODEBASE, 1,
435			[Define if you are using Solaris-derived PAM which
436			passes pam_messages to the conversation function
437			with an extra level of indirection])
438		AC_DEFINE(DISABLE_UTMP, 1,
439			[Define if you don't want to use utmp])
440		AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
441		check_for_hpux_broken_getaddrinfo=1
442		check_for_conflicting_getspnam=1
443		;;
444	esac
445
446	# lastly, we define options specific to minor releases
447	case "$host" in
448	*-*-hpux10.26)
449		AC_DEFINE(HAVE_SECUREWARE, 1,
450			[Define if you have SecureWare-based
451			protected password database])
452		disable_ptmx_check=yes
453		LIBS="$LIBS -lsecpw"
454		;;
455	esac
456	;;
457*-*-irix5*)
458	PATH="$PATH:/usr/etc"
459	AC_DEFINE(BROKEN_INET_NTOA, 1,
460		[Define if you system's inet_ntoa is busted
461		(e.g. Irix gcc issue)])
462	AC_DEFINE(SETEUID_BREAKS_SETUID)
463	AC_DEFINE(BROKEN_SETREUID)
464	AC_DEFINE(BROKEN_SETREGID)
465	AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
466		[Define if you shouldn't strip 'tty' from your
467		ttyname in [uw]tmp])
468	AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
469	;;
470*-*-irix6*)
471	PATH="$PATH:/usr/etc"
472	AC_DEFINE(WITH_IRIX_ARRAY, 1,
473		[Define if you have/want arrays
474		(cluster-wide session managment, not C arrays)])
475	AC_DEFINE(WITH_IRIX_PROJECT, 1,
476		[Define if you want IRIX project management])
477	AC_DEFINE(WITH_IRIX_AUDIT, 1,
478		[Define if you want IRIX audit trails])
479	AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
480		[Define if you want IRIX kernel jobs])])
481	AC_DEFINE(BROKEN_INET_NTOA)
482	AC_DEFINE(SETEUID_BREAKS_SETUID)
483	AC_DEFINE(BROKEN_SETREUID)
484	AC_DEFINE(BROKEN_SETREGID)
485	AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
486	AC_DEFINE(WITH_ABBREV_NO_TTY)
487	AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
488	;;
489*-*-linux*)
490	no_dev_ptmx=1
491	check_for_libcrypt_later=1
492	check_for_openpty_ctty_bug=1
493	AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
494	AC_DEFINE(PAM_TTY_KLUDGE, 1,
495		[Work around problematic Linux PAM modules handling of PAM_TTY])
496	AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
497		[String used in /etc/passwd to denote locked account])
498	AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
499	AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
500		[Define to whatever link() returns for "not supported"
501		if it doesn't return EOPNOTSUPP.])
502	AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
503	AC_DEFINE(USE_BTMP)
504	inet6_default_4in6=yes
505	case `uname -r` in
506	1.*|2.0.*)
507		AC_DEFINE(BROKEN_CMSG_TYPE, 1,
508			[Define if cmsg_type is not passed correctly])
509		;;
510	esac
511	# tun(4) forwarding compat code
512	AC_CHECK_HEADERS(linux/if_tun.h)
513	if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
514		AC_DEFINE(SSH_TUN_LINUX, 1,
515		    [Open tunnel devices the Linux tun/tap way])
516		AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
517		    [Use tunnel device compatibility to OpenBSD])
518		AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
519		    [Prepend the address family to IP tunnel traffic])
520	fi
521	;;
522mips-sony-bsd|mips-sony-newsos4)
523	AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
524	SONY=1
525	;;
526*-*-netbsd*)
527	check_for_libcrypt_before=1
528	if test "x$withval" != "xno" ; then
529		need_dash_r=1
530	fi
531	AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
532	AC_CHECK_HEADER([net/if_tap.h], ,
533	    AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
534	AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
535	    [Prepend the address family to IP tunnel traffic])
536	;;
537*-*-freebsd*)
538	check_for_libcrypt_later=1
539	AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
540	AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
541	AC_CHECK_HEADER([net/if_tap.h], ,
542	    AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
543	;;
544*-*-bsdi*)
545	AC_DEFINE(SETEUID_BREAKS_SETUID)
546	AC_DEFINE(BROKEN_SETREUID)
547	AC_DEFINE(BROKEN_SETREGID)
548	;;
549*-next-*)
550	conf_lastlog_location="/usr/adm/lastlog"
551	conf_utmp_location=/etc/utmp
552	conf_wtmp_location=/usr/adm/wtmp
553	MAIL=/usr/spool/mail
554	AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
555	AC_DEFINE(BROKEN_REALPATH)
556	AC_DEFINE(USE_PIPES)
557	AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
558	;;
559*-*-openbsd*)
560	AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
561	AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
562	AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
563	AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
564	    [syslog_r function is safe to use in in a signal handler])
565	;;
566*-*-solaris*)
567	if test "x$withval" != "xno" ; then
568		need_dash_r=1
569	fi
570	AC_DEFINE(PAM_SUN_CODEBASE)
571	AC_DEFINE(LOGIN_NEEDS_UTMPX)
572	AC_DEFINE(LOGIN_NEEDS_TERM, 1,
573		[Some versions of /bin/login need the TERM supplied
574		on the commandline])
575	AC_DEFINE(PAM_TTY_KLUDGE)
576	AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
577		[Define if pam_chauthtok wants real uid set
578		to the unpriv'ed user])
579	AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
580	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
581	AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
582		[Define if sshd somehow reacquires a controlling TTY
583		after setsid()])
584	AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
585		in case the name is longer than 8 chars])
586	external_path_file=/etc/default/login
587	# hardwire lastlog location (can't detect it on some versions)
588	conf_lastlog_location="/var/adm/lastlog"
589	AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
590	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
591	if test "$sol2ver" -ge 8; then
592		AC_MSG_RESULT(yes)
593		AC_DEFINE(DISABLE_UTMP)
594		AC_DEFINE(DISABLE_WTMP, 1,
595			[Define if you don't want to use wtmp])
596	else
597		AC_MSG_RESULT(no)
598	fi
599	AC_ARG_WITH(solaris-contracts,
600		[  --with-solaris-contracts Enable Solaris process contracts (experimental)],
601		[
602		AC_CHECK_LIB(contract, ct_tmpl_activate,
603			[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
604				[Define if you have Solaris process contracts])
605			  SSHDLIBS="$SSHDLIBS -lcontract"
606			  AC_SUBST(SSHDLIBS)
607			  SPC_MSG="yes" ], )
608		],
609	)
610	;;
611*-*-sunos4*)
612	CPPFLAGS="$CPPFLAGS -DSUNOS4"
613	AC_CHECK_FUNCS(getpwanam)
614	AC_DEFINE(PAM_SUN_CODEBASE)
615	conf_utmp_location=/etc/utmp
616	conf_wtmp_location=/var/adm/wtmp
617	conf_lastlog_location=/var/adm/lastlog
618	AC_DEFINE(USE_PIPES)
619	;;
620*-ncr-sysv*)
621	LIBS="$LIBS -lc89"
622	AC_DEFINE(USE_PIPES)
623	AC_DEFINE(SSHD_ACQUIRES_CTTY)
624	AC_DEFINE(SETEUID_BREAKS_SETUID)
625	AC_DEFINE(BROKEN_SETREUID)
626	AC_DEFINE(BROKEN_SETREGID)
627	;;
628*-sni-sysv*)
629	# /usr/ucblib MUST NOT be searched on ReliantUNIX
630	AC_CHECK_LIB(dl, dlsym, ,)
631	# -lresolv needs to be at the end of LIBS or DNS lookups break
632	AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
633	IPADDR_IN_DISPLAY=yes
634	AC_DEFINE(USE_PIPES)
635	AC_DEFINE(IP_TOS_IS_BROKEN)
636	AC_DEFINE(SETEUID_BREAKS_SETUID)
637	AC_DEFINE(BROKEN_SETREUID)
638	AC_DEFINE(BROKEN_SETREGID)
639	AC_DEFINE(SSHD_ACQUIRES_CTTY)
640	external_path_file=/etc/default/login
641	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
642	# Attention: always take care to bind libsocket and libnsl before libc,
643	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
644	;;
645# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
646*-*-sysv4.2*)
647	AC_DEFINE(USE_PIPES)
648	AC_DEFINE(SETEUID_BREAKS_SETUID)
649	AC_DEFINE(BROKEN_SETREUID)
650	AC_DEFINE(BROKEN_SETREGID)
651	AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
652	AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
653	;;
654# UnixWare 7.x, OpenUNIX 8
655*-*-sysv5*)
656	check_for_libcrypt_later=1
657	AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
658	AC_DEFINE(USE_PIPES)
659	AC_DEFINE(SETEUID_BREAKS_SETUID)
660	AC_DEFINE(BROKEN_SETREUID)
661	AC_DEFINE(BROKEN_SETREGID)
662	AC_DEFINE(PASSWD_NEEDS_USERNAME)
663	case "$host" in
664	*-*-sysv5SCO_SV*)	# SCO OpenServer 6.x
665		TEST_SHELL=/u95/bin/sh
666		AC_DEFINE(BROKEN_LIBIAF, 1,
667			[ia_uinfo routines not supported by OS yet])
668		AC_DEFINE(BROKEN_UPDWTMPX)
669		;;
670	*)	AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
671		;;
672	esac
673	;;
674*-*-sysv*)
675	;;
676# SCO UNIX and OEM versions of SCO UNIX
677*-*-sco3.2v4*)
678	AC_MSG_ERROR("This Platform is no longer supported.")
679	;;
680# SCO OpenServer 5.x
681*-*-sco3.2v5*)
682	if test -z "$GCC"; then
683		CFLAGS="$CFLAGS -belf"
684	fi
685	LIBS="$LIBS -lprot -lx -ltinfo -lm"
686	no_dev_ptmx=1
687	AC_DEFINE(USE_PIPES)
688	AC_DEFINE(HAVE_SECUREWARE)
689	AC_DEFINE(DISABLE_SHADOW)
690	AC_DEFINE(DISABLE_FD_PASSING)
691	AC_DEFINE(SETEUID_BREAKS_SETUID)
692	AC_DEFINE(BROKEN_SETREUID)
693	AC_DEFINE(BROKEN_SETREGID)
694	AC_DEFINE(WITH_ABBREV_NO_TTY)
695	AC_DEFINE(BROKEN_UPDWTMPX)
696	AC_DEFINE(PASSWD_NEEDS_USERNAME)
697	AC_CHECK_FUNCS(getluid setluid)
698	MANTYPE=man
699	TEST_SHELL=ksh
700	;;
701*-*-unicosmk*)
702	AC_DEFINE(NO_SSH_LASTLOG, 1,
703		[Define if you don't want to use lastlog in session.c])
704	AC_DEFINE(SETEUID_BREAKS_SETUID)
705	AC_DEFINE(BROKEN_SETREUID)
706	AC_DEFINE(BROKEN_SETREGID)
707	AC_DEFINE(USE_PIPES)
708	AC_DEFINE(DISABLE_FD_PASSING)
709	LDFLAGS="$LDFLAGS"
710	LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
711	MANTYPE=cat
712	;;
713*-*-unicosmp*)
714	AC_DEFINE(SETEUID_BREAKS_SETUID)
715	AC_DEFINE(BROKEN_SETREUID)
716	AC_DEFINE(BROKEN_SETREGID)
717	AC_DEFINE(WITH_ABBREV_NO_TTY)
718	AC_DEFINE(USE_PIPES)
719	AC_DEFINE(DISABLE_FD_PASSING)
720	LDFLAGS="$LDFLAGS"
721	LIBS="$LIBS -lgen -lacid -ldb"
722	MANTYPE=cat
723	;;
724*-*-unicos*)
725	AC_DEFINE(SETEUID_BREAKS_SETUID)
726	AC_DEFINE(BROKEN_SETREUID)
727	AC_DEFINE(BROKEN_SETREGID)
728	AC_DEFINE(USE_PIPES)
729	AC_DEFINE(DISABLE_FD_PASSING)
730	AC_DEFINE(NO_SSH_LASTLOG)
731	LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
732	LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
733	MANTYPE=cat
734	;;
735*-dec-osf*)
736	AC_MSG_CHECKING(for Digital Unix SIA)
737	no_osfsia=""
738	AC_ARG_WITH(osfsia,
739		[  --with-osfsia           Enable Digital Unix SIA],
740		[
741			if test "x$withval" = "xno" ; then
742				AC_MSG_RESULT(disabled)
743				no_osfsia=1
744			fi
745		],
746	)
747	if test -z "$no_osfsia" ; then
748		if test -f /etc/sia/matrix.conf; then
749			AC_MSG_RESULT(yes)
750			AC_DEFINE(HAVE_OSF_SIA, 1,
751				[Define if you have Digital Unix Security
752				Integration Architecture])
753			AC_DEFINE(DISABLE_LOGIN, 1,
754				[Define if you don't want to use your
755				system's login() call])
756			AC_DEFINE(DISABLE_FD_PASSING)
757			LIBS="$LIBS -lsecurity -ldb -lm -laud"
758			SIA_MSG="yes"
759		else
760			AC_MSG_RESULT(no)
761			AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
762			  [String used in /etc/passwd to denote locked account])
763		fi
764	fi
765	AC_DEFINE(BROKEN_GETADDRINFO)
766	AC_DEFINE(SETEUID_BREAKS_SETUID)
767	AC_DEFINE(BROKEN_SETREUID)
768	AC_DEFINE(BROKEN_SETREGID)
769	;;
770
771*-*-nto-qnx*)
772	AC_DEFINE(USE_PIPES)
773	AC_DEFINE(NO_X11_UNIX_SOCKETS)
774	AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
775	AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
776	AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
777	AC_DEFINE(DISABLE_LASTLOG)
778	AC_DEFINE(SSHD_ACQUIRES_CTTY)
779	enable_etc_default_login=no	# has incompatible /etc/default/login
780	;;
781
782*-*-ultrix*)
783	AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
784	AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
785	AC_DEFINE(NEED_SETPGRP)
786	AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
787	;;
788
789*-*-lynxos)
790        CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
791	AC_DEFINE(MISSING_HOWMANY)
792        AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
793        ;;
794esac
795
796AC_MSG_CHECKING(compiler and flags for sanity)
797AC_RUN_IFELSE(
798	[AC_LANG_SOURCE([
799#include <stdio.h>
800int main(){exit(0);}
801	])],
802	[	AC_MSG_RESULT(yes) ],
803	[
804		AC_MSG_RESULT(no)
805		AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
806	],
807	[	AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
808)
809
810dnl Checks for header files.
811# Checks for libraries.
812AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
813AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
814
815dnl IRIX and Solaris 2.5.1 have dirname() in libgen
816AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
817	AC_CHECK_LIB(gen, dirname,[
818		AC_CACHE_CHECK([for broken dirname],
819			ac_cv_have_broken_dirname, [
820			save_LIBS="$LIBS"
821			LIBS="$LIBS -lgen"
822			AC_RUN_IFELSE(
823				[AC_LANG_SOURCE([[
824#include <libgen.h>
825#include <string.h>
826
827int main(int argc, char **argv) {
828    char *s, buf[32];
829
830    strncpy(buf,"/etc", 32);
831    s = dirname(buf);
832    if (!s || strncmp(s, "/", 32) != 0) {
833	exit(1);
834    } else {
835	exit(0);
836    }
837}
838				]])],
839				[ ac_cv_have_broken_dirname="no" ],
840				[ ac_cv_have_broken_dirname="yes" ],
841				[ ac_cv_have_broken_dirname="no" ],
842			)
843			LIBS="$save_LIBS"
844		])
845		if test "x$ac_cv_have_broken_dirname" = "xno" ; then
846			LIBS="$LIBS -lgen"
847			AC_DEFINE(HAVE_DIRNAME)
848			AC_CHECK_HEADERS(libgen.h)
849		fi
850	])
851])
852
853AC_CHECK_FUNC(getspnam, ,
854	AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
855AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
856	[Define if you have the basename function.]))
857
858dnl zlib is required
859AC_ARG_WITH(zlib,
860	[  --with-zlib=PATH        Use zlib in PATH],
861	[ if test "x$withval" = "xno" ; then
862		AC_MSG_ERROR([*** zlib is required ***])
863	  elif test "x$withval" != "xyes"; then
864		if test -d "$withval/lib"; then
865			if test -n "${need_dash_r}"; then
866				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
867			else
868				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
869			fi
870		else
871			if test -n "${need_dash_r}"; then
872				LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
873			else
874				LDFLAGS="-L${withval} ${LDFLAGS}"
875			fi
876		fi
877		if test -d "$withval/include"; then
878			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
879		else
880			CPPFLAGS="-I${withval} ${CPPFLAGS}"
881		fi
882	fi ]
883)
884
885AC_CHECK_LIB(z, deflate, ,
886	[
887		saved_CPPFLAGS="$CPPFLAGS"
888		saved_LDFLAGS="$LDFLAGS"
889		save_LIBS="$LIBS"
890		dnl Check default zlib install dir
891		if test -n "${need_dash_r}"; then
892			LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
893		else
894			LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
895		fi
896		CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
897		LIBS="$LIBS -lz"
898		AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
899			[
900				AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
901			]
902		)
903	]
904)
905AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
906
907AC_ARG_WITH(zlib-version-check,
908	[  --without-zlib-version-check Disable zlib version check],
909	[  if test "x$withval" = "xno" ; then
910		zlib_check_nonfatal=1
911	   fi
912	]
913)
914
915AC_MSG_CHECKING(for possibly buggy zlib)
916AC_RUN_IFELSE([AC_LANG_SOURCE([[
917#include <stdio.h>
918#include <zlib.h>
919int main()
920{
921	int a=0, b=0, c=0, d=0, n, v;
922	n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
923	if (n != 3 && n != 4)
924		exit(1);
925	v = a*1000000 + b*10000 + c*100 + d;
926	fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
927
928	/* 1.1.4 is OK */
929	if (a == 1 && b == 1 && c >= 4)
930		exit(0);
931
932	/* 1.2.3 and up are OK */
933	if (v >= 1020300)
934		exit(0);
935
936	exit(2);
937}
938	]])],
939	AC_MSG_RESULT(no),
940	[ AC_MSG_RESULT(yes)
941	  if test -z "$zlib_check_nonfatal" ; then
942		AC_MSG_ERROR([*** zlib too old - check config.log ***
943Your reported zlib version has known security problems.  It's possible your
944vendor has fixed these problems without changing the version number.  If you
945are sure this is the case, you can disable the check by running
946"./configure --without-zlib-version-check".
947If you are in doubt, upgrade zlib to version 1.2.3 or greater.
948See http://www.gzip.org/zlib/ for details.])
949	  else
950		AC_MSG_WARN([zlib version may have security problems])
951	  fi
952	],
953	[	AC_MSG_WARN([cross compiling: not checking zlib version]) ]
954)
955
956dnl UnixWare 2.x
957AC_CHECK_FUNC(strcasecmp,
958	[], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
959)
960AC_CHECK_FUNCS(utimes,
961	[], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
962					LIBS="$LIBS -lc89"]) ]
963)
964
965dnl    Checks for libutil functions
966AC_CHECK_HEADERS(libutil.h)
967AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
968	[Define if your libraries define login()])])
969AC_CHECK_FUNCS(logout updwtmp logwtmp)
970
971AC_FUNC_STRFTIME
972
973# Check for ALTDIRFUNC glob() extension
974AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
975AC_EGREP_CPP(FOUNDIT,
976	[
977		#include <glob.h>
978		#ifdef GLOB_ALTDIRFUNC
979		FOUNDIT
980		#endif
981	],
982	[
983		AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
984			[Define if your system glob() function has
985			the GLOB_ALTDIRFUNC extension])
986		AC_MSG_RESULT(yes)
987	],
988	[
989		AC_MSG_RESULT(no)
990	]
991)
992
993# Check for g.gl_matchc glob() extension
994AC_MSG_CHECKING(for gl_matchc field in glob_t)
995AC_TRY_COMPILE(
996	[ #include <glob.h> ],
997	[glob_t g; g.gl_matchc = 1;],
998	[
999		AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1000			[Define if your system glob() function has
1001			gl_matchc options in glob_t])
1002		AC_MSG_RESULT(yes)
1003	],
1004	[
1005		AC_MSG_RESULT(no)
1006	]
1007)
1008
1009AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1010
1011AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1012AC_RUN_IFELSE(
1013	[AC_LANG_SOURCE([[
1014#include <sys/types.h>
1015#include <dirent.h>
1016int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1017	]])],
1018	[AC_MSG_RESULT(yes)],
1019	[
1020		AC_MSG_RESULT(no)
1021		AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1022			[Define if your struct dirent expects you to
1023			allocate extra space for d_name])
1024	],
1025	[
1026		AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1027		AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1028	]
1029)
1030
1031AC_MSG_CHECKING([for /proc/pid/fd directory])
1032if test -d "/proc/$$/fd" ; then
1033	AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1034	AC_MSG_RESULT(yes)
1035else
1036	AC_MSG_RESULT(no)
1037fi
1038
1039# Check whether user wants S/Key support
1040SKEY_MSG="no"
1041AC_ARG_WITH(skey,
1042	[  --with-skey[[=PATH]]      Enable S/Key support (optionally in PATH)],
1043	[
1044		if test "x$withval" != "xno" ; then
1045
1046			if test "x$withval" != "xyes" ; then
1047				CPPFLAGS="$CPPFLAGS -I${withval}/include"
1048				LDFLAGS="$LDFLAGS -L${withval}/lib"
1049			fi
1050
1051			AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1052			LIBS="-lskey $LIBS"
1053			SKEY_MSG="yes"
1054
1055			AC_MSG_CHECKING([for s/key support])
1056			AC_LINK_IFELSE(
1057				[AC_LANG_SOURCE([[
1058#include <stdio.h>
1059#include <skey.h>
1060int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1061				]])],
1062				[AC_MSG_RESULT(yes)],
1063				[
1064					AC_MSG_RESULT(no)
1065					AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1066				])
1067                 	AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1068			AC_TRY_COMPILE(
1069				[#include <stdio.h>
1070				 #include <skey.h>],
1071				[(void)skeychallenge(NULL,"name","",0);],
1072				[AC_MSG_RESULT(yes)
1073				 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1074					[Define if your skeychallenge()
1075					function takes 4 arguments (NetBSD)])],
1076				[AC_MSG_RESULT(no)]
1077        		)
1078		fi
1079	]
1080)
1081
1082# Check whether user wants OPIE support
1083OPIE_MSG="no"
1084AC_ARG_WITH(opie,
1085	[  --with-opie[[=PATH]]      Enable OPIE support
1086                            (optionally in PATH)],
1087	[
1088		if test "x$withval" != "xno" ; then
1089
1090			if test "x$withval" != "xyes" ; then
1091				CPPFLAGS="$CPPFLAGS -I${withval}/include"
1092				LDFLAGS="$LDFLAGS -L${withval}/lib"
1093			fi
1094
1095			AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1096			AC_DEFINE(OPIE, 1, [Define if S/Key is actually OPIE])
1097			LIBS="-lopie $LIBS"
1098			OPIE_MSG="yes"
1099
1100			AC_MSG_CHECKING([for opie support])
1101			AC_TRY_RUN(
1102				[
1103#include <sys/types.h>
1104#include <stdio.h>
1105#include <opie.h>
1106int main() { char *ff = opie_keyinfo(""); ff=""; return 0; }
1107				],
1108				[AC_MSG_RESULT(yes)],
1109				[
1110					AC_MSG_RESULT(no)
1111					AC_MSG_ERROR([** Incomplete or missing opie libraries.])
1112				])
1113		fi
1114	]
1115)
1116
1117# Check whether user wants TCP wrappers support
1118TCPW_MSG="no"
1119AC_ARG_WITH(tcp-wrappers,
1120	[  --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1121	[
1122		if test "x$withval" != "xno" ; then
1123			saved_LIBS="$LIBS"
1124			saved_LDFLAGS="$LDFLAGS"
1125			saved_CPPFLAGS="$CPPFLAGS"
1126			if test -n "${withval}" && \
1127			    test "x${withval}" != "xyes"; then
1128				if test -d "${withval}/lib"; then
1129					if test -n "${need_dash_r}"; then
1130						LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1131					else
1132						LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1133					fi
1134				else
1135					if test -n "${need_dash_r}"; then
1136						LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1137					else
1138						LDFLAGS="-L${withval} ${LDFLAGS}"
1139					fi
1140				fi
1141				if test -d "${withval}/include"; then
1142					CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1143				else
1144					CPPFLAGS="-I${withval} ${CPPFLAGS}"
1145				fi
1146			fi
1147			LIBWRAP="-lwrap"
1148			LIBS="$LIBWRAP $LIBS"
1149			AC_MSG_CHECKING(for libwrap)
1150			AC_TRY_LINK(
1151				[
1152#include <sys/types.h>
1153#include <sys/socket.h>
1154#include <netinet/in.h>
1155#include <tcpd.h>
1156					int deny_severity = 0, allow_severity = 0;
1157				],
1158				[hosts_access(0);],
1159				[
1160					AC_MSG_RESULT(yes)
1161					AC_DEFINE(LIBWRAP, 1,
1162						[Define if you want
1163						TCP Wrappers support])
1164					AC_SUBST(LIBWRAP)
1165					TCPW_MSG="yes"
1166				],
1167				[
1168					AC_MSG_ERROR([*** libwrap missing])
1169				]
1170			)
1171			LIBS="$saved_LIBS"
1172		fi
1173	]
1174)
1175
1176# Check whether user wants libedit support
1177LIBEDIT_MSG="no"
1178AC_ARG_WITH(libedit,
1179	[  --with-libedit[[=PATH]]   Enable libedit support for sftp],
1180	[ if test "x$withval" != "xno" ; then
1181		if test "x$withval" != "xyes"; then
1182			CPPFLAGS="$CPPFLAGS -I${withval}/include"
1183			if test -n "${need_dash_r}"; then
1184				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1185			else
1186				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1187			fi
1188		fi
1189		AC_CHECK_LIB(edit, el_init,
1190			[ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1191			  LIBEDIT="-ledit -lcurses"
1192			  LIBEDIT_MSG="yes"
1193			  AC_SUBST(LIBEDIT)
1194			],
1195			[ AC_MSG_ERROR(libedit not found) ],
1196			[ -lcurses ]
1197		)
1198		AC_MSG_CHECKING(if libedit version is compatible)
1199		AC_COMPILE_IFELSE(
1200		    [AC_LANG_SOURCE([[
1201#include <histedit.h>
1202int main(void)
1203{
1204	int i = H_SETSIZE;
1205	el_init("", NULL, NULL, NULL);
1206	exit(0);
1207}
1208		    ]])],
1209		    [ AC_MSG_RESULT(yes) ],
1210		    [ AC_MSG_RESULT(no)
1211		      AC_MSG_ERROR(libedit version is not compatible) ]
1212		)
1213	fi ]
1214)
1215
1216AUDIT_MODULE=none
1217AC_ARG_WITH(audit,
1218	[  --with-audit=module     Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1219	[
1220	  AC_MSG_CHECKING(for supported audit module)
1221	  case "$withval" in
1222	  bsm)
1223		AC_MSG_RESULT(bsm)
1224		AUDIT_MODULE=bsm
1225		dnl    Checks for headers, libs and functions
1226		AC_CHECK_HEADERS(bsm/audit.h, [],
1227		    [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1228		    [
1229#ifdef HAVE_TIME_H
1230# include <time.h>
1231#endif
1232		    ]
1233)
1234		AC_CHECK_LIB(bsm, getaudit, [],
1235		    [AC_MSG_ERROR(BSM enabled and required library not found)])
1236		AC_CHECK_FUNCS(getaudit, [],
1237		    [AC_MSG_ERROR(BSM enabled and required function not found)])
1238		# These are optional
1239		AC_CHECK_FUNCS(getaudit_addr)
1240		AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1241		;;
1242	  debug)
1243		AUDIT_MODULE=debug
1244		AC_MSG_RESULT(debug)
1245		AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1246		;;
1247	  no)
1248		AC_MSG_RESULT(no)
1249		;;
1250	  *)
1251		AC_MSG_ERROR([Unknown audit module $withval])
1252		;;
1253	esac ]
1254)
1255
1256dnl    Checks for library functions. Please keep in alphabetical order
1257AC_CHECK_FUNCS( \
1258	arc4random \
1259	asprintf \
1260	b64_ntop \
1261	__b64_ntop \
1262	b64_pton \
1263	__b64_pton \
1264	bcopy \
1265	bindresvport_sa \
1266	clock \
1267	closefrom \
1268	dirfd \
1269	fchmod \
1270	fchown \
1271	freeaddrinfo \
1272	futimes \
1273	getaddrinfo \
1274	getcwd \
1275	getgrouplist \
1276	getnameinfo \
1277	getopt \
1278	getpeereid \
1279	_getpty \
1280	getrlimit \
1281	getttyent \
1282	glob \
1283	inet_aton \
1284	inet_ntoa \
1285	inet_ntop \
1286	innetgr \
1287	login_getcapbool \
1288	md5_crypt \
1289	memmove \
1290	mkdtemp \
1291	mmap \
1292	ngetaddrinfo \
1293	nsleep \
1294	ogetaddrinfo \
1295	openlog_r \
1296	openpty \
1297	prctl \
1298	pstat \
1299	readpassphrase \
1300	realpath \
1301	recvmsg \
1302	rresvport_af \
1303	sendmsg \
1304	setdtablesize \
1305	setegid \
1306	setenv \
1307	seteuid \
1308	setgroups \
1309	setlogin \
1310	setpcred \
1311	setproctitle \
1312	setregid \
1313	setreuid \
1314	setrlimit \
1315	setsid \
1316	setvbuf \
1317	sigaction \
1318	sigvec \
1319	snprintf \
1320	socketpair \
1321	strdup \
1322	strerror \
1323	strlcat \
1324	strlcpy \
1325	strmode \
1326	strnvis \
1327	strtonum \
1328	strtoll \
1329	strtoul \
1330	sysconf \
1331	tcgetpgrp \
1332	truncate \
1333	unsetenv \
1334	updwtmpx \
1335	vasprintf \
1336	vhangup \
1337	vsnprintf \
1338	waitpid \
1339)
1340
1341# IRIX has a const char return value for gai_strerror()
1342AC_CHECK_FUNCS(gai_strerror,[
1343	AC_DEFINE(HAVE_GAI_STRERROR)
1344	AC_TRY_COMPILE([
1345#include <sys/types.h>
1346#include <sys/socket.h>
1347#include <netdb.h>
1348
1349const char *gai_strerror(int);],[
1350char *str;
1351
1352str = gai_strerror(0);],[
1353		AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1354		[Define if gai_strerror() returns const char *])])])
1355
1356AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1357	[Some systems put nanosleep outside of libc]))
1358
1359dnl Make sure prototypes are defined for these before using them.
1360AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1361AC_CHECK_DECL(strsep,
1362	[AC_CHECK_FUNCS(strsep)],
1363	[],
1364	[
1365#ifdef HAVE_STRING_H
1366# include <string.h>
1367#endif
1368	])
1369
1370dnl tcsendbreak might be a macro
1371AC_CHECK_DECL(tcsendbreak,
1372	[AC_DEFINE(HAVE_TCSENDBREAK)],
1373	[AC_CHECK_FUNCS(tcsendbreak)],
1374	[#include <termios.h>]
1375)
1376
1377AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1378
1379AC_CHECK_DECLS(SHUT_RD, , ,
1380	[
1381#include <sys/types.h>
1382#include <sys/socket.h>
1383	])
1384
1385AC_CHECK_DECLS(O_NONBLOCK, , ,
1386	[
1387#include <sys/types.h>
1388#ifdef HAVE_SYS_STAT_H
1389# include <sys/stat.h>
1390#endif
1391#ifdef HAVE_FCNTL_H
1392# include <fcntl.h>
1393#endif
1394	])
1395
1396AC_CHECK_DECLS(writev, , , [
1397#include <sys/types.h>
1398#include <sys/uio.h>
1399#include <unistd.h>
1400	])
1401
1402AC_CHECK_FUNCS(setresuid, [
1403	dnl Some platorms have setresuid that isn't implemented, test for this
1404	AC_MSG_CHECKING(if setresuid seems to work)
1405	AC_RUN_IFELSE(
1406		[AC_LANG_SOURCE([[
1407#include <stdlib.h>
1408#include <errno.h>
1409int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1410		]])],
1411		[AC_MSG_RESULT(yes)],
1412		[AC_DEFINE(BROKEN_SETRESUID, 1,
1413			[Define if your setresuid() is broken])
1414		 AC_MSG_RESULT(not implemented)],
1415		[AC_MSG_WARN([cross compiling: not checking setresuid])]
1416	)
1417])
1418
1419AC_CHECK_FUNCS(setresgid, [
1420	dnl Some platorms have setresgid that isn't implemented, test for this
1421	AC_MSG_CHECKING(if setresgid seems to work)
1422	AC_RUN_IFELSE(
1423		[AC_LANG_SOURCE([[
1424#include <stdlib.h>
1425#include <errno.h>
1426int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1427		]])],
1428		[AC_MSG_RESULT(yes)],
1429		[AC_DEFINE(BROKEN_SETRESGID, 1,
1430			[Define if your setresgid() is broken])
1431		 AC_MSG_RESULT(not implemented)],
1432		[AC_MSG_WARN([cross compiling: not checking setresuid])]
1433	)
1434])
1435
1436dnl    Checks for time functions
1437AC_CHECK_FUNCS(gettimeofday time)
1438dnl    Checks for utmp functions
1439AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1440AC_CHECK_FUNCS(utmpname)
1441dnl    Checks for utmpx functions
1442AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1443AC_CHECK_FUNCS(setutxent utmpxname)
1444
1445AC_CHECK_FUNC(daemon,
1446	[AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1447	[AC_CHECK_LIB(bsd, daemon,
1448		[LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1449)
1450
1451AC_CHECK_FUNC(getpagesize,
1452	[AC_DEFINE(HAVE_GETPAGESIZE, 1,
1453		[Define if your libraries define getpagesize()])],
1454	[AC_CHECK_LIB(ucb, getpagesize,
1455		[LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1456)
1457
1458# Check for broken snprintf
1459if test "x$ac_cv_func_snprintf" = "xyes" ; then
1460	AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1461	AC_RUN_IFELSE(
1462		[AC_LANG_SOURCE([[
1463#include <stdio.h>
1464int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1465		]])],
1466		[AC_MSG_RESULT(yes)],
1467		[
1468			AC_MSG_RESULT(no)
1469			AC_DEFINE(BROKEN_SNPRINTF, 1,
1470				[Define if your snprintf is busted])
1471			AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1472		],
1473		[ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1474	)
1475fi
1476
1477# If we don't have a working asprintf, then we strongly depend on vsnprintf
1478# returning the right thing on overflow: the number of characters it tried to
1479# create (as per SUSv3)
1480if test "x$ac_cv_func_asprintf" != "xyes" && \
1481   test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1482	AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1483	AC_RUN_IFELSE(
1484		[AC_LANG_SOURCE([[
1485#include <sys/types.h>
1486#include <stdio.h>
1487#include <stdarg.h>
1488
1489int x_snprintf(char *str,size_t count,const char *fmt,...)
1490{
1491	size_t ret; va_list ap;
1492	va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1493	return ret;
1494}
1495int main(void)
1496{
1497	char x[1];
1498	exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1499} ]])],
1500		[AC_MSG_RESULT(yes)],
1501		[
1502			AC_MSG_RESULT(no)
1503			AC_DEFINE(BROKEN_SNPRINTF, 1,
1504				[Define if your snprintf is busted])
1505			AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1506		],
1507		[ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1508	)
1509fi
1510
1511# On systems where [v]snprintf is broken, but is declared in stdio,
1512# check that the fmt argument is const char * or just char *.
1513# This is only useful for when BROKEN_SNPRINTF
1514AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1515AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1516	   int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1517	   int main(void) { snprintf(0, 0, 0); }
1518    ]])],
1519   [AC_MSG_RESULT(yes)
1520    AC_DEFINE(SNPRINTF_CONST, [const],
1521              [Define as const if snprintf() can declare const char *fmt])],
1522   [AC_MSG_RESULT(no)
1523    AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1524
1525# Check for missing getpeereid (or equiv) support
1526NO_PEERCHECK=""
1527if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1528	AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1529	AC_TRY_COMPILE(
1530		[#include <sys/types.h>
1531		 #include <sys/socket.h>],
1532		[int i = SO_PEERCRED;],
1533		[ AC_MSG_RESULT(yes)
1534		  AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1535		],
1536		[AC_MSG_RESULT(no)
1537		NO_PEERCHECK=1]
1538        )
1539fi
1540
1541dnl see whether mkstemp() requires XXXXXX
1542if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1543AC_MSG_CHECKING([for (overly) strict mkstemp])
1544AC_RUN_IFELSE(
1545	[AC_LANG_SOURCE([[
1546#include <stdlib.h>
1547main() { char template[]="conftest.mkstemp-test";
1548if (mkstemp(template) == -1)
1549	exit(1);
1550unlink(template); exit(0);
1551}
1552	]])],
1553	[
1554		AC_MSG_RESULT(no)
1555	],
1556	[
1557		AC_MSG_RESULT(yes)
1558		AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1559	],
1560	[
1561		AC_MSG_RESULT(yes)
1562		AC_DEFINE(HAVE_STRICT_MKSTEMP)
1563	]
1564)
1565fi
1566
1567dnl make sure that openpty does not reacquire controlling terminal
1568if test ! -z "$check_for_openpty_ctty_bug"; then
1569	AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1570	AC_RUN_IFELSE(
1571		[AC_LANG_SOURCE([[
1572#include <stdio.h>
1573#include <sys/fcntl.h>
1574#include <sys/types.h>
1575#include <sys/wait.h>
1576
1577int
1578main()
1579{
1580	pid_t pid;
1581	int fd, ptyfd, ttyfd, status;
1582
1583	pid = fork();
1584	if (pid < 0) {		/* failed */
1585		exit(1);
1586	} else if (pid > 0) {	/* parent */
1587		waitpid(pid, &status, 0);
1588		if (WIFEXITED(status))
1589			exit(WEXITSTATUS(status));
1590		else
1591			exit(2);
1592	} else {		/* child */
1593		close(0); close(1); close(2);
1594		setsid();
1595		openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1596		fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1597		if (fd >= 0)
1598			exit(3);	/* Acquired ctty: broken */
1599		else
1600			exit(0);	/* Did not acquire ctty: OK */
1601	}
1602}
1603		]])],
1604		[
1605			AC_MSG_RESULT(yes)
1606		],
1607		[
1608			AC_MSG_RESULT(no)
1609			AC_DEFINE(SSHD_ACQUIRES_CTTY)
1610		],
1611		[
1612			AC_MSG_RESULT(cross-compiling, assuming yes)
1613		]
1614	)
1615fi
1616
1617if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1618    test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1619	AC_MSG_CHECKING(if getaddrinfo seems to work)
1620	AC_RUN_IFELSE(
1621		[AC_LANG_SOURCE([[
1622#include <stdio.h>
1623#include <sys/socket.h>
1624#include <netdb.h>
1625#include <errno.h>
1626#include <netinet/in.h>
1627
1628#define TEST_PORT "2222"
1629
1630int
1631main(void)
1632{
1633	int err, sock;
1634	struct addrinfo *gai_ai, *ai, hints;
1635	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1636
1637	memset(&hints, 0, sizeof(hints));
1638	hints.ai_family = PF_UNSPEC;
1639	hints.ai_socktype = SOCK_STREAM;
1640	hints.ai_flags = AI_PASSIVE;
1641
1642	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1643	if (err != 0) {
1644		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1645		exit(1);
1646	}
1647
1648	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1649		if (ai->ai_family != AF_INET6)
1650			continue;
1651
1652		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1653		    sizeof(ntop), strport, sizeof(strport),
1654		    NI_NUMERICHOST|NI_NUMERICSERV);
1655
1656		if (err != 0) {
1657			if (err == EAI_SYSTEM)
1658				perror("getnameinfo EAI_SYSTEM");
1659			else
1660				fprintf(stderr, "getnameinfo failed: %s\n",
1661				    gai_strerror(err));
1662			exit(2);
1663		}
1664
1665		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1666		if (sock < 0)
1667			perror("socket");
1668		if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1669			if (errno == EBADF)
1670				exit(3);
1671		}
1672	}
1673	exit(0);
1674}
1675		]])],
1676		[
1677			AC_MSG_RESULT(yes)
1678		],
1679		[
1680			AC_MSG_RESULT(no)
1681			AC_DEFINE(BROKEN_GETADDRINFO)
1682		],
1683		[
1684			AC_MSG_RESULT(cross-compiling, assuming yes)
1685		]
1686	)
1687fi
1688
1689if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1690    test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1691	AC_MSG_CHECKING(if getaddrinfo seems to work)
1692	AC_RUN_IFELSE(
1693		[AC_LANG_SOURCE([[
1694#include <stdio.h>
1695#include <sys/socket.h>
1696#include <netdb.h>
1697#include <errno.h>
1698#include <netinet/in.h>
1699
1700#define TEST_PORT "2222"
1701
1702int
1703main(void)
1704{
1705	int err, sock;
1706	struct addrinfo *gai_ai, *ai, hints;
1707	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1708
1709	memset(&hints, 0, sizeof(hints));
1710	hints.ai_family = PF_UNSPEC;
1711	hints.ai_socktype = SOCK_STREAM;
1712	hints.ai_flags = AI_PASSIVE;
1713
1714	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1715	if (err != 0) {
1716		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1717		exit(1);
1718	}
1719
1720	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1721		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1722			continue;
1723
1724		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1725		    sizeof(ntop), strport, sizeof(strport),
1726		    NI_NUMERICHOST|NI_NUMERICSERV);
1727
1728		if (ai->ai_family == AF_INET && err != 0) {
1729			perror("getnameinfo");
1730			exit(2);
1731		}
1732	}
1733	exit(0);
1734}
1735		]])],
1736		[
1737			AC_MSG_RESULT(yes)
1738			AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1739				[Define if you have a getaddrinfo that fails
1740				for the all-zeros IPv6 address])
1741		],
1742		[
1743			AC_MSG_RESULT(no)
1744			AC_DEFINE(BROKEN_GETADDRINFO)
1745		],
1746		[
1747			AC_MSG_RESULT(cross-compiling, assuming no)
1748		]
1749	)
1750fi
1751
1752if test "x$check_for_conflicting_getspnam" = "x1"; then
1753	AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1754	AC_COMPILE_IFELSE(
1755		[
1756#include <shadow.h>
1757int main(void) {exit(0);}
1758		],
1759		[
1760			AC_MSG_RESULT(no)
1761		],
1762		[
1763			AC_MSG_RESULT(yes)
1764			AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1765			    [Conflicting defs for getspnam])
1766		]
1767	)
1768fi
1769
1770AC_FUNC_GETPGRP
1771
1772# Search for OpenSSL
1773saved_CPPFLAGS="$CPPFLAGS"
1774saved_LDFLAGS="$LDFLAGS"
1775AC_ARG_WITH(ssl-dir,
1776	[  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
1777	[
1778		if test "x$withval" != "xno" ; then
1779			case "$withval" in
1780				# Relative paths
1781				./*|../*)	withval="`pwd`/$withval"
1782			esac
1783			if test -d "$withval/lib"; then
1784				if test -n "${need_dash_r}"; then
1785					LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1786				else
1787					LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1788				fi
1789			else
1790				if test -n "${need_dash_r}"; then
1791					LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1792				else
1793					LDFLAGS="-L${withval} ${LDFLAGS}"
1794				fi
1795			fi
1796			if test -d "$withval/include"; then
1797				CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1798			else
1799				CPPFLAGS="-I${withval} ${CPPFLAGS}"
1800			fi
1801		fi
1802	]
1803)
1804LIBS="-lcrypto $LIBS"
1805AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1806	[Define if your ssl headers are included
1807	with #include <openssl/header.h>]),
1808	[
1809		dnl Check default openssl install dir
1810		if test -n "${need_dash_r}"; then
1811			LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1812		else
1813			LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1814		fi
1815		CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1816		AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1817			[
1818				AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1819			]
1820		)
1821	]
1822)
1823
1824# Determine OpenSSL header version
1825AC_MSG_CHECKING([OpenSSL header version])
1826AC_RUN_IFELSE(
1827	[AC_LANG_SOURCE([[
1828#include <stdio.h>
1829#include <string.h>
1830#include <openssl/opensslv.h>
1831#define DATA "conftest.sslincver"
1832int main(void) {
1833	FILE *fd;
1834	int rc;
1835
1836	fd = fopen(DATA,"w");
1837	if(fd == NULL)
1838		exit(1);
1839
1840	if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1841		exit(1);
1842
1843	exit(0);
1844}
1845	]])],
1846	[
1847		ssl_header_ver=`cat conftest.sslincver`
1848		AC_MSG_RESULT($ssl_header_ver)
1849	],
1850	[
1851		AC_MSG_RESULT(not found)
1852		AC_MSG_ERROR(OpenSSL version header not found.)
1853	],
1854	[
1855		AC_MSG_WARN([cross compiling: not checking])
1856	]
1857)
1858
1859# Determine OpenSSL library version
1860AC_MSG_CHECKING([OpenSSL library version])
1861AC_RUN_IFELSE(
1862	[AC_LANG_SOURCE([[
1863#include <stdio.h>
1864#include <string.h>
1865#include <openssl/opensslv.h>
1866#include <openssl/crypto.h>
1867#define DATA "conftest.ssllibver"
1868int main(void) {
1869	FILE *fd;
1870	int rc;
1871
1872	fd = fopen(DATA,"w");
1873	if(fd == NULL)
1874		exit(1);
1875
1876	if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1877		exit(1);
1878
1879	exit(0);
1880}
1881	]])],
1882	[
1883		ssl_library_ver=`cat conftest.ssllibver`
1884		AC_MSG_RESULT($ssl_library_ver)
1885	],
1886	[
1887		AC_MSG_RESULT(not found)
1888		AC_MSG_ERROR(OpenSSL library not found.)
1889	],
1890	[
1891		AC_MSG_WARN([cross compiling: not checking])
1892	]
1893)
1894
1895# Sanity check OpenSSL headers
1896AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1897AC_RUN_IFELSE(
1898	[AC_LANG_SOURCE([[
1899#include <string.h>
1900#include <openssl/opensslv.h>
1901int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1902	]])],
1903	[
1904		AC_MSG_RESULT(yes)
1905	],
1906	[
1907		AC_MSG_RESULT(no)
1908		AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1909Check config.log for details.
1910Also see contrib/findssl.sh for help identifying header/library mismatches.])
1911	],
1912	[
1913		AC_MSG_WARN([cross compiling: not checking])
1914	]
1915)
1916
1917AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1918AC_LINK_IFELSE(
1919	[AC_LANG_SOURCE([[
1920#include <openssl/evp.h>
1921int main(void) { SSLeay_add_all_algorithms(); }
1922	]])],
1923	[
1924		AC_MSG_RESULT(yes)
1925	],
1926	[
1927		AC_MSG_RESULT(no)
1928		saved_LIBS="$LIBS"
1929		LIBS="$LIBS -ldl"
1930		AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1931		AC_LINK_IFELSE(
1932			[AC_LANG_SOURCE([[
1933#include <openssl/evp.h>
1934int main(void) { SSLeay_add_all_algorithms(); }
1935			]])],
1936			[
1937				AC_MSG_RESULT(yes)
1938			],
1939			[
1940				AC_MSG_RESULT(no)
1941				LIBS="$saved_LIBS"
1942			]
1943		)
1944	]
1945)
1946
1947AC_ARG_WITH(ssl-engine,
1948	[  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
1949	[ if test "x$withval" != "xno" ; then
1950		AC_MSG_CHECKING(for OpenSSL ENGINE support)
1951		AC_TRY_COMPILE(
1952			[ #include <openssl/engine.h>],
1953			[
1954ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1955			],
1956			[ AC_MSG_RESULT(yes)
1957			  AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1958			     [Enable OpenSSL engine support])
1959			],
1960			[ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1961		)
1962	  fi ]
1963)
1964
1965# Check for OpenSSL without EVP_aes_{192,256}_cbc
1966AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1967AC_LINK_IFELSE(
1968	[AC_LANG_SOURCE([[
1969#include <string.h>
1970#include <openssl/evp.h>
1971int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1972	]])],
1973	[
1974		AC_MSG_RESULT(no)
1975	],
1976	[
1977		AC_MSG_RESULT(yes)
1978		AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1979		    [libcrypto is missing AES 192 and 256 bit functions])
1980	]
1981)
1982
1983# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1984# because the system crypt() is more featureful.
1985if test "x$check_for_libcrypt_before" = "x1"; then
1986	AC_CHECK_LIB(crypt, crypt)
1987fi
1988
1989# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1990# version in OpenSSL.
1991if test "x$check_for_libcrypt_later" = "x1"; then
1992	AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1993fi
1994
1995# Search for SHA256 support in libc and/or OpenSSL
1996AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1997
1998AC_CHECK_LIB(iaf, ia_openinfo)
1999
2000### Configure cryptographic random number support
2001
2002# Check wheter OpenSSL seeds itself
2003AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2004AC_RUN_IFELSE(
2005	[AC_LANG_SOURCE([[
2006#include <string.h>
2007#include <openssl/rand.h>
2008int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2009	]])],
2010	[
2011		OPENSSL_SEEDS_ITSELF=yes
2012		AC_MSG_RESULT(yes)
2013	],
2014	[
2015		AC_MSG_RESULT(no)
2016		# Default to use of the rand helper if OpenSSL doesn't
2017		# seed itself
2018		USE_RAND_HELPER=yes
2019	],
2020	[
2021		AC_MSG_WARN([cross compiling: assuming yes])
2022		# This is safe, since all recent OpenSSL versions will
2023		# complain at runtime if not seeded correctly.
2024		OPENSSL_SEEDS_ITSELF=yes
2025	]
2026)
2027
2028# Check for PAM libs
2029PAM_MSG="no"
2030AC_ARG_WITH(pam,
2031	[  --with-pam              Enable PAM support ],
2032	[
2033		if test "x$withval" != "xno" ; then
2034			if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2035			   test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2036				AC_MSG_ERROR([PAM headers not found])
2037			fi
2038
2039			saved_LIBS="$LIBS"
2040			AC_CHECK_LIB(dl, dlopen, , )
2041			AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2042			AC_CHECK_FUNCS(pam_getenvlist)
2043			AC_CHECK_FUNCS(pam_putenv)
2044			LIBS="$saved_LIBS"
2045
2046			PAM_MSG="yes"
2047
2048			LIBPAM="-lpam"
2049			AC_DEFINE(USE_PAM, 1,
2050				[Define if you want to enable PAM support])
2051
2052			if test $ac_cv_lib_dl_dlopen = yes; then
2053				case "$LIBS" in
2054				*-ldl*)
2055					# libdl already in LIBS
2056					;;
2057				*)
2058					LIBPAM="$LIBPAM -ldl"
2059					;;
2060				esac
2061			fi
2062			AC_SUBST(LIBPAM)
2063		fi
2064	]
2065)
2066
2067# Check for older PAM
2068if test "x$PAM_MSG" = "xyes" ; then
2069	# Check PAM strerror arguments (old PAM)
2070	AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2071	AC_TRY_COMPILE(
2072		[
2073#include <stdlib.h>
2074#if defined(HAVE_SECURITY_PAM_APPL_H)
2075#include <security/pam_appl.h>
2076#elif defined (HAVE_PAM_PAM_APPL_H)
2077#include <pam/pam_appl.h>
2078#endif
2079		],
2080		[(void)pam_strerror((pam_handle_t *)NULL, -1);],
2081		[AC_MSG_RESULT(no)],
2082		[
2083			AC_DEFINE(HAVE_OLD_PAM, 1,
2084				[Define if you have an old version of PAM
2085				which takes only one argument to pam_strerror])
2086			AC_MSG_RESULT(yes)
2087			PAM_MSG="yes (old library)"
2088		]
2089	)
2090fi
2091
2092# Do we want to force the use of the rand helper?
2093AC_ARG_WITH(rand-helper,
2094	[  --with-rand-helper      Use subprocess to gather strong randomness ],
2095	[
2096		if test "x$withval" = "xno" ; then
2097			# Force use of OpenSSL's internal RNG, even if
2098			# the previous test showed it to be unseeded.
2099			if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2100				AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2101				OPENSSL_SEEDS_ITSELF=yes
2102				USE_RAND_HELPER=""
2103			fi
2104		else
2105			USE_RAND_HELPER=yes
2106		fi
2107	],
2108)
2109
2110# Which randomness source do we use?
2111if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2112	# OpenSSL only
2113	AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2114		[Define if you want OpenSSL's internally seeded PRNG only])
2115	RAND_MSG="OpenSSL internal ONLY"
2116	INSTALL_SSH_RAND_HELPER=""
2117elif test ! -z "$USE_RAND_HELPER" ; then
2118	# install rand helper
2119	RAND_MSG="ssh-rand-helper"
2120	INSTALL_SSH_RAND_HELPER="yes"
2121fi
2122AC_SUBST(INSTALL_SSH_RAND_HELPER)
2123
2124### Configuration of ssh-rand-helper
2125
2126# PRNGD TCP socket
2127AC_ARG_WITH(prngd-port,
2128	[  --with-prngd-port=PORT  read entropy from PRNGD/EGD TCP localhost:PORT],
2129	[
2130		case "$withval" in
2131		no)
2132			withval=""
2133			;;
2134		[[0-9]]*)
2135			;;
2136		*)
2137			AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2138			;;
2139		esac
2140		if test ! -z "$withval" ; then
2141			PRNGD_PORT="$withval"
2142			AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2143				[Port number of PRNGD/EGD random number socket])
2144		fi
2145	]
2146)
2147
2148# PRNGD Unix domain socket
2149AC_ARG_WITH(prngd-socket,
2150	[  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2151	[
2152		case "$withval" in
2153		yes)
2154			withval="/var/run/egd-pool"
2155			;;
2156		no)
2157			withval=""
2158			;;
2159		/*)
2160			;;
2161		*)
2162			AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2163			;;
2164		esac
2165
2166		if test ! -z "$withval" ; then
2167			if test ! -z "$PRNGD_PORT" ; then
2168				AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2169			fi
2170			if test ! -r "$withval" ; then
2171				AC_MSG_WARN(Entropy socket is not readable)
2172			fi
2173			PRNGD_SOCKET="$withval"
2174			AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2175				[Location of PRNGD/EGD random number socket])
2176		fi
2177	],
2178	[
2179		# Check for existing socket only if we don't have a random device already
2180		if test "$USE_RAND_HELPER" = yes ; then
2181			AC_MSG_CHECKING(for PRNGD/EGD socket)
2182			# Insert other locations here
2183			for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2184				if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2185					PRNGD_SOCKET="$sock"
2186					AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2187					break;
2188				fi
2189			done
2190			if test ! -z "$PRNGD_SOCKET" ; then
2191				AC_MSG_RESULT($PRNGD_SOCKET)
2192			else
2193				AC_MSG_RESULT(not found)
2194			fi
2195		fi
2196	]
2197)
2198
2199# Change default command timeout for hashing entropy source
2200entropy_timeout=200
2201AC_ARG_WITH(entropy-timeout,
2202	[  --with-entropy-timeout  Specify entropy gathering command timeout (msec)],
2203	[
2204		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
2205		    test "x${withval}" != "xyes"; then
2206			entropy_timeout=$withval
2207		fi
2208	]
2209)
2210AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2211	[Builtin PRNG command timeout])
2212
2213SSH_PRIVSEP_USER=sshd
2214AC_ARG_WITH(privsep-user,
2215	[  --with-privsep-user=user Specify non-privileged user for privilege separation],
2216	[
2217		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
2218		    test "x${withval}" != "xyes"; then
2219			SSH_PRIVSEP_USER=$withval
2220		fi
2221	]
2222)
2223AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2224	[non-privileged user for privilege separation])
2225AC_SUBST(SSH_PRIVSEP_USER)
2226
2227# We do this little dance with the search path to insure
2228# that programs that we select for use by installed programs
2229# (which may be run by the super-user) come from trusted
2230# locations before they come from the user's private area.
2231# This should help avoid accidentally configuring some
2232# random version of a program in someone's personal bin.
2233
2234OPATH=$PATH
2235PATH=/bin:/usr/bin
2236test -h /bin 2> /dev/null && PATH=/usr/bin
2237test -d /sbin && PATH=$PATH:/sbin
2238test -d /usr/sbin && PATH=$PATH:/usr/sbin
2239PATH=$PATH:/etc:$OPATH
2240
2241# These programs are used by the command hashing source to gather entropy
2242OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2243OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2244OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2245OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2246OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2247OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2248OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2249OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2250OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2251OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2252OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2253OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2254OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2255OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2256OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2257OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2258# restore PATH
2259PATH=$OPATH
2260
2261# Where does ssh-rand-helper get its randomness from?
2262INSTALL_SSH_PRNG_CMDS=""
2263if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2264	if test ! -z "$PRNGD_PORT" ; then
2265		RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2266	elif test ! -z "$PRNGD_SOCKET" ; then
2267		RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2268	else
2269		RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2270		RAND_HELPER_CMDHASH=yes
2271		INSTALL_SSH_PRNG_CMDS="yes"
2272	fi
2273fi
2274AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2275
2276
2277# Cheap hack to ensure NEWS-OS libraries are arranged right.
2278if test ! -z "$SONY" ; then
2279  LIBS="$LIBS -liberty";
2280fi
2281
2282# Check for  long long datatypes
2283AC_CHECK_TYPES([long long, unsigned long long, long double])
2284
2285# Check datatype sizes
2286AC_CHECK_SIZEOF(char, 1)
2287AC_CHECK_SIZEOF(short int, 2)
2288AC_CHECK_SIZEOF(int, 4)
2289AC_CHECK_SIZEOF(long int, 4)
2290AC_CHECK_SIZEOF(long long int, 8)
2291
2292# Sanity check long long for some platforms (AIX)
2293if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2294	ac_cv_sizeof_long_long_int=0
2295fi
2296
2297# compute LLONG_MIN and LLONG_MAX if we don't know them.
2298if test -z "$have_llong_max"; then
2299	AC_MSG_CHECKING([for max value of long long])
2300	AC_RUN_IFELSE(
2301		[AC_LANG_SOURCE([[
2302#include <stdio.h>
2303/* Why is this so damn hard? */
2304#ifdef __GNUC__
2305# undef __GNUC__
2306#endif
2307#define __USE_ISOC99
2308#include <limits.h>
2309#define DATA "conftest.llminmax"
2310#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2311
2312/*
2313 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2314 * we do this the hard way.
2315 */
2316static int
2317fprint_ll(FILE *f, long long n)
2318{
2319	unsigned int i;
2320	int l[sizeof(long long) * 8];
2321
2322	if (n < 0)
2323		if (fprintf(f, "-") < 0)
2324			return -1;
2325	for (i = 0; n != 0; i++) {
2326		l[i] = my_abs(n % 10);
2327		n /= 10;
2328	}
2329	do {
2330		if (fprintf(f, "%d", l[--i]) < 0)
2331			return -1;
2332	} while (i != 0);
2333	if (fprintf(f, " ") < 0)
2334		return -1;
2335	return 0;
2336}
2337
2338int main(void) {
2339	FILE *f;
2340	long long i, llmin, llmax = 0;
2341
2342	if((f = fopen(DATA,"w")) == NULL)
2343		exit(1);
2344
2345#if defined(LLONG_MIN) && defined(LLONG_MAX)
2346	fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2347	llmin = LLONG_MIN;
2348	llmax = LLONG_MAX;
2349#else
2350	fprintf(stderr, "Calculating  LLONG_MIN and LLONG_MAX\n");
2351	/* This will work on one's complement and two's complement */
2352	for (i = 1; i > llmax; i <<= 1, i++)
2353		llmax = i;
2354	llmin = llmax + 1LL;	/* wrap */
2355#endif
2356
2357	/* Sanity check */
2358	if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2359	    || llmax - 1 > llmax || llmin == llmax || llmin == 0
2360	    || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2361		fprintf(f, "unknown unknown\n");
2362		exit(2);
2363	}
2364
2365	if (fprint_ll(f, llmin) < 0)
2366		exit(3);
2367	if (fprint_ll(f, llmax) < 0)
2368		exit(4);
2369	if (fclose(f) < 0)
2370		exit(5);
2371	exit(0);
2372}
2373		]])],
2374		[
2375			llong_min=`$AWK '{print $1}' conftest.llminmax`
2376			llong_max=`$AWK '{print $2}' conftest.llminmax`
2377
2378			AC_MSG_RESULT($llong_max)
2379			AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2380			    [max value of long long calculated by configure])
2381			AC_MSG_CHECKING([for min value of long long])
2382			AC_MSG_RESULT($llong_min)
2383			AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2384			    [min value of long long calculated by configure])
2385		],
2386		[
2387			AC_MSG_RESULT(not found)
2388		],
2389		[
2390			AC_MSG_WARN([cross compiling: not checking])
2391		]
2392	)
2393fi
2394
2395
2396# More checks for data types
2397AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2398	AC_TRY_COMPILE(
2399		[ #include <sys/types.h> ],
2400		[ u_int a; a = 1;],
2401		[ ac_cv_have_u_int="yes" ],
2402		[ ac_cv_have_u_int="no" ]
2403	)
2404])
2405if test "x$ac_cv_have_u_int" = "xyes" ; then
2406	AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2407	have_u_int=1
2408fi
2409
2410AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2411	AC_TRY_COMPILE(
2412		[ #include <sys/types.h> ],
2413		[ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2414		[ ac_cv_have_intxx_t="yes" ],
2415		[ ac_cv_have_intxx_t="no" ]
2416	)
2417])
2418if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2419	AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2420	have_intxx_t=1
2421fi
2422
2423if (test -z "$have_intxx_t" && \
2424	   test "x$ac_cv_header_stdint_h" = "xyes")
2425then
2426    AC_MSG_CHECKING([for intXX_t types in stdint.h])
2427	AC_TRY_COMPILE(
2428		[ #include <stdint.h> ],
2429		[ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2430		[
2431			AC_DEFINE(HAVE_INTXX_T)
2432			AC_MSG_RESULT(yes)
2433		],
2434		[ AC_MSG_RESULT(no) ]
2435	)
2436fi
2437
2438AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2439	AC_TRY_COMPILE(
2440		[
2441#include <sys/types.h>
2442#ifdef HAVE_STDINT_H
2443# include <stdint.h>
2444#endif
2445#include <sys/socket.h>
2446#ifdef HAVE_SYS_BITYPES_H
2447# include <sys/bitypes.h>
2448#endif
2449		],
2450		[ int64_t a; a = 1;],
2451		[ ac_cv_have_int64_t="yes" ],
2452		[ ac_cv_have_int64_t="no" ]
2453	)
2454])
2455if test "x$ac_cv_have_int64_t" = "xyes" ; then
2456	AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2457fi
2458
2459AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2460	AC_TRY_COMPILE(
2461		[ #include <sys/types.h> ],
2462		[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2463		[ ac_cv_have_u_intxx_t="yes" ],
2464		[ ac_cv_have_u_intxx_t="no" ]
2465	)
2466])
2467if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2468	AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2469	have_u_intxx_t=1
2470fi
2471
2472if test -z "$have_u_intxx_t" ; then
2473    AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2474	AC_TRY_COMPILE(
2475		[ #include <sys/socket.h> ],
2476		[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2477		[
2478			AC_DEFINE(HAVE_U_INTXX_T)
2479			AC_MSG_RESULT(yes)
2480		],
2481		[ AC_MSG_RESULT(no) ]
2482	)
2483fi
2484
2485AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2486	AC_TRY_COMPILE(
2487		[ #include <sys/types.h> ],
2488		[ u_int64_t a; a = 1;],
2489		[ ac_cv_have_u_int64_t="yes" ],
2490		[ ac_cv_have_u_int64_t="no" ]
2491	)
2492])
2493if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2494	AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2495	have_u_int64_t=1
2496fi
2497
2498if test -z "$have_u_int64_t" ; then
2499    AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2500	AC_TRY_COMPILE(
2501		[ #include <sys/bitypes.h> ],
2502		[ u_int64_t a; a = 1],
2503		[
2504			AC_DEFINE(HAVE_U_INT64_T)
2505			AC_MSG_RESULT(yes)
2506		],
2507		[ AC_MSG_RESULT(no) ]
2508	)
2509fi
2510
2511if test -z "$have_u_intxx_t" ; then
2512	AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2513		AC_TRY_COMPILE(
2514			[
2515#include <sys/types.h>
2516			],
2517			[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2518			[ ac_cv_have_uintxx_t="yes" ],
2519			[ ac_cv_have_uintxx_t="no" ]
2520		)
2521	])
2522	if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2523		AC_DEFINE(HAVE_UINTXX_T, 1,
2524			[define if you have uintxx_t data type])
2525	fi
2526fi
2527
2528if test -z "$have_uintxx_t" ; then
2529    AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2530	AC_TRY_COMPILE(
2531		[ #include <stdint.h> ],
2532		[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2533		[
2534			AC_DEFINE(HAVE_UINTXX_T)
2535			AC_MSG_RESULT(yes)
2536		],
2537		[ AC_MSG_RESULT(no) ]
2538	)
2539fi
2540
2541if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2542	   test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2543then
2544	AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2545	AC_TRY_COMPILE(
2546		[
2547#include <sys/bitypes.h>
2548		],
2549		[
2550			int8_t a; int16_t b; int32_t c;
2551			u_int8_t e; u_int16_t f; u_int32_t g;
2552			a = b = c = e = f = g = 1;
2553		],
2554		[
2555			AC_DEFINE(HAVE_U_INTXX_T)
2556			AC_DEFINE(HAVE_INTXX_T)
2557			AC_MSG_RESULT(yes)
2558		],
2559		[AC_MSG_RESULT(no)]
2560	)
2561fi
2562
2563
2564AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2565	AC_TRY_COMPILE(
2566		[
2567#include <sys/types.h>
2568		],
2569		[ u_char foo; foo = 125; ],
2570		[ ac_cv_have_u_char="yes" ],
2571		[ ac_cv_have_u_char="no" ]
2572	)
2573])
2574if test "x$ac_cv_have_u_char" = "xyes" ; then
2575	AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2576fi
2577
2578TYPE_SOCKLEN_T
2579
2580AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2581
2582AC_CHECK_TYPES(in_addr_t,,,
2583[#include <sys/types.h>
2584#include <netinet/in.h>])
2585
2586AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2587	AC_TRY_COMPILE(
2588		[
2589#include <sys/types.h>
2590		],
2591		[ size_t foo; foo = 1235; ],
2592		[ ac_cv_have_size_t="yes" ],
2593		[ ac_cv_have_size_t="no" ]
2594	)
2595])
2596if test "x$ac_cv_have_size_t" = "xyes" ; then
2597	AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2598fi
2599
2600AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2601	AC_TRY_COMPILE(
2602		[
2603#include <sys/types.h>
2604		],
2605		[ ssize_t foo; foo = 1235; ],
2606		[ ac_cv_have_ssize_t="yes" ],
2607		[ ac_cv_have_ssize_t="no" ]
2608	)
2609])
2610if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2611	AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2612fi
2613
2614AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2615	AC_TRY_COMPILE(
2616		[
2617#include <time.h>
2618		],
2619		[ clock_t foo; foo = 1235; ],
2620		[ ac_cv_have_clock_t="yes" ],
2621		[ ac_cv_have_clock_t="no" ]
2622	)
2623])
2624if test "x$ac_cv_have_clock_t" = "xyes" ; then
2625	AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2626fi
2627
2628AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2629	AC_TRY_COMPILE(
2630		[
2631#include <sys/types.h>
2632#include <sys/socket.h>
2633		],
2634		[ sa_family_t foo; foo = 1235; ],
2635		[ ac_cv_have_sa_family_t="yes" ],
2636		[ AC_TRY_COMPILE(
2637		  [
2638#include <sys/types.h>
2639#include <sys/socket.h>
2640#include <netinet/in.h>
2641		],
2642		[ sa_family_t foo; foo = 1235; ],
2643		[ ac_cv_have_sa_family_t="yes" ],
2644
2645		[ ac_cv_have_sa_family_t="no" ]
2646	)]
2647	)
2648])
2649if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2650	AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2651		[define if you have sa_family_t data type])
2652fi
2653
2654AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2655	AC_TRY_COMPILE(
2656		[
2657#include <sys/types.h>
2658		],
2659		[ pid_t foo; foo = 1235; ],
2660		[ ac_cv_have_pid_t="yes" ],
2661		[ ac_cv_have_pid_t="no" ]
2662	)
2663])
2664if test "x$ac_cv_have_pid_t" = "xyes" ; then
2665	AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2666fi
2667
2668AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2669	AC_TRY_COMPILE(
2670		[
2671#include <sys/types.h>
2672		],
2673		[ mode_t foo; foo = 1235; ],
2674		[ ac_cv_have_mode_t="yes" ],
2675		[ ac_cv_have_mode_t="no" ]
2676	)
2677])
2678if test "x$ac_cv_have_mode_t" = "xyes" ; then
2679	AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2680fi
2681
2682
2683AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2684	AC_TRY_COMPILE(
2685		[
2686#include <sys/types.h>
2687#include <sys/socket.h>
2688		],
2689		[ struct sockaddr_storage s; ],
2690		[ ac_cv_have_struct_sockaddr_storage="yes" ],
2691		[ ac_cv_have_struct_sockaddr_storage="no" ]
2692	)
2693])
2694if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2695	AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2696		[define if you have struct sockaddr_storage data type])
2697fi
2698
2699AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2700	AC_TRY_COMPILE(
2701		[
2702#include <sys/types.h>
2703#include <netinet/in.h>
2704		],
2705		[ struct sockaddr_in6 s; s.sin6_family = 0; ],
2706		[ ac_cv_have_struct_sockaddr_in6="yes" ],
2707		[ ac_cv_have_struct_sockaddr_in6="no" ]
2708	)
2709])
2710if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2711	AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2712		[define if you have struct sockaddr_in6 data type])
2713fi
2714
2715AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2716	AC_TRY_COMPILE(
2717		[
2718#include <sys/types.h>
2719#include <netinet/in.h>
2720		],
2721		[ struct in6_addr s; s.s6_addr[0] = 0; ],
2722		[ ac_cv_have_struct_in6_addr="yes" ],
2723		[ ac_cv_have_struct_in6_addr="no" ]
2724	)
2725])
2726if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2727	AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2728		[define if you have struct in6_addr data type])
2729fi
2730
2731AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2732	AC_TRY_COMPILE(
2733		[
2734#include <sys/types.h>
2735#include <sys/socket.h>
2736#include <netdb.h>
2737		],
2738		[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2739		[ ac_cv_have_struct_addrinfo="yes" ],
2740		[ ac_cv_have_struct_addrinfo="no" ]
2741	)
2742])
2743if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2744	AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2745		[define if you have struct addrinfo data type])
2746fi
2747
2748AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2749	AC_TRY_COMPILE(
2750		[ #include <sys/time.h> ],
2751		[ struct timeval tv; tv.tv_sec = 1;],
2752		[ ac_cv_have_struct_timeval="yes" ],
2753		[ ac_cv_have_struct_timeval="no" ]
2754	)
2755])
2756if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2757	AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2758	have_struct_timeval=1
2759fi
2760
2761AC_CHECK_TYPES(struct timespec)
2762
2763# We need int64_t or else certian parts of the compile will fail.
2764if test "x$ac_cv_have_int64_t" = "xno" && \
2765	test "x$ac_cv_sizeof_long_int" != "x8" && \
2766	test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2767	echo "OpenSSH requires int64_t support.  Contact your vendor or install"
2768	echo "an alternative compiler (I.E., GCC) before continuing."
2769	echo ""
2770	exit 1;
2771else
2772dnl test snprintf (broken on SCO w/gcc)
2773	AC_RUN_IFELSE(
2774		[AC_LANG_SOURCE([[
2775#include <stdio.h>
2776#include <string.h>
2777#ifdef HAVE_SNPRINTF
2778main()
2779{
2780	char buf[50];
2781	char expected_out[50];
2782	int mazsize = 50 ;
2783#if (SIZEOF_LONG_INT == 8)
2784	long int num = 0x7fffffffffffffff;
2785#else
2786	long long num = 0x7fffffffffffffffll;
2787#endif
2788	strcpy(expected_out, "9223372036854775807");
2789	snprintf(buf, mazsize, "%lld", num);
2790	if(strcmp(buf, expected_out) != 0)
2791		exit(1);
2792	exit(0);
2793}
2794#else
2795main() { exit(0); }
2796#endif
2797		]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2798		AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2799	)
2800fi
2801
2802dnl Checks for structure members
2803OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2804OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2805OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2806OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2807OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2808OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2809OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2810OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2811OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2812OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2813OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2814OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2815OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2816OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2817OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2818OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2819OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2820
2821AC_CHECK_MEMBERS([struct stat.st_blksize])
2822AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2823	[Define if we don't have struct __res_state in resolv.h])],
2824[
2825#include <stdio.h>
2826#if HAVE_SYS_TYPES_H
2827# include <sys/types.h>
2828#endif
2829#include <netinet/in.h>
2830#include <arpa/nameser.h>
2831#include <resolv.h>
2832])
2833
2834AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2835		ac_cv_have_ss_family_in_struct_ss, [
2836	AC_TRY_COMPILE(
2837		[
2838#include <sys/types.h>
2839#include <sys/socket.h>
2840		],
2841		[ struct sockaddr_storage s; s.ss_family = 1; ],
2842		[ ac_cv_have_ss_family_in_struct_ss="yes" ],
2843		[ ac_cv_have_ss_family_in_struct_ss="no" ],
2844	)
2845])
2846if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2847	AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2848fi
2849
2850AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2851		ac_cv_have___ss_family_in_struct_ss, [
2852	AC_TRY_COMPILE(
2853		[
2854#include <sys/types.h>
2855#include <sys/socket.h>
2856		],
2857		[ struct sockaddr_storage s; s.__ss_family = 1; ],
2858		[ ac_cv_have___ss_family_in_struct_ss="yes" ],
2859		[ ac_cv_have___ss_family_in_struct_ss="no" ]
2860	)
2861])
2862if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2863	AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2864		[Fields in struct sockaddr_storage])
2865fi
2866
2867AC_CACHE_CHECK([for pw_class field in struct passwd],
2868		ac_cv_have_pw_class_in_struct_passwd, [
2869	AC_TRY_COMPILE(
2870		[
2871#include <pwd.h>
2872		],
2873		[ struct passwd p; p.pw_class = 0; ],
2874		[ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2875		[ ac_cv_have_pw_class_in_struct_passwd="no" ]
2876	)
2877])
2878if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2879	AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2880		[Define if your password has a pw_class field])
2881fi
2882
2883AC_CACHE_CHECK([for pw_expire field in struct passwd],
2884		ac_cv_have_pw_expire_in_struct_passwd, [
2885	AC_TRY_COMPILE(
2886		[
2887#include <pwd.h>
2888		],
2889		[ struct passwd p; p.pw_expire = 0; ],
2890		[ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2891		[ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2892	)
2893])
2894if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2895	AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2896		[Define if your password has a pw_expire field])
2897fi
2898
2899AC_CACHE_CHECK([for pw_change field in struct passwd],
2900		ac_cv_have_pw_change_in_struct_passwd, [
2901	AC_TRY_COMPILE(
2902		[
2903#include <pwd.h>
2904		],
2905		[ struct passwd p; p.pw_change = 0; ],
2906		[ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2907		[ ac_cv_have_pw_change_in_struct_passwd="no" ]
2908	)
2909])
2910if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2911	AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2912		[Define if your password has a pw_change field])
2913fi
2914
2915dnl make sure we're using the real structure members and not defines
2916AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2917		ac_cv_have_accrights_in_msghdr, [
2918	AC_COMPILE_IFELSE(
2919		[
2920#include <sys/types.h>
2921#include <sys/socket.h>
2922#include <sys/uio.h>
2923int main() {
2924#ifdef msg_accrights
2925#error "msg_accrights is a macro"
2926exit(1);
2927#endif
2928struct msghdr m;
2929m.msg_accrights = 0;
2930exit(0);
2931}
2932		],
2933		[ ac_cv_have_accrights_in_msghdr="yes" ],
2934		[ ac_cv_have_accrights_in_msghdr="no" ]
2935	)
2936])
2937if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2938	AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2939		[Define if your system uses access rights style
2940		file descriptor passing])
2941fi
2942
2943AC_CACHE_CHECK([for msg_control field in struct msghdr],
2944		ac_cv_have_control_in_msghdr, [
2945	AC_COMPILE_IFELSE(
2946		[
2947#include <sys/types.h>
2948#include <sys/socket.h>
2949#include <sys/uio.h>
2950int main() {
2951#ifdef msg_control
2952#error "msg_control is a macro"
2953exit(1);
2954#endif
2955struct msghdr m;
2956m.msg_control = 0;
2957exit(0);
2958}
2959		],
2960		[ ac_cv_have_control_in_msghdr="yes" ],
2961		[ ac_cv_have_control_in_msghdr="no" ]
2962	)
2963])
2964if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2965	AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2966		[Define if your system uses ancillary data style
2967		file descriptor passing])
2968fi
2969
2970AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2971	AC_TRY_LINK([],
2972		[ extern char *__progname; printf("%s", __progname); ],
2973		[ ac_cv_libc_defines___progname="yes" ],
2974		[ ac_cv_libc_defines___progname="no" ]
2975	)
2976])
2977if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2978	AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2979fi
2980
2981AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2982	AC_TRY_LINK([
2983#include <stdio.h>
2984],
2985		[ printf("%s", __FUNCTION__); ],
2986		[ ac_cv_cc_implements___FUNCTION__="yes" ],
2987		[ ac_cv_cc_implements___FUNCTION__="no" ]
2988	)
2989])
2990if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2991	AC_DEFINE(HAVE___FUNCTION__, 1,
2992		[Define if compiler implements __FUNCTION__])
2993fi
2994
2995AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2996	AC_TRY_LINK([
2997#include <stdio.h>
2998],
2999		[ printf("%s", __func__); ],
3000		[ ac_cv_cc_implements___func__="yes" ],
3001		[ ac_cv_cc_implements___func__="no" ]
3002	)
3003])
3004if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3005	AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3006fi
3007
3008AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3009	AC_TRY_LINK(
3010		[#include <stdarg.h>
3011		 va_list x,y;],
3012	    	[va_copy(x,y);],
3013		[ ac_cv_have_va_copy="yes" ],
3014		[ ac_cv_have_va_copy="no" ]
3015	)
3016])
3017if test "x$ac_cv_have_va_copy" = "xyes" ; then
3018	AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3019fi
3020
3021AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3022	AC_TRY_LINK(
3023		[#include <stdarg.h>
3024		 va_list x,y;],
3025	    	[__va_copy(x,y);],
3026		[ ac_cv_have___va_copy="yes" ],
3027		[ ac_cv_have___va_copy="no" ]
3028	)
3029])
3030if test "x$ac_cv_have___va_copy" = "xyes" ; then
3031	AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3032fi
3033
3034AC_CACHE_CHECK([whether getopt has optreset support],
3035		ac_cv_have_getopt_optreset, [
3036	AC_TRY_LINK(
3037		[
3038#if HAVE_GETOPT_H
3039#include <getopt.h>
3040#elif HAVE_UNISTD_H
3041#include <unistd.h>
3042#endif
3043		],
3044		[ extern int optreset; optreset = 0; ],
3045		[ ac_cv_have_getopt_optreset="yes" ],
3046		[ ac_cv_have_getopt_optreset="no" ]
3047	)
3048])
3049if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3050	AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3051		[Define if your getopt(3) defines and uses optreset])
3052fi
3053
3054AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3055	AC_TRY_LINK([],
3056		[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3057		[ ac_cv_libc_defines_sys_errlist="yes" ],
3058		[ ac_cv_libc_defines_sys_errlist="no" ]
3059	)
3060])
3061if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3062	AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3063		[Define if your system defines sys_errlist[]])
3064fi
3065
3066
3067AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3068	AC_TRY_LINK([],
3069		[ extern int sys_nerr; printf("%i", sys_nerr);],
3070		[ ac_cv_libc_defines_sys_nerr="yes" ],
3071		[ ac_cv_libc_defines_sys_nerr="no" ]
3072	)
3073])
3074if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3075	AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3076fi
3077
3078SCARD_MSG="no"
3079# Check whether user wants sectok support
3080AC_ARG_WITH(sectok,
3081	[  --with-sectok           Enable smartcard support using libsectok],
3082	[
3083		if test "x$withval" != "xno" ; then
3084			if test "x$withval" != "xyes" ; then
3085				CPPFLAGS="$CPPFLAGS -I${withval}"
3086				LDFLAGS="$LDFLAGS -L${withval}"
3087				if test ! -z "$need_dash_r" ; then
3088					LDFLAGS="$LDFLAGS -R${withval}"
3089				fi
3090				if test ! -z "$blibpath" ; then
3091					blibpath="$blibpath:${withval}"
3092				fi
3093			fi
3094			AC_CHECK_HEADERS(sectok.h)
3095			if test "$ac_cv_header_sectok_h" != yes; then
3096				AC_MSG_ERROR(Can't find sectok.h)
3097			fi
3098			AC_CHECK_LIB(sectok, sectok_open)
3099			if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3100				AC_MSG_ERROR(Can't find libsectok)
3101			fi
3102			AC_DEFINE(SMARTCARD, 1,
3103				[Define if you want smartcard support])
3104			AC_DEFINE(USE_SECTOK, 1,
3105				[Define if you want smartcard support
3106				using sectok])
3107			SCARD_MSG="yes, using sectok"
3108		fi
3109	]
3110)
3111
3112# Check whether user wants OpenSC support
3113OPENSC_CONFIG="no"
3114AC_ARG_WITH(opensc,
3115	[  --with-opensc[[=PFX]]     Enable smartcard support using OpenSC (optionally in PATH)],
3116	[
3117	    if test "x$withval" != "xno" ; then
3118		if test "x$withval" != "xyes" ; then
3119  			OPENSC_CONFIG=$withval/bin/opensc-config
3120		else
3121  			AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3122		fi
3123		if test "$OPENSC_CONFIG" != "no"; then
3124			LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3125			LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3126			CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3127			LIBS="$LIBS $LIBOPENSC_LIBS"
3128			AC_DEFINE(SMARTCARD)
3129			AC_DEFINE(USE_OPENSC, 1,
3130				[Define if you want smartcard support
3131				using OpenSC])
3132			SCARD_MSG="yes, using OpenSC"
3133		fi
3134	    fi
3135	]
3136)
3137
3138# Check libraries needed by DNS fingerprint support
3139AC_SEARCH_LIBS(getrrsetbyname, resolv,
3140	[AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3141		[Define if getrrsetbyname() exists])],
3142	[
3143		# Needed by our getrrsetbyname()
3144		AC_SEARCH_LIBS(res_query, resolv)
3145		AC_SEARCH_LIBS(dn_expand, resolv)
3146		AC_MSG_CHECKING(if res_query will link)
3147		AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3148		   [AC_MSG_RESULT(no)
3149		    saved_LIBS="$LIBS"
3150		    LIBS="$LIBS -lresolv"
3151		    AC_MSG_CHECKING(for res_query in -lresolv)
3152		    AC_LINK_IFELSE([
3153#include <resolv.h>
3154int main()
3155{
3156	res_query (0, 0, 0, 0, 0);
3157	return 0;
3158}
3159			],
3160			[LIBS="$LIBS -lresolv"
3161			 AC_MSG_RESULT(yes)],
3162			[LIBS="$saved_LIBS"
3163			 AC_MSG_RESULT(no)])
3164		    ])
3165		AC_CHECK_FUNCS(_getshort _getlong)
3166		AC_CHECK_DECLS([_getshort, _getlong], , ,
3167		    [#include <sys/types.h>
3168		    #include <arpa/nameser.h>])
3169		AC_CHECK_MEMBER(HEADER.ad,
3170			[AC_DEFINE(HAVE_HEADER_AD, 1,
3171			    [Define if HEADER.ad exists in arpa/nameser.h])],,
3172			[#include <arpa/nameser.h>])
3173	])
3174
3175# Check whether user wants SELinux support
3176SELINUX_MSG="no"
3177LIBSELINUX=""
3178AC_ARG_WITH(selinux,
3179	[  --with-selinux   Enable SELinux support],
3180	[ if test "x$withval" != "xno" ; then
3181		AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3182		SELINUX_MSG="yes"
3183		AC_CHECK_HEADER([selinux/selinux.h], ,
3184		    AC_MSG_ERROR(SELinux support requires selinux.h header))
3185		AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3186		    AC_MSG_ERROR(SELinux support requires libselinux library))
3187		save_LIBS="$LIBS"
3188		LIBS="$LIBS $LIBSELINUX"
3189		AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3190		LIBS="$save_LIBS"
3191	fi ]
3192)
3193AC_SUBST(LIBSELINUX)
3194
3195# Check whether user wants Kerberos 5 support
3196KRB5_MSG="no"
3197AC_ARG_WITH(kerberos5,
3198	[  --with-kerberos5=PATH   Enable Kerberos 5 support],
3199	[ if test "x$withval" != "xno" ; then
3200		if test "x$withval" = "xyes" ; then
3201			KRB5ROOT="/usr/local"
3202		else
3203			KRB5ROOT=${withval}
3204		fi
3205
3206		AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3207		KRB5_MSG="yes"
3208
3209		AC_MSG_CHECKING(for krb5-config)
3210		if test -x  $KRB5ROOT/bin/krb5-config ; then
3211			KRB5CONF=$KRB5ROOT/bin/krb5-config
3212			AC_MSG_RESULT($KRB5CONF)
3213
3214			AC_MSG_CHECKING(for gssapi support)
3215			if $KRB5CONF | grep gssapi >/dev/null ; then
3216				AC_MSG_RESULT(yes)
3217				AC_DEFINE(GSSAPI, 1,
3218					[Define this if you want GSSAPI
3219					support in the version 2 protocol])
3220				k5confopts=gssapi
3221			else
3222				AC_MSG_RESULT(no)
3223				k5confopts=""
3224			fi
3225			K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3226			K5LIBS="`$KRB5CONF --libs $k5confopts`"
3227			CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3228			AC_MSG_CHECKING(whether we are using Heimdal)
3229			AC_TRY_COMPILE([ #include <krb5.h> ],
3230				       [ char *tmp = heimdal_version; ],
3231				       [ AC_MSG_RESULT(yes)
3232					 AC_DEFINE(HEIMDAL, 1,
3233					[Define this if you are using the
3234					Heimdal version of Kerberos V5]) ],
3235				         AC_MSG_RESULT(no)
3236			)
3237		else
3238			AC_MSG_RESULT(no)
3239			CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3240			LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3241			AC_MSG_CHECKING(whether we are using Heimdal)
3242			AC_TRY_COMPILE([ #include <krb5.h> ],
3243				       [ char *tmp = heimdal_version; ],
3244				       [ AC_MSG_RESULT(yes)
3245					 AC_DEFINE(HEIMDAL)
3246					 K5LIBS="-lkrb5 -ldes"
3247					 K5LIBS="$K5LIBS -lcom_err -lasn1"
3248					 AC_CHECK_LIB(roken, net_write,
3249					   [K5LIBS="$K5LIBS -lroken"])
3250				       ],
3251				       [ AC_MSG_RESULT(no)
3252					 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3253				       ]
3254			)
3255			AC_SEARCH_LIBS(dn_expand, resolv)
3256
3257			AC_CHECK_LIB(gssapi,gss_init_sec_context,
3258				[ AC_DEFINE(GSSAPI)
3259				  K5LIBS="-lgssapi $K5LIBS" ],
3260				[ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3261					[ AC_DEFINE(GSSAPI)
3262					  K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3263					AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3264					$K5LIBS)
3265				],
3266				$K5LIBS)
3267
3268			AC_CHECK_HEADER(gssapi.h, ,
3269				[ unset ac_cv_header_gssapi_h
3270				  CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3271				  AC_CHECK_HEADERS(gssapi.h, ,
3272					AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3273				  )
3274				]
3275			)
3276
3277			oldCPP="$CPPFLAGS"
3278			CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3279			AC_CHECK_HEADER(gssapi_krb5.h, ,
3280					[ CPPFLAGS="$oldCPP" ])
3281
3282		fi
3283		if test ! -z "$need_dash_r" ; then
3284			LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3285		fi
3286		if test ! -z "$blibpath" ; then
3287			blibpath="$blibpath:${KRB5ROOT}/lib"
3288		fi
3289
3290		AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3291		AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3292		AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3293
3294		LIBS="$LIBS $K5LIBS"
3295		AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3296			[Define this if you want to use libkafs' AFS support]))
3297	fi
3298	]
3299)
3300
3301# Looking for programs, paths and files
3302
3303PRIVSEP_PATH=/var/empty
3304AC_ARG_WITH(privsep-path,
3305	[  --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3306	[
3307		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3308		    test "x${withval}" != "xyes"; then
3309			PRIVSEP_PATH=$withval
3310		fi
3311	]
3312)
3313AC_SUBST(PRIVSEP_PATH)
3314
3315AC_ARG_WITH(xauth,
3316	[  --with-xauth=PATH       Specify path to xauth program ],
3317	[
3318		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3319		    test "x${withval}" != "xyes"; then
3320			xauth_path=$withval
3321		fi
3322	],
3323	[
3324		TestPath="$PATH"
3325		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3326		TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3327		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3328		TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3329		AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3330		if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3331			xauth_path="/usr/openwin/bin/xauth"
3332		fi
3333	]
3334)
3335
3336STRIP_OPT=-s
3337AC_ARG_ENABLE(strip,
3338	[  --disable-strip         Disable calling strip(1) on install],
3339	[
3340		if test "x$enableval" = "xno" ; then
3341			STRIP_OPT=
3342		fi
3343	]
3344)
3345AC_SUBST(STRIP_OPT)
3346
3347if test -z "$xauth_path" ; then
3348	XAUTH_PATH="undefined"
3349	AC_SUBST(XAUTH_PATH)
3350else
3351	AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3352		[Define if xauth is found in your path])
3353	XAUTH_PATH=$xauth_path
3354	AC_SUBST(XAUTH_PATH)
3355fi
3356
3357# Check for mail directory (last resort if we cannot get it from headers)
3358if test ! -z "$MAIL" ; then
3359	maildir=`dirname $MAIL`
3360	AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3361		[Set this to your mail directory if you don't have maillock.h])
3362fi
3363
3364if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3365	AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3366	disable_ptmx_check=yes
3367fi
3368if test -z "$no_dev_ptmx" ; then
3369	if test "x$disable_ptmx_check" != "xyes" ; then
3370		AC_CHECK_FILE("/dev/ptmx",
3371			[
3372				AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3373					[Define if you have /dev/ptmx])
3374				have_dev_ptmx=1
3375			]
3376		)
3377	fi
3378fi
3379
3380if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3381	AC_CHECK_FILE("/dev/ptc",
3382		[
3383			AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3384				[Define if you have /dev/ptc])
3385			have_dev_ptc=1
3386		]
3387	)
3388else
3389	AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3390fi
3391
3392# Options from here on. Some of these are preset by platform above
3393AC_ARG_WITH(mantype,
3394	[  --with-mantype=man|cat|doc  Set man page type],
3395	[
3396		case "$withval" in
3397		man|cat|doc)
3398			MANTYPE=$withval
3399			;;
3400		*)
3401			AC_MSG_ERROR(invalid man type: $withval)
3402			;;
3403		esac
3404	]
3405)
3406if test -z "$MANTYPE"; then
3407	TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3408	AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3409	if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3410		MANTYPE=doc
3411	elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3412		MANTYPE=man
3413	else
3414		MANTYPE=cat
3415	fi
3416fi
3417AC_SUBST(MANTYPE)
3418if test "$MANTYPE" = "doc"; then
3419	mansubdir=man;
3420else
3421	mansubdir=$MANTYPE;
3422fi
3423AC_SUBST(mansubdir)
3424
3425# Check whether to enable MD5 passwords
3426MD5_MSG="no"
3427AC_ARG_WITH(md5-passwords,
3428	[  --with-md5-passwords    Enable use of MD5 passwords],
3429	[
3430		if test "x$withval" != "xno" ; then
3431			AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3432				[Define if you want to allow MD5 passwords])
3433			MD5_MSG="yes"
3434		fi
3435	]
3436)
3437
3438# Whether to disable shadow password support
3439AC_ARG_WITH(shadow,
3440	[  --without-shadow        Disable shadow password support],
3441	[
3442		if test "x$withval" = "xno" ; then
3443			AC_DEFINE(DISABLE_SHADOW)
3444			disable_shadow=yes
3445		fi
3446	]
3447)
3448
3449if test -z "$disable_shadow" ; then
3450	AC_MSG_CHECKING([if the systems has expire shadow information])
3451	AC_TRY_COMPILE(
3452	[
3453#include <sys/types.h>
3454#include <shadow.h>
3455	struct spwd sp;
3456	],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3457	[ sp_expire_available=yes ], []
3458	)
3459
3460	if test "x$sp_expire_available" = "xyes" ; then
3461		AC_MSG_RESULT(yes)
3462		AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3463		    [Define if you want to use shadow password expire field])
3464	else
3465		AC_MSG_RESULT(no)
3466	fi
3467fi
3468
3469# Use ip address instead of hostname in $DISPLAY
3470if test ! -z "$IPADDR_IN_DISPLAY" ; then
3471	DISPLAY_HACK_MSG="yes"
3472	AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3473		[Define if you need to use IP address
3474		instead of hostname in $DISPLAY])
3475else
3476	DISPLAY_HACK_MSG="no"
3477	AC_ARG_WITH(ipaddr-display,
3478		[  --with-ipaddr-display   Use ip address instead of hostname in \$DISPLAY],
3479		[
3480			if test "x$withval" != "xno" ; then
3481				AC_DEFINE(IPADDR_IN_DISPLAY)
3482				DISPLAY_HACK_MSG="yes"
3483			fi
3484		]
3485	)
3486fi
3487
3488# check for /etc/default/login and use it if present.
3489AC_ARG_ENABLE(etc-default-login,
3490	[  --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3491	[ if test "x$enableval" = "xno"; then
3492		AC_MSG_NOTICE([/etc/default/login handling disabled])
3493		etc_default_login=no
3494	  else
3495		etc_default_login=yes
3496	  fi ],
3497	[ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3498	  then
3499		AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3500		etc_default_login=no
3501	  else
3502		etc_default_login=yes
3503	  fi ]
3504)
3505
3506if test "x$etc_default_login" != "xno"; then
3507	AC_CHECK_FILE("/etc/default/login",
3508	    [ external_path_file=/etc/default/login ])
3509	if test "x$external_path_file" = "x/etc/default/login"; then
3510		AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3511			[Define if your system has /etc/default/login])
3512	fi
3513fi
3514
3515dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3516if test $ac_cv_func_login_getcapbool = "yes" && \
3517	test $ac_cv_header_login_cap_h = "yes" ; then
3518	external_path_file=/etc/login.conf
3519fi
3520
3521# Whether to mess with the default path
3522SERVER_PATH_MSG="(default)"
3523AC_ARG_WITH(default-path,
3524	[  --with-default-path=    Specify default \$PATH environment for server],
3525	[
3526		if test "x$external_path_file" = "x/etc/login.conf" ; then
3527			AC_MSG_WARN([
3528--with-default-path=PATH has no effect on this system.
3529Edit /etc/login.conf instead.])
3530		elif test "x$withval" != "xno" ; then
3531			if test ! -z "$external_path_file" ; then
3532				AC_MSG_WARN([
3533--with-default-path=PATH will only be used if PATH is not defined in
3534$external_path_file .])
3535			fi
3536			user_path="$withval"
3537			SERVER_PATH_MSG="$withval"
3538		fi
3539	],
3540	[ if test "x$external_path_file" = "x/etc/login.conf" ; then
3541		AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3542	else
3543		if test ! -z "$external_path_file" ; then
3544			AC_MSG_WARN([
3545If PATH is defined in $external_path_file, ensure the path to scp is included,
3546otherwise scp will not work.])
3547		fi
3548		AC_RUN_IFELSE(
3549			[AC_LANG_SOURCE([[
3550/* find out what STDPATH is */
3551#include <stdio.h>
3552#ifdef HAVE_PATHS_H
3553# include <paths.h>
3554#endif
3555#ifndef _PATH_STDPATH
3556# ifdef _PATH_USERPATH	/* Irix */
3557#  define _PATH_STDPATH _PATH_USERPATH
3558# else
3559#  define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3560# endif
3561#endif
3562#include <sys/types.h>
3563#include <sys/stat.h>
3564#include <fcntl.h>
3565#define DATA "conftest.stdpath"
3566
3567main()
3568{
3569	FILE *fd;
3570	int rc;
3571
3572	fd = fopen(DATA,"w");
3573	if(fd == NULL)
3574		exit(1);
3575
3576	if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3577		exit(1);
3578
3579	exit(0);
3580}
3581		]])],
3582		[ user_path=`cat conftest.stdpath` ],
3583		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3584		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3585	)
3586# make sure $bindir is in USER_PATH so scp will work
3587		t_bindir=`eval echo ${bindir}`
3588		case $t_bindir in
3589			NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3590		esac
3591		case $t_bindir in
3592			NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3593		esac
3594		echo $user_path | grep ":$t_bindir"  > /dev/null 2>&1
3595		if test $? -ne 0  ; then
3596			echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1
3597			if test $? -ne 0  ; then
3598				user_path=$user_path:$t_bindir
3599				AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3600			fi
3601		fi
3602	fi ]
3603)
3604if test "x$external_path_file" != "x/etc/login.conf" ; then
3605	AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3606	AC_SUBST(user_path)
3607fi
3608
3609# Set superuser path separately to user path
3610AC_ARG_WITH(superuser-path,
3611	[  --with-superuser-path=  Specify different path for super-user],
3612	[
3613		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3614		    test "x${withval}" != "xyes"; then
3615			AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3616				[Define if you want a different $PATH
3617				for the superuser])
3618			superuser_path=$withval
3619		fi
3620	]
3621)
3622
3623
3624AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3625IPV4_IN6_HACK_MSG="no"
3626AC_ARG_WITH(4in6,
3627	[  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
3628	[
3629		if test "x$withval" != "xno" ; then
3630			AC_MSG_RESULT(yes)
3631			AC_DEFINE(IPV4_IN_IPV6, 1,
3632				[Detect IPv4 in IPv6 mapped addresses
3633				and treat as IPv4])
3634			IPV4_IN6_HACK_MSG="yes"
3635		else
3636			AC_MSG_RESULT(no)
3637		fi
3638	],[
3639		if test "x$inet6_default_4in6" = "xyes"; then
3640			AC_MSG_RESULT([yes (default)])
3641			AC_DEFINE(IPV4_IN_IPV6)
3642			IPV4_IN6_HACK_MSG="yes"
3643		else
3644			AC_MSG_RESULT([no (default)])
3645		fi
3646	]
3647)
3648
3649# Whether to enable BSD auth support
3650BSD_AUTH_MSG=no
3651AC_ARG_WITH(bsd-auth,
3652	[  --with-bsd-auth         Enable BSD auth support],
3653	[
3654		if test "x$withval" != "xno" ; then
3655			AC_DEFINE(BSD_AUTH, 1,
3656				[Define if you have BSD auth support])
3657			BSD_AUTH_MSG=yes
3658		fi
3659	]
3660)
3661
3662# Where to place sshd.pid
3663piddir=/var/run
3664# make sure the directory exists
3665if test ! -d $piddir ; then
3666	piddir=`eval echo ${sysconfdir}`
3667	case $piddir in
3668		NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3669	esac
3670fi
3671
3672AC_ARG_WITH(pid-dir,
3673	[  --with-pid-dir=PATH     Specify location of ssh.pid file],
3674	[
3675		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
3676		    test "x${withval}" != "xyes"; then
3677			piddir=$withval
3678			if test ! -d $piddir ; then
3679			AC_MSG_WARN([** no $piddir directory on this system **])
3680			fi
3681		fi
3682	]
3683)
3684
3685AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3686AC_SUBST(piddir)
3687
3688dnl allow user to disable some login recording features
3689AC_ARG_ENABLE(lastlog,
3690	[  --disable-lastlog       disable use of lastlog even if detected [no]],
3691	[
3692		if test "x$enableval" = "xno" ; then
3693			AC_DEFINE(DISABLE_LASTLOG)
3694		fi
3695	]
3696)
3697AC_ARG_ENABLE(utmp,
3698	[  --disable-utmp          disable use of utmp even if detected [no]],
3699	[
3700		if test "x$enableval" = "xno" ; then
3701			AC_DEFINE(DISABLE_UTMP)
3702		fi
3703	]
3704)
3705AC_ARG_ENABLE(utmpx,
3706	[  --disable-utmpx         disable use of utmpx even if detected [no]],
3707	[
3708		if test "x$enableval" = "xno" ; then
3709			AC_DEFINE(DISABLE_UTMPX, 1,
3710				[Define if you don't want to use utmpx])
3711		fi
3712	]
3713)
3714AC_ARG_ENABLE(wtmp,
3715	[  --disable-wtmp          disable use of wtmp even if detected [no]],
3716	[
3717		if test "x$enableval" = "xno" ; then
3718			AC_DEFINE(DISABLE_WTMP)
3719		fi
3720	]
3721)
3722AC_ARG_ENABLE(wtmpx,
3723	[  --disable-wtmpx         disable use of wtmpx even if detected [no]],
3724	[
3725		if test "x$enableval" = "xno" ; then
3726			AC_DEFINE(DISABLE_WTMPX, 1,
3727				[Define if you don't want to use wtmpx])
3728		fi
3729	]
3730)
3731AC_ARG_ENABLE(libutil,
3732	[  --disable-libutil       disable use of libutil (login() etc.) [no]],
3733	[
3734		if test "x$enableval" = "xno" ; then
3735			AC_DEFINE(DISABLE_LOGIN)
3736		fi
3737	]
3738)
3739AC_ARG_ENABLE(pututline,
3740	[  --disable-pututline     disable use of pututline() etc. ([uw]tmp) [no]],
3741	[
3742		if test "x$enableval" = "xno" ; then
3743			AC_DEFINE(DISABLE_PUTUTLINE, 1,
3744				[Define if you don't want to use pututline()
3745				etc. to write [uw]tmp])
3746		fi
3747	]
3748)
3749AC_ARG_ENABLE(pututxline,
3750	[  --disable-pututxline    disable use of pututxline() etc. ([uw]tmpx) [no]],
3751	[
3752		if test "x$enableval" = "xno" ; then
3753			AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3754				[Define if you don't want to use pututxline()
3755				etc. to write [uw]tmpx])
3756		fi
3757	]
3758)
3759AC_ARG_WITH(lastlog,
3760  [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3761	[
3762		if test "x$withval" = "xno" ; then
3763			AC_DEFINE(DISABLE_LASTLOG)
3764		elif test -n "$withval"  &&  test "x${withval}" != "xyes"; then
3765			conf_lastlog_location=$withval
3766		fi
3767	]
3768)
3769
3770dnl lastlog, [uw]tmpx? detection
3771dnl  NOTE: set the paths in the platform section to avoid the
3772dnl   need for command-line parameters
3773dnl lastlog and [uw]tmp are subject to a file search if all else fails
3774
3775dnl lastlog detection
3776dnl  NOTE: the code itself will detect if lastlog is a directory
3777AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3778AC_TRY_COMPILE([
3779#include <sys/types.h>
3780#include <utmp.h>
3781#ifdef HAVE_LASTLOG_H
3782#  include <lastlog.h>
3783#endif
3784#ifdef HAVE_PATHS_H
3785#  include <paths.h>
3786#endif
3787#ifdef HAVE_LOGIN_H
3788# include <login.h>
3789#endif
3790	],
3791	[ char *lastlog = LASTLOG_FILE; ],
3792	[ AC_MSG_RESULT(yes) ],
3793	[
3794		AC_MSG_RESULT(no)
3795		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3796		AC_TRY_COMPILE([
3797#include <sys/types.h>
3798#include <utmp.h>
3799#ifdef HAVE_LASTLOG_H
3800#  include <lastlog.h>
3801#endif
3802#ifdef HAVE_PATHS_H
3803#  include <paths.h>
3804#endif
3805		],
3806		[ char *lastlog = _PATH_LASTLOG; ],
3807		[ AC_MSG_RESULT(yes) ],
3808		[
3809			AC_MSG_RESULT(no)
3810			system_lastlog_path=no
3811		])
3812	]
3813)
3814
3815if test -z "$conf_lastlog_location"; then
3816	if test x"$system_lastlog_path" = x"no" ; then
3817		for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3818				if (test -d "$f" || test -f "$f") ; then
3819					conf_lastlog_location=$f
3820				fi
3821		done
3822		if test -z "$conf_lastlog_location"; then
3823			AC_MSG_WARN([** Cannot find lastlog **])
3824			dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3825		fi
3826	fi
3827fi
3828
3829if test -n "$conf_lastlog_location"; then
3830	AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3831		[Define if you want to specify the path to your lastlog file])
3832fi
3833
3834dnl utmp detection
3835AC_MSG_CHECKING([if your system defines UTMP_FILE])
3836AC_TRY_COMPILE([
3837#include <sys/types.h>
3838#include <utmp.h>
3839#ifdef HAVE_PATHS_H
3840#  include <paths.h>
3841#endif
3842	],
3843	[ char *utmp = UTMP_FILE; ],
3844	[ AC_MSG_RESULT(yes) ],
3845	[ AC_MSG_RESULT(no)
3846	  system_utmp_path=no ]
3847)
3848if test -z "$conf_utmp_location"; then
3849	if test x"$system_utmp_path" = x"no" ; then
3850		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3851			if test -f $f ; then
3852				conf_utmp_location=$f
3853			fi
3854		done
3855		if test -z "$conf_utmp_location"; then
3856			AC_DEFINE(DISABLE_UTMP)
3857		fi
3858	fi
3859fi
3860if test -n "$conf_utmp_location"; then
3861	AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3862		[Define if you want to specify the path to your utmp file])
3863fi
3864
3865dnl wtmp detection
3866AC_MSG_CHECKING([if your system defines WTMP_FILE])
3867AC_TRY_COMPILE([
3868#include <sys/types.h>
3869#include <utmp.h>
3870#ifdef HAVE_PATHS_H
3871#  include <paths.h>
3872#endif
3873	],
3874	[ char *wtmp = WTMP_FILE; ],
3875	[ AC_MSG_RESULT(yes) ],
3876	[ AC_MSG_RESULT(no)
3877	  system_wtmp_path=no ]
3878)
3879if test -z "$conf_wtmp_location"; then
3880	if test x"$system_wtmp_path" = x"no" ; then
3881		for f in /usr/adm/wtmp /var/log/wtmp; do
3882			if test -f $f ; then
3883				conf_wtmp_location=$f
3884			fi
3885		done
3886		if test -z "$conf_wtmp_location"; then
3887			AC_DEFINE(DISABLE_WTMP)
3888		fi
3889	fi
3890fi
3891if test -n "$conf_wtmp_location"; then
3892	AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3893		[Define if you want to specify the path to your wtmp file])
3894fi
3895
3896
3897dnl utmpx detection - I don't know any system so perverse as to require
3898dnl  utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3899dnl  there, though.
3900AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3901AC_TRY_COMPILE([
3902#include <sys/types.h>
3903#include <utmp.h>
3904#ifdef HAVE_UTMPX_H
3905#include <utmpx.h>
3906#endif
3907#ifdef HAVE_PATHS_H
3908#  include <paths.h>
3909#endif
3910	],
3911	[ char *utmpx = UTMPX_FILE; ],
3912	[ AC_MSG_RESULT(yes) ],
3913	[ AC_MSG_RESULT(no)
3914	  system_utmpx_path=no ]
3915)
3916if test -z "$conf_utmpx_location"; then
3917	if test x"$system_utmpx_path" = x"no" ; then
3918		AC_DEFINE(DISABLE_UTMPX)
3919	fi
3920else
3921	AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3922		[Define if you want to specify the path to your utmpx file])
3923fi
3924
3925dnl wtmpx detection
3926AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3927AC_TRY_COMPILE([
3928#include <sys/types.h>
3929#include <utmp.h>
3930#ifdef HAVE_UTMPX_H
3931#include <utmpx.h>
3932#endif
3933#ifdef HAVE_PATHS_H
3934#  include <paths.h>
3935#endif
3936	],
3937	[ char *wtmpx = WTMPX_FILE; ],
3938	[ AC_MSG_RESULT(yes) ],
3939	[ AC_MSG_RESULT(no)
3940	  system_wtmpx_path=no ]
3941)
3942if test -z "$conf_wtmpx_location"; then
3943	if test x"$system_wtmpx_path" = x"no" ; then
3944		AC_DEFINE(DISABLE_WTMPX)
3945	fi
3946else
3947	AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3948		[Define if you want to specify the path to your wtmpx file])
3949fi
3950
3951
3952if test ! -z "$blibpath" ; then
3953	LDFLAGS="$LDFLAGS $blibflags$blibpath"
3954	AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3955fi
3956
3957dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3958dnl Add now.
3959CFLAGS="$CFLAGS $werror_flags"
3960
3961AC_EXEEXT
3962AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3963	openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3964	scard/Makefile ssh_prng_cmds survey.sh])
3965AC_OUTPUT
3966
3967# Print summary of options
3968
3969# Someone please show me a better way :)
3970A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3971B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3972C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3973D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3974E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3975F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3976G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3977H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3978I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3979J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3980
3981echo ""
3982echo "OpenSSH has been configured with the following options:"
3983echo "                     User binaries: $B"
3984echo "                   System binaries: $C"
3985echo "               Configuration files: $D"
3986echo "                   Askpass program: $E"
3987echo "                      Manual pages: $F"
3988echo "                          PID file: $G"
3989echo "  Privilege separation chroot path: $H"
3990if test "x$external_path_file" = "x/etc/login.conf" ; then
3991echo "   At runtime, sshd will use the path defined in $external_path_file"
3992echo "   Make sure the path to scp is present, otherwise scp will not work"
3993else
3994echo "            sshd default user PATH: $I"
3995	if test ! -z "$external_path_file"; then
3996echo "   (If PATH is set in $external_path_file it will be used instead. If"
3997echo "   used, ensure the path to scp is present, otherwise scp will not work.)"
3998	fi
3999fi
4000if test ! -z "$superuser_path" ; then
4001echo "          sshd superuser user PATH: $J"
4002fi
4003echo "                    Manpage format: $MANTYPE"
4004echo "                       PAM support: $PAM_MSG"
4005echo "                   OSF SIA support: $SIA_MSG"
4006echo "                 KerberosV support: $KRB5_MSG"
4007echo "                   SELinux support: $SELINUX_MSG"
4008echo "                 Smartcard support: $SCARD_MSG"
4009echo "                     S/KEY support: $SKEY_MSG"
4010echo "                      OPIE support: $OPIE_MSG"
4011echo "              TCP Wrappers support: $TCPW_MSG"
4012echo "              MD5 password support: $MD5_MSG"
4013echo "                   libedit support: $LIBEDIT_MSG"
4014echo "  Solaris process contract support: $SPC_MSG"
4015echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4016echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4017echo "                  BSD Auth support: $BSD_AUTH_MSG"
4018echo "              Random number source: $RAND_MSG"
4019if test ! -z "$USE_RAND_HELPER" ; then
4020echo "     ssh-rand-helper collects from: $RAND_HELPER_MSG"
4021fi
4022
4023echo ""
4024
4025echo "              Host: ${host}"
4026echo "          Compiler: ${CC}"
4027echo "    Compiler flags: ${CFLAGS}"
4028echo "Preprocessor flags: ${CPPFLAGS}"
4029echo "      Linker flags: ${LDFLAGS}"
4030echo "         Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
4031
4032echo ""
4033
4034if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4035	echo "SVR4 style packages are supported with \"make package\""
4036	echo ""
4037fi
4038
4039if test "x$PAM_MSG" = "xyes" ; then
4040	echo "PAM is enabled. You may need to install a PAM control file "
4041	echo "for sshd, otherwise password authentication may fail. "
4042	echo "Example PAM control files can be found in the contrib/ "
4043	echo "subdirectory"
4044	echo ""
4045fi
4046
4047if test ! -z "$RAND_HELPER_CMDHASH" ; then
4048	echo "WARNING: you are using the builtin random number collection "
4049	echo "service. Please read WARNING.RNG and request that your OS "
4050	echo "vendor includes kernel-based random number collection in "
4051	echo "future versions of your OS."
4052	echo ""
4053fi
4054
4055if test ! -z "$NO_PEERCHECK" ; then
4056	echo "WARNING: the operating system that you are using does not "
4057	echo "appear to support either the getpeereid() API nor the "
4058	echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4059	echo "enforce security checks to prevent unauthorised connections to "
4060	echo "ssh-agent. Their absence increases the risk that a malicious "
4061	echo "user can connect to your agent. "
4062	echo ""
4063fi
4064
4065if test "$AUDIT_MODULE" = "bsm" ; then
4066	echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4067	echo "See the Solaris section in README.platform for details."
4068fi
4069