diff options
Diffstat (limited to 'crypto/openssh/configure.ac')
-rw-r--r-- | crypto/openssh/configure.ac | 4028 |
1 files changed, 0 insertions, 4028 deletions
diff --git a/crypto/openssh/configure.ac b/crypto/openssh/configure.ac deleted file mode 100644 index c596a7b..0000000 --- a/crypto/openssh/configure.ac +++ /dev/null @@ -1,4028 +0,0 @@ -# $Id: configure.ac,v 1.370 2006/10/06 23:07:21 dtucker Exp $ -# -# Copyright (c) 1999-2004 Damien Miller -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.370 $) -AC_CONFIG_SRCDIR([ssh.c]) - -AC_CONFIG_HEADER(config.h) -AC_PROG_CC -AC_CANONICAL_HOST -AC_C_BIGENDIAN - -# Checks for programs. -AC_PROG_AWK -AC_PROG_CPP -AC_PROG_RANLIB -AC_PROG_INSTALL -AC_PROG_EGREP -AC_PATH_PROG(AR, ar) -AC_PATH_PROG(CAT, cat) -AC_PATH_PROG(KILL, kill) -AC_PATH_PROGS(PERL, perl5 perl) -AC_PATH_PROG(SED, sed) -AC_SUBST(PERL) -AC_PATH_PROG(ENT, ent) -AC_SUBST(ENT) -AC_PATH_PROG(TEST_MINUS_S_SH, bash) -AC_PATH_PROG(TEST_MINUS_S_SH, ksh) -AC_PATH_PROG(TEST_MINUS_S_SH, sh) -AC_PATH_PROG(SH, sh) -AC_SUBST(TEST_SHELL,sh) - -dnl for buildpkg.sh -AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd, - [/usr/sbin${PATH_SEPARATOR}/etc]) -AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd, - [/usr/sbin${PATH_SEPARATOR}/etc]) -AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no) -if test -x /sbin/sh; then - AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh) -else - AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh) -fi - -# System features -AC_SYS_LARGEFILE - -if test -z "$AR" ; then - AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) -fi - -# Use LOGIN_PROGRAM from environment if possible -if test ! -z "$LOGIN_PROGRAM" ; then - AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM", - [If your header files don't define LOGIN_PROGRAM, - then use this (detected) from environment and PATH]) -else - # Search for login - AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login) - if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then - AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK") - fi -fi - -AC_PATH_PROG(PATH_PASSWD_PROG, passwd) -if test ! -z "$PATH_PASSWD_PROG" ; then - AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG", - [Full path of your "passwd" program]) -fi - -if test -z "$LD" ; then - LD=$CC -fi -AC_SUBST(LD) - -AC_C_INLINE - -AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>]) - -if test "$GCC" = "yes" || test "$GCC" = "egcs"; then - CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized" - GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` - case $GCC_VER in - 1.*) ;; - 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;; - 2.*) ;; - 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;; - 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;; - *) ;; - esac - - if test -z "$have_llong_max"; then - # retry LLONG_MAX with -std=gnu99, needed on some Linuxes - unset ac_cv_have_decl_LLONG_MAX - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS -std=gnu99" - AC_CHECK_DECL(LLONG_MAX, - [have_llong_max=1], - [CFLAGS="$saved_CFLAGS"], - [#include <limits.h>] - ) - fi -fi - -AC_ARG_WITH(rpath, - [ --without-rpath Disable auto-added -R linker paths], - [ - if test "x$withval" = "xno" ; then - need_dash_r="" - fi - if test "x$withval" = "xyes" ; then - need_dash_r=1 - fi - ] -) - -# Allow user to specify flags -AC_ARG_WITH(cflags, - [ --with-cflags Specify additional flags to pass to compiler], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CFLAGS="$CFLAGS $withval" - fi - ] -) -AC_ARG_WITH(cppflags, - [ --with-cppflags Specify additional flags to pass to preprocessor] , - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CPPFLAGS="$CPPFLAGS $withval" - fi - ] -) -AC_ARG_WITH(ldflags, - [ --with-ldflags Specify additional flags to pass to linker], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LDFLAGS="$LDFLAGS $withval" - fi - ] -) -AC_ARG_WITH(libs, - [ --with-libs Specify additional libraries to link with], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LIBS="$LIBS $withval" - fi - ] -) -AC_ARG_WITH(Werror, - [ --with-Werror Build main code with -Werror], - [ - if test -n "$withval" && test "x$withval" != "xno"; then - werror_flags="-Werror" - if test "x${withval}" != "xyes"; then - werror_flags="$withval" - fi - fi - ] -) - -AC_CHECK_HEADERS( \ - bstring.h \ - crypt.h \ - crypto/sha2.h \ - dirent.h \ - endian.h \ - features.h \ - fcntl.h \ - floatingpoint.h \ - getopt.h \ - glob.h \ - ia.h \ - iaf.h \ - limits.h \ - login.h \ - maillock.h \ - ndir.h \ - net/if_tun.h \ - netdb.h \ - netgroup.h \ - pam/pam_appl.h \ - paths.h \ - pty.h \ - readpassphrase.h \ - rpc/types.h \ - security/pam_appl.h \ - sha2.h \ - shadow.h \ - stddef.h \ - stdint.h \ - string.h \ - strings.h \ - sys/audit.h \ - sys/bitypes.h \ - sys/bsdtty.h \ - sys/cdefs.h \ - sys/dir.h \ - sys/mman.h \ - sys/ndir.h \ - sys/prctl.h \ - sys/pstat.h \ - sys/select.h \ - sys/stat.h \ - sys/stream.h \ - sys/stropts.h \ - sys/strtio.h \ - sys/sysmacros.h \ - sys/time.h \ - sys/timers.h \ - sys/un.h \ - time.h \ - tmpdir.h \ - ttyent.h \ - unistd.h \ - usersec.h \ - util.h \ - utime.h \ - utmp.h \ - utmpx.h \ - vis.h \ -) - -# lastlog.h requires sys/time.h to be included first on Solaris -AC_CHECK_HEADERS(lastlog.h, [], [], [ -#ifdef HAVE_SYS_TIME_H -# include <sys/time.h> -#endif -]) - -# sys/ptms.h requires sys/stream.h to be included first on Solaris -AC_CHECK_HEADERS(sys/ptms.h, [], [], [ -#ifdef HAVE_SYS_STREAM_H -# include <sys/stream.h> -#endif -]) - -# login_cap.h requires sys/types.h on NetBSD -AC_CHECK_HEADERS(login_cap.h, [], [], [ -#include <sys/types.h> -]) - -# Messages for features tested for in target-specific section -SIA_MSG="no" -SPC_MSG="no" - -# Check for some target-specific stuff -case "$host" in -*-*-aix*) - # Some versions of VAC won't allow macro redefinitions at - # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that - # particularly with older versions of vac or xlc. - # It also throws errors about null macro argments, but these are - # not fatal. - AC_MSG_CHECKING(if compiler allows macro redefinitions) - AC_COMPILE_IFELSE( - [AC_LANG_SOURCE([[ -#define testmacro foo -#define testmacro bar -int main(void) { exit(0); } - ]])], - [ AC_MSG_RESULT(yes) ], - [ AC_MSG_RESULT(no) - CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" - LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" - CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" - CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" - ] - ) - - AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) - if (test -z "$blibpath"); then - blibpath="/usr/lib:/lib" - fi - saved_LDFLAGS="$LDFLAGS" - if test "$GCC" = "yes"; then - flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" - else - flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," - fi - for tryflags in $flags ;do - if (test -z "$blibflags"); then - LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" - AC_TRY_LINK([], [], [blibflags=$tryflags]) - fi - done - if (test -z "$blibflags"); then - AC_MSG_RESULT(not found) - AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) - else - AC_MSG_RESULT($blibflags) - fi - LDFLAGS="$saved_LDFLAGS" - dnl Check for authenticate. Might be in libs.a on older AIXes - AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1, - [Define if you want to enable AIX4's authenticate function])], - [AC_CHECK_LIB(s,authenticate, - [ AC_DEFINE(WITH_AIXAUTHENTICATE) - LIBS="$LIBS -ls" - ]) - ]) - dnl Check for various auth function declarations in headers. - AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, - passwdexpired, setauthdb], , , [#include <usersec.h>]) - dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) - AC_CHECK_DECLS(loginfailed, - [AC_MSG_CHECKING(if loginfailed takes 4 arguments) - AC_TRY_COMPILE( - [#include <usersec.h>], - [(void)loginfailed("user","host","tty",0);], - [AC_MSG_RESULT(yes) - AC_DEFINE(AIX_LOGINFAILED_4ARG, 1, - [Define if your AIX loginfailed() function - takes 4 arguments (AIX >= 5.2)])], - [AC_MSG_RESULT(no)] - )], - [], - [#include <usersec.h>] - ) - AC_CHECK_FUNCS(setauthdb) - AC_CHECK_DECL(F_CLOSEM, - AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]), - [], - [ #include <limits.h> - #include <fcntl.h> ] - ) - check_for_aix_broken_getaddrinfo=1 - AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.]) - AC_DEFINE(SETEUID_BREAKS_SETUID, 1, - [Define if your platform breaks doing a seteuid before a setuid]) - AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken]) - AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken]) - dnl AIX handles lastlog as part of its login message - AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog]) - AC_DEFINE(LOGIN_NEEDS_UTMPX, 1, - [Some systems need a utmpx entry for /bin/login to work]) - AC_DEFINE(SPT_TYPE,SPT_REUSEARGV, - [Define to a Set Process Title type if your system is - supported by bsd-setproctitle.c]) - AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1, - [AIX 5.2 and 5.3 (and presumably newer) require this]) - AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd]) - ;; -*-*-cygwin*) - check_for_libcrypt_later=1 - LIBS="$LIBS /usr/lib/textmode.o" - AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin]) - AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()]) - AC_DEFINE(DISABLE_SHADOW, 1, - [Define if you want to disable shadow passwords]) - AC_DEFINE(IP_TOS_IS_BROKEN, 1, - [Define if your system choked on IP TOS setting]) - AC_DEFINE(NO_X11_UNIX_SOCKETS, 1, - [Define if X11 doesn't support AF_UNIX sockets on that system]) - AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1, - [Define if the concept of ports only accessible to - superusers isn't known]) - AC_DEFINE(DISABLE_FD_PASSING, 1, - [Define if your platform needs to skip post auth - file descriptor passing]) - ;; -*-*-dgux*) - AC_DEFINE(IP_TOS_IS_BROKEN) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - ;; -*-*-darwin*) - AC_MSG_CHECKING(if we have working getaddrinfo) - AC_TRY_RUN([#include <mach-o/dyld.h> -main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) - exit(0); - else - exit(1); -}], [AC_MSG_RESULT(working)], - [AC_MSG_RESULT(buggy) - AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])], - [AC_MSG_RESULT(assume it is working)]) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1, - [Define if your resolver libs need this for getrrsetbyname]) - AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) - AC_DEFINE(SSH_TUN_COMPAT_AF, 1, - [Use tunnel device compatibility to OpenBSD]) - AC_DEFINE(SSH_TUN_PREPEND_AF, 1, - [Prepend the address family to IP tunnel traffic]) - ;; -*-*-dragonfly*) - SSHDLIBS="$SSHDLIBS -lcrypt" - ;; -*-*-hpux*) - # first we define all of the options common to all HP-UX releases - CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" - IPADDR_IN_DISPLAY=yes - AC_DEFINE(USE_PIPES) - AC_DEFINE(LOGIN_NO_ENDOPT, 1, - [Define if your login program cannot handle end of options ("--")]) - AC_DEFINE(LOGIN_NEEDS_UTMPX) - AC_DEFINE(LOCKED_PASSWD_STRING, "*", - [String used in /etc/passwd to denote locked account]) - AC_DEFINE(SPT_TYPE,SPT_PSTAT) - MAIL="/var/mail/username" - LIBS="$LIBS -lsec" - AC_CHECK_LIB(xnet, t_error, , - AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) - - # next, we define all of the options specific to major releases - case "$host" in - *-*-hpux10*) - if test -z "$GCC"; then - CFLAGS="$CFLAGS -Ae" - fi - ;; - *-*-hpux11*) - AC_DEFINE(PAM_SUN_CODEBASE, 1, - [Define if you are using Solaris-derived PAM which - passes pam_messages to the conversation function - with an extra level of indirection]) - AC_DEFINE(DISABLE_UTMP, 1, - [Define if you don't want to use utmp]) - AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) - check_for_hpux_broken_getaddrinfo=1 - check_for_conflicting_getspnam=1 - ;; - esac - - # lastly, we define options specific to minor releases - case "$host" in - *-*-hpux10.26) - AC_DEFINE(HAVE_SECUREWARE, 1, - [Define if you have SecureWare-based - protected password database]) - disable_ptmx_check=yes - LIBS="$LIBS -lsecpw" - ;; - esac - ;; -*-*-irix5*) - PATH="$PATH:/usr/etc" - AC_DEFINE(BROKEN_INET_NTOA, 1, - [Define if you system's inet_ntoa is busted - (e.g. Irix gcc issue)]) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(WITH_ABBREV_NO_TTY, 1, - [Define if you shouldn't strip 'tty' from your - ttyname in [uw]tmp]) - AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") - ;; -*-*-irix6*) - PATH="$PATH:/usr/etc" - AC_DEFINE(WITH_IRIX_ARRAY, 1, - [Define if you have/want arrays - (cluster-wide session managment, not C arrays)]) - AC_DEFINE(WITH_IRIX_PROJECT, 1, - [Define if you want IRIX project management]) - AC_DEFINE(WITH_IRIX_AUDIT, 1, - [Define if you want IRIX audit trails]) - AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1, - [Define if you want IRIX kernel jobs])]) - AC_DEFINE(BROKEN_INET_NTOA) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)]) - AC_DEFINE(WITH_ABBREV_NO_TTY) - AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") - ;; -*-*-linux*) - no_dev_ptmx=1 - check_for_libcrypt_later=1 - check_for_openpty_ctty_bug=1 - AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks]) - AC_DEFINE(PAM_TTY_KLUDGE, 1, - [Work around problematic Linux PAM modules handling of PAM_TTY]) - AC_DEFINE(LOCKED_PASSWD_PREFIX, "!", - [String used in /etc/passwd to denote locked account]) - AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) - AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM, - [Define to whatever link() returns for "not supported" - if it doesn't return EOPNOTSUPP.]) - AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts]) - AC_DEFINE(USE_BTMP) - inet6_default_4in6=yes - case `uname -r` in - 1.*|2.0.*) - AC_DEFINE(BROKEN_CMSG_TYPE, 1, - [Define if cmsg_type is not passed correctly]) - ;; - esac - # tun(4) forwarding compat code - AC_CHECK_HEADERS(linux/if_tun.h) - if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then - AC_DEFINE(SSH_TUN_LINUX, 1, - [Open tunnel devices the Linux tun/tap way]) - AC_DEFINE(SSH_TUN_COMPAT_AF, 1, - [Use tunnel device compatibility to OpenBSD]) - AC_DEFINE(SSH_TUN_PREPEND_AF, 1, - [Prepend the address family to IP tunnel traffic]) - fi - ;; -mips-sony-bsd|mips-sony-newsos4) - AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty]) - SONY=1 - ;; -*-*-netbsd*) - check_for_libcrypt_before=1 - if test "x$withval" != "xno" ; then - need_dash_r=1 - fi - AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) - AC_CHECK_HEADER([net/if_tap.h], , - AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support])) - AC_DEFINE(SSH_TUN_PREPEND_AF, 1, - [Prepend the address family to IP tunnel traffic]) - ;; -*-*-freebsd*) - check_for_libcrypt_later=1 - AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)]) - AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way]) - AC_CHECK_HEADER([net/if_tap.h], , - AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support])) - ;; -*-*-bsdi*) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - ;; -*-next-*) - conf_lastlog_location="/usr/adm/lastlog" - conf_utmp_location=/etc/utmp - conf_wtmp_location=/usr/adm/wtmp - MAIL=/usr/spool/mail - AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT]) - AC_DEFINE(BROKEN_REALPATH) - AC_DEFINE(USE_PIPES) - AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT]) - ;; -*-*-openbsd*) - AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel]) - AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded]) - AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way]) - AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1, - [syslog_r function is safe to use in in a signal handler]) - ;; -*-*-solaris*) - if test "x$withval" != "xno" ; then - need_dash_r=1 - fi - AC_DEFINE(PAM_SUN_CODEBASE) - AC_DEFINE(LOGIN_NEEDS_UTMPX) - AC_DEFINE(LOGIN_NEEDS_TERM, 1, - [Some versions of /bin/login need the TERM supplied - on the commandline]) - AC_DEFINE(PAM_TTY_KLUDGE) - AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1, - [Define if pam_chauthtok wants real uid set - to the unpriv'ed user]) - AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") - # Pushing STREAMS modules will cause sshd to acquire a controlling tty. - AC_DEFINE(SSHD_ACQUIRES_CTTY, 1, - [Define if sshd somehow reacquires a controlling TTY - after setsid()]) - AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd - in case the name is longer than 8 chars]) - external_path_file=/etc/default/login - # hardwire lastlog location (can't detect it on some versions) - conf_lastlog_location="/var/adm/lastlog" - AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x) - sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` - if test "$sol2ver" -ge 8; then - AC_MSG_RESULT(yes) - AC_DEFINE(DISABLE_UTMP) - AC_DEFINE(DISABLE_WTMP, 1, - [Define if you don't want to use wtmp]) - else - AC_MSG_RESULT(no) - fi - AC_ARG_WITH(solaris-contracts, - [ --with-solaris-contracts Enable Solaris process contracts (experimental)], - [ - AC_CHECK_LIB(contract, ct_tmpl_activate, - [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, - [Define if you have Solaris process contracts]) - SSHDLIBS="$SSHDLIBS -lcontract" - AC_SUBST(SSHDLIBS) - SPC_MSG="yes" ], ) - ], - ) - ;; -*-*-sunos4*) - CPPFLAGS="$CPPFLAGS -DSUNOS4" - AC_CHECK_FUNCS(getpwanam) - AC_DEFINE(PAM_SUN_CODEBASE) - conf_utmp_location=/etc/utmp - conf_wtmp_location=/var/adm/wtmp - conf_lastlog_location=/var/adm/lastlog - AC_DEFINE(USE_PIPES) - ;; -*-ncr-sysv*) - LIBS="$LIBS -lc89" - AC_DEFINE(USE_PIPES) - AC_DEFINE(SSHD_ACQUIRES_CTTY) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - ;; -*-sni-sysv*) - # /usr/ucblib MUST NOT be searched on ReliantUNIX - AC_CHECK_LIB(dl, dlsym, ,) - # -lresolv needs to be at the end of LIBS or DNS lookups break - AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ]) - IPADDR_IN_DISPLAY=yes - AC_DEFINE(USE_PIPES) - AC_DEFINE(IP_TOS_IS_BROKEN) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(SSHD_ACQUIRES_CTTY) - external_path_file=/etc/default/login - # /usr/ucblib/libucb.a no longer needed on ReliantUNIX - # Attention: always take care to bind libsocket and libnsl before libc, - # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog - ;; -# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. -*-*-sysv4.2*) - AC_DEFINE(USE_PIPES) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) - AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") - ;; -# UnixWare 7.x, OpenUNIX 8 -*-*-sysv5*) - check_for_libcrypt_later=1 - AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars]) - AC_DEFINE(USE_PIPES) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(PASSWD_NEEDS_USERNAME) - case "$host" in - *-*-sysv5SCO_SV*) # SCO OpenServer 6.x - TEST_SHELL=/u95/bin/sh - AC_DEFINE(BROKEN_LIBIAF, 1, - [ia_uinfo routines not supported by OS yet]) - AC_DEFINE(BROKEN_UPDWTMPX) - ;; - *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") - ;; - esac - ;; -*-*-sysv*) - ;; -# SCO UNIX and OEM versions of SCO UNIX -*-*-sco3.2v4*) - AC_MSG_ERROR("This Platform is no longer supported.") - ;; -# SCO OpenServer 5.x -*-*-sco3.2v5*) - if test -z "$GCC"; then - CFLAGS="$CFLAGS -belf" - fi - LIBS="$LIBS -lprot -lx -ltinfo -lm" - no_dev_ptmx=1 - AC_DEFINE(USE_PIPES) - AC_DEFINE(HAVE_SECUREWARE) - AC_DEFINE(DISABLE_SHADOW) - AC_DEFINE(DISABLE_FD_PASSING) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(WITH_ABBREV_NO_TTY) - AC_DEFINE(BROKEN_UPDWTMPX) - AC_DEFINE(PASSWD_NEEDS_USERNAME) - AC_CHECK_FUNCS(getluid setluid) - MANTYPE=man - TEST_SHELL=ksh - ;; -*-*-unicosmk*) - AC_DEFINE(NO_SSH_LASTLOG, 1, - [Define if you don't want to use lastlog in session.c]) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(USE_PIPES) - AC_DEFINE(DISABLE_FD_PASSING) - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; -*-*-unicosmp*) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(WITH_ABBREV_NO_TTY) - AC_DEFINE(USE_PIPES) - AC_DEFINE(DISABLE_FD_PASSING) - LDFLAGS="$LDFLAGS" - LIBS="$LIBS -lgen -lacid -ldb" - MANTYPE=cat - ;; -*-*-unicos*) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(USE_PIPES) - AC_DEFINE(DISABLE_FD_PASSING) - AC_DEFINE(NO_SSH_LASTLOG) - LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" - LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" - MANTYPE=cat - ;; -*-dec-osf*) - AC_MSG_CHECKING(for Digital Unix SIA) - no_osfsia="" - AC_ARG_WITH(osfsia, - [ --with-osfsia Enable Digital Unix SIA], - [ - if test "x$withval" = "xno" ; then - AC_MSG_RESULT(disabled) - no_osfsia=1 - fi - ], - ) - if test -z "$no_osfsia" ; then - if test -f /etc/sia/matrix.conf; then - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_OSF_SIA, 1, - [Define if you have Digital Unix Security - Integration Architecture]) - AC_DEFINE(DISABLE_LOGIN, 1, - [Define if you don't want to use your - system's login() call]) - AC_DEFINE(DISABLE_FD_PASSING) - LIBS="$LIBS -lsecurity -ldb -lm -laud" - SIA_MSG="yes" - else - AC_MSG_RESULT(no) - AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin", - [String used in /etc/passwd to denote locked account]) - fi - fi - AC_DEFINE(BROKEN_GETADDRINFO) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - ;; - -*-*-nto-qnx*) - AC_DEFINE(USE_PIPES) - AC_DEFINE(NO_X11_UNIX_SOCKETS) - AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems]) - AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems]) - AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems]) - AC_DEFINE(DISABLE_LASTLOG) - AC_DEFINE(SSHD_ACQUIRES_CTTY) - enable_etc_default_login=no # has incompatible /etc/default/login - ;; - -*-*-ultrix*) - AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1]) - AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files]) - AC_DEFINE(NEED_SETPGRP) - AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix]) - ;; - -*-*-lynxos) - CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" - AC_DEFINE(MISSING_HOWMANY) - AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation]) - ;; -esac - -AC_MSG_CHECKING(compiler and flags for sanity) -AC_RUN_IFELSE( - [AC_LANG_SOURCE([ -#include <stdio.h> -int main(){exit(0);} - ])], - [ AC_MSG_RESULT(yes) ], - [ - AC_MSG_RESULT(no) - AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) - ], - [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] -) - -dnl Checks for header files. -# Checks for libraries. -AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) -AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) - -dnl IRIX and Solaris 2.5.1 have dirname() in libgen -AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ - AC_CHECK_LIB(gen, dirname,[ - AC_CACHE_CHECK([for broken dirname], - ac_cv_have_broken_dirname, [ - save_LIBS="$LIBS" - LIBS="$LIBS -lgen" - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <libgen.h> -#include <string.h> - -int main(int argc, char **argv) { - char *s, buf[32]; - - strncpy(buf,"/etc", 32); - s = dirname(buf); - if (!s || strncmp(s, "/", 32) != 0) { - exit(1); - } else { - exit(0); - } -} - ]])], - [ ac_cv_have_broken_dirname="no" ], - [ ac_cv_have_broken_dirname="yes" ], - [ ac_cv_have_broken_dirname="no" ], - ) - LIBS="$save_LIBS" - ]) - if test "x$ac_cv_have_broken_dirname" = "xno" ; then - LIBS="$LIBS -lgen" - AC_DEFINE(HAVE_DIRNAME) - AC_CHECK_HEADERS(libgen.h) - fi - ]) -]) - -AC_CHECK_FUNC(getspnam, , - AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen")) -AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1, - [Define if you have the basename function.])) - -dnl zlib is required -AC_ARG_WITH(zlib, - [ --with-zlib=PATH Use zlib in PATH], - [ if test "x$withval" = "xno" ; then - AC_MSG_ERROR([*** zlib is required ***]) - elif test "x$withval" != "xyes"; then - if test -d "$withval/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" - else - LDFLAGS="-L${withval} ${LDFLAGS}" - fi - fi - if test -d "$withval/include"; then - CPPFLAGS="-I${withval}/include ${CPPFLAGS}" - else - CPPFLAGS="-I${withval} ${CPPFLAGS}" - fi - fi ] -) - -AC_CHECK_LIB(z, deflate, , - [ - saved_CPPFLAGS="$CPPFLAGS" - saved_LDFLAGS="$LDFLAGS" - save_LIBS="$LIBS" - dnl Check default zlib install dir - if test -n "${need_dash_r}"; then - LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" - else - LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" - fi - CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" - LIBS="$LIBS -lz" - AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ), - [ - AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) - ] - ) - ] -) -AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])) - -AC_ARG_WITH(zlib-version-check, - [ --without-zlib-version-check Disable zlib version check], - [ if test "x$withval" = "xno" ; then - zlib_check_nonfatal=1 - fi - ] -) - -AC_MSG_CHECKING(for possibly buggy zlib) -AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#include <stdio.h> -#include <zlib.h> -int main() -{ - int a=0, b=0, c=0, d=0, n, v; - n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); - if (n != 3 && n != 4) - exit(1); - v = a*1000000 + b*10000 + c*100 + d; - fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); - - /* 1.1.4 is OK */ - if (a == 1 && b == 1 && c >= 4) - exit(0); - - /* 1.2.3 and up are OK */ - if (v >= 1020300) - exit(0); - - exit(2); -} - ]])], - AC_MSG_RESULT(no), - [ AC_MSG_RESULT(yes) - if test -z "$zlib_check_nonfatal" ; then - AC_MSG_ERROR([*** zlib too old - check config.log *** -Your reported zlib version has known security problems. It's possible your -vendor has fixed these problems without changing the version number. If you -are sure this is the case, you can disable the check by running -"./configure --without-zlib-version-check". -If you are in doubt, upgrade zlib to version 1.2.3 or greater. -See http://www.gzip.org/zlib/ for details.]) - else - AC_MSG_WARN([zlib version may have security problems]) - fi - ], - [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] -) - -dnl UnixWare 2.x -AC_CHECK_FUNC(strcasecmp, - [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ] -) -AC_CHECK_FUNCS(utimes, - [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES) - LIBS="$LIBS -lc89"]) ] -) - -dnl Checks for libutil functions -AC_CHECK_HEADERS(libutil.h) -AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1, - [Define if your libraries define login()])]) -AC_CHECK_FUNCS(logout updwtmp logwtmp) - -AC_FUNC_STRFTIME - -# Check for ALTDIRFUNC glob() extension -AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support) -AC_EGREP_CPP(FOUNDIT, - [ - #include <glob.h> - #ifdef GLOB_ALTDIRFUNC - FOUNDIT - #endif - ], - [ - AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1, - [Define if your system glob() function has - the GLOB_ALTDIRFUNC extension]) - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - ] -) - -# Check for g.gl_matchc glob() extension -AC_MSG_CHECKING(for gl_matchc field in glob_t) -AC_TRY_COMPILE( - [ #include <glob.h> ], - [glob_t g; g.gl_matchc = 1;], - [ - AC_DEFINE(GLOB_HAS_GL_MATCHC, 1, - [Define if your system glob() function has - gl_matchc options in glob_t]) - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - ] -) - -AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>]) - -AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) -AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <sys/types.h> -#include <dirent.h> -int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} - ]])], - [AC_MSG_RESULT(yes)], - [ - AC_MSG_RESULT(no) - AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1, - [Define if your struct dirent expects you to - allocate extra space for d_name]) - ], - [ - AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) - AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) - ] -) - -AC_MSG_CHECKING([for /proc/pid/fd directory]) -if test -d "/proc/$$/fd" ; then - AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd]) - AC_MSG_RESULT(yes) -else - AC_MSG_RESULT(no) -fi - -# Check whether user wants S/Key support -SKEY_MSG="no" -AC_ARG_WITH(skey, - [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], - [ - if test "x$withval" != "xno" ; then - - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - LDFLAGS="$LDFLAGS -L${withval}/lib" - fi - - AC_DEFINE(SKEY, 1, [Define if you want S/Key support]) - LIBS="-lskey $LIBS" - SKEY_MSG="yes" - - AC_MSG_CHECKING([for s/key support]) - AC_LINK_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -#include <skey.h> -int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } - ]])], - [AC_MSG_RESULT(yes)], - [ - AC_MSG_RESULT(no) - AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) - ]) - AC_MSG_CHECKING(if skeychallenge takes 4 arguments) - AC_TRY_COMPILE( - [#include <stdio.h> - #include <skey.h>], - [(void)skeychallenge(NULL,"name","",0);], - [AC_MSG_RESULT(yes) - AC_DEFINE(SKEYCHALLENGE_4ARG, 1, - [Define if your skeychallenge() - function takes 4 arguments (NetBSD)])], - [AC_MSG_RESULT(no)] - ) - fi - ] -) - -# Check whether user wants TCP wrappers support -TCPW_MSG="no" -AC_ARG_WITH(tcp-wrappers, - [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], - [ - if test "x$withval" != "xno" ; then - saved_LIBS="$LIBS" - saved_LDFLAGS="$LDFLAGS" - saved_CPPFLAGS="$CPPFLAGS" - if test -n "${withval}" && \ - test "x${withval}" != "xyes"; then - if test -d "${withval}/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" - else - LDFLAGS="-L${withval} ${LDFLAGS}" - fi - fi - if test -d "${withval}/include"; then - CPPFLAGS="-I${withval}/include ${CPPFLAGS}" - else - CPPFLAGS="-I${withval} ${CPPFLAGS}" - fi - fi - LIBWRAP="-lwrap" - LIBS="$LIBWRAP $LIBS" - AC_MSG_CHECKING(for libwrap) - AC_TRY_LINK( - [ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <tcpd.h> - int deny_severity = 0, allow_severity = 0; - ], - [hosts_access(0);], - [ - AC_MSG_RESULT(yes) - AC_DEFINE(LIBWRAP, 1, - [Define if you want - TCP Wrappers support]) - AC_SUBST(LIBWRAP) - TCPW_MSG="yes" - ], - [ - AC_MSG_ERROR([*** libwrap missing]) - ] - ) - LIBS="$saved_LIBS" - fi - ] -) - -# Check whether user wants libedit support -LIBEDIT_MSG="no" -AC_ARG_WITH(libedit, - [ --with-libedit[[=PATH]] Enable libedit support for sftp], - [ if test "x$withval" != "xno" ; then - if test "x$withval" != "xyes"; then - CPPFLAGS="$CPPFLAGS -I${withval}/include" - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - fi - AC_CHECK_LIB(edit, el_init, - [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp]) - LIBEDIT="-ledit -lcurses" - LIBEDIT_MSG="yes" - AC_SUBST(LIBEDIT) - ], - [ AC_MSG_ERROR(libedit not found) ], - [ -lcurses ] - ) - AC_MSG_CHECKING(if libedit version is compatible) - AC_COMPILE_IFELSE( - [AC_LANG_SOURCE([[ -#include <histedit.h> -int main(void) -{ - int i = H_SETSIZE; - el_init("", NULL, NULL, NULL); - exit(0); -} - ]])], - [ AC_MSG_RESULT(yes) ], - [ AC_MSG_RESULT(no) - AC_MSG_ERROR(libedit version is not compatible) ] - ) - fi ] -) - -AUDIT_MODULE=none -AC_ARG_WITH(audit, - [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)], - [ - AC_MSG_CHECKING(for supported audit module) - case "$withval" in - bsm) - AC_MSG_RESULT(bsm) - AUDIT_MODULE=bsm - dnl Checks for headers, libs and functions - AC_CHECK_HEADERS(bsm/audit.h, [], - [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)], - [ -#ifdef HAVE_TIME_H -# include <time.h> -#endif - ] -) - AC_CHECK_LIB(bsm, getaudit, [], - [AC_MSG_ERROR(BSM enabled and required library not found)]) - AC_CHECK_FUNCS(getaudit, [], - [AC_MSG_ERROR(BSM enabled and required function not found)]) - # These are optional - AC_CHECK_FUNCS(getaudit_addr) - AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module]) - ;; - debug) - AUDIT_MODULE=debug - AC_MSG_RESULT(debug) - AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module) - ;; - no) - AC_MSG_RESULT(no) - ;; - *) - AC_MSG_ERROR([Unknown audit module $withval]) - ;; - esac ] -) - -dnl Checks for library functions. Please keep in alphabetical order -AC_CHECK_FUNCS( \ - arc4random \ - asprintf \ - b64_ntop \ - __b64_ntop \ - b64_pton \ - __b64_pton \ - bcopy \ - bindresvport_sa \ - clock \ - closefrom \ - dirfd \ - fchmod \ - fchown \ - freeaddrinfo \ - futimes \ - getaddrinfo \ - getcwd \ - getgrouplist \ - getnameinfo \ - getopt \ - getpeereid \ - _getpty \ - getrlimit \ - getttyent \ - glob \ - inet_aton \ - inet_ntoa \ - inet_ntop \ - innetgr \ - login_getcapbool \ - md5_crypt \ - memmove \ - mkdtemp \ - mmap \ - ngetaddrinfo \ - nsleep \ - ogetaddrinfo \ - openlog_r \ - openpty \ - prctl \ - pstat \ - readpassphrase \ - realpath \ - recvmsg \ - rresvport_af \ - sendmsg \ - setdtablesize \ - setegid \ - setenv \ - seteuid \ - setgroups \ - setlogin \ - setpcred \ - setproctitle \ - setregid \ - setreuid \ - setrlimit \ - setsid \ - setvbuf \ - sigaction \ - sigvec \ - snprintf \ - socketpair \ - strdup \ - strerror \ - strlcat \ - strlcpy \ - strmode \ - strnvis \ - strtonum \ - strtoll \ - strtoul \ - sysconf \ - tcgetpgrp \ - truncate \ - unsetenv \ - updwtmpx \ - vasprintf \ - vhangup \ - vsnprintf \ - waitpid \ -) - -# IRIX has a const char return value for gai_strerror() -AC_CHECK_FUNCS(gai_strerror,[ - AC_DEFINE(HAVE_GAI_STRERROR) - AC_TRY_COMPILE([ -#include <sys/types.h> -#include <sys/socket.h> -#include <netdb.h> - -const char *gai_strerror(int);],[ -char *str; - -str = gai_strerror(0);],[ - AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1, - [Define if gai_strerror() returns const char *])])]) - -AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1, - [Some systems put nanosleep outside of libc])) - -dnl Make sure prototypes are defined for these before using them. -AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)]) -AC_CHECK_DECL(strsep, - [AC_CHECK_FUNCS(strsep)], - [], - [ -#ifdef HAVE_STRING_H -# include <string.h> -#endif - ]) - -dnl tcsendbreak might be a macro -AC_CHECK_DECL(tcsendbreak, - [AC_DEFINE(HAVE_TCSENDBREAK)], - [AC_CHECK_FUNCS(tcsendbreak)], - [#include <termios.h>] -) - -AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>]) - -AC_CHECK_DECLS(SHUT_RD, , , - [ -#include <sys/types.h> -#include <sys/socket.h> - ]) - -AC_CHECK_DECLS(O_NONBLOCK, , , - [ -#include <sys/types.h> -#ifdef HAVE_SYS_STAT_H -# include <sys/stat.h> -#endif -#ifdef HAVE_FCNTL_H -# include <fcntl.h> -#endif - ]) - -AC_CHECK_DECLS(writev, , , [ -#include <sys/types.h> -#include <sys/uio.h> -#include <unistd.h> - ]) - -AC_CHECK_FUNCS(setresuid, [ - dnl Some platorms have setresuid that isn't implemented, test for this - AC_MSG_CHECKING(if setresuid seems to work) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdlib.h> -#include <errno.h> -int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} - ]])], - [AC_MSG_RESULT(yes)], - [AC_DEFINE(BROKEN_SETRESUID, 1, - [Define if your setresuid() is broken]) - AC_MSG_RESULT(not implemented)], - [AC_MSG_WARN([cross compiling: not checking setresuid])] - ) -]) - -AC_CHECK_FUNCS(setresgid, [ - dnl Some platorms have setresgid that isn't implemented, test for this - AC_MSG_CHECKING(if setresgid seems to work) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdlib.h> -#include <errno.h> -int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} - ]])], - [AC_MSG_RESULT(yes)], - [AC_DEFINE(BROKEN_SETRESGID, 1, - [Define if your setresgid() is broken]) - AC_MSG_RESULT(not implemented)], - [AC_MSG_WARN([cross compiling: not checking setresuid])] - ) -]) - -dnl Checks for time functions -AC_CHECK_FUNCS(gettimeofday time) -dnl Checks for utmp functions -AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent) -AC_CHECK_FUNCS(utmpname) -dnl Checks for utmpx functions -AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) -AC_CHECK_FUNCS(setutxent utmpxname) - -AC_CHECK_FUNC(daemon, - [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])], - [AC_CHECK_LIB(bsd, daemon, - [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])] -) - -AC_CHECK_FUNC(getpagesize, - [AC_DEFINE(HAVE_GETPAGESIZE, 1, - [Define if your libraries define getpagesize()])], - [AC_CHECK_LIB(ucb, getpagesize, - [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])] -) - -# Check for broken snprintf -if test "x$ac_cv_func_snprintf" = "xyes" ; then - AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} - ]])], - [AC_MSG_RESULT(yes)], - [ - AC_MSG_RESULT(no) - AC_DEFINE(BROKEN_SNPRINTF, 1, - [Define if your snprintf is busted]) - AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) - ], - [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] - ) -fi - -# If we don't have a working asprintf, then we strongly depend on vsnprintf -# returning the right thing on overflow: the number of characters it tried to -# create (as per SUSv3) -if test "x$ac_cv_func_asprintf" != "xyes" && \ - test "x$ac_cv_func_vsnprintf" = "xyes" ; then - AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <sys/types.h> -#include <stdio.h> -#include <stdarg.h> - -int x_snprintf(char *str,size_t count,const char *fmt,...) -{ - size_t ret; va_list ap; - va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap); - return ret; -} -int main(void) -{ - char x[1]; - exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1); -} ]])], - [AC_MSG_RESULT(yes)], - [ - AC_MSG_RESULT(no) - AC_DEFINE(BROKEN_SNPRINTF, 1, - [Define if your snprintf is busted]) - AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) - ], - [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] - ) -fi - -# On systems where [v]snprintf is broken, but is declared in stdio, -# check that the fmt argument is const char * or just char *. -# This is only useful for when BROKEN_SNPRINTF -AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) -AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h> - int snprintf(char *a, size_t b, const char *c, ...) { return 0; } - int main(void) { snprintf(0, 0, 0); } - ]])], - [AC_MSG_RESULT(yes) - AC_DEFINE(SNPRINTF_CONST, [const], - [Define as const if snprintf() can declare const char *fmt])], - [AC_MSG_RESULT(no) - AC_DEFINE(SNPRINTF_CONST, [/* not const */])]) - -# Check for missing getpeereid (or equiv) support -NO_PEERCHECK="" -if test "x$ac_cv_func_getpeereid" != "xyes" ; then - AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) - AC_TRY_COMPILE( - [#include <sys/types.h> - #include <sys/socket.h>], - [int i = SO_PEERCRED;], - [ AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option]) - ], - [AC_MSG_RESULT(no) - NO_PEERCHECK=1] - ) -fi - -dnl see whether mkstemp() requires XXXXXX -if test "x$ac_cv_func_mkdtemp" = "xyes" ; then -AC_MSG_CHECKING([for (overly) strict mkstemp]) -AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdlib.h> -main() { char template[]="conftest.mkstemp-test"; -if (mkstemp(template) == -1) - exit(1); -unlink(template); exit(0); -} - ]])], - [ - AC_MSG_RESULT(no) - ], - [ - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()]) - ], - [ - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_STRICT_MKSTEMP) - ] -) -fi - -dnl make sure that openpty does not reacquire controlling terminal -if test ! -z "$check_for_openpty_ctty_bug"; then - AC_MSG_CHECKING(if openpty correctly handles controlling tty) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -#include <sys/fcntl.h> -#include <sys/types.h> -#include <sys/wait.h> - -int -main() -{ - pid_t pid; - int fd, ptyfd, ttyfd, status; - - pid = fork(); - if (pid < 0) { /* failed */ - exit(1); - } else if (pid > 0) { /* parent */ - waitpid(pid, &status, 0); - if (WIFEXITED(status)) - exit(WEXITSTATUS(status)); - else - exit(2); - } else { /* child */ - close(0); close(1); close(2); - setsid(); - openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); - fd = open("/dev/tty", O_RDWR | O_NOCTTY); - if (fd >= 0) - exit(3); /* Acquired ctty: broken */ - else - exit(0); /* Did not acquire ctty: OK */ - } -} - ]])], - [ - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - AC_DEFINE(SSHD_ACQUIRES_CTTY) - ], - [ - AC_MSG_RESULT(cross-compiling, assuming yes) - ] - ) -fi - -if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ - test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then - AC_MSG_CHECKING(if getaddrinfo seems to work) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -#include <sys/socket.h> -#include <netdb.h> -#include <errno.h> -#include <netinet/in.h> - -#define TEST_PORT "2222" - -int -main(void) -{ - int err, sock; - struct addrinfo *gai_ai, *ai, hints; - char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE; - - err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); - if (err != 0) { - fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); - exit(1); - } - - for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { - if (ai->ai_family != AF_INET6) - continue; - - err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, - sizeof(ntop), strport, sizeof(strport), - NI_NUMERICHOST|NI_NUMERICSERV); - - if (err != 0) { - if (err == EAI_SYSTEM) - perror("getnameinfo EAI_SYSTEM"); - else - fprintf(stderr, "getnameinfo failed: %s\n", - gai_strerror(err)); - exit(2); - } - - sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); - if (sock < 0) - perror("socket"); - if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { - if (errno == EBADF) - exit(3); - } - } - exit(0); -} - ]])], - [ - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - AC_DEFINE(BROKEN_GETADDRINFO) - ], - [ - AC_MSG_RESULT(cross-compiling, assuming yes) - ] - ) -fi - -if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ - test "x$check_for_aix_broken_getaddrinfo" = "x1"; then - AC_MSG_CHECKING(if getaddrinfo seems to work) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -#include <sys/socket.h> -#include <netdb.h> -#include <errno.h> -#include <netinet/in.h> - -#define TEST_PORT "2222" - -int -main(void) -{ - int err, sock; - struct addrinfo *gai_ai, *ai, hints; - char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE; - - err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); - if (err != 0) { - fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); - exit(1); - } - - for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { - if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) - continue; - - err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, - sizeof(ntop), strport, sizeof(strport), - NI_NUMERICHOST|NI_NUMERICSERV); - - if (ai->ai_family == AF_INET && err != 0) { - perror("getnameinfo"); - exit(2); - } - } - exit(0); -} - ]])], - [ - AC_MSG_RESULT(yes) - AC_DEFINE(AIX_GETNAMEINFO_HACK, 1, - [Define if you have a getaddrinfo that fails - for the all-zeros IPv6 address]) - ], - [ - AC_MSG_RESULT(no) - AC_DEFINE(BROKEN_GETADDRINFO) - ], - [ - AC_MSG_RESULT(cross-compiling, assuming no) - ] - ) -fi - -if test "x$check_for_conflicting_getspnam" = "x1"; then - AC_MSG_CHECKING(for conflicting getspnam in shadow.h) - AC_COMPILE_IFELSE( - [ -#include <shadow.h> -int main(void) {exit(0);} - ], - [ - AC_MSG_RESULT(no) - ], - [ - AC_MSG_RESULT(yes) - AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1, - [Conflicting defs for getspnam]) - ] - ) -fi - -AC_FUNC_GETPGRP - -# Search for OpenSSL -saved_CPPFLAGS="$CPPFLAGS" -saved_LDFLAGS="$LDFLAGS" -AC_ARG_WITH(ssl-dir, - [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], - [ - if test "x$withval" != "xno" ; then - case "$withval" in - # Relative paths - ./*|../*) withval="`pwd`/$withval" - esac - if test -d "$withval/lib"; then - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" - else - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - else - if test -n "${need_dash_r}"; then - LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" - else - LDFLAGS="-L${withval} ${LDFLAGS}" - fi - fi - if test -d "$withval/include"; then - CPPFLAGS="-I${withval}/include ${CPPFLAGS}" - else - CPPFLAGS="-I${withval} ${CPPFLAGS}" - fi - fi - ] -) -LIBS="-lcrypto $LIBS" -AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1, - [Define if your ssl headers are included - with #include <openssl/header.h>]), - [ - dnl Check default openssl install dir - if test -n "${need_dash_r}"; then - LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" - else - LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" - fi - CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" - AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), - [ - AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) - ] - ) - ] -) - -# Determine OpenSSL header version -AC_MSG_CHECKING([OpenSSL header version]) -AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -#include <string.h> -#include <openssl/opensslv.h> -#define DATA "conftest.sslincver" -int main(void) { - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - - if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) - exit(1); - - exit(0); -} - ]])], - [ - ssl_header_ver=`cat conftest.sslincver` - AC_MSG_RESULT($ssl_header_ver) - ], - [ - AC_MSG_RESULT(not found) - AC_MSG_ERROR(OpenSSL version header not found.) - ], - [ - AC_MSG_WARN([cross compiling: not checking]) - ] -) - -# Determine OpenSSL library version -AC_MSG_CHECKING([OpenSSL library version]) -AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -#include <string.h> -#include <openssl/opensslv.h> -#include <openssl/crypto.h> -#define DATA "conftest.ssllibver" -int main(void) { - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - - if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) - exit(1); - - exit(0); -} - ]])], - [ - ssl_library_ver=`cat conftest.ssllibver` - AC_MSG_RESULT($ssl_library_ver) - ], - [ - AC_MSG_RESULT(not found) - AC_MSG_ERROR(OpenSSL library not found.) - ], - [ - AC_MSG_WARN([cross compiling: not checking]) - ] -) - -# Sanity check OpenSSL headers -AC_MSG_CHECKING([whether OpenSSL's headers match the library]) -AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <string.h> -#include <openssl/opensslv.h> -int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } - ]])], - [ - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - AC_MSG_ERROR([Your OpenSSL headers do not match your library. -Check config.log for details. -Also see contrib/findssl.sh for help identifying header/library mismatches.]) - ], - [ - AC_MSG_WARN([cross compiling: not checking]) - ] -) - -AC_MSG_CHECKING([if programs using OpenSSL functions will link]) -AC_LINK_IFELSE( - [AC_LANG_SOURCE([[ -#include <openssl/evp.h> -int main(void) { SSLeay_add_all_algorithms(); } - ]])], - [ - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - saved_LIBS="$LIBS" - LIBS="$LIBS -ldl" - AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) - AC_LINK_IFELSE( - [AC_LANG_SOURCE([[ -#include <openssl/evp.h> -int main(void) { SSLeay_add_all_algorithms(); } - ]])], - [ - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - LIBS="$saved_LIBS" - ] - ) - ] -) - -AC_ARG_WITH(ssl-engine, - [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], - [ if test "x$withval" != "xno" ; then - AC_MSG_CHECKING(for OpenSSL ENGINE support) - AC_TRY_COMPILE( - [ #include <openssl/engine.h>], - [ -ENGINE_load_builtin_engines();ENGINE_register_all_complete(); - ], - [ AC_MSG_RESULT(yes) - AC_DEFINE(USE_OPENSSL_ENGINE, 1, - [Enable OpenSSL engine support]) - ], - [ AC_MSG_ERROR(OpenSSL ENGINE support not found)] - ) - fi ] -) - -# Check for OpenSSL without EVP_aes_{192,256}_cbc -AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) -AC_LINK_IFELSE( - [AC_LANG_SOURCE([[ -#include <string.h> -#include <openssl/evp.h> -int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);} - ]])], - [ - AC_MSG_RESULT(no) - ], - [ - AC_MSG_RESULT(yes) - AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1, - [libcrypto is missing AES 192 and 256 bit functions]) - ] -) - -# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, -# because the system crypt() is more featureful. -if test "x$check_for_libcrypt_before" = "x1"; then - AC_CHECK_LIB(crypt, crypt) -fi - -# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the -# version in OpenSSL. -if test "x$check_for_libcrypt_later" = "x1"; then - AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") -fi - -# Search for SHA256 support in libc and/or OpenSSL -AC_CHECK_FUNCS(SHA256_Update EVP_sha256) - -AC_CHECK_LIB(iaf, ia_openinfo) - -### Configure cryptographic random number support - -# Check wheter OpenSSL seeds itself -AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) -AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <string.h> -#include <openssl/rand.h> -int main(void) { exit(RAND_status() == 1 ? 0 : 1); } - ]])], - [ - OPENSSL_SEEDS_ITSELF=yes - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - # Default to use of the rand helper if OpenSSL doesn't - # seed itself - USE_RAND_HELPER=yes - ], - [ - AC_MSG_WARN([cross compiling: assuming yes]) - # This is safe, since all recent OpenSSL versions will - # complain at runtime if not seeded correctly. - OPENSSL_SEEDS_ITSELF=yes - ] -) - -# Check for PAM libs -PAM_MSG="no" -AC_ARG_WITH(pam, - [ --with-pam Enable PAM support ], - [ - if test "x$withval" != "xno" ; then - if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ - test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then - AC_MSG_ERROR([PAM headers not found]) - fi - - saved_LIBS="$LIBS" - AC_CHECK_LIB(dl, dlopen, , ) - AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing])) - AC_CHECK_FUNCS(pam_getenvlist) - AC_CHECK_FUNCS(pam_putenv) - LIBS="$saved_LIBS" - - PAM_MSG="yes" - - LIBPAM="-lpam" - AC_DEFINE(USE_PAM, 1, - [Define if you want to enable PAM support]) - - if test $ac_cv_lib_dl_dlopen = yes; then - case "$LIBS" in - *-ldl*) - # libdl already in LIBS - ;; - *) - LIBPAM="$LIBPAM -ldl" - ;; - esac - fi - AC_SUBST(LIBPAM) - fi - ] -) - -# Check for older PAM -if test "x$PAM_MSG" = "xyes" ; then - # Check PAM strerror arguments (old PAM) - AC_MSG_CHECKING([whether pam_strerror takes only one argument]) - AC_TRY_COMPILE( - [ -#include <stdlib.h> -#if defined(HAVE_SECURITY_PAM_APPL_H) -#include <security/pam_appl.h> -#elif defined (HAVE_PAM_PAM_APPL_H) -#include <pam/pam_appl.h> -#endif - ], - [(void)pam_strerror((pam_handle_t *)NULL, -1);], - [AC_MSG_RESULT(no)], - [ - AC_DEFINE(HAVE_OLD_PAM, 1, - [Define if you have an old version of PAM - which takes only one argument to pam_strerror]) - AC_MSG_RESULT(yes) - PAM_MSG="yes (old library)" - ] - ) -fi - -# Do we want to force the use of the rand helper? -AC_ARG_WITH(rand-helper, - [ --with-rand-helper Use subprocess to gather strong randomness ], - [ - if test "x$withval" = "xno" ; then - # Force use of OpenSSL's internal RNG, even if - # the previous test showed it to be unseeded. - if test -z "$OPENSSL_SEEDS_ITSELF" ; then - AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG]) - OPENSSL_SEEDS_ITSELF=yes - USE_RAND_HELPER="" - fi - else - USE_RAND_HELPER=yes - fi - ], -) - -# Which randomness source do we use? -if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then - # OpenSSL only - AC_DEFINE(OPENSSL_PRNG_ONLY, 1, - [Define if you want OpenSSL's internally seeded PRNG only]) - RAND_MSG="OpenSSL internal ONLY" - INSTALL_SSH_RAND_HELPER="" -elif test ! -z "$USE_RAND_HELPER" ; then - # install rand helper - RAND_MSG="ssh-rand-helper" - INSTALL_SSH_RAND_HELPER="yes" -fi -AC_SUBST(INSTALL_SSH_RAND_HELPER) - -### Configuration of ssh-rand-helper - -# PRNGD TCP socket -AC_ARG_WITH(prngd-port, - [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], - [ - case "$withval" in - no) - withval="" - ;; - [[0-9]]*) - ;; - *) - AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port) - ;; - esac - if test ! -z "$withval" ; then - PRNGD_PORT="$withval" - AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT, - [Port number of PRNGD/EGD random number socket]) - fi - ] -) - -# PRNGD Unix domain socket -AC_ARG_WITH(prngd-socket, - [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], - [ - case "$withval" in - yes) - withval="/var/run/egd-pool" - ;; - no) - withval="" - ;; - /*) - ;; - *) - AC_MSG_ERROR(You must specify an absolute path to the entropy socket) - ;; - esac - - if test ! -z "$withval" ; then - if test ! -z "$PRNGD_PORT" ; then - AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket) - fi - if test ! -r "$withval" ; then - AC_MSG_WARN(Entropy socket is not readable) - fi - PRNGD_SOCKET="$withval" - AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET", - [Location of PRNGD/EGD random number socket]) - fi - ], - [ - # Check for existing socket only if we don't have a random device already - if test "$USE_RAND_HELPER" = yes ; then - AC_MSG_CHECKING(for PRNGD/EGD socket) - # Insert other locations here - for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do - if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then - PRNGD_SOCKET="$sock" - AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET") - break; - fi - done - if test ! -z "$PRNGD_SOCKET" ; then - AC_MSG_RESULT($PRNGD_SOCKET) - else - AC_MSG_RESULT(not found) - fi - fi - ] -) - -# Change default command timeout for hashing entropy source -entropy_timeout=200 -AC_ARG_WITH(entropy-timeout, - [ --with-entropy-timeout Specify entropy gathering command timeout (msec)], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - entropy_timeout=$withval - fi - ] -) -AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout, - [Builtin PRNG command timeout]) - -SSH_PRIVSEP_USER=sshd -AC_ARG_WITH(privsep-user, - [ --with-privsep-user=user Specify non-privileged user for privilege separation], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - SSH_PRIVSEP_USER=$withval - fi - ] -) -AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER", - [non-privileged user for privilege separation]) -AC_SUBST(SSH_PRIVSEP_USER) - -# We do this little dance with the search path to insure -# that programs that we select for use by installed programs -# (which may be run by the super-user) come from trusted -# locations before they come from the user's private area. -# This should help avoid accidentally configuring some -# random version of a program in someone's personal bin. - -OPATH=$PATH -PATH=/bin:/usr/bin -test -h /bin 2> /dev/null && PATH=/usr/bin -test -d /sbin && PATH=$PATH:/sbin -test -d /usr/sbin && PATH=$PATH:/usr/sbin -PATH=$PATH:/etc:$OPATH - -# These programs are used by the command hashing source to gather entropy -OSSH_PATH_ENTROPY_PROG(PROG_LS, ls) -OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat) -OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp) -OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig) -OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat) -OSSH_PATH_ENTROPY_PROG(PROG_PS, ps) -OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar) -OSSH_PATH_ENTROPY_PROG(PROG_W, w) -OSSH_PATH_ENTROPY_PROG(PROG_WHO, who) -OSSH_PATH_ENTROPY_PROG(PROG_LAST, last) -OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog) -OSSH_PATH_ENTROPY_PROG(PROG_DF, df) -OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat) -OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime) -OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs) -OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail) -# restore PATH -PATH=$OPATH - -# Where does ssh-rand-helper get its randomness from? -INSTALL_SSH_PRNG_CMDS="" -if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then - if test ! -z "$PRNGD_PORT" ; then - RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT" - elif test ! -z "$PRNGD_SOCKET" ; then - RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\"" - else - RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)" - RAND_HELPER_CMDHASH=yes - INSTALL_SSH_PRNG_CMDS="yes" - fi -fi -AC_SUBST(INSTALL_SSH_PRNG_CMDS) - - -# Cheap hack to ensure NEWS-OS libraries are arranged right. -if test ! -z "$SONY" ; then - LIBS="$LIBS -liberty"; -fi - -# Check for long long datatypes -AC_CHECK_TYPES([long long, unsigned long long, long double]) - -# Check datatype sizes -AC_CHECK_SIZEOF(char, 1) -AC_CHECK_SIZEOF(short int, 2) -AC_CHECK_SIZEOF(int, 4) -AC_CHECK_SIZEOF(long int, 4) -AC_CHECK_SIZEOF(long long int, 8) - -# Sanity check long long for some platforms (AIX) -if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then - ac_cv_sizeof_long_long_int=0 -fi - -# compute LLONG_MIN and LLONG_MAX if we don't know them. -if test -z "$have_llong_max"; then - AC_MSG_CHECKING([for max value of long long]) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -/* Why is this so damn hard? */ -#ifdef __GNUC__ -# undef __GNUC__ -#endif -#define __USE_ISOC99 -#include <limits.h> -#define DATA "conftest.llminmax" -#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) - -/* - * printf in libc on some platforms (eg old Tru64) does not understand %lld so - * we do this the hard way. - */ -static int -fprint_ll(FILE *f, long long n) -{ - unsigned int i; - int l[sizeof(long long) * 8]; - - if (n < 0) - if (fprintf(f, "-") < 0) - return -1; - for (i = 0; n != 0; i++) { - l[i] = my_abs(n % 10); - n /= 10; - } - do { - if (fprintf(f, "%d", l[--i]) < 0) - return -1; - } while (i != 0); - if (fprintf(f, " ") < 0) - return -1; - return 0; -} - -int main(void) { - FILE *f; - long long i, llmin, llmax = 0; - - if((f = fopen(DATA,"w")) == NULL) - exit(1); - -#if defined(LLONG_MIN) && defined(LLONG_MAX) - fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); - llmin = LLONG_MIN; - llmax = LLONG_MAX; -#else - fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); - /* This will work on one's complement and two's complement */ - for (i = 1; i > llmax; i <<= 1, i++) - llmax = i; - llmin = llmax + 1LL; /* wrap */ -#endif - - /* Sanity check */ - if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax - || llmax - 1 > llmax || llmin == llmax || llmin == 0 - || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { - fprintf(f, "unknown unknown\n"); - exit(2); - } - - if (fprint_ll(f, llmin) < 0) - exit(3); - if (fprint_ll(f, llmax) < 0) - exit(4); - if (fclose(f) < 0) - exit(5); - exit(0); -} - ]])], - [ - llong_min=`$AWK '{print $1}' conftest.llminmax` - llong_max=`$AWK '{print $2}' conftest.llminmax` - - AC_MSG_RESULT($llong_max) - AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL], - [max value of long long calculated by configure]) - AC_MSG_CHECKING([for min value of long long]) - AC_MSG_RESULT($llong_min) - AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL], - [min value of long long calculated by configure]) - ], - [ - AC_MSG_RESULT(not found) - ], - [ - AC_MSG_WARN([cross compiling: not checking]) - ] - ) -fi - - -# More checks for data types -AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ - AC_TRY_COMPILE( - [ #include <sys/types.h> ], - [ u_int a; a = 1;], - [ ac_cv_have_u_int="yes" ], - [ ac_cv_have_u_int="no" ] - ) -]) -if test "x$ac_cv_have_u_int" = "xyes" ; then - AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type]) - have_u_int=1 -fi - -AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ - AC_TRY_COMPILE( - [ #include <sys/types.h> ], - [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], - [ ac_cv_have_intxx_t="yes" ], - [ ac_cv_have_intxx_t="no" ] - ) -]) -if test "x$ac_cv_have_intxx_t" = "xyes" ; then - AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type]) - have_intxx_t=1 -fi - -if (test -z "$have_intxx_t" && \ - test "x$ac_cv_header_stdint_h" = "xyes") -then - AC_MSG_CHECKING([for intXX_t types in stdint.h]) - AC_TRY_COMPILE( - [ #include <stdint.h> ], - [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], - [ - AC_DEFINE(HAVE_INTXX_T) - AC_MSG_RESULT(yes) - ], - [ AC_MSG_RESULT(no) ] - ) -fi - -AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#ifdef HAVE_STDINT_H -# include <stdint.h> -#endif -#include <sys/socket.h> -#ifdef HAVE_SYS_BITYPES_H -# include <sys/bitypes.h> -#endif - ], - [ int64_t a; a = 1;], - [ ac_cv_have_int64_t="yes" ], - [ ac_cv_have_int64_t="no" ] - ) -]) -if test "x$ac_cv_have_int64_t" = "xyes" ; then - AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type]) -fi - -AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ - AC_TRY_COMPILE( - [ #include <sys/types.h> ], - [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], - [ ac_cv_have_u_intxx_t="yes" ], - [ ac_cv_have_u_intxx_t="no" ] - ) -]) -if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then - AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type]) - have_u_intxx_t=1 -fi - -if test -z "$have_u_intxx_t" ; then - AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) - AC_TRY_COMPILE( - [ #include <sys/socket.h> ], - [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], - [ - AC_DEFINE(HAVE_U_INTXX_T) - AC_MSG_RESULT(yes) - ], - [ AC_MSG_RESULT(no) ] - ) -fi - -AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ - AC_TRY_COMPILE( - [ #include <sys/types.h> ], - [ u_int64_t a; a = 1;], - [ ac_cv_have_u_int64_t="yes" ], - [ ac_cv_have_u_int64_t="no" ] - ) -]) -if test "x$ac_cv_have_u_int64_t" = "xyes" ; then - AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type]) - have_u_int64_t=1 -fi - -if test -z "$have_u_int64_t" ; then - AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) - AC_TRY_COMPILE( - [ #include <sys/bitypes.h> ], - [ u_int64_t a; a = 1], - [ - AC_DEFINE(HAVE_U_INT64_T) - AC_MSG_RESULT(yes) - ], - [ AC_MSG_RESULT(no) ] - ) -fi - -if test -z "$have_u_intxx_t" ; then - AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> - ], - [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ], - [ ac_cv_have_uintxx_t="yes" ], - [ ac_cv_have_uintxx_t="no" ] - ) - ]) - if test "x$ac_cv_have_uintxx_t" = "xyes" ; then - AC_DEFINE(HAVE_UINTXX_T, 1, - [define if you have uintxx_t data type]) - fi -fi - -if test -z "$have_uintxx_t" ; then - AC_MSG_CHECKING([for uintXX_t types in stdint.h]) - AC_TRY_COMPILE( - [ #include <stdint.h> ], - [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;], - [ - AC_DEFINE(HAVE_UINTXX_T) - AC_MSG_RESULT(yes) - ], - [ AC_MSG_RESULT(no) ] - ) -fi - -if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ - test "x$ac_cv_header_sys_bitypes_h" = "xyes") -then - AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) - AC_TRY_COMPILE( - [ -#include <sys/bitypes.h> - ], - [ - int8_t a; int16_t b; int32_t c; - u_int8_t e; u_int16_t f; u_int32_t g; - a = b = c = e = f = g = 1; - ], - [ - AC_DEFINE(HAVE_U_INTXX_T) - AC_DEFINE(HAVE_INTXX_T) - AC_MSG_RESULT(yes) - ], - [AC_MSG_RESULT(no)] - ) -fi - - -AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> - ], - [ u_char foo; foo = 125; ], - [ ac_cv_have_u_char="yes" ], - [ ac_cv_have_u_char="no" ] - ) -]) -if test "x$ac_cv_have_u_char" = "xyes" ; then - AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type]) -fi - -TYPE_SOCKLEN_T - -AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>]) - -AC_CHECK_TYPES(in_addr_t,,, -[#include <sys/types.h> -#include <netinet/in.h>]) - -AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> - ], - [ size_t foo; foo = 1235; ], - [ ac_cv_have_size_t="yes" ], - [ ac_cv_have_size_t="no" ] - ) -]) -if test "x$ac_cv_have_size_t" = "xyes" ; then - AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type]) -fi - -AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> - ], - [ ssize_t foo; foo = 1235; ], - [ ac_cv_have_ssize_t="yes" ], - [ ac_cv_have_ssize_t="no" ] - ) -]) -if test "x$ac_cv_have_ssize_t" = "xyes" ; then - AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type]) -fi - -AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ - AC_TRY_COMPILE( - [ -#include <time.h> - ], - [ clock_t foo; foo = 1235; ], - [ ac_cv_have_clock_t="yes" ], - [ ac_cv_have_clock_t="no" ] - ) -]) -if test "x$ac_cv_have_clock_t" = "xyes" ; then - AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type]) -fi - -AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <sys/socket.h> - ], - [ sa_family_t foo; foo = 1235; ], - [ ac_cv_have_sa_family_t="yes" ], - [ AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <sys/socket.h> -#include <netinet/in.h> - ], - [ sa_family_t foo; foo = 1235; ], - [ ac_cv_have_sa_family_t="yes" ], - - [ ac_cv_have_sa_family_t="no" ] - )] - ) -]) -if test "x$ac_cv_have_sa_family_t" = "xyes" ; then - AC_DEFINE(HAVE_SA_FAMILY_T, 1, - [define if you have sa_family_t data type]) -fi - -AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> - ], - [ pid_t foo; foo = 1235; ], - [ ac_cv_have_pid_t="yes" ], - [ ac_cv_have_pid_t="no" ] - ) -]) -if test "x$ac_cv_have_pid_t" = "xyes" ; then - AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type]) -fi - -AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> - ], - [ mode_t foo; foo = 1235; ], - [ ac_cv_have_mode_t="yes" ], - [ ac_cv_have_mode_t="no" ] - ) -]) -if test "x$ac_cv_have_mode_t" = "xyes" ; then - AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type]) -fi - - -AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <sys/socket.h> - ], - [ struct sockaddr_storage s; ], - [ ac_cv_have_struct_sockaddr_storage="yes" ], - [ ac_cv_have_struct_sockaddr_storage="no" ] - ) -]) -if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1, - [define if you have struct sockaddr_storage data type]) -fi - -AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <netinet/in.h> - ], - [ struct sockaddr_in6 s; s.sin6_family = 0; ], - [ ac_cv_have_struct_sockaddr_in6="yes" ], - [ ac_cv_have_struct_sockaddr_in6="no" ] - ) -]) -if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1, - [define if you have struct sockaddr_in6 data type]) -fi - -AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <netinet/in.h> - ], - [ struct in6_addr s; s.s6_addr[0] = 0; ], - [ ac_cv_have_struct_in6_addr="yes" ], - [ ac_cv_have_struct_in6_addr="no" ] - ) -]) -if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1, - [define if you have struct in6_addr data type]) -fi - -AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <sys/socket.h> -#include <netdb.h> - ], - [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ], - [ ac_cv_have_struct_addrinfo="yes" ], - [ ac_cv_have_struct_addrinfo="no" ] - ) -]) -if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, - [define if you have struct addrinfo data type]) -fi - -AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ - AC_TRY_COMPILE( - [ #include <sys/time.h> ], - [ struct timeval tv; tv.tv_sec = 1;], - [ ac_cv_have_struct_timeval="yes" ], - [ ac_cv_have_struct_timeval="no" ] - ) -]) -if test "x$ac_cv_have_struct_timeval" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval]) - have_struct_timeval=1 -fi - -AC_CHECK_TYPES(struct timespec) - -# We need int64_t or else certian parts of the compile will fail. -if test "x$ac_cv_have_int64_t" = "xno" && \ - test "x$ac_cv_sizeof_long_int" != "x8" && \ - test "x$ac_cv_sizeof_long_long_int" = "x0" ; then - echo "OpenSSH requires int64_t support. Contact your vendor or install" - echo "an alternative compiler (I.E., GCC) before continuing." - echo "" - exit 1; -else -dnl test snprintf (broken on SCO w/gcc) - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -#include <stdio.h> -#include <string.h> -#ifdef HAVE_SNPRINTF -main() -{ - char buf[50]; - char expected_out[50]; - int mazsize = 50 ; -#if (SIZEOF_LONG_INT == 8) - long int num = 0x7fffffffffffffff; -#else - long long num = 0x7fffffffffffffffll; -#endif - strcpy(expected_out, "9223372036854775807"); - snprintf(buf, mazsize, "%lld", num); - if(strcmp(buf, expected_out) != 0) - exit(1); - exit(0); -} -#else -main() { exit(0); } -#endif - ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ], - AC_MSG_WARN([cross compiling: Assuming working snprintf()]) - ) -fi - -dnl Checks for structure members -OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX) -OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX) -OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX) -OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX) -OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX) -OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX) -OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP) -OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX) -OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX) - -AC_CHECK_MEMBERS([struct stat.st_blksize]) -AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state, - [Define if we don't have struct __res_state in resolv.h])], -[ -#include <stdio.h> -#if HAVE_SYS_TYPES_H -# include <sys/types.h> -#endif -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <resolv.h> -]) - -AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], - ac_cv_have_ss_family_in_struct_ss, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <sys/socket.h> - ], - [ struct sockaddr_storage s; s.ss_family = 1; ], - [ ac_cv_have_ss_family_in_struct_ss="yes" ], - [ ac_cv_have_ss_family_in_struct_ss="no" ], - ) -]) -if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then - AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage]) -fi - -AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], - ac_cv_have___ss_family_in_struct_ss, [ - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <sys/socket.h> - ], - [ struct sockaddr_storage s; s.__ss_family = 1; ], - [ ac_cv_have___ss_family_in_struct_ss="yes" ], - [ ac_cv_have___ss_family_in_struct_ss="no" ] - ) -]) -if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then - AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1, - [Fields in struct sockaddr_storage]) -fi - -AC_CACHE_CHECK([for pw_class field in struct passwd], - ac_cv_have_pw_class_in_struct_passwd, [ - AC_TRY_COMPILE( - [ -#include <pwd.h> - ], - [ struct passwd p; p.pw_class = 0; ], - [ ac_cv_have_pw_class_in_struct_passwd="yes" ], - [ ac_cv_have_pw_class_in_struct_passwd="no" ] - ) -]) -if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then - AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1, - [Define if your password has a pw_class field]) -fi - -AC_CACHE_CHECK([for pw_expire field in struct passwd], - ac_cv_have_pw_expire_in_struct_passwd, [ - AC_TRY_COMPILE( - [ -#include <pwd.h> - ], - [ struct passwd p; p.pw_expire = 0; ], - [ ac_cv_have_pw_expire_in_struct_passwd="yes" ], - [ ac_cv_have_pw_expire_in_struct_passwd="no" ] - ) -]) -if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then - AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1, - [Define if your password has a pw_expire field]) -fi - -AC_CACHE_CHECK([for pw_change field in struct passwd], - ac_cv_have_pw_change_in_struct_passwd, [ - AC_TRY_COMPILE( - [ -#include <pwd.h> - ], - [ struct passwd p; p.pw_change = 0; ], - [ ac_cv_have_pw_change_in_struct_passwd="yes" ], - [ ac_cv_have_pw_change_in_struct_passwd="no" ] - ) -]) -if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then - AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1, - [Define if your password has a pw_change field]) -fi - -dnl make sure we're using the real structure members and not defines -AC_CACHE_CHECK([for msg_accrights field in struct msghdr], - ac_cv_have_accrights_in_msghdr, [ - AC_COMPILE_IFELSE( - [ -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/uio.h> -int main() { -#ifdef msg_accrights -#error "msg_accrights is a macro" -exit(1); -#endif -struct msghdr m; -m.msg_accrights = 0; -exit(0); -} - ], - [ ac_cv_have_accrights_in_msghdr="yes" ], - [ ac_cv_have_accrights_in_msghdr="no" ] - ) -]) -if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then - AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1, - [Define if your system uses access rights style - file descriptor passing]) -fi - -AC_CACHE_CHECK([for msg_control field in struct msghdr], - ac_cv_have_control_in_msghdr, [ - AC_COMPILE_IFELSE( - [ -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/uio.h> -int main() { -#ifdef msg_control -#error "msg_control is a macro" -exit(1); -#endif -struct msghdr m; -m.msg_control = 0; -exit(0); -} - ], - [ ac_cv_have_control_in_msghdr="yes" ], - [ ac_cv_have_control_in_msghdr="no" ] - ) -]) -if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then - AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1, - [Define if your system uses ancillary data style - file descriptor passing]) -fi - -AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ - AC_TRY_LINK([], - [ extern char *__progname; printf("%s", __progname); ], - [ ac_cv_libc_defines___progname="yes" ], - [ ac_cv_libc_defines___progname="no" ] - ) -]) -if test "x$ac_cv_libc_defines___progname" = "xyes" ; then - AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname]) -fi - -AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ - AC_TRY_LINK([ -#include <stdio.h> -], - [ printf("%s", __FUNCTION__); ], - [ ac_cv_cc_implements___FUNCTION__="yes" ], - [ ac_cv_cc_implements___FUNCTION__="no" ] - ) -]) -if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then - AC_DEFINE(HAVE___FUNCTION__, 1, - [Define if compiler implements __FUNCTION__]) -fi - -AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ - AC_TRY_LINK([ -#include <stdio.h> -], - [ printf("%s", __func__); ], - [ ac_cv_cc_implements___func__="yes" ], - [ ac_cv_cc_implements___func__="no" ] - ) -]) -if test "x$ac_cv_cc_implements___func__" = "xyes" ; then - AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__]) -fi - -AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ - AC_TRY_LINK( - [#include <stdarg.h> - va_list x,y;], - [va_copy(x,y);], - [ ac_cv_have_va_copy="yes" ], - [ ac_cv_have_va_copy="no" ] - ) -]) -if test "x$ac_cv_have_va_copy" = "xyes" ; then - AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists]) -fi - -AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ - AC_TRY_LINK( - [#include <stdarg.h> - va_list x,y;], - [__va_copy(x,y);], - [ ac_cv_have___va_copy="yes" ], - [ ac_cv_have___va_copy="no" ] - ) -]) -if test "x$ac_cv_have___va_copy" = "xyes" ; then - AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists]) -fi - -AC_CACHE_CHECK([whether getopt has optreset support], - ac_cv_have_getopt_optreset, [ - AC_TRY_LINK( - [ -#include <getopt.h> - ], - [ extern int optreset; optreset = 0; ], - [ ac_cv_have_getopt_optreset="yes" ], - [ ac_cv_have_getopt_optreset="no" ] - ) -]) -if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then - AC_DEFINE(HAVE_GETOPT_OPTRESET, 1, - [Define if your getopt(3) defines and uses optreset]) -fi - -AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ - AC_TRY_LINK([], - [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);], - [ ac_cv_libc_defines_sys_errlist="yes" ], - [ ac_cv_libc_defines_sys_errlist="no" ] - ) -]) -if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then - AC_DEFINE(HAVE_SYS_ERRLIST, 1, - [Define if your system defines sys_errlist[]]) -fi - - -AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ - AC_TRY_LINK([], - [ extern int sys_nerr; printf("%i", sys_nerr);], - [ ac_cv_libc_defines_sys_nerr="yes" ], - [ ac_cv_libc_defines_sys_nerr="no" ] - ) -]) -if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then - AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr]) -fi - -SCARD_MSG="no" -# Check whether user wants sectok support -AC_ARG_WITH(sectok, - [ --with-sectok Enable smartcard support using libsectok], - [ - if test "x$withval" != "xno" ; then - if test "x$withval" != "xyes" ; then - CPPFLAGS="$CPPFLAGS -I${withval}" - LDFLAGS="$LDFLAGS -L${withval}" - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R${withval}" - fi - if test ! -z "$blibpath" ; then - blibpath="$blibpath:${withval}" - fi - fi - AC_CHECK_HEADERS(sectok.h) - if test "$ac_cv_header_sectok_h" != yes; then - AC_MSG_ERROR(Can't find sectok.h) - fi - AC_CHECK_LIB(sectok, sectok_open) - if test "$ac_cv_lib_sectok_sectok_open" != yes; then - AC_MSG_ERROR(Can't find libsectok) - fi - AC_DEFINE(SMARTCARD, 1, - [Define if you want smartcard support]) - AC_DEFINE(USE_SECTOK, 1, - [Define if you want smartcard support - using sectok]) - SCARD_MSG="yes, using sectok" - fi - ] -) - -# Check whether user wants OpenSC support -OPENSC_CONFIG="no" -AC_ARG_WITH(opensc, - [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)], - [ - if test "x$withval" != "xno" ; then - if test "x$withval" != "xyes" ; then - OPENSC_CONFIG=$withval/bin/opensc-config - else - AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no) - fi - if test "$OPENSC_CONFIG" != "no"; then - LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags` - LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs` - CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" - LIBS="$LIBS $LIBOPENSC_LIBS" - AC_DEFINE(SMARTCARD) - AC_DEFINE(USE_OPENSC, 1, - [Define if you want smartcard support - using OpenSC]) - SCARD_MSG="yes, using OpenSC" - fi - fi - ] -) - -# Check libraries needed by DNS fingerprint support -AC_SEARCH_LIBS(getrrsetbyname, resolv, - [AC_DEFINE(HAVE_GETRRSETBYNAME, 1, - [Define if getrrsetbyname() exists])], - [ - # Needed by our getrrsetbyname() - AC_SEARCH_LIBS(res_query, resolv) - AC_SEARCH_LIBS(dn_expand, resolv) - AC_MSG_CHECKING(if res_query will link) - AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes), - [AC_MSG_RESULT(no) - saved_LIBS="$LIBS" - LIBS="$LIBS -lresolv" - AC_MSG_CHECKING(for res_query in -lresolv) - AC_LINK_IFELSE([ -#include <resolv.h> -int main() -{ - res_query (0, 0, 0, 0, 0); - return 0; -} - ], - [LIBS="$LIBS -lresolv" - AC_MSG_RESULT(yes)], - [LIBS="$saved_LIBS" - AC_MSG_RESULT(no)]) - ]) - AC_CHECK_FUNCS(_getshort _getlong) - AC_CHECK_DECLS([_getshort, _getlong], , , - [#include <sys/types.h> - #include <arpa/nameser.h>]) - AC_CHECK_MEMBER(HEADER.ad, - [AC_DEFINE(HAVE_HEADER_AD, 1, - [Define if HEADER.ad exists in arpa/nameser.h])],, - [#include <arpa/nameser.h>]) - ]) - -# Check whether user wants SELinux support -SELINUX_MSG="no" -LIBSELINUX="" -AC_ARG_WITH(selinux, - [ --with-selinux Enable SELinux support], - [ if test "x$withval" != "xno" ; then - AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.]) - SELINUX_MSG="yes" - AC_CHECK_HEADER([selinux/selinux.h], , - AC_MSG_ERROR(SELinux support requires selinux.h header)) - AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ], - AC_MSG_ERROR(SELinux support requires libselinux library)) - save_LIBS="$LIBS" - LIBS="$LIBS $LIBSELINUX" - AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) - LIBS="$save_LIBS" - fi ] -) -AC_SUBST(LIBSELINUX) - -# Check whether user wants Kerberos 5 support -KRB5_MSG="no" -AC_ARG_WITH(kerberos5, - [ --with-kerberos5=PATH Enable Kerberos 5 support], - [ if test "x$withval" != "xno" ; then - if test "x$withval" = "xyes" ; then - KRB5ROOT="/usr/local" - else - KRB5ROOT=${withval} - fi - - AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support]) - KRB5_MSG="yes" - - AC_MSG_CHECKING(for krb5-config) - if test -x $KRB5ROOT/bin/krb5-config ; then - KRB5CONF=$KRB5ROOT/bin/krb5-config - AC_MSG_RESULT($KRB5CONF) - - AC_MSG_CHECKING(for gssapi support) - if $KRB5CONF | grep gssapi >/dev/null ; then - AC_MSG_RESULT(yes) - AC_DEFINE(GSSAPI, 1, - [Define this if you want GSSAPI - support in the version 2 protocol]) - k5confopts=gssapi - else - AC_MSG_RESULT(no) - k5confopts="" - fi - K5CFLAGS="`$KRB5CONF --cflags $k5confopts`" - K5LIBS="`$KRB5CONF --libs $k5confopts`" - CPPFLAGS="$CPPFLAGS $K5CFLAGS" - AC_MSG_CHECKING(whether we are using Heimdal) - AC_TRY_COMPILE([ #include <krb5.h> ], - [ char *tmp = heimdal_version; ], - [ AC_MSG_RESULT(yes) - AC_DEFINE(HEIMDAL, 1, - [Define this if you are using the - Heimdal version of Kerberos V5]) ], - AC_MSG_RESULT(no) - ) - else - AC_MSG_RESULT(no) - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" - LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" - AC_MSG_CHECKING(whether we are using Heimdal) - AC_TRY_COMPILE([ #include <krb5.h> ], - [ char *tmp = heimdal_version; ], - [ AC_MSG_RESULT(yes) - AC_DEFINE(HEIMDAL) - K5LIBS="-lkrb5 -ldes" - K5LIBS="$K5LIBS -lcom_err -lasn1" - AC_CHECK_LIB(roken, net_write, - [K5LIBS="$K5LIBS -lroken"]) - ], - [ AC_MSG_RESULT(no) - K5LIBS="-lkrb5 -lk5crypto -lcom_err" - ] - ) - AC_SEARCH_LIBS(dn_expand, resolv) - - AC_CHECK_LIB(gssapi,gss_init_sec_context, - [ AC_DEFINE(GSSAPI) - K5LIBS="-lgssapi $K5LIBS" ], - [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context, - [ AC_DEFINE(GSSAPI) - K5LIBS="-lgssapi_krb5 $K5LIBS" ], - AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]), - $K5LIBS) - ], - $K5LIBS) - - AC_CHECK_HEADER(gssapi.h, , - [ unset ac_cv_header_gssapi_h - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" - AC_CHECK_HEADERS(gssapi.h, , - AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) - ) - ] - ) - - oldCPP="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" - AC_CHECK_HEADER(gssapi_krb5.h, , - [ CPPFLAGS="$oldCPP" ]) - - fi - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" - fi - if test ! -z "$blibpath" ; then - blibpath="$blibpath:${KRB5ROOT}/lib" - fi - - AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h) - AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h) - AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h) - - LIBS="$LIBS $K5LIBS" - AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1, - [Define this if you want to use libkafs' AFS support])) - fi - ] -) - -# Looking for programs, paths and files - -PRIVSEP_PATH=/var/empty -AC_ARG_WITH(privsep-path, - [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - PRIVSEP_PATH=$withval - fi - ] -) -AC_SUBST(PRIVSEP_PATH) - -AC_ARG_WITH(xauth, - [ --with-xauth=PATH Specify path to xauth program ], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - xauth_path=$withval - fi - ], - [ - TestPath="$PATH" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" - TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" - AC_PATH_PROG(xauth_path, xauth, , $TestPath) - if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then - xauth_path="/usr/openwin/bin/xauth" - fi - ] -) - -STRIP_OPT=-s -AC_ARG_ENABLE(strip, - [ --disable-strip Disable calling strip(1) on install], - [ - if test "x$enableval" = "xno" ; then - STRIP_OPT= - fi - ] -) -AC_SUBST(STRIP_OPT) - -if test -z "$xauth_path" ; then - XAUTH_PATH="undefined" - AC_SUBST(XAUTH_PATH) -else - AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path", - [Define if xauth is found in your path]) - XAUTH_PATH=$xauth_path - AC_SUBST(XAUTH_PATH) -fi - -# Check for mail directory (last resort if we cannot get it from headers) -if test ! -z "$MAIL" ; then - maildir=`dirname $MAIL` - AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir", - [Set this to your mail directory if you don't have maillock.h]) -fi - -if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then - AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) - disable_ptmx_check=yes -fi -if test -z "$no_dev_ptmx" ; then - if test "x$disable_ptmx_check" != "xyes" ; then - AC_CHECK_FILE("/dev/ptmx", - [ - AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1, - [Define if you have /dev/ptmx]) - have_dev_ptmx=1 - ] - ) - fi -fi - -if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then - AC_CHECK_FILE("/dev/ptc", - [ - AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1, - [Define if you have /dev/ptc]) - have_dev_ptc=1 - ] - ) -else - AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) -fi - -# Options from here on. Some of these are preset by platform above -AC_ARG_WITH(mantype, - [ --with-mantype=man|cat|doc Set man page type], - [ - case "$withval" in - man|cat|doc) - MANTYPE=$withval - ;; - *) - AC_MSG_ERROR(invalid man type: $withval) - ;; - esac - ] -) -if test -z "$MANTYPE"; then - TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" - AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath) - if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then - MANTYPE=doc - elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then - MANTYPE=man - else - MANTYPE=cat - fi -fi -AC_SUBST(MANTYPE) -if test "$MANTYPE" = "doc"; then - mansubdir=man; -else - mansubdir=$MANTYPE; -fi -AC_SUBST(mansubdir) - -# Check whether to enable MD5 passwords -MD5_MSG="no" -AC_ARG_WITH(md5-passwords, - [ --with-md5-passwords Enable use of MD5 passwords], - [ - if test "x$withval" != "xno" ; then - AC_DEFINE(HAVE_MD5_PASSWORDS, 1, - [Define if you want to allow MD5 passwords]) - MD5_MSG="yes" - fi - ] -) - -# Whether to disable shadow password support -AC_ARG_WITH(shadow, - [ --without-shadow Disable shadow password support], - [ - if test "x$withval" = "xno" ; then - AC_DEFINE(DISABLE_SHADOW) - disable_shadow=yes - fi - ] -) - -if test -z "$disable_shadow" ; then - AC_MSG_CHECKING([if the systems has expire shadow information]) - AC_TRY_COMPILE( - [ -#include <sys/types.h> -#include <shadow.h> - struct spwd sp; - ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ], - [ sp_expire_available=yes ], [] - ) - - if test "x$sp_expire_available" = "xyes" ; then - AC_MSG_RESULT(yes) - AC_DEFINE(HAS_SHADOW_EXPIRE, 1, - [Define if you want to use shadow password expire field]) - else - AC_MSG_RESULT(no) - fi -fi - -# Use ip address instead of hostname in $DISPLAY -if test ! -z "$IPADDR_IN_DISPLAY" ; then - DISPLAY_HACK_MSG="yes" - AC_DEFINE(IPADDR_IN_DISPLAY, 1, - [Define if you need to use IP address - instead of hostname in $DISPLAY]) -else - DISPLAY_HACK_MSG="no" - AC_ARG_WITH(ipaddr-display, - [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], - [ - if test "x$withval" != "xno" ; then - AC_DEFINE(IPADDR_IN_DISPLAY) - DISPLAY_HACK_MSG="yes" - fi - ] - ) -fi - -# check for /etc/default/login and use it if present. -AC_ARG_ENABLE(etc-default-login, - [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], - [ if test "x$enableval" = "xno"; then - AC_MSG_NOTICE([/etc/default/login handling disabled]) - etc_default_login=no - else - etc_default_login=yes - fi ], - [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; - then - AC_MSG_WARN([cross compiling: not checking /etc/default/login]) - etc_default_login=no - else - etc_default_login=yes - fi ] -) - -if test "x$etc_default_login" != "xno"; then - AC_CHECK_FILE("/etc/default/login", - [ external_path_file=/etc/default/login ]) - if test "x$external_path_file" = "x/etc/default/login"; then - AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1, - [Define if your system has /etc/default/login]) - fi -fi - -dnl BSD systems use /etc/login.conf so --with-default-path= has no effect -if test $ac_cv_func_login_getcapbool = "yes" && \ - test $ac_cv_header_login_cap_h = "yes" ; then - external_path_file=/etc/login.conf -fi - -# Whether to mess with the default path -SERVER_PATH_MSG="(default)" -AC_ARG_WITH(default-path, - [ --with-default-path= Specify default \$PATH environment for server], - [ - if test "x$external_path_file" = "x/etc/login.conf" ; then - AC_MSG_WARN([ ---with-default-path=PATH has no effect on this system. -Edit /etc/login.conf instead.]) - elif test "x$withval" != "xno" ; then - if test ! -z "$external_path_file" ; then - AC_MSG_WARN([ ---with-default-path=PATH will only be used if PATH is not defined in -$external_path_file .]) - fi - user_path="$withval" - SERVER_PATH_MSG="$withval" - fi - ], - [ if test "x$external_path_file" = "x/etc/login.conf" ; then - AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) - else - if test ! -z "$external_path_file" ; then - AC_MSG_WARN([ -If PATH is defined in $external_path_file, ensure the path to scp is included, -otherwise scp will not work.]) - fi - AC_RUN_IFELSE( - [AC_LANG_SOURCE([[ -/* find out what STDPATH is */ -#include <stdio.h> -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif -#ifndef _PATH_STDPATH -# ifdef _PATH_USERPATH /* Irix */ -# define _PATH_STDPATH _PATH_USERPATH -# else -# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" -# endif -#endif -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#define DATA "conftest.stdpath" - -main() -{ - FILE *fd; - int rc; - - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); - - if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) - exit(1); - - exit(0); -} - ]])], - [ user_path=`cat conftest.stdpath` ], - [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], - [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] - ) -# make sure $bindir is in USER_PATH so scp will work - t_bindir=`eval echo ${bindir}` - case $t_bindir in - NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; - esac - case $t_bindir in - NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; - esac - echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 - if test $? -ne 0 ; then - echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 - if test $? -ne 0 ; then - user_path=$user_path:$t_bindir - AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work) - fi - fi - fi ] -) -if test "x$external_path_file" != "x/etc/login.conf" ; then - AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH]) - AC_SUBST(user_path) -fi - -# Set superuser path separately to user path -AC_ARG_WITH(superuser-path, - [ --with-superuser-path= Specify different path for super-user], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval", - [Define if you want a different $PATH - for the superuser]) - superuser_path=$withval - fi - ] -) - - -AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) -IPV4_IN6_HACK_MSG="no" -AC_ARG_WITH(4in6, - [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], - [ - if test "x$withval" != "xno" ; then - AC_MSG_RESULT(yes) - AC_DEFINE(IPV4_IN_IPV6, 1, - [Detect IPv4 in IPv6 mapped addresses - and treat as IPv4]) - IPV4_IN6_HACK_MSG="yes" - else - AC_MSG_RESULT(no) - fi - ],[ - if test "x$inet6_default_4in6" = "xyes"; then - AC_MSG_RESULT([yes (default)]) - AC_DEFINE(IPV4_IN_IPV6) - IPV4_IN6_HACK_MSG="yes" - else - AC_MSG_RESULT([no (default)]) - fi - ] -) - -# Whether to enable BSD auth support -BSD_AUTH_MSG=no -AC_ARG_WITH(bsd-auth, - [ --with-bsd-auth Enable BSD auth support], - [ - if test "x$withval" != "xno" ; then - AC_DEFINE(BSD_AUTH, 1, - [Define if you have BSD auth support]) - BSD_AUTH_MSG=yes - fi - ] -) - -# Where to place sshd.pid -piddir=/var/run -# make sure the directory exists -if test ! -d $piddir ; then - piddir=`eval echo ${sysconfdir}` - case $piddir in - NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; - esac -fi - -AC_ARG_WITH(pid-dir, - [ --with-pid-dir=PATH Specify location of ssh.pid file], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - piddir=$withval - if test ! -d $piddir ; then - AC_MSG_WARN([** no $piddir directory on this system **]) - fi - fi - ] -) - -AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid]) -AC_SUBST(piddir) - -dnl allow user to disable some login recording features -AC_ARG_ENABLE(lastlog, - [ --disable-lastlog disable use of lastlog even if detected [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_LASTLOG) - fi - ] -) -AC_ARG_ENABLE(utmp, - [ --disable-utmp disable use of utmp even if detected [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_UTMP) - fi - ] -) -AC_ARG_ENABLE(utmpx, - [ --disable-utmpx disable use of utmpx even if detected [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_UTMPX, 1, - [Define if you don't want to use utmpx]) - fi - ] -) -AC_ARG_ENABLE(wtmp, - [ --disable-wtmp disable use of wtmp even if detected [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_WTMP) - fi - ] -) -AC_ARG_ENABLE(wtmpx, - [ --disable-wtmpx disable use of wtmpx even if detected [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_WTMPX, 1, - [Define if you don't want to use wtmpx]) - fi - ] -) -AC_ARG_ENABLE(libutil, - [ --disable-libutil disable use of libutil (login() etc.) [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_LOGIN) - fi - ] -) -AC_ARG_ENABLE(pututline, - [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_PUTUTLINE, 1, - [Define if you don't want to use pututline() - etc. to write [uw]tmp]) - fi - ] -) -AC_ARG_ENABLE(pututxline, - [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], - [ - if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_PUTUTXLINE, 1, - [Define if you don't want to use pututxline() - etc. to write [uw]tmpx]) - fi - ] -) -AC_ARG_WITH(lastlog, - [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], - [ - if test "x$withval" = "xno" ; then - AC_DEFINE(DISABLE_LASTLOG) - elif test -n "$withval" && test "x${withval}" != "xyes"; then - conf_lastlog_location=$withval - fi - ] -) - -dnl lastlog, [uw]tmpx? detection -dnl NOTE: set the paths in the platform section to avoid the -dnl need for command-line parameters -dnl lastlog and [uw]tmp are subject to a file search if all else fails - -dnl lastlog detection -dnl NOTE: the code itself will detect if lastlog is a directory -AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_LASTLOG_H -# include <lastlog.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif -#ifdef HAVE_LOGIN_H -# include <login.h> -#endif - ], - [ char *lastlog = LASTLOG_FILE; ], - [ AC_MSG_RESULT(yes) ], - [ - AC_MSG_RESULT(no) - AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) - AC_TRY_COMPILE([ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_LASTLOG_H -# include <lastlog.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - ], - [ char *lastlog = _PATH_LASTLOG; ], - [ AC_MSG_RESULT(yes) ], - [ - AC_MSG_RESULT(no) - system_lastlog_path=no - ]) - ] -) - -if test -z "$conf_lastlog_location"; then - if test x"$system_lastlog_path" = x"no" ; then - for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do - if (test -d "$f" || test -f "$f") ; then - conf_lastlog_location=$f - fi - done - if test -z "$conf_lastlog_location"; then - AC_MSG_WARN([** Cannot find lastlog **]) - dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx - fi - fi -fi - -if test -n "$conf_lastlog_location"; then - AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location", - [Define if you want to specify the path to your lastlog file]) -fi - -dnl utmp detection -AC_MSG_CHECKING([if your system defines UTMP_FILE]) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - ], - [ char *utmp = UTMP_FILE; ], - [ AC_MSG_RESULT(yes) ], - [ AC_MSG_RESULT(no) - system_utmp_path=no ] -) -if test -z "$conf_utmp_location"; then - if test x"$system_utmp_path" = x"no" ; then - for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do - if test -f $f ; then - conf_utmp_location=$f - fi - done - if test -z "$conf_utmp_location"; then - AC_DEFINE(DISABLE_UTMP) - fi - fi -fi -if test -n "$conf_utmp_location"; then - AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location", - [Define if you want to specify the path to your utmp file]) -fi - -dnl wtmp detection -AC_MSG_CHECKING([if your system defines WTMP_FILE]) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - ], - [ char *wtmp = WTMP_FILE; ], - [ AC_MSG_RESULT(yes) ], - [ AC_MSG_RESULT(no) - system_wtmp_path=no ] -) -if test -z "$conf_wtmp_location"; then - if test x"$system_wtmp_path" = x"no" ; then - for f in /usr/adm/wtmp /var/log/wtmp; do - if test -f $f ; then - conf_wtmp_location=$f - fi - done - if test -z "$conf_wtmp_location"; then - AC_DEFINE(DISABLE_WTMP) - fi - fi -fi -if test -n "$conf_wtmp_location"; then - AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location", - [Define if you want to specify the path to your wtmp file]) -fi - - -dnl utmpx detection - I don't know any system so perverse as to require -dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out -dnl there, though. -AC_MSG_CHECKING([if your system defines UTMPX_FILE]) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_UTMPX_H -#include <utmpx.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - ], - [ char *utmpx = UTMPX_FILE; ], - [ AC_MSG_RESULT(yes) ], - [ AC_MSG_RESULT(no) - system_utmpx_path=no ] -) -if test -z "$conf_utmpx_location"; then - if test x"$system_utmpx_path" = x"no" ; then - AC_DEFINE(DISABLE_UTMPX) - fi -else - AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location", - [Define if you want to specify the path to your utmpx file]) -fi - -dnl wtmpx detection -AC_MSG_CHECKING([if your system defines WTMPX_FILE]) -AC_TRY_COMPILE([ -#include <sys/types.h> -#include <utmp.h> -#ifdef HAVE_UTMPX_H -#include <utmpx.h> -#endif -#ifdef HAVE_PATHS_H -# include <paths.h> -#endif - ], - [ char *wtmpx = WTMPX_FILE; ], - [ AC_MSG_RESULT(yes) ], - [ AC_MSG_RESULT(no) - system_wtmpx_path=no ] -) -if test -z "$conf_wtmpx_location"; then - if test x"$system_wtmpx_path" = x"no" ; then - AC_DEFINE(DISABLE_WTMPX) - fi -else - AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location", - [Define if you want to specify the path to your wtmpx file]) -fi - - -if test ! -z "$blibpath" ; then - LDFLAGS="$LDFLAGS $blibflags$blibpath" - AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) -fi - -dnl Adding -Werror to CFLAGS early prevents configure tests from running. -dnl Add now. -CFLAGS="$CFLAGS $werror_flags" - -AC_EXEEXT -AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ - openbsd-compat/Makefile openbsd-compat/regress/Makefile \ - scard/Makefile ssh_prng_cmds survey.sh]) -AC_OUTPUT - -# Print summary of options - -# Someone please show me a better way :) -A=`eval echo ${prefix}` ; A=`eval echo ${A}` -B=`eval echo ${bindir}` ; B=`eval echo ${B}` -C=`eval echo ${sbindir}` ; C=`eval echo ${C}` -D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` -E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` -F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` -G=`eval echo ${piddir}` ; G=`eval echo ${G}` -H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` -I=`eval echo ${user_path}` ; I=`eval echo ${I}` -J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` - -echo "" -echo "OpenSSH has been configured with the following options:" -echo " User binaries: $B" -echo " System binaries: $C" -echo " Configuration files: $D" -echo " Askpass program: $E" -echo " Manual pages: $F" -echo " PID file: $G" -echo " Privilege separation chroot path: $H" -if test "x$external_path_file" = "x/etc/login.conf" ; then -echo " At runtime, sshd will use the path defined in $external_path_file" -echo " Make sure the path to scp is present, otherwise scp will not work" -else -echo " sshd default user PATH: $I" - if test ! -z "$external_path_file"; then -echo " (If PATH is set in $external_path_file it will be used instead. If" -echo " used, ensure the path to scp is present, otherwise scp will not work.)" - fi -fi -if test ! -z "$superuser_path" ; then -echo " sshd superuser user PATH: $J" -fi -echo " Manpage format: $MANTYPE" -echo " PAM support: $PAM_MSG" -echo " OSF SIA support: $SIA_MSG" -echo " KerberosV support: $KRB5_MSG" -echo " SELinux support: $SELINUX_MSG" -echo " Smartcard support: $SCARD_MSG" -echo " S/KEY support: $SKEY_MSG" -echo " TCP Wrappers support: $TCPW_MSG" -echo " MD5 password support: $MD5_MSG" -echo " libedit support: $LIBEDIT_MSG" -echo " Solaris process contract support: $SPC_MSG" -echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" -echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" -echo " BSD Auth support: $BSD_AUTH_MSG" -echo " Random number source: $RAND_MSG" -if test ! -z "$USE_RAND_HELPER" ; then -echo " ssh-rand-helper collects from: $RAND_HELPER_MSG" -fi - -echo "" - -echo " Host: ${host}" -echo " Compiler: ${CC}" -echo " Compiler flags: ${CFLAGS}" -echo "Preprocessor flags: ${CPPFLAGS}" -echo " Linker flags: ${LDFLAGS}" -echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}" - -echo "" - -if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then - echo "SVR4 style packages are supported with \"make package\"" - echo "" -fi - -if test "x$PAM_MSG" = "xyes" ; then - echo "PAM is enabled. You may need to install a PAM control file " - echo "for sshd, otherwise password authentication may fail. " - echo "Example PAM control files can be found in the contrib/ " - echo "subdirectory" - echo "" -fi - -if test ! -z "$RAND_HELPER_CMDHASH" ; then - echo "WARNING: you are using the builtin random number collection " - echo "service. Please read WARNING.RNG and request that your OS " - echo "vendor includes kernel-based random number collection in " - echo "future versions of your OS." - echo "" -fi - -if test ! -z "$NO_PEERCHECK" ; then - echo "WARNING: the operating system that you are using does not " - echo "appear to support either the getpeereid() API nor the " - echo "SO_PEERCRED getsockopt() option. These facilities are used to " - echo "enforce security checks to prevent unauthorised connections to " - echo "ssh-agent. Their absence increases the risk that a malicious " - echo "user can connect to your agent. " - echo "" -fi - -if test "$AUDIT_MODULE" = "bsm" ; then - echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." - echo "See the Solaris section in README.platform for details." -fi |