Home | History | Annotate | Download | only in openssh
      1 # $Id: configure.ac,v 1.480 2011/08/18 04:48:24 tim Exp $
      2 #
      3 # Copyright (c) 1999-2004 Damien Miller
      4 #
      5 # Permission to use, copy, modify, and distribute this software for any
      6 # purpose with or without fee is hereby granted, provided that the above
      7 # copyright notice and this permission notice appear in all copies.
      8 #
      9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
     10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
     11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
     12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
     13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
     14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
     15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
     16 
     17 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev (a] mindrot.org])
     18 AC_REVISION($Revision: 1.480 $)
     19 AC_CONFIG_SRCDIR([ssh.c])
     20 AC_LANG([C])
     21 
     22 AC_CONFIG_HEADER([config.h])
     23 AC_PROG_CC
     24 AC_CANONICAL_HOST
     25 AC_C_BIGENDIAN
     26 
     27 # Checks for programs.
     28 AC_PROG_AWK
     29 AC_PROG_CPP
     30 AC_PROG_RANLIB
     31 AC_PROG_INSTALL
     32 AC_PROG_EGREP
     33 AC_PATH_PROG([AR], [ar])
     34 AC_PATH_PROG([CAT], [cat])
     35 AC_PATH_PROG([KILL], [kill])
     36 AC_PATH_PROGS([PERL], [perl5 perl])
     37 AC_PATH_PROG([SED], [sed])
     38 AC_SUBST([PERL])
     39 AC_PATH_PROG([ENT], [ent])
     40 AC_SUBST([ENT])
     41 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
     42 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
     43 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
     44 AC_PATH_PROG([SH], [sh])
     45 AC_PATH_PROG([GROFF], [groff])
     46 AC_PATH_PROG([NROFF], [nroff])
     47 AC_PATH_PROG([MANDOC], [mandoc])
     48 AC_SUBST([TEST_SHELL], [sh])
     49 
     50 dnl select manpage formatter
     51 if test "x$MANDOC" != "x" ; then
     52 	MANFMT="$MANDOC"
     53 elif test "x$NROFF" != "x" ; then
     54 	MANFMT="$NROFF -mandoc"
     55 elif test "x$GROFF" != "x" ; then
     56 	MANFMT="$GROFF -mandoc -Tascii"
     57 else
     58 	AC_MSG_WARN([no manpage formatted found])
     59 	MANFMT="false"
     60 fi
     61 AC_SUBST([MANFMT])
     62 
     63 dnl for buildpkg.sh
     64 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd],
     65 	[/usr/sbin${PATH_SEPARATOR}/etc])
     66 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd],
     67 	[/usr/sbin${PATH_SEPARATOR}/etc])
     68 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no])
     69 if test -x /sbin/sh; then
     70 	AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh])
     71 else
     72 	AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh])
     73 fi
     74 
     75 # System features
     76 AC_SYS_LARGEFILE
     77 
     78 if test -z "$AR" ; then
     79 	AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
     80 fi
     81 
     82 # Use LOGIN_PROGRAM from environment if possible
     83 if test ! -z "$LOGIN_PROGRAM" ; then
     84 	AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"],
     85 		[If your header files don't define LOGIN_PROGRAM,
     86 		then use this (detected) from environment and PATH])
     87 else
     88 	# Search for login
     89 	AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login])
     90 	if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
     91 		AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"])
     92 	fi
     93 fi
     94 
     95 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd])
     96 if test ! -z "$PATH_PASSWD_PROG" ; then
     97 	AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"],
     98 		[Full path of your "passwd" program])
     99 fi
    100 
    101 if test -z "$LD" ; then
    102 	LD=$CC
    103 fi
    104 AC_SUBST([LD])
    105 
    106 AC_C_INLINE
    107 
    108 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>])
    109 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [
    110 	#include <sys/types.h>
    111 	#include <sys/param.h>
    112 	#include <dev/systrace.h>
    113 ])
    114 AC_CHECK_DECL([RLIMIT_NPROC],
    115     [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [
    116 	#include <sys/types.h>
    117 	#include <sys/resource.h>
    118 ])
    119 
    120 use_stack_protector=1
    121 AC_ARG_WITH([stackprotect],
    122     [  --without-stackprotect  Don't use compiler's stack protection], [
    123     if test "x$withval" = "xno"; then
    124 	use_stack_protector=0
    125     fi ])
    126 
    127 
    128 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
    129 	OSSH_CHECK_CFLAG_COMPILE([-Wall])
    130 	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
    131 	OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
    132 	OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
    133 	OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
    134 	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
    135 	OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
    136 	OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
    137 	AC_MSG_CHECKING([gcc version])
    138 	GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
    139 	case $GCC_VER in
    140 		1.*) no_attrib_nonnull=1 ;;
    141 		2.8* | 2.9*)
    142 		     no_attrib_nonnull=1
    143 		     ;;
    144 		2.*) no_attrib_nonnull=1 ;;
    145 		*) ;;
    146 	esac
    147 	AC_MSG_RESULT([$GCC_VER])
    148 
    149 	AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset])
    150 	saved_CFLAGS="$CFLAGS"
    151 	CFLAGS="$CFLAGS -fno-builtin-memset"
    152 	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]],
    153 			[[ char b[10]; memset(b, 0, sizeof(b)); ]])],
    154 		[ AC_MSG_RESULT([yes]) ],
    155 		[ AC_MSG_RESULT([no])
    156 		  CFLAGS="$saved_CFLAGS" ]
    157 	)
    158 
    159 	# -fstack-protector-all doesn't always work for some GCC versions
    160 	# and/or platforms, so we test if we can.  If it's not supported
    161 	# on a given platform gcc will emit a warning so we use -Werror.
    162 	if test "x$use_stack_protector" = "x1"; then
    163 	    for t in -fstack-protector-all -fstack-protector; do
    164 		AC_MSG_CHECKING([if $CC supports $t])
    165 		saved_CFLAGS="$CFLAGS"
    166 		saved_LDFLAGS="$LDFLAGS"
    167 		CFLAGS="$CFLAGS $t -Werror"
    168 		LDFLAGS="$LDFLAGS $t -Werror"
    169 		AC_LINK_IFELSE(
    170 			[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
    171 			[[
    172 	char x[256];
    173 	snprintf(x, sizeof(x), "XXX");
    174 			 ]])],
    175 		    [ AC_MSG_RESULT([yes])
    176 		      CFLAGS="$saved_CFLAGS $t"
    177 		      LDFLAGS="$saved_LDFLAGS $t"
    178 		      AC_MSG_CHECKING([if $t works])
    179 		      AC_RUN_IFELSE(
    180 			[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
    181 			[[
    182 	char x[256];
    183 	snprintf(x, sizeof(x), "XXX");
    184 			]])],
    185 			[ AC_MSG_RESULT([yes])
    186 			  break ],
    187 			[ AC_MSG_RESULT([no]) ],
    188 			[ AC_MSG_WARN([cross compiling: cannot test])
    189 			  break ]
    190 		      )
    191 		    ],
    192 		    [ AC_MSG_RESULT([no]) ]
    193 		)
    194 		CFLAGS="$saved_CFLAGS"
    195 		LDFLAGS="$saved_LDFLAGS"
    196 	    done
    197 	fi
    198 
    199 	if test -z "$have_llong_max"; then
    200 		# retry LLONG_MAX with -std=gnu99, needed on some Linuxes
    201 		unset ac_cv_have_decl_LLONG_MAX
    202 		saved_CFLAGS="$CFLAGS"
    203 		CFLAGS="$CFLAGS -std=gnu99"
    204 		AC_CHECK_DECL([LLONG_MAX],
    205 		    [have_llong_max=1],
    206 		    [CFLAGS="$saved_CFLAGS"],
    207 		    [#include <limits.h>]
    208 		)
    209 	fi
    210 fi
    211 
    212 if test "x$no_attrib_nonnull" != "x1" ; then
    213 	AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
    214 fi
    215 
    216 AC_ARG_WITH([rpath],
    217 	[  --without-rpath         Disable auto-added -R linker paths],
    218 	[
    219 		if test "x$withval" = "xno" ; then
    220 			need_dash_r=""
    221 		fi
    222 		if test "x$withval" = "xyes" ; then
    223 			need_dash_r=1
    224 		fi
    225 	]
    226 )
    227 
    228 # Allow user to specify flags
    229 AC_ARG_WITH([cflags],
    230 	[  --with-cflags           Specify additional flags to pass to compiler],
    231 	[
    232 		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
    233 		    test "x${withval}" != "xyes"; then
    234 			CFLAGS="$CFLAGS $withval"
    235 		fi
    236 	]
    237 )
    238 AC_ARG_WITH([cppflags],
    239 	[  --with-cppflags         Specify additional flags to pass to preprocessor] ,
    240 	[
    241 		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
    242 		    test "x${withval}" != "xyes"; then
    243 			CPPFLAGS="$CPPFLAGS $withval"
    244 		fi
    245 	]
    246 )
    247 AC_ARG_WITH([ldflags],
    248 	[  --with-ldflags          Specify additional flags to pass to linker],
    249 	[
    250 		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
    251 		    test "x${withval}" != "xyes"; then
    252 			LDFLAGS="$LDFLAGS $withval"
    253 		fi
    254 	]
    255 )
    256 AC_ARG_WITH([libs],
    257 	[  --with-libs             Specify additional libraries to link with],
    258 	[
    259 		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
    260 		    test "x${withval}" != "xyes"; then
    261 			LIBS="$LIBS $withval"
    262 		fi
    263 	]
    264 )
    265 AC_ARG_WITH([Werror],
    266 	[  --with-Werror           Build main code with -Werror],
    267 	[
    268 		if test -n "$withval"  &&  test "x$withval" != "xno"; then
    269 			werror_flags="-Werror"
    270 			if test "x${withval}" != "xyes"; then
    271 				werror_flags="$withval"
    272 			fi
    273 		fi
    274 	]
    275 )
    276 
    277 AC_CHECK_HEADERS([ \
    278 	bstring.h \
    279 	crypt.h \
    280 	crypto/sha2.h \
    281 	dirent.h \
    282 	endian.h \
    283 	features.h \
    284 	fcntl.h \
    285 	floatingpoint.h \
    286 	getopt.h \
    287 	glob.h \
    288 	ia.h \
    289 	iaf.h \
    290 	limits.h \
    291 	login.h \
    292 	maillock.h \
    293 	ndir.h \
    294 	net/if_tun.h \
    295 	netdb.h \
    296 	netgroup.h \
    297 	pam/pam_appl.h \
    298 	paths.h \
    299 	poll.h \
    300 	pty.h \
    301 	readpassphrase.h \
    302 	rpc/types.h \
    303 	security/pam_appl.h \
    304 	sha2.h \
    305 	shadow.h \
    306 	stddef.h \
    307 	stdint.h \
    308 	string.h \
    309 	strings.h \
    310 	sys/audit.h \
    311 	sys/bitypes.h \
    312 	sys/bsdtty.h \
    313 	sys/cdefs.h \
    314 	sys/dir.h \
    315 	sys/mman.h \
    316 	sys/ndir.h \
    317 	sys/poll.h \
    318 	sys/prctl.h \
    319 	sys/pstat.h \
    320 	sys/select.h \
    321 	sys/stat.h \
    322 	sys/stream.h \
    323 	sys/stropts.h \
    324 	sys/strtio.h \
    325 	sys/statvfs.h \
    326 	sys/sysmacros.h \
    327 	sys/time.h \
    328 	sys/timers.h \
    329 	sys/un.h \
    330 	time.h \
    331 	tmpdir.h \
    332 	ttyent.h \
    333 	ucred.h \
    334 	unistd.h \
    335 	usersec.h \
    336 	util.h \
    337 	utime.h \
    338 	utmp.h \
    339 	utmpx.h \
    340 	vis.h \
    341 ])
    342 
    343 # lastlog.h requires sys/time.h to be included first on Solaris
    344 AC_CHECK_HEADERS([lastlog.h], [], [], [
    345 #ifdef HAVE_SYS_TIME_H
    346 # include <sys/time.h>
    347 #endif
    348 ])
    349 
    350 # sys/ptms.h requires sys/stream.h to be included first on Solaris
    351 AC_CHECK_HEADERS([sys/ptms.h], [], [], [
    352 #ifdef HAVE_SYS_STREAM_H
    353 # include <sys/stream.h>
    354 #endif
    355 ])
    356 
    357 # login_cap.h requires sys/types.h on NetBSD
    358 AC_CHECK_HEADERS([login_cap.h], [], [], [
    359 #include <sys/types.h>
    360 ])
    361 
    362 # older BSDs need sys/param.h before sys/mount.h
    363 AC_CHECK_HEADERS([sys/mount.h], [], [], [
    364 #include <sys/param.h>
    365 ])
    366 
    367 # Messages for features tested for in target-specific section
    368 SIA_MSG="no"
    369 SPC_MSG="no"
    370 SP_MSG="no"
    371 
    372 # Check for some target-specific stuff
    373 case "$host" in
    374 *-*-aix*)
    375 	# Some versions of VAC won't allow macro redefinitions at
    376 	# -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
    377 	# particularly with older versions of vac or xlc.
    378 	# It also throws errors about null macro argments, but these are
    379 	# not fatal.
    380 	AC_MSG_CHECKING([if compiler allows macro redefinitions])
    381 	AC_COMPILE_IFELSE(
    382 	    [AC_LANG_PROGRAM([[
    383 #define testmacro foo
    384 #define testmacro bar]],
    385 	    [[ exit(0); ]])],
    386 	    [ AC_MSG_RESULT([yes]) ],
    387 	    [ AC_MSG_RESULT([no])
    388 	      CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
    389 	      LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
    390 	      CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
    391 	      CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
    392 	    ]
    393 	)
    394 
    395 	AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
    396 	if (test -z "$blibpath"); then
    397 		blibpath="/usr/lib:/lib"
    398 	fi
    399 	saved_LDFLAGS="$LDFLAGS"
    400 	if test "$GCC" = "yes"; then
    401 		flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
    402 	else
    403 		flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
    404 	fi
    405 	for tryflags in $flags ;do
    406 		if (test -z "$blibflags"); then
    407 			LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
    408 			AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
    409 			[blibflags=$tryflags], [])
    410 		fi
    411 	done
    412 	if (test -z "$blibflags"); then
    413 		AC_MSG_RESULT([not found])
    414 		AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
    415 	else
    416 		AC_MSG_RESULT([$blibflags])
    417 	fi
    418 	LDFLAGS="$saved_LDFLAGS"
    419 	dnl Check for authenticate.  Might be in libs.a on older AIXes
    420 	AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1],
    421 		[Define if you want to enable AIX4's authenticate function])],
    422 		[AC_CHECK_LIB([s], [authenticate],
    423 			[ AC_DEFINE([WITH_AIXAUTHENTICATE])
    424 				LIBS="$LIBS -ls"
    425 			])
    426 		])
    427 	dnl Check for various auth function declarations in headers.
    428 	AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
    429 	    passwdexpired, setauthdb], , , [#include <usersec.h>])
    430 	dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
    431 	AC_CHECK_DECLS([loginfailed],
    432 	    [AC_MSG_CHECKING([if loginfailed takes 4 arguments])
    433 	    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]],
    434 		[[ (void)loginfailed("user","host","tty",0); ]])],
    435 		[AC_MSG_RESULT([yes])
    436 		AC_DEFINE([AIX_LOGINFAILED_4ARG], [1],
    437 			[Define if your AIX loginfailed() function
    438 			takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no])
    439 	    ])],
    440 	    [],
    441 	    [#include <usersec.h>]
    442 	)
    443 	AC_CHECK_FUNCS([getgrset setauthdb])
    444 	AC_CHECK_DECL([F_CLOSEM],
    445 	    AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]),
    446 	    [],
    447 	    [ #include <limits.h>
    448 	      #include <fcntl.h> ]
    449 	)
    450 	check_for_aix_broken_getaddrinfo=1
    451 	AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
    452 	AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
    453 	    [Define if your platform breaks doing a seteuid before a setuid])
    454 	AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
    455 	AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken])
    456 	dnl AIX handles lastlog as part of its login message
    457 	AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog])
    458 	AC_DEFINE([LOGIN_NEEDS_UTMPX], [1],
    459 		[Some systems need a utmpx entry for /bin/login to work])
    460 	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
    461 		[Define to a Set Process Title type if your system is
    462 		supported by bsd-setproctitle.c])
    463 	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
    464 	    [AIX 5.2 and 5.3 (and presumably newer) require this])
    465 	AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
    466 	;;
    467 *-*-cygwin*)
    468 	check_for_libcrypt_later=1
    469 	LIBS="$LIBS /usr/lib/textreadmode.o"
    470 	AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin])
    471 	AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()])
    472 	AC_DEFINE([DISABLE_SHADOW], [1],
    473 		[Define if you want to disable shadow passwords])
    474 	AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
    475 		[Define if X11 doesn't support AF_UNIX sockets on that system])
    476 	AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
    477 		[Define if the concept of ports only accessible to
    478 		superusers isn't known])
    479 	AC_DEFINE([DISABLE_FD_PASSING], [1],
    480 		[Define if your platform needs to skip post auth
    481 		file descriptor passing])
    482 	AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
    483 	AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 
    484 	;;
    485 *-*-dgux*)
    486 	AC_DEFINE([IP_TOS_IS_BROKEN], [1],
    487 		[Define if your system choked on IP TOS setting])
    488 	AC_DEFINE([SETEUID_BREAKS_SETUID])
    489 	AC_DEFINE([BROKEN_SETREUID])
    490 	AC_DEFINE([BROKEN_SETREGID])
    491 	;;
    492 *-*-darwin*)
    493 	AC_MSG_CHECKING([if we have working getaddrinfo])
    494 	AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
    495 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
    496 		exit(0);
    497 	else
    498 		exit(1);
    499 }
    500 			]])],
    501 	[AC_MSG_RESULT([working])],
    502 	[AC_MSG_RESULT([buggy])
    503 	AC_DEFINE([BROKEN_GETADDRINFO], [1],
    504 		[getaddrinfo is broken (if present)])
    505 	],
    506 	[AC_MSG_RESULT([assume it is working])])
    507 	AC_DEFINE([SETEUID_BREAKS_SETUID])
    508 	AC_DEFINE([BROKEN_SETREUID])
    509 	AC_DEFINE([BROKEN_SETREGID])
    510 	AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect])
    511 	AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1],
    512 		[Define if your resolver libs need this for getrrsetbyname])
    513 	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
    514 	AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
    515 	    [Use tunnel device compatibility to OpenBSD])
    516 	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
    517 	    [Prepend the address family to IP tunnel traffic])
    518 	m4_pattern_allow([AU_IPv])
    519 	AC_CHECK_DECL([AU_IPv4], [], 
    520 	    AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
    521 	    [#include <bsm/audit.h>]
    522 	AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1],
    523 	    [Define if pututxline updates lastlog too])
    524 	)
    525 	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV],
    526 		[Define to a Set Process Title type if your system is
    527 		supported by bsd-setproctitle.c])
    528 	AC_CHECK_FUNCS([sandbox_init])
    529 	AC_CHECK_HEADERS([sandbox.h])
    530 	;;
    531 *-*-dragonfly*)
    532 	SSHDLIBS="$SSHDLIBS -lcrypt"
    533 	;;
    534 *-*-haiku*) 
    535     LIBS="$LIBS -lbsd "
    536     AC_CHECK_LIB([network], [socket])
    537     AC_DEFINE([HAVE_U_INT64_T])
    538     MANTYPE=man 
    539     ;; 
    540 *-*-hpux*)
    541 	# first we define all of the options common to all HP-UX releases
    542 	CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
    543 	IPADDR_IN_DISPLAY=yes
    544 	AC_DEFINE([USE_PIPES])
    545 	AC_DEFINE([LOGIN_NO_ENDOPT], [1],
    546 	    [Define if your login program cannot handle end of options ("--")])
    547 	AC_DEFINE([LOGIN_NEEDS_UTMPX])
    548 	AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
    549 		[String used in /etc/passwd to denote locked account])
    550 	AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
    551 	maildir="/var/mail"
    552 	LIBS="$LIBS -lsec"
    553 	AC_CHECK_LIB([xnet], [t_error], ,
    554 	    [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])])
    555 
    556 	# next, we define all of the options specific to major releases
    557 	case "$host" in
    558 	*-*-hpux10*)
    559 		if test -z "$GCC"; then
    560 			CFLAGS="$CFLAGS -Ae"
    561 		fi
    562 		;;
    563 	*-*-hpux11*)
    564 		AC_DEFINE([PAM_SUN_CODEBASE], [1],
    565 			[Define if you are using Solaris-derived PAM which
    566 			passes pam_messages to the conversation function
    567 			with an extra level of indirection])
    568 		AC_DEFINE([DISABLE_UTMP], [1],
    569 			[Define if you don't want to use utmp])
    570 		AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
    571 		check_for_hpux_broken_getaddrinfo=1
    572 		check_for_conflicting_getspnam=1
    573 		;;
    574 	esac
    575 
    576 	# lastly, we define options specific to minor releases
    577 	case "$host" in
    578 	*-*-hpux10.26)
    579 		AC_DEFINE([HAVE_SECUREWARE], [1],
    580 			[Define if you have SecureWare-based
    581 			protected password database])
    582 		disable_ptmx_check=yes
    583 		LIBS="$LIBS -lsecpw"
    584 		;;
    585 	esac
    586 	;;
    587 *-*-irix5*)
    588 	PATH="$PATH:/usr/etc"
    589 	AC_DEFINE([BROKEN_INET_NTOA], [1],
    590 		[Define if you system's inet_ntoa is busted
    591 		(e.g. Irix gcc issue)])
    592 	AC_DEFINE([SETEUID_BREAKS_SETUID])
    593 	AC_DEFINE([BROKEN_SETREUID])
    594 	AC_DEFINE([BROKEN_SETREGID])
    595 	AC_DEFINE([WITH_ABBREV_NO_TTY], [1],
    596 		[Define if you shouldn't strip 'tty' from your
    597 		ttyname in [uw]tmp])
    598 	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
    599 	;;
    600 *-*-irix6*)
    601 	PATH="$PATH:/usr/etc"
    602 	AC_DEFINE([WITH_IRIX_ARRAY], [1],
    603 		[Define if you have/want arrays
    604 		(cluster-wide session managment, not C arrays)])
    605 	AC_DEFINE([WITH_IRIX_PROJECT], [1],
    606 		[Define if you want IRIX project management])
    607 	AC_DEFINE([WITH_IRIX_AUDIT], [1],
    608 		[Define if you want IRIX audit trails])
    609 	AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1],
    610 		[Define if you want IRIX kernel jobs])])
    611 	AC_DEFINE([BROKEN_INET_NTOA])
    612 	AC_DEFINE([SETEUID_BREAKS_SETUID])
    613 	AC_DEFINE([BROKEN_SETREUID])
    614 	AC_DEFINE([BROKEN_SETREGID])
    615 	AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)])
    616 	AC_DEFINE([WITH_ABBREV_NO_TTY])
    617 	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
    618 	;;
    619 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
    620 	check_for_libcrypt_later=1
    621 	AC_DEFINE([PAM_TTY_KLUDGE])
    622 	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"])
    623 	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
    624 	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
    625 	AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins])
    626 	;;
    627 *-*-linux*)
    628 	no_dev_ptmx=1
    629 	check_for_libcrypt_later=1
    630 	check_for_openpty_ctty_bug=1
    631 	AC_DEFINE([PAM_TTY_KLUDGE], [1],
    632 		[Work around problematic Linux PAM modules handling of PAM_TTY])
    633 	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
    634 		[String used in /etc/passwd to denote locked account])
    635 	AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV])
    636 	AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM],
    637 		[Define to whatever link() returns for "not supported"
    638 		if it doesn't return EOPNOTSUPP.])
    639 	AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts])
    640 	AC_DEFINE([USE_BTMP])
    641 	AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer])
    642 	inet6_default_4in6=yes
    643 	case `uname -r` in
    644 	1.*|2.0.*)
    645 		AC_DEFINE([BROKEN_CMSG_TYPE], [1],
    646 			[Define if cmsg_type is not passed correctly])
    647 		;;
    648 	esac
    649 	# tun(4) forwarding compat code
    650 	AC_CHECK_HEADERS([linux/if_tun.h])
    651 	if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
    652 		AC_DEFINE([SSH_TUN_LINUX], [1],
    653 		    [Open tunnel devices the Linux tun/tap way])
    654 		AC_DEFINE([SSH_TUN_COMPAT_AF], [1],
    655 		    [Use tunnel device compatibility to OpenBSD])
    656 		AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
    657 		    [Prepend the address family to IP tunnel traffic])
    658 	fi
    659 	;;
    660 mips-sony-bsd|mips-sony-newsos4)
    661 	AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty])
    662 	SONY=1
    663 	;;
    664 *-*-netbsd*)
    665 	check_for_libcrypt_before=1
    666 	if test "x$withval" != "xno" ; then
    667 		need_dash_r=1
    668 	fi
    669 	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
    670 	AC_CHECK_HEADER([net/if_tap.h], ,
    671 	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
    672 	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
    673 	    [Prepend the address family to IP tunnel traffic])
    674 	;;
    675 *-*-freebsd*)
    676 	check_for_libcrypt_later=1
    677 	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)])
    678 	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
    679 	AC_CHECK_HEADER([net/if_tap.h], ,
    680 	    AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
    681 	AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])
    682 	;;
    683 *-*-bsdi*)
    684 	AC_DEFINE([SETEUID_BREAKS_SETUID])
    685 	AC_DEFINE([BROKEN_SETREUID])
    686 	AC_DEFINE([BROKEN_SETREGID])
    687 	;;
    688 *-next-*)
    689 	conf_lastlog_location="/usr/adm/lastlog"
    690 	conf_utmp_location=/etc/utmp
    691 	conf_wtmp_location=/usr/adm/wtmp
    692 	maildir=/usr/spool/mail
    693 	AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
    694 	AC_DEFINE([BROKEN_REALPATH])
    695 	AC_DEFINE([USE_PIPES])
    696 	AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
    697 	;;
    698 *-*-openbsd*)
    699 	AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel])
    700 	AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded])
    701 	AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way])
    702 	AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1],
    703 	    [syslog_r function is safe to use in in a signal handler])
    704 	;;
    705 *-*-solaris*)
    706 	if test "x$withval" != "xno" ; then
    707 		need_dash_r=1
    708 	fi
    709 	AC_DEFINE([PAM_SUN_CODEBASE])
    710 	AC_DEFINE([LOGIN_NEEDS_UTMPX])
    711 	AC_DEFINE([LOGIN_NEEDS_TERM], [1],
    712 		[Some versions of /bin/login need the TERM supplied
    713 		on the commandline])
    714 	AC_DEFINE([PAM_TTY_KLUDGE])
    715 	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
    716 		[Define if pam_chauthtok wants real uid set
    717 		to the unpriv'ed user])
    718 	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
    719 	# Pushing STREAMS modules will cause sshd to acquire a controlling tty.
    720 	AC_DEFINE([SSHD_ACQUIRES_CTTY], [1],
    721 		[Define if sshd somehow reacquires a controlling TTY
    722 		after setsid()])
    723 	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
    724 		in case the name is longer than 8 chars])
    725 	AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
    726 	external_path_file=/etc/default/login
    727 	# hardwire lastlog location (can't detect it on some versions)
    728 	conf_lastlog_location="/var/adm/lastlog"
    729 	AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x])
    730 	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
    731 	if test "$sol2ver" -ge 8; then
    732 		AC_MSG_RESULT([yes])
    733 		AC_DEFINE([DISABLE_UTMP])
    734 		AC_DEFINE([DISABLE_WTMP], [1],
    735 			[Define if you don't want to use wtmp])
    736 	else
    737 		AC_MSG_RESULT([no])
    738 	fi
    739 	AC_ARG_WITH([solaris-contracts],
    740 		[  --with-solaris-contracts Enable Solaris process contracts (experimental)],
    741 		[
    742 		AC_CHECK_LIB([contract], [ct_tmpl_activate],
    743 			[ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1],
    744 				[Define if you have Solaris process contracts])
    745 			  SSHDLIBS="$SSHDLIBS -lcontract"
    746 			  SPC_MSG="yes" ], )
    747 		],
    748 	)
    749 	AC_ARG_WITH([solaris-projects],
    750 		[  --with-solaris-projects Enable Solaris projects (experimental)],
    751 		[
    752 		AC_CHECK_LIB([project], [setproject],
    753 			[ AC_DEFINE([USE_SOLARIS_PROJECTS], [1],
    754 				[Define if you have Solaris projects])
    755 			SSHDLIBS="$SSHDLIBS -lproject"
    756 			SP_MSG="yes" ], )
    757 		],
    758 	)
    759 	;;
    760 *-*-sunos4*)
    761 	CPPFLAGS="$CPPFLAGS -DSUNOS4"
    762 	AC_CHECK_FUNCS([getpwanam])
    763 	AC_DEFINE([PAM_SUN_CODEBASE])
    764 	conf_utmp_location=/etc/utmp
    765 	conf_wtmp_location=/var/adm/wtmp
    766 	conf_lastlog_location=/var/adm/lastlog
    767 	AC_DEFINE([USE_PIPES])
    768 	;;
    769 *-ncr-sysv*)
    770 	LIBS="$LIBS -lc89"
    771 	AC_DEFINE([USE_PIPES])
    772 	AC_DEFINE([SSHD_ACQUIRES_CTTY])
    773 	AC_DEFINE([SETEUID_BREAKS_SETUID])
    774 	AC_DEFINE([BROKEN_SETREUID])
    775 	AC_DEFINE([BROKEN_SETREGID])
    776 	;;
    777 *-sni-sysv*)
    778 	# /usr/ucblib MUST NOT be searched on ReliantUNIX
    779 	AC_CHECK_LIB([dl], [dlsym], ,)
    780 	# -lresolv needs to be at the end of LIBS or DNS lookups break
    781 	AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ])
    782 	IPADDR_IN_DISPLAY=yes
    783 	AC_DEFINE([USE_PIPES])
    784 	AC_DEFINE([IP_TOS_IS_BROKEN])
    785 	AC_DEFINE([SETEUID_BREAKS_SETUID])
    786 	AC_DEFINE([BROKEN_SETREUID])
    787 	AC_DEFINE([BROKEN_SETREGID])
    788 	AC_DEFINE([SSHD_ACQUIRES_CTTY])
    789 	external_path_file=/etc/default/login
    790 	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
    791 	# Attention: always take care to bind libsocket and libnsl before libc,
    792 	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
    793 	;;
    794 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
    795 *-*-sysv4.2*)
    796 	AC_DEFINE([USE_PIPES])
    797 	AC_DEFINE([SETEUID_BREAKS_SETUID])
    798 	AC_DEFINE([BROKEN_SETREUID])
    799 	AC_DEFINE([BROKEN_SETREGID])
    800 	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd])
    801 	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
    802 	;;
    803 # UnixWare 7.x, OpenUNIX 8
    804 *-*-sysv5*)
    805 	CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf"
    806 	AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars])
    807 	AC_DEFINE([USE_PIPES])
    808 	AC_DEFINE([SETEUID_BREAKS_SETUID])
    809 	AC_DEFINE([BROKEN_GETADDRINFO])
    810 	AC_DEFINE([BROKEN_SETREUID])
    811 	AC_DEFINE([BROKEN_SETREGID])
    812 	AC_DEFINE([PASSWD_NEEDS_USERNAME])
    813 	case "$host" in
    814 	*-*-sysv5SCO_SV*)	# SCO OpenServer 6.x
    815 		maildir=/var/spool/mail
    816 		TEST_SHELL=/u95/bin/sh
    817 		AC_DEFINE([BROKEN_LIBIAF], [1],
    818 			[ia_uinfo routines not supported by OS yet])
    819 		AC_DEFINE([BROKEN_UPDWTMPX])
    820 		AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot"
    821 			AC_CHECK_FUNCS([getluid setluid], , , [-lprot])
    822 			AC_DEFINE([HAVE_SECUREWARE])
    823 			AC_DEFINE([DISABLE_SHADOW])
    824 			], , )
    825 		;;
    826 	*)	AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"])
    827 		check_for_libcrypt_later=1
    828 		;;
    829 	esac
    830 	;;
    831 *-*-sysv*)
    832 	;;
    833 # SCO UNIX and OEM versions of SCO UNIX
    834 *-*-sco3.2v4*)
    835 	AC_MSG_ERROR("This Platform is no longer supported.")
    836 	;;
    837 # SCO OpenServer 5.x
    838 *-*-sco3.2v5*)
    839 	if test -z "$GCC"; then
    840 		CFLAGS="$CFLAGS -belf"
    841 	fi
    842 	LIBS="$LIBS -lprot -lx -ltinfo -lm"
    843 	no_dev_ptmx=1
    844 	AC_DEFINE([USE_PIPES])
    845 	AC_DEFINE([HAVE_SECUREWARE])
    846 	AC_DEFINE([DISABLE_SHADOW])
    847 	AC_DEFINE([DISABLE_FD_PASSING])
    848 	AC_DEFINE([SETEUID_BREAKS_SETUID])
    849 	AC_DEFINE([BROKEN_GETADDRINFO])
    850 	AC_DEFINE([BROKEN_SETREUID])
    851 	AC_DEFINE([BROKEN_SETREGID])
    852 	AC_DEFINE([WITH_ABBREV_NO_TTY])
    853 	AC_DEFINE([BROKEN_UPDWTMPX])
    854 	AC_DEFINE([PASSWD_NEEDS_USERNAME])
    855 	AC_CHECK_FUNCS([getluid setluid])
    856 	MANTYPE=man
    857 	TEST_SHELL=ksh
    858 	;;
    859 *-*-unicosmk*)
    860 	AC_DEFINE([NO_SSH_LASTLOG], [1],
    861 		[Define if you don't want to use lastlog in session.c])
    862 	AC_DEFINE([SETEUID_BREAKS_SETUID])
    863 	AC_DEFINE([BROKEN_SETREUID])
    864 	AC_DEFINE([BROKEN_SETREGID])
    865 	AC_DEFINE([USE_PIPES])
    866 	AC_DEFINE([DISABLE_FD_PASSING])
    867 	LDFLAGS="$LDFLAGS"
    868 	LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
    869 	MANTYPE=cat
    870 	;;
    871 *-*-unicosmp*)
    872 	AC_DEFINE([SETEUID_BREAKS_SETUID])
    873 	AC_DEFINE([BROKEN_SETREUID])
    874 	AC_DEFINE([BROKEN_SETREGID])
    875 	AC_DEFINE([WITH_ABBREV_NO_TTY])
    876 	AC_DEFINE([USE_PIPES])
    877 	AC_DEFINE([DISABLE_FD_PASSING])
    878 	LDFLAGS="$LDFLAGS"
    879 	LIBS="$LIBS -lgen -lacid -ldb"
    880 	MANTYPE=cat
    881 	;;
    882 *-*-unicos*)
    883 	AC_DEFINE([SETEUID_BREAKS_SETUID])
    884 	AC_DEFINE([BROKEN_SETREUID])
    885 	AC_DEFINE([BROKEN_SETREGID])
    886 	AC_DEFINE([USE_PIPES])
    887 	AC_DEFINE([DISABLE_FD_PASSING])
    888 	AC_DEFINE([NO_SSH_LASTLOG])
    889 	LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
    890 	LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
    891 	MANTYPE=cat
    892 	;;
    893 *-dec-osf*)
    894 	AC_MSG_CHECKING([for Digital Unix SIA])
    895 	no_osfsia=""
    896 	AC_ARG_WITH([osfsia],
    897 		[  --with-osfsia           Enable Digital Unix SIA],
    898 		[
    899 			if test "x$withval" = "xno" ; then
    900 				AC_MSG_RESULT([disabled])
    901 				no_osfsia=1
    902 			fi
    903 		],
    904 	)
    905 	if test -z "$no_osfsia" ; then
    906 		if test -f /etc/sia/matrix.conf; then
    907 			AC_MSG_RESULT([yes])
    908 			AC_DEFINE([HAVE_OSF_SIA], [1],
    909 				[Define if you have Digital Unix Security
    910 				Integration Architecture])
    911 			AC_DEFINE([DISABLE_LOGIN], [1],
    912 				[Define if you don't want to use your
    913 				system's login() call])
    914 			AC_DEFINE([DISABLE_FD_PASSING])
    915 			LIBS="$LIBS -lsecurity -ldb -lm -laud"
    916 			SIA_MSG="yes"
    917 		else
    918 			AC_MSG_RESULT([no])
    919 			AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"],
    920 			  [String used in /etc/passwd to denote locked account])
    921 		fi
    922 	fi
    923 	AC_DEFINE([BROKEN_GETADDRINFO])
    924 	AC_DEFINE([SETEUID_BREAKS_SETUID])
    925 	AC_DEFINE([BROKEN_SETREUID])
    926 	AC_DEFINE([BROKEN_SETREGID])
    927 	AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv])
    928 	;;
    929 
    930 *-*-nto-qnx*)
    931 	AC_DEFINE([USE_PIPES])
    932 	AC_DEFINE([NO_X11_UNIX_SOCKETS])
    933 	AC_DEFINE([MISSING_NFDBITS], [1], [Define on *nto-qnx systems])
    934 	AC_DEFINE([MISSING_HOWMANY], [1], [Define on *nto-qnx systems])
    935 	AC_DEFINE([MISSING_FD_MASK], [1], [Define on *nto-qnx systems])
    936 	AC_DEFINE([DISABLE_LASTLOG])
    937 	AC_DEFINE([SSHD_ACQUIRES_CTTY])
    938 	AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken])
    939 	enable_etc_default_login=no	# has incompatible /etc/default/login
    940 	case "$host" in
    941 	*-*-nto-qnx6*)
    942 		AC_DEFINE([DISABLE_FD_PASSING])
    943 		;;
    944 	esac
    945 	;;
    946 
    947 *-*-ultrix*)
    948 	AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1])
    949 	AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files])
    950 	AC_DEFINE([NEED_SETPGRP])
    951 	AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix])
    952 	;;
    953 
    954 *-*-lynxos)
    955         CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
    956 	AC_DEFINE([MISSING_HOWMANY])
    957         AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation])
    958         ;;
    959 esac
    960 
    961 AC_MSG_CHECKING([compiler and flags for sanity])
    962 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
    963 	[	AC_MSG_RESULT([yes]) ],
    964 	[
    965 		AC_MSG_RESULT([no])
    966 		AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
    967 	],
    968 	[	AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
    969 )
    970 
    971 dnl Checks for header files.
    972 # Checks for libraries.
    973 AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
    974 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
    975 
    976 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
    977 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [
    978 	AC_CHECK_LIB([gen], [dirname], [
    979 		AC_CACHE_CHECK([for broken dirname],
    980 			ac_cv_have_broken_dirname, [
    981 			save_LIBS="$LIBS"
    982 			LIBS="$LIBS -lgen"
    983 			AC_RUN_IFELSE(
    984 				[AC_LANG_SOURCE([[
    985 #include <libgen.h>
    986 #include <string.h>
    987 
    988 int main(int argc, char **argv) {
    989     char *s, buf[32];
    990 
    991     strncpy(buf,"/etc", 32);
    992     s = dirname(buf);
    993     if (!s || strncmp(s, "/", 32) != 0) {
    994 	exit(1);
    995     } else {
    996 	exit(0);
    997     }
    998 }
    999 				]])],
   1000 				[ ac_cv_have_broken_dirname="no" ],
   1001 				[ ac_cv_have_broken_dirname="yes" ],
   1002 				[ ac_cv_have_broken_dirname="no" ],
   1003 			)
   1004 			LIBS="$save_LIBS"
   1005 		])
   1006 		if test "x$ac_cv_have_broken_dirname" = "xno" ; then
   1007 			LIBS="$LIBS -lgen"
   1008 			AC_DEFINE([HAVE_DIRNAME])
   1009 			AC_CHECK_HEADERS([libgen.h])
   1010 		fi
   1011 	])
   1012 ])
   1013 
   1014 AC_CHECK_FUNC([getspnam], ,
   1015 	[AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])])
   1016 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1],
   1017 	[Define if you have the basename function.])])
   1018 
   1019 dnl zlib is required
   1020 AC_ARG_WITH([zlib],
   1021 	[  --with-zlib=PATH        Use zlib in PATH],
   1022 	[ if test "x$withval" = "xno" ; then
   1023 		AC_MSG_ERROR([*** zlib is required ***])
   1024 	  elif test "x$withval" != "xyes"; then
   1025 		if test -d "$withval/lib"; then
   1026 			if test -n "${need_dash_r}"; then
   1027 				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
   1028 			else
   1029 				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
   1030 			fi
   1031 		else
   1032 			if test -n "${need_dash_r}"; then
   1033 				LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
   1034 			else
   1035 				LDFLAGS="-L${withval} ${LDFLAGS}"
   1036 			fi
   1037 		fi
   1038 		if test -d "$withval/include"; then
   1039 			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
   1040 		else
   1041 			CPPFLAGS="-I${withval} ${CPPFLAGS}"
   1042 		fi
   1043 	fi ]
   1044 )
   1045 
   1046 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])])
   1047 AC_CHECK_LIB([z], [deflate], ,
   1048 	[
   1049 		saved_CPPFLAGS="$CPPFLAGS"
   1050 		saved_LDFLAGS="$LDFLAGS"
   1051 		save_LIBS="$LIBS"
   1052 		dnl Check default zlib install dir
   1053 		if test -n "${need_dash_r}"; then
   1054 			LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
   1055 		else
   1056 			LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
   1057 		fi
   1058 		CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
   1059 		LIBS="$LIBS -lz"
   1060 		AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])],
   1061 			[
   1062 				AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
   1063 			]
   1064 		)
   1065 	]
   1066 )
   1067 
   1068 AC_ARG_WITH([zlib-version-check],
   1069 	[  --without-zlib-version-check Disable zlib version check],
   1070 	[  if test "x$withval" = "xno" ; then
   1071 		zlib_check_nonfatal=1
   1072 	   fi
   1073 	]
   1074 )
   1075 
   1076 AC_MSG_CHECKING([for possibly buggy zlib])
   1077 AC_RUN_IFELSE([AC_LANG_PROGRAM([[
   1078 #include <stdio.h>
   1079 #include <zlib.h>
   1080 	]],
   1081 	[[
   1082 	int a=0, b=0, c=0, d=0, n, v;
   1083 	n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
   1084 	if (n != 3 && n != 4)
   1085 		exit(1);
   1086 	v = a*1000000 + b*10000 + c*100 + d;
   1087 	fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
   1088 
   1089 	/* 1.1.4 is OK */
   1090 	if (a == 1 && b == 1 && c >= 4)
   1091 		exit(0);
   1092 
   1093 	/* 1.2.3 and up are OK */
   1094 	if (v >= 1020300)
   1095 		exit(0);
   1096 
   1097 	exit(2);
   1098 	]])],
   1099 	AC_MSG_RESULT([no]),
   1100 	[ AC_MSG_RESULT([yes])
   1101 	  if test -z "$zlib_check_nonfatal" ; then
   1102 		AC_MSG_ERROR([*** zlib too old - check config.log ***
   1103 Your reported zlib version has known security problems.  It's possible your
   1104 vendor has fixed these problems without changing the version number.  If you
   1105 are sure this is the case, you can disable the check by running
   1106 "./configure --without-zlib-version-check".
   1107 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
   1108 See http://www.gzip.org/zlib/ for details.])
   1109 	  else
   1110 		AC_MSG_WARN([zlib version may have security problems])
   1111 	  fi
   1112 	],
   1113 	[	AC_MSG_WARN([cross compiling: not checking zlib version]) ]
   1114 )
   1115 
   1116 dnl UnixWare 2.x
   1117 AC_CHECK_FUNC([strcasecmp],
   1118 	[], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ]
   1119 )
   1120 AC_CHECK_FUNCS([utimes],
   1121 	[], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES])
   1122 					LIBS="$LIBS -lc89"]) ]
   1123 )
   1124 
   1125 dnl    Checks for libutil functions
   1126 AC_CHECK_HEADERS([libutil.h])
   1127 AC_SEARCH_LIBS([login], [util bsd], [AC_DEFINE([HAVE_LOGIN], [1],
   1128 	[Define if your libraries define login()])])
   1129 AC_CHECK_FUNCS([fmt_scaled logout updwtmp logwtmp])
   1130 
   1131 AC_FUNC_STRFTIME
   1132 
   1133 # Check for ALTDIRFUNC glob() extension
   1134 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support])
   1135 AC_EGREP_CPP([FOUNDIT],
   1136 	[
   1137 		#include <glob.h>
   1138 		#ifdef GLOB_ALTDIRFUNC
   1139 		FOUNDIT
   1140 		#endif
   1141 	],
   1142 	[
   1143 		AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1],
   1144 			[Define if your system glob() function has
   1145 			the GLOB_ALTDIRFUNC extension])
   1146 		AC_MSG_RESULT([yes])
   1147 	],
   1148 	[
   1149 		AC_MSG_RESULT([no])
   1150 	]
   1151 )
   1152 
   1153 # Check for g.gl_matchc glob() extension
   1154 AC_MSG_CHECKING([for gl_matchc field in glob_t])
   1155 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]],
   1156 	[[ glob_t g; g.gl_matchc = 1; ]])],
   1157 	[
   1158 		AC_DEFINE([GLOB_HAS_GL_MATCHC], [1],
   1159 			[Define if your system glob() function has
   1160 			gl_matchc options in glob_t])
   1161 		AC_MSG_RESULT([yes])
   1162 	], [
   1163 		AC_MSG_RESULT([no])
   1164 ])
   1165 
   1166 # Check for g.gl_statv glob() extension
   1167 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob])
   1168 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[
   1169 #ifndef GLOB_KEEPSTAT
   1170 #error "glob does not support GLOB_KEEPSTAT extension"
   1171 #endif
   1172 glob_t g;
   1173 g.gl_statv = NULL;
   1174 ]])],
   1175 	[
   1176 		AC_DEFINE([GLOB_HAS_GL_STATV], [1],
   1177 			[Define if your system glob() function has
   1178 			gl_statv options in glob_t])
   1179 		AC_MSG_RESULT([yes])
   1180 	], [
   1181 		AC_MSG_RESULT([no])
   1182 	
   1183 ])
   1184 
   1185 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>])
   1186 
   1187 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
   1188 AC_RUN_IFELSE(
   1189 	[AC_LANG_PROGRAM([[
   1190 #include <sys/types.h>
   1191 #include <dirent.h>]],
   1192 	[[
   1193 	struct dirent d;
   1194 	exit(sizeof(d.d_name)<=sizeof(char));
   1195 	]])],
   1196 	[AC_MSG_RESULT([yes])],
   1197 	[
   1198 		AC_MSG_RESULT([no])
   1199 		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1],
   1200 			[Define if your struct dirent expects you to
   1201 			allocate extra space for d_name])
   1202 	],
   1203 	[
   1204 		AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
   1205 		AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME])
   1206 	]
   1207 )
   1208 
   1209 AC_MSG_CHECKING([for /proc/pid/fd directory])
   1210 if test -d "/proc/$$/fd" ; then
   1211 	AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd])
   1212 	AC_MSG_RESULT([yes])
   1213 else
   1214 	AC_MSG_RESULT([no])
   1215 fi
   1216 
   1217 # Check whether user wants S/Key support
   1218 SKEY_MSG="no"
   1219 AC_ARG_WITH([skey],
   1220 	[  --with-skey[[=PATH]]      Enable S/Key support (optionally in PATH)],
   1221 	[
   1222 		if test "x$withval" != "xno" ; then
   1223 
   1224 			if test "x$withval" != "xyes" ; then
   1225 				CPPFLAGS="$CPPFLAGS -I${withval}/include"
   1226 				LDFLAGS="$LDFLAGS -L${withval}/lib"
   1227 			fi
   1228 
   1229 			AC_DEFINE([SKEY], [1], [Define if you want S/Key support])
   1230 			LIBS="-lskey $LIBS"
   1231 			SKEY_MSG="yes"
   1232 
   1233 			AC_MSG_CHECKING([for s/key support])
   1234 			AC_LINK_IFELSE(
   1235 				[AC_LANG_PROGRAM([[
   1236 #include <stdio.h>
   1237 #include <skey.h>
   1238 				]], [[
   1239 	char *ff = skey_keyinfo(""); ff="";
   1240 	exit(0);
   1241 				]])],
   1242 				[AC_MSG_RESULT([yes])],
   1243 				[
   1244 					AC_MSG_RESULT([no])
   1245 					AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
   1246 				])
   1247                  	AC_MSG_CHECKING([if skeychallenge takes 4 arguments])
   1248 			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   1249 #include <stdio.h>
   1250 #include <skey.h>
   1251 				]], [[
   1252 	(void)skeychallenge(NULL,"name","",0);
   1253 				]])],
   1254 			[
   1255 				AC_MSG_RESULT([yes])
   1256 				AC_DEFINE([SKEYCHALLENGE_4ARG], [1],
   1257 					[Define if your skeychallenge()
   1258 					function takes 4 arguments (NetBSD)])],
   1259 			[
   1260 				AC_MSG_RESULT([no])
   1261 			])
   1262 		fi
   1263 	]
   1264 )
   1265 
   1266 # Check whether user wants TCP wrappers support
   1267 TCPW_MSG="no"
   1268 AC_ARG_WITH([tcp-wrappers],
   1269 	[  --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
   1270 	[
   1271 		if test "x$withval" != "xno" ; then
   1272 			saved_LIBS="$LIBS"
   1273 			saved_LDFLAGS="$LDFLAGS"
   1274 			saved_CPPFLAGS="$CPPFLAGS"
   1275 			if test -n "${withval}" && \
   1276 			    test "x${withval}" != "xyes"; then
   1277 				if test -d "${withval}/lib"; then
   1278 					if test -n "${need_dash_r}"; then
   1279 						LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
   1280 					else
   1281 						LDFLAGS="-L${withval}/lib ${LDFLAGS}"
   1282 					fi
   1283 				else
   1284 					if test -n "${need_dash_r}"; then
   1285 						LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
   1286 					else
   1287 						LDFLAGS="-L${withval} ${LDFLAGS}"
   1288 					fi
   1289 				fi
   1290 				if test -d "${withval}/include"; then
   1291 					CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
   1292 				else
   1293 					CPPFLAGS="-I${withval} ${CPPFLAGS}"
   1294 				fi
   1295 			fi
   1296 			LIBS="-lwrap $LIBS"
   1297 			AC_MSG_CHECKING([for libwrap])
   1298 			AC_LINK_IFELSE([AC_LANG_PROGRAM([[
   1299 #include <sys/types.h>
   1300 #include <sys/socket.h>
   1301 #include <netinet/in.h>
   1302 #include <tcpd.h>
   1303 int deny_severity = 0, allow_severity = 0;
   1304 				]], [[
   1305 	hosts_access(0);
   1306 				]])], [
   1307 					AC_MSG_RESULT([yes])
   1308 					AC_DEFINE([LIBWRAP], [1],
   1309 						[Define if you want
   1310 						TCP Wrappers support])
   1311 					SSHDLIBS="$SSHDLIBS -lwrap"
   1312 					TCPW_MSG="yes"
   1313 				], [
   1314 					AC_MSG_ERROR([*** libwrap missing])
   1315 				
   1316 			])
   1317 			LIBS="$saved_LIBS"
   1318 		fi
   1319 	]
   1320 )
   1321 
   1322 # Check whether user wants libedit support
   1323 LIBEDIT_MSG="no"
   1324 AC_ARG_WITH([libedit],
   1325 	[  --with-libedit[[=PATH]]   Enable libedit support for sftp],
   1326 	[ if test "x$withval" != "xno" ; then
   1327 		if test "x$withval" = "xyes" ; then
   1328 			AC_PATH_PROG([PKGCONFIG], [pkg-config], [no])
   1329 			if test "x$PKGCONFIG" != "xno"; then
   1330 				AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
   1331 			 	if "$PKGCONFIG" libedit; then
   1332 					AC_MSG_RESULT([yes])
   1333 					use_pkgconfig_for_libedit=yes
   1334 				else
   1335 					AC_MSG_RESULT([no])
   1336 				fi
   1337 			fi
   1338 		else
   1339 			CPPFLAGS="$CPPFLAGS -I${withval}/include"
   1340 			if test -n "${need_dash_r}"; then
   1341 				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
   1342 			else
   1343 				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
   1344 			fi
   1345 		fi
   1346 		if test "x$use_pkgconfig_for_libedit" = "xyes"; then
   1347 			LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
   1348 			CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
   1349 		else
   1350 			LIBEDIT="-ledit -lcurses"
   1351 		fi
   1352 		OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
   1353 		AC_CHECK_LIB([edit], [el_init],
   1354 			[ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp])
   1355 			  LIBEDIT_MSG="yes"
   1356 			  AC_SUBST([LIBEDIT])
   1357 			],
   1358 			[ AC_MSG_ERROR([libedit not found]) ],
   1359 			[ $OTHERLIBS ]
   1360 		)
   1361 		AC_MSG_CHECKING([if libedit version is compatible])
   1362 		AC_COMPILE_IFELSE(
   1363 		    [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
   1364 		    [[
   1365 	int i = H_SETSIZE;
   1366 	el_init("", NULL, NULL, NULL);
   1367 	exit(0);
   1368 		    ]])],
   1369 		    [ AC_MSG_RESULT([yes]) ],
   1370 		    [ AC_MSG_RESULT([no])
   1371 		      AC_MSG_ERROR([libedit version is not compatible]) ]
   1372 		)
   1373 	fi ]
   1374 )
   1375 
   1376 AUDIT_MODULE=none
   1377 AC_ARG_WITH([audit],
   1378 	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux)],
   1379 	[
   1380 	  AC_MSG_CHECKING([for supported audit module])
   1381 	  case "$withval" in
   1382 	  bsm)
   1383 		AC_MSG_RESULT([bsm])
   1384 		AUDIT_MODULE=bsm
   1385 		dnl    Checks for headers, libs and functions
   1386 		AC_CHECK_HEADERS([bsm/audit.h], [],
   1387 		    [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])],
   1388 		    [
   1389 #ifdef HAVE_TIME_H
   1390 # include <time.h>
   1391 #endif
   1392 		    ]
   1393 )
   1394 		AC_CHECK_LIB([bsm], [getaudit], [],
   1395 		    [AC_MSG_ERROR([BSM enabled and required library not found])])
   1396 		AC_CHECK_FUNCS([getaudit], [],
   1397 		    [AC_MSG_ERROR([BSM enabled and required function not found])])
   1398 		# These are optional
   1399 		AC_CHECK_FUNCS([getaudit_addr aug_get_machine])
   1400 		AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module])
   1401 		;;
   1402 	  linux)
   1403 		AC_MSG_RESULT([linux])
   1404 		AUDIT_MODULE=linux
   1405 		dnl    Checks for headers, libs and functions
   1406 		AC_CHECK_HEADERS([libaudit.h])
   1407 		SSHDLIBS="$SSHDLIBS -laudit"
   1408 		AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
   1409 		;;
   1410 	  debug)
   1411 		AUDIT_MODULE=debug
   1412 		AC_MSG_RESULT([debug])
   1413 		AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module])
   1414 		;;
   1415 	  no)
   1416 		AC_MSG_RESULT([no])
   1417 		;;
   1418 	  *)
   1419 		AC_MSG_ERROR([Unknown audit module $withval])
   1420 		;;
   1421 	esac ]
   1422 )
   1423 
   1424 dnl    Checks for library functions. Please keep in alphabetical order
   1425 AC_CHECK_FUNCS([ \
   1426 	arc4random \
   1427 	arc4random_buf \
   1428 	arc4random_uniform \
   1429 	asprintf \
   1430 	b64_ntop \
   1431 	__b64_ntop \
   1432 	b64_pton \
   1433 	__b64_pton \
   1434 	bcopy \
   1435 	bindresvport_sa \
   1436 	clock \
   1437 	closefrom \
   1438 	dirfd \
   1439 	fchmod \
   1440 	fchown \
   1441 	freeaddrinfo \
   1442 	fstatvfs \
   1443 	futimes \
   1444 	getaddrinfo \
   1445 	getcwd \
   1446 	getgrouplist \
   1447 	getnameinfo \
   1448 	getopt \
   1449 	getpeereid \
   1450 	getpeerucred \
   1451 	_getpty \
   1452 	getrlimit \
   1453 	getttyent \
   1454 	glob \
   1455 	group_from_gid \
   1456 	inet_aton \
   1457 	inet_ntoa \
   1458 	inet_ntop \
   1459 	innetgr \
   1460 	login_getcapbool \
   1461 	md5_crypt \
   1462 	memmove \
   1463 	mkdtemp \
   1464 	mmap \
   1465 	ngetaddrinfo \
   1466 	nsleep \
   1467 	ogetaddrinfo \
   1468 	openlog_r \
   1469 	openpty \
   1470 	poll \
   1471 	prctl \
   1472 	pstat \
   1473 	readpassphrase \
   1474 	realpath \
   1475 	recvmsg \
   1476 	rresvport_af \
   1477 	sendmsg \
   1478 	setdtablesize \
   1479 	setegid \
   1480 	setenv \
   1481 	seteuid \
   1482 	setgroupent \
   1483 	setgroups \
   1484 	setlogin \
   1485 	setpassent\
   1486 	setpcred \
   1487 	setproctitle \
   1488 	setregid \
   1489 	setreuid \
   1490 	setrlimit \
   1491 	setsid \
   1492 	setvbuf \
   1493 	sigaction \
   1494 	sigvec \
   1495 	snprintf \
   1496 	socketpair \
   1497 	statfs \
   1498 	statvfs \
   1499 	strdup \
   1500 	strerror \
   1501 	strlcat \
   1502 	strlcpy \
   1503 	strmode \
   1504 	strnvis \
   1505 	strptime \
   1506 	strtonum \
   1507 	strtoll \
   1508 	strtoul \
   1509 	swap32 \
   1510 	sysconf \
   1511 	tcgetpgrp \
   1512 	timingsafe_bcmp \
   1513 	truncate \
   1514 	unsetenv \
   1515 	updwtmpx \
   1516 	user_from_uid \
   1517 	vasprintf \
   1518 	vhangup \
   1519 	vsnprintf \
   1520 	waitpid \
   1521 ])
   1522 
   1523 AC_LINK_IFELSE(
   1524         [AC_LANG_PROGRAM(
   1525            [[ #include <ctype.h> ]],
   1526            [[ return (isblank('a')); ]])],
   1527 	[AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).])
   1528 ])
   1529 
   1530 # PKCS#11 support requires dlopen() and co
   1531 AC_SEARCH_LIBS([dlopen], [dl],
   1532     [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])]
   1533 )
   1534 
   1535 # IRIX has a const char return value for gai_strerror()
   1536 AC_CHECK_FUNCS([gai_strerror], [
   1537 	AC_DEFINE([HAVE_GAI_STRERROR])
   1538 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   1539 #include <sys/types.h>
   1540 #include <sys/socket.h>
   1541 #include <netdb.h>
   1542 
   1543 const char *gai_strerror(int);
   1544 			]], [[
   1545 	char *str;
   1546 	str = gai_strerror(0);
   1547 			]])], [
   1548 		AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1],
   1549 		[Define if gai_strerror() returns const char *])], [])])
   1550 
   1551 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1],
   1552 	[Some systems put nanosleep outside of libc])])
   1553 
   1554 dnl Make sure prototypes are defined for these before using them.
   1555 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])])
   1556 AC_CHECK_DECL([strsep],
   1557 	[AC_CHECK_FUNCS([strsep])],
   1558 	[],
   1559 	[
   1560 #ifdef HAVE_STRING_H
   1561 # include <string.h>
   1562 #endif
   1563 	])
   1564 
   1565 dnl tcsendbreak might be a macro
   1566 AC_CHECK_DECL([tcsendbreak],
   1567 	[AC_DEFINE([HAVE_TCSENDBREAK])],
   1568 	[AC_CHECK_FUNCS([tcsendbreak])],
   1569 	[#include <termios.h>]
   1570 )
   1571 
   1572 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>])
   1573 
   1574 AC_CHECK_DECLS([SHUT_RD], , ,
   1575 	[
   1576 #include <sys/types.h>
   1577 #include <sys/socket.h>
   1578 	])
   1579 
   1580 AC_CHECK_DECLS([O_NONBLOCK], , ,
   1581 	[
   1582 #include <sys/types.h>
   1583 #ifdef HAVE_SYS_STAT_H
   1584 # include <sys/stat.h>
   1585 #endif
   1586 #ifdef HAVE_FCNTL_H
   1587 # include <fcntl.h>
   1588 #endif
   1589 	])
   1590 
   1591 AC_CHECK_DECLS([writev], , , [
   1592 #include <sys/types.h>
   1593 #include <sys/uio.h>
   1594 #include <unistd.h>
   1595 	])
   1596 
   1597 AC_CHECK_DECLS([MAXSYMLINKS], , , [
   1598 #include <sys/param.h>
   1599 	])
   1600 
   1601 AC_CHECK_DECLS([offsetof], , , [
   1602 #include <stddef.h>
   1603 	])
   1604 
   1605 AC_CHECK_FUNCS([setresuid], [
   1606 	dnl Some platorms have setresuid that isn't implemented, test for this
   1607 	AC_MSG_CHECKING([if setresuid seems to work])
   1608 	AC_RUN_IFELSE(
   1609 		[AC_LANG_PROGRAM([[
   1610 #include <stdlib.h>
   1611 #include <errno.h>
   1612 		]], [[
   1613 	errno=0;
   1614 	setresuid(0,0,0);
   1615 	if (errno==ENOSYS)
   1616 		exit(1);
   1617 	else
   1618 		exit(0);
   1619 		]])],
   1620 		[AC_MSG_RESULT([yes])],
   1621 		[AC_DEFINE([BROKEN_SETRESUID], [1],
   1622 			[Define if your setresuid() is broken])
   1623 		 AC_MSG_RESULT([not implemented])],
   1624 		[AC_MSG_WARN([cross compiling: not checking setresuid])]
   1625 	)
   1626 ])
   1627 
   1628 AC_CHECK_FUNCS([setresgid], [
   1629 	dnl Some platorms have setresgid that isn't implemented, test for this
   1630 	AC_MSG_CHECKING([if setresgid seems to work])
   1631 	AC_RUN_IFELSE(
   1632 		[AC_LANG_PROGRAM([[
   1633 #include <stdlib.h>
   1634 #include <errno.h>
   1635 		]], [[
   1636 	errno=0;
   1637 	setresgid(0,0,0);
   1638 	if (errno==ENOSYS)
   1639 		exit(1);
   1640 	else
   1641 		exit(0);
   1642 		]])],
   1643 		[AC_MSG_RESULT([yes])],
   1644 		[AC_DEFINE([BROKEN_SETRESGID], [1],
   1645 			[Define if your setresgid() is broken])
   1646 		 AC_MSG_RESULT([not implemented])],
   1647 		[AC_MSG_WARN([cross compiling: not checking setresuid])]
   1648 	)
   1649 ])
   1650 
   1651 dnl    Checks for time functions
   1652 AC_CHECK_FUNCS([gettimeofday time])
   1653 dnl    Checks for utmp functions
   1654 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
   1655 AC_CHECK_FUNCS([utmpname])
   1656 dnl    Checks for utmpx functions
   1657 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline])
   1658 AC_CHECK_FUNCS([setutxdb setutxent utmpxname])
   1659 dnl    Checks for lastlog functions
   1660 AC_CHECK_FUNCS([getlastlogxbyname])
   1661 
   1662 AC_CHECK_FUNC([daemon],
   1663 	[AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])],
   1664 	[AC_CHECK_LIB([bsd], [daemon],
   1665 		[LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])]
   1666 )
   1667 
   1668 AC_CHECK_FUNC([getpagesize],
   1669 	[AC_DEFINE([HAVE_GETPAGESIZE], [1],
   1670 		[Define if your libraries define getpagesize()])],
   1671 	[AC_CHECK_LIB([ucb], [getpagesize],
   1672 		[LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])]
   1673 )
   1674 
   1675 # Check for broken snprintf
   1676 if test "x$ac_cv_func_snprintf" = "xyes" ; then
   1677 	AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
   1678 	AC_RUN_IFELSE(
   1679 		[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
   1680 		[[
   1681 	char b[5];
   1682 	snprintf(b,5,"123456789");
   1683 	exit(b[4]!='\0'); 
   1684 		]])],
   1685 		[AC_MSG_RESULT([yes])],
   1686 		[
   1687 			AC_MSG_RESULT([no])
   1688 			AC_DEFINE([BROKEN_SNPRINTF], [1],
   1689 				[Define if your snprintf is busted])
   1690 			AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
   1691 		],
   1692 		[ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
   1693 	)
   1694 fi
   1695 
   1696 # If we don't have a working asprintf, then we strongly depend on vsnprintf
   1697 # returning the right thing on overflow: the number of characters it tried to
   1698 # create (as per SUSv3)
   1699 if test "x$ac_cv_func_asprintf" != "xyes" && \
   1700    test "x$ac_cv_func_vsnprintf" = "xyes" ; then
   1701 	AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
   1702 	AC_RUN_IFELSE(
   1703 		[AC_LANG_PROGRAM([[
   1704 #include <sys/types.h>
   1705 #include <stdio.h>
   1706 #include <stdarg.h>
   1707 
   1708 int x_snprintf(char *str,size_t count,const char *fmt,...)
   1709 {
   1710 	size_t ret; va_list ap;
   1711 	va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
   1712 	return ret;
   1713 }
   1714 		]], [[
   1715 	char x[1];
   1716 	exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
   1717 		]])],
   1718 		[AC_MSG_RESULT([yes])],
   1719 		[
   1720 			AC_MSG_RESULT([no])
   1721 			AC_DEFINE([BROKEN_SNPRINTF], [1],
   1722 				[Define if your snprintf is busted])
   1723 			AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
   1724 		],
   1725 		[ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
   1726 	)
   1727 fi
   1728 
   1729 # On systems where [v]snprintf is broken, but is declared in stdio,
   1730 # check that the fmt argument is const char * or just char *.
   1731 # This is only useful for when BROKEN_SNPRINTF
   1732 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
   1733 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   1734 #include <stdio.h>
   1735 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
   1736 		]], [[
   1737 	snprintf(0, 0, 0);
   1738 		]])],
   1739    [AC_MSG_RESULT([yes])
   1740     AC_DEFINE([SNPRINTF_CONST], [const],
   1741               [Define as const if snprintf() can declare const char *fmt])],
   1742    [AC_MSG_RESULT([no])
   1743     AC_DEFINE([SNPRINTF_CONST], [/* not const */])])
   1744 
   1745 # Check for missing getpeereid (or equiv) support
   1746 NO_PEERCHECK=""
   1747 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
   1748 	AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
   1749 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   1750 #include <sys/types.h>
   1751 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])],
   1752 		[ AC_MSG_RESULT([yes])
   1753 		  AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option])
   1754 		], [AC_MSG_RESULT([no])
   1755 		NO_PEERCHECK=1
   1756         ])
   1757 fi
   1758 
   1759 dnl see whether mkstemp() requires XXXXXX
   1760 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
   1761 AC_MSG_CHECKING([for (overly) strict mkstemp])
   1762 AC_RUN_IFELSE(
   1763 	[AC_LANG_PROGRAM([[
   1764 #include <stdlib.h>
   1765 	]], [[
   1766 	char template[]="conftest.mkstemp-test";
   1767 	if (mkstemp(template) == -1)
   1768 		exit(1);
   1769 	unlink(template);
   1770 	exit(0);
   1771 	]])],
   1772 	[
   1773 		AC_MSG_RESULT([no])
   1774 	],
   1775 	[
   1776 		AC_MSG_RESULT([yes])
   1777 		AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
   1778 	],
   1779 	[
   1780 		AC_MSG_RESULT([yes])
   1781 		AC_DEFINE([HAVE_STRICT_MKSTEMP])
   1782 	]
   1783 )
   1784 fi
   1785 
   1786 dnl make sure that openpty does not reacquire controlling terminal
   1787 if test ! -z "$check_for_openpty_ctty_bug"; then
   1788 	AC_MSG_CHECKING([if openpty correctly handles controlling tty])
   1789 	AC_RUN_IFELSE(
   1790 		[AC_LANG_PROGRAM([[
   1791 #include <stdio.h>
   1792 #include <sys/fcntl.h>
   1793 #include <sys/types.h>
   1794 #include <sys/wait.h>
   1795 		]], [[
   1796 	pid_t pid;
   1797 	int fd, ptyfd, ttyfd, status;
   1798 
   1799 	pid = fork();
   1800 	if (pid < 0) {		/* failed */
   1801 		exit(1);
   1802 	} else if (pid > 0) {	/* parent */
   1803 		waitpid(pid, &status, 0);
   1804 		if (WIFEXITED(status))
   1805 			exit(WEXITSTATUS(status));
   1806 		else
   1807 			exit(2);
   1808 	} else {		/* child */
   1809 		close(0); close(1); close(2);
   1810 		setsid();
   1811 		openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
   1812 		fd = open("/dev/tty", O_RDWR | O_NOCTTY);
   1813 		if (fd >= 0)
   1814 			exit(3);	/* Acquired ctty: broken */
   1815 		else
   1816 			exit(0);	/* Did not acquire ctty: OK */
   1817 	}
   1818 		]])],
   1819 		[
   1820 			AC_MSG_RESULT([yes])
   1821 		],
   1822 		[
   1823 			AC_MSG_RESULT([no])
   1824 			AC_DEFINE([SSHD_ACQUIRES_CTTY])
   1825 		],
   1826 		[
   1827 			AC_MSG_RESULT([cross-compiling, assuming yes])
   1828 		]
   1829 	)
   1830 fi
   1831 
   1832 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
   1833     test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
   1834 	AC_MSG_CHECKING([if getaddrinfo seems to work])
   1835 	AC_RUN_IFELSE(
   1836 		[AC_LANG_PROGRAM([[
   1837 #include <stdio.h>
   1838 #include <sys/socket.h>
   1839 #include <netdb.h>
   1840 #include <errno.h>
   1841 #include <netinet/in.h>
   1842 
   1843 #define TEST_PORT "2222"
   1844 		]], [[
   1845 	int err, sock;
   1846 	struct addrinfo *gai_ai, *ai, hints;
   1847 	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
   1848 
   1849 	memset(&hints, 0, sizeof(hints));
   1850 	hints.ai_family = PF_UNSPEC;
   1851 	hints.ai_socktype = SOCK_STREAM;
   1852 	hints.ai_flags = AI_PASSIVE;
   1853 
   1854 	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
   1855 	if (err != 0) {
   1856 		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
   1857 		exit(1);
   1858 	}
   1859 
   1860 	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
   1861 		if (ai->ai_family != AF_INET6)
   1862 			continue;
   1863 
   1864 		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
   1865 		    sizeof(ntop), strport, sizeof(strport),
   1866 		    NI_NUMERICHOST|NI_NUMERICSERV);
   1867 
   1868 		if (err != 0) {
   1869 			if (err == EAI_SYSTEM)
   1870 				perror("getnameinfo EAI_SYSTEM");
   1871 			else
   1872 				fprintf(stderr, "getnameinfo failed: %s\n",
   1873 				    gai_strerror(err));
   1874 			exit(2);
   1875 		}
   1876 
   1877 		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
   1878 		if (sock < 0)
   1879 			perror("socket");
   1880 		if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
   1881 			if (errno == EBADF)
   1882 				exit(3);
   1883 		}
   1884 	}
   1885 	exit(0);
   1886 		]])],
   1887 		[
   1888 			AC_MSG_RESULT([yes])
   1889 		],
   1890 		[
   1891 			AC_MSG_RESULT([no])
   1892 			AC_DEFINE([BROKEN_GETADDRINFO])
   1893 		],
   1894 		[
   1895 			AC_MSG_RESULT([cross-compiling, assuming yes])
   1896 		]
   1897 	)
   1898 fi
   1899 
   1900 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
   1901     test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
   1902 	AC_MSG_CHECKING([if getaddrinfo seems to work])
   1903 	AC_RUN_IFELSE(
   1904 		[AC_LANG_PROGRAM([[
   1905 #include <stdio.h>
   1906 #include <sys/socket.h>
   1907 #include <netdb.h>
   1908 #include <errno.h>
   1909 #include <netinet/in.h>
   1910 
   1911 #define TEST_PORT "2222"
   1912 		]], [[
   1913 	int err, sock;
   1914 	struct addrinfo *gai_ai, *ai, hints;
   1915 	char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
   1916 
   1917 	memset(&hints, 0, sizeof(hints));
   1918 	hints.ai_family = PF_UNSPEC;
   1919 	hints.ai_socktype = SOCK_STREAM;
   1920 	hints.ai_flags = AI_PASSIVE;
   1921 
   1922 	err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
   1923 	if (err != 0) {
   1924 		fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
   1925 		exit(1);
   1926 	}
   1927 
   1928 	for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
   1929 		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
   1930 			continue;
   1931 
   1932 		err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
   1933 		    sizeof(ntop), strport, sizeof(strport),
   1934 		    NI_NUMERICHOST|NI_NUMERICSERV);
   1935 
   1936 		if (ai->ai_family == AF_INET && err != 0) {
   1937 			perror("getnameinfo");
   1938 			exit(2);
   1939 		}
   1940 	}
   1941 	exit(0);
   1942 		]])],
   1943 		[
   1944 			AC_MSG_RESULT([yes])
   1945 			AC_DEFINE([AIX_GETNAMEINFO_HACK], [1],
   1946 				[Define if you have a getaddrinfo that fails
   1947 				for the all-zeros IPv6 address])
   1948 		],
   1949 		[
   1950 			AC_MSG_RESULT([no])
   1951 			AC_DEFINE([BROKEN_GETADDRINFO])
   1952 		],
   1953 		[
   1954 			AC_MSG_RESULT([cross-compiling, assuming no])
   1955 		]
   1956 	)
   1957 fi
   1958 
   1959 if test "x$check_for_conflicting_getspnam" = "x1"; then
   1960 	AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
   1961 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
   1962 		[[ exit(0); ]])],
   1963 		[
   1964 			AC_MSG_RESULT([no])
   1965 		],
   1966 		[
   1967 			AC_MSG_RESULT([yes])
   1968 			AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1],
   1969 			    [Conflicting defs for getspnam])
   1970 		]
   1971 	)
   1972 fi
   1973 
   1974 AC_FUNC_GETPGRP
   1975 
   1976 # Search for OpenSSL
   1977 saved_CPPFLAGS="$CPPFLAGS"
   1978 saved_LDFLAGS="$LDFLAGS"
   1979 AC_ARG_WITH([ssl-dir],
   1980 	[  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
   1981 	[
   1982 		if test "x$withval" != "xno" ; then
   1983 			case "$withval" in
   1984 				# Relative paths
   1985 				./*|../*)	withval="`pwd`/$withval"
   1986 			esac
   1987 			if test -d "$withval/lib"; then
   1988 				if test -n "${need_dash_r}"; then
   1989 					LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
   1990 				else
   1991 					LDFLAGS="-L${withval}/lib ${LDFLAGS}"
   1992 				fi
   1993 			elif test -d "$withval/lib64"; then
   1994 				if test -n "${need_dash_r}"; then
   1995 					LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
   1996 				else
   1997 					LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
   1998 				fi
   1999 			else
   2000 				if test -n "${need_dash_r}"; then
   2001 					LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
   2002 				else
   2003 					LDFLAGS="-L${withval} ${LDFLAGS}"
   2004 				fi
   2005 			fi
   2006 			if test -d "$withval/include"; then
   2007 				CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
   2008 			else
   2009 				CPPFLAGS="-I${withval} ${CPPFLAGS}"
   2010 			fi
   2011 		fi
   2012 	]
   2013 )
   2014 LIBS="-lcrypto $LIBS"
   2015 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
   2016 	[Define if your ssl headers are included
   2017 	with #include <openssl/header.h>])],
   2018 	[
   2019 		dnl Check default openssl install dir
   2020 		if test -n "${need_dash_r}"; then
   2021 			LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
   2022 		else
   2023 			LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
   2024 		fi
   2025 		CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
   2026 		AC_CHECK_HEADER([openssl/opensslv.h], ,
   2027 		    [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
   2028 		AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
   2029 			[
   2030 				AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
   2031 			]
   2032 		)
   2033 	]
   2034 )
   2035 
   2036 # Determine OpenSSL header version
   2037 AC_MSG_CHECKING([OpenSSL header version])
   2038 AC_RUN_IFELSE(
   2039 	[AC_LANG_PROGRAM([[
   2040 #include <stdio.h>
   2041 #include <string.h>
   2042 #include <openssl/opensslv.h>
   2043 #define DATA "conftest.sslincver"
   2044 	]], [[
   2045 	FILE *fd;
   2046 	int rc;
   2047 
   2048 	fd = fopen(DATA,"w");
   2049 	if(fd == NULL)
   2050 		exit(1);
   2051 
   2052 	if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
   2053 		exit(1);
   2054 
   2055 	exit(0);
   2056 	]])],
   2057 	[
   2058 		ssl_header_ver=`cat conftest.sslincver`
   2059 		AC_MSG_RESULT([$ssl_header_ver])
   2060 	],
   2061 	[
   2062 		AC_MSG_RESULT([not found])
   2063 		AC_MSG_ERROR([OpenSSL version header not found.])
   2064 	],
   2065 	[
   2066 		AC_MSG_WARN([cross compiling: not checking])
   2067 	]
   2068 )
   2069 
   2070 # Determine OpenSSL library version
   2071 AC_MSG_CHECKING([OpenSSL library version])
   2072 AC_RUN_IFELSE(
   2073 	[AC_LANG_PROGRAM([[
   2074 #include <stdio.h>
   2075 #include <string.h>
   2076 #include <openssl/opensslv.h>
   2077 #include <openssl/crypto.h>
   2078 #define DATA "conftest.ssllibver"
   2079 	]], [[
   2080 	FILE *fd;
   2081 	int rc;
   2082 
   2083 	fd = fopen(DATA,"w");
   2084 	if(fd == NULL)
   2085 		exit(1);
   2086 
   2087 	if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
   2088 		exit(1);
   2089 
   2090 	exit(0);
   2091 	]])],
   2092 	[
   2093 		ssl_library_ver=`cat conftest.ssllibver`
   2094 		AC_MSG_RESULT([$ssl_library_ver])
   2095 	],
   2096 	[
   2097 		AC_MSG_RESULT([not found])
   2098 		AC_MSG_ERROR([OpenSSL library not found.])
   2099 	],
   2100 	[
   2101 		AC_MSG_WARN([cross compiling: not checking])
   2102 	]
   2103 )
   2104 
   2105 AC_ARG_WITH([openssl-header-check],
   2106 	[  --without-openssl-header-check Disable OpenSSL version consistency check],
   2107 	[  if test "x$withval" = "xno" ; then
   2108 		openssl_check_nonfatal=1
   2109 	   fi
   2110 	]
   2111 )
   2112 
   2113 # Sanity check OpenSSL headers
   2114 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
   2115 AC_RUN_IFELSE(
   2116 	[AC_LANG_PROGRAM([[
   2117 #include <string.h>
   2118 #include <openssl/opensslv.h>
   2119 	]], [[
   2120 	exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
   2121 	]])],
   2122 	[
   2123 		AC_MSG_RESULT([yes])
   2124 	],
   2125 	[
   2126 		AC_MSG_RESULT([no])
   2127 		if test "x$openssl_check_nonfatal" = "x"; then
   2128 			AC_MSG_ERROR([Your OpenSSL headers do not match your
   2129 library. Check config.log for details.
   2130 If you are sure your installation is consistent, you can disable the check
   2131 by running "./configure --without-openssl-header-check".
   2132 Also see contrib/findssl.sh for help identifying header/library mismatches.
   2133 ])
   2134 		else
   2135 			AC_MSG_WARN([Your OpenSSL headers do not match your
   2136 library. Check config.log for details.
   2137 Also see contrib/findssl.sh for help identifying header/library mismatches.])
   2138 		fi
   2139 	],
   2140 	[
   2141 		AC_MSG_WARN([cross compiling: not checking])
   2142 	]
   2143 )
   2144 
   2145 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
   2146 AC_LINK_IFELSE(
   2147 	[AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
   2148 	[[ SSLeay_add_all_algorithms(); ]])],
   2149 	[
   2150 		AC_MSG_RESULT([yes])
   2151 	],
   2152 	[
   2153 		AC_MSG_RESULT([no])
   2154 		saved_LIBS="$LIBS"
   2155 		LIBS="$LIBS -ldl"
   2156 		AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
   2157 		AC_LINK_IFELSE(
   2158 			[AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
   2159 			[[ SSLeay_add_all_algorithms(); ]])],
   2160 			[
   2161 				AC_MSG_RESULT([yes])
   2162 			],
   2163 			[
   2164 				AC_MSG_RESULT([no])
   2165 				LIBS="$saved_LIBS"
   2166 			]
   2167 		)
   2168 	]
   2169 )
   2170 
   2171 AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method])
   2172 
   2173 AC_ARG_WITH([ssl-engine],
   2174 	[  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
   2175 	[ if test "x$withval" != "xno" ; then
   2176 		AC_MSG_CHECKING([for OpenSSL ENGINE support])
   2177 		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   2178 #include <openssl/engine.h>
   2179 			]], [[
   2180 	ENGINE_load_builtin_engines();
   2181 	ENGINE_register_all_complete();
   2182 			]])],
   2183 			[ AC_MSG_RESULT([yes])
   2184 			  AC_DEFINE([USE_OPENSSL_ENGINE], [1],
   2185 			     [Enable OpenSSL engine support])
   2186 			], [ AC_MSG_ERROR([OpenSSL ENGINE support not found])
   2187 		])
   2188 	  fi ]
   2189 )
   2190 
   2191 # Check for OpenSSL without EVP_aes_{192,256}_cbc
   2192 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
   2193 AC_LINK_IFELSE(
   2194 	[AC_LANG_PROGRAM([[
   2195 #include <string.h>
   2196 #include <openssl/evp.h>
   2197 	]], [[
   2198 	exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);
   2199 	]])],
   2200 	[
   2201 		AC_MSG_RESULT([no])
   2202 	],
   2203 	[
   2204 		AC_MSG_RESULT([yes])
   2205 		AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1],
   2206 		    [libcrypto is missing AES 192 and 256 bit functions])
   2207 	]
   2208 )
   2209 
   2210 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
   2211 AC_LINK_IFELSE(
   2212 	[AC_LANG_PROGRAM([[
   2213 #include <string.h>
   2214 #include <openssl/evp.h>
   2215 	]], [[
   2216 	if(EVP_DigestUpdate(NULL, NULL,0))
   2217 		exit(0);
   2218 	]])],
   2219 	[
   2220 		AC_MSG_RESULT([yes])
   2221 	],
   2222 	[
   2223 		AC_MSG_RESULT([no])
   2224 		AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1],
   2225 		    [Define if EVP_DigestUpdate returns void])
   2226 	]
   2227 )
   2228 
   2229 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
   2230 # because the system crypt() is more featureful.
   2231 if test "x$check_for_libcrypt_before" = "x1"; then
   2232 	AC_CHECK_LIB([crypt], [crypt])
   2233 fi
   2234 
   2235 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
   2236 # version in OpenSSL.
   2237 if test "x$check_for_libcrypt_later" = "x1"; then
   2238 	AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
   2239 fi
   2240 
   2241 # Search for SHA256 support in libc and/or OpenSSL
   2242 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], [TEST_SSH_SHA256=yes],
   2243     [TEST_SSH_SHA256=no])
   2244 AC_SUBST([TEST_SSH_SHA256])
   2245 
   2246 # Check complete ECC support in OpenSSL
   2247 AC_MSG_CHECKING([whether OpenSSL has complete ECC support])
   2248 AC_LINK_IFELSE(
   2249 	[AC_LANG_PROGRAM([[
   2250 #include <openssl/ec.h>
   2251 #include <openssl/ecdh.h>
   2252 #include <openssl/ecdsa.h>
   2253 #include <openssl/evp.h>
   2254 #include <openssl/objects.h>
   2255 #include <openssl/opensslv.h>
   2256 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */
   2257 # error "OpenSSL < 0.9.8g has unreliable ECC code"
   2258 #endif
   2259 	]], [[
   2260 	EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1);
   2261 	const EVP_MD *m = EVP_sha512(); /* We need this too */
   2262 	]])],
   2263 	[
   2264 		AC_MSG_RESULT([yes])
   2265 		AC_DEFINE([OPENSSL_HAS_ECC], [1],
   2266 		    [libcrypto includes complete ECC support])
   2267 		TEST_SSH_ECC=yes
   2268 		COMMENT_OUT_ECC=""
   2269 	],
   2270 	[
   2271 		AC_MSG_RESULT([no])
   2272 		TEST_SSH_ECC=no
   2273 		COMMENT_OUT_ECC="#no ecc#"
   2274 	]
   2275 )
   2276 AC_SUBST([TEST_SSH_ECC])
   2277 AC_SUBST([COMMENT_OUT_ECC])
   2278 
   2279 saved_LIBS="$LIBS"
   2280 AC_CHECK_LIB([iaf], [ia_openinfo], [
   2281 	LIBS="$LIBS -liaf"
   2282 	AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf"
   2283 				AC_DEFINE([HAVE_LIBIAF], [1],
   2284         		[Define if system has libiaf that supports set_id])
   2285 				])
   2286 ])
   2287 LIBS="$saved_LIBS"
   2288 
   2289 ### Configure cryptographic random number support
   2290 
   2291 # Check wheter OpenSSL seeds itself
   2292 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
   2293 AC_RUN_IFELSE(
   2294 	[AC_LANG_PROGRAM([[
   2295 #include <string.h>
   2296 #include <openssl/rand.h>
   2297 	]], [[
   2298 	exit(RAND_status() == 1 ? 0 : 1);
   2299 	]])],
   2300 	[
   2301 		OPENSSL_SEEDS_ITSELF=yes
   2302 		AC_MSG_RESULT([yes])
   2303 	],
   2304 	[
   2305 		AC_MSG_RESULT([no])
   2306 	],
   2307 	[
   2308 		AC_MSG_WARN([cross compiling: assuming yes])
   2309 		# This is safe, since we will fatal() at runtime if
   2310 		# OpenSSL is not seeded correctly.
   2311 		OPENSSL_SEEDS_ITSELF=yes
   2312 	]
   2313 )
   2314 
   2315 # PRNGD TCP socket
   2316 AC_ARG_WITH([prngd-port],
   2317 	[  --with-prngd-port=PORT  read entropy from PRNGD/EGD TCP localhost:PORT],
   2318 	[
   2319 		case "$withval" in
   2320 		no)
   2321 			withval=""
   2322 			;;
   2323 		[[0-9]]*)
   2324 			;;
   2325 		*)
   2326 			AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port])
   2327 			;;
   2328 		esac
   2329 		if test ! -z "$withval" ; then
   2330 			PRNGD_PORT="$withval"
   2331 			AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT],
   2332 				[Port number of PRNGD/EGD random number socket])
   2333 		fi
   2334 	]
   2335 )
   2336 
   2337 # PRNGD Unix domain socket
   2338 AC_ARG_WITH([prngd-socket],
   2339 	[  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
   2340 	[
   2341 		case "$withval" in
   2342 		yes)
   2343 			withval="/var/run/egd-pool"
   2344 			;;
   2345 		no)
   2346 			withval=""
   2347 			;;
   2348 		/*)
   2349 			;;
   2350 		*)
   2351 			AC_MSG_ERROR([You must specify an absolute path to the entropy socket])
   2352 			;;
   2353 		esac
   2354 
   2355 		if test ! -z "$withval" ; then
   2356 			if test ! -z "$PRNGD_PORT" ; then
   2357 				AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket])
   2358 			fi
   2359 			if test ! -r "$withval" ; then
   2360 				AC_MSG_WARN([Entropy socket is not readable])
   2361 			fi
   2362 			PRNGD_SOCKET="$withval"
   2363 			AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"],
   2364 				[Location of PRNGD/EGD random number socket])
   2365 		fi
   2366 	],
   2367 	[
   2368 		# Check for existing socket only if we don't have a random device already
   2369 		if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then
   2370 			AC_MSG_CHECKING([for PRNGD/EGD socket])
   2371 			# Insert other locations here
   2372 			for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
   2373 				if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
   2374 					PRNGD_SOCKET="$sock"
   2375 					AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"])
   2376 					break;
   2377 				fi
   2378 			done
   2379 			if test ! -z "$PRNGD_SOCKET" ; then
   2380 				AC_MSG_RESULT([$PRNGD_SOCKET])
   2381 			else
   2382 				AC_MSG_RESULT([not found])
   2383 			fi
   2384 		fi
   2385 	]
   2386 )
   2387 
   2388 # Which randomness source do we use?
   2389 if test ! -z "$PRNGD_PORT" ; then
   2390 	RAND_MSG="PRNGd port $PRNGD_PORT"
   2391 elif test ! -z "$PRNGD_SOCKET" ; then
   2392 	RAND_MSG="PRNGd socket $PRNGD_SOCKET"
   2393 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then
   2394 	AC_DEFINE([OPENSSL_PRNG_ONLY], [1],
   2395 		[Define if you want OpenSSL's internally seeded PRNG only])
   2396 	RAND_MSG="OpenSSL internal ONLY"
   2397 else
   2398 	AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options])
   2399 fi
   2400 
   2401 # Check for PAM libs
   2402 PAM_MSG="no"
   2403 AC_ARG_WITH([pam],
   2404 	[  --with-pam              Enable PAM support ],
   2405 	[
   2406 		if test "x$withval" != "xno" ; then
   2407 			if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
   2408 			   test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
   2409 				AC_MSG_ERROR([PAM headers not found])
   2410 			fi
   2411 
   2412 			saved_LIBS="$LIBS"
   2413 			AC_CHECK_LIB([dl], [dlopen], , )
   2414 			AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])])
   2415 			AC_CHECK_FUNCS([pam_getenvlist])
   2416 			AC_CHECK_FUNCS([pam_putenv])
   2417 			LIBS="$saved_LIBS"
   2418 
   2419 			PAM_MSG="yes"
   2420 
   2421 			SSHDLIBS="$SSHDLIBS -lpam"
   2422 			AC_DEFINE([USE_PAM], [1],
   2423 				[Define if you want to enable PAM support])
   2424 
   2425 			if test $ac_cv_lib_dl_dlopen = yes; then
   2426 				case "$LIBS" in
   2427 				*-ldl*)
   2428 					# libdl already in LIBS
   2429 					;;
   2430 				*)
   2431 					SSHDLIBS="$SSHDLIBS -ldl"
   2432 					;;
   2433 				esac
   2434 			fi
   2435 		fi
   2436 	]
   2437 )
   2438 
   2439 # Check for older PAM
   2440 if test "x$PAM_MSG" = "xyes" ; then
   2441 	# Check PAM strerror arguments (old PAM)
   2442 	AC_MSG_CHECKING([whether pam_strerror takes only one argument])
   2443 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   2444 #include <stdlib.h>
   2445 #if defined(HAVE_SECURITY_PAM_APPL_H)
   2446 #include <security/pam_appl.h>
   2447 #elif defined (HAVE_PAM_PAM_APPL_H)
   2448 #include <pam/pam_appl.h>
   2449 #endif
   2450 		]], [[
   2451 (void)pam_strerror((pam_handle_t *)NULL, -1);
   2452 		]])], [AC_MSG_RESULT([no])], [
   2453 			AC_DEFINE([HAVE_OLD_PAM], [1],
   2454 				[Define if you have an old version of PAM
   2455 				which takes only one argument to pam_strerror])
   2456 			AC_MSG_RESULT([yes])
   2457 			PAM_MSG="yes (old library)"
   2458 		
   2459 	])
   2460 fi
   2461 
   2462 SSH_PRIVSEP_USER=sshd
   2463 AC_ARG_WITH([privsep-user],
   2464 	[  --with-privsep-user=user Specify non-privileged user for privilege separation],
   2465 	[
   2466 		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
   2467 		    test "x${withval}" != "xyes"; then
   2468 			SSH_PRIVSEP_USER=$withval
   2469 		fi
   2470 	]
   2471 )
   2472 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"],
   2473 	[non-privileged user for privilege separation])
   2474 AC_SUBST([SSH_PRIVSEP_USER])
   2475 
   2476 # Decide which sandbox style to use
   2477 sandbox_arg=""
   2478 AC_ARG_WITH([sandbox],
   2479 	[  --with-sandbox=style    Specify privilege separation sandbox (no, darwin, rlimit, systrace)],
   2480 	[
   2481 		if test "x$withval" = "xyes" ; then
   2482 			sandbox_arg=""
   2483 		else
   2484 			sandbox_arg="$withval"
   2485 		fi
   2486 	]
   2487 )
   2488 if test "x$sandbox_arg" = "xsystrace" || \
   2489    ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
   2490 	test "x$have_systr_policy_kill" != "x1" && \
   2491 		AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
   2492 	SANDBOX_STYLE="systrace"
   2493 	AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
   2494 elif test "x$sandbox_arg" = "xdarwin" || \
   2495      ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
   2496        test "x$ac_cv_header_sandbox_h" = "xyes") ; then
   2497 	test "x$ac_cv_func_sandbox_init" != "xyes" -o \
   2498 	     "x$ac_cv_header_sandbox_h" != "xyes" && \
   2499 		AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
   2500 	SANDBOX_STYLE="darwin"
   2501 	AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
   2502 elif test "x$sandbox_arg" = "xrlimit" || \
   2503      ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
   2504 	test "x$ac_cv_func_setrlimit" != "xyes" && \
   2505 		AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
   2506 	SANDBOX_STYLE="rlimit"
   2507 	AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
   2508 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
   2509      test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
   2510 	SANDBOX_STYLE="none"
   2511 	AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
   2512 else
   2513 	AC_MSG_ERROR([unsupported --with-sandbox])
   2514 fi
   2515 
   2516 # Cheap hack to ensure NEWS-OS libraries are arranged right.
   2517 if test ! -z "$SONY" ; then
   2518   LIBS="$LIBS -liberty";
   2519 fi
   2520 
   2521 # Check for  long long datatypes
   2522 AC_CHECK_TYPES([long long, unsigned long long, long double])
   2523 
   2524 # Check datatype sizes
   2525 AC_CHECK_SIZEOF([char], [1])
   2526 AC_CHECK_SIZEOF([short int], [2])
   2527 AC_CHECK_SIZEOF([int], [4])
   2528 AC_CHECK_SIZEOF([long int], [4])
   2529 AC_CHECK_SIZEOF([long long int], [8])
   2530 
   2531 # Sanity check long long for some platforms (AIX)
   2532 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
   2533 	ac_cv_sizeof_long_long_int=0
   2534 fi
   2535 
   2536 # compute LLONG_MIN and LLONG_MAX if we don't know them.
   2537 if test -z "$have_llong_max"; then
   2538 	AC_MSG_CHECKING([for max value of long long])
   2539 	AC_RUN_IFELSE(
   2540 		[AC_LANG_PROGRAM([[
   2541 #include <stdio.h>
   2542 /* Why is this so damn hard? */
   2543 #ifdef __GNUC__
   2544 # undef __GNUC__
   2545 #endif
   2546 #define __USE_ISOC99
   2547 #include <limits.h>
   2548 #define DATA "conftest.llminmax"
   2549 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
   2550 
   2551 /*
   2552  * printf in libc on some platforms (eg old Tru64) does not understand %lld so
   2553  * we do this the hard way.
   2554  */
   2555 static int
   2556 fprint_ll(FILE *f, long long n)
   2557 {
   2558 	unsigned int i;
   2559 	int l[sizeof(long long) * 8];
   2560 
   2561 	if (n < 0)
   2562 		if (fprintf(f, "-") < 0)
   2563 			return -1;
   2564 	for (i = 0; n != 0; i++) {
   2565 		l[i] = my_abs(n % 10);
   2566 		n /= 10;
   2567 	}
   2568 	do {
   2569 		if (fprintf(f, "%d", l[--i]) < 0)
   2570 			return -1;
   2571 	} while (i != 0);
   2572 	if (fprintf(f, " ") < 0)
   2573 		return -1;
   2574 	return 0;
   2575 }
   2576 		]], [[
   2577 	FILE *f;
   2578 	long long i, llmin, llmax = 0;
   2579 
   2580 	if((f = fopen(DATA,"w")) == NULL)
   2581 		exit(1);
   2582 
   2583 #if defined(LLONG_MIN) && defined(LLONG_MAX)
   2584 	fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
   2585 	llmin = LLONG_MIN;
   2586 	llmax = LLONG_MAX;
   2587 #else
   2588 	fprintf(stderr, "Calculating  LLONG_MIN and LLONG_MAX\n");
   2589 	/* This will work on one's complement and two's complement */
   2590 	for (i = 1; i > llmax; i <<= 1, i++)
   2591 		llmax = i;
   2592 	llmin = llmax + 1LL;	/* wrap */
   2593 #endif
   2594 
   2595 	/* Sanity check */
   2596 	if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
   2597 	    || llmax - 1 > llmax || llmin == llmax || llmin == 0
   2598 	    || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
   2599 		fprintf(f, "unknown unknown\n");
   2600 		exit(2);
   2601 	}
   2602 
   2603 	if (fprint_ll(f, llmin) < 0)
   2604 		exit(3);
   2605 	if (fprint_ll(f, llmax) < 0)
   2606 		exit(4);
   2607 	if (fclose(f) < 0)
   2608 		exit(5);
   2609 	exit(0);
   2610 		]])],
   2611 		[
   2612 			llong_min=`$AWK '{print $1}' conftest.llminmax`
   2613 			llong_max=`$AWK '{print $2}' conftest.llminmax`
   2614 
   2615 			AC_MSG_RESULT([$llong_max])
   2616 			AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL],
   2617 			    [max value of long long calculated by configure])
   2618 			AC_MSG_CHECKING([for min value of long long])
   2619 			AC_MSG_RESULT([$llong_min])
   2620 			AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL],
   2621 			    [min value of long long calculated by configure])
   2622 		],
   2623 		[
   2624 			AC_MSG_RESULT([not found])
   2625 		],
   2626 		[
   2627 			AC_MSG_WARN([cross compiling: not checking])
   2628 		]
   2629 	)
   2630 fi
   2631 
   2632 
   2633 # More checks for data types
   2634 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
   2635 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
   2636 	[[ u_int a; a = 1;]])],
   2637 	[ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 
   2638 	])
   2639 ])
   2640 if test "x$ac_cv_have_u_int" = "xyes" ; then
   2641 	AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type])
   2642 	have_u_int=1
   2643 fi
   2644 
   2645 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
   2646 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
   2647 	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
   2648 	[ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 
   2649 	])
   2650 ])
   2651 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
   2652 	AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type])
   2653 	have_intxx_t=1
   2654 fi
   2655 
   2656 if (test -z "$have_intxx_t" && \
   2657 	   test "x$ac_cv_header_stdint_h" = "xyes")
   2658 then
   2659     AC_MSG_CHECKING([for intXX_t types in stdint.h])
   2660 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
   2661 	[[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])],
   2662 		[
   2663 			AC_DEFINE([HAVE_INTXX_T])
   2664 			AC_MSG_RESULT([yes])
   2665 		], [ AC_MSG_RESULT([no]) 
   2666 	])
   2667 fi
   2668 
   2669 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
   2670 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   2671 #include <sys/types.h>
   2672 #ifdef HAVE_STDINT_H
   2673 # include <stdint.h>
   2674 #endif
   2675 #include <sys/socket.h>
   2676 #ifdef HAVE_SYS_BITYPES_H
   2677 # include <sys/bitypes.h>
   2678 #endif
   2679 		]], [[
   2680 int64_t a; a = 1;
   2681 		]])],
   2682 	[ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 
   2683 	])
   2684 ])
   2685 if test "x$ac_cv_have_int64_t" = "xyes" ; then
   2686 	AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type])
   2687 fi
   2688 
   2689 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
   2690 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
   2691 	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
   2692 	[ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 
   2693 	])
   2694 ])
   2695 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
   2696 	AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type])
   2697 	have_u_intxx_t=1
   2698 fi
   2699 
   2700 if test -z "$have_u_intxx_t" ; then
   2701     AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
   2702 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]],
   2703 	[[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])],
   2704 		[
   2705 			AC_DEFINE([HAVE_U_INTXX_T])
   2706 			AC_MSG_RESULT([yes])
   2707 		], [ AC_MSG_RESULT([no]) 
   2708 	])
   2709 fi
   2710 
   2711 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
   2712 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
   2713 	[[ u_int64_t a; a = 1;]])],
   2714 	[ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 
   2715 	])
   2716 ])
   2717 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
   2718 	AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type])
   2719 	have_u_int64_t=1
   2720 fi
   2721 
   2722 if test -z "$have_u_int64_t" ; then
   2723     AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
   2724 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]],
   2725 	[[ u_int64_t a; a = 1]])],
   2726 		[
   2727 			AC_DEFINE([HAVE_U_INT64_T])
   2728 			AC_MSG_RESULT([yes])
   2729 		], [ AC_MSG_RESULT([no]) 
   2730 	])
   2731 fi
   2732 
   2733 if test -z "$have_u_intxx_t" ; then
   2734 	AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
   2735 		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   2736 #include <sys/types.h>
   2737 			]], [[
   2738 	uint8_t a;
   2739 	uint16_t b;
   2740 	uint32_t c;
   2741 	a = b = c = 1;
   2742 			]])],
   2743 		[ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 
   2744 		])
   2745 	])
   2746 	if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
   2747 		AC_DEFINE([HAVE_UINTXX_T], [1],
   2748 			[define if you have uintxx_t data type])
   2749 	fi
   2750 fi
   2751 
   2752 if test -z "$have_uintxx_t" ; then
   2753     AC_MSG_CHECKING([for uintXX_t types in stdint.h])
   2754 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]],
   2755 	[[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])],
   2756 		[
   2757 			AC_DEFINE([HAVE_UINTXX_T])
   2758 			AC_MSG_RESULT([yes])
   2759 		], [ AC_MSG_RESULT([no]) 
   2760 	])
   2761 fi
   2762 
   2763 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
   2764 	   test "x$ac_cv_header_sys_bitypes_h" = "xyes")
   2765 then
   2766 	AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
   2767 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   2768 #include <sys/bitypes.h>
   2769 		]], [[
   2770 			int8_t a; int16_t b; int32_t c;
   2771 			u_int8_t e; u_int16_t f; u_int32_t g;
   2772 			a = b = c = e = f = g = 1;
   2773 		]])],
   2774 		[
   2775 			AC_DEFINE([HAVE_U_INTXX_T])
   2776 			AC_DEFINE([HAVE_INTXX_T])
   2777 			AC_MSG_RESULT([yes])
   2778 		], [AC_MSG_RESULT([no])
   2779 	])
   2780 fi
   2781 
   2782 
   2783 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
   2784 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
   2785 	[[ u_char foo; foo = 125; ]])],
   2786 	[ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 
   2787 	])
   2788 ])
   2789 if test "x$ac_cv_have_u_char" = "xyes" ; then
   2790 	AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type])
   2791 fi
   2792 
   2793 TYPE_SOCKLEN_T
   2794 
   2795 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
   2796 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
   2797 #include <sys/types.h>
   2798 #ifdef HAVE_SYS_BITYPES_H
   2799 #include <sys/bitypes.h>
   2800 #endif
   2801 #ifdef HAVE_SYS_STATFS_H
   2802 #include <sys/statfs.h>
   2803 #endif
   2804 #ifdef HAVE_SYS_STATVFS_H
   2805 #include <sys/statvfs.h>
   2806 #endif
   2807 ])
   2808 
   2809 AC_CHECK_TYPES([in_addr_t, in_port_t], , ,
   2810 [#include <sys/types.h>
   2811 #include <netinet/in.h>])
   2812 
   2813 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
   2814 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
   2815 	[[ size_t foo; foo = 1235; ]])],
   2816 	[ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 
   2817 	])
   2818 ])
   2819 if test "x$ac_cv_have_size_t" = "xyes" ; then
   2820 	AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type])
   2821 fi
   2822 
   2823 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
   2824 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
   2825 	[[ ssize_t foo; foo = 1235; ]])],
   2826 	[ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 
   2827 	])
   2828 ])
   2829 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
   2830 	AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type])
   2831 fi
   2832 
   2833 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
   2834 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]],
   2835 	[[ clock_t foo; foo = 1235; ]])],
   2836 	[ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 
   2837 	])
   2838 ])
   2839 if test "x$ac_cv_have_clock_t" = "xyes" ; then
   2840 	AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type])
   2841 fi
   2842 
   2843 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
   2844 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   2845 #include <sys/types.h>
   2846 #include <sys/socket.h>
   2847 		]], [[ sa_family_t foo; foo = 1235; ]])],
   2848 	[ ac_cv_have_sa_family_t="yes" ],
   2849 	[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   2850 #include <sys/types.h>
   2851 #include <sys/socket.h>
   2852 #include <netinet/in.h>
   2853 		]], [[ sa_family_t foo; foo = 1235; ]])],
   2854 		[ ac_cv_have_sa_family_t="yes" ],
   2855 		[ ac_cv_have_sa_family_t="no" ]
   2856 	)
   2857 	])
   2858 ])
   2859 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
   2860 	AC_DEFINE([HAVE_SA_FAMILY_T], [1],
   2861 		[define if you have sa_family_t data type])
   2862 fi
   2863 
   2864 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
   2865 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
   2866 	[[ pid_t foo; foo = 1235; ]])],
   2867 	[ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 
   2868 	])
   2869 ])
   2870 if test "x$ac_cv_have_pid_t" = "xyes" ; then
   2871 	AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type])
   2872 fi
   2873 
   2874 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
   2875 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]],
   2876 	[[ mode_t foo; foo = 1235; ]])],
   2877 	[ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 
   2878 	])
   2879 ])
   2880 if test "x$ac_cv_have_mode_t" = "xyes" ; then
   2881 	AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type])
   2882 fi
   2883 
   2884 
   2885 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
   2886 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   2887 #include <sys/types.h>
   2888 #include <sys/socket.h>
   2889 		]], [[ struct sockaddr_storage s; ]])],
   2890 	[ ac_cv_have_struct_sockaddr_storage="yes" ],
   2891 	[ ac_cv_have_struct_sockaddr_storage="no" 
   2892 	])
   2893 ])
   2894 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
   2895 	AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1],
   2896 		[define if you have struct sockaddr_storage data type])
   2897 fi
   2898 
   2899 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
   2900 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   2901 #include <sys/types.h>
   2902 #include <netinet/in.h>
   2903 		]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])],
   2904 	[ ac_cv_have_struct_sockaddr_in6="yes" ],
   2905 	[ ac_cv_have_struct_sockaddr_in6="no" 
   2906 	])
   2907 ])
   2908 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
   2909 	AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1],
   2910 		[define if you have struct sockaddr_in6 data type])
   2911 fi
   2912 
   2913 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
   2914 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   2915 #include <sys/types.h>
   2916 #include <netinet/in.h>
   2917 		]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])],
   2918 	[ ac_cv_have_struct_in6_addr="yes" ],
   2919 	[ ac_cv_have_struct_in6_addr="no" 
   2920 	])
   2921 ])
   2922 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
   2923 	AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1],
   2924 		[define if you have struct in6_addr data type])
   2925 
   2926 dnl Now check for sin6_scope_id
   2927 	AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , ,
   2928 		[
   2929 #ifdef HAVE_SYS_TYPES_H
   2930 #include <sys/types.h>
   2931 #endif
   2932 #include <netinet/in.h>
   2933 		])
   2934 fi
   2935 
   2936 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
   2937 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   2938 #include <sys/types.h>
   2939 #include <sys/socket.h>
   2940 #include <netdb.h>
   2941 		]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])],
   2942 	[ ac_cv_have_struct_addrinfo="yes" ],
   2943 	[ ac_cv_have_struct_addrinfo="no" 
   2944 	])
   2945 ])
   2946 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
   2947 	AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1],
   2948 		[define if you have struct addrinfo data type])
   2949 fi
   2950 
   2951 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
   2952 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
   2953 	[[ struct timeval tv; tv.tv_sec = 1;]])],
   2954 	[ ac_cv_have_struct_timeval="yes" ],
   2955 	[ ac_cv_have_struct_timeval="no" 
   2956 	])
   2957 ])
   2958 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
   2959 	AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval])
   2960 	have_struct_timeval=1
   2961 fi
   2962 
   2963 AC_CHECK_TYPES([struct timespec])
   2964 
   2965 # We need int64_t or else certian parts of the compile will fail.
   2966 if test "x$ac_cv_have_int64_t" = "xno" && \
   2967 	test "x$ac_cv_sizeof_long_int" != "x8" && \
   2968 	test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
   2969 	echo "OpenSSH requires int64_t support.  Contact your vendor or install"
   2970 	echo "an alternative compiler (I.E., GCC) before continuing."
   2971 	echo ""
   2972 	exit 1;
   2973 else
   2974 dnl test snprintf (broken on SCO w/gcc)
   2975 	AC_RUN_IFELSE(
   2976 		[AC_LANG_SOURCE([[
   2977 #include <stdio.h>
   2978 #include <string.h>
   2979 #ifdef HAVE_SNPRINTF
   2980 main()
   2981 {
   2982 	char buf[50];
   2983 	char expected_out[50];
   2984 	int mazsize = 50 ;
   2985 #if (SIZEOF_LONG_INT == 8)
   2986 	long int num = 0x7fffffffffffffff;
   2987 #else
   2988 	long long num = 0x7fffffffffffffffll;
   2989 #endif
   2990 	strcpy(expected_out, "9223372036854775807");
   2991 	snprintf(buf, mazsize, "%lld", num);
   2992 	if(strcmp(buf, expected_out) != 0)
   2993 		exit(1);
   2994 	exit(0);
   2995 }
   2996 #else
   2997 main() { exit(0); }
   2998 #endif
   2999 		]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
   3000 		AC_MSG_WARN([cross compiling: Assuming working snprintf()])
   3001 	)
   3002 fi
   3003 
   3004 dnl Checks for structure members
   3005 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP])
   3006 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX])
   3007 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX])
   3008 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP])
   3009 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP])
   3010 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX])
   3011 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP])
   3012 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP])
   3013 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX])
   3014 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP])
   3015 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX])
   3016 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP])
   3017 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX])
   3018 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP])
   3019 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
   3020 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
   3021 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
   3022 
   3023 AC_CHECK_MEMBERS([struct stat.st_blksize])
   3024 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state],
   3025 	[Define if we don't have struct __res_state in resolv.h])],
   3026 [
   3027 #include <stdio.h>
   3028 #if HAVE_SYS_TYPES_H
   3029 # include <sys/types.h>
   3030 #endif
   3031 #include <netinet/in.h>
   3032 #include <arpa/nameser.h>
   3033 #include <resolv.h>
   3034 ])
   3035 
   3036 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
   3037 		ac_cv_have_ss_family_in_struct_ss, [
   3038 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   3039 #include <sys/types.h>
   3040 #include <sys/socket.h>
   3041 		]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])],
   3042 	[ ac_cv_have_ss_family_in_struct_ss="yes" ],
   3043 	[ ac_cv_have_ss_family_in_struct_ss="no" ])
   3044 ])
   3045 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
   3046 	AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage])
   3047 fi
   3048 
   3049 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
   3050 		ac_cv_have___ss_family_in_struct_ss, [
   3051 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   3052 #include <sys/types.h>
   3053 #include <sys/socket.h>
   3054 		]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])],
   3055 	[ ac_cv_have___ss_family_in_struct_ss="yes" ],
   3056 	[ ac_cv_have___ss_family_in_struct_ss="no" 
   3057 	])
   3058 ])
   3059 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
   3060 	AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1],
   3061 		[Fields in struct sockaddr_storage])
   3062 fi
   3063 
   3064 AC_CACHE_CHECK([for pw_class field in struct passwd],
   3065 		ac_cv_have_pw_class_in_struct_passwd, [
   3066 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
   3067 	[[ struct passwd p; p.pw_class = 0; ]])],
   3068 	[ ac_cv_have_pw_class_in_struct_passwd="yes" ],
   3069 	[ ac_cv_have_pw_class_in_struct_passwd="no" 
   3070 	])
   3071 ])
   3072 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
   3073 	AC_DEFINE([HAVE_PW_CLASS_IN_PASSWD], [1],
   3074 		[Define if your password has a pw_class field])
   3075 fi
   3076 
   3077 AC_CACHE_CHECK([for pw_expire field in struct passwd],
   3078 		ac_cv_have_pw_expire_in_struct_passwd, [
   3079 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
   3080 	[[ struct passwd p; p.pw_expire = 0; ]])],
   3081 	[ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
   3082 	[ ac_cv_have_pw_expire_in_struct_passwd="no" 
   3083 	])
   3084 ])
   3085 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
   3086 	AC_DEFINE([HAVE_PW_EXPIRE_IN_PASSWD], [1],
   3087 		[Define if your password has a pw_expire field])
   3088 fi
   3089 
   3090 AC_CACHE_CHECK([for pw_change field in struct passwd],
   3091 		ac_cv_have_pw_change_in_struct_passwd, [
   3092 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
   3093 	[[ struct passwd p; p.pw_change = 0; ]])],
   3094 	[ ac_cv_have_pw_change_in_struct_passwd="yes" ],
   3095 	[ ac_cv_have_pw_change_in_struct_passwd="no" 
   3096 	])
   3097 ])
   3098 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
   3099 	AC_DEFINE([HAVE_PW_CHANGE_IN_PASSWD], [1],
   3100 		[Define if your password has a pw_change field])
   3101 fi
   3102 
   3103 AC_CACHE_CHECK([for pw_gecos field in struct passwd],
   3104 		ac_cv_have_pw_gecos_in_struct_passwd, [
   3105 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]],
   3106 	[[ struct passwd p; p.pw_gecos = 0; ]])],
   3107 	[ ac_cv_have_pw_gecos_in_struct_passwd="yes" ],
   3108 	[ ac_cv_have_pw_gecos_in_struct_passwd="no" 
   3109 	])
   3110 ])
   3111 if test "x$ac_cv_have_pw_gecos_in_struct_passwd" = "xyes" ; then
   3112 	AC_DEFINE([HAVE_PW_GECOS_IN_PASSWD], [1],
   3113 		[Define if your password has a pw_gecos field])
   3114 fi
   3115 
   3116 dnl make sure we're using the real structure members and not defines
   3117 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
   3118 		ac_cv_have_accrights_in_msghdr, [
   3119 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   3120 #include <sys/types.h>
   3121 #include <sys/socket.h>
   3122 #include <sys/uio.h>
   3123 		]], [[
   3124 #ifdef msg_accrights
   3125 #error "msg_accrights is a macro"
   3126 exit(1);
   3127 #endif
   3128 struct msghdr m;
   3129 m.msg_accrights = 0;
   3130 exit(0);
   3131 		]])],
   3132 		[ ac_cv_have_accrights_in_msghdr="yes" ],
   3133 		[ ac_cv_have_accrights_in_msghdr="no" ]
   3134 	)
   3135 ])
   3136 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
   3137 	AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1],
   3138 		[Define if your system uses access rights style
   3139 		file descriptor passing])
   3140 fi
   3141 
   3142 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
   3143 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   3144 #include <sys/types.h>
   3145 #include <sys/stat.h>
   3146 #ifdef HAVE_SYS_TIME_H
   3147 # include <sys/time.h>
   3148 #endif
   3149 #ifdef HAVE_SYS_MOUNT_H
   3150 #include <sys/mount.h>
   3151 #endif
   3152 #ifdef HAVE_SYS_STATVFS_H
   3153 #include <sys/statvfs.h>
   3154 #endif
   3155 	]], [[ struct statvfs s; s.f_fsid = 0; ]])],
   3156 	[ AC_MSG_RESULT([yes]) ],
   3157 	[ AC_MSG_RESULT([no])
   3158 
   3159 	AC_MSG_CHECKING([if fsid_t has member val])
   3160 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   3161 #include <sys/types.h>
   3162 #include <sys/statvfs.h>
   3163 	]], [[ fsid_t t; t.val[0] = 0; ]])],
   3164 	[ AC_MSG_RESULT([yes])
   3165 	  AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ],
   3166 	[ AC_MSG_RESULT([no]) ])
   3167 
   3168 	AC_MSG_CHECKING([if f_fsid has member __val])
   3169 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   3170 #include <sys/types.h>
   3171 #include <sys/statvfs.h>
   3172 	]], [[ fsid_t t; t.__val[0] = 0; ]])],
   3173 	[ AC_MSG_RESULT([yes])
   3174 	  AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ],
   3175 	[ AC_MSG_RESULT([no]) ])
   3176 ])
   3177 
   3178 AC_CACHE_CHECK([for msg_control field in struct msghdr],
   3179 		ac_cv_have_control_in_msghdr, [
   3180 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   3181 #include <sys/types.h>
   3182 #include <sys/socket.h>
   3183 #include <sys/uio.h>
   3184 		]], [[
   3185 #ifdef msg_control
   3186 #error "msg_control is a macro"
   3187 exit(1);
   3188 #endif
   3189 struct msghdr m;
   3190 m.msg_control = 0;
   3191 exit(0);
   3192 		]])],
   3193 		[ ac_cv_have_control_in_msghdr="yes" ],
   3194 		[ ac_cv_have_control_in_msghdr="no" ]
   3195 	)
   3196 ])
   3197 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
   3198 	AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1],
   3199 		[Define if your system uses ancillary data style
   3200 		file descriptor passing])
   3201 fi
   3202 
   3203 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
   3204 	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
   3205 		[[ extern char *__progname; printf("%s", __progname); ]])],
   3206 	[ ac_cv_libc_defines___progname="yes" ],
   3207 	[ ac_cv_libc_defines___progname="no" 
   3208 	])
   3209 ])
   3210 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
   3211 	AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname])
   3212 fi
   3213 
   3214 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
   3215 	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
   3216 		[[ printf("%s", __FUNCTION__); ]])],
   3217 	[ ac_cv_cc_implements___FUNCTION__="yes" ],
   3218 	[ ac_cv_cc_implements___FUNCTION__="no" 
   3219 	])
   3220 ])
   3221 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
   3222 	AC_DEFINE([HAVE___FUNCTION__], [1],
   3223 		[Define if compiler implements __FUNCTION__])
   3224 fi
   3225 
   3226 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
   3227 	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
   3228 		[[ printf("%s", __func__); ]])],
   3229 	[ ac_cv_cc_implements___func__="yes" ],
   3230 	[ ac_cv_cc_implements___func__="no" 
   3231 	])
   3232 ])
   3233 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
   3234 	AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__])
   3235 fi
   3236 
   3237 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
   3238 	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
   3239 #include <stdarg.h>
   3240 va_list x,y;
   3241 		]], [[ va_copy(x,y); ]])],
   3242 	[ ac_cv_have_va_copy="yes" ],
   3243 	[ ac_cv_have_va_copy="no" 
   3244 	])
   3245 ])
   3246 if test "x$ac_cv_have_va_copy" = "xyes" ; then
   3247 	AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
   3248 fi
   3249 
   3250 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
   3251 	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
   3252 #include <stdarg.h>
   3253 va_list x,y;
   3254 		]], [[ __va_copy(x,y); ]])],
   3255 	[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 
   3256 	])
   3257 ])
   3258 if test "x$ac_cv_have___va_copy" = "xyes" ; then
   3259 	AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
   3260 fi
   3261 
   3262 AC_CACHE_CHECK([whether getopt has optreset support],
   3263 		ac_cv_have_getopt_optreset, [
   3264 	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]],
   3265 		[[ extern int optreset; optreset = 0; ]])],
   3266 	[ ac_cv_have_getopt_optreset="yes" ],
   3267 	[ ac_cv_have_getopt_optreset="no" 
   3268 	])
   3269 ])
   3270 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
   3271 	AC_DEFINE([HAVE_GETOPT_OPTRESET], [1],
   3272 		[Define if your getopt(3) defines and uses optreset])
   3273 fi
   3274 
   3275 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
   3276 	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
   3277 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
   3278 	[ ac_cv_libc_defines_sys_errlist="yes" ],
   3279 	[ ac_cv_libc_defines_sys_errlist="no" 
   3280 	])
   3281 ])
   3282 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
   3283 	AC_DEFINE([HAVE_SYS_ERRLIST], [1],
   3284 		[Define if your system defines sys_errlist[]])
   3285 fi
   3286 
   3287 
   3288 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
   3289 	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
   3290 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
   3291 	[ ac_cv_libc_defines_sys_nerr="yes" ],
   3292 	[ ac_cv_libc_defines_sys_nerr="no" 
   3293 	])
   3294 ])
   3295 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
   3296 	AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr])
   3297 fi
   3298 
   3299 # Check libraries needed by DNS fingerprint support
   3300 AC_SEARCH_LIBS([getrrsetbyname], [resolv],
   3301 	[AC_DEFINE([HAVE_GETRRSETBYNAME], [1],
   3302 		[Define if getrrsetbyname() exists])],
   3303 	[
   3304 		# Needed by our getrrsetbyname()
   3305 		AC_SEARCH_LIBS([res_query], [resolv])
   3306 		AC_SEARCH_LIBS([dn_expand], [resolv])
   3307 		AC_MSG_CHECKING([if res_query will link])
   3308 		AC_LINK_IFELSE([AC_LANG_PROGRAM([[
   3309 #include <sys/types.h>
   3310 #include <netinet/in.h>
   3311 #include <arpa/nameser.h>
   3312 #include <netdb.h>
   3313 #include <resolv.h>
   3314 				]], [[
   3315 	res_query (0, 0, 0, 0, 0);
   3316 				]])],
   3317 		    AC_MSG_RESULT([yes]),
   3318 		   [AC_MSG_RESULT([no])
   3319 		    saved_LIBS="$LIBS"
   3320 		    LIBS="$LIBS -lresolv"
   3321 		    AC_MSG_CHECKING([for res_query in -lresolv])
   3322 		    AC_LINK_IFELSE([AC_LANG_PROGRAM([[
   3323 #include <sys/types.h>
   3324 #include <netinet/in.h>
   3325 #include <arpa/nameser.h>
   3326 #include <netdb.h>
   3327 #include <resolv.h>
   3328 				]], [[
   3329 	res_query (0, 0, 0, 0, 0);
   3330 				]])],
   3331 			[AC_MSG_RESULT([yes])],
   3332 			[LIBS="$saved_LIBS"
   3333 			 AC_MSG_RESULT([no])])
   3334 		    ])
   3335 		AC_CHECK_FUNCS([_getshort _getlong])
   3336 		AC_CHECK_DECLS([_getshort, _getlong], , ,
   3337 		    [#include <sys/types.h>
   3338 		    #include <arpa/nameser.h>])
   3339 		AC_CHECK_MEMBER([HEADER.ad],
   3340 			[AC_DEFINE([HAVE_HEADER_AD], [1],
   3341 			    [Define if HEADER.ad exists in arpa/nameser.h])], ,
   3342 			[#include <arpa/nameser.h>])
   3343 	])
   3344 
   3345 AC_MSG_CHECKING([if struct __res_state _res is an extern])
   3346 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
   3347 #include <stdio.h>
   3348 #if HAVE_SYS_TYPES_H
   3349 # include <sys/types.h>
   3350 #endif
   3351 #include <netinet/in.h>
   3352 #include <arpa/nameser.h>
   3353 #include <resolv.h>
   3354 extern struct __res_state _res;
   3355 		]], [[ ]])],
   3356 		[AC_MSG_RESULT([yes])
   3357 		 AC_DEFINE([HAVE__RES_EXTERN], [1],
   3358 		    [Define if you have struct __res_state _res as an extern])
   3359 		],
   3360 		[ AC_MSG_RESULT([no]) ]
   3361 )
   3362 
   3363 # Check whether user wants SELinux support
   3364 SELINUX_MSG="no"
   3365 LIBSELINUX=""
   3366 AC_ARG_WITH([selinux],
   3367 	[  --with-selinux          Enable SELinux support],
   3368 	[ if test "x$withval" != "xno" ; then
   3369 		save_LIBS="$LIBS"
   3370 		AC_DEFINE([WITH_SELINUX], [1],
   3371 			[Define if you want SELinux support.])
   3372 		SELINUX_MSG="yes"
   3373 		AC_CHECK_HEADER([selinux/selinux.h], ,
   3374 			AC_MSG_ERROR([SELinux support requires selinux.h header]))
   3375 		AC_CHECK_LIB([selinux], [setexeccon],
   3376 			[ LIBSELINUX="-lselinux"
   3377 			  LIBS="$LIBS -lselinux"
   3378 			],
   3379 			AC_MSG_ERROR([SELinux support requires libselinux library]))
   3380 		SSHLIBS="$SSHLIBS $LIBSELINUX"
   3381 		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
   3382 		AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
   3383 		LIBS="$save_LIBS"
   3384 	fi ]
   3385 )
   3386 AC_SUBST([SSHLIBS])
   3387 AC_SUBST([SSHDLIBS])
   3388 
   3389 # Check whether user wants Kerberos 5 support
   3390 KRB5_MSG="no"
   3391 AC_ARG_WITH([kerberos5],
   3392 	[  --with-kerberos5=PATH   Enable Kerberos 5 support],
   3393 	[ if test "x$withval" != "xno" ; then
   3394 		if test "x$withval" = "xyes" ; then
   3395 			KRB5ROOT="/usr/local"
   3396 		else
   3397 			KRB5ROOT=${withval}
   3398 		fi
   3399 
   3400 		AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
   3401 		KRB5_MSG="yes"
   3402 
   3403 		AC_PATH_PROG([KRB5CONF], [krb5-config],
   3404 			     [$KRB5ROOT/bin/krb5-config],
   3405 			     [$KRB5ROOT/bin:$PATH])
   3406 		if test -x $KRB5CONF ; then
   3407 
   3408 			AC_MSG_CHECKING([for gssapi support])
   3409 			if $KRB5CONF | grep gssapi >/dev/null ; then
   3410 				AC_MSG_RESULT([yes])
   3411 				AC_DEFINE([GSSAPI], [1],
   3412 					[Define this if you want GSSAPI
   3413 					support in the version 2 protocol])
   3414 				k5confopts=gssapi
   3415 			else
   3416 				AC_MSG_RESULT([no])
   3417 				k5confopts=""
   3418 			fi
   3419 			K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
   3420 			K5LIBS="`$KRB5CONF --libs $k5confopts`"
   3421 			CPPFLAGS="$CPPFLAGS $K5CFLAGS"
   3422 			AC_MSG_CHECKING([whether we are using Heimdal])
   3423 			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
   3424 				]], [[ char *tmp = heimdal_version; ]])],
   3425 				[ AC_MSG_RESULT([yes])
   3426 				AC_DEFINE([HEIMDAL], [1],
   3427 				[Define this if you are using the Heimdal
   3428 				version of Kerberos V5]) ],
   3429 				[AC_MSG_RESULT([no])
   3430 			])
   3431 		else
   3432 			CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
   3433 			LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
   3434 			AC_MSG_CHECKING([whether we are using Heimdal])
   3435 			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
   3436 				]], [[ char *tmp = heimdal_version; ]])],
   3437 					[ AC_MSG_RESULT([yes])
   3438 					 AC_DEFINE([HEIMDAL])
   3439 					 K5LIBS="-lkrb5"
   3440 					 K5LIBS="$K5LIBS -lcom_err -lasn1"
   3441 					 AC_CHECK_LIB([roken], [net_write],
   3442 					   [K5LIBS="$K5LIBS -lroken"])
   3443 					 AC_CHECK_LIB([des], [des_cbc_encrypt],
   3444 					   [K5LIBS="$K5LIBS -ldes"])
   3445 				       ], [ AC_MSG_RESULT([no])
   3446 					 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
   3447 				       
   3448 			])
   3449 			AC_SEARCH_LIBS([dn_expand], [resolv])
   3450 
   3451 			AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
   3452 				[ AC_DEFINE([GSSAPI])
   3453 				  K5LIBS="-lgssapi_krb5 $K5LIBS" ],
   3454 				[ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
   3455 					[ AC_DEFINE([GSSAPI])
   3456 					  K5LIBS="-lgssapi $K5LIBS" ],
   3457 					AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
   3458 					$K5LIBS)
   3459 				],
   3460 				$K5LIBS)
   3461 
   3462 			AC_CHECK_HEADER([gssapi.h], ,
   3463 				[ unset ac_cv_header_gssapi_h
   3464 				  CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
   3465 				  AC_CHECK_HEADERS([gssapi.h], ,
   3466 					AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
   3467 				  )
   3468 				]
   3469 			)
   3470 
   3471 			oldCPP="$CPPFLAGS"
   3472 			CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
   3473 			AC_CHECK_HEADER([gssapi_krb5.h], ,
   3474 					[ CPPFLAGS="$oldCPP" ])
   3475 
   3476 		fi
   3477 		if test ! -z "$need_dash_r" ; then
   3478 			LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
   3479 		fi
   3480 		if test ! -z "$blibpath" ; then
   3481 			blibpath="$blibpath:${KRB5ROOT}/lib"
   3482 		fi
   3483 
   3484 		AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h])
   3485 		AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h])
   3486 		AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h])
   3487 
   3488 		LIBS="$LIBS $K5LIBS"
   3489 		AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1],
   3490 			[Define this if you want to use libkafs' AFS support])])
   3491 	fi
   3492 	]
   3493 )
   3494 
   3495 # Looking for programs, paths and files
   3496 
   3497 PRIVSEP_PATH=/var/empty
   3498 AC_ARG_WITH([privsep-path],
   3499 	[  --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
   3500 	[
   3501 		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
   3502 		    test "x${withval}" != "xyes"; then
   3503 			PRIVSEP_PATH=$withval
   3504 		fi
   3505 	]
   3506 )
   3507 AC_SUBST([PRIVSEP_PATH])
   3508 
   3509 AC_ARG_WITH([xauth],
   3510 	[  --with-xauth=PATH       Specify path to xauth program ],
   3511 	[
   3512 		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
   3513 		    test "x${withval}" != "xyes"; then
   3514 			xauth_path=$withval
   3515 		fi
   3516 	],
   3517 	[
   3518 		TestPath="$PATH"
   3519 		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
   3520 		TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
   3521 		TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
   3522 		TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
   3523 		AC_PATH_PROG([xauth_path], [xauth], , [$TestPath])
   3524 		if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
   3525 			xauth_path="/usr/openwin/bin/xauth"
   3526 		fi
   3527 	]
   3528 )
   3529 
   3530 STRIP_OPT=-s
   3531 AC_ARG_ENABLE([strip],
   3532 	[  --disable-strip         Disable calling strip(1) on install],
   3533 	[
   3534 		if test "x$enableval" = "xno" ; then
   3535 			STRIP_OPT=
   3536 		fi
   3537 	]
   3538 )
   3539 AC_SUBST([STRIP_OPT])
   3540 
   3541 if test -z "$xauth_path" ; then
   3542 	XAUTH_PATH="undefined"
   3543 	AC_SUBST([XAUTH_PATH])
   3544 else
   3545 	AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"],
   3546 		[Define if xauth is found in your path])
   3547 	XAUTH_PATH=$xauth_path
   3548 	AC_SUBST([XAUTH_PATH])
   3549 fi
   3550 
   3551 dnl # --with-maildir=/path/to/mail gets top priority.
   3552 dnl # if maildir is set in the platform case statement above we use that.
   3553 dnl # Otherwise we run a program to get the dir from system headers.
   3554 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL
   3555 dnl # If we find _PATH_MAILDIR we do nothing because that is what
   3556 dnl # session.c expects anyway. Otherwise we set to the value found
   3557 dnl # stripping any trailing slash. If for some strage reason our program
   3558 dnl # does not find what it needs, we default to /var/spool/mail.
   3559 # Check for mail directory
   3560 AC_ARG_WITH([maildir],
   3561     [  --with-maildir=/path/to/mail    Specify your system mail directory],
   3562     [
   3563 	if test "X$withval" != X  &&  test "x$withval" != xno  &&  \
   3564 	    test "x${withval}" != xyes; then
   3565 		AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"],
   3566             [Set this to your mail directory if you do not have _PATH_MAILDIR])
   3567 	    fi
   3568      ],[
   3569 	if test "X$maildir" != "X"; then
   3570 	    AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
   3571 	else
   3572 	    AC_MSG_CHECKING([Discovering system mail directory])
   3573 	    AC_RUN_IFELSE(
   3574 		[AC_LANG_PROGRAM([[
   3575 #include <stdio.h>
   3576 #include <string.h>
   3577 #ifdef HAVE_PATHS_H
   3578 #include <paths.h>
   3579 #endif
   3580 #ifdef HAVE_MAILLOCK_H
   3581 #include <maillock.h>
   3582 #endif
   3583 #define DATA "conftest.maildir"
   3584 	]], [[
   3585 	FILE *fd;
   3586 	int rc;
   3587 
   3588 	fd = fopen(DATA,"w");
   3589 	if(fd == NULL)
   3590 		exit(1);
   3591 
   3592 #if defined (_PATH_MAILDIR)
   3593 	if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0)
   3594 		exit(1);
   3595 #elif defined (MAILDIR)
   3596 	if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0)
   3597 		exit(1);
   3598 #elif defined (_PATH_MAIL)
   3599 	if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0)
   3600 		exit(1);
   3601 #else
   3602 	exit (2);
   3603 #endif
   3604 
   3605 	exit(0);
   3606 		]])],
   3607 		[
   3608 	 	    maildir_what=`awk -F: '{print $1}' conftest.maildir`
   3609 		    maildir=`awk -F: '{print $2}' conftest.maildir \
   3610 			| sed 's|/$||'`
   3611 		    AC_MSG_RESULT([Using: $maildir from $maildir_what])
   3612 		    if test "x$maildir_what" != "x_PATH_MAILDIR"; then
   3613 			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"])
   3614 		    fi
   3615 		],
   3616 		[
   3617 		    if test "X$ac_status" = "X2";then
   3618 # our test program didn't find it. Default to /var/spool/mail
   3619 			AC_MSG_RESULT([Using: default value of /var/spool/mail])
   3620 			AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"])
   3621 		     else
   3622 			AC_MSG_RESULT([*** not found ***])
   3623 		     fi
   3624 		],
   3625 		[
   3626 			AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail])
   3627 		]
   3628 	    )
   3629 	fi
   3630     ]
   3631 ) # maildir
   3632 
   3633 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
   3634 	AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
   3635 	disable_ptmx_check=yes
   3636 fi
   3637 if test -z "$no_dev_ptmx" ; then
   3638 	if test "x$disable_ptmx_check" != "xyes" ; then
   3639 		AC_CHECK_FILE(["/dev/ptmx"],
   3640 			[
   3641 				AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1],
   3642 					[Define if you have /dev/ptmx])
   3643 				have_dev_ptmx=1
   3644 			]
   3645 		)
   3646 	fi
   3647 fi
   3648 
   3649 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
   3650 	AC_CHECK_FILE(["/dev/ptc"],
   3651 		[
   3652 			AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1],
   3653 				[Define if you have /dev/ptc])
   3654 			have_dev_ptc=1
   3655 		]
   3656 	)
   3657 else
   3658 	AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
   3659 fi
   3660 
   3661 # Options from here on. Some of these are preset by platform above
   3662 AC_ARG_WITH([mantype],
   3663 	[  --with-mantype=man|cat|doc  Set man page type],
   3664 	[
   3665 		case "$withval" in
   3666 		man|cat|doc)
   3667 			MANTYPE=$withval
   3668 			;;
   3669 		*)
   3670 			AC_MSG_ERROR([invalid man type: $withval])
   3671 			;;
   3672 		esac
   3673 	]
   3674 )
   3675 if test -z "$MANTYPE"; then
   3676 	TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
   3677 	AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
   3678 	if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
   3679 		MANTYPE=doc
   3680 	elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
   3681 		MANTYPE=man
   3682 	else
   3683 		MANTYPE=cat
   3684 	fi
   3685 fi
   3686 AC_SUBST([MANTYPE])
   3687 if test "$MANTYPE" = "doc"; then
   3688 	mansubdir=man;
   3689 else
   3690 	mansubdir=$MANTYPE;
   3691 fi
   3692 AC_SUBST([mansubdir])
   3693 
   3694 # Check whether to enable MD5 passwords
   3695 MD5_MSG="no"
   3696 AC_ARG_WITH([md5-passwords],
   3697 	[  --with-md5-passwords    Enable use of MD5 passwords],
   3698 	[
   3699 		if test "x$withval" != "xno" ; then
   3700 			AC_DEFINE([HAVE_MD5_PASSWORDS], [1],
   3701 				[Define if you want to allow MD5 passwords])
   3702 			MD5_MSG="yes"
   3703 		fi
   3704 	]
   3705 )
   3706 
   3707 # Whether to disable shadow password support
   3708 AC_ARG_WITH([shadow],
   3709 	[  --without-shadow        Disable shadow password support],
   3710 	[
   3711 		if test "x$withval" = "xno" ; then
   3712 			AC_DEFINE([DISABLE_SHADOW])
   3713 			disable_shadow=yes
   3714 		fi
   3715 	]
   3716 )
   3717 
   3718 if test -z "$disable_shadow" ; then
   3719 	AC_MSG_CHECKING([if the systems has expire shadow information])
   3720 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   3721 #include <sys/types.h>
   3722 #include <shadow.h>
   3723 struct spwd sp;
   3724 		]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])],
   3725 		[ sp_expire_available=yes ], [
   3726 	])
   3727 
   3728 	if test "x$sp_expire_available" = "xyes" ; then
   3729 		AC_MSG_RESULT([yes])
   3730 		AC_DEFINE([HAS_SHADOW_EXPIRE], [1],
   3731 		    [Define if you want to use shadow password expire field])
   3732 	else
   3733 		AC_MSG_RESULT([no])
   3734 	fi
   3735 fi
   3736 
   3737 # Use ip address instead of hostname in $DISPLAY
   3738 if test ! -z "$IPADDR_IN_DISPLAY" ; then
   3739 	DISPLAY_HACK_MSG="yes"
   3740 	AC_DEFINE([IPADDR_IN_DISPLAY], [1],
   3741 		[Define if you need to use IP address
   3742 		instead of hostname in $DISPLAY])
   3743 else
   3744 	DISPLAY_HACK_MSG="no"
   3745 	AC_ARG_WITH([ipaddr-display],
   3746 		[  --with-ipaddr-display   Use ip address instead of hostname in \$DISPLAY],
   3747 		[
   3748 			if test "x$withval" != "xno" ; then
   3749 				AC_DEFINE([IPADDR_IN_DISPLAY])
   3750 				DISPLAY_HACK_MSG="yes"
   3751 			fi
   3752 		]
   3753 	)
   3754 fi
   3755 
   3756 # check for /etc/default/login and use it if present.
   3757 AC_ARG_ENABLE([etc-default-login],
   3758 	[  --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
   3759 	[ if test "x$enableval" = "xno"; then
   3760 		AC_MSG_NOTICE([/etc/default/login handling disabled])
   3761 		etc_default_login=no
   3762 	  else
   3763 		etc_default_login=yes
   3764 	  fi ],
   3765 	[ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
   3766 	  then
   3767 		AC_MSG_WARN([cross compiling: not checking /etc/default/login])
   3768 		etc_default_login=no
   3769 	  else
   3770 		etc_default_login=yes
   3771 	  fi ]
   3772 )
   3773 
   3774 if test "x$etc_default_login" != "xno"; then
   3775 	AC_CHECK_FILE(["/etc/default/login"],
   3776 	    [ external_path_file=/etc/default/login ])
   3777 	if test "x$external_path_file" = "x/etc/default/login"; then
   3778 		AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1],
   3779 			[Define if your system has /etc/default/login])
   3780 	fi
   3781 fi
   3782 
   3783 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
   3784 if test $ac_cv_func_login_getcapbool = "yes" && \
   3785 	test $ac_cv_header_login_cap_h = "yes" ; then
   3786 	external_path_file=/etc/login.conf
   3787 fi
   3788 
   3789 # Whether to mess with the default path
   3790 SERVER_PATH_MSG="(default)"
   3791 AC_ARG_WITH([default-path],
   3792 	[  --with-default-path=    Specify default \$PATH environment for server],
   3793 	[
   3794 		if test "x$external_path_file" = "x/etc/login.conf" ; then
   3795 			AC_MSG_WARN([
   3796 --with-default-path=PATH has no effect on this system.
   3797 Edit /etc/login.conf instead.])
   3798 		elif test "x$withval" != "xno" ; then
   3799 			if test ! -z "$external_path_file" ; then
   3800 				AC_MSG_WARN([
   3801 --with-default-path=PATH will only be used if PATH is not defined in
   3802 $external_path_file .])
   3803 			fi
   3804 			user_path="$withval"
   3805 			SERVER_PATH_MSG="$withval"
   3806 		fi
   3807 	],
   3808 	[ if test "x$external_path_file" = "x/etc/login.conf" ; then
   3809 		AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
   3810 	else
   3811 		if test ! -z "$external_path_file" ; then
   3812 			AC_MSG_WARN([
   3813 If PATH is defined in $external_path_file, ensure the path to scp is included,
   3814 otherwise scp will not work.])
   3815 		fi
   3816 		AC_RUN_IFELSE(
   3817 			[AC_LANG_PROGRAM([[
   3818 /* find out what STDPATH is */
   3819 #include <stdio.h>
   3820 #ifdef HAVE_PATHS_H
   3821 # include <paths.h>
   3822 #endif
   3823 #ifndef _PATH_STDPATH
   3824 # ifdef _PATH_USERPATH	/* Irix */
   3825 #  define _PATH_STDPATH _PATH_USERPATH
   3826 # else
   3827 #  define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
   3828 # endif
   3829 #endif
   3830 #include <sys/types.h>
   3831 #include <sys/stat.h>
   3832 #include <fcntl.h>
   3833 #define DATA "conftest.stdpath"
   3834 			]], [[
   3835 	FILE *fd;
   3836 	int rc;
   3837 
   3838 	fd = fopen(DATA,"w");
   3839 	if(fd == NULL)
   3840 		exit(1);
   3841 
   3842 	if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
   3843 		exit(1);
   3844 
   3845 	exit(0);
   3846 		]])],
   3847 		[ user_path=`cat conftest.stdpath` ],
   3848 		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
   3849 		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
   3850 	)
   3851 # make sure $bindir is in USER_PATH so scp will work
   3852 		t_bindir=`eval echo ${bindir}`
   3853 		case $t_bindir in
   3854 			NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
   3855 		esac
   3856 		case $t_bindir in
   3857 			NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
   3858 		esac
   3859 		echo $user_path | grep ":$t_bindir"  > /dev/null 2>&1
   3860 		if test $? -ne 0  ; then
   3861 			echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1
   3862 			if test $? -ne 0  ; then
   3863 				user_path=$user_path:$t_bindir
   3864 				AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work])
   3865 			fi
   3866 		fi
   3867 	fi ]
   3868 )
   3869 if test "x$external_path_file" != "x/etc/login.conf" ; then
   3870 	AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH])
   3871 	AC_SUBST([user_path])
   3872 fi
   3873 
   3874 # Set superuser path separately to user path
   3875 AC_ARG_WITH([superuser-path],
   3876 	[  --with-superuser-path=  Specify different path for super-user],
   3877 	[
   3878 		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
   3879 		    test "x${withval}" != "xyes"; then
   3880 			AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"],
   3881 				[Define if you want a different $PATH
   3882 				for the superuser])
   3883 			superuser_path=$withval
   3884 		fi
   3885 	]
   3886 )
   3887 
   3888 
   3889 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
   3890 IPV4_IN6_HACK_MSG="no"
   3891 AC_ARG_WITH(4in6,
   3892 	[  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
   3893 	[
   3894 		if test "x$withval" != "xno" ; then
   3895 			AC_MSG_RESULT([yes])
   3896 			AC_DEFINE([IPV4_IN_IPV6], [1],
   3897 				[Detect IPv4 in IPv6 mapped addresses
   3898 				and treat as IPv4])
   3899 			IPV4_IN6_HACK_MSG="yes"
   3900 		else
   3901 			AC_MSG_RESULT([no])
   3902 		fi
   3903 	], [
   3904 		if test "x$inet6_default_4in6" = "xyes"; then
   3905 			AC_MSG_RESULT([yes (default)])
   3906 			AC_DEFINE([IPV4_IN_IPV6])
   3907 			IPV4_IN6_HACK_MSG="yes"
   3908 		else
   3909 			AC_MSG_RESULT([no (default)])
   3910 		fi
   3911 	]
   3912 )
   3913 
   3914 # Whether to enable BSD auth support
   3915 BSD_AUTH_MSG=no
   3916 AC_ARG_WITH([bsd-auth],
   3917 	[  --with-bsd-auth         Enable BSD auth support],
   3918 	[
   3919 		if test "x$withval" != "xno" ; then
   3920 			AC_DEFINE([BSD_AUTH], [1],
   3921 				[Define if you have BSD auth support])
   3922 			BSD_AUTH_MSG=yes
   3923 		fi
   3924 	]
   3925 )
   3926 
   3927 # Where to place sshd.pid
   3928 piddir=/var/run
   3929 # make sure the directory exists
   3930 if test ! -d $piddir ; then
   3931 	piddir=`eval echo ${sysconfdir}`
   3932 	case $piddir in
   3933 		NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
   3934 	esac
   3935 fi
   3936 
   3937 AC_ARG_WITH([pid-dir],
   3938 	[  --with-pid-dir=PATH     Specify location of ssh.pid file],
   3939 	[
   3940 		if test -n "$withval"  &&  test "x$withval" != "xno"  &&  \
   3941 		    test "x${withval}" != "xyes"; then
   3942 			piddir=$withval
   3943 			if test ! -d $piddir ; then
   3944 			AC_MSG_WARN([** no $piddir directory on this system **])
   3945 			fi
   3946 		fi
   3947 	]
   3948 )
   3949 
   3950 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 
   3951 	[Specify location of ssh.pid])
   3952 AC_SUBST([piddir])
   3953 
   3954 dnl allow user to disable some login recording features
   3955 AC_ARG_ENABLE([lastlog],
   3956 	[  --disable-lastlog       disable use of lastlog even if detected [no]],
   3957 	[
   3958 		if test "x$enableval" = "xno" ; then
   3959 			AC_DEFINE([DISABLE_LASTLOG])
   3960 		fi
   3961 	]
   3962 )
   3963 AC_ARG_ENABLE([utmp],
   3964 	[  --disable-utmp          disable use of utmp even if detected [no]],
   3965 	[
   3966 		if test "x$enableval" = "xno" ; then
   3967 			AC_DEFINE([DISABLE_UTMP])
   3968 		fi
   3969 	]
   3970 )
   3971 AC_ARG_ENABLE([utmpx],
   3972 	[  --disable-utmpx         disable use of utmpx even if detected [no]],
   3973 	[
   3974 		if test "x$enableval" = "xno" ; then
   3975 			AC_DEFINE([DISABLE_UTMPX], [1],
   3976 				[Define if you don't want to use utmpx])
   3977 		fi
   3978 	]
   3979 )
   3980 AC_ARG_ENABLE([wtmp],
   3981 	[  --disable-wtmp          disable use of wtmp even if detected [no]],
   3982 	[
   3983 		if test "x$enableval" = "xno" ; then
   3984 			AC_DEFINE([DISABLE_WTMP])
   3985 		fi
   3986 	]
   3987 )
   3988 AC_ARG_ENABLE([wtmpx],
   3989 	[  --disable-wtmpx         disable use of wtmpx even if detected [no]],
   3990 	[
   3991 		if test "x$enableval" = "xno" ; then
   3992 			AC_DEFINE([DISABLE_WTMPX], [1],
   3993 				[Define if you don't want to use wtmpx])
   3994 		fi
   3995 	]
   3996 )
   3997 AC_ARG_ENABLE([libutil],
   3998 	[  --disable-libutil       disable use of libutil (login() etc.) [no]],
   3999 	[
   4000 		if test "x$enableval" = "xno" ; then
   4001 			AC_DEFINE([DISABLE_LOGIN])
   4002 		fi
   4003 	]
   4004 )
   4005 AC_ARG_ENABLE([pututline],
   4006 	[  --disable-pututline     disable use of pututline() etc. ([uw]tmp) [no]],
   4007 	[
   4008 		if test "x$enableval" = "xno" ; then
   4009 			AC_DEFINE([DISABLE_PUTUTLINE], [1],
   4010 				[Define if you don't want to use pututline()
   4011 				etc. to write [uw]tmp])
   4012 		fi
   4013 	]
   4014 )
   4015 AC_ARG_ENABLE([pututxline],
   4016 	[  --disable-pututxline    disable use of pututxline() etc. ([uw]tmpx) [no]],
   4017 	[
   4018 		if test "x$enableval" = "xno" ; then
   4019 			AC_DEFINE([DISABLE_PUTUTXLINE], [1],
   4020 				[Define if you don't want to use pututxline()
   4021 				etc. to write [uw]tmpx])
   4022 		fi
   4023 	]
   4024 )
   4025 AC_ARG_WITH([lastlog],
   4026   [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
   4027 	[
   4028 		if test "x$withval" = "xno" ; then
   4029 			AC_DEFINE([DISABLE_LASTLOG])
   4030 		elif test -n "$withval"  &&  test "x${withval}" != "xyes"; then
   4031 			conf_lastlog_location=$withval
   4032 		fi
   4033 	]
   4034 )
   4035 
   4036 dnl lastlog, [uw]tmpx? detection
   4037 dnl  NOTE: set the paths in the platform section to avoid the
   4038 dnl   need for command-line parameters
   4039 dnl lastlog and [uw]tmp are subject to a file search if all else fails
   4040 
   4041 dnl lastlog detection
   4042 dnl  NOTE: the code itself will detect if lastlog is a directory
   4043 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
   4044 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   4045 #include <sys/types.h>
   4046 #include <utmp.h>
   4047 #ifdef HAVE_LASTLOG_H
   4048 #  include <lastlog.h>
   4049 #endif
   4050 #ifdef HAVE_PATHS_H
   4051 #  include <paths.h>
   4052 #endif
   4053 #ifdef HAVE_LOGIN_H
   4054 # include <login.h>
   4055 #endif
   4056 	]], [[ char *lastlog = LASTLOG_FILE; ]])],
   4057 		[ AC_MSG_RESULT([yes]) ],
   4058 		[
   4059 		AC_MSG_RESULT([no])
   4060 		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
   4061 		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   4062 #include <sys/types.h>
   4063 #include <utmp.h>
   4064 #ifdef HAVE_LASTLOG_H
   4065 #  include <lastlog.h>
   4066 #endif
   4067 #ifdef HAVE_PATHS_H
   4068 #  include <paths.h>
   4069 #endif
   4070 		]], [[ char *lastlog = _PATH_LASTLOG; ]])],
   4071 		[ AC_MSG_RESULT([yes]) ],
   4072 		[
   4073 			AC_MSG_RESULT([no])
   4074 			system_lastlog_path=no
   4075 		])
   4076 ])
   4077 
   4078 if test -z "$conf_lastlog_location"; then
   4079 	if test x"$system_lastlog_path" = x"no" ; then
   4080 		for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
   4081 				if (test -d "$f" || test -f "$f") ; then
   4082 					conf_lastlog_location=$f
   4083 				fi
   4084 		done
   4085 		if test -z "$conf_lastlog_location"; then
   4086 			AC_MSG_WARN([** Cannot find lastlog **])
   4087 			dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
   4088 		fi
   4089 	fi
   4090 fi
   4091 
   4092 if test -n "$conf_lastlog_location"; then
   4093 	AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"],
   4094 		[Define if you want to specify the path to your lastlog file])
   4095 fi
   4096 
   4097 dnl utmp detection
   4098 AC_MSG_CHECKING([if your system defines UTMP_FILE])
   4099 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   4100 #include <sys/types.h>
   4101 #include <utmp.h>
   4102 #ifdef HAVE_PATHS_H
   4103 #  include <paths.h>
   4104 #endif
   4105 	]], [[ char *utmp = UTMP_FILE; ]])],
   4106 	[ AC_MSG_RESULT([yes]) ],
   4107 	[ AC_MSG_RESULT([no])
   4108 	  system_utmp_path=no 
   4109 ])
   4110 if test -z "$conf_utmp_location"; then
   4111 	if test x"$system_utmp_path" = x"no" ; then
   4112 		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
   4113 			if test -f $f ; then
   4114 				conf_utmp_location=$f
   4115 			fi
   4116 		done
   4117 		if test -z "$conf_utmp_location"; then
   4118 			AC_DEFINE([DISABLE_UTMP])
   4119 		fi
   4120 	fi
   4121 fi
   4122 if test -n "$conf_utmp_location"; then
   4123 	AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"],
   4124 		[Define if you want to specify the path to your utmp file])
   4125 fi
   4126 
   4127 dnl wtmp detection
   4128 AC_MSG_CHECKING([if your system defines WTMP_FILE])
   4129 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   4130 #include <sys/types.h>
   4131 #include <utmp.h>
   4132 #ifdef HAVE_PATHS_H
   4133 #  include <paths.h>
   4134 #endif
   4135 	]], [[ char *wtmp = WTMP_FILE; ]])],
   4136 	[ AC_MSG_RESULT([yes]) ],
   4137 	[ AC_MSG_RESULT([no])
   4138 	  system_wtmp_path=no 
   4139 ])
   4140 if test -z "$conf_wtmp_location"; then
   4141 	if test x"$system_wtmp_path" = x"no" ; then
   4142 		for f in /usr/adm/wtmp /var/log/wtmp; do
   4143 			if test -f $f ; then
   4144 				conf_wtmp_location=$f
   4145 			fi
   4146 		done
   4147 		if test -z "$conf_wtmp_location"; then
   4148 			AC_DEFINE([DISABLE_WTMP])
   4149 		fi
   4150 	fi
   4151 fi
   4152 if test -n "$conf_wtmp_location"; then
   4153 	AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"],
   4154 		[Define if you want to specify the path to your wtmp file])
   4155 fi
   4156 
   4157 
   4158 dnl wtmpx detection
   4159 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
   4160 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
   4161 #include <sys/types.h>
   4162 #include <utmp.h>
   4163 #ifdef HAVE_UTMPX_H
   4164 #include <utmpx.h>
   4165 #endif
   4166 #ifdef HAVE_PATHS_H
   4167 #  include <paths.h>
   4168 #endif
   4169 	]], [[ char *wtmpx = WTMPX_FILE; ]])],
   4170 	[ AC_MSG_RESULT([yes]) ],
   4171 	[ AC_MSG_RESULT([no])
   4172 	  system_wtmpx_path=no 
   4173 ])
   4174 if test -z "$conf_wtmpx_location"; then
   4175 	if test x"$system_wtmpx_path" = x"no" ; then
   4176 		AC_DEFINE([DISABLE_WTMPX])
   4177 	fi
   4178 else
   4179 	AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
   4180 		[Define if you want to specify the path to your wtmpx file])
   4181 fi
   4182 
   4183 
   4184 if test ! -z "$blibpath" ; then
   4185 	LDFLAGS="$LDFLAGS $blibflags$blibpath"
   4186 	AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
   4187 fi
   4188 
   4189 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
   4190 dnl Add now.
   4191 CFLAGS="$CFLAGS $werror_flags"
   4192 
   4193 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
   4194 	TEST_SSH_IPV6=no
   4195 else
   4196 	TEST_SSH_IPV6=yes
   4197 fi
   4198 AC_CHECK_DECL([BROKEN_GETADDRINFO],  [TEST_SSH_IPV6=no])
   4199 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6])
   4200 
   4201 AC_EXEEXT
   4202 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
   4203 	openbsd-compat/Makefile openbsd-compat/regress/Makefile \
   4204 	survey.sh])
   4205 AC_OUTPUT
   4206 
   4207 # Print summary of options
   4208 
   4209 # Someone please show me a better way :)
   4210 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
   4211 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
   4212 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
   4213 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
   4214 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
   4215 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
   4216 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
   4217 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
   4218 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
   4219 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
   4220 
   4221 echo ""
   4222 echo "OpenSSH has been configured with the following options:"
   4223 echo "                     User binaries: $B"
   4224 echo "                   System binaries: $C"
   4225 echo "               Configuration files: $D"
   4226 echo "                   Askpass program: $E"
   4227 echo "                      Manual pages: $F"
   4228 echo "                          PID file: $G"
   4229 echo "  Privilege separation chroot path: $H"
   4230 if test "x$external_path_file" = "x/etc/login.conf" ; then
   4231 echo "   At runtime, sshd will use the path defined in $external_path_file"
   4232 echo "   Make sure the path to scp is present, otherwise scp will not work"
   4233 else
   4234 echo "            sshd default user PATH: $I"
   4235 	if test ! -z "$external_path_file"; then
   4236 echo "   (If PATH is set in $external_path_file it will be used instead. If"
   4237 echo "   used, ensure the path to scp is present, otherwise scp will not work.)"
   4238 	fi
   4239 fi
   4240 if test ! -z "$superuser_path" ; then
   4241 echo "          sshd superuser user PATH: $J"
   4242 fi
   4243 echo "                    Manpage format: $MANTYPE"
   4244 echo "                       PAM support: $PAM_MSG"
   4245 echo "                   OSF SIA support: $SIA_MSG"
   4246 echo "                 KerberosV support: $KRB5_MSG"
   4247 echo "                   SELinux support: $SELINUX_MSG"
   4248 echo "                 Smartcard support: $SCARD_MSG"
   4249 echo "                     S/KEY support: $SKEY_MSG"
   4250 echo "              TCP Wrappers support: $TCPW_MSG"
   4251 echo "              MD5 password support: $MD5_MSG"
   4252 echo "                   libedit support: $LIBEDIT_MSG"
   4253 echo "  Solaris process contract support: $SPC_MSG"
   4254 echo "           Solaris project support: $SP_MSG"
   4255 echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
   4256 echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
   4257 echo "                  BSD Auth support: $BSD_AUTH_MSG"
   4258 echo "              Random number source: $RAND_MSG"
   4259 echo "             Privsep sandbox style: $SANDBOX_STYLE"
   4260 
   4261 echo ""
   4262 
   4263 echo "              Host: ${host}"
   4264 echo "          Compiler: ${CC}"
   4265 echo "    Compiler flags: ${CFLAGS}"
   4266 echo "Preprocessor flags: ${CPPFLAGS}"
   4267 echo "      Linker flags: ${LDFLAGS}"
   4268 echo "         Libraries: ${LIBS}"
   4269 if test ! -z "${SSHDLIBS}"; then
   4270 echo "         +for sshd: ${SSHDLIBS}"
   4271 fi
   4272 if test ! -z "${SSHLIBS}"; then
   4273 echo "          +for ssh: ${SSHLIBS}"
   4274 fi
   4275 
   4276 echo ""
   4277 
   4278 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
   4279 	echo "SVR4 style packages are supported with \"make package\""
   4280 	echo ""
   4281 fi
   4282 
   4283 if test "x$PAM_MSG" = "xyes" ; then
   4284 	echo "PAM is enabled. You may need to install a PAM control file "
   4285 	echo "for sshd, otherwise password authentication may fail. "
   4286 	echo "Example PAM control files can be found in the contrib/ "
   4287 	echo "subdirectory"
   4288 	echo ""
   4289 fi
   4290 
   4291 if test ! -z "$NO_PEERCHECK" ; then
   4292 	echo "WARNING: the operating system that you are using does not"
   4293 	echo "appear to support getpeereid(), getpeerucred() or the"
   4294 	echo "SO_PEERCRED getsockopt() option. These facilities are used to"
   4295 	echo "enforce security checks to prevent unauthorised connections to"
   4296 	echo "ssh-agent. Their absence increases the risk that a malicious"
   4297 	echo "user can connect to your agent."
   4298 	echo ""
   4299 fi
   4300 
   4301 if test "$AUDIT_MODULE" = "bsm" ; then
   4302 	echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
   4303 	echo "See the Solaris section in README.platform for details."
   4304 fi
   4305