3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
23 # Handle Globus configuration right away, because the Globus flavor
24 # determines our compiler options.
26 # Check whether the user wants GSI (Globus) support
29 [ --with-gsi Enable Globus GSI authentication support],
36 [ --with-globus Enable Globus GSI authentication support],
42 AC_ARG_WITH(globus-static,
43 [ --with-globus-static Link statically with Globus GSI libraries],
46 if test "x$gsi_path" = "xno" ; then
52 # Check whether the user has a Globus flavor type
53 globus_flavor_type="no"
54 AC_ARG_WITH(globus-flavor,
55 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
57 globus_flavor_type="$withval"
58 if test "x$gsi_path" = "xno" ; then
64 if test "x$gsi_path" != "xno" ; then
65 # Globus GSSAPI configuration
66 AC_MSG_CHECKING(for Globus GSI)
67 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
69 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
70 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
72 if test -z "$GSSAPI"; then
77 if test "x$gsi_path" = "xyes" ; then
78 if test -z "$GLOBUS_LOCATION" ; then
79 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
81 gsi_path="$GLOBUS_LOCATION"
84 GLOBUS_LOCATION="$gsi_path"
85 export GLOBUS_LOCATION
86 if test ! -d "$GLOBUS_LOCATION" ; then
87 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
90 if test "x$globus_flavor_type" = "xno" ; then
91 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
93 if test "x$globus_flavor_type" = "xyes" ; then
94 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
97 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
98 if test ! -d "$GLOBUS_INCLUDE" ; then
99 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
101 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
103 if test -x ${gsi_path}/bin/globus-makefile-header ; then
104 ${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
105 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
106 ${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
108 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
111 if test -n "${need_dash_r}"; then
112 GSI_LDFLAGS="-L${gsi_path}/lib -R${gsi_path}/lib"
114 GSI_LDFLAGS="-L${gsi_path}/lib"
116 if test -z "$GLOBUS_PKG_LIBS" ; then
117 AC_MSG_ERROR(globus-makefile-header failed)
120 AC_DEFINE(HAVE_GSSAPI_H)
123 CFLAGS="$GLOBUS_CFLAGS"
125 CPPFLAGS="$GLOBUS_CPPFLAGS $GLOBUS_INCLUDES"
126 LIBS="$LIBS $GLOBUS_LIBS $GLOBUS_PKG_LIBS"
128 LDFLAGS="$LDFLAGS $GLOBUS_LDFLAGS"
130 # test that we got the libraries OK
138 AC_MSG_ERROR(link with Globus libraries failed)
141 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
146 AC_SUBST(INSTALL_GSISSH)
147 # End Globus/GSI section
153 # Checks for programs.
160 AC_PATH_PROG(CAT, cat)
161 AC_PATH_PROG(KILL, kill)
162 AC_PATH_PROGS(PERL, perl5 perl)
163 AC_PATH_PROG(SED, sed)
165 AC_PATH_PROG(ENT, ent)
167 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
168 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
169 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
171 AC_SUBST(TEST_SHELL,sh)
174 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
175 [/usr/sbin${PATH_SEPARATOR}/etc])
176 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
177 [/usr/sbin${PATH_SEPARATOR}/etc])
178 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
179 if test -x /sbin/sh; then
180 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
182 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
188 if test -z "$AR" ; then
189 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
192 # Use LOGIN_PROGRAM from environment if possible
193 if test ! -z "$LOGIN_PROGRAM" ; then
194 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
195 [If your header files don't define LOGIN_PROGRAM,
196 then use this (detected) from environment and PATH])
199 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
200 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
201 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
205 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
206 if test ! -z "$PATH_PASSWD_PROG" ; then
207 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
208 [Full path of your "passwd" program])
211 if test -z "$LD" ; then
218 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
220 use_stack_protector=1
221 AC_ARG_WITH(stackprotect,
222 [ --without-stackprotect Don't use compiler's stack protection], [
223 if test "x$withval" = "xno"; then
224 use_stack_protector=0
227 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
228 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
229 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
231 1.*) no_attrib_nonnull=1 ;;
233 CFLAGS="$CFLAGS -Wsign-compare"
236 2.*) no_attrib_nonnull=1 ;;
237 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
238 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
242 # -fstack-protector-all doesn't always work for some GCC versions
243 # and/or platforms, so we test if we can. If it's not supported
244 # on a give platform gcc will emit a warning so we use -Werror.
245 if test "x$use_stack_protector" = "x1"; then
246 for t in -fstack-protector-all -fstack-protector; do
247 AC_MSG_CHECKING(if $CC supports $t)
248 saved_CFLAGS="$CFLAGS"
249 saved_LDFLAGS="$LDFLAGS"
250 CFLAGS="$CFLAGS $t -Werror"
251 LDFLAGS="$LDFLAGS $t -Werror"
255 int main(void){return 0;}
258 CFLAGS="$saved_CFLAGS $t"
259 LDFLAGS="$saved_LDFLAGS $t"
260 AC_MSG_CHECKING(if $t works)
264 int main(void){exit(0);}
268 [ AC_MSG_RESULT(no) ],
269 [ AC_MSG_WARN([cross compiling: cannot test])
273 [ AC_MSG_RESULT(no) ]
275 CFLAGS="$saved_CFLAGS"
276 LDFLAGS="$saved_LDFLAGS"
280 if test -z "$have_llong_max"; then
281 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
282 unset ac_cv_have_decl_LLONG_MAX
283 saved_CFLAGS="$CFLAGS"
284 CFLAGS="$CFLAGS -std=gnu99"
285 AC_CHECK_DECL(LLONG_MAX,
287 [CFLAGS="$saved_CFLAGS"],
288 [#include <limits.h>]
293 if test "x$no_attrib_nonnull" != "x1" ; then
294 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
298 [ --without-rpath Disable auto-added -R linker paths],
300 if test "x$withval" = "xno" ; then
303 if test "x$withval" = "xyes" ; then
309 # Allow user to specify flags
311 [ --with-cflags Specify additional flags to pass to compiler],
313 if test -n "$withval" && test "x$withval" != "xno" && \
314 test "x${withval}" != "xyes"; then
315 CFLAGS="$CFLAGS $withval"
319 AC_ARG_WITH(cppflags,
320 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
322 if test -n "$withval" && test "x$withval" != "xno" && \
323 test "x${withval}" != "xyes"; then
324 CPPFLAGS="$CPPFLAGS $withval"
329 [ --with-ldflags Specify additional flags to pass to linker],
331 if test -n "$withval" && test "x$withval" != "xno" && \
332 test "x${withval}" != "xyes"; then
333 LDFLAGS="$LDFLAGS $withval"
338 [ --with-libs Specify additional libraries to link with],
340 if test -n "$withval" && test "x$withval" != "xno" && \
341 test "x${withval}" != "xyes"; then
342 LIBS="$LIBS $withval"
347 [ --with-Werror Build main code with -Werror],
349 if test -n "$withval" && test "x$withval" != "xno"; then
350 werror_flags="-Werror"
351 if test "x${withval}" != "xyes"; then
352 werror_flags="$withval"
384 security/pam_appl.h \
423 # lastlog.h requires sys/time.h to be included first on Solaris
424 AC_CHECK_HEADERS(lastlog.h, [], [], [
425 #ifdef HAVE_SYS_TIME_H
426 # include <sys/time.h>
430 # sys/ptms.h requires sys/stream.h to be included first on Solaris
431 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
432 #ifdef HAVE_SYS_STREAM_H
433 # include <sys/stream.h>
437 # login_cap.h requires sys/types.h on NetBSD
438 AC_CHECK_HEADERS(login_cap.h, [], [], [
439 #include <sys/types.h>
442 # Messages for features tested for in target-specific section
446 # Check for some target-specific stuff
449 # Some versions of VAC won't allow macro redefinitions at
450 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
451 # particularly with older versions of vac or xlc.
452 # It also throws errors about null macro argments, but these are
454 AC_MSG_CHECKING(if compiler allows macro redefinitions)
457 #define testmacro foo
458 #define testmacro bar
459 int main(void) { exit(0); }
461 [ AC_MSG_RESULT(yes) ],
463 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
464 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
465 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
466 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
470 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
471 if (test -z "$blibpath"); then
472 blibpath="/usr/lib:/lib"
474 saved_LDFLAGS="$LDFLAGS"
475 if test "$GCC" = "yes"; then
476 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
478 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
480 for tryflags in $flags ;do
481 if (test -z "$blibflags"); then
482 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
483 AC_TRY_LINK([], [], [blibflags=$tryflags])
486 if (test -z "$blibflags"); then
487 AC_MSG_RESULT(not found)
488 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
490 AC_MSG_RESULT($blibflags)
492 LDFLAGS="$saved_LDFLAGS"
493 dnl Check for authenticate. Might be in libs.a on older AIXes
494 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
495 [Define if you want to enable AIX4's authenticate function])],
496 [AC_CHECK_LIB(s,authenticate,
497 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
501 dnl Check for various auth function declarations in headers.
502 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
503 passwdexpired, setauthdb], , , [#include <usersec.h>])
504 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
505 AC_CHECK_DECLS(loginfailed,
506 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
508 [#include <usersec.h>],
509 [(void)loginfailed("user","host","tty",0);],
511 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
512 [Define if your AIX loginfailed() function
513 takes 4 arguments (AIX >= 5.2)])],
517 [#include <usersec.h>]
519 AC_CHECK_FUNCS(getgrset setauthdb)
520 AC_CHECK_DECL(F_CLOSEM,
521 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
523 [ #include <limits.h>
526 check_for_aix_broken_getaddrinfo=1
527 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
528 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
529 [Define if your platform breaks doing a seteuid before a setuid])
530 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
531 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
532 dnl AIX handles lastlog as part of its login message
533 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
534 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
535 [Some systems need a utmpx entry for /bin/login to work])
536 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
537 [Define to a Set Process Title type if your system is
538 supported by bsd-setproctitle.c])
539 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
540 [AIX 5.2 and 5.3 (and presumably newer) require this])
541 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
544 check_for_libcrypt_later=1
545 LIBS="$LIBS /usr/lib/textreadmode.o"
546 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
547 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
548 AC_DEFINE(DISABLE_SHADOW, 1,
549 [Define if you want to disable shadow passwords])
550 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
551 [Define if your system choked on IP TOS setting])
552 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
553 [Define if X11 doesn't support AF_UNIX sockets on that system])
554 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
555 [Define if the concept of ports only accessible to
556 superusers isn't known])
557 AC_DEFINE(DISABLE_FD_PASSING, 1,
558 [Define if your platform needs to skip post auth
559 file descriptor passing])
562 AC_DEFINE(IP_TOS_IS_BROKEN)
563 AC_DEFINE(SETEUID_BREAKS_SETUID)
564 AC_DEFINE(BROKEN_SETREUID)
565 AC_DEFINE(BROKEN_SETREGID)
568 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
569 AC_DEFINE(BROKEN_GETADDRINFO)
570 AC_DEFINE(SETEUID_BREAKS_SETUID)
571 AC_DEFINE(BROKEN_SETREUID)
572 AC_DEFINE(BROKEN_SETREGID)
573 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
574 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
575 [Define if your resolver libs need this for getrrsetbyname])
576 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
577 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
578 [Use tunnel device compatibility to OpenBSD])
579 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
580 [Prepend the address family to IP tunnel traffic])
581 m4_pattern_allow(AU_IPv)
582 AC_CHECK_DECL(AU_IPv4, [],
583 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
584 [#include <bsm/audit.h>]
586 AC_MSG_CHECKING(if we have the Security Authorization Session API)
587 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
588 [SessionCreate(0, 0);],
589 [ac_cv_use_security_session_api="yes"
590 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
591 [platform has the Security Authorization Session API])
592 LIBS="$LIBS -framework Security"
594 [ac_cv_use_security_session_api="no"
596 AC_MSG_CHECKING(if we have an in-memory credentials cache)
598 [#include <Kerberos/Kerberos.h>],
600 (void) cc_initialize (&c, 0, NULL, NULL);],
601 [AC_DEFINE(USE_CCAPI, 1,
602 [platform uses an in-memory credentials cache])
603 LIBS="$LIBS -framework Security"
605 if test "x$ac_cv_use_security_session_api" = "xno"; then
606 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
612 SSHDLIBS="$SSHDLIBS -lcrypt"
615 # first we define all of the options common to all HP-UX releases
616 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
617 IPADDR_IN_DISPLAY=yes
619 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
620 [Define if your login program cannot handle end of options ("--")])
621 AC_DEFINE(LOGIN_NEEDS_UTMPX)
622 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
623 [String used in /etc/passwd to denote locked account])
624 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
625 MAIL="/var/mail/username"
627 AC_CHECK_LIB(xnet, t_error, ,
628 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
630 # next, we define all of the options specific to major releases
633 if test -z "$GCC"; then
638 AC_DEFINE(PAM_SUN_CODEBASE, 1,
639 [Define if you are using Solaris-derived PAM which
640 passes pam_messages to the conversation function
641 with an extra level of indirection])
642 AC_DEFINE(DISABLE_UTMP, 1,
643 [Define if you don't want to use utmp])
644 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
645 check_for_hpux_broken_getaddrinfo=1
646 check_for_conflicting_getspnam=1
650 # lastly, we define options specific to minor releases
653 AC_DEFINE(HAVE_SECUREWARE, 1,
654 [Define if you have SecureWare-based
655 protected password database])
656 disable_ptmx_check=yes
662 PATH="$PATH:/usr/etc"
663 AC_DEFINE(BROKEN_INET_NTOA, 1,
664 [Define if you system's inet_ntoa is busted
665 (e.g. Irix gcc issue)])
666 AC_DEFINE(SETEUID_BREAKS_SETUID)
667 AC_DEFINE(BROKEN_SETREUID)
668 AC_DEFINE(BROKEN_SETREGID)
669 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
670 [Define if you shouldn't strip 'tty' from your
672 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
675 PATH="$PATH:/usr/etc"
676 AC_DEFINE(WITH_IRIX_ARRAY, 1,
677 [Define if you have/want arrays
678 (cluster-wide session managment, not C arrays)])
679 AC_DEFINE(WITH_IRIX_PROJECT, 1,
680 [Define if you want IRIX project management])
681 AC_DEFINE(WITH_IRIX_AUDIT, 1,
682 [Define if you want IRIX audit trails])
683 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
684 [Define if you want IRIX kernel jobs])])
685 AC_DEFINE(BROKEN_INET_NTOA)
686 AC_DEFINE(SETEUID_BREAKS_SETUID)
687 AC_DEFINE(BROKEN_SETREUID)
688 AC_DEFINE(BROKEN_SETREGID)
689 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
690 AC_DEFINE(WITH_ABBREV_NO_TTY)
691 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
695 check_for_libcrypt_later=1
696 check_for_openpty_ctty_bug=1
697 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
698 AC_DEFINE(PAM_TTY_KLUDGE, 1,
699 [Work around problematic Linux PAM modules handling of PAM_TTY])
700 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
701 [String used in /etc/passwd to denote locked account])
702 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
703 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
704 [Define to whatever link() returns for "not supported"
705 if it doesn't return EOPNOTSUPP.])
706 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
708 inet6_default_4in6=yes
711 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
712 [Define if cmsg_type is not passed correctly])
715 # tun(4) forwarding compat code
716 AC_CHECK_HEADERS(linux/if_tun.h)
717 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
718 AC_DEFINE(SSH_TUN_LINUX, 1,
719 [Open tunnel devices the Linux tun/tap way])
720 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
721 [Use tunnel device compatibility to OpenBSD])
722 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
723 [Prepend the address family to IP tunnel traffic])
726 mips-sony-bsd|mips-sony-newsos4)
727 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
731 check_for_libcrypt_before=1
732 if test "x$withval" != "xno" ; then
735 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
736 AC_CHECK_HEADER([net/if_tap.h], ,
737 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
738 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
739 [Prepend the address family to IP tunnel traffic])
742 check_for_libcrypt_later=1
743 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
744 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
745 AC_CHECK_HEADER([net/if_tap.h], ,
746 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
747 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
750 AC_DEFINE(SETEUID_BREAKS_SETUID)
751 AC_DEFINE(BROKEN_SETREUID)
752 AC_DEFINE(BROKEN_SETREGID)
755 conf_lastlog_location="/usr/adm/lastlog"
756 conf_utmp_location=/etc/utmp
757 conf_wtmp_location=/usr/adm/wtmp
759 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
760 AC_DEFINE(BROKEN_REALPATH)
762 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
765 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
766 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
767 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
768 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
769 [syslog_r function is safe to use in in a signal handler])
772 if test "x$withval" != "xno" ; then
775 AC_DEFINE(PAM_SUN_CODEBASE)
776 AC_DEFINE(LOGIN_NEEDS_UTMPX)
777 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
778 [Some versions of /bin/login need the TERM supplied
780 AC_DEFINE(PAM_TTY_KLUDGE)
781 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
782 [Define if pam_chauthtok wants real uid set
783 to the unpriv'ed user])
784 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
785 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
786 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
787 [Define if sshd somehow reacquires a controlling TTY
789 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
790 in case the name is longer than 8 chars])
791 external_path_file=/etc/default/login
792 # hardwire lastlog location (can't detect it on some versions)
793 conf_lastlog_location="/var/adm/lastlog"
794 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
795 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
796 if test "$sol2ver" -ge 8; then
798 AC_DEFINE(DISABLE_UTMP)
799 AC_DEFINE(DISABLE_WTMP, 1,
800 [Define if you don't want to use wtmp])
804 AC_ARG_WITH(solaris-contracts,
805 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
807 AC_CHECK_LIB(contract, ct_tmpl_activate,
808 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
809 [Define if you have Solaris process contracts])
810 SSHDLIBS="$SSHDLIBS -lcontract"
817 CPPFLAGS="$CPPFLAGS -DSUNOS4"
818 AC_CHECK_FUNCS(getpwanam)
819 AC_DEFINE(PAM_SUN_CODEBASE)
820 conf_utmp_location=/etc/utmp
821 conf_wtmp_location=/var/adm/wtmp
822 conf_lastlog_location=/var/adm/lastlog
828 AC_DEFINE(SSHD_ACQUIRES_CTTY)
829 AC_DEFINE(SETEUID_BREAKS_SETUID)
830 AC_DEFINE(BROKEN_SETREUID)
831 AC_DEFINE(BROKEN_SETREGID)
834 # /usr/ucblib MUST NOT be searched on ReliantUNIX
835 AC_CHECK_LIB(dl, dlsym, ,)
836 # -lresolv needs to be at the end of LIBS or DNS lookups break
837 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
838 IPADDR_IN_DISPLAY=yes
840 AC_DEFINE(IP_TOS_IS_BROKEN)
841 AC_DEFINE(SETEUID_BREAKS_SETUID)
842 AC_DEFINE(BROKEN_SETREUID)
843 AC_DEFINE(BROKEN_SETREGID)
844 AC_DEFINE(SSHD_ACQUIRES_CTTY)
845 external_path_file=/etc/default/login
846 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
847 # Attention: always take care to bind libsocket and libnsl before libc,
848 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
850 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
853 AC_DEFINE(SETEUID_BREAKS_SETUID)
854 AC_DEFINE(BROKEN_SETREUID)
855 AC_DEFINE(BROKEN_SETREGID)
856 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
857 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
859 # UnixWare 7.x, OpenUNIX 8
861 check_for_libcrypt_later=1
862 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
864 AC_DEFINE(SETEUID_BREAKS_SETUID)
865 AC_DEFINE(BROKEN_SETREUID)
866 AC_DEFINE(BROKEN_SETREGID)
867 AC_DEFINE(PASSWD_NEEDS_USERNAME)
869 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
870 TEST_SHELL=/u95/bin/sh
871 AC_DEFINE(BROKEN_LIBIAF, 1,
872 [ia_uinfo routines not supported by OS yet])
873 AC_DEFINE(BROKEN_UPDWTMPX)
875 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
881 # SCO UNIX and OEM versions of SCO UNIX
883 AC_MSG_ERROR("This Platform is no longer supported.")
887 if test -z "$GCC"; then
888 CFLAGS="$CFLAGS -belf"
890 LIBS="$LIBS -lprot -lx -ltinfo -lm"
893 AC_DEFINE(HAVE_SECUREWARE)
894 AC_DEFINE(DISABLE_SHADOW)
895 AC_DEFINE(DISABLE_FD_PASSING)
896 AC_DEFINE(SETEUID_BREAKS_SETUID)
897 AC_DEFINE(BROKEN_SETREUID)
898 AC_DEFINE(BROKEN_SETREGID)
899 AC_DEFINE(WITH_ABBREV_NO_TTY)
900 AC_DEFINE(BROKEN_UPDWTMPX)
901 AC_DEFINE(PASSWD_NEEDS_USERNAME)
902 AC_CHECK_FUNCS(getluid setluid)
907 AC_DEFINE(NO_SSH_LASTLOG, 1,
908 [Define if you don't want to use lastlog in session.c])
909 AC_DEFINE(SETEUID_BREAKS_SETUID)
910 AC_DEFINE(BROKEN_SETREUID)
911 AC_DEFINE(BROKEN_SETREGID)
913 AC_DEFINE(DISABLE_FD_PASSING)
915 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
919 AC_DEFINE(SETEUID_BREAKS_SETUID)
920 AC_DEFINE(BROKEN_SETREUID)
921 AC_DEFINE(BROKEN_SETREGID)
922 AC_DEFINE(WITH_ABBREV_NO_TTY)
924 AC_DEFINE(DISABLE_FD_PASSING)
926 LIBS="$LIBS -lgen -lacid -ldb"
930 AC_DEFINE(SETEUID_BREAKS_SETUID)
931 AC_DEFINE(BROKEN_SETREUID)
932 AC_DEFINE(BROKEN_SETREGID)
934 AC_DEFINE(DISABLE_FD_PASSING)
935 AC_DEFINE(NO_SSH_LASTLOG)
936 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
937 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
941 AC_MSG_CHECKING(for Digital Unix SIA)
944 [ --with-osfsia Enable Digital Unix SIA],
946 if test "x$withval" = "xno" ; then
947 AC_MSG_RESULT(disabled)
952 if test -z "$no_osfsia" ; then
953 if test -f /etc/sia/matrix.conf; then
955 AC_DEFINE(HAVE_OSF_SIA, 1,
956 [Define if you have Digital Unix Security
957 Integration Architecture])
958 AC_DEFINE(DISABLE_LOGIN, 1,
959 [Define if you don't want to use your
960 system's login() call])
961 AC_DEFINE(DISABLE_FD_PASSING)
962 LIBS="$LIBS -lsecurity -ldb -lm -laud"
966 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
967 [String used in /etc/passwd to denote locked account])
970 AC_DEFINE(BROKEN_GETADDRINFO)
971 AC_DEFINE(SETEUID_BREAKS_SETUID)
972 AC_DEFINE(BROKEN_SETREUID)
973 AC_DEFINE(BROKEN_SETREGID)
978 AC_DEFINE(NO_X11_UNIX_SOCKETS)
979 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
980 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
981 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
982 AC_DEFINE(DISABLE_LASTLOG)
983 AC_DEFINE(SSHD_ACQUIRES_CTTY)
984 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
985 enable_etc_default_login=no # has incompatible /etc/default/login
988 AC_DEFINE(DISABLE_FD_PASSING)
994 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
995 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
996 AC_DEFINE(NEED_SETPGRP)
997 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
1001 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1002 AC_DEFINE(MISSING_HOWMANY)
1003 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
1007 AC_MSG_CHECKING(compiler and flags for sanity)
1011 int main(){exit(0);}
1013 [ AC_MSG_RESULT(yes) ],
1016 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1018 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1021 dnl Checks for header files.
1022 # Checks for libraries.
1023 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
1024 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
1026 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1027 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
1028 AC_CHECK_LIB(gen, dirname,[
1029 AC_CACHE_CHECK([for broken dirname],
1030 ac_cv_have_broken_dirname, [
1038 int main(int argc, char **argv) {
1041 strncpy(buf,"/etc", 32);
1043 if (!s || strncmp(s, "/", 32) != 0) {
1050 [ ac_cv_have_broken_dirname="no" ],
1051 [ ac_cv_have_broken_dirname="yes" ],
1052 [ ac_cv_have_broken_dirname="no" ],
1056 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1058 AC_DEFINE(HAVE_DIRNAME)
1059 AC_CHECK_HEADERS(libgen.h)
1064 AC_CHECK_FUNC(getspnam, ,
1065 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
1066 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
1067 [Define if you have the basename function.]))
1069 dnl zlib is required
1071 [ --with-zlib=PATH Use zlib in PATH],
1072 [ if test "x$withval" = "xno" ; then
1073 AC_MSG_ERROR([*** zlib is required ***])
1074 elif test "x$withval" != "xyes"; then
1075 if test -d "$withval/lib"; then
1076 if test -n "${need_dash_r}"; then
1077 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1079 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1082 if test -n "${need_dash_r}"; then
1083 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1085 LDFLAGS="-L${withval} ${LDFLAGS}"
1088 if test -d "$withval/include"; then
1089 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1091 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1096 AC_CHECK_LIB(z, deflate, ,
1098 saved_CPPFLAGS="$CPPFLAGS"
1099 saved_LDFLAGS="$LDFLAGS"
1101 dnl Check default zlib install dir
1102 if test -n "${need_dash_r}"; then
1103 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1105 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1107 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1109 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1111 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1116 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1118 AC_ARG_WITH(zlib-version-check,
1119 [ --without-zlib-version-check Disable zlib version check],
1120 [ if test "x$withval" = "xno" ; then
1121 zlib_check_nonfatal=1
1126 AC_MSG_CHECKING(for possibly buggy zlib)
1127 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1132 int a=0, b=0, c=0, d=0, n, v;
1133 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1134 if (n != 3 && n != 4)
1136 v = a*1000000 + b*10000 + c*100 + d;
1137 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1140 if (a == 1 && b == 1 && c >= 4)
1143 /* 1.2.3 and up are OK */
1151 [ AC_MSG_RESULT(yes)
1152 if test -z "$zlib_check_nonfatal" ; then
1153 AC_MSG_ERROR([*** zlib too old - check config.log ***
1154 Your reported zlib version has known security problems. It's possible your
1155 vendor has fixed these problems without changing the version number. If you
1156 are sure this is the case, you can disable the check by running
1157 "./configure --without-zlib-version-check".
1158 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1159 See http://www.gzip.org/zlib/ for details.])
1161 AC_MSG_WARN([zlib version may have security problems])
1164 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1168 AC_CHECK_FUNC(strcasecmp,
1169 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1171 AC_CHECK_FUNCS(utimes,
1172 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1173 LIBS="$LIBS -lc89"]) ]
1176 dnl Checks for libutil functions
1177 AC_CHECK_HEADERS(libutil.h)
1178 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1179 [Define if your libraries define login()])])
1180 AC_CHECK_FUNCS(logout updwtmp logwtmp)
1184 # Check for ALTDIRFUNC glob() extension
1185 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1186 AC_EGREP_CPP(FOUNDIT,
1189 #ifdef GLOB_ALTDIRFUNC
1194 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1195 [Define if your system glob() function has
1196 the GLOB_ALTDIRFUNC extension])
1204 # Check for g.gl_matchc glob() extension
1205 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1207 [ #include <glob.h> ],
1208 [glob_t g; g.gl_matchc = 1;],
1210 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1211 [Define if your system glob() function has
1212 gl_matchc options in glob_t])
1220 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1222 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1225 #include <sys/types.h>
1227 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1229 [AC_MSG_RESULT(yes)],
1232 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1233 [Define if your struct dirent expects you to
1234 allocate extra space for d_name])
1237 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1238 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1242 AC_MSG_CHECKING([for /proc/pid/fd directory])
1243 if test -d "/proc/$$/fd" ; then
1244 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1250 # Check whether user wants S/Key support
1253 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1255 if test "x$withval" != "xno" ; then
1257 if test "x$withval" != "xyes" ; then
1258 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1259 LDFLAGS="$LDFLAGS -L${withval}/lib"
1262 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1266 AC_MSG_CHECKING([for s/key support])
1271 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1273 [AC_MSG_RESULT(yes)],
1276 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1278 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1282 [(void)skeychallenge(NULL,"name","",0);],
1284 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1285 [Define if your skeychallenge()
1286 function takes 4 arguments (NetBSD)])],
1293 # Check whether user wants TCP wrappers support
1295 AC_ARG_WITH(tcp-wrappers,
1296 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1298 if test "x$withval" != "xno" ; then
1300 saved_LDFLAGS="$LDFLAGS"
1301 saved_CPPFLAGS="$CPPFLAGS"
1302 if test -n "${withval}" && \
1303 test "x${withval}" != "xyes"; then
1304 if test -d "${withval}/lib"; then
1305 if test -n "${need_dash_r}"; then
1306 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1308 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1311 if test -n "${need_dash_r}"; then
1312 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1314 LDFLAGS="-L${withval} ${LDFLAGS}"
1317 if test -d "${withval}/include"; then
1318 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1320 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1324 AC_MSG_CHECKING(for libwrap)
1327 #include <sys/types.h>
1328 #include <sys/socket.h>
1329 #include <netinet/in.h>
1331 int deny_severity = 0, allow_severity = 0;
1336 AC_DEFINE(LIBWRAP, 1,
1338 TCP Wrappers support])
1339 SSHDLIBS="$SSHDLIBS -lwrap"
1343 AC_MSG_ERROR([*** libwrap missing])
1351 # Check whether user wants libedit support
1353 AC_ARG_WITH(libedit,
1354 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1355 [ if test "x$withval" != "xno" ; then
1356 if test "x$withval" != "xyes"; then
1357 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1358 if test -n "${need_dash_r}"; then
1359 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1361 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1364 AC_CHECK_LIB(edit, el_init,
1365 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1366 LIBEDIT="-ledit -lcurses"
1370 [ AC_MSG_ERROR(libedit not found) ],
1373 AC_MSG_CHECKING(if libedit version is compatible)
1376 #include <histedit.h>
1380 el_init("", NULL, NULL, NULL);
1384 [ AC_MSG_RESULT(yes) ],
1386 AC_MSG_ERROR(libedit version is not compatible) ]
1393 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1395 AC_MSG_CHECKING(for supported audit module)
1400 dnl Checks for headers, libs and functions
1401 AC_CHECK_HEADERS(bsm/audit.h, [],
1402 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1409 AC_CHECK_LIB(bsm, getaudit, [],
1410 [AC_MSG_ERROR(BSM enabled and required library not found)])
1411 AC_CHECK_FUNCS(getaudit, [],
1412 [AC_MSG_ERROR(BSM enabled and required function not found)])
1413 # These are optional
1414 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1415 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1419 AC_MSG_RESULT(debug)
1420 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1426 AC_MSG_ERROR([Unknown audit module $withval])
1431 dnl Checks for library functions. Please keep in alphabetical order
1519 # IRIX has a const char return value for gai_strerror()
1520 AC_CHECK_FUNCS(gai_strerror,[
1521 AC_DEFINE(HAVE_GAI_STRERROR)
1523 #include <sys/types.h>
1524 #include <sys/socket.h>
1527 const char *gai_strerror(int);],[
1530 str = gai_strerror(0);],[
1531 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1532 [Define if gai_strerror() returns const char *])])])
1534 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1535 [Some systems put nanosleep outside of libc]))
1537 dnl Make sure prototypes are defined for these before using them.
1538 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1539 AC_CHECK_DECL(strsep,
1540 [AC_CHECK_FUNCS(strsep)],
1543 #ifdef HAVE_STRING_H
1544 # include <string.h>
1548 dnl tcsendbreak might be a macro
1549 AC_CHECK_DECL(tcsendbreak,
1550 [AC_DEFINE(HAVE_TCSENDBREAK)],
1551 [AC_CHECK_FUNCS(tcsendbreak)],
1552 [#include <termios.h>]
1555 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1557 AC_CHECK_DECLS(SHUT_RD, , ,
1559 #include <sys/types.h>
1560 #include <sys/socket.h>
1563 AC_CHECK_DECLS(O_NONBLOCK, , ,
1565 #include <sys/types.h>
1566 #ifdef HAVE_SYS_STAT_H
1567 # include <sys/stat.h>
1574 AC_CHECK_DECLS(writev, , , [
1575 #include <sys/types.h>
1576 #include <sys/uio.h>
1580 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1581 #include <sys/param.h>
1584 AC_CHECK_DECLS(offsetof, , , [
1588 AC_CHECK_FUNCS(setresuid, [
1589 dnl Some platorms have setresuid that isn't implemented, test for this
1590 AC_MSG_CHECKING(if setresuid seems to work)
1595 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1597 [AC_MSG_RESULT(yes)],
1598 [AC_DEFINE(BROKEN_SETRESUID, 1,
1599 [Define if your setresuid() is broken])
1600 AC_MSG_RESULT(not implemented)],
1601 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1605 AC_CHECK_FUNCS(setresgid, [
1606 dnl Some platorms have setresgid that isn't implemented, test for this
1607 AC_MSG_CHECKING(if setresgid seems to work)
1612 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1614 [AC_MSG_RESULT(yes)],
1615 [AC_DEFINE(BROKEN_SETRESGID, 1,
1616 [Define if your setresgid() is broken])
1617 AC_MSG_RESULT(not implemented)],
1618 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1622 dnl Checks for time functions
1623 AC_CHECK_FUNCS(gettimeofday time)
1624 dnl Checks for utmp functions
1625 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1626 AC_CHECK_FUNCS(utmpname)
1627 dnl Checks for utmpx functions
1628 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1629 AC_CHECK_FUNCS(setutxent utmpxname)
1631 AC_CHECK_FUNC(daemon,
1632 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1633 [AC_CHECK_LIB(bsd, daemon,
1634 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1637 AC_CHECK_FUNC(getpagesize,
1638 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1639 [Define if your libraries define getpagesize()])],
1640 [AC_CHECK_LIB(ucb, getpagesize,
1641 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1644 # Check for broken snprintf
1645 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1646 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1650 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1652 [AC_MSG_RESULT(yes)],
1655 AC_DEFINE(BROKEN_SNPRINTF, 1,
1656 [Define if your snprintf is busted])
1657 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1659 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1663 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1664 # returning the right thing on overflow: the number of characters it tried to
1665 # create (as per SUSv3)
1666 if test "x$ac_cv_func_asprintf" != "xyes" && \
1667 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1668 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1671 #include <sys/types.h>
1675 int x_snprintf(char *str,size_t count,const char *fmt,...)
1677 size_t ret; va_list ap;
1678 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1684 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1686 [AC_MSG_RESULT(yes)],
1689 AC_DEFINE(BROKEN_SNPRINTF, 1,
1690 [Define if your snprintf is busted])
1691 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1693 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1697 # On systems where [v]snprintf is broken, but is declared in stdio,
1698 # check that the fmt argument is const char * or just char *.
1699 # This is only useful for when BROKEN_SNPRINTF
1700 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1701 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1702 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1703 int main(void) { snprintf(0, 0, 0); }
1706 AC_DEFINE(SNPRINTF_CONST, [const],
1707 [Define as const if snprintf() can declare const char *fmt])],
1709 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1711 # Check for missing getpeereid (or equiv) support
1713 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1714 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1716 [#include <sys/types.h>
1717 #include <sys/socket.h>],
1718 [int i = SO_PEERCRED;],
1719 [ AC_MSG_RESULT(yes)
1720 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1727 dnl see whether mkstemp() requires XXXXXX
1728 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1729 AC_MSG_CHECKING([for (overly) strict mkstemp])
1733 main() { char template[]="conftest.mkstemp-test";
1734 if (mkstemp(template) == -1)
1736 unlink(template); exit(0);
1744 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1748 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1753 dnl make sure that openpty does not reacquire controlling terminal
1754 if test ! -z "$check_for_openpty_ctty_bug"; then
1755 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1759 #include <sys/fcntl.h>
1760 #include <sys/types.h>
1761 #include <sys/wait.h>
1767 int fd, ptyfd, ttyfd, status;
1770 if (pid < 0) { /* failed */
1772 } else if (pid > 0) { /* parent */
1773 waitpid(pid, &status, 0);
1774 if (WIFEXITED(status))
1775 exit(WEXITSTATUS(status));
1778 } else { /* child */
1779 close(0); close(1); close(2);
1781 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1782 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1784 exit(3); /* Acquired ctty: broken */
1786 exit(0); /* Did not acquire ctty: OK */
1795 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1798 AC_MSG_RESULT(cross-compiling, assuming yes)
1803 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1804 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1805 AC_MSG_CHECKING(if getaddrinfo seems to work)
1809 #include <sys/socket.h>
1812 #include <netinet/in.h>
1814 #define TEST_PORT "2222"
1820 struct addrinfo *gai_ai, *ai, hints;
1821 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1823 memset(&hints, 0, sizeof(hints));
1824 hints.ai_family = PF_UNSPEC;
1825 hints.ai_socktype = SOCK_STREAM;
1826 hints.ai_flags = AI_PASSIVE;
1828 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1830 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1834 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1835 if (ai->ai_family != AF_INET6)
1838 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1839 sizeof(ntop), strport, sizeof(strport),
1840 NI_NUMERICHOST|NI_NUMERICSERV);
1843 if (err == EAI_SYSTEM)
1844 perror("getnameinfo EAI_SYSTEM");
1846 fprintf(stderr, "getnameinfo failed: %s\n",
1851 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1854 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1867 AC_DEFINE(BROKEN_GETADDRINFO)
1870 AC_MSG_RESULT(cross-compiling, assuming yes)
1875 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1876 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1877 AC_MSG_CHECKING(if getaddrinfo seems to work)
1881 #include <sys/socket.h>
1884 #include <netinet/in.h>
1886 #define TEST_PORT "2222"
1892 struct addrinfo *gai_ai, *ai, hints;
1893 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1895 memset(&hints, 0, sizeof(hints));
1896 hints.ai_family = PF_UNSPEC;
1897 hints.ai_socktype = SOCK_STREAM;
1898 hints.ai_flags = AI_PASSIVE;
1900 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1902 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1906 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1907 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1910 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1911 sizeof(ntop), strport, sizeof(strport),
1912 NI_NUMERICHOST|NI_NUMERICSERV);
1914 if (ai->ai_family == AF_INET && err != 0) {
1915 perror("getnameinfo");
1924 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1925 [Define if you have a getaddrinfo that fails
1926 for the all-zeros IPv6 address])
1930 AC_DEFINE(BROKEN_GETADDRINFO)
1933 AC_MSG_RESULT(cross-compiling, assuming no)
1938 if test "x$check_for_conflicting_getspnam" = "x1"; then
1939 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1943 int main(void) {exit(0);}
1950 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1951 [Conflicting defs for getspnam])
1958 # Search for OpenSSL
1959 saved_CPPFLAGS="$CPPFLAGS"
1960 saved_LDFLAGS="$LDFLAGS"
1961 AC_ARG_WITH(ssl-dir,
1962 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1964 if test "x$withval" != "xno" ; then
1967 ./*|../*) withval="`pwd`/$withval"
1969 if test -d "$withval/lib"; then
1970 if test -n "${need_dash_r}"; then
1971 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1973 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1976 if test -n "${need_dash_r}"; then
1977 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1979 LDFLAGS="-L${withval} ${LDFLAGS}"
1982 if test -d "$withval/include"; then
1983 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1985 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1990 if test -z "$GSI_LDFLAGS" ; then
1991 LIBS="-lcrypto $LIBS"
1993 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1994 [Define if your ssl headers are included
1995 with #include <openssl/header.h>]),
1997 dnl Check default openssl install dir
1998 if test -n "${need_dash_r}"; then
1999 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2001 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2003 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2004 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2006 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2012 # Determine OpenSSL header version
2013 AC_MSG_CHECKING([OpenSSL header version])
2018 #include <openssl/opensslv.h>
2019 #define DATA "conftest.sslincver"
2024 fd = fopen(DATA,"w");
2028 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2035 ssl_header_ver=`cat conftest.sslincver`
2036 AC_MSG_RESULT($ssl_header_ver)
2039 AC_MSG_RESULT(not found)
2040 AC_MSG_ERROR(OpenSSL version header not found.)
2043 AC_MSG_WARN([cross compiling: not checking])
2047 # Determine OpenSSL library version
2048 AC_MSG_CHECKING([OpenSSL library version])
2053 #include <openssl/opensslv.h>
2054 #include <openssl/crypto.h>
2055 #define DATA "conftest.ssllibver"
2060 fd = fopen(DATA,"w");
2064 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2071 ssl_library_ver=`cat conftest.ssllibver`
2072 AC_MSG_RESULT($ssl_library_ver)
2075 AC_MSG_RESULT(not found)
2076 AC_MSG_ERROR(OpenSSL library not found.)
2079 AC_MSG_WARN([cross compiling: not checking])
2083 AC_ARG_WITH(openssl-header-check,
2084 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2085 [ if test "x$withval" = "xno" ; then
2086 openssl_check_nonfatal=1
2091 # Sanity check OpenSSL headers
2092 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2096 #include <openssl/opensslv.h>
2097 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2104 if test "x$openssl_check_nonfatal" = "x"; then
2105 AC_MSG_ERROR([Your OpenSSL headers do not match your
2106 library. Check config.log for details.
2107 If you are sure your installation is consistent, you can disable the check
2108 by running "./configure --without-openssl-header-check".
2109 Also see contrib/findssl.sh for help identifying header/library mismatches.
2112 AC_MSG_WARN([Your OpenSSL headers do not match your
2113 library. Check config.log for details.
2114 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2118 AC_MSG_WARN([cross compiling: not checking])
2122 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2125 #include <openssl/evp.h>
2126 int main(void) { SSLeay_add_all_algorithms(); }
2135 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2138 #include <openssl/evp.h>
2139 int main(void) { SSLeay_add_all_algorithms(); }
2152 AC_ARG_WITH(ssl-engine,
2153 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2154 [ if test "x$withval" != "xno" ; then
2155 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2157 [ #include <openssl/engine.h>],
2159 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2161 [ AC_MSG_RESULT(yes)
2162 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2163 [Enable OpenSSL engine support])
2165 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2170 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2171 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2175 #include <openssl/evp.h>
2176 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2183 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2184 [libcrypto is missing AES 192 and 256 bit functions])
2188 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2189 # because the system crypt() is more featureful.
2190 if test "x$check_for_libcrypt_before" = "x1"; then
2191 AC_CHECK_LIB(crypt, crypt)
2194 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2195 # version in OpenSSL.
2196 if test "x$check_for_libcrypt_later" = "x1"; then
2197 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2200 # Search for SHA256 support in libc and/or OpenSSL
2201 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2204 AC_CHECK_LIB(iaf, ia_openinfo, [
2206 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2207 AC_DEFINE(HAVE_LIBIAF, 1,
2208 [Define if system has libiaf that supports set_id])
2213 ### Configure cryptographic random number support
2215 # Check wheter OpenSSL seeds itself
2216 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2220 #include <openssl/rand.h>
2221 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2224 OPENSSL_SEEDS_ITSELF=yes
2229 # Default to use of the rand helper if OpenSSL doesn't
2234 AC_MSG_WARN([cross compiling: assuming yes])
2235 # This is safe, since all recent OpenSSL versions will
2236 # complain at runtime if not seeded correctly.
2237 OPENSSL_SEEDS_ITSELF=yes
2241 # Check for PAM libs
2244 [ --with-pam Enable PAM support ],
2246 if test "x$withval" != "xno" ; then
2247 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2248 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2249 AC_MSG_ERROR([PAM headers not found])
2253 AC_CHECK_LIB(dl, dlopen, , )
2254 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2255 AC_CHECK_FUNCS(pam_getenvlist)
2256 AC_CHECK_FUNCS(pam_putenv)
2261 SSHDLIBS="$SSHDLIBS -lpam"
2262 AC_DEFINE(USE_PAM, 1,
2263 [Define if you want to enable PAM support])
2265 if test $ac_cv_lib_dl_dlopen = yes; then
2268 # libdl already in LIBS
2271 SSHDLIBS="$SSHDLIBS -ldl"
2279 # Check for older PAM
2280 if test "x$PAM_MSG" = "xyes" ; then
2281 # Check PAM strerror arguments (old PAM)
2282 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2286 #if defined(HAVE_SECURITY_PAM_APPL_H)
2287 #include <security/pam_appl.h>
2288 #elif defined (HAVE_PAM_PAM_APPL_H)
2289 #include <pam/pam_appl.h>
2292 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2293 [AC_MSG_RESULT(no)],
2295 AC_DEFINE(HAVE_OLD_PAM, 1,
2296 [Define if you have an old version of PAM
2297 which takes only one argument to pam_strerror])
2299 PAM_MSG="yes (old library)"
2304 # Do we want to force the use of the rand helper?
2305 AC_ARG_WITH(rand-helper,
2306 [ --with-rand-helper Use subprocess to gather strong randomness ],
2308 if test "x$withval" = "xno" ; then
2309 # Force use of OpenSSL's internal RNG, even if
2310 # the previous test showed it to be unseeded.
2311 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2312 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2313 OPENSSL_SEEDS_ITSELF=yes
2322 # Which randomness source do we use?
2323 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2325 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2326 [Define if you want OpenSSL's internally seeded PRNG only])
2327 RAND_MSG="OpenSSL internal ONLY"
2328 INSTALL_SSH_RAND_HELPER=""
2329 elif test ! -z "$USE_RAND_HELPER" ; then
2330 # install rand helper
2331 RAND_MSG="ssh-rand-helper"
2332 INSTALL_SSH_RAND_HELPER="yes"
2334 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2336 ### Configuration of ssh-rand-helper
2339 AC_ARG_WITH(prngd-port,
2340 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2349 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2352 if test ! -z "$withval" ; then
2353 PRNGD_PORT="$withval"
2354 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2355 [Port number of PRNGD/EGD random number socket])
2360 # PRNGD Unix domain socket
2361 AC_ARG_WITH(prngd-socket,
2362 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2366 withval="/var/run/egd-pool"
2374 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2378 if test ! -z "$withval" ; then
2379 if test ! -z "$PRNGD_PORT" ; then
2380 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2382 if test ! -r "$withval" ; then
2383 AC_MSG_WARN(Entropy socket is not readable)
2385 PRNGD_SOCKET="$withval"
2386 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2387 [Location of PRNGD/EGD random number socket])
2391 # Check for existing socket only if we don't have a random device already
2392 if test "$USE_RAND_HELPER" = yes ; then
2393 AC_MSG_CHECKING(for PRNGD/EGD socket)
2394 # Insert other locations here
2395 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2396 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2397 PRNGD_SOCKET="$sock"
2398 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2402 if test ! -z "$PRNGD_SOCKET" ; then
2403 AC_MSG_RESULT($PRNGD_SOCKET)
2405 AC_MSG_RESULT(not found)
2411 # Change default command timeout for hashing entropy source
2413 AC_ARG_WITH(entropy-timeout,
2414 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2416 if test -n "$withval" && test "x$withval" != "xno" && \
2417 test "x${withval}" != "xyes"; then
2418 entropy_timeout=$withval
2422 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2423 [Builtin PRNG command timeout])
2425 SSH_PRIVSEP_USER=sshd
2426 AC_ARG_WITH(privsep-user,
2427 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2429 if test -n "$withval" && test "x$withval" != "xno" && \
2430 test "x${withval}" != "xyes"; then
2431 SSH_PRIVSEP_USER=$withval
2435 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2436 [non-privileged user for privilege separation])
2437 AC_SUBST(SSH_PRIVSEP_USER)
2439 # We do this little dance with the search path to insure
2440 # that programs that we select for use by installed programs
2441 # (which may be run by the super-user) come from trusted
2442 # locations before they come from the user's private area.
2443 # This should help avoid accidentally configuring some
2444 # random version of a program in someone's personal bin.
2448 test -h /bin 2> /dev/null && PATH=/usr/bin
2449 test -d /sbin && PATH=$PATH:/sbin
2450 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2451 PATH=$PATH:/etc:$OPATH
2453 # These programs are used by the command hashing source to gather entropy
2454 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2455 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2456 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2457 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2458 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2459 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2460 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2461 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2462 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2463 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2464 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2465 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2466 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2467 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2468 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2469 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2473 # Where does ssh-rand-helper get its randomness from?
2474 INSTALL_SSH_PRNG_CMDS=""
2475 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2476 if test ! -z "$PRNGD_PORT" ; then
2477 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2478 elif test ! -z "$PRNGD_SOCKET" ; then
2479 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2481 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2482 RAND_HELPER_CMDHASH=yes
2483 INSTALL_SSH_PRNG_CMDS="yes"
2486 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2489 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2490 if test ! -z "$SONY" ; then
2491 LIBS="$LIBS -liberty";
2494 # Check for long long datatypes
2495 AC_CHECK_TYPES([long long, unsigned long long, long double])
2497 # Check datatype sizes
2498 AC_CHECK_SIZEOF(char, 1)
2499 AC_CHECK_SIZEOF(short int, 2)
2500 AC_CHECK_SIZEOF(int, 4)
2501 AC_CHECK_SIZEOF(long int, 4)
2502 AC_CHECK_SIZEOF(long long int, 8)
2504 # Sanity check long long for some platforms (AIX)
2505 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2506 ac_cv_sizeof_long_long_int=0
2509 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2510 if test -z "$have_llong_max"; then
2511 AC_MSG_CHECKING([for max value of long long])
2515 /* Why is this so damn hard? */
2519 #define __USE_ISOC99
2521 #define DATA "conftest.llminmax"
2522 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2525 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2526 * we do this the hard way.
2529 fprint_ll(FILE *f, long long n)
2532 int l[sizeof(long long) * 8];
2535 if (fprintf(f, "-") < 0)
2537 for (i = 0; n != 0; i++) {
2538 l[i] = my_abs(n % 10);
2542 if (fprintf(f, "%d", l[--i]) < 0)
2545 if (fprintf(f, " ") < 0)
2552 long long i, llmin, llmax = 0;
2554 if((f = fopen(DATA,"w")) == NULL)
2557 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2558 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2562 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2563 /* This will work on one's complement and two's complement */
2564 for (i = 1; i > llmax; i <<= 1, i++)
2566 llmin = llmax + 1LL; /* wrap */
2570 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2571 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2572 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2573 fprintf(f, "unknown unknown\n");
2577 if (fprint_ll(f, llmin) < 0)
2579 if (fprint_ll(f, llmax) < 0)
2587 llong_min=`$AWK '{print $1}' conftest.llminmax`
2588 llong_max=`$AWK '{print $2}' conftest.llminmax`
2590 AC_MSG_RESULT($llong_max)
2591 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2592 [max value of long long calculated by configure])
2593 AC_MSG_CHECKING([for min value of long long])
2594 AC_MSG_RESULT($llong_min)
2595 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2596 [min value of long long calculated by configure])
2599 AC_MSG_RESULT(not found)
2602 AC_MSG_WARN([cross compiling: not checking])
2608 # More checks for data types
2609 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2611 [ #include <sys/types.h> ],
2613 [ ac_cv_have_u_int="yes" ],
2614 [ ac_cv_have_u_int="no" ]
2617 if test "x$ac_cv_have_u_int" = "xyes" ; then
2618 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2622 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2624 [ #include <sys/types.h> ],
2625 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2626 [ ac_cv_have_intxx_t="yes" ],
2627 [ ac_cv_have_intxx_t="no" ]
2630 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2631 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2635 if (test -z "$have_intxx_t" && \
2636 test "x$ac_cv_header_stdint_h" = "xyes")
2638 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2640 [ #include <stdint.h> ],
2641 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2643 AC_DEFINE(HAVE_INTXX_T)
2646 [ AC_MSG_RESULT(no) ]
2650 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2653 #include <sys/types.h>
2654 #ifdef HAVE_STDINT_H
2655 # include <stdint.h>
2657 #include <sys/socket.h>
2658 #ifdef HAVE_SYS_BITYPES_H
2659 # include <sys/bitypes.h>
2662 [ int64_t a; a = 1;],
2663 [ ac_cv_have_int64_t="yes" ],
2664 [ ac_cv_have_int64_t="no" ]
2667 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2668 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2671 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2673 [ #include <sys/types.h> ],
2674 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2675 [ ac_cv_have_u_intxx_t="yes" ],
2676 [ ac_cv_have_u_intxx_t="no" ]
2679 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2680 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2684 if test -z "$have_u_intxx_t" ; then
2685 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2687 [ #include <sys/socket.h> ],
2688 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2690 AC_DEFINE(HAVE_U_INTXX_T)
2693 [ AC_MSG_RESULT(no) ]
2697 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2699 [ #include <sys/types.h> ],
2700 [ u_int64_t a; a = 1;],
2701 [ ac_cv_have_u_int64_t="yes" ],
2702 [ ac_cv_have_u_int64_t="no" ]
2705 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2706 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2710 if test -z "$have_u_int64_t" ; then
2711 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2713 [ #include <sys/bitypes.h> ],
2714 [ u_int64_t a; a = 1],
2716 AC_DEFINE(HAVE_U_INT64_T)
2719 [ AC_MSG_RESULT(no) ]
2723 if test -z "$have_u_intxx_t" ; then
2724 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2727 #include <sys/types.h>
2729 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2730 [ ac_cv_have_uintxx_t="yes" ],
2731 [ ac_cv_have_uintxx_t="no" ]
2734 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2735 AC_DEFINE(HAVE_UINTXX_T, 1,
2736 [define if you have uintxx_t data type])
2740 if test -z "$have_uintxx_t" ; then
2741 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2743 [ #include <stdint.h> ],
2744 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2746 AC_DEFINE(HAVE_UINTXX_T)
2749 [ AC_MSG_RESULT(no) ]
2753 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2754 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2756 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2759 #include <sys/bitypes.h>
2762 int8_t a; int16_t b; int32_t c;
2763 u_int8_t e; u_int16_t f; u_int32_t g;
2764 a = b = c = e = f = g = 1;
2767 AC_DEFINE(HAVE_U_INTXX_T)
2768 AC_DEFINE(HAVE_INTXX_T)
2776 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2779 #include <sys/types.h>
2781 [ u_char foo; foo = 125; ],
2782 [ ac_cv_have_u_char="yes" ],
2783 [ ac_cv_have_u_char="no" ]
2786 if test "x$ac_cv_have_u_char" = "xyes" ; then
2787 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2792 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2794 AC_CHECK_TYPES(in_addr_t,,,
2795 [#include <sys/types.h>
2796 #include <netinet/in.h>])
2798 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2801 #include <sys/types.h>
2803 [ size_t foo; foo = 1235; ],
2804 [ ac_cv_have_size_t="yes" ],
2805 [ ac_cv_have_size_t="no" ]
2808 if test "x$ac_cv_have_size_t" = "xyes" ; then
2809 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2812 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2815 #include <sys/types.h>
2817 [ ssize_t foo; foo = 1235; ],
2818 [ ac_cv_have_ssize_t="yes" ],
2819 [ ac_cv_have_ssize_t="no" ]
2822 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2823 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2826 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2831 [ clock_t foo; foo = 1235; ],
2832 [ ac_cv_have_clock_t="yes" ],
2833 [ ac_cv_have_clock_t="no" ]
2836 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2837 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2840 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2843 #include <sys/types.h>
2844 #include <sys/socket.h>
2846 [ sa_family_t foo; foo = 1235; ],
2847 [ ac_cv_have_sa_family_t="yes" ],
2850 #include <sys/types.h>
2851 #include <sys/socket.h>
2852 #include <netinet/in.h>
2854 [ sa_family_t foo; foo = 1235; ],
2855 [ ac_cv_have_sa_family_t="yes" ],
2857 [ ac_cv_have_sa_family_t="no" ]
2861 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2862 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2863 [define if you have sa_family_t data type])
2866 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2869 #include <sys/types.h>
2871 [ pid_t foo; foo = 1235; ],
2872 [ ac_cv_have_pid_t="yes" ],
2873 [ ac_cv_have_pid_t="no" ]
2876 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2877 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2880 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2883 #include <sys/types.h>
2885 [ mode_t foo; foo = 1235; ],
2886 [ ac_cv_have_mode_t="yes" ],
2887 [ ac_cv_have_mode_t="no" ]
2890 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2891 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2895 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2898 #include <sys/types.h>
2899 #include <sys/socket.h>
2901 [ struct sockaddr_storage s; ],
2902 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2903 [ ac_cv_have_struct_sockaddr_storage="no" ]
2906 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2907 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2908 [define if you have struct sockaddr_storage data type])
2911 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2914 #include <sys/types.h>
2915 #include <netinet/in.h>
2917 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2918 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2919 [ ac_cv_have_struct_sockaddr_in6="no" ]
2922 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2923 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2924 [define if you have struct sockaddr_in6 data type])
2927 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2930 #include <sys/types.h>
2931 #include <netinet/in.h>
2933 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2934 [ ac_cv_have_struct_in6_addr="yes" ],
2935 [ ac_cv_have_struct_in6_addr="no" ]
2938 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2939 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2940 [define if you have struct in6_addr data type])
2943 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2946 #include <sys/types.h>
2947 #include <sys/socket.h>
2950 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2951 [ ac_cv_have_struct_addrinfo="yes" ],
2952 [ ac_cv_have_struct_addrinfo="no" ]
2955 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2956 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2957 [define if you have struct addrinfo data type])
2960 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2962 [ #include <sys/time.h> ],
2963 [ struct timeval tv; tv.tv_sec = 1;],
2964 [ ac_cv_have_struct_timeval="yes" ],
2965 [ ac_cv_have_struct_timeval="no" ]
2968 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2969 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2970 have_struct_timeval=1
2973 AC_CHECK_TYPES(struct timespec)
2975 # We need int64_t or else certian parts of the compile will fail.
2976 if test "x$ac_cv_have_int64_t" = "xno" && \
2977 test "x$ac_cv_sizeof_long_int" != "x8" && \
2978 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2979 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2980 echo "an alternative compiler (I.E., GCC) before continuing."
2984 dnl test snprintf (broken on SCO w/gcc)
2989 #ifdef HAVE_SNPRINTF
2993 char expected_out[50];
2995 #if (SIZEOF_LONG_INT == 8)
2996 long int num = 0x7fffffffffffffff;
2998 long long num = 0x7fffffffffffffffll;
3000 strcpy(expected_out, "9223372036854775807");
3001 snprintf(buf, mazsize, "%lld", num);
3002 if(strcmp(buf, expected_out) != 0)
3009 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3010 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3014 dnl Checks for structure members
3015 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3016 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3017 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3018 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3019 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3020 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3021 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3022 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3023 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3024 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3025 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3026 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3027 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3028 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3029 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3030 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3031 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3033 AC_CHECK_MEMBERS([struct stat.st_blksize])
3034 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3035 [Define if we don't have struct __res_state in resolv.h])],
3038 #if HAVE_SYS_TYPES_H
3039 # include <sys/types.h>
3041 #include <netinet/in.h>
3042 #include <arpa/nameser.h>
3046 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3047 ac_cv_have_ss_family_in_struct_ss, [
3050 #include <sys/types.h>
3051 #include <sys/socket.h>
3053 [ struct sockaddr_storage s; s.ss_family = 1; ],
3054 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3055 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3058 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3059 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3062 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3063 ac_cv_have___ss_family_in_struct_ss, [
3066 #include <sys/types.h>
3067 #include <sys/socket.h>
3069 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3070 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3071 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3074 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3075 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3076 [Fields in struct sockaddr_storage])
3079 AC_CACHE_CHECK([for pw_class field in struct passwd],
3080 ac_cv_have_pw_class_in_struct_passwd, [
3085 [ struct passwd p; p.pw_class = 0; ],
3086 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3087 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3090 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3091 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3092 [Define if your password has a pw_class field])
3095 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3096 ac_cv_have_pw_expire_in_struct_passwd, [
3101 [ struct passwd p; p.pw_expire = 0; ],
3102 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3103 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3106 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3107 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3108 [Define if your password has a pw_expire field])
3111 AC_CACHE_CHECK([for pw_change field in struct passwd],
3112 ac_cv_have_pw_change_in_struct_passwd, [
3117 [ struct passwd p; p.pw_change = 0; ],
3118 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3119 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3122 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3123 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3124 [Define if your password has a pw_change field])
3127 dnl make sure we're using the real structure members and not defines
3128 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3129 ac_cv_have_accrights_in_msghdr, [
3132 #include <sys/types.h>
3133 #include <sys/socket.h>
3134 #include <sys/uio.h>
3136 #ifdef msg_accrights
3137 #error "msg_accrights is a macro"
3141 m.msg_accrights = 0;
3145 [ ac_cv_have_accrights_in_msghdr="yes" ],
3146 [ ac_cv_have_accrights_in_msghdr="no" ]
3149 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3150 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3151 [Define if your system uses access rights style
3152 file descriptor passing])
3155 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3156 ac_cv_have_control_in_msghdr, [
3159 #include <sys/types.h>
3160 #include <sys/socket.h>
3161 #include <sys/uio.h>
3164 #error "msg_control is a macro"
3172 [ ac_cv_have_control_in_msghdr="yes" ],
3173 [ ac_cv_have_control_in_msghdr="no" ]
3176 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3177 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3178 [Define if your system uses ancillary data style
3179 file descriptor passing])
3182 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3184 [ extern char *__progname; printf("%s", __progname); ],
3185 [ ac_cv_libc_defines___progname="yes" ],
3186 [ ac_cv_libc_defines___progname="no" ]
3189 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3190 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3193 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3197 [ printf("%s", __FUNCTION__); ],
3198 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3199 [ ac_cv_cc_implements___FUNCTION__="no" ]
3202 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3203 AC_DEFINE(HAVE___FUNCTION__, 1,
3204 [Define if compiler implements __FUNCTION__])
3207 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3211 [ printf("%s", __func__); ],
3212 [ ac_cv_cc_implements___func__="yes" ],
3213 [ ac_cv_cc_implements___func__="no" ]
3216 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3217 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3220 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3222 [#include <stdarg.h>
3225 [ ac_cv_have_va_copy="yes" ],
3226 [ ac_cv_have_va_copy="no" ]
3229 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3230 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3233 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3235 [#include <stdarg.h>
3238 [ ac_cv_have___va_copy="yes" ],
3239 [ ac_cv_have___va_copy="no" ]
3242 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3243 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3246 AC_CACHE_CHECK([whether getopt has optreset support],
3247 ac_cv_have_getopt_optreset, [
3252 [ extern int optreset; optreset = 0; ],
3253 [ ac_cv_have_getopt_optreset="yes" ],
3254 [ ac_cv_have_getopt_optreset="no" ]
3257 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3258 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3259 [Define if your getopt(3) defines and uses optreset])
3262 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3264 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3265 [ ac_cv_libc_defines_sys_errlist="yes" ],
3266 [ ac_cv_libc_defines_sys_errlist="no" ]
3269 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3270 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3271 [Define if your system defines sys_errlist[]])
3275 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3277 [ extern int sys_nerr; printf("%i", sys_nerr);],
3278 [ ac_cv_libc_defines_sys_nerr="yes" ],
3279 [ ac_cv_libc_defines_sys_nerr="no" ]
3282 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3283 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3287 # Check whether user wants sectok support
3289 [ --with-sectok Enable smartcard support using libsectok],
3291 if test "x$withval" != "xno" ; then
3292 if test "x$withval" != "xyes" ; then
3293 CPPFLAGS="$CPPFLAGS -I${withval}"
3294 LDFLAGS="$LDFLAGS -L${withval}"
3295 if test ! -z "$need_dash_r" ; then
3296 LDFLAGS="$LDFLAGS -R${withval}"
3298 if test ! -z "$blibpath" ; then
3299 blibpath="$blibpath:${withval}"
3302 AC_CHECK_HEADERS(sectok.h)
3303 if test "$ac_cv_header_sectok_h" != yes; then
3304 AC_MSG_ERROR(Can't find sectok.h)
3306 AC_CHECK_LIB(sectok, sectok_open)
3307 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3308 AC_MSG_ERROR(Can't find libsectok)
3310 AC_DEFINE(SMARTCARD, 1,
3311 [Define if you want smartcard support])
3312 AC_DEFINE(USE_SECTOK, 1,
3313 [Define if you want smartcard support
3315 SCARD_MSG="yes, using sectok"
3320 # Check whether user wants OpenSC support
3323 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3325 if test "x$withval" != "xno" ; then
3326 if test "x$withval" != "xyes" ; then
3327 OPENSC_CONFIG=$withval/bin/opensc-config
3329 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3331 if test "$OPENSC_CONFIG" != "no"; then
3332 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3333 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3334 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3335 LIBS="$LIBS $LIBOPENSC_LIBS"
3336 AC_DEFINE(SMARTCARD)
3337 AC_DEFINE(USE_OPENSC, 1,
3338 [Define if you want smartcard support
3340 SCARD_MSG="yes, using OpenSC"
3346 # Check libraries needed by DNS fingerprint support
3347 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3348 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3349 [Define if getrrsetbyname() exists])],
3351 # Needed by our getrrsetbyname()
3352 AC_SEARCH_LIBS(res_query, resolv)
3353 AC_SEARCH_LIBS(dn_expand, resolv)
3354 AC_MSG_CHECKING(if res_query will link)
3355 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3358 LIBS="$LIBS -lresolv"
3359 AC_MSG_CHECKING(for res_query in -lresolv)
3364 res_query (0, 0, 0, 0, 0);
3368 [LIBS="$LIBS -lresolv"
3369 AC_MSG_RESULT(yes)],
3373 AC_CHECK_FUNCS(_getshort _getlong)
3374 AC_CHECK_DECLS([_getshort, _getlong], , ,
3375 [#include <sys/types.h>
3376 #include <arpa/nameser.h>])
3377 AC_CHECK_MEMBER(HEADER.ad,
3378 [AC_DEFINE(HAVE_HEADER_AD, 1,
3379 [Define if HEADER.ad exists in arpa/nameser.h])],,
3380 [#include <arpa/nameser.h>])
3383 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3386 #if HAVE_SYS_TYPES_H
3387 # include <sys/types.h>
3389 #include <netinet/in.h>
3390 #include <arpa/nameser.h>
3392 extern struct __res_state _res;
3393 int main() { return 0; }
3396 AC_DEFINE(HAVE__RES_EXTERN, 1,
3397 [Define if you have struct __res_state _res as an extern])
3399 [ AC_MSG_RESULT(no) ]
3402 # Check whether user wants SELinux support
3405 AC_ARG_WITH(selinux,
3406 [ --with-selinux Enable SELinux support],
3407 [ if test "x$withval" != "xno" ; then
3409 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3411 AC_CHECK_HEADER([selinux/selinux.h], ,
3412 AC_MSG_ERROR(SELinux support requires selinux.h header))
3413 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3414 AC_MSG_ERROR(SELinux support requires libselinux library))
3415 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3416 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3421 # Check whether the user wants GSSAPI mechglue support
3422 AC_ARG_WITH(mechglue,
3423 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
3425 AC_MSG_CHECKING(for mechglue library)
3427 if test -e ${withval}/libgssapi.a ; then
3428 mechglue_lib=${withval}/libgssapi.a
3429 elif test -e ${withval}/lib/libgssapi.a ; then
3430 mechglue_lib=${withval}/lib/libgssapi.a
3432 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
3434 LIBS="${mechglue_lib} $LIBS"
3435 AC_MSG_RESULT(${mechglue_lib})
3437 AC_CHECK_LIB(dl, dlopen, , )
3438 if test $ac_cv_lib_dl_dlopen = yes; then
3439 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
3443 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
3449 # Check whether user wants Kerberos 5 support
3451 AC_ARG_WITH(kerberos5,
3452 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3453 [ if test "x$withval" != "xno" ; then
3454 if test "x$withval" = "xyes" ; then
3455 KRB5ROOT="/usr/local"
3460 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3463 AC_MSG_CHECKING(for krb5-config)
3464 if test -x $KRB5ROOT/bin/krb5-config ; then
3465 KRB5CONF=$KRB5ROOT/bin/krb5-config
3466 AC_MSG_RESULT($KRB5CONF)
3468 AC_MSG_CHECKING(for gssapi support)
3469 if $KRB5CONF | grep gssapi >/dev/null ; then
3471 AC_DEFINE(GSSAPI, 1,
3472 [Define this if you want GSSAPI
3473 support in the version 2 protocol])
3479 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3480 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3481 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3482 AC_MSG_CHECKING(whether we are using Heimdal)
3483 AC_TRY_COMPILE([ #include <krb5.h> ],
3484 [ char *tmp = heimdal_version; ],
3485 [ AC_MSG_RESULT(yes)
3486 AC_DEFINE(HEIMDAL, 1,
3487 [Define this if you are using the
3488 Heimdal version of Kerberos V5]) ],
3493 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3494 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3495 AC_MSG_CHECKING(whether we are using Heimdal)
3496 AC_TRY_COMPILE([ #include <krb5.h> ],
3497 [ char *tmp = heimdal_version; ],
3498 [ AC_MSG_RESULT(yes)
3500 K5LIBS="-lkrb5 -ldes"
3501 K5LIBS="$K5LIBS -lcom_err -lasn1"
3502 AC_CHECK_LIB(roken, net_write,
3503 [K5LIBS="$K5LIBS -lroken"])
3506 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3509 AC_SEARCH_LIBS(dn_expand, resolv)
3511 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3513 K5LIBS="-lgssapi $K5LIBS" ],
3514 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3516 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3517 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3522 AC_CHECK_HEADER(gssapi.h, ,
3523 [ unset ac_cv_header_gssapi_h
3524 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3525 AC_CHECK_HEADERS(gssapi.h, ,
3526 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3532 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3533 AC_CHECK_HEADER(gssapi_krb5.h, ,
3534 [ CPPFLAGS="$oldCPP" ])
3536 # If we're using some other GSSAPI
3537 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3538 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3541 if test -z "$GSSAPI"; then
3546 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3547 AC_CHECK_HEADER(gssapi_krb5.h, ,
3548 [ CPPFLAGS="$oldCPP" ])
3551 if test ! -z "$need_dash_r" ; then
3552 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3554 if test ! -z "$blibpath" ; then
3555 blibpath="$blibpath:${KRB5ROOT}/lib"
3558 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3559 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3560 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3562 LIBS="$LIBS $K5LIBS"
3563 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3564 [Define this if you want to use libkafs' AFS support]))
3569 # Check whether user wants AFS_KRB5 support
3571 AC_ARG_WITH(afs-krb5,
3572 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3574 if test "x$withval" != "xno" ; then
3576 if test "x$withval" != "xyes" ; then
3577 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3578 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3580 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3582 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3585 if test -z "$KRB5ROOT" ; then
3586 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3589 LIBS="-lkrbafs -lkrb4 $LIBS"
3590 if test ! -z "$AFS_LIBS" ; then
3591 LIBS="$LIBS $AFS_LIBS"
3593 AC_DEFINE(AFS_KRB5, 1,
3594 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3600 AC_ARG_WITH(session-hooks,
3601 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3602 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3605 # Looking for programs, paths and files
3607 PRIVSEP_PATH=/var/empty
3608 AC_ARG_WITH(privsep-path,
3609 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3611 if test -n "$withval" && test "x$withval" != "xno" && \
3612 test "x${withval}" != "xyes"; then
3613 PRIVSEP_PATH=$withval
3617 AC_SUBST(PRIVSEP_PATH)
3620 [ --with-xauth=PATH Specify path to xauth program ],
3622 if test -n "$withval" && test "x$withval" != "xno" && \
3623 test "x${withval}" != "xyes"; then
3629 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3630 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3631 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3632 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3633 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3634 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3635 xauth_path="/usr/openwin/bin/xauth"
3641 AC_ARG_ENABLE(strip,
3642 [ --disable-strip Disable calling strip(1) on install],
3644 if test "x$enableval" = "xno" ; then
3651 if test -z "$xauth_path" ; then
3652 XAUTH_PATH="undefined"
3653 AC_SUBST(XAUTH_PATH)
3655 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3656 [Define if xauth is found in your path])
3657 XAUTH_PATH=$xauth_path
3658 AC_SUBST(XAUTH_PATH)
3661 # Check for mail directory (last resort if we cannot get it from headers)
3662 if test ! -z "$MAIL" ; then
3663 maildir=`dirname $MAIL`
3664 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3665 [Set this to your mail directory if you don't have maillock.h])
3668 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3669 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3670 disable_ptmx_check=yes
3672 if test -z "$no_dev_ptmx" ; then
3673 if test "x$disable_ptmx_check" != "xyes" ; then
3674 AC_CHECK_FILE("/dev/ptmx",
3676 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3677 [Define if you have /dev/ptmx])
3684 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3685 AC_CHECK_FILE("/dev/ptc",
3687 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3688 [Define if you have /dev/ptc])
3693 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3696 # Options from here on. Some of these are preset by platform above
3697 AC_ARG_WITH(mantype,
3698 [ --with-mantype=man|cat|doc Set man page type],
3705 AC_MSG_ERROR(invalid man type: $withval)
3710 if test -z "$MANTYPE"; then
3711 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3712 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3713 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3715 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3722 if test "$MANTYPE" = "doc"; then
3729 # Check whether to enable MD5 passwords
3731 AC_ARG_WITH(md5-passwords,
3732 [ --with-md5-passwords Enable use of MD5 passwords],
3734 if test "x$withval" != "xno" ; then
3735 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3736 [Define if you want to allow MD5 passwords])
3742 # Whether to disable shadow password support
3744 [ --without-shadow Disable shadow password support],
3746 if test "x$withval" = "xno" ; then
3747 AC_DEFINE(DISABLE_SHADOW)
3753 if test -z "$disable_shadow" ; then
3754 AC_MSG_CHECKING([if the systems has expire shadow information])
3757 #include <sys/types.h>
3760 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3761 [ sp_expire_available=yes ], []
3764 if test "x$sp_expire_available" = "xyes" ; then
3766 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3767 [Define if you want to use shadow password expire field])
3773 # Use ip address instead of hostname in $DISPLAY
3774 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3775 DISPLAY_HACK_MSG="yes"
3776 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3777 [Define if you need to use IP address
3778 instead of hostname in $DISPLAY])
3780 DISPLAY_HACK_MSG="no"
3781 AC_ARG_WITH(ipaddr-display,
3782 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3784 if test "x$withval" != "xno" ; then
3785 AC_DEFINE(IPADDR_IN_DISPLAY)
3786 DISPLAY_HACK_MSG="yes"
3792 # check for /etc/default/login and use it if present.
3793 AC_ARG_ENABLE(etc-default-login,
3794 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3795 [ if test "x$enableval" = "xno"; then
3796 AC_MSG_NOTICE([/etc/default/login handling disabled])
3797 etc_default_login=no
3799 etc_default_login=yes
3801 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3803 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3804 etc_default_login=no
3806 etc_default_login=yes
3810 if test "x$etc_default_login" != "xno"; then
3811 AC_CHECK_FILE("/etc/default/login",
3812 [ external_path_file=/etc/default/login ])
3813 if test "x$external_path_file" = "x/etc/default/login"; then
3814 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3815 [Define if your system has /etc/default/login])
3819 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3820 if test $ac_cv_func_login_getcapbool = "yes" && \
3821 test $ac_cv_header_login_cap_h = "yes" ; then
3822 external_path_file=/etc/login.conf
3825 # Whether to mess with the default path
3826 SERVER_PATH_MSG="(default)"
3827 AC_ARG_WITH(default-path,
3828 [ --with-default-path= Specify default \$PATH environment for server],
3830 if test "x$external_path_file" = "x/etc/login.conf" ; then
3832 --with-default-path=PATH has no effect on this system.
3833 Edit /etc/login.conf instead.])
3834 elif test "x$withval" != "xno" ; then
3835 if test ! -z "$external_path_file" ; then
3837 --with-default-path=PATH will only be used if PATH is not defined in
3838 $external_path_file .])
3840 user_path="$withval"
3841 SERVER_PATH_MSG="$withval"
3844 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3845 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3847 if test ! -z "$external_path_file" ; then
3849 If PATH is defined in $external_path_file, ensure the path to scp is included,
3850 otherwise scp will not work.])
3854 /* find out what STDPATH is */
3859 #ifndef _PATH_STDPATH
3860 # ifdef _PATH_USERPATH /* Irix */
3861 # define _PATH_STDPATH _PATH_USERPATH
3863 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3866 #include <sys/types.h>
3867 #include <sys/stat.h>
3869 #define DATA "conftest.stdpath"
3876 fd = fopen(DATA,"w");
3880 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3886 [ user_path=`cat conftest.stdpath` ],
3887 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3888 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3890 # make sure $bindir is in USER_PATH so scp will work
3891 t_bindir=`eval echo ${bindir}`
3893 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3896 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3898 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3899 if test $? -ne 0 ; then
3900 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3901 if test $? -ne 0 ; then
3902 user_path=$user_path:$t_bindir
3903 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3908 if test "x$external_path_file" != "x/etc/login.conf" ; then
3909 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3913 # Set superuser path separately to user path
3914 AC_ARG_WITH(superuser-path,
3915 [ --with-superuser-path= Specify different path for super-user],
3917 if test -n "$withval" && test "x$withval" != "xno" && \
3918 test "x${withval}" != "xyes"; then
3919 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3920 [Define if you want a different $PATH
3922 superuser_path=$withval
3928 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3929 IPV4_IN6_HACK_MSG="no"
3931 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3933 if test "x$withval" != "xno" ; then
3935 AC_DEFINE(IPV4_IN_IPV6, 1,
3936 [Detect IPv4 in IPv6 mapped addresses
3938 IPV4_IN6_HACK_MSG="yes"
3943 if test "x$inet6_default_4in6" = "xyes"; then
3944 AC_MSG_RESULT([yes (default)])
3945 AC_DEFINE(IPV4_IN_IPV6)
3946 IPV4_IN6_HACK_MSG="yes"
3948 AC_MSG_RESULT([no (default)])
3953 # Whether to enable BSD auth support
3955 AC_ARG_WITH(bsd-auth,
3956 [ --with-bsd-auth Enable BSD auth support],
3958 if test "x$withval" != "xno" ; then
3959 AC_DEFINE(BSD_AUTH, 1,
3960 [Define if you have BSD auth support])
3966 # Where to place sshd.pid
3968 # make sure the directory exists
3969 if test ! -d $piddir ; then
3970 piddir=`eval echo ${sysconfdir}`
3972 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3976 AC_ARG_WITH(pid-dir,
3977 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3979 if test -n "$withval" && test "x$withval" != "xno" && \
3980 test "x${withval}" != "xyes"; then
3982 if test ! -d $piddir ; then
3983 AC_MSG_WARN([** no $piddir directory on this system **])
3989 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3992 dnl allow user to disable some login recording features
3993 AC_ARG_ENABLE(lastlog,
3994 [ --disable-lastlog disable use of lastlog even if detected [no]],
3996 if test "x$enableval" = "xno" ; then
3997 AC_DEFINE(DISABLE_LASTLOG)
4002 [ --disable-utmp disable use of utmp even if detected [no]],
4004 if test "x$enableval" = "xno" ; then
4005 AC_DEFINE(DISABLE_UTMP)
4009 AC_ARG_ENABLE(utmpx,
4010 [ --disable-utmpx disable use of utmpx even if detected [no]],
4012 if test "x$enableval" = "xno" ; then
4013 AC_DEFINE(DISABLE_UTMPX, 1,
4014 [Define if you don't want to use utmpx])
4019 [ --disable-wtmp disable use of wtmp even if detected [no]],
4021 if test "x$enableval" = "xno" ; then
4022 AC_DEFINE(DISABLE_WTMP)
4026 AC_ARG_ENABLE(wtmpx,
4027 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4029 if test "x$enableval" = "xno" ; then
4030 AC_DEFINE(DISABLE_WTMPX, 1,
4031 [Define if you don't want to use wtmpx])
4035 AC_ARG_ENABLE(libutil,
4036 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4038 if test "x$enableval" = "xno" ; then
4039 AC_DEFINE(DISABLE_LOGIN)
4043 AC_ARG_ENABLE(pututline,
4044 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4046 if test "x$enableval" = "xno" ; then
4047 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4048 [Define if you don't want to use pututline()
4049 etc. to write [uw]tmp])
4053 AC_ARG_ENABLE(pututxline,
4054 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4056 if test "x$enableval" = "xno" ; then
4057 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4058 [Define if you don't want to use pututxline()
4059 etc. to write [uw]tmpx])
4063 AC_ARG_WITH(lastlog,
4064 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4066 if test "x$withval" = "xno" ; then
4067 AC_DEFINE(DISABLE_LASTLOG)
4068 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4069 conf_lastlog_location=$withval
4074 dnl lastlog, [uw]tmpx? detection
4075 dnl NOTE: set the paths in the platform section to avoid the
4076 dnl need for command-line parameters
4077 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4079 dnl lastlog detection
4080 dnl NOTE: the code itself will detect if lastlog is a directory
4081 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4083 #include <sys/types.h>
4085 #ifdef HAVE_LASTLOG_H
4086 # include <lastlog.h>
4095 [ char *lastlog = LASTLOG_FILE; ],
4096 [ AC_MSG_RESULT(yes) ],
4099 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4101 #include <sys/types.h>
4103 #ifdef HAVE_LASTLOG_H
4104 # include <lastlog.h>
4110 [ char *lastlog = _PATH_LASTLOG; ],
4111 [ AC_MSG_RESULT(yes) ],
4114 system_lastlog_path=no
4119 if test -z "$conf_lastlog_location"; then
4120 if test x"$system_lastlog_path" = x"no" ; then
4121 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4122 if (test -d "$f" || test -f "$f") ; then
4123 conf_lastlog_location=$f
4126 if test -z "$conf_lastlog_location"; then
4127 AC_MSG_WARN([** Cannot find lastlog **])
4128 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4133 if test -n "$conf_lastlog_location"; then
4134 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4135 [Define if you want to specify the path to your lastlog file])
4139 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4141 #include <sys/types.h>
4147 [ char *utmp = UTMP_FILE; ],
4148 [ AC_MSG_RESULT(yes) ],
4150 system_utmp_path=no ]
4152 if test -z "$conf_utmp_location"; then
4153 if test x"$system_utmp_path" = x"no" ; then
4154 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4155 if test -f $f ; then
4156 conf_utmp_location=$f
4159 if test -z "$conf_utmp_location"; then
4160 AC_DEFINE(DISABLE_UTMP)
4164 if test -n "$conf_utmp_location"; then
4165 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4166 [Define if you want to specify the path to your utmp file])
4170 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4172 #include <sys/types.h>
4178 [ char *wtmp = WTMP_FILE; ],
4179 [ AC_MSG_RESULT(yes) ],
4181 system_wtmp_path=no ]
4183 if test -z "$conf_wtmp_location"; then
4184 if test x"$system_wtmp_path" = x"no" ; then
4185 for f in /usr/adm/wtmp /var/log/wtmp; do
4186 if test -f $f ; then
4187 conf_wtmp_location=$f
4190 if test -z "$conf_wtmp_location"; then
4191 AC_DEFINE(DISABLE_WTMP)
4195 if test -n "$conf_wtmp_location"; then
4196 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4197 [Define if you want to specify the path to your wtmp file])
4201 dnl utmpx detection - I don't know any system so perverse as to require
4202 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4204 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4206 #include <sys/types.h>
4215 [ char *utmpx = UTMPX_FILE; ],
4216 [ AC_MSG_RESULT(yes) ],
4218 system_utmpx_path=no ]
4220 if test -z "$conf_utmpx_location"; then
4221 if test x"$system_utmpx_path" = x"no" ; then
4222 AC_DEFINE(DISABLE_UTMPX)
4225 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4226 [Define if you want to specify the path to your utmpx file])
4230 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4232 #include <sys/types.h>
4241 [ char *wtmpx = WTMPX_FILE; ],
4242 [ AC_MSG_RESULT(yes) ],
4244 system_wtmpx_path=no ]
4246 if test -z "$conf_wtmpx_location"; then
4247 if test x"$system_wtmpx_path" = x"no" ; then
4248 AC_DEFINE(DISABLE_WTMPX)
4251 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4252 [Define if you want to specify the path to your wtmpx file])
4256 if test ! -z "$blibpath" ; then
4257 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4258 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4261 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4263 CFLAGS="$CFLAGS $werror_flags"
4266 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4267 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4268 scard/Makefile ssh_prng_cmds survey.sh])
4271 # Print summary of options
4273 # Someone please show me a better way :)
4274 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4275 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4276 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4277 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4278 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4279 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4280 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4281 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4282 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4283 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4286 echo "OpenSSH has been configured with the following options:"
4287 echo " User binaries: $B"
4288 echo " System binaries: $C"
4289 echo " Configuration files: $D"
4290 echo " Askpass program: $E"
4291 echo " Manual pages: $F"
4292 echo " PID file: $G"
4293 echo " Privilege separation chroot path: $H"
4294 if test "x$external_path_file" = "x/etc/login.conf" ; then
4295 echo " At runtime, sshd will use the path defined in $external_path_file"
4296 echo " Make sure the path to scp is present, otherwise scp will not work"
4298 echo " sshd default user PATH: $I"
4299 if test ! -z "$external_path_file"; then
4300 echo " (If PATH is set in $external_path_file it will be used instead. If"
4301 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4304 if test ! -z "$superuser_path" ; then
4305 echo " sshd superuser user PATH: $J"
4307 echo " Manpage format: $MANTYPE"
4308 echo " PAM support: $PAM_MSG"
4309 echo " OSF SIA support: $SIA_MSG"
4310 echo " KerberosV support: $KRB5_MSG"
4311 echo " SELinux support: $SELINUX_MSG"
4312 echo " Smartcard support: $SCARD_MSG"
4313 echo " S/KEY support: $SKEY_MSG"
4314 echo " TCP Wrappers support: $TCPW_MSG"
4315 echo " MD5 password support: $MD5_MSG"
4316 echo " libedit support: $LIBEDIT_MSG"
4317 echo " Solaris process contract support: $SPC_MSG"
4318 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4319 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4320 echo " BSD Auth support: $BSD_AUTH_MSG"
4321 echo " Random number source: $RAND_MSG"
4322 if test ! -z "$USE_RAND_HELPER" ; then
4323 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4328 echo " Host: ${host}"
4329 echo " Compiler: ${CC}"
4330 echo " Compiler flags: ${CFLAGS}"
4331 echo "Preprocessor flags: ${CPPFLAGS}"
4332 echo " Linker flags: ${LDFLAGS}"
4333 echo " Libraries: ${LIBS}"
4334 if test ! -z "${SSHDLIBS}"; then
4335 echo " +for sshd: ${SSHDLIBS}"
4340 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4341 echo "SVR4 style packages are supported with \"make package\""
4345 if test "x$PAM_MSG" = "xyes" ; then
4346 echo "PAM is enabled. You may need to install a PAM control file "
4347 echo "for sshd, otherwise password authentication may fail. "
4348 echo "Example PAM control files can be found in the contrib/ "
4353 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4354 echo "WARNING: you are using the builtin random number collection "
4355 echo "service. Please read WARNING.RNG and request that your OS "
4356 echo "vendor includes kernel-based random number collection in "
4357 echo "future versions of your OS."
4361 if test ! -z "$NO_PEERCHECK" ; then
4362 echo "WARNING: the operating system that you are using does not"
4363 echo "appear to support getpeereid(), getpeerucred() or the"
4364 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4365 echo "enforce security checks to prevent unauthorised connections to"
4366 echo "ssh-agent. Their absence increases the risk that a malicious"
4367 echo "user can connect to your agent."
4371 if test "$AUDIT_MODULE" = "bsm" ; then
4372 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4373 echo "See the Solaris section in README.platform for details."