3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 if test -z "$have_llong_max"; then
109 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
110 unset ac_cv_have_decl_LLONG_MAX
111 saved_CFLAGS="$CFLAGS"
112 CFLAGS="$CFLAGS -std=gnu99"
113 AC_CHECK_DECL(LLONG_MAX,
115 [CFLAGS="$saved_CFLAGS"],
116 [#include <limits.h>]
121 if test "x$no_attrib_nonnull" != "x1" ; then
122 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
126 [ --without-rpath Disable auto-added -R linker paths],
128 if test "x$withval" = "xno" ; then
131 if test "x$withval" = "xyes" ; then
137 # Allow user to specify flags
139 [ --with-cflags Specify additional flags to pass to compiler],
141 if test -n "$withval" && test "x$withval" != "xno" && \
142 test "x${withval}" != "xyes"; then
143 CFLAGS="$CFLAGS $withval"
147 AC_ARG_WITH(cppflags,
148 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CPPFLAGS="$CPPFLAGS $withval"
157 [ --with-ldflags Specify additional flags to pass to linker],
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 LDFLAGS="$LDFLAGS $withval"
166 [ --with-libs Specify additional libraries to link with],
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LIBS="$LIBS $withval"
175 [ --with-Werror Build main code with -Werror],
177 if test -n "$withval" && test "x$withval" != "xno"; then
178 werror_flags="-Werror"
179 if test "x${withval}" != "xyes"; then
180 werror_flags="$withval"
212 security/pam_appl.h \
250 # lastlog.h requires sys/time.h to be included first on Solaris
251 AC_CHECK_HEADERS(lastlog.h, [], [], [
252 #ifdef HAVE_SYS_TIME_H
253 # include <sys/time.h>
257 # sys/ptms.h requires sys/stream.h to be included first on Solaris
258 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
259 #ifdef HAVE_SYS_STREAM_H
260 # include <sys/stream.h>
264 # login_cap.h requires sys/types.h on NetBSD
265 AC_CHECK_HEADERS(login_cap.h, [], [], [
266 #include <sys/types.h>
269 # Messages for features tested for in target-specific section
273 # Check for some target-specific stuff
276 # Some versions of VAC won't allow macro redefinitions at
277 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
278 # particularly with older versions of vac or xlc.
279 # It also throws errors about null macro argments, but these are
281 AC_MSG_CHECKING(if compiler allows macro redefinitions)
284 #define testmacro foo
285 #define testmacro bar
286 int main(void) { exit(0); }
288 [ AC_MSG_RESULT(yes) ],
290 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
291 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
292 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
293 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
297 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
298 if (test -z "$blibpath"); then
299 blibpath="/usr/lib:/lib"
301 saved_LDFLAGS="$LDFLAGS"
302 if test "$GCC" = "yes"; then
303 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
305 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
307 for tryflags in $flags ;do
308 if (test -z "$blibflags"); then
309 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
310 AC_TRY_LINK([], [], [blibflags=$tryflags])
313 if (test -z "$blibflags"); then
314 AC_MSG_RESULT(not found)
315 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
317 AC_MSG_RESULT($blibflags)
319 LDFLAGS="$saved_LDFLAGS"
320 dnl Check for authenticate. Might be in libs.a on older AIXes
321 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
322 [Define if you want to enable AIX4's authenticate function])],
323 [AC_CHECK_LIB(s,authenticate,
324 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
328 dnl Check for various auth function declarations in headers.
329 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
330 passwdexpired, setauthdb], , , [#include <usersec.h>])
331 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
332 AC_CHECK_DECLS(loginfailed,
333 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
335 [#include <usersec.h>],
336 [(void)loginfailed("user","host","tty",0);],
338 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
339 [Define if your AIX loginfailed() function
340 takes 4 arguments (AIX >= 5.2)])],
344 [#include <usersec.h>]
346 AC_CHECK_FUNCS(setauthdb)
347 AC_CHECK_DECL(F_CLOSEM,
348 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
350 [ #include <limits.h>
353 check_for_aix_broken_getaddrinfo=1
354 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
355 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
356 [Define if your platform breaks doing a seteuid before a setuid])
357 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
358 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
359 dnl AIX handles lastlog as part of its login message
360 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
361 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
362 [Some systems need a utmpx entry for /bin/login to work])
363 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
364 [Define to a Set Process Title type if your system is
365 supported by bsd-setproctitle.c])
366 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
367 [AIX 5.2 and 5.3 (and presumably newer) require this])
368 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
371 check_for_libcrypt_later=1
372 LIBS="$LIBS /usr/lib/textreadmode.o"
373 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
374 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
375 AC_DEFINE(DISABLE_SHADOW, 1,
376 [Define if you want to disable shadow passwords])
377 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
378 [Define if your system choked on IP TOS setting])
379 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
380 [Define if X11 doesn't support AF_UNIX sockets on that system])
381 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
382 [Define if the concept of ports only accessible to
383 superusers isn't known])
384 AC_DEFINE(DISABLE_FD_PASSING, 1,
385 [Define if your platform needs to skip post auth
386 file descriptor passing])
389 AC_DEFINE(IP_TOS_IS_BROKEN)
390 AC_DEFINE(SETEUID_BREAKS_SETUID)
391 AC_DEFINE(BROKEN_SETREUID)
392 AC_DEFINE(BROKEN_SETREGID)
395 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
396 AC_DEFINE(BROKEN_GETADDRINFO)
397 AC_DEFINE(SETEUID_BREAKS_SETUID)
398 AC_DEFINE(BROKEN_SETREUID)
399 AC_DEFINE(BROKEN_SETREGID)
400 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
401 [Define if your resolver libs need this for getrrsetbyname])
402 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
403 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
404 [Use tunnel device compatibility to OpenBSD])
405 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
406 [Prepend the address family to IP tunnel traffic])
407 AC_MSG_CHECKING(if we have the Security Authorization Session API)
408 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
409 [SessionCreate(0, 0);],
410 [ac_cv_use_security_session_api="yes"
411 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
412 [platform has the Security Authorization Session API])
413 LIBS="$LIBS -framework Security"
415 [ac_cv_use_security_session_api="no"
417 AC_MSG_CHECKING(if we have an in-memory credentials cache)
419 [#include <Kerberos/Kerberos.h>],
421 (void) cc_initialize (&c, 0, NULL, NULL);],
422 [AC_DEFINE(USE_CCAPI, 1,
423 [platform uses an in-memory credentials cache])
424 LIBS="$LIBS -framework Security"
426 if test "x$ac_cv_use_security_session_api" = "xno"; then
427 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
433 SSHDLIBS="$SSHDLIBS -lcrypt"
436 # first we define all of the options common to all HP-UX releases
437 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
438 IPADDR_IN_DISPLAY=yes
440 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
441 [Define if your login program cannot handle end of options ("--")])
442 AC_DEFINE(LOGIN_NEEDS_UTMPX)
443 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
444 [String used in /etc/passwd to denote locked account])
445 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
446 MAIL="/var/mail/username"
448 AC_CHECK_LIB(xnet, t_error, ,
449 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
451 # next, we define all of the options specific to major releases
454 if test -z "$GCC"; then
459 AC_DEFINE(PAM_SUN_CODEBASE, 1,
460 [Define if you are using Solaris-derived PAM which
461 passes pam_messages to the conversation function
462 with an extra level of indirection])
463 AC_DEFINE(DISABLE_UTMP, 1,
464 [Define if you don't want to use utmp])
465 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
466 check_for_hpux_broken_getaddrinfo=1
467 check_for_conflicting_getspnam=1
471 # lastly, we define options specific to minor releases
474 AC_DEFINE(HAVE_SECUREWARE, 1,
475 [Define if you have SecureWare-based
476 protected password database])
477 disable_ptmx_check=yes
483 PATH="$PATH:/usr/etc"
484 AC_DEFINE(BROKEN_INET_NTOA, 1,
485 [Define if you system's inet_ntoa is busted
486 (e.g. Irix gcc issue)])
487 AC_DEFINE(SETEUID_BREAKS_SETUID)
488 AC_DEFINE(BROKEN_SETREUID)
489 AC_DEFINE(BROKEN_SETREGID)
490 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
491 [Define if you shouldn't strip 'tty' from your
493 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
496 PATH="$PATH:/usr/etc"
497 AC_DEFINE(WITH_IRIX_ARRAY, 1,
498 [Define if you have/want arrays
499 (cluster-wide session managment, not C arrays)])
500 AC_DEFINE(WITH_IRIX_PROJECT, 1,
501 [Define if you want IRIX project management])
502 AC_DEFINE(WITH_IRIX_AUDIT, 1,
503 [Define if you want IRIX audit trails])
504 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
505 [Define if you want IRIX kernel jobs])])
506 AC_DEFINE(BROKEN_INET_NTOA)
507 AC_DEFINE(SETEUID_BREAKS_SETUID)
508 AC_DEFINE(BROKEN_SETREUID)
509 AC_DEFINE(BROKEN_SETREGID)
510 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
511 AC_DEFINE(WITH_ABBREV_NO_TTY)
512 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
516 check_for_libcrypt_later=1
517 check_for_openpty_ctty_bug=1
518 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
519 AC_DEFINE(PAM_TTY_KLUDGE, 1,
520 [Work around problematic Linux PAM modules handling of PAM_TTY])
521 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
522 [String used in /etc/passwd to denote locked account])
523 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
524 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
525 [Define to whatever link() returns for "not supported"
526 if it doesn't return EOPNOTSUPP.])
527 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
529 inet6_default_4in6=yes
532 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
533 [Define if cmsg_type is not passed correctly])
536 # tun(4) forwarding compat code
537 AC_CHECK_HEADERS(linux/if_tun.h)
538 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
539 AC_DEFINE(SSH_TUN_LINUX, 1,
540 [Open tunnel devices the Linux tun/tap way])
541 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
542 [Use tunnel device compatibility to OpenBSD])
543 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
544 [Prepend the address family to IP tunnel traffic])
547 mips-sony-bsd|mips-sony-newsos4)
548 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
552 check_for_libcrypt_before=1
553 if test "x$withval" != "xno" ; then
556 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
557 AC_CHECK_HEADER([net/if_tap.h], ,
558 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
559 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
560 [Prepend the address family to IP tunnel traffic])
563 check_for_libcrypt_later=1
564 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
565 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
566 AC_CHECK_HEADER([net/if_tap.h], ,
567 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
570 AC_DEFINE(SETEUID_BREAKS_SETUID)
571 AC_DEFINE(BROKEN_SETREUID)
572 AC_DEFINE(BROKEN_SETREGID)
575 conf_lastlog_location="/usr/adm/lastlog"
576 conf_utmp_location=/etc/utmp
577 conf_wtmp_location=/usr/adm/wtmp
579 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
580 AC_DEFINE(BROKEN_REALPATH)
582 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
585 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
586 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
587 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
588 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
589 [syslog_r function is safe to use in in a signal handler])
592 if test "x$withval" != "xno" ; then
595 AC_DEFINE(PAM_SUN_CODEBASE)
596 AC_DEFINE(LOGIN_NEEDS_UTMPX)
597 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
598 [Some versions of /bin/login need the TERM supplied
600 AC_DEFINE(PAM_TTY_KLUDGE)
601 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
602 [Define if pam_chauthtok wants real uid set
603 to the unpriv'ed user])
604 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
605 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
606 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
607 [Define if sshd somehow reacquires a controlling TTY
609 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
610 in case the name is longer than 8 chars])
611 external_path_file=/etc/default/login
612 # hardwire lastlog location (can't detect it on some versions)
613 conf_lastlog_location="/var/adm/lastlog"
614 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
615 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
616 if test "$sol2ver" -ge 8; then
618 AC_DEFINE(DISABLE_UTMP)
619 AC_DEFINE(DISABLE_WTMP, 1,
620 [Define if you don't want to use wtmp])
624 AC_ARG_WITH(solaris-contracts,
625 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
627 AC_CHECK_LIB(contract, ct_tmpl_activate,
628 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
629 [Define if you have Solaris process contracts])
630 SSHDLIBS="$SSHDLIBS -lcontract"
637 CPPFLAGS="$CPPFLAGS -DSUNOS4"
638 AC_CHECK_FUNCS(getpwanam)
639 AC_DEFINE(PAM_SUN_CODEBASE)
640 conf_utmp_location=/etc/utmp
641 conf_wtmp_location=/var/adm/wtmp
642 conf_lastlog_location=/var/adm/lastlog
648 AC_DEFINE(SSHD_ACQUIRES_CTTY)
649 AC_DEFINE(SETEUID_BREAKS_SETUID)
650 AC_DEFINE(BROKEN_SETREUID)
651 AC_DEFINE(BROKEN_SETREGID)
654 # /usr/ucblib MUST NOT be searched on ReliantUNIX
655 AC_CHECK_LIB(dl, dlsym, ,)
656 # -lresolv needs to be at the end of LIBS or DNS lookups break
657 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
658 IPADDR_IN_DISPLAY=yes
660 AC_DEFINE(IP_TOS_IS_BROKEN)
661 AC_DEFINE(SETEUID_BREAKS_SETUID)
662 AC_DEFINE(BROKEN_SETREUID)
663 AC_DEFINE(BROKEN_SETREGID)
664 AC_DEFINE(SSHD_ACQUIRES_CTTY)
665 external_path_file=/etc/default/login
666 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
667 # Attention: always take care to bind libsocket and libnsl before libc,
668 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
670 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
673 AC_DEFINE(SETEUID_BREAKS_SETUID)
674 AC_DEFINE(BROKEN_SETREUID)
675 AC_DEFINE(BROKEN_SETREGID)
676 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
677 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
679 # UnixWare 7.x, OpenUNIX 8
681 check_for_libcrypt_later=1
682 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
684 AC_DEFINE(SETEUID_BREAKS_SETUID)
685 AC_DEFINE(BROKEN_SETREUID)
686 AC_DEFINE(BROKEN_SETREGID)
687 AC_DEFINE(PASSWD_NEEDS_USERNAME)
689 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
690 TEST_SHELL=/u95/bin/sh
691 AC_DEFINE(BROKEN_LIBIAF, 1,
692 [ia_uinfo routines not supported by OS yet])
693 AC_DEFINE(BROKEN_UPDWTMPX)
695 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
701 # SCO UNIX and OEM versions of SCO UNIX
703 AC_MSG_ERROR("This Platform is no longer supported.")
707 if test -z "$GCC"; then
708 CFLAGS="$CFLAGS -belf"
710 LIBS="$LIBS -lprot -lx -ltinfo -lm"
713 AC_DEFINE(HAVE_SECUREWARE)
714 AC_DEFINE(DISABLE_SHADOW)
715 AC_DEFINE(DISABLE_FD_PASSING)
716 AC_DEFINE(SETEUID_BREAKS_SETUID)
717 AC_DEFINE(BROKEN_SETREUID)
718 AC_DEFINE(BROKEN_SETREGID)
719 AC_DEFINE(WITH_ABBREV_NO_TTY)
720 AC_DEFINE(BROKEN_UPDWTMPX)
721 AC_DEFINE(PASSWD_NEEDS_USERNAME)
722 AC_CHECK_FUNCS(getluid setluid)
727 AC_DEFINE(NO_SSH_LASTLOG, 1,
728 [Define if you don't want to use lastlog in session.c])
729 AC_DEFINE(SETEUID_BREAKS_SETUID)
730 AC_DEFINE(BROKEN_SETREUID)
731 AC_DEFINE(BROKEN_SETREGID)
733 AC_DEFINE(DISABLE_FD_PASSING)
735 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
739 AC_DEFINE(SETEUID_BREAKS_SETUID)
740 AC_DEFINE(BROKEN_SETREUID)
741 AC_DEFINE(BROKEN_SETREGID)
742 AC_DEFINE(WITH_ABBREV_NO_TTY)
744 AC_DEFINE(DISABLE_FD_PASSING)
746 LIBS="$LIBS -lgen -lacid -ldb"
750 AC_DEFINE(SETEUID_BREAKS_SETUID)
751 AC_DEFINE(BROKEN_SETREUID)
752 AC_DEFINE(BROKEN_SETREGID)
754 AC_DEFINE(DISABLE_FD_PASSING)
755 AC_DEFINE(NO_SSH_LASTLOG)
756 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
757 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
761 AC_MSG_CHECKING(for Digital Unix SIA)
764 [ --with-osfsia Enable Digital Unix SIA],
766 if test "x$withval" = "xno" ; then
767 AC_MSG_RESULT(disabled)
772 if test -z "$no_osfsia" ; then
773 if test -f /etc/sia/matrix.conf; then
775 AC_DEFINE(HAVE_OSF_SIA, 1,
776 [Define if you have Digital Unix Security
777 Integration Architecture])
778 AC_DEFINE(DISABLE_LOGIN, 1,
779 [Define if you don't want to use your
780 system's login() call])
781 AC_DEFINE(DISABLE_FD_PASSING)
782 LIBS="$LIBS -lsecurity -ldb -lm -laud"
786 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
787 [String used in /etc/passwd to denote locked account])
790 AC_DEFINE(BROKEN_GETADDRINFO)
791 AC_DEFINE(SETEUID_BREAKS_SETUID)
792 AC_DEFINE(BROKEN_SETREUID)
793 AC_DEFINE(BROKEN_SETREGID)
798 AC_DEFINE(NO_X11_UNIX_SOCKETS)
799 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
800 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
801 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
802 AC_DEFINE(DISABLE_LASTLOG)
803 AC_DEFINE(SSHD_ACQUIRES_CTTY)
804 enable_etc_default_login=no # has incompatible /etc/default/login
807 AC_DEFINE(DISABLE_FD_PASSING)
813 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
814 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
815 AC_DEFINE(NEED_SETPGRP)
816 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
820 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
821 AC_DEFINE(MISSING_HOWMANY)
822 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
826 AC_MSG_CHECKING(compiler and flags for sanity)
832 [ AC_MSG_RESULT(yes) ],
835 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
837 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
840 dnl Checks for header files.
841 # Checks for libraries.
842 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
843 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
845 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
846 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
847 AC_CHECK_LIB(gen, dirname,[
848 AC_CACHE_CHECK([for broken dirname],
849 ac_cv_have_broken_dirname, [
857 int main(int argc, char **argv) {
860 strncpy(buf,"/etc", 32);
862 if (!s || strncmp(s, "/", 32) != 0) {
869 [ ac_cv_have_broken_dirname="no" ],
870 [ ac_cv_have_broken_dirname="yes" ],
871 [ ac_cv_have_broken_dirname="no" ],
875 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
877 AC_DEFINE(HAVE_DIRNAME)
878 AC_CHECK_HEADERS(libgen.h)
883 AC_CHECK_FUNC(getspnam, ,
884 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
885 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
886 [Define if you have the basename function.]))
890 [ --with-zlib=PATH Use zlib in PATH],
891 [ if test "x$withval" = "xno" ; then
892 AC_MSG_ERROR([*** zlib is required ***])
893 elif test "x$withval" != "xyes"; then
894 if test -d "$withval/lib"; then
895 if test -n "${need_dash_r}"; then
896 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
898 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
901 if test -n "${need_dash_r}"; then
902 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
904 LDFLAGS="-L${withval} ${LDFLAGS}"
907 if test -d "$withval/include"; then
908 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
910 CPPFLAGS="-I${withval} ${CPPFLAGS}"
915 AC_CHECK_LIB(z, deflate, ,
917 saved_CPPFLAGS="$CPPFLAGS"
918 saved_LDFLAGS="$LDFLAGS"
920 dnl Check default zlib install dir
921 if test -n "${need_dash_r}"; then
922 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
924 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
926 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
928 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
930 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
935 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
937 AC_ARG_WITH(zlib-version-check,
938 [ --without-zlib-version-check Disable zlib version check],
939 [ if test "x$withval" = "xno" ; then
940 zlib_check_nonfatal=1
945 AC_MSG_CHECKING(for possibly buggy zlib)
946 AC_RUN_IFELSE([AC_LANG_SOURCE([[
951 int a=0, b=0, c=0, d=0, n, v;
952 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
953 if (n != 3 && n != 4)
955 v = a*1000000 + b*10000 + c*100 + d;
956 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
959 if (a == 1 && b == 1 && c >= 4)
962 /* 1.2.3 and up are OK */
971 if test -z "$zlib_check_nonfatal" ; then
972 AC_MSG_ERROR([*** zlib too old - check config.log ***
973 Your reported zlib version has known security problems. It's possible your
974 vendor has fixed these problems without changing the version number. If you
975 are sure this is the case, you can disable the check by running
976 "./configure --without-zlib-version-check".
977 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
978 See http://www.gzip.org/zlib/ for details.])
980 AC_MSG_WARN([zlib version may have security problems])
983 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
987 AC_CHECK_FUNC(strcasecmp,
988 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
990 AC_CHECK_FUNCS(utimes,
991 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
992 LIBS="$LIBS -lc89"]) ]
995 dnl Checks for libutil functions
996 AC_CHECK_HEADERS(libutil.h)
997 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
998 [Define if your libraries define login()])])
999 AC_CHECK_FUNCS(logout updwtmp logwtmp)
1003 # Check for ALTDIRFUNC glob() extension
1004 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1005 AC_EGREP_CPP(FOUNDIT,
1008 #ifdef GLOB_ALTDIRFUNC
1013 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1014 [Define if your system glob() function has
1015 the GLOB_ALTDIRFUNC extension])
1023 # Check for g.gl_matchc glob() extension
1024 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1026 [ #include <glob.h> ],
1027 [glob_t g; g.gl_matchc = 1;],
1029 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1030 [Define if your system glob() function has
1031 gl_matchc options in glob_t])
1039 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1041 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1044 #include <sys/types.h>
1046 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1048 [AC_MSG_RESULT(yes)],
1051 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1052 [Define if your struct dirent expects you to
1053 allocate extra space for d_name])
1056 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1057 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1061 # Check whether the user wants GSSAPI mechglue support
1062 AC_ARG_WITH(mechglue,
1063 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1065 AC_MSG_CHECKING(for mechglue library)
1067 if test -e ${withval}/libgssapi.a ; then
1068 mechglue_lib=${withval}/libgssapi.a
1069 elif test -e ${withval}/lib/libgssapi.a ; then
1070 mechglue_lib=${withval}/lib/libgssapi.a
1072 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1074 LIBS="$LIBS ${mechglue_lib}"
1075 AC_MSG_RESULT(${mechglue_lib})
1077 AC_CHECK_LIB(dl, dlopen, , )
1078 if test $ac_cv_lib_dl_dlopen = yes; then
1079 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1083 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1090 # Check whether the user wants GSI (Globus) support
1093 [ --with-gsi Enable Globus GSI authentication support],
1100 [ --with-globus Enable Globus GSI authentication support],
1106 AC_ARG_WITH(globus-static,
1107 [ --with-globus-static Link statically with Globus GSI libraries],
1109 gsi_static="-static"
1110 if test "x$gsi_path" = "xno" ; then
1116 # Check whether the user has a Globus flavor type
1117 globus_flavor_type="no"
1118 AC_ARG_WITH(globus-flavor,
1119 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
1121 globus_flavor_type="$withval"
1122 if test "x$gsi_path" = "xno" ; then
1128 if test "x$gsi_path" != "xno" ; then
1129 # Globus GSSAPI configuration
1130 AC_MSG_CHECKING(for Globus GSI)
1131 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
1133 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
1134 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1136 if test -z "$GSSAPI"; then
1141 if test "x$gsi_path" = "xyes" ; then
1142 if test -z "$GLOBUS_LOCATION" ; then
1143 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
1145 gsi_path="$GLOBUS_LOCATION"
1148 GLOBUS_LOCATION="$gsi_path"
1149 export GLOBUS_LOCATION
1150 if test ! -d "$GLOBUS_LOCATION" ; then
1151 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1154 if test "x$globus_flavor_type" = "xno" ; then
1155 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1157 if test "x$globus_flavor_type" = "xyes" ; then
1158 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1161 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1162 if test ! -d "$GLOBUS_INCLUDE" ; then
1163 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1165 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
1167 if test -x ${gsi_path}/bin/globus-makefile-header ; then
1168 ${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
1169 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
1170 ${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
1172 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
1174 . ./gpt_build_tmp.sh
1175 if test -n "${need_dash_r}"; then
1176 GSI_LDFLAGS="-L${gsi_path}/lib -R${gsi_path}/lib"
1178 GSI_LDFLAGS="-L${gsi_path}/lib"
1180 if test -z "$GLOBUS_PKG_LIBS" ; then
1181 AC_MSG_ERROR(globus-makefile-header failed)
1184 AC_DEFINE(HAVE_GSSAPI_H)
1186 LIBS="$LIBS $GLOBUS_LIBS $GLOBUS_PKG_LIBS"
1187 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1188 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
1190 # test that we got the libraries OK
1198 AC_MSG_ERROR(link with Globus libraries failed)
1201 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1202 INSTALL_GSISSH="yes"
1206 AC_SUBST(INSTALL_GSISSH)
1207 # End Globus/GSI section
1209 AC_MSG_CHECKING([for /proc/pid/fd directory])
1210 if test -d "/proc/$$/fd" ; then
1211 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1217 # Check whether user wants S/Key support
1220 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1222 if test "x$withval" != "xno" ; then
1224 if test "x$withval" != "xyes" ; then
1225 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1226 LDFLAGS="$LDFLAGS -L${withval}/lib"
1229 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1233 AC_MSG_CHECKING([for s/key support])
1238 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1240 [AC_MSG_RESULT(yes)],
1243 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1245 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1249 [(void)skeychallenge(NULL,"name","",0);],
1251 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1252 [Define if your skeychallenge()
1253 function takes 4 arguments (NetBSD)])],
1260 # Check whether user wants TCP wrappers support
1262 AC_ARG_WITH(tcp-wrappers,
1263 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1265 if test "x$withval" != "xno" ; then
1267 saved_LDFLAGS="$LDFLAGS"
1268 saved_CPPFLAGS="$CPPFLAGS"
1269 if test -n "${withval}" && \
1270 test "x${withval}" != "xyes"; then
1271 if test -d "${withval}/lib"; then
1272 if test -n "${need_dash_r}"; then
1273 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1275 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1278 if test -n "${need_dash_r}"; then
1279 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1281 LDFLAGS="-L${withval} ${LDFLAGS}"
1284 if test -d "${withval}/include"; then
1285 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1287 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1291 AC_MSG_CHECKING(for libwrap)
1294 #include <sys/types.h>
1295 #include <sys/socket.h>
1296 #include <netinet/in.h>
1298 int deny_severity = 0, allow_severity = 0;
1303 AC_DEFINE(LIBWRAP, 1,
1305 TCP Wrappers support])
1306 SSHDLIBS="$SSHDLIBS -lwrap"
1310 AC_MSG_ERROR([*** libwrap missing])
1318 # Check whether user wants libedit support
1320 AC_ARG_WITH(libedit,
1321 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1322 [ if test "x$withval" != "xno" ; then
1323 if test "x$withval" != "xyes"; then
1324 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1325 if test -n "${need_dash_r}"; then
1326 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1328 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1331 AC_CHECK_LIB(edit, el_init,
1332 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1333 LIBEDIT="-ledit -lcurses"
1337 [ AC_MSG_ERROR(libedit not found) ],
1340 AC_MSG_CHECKING(if libedit version is compatible)
1343 #include <histedit.h>
1347 el_init("", NULL, NULL, NULL);
1351 [ AC_MSG_RESULT(yes) ],
1353 AC_MSG_ERROR(libedit version is not compatible) ]
1360 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1362 AC_MSG_CHECKING(for supported audit module)
1367 dnl Checks for headers, libs and functions
1368 AC_CHECK_HEADERS(bsm/audit.h, [],
1369 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1376 AC_CHECK_LIB(bsm, getaudit, [],
1377 [AC_MSG_ERROR(BSM enabled and required library not found)])
1378 AC_CHECK_FUNCS(getaudit, [],
1379 [AC_MSG_ERROR(BSM enabled and required function not found)])
1380 # These are optional
1381 AC_CHECK_FUNCS(getaudit_addr)
1382 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1386 AC_MSG_RESULT(debug)
1387 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1393 AC_MSG_ERROR([Unknown audit module $withval])
1398 dnl Checks for library functions. Please keep in alphabetical order
1486 # IRIX has a const char return value for gai_strerror()
1487 AC_CHECK_FUNCS(gai_strerror,[
1488 AC_DEFINE(HAVE_GAI_STRERROR)
1490 #include <sys/types.h>
1491 #include <sys/socket.h>
1494 const char *gai_strerror(int);],[
1497 str = gai_strerror(0);],[
1498 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1499 [Define if gai_strerror() returns const char *])])])
1501 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1502 [Some systems put nanosleep outside of libc]))
1504 dnl Make sure prototypes are defined for these before using them.
1505 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1506 AC_CHECK_DECL(strsep,
1507 [AC_CHECK_FUNCS(strsep)],
1510 #ifdef HAVE_STRING_H
1511 # include <string.h>
1515 dnl tcsendbreak might be a macro
1516 AC_CHECK_DECL(tcsendbreak,
1517 [AC_DEFINE(HAVE_TCSENDBREAK)],
1518 [AC_CHECK_FUNCS(tcsendbreak)],
1519 [#include <termios.h>]
1522 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1524 AC_CHECK_DECLS(SHUT_RD, , ,
1526 #include <sys/types.h>
1527 #include <sys/socket.h>
1530 AC_CHECK_DECLS(O_NONBLOCK, , ,
1532 #include <sys/types.h>
1533 #ifdef HAVE_SYS_STAT_H
1534 # include <sys/stat.h>
1541 AC_CHECK_DECLS(writev, , , [
1542 #include <sys/types.h>
1543 #include <sys/uio.h>
1547 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1548 #include <sys/param.h>
1551 AC_CHECK_DECLS(offsetof, , , [
1555 AC_CHECK_FUNCS(setresuid, [
1556 dnl Some platorms have setresuid that isn't implemented, test for this
1557 AC_MSG_CHECKING(if setresuid seems to work)
1562 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1564 [AC_MSG_RESULT(yes)],
1565 [AC_DEFINE(BROKEN_SETRESUID, 1,
1566 [Define if your setresuid() is broken])
1567 AC_MSG_RESULT(not implemented)],
1568 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1572 AC_CHECK_FUNCS(setresgid, [
1573 dnl Some platorms have setresgid that isn't implemented, test for this
1574 AC_MSG_CHECKING(if setresgid seems to work)
1579 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1581 [AC_MSG_RESULT(yes)],
1582 [AC_DEFINE(BROKEN_SETRESGID, 1,
1583 [Define if your setresgid() is broken])
1584 AC_MSG_RESULT(not implemented)],
1585 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1589 dnl Checks for time functions
1590 AC_CHECK_FUNCS(gettimeofday time)
1591 dnl Checks for utmp functions
1592 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1593 AC_CHECK_FUNCS(utmpname)
1594 dnl Checks for utmpx functions
1595 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1596 AC_CHECK_FUNCS(setutxent utmpxname)
1598 AC_CHECK_FUNC(daemon,
1599 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1600 [AC_CHECK_LIB(bsd, daemon,
1601 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1604 AC_CHECK_FUNC(getpagesize,
1605 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1606 [Define if your libraries define getpagesize()])],
1607 [AC_CHECK_LIB(ucb, getpagesize,
1608 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1611 # Check for broken snprintf
1612 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1613 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1617 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1619 [AC_MSG_RESULT(yes)],
1622 AC_DEFINE(BROKEN_SNPRINTF, 1,
1623 [Define if your snprintf is busted])
1624 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1626 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1630 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1631 # returning the right thing on overflow: the number of characters it tried to
1632 # create (as per SUSv3)
1633 if test "x$ac_cv_func_asprintf" != "xyes" && \
1634 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1635 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1638 #include <sys/types.h>
1642 int x_snprintf(char *str,size_t count,const char *fmt,...)
1644 size_t ret; va_list ap;
1645 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1651 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1653 [AC_MSG_RESULT(yes)],
1656 AC_DEFINE(BROKEN_SNPRINTF, 1,
1657 [Define if your snprintf is busted])
1658 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1660 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1664 # On systems where [v]snprintf is broken, but is declared in stdio,
1665 # check that the fmt argument is const char * or just char *.
1666 # This is only useful for when BROKEN_SNPRINTF
1667 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1668 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1669 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1670 int main(void) { snprintf(0, 0, 0); }
1673 AC_DEFINE(SNPRINTF_CONST, [const],
1674 [Define as const if snprintf() can declare const char *fmt])],
1676 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1678 # Check for missing getpeereid (or equiv) support
1680 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1681 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1683 [#include <sys/types.h>
1684 #include <sys/socket.h>],
1685 [int i = SO_PEERCRED;],
1686 [ AC_MSG_RESULT(yes)
1687 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1694 dnl see whether mkstemp() requires XXXXXX
1695 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1696 AC_MSG_CHECKING([for (overly) strict mkstemp])
1700 main() { char template[]="conftest.mkstemp-test";
1701 if (mkstemp(template) == -1)
1703 unlink(template); exit(0);
1711 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1715 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1720 dnl make sure that openpty does not reacquire controlling terminal
1721 if test ! -z "$check_for_openpty_ctty_bug"; then
1722 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1726 #include <sys/fcntl.h>
1727 #include <sys/types.h>
1728 #include <sys/wait.h>
1734 int fd, ptyfd, ttyfd, status;
1737 if (pid < 0) { /* failed */
1739 } else if (pid > 0) { /* parent */
1740 waitpid(pid, &status, 0);
1741 if (WIFEXITED(status))
1742 exit(WEXITSTATUS(status));
1745 } else { /* child */
1746 close(0); close(1); close(2);
1748 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1749 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1751 exit(3); /* Acquired ctty: broken */
1753 exit(0); /* Did not acquire ctty: OK */
1762 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1765 AC_MSG_RESULT(cross-compiling, assuming yes)
1770 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1771 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1772 AC_MSG_CHECKING(if getaddrinfo seems to work)
1776 #include <sys/socket.h>
1779 #include <netinet/in.h>
1781 #define TEST_PORT "2222"
1787 struct addrinfo *gai_ai, *ai, hints;
1788 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1790 memset(&hints, 0, sizeof(hints));
1791 hints.ai_family = PF_UNSPEC;
1792 hints.ai_socktype = SOCK_STREAM;
1793 hints.ai_flags = AI_PASSIVE;
1795 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1797 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1801 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1802 if (ai->ai_family != AF_INET6)
1805 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1806 sizeof(ntop), strport, sizeof(strport),
1807 NI_NUMERICHOST|NI_NUMERICSERV);
1810 if (err == EAI_SYSTEM)
1811 perror("getnameinfo EAI_SYSTEM");
1813 fprintf(stderr, "getnameinfo failed: %s\n",
1818 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1821 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1834 AC_DEFINE(BROKEN_GETADDRINFO)
1837 AC_MSG_RESULT(cross-compiling, assuming yes)
1842 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1843 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1844 AC_MSG_CHECKING(if getaddrinfo seems to work)
1848 #include <sys/socket.h>
1851 #include <netinet/in.h>
1853 #define TEST_PORT "2222"
1859 struct addrinfo *gai_ai, *ai, hints;
1860 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1862 memset(&hints, 0, sizeof(hints));
1863 hints.ai_family = PF_UNSPEC;
1864 hints.ai_socktype = SOCK_STREAM;
1865 hints.ai_flags = AI_PASSIVE;
1867 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1869 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1873 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1874 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1877 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1878 sizeof(ntop), strport, sizeof(strport),
1879 NI_NUMERICHOST|NI_NUMERICSERV);
1881 if (ai->ai_family == AF_INET && err != 0) {
1882 perror("getnameinfo");
1891 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1892 [Define if you have a getaddrinfo that fails
1893 for the all-zeros IPv6 address])
1897 AC_DEFINE(BROKEN_GETADDRINFO)
1900 AC_MSG_RESULT(cross-compiling, assuming no)
1905 if test "x$check_for_conflicting_getspnam" = "x1"; then
1906 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1910 int main(void) {exit(0);}
1917 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1918 [Conflicting defs for getspnam])
1925 # Search for OpenSSL
1926 saved_CPPFLAGS="$CPPFLAGS"
1927 saved_LDFLAGS="$LDFLAGS"
1928 AC_ARG_WITH(ssl-dir,
1929 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1931 if test "x$withval" != "xno" ; then
1934 ./*|../*) withval="`pwd`/$withval"
1936 if test -d "$withval/lib"; then
1937 if test -n "${need_dash_r}"; then
1938 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1940 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1943 if test -n "${need_dash_r}"; then
1944 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1946 LDFLAGS="-L${withval} ${LDFLAGS}"
1949 if test -d "$withval/include"; then
1950 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1952 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1957 if test -z "$GSI_LDFLAGS" ; then
1958 LIBS="-lcrypto $LIBS"
1960 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1961 [Define if your ssl headers are included
1962 with #include <openssl/header.h>]),
1964 dnl Check default openssl install dir
1965 if test -n "${need_dash_r}"; then
1966 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1968 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1970 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1971 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1973 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1979 # Determine OpenSSL header version
1980 AC_MSG_CHECKING([OpenSSL header version])
1985 #include <openssl/opensslv.h>
1986 #define DATA "conftest.sslincver"
1991 fd = fopen(DATA,"w");
1995 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2002 ssl_header_ver=`cat conftest.sslincver`
2003 AC_MSG_RESULT($ssl_header_ver)
2006 AC_MSG_RESULT(not found)
2007 AC_MSG_ERROR(OpenSSL version header not found.)
2010 AC_MSG_WARN([cross compiling: not checking])
2014 # Determine OpenSSL library version
2015 AC_MSG_CHECKING([OpenSSL library version])
2020 #include <openssl/opensslv.h>
2021 #include <openssl/crypto.h>
2022 #define DATA "conftest.ssllibver"
2027 fd = fopen(DATA,"w");
2031 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2038 ssl_library_ver=`cat conftest.ssllibver`
2039 AC_MSG_RESULT($ssl_library_ver)
2042 AC_MSG_RESULT(not found)
2043 AC_MSG_ERROR(OpenSSL library not found.)
2046 AC_MSG_WARN([cross compiling: not checking])
2050 AC_ARG_WITH(openssl-header-check,
2051 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2052 [ if test "x$withval" = "xno" ; then
2053 openssl_check_nonfatal=1
2058 # Sanity check OpenSSL headers
2059 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2063 #include <openssl/opensslv.h>
2064 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2071 if test "x$openssl_check_nonfatal" = "x"; then
2072 AC_MSG_ERROR([Your OpenSSL headers do not match your
2073 library. Check config.log for details.
2074 If you are sure your installation is consistent, you can disable the check
2075 by running "./configure --without-openssl-header-check".
2076 Also see contrib/findssl.sh for help identifying header/library mismatches.
2079 AC_MSG_WARN([Your OpenSSL headers do not match your
2080 library. Check config.log for details.
2081 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2085 AC_MSG_WARN([cross compiling: not checking])
2089 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2092 #include <openssl/evp.h>
2093 int main(void) { SSLeay_add_all_algorithms(); }
2102 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2105 #include <openssl/evp.h>
2106 int main(void) { SSLeay_add_all_algorithms(); }
2119 AC_ARG_WITH(ssl-engine,
2120 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2121 [ if test "x$withval" != "xno" ; then
2122 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2124 [ #include <openssl/engine.h>],
2126 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2128 [ AC_MSG_RESULT(yes)
2129 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2130 [Enable OpenSSL engine support])
2132 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2137 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2138 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2142 #include <openssl/evp.h>
2143 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2150 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2151 [libcrypto is missing AES 192 and 256 bit functions])
2155 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2156 # because the system crypt() is more featureful.
2157 if test "x$check_for_libcrypt_before" = "x1"; then
2158 AC_CHECK_LIB(crypt, crypt)
2161 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2162 # version in OpenSSL.
2163 if test "x$check_for_libcrypt_later" = "x1"; then
2164 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2167 # Search for SHA256 support in libc and/or OpenSSL
2168 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2171 AC_CHECK_LIB(iaf, ia_openinfo, [
2173 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
2177 ### Configure cryptographic random number support
2179 # Check wheter OpenSSL seeds itself
2180 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2184 #include <openssl/rand.h>
2185 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2188 OPENSSL_SEEDS_ITSELF=yes
2193 # Default to use of the rand helper if OpenSSL doesn't
2198 AC_MSG_WARN([cross compiling: assuming yes])
2199 # This is safe, since all recent OpenSSL versions will
2200 # complain at runtime if not seeded correctly.
2201 OPENSSL_SEEDS_ITSELF=yes
2205 # Check for PAM libs
2208 [ --with-pam Enable PAM support ],
2210 if test "x$withval" != "xno" ; then
2211 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2212 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2213 AC_MSG_ERROR([PAM headers not found])
2217 AC_CHECK_LIB(dl, dlopen, , )
2218 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2219 AC_CHECK_FUNCS(pam_getenvlist)
2220 AC_CHECK_FUNCS(pam_putenv)
2225 SSHDLIBS="$SSHDLIBS -lpam"
2226 AC_DEFINE(USE_PAM, 1,
2227 [Define if you want to enable PAM support])
2229 if test $ac_cv_lib_dl_dlopen = yes; then
2232 # libdl already in LIBS
2235 SSHDLIBS="$SSHDLIBS -ldl"
2243 # Check for older PAM
2244 if test "x$PAM_MSG" = "xyes" ; then
2245 # Check PAM strerror arguments (old PAM)
2246 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2250 #if defined(HAVE_SECURITY_PAM_APPL_H)
2251 #include <security/pam_appl.h>
2252 #elif defined (HAVE_PAM_PAM_APPL_H)
2253 #include <pam/pam_appl.h>
2256 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2257 [AC_MSG_RESULT(no)],
2259 AC_DEFINE(HAVE_OLD_PAM, 1,
2260 [Define if you have an old version of PAM
2261 which takes only one argument to pam_strerror])
2263 PAM_MSG="yes (old library)"
2268 # Do we want to force the use of the rand helper?
2269 AC_ARG_WITH(rand-helper,
2270 [ --with-rand-helper Use subprocess to gather strong randomness ],
2272 if test "x$withval" = "xno" ; then
2273 # Force use of OpenSSL's internal RNG, even if
2274 # the previous test showed it to be unseeded.
2275 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2276 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2277 OPENSSL_SEEDS_ITSELF=yes
2286 # Which randomness source do we use?
2287 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2289 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2290 [Define if you want OpenSSL's internally seeded PRNG only])
2291 RAND_MSG="OpenSSL internal ONLY"
2292 INSTALL_SSH_RAND_HELPER=""
2293 elif test ! -z "$USE_RAND_HELPER" ; then
2294 # install rand helper
2295 RAND_MSG="ssh-rand-helper"
2296 INSTALL_SSH_RAND_HELPER="yes"
2298 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2300 ### Configuration of ssh-rand-helper
2303 AC_ARG_WITH(prngd-port,
2304 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2313 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2316 if test ! -z "$withval" ; then
2317 PRNGD_PORT="$withval"
2318 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2319 [Port number of PRNGD/EGD random number socket])
2324 # PRNGD Unix domain socket
2325 AC_ARG_WITH(prngd-socket,
2326 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2330 withval="/var/run/egd-pool"
2338 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2342 if test ! -z "$withval" ; then
2343 if test ! -z "$PRNGD_PORT" ; then
2344 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2346 if test ! -r "$withval" ; then
2347 AC_MSG_WARN(Entropy socket is not readable)
2349 PRNGD_SOCKET="$withval"
2350 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2351 [Location of PRNGD/EGD random number socket])
2355 # Check for existing socket only if we don't have a random device already
2356 if test "$USE_RAND_HELPER" = yes ; then
2357 AC_MSG_CHECKING(for PRNGD/EGD socket)
2358 # Insert other locations here
2359 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2360 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2361 PRNGD_SOCKET="$sock"
2362 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2366 if test ! -z "$PRNGD_SOCKET" ; then
2367 AC_MSG_RESULT($PRNGD_SOCKET)
2369 AC_MSG_RESULT(not found)
2375 # Change default command timeout for hashing entropy source
2377 AC_ARG_WITH(entropy-timeout,
2378 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2380 if test -n "$withval" && test "x$withval" != "xno" && \
2381 test "x${withval}" != "xyes"; then
2382 entropy_timeout=$withval
2386 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2387 [Builtin PRNG command timeout])
2389 SSH_PRIVSEP_USER=sshd
2390 AC_ARG_WITH(privsep-user,
2391 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2393 if test -n "$withval" && test "x$withval" != "xno" && \
2394 test "x${withval}" != "xyes"; then
2395 SSH_PRIVSEP_USER=$withval
2399 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2400 [non-privileged user for privilege separation])
2401 AC_SUBST(SSH_PRIVSEP_USER)
2403 # We do this little dance with the search path to insure
2404 # that programs that we select for use by installed programs
2405 # (which may be run by the super-user) come from trusted
2406 # locations before they come from the user's private area.
2407 # This should help avoid accidentally configuring some
2408 # random version of a program in someone's personal bin.
2412 test -h /bin 2> /dev/null && PATH=/usr/bin
2413 test -d /sbin && PATH=$PATH:/sbin
2414 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2415 PATH=$PATH:/etc:$OPATH
2417 # These programs are used by the command hashing source to gather entropy
2418 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2419 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2420 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2421 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2422 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2423 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2424 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2425 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2426 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2427 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2428 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2429 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2430 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2431 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2432 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2433 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2437 # Where does ssh-rand-helper get its randomness from?
2438 INSTALL_SSH_PRNG_CMDS=""
2439 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2440 if test ! -z "$PRNGD_PORT" ; then
2441 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2442 elif test ! -z "$PRNGD_SOCKET" ; then
2443 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2445 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2446 RAND_HELPER_CMDHASH=yes
2447 INSTALL_SSH_PRNG_CMDS="yes"
2450 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2453 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2454 if test ! -z "$SONY" ; then
2455 LIBS="$LIBS -liberty";
2458 # Check for long long datatypes
2459 AC_CHECK_TYPES([long long, unsigned long long, long double])
2461 # Check datatype sizes
2462 AC_CHECK_SIZEOF(char, 1)
2463 AC_CHECK_SIZEOF(short int, 2)
2464 AC_CHECK_SIZEOF(int, 4)
2465 AC_CHECK_SIZEOF(long int, 4)
2466 AC_CHECK_SIZEOF(long long int, 8)
2468 # Sanity check long long for some platforms (AIX)
2469 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2470 ac_cv_sizeof_long_long_int=0
2473 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2474 if test -z "$have_llong_max"; then
2475 AC_MSG_CHECKING([for max value of long long])
2479 /* Why is this so damn hard? */
2483 #define __USE_ISOC99
2485 #define DATA "conftest.llminmax"
2486 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2489 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2490 * we do this the hard way.
2493 fprint_ll(FILE *f, long long n)
2496 int l[sizeof(long long) * 8];
2499 if (fprintf(f, "-") < 0)
2501 for (i = 0; n != 0; i++) {
2502 l[i] = my_abs(n % 10);
2506 if (fprintf(f, "%d", l[--i]) < 0)
2509 if (fprintf(f, " ") < 0)
2516 long long i, llmin, llmax = 0;
2518 if((f = fopen(DATA,"w")) == NULL)
2521 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2522 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2526 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2527 /* This will work on one's complement and two's complement */
2528 for (i = 1; i > llmax; i <<= 1, i++)
2530 llmin = llmax + 1LL; /* wrap */
2534 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2535 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2536 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2537 fprintf(f, "unknown unknown\n");
2541 if (fprint_ll(f, llmin) < 0)
2543 if (fprint_ll(f, llmax) < 0)
2551 llong_min=`$AWK '{print $1}' conftest.llminmax`
2552 llong_max=`$AWK '{print $2}' conftest.llminmax`
2554 AC_MSG_RESULT($llong_max)
2555 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2556 [max value of long long calculated by configure])
2557 AC_MSG_CHECKING([for min value of long long])
2558 AC_MSG_RESULT($llong_min)
2559 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2560 [min value of long long calculated by configure])
2563 AC_MSG_RESULT(not found)
2566 AC_MSG_WARN([cross compiling: not checking])
2572 # More checks for data types
2573 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2575 [ #include <sys/types.h> ],
2577 [ ac_cv_have_u_int="yes" ],
2578 [ ac_cv_have_u_int="no" ]
2581 if test "x$ac_cv_have_u_int" = "xyes" ; then
2582 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2586 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2588 [ #include <sys/types.h> ],
2589 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2590 [ ac_cv_have_intxx_t="yes" ],
2591 [ ac_cv_have_intxx_t="no" ]
2594 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2595 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2599 if (test -z "$have_intxx_t" && \
2600 test "x$ac_cv_header_stdint_h" = "xyes")
2602 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2604 [ #include <stdint.h> ],
2605 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2607 AC_DEFINE(HAVE_INTXX_T)
2610 [ AC_MSG_RESULT(no) ]
2614 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2617 #include <sys/types.h>
2618 #ifdef HAVE_STDINT_H
2619 # include <stdint.h>
2621 #include <sys/socket.h>
2622 #ifdef HAVE_SYS_BITYPES_H
2623 # include <sys/bitypes.h>
2626 [ int64_t a; a = 1;],
2627 [ ac_cv_have_int64_t="yes" ],
2628 [ ac_cv_have_int64_t="no" ]
2631 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2632 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2635 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2637 [ #include <sys/types.h> ],
2638 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2639 [ ac_cv_have_u_intxx_t="yes" ],
2640 [ ac_cv_have_u_intxx_t="no" ]
2643 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2644 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2648 if test -z "$have_u_intxx_t" ; then
2649 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2651 [ #include <sys/socket.h> ],
2652 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2654 AC_DEFINE(HAVE_U_INTXX_T)
2657 [ AC_MSG_RESULT(no) ]
2661 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2663 [ #include <sys/types.h> ],
2664 [ u_int64_t a; a = 1;],
2665 [ ac_cv_have_u_int64_t="yes" ],
2666 [ ac_cv_have_u_int64_t="no" ]
2669 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2670 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2674 if test -z "$have_u_int64_t" ; then
2675 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2677 [ #include <sys/bitypes.h> ],
2678 [ u_int64_t a; a = 1],
2680 AC_DEFINE(HAVE_U_INT64_T)
2683 [ AC_MSG_RESULT(no) ]
2687 if test -z "$have_u_intxx_t" ; then
2688 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2691 #include <sys/types.h>
2693 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2694 [ ac_cv_have_uintxx_t="yes" ],
2695 [ ac_cv_have_uintxx_t="no" ]
2698 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2699 AC_DEFINE(HAVE_UINTXX_T, 1,
2700 [define if you have uintxx_t data type])
2704 if test -z "$have_uintxx_t" ; then
2705 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2707 [ #include <stdint.h> ],
2708 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2710 AC_DEFINE(HAVE_UINTXX_T)
2713 [ AC_MSG_RESULT(no) ]
2717 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2718 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2720 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2723 #include <sys/bitypes.h>
2726 int8_t a; int16_t b; int32_t c;
2727 u_int8_t e; u_int16_t f; u_int32_t g;
2728 a = b = c = e = f = g = 1;
2731 AC_DEFINE(HAVE_U_INTXX_T)
2732 AC_DEFINE(HAVE_INTXX_T)
2740 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2743 #include <sys/types.h>
2745 [ u_char foo; foo = 125; ],
2746 [ ac_cv_have_u_char="yes" ],
2747 [ ac_cv_have_u_char="no" ]
2750 if test "x$ac_cv_have_u_char" = "xyes" ; then
2751 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2756 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2758 AC_CHECK_TYPES(in_addr_t,,,
2759 [#include <sys/types.h>
2760 #include <netinet/in.h>])
2762 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2765 #include <sys/types.h>
2767 [ size_t foo; foo = 1235; ],
2768 [ ac_cv_have_size_t="yes" ],
2769 [ ac_cv_have_size_t="no" ]
2772 if test "x$ac_cv_have_size_t" = "xyes" ; then
2773 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2776 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2779 #include <sys/types.h>
2781 [ ssize_t foo; foo = 1235; ],
2782 [ ac_cv_have_ssize_t="yes" ],
2783 [ ac_cv_have_ssize_t="no" ]
2786 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2787 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2790 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2795 [ clock_t foo; foo = 1235; ],
2796 [ ac_cv_have_clock_t="yes" ],
2797 [ ac_cv_have_clock_t="no" ]
2800 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2801 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2804 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2807 #include <sys/types.h>
2808 #include <sys/socket.h>
2810 [ sa_family_t foo; foo = 1235; ],
2811 [ ac_cv_have_sa_family_t="yes" ],
2814 #include <sys/types.h>
2815 #include <sys/socket.h>
2816 #include <netinet/in.h>
2818 [ sa_family_t foo; foo = 1235; ],
2819 [ ac_cv_have_sa_family_t="yes" ],
2821 [ ac_cv_have_sa_family_t="no" ]
2825 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2826 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2827 [define if you have sa_family_t data type])
2830 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2833 #include <sys/types.h>
2835 [ pid_t foo; foo = 1235; ],
2836 [ ac_cv_have_pid_t="yes" ],
2837 [ ac_cv_have_pid_t="no" ]
2840 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2841 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2844 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2847 #include <sys/types.h>
2849 [ mode_t foo; foo = 1235; ],
2850 [ ac_cv_have_mode_t="yes" ],
2851 [ ac_cv_have_mode_t="no" ]
2854 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2855 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2859 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2862 #include <sys/types.h>
2863 #include <sys/socket.h>
2865 [ struct sockaddr_storage s; ],
2866 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2867 [ ac_cv_have_struct_sockaddr_storage="no" ]
2870 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2871 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2872 [define if you have struct sockaddr_storage data type])
2875 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2878 #include <sys/types.h>
2879 #include <netinet/in.h>
2881 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2882 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2883 [ ac_cv_have_struct_sockaddr_in6="no" ]
2886 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2887 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2888 [define if you have struct sockaddr_in6 data type])
2891 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2894 #include <sys/types.h>
2895 #include <netinet/in.h>
2897 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2898 [ ac_cv_have_struct_in6_addr="yes" ],
2899 [ ac_cv_have_struct_in6_addr="no" ]
2902 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2903 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2904 [define if you have struct in6_addr data type])
2907 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2910 #include <sys/types.h>
2911 #include <sys/socket.h>
2914 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2915 [ ac_cv_have_struct_addrinfo="yes" ],
2916 [ ac_cv_have_struct_addrinfo="no" ]
2919 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2920 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2921 [define if you have struct addrinfo data type])
2924 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2926 [ #include <sys/time.h> ],
2927 [ struct timeval tv; tv.tv_sec = 1;],
2928 [ ac_cv_have_struct_timeval="yes" ],
2929 [ ac_cv_have_struct_timeval="no" ]
2932 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2933 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2934 have_struct_timeval=1
2937 AC_CHECK_TYPES(struct timespec)
2939 # We need int64_t or else certian parts of the compile will fail.
2940 if test "x$ac_cv_have_int64_t" = "xno" && \
2941 test "x$ac_cv_sizeof_long_int" != "x8" && \
2942 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2943 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2944 echo "an alternative compiler (I.E., GCC) before continuing."
2948 dnl test snprintf (broken on SCO w/gcc)
2953 #ifdef HAVE_SNPRINTF
2957 char expected_out[50];
2959 #if (SIZEOF_LONG_INT == 8)
2960 long int num = 0x7fffffffffffffff;
2962 long long num = 0x7fffffffffffffffll;
2964 strcpy(expected_out, "9223372036854775807");
2965 snprintf(buf, mazsize, "%lld", num);
2966 if(strcmp(buf, expected_out) != 0)
2973 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2974 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2978 dnl Checks for structure members
2979 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2980 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2981 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2982 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2983 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2984 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2985 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2986 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2987 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2988 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2989 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2990 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2991 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2992 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2993 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2994 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2995 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2997 AC_CHECK_MEMBERS([struct stat.st_blksize])
2998 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2999 [Define if we don't have struct __res_state in resolv.h])],
3002 #if HAVE_SYS_TYPES_H
3003 # include <sys/types.h>
3005 #include <netinet/in.h>
3006 #include <arpa/nameser.h>
3010 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3011 ac_cv_have_ss_family_in_struct_ss, [
3014 #include <sys/types.h>
3015 #include <sys/socket.h>
3017 [ struct sockaddr_storage s; s.ss_family = 1; ],
3018 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3019 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3022 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3023 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3026 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3027 ac_cv_have___ss_family_in_struct_ss, [
3030 #include <sys/types.h>
3031 #include <sys/socket.h>
3033 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3034 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3035 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3038 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3039 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3040 [Fields in struct sockaddr_storage])
3043 AC_CACHE_CHECK([for pw_class field in struct passwd],
3044 ac_cv_have_pw_class_in_struct_passwd, [
3049 [ struct passwd p; p.pw_class = 0; ],
3050 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3051 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3054 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3055 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3056 [Define if your password has a pw_class field])
3059 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3060 ac_cv_have_pw_expire_in_struct_passwd, [
3065 [ struct passwd p; p.pw_expire = 0; ],
3066 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3067 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3070 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3071 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3072 [Define if your password has a pw_expire field])
3075 AC_CACHE_CHECK([for pw_change field in struct passwd],
3076 ac_cv_have_pw_change_in_struct_passwd, [
3081 [ struct passwd p; p.pw_change = 0; ],
3082 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3083 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3086 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3087 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3088 [Define if your password has a pw_change field])
3091 dnl make sure we're using the real structure members and not defines
3092 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3093 ac_cv_have_accrights_in_msghdr, [
3096 #include <sys/types.h>
3097 #include <sys/socket.h>
3098 #include <sys/uio.h>
3100 #ifdef msg_accrights
3101 #error "msg_accrights is a macro"
3105 m.msg_accrights = 0;
3109 [ ac_cv_have_accrights_in_msghdr="yes" ],
3110 [ ac_cv_have_accrights_in_msghdr="no" ]
3113 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3114 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3115 [Define if your system uses access rights style
3116 file descriptor passing])
3119 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3120 ac_cv_have_control_in_msghdr, [
3123 #include <sys/types.h>
3124 #include <sys/socket.h>
3125 #include <sys/uio.h>
3128 #error "msg_control is a macro"
3136 [ ac_cv_have_control_in_msghdr="yes" ],
3137 [ ac_cv_have_control_in_msghdr="no" ]
3140 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3141 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3142 [Define if your system uses ancillary data style
3143 file descriptor passing])
3146 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3148 [ extern char *__progname; printf("%s", __progname); ],
3149 [ ac_cv_libc_defines___progname="yes" ],
3150 [ ac_cv_libc_defines___progname="no" ]
3153 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3154 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3157 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3161 [ printf("%s", __FUNCTION__); ],
3162 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3163 [ ac_cv_cc_implements___FUNCTION__="no" ]
3166 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3167 AC_DEFINE(HAVE___FUNCTION__, 1,
3168 [Define if compiler implements __FUNCTION__])
3171 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3175 [ printf("%s", __func__); ],
3176 [ ac_cv_cc_implements___func__="yes" ],
3177 [ ac_cv_cc_implements___func__="no" ]
3180 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3181 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3184 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3186 [#include <stdarg.h>
3189 [ ac_cv_have_va_copy="yes" ],
3190 [ ac_cv_have_va_copy="no" ]
3193 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3194 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3197 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3199 [#include <stdarg.h>
3202 [ ac_cv_have___va_copy="yes" ],
3203 [ ac_cv_have___va_copy="no" ]
3206 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3207 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3210 AC_CACHE_CHECK([whether getopt has optreset support],
3211 ac_cv_have_getopt_optreset, [
3216 [ extern int optreset; optreset = 0; ],
3217 [ ac_cv_have_getopt_optreset="yes" ],
3218 [ ac_cv_have_getopt_optreset="no" ]
3221 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3222 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3223 [Define if your getopt(3) defines and uses optreset])
3226 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3228 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3229 [ ac_cv_libc_defines_sys_errlist="yes" ],
3230 [ ac_cv_libc_defines_sys_errlist="no" ]
3233 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3234 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3235 [Define if your system defines sys_errlist[]])
3239 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3241 [ extern int sys_nerr; printf("%i", sys_nerr);],
3242 [ ac_cv_libc_defines_sys_nerr="yes" ],
3243 [ ac_cv_libc_defines_sys_nerr="no" ]
3246 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3247 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3251 # Check whether user wants sectok support
3253 [ --with-sectok Enable smartcard support using libsectok],
3255 if test "x$withval" != "xno" ; then
3256 if test "x$withval" != "xyes" ; then
3257 CPPFLAGS="$CPPFLAGS -I${withval}"
3258 LDFLAGS="$LDFLAGS -L${withval}"
3259 if test ! -z "$need_dash_r" ; then
3260 LDFLAGS="$LDFLAGS -R${withval}"
3262 if test ! -z "$blibpath" ; then
3263 blibpath="$blibpath:${withval}"
3266 AC_CHECK_HEADERS(sectok.h)
3267 if test "$ac_cv_header_sectok_h" != yes; then
3268 AC_MSG_ERROR(Can't find sectok.h)
3270 AC_CHECK_LIB(sectok, sectok_open)
3271 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3272 AC_MSG_ERROR(Can't find libsectok)
3274 AC_DEFINE(SMARTCARD, 1,
3275 [Define if you want smartcard support])
3276 AC_DEFINE(USE_SECTOK, 1,
3277 [Define if you want smartcard support
3279 SCARD_MSG="yes, using sectok"
3284 # Check whether user wants OpenSC support
3287 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3289 if test "x$withval" != "xno" ; then
3290 if test "x$withval" != "xyes" ; then
3291 OPENSC_CONFIG=$withval/bin/opensc-config
3293 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3295 if test "$OPENSC_CONFIG" != "no"; then
3296 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3297 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3298 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3299 LIBS="$LIBS $LIBOPENSC_LIBS"
3300 AC_DEFINE(SMARTCARD)
3301 AC_DEFINE(USE_OPENSC, 1,
3302 [Define if you want smartcard support
3304 SCARD_MSG="yes, using OpenSC"
3310 # Check libraries needed by DNS fingerprint support
3311 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3312 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3313 [Define if getrrsetbyname() exists])],
3315 # Needed by our getrrsetbyname()
3316 AC_SEARCH_LIBS(res_query, resolv)
3317 AC_SEARCH_LIBS(dn_expand, resolv)
3318 AC_MSG_CHECKING(if res_query will link)
3319 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3322 LIBS="$LIBS -lresolv"
3323 AC_MSG_CHECKING(for res_query in -lresolv)
3328 res_query (0, 0, 0, 0, 0);
3332 [LIBS="$LIBS -lresolv"
3333 AC_MSG_RESULT(yes)],
3337 AC_CHECK_FUNCS(_getshort _getlong)
3338 AC_CHECK_DECLS([_getshort, _getlong], , ,
3339 [#include <sys/types.h>
3340 #include <arpa/nameser.h>])
3341 AC_CHECK_MEMBER(HEADER.ad,
3342 [AC_DEFINE(HAVE_HEADER_AD, 1,
3343 [Define if HEADER.ad exists in arpa/nameser.h])],,
3344 [#include <arpa/nameser.h>])
3347 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3350 #if HAVE_SYS_TYPES_H
3351 # include <sys/types.h>
3353 #include <netinet/in.h>
3354 #include <arpa/nameser.h>
3356 extern struct __res_state _res;
3357 int main() { return 0; }
3360 AC_DEFINE(HAVE__RES_EXTERN, 1,
3361 [Define if you have struct __res_state _res as an extern])
3363 [ AC_MSG_RESULT(no) ]
3366 # Check whether user wants SELinux support
3369 AC_ARG_WITH(selinux,
3370 [ --with-selinux Enable SELinux support],
3371 [ if test "x$withval" != "xno" ; then
3373 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3375 AC_CHECK_HEADER([selinux/selinux.h], ,
3376 AC_MSG_ERROR(SELinux support requires selinux.h header))
3377 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3378 AC_MSG_ERROR(SELinux support requires libselinux library))
3379 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3380 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3385 # Check whether user wants Kerberos 5 support
3387 AC_ARG_WITH(kerberos5,
3388 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3389 [ if test "x$withval" != "xno" ; then
3390 if test "x$withval" = "xyes" ; then
3391 KRB5ROOT="/usr/local"
3396 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3399 AC_MSG_CHECKING(for krb5-config)
3400 if test -x $KRB5ROOT/bin/krb5-config ; then
3401 KRB5CONF=$KRB5ROOT/bin/krb5-config
3402 AC_MSG_RESULT($KRB5CONF)
3404 AC_MSG_CHECKING(for gssapi support)
3405 if $KRB5CONF | grep gssapi >/dev/null ; then
3407 AC_DEFINE(GSSAPI, 1,
3408 [Define this if you want GSSAPI
3409 support in the version 2 protocol])
3415 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3416 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3417 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3418 AC_MSG_CHECKING(whether we are using Heimdal)
3419 AC_TRY_COMPILE([ #include <krb5.h> ],
3420 [ char *tmp = heimdal_version; ],
3421 [ AC_MSG_RESULT(yes)
3422 AC_DEFINE(HEIMDAL, 1,
3423 [Define this if you are using the
3424 Heimdal version of Kerberos V5]) ],
3429 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3430 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3431 AC_MSG_CHECKING(whether we are using Heimdal)
3432 AC_TRY_COMPILE([ #include <krb5.h> ],
3433 [ char *tmp = heimdal_version; ],
3434 [ AC_MSG_RESULT(yes)
3436 K5LIBS="-lkrb5 -ldes"
3437 K5LIBS="$K5LIBS -lcom_err -lasn1"
3438 AC_CHECK_LIB(roken, net_write,
3439 [K5LIBS="$K5LIBS -lroken"])
3442 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3445 AC_SEARCH_LIBS(dn_expand, resolv)
3447 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3449 K5LIBS="-lgssapi $K5LIBS" ],
3450 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3452 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3453 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3458 AC_CHECK_HEADER(gssapi.h, ,
3459 [ unset ac_cv_header_gssapi_h
3460 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3461 AC_CHECK_HEADERS(gssapi.h, ,
3462 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3468 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3469 AC_CHECK_HEADER(gssapi_krb5.h, ,
3470 [ CPPFLAGS="$oldCPP" ])
3472 # If we're using some other GSSAPI
3473 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3474 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3477 if test -z "$GSSAPI"; then
3482 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3483 AC_CHECK_HEADER(gssapi_krb5.h, ,
3484 [ CPPFLAGS="$oldCPP" ])
3487 if test ! -z "$need_dash_r" ; then
3488 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3490 if test ! -z "$blibpath" ; then
3491 blibpath="$blibpath:${KRB5ROOT}/lib"
3494 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3495 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3496 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3498 LIBS="$LIBS $K5LIBS"
3499 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3500 [Define this if you want to use libkafs' AFS support]))
3505 # Check whether user wants AFS_KRB5 support
3507 AC_ARG_WITH(afs-krb5,
3508 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3510 if test "x$withval" != "xno" ; then
3512 if test "x$withval" != "xyes" ; then
3513 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3514 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3516 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3518 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3521 if test -z "$KRB5ROOT" ; then
3522 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3525 LIBS="-lkrbafs -lkrb4 $LIBS"
3526 if test ! -z "$AFS_LIBS" ; then
3527 LIBS="$LIBS $AFS_LIBS"
3529 AC_DEFINE(AFS_KRB5, 1,
3530 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3536 AC_ARG_WITH(session-hooks,
3537 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3538 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3541 # Looking for programs, paths and files
3543 PRIVSEP_PATH=/var/empty
3544 AC_ARG_WITH(privsep-path,
3545 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3547 if test -n "$withval" && test "x$withval" != "xno" && \
3548 test "x${withval}" != "xyes"; then
3549 PRIVSEP_PATH=$withval
3553 AC_SUBST(PRIVSEP_PATH)
3556 [ --with-xauth=PATH Specify path to xauth program ],
3558 if test -n "$withval" && test "x$withval" != "xno" && \
3559 test "x${withval}" != "xyes"; then
3565 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3566 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3567 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3568 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3569 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3570 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3571 xauth_path="/usr/openwin/bin/xauth"
3577 AC_ARG_ENABLE(strip,
3578 [ --disable-strip Disable calling strip(1) on install],
3580 if test "x$enableval" = "xno" ; then
3587 if test -z "$xauth_path" ; then
3588 XAUTH_PATH="undefined"
3589 AC_SUBST(XAUTH_PATH)
3591 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3592 [Define if xauth is found in your path])
3593 XAUTH_PATH=$xauth_path
3594 AC_SUBST(XAUTH_PATH)
3597 AC_CHECK_DECL(_PATH_BSHELL, ,
3598 AC_DEFINE_UNQUOTED(_PATH_BSHELL, "/bin/sh",
3599 [Define to your C shell if not defined in paths.h]),
3600 [ #include <paths.h> ]
3603 AC_CHECK_DECL(_PATH_CSHELL, ,
3604 AC_DEFINE_UNQUOTED(_PATH_CSHELL, "/bin/csh",
3605 [Define to your Bourne shell if not defined in paths.h]),
3606 [ #include <paths.h> ]
3609 AC_CHECK_DECL(_PATH_SHELLS, ,
3610 AC_DEFINE_UNQUOTED(_PATH_SHELLS, "/etc/shells",
3611 [Define to your shells file if not defined in paths.h]),
3612 [ #include <paths.h> ]
3615 # if _PATH_MAILDIR is in paths.h then we won't go hunting for it.
3616 AC_CHECK_DECL(_PATH_MAILDIR,
3617 AC_DEFINE(PATH_MAILDIR_IN_PATHS_H, 1,
3618 [Define if _PATH_MAILDIR is in paths.h]),
3620 [ #include <paths.h> ]
3623 # Check for mail directory (last resort if we cannot get it from headers)
3624 if test ! -z "$MAIL" ; then
3625 maildir=`dirname $MAIL`
3626 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3627 [Set this to your mail directory if you don't have maillock.h])
3630 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3631 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3632 disable_ptmx_check=yes
3634 if test -z "$no_dev_ptmx" ; then
3635 if test "x$disable_ptmx_check" != "xyes" ; then
3636 AC_CHECK_FILE("/dev/ptmx",
3638 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3639 [Define if you have /dev/ptmx])
3646 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3647 AC_CHECK_FILE("/dev/ptc",
3649 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3650 [Define if you have /dev/ptc])
3655 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3658 # Options from here on. Some of these are preset by platform above
3659 AC_ARG_WITH(mantype,
3660 [ --with-mantype=man|cat|doc Set man page type],
3667 AC_MSG_ERROR(invalid man type: $withval)
3672 if test -z "$MANTYPE"; then
3673 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3674 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3675 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3677 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3684 if test "$MANTYPE" = "doc"; then
3691 # Check whether to enable MD5 passwords
3693 AC_ARG_WITH(md5-passwords,
3694 [ --with-md5-passwords Enable use of MD5 passwords],
3696 if test "x$withval" != "xno" ; then
3697 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3698 [Define if you want to allow MD5 passwords])
3704 # Whether to disable shadow password support
3706 [ --without-shadow Disable shadow password support],
3708 if test "x$withval" = "xno" ; then
3709 AC_DEFINE(DISABLE_SHADOW)
3715 if test -z "$disable_shadow" ; then
3716 AC_MSG_CHECKING([if the systems has expire shadow information])
3719 #include <sys/types.h>
3722 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3723 [ sp_expire_available=yes ], []
3726 if test "x$sp_expire_available" = "xyes" ; then
3728 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3729 [Define if you want to use shadow password expire field])
3735 # Use ip address instead of hostname in $DISPLAY
3736 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3737 DISPLAY_HACK_MSG="yes"
3738 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3739 [Define if you need to use IP address
3740 instead of hostname in $DISPLAY])
3742 DISPLAY_HACK_MSG="no"
3743 AC_ARG_WITH(ipaddr-display,
3744 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3746 if test "x$withval" != "xno" ; then
3747 AC_DEFINE(IPADDR_IN_DISPLAY)
3748 DISPLAY_HACK_MSG="yes"
3754 # check for /etc/default/login and use it if present.
3755 AC_ARG_ENABLE(etc-default-login,
3756 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3757 [ if test "x$enableval" = "xno"; then
3758 AC_MSG_NOTICE([/etc/default/login handling disabled])
3759 etc_default_login=no
3761 etc_default_login=yes
3763 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3765 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3766 etc_default_login=no
3768 etc_default_login=yes
3772 if test "x$etc_default_login" != "xno"; then
3773 AC_CHECK_FILE("/etc/default/login",
3774 [ external_path_file=/etc/default/login ])
3775 if test "x$external_path_file" = "x/etc/default/login"; then
3776 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3777 [Define if your system has /etc/default/login])
3781 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3782 if test $ac_cv_func_login_getcapbool = "yes" && \
3783 test $ac_cv_header_login_cap_h = "yes" ; then
3784 external_path_file=/etc/login.conf
3787 # Whether to mess with the default path
3788 SERVER_PATH_MSG="(default)"
3789 AC_ARG_WITH(default-path,
3790 [ --with-default-path= Specify default \$PATH environment for server],
3792 if test "x$external_path_file" = "x/etc/login.conf" ; then
3794 --with-default-path=PATH has no effect on this system.
3795 Edit /etc/login.conf instead.])
3796 elif test "x$withval" != "xno" ; then
3797 if test ! -z "$external_path_file" ; then
3799 --with-default-path=PATH will only be used if PATH is not defined in
3800 $external_path_file .])
3802 user_path="$withval"
3803 SERVER_PATH_MSG="$withval"
3806 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3807 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3809 if test ! -z "$external_path_file" ; then
3811 If PATH is defined in $external_path_file, ensure the path to scp is included,
3812 otherwise scp will not work.])
3816 /* find out what STDPATH is */
3821 #ifndef _PATH_STDPATH
3822 # ifdef _PATH_USERPATH /* Irix */
3823 # define _PATH_STDPATH _PATH_USERPATH
3825 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3828 #include <sys/types.h>
3829 #include <sys/stat.h>
3831 #define DATA "conftest.stdpath"
3838 fd = fopen(DATA,"w");
3842 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3848 [ user_path=`cat conftest.stdpath` ],
3849 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3850 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3852 # make sure $bindir is in USER_PATH so scp will work
3853 t_bindir=`eval echo ${bindir}`
3855 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3858 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3860 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3861 if test $? -ne 0 ; then
3862 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3863 if test $? -ne 0 ; then
3864 user_path=$user_path:$t_bindir
3865 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3870 if test "x$external_path_file" != "x/etc/login.conf" ; then
3871 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3875 # Set superuser path separately to user path
3876 AC_ARG_WITH(superuser-path,
3877 [ --with-superuser-path= Specify different path for super-user],
3879 if test -n "$withval" && test "x$withval" != "xno" && \
3880 test "x${withval}" != "xyes"; then
3881 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3882 [Define if you want a different $PATH
3884 superuser_path=$withval
3890 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3891 IPV4_IN6_HACK_MSG="no"
3893 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3895 if test "x$withval" != "xno" ; then
3897 AC_DEFINE(IPV4_IN_IPV6, 1,
3898 [Detect IPv4 in IPv6 mapped addresses
3900 IPV4_IN6_HACK_MSG="yes"
3905 if test "x$inet6_default_4in6" = "xyes"; then
3906 AC_MSG_RESULT([yes (default)])
3907 AC_DEFINE(IPV4_IN_IPV6)
3908 IPV4_IN6_HACK_MSG="yes"
3910 AC_MSG_RESULT([no (default)])
3915 # Whether to enable BSD auth support
3917 AC_ARG_WITH(bsd-auth,
3918 [ --with-bsd-auth Enable BSD auth support],
3920 if test "x$withval" != "xno" ; then
3921 AC_DEFINE(BSD_AUTH, 1,
3922 [Define if you have BSD auth support])
3928 # Where to place sshd.pid
3930 # make sure the directory exists
3931 if test ! -d $piddir ; then
3932 piddir=`eval echo ${sysconfdir}`
3934 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3938 AC_ARG_WITH(pid-dir,
3939 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3941 if test -n "$withval" && test "x$withval" != "xno" && \
3942 test "x${withval}" != "xyes"; then
3944 if test ! -d $piddir ; then
3945 AC_MSG_WARN([** no $piddir directory on this system **])
3951 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3954 dnl allow user to disable some login recording features
3955 AC_ARG_ENABLE(lastlog,
3956 [ --disable-lastlog disable use of lastlog even if detected [no]],
3958 if test "x$enableval" = "xno" ; then
3959 AC_DEFINE(DISABLE_LASTLOG)
3964 [ --disable-utmp disable use of utmp even if detected [no]],
3966 if test "x$enableval" = "xno" ; then
3967 AC_DEFINE(DISABLE_UTMP)
3971 AC_ARG_ENABLE(utmpx,
3972 [ --disable-utmpx disable use of utmpx even if detected [no]],
3974 if test "x$enableval" = "xno" ; then
3975 AC_DEFINE(DISABLE_UTMPX, 1,
3976 [Define if you don't want to use utmpx])
3981 [ --disable-wtmp disable use of wtmp even if detected [no]],
3983 if test "x$enableval" = "xno" ; then
3984 AC_DEFINE(DISABLE_WTMP)
3988 AC_ARG_ENABLE(wtmpx,
3989 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3991 if test "x$enableval" = "xno" ; then
3992 AC_DEFINE(DISABLE_WTMPX, 1,
3993 [Define if you don't want to use wtmpx])
3997 AC_ARG_ENABLE(libutil,
3998 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4000 if test "x$enableval" = "xno" ; then
4001 AC_DEFINE(DISABLE_LOGIN)
4005 AC_ARG_ENABLE(pututline,
4006 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4008 if test "x$enableval" = "xno" ; then
4009 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4010 [Define if you don't want to use pututline()
4011 etc. to write [uw]tmp])
4015 AC_ARG_ENABLE(pututxline,
4016 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4018 if test "x$enableval" = "xno" ; then
4019 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4020 [Define if you don't want to use pututxline()
4021 etc. to write [uw]tmpx])
4025 AC_ARG_WITH(lastlog,
4026 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4028 if test "x$withval" = "xno" ; then
4029 AC_DEFINE(DISABLE_LASTLOG)
4030 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4031 conf_lastlog_location=$withval
4036 dnl lastlog, [uw]tmpx? detection
4037 dnl NOTE: set the paths in the platform section to avoid the
4038 dnl need for command-line parameters
4039 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4041 dnl lastlog detection
4042 dnl NOTE: the code itself will detect if lastlog is a directory
4043 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4045 #include <sys/types.h>
4047 #ifdef HAVE_LASTLOG_H
4048 # include <lastlog.h>
4057 [ char *lastlog = LASTLOG_FILE; ],
4058 [ AC_MSG_RESULT(yes) ],
4061 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4063 #include <sys/types.h>
4065 #ifdef HAVE_LASTLOG_H
4066 # include <lastlog.h>
4072 [ char *lastlog = _PATH_LASTLOG; ],
4073 [ AC_MSG_RESULT(yes) ],
4076 system_lastlog_path=no
4081 if test -z "$conf_lastlog_location"; then
4082 if test x"$system_lastlog_path" = x"no" ; then
4083 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4084 if (test -d "$f" || test -f "$f") ; then
4085 conf_lastlog_location=$f
4088 if test -z "$conf_lastlog_location"; then
4089 AC_MSG_WARN([** Cannot find lastlog **])
4090 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4095 if test -n "$conf_lastlog_location"; then
4096 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4097 [Define if you want to specify the path to your lastlog file])
4101 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4103 #include <sys/types.h>
4109 [ char *utmp = UTMP_FILE; ],
4110 [ AC_MSG_RESULT(yes) ],
4112 system_utmp_path=no ]
4114 if test -z "$conf_utmp_location"; then
4115 if test x"$system_utmp_path" = x"no" ; then
4116 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4117 if test -f $f ; then
4118 conf_utmp_location=$f
4121 if test -z "$conf_utmp_location"; then
4122 AC_DEFINE(DISABLE_UTMP)
4126 if test -n "$conf_utmp_location"; then
4127 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4128 [Define if you want to specify the path to your utmp file])
4132 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4134 #include <sys/types.h>
4140 [ char *wtmp = WTMP_FILE; ],
4141 [ AC_MSG_RESULT(yes) ],
4143 system_wtmp_path=no ]
4145 if test -z "$conf_wtmp_location"; then
4146 if test x"$system_wtmp_path" = x"no" ; then
4147 for f in /usr/adm/wtmp /var/log/wtmp; do
4148 if test -f $f ; then
4149 conf_wtmp_location=$f
4152 if test -z "$conf_wtmp_location"; then
4153 AC_DEFINE(DISABLE_WTMP)
4157 if test -n "$conf_wtmp_location"; then
4158 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4159 [Define if you want to specify the path to your wtmp file])
4163 dnl utmpx detection - I don't know any system so perverse as to require
4164 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4166 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4168 #include <sys/types.h>
4177 [ char *utmpx = UTMPX_FILE; ],
4178 [ AC_MSG_RESULT(yes) ],
4180 system_utmpx_path=no ]
4182 if test -z "$conf_utmpx_location"; then
4183 if test x"$system_utmpx_path" = x"no" ; then
4184 AC_DEFINE(DISABLE_UTMPX)
4187 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4188 [Define if you want to specify the path to your utmpx file])
4192 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4194 #include <sys/types.h>
4203 [ char *wtmpx = WTMPX_FILE; ],
4204 [ AC_MSG_RESULT(yes) ],
4206 system_wtmpx_path=no ]
4208 if test -z "$conf_wtmpx_location"; then
4209 if test x"$system_wtmpx_path" = x"no" ; then
4210 AC_DEFINE(DISABLE_WTMPX)
4213 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4214 [Define if you want to specify the path to your wtmpx file])
4218 if test ! -z "$blibpath" ; then
4219 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4220 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4223 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4225 CFLAGS="$CFLAGS $werror_flags"
4228 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4229 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4230 scard/Makefile ssh_prng_cmds survey.sh])
4233 # Print summary of options
4235 # Someone please show me a better way :)
4236 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4237 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4238 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4239 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4240 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4241 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4242 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4243 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4244 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4245 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4248 echo "OpenSSH has been configured with the following options:"
4249 echo " User binaries: $B"
4250 echo " System binaries: $C"
4251 echo " Configuration files: $D"
4252 echo " Askpass program: $E"
4253 echo " Manual pages: $F"
4254 echo " PID file: $G"
4255 echo " Privilege separation chroot path: $H"
4256 if test "x$external_path_file" = "x/etc/login.conf" ; then
4257 echo " At runtime, sshd will use the path defined in $external_path_file"
4258 echo " Make sure the path to scp is present, otherwise scp will not work"
4260 echo " sshd default user PATH: $I"
4261 if test ! -z "$external_path_file"; then
4262 echo " (If PATH is set in $external_path_file it will be used instead. If"
4263 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4266 if test ! -z "$superuser_path" ; then
4267 echo " sshd superuser user PATH: $J"
4269 echo " Manpage format: $MANTYPE"
4270 echo " PAM support: $PAM_MSG"
4271 echo " OSF SIA support: $SIA_MSG"
4272 echo " KerberosV support: $KRB5_MSG"
4273 echo " SELinux support: $SELINUX_MSG"
4274 echo " Smartcard support: $SCARD_MSG"
4275 echo " S/KEY support: $SKEY_MSG"
4276 echo " TCP Wrappers support: $TCPW_MSG"
4277 echo " MD5 password support: $MD5_MSG"
4278 echo " libedit support: $LIBEDIT_MSG"
4279 echo " Solaris process contract support: $SPC_MSG"
4280 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4281 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4282 echo " BSD Auth support: $BSD_AUTH_MSG"
4283 echo " Random number source: $RAND_MSG"
4284 if test ! -z "$USE_RAND_HELPER" ; then
4285 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4290 echo " Host: ${host}"
4291 echo " Compiler: ${CC}"
4292 echo " Compiler flags: ${CFLAGS}"
4293 echo "Preprocessor flags: ${CPPFLAGS}"
4294 echo " Linker flags: ${LDFLAGS}"
4295 echo " Libraries: ${LIBS}"
4296 if test ! -z "${SSHDLIBS}"; then
4297 echo " +for sshd: ${SSHDLIBS}"
4302 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4303 echo "SVR4 style packages are supported with \"make package\""
4307 if test "x$PAM_MSG" = "xyes" ; then
4308 echo "PAM is enabled. You may need to install a PAM control file "
4309 echo "for sshd, otherwise password authentication may fail. "
4310 echo "Example PAM control files can be found in the contrib/ "
4315 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4316 echo "WARNING: you are using the builtin random number collection "
4317 echo "service. Please read WARNING.RNG and request that your OS "
4318 echo "vendor includes kernel-based random number collection in "
4319 echo "future versions of your OS."
4323 if test ! -z "$NO_PEERCHECK" ; then
4324 echo "WARNING: the operating system that you are using does not"
4325 echo "appear to support getpeereid(), getpeerucred() or the"
4326 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4327 echo "enforce security checks to prevent unauthorised connections to"
4328 echo "ssh-agent. Their absence increases the risk that a malicious"
4329 echo "user can connect to your agent."
4333 if test "$AUDIT_MODULE" = "bsm" ; then
4334 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4335 echo "See the Solaris section in README.platform for details."