3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
23 # Handle Globus configuration right away, because the Globus flavor
24 # determines our compiler options.
26 # Check whether the user wants GSI (Globus) support
29 [ --with-gsi Enable Globus GSI authentication support],
36 [ --with-globus Enable Globus GSI authentication support],
42 AC_ARG_WITH(globus-static,
43 [ --with-globus-static Link statically with Globus GSI libraries],
46 if test "x$gsi_path" = "xno" ; then
52 # Check whether the user has a Globus flavor type
53 globus_flavor_type="no"
54 AC_ARG_WITH(globus-flavor,
55 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
57 globus_flavor_type="$withval"
58 if test "x$gsi_path" = "xno" ; then
64 if test "x$gsi_path" != "xno" ; then
65 # Globus GSSAPI configuration
66 AC_MSG_CHECKING(for Globus GSI)
67 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
69 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
70 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
72 if test -z "$GSSAPI"; then
77 if test "x$gsi_path" = "xyes" ; then
78 if test -z "$GLOBUS_LOCATION" ; then
79 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
81 gsi_path="$GLOBUS_LOCATION"
84 GLOBUS_LOCATION="$gsi_path"
85 export GLOBUS_LOCATION
86 if test ! -d "$GLOBUS_LOCATION" ; then
87 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
90 if test "x$globus_flavor_type" = "xno" ; then
91 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
93 if test "x$globus_flavor_type" = "xyes" ; then
94 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
97 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
98 if test ! -d "$GLOBUS_INCLUDE" ; then
99 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
102 if test -x ${gsi_path}/bin/globus-makefile-header ; then
103 ${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
104 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
105 ${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
107 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
110 if test -z "$GLOBUS_PKG_LIBS" ; then
111 AC_MSG_ERROR(globus-makefile-header failed)
114 AC_MSG_RESULT($GLOBUS_LOCATION)
115 AC_DEFINE(HAVE_GSSAPI_H)
118 CFLAGS="$GLOBUS_CFLAGS"
120 CPPFLAGS="$GLOBUS_CPPFLAGS $GLOBUS_INCLUDES"
121 LIBS="$LIBS $GLOBUS_LIBS $GLOBUS_PKG_LIBS"
123 LDFLAGS="$LDFLAGS $GLOBUS_LDFLAGS"
129 # End Globus/GSI section
135 # Checks for programs.
142 AC_PATH_PROG(CAT, cat)
143 AC_PATH_PROG(KILL, kill)
144 AC_PATH_PROGS(PERL, perl5 perl)
145 AC_PATH_PROG(SED, sed)
147 AC_PATH_PROG(ENT, ent)
149 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
150 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
151 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
153 AC_SUBST(TEST_SHELL,sh)
156 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
157 [/usr/sbin${PATH_SEPARATOR}/etc])
158 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
159 [/usr/sbin${PATH_SEPARATOR}/etc])
160 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
161 if test -x /sbin/sh; then
162 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
164 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
170 if test -z "$AR" ; then
171 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
174 # Use LOGIN_PROGRAM from environment if possible
175 if test ! -z "$LOGIN_PROGRAM" ; then
176 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
177 [If your header files don't define LOGIN_PROGRAM,
178 then use this (detected) from environment and PATH])
181 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
182 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
183 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
187 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
188 if test ! -z "$PATH_PASSWD_PROG" ; then
189 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
190 [Full path of your "passwd" program])
193 if test -z "$LD" ; then
200 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
202 use_stack_protector=1
203 AC_ARG_WITH(stackprotect,
204 [ --without-stackprotect Don't use compiler's stack protection], [
205 if test "x$withval" = "xno"; then
206 use_stack_protector=0
209 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
210 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
211 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
213 1.*) no_attrib_nonnull=1 ;;
215 CFLAGS="$CFLAGS -Wsign-compare"
218 2.*) no_attrib_nonnull=1 ;;
219 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
220 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
224 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
225 saved_CFLAGS="$CFLAGS"
226 CFLAGS="$CFLAGS -fno-builtin-memset"
227 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
229 int main(void){char b[10]; memset(b, 0, sizeof(b));}
231 [ AC_MSG_RESULT(yes) ],
233 CFLAGS="$saved_CFLAGS" ]
236 # -fstack-protector-all doesn't always work for some GCC versions
237 # and/or platforms, so we test if we can. If it's not supported
238 # on a give platform gcc will emit a warning so we use -Werror.
239 if test "x$use_stack_protector" = "x1"; then
240 for t in -fstack-protector-all -fstack-protector; do
241 AC_MSG_CHECKING(if $CC supports $t)
242 saved_CFLAGS="$CFLAGS"
243 saved_LDFLAGS="$LDFLAGS"
244 CFLAGS="$CFLAGS $t -Werror"
245 LDFLAGS="$LDFLAGS $t -Werror"
249 int main(void){return 0;}
252 CFLAGS="$saved_CFLAGS $t"
253 LDFLAGS="$saved_LDFLAGS $t"
254 AC_MSG_CHECKING(if $t works)
258 int main(void){exit(0);}
262 [ AC_MSG_RESULT(no) ],
263 [ AC_MSG_WARN([cross compiling: cannot test])
267 [ AC_MSG_RESULT(no) ]
269 CFLAGS="$saved_CFLAGS"
270 LDFLAGS="$saved_LDFLAGS"
274 if test -z "$have_llong_max"; then
275 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
276 unset ac_cv_have_decl_LLONG_MAX
277 saved_CFLAGS="$CFLAGS"
278 CFLAGS="$CFLAGS -std=gnu99"
279 AC_CHECK_DECL(LLONG_MAX,
281 [CFLAGS="$saved_CFLAGS"],
282 [#include <limits.h>]
287 if test "x$no_attrib_nonnull" != "x1" ; then
288 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
292 [ --without-rpath Disable auto-added -R linker paths],
294 if test "x$withval" = "xno" ; then
297 if test "x$withval" = "xyes" ; then
303 # Allow user to specify flags
305 [ --with-cflags Specify additional flags to pass to compiler],
307 if test -n "$withval" && test "x$withval" != "xno" && \
308 test "x${withval}" != "xyes"; then
309 CFLAGS="$CFLAGS $withval"
313 AC_ARG_WITH(cppflags,
314 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
316 if test -n "$withval" && test "x$withval" != "xno" && \
317 test "x${withval}" != "xyes"; then
318 CPPFLAGS="$CPPFLAGS $withval"
323 [ --with-ldflags Specify additional flags to pass to linker],
325 if test -n "$withval" && test "x$withval" != "xno" && \
326 test "x${withval}" != "xyes"; then
327 LDFLAGS="$LDFLAGS $withval"
332 [ --with-libs Specify additional libraries to link with],
334 if test -n "$withval" && test "x$withval" != "xno" && \
335 test "x${withval}" != "xyes"; then
336 LIBS="$LIBS $withval"
341 [ --with-Werror Build main code with -Werror],
343 if test -n "$withval" && test "x$withval" != "xno"; then
344 werror_flags="-Werror"
345 if test "x${withval}" != "xyes"; then
346 werror_flags="$withval"
378 security/pam_appl.h \
419 # lastlog.h requires sys/time.h to be included first on Solaris
420 AC_CHECK_HEADERS(lastlog.h, [], [], [
421 #ifdef HAVE_SYS_TIME_H
422 # include <sys/time.h>
426 # sys/ptms.h requires sys/stream.h to be included first on Solaris
427 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
428 #ifdef HAVE_SYS_STREAM_H
429 # include <sys/stream.h>
433 # login_cap.h requires sys/types.h on NetBSD
434 AC_CHECK_HEADERS(login_cap.h, [], [], [
435 #include <sys/types.h>
438 # Messages for features tested for in target-specific section
442 # Check for some target-specific stuff
445 # Some versions of VAC won't allow macro redefinitions at
446 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
447 # particularly with older versions of vac or xlc.
448 # It also throws errors about null macro argments, but these are
450 AC_MSG_CHECKING(if compiler allows macro redefinitions)
453 #define testmacro foo
454 #define testmacro bar
455 int main(void) { exit(0); }
457 [ AC_MSG_RESULT(yes) ],
459 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
460 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
461 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
462 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
466 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
467 if (test -z "$blibpath"); then
468 blibpath="/usr/lib:/lib"
470 saved_LDFLAGS="$LDFLAGS"
471 if test "$GCC" = "yes"; then
472 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
474 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
476 for tryflags in $flags ;do
477 if (test -z "$blibflags"); then
478 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
479 AC_TRY_LINK([], [], [blibflags=$tryflags])
482 if (test -z "$blibflags"); then
483 AC_MSG_RESULT(not found)
484 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
486 AC_MSG_RESULT($blibflags)
488 LDFLAGS="$saved_LDFLAGS"
489 dnl Check for authenticate. Might be in libs.a on older AIXes
490 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
491 [Define if you want to enable AIX4's authenticate function])],
492 [AC_CHECK_LIB(s,authenticate,
493 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
497 dnl Check for various auth function declarations in headers.
498 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
499 passwdexpired, setauthdb], , , [#include <usersec.h>])
500 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
501 AC_CHECK_DECLS(loginfailed,
502 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
504 [#include <usersec.h>],
505 [(void)loginfailed("user","host","tty",0);],
507 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
508 [Define if your AIX loginfailed() function
509 takes 4 arguments (AIX >= 5.2)])],
513 [#include <usersec.h>]
515 AC_CHECK_FUNCS(getgrset setauthdb)
516 AC_CHECK_DECL(F_CLOSEM,
517 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
519 [ #include <limits.h>
522 check_for_aix_broken_getaddrinfo=1
523 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
524 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
525 [Define if your platform breaks doing a seteuid before a setuid])
526 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
527 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
528 dnl AIX handles lastlog as part of its login message
529 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
530 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
531 [Some systems need a utmpx entry for /bin/login to work])
532 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
533 [Define to a Set Process Title type if your system is
534 supported by bsd-setproctitle.c])
535 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
536 [AIX 5.2 and 5.3 (and presumably newer) require this])
537 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
540 check_for_libcrypt_later=1
541 LIBS="$LIBS /usr/lib/textreadmode.o"
542 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
543 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
544 AC_DEFINE(DISABLE_SHADOW, 1,
545 [Define if you want to disable shadow passwords])
546 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
547 [Define if your system choked on IP TOS setting])
548 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
549 [Define if X11 doesn't support AF_UNIX sockets on that system])
550 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
551 [Define if the concept of ports only accessible to
552 superusers isn't known])
553 AC_DEFINE(DISABLE_FD_PASSING, 1,
554 [Define if your platform needs to skip post auth
555 file descriptor passing])
558 AC_DEFINE(IP_TOS_IS_BROKEN)
559 AC_DEFINE(SETEUID_BREAKS_SETUID)
560 AC_DEFINE(BROKEN_SETREUID)
561 AC_DEFINE(BROKEN_SETREGID)
564 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
565 AC_DEFINE(BROKEN_GETADDRINFO)
566 AC_DEFINE(SETEUID_BREAKS_SETUID)
567 AC_DEFINE(BROKEN_SETREUID)
568 AC_DEFINE(BROKEN_SETREGID)
569 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
570 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
571 [Define if your resolver libs need this for getrrsetbyname])
572 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
573 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
574 [Use tunnel device compatibility to OpenBSD])
575 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
576 [Prepend the address family to IP tunnel traffic])
577 m4_pattern_allow(AU_IPv)
578 AC_CHECK_DECL(AU_IPv4, [],
579 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
580 [#include <bsm/audit.h>]
582 AC_MSG_CHECKING(if we have the Security Authorization Session API)
583 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
584 [SessionCreate(0, 0);],
585 [ac_cv_use_security_session_api="yes"
586 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
587 [platform has the Security Authorization Session API])
588 LIBS="$LIBS -framework Security"
590 [ac_cv_use_security_session_api="no"
592 AC_MSG_CHECKING(if we have an in-memory credentials cache)
594 [#include <Kerberos/Kerberos.h>],
596 (void) cc_initialize (&c, 0, NULL, NULL);],
597 [AC_DEFINE(USE_CCAPI, 1,
598 [platform uses an in-memory credentials cache])
599 LIBS="$LIBS -framework Security"
601 if test "x$ac_cv_use_security_session_api" = "xno"; then
602 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
608 SSHDLIBS="$SSHDLIBS -lcrypt"
611 # first we define all of the options common to all HP-UX releases
612 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
613 IPADDR_IN_DISPLAY=yes
615 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
616 [Define if your login program cannot handle end of options ("--")])
617 AC_DEFINE(LOGIN_NEEDS_UTMPX)
618 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
619 [String used in /etc/passwd to denote locked account])
620 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
621 MAIL="/var/mail/username"
623 AC_CHECK_LIB(xnet, t_error, ,
624 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
626 # next, we define all of the options specific to major releases
629 if test -z "$GCC"; then
634 AC_DEFINE(PAM_SUN_CODEBASE, 1,
635 [Define if you are using Solaris-derived PAM which
636 passes pam_messages to the conversation function
637 with an extra level of indirection])
638 AC_DEFINE(DISABLE_UTMP, 1,
639 [Define if you don't want to use utmp])
640 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
641 check_for_hpux_broken_getaddrinfo=1
642 check_for_conflicting_getspnam=1
646 # lastly, we define options specific to minor releases
649 AC_DEFINE(HAVE_SECUREWARE, 1,
650 [Define if you have SecureWare-based
651 protected password database])
652 disable_ptmx_check=yes
658 PATH="$PATH:/usr/etc"
659 AC_DEFINE(BROKEN_INET_NTOA, 1,
660 [Define if you system's inet_ntoa is busted
661 (e.g. Irix gcc issue)])
662 AC_DEFINE(SETEUID_BREAKS_SETUID)
663 AC_DEFINE(BROKEN_SETREUID)
664 AC_DEFINE(BROKEN_SETREGID)
665 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
666 [Define if you shouldn't strip 'tty' from your
668 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
671 PATH="$PATH:/usr/etc"
672 AC_DEFINE(WITH_IRIX_ARRAY, 1,
673 [Define if you have/want arrays
674 (cluster-wide session managment, not C arrays)])
675 AC_DEFINE(WITH_IRIX_PROJECT, 1,
676 [Define if you want IRIX project management])
677 AC_DEFINE(WITH_IRIX_AUDIT, 1,
678 [Define if you want IRIX audit trails])
679 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
680 [Define if you want IRIX kernel jobs])])
681 AC_DEFINE(BROKEN_INET_NTOA)
682 AC_DEFINE(SETEUID_BREAKS_SETUID)
683 AC_DEFINE(BROKEN_SETREUID)
684 AC_DEFINE(BROKEN_SETREGID)
685 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
686 AC_DEFINE(WITH_ABBREV_NO_TTY)
687 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
691 check_for_libcrypt_later=1
692 check_for_openpty_ctty_bug=1
693 AC_DEFINE(PAM_TTY_KLUDGE, 1,
694 [Work around problematic Linux PAM modules handling of PAM_TTY])
695 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
696 [String used in /etc/passwd to denote locked account])
697 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
698 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
699 [Define to whatever link() returns for "not supported"
700 if it doesn't return EOPNOTSUPP.])
701 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
703 inet6_default_4in6=yes
706 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
707 [Define if cmsg_type is not passed correctly])
710 # tun(4) forwarding compat code
711 AC_CHECK_HEADERS(linux/if_tun.h)
712 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
713 AC_DEFINE(SSH_TUN_LINUX, 1,
714 [Open tunnel devices the Linux tun/tap way])
715 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
716 [Use tunnel device compatibility to OpenBSD])
717 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
718 [Prepend the address family to IP tunnel traffic])
721 mips-sony-bsd|mips-sony-newsos4)
722 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
726 check_for_libcrypt_before=1
727 if test "x$withval" != "xno" ; then
730 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
731 AC_CHECK_HEADER([net/if_tap.h], ,
732 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
733 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
734 [Prepend the address family to IP tunnel traffic])
737 check_for_libcrypt_later=1
738 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
739 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
740 AC_CHECK_HEADER([net/if_tap.h], ,
741 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
742 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
745 AC_DEFINE(SETEUID_BREAKS_SETUID)
746 AC_DEFINE(BROKEN_SETREUID)
747 AC_DEFINE(BROKEN_SETREGID)
750 conf_lastlog_location="/usr/adm/lastlog"
751 conf_utmp_location=/etc/utmp
752 conf_wtmp_location=/usr/adm/wtmp
754 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
755 AC_DEFINE(BROKEN_REALPATH)
757 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
760 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
761 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
762 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
763 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
764 [syslog_r function is safe to use in in a signal handler])
767 if test "x$withval" != "xno" ; then
770 AC_DEFINE(PAM_SUN_CODEBASE)
771 AC_DEFINE(LOGIN_NEEDS_UTMPX)
772 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
773 [Some versions of /bin/login need the TERM supplied
775 AC_DEFINE(PAM_TTY_KLUDGE)
776 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
777 [Define if pam_chauthtok wants real uid set
778 to the unpriv'ed user])
779 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
780 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
781 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
782 [Define if sshd somehow reacquires a controlling TTY
784 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
785 in case the name is longer than 8 chars])
786 external_path_file=/etc/default/login
787 # hardwire lastlog location (can't detect it on some versions)
788 conf_lastlog_location="/var/adm/lastlog"
789 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
790 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
791 if test "$sol2ver" -ge 8; then
793 AC_DEFINE(DISABLE_UTMP)
794 AC_DEFINE(DISABLE_WTMP, 1,
795 [Define if you don't want to use wtmp])
799 AC_ARG_WITH(solaris-contracts,
800 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
802 AC_CHECK_LIB(contract, ct_tmpl_activate,
803 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
804 [Define if you have Solaris process contracts])
805 SSHDLIBS="$SSHDLIBS -lcontract"
812 CPPFLAGS="$CPPFLAGS -DSUNOS4"
813 AC_CHECK_FUNCS(getpwanam)
814 AC_DEFINE(PAM_SUN_CODEBASE)
815 conf_utmp_location=/etc/utmp
816 conf_wtmp_location=/var/adm/wtmp
817 conf_lastlog_location=/var/adm/lastlog
823 AC_DEFINE(SSHD_ACQUIRES_CTTY)
824 AC_DEFINE(SETEUID_BREAKS_SETUID)
825 AC_DEFINE(BROKEN_SETREUID)
826 AC_DEFINE(BROKEN_SETREGID)
829 # /usr/ucblib MUST NOT be searched on ReliantUNIX
830 AC_CHECK_LIB(dl, dlsym, ,)
831 # -lresolv needs to be at the end of LIBS or DNS lookups break
832 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
833 IPADDR_IN_DISPLAY=yes
835 AC_DEFINE(IP_TOS_IS_BROKEN)
836 AC_DEFINE(SETEUID_BREAKS_SETUID)
837 AC_DEFINE(BROKEN_SETREUID)
838 AC_DEFINE(BROKEN_SETREGID)
839 AC_DEFINE(SSHD_ACQUIRES_CTTY)
840 external_path_file=/etc/default/login
841 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
842 # Attention: always take care to bind libsocket and libnsl before libc,
843 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
845 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
848 AC_DEFINE(SETEUID_BREAKS_SETUID)
849 AC_DEFINE(BROKEN_SETREUID)
850 AC_DEFINE(BROKEN_SETREGID)
851 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
852 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
854 # UnixWare 7.x, OpenUNIX 8
856 check_for_libcrypt_later=1
857 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
859 AC_DEFINE(SETEUID_BREAKS_SETUID)
860 AC_DEFINE(BROKEN_SETREUID)
861 AC_DEFINE(BROKEN_SETREGID)
862 AC_DEFINE(PASSWD_NEEDS_USERNAME)
864 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
865 TEST_SHELL=/u95/bin/sh
866 AC_DEFINE(BROKEN_LIBIAF, 1,
867 [ia_uinfo routines not supported by OS yet])
868 AC_DEFINE(BROKEN_UPDWTMPX)
870 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
876 # SCO UNIX and OEM versions of SCO UNIX
878 AC_MSG_ERROR("This Platform is no longer supported.")
882 if test -z "$GCC"; then
883 CFLAGS="$CFLAGS -belf"
885 LIBS="$LIBS -lprot -lx -ltinfo -lm"
888 AC_DEFINE(HAVE_SECUREWARE)
889 AC_DEFINE(DISABLE_SHADOW)
890 AC_DEFINE(DISABLE_FD_PASSING)
891 AC_DEFINE(SETEUID_BREAKS_SETUID)
892 AC_DEFINE(BROKEN_SETREUID)
893 AC_DEFINE(BROKEN_SETREGID)
894 AC_DEFINE(WITH_ABBREV_NO_TTY)
895 AC_DEFINE(BROKEN_UPDWTMPX)
896 AC_DEFINE(PASSWD_NEEDS_USERNAME)
897 AC_CHECK_FUNCS(getluid setluid)
902 AC_DEFINE(NO_SSH_LASTLOG, 1,
903 [Define if you don't want to use lastlog in session.c])
904 AC_DEFINE(SETEUID_BREAKS_SETUID)
905 AC_DEFINE(BROKEN_SETREUID)
906 AC_DEFINE(BROKEN_SETREGID)
908 AC_DEFINE(DISABLE_FD_PASSING)
910 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
914 AC_DEFINE(SETEUID_BREAKS_SETUID)
915 AC_DEFINE(BROKEN_SETREUID)
916 AC_DEFINE(BROKEN_SETREGID)
917 AC_DEFINE(WITH_ABBREV_NO_TTY)
919 AC_DEFINE(DISABLE_FD_PASSING)
921 LIBS="$LIBS -lgen -lacid -ldb"
925 AC_DEFINE(SETEUID_BREAKS_SETUID)
926 AC_DEFINE(BROKEN_SETREUID)
927 AC_DEFINE(BROKEN_SETREGID)
929 AC_DEFINE(DISABLE_FD_PASSING)
930 AC_DEFINE(NO_SSH_LASTLOG)
931 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
932 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
936 AC_MSG_CHECKING(for Digital Unix SIA)
939 [ --with-osfsia Enable Digital Unix SIA],
941 if test "x$withval" = "xno" ; then
942 AC_MSG_RESULT(disabled)
947 if test -z "$no_osfsia" ; then
948 if test -f /etc/sia/matrix.conf; then
950 AC_DEFINE(HAVE_OSF_SIA, 1,
951 [Define if you have Digital Unix Security
952 Integration Architecture])
953 AC_DEFINE(DISABLE_LOGIN, 1,
954 [Define if you don't want to use your
955 system's login() call])
956 AC_DEFINE(DISABLE_FD_PASSING)
957 LIBS="$LIBS -lsecurity -ldb -lm -laud"
961 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
962 [String used in /etc/passwd to denote locked account])
965 AC_DEFINE(BROKEN_GETADDRINFO)
966 AC_DEFINE(SETEUID_BREAKS_SETUID)
967 AC_DEFINE(BROKEN_SETREUID)
968 AC_DEFINE(BROKEN_SETREGID)
969 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
974 AC_DEFINE(NO_X11_UNIX_SOCKETS)
975 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
976 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
977 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
978 AC_DEFINE(DISABLE_LASTLOG)
979 AC_DEFINE(SSHD_ACQUIRES_CTTY)
980 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
981 enable_etc_default_login=no # has incompatible /etc/default/login
984 AC_DEFINE(DISABLE_FD_PASSING)
990 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
991 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
992 AC_DEFINE(NEED_SETPGRP)
993 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
997 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
998 AC_DEFINE(MISSING_HOWMANY)
999 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
1003 AC_MSG_CHECKING(compiler and flags for sanity)
1007 int main(){exit(0);}
1009 [ AC_MSG_RESULT(yes) ],
1012 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1014 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1017 dnl Checks for header files.
1018 # Checks for libraries.
1019 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
1020 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
1022 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1023 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
1024 AC_CHECK_LIB(gen, dirname,[
1025 AC_CACHE_CHECK([for broken dirname],
1026 ac_cv_have_broken_dirname, [
1034 int main(int argc, char **argv) {
1037 strncpy(buf,"/etc", 32);
1039 if (!s || strncmp(s, "/", 32) != 0) {
1046 [ ac_cv_have_broken_dirname="no" ],
1047 [ ac_cv_have_broken_dirname="yes" ],
1048 [ ac_cv_have_broken_dirname="no" ],
1052 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1054 AC_DEFINE(HAVE_DIRNAME)
1055 AC_CHECK_HEADERS(libgen.h)
1060 AC_CHECK_FUNC(getspnam, ,
1061 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
1062 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
1063 [Define if you have the basename function.]))
1065 dnl zlib is required
1067 [ --with-zlib=PATH Use zlib in PATH],
1068 [ if test "x$withval" = "xno" ; then
1069 AC_MSG_ERROR([*** zlib is required ***])
1070 elif test "x$withval" != "xyes"; then
1071 if test -d "$withval/lib"; then
1072 if test -n "${need_dash_r}"; then
1073 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1075 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1078 if test -n "${need_dash_r}"; then
1079 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1081 LDFLAGS="-L${withval} ${LDFLAGS}"
1084 if test -d "$withval/include"; then
1085 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1087 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1092 AC_CHECK_LIB(z, deflate, ,
1094 saved_CPPFLAGS="$CPPFLAGS"
1095 saved_LDFLAGS="$LDFLAGS"
1097 dnl Check default zlib install dir
1098 if test -n "${need_dash_r}"; then
1099 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1101 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1103 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1105 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1107 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1112 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1114 AC_ARG_WITH(zlib-version-check,
1115 [ --without-zlib-version-check Disable zlib version check],
1116 [ if test "x$withval" = "xno" ; then
1117 zlib_check_nonfatal=1
1122 AC_MSG_CHECKING(for possibly buggy zlib)
1123 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1128 int a=0, b=0, c=0, d=0, n, v;
1129 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1130 if (n != 3 && n != 4)
1132 v = a*1000000 + b*10000 + c*100 + d;
1133 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1136 if (a == 1 && b == 1 && c >= 4)
1139 /* 1.2.3 and up are OK */
1147 [ AC_MSG_RESULT(yes)
1148 if test -z "$zlib_check_nonfatal" ; then
1149 AC_MSG_ERROR([*** zlib too old - check config.log ***
1150 Your reported zlib version has known security problems. It's possible your
1151 vendor has fixed these problems without changing the version number. If you
1152 are sure this is the case, you can disable the check by running
1153 "./configure --without-zlib-version-check".
1154 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1155 See http://www.gzip.org/zlib/ for details.])
1157 AC_MSG_WARN([zlib version may have security problems])
1160 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1164 AC_CHECK_FUNC(strcasecmp,
1165 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1167 AC_CHECK_FUNCS(utimes,
1168 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1169 LIBS="$LIBS -lc89"]) ]
1172 dnl Checks for libutil functions
1173 AC_CHECK_HEADERS(libutil.h)
1174 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1175 [Define if your libraries define login()])])
1176 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1180 # Check for ALTDIRFUNC glob() extension
1181 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1182 AC_EGREP_CPP(FOUNDIT,
1185 #ifdef GLOB_ALTDIRFUNC
1190 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1191 [Define if your system glob() function has
1192 the GLOB_ALTDIRFUNC extension])
1200 # Check for g.gl_matchc glob() extension
1201 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1203 [ #include <glob.h> ],
1204 [glob_t g; g.gl_matchc = 1;],
1206 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1207 [Define if your system glob() function has
1208 gl_matchc options in glob_t])
1216 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1218 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1221 #include <sys/types.h>
1223 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1225 [AC_MSG_RESULT(yes)],
1228 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1229 [Define if your struct dirent expects you to
1230 allocate extra space for d_name])
1233 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1234 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1238 AC_MSG_CHECKING([for /proc/pid/fd directory])
1239 if test -d "/proc/$$/fd" ; then
1240 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1246 # Check whether user wants S/Key support
1249 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1251 if test "x$withval" != "xno" ; then
1253 if test "x$withval" != "xyes" ; then
1254 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1255 LDFLAGS="$LDFLAGS -L${withval}/lib"
1258 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1262 AC_MSG_CHECKING([for s/key support])
1267 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1269 [AC_MSG_RESULT(yes)],
1272 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1274 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1278 [(void)skeychallenge(NULL,"name","",0);],
1280 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1281 [Define if your skeychallenge()
1282 function takes 4 arguments (NetBSD)])],
1289 # Check whether user wants TCP wrappers support
1291 AC_ARG_WITH(tcp-wrappers,
1292 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1294 if test "x$withval" != "xno" ; then
1296 saved_LDFLAGS="$LDFLAGS"
1297 saved_CPPFLAGS="$CPPFLAGS"
1298 if test -n "${withval}" && \
1299 test "x${withval}" != "xyes"; then
1300 if test -d "${withval}/lib"; then
1301 if test -n "${need_dash_r}"; then
1302 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1304 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1307 if test -n "${need_dash_r}"; then
1308 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1310 LDFLAGS="-L${withval} ${LDFLAGS}"
1313 if test -d "${withval}/include"; then
1314 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1316 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1320 AC_MSG_CHECKING(for libwrap)
1323 #include <sys/types.h>
1324 #include <sys/socket.h>
1325 #include <netinet/in.h>
1327 int deny_severity = 0, allow_severity = 0;
1332 AC_DEFINE(LIBWRAP, 1,
1334 TCP Wrappers support])
1335 SSHDLIBS="$SSHDLIBS -lwrap"
1339 AC_MSG_ERROR([*** libwrap missing])
1347 # Check whether user wants libedit support
1349 AC_ARG_WITH(libedit,
1350 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1351 [ if test "x$withval" != "xno" ; then
1352 if test "x$withval" != "xyes"; then
1353 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1354 if test -n "${need_dash_r}"; then
1355 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1357 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1360 AC_CHECK_LIB(edit, el_init,
1361 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1362 LIBEDIT="-ledit -lcurses"
1366 [ AC_MSG_ERROR(libedit not found) ],
1369 AC_MSG_CHECKING(if libedit version is compatible)
1372 #include <histedit.h>
1376 el_init("", NULL, NULL, NULL);
1380 [ AC_MSG_RESULT(yes) ],
1382 AC_MSG_ERROR(libedit version is not compatible) ]
1389 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1391 AC_MSG_CHECKING(for supported audit module)
1396 dnl Checks for headers, libs and functions
1397 AC_CHECK_HEADERS(bsm/audit.h, [],
1398 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1405 AC_CHECK_LIB(bsm, getaudit, [],
1406 [AC_MSG_ERROR(BSM enabled and required library not found)])
1407 AC_CHECK_FUNCS(getaudit, [],
1408 [AC_MSG_ERROR(BSM enabled and required function not found)])
1409 # These are optional
1410 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1411 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1415 AC_MSG_RESULT(debug)
1416 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1422 AC_MSG_ERROR([Unknown audit module $withval])
1427 dnl Checks for library functions. Please keep in alphabetical order
1431 arc4random_uniform \
1520 # IRIX has a const char return value for gai_strerror()
1521 AC_CHECK_FUNCS(gai_strerror,[
1522 AC_DEFINE(HAVE_GAI_STRERROR)
1524 #include <sys/types.h>
1525 #include <sys/socket.h>
1528 const char *gai_strerror(int);],[
1531 str = gai_strerror(0);],[
1532 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1533 [Define if gai_strerror() returns const char *])])])
1535 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1536 [Some systems put nanosleep outside of libc]))
1538 dnl Make sure prototypes are defined for these before using them.
1539 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1540 AC_CHECK_DECL(strsep,
1541 [AC_CHECK_FUNCS(strsep)],
1544 #ifdef HAVE_STRING_H
1545 # include <string.h>
1549 dnl tcsendbreak might be a macro
1550 AC_CHECK_DECL(tcsendbreak,
1551 [AC_DEFINE(HAVE_TCSENDBREAK)],
1552 [AC_CHECK_FUNCS(tcsendbreak)],
1553 [#include <termios.h>]
1556 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1558 AC_CHECK_DECLS(SHUT_RD, , ,
1560 #include <sys/types.h>
1561 #include <sys/socket.h>
1564 AC_CHECK_DECLS(O_NONBLOCK, , ,
1566 #include <sys/types.h>
1567 #ifdef HAVE_SYS_STAT_H
1568 # include <sys/stat.h>
1575 AC_CHECK_DECLS(writev, , , [
1576 #include <sys/types.h>
1577 #include <sys/uio.h>
1581 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1582 #include <sys/param.h>
1585 AC_CHECK_DECLS(offsetof, , , [
1589 AC_CHECK_FUNCS(setresuid, [
1590 dnl Some platorms have setresuid that isn't implemented, test for this
1591 AC_MSG_CHECKING(if setresuid seems to work)
1596 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1598 [AC_MSG_RESULT(yes)],
1599 [AC_DEFINE(BROKEN_SETRESUID, 1,
1600 [Define if your setresuid() is broken])
1601 AC_MSG_RESULT(not implemented)],
1602 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1606 AC_CHECK_FUNCS(setresgid, [
1607 dnl Some platorms have setresgid that isn't implemented, test for this
1608 AC_MSG_CHECKING(if setresgid seems to work)
1613 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1615 [AC_MSG_RESULT(yes)],
1616 [AC_DEFINE(BROKEN_SETRESGID, 1,
1617 [Define if your setresgid() is broken])
1618 AC_MSG_RESULT(not implemented)],
1619 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1623 dnl Checks for time functions
1624 AC_CHECK_FUNCS(gettimeofday time)
1625 dnl Checks for utmp functions
1626 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1627 AC_CHECK_FUNCS(utmpname)
1628 dnl Checks for utmpx functions
1629 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1630 AC_CHECK_FUNCS(setutxent utmpxname)
1632 AC_CHECK_FUNC(daemon,
1633 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1634 [AC_CHECK_LIB(bsd, daemon,
1635 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1638 AC_CHECK_FUNC(getpagesize,
1639 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1640 [Define if your libraries define getpagesize()])],
1641 [AC_CHECK_LIB(ucb, getpagesize,
1642 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1645 # Check for broken snprintf
1646 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1647 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1651 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1653 [AC_MSG_RESULT(yes)],
1656 AC_DEFINE(BROKEN_SNPRINTF, 1,
1657 [Define if your snprintf is busted])
1658 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1660 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1664 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1665 # returning the right thing on overflow: the number of characters it tried to
1666 # create (as per SUSv3)
1667 if test "x$ac_cv_func_asprintf" != "xyes" && \
1668 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1669 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1672 #include <sys/types.h>
1676 int x_snprintf(char *str,size_t count,const char *fmt,...)
1678 size_t ret; va_list ap;
1679 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1685 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1687 [AC_MSG_RESULT(yes)],
1690 AC_DEFINE(BROKEN_SNPRINTF, 1,
1691 [Define if your snprintf is busted])
1692 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1694 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1698 # On systems where [v]snprintf is broken, but is declared in stdio,
1699 # check that the fmt argument is const char * or just char *.
1700 # This is only useful for when BROKEN_SNPRINTF
1701 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1702 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1703 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1704 int main(void) { snprintf(0, 0, 0); }
1707 AC_DEFINE(SNPRINTF_CONST, [const],
1708 [Define as const if snprintf() can declare const char *fmt])],
1710 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1712 # Check for missing getpeereid (or equiv) support
1714 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1715 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1717 [#include <sys/types.h>
1718 #include <sys/socket.h>],
1719 [int i = SO_PEERCRED;],
1720 [ AC_MSG_RESULT(yes)
1721 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1728 dnl see whether mkstemp() requires XXXXXX
1729 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1730 AC_MSG_CHECKING([for (overly) strict mkstemp])
1734 main() { char template[]="conftest.mkstemp-test";
1735 if (mkstemp(template) == -1)
1737 unlink(template); exit(0);
1745 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1749 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1754 dnl make sure that openpty does not reacquire controlling terminal
1755 if test ! -z "$check_for_openpty_ctty_bug"; then
1756 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1760 #include <sys/fcntl.h>
1761 #include <sys/types.h>
1762 #include <sys/wait.h>
1768 int fd, ptyfd, ttyfd, status;
1771 if (pid < 0) { /* failed */
1773 } else if (pid > 0) { /* parent */
1774 waitpid(pid, &status, 0);
1775 if (WIFEXITED(status))
1776 exit(WEXITSTATUS(status));
1779 } else { /* child */
1780 close(0); close(1); close(2);
1782 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1783 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1785 exit(3); /* Acquired ctty: broken */
1787 exit(0); /* Did not acquire ctty: OK */
1796 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1799 AC_MSG_RESULT(cross-compiling, assuming yes)
1804 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1805 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1806 AC_MSG_CHECKING(if getaddrinfo seems to work)
1810 #include <sys/socket.h>
1813 #include <netinet/in.h>
1815 #define TEST_PORT "2222"
1821 struct addrinfo *gai_ai, *ai, hints;
1822 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1824 memset(&hints, 0, sizeof(hints));
1825 hints.ai_family = PF_UNSPEC;
1826 hints.ai_socktype = SOCK_STREAM;
1827 hints.ai_flags = AI_PASSIVE;
1829 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1831 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1835 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1836 if (ai->ai_family != AF_INET6)
1839 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1840 sizeof(ntop), strport, sizeof(strport),
1841 NI_NUMERICHOST|NI_NUMERICSERV);
1844 if (err == EAI_SYSTEM)
1845 perror("getnameinfo EAI_SYSTEM");
1847 fprintf(stderr, "getnameinfo failed: %s\n",
1852 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1855 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1868 AC_DEFINE(BROKEN_GETADDRINFO)
1871 AC_MSG_RESULT(cross-compiling, assuming yes)
1876 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1877 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1878 AC_MSG_CHECKING(if getaddrinfo seems to work)
1882 #include <sys/socket.h>
1885 #include <netinet/in.h>
1887 #define TEST_PORT "2222"
1893 struct addrinfo *gai_ai, *ai, hints;
1894 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1896 memset(&hints, 0, sizeof(hints));
1897 hints.ai_family = PF_UNSPEC;
1898 hints.ai_socktype = SOCK_STREAM;
1899 hints.ai_flags = AI_PASSIVE;
1901 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1903 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1907 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1908 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1911 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1912 sizeof(ntop), strport, sizeof(strport),
1913 NI_NUMERICHOST|NI_NUMERICSERV);
1915 if (ai->ai_family == AF_INET && err != 0) {
1916 perror("getnameinfo");
1925 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1926 [Define if you have a getaddrinfo that fails
1927 for the all-zeros IPv6 address])
1931 AC_DEFINE(BROKEN_GETADDRINFO)
1934 AC_MSG_RESULT(cross-compiling, assuming no)
1939 if test "x$check_for_conflicting_getspnam" = "x1"; then
1940 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1944 int main(void) {exit(0);}
1951 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1952 [Conflicting defs for getspnam])
1959 # Search for OpenSSL
1960 saved_CPPFLAGS="$CPPFLAGS"
1961 saved_LDFLAGS="$LDFLAGS"
1962 AC_ARG_WITH(ssl-dir,
1963 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1965 if test "x$withval" != "xno" ; then
1968 ./*|../*) withval="`pwd`/$withval"
1970 if test -d "$withval/lib"; then
1971 if test -n "${need_dash_r}"; then
1972 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1974 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1977 if test -n "${need_dash_r}"; then
1978 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1980 LDFLAGS="-L${withval} ${LDFLAGS}"
1983 if test -d "$withval/include"; then
1984 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1986 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1991 if test -z "$GLOBUS_LDFLAGS" ; then
1992 LIBS="-lcrypto $LIBS"
1994 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1995 [Define if your ssl headers are included
1996 with #include <openssl/header.h>]),
1998 dnl Check default openssl install dir
1999 if test -n "${need_dash_r}"; then
2000 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2002 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2004 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2005 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2007 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2013 # Determine OpenSSL header version
2014 AC_MSG_CHECKING([OpenSSL header version])
2019 #include <openssl/opensslv.h>
2020 #define DATA "conftest.sslincver"
2025 fd = fopen(DATA,"w");
2029 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2036 ssl_header_ver=`cat conftest.sslincver`
2037 AC_MSG_RESULT($ssl_header_ver)
2040 AC_MSG_RESULT(not found)
2041 AC_MSG_ERROR(OpenSSL version header not found.)
2044 AC_MSG_WARN([cross compiling: not checking])
2048 # Determine OpenSSL library version
2049 AC_MSG_CHECKING([OpenSSL library version])
2054 #include <openssl/opensslv.h>
2055 #include <openssl/crypto.h>
2056 #define DATA "conftest.ssllibver"
2061 fd = fopen(DATA,"w");
2065 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2072 ssl_library_ver=`cat conftest.ssllibver`
2073 AC_MSG_RESULT($ssl_library_ver)
2076 AC_MSG_RESULT(not found)
2077 AC_MSG_ERROR(OpenSSL library not found.)
2080 AC_MSG_WARN([cross compiling: not checking])
2084 AC_ARG_WITH(openssl-header-check,
2085 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2086 [ if test "x$withval" = "xno" ; then
2087 openssl_check_nonfatal=1
2092 # Sanity check OpenSSL headers
2093 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2097 #include <openssl/opensslv.h>
2098 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2105 if test "x$openssl_check_nonfatal" = "x"; then
2106 AC_MSG_ERROR([Your OpenSSL headers do not match your
2107 library. Check config.log for details.
2108 If you are sure your installation is consistent, you can disable the check
2109 by running "./configure --without-openssl-header-check".
2110 Also see contrib/findssl.sh for help identifying header/library mismatches.
2113 AC_MSG_WARN([Your OpenSSL headers do not match your
2114 library. Check config.log for details.
2115 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2119 AC_MSG_WARN([cross compiling: not checking])
2123 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2126 #include <openssl/evp.h>
2127 int main(void) { SSLeay_add_all_algorithms(); }
2136 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2139 #include <openssl/evp.h>
2140 int main(void) { SSLeay_add_all_algorithms(); }
2153 AC_ARG_WITH(ssl-engine,
2154 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2155 [ if test "x$withval" != "xno" ; then
2156 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2158 [ #include <openssl/engine.h>],
2160 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2162 [ AC_MSG_RESULT(yes)
2163 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2164 [Enable OpenSSL engine support])
2166 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2171 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2172 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2176 #include <openssl/evp.h>
2177 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2184 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2185 [libcrypto is missing AES 192 and 256 bit functions])
2189 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2190 # because the system crypt() is more featureful.
2191 if test "x$check_for_libcrypt_before" = "x1"; then
2192 AC_CHECK_LIB(crypt, crypt)
2195 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2196 # version in OpenSSL.
2197 if test "x$check_for_libcrypt_later" = "x1"; then
2198 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2201 # Search for SHA256 support in libc and/or OpenSSL
2202 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2205 AC_CHECK_LIB(iaf, ia_openinfo, [
2207 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2208 AC_DEFINE(HAVE_LIBIAF, 1,
2209 [Define if system has libiaf that supports set_id])
2214 ### Configure cryptographic random number support
2216 # Check wheter OpenSSL seeds itself
2217 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2221 #include <openssl/rand.h>
2222 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2225 OPENSSL_SEEDS_ITSELF=yes
2230 # Default to use of the rand helper if OpenSSL doesn't
2235 AC_MSG_WARN([cross compiling: assuming yes])
2236 # This is safe, since all recent OpenSSL versions will
2237 # complain at runtime if not seeded correctly.
2238 OPENSSL_SEEDS_ITSELF=yes
2242 # Check for PAM libs
2245 [ --with-pam Enable PAM support ],
2247 if test "x$withval" != "xno" ; then
2248 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2249 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2250 AC_MSG_ERROR([PAM headers not found])
2254 AC_CHECK_LIB(dl, dlopen, , )
2255 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2256 AC_CHECK_FUNCS(pam_getenvlist)
2257 AC_CHECK_FUNCS(pam_putenv)
2262 SSHDLIBS="$SSHDLIBS -lpam"
2263 AC_DEFINE(USE_PAM, 1,
2264 [Define if you want to enable PAM support])
2266 if test $ac_cv_lib_dl_dlopen = yes; then
2269 # libdl already in LIBS
2272 SSHDLIBS="$SSHDLIBS -ldl"
2280 # Check for older PAM
2281 if test "x$PAM_MSG" = "xyes" ; then
2282 # Check PAM strerror arguments (old PAM)
2283 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2287 #if defined(HAVE_SECURITY_PAM_APPL_H)
2288 #include <security/pam_appl.h>
2289 #elif defined (HAVE_PAM_PAM_APPL_H)
2290 #include <pam/pam_appl.h>
2293 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2294 [AC_MSG_RESULT(no)],
2296 AC_DEFINE(HAVE_OLD_PAM, 1,
2297 [Define if you have an old version of PAM
2298 which takes only one argument to pam_strerror])
2300 PAM_MSG="yes (old library)"
2305 # Do we want to force the use of the rand helper?
2306 AC_ARG_WITH(rand-helper,
2307 [ --with-rand-helper Use subprocess to gather strong randomness ],
2309 if test "x$withval" = "xno" ; then
2310 # Force use of OpenSSL's internal RNG, even if
2311 # the previous test showed it to be unseeded.
2312 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2313 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2314 OPENSSL_SEEDS_ITSELF=yes
2323 # Which randomness source do we use?
2324 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2326 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2327 [Define if you want OpenSSL's internally seeded PRNG only])
2328 RAND_MSG="OpenSSL internal ONLY"
2329 INSTALL_SSH_RAND_HELPER=""
2330 elif test ! -z "$USE_RAND_HELPER" ; then
2331 # install rand helper
2332 RAND_MSG="ssh-rand-helper"
2333 INSTALL_SSH_RAND_HELPER="yes"
2335 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2337 ### Configuration of ssh-rand-helper
2340 AC_ARG_WITH(prngd-port,
2341 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2350 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2353 if test ! -z "$withval" ; then
2354 PRNGD_PORT="$withval"
2355 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2356 [Port number of PRNGD/EGD random number socket])
2361 # PRNGD Unix domain socket
2362 AC_ARG_WITH(prngd-socket,
2363 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2367 withval="/var/run/egd-pool"
2375 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2379 if test ! -z "$withval" ; then
2380 if test ! -z "$PRNGD_PORT" ; then
2381 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2383 if test ! -r "$withval" ; then
2384 AC_MSG_WARN(Entropy socket is not readable)
2386 PRNGD_SOCKET="$withval"
2387 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2388 [Location of PRNGD/EGD random number socket])
2392 # Check for existing socket only if we don't have a random device already
2393 if test "$USE_RAND_HELPER" = yes ; then
2394 AC_MSG_CHECKING(for PRNGD/EGD socket)
2395 # Insert other locations here
2396 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2397 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2398 PRNGD_SOCKET="$sock"
2399 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2403 if test ! -z "$PRNGD_SOCKET" ; then
2404 AC_MSG_RESULT($PRNGD_SOCKET)
2406 AC_MSG_RESULT(not found)
2412 # Change default command timeout for hashing entropy source
2414 AC_ARG_WITH(entropy-timeout,
2415 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2417 if test -n "$withval" && test "x$withval" != "xno" && \
2418 test "x${withval}" != "xyes"; then
2419 entropy_timeout=$withval
2423 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2424 [Builtin PRNG command timeout])
2426 SSH_PRIVSEP_USER=sshd
2427 AC_ARG_WITH(privsep-user,
2428 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2430 if test -n "$withval" && test "x$withval" != "xno" && \
2431 test "x${withval}" != "xyes"; then
2432 SSH_PRIVSEP_USER=$withval
2436 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2437 [non-privileged user for privilege separation])
2438 AC_SUBST(SSH_PRIVSEP_USER)
2440 # We do this little dance with the search path to insure
2441 # that programs that we select for use by installed programs
2442 # (which may be run by the super-user) come from trusted
2443 # locations before they come from the user's private area.
2444 # This should help avoid accidentally configuring some
2445 # random version of a program in someone's personal bin.
2449 test -h /bin 2> /dev/null && PATH=/usr/bin
2450 test -d /sbin && PATH=$PATH:/sbin
2451 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2452 PATH=$PATH:/etc:$OPATH
2454 # These programs are used by the command hashing source to gather entropy
2455 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2456 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2457 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2458 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2459 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2460 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2461 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2462 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2463 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2464 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2465 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2466 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2467 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2468 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2469 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2470 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2474 # Where does ssh-rand-helper get its randomness from?
2475 INSTALL_SSH_PRNG_CMDS=""
2476 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2477 if test ! -z "$PRNGD_PORT" ; then
2478 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2479 elif test ! -z "$PRNGD_SOCKET" ; then
2480 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2482 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2483 RAND_HELPER_CMDHASH=yes
2484 INSTALL_SSH_PRNG_CMDS="yes"
2487 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2490 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2491 if test ! -z "$SONY" ; then
2492 LIBS="$LIBS -liberty";
2495 # Check for long long datatypes
2496 AC_CHECK_TYPES([long long, unsigned long long, long double])
2498 # Check datatype sizes
2499 AC_CHECK_SIZEOF(char, 1)
2500 AC_CHECK_SIZEOF(short int, 2)
2501 AC_CHECK_SIZEOF(int, 4)
2502 AC_CHECK_SIZEOF(long int, 4)
2503 AC_CHECK_SIZEOF(long long int, 8)
2505 # Sanity check long long for some platforms (AIX)
2506 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2507 ac_cv_sizeof_long_long_int=0
2510 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2511 if test -z "$have_llong_max"; then
2512 AC_MSG_CHECKING([for max value of long long])
2516 /* Why is this so damn hard? */
2520 #define __USE_ISOC99
2522 #define DATA "conftest.llminmax"
2523 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2526 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2527 * we do this the hard way.
2530 fprint_ll(FILE *f, long long n)
2533 int l[sizeof(long long) * 8];
2536 if (fprintf(f, "-") < 0)
2538 for (i = 0; n != 0; i++) {
2539 l[i] = my_abs(n % 10);
2543 if (fprintf(f, "%d", l[--i]) < 0)
2546 if (fprintf(f, " ") < 0)
2553 long long i, llmin, llmax = 0;
2555 if((f = fopen(DATA,"w")) == NULL)
2558 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2559 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2563 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2564 /* This will work on one's complement and two's complement */
2565 for (i = 1; i > llmax; i <<= 1, i++)
2567 llmin = llmax + 1LL; /* wrap */
2571 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2572 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2573 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2574 fprintf(f, "unknown unknown\n");
2578 if (fprint_ll(f, llmin) < 0)
2580 if (fprint_ll(f, llmax) < 0)
2588 llong_min=`$AWK '{print $1}' conftest.llminmax`
2589 llong_max=`$AWK '{print $2}' conftest.llminmax`
2591 AC_MSG_RESULT($llong_max)
2592 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2593 [max value of long long calculated by configure])
2594 AC_MSG_CHECKING([for min value of long long])
2595 AC_MSG_RESULT($llong_min)
2596 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2597 [min value of long long calculated by configure])
2600 AC_MSG_RESULT(not found)
2603 AC_MSG_WARN([cross compiling: not checking])
2609 # More checks for data types
2610 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2612 [ #include <sys/types.h> ],
2614 [ ac_cv_have_u_int="yes" ],
2615 [ ac_cv_have_u_int="no" ]
2618 if test "x$ac_cv_have_u_int" = "xyes" ; then
2619 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2623 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2625 [ #include <sys/types.h> ],
2626 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2627 [ ac_cv_have_intxx_t="yes" ],
2628 [ ac_cv_have_intxx_t="no" ]
2631 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2632 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2636 if (test -z "$have_intxx_t" && \
2637 test "x$ac_cv_header_stdint_h" = "xyes")
2639 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2641 [ #include <stdint.h> ],
2642 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2644 AC_DEFINE(HAVE_INTXX_T)
2647 [ AC_MSG_RESULT(no) ]
2651 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2654 #include <sys/types.h>
2655 #ifdef HAVE_STDINT_H
2656 # include <stdint.h>
2658 #include <sys/socket.h>
2659 #ifdef HAVE_SYS_BITYPES_H
2660 # include <sys/bitypes.h>
2663 [ int64_t a; a = 1;],
2664 [ ac_cv_have_int64_t="yes" ],
2665 [ ac_cv_have_int64_t="no" ]
2668 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2669 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2672 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2674 [ #include <sys/types.h> ],
2675 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2676 [ ac_cv_have_u_intxx_t="yes" ],
2677 [ ac_cv_have_u_intxx_t="no" ]
2680 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2681 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2685 if test -z "$have_u_intxx_t" ; then
2686 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2688 [ #include <sys/socket.h> ],
2689 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2691 AC_DEFINE(HAVE_U_INTXX_T)
2694 [ AC_MSG_RESULT(no) ]
2698 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2700 [ #include <sys/types.h> ],
2701 [ u_int64_t a; a = 1;],
2702 [ ac_cv_have_u_int64_t="yes" ],
2703 [ ac_cv_have_u_int64_t="no" ]
2706 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2707 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2711 if test -z "$have_u_int64_t" ; then
2712 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2714 [ #include <sys/bitypes.h> ],
2715 [ u_int64_t a; a = 1],
2717 AC_DEFINE(HAVE_U_INT64_T)
2720 [ AC_MSG_RESULT(no) ]
2724 if test -z "$have_u_intxx_t" ; then
2725 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2728 #include <sys/types.h>
2730 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2731 [ ac_cv_have_uintxx_t="yes" ],
2732 [ ac_cv_have_uintxx_t="no" ]
2735 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2736 AC_DEFINE(HAVE_UINTXX_T, 1,
2737 [define if you have uintxx_t data type])
2741 if test -z "$have_uintxx_t" ; then
2742 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2744 [ #include <stdint.h> ],
2745 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2747 AC_DEFINE(HAVE_UINTXX_T)
2750 [ AC_MSG_RESULT(no) ]
2754 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2755 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2757 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2760 #include <sys/bitypes.h>
2763 int8_t a; int16_t b; int32_t c;
2764 u_int8_t e; u_int16_t f; u_int32_t g;
2765 a = b = c = e = f = g = 1;
2768 AC_DEFINE(HAVE_U_INTXX_T)
2769 AC_DEFINE(HAVE_INTXX_T)
2777 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2780 #include <sys/types.h>
2782 [ u_char foo; foo = 125; ],
2783 [ ac_cv_have_u_char="yes" ],
2784 [ ac_cv_have_u_char="no" ]
2787 if test "x$ac_cv_have_u_char" = "xyes" ; then
2788 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2793 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2794 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2795 #include <sys/types.h>
2796 #ifdef HAVE_SYS_BITYPES_H
2797 #include <sys/bitypes.h>
2799 #ifdef HAVE_SYS_STATFS_H
2800 #include <sys/statfs.h>
2802 #ifdef HAVE_SYS_STATVFS_H
2803 #include <sys/statvfs.h>
2807 AC_CHECK_TYPES(in_addr_t,,,
2808 [#include <sys/types.h>
2809 #include <netinet/in.h>])
2811 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2814 #include <sys/types.h>
2816 [ size_t foo; foo = 1235; ],
2817 [ ac_cv_have_size_t="yes" ],
2818 [ ac_cv_have_size_t="no" ]
2821 if test "x$ac_cv_have_size_t" = "xyes" ; then
2822 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2825 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2828 #include <sys/types.h>
2830 [ ssize_t foo; foo = 1235; ],
2831 [ ac_cv_have_ssize_t="yes" ],
2832 [ ac_cv_have_ssize_t="no" ]
2835 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2836 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2839 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2844 [ clock_t foo; foo = 1235; ],
2845 [ ac_cv_have_clock_t="yes" ],
2846 [ ac_cv_have_clock_t="no" ]
2849 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2850 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2853 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2856 #include <sys/types.h>
2857 #include <sys/socket.h>
2859 [ sa_family_t foo; foo = 1235; ],
2860 [ ac_cv_have_sa_family_t="yes" ],
2863 #include <sys/types.h>
2864 #include <sys/socket.h>
2865 #include <netinet/in.h>
2867 [ sa_family_t foo; foo = 1235; ],
2868 [ ac_cv_have_sa_family_t="yes" ],
2870 [ ac_cv_have_sa_family_t="no" ]
2874 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2875 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2876 [define if you have sa_family_t data type])
2879 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2882 #include <sys/types.h>
2884 [ pid_t foo; foo = 1235; ],
2885 [ ac_cv_have_pid_t="yes" ],
2886 [ ac_cv_have_pid_t="no" ]
2889 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2890 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2893 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2896 #include <sys/types.h>
2898 [ mode_t foo; foo = 1235; ],
2899 [ ac_cv_have_mode_t="yes" ],
2900 [ ac_cv_have_mode_t="no" ]
2903 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2904 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2908 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2911 #include <sys/types.h>
2912 #include <sys/socket.h>
2914 [ struct sockaddr_storage s; ],
2915 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2916 [ ac_cv_have_struct_sockaddr_storage="no" ]
2919 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2920 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2921 [define if you have struct sockaddr_storage data type])
2924 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2927 #include <sys/types.h>
2928 #include <netinet/in.h>
2930 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2931 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2932 [ ac_cv_have_struct_sockaddr_in6="no" ]
2935 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2936 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2937 [define if you have struct sockaddr_in6 data type])
2940 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2943 #include <sys/types.h>
2944 #include <netinet/in.h>
2946 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2947 [ ac_cv_have_struct_in6_addr="yes" ],
2948 [ ac_cv_have_struct_in6_addr="no" ]
2951 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2952 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2953 [define if you have struct in6_addr data type])
2956 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2959 #include <sys/types.h>
2960 #include <sys/socket.h>
2963 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2964 [ ac_cv_have_struct_addrinfo="yes" ],
2965 [ ac_cv_have_struct_addrinfo="no" ]
2968 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2969 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2970 [define if you have struct addrinfo data type])
2973 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2975 [ #include <sys/time.h> ],
2976 [ struct timeval tv; tv.tv_sec = 1;],
2977 [ ac_cv_have_struct_timeval="yes" ],
2978 [ ac_cv_have_struct_timeval="no" ]
2981 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2982 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2983 have_struct_timeval=1
2986 AC_CHECK_TYPES(struct timespec)
2988 # We need int64_t or else certian parts of the compile will fail.
2989 if test "x$ac_cv_have_int64_t" = "xno" && \
2990 test "x$ac_cv_sizeof_long_int" != "x8" && \
2991 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2992 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2993 echo "an alternative compiler (I.E., GCC) before continuing."
2997 dnl test snprintf (broken on SCO w/gcc)
3002 #ifdef HAVE_SNPRINTF
3006 char expected_out[50];
3008 #if (SIZEOF_LONG_INT == 8)
3009 long int num = 0x7fffffffffffffff;
3011 long long num = 0x7fffffffffffffffll;
3013 strcpy(expected_out, "9223372036854775807");
3014 snprintf(buf, mazsize, "%lld", num);
3015 if(strcmp(buf, expected_out) != 0)
3022 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3023 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3027 dnl Checks for structure members
3028 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3029 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3030 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3031 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3032 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3033 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3034 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3035 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3036 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3037 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3038 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3039 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3040 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3041 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3042 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3043 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3044 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3046 AC_CHECK_MEMBERS([struct stat.st_blksize])
3047 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3048 [Define if we don't have struct __res_state in resolv.h])],
3051 #if HAVE_SYS_TYPES_H
3052 # include <sys/types.h>
3054 #include <netinet/in.h>
3055 #include <arpa/nameser.h>
3059 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3060 ac_cv_have_ss_family_in_struct_ss, [
3063 #include <sys/types.h>
3064 #include <sys/socket.h>
3066 [ struct sockaddr_storage s; s.ss_family = 1; ],
3067 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3068 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3071 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3072 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3075 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3076 ac_cv_have___ss_family_in_struct_ss, [
3079 #include <sys/types.h>
3080 #include <sys/socket.h>
3082 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3083 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3084 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3087 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3088 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3089 [Fields in struct sockaddr_storage])
3092 AC_CACHE_CHECK([for pw_class field in struct passwd],
3093 ac_cv_have_pw_class_in_struct_passwd, [
3098 [ struct passwd p; p.pw_class = 0; ],
3099 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3100 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3103 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3104 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3105 [Define if your password has a pw_class field])
3108 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3109 ac_cv_have_pw_expire_in_struct_passwd, [
3114 [ struct passwd p; p.pw_expire = 0; ],
3115 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3116 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3119 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3120 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3121 [Define if your password has a pw_expire field])
3124 AC_CACHE_CHECK([for pw_change field in struct passwd],
3125 ac_cv_have_pw_change_in_struct_passwd, [
3130 [ struct passwd p; p.pw_change = 0; ],
3131 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3132 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3135 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3136 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3137 [Define if your password has a pw_change field])
3140 dnl make sure we're using the real structure members and not defines
3141 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3142 ac_cv_have_accrights_in_msghdr, [
3145 #include <sys/types.h>
3146 #include <sys/socket.h>
3147 #include <sys/uio.h>
3149 #ifdef msg_accrights
3150 #error "msg_accrights is a macro"
3154 m.msg_accrights = 0;
3158 [ ac_cv_have_accrights_in_msghdr="yes" ],
3159 [ ac_cv_have_accrights_in_msghdr="no" ]
3162 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3163 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3164 [Define if your system uses access rights style
3165 file descriptor passing])
3168 AC_MSG_CHECKING(if f_fsid has val members)
3170 #include <sys/types.h>
3171 #include <sys/statvfs.h>],
3172 [struct fsid_t t; t.val[0] = 0;],
3173 [ AC_MSG_RESULT(yes)
3174 AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
3175 [ AC_MSG_RESULT(no) ]
3178 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3179 ac_cv_have_control_in_msghdr, [
3182 #include <sys/types.h>
3183 #include <sys/socket.h>
3184 #include <sys/uio.h>
3187 #error "msg_control is a macro"
3195 [ ac_cv_have_control_in_msghdr="yes" ],
3196 [ ac_cv_have_control_in_msghdr="no" ]
3199 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3200 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3201 [Define if your system uses ancillary data style
3202 file descriptor passing])
3205 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3207 [ extern char *__progname; printf("%s", __progname); ],
3208 [ ac_cv_libc_defines___progname="yes" ],
3209 [ ac_cv_libc_defines___progname="no" ]
3212 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3213 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3216 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3220 [ printf("%s", __FUNCTION__); ],
3221 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3222 [ ac_cv_cc_implements___FUNCTION__="no" ]
3225 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3226 AC_DEFINE(HAVE___FUNCTION__, 1,
3227 [Define if compiler implements __FUNCTION__])
3230 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3234 [ printf("%s", __func__); ],
3235 [ ac_cv_cc_implements___func__="yes" ],
3236 [ ac_cv_cc_implements___func__="no" ]
3239 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3240 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3243 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3245 [#include <stdarg.h>
3248 [ ac_cv_have_va_copy="yes" ],
3249 [ ac_cv_have_va_copy="no" ]
3252 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3253 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3256 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3258 [#include <stdarg.h>
3261 [ ac_cv_have___va_copy="yes" ],
3262 [ ac_cv_have___va_copy="no" ]
3265 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3266 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3269 AC_CACHE_CHECK([whether getopt has optreset support],
3270 ac_cv_have_getopt_optreset, [
3275 [ extern int optreset; optreset = 0; ],
3276 [ ac_cv_have_getopt_optreset="yes" ],
3277 [ ac_cv_have_getopt_optreset="no" ]
3280 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3281 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3282 [Define if your getopt(3) defines and uses optreset])
3285 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3287 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3288 [ ac_cv_libc_defines_sys_errlist="yes" ],
3289 [ ac_cv_libc_defines_sys_errlist="no" ]
3292 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3293 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3294 [Define if your system defines sys_errlist[]])
3298 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3300 [ extern int sys_nerr; printf("%i", sys_nerr);],
3301 [ ac_cv_libc_defines_sys_nerr="yes" ],
3302 [ ac_cv_libc_defines_sys_nerr="no" ]
3305 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3306 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3310 # Check whether user wants sectok support
3312 [ --with-sectok Enable smartcard support using libsectok],
3314 if test "x$withval" != "xno" ; then
3315 if test "x$withval" != "xyes" ; then
3316 CPPFLAGS="$CPPFLAGS -I${withval}"
3317 LDFLAGS="$LDFLAGS -L${withval}"
3318 if test ! -z "$need_dash_r" ; then
3319 LDFLAGS="$LDFLAGS -R${withval}"
3321 if test ! -z "$blibpath" ; then
3322 blibpath="$blibpath:${withval}"
3325 AC_CHECK_HEADERS(sectok.h)
3326 if test "$ac_cv_header_sectok_h" != yes; then
3327 AC_MSG_ERROR(Can't find sectok.h)
3329 AC_CHECK_LIB(sectok, sectok_open)
3330 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3331 AC_MSG_ERROR(Can't find libsectok)
3333 AC_DEFINE(SMARTCARD, 1,
3334 [Define if you want smartcard support])
3335 AC_DEFINE(USE_SECTOK, 1,
3336 [Define if you want smartcard support
3338 SCARD_MSG="yes, using sectok"
3343 # Check whether user wants OpenSC support
3346 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3348 if test "x$withval" != "xno" ; then
3349 if test "x$withval" != "xyes" ; then
3350 OPENSC_CONFIG=$withval/bin/opensc-config
3352 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3354 if test "$OPENSC_CONFIG" != "no"; then
3355 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3356 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3357 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3358 LIBS="$LIBS $LIBOPENSC_LIBS"
3359 AC_DEFINE(SMARTCARD)
3360 AC_DEFINE(USE_OPENSC, 1,
3361 [Define if you want smartcard support
3363 SCARD_MSG="yes, using OpenSC"
3369 # Check libraries needed by DNS fingerprint support
3370 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3371 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3372 [Define if getrrsetbyname() exists])],
3374 # Needed by our getrrsetbyname()
3375 AC_SEARCH_LIBS(res_query, resolv)
3376 AC_SEARCH_LIBS(dn_expand, resolv)
3377 AC_MSG_CHECKING(if res_query will link)
3378 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3381 LIBS="$LIBS -lresolv"
3382 AC_MSG_CHECKING(for res_query in -lresolv)
3387 res_query (0, 0, 0, 0, 0);
3391 [LIBS="$LIBS -lresolv"
3392 AC_MSG_RESULT(yes)],
3396 AC_CHECK_FUNCS(_getshort _getlong)
3397 AC_CHECK_DECLS([_getshort, _getlong], , ,
3398 [#include <sys/types.h>
3399 #include <arpa/nameser.h>])
3400 AC_CHECK_MEMBER(HEADER.ad,
3401 [AC_DEFINE(HAVE_HEADER_AD, 1,
3402 [Define if HEADER.ad exists in arpa/nameser.h])],,
3403 [#include <arpa/nameser.h>])
3406 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3409 #if HAVE_SYS_TYPES_H
3410 # include <sys/types.h>
3412 #include <netinet/in.h>
3413 #include <arpa/nameser.h>
3415 extern struct __res_state _res;
3416 int main() { return 0; }
3419 AC_DEFINE(HAVE__RES_EXTERN, 1,
3420 [Define if you have struct __res_state _res as an extern])
3422 [ AC_MSG_RESULT(no) ]
3425 # Check whether user wants SELinux support
3428 AC_ARG_WITH(selinux,
3429 [ --with-selinux Enable SELinux support],
3430 [ if test "x$withval" != "xno" ; then
3432 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3434 AC_CHECK_HEADER([selinux/selinux.h], ,
3435 AC_MSG_ERROR(SELinux support requires selinux.h header))
3436 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3437 AC_MSG_ERROR(SELinux support requires libselinux library))
3438 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3439 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3444 # Finish configuring Globus GSSAPI
3445 if test "x$gsi_path" != "xno" ; then
3446 if test ! -z "$need_dash_r" ; then
3447 LDFLAGS="$LDFLAGS -R${gsi_path}/lib"
3449 if test ! -z "$blibpath" ; then
3450 blibpath="$blibpath:${gsi_path}/lib"
3452 # test that we got the libraries OK
3458 AC_MSG_ERROR(link with Globus libraries failed)
3461 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
3463 AC_SUBST(INSTALL_GSISSH)
3465 # Check whether the user wants GSSAPI mechglue support
3466 AC_ARG_WITH(mechglue,
3467 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
3469 AC_MSG_CHECKING(for mechglue library)
3471 if test -e ${withval}/libgssapi.a ; then
3472 mechglue_lib=${withval}/libgssapi.a
3473 elif test -e ${withval}/lib/libgssapi.a ; then
3474 mechglue_lib=${withval}/lib/libgssapi.a
3476 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
3478 LIBS="${mechglue_lib} $LIBS"
3479 AC_MSG_RESULT(${mechglue_lib})
3481 AC_CHECK_LIB(dl, dlopen, , )
3482 if test $ac_cv_lib_dl_dlopen = yes; then
3483 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
3487 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
3493 # Check whether user wants Kerberos 5 support
3495 AC_ARG_WITH(kerberos5,
3496 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3497 [ if test "x$withval" != "xno" ; then
3498 if test "x$withval" = "xyes" ; then
3499 KRB5ROOT="/usr/local"
3504 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3507 AC_MSG_CHECKING(for krb5-config)
3508 if test -x $KRB5ROOT/bin/krb5-config ; then
3509 KRB5CONF=$KRB5ROOT/bin/krb5-config
3510 AC_MSG_RESULT($KRB5CONF)
3512 AC_MSG_CHECKING(for gssapi support)
3513 if $KRB5CONF | grep gssapi >/dev/null ; then
3515 AC_DEFINE(GSSAPI, 1,
3516 [Define this if you want GSSAPI
3517 support in the version 2 protocol])
3523 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3524 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3525 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3526 AC_MSG_CHECKING(whether we are using Heimdal)
3527 AC_TRY_COMPILE([ #include <krb5.h> ],
3528 [ char *tmp = heimdal_version; ],
3529 [ AC_MSG_RESULT(yes)
3530 AC_DEFINE(HEIMDAL, 1,
3531 [Define this if you are using the
3532 Heimdal version of Kerberos V5]) ],
3537 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3538 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3539 AC_MSG_CHECKING(whether we are using Heimdal)
3540 AC_TRY_COMPILE([ #include <krb5.h> ],
3541 [ char *tmp = heimdal_version; ],
3542 [ AC_MSG_RESULT(yes)
3544 K5LIBS="-lkrb5 -ldes"
3545 K5LIBS="$K5LIBS -lcom_err -lasn1"
3546 AC_CHECK_LIB(roken, net_write,
3547 [K5LIBS="$K5LIBS -lroken"])
3550 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3553 AC_SEARCH_LIBS(dn_expand, resolv)
3555 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3557 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3558 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3560 K5LIBS="-lgssapi $K5LIBS" ],
3561 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3566 AC_CHECK_HEADER(gssapi.h, ,
3567 [ unset ac_cv_header_gssapi_h
3568 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3569 AC_CHECK_HEADERS(gssapi.h, ,
3570 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3576 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3577 AC_CHECK_HEADER(gssapi_krb5.h, ,
3578 [ CPPFLAGS="$oldCPP" ])
3580 # If we're using some other GSSAPI
3581 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3582 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3585 if test -z "$GSSAPI"; then
3590 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3591 AC_CHECK_HEADER(gssapi_krb5.h, ,
3592 [ CPPFLAGS="$oldCPP" ])
3595 if test ! -z "$need_dash_r" ; then
3596 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3598 if test ! -z "$blibpath" ; then
3599 blibpath="$blibpath:${KRB5ROOT}/lib"
3602 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3603 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3604 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3606 LIBS="$LIBS $K5LIBS"
3607 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3608 [Define this if you want to use libkafs' AFS support]))
3613 # Check whether user wants AFS_KRB5 support
3615 AC_ARG_WITH(afs-krb5,
3616 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3618 if test "x$withval" != "xno" ; then
3620 if test "x$withval" != "xyes" ; then
3621 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3622 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3624 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3626 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3629 if test -z "$KRB5ROOT" ; then
3630 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3633 LIBS="-lkrbafs -lkrb4 $LIBS"
3634 if test ! -z "$AFS_LIBS" ; then
3635 LIBS="$LIBS $AFS_LIBS"
3637 AC_DEFINE(AFS_KRB5, 1,
3638 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3644 AC_ARG_WITH(session-hooks,
3645 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3646 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3649 # Looking for programs, paths and files
3651 PRIVSEP_PATH=/var/empty
3652 AC_ARG_WITH(privsep-path,
3653 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3655 if test -n "$withval" && test "x$withval" != "xno" && \
3656 test "x${withval}" != "xyes"; then
3657 PRIVSEP_PATH=$withval
3661 AC_SUBST(PRIVSEP_PATH)
3664 [ --with-xauth=PATH Specify path to xauth program ],
3666 if test -n "$withval" && test "x$withval" != "xno" && \
3667 test "x${withval}" != "xyes"; then
3673 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3674 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3675 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3676 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3677 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3678 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3679 xauth_path="/usr/openwin/bin/xauth"
3684 # strip causes problems with GSI libraries...
3685 if test -z "$GLOBUS_LDFLAGS" ; then
3688 AC_ARG_ENABLE(strip,
3689 [ --disable-strip Disable calling strip(1) on install],
3691 if test "x$enableval" = "xno" ; then
3698 if test -z "$xauth_path" ; then
3699 XAUTH_PATH="undefined"
3700 AC_SUBST(XAUTH_PATH)
3702 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3703 [Define if xauth is found in your path])
3704 XAUTH_PATH=$xauth_path
3705 AC_SUBST(XAUTH_PATH)
3708 # Check for mail directory (last resort if we cannot get it from headers)
3709 if test ! -z "$MAIL" ; then
3710 maildir=`dirname $MAIL`
3711 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3712 [Set this to your mail directory if you don't have maillock.h])
3715 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3716 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3717 disable_ptmx_check=yes
3719 if test -z "$no_dev_ptmx" ; then
3720 if test "x$disable_ptmx_check" != "xyes" ; then
3721 AC_CHECK_FILE("/dev/ptmx",
3723 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3724 [Define if you have /dev/ptmx])
3731 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3732 AC_CHECK_FILE("/dev/ptc",
3734 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3735 [Define if you have /dev/ptc])
3740 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3743 # Options from here on. Some of these are preset by platform above
3744 AC_ARG_WITH(mantype,
3745 [ --with-mantype=man|cat|doc Set man page type],
3752 AC_MSG_ERROR(invalid man type: $withval)
3757 if test -z "$MANTYPE"; then
3758 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3759 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3760 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3762 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3769 if test "$MANTYPE" = "doc"; then
3776 # Check whether to enable MD5 passwords
3778 AC_ARG_WITH(md5-passwords,
3779 [ --with-md5-passwords Enable use of MD5 passwords],
3781 if test "x$withval" != "xno" ; then
3782 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3783 [Define if you want to allow MD5 passwords])
3789 # Whether to disable shadow password support
3791 [ --without-shadow Disable shadow password support],
3793 if test "x$withval" = "xno" ; then
3794 AC_DEFINE(DISABLE_SHADOW)
3800 if test -z "$disable_shadow" ; then
3801 AC_MSG_CHECKING([if the systems has expire shadow information])
3804 #include <sys/types.h>
3807 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3808 [ sp_expire_available=yes ], []
3811 if test "x$sp_expire_available" = "xyes" ; then
3813 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3814 [Define if you want to use shadow password expire field])
3820 # Use ip address instead of hostname in $DISPLAY
3821 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3822 DISPLAY_HACK_MSG="yes"
3823 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3824 [Define if you need to use IP address
3825 instead of hostname in $DISPLAY])
3827 DISPLAY_HACK_MSG="no"
3828 AC_ARG_WITH(ipaddr-display,
3829 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3831 if test "x$withval" != "xno" ; then
3832 AC_DEFINE(IPADDR_IN_DISPLAY)
3833 DISPLAY_HACK_MSG="yes"
3839 # check for /etc/default/login and use it if present.
3840 AC_ARG_ENABLE(etc-default-login,
3841 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3842 [ if test "x$enableval" = "xno"; then
3843 AC_MSG_NOTICE([/etc/default/login handling disabled])
3844 etc_default_login=no
3846 etc_default_login=yes
3848 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3850 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3851 etc_default_login=no
3853 etc_default_login=yes
3857 if test "x$etc_default_login" != "xno"; then
3858 AC_CHECK_FILE("/etc/default/login",
3859 [ external_path_file=/etc/default/login ])
3860 if test "x$external_path_file" = "x/etc/default/login"; then
3861 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3862 [Define if your system has /etc/default/login])
3866 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3867 if test $ac_cv_func_login_getcapbool = "yes" && \
3868 test $ac_cv_header_login_cap_h = "yes" ; then
3869 external_path_file=/etc/login.conf
3872 # Whether to mess with the default path
3873 SERVER_PATH_MSG="(default)"
3874 AC_ARG_WITH(default-path,
3875 [ --with-default-path= Specify default \$PATH environment for server],
3877 if test "x$external_path_file" = "x/etc/login.conf" ; then
3879 --with-default-path=PATH has no effect on this system.
3880 Edit /etc/login.conf instead.])
3881 elif test "x$withval" != "xno" ; then
3882 if test ! -z "$external_path_file" ; then
3884 --with-default-path=PATH will only be used if PATH is not defined in
3885 $external_path_file .])
3887 user_path="$withval"
3888 SERVER_PATH_MSG="$withval"
3891 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3892 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3894 if test ! -z "$external_path_file" ; then
3896 If PATH is defined in $external_path_file, ensure the path to scp is included,
3897 otherwise scp will not work.])
3901 /* find out what STDPATH is */
3906 #ifndef _PATH_STDPATH
3907 # ifdef _PATH_USERPATH /* Irix */
3908 # define _PATH_STDPATH _PATH_USERPATH
3910 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3913 #include <sys/types.h>
3914 #include <sys/stat.h>
3916 #define DATA "conftest.stdpath"
3923 fd = fopen(DATA,"w");
3927 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3933 [ user_path=`cat conftest.stdpath` ],
3934 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3935 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3937 # make sure $bindir is in USER_PATH so scp will work
3938 t_bindir=`eval echo ${bindir}`
3940 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3943 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3945 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3946 if test $? -ne 0 ; then
3947 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3948 if test $? -ne 0 ; then
3949 user_path=$user_path:$t_bindir
3950 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3955 if test "x$external_path_file" != "x/etc/login.conf" ; then
3956 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3960 # Set superuser path separately to user path
3961 AC_ARG_WITH(superuser-path,
3962 [ --with-superuser-path= Specify different path for super-user],
3964 if test -n "$withval" && test "x$withval" != "xno" && \
3965 test "x${withval}" != "xyes"; then
3966 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3967 [Define if you want a different $PATH
3969 superuser_path=$withval
3975 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3976 IPV4_IN6_HACK_MSG="no"
3978 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3980 if test "x$withval" != "xno" ; then
3982 AC_DEFINE(IPV4_IN_IPV6, 1,
3983 [Detect IPv4 in IPv6 mapped addresses
3985 IPV4_IN6_HACK_MSG="yes"
3990 if test "x$inet6_default_4in6" = "xyes"; then
3991 AC_MSG_RESULT([yes (default)])
3992 AC_DEFINE(IPV4_IN_IPV6)
3993 IPV4_IN6_HACK_MSG="yes"
3995 AC_MSG_RESULT([no (default)])
4000 # Whether to enable BSD auth support
4002 AC_ARG_WITH(bsd-auth,
4003 [ --with-bsd-auth Enable BSD auth support],
4005 if test "x$withval" != "xno" ; then
4006 AC_DEFINE(BSD_AUTH, 1,
4007 [Define if you have BSD auth support])
4013 # Where to place sshd.pid
4015 # make sure the directory exists
4016 if test ! -d $piddir ; then
4017 piddir=`eval echo ${sysconfdir}`
4019 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4023 AC_ARG_WITH(pid-dir,
4024 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4026 if test -n "$withval" && test "x$withval" != "xno" && \
4027 test "x${withval}" != "xyes"; then
4029 if test ! -d $piddir ; then
4030 AC_MSG_WARN([** no $piddir directory on this system **])
4036 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
4039 dnl allow user to disable some login recording features
4040 AC_ARG_ENABLE(lastlog,
4041 [ --disable-lastlog disable use of lastlog even if detected [no]],
4043 if test "x$enableval" = "xno" ; then
4044 AC_DEFINE(DISABLE_LASTLOG)
4049 [ --disable-utmp disable use of utmp even if detected [no]],
4051 if test "x$enableval" = "xno" ; then
4052 AC_DEFINE(DISABLE_UTMP)
4056 AC_ARG_ENABLE(utmpx,
4057 [ --disable-utmpx disable use of utmpx even if detected [no]],
4059 if test "x$enableval" = "xno" ; then
4060 AC_DEFINE(DISABLE_UTMPX, 1,
4061 [Define if you don't want to use utmpx])
4066 [ --disable-wtmp disable use of wtmp even if detected [no]],
4068 if test "x$enableval" = "xno" ; then
4069 AC_DEFINE(DISABLE_WTMP)
4073 AC_ARG_ENABLE(wtmpx,
4074 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4076 if test "x$enableval" = "xno" ; then
4077 AC_DEFINE(DISABLE_WTMPX, 1,
4078 [Define if you don't want to use wtmpx])
4082 AC_ARG_ENABLE(libutil,
4083 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4085 if test "x$enableval" = "xno" ; then
4086 AC_DEFINE(DISABLE_LOGIN)
4090 AC_ARG_ENABLE(pututline,
4091 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4093 if test "x$enableval" = "xno" ; then
4094 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4095 [Define if you don't want to use pututline()
4096 etc. to write [uw]tmp])
4100 AC_ARG_ENABLE(pututxline,
4101 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4103 if test "x$enableval" = "xno" ; then
4104 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4105 [Define if you don't want to use pututxline()
4106 etc. to write [uw]tmpx])
4110 AC_ARG_WITH(lastlog,
4111 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4113 if test "x$withval" = "xno" ; then
4114 AC_DEFINE(DISABLE_LASTLOG)
4115 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4116 conf_lastlog_location=$withval
4121 dnl lastlog, [uw]tmpx? detection
4122 dnl NOTE: set the paths in the platform section to avoid the
4123 dnl need for command-line parameters
4124 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4126 dnl lastlog detection
4127 dnl NOTE: the code itself will detect if lastlog is a directory
4128 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4130 #include <sys/types.h>
4132 #ifdef HAVE_LASTLOG_H
4133 # include <lastlog.h>
4142 [ char *lastlog = LASTLOG_FILE; ],
4143 [ AC_MSG_RESULT(yes) ],
4146 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4148 #include <sys/types.h>
4150 #ifdef HAVE_LASTLOG_H
4151 # include <lastlog.h>
4157 [ char *lastlog = _PATH_LASTLOG; ],
4158 [ AC_MSG_RESULT(yes) ],
4161 system_lastlog_path=no
4166 if test -z "$conf_lastlog_location"; then
4167 if test x"$system_lastlog_path" = x"no" ; then
4168 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4169 if (test -d "$f" || test -f "$f") ; then
4170 conf_lastlog_location=$f
4173 if test -z "$conf_lastlog_location"; then
4174 AC_MSG_WARN([** Cannot find lastlog **])
4175 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4180 if test -n "$conf_lastlog_location"; then
4181 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4182 [Define if you want to specify the path to your lastlog file])
4186 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4188 #include <sys/types.h>
4194 [ char *utmp = UTMP_FILE; ],
4195 [ AC_MSG_RESULT(yes) ],
4197 system_utmp_path=no ]
4199 if test -z "$conf_utmp_location"; then
4200 if test x"$system_utmp_path" = x"no" ; then
4201 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4202 if test -f $f ; then
4203 conf_utmp_location=$f
4206 if test -z "$conf_utmp_location"; then
4207 AC_DEFINE(DISABLE_UTMP)
4211 if test -n "$conf_utmp_location"; then
4212 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4213 [Define if you want to specify the path to your utmp file])
4217 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4219 #include <sys/types.h>
4225 [ char *wtmp = WTMP_FILE; ],
4226 [ AC_MSG_RESULT(yes) ],
4228 system_wtmp_path=no ]
4230 if test -z "$conf_wtmp_location"; then
4231 if test x"$system_wtmp_path" = x"no" ; then
4232 for f in /usr/adm/wtmp /var/log/wtmp; do
4233 if test -f $f ; then
4234 conf_wtmp_location=$f
4237 if test -z "$conf_wtmp_location"; then
4238 AC_DEFINE(DISABLE_WTMP)
4242 if test -n "$conf_wtmp_location"; then
4243 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4244 [Define if you want to specify the path to your wtmp file])
4248 dnl utmpx detection - I don't know any system so perverse as to require
4249 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4251 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4253 #include <sys/types.h>
4262 [ char *utmpx = UTMPX_FILE; ],
4263 [ AC_MSG_RESULT(yes) ],
4265 system_utmpx_path=no ]
4267 if test -z "$conf_utmpx_location"; then
4268 if test x"$system_utmpx_path" = x"no" ; then
4269 AC_DEFINE(DISABLE_UTMPX)
4272 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4273 [Define if you want to specify the path to your utmpx file])
4277 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4279 #include <sys/types.h>
4288 [ char *wtmpx = WTMPX_FILE; ],
4289 [ AC_MSG_RESULT(yes) ],
4291 system_wtmpx_path=no ]
4293 if test -z "$conf_wtmpx_location"; then
4294 if test x"$system_wtmpx_path" = x"no" ; then
4295 AC_DEFINE(DISABLE_WTMPX)
4298 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4299 [Define if you want to specify the path to your wtmpx file])
4303 if test ! -z "$blibpath" ; then
4304 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4305 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4308 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4310 CFLAGS="$CFLAGS $werror_flags"
4312 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4313 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4314 AC_SUBST(TEST_SSH_IPV6, no)
4316 AC_SUBST(TEST_SSH_IPV6, yes)
4320 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4321 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4322 scard/Makefile ssh_prng_cmds survey.sh])
4325 # Print summary of options
4327 # Someone please show me a better way :)
4328 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4329 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4330 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4331 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4332 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4333 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4334 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4335 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4336 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4337 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4340 echo "OpenSSH has been configured with the following options:"
4341 echo " User binaries: $B"
4342 echo " System binaries: $C"
4343 echo " Configuration files: $D"
4344 echo " Askpass program: $E"
4345 echo " Manual pages: $F"
4346 echo " PID file: $G"
4347 echo " Privilege separation chroot path: $H"
4348 if test "x$external_path_file" = "x/etc/login.conf" ; then
4349 echo " At runtime, sshd will use the path defined in $external_path_file"
4350 echo " Make sure the path to scp is present, otherwise scp will not work"
4352 echo " sshd default user PATH: $I"
4353 if test ! -z "$external_path_file"; then
4354 echo " (If PATH is set in $external_path_file it will be used instead. If"
4355 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4358 if test ! -z "$superuser_path" ; then
4359 echo " sshd superuser user PATH: $J"
4361 echo " Manpage format: $MANTYPE"
4362 echo " PAM support: $PAM_MSG"
4363 echo " OSF SIA support: $SIA_MSG"
4364 echo " KerberosV support: $KRB5_MSG"
4365 echo " SELinux support: $SELINUX_MSG"
4366 echo " Smartcard support: $SCARD_MSG"
4367 echo " S/KEY support: $SKEY_MSG"
4368 echo " TCP Wrappers support: $TCPW_MSG"
4369 echo " MD5 password support: $MD5_MSG"
4370 echo " libedit support: $LIBEDIT_MSG"
4371 echo " Solaris process contract support: $SPC_MSG"
4372 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4373 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4374 echo " BSD Auth support: $BSD_AUTH_MSG"
4375 echo " Random number source: $RAND_MSG"
4376 if test ! -z "$USE_RAND_HELPER" ; then
4377 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4382 echo " Host: ${host}"
4383 echo " Compiler: ${CC}"
4384 echo " Compiler flags: ${CFLAGS}"
4385 echo "Preprocessor flags: ${CPPFLAGS}"
4386 echo " Linker flags: ${LDFLAGS}"
4387 echo " Libraries: ${LIBS}"
4388 if test ! -z "${SSHDLIBS}"; then
4389 echo " +for sshd: ${SSHDLIBS}"
4394 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4395 echo "SVR4 style packages are supported with \"make package\""
4399 if test "x$PAM_MSG" = "xyes" ; then
4400 echo "PAM is enabled. You may need to install a PAM control file "
4401 echo "for sshd, otherwise password authentication may fail. "
4402 echo "Example PAM control files can be found in the contrib/ "
4407 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4408 echo "WARNING: you are using the builtin random number collection "
4409 echo "service. Please read WARNING.RNG and request that your OS "
4410 echo "vendor includes kernel-based random number collection in "
4411 echo "future versions of your OS."
4415 if test ! -z "$NO_PEERCHECK" ; then
4416 echo "WARNING: the operating system that you are using does not"
4417 echo "appear to support getpeereid(), getpeerucred() or the"
4418 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4419 echo "enforce security checks to prevent unauthorised connections to"
4420 echo "ssh-agent. Their absence increases the risk that a malicious"
4421 echo "user can connect to your agent."
4425 if test "$AUDIT_MODULE" = "bsm" ; then
4426 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4427 echo "See the Solaris section in README.platform for details."