3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
27 # Checks for programs.
34 AC_PATH_PROG(CAT, cat)
35 AC_PATH_PROG(KILL, kill)
36 AC_PATH_PROGS(PERL, perl5 perl)
37 AC_PATH_PROG(SED, sed)
39 AC_PATH_PROG(ENT, ent)
41 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
42 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
43 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
45 AC_SUBST(TEST_SHELL,sh)
48 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
49 [/usr/sbin${PATH_SEPARATOR}/etc])
50 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
51 [/usr/sbin${PATH_SEPARATOR}/etc])
52 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
53 if test -x /sbin/sh; then
54 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
56 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
62 if test -z "$AR" ; then
63 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
66 # Use LOGIN_PROGRAM from environment if possible
67 if test ! -z "$LOGIN_PROGRAM" ; then
68 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
69 [If your header files don't define LOGIN_PROGRAM,
70 then use this (detected) from environment and PATH])
73 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
74 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
75 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
79 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
80 if test ! -z "$PATH_PASSWD_PROG" ; then
81 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
82 [Full path of your "passwd" program])
85 if test -z "$LD" ; then
92 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
95 AC_ARG_WITH(stackprotect,
96 [ --without-stackprotect Don't use compiler's stack protection], [
97 if test "x$withval" = "xno"; then
101 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
102 CFLAGS="$CFLAGS -Wall -Wpointer-arith"
103 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
105 1.*) no_attrib_nonnull=1 ;;
107 CFLAGS="$CFLAGS -Wsign-compare"
110 2.*) no_attrib_nonnull=1 ;;
111 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
112 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
116 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
117 saved_CFLAGS="$CFLAGS"
118 CFLAGS="$CFLAGS -fno-builtin-memset"
119 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
121 int main(void){char b[10]; memset(b, 0, sizeof(b));}
123 [ AC_MSG_RESULT(yes) ],
125 CFLAGS="$saved_CFLAGS" ]
128 # -fstack-protector-all doesn't always work for some GCC versions
129 # and/or platforms, so we test if we can. If it's not supported
130 # on a give platform gcc will emit a warning so we use -Werror.
131 if test "x$use_stack_protector" = "x1"; then
132 for t in -fstack-protector-all -fstack-protector; do
133 AC_MSG_CHECKING(if $CC supports $t)
134 saved_CFLAGS="$CFLAGS"
135 saved_LDFLAGS="$LDFLAGS"
136 CFLAGS="$CFLAGS $t -Werror"
137 LDFLAGS="$LDFLAGS $t -Werror"
141 int main(void){return 0;}
144 CFLAGS="$saved_CFLAGS $t"
145 LDFLAGS="$saved_LDFLAGS $t"
146 AC_MSG_CHECKING(if $t works)
150 int main(void){exit(0);}
154 [ AC_MSG_RESULT(no) ],
155 [ AC_MSG_WARN([cross compiling: cannot test])
159 [ AC_MSG_RESULT(no) ]
161 CFLAGS="$saved_CFLAGS"
162 LDFLAGS="$saved_LDFLAGS"
166 if test -z "$have_llong_max"; then
167 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
168 unset ac_cv_have_decl_LLONG_MAX
169 saved_CFLAGS="$CFLAGS"
170 CFLAGS="$CFLAGS -std=gnu99"
171 AC_CHECK_DECL(LLONG_MAX,
173 [CFLAGS="$saved_CFLAGS"],
174 [#include <limits.h>]
179 if test "x$no_attrib_nonnull" != "x1" ; then
180 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
184 [ --without-rpath Disable auto-added -R linker paths],
186 if test "x$withval" = "xno" ; then
189 if test "x$withval" = "xyes" ; then
195 # Allow user to specify flags
197 [ --with-cflags Specify additional flags to pass to compiler],
199 if test -n "$withval" && test "x$withval" != "xno" && \
200 test "x${withval}" != "xyes"; then
201 CFLAGS="$CFLAGS $withval"
205 AC_ARG_WITH(cppflags,
206 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
208 if test -n "$withval" && test "x$withval" != "xno" && \
209 test "x${withval}" != "xyes"; then
210 CPPFLAGS="$CPPFLAGS $withval"
215 [ --with-ldflags Specify additional flags to pass to linker],
217 if test -n "$withval" && test "x$withval" != "xno" && \
218 test "x${withval}" != "xyes"; then
219 LDFLAGS="$LDFLAGS $withval"
224 [ --with-libs Specify additional libraries to link with],
226 if test -n "$withval" && test "x$withval" != "xno" && \
227 test "x${withval}" != "xyes"; then
228 LIBS="$LIBS $withval"
233 [ --with-Werror Build main code with -Werror],
235 if test -n "$withval" && test "x$withval" != "xno"; then
236 werror_flags="-Werror"
237 if test "x${withval}" != "xyes"; then
238 werror_flags="$withval"
270 security/pam_appl.h \
311 # lastlog.h requires sys/time.h to be included first on Solaris
312 AC_CHECK_HEADERS(lastlog.h, [], [], [
313 #ifdef HAVE_SYS_TIME_H
314 # include <sys/time.h>
318 # sys/ptms.h requires sys/stream.h to be included first on Solaris
319 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
320 #ifdef HAVE_SYS_STREAM_H
321 # include <sys/stream.h>
325 # login_cap.h requires sys/types.h on NetBSD
326 AC_CHECK_HEADERS(login_cap.h, [], [], [
327 #include <sys/types.h>
330 # Messages for features tested for in target-specific section
334 # Check for some target-specific stuff
337 # Some versions of VAC won't allow macro redefinitions at
338 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
339 # particularly with older versions of vac or xlc.
340 # It also throws errors about null macro argments, but these are
342 AC_MSG_CHECKING(if compiler allows macro redefinitions)
345 #define testmacro foo
346 #define testmacro bar
347 int main(void) { exit(0); }
349 [ AC_MSG_RESULT(yes) ],
351 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
352 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
353 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
354 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
358 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
359 if (test -z "$blibpath"); then
360 blibpath="/usr/lib:/lib"
362 saved_LDFLAGS="$LDFLAGS"
363 if test "$GCC" = "yes"; then
364 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
366 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
368 for tryflags in $flags ;do
369 if (test -z "$blibflags"); then
370 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
371 AC_TRY_LINK([], [], [blibflags=$tryflags])
374 if (test -z "$blibflags"); then
375 AC_MSG_RESULT(not found)
376 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
378 AC_MSG_RESULT($blibflags)
380 LDFLAGS="$saved_LDFLAGS"
381 dnl Check for authenticate. Might be in libs.a on older AIXes
382 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
383 [Define if you want to enable AIX4's authenticate function])],
384 [AC_CHECK_LIB(s,authenticate,
385 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
389 dnl Check for various auth function declarations in headers.
390 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
391 passwdexpired, setauthdb], , , [#include <usersec.h>])
392 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
393 AC_CHECK_DECLS(loginfailed,
394 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
396 [#include <usersec.h>],
397 [(void)loginfailed("user","host","tty",0);],
399 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
400 [Define if your AIX loginfailed() function
401 takes 4 arguments (AIX >= 5.2)])],
405 [#include <usersec.h>]
407 AC_CHECK_FUNCS(getgrset setauthdb)
408 AC_CHECK_DECL(F_CLOSEM,
409 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
411 [ #include <limits.h>
414 check_for_aix_broken_getaddrinfo=1
415 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
416 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
417 [Define if your platform breaks doing a seteuid before a setuid])
418 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
419 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
420 dnl AIX handles lastlog as part of its login message
421 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
422 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
423 [Some systems need a utmpx entry for /bin/login to work])
424 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
425 [Define to a Set Process Title type if your system is
426 supported by bsd-setproctitle.c])
427 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
428 [AIX 5.2 and 5.3 (and presumably newer) require this])
429 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
432 check_for_libcrypt_later=1
433 LIBS="$LIBS /usr/lib/textreadmode.o"
434 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
435 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
436 AC_DEFINE(DISABLE_SHADOW, 1,
437 [Define if you want to disable shadow passwords])
438 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
439 [Define if your system choked on IP TOS setting])
440 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
441 [Define if X11 doesn't support AF_UNIX sockets on that system])
442 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
443 [Define if the concept of ports only accessible to
444 superusers isn't known])
445 AC_DEFINE(DISABLE_FD_PASSING, 1,
446 [Define if your platform needs to skip post auth
447 file descriptor passing])
450 AC_DEFINE(IP_TOS_IS_BROKEN)
451 AC_DEFINE(SETEUID_BREAKS_SETUID)
452 AC_DEFINE(BROKEN_SETREUID)
453 AC_DEFINE(BROKEN_SETREGID)
456 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
457 AC_DEFINE(BROKEN_GETADDRINFO)
458 AC_DEFINE(SETEUID_BREAKS_SETUID)
459 AC_DEFINE(BROKEN_SETREUID)
460 AC_DEFINE(BROKEN_SETREGID)
461 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
462 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
463 [Define if your resolver libs need this for getrrsetbyname])
464 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
465 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
466 [Use tunnel device compatibility to OpenBSD])
467 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
468 [Prepend the address family to IP tunnel traffic])
469 m4_pattern_allow(AU_IPv)
470 AC_CHECK_DECL(AU_IPv4, [],
471 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
472 [#include <bsm/audit.h>]
474 AC_MSG_CHECKING(if we have the Security Authorization Session API)
475 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
476 [SessionCreate(0, 0);],
477 [ac_cv_use_security_session_api="yes"
478 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
479 [platform has the Security Authorization Session API])
480 LIBS="$LIBS -framework Security"
482 [ac_cv_use_security_session_api="no"
484 AC_MSG_CHECKING(if we have an in-memory credentials cache)
486 [#include <Kerberos/Kerberos.h>],
488 (void) cc_initialize (&c, 0, NULL, NULL);],
489 [AC_DEFINE(USE_CCAPI, 1,
490 [platform uses an in-memory credentials cache])
491 LIBS="$LIBS -framework Security"
493 if test "x$ac_cv_use_security_session_api" = "xno"; then
494 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
500 SSHDLIBS="$SSHDLIBS -lcrypt"
503 # first we define all of the options common to all HP-UX releases
504 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
505 IPADDR_IN_DISPLAY=yes
507 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
508 [Define if your login program cannot handle end of options ("--")])
509 AC_DEFINE(LOGIN_NEEDS_UTMPX)
510 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
511 [String used in /etc/passwd to denote locked account])
512 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
513 MAIL="/var/mail/username"
515 AC_CHECK_LIB(xnet, t_error, ,
516 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
518 # next, we define all of the options specific to major releases
521 if test -z "$GCC"; then
526 AC_DEFINE(PAM_SUN_CODEBASE, 1,
527 [Define if you are using Solaris-derived PAM which
528 passes pam_messages to the conversation function
529 with an extra level of indirection])
530 AC_DEFINE(DISABLE_UTMP, 1,
531 [Define if you don't want to use utmp])
532 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
533 check_for_hpux_broken_getaddrinfo=1
534 check_for_conflicting_getspnam=1
538 # lastly, we define options specific to minor releases
541 AC_DEFINE(HAVE_SECUREWARE, 1,
542 [Define if you have SecureWare-based
543 protected password database])
544 disable_ptmx_check=yes
550 PATH="$PATH:/usr/etc"
551 AC_DEFINE(BROKEN_INET_NTOA, 1,
552 [Define if you system's inet_ntoa is busted
553 (e.g. Irix gcc issue)])
554 AC_DEFINE(SETEUID_BREAKS_SETUID)
555 AC_DEFINE(BROKEN_SETREUID)
556 AC_DEFINE(BROKEN_SETREGID)
557 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
558 [Define if you shouldn't strip 'tty' from your
560 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
563 PATH="$PATH:/usr/etc"
564 AC_DEFINE(WITH_IRIX_ARRAY, 1,
565 [Define if you have/want arrays
566 (cluster-wide session managment, not C arrays)])
567 AC_DEFINE(WITH_IRIX_PROJECT, 1,
568 [Define if you want IRIX project management])
569 AC_DEFINE(WITH_IRIX_AUDIT, 1,
570 [Define if you want IRIX audit trails])
571 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
572 [Define if you want IRIX kernel jobs])])
573 AC_DEFINE(BROKEN_INET_NTOA)
574 AC_DEFINE(SETEUID_BREAKS_SETUID)
575 AC_DEFINE(BROKEN_SETREUID)
576 AC_DEFINE(BROKEN_SETREGID)
577 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
578 AC_DEFINE(WITH_ABBREV_NO_TTY)
579 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
583 check_for_libcrypt_later=1
584 check_for_openpty_ctty_bug=1
585 AC_DEFINE(PAM_TTY_KLUDGE, 1,
586 [Work around problematic Linux PAM modules handling of PAM_TTY])
587 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
588 [String used in /etc/passwd to denote locked account])
589 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
590 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
591 [Define to whatever link() returns for "not supported"
592 if it doesn't return EOPNOTSUPP.])
593 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
595 inet6_default_4in6=yes
598 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
599 [Define if cmsg_type is not passed correctly])
602 # tun(4) forwarding compat code
603 AC_CHECK_HEADERS(linux/if_tun.h)
604 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
605 AC_DEFINE(SSH_TUN_LINUX, 1,
606 [Open tunnel devices the Linux tun/tap way])
607 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
608 [Use tunnel device compatibility to OpenBSD])
609 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
610 [Prepend the address family to IP tunnel traffic])
613 mips-sony-bsd|mips-sony-newsos4)
614 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
618 check_for_libcrypt_before=1
619 if test "x$withval" != "xno" ; then
622 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
623 AC_CHECK_HEADER([net/if_tap.h], ,
624 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
625 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
626 [Prepend the address family to IP tunnel traffic])
629 check_for_libcrypt_later=1
630 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
631 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
632 AC_CHECK_HEADER([net/if_tap.h], ,
633 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
634 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
637 AC_DEFINE(SETEUID_BREAKS_SETUID)
638 AC_DEFINE(BROKEN_SETREUID)
639 AC_DEFINE(BROKEN_SETREGID)
642 conf_lastlog_location="/usr/adm/lastlog"
643 conf_utmp_location=/etc/utmp
644 conf_wtmp_location=/usr/adm/wtmp
646 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
647 AC_DEFINE(BROKEN_REALPATH)
649 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
652 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
653 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
654 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
655 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
656 [syslog_r function is safe to use in in a signal handler])
659 if test "x$withval" != "xno" ; then
662 AC_DEFINE(PAM_SUN_CODEBASE)
663 AC_DEFINE(LOGIN_NEEDS_UTMPX)
664 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
665 [Some versions of /bin/login need the TERM supplied
667 AC_DEFINE(PAM_TTY_KLUDGE)
668 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
669 [Define if pam_chauthtok wants real uid set
670 to the unpriv'ed user])
671 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
672 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
673 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
674 [Define if sshd somehow reacquires a controlling TTY
676 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
677 in case the name is longer than 8 chars])
678 external_path_file=/etc/default/login
679 # hardwire lastlog location (can't detect it on some versions)
680 conf_lastlog_location="/var/adm/lastlog"
681 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
682 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
683 if test "$sol2ver" -ge 8; then
685 AC_DEFINE(DISABLE_UTMP)
686 AC_DEFINE(DISABLE_WTMP, 1,
687 [Define if you don't want to use wtmp])
691 AC_ARG_WITH(solaris-contracts,
692 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
694 AC_CHECK_LIB(contract, ct_tmpl_activate,
695 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
696 [Define if you have Solaris process contracts])
697 SSHDLIBS="$SSHDLIBS -lcontract"
704 CPPFLAGS="$CPPFLAGS -DSUNOS4"
705 AC_CHECK_FUNCS(getpwanam)
706 AC_DEFINE(PAM_SUN_CODEBASE)
707 conf_utmp_location=/etc/utmp
708 conf_wtmp_location=/var/adm/wtmp
709 conf_lastlog_location=/var/adm/lastlog
715 AC_DEFINE(SSHD_ACQUIRES_CTTY)
716 AC_DEFINE(SETEUID_BREAKS_SETUID)
717 AC_DEFINE(BROKEN_SETREUID)
718 AC_DEFINE(BROKEN_SETREGID)
721 # /usr/ucblib MUST NOT be searched on ReliantUNIX
722 AC_CHECK_LIB(dl, dlsym, ,)
723 # -lresolv needs to be at the end of LIBS or DNS lookups break
724 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
725 IPADDR_IN_DISPLAY=yes
727 AC_DEFINE(IP_TOS_IS_BROKEN)
728 AC_DEFINE(SETEUID_BREAKS_SETUID)
729 AC_DEFINE(BROKEN_SETREUID)
730 AC_DEFINE(BROKEN_SETREGID)
731 AC_DEFINE(SSHD_ACQUIRES_CTTY)
732 external_path_file=/etc/default/login
733 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
734 # Attention: always take care to bind libsocket and libnsl before libc,
735 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
737 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
740 AC_DEFINE(SETEUID_BREAKS_SETUID)
741 AC_DEFINE(BROKEN_SETREUID)
742 AC_DEFINE(BROKEN_SETREGID)
743 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
744 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
746 # UnixWare 7.x, OpenUNIX 8
748 check_for_libcrypt_later=1
749 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
751 AC_DEFINE(SETEUID_BREAKS_SETUID)
752 AC_DEFINE(BROKEN_SETREUID)
753 AC_DEFINE(BROKEN_SETREGID)
754 AC_DEFINE(PASSWD_NEEDS_USERNAME)
756 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
757 TEST_SHELL=/u95/bin/sh
758 AC_DEFINE(BROKEN_LIBIAF, 1,
759 [ia_uinfo routines not supported by OS yet])
760 AC_DEFINE(BROKEN_UPDWTMPX)
762 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
768 # SCO UNIX and OEM versions of SCO UNIX
770 AC_MSG_ERROR("This Platform is no longer supported.")
774 if test -z "$GCC"; then
775 CFLAGS="$CFLAGS -belf"
777 LIBS="$LIBS -lprot -lx -ltinfo -lm"
780 AC_DEFINE(HAVE_SECUREWARE)
781 AC_DEFINE(DISABLE_SHADOW)
782 AC_DEFINE(DISABLE_FD_PASSING)
783 AC_DEFINE(SETEUID_BREAKS_SETUID)
784 AC_DEFINE(BROKEN_SETREUID)
785 AC_DEFINE(BROKEN_SETREGID)
786 AC_DEFINE(WITH_ABBREV_NO_TTY)
787 AC_DEFINE(BROKEN_UPDWTMPX)
788 AC_DEFINE(PASSWD_NEEDS_USERNAME)
789 AC_CHECK_FUNCS(getluid setluid)
794 AC_DEFINE(NO_SSH_LASTLOG, 1,
795 [Define if you don't want to use lastlog in session.c])
796 AC_DEFINE(SETEUID_BREAKS_SETUID)
797 AC_DEFINE(BROKEN_SETREUID)
798 AC_DEFINE(BROKEN_SETREGID)
800 AC_DEFINE(DISABLE_FD_PASSING)
802 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
806 AC_DEFINE(SETEUID_BREAKS_SETUID)
807 AC_DEFINE(BROKEN_SETREUID)
808 AC_DEFINE(BROKEN_SETREGID)
809 AC_DEFINE(WITH_ABBREV_NO_TTY)
811 AC_DEFINE(DISABLE_FD_PASSING)
813 LIBS="$LIBS -lgen -lacid -ldb"
817 AC_DEFINE(SETEUID_BREAKS_SETUID)
818 AC_DEFINE(BROKEN_SETREUID)
819 AC_DEFINE(BROKEN_SETREGID)
821 AC_DEFINE(DISABLE_FD_PASSING)
822 AC_DEFINE(NO_SSH_LASTLOG)
823 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
824 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
828 AC_MSG_CHECKING(for Digital Unix SIA)
831 [ --with-osfsia Enable Digital Unix SIA],
833 if test "x$withval" = "xno" ; then
834 AC_MSG_RESULT(disabled)
839 if test -z "$no_osfsia" ; then
840 if test -f /etc/sia/matrix.conf; then
842 AC_DEFINE(HAVE_OSF_SIA, 1,
843 [Define if you have Digital Unix Security
844 Integration Architecture])
845 AC_DEFINE(DISABLE_LOGIN, 1,
846 [Define if you don't want to use your
847 system's login() call])
848 AC_DEFINE(DISABLE_FD_PASSING)
849 LIBS="$LIBS -lsecurity -ldb -lm -laud"
853 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
854 [String used in /etc/passwd to denote locked account])
857 AC_DEFINE(BROKEN_GETADDRINFO)
858 AC_DEFINE(SETEUID_BREAKS_SETUID)
859 AC_DEFINE(BROKEN_SETREUID)
860 AC_DEFINE(BROKEN_SETREGID)
861 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
866 AC_DEFINE(NO_X11_UNIX_SOCKETS)
867 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
868 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
869 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
870 AC_DEFINE(DISABLE_LASTLOG)
871 AC_DEFINE(SSHD_ACQUIRES_CTTY)
872 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
873 enable_etc_default_login=no # has incompatible /etc/default/login
876 AC_DEFINE(DISABLE_FD_PASSING)
882 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
883 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
884 AC_DEFINE(NEED_SETPGRP)
885 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
889 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
890 AC_DEFINE(MISSING_HOWMANY)
891 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
895 AC_MSG_CHECKING(compiler and flags for sanity)
901 [ AC_MSG_RESULT(yes) ],
904 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
906 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
909 dnl Checks for header files.
910 # Checks for libraries.
911 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
912 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
914 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
915 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
916 AC_CHECK_LIB(gen, dirname,[
917 AC_CACHE_CHECK([for broken dirname],
918 ac_cv_have_broken_dirname, [
926 int main(int argc, char **argv) {
929 strncpy(buf,"/etc", 32);
931 if (!s || strncmp(s, "/", 32) != 0) {
938 [ ac_cv_have_broken_dirname="no" ],
939 [ ac_cv_have_broken_dirname="yes" ],
940 [ ac_cv_have_broken_dirname="no" ],
944 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
946 AC_DEFINE(HAVE_DIRNAME)
947 AC_CHECK_HEADERS(libgen.h)
952 AC_CHECK_FUNC(getspnam, ,
953 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
954 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
955 [Define if you have the basename function.]))
959 [ --with-zlib=PATH Use zlib in PATH],
960 [ if test "x$withval" = "xno" ; then
961 AC_MSG_ERROR([*** zlib is required ***])
962 elif test "x$withval" != "xyes"; then
963 if test -d "$withval/lib"; then
964 if test -n "${need_dash_r}"; then
965 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
967 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
970 if test -n "${need_dash_r}"; then
971 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
973 LDFLAGS="-L${withval} ${LDFLAGS}"
976 if test -d "$withval/include"; then
977 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
979 CPPFLAGS="-I${withval} ${CPPFLAGS}"
984 AC_CHECK_LIB(z, deflate, ,
986 saved_CPPFLAGS="$CPPFLAGS"
987 saved_LDFLAGS="$LDFLAGS"
989 dnl Check default zlib install dir
990 if test -n "${need_dash_r}"; then
991 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
993 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
995 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
997 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
999 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1004 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1006 AC_ARG_WITH(zlib-version-check,
1007 [ --without-zlib-version-check Disable zlib version check],
1008 [ if test "x$withval" = "xno" ; then
1009 zlib_check_nonfatal=1
1014 AC_MSG_CHECKING(for possibly buggy zlib)
1015 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1020 int a=0, b=0, c=0, d=0, n, v;
1021 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1022 if (n != 3 && n != 4)
1024 v = a*1000000 + b*10000 + c*100 + d;
1025 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1028 if (a == 1 && b == 1 && c >= 4)
1031 /* 1.2.3 and up are OK */
1039 [ AC_MSG_RESULT(yes)
1040 if test -z "$zlib_check_nonfatal" ; then
1041 AC_MSG_ERROR([*** zlib too old - check config.log ***
1042 Your reported zlib version has known security problems. It's possible your
1043 vendor has fixed these problems without changing the version number. If you
1044 are sure this is the case, you can disable the check by running
1045 "./configure --without-zlib-version-check".
1046 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1047 See http://www.gzip.org/zlib/ for details.])
1049 AC_MSG_WARN([zlib version may have security problems])
1052 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1056 AC_CHECK_FUNC(strcasecmp,
1057 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1059 AC_CHECK_FUNCS(utimes,
1060 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1061 LIBS="$LIBS -lc89"]) ]
1064 dnl Checks for libutil functions
1065 AC_CHECK_HEADERS(libutil.h)
1066 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1067 [Define if your libraries define login()])])
1068 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1072 # Check for ALTDIRFUNC glob() extension
1073 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1074 AC_EGREP_CPP(FOUNDIT,
1077 #ifdef GLOB_ALTDIRFUNC
1082 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1083 [Define if your system glob() function has
1084 the GLOB_ALTDIRFUNC extension])
1092 # Check for g.gl_matchc glob() extension
1093 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1095 [ #include <glob.h> ],
1096 [glob_t g; g.gl_matchc = 1;],
1098 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1099 [Define if your system glob() function has
1100 gl_matchc options in glob_t])
1108 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1110 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1113 #include <sys/types.h>
1115 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1117 [AC_MSG_RESULT(yes)],
1120 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1121 [Define if your struct dirent expects you to
1122 allocate extra space for d_name])
1125 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1126 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1130 # Check whether the user wants GSSAPI mechglue support
1131 AC_ARG_WITH(mechglue,
1132 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1134 AC_MSG_CHECKING(for mechglue library)
1136 if test -e ${withval}/libgssapi.a ; then
1137 mechglue_lib=${withval}/libgssapi.a
1138 elif test -e ${withval}/lib/libgssapi.a ; then
1139 mechglue_lib=${withval}/lib/libgssapi.a
1141 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1143 LIBS="$LIBS ${mechglue_lib}"
1144 AC_MSG_RESULT(${mechglue_lib})
1146 AC_CHECK_LIB(dl, dlopen, , )
1147 if test $ac_cv_lib_dl_dlopen = yes; then
1148 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1152 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1159 # Check whether the user wants GSI (Globus) support
1162 [ --with-gsi Enable Globus GSI authentication support],
1169 [ --with-globus Enable Globus GSI authentication support],
1175 AC_ARG_WITH(globus-static,
1176 [ --with-globus-static Link statically with Globus GSI libraries],
1179 if test "x$gsi_path" = "xno" ; then
1185 # Check whether the user has a Globus flavor type
1186 globus_flavor_type="no"
1187 AC_ARG_WITH(globus-flavor,
1188 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
1190 globus_flavor_type="$withval"
1191 if test "x$gsi_path" = "xno" ; then
1197 if test "x$gsi_path" != "xno" ; then
1198 # Globus GSSAPI configuration
1199 AC_MSG_CHECKING(for Globus GSI)
1200 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
1202 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
1203 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1205 if test -z "$GSSAPI"; then
1210 if test "x$gsi_path" = "xyes" ; then
1211 if test -z "$GLOBUS_LOCATION" ; then
1212 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
1214 gsi_path="$GLOBUS_LOCATION"
1217 GLOBUS_LOCATION="$gsi_path"
1218 export GLOBUS_LOCATION
1219 if test ! -d "$GLOBUS_LOCATION" ; then
1220 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1223 if test "x$globus_flavor_type" = "xno" ; then
1224 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1226 if test "x$globus_flavor_type" = "xyes" ; then
1227 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1231 AC_MSG_CHECKING(for Globus include path)
1232 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1233 if test ! -d "$GLOBUS_INCLUDE" ; then
1234 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1236 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
1240 # Find GPT linkline helper
1243 AC_MSG_CHECKING(for GPT linkline helper)
1244 if test -x $GPT_LOCATION/sbin/gpt_build_config ; then
1245 gpt_linkline_helper="$GPT_LOCATION/sbin/gpt_build_config"
1246 elif test -x ${gsi_path}/sbin/gpt_build_config ; then
1247 gpt_linkline_helper="${gsi_path}/sbin/gpt_build_config"
1249 AC_MSG_ERROR(Cannot find gpt_build_config: GPT installation is incomplete)
1254 # Build Globus linkline
1257 if test -n "${gsi_static}"; then
1258 ${gpt_linkline_helper} -f ${globus_flavor_type} -link static -src pkg_data_src.gpt
1260 ${gpt_linkline_helper} -f ${globus_flavor_type} -link shared -src pkg_data_src.gpt
1262 . ./gpt_build_temp.sh
1263 if test -n "${need_dash_r}"; then
1264 GSI_LDFLAGS="-L${gsi_path}/lib -R${gsi_path}/lib"
1266 GSI_LDFLAGS="-L${gsi_path}/lib"
1268 GSI_LIBS="$GPT_CONFIG_PGM_LINKS"
1269 LD_LIBRARY_PATH="${gsi_path}/lib:$LD_LIBRARY_PATH"; export LD_LIBRARY_PATH
1272 # Test Globus linkline
1275 AC_MSG_CHECKING(for Globus linkline)
1276 if test -z "$GSI_LIBS" ; then
1277 AC_MSG_ERROR(gpt_build_config failed)
1281 AC_DEFINE(HAVE_GSSAPI_H)
1283 LIBS="$LIBS $GSI_LIBS $GPT_CONFIG_LIBS"
1284 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1285 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS $GPT_CONFIG_INCLUDES"
1286 CFLAGS="$CFLAGS $GPT_CONFIG_CFLAGS"
1288 AC_MSG_CHECKING(that Globus linkline works)
1289 # test that we got the libraries OK
1297 AC_MSG_ERROR(link with Globus libraries failed)
1300 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1301 INSTALL_GSISSH="yes"
1305 # End Globus/GSI section
1307 AC_MSG_CHECKING([for /proc/pid/fd directory])
1308 if test -d "/proc/$$/fd" ; then
1309 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1315 # Check whether user wants S/Key support
1318 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1320 if test "x$withval" != "xno" ; then
1322 if test "x$withval" != "xyes" ; then
1323 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1324 LDFLAGS="$LDFLAGS -L${withval}/lib"
1327 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1331 AC_MSG_CHECKING([for s/key support])
1336 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1338 [AC_MSG_RESULT(yes)],
1341 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1343 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1347 [(void)skeychallenge(NULL,"name","",0);],
1349 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1350 [Define if your skeychallenge()
1351 function takes 4 arguments (NetBSD)])],
1358 # Check whether user wants TCP wrappers support
1360 AC_ARG_WITH(tcp-wrappers,
1361 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1363 if test "x$withval" != "xno" ; then
1365 saved_LDFLAGS="$LDFLAGS"
1366 saved_CPPFLAGS="$CPPFLAGS"
1367 if test -n "${withval}" && \
1368 test "x${withval}" != "xyes"; then
1369 if test -d "${withval}/lib"; then
1370 if test -n "${need_dash_r}"; then
1371 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1373 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1376 if test -n "${need_dash_r}"; then
1377 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1379 LDFLAGS="-L${withval} ${LDFLAGS}"
1382 if test -d "${withval}/include"; then
1383 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1385 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1389 AC_MSG_CHECKING(for libwrap)
1392 #include <sys/types.h>
1393 #include <sys/socket.h>
1394 #include <netinet/in.h>
1396 int deny_severity = 0, allow_severity = 0;
1401 AC_DEFINE(LIBWRAP, 1,
1403 TCP Wrappers support])
1404 SSHDLIBS="$SSHDLIBS -lwrap"
1408 AC_MSG_ERROR([*** libwrap missing])
1416 # Check whether user wants libedit support
1418 AC_ARG_WITH(libedit,
1419 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1420 [ if test "x$withval" != "xno" ; then
1421 if test "x$withval" != "xyes"; then
1422 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1423 if test -n "${need_dash_r}"; then
1424 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1426 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1429 AC_CHECK_LIB(edit, el_init,
1430 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1431 LIBEDIT="-ledit -lcurses"
1435 [ AC_MSG_ERROR(libedit not found) ],
1438 AC_MSG_CHECKING(if libedit version is compatible)
1441 #include <histedit.h>
1445 el_init("", NULL, NULL, NULL);
1449 [ AC_MSG_RESULT(yes) ],
1451 AC_MSG_ERROR(libedit version is not compatible) ]
1458 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1460 AC_MSG_CHECKING(for supported audit module)
1465 dnl Checks for headers, libs and functions
1466 AC_CHECK_HEADERS(bsm/audit.h, [],
1467 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1474 AC_CHECK_LIB(bsm, getaudit, [],
1475 [AC_MSG_ERROR(BSM enabled and required library not found)])
1476 AC_CHECK_FUNCS(getaudit, [],
1477 [AC_MSG_ERROR(BSM enabled and required function not found)])
1478 # These are optional
1479 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1480 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1484 AC_MSG_RESULT(debug)
1485 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1491 AC_MSG_ERROR([Unknown audit module $withval])
1496 dnl Checks for library functions. Please keep in alphabetical order
1500 arc4random_uniform \
1589 # IRIX has a const char return value for gai_strerror()
1590 AC_CHECK_FUNCS(gai_strerror,[
1591 AC_DEFINE(HAVE_GAI_STRERROR)
1593 #include <sys/types.h>
1594 #include <sys/socket.h>
1597 const char *gai_strerror(int);],[
1600 str = gai_strerror(0);],[
1601 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1602 [Define if gai_strerror() returns const char *])])])
1604 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1605 [Some systems put nanosleep outside of libc]))
1607 dnl Make sure prototypes are defined for these before using them.
1608 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1609 AC_CHECK_DECL(strsep,
1610 [AC_CHECK_FUNCS(strsep)],
1613 #ifdef HAVE_STRING_H
1614 # include <string.h>
1618 dnl tcsendbreak might be a macro
1619 AC_CHECK_DECL(tcsendbreak,
1620 [AC_DEFINE(HAVE_TCSENDBREAK)],
1621 [AC_CHECK_FUNCS(tcsendbreak)],
1622 [#include <termios.h>]
1625 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1627 AC_CHECK_DECLS(SHUT_RD, , ,
1629 #include <sys/types.h>
1630 #include <sys/socket.h>
1633 AC_CHECK_DECLS(O_NONBLOCK, , ,
1635 #include <sys/types.h>
1636 #ifdef HAVE_SYS_STAT_H
1637 # include <sys/stat.h>
1644 AC_CHECK_DECLS(writev, , , [
1645 #include <sys/types.h>
1646 #include <sys/uio.h>
1650 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1651 #include <sys/param.h>
1654 AC_CHECK_DECLS(offsetof, , , [
1658 AC_CHECK_FUNCS(setresuid, [
1659 dnl Some platorms have setresuid that isn't implemented, test for this
1660 AC_MSG_CHECKING(if setresuid seems to work)
1665 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1667 [AC_MSG_RESULT(yes)],
1668 [AC_DEFINE(BROKEN_SETRESUID, 1,
1669 [Define if your setresuid() is broken])
1670 AC_MSG_RESULT(not implemented)],
1671 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1675 AC_CHECK_FUNCS(setresgid, [
1676 dnl Some platorms have setresgid that isn't implemented, test for this
1677 AC_MSG_CHECKING(if setresgid seems to work)
1682 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1684 [AC_MSG_RESULT(yes)],
1685 [AC_DEFINE(BROKEN_SETRESGID, 1,
1686 [Define if your setresgid() is broken])
1687 AC_MSG_RESULT(not implemented)],
1688 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1692 dnl Checks for time functions
1693 AC_CHECK_FUNCS(gettimeofday time)
1694 dnl Checks for utmp functions
1695 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1696 AC_CHECK_FUNCS(utmpname)
1697 dnl Checks for utmpx functions
1698 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1699 AC_CHECK_FUNCS(setutxent utmpxname)
1701 AC_CHECK_FUNC(daemon,
1702 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1703 [AC_CHECK_LIB(bsd, daemon,
1704 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1707 AC_CHECK_FUNC(getpagesize,
1708 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1709 [Define if your libraries define getpagesize()])],
1710 [AC_CHECK_LIB(ucb, getpagesize,
1711 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1714 # Check for broken snprintf
1715 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1716 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1720 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1722 [AC_MSG_RESULT(yes)],
1725 AC_DEFINE(BROKEN_SNPRINTF, 1,
1726 [Define if your snprintf is busted])
1727 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1729 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1733 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1734 # returning the right thing on overflow: the number of characters it tried to
1735 # create (as per SUSv3)
1736 if test "x$ac_cv_func_asprintf" != "xyes" && \
1737 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1738 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1741 #include <sys/types.h>
1745 int x_snprintf(char *str,size_t count,const char *fmt,...)
1747 size_t ret; va_list ap;
1748 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1754 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1756 [AC_MSG_RESULT(yes)],
1759 AC_DEFINE(BROKEN_SNPRINTF, 1,
1760 [Define if your snprintf is busted])
1761 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1763 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1767 # On systems where [v]snprintf is broken, but is declared in stdio,
1768 # check that the fmt argument is const char * or just char *.
1769 # This is only useful for when BROKEN_SNPRINTF
1770 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1771 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1772 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1773 int main(void) { snprintf(0, 0, 0); }
1776 AC_DEFINE(SNPRINTF_CONST, [const],
1777 [Define as const if snprintf() can declare const char *fmt])],
1779 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1781 # Check for missing getpeereid (or equiv) support
1783 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1784 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1786 [#include <sys/types.h>
1787 #include <sys/socket.h>],
1788 [int i = SO_PEERCRED;],
1789 [ AC_MSG_RESULT(yes)
1790 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1797 dnl see whether mkstemp() requires XXXXXX
1798 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1799 AC_MSG_CHECKING([for (overly) strict mkstemp])
1803 main() { char template[]="conftest.mkstemp-test";
1804 if (mkstemp(template) == -1)
1806 unlink(template); exit(0);
1814 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1818 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1823 dnl make sure that openpty does not reacquire controlling terminal
1824 if test ! -z "$check_for_openpty_ctty_bug"; then
1825 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1829 #include <sys/fcntl.h>
1830 #include <sys/types.h>
1831 #include <sys/wait.h>
1837 int fd, ptyfd, ttyfd, status;
1840 if (pid < 0) { /* failed */
1842 } else if (pid > 0) { /* parent */
1843 waitpid(pid, &status, 0);
1844 if (WIFEXITED(status))
1845 exit(WEXITSTATUS(status));
1848 } else { /* child */
1849 close(0); close(1); close(2);
1851 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1852 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1854 exit(3); /* Acquired ctty: broken */
1856 exit(0); /* Did not acquire ctty: OK */
1865 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1868 AC_MSG_RESULT(cross-compiling, assuming yes)
1873 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1874 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1875 AC_MSG_CHECKING(if getaddrinfo seems to work)
1879 #include <sys/socket.h>
1882 #include <netinet/in.h>
1884 #define TEST_PORT "2222"
1890 struct addrinfo *gai_ai, *ai, hints;
1891 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1893 memset(&hints, 0, sizeof(hints));
1894 hints.ai_family = PF_UNSPEC;
1895 hints.ai_socktype = SOCK_STREAM;
1896 hints.ai_flags = AI_PASSIVE;
1898 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1900 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1904 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1905 if (ai->ai_family != AF_INET6)
1908 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1909 sizeof(ntop), strport, sizeof(strport),
1910 NI_NUMERICHOST|NI_NUMERICSERV);
1913 if (err == EAI_SYSTEM)
1914 perror("getnameinfo EAI_SYSTEM");
1916 fprintf(stderr, "getnameinfo failed: %s\n",
1921 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1924 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1937 AC_DEFINE(BROKEN_GETADDRINFO)
1940 AC_MSG_RESULT(cross-compiling, assuming yes)
1945 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1946 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1947 AC_MSG_CHECKING(if getaddrinfo seems to work)
1951 #include <sys/socket.h>
1954 #include <netinet/in.h>
1956 #define TEST_PORT "2222"
1962 struct addrinfo *gai_ai, *ai, hints;
1963 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1965 memset(&hints, 0, sizeof(hints));
1966 hints.ai_family = PF_UNSPEC;
1967 hints.ai_socktype = SOCK_STREAM;
1968 hints.ai_flags = AI_PASSIVE;
1970 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1972 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1976 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1977 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1980 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1981 sizeof(ntop), strport, sizeof(strport),
1982 NI_NUMERICHOST|NI_NUMERICSERV);
1984 if (ai->ai_family == AF_INET && err != 0) {
1985 perror("getnameinfo");
1994 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1995 [Define if you have a getaddrinfo that fails
1996 for the all-zeros IPv6 address])
2000 AC_DEFINE(BROKEN_GETADDRINFO)
2003 AC_MSG_RESULT(cross-compiling, assuming no)
2008 if test "x$check_for_conflicting_getspnam" = "x1"; then
2009 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
2013 int main(void) {exit(0);}
2020 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
2021 [Conflicting defs for getspnam])
2028 # Search for OpenSSL
2029 saved_CPPFLAGS="$CPPFLAGS"
2030 saved_LDFLAGS="$LDFLAGS"
2031 AC_ARG_WITH(ssl-dir,
2032 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2034 if test "x$withval" != "xno" ; then
2037 ./*|../*) withval="`pwd`/$withval"
2039 if test -d "$withval/lib"; then
2040 if test -n "${need_dash_r}"; then
2041 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2043 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2046 if test -n "${need_dash_r}"; then
2047 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2049 LDFLAGS="-L${withval} ${LDFLAGS}"
2052 if test -d "$withval/include"; then
2053 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2055 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2061 if test -z "$GSI_LIBS" ; then
2062 LIBS="-lcrypto $LIBS"
2064 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
2065 [Define if your ssl headers are included
2066 with #include <openssl/header.h>]),
2068 dnl Check default openssl install dir
2069 if test -n "${need_dash_r}"; then
2070 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2072 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2074 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2075 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2077 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2083 # Determine OpenSSL header version
2084 AC_MSG_CHECKING([OpenSSL header version])
2089 #include <openssl/opensslv.h>
2090 #define DATA "conftest.sslincver"
2095 fd = fopen(DATA,"w");
2099 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2106 ssl_header_ver=`cat conftest.sslincver`
2107 AC_MSG_RESULT($ssl_header_ver)
2110 AC_MSG_RESULT(not found)
2111 AC_MSG_ERROR(OpenSSL version header not found.)
2114 AC_MSG_WARN([cross compiling: not checking])
2118 # Determine OpenSSL library version
2119 AC_MSG_CHECKING([OpenSSL library version])
2124 #include <openssl/opensslv.h>
2125 #include <openssl/crypto.h>
2126 #define DATA "conftest.ssllibver"
2131 fd = fopen(DATA,"w");
2135 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2142 ssl_library_ver=`cat conftest.ssllibver`
2143 AC_MSG_RESULT($ssl_library_ver)
2146 AC_MSG_RESULT(not found)
2147 AC_MSG_ERROR(OpenSSL library not found.)
2150 AC_MSG_WARN([cross compiling: not checking])
2154 AC_ARG_WITH(openssl-header-check,
2155 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2156 [ if test "x$withval" = "xno" ; then
2157 openssl_check_nonfatal=1
2162 # Sanity check OpenSSL headers
2163 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2167 #include <openssl/opensslv.h>
2168 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2175 if test "x$openssl_check_nonfatal" = "x"; then
2176 AC_MSG_ERROR([Your OpenSSL headers do not match your
2177 library. Check config.log for details.
2178 If you are sure your installation is consistent, you can disable the check
2179 by running "./configure --without-openssl-header-check".
2180 Also see contrib/findssl.sh for help identifying header/library mismatches.
2183 AC_MSG_WARN([Your OpenSSL headers do not match your
2184 library. Check config.log for details.
2185 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2189 AC_MSG_WARN([cross compiling: not checking])
2193 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2196 #include <openssl/evp.h>
2197 int main(void) { SSLeay_add_all_algorithms(); }
2206 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2209 #include <openssl/evp.h>
2210 int main(void) { SSLeay_add_all_algorithms(); }
2223 AC_ARG_WITH(ssl-engine,
2224 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2225 [ if test "x$withval" != "xno" ; then
2226 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2228 [ #include <openssl/engine.h>],
2230 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2232 [ AC_MSG_RESULT(yes)
2233 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2234 [Enable OpenSSL engine support])
2236 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2241 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2242 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2246 #include <openssl/evp.h>
2247 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2254 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2255 [libcrypto is missing AES 192 and 256 bit functions])
2259 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2260 # because the system crypt() is more featureful.
2261 if test "x$check_for_libcrypt_before" = "x1"; then
2262 AC_CHECK_LIB(crypt, crypt)
2265 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2266 # version in OpenSSL.
2267 if test "x$check_for_libcrypt_later" = "x1"; then
2268 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2271 # Search for SHA256 support in libc and/or OpenSSL
2272 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2275 AC_CHECK_LIB(iaf, ia_openinfo, [
2277 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2278 AC_DEFINE(HAVE_LIBIAF, 1,
2279 [Define if system has libiaf that supports set_id])
2284 ### Configure cryptographic random number support
2286 # Check wheter OpenSSL seeds itself
2287 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2291 #include <openssl/rand.h>
2292 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2295 OPENSSL_SEEDS_ITSELF=yes
2300 # Default to use of the rand helper if OpenSSL doesn't
2305 AC_MSG_WARN([cross compiling: assuming yes])
2306 # This is safe, since all recent OpenSSL versions will
2307 # complain at runtime if not seeded correctly.
2308 OPENSSL_SEEDS_ITSELF=yes
2312 # Check for PAM libs
2315 [ --with-pam Enable PAM support ],
2317 if test "x$withval" != "xno" ; then
2318 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2319 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2320 AC_MSG_ERROR([PAM headers not found])
2324 AC_CHECK_LIB(dl, dlopen, , )
2325 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2326 AC_CHECK_FUNCS(pam_getenvlist)
2327 AC_CHECK_FUNCS(pam_putenv)
2332 SSHDLIBS="$SSHDLIBS -lpam"
2333 AC_DEFINE(USE_PAM, 1,
2334 [Define if you want to enable PAM support])
2336 if test $ac_cv_lib_dl_dlopen = yes; then
2339 # libdl already in LIBS
2342 SSHDLIBS="$SSHDLIBS -ldl"
2350 AC_CHECK_LIB(dl, dlopen, , )
2351 AC_CHECK_LIB(pam, pam_set_item, , )
2352 AC_CHECK_FUNCS(pam_getenvlist)
2353 AC_CHECK_FUNCS(pam_putenv)
2356 if (test "x$ac_cv_header_security_pam_appl_h" = "xyes" || \
2357 test "x$ac_cv_header_pam_pam_appl_h" = "xyes") &&
2358 test "x$ac_cv_lib_pam_pam_set_item" = "xyes" ; then
2364 if test $ac_cv_lib_dl_dlopen = yes; then
2367 # libdl already in LIBS
2370 LIBPAM="$LIBPAM -ldl"
2379 # Check for older PAM
2380 if test "x$PAM_MSG" = "xyes" ; then
2381 # Check PAM strerror arguments (old PAM)
2382 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2386 #if defined(HAVE_SECURITY_PAM_APPL_H)
2387 #include <security/pam_appl.h>
2388 #elif defined (HAVE_PAM_PAM_APPL_H)
2389 #include <pam/pam_appl.h>
2392 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2393 [AC_MSG_RESULT(no)],
2395 AC_DEFINE(HAVE_OLD_PAM, 1,
2396 [Define if you have an old version of PAM
2397 which takes only one argument to pam_strerror])
2399 PAM_MSG="yes (old library)"
2404 # Do we want to force the use of the rand helper?
2405 AC_ARG_WITH(rand-helper,
2406 [ --with-rand-helper Use subprocess to gather strong randomness ],
2408 if test "x$withval" = "xno" ; then
2409 # Force use of OpenSSL's internal RNG, even if
2410 # the previous test showed it to be unseeded.
2411 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2412 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2413 OPENSSL_SEEDS_ITSELF=yes
2422 # Which randomness source do we use?
2423 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2425 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2426 [Define if you want OpenSSL's internally seeded PRNG only])
2427 RAND_MSG="OpenSSL internal ONLY"
2428 INSTALL_SSH_RAND_HELPER=""
2429 elif test ! -z "$USE_RAND_HELPER" ; then
2430 # install rand helper
2431 RAND_MSG="ssh-rand-helper"
2432 INSTALL_SSH_RAND_HELPER="yes"
2434 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2436 ### Configuration of ssh-rand-helper
2439 AC_ARG_WITH(prngd-port,
2440 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2449 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2452 if test ! -z "$withval" ; then
2453 PRNGD_PORT="$withval"
2454 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2455 [Port number of PRNGD/EGD random number socket])
2460 # PRNGD Unix domain socket
2461 AC_ARG_WITH(prngd-socket,
2462 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2466 withval="/var/run/egd-pool"
2474 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2478 if test ! -z "$withval" ; then
2479 if test ! -z "$PRNGD_PORT" ; then
2480 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2482 if test ! -r "$withval" ; then
2483 AC_MSG_WARN(Entropy socket is not readable)
2485 PRNGD_SOCKET="$withval"
2486 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2487 [Location of PRNGD/EGD random number socket])
2491 # Check for existing socket only if we don't have a random device already
2492 if test "$USE_RAND_HELPER" = yes ; then
2493 AC_MSG_CHECKING(for PRNGD/EGD socket)
2494 # Insert other locations here
2495 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2496 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2497 PRNGD_SOCKET="$sock"
2498 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2502 if test ! -z "$PRNGD_SOCKET" ; then
2503 AC_MSG_RESULT($PRNGD_SOCKET)
2505 AC_MSG_RESULT(not found)
2511 # Change default command timeout for hashing entropy source
2513 AC_ARG_WITH(entropy-timeout,
2514 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2516 if test -n "$withval" && test "x$withval" != "xno" && \
2517 test "x${withval}" != "xyes"; then
2518 entropy_timeout=$withval
2522 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2523 [Builtin PRNG command timeout])
2525 SSH_PRIVSEP_USER=sshd
2526 AC_ARG_WITH(privsep-user,
2527 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2529 if test -n "$withval" && test "x$withval" != "xno" && \
2530 test "x${withval}" != "xyes"; then
2531 SSH_PRIVSEP_USER=$withval
2535 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2536 [non-privileged user for privilege separation])
2537 AC_SUBST(SSH_PRIVSEP_USER)
2539 # We do this little dance with the search path to insure
2540 # that programs that we select for use by installed programs
2541 # (which may be run by the super-user) come from trusted
2542 # locations before they come from the user's private area.
2543 # This should help avoid accidentally configuring some
2544 # random version of a program in someone's personal bin.
2548 test -h /bin 2> /dev/null && PATH=/usr/bin
2549 test -d /sbin && PATH=$PATH:/sbin
2550 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2551 PATH=$PATH:/etc:$OPATH
2553 # These programs are used by the command hashing source to gather entropy
2554 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2555 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2556 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2557 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2558 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2559 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2560 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2561 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2562 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2563 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2564 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2565 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2566 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2567 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2568 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2569 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2573 # Where does ssh-rand-helper get its randomness from?
2574 INSTALL_SSH_PRNG_CMDS=""
2575 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2576 if test ! -z "$PRNGD_PORT" ; then
2577 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2578 elif test ! -z "$PRNGD_SOCKET" ; then
2579 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2581 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2582 RAND_HELPER_CMDHASH=yes
2583 INSTALL_SSH_PRNG_CMDS="yes"
2586 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2589 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2590 if test ! -z "$SONY" ; then
2591 LIBS="$LIBS -liberty";
2594 # Check for long long datatypes
2595 AC_CHECK_TYPES([long long, unsigned long long, long double])
2597 # Check datatype sizes
2598 AC_CHECK_SIZEOF(char, 1)
2599 AC_CHECK_SIZEOF(short int, 2)
2600 AC_CHECK_SIZEOF(int, 4)
2601 AC_CHECK_SIZEOF(long int, 4)
2602 AC_CHECK_SIZEOF(long long int, 8)
2604 # Sanity check long long for some platforms (AIX)
2605 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2606 ac_cv_sizeof_long_long_int=0
2609 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2610 if test -z "$have_llong_max"; then
2611 AC_MSG_CHECKING([for max value of long long])
2615 /* Why is this so damn hard? */
2619 #define __USE_ISOC99
2621 #define DATA "conftest.llminmax"
2622 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2625 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2626 * we do this the hard way.
2629 fprint_ll(FILE *f, long long n)
2632 int l[sizeof(long long) * 8];
2635 if (fprintf(f, "-") < 0)
2637 for (i = 0; n != 0; i++) {
2638 l[i] = my_abs(n % 10);
2642 if (fprintf(f, "%d", l[--i]) < 0)
2645 if (fprintf(f, " ") < 0)
2652 long long i, llmin, llmax = 0;
2654 if((f = fopen(DATA,"w")) == NULL)
2657 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2658 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2662 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2663 /* This will work on one's complement and two's complement */
2664 for (i = 1; i > llmax; i <<= 1, i++)
2666 llmin = llmax + 1LL; /* wrap */
2670 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2671 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2672 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2673 fprintf(f, "unknown unknown\n");
2677 if (fprint_ll(f, llmin) < 0)
2679 if (fprint_ll(f, llmax) < 0)
2687 llong_min=`$AWK '{print $1}' conftest.llminmax`
2688 llong_max=`$AWK '{print $2}' conftest.llminmax`
2690 AC_MSG_RESULT($llong_max)
2691 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2692 [max value of long long calculated by configure])
2693 AC_MSG_CHECKING([for min value of long long])
2694 AC_MSG_RESULT($llong_min)
2695 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2696 [min value of long long calculated by configure])
2699 AC_MSG_RESULT(not found)
2702 AC_MSG_WARN([cross compiling: not checking])
2708 # More checks for data types
2709 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2711 [ #include <sys/types.h> ],
2713 [ ac_cv_have_u_int="yes" ],
2714 [ ac_cv_have_u_int="no" ]
2717 if test "x$ac_cv_have_u_int" = "xyes" ; then
2718 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2722 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2724 [ #include <sys/types.h> ],
2725 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2726 [ ac_cv_have_intxx_t="yes" ],
2727 [ ac_cv_have_intxx_t="no" ]
2730 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2731 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2735 if (test -z "$have_intxx_t" && \
2736 test "x$ac_cv_header_stdint_h" = "xyes")
2738 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2740 [ #include <stdint.h> ],
2741 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2743 AC_DEFINE(HAVE_INTXX_T)
2746 [ AC_MSG_RESULT(no) ]
2750 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2753 #include <sys/types.h>
2754 #ifdef HAVE_STDINT_H
2755 # include <stdint.h>
2757 #include <sys/socket.h>
2758 #ifdef HAVE_SYS_BITYPES_H
2759 # include <sys/bitypes.h>
2762 [ int64_t a; a = 1;],
2763 [ ac_cv_have_int64_t="yes" ],
2764 [ ac_cv_have_int64_t="no" ]
2767 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2768 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2771 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2773 [ #include <sys/types.h> ],
2774 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2775 [ ac_cv_have_u_intxx_t="yes" ],
2776 [ ac_cv_have_u_intxx_t="no" ]
2779 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2780 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2784 if test -z "$have_u_intxx_t" ; then
2785 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2787 [ #include <sys/socket.h> ],
2788 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2790 AC_DEFINE(HAVE_U_INTXX_T)
2793 [ AC_MSG_RESULT(no) ]
2797 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2799 [ #include <sys/types.h> ],
2800 [ u_int64_t a; a = 1;],
2801 [ ac_cv_have_u_int64_t="yes" ],
2802 [ ac_cv_have_u_int64_t="no" ]
2805 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2806 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2810 if test -z "$have_u_int64_t" ; then
2811 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2813 [ #include <sys/bitypes.h> ],
2814 [ u_int64_t a; a = 1],
2816 AC_DEFINE(HAVE_U_INT64_T)
2819 [ AC_MSG_RESULT(no) ]
2823 if test -z "$have_u_intxx_t" ; then
2824 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2827 #include <sys/types.h>
2829 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2830 [ ac_cv_have_uintxx_t="yes" ],
2831 [ ac_cv_have_uintxx_t="no" ]
2834 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2835 AC_DEFINE(HAVE_UINTXX_T, 1,
2836 [define if you have uintxx_t data type])
2840 if test -z "$have_uintxx_t" ; then
2841 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2843 [ #include <stdint.h> ],
2844 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2846 AC_DEFINE(HAVE_UINTXX_T)
2849 [ AC_MSG_RESULT(no) ]
2853 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2854 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2856 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2859 #include <sys/bitypes.h>
2862 int8_t a; int16_t b; int32_t c;
2863 u_int8_t e; u_int16_t f; u_int32_t g;
2864 a = b = c = e = f = g = 1;
2867 AC_DEFINE(HAVE_U_INTXX_T)
2868 AC_DEFINE(HAVE_INTXX_T)
2876 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2879 #include <sys/types.h>
2881 [ u_char foo; foo = 125; ],
2882 [ ac_cv_have_u_char="yes" ],
2883 [ ac_cv_have_u_char="no" ]
2886 if test "x$ac_cv_have_u_char" = "xyes" ; then
2887 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2892 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2893 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2894 #include <sys/types.h>
2895 #ifdef HAVE_SYS_BITYPES_H
2896 #include <sys/bitypes.h>
2898 #ifdef HAVE_SYS_STATFS_H
2899 #include <sys/statfs.h>
2901 #ifdef HAVE_SYS_STATVFS_H
2902 #include <sys/statvfs.h>
2906 AC_CHECK_TYPES(in_addr_t,,,
2907 [#include <sys/types.h>
2908 #include <netinet/in.h>])
2910 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2913 #include <sys/types.h>
2915 [ size_t foo; foo = 1235; ],
2916 [ ac_cv_have_size_t="yes" ],
2917 [ ac_cv_have_size_t="no" ]
2920 if test "x$ac_cv_have_size_t" = "xyes" ; then
2921 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2924 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2927 #include <sys/types.h>
2929 [ ssize_t foo; foo = 1235; ],
2930 [ ac_cv_have_ssize_t="yes" ],
2931 [ ac_cv_have_ssize_t="no" ]
2934 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2935 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2938 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2943 [ clock_t foo; foo = 1235; ],
2944 [ ac_cv_have_clock_t="yes" ],
2945 [ ac_cv_have_clock_t="no" ]
2948 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2949 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2952 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2955 #include <sys/types.h>
2956 #include <sys/socket.h>
2958 [ sa_family_t foo; foo = 1235; ],
2959 [ ac_cv_have_sa_family_t="yes" ],
2962 #include <sys/types.h>
2963 #include <sys/socket.h>
2964 #include <netinet/in.h>
2966 [ sa_family_t foo; foo = 1235; ],
2967 [ ac_cv_have_sa_family_t="yes" ],
2969 [ ac_cv_have_sa_family_t="no" ]
2973 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2974 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2975 [define if you have sa_family_t data type])
2978 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2981 #include <sys/types.h>
2983 [ pid_t foo; foo = 1235; ],
2984 [ ac_cv_have_pid_t="yes" ],
2985 [ ac_cv_have_pid_t="no" ]
2988 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2989 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2992 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2995 #include <sys/types.h>
2997 [ mode_t foo; foo = 1235; ],
2998 [ ac_cv_have_mode_t="yes" ],
2999 [ ac_cv_have_mode_t="no" ]
3002 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3003 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
3007 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3010 #include <sys/types.h>
3011 #include <sys/socket.h>
3013 [ struct sockaddr_storage s; ],
3014 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3015 [ ac_cv_have_struct_sockaddr_storage="no" ]
3018 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3019 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
3020 [define if you have struct sockaddr_storage data type])
3023 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3026 #include <sys/types.h>
3027 #include <netinet/in.h>
3029 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
3030 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3031 [ ac_cv_have_struct_sockaddr_in6="no" ]
3034 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3035 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
3036 [define if you have struct sockaddr_in6 data type])
3039 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3042 #include <sys/types.h>
3043 #include <netinet/in.h>
3045 [ struct in6_addr s; s.s6_addr[0] = 0; ],
3046 [ ac_cv_have_struct_in6_addr="yes" ],
3047 [ ac_cv_have_struct_in6_addr="no" ]
3050 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3051 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
3052 [define if you have struct in6_addr data type])
3055 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3058 #include <sys/types.h>
3059 #include <sys/socket.h>
3062 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
3063 [ ac_cv_have_struct_addrinfo="yes" ],
3064 [ ac_cv_have_struct_addrinfo="no" ]
3067 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3068 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
3069 [define if you have struct addrinfo data type])
3072 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3074 [ #include <sys/time.h> ],
3075 [ struct timeval tv; tv.tv_sec = 1;],
3076 [ ac_cv_have_struct_timeval="yes" ],
3077 [ ac_cv_have_struct_timeval="no" ]
3080 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3081 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3082 have_struct_timeval=1
3085 AC_CHECK_TYPES(struct timespec)
3087 # We need int64_t or else certian parts of the compile will fail.
3088 if test "x$ac_cv_have_int64_t" = "xno" && \
3089 test "x$ac_cv_sizeof_long_int" != "x8" && \
3090 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3091 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3092 echo "an alternative compiler (I.E., GCC) before continuing."
3096 dnl test snprintf (broken on SCO w/gcc)
3101 #ifdef HAVE_SNPRINTF
3105 char expected_out[50];
3107 #if (SIZEOF_LONG_INT == 8)
3108 long int num = 0x7fffffffffffffff;
3110 long long num = 0x7fffffffffffffffll;
3112 strcpy(expected_out, "9223372036854775807");
3113 snprintf(buf, mazsize, "%lld", num);
3114 if(strcmp(buf, expected_out) != 0)
3121 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3122 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3126 dnl Checks for structure members
3127 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3128 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3129 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3130 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3131 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3132 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3133 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3134 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3135 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3136 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3137 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3138 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3139 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3140 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3141 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3142 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3143 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3145 AC_CHECK_MEMBERS([struct stat.st_blksize])
3146 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3147 [Define if we don't have struct __res_state in resolv.h])],
3150 #if HAVE_SYS_TYPES_H
3151 # include <sys/types.h>
3153 #include <netinet/in.h>
3154 #include <arpa/nameser.h>
3158 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3159 ac_cv_have_ss_family_in_struct_ss, [
3162 #include <sys/types.h>
3163 #include <sys/socket.h>
3165 [ struct sockaddr_storage s; s.ss_family = 1; ],
3166 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3167 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3170 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3171 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3174 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3175 ac_cv_have___ss_family_in_struct_ss, [
3178 #include <sys/types.h>
3179 #include <sys/socket.h>
3181 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3182 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3183 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3186 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3187 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3188 [Fields in struct sockaddr_storage])
3191 AC_CACHE_CHECK([for pw_class field in struct passwd],
3192 ac_cv_have_pw_class_in_struct_passwd, [
3197 [ struct passwd p; p.pw_class = 0; ],
3198 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3199 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3202 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3203 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3204 [Define if your password has a pw_class field])
3207 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3208 ac_cv_have_pw_expire_in_struct_passwd, [
3213 [ struct passwd p; p.pw_expire = 0; ],
3214 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3215 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3218 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3219 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3220 [Define if your password has a pw_expire field])
3223 AC_CACHE_CHECK([for pw_change field in struct passwd],
3224 ac_cv_have_pw_change_in_struct_passwd, [
3229 [ struct passwd p; p.pw_change = 0; ],
3230 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3231 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3234 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3235 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3236 [Define if your password has a pw_change field])
3239 dnl make sure we're using the real structure members and not defines
3240 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3241 ac_cv_have_accrights_in_msghdr, [
3244 #include <sys/types.h>
3245 #include <sys/socket.h>
3246 #include <sys/uio.h>
3248 #ifdef msg_accrights
3249 #error "msg_accrights is a macro"
3253 m.msg_accrights = 0;
3257 [ ac_cv_have_accrights_in_msghdr="yes" ],
3258 [ ac_cv_have_accrights_in_msghdr="no" ]
3261 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3262 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3263 [Define if your system uses access rights style
3264 file descriptor passing])
3267 AC_MSG_CHECKING(if f_fsid has val members)
3269 #include <sys/types.h>
3270 #include <sys/statvfs.h>],
3271 [struct fsid_t t; t.val[0] = 0;],
3272 [ AC_MSG_RESULT(yes)
3273 AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
3274 [ AC_MSG_RESULT(no) ]
3277 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3278 ac_cv_have_control_in_msghdr, [
3281 #include <sys/types.h>
3282 #include <sys/socket.h>
3283 #include <sys/uio.h>
3286 #error "msg_control is a macro"
3294 [ ac_cv_have_control_in_msghdr="yes" ],
3295 [ ac_cv_have_control_in_msghdr="no" ]
3298 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3299 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3300 [Define if your system uses ancillary data style
3301 file descriptor passing])
3304 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3306 [ extern char *__progname; printf("%s", __progname); ],
3307 [ ac_cv_libc_defines___progname="yes" ],
3308 [ ac_cv_libc_defines___progname="no" ]
3311 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3312 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3315 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3319 [ printf("%s", __FUNCTION__); ],
3320 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3321 [ ac_cv_cc_implements___FUNCTION__="no" ]
3324 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3325 AC_DEFINE(HAVE___FUNCTION__, 1,
3326 [Define if compiler implements __FUNCTION__])
3329 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3333 [ printf("%s", __func__); ],
3334 [ ac_cv_cc_implements___func__="yes" ],
3335 [ ac_cv_cc_implements___func__="no" ]
3338 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3339 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3342 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3344 [#include <stdarg.h>
3347 [ ac_cv_have_va_copy="yes" ],
3348 [ ac_cv_have_va_copy="no" ]
3351 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3352 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3355 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3357 [#include <stdarg.h>
3360 [ ac_cv_have___va_copy="yes" ],
3361 [ ac_cv_have___va_copy="no" ]
3364 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3365 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3368 AC_CACHE_CHECK([whether getopt has optreset support],
3369 ac_cv_have_getopt_optreset, [
3374 [ extern int optreset; optreset = 0; ],
3375 [ ac_cv_have_getopt_optreset="yes" ],
3376 [ ac_cv_have_getopt_optreset="no" ]
3379 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3380 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3381 [Define if your getopt(3) defines and uses optreset])
3384 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3386 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3387 [ ac_cv_libc_defines_sys_errlist="yes" ],
3388 [ ac_cv_libc_defines_sys_errlist="no" ]
3391 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3392 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3393 [Define if your system defines sys_errlist[]])
3397 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3399 [ extern int sys_nerr; printf("%i", sys_nerr);],
3400 [ ac_cv_libc_defines_sys_nerr="yes" ],
3401 [ ac_cv_libc_defines_sys_nerr="no" ]
3404 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3405 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3409 # Check whether user wants sectok support
3411 [ --with-sectok Enable smartcard support using libsectok],
3413 if test "x$withval" != "xno" ; then
3414 if test "x$withval" != "xyes" ; then
3415 CPPFLAGS="$CPPFLAGS -I${withval}"
3416 LDFLAGS="$LDFLAGS -L${withval}"
3417 if test ! -z "$need_dash_r" ; then
3418 LDFLAGS="$LDFLAGS -R${withval}"
3420 if test ! -z "$blibpath" ; then
3421 blibpath="$blibpath:${withval}"
3424 AC_CHECK_HEADERS(sectok.h)
3425 if test "$ac_cv_header_sectok_h" != yes; then
3426 AC_MSG_ERROR(Can't find sectok.h)
3428 AC_CHECK_LIB(sectok, sectok_open)
3429 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3430 AC_MSG_ERROR(Can't find libsectok)
3432 AC_DEFINE(SMARTCARD, 1,
3433 [Define if you want smartcard support])
3434 AC_DEFINE(USE_SECTOK, 1,
3435 [Define if you want smartcard support
3437 SCARD_MSG="yes, using sectok"
3442 # Check whether user wants OpenSC support
3445 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3447 if test "x$withval" != "xno" ; then
3448 if test "x$withval" != "xyes" ; then
3449 OPENSC_CONFIG=$withval/bin/opensc-config
3451 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3453 if test "$OPENSC_CONFIG" != "no"; then
3454 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3455 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3456 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3457 LIBS="$LIBS $LIBOPENSC_LIBS"
3458 AC_DEFINE(SMARTCARD)
3459 AC_DEFINE(USE_OPENSC, 1,
3460 [Define if you want smartcard support
3462 SCARD_MSG="yes, using OpenSC"
3468 # Check libraries needed by DNS fingerprint support
3469 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3470 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3471 [Define if getrrsetbyname() exists])],
3473 # Needed by our getrrsetbyname()
3474 AC_SEARCH_LIBS(res_query, resolv)
3475 AC_SEARCH_LIBS(dn_expand, resolv)
3476 AC_MSG_CHECKING(if res_query will link)
3477 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3480 LIBS="$LIBS -lresolv"
3481 AC_MSG_CHECKING(for res_query in -lresolv)
3486 res_query (0, 0, 0, 0, 0);
3490 [LIBS="$LIBS -lresolv"
3491 AC_MSG_RESULT(yes)],
3495 AC_CHECK_FUNCS(_getshort _getlong)
3496 AC_CHECK_DECLS([_getshort, _getlong], , ,
3497 [#include <sys/types.h>
3498 #include <arpa/nameser.h>])
3499 AC_CHECK_MEMBER(HEADER.ad,
3500 [AC_DEFINE(HAVE_HEADER_AD, 1,
3501 [Define if HEADER.ad exists in arpa/nameser.h])],,
3502 [#include <arpa/nameser.h>])
3505 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3508 #if HAVE_SYS_TYPES_H
3509 # include <sys/types.h>
3511 #include <netinet/in.h>
3512 #include <arpa/nameser.h>
3514 extern struct __res_state _res;
3515 int main() { return 0; }
3518 AC_DEFINE(HAVE__RES_EXTERN, 1,
3519 [Define if you have struct __res_state _res as an extern])
3521 [ AC_MSG_RESULT(no) ]
3524 # Check whether user wants SELinux support
3527 AC_ARG_WITH(selinux,
3528 [ --with-selinux Enable SELinux support],
3529 [ if test "x$withval" != "xno" ; then
3531 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3533 AC_CHECK_HEADER([selinux/selinux.h], ,
3534 AC_MSG_ERROR(SELinux support requires selinux.h header))
3535 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3536 AC_MSG_ERROR(SELinux support requires libselinux library))
3537 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3538 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3543 # Check whether user wants Kerberos 5 support
3545 AC_ARG_WITH(kerberos5,
3546 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3547 [ if test "x$withval" != "xno" ; then
3548 if test "x$withval" = "xyes" ; then
3549 KRB5ROOT="/usr/local"
3554 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3557 AC_MSG_CHECKING(for krb5-config)
3558 if test -x $KRB5ROOT/bin/krb5-config ; then
3559 KRB5CONF=$KRB5ROOT/bin/krb5-config
3560 AC_MSG_RESULT($KRB5CONF)
3562 AC_MSG_CHECKING(for gssapi support)
3563 if $KRB5CONF | grep gssapi >/dev/null ; then
3565 AC_DEFINE(GSSAPI, 1,
3566 [Define this if you want GSSAPI
3567 support in the version 2 protocol])
3573 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3574 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3575 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3576 AC_MSG_CHECKING(whether we are using Heimdal)
3577 AC_TRY_COMPILE([ #include <krb5.h> ],
3578 [ char *tmp = heimdal_version; ],
3579 [ AC_MSG_RESULT(yes)
3580 AC_DEFINE(HEIMDAL, 1,
3581 [Define this if you are using the
3582 Heimdal version of Kerberos V5]) ],
3587 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3588 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3589 AC_MSG_CHECKING(whether we are using Heimdal)
3590 AC_TRY_COMPILE([ #include <krb5.h> ],
3591 [ char *tmp = heimdal_version; ],
3592 [ AC_MSG_RESULT(yes)
3594 K5LIBS="-lkrb5 -ldes"
3595 K5LIBS="$K5LIBS -lcom_err -lasn1"
3596 AC_CHECK_LIB(roken, net_write,
3597 [K5LIBS="$K5LIBS -lroken"])
3600 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3603 AC_SEARCH_LIBS(dn_expand, resolv)
3605 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3607 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3608 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3610 K5LIBS="-lgssapi $K5LIBS" ],
3611 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3616 AC_CHECK_HEADER(gssapi.h, ,
3617 [ unset ac_cv_header_gssapi_h
3618 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3619 AC_CHECK_HEADERS(gssapi.h, ,
3620 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3626 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3627 AC_CHECK_HEADER(gssapi_krb5.h, ,
3628 [ CPPFLAGS="$oldCPP" ])
3630 # If we're using some other GSSAPI
3631 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3632 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3635 if test -z "$GSSAPI"; then
3640 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3641 AC_CHECK_HEADER(gssapi_krb5.h, ,
3642 [ CPPFLAGS="$oldCPP" ])
3645 if test ! -z "$need_dash_r" ; then
3646 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3648 if test ! -z "$blibpath" ; then
3649 blibpath="$blibpath:${KRB5ROOT}/lib"
3652 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3653 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3654 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3656 LIBS="$LIBS $K5LIBS"
3657 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3658 [Define this if you want to use libkafs' AFS support]))
3663 # Check whether user wants AFS_KRB5 support
3665 AC_ARG_WITH(afs-krb5,
3666 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3668 if test "x$withval" != "xno" ; then
3670 if test "x$withval" != "xyes" ; then
3671 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3672 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3674 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3676 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3679 if test -z "$KRB5ROOT" ; then
3680 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3683 LIBS="-lkrbafs -lkrb4 $LIBS"
3684 if test ! -z "$AFS_LIBS" ; then
3685 LIBS="$LIBS $AFS_LIBS"
3687 AC_DEFINE(AFS_KRB5, 1,
3688 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3694 AC_ARG_WITH(session-hooks,
3695 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3696 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3699 # Looking for programs, paths and files
3701 PRIVSEP_PATH=/var/empty
3702 AC_ARG_WITH(privsep-path,
3703 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3705 if test -n "$withval" && test "x$withval" != "xno" && \
3706 test "x${withval}" != "xyes"; then
3707 PRIVSEP_PATH=$withval
3711 AC_SUBST(PRIVSEP_PATH)
3714 [ --with-xauth=PATH Specify path to xauth program ],
3716 if test -n "$withval" && test "x$withval" != "xno" && \
3717 test "x${withval}" != "xyes"; then
3723 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3724 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3725 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3726 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3727 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3728 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3729 xauth_path="/usr/openwin/bin/xauth"
3734 # strip causes problems with GSI libraries...
3735 if test -z "$GSI_LIBS" ; then
3738 AC_ARG_ENABLE(strip,
3739 [ --disable-strip Disable calling strip(1) on install],
3741 if test "x$enableval" = "xno" ; then
3748 if test -z "$xauth_path" ; then
3749 XAUTH_PATH="undefined"
3750 AC_SUBST(XAUTH_PATH)
3752 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3753 [Define if xauth is found in your path])
3754 XAUTH_PATH=$xauth_path
3755 AC_SUBST(XAUTH_PATH)
3758 # Check for mail directory (last resort if we cannot get it from headers)
3759 if test ! -z "$MAIL" ; then
3760 maildir=`dirname $MAIL`
3761 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3762 [Set this to your mail directory if you don't have maillock.h])
3765 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3766 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3767 disable_ptmx_check=yes
3769 if test -z "$no_dev_ptmx" ; then
3770 if test "x$disable_ptmx_check" != "xyes" ; then
3771 AC_CHECK_FILE("/dev/ptmx",
3773 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3774 [Define if you have /dev/ptmx])
3781 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3782 AC_CHECK_FILE("/dev/ptc",
3784 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3785 [Define if you have /dev/ptc])
3790 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3793 # Options from here on. Some of these are preset by platform above
3794 AC_ARG_WITH(mantype,
3795 [ --with-mantype=man|cat|doc Set man page type],
3802 AC_MSG_ERROR(invalid man type: $withval)
3807 if test -z "$MANTYPE"; then
3808 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3809 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3810 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3812 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3819 if test "$MANTYPE" = "doc"; then
3826 # Check whether to enable MD5 passwords
3828 AC_ARG_WITH(md5-passwords,
3829 [ --with-md5-passwords Enable use of MD5 passwords],
3831 if test "x$withval" != "xno" ; then
3832 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3833 [Define if you want to allow MD5 passwords])
3839 # Whether to disable shadow password support
3841 [ --without-shadow Disable shadow password support],
3843 if test "x$withval" = "xno" ; then
3844 AC_DEFINE(DISABLE_SHADOW)
3850 if test -z "$disable_shadow" ; then
3851 AC_MSG_CHECKING([if the systems has expire shadow information])
3854 #include <sys/types.h>
3857 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3858 [ sp_expire_available=yes ], []
3861 if test "x$sp_expire_available" = "xyes" ; then
3863 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3864 [Define if you want to use shadow password expire field])
3870 # Use ip address instead of hostname in $DISPLAY
3871 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3872 DISPLAY_HACK_MSG="yes"
3873 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3874 [Define if you need to use IP address
3875 instead of hostname in $DISPLAY])
3877 DISPLAY_HACK_MSG="no"
3878 AC_ARG_WITH(ipaddr-display,
3879 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3881 if test "x$withval" != "xno" ; then
3882 AC_DEFINE(IPADDR_IN_DISPLAY)
3883 DISPLAY_HACK_MSG="yes"
3889 # check for /etc/default/login and use it if present.
3890 AC_ARG_ENABLE(etc-default-login,
3891 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3892 [ if test "x$enableval" = "xno"; then
3893 AC_MSG_NOTICE([/etc/default/login handling disabled])
3894 etc_default_login=no
3896 etc_default_login=yes
3898 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3900 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3901 etc_default_login=no
3903 etc_default_login=yes
3907 if test "x$etc_default_login" != "xno"; then
3908 AC_CHECK_FILE("/etc/default/login",
3909 [ external_path_file=/etc/default/login ])
3910 if test "x$external_path_file" = "x/etc/default/login"; then
3911 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3912 [Define if your system has /etc/default/login])
3916 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3917 if test $ac_cv_func_login_getcapbool = "yes" && \
3918 test $ac_cv_header_login_cap_h = "yes" ; then
3919 external_path_file=/etc/login.conf
3922 # Whether to mess with the default path
3923 SERVER_PATH_MSG="(default)"
3924 AC_ARG_WITH(default-path,
3925 [ --with-default-path= Specify default \$PATH environment for server],
3927 if test "x$external_path_file" = "x/etc/login.conf" ; then
3929 --with-default-path=PATH has no effect on this system.
3930 Edit /etc/login.conf instead.])
3931 elif test "x$withval" != "xno" ; then
3932 if test ! -z "$external_path_file" ; then
3934 --with-default-path=PATH will only be used if PATH is not defined in
3935 $external_path_file .])
3937 user_path="$withval"
3938 SERVER_PATH_MSG="$withval"
3941 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3942 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3944 if test ! -z "$external_path_file" ; then
3946 If PATH is defined in $external_path_file, ensure the path to scp is included,
3947 otherwise scp will not work.])
3951 /* find out what STDPATH is */
3956 #ifndef _PATH_STDPATH
3957 # ifdef _PATH_USERPATH /* Irix */
3958 # define _PATH_STDPATH _PATH_USERPATH
3960 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3963 #include <sys/types.h>
3964 #include <sys/stat.h>
3966 #define DATA "conftest.stdpath"
3973 fd = fopen(DATA,"w");
3977 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3983 [ user_path=`cat conftest.stdpath` ],
3984 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3985 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3989 if test "x$external_path_file" != "x/etc/login.conf" ; then
3990 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3994 # Set superuser path separately to user path
3995 AC_ARG_WITH(superuser-path,
3996 [ --with-superuser-path= Specify different path for super-user],
3998 if test -n "$withval" && test "x$withval" != "xno" && \
3999 test "x${withval}" != "xyes"; then
4000 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
4001 [Define if you want a different $PATH
4003 superuser_path=$withval
4009 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4010 IPV4_IN6_HACK_MSG="no"
4012 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4014 if test "x$withval" != "xno" ; then
4016 AC_DEFINE(IPV4_IN_IPV6, 1,
4017 [Detect IPv4 in IPv6 mapped addresses
4019 IPV4_IN6_HACK_MSG="yes"
4024 if test "x$inet6_default_4in6" = "xyes"; then
4025 AC_MSG_RESULT([yes (default)])
4026 AC_DEFINE(IPV4_IN_IPV6)
4027 IPV4_IN6_HACK_MSG="yes"
4029 AC_MSG_RESULT([no (default)])
4034 # Whether to enable BSD auth support
4036 AC_ARG_WITH(bsd-auth,
4037 [ --with-bsd-auth Enable BSD auth support],
4039 if test "x$withval" != "xno" ; then
4040 AC_DEFINE(BSD_AUTH, 1,
4041 [Define if you have BSD auth support])
4047 # Where to place sshd.pid
4049 # make sure the directory exists
4050 if test ! -d $piddir ; then
4051 piddir=`eval echo ${sysconfdir}`
4053 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4057 AC_ARG_WITH(pid-dir,
4058 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4060 if test -n "$withval" && test "x$withval" != "xno" && \
4061 test "x${withval}" != "xyes"; then
4063 if test ! -d $piddir ; then
4064 AC_MSG_WARN([** no $piddir directory on this system **])
4070 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
4073 dnl allow user to disable some login recording features
4074 AC_ARG_ENABLE(lastlog,
4075 [ --disable-lastlog disable use of lastlog even if detected [no]],
4077 if test "x$enableval" = "xno" ; then
4078 AC_DEFINE(DISABLE_LASTLOG)
4083 [ --disable-utmp disable use of utmp even if detected [no]],
4085 if test "x$enableval" = "xno" ; then
4086 AC_DEFINE(DISABLE_UTMP)
4090 AC_ARG_ENABLE(utmpx,
4091 [ --disable-utmpx disable use of utmpx even if detected [no]],
4093 if test "x$enableval" = "xno" ; then
4094 AC_DEFINE(DISABLE_UTMPX, 1,
4095 [Define if you don't want to use utmpx])
4100 [ --disable-wtmp disable use of wtmp even if detected [no]],
4102 if test "x$enableval" = "xno" ; then
4103 AC_DEFINE(DISABLE_WTMP)
4107 AC_ARG_ENABLE(wtmpx,
4108 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4110 if test "x$enableval" = "xno" ; then
4111 AC_DEFINE(DISABLE_WTMPX, 1,
4112 [Define if you don't want to use wtmpx])
4116 AC_ARG_ENABLE(libutil,
4117 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4119 if test "x$enableval" = "xno" ; then
4120 AC_DEFINE(DISABLE_LOGIN)
4124 AC_ARG_ENABLE(pututline,
4125 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4127 if test "x$enableval" = "xno" ; then
4128 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4129 [Define if you don't want to use pututline()
4130 etc. to write [uw]tmp])
4134 AC_ARG_ENABLE(pututxline,
4135 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4137 if test "x$enableval" = "xno" ; then
4138 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4139 [Define if you don't want to use pututxline()
4140 etc. to write [uw]tmpx])
4144 AC_ARG_WITH(lastlog,
4145 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4147 if test "x$withval" = "xno" ; then
4148 AC_DEFINE(DISABLE_LASTLOG)
4149 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4150 conf_lastlog_location=$withval
4155 dnl lastlog, [uw]tmpx? detection
4156 dnl NOTE: set the paths in the platform section to avoid the
4157 dnl need for command-line parameters
4158 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4160 dnl lastlog detection
4161 dnl NOTE: the code itself will detect if lastlog is a directory
4162 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4164 #include <sys/types.h>
4166 #ifdef HAVE_LASTLOG_H
4167 # include <lastlog.h>
4176 [ char *lastlog = LASTLOG_FILE; ],
4177 [ AC_MSG_RESULT(yes) ],
4180 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4182 #include <sys/types.h>
4184 #ifdef HAVE_LASTLOG_H
4185 # include <lastlog.h>
4191 [ char *lastlog = _PATH_LASTLOG; ],
4192 [ AC_MSG_RESULT(yes) ],
4195 system_lastlog_path=no
4200 if test -z "$conf_lastlog_location"; then
4201 if test x"$system_lastlog_path" = x"no" ; then
4202 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4203 if (test -d "$f" || test -f "$f") ; then
4204 conf_lastlog_location=$f
4207 if test -z "$conf_lastlog_location"; then
4208 AC_MSG_WARN([** Cannot find lastlog **])
4209 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4214 if test -n "$conf_lastlog_location"; then
4215 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4216 [Define if you want to specify the path to your lastlog file])
4220 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4222 #include <sys/types.h>
4228 [ char *utmp = UTMP_FILE; ],
4229 [ AC_MSG_RESULT(yes) ],
4231 system_utmp_path=no ]
4233 if test -z "$conf_utmp_location"; then
4234 if test x"$system_utmp_path" = x"no" ; then
4235 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4236 if test -f $f ; then
4237 conf_utmp_location=$f
4240 if test -z "$conf_utmp_location"; then
4241 AC_DEFINE(DISABLE_UTMP)
4245 if test -n "$conf_utmp_location"; then
4246 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4247 [Define if you want to specify the path to your utmp file])
4251 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4253 #include <sys/types.h>
4259 [ char *wtmp = WTMP_FILE; ],
4260 [ AC_MSG_RESULT(yes) ],
4262 system_wtmp_path=no ]
4264 if test -z "$conf_wtmp_location"; then
4265 if test x"$system_wtmp_path" = x"no" ; then
4266 for f in /usr/adm/wtmp /var/log/wtmp; do
4267 if test -f $f ; then
4268 conf_wtmp_location=$f
4271 if test -z "$conf_wtmp_location"; then
4272 AC_DEFINE(DISABLE_WTMP)
4276 if test -n "$conf_wtmp_location"; then
4277 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4278 [Define if you want to specify the path to your wtmp file])
4282 dnl utmpx detection - I don't know any system so perverse as to require
4283 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4285 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4287 #include <sys/types.h>
4296 [ char *utmpx = UTMPX_FILE; ],
4297 [ AC_MSG_RESULT(yes) ],
4299 system_utmpx_path=no ]
4301 if test -z "$conf_utmpx_location"; then
4302 if test x"$system_utmpx_path" = x"no" ; then
4303 AC_DEFINE(DISABLE_UTMPX)
4306 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4307 [Define if you want to specify the path to your utmpx file])
4311 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4313 #include <sys/types.h>
4322 [ char *wtmpx = WTMPX_FILE; ],
4323 [ AC_MSG_RESULT(yes) ],
4325 system_wtmpx_path=no ]
4327 if test -z "$conf_wtmpx_location"; then
4328 if test x"$system_wtmpx_path" = x"no" ; then
4329 AC_DEFINE(DISABLE_WTMPX)
4332 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4333 [Define if you want to specify the path to your wtmpx file])
4337 if test ! -z "$blibpath" ; then
4338 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4339 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4342 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4344 CFLAGS="$CFLAGS $werror_flags"
4346 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4347 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4348 AC_SUBST(TEST_SSH_IPV6, no)
4350 AC_SUBST(TEST_SSH_IPV6, yes)
4354 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4355 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4356 scard/Makefile ssh_prng_cmds survey.sh])
4359 # Print summary of options
4361 # Someone please show me a better way :)
4362 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4363 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4364 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4365 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4366 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4367 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4368 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4369 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4370 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4373 echo "OpenSSH has been configured with the following options:"
4374 echo " User binaries: $B"
4375 echo " System binaries: $C"
4376 echo " Configuration files: $D"
4377 echo " Askpass program: $E"
4378 echo " Manual pages: $F"
4379 echo " Privilege separation chroot path: $H"
4380 if test "x$external_path_file" = "x/etc/login.conf" ; then
4381 echo " At runtime, sshd will use the path defined in $external_path_file"
4382 echo " Make sure the path to scp is present, otherwise scp will not work"
4384 echo " sshd default user PATH: $I"
4385 if test ! -z "$external_path_file"; then
4386 echo " (If PATH is set in $external_path_file it will be used instead. If"
4387 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4390 if test ! -z "$superuser_path" ; then
4391 echo " sshd superuser user PATH: $J"
4393 echo " Manpage format: $MANTYPE"
4394 echo " PAM support: $PAM_MSG"
4395 echo " OSF SIA support: $SIA_MSG"
4396 echo " KerberosV support: $KRB5_MSG"
4397 echo " SELinux support: $SELINUX_MSG"
4398 echo " Smartcard support: $SCARD_MSG"
4399 echo " S/KEY support: $SKEY_MSG"
4400 echo " TCP Wrappers support: $TCPW_MSG"
4401 echo " MD5 password support: $MD5_MSG"
4402 echo " libedit support: $LIBEDIT_MSG"
4403 echo " Solaris process contract support: $SPC_MSG"
4404 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4405 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4406 echo " BSD Auth support: $BSD_AUTH_MSG"
4407 echo " Random number source: $RAND_MSG"
4408 if test ! -z "$USE_RAND_HELPER" ; then
4409 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4414 echo " Host: ${host}"
4415 echo " Compiler: ${CC}"
4416 echo " Compiler flags: ${CFLAGS}"
4417 echo "Preprocessor flags: ${CPPFLAGS}"
4418 echo " Linker flags: ${LDFLAGS}"
4419 echo " Libraries: ${LIBS}"
4420 if test ! -z "${SSHDLIBS}"; then
4421 echo " +for sshd: ${SSHDLIBS}"
4426 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4427 echo "SVR4 style packages are supported with \"make package\""
4431 if test "x$PAM_MSG" = "xyes" ; then
4432 echo "PAM is enabled. You may need to install a PAM control file "
4433 echo "for sshd, otherwise password authentication may fail. "
4434 echo "Example PAM control files can be found in the contrib/ "
4439 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4440 echo "WARNING: you are using the builtin random number collection "
4441 echo "service. Please read WARNING.RNG and request that your OS "
4442 echo "vendor includes kernel-based random number collection in "
4443 echo "future versions of your OS."
4447 if test ! -z "$NO_PEERCHECK" ; then
4448 echo "WARNING: the operating system that you are using does not"
4449 echo "appear to support getpeereid(), getpeerucred() or the"
4450 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4451 echo "enforce security checks to prevent unauthorised connections to"
4452 echo "ssh-agent. Their absence increases the risk that a malicious"
4453 echo "user can connect to your agent."
4457 if test "$AUDIT_MODULE" = "bsm" ; then
4458 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4459 echo "See the Solaris section in README.platform for details."