3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
23 # Handle Globus configuration right away, because the Globus flavor
24 # determines our compiler options.
26 # Check whether the user wants GSI (Globus) support
29 [ --with-gsi Enable Globus GSI authentication support],
36 [ --with-globus Enable Globus GSI authentication support],
42 AC_ARG_WITH(globus-static,
43 [ --with-globus-static Link statically with Globus GSI libraries],
46 if test "x$gsi_path" = "xno" ; then
52 # Check whether the user has a Globus flavor type
53 globus_flavor_type="no"
54 AC_ARG_WITH(globus-flavor,
55 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
57 globus_flavor_type="$withval"
58 if test "x$gsi_path" = "xno" ; then
64 if test "x$gsi_path" != "xno" ; then
65 # Globus GSSAPI configuration
66 AC_MSG_CHECKING(for Globus GSI)
67 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
69 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
70 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
72 if test -z "$GSSAPI"; then
77 if test "x$gsi_path" = "xyes" ; then
78 if test -z "$GLOBUS_LOCATION" ; then
79 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
81 gsi_path="$GLOBUS_LOCATION"
84 GLOBUS_LOCATION="$gsi_path"
85 export GLOBUS_LOCATION
86 if test ! -d "$GLOBUS_LOCATION" ; then
87 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
90 if test "x$globus_flavor_type" = "xno" ; then
91 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
93 if test "x$globus_flavor_type" = "xyes" ; then
94 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
97 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
98 if test ! -d "$GLOBUS_INCLUDE" ; then
99 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
102 if test -x ${gsi_path}/bin/globus-makefile-header ; then
103 ${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
104 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
105 ${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
107 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
110 if test -z "$GLOBUS_PKG_LIBS" ; then
111 AC_MSG_ERROR(globus-makefile-header failed)
114 AC_MSG_RESULT($GLOBUS_LOCATION)
115 AC_DEFINE(HAVE_GSSAPI_H)
118 CFLAGS="$GLOBUS_CFLAGS"
120 CPPFLAGS="$GLOBUS_CPPFLAGS $GLOBUS_INCLUDES"
121 LIBS="$LIBS $GLOBUS_LIBS $GLOBUS_PKG_LIBS"
123 LDFLAGS="$LDFLAGS $GLOBUS_LDFLAGS"
125 # test that we got the libraries OK
131 AC_MSG_ERROR(link with Globus libraries failed)
134 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
139 AC_SUBST(INSTALL_GSISSH)
140 # End Globus/GSI section
146 # Checks for programs.
153 AC_PATH_PROG(CAT, cat)
154 AC_PATH_PROG(KILL, kill)
155 AC_PATH_PROGS(PERL, perl5 perl)
156 AC_PATH_PROG(SED, sed)
158 AC_PATH_PROG(ENT, ent)
160 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
161 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
162 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
164 AC_SUBST(TEST_SHELL,sh)
167 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
168 [/usr/sbin${PATH_SEPARATOR}/etc])
169 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
170 [/usr/sbin${PATH_SEPARATOR}/etc])
171 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
172 if test -x /sbin/sh; then
173 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
175 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
181 if test -z "$AR" ; then
182 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
185 # Use LOGIN_PROGRAM from environment if possible
186 if test ! -z "$LOGIN_PROGRAM" ; then
187 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
188 [If your header files don't define LOGIN_PROGRAM,
189 then use this (detected) from environment and PATH])
192 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
193 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
194 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
198 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
199 if test ! -z "$PATH_PASSWD_PROG" ; then
200 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
201 [Full path of your "passwd" program])
204 if test -z "$LD" ; then
211 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
213 use_stack_protector=1
214 AC_ARG_WITH(stackprotect,
215 [ --without-stackprotect Don't use compiler's stack protection], [
216 if test "x$withval" = "xno"; then
217 use_stack_protector=0
220 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
221 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
222 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
224 1.*) no_attrib_nonnull=1 ;;
226 CFLAGS="$CFLAGS -Wsign-compare"
229 2.*) no_attrib_nonnull=1 ;;
230 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
231 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
235 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
236 saved_CFLAGS="$CFLAGS"
237 CFLAGS="$CFLAGS -fno-builtin-memset"
238 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
240 int main(void){char b[10]; memset(b, 0, sizeof(b));}
242 [ AC_MSG_RESULT(yes) ],
244 CFLAGS="$saved_CFLAGS" ]
247 # -fstack-protector-all doesn't always work for some GCC versions
248 # and/or platforms, so we test if we can. If it's not supported
249 # on a give platform gcc will emit a warning so we use -Werror.
250 if test "x$use_stack_protector" = "x1"; then
251 for t in -fstack-protector-all -fstack-protector; do
252 AC_MSG_CHECKING(if $CC supports $t)
253 saved_CFLAGS="$CFLAGS"
254 saved_LDFLAGS="$LDFLAGS"
255 CFLAGS="$CFLAGS $t -Werror"
256 LDFLAGS="$LDFLAGS $t -Werror"
260 int main(void){return 0;}
263 CFLAGS="$saved_CFLAGS $t"
264 LDFLAGS="$saved_LDFLAGS $t"
265 AC_MSG_CHECKING(if $t works)
269 int main(void){exit(0);}
273 [ AC_MSG_RESULT(no) ],
274 [ AC_MSG_WARN([cross compiling: cannot test])
278 [ AC_MSG_RESULT(no) ]
280 CFLAGS="$saved_CFLAGS"
281 LDFLAGS="$saved_LDFLAGS"
285 if test -z "$have_llong_max"; then
286 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
287 unset ac_cv_have_decl_LLONG_MAX
288 saved_CFLAGS="$CFLAGS"
289 CFLAGS="$CFLAGS -std=gnu99"
290 AC_CHECK_DECL(LLONG_MAX,
292 [CFLAGS="$saved_CFLAGS"],
293 [#include <limits.h>]
298 if test "x$no_attrib_nonnull" != "x1" ; then
299 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
303 [ --without-rpath Disable auto-added -R linker paths],
305 if test "x$withval" = "xno" ; then
308 if test "x$withval" = "xyes" ; then
314 # Allow user to specify flags
316 [ --with-cflags Specify additional flags to pass to compiler],
318 if test -n "$withval" && test "x$withval" != "xno" && \
319 test "x${withval}" != "xyes"; then
320 CFLAGS="$CFLAGS $withval"
324 AC_ARG_WITH(cppflags,
325 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
327 if test -n "$withval" && test "x$withval" != "xno" && \
328 test "x${withval}" != "xyes"; then
329 CPPFLAGS="$CPPFLAGS $withval"
334 [ --with-ldflags Specify additional flags to pass to linker],
336 if test -n "$withval" && test "x$withval" != "xno" && \
337 test "x${withval}" != "xyes"; then
338 LDFLAGS="$LDFLAGS $withval"
343 [ --with-libs Specify additional libraries to link with],
345 if test -n "$withval" && test "x$withval" != "xno" && \
346 test "x${withval}" != "xyes"; then
347 LIBS="$LIBS $withval"
352 [ --with-Werror Build main code with -Werror],
354 if test -n "$withval" && test "x$withval" != "xno"; then
355 werror_flags="-Werror"
356 if test "x${withval}" != "xyes"; then
357 werror_flags="$withval"
389 security/pam_appl.h \
430 # lastlog.h requires sys/time.h to be included first on Solaris
431 AC_CHECK_HEADERS(lastlog.h, [], [], [
432 #ifdef HAVE_SYS_TIME_H
433 # include <sys/time.h>
437 # sys/ptms.h requires sys/stream.h to be included first on Solaris
438 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
439 #ifdef HAVE_SYS_STREAM_H
440 # include <sys/stream.h>
444 # login_cap.h requires sys/types.h on NetBSD
445 AC_CHECK_HEADERS(login_cap.h, [], [], [
446 #include <sys/types.h>
449 # Messages for features tested for in target-specific section
453 # Check for some target-specific stuff
456 # Some versions of VAC won't allow macro redefinitions at
457 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
458 # particularly with older versions of vac or xlc.
459 # It also throws errors about null macro argments, but these are
461 AC_MSG_CHECKING(if compiler allows macro redefinitions)
464 #define testmacro foo
465 #define testmacro bar
466 int main(void) { exit(0); }
468 [ AC_MSG_RESULT(yes) ],
470 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
471 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
472 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
473 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
477 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
478 if (test -z "$blibpath"); then
479 blibpath="/usr/lib:/lib"
481 saved_LDFLAGS="$LDFLAGS"
482 if test "$GCC" = "yes"; then
483 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
485 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
487 for tryflags in $flags ;do
488 if (test -z "$blibflags"); then
489 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
490 AC_TRY_LINK([], [], [blibflags=$tryflags])
493 if (test -z "$blibflags"); then
494 AC_MSG_RESULT(not found)
495 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
497 AC_MSG_RESULT($blibflags)
499 LDFLAGS="$saved_LDFLAGS"
500 dnl Check for authenticate. Might be in libs.a on older AIXes
501 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
502 [Define if you want to enable AIX4's authenticate function])],
503 [AC_CHECK_LIB(s,authenticate,
504 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
508 dnl Check for various auth function declarations in headers.
509 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
510 passwdexpired, setauthdb], , , [#include <usersec.h>])
511 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
512 AC_CHECK_DECLS(loginfailed,
513 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
515 [#include <usersec.h>],
516 [(void)loginfailed("user","host","tty",0);],
518 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
519 [Define if your AIX loginfailed() function
520 takes 4 arguments (AIX >= 5.2)])],
524 [#include <usersec.h>]
526 AC_CHECK_FUNCS(getgrset setauthdb)
527 AC_CHECK_DECL(F_CLOSEM,
528 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
530 [ #include <limits.h>
533 check_for_aix_broken_getaddrinfo=1
534 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
535 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
536 [Define if your platform breaks doing a seteuid before a setuid])
537 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
538 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
539 dnl AIX handles lastlog as part of its login message
540 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
541 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
542 [Some systems need a utmpx entry for /bin/login to work])
543 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
544 [Define to a Set Process Title type if your system is
545 supported by bsd-setproctitle.c])
546 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
547 [AIX 5.2 and 5.3 (and presumably newer) require this])
548 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
551 check_for_libcrypt_later=1
552 LIBS="$LIBS /usr/lib/textreadmode.o"
553 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
554 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
555 AC_DEFINE(DISABLE_SHADOW, 1,
556 [Define if you want to disable shadow passwords])
557 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
558 [Define if your system choked on IP TOS setting])
559 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
560 [Define if X11 doesn't support AF_UNIX sockets on that system])
561 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
562 [Define if the concept of ports only accessible to
563 superusers isn't known])
564 AC_DEFINE(DISABLE_FD_PASSING, 1,
565 [Define if your platform needs to skip post auth
566 file descriptor passing])
569 AC_DEFINE(IP_TOS_IS_BROKEN)
570 AC_DEFINE(SETEUID_BREAKS_SETUID)
571 AC_DEFINE(BROKEN_SETREUID)
572 AC_DEFINE(BROKEN_SETREGID)
575 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
576 AC_DEFINE(BROKEN_GETADDRINFO)
577 AC_DEFINE(SETEUID_BREAKS_SETUID)
578 AC_DEFINE(BROKEN_SETREUID)
579 AC_DEFINE(BROKEN_SETREGID)
580 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
581 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
582 [Define if your resolver libs need this for getrrsetbyname])
583 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
584 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
585 [Use tunnel device compatibility to OpenBSD])
586 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
587 [Prepend the address family to IP tunnel traffic])
588 m4_pattern_allow(AU_IPv)
589 AC_CHECK_DECL(AU_IPv4, [],
590 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
591 [#include <bsm/audit.h>]
593 AC_MSG_CHECKING(if we have the Security Authorization Session API)
594 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
595 [SessionCreate(0, 0);],
596 [ac_cv_use_security_session_api="yes"
597 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
598 [platform has the Security Authorization Session API])
599 LIBS="$LIBS -framework Security"
601 [ac_cv_use_security_session_api="no"
603 AC_MSG_CHECKING(if we have an in-memory credentials cache)
605 [#include <Kerberos/Kerberos.h>],
607 (void) cc_initialize (&c, 0, NULL, NULL);],
608 [AC_DEFINE(USE_CCAPI, 1,
609 [platform uses an in-memory credentials cache])
610 LIBS="$LIBS -framework Security"
612 if test "x$ac_cv_use_security_session_api" = "xno"; then
613 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
619 SSHDLIBS="$SSHDLIBS -lcrypt"
622 # first we define all of the options common to all HP-UX releases
623 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
624 IPADDR_IN_DISPLAY=yes
626 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
627 [Define if your login program cannot handle end of options ("--")])
628 AC_DEFINE(LOGIN_NEEDS_UTMPX)
629 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
630 [String used in /etc/passwd to denote locked account])
631 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
632 MAIL="/var/mail/username"
634 AC_CHECK_LIB(xnet, t_error, ,
635 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
637 # next, we define all of the options specific to major releases
640 if test -z "$GCC"; then
645 AC_DEFINE(PAM_SUN_CODEBASE, 1,
646 [Define if you are using Solaris-derived PAM which
647 passes pam_messages to the conversation function
648 with an extra level of indirection])
649 AC_DEFINE(DISABLE_UTMP, 1,
650 [Define if you don't want to use utmp])
651 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
652 check_for_hpux_broken_getaddrinfo=1
653 check_for_conflicting_getspnam=1
657 # lastly, we define options specific to minor releases
660 AC_DEFINE(HAVE_SECUREWARE, 1,
661 [Define if you have SecureWare-based
662 protected password database])
663 disable_ptmx_check=yes
669 PATH="$PATH:/usr/etc"
670 AC_DEFINE(BROKEN_INET_NTOA, 1,
671 [Define if you system's inet_ntoa is busted
672 (e.g. Irix gcc issue)])
673 AC_DEFINE(SETEUID_BREAKS_SETUID)
674 AC_DEFINE(BROKEN_SETREUID)
675 AC_DEFINE(BROKEN_SETREGID)
676 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
677 [Define if you shouldn't strip 'tty' from your
679 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
682 PATH="$PATH:/usr/etc"
683 AC_DEFINE(WITH_IRIX_ARRAY, 1,
684 [Define if you have/want arrays
685 (cluster-wide session managment, not C arrays)])
686 AC_DEFINE(WITH_IRIX_PROJECT, 1,
687 [Define if you want IRIX project management])
688 AC_DEFINE(WITH_IRIX_AUDIT, 1,
689 [Define if you want IRIX audit trails])
690 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
691 [Define if you want IRIX kernel jobs])])
692 AC_DEFINE(BROKEN_INET_NTOA)
693 AC_DEFINE(SETEUID_BREAKS_SETUID)
694 AC_DEFINE(BROKEN_SETREUID)
695 AC_DEFINE(BROKEN_SETREGID)
696 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
697 AC_DEFINE(WITH_ABBREV_NO_TTY)
698 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
702 check_for_libcrypt_later=1
703 check_for_openpty_ctty_bug=1
704 AC_DEFINE(PAM_TTY_KLUDGE, 1,
705 [Work around problematic Linux PAM modules handling of PAM_TTY])
706 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
707 [String used in /etc/passwd to denote locked account])
708 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
709 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
710 [Define to whatever link() returns for "not supported"
711 if it doesn't return EOPNOTSUPP.])
712 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
714 inet6_default_4in6=yes
717 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
718 [Define if cmsg_type is not passed correctly])
721 # tun(4) forwarding compat code
722 AC_CHECK_HEADERS(linux/if_tun.h)
723 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
724 AC_DEFINE(SSH_TUN_LINUX, 1,
725 [Open tunnel devices the Linux tun/tap way])
726 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
727 [Use tunnel device compatibility to OpenBSD])
728 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
729 [Prepend the address family to IP tunnel traffic])
732 mips-sony-bsd|mips-sony-newsos4)
733 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
737 check_for_libcrypt_before=1
738 if test "x$withval" != "xno" ; then
741 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
742 AC_CHECK_HEADER([net/if_tap.h], ,
743 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
744 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
745 [Prepend the address family to IP tunnel traffic])
748 check_for_libcrypt_later=1
749 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
750 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
751 AC_CHECK_HEADER([net/if_tap.h], ,
752 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
753 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
756 AC_DEFINE(SETEUID_BREAKS_SETUID)
757 AC_DEFINE(BROKEN_SETREUID)
758 AC_DEFINE(BROKEN_SETREGID)
761 conf_lastlog_location="/usr/adm/lastlog"
762 conf_utmp_location=/etc/utmp
763 conf_wtmp_location=/usr/adm/wtmp
765 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
766 AC_DEFINE(BROKEN_REALPATH)
768 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
771 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
772 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
773 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
774 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
775 [syslog_r function is safe to use in in a signal handler])
778 if test "x$withval" != "xno" ; then
781 AC_DEFINE(PAM_SUN_CODEBASE)
782 AC_DEFINE(LOGIN_NEEDS_UTMPX)
783 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
784 [Some versions of /bin/login need the TERM supplied
786 AC_DEFINE(PAM_TTY_KLUDGE)
787 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
788 [Define if pam_chauthtok wants real uid set
789 to the unpriv'ed user])
790 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
791 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
792 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
793 [Define if sshd somehow reacquires a controlling TTY
795 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
796 in case the name is longer than 8 chars])
797 external_path_file=/etc/default/login
798 # hardwire lastlog location (can't detect it on some versions)
799 conf_lastlog_location="/var/adm/lastlog"
800 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
801 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
802 if test "$sol2ver" -ge 8; then
804 AC_DEFINE(DISABLE_UTMP)
805 AC_DEFINE(DISABLE_WTMP, 1,
806 [Define if you don't want to use wtmp])
810 AC_ARG_WITH(solaris-contracts,
811 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
813 AC_CHECK_LIB(contract, ct_tmpl_activate,
814 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
815 [Define if you have Solaris process contracts])
816 SSHDLIBS="$SSHDLIBS -lcontract"
823 CPPFLAGS="$CPPFLAGS -DSUNOS4"
824 AC_CHECK_FUNCS(getpwanam)
825 AC_DEFINE(PAM_SUN_CODEBASE)
826 conf_utmp_location=/etc/utmp
827 conf_wtmp_location=/var/adm/wtmp
828 conf_lastlog_location=/var/adm/lastlog
834 AC_DEFINE(SSHD_ACQUIRES_CTTY)
835 AC_DEFINE(SETEUID_BREAKS_SETUID)
836 AC_DEFINE(BROKEN_SETREUID)
837 AC_DEFINE(BROKEN_SETREGID)
840 # /usr/ucblib MUST NOT be searched on ReliantUNIX
841 AC_CHECK_LIB(dl, dlsym, ,)
842 # -lresolv needs to be at the end of LIBS or DNS lookups break
843 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
844 IPADDR_IN_DISPLAY=yes
846 AC_DEFINE(IP_TOS_IS_BROKEN)
847 AC_DEFINE(SETEUID_BREAKS_SETUID)
848 AC_DEFINE(BROKEN_SETREUID)
849 AC_DEFINE(BROKEN_SETREGID)
850 AC_DEFINE(SSHD_ACQUIRES_CTTY)
851 external_path_file=/etc/default/login
852 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
853 # Attention: always take care to bind libsocket and libnsl before libc,
854 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
856 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
859 AC_DEFINE(SETEUID_BREAKS_SETUID)
860 AC_DEFINE(BROKEN_SETREUID)
861 AC_DEFINE(BROKEN_SETREGID)
862 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
863 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
865 # UnixWare 7.x, OpenUNIX 8
867 check_for_libcrypt_later=1
868 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
870 AC_DEFINE(SETEUID_BREAKS_SETUID)
871 AC_DEFINE(BROKEN_SETREUID)
872 AC_DEFINE(BROKEN_SETREGID)
873 AC_DEFINE(PASSWD_NEEDS_USERNAME)
875 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
876 TEST_SHELL=/u95/bin/sh
877 AC_DEFINE(BROKEN_LIBIAF, 1,
878 [ia_uinfo routines not supported by OS yet])
879 AC_DEFINE(BROKEN_UPDWTMPX)
881 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
887 # SCO UNIX and OEM versions of SCO UNIX
889 AC_MSG_ERROR("This Platform is no longer supported.")
893 if test -z "$GCC"; then
894 CFLAGS="$CFLAGS -belf"
896 LIBS="$LIBS -lprot -lx -ltinfo -lm"
899 AC_DEFINE(HAVE_SECUREWARE)
900 AC_DEFINE(DISABLE_SHADOW)
901 AC_DEFINE(DISABLE_FD_PASSING)
902 AC_DEFINE(SETEUID_BREAKS_SETUID)
903 AC_DEFINE(BROKEN_SETREUID)
904 AC_DEFINE(BROKEN_SETREGID)
905 AC_DEFINE(WITH_ABBREV_NO_TTY)
906 AC_DEFINE(BROKEN_UPDWTMPX)
907 AC_DEFINE(PASSWD_NEEDS_USERNAME)
908 AC_CHECK_FUNCS(getluid setluid)
913 AC_DEFINE(NO_SSH_LASTLOG, 1,
914 [Define if you don't want to use lastlog in session.c])
915 AC_DEFINE(SETEUID_BREAKS_SETUID)
916 AC_DEFINE(BROKEN_SETREUID)
917 AC_DEFINE(BROKEN_SETREGID)
919 AC_DEFINE(DISABLE_FD_PASSING)
921 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
925 AC_DEFINE(SETEUID_BREAKS_SETUID)
926 AC_DEFINE(BROKEN_SETREUID)
927 AC_DEFINE(BROKEN_SETREGID)
928 AC_DEFINE(WITH_ABBREV_NO_TTY)
930 AC_DEFINE(DISABLE_FD_PASSING)
932 LIBS="$LIBS -lgen -lacid -ldb"
936 AC_DEFINE(SETEUID_BREAKS_SETUID)
937 AC_DEFINE(BROKEN_SETREUID)
938 AC_DEFINE(BROKEN_SETREGID)
940 AC_DEFINE(DISABLE_FD_PASSING)
941 AC_DEFINE(NO_SSH_LASTLOG)
942 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
943 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
947 AC_MSG_CHECKING(for Digital Unix SIA)
950 [ --with-osfsia Enable Digital Unix SIA],
952 if test "x$withval" = "xno" ; then
953 AC_MSG_RESULT(disabled)
958 if test -z "$no_osfsia" ; then
959 if test -f /etc/sia/matrix.conf; then
961 AC_DEFINE(HAVE_OSF_SIA, 1,
962 [Define if you have Digital Unix Security
963 Integration Architecture])
964 AC_DEFINE(DISABLE_LOGIN, 1,
965 [Define if you don't want to use your
966 system's login() call])
967 AC_DEFINE(DISABLE_FD_PASSING)
968 LIBS="$LIBS -lsecurity -ldb -lm -laud"
972 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
973 [String used in /etc/passwd to denote locked account])
976 AC_DEFINE(BROKEN_GETADDRINFO)
977 AC_DEFINE(SETEUID_BREAKS_SETUID)
978 AC_DEFINE(BROKEN_SETREUID)
979 AC_DEFINE(BROKEN_SETREGID)
980 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
985 AC_DEFINE(NO_X11_UNIX_SOCKETS)
986 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
987 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
988 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
989 AC_DEFINE(DISABLE_LASTLOG)
990 AC_DEFINE(SSHD_ACQUIRES_CTTY)
991 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
992 enable_etc_default_login=no # has incompatible /etc/default/login
995 AC_DEFINE(DISABLE_FD_PASSING)
1001 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
1002 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
1003 AC_DEFINE(NEED_SETPGRP)
1004 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
1008 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1009 AC_DEFINE(MISSING_HOWMANY)
1010 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
1014 AC_MSG_CHECKING(compiler and flags for sanity)
1018 int main(){exit(0);}
1020 [ AC_MSG_RESULT(yes) ],
1023 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1025 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1028 dnl Checks for header files.
1029 # Checks for libraries.
1030 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
1031 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
1033 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1034 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
1035 AC_CHECK_LIB(gen, dirname,[
1036 AC_CACHE_CHECK([for broken dirname],
1037 ac_cv_have_broken_dirname, [
1045 int main(int argc, char **argv) {
1048 strncpy(buf,"/etc", 32);
1050 if (!s || strncmp(s, "/", 32) != 0) {
1057 [ ac_cv_have_broken_dirname="no" ],
1058 [ ac_cv_have_broken_dirname="yes" ],
1059 [ ac_cv_have_broken_dirname="no" ],
1063 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1065 AC_DEFINE(HAVE_DIRNAME)
1066 AC_CHECK_HEADERS(libgen.h)
1071 AC_CHECK_FUNC(getspnam, ,
1072 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
1073 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
1074 [Define if you have the basename function.]))
1076 dnl zlib is required
1078 [ --with-zlib=PATH Use zlib in PATH],
1079 [ if test "x$withval" = "xno" ; then
1080 AC_MSG_ERROR([*** zlib is required ***])
1081 elif test "x$withval" != "xyes"; then
1082 if test -d "$withval/lib"; then
1083 if test -n "${need_dash_r}"; then
1084 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1086 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1089 if test -n "${need_dash_r}"; then
1090 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1092 LDFLAGS="-L${withval} ${LDFLAGS}"
1095 if test -d "$withval/include"; then
1096 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1098 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1103 AC_CHECK_LIB(z, deflate, ,
1105 saved_CPPFLAGS="$CPPFLAGS"
1106 saved_LDFLAGS="$LDFLAGS"
1108 dnl Check default zlib install dir
1109 if test -n "${need_dash_r}"; then
1110 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1112 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1114 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1116 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1118 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1123 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1125 AC_ARG_WITH(zlib-version-check,
1126 [ --without-zlib-version-check Disable zlib version check],
1127 [ if test "x$withval" = "xno" ; then
1128 zlib_check_nonfatal=1
1133 AC_MSG_CHECKING(for possibly buggy zlib)
1134 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1139 int a=0, b=0, c=0, d=0, n, v;
1140 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1141 if (n != 3 && n != 4)
1143 v = a*1000000 + b*10000 + c*100 + d;
1144 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1147 if (a == 1 && b == 1 && c >= 4)
1150 /* 1.2.3 and up are OK */
1158 [ AC_MSG_RESULT(yes)
1159 if test -z "$zlib_check_nonfatal" ; then
1160 AC_MSG_ERROR([*** zlib too old - check config.log ***
1161 Your reported zlib version has known security problems. It's possible your
1162 vendor has fixed these problems without changing the version number. If you
1163 are sure this is the case, you can disable the check by running
1164 "./configure --without-zlib-version-check".
1165 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1166 See http://www.gzip.org/zlib/ for details.])
1168 AC_MSG_WARN([zlib version may have security problems])
1171 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1175 AC_CHECK_FUNC(strcasecmp,
1176 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1178 AC_CHECK_FUNCS(utimes,
1179 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1180 LIBS="$LIBS -lc89"]) ]
1183 dnl Checks for libutil functions
1184 AC_CHECK_HEADERS(libutil.h)
1185 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1186 [Define if your libraries define login()])])
1187 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1191 # Check for ALTDIRFUNC glob() extension
1192 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1193 AC_EGREP_CPP(FOUNDIT,
1196 #ifdef GLOB_ALTDIRFUNC
1201 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1202 [Define if your system glob() function has
1203 the GLOB_ALTDIRFUNC extension])
1211 # Check for g.gl_matchc glob() extension
1212 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1214 [ #include <glob.h> ],
1215 [glob_t g; g.gl_matchc = 1;],
1217 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1218 [Define if your system glob() function has
1219 gl_matchc options in glob_t])
1227 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1229 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1232 #include <sys/types.h>
1234 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1236 [AC_MSG_RESULT(yes)],
1239 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1240 [Define if your struct dirent expects you to
1241 allocate extra space for d_name])
1244 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1245 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1249 AC_MSG_CHECKING([for /proc/pid/fd directory])
1250 if test -d "/proc/$$/fd" ; then
1251 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1257 # Check whether user wants S/Key support
1260 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1262 if test "x$withval" != "xno" ; then
1264 if test "x$withval" != "xyes" ; then
1265 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1266 LDFLAGS="$LDFLAGS -L${withval}/lib"
1269 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1273 AC_MSG_CHECKING([for s/key support])
1278 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1280 [AC_MSG_RESULT(yes)],
1283 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1285 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1289 [(void)skeychallenge(NULL,"name","",0);],
1291 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1292 [Define if your skeychallenge()
1293 function takes 4 arguments (NetBSD)])],
1300 # Check whether user wants TCP wrappers support
1302 AC_ARG_WITH(tcp-wrappers,
1303 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1305 if test "x$withval" != "xno" ; then
1307 saved_LDFLAGS="$LDFLAGS"
1308 saved_CPPFLAGS="$CPPFLAGS"
1309 if test -n "${withval}" && \
1310 test "x${withval}" != "xyes"; then
1311 if test -d "${withval}/lib"; then
1312 if test -n "${need_dash_r}"; then
1313 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1315 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1318 if test -n "${need_dash_r}"; then
1319 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1321 LDFLAGS="-L${withval} ${LDFLAGS}"
1324 if test -d "${withval}/include"; then
1325 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1327 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1331 AC_MSG_CHECKING(for libwrap)
1334 #include <sys/types.h>
1335 #include <sys/socket.h>
1336 #include <netinet/in.h>
1338 int deny_severity = 0, allow_severity = 0;
1343 AC_DEFINE(LIBWRAP, 1,
1345 TCP Wrappers support])
1346 SSHDLIBS="$SSHDLIBS -lwrap"
1350 AC_MSG_ERROR([*** libwrap missing])
1358 # Check whether user wants libedit support
1360 AC_ARG_WITH(libedit,
1361 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1362 [ if test "x$withval" != "xno" ; then
1363 if test "x$withval" != "xyes"; then
1364 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1365 if test -n "${need_dash_r}"; then
1366 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1368 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1371 AC_CHECK_LIB(edit, el_init,
1372 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1373 LIBEDIT="-ledit -lcurses"
1377 [ AC_MSG_ERROR(libedit not found) ],
1380 AC_MSG_CHECKING(if libedit version is compatible)
1383 #include <histedit.h>
1387 el_init("", NULL, NULL, NULL);
1391 [ AC_MSG_RESULT(yes) ],
1393 AC_MSG_ERROR(libedit version is not compatible) ]
1400 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1402 AC_MSG_CHECKING(for supported audit module)
1407 dnl Checks for headers, libs and functions
1408 AC_CHECK_HEADERS(bsm/audit.h, [],
1409 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1416 AC_CHECK_LIB(bsm, getaudit, [],
1417 [AC_MSG_ERROR(BSM enabled and required library not found)])
1418 AC_CHECK_FUNCS(getaudit, [],
1419 [AC_MSG_ERROR(BSM enabled and required function not found)])
1420 # These are optional
1421 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1422 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1426 AC_MSG_RESULT(debug)
1427 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1433 AC_MSG_ERROR([Unknown audit module $withval])
1438 dnl Checks for library functions. Please keep in alphabetical order
1442 arc4random_uniform \
1531 # IRIX has a const char return value for gai_strerror()
1532 AC_CHECK_FUNCS(gai_strerror,[
1533 AC_DEFINE(HAVE_GAI_STRERROR)
1535 #include <sys/types.h>
1536 #include <sys/socket.h>
1539 const char *gai_strerror(int);],[
1542 str = gai_strerror(0);],[
1543 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1544 [Define if gai_strerror() returns const char *])])])
1546 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1547 [Some systems put nanosleep outside of libc]))
1549 dnl Make sure prototypes are defined for these before using them.
1550 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1551 AC_CHECK_DECL(strsep,
1552 [AC_CHECK_FUNCS(strsep)],
1555 #ifdef HAVE_STRING_H
1556 # include <string.h>
1560 dnl tcsendbreak might be a macro
1561 AC_CHECK_DECL(tcsendbreak,
1562 [AC_DEFINE(HAVE_TCSENDBREAK)],
1563 [AC_CHECK_FUNCS(tcsendbreak)],
1564 [#include <termios.h>]
1567 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1569 AC_CHECK_DECLS(SHUT_RD, , ,
1571 #include <sys/types.h>
1572 #include <sys/socket.h>
1575 AC_CHECK_DECLS(O_NONBLOCK, , ,
1577 #include <sys/types.h>
1578 #ifdef HAVE_SYS_STAT_H
1579 # include <sys/stat.h>
1586 AC_CHECK_DECLS(writev, , , [
1587 #include <sys/types.h>
1588 #include <sys/uio.h>
1592 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1593 #include <sys/param.h>
1596 AC_CHECK_DECLS(offsetof, , , [
1600 AC_CHECK_FUNCS(setresuid, [
1601 dnl Some platorms have setresuid that isn't implemented, test for this
1602 AC_MSG_CHECKING(if setresuid seems to work)
1607 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1609 [AC_MSG_RESULT(yes)],
1610 [AC_DEFINE(BROKEN_SETRESUID, 1,
1611 [Define if your setresuid() is broken])
1612 AC_MSG_RESULT(not implemented)],
1613 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1617 AC_CHECK_FUNCS(setresgid, [
1618 dnl Some platorms have setresgid that isn't implemented, test for this
1619 AC_MSG_CHECKING(if setresgid seems to work)
1624 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1626 [AC_MSG_RESULT(yes)],
1627 [AC_DEFINE(BROKEN_SETRESGID, 1,
1628 [Define if your setresgid() is broken])
1629 AC_MSG_RESULT(not implemented)],
1630 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1634 dnl Checks for time functions
1635 AC_CHECK_FUNCS(gettimeofday time)
1636 dnl Checks for utmp functions
1637 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1638 AC_CHECK_FUNCS(utmpname)
1639 dnl Checks for utmpx functions
1640 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1641 AC_CHECK_FUNCS(setutxent utmpxname)
1643 AC_CHECK_FUNC(daemon,
1644 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1645 [AC_CHECK_LIB(bsd, daemon,
1646 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1649 AC_CHECK_FUNC(getpagesize,
1650 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1651 [Define if your libraries define getpagesize()])],
1652 [AC_CHECK_LIB(ucb, getpagesize,
1653 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1656 # Check for broken snprintf
1657 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1658 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1662 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1664 [AC_MSG_RESULT(yes)],
1667 AC_DEFINE(BROKEN_SNPRINTF, 1,
1668 [Define if your snprintf is busted])
1669 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1671 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1675 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1676 # returning the right thing on overflow: the number of characters it tried to
1677 # create (as per SUSv3)
1678 if test "x$ac_cv_func_asprintf" != "xyes" && \
1679 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1680 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1683 #include <sys/types.h>
1687 int x_snprintf(char *str,size_t count,const char *fmt,...)
1689 size_t ret; va_list ap;
1690 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1696 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1698 [AC_MSG_RESULT(yes)],
1701 AC_DEFINE(BROKEN_SNPRINTF, 1,
1702 [Define if your snprintf is busted])
1703 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1705 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1709 # On systems where [v]snprintf is broken, but is declared in stdio,
1710 # check that the fmt argument is const char * or just char *.
1711 # This is only useful for when BROKEN_SNPRINTF
1712 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1713 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1714 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1715 int main(void) { snprintf(0, 0, 0); }
1718 AC_DEFINE(SNPRINTF_CONST, [const],
1719 [Define as const if snprintf() can declare const char *fmt])],
1721 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1723 # Check for missing getpeereid (or equiv) support
1725 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1726 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1728 [#include <sys/types.h>
1729 #include <sys/socket.h>],
1730 [int i = SO_PEERCRED;],
1731 [ AC_MSG_RESULT(yes)
1732 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1739 dnl see whether mkstemp() requires XXXXXX
1740 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1741 AC_MSG_CHECKING([for (overly) strict mkstemp])
1745 main() { char template[]="conftest.mkstemp-test";
1746 if (mkstemp(template) == -1)
1748 unlink(template); exit(0);
1756 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1760 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1765 dnl make sure that openpty does not reacquire controlling terminal
1766 if test ! -z "$check_for_openpty_ctty_bug"; then
1767 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1771 #include <sys/fcntl.h>
1772 #include <sys/types.h>
1773 #include <sys/wait.h>
1779 int fd, ptyfd, ttyfd, status;
1782 if (pid < 0) { /* failed */
1784 } else if (pid > 0) { /* parent */
1785 waitpid(pid, &status, 0);
1786 if (WIFEXITED(status))
1787 exit(WEXITSTATUS(status));
1790 } else { /* child */
1791 close(0); close(1); close(2);
1793 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1794 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1796 exit(3); /* Acquired ctty: broken */
1798 exit(0); /* Did not acquire ctty: OK */
1807 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1810 AC_MSG_RESULT(cross-compiling, assuming yes)
1815 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1816 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1817 AC_MSG_CHECKING(if getaddrinfo seems to work)
1821 #include <sys/socket.h>
1824 #include <netinet/in.h>
1826 #define TEST_PORT "2222"
1832 struct addrinfo *gai_ai, *ai, hints;
1833 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1835 memset(&hints, 0, sizeof(hints));
1836 hints.ai_family = PF_UNSPEC;
1837 hints.ai_socktype = SOCK_STREAM;
1838 hints.ai_flags = AI_PASSIVE;
1840 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1842 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1846 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1847 if (ai->ai_family != AF_INET6)
1850 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1851 sizeof(ntop), strport, sizeof(strport),
1852 NI_NUMERICHOST|NI_NUMERICSERV);
1855 if (err == EAI_SYSTEM)
1856 perror("getnameinfo EAI_SYSTEM");
1858 fprintf(stderr, "getnameinfo failed: %s\n",
1863 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1866 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1879 AC_DEFINE(BROKEN_GETADDRINFO)
1882 AC_MSG_RESULT(cross-compiling, assuming yes)
1887 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1888 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1889 AC_MSG_CHECKING(if getaddrinfo seems to work)
1893 #include <sys/socket.h>
1896 #include <netinet/in.h>
1898 #define TEST_PORT "2222"
1904 struct addrinfo *gai_ai, *ai, hints;
1905 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1907 memset(&hints, 0, sizeof(hints));
1908 hints.ai_family = PF_UNSPEC;
1909 hints.ai_socktype = SOCK_STREAM;
1910 hints.ai_flags = AI_PASSIVE;
1912 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1914 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1918 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1919 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1922 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1923 sizeof(ntop), strport, sizeof(strport),
1924 NI_NUMERICHOST|NI_NUMERICSERV);
1926 if (ai->ai_family == AF_INET && err != 0) {
1927 perror("getnameinfo");
1936 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1937 [Define if you have a getaddrinfo that fails
1938 for the all-zeros IPv6 address])
1942 AC_DEFINE(BROKEN_GETADDRINFO)
1945 AC_MSG_RESULT(cross-compiling, assuming no)
1950 if test "x$check_for_conflicting_getspnam" = "x1"; then
1951 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1955 int main(void) {exit(0);}
1962 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1963 [Conflicting defs for getspnam])
1970 # Search for OpenSSL
1971 saved_CPPFLAGS="$CPPFLAGS"
1972 saved_LDFLAGS="$LDFLAGS"
1973 AC_ARG_WITH(ssl-dir,
1974 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1976 if test "x$withval" != "xno" ; then
1979 ./*|../*) withval="`pwd`/$withval"
1981 if test -d "$withval/lib"; then
1982 if test -n "${need_dash_r}"; then
1983 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1985 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1988 if test -n "${need_dash_r}"; then
1989 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1991 LDFLAGS="-L${withval} ${LDFLAGS}"
1994 if test -d "$withval/include"; then
1995 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1997 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2002 if test -z "$GLOBUS_LDFLAGS" ; then
2003 LIBS="-lcrypto $LIBS"
2005 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
2006 [Define if your ssl headers are included
2007 with #include <openssl/header.h>]),
2009 dnl Check default openssl install dir
2010 if test -n "${need_dash_r}"; then
2011 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2013 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2015 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2016 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2018 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2024 # Determine OpenSSL header version
2025 AC_MSG_CHECKING([OpenSSL header version])
2030 #include <openssl/opensslv.h>
2031 #define DATA "conftest.sslincver"
2036 fd = fopen(DATA,"w");
2040 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2047 ssl_header_ver=`cat conftest.sslincver`
2048 AC_MSG_RESULT($ssl_header_ver)
2051 AC_MSG_RESULT(not found)
2052 AC_MSG_ERROR(OpenSSL version header not found.)
2055 AC_MSG_WARN([cross compiling: not checking])
2059 # Determine OpenSSL library version
2060 AC_MSG_CHECKING([OpenSSL library version])
2065 #include <openssl/opensslv.h>
2066 #include <openssl/crypto.h>
2067 #define DATA "conftest.ssllibver"
2072 fd = fopen(DATA,"w");
2076 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2083 ssl_library_ver=`cat conftest.ssllibver`
2084 AC_MSG_RESULT($ssl_library_ver)
2087 AC_MSG_RESULT(not found)
2088 AC_MSG_ERROR(OpenSSL library not found.)
2091 AC_MSG_WARN([cross compiling: not checking])
2095 AC_ARG_WITH(openssl-header-check,
2096 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2097 [ if test "x$withval" = "xno" ; then
2098 openssl_check_nonfatal=1
2103 # Sanity check OpenSSL headers
2104 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2108 #include <openssl/opensslv.h>
2109 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2116 if test "x$openssl_check_nonfatal" = "x"; then
2117 AC_MSG_ERROR([Your OpenSSL headers do not match your
2118 library. Check config.log for details.
2119 If you are sure your installation is consistent, you can disable the check
2120 by running "./configure --without-openssl-header-check".
2121 Also see contrib/findssl.sh for help identifying header/library mismatches.
2124 AC_MSG_WARN([Your OpenSSL headers do not match your
2125 library. Check config.log for details.
2126 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2130 AC_MSG_WARN([cross compiling: not checking])
2134 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2137 #include <openssl/evp.h>
2138 int main(void) { SSLeay_add_all_algorithms(); }
2147 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2150 #include <openssl/evp.h>
2151 int main(void) { SSLeay_add_all_algorithms(); }
2164 AC_ARG_WITH(ssl-engine,
2165 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2166 [ if test "x$withval" != "xno" ; then
2167 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2169 [ #include <openssl/engine.h>],
2171 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2173 [ AC_MSG_RESULT(yes)
2174 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2175 [Enable OpenSSL engine support])
2177 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2182 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2183 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2187 #include <openssl/evp.h>
2188 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2195 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2196 [libcrypto is missing AES 192 and 256 bit functions])
2200 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2201 # because the system crypt() is more featureful.
2202 if test "x$check_for_libcrypt_before" = "x1"; then
2203 AC_CHECK_LIB(crypt, crypt)
2206 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2207 # version in OpenSSL.
2208 if test "x$check_for_libcrypt_later" = "x1"; then
2209 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2212 # Search for SHA256 support in libc and/or OpenSSL
2213 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2216 AC_CHECK_LIB(iaf, ia_openinfo, [
2218 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2219 AC_DEFINE(HAVE_LIBIAF, 1,
2220 [Define if system has libiaf that supports set_id])
2225 ### Configure cryptographic random number support
2227 # Check wheter OpenSSL seeds itself
2228 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2232 #include <openssl/rand.h>
2233 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2236 OPENSSL_SEEDS_ITSELF=yes
2241 # Default to use of the rand helper if OpenSSL doesn't
2246 AC_MSG_WARN([cross compiling: assuming yes])
2247 # This is safe, since all recent OpenSSL versions will
2248 # complain at runtime if not seeded correctly.
2249 OPENSSL_SEEDS_ITSELF=yes
2253 # Check for PAM libs
2256 [ --with-pam Enable PAM support ],
2258 if test "x$withval" != "xno" ; then
2259 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2260 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2261 AC_MSG_ERROR([PAM headers not found])
2265 AC_CHECK_LIB(dl, dlopen, , )
2266 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2267 AC_CHECK_FUNCS(pam_getenvlist)
2268 AC_CHECK_FUNCS(pam_putenv)
2273 SSHDLIBS="$SSHDLIBS -lpam"
2274 AC_DEFINE(USE_PAM, 1,
2275 [Define if you want to enable PAM support])
2277 if test $ac_cv_lib_dl_dlopen = yes; then
2280 # libdl already in LIBS
2283 SSHDLIBS="$SSHDLIBS -ldl"
2291 # Check for older PAM
2292 if test "x$PAM_MSG" = "xyes" ; then
2293 # Check PAM strerror arguments (old PAM)
2294 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2298 #if defined(HAVE_SECURITY_PAM_APPL_H)
2299 #include <security/pam_appl.h>
2300 #elif defined (HAVE_PAM_PAM_APPL_H)
2301 #include <pam/pam_appl.h>
2304 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2305 [AC_MSG_RESULT(no)],
2307 AC_DEFINE(HAVE_OLD_PAM, 1,
2308 [Define if you have an old version of PAM
2309 which takes only one argument to pam_strerror])
2311 PAM_MSG="yes (old library)"
2316 # Do we want to force the use of the rand helper?
2317 AC_ARG_WITH(rand-helper,
2318 [ --with-rand-helper Use subprocess to gather strong randomness ],
2320 if test "x$withval" = "xno" ; then
2321 # Force use of OpenSSL's internal RNG, even if
2322 # the previous test showed it to be unseeded.
2323 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2324 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2325 OPENSSL_SEEDS_ITSELF=yes
2334 # Which randomness source do we use?
2335 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2337 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2338 [Define if you want OpenSSL's internally seeded PRNG only])
2339 RAND_MSG="OpenSSL internal ONLY"
2340 INSTALL_SSH_RAND_HELPER=""
2341 elif test ! -z "$USE_RAND_HELPER" ; then
2342 # install rand helper
2343 RAND_MSG="ssh-rand-helper"
2344 INSTALL_SSH_RAND_HELPER="yes"
2346 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2348 ### Configuration of ssh-rand-helper
2351 AC_ARG_WITH(prngd-port,
2352 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2361 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2364 if test ! -z "$withval" ; then
2365 PRNGD_PORT="$withval"
2366 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2367 [Port number of PRNGD/EGD random number socket])
2372 # PRNGD Unix domain socket
2373 AC_ARG_WITH(prngd-socket,
2374 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2378 withval="/var/run/egd-pool"
2386 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2390 if test ! -z "$withval" ; then
2391 if test ! -z "$PRNGD_PORT" ; then
2392 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2394 if test ! -r "$withval" ; then
2395 AC_MSG_WARN(Entropy socket is not readable)
2397 PRNGD_SOCKET="$withval"
2398 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2399 [Location of PRNGD/EGD random number socket])
2403 # Check for existing socket only if we don't have a random device already
2404 if test "$USE_RAND_HELPER" = yes ; then
2405 AC_MSG_CHECKING(for PRNGD/EGD socket)
2406 # Insert other locations here
2407 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2408 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2409 PRNGD_SOCKET="$sock"
2410 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2414 if test ! -z "$PRNGD_SOCKET" ; then
2415 AC_MSG_RESULT($PRNGD_SOCKET)
2417 AC_MSG_RESULT(not found)
2423 # Change default command timeout for hashing entropy source
2425 AC_ARG_WITH(entropy-timeout,
2426 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2428 if test -n "$withval" && test "x$withval" != "xno" && \
2429 test "x${withval}" != "xyes"; then
2430 entropy_timeout=$withval
2434 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2435 [Builtin PRNG command timeout])
2437 SSH_PRIVSEP_USER=sshd
2438 AC_ARG_WITH(privsep-user,
2439 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2441 if test -n "$withval" && test "x$withval" != "xno" && \
2442 test "x${withval}" != "xyes"; then
2443 SSH_PRIVSEP_USER=$withval
2447 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2448 [non-privileged user for privilege separation])
2449 AC_SUBST(SSH_PRIVSEP_USER)
2451 # We do this little dance with the search path to insure
2452 # that programs that we select for use by installed programs
2453 # (which may be run by the super-user) come from trusted
2454 # locations before they come from the user's private area.
2455 # This should help avoid accidentally configuring some
2456 # random version of a program in someone's personal bin.
2460 test -h /bin 2> /dev/null && PATH=/usr/bin
2461 test -d /sbin && PATH=$PATH:/sbin
2462 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2463 PATH=$PATH:/etc:$OPATH
2465 # These programs are used by the command hashing source to gather entropy
2466 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2467 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2468 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2469 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2470 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2471 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2472 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2473 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2474 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2475 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2476 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2477 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2478 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2479 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2480 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2481 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2485 # Where does ssh-rand-helper get its randomness from?
2486 INSTALL_SSH_PRNG_CMDS=""
2487 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2488 if test ! -z "$PRNGD_PORT" ; then
2489 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2490 elif test ! -z "$PRNGD_SOCKET" ; then
2491 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2493 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2494 RAND_HELPER_CMDHASH=yes
2495 INSTALL_SSH_PRNG_CMDS="yes"
2498 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2501 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2502 if test ! -z "$SONY" ; then
2503 LIBS="$LIBS -liberty";
2506 # Check for long long datatypes
2507 AC_CHECK_TYPES([long long, unsigned long long, long double])
2509 # Check datatype sizes
2510 AC_CHECK_SIZEOF(char, 1)
2511 AC_CHECK_SIZEOF(short int, 2)
2512 AC_CHECK_SIZEOF(int, 4)
2513 AC_CHECK_SIZEOF(long int, 4)
2514 AC_CHECK_SIZEOF(long long int, 8)
2516 # Sanity check long long for some platforms (AIX)
2517 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2518 ac_cv_sizeof_long_long_int=0
2521 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2522 if test -z "$have_llong_max"; then
2523 AC_MSG_CHECKING([for max value of long long])
2527 /* Why is this so damn hard? */
2531 #define __USE_ISOC99
2533 #define DATA "conftest.llminmax"
2534 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2537 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2538 * we do this the hard way.
2541 fprint_ll(FILE *f, long long n)
2544 int l[sizeof(long long) * 8];
2547 if (fprintf(f, "-") < 0)
2549 for (i = 0; n != 0; i++) {
2550 l[i] = my_abs(n % 10);
2554 if (fprintf(f, "%d", l[--i]) < 0)
2557 if (fprintf(f, " ") < 0)
2564 long long i, llmin, llmax = 0;
2566 if((f = fopen(DATA,"w")) == NULL)
2569 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2570 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2574 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2575 /* This will work on one's complement and two's complement */
2576 for (i = 1; i > llmax; i <<= 1, i++)
2578 llmin = llmax + 1LL; /* wrap */
2582 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2583 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2584 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2585 fprintf(f, "unknown unknown\n");
2589 if (fprint_ll(f, llmin) < 0)
2591 if (fprint_ll(f, llmax) < 0)
2599 llong_min=`$AWK '{print $1}' conftest.llminmax`
2600 llong_max=`$AWK '{print $2}' conftest.llminmax`
2602 AC_MSG_RESULT($llong_max)
2603 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2604 [max value of long long calculated by configure])
2605 AC_MSG_CHECKING([for min value of long long])
2606 AC_MSG_RESULT($llong_min)
2607 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2608 [min value of long long calculated by configure])
2611 AC_MSG_RESULT(not found)
2614 AC_MSG_WARN([cross compiling: not checking])
2620 # More checks for data types
2621 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2623 [ #include <sys/types.h> ],
2625 [ ac_cv_have_u_int="yes" ],
2626 [ ac_cv_have_u_int="no" ]
2629 if test "x$ac_cv_have_u_int" = "xyes" ; then
2630 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2634 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2636 [ #include <sys/types.h> ],
2637 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2638 [ ac_cv_have_intxx_t="yes" ],
2639 [ ac_cv_have_intxx_t="no" ]
2642 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2643 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2647 if (test -z "$have_intxx_t" && \
2648 test "x$ac_cv_header_stdint_h" = "xyes")
2650 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2652 [ #include <stdint.h> ],
2653 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2655 AC_DEFINE(HAVE_INTXX_T)
2658 [ AC_MSG_RESULT(no) ]
2662 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2665 #include <sys/types.h>
2666 #ifdef HAVE_STDINT_H
2667 # include <stdint.h>
2669 #include <sys/socket.h>
2670 #ifdef HAVE_SYS_BITYPES_H
2671 # include <sys/bitypes.h>
2674 [ int64_t a; a = 1;],
2675 [ ac_cv_have_int64_t="yes" ],
2676 [ ac_cv_have_int64_t="no" ]
2679 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2680 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2683 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2685 [ #include <sys/types.h> ],
2686 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2687 [ ac_cv_have_u_intxx_t="yes" ],
2688 [ ac_cv_have_u_intxx_t="no" ]
2691 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2692 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2696 if test -z "$have_u_intxx_t" ; then
2697 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2699 [ #include <sys/socket.h> ],
2700 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2702 AC_DEFINE(HAVE_U_INTXX_T)
2705 [ AC_MSG_RESULT(no) ]
2709 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2711 [ #include <sys/types.h> ],
2712 [ u_int64_t a; a = 1;],
2713 [ ac_cv_have_u_int64_t="yes" ],
2714 [ ac_cv_have_u_int64_t="no" ]
2717 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2718 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2722 if test -z "$have_u_int64_t" ; then
2723 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2725 [ #include <sys/bitypes.h> ],
2726 [ u_int64_t a; a = 1],
2728 AC_DEFINE(HAVE_U_INT64_T)
2731 [ AC_MSG_RESULT(no) ]
2735 if test -z "$have_u_intxx_t" ; then
2736 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2739 #include <sys/types.h>
2741 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2742 [ ac_cv_have_uintxx_t="yes" ],
2743 [ ac_cv_have_uintxx_t="no" ]
2746 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2747 AC_DEFINE(HAVE_UINTXX_T, 1,
2748 [define if you have uintxx_t data type])
2752 if test -z "$have_uintxx_t" ; then
2753 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2755 [ #include <stdint.h> ],
2756 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2758 AC_DEFINE(HAVE_UINTXX_T)
2761 [ AC_MSG_RESULT(no) ]
2765 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2766 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2768 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2771 #include <sys/bitypes.h>
2774 int8_t a; int16_t b; int32_t c;
2775 u_int8_t e; u_int16_t f; u_int32_t g;
2776 a = b = c = e = f = g = 1;
2779 AC_DEFINE(HAVE_U_INTXX_T)
2780 AC_DEFINE(HAVE_INTXX_T)
2788 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2791 #include <sys/types.h>
2793 [ u_char foo; foo = 125; ],
2794 [ ac_cv_have_u_char="yes" ],
2795 [ ac_cv_have_u_char="no" ]
2798 if test "x$ac_cv_have_u_char" = "xyes" ; then
2799 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2804 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2805 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2806 #include <sys/types.h>
2807 #ifdef HAVE_SYS_BITYPES_H
2808 #include <sys/bitypes.h>
2810 #ifdef HAVE_SYS_STATFS_H
2811 #include <sys/statfs.h>
2813 #ifdef HAVE_SYS_STATVFS_H
2814 #include <sys/statvfs.h>
2818 AC_CHECK_TYPES(in_addr_t,,,
2819 [#include <sys/types.h>
2820 #include <netinet/in.h>])
2822 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2825 #include <sys/types.h>
2827 [ size_t foo; foo = 1235; ],
2828 [ ac_cv_have_size_t="yes" ],
2829 [ ac_cv_have_size_t="no" ]
2832 if test "x$ac_cv_have_size_t" = "xyes" ; then
2833 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2836 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2839 #include <sys/types.h>
2841 [ ssize_t foo; foo = 1235; ],
2842 [ ac_cv_have_ssize_t="yes" ],
2843 [ ac_cv_have_ssize_t="no" ]
2846 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2847 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2850 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2855 [ clock_t foo; foo = 1235; ],
2856 [ ac_cv_have_clock_t="yes" ],
2857 [ ac_cv_have_clock_t="no" ]
2860 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2861 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2864 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2867 #include <sys/types.h>
2868 #include <sys/socket.h>
2870 [ sa_family_t foo; foo = 1235; ],
2871 [ ac_cv_have_sa_family_t="yes" ],
2874 #include <sys/types.h>
2875 #include <sys/socket.h>
2876 #include <netinet/in.h>
2878 [ sa_family_t foo; foo = 1235; ],
2879 [ ac_cv_have_sa_family_t="yes" ],
2881 [ ac_cv_have_sa_family_t="no" ]
2885 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2886 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2887 [define if you have sa_family_t data type])
2890 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2893 #include <sys/types.h>
2895 [ pid_t foo; foo = 1235; ],
2896 [ ac_cv_have_pid_t="yes" ],
2897 [ ac_cv_have_pid_t="no" ]
2900 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2901 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2904 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2907 #include <sys/types.h>
2909 [ mode_t foo; foo = 1235; ],
2910 [ ac_cv_have_mode_t="yes" ],
2911 [ ac_cv_have_mode_t="no" ]
2914 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2915 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2919 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2922 #include <sys/types.h>
2923 #include <sys/socket.h>
2925 [ struct sockaddr_storage s; ],
2926 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2927 [ ac_cv_have_struct_sockaddr_storage="no" ]
2930 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2931 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2932 [define if you have struct sockaddr_storage data type])
2935 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2938 #include <sys/types.h>
2939 #include <netinet/in.h>
2941 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2942 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2943 [ ac_cv_have_struct_sockaddr_in6="no" ]
2946 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2947 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2948 [define if you have struct sockaddr_in6 data type])
2951 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2954 #include <sys/types.h>
2955 #include <netinet/in.h>
2957 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2958 [ ac_cv_have_struct_in6_addr="yes" ],
2959 [ ac_cv_have_struct_in6_addr="no" ]
2962 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2963 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2964 [define if you have struct in6_addr data type])
2967 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2970 #include <sys/types.h>
2971 #include <sys/socket.h>
2974 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2975 [ ac_cv_have_struct_addrinfo="yes" ],
2976 [ ac_cv_have_struct_addrinfo="no" ]
2979 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2980 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2981 [define if you have struct addrinfo data type])
2984 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2986 [ #include <sys/time.h> ],
2987 [ struct timeval tv; tv.tv_sec = 1;],
2988 [ ac_cv_have_struct_timeval="yes" ],
2989 [ ac_cv_have_struct_timeval="no" ]
2992 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2993 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2994 have_struct_timeval=1
2997 AC_CHECK_TYPES(struct timespec)
2999 # We need int64_t or else certian parts of the compile will fail.
3000 if test "x$ac_cv_have_int64_t" = "xno" && \
3001 test "x$ac_cv_sizeof_long_int" != "x8" && \
3002 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3003 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3004 echo "an alternative compiler (I.E., GCC) before continuing."
3008 dnl test snprintf (broken on SCO w/gcc)
3013 #ifdef HAVE_SNPRINTF
3017 char expected_out[50];
3019 #if (SIZEOF_LONG_INT == 8)
3020 long int num = 0x7fffffffffffffff;
3022 long long num = 0x7fffffffffffffffll;
3024 strcpy(expected_out, "9223372036854775807");
3025 snprintf(buf, mazsize, "%lld", num);
3026 if(strcmp(buf, expected_out) != 0)
3033 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3034 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3038 dnl Checks for structure members
3039 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3040 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3041 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3042 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3043 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3044 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3045 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3046 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3047 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3048 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3049 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3050 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3051 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3052 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3053 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3054 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3055 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3057 AC_CHECK_MEMBERS([struct stat.st_blksize])
3058 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3059 [Define if we don't have struct __res_state in resolv.h])],
3062 #if HAVE_SYS_TYPES_H
3063 # include <sys/types.h>
3065 #include <netinet/in.h>
3066 #include <arpa/nameser.h>
3070 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3071 ac_cv_have_ss_family_in_struct_ss, [
3074 #include <sys/types.h>
3075 #include <sys/socket.h>
3077 [ struct sockaddr_storage s; s.ss_family = 1; ],
3078 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3079 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3082 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3083 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3086 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3087 ac_cv_have___ss_family_in_struct_ss, [
3090 #include <sys/types.h>
3091 #include <sys/socket.h>
3093 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3094 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3095 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3098 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3099 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3100 [Fields in struct sockaddr_storage])
3103 AC_CACHE_CHECK([for pw_class field in struct passwd],
3104 ac_cv_have_pw_class_in_struct_passwd, [
3109 [ struct passwd p; p.pw_class = 0; ],
3110 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3111 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3114 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3115 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3116 [Define if your password has a pw_class field])
3119 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3120 ac_cv_have_pw_expire_in_struct_passwd, [
3125 [ struct passwd p; p.pw_expire = 0; ],
3126 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3127 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3130 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3131 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3132 [Define if your password has a pw_expire field])
3135 AC_CACHE_CHECK([for pw_change field in struct passwd],
3136 ac_cv_have_pw_change_in_struct_passwd, [
3141 [ struct passwd p; p.pw_change = 0; ],
3142 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3143 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3146 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3147 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3148 [Define if your password has a pw_change field])
3151 dnl make sure we're using the real structure members and not defines
3152 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3153 ac_cv_have_accrights_in_msghdr, [
3156 #include <sys/types.h>
3157 #include <sys/socket.h>
3158 #include <sys/uio.h>
3160 #ifdef msg_accrights
3161 #error "msg_accrights is a macro"
3165 m.msg_accrights = 0;
3169 [ ac_cv_have_accrights_in_msghdr="yes" ],
3170 [ ac_cv_have_accrights_in_msghdr="no" ]
3173 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3174 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3175 [Define if your system uses access rights style
3176 file descriptor passing])
3179 AC_MSG_CHECKING(if f_fsid has val members)
3181 #include <sys/types.h>
3182 #include <sys/statvfs.h>],
3183 [struct fsid_t t; t.val[0] = 0;],
3184 [ AC_MSG_RESULT(yes)
3185 AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
3186 [ AC_MSG_RESULT(no) ]
3189 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3190 ac_cv_have_control_in_msghdr, [
3193 #include <sys/types.h>
3194 #include <sys/socket.h>
3195 #include <sys/uio.h>
3198 #error "msg_control is a macro"
3206 [ ac_cv_have_control_in_msghdr="yes" ],
3207 [ ac_cv_have_control_in_msghdr="no" ]
3210 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3211 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3212 [Define if your system uses ancillary data style
3213 file descriptor passing])
3216 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3218 [ extern char *__progname; printf("%s", __progname); ],
3219 [ ac_cv_libc_defines___progname="yes" ],
3220 [ ac_cv_libc_defines___progname="no" ]
3223 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3224 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3227 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3231 [ printf("%s", __FUNCTION__); ],
3232 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3233 [ ac_cv_cc_implements___FUNCTION__="no" ]
3236 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3237 AC_DEFINE(HAVE___FUNCTION__, 1,
3238 [Define if compiler implements __FUNCTION__])
3241 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3245 [ printf("%s", __func__); ],
3246 [ ac_cv_cc_implements___func__="yes" ],
3247 [ ac_cv_cc_implements___func__="no" ]
3250 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3251 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3254 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3256 [#include <stdarg.h>
3259 [ ac_cv_have_va_copy="yes" ],
3260 [ ac_cv_have_va_copy="no" ]
3263 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3264 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3267 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3269 [#include <stdarg.h>
3272 [ ac_cv_have___va_copy="yes" ],
3273 [ ac_cv_have___va_copy="no" ]
3276 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3277 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3280 AC_CACHE_CHECK([whether getopt has optreset support],
3281 ac_cv_have_getopt_optreset, [
3286 [ extern int optreset; optreset = 0; ],
3287 [ ac_cv_have_getopt_optreset="yes" ],
3288 [ ac_cv_have_getopt_optreset="no" ]
3291 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3292 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3293 [Define if your getopt(3) defines and uses optreset])
3296 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3298 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3299 [ ac_cv_libc_defines_sys_errlist="yes" ],
3300 [ ac_cv_libc_defines_sys_errlist="no" ]
3303 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3304 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3305 [Define if your system defines sys_errlist[]])
3309 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3311 [ extern int sys_nerr; printf("%i", sys_nerr);],
3312 [ ac_cv_libc_defines_sys_nerr="yes" ],
3313 [ ac_cv_libc_defines_sys_nerr="no" ]
3316 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3317 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3321 # Check whether user wants sectok support
3323 [ --with-sectok Enable smartcard support using libsectok],
3325 if test "x$withval" != "xno" ; then
3326 if test "x$withval" != "xyes" ; then
3327 CPPFLAGS="$CPPFLAGS -I${withval}"
3328 LDFLAGS="$LDFLAGS -L${withval}"
3329 if test ! -z "$need_dash_r" ; then
3330 LDFLAGS="$LDFLAGS -R${withval}"
3332 if test ! -z "$blibpath" ; then
3333 blibpath="$blibpath:${withval}"
3336 AC_CHECK_HEADERS(sectok.h)
3337 if test "$ac_cv_header_sectok_h" != yes; then
3338 AC_MSG_ERROR(Can't find sectok.h)
3340 AC_CHECK_LIB(sectok, sectok_open)
3341 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3342 AC_MSG_ERROR(Can't find libsectok)
3344 AC_DEFINE(SMARTCARD, 1,
3345 [Define if you want smartcard support])
3346 AC_DEFINE(USE_SECTOK, 1,
3347 [Define if you want smartcard support
3349 SCARD_MSG="yes, using sectok"
3354 # Check whether user wants OpenSC support
3357 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3359 if test "x$withval" != "xno" ; then
3360 if test "x$withval" != "xyes" ; then
3361 OPENSC_CONFIG=$withval/bin/opensc-config
3363 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3365 if test "$OPENSC_CONFIG" != "no"; then
3366 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3367 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3368 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3369 LIBS="$LIBS $LIBOPENSC_LIBS"
3370 AC_DEFINE(SMARTCARD)
3371 AC_DEFINE(USE_OPENSC, 1,
3372 [Define if you want smartcard support
3374 SCARD_MSG="yes, using OpenSC"
3380 # Check libraries needed by DNS fingerprint support
3381 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3382 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3383 [Define if getrrsetbyname() exists])],
3385 # Needed by our getrrsetbyname()
3386 AC_SEARCH_LIBS(res_query, resolv)
3387 AC_SEARCH_LIBS(dn_expand, resolv)
3388 AC_MSG_CHECKING(if res_query will link)
3389 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3392 LIBS="$LIBS -lresolv"
3393 AC_MSG_CHECKING(for res_query in -lresolv)
3398 res_query (0, 0, 0, 0, 0);
3402 [LIBS="$LIBS -lresolv"
3403 AC_MSG_RESULT(yes)],
3407 AC_CHECK_FUNCS(_getshort _getlong)
3408 AC_CHECK_DECLS([_getshort, _getlong], , ,
3409 [#include <sys/types.h>
3410 #include <arpa/nameser.h>])
3411 AC_CHECK_MEMBER(HEADER.ad,
3412 [AC_DEFINE(HAVE_HEADER_AD, 1,
3413 [Define if HEADER.ad exists in arpa/nameser.h])],,
3414 [#include <arpa/nameser.h>])
3417 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3420 #if HAVE_SYS_TYPES_H
3421 # include <sys/types.h>
3423 #include <netinet/in.h>
3424 #include <arpa/nameser.h>
3426 extern struct __res_state _res;
3427 int main() { return 0; }
3430 AC_DEFINE(HAVE__RES_EXTERN, 1,
3431 [Define if you have struct __res_state _res as an extern])
3433 [ AC_MSG_RESULT(no) ]
3436 # Check whether user wants SELinux support
3439 AC_ARG_WITH(selinux,
3440 [ --with-selinux Enable SELinux support],
3441 [ if test "x$withval" != "xno" ; then
3443 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3445 AC_CHECK_HEADER([selinux/selinux.h], ,
3446 AC_MSG_ERROR(SELinux support requires selinux.h header))
3447 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3448 AC_MSG_ERROR(SELinux support requires libselinux library))
3449 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3450 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3455 # Finish configuring Globus GSSAPI
3456 if test "x$gsi_path" != "xno" ; then
3457 if test ! -z "$need_dash_r" ; then
3458 LDFLAGS="$LDFLAGS -R${gsi_path}/lib"
3460 if test ! -z "$blibpath" ; then
3461 blibpath="$blibpath:${gsi_path}/lib"
3465 # Check whether the user wants GSSAPI mechglue support
3466 AC_ARG_WITH(mechglue,
3467 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
3469 AC_MSG_CHECKING(for mechglue library)
3471 if test -e ${withval}/libgssapi.a ; then
3472 mechglue_lib=${withval}/libgssapi.a
3473 elif test -e ${withval}/lib/libgssapi.a ; then
3474 mechglue_lib=${withval}/lib/libgssapi.a
3476 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
3478 LIBS="${mechglue_lib} $LIBS"
3479 AC_MSG_RESULT(${mechglue_lib})
3481 AC_CHECK_LIB(dl, dlopen, , )
3482 if test $ac_cv_lib_dl_dlopen = yes; then
3483 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
3487 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
3493 # Check whether user wants Kerberos 5 support
3495 AC_ARG_WITH(kerberos5,
3496 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3497 [ if test "x$withval" != "xno" ; then
3498 if test "x$withval" = "xyes" ; then
3499 KRB5ROOT="/usr/local"
3504 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3507 AC_MSG_CHECKING(for krb5-config)
3508 if test -x $KRB5ROOT/bin/krb5-config ; then
3509 KRB5CONF=$KRB5ROOT/bin/krb5-config
3510 AC_MSG_RESULT($KRB5CONF)
3512 AC_MSG_CHECKING(for gssapi support)
3513 if $KRB5CONF | grep gssapi >/dev/null ; then
3515 AC_DEFINE(GSSAPI, 1,
3516 [Define this if you want GSSAPI
3517 support in the version 2 protocol])
3523 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3524 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3525 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3526 AC_MSG_CHECKING(whether we are using Heimdal)
3527 AC_TRY_COMPILE([ #include <krb5.h> ],
3528 [ char *tmp = heimdal_version; ],
3529 [ AC_MSG_RESULT(yes)
3530 AC_DEFINE(HEIMDAL, 1,
3531 [Define this if you are using the
3532 Heimdal version of Kerberos V5]) ],
3537 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3538 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3539 AC_MSG_CHECKING(whether we are using Heimdal)
3540 AC_TRY_COMPILE([ #include <krb5.h> ],
3541 [ char *tmp = heimdal_version; ],
3542 [ AC_MSG_RESULT(yes)
3544 K5LIBS="-lkrb5 -ldes"
3545 K5LIBS="$K5LIBS -lcom_err -lasn1"
3546 AC_CHECK_LIB(roken, net_write,
3547 [K5LIBS="$K5LIBS -lroken"])
3550 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3553 AC_SEARCH_LIBS(dn_expand, resolv)
3555 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3557 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3558 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3560 K5LIBS="-lgssapi $K5LIBS" ],
3561 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3566 AC_CHECK_HEADER(gssapi.h, ,
3567 [ unset ac_cv_header_gssapi_h
3568 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3569 AC_CHECK_HEADERS(gssapi.h, ,
3570 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3576 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3577 AC_CHECK_HEADER(gssapi_krb5.h, ,
3578 [ CPPFLAGS="$oldCPP" ])
3580 # If we're using some other GSSAPI
3581 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3582 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3585 if test -z "$GSSAPI"; then
3590 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3591 AC_CHECK_HEADER(gssapi_krb5.h, ,
3592 [ CPPFLAGS="$oldCPP" ])
3595 if test ! -z "$need_dash_r" ; then
3596 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3598 if test ! -z "$blibpath" ; then
3599 blibpath="$blibpath:${KRB5ROOT}/lib"
3602 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3603 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3604 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3606 LIBS="$LIBS $K5LIBS"
3607 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3608 [Define this if you want to use libkafs' AFS support]))
3613 # Check whether user wants AFS_KRB5 support
3615 AC_ARG_WITH(afs-krb5,
3616 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3618 if test "x$withval" != "xno" ; then
3620 if test "x$withval" != "xyes" ; then
3621 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3622 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3624 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3626 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3629 if test -z "$KRB5ROOT" ; then
3630 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3633 LIBS="-lkrbafs -lkrb4 $LIBS"
3634 if test ! -z "$AFS_LIBS" ; then
3635 LIBS="$LIBS $AFS_LIBS"
3637 AC_DEFINE(AFS_KRB5, 1,
3638 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3644 AC_ARG_WITH(session-hooks,
3645 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3646 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3649 # Looking for programs, paths and files
3651 PRIVSEP_PATH=/var/empty
3652 AC_ARG_WITH(privsep-path,
3653 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3655 if test -n "$withval" && test "x$withval" != "xno" && \
3656 test "x${withval}" != "xyes"; then
3657 PRIVSEP_PATH=$withval
3661 AC_SUBST(PRIVSEP_PATH)
3664 [ --with-xauth=PATH Specify path to xauth program ],
3666 if test -n "$withval" && test "x$withval" != "xno" && \
3667 test "x${withval}" != "xyes"; then
3673 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3674 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3675 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3676 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3677 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3678 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3679 xauth_path="/usr/openwin/bin/xauth"
3684 # strip causes problems with GSI libraries...
3685 if test -z "$GLOBUS_LDFLAGS" ; then
3688 AC_ARG_ENABLE(strip,
3689 [ --disable-strip Disable calling strip(1) on install],
3691 if test "x$enableval" = "xno" ; then
3698 if test -z "$xauth_path" ; then
3699 XAUTH_PATH="undefined"
3700 AC_SUBST(XAUTH_PATH)
3702 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3703 [Define if xauth is found in your path])
3704 XAUTH_PATH=$xauth_path
3705 AC_SUBST(XAUTH_PATH)
3708 # Check for mail directory (last resort if we cannot get it from headers)
3709 if test ! -z "$MAIL" ; then
3710 maildir=`dirname $MAIL`
3711 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3712 [Set this to your mail directory if you don't have maillock.h])
3715 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3716 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3717 disable_ptmx_check=yes
3719 if test -z "$no_dev_ptmx" ; then
3720 if test "x$disable_ptmx_check" != "xyes" ; then
3721 AC_CHECK_FILE("/dev/ptmx",
3723 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3724 [Define if you have /dev/ptmx])
3731 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3732 AC_CHECK_FILE("/dev/ptc",
3734 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3735 [Define if you have /dev/ptc])
3740 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3743 # Options from here on. Some of these are preset by platform above
3744 AC_ARG_WITH(mantype,
3745 [ --with-mantype=man|cat|doc Set man page type],
3752 AC_MSG_ERROR(invalid man type: $withval)
3757 if test -z "$MANTYPE"; then
3758 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3759 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3760 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3762 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3769 if test "$MANTYPE" = "doc"; then
3776 # Check whether to enable MD5 passwords
3778 AC_ARG_WITH(md5-passwords,
3779 [ --with-md5-passwords Enable use of MD5 passwords],
3781 if test "x$withval" != "xno" ; then
3782 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3783 [Define if you want to allow MD5 passwords])
3789 # Whether to disable shadow password support
3791 [ --without-shadow Disable shadow password support],
3793 if test "x$withval" = "xno" ; then
3794 AC_DEFINE(DISABLE_SHADOW)
3800 if test -z "$disable_shadow" ; then
3801 AC_MSG_CHECKING([if the systems has expire shadow information])
3804 #include <sys/types.h>
3807 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3808 [ sp_expire_available=yes ], []
3811 if test "x$sp_expire_available" = "xyes" ; then
3813 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3814 [Define if you want to use shadow password expire field])
3820 # Use ip address instead of hostname in $DISPLAY
3821 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3822 DISPLAY_HACK_MSG="yes"
3823 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3824 [Define if you need to use IP address
3825 instead of hostname in $DISPLAY])
3827 DISPLAY_HACK_MSG="no"
3828 AC_ARG_WITH(ipaddr-display,
3829 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3831 if test "x$withval" != "xno" ; then
3832 AC_DEFINE(IPADDR_IN_DISPLAY)
3833 DISPLAY_HACK_MSG="yes"
3839 # check for /etc/default/login and use it if present.
3840 AC_ARG_ENABLE(etc-default-login,
3841 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3842 [ if test "x$enableval" = "xno"; then
3843 AC_MSG_NOTICE([/etc/default/login handling disabled])
3844 etc_default_login=no
3846 etc_default_login=yes
3848 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3850 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3851 etc_default_login=no
3853 etc_default_login=yes
3857 if test "x$etc_default_login" != "xno"; then
3858 AC_CHECK_FILE("/etc/default/login",
3859 [ external_path_file=/etc/default/login ])
3860 if test "x$external_path_file" = "x/etc/default/login"; then
3861 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3862 [Define if your system has /etc/default/login])
3866 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3867 if test $ac_cv_func_login_getcapbool = "yes" && \
3868 test $ac_cv_header_login_cap_h = "yes" ; then
3869 external_path_file=/etc/login.conf
3872 # Whether to mess with the default path
3873 SERVER_PATH_MSG="(default)"
3874 AC_ARG_WITH(default-path,
3875 [ --with-default-path= Specify default \$PATH environment for server],
3877 if test "x$external_path_file" = "x/etc/login.conf" ; then
3879 --with-default-path=PATH has no effect on this system.
3880 Edit /etc/login.conf instead.])
3881 elif test "x$withval" != "xno" ; then
3882 if test ! -z "$external_path_file" ; then
3884 --with-default-path=PATH will only be used if PATH is not defined in
3885 $external_path_file .])
3887 user_path="$withval"
3888 SERVER_PATH_MSG="$withval"
3891 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3892 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3894 if test ! -z "$external_path_file" ; then
3896 If PATH is defined in $external_path_file, ensure the path to scp is included,
3897 otherwise scp will not work.])
3901 /* find out what STDPATH is */
3906 #ifndef _PATH_STDPATH
3907 # ifdef _PATH_USERPATH /* Irix */
3908 # define _PATH_STDPATH _PATH_USERPATH
3910 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3913 #include <sys/types.h>
3914 #include <sys/stat.h>
3916 #define DATA "conftest.stdpath"
3923 fd = fopen(DATA,"w");
3927 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3933 [ user_path=`cat conftest.stdpath` ],
3934 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3935 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3937 # make sure $bindir is in USER_PATH so scp will work
3938 t_bindir=`eval echo ${bindir}`
3940 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3943 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3945 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3946 if test $? -ne 0 ; then
3947 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3948 if test $? -ne 0 ; then
3949 user_path=$user_path:$t_bindir
3950 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3955 if test "x$external_path_file" != "x/etc/login.conf" ; then
3956 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3960 # Set superuser path separately to user path
3961 AC_ARG_WITH(superuser-path,
3962 [ --with-superuser-path= Specify different path for super-user],
3964 if test -n "$withval" && test "x$withval" != "xno" && \
3965 test "x${withval}" != "xyes"; then
3966 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3967 [Define if you want a different $PATH
3969 superuser_path=$withval
3975 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3976 IPV4_IN6_HACK_MSG="no"
3978 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3980 if test "x$withval" != "xno" ; then
3982 AC_DEFINE(IPV4_IN_IPV6, 1,
3983 [Detect IPv4 in IPv6 mapped addresses
3985 IPV4_IN6_HACK_MSG="yes"
3990 if test "x$inet6_default_4in6" = "xyes"; then
3991 AC_MSG_RESULT([yes (default)])
3992 AC_DEFINE(IPV4_IN_IPV6)
3993 IPV4_IN6_HACK_MSG="yes"
3995 AC_MSG_RESULT([no (default)])
4000 # Whether to enable BSD auth support
4002 AC_ARG_WITH(bsd-auth,
4003 [ --with-bsd-auth Enable BSD auth support],
4005 if test "x$withval" != "xno" ; then
4006 AC_DEFINE(BSD_AUTH, 1,
4007 [Define if you have BSD auth support])
4013 # Where to place sshd.pid
4015 # make sure the directory exists
4016 if test ! -d $piddir ; then
4017 piddir=`eval echo ${sysconfdir}`
4019 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4023 AC_ARG_WITH(pid-dir,
4024 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4026 if test -n "$withval" && test "x$withval" != "xno" && \
4027 test "x${withval}" != "xyes"; then
4029 if test ! -d $piddir ; then
4030 AC_MSG_WARN([** no $piddir directory on this system **])
4036 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
4039 dnl allow user to disable some login recording features
4040 AC_ARG_ENABLE(lastlog,
4041 [ --disable-lastlog disable use of lastlog even if detected [no]],
4043 if test "x$enableval" = "xno" ; then
4044 AC_DEFINE(DISABLE_LASTLOG)
4049 [ --disable-utmp disable use of utmp even if detected [no]],
4051 if test "x$enableval" = "xno" ; then
4052 AC_DEFINE(DISABLE_UTMP)
4056 AC_ARG_ENABLE(utmpx,
4057 [ --disable-utmpx disable use of utmpx even if detected [no]],
4059 if test "x$enableval" = "xno" ; then
4060 AC_DEFINE(DISABLE_UTMPX, 1,
4061 [Define if you don't want to use utmpx])
4066 [ --disable-wtmp disable use of wtmp even if detected [no]],
4068 if test "x$enableval" = "xno" ; then
4069 AC_DEFINE(DISABLE_WTMP)
4073 AC_ARG_ENABLE(wtmpx,
4074 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4076 if test "x$enableval" = "xno" ; then
4077 AC_DEFINE(DISABLE_WTMPX, 1,
4078 [Define if you don't want to use wtmpx])
4082 AC_ARG_ENABLE(libutil,
4083 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4085 if test "x$enableval" = "xno" ; then
4086 AC_DEFINE(DISABLE_LOGIN)
4090 AC_ARG_ENABLE(pututline,
4091 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4093 if test "x$enableval" = "xno" ; then
4094 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4095 [Define if you don't want to use pututline()
4096 etc. to write [uw]tmp])
4100 AC_ARG_ENABLE(pututxline,
4101 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4103 if test "x$enableval" = "xno" ; then
4104 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4105 [Define if you don't want to use pututxline()
4106 etc. to write [uw]tmpx])
4110 AC_ARG_WITH(lastlog,
4111 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4113 if test "x$withval" = "xno" ; then
4114 AC_DEFINE(DISABLE_LASTLOG)
4115 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4116 conf_lastlog_location=$withval
4121 dnl lastlog, [uw]tmpx? detection
4122 dnl NOTE: set the paths in the platform section to avoid the
4123 dnl need for command-line parameters
4124 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4126 dnl lastlog detection
4127 dnl NOTE: the code itself will detect if lastlog is a directory
4128 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4130 #include <sys/types.h>
4132 #ifdef HAVE_LASTLOG_H
4133 # include <lastlog.h>
4142 [ char *lastlog = LASTLOG_FILE; ],
4143 [ AC_MSG_RESULT(yes) ],
4146 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4148 #include <sys/types.h>
4150 #ifdef HAVE_LASTLOG_H
4151 # include <lastlog.h>
4157 [ char *lastlog = _PATH_LASTLOG; ],
4158 [ AC_MSG_RESULT(yes) ],
4161 system_lastlog_path=no
4166 if test -z "$conf_lastlog_location"; then
4167 if test x"$system_lastlog_path" = x"no" ; then
4168 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4169 if (test -d "$f" || test -f "$f") ; then
4170 conf_lastlog_location=$f
4173 if test -z "$conf_lastlog_location"; then
4174 AC_MSG_WARN([** Cannot find lastlog **])
4175 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4180 if test -n "$conf_lastlog_location"; then
4181 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4182 [Define if you want to specify the path to your lastlog file])
4186 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4188 #include <sys/types.h>
4194 [ char *utmp = UTMP_FILE; ],
4195 [ AC_MSG_RESULT(yes) ],
4197 system_utmp_path=no ]
4199 if test -z "$conf_utmp_location"; then
4200 if test x"$system_utmp_path" = x"no" ; then
4201 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4202 if test -f $f ; then
4203 conf_utmp_location=$f
4206 if test -z "$conf_utmp_location"; then
4207 AC_DEFINE(DISABLE_UTMP)
4211 if test -n "$conf_utmp_location"; then
4212 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4213 [Define if you want to specify the path to your utmp file])
4217 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4219 #include <sys/types.h>
4225 [ char *wtmp = WTMP_FILE; ],
4226 [ AC_MSG_RESULT(yes) ],
4228 system_wtmp_path=no ]
4230 if test -z "$conf_wtmp_location"; then
4231 if test x"$system_wtmp_path" = x"no" ; then
4232 for f in /usr/adm/wtmp /var/log/wtmp; do
4233 if test -f $f ; then
4234 conf_wtmp_location=$f
4237 if test -z "$conf_wtmp_location"; then
4238 AC_DEFINE(DISABLE_WTMP)
4242 if test -n "$conf_wtmp_location"; then
4243 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4244 [Define if you want to specify the path to your wtmp file])
4248 dnl utmpx detection - I don't know any system so perverse as to require
4249 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4251 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4253 #include <sys/types.h>
4262 [ char *utmpx = UTMPX_FILE; ],
4263 [ AC_MSG_RESULT(yes) ],
4265 system_utmpx_path=no ]
4267 if test -z "$conf_utmpx_location"; then
4268 if test x"$system_utmpx_path" = x"no" ; then
4269 AC_DEFINE(DISABLE_UTMPX)
4272 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4273 [Define if you want to specify the path to your utmpx file])
4277 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4279 #include <sys/types.h>
4288 [ char *wtmpx = WTMPX_FILE; ],
4289 [ AC_MSG_RESULT(yes) ],
4291 system_wtmpx_path=no ]
4293 if test -z "$conf_wtmpx_location"; then
4294 if test x"$system_wtmpx_path" = x"no" ; then
4295 AC_DEFINE(DISABLE_WTMPX)
4298 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4299 [Define if you want to specify the path to your wtmpx file])
4303 if test ! -z "$blibpath" ; then
4304 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4305 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4308 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4310 CFLAGS="$CFLAGS $werror_flags"
4312 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4313 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4314 AC_SUBST(TEST_SSH_IPV6, no)
4316 AC_SUBST(TEST_SSH_IPV6, yes)
4320 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4321 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4322 scard/Makefile ssh_prng_cmds survey.sh])
4325 # Print summary of options
4327 # Someone please show me a better way :)
4328 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4329 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4330 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4331 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4332 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4333 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4334 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4335 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4336 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4337 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4340 echo "OpenSSH has been configured with the following options:"
4341 echo " User binaries: $B"
4342 echo " System binaries: $C"
4343 echo " Configuration files: $D"
4344 echo " Askpass program: $E"
4345 echo " Manual pages: $F"
4346 echo " PID file: $G"
4347 echo " Privilege separation chroot path: $H"
4348 if test "x$external_path_file" = "x/etc/login.conf" ; then
4349 echo " At runtime, sshd will use the path defined in $external_path_file"
4350 echo " Make sure the path to scp is present, otherwise scp will not work"
4352 echo " sshd default user PATH: $I"
4353 if test ! -z "$external_path_file"; then
4354 echo " (If PATH is set in $external_path_file it will be used instead. If"
4355 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4358 if test ! -z "$superuser_path" ; then
4359 echo " sshd superuser user PATH: $J"
4361 echo " Manpage format: $MANTYPE"
4362 echo " PAM support: $PAM_MSG"
4363 echo " OSF SIA support: $SIA_MSG"
4364 echo " KerberosV support: $KRB5_MSG"
4365 echo " SELinux support: $SELINUX_MSG"
4366 echo " Smartcard support: $SCARD_MSG"
4367 echo " S/KEY support: $SKEY_MSG"
4368 echo " TCP Wrappers support: $TCPW_MSG"
4369 echo " MD5 password support: $MD5_MSG"
4370 echo " libedit support: $LIBEDIT_MSG"
4371 echo " Solaris process contract support: $SPC_MSG"
4372 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4373 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4374 echo " BSD Auth support: $BSD_AUTH_MSG"
4375 echo " Random number source: $RAND_MSG"
4376 if test ! -z "$USE_RAND_HELPER" ; then
4377 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4382 echo " Host: ${host}"
4383 echo " Compiler: ${CC}"
4384 echo " Compiler flags: ${CFLAGS}"
4385 echo "Preprocessor flags: ${CPPFLAGS}"
4386 echo " Linker flags: ${LDFLAGS}"
4387 echo " Libraries: ${LIBS}"
4388 if test ! -z "${SSHDLIBS}"; then
4389 echo " +for sshd: ${SSHDLIBS}"
4394 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4395 echo "SVR4 style packages are supported with \"make package\""
4399 if test "x$PAM_MSG" = "xyes" ; then
4400 echo "PAM is enabled. You may need to install a PAM control file "
4401 echo "for sshd, otherwise password authentication may fail. "
4402 echo "Example PAM control files can be found in the contrib/ "
4407 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4408 echo "WARNING: you are using the builtin random number collection "
4409 echo "service. Please read WARNING.RNG and request that your OS "
4410 echo "vendor includes kernel-based random number collection in "
4411 echo "future versions of your OS."
4415 if test ! -z "$NO_PEERCHECK" ; then
4416 echo "WARNING: the operating system that you are using does not"
4417 echo "appear to support getpeereid(), getpeerucred() or the"
4418 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4419 echo "enforce security checks to prevent unauthorised connections to"
4420 echo "ssh-agent. Their absence increases the risk that a malicious"
4421 echo "user can connect to your agent."
4425 if test "$AUDIT_MODULE" = "bsm" ; then
4426 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4427 echo "See the Solaris section in README.platform for details."