3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
23 # Handle Globus configuration right away, because the Globus flavor
24 # determines our compiler options.
26 # Check whether the user wants GSI (Globus) support
29 [ --with-gsi Enable Globus GSI authentication support],
36 [ --with-globus Enable Globus GSI authentication support],
42 AC_ARG_WITH(globus-static,
43 [ --with-globus-static Link statically with Globus GSI libraries],
46 if test "x$gsi_path" = "xno" ; then
52 # Check whether the user has a Globus flavor type
53 globus_flavor_type="no"
54 AC_ARG_WITH(globus-flavor,
55 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
57 globus_flavor_type="$withval"
58 if test "x$gsi_path" = "xno" ; then
64 if test "x$gsi_path" != "xno" ; then
65 # Globus GSSAPI configuration
66 AC_MSG_CHECKING(for Globus GSI)
67 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
69 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
70 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
72 if test -z "$GSSAPI"; then
77 if test "x$gsi_path" = "xyes" ; then
78 if test -z "$GLOBUS_LOCATION" ; then
79 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
81 gsi_path="$GLOBUS_LOCATION"
84 GLOBUS_LOCATION="$gsi_path"
85 export GLOBUS_LOCATION
86 if test ! -d "$GLOBUS_LOCATION" ; then
87 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
90 if test "x$globus_flavor_type" = "xno" ; then
91 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
93 if test "x$globus_flavor_type" = "xyes" ; then
94 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
97 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
98 if test ! -d "$GLOBUS_INCLUDE" ; then
99 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
102 if test -x ${gsi_path}/bin/globus-makefile-header ; then
103 ${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
104 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
105 ${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
107 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
110 if test -z "$GLOBUS_PKG_LIBS" ; then
111 AC_MSG_ERROR(globus-makefile-header failed)
114 AC_MSG_RESULT($GLOBUS_LOCATION)
115 AC_DEFINE(HAVE_GSSAPI_H)
118 CFLAGS="$GLOBUS_CFLAGS"
120 CPPFLAGS="$GLOBUS_CPPFLAGS $GLOBUS_INCLUDES"
121 LIBS="$LIBS $GLOBUS_LIBS $GLOBUS_PKG_LIBS"
123 LDFLAGS="$LDFLAGS $GLOBUS_LDFLAGS"
129 # End Globus/GSI section
135 # Checks for programs.
142 AC_PATH_PROG(CAT, cat)
143 AC_PATH_PROG(KILL, kill)
144 AC_PATH_PROGS(PERL, perl5 perl)
145 AC_PATH_PROG(SED, sed)
147 AC_PATH_PROG(ENT, ent)
149 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
150 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
151 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
153 AC_SUBST(TEST_SHELL,sh)
156 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
157 [/usr/sbin${PATH_SEPARATOR}/etc])
158 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
159 [/usr/sbin${PATH_SEPARATOR}/etc])
160 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
161 if test -x /sbin/sh; then
162 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
164 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
170 if test -z "$AR" ; then
171 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
174 # Use LOGIN_PROGRAM from environment if possible
175 if test ! -z "$LOGIN_PROGRAM" ; then
176 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
177 [If your header files don't define LOGIN_PROGRAM,
178 then use this (detected) from environment and PATH])
181 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
182 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
183 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
187 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
188 if test ! -z "$PATH_PASSWD_PROG" ; then
189 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
190 [Full path of your "passwd" program])
193 if test -z "$LD" ; then
200 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
202 use_stack_protector=1
203 AC_ARG_WITH(stackprotect,
204 [ --without-stackprotect Don't use compiler's stack protection], [
205 if test "x$withval" = "xno"; then
206 use_stack_protector=0
209 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
210 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
211 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
213 1.*) no_attrib_nonnull=1 ;;
215 CFLAGS="$CFLAGS -Wsign-compare"
218 2.*) no_attrib_nonnull=1 ;;
219 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
220 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
224 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
225 saved_CFLAGS="$CFLAGS"
226 CFLAGS="$CFLAGS -fno-builtin-memset"
227 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
229 int main(void){char b[10]; memset(b, 0, sizeof(b));}
231 [ AC_MSG_RESULT(yes) ],
233 CFLAGS="$saved_CFLAGS" ]
236 # -fstack-protector-all doesn't always work for some GCC versions
237 # and/or platforms, so we test if we can. If it's not supported
238 # on a given platform gcc will emit a warning so we use -Werror.
239 if test "x$use_stack_protector" = "x1"; then
240 for t in -fstack-protector-all -fstack-protector; do
241 AC_MSG_CHECKING(if $CC supports $t)
242 saved_CFLAGS="$CFLAGS"
243 saved_LDFLAGS="$LDFLAGS"
244 CFLAGS="$CFLAGS $t -Werror"
245 LDFLAGS="$LDFLAGS $t -Werror"
249 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
252 CFLAGS="$saved_CFLAGS $t"
253 LDFLAGS="$saved_LDFLAGS $t"
254 AC_MSG_CHECKING(if $t works)
258 int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
262 [ AC_MSG_RESULT(no) ],
263 [ AC_MSG_WARN([cross compiling: cannot test])
267 [ AC_MSG_RESULT(no) ]
269 CFLAGS="$saved_CFLAGS"
270 LDFLAGS="$saved_LDFLAGS"
274 if test -z "$have_llong_max"; then
275 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
276 unset ac_cv_have_decl_LLONG_MAX
277 saved_CFLAGS="$CFLAGS"
278 CFLAGS="$CFLAGS -std=gnu99"
279 AC_CHECK_DECL(LLONG_MAX,
281 [CFLAGS="$saved_CFLAGS"],
282 [#include <limits.h>]
287 if test "x$no_attrib_nonnull" != "x1" ; then
288 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
292 [ --without-rpath Disable auto-added -R linker paths],
294 if test "x$withval" = "xno" ; then
297 if test "x$withval" = "xyes" ; then
303 # Allow user to specify flags
305 [ --with-cflags Specify additional flags to pass to compiler],
307 if test -n "$withval" && test "x$withval" != "xno" && \
308 test "x${withval}" != "xyes"; then
309 CFLAGS="$CFLAGS $withval"
313 AC_ARG_WITH(cppflags,
314 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
316 if test -n "$withval" && test "x$withval" != "xno" && \
317 test "x${withval}" != "xyes"; then
318 CPPFLAGS="$CPPFLAGS $withval"
323 [ --with-ldflags Specify additional flags to pass to linker],
325 if test -n "$withval" && test "x$withval" != "xno" && \
326 test "x${withval}" != "xyes"; then
327 LDFLAGS="$LDFLAGS $withval"
332 [ --with-libs Specify additional libraries to link with],
334 if test -n "$withval" && test "x$withval" != "xno" && \
335 test "x${withval}" != "xyes"; then
336 LIBS="$LIBS $withval"
341 [ --with-Werror Build main code with -Werror],
343 if test -n "$withval" && test "x$withval" != "xno"; then
344 werror_flags="-Werror"
345 if test "x${withval}" != "xyes"; then
346 werror_flags="$withval"
378 security/pam_appl.h \
419 # lastlog.h requires sys/time.h to be included first on Solaris
420 AC_CHECK_HEADERS(lastlog.h, [], [], [
421 #ifdef HAVE_SYS_TIME_H
422 # include <sys/time.h>
426 # sys/ptms.h requires sys/stream.h to be included first on Solaris
427 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
428 #ifdef HAVE_SYS_STREAM_H
429 # include <sys/stream.h>
433 # login_cap.h requires sys/types.h on NetBSD
434 AC_CHECK_HEADERS(login_cap.h, [], [], [
435 #include <sys/types.h>
438 # Messages for features tested for in target-specific section
442 # Check for some target-specific stuff
445 # Some versions of VAC won't allow macro redefinitions at
446 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
447 # particularly with older versions of vac or xlc.
448 # It also throws errors about null macro argments, but these are
450 AC_MSG_CHECKING(if compiler allows macro redefinitions)
453 #define testmacro foo
454 #define testmacro bar
455 int main(void) { exit(0); }
457 [ AC_MSG_RESULT(yes) ],
459 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
460 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
461 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
462 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
466 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
467 if (test -z "$blibpath"); then
468 blibpath="/usr/lib:/lib"
470 saved_LDFLAGS="$LDFLAGS"
471 if test "$GCC" = "yes"; then
472 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
474 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
476 for tryflags in $flags ;do
477 if (test -z "$blibflags"); then
478 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
479 AC_TRY_LINK([], [], [blibflags=$tryflags])
482 if (test -z "$blibflags"); then
483 AC_MSG_RESULT(not found)
484 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
486 AC_MSG_RESULT($blibflags)
488 LDFLAGS="$saved_LDFLAGS"
489 dnl Check for authenticate. Might be in libs.a on older AIXes
490 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
491 [Define if you want to enable AIX4's authenticate function])],
492 [AC_CHECK_LIB(s,authenticate,
493 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
497 dnl Check for various auth function declarations in headers.
498 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
499 passwdexpired, setauthdb], , , [#include <usersec.h>])
500 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
501 AC_CHECK_DECLS(loginfailed,
502 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
504 [#include <usersec.h>],
505 [(void)loginfailed("user","host","tty",0);],
507 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
508 [Define if your AIX loginfailed() function
509 takes 4 arguments (AIX >= 5.2)])],
513 [#include <usersec.h>]
515 AC_CHECK_FUNCS(getgrset setauthdb)
516 AC_CHECK_DECL(F_CLOSEM,
517 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
519 [ #include <limits.h>
522 check_for_aix_broken_getaddrinfo=1
523 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
524 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
525 [Define if your platform breaks doing a seteuid before a setuid])
526 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
527 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
528 dnl AIX handles lastlog as part of its login message
529 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
530 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
531 [Some systems need a utmpx entry for /bin/login to work])
532 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
533 [Define to a Set Process Title type if your system is
534 supported by bsd-setproctitle.c])
535 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
536 [AIX 5.2 and 5.3 (and presumably newer) require this])
537 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
540 check_for_libcrypt_later=1
541 LIBS="$LIBS /usr/lib/textreadmode.o"
542 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
543 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
544 AC_DEFINE(DISABLE_SHADOW, 1,
545 [Define if you want to disable shadow passwords])
546 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
547 [Define if your system choked on IP TOS setting])
548 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
549 [Define if X11 doesn't support AF_UNIX sockets on that system])
550 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
551 [Define if the concept of ports only accessible to
552 superusers isn't known])
553 AC_DEFINE(DISABLE_FD_PASSING, 1,
554 [Define if your platform needs to skip post auth
555 file descriptor passing])
558 AC_DEFINE(IP_TOS_IS_BROKEN)
559 AC_DEFINE(SETEUID_BREAKS_SETUID)
560 AC_DEFINE(BROKEN_SETREUID)
561 AC_DEFINE(BROKEN_SETREGID)
564 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
565 AC_DEFINE(BROKEN_GETADDRINFO)
566 AC_DEFINE(SETEUID_BREAKS_SETUID)
567 AC_DEFINE(BROKEN_SETREUID)
568 AC_DEFINE(BROKEN_SETREGID)
569 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
570 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
571 [Define if your resolver libs need this for getrrsetbyname])
572 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
573 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
574 [Use tunnel device compatibility to OpenBSD])
575 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
576 [Prepend the address family to IP tunnel traffic])
577 m4_pattern_allow(AU_IPv)
578 AC_CHECK_DECL(AU_IPv4, [],
579 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
580 [#include <bsm/audit.h>]
581 AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
582 [Define if pututxline updates lastlog too])
584 AC_MSG_CHECKING(if we have the Security Authorization Session API)
585 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
586 [SessionCreate(0, 0);],
587 [ac_cv_use_security_session_api="yes"
588 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
589 [platform has the Security Authorization Session API])
590 LIBS="$LIBS -framework Security"
592 [ac_cv_use_security_session_api="no"
594 AC_MSG_CHECKING(if we have an in-memory credentials cache)
596 [#include <Kerberos/Kerberos.h>],
598 (void) cc_initialize (&c, 0, NULL, NULL);],
599 [AC_DEFINE(USE_CCAPI, 1,
600 [platform uses an in-memory credentials cache])
601 LIBS="$LIBS -framework Security"
603 if test "x$ac_cv_use_security_session_api" = "xno"; then
604 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
610 SSHDLIBS="$SSHDLIBS -lcrypt"
613 # first we define all of the options common to all HP-UX releases
614 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
615 IPADDR_IN_DISPLAY=yes
617 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
618 [Define if your login program cannot handle end of options ("--")])
619 AC_DEFINE(LOGIN_NEEDS_UTMPX)
620 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
621 [String used in /etc/passwd to denote locked account])
622 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
623 MAIL="/var/mail/username"
625 AC_CHECK_LIB(xnet, t_error, ,
626 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
628 # next, we define all of the options specific to major releases
631 if test -z "$GCC"; then
636 AC_DEFINE(PAM_SUN_CODEBASE, 1,
637 [Define if you are using Solaris-derived PAM which
638 passes pam_messages to the conversation function
639 with an extra level of indirection])
640 AC_DEFINE(DISABLE_UTMP, 1,
641 [Define if you don't want to use utmp])
642 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
643 check_for_hpux_broken_getaddrinfo=1
644 check_for_conflicting_getspnam=1
648 # lastly, we define options specific to minor releases
651 AC_DEFINE(HAVE_SECUREWARE, 1,
652 [Define if you have SecureWare-based
653 protected password database])
654 disable_ptmx_check=yes
660 PATH="$PATH:/usr/etc"
661 AC_DEFINE(BROKEN_INET_NTOA, 1,
662 [Define if you system's inet_ntoa is busted
663 (e.g. Irix gcc issue)])
664 AC_DEFINE(SETEUID_BREAKS_SETUID)
665 AC_DEFINE(BROKEN_SETREUID)
666 AC_DEFINE(BROKEN_SETREGID)
667 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
668 [Define if you shouldn't strip 'tty' from your
670 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
673 PATH="$PATH:/usr/etc"
674 AC_DEFINE(WITH_IRIX_ARRAY, 1,
675 [Define if you have/want arrays
676 (cluster-wide session managment, not C arrays)])
677 AC_DEFINE(WITH_IRIX_PROJECT, 1,
678 [Define if you want IRIX project management])
679 AC_DEFINE(WITH_IRIX_AUDIT, 1,
680 [Define if you want IRIX audit trails])
681 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
682 [Define if you want IRIX kernel jobs])])
683 AC_DEFINE(BROKEN_INET_NTOA)
684 AC_DEFINE(SETEUID_BREAKS_SETUID)
685 AC_DEFINE(BROKEN_SETREUID)
686 AC_DEFINE(BROKEN_SETREGID)
687 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
688 AC_DEFINE(WITH_ABBREV_NO_TTY)
689 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
691 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
692 check_for_libcrypt_later=1
693 AC_DEFINE(PAM_TTY_KLUDGE)
694 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
695 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
696 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
697 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
701 check_for_libcrypt_later=1
702 check_for_openpty_ctty_bug=1
703 AC_DEFINE(PAM_TTY_KLUDGE, 1,
704 [Work around problematic Linux PAM modules handling of PAM_TTY])
705 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
706 [String used in /etc/passwd to denote locked account])
707 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
708 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
709 [Define to whatever link() returns for "not supported"
710 if it doesn't return EOPNOTSUPP.])
711 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
713 inet6_default_4in6=yes
716 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
717 [Define if cmsg_type is not passed correctly])
720 # tun(4) forwarding compat code
721 AC_CHECK_HEADERS(linux/if_tun.h)
722 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
723 AC_DEFINE(SSH_TUN_LINUX, 1,
724 [Open tunnel devices the Linux tun/tap way])
725 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
726 [Use tunnel device compatibility to OpenBSD])
727 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
728 [Prepend the address family to IP tunnel traffic])
731 mips-sony-bsd|mips-sony-newsos4)
732 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
736 check_for_libcrypt_before=1
737 if test "x$withval" != "xno" ; then
740 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
741 AC_CHECK_HEADER([net/if_tap.h], ,
742 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
743 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
744 [Prepend the address family to IP tunnel traffic])
747 check_for_libcrypt_later=1
748 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
749 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
750 AC_CHECK_HEADER([net/if_tap.h], ,
751 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
752 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
755 AC_DEFINE(SETEUID_BREAKS_SETUID)
756 AC_DEFINE(BROKEN_SETREUID)
757 AC_DEFINE(BROKEN_SETREGID)
760 conf_lastlog_location="/usr/adm/lastlog"
761 conf_utmp_location=/etc/utmp
762 conf_wtmp_location=/usr/adm/wtmp
764 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
765 AC_DEFINE(BROKEN_REALPATH)
767 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
770 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
771 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
772 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
773 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
774 [syslog_r function is safe to use in in a signal handler])
777 if test "x$withval" != "xno" ; then
780 AC_DEFINE(PAM_SUN_CODEBASE)
781 AC_DEFINE(LOGIN_NEEDS_UTMPX)
782 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
783 [Some versions of /bin/login need the TERM supplied
785 AC_DEFINE(PAM_TTY_KLUDGE)
786 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
787 [Define if pam_chauthtok wants real uid set
788 to the unpriv'ed user])
789 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
790 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
791 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
792 [Define if sshd somehow reacquires a controlling TTY
794 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
795 in case the name is longer than 8 chars])
796 external_path_file=/etc/default/login
797 # hardwire lastlog location (can't detect it on some versions)
798 conf_lastlog_location="/var/adm/lastlog"
799 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
800 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
801 if test "$sol2ver" -ge 8; then
803 AC_DEFINE(DISABLE_UTMP)
804 AC_DEFINE(DISABLE_WTMP, 1,
805 [Define if you don't want to use wtmp])
809 AC_ARG_WITH(solaris-contracts,
810 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
812 AC_CHECK_LIB(contract, ct_tmpl_activate,
813 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
814 [Define if you have Solaris process contracts])
815 SSHDLIBS="$SSHDLIBS -lcontract"
822 CPPFLAGS="$CPPFLAGS -DSUNOS4"
823 AC_CHECK_FUNCS(getpwanam)
824 AC_DEFINE(PAM_SUN_CODEBASE)
825 conf_utmp_location=/etc/utmp
826 conf_wtmp_location=/var/adm/wtmp
827 conf_lastlog_location=/var/adm/lastlog
833 AC_DEFINE(SSHD_ACQUIRES_CTTY)
834 AC_DEFINE(SETEUID_BREAKS_SETUID)
835 AC_DEFINE(BROKEN_SETREUID)
836 AC_DEFINE(BROKEN_SETREGID)
839 # /usr/ucblib MUST NOT be searched on ReliantUNIX
840 AC_CHECK_LIB(dl, dlsym, ,)
841 # -lresolv needs to be at the end of LIBS or DNS lookups break
842 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
843 IPADDR_IN_DISPLAY=yes
845 AC_DEFINE(IP_TOS_IS_BROKEN)
846 AC_DEFINE(SETEUID_BREAKS_SETUID)
847 AC_DEFINE(BROKEN_SETREUID)
848 AC_DEFINE(BROKEN_SETREGID)
849 AC_DEFINE(SSHD_ACQUIRES_CTTY)
850 external_path_file=/etc/default/login
851 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
852 # Attention: always take care to bind libsocket and libnsl before libc,
853 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
855 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
858 AC_DEFINE(SETEUID_BREAKS_SETUID)
859 AC_DEFINE(BROKEN_SETREUID)
860 AC_DEFINE(BROKEN_SETREGID)
861 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
862 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
864 # UnixWare 7.x, OpenUNIX 8
866 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
868 AC_DEFINE(SETEUID_BREAKS_SETUID)
869 AC_DEFINE(BROKEN_SETREUID)
870 AC_DEFINE(BROKEN_SETREGID)
871 AC_DEFINE(PASSWD_NEEDS_USERNAME)
873 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
874 TEST_SHELL=/u95/bin/sh
875 AC_DEFINE(BROKEN_LIBIAF, 1,
876 [ia_uinfo routines not supported by OS yet])
877 AC_DEFINE(BROKEN_UPDWTMPX)
878 AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
879 AC_CHECK_FUNCS(getluid setluid,,,-lprot)
880 AC_DEFINE(HAVE_SECUREWARE)
881 AC_DEFINE(DISABLE_SHADOW)
884 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
885 check_for_libcrypt_later=1
891 # SCO UNIX and OEM versions of SCO UNIX
893 AC_MSG_ERROR("This Platform is no longer supported.")
897 if test -z "$GCC"; then
898 CFLAGS="$CFLAGS -belf"
900 LIBS="$LIBS -lprot -lx -ltinfo -lm"
903 AC_DEFINE(HAVE_SECUREWARE)
904 AC_DEFINE(DISABLE_SHADOW)
905 AC_DEFINE(DISABLE_FD_PASSING)
906 AC_DEFINE(SETEUID_BREAKS_SETUID)
907 AC_DEFINE(BROKEN_SETREUID)
908 AC_DEFINE(BROKEN_SETREGID)
909 AC_DEFINE(WITH_ABBREV_NO_TTY)
910 AC_DEFINE(BROKEN_UPDWTMPX)
911 AC_DEFINE(PASSWD_NEEDS_USERNAME)
912 AC_CHECK_FUNCS(getluid setluid)
917 AC_DEFINE(NO_SSH_LASTLOG, 1,
918 [Define if you don't want to use lastlog in session.c])
919 AC_DEFINE(SETEUID_BREAKS_SETUID)
920 AC_DEFINE(BROKEN_SETREUID)
921 AC_DEFINE(BROKEN_SETREGID)
923 AC_DEFINE(DISABLE_FD_PASSING)
925 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
929 AC_DEFINE(SETEUID_BREAKS_SETUID)
930 AC_DEFINE(BROKEN_SETREUID)
931 AC_DEFINE(BROKEN_SETREGID)
932 AC_DEFINE(WITH_ABBREV_NO_TTY)
934 AC_DEFINE(DISABLE_FD_PASSING)
936 LIBS="$LIBS -lgen -lacid -ldb"
940 AC_DEFINE(SETEUID_BREAKS_SETUID)
941 AC_DEFINE(BROKEN_SETREUID)
942 AC_DEFINE(BROKEN_SETREGID)
944 AC_DEFINE(DISABLE_FD_PASSING)
945 AC_DEFINE(NO_SSH_LASTLOG)
946 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
947 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
951 AC_MSG_CHECKING(for Digital Unix SIA)
954 [ --with-osfsia Enable Digital Unix SIA],
956 if test "x$withval" = "xno" ; then
957 AC_MSG_RESULT(disabled)
962 if test -z "$no_osfsia" ; then
963 if test -f /etc/sia/matrix.conf; then
965 AC_DEFINE(HAVE_OSF_SIA, 1,
966 [Define if you have Digital Unix Security
967 Integration Architecture])
968 AC_DEFINE(DISABLE_LOGIN, 1,
969 [Define if you don't want to use your
970 system's login() call])
971 AC_DEFINE(DISABLE_FD_PASSING)
972 LIBS="$LIBS -lsecurity -ldb -lm -laud"
976 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
977 [String used in /etc/passwd to denote locked account])
980 AC_DEFINE(BROKEN_GETADDRINFO)
981 AC_DEFINE(SETEUID_BREAKS_SETUID)
982 AC_DEFINE(BROKEN_SETREUID)
983 AC_DEFINE(BROKEN_SETREGID)
984 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
989 AC_DEFINE(NO_X11_UNIX_SOCKETS)
990 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
991 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
992 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
993 AC_DEFINE(DISABLE_LASTLOG)
994 AC_DEFINE(SSHD_ACQUIRES_CTTY)
995 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
996 enable_etc_default_login=no # has incompatible /etc/default/login
999 AC_DEFINE(DISABLE_FD_PASSING)
1005 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
1006 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
1007 AC_DEFINE(NEED_SETPGRP)
1008 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
1012 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
1013 AC_DEFINE(MISSING_HOWMANY)
1014 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
1018 AC_MSG_CHECKING(compiler and flags for sanity)
1022 int main(){exit(0);}
1024 [ AC_MSG_RESULT(yes) ],
1027 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
1029 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
1032 dnl Checks for header files.
1033 # Checks for libraries.
1034 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
1035 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
1037 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
1038 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
1039 AC_CHECK_LIB(gen, dirname,[
1040 AC_CACHE_CHECK([for broken dirname],
1041 ac_cv_have_broken_dirname, [
1049 int main(int argc, char **argv) {
1052 strncpy(buf,"/etc", 32);
1054 if (!s || strncmp(s, "/", 32) != 0) {
1061 [ ac_cv_have_broken_dirname="no" ],
1062 [ ac_cv_have_broken_dirname="yes" ],
1063 [ ac_cv_have_broken_dirname="no" ],
1067 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
1069 AC_DEFINE(HAVE_DIRNAME)
1070 AC_CHECK_HEADERS(libgen.h)
1075 AC_CHECK_FUNC(getspnam, ,
1076 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
1077 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
1078 [Define if you have the basename function.]))
1080 dnl zlib is required
1082 [ --with-zlib=PATH Use zlib in PATH],
1083 [ if test "x$withval" = "xno" ; then
1084 AC_MSG_ERROR([*** zlib is required ***])
1085 elif test "x$withval" != "xyes"; then
1086 if test -d "$withval/lib"; then
1087 if test -n "${need_dash_r}"; then
1088 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1090 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1093 if test -n "${need_dash_r}"; then
1094 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1096 LDFLAGS="-L${withval} ${LDFLAGS}"
1099 if test -d "$withval/include"; then
1100 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1102 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1107 AC_CHECK_LIB(z, deflate, ,
1109 saved_CPPFLAGS="$CPPFLAGS"
1110 saved_LDFLAGS="$LDFLAGS"
1112 dnl Check default zlib install dir
1113 if test -n "${need_dash_r}"; then
1114 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
1116 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
1118 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
1120 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
1122 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1127 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1129 AC_ARG_WITH(zlib-version-check,
1130 [ --without-zlib-version-check Disable zlib version check],
1131 [ if test "x$withval" = "xno" ; then
1132 zlib_check_nonfatal=1
1137 AC_MSG_CHECKING(for possibly buggy zlib)
1138 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1143 int a=0, b=0, c=0, d=0, n, v;
1144 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1145 if (n != 3 && n != 4)
1147 v = a*1000000 + b*10000 + c*100 + d;
1148 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1151 if (a == 1 && b == 1 && c >= 4)
1154 /* 1.2.3 and up are OK */
1162 [ AC_MSG_RESULT(yes)
1163 if test -z "$zlib_check_nonfatal" ; then
1164 AC_MSG_ERROR([*** zlib too old - check config.log ***
1165 Your reported zlib version has known security problems. It's possible your
1166 vendor has fixed these problems without changing the version number. If you
1167 are sure this is the case, you can disable the check by running
1168 "./configure --without-zlib-version-check".
1169 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1170 See http://www.gzip.org/zlib/ for details.])
1172 AC_MSG_WARN([zlib version may have security problems])
1175 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1179 AC_CHECK_FUNC(strcasecmp,
1180 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1182 AC_CHECK_FUNCS(utimes,
1183 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1184 LIBS="$LIBS -lc89"]) ]
1187 dnl Checks for libutil functions
1188 AC_CHECK_HEADERS(libutil.h)
1189 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1190 [Define if your libraries define login()])])
1191 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1195 # Check for ALTDIRFUNC glob() extension
1196 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1197 AC_EGREP_CPP(FOUNDIT,
1200 #ifdef GLOB_ALTDIRFUNC
1205 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1206 [Define if your system glob() function has
1207 the GLOB_ALTDIRFUNC extension])
1215 # Check for g.gl_matchc glob() extension
1216 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1218 [ #include <glob.h> ],
1219 [glob_t g; g.gl_matchc = 1;],
1221 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1222 [Define if your system glob() function has
1223 gl_matchc options in glob_t])
1231 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1233 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1236 #include <sys/types.h>
1238 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1240 [AC_MSG_RESULT(yes)],
1243 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1244 [Define if your struct dirent expects you to
1245 allocate extra space for d_name])
1248 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1249 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1253 AC_MSG_CHECKING([for /proc/pid/fd directory])
1254 if test -d "/proc/$$/fd" ; then
1255 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1261 # Check whether user wants S/Key support
1264 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1266 if test "x$withval" != "xno" ; then
1268 if test "x$withval" != "xyes" ; then
1269 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1270 LDFLAGS="$LDFLAGS -L${withval}/lib"
1273 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1277 AC_MSG_CHECKING([for s/key support])
1282 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1284 [AC_MSG_RESULT(yes)],
1287 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1289 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1293 [(void)skeychallenge(NULL,"name","",0);],
1295 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1296 [Define if your skeychallenge()
1297 function takes 4 arguments (NetBSD)])],
1304 # Check whether user wants TCP wrappers support
1306 AC_ARG_WITH(tcp-wrappers,
1307 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1309 if test "x$withval" != "xno" ; then
1311 saved_LDFLAGS="$LDFLAGS"
1312 saved_CPPFLAGS="$CPPFLAGS"
1313 if test -n "${withval}" && \
1314 test "x${withval}" != "xyes"; then
1315 if test -d "${withval}/lib"; then
1316 if test -n "${need_dash_r}"; then
1317 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1319 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1322 if test -n "${need_dash_r}"; then
1323 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1325 LDFLAGS="-L${withval} ${LDFLAGS}"
1328 if test -d "${withval}/include"; then
1329 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1331 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1335 AC_MSG_CHECKING(for libwrap)
1338 #include <sys/types.h>
1339 #include <sys/socket.h>
1340 #include <netinet/in.h>
1342 int deny_severity = 0, allow_severity = 0;
1347 AC_DEFINE(LIBWRAP, 1,
1349 TCP Wrappers support])
1350 SSHDLIBS="$SSHDLIBS -lwrap"
1354 AC_MSG_ERROR([*** libwrap missing])
1362 # Check whether user wants libedit support
1364 AC_ARG_WITH(libedit,
1365 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1366 [ if test "x$withval" != "xno" ; then
1367 if test "x$withval" != "xyes"; then
1368 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1369 if test -n "${need_dash_r}"; then
1370 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1372 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1375 AC_CHECK_LIB(edit, el_init,
1376 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1377 LIBEDIT="-ledit -lcurses"
1381 [ AC_MSG_ERROR(libedit not found) ],
1384 AC_MSG_CHECKING(if libedit version is compatible)
1387 #include <histedit.h>
1391 el_init("", NULL, NULL, NULL);
1395 [ AC_MSG_RESULT(yes) ],
1397 AC_MSG_ERROR(libedit version is not compatible) ]
1404 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1406 AC_MSG_CHECKING(for supported audit module)
1411 dnl Checks for headers, libs and functions
1412 AC_CHECK_HEADERS(bsm/audit.h, [],
1413 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1420 AC_CHECK_LIB(bsm, getaudit, [],
1421 [AC_MSG_ERROR(BSM enabled and required library not found)])
1422 AC_CHECK_FUNCS(getaudit, [],
1423 [AC_MSG_ERROR(BSM enabled and required function not found)])
1424 # These are optional
1425 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1426 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1430 AC_MSG_RESULT(debug)
1431 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1437 AC_MSG_ERROR([Unknown audit module $withval])
1442 dnl Checks for library functions. Please keep in alphabetical order
1446 arc4random_uniform \
1535 # IRIX has a const char return value for gai_strerror()
1536 AC_CHECK_FUNCS(gai_strerror,[
1537 AC_DEFINE(HAVE_GAI_STRERROR)
1539 #include <sys/types.h>
1540 #include <sys/socket.h>
1543 const char *gai_strerror(int);],[
1546 str = gai_strerror(0);],[
1547 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1548 [Define if gai_strerror() returns const char *])])])
1550 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1551 [Some systems put nanosleep outside of libc]))
1553 dnl Make sure prototypes are defined for these before using them.
1554 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1555 AC_CHECK_DECL(strsep,
1556 [AC_CHECK_FUNCS(strsep)],
1559 #ifdef HAVE_STRING_H
1560 # include <string.h>
1564 dnl tcsendbreak might be a macro
1565 AC_CHECK_DECL(tcsendbreak,
1566 [AC_DEFINE(HAVE_TCSENDBREAK)],
1567 [AC_CHECK_FUNCS(tcsendbreak)],
1568 [#include <termios.h>]
1571 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1573 AC_CHECK_DECLS(SHUT_RD, , ,
1575 #include <sys/types.h>
1576 #include <sys/socket.h>
1579 AC_CHECK_DECLS(O_NONBLOCK, , ,
1581 #include <sys/types.h>
1582 #ifdef HAVE_SYS_STAT_H
1583 # include <sys/stat.h>
1590 AC_CHECK_DECLS(writev, , , [
1591 #include <sys/types.h>
1592 #include <sys/uio.h>
1596 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1597 #include <sys/param.h>
1600 AC_CHECK_DECLS(offsetof, , , [
1604 AC_CHECK_FUNCS(setresuid, [
1605 dnl Some platorms have setresuid that isn't implemented, test for this
1606 AC_MSG_CHECKING(if setresuid seems to work)
1611 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1613 [AC_MSG_RESULT(yes)],
1614 [AC_DEFINE(BROKEN_SETRESUID, 1,
1615 [Define if your setresuid() is broken])
1616 AC_MSG_RESULT(not implemented)],
1617 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1621 AC_CHECK_FUNCS(setresgid, [
1622 dnl Some platorms have setresgid that isn't implemented, test for this
1623 AC_MSG_CHECKING(if setresgid seems to work)
1628 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1630 [AC_MSG_RESULT(yes)],
1631 [AC_DEFINE(BROKEN_SETRESGID, 1,
1632 [Define if your setresgid() is broken])
1633 AC_MSG_RESULT(not implemented)],
1634 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1638 dnl Checks for time functions
1639 AC_CHECK_FUNCS(gettimeofday time)
1640 dnl Checks for utmp functions
1641 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1642 AC_CHECK_FUNCS(utmpname)
1643 dnl Checks for utmpx functions
1644 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1645 AC_CHECK_FUNCS(setutxent utmpxname)
1646 dnl Checks for lastlog functions
1647 AC_CHECK_FUNCS(getlastlogxbyname)
1649 AC_CHECK_FUNC(daemon,
1650 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1651 [AC_CHECK_LIB(bsd, daemon,
1652 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1655 AC_CHECK_FUNC(getpagesize,
1656 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1657 [Define if your libraries define getpagesize()])],
1658 [AC_CHECK_LIB(ucb, getpagesize,
1659 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1662 # Check for broken snprintf
1663 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1664 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1668 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1670 [AC_MSG_RESULT(yes)],
1673 AC_DEFINE(BROKEN_SNPRINTF, 1,
1674 [Define if your snprintf is busted])
1675 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1677 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1681 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1682 # returning the right thing on overflow: the number of characters it tried to
1683 # create (as per SUSv3)
1684 if test "x$ac_cv_func_asprintf" != "xyes" && \
1685 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1686 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1689 #include <sys/types.h>
1693 int x_snprintf(char *str,size_t count,const char *fmt,...)
1695 size_t ret; va_list ap;
1696 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1702 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1704 [AC_MSG_RESULT(yes)],
1707 AC_DEFINE(BROKEN_SNPRINTF, 1,
1708 [Define if your snprintf is busted])
1709 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1711 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1715 # On systems where [v]snprintf is broken, but is declared in stdio,
1716 # check that the fmt argument is const char * or just char *.
1717 # This is only useful for when BROKEN_SNPRINTF
1718 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1719 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1720 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1721 int main(void) { snprintf(0, 0, 0); }
1724 AC_DEFINE(SNPRINTF_CONST, [const],
1725 [Define as const if snprintf() can declare const char *fmt])],
1727 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1729 # Check for missing getpeereid (or equiv) support
1731 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1732 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1734 [#include <sys/types.h>
1735 #include <sys/socket.h>],
1736 [int i = SO_PEERCRED;],
1737 [ AC_MSG_RESULT(yes)
1738 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1745 dnl see whether mkstemp() requires XXXXXX
1746 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1747 AC_MSG_CHECKING([for (overly) strict mkstemp])
1751 main() { char template[]="conftest.mkstemp-test";
1752 if (mkstemp(template) == -1)
1754 unlink(template); exit(0);
1762 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1766 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1771 dnl make sure that openpty does not reacquire controlling terminal
1772 if test ! -z "$check_for_openpty_ctty_bug"; then
1773 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1777 #include <sys/fcntl.h>
1778 #include <sys/types.h>
1779 #include <sys/wait.h>
1785 int fd, ptyfd, ttyfd, status;
1788 if (pid < 0) { /* failed */
1790 } else if (pid > 0) { /* parent */
1791 waitpid(pid, &status, 0);
1792 if (WIFEXITED(status))
1793 exit(WEXITSTATUS(status));
1796 } else { /* child */
1797 close(0); close(1); close(2);
1799 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1800 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1802 exit(3); /* Acquired ctty: broken */
1804 exit(0); /* Did not acquire ctty: OK */
1813 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1816 AC_MSG_RESULT(cross-compiling, assuming yes)
1821 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1822 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1823 AC_MSG_CHECKING(if getaddrinfo seems to work)
1827 #include <sys/socket.h>
1830 #include <netinet/in.h>
1832 #define TEST_PORT "2222"
1838 struct addrinfo *gai_ai, *ai, hints;
1839 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1841 memset(&hints, 0, sizeof(hints));
1842 hints.ai_family = PF_UNSPEC;
1843 hints.ai_socktype = SOCK_STREAM;
1844 hints.ai_flags = AI_PASSIVE;
1846 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1848 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1852 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1853 if (ai->ai_family != AF_INET6)
1856 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1857 sizeof(ntop), strport, sizeof(strport),
1858 NI_NUMERICHOST|NI_NUMERICSERV);
1861 if (err == EAI_SYSTEM)
1862 perror("getnameinfo EAI_SYSTEM");
1864 fprintf(stderr, "getnameinfo failed: %s\n",
1869 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1872 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1885 AC_DEFINE(BROKEN_GETADDRINFO)
1888 AC_MSG_RESULT(cross-compiling, assuming yes)
1893 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1894 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1895 AC_MSG_CHECKING(if getaddrinfo seems to work)
1899 #include <sys/socket.h>
1902 #include <netinet/in.h>
1904 #define TEST_PORT "2222"
1910 struct addrinfo *gai_ai, *ai, hints;
1911 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1913 memset(&hints, 0, sizeof(hints));
1914 hints.ai_family = PF_UNSPEC;
1915 hints.ai_socktype = SOCK_STREAM;
1916 hints.ai_flags = AI_PASSIVE;
1918 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1920 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1924 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1925 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1928 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1929 sizeof(ntop), strport, sizeof(strport),
1930 NI_NUMERICHOST|NI_NUMERICSERV);
1932 if (ai->ai_family == AF_INET && err != 0) {
1933 perror("getnameinfo");
1942 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1943 [Define if you have a getaddrinfo that fails
1944 for the all-zeros IPv6 address])
1948 AC_DEFINE(BROKEN_GETADDRINFO)
1951 AC_MSG_RESULT(cross-compiling, assuming no)
1956 if test "x$check_for_conflicting_getspnam" = "x1"; then
1957 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1961 int main(void) {exit(0);}
1968 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1969 [Conflicting defs for getspnam])
1976 # Search for OpenSSL
1977 saved_CPPFLAGS="$CPPFLAGS"
1978 saved_LDFLAGS="$LDFLAGS"
1979 AC_ARG_WITH(ssl-dir,
1980 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1982 if test "x$withval" != "xno" ; then
1985 ./*|../*) withval="`pwd`/$withval"
1987 if test -d "$withval/lib"; then
1988 if test -n "${need_dash_r}"; then
1989 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1991 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1994 if test -n "${need_dash_r}"; then
1995 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1997 LDFLAGS="-L${withval} ${LDFLAGS}"
2000 if test -d "$withval/include"; then
2001 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2003 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2008 if test -z "$GLOBUS_LDFLAGS" ; then
2009 LIBS="-lcrypto $LIBS"
2011 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
2012 [Define if your ssl headers are included
2013 with #include <openssl/header.h>]),
2015 dnl Check default openssl install dir
2016 if test -n "${need_dash_r}"; then
2017 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2019 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2021 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2022 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2024 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2030 # Determine OpenSSL header version
2031 AC_MSG_CHECKING([OpenSSL header version])
2036 #include <openssl/opensslv.h>
2037 #define DATA "conftest.sslincver"
2042 fd = fopen(DATA,"w");
2046 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2053 ssl_header_ver=`cat conftest.sslincver`
2054 AC_MSG_RESULT($ssl_header_ver)
2057 AC_MSG_RESULT(not found)
2058 AC_MSG_ERROR(OpenSSL version header not found.)
2061 AC_MSG_WARN([cross compiling: not checking])
2065 # Determine OpenSSL library version
2066 AC_MSG_CHECKING([OpenSSL library version])
2071 #include <openssl/opensslv.h>
2072 #include <openssl/crypto.h>
2073 #define DATA "conftest.ssllibver"
2078 fd = fopen(DATA,"w");
2082 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2089 ssl_library_ver=`cat conftest.ssllibver`
2090 AC_MSG_RESULT($ssl_library_ver)
2093 AC_MSG_RESULT(not found)
2094 AC_MSG_ERROR(OpenSSL library not found.)
2097 AC_MSG_WARN([cross compiling: not checking])
2101 AC_ARG_WITH(openssl-header-check,
2102 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2103 [ if test "x$withval" = "xno" ; then
2104 openssl_check_nonfatal=1
2109 # Sanity check OpenSSL headers
2110 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2114 #include <openssl/opensslv.h>
2115 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2122 if test "x$openssl_check_nonfatal" = "x"; then
2123 AC_MSG_ERROR([Your OpenSSL headers do not match your
2124 library. Check config.log for details.
2125 If you are sure your installation is consistent, you can disable the check
2126 by running "./configure --without-openssl-header-check".
2127 Also see contrib/findssl.sh for help identifying header/library mismatches.
2130 AC_MSG_WARN([Your OpenSSL headers do not match your
2131 library. Check config.log for details.
2132 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2136 AC_MSG_WARN([cross compiling: not checking])
2140 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2143 #include <openssl/evp.h>
2144 int main(void) { SSLeay_add_all_algorithms(); }
2153 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2156 #include <openssl/evp.h>
2157 int main(void) { SSLeay_add_all_algorithms(); }
2170 AC_ARG_WITH(ssl-engine,
2171 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2172 [ if test "x$withval" != "xno" ; then
2173 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2175 [ #include <openssl/engine.h>],
2177 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2179 [ AC_MSG_RESULT(yes)
2180 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2181 [Enable OpenSSL engine support])
2183 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2188 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2189 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2193 #include <openssl/evp.h>
2194 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2201 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2202 [libcrypto is missing AES 192 and 256 bit functions])
2206 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2207 # because the system crypt() is more featureful.
2208 if test "x$check_for_libcrypt_before" = "x1"; then
2209 AC_CHECK_LIB(crypt, crypt)
2212 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2213 # version in OpenSSL.
2214 if test "x$check_for_libcrypt_later" = "x1"; then
2215 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2218 # Search for SHA256 support in libc and/or OpenSSL
2219 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2222 AC_CHECK_LIB(iaf, ia_openinfo, [
2224 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2225 AC_DEFINE(HAVE_LIBIAF, 1,
2226 [Define if system has libiaf that supports set_id])
2231 ### Configure cryptographic random number support
2233 # Check wheter OpenSSL seeds itself
2234 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2238 #include <openssl/rand.h>
2239 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2242 OPENSSL_SEEDS_ITSELF=yes
2247 # Default to use of the rand helper if OpenSSL doesn't
2252 AC_MSG_WARN([cross compiling: assuming yes])
2253 # This is safe, since all recent OpenSSL versions will
2254 # complain at runtime if not seeded correctly.
2255 OPENSSL_SEEDS_ITSELF=yes
2259 # Check for PAM libs
2262 [ --with-pam Enable PAM support ],
2264 if test "x$withval" != "xno" ; then
2265 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2266 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2267 AC_MSG_ERROR([PAM headers not found])
2271 AC_CHECK_LIB(dl, dlopen, , )
2272 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2273 AC_CHECK_FUNCS(pam_getenvlist)
2274 AC_CHECK_FUNCS(pam_putenv)
2279 SSHDLIBS="$SSHDLIBS -lpam"
2280 AC_DEFINE(USE_PAM, 1,
2281 [Define if you want to enable PAM support])
2283 if test $ac_cv_lib_dl_dlopen = yes; then
2286 # libdl already in LIBS
2289 SSHDLIBS="$SSHDLIBS -ldl"
2297 # Check for older PAM
2298 if test "x$PAM_MSG" = "xyes" ; then
2299 # Check PAM strerror arguments (old PAM)
2300 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2304 #if defined(HAVE_SECURITY_PAM_APPL_H)
2305 #include <security/pam_appl.h>
2306 #elif defined (HAVE_PAM_PAM_APPL_H)
2307 #include <pam/pam_appl.h>
2310 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2311 [AC_MSG_RESULT(no)],
2313 AC_DEFINE(HAVE_OLD_PAM, 1,
2314 [Define if you have an old version of PAM
2315 which takes only one argument to pam_strerror])
2317 PAM_MSG="yes (old library)"
2322 # Do we want to force the use of the rand helper?
2323 AC_ARG_WITH(rand-helper,
2324 [ --with-rand-helper Use subprocess to gather strong randomness ],
2326 if test "x$withval" = "xno" ; then
2327 # Force use of OpenSSL's internal RNG, even if
2328 # the previous test showed it to be unseeded.
2329 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2330 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2331 OPENSSL_SEEDS_ITSELF=yes
2340 # Which randomness source do we use?
2341 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2343 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2344 [Define if you want OpenSSL's internally seeded PRNG only])
2345 RAND_MSG="OpenSSL internal ONLY"
2346 INSTALL_SSH_RAND_HELPER=""
2347 elif test ! -z "$USE_RAND_HELPER" ; then
2348 # install rand helper
2349 RAND_MSG="ssh-rand-helper"
2350 INSTALL_SSH_RAND_HELPER="yes"
2352 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2354 ### Configuration of ssh-rand-helper
2357 AC_ARG_WITH(prngd-port,
2358 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2367 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2370 if test ! -z "$withval" ; then
2371 PRNGD_PORT="$withval"
2372 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2373 [Port number of PRNGD/EGD random number socket])
2378 # PRNGD Unix domain socket
2379 AC_ARG_WITH(prngd-socket,
2380 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2384 withval="/var/run/egd-pool"
2392 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2396 if test ! -z "$withval" ; then
2397 if test ! -z "$PRNGD_PORT" ; then
2398 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2400 if test ! -r "$withval" ; then
2401 AC_MSG_WARN(Entropy socket is not readable)
2403 PRNGD_SOCKET="$withval"
2404 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2405 [Location of PRNGD/EGD random number socket])
2409 # Check for existing socket only if we don't have a random device already
2410 if test "$USE_RAND_HELPER" = yes ; then
2411 AC_MSG_CHECKING(for PRNGD/EGD socket)
2412 # Insert other locations here
2413 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2414 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2415 PRNGD_SOCKET="$sock"
2416 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2420 if test ! -z "$PRNGD_SOCKET" ; then
2421 AC_MSG_RESULT($PRNGD_SOCKET)
2423 AC_MSG_RESULT(not found)
2429 # Change default command timeout for hashing entropy source
2431 AC_ARG_WITH(entropy-timeout,
2432 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2434 if test -n "$withval" && test "x$withval" != "xno" && \
2435 test "x${withval}" != "xyes"; then
2436 entropy_timeout=$withval
2440 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2441 [Builtin PRNG command timeout])
2443 SSH_PRIVSEP_USER=sshd
2444 AC_ARG_WITH(privsep-user,
2445 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2447 if test -n "$withval" && test "x$withval" != "xno" && \
2448 test "x${withval}" != "xyes"; then
2449 SSH_PRIVSEP_USER=$withval
2453 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2454 [non-privileged user for privilege separation])
2455 AC_SUBST(SSH_PRIVSEP_USER)
2457 # We do this little dance with the search path to insure
2458 # that programs that we select for use by installed programs
2459 # (which may be run by the super-user) come from trusted
2460 # locations before they come from the user's private area.
2461 # This should help avoid accidentally configuring some
2462 # random version of a program in someone's personal bin.
2466 test -h /bin 2> /dev/null && PATH=/usr/bin
2467 test -d /sbin && PATH=$PATH:/sbin
2468 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2469 PATH=$PATH:/etc:$OPATH
2471 # These programs are used by the command hashing source to gather entropy
2472 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2473 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2474 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2475 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2476 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2477 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2478 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2479 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2480 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2481 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2482 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2483 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2484 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2485 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2486 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2487 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2491 # Where does ssh-rand-helper get its randomness from?
2492 INSTALL_SSH_PRNG_CMDS=""
2493 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2494 if test ! -z "$PRNGD_PORT" ; then
2495 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2496 elif test ! -z "$PRNGD_SOCKET" ; then
2497 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2499 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2500 RAND_HELPER_CMDHASH=yes
2501 INSTALL_SSH_PRNG_CMDS="yes"
2504 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2507 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2508 if test ! -z "$SONY" ; then
2509 LIBS="$LIBS -liberty";
2512 # Check for long long datatypes
2513 AC_CHECK_TYPES([long long, unsigned long long, long double])
2515 # Check datatype sizes
2516 AC_CHECK_SIZEOF(char, 1)
2517 AC_CHECK_SIZEOF(short int, 2)
2518 AC_CHECK_SIZEOF(int, 4)
2519 AC_CHECK_SIZEOF(long int, 4)
2520 AC_CHECK_SIZEOF(long long int, 8)
2522 # Sanity check long long for some platforms (AIX)
2523 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2524 ac_cv_sizeof_long_long_int=0
2527 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2528 if test -z "$have_llong_max"; then
2529 AC_MSG_CHECKING([for max value of long long])
2533 /* Why is this so damn hard? */
2537 #define __USE_ISOC99
2539 #define DATA "conftest.llminmax"
2540 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2543 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2544 * we do this the hard way.
2547 fprint_ll(FILE *f, long long n)
2550 int l[sizeof(long long) * 8];
2553 if (fprintf(f, "-") < 0)
2555 for (i = 0; n != 0; i++) {
2556 l[i] = my_abs(n % 10);
2560 if (fprintf(f, "%d", l[--i]) < 0)
2563 if (fprintf(f, " ") < 0)
2570 long long i, llmin, llmax = 0;
2572 if((f = fopen(DATA,"w")) == NULL)
2575 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2576 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2580 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2581 /* This will work on one's complement and two's complement */
2582 for (i = 1; i > llmax; i <<= 1, i++)
2584 llmin = llmax + 1LL; /* wrap */
2588 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2589 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2590 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2591 fprintf(f, "unknown unknown\n");
2595 if (fprint_ll(f, llmin) < 0)
2597 if (fprint_ll(f, llmax) < 0)
2605 llong_min=`$AWK '{print $1}' conftest.llminmax`
2606 llong_max=`$AWK '{print $2}' conftest.llminmax`
2608 AC_MSG_RESULT($llong_max)
2609 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2610 [max value of long long calculated by configure])
2611 AC_MSG_CHECKING([for min value of long long])
2612 AC_MSG_RESULT($llong_min)
2613 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2614 [min value of long long calculated by configure])
2617 AC_MSG_RESULT(not found)
2620 AC_MSG_WARN([cross compiling: not checking])
2626 # More checks for data types
2627 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2629 [ #include <sys/types.h> ],
2631 [ ac_cv_have_u_int="yes" ],
2632 [ ac_cv_have_u_int="no" ]
2635 if test "x$ac_cv_have_u_int" = "xyes" ; then
2636 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2640 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2642 [ #include <sys/types.h> ],
2643 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2644 [ ac_cv_have_intxx_t="yes" ],
2645 [ ac_cv_have_intxx_t="no" ]
2648 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2649 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2653 if (test -z "$have_intxx_t" && \
2654 test "x$ac_cv_header_stdint_h" = "xyes")
2656 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2658 [ #include <stdint.h> ],
2659 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2661 AC_DEFINE(HAVE_INTXX_T)
2664 [ AC_MSG_RESULT(no) ]
2668 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2671 #include <sys/types.h>
2672 #ifdef HAVE_STDINT_H
2673 # include <stdint.h>
2675 #include <sys/socket.h>
2676 #ifdef HAVE_SYS_BITYPES_H
2677 # include <sys/bitypes.h>
2680 [ int64_t a; a = 1;],
2681 [ ac_cv_have_int64_t="yes" ],
2682 [ ac_cv_have_int64_t="no" ]
2685 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2686 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2689 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2691 [ #include <sys/types.h> ],
2692 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2693 [ ac_cv_have_u_intxx_t="yes" ],
2694 [ ac_cv_have_u_intxx_t="no" ]
2697 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2698 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2702 if test -z "$have_u_intxx_t" ; then
2703 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2705 [ #include <sys/socket.h> ],
2706 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2708 AC_DEFINE(HAVE_U_INTXX_T)
2711 [ AC_MSG_RESULT(no) ]
2715 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2717 [ #include <sys/types.h> ],
2718 [ u_int64_t a; a = 1;],
2719 [ ac_cv_have_u_int64_t="yes" ],
2720 [ ac_cv_have_u_int64_t="no" ]
2723 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2724 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2728 if test -z "$have_u_int64_t" ; then
2729 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2731 [ #include <sys/bitypes.h> ],
2732 [ u_int64_t a; a = 1],
2734 AC_DEFINE(HAVE_U_INT64_T)
2737 [ AC_MSG_RESULT(no) ]
2741 if test -z "$have_u_intxx_t" ; then
2742 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2745 #include <sys/types.h>
2747 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2748 [ ac_cv_have_uintxx_t="yes" ],
2749 [ ac_cv_have_uintxx_t="no" ]
2752 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2753 AC_DEFINE(HAVE_UINTXX_T, 1,
2754 [define if you have uintxx_t data type])
2758 if test -z "$have_uintxx_t" ; then
2759 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2761 [ #include <stdint.h> ],
2762 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2764 AC_DEFINE(HAVE_UINTXX_T)
2767 [ AC_MSG_RESULT(no) ]
2771 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2772 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2774 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2777 #include <sys/bitypes.h>
2780 int8_t a; int16_t b; int32_t c;
2781 u_int8_t e; u_int16_t f; u_int32_t g;
2782 a = b = c = e = f = g = 1;
2785 AC_DEFINE(HAVE_U_INTXX_T)
2786 AC_DEFINE(HAVE_INTXX_T)
2794 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2797 #include <sys/types.h>
2799 [ u_char foo; foo = 125; ],
2800 [ ac_cv_have_u_char="yes" ],
2801 [ ac_cv_have_u_char="no" ]
2804 if test "x$ac_cv_have_u_char" = "xyes" ; then
2805 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2810 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2811 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2812 #include <sys/types.h>
2813 #ifdef HAVE_SYS_BITYPES_H
2814 #include <sys/bitypes.h>
2816 #ifdef HAVE_SYS_STATFS_H
2817 #include <sys/statfs.h>
2819 #ifdef HAVE_SYS_STATVFS_H
2820 #include <sys/statvfs.h>
2824 AC_CHECK_TYPES(in_addr_t,,,
2825 [#include <sys/types.h>
2826 #include <netinet/in.h>])
2828 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2831 #include <sys/types.h>
2833 [ size_t foo; foo = 1235; ],
2834 [ ac_cv_have_size_t="yes" ],
2835 [ ac_cv_have_size_t="no" ]
2838 if test "x$ac_cv_have_size_t" = "xyes" ; then
2839 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2842 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2845 #include <sys/types.h>
2847 [ ssize_t foo; foo = 1235; ],
2848 [ ac_cv_have_ssize_t="yes" ],
2849 [ ac_cv_have_ssize_t="no" ]
2852 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2853 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2856 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2861 [ clock_t foo; foo = 1235; ],
2862 [ ac_cv_have_clock_t="yes" ],
2863 [ ac_cv_have_clock_t="no" ]
2866 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2867 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2870 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2873 #include <sys/types.h>
2874 #include <sys/socket.h>
2876 [ sa_family_t foo; foo = 1235; ],
2877 [ ac_cv_have_sa_family_t="yes" ],
2880 #include <sys/types.h>
2881 #include <sys/socket.h>
2882 #include <netinet/in.h>
2884 [ sa_family_t foo; foo = 1235; ],
2885 [ ac_cv_have_sa_family_t="yes" ],
2887 [ ac_cv_have_sa_family_t="no" ]
2891 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2892 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2893 [define if you have sa_family_t data type])
2896 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2899 #include <sys/types.h>
2901 [ pid_t foo; foo = 1235; ],
2902 [ ac_cv_have_pid_t="yes" ],
2903 [ ac_cv_have_pid_t="no" ]
2906 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2907 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2910 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2913 #include <sys/types.h>
2915 [ mode_t foo; foo = 1235; ],
2916 [ ac_cv_have_mode_t="yes" ],
2917 [ ac_cv_have_mode_t="no" ]
2920 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2921 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2925 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2928 #include <sys/types.h>
2929 #include <sys/socket.h>
2931 [ struct sockaddr_storage s; ],
2932 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2933 [ ac_cv_have_struct_sockaddr_storage="no" ]
2936 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2937 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2938 [define if you have struct sockaddr_storage data type])
2941 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2944 #include <sys/types.h>
2945 #include <netinet/in.h>
2947 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2948 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2949 [ ac_cv_have_struct_sockaddr_in6="no" ]
2952 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2953 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2954 [define if you have struct sockaddr_in6 data type])
2957 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2960 #include <sys/types.h>
2961 #include <netinet/in.h>
2963 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2964 [ ac_cv_have_struct_in6_addr="yes" ],
2965 [ ac_cv_have_struct_in6_addr="no" ]
2968 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2969 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2970 [define if you have struct in6_addr data type])
2972 dnl Now check for sin6_scope_id
2973 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
2975 #ifdef HAVE_SYS_TYPES_H
2976 #include <sys/types.h>
2978 #include <netinet/in.h>
2982 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2985 #include <sys/types.h>
2986 #include <sys/socket.h>
2989 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2990 [ ac_cv_have_struct_addrinfo="yes" ],
2991 [ ac_cv_have_struct_addrinfo="no" ]
2994 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2995 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2996 [define if you have struct addrinfo data type])
2999 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3001 [ #include <sys/time.h> ],
3002 [ struct timeval tv; tv.tv_sec = 1;],
3003 [ ac_cv_have_struct_timeval="yes" ],
3004 [ ac_cv_have_struct_timeval="no" ]
3007 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3008 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3009 have_struct_timeval=1
3012 AC_CHECK_TYPES(struct timespec)
3014 # We need int64_t or else certian parts of the compile will fail.
3015 if test "x$ac_cv_have_int64_t" = "xno" && \
3016 test "x$ac_cv_sizeof_long_int" != "x8" && \
3017 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3018 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3019 echo "an alternative compiler (I.E., GCC) before continuing."
3023 dnl test snprintf (broken on SCO w/gcc)
3028 #ifdef HAVE_SNPRINTF
3032 char expected_out[50];
3034 #if (SIZEOF_LONG_INT == 8)
3035 long int num = 0x7fffffffffffffff;
3037 long long num = 0x7fffffffffffffffll;
3039 strcpy(expected_out, "9223372036854775807");
3040 snprintf(buf, mazsize, "%lld", num);
3041 if(strcmp(buf, expected_out) != 0)
3048 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3049 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3053 dnl Checks for structure members
3054 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3055 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3056 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3057 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3058 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3059 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3060 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3061 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3062 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3063 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3064 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3065 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3066 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3067 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3068 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3069 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3070 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3072 AC_CHECK_MEMBERS([struct stat.st_blksize])
3073 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3074 [Define if we don't have struct __res_state in resolv.h])],
3077 #if HAVE_SYS_TYPES_H
3078 # include <sys/types.h>
3080 #include <netinet/in.h>
3081 #include <arpa/nameser.h>
3085 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3086 ac_cv_have_ss_family_in_struct_ss, [
3089 #include <sys/types.h>
3090 #include <sys/socket.h>
3092 [ struct sockaddr_storage s; s.ss_family = 1; ],
3093 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3094 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3097 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3098 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3101 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3102 ac_cv_have___ss_family_in_struct_ss, [
3105 #include <sys/types.h>
3106 #include <sys/socket.h>
3108 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3109 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3110 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3113 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3114 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3115 [Fields in struct sockaddr_storage])
3118 AC_CACHE_CHECK([for pw_class field in struct passwd],
3119 ac_cv_have_pw_class_in_struct_passwd, [
3124 [ struct passwd p; p.pw_class = 0; ],
3125 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3126 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3129 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3130 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3131 [Define if your password has a pw_class field])
3134 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3135 ac_cv_have_pw_expire_in_struct_passwd, [
3140 [ struct passwd p; p.pw_expire = 0; ],
3141 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3142 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3145 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3146 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3147 [Define if your password has a pw_expire field])
3150 AC_CACHE_CHECK([for pw_change field in struct passwd],
3151 ac_cv_have_pw_change_in_struct_passwd, [
3156 [ struct passwd p; p.pw_change = 0; ],
3157 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3158 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3161 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3162 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3163 [Define if your password has a pw_change field])
3166 dnl make sure we're using the real structure members and not defines
3167 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3168 ac_cv_have_accrights_in_msghdr, [
3171 #include <sys/types.h>
3172 #include <sys/socket.h>
3173 #include <sys/uio.h>
3175 #ifdef msg_accrights
3176 #error "msg_accrights is a macro"
3180 m.msg_accrights = 0;
3184 [ ac_cv_have_accrights_in_msghdr="yes" ],
3185 [ ac_cv_have_accrights_in_msghdr="no" ]
3188 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3189 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3190 [Define if your system uses access rights style
3191 file descriptor passing])
3194 AC_MSG_CHECKING(if f_fsid has val members)
3196 #include <sys/types.h>
3197 #include <sys/statvfs.h>],
3198 [struct fsid_t t; t.val[0] = 0;],
3199 [ AC_MSG_RESULT(yes)
3200 AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
3201 [ AC_MSG_RESULT(no) ]
3204 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3205 ac_cv_have_control_in_msghdr, [
3208 #include <sys/types.h>
3209 #include <sys/socket.h>
3210 #include <sys/uio.h>
3213 #error "msg_control is a macro"
3221 [ ac_cv_have_control_in_msghdr="yes" ],
3222 [ ac_cv_have_control_in_msghdr="no" ]
3225 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3226 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3227 [Define if your system uses ancillary data style
3228 file descriptor passing])
3231 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3233 [ extern char *__progname; printf("%s", __progname); ],
3234 [ ac_cv_libc_defines___progname="yes" ],
3235 [ ac_cv_libc_defines___progname="no" ]
3238 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3239 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3242 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3246 [ printf("%s", __FUNCTION__); ],
3247 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3248 [ ac_cv_cc_implements___FUNCTION__="no" ]
3251 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3252 AC_DEFINE(HAVE___FUNCTION__, 1,
3253 [Define if compiler implements __FUNCTION__])
3256 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3260 [ printf("%s", __func__); ],
3261 [ ac_cv_cc_implements___func__="yes" ],
3262 [ ac_cv_cc_implements___func__="no" ]
3265 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3266 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3269 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3271 [#include <stdarg.h>
3274 [ ac_cv_have_va_copy="yes" ],
3275 [ ac_cv_have_va_copy="no" ]
3278 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3279 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3282 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3284 [#include <stdarg.h>
3287 [ ac_cv_have___va_copy="yes" ],
3288 [ ac_cv_have___va_copy="no" ]
3291 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3292 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3295 AC_CACHE_CHECK([whether getopt has optreset support],
3296 ac_cv_have_getopt_optreset, [
3301 [ extern int optreset; optreset = 0; ],
3302 [ ac_cv_have_getopt_optreset="yes" ],
3303 [ ac_cv_have_getopt_optreset="no" ]
3306 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3307 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3308 [Define if your getopt(3) defines and uses optreset])
3311 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3313 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3314 [ ac_cv_libc_defines_sys_errlist="yes" ],
3315 [ ac_cv_libc_defines_sys_errlist="no" ]
3318 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3319 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3320 [Define if your system defines sys_errlist[]])
3324 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3326 [ extern int sys_nerr; printf("%i", sys_nerr);],
3327 [ ac_cv_libc_defines_sys_nerr="yes" ],
3328 [ ac_cv_libc_defines_sys_nerr="no" ]
3331 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3332 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3336 # Check whether user wants sectok support
3338 [ --with-sectok Enable smartcard support using libsectok],
3340 if test "x$withval" != "xno" ; then
3341 if test "x$withval" != "xyes" ; then
3342 CPPFLAGS="$CPPFLAGS -I${withval}"
3343 LDFLAGS="$LDFLAGS -L${withval}"
3344 if test ! -z "$need_dash_r" ; then
3345 LDFLAGS="$LDFLAGS -R${withval}"
3347 if test ! -z "$blibpath" ; then
3348 blibpath="$blibpath:${withval}"
3351 AC_CHECK_HEADERS(sectok.h)
3352 if test "$ac_cv_header_sectok_h" != yes; then
3353 AC_MSG_ERROR(Can't find sectok.h)
3355 AC_CHECK_LIB(sectok, sectok_open)
3356 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3357 AC_MSG_ERROR(Can't find libsectok)
3359 AC_DEFINE(SMARTCARD, 1,
3360 [Define if you want smartcard support])
3361 AC_DEFINE(USE_SECTOK, 1,
3362 [Define if you want smartcard support
3364 SCARD_MSG="yes, using sectok"
3369 # Check whether user wants OpenSC support
3372 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3374 if test "x$withval" != "xno" ; then
3375 if test "x$withval" != "xyes" ; then
3376 OPENSC_CONFIG=$withval/bin/opensc-config
3378 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3380 if test "$OPENSC_CONFIG" != "no"; then
3381 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3382 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3383 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3384 LIBS="$LIBS $LIBOPENSC_LIBS"
3385 AC_DEFINE(SMARTCARD)
3386 AC_DEFINE(USE_OPENSC, 1,
3387 [Define if you want smartcard support
3389 SCARD_MSG="yes, using OpenSC"
3395 # Check libraries needed by DNS fingerprint support
3396 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3397 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3398 [Define if getrrsetbyname() exists])],
3400 # Needed by our getrrsetbyname()
3401 AC_SEARCH_LIBS(res_query, resolv)
3402 AC_SEARCH_LIBS(dn_expand, resolv)
3403 AC_MSG_CHECKING(if res_query will link)
3404 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3407 LIBS="$LIBS -lresolv"
3408 AC_MSG_CHECKING(for res_query in -lresolv)
3413 res_query (0, 0, 0, 0, 0);
3417 [LIBS="$LIBS -lresolv"
3418 AC_MSG_RESULT(yes)],
3422 AC_CHECK_FUNCS(_getshort _getlong)
3423 AC_CHECK_DECLS([_getshort, _getlong], , ,
3424 [#include <sys/types.h>
3425 #include <arpa/nameser.h>])
3426 AC_CHECK_MEMBER(HEADER.ad,
3427 [AC_DEFINE(HAVE_HEADER_AD, 1,
3428 [Define if HEADER.ad exists in arpa/nameser.h])],,
3429 [#include <arpa/nameser.h>])
3432 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3435 #if HAVE_SYS_TYPES_H
3436 # include <sys/types.h>
3438 #include <netinet/in.h>
3439 #include <arpa/nameser.h>
3441 extern struct __res_state _res;
3442 int main() { return 0; }
3445 AC_DEFINE(HAVE__RES_EXTERN, 1,
3446 [Define if you have struct __res_state _res as an extern])
3448 [ AC_MSG_RESULT(no) ]
3451 # Check whether user wants SELinux support
3454 AC_ARG_WITH(selinux,
3455 [ --with-selinux Enable SELinux support],
3456 [ if test "x$withval" != "xno" ; then
3458 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3460 AC_CHECK_HEADER([selinux/selinux.h], ,
3461 AC_MSG_ERROR(SELinux support requires selinux.h header))
3462 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3463 AC_MSG_ERROR(SELinux support requires libselinux library))
3464 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3465 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3470 # Finish configuring Globus GSSAPI
3471 if test "x$gsi_path" != "xno" ; then
3472 if test ! -z "$need_dash_r" ; then
3473 LDFLAGS="$LDFLAGS -R${gsi_path}/lib"
3475 if test ! -z "$blibpath" ; then
3476 blibpath="$blibpath:${gsi_path}/lib"
3478 # test that we got the libraries OK
3484 AC_MSG_ERROR(link with Globus libraries failed)
3487 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
3489 AC_SUBST(INSTALL_GSISSH)
3491 # Check whether the user wants GSSAPI mechglue support
3492 AC_ARG_WITH(mechglue,
3493 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
3495 AC_MSG_CHECKING(for mechglue library)
3497 if test -e ${withval}/libgssapi.a ; then
3498 mechglue_lib=${withval}/libgssapi.a
3499 elif test -e ${withval}/lib/libgssapi.a ; then
3500 mechglue_lib=${withval}/lib/libgssapi.a
3502 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
3504 LIBS="${mechglue_lib} $LIBS"
3505 AC_MSG_RESULT(${mechglue_lib})
3507 AC_CHECK_LIB(dl, dlopen, , )
3508 if test $ac_cv_lib_dl_dlopen = yes; then
3509 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
3513 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
3519 # Check whether user wants Kerberos 5 support
3521 AC_ARG_WITH(kerberos5,
3522 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3523 [ if test "x$withval" != "xno" ; then
3524 if test "x$withval" = "xyes" ; then
3525 KRB5ROOT="/usr/local"
3530 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3533 AC_MSG_CHECKING(for krb5-config)
3534 if test -x $KRB5ROOT/bin/krb5-config ; then
3535 KRB5CONF=$KRB5ROOT/bin/krb5-config
3536 AC_MSG_RESULT($KRB5CONF)
3538 AC_MSG_CHECKING(for gssapi support)
3539 if $KRB5CONF | grep gssapi >/dev/null ; then
3541 AC_DEFINE(GSSAPI, 1,
3542 [Define this if you want GSSAPI
3543 support in the version 2 protocol])
3549 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3550 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3551 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3552 AC_MSG_CHECKING(whether we are using Heimdal)
3553 AC_TRY_COMPILE([ #include <krb5.h> ],
3554 [ char *tmp = heimdal_version; ],
3555 [ AC_MSG_RESULT(yes)
3556 AC_DEFINE(HEIMDAL, 1,
3557 [Define this if you are using the
3558 Heimdal version of Kerberos V5]) ],
3563 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3564 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3565 AC_MSG_CHECKING(whether we are using Heimdal)
3566 AC_TRY_COMPILE([ #include <krb5.h> ],
3567 [ char *tmp = heimdal_version; ],
3568 [ AC_MSG_RESULT(yes)
3570 K5LIBS="-lkrb5 -ldes"
3571 K5LIBS="$K5LIBS -lcom_err -lasn1"
3572 AC_CHECK_LIB(roken, net_write,
3573 [K5LIBS="$K5LIBS -lroken"])
3576 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3579 AC_SEARCH_LIBS(dn_expand, resolv)
3581 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3583 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3584 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3586 K5LIBS="-lgssapi $K5LIBS" ],
3587 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3592 AC_CHECK_HEADER(gssapi.h, ,
3593 [ unset ac_cv_header_gssapi_h
3594 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3595 AC_CHECK_HEADERS(gssapi.h, ,
3596 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3602 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3603 AC_CHECK_HEADER(gssapi_krb5.h, ,
3604 [ CPPFLAGS="$oldCPP" ])
3606 # If we're using some other GSSAPI
3607 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3608 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3611 if test -z "$GSSAPI"; then
3616 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3617 AC_CHECK_HEADER(gssapi_krb5.h, ,
3618 [ CPPFLAGS="$oldCPP" ])
3621 if test ! -z "$need_dash_r" ; then
3622 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3624 if test ! -z "$blibpath" ; then
3625 blibpath="$blibpath:${KRB5ROOT}/lib"
3628 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3629 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3630 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3632 LIBS="$LIBS $K5LIBS"
3633 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3634 [Define this if you want to use libkafs' AFS support]))
3639 # Check whether user wants AFS_KRB5 support
3641 AC_ARG_WITH(afs-krb5,
3642 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3644 if test "x$withval" != "xno" ; then
3646 if test "x$withval" != "xyes" ; then
3647 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3648 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3650 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3652 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3655 if test -z "$KRB5ROOT" ; then
3656 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3659 LIBS="-lkrbafs -lkrb4 $LIBS"
3660 if test ! -z "$AFS_LIBS" ; then
3661 LIBS="$LIBS $AFS_LIBS"
3663 AC_DEFINE(AFS_KRB5, 1,
3664 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3670 AC_ARG_WITH(session-hooks,
3671 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3672 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3675 # Looking for programs, paths and files
3677 PRIVSEP_PATH=/var/empty
3678 AC_ARG_WITH(privsep-path,
3679 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3681 if test -n "$withval" && test "x$withval" != "xno" && \
3682 test "x${withval}" != "xyes"; then
3683 PRIVSEP_PATH=$withval
3687 AC_SUBST(PRIVSEP_PATH)
3690 [ --with-xauth=PATH Specify path to xauth program ],
3692 if test -n "$withval" && test "x$withval" != "xno" && \
3693 test "x${withval}" != "xyes"; then
3699 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3700 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3701 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3702 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3703 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3704 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3705 xauth_path="/usr/openwin/bin/xauth"
3710 # strip causes problems with GSI libraries...
3711 if test -z "$GLOBUS_LDFLAGS" ; then
3714 AC_ARG_ENABLE(strip,
3715 [ --disable-strip Disable calling strip(1) on install],
3717 if test "x$enableval" = "xno" ; then
3724 if test -z "$xauth_path" ; then
3725 XAUTH_PATH="undefined"
3726 AC_SUBST(XAUTH_PATH)
3728 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3729 [Define if xauth is found in your path])
3730 XAUTH_PATH=$xauth_path
3731 AC_SUBST(XAUTH_PATH)
3734 # Check for mail directory (last resort if we cannot get it from headers)
3735 if test ! -z "$MAIL" ; then
3736 maildir=`dirname $MAIL`
3737 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3738 [Set this to your mail directory if you don't have maillock.h])
3741 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3742 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3743 disable_ptmx_check=yes
3745 if test -z "$no_dev_ptmx" ; then
3746 if test "x$disable_ptmx_check" != "xyes" ; then
3747 AC_CHECK_FILE("/dev/ptmx",
3749 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3750 [Define if you have /dev/ptmx])
3757 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3758 AC_CHECK_FILE("/dev/ptc",
3760 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3761 [Define if you have /dev/ptc])
3766 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3769 # Options from here on. Some of these are preset by platform above
3770 AC_ARG_WITH(mantype,
3771 [ --with-mantype=man|cat|doc Set man page type],
3778 AC_MSG_ERROR(invalid man type: $withval)
3783 if test -z "$MANTYPE"; then
3784 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3785 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3786 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3788 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3795 if test "$MANTYPE" = "doc"; then
3802 # Check whether to enable MD5 passwords
3804 AC_ARG_WITH(md5-passwords,
3805 [ --with-md5-passwords Enable use of MD5 passwords],
3807 if test "x$withval" != "xno" ; then
3808 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3809 [Define if you want to allow MD5 passwords])
3815 # Whether to disable shadow password support
3817 [ --without-shadow Disable shadow password support],
3819 if test "x$withval" = "xno" ; then
3820 AC_DEFINE(DISABLE_SHADOW)
3826 if test -z "$disable_shadow" ; then
3827 AC_MSG_CHECKING([if the systems has expire shadow information])
3830 #include <sys/types.h>
3833 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3834 [ sp_expire_available=yes ], []
3837 if test "x$sp_expire_available" = "xyes" ; then
3839 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3840 [Define if you want to use shadow password expire field])
3846 # Use ip address instead of hostname in $DISPLAY
3847 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3848 DISPLAY_HACK_MSG="yes"
3849 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3850 [Define if you need to use IP address
3851 instead of hostname in $DISPLAY])
3853 DISPLAY_HACK_MSG="no"
3854 AC_ARG_WITH(ipaddr-display,
3855 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3857 if test "x$withval" != "xno" ; then
3858 AC_DEFINE(IPADDR_IN_DISPLAY)
3859 DISPLAY_HACK_MSG="yes"
3865 # check for /etc/default/login and use it if present.
3866 AC_ARG_ENABLE(etc-default-login,
3867 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3868 [ if test "x$enableval" = "xno"; then
3869 AC_MSG_NOTICE([/etc/default/login handling disabled])
3870 etc_default_login=no
3872 etc_default_login=yes
3874 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3876 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3877 etc_default_login=no
3879 etc_default_login=yes
3883 if test "x$etc_default_login" != "xno"; then
3884 AC_CHECK_FILE("/etc/default/login",
3885 [ external_path_file=/etc/default/login ])
3886 if test "x$external_path_file" = "x/etc/default/login"; then
3887 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3888 [Define if your system has /etc/default/login])
3892 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3893 if test $ac_cv_func_login_getcapbool = "yes" && \
3894 test $ac_cv_header_login_cap_h = "yes" ; then
3895 external_path_file=/etc/login.conf
3898 # Whether to mess with the default path
3899 SERVER_PATH_MSG="(default)"
3900 AC_ARG_WITH(default-path,
3901 [ --with-default-path= Specify default \$PATH environment for server],
3903 if test "x$external_path_file" = "x/etc/login.conf" ; then
3905 --with-default-path=PATH has no effect on this system.
3906 Edit /etc/login.conf instead.])
3907 elif test "x$withval" != "xno" ; then
3908 if test ! -z "$external_path_file" ; then
3910 --with-default-path=PATH will only be used if PATH is not defined in
3911 $external_path_file .])
3913 user_path="$withval"
3914 SERVER_PATH_MSG="$withval"
3917 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3918 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3920 if test ! -z "$external_path_file" ; then
3922 If PATH is defined in $external_path_file, ensure the path to scp is included,
3923 otherwise scp will not work.])
3927 /* find out what STDPATH is */
3932 #ifndef _PATH_STDPATH
3933 # ifdef _PATH_USERPATH /* Irix */
3934 # define _PATH_STDPATH _PATH_USERPATH
3936 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3939 #include <sys/types.h>
3940 #include <sys/stat.h>
3942 #define DATA "conftest.stdpath"
3949 fd = fopen(DATA,"w");
3953 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3959 [ user_path=`cat conftest.stdpath` ],
3960 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3961 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3963 # make sure $bindir is in USER_PATH so scp will work
3964 t_bindir=`eval echo ${bindir}`
3966 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3969 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3971 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3972 if test $? -ne 0 ; then
3973 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3974 if test $? -ne 0 ; then
3975 user_path=$user_path:$t_bindir
3976 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3981 if test "x$external_path_file" != "x/etc/login.conf" ; then
3982 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3986 # Set superuser path separately to user path
3987 AC_ARG_WITH(superuser-path,
3988 [ --with-superuser-path= Specify different path for super-user],
3990 if test -n "$withval" && test "x$withval" != "xno" && \
3991 test "x${withval}" != "xyes"; then
3992 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3993 [Define if you want a different $PATH
3995 superuser_path=$withval
4001 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4002 IPV4_IN6_HACK_MSG="no"
4004 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4006 if test "x$withval" != "xno" ; then
4008 AC_DEFINE(IPV4_IN_IPV6, 1,
4009 [Detect IPv4 in IPv6 mapped addresses
4011 IPV4_IN6_HACK_MSG="yes"
4016 if test "x$inet6_default_4in6" = "xyes"; then
4017 AC_MSG_RESULT([yes (default)])
4018 AC_DEFINE(IPV4_IN_IPV6)
4019 IPV4_IN6_HACK_MSG="yes"
4021 AC_MSG_RESULT([no (default)])
4026 # Whether to enable BSD auth support
4028 AC_ARG_WITH(bsd-auth,
4029 [ --with-bsd-auth Enable BSD auth support],
4031 if test "x$withval" != "xno" ; then
4032 AC_DEFINE(BSD_AUTH, 1,
4033 [Define if you have BSD auth support])
4039 # Where to place sshd.pid
4041 # make sure the directory exists
4042 if test ! -d $piddir ; then
4043 piddir=`eval echo ${sysconfdir}`
4045 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4049 AC_ARG_WITH(pid-dir,
4050 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4052 if test -n "$withval" && test "x$withval" != "xno" && \
4053 test "x${withval}" != "xyes"; then
4055 if test ! -d $piddir ; then
4056 AC_MSG_WARN([** no $piddir directory on this system **])
4062 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
4065 dnl allow user to disable some login recording features
4066 AC_ARG_ENABLE(lastlog,
4067 [ --disable-lastlog disable use of lastlog even if detected [no]],
4069 if test "x$enableval" = "xno" ; then
4070 AC_DEFINE(DISABLE_LASTLOG)
4075 [ --disable-utmp disable use of utmp even if detected [no]],
4077 if test "x$enableval" = "xno" ; then
4078 AC_DEFINE(DISABLE_UTMP)
4082 AC_ARG_ENABLE(utmpx,
4083 [ --disable-utmpx disable use of utmpx even if detected [no]],
4085 if test "x$enableval" = "xno" ; then
4086 AC_DEFINE(DISABLE_UTMPX, 1,
4087 [Define if you don't want to use utmpx])
4092 [ --disable-wtmp disable use of wtmp even if detected [no]],
4094 if test "x$enableval" = "xno" ; then
4095 AC_DEFINE(DISABLE_WTMP)
4099 AC_ARG_ENABLE(wtmpx,
4100 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4102 if test "x$enableval" = "xno" ; then
4103 AC_DEFINE(DISABLE_WTMPX, 1,
4104 [Define if you don't want to use wtmpx])
4108 AC_ARG_ENABLE(libutil,
4109 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4111 if test "x$enableval" = "xno" ; then
4112 AC_DEFINE(DISABLE_LOGIN)
4116 AC_ARG_ENABLE(pututline,
4117 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4119 if test "x$enableval" = "xno" ; then
4120 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4121 [Define if you don't want to use pututline()
4122 etc. to write [uw]tmp])
4126 AC_ARG_ENABLE(pututxline,
4127 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4129 if test "x$enableval" = "xno" ; then
4130 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4131 [Define if you don't want to use pututxline()
4132 etc. to write [uw]tmpx])
4136 AC_ARG_WITH(lastlog,
4137 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4139 if test "x$withval" = "xno" ; then
4140 AC_DEFINE(DISABLE_LASTLOG)
4141 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4142 conf_lastlog_location=$withval
4147 dnl lastlog, [uw]tmpx? detection
4148 dnl NOTE: set the paths in the platform section to avoid the
4149 dnl need for command-line parameters
4150 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4152 dnl lastlog detection
4153 dnl NOTE: the code itself will detect if lastlog is a directory
4154 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4156 #include <sys/types.h>
4158 #ifdef HAVE_LASTLOG_H
4159 # include <lastlog.h>
4168 [ char *lastlog = LASTLOG_FILE; ],
4169 [ AC_MSG_RESULT(yes) ],
4172 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4174 #include <sys/types.h>
4176 #ifdef HAVE_LASTLOG_H
4177 # include <lastlog.h>
4183 [ char *lastlog = _PATH_LASTLOG; ],
4184 [ AC_MSG_RESULT(yes) ],
4187 system_lastlog_path=no
4192 if test -z "$conf_lastlog_location"; then
4193 if test x"$system_lastlog_path" = x"no" ; then
4194 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4195 if (test -d "$f" || test -f "$f") ; then
4196 conf_lastlog_location=$f
4199 if test -z "$conf_lastlog_location"; then
4200 AC_MSG_WARN([** Cannot find lastlog **])
4201 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4206 if test -n "$conf_lastlog_location"; then
4207 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4208 [Define if you want to specify the path to your lastlog file])
4212 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4214 #include <sys/types.h>
4220 [ char *utmp = UTMP_FILE; ],
4221 [ AC_MSG_RESULT(yes) ],
4223 system_utmp_path=no ]
4225 if test -z "$conf_utmp_location"; then
4226 if test x"$system_utmp_path" = x"no" ; then
4227 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4228 if test -f $f ; then
4229 conf_utmp_location=$f
4232 if test -z "$conf_utmp_location"; then
4233 AC_DEFINE(DISABLE_UTMP)
4237 if test -n "$conf_utmp_location"; then
4238 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4239 [Define if you want to specify the path to your utmp file])
4243 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4245 #include <sys/types.h>
4251 [ char *wtmp = WTMP_FILE; ],
4252 [ AC_MSG_RESULT(yes) ],
4254 system_wtmp_path=no ]
4256 if test -z "$conf_wtmp_location"; then
4257 if test x"$system_wtmp_path" = x"no" ; then
4258 for f in /usr/adm/wtmp /var/log/wtmp; do
4259 if test -f $f ; then
4260 conf_wtmp_location=$f
4263 if test -z "$conf_wtmp_location"; then
4264 AC_DEFINE(DISABLE_WTMP)
4268 if test -n "$conf_wtmp_location"; then
4269 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4270 [Define if you want to specify the path to your wtmp file])
4274 dnl utmpx detection - I don't know any system so perverse as to require
4275 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4277 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4279 #include <sys/types.h>
4288 [ char *utmpx = UTMPX_FILE; ],
4289 [ AC_MSG_RESULT(yes) ],
4291 system_utmpx_path=no ]
4293 if test -z "$conf_utmpx_location"; then
4294 if test x"$system_utmpx_path" = x"no" ; then
4295 AC_DEFINE(DISABLE_UTMPX)
4298 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4299 [Define if you want to specify the path to your utmpx file])
4303 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4305 #include <sys/types.h>
4314 [ char *wtmpx = WTMPX_FILE; ],
4315 [ AC_MSG_RESULT(yes) ],
4317 system_wtmpx_path=no ]
4319 if test -z "$conf_wtmpx_location"; then
4320 if test x"$system_wtmpx_path" = x"no" ; then
4321 AC_DEFINE(DISABLE_WTMPX)
4324 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4325 [Define if you want to specify the path to your wtmpx file])
4329 if test ! -z "$blibpath" ; then
4330 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4331 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4334 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4336 CFLAGS="$CFLAGS $werror_flags"
4338 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4339 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4340 AC_SUBST(TEST_SSH_IPV6, no)
4342 AC_SUBST(TEST_SSH_IPV6, yes)
4346 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4347 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4348 scard/Makefile ssh_prng_cmds survey.sh])
4351 # Print summary of options
4353 # Someone please show me a better way :)
4354 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4355 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4356 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4357 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4358 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4359 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4360 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4361 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4362 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4363 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4366 echo "OpenSSH has been configured with the following options:"
4367 echo " User binaries: $B"
4368 echo " System binaries: $C"
4369 echo " Configuration files: $D"
4370 echo " Askpass program: $E"
4371 echo " Manual pages: $F"
4372 echo " PID file: $G"
4373 echo " Privilege separation chroot path: $H"
4374 if test "x$external_path_file" = "x/etc/login.conf" ; then
4375 echo " At runtime, sshd will use the path defined in $external_path_file"
4376 echo " Make sure the path to scp is present, otherwise scp will not work"
4378 echo " sshd default user PATH: $I"
4379 if test ! -z "$external_path_file"; then
4380 echo " (If PATH is set in $external_path_file it will be used instead. If"
4381 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4384 if test ! -z "$superuser_path" ; then
4385 echo " sshd superuser user PATH: $J"
4387 echo " Manpage format: $MANTYPE"
4388 echo " PAM support: $PAM_MSG"
4389 echo " OSF SIA support: $SIA_MSG"
4390 echo " KerberosV support: $KRB5_MSG"
4391 echo " SELinux support: $SELINUX_MSG"
4392 echo " Smartcard support: $SCARD_MSG"
4393 echo " S/KEY support: $SKEY_MSG"
4394 echo " TCP Wrappers support: $TCPW_MSG"
4395 echo " MD5 password support: $MD5_MSG"
4396 echo " libedit support: $LIBEDIT_MSG"
4397 echo " Solaris process contract support: $SPC_MSG"
4398 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4399 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4400 echo " BSD Auth support: $BSD_AUTH_MSG"
4401 echo " Random number source: $RAND_MSG"
4402 if test ! -z "$USE_RAND_HELPER" ; then
4403 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4408 echo " Host: ${host}"
4409 echo " Compiler: ${CC}"
4410 echo " Compiler flags: ${CFLAGS}"
4411 echo "Preprocessor flags: ${CPPFLAGS}"
4412 echo " Linker flags: ${LDFLAGS}"
4413 echo " Libraries: ${LIBS}"
4414 if test ! -z "${SSHDLIBS}"; then
4415 echo " +for sshd: ${SSHDLIBS}"
4420 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4421 echo "SVR4 style packages are supported with \"make package\""
4425 if test "x$PAM_MSG" = "xyes" ; then
4426 echo "PAM is enabled. You may need to install a PAM control file "
4427 echo "for sshd, otherwise password authentication may fail. "
4428 echo "Example PAM control files can be found in the contrib/ "
4433 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4434 echo "WARNING: you are using the builtin random number collection "
4435 echo "service. Please read WARNING.RNG and request that your OS "
4436 echo "vendor includes kernel-based random number collection in "
4437 echo "future versions of your OS."
4441 if test ! -z "$NO_PEERCHECK" ; then
4442 echo "WARNING: the operating system that you are using does not"
4443 echo "appear to support getpeereid(), getpeerucred() or the"
4444 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4445 echo "enforce security checks to prevent unauthorised connections to"
4446 echo "ssh-agent. Their absence increases the risk that a malicious"
4447 echo "user can connect to your agent."
4451 if test "$AUDIT_MODULE" = "bsm" ; then
4452 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4453 echo "See the Solaris section in README.platform for details."