3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 if test -z "$have_llong_max"; then
109 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
110 unset ac_cv_have_decl_LLONG_MAX
111 saved_CFLAGS="$CFLAGS"
112 CFLAGS="$CFLAGS -std=gnu99"
113 AC_CHECK_DECL(LLONG_MAX,
115 [CFLAGS="$saved_CFLAGS"],
116 [#include <limits.h>]
121 if test "x$no_attrib_nonnull" != "x1" ; then
122 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
126 [ --without-rpath Disable auto-added -R linker paths],
128 if test "x$withval" = "xno" ; then
131 if test "x$withval" = "xyes" ; then
137 # Allow user to specify flags
139 [ --with-cflags Specify additional flags to pass to compiler],
141 if test -n "$withval" && test "x$withval" != "xno" && \
142 test "x${withval}" != "xyes"; then
143 CFLAGS="$CFLAGS $withval"
147 AC_ARG_WITH(cppflags,
148 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CPPFLAGS="$CPPFLAGS $withval"
157 [ --with-ldflags Specify additional flags to pass to linker],
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 LDFLAGS="$LDFLAGS $withval"
166 [ --with-libs Specify additional libraries to link with],
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LIBS="$LIBS $withval"
175 [ --with-Werror Build main code with -Werror],
177 if test -n "$withval" && test "x$withval" != "xno"; then
178 werror_flags="-Werror"
179 if test "x${withval}" != "xyes"; then
180 werror_flags="$withval"
212 security/pam_appl.h \
250 # lastlog.h requires sys/time.h to be included first on Solaris
251 AC_CHECK_HEADERS(lastlog.h, [], [], [
252 #ifdef HAVE_SYS_TIME_H
253 # include <sys/time.h>
257 # sys/ptms.h requires sys/stream.h to be included first on Solaris
258 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
259 #ifdef HAVE_SYS_STREAM_H
260 # include <sys/stream.h>
264 # login_cap.h requires sys/types.h on NetBSD
265 AC_CHECK_HEADERS(login_cap.h, [], [], [
266 #include <sys/types.h>
269 # Messages for features tested for in target-specific section
273 # Check for some target-specific stuff
276 # Some versions of VAC won't allow macro redefinitions at
277 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
278 # particularly with older versions of vac or xlc.
279 # It also throws errors about null macro argments, but these are
281 AC_MSG_CHECKING(if compiler allows macro redefinitions)
284 #define testmacro foo
285 #define testmacro bar
286 int main(void) { exit(0); }
288 [ AC_MSG_RESULT(yes) ],
290 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
291 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
292 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
293 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
297 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
298 if (test -z "$blibpath"); then
299 blibpath="/usr/lib:/lib"
301 saved_LDFLAGS="$LDFLAGS"
302 if test "$GCC" = "yes"; then
303 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
305 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
307 for tryflags in $flags ;do
308 if (test -z "$blibflags"); then
309 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
310 AC_TRY_LINK([], [], [blibflags=$tryflags])
313 if (test -z "$blibflags"); then
314 AC_MSG_RESULT(not found)
315 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
317 AC_MSG_RESULT($blibflags)
319 LDFLAGS="$saved_LDFLAGS"
320 dnl Check for authenticate. Might be in libs.a on older AIXes
321 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
322 [Define if you want to enable AIX4's authenticate function])],
323 [AC_CHECK_LIB(s,authenticate,
324 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
328 dnl Check for various auth function declarations in headers.
329 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
330 passwdexpired, setauthdb], , , [#include <usersec.h>])
331 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
332 AC_CHECK_DECLS(loginfailed,
333 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
335 [#include <usersec.h>],
336 [(void)loginfailed("user","host","tty",0);],
338 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
339 [Define if your AIX loginfailed() function
340 takes 4 arguments (AIX >= 5.2)])],
344 [#include <usersec.h>]
346 AC_CHECK_FUNCS(setauthdb)
347 AC_CHECK_DECL(F_CLOSEM,
348 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
350 [ #include <limits.h>
353 check_for_aix_broken_getaddrinfo=1
354 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
355 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
356 [Define if your platform breaks doing a seteuid before a setuid])
357 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
358 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
359 dnl AIX handles lastlog as part of its login message
360 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
361 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
362 [Some systems need a utmpx entry for /bin/login to work])
363 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
364 [Define to a Set Process Title type if your system is
365 supported by bsd-setproctitle.c])
366 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
367 [AIX 5.2 and 5.3 (and presumably newer) require this])
368 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
371 check_for_libcrypt_later=1
372 LIBS="$LIBS /usr/lib/textreadmode.o"
373 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
374 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
375 AC_DEFINE(DISABLE_SHADOW, 1,
376 [Define if you want to disable shadow passwords])
377 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
378 [Define if your system choked on IP TOS setting])
379 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
380 [Define if X11 doesn't support AF_UNIX sockets on that system])
381 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
382 [Define if the concept of ports only accessible to
383 superusers isn't known])
384 AC_DEFINE(DISABLE_FD_PASSING, 1,
385 [Define if your platform needs to skip post auth
386 file descriptor passing])
389 AC_DEFINE(IP_TOS_IS_BROKEN)
390 AC_DEFINE(SETEUID_BREAKS_SETUID)
391 AC_DEFINE(BROKEN_SETREUID)
392 AC_DEFINE(BROKEN_SETREGID)
395 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
396 AC_DEFINE(BROKEN_GETADDRINFO)
397 AC_DEFINE(SETEUID_BREAKS_SETUID)
398 AC_DEFINE(BROKEN_SETREUID)
399 AC_DEFINE(BROKEN_SETREGID)
400 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
401 [Define if your resolver libs need this for getrrsetbyname])
402 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
403 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
404 [Use tunnel device compatibility to OpenBSD])
405 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
406 [Prepend the address family to IP tunnel traffic])
407 AC_MSG_CHECKING(if we have the Security Authorization Session API)
408 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
409 [SessionCreate(0, 0);],
410 [ac_cv_use_security_session_api="yes"
411 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
412 [platform has the Security Authorization Session API])
413 LIBS="$LIBS -framework Security"
415 [ac_cv_use_security_session_api="no"
417 AC_MSG_CHECKING(if we have an in-memory credentials cache)
419 [#include <Kerberos/Kerberos.h>],
421 (void) cc_initialize (&c, 0, NULL, NULL);],
422 [AC_DEFINE(USE_CCAPI, 1,
423 [platform uses an in-memory credentials cache])
424 LIBS="$LIBS -framework Security"
426 if test "x$ac_cv_use_security_session_api" = "xno"; then
427 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
433 SSHDLIBS="$SSHDLIBS -lcrypt"
436 # first we define all of the options common to all HP-UX releases
437 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
438 IPADDR_IN_DISPLAY=yes
440 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
441 [Define if your login program cannot handle end of options ("--")])
442 AC_DEFINE(LOGIN_NEEDS_UTMPX)
443 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
444 [String used in /etc/passwd to denote locked account])
445 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
446 MAIL="/var/mail/username"
448 AC_CHECK_LIB(xnet, t_error, ,
449 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
451 # next, we define all of the options specific to major releases
454 if test -z "$GCC"; then
459 AC_DEFINE(PAM_SUN_CODEBASE, 1,
460 [Define if you are using Solaris-derived PAM which
461 passes pam_messages to the conversation function
462 with an extra level of indirection])
463 AC_DEFINE(DISABLE_UTMP, 1,
464 [Define if you don't want to use utmp])
465 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
466 check_for_hpux_broken_getaddrinfo=1
467 check_for_conflicting_getspnam=1
471 # lastly, we define options specific to minor releases
474 AC_DEFINE(HAVE_SECUREWARE, 1,
475 [Define if you have SecureWare-based
476 protected password database])
477 disable_ptmx_check=yes
483 PATH="$PATH:/usr/etc"
484 AC_DEFINE(BROKEN_INET_NTOA, 1,
485 [Define if you system's inet_ntoa is busted
486 (e.g. Irix gcc issue)])
487 AC_DEFINE(SETEUID_BREAKS_SETUID)
488 AC_DEFINE(BROKEN_SETREUID)
489 AC_DEFINE(BROKEN_SETREGID)
490 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
491 [Define if you shouldn't strip 'tty' from your
493 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
496 PATH="$PATH:/usr/etc"
497 AC_DEFINE(WITH_IRIX_ARRAY, 1,
498 [Define if you have/want arrays
499 (cluster-wide session managment, not C arrays)])
500 AC_DEFINE(WITH_IRIX_PROJECT, 1,
501 [Define if you want IRIX project management])
502 AC_DEFINE(WITH_IRIX_AUDIT, 1,
503 [Define if you want IRIX audit trails])
504 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
505 [Define if you want IRIX kernel jobs])])
506 AC_DEFINE(BROKEN_INET_NTOA)
507 AC_DEFINE(SETEUID_BREAKS_SETUID)
508 AC_DEFINE(BROKEN_SETREUID)
509 AC_DEFINE(BROKEN_SETREGID)
510 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
511 AC_DEFINE(WITH_ABBREV_NO_TTY)
512 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
516 check_for_libcrypt_later=1
517 check_for_openpty_ctty_bug=1
518 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
519 AC_DEFINE(PAM_TTY_KLUDGE, 1,
520 [Work around problematic Linux PAM modules handling of PAM_TTY])
521 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
522 [String used in /etc/passwd to denote locked account])
523 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
524 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
525 [Define to whatever link() returns for "not supported"
526 if it doesn't return EOPNOTSUPP.])
527 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
529 inet6_default_4in6=yes
532 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
533 [Define if cmsg_type is not passed correctly])
536 # tun(4) forwarding compat code
537 AC_CHECK_HEADERS(linux/if_tun.h)
538 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
539 AC_DEFINE(SSH_TUN_LINUX, 1,
540 [Open tunnel devices the Linux tun/tap way])
541 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
542 [Use tunnel device compatibility to OpenBSD])
543 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
544 [Prepend the address family to IP tunnel traffic])
547 mips-sony-bsd|mips-sony-newsos4)
548 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
552 check_for_libcrypt_before=1
553 if test "x$withval" != "xno" ; then
556 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
557 AC_CHECK_HEADER([net/if_tap.h], ,
558 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
559 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
560 [Prepend the address family to IP tunnel traffic])
563 check_for_libcrypt_later=1
564 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
565 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
566 AC_CHECK_HEADER([net/if_tap.h], ,
567 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
570 AC_DEFINE(SETEUID_BREAKS_SETUID)
571 AC_DEFINE(BROKEN_SETREUID)
572 AC_DEFINE(BROKEN_SETREGID)
575 conf_lastlog_location="/usr/adm/lastlog"
576 conf_utmp_location=/etc/utmp
577 conf_wtmp_location=/usr/adm/wtmp
579 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
580 AC_DEFINE(BROKEN_REALPATH)
582 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
585 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
586 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
587 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
588 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
589 [syslog_r function is safe to use in in a signal handler])
592 if test "x$withval" != "xno" ; then
595 AC_DEFINE(PAM_SUN_CODEBASE)
596 AC_DEFINE(LOGIN_NEEDS_UTMPX)
597 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
598 [Some versions of /bin/login need the TERM supplied
600 AC_DEFINE(PAM_TTY_KLUDGE)
601 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
602 [Define if pam_chauthtok wants real uid set
603 to the unpriv'ed user])
604 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
605 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
606 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
607 [Define if sshd somehow reacquires a controlling TTY
609 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
610 in case the name is longer than 8 chars])
611 external_path_file=/etc/default/login
612 # hardwire lastlog location (can't detect it on some versions)
613 conf_lastlog_location="/var/adm/lastlog"
614 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
615 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
616 if test "$sol2ver" -ge 8; then
618 AC_DEFINE(DISABLE_UTMP)
619 AC_DEFINE(DISABLE_WTMP, 1,
620 [Define if you don't want to use wtmp])
624 AC_ARG_WITH(solaris-contracts,
625 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
627 AC_CHECK_LIB(contract, ct_tmpl_activate,
628 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
629 [Define if you have Solaris process contracts])
630 SSHDLIBS="$SSHDLIBS -lcontract"
637 CPPFLAGS="$CPPFLAGS -DSUNOS4"
638 AC_CHECK_FUNCS(getpwanam)
639 AC_DEFINE(PAM_SUN_CODEBASE)
640 conf_utmp_location=/etc/utmp
641 conf_wtmp_location=/var/adm/wtmp
642 conf_lastlog_location=/var/adm/lastlog
648 AC_DEFINE(SSHD_ACQUIRES_CTTY)
649 AC_DEFINE(SETEUID_BREAKS_SETUID)
650 AC_DEFINE(BROKEN_SETREUID)
651 AC_DEFINE(BROKEN_SETREGID)
654 # /usr/ucblib MUST NOT be searched on ReliantUNIX
655 AC_CHECK_LIB(dl, dlsym, ,)
656 # -lresolv needs to be at the end of LIBS or DNS lookups break
657 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
658 IPADDR_IN_DISPLAY=yes
660 AC_DEFINE(IP_TOS_IS_BROKEN)
661 AC_DEFINE(SETEUID_BREAKS_SETUID)
662 AC_DEFINE(BROKEN_SETREUID)
663 AC_DEFINE(BROKEN_SETREGID)
664 AC_DEFINE(SSHD_ACQUIRES_CTTY)
665 external_path_file=/etc/default/login
666 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
667 # Attention: always take care to bind libsocket and libnsl before libc,
668 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
670 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
673 AC_DEFINE(SETEUID_BREAKS_SETUID)
674 AC_DEFINE(BROKEN_SETREUID)
675 AC_DEFINE(BROKEN_SETREGID)
676 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
677 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
679 # UnixWare 7.x, OpenUNIX 8
681 check_for_libcrypt_later=1
682 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
684 AC_DEFINE(SETEUID_BREAKS_SETUID)
685 AC_DEFINE(BROKEN_SETREUID)
686 AC_DEFINE(BROKEN_SETREGID)
687 AC_DEFINE(PASSWD_NEEDS_USERNAME)
689 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
690 TEST_SHELL=/u95/bin/sh
691 AC_DEFINE(BROKEN_LIBIAF, 1,
692 [ia_uinfo routines not supported by OS yet])
693 AC_DEFINE(BROKEN_UPDWTMPX)
695 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
701 # SCO UNIX and OEM versions of SCO UNIX
703 AC_MSG_ERROR("This Platform is no longer supported.")
707 if test -z "$GCC"; then
708 CFLAGS="$CFLAGS -belf"
710 LIBS="$LIBS -lprot -lx -ltinfo -lm"
713 AC_DEFINE(HAVE_SECUREWARE)
714 AC_DEFINE(DISABLE_SHADOW)
715 AC_DEFINE(DISABLE_FD_PASSING)
716 AC_DEFINE(SETEUID_BREAKS_SETUID)
717 AC_DEFINE(BROKEN_SETREUID)
718 AC_DEFINE(BROKEN_SETREGID)
719 AC_DEFINE(WITH_ABBREV_NO_TTY)
720 AC_DEFINE(BROKEN_UPDWTMPX)
721 AC_DEFINE(PASSWD_NEEDS_USERNAME)
722 AC_CHECK_FUNCS(getluid setluid)
727 AC_DEFINE(NO_SSH_LASTLOG, 1,
728 [Define if you don't want to use lastlog in session.c])
729 AC_DEFINE(SETEUID_BREAKS_SETUID)
730 AC_DEFINE(BROKEN_SETREUID)
731 AC_DEFINE(BROKEN_SETREGID)
733 AC_DEFINE(DISABLE_FD_PASSING)
735 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
739 AC_DEFINE(SETEUID_BREAKS_SETUID)
740 AC_DEFINE(BROKEN_SETREUID)
741 AC_DEFINE(BROKEN_SETREGID)
742 AC_DEFINE(WITH_ABBREV_NO_TTY)
744 AC_DEFINE(DISABLE_FD_PASSING)
746 LIBS="$LIBS -lgen -lacid -ldb"
750 AC_DEFINE(SETEUID_BREAKS_SETUID)
751 AC_DEFINE(BROKEN_SETREUID)
752 AC_DEFINE(BROKEN_SETREGID)
754 AC_DEFINE(DISABLE_FD_PASSING)
755 AC_DEFINE(NO_SSH_LASTLOG)
756 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
757 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
761 AC_MSG_CHECKING(for Digital Unix SIA)
764 [ --with-osfsia Enable Digital Unix SIA],
766 if test "x$withval" = "xno" ; then
767 AC_MSG_RESULT(disabled)
772 if test -z "$no_osfsia" ; then
773 if test -f /etc/sia/matrix.conf; then
775 AC_DEFINE(HAVE_OSF_SIA, 1,
776 [Define if you have Digital Unix Security
777 Integration Architecture])
778 AC_DEFINE(DISABLE_LOGIN, 1,
779 [Define if you don't want to use your
780 system's login() call])
781 AC_DEFINE(DISABLE_FD_PASSING)
782 LIBS="$LIBS -lsecurity -ldb -lm -laud"
786 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
787 [String used in /etc/passwd to denote locked account])
790 AC_DEFINE(BROKEN_GETADDRINFO)
791 AC_DEFINE(SETEUID_BREAKS_SETUID)
792 AC_DEFINE(BROKEN_SETREUID)
793 AC_DEFINE(BROKEN_SETREGID)
798 AC_DEFINE(NO_X11_UNIX_SOCKETS)
799 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
800 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
801 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
802 AC_DEFINE(DISABLE_LASTLOG)
803 AC_DEFINE(SSHD_ACQUIRES_CTTY)
804 enable_etc_default_login=no # has incompatible /etc/default/login
807 AC_DEFINE(DISABLE_FD_PASSING)
813 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
814 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
815 AC_DEFINE(NEED_SETPGRP)
816 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
820 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
821 AC_DEFINE(MISSING_HOWMANY)
822 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
826 AC_MSG_CHECKING(compiler and flags for sanity)
832 [ AC_MSG_RESULT(yes) ],
835 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
837 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
840 dnl Checks for header files.
841 # Checks for libraries.
842 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
843 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
845 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
846 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
847 AC_CHECK_LIB(gen, dirname,[
848 AC_CACHE_CHECK([for broken dirname],
849 ac_cv_have_broken_dirname, [
857 int main(int argc, char **argv) {
860 strncpy(buf,"/etc", 32);
862 if (!s || strncmp(s, "/", 32) != 0) {
869 [ ac_cv_have_broken_dirname="no" ],
870 [ ac_cv_have_broken_dirname="yes" ],
871 [ ac_cv_have_broken_dirname="no" ],
875 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
877 AC_DEFINE(HAVE_DIRNAME)
878 AC_CHECK_HEADERS(libgen.h)
883 AC_CHECK_FUNC(getspnam, ,
884 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
885 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
886 [Define if you have the basename function.]))
890 [ --with-zlib=PATH Use zlib in PATH],
891 [ if test "x$withval" = "xno" ; then
892 AC_MSG_ERROR([*** zlib is required ***])
893 elif test "x$withval" != "xyes"; then
894 if test -d "$withval/lib"; then
895 if test -n "${need_dash_r}"; then
896 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
898 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
901 if test -n "${need_dash_r}"; then
902 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
904 LDFLAGS="-L${withval} ${LDFLAGS}"
907 if test -d "$withval/include"; then
908 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
910 CPPFLAGS="-I${withval} ${CPPFLAGS}"
915 AC_CHECK_LIB(z, deflate, ,
917 saved_CPPFLAGS="$CPPFLAGS"
918 saved_LDFLAGS="$LDFLAGS"
920 dnl Check default zlib install dir
921 if test -n "${need_dash_r}"; then
922 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
924 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
926 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
928 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
930 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
935 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
937 AC_ARG_WITH(zlib-version-check,
938 [ --without-zlib-version-check Disable zlib version check],
939 [ if test "x$withval" = "xno" ; then
940 zlib_check_nonfatal=1
945 AC_MSG_CHECKING(for possibly buggy zlib)
946 AC_RUN_IFELSE([AC_LANG_SOURCE([[
951 int a=0, b=0, c=0, d=0, n, v;
952 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
953 if (n != 3 && n != 4)
955 v = a*1000000 + b*10000 + c*100 + d;
956 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
959 if (a == 1 && b == 1 && c >= 4)
962 /* 1.2.3 and up are OK */
971 if test -z "$zlib_check_nonfatal" ; then
972 AC_MSG_ERROR([*** zlib too old - check config.log ***
973 Your reported zlib version has known security problems. It's possible your
974 vendor has fixed these problems without changing the version number. If you
975 are sure this is the case, you can disable the check by running
976 "./configure --without-zlib-version-check".
977 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
978 See http://www.gzip.org/zlib/ for details.])
980 AC_MSG_WARN([zlib version may have security problems])
983 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
987 AC_CHECK_FUNC(strcasecmp,
988 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
990 AC_CHECK_FUNCS(utimes,
991 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
992 LIBS="$LIBS -lc89"]) ]
995 dnl Checks for libutil functions
996 AC_CHECK_HEADERS(libutil.h)
997 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
998 [Define if your libraries define login()])])
999 AC_CHECK_FUNCS(logout updwtmp logwtmp)
1003 # Check for ALTDIRFUNC glob() extension
1004 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1005 AC_EGREP_CPP(FOUNDIT,
1008 #ifdef GLOB_ALTDIRFUNC
1013 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1014 [Define if your system glob() function has
1015 the GLOB_ALTDIRFUNC extension])
1023 # Check for g.gl_matchc glob() extension
1024 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1026 [ #include <glob.h> ],
1027 [glob_t g; g.gl_matchc = 1;],
1029 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1030 [Define if your system glob() function has
1031 gl_matchc options in glob_t])
1039 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1041 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1044 #include <sys/types.h>
1046 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1048 [AC_MSG_RESULT(yes)],
1051 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1052 [Define if your struct dirent expects you to
1053 allocate extra space for d_name])
1056 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1057 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1061 # Check whether the user wants GSSAPI mechglue support
1062 AC_ARG_WITH(mechglue,
1063 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1065 AC_MSG_CHECKING(for mechglue library)
1067 if test -e ${withval}/libgssapi.a ; then
1068 mechglue_lib=${withval}/libgssapi.a
1069 elif test -e ${withval}/lib/libgssapi.a ; then
1070 mechglue_lib=${withval}/lib/libgssapi.a
1072 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1074 LIBS="$LIBS ${mechglue_lib}"
1075 AC_MSG_RESULT(${mechglue_lib})
1077 AC_CHECK_LIB(dl, dlopen, , )
1078 if test $ac_cv_lib_dl_dlopen = yes; then
1079 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1083 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1090 # Check whether the user wants GSI (Globus) support
1093 [ --with-gsi Enable Globus GSI authentication support],
1100 [ --with-globus Enable Globus GSI authentication support],
1106 AC_ARG_WITH(globus-static,
1107 [ --with-globus-static Link statically with Globus GSI libraries],
1109 gsi_static="-static"
1110 if test "x$gsi_path" = "xno" ; then
1116 # Check whether the user has a Globus flavor type
1117 globus_flavor_type="no"
1118 AC_ARG_WITH(globus-flavor,
1119 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
1121 globus_flavor_type="$withval"
1122 if test "x$gsi_path" = "xno" ; then
1128 if test "x$gsi_path" != "xno" ; then
1129 # Globus GSSAPI configuration
1130 AC_MSG_CHECKING(for Globus GSI)
1131 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
1133 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
1134 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1136 if test -z "$GSSAPI"; then
1141 if test "x$gsi_path" = "xyes" ; then
1142 if test -z "$GLOBUS_LOCATION" ; then
1143 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
1145 gsi_path="$GLOBUS_LOCATION"
1148 GLOBUS_LOCATION="$gsi_path"
1149 export GLOBUS_LOCATION
1150 if test ! -d "$GLOBUS_LOCATION" ; then
1151 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1154 if test "x$globus_flavor_type" = "xno" ; then
1155 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1157 if test "x$globus_flavor_type" = "xyes" ; then
1158 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1161 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1162 if test ! -d "$GLOBUS_INCLUDE" ; then
1163 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1165 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
1167 if test -x ${gsi_path}/bin/globus-makefile-header ; then
1168 GSI_LIBS=`${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
1169 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
1170 GSI_LIBS=`${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
1172 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
1174 if test -n "${need_dash_r}"; then
1175 GSI_LDFLAGS="-L${gsi_path}/lib -R${gsi_path}/lib"
1177 GSI_LDFLAGS="-L${gsi_path}/lib"
1179 if test -z "$GSI_LIBS" ; then
1180 AC_MSG_ERROR(globus-makefile-header failed)
1183 AC_DEFINE(HAVE_GSSAPI_H)
1185 LIBS="$LIBS $GSI_LIBS"
1186 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1187 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
1189 # test that we got the libraries OK
1197 AC_MSG_ERROR(link with Globus libraries failed)
1200 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1201 INSTALL_GSISSH="yes"
1205 AC_SUBST(INSTALL_GSISSH)
1206 # End Globus/GSI section
1208 AC_MSG_CHECKING([for /proc/pid/fd directory])
1209 if test -d "/proc/$$/fd" ; then
1210 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1216 # Check whether user wants S/Key support
1219 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1221 if test "x$withval" != "xno" ; then
1223 if test "x$withval" != "xyes" ; then
1224 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1225 LDFLAGS="$LDFLAGS -L${withval}/lib"
1228 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1232 AC_MSG_CHECKING([for s/key support])
1237 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1239 [AC_MSG_RESULT(yes)],
1242 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1244 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1248 [(void)skeychallenge(NULL,"name","",0);],
1250 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1251 [Define if your skeychallenge()
1252 function takes 4 arguments (NetBSD)])],
1259 # Check whether user wants TCP wrappers support
1261 AC_ARG_WITH(tcp-wrappers,
1262 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1264 if test "x$withval" != "xno" ; then
1266 saved_LDFLAGS="$LDFLAGS"
1267 saved_CPPFLAGS="$CPPFLAGS"
1268 if test -n "${withval}" && \
1269 test "x${withval}" != "xyes"; then
1270 if test -d "${withval}/lib"; then
1271 if test -n "${need_dash_r}"; then
1272 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1274 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1277 if test -n "${need_dash_r}"; then
1278 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1280 LDFLAGS="-L${withval} ${LDFLAGS}"
1283 if test -d "${withval}/include"; then
1284 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1286 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1290 AC_MSG_CHECKING(for libwrap)
1293 #include <sys/types.h>
1294 #include <sys/socket.h>
1295 #include <netinet/in.h>
1297 int deny_severity = 0, allow_severity = 0;
1302 AC_DEFINE(LIBWRAP, 1,
1304 TCP Wrappers support])
1305 SSHDLIBS="$SSHDLIBS -lwrap"
1309 AC_MSG_ERROR([*** libwrap missing])
1317 # Check whether user wants libedit support
1319 AC_ARG_WITH(libedit,
1320 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1321 [ if test "x$withval" != "xno" ; then
1322 if test "x$withval" != "xyes"; then
1323 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1324 if test -n "${need_dash_r}"; then
1325 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1327 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1330 AC_CHECK_LIB(edit, el_init,
1331 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1332 LIBEDIT="-ledit -lcurses"
1336 [ AC_MSG_ERROR(libedit not found) ],
1339 AC_MSG_CHECKING(if libedit version is compatible)
1342 #include <histedit.h>
1346 el_init("", NULL, NULL, NULL);
1350 [ AC_MSG_RESULT(yes) ],
1352 AC_MSG_ERROR(libedit version is not compatible) ]
1359 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1361 AC_MSG_CHECKING(for supported audit module)
1366 dnl Checks for headers, libs and functions
1367 AC_CHECK_HEADERS(bsm/audit.h, [],
1368 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1375 AC_CHECK_LIB(bsm, getaudit, [],
1376 [AC_MSG_ERROR(BSM enabled and required library not found)])
1377 AC_CHECK_FUNCS(getaudit, [],
1378 [AC_MSG_ERROR(BSM enabled and required function not found)])
1379 # These are optional
1380 AC_CHECK_FUNCS(getaudit_addr)
1381 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1385 AC_MSG_RESULT(debug)
1386 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1392 AC_MSG_ERROR([Unknown audit module $withval])
1397 dnl Checks for library functions. Please keep in alphabetical order
1485 # IRIX has a const char return value for gai_strerror()
1486 AC_CHECK_FUNCS(gai_strerror,[
1487 AC_DEFINE(HAVE_GAI_STRERROR)
1489 #include <sys/types.h>
1490 #include <sys/socket.h>
1493 const char *gai_strerror(int);],[
1496 str = gai_strerror(0);],[
1497 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1498 [Define if gai_strerror() returns const char *])])])
1500 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1501 [Some systems put nanosleep outside of libc]))
1503 dnl Make sure prototypes are defined for these before using them.
1504 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1505 AC_CHECK_DECL(strsep,
1506 [AC_CHECK_FUNCS(strsep)],
1509 #ifdef HAVE_STRING_H
1510 # include <string.h>
1514 dnl tcsendbreak might be a macro
1515 AC_CHECK_DECL(tcsendbreak,
1516 [AC_DEFINE(HAVE_TCSENDBREAK)],
1517 [AC_CHECK_FUNCS(tcsendbreak)],
1518 [#include <termios.h>]
1521 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1523 AC_CHECK_DECLS(SHUT_RD, , ,
1525 #include <sys/types.h>
1526 #include <sys/socket.h>
1529 AC_CHECK_DECLS(O_NONBLOCK, , ,
1531 #include <sys/types.h>
1532 #ifdef HAVE_SYS_STAT_H
1533 # include <sys/stat.h>
1540 AC_CHECK_DECLS(writev, , , [
1541 #include <sys/types.h>
1542 #include <sys/uio.h>
1546 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1547 #include <sys/param.h>
1550 AC_CHECK_DECLS(offsetof, , , [
1554 AC_CHECK_FUNCS(setresuid, [
1555 dnl Some platorms have setresuid that isn't implemented, test for this
1556 AC_MSG_CHECKING(if setresuid seems to work)
1561 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1563 [AC_MSG_RESULT(yes)],
1564 [AC_DEFINE(BROKEN_SETRESUID, 1,
1565 [Define if your setresuid() is broken])
1566 AC_MSG_RESULT(not implemented)],
1567 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1571 AC_CHECK_FUNCS(setresgid, [
1572 dnl Some platorms have setresgid that isn't implemented, test for this
1573 AC_MSG_CHECKING(if setresgid seems to work)
1578 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1580 [AC_MSG_RESULT(yes)],
1581 [AC_DEFINE(BROKEN_SETRESGID, 1,
1582 [Define if your setresgid() is broken])
1583 AC_MSG_RESULT(not implemented)],
1584 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1588 dnl Checks for time functions
1589 AC_CHECK_FUNCS(gettimeofday time)
1590 dnl Checks for utmp functions
1591 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1592 AC_CHECK_FUNCS(utmpname)
1593 dnl Checks for utmpx functions
1594 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1595 AC_CHECK_FUNCS(setutxent utmpxname)
1597 AC_CHECK_FUNC(daemon,
1598 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1599 [AC_CHECK_LIB(bsd, daemon,
1600 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1603 AC_CHECK_FUNC(getpagesize,
1604 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1605 [Define if your libraries define getpagesize()])],
1606 [AC_CHECK_LIB(ucb, getpagesize,
1607 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1610 # Check for broken snprintf
1611 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1612 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1616 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1618 [AC_MSG_RESULT(yes)],
1621 AC_DEFINE(BROKEN_SNPRINTF, 1,
1622 [Define if your snprintf is busted])
1623 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1625 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1629 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1630 # returning the right thing on overflow: the number of characters it tried to
1631 # create (as per SUSv3)
1632 if test "x$ac_cv_func_asprintf" != "xyes" && \
1633 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1634 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1637 #include <sys/types.h>
1641 int x_snprintf(char *str,size_t count,const char *fmt,...)
1643 size_t ret; va_list ap;
1644 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1650 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1652 [AC_MSG_RESULT(yes)],
1655 AC_DEFINE(BROKEN_SNPRINTF, 1,
1656 [Define if your snprintf is busted])
1657 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1659 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1663 # On systems where [v]snprintf is broken, but is declared in stdio,
1664 # check that the fmt argument is const char * or just char *.
1665 # This is only useful for when BROKEN_SNPRINTF
1666 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1667 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1668 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1669 int main(void) { snprintf(0, 0, 0); }
1672 AC_DEFINE(SNPRINTF_CONST, [const],
1673 [Define as const if snprintf() can declare const char *fmt])],
1675 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1677 # Check for missing getpeereid (or equiv) support
1679 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1680 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1682 [#include <sys/types.h>
1683 #include <sys/socket.h>],
1684 [int i = SO_PEERCRED;],
1685 [ AC_MSG_RESULT(yes)
1686 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1693 dnl see whether mkstemp() requires XXXXXX
1694 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1695 AC_MSG_CHECKING([for (overly) strict mkstemp])
1699 main() { char template[]="conftest.mkstemp-test";
1700 if (mkstemp(template) == -1)
1702 unlink(template); exit(0);
1710 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1714 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1719 dnl make sure that openpty does not reacquire controlling terminal
1720 if test ! -z "$check_for_openpty_ctty_bug"; then
1721 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1725 #include <sys/fcntl.h>
1726 #include <sys/types.h>
1727 #include <sys/wait.h>
1733 int fd, ptyfd, ttyfd, status;
1736 if (pid < 0) { /* failed */
1738 } else if (pid > 0) { /* parent */
1739 waitpid(pid, &status, 0);
1740 if (WIFEXITED(status))
1741 exit(WEXITSTATUS(status));
1744 } else { /* child */
1745 close(0); close(1); close(2);
1747 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1748 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1750 exit(3); /* Acquired ctty: broken */
1752 exit(0); /* Did not acquire ctty: OK */
1761 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1764 AC_MSG_RESULT(cross-compiling, assuming yes)
1769 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1770 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1771 AC_MSG_CHECKING(if getaddrinfo seems to work)
1775 #include <sys/socket.h>
1778 #include <netinet/in.h>
1780 #define TEST_PORT "2222"
1786 struct addrinfo *gai_ai, *ai, hints;
1787 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1789 memset(&hints, 0, sizeof(hints));
1790 hints.ai_family = PF_UNSPEC;
1791 hints.ai_socktype = SOCK_STREAM;
1792 hints.ai_flags = AI_PASSIVE;
1794 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1796 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1800 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1801 if (ai->ai_family != AF_INET6)
1804 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1805 sizeof(ntop), strport, sizeof(strport),
1806 NI_NUMERICHOST|NI_NUMERICSERV);
1809 if (err == EAI_SYSTEM)
1810 perror("getnameinfo EAI_SYSTEM");
1812 fprintf(stderr, "getnameinfo failed: %s\n",
1817 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1820 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1833 AC_DEFINE(BROKEN_GETADDRINFO)
1836 AC_MSG_RESULT(cross-compiling, assuming yes)
1841 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1842 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1843 AC_MSG_CHECKING(if getaddrinfo seems to work)
1847 #include <sys/socket.h>
1850 #include <netinet/in.h>
1852 #define TEST_PORT "2222"
1858 struct addrinfo *gai_ai, *ai, hints;
1859 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1861 memset(&hints, 0, sizeof(hints));
1862 hints.ai_family = PF_UNSPEC;
1863 hints.ai_socktype = SOCK_STREAM;
1864 hints.ai_flags = AI_PASSIVE;
1866 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1868 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1872 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1873 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1876 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1877 sizeof(ntop), strport, sizeof(strport),
1878 NI_NUMERICHOST|NI_NUMERICSERV);
1880 if (ai->ai_family == AF_INET && err != 0) {
1881 perror("getnameinfo");
1890 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1891 [Define if you have a getaddrinfo that fails
1892 for the all-zeros IPv6 address])
1896 AC_DEFINE(BROKEN_GETADDRINFO)
1899 AC_MSG_RESULT(cross-compiling, assuming no)
1904 if test "x$check_for_conflicting_getspnam" = "x1"; then
1905 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1909 int main(void) {exit(0);}
1916 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1917 [Conflicting defs for getspnam])
1924 # Search for OpenSSL
1925 saved_CPPFLAGS="$CPPFLAGS"
1926 saved_LDFLAGS="$LDFLAGS"
1927 AC_ARG_WITH(ssl-dir,
1928 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1930 if test "x$withval" != "xno" ; then
1933 ./*|../*) withval="`pwd`/$withval"
1935 if test -d "$withval/lib"; then
1936 if test -n "${need_dash_r}"; then
1937 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1939 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1942 if test -n "${need_dash_r}"; then
1943 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1945 LDFLAGS="-L${withval} ${LDFLAGS}"
1948 if test -d "$withval/include"; then
1949 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1951 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1956 if test -z "$GSI_LIBS" ; then
1957 LIBS="-lcrypto $LIBS"
1959 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1960 [Define if your ssl headers are included
1961 with #include <openssl/header.h>]),
1963 dnl Check default openssl install dir
1964 if test -n "${need_dash_r}"; then
1965 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1967 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1969 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1970 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1972 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1978 # Determine OpenSSL header version
1979 AC_MSG_CHECKING([OpenSSL header version])
1984 #include <openssl/opensslv.h>
1985 #define DATA "conftest.sslincver"
1990 fd = fopen(DATA,"w");
1994 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2001 ssl_header_ver=`cat conftest.sslincver`
2002 AC_MSG_RESULT($ssl_header_ver)
2005 AC_MSG_RESULT(not found)
2006 AC_MSG_ERROR(OpenSSL version header not found.)
2009 AC_MSG_WARN([cross compiling: not checking])
2013 # Determine OpenSSL library version
2014 AC_MSG_CHECKING([OpenSSL library version])
2019 #include <openssl/opensslv.h>
2020 #include <openssl/crypto.h>
2021 #define DATA "conftest.ssllibver"
2026 fd = fopen(DATA,"w");
2030 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2037 ssl_library_ver=`cat conftest.ssllibver`
2038 AC_MSG_RESULT($ssl_library_ver)
2041 AC_MSG_RESULT(not found)
2042 AC_MSG_ERROR(OpenSSL library not found.)
2045 AC_MSG_WARN([cross compiling: not checking])
2049 AC_ARG_WITH(openssl-header-check,
2050 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2051 [ if test "x$withval" = "xno" ; then
2052 openssl_check_nonfatal=1
2057 # Sanity check OpenSSL headers
2058 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2062 #include <openssl/opensslv.h>
2063 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2070 if test "x$openssl_check_nonfatal" = "x"; then
2071 AC_MSG_ERROR([Your OpenSSL headers do not match your
2072 library. Check config.log for details.
2073 If you are sure your installation is consistent, you can disable the check
2074 by running "./configure --without-openssl-header-check".
2075 Also see contrib/findssl.sh for help identifying header/library mismatches.
2078 AC_MSG_WARN([Your OpenSSL headers do not match your
2079 library. Check config.log for details.
2080 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2084 AC_MSG_WARN([cross compiling: not checking])
2088 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2091 #include <openssl/evp.h>
2092 int main(void) { SSLeay_add_all_algorithms(); }
2101 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2104 #include <openssl/evp.h>
2105 int main(void) { SSLeay_add_all_algorithms(); }
2118 AC_ARG_WITH(ssl-engine,
2119 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2120 [ if test "x$withval" != "xno" ; then
2121 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2123 [ #include <openssl/engine.h>],
2125 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2127 [ AC_MSG_RESULT(yes)
2128 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2129 [Enable OpenSSL engine support])
2131 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2136 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2137 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2141 #include <openssl/evp.h>
2142 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2149 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2150 [libcrypto is missing AES 192 and 256 bit functions])
2154 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2155 # because the system crypt() is more featureful.
2156 if test "x$check_for_libcrypt_before" = "x1"; then
2157 AC_CHECK_LIB(crypt, crypt)
2160 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2161 # version in OpenSSL.
2162 if test "x$check_for_libcrypt_later" = "x1"; then
2163 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2166 # Search for SHA256 support in libc and/or OpenSSL
2167 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2170 AC_CHECK_LIB(iaf, ia_openinfo, [
2172 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
2176 ### Configure cryptographic random number support
2178 # Check wheter OpenSSL seeds itself
2179 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2183 #include <openssl/rand.h>
2184 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2187 OPENSSL_SEEDS_ITSELF=yes
2192 # Default to use of the rand helper if OpenSSL doesn't
2197 AC_MSG_WARN([cross compiling: assuming yes])
2198 # This is safe, since all recent OpenSSL versions will
2199 # complain at runtime if not seeded correctly.
2200 OPENSSL_SEEDS_ITSELF=yes
2204 # Check for PAM libs
2207 [ --with-pam Enable PAM support ],
2209 if test "x$withval" != "xno" ; then
2210 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2211 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2212 AC_MSG_ERROR([PAM headers not found])
2216 AC_CHECK_LIB(dl, dlopen, , )
2217 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2218 AC_CHECK_FUNCS(pam_getenvlist)
2219 AC_CHECK_FUNCS(pam_putenv)
2224 SSHDLIBS="$SSHDLIBS -lpam"
2225 AC_DEFINE(USE_PAM, 1,
2226 [Define if you want to enable PAM support])
2228 if test $ac_cv_lib_dl_dlopen = yes; then
2231 # libdl already in LIBS
2234 SSHDLIBS="$SSHDLIBS -ldl"
2242 # Check for older PAM
2243 if test "x$PAM_MSG" = "xyes" ; then
2244 # Check PAM strerror arguments (old PAM)
2245 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2249 #if defined(HAVE_SECURITY_PAM_APPL_H)
2250 #include <security/pam_appl.h>
2251 #elif defined (HAVE_PAM_PAM_APPL_H)
2252 #include <pam/pam_appl.h>
2255 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2256 [AC_MSG_RESULT(no)],
2258 AC_DEFINE(HAVE_OLD_PAM, 1,
2259 [Define if you have an old version of PAM
2260 which takes only one argument to pam_strerror])
2262 PAM_MSG="yes (old library)"
2267 # Do we want to force the use of the rand helper?
2268 AC_ARG_WITH(rand-helper,
2269 [ --with-rand-helper Use subprocess to gather strong randomness ],
2271 if test "x$withval" = "xno" ; then
2272 # Force use of OpenSSL's internal RNG, even if
2273 # the previous test showed it to be unseeded.
2274 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2275 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2276 OPENSSL_SEEDS_ITSELF=yes
2285 # Which randomness source do we use?
2286 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2288 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2289 [Define if you want OpenSSL's internally seeded PRNG only])
2290 RAND_MSG="OpenSSL internal ONLY"
2291 INSTALL_SSH_RAND_HELPER=""
2292 elif test ! -z "$USE_RAND_HELPER" ; then
2293 # install rand helper
2294 RAND_MSG="ssh-rand-helper"
2295 INSTALL_SSH_RAND_HELPER="yes"
2297 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2299 ### Configuration of ssh-rand-helper
2302 AC_ARG_WITH(prngd-port,
2303 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2312 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2315 if test ! -z "$withval" ; then
2316 PRNGD_PORT="$withval"
2317 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2318 [Port number of PRNGD/EGD random number socket])
2323 # PRNGD Unix domain socket
2324 AC_ARG_WITH(prngd-socket,
2325 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2329 withval="/var/run/egd-pool"
2337 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2341 if test ! -z "$withval" ; then
2342 if test ! -z "$PRNGD_PORT" ; then
2343 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2345 if test ! -r "$withval" ; then
2346 AC_MSG_WARN(Entropy socket is not readable)
2348 PRNGD_SOCKET="$withval"
2349 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2350 [Location of PRNGD/EGD random number socket])
2354 # Check for existing socket only if we don't have a random device already
2355 if test "$USE_RAND_HELPER" = yes ; then
2356 AC_MSG_CHECKING(for PRNGD/EGD socket)
2357 # Insert other locations here
2358 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2359 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2360 PRNGD_SOCKET="$sock"
2361 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2365 if test ! -z "$PRNGD_SOCKET" ; then
2366 AC_MSG_RESULT($PRNGD_SOCKET)
2368 AC_MSG_RESULT(not found)
2374 # Change default command timeout for hashing entropy source
2376 AC_ARG_WITH(entropy-timeout,
2377 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2379 if test -n "$withval" && test "x$withval" != "xno" && \
2380 test "x${withval}" != "xyes"; then
2381 entropy_timeout=$withval
2385 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2386 [Builtin PRNG command timeout])
2388 SSH_PRIVSEP_USER=sshd
2389 AC_ARG_WITH(privsep-user,
2390 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2392 if test -n "$withval" && test "x$withval" != "xno" && \
2393 test "x${withval}" != "xyes"; then
2394 SSH_PRIVSEP_USER=$withval
2398 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2399 [non-privileged user for privilege separation])
2400 AC_SUBST(SSH_PRIVSEP_USER)
2402 # We do this little dance with the search path to insure
2403 # that programs that we select for use by installed programs
2404 # (which may be run by the super-user) come from trusted
2405 # locations before they come from the user's private area.
2406 # This should help avoid accidentally configuring some
2407 # random version of a program in someone's personal bin.
2411 test -h /bin 2> /dev/null && PATH=/usr/bin
2412 test -d /sbin && PATH=$PATH:/sbin
2413 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2414 PATH=$PATH:/etc:$OPATH
2416 # These programs are used by the command hashing source to gather entropy
2417 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2418 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2419 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2420 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2421 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2422 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2423 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2424 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2425 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2426 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2427 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2428 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2429 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2430 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2431 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2432 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2436 # Where does ssh-rand-helper get its randomness from?
2437 INSTALL_SSH_PRNG_CMDS=""
2438 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2439 if test ! -z "$PRNGD_PORT" ; then
2440 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2441 elif test ! -z "$PRNGD_SOCKET" ; then
2442 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2444 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2445 RAND_HELPER_CMDHASH=yes
2446 INSTALL_SSH_PRNG_CMDS="yes"
2449 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2452 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2453 if test ! -z "$SONY" ; then
2454 LIBS="$LIBS -liberty";
2457 # Check for long long datatypes
2458 AC_CHECK_TYPES([long long, unsigned long long, long double])
2460 # Check datatype sizes
2461 AC_CHECK_SIZEOF(char, 1)
2462 AC_CHECK_SIZEOF(short int, 2)
2463 AC_CHECK_SIZEOF(int, 4)
2464 AC_CHECK_SIZEOF(long int, 4)
2465 AC_CHECK_SIZEOF(long long int, 8)
2467 # Sanity check long long for some platforms (AIX)
2468 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2469 ac_cv_sizeof_long_long_int=0
2472 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2473 if test -z "$have_llong_max"; then
2474 AC_MSG_CHECKING([for max value of long long])
2478 /* Why is this so damn hard? */
2482 #define __USE_ISOC99
2484 #define DATA "conftest.llminmax"
2485 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2488 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2489 * we do this the hard way.
2492 fprint_ll(FILE *f, long long n)
2495 int l[sizeof(long long) * 8];
2498 if (fprintf(f, "-") < 0)
2500 for (i = 0; n != 0; i++) {
2501 l[i] = my_abs(n % 10);
2505 if (fprintf(f, "%d", l[--i]) < 0)
2508 if (fprintf(f, " ") < 0)
2515 long long i, llmin, llmax = 0;
2517 if((f = fopen(DATA,"w")) == NULL)
2520 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2521 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2525 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2526 /* This will work on one's complement and two's complement */
2527 for (i = 1; i > llmax; i <<= 1, i++)
2529 llmin = llmax + 1LL; /* wrap */
2533 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2534 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2535 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2536 fprintf(f, "unknown unknown\n");
2540 if (fprint_ll(f, llmin) < 0)
2542 if (fprint_ll(f, llmax) < 0)
2550 llong_min=`$AWK '{print $1}' conftest.llminmax`
2551 llong_max=`$AWK '{print $2}' conftest.llminmax`
2553 AC_MSG_RESULT($llong_max)
2554 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2555 [max value of long long calculated by configure])
2556 AC_MSG_CHECKING([for min value of long long])
2557 AC_MSG_RESULT($llong_min)
2558 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2559 [min value of long long calculated by configure])
2562 AC_MSG_RESULT(not found)
2565 AC_MSG_WARN([cross compiling: not checking])
2571 # More checks for data types
2572 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2574 [ #include <sys/types.h> ],
2576 [ ac_cv_have_u_int="yes" ],
2577 [ ac_cv_have_u_int="no" ]
2580 if test "x$ac_cv_have_u_int" = "xyes" ; then
2581 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2585 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2587 [ #include <sys/types.h> ],
2588 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2589 [ ac_cv_have_intxx_t="yes" ],
2590 [ ac_cv_have_intxx_t="no" ]
2593 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2594 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2598 if (test -z "$have_intxx_t" && \
2599 test "x$ac_cv_header_stdint_h" = "xyes")
2601 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2603 [ #include <stdint.h> ],
2604 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2606 AC_DEFINE(HAVE_INTXX_T)
2609 [ AC_MSG_RESULT(no) ]
2613 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2616 #include <sys/types.h>
2617 #ifdef HAVE_STDINT_H
2618 # include <stdint.h>
2620 #include <sys/socket.h>
2621 #ifdef HAVE_SYS_BITYPES_H
2622 # include <sys/bitypes.h>
2625 [ int64_t a; a = 1;],
2626 [ ac_cv_have_int64_t="yes" ],
2627 [ ac_cv_have_int64_t="no" ]
2630 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2631 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2634 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2636 [ #include <sys/types.h> ],
2637 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2638 [ ac_cv_have_u_intxx_t="yes" ],
2639 [ ac_cv_have_u_intxx_t="no" ]
2642 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2643 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2647 if test -z "$have_u_intxx_t" ; then
2648 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2650 [ #include <sys/socket.h> ],
2651 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2653 AC_DEFINE(HAVE_U_INTXX_T)
2656 [ AC_MSG_RESULT(no) ]
2660 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2662 [ #include <sys/types.h> ],
2663 [ u_int64_t a; a = 1;],
2664 [ ac_cv_have_u_int64_t="yes" ],
2665 [ ac_cv_have_u_int64_t="no" ]
2668 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2669 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2673 if test -z "$have_u_int64_t" ; then
2674 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2676 [ #include <sys/bitypes.h> ],
2677 [ u_int64_t a; a = 1],
2679 AC_DEFINE(HAVE_U_INT64_T)
2682 [ AC_MSG_RESULT(no) ]
2686 if test -z "$have_u_intxx_t" ; then
2687 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2690 #include <sys/types.h>
2692 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2693 [ ac_cv_have_uintxx_t="yes" ],
2694 [ ac_cv_have_uintxx_t="no" ]
2697 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2698 AC_DEFINE(HAVE_UINTXX_T, 1,
2699 [define if you have uintxx_t data type])
2703 if test -z "$have_uintxx_t" ; then
2704 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2706 [ #include <stdint.h> ],
2707 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2709 AC_DEFINE(HAVE_UINTXX_T)
2712 [ AC_MSG_RESULT(no) ]
2716 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2717 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2719 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2722 #include <sys/bitypes.h>
2725 int8_t a; int16_t b; int32_t c;
2726 u_int8_t e; u_int16_t f; u_int32_t g;
2727 a = b = c = e = f = g = 1;
2730 AC_DEFINE(HAVE_U_INTXX_T)
2731 AC_DEFINE(HAVE_INTXX_T)
2739 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2742 #include <sys/types.h>
2744 [ u_char foo; foo = 125; ],
2745 [ ac_cv_have_u_char="yes" ],
2746 [ ac_cv_have_u_char="no" ]
2749 if test "x$ac_cv_have_u_char" = "xyes" ; then
2750 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2755 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2757 AC_CHECK_TYPES(in_addr_t,,,
2758 [#include <sys/types.h>
2759 #include <netinet/in.h>])
2761 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2764 #include <sys/types.h>
2766 [ size_t foo; foo = 1235; ],
2767 [ ac_cv_have_size_t="yes" ],
2768 [ ac_cv_have_size_t="no" ]
2771 if test "x$ac_cv_have_size_t" = "xyes" ; then
2772 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2775 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2778 #include <sys/types.h>
2780 [ ssize_t foo; foo = 1235; ],
2781 [ ac_cv_have_ssize_t="yes" ],
2782 [ ac_cv_have_ssize_t="no" ]
2785 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2786 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2789 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2794 [ clock_t foo; foo = 1235; ],
2795 [ ac_cv_have_clock_t="yes" ],
2796 [ ac_cv_have_clock_t="no" ]
2799 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2800 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2803 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2806 #include <sys/types.h>
2807 #include <sys/socket.h>
2809 [ sa_family_t foo; foo = 1235; ],
2810 [ ac_cv_have_sa_family_t="yes" ],
2813 #include <sys/types.h>
2814 #include <sys/socket.h>
2815 #include <netinet/in.h>
2817 [ sa_family_t foo; foo = 1235; ],
2818 [ ac_cv_have_sa_family_t="yes" ],
2820 [ ac_cv_have_sa_family_t="no" ]
2824 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2825 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2826 [define if you have sa_family_t data type])
2829 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2832 #include <sys/types.h>
2834 [ pid_t foo; foo = 1235; ],
2835 [ ac_cv_have_pid_t="yes" ],
2836 [ ac_cv_have_pid_t="no" ]
2839 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2840 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2843 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2846 #include <sys/types.h>
2848 [ mode_t foo; foo = 1235; ],
2849 [ ac_cv_have_mode_t="yes" ],
2850 [ ac_cv_have_mode_t="no" ]
2853 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2854 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2858 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2861 #include <sys/types.h>
2862 #include <sys/socket.h>
2864 [ struct sockaddr_storage s; ],
2865 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2866 [ ac_cv_have_struct_sockaddr_storage="no" ]
2869 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2870 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2871 [define if you have struct sockaddr_storage data type])
2874 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2877 #include <sys/types.h>
2878 #include <netinet/in.h>
2880 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2881 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2882 [ ac_cv_have_struct_sockaddr_in6="no" ]
2885 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2886 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2887 [define if you have struct sockaddr_in6 data type])
2890 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2893 #include <sys/types.h>
2894 #include <netinet/in.h>
2896 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2897 [ ac_cv_have_struct_in6_addr="yes" ],
2898 [ ac_cv_have_struct_in6_addr="no" ]
2901 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2902 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2903 [define if you have struct in6_addr data type])
2906 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2909 #include <sys/types.h>
2910 #include <sys/socket.h>
2913 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2914 [ ac_cv_have_struct_addrinfo="yes" ],
2915 [ ac_cv_have_struct_addrinfo="no" ]
2918 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2919 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2920 [define if you have struct addrinfo data type])
2923 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2925 [ #include <sys/time.h> ],
2926 [ struct timeval tv; tv.tv_sec = 1;],
2927 [ ac_cv_have_struct_timeval="yes" ],
2928 [ ac_cv_have_struct_timeval="no" ]
2931 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2932 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2933 have_struct_timeval=1
2936 AC_CHECK_TYPES(struct timespec)
2938 # We need int64_t or else certian parts of the compile will fail.
2939 if test "x$ac_cv_have_int64_t" = "xno" && \
2940 test "x$ac_cv_sizeof_long_int" != "x8" && \
2941 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2942 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2943 echo "an alternative compiler (I.E., GCC) before continuing."
2947 dnl test snprintf (broken on SCO w/gcc)
2952 #ifdef HAVE_SNPRINTF
2956 char expected_out[50];
2958 #if (SIZEOF_LONG_INT == 8)
2959 long int num = 0x7fffffffffffffff;
2961 long long num = 0x7fffffffffffffffll;
2963 strcpy(expected_out, "9223372036854775807");
2964 snprintf(buf, mazsize, "%lld", num);
2965 if(strcmp(buf, expected_out) != 0)
2972 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2973 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2977 dnl Checks for structure members
2978 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2979 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2980 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2981 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2982 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2983 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2984 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2985 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2986 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2987 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2988 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2989 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2990 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2991 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2992 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2993 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2994 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2996 AC_CHECK_MEMBERS([struct stat.st_blksize])
2997 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2998 [Define if we don't have struct __res_state in resolv.h])],
3001 #if HAVE_SYS_TYPES_H
3002 # include <sys/types.h>
3004 #include <netinet/in.h>
3005 #include <arpa/nameser.h>
3009 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3010 ac_cv_have_ss_family_in_struct_ss, [
3013 #include <sys/types.h>
3014 #include <sys/socket.h>
3016 [ struct sockaddr_storage s; s.ss_family = 1; ],
3017 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3018 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3021 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3022 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3025 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3026 ac_cv_have___ss_family_in_struct_ss, [
3029 #include <sys/types.h>
3030 #include <sys/socket.h>
3032 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3033 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3034 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3037 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3038 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3039 [Fields in struct sockaddr_storage])
3042 AC_CACHE_CHECK([for pw_class field in struct passwd],
3043 ac_cv_have_pw_class_in_struct_passwd, [
3048 [ struct passwd p; p.pw_class = 0; ],
3049 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3050 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3053 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3054 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3055 [Define if your password has a pw_class field])
3058 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3059 ac_cv_have_pw_expire_in_struct_passwd, [
3064 [ struct passwd p; p.pw_expire = 0; ],
3065 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3066 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3069 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3070 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3071 [Define if your password has a pw_expire field])
3074 AC_CACHE_CHECK([for pw_change field in struct passwd],
3075 ac_cv_have_pw_change_in_struct_passwd, [
3080 [ struct passwd p; p.pw_change = 0; ],
3081 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3082 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3085 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3086 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3087 [Define if your password has a pw_change field])
3090 dnl make sure we're using the real structure members and not defines
3091 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3092 ac_cv_have_accrights_in_msghdr, [
3095 #include <sys/types.h>
3096 #include <sys/socket.h>
3097 #include <sys/uio.h>
3099 #ifdef msg_accrights
3100 #error "msg_accrights is a macro"
3104 m.msg_accrights = 0;
3108 [ ac_cv_have_accrights_in_msghdr="yes" ],
3109 [ ac_cv_have_accrights_in_msghdr="no" ]
3112 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3113 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3114 [Define if your system uses access rights style
3115 file descriptor passing])
3118 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3119 ac_cv_have_control_in_msghdr, [
3122 #include <sys/types.h>
3123 #include <sys/socket.h>
3124 #include <sys/uio.h>
3127 #error "msg_control is a macro"
3135 [ ac_cv_have_control_in_msghdr="yes" ],
3136 [ ac_cv_have_control_in_msghdr="no" ]
3139 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3140 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3141 [Define if your system uses ancillary data style
3142 file descriptor passing])
3145 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3147 [ extern char *__progname; printf("%s", __progname); ],
3148 [ ac_cv_libc_defines___progname="yes" ],
3149 [ ac_cv_libc_defines___progname="no" ]
3152 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3153 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3156 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3160 [ printf("%s", __FUNCTION__); ],
3161 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3162 [ ac_cv_cc_implements___FUNCTION__="no" ]
3165 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3166 AC_DEFINE(HAVE___FUNCTION__, 1,
3167 [Define if compiler implements __FUNCTION__])
3170 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3174 [ printf("%s", __func__); ],
3175 [ ac_cv_cc_implements___func__="yes" ],
3176 [ ac_cv_cc_implements___func__="no" ]
3179 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3180 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3183 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3185 [#include <stdarg.h>
3188 [ ac_cv_have_va_copy="yes" ],
3189 [ ac_cv_have_va_copy="no" ]
3192 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3193 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3196 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3198 [#include <stdarg.h>
3201 [ ac_cv_have___va_copy="yes" ],
3202 [ ac_cv_have___va_copy="no" ]
3205 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3206 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3209 AC_CACHE_CHECK([whether getopt has optreset support],
3210 ac_cv_have_getopt_optreset, [
3215 [ extern int optreset; optreset = 0; ],
3216 [ ac_cv_have_getopt_optreset="yes" ],
3217 [ ac_cv_have_getopt_optreset="no" ]
3220 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3221 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3222 [Define if your getopt(3) defines and uses optreset])
3225 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3227 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3228 [ ac_cv_libc_defines_sys_errlist="yes" ],
3229 [ ac_cv_libc_defines_sys_errlist="no" ]
3232 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3233 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3234 [Define if your system defines sys_errlist[]])
3238 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3240 [ extern int sys_nerr; printf("%i", sys_nerr);],
3241 [ ac_cv_libc_defines_sys_nerr="yes" ],
3242 [ ac_cv_libc_defines_sys_nerr="no" ]
3245 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3246 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3250 # Check whether user wants sectok support
3252 [ --with-sectok Enable smartcard support using libsectok],
3254 if test "x$withval" != "xno" ; then
3255 if test "x$withval" != "xyes" ; then
3256 CPPFLAGS="$CPPFLAGS -I${withval}"
3257 LDFLAGS="$LDFLAGS -L${withval}"
3258 if test ! -z "$need_dash_r" ; then
3259 LDFLAGS="$LDFLAGS -R${withval}"
3261 if test ! -z "$blibpath" ; then
3262 blibpath="$blibpath:${withval}"
3265 AC_CHECK_HEADERS(sectok.h)
3266 if test "$ac_cv_header_sectok_h" != yes; then
3267 AC_MSG_ERROR(Can't find sectok.h)
3269 AC_CHECK_LIB(sectok, sectok_open)
3270 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3271 AC_MSG_ERROR(Can't find libsectok)
3273 AC_DEFINE(SMARTCARD, 1,
3274 [Define if you want smartcard support])
3275 AC_DEFINE(USE_SECTOK, 1,
3276 [Define if you want smartcard support
3278 SCARD_MSG="yes, using sectok"
3283 # Check whether user wants OpenSC support
3286 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3288 if test "x$withval" != "xno" ; then
3289 if test "x$withval" != "xyes" ; then
3290 OPENSC_CONFIG=$withval/bin/opensc-config
3292 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3294 if test "$OPENSC_CONFIG" != "no"; then
3295 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3296 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3297 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3298 LIBS="$LIBS $LIBOPENSC_LIBS"
3299 AC_DEFINE(SMARTCARD)
3300 AC_DEFINE(USE_OPENSC, 1,
3301 [Define if you want smartcard support
3303 SCARD_MSG="yes, using OpenSC"
3309 # Check libraries needed by DNS fingerprint support
3310 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3311 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3312 [Define if getrrsetbyname() exists])],
3314 # Needed by our getrrsetbyname()
3315 AC_SEARCH_LIBS(res_query, resolv)
3316 AC_SEARCH_LIBS(dn_expand, resolv)
3317 AC_MSG_CHECKING(if res_query will link)
3318 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3321 LIBS="$LIBS -lresolv"
3322 AC_MSG_CHECKING(for res_query in -lresolv)
3327 res_query (0, 0, 0, 0, 0);
3331 [LIBS="$LIBS -lresolv"
3332 AC_MSG_RESULT(yes)],
3336 AC_CHECK_FUNCS(_getshort _getlong)
3337 AC_CHECK_DECLS([_getshort, _getlong], , ,
3338 [#include <sys/types.h>
3339 #include <arpa/nameser.h>])
3340 AC_CHECK_MEMBER(HEADER.ad,
3341 [AC_DEFINE(HAVE_HEADER_AD, 1,
3342 [Define if HEADER.ad exists in arpa/nameser.h])],,
3343 [#include <arpa/nameser.h>])
3346 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3349 #if HAVE_SYS_TYPES_H
3350 # include <sys/types.h>
3352 #include <netinet/in.h>
3353 #include <arpa/nameser.h>
3355 extern struct __res_state _res;
3356 int main() { return 0; }
3359 AC_DEFINE(HAVE__RES_EXTERN, 1,
3360 [Define if you have struct __res_state _res as an extern])
3362 [ AC_MSG_RESULT(no) ]
3365 # Check whether user wants SELinux support
3368 AC_ARG_WITH(selinux,
3369 [ --with-selinux Enable SELinux support],
3370 [ if test "x$withval" != "xno" ; then
3372 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3374 AC_CHECK_HEADER([selinux/selinux.h], ,
3375 AC_MSG_ERROR(SELinux support requires selinux.h header))
3376 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3377 AC_MSG_ERROR(SELinux support requires libselinux library))
3378 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3379 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3384 # Check whether user wants Kerberos 5 support
3386 AC_ARG_WITH(kerberos5,
3387 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3388 [ if test "x$withval" != "xno" ; then
3389 if test "x$withval" = "xyes" ; then
3390 KRB5ROOT="/usr/local"
3395 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3398 AC_MSG_CHECKING(for krb5-config)
3399 if test -x $KRB5ROOT/bin/krb5-config ; then
3400 KRB5CONF=$KRB5ROOT/bin/krb5-config
3401 AC_MSG_RESULT($KRB5CONF)
3403 AC_MSG_CHECKING(for gssapi support)
3404 if $KRB5CONF | grep gssapi >/dev/null ; then
3406 AC_DEFINE(GSSAPI, 1,
3407 [Define this if you want GSSAPI
3408 support in the version 2 protocol])
3414 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3415 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3416 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3417 AC_MSG_CHECKING(whether we are using Heimdal)
3418 AC_TRY_COMPILE([ #include <krb5.h> ],
3419 [ char *tmp = heimdal_version; ],
3420 [ AC_MSG_RESULT(yes)
3421 AC_DEFINE(HEIMDAL, 1,
3422 [Define this if you are using the
3423 Heimdal version of Kerberos V5]) ],
3428 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3429 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3430 AC_MSG_CHECKING(whether we are using Heimdal)
3431 AC_TRY_COMPILE([ #include <krb5.h> ],
3432 [ char *tmp = heimdal_version; ],
3433 [ AC_MSG_RESULT(yes)
3435 K5LIBS="-lkrb5 -ldes"
3436 K5LIBS="$K5LIBS -lcom_err -lasn1"
3437 AC_CHECK_LIB(roken, net_write,
3438 [K5LIBS="$K5LIBS -lroken"])
3441 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3444 AC_SEARCH_LIBS(dn_expand, resolv)
3446 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3448 K5LIBS="-lgssapi $K5LIBS" ],
3449 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3451 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3452 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3457 AC_CHECK_HEADER(gssapi.h, ,
3458 [ unset ac_cv_header_gssapi_h
3459 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3460 AC_CHECK_HEADERS(gssapi.h, ,
3461 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3467 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3468 AC_CHECK_HEADER(gssapi_krb5.h, ,
3469 [ CPPFLAGS="$oldCPP" ])
3471 # If we're using some other GSSAPI
3472 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3473 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3476 if test -z "$GSSAPI"; then
3481 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3482 AC_CHECK_HEADER(gssapi_krb5.h, ,
3483 [ CPPFLAGS="$oldCPP" ])
3486 if test ! -z "$need_dash_r" ; then
3487 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3489 if test ! -z "$blibpath" ; then
3490 blibpath="$blibpath:${KRB5ROOT}/lib"
3493 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3494 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3495 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3497 LIBS="$LIBS $K5LIBS"
3498 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3499 [Define this if you want to use libkafs' AFS support]))
3504 # Check whether user wants AFS_KRB5 support
3506 AC_ARG_WITH(afs-krb5,
3507 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3509 if test "x$withval" != "xno" ; then
3511 if test "x$withval" != "xyes" ; then
3512 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3513 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3515 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3517 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3520 if test -z "$KRB5ROOT" ; then
3521 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3524 LIBS="-lkrbafs -lkrb4 $LIBS"
3525 if test ! -z "$AFS_LIBS" ; then
3526 LIBS="$LIBS $AFS_LIBS"
3528 AC_DEFINE(AFS_KRB5, 1,
3529 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3535 AC_ARG_WITH(session-hooks,
3536 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3537 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3540 # Looking for programs, paths and files
3542 PRIVSEP_PATH=/var/empty
3543 AC_ARG_WITH(privsep-path,
3544 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3546 if test -n "$withval" && test "x$withval" != "xno" && \
3547 test "x${withval}" != "xyes"; then
3548 PRIVSEP_PATH=$withval
3552 AC_SUBST(PRIVSEP_PATH)
3555 [ --with-xauth=PATH Specify path to xauth program ],
3557 if test -n "$withval" && test "x$withval" != "xno" && \
3558 test "x${withval}" != "xyes"; then
3564 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3565 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3566 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3567 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3568 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3569 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3570 xauth_path="/usr/openwin/bin/xauth"
3576 AC_ARG_ENABLE(strip,
3577 [ --disable-strip Disable calling strip(1) on install],
3579 if test "x$enableval" = "xno" ; then
3586 if test -z "$xauth_path" ; then
3587 XAUTH_PATH="undefined"
3588 AC_SUBST(XAUTH_PATH)
3590 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3591 [Define if xauth is found in your path])
3592 XAUTH_PATH=$xauth_path
3593 AC_SUBST(XAUTH_PATH)
3596 AC_CHECK_DECL(_PATH_BSHELL, ,
3597 AC_DEFINE_UNQUOTED(_PATH_BSHELL, "/bin/sh",
3598 [Define to your C shell if not defined in paths.h]),
3599 [ #include <paths.h> ]
3602 AC_CHECK_DECL(_PATH_CSHELL, ,
3603 AC_DEFINE_UNQUOTED(_PATH_CSHELL, "/bin/csh",
3604 [Define to your Bourne shell if not defined in paths.h]),
3605 [ #include <paths.h> ]
3608 AC_CHECK_DECL(_PATH_SHELLS, ,
3609 AC_DEFINE_UNQUOTED(_PATH_SHELLS, "/etc/shells",
3610 [Define to your shells file if not defined in paths.h]),
3611 [ #include <paths.h> ]
3614 # if _PATH_MAILDIR is in paths.h then we won't go hunting for it.
3615 AC_CHECK_DECL(_PATH_MAILDIR,
3616 AC_DEFINE(PATH_MAILDIR_IN_PATHS_H, 1,
3617 [Define if _PATH_MAILDIR is in paths.h]),
3619 [ #include <paths.h> ]
3622 # Check for mail directory (last resort if we cannot get it from headers)
3623 if test ! -z "$MAIL" ; then
3624 maildir=`dirname $MAIL`
3625 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3626 [Set this to your mail directory if you don't have maillock.h])
3629 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3630 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3631 disable_ptmx_check=yes
3633 if test -z "$no_dev_ptmx" ; then
3634 if test "x$disable_ptmx_check" != "xyes" ; then
3635 AC_CHECK_FILE("/dev/ptmx",
3637 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3638 [Define if you have /dev/ptmx])
3645 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3646 AC_CHECK_FILE("/dev/ptc",
3648 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3649 [Define if you have /dev/ptc])
3654 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3657 # Options from here on. Some of these are preset by platform above
3658 AC_ARG_WITH(mantype,
3659 [ --with-mantype=man|cat|doc Set man page type],
3666 AC_MSG_ERROR(invalid man type: $withval)
3671 if test -z "$MANTYPE"; then
3672 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3673 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3674 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3676 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3683 if test "$MANTYPE" = "doc"; then
3690 # Check whether to enable MD5 passwords
3692 AC_ARG_WITH(md5-passwords,
3693 [ --with-md5-passwords Enable use of MD5 passwords],
3695 if test "x$withval" != "xno" ; then
3696 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3697 [Define if you want to allow MD5 passwords])
3703 # Whether to disable shadow password support
3705 [ --without-shadow Disable shadow password support],
3707 if test "x$withval" = "xno" ; then
3708 AC_DEFINE(DISABLE_SHADOW)
3714 if test -z "$disable_shadow" ; then
3715 AC_MSG_CHECKING([if the systems has expire shadow information])
3718 #include <sys/types.h>
3721 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3722 [ sp_expire_available=yes ], []
3725 if test "x$sp_expire_available" = "xyes" ; then
3727 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3728 [Define if you want to use shadow password expire field])
3734 # Use ip address instead of hostname in $DISPLAY
3735 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3736 DISPLAY_HACK_MSG="yes"
3737 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3738 [Define if you need to use IP address
3739 instead of hostname in $DISPLAY])
3741 DISPLAY_HACK_MSG="no"
3742 AC_ARG_WITH(ipaddr-display,
3743 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3745 if test "x$withval" != "xno" ; then
3746 AC_DEFINE(IPADDR_IN_DISPLAY)
3747 DISPLAY_HACK_MSG="yes"
3753 # check for /etc/default/login and use it if present.
3754 AC_ARG_ENABLE(etc-default-login,
3755 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3756 [ if test "x$enableval" = "xno"; then
3757 AC_MSG_NOTICE([/etc/default/login handling disabled])
3758 etc_default_login=no
3760 etc_default_login=yes
3762 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3764 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3765 etc_default_login=no
3767 etc_default_login=yes
3771 if test "x$etc_default_login" != "xno"; then
3772 AC_CHECK_FILE("/etc/default/login",
3773 [ external_path_file=/etc/default/login ])
3774 if test "x$external_path_file" = "x/etc/default/login"; then
3775 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3776 [Define if your system has /etc/default/login])
3780 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3781 if test $ac_cv_func_login_getcapbool = "yes" && \
3782 test $ac_cv_header_login_cap_h = "yes" ; then
3783 external_path_file=/etc/login.conf
3786 # Whether to mess with the default path
3787 SERVER_PATH_MSG="(default)"
3788 AC_ARG_WITH(default-path,
3789 [ --with-default-path= Specify default \$PATH environment for server],
3791 if test "x$external_path_file" = "x/etc/login.conf" ; then
3793 --with-default-path=PATH has no effect on this system.
3794 Edit /etc/login.conf instead.])
3795 elif test "x$withval" != "xno" ; then
3796 if test ! -z "$external_path_file" ; then
3798 --with-default-path=PATH will only be used if PATH is not defined in
3799 $external_path_file .])
3801 user_path="$withval"
3802 SERVER_PATH_MSG="$withval"
3805 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3806 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3808 if test ! -z "$external_path_file" ; then
3810 If PATH is defined in $external_path_file, ensure the path to scp is included,
3811 otherwise scp will not work.])
3815 /* find out what STDPATH is */
3820 #ifndef _PATH_STDPATH
3821 # ifdef _PATH_USERPATH /* Irix */
3822 # define _PATH_STDPATH _PATH_USERPATH
3824 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3827 #include <sys/types.h>
3828 #include <sys/stat.h>
3830 #define DATA "conftest.stdpath"
3837 fd = fopen(DATA,"w");
3841 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3847 [ user_path=`cat conftest.stdpath` ],
3848 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3849 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3851 # make sure $bindir is in USER_PATH so scp will work
3852 t_bindir=`eval echo ${bindir}`
3854 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3857 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3859 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3860 if test $? -ne 0 ; then
3861 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3862 if test $? -ne 0 ; then
3863 user_path=$user_path:$t_bindir
3864 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3869 if test "x$external_path_file" != "x/etc/login.conf" ; then
3870 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3874 # Set superuser path separately to user path
3875 AC_ARG_WITH(superuser-path,
3876 [ --with-superuser-path= Specify different path for super-user],
3878 if test -n "$withval" && test "x$withval" != "xno" && \
3879 test "x${withval}" != "xyes"; then
3880 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3881 [Define if you want a different $PATH
3883 superuser_path=$withval
3889 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3890 IPV4_IN6_HACK_MSG="no"
3892 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3894 if test "x$withval" != "xno" ; then
3896 AC_DEFINE(IPV4_IN_IPV6, 1,
3897 [Detect IPv4 in IPv6 mapped addresses
3899 IPV4_IN6_HACK_MSG="yes"
3904 if test "x$inet6_default_4in6" = "xyes"; then
3905 AC_MSG_RESULT([yes (default)])
3906 AC_DEFINE(IPV4_IN_IPV6)
3907 IPV4_IN6_HACK_MSG="yes"
3909 AC_MSG_RESULT([no (default)])
3914 # Whether to enable BSD auth support
3916 AC_ARG_WITH(bsd-auth,
3917 [ --with-bsd-auth Enable BSD auth support],
3919 if test "x$withval" != "xno" ; then
3920 AC_DEFINE(BSD_AUTH, 1,
3921 [Define if you have BSD auth support])
3927 # Where to place sshd.pid
3929 # make sure the directory exists
3930 if test ! -d $piddir ; then
3931 piddir=`eval echo ${sysconfdir}`
3933 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3937 AC_ARG_WITH(pid-dir,
3938 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3940 if test -n "$withval" && test "x$withval" != "xno" && \
3941 test "x${withval}" != "xyes"; then
3943 if test ! -d $piddir ; then
3944 AC_MSG_WARN([** no $piddir directory on this system **])
3950 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3953 dnl allow user to disable some login recording features
3954 AC_ARG_ENABLE(lastlog,
3955 [ --disable-lastlog disable use of lastlog even if detected [no]],
3957 if test "x$enableval" = "xno" ; then
3958 AC_DEFINE(DISABLE_LASTLOG)
3963 [ --disable-utmp disable use of utmp even if detected [no]],
3965 if test "x$enableval" = "xno" ; then
3966 AC_DEFINE(DISABLE_UTMP)
3970 AC_ARG_ENABLE(utmpx,
3971 [ --disable-utmpx disable use of utmpx even if detected [no]],
3973 if test "x$enableval" = "xno" ; then
3974 AC_DEFINE(DISABLE_UTMPX, 1,
3975 [Define if you don't want to use utmpx])
3980 [ --disable-wtmp disable use of wtmp even if detected [no]],
3982 if test "x$enableval" = "xno" ; then
3983 AC_DEFINE(DISABLE_WTMP)
3987 AC_ARG_ENABLE(wtmpx,
3988 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3990 if test "x$enableval" = "xno" ; then
3991 AC_DEFINE(DISABLE_WTMPX, 1,
3992 [Define if you don't want to use wtmpx])
3996 AC_ARG_ENABLE(libutil,
3997 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3999 if test "x$enableval" = "xno" ; then
4000 AC_DEFINE(DISABLE_LOGIN)
4004 AC_ARG_ENABLE(pututline,
4005 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4007 if test "x$enableval" = "xno" ; then
4008 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4009 [Define if you don't want to use pututline()
4010 etc. to write [uw]tmp])
4014 AC_ARG_ENABLE(pututxline,
4015 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4017 if test "x$enableval" = "xno" ; then
4018 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4019 [Define if you don't want to use pututxline()
4020 etc. to write [uw]tmpx])
4024 AC_ARG_WITH(lastlog,
4025 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4027 if test "x$withval" = "xno" ; then
4028 AC_DEFINE(DISABLE_LASTLOG)
4029 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4030 conf_lastlog_location=$withval
4035 dnl lastlog, [uw]tmpx? detection
4036 dnl NOTE: set the paths in the platform section to avoid the
4037 dnl need for command-line parameters
4038 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4040 dnl lastlog detection
4041 dnl NOTE: the code itself will detect if lastlog is a directory
4042 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4044 #include <sys/types.h>
4046 #ifdef HAVE_LASTLOG_H
4047 # include <lastlog.h>
4056 [ char *lastlog = LASTLOG_FILE; ],
4057 [ AC_MSG_RESULT(yes) ],
4060 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4062 #include <sys/types.h>
4064 #ifdef HAVE_LASTLOG_H
4065 # include <lastlog.h>
4071 [ char *lastlog = _PATH_LASTLOG; ],
4072 [ AC_MSG_RESULT(yes) ],
4075 system_lastlog_path=no
4080 if test -z "$conf_lastlog_location"; then
4081 if test x"$system_lastlog_path" = x"no" ; then
4082 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4083 if (test -d "$f" || test -f "$f") ; then
4084 conf_lastlog_location=$f
4087 if test -z "$conf_lastlog_location"; then
4088 AC_MSG_WARN([** Cannot find lastlog **])
4089 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4094 if test -n "$conf_lastlog_location"; then
4095 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4096 [Define if you want to specify the path to your lastlog file])
4100 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4102 #include <sys/types.h>
4108 [ char *utmp = UTMP_FILE; ],
4109 [ AC_MSG_RESULT(yes) ],
4111 system_utmp_path=no ]
4113 if test -z "$conf_utmp_location"; then
4114 if test x"$system_utmp_path" = x"no" ; then
4115 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4116 if test -f $f ; then
4117 conf_utmp_location=$f
4120 if test -z "$conf_utmp_location"; then
4121 AC_DEFINE(DISABLE_UTMP)
4125 if test -n "$conf_utmp_location"; then
4126 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4127 [Define if you want to specify the path to your utmp file])
4131 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4133 #include <sys/types.h>
4139 [ char *wtmp = WTMP_FILE; ],
4140 [ AC_MSG_RESULT(yes) ],
4142 system_wtmp_path=no ]
4144 if test -z "$conf_wtmp_location"; then
4145 if test x"$system_wtmp_path" = x"no" ; then
4146 for f in /usr/adm/wtmp /var/log/wtmp; do
4147 if test -f $f ; then
4148 conf_wtmp_location=$f
4151 if test -z "$conf_wtmp_location"; then
4152 AC_DEFINE(DISABLE_WTMP)
4156 if test -n "$conf_wtmp_location"; then
4157 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4158 [Define if you want to specify the path to your wtmp file])
4162 dnl utmpx detection - I don't know any system so perverse as to require
4163 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4165 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4167 #include <sys/types.h>
4176 [ char *utmpx = UTMPX_FILE; ],
4177 [ AC_MSG_RESULT(yes) ],
4179 system_utmpx_path=no ]
4181 if test -z "$conf_utmpx_location"; then
4182 if test x"$system_utmpx_path" = x"no" ; then
4183 AC_DEFINE(DISABLE_UTMPX)
4186 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4187 [Define if you want to specify the path to your utmpx file])
4191 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4193 #include <sys/types.h>
4202 [ char *wtmpx = WTMPX_FILE; ],
4203 [ AC_MSG_RESULT(yes) ],
4205 system_wtmpx_path=no ]
4207 if test -z "$conf_wtmpx_location"; then
4208 if test x"$system_wtmpx_path" = x"no" ; then
4209 AC_DEFINE(DISABLE_WTMPX)
4212 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4213 [Define if you want to specify the path to your wtmpx file])
4217 if test ! -z "$blibpath" ; then
4218 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4219 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4222 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4224 CFLAGS="$CFLAGS $werror_flags"
4227 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4228 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4229 scard/Makefile ssh_prng_cmds survey.sh])
4232 # Print summary of options
4234 # Someone please show me a better way :)
4235 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4236 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4237 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4238 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4239 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4240 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4241 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4242 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4243 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4244 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4247 echo "OpenSSH has been configured with the following options:"
4248 echo " User binaries: $B"
4249 echo " System binaries: $C"
4250 echo " Configuration files: $D"
4251 echo " Askpass program: $E"
4252 echo " Manual pages: $F"
4253 echo " PID file: $G"
4254 echo " Privilege separation chroot path: $H"
4255 if test "x$external_path_file" = "x/etc/login.conf" ; then
4256 echo " At runtime, sshd will use the path defined in $external_path_file"
4257 echo " Make sure the path to scp is present, otherwise scp will not work"
4259 echo " sshd default user PATH: $I"
4260 if test ! -z "$external_path_file"; then
4261 echo " (If PATH is set in $external_path_file it will be used instead. If"
4262 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4265 if test ! -z "$superuser_path" ; then
4266 echo " sshd superuser user PATH: $J"
4268 echo " Manpage format: $MANTYPE"
4269 echo " PAM support: $PAM_MSG"
4270 echo " OSF SIA support: $SIA_MSG"
4271 echo " KerberosV support: $KRB5_MSG"
4272 echo " SELinux support: $SELINUX_MSG"
4273 echo " Smartcard support: $SCARD_MSG"
4274 echo " S/KEY support: $SKEY_MSG"
4275 echo " TCP Wrappers support: $TCPW_MSG"
4276 echo " MD5 password support: $MD5_MSG"
4277 echo " libedit support: $LIBEDIT_MSG"
4278 echo " Solaris process contract support: $SPC_MSG"
4279 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4280 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4281 echo " BSD Auth support: $BSD_AUTH_MSG"
4282 echo " Random number source: $RAND_MSG"
4283 if test ! -z "$USE_RAND_HELPER" ; then
4284 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4289 echo " Host: ${host}"
4290 echo " Compiler: ${CC}"
4291 echo " Compiler flags: ${CFLAGS}"
4292 echo "Preprocessor flags: ${CPPFLAGS}"
4293 echo " Linker flags: ${LDFLAGS}"
4294 echo " Libraries: ${LIBS}"
4295 if test ! -z "${SSHDLIBS}"; then
4296 echo " +for sshd: ${SSHDLIBS}"
4301 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4302 echo "SVR4 style packages are supported with \"make package\""
4306 if test "x$PAM_MSG" = "xyes" ; then
4307 echo "PAM is enabled. You may need to install a PAM control file "
4308 echo "for sshd, otherwise password authentication may fail. "
4309 echo "Example PAM control files can be found in the contrib/ "
4314 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4315 echo "WARNING: you are using the builtin random number collection "
4316 echo "service. Please read WARNING.RNG and request that your OS "
4317 echo "vendor includes kernel-based random number collection in "
4318 echo "future versions of your OS."
4322 if test ! -z "$NO_PEERCHECK" ; then
4323 echo "WARNING: the operating system that you are using does not"
4324 echo "appear to support getpeereid(), getpeerucred() or the"
4325 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4326 echo "enforce security checks to prevent unauthorised connections to"
4327 echo "ssh-agent. Their absence increases the risk that a malicious"
4328 echo "user can connect to your agent."
4332 if test "$AUDIT_MODULE" = "bsm" ; then
4333 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4334 echo "See the Solaris section in README.platform for details."