3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
27 # Checks for programs.
34 AC_PATH_PROG(CAT, cat)
35 AC_PATH_PROG(KILL, kill)
36 AC_PATH_PROGS(PERL, perl5 perl)
37 AC_PATH_PROG(SED, sed)
39 AC_PATH_PROG(ENT, ent)
41 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
42 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
43 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
45 AC_SUBST(TEST_SHELL,sh)
48 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
49 [/usr/sbin${PATH_SEPARATOR}/etc])
50 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
51 [/usr/sbin${PATH_SEPARATOR}/etc])
52 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
53 if test -x /sbin/sh; then
54 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
56 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
62 if test -z "$AR" ; then
63 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
66 # Use LOGIN_PROGRAM from environment if possible
67 if test ! -z "$LOGIN_PROGRAM" ; then
68 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
69 [If your header files don't define LOGIN_PROGRAM,
70 then use this (detected) from environment and PATH])
73 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
74 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
75 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
79 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
80 if test ! -z "$PATH_PASSWD_PROG" ; then
81 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
82 [Full path of your "passwd" program])
85 if test -z "$LD" ; then
92 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
95 AC_ARG_WITH(stackprotect,
96 [ --without-stackprotect Don't use compiler's stack protection], [
97 if test "x$withval" = "xno"; then
101 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
102 CFLAGS="$CFLAGS -Wall -Wpointer-arith"
103 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
105 1.*) no_attrib_nonnull=1 ;;
107 CFLAGS="$CFLAGS -Wsign-compare"
110 2.*) no_attrib_nonnull=1 ;;
111 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
112 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
116 AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
117 saved_CFLAGS="$CFLAGS"
118 CFLAGS="$CFLAGS -fno-builtin-memset"
119 AC_LINK_IFELSE( [AC_LANG_SOURCE([[
121 int main(void){char b[10]; memset(b, 0, sizeof(b));}
123 [ AC_MSG_RESULT(yes) ],
125 CFLAGS="$saved_CFLAGS" ]
128 # -fstack-protector-all doesn't always work for some GCC versions
129 # and/or platforms, so we test if we can. If it's not supported
130 # on a give platform gcc will emit a warning so we use -Werror.
131 if test "x$use_stack_protector" = "x1"; then
132 for t in -fstack-protector-all -fstack-protector; do
133 AC_MSG_CHECKING(if $CC supports $t)
134 saved_CFLAGS="$CFLAGS"
135 saved_LDFLAGS="$LDFLAGS"
136 CFLAGS="$CFLAGS $t -Werror"
137 LDFLAGS="$LDFLAGS $t -Werror"
141 int main(void){return 0;}
144 CFLAGS="$saved_CFLAGS $t"
145 LDFLAGS="$saved_LDFLAGS $t"
146 AC_MSG_CHECKING(if $t works)
150 int main(void){exit(0);}
154 [ AC_MSG_RESULT(no) ],
155 [ AC_MSG_WARN([cross compiling: cannot test])
159 [ AC_MSG_RESULT(no) ]
161 CFLAGS="$saved_CFLAGS"
162 LDFLAGS="$saved_LDFLAGS"
166 if test -z "$have_llong_max"; then
167 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
168 unset ac_cv_have_decl_LLONG_MAX
169 saved_CFLAGS="$CFLAGS"
170 CFLAGS="$CFLAGS -std=gnu99"
171 AC_CHECK_DECL(LLONG_MAX,
173 [CFLAGS="$saved_CFLAGS"],
174 [#include <limits.h>]
179 if test "x$no_attrib_nonnull" != "x1" ; then
180 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
184 [ --without-rpath Disable auto-added -R linker paths],
186 if test "x$withval" = "xno" ; then
189 if test "x$withval" = "xyes" ; then
195 # Allow user to specify flags
197 [ --with-cflags Specify additional flags to pass to compiler],
199 if test -n "$withval" && test "x$withval" != "xno" && \
200 test "x${withval}" != "xyes"; then
201 CFLAGS="$CFLAGS $withval"
205 AC_ARG_WITH(cppflags,
206 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
208 if test -n "$withval" && test "x$withval" != "xno" && \
209 test "x${withval}" != "xyes"; then
210 CPPFLAGS="$CPPFLAGS $withval"
215 [ --with-ldflags Specify additional flags to pass to linker],
217 if test -n "$withval" && test "x$withval" != "xno" && \
218 test "x${withval}" != "xyes"; then
219 LDFLAGS="$LDFLAGS $withval"
224 [ --with-libs Specify additional libraries to link with],
226 if test -n "$withval" && test "x$withval" != "xno" && \
227 test "x${withval}" != "xyes"; then
228 LIBS="$LIBS $withval"
233 [ --with-Werror Build main code with -Werror],
235 if test -n "$withval" && test "x$withval" != "xno"; then
236 werror_flags="-Werror"
237 if test "x${withval}" != "xyes"; then
238 werror_flags="$withval"
270 security/pam_appl.h \
311 # lastlog.h requires sys/time.h to be included first on Solaris
312 AC_CHECK_HEADERS(lastlog.h, [], [], [
313 #ifdef HAVE_SYS_TIME_H
314 # include <sys/time.h>
318 # sys/ptms.h requires sys/stream.h to be included first on Solaris
319 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
320 #ifdef HAVE_SYS_STREAM_H
321 # include <sys/stream.h>
325 # login_cap.h requires sys/types.h on NetBSD
326 AC_CHECK_HEADERS(login_cap.h, [], [], [
327 #include <sys/types.h>
330 # Messages for features tested for in target-specific section
334 # Check for some target-specific stuff
337 # Some versions of VAC won't allow macro redefinitions at
338 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
339 # particularly with older versions of vac or xlc.
340 # It also throws errors about null macro argments, but these are
342 AC_MSG_CHECKING(if compiler allows macro redefinitions)
345 #define testmacro foo
346 #define testmacro bar
347 int main(void) { exit(0); }
349 [ AC_MSG_RESULT(yes) ],
351 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
352 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
353 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
354 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
358 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
359 if (test -z "$blibpath"); then
360 blibpath="/usr/lib:/lib"
362 saved_LDFLAGS="$LDFLAGS"
363 if test "$GCC" = "yes"; then
364 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
366 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
368 for tryflags in $flags ;do
369 if (test -z "$blibflags"); then
370 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
371 AC_TRY_LINK([], [], [blibflags=$tryflags])
374 if (test -z "$blibflags"); then
375 AC_MSG_RESULT(not found)
376 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
378 AC_MSG_RESULT($blibflags)
380 LDFLAGS="$saved_LDFLAGS"
381 dnl Check for authenticate. Might be in libs.a on older AIXes
382 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
383 [Define if you want to enable AIX4's authenticate function])],
384 [AC_CHECK_LIB(s,authenticate,
385 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
389 dnl Check for various auth function declarations in headers.
390 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
391 passwdexpired, setauthdb], , , [#include <usersec.h>])
392 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
393 AC_CHECK_DECLS(loginfailed,
394 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
396 [#include <usersec.h>],
397 [(void)loginfailed("user","host","tty",0);],
399 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
400 [Define if your AIX loginfailed() function
401 takes 4 arguments (AIX >= 5.2)])],
405 [#include <usersec.h>]
407 AC_CHECK_FUNCS(getgrset setauthdb)
408 AC_CHECK_DECL(F_CLOSEM,
409 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
411 [ #include <limits.h>
414 check_for_aix_broken_getaddrinfo=1
415 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
416 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
417 [Define if your platform breaks doing a seteuid before a setuid])
418 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
419 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
420 dnl AIX handles lastlog as part of its login message
421 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
422 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
423 [Some systems need a utmpx entry for /bin/login to work])
424 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
425 [Define to a Set Process Title type if your system is
426 supported by bsd-setproctitle.c])
427 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
428 [AIX 5.2 and 5.3 (and presumably newer) require this])
429 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
432 check_for_libcrypt_later=1
433 LIBS="$LIBS /usr/lib/textreadmode.o"
434 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
435 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
436 AC_DEFINE(DISABLE_SHADOW, 1,
437 [Define if you want to disable shadow passwords])
438 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
439 [Define if your system choked on IP TOS setting])
440 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
441 [Define if X11 doesn't support AF_UNIX sockets on that system])
442 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
443 [Define if the concept of ports only accessible to
444 superusers isn't known])
445 AC_DEFINE(DISABLE_FD_PASSING, 1,
446 [Define if your platform needs to skip post auth
447 file descriptor passing])
450 AC_DEFINE(IP_TOS_IS_BROKEN)
451 AC_DEFINE(SETEUID_BREAKS_SETUID)
452 AC_DEFINE(BROKEN_SETREUID)
453 AC_DEFINE(BROKEN_SETREGID)
456 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
457 AC_DEFINE(BROKEN_GETADDRINFO)
458 AC_DEFINE(SETEUID_BREAKS_SETUID)
459 AC_DEFINE(BROKEN_SETREUID)
460 AC_DEFINE(BROKEN_SETREGID)
461 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
462 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
463 [Define if your resolver libs need this for getrrsetbyname])
464 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
465 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
466 [Use tunnel device compatibility to OpenBSD])
467 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
468 [Prepend the address family to IP tunnel traffic])
469 m4_pattern_allow(AU_IPv)
470 AC_CHECK_DECL(AU_IPv4, [],
471 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
472 [#include <bsm/audit.h>]
474 AC_MSG_CHECKING(if we have the Security Authorization Session API)
475 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
476 [SessionCreate(0, 0);],
477 [ac_cv_use_security_session_api="yes"
478 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
479 [platform has the Security Authorization Session API])
480 LIBS="$LIBS -framework Security"
482 [ac_cv_use_security_session_api="no"
484 AC_MSG_CHECKING(if we have an in-memory credentials cache)
486 [#include <Kerberos/Kerberos.h>],
488 (void) cc_initialize (&c, 0, NULL, NULL);],
489 [AC_DEFINE(USE_CCAPI, 1,
490 [platform uses an in-memory credentials cache])
491 LIBS="$LIBS -framework Security"
493 if test "x$ac_cv_use_security_session_api" = "xno"; then
494 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
500 SSHDLIBS="$SSHDLIBS -lcrypt"
503 # first we define all of the options common to all HP-UX releases
504 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
505 IPADDR_IN_DISPLAY=yes
507 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
508 [Define if your login program cannot handle end of options ("--")])
509 AC_DEFINE(LOGIN_NEEDS_UTMPX)
510 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
511 [String used in /etc/passwd to denote locked account])
512 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
513 MAIL="/var/mail/username"
515 AC_CHECK_LIB(xnet, t_error, ,
516 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
518 # next, we define all of the options specific to major releases
521 if test -z "$GCC"; then
526 AC_DEFINE(PAM_SUN_CODEBASE, 1,
527 [Define if you are using Solaris-derived PAM which
528 passes pam_messages to the conversation function
529 with an extra level of indirection])
530 AC_DEFINE(DISABLE_UTMP, 1,
531 [Define if you don't want to use utmp])
532 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
533 check_for_hpux_broken_getaddrinfo=1
534 check_for_conflicting_getspnam=1
538 # lastly, we define options specific to minor releases
541 AC_DEFINE(HAVE_SECUREWARE, 1,
542 [Define if you have SecureWare-based
543 protected password database])
544 disable_ptmx_check=yes
550 PATH="$PATH:/usr/etc"
551 AC_DEFINE(BROKEN_INET_NTOA, 1,
552 [Define if you system's inet_ntoa is busted
553 (e.g. Irix gcc issue)])
554 AC_DEFINE(SETEUID_BREAKS_SETUID)
555 AC_DEFINE(BROKEN_SETREUID)
556 AC_DEFINE(BROKEN_SETREGID)
557 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
558 [Define if you shouldn't strip 'tty' from your
560 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
563 PATH="$PATH:/usr/etc"
564 AC_DEFINE(WITH_IRIX_ARRAY, 1,
565 [Define if you have/want arrays
566 (cluster-wide session managment, not C arrays)])
567 AC_DEFINE(WITH_IRIX_PROJECT, 1,
568 [Define if you want IRIX project management])
569 AC_DEFINE(WITH_IRIX_AUDIT, 1,
570 [Define if you want IRIX audit trails])
571 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
572 [Define if you want IRIX kernel jobs])])
573 AC_DEFINE(BROKEN_INET_NTOA)
574 AC_DEFINE(SETEUID_BREAKS_SETUID)
575 AC_DEFINE(BROKEN_SETREUID)
576 AC_DEFINE(BROKEN_SETREGID)
577 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
578 AC_DEFINE(WITH_ABBREV_NO_TTY)
579 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
583 check_for_libcrypt_later=1
584 check_for_openpty_ctty_bug=1
585 AC_DEFINE(PAM_TTY_KLUDGE, 1,
586 [Work around problematic Linux PAM modules handling of PAM_TTY])
587 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
588 [String used in /etc/passwd to denote locked account])
589 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
590 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
591 [Define to whatever link() returns for "not supported"
592 if it doesn't return EOPNOTSUPP.])
593 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
595 inet6_default_4in6=yes
598 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
599 [Define if cmsg_type is not passed correctly])
602 # tun(4) forwarding compat code
603 AC_CHECK_HEADERS(linux/if_tun.h)
604 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
605 AC_DEFINE(SSH_TUN_LINUX, 1,
606 [Open tunnel devices the Linux tun/tap way])
607 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
608 [Use tunnel device compatibility to OpenBSD])
609 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
610 [Prepend the address family to IP tunnel traffic])
613 mips-sony-bsd|mips-sony-newsos4)
614 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
618 check_for_libcrypt_before=1
619 if test "x$withval" != "xno" ; then
622 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
623 AC_CHECK_HEADER([net/if_tap.h], ,
624 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
625 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
626 [Prepend the address family to IP tunnel traffic])
629 check_for_libcrypt_later=1
630 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
631 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
632 AC_CHECK_HEADER([net/if_tap.h], ,
633 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
634 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
637 AC_DEFINE(SETEUID_BREAKS_SETUID)
638 AC_DEFINE(BROKEN_SETREUID)
639 AC_DEFINE(BROKEN_SETREGID)
642 conf_lastlog_location="/usr/adm/lastlog"
643 conf_utmp_location=/etc/utmp
644 conf_wtmp_location=/usr/adm/wtmp
646 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
647 AC_DEFINE(BROKEN_REALPATH)
649 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
652 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
653 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
654 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
655 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
656 [syslog_r function is safe to use in in a signal handler])
659 if test "x$withval" != "xno" ; then
662 AC_DEFINE(PAM_SUN_CODEBASE)
663 AC_DEFINE(LOGIN_NEEDS_UTMPX)
664 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
665 [Some versions of /bin/login need the TERM supplied
667 AC_DEFINE(PAM_TTY_KLUDGE)
668 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
669 [Define if pam_chauthtok wants real uid set
670 to the unpriv'ed user])
671 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
672 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
673 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
674 [Define if sshd somehow reacquires a controlling TTY
676 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
677 in case the name is longer than 8 chars])
678 external_path_file=/etc/default/login
679 # hardwire lastlog location (can't detect it on some versions)
680 conf_lastlog_location="/var/adm/lastlog"
681 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
682 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
683 if test "$sol2ver" -ge 8; then
685 AC_DEFINE(DISABLE_UTMP)
686 AC_DEFINE(DISABLE_WTMP, 1,
687 [Define if you don't want to use wtmp])
691 AC_ARG_WITH(solaris-contracts,
692 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
694 AC_CHECK_LIB(contract, ct_tmpl_activate,
695 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
696 [Define if you have Solaris process contracts])
697 SSHDLIBS="$SSHDLIBS -lcontract"
704 CPPFLAGS="$CPPFLAGS -DSUNOS4"
705 AC_CHECK_FUNCS(getpwanam)
706 AC_DEFINE(PAM_SUN_CODEBASE)
707 conf_utmp_location=/etc/utmp
708 conf_wtmp_location=/var/adm/wtmp
709 conf_lastlog_location=/var/adm/lastlog
715 AC_DEFINE(SSHD_ACQUIRES_CTTY)
716 AC_DEFINE(SETEUID_BREAKS_SETUID)
717 AC_DEFINE(BROKEN_SETREUID)
718 AC_DEFINE(BROKEN_SETREGID)
721 # /usr/ucblib MUST NOT be searched on ReliantUNIX
722 AC_CHECK_LIB(dl, dlsym, ,)
723 # -lresolv needs to be at the end of LIBS or DNS lookups break
724 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
725 IPADDR_IN_DISPLAY=yes
727 AC_DEFINE(IP_TOS_IS_BROKEN)
728 AC_DEFINE(SETEUID_BREAKS_SETUID)
729 AC_DEFINE(BROKEN_SETREUID)
730 AC_DEFINE(BROKEN_SETREGID)
731 AC_DEFINE(SSHD_ACQUIRES_CTTY)
732 external_path_file=/etc/default/login
733 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
734 # Attention: always take care to bind libsocket and libnsl before libc,
735 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
737 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
740 AC_DEFINE(SETEUID_BREAKS_SETUID)
741 AC_DEFINE(BROKEN_SETREUID)
742 AC_DEFINE(BROKEN_SETREGID)
743 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
744 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
746 # UnixWare 7.x, OpenUNIX 8
748 check_for_libcrypt_later=1
749 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
751 AC_DEFINE(SETEUID_BREAKS_SETUID)
752 AC_DEFINE(BROKEN_SETREUID)
753 AC_DEFINE(BROKEN_SETREGID)
754 AC_DEFINE(PASSWD_NEEDS_USERNAME)
756 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
757 TEST_SHELL=/u95/bin/sh
758 AC_DEFINE(BROKEN_LIBIAF, 1,
759 [ia_uinfo routines not supported by OS yet])
760 AC_DEFINE(BROKEN_UPDWTMPX)
762 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
768 # SCO UNIX and OEM versions of SCO UNIX
770 AC_MSG_ERROR("This Platform is no longer supported.")
774 if test -z "$GCC"; then
775 CFLAGS="$CFLAGS -belf"
777 LIBS="$LIBS -lprot -lx -ltinfo -lm"
780 AC_DEFINE(HAVE_SECUREWARE)
781 AC_DEFINE(DISABLE_SHADOW)
782 AC_DEFINE(DISABLE_FD_PASSING)
783 AC_DEFINE(SETEUID_BREAKS_SETUID)
784 AC_DEFINE(BROKEN_SETREUID)
785 AC_DEFINE(BROKEN_SETREGID)
786 AC_DEFINE(WITH_ABBREV_NO_TTY)
787 AC_DEFINE(BROKEN_UPDWTMPX)
788 AC_DEFINE(PASSWD_NEEDS_USERNAME)
789 AC_CHECK_FUNCS(getluid setluid)
794 AC_DEFINE(NO_SSH_LASTLOG, 1,
795 [Define if you don't want to use lastlog in session.c])
796 AC_DEFINE(SETEUID_BREAKS_SETUID)
797 AC_DEFINE(BROKEN_SETREUID)
798 AC_DEFINE(BROKEN_SETREGID)
800 AC_DEFINE(DISABLE_FD_PASSING)
802 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
806 AC_DEFINE(SETEUID_BREAKS_SETUID)
807 AC_DEFINE(BROKEN_SETREUID)
808 AC_DEFINE(BROKEN_SETREGID)
809 AC_DEFINE(WITH_ABBREV_NO_TTY)
811 AC_DEFINE(DISABLE_FD_PASSING)
813 LIBS="$LIBS -lgen -lacid -ldb"
817 AC_DEFINE(SETEUID_BREAKS_SETUID)
818 AC_DEFINE(BROKEN_SETREUID)
819 AC_DEFINE(BROKEN_SETREGID)
821 AC_DEFINE(DISABLE_FD_PASSING)
822 AC_DEFINE(NO_SSH_LASTLOG)
823 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
824 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
828 AC_MSG_CHECKING(for Digital Unix SIA)
831 [ --with-osfsia Enable Digital Unix SIA],
833 if test "x$withval" = "xno" ; then
834 AC_MSG_RESULT(disabled)
839 if test -z "$no_osfsia" ; then
840 if test -f /etc/sia/matrix.conf; then
842 AC_DEFINE(HAVE_OSF_SIA, 1,
843 [Define if you have Digital Unix Security
844 Integration Architecture])
845 AC_DEFINE(DISABLE_LOGIN, 1,
846 [Define if you don't want to use your
847 system's login() call])
848 AC_DEFINE(DISABLE_FD_PASSING)
849 LIBS="$LIBS -lsecurity -ldb -lm -laud"
853 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
854 [String used in /etc/passwd to denote locked account])
857 AC_DEFINE(BROKEN_GETADDRINFO)
858 AC_DEFINE(SETEUID_BREAKS_SETUID)
859 AC_DEFINE(BROKEN_SETREUID)
860 AC_DEFINE(BROKEN_SETREGID)
861 AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
866 AC_DEFINE(NO_X11_UNIX_SOCKETS)
867 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
868 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
869 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
870 AC_DEFINE(DISABLE_LASTLOG)
871 AC_DEFINE(SSHD_ACQUIRES_CTTY)
872 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
873 enable_etc_default_login=no # has incompatible /etc/default/login
876 AC_DEFINE(DISABLE_FD_PASSING)
882 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
883 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
884 AC_DEFINE(NEED_SETPGRP)
885 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
889 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
890 AC_DEFINE(MISSING_HOWMANY)
891 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
895 AC_MSG_CHECKING(compiler and flags for sanity)
901 [ AC_MSG_RESULT(yes) ],
904 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
906 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
909 dnl Checks for header files.
910 # Checks for libraries.
911 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
912 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
914 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
915 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
916 AC_CHECK_LIB(gen, dirname,[
917 AC_CACHE_CHECK([for broken dirname],
918 ac_cv_have_broken_dirname, [
926 int main(int argc, char **argv) {
929 strncpy(buf,"/etc", 32);
931 if (!s || strncmp(s, "/", 32) != 0) {
938 [ ac_cv_have_broken_dirname="no" ],
939 [ ac_cv_have_broken_dirname="yes" ],
940 [ ac_cv_have_broken_dirname="no" ],
944 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
946 AC_DEFINE(HAVE_DIRNAME)
947 AC_CHECK_HEADERS(libgen.h)
952 AC_CHECK_FUNC(getspnam, ,
953 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
954 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
955 [Define if you have the basename function.]))
959 [ --with-zlib=PATH Use zlib in PATH],
960 [ if test "x$withval" = "xno" ; then
961 AC_MSG_ERROR([*** zlib is required ***])
962 elif test "x$withval" != "xyes"; then
963 if test -d "$withval/lib"; then
964 if test -n "${need_dash_r}"; then
965 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
967 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
970 if test -n "${need_dash_r}"; then
971 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
973 LDFLAGS="-L${withval} ${LDFLAGS}"
976 if test -d "$withval/include"; then
977 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
979 CPPFLAGS="-I${withval} ${CPPFLAGS}"
984 AC_CHECK_LIB(z, deflate, ,
986 saved_CPPFLAGS="$CPPFLAGS"
987 saved_LDFLAGS="$LDFLAGS"
989 dnl Check default zlib install dir
990 if test -n "${need_dash_r}"; then
991 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
993 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
995 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
997 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
999 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
1004 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
1006 AC_ARG_WITH(zlib-version-check,
1007 [ --without-zlib-version-check Disable zlib version check],
1008 [ if test "x$withval" = "xno" ; then
1009 zlib_check_nonfatal=1
1014 AC_MSG_CHECKING(for possibly buggy zlib)
1015 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1020 int a=0, b=0, c=0, d=0, n, v;
1021 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1022 if (n != 3 && n != 4)
1024 v = a*1000000 + b*10000 + c*100 + d;
1025 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1028 if (a == 1 && b == 1 && c >= 4)
1031 /* 1.2.3 and up are OK */
1039 [ AC_MSG_RESULT(yes)
1040 if test -z "$zlib_check_nonfatal" ; then
1041 AC_MSG_ERROR([*** zlib too old - check config.log ***
1042 Your reported zlib version has known security problems. It's possible your
1043 vendor has fixed these problems without changing the version number. If you
1044 are sure this is the case, you can disable the check by running
1045 "./configure --without-zlib-version-check".
1046 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1047 See http://www.gzip.org/zlib/ for details.])
1049 AC_MSG_WARN([zlib version may have security problems])
1052 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1056 AC_CHECK_FUNC(strcasecmp,
1057 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1059 AC_CHECK_FUNCS(utimes,
1060 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1061 LIBS="$LIBS -lc89"]) ]
1064 dnl Checks for libutil functions
1065 AC_CHECK_HEADERS(libutil.h)
1066 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1067 [Define if your libraries define login()])])
1068 AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
1072 # Check for ALTDIRFUNC glob() extension
1073 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1074 AC_EGREP_CPP(FOUNDIT,
1077 #ifdef GLOB_ALTDIRFUNC
1082 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1083 [Define if your system glob() function has
1084 the GLOB_ALTDIRFUNC extension])
1092 # Check for g.gl_matchc glob() extension
1093 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1095 [ #include <glob.h> ],
1096 [glob_t g; g.gl_matchc = 1;],
1098 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1099 [Define if your system glob() function has
1100 gl_matchc options in glob_t])
1108 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1110 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1113 #include <sys/types.h>
1115 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1117 [AC_MSG_RESULT(yes)],
1120 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1121 [Define if your struct dirent expects you to
1122 allocate extra space for d_name])
1125 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1126 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1130 <<<<<<< configure.ac
1131 # Check whether the user wants GSSAPI mechglue support
1132 AC_ARG_WITH(mechglue,
1133 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1135 AC_MSG_CHECKING(for mechglue library)
1137 if test -e ${withval}/libgssapi.a ; then
1138 mechglue_lib=${withval}/libgssapi.a
1139 elif test -e ${withval}/lib/libgssapi.a ; then
1140 mechglue_lib=${withval}/lib/libgssapi.a
1142 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1144 LIBS="$LIBS ${mechglue_lib}"
1145 AC_MSG_RESULT(${mechglue_lib})
1147 AC_CHECK_LIB(dl, dlopen, , )
1148 if test $ac_cv_lib_dl_dlopen = yes; then
1149 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1153 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1160 # Check whether the user wants GSI (Globus) support
1163 [ --with-gsi Enable Globus GSI authentication support],
1170 [ --with-globus Enable Globus GSI authentication support],
1176 AC_ARG_WITH(globus-static,
1177 [ --with-globus-static Link statically with Globus GSI libraries],
1180 if test "x$gsi_path" = "xno" ; then
1186 # Check whether the user has a Globus flavor type
1187 globus_flavor_type="no"
1188 AC_ARG_WITH(globus-flavor,
1189 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
1191 globus_flavor_type="$withval"
1192 if test "x$gsi_path" = "xno" ; then
1198 if test "x$gsi_path" != "xno" ; then
1199 # Globus GSSAPI configuration
1200 AC_MSG_CHECKING(for Globus GSI)
1201 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
1203 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
1204 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1206 if test -z "$GSSAPI"; then
1211 if test "x$gsi_path" = "xyes" ; then
1212 if test -z "$GLOBUS_LOCATION" ; then
1213 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
1215 gsi_path="$GLOBUS_LOCATION"
1218 GLOBUS_LOCATION="$gsi_path"
1219 export GLOBUS_LOCATION
1220 if test ! -d "$GLOBUS_LOCATION" ; then
1221 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1224 if test "x$globus_flavor_type" = "xno" ; then
1225 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1227 if test "x$globus_flavor_type" = "xyes" ; then
1228 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1232 AC_MSG_CHECKING(for Globus include path)
1233 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1234 if test ! -d "$GLOBUS_INCLUDE" ; then
1235 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1237 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
1241 # Find GPT linkline helper
1244 AC_MSG_CHECKING(for GPT linkline helper)
1245 if test -x $GPT_LOCATION/sbin/gpt_build_config ; then
1246 gpt_linkline_helper="$GPT_LOCATION/sbin/gpt_build_config"
1247 elif test -x ${gsi_path}/sbin/gpt_build_config ; then
1248 gpt_linkline_helper="${gsi_path}/sbin/gpt_build_config"
1250 AC_MSG_ERROR(Cannot find gpt_build_config: GPT installation is incomplete)
1255 # Build Globus linkline
1258 if test -n "${gsi_static}"; then
1259 ${gpt_linkline_helper} -f ${globus_flavor_type} -link static -src pkg_data_src.gpt
1261 ${gpt_linkline_helper} -f ${globus_flavor_type} -link shared -src pkg_data_src.gpt
1263 . ./gpt_build_temp.sh
1264 if test -n "${need_dash_r}"; then
1265 GSI_LDFLAGS="-L${gsi_path}/lib -R${gsi_path}/lib"
1267 GSI_LDFLAGS="-L${gsi_path}/lib"
1269 GSI_LIBS="$GPT_CONFIG_PGM_LINKS"
1270 LD_LIBRARY_PATH="${gsi_path}/lib:$LD_LIBRARY_PATH"; export LD_LIBRARY_PATH
1273 # Test Globus linkline
1276 AC_MSG_CHECKING(for Globus linkline)
1277 if test -z "$GSI_LIBS" ; then
1278 AC_MSG_ERROR(gpt_build_config failed)
1282 AC_DEFINE(HAVE_GSSAPI_H)
1284 LIBS="$LIBS $GSI_LIBS $GPT_CONFIG_LIBS"
1285 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1286 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS $GPT_CONFIG_INCLUDES"
1287 CFLAGS="$CFLAGS $GPT_CONFIG_CFLAGS"
1289 AC_MSG_CHECKING(that Globus linkline works)
1290 # test that we got the libraries OK
1298 AC_MSG_ERROR(link with Globus libraries failed)
1301 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1302 INSTALL_GSISSH="yes"
1306 # End Globus/GSI section
1308 AC_MSG_CHECKING([for /proc/pid/fd directory])
1309 if test -d "/proc/$$/fd" ; then
1310 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1316 # Check whether user wants S/Key support
1319 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1321 if test "x$withval" != "xno" ; then
1323 if test "x$withval" != "xyes" ; then
1324 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1325 LDFLAGS="$LDFLAGS -L${withval}/lib"
1328 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1332 AC_MSG_CHECKING([for s/key support])
1337 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1339 [AC_MSG_RESULT(yes)],
1342 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1344 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1348 [(void)skeychallenge(NULL,"name","",0);],
1350 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1351 [Define if your skeychallenge()
1352 function takes 4 arguments (NetBSD)])],
1359 # Check whether user wants TCP wrappers support
1361 AC_ARG_WITH(tcp-wrappers,
1362 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1364 if test "x$withval" != "xno" ; then
1366 saved_LDFLAGS="$LDFLAGS"
1367 saved_CPPFLAGS="$CPPFLAGS"
1368 if test -n "${withval}" && \
1369 test "x${withval}" != "xyes"; then
1370 if test -d "${withval}/lib"; then
1371 if test -n "${need_dash_r}"; then
1372 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1374 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1377 if test -n "${need_dash_r}"; then
1378 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1380 LDFLAGS="-L${withval} ${LDFLAGS}"
1383 if test -d "${withval}/include"; then
1384 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1386 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1390 AC_MSG_CHECKING(for libwrap)
1393 #include <sys/types.h>
1394 #include <sys/socket.h>
1395 #include <netinet/in.h>
1397 int deny_severity = 0, allow_severity = 0;
1402 AC_DEFINE(LIBWRAP, 1,
1404 TCP Wrappers support])
1405 SSHDLIBS="$SSHDLIBS -lwrap"
1409 AC_MSG_ERROR([*** libwrap missing])
1417 # Check whether user wants libedit support
1419 AC_ARG_WITH(libedit,
1420 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1421 [ if test "x$withval" != "xno" ; then
1422 if test "x$withval" != "xyes"; then
1423 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1424 if test -n "${need_dash_r}"; then
1425 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1427 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1430 AC_CHECK_LIB(edit, el_init,
1431 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1432 LIBEDIT="-ledit -lcurses"
1436 [ AC_MSG_ERROR(libedit not found) ],
1439 AC_MSG_CHECKING(if libedit version is compatible)
1442 #include <histedit.h>
1446 el_init("", NULL, NULL, NULL);
1450 [ AC_MSG_RESULT(yes) ],
1452 AC_MSG_ERROR(libedit version is not compatible) ]
1459 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1461 AC_MSG_CHECKING(for supported audit module)
1466 dnl Checks for headers, libs and functions
1467 AC_CHECK_HEADERS(bsm/audit.h, [],
1468 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1475 AC_CHECK_LIB(bsm, getaudit, [],
1476 [AC_MSG_ERROR(BSM enabled and required library not found)])
1477 AC_CHECK_FUNCS(getaudit, [],
1478 [AC_MSG_ERROR(BSM enabled and required function not found)])
1479 # These are optional
1480 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1481 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1485 AC_MSG_RESULT(debug)
1486 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1492 AC_MSG_ERROR([Unknown audit module $withval])
1497 dnl Checks for library functions. Please keep in alphabetical order
1501 arc4random_uniform \
1590 # IRIX has a const char return value for gai_strerror()
1591 AC_CHECK_FUNCS(gai_strerror,[
1592 AC_DEFINE(HAVE_GAI_STRERROR)
1594 #include <sys/types.h>
1595 #include <sys/socket.h>
1598 const char *gai_strerror(int);],[
1601 str = gai_strerror(0);],[
1602 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1603 [Define if gai_strerror() returns const char *])])])
1605 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1606 [Some systems put nanosleep outside of libc]))
1608 dnl Make sure prototypes are defined for these before using them.
1609 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1610 AC_CHECK_DECL(strsep,
1611 [AC_CHECK_FUNCS(strsep)],
1614 #ifdef HAVE_STRING_H
1615 # include <string.h>
1619 dnl tcsendbreak might be a macro
1620 AC_CHECK_DECL(tcsendbreak,
1621 [AC_DEFINE(HAVE_TCSENDBREAK)],
1622 [AC_CHECK_FUNCS(tcsendbreak)],
1623 [#include <termios.h>]
1626 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1628 AC_CHECK_DECLS(SHUT_RD, , ,
1630 #include <sys/types.h>
1631 #include <sys/socket.h>
1634 AC_CHECK_DECLS(O_NONBLOCK, , ,
1636 #include <sys/types.h>
1637 #ifdef HAVE_SYS_STAT_H
1638 # include <sys/stat.h>
1645 AC_CHECK_DECLS(writev, , , [
1646 #include <sys/types.h>
1647 #include <sys/uio.h>
1651 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1652 #include <sys/param.h>
1655 AC_CHECK_DECLS(offsetof, , , [
1659 AC_CHECK_FUNCS(setresuid, [
1660 dnl Some platorms have setresuid that isn't implemented, test for this
1661 AC_MSG_CHECKING(if setresuid seems to work)
1666 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1668 [AC_MSG_RESULT(yes)],
1669 [AC_DEFINE(BROKEN_SETRESUID, 1,
1670 [Define if your setresuid() is broken])
1671 AC_MSG_RESULT(not implemented)],
1672 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1676 AC_CHECK_FUNCS(setresgid, [
1677 dnl Some platorms have setresgid that isn't implemented, test for this
1678 AC_MSG_CHECKING(if setresgid seems to work)
1683 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1685 [AC_MSG_RESULT(yes)],
1686 [AC_DEFINE(BROKEN_SETRESGID, 1,
1687 [Define if your setresgid() is broken])
1688 AC_MSG_RESULT(not implemented)],
1689 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1693 dnl Checks for time functions
1694 AC_CHECK_FUNCS(gettimeofday time)
1695 dnl Checks for utmp functions
1696 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1697 AC_CHECK_FUNCS(utmpname)
1698 dnl Checks for utmpx functions
1699 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1700 AC_CHECK_FUNCS(setutxent utmpxname)
1702 AC_CHECK_FUNC(daemon,
1703 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1704 [AC_CHECK_LIB(bsd, daemon,
1705 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1708 AC_CHECK_FUNC(getpagesize,
1709 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1710 [Define if your libraries define getpagesize()])],
1711 [AC_CHECK_LIB(ucb, getpagesize,
1712 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1715 # Check for broken snprintf
1716 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1717 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1721 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1723 [AC_MSG_RESULT(yes)],
1726 AC_DEFINE(BROKEN_SNPRINTF, 1,
1727 [Define if your snprintf is busted])
1728 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1730 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1734 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1735 # returning the right thing on overflow: the number of characters it tried to
1736 # create (as per SUSv3)
1737 if test "x$ac_cv_func_asprintf" != "xyes" && \
1738 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1739 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1742 #include <sys/types.h>
1746 int x_snprintf(char *str,size_t count,const char *fmt,...)
1748 size_t ret; va_list ap;
1749 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1755 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1757 [AC_MSG_RESULT(yes)],
1760 AC_DEFINE(BROKEN_SNPRINTF, 1,
1761 [Define if your snprintf is busted])
1762 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1764 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1768 # On systems where [v]snprintf is broken, but is declared in stdio,
1769 # check that the fmt argument is const char * or just char *.
1770 # This is only useful for when BROKEN_SNPRINTF
1771 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1772 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1773 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1774 int main(void) { snprintf(0, 0, 0); }
1777 AC_DEFINE(SNPRINTF_CONST, [const],
1778 [Define as const if snprintf() can declare const char *fmt])],
1780 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1782 # Check for missing getpeereid (or equiv) support
1784 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1785 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1787 [#include <sys/types.h>
1788 #include <sys/socket.h>],
1789 [int i = SO_PEERCRED;],
1790 [ AC_MSG_RESULT(yes)
1791 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1798 dnl see whether mkstemp() requires XXXXXX
1799 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1800 AC_MSG_CHECKING([for (overly) strict mkstemp])
1804 main() { char template[]="conftest.mkstemp-test";
1805 if (mkstemp(template) == -1)
1807 unlink(template); exit(0);
1815 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1819 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1824 dnl make sure that openpty does not reacquire controlling terminal
1825 if test ! -z "$check_for_openpty_ctty_bug"; then
1826 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1830 #include <sys/fcntl.h>
1831 #include <sys/types.h>
1832 #include <sys/wait.h>
1838 int fd, ptyfd, ttyfd, status;
1841 if (pid < 0) { /* failed */
1843 } else if (pid > 0) { /* parent */
1844 waitpid(pid, &status, 0);
1845 if (WIFEXITED(status))
1846 exit(WEXITSTATUS(status));
1849 } else { /* child */
1850 close(0); close(1); close(2);
1852 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1853 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1855 exit(3); /* Acquired ctty: broken */
1857 exit(0); /* Did not acquire ctty: OK */
1866 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1869 AC_MSG_RESULT(cross-compiling, assuming yes)
1874 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1875 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1876 AC_MSG_CHECKING(if getaddrinfo seems to work)
1880 #include <sys/socket.h>
1883 #include <netinet/in.h>
1885 #define TEST_PORT "2222"
1891 struct addrinfo *gai_ai, *ai, hints;
1892 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1894 memset(&hints, 0, sizeof(hints));
1895 hints.ai_family = PF_UNSPEC;
1896 hints.ai_socktype = SOCK_STREAM;
1897 hints.ai_flags = AI_PASSIVE;
1899 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1901 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1905 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1906 if (ai->ai_family != AF_INET6)
1909 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1910 sizeof(ntop), strport, sizeof(strport),
1911 NI_NUMERICHOST|NI_NUMERICSERV);
1914 if (err == EAI_SYSTEM)
1915 perror("getnameinfo EAI_SYSTEM");
1917 fprintf(stderr, "getnameinfo failed: %s\n",
1922 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1925 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1938 AC_DEFINE(BROKEN_GETADDRINFO)
1941 AC_MSG_RESULT(cross-compiling, assuming yes)
1946 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1947 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1948 AC_MSG_CHECKING(if getaddrinfo seems to work)
1952 #include <sys/socket.h>
1955 #include <netinet/in.h>
1957 #define TEST_PORT "2222"
1963 struct addrinfo *gai_ai, *ai, hints;
1964 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1966 memset(&hints, 0, sizeof(hints));
1967 hints.ai_family = PF_UNSPEC;
1968 hints.ai_socktype = SOCK_STREAM;
1969 hints.ai_flags = AI_PASSIVE;
1971 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1973 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1977 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1978 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1981 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1982 sizeof(ntop), strport, sizeof(strport),
1983 NI_NUMERICHOST|NI_NUMERICSERV);
1985 if (ai->ai_family == AF_INET && err != 0) {
1986 perror("getnameinfo");
1995 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1996 [Define if you have a getaddrinfo that fails
1997 for the all-zeros IPv6 address])
2001 AC_DEFINE(BROKEN_GETADDRINFO)
2004 AC_MSG_RESULT(cross-compiling, assuming no)
2009 if test "x$check_for_conflicting_getspnam" = "x1"; then
2010 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
2014 int main(void) {exit(0);}
2021 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
2022 [Conflicting defs for getspnam])
2029 # Search for OpenSSL
2030 saved_CPPFLAGS="$CPPFLAGS"
2031 saved_LDFLAGS="$LDFLAGS"
2032 AC_ARG_WITH(ssl-dir,
2033 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2035 if test "x$withval" != "xno" ; then
2038 ./*|../*) withval="`pwd`/$withval"
2040 if test -d "$withval/lib"; then
2041 if test -n "${need_dash_r}"; then
2042 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2044 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2047 if test -n "${need_dash_r}"; then
2048 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2050 LDFLAGS="-L${withval} ${LDFLAGS}"
2053 if test -d "$withval/include"; then
2054 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2056 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2062 if test -z "$GSI_LIBS" ; then
2063 LIBS="-lcrypto $LIBS"
2065 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
2066 [Define if your ssl headers are included
2067 with #include <openssl/header.h>]),
2069 dnl Check default openssl install dir
2070 if test -n "${need_dash_r}"; then
2071 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2073 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2075 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2076 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2078 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2084 # Determine OpenSSL header version
2085 AC_MSG_CHECKING([OpenSSL header version])
2090 #include <openssl/opensslv.h>
2091 #define DATA "conftest.sslincver"
2096 fd = fopen(DATA,"w");
2100 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2107 ssl_header_ver=`cat conftest.sslincver`
2108 AC_MSG_RESULT($ssl_header_ver)
2111 AC_MSG_RESULT(not found)
2112 AC_MSG_ERROR(OpenSSL version header not found.)
2115 AC_MSG_WARN([cross compiling: not checking])
2119 # Determine OpenSSL library version
2120 AC_MSG_CHECKING([OpenSSL library version])
2125 #include <openssl/opensslv.h>
2126 #include <openssl/crypto.h>
2127 #define DATA "conftest.ssllibver"
2132 fd = fopen(DATA,"w");
2136 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2143 ssl_library_ver=`cat conftest.ssllibver`
2144 AC_MSG_RESULT($ssl_library_ver)
2147 AC_MSG_RESULT(not found)
2148 AC_MSG_ERROR(OpenSSL library not found.)
2151 AC_MSG_WARN([cross compiling: not checking])
2155 AC_ARG_WITH(openssl-header-check,
2156 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2157 [ if test "x$withval" = "xno" ; then
2158 openssl_check_nonfatal=1
2163 # Sanity check OpenSSL headers
2164 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2168 #include <openssl/opensslv.h>
2169 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2176 if test "x$openssl_check_nonfatal" = "x"; then
2177 AC_MSG_ERROR([Your OpenSSL headers do not match your
2178 library. Check config.log for details.
2179 If you are sure your installation is consistent, you can disable the check
2180 by running "./configure --without-openssl-header-check".
2181 Also see contrib/findssl.sh for help identifying header/library mismatches.
2184 AC_MSG_WARN([Your OpenSSL headers do not match your
2185 library. Check config.log for details.
2186 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2190 AC_MSG_WARN([cross compiling: not checking])
2194 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2197 #include <openssl/evp.h>
2198 int main(void) { SSLeay_add_all_algorithms(); }
2207 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2210 #include <openssl/evp.h>
2211 int main(void) { SSLeay_add_all_algorithms(); }
2224 AC_ARG_WITH(ssl-engine,
2225 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2226 [ if test "x$withval" != "xno" ; then
2227 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2229 [ #include <openssl/engine.h>],
2231 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2233 [ AC_MSG_RESULT(yes)
2234 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2235 [Enable OpenSSL engine support])
2237 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2242 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2243 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2247 #include <openssl/evp.h>
2248 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2255 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2256 [libcrypto is missing AES 192 and 256 bit functions])
2260 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2261 # because the system crypt() is more featureful.
2262 if test "x$check_for_libcrypt_before" = "x1"; then
2263 AC_CHECK_LIB(crypt, crypt)
2266 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2267 # version in OpenSSL.
2268 if test "x$check_for_libcrypt_later" = "x1"; then
2269 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2272 # Search for SHA256 support in libc and/or OpenSSL
2273 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2276 AC_CHECK_LIB(iaf, ia_openinfo, [
2278 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2279 AC_DEFINE(HAVE_LIBIAF, 1,
2280 [Define if system has libiaf that supports set_id])
2285 ### Configure cryptographic random number support
2287 # Check wheter OpenSSL seeds itself
2288 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2292 #include <openssl/rand.h>
2293 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2296 OPENSSL_SEEDS_ITSELF=yes
2301 # Default to use of the rand helper if OpenSSL doesn't
2306 AC_MSG_WARN([cross compiling: assuming yes])
2307 # This is safe, since all recent OpenSSL versions will
2308 # complain at runtime if not seeded correctly.
2309 OPENSSL_SEEDS_ITSELF=yes
2313 # Check for PAM libs
2316 [ --with-pam Enable PAM support ],
2318 if test "x$withval" != "xno" ; then
2319 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2320 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2321 AC_MSG_ERROR([PAM headers not found])
2325 AC_CHECK_LIB(dl, dlopen, , )
2326 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2327 AC_CHECK_FUNCS(pam_getenvlist)
2328 AC_CHECK_FUNCS(pam_putenv)
2333 SSHDLIBS="$SSHDLIBS -lpam"
2334 AC_DEFINE(USE_PAM, 1,
2335 [Define if you want to enable PAM support])
2337 if test $ac_cv_lib_dl_dlopen = yes; then
2340 # libdl already in LIBS
2343 SSHDLIBS="$SSHDLIBS -ldl"
2351 AC_CHECK_LIB(dl, dlopen, , )
2352 AC_CHECK_LIB(pam, pam_set_item, , )
2353 AC_CHECK_FUNCS(pam_getenvlist)
2354 AC_CHECK_FUNCS(pam_putenv)
2357 if (test "x$ac_cv_header_security_pam_appl_h" = "xyes" || \
2358 test "x$ac_cv_header_pam_pam_appl_h" = "xyes") &&
2359 test "x$ac_cv_lib_pam_pam_set_item" = "xyes" ; then
2365 if test $ac_cv_lib_dl_dlopen = yes; then
2368 # libdl already in LIBS
2371 LIBPAM="$LIBPAM -ldl"
2380 # Check for older PAM
2381 if test "x$PAM_MSG" = "xyes" ; then
2382 # Check PAM strerror arguments (old PAM)
2383 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2387 #if defined(HAVE_SECURITY_PAM_APPL_H)
2388 #include <security/pam_appl.h>
2389 #elif defined (HAVE_PAM_PAM_APPL_H)
2390 #include <pam/pam_appl.h>
2393 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2394 [AC_MSG_RESULT(no)],
2396 AC_DEFINE(HAVE_OLD_PAM, 1,
2397 [Define if you have an old version of PAM
2398 which takes only one argument to pam_strerror])
2400 PAM_MSG="yes (old library)"
2405 # Do we want to force the use of the rand helper?
2406 AC_ARG_WITH(rand-helper,
2407 [ --with-rand-helper Use subprocess to gather strong randomness ],
2409 if test "x$withval" = "xno" ; then
2410 # Force use of OpenSSL's internal RNG, even if
2411 # the previous test showed it to be unseeded.
2412 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2413 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2414 OPENSSL_SEEDS_ITSELF=yes
2423 # Which randomness source do we use?
2424 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2426 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2427 [Define if you want OpenSSL's internally seeded PRNG only])
2428 RAND_MSG="OpenSSL internal ONLY"
2429 INSTALL_SSH_RAND_HELPER=""
2430 elif test ! -z "$USE_RAND_HELPER" ; then
2431 # install rand helper
2432 RAND_MSG="ssh-rand-helper"
2433 INSTALL_SSH_RAND_HELPER="yes"
2435 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2437 ### Configuration of ssh-rand-helper
2440 AC_ARG_WITH(prngd-port,
2441 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2450 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2453 if test ! -z "$withval" ; then
2454 PRNGD_PORT="$withval"
2455 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2456 [Port number of PRNGD/EGD random number socket])
2461 # PRNGD Unix domain socket
2462 AC_ARG_WITH(prngd-socket,
2463 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2467 withval="/var/run/egd-pool"
2475 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2479 if test ! -z "$withval" ; then
2480 if test ! -z "$PRNGD_PORT" ; then
2481 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2483 if test ! -r "$withval" ; then
2484 AC_MSG_WARN(Entropy socket is not readable)
2486 PRNGD_SOCKET="$withval"
2487 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2488 [Location of PRNGD/EGD random number socket])
2492 # Check for existing socket only if we don't have a random device already
2493 if test "$USE_RAND_HELPER" = yes ; then
2494 AC_MSG_CHECKING(for PRNGD/EGD socket)
2495 # Insert other locations here
2496 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2497 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2498 PRNGD_SOCKET="$sock"
2499 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2503 if test ! -z "$PRNGD_SOCKET" ; then
2504 AC_MSG_RESULT($PRNGD_SOCKET)
2506 AC_MSG_RESULT(not found)
2512 # Change default command timeout for hashing entropy source
2514 AC_ARG_WITH(entropy-timeout,
2515 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2517 if test -n "$withval" && test "x$withval" != "xno" && \
2518 test "x${withval}" != "xyes"; then
2519 entropy_timeout=$withval
2523 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2524 [Builtin PRNG command timeout])
2526 SSH_PRIVSEP_USER=sshd
2527 AC_ARG_WITH(privsep-user,
2528 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2530 if test -n "$withval" && test "x$withval" != "xno" && \
2531 test "x${withval}" != "xyes"; then
2532 SSH_PRIVSEP_USER=$withval
2536 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2537 [non-privileged user for privilege separation])
2538 AC_SUBST(SSH_PRIVSEP_USER)
2540 # We do this little dance with the search path to insure
2541 # that programs that we select for use by installed programs
2542 # (which may be run by the super-user) come from trusted
2543 # locations before they come from the user's private area.
2544 # This should help avoid accidentally configuring some
2545 # random version of a program in someone's personal bin.
2549 test -h /bin 2> /dev/null && PATH=/usr/bin
2550 test -d /sbin && PATH=$PATH:/sbin
2551 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2552 PATH=$PATH:/etc:$OPATH
2554 # These programs are used by the command hashing source to gather entropy
2555 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2556 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2557 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2558 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2559 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2560 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2561 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2562 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2563 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2564 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2565 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2566 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2567 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2568 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2569 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2570 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2574 # Where does ssh-rand-helper get its randomness from?
2575 INSTALL_SSH_PRNG_CMDS=""
2576 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2577 if test ! -z "$PRNGD_PORT" ; then
2578 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2579 elif test ! -z "$PRNGD_SOCKET" ; then
2580 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2582 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2583 RAND_HELPER_CMDHASH=yes
2584 INSTALL_SSH_PRNG_CMDS="yes"
2587 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2590 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2591 if test ! -z "$SONY" ; then
2592 LIBS="$LIBS -liberty";
2595 # Check for long long datatypes
2596 AC_CHECK_TYPES([long long, unsigned long long, long double])
2598 # Check datatype sizes
2599 AC_CHECK_SIZEOF(char, 1)
2600 AC_CHECK_SIZEOF(short int, 2)
2601 AC_CHECK_SIZEOF(int, 4)
2602 AC_CHECK_SIZEOF(long int, 4)
2603 AC_CHECK_SIZEOF(long long int, 8)
2605 # Sanity check long long for some platforms (AIX)
2606 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2607 ac_cv_sizeof_long_long_int=0
2610 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2611 if test -z "$have_llong_max"; then
2612 AC_MSG_CHECKING([for max value of long long])
2616 /* Why is this so damn hard? */
2620 #define __USE_ISOC99
2622 #define DATA "conftest.llminmax"
2623 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2626 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2627 * we do this the hard way.
2630 fprint_ll(FILE *f, long long n)
2633 int l[sizeof(long long) * 8];
2636 if (fprintf(f, "-") < 0)
2638 for (i = 0; n != 0; i++) {
2639 l[i] = my_abs(n % 10);
2643 if (fprintf(f, "%d", l[--i]) < 0)
2646 if (fprintf(f, " ") < 0)
2653 long long i, llmin, llmax = 0;
2655 if((f = fopen(DATA,"w")) == NULL)
2658 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2659 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2663 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2664 /* This will work on one's complement and two's complement */
2665 for (i = 1; i > llmax; i <<= 1, i++)
2667 llmin = llmax + 1LL; /* wrap */
2671 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2672 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2673 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2674 fprintf(f, "unknown unknown\n");
2678 if (fprint_ll(f, llmin) < 0)
2680 if (fprint_ll(f, llmax) < 0)
2688 llong_min=`$AWK '{print $1}' conftest.llminmax`
2689 llong_max=`$AWK '{print $2}' conftest.llminmax`
2691 AC_MSG_RESULT($llong_max)
2692 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2693 [max value of long long calculated by configure])
2694 AC_MSG_CHECKING([for min value of long long])
2695 AC_MSG_RESULT($llong_min)
2696 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2697 [min value of long long calculated by configure])
2700 AC_MSG_RESULT(not found)
2703 AC_MSG_WARN([cross compiling: not checking])
2709 # More checks for data types
2710 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2712 [ #include <sys/types.h> ],
2714 [ ac_cv_have_u_int="yes" ],
2715 [ ac_cv_have_u_int="no" ]
2718 if test "x$ac_cv_have_u_int" = "xyes" ; then
2719 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2723 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2725 [ #include <sys/types.h> ],
2726 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2727 [ ac_cv_have_intxx_t="yes" ],
2728 [ ac_cv_have_intxx_t="no" ]
2731 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2732 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2736 if (test -z "$have_intxx_t" && \
2737 test "x$ac_cv_header_stdint_h" = "xyes")
2739 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2741 [ #include <stdint.h> ],
2742 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2744 AC_DEFINE(HAVE_INTXX_T)
2747 [ AC_MSG_RESULT(no) ]
2751 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2754 #include <sys/types.h>
2755 #ifdef HAVE_STDINT_H
2756 # include <stdint.h>
2758 #include <sys/socket.h>
2759 #ifdef HAVE_SYS_BITYPES_H
2760 # include <sys/bitypes.h>
2763 [ int64_t a; a = 1;],
2764 [ ac_cv_have_int64_t="yes" ],
2765 [ ac_cv_have_int64_t="no" ]
2768 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2769 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2772 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2774 [ #include <sys/types.h> ],
2775 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2776 [ ac_cv_have_u_intxx_t="yes" ],
2777 [ ac_cv_have_u_intxx_t="no" ]
2780 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2781 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2785 if test -z "$have_u_intxx_t" ; then
2786 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2788 [ #include <sys/socket.h> ],
2789 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2791 AC_DEFINE(HAVE_U_INTXX_T)
2794 [ AC_MSG_RESULT(no) ]
2798 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2800 [ #include <sys/types.h> ],
2801 [ u_int64_t a; a = 1;],
2802 [ ac_cv_have_u_int64_t="yes" ],
2803 [ ac_cv_have_u_int64_t="no" ]
2806 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2807 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2811 if test -z "$have_u_int64_t" ; then
2812 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2814 [ #include <sys/bitypes.h> ],
2815 [ u_int64_t a; a = 1],
2817 AC_DEFINE(HAVE_U_INT64_T)
2820 [ AC_MSG_RESULT(no) ]
2824 if test -z "$have_u_intxx_t" ; then
2825 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2828 #include <sys/types.h>
2830 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2831 [ ac_cv_have_uintxx_t="yes" ],
2832 [ ac_cv_have_uintxx_t="no" ]
2835 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2836 AC_DEFINE(HAVE_UINTXX_T, 1,
2837 [define if you have uintxx_t data type])
2841 if test -z "$have_uintxx_t" ; then
2842 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2844 [ #include <stdint.h> ],
2845 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2847 AC_DEFINE(HAVE_UINTXX_T)
2850 [ AC_MSG_RESULT(no) ]
2854 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2855 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2857 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2860 #include <sys/bitypes.h>
2863 int8_t a; int16_t b; int32_t c;
2864 u_int8_t e; u_int16_t f; u_int32_t g;
2865 a = b = c = e = f = g = 1;
2868 AC_DEFINE(HAVE_U_INTXX_T)
2869 AC_DEFINE(HAVE_INTXX_T)
2877 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2880 #include <sys/types.h>
2882 [ u_char foo; foo = 125; ],
2883 [ ac_cv_have_u_char="yes" ],
2884 [ ac_cv_have_u_char="no" ]
2887 if test "x$ac_cv_have_u_char" = "xyes" ; then
2888 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2893 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2894 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
2895 #include <sys/types.h>
2896 #ifdef HAVE_SYS_BITYPES_H
2897 #include <sys/bitypes.h>
2899 #ifdef HAVE_SYS_STATFS_H
2900 #include <sys/statfs.h>
2902 #ifdef HAVE_SYS_STATVFS_H
2903 #include <sys/statvfs.h>
2907 AC_CHECK_TYPES(in_addr_t,,,
2908 [#include <sys/types.h>
2909 #include <netinet/in.h>])
2911 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2914 #include <sys/types.h>
2916 [ size_t foo; foo = 1235; ],
2917 [ ac_cv_have_size_t="yes" ],
2918 [ ac_cv_have_size_t="no" ]
2921 if test "x$ac_cv_have_size_t" = "xyes" ; then
2922 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2925 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2928 #include <sys/types.h>
2930 [ ssize_t foo; foo = 1235; ],
2931 [ ac_cv_have_ssize_t="yes" ],
2932 [ ac_cv_have_ssize_t="no" ]
2935 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2936 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2939 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2944 [ clock_t foo; foo = 1235; ],
2945 [ ac_cv_have_clock_t="yes" ],
2946 [ ac_cv_have_clock_t="no" ]
2949 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2950 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2953 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2956 #include <sys/types.h>
2957 #include <sys/socket.h>
2959 [ sa_family_t foo; foo = 1235; ],
2960 [ ac_cv_have_sa_family_t="yes" ],
2963 #include <sys/types.h>
2964 #include <sys/socket.h>
2965 #include <netinet/in.h>
2967 [ sa_family_t foo; foo = 1235; ],
2968 [ ac_cv_have_sa_family_t="yes" ],
2970 [ ac_cv_have_sa_family_t="no" ]
2974 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2975 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2976 [define if you have sa_family_t data type])
2979 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2982 #include <sys/types.h>
2984 [ pid_t foo; foo = 1235; ],
2985 [ ac_cv_have_pid_t="yes" ],
2986 [ ac_cv_have_pid_t="no" ]
2989 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2990 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2993 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2996 #include <sys/types.h>
2998 [ mode_t foo; foo = 1235; ],
2999 [ ac_cv_have_mode_t="yes" ],
3000 [ ac_cv_have_mode_t="no" ]
3003 if test "x$ac_cv_have_mode_t" = "xyes" ; then
3004 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
3008 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
3011 #include <sys/types.h>
3012 #include <sys/socket.h>
3014 [ struct sockaddr_storage s; ],
3015 [ ac_cv_have_struct_sockaddr_storage="yes" ],
3016 [ ac_cv_have_struct_sockaddr_storage="no" ]
3019 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
3020 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
3021 [define if you have struct sockaddr_storage data type])
3024 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
3027 #include <sys/types.h>
3028 #include <netinet/in.h>
3030 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
3031 [ ac_cv_have_struct_sockaddr_in6="yes" ],
3032 [ ac_cv_have_struct_sockaddr_in6="no" ]
3035 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3036 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
3037 [define if you have struct sockaddr_in6 data type])
3040 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3043 #include <sys/types.h>
3044 #include <netinet/in.h>
3046 [ struct in6_addr s; s.s6_addr[0] = 0; ],
3047 [ ac_cv_have_struct_in6_addr="yes" ],
3048 [ ac_cv_have_struct_in6_addr="no" ]
3051 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3052 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
3053 [define if you have struct in6_addr data type])
3056 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3059 #include <sys/types.h>
3060 #include <sys/socket.h>
3063 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
3064 [ ac_cv_have_struct_addrinfo="yes" ],
3065 [ ac_cv_have_struct_addrinfo="no" ]
3068 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3069 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
3070 [define if you have struct addrinfo data type])
3073 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3075 [ #include <sys/time.h> ],
3076 [ struct timeval tv; tv.tv_sec = 1;],
3077 [ ac_cv_have_struct_timeval="yes" ],
3078 [ ac_cv_have_struct_timeval="no" ]
3081 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3082 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3083 have_struct_timeval=1
3086 AC_CHECK_TYPES(struct timespec)
3088 # We need int64_t or else certian parts of the compile will fail.
3089 if test "x$ac_cv_have_int64_t" = "xno" && \
3090 test "x$ac_cv_sizeof_long_int" != "x8" && \
3091 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3092 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3093 echo "an alternative compiler (I.E., GCC) before continuing."
3097 dnl test snprintf (broken on SCO w/gcc)
3102 #ifdef HAVE_SNPRINTF
3106 char expected_out[50];
3108 #if (SIZEOF_LONG_INT == 8)
3109 long int num = 0x7fffffffffffffff;
3111 long long num = 0x7fffffffffffffffll;
3113 strcpy(expected_out, "9223372036854775807");
3114 snprintf(buf, mazsize, "%lld", num);
3115 if(strcmp(buf, expected_out) != 0)
3122 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3123 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3127 dnl Checks for structure members
3128 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3129 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3130 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3131 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3132 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3133 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3134 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3135 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3136 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3137 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3138 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3139 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3140 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3141 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3142 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3143 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3144 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3146 AC_CHECK_MEMBERS([struct stat.st_blksize])
3147 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3148 [Define if we don't have struct __res_state in resolv.h])],
3151 #if HAVE_SYS_TYPES_H
3152 # include <sys/types.h>
3154 #include <netinet/in.h>
3155 #include <arpa/nameser.h>
3159 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3160 ac_cv_have_ss_family_in_struct_ss, [
3163 #include <sys/types.h>
3164 #include <sys/socket.h>
3166 [ struct sockaddr_storage s; s.ss_family = 1; ],
3167 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3168 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3171 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3172 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3175 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3176 ac_cv_have___ss_family_in_struct_ss, [
3179 #include <sys/types.h>
3180 #include <sys/socket.h>
3182 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3183 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3184 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3187 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3188 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3189 [Fields in struct sockaddr_storage])
3192 AC_CACHE_CHECK([for pw_class field in struct passwd],
3193 ac_cv_have_pw_class_in_struct_passwd, [
3198 [ struct passwd p; p.pw_class = 0; ],
3199 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3200 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3203 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3204 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3205 [Define if your password has a pw_class field])
3208 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3209 ac_cv_have_pw_expire_in_struct_passwd, [
3214 [ struct passwd p; p.pw_expire = 0; ],
3215 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3216 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3219 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3220 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3221 [Define if your password has a pw_expire field])
3224 AC_CACHE_CHECK([for pw_change field in struct passwd],
3225 ac_cv_have_pw_change_in_struct_passwd, [
3230 [ struct passwd p; p.pw_change = 0; ],
3231 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3232 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3235 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3236 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3237 [Define if your password has a pw_change field])
3240 dnl make sure we're using the real structure members and not defines
3241 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3242 ac_cv_have_accrights_in_msghdr, [
3245 #include <sys/types.h>
3246 #include <sys/socket.h>
3247 #include <sys/uio.h>
3249 #ifdef msg_accrights
3250 #error "msg_accrights is a macro"
3254 m.msg_accrights = 0;
3258 [ ac_cv_have_accrights_in_msghdr="yes" ],
3259 [ ac_cv_have_accrights_in_msghdr="no" ]
3262 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3263 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3264 [Define if your system uses access rights style
3265 file descriptor passing])
3268 AC_MSG_CHECKING(if f_fsid has val members)
3270 #include <sys/types.h>
3271 #include <sys/statvfs.h>],
3272 [struct fsid_t t; t.val[0] = 0;],
3273 [ AC_MSG_RESULT(yes)
3274 AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
3275 [ AC_MSG_RESULT(no) ]
3278 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3279 ac_cv_have_control_in_msghdr, [
3282 #include <sys/types.h>
3283 #include <sys/socket.h>
3284 #include <sys/uio.h>
3287 #error "msg_control is a macro"
3295 [ ac_cv_have_control_in_msghdr="yes" ],
3296 [ ac_cv_have_control_in_msghdr="no" ]
3299 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3300 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3301 [Define if your system uses ancillary data style
3302 file descriptor passing])
3305 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3307 [ extern char *__progname; printf("%s", __progname); ],
3308 [ ac_cv_libc_defines___progname="yes" ],
3309 [ ac_cv_libc_defines___progname="no" ]
3312 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3313 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3316 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3320 [ printf("%s", __FUNCTION__); ],
3321 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3322 [ ac_cv_cc_implements___FUNCTION__="no" ]
3325 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3326 AC_DEFINE(HAVE___FUNCTION__, 1,
3327 [Define if compiler implements __FUNCTION__])
3330 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3334 [ printf("%s", __func__); ],
3335 [ ac_cv_cc_implements___func__="yes" ],
3336 [ ac_cv_cc_implements___func__="no" ]
3339 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3340 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3343 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3345 [#include <stdarg.h>
3348 [ ac_cv_have_va_copy="yes" ],
3349 [ ac_cv_have_va_copy="no" ]
3352 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3353 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3356 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3358 [#include <stdarg.h>
3361 [ ac_cv_have___va_copy="yes" ],
3362 [ ac_cv_have___va_copy="no" ]
3365 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3366 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3369 AC_CACHE_CHECK([whether getopt has optreset support],
3370 ac_cv_have_getopt_optreset, [
3375 [ extern int optreset; optreset = 0; ],
3376 [ ac_cv_have_getopt_optreset="yes" ],
3377 [ ac_cv_have_getopt_optreset="no" ]
3380 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3381 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3382 [Define if your getopt(3) defines and uses optreset])
3385 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3387 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3388 [ ac_cv_libc_defines_sys_errlist="yes" ],
3389 [ ac_cv_libc_defines_sys_errlist="no" ]
3392 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3393 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3394 [Define if your system defines sys_errlist[]])
3398 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3400 [ extern int sys_nerr; printf("%i", sys_nerr);],
3401 [ ac_cv_libc_defines_sys_nerr="yes" ],
3402 [ ac_cv_libc_defines_sys_nerr="no" ]
3405 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3406 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3410 # Check whether user wants sectok support
3412 [ --with-sectok Enable smartcard support using libsectok],
3414 if test "x$withval" != "xno" ; then
3415 if test "x$withval" != "xyes" ; then
3416 CPPFLAGS="$CPPFLAGS -I${withval}"
3417 LDFLAGS="$LDFLAGS -L${withval}"
3418 if test ! -z "$need_dash_r" ; then
3419 LDFLAGS="$LDFLAGS -R${withval}"
3421 if test ! -z "$blibpath" ; then
3422 blibpath="$blibpath:${withval}"
3425 AC_CHECK_HEADERS(sectok.h)
3426 if test "$ac_cv_header_sectok_h" != yes; then
3427 AC_MSG_ERROR(Can't find sectok.h)
3429 AC_CHECK_LIB(sectok, sectok_open)
3430 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3431 AC_MSG_ERROR(Can't find libsectok)
3433 AC_DEFINE(SMARTCARD, 1,
3434 [Define if you want smartcard support])
3435 AC_DEFINE(USE_SECTOK, 1,
3436 [Define if you want smartcard support
3438 SCARD_MSG="yes, using sectok"
3443 # Check whether user wants OpenSC support
3446 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3448 if test "x$withval" != "xno" ; then
3449 if test "x$withval" != "xyes" ; then
3450 OPENSC_CONFIG=$withval/bin/opensc-config
3452 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3454 if test "$OPENSC_CONFIG" != "no"; then
3455 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3456 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3457 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3458 LIBS="$LIBS $LIBOPENSC_LIBS"
3459 AC_DEFINE(SMARTCARD)
3460 AC_DEFINE(USE_OPENSC, 1,
3461 [Define if you want smartcard support
3463 SCARD_MSG="yes, using OpenSC"
3469 # Check libraries needed by DNS fingerprint support
3470 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3471 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3472 [Define if getrrsetbyname() exists])],
3474 # Needed by our getrrsetbyname()
3475 AC_SEARCH_LIBS(res_query, resolv)
3476 AC_SEARCH_LIBS(dn_expand, resolv)
3477 AC_MSG_CHECKING(if res_query will link)
3478 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3481 LIBS="$LIBS -lresolv"
3482 AC_MSG_CHECKING(for res_query in -lresolv)
3487 res_query (0, 0, 0, 0, 0);
3491 [LIBS="$LIBS -lresolv"
3492 AC_MSG_RESULT(yes)],
3496 AC_CHECK_FUNCS(_getshort _getlong)
3497 AC_CHECK_DECLS([_getshort, _getlong], , ,
3498 [#include <sys/types.h>
3499 #include <arpa/nameser.h>])
3500 AC_CHECK_MEMBER(HEADER.ad,
3501 [AC_DEFINE(HAVE_HEADER_AD, 1,
3502 [Define if HEADER.ad exists in arpa/nameser.h])],,
3503 [#include <arpa/nameser.h>])
3506 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3509 #if HAVE_SYS_TYPES_H
3510 # include <sys/types.h>
3512 #include <netinet/in.h>
3513 #include <arpa/nameser.h>
3515 extern struct __res_state _res;
3516 int main() { return 0; }
3519 AC_DEFINE(HAVE__RES_EXTERN, 1,
3520 [Define if you have struct __res_state _res as an extern])
3522 [ AC_MSG_RESULT(no) ]
3525 # Check whether user wants SELinux support
3528 AC_ARG_WITH(selinux,
3529 [ --with-selinux Enable SELinux support],
3530 [ if test "x$withval" != "xno" ; then
3532 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3534 AC_CHECK_HEADER([selinux/selinux.h], ,
3535 AC_MSG_ERROR(SELinux support requires selinux.h header))
3536 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3537 AC_MSG_ERROR(SELinux support requires libselinux library))
3538 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3539 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3544 # Check whether user wants Kerberos 5 support
3546 AC_ARG_WITH(kerberos5,
3547 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3548 [ if test "x$withval" != "xno" ; then
3549 if test "x$withval" = "xyes" ; then
3550 KRB5ROOT="/usr/local"
3555 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3558 AC_MSG_CHECKING(for krb5-config)
3559 if test -x $KRB5ROOT/bin/krb5-config ; then
3560 KRB5CONF=$KRB5ROOT/bin/krb5-config
3561 AC_MSG_RESULT($KRB5CONF)
3563 AC_MSG_CHECKING(for gssapi support)
3564 if $KRB5CONF | grep gssapi >/dev/null ; then
3566 AC_DEFINE(GSSAPI, 1,
3567 [Define this if you want GSSAPI
3568 support in the version 2 protocol])
3574 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3575 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3576 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3577 AC_MSG_CHECKING(whether we are using Heimdal)
3578 AC_TRY_COMPILE([ #include <krb5.h> ],
3579 [ char *tmp = heimdal_version; ],
3580 [ AC_MSG_RESULT(yes)
3581 AC_DEFINE(HEIMDAL, 1,
3582 [Define this if you are using the
3583 Heimdal version of Kerberos V5]) ],
3588 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3589 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3590 AC_MSG_CHECKING(whether we are using Heimdal)
3591 AC_TRY_COMPILE([ #include <krb5.h> ],
3592 [ char *tmp = heimdal_version; ],
3593 [ AC_MSG_RESULT(yes)
3595 K5LIBS="-lkrb5 -ldes"
3596 K5LIBS="$K5LIBS -lcom_err -lasn1"
3597 AC_CHECK_LIB(roken, net_write,
3598 [K5LIBS="$K5LIBS -lroken"])
3601 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3604 AC_SEARCH_LIBS(dn_expand, resolv)
3606 AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
3608 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3609 [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
3611 K5LIBS="-lgssapi $K5LIBS" ],
3612 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3617 AC_CHECK_HEADER(gssapi.h, ,
3618 [ unset ac_cv_header_gssapi_h
3619 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3620 AC_CHECK_HEADERS(gssapi.h, ,
3621 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3627 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3628 AC_CHECK_HEADER(gssapi_krb5.h, ,
3629 [ CPPFLAGS="$oldCPP" ])
3631 # If we're using some other GSSAPI
3632 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3633 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3636 if test -z "$GSSAPI"; then
3641 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3642 AC_CHECK_HEADER(gssapi_krb5.h, ,
3643 [ CPPFLAGS="$oldCPP" ])
3646 if test ! -z "$need_dash_r" ; then
3647 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3649 if test ! -z "$blibpath" ; then
3650 blibpath="$blibpath:${KRB5ROOT}/lib"
3653 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3654 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3655 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3657 LIBS="$LIBS $K5LIBS"
3658 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3659 [Define this if you want to use libkafs' AFS support]))
3664 # Check whether user wants AFS_KRB5 support
3666 AC_ARG_WITH(afs-krb5,
3667 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3669 if test "x$withval" != "xno" ; then
3671 if test "x$withval" != "xyes" ; then
3672 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3673 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3675 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3677 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3680 if test -z "$KRB5ROOT" ; then
3681 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3684 LIBS="-lkrbafs -lkrb4 $LIBS"
3685 if test ! -z "$AFS_LIBS" ; then
3686 LIBS="$LIBS $AFS_LIBS"
3688 AC_DEFINE(AFS_KRB5, 1,
3689 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3695 AC_ARG_WITH(session-hooks,
3696 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3697 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3700 # Looking for programs, paths and files
3702 PRIVSEP_PATH=/var/empty
3703 AC_ARG_WITH(privsep-path,
3704 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3706 if test -n "$withval" && test "x$withval" != "xno" && \
3707 test "x${withval}" != "xyes"; then
3708 PRIVSEP_PATH=$withval
3712 AC_SUBST(PRIVSEP_PATH)
3715 [ --with-xauth=PATH Specify path to xauth program ],
3717 if test -n "$withval" && test "x$withval" != "xno" && \
3718 test "x${withval}" != "xyes"; then
3724 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3725 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3726 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3727 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3728 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3729 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3730 xauth_path="/usr/openwin/bin/xauth"
3735 # strip causes problems with GSI libraries...
3736 if test -z "$GSI_LIBS" ; then
3739 AC_ARG_ENABLE(strip,
3740 [ --disable-strip Disable calling strip(1) on install],
3742 if test "x$enableval" = "xno" ; then
3749 if test -z "$xauth_path" ; then
3750 XAUTH_PATH="undefined"
3751 AC_SUBST(XAUTH_PATH)
3753 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3754 [Define if xauth is found in your path])
3755 XAUTH_PATH=$xauth_path
3756 AC_SUBST(XAUTH_PATH)
3759 # Check for mail directory (last resort if we cannot get it from headers)
3760 if test ! -z "$MAIL" ; then
3761 maildir=`dirname $MAIL`
3762 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3763 [Set this to your mail directory if you don't have maillock.h])
3766 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3767 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3768 disable_ptmx_check=yes
3770 if test -z "$no_dev_ptmx" ; then
3771 if test "x$disable_ptmx_check" != "xyes" ; then
3772 AC_CHECK_FILE("/dev/ptmx",
3774 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3775 [Define if you have /dev/ptmx])
3782 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3783 AC_CHECK_FILE("/dev/ptc",
3785 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3786 [Define if you have /dev/ptc])
3791 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3794 # Options from here on. Some of these are preset by platform above
3795 AC_ARG_WITH(mantype,
3796 [ --with-mantype=man|cat|doc Set man page type],
3803 AC_MSG_ERROR(invalid man type: $withval)
3808 if test -z "$MANTYPE"; then
3809 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3810 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3811 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3813 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3820 if test "$MANTYPE" = "doc"; then
3827 # Check whether to enable MD5 passwords
3829 AC_ARG_WITH(md5-passwords,
3830 [ --with-md5-passwords Enable use of MD5 passwords],
3832 if test "x$withval" != "xno" ; then
3833 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3834 [Define if you want to allow MD5 passwords])
3840 # Whether to disable shadow password support
3842 [ --without-shadow Disable shadow password support],
3844 if test "x$withval" = "xno" ; then
3845 AC_DEFINE(DISABLE_SHADOW)
3851 if test -z "$disable_shadow" ; then
3852 AC_MSG_CHECKING([if the systems has expire shadow information])
3855 #include <sys/types.h>
3858 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3859 [ sp_expire_available=yes ], []
3862 if test "x$sp_expire_available" = "xyes" ; then
3864 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3865 [Define if you want to use shadow password expire field])
3871 # Use ip address instead of hostname in $DISPLAY
3872 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3873 DISPLAY_HACK_MSG="yes"
3874 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3875 [Define if you need to use IP address
3876 instead of hostname in $DISPLAY])
3878 DISPLAY_HACK_MSG="no"
3879 AC_ARG_WITH(ipaddr-display,
3880 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3882 if test "x$withval" != "xno" ; then
3883 AC_DEFINE(IPADDR_IN_DISPLAY)
3884 DISPLAY_HACK_MSG="yes"
3890 # check for /etc/default/login and use it if present.
3891 AC_ARG_ENABLE(etc-default-login,
3892 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3893 [ if test "x$enableval" = "xno"; then
3894 AC_MSG_NOTICE([/etc/default/login handling disabled])
3895 etc_default_login=no
3897 etc_default_login=yes
3899 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3901 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3902 etc_default_login=no
3904 etc_default_login=yes
3908 if test "x$etc_default_login" != "xno"; then
3909 AC_CHECK_FILE("/etc/default/login",
3910 [ external_path_file=/etc/default/login ])
3911 if test "x$external_path_file" = "x/etc/default/login"; then
3912 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3913 [Define if your system has /etc/default/login])
3917 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3918 if test $ac_cv_func_login_getcapbool = "yes" && \
3919 test $ac_cv_header_login_cap_h = "yes" ; then
3920 external_path_file=/etc/login.conf
3923 # Whether to mess with the default path
3924 SERVER_PATH_MSG="(default)"
3925 AC_ARG_WITH(default-path,
3926 [ --with-default-path= Specify default \$PATH environment for server],
3928 if test "x$external_path_file" = "x/etc/login.conf" ; then
3930 --with-default-path=PATH has no effect on this system.
3931 Edit /etc/login.conf instead.])
3932 elif test "x$withval" != "xno" ; then
3933 if test ! -z "$external_path_file" ; then
3935 --with-default-path=PATH will only be used if PATH is not defined in
3936 $external_path_file .])
3938 user_path="$withval"
3939 SERVER_PATH_MSG="$withval"
3942 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3943 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3945 if test ! -z "$external_path_file" ; then
3947 If PATH is defined in $external_path_file, ensure the path to scp is included,
3948 otherwise scp will not work.])
3952 /* find out what STDPATH is */
3957 #ifndef _PATH_STDPATH
3958 # ifdef _PATH_USERPATH /* Irix */
3959 # define _PATH_STDPATH _PATH_USERPATH
3961 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3964 #include <sys/types.h>
3965 #include <sys/stat.h>
3967 #define DATA "conftest.stdpath"
3974 fd = fopen(DATA,"w");
3978 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3984 [ user_path=`cat conftest.stdpath` ],
3985 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3986 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3990 if test "x$external_path_file" != "x/etc/login.conf" ; then
3991 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3995 # Set superuser path separately to user path
3996 AC_ARG_WITH(superuser-path,
3997 [ --with-superuser-path= Specify different path for super-user],
3999 if test -n "$withval" && test "x$withval" != "xno" && \
4000 test "x${withval}" != "xyes"; then
4001 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
4002 [Define if you want a different $PATH
4004 superuser_path=$withval
4010 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
4011 IPV4_IN6_HACK_MSG="no"
4013 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
4015 if test "x$withval" != "xno" ; then
4017 AC_DEFINE(IPV4_IN_IPV6, 1,
4018 [Detect IPv4 in IPv6 mapped addresses
4020 IPV4_IN6_HACK_MSG="yes"
4025 if test "x$inet6_default_4in6" = "xyes"; then
4026 AC_MSG_RESULT([yes (default)])
4027 AC_DEFINE(IPV4_IN_IPV6)
4028 IPV4_IN6_HACK_MSG="yes"
4030 AC_MSG_RESULT([no (default)])
4035 # Whether to enable BSD auth support
4037 AC_ARG_WITH(bsd-auth,
4038 [ --with-bsd-auth Enable BSD auth support],
4040 if test "x$withval" != "xno" ; then
4041 AC_DEFINE(BSD_AUTH, 1,
4042 [Define if you have BSD auth support])
4048 # Where to place sshd.pid
4050 # make sure the directory exists
4051 if test ! -d $piddir ; then
4052 piddir=`eval echo ${sysconfdir}`
4054 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4058 AC_ARG_WITH(pid-dir,
4059 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4061 if test -n "$withval" && test "x$withval" != "xno" && \
4062 test "x${withval}" != "xyes"; then
4064 if test ! -d $piddir ; then
4065 AC_MSG_WARN([** no $piddir directory on this system **])
4071 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
4074 dnl allow user to disable some login recording features
4075 AC_ARG_ENABLE(lastlog,
4076 [ --disable-lastlog disable use of lastlog even if detected [no]],
4078 if test "x$enableval" = "xno" ; then
4079 AC_DEFINE(DISABLE_LASTLOG)
4084 [ --disable-utmp disable use of utmp even if detected [no]],
4086 if test "x$enableval" = "xno" ; then
4087 AC_DEFINE(DISABLE_UTMP)
4091 AC_ARG_ENABLE(utmpx,
4092 [ --disable-utmpx disable use of utmpx even if detected [no]],
4094 if test "x$enableval" = "xno" ; then
4095 AC_DEFINE(DISABLE_UTMPX, 1,
4096 [Define if you don't want to use utmpx])
4101 [ --disable-wtmp disable use of wtmp even if detected [no]],
4103 if test "x$enableval" = "xno" ; then
4104 AC_DEFINE(DISABLE_WTMP)
4108 AC_ARG_ENABLE(wtmpx,
4109 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4111 if test "x$enableval" = "xno" ; then
4112 AC_DEFINE(DISABLE_WTMPX, 1,
4113 [Define if you don't want to use wtmpx])
4117 AC_ARG_ENABLE(libutil,
4118 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4120 if test "x$enableval" = "xno" ; then
4121 AC_DEFINE(DISABLE_LOGIN)
4125 AC_ARG_ENABLE(pututline,
4126 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4128 if test "x$enableval" = "xno" ; then
4129 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4130 [Define if you don't want to use pututline()
4131 etc. to write [uw]tmp])
4135 AC_ARG_ENABLE(pututxline,
4136 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4138 if test "x$enableval" = "xno" ; then
4139 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4140 [Define if you don't want to use pututxline()
4141 etc. to write [uw]tmpx])
4145 AC_ARG_WITH(lastlog,
4146 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4148 if test "x$withval" = "xno" ; then
4149 AC_DEFINE(DISABLE_LASTLOG)
4150 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4151 conf_lastlog_location=$withval
4156 dnl lastlog, [uw]tmpx? detection
4157 dnl NOTE: set the paths in the platform section to avoid the
4158 dnl need for command-line parameters
4159 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4161 dnl lastlog detection
4162 dnl NOTE: the code itself will detect if lastlog is a directory
4163 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4165 #include <sys/types.h>
4167 #ifdef HAVE_LASTLOG_H
4168 # include <lastlog.h>
4177 [ char *lastlog = LASTLOG_FILE; ],
4178 [ AC_MSG_RESULT(yes) ],
4181 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4183 #include <sys/types.h>
4185 #ifdef HAVE_LASTLOG_H
4186 # include <lastlog.h>
4192 [ char *lastlog = _PATH_LASTLOG; ],
4193 [ AC_MSG_RESULT(yes) ],
4196 system_lastlog_path=no
4201 if test -z "$conf_lastlog_location"; then
4202 if test x"$system_lastlog_path" = x"no" ; then
4203 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4204 if (test -d "$f" || test -f "$f") ; then
4205 conf_lastlog_location=$f
4208 if test -z "$conf_lastlog_location"; then
4209 AC_MSG_WARN([** Cannot find lastlog **])
4210 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4215 if test -n "$conf_lastlog_location"; then
4216 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4217 [Define if you want to specify the path to your lastlog file])
4221 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4223 #include <sys/types.h>
4229 [ char *utmp = UTMP_FILE; ],
4230 [ AC_MSG_RESULT(yes) ],
4232 system_utmp_path=no ]
4234 if test -z "$conf_utmp_location"; then
4235 if test x"$system_utmp_path" = x"no" ; then
4236 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4237 if test -f $f ; then
4238 conf_utmp_location=$f
4241 if test -z "$conf_utmp_location"; then
4242 AC_DEFINE(DISABLE_UTMP)
4246 if test -n "$conf_utmp_location"; then
4247 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4248 [Define if you want to specify the path to your utmp file])
4252 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4254 #include <sys/types.h>
4260 [ char *wtmp = WTMP_FILE; ],
4261 [ AC_MSG_RESULT(yes) ],
4263 system_wtmp_path=no ]
4265 if test -z "$conf_wtmp_location"; then
4266 if test x"$system_wtmp_path" = x"no" ; then
4267 for f in /usr/adm/wtmp /var/log/wtmp; do
4268 if test -f $f ; then
4269 conf_wtmp_location=$f
4272 if test -z "$conf_wtmp_location"; then
4273 AC_DEFINE(DISABLE_WTMP)
4277 if test -n "$conf_wtmp_location"; then
4278 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4279 [Define if you want to specify the path to your wtmp file])
4283 dnl utmpx detection - I don't know any system so perverse as to require
4284 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4286 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4288 #include <sys/types.h>
4297 [ char *utmpx = UTMPX_FILE; ],
4298 [ AC_MSG_RESULT(yes) ],
4300 system_utmpx_path=no ]
4302 if test -z "$conf_utmpx_location"; then
4303 if test x"$system_utmpx_path" = x"no" ; then
4304 AC_DEFINE(DISABLE_UTMPX)
4307 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4308 [Define if you want to specify the path to your utmpx file])
4312 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4314 #include <sys/types.h>
4323 [ char *wtmpx = WTMPX_FILE; ],
4324 [ AC_MSG_RESULT(yes) ],
4326 system_wtmpx_path=no ]
4328 if test -z "$conf_wtmpx_location"; then
4329 if test x"$system_wtmpx_path" = x"no" ; then
4330 AC_DEFINE(DISABLE_WTMPX)
4333 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4334 [Define if you want to specify the path to your wtmpx file])
4338 if test ! -z "$blibpath" ; then
4339 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4340 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4343 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4345 CFLAGS="$CFLAGS $werror_flags"
4347 if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
4348 test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
4349 AC_SUBST(TEST_SSH_IPV6, no)
4351 AC_SUBST(TEST_SSH_IPV6, yes)
4355 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4356 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4357 scard/Makefile ssh_prng_cmds survey.sh])
4360 # Print summary of options
4362 # Someone please show me a better way :)
4363 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4364 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4365 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4366 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4367 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4368 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4369 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4370 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4371 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4374 echo "OpenSSH has been configured with the following options:"
4375 echo " User binaries: $B"
4376 echo " System binaries: $C"
4377 echo " Configuration files: $D"
4378 echo " Askpass program: $E"
4379 echo " Manual pages: $F"
4380 echo " Privilege separation chroot path: $H"
4381 if test "x$external_path_file" = "x/etc/login.conf" ; then
4382 echo " At runtime, sshd will use the path defined in $external_path_file"
4383 echo " Make sure the path to scp is present, otherwise scp will not work"
4385 echo " sshd default user PATH: $I"
4386 if test ! -z "$external_path_file"; then
4387 echo " (If PATH is set in $external_path_file it will be used instead. If"
4388 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4391 if test ! -z "$superuser_path" ; then
4392 echo " sshd superuser user PATH: $J"
4394 echo " Manpage format: $MANTYPE"
4395 echo " PAM support: $PAM_MSG"
4396 echo " OSF SIA support: $SIA_MSG"
4397 echo " KerberosV support: $KRB5_MSG"
4398 echo " SELinux support: $SELINUX_MSG"
4399 echo " Smartcard support: $SCARD_MSG"
4400 echo " S/KEY support: $SKEY_MSG"
4401 echo " TCP Wrappers support: $TCPW_MSG"
4402 echo " MD5 password support: $MD5_MSG"
4403 echo " libedit support: $LIBEDIT_MSG"
4404 echo " Solaris process contract support: $SPC_MSG"
4405 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4406 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4407 echo " BSD Auth support: $BSD_AUTH_MSG"
4408 echo " Random number source: $RAND_MSG"
4409 if test ! -z "$USE_RAND_HELPER" ; then
4410 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4415 echo " Host: ${host}"
4416 echo " Compiler: ${CC}"
4417 echo " Compiler flags: ${CFLAGS}"
4418 echo "Preprocessor flags: ${CPPFLAGS}"
4419 echo " Linker flags: ${LDFLAGS}"
4420 echo " Libraries: ${LIBS}"
4421 if test ! -z "${SSHDLIBS}"; then
4422 echo " +for sshd: ${SSHDLIBS}"
4427 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4428 echo "SVR4 style packages are supported with \"make package\""
4432 if test "x$PAM_MSG" = "xyes" ; then
4433 echo "PAM is enabled. You may need to install a PAM control file "
4434 echo "for sshd, otherwise password authentication may fail. "
4435 echo "Example PAM control files can be found in the contrib/ "
4440 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4441 echo "WARNING: you are using the builtin random number collection "
4442 echo "service. Please read WARNING.RNG and request that your OS "
4443 echo "vendor includes kernel-based random number collection in "
4444 echo "future versions of your OS."
4448 if test ! -z "$NO_PEERCHECK" ; then
4449 echo "WARNING: the operating system that you are using does not"
4450 echo "appear to support getpeereid(), getpeerucred() or the"
4451 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4452 echo "enforce security checks to prevent unauthorised connections to"
4453 echo "ssh-agent. Their absence increases the risk that a malicious"
4454 echo "user can connect to your agent."
4458 if test "$AUDIT_MODULE" = "bsm" ; then
4459 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4460 echo "See the Solaris section in README.platform for details."