3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 if test -z "$have_llong_max"; then
109 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
110 unset ac_cv_have_decl_LLONG_MAX
111 saved_CFLAGS="$CFLAGS"
112 CFLAGS="$CFLAGS -std=gnu99"
113 AC_CHECK_DECL(LLONG_MAX,
115 [CFLAGS="$saved_CFLAGS"],
116 [#include <limits.h>]
121 if test "x$no_attrib_nonnull" != "x1" ; then
122 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
126 [ --without-rpath Disable auto-added -R linker paths],
128 if test "x$withval" = "xno" ; then
131 if test "x$withval" = "xyes" ; then
137 # Allow user to specify flags
139 [ --with-cflags Specify additional flags to pass to compiler],
141 if test -n "$withval" && test "x$withval" != "xno" && \
142 test "x${withval}" != "xyes"; then
143 CFLAGS="$CFLAGS $withval"
147 AC_ARG_WITH(cppflags,
148 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CPPFLAGS="$CPPFLAGS $withval"
157 [ --with-ldflags Specify additional flags to pass to linker],
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 LDFLAGS="$LDFLAGS $withval"
166 [ --with-libs Specify additional libraries to link with],
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LIBS="$LIBS $withval"
175 [ --with-Werror Build main code with -Werror],
177 if test -n "$withval" && test "x$withval" != "xno"; then
178 werror_flags="-Werror"
179 if test "x${withval}" != "xyes"; then
180 werror_flags="$withval"
212 security/pam_appl.h \
250 # lastlog.h requires sys/time.h to be included first on Solaris
251 AC_CHECK_HEADERS(lastlog.h, [], [], [
252 #ifdef HAVE_SYS_TIME_H
253 # include <sys/time.h>
257 # sys/ptms.h requires sys/stream.h to be included first on Solaris
258 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
259 #ifdef HAVE_SYS_STREAM_H
260 # include <sys/stream.h>
264 # login_cap.h requires sys/types.h on NetBSD
265 AC_CHECK_HEADERS(login_cap.h, [], [], [
266 #include <sys/types.h>
269 # Messages for features tested for in target-specific section
273 # Check for some target-specific stuff
276 # Some versions of VAC won't allow macro redefinitions at
277 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
278 # particularly with older versions of vac or xlc.
279 # It also throws errors about null macro argments, but these are
281 AC_MSG_CHECKING(if compiler allows macro redefinitions)
284 #define testmacro foo
285 #define testmacro bar
286 int main(void) { exit(0); }
288 [ AC_MSG_RESULT(yes) ],
290 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
291 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
292 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
293 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
297 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
298 if (test -z "$blibpath"); then
299 blibpath="/usr/lib:/lib"
301 saved_LDFLAGS="$LDFLAGS"
302 if test "$GCC" = "yes"; then
303 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
305 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
307 for tryflags in $flags ;do
308 if (test -z "$blibflags"); then
309 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
310 AC_TRY_LINK([], [], [blibflags=$tryflags])
313 if (test -z "$blibflags"); then
314 AC_MSG_RESULT(not found)
315 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
317 AC_MSG_RESULT($blibflags)
319 LDFLAGS="$saved_LDFLAGS"
320 dnl Check for authenticate. Might be in libs.a on older AIXes
321 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
322 [Define if you want to enable AIX4's authenticate function])],
323 [AC_CHECK_LIB(s,authenticate,
324 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
328 dnl Check for various auth function declarations in headers.
329 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
330 passwdexpired, setauthdb], , , [#include <usersec.h>])
331 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
332 AC_CHECK_DECLS(loginfailed,
333 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
335 [#include <usersec.h>],
336 [(void)loginfailed("user","host","tty",0);],
338 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
339 [Define if your AIX loginfailed() function
340 takes 4 arguments (AIX >= 5.2)])],
344 [#include <usersec.h>]
346 AC_CHECK_FUNCS(setauthdb)
347 AC_CHECK_DECL(F_CLOSEM,
348 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
350 [ #include <limits.h>
353 check_for_aix_broken_getaddrinfo=1
354 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
355 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
356 [Define if your platform breaks doing a seteuid before a setuid])
357 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
358 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
359 dnl AIX handles lastlog as part of its login message
360 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
361 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
362 [Some systems need a utmpx entry for /bin/login to work])
363 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
364 [Define to a Set Process Title type if your system is
365 supported by bsd-setproctitle.c])
366 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
367 [AIX 5.2 and 5.3 (and presumably newer) require this])
368 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
371 check_for_libcrypt_later=1
372 LIBS="$LIBS /usr/lib/textreadmode.o"
373 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
374 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
375 AC_DEFINE(DISABLE_SHADOW, 1,
376 [Define if you want to disable shadow passwords])
377 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
378 [Define if your system choked on IP TOS setting])
379 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
380 [Define if X11 doesn't support AF_UNIX sockets on that system])
381 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
382 [Define if the concept of ports only accessible to
383 superusers isn't known])
384 AC_DEFINE(DISABLE_FD_PASSING, 1,
385 [Define if your platform needs to skip post auth
386 file descriptor passing])
389 AC_DEFINE(IP_TOS_IS_BROKEN)
390 AC_DEFINE(SETEUID_BREAKS_SETUID)
391 AC_DEFINE(BROKEN_SETREUID)
392 AC_DEFINE(BROKEN_SETREGID)
395 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
396 AC_DEFINE(BROKEN_GETADDRINFO)
397 AC_DEFINE(SETEUID_BREAKS_SETUID)
398 AC_DEFINE(BROKEN_SETREUID)
399 AC_DEFINE(BROKEN_SETREGID)
400 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
401 [Define if your resolver libs need this for getrrsetbyname])
402 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
403 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
404 [Use tunnel device compatibility to OpenBSD])
405 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
406 [Prepend the address family to IP tunnel traffic])
407 AC_MSG_CHECKING(if we have the Security Authorization Session API)
408 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
409 [SessionCreate(0, 0);],
410 [ac_cv_use_security_session_api="yes"
411 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
412 [platform has the Security Authorization Session API])
413 LIBS="$LIBS -framework Security"
415 [ac_cv_use_security_session_api="no"
417 AC_MSG_CHECKING(if we have an in-memory credentials cache)
419 [#include <Kerberos/Kerberos.h>],
421 (void) cc_initialize (&c, 0, NULL, NULL);],
422 [AC_DEFINE(USE_CCAPI, 1,
423 [platform uses an in-memory credentials cache])
424 LIBS="$LIBS -framework Security"
426 if test "x$ac_cv_use_security_session_api" = "xno"; then
427 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
433 SSHDLIBS="$SSHDLIBS -lcrypt"
436 # first we define all of the options common to all HP-UX releases
437 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
438 IPADDR_IN_DISPLAY=yes
440 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
441 [Define if your login program cannot handle end of options ("--")])
442 AC_DEFINE(LOGIN_NEEDS_UTMPX)
443 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
444 [String used in /etc/passwd to denote locked account])
445 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
446 MAIL="/var/mail/username"
448 AC_CHECK_LIB(xnet, t_error, ,
449 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
451 # next, we define all of the options specific to major releases
454 if test -z "$GCC"; then
459 AC_DEFINE(PAM_SUN_CODEBASE, 1,
460 [Define if you are using Solaris-derived PAM which
461 passes pam_messages to the conversation function
462 with an extra level of indirection])
463 AC_DEFINE(DISABLE_UTMP, 1,
464 [Define if you don't want to use utmp])
465 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
466 check_for_hpux_broken_getaddrinfo=1
467 check_for_conflicting_getspnam=1
471 # lastly, we define options specific to minor releases
474 AC_DEFINE(HAVE_SECUREWARE, 1,
475 [Define if you have SecureWare-based
476 protected password database])
477 disable_ptmx_check=yes
483 PATH="$PATH:/usr/etc"
484 AC_DEFINE(BROKEN_INET_NTOA, 1,
485 [Define if you system's inet_ntoa is busted
486 (e.g. Irix gcc issue)])
487 AC_DEFINE(SETEUID_BREAKS_SETUID)
488 AC_DEFINE(BROKEN_SETREUID)
489 AC_DEFINE(BROKEN_SETREGID)
490 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
491 [Define if you shouldn't strip 'tty' from your
493 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
496 PATH="$PATH:/usr/etc"
497 AC_DEFINE(WITH_IRIX_ARRAY, 1,
498 [Define if you have/want arrays
499 (cluster-wide session managment, not C arrays)])
500 AC_DEFINE(WITH_IRIX_PROJECT, 1,
501 [Define if you want IRIX project management])
502 AC_DEFINE(WITH_IRIX_AUDIT, 1,
503 [Define if you want IRIX audit trails])
504 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
505 [Define if you want IRIX kernel jobs])])
506 AC_DEFINE(BROKEN_INET_NTOA)
507 AC_DEFINE(SETEUID_BREAKS_SETUID)
508 AC_DEFINE(BROKEN_SETREUID)
509 AC_DEFINE(BROKEN_SETREGID)
510 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
511 AC_DEFINE(WITH_ABBREV_NO_TTY)
512 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
516 check_for_libcrypt_later=1
517 check_for_openpty_ctty_bug=1
518 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
519 AC_DEFINE(PAM_TTY_KLUDGE, 1,
520 [Work around problematic Linux PAM modules handling of PAM_TTY])
521 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
522 [String used in /etc/passwd to denote locked account])
523 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
524 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
525 [Define to whatever link() returns for "not supported"
526 if it doesn't return EOPNOTSUPP.])
527 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
529 inet6_default_4in6=yes
532 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
533 [Define if cmsg_type is not passed correctly])
536 # tun(4) forwarding compat code
537 AC_CHECK_HEADERS(linux/if_tun.h)
538 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
539 AC_DEFINE(SSH_TUN_LINUX, 1,
540 [Open tunnel devices the Linux tun/tap way])
541 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
542 [Use tunnel device compatibility to OpenBSD])
543 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
544 [Prepend the address family to IP tunnel traffic])
547 mips-sony-bsd|mips-sony-newsos4)
548 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
552 check_for_libcrypt_before=1
553 if test "x$withval" != "xno" ; then
556 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
557 AC_CHECK_HEADER([net/if_tap.h], ,
558 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
559 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
560 [Prepend the address family to IP tunnel traffic])
563 check_for_libcrypt_later=1
564 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
565 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
566 AC_CHECK_HEADER([net/if_tap.h], ,
567 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
570 AC_DEFINE(SETEUID_BREAKS_SETUID)
571 AC_DEFINE(BROKEN_SETREUID)
572 AC_DEFINE(BROKEN_SETREGID)
575 conf_lastlog_location="/usr/adm/lastlog"
576 conf_utmp_location=/etc/utmp
577 conf_wtmp_location=/usr/adm/wtmp
579 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
580 AC_DEFINE(BROKEN_REALPATH)
582 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
585 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
586 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
587 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
588 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
589 [syslog_r function is safe to use in in a signal handler])
592 if test "x$withval" != "xno" ; then
595 AC_DEFINE(PAM_SUN_CODEBASE)
596 AC_DEFINE(LOGIN_NEEDS_UTMPX)
597 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
598 [Some versions of /bin/login need the TERM supplied
600 AC_DEFINE(PAM_TTY_KLUDGE)
601 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
602 [Define if pam_chauthtok wants real uid set
603 to the unpriv'ed user])
604 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
605 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
606 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
607 [Define if sshd somehow reacquires a controlling TTY
609 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
610 in case the name is longer than 8 chars])
611 external_path_file=/etc/default/login
612 # hardwire lastlog location (can't detect it on some versions)
613 conf_lastlog_location="/var/adm/lastlog"
614 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
615 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
616 if test "$sol2ver" -ge 8; then
618 AC_DEFINE(DISABLE_UTMP)
619 AC_DEFINE(DISABLE_WTMP, 1,
620 [Define if you don't want to use wtmp])
624 AC_ARG_WITH(solaris-contracts,
625 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
627 AC_CHECK_LIB(contract, ct_tmpl_activate,
628 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
629 [Define if you have Solaris process contracts])
630 SSHDLIBS="$SSHDLIBS -lcontract"
637 CPPFLAGS="$CPPFLAGS -DSUNOS4"
638 AC_CHECK_FUNCS(getpwanam)
639 AC_DEFINE(PAM_SUN_CODEBASE)
640 conf_utmp_location=/etc/utmp
641 conf_wtmp_location=/var/adm/wtmp
642 conf_lastlog_location=/var/adm/lastlog
648 AC_DEFINE(SSHD_ACQUIRES_CTTY)
649 AC_DEFINE(SETEUID_BREAKS_SETUID)
650 AC_DEFINE(BROKEN_SETREUID)
651 AC_DEFINE(BROKEN_SETREGID)
654 # /usr/ucblib MUST NOT be searched on ReliantUNIX
655 AC_CHECK_LIB(dl, dlsym, ,)
656 # -lresolv needs to be at the end of LIBS or DNS lookups break
657 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
658 IPADDR_IN_DISPLAY=yes
660 AC_DEFINE(IP_TOS_IS_BROKEN)
661 AC_DEFINE(SETEUID_BREAKS_SETUID)
662 AC_DEFINE(BROKEN_SETREUID)
663 AC_DEFINE(BROKEN_SETREGID)
664 AC_DEFINE(SSHD_ACQUIRES_CTTY)
665 external_path_file=/etc/default/login
666 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
667 # Attention: always take care to bind libsocket and libnsl before libc,
668 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
670 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
673 AC_DEFINE(SETEUID_BREAKS_SETUID)
674 AC_DEFINE(BROKEN_SETREUID)
675 AC_DEFINE(BROKEN_SETREGID)
676 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
677 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
679 # UnixWare 7.x, OpenUNIX 8
681 check_for_libcrypt_later=1
682 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
684 AC_DEFINE(SETEUID_BREAKS_SETUID)
685 AC_DEFINE(BROKEN_SETREUID)
686 AC_DEFINE(BROKEN_SETREGID)
687 AC_DEFINE(PASSWD_NEEDS_USERNAME)
689 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
690 TEST_SHELL=/u95/bin/sh
691 AC_DEFINE(BROKEN_LIBIAF, 1,
692 [ia_uinfo routines not supported by OS yet])
693 AC_DEFINE(BROKEN_UPDWTMPX)
695 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
701 # SCO UNIX and OEM versions of SCO UNIX
703 AC_MSG_ERROR("This Platform is no longer supported.")
707 if test -z "$GCC"; then
708 CFLAGS="$CFLAGS -belf"
710 LIBS="$LIBS -lprot -lx -ltinfo -lm"
713 AC_DEFINE(HAVE_SECUREWARE)
714 AC_DEFINE(DISABLE_SHADOW)
715 AC_DEFINE(DISABLE_FD_PASSING)
716 AC_DEFINE(SETEUID_BREAKS_SETUID)
717 AC_DEFINE(BROKEN_SETREUID)
718 AC_DEFINE(BROKEN_SETREGID)
719 AC_DEFINE(WITH_ABBREV_NO_TTY)
720 AC_DEFINE(BROKEN_UPDWTMPX)
721 AC_DEFINE(PASSWD_NEEDS_USERNAME)
722 AC_CHECK_FUNCS(getluid setluid)
727 AC_DEFINE(NO_SSH_LASTLOG, 1,
728 [Define if you don't want to use lastlog in session.c])
729 AC_DEFINE(SETEUID_BREAKS_SETUID)
730 AC_DEFINE(BROKEN_SETREUID)
731 AC_DEFINE(BROKEN_SETREGID)
733 AC_DEFINE(DISABLE_FD_PASSING)
735 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
739 AC_DEFINE(SETEUID_BREAKS_SETUID)
740 AC_DEFINE(BROKEN_SETREUID)
741 AC_DEFINE(BROKEN_SETREGID)
742 AC_DEFINE(WITH_ABBREV_NO_TTY)
744 AC_DEFINE(DISABLE_FD_PASSING)
746 LIBS="$LIBS -lgen -lacid -ldb"
750 AC_DEFINE(SETEUID_BREAKS_SETUID)
751 AC_DEFINE(BROKEN_SETREUID)
752 AC_DEFINE(BROKEN_SETREGID)
754 AC_DEFINE(DISABLE_FD_PASSING)
755 AC_DEFINE(NO_SSH_LASTLOG)
756 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
757 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
761 AC_MSG_CHECKING(for Digital Unix SIA)
764 [ --with-osfsia Enable Digital Unix SIA],
766 if test "x$withval" = "xno" ; then
767 AC_MSG_RESULT(disabled)
772 if test -z "$no_osfsia" ; then
773 if test -f /etc/sia/matrix.conf; then
775 AC_DEFINE(HAVE_OSF_SIA, 1,
776 [Define if you have Digital Unix Security
777 Integration Architecture])
778 AC_DEFINE(DISABLE_LOGIN, 1,
779 [Define if you don't want to use your
780 system's login() call])
781 AC_DEFINE(DISABLE_FD_PASSING)
782 LIBS="$LIBS -lsecurity -ldb -lm -laud"
786 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
787 [String used in /etc/passwd to denote locked account])
790 AC_DEFINE(BROKEN_GETADDRINFO)
791 AC_DEFINE(SETEUID_BREAKS_SETUID)
792 AC_DEFINE(BROKEN_SETREUID)
793 AC_DEFINE(BROKEN_SETREGID)
798 AC_DEFINE(NO_X11_UNIX_SOCKETS)
799 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
800 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
801 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
802 AC_DEFINE(DISABLE_LASTLOG)
803 AC_DEFINE(SSHD_ACQUIRES_CTTY)
804 enable_etc_default_login=no # has incompatible /etc/default/login
807 AC_DEFINE(DISABLE_FD_PASSING)
813 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
814 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
815 AC_DEFINE(NEED_SETPGRP)
816 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
820 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
821 AC_DEFINE(MISSING_HOWMANY)
822 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
826 AC_MSG_CHECKING(compiler and flags for sanity)
832 [ AC_MSG_RESULT(yes) ],
835 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
837 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
840 dnl Checks for header files.
841 # Checks for libraries.
842 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
843 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
845 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
846 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
847 AC_CHECK_LIB(gen, dirname,[
848 AC_CACHE_CHECK([for broken dirname],
849 ac_cv_have_broken_dirname, [
857 int main(int argc, char **argv) {
860 strncpy(buf,"/etc", 32);
862 if (!s || strncmp(s, "/", 32) != 0) {
869 [ ac_cv_have_broken_dirname="no" ],
870 [ ac_cv_have_broken_dirname="yes" ],
871 [ ac_cv_have_broken_dirname="no" ],
875 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
877 AC_DEFINE(HAVE_DIRNAME)
878 AC_CHECK_HEADERS(libgen.h)
883 AC_CHECK_FUNC(getspnam, ,
884 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
885 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
886 [Define if you have the basename function.]))
890 [ --with-zlib=PATH Use zlib in PATH],
891 [ if test "x$withval" = "xno" ; then
892 AC_MSG_ERROR([*** zlib is required ***])
893 elif test "x$withval" != "xyes"; then
894 if test -d "$withval/lib"; then
895 if test -n "${need_dash_r}"; then
896 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
898 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
901 if test -n "${need_dash_r}"; then
902 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
904 LDFLAGS="-L${withval} ${LDFLAGS}"
907 if test -d "$withval/include"; then
908 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
910 CPPFLAGS="-I${withval} ${CPPFLAGS}"
915 AC_CHECK_LIB(z, deflate, ,
917 saved_CPPFLAGS="$CPPFLAGS"
918 saved_LDFLAGS="$LDFLAGS"
920 dnl Check default zlib install dir
921 if test -n "${need_dash_r}"; then
922 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
924 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
926 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
928 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
930 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
935 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
937 AC_ARG_WITH(zlib-version-check,
938 [ --without-zlib-version-check Disable zlib version check],
939 [ if test "x$withval" = "xno" ; then
940 zlib_check_nonfatal=1
945 AC_MSG_CHECKING(for possibly buggy zlib)
946 AC_RUN_IFELSE([AC_LANG_SOURCE([[
951 int a=0, b=0, c=0, d=0, n, v;
952 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
953 if (n != 3 && n != 4)
955 v = a*1000000 + b*10000 + c*100 + d;
956 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
959 if (a == 1 && b == 1 && c >= 4)
962 /* 1.2.3 and up are OK */
971 if test -z "$zlib_check_nonfatal" ; then
972 AC_MSG_ERROR([*** zlib too old - check config.log ***
973 Your reported zlib version has known security problems. It's possible your
974 vendor has fixed these problems without changing the version number. If you
975 are sure this is the case, you can disable the check by running
976 "./configure --without-zlib-version-check".
977 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
978 See http://www.gzip.org/zlib/ for details.])
980 AC_MSG_WARN([zlib version may have security problems])
983 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
987 AC_CHECK_FUNC(strcasecmp,
988 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
990 AC_CHECK_FUNCS(utimes,
991 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
992 LIBS="$LIBS -lc89"]) ]
995 dnl Checks for libutil functions
996 AC_CHECK_HEADERS(libutil.h)
997 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
998 [Define if your libraries define login()])])
999 AC_CHECK_FUNCS(logout updwtmp logwtmp)
1003 # Check for ALTDIRFUNC glob() extension
1004 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1005 AC_EGREP_CPP(FOUNDIT,
1008 #ifdef GLOB_ALTDIRFUNC
1013 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1014 [Define if your system glob() function has
1015 the GLOB_ALTDIRFUNC extension])
1023 # Check for g.gl_matchc glob() extension
1024 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1026 [ #include <glob.h> ],
1027 [glob_t g; g.gl_matchc = 1;],
1029 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1030 [Define if your system glob() function has
1031 gl_matchc options in glob_t])
1039 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1041 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1044 #include <sys/types.h>
1046 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1048 [AC_MSG_RESULT(yes)],
1051 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1052 [Define if your struct dirent expects you to
1053 allocate extra space for d_name])
1056 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1057 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1061 # Check whether the user wants GSSAPI mechglue support
1062 AC_ARG_WITH(mechglue,
1063 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1065 AC_MSG_CHECKING(for mechglue library)
1067 if test -e ${withval}/libgssapi.a ; then
1068 mechglue_lib=${withval}/libgssapi.a
1069 elif test -e ${withval}/lib/libgssapi.a ; then
1070 mechglue_lib=${withval}/lib/libgssapi.a
1072 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1074 LIBS="$LIBS ${mechglue_lib}"
1075 AC_MSG_RESULT(${mechglue_lib})
1077 AC_CHECK_LIB(dl, dlopen, , )
1078 if test $ac_cv_lib_dl_dlopen = yes; then
1079 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1083 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1090 # Check whether the user wants GSI (Globus) support
1093 [ --with-gsi Enable Globus GSI authentication support],
1100 [ --with-globus Enable Globus GSI authentication support],
1106 AC_ARG_WITH(globus-static,
1107 [ --with-globus-static Link statically with Globus GSI libraries],
1110 if test "x$gsi_path" = "xno" ; then
1116 # Check whether the user has a Globus flavor type
1117 globus_flavor_type="no"
1118 AC_ARG_WITH(globus-flavor,
1119 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
1121 globus_flavor_type="$withval"
1122 if test "x$gsi_path" = "xno" ; then
1128 if test "x$gsi_path" != "xno" ; then
1129 # Globus GSSAPI configuration
1130 AC_MSG_CHECKING(for Globus GSI)
1131 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
1133 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
1134 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1136 if test -z "$GSSAPI"; then
1141 if test "x$gsi_path" = "xyes" ; then
1142 if test -z "$GLOBUS_LOCATION" ; then
1143 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
1145 gsi_path="$GLOBUS_LOCATION"
1148 GLOBUS_LOCATION="$gsi_path"
1149 export GLOBUS_LOCATION
1150 if test ! -d "$GLOBUS_LOCATION" ; then
1151 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1154 if test "x$globus_flavor_type" = "xno" ; then
1155 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1157 if test "x$globus_flavor_type" = "xyes" ; then
1158 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1162 AC_MSG_CHECKING(for Globus include path)
1163 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1164 if test ! -d "$GLOBUS_INCLUDE" ; then
1165 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1167 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
1171 # Find GPT linkline helper
1174 AC_MSG_CHECKING(for GPT linkline helper)
1175 if test -x $GPT_LOCATION/sbin/gpt_build_config ; then
1176 gpt_linkline_helper="$GPT_LOCATION/sbin/gpt_build_config"
1177 elif test -x ${gsi_path}/sbin/gpt_build_config ; then
1178 gpt_linkline_helper="${gsi_path}/sbin/gpt_build_config"
1180 AC_MSG_ERROR(Cannot find gpt_build_config: GPT installation is incomplete)
1185 # Build Globus linkline
1188 if test -n "${gsi_static}"; then
1189 ${gpt_linkline_helper} -f ${globus_flavor_type} -link static -src pkg_data_src.gpt
1191 ${gpt_linkline_helper} -f ${globus_flavor_type} -link shared -src pkg_data_src.gpt
1193 . ./gpt_build_temp.sh
1194 if test -n "${need_dash_r}"; then
1195 GSI_LDFLAGS="-L${gsi_path}/lib -R${gsi_path}/lib"
1197 GSI_LDFLAGS="-L${gsi_path}/lib"
1199 GSI_LIBS="$GPT_CONFIG_PGM_LINKS"
1200 LD_LIBRARY_PATH="${gsi_path}/lib:$LD_LIBRARY_PATH"; export LD_LIBRARY_PATH
1203 # Test Globus linkline
1206 AC_MSG_CHECKING(for Globus linkline)
1207 if test -z "$GSI_LIBS" ; then
1208 AC_MSG_ERROR(gpt_build_config failed)
1212 AC_DEFINE(HAVE_GSSAPI_H)
1214 LIBS="$LIBS $GSI_LIBS"
1215 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1216 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
1218 AC_MSG_CHECKING(that Globus linkline works)
1219 # test that we got the libraries OK
1227 AC_MSG_ERROR(link with Globus libraries failed)
1230 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1231 INSTALL_GSISSH="yes"
1235 # End Globus/GSI section
1237 AC_MSG_CHECKING([for /proc/pid/fd directory])
1238 if test -d "/proc/$$/fd" ; then
1239 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1245 # Check whether user wants S/Key support
1248 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1250 if test "x$withval" != "xno" ; then
1252 if test "x$withval" != "xyes" ; then
1253 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1254 LDFLAGS="$LDFLAGS -L${withval}/lib"
1257 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1261 AC_MSG_CHECKING([for s/key support])
1266 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1268 [AC_MSG_RESULT(yes)],
1271 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1273 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1277 [(void)skeychallenge(NULL,"name","",0);],
1279 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1280 [Define if your skeychallenge()
1281 function takes 4 arguments (NetBSD)])],
1288 # Check whether user wants TCP wrappers support
1290 AC_ARG_WITH(tcp-wrappers,
1291 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1293 if test "x$withval" != "xno" ; then
1295 saved_LDFLAGS="$LDFLAGS"
1296 saved_CPPFLAGS="$CPPFLAGS"
1297 if test -n "${withval}" && \
1298 test "x${withval}" != "xyes"; then
1299 if test -d "${withval}/lib"; then
1300 if test -n "${need_dash_r}"; then
1301 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1303 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1306 if test -n "${need_dash_r}"; then
1307 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1309 LDFLAGS="-L${withval} ${LDFLAGS}"
1312 if test -d "${withval}/include"; then
1313 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1315 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1319 AC_MSG_CHECKING(for libwrap)
1322 #include <sys/types.h>
1323 #include <sys/socket.h>
1324 #include <netinet/in.h>
1326 int deny_severity = 0, allow_severity = 0;
1331 AC_DEFINE(LIBWRAP, 1,
1333 TCP Wrappers support])
1334 SSHDLIBS="$SSHDLIBS -lwrap"
1338 AC_MSG_ERROR([*** libwrap missing])
1346 # Check whether user wants libedit support
1348 AC_ARG_WITH(libedit,
1349 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1350 [ if test "x$withval" != "xno" ; then
1351 if test "x$withval" != "xyes"; then
1352 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1353 if test -n "${need_dash_r}"; then
1354 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1356 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1359 AC_CHECK_LIB(edit, el_init,
1360 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1361 LIBEDIT="-ledit -lcurses"
1365 [ AC_MSG_ERROR(libedit not found) ],
1368 AC_MSG_CHECKING(if libedit version is compatible)
1371 #include <histedit.h>
1375 el_init("", NULL, NULL, NULL);
1379 [ AC_MSG_RESULT(yes) ],
1381 AC_MSG_ERROR(libedit version is not compatible) ]
1388 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1390 AC_MSG_CHECKING(for supported audit module)
1395 dnl Checks for headers, libs and functions
1396 AC_CHECK_HEADERS(bsm/audit.h, [],
1397 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1404 AC_CHECK_LIB(bsm, getaudit, [],
1405 [AC_MSG_ERROR(BSM enabled and required library not found)])
1406 AC_CHECK_FUNCS(getaudit, [],
1407 [AC_MSG_ERROR(BSM enabled and required function not found)])
1408 # These are optional
1409 AC_CHECK_FUNCS(getaudit_addr)
1410 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1414 AC_MSG_RESULT(debug)
1415 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1421 AC_MSG_ERROR([Unknown audit module $withval])
1426 dnl Checks for library functions. Please keep in alphabetical order
1514 # IRIX has a const char return value for gai_strerror()
1515 AC_CHECK_FUNCS(gai_strerror,[
1516 AC_DEFINE(HAVE_GAI_STRERROR)
1518 #include <sys/types.h>
1519 #include <sys/socket.h>
1522 const char *gai_strerror(int);],[
1525 str = gai_strerror(0);],[
1526 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1527 [Define if gai_strerror() returns const char *])])])
1529 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1530 [Some systems put nanosleep outside of libc]))
1532 dnl Make sure prototypes are defined for these before using them.
1533 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1534 AC_CHECK_DECL(strsep,
1535 [AC_CHECK_FUNCS(strsep)],
1538 #ifdef HAVE_STRING_H
1539 # include <string.h>
1543 dnl tcsendbreak might be a macro
1544 AC_CHECK_DECL(tcsendbreak,
1545 [AC_DEFINE(HAVE_TCSENDBREAK)],
1546 [AC_CHECK_FUNCS(tcsendbreak)],
1547 [#include <termios.h>]
1550 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1552 AC_CHECK_DECLS(SHUT_RD, , ,
1554 #include <sys/types.h>
1555 #include <sys/socket.h>
1558 AC_CHECK_DECLS(O_NONBLOCK, , ,
1560 #include <sys/types.h>
1561 #ifdef HAVE_SYS_STAT_H
1562 # include <sys/stat.h>
1569 AC_CHECK_DECLS(writev, , , [
1570 #include <sys/types.h>
1571 #include <sys/uio.h>
1575 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1576 #include <sys/param.h>
1579 AC_CHECK_DECLS(offsetof, , , [
1583 AC_CHECK_FUNCS(setresuid, [
1584 dnl Some platorms have setresuid that isn't implemented, test for this
1585 AC_MSG_CHECKING(if setresuid seems to work)
1590 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1592 [AC_MSG_RESULT(yes)],
1593 [AC_DEFINE(BROKEN_SETRESUID, 1,
1594 [Define if your setresuid() is broken])
1595 AC_MSG_RESULT(not implemented)],
1596 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1600 AC_CHECK_FUNCS(setresgid, [
1601 dnl Some platorms have setresgid that isn't implemented, test for this
1602 AC_MSG_CHECKING(if setresgid seems to work)
1607 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1609 [AC_MSG_RESULT(yes)],
1610 [AC_DEFINE(BROKEN_SETRESGID, 1,
1611 [Define if your setresgid() is broken])
1612 AC_MSG_RESULT(not implemented)],
1613 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1617 dnl Checks for time functions
1618 AC_CHECK_FUNCS(gettimeofday time)
1619 dnl Checks for utmp functions
1620 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1621 AC_CHECK_FUNCS(utmpname)
1622 dnl Checks for utmpx functions
1623 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1624 AC_CHECK_FUNCS(setutxent utmpxname)
1626 AC_CHECK_FUNC(daemon,
1627 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1628 [AC_CHECK_LIB(bsd, daemon,
1629 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1632 AC_CHECK_FUNC(getpagesize,
1633 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1634 [Define if your libraries define getpagesize()])],
1635 [AC_CHECK_LIB(ucb, getpagesize,
1636 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1639 # Check for broken snprintf
1640 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1641 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1645 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1647 [AC_MSG_RESULT(yes)],
1650 AC_DEFINE(BROKEN_SNPRINTF, 1,
1651 [Define if your snprintf is busted])
1652 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1654 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1658 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1659 # returning the right thing on overflow: the number of characters it tried to
1660 # create (as per SUSv3)
1661 if test "x$ac_cv_func_asprintf" != "xyes" && \
1662 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1663 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1666 #include <sys/types.h>
1670 int x_snprintf(char *str,size_t count,const char *fmt,...)
1672 size_t ret; va_list ap;
1673 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1679 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1681 [AC_MSG_RESULT(yes)],
1684 AC_DEFINE(BROKEN_SNPRINTF, 1,
1685 [Define if your snprintf is busted])
1686 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1688 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1692 # On systems where [v]snprintf is broken, but is declared in stdio,
1693 # check that the fmt argument is const char * or just char *.
1694 # This is only useful for when BROKEN_SNPRINTF
1695 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1696 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1697 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1698 int main(void) { snprintf(0, 0, 0); }
1701 AC_DEFINE(SNPRINTF_CONST, [const],
1702 [Define as const if snprintf() can declare const char *fmt])],
1704 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1706 # Check for missing getpeereid (or equiv) support
1708 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1709 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1711 [#include <sys/types.h>
1712 #include <sys/socket.h>],
1713 [int i = SO_PEERCRED;],
1714 [ AC_MSG_RESULT(yes)
1715 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1722 dnl see whether mkstemp() requires XXXXXX
1723 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1724 AC_MSG_CHECKING([for (overly) strict mkstemp])
1728 main() { char template[]="conftest.mkstemp-test";
1729 if (mkstemp(template) == -1)
1731 unlink(template); exit(0);
1739 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1743 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1748 dnl make sure that openpty does not reacquire controlling terminal
1749 if test ! -z "$check_for_openpty_ctty_bug"; then
1750 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1754 #include <sys/fcntl.h>
1755 #include <sys/types.h>
1756 #include <sys/wait.h>
1762 int fd, ptyfd, ttyfd, status;
1765 if (pid < 0) { /* failed */
1767 } else if (pid > 0) { /* parent */
1768 waitpid(pid, &status, 0);
1769 if (WIFEXITED(status))
1770 exit(WEXITSTATUS(status));
1773 } else { /* child */
1774 close(0); close(1); close(2);
1776 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1777 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1779 exit(3); /* Acquired ctty: broken */
1781 exit(0); /* Did not acquire ctty: OK */
1790 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1793 AC_MSG_RESULT(cross-compiling, assuming yes)
1798 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1799 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1800 AC_MSG_CHECKING(if getaddrinfo seems to work)
1804 #include <sys/socket.h>
1807 #include <netinet/in.h>
1809 #define TEST_PORT "2222"
1815 struct addrinfo *gai_ai, *ai, hints;
1816 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1818 memset(&hints, 0, sizeof(hints));
1819 hints.ai_family = PF_UNSPEC;
1820 hints.ai_socktype = SOCK_STREAM;
1821 hints.ai_flags = AI_PASSIVE;
1823 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1825 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1829 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1830 if (ai->ai_family != AF_INET6)
1833 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1834 sizeof(ntop), strport, sizeof(strport),
1835 NI_NUMERICHOST|NI_NUMERICSERV);
1838 if (err == EAI_SYSTEM)
1839 perror("getnameinfo EAI_SYSTEM");
1841 fprintf(stderr, "getnameinfo failed: %s\n",
1846 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1849 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1862 AC_DEFINE(BROKEN_GETADDRINFO)
1865 AC_MSG_RESULT(cross-compiling, assuming yes)
1870 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1871 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1872 AC_MSG_CHECKING(if getaddrinfo seems to work)
1876 #include <sys/socket.h>
1879 #include <netinet/in.h>
1881 #define TEST_PORT "2222"
1887 struct addrinfo *gai_ai, *ai, hints;
1888 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1890 memset(&hints, 0, sizeof(hints));
1891 hints.ai_family = PF_UNSPEC;
1892 hints.ai_socktype = SOCK_STREAM;
1893 hints.ai_flags = AI_PASSIVE;
1895 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1897 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1901 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1902 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1905 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1906 sizeof(ntop), strport, sizeof(strport),
1907 NI_NUMERICHOST|NI_NUMERICSERV);
1909 if (ai->ai_family == AF_INET && err != 0) {
1910 perror("getnameinfo");
1919 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1920 [Define if you have a getaddrinfo that fails
1921 for the all-zeros IPv6 address])
1925 AC_DEFINE(BROKEN_GETADDRINFO)
1928 AC_MSG_RESULT(cross-compiling, assuming no)
1933 if test "x$check_for_conflicting_getspnam" = "x1"; then
1934 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1938 int main(void) {exit(0);}
1945 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1946 [Conflicting defs for getspnam])
1953 # Search for OpenSSL
1954 saved_CPPFLAGS="$CPPFLAGS"
1955 saved_LDFLAGS="$LDFLAGS"
1956 AC_ARG_WITH(ssl-dir,
1957 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1959 if test "x$withval" != "xno" ; then
1962 ./*|../*) withval="`pwd`/$withval"
1964 if test -d "$withval/lib"; then
1965 if test -n "${need_dash_r}"; then
1966 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1968 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1971 if test -n "${need_dash_r}"; then
1972 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1974 LDFLAGS="-L${withval} ${LDFLAGS}"
1977 if test -d "$withval/include"; then
1978 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1980 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1986 if test -z "$GSI_LIBS" ; then
1987 LIBS="-lcrypto $LIBS"
1989 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1990 [Define if your ssl headers are included
1991 with #include <openssl/header.h>]),
1993 dnl Check default openssl install dir
1994 if test -n "${need_dash_r}"; then
1995 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1997 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1999 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2000 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2002 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2008 # Determine OpenSSL header version
2009 AC_MSG_CHECKING([OpenSSL header version])
2014 #include <openssl/opensslv.h>
2015 #define DATA "conftest.sslincver"
2020 fd = fopen(DATA,"w");
2024 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2031 ssl_header_ver=`cat conftest.sslincver`
2032 AC_MSG_RESULT($ssl_header_ver)
2035 AC_MSG_RESULT(not found)
2036 AC_MSG_ERROR(OpenSSL version header not found.)
2039 AC_MSG_WARN([cross compiling: not checking])
2043 # Determine OpenSSL library version
2044 AC_MSG_CHECKING([OpenSSL library version])
2049 #include <openssl/opensslv.h>
2050 #include <openssl/crypto.h>
2051 #define DATA "conftest.ssllibver"
2056 fd = fopen(DATA,"w");
2060 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2067 ssl_library_ver=`cat conftest.ssllibver`
2068 AC_MSG_RESULT($ssl_library_ver)
2071 AC_MSG_RESULT(not found)
2072 AC_MSG_ERROR(OpenSSL library not found.)
2075 AC_MSG_WARN([cross compiling: not checking])
2079 AC_ARG_WITH(openssl-header-check,
2080 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2081 [ if test "x$withval" = "xno" ; then
2082 openssl_check_nonfatal=1
2087 # Sanity check OpenSSL headers
2088 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2092 #include <openssl/opensslv.h>
2093 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2100 if test "x$openssl_check_nonfatal" = "x"; then
2101 AC_MSG_ERROR([Your OpenSSL headers do not match your
2102 library. Check config.log for details.
2103 If you are sure your installation is consistent, you can disable the check
2104 by running "./configure --without-openssl-header-check".
2105 Also see contrib/findssl.sh for help identifying header/library mismatches.
2108 AC_MSG_WARN([Your OpenSSL headers do not match your
2109 library. Check config.log for details.
2110 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2114 AC_MSG_WARN([cross compiling: not checking])
2118 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2121 #include <openssl/evp.h>
2122 int main(void) { SSLeay_add_all_algorithms(); }
2131 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2134 #include <openssl/evp.h>
2135 int main(void) { SSLeay_add_all_algorithms(); }
2148 AC_ARG_WITH(ssl-engine,
2149 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2150 [ if test "x$withval" != "xno" ; then
2151 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2153 [ #include <openssl/engine.h>],
2155 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2157 [ AC_MSG_RESULT(yes)
2158 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2159 [Enable OpenSSL engine support])
2161 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2166 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2167 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2171 #include <openssl/evp.h>
2172 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2179 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2180 [libcrypto is missing AES 192 and 256 bit functions])
2184 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2185 # because the system crypt() is more featureful.
2186 if test "x$check_for_libcrypt_before" = "x1"; then
2187 AC_CHECK_LIB(crypt, crypt)
2190 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2191 # version in OpenSSL.
2192 if test "x$check_for_libcrypt_later" = "x1"; then
2193 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2196 # Search for SHA256 support in libc and/or OpenSSL
2197 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2200 AC_CHECK_LIB(iaf, ia_openinfo, [
2202 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
2206 ### Configure cryptographic random number support
2208 # Check wheter OpenSSL seeds itself
2209 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2213 #include <openssl/rand.h>
2214 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2217 OPENSSL_SEEDS_ITSELF=yes
2222 # Default to use of the rand helper if OpenSSL doesn't
2227 AC_MSG_WARN([cross compiling: assuming yes])
2228 # This is safe, since all recent OpenSSL versions will
2229 # complain at runtime if not seeded correctly.
2230 OPENSSL_SEEDS_ITSELF=yes
2234 # Check for PAM libs
2237 [ --with-pam Enable PAM support ],
2239 if test "x$withval" != "xno" ; then
2240 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2241 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2242 AC_MSG_ERROR([PAM headers not found])
2246 AC_CHECK_LIB(dl, dlopen, , )
2247 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2248 AC_CHECK_FUNCS(pam_getenvlist)
2249 AC_CHECK_FUNCS(pam_putenv)
2254 SSHDLIBS="$SSHDLIBS -lpam"
2255 AC_DEFINE(USE_PAM, 1,
2256 [Define if you want to enable PAM support])
2258 if test $ac_cv_lib_dl_dlopen = yes; then
2261 # libdl already in LIBS
2264 SSHDLIBS="$SSHDLIBS -ldl"
2272 AC_CHECK_LIB(dl, dlopen, , )
2273 AC_CHECK_LIB(pam, pam_set_item, , )
2274 AC_CHECK_FUNCS(pam_getenvlist)
2275 AC_CHECK_FUNCS(pam_putenv)
2278 if (test "x$ac_cv_header_security_pam_appl_h" = "xyes" || \
2279 test "x$ac_cv_header_pam_pam_appl_h" = "xyes") &&
2280 test "x$ac_cv_lib_pam_pam_set_item" = "xyes" ; then
2286 if test $ac_cv_lib_dl_dlopen = yes; then
2289 # libdl already in LIBS
2292 LIBPAM="$LIBPAM -ldl"
2301 # Check for older PAM
2302 if test "x$PAM_MSG" = "xyes" ; then
2303 # Check PAM strerror arguments (old PAM)
2304 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2308 #if defined(HAVE_SECURITY_PAM_APPL_H)
2309 #include <security/pam_appl.h>
2310 #elif defined (HAVE_PAM_PAM_APPL_H)
2311 #include <pam/pam_appl.h>
2314 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2315 [AC_MSG_RESULT(no)],
2317 AC_DEFINE(HAVE_OLD_PAM, 1,
2318 [Define if you have an old version of PAM
2319 which takes only one argument to pam_strerror])
2321 PAM_MSG="yes (old library)"
2326 # Do we want to force the use of the rand helper?
2327 AC_ARG_WITH(rand-helper,
2328 [ --with-rand-helper Use subprocess to gather strong randomness ],
2330 if test "x$withval" = "xno" ; then
2331 # Force use of OpenSSL's internal RNG, even if
2332 # the previous test showed it to be unseeded.
2333 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2334 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2335 OPENSSL_SEEDS_ITSELF=yes
2344 # Which randomness source do we use?
2345 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2347 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2348 [Define if you want OpenSSL's internally seeded PRNG only])
2349 RAND_MSG="OpenSSL internal ONLY"
2350 INSTALL_SSH_RAND_HELPER=""
2351 elif test ! -z "$USE_RAND_HELPER" ; then
2352 # install rand helper
2353 RAND_MSG="ssh-rand-helper"
2354 INSTALL_SSH_RAND_HELPER="yes"
2356 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2358 ### Configuration of ssh-rand-helper
2361 AC_ARG_WITH(prngd-port,
2362 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2371 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2374 if test ! -z "$withval" ; then
2375 PRNGD_PORT="$withval"
2376 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2377 [Port number of PRNGD/EGD random number socket])
2382 # PRNGD Unix domain socket
2383 AC_ARG_WITH(prngd-socket,
2384 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2388 withval="/var/run/egd-pool"
2396 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2400 if test ! -z "$withval" ; then
2401 if test ! -z "$PRNGD_PORT" ; then
2402 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2404 if test ! -r "$withval" ; then
2405 AC_MSG_WARN(Entropy socket is not readable)
2407 PRNGD_SOCKET="$withval"
2408 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2409 [Location of PRNGD/EGD random number socket])
2413 # Check for existing socket only if we don't have a random device already
2414 if test "$USE_RAND_HELPER" = yes ; then
2415 AC_MSG_CHECKING(for PRNGD/EGD socket)
2416 # Insert other locations here
2417 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2418 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2419 PRNGD_SOCKET="$sock"
2420 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2424 if test ! -z "$PRNGD_SOCKET" ; then
2425 AC_MSG_RESULT($PRNGD_SOCKET)
2427 AC_MSG_RESULT(not found)
2433 # Change default command timeout for hashing entropy source
2435 AC_ARG_WITH(entropy-timeout,
2436 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2438 if test -n "$withval" && test "x$withval" != "xno" && \
2439 test "x${withval}" != "xyes"; then
2440 entropy_timeout=$withval
2444 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2445 [Builtin PRNG command timeout])
2447 SSH_PRIVSEP_USER=sshd
2448 AC_ARG_WITH(privsep-user,
2449 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2451 if test -n "$withval" && test "x$withval" != "xno" && \
2452 test "x${withval}" != "xyes"; then
2453 SSH_PRIVSEP_USER=$withval
2457 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2458 [non-privileged user for privilege separation])
2459 AC_SUBST(SSH_PRIVSEP_USER)
2461 # We do this little dance with the search path to insure
2462 # that programs that we select for use by installed programs
2463 # (which may be run by the super-user) come from trusted
2464 # locations before they come from the user's private area.
2465 # This should help avoid accidentally configuring some
2466 # random version of a program in someone's personal bin.
2470 test -h /bin 2> /dev/null && PATH=/usr/bin
2471 test -d /sbin && PATH=$PATH:/sbin
2472 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2473 PATH=$PATH:/etc:$OPATH
2475 # These programs are used by the command hashing source to gather entropy
2476 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2477 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2478 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2479 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2480 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2481 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2482 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2483 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2484 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2485 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2486 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2487 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2488 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2489 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2490 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2491 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2495 # Where does ssh-rand-helper get its randomness from?
2496 INSTALL_SSH_PRNG_CMDS=""
2497 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2498 if test ! -z "$PRNGD_PORT" ; then
2499 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2500 elif test ! -z "$PRNGD_SOCKET" ; then
2501 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2503 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2504 RAND_HELPER_CMDHASH=yes
2505 INSTALL_SSH_PRNG_CMDS="yes"
2508 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2511 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2512 if test ! -z "$SONY" ; then
2513 LIBS="$LIBS -liberty";
2516 # Check for long long datatypes
2517 AC_CHECK_TYPES([long long, unsigned long long, long double])
2519 # Check datatype sizes
2520 AC_CHECK_SIZEOF(char, 1)
2521 AC_CHECK_SIZEOF(short int, 2)
2522 AC_CHECK_SIZEOF(int, 4)
2523 AC_CHECK_SIZEOF(long int, 4)
2524 AC_CHECK_SIZEOF(long long int, 8)
2526 # Sanity check long long for some platforms (AIX)
2527 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2528 ac_cv_sizeof_long_long_int=0
2531 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2532 if test -z "$have_llong_max"; then
2533 AC_MSG_CHECKING([for max value of long long])
2537 /* Why is this so damn hard? */
2541 #define __USE_ISOC99
2543 #define DATA "conftest.llminmax"
2544 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2547 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2548 * we do this the hard way.
2551 fprint_ll(FILE *f, long long n)
2554 int l[sizeof(long long) * 8];
2557 if (fprintf(f, "-") < 0)
2559 for (i = 0; n != 0; i++) {
2560 l[i] = my_abs(n % 10);
2564 if (fprintf(f, "%d", l[--i]) < 0)
2567 if (fprintf(f, " ") < 0)
2574 long long i, llmin, llmax = 0;
2576 if((f = fopen(DATA,"w")) == NULL)
2579 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2580 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2584 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2585 /* This will work on one's complement and two's complement */
2586 for (i = 1; i > llmax; i <<= 1, i++)
2588 llmin = llmax + 1LL; /* wrap */
2592 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2593 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2594 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2595 fprintf(f, "unknown unknown\n");
2599 if (fprint_ll(f, llmin) < 0)
2601 if (fprint_ll(f, llmax) < 0)
2609 llong_min=`$AWK '{print $1}' conftest.llminmax`
2610 llong_max=`$AWK '{print $2}' conftest.llminmax`
2612 AC_MSG_RESULT($llong_max)
2613 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2614 [max value of long long calculated by configure])
2615 AC_MSG_CHECKING([for min value of long long])
2616 AC_MSG_RESULT($llong_min)
2617 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2618 [min value of long long calculated by configure])
2621 AC_MSG_RESULT(not found)
2624 AC_MSG_WARN([cross compiling: not checking])
2630 # More checks for data types
2631 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2633 [ #include <sys/types.h> ],
2635 [ ac_cv_have_u_int="yes" ],
2636 [ ac_cv_have_u_int="no" ]
2639 if test "x$ac_cv_have_u_int" = "xyes" ; then
2640 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2644 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2646 [ #include <sys/types.h> ],
2647 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2648 [ ac_cv_have_intxx_t="yes" ],
2649 [ ac_cv_have_intxx_t="no" ]
2652 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2653 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2657 if (test -z "$have_intxx_t" && \
2658 test "x$ac_cv_header_stdint_h" = "xyes")
2660 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2662 [ #include <stdint.h> ],
2663 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2665 AC_DEFINE(HAVE_INTXX_T)
2668 [ AC_MSG_RESULT(no) ]
2672 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2675 #include <sys/types.h>
2676 #ifdef HAVE_STDINT_H
2677 # include <stdint.h>
2679 #include <sys/socket.h>
2680 #ifdef HAVE_SYS_BITYPES_H
2681 # include <sys/bitypes.h>
2684 [ int64_t a; a = 1;],
2685 [ ac_cv_have_int64_t="yes" ],
2686 [ ac_cv_have_int64_t="no" ]
2689 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2690 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2693 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2695 [ #include <sys/types.h> ],
2696 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2697 [ ac_cv_have_u_intxx_t="yes" ],
2698 [ ac_cv_have_u_intxx_t="no" ]
2701 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2702 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2706 if test -z "$have_u_intxx_t" ; then
2707 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2709 [ #include <sys/socket.h> ],
2710 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2712 AC_DEFINE(HAVE_U_INTXX_T)
2715 [ AC_MSG_RESULT(no) ]
2719 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2721 [ #include <sys/types.h> ],
2722 [ u_int64_t a; a = 1;],
2723 [ ac_cv_have_u_int64_t="yes" ],
2724 [ ac_cv_have_u_int64_t="no" ]
2727 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2728 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2732 if test -z "$have_u_int64_t" ; then
2733 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2735 [ #include <sys/bitypes.h> ],
2736 [ u_int64_t a; a = 1],
2738 AC_DEFINE(HAVE_U_INT64_T)
2741 [ AC_MSG_RESULT(no) ]
2745 if test -z "$have_u_intxx_t" ; then
2746 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2749 #include <sys/types.h>
2751 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2752 [ ac_cv_have_uintxx_t="yes" ],
2753 [ ac_cv_have_uintxx_t="no" ]
2756 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2757 AC_DEFINE(HAVE_UINTXX_T, 1,
2758 [define if you have uintxx_t data type])
2762 if test -z "$have_uintxx_t" ; then
2763 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2765 [ #include <stdint.h> ],
2766 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2768 AC_DEFINE(HAVE_UINTXX_T)
2771 [ AC_MSG_RESULT(no) ]
2775 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2776 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2778 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2781 #include <sys/bitypes.h>
2784 int8_t a; int16_t b; int32_t c;
2785 u_int8_t e; u_int16_t f; u_int32_t g;
2786 a = b = c = e = f = g = 1;
2789 AC_DEFINE(HAVE_U_INTXX_T)
2790 AC_DEFINE(HAVE_INTXX_T)
2798 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2801 #include <sys/types.h>
2803 [ u_char foo; foo = 125; ],
2804 [ ac_cv_have_u_char="yes" ],
2805 [ ac_cv_have_u_char="no" ]
2808 if test "x$ac_cv_have_u_char" = "xyes" ; then
2809 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2814 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2816 AC_CHECK_TYPES(in_addr_t,,,
2817 [#include <sys/types.h>
2818 #include <netinet/in.h>])
2820 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2823 #include <sys/types.h>
2825 [ size_t foo; foo = 1235; ],
2826 [ ac_cv_have_size_t="yes" ],
2827 [ ac_cv_have_size_t="no" ]
2830 if test "x$ac_cv_have_size_t" = "xyes" ; then
2831 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2834 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2837 #include <sys/types.h>
2839 [ ssize_t foo; foo = 1235; ],
2840 [ ac_cv_have_ssize_t="yes" ],
2841 [ ac_cv_have_ssize_t="no" ]
2844 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2845 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2848 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2853 [ clock_t foo; foo = 1235; ],
2854 [ ac_cv_have_clock_t="yes" ],
2855 [ ac_cv_have_clock_t="no" ]
2858 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2859 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2862 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2865 #include <sys/types.h>
2866 #include <sys/socket.h>
2868 [ sa_family_t foo; foo = 1235; ],
2869 [ ac_cv_have_sa_family_t="yes" ],
2872 #include <sys/types.h>
2873 #include <sys/socket.h>
2874 #include <netinet/in.h>
2876 [ sa_family_t foo; foo = 1235; ],
2877 [ ac_cv_have_sa_family_t="yes" ],
2879 [ ac_cv_have_sa_family_t="no" ]
2883 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2884 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2885 [define if you have sa_family_t data type])
2888 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2891 #include <sys/types.h>
2893 [ pid_t foo; foo = 1235; ],
2894 [ ac_cv_have_pid_t="yes" ],
2895 [ ac_cv_have_pid_t="no" ]
2898 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2899 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2902 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2905 #include <sys/types.h>
2907 [ mode_t foo; foo = 1235; ],
2908 [ ac_cv_have_mode_t="yes" ],
2909 [ ac_cv_have_mode_t="no" ]
2912 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2913 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2917 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2920 #include <sys/types.h>
2921 #include <sys/socket.h>
2923 [ struct sockaddr_storage s; ],
2924 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2925 [ ac_cv_have_struct_sockaddr_storage="no" ]
2928 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2929 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2930 [define if you have struct sockaddr_storage data type])
2933 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2936 #include <sys/types.h>
2937 #include <netinet/in.h>
2939 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2940 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2941 [ ac_cv_have_struct_sockaddr_in6="no" ]
2944 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2945 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2946 [define if you have struct sockaddr_in6 data type])
2949 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2952 #include <sys/types.h>
2953 #include <netinet/in.h>
2955 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2956 [ ac_cv_have_struct_in6_addr="yes" ],
2957 [ ac_cv_have_struct_in6_addr="no" ]
2960 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2961 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2962 [define if you have struct in6_addr data type])
2965 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2968 #include <sys/types.h>
2969 #include <sys/socket.h>
2972 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2973 [ ac_cv_have_struct_addrinfo="yes" ],
2974 [ ac_cv_have_struct_addrinfo="no" ]
2977 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2978 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2979 [define if you have struct addrinfo data type])
2982 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2984 [ #include <sys/time.h> ],
2985 [ struct timeval tv; tv.tv_sec = 1;],
2986 [ ac_cv_have_struct_timeval="yes" ],
2987 [ ac_cv_have_struct_timeval="no" ]
2990 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2991 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2992 have_struct_timeval=1
2995 AC_CHECK_TYPES(struct timespec)
2997 # We need int64_t or else certian parts of the compile will fail.
2998 if test "x$ac_cv_have_int64_t" = "xno" && \
2999 test "x$ac_cv_sizeof_long_int" != "x8" && \
3000 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3001 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3002 echo "an alternative compiler (I.E., GCC) before continuing."
3006 dnl test snprintf (broken on SCO w/gcc)
3011 #ifdef HAVE_SNPRINTF
3015 char expected_out[50];
3017 #if (SIZEOF_LONG_INT == 8)
3018 long int num = 0x7fffffffffffffff;
3020 long long num = 0x7fffffffffffffffll;
3022 strcpy(expected_out, "9223372036854775807");
3023 snprintf(buf, mazsize, "%lld", num);
3024 if(strcmp(buf, expected_out) != 0)
3031 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3032 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3036 dnl Checks for structure members
3037 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3038 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3039 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3040 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3041 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3042 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3043 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3044 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3045 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3046 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3047 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3048 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3049 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3050 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3051 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3052 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3053 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3055 AC_CHECK_MEMBERS([struct stat.st_blksize])
3056 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3057 [Define if we don't have struct __res_state in resolv.h])],
3060 #if HAVE_SYS_TYPES_H
3061 # include <sys/types.h>
3063 #include <netinet/in.h>
3064 #include <arpa/nameser.h>
3068 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3069 ac_cv_have_ss_family_in_struct_ss, [
3072 #include <sys/types.h>
3073 #include <sys/socket.h>
3075 [ struct sockaddr_storage s; s.ss_family = 1; ],
3076 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3077 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3080 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3081 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3084 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3085 ac_cv_have___ss_family_in_struct_ss, [
3088 #include <sys/types.h>
3089 #include <sys/socket.h>
3091 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3092 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3093 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3096 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3097 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3098 [Fields in struct sockaddr_storage])
3101 AC_CACHE_CHECK([for pw_class field in struct passwd],
3102 ac_cv_have_pw_class_in_struct_passwd, [
3107 [ struct passwd p; p.pw_class = 0; ],
3108 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3109 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3112 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3113 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3114 [Define if your password has a pw_class field])
3117 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3118 ac_cv_have_pw_expire_in_struct_passwd, [
3123 [ struct passwd p; p.pw_expire = 0; ],
3124 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3125 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3128 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3129 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3130 [Define if your password has a pw_expire field])
3133 AC_CACHE_CHECK([for pw_change field in struct passwd],
3134 ac_cv_have_pw_change_in_struct_passwd, [
3139 [ struct passwd p; p.pw_change = 0; ],
3140 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3141 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3144 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3145 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3146 [Define if your password has a pw_change field])
3149 dnl make sure we're using the real structure members and not defines
3150 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3151 ac_cv_have_accrights_in_msghdr, [
3154 #include <sys/types.h>
3155 #include <sys/socket.h>
3156 #include <sys/uio.h>
3158 #ifdef msg_accrights
3159 #error "msg_accrights is a macro"
3163 m.msg_accrights = 0;
3167 [ ac_cv_have_accrights_in_msghdr="yes" ],
3168 [ ac_cv_have_accrights_in_msghdr="no" ]
3171 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3172 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3173 [Define if your system uses access rights style
3174 file descriptor passing])
3177 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3178 ac_cv_have_control_in_msghdr, [
3181 #include <sys/types.h>
3182 #include <sys/socket.h>
3183 #include <sys/uio.h>
3186 #error "msg_control is a macro"
3194 [ ac_cv_have_control_in_msghdr="yes" ],
3195 [ ac_cv_have_control_in_msghdr="no" ]
3198 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3199 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3200 [Define if your system uses ancillary data style
3201 file descriptor passing])
3204 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3206 [ extern char *__progname; printf("%s", __progname); ],
3207 [ ac_cv_libc_defines___progname="yes" ],
3208 [ ac_cv_libc_defines___progname="no" ]
3211 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3212 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3215 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3219 [ printf("%s", __FUNCTION__); ],
3220 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3221 [ ac_cv_cc_implements___FUNCTION__="no" ]
3224 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3225 AC_DEFINE(HAVE___FUNCTION__, 1,
3226 [Define if compiler implements __FUNCTION__])
3229 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3233 [ printf("%s", __func__); ],
3234 [ ac_cv_cc_implements___func__="yes" ],
3235 [ ac_cv_cc_implements___func__="no" ]
3238 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3239 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3242 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3244 [#include <stdarg.h>
3247 [ ac_cv_have_va_copy="yes" ],
3248 [ ac_cv_have_va_copy="no" ]
3251 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3252 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3255 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3257 [#include <stdarg.h>
3260 [ ac_cv_have___va_copy="yes" ],
3261 [ ac_cv_have___va_copy="no" ]
3264 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3265 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3268 AC_CACHE_CHECK([whether getopt has optreset support],
3269 ac_cv_have_getopt_optreset, [
3274 [ extern int optreset; optreset = 0; ],
3275 [ ac_cv_have_getopt_optreset="yes" ],
3276 [ ac_cv_have_getopt_optreset="no" ]
3279 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3280 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3281 [Define if your getopt(3) defines and uses optreset])
3284 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3286 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3287 [ ac_cv_libc_defines_sys_errlist="yes" ],
3288 [ ac_cv_libc_defines_sys_errlist="no" ]
3291 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3292 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3293 [Define if your system defines sys_errlist[]])
3297 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3299 [ extern int sys_nerr; printf("%i", sys_nerr);],
3300 [ ac_cv_libc_defines_sys_nerr="yes" ],
3301 [ ac_cv_libc_defines_sys_nerr="no" ]
3304 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3305 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3309 # Check whether user wants sectok support
3311 [ --with-sectok Enable smartcard support using libsectok],
3313 if test "x$withval" != "xno" ; then
3314 if test "x$withval" != "xyes" ; then
3315 CPPFLAGS="$CPPFLAGS -I${withval}"
3316 LDFLAGS="$LDFLAGS -L${withval}"
3317 if test ! -z "$need_dash_r" ; then
3318 LDFLAGS="$LDFLAGS -R${withval}"
3320 if test ! -z "$blibpath" ; then
3321 blibpath="$blibpath:${withval}"
3324 AC_CHECK_HEADERS(sectok.h)
3325 if test "$ac_cv_header_sectok_h" != yes; then
3326 AC_MSG_ERROR(Can't find sectok.h)
3328 AC_CHECK_LIB(sectok, sectok_open)
3329 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3330 AC_MSG_ERROR(Can't find libsectok)
3332 AC_DEFINE(SMARTCARD, 1,
3333 [Define if you want smartcard support])
3334 AC_DEFINE(USE_SECTOK, 1,
3335 [Define if you want smartcard support
3337 SCARD_MSG="yes, using sectok"
3342 # Check whether user wants OpenSC support
3345 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3347 if test "x$withval" != "xno" ; then
3348 if test "x$withval" != "xyes" ; then
3349 OPENSC_CONFIG=$withval/bin/opensc-config
3351 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3353 if test "$OPENSC_CONFIG" != "no"; then
3354 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3355 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3356 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3357 LIBS="$LIBS $LIBOPENSC_LIBS"
3358 AC_DEFINE(SMARTCARD)
3359 AC_DEFINE(USE_OPENSC, 1,
3360 [Define if you want smartcard support
3362 SCARD_MSG="yes, using OpenSC"
3368 # Check libraries needed by DNS fingerprint support
3369 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3370 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3371 [Define if getrrsetbyname() exists])],
3373 # Needed by our getrrsetbyname()
3374 AC_SEARCH_LIBS(res_query, resolv)
3375 AC_SEARCH_LIBS(dn_expand, resolv)
3376 AC_MSG_CHECKING(if res_query will link)
3377 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3380 LIBS="$LIBS -lresolv"
3381 AC_MSG_CHECKING(for res_query in -lresolv)
3386 res_query (0, 0, 0, 0, 0);
3390 [LIBS="$LIBS -lresolv"
3391 AC_MSG_RESULT(yes)],
3395 AC_CHECK_FUNCS(_getshort _getlong)
3396 AC_CHECK_DECLS([_getshort, _getlong], , ,
3397 [#include <sys/types.h>
3398 #include <arpa/nameser.h>])
3399 AC_CHECK_MEMBER(HEADER.ad,
3400 [AC_DEFINE(HAVE_HEADER_AD, 1,
3401 [Define if HEADER.ad exists in arpa/nameser.h])],,
3402 [#include <arpa/nameser.h>])
3405 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3408 #if HAVE_SYS_TYPES_H
3409 # include <sys/types.h>
3411 #include <netinet/in.h>
3412 #include <arpa/nameser.h>
3414 extern struct __res_state _res;
3415 int main() { return 0; }
3418 AC_DEFINE(HAVE__RES_EXTERN, 1,
3419 [Define if you have struct __res_state _res as an extern])
3421 [ AC_MSG_RESULT(no) ]
3424 # Check whether user wants SELinux support
3427 AC_ARG_WITH(selinux,
3428 [ --with-selinux Enable SELinux support],
3429 [ if test "x$withval" != "xno" ; then
3431 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3433 AC_CHECK_HEADER([selinux/selinux.h], ,
3434 AC_MSG_ERROR(SELinux support requires selinux.h header))
3435 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3436 AC_MSG_ERROR(SELinux support requires libselinux library))
3437 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3438 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3443 # Check whether user wants Kerberos 5 support
3445 AC_ARG_WITH(kerberos5,
3446 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3447 [ if test "x$withval" != "xno" ; then
3448 if test "x$withval" = "xyes" ; then
3449 KRB5ROOT="/usr/local"
3454 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3457 AC_MSG_CHECKING(for krb5-config)
3458 if test -x $KRB5ROOT/bin/krb5-config ; then
3459 KRB5CONF=$KRB5ROOT/bin/krb5-config
3460 AC_MSG_RESULT($KRB5CONF)
3462 AC_MSG_CHECKING(for gssapi support)
3463 if $KRB5CONF | grep gssapi >/dev/null ; then
3465 AC_DEFINE(GSSAPI, 1,
3466 [Define this if you want GSSAPI
3467 support in the version 2 protocol])
3473 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3474 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3475 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3476 AC_MSG_CHECKING(whether we are using Heimdal)
3477 AC_TRY_COMPILE([ #include <krb5.h> ],
3478 [ char *tmp = heimdal_version; ],
3479 [ AC_MSG_RESULT(yes)
3480 AC_DEFINE(HEIMDAL, 1,
3481 [Define this if you are using the
3482 Heimdal version of Kerberos V5]) ],
3487 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3488 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3489 AC_MSG_CHECKING(whether we are using Heimdal)
3490 AC_TRY_COMPILE([ #include <krb5.h> ],
3491 [ char *tmp = heimdal_version; ],
3492 [ AC_MSG_RESULT(yes)
3494 K5LIBS="-lkrb5 -ldes"
3495 K5LIBS="$K5LIBS -lcom_err -lasn1"
3496 AC_CHECK_LIB(roken, net_write,
3497 [K5LIBS="$K5LIBS -lroken"])
3500 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3503 AC_SEARCH_LIBS(dn_expand, resolv)
3505 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3507 K5LIBS="-lgssapi $K5LIBS" ],
3508 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3510 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3511 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3516 AC_CHECK_HEADER(gssapi.h, ,
3517 [ unset ac_cv_header_gssapi_h
3518 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3519 AC_CHECK_HEADERS(gssapi.h, ,
3520 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3526 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3527 AC_CHECK_HEADER(gssapi_krb5.h, ,
3528 [ CPPFLAGS="$oldCPP" ])
3530 # If we're using some other GSSAPI
3531 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3532 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3535 if test -z "$GSSAPI"; then
3540 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3541 AC_CHECK_HEADER(gssapi_krb5.h, ,
3542 [ CPPFLAGS="$oldCPP" ])
3545 if test ! -z "$need_dash_r" ; then
3546 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3548 if test ! -z "$blibpath" ; then
3549 blibpath="$blibpath:${KRB5ROOT}/lib"
3552 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3553 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3554 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3556 LIBS="$LIBS $K5LIBS"
3557 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3558 [Define this if you want to use libkafs' AFS support]))
3563 # Check whether user wants AFS_KRB5 support
3565 AC_ARG_WITH(afs-krb5,
3566 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3568 if test "x$withval" != "xno" ; then
3570 if test "x$withval" != "xyes" ; then
3571 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3572 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3574 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3576 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3579 if test -z "$KRB5ROOT" ; then
3580 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3583 LIBS="-lkrbafs -lkrb4 $LIBS"
3584 if test ! -z "$AFS_LIBS" ; then
3585 LIBS="$LIBS $AFS_LIBS"
3587 AC_DEFINE(AFS_KRB5, 1,
3588 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3594 AC_ARG_WITH(session-hooks,
3595 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3596 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3599 # Looking for programs, paths and files
3601 PRIVSEP_PATH=/var/empty
3602 AC_ARG_WITH(privsep-path,
3603 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3605 if test -n "$withval" && test "x$withval" != "xno" && \
3606 test "x${withval}" != "xyes"; then
3607 PRIVSEP_PATH=$withval
3611 AC_SUBST(PRIVSEP_PATH)
3614 [ --with-xauth=PATH Specify path to xauth program ],
3616 if test -n "$withval" && test "x$withval" != "xno" && \
3617 test "x${withval}" != "xyes"; then
3623 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3624 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3625 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3626 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3627 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3628 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3629 xauth_path="/usr/openwin/bin/xauth"
3635 AC_ARG_ENABLE(strip,
3636 [ --disable-strip Disable calling strip(1) on install],
3638 if test "x$enableval" = "xno" ; then
3645 if test -z "$xauth_path" ; then
3646 XAUTH_PATH="undefined"
3647 AC_SUBST(XAUTH_PATH)
3649 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3650 [Define if xauth is found in your path])
3651 XAUTH_PATH=$xauth_path
3652 AC_SUBST(XAUTH_PATH)
3655 AC_CHECK_DECL(_PATH_BSHELL, ,
3656 AC_DEFINE_UNQUOTED(_PATH_BSHELL, "/bin/sh",
3657 [Define to your C shell if not defined in paths.h]),
3658 [ #include <paths.h> ]
3661 AC_CHECK_DECL(_PATH_CSHELL, ,
3662 AC_DEFINE_UNQUOTED(_PATH_CSHELL, "/bin/csh",
3663 [Define to your Bourne shell if not defined in paths.h]),
3664 [ #include <paths.h> ]
3667 AC_CHECK_DECL(_PATH_SHELLS, ,
3668 AC_DEFINE_UNQUOTED(_PATH_SHELLS, "/etc/shells",
3669 [Define to your shells file if not defined in paths.h]),
3670 [ #include <paths.h> ]
3673 # if _PATH_MAILDIR is in paths.h then we won't go hunting for it.
3674 AC_CHECK_DECL(_PATH_MAILDIR,
3675 AC_DEFINE(PATH_MAILDIR_IN_PATHS_H, 1,
3676 [Define if _PATH_MAILDIR is in paths.h]),
3678 [ #include <paths.h> ]
3681 # Check for mail directory (last resort if we cannot get it from headers)
3682 if test ! -z "$MAIL" ; then
3683 maildir=`dirname $MAIL`
3684 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3685 [Set this to your mail directory if you don't have maillock.h])
3688 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3689 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3690 disable_ptmx_check=yes
3692 if test -z "$no_dev_ptmx" ; then
3693 if test "x$disable_ptmx_check" != "xyes" ; then
3694 AC_CHECK_FILE("/dev/ptmx",
3696 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3697 [Define if you have /dev/ptmx])
3704 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3705 AC_CHECK_FILE("/dev/ptc",
3707 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3708 [Define if you have /dev/ptc])
3713 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3716 # Options from here on. Some of these are preset by platform above
3717 AC_ARG_WITH(mantype,
3718 [ --with-mantype=man|cat|doc Set man page type],
3725 AC_MSG_ERROR(invalid man type: $withval)
3730 if test -z "$MANTYPE"; then
3731 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3732 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3733 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3735 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3742 if test "$MANTYPE" = "doc"; then
3749 # Check whether to enable MD5 passwords
3751 AC_ARG_WITH(md5-passwords,
3752 [ --with-md5-passwords Enable use of MD5 passwords],
3754 if test "x$withval" != "xno" ; then
3755 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3756 [Define if you want to allow MD5 passwords])
3762 # Whether to disable shadow password support
3764 [ --without-shadow Disable shadow password support],
3766 if test "x$withval" = "xno" ; then
3767 AC_DEFINE(DISABLE_SHADOW)
3773 if test -z "$disable_shadow" ; then
3774 AC_MSG_CHECKING([if the systems has expire shadow information])
3777 #include <sys/types.h>
3780 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3781 [ sp_expire_available=yes ], []
3784 if test "x$sp_expire_available" = "xyes" ; then
3786 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3787 [Define if you want to use shadow password expire field])
3793 # Use ip address instead of hostname in $DISPLAY
3794 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3795 DISPLAY_HACK_MSG="yes"
3796 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3797 [Define if you need to use IP address
3798 instead of hostname in $DISPLAY])
3800 DISPLAY_HACK_MSG="no"
3801 AC_ARG_WITH(ipaddr-display,
3802 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3804 if test "x$withval" != "xno" ; then
3805 AC_DEFINE(IPADDR_IN_DISPLAY)
3806 DISPLAY_HACK_MSG="yes"
3812 # check for /etc/default/login and use it if present.
3813 AC_ARG_ENABLE(etc-default-login,
3814 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3815 [ if test "x$enableval" = "xno"; then
3816 AC_MSG_NOTICE([/etc/default/login handling disabled])
3817 etc_default_login=no
3819 etc_default_login=yes
3821 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3823 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3824 etc_default_login=no
3826 etc_default_login=yes
3830 if test "x$etc_default_login" != "xno"; then
3831 AC_CHECK_FILE("/etc/default/login",
3832 [ external_path_file=/etc/default/login ])
3833 if test "x$external_path_file" = "x/etc/default/login"; then
3834 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3835 [Define if your system has /etc/default/login])
3839 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3840 if test $ac_cv_func_login_getcapbool = "yes" && \
3841 test $ac_cv_header_login_cap_h = "yes" ; then
3842 external_path_file=/etc/login.conf
3845 # Whether to mess with the default path
3846 SERVER_PATH_MSG="(default)"
3847 AC_ARG_WITH(default-path,
3848 [ --with-default-path= Specify default \$PATH environment for server],
3850 if test "x$external_path_file" = "x/etc/login.conf" ; then
3852 --with-default-path=PATH has no effect on this system.
3853 Edit /etc/login.conf instead.])
3854 elif test "x$withval" != "xno" ; then
3855 if test ! -z "$external_path_file" ; then
3857 --with-default-path=PATH will only be used if PATH is not defined in
3858 $external_path_file .])
3860 user_path="$withval"
3861 SERVER_PATH_MSG="$withval"
3864 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3865 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3867 if test ! -z "$external_path_file" ; then
3869 If PATH is defined in $external_path_file, ensure the path to scp is included,
3870 otherwise scp will not work.])
3874 /* find out what STDPATH is */
3879 #ifndef _PATH_STDPATH
3880 # ifdef _PATH_USERPATH /* Irix */
3881 # define _PATH_STDPATH _PATH_USERPATH
3883 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3886 #include <sys/types.h>
3887 #include <sys/stat.h>
3889 #define DATA "conftest.stdpath"
3896 fd = fopen(DATA,"w");
3900 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3906 [ user_path=`cat conftest.stdpath` ],
3907 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3908 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3912 if test "x$external_path_file" != "x/etc/login.conf" ; then
3913 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3917 # Set superuser path separately to user path
3918 AC_ARG_WITH(superuser-path,
3919 [ --with-superuser-path= Specify different path for super-user],
3921 if test -n "$withval" && test "x$withval" != "xno" && \
3922 test "x${withval}" != "xyes"; then
3923 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3924 [Define if you want a different $PATH
3926 superuser_path=$withval
3932 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3933 IPV4_IN6_HACK_MSG="no"
3935 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3937 if test "x$withval" != "xno" ; then
3939 AC_DEFINE(IPV4_IN_IPV6, 1,
3940 [Detect IPv4 in IPv6 mapped addresses
3942 IPV4_IN6_HACK_MSG="yes"
3947 if test "x$inet6_default_4in6" = "xyes"; then
3948 AC_MSG_RESULT([yes (default)])
3949 AC_DEFINE(IPV4_IN_IPV6)
3950 IPV4_IN6_HACK_MSG="yes"
3952 AC_MSG_RESULT([no (default)])
3957 # Whether to enable BSD auth support
3959 AC_ARG_WITH(bsd-auth,
3960 [ --with-bsd-auth Enable BSD auth support],
3962 if test "x$withval" != "xno" ; then
3963 AC_DEFINE(BSD_AUTH, 1,
3964 [Define if you have BSD auth support])
3970 # Where to place sshd.pid
3972 # make sure the directory exists
3973 if test ! -d $piddir ; then
3974 piddir=`eval echo ${sysconfdir}`
3976 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3980 AC_ARG_WITH(pid-dir,
3981 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3983 if test -n "$withval" && test "x$withval" != "xno" && \
3984 test "x${withval}" != "xyes"; then
3986 if test ! -d $piddir ; then
3987 AC_MSG_WARN([** no $piddir directory on this system **])
3993 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3996 dnl allow user to disable some login recording features
3997 AC_ARG_ENABLE(lastlog,
3998 [ --disable-lastlog disable use of lastlog even if detected [no]],
4000 if test "x$enableval" = "xno" ; then
4001 AC_DEFINE(DISABLE_LASTLOG)
4006 [ --disable-utmp disable use of utmp even if detected [no]],
4008 if test "x$enableval" = "xno" ; then
4009 AC_DEFINE(DISABLE_UTMP)
4013 AC_ARG_ENABLE(utmpx,
4014 [ --disable-utmpx disable use of utmpx even if detected [no]],
4016 if test "x$enableval" = "xno" ; then
4017 AC_DEFINE(DISABLE_UTMPX, 1,
4018 [Define if you don't want to use utmpx])
4023 [ --disable-wtmp disable use of wtmp even if detected [no]],
4025 if test "x$enableval" = "xno" ; then
4026 AC_DEFINE(DISABLE_WTMP)
4030 AC_ARG_ENABLE(wtmpx,
4031 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4033 if test "x$enableval" = "xno" ; then
4034 AC_DEFINE(DISABLE_WTMPX, 1,
4035 [Define if you don't want to use wtmpx])
4039 AC_ARG_ENABLE(libutil,
4040 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4042 if test "x$enableval" = "xno" ; then
4043 AC_DEFINE(DISABLE_LOGIN)
4047 AC_ARG_ENABLE(pututline,
4048 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4050 if test "x$enableval" = "xno" ; then
4051 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4052 [Define if you don't want to use pututline()
4053 etc. to write [uw]tmp])
4057 AC_ARG_ENABLE(pututxline,
4058 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4060 if test "x$enableval" = "xno" ; then
4061 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4062 [Define if you don't want to use pututxline()
4063 etc. to write [uw]tmpx])
4067 AC_ARG_WITH(lastlog,
4068 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4070 if test "x$withval" = "xno" ; then
4071 AC_DEFINE(DISABLE_LASTLOG)
4072 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4073 conf_lastlog_location=$withval
4078 dnl lastlog, [uw]tmpx? detection
4079 dnl NOTE: set the paths in the platform section to avoid the
4080 dnl need for command-line parameters
4081 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4083 dnl lastlog detection
4084 dnl NOTE: the code itself will detect if lastlog is a directory
4085 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4087 #include <sys/types.h>
4089 #ifdef HAVE_LASTLOG_H
4090 # include <lastlog.h>
4099 [ char *lastlog = LASTLOG_FILE; ],
4100 [ AC_MSG_RESULT(yes) ],
4103 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4105 #include <sys/types.h>
4107 #ifdef HAVE_LASTLOG_H
4108 # include <lastlog.h>
4114 [ char *lastlog = _PATH_LASTLOG; ],
4115 [ AC_MSG_RESULT(yes) ],
4118 system_lastlog_path=no
4123 if test -z "$conf_lastlog_location"; then
4124 if test x"$system_lastlog_path" = x"no" ; then
4125 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4126 if (test -d "$f" || test -f "$f") ; then
4127 conf_lastlog_location=$f
4130 if test -z "$conf_lastlog_location"; then
4131 AC_MSG_WARN([** Cannot find lastlog **])
4132 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4137 if test -n "$conf_lastlog_location"; then
4138 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4139 [Define if you want to specify the path to your lastlog file])
4143 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4145 #include <sys/types.h>
4151 [ char *utmp = UTMP_FILE; ],
4152 [ AC_MSG_RESULT(yes) ],
4154 system_utmp_path=no ]
4156 if test -z "$conf_utmp_location"; then
4157 if test x"$system_utmp_path" = x"no" ; then
4158 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4159 if test -f $f ; then
4160 conf_utmp_location=$f
4163 if test -z "$conf_utmp_location"; then
4164 AC_DEFINE(DISABLE_UTMP)
4168 if test -n "$conf_utmp_location"; then
4169 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4170 [Define if you want to specify the path to your utmp file])
4174 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4176 #include <sys/types.h>
4182 [ char *wtmp = WTMP_FILE; ],
4183 [ AC_MSG_RESULT(yes) ],
4185 system_wtmp_path=no ]
4187 if test -z "$conf_wtmp_location"; then
4188 if test x"$system_wtmp_path" = x"no" ; then
4189 for f in /usr/adm/wtmp /var/log/wtmp; do
4190 if test -f $f ; then
4191 conf_wtmp_location=$f
4194 if test -z "$conf_wtmp_location"; then
4195 AC_DEFINE(DISABLE_WTMP)
4199 if test -n "$conf_wtmp_location"; then
4200 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4201 [Define if you want to specify the path to your wtmp file])
4205 dnl utmpx detection - I don't know any system so perverse as to require
4206 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4208 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4210 #include <sys/types.h>
4219 [ char *utmpx = UTMPX_FILE; ],
4220 [ AC_MSG_RESULT(yes) ],
4222 system_utmpx_path=no ]
4224 if test -z "$conf_utmpx_location"; then
4225 if test x"$system_utmpx_path" = x"no" ; then
4226 AC_DEFINE(DISABLE_UTMPX)
4229 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4230 [Define if you want to specify the path to your utmpx file])
4234 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4236 #include <sys/types.h>
4245 [ char *wtmpx = WTMPX_FILE; ],
4246 [ AC_MSG_RESULT(yes) ],
4248 system_wtmpx_path=no ]
4250 if test -z "$conf_wtmpx_location"; then
4251 if test x"$system_wtmpx_path" = x"no" ; then
4252 AC_DEFINE(DISABLE_WTMPX)
4255 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4256 [Define if you want to specify the path to your wtmpx file])
4260 if test ! -z "$blibpath" ; then
4261 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4262 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4265 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4267 CFLAGS="$CFLAGS $werror_flags"
4270 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4271 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4272 scard/Makefile ssh_prng_cmds survey.sh])
4275 # Print summary of options
4277 # Someone please show me a better way :)
4278 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4279 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4280 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4281 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4282 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4283 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4284 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4285 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4286 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4289 echo "OpenSSH has been configured with the following options:"
4290 echo " User binaries: $B"
4291 echo " System binaries: $C"
4292 echo " Configuration files: $D"
4293 echo " Askpass program: $E"
4294 echo " Manual pages: $F"
4295 echo " Privilege separation chroot path: $H"
4296 if test "x$external_path_file" = "x/etc/login.conf" ; then
4297 echo " At runtime, sshd will use the path defined in $external_path_file"
4298 echo " Make sure the path to scp is present, otherwise scp will not work"
4300 echo " sshd default user PATH: $I"
4301 if test ! -z "$external_path_file"; then
4302 echo " (If PATH is set in $external_path_file it will be used instead. If"
4303 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4306 if test ! -z "$superuser_path" ; then
4307 echo " sshd superuser user PATH: $J"
4309 echo " Manpage format: $MANTYPE"
4310 echo " PAM support: $PAM_MSG"
4311 echo " OSF SIA support: $SIA_MSG"
4312 echo " KerberosV support: $KRB5_MSG"
4313 echo " SELinux support: $SELINUX_MSG"
4314 echo " Smartcard support: $SCARD_MSG"
4315 echo " S/KEY support: $SKEY_MSG"
4316 echo " TCP Wrappers support: $TCPW_MSG"
4317 echo " MD5 password support: $MD5_MSG"
4318 echo " libedit support: $LIBEDIT_MSG"
4319 echo " Solaris process contract support: $SPC_MSG"
4320 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4321 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4322 echo " BSD Auth support: $BSD_AUTH_MSG"
4323 echo " Random number source: $RAND_MSG"
4324 if test ! -z "$USE_RAND_HELPER" ; then
4325 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4330 echo " Host: ${host}"
4331 echo " Compiler: ${CC}"
4332 echo " Compiler flags: ${CFLAGS}"
4333 echo "Preprocessor flags: ${CPPFLAGS}"
4334 echo " Linker flags: ${LDFLAGS}"
4335 echo " Libraries: ${LIBS}"
4336 if test ! -z "${SSHDLIBS}"; then
4337 echo " +for sshd: ${SSHDLIBS}"
4342 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4343 echo "SVR4 style packages are supported with \"make package\""
4347 if test "x$PAM_MSG" = "xyes" ; then
4348 echo "PAM is enabled. You may need to install a PAM control file "
4349 echo "for sshd, otherwise password authentication may fail. "
4350 echo "Example PAM control files can be found in the contrib/ "
4355 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4356 echo "WARNING: you are using the builtin random number collection "
4357 echo "service. Please read WARNING.RNG and request that your OS "
4358 echo "vendor includes kernel-based random number collection in "
4359 echo "future versions of your OS."
4363 if test ! -z "$NO_PEERCHECK" ; then
4364 echo "WARNING: the operating system that you are using does not"
4365 echo "appear to support getpeereid(), getpeerucred() or the"
4366 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4367 echo "enforce security checks to prevent unauthorised connections to"
4368 echo "ssh-agent. Their absence increases the risk that a malicious"
4369 echo "user can connect to your agent."
4373 if test "$AUDIT_MODULE" = "bsm" ; then
4374 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4375 echo "See the Solaris section in README.platform for details."