3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Messages for features tested for in target-specific section
134 # Check for some target-specific stuff
137 # Some versions of VAC won't allow macro redefinitions at
138 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
139 # particularly with older versions of vac or xlc.
140 # It also throws errors about null macro argments, but these are
142 AC_MSG_CHECKING(if compiler allows macro redefinitions)
145 #define testmacro foo
146 #define testmacro bar
147 int main(void) { exit(0); }
149 [ AC_MSG_RESULT(yes) ],
151 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
152 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
153 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
154 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
158 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
159 if (test -z "$blibpath"); then
160 blibpath="/usr/lib:/lib"
162 saved_LDFLAGS="$LDFLAGS"
163 if test "$GCC" = "yes"; then
164 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
166 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
168 for tryflags in $flags ;do
169 if (test -z "$blibflags"); then
170 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
171 AC_TRY_LINK([], [], [blibflags=$tryflags])
174 if (test -z "$blibflags"); then
175 AC_MSG_RESULT(not found)
176 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
178 AC_MSG_RESULT($blibflags)
180 LDFLAGS="$saved_LDFLAGS"
181 dnl Check for authenticate. Might be in libs.a on older AIXes
182 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
183 [Define if you want to enable AIX4's authenticate function])],
184 [AC_CHECK_LIB(s,authenticate,
185 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
189 dnl Check for various auth function declarations in headers.
190 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
191 passwdexpired, setauthdb], , , [#include <usersec.h>])
192 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
193 AC_CHECK_DECLS(loginfailed,
194 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
196 [#include <usersec.h>],
197 [(void)loginfailed("user","host","tty",0);],
199 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
200 [Define if your AIX loginfailed() function
201 takes 4 arguments (AIX >= 5.2)])],
205 [#include <usersec.h>]
207 AC_CHECK_FUNCS(setauthdb)
208 AC_CHECK_DECL(F_CLOSEM,
209 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
211 [ #include <limits.h>
214 check_for_aix_broken_getaddrinfo=1
215 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
216 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
217 [Define if your platform breaks doing a seteuid before a setuid])
218 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
219 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
220 dnl AIX handles lastlog as part of its login message
221 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
222 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
223 [Some systems need a utmpx entry for /bin/login to work])
224 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
225 [Define to a Set Process Title type if your system is
226 supported by bsd-setproctitle.c])
227 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
228 [AIX 5.2 and 5.3 (and presumably newer) require this])
229 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
232 check_for_libcrypt_later=1
233 LIBS="$LIBS /usr/lib/textmode.o"
234 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
235 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
236 AC_DEFINE(DISABLE_SHADOW, 1,
237 [Define if you want to disable shadow passwords])
238 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
239 [Define if your system choked on IP TOS setting])
240 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
241 [Define if X11 doesn't support AF_UNIX sockets on that system])
242 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
243 [Define if the concept of ports only accessible to
244 superusers isn't known])
245 AC_DEFINE(DISABLE_FD_PASSING, 1,
246 [Define if your platform needs to skip post auth
247 file descriptor passing])
250 AC_DEFINE(IP_TOS_IS_BROKEN)
251 AC_DEFINE(SETEUID_BREAKS_SETUID)
252 AC_DEFINE(BROKEN_SETREUID)
253 AC_DEFINE(BROKEN_SETREGID)
256 AC_MSG_CHECKING(if we have working getaddrinfo)
257 AC_TRY_RUN([#include <mach-o/dyld.h>
258 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
262 }], [AC_MSG_RESULT(working)],
263 [AC_MSG_RESULT(buggy)
264 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
265 [AC_MSG_RESULT(assume it is working)])
266 AC_DEFINE(SETEUID_BREAKS_SETUID)
267 AC_DEFINE(BROKEN_SETREUID)
268 AC_DEFINE(BROKEN_SETREGID)
269 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
270 [Define if your resolver libs need this for getrrsetbyname])
271 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
272 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
273 [Use tunnel device compatibility to OpenBSD])
274 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
275 [Prepend the address family to IP tunnel traffic])
278 SSHDLIBS="$SSHDLIBS -lcrypt"
281 # first we define all of the options common to all HP-UX releases
282 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
283 IPADDR_IN_DISPLAY=yes
285 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
286 [Define if your login program cannot handle end of options ("--")])
287 AC_DEFINE(LOGIN_NEEDS_UTMPX)
288 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
289 [String used in /etc/passwd to denote locked account])
290 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
291 MAIL="/var/mail/username"
293 AC_CHECK_LIB(xnet, t_error, ,
294 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
296 # next, we define all of the options specific to major releases
299 if test -z "$GCC"; then
304 AC_DEFINE(PAM_SUN_CODEBASE, 1,
305 [Define if you are using Solaris-derived PAM which
306 passes pam_messages to the conversation function
307 with an extra level of indirection])
308 AC_DEFINE(DISABLE_UTMP, 1,
309 [Define if you don't want to use utmp])
310 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
311 check_for_hpux_broken_getaddrinfo=1
312 check_for_conflicting_getspnam=1
316 # lastly, we define options specific to minor releases
319 AC_DEFINE(HAVE_SECUREWARE, 1,
320 [Define if you have SecureWare-based
321 protected password database])
322 disable_ptmx_check=yes
328 PATH="$PATH:/usr/etc"
329 AC_DEFINE(BROKEN_INET_NTOA, 1,
330 [Define if you system's inet_ntoa is busted
331 (e.g. Irix gcc issue)])
332 AC_DEFINE(SETEUID_BREAKS_SETUID)
333 AC_DEFINE(BROKEN_SETREUID)
334 AC_DEFINE(BROKEN_SETREGID)
335 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
336 [Define if you shouldn't strip 'tty' from your
338 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
341 PATH="$PATH:/usr/etc"
342 AC_DEFINE(WITH_IRIX_ARRAY, 1,
343 [Define if you have/want arrays
344 (cluster-wide session managment, not C arrays)])
345 AC_DEFINE(WITH_IRIX_PROJECT, 1,
346 [Define if you want IRIX project management])
347 AC_DEFINE(WITH_IRIX_AUDIT, 1,
348 [Define if you want IRIX audit trails])
349 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
350 [Define if you want IRIX kernel jobs])])
351 AC_DEFINE(BROKEN_INET_NTOA)
352 AC_DEFINE(SETEUID_BREAKS_SETUID)
353 AC_DEFINE(BROKEN_SETREUID)
354 AC_DEFINE(BROKEN_SETREGID)
355 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
356 AC_DEFINE(WITH_ABBREV_NO_TTY)
357 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
361 check_for_libcrypt_later=1
362 check_for_openpty_ctty_bug=1
363 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
364 AC_DEFINE(PAM_TTY_KLUDGE, 1,
365 [Work around problematic Linux PAM modules handling of PAM_TTY])
366 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
367 [String used in /etc/passwd to denote locked account])
368 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
369 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
370 [Define to whatever link() returns for "not supported"
371 if it doesn't return EOPNOTSUPP.])
372 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
374 inet6_default_4in6=yes
377 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
378 [Define if cmsg_type is not passed correctly])
381 # tun(4) forwarding compat code
382 AC_CHECK_HEADERS(linux/if_tun.h)
383 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
384 AC_DEFINE(SSH_TUN_LINUX, 1,
385 [Open tunnel devices the Linux tun/tap way])
386 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
387 [Use tunnel device compatibility to OpenBSD])
388 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
389 [Prepend the address family to IP tunnel traffic])
392 mips-sony-bsd|mips-sony-newsos4)
393 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
397 check_for_libcrypt_before=1
398 if test "x$withval" != "xno" ; then
401 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
402 AC_CHECK_HEADER([net/if_tap.h], ,
403 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
404 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
405 [Prepend the address family to IP tunnel traffic])
408 check_for_libcrypt_later=1
409 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
410 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
411 AC_CHECK_HEADER([net/if_tap.h], ,
412 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
415 AC_DEFINE(SETEUID_BREAKS_SETUID)
416 AC_DEFINE(BROKEN_SETREUID)
417 AC_DEFINE(BROKEN_SETREGID)
420 conf_lastlog_location="/usr/adm/lastlog"
421 conf_utmp_location=/etc/utmp
422 conf_wtmp_location=/usr/adm/wtmp
424 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
425 AC_DEFINE(BROKEN_REALPATH)
427 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
430 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
431 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
432 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
433 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
434 [syslog_r function is safe to use in in a signal handler])
437 if test "x$withval" != "xno" ; then
440 AC_DEFINE(PAM_SUN_CODEBASE)
441 AC_DEFINE(LOGIN_NEEDS_UTMPX)
442 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
443 [Some versions of /bin/login need the TERM supplied
445 AC_DEFINE(PAM_TTY_KLUDGE)
446 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
447 [Define if pam_chauthtok wants real uid set
448 to the unpriv'ed user])
449 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
450 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
451 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
452 [Define if sshd somehow reacquires a controlling TTY
454 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
455 in case the name is longer than 8 chars])
456 external_path_file=/etc/default/login
457 # hardwire lastlog location (can't detect it on some versions)
458 conf_lastlog_location="/var/adm/lastlog"
459 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
460 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
461 if test "$sol2ver" -ge 8; then
463 AC_DEFINE(DISABLE_UTMP)
464 AC_DEFINE(DISABLE_WTMP, 1,
465 [Define if you don't want to use wtmp])
469 AC_ARG_WITH(solaris-contracts,
470 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
472 AC_CHECK_LIB(contract, ct_tmpl_activate,
473 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
474 [Define if you have Solaris process contracts])
475 SSHDLIBS="$SSHDLIBS -lcontract"
482 CPPFLAGS="$CPPFLAGS -DSUNOS4"
483 AC_CHECK_FUNCS(getpwanam)
484 AC_DEFINE(PAM_SUN_CODEBASE)
485 conf_utmp_location=/etc/utmp
486 conf_wtmp_location=/var/adm/wtmp
487 conf_lastlog_location=/var/adm/lastlog
493 AC_DEFINE(SSHD_ACQUIRES_CTTY)
494 AC_DEFINE(SETEUID_BREAKS_SETUID)
495 AC_DEFINE(BROKEN_SETREUID)
496 AC_DEFINE(BROKEN_SETREGID)
499 # /usr/ucblib MUST NOT be searched on ReliantUNIX
500 AC_CHECK_LIB(dl, dlsym, ,)
501 # -lresolv needs to be at the end of LIBS or DNS lookups break
502 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
503 IPADDR_IN_DISPLAY=yes
505 AC_DEFINE(IP_TOS_IS_BROKEN)
506 AC_DEFINE(SETEUID_BREAKS_SETUID)
507 AC_DEFINE(BROKEN_SETREUID)
508 AC_DEFINE(BROKEN_SETREGID)
509 AC_DEFINE(SSHD_ACQUIRES_CTTY)
510 external_path_file=/etc/default/login
511 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
512 # Attention: always take care to bind libsocket and libnsl before libc,
513 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
515 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
518 AC_DEFINE(SETEUID_BREAKS_SETUID)
519 AC_DEFINE(BROKEN_SETREUID)
520 AC_DEFINE(BROKEN_SETREGID)
521 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
522 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
524 # UnixWare 7.x, OpenUNIX 8
526 check_for_libcrypt_later=1
527 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
529 AC_DEFINE(SETEUID_BREAKS_SETUID)
530 AC_DEFINE(BROKEN_SETREUID)
531 AC_DEFINE(BROKEN_SETREGID)
532 AC_DEFINE(PASSWD_NEEDS_USERNAME)
534 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
535 TEST_SHELL=/u95/bin/sh
536 AC_DEFINE(BROKEN_LIBIAF, 1,
537 [ia_uinfo routines not supported by OS yet])
538 AC_DEFINE(BROKEN_UPDWTMPX)
540 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
546 # SCO UNIX and OEM versions of SCO UNIX
548 AC_MSG_ERROR("This Platform is no longer supported.")
552 if test -z "$GCC"; then
553 CFLAGS="$CFLAGS -belf"
555 LIBS="$LIBS -lprot -lx -ltinfo -lm"
558 AC_DEFINE(HAVE_SECUREWARE)
559 AC_DEFINE(DISABLE_SHADOW)
560 AC_DEFINE(DISABLE_FD_PASSING)
561 AC_DEFINE(SETEUID_BREAKS_SETUID)
562 AC_DEFINE(BROKEN_SETREUID)
563 AC_DEFINE(BROKEN_SETREGID)
564 AC_DEFINE(WITH_ABBREV_NO_TTY)
565 AC_DEFINE(BROKEN_UPDWTMPX)
566 AC_DEFINE(PASSWD_NEEDS_USERNAME)
567 AC_CHECK_FUNCS(getluid setluid)
572 AC_DEFINE(NO_SSH_LASTLOG, 1,
573 [Define if you don't want to use lastlog in session.c])
574 AC_DEFINE(SETEUID_BREAKS_SETUID)
575 AC_DEFINE(BROKEN_SETREUID)
576 AC_DEFINE(BROKEN_SETREGID)
578 AC_DEFINE(DISABLE_FD_PASSING)
580 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
584 AC_DEFINE(SETEUID_BREAKS_SETUID)
585 AC_DEFINE(BROKEN_SETREUID)
586 AC_DEFINE(BROKEN_SETREGID)
587 AC_DEFINE(WITH_ABBREV_NO_TTY)
589 AC_DEFINE(DISABLE_FD_PASSING)
591 LIBS="$LIBS -lgen -lacid -ldb"
595 AC_DEFINE(SETEUID_BREAKS_SETUID)
596 AC_DEFINE(BROKEN_SETREUID)
597 AC_DEFINE(BROKEN_SETREGID)
599 AC_DEFINE(DISABLE_FD_PASSING)
600 AC_DEFINE(NO_SSH_LASTLOG)
601 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
602 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
606 AC_MSG_CHECKING(for Digital Unix SIA)
609 [ --with-osfsia Enable Digital Unix SIA],
611 if test "x$withval" = "xno" ; then
612 AC_MSG_RESULT(disabled)
617 if test -z "$no_osfsia" ; then
618 if test -f /etc/sia/matrix.conf; then
620 AC_DEFINE(HAVE_OSF_SIA, 1,
621 [Define if you have Digital Unix Security
622 Integration Architecture])
623 AC_DEFINE(DISABLE_LOGIN, 1,
624 [Define if you don't want to use your
625 system's login() call])
626 AC_DEFINE(DISABLE_FD_PASSING)
627 LIBS="$LIBS -lsecurity -ldb -lm -laud"
631 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
632 [String used in /etc/passwd to denote locked account])
635 AC_DEFINE(BROKEN_GETADDRINFO)
636 AC_DEFINE(SETEUID_BREAKS_SETUID)
637 AC_DEFINE(BROKEN_SETREUID)
638 AC_DEFINE(BROKEN_SETREGID)
643 AC_DEFINE(NO_X11_UNIX_SOCKETS)
644 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
645 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
646 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
647 AC_DEFINE(DISABLE_LASTLOG)
648 AC_DEFINE(SSHD_ACQUIRES_CTTY)
649 enable_etc_default_login=no # has incompatible /etc/default/login
653 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
654 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
655 AC_DEFINE(NEED_SETPGRP)
656 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
660 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
661 AC_DEFINE(MISSING_HOWMANY)
662 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
666 # Allow user to specify flags
668 [ --with-cflags Specify additional flags to pass to compiler],
670 if test -n "$withval" && test "x$withval" != "xno" && \
671 test "x${withval}" != "xyes"; then
672 CFLAGS="$CFLAGS $withval"
676 AC_ARG_WITH(cppflags,
677 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
679 if test -n "$withval" && test "x$withval" != "xno" && \
680 test "x${withval}" != "xyes"; then
681 CPPFLAGS="$CPPFLAGS $withval"
686 [ --with-ldflags Specify additional flags to pass to linker],
688 if test -n "$withval" && test "x$withval" != "xno" && \
689 test "x${withval}" != "xyes"; then
690 LDFLAGS="$LDFLAGS $withval"
695 [ --with-libs Specify additional libraries to link with],
697 if test -n "$withval" && test "x$withval" != "xno" && \
698 test "x${withval}" != "xyes"; then
699 LIBS="$LIBS $withval"
704 [ --with-Werror Build main code with -Werror],
706 if test -n "$withval" && test "x$withval" != "xno"; then
707 werror_flags="-Werror"
708 if test "x${withval}" != "xyes"; then
709 werror_flags="$withval"
715 AC_MSG_CHECKING(compiler and flags for sanity)
721 [ AC_MSG_RESULT(yes) ],
724 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
726 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
729 dnl Checks for header files.
755 security/pam_appl.h \
792 # lastlog.h requires sys/time.h to be included first on Solaris
793 AC_CHECK_HEADERS(lastlog.h, [], [], [
794 #ifdef HAVE_SYS_TIME_H
795 # include <sys/time.h>
799 # sys/ptms.h requires sys/stream.h to be included first on Solaris
800 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
801 #ifdef HAVE_SYS_STREAM_H
802 # include <sys/stream.h>
806 # login_cap.h requires sys/types.h on NetBSD
807 AC_CHECK_HEADERS(login_cap.h, [], [], [
808 #include <sys/types.h>
811 # Checks for libraries.
812 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
813 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
815 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
816 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
817 AC_CHECK_LIB(gen, dirname,[
818 AC_CACHE_CHECK([for broken dirname],
819 ac_cv_have_broken_dirname, [
827 int main(int argc, char **argv) {
830 strncpy(buf,"/etc", 32);
832 if (!s || strncmp(s, "/", 32) != 0) {
839 [ ac_cv_have_broken_dirname="no" ],
840 [ ac_cv_have_broken_dirname="yes" ],
841 [ ac_cv_have_broken_dirname="no" ],
845 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
847 AC_DEFINE(HAVE_DIRNAME)
848 AC_CHECK_HEADERS(libgen.h)
853 AC_CHECK_FUNC(getspnam, ,
854 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
855 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
856 [Define if you have the basename function.]))
860 [ --with-zlib=PATH Use zlib in PATH],
861 [ if test "x$withval" = "xno" ; then
862 AC_MSG_ERROR([*** zlib is required ***])
863 elif test "x$withval" != "xyes"; then
864 if test -d "$withval/lib"; then
865 if test -n "${need_dash_r}"; then
866 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
868 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
871 if test -n "${need_dash_r}"; then
872 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
874 LDFLAGS="-L${withval} ${LDFLAGS}"
877 if test -d "$withval/include"; then
878 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
880 CPPFLAGS="-I${withval} ${CPPFLAGS}"
885 AC_CHECK_LIB(z, deflate, ,
887 saved_CPPFLAGS="$CPPFLAGS"
888 saved_LDFLAGS="$LDFLAGS"
890 dnl Check default zlib install dir
891 if test -n "${need_dash_r}"; then
892 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
894 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
896 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
898 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
900 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
905 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
907 AC_ARG_WITH(zlib-version-check,
908 [ --without-zlib-version-check Disable zlib version check],
909 [ if test "x$withval" = "xno" ; then
910 zlib_check_nonfatal=1
915 AC_MSG_CHECKING(for possibly buggy zlib)
916 AC_RUN_IFELSE([AC_LANG_SOURCE([[
921 int a=0, b=0, c=0, d=0, n, v;
922 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
923 if (n != 3 && n != 4)
925 v = a*1000000 + b*10000 + c*100 + d;
926 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
929 if (a == 1 && b == 1 && c >= 4)
932 /* 1.2.3 and up are OK */
941 if test -z "$zlib_check_nonfatal" ; then
942 AC_MSG_ERROR([*** zlib too old - check config.log ***
943 Your reported zlib version has known security problems. It's possible your
944 vendor has fixed these problems without changing the version number. If you
945 are sure this is the case, you can disable the check by running
946 "./configure --without-zlib-version-check".
947 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
948 See http://www.gzip.org/zlib/ for details.])
950 AC_MSG_WARN([zlib version may have security problems])
953 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
957 AC_CHECK_FUNC(strcasecmp,
958 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
960 AC_CHECK_FUNCS(utimes,
961 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
962 LIBS="$LIBS -lc89"]) ]
965 dnl Checks for libutil functions
966 AC_CHECK_HEADERS(libutil.h)
967 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
968 [Define if your libraries define login()])])
969 AC_CHECK_FUNCS(logout updwtmp logwtmp)
973 # Check for ALTDIRFUNC glob() extension
974 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
975 AC_EGREP_CPP(FOUNDIT,
978 #ifdef GLOB_ALTDIRFUNC
983 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
984 [Define if your system glob() function has
985 the GLOB_ALTDIRFUNC extension])
993 # Check for g.gl_matchc glob() extension
994 AC_MSG_CHECKING(for gl_matchc field in glob_t)
996 [ #include <glob.h> ],
997 [glob_t g; g.gl_matchc = 1;],
999 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1000 [Define if your system glob() function has
1001 gl_matchc options in glob_t])
1009 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1011 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1014 #include <sys/types.h>
1016 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1018 [AC_MSG_RESULT(yes)],
1021 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1022 [Define if your struct dirent expects you to
1023 allocate extra space for d_name])
1026 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1027 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1031 AC_MSG_CHECKING([for /proc/pid/fd directory])
1032 if test -d "/proc/$$/fd" ; then
1033 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1039 # Check whether user wants S/Key support
1042 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1044 if test "x$withval" != "xno" ; then
1046 if test "x$withval" != "xyes" ; then
1047 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1048 LDFLAGS="$LDFLAGS -L${withval}/lib"
1051 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1055 AC_MSG_CHECKING([for s/key support])
1060 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1062 [AC_MSG_RESULT(yes)],
1065 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1067 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1071 [(void)skeychallenge(NULL,"name","",0);],
1073 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1074 [Define if your skeychallenge()
1075 function takes 4 arguments (NetBSD)])],
1082 # Check whether user wants TCP wrappers support
1084 AC_ARG_WITH(tcp-wrappers,
1085 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1087 if test "x$withval" != "xno" ; then
1089 saved_LDFLAGS="$LDFLAGS"
1090 saved_CPPFLAGS="$CPPFLAGS"
1091 if test -n "${withval}" && \
1092 test "x${withval}" != "xyes"; then
1093 if test -d "${withval}/lib"; then
1094 if test -n "${need_dash_r}"; then
1095 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1097 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1100 if test -n "${need_dash_r}"; then
1101 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1103 LDFLAGS="-L${withval} ${LDFLAGS}"
1106 if test -d "${withval}/include"; then
1107 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1109 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1113 LIBS="$LIBWRAP $LIBS"
1114 AC_MSG_CHECKING(for libwrap)
1117 #include <sys/types.h>
1118 #include <sys/socket.h>
1119 #include <netinet/in.h>
1121 int deny_severity = 0, allow_severity = 0;
1126 AC_DEFINE(LIBWRAP, 1,
1128 TCP Wrappers support])
1133 AC_MSG_ERROR([*** libwrap missing])
1141 # Check whether user wants libedit support
1143 AC_ARG_WITH(libedit,
1144 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1145 [ if test "x$withval" != "xno" ; then
1146 if test "x$withval" != "xyes"; then
1147 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1148 if test -n "${need_dash_r}"; then
1149 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1151 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1154 AC_CHECK_LIB(edit, el_init,
1155 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1156 LIBEDIT="-ledit -lcurses"
1160 [ AC_MSG_ERROR(libedit not found) ],
1163 AC_MSG_CHECKING(if libedit version is compatible)
1166 #include <histedit.h>
1170 el_init("", NULL, NULL, NULL);
1174 [ AC_MSG_RESULT(yes) ],
1176 AC_MSG_ERROR(libedit version is not compatible) ]
1183 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1185 AC_MSG_CHECKING(for supported audit module)
1190 dnl Checks for headers, libs and functions
1191 AC_CHECK_HEADERS(bsm/audit.h, [],
1192 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1199 AC_CHECK_LIB(bsm, getaudit, [],
1200 [AC_MSG_ERROR(BSM enabled and required library not found)])
1201 AC_CHECK_FUNCS(getaudit, [],
1202 [AC_MSG_ERROR(BSM enabled and required function not found)])
1203 # These are optional
1204 AC_CHECK_FUNCS(getaudit_addr)
1205 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1209 AC_MSG_RESULT(debug)
1210 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1216 AC_MSG_ERROR([Unknown audit module $withval])
1221 dnl Checks for library functions. Please keep in alphabetical order
1306 # IRIX has a const char return value for gai_strerror()
1307 AC_CHECK_FUNCS(gai_strerror,[
1308 AC_DEFINE(HAVE_GAI_STRERROR)
1310 #include <sys/types.h>
1311 #include <sys/socket.h>
1314 const char *gai_strerror(int);],[
1317 str = gai_strerror(0);],[
1318 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1319 [Define if gai_strerror() returns const char *])])])
1321 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1322 [Some systems put nanosleep outside of libc]))
1324 dnl Make sure prototypes are defined for these before using them.
1325 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1326 AC_CHECK_DECL(strsep,
1327 [AC_CHECK_FUNCS(strsep)],
1330 #ifdef HAVE_STRING_H
1331 # include <string.h>
1335 dnl tcsendbreak might be a macro
1336 AC_CHECK_DECL(tcsendbreak,
1337 [AC_DEFINE(HAVE_TCSENDBREAK)],
1338 [AC_CHECK_FUNCS(tcsendbreak)],
1339 [#include <termios.h>]
1342 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1344 AC_CHECK_DECLS(SHUT_RD, , ,
1346 #include <sys/types.h>
1347 #include <sys/socket.h>
1350 AC_CHECK_DECLS(O_NONBLOCK, , ,
1352 #include <sys/types.h>
1353 #ifdef HAVE_SYS_STAT_H
1354 # include <sys/stat.h>
1361 AC_CHECK_DECLS(writev, , , [
1362 #include <sys/types.h>
1363 #include <sys/uio.h>
1367 AC_CHECK_FUNCS(setresuid, [
1368 dnl Some platorms have setresuid that isn't implemented, test for this
1369 AC_MSG_CHECKING(if setresuid seems to work)
1374 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1376 [AC_MSG_RESULT(yes)],
1377 [AC_DEFINE(BROKEN_SETRESUID, 1,
1378 [Define if your setresuid() is broken])
1379 AC_MSG_RESULT(not implemented)],
1380 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1384 AC_CHECK_FUNCS(setresgid, [
1385 dnl Some platorms have setresgid that isn't implemented, test for this
1386 AC_MSG_CHECKING(if setresgid seems to work)
1391 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1393 [AC_MSG_RESULT(yes)],
1394 [AC_DEFINE(BROKEN_SETRESGID, 1,
1395 [Define if your setresgid() is broken])
1396 AC_MSG_RESULT(not implemented)],
1397 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1401 dnl Checks for time functions
1402 AC_CHECK_FUNCS(gettimeofday time)
1403 dnl Checks for utmp functions
1404 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1405 AC_CHECK_FUNCS(utmpname)
1406 dnl Checks for utmpx functions
1407 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1408 AC_CHECK_FUNCS(setutxent utmpxname)
1410 AC_CHECK_FUNC(daemon,
1411 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1412 [AC_CHECK_LIB(bsd, daemon,
1413 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1416 AC_CHECK_FUNC(getpagesize,
1417 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1418 [Define if your libraries define getpagesize()])],
1419 [AC_CHECK_LIB(ucb, getpagesize,
1420 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1423 # Check for broken snprintf
1424 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1425 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1429 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1431 [AC_MSG_RESULT(yes)],
1434 AC_DEFINE(BROKEN_SNPRINTF, 1,
1435 [Define if your snprintf is busted])
1436 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1438 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1442 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1443 # returning the right thing on overflow: the number of characters it tried to
1444 # create (as per SUSv3)
1445 if test "x$ac_cv_func_asprintf" != "xyes" && \
1446 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1447 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1450 #include <sys/types.h>
1454 int x_snprintf(char *str,size_t count,const char *fmt,...)
1456 size_t ret; va_list ap;
1457 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1463 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1465 [AC_MSG_RESULT(yes)],
1468 AC_DEFINE(BROKEN_SNPRINTF, 1,
1469 [Define if your snprintf is busted])
1470 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1472 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1476 # On systems where [v]snprintf is broken, but is declared in stdio,
1477 # check that the fmt argument is const char * or just char *.
1478 # This is only useful for when BROKEN_SNPRINTF
1479 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1480 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1481 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1482 int main(void) { snprintf(0, 0, 0); }
1485 AC_DEFINE(SNPRINTF_CONST, [const],
1486 [Define as const if snprintf() can declare const char *fmt])],
1488 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1490 # Check for missing getpeereid (or equiv) support
1492 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1493 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1495 [#include <sys/types.h>
1496 #include <sys/socket.h>],
1497 [int i = SO_PEERCRED;],
1498 [ AC_MSG_RESULT(yes)
1499 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1506 dnl see whether mkstemp() requires XXXXXX
1507 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1508 AC_MSG_CHECKING([for (overly) strict mkstemp])
1512 main() { char template[]="conftest.mkstemp-test";
1513 if (mkstemp(template) == -1)
1515 unlink(template); exit(0);
1523 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1527 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1532 dnl make sure that openpty does not reacquire controlling terminal
1533 if test ! -z "$check_for_openpty_ctty_bug"; then
1534 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1538 #include <sys/fcntl.h>
1539 #include <sys/types.h>
1540 #include <sys/wait.h>
1546 int fd, ptyfd, ttyfd, status;
1549 if (pid < 0) { /* failed */
1551 } else if (pid > 0) { /* parent */
1552 waitpid(pid, &status, 0);
1553 if (WIFEXITED(status))
1554 exit(WEXITSTATUS(status));
1557 } else { /* child */
1558 close(0); close(1); close(2);
1560 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1561 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1563 exit(3); /* Acquired ctty: broken */
1565 exit(0); /* Did not acquire ctty: OK */
1574 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1577 AC_MSG_RESULT(cross-compiling, assuming yes)
1582 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1583 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1584 AC_MSG_CHECKING(if getaddrinfo seems to work)
1588 #include <sys/socket.h>
1591 #include <netinet/in.h>
1593 #define TEST_PORT "2222"
1599 struct addrinfo *gai_ai, *ai, hints;
1600 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1602 memset(&hints, 0, sizeof(hints));
1603 hints.ai_family = PF_UNSPEC;
1604 hints.ai_socktype = SOCK_STREAM;
1605 hints.ai_flags = AI_PASSIVE;
1607 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1609 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1613 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1614 if (ai->ai_family != AF_INET6)
1617 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1618 sizeof(ntop), strport, sizeof(strport),
1619 NI_NUMERICHOST|NI_NUMERICSERV);
1622 if (err == EAI_SYSTEM)
1623 perror("getnameinfo EAI_SYSTEM");
1625 fprintf(stderr, "getnameinfo failed: %s\n",
1630 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1633 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1646 AC_DEFINE(BROKEN_GETADDRINFO)
1649 AC_MSG_RESULT(cross-compiling, assuming yes)
1654 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1655 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1656 AC_MSG_CHECKING(if getaddrinfo seems to work)
1660 #include <sys/socket.h>
1663 #include <netinet/in.h>
1665 #define TEST_PORT "2222"
1671 struct addrinfo *gai_ai, *ai, hints;
1672 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1674 memset(&hints, 0, sizeof(hints));
1675 hints.ai_family = PF_UNSPEC;
1676 hints.ai_socktype = SOCK_STREAM;
1677 hints.ai_flags = AI_PASSIVE;
1679 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1681 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1685 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1686 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1689 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1690 sizeof(ntop), strport, sizeof(strport),
1691 NI_NUMERICHOST|NI_NUMERICSERV);
1693 if (ai->ai_family == AF_INET && err != 0) {
1694 perror("getnameinfo");
1703 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1704 [Define if you have a getaddrinfo that fails
1705 for the all-zeros IPv6 address])
1709 AC_DEFINE(BROKEN_GETADDRINFO)
1712 AC_MSG_RESULT(cross-compiling, assuming no)
1717 if test "x$check_for_conflicting_getspnam" = "x1"; then
1718 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1722 int main(void) {exit(0);}
1729 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1730 [Conflicting defs for getspnam])
1737 # Search for OpenSSL
1738 saved_CPPFLAGS="$CPPFLAGS"
1739 saved_LDFLAGS="$LDFLAGS"
1740 AC_ARG_WITH(ssl-dir,
1741 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1743 if test "x$withval" != "xno" ; then
1746 ./*|../*) withval="`pwd`/$withval"
1748 if test -d "$withval/lib"; then
1749 if test -n "${need_dash_r}"; then
1750 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1752 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1755 if test -n "${need_dash_r}"; then
1756 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1758 LDFLAGS="-L${withval} ${LDFLAGS}"
1761 if test -d "$withval/include"; then
1762 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1764 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1769 LIBS="-lcrypto $LIBS"
1770 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1771 [Define if your ssl headers are included
1772 with #include <openssl/header.h>]),
1774 dnl Check default openssl install dir
1775 if test -n "${need_dash_r}"; then
1776 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1778 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1780 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1781 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1783 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1789 # Determine OpenSSL header version
1790 AC_MSG_CHECKING([OpenSSL header version])
1795 #include <openssl/opensslv.h>
1796 #define DATA "conftest.sslincver"
1801 fd = fopen(DATA,"w");
1805 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1812 ssl_header_ver=`cat conftest.sslincver`
1813 AC_MSG_RESULT($ssl_header_ver)
1816 AC_MSG_RESULT(not found)
1817 AC_MSG_ERROR(OpenSSL version header not found.)
1820 AC_MSG_WARN([cross compiling: not checking])
1824 # Determine OpenSSL library version
1825 AC_MSG_CHECKING([OpenSSL library version])
1830 #include <openssl/opensslv.h>
1831 #include <openssl/crypto.h>
1832 #define DATA "conftest.ssllibver"
1837 fd = fopen(DATA,"w");
1841 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1848 ssl_library_ver=`cat conftest.ssllibver`
1849 AC_MSG_RESULT($ssl_library_ver)
1852 AC_MSG_RESULT(not found)
1853 AC_MSG_ERROR(OpenSSL library not found.)
1856 AC_MSG_WARN([cross compiling: not checking])
1860 # Sanity check OpenSSL headers
1861 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1865 #include <openssl/opensslv.h>
1866 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1873 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1874 Check config.log for details.
1875 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1878 AC_MSG_WARN([cross compiling: not checking])
1882 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1885 #include <openssl/evp.h>
1886 int main(void) { SSLeay_add_all_algorithms(); }
1895 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1898 #include <openssl/evp.h>
1899 int main(void) { SSLeay_add_all_algorithms(); }
1912 AC_ARG_WITH(ssl-engine,
1913 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1914 [ if test "x$withval" != "xno" ; then
1915 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1917 [ #include <openssl/engine.h>],
1919 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1921 [ AC_MSG_RESULT(yes)
1922 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1923 [Enable OpenSSL engine support])
1925 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1930 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1931 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1935 #include <openssl/evp.h>
1936 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1943 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1944 [libcrypto is missing AES 192 and 256 bit functions])
1948 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1949 # because the system crypt() is more featureful.
1950 if test "x$check_for_libcrypt_before" = "x1"; then
1951 AC_CHECK_LIB(crypt, crypt)
1954 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1955 # version in OpenSSL.
1956 if test "x$check_for_libcrypt_later" = "x1"; then
1957 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1960 # Search for SHA256 support in libc and/or OpenSSL
1961 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1963 AC_CHECK_LIB(iaf, ia_openinfo)
1965 ### Configure cryptographic random number support
1967 # Check wheter OpenSSL seeds itself
1968 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1972 #include <openssl/rand.h>
1973 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1976 OPENSSL_SEEDS_ITSELF=yes
1981 # Default to use of the rand helper if OpenSSL doesn't
1986 AC_MSG_WARN([cross compiling: assuming yes])
1987 # This is safe, since all recent OpenSSL versions will
1988 # complain at runtime if not seeded correctly.
1989 OPENSSL_SEEDS_ITSELF=yes
1993 # Check for PAM libs
1996 [ --with-pam Enable PAM support ],
1998 if test "x$withval" != "xno" ; then
1999 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2000 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2001 AC_MSG_ERROR([PAM headers not found])
2005 AC_CHECK_LIB(dl, dlopen, , )
2006 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2007 AC_CHECK_FUNCS(pam_getenvlist)
2008 AC_CHECK_FUNCS(pam_putenv)
2014 AC_DEFINE(USE_PAM, 1,
2015 [Define if you want to enable PAM support])
2017 if test $ac_cv_lib_dl_dlopen = yes; then
2020 # libdl already in LIBS
2023 LIBPAM="$LIBPAM -ldl"
2032 # Check for older PAM
2033 if test "x$PAM_MSG" = "xyes" ; then
2034 # Check PAM strerror arguments (old PAM)
2035 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2039 #if defined(HAVE_SECURITY_PAM_APPL_H)
2040 #include <security/pam_appl.h>
2041 #elif defined (HAVE_PAM_PAM_APPL_H)
2042 #include <pam/pam_appl.h>
2045 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2046 [AC_MSG_RESULT(no)],
2048 AC_DEFINE(HAVE_OLD_PAM, 1,
2049 [Define if you have an old version of PAM
2050 which takes only one argument to pam_strerror])
2052 PAM_MSG="yes (old library)"
2057 # Do we want to force the use of the rand helper?
2058 AC_ARG_WITH(rand-helper,
2059 [ --with-rand-helper Use subprocess to gather strong randomness ],
2061 if test "x$withval" = "xno" ; then
2062 # Force use of OpenSSL's internal RNG, even if
2063 # the previous test showed it to be unseeded.
2064 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2065 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2066 OPENSSL_SEEDS_ITSELF=yes
2075 # Which randomness source do we use?
2076 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2078 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2079 [Define if you want OpenSSL's internally seeded PRNG only])
2080 RAND_MSG="OpenSSL internal ONLY"
2081 INSTALL_SSH_RAND_HELPER=""
2082 elif test ! -z "$USE_RAND_HELPER" ; then
2083 # install rand helper
2084 RAND_MSG="ssh-rand-helper"
2085 INSTALL_SSH_RAND_HELPER="yes"
2087 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2089 ### Configuration of ssh-rand-helper
2092 AC_ARG_WITH(prngd-port,
2093 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2102 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2105 if test ! -z "$withval" ; then
2106 PRNGD_PORT="$withval"
2107 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2108 [Port number of PRNGD/EGD random number socket])
2113 # PRNGD Unix domain socket
2114 AC_ARG_WITH(prngd-socket,
2115 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2119 withval="/var/run/egd-pool"
2127 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2131 if test ! -z "$withval" ; then
2132 if test ! -z "$PRNGD_PORT" ; then
2133 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2135 if test ! -r "$withval" ; then
2136 AC_MSG_WARN(Entropy socket is not readable)
2138 PRNGD_SOCKET="$withval"
2139 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2140 [Location of PRNGD/EGD random number socket])
2144 # Check for existing socket only if we don't have a random device already
2145 if test "$USE_RAND_HELPER" = yes ; then
2146 AC_MSG_CHECKING(for PRNGD/EGD socket)
2147 # Insert other locations here
2148 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2149 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2150 PRNGD_SOCKET="$sock"
2151 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2155 if test ! -z "$PRNGD_SOCKET" ; then
2156 AC_MSG_RESULT($PRNGD_SOCKET)
2158 AC_MSG_RESULT(not found)
2164 # Change default command timeout for hashing entropy source
2166 AC_ARG_WITH(entropy-timeout,
2167 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2169 if test -n "$withval" && test "x$withval" != "xno" && \
2170 test "x${withval}" != "xyes"; then
2171 entropy_timeout=$withval
2175 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2176 [Builtin PRNG command timeout])
2178 SSH_PRIVSEP_USER=sshd
2179 AC_ARG_WITH(privsep-user,
2180 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2182 if test -n "$withval" && test "x$withval" != "xno" && \
2183 test "x${withval}" != "xyes"; then
2184 SSH_PRIVSEP_USER=$withval
2188 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2189 [non-privileged user for privilege separation])
2190 AC_SUBST(SSH_PRIVSEP_USER)
2192 # We do this little dance with the search path to insure
2193 # that programs that we select for use by installed programs
2194 # (which may be run by the super-user) come from trusted
2195 # locations before they come from the user's private area.
2196 # This should help avoid accidentally configuring some
2197 # random version of a program in someone's personal bin.
2201 test -h /bin 2> /dev/null && PATH=/usr/bin
2202 test -d /sbin && PATH=$PATH:/sbin
2203 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2204 PATH=$PATH:/etc:$OPATH
2206 # These programs are used by the command hashing source to gather entropy
2207 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2208 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2209 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2210 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2211 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2212 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2213 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2214 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2215 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2216 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2217 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2218 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2219 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2220 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2221 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2222 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2226 # Where does ssh-rand-helper get its randomness from?
2227 INSTALL_SSH_PRNG_CMDS=""
2228 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2229 if test ! -z "$PRNGD_PORT" ; then
2230 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2231 elif test ! -z "$PRNGD_SOCKET" ; then
2232 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2234 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2235 RAND_HELPER_CMDHASH=yes
2236 INSTALL_SSH_PRNG_CMDS="yes"
2239 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2242 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2243 if test ! -z "$SONY" ; then
2244 LIBS="$LIBS -liberty";
2247 # Check for long long datatypes
2248 AC_CHECK_TYPES([long long, unsigned long long, long double])
2250 # Check datatype sizes
2251 AC_CHECK_SIZEOF(char, 1)
2252 AC_CHECK_SIZEOF(short int, 2)
2253 AC_CHECK_SIZEOF(int, 4)
2254 AC_CHECK_SIZEOF(long int, 4)
2255 AC_CHECK_SIZEOF(long long int, 8)
2257 # Sanity check long long for some platforms (AIX)
2258 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2259 ac_cv_sizeof_long_long_int=0
2262 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2263 if test -z "$have_llong_max"; then
2264 AC_MSG_CHECKING([for max value of long long])
2268 /* Why is this so damn hard? */
2272 #define __USE_ISOC99
2274 #define DATA "conftest.llminmax"
2275 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2278 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2279 * we do this the hard way.
2282 fprint_ll(FILE *f, long long n)
2285 int l[sizeof(long long) * 8];
2288 if (fprintf(f, "-") < 0)
2290 for (i = 0; n != 0; i++) {
2291 l[i] = my_abs(n % 10);
2295 if (fprintf(f, "%d", l[--i]) < 0)
2298 if (fprintf(f, " ") < 0)
2305 long long i, llmin, llmax = 0;
2307 if((f = fopen(DATA,"w")) == NULL)
2310 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2311 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2315 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2316 /* This will work on one's complement and two's complement */
2317 for (i = 1; i > llmax; i <<= 1, i++)
2319 llmin = llmax + 1LL; /* wrap */
2323 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2324 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2325 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2326 fprintf(f, "unknown unknown\n");
2330 if (fprint_ll(f, llmin) < 0)
2332 if (fprint_ll(f, llmax) < 0)
2340 llong_min=`$AWK '{print $1}' conftest.llminmax`
2341 llong_max=`$AWK '{print $2}' conftest.llminmax`
2343 AC_MSG_RESULT($llong_max)
2344 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2345 [max value of long long calculated by configure])
2346 AC_MSG_CHECKING([for min value of long long])
2347 AC_MSG_RESULT($llong_min)
2348 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2349 [min value of long long calculated by configure])
2352 AC_MSG_RESULT(not found)
2355 AC_MSG_WARN([cross compiling: not checking])
2361 # More checks for data types
2362 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2364 [ #include <sys/types.h> ],
2366 [ ac_cv_have_u_int="yes" ],
2367 [ ac_cv_have_u_int="no" ]
2370 if test "x$ac_cv_have_u_int" = "xyes" ; then
2371 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2375 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2377 [ #include <sys/types.h> ],
2378 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2379 [ ac_cv_have_intxx_t="yes" ],
2380 [ ac_cv_have_intxx_t="no" ]
2383 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2384 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2388 if (test -z "$have_intxx_t" && \
2389 test "x$ac_cv_header_stdint_h" = "xyes")
2391 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2393 [ #include <stdint.h> ],
2394 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2396 AC_DEFINE(HAVE_INTXX_T)
2399 [ AC_MSG_RESULT(no) ]
2403 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2406 #include <sys/types.h>
2407 #ifdef HAVE_STDINT_H
2408 # include <stdint.h>
2410 #include <sys/socket.h>
2411 #ifdef HAVE_SYS_BITYPES_H
2412 # include <sys/bitypes.h>
2415 [ int64_t a; a = 1;],
2416 [ ac_cv_have_int64_t="yes" ],
2417 [ ac_cv_have_int64_t="no" ]
2420 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2421 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2424 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2426 [ #include <sys/types.h> ],
2427 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2428 [ ac_cv_have_u_intxx_t="yes" ],
2429 [ ac_cv_have_u_intxx_t="no" ]
2432 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2433 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2437 if test -z "$have_u_intxx_t" ; then
2438 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2440 [ #include <sys/socket.h> ],
2441 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2443 AC_DEFINE(HAVE_U_INTXX_T)
2446 [ AC_MSG_RESULT(no) ]
2450 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2452 [ #include <sys/types.h> ],
2453 [ u_int64_t a; a = 1;],
2454 [ ac_cv_have_u_int64_t="yes" ],
2455 [ ac_cv_have_u_int64_t="no" ]
2458 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2459 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2463 if test -z "$have_u_int64_t" ; then
2464 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2466 [ #include <sys/bitypes.h> ],
2467 [ u_int64_t a; a = 1],
2469 AC_DEFINE(HAVE_U_INT64_T)
2472 [ AC_MSG_RESULT(no) ]
2476 if test -z "$have_u_intxx_t" ; then
2477 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2480 #include <sys/types.h>
2482 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2483 [ ac_cv_have_uintxx_t="yes" ],
2484 [ ac_cv_have_uintxx_t="no" ]
2487 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2488 AC_DEFINE(HAVE_UINTXX_T, 1,
2489 [define if you have uintxx_t data type])
2493 if test -z "$have_uintxx_t" ; then
2494 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2496 [ #include <stdint.h> ],
2497 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2499 AC_DEFINE(HAVE_UINTXX_T)
2502 [ AC_MSG_RESULT(no) ]
2506 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2507 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2509 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2512 #include <sys/bitypes.h>
2515 int8_t a; int16_t b; int32_t c;
2516 u_int8_t e; u_int16_t f; u_int32_t g;
2517 a = b = c = e = f = g = 1;
2520 AC_DEFINE(HAVE_U_INTXX_T)
2521 AC_DEFINE(HAVE_INTXX_T)
2529 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2532 #include <sys/types.h>
2534 [ u_char foo; foo = 125; ],
2535 [ ac_cv_have_u_char="yes" ],
2536 [ ac_cv_have_u_char="no" ]
2539 if test "x$ac_cv_have_u_char" = "xyes" ; then
2540 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2545 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2547 AC_CHECK_TYPES(in_addr_t,,,
2548 [#include <sys/types.h>
2549 #include <netinet/in.h>])
2551 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2554 #include <sys/types.h>
2556 [ size_t foo; foo = 1235; ],
2557 [ ac_cv_have_size_t="yes" ],
2558 [ ac_cv_have_size_t="no" ]
2561 if test "x$ac_cv_have_size_t" = "xyes" ; then
2562 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2565 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2568 #include <sys/types.h>
2570 [ ssize_t foo; foo = 1235; ],
2571 [ ac_cv_have_ssize_t="yes" ],
2572 [ ac_cv_have_ssize_t="no" ]
2575 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2576 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2579 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2584 [ clock_t foo; foo = 1235; ],
2585 [ ac_cv_have_clock_t="yes" ],
2586 [ ac_cv_have_clock_t="no" ]
2589 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2590 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2593 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2596 #include <sys/types.h>
2597 #include <sys/socket.h>
2599 [ sa_family_t foo; foo = 1235; ],
2600 [ ac_cv_have_sa_family_t="yes" ],
2603 #include <sys/types.h>
2604 #include <sys/socket.h>
2605 #include <netinet/in.h>
2607 [ sa_family_t foo; foo = 1235; ],
2608 [ ac_cv_have_sa_family_t="yes" ],
2610 [ ac_cv_have_sa_family_t="no" ]
2614 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2615 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2616 [define if you have sa_family_t data type])
2619 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2622 #include <sys/types.h>
2624 [ pid_t foo; foo = 1235; ],
2625 [ ac_cv_have_pid_t="yes" ],
2626 [ ac_cv_have_pid_t="no" ]
2629 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2630 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2633 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2636 #include <sys/types.h>
2638 [ mode_t foo; foo = 1235; ],
2639 [ ac_cv_have_mode_t="yes" ],
2640 [ ac_cv_have_mode_t="no" ]
2643 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2644 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2648 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2651 #include <sys/types.h>
2652 #include <sys/socket.h>
2654 [ struct sockaddr_storage s; ],
2655 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2656 [ ac_cv_have_struct_sockaddr_storage="no" ]
2659 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2660 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2661 [define if you have struct sockaddr_storage data type])
2664 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2667 #include <sys/types.h>
2668 #include <netinet/in.h>
2670 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2671 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2672 [ ac_cv_have_struct_sockaddr_in6="no" ]
2675 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2676 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2677 [define if you have struct sockaddr_in6 data type])
2680 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2683 #include <sys/types.h>
2684 #include <netinet/in.h>
2686 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2687 [ ac_cv_have_struct_in6_addr="yes" ],
2688 [ ac_cv_have_struct_in6_addr="no" ]
2691 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2692 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2693 [define if you have struct in6_addr data type])
2696 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2699 #include <sys/types.h>
2700 #include <sys/socket.h>
2703 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2704 [ ac_cv_have_struct_addrinfo="yes" ],
2705 [ ac_cv_have_struct_addrinfo="no" ]
2708 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2709 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2710 [define if you have struct addrinfo data type])
2713 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2715 [ #include <sys/time.h> ],
2716 [ struct timeval tv; tv.tv_sec = 1;],
2717 [ ac_cv_have_struct_timeval="yes" ],
2718 [ ac_cv_have_struct_timeval="no" ]
2721 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2722 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2723 have_struct_timeval=1
2726 AC_CHECK_TYPES(struct timespec)
2728 # We need int64_t or else certian parts of the compile will fail.
2729 if test "x$ac_cv_have_int64_t" = "xno" && \
2730 test "x$ac_cv_sizeof_long_int" != "x8" && \
2731 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2732 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2733 echo "an alternative compiler (I.E., GCC) before continuing."
2737 dnl test snprintf (broken on SCO w/gcc)
2742 #ifdef HAVE_SNPRINTF
2746 char expected_out[50];
2748 #if (SIZEOF_LONG_INT == 8)
2749 long int num = 0x7fffffffffffffff;
2751 long long num = 0x7fffffffffffffffll;
2753 strcpy(expected_out, "9223372036854775807");
2754 snprintf(buf, mazsize, "%lld", num);
2755 if(strcmp(buf, expected_out) != 0)
2762 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2763 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2767 dnl Checks for structure members
2768 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2769 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2770 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2771 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2772 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2773 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2774 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2775 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2776 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2777 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2778 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2779 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2780 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2781 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2782 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2783 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2784 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2786 AC_CHECK_MEMBERS([struct stat.st_blksize])
2787 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2788 [Define if we don't have struct __res_state in resolv.h])],
2791 #if HAVE_SYS_TYPES_H
2792 # include <sys/types.h>
2794 #include <netinet/in.h>
2795 #include <arpa/nameser.h>
2799 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2800 ac_cv_have_ss_family_in_struct_ss, [
2803 #include <sys/types.h>
2804 #include <sys/socket.h>
2806 [ struct sockaddr_storage s; s.ss_family = 1; ],
2807 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2808 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2811 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2812 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2815 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2816 ac_cv_have___ss_family_in_struct_ss, [
2819 #include <sys/types.h>
2820 #include <sys/socket.h>
2822 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2823 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2824 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2827 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2828 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2829 [Fields in struct sockaddr_storage])
2832 AC_CACHE_CHECK([for pw_class field in struct passwd],
2833 ac_cv_have_pw_class_in_struct_passwd, [
2838 [ struct passwd p; p.pw_class = 0; ],
2839 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2840 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2843 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2844 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2845 [Define if your password has a pw_class field])
2848 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2849 ac_cv_have_pw_expire_in_struct_passwd, [
2854 [ struct passwd p; p.pw_expire = 0; ],
2855 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2856 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2859 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2860 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2861 [Define if your password has a pw_expire field])
2864 AC_CACHE_CHECK([for pw_change field in struct passwd],
2865 ac_cv_have_pw_change_in_struct_passwd, [
2870 [ struct passwd p; p.pw_change = 0; ],
2871 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2872 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2875 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2876 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2877 [Define if your password has a pw_change field])
2880 dnl make sure we're using the real structure members and not defines
2881 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2882 ac_cv_have_accrights_in_msghdr, [
2885 #include <sys/types.h>
2886 #include <sys/socket.h>
2887 #include <sys/uio.h>
2889 #ifdef msg_accrights
2890 #error "msg_accrights is a macro"
2894 m.msg_accrights = 0;
2898 [ ac_cv_have_accrights_in_msghdr="yes" ],
2899 [ ac_cv_have_accrights_in_msghdr="no" ]
2902 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2903 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2904 [Define if your system uses access rights style
2905 file descriptor passing])
2908 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2909 ac_cv_have_control_in_msghdr, [
2912 #include <sys/types.h>
2913 #include <sys/socket.h>
2914 #include <sys/uio.h>
2917 #error "msg_control is a macro"
2925 [ ac_cv_have_control_in_msghdr="yes" ],
2926 [ ac_cv_have_control_in_msghdr="no" ]
2929 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2930 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2931 [Define if your system uses ancillary data style
2932 file descriptor passing])
2935 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2937 [ extern char *__progname; printf("%s", __progname); ],
2938 [ ac_cv_libc_defines___progname="yes" ],
2939 [ ac_cv_libc_defines___progname="no" ]
2942 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2943 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2946 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2950 [ printf("%s", __FUNCTION__); ],
2951 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2952 [ ac_cv_cc_implements___FUNCTION__="no" ]
2955 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2956 AC_DEFINE(HAVE___FUNCTION__, 1,
2957 [Define if compiler implements __FUNCTION__])
2960 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2964 [ printf("%s", __func__); ],
2965 [ ac_cv_cc_implements___func__="yes" ],
2966 [ ac_cv_cc_implements___func__="no" ]
2969 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2970 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2973 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2975 [#include <stdarg.h>
2978 [ ac_cv_have_va_copy="yes" ],
2979 [ ac_cv_have_va_copy="no" ]
2982 if test "x$ac_cv_have_va_copy" = "xyes" ; then
2983 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2986 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2988 [#include <stdarg.h>
2991 [ ac_cv_have___va_copy="yes" ],
2992 [ ac_cv_have___va_copy="no" ]
2995 if test "x$ac_cv_have___va_copy" = "xyes" ; then
2996 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2999 AC_CACHE_CHECK([whether getopt has optreset support],
3000 ac_cv_have_getopt_optreset, [
3005 [ extern int optreset; optreset = 0; ],
3006 [ ac_cv_have_getopt_optreset="yes" ],
3007 [ ac_cv_have_getopt_optreset="no" ]
3010 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3011 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3012 [Define if your getopt(3) defines and uses optreset])
3015 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3017 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3018 [ ac_cv_libc_defines_sys_errlist="yes" ],
3019 [ ac_cv_libc_defines_sys_errlist="no" ]
3022 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3023 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3024 [Define if your system defines sys_errlist[]])
3028 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3030 [ extern int sys_nerr; printf("%i", sys_nerr);],
3031 [ ac_cv_libc_defines_sys_nerr="yes" ],
3032 [ ac_cv_libc_defines_sys_nerr="no" ]
3035 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3036 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3040 # Check whether user wants sectok support
3042 [ --with-sectok Enable smartcard support using libsectok],
3044 if test "x$withval" != "xno" ; then
3045 if test "x$withval" != "xyes" ; then
3046 CPPFLAGS="$CPPFLAGS -I${withval}"
3047 LDFLAGS="$LDFLAGS -L${withval}"
3048 if test ! -z "$need_dash_r" ; then
3049 LDFLAGS="$LDFLAGS -R${withval}"
3051 if test ! -z "$blibpath" ; then
3052 blibpath="$blibpath:${withval}"
3055 AC_CHECK_HEADERS(sectok.h)
3056 if test "$ac_cv_header_sectok_h" != yes; then
3057 AC_MSG_ERROR(Can't find sectok.h)
3059 AC_CHECK_LIB(sectok, sectok_open)
3060 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3061 AC_MSG_ERROR(Can't find libsectok)
3063 AC_DEFINE(SMARTCARD, 1,
3064 [Define if you want smartcard support])
3065 AC_DEFINE(USE_SECTOK, 1,
3066 [Define if you want smartcard support
3068 SCARD_MSG="yes, using sectok"
3073 # Check whether user wants OpenSC support
3076 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3078 if test "x$withval" != "xno" ; then
3079 if test "x$withval" != "xyes" ; then
3080 OPENSC_CONFIG=$withval/bin/opensc-config
3082 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3084 if test "$OPENSC_CONFIG" != "no"; then
3085 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3086 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3087 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3088 LIBS="$LIBS $LIBOPENSC_LIBS"
3089 AC_DEFINE(SMARTCARD)
3090 AC_DEFINE(USE_OPENSC, 1,
3091 [Define if you want smartcard support
3093 SCARD_MSG="yes, using OpenSC"
3099 # Check libraries needed by DNS fingerprint support
3100 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3101 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3102 [Define if getrrsetbyname() exists])],
3104 # Needed by our getrrsetbyname()
3105 AC_SEARCH_LIBS(res_query, resolv)
3106 AC_SEARCH_LIBS(dn_expand, resolv)
3107 AC_MSG_CHECKING(if res_query will link)
3108 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3111 LIBS="$LIBS -lresolv"
3112 AC_MSG_CHECKING(for res_query in -lresolv)
3117 res_query (0, 0, 0, 0, 0);
3121 [LIBS="$LIBS -lresolv"
3122 AC_MSG_RESULT(yes)],
3126 AC_CHECK_FUNCS(_getshort _getlong)
3127 AC_CHECK_DECLS([_getshort, _getlong], , ,
3128 [#include <sys/types.h>
3129 #include <arpa/nameser.h>])
3130 AC_CHECK_MEMBER(HEADER.ad,
3131 [AC_DEFINE(HAVE_HEADER_AD, 1,
3132 [Define if HEADER.ad exists in arpa/nameser.h])],,
3133 [#include <arpa/nameser.h>])
3136 # Check whether user wants SELinux support
3139 AC_ARG_WITH(selinux,
3140 [ --with-selinux Enable SELinux support],
3141 [ if test "x$withval" != "xno" ; then
3142 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3144 AC_CHECK_HEADER([selinux/selinux.h], ,
3145 AC_MSG_ERROR(SELinux support requires selinux.h header))
3146 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3147 AC_MSG_ERROR(SELinux support requires libselinux library))
3148 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3151 AC_SUBST(LIBSELINUX)
3153 # Check whether user wants Kerberos 5 support
3155 AC_ARG_WITH(kerberos5,
3156 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3157 [ if test "x$withval" != "xno" ; then
3158 if test "x$withval" = "xyes" ; then
3159 KRB5ROOT="/usr/local"
3164 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3167 AC_MSG_CHECKING(for krb5-config)
3168 if test -x $KRB5ROOT/bin/krb5-config ; then
3169 KRB5CONF=$KRB5ROOT/bin/krb5-config
3170 AC_MSG_RESULT($KRB5CONF)
3172 AC_MSG_CHECKING(for gssapi support)
3173 if $KRB5CONF | grep gssapi >/dev/null ; then
3175 AC_DEFINE(GSSAPI, 1,
3176 [Define this if you want GSSAPI
3177 support in the version 2 protocol])
3183 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3184 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3185 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3186 AC_MSG_CHECKING(whether we are using Heimdal)
3187 AC_TRY_COMPILE([ #include <krb5.h> ],
3188 [ char *tmp = heimdal_version; ],
3189 [ AC_MSG_RESULT(yes)
3190 AC_DEFINE(HEIMDAL, 1,
3191 [Define this if you are using the
3192 Heimdal version of Kerberos V5]) ],
3197 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3198 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3199 AC_MSG_CHECKING(whether we are using Heimdal)
3200 AC_TRY_COMPILE([ #include <krb5.h> ],
3201 [ char *tmp = heimdal_version; ],
3202 [ AC_MSG_RESULT(yes)
3204 K5LIBS="-lkrb5 -ldes"
3205 K5LIBS="$K5LIBS -lcom_err -lasn1"
3206 AC_CHECK_LIB(roken, net_write,
3207 [K5LIBS="$K5LIBS -lroken"])
3210 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3213 AC_SEARCH_LIBS(dn_expand, resolv)
3215 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3217 K5LIBS="-lgssapi $K5LIBS" ],
3218 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3220 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3221 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3226 AC_CHECK_HEADER(gssapi.h, ,
3227 [ unset ac_cv_header_gssapi_h
3228 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3229 AC_CHECK_HEADERS(gssapi.h, ,
3230 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3236 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3237 AC_CHECK_HEADER(gssapi_krb5.h, ,
3238 [ CPPFLAGS="$oldCPP" ])
3241 if test ! -z "$need_dash_r" ; then
3242 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3244 if test ! -z "$blibpath" ; then
3245 blibpath="$blibpath:${KRB5ROOT}/lib"
3248 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3249 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3250 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3252 LIBS="$LIBS $K5LIBS"
3253 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3254 [Define this if you want to use libkafs' AFS support]))
3259 # Looking for programs, paths and files
3261 PRIVSEP_PATH=/var/empty
3262 AC_ARG_WITH(privsep-path,
3263 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3265 if test -n "$withval" && test "x$withval" != "xno" && \
3266 test "x${withval}" != "xyes"; then
3267 PRIVSEP_PATH=$withval
3271 AC_SUBST(PRIVSEP_PATH)
3274 [ --with-xauth=PATH Specify path to xauth program ],
3276 if test -n "$withval" && test "x$withval" != "xno" && \
3277 test "x${withval}" != "xyes"; then
3283 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3284 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3285 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3286 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3287 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3288 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3289 xauth_path="/usr/openwin/bin/xauth"
3295 AC_ARG_ENABLE(strip,
3296 [ --disable-strip Disable calling strip(1) on install],
3298 if test "x$enableval" = "xno" ; then
3305 if test -z "$xauth_path" ; then
3306 XAUTH_PATH="undefined"
3307 AC_SUBST(XAUTH_PATH)
3309 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3310 [Define if xauth is found in your path])
3311 XAUTH_PATH=$xauth_path
3312 AC_SUBST(XAUTH_PATH)
3315 # Check for mail directory (last resort if we cannot get it from headers)
3316 if test ! -z "$MAIL" ; then
3317 maildir=`dirname $MAIL`
3318 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3319 [Set this to your mail directory if you don't have maillock.h])
3322 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3323 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3324 disable_ptmx_check=yes
3326 if test -z "$no_dev_ptmx" ; then
3327 if test "x$disable_ptmx_check" != "xyes" ; then
3328 AC_CHECK_FILE("/dev/ptmx",
3330 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3331 [Define if you have /dev/ptmx])
3338 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3339 AC_CHECK_FILE("/dev/ptc",
3341 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3342 [Define if you have /dev/ptc])
3347 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3350 # Options from here on. Some of these are preset by platform above
3351 AC_ARG_WITH(mantype,
3352 [ --with-mantype=man|cat|doc Set man page type],
3359 AC_MSG_ERROR(invalid man type: $withval)
3364 if test -z "$MANTYPE"; then
3365 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3366 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3367 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3369 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3376 if test "$MANTYPE" = "doc"; then
3383 # Check whether to enable MD5 passwords
3385 AC_ARG_WITH(md5-passwords,
3386 [ --with-md5-passwords Enable use of MD5 passwords],
3388 if test "x$withval" != "xno" ; then
3389 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3390 [Define if you want to allow MD5 passwords])
3396 # Whether to disable shadow password support
3398 [ --without-shadow Disable shadow password support],
3400 if test "x$withval" = "xno" ; then
3401 AC_DEFINE(DISABLE_SHADOW)
3407 if test -z "$disable_shadow" ; then
3408 AC_MSG_CHECKING([if the systems has expire shadow information])
3411 #include <sys/types.h>
3414 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3415 [ sp_expire_available=yes ], []
3418 if test "x$sp_expire_available" = "xyes" ; then
3420 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3421 [Define if you want to use shadow password expire field])
3427 # Use ip address instead of hostname in $DISPLAY
3428 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3429 DISPLAY_HACK_MSG="yes"
3430 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3431 [Define if you need to use IP address
3432 instead of hostname in $DISPLAY])
3434 DISPLAY_HACK_MSG="no"
3435 AC_ARG_WITH(ipaddr-display,
3436 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3438 if test "x$withval" != "xno" ; then
3439 AC_DEFINE(IPADDR_IN_DISPLAY)
3440 DISPLAY_HACK_MSG="yes"
3446 # check for /etc/default/login and use it if present.
3447 AC_ARG_ENABLE(etc-default-login,
3448 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3449 [ if test "x$enableval" = "xno"; then
3450 AC_MSG_NOTICE([/etc/default/login handling disabled])
3451 etc_default_login=no
3453 etc_default_login=yes
3455 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3457 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3458 etc_default_login=no
3460 etc_default_login=yes
3464 if test "x$etc_default_login" != "xno"; then
3465 AC_CHECK_FILE("/etc/default/login",
3466 [ external_path_file=/etc/default/login ])
3467 if test "x$external_path_file" = "x/etc/default/login"; then
3468 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3469 [Define if your system has /etc/default/login])
3473 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3474 if test $ac_cv_func_login_getcapbool = "yes" && \
3475 test $ac_cv_header_login_cap_h = "yes" ; then
3476 external_path_file=/etc/login.conf
3479 # Whether to mess with the default path
3480 SERVER_PATH_MSG="(default)"
3481 AC_ARG_WITH(default-path,
3482 [ --with-default-path= Specify default \$PATH environment for server],
3484 if test "x$external_path_file" = "x/etc/login.conf" ; then
3486 --with-default-path=PATH has no effect on this system.
3487 Edit /etc/login.conf instead.])
3488 elif test "x$withval" != "xno" ; then
3489 if test ! -z "$external_path_file" ; then
3491 --with-default-path=PATH will only be used if PATH is not defined in
3492 $external_path_file .])
3494 user_path="$withval"
3495 SERVER_PATH_MSG="$withval"
3498 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3499 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3501 if test ! -z "$external_path_file" ; then
3503 If PATH is defined in $external_path_file, ensure the path to scp is included,
3504 otherwise scp will not work.])
3508 /* find out what STDPATH is */
3513 #ifndef _PATH_STDPATH
3514 # ifdef _PATH_USERPATH /* Irix */
3515 # define _PATH_STDPATH _PATH_USERPATH
3517 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3520 #include <sys/types.h>
3521 #include <sys/stat.h>
3523 #define DATA "conftest.stdpath"
3530 fd = fopen(DATA,"w");
3534 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3540 [ user_path=`cat conftest.stdpath` ],
3541 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3542 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3544 # make sure $bindir is in USER_PATH so scp will work
3545 t_bindir=`eval echo ${bindir}`
3547 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3550 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3552 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3553 if test $? -ne 0 ; then
3554 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3555 if test $? -ne 0 ; then
3556 user_path=$user_path:$t_bindir
3557 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3562 if test "x$external_path_file" != "x/etc/login.conf" ; then
3563 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3567 # Set superuser path separately to user path
3568 AC_ARG_WITH(superuser-path,
3569 [ --with-superuser-path= Specify different path for super-user],
3571 if test -n "$withval" && test "x$withval" != "xno" && \
3572 test "x${withval}" != "xyes"; then
3573 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3574 [Define if you want a different $PATH
3576 superuser_path=$withval
3582 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3583 IPV4_IN6_HACK_MSG="no"
3585 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3587 if test "x$withval" != "xno" ; then
3589 AC_DEFINE(IPV4_IN_IPV6, 1,
3590 [Detect IPv4 in IPv6 mapped addresses
3592 IPV4_IN6_HACK_MSG="yes"
3597 if test "x$inet6_default_4in6" = "xyes"; then
3598 AC_MSG_RESULT([yes (default)])
3599 AC_DEFINE(IPV4_IN_IPV6)
3600 IPV4_IN6_HACK_MSG="yes"
3602 AC_MSG_RESULT([no (default)])
3607 # Whether to enable BSD auth support
3609 AC_ARG_WITH(bsd-auth,
3610 [ --with-bsd-auth Enable BSD auth support],
3612 if test "x$withval" != "xno" ; then
3613 AC_DEFINE(BSD_AUTH, 1,
3614 [Define if you have BSD auth support])
3620 # Where to place sshd.pid
3622 # make sure the directory exists
3623 if test ! -d $piddir ; then
3624 piddir=`eval echo ${sysconfdir}`
3626 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3630 AC_ARG_WITH(pid-dir,
3631 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3633 if test -n "$withval" && test "x$withval" != "xno" && \
3634 test "x${withval}" != "xyes"; then
3636 if test ! -d $piddir ; then
3637 AC_MSG_WARN([** no $piddir directory on this system **])
3643 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3646 dnl allow user to disable some login recording features
3647 AC_ARG_ENABLE(lastlog,
3648 [ --disable-lastlog disable use of lastlog even if detected [no]],
3650 if test "x$enableval" = "xno" ; then
3651 AC_DEFINE(DISABLE_LASTLOG)
3656 [ --disable-utmp disable use of utmp even if detected [no]],
3658 if test "x$enableval" = "xno" ; then
3659 AC_DEFINE(DISABLE_UTMP)
3663 AC_ARG_ENABLE(utmpx,
3664 [ --disable-utmpx disable use of utmpx even if detected [no]],
3666 if test "x$enableval" = "xno" ; then
3667 AC_DEFINE(DISABLE_UTMPX, 1,
3668 [Define if you don't want to use utmpx])
3673 [ --disable-wtmp disable use of wtmp even if detected [no]],
3675 if test "x$enableval" = "xno" ; then
3676 AC_DEFINE(DISABLE_WTMP)
3680 AC_ARG_ENABLE(wtmpx,
3681 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3683 if test "x$enableval" = "xno" ; then
3684 AC_DEFINE(DISABLE_WTMPX, 1,
3685 [Define if you don't want to use wtmpx])
3689 AC_ARG_ENABLE(libutil,
3690 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3692 if test "x$enableval" = "xno" ; then
3693 AC_DEFINE(DISABLE_LOGIN)
3697 AC_ARG_ENABLE(pututline,
3698 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3700 if test "x$enableval" = "xno" ; then
3701 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3702 [Define if you don't want to use pututline()
3703 etc. to write [uw]tmp])
3707 AC_ARG_ENABLE(pututxline,
3708 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3710 if test "x$enableval" = "xno" ; then
3711 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3712 [Define if you don't want to use pututxline()
3713 etc. to write [uw]tmpx])
3717 AC_ARG_WITH(lastlog,
3718 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3720 if test "x$withval" = "xno" ; then
3721 AC_DEFINE(DISABLE_LASTLOG)
3722 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3723 conf_lastlog_location=$withval
3728 dnl lastlog, [uw]tmpx? detection
3729 dnl NOTE: set the paths in the platform section to avoid the
3730 dnl need for command-line parameters
3731 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3733 dnl lastlog detection
3734 dnl NOTE: the code itself will detect if lastlog is a directory
3735 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3737 #include <sys/types.h>
3739 #ifdef HAVE_LASTLOG_H
3740 # include <lastlog.h>
3749 [ char *lastlog = LASTLOG_FILE; ],
3750 [ AC_MSG_RESULT(yes) ],
3753 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3755 #include <sys/types.h>
3757 #ifdef HAVE_LASTLOG_H
3758 # include <lastlog.h>
3764 [ char *lastlog = _PATH_LASTLOG; ],
3765 [ AC_MSG_RESULT(yes) ],
3768 system_lastlog_path=no
3773 if test -z "$conf_lastlog_location"; then
3774 if test x"$system_lastlog_path" = x"no" ; then
3775 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3776 if (test -d "$f" || test -f "$f") ; then
3777 conf_lastlog_location=$f
3780 if test -z "$conf_lastlog_location"; then
3781 AC_MSG_WARN([** Cannot find lastlog **])
3782 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3787 if test -n "$conf_lastlog_location"; then
3788 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3789 [Define if you want to specify the path to your lastlog file])
3793 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3795 #include <sys/types.h>
3801 [ char *utmp = UTMP_FILE; ],
3802 [ AC_MSG_RESULT(yes) ],
3804 system_utmp_path=no ]
3806 if test -z "$conf_utmp_location"; then
3807 if test x"$system_utmp_path" = x"no" ; then
3808 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3809 if test -f $f ; then
3810 conf_utmp_location=$f
3813 if test -z "$conf_utmp_location"; then
3814 AC_DEFINE(DISABLE_UTMP)
3818 if test -n "$conf_utmp_location"; then
3819 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3820 [Define if you want to specify the path to your utmp file])
3824 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3826 #include <sys/types.h>
3832 [ char *wtmp = WTMP_FILE; ],
3833 [ AC_MSG_RESULT(yes) ],
3835 system_wtmp_path=no ]
3837 if test -z "$conf_wtmp_location"; then
3838 if test x"$system_wtmp_path" = x"no" ; then
3839 for f in /usr/adm/wtmp /var/log/wtmp; do
3840 if test -f $f ; then
3841 conf_wtmp_location=$f
3844 if test -z "$conf_wtmp_location"; then
3845 AC_DEFINE(DISABLE_WTMP)
3849 if test -n "$conf_wtmp_location"; then
3850 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3851 [Define if you want to specify the path to your wtmp file])
3855 dnl utmpx detection - I don't know any system so perverse as to require
3856 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3858 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3860 #include <sys/types.h>
3869 [ char *utmpx = UTMPX_FILE; ],
3870 [ AC_MSG_RESULT(yes) ],
3872 system_utmpx_path=no ]
3874 if test -z "$conf_utmpx_location"; then
3875 if test x"$system_utmpx_path" = x"no" ; then
3876 AC_DEFINE(DISABLE_UTMPX)
3879 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3880 [Define if you want to specify the path to your utmpx file])
3884 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3886 #include <sys/types.h>
3895 [ char *wtmpx = WTMPX_FILE; ],
3896 [ AC_MSG_RESULT(yes) ],
3898 system_wtmpx_path=no ]
3900 if test -z "$conf_wtmpx_location"; then
3901 if test x"$system_wtmpx_path" = x"no" ; then
3902 AC_DEFINE(DISABLE_WTMPX)
3905 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3906 [Define if you want to specify the path to your wtmpx file])
3910 if test ! -z "$blibpath" ; then
3911 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3912 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3915 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3917 CFLAGS="$CFLAGS $werror_flags"
3920 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3921 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3922 scard/Makefile ssh_prng_cmds survey.sh])
3925 # Print summary of options
3927 # Someone please show me a better way :)
3928 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3929 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3930 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3931 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3932 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3933 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3934 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3935 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3936 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3937 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3940 echo "OpenSSH has been configured with the following options:"
3941 echo " User binaries: $B"
3942 echo " System binaries: $C"
3943 echo " Configuration files: $D"
3944 echo " Askpass program: $E"
3945 echo " Manual pages: $F"
3946 echo " PID file: $G"
3947 echo " Privilege separation chroot path: $H"
3948 if test "x$external_path_file" = "x/etc/login.conf" ; then
3949 echo " At runtime, sshd will use the path defined in $external_path_file"
3950 echo " Make sure the path to scp is present, otherwise scp will not work"
3952 echo " sshd default user PATH: $I"
3953 if test ! -z "$external_path_file"; then
3954 echo " (If PATH is set in $external_path_file it will be used instead. If"
3955 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3958 if test ! -z "$superuser_path" ; then
3959 echo " sshd superuser user PATH: $J"
3961 echo " Manpage format: $MANTYPE"
3962 echo " PAM support: $PAM_MSG"
3963 echo " OSF SIA support: $SIA_MSG"
3964 echo " KerberosV support: $KRB5_MSG"
3965 echo " SELinux support: $SELINUX_MSG"
3966 echo " Smartcard support: $SCARD_MSG"
3967 echo " S/KEY support: $SKEY_MSG"
3968 echo " TCP Wrappers support: $TCPW_MSG"
3969 echo " MD5 password support: $MD5_MSG"
3970 echo " libedit support: $LIBEDIT_MSG"
3971 echo " Solaris process contract support: $SPC_MSG"
3972 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3973 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3974 echo " BSD Auth support: $BSD_AUTH_MSG"
3975 echo " Random number source: $RAND_MSG"
3976 if test ! -z "$USE_RAND_HELPER" ; then
3977 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
3982 echo " Host: ${host}"
3983 echo " Compiler: ${CC}"
3984 echo " Compiler flags: ${CFLAGS}"
3985 echo "Preprocessor flags: ${CPPFLAGS}"
3986 echo " Linker flags: ${LDFLAGS}"
3987 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
3991 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
3992 echo "SVR4 style packages are supported with \"make package\""
3996 if test "x$PAM_MSG" = "xyes" ; then
3997 echo "PAM is enabled. You may need to install a PAM control file "
3998 echo "for sshd, otherwise password authentication may fail. "
3999 echo "Example PAM control files can be found in the contrib/ "
4004 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4005 echo "WARNING: you are using the builtin random number collection "
4006 echo "service. Please read WARNING.RNG and request that your OS "
4007 echo "vendor includes kernel-based random number collection in "
4008 echo "future versions of your OS."
4012 if test ! -z "$NO_PEERCHECK" ; then
4013 echo "WARNING: the operating system that you are using does not "
4014 echo "appear to support either the getpeereid() API nor the "
4015 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4016 echo "enforce security checks to prevent unauthorised connections to "
4017 echo "ssh-agent. Their absence increases the risk that a malicious "
4018 echo "user can connect to your agent. "
4022 if test "$AUDIT_MODULE" = "bsm" ; then
4023 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4024 echo "See the Solaris section in README.platform for details."