3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 if test -z "$have_llong_max"; then
109 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
110 unset ac_cv_have_decl_LLONG_MAX
111 saved_CFLAGS="$CFLAGS"
112 CFLAGS="$CFLAGS -std=gnu99"
113 AC_CHECK_DECL(LLONG_MAX,
115 [CFLAGS="$saved_CFLAGS"],
116 [#include <limits.h>]
121 if test "x$no_attrib_nonnull" != "x1" ; then
122 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
126 [ --without-rpath Disable auto-added -R linker paths],
128 if test "x$withval" = "xno" ; then
131 if test "x$withval" = "xyes" ; then
137 # Allow user to specify flags
139 [ --with-cflags Specify additional flags to pass to compiler],
141 if test -n "$withval" && test "x$withval" != "xno" && \
142 test "x${withval}" != "xyes"; then
143 CFLAGS="$CFLAGS $withval"
147 AC_ARG_WITH(cppflags,
148 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CPPFLAGS="$CPPFLAGS $withval"
157 [ --with-ldflags Specify additional flags to pass to linker],
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 LDFLAGS="$LDFLAGS $withval"
166 [ --with-libs Specify additional libraries to link with],
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LIBS="$LIBS $withval"
175 [ --with-Werror Build main code with -Werror],
177 if test -n "$withval" && test "x$withval" != "xno"; then
178 werror_flags="-Werror"
179 if test "x${withval}" != "xyes"; then
180 werror_flags="$withval"
212 security/pam_appl.h \
250 # lastlog.h requires sys/time.h to be included first on Solaris
251 AC_CHECK_HEADERS(lastlog.h, [], [], [
252 #ifdef HAVE_SYS_TIME_H
253 # include <sys/time.h>
257 # sys/ptms.h requires sys/stream.h to be included first on Solaris
258 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
259 #ifdef HAVE_SYS_STREAM_H
260 # include <sys/stream.h>
264 # login_cap.h requires sys/types.h on NetBSD
265 AC_CHECK_HEADERS(login_cap.h, [], [], [
266 #include <sys/types.h>
269 # Messages for features tested for in target-specific section
273 # Check for some target-specific stuff
276 # Some versions of VAC won't allow macro redefinitions at
277 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
278 # particularly with older versions of vac or xlc.
279 # It also throws errors about null macro argments, but these are
281 AC_MSG_CHECKING(if compiler allows macro redefinitions)
284 #define testmacro foo
285 #define testmacro bar
286 int main(void) { exit(0); }
288 [ AC_MSG_RESULT(yes) ],
290 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
291 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
292 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
293 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
297 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
298 if (test -z "$blibpath"); then
299 blibpath="/usr/lib:/lib"
301 saved_LDFLAGS="$LDFLAGS"
302 if test "$GCC" = "yes"; then
303 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
305 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
307 for tryflags in $flags ;do
308 if (test -z "$blibflags"); then
309 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
310 AC_TRY_LINK([], [], [blibflags=$tryflags])
313 if (test -z "$blibflags"); then
314 AC_MSG_RESULT(not found)
315 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
317 AC_MSG_RESULT($blibflags)
319 LDFLAGS="$saved_LDFLAGS"
320 dnl Check for authenticate. Might be in libs.a on older AIXes
321 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
322 [Define if you want to enable AIX4's authenticate function])],
323 [AC_CHECK_LIB(s,authenticate,
324 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
328 dnl Check for various auth function declarations in headers.
329 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
330 passwdexpired, setauthdb], , , [#include <usersec.h>])
331 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
332 AC_CHECK_DECLS(loginfailed,
333 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
335 [#include <usersec.h>],
336 [(void)loginfailed("user","host","tty",0);],
338 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
339 [Define if your AIX loginfailed() function
340 takes 4 arguments (AIX >= 5.2)])],
344 [#include <usersec.h>]
346 AC_CHECK_FUNCS(setauthdb)
347 AC_CHECK_DECL(F_CLOSEM,
348 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
350 [ #include <limits.h>
353 check_for_aix_broken_getaddrinfo=1
354 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
355 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
356 [Define if your platform breaks doing a seteuid before a setuid])
357 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
358 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
359 dnl AIX handles lastlog as part of its login message
360 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
361 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
362 [Some systems need a utmpx entry for /bin/login to work])
363 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
364 [Define to a Set Process Title type if your system is
365 supported by bsd-setproctitle.c])
366 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
367 [AIX 5.2 and 5.3 (and presumably newer) require this])
368 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
371 check_for_libcrypt_later=1
372 LIBS="$LIBS /usr/lib/textreadmode.o"
373 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
374 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
375 AC_DEFINE(DISABLE_SHADOW, 1,
376 [Define if you want to disable shadow passwords])
377 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
378 [Define if your system choked on IP TOS setting])
379 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
380 [Define if X11 doesn't support AF_UNIX sockets on that system])
381 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
382 [Define if the concept of ports only accessible to
383 superusers isn't known])
384 AC_DEFINE(DISABLE_FD_PASSING, 1,
385 [Define if your platform needs to skip post auth
386 file descriptor passing])
389 AC_DEFINE(IP_TOS_IS_BROKEN)
390 AC_DEFINE(SETEUID_BREAKS_SETUID)
391 AC_DEFINE(BROKEN_SETREUID)
392 AC_DEFINE(BROKEN_SETREGID)
395 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
396 AC_DEFINE(BROKEN_GETADDRINFO)
397 AC_DEFINE(SETEUID_BREAKS_SETUID)
398 AC_DEFINE(BROKEN_SETREUID)
399 AC_DEFINE(BROKEN_SETREGID)
400 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
401 [Define if your resolver libs need this for getrrsetbyname])
402 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
403 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
404 [Use tunnel device compatibility to OpenBSD])
405 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
406 [Prepend the address family to IP tunnel traffic])
407 AC_MSG_CHECKING(if we have the Security Authorization Session API)
408 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
409 [SessionCreate(0, 0);],
410 [ac_cv_use_security_session_api="yes"
411 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
412 [platform has the Security Authorization Session API])
413 LIBS="$LIBS -framework Security"
415 [ac_cv_use_security_session_api="no"
417 AC_MSG_CHECKING(if we have an in-memory credentials cache)
419 [#include <Kerberos/Kerberos.h>],
421 (void) cc_initialize (&c, 0, NULL, NULL);],
422 [AC_DEFINE(USE_CCAPI, 1,
423 [platform uses an in-memory credentials cache])
424 LIBS="$LIBS -framework Security"
426 if test "x$ac_cv_use_security_session_api" = "xno"; then
427 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
433 SSHDLIBS="$SSHDLIBS -lcrypt"
436 # first we define all of the options common to all HP-UX releases
437 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
438 IPADDR_IN_DISPLAY=yes
440 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
441 [Define if your login program cannot handle end of options ("--")])
442 AC_DEFINE(LOGIN_NEEDS_UTMPX)
443 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
444 [String used in /etc/passwd to denote locked account])
445 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
446 MAIL="/var/mail/username"
448 AC_CHECK_LIB(xnet, t_error, ,
449 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
451 # next, we define all of the options specific to major releases
454 if test -z "$GCC"; then
459 AC_DEFINE(PAM_SUN_CODEBASE, 1,
460 [Define if you are using Solaris-derived PAM which
461 passes pam_messages to the conversation function
462 with an extra level of indirection])
463 AC_DEFINE(DISABLE_UTMP, 1,
464 [Define if you don't want to use utmp])
465 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
466 check_for_hpux_broken_getaddrinfo=1
467 check_for_conflicting_getspnam=1
471 # lastly, we define options specific to minor releases
474 AC_DEFINE(HAVE_SECUREWARE, 1,
475 [Define if you have SecureWare-based
476 protected password database])
477 disable_ptmx_check=yes
483 PATH="$PATH:/usr/etc"
484 AC_DEFINE(BROKEN_INET_NTOA, 1,
485 [Define if you system's inet_ntoa is busted
486 (e.g. Irix gcc issue)])
487 AC_DEFINE(SETEUID_BREAKS_SETUID)
488 AC_DEFINE(BROKEN_SETREUID)
489 AC_DEFINE(BROKEN_SETREGID)
490 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
491 [Define if you shouldn't strip 'tty' from your
493 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
496 PATH="$PATH:/usr/etc"
497 AC_DEFINE(WITH_IRIX_ARRAY, 1,
498 [Define if you have/want arrays
499 (cluster-wide session managment, not C arrays)])
500 AC_DEFINE(WITH_IRIX_PROJECT, 1,
501 [Define if you want IRIX project management])
502 AC_DEFINE(WITH_IRIX_AUDIT, 1,
503 [Define if you want IRIX audit trails])
504 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
505 [Define if you want IRIX kernel jobs])])
506 AC_DEFINE(BROKEN_INET_NTOA)
507 AC_DEFINE(SETEUID_BREAKS_SETUID)
508 AC_DEFINE(BROKEN_SETREUID)
509 AC_DEFINE(BROKEN_SETREGID)
510 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
511 AC_DEFINE(WITH_ABBREV_NO_TTY)
512 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
516 check_for_libcrypt_later=1
517 check_for_openpty_ctty_bug=1
518 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
519 AC_DEFINE(PAM_TTY_KLUDGE, 1,
520 [Work around problematic Linux PAM modules handling of PAM_TTY])
521 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
522 [String used in /etc/passwd to denote locked account])
523 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
524 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
525 [Define to whatever link() returns for "not supported"
526 if it doesn't return EOPNOTSUPP.])
527 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
529 inet6_default_4in6=yes
532 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
533 [Define if cmsg_type is not passed correctly])
536 # tun(4) forwarding compat code
537 AC_CHECK_HEADERS(linux/if_tun.h)
538 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
539 AC_DEFINE(SSH_TUN_LINUX, 1,
540 [Open tunnel devices the Linux tun/tap way])
541 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
542 [Use tunnel device compatibility to OpenBSD])
543 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
544 [Prepend the address family to IP tunnel traffic])
547 mips-sony-bsd|mips-sony-newsos4)
548 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
552 check_for_libcrypt_before=1
553 if test "x$withval" != "xno" ; then
556 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
557 AC_CHECK_HEADER([net/if_tap.h], ,
558 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
559 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
560 [Prepend the address family to IP tunnel traffic])
563 check_for_libcrypt_later=1
564 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
565 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
566 AC_CHECK_HEADER([net/if_tap.h], ,
567 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
570 AC_DEFINE(SETEUID_BREAKS_SETUID)
571 AC_DEFINE(BROKEN_SETREUID)
572 AC_DEFINE(BROKEN_SETREGID)
575 conf_lastlog_location="/usr/adm/lastlog"
576 conf_utmp_location=/etc/utmp
577 conf_wtmp_location=/usr/adm/wtmp
579 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
580 AC_DEFINE(BROKEN_REALPATH)
582 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
585 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
586 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
587 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
588 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
589 [syslog_r function is safe to use in in a signal handler])
592 if test "x$withval" != "xno" ; then
595 AC_DEFINE(PAM_SUN_CODEBASE)
596 AC_DEFINE(LOGIN_NEEDS_UTMPX)
597 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
598 [Some versions of /bin/login need the TERM supplied
600 AC_DEFINE(PAM_TTY_KLUDGE)
601 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
602 [Define if pam_chauthtok wants real uid set
603 to the unpriv'ed user])
604 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
605 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
606 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
607 [Define if sshd somehow reacquires a controlling TTY
609 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
610 in case the name is longer than 8 chars])
611 external_path_file=/etc/default/login
612 # hardwire lastlog location (can't detect it on some versions)
613 conf_lastlog_location="/var/adm/lastlog"
614 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
615 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
616 if test "$sol2ver" -ge 8; then
618 AC_DEFINE(DISABLE_UTMP)
619 AC_DEFINE(DISABLE_WTMP, 1,
620 [Define if you don't want to use wtmp])
624 AC_ARG_WITH(solaris-contracts,
625 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
627 AC_CHECK_LIB(contract, ct_tmpl_activate,
628 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
629 [Define if you have Solaris process contracts])
630 SSHDLIBS="$SSHDLIBS -lcontract"
637 CPPFLAGS="$CPPFLAGS -DSUNOS4"
638 AC_CHECK_FUNCS(getpwanam)
639 AC_DEFINE(PAM_SUN_CODEBASE)
640 conf_utmp_location=/etc/utmp
641 conf_wtmp_location=/var/adm/wtmp
642 conf_lastlog_location=/var/adm/lastlog
648 AC_DEFINE(SSHD_ACQUIRES_CTTY)
649 AC_DEFINE(SETEUID_BREAKS_SETUID)
650 AC_DEFINE(BROKEN_SETREUID)
651 AC_DEFINE(BROKEN_SETREGID)
654 # /usr/ucblib MUST NOT be searched on ReliantUNIX
655 AC_CHECK_LIB(dl, dlsym, ,)
656 # -lresolv needs to be at the end of LIBS or DNS lookups break
657 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
658 IPADDR_IN_DISPLAY=yes
660 AC_DEFINE(IP_TOS_IS_BROKEN)
661 AC_DEFINE(SETEUID_BREAKS_SETUID)
662 AC_DEFINE(BROKEN_SETREUID)
663 AC_DEFINE(BROKEN_SETREGID)
664 AC_DEFINE(SSHD_ACQUIRES_CTTY)
665 external_path_file=/etc/default/login
666 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
667 # Attention: always take care to bind libsocket and libnsl before libc,
668 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
670 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
673 AC_DEFINE(SETEUID_BREAKS_SETUID)
674 AC_DEFINE(BROKEN_SETREUID)
675 AC_DEFINE(BROKEN_SETREGID)
676 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
677 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
679 # UnixWare 7.x, OpenUNIX 8
681 check_for_libcrypt_later=1
682 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
684 AC_DEFINE(SETEUID_BREAKS_SETUID)
685 AC_DEFINE(BROKEN_SETREUID)
686 AC_DEFINE(BROKEN_SETREGID)
687 AC_DEFINE(PASSWD_NEEDS_USERNAME)
689 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
690 TEST_SHELL=/u95/bin/sh
691 AC_DEFINE(BROKEN_LIBIAF, 1,
692 [ia_uinfo routines not supported by OS yet])
693 AC_DEFINE(BROKEN_UPDWTMPX)
695 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
701 # SCO UNIX and OEM versions of SCO UNIX
703 AC_MSG_ERROR("This Platform is no longer supported.")
707 if test -z "$GCC"; then
708 CFLAGS="$CFLAGS -belf"
710 LIBS="$LIBS -lprot -lx -ltinfo -lm"
713 AC_DEFINE(HAVE_SECUREWARE)
714 AC_DEFINE(DISABLE_SHADOW)
715 AC_DEFINE(DISABLE_FD_PASSING)
716 AC_DEFINE(SETEUID_BREAKS_SETUID)
717 AC_DEFINE(BROKEN_SETREUID)
718 AC_DEFINE(BROKEN_SETREGID)
719 AC_DEFINE(WITH_ABBREV_NO_TTY)
720 AC_DEFINE(BROKEN_UPDWTMPX)
721 AC_DEFINE(PASSWD_NEEDS_USERNAME)
722 AC_CHECK_FUNCS(getluid setluid)
727 AC_DEFINE(NO_SSH_LASTLOG, 1,
728 [Define if you don't want to use lastlog in session.c])
729 AC_DEFINE(SETEUID_BREAKS_SETUID)
730 AC_DEFINE(BROKEN_SETREUID)
731 AC_DEFINE(BROKEN_SETREGID)
733 AC_DEFINE(DISABLE_FD_PASSING)
735 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
739 AC_DEFINE(SETEUID_BREAKS_SETUID)
740 AC_DEFINE(BROKEN_SETREUID)
741 AC_DEFINE(BROKEN_SETREGID)
742 AC_DEFINE(WITH_ABBREV_NO_TTY)
744 AC_DEFINE(DISABLE_FD_PASSING)
746 LIBS="$LIBS -lgen -lacid -ldb"
750 AC_DEFINE(SETEUID_BREAKS_SETUID)
751 AC_DEFINE(BROKEN_SETREUID)
752 AC_DEFINE(BROKEN_SETREGID)
754 AC_DEFINE(DISABLE_FD_PASSING)
755 AC_DEFINE(NO_SSH_LASTLOG)
756 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
757 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
761 AC_MSG_CHECKING(for Digital Unix SIA)
764 [ --with-osfsia Enable Digital Unix SIA],
766 if test "x$withval" = "xno" ; then
767 AC_MSG_RESULT(disabled)
772 if test -z "$no_osfsia" ; then
773 if test -f /etc/sia/matrix.conf; then
775 AC_DEFINE(HAVE_OSF_SIA, 1,
776 [Define if you have Digital Unix Security
777 Integration Architecture])
778 AC_DEFINE(DISABLE_LOGIN, 1,
779 [Define if you don't want to use your
780 system's login() call])
781 AC_DEFINE(DISABLE_FD_PASSING)
782 LIBS="$LIBS -lsecurity -ldb -lm -laud"
786 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
787 [String used in /etc/passwd to denote locked account])
790 AC_DEFINE(BROKEN_GETADDRINFO)
791 AC_DEFINE(SETEUID_BREAKS_SETUID)
792 AC_DEFINE(BROKEN_SETREUID)
793 AC_DEFINE(BROKEN_SETREGID)
798 AC_DEFINE(NO_X11_UNIX_SOCKETS)
799 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
800 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
801 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
802 AC_DEFINE(DISABLE_LASTLOG)
803 AC_DEFINE(SSHD_ACQUIRES_CTTY)
804 enable_etc_default_login=no # has incompatible /etc/default/login
807 AC_DEFINE(DISABLE_FD_PASSING)
813 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
814 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
815 AC_DEFINE(NEED_SETPGRP)
816 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
820 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
821 AC_DEFINE(MISSING_HOWMANY)
822 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
826 AC_MSG_CHECKING(compiler and flags for sanity)
832 [ AC_MSG_RESULT(yes) ],
835 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
837 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
840 dnl Checks for header files.
841 # Checks for libraries.
842 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
843 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
845 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
846 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
847 AC_CHECK_LIB(gen, dirname,[
848 AC_CACHE_CHECK([for broken dirname],
849 ac_cv_have_broken_dirname, [
857 int main(int argc, char **argv) {
860 strncpy(buf,"/etc", 32);
862 if (!s || strncmp(s, "/", 32) != 0) {
869 [ ac_cv_have_broken_dirname="no" ],
870 [ ac_cv_have_broken_dirname="yes" ],
871 [ ac_cv_have_broken_dirname="no" ],
875 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
877 AC_DEFINE(HAVE_DIRNAME)
878 AC_CHECK_HEADERS(libgen.h)
883 AC_CHECK_FUNC(getspnam, ,
884 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
885 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
886 [Define if you have the basename function.]))
890 [ --with-zlib=PATH Use zlib in PATH],
891 [ if test "x$withval" = "xno" ; then
892 AC_MSG_ERROR([*** zlib is required ***])
893 elif test "x$withval" != "xyes"; then
894 if test -d "$withval/lib"; then
895 if test -n "${need_dash_r}"; then
896 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
898 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
901 if test -n "${need_dash_r}"; then
902 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
904 LDFLAGS="-L${withval} ${LDFLAGS}"
907 if test -d "$withval/include"; then
908 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
910 CPPFLAGS="-I${withval} ${CPPFLAGS}"
915 AC_CHECK_LIB(z, deflate, ,
917 saved_CPPFLAGS="$CPPFLAGS"
918 saved_LDFLAGS="$LDFLAGS"
920 dnl Check default zlib install dir
921 if test -n "${need_dash_r}"; then
922 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
924 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
926 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
928 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
930 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
935 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
937 AC_ARG_WITH(zlib-version-check,
938 [ --without-zlib-version-check Disable zlib version check],
939 [ if test "x$withval" = "xno" ; then
940 zlib_check_nonfatal=1
945 AC_MSG_CHECKING(for possibly buggy zlib)
946 AC_RUN_IFELSE([AC_LANG_SOURCE([[
951 int a=0, b=0, c=0, d=0, n, v;
952 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
953 if (n != 3 && n != 4)
955 v = a*1000000 + b*10000 + c*100 + d;
956 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
959 if (a == 1 && b == 1 && c >= 4)
962 /* 1.2.3 and up are OK */
971 if test -z "$zlib_check_nonfatal" ; then
972 AC_MSG_ERROR([*** zlib too old - check config.log ***
973 Your reported zlib version has known security problems. It's possible your
974 vendor has fixed these problems without changing the version number. If you
975 are sure this is the case, you can disable the check by running
976 "./configure --without-zlib-version-check".
977 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
978 See http://www.gzip.org/zlib/ for details.])
980 AC_MSG_WARN([zlib version may have security problems])
983 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
987 AC_CHECK_FUNC(strcasecmp,
988 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
990 AC_CHECK_FUNCS(utimes,
991 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
992 LIBS="$LIBS -lc89"]) ]
995 dnl Checks for libutil functions
996 AC_CHECK_HEADERS(libutil.h)
997 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
998 [Define if your libraries define login()])])
999 AC_CHECK_FUNCS(logout updwtmp logwtmp)
1003 # Check for ALTDIRFUNC glob() extension
1004 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1005 AC_EGREP_CPP(FOUNDIT,
1008 #ifdef GLOB_ALTDIRFUNC
1013 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1014 [Define if your system glob() function has
1015 the GLOB_ALTDIRFUNC extension])
1023 # Check for g.gl_matchc glob() extension
1024 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1026 [ #include <glob.h> ],
1027 [glob_t g; g.gl_matchc = 1;],
1029 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1030 [Define if your system glob() function has
1031 gl_matchc options in glob_t])
1039 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1041 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1044 #include <sys/types.h>
1046 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1048 [AC_MSG_RESULT(yes)],
1051 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1052 [Define if your struct dirent expects you to
1053 allocate extra space for d_name])
1056 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1057 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1061 # Check whether the user wants GSSAPI mechglue support
1062 AC_ARG_WITH(mechglue,
1063 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1065 AC_MSG_CHECKING(for mechglue library)
1067 if test -e ${withval}/libgssapi.a ; then
1068 mechglue_lib=${withval}/libgssapi.a
1069 elif test -e ${withval}/lib/libgssapi.a ; then
1070 mechglue_lib=${withval}/lib/libgssapi.a
1072 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1074 LIBS="$LIBS ${mechglue_lib}"
1075 AC_MSG_RESULT(${mechglue_lib})
1077 AC_CHECK_LIB(dl, dlopen, , )
1078 if test $ac_cv_lib_dl_dlopen = yes; then
1079 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1083 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1090 # Check whether the user wants GSI (Globus) support
1093 [ --with-gsi Enable Globus GSI authentication support],
1100 [ --with-globus Enable Globus GSI authentication support],
1106 AC_ARG_WITH(globus-static,
1107 [ --with-globus-static Link statically with Globus GSI libraries],
1109 gsi_static="-static"
1110 if test "x$gsi_path" = "xno" ; then
1116 # Check whether the user has a Globus flavor type
1117 globus_flavor_type="no"
1118 AC_ARG_WITH(globus-flavor,
1119 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
1121 globus_flavor_type="$withval"
1122 if test "x$gsi_path" = "xno" ; then
1128 if test "x$gsi_path" != "xno" ; then
1129 # Globus GSSAPI configuration
1130 AC_MSG_CHECKING(for Globus GSI)
1131 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
1133 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
1134 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1136 if test -z "$GSSAPI"; then
1141 if test "x$gsi_path" = "xyes" ; then
1142 if test -z "$GLOBUS_LOCATION" ; then
1143 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
1145 gsi_path="$GLOBUS_LOCATION"
1148 GLOBUS_LOCATION="$gsi_path"
1149 export GLOBUS_LOCATION
1150 if test ! -d "$GLOBUS_LOCATION" ; then
1151 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1154 if test "x$globus_flavor_type" = "xno" ; then
1155 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1157 if test "x$globus_flavor_type" = "xyes" ; then
1158 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1161 if test -x ${gsi_path}/bin/globus-makefile-header ; then
1162 ${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
1163 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
1164 ${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
1166 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
1168 . ./gpt_build_tmp.sh
1169 if test -n "${need_dash_r}"; then
1170 GSI_LDFLAGS="-L${gsi_path}/lib -R${gsi_path}/lib"
1172 GSI_LDFLAGS="-L${gsi_path}/lib"
1174 if test -z "$GLOBUS_PKG_LIBS" ; then
1175 AC_MSG_ERROR(globus-makefile-header failed)
1178 AC_DEFINE(HAVE_GSSAPI_H)
1180 LIBS="$LIBS $GLOBUS_LIBS $GLOBUS_PKG_LIBS"
1181 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1182 CPPFLAGS="$CPPFLAGS $GLOBUS_INCLUDES"
1184 # test that we got the libraries OK
1192 AC_MSG_ERROR(link with Globus libraries failed)
1195 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1196 INSTALL_GSISSH="yes"
1200 AC_SUBST(INSTALL_GSISSH)
1201 # End Globus/GSI section
1203 AC_MSG_CHECKING([for /proc/pid/fd directory])
1204 if test -d "/proc/$$/fd" ; then
1205 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1211 # Check whether user wants S/Key support
1214 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1216 if test "x$withval" != "xno" ; then
1218 if test "x$withval" != "xyes" ; then
1219 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1220 LDFLAGS="$LDFLAGS -L${withval}/lib"
1223 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1227 AC_MSG_CHECKING([for s/key support])
1232 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1234 [AC_MSG_RESULT(yes)],
1237 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1239 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1243 [(void)skeychallenge(NULL,"name","",0);],
1245 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1246 [Define if your skeychallenge()
1247 function takes 4 arguments (NetBSD)])],
1254 # Check whether user wants TCP wrappers support
1256 AC_ARG_WITH(tcp-wrappers,
1257 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1259 if test "x$withval" != "xno" ; then
1261 saved_LDFLAGS="$LDFLAGS"
1262 saved_CPPFLAGS="$CPPFLAGS"
1263 if test -n "${withval}" && \
1264 test "x${withval}" != "xyes"; then
1265 if test -d "${withval}/lib"; then
1266 if test -n "${need_dash_r}"; then
1267 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1269 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1272 if test -n "${need_dash_r}"; then
1273 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1275 LDFLAGS="-L${withval} ${LDFLAGS}"
1278 if test -d "${withval}/include"; then
1279 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1281 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1285 AC_MSG_CHECKING(for libwrap)
1288 #include <sys/types.h>
1289 #include <sys/socket.h>
1290 #include <netinet/in.h>
1292 int deny_severity = 0, allow_severity = 0;
1297 AC_DEFINE(LIBWRAP, 1,
1299 TCP Wrappers support])
1300 SSHDLIBS="$SSHDLIBS -lwrap"
1304 AC_MSG_ERROR([*** libwrap missing])
1312 # Check whether user wants libedit support
1314 AC_ARG_WITH(libedit,
1315 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1316 [ if test "x$withval" != "xno" ; then
1317 if test "x$withval" != "xyes"; then
1318 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1319 if test -n "${need_dash_r}"; then
1320 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1322 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1325 AC_CHECK_LIB(edit, el_init,
1326 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1327 LIBEDIT="-ledit -lcurses"
1331 [ AC_MSG_ERROR(libedit not found) ],
1334 AC_MSG_CHECKING(if libedit version is compatible)
1337 #include <histedit.h>
1341 el_init("", NULL, NULL, NULL);
1345 [ AC_MSG_RESULT(yes) ],
1347 AC_MSG_ERROR(libedit version is not compatible) ]
1354 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1356 AC_MSG_CHECKING(for supported audit module)
1361 dnl Checks for headers, libs and functions
1362 AC_CHECK_HEADERS(bsm/audit.h, [],
1363 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1370 AC_CHECK_LIB(bsm, getaudit, [],
1371 [AC_MSG_ERROR(BSM enabled and required library not found)])
1372 AC_CHECK_FUNCS(getaudit, [],
1373 [AC_MSG_ERROR(BSM enabled and required function not found)])
1374 # These are optional
1375 AC_CHECK_FUNCS(getaudit_addr)
1376 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1380 AC_MSG_RESULT(debug)
1381 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1387 AC_MSG_ERROR([Unknown audit module $withval])
1392 dnl Checks for library functions. Please keep in alphabetical order
1480 # IRIX has a const char return value for gai_strerror()
1481 AC_CHECK_FUNCS(gai_strerror,[
1482 AC_DEFINE(HAVE_GAI_STRERROR)
1484 #include <sys/types.h>
1485 #include <sys/socket.h>
1488 const char *gai_strerror(int);],[
1491 str = gai_strerror(0);],[
1492 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1493 [Define if gai_strerror() returns const char *])])])
1495 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1496 [Some systems put nanosleep outside of libc]))
1498 dnl Make sure prototypes are defined for these before using them.
1499 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1500 AC_CHECK_DECL(strsep,
1501 [AC_CHECK_FUNCS(strsep)],
1504 #ifdef HAVE_STRING_H
1505 # include <string.h>
1509 dnl tcsendbreak might be a macro
1510 AC_CHECK_DECL(tcsendbreak,
1511 [AC_DEFINE(HAVE_TCSENDBREAK)],
1512 [AC_CHECK_FUNCS(tcsendbreak)],
1513 [#include <termios.h>]
1516 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1518 AC_CHECK_DECLS(SHUT_RD, , ,
1520 #include <sys/types.h>
1521 #include <sys/socket.h>
1524 AC_CHECK_DECLS(O_NONBLOCK, , ,
1526 #include <sys/types.h>
1527 #ifdef HAVE_SYS_STAT_H
1528 # include <sys/stat.h>
1535 AC_CHECK_DECLS(writev, , , [
1536 #include <sys/types.h>
1537 #include <sys/uio.h>
1541 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1542 #include <sys/param.h>
1545 AC_CHECK_DECLS(offsetof, , , [
1549 AC_CHECK_FUNCS(setresuid, [
1550 dnl Some platorms have setresuid that isn't implemented, test for this
1551 AC_MSG_CHECKING(if setresuid seems to work)
1556 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1558 [AC_MSG_RESULT(yes)],
1559 [AC_DEFINE(BROKEN_SETRESUID, 1,
1560 [Define if your setresuid() is broken])
1561 AC_MSG_RESULT(not implemented)],
1562 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1566 AC_CHECK_FUNCS(setresgid, [
1567 dnl Some platorms have setresgid that isn't implemented, test for this
1568 AC_MSG_CHECKING(if setresgid seems to work)
1573 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1575 [AC_MSG_RESULT(yes)],
1576 [AC_DEFINE(BROKEN_SETRESGID, 1,
1577 [Define if your setresgid() is broken])
1578 AC_MSG_RESULT(not implemented)],
1579 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1583 dnl Checks for time functions
1584 AC_CHECK_FUNCS(gettimeofday time)
1585 dnl Checks for utmp functions
1586 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1587 AC_CHECK_FUNCS(utmpname)
1588 dnl Checks for utmpx functions
1589 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1590 AC_CHECK_FUNCS(setutxent utmpxname)
1592 AC_CHECK_FUNC(daemon,
1593 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1594 [AC_CHECK_LIB(bsd, daemon,
1595 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1598 AC_CHECK_FUNC(getpagesize,
1599 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1600 [Define if your libraries define getpagesize()])],
1601 [AC_CHECK_LIB(ucb, getpagesize,
1602 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1605 # Check for broken snprintf
1606 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1607 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1611 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1613 [AC_MSG_RESULT(yes)],
1616 AC_DEFINE(BROKEN_SNPRINTF, 1,
1617 [Define if your snprintf is busted])
1618 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1620 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1624 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1625 # returning the right thing on overflow: the number of characters it tried to
1626 # create (as per SUSv3)
1627 if test "x$ac_cv_func_asprintf" != "xyes" && \
1628 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1629 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1632 #include <sys/types.h>
1636 int x_snprintf(char *str,size_t count,const char *fmt,...)
1638 size_t ret; va_list ap;
1639 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1645 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1647 [AC_MSG_RESULT(yes)],
1650 AC_DEFINE(BROKEN_SNPRINTF, 1,
1651 [Define if your snprintf is busted])
1652 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1654 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1658 # On systems where [v]snprintf is broken, but is declared in stdio,
1659 # check that the fmt argument is const char * or just char *.
1660 # This is only useful for when BROKEN_SNPRINTF
1661 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1662 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1663 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1664 int main(void) { snprintf(0, 0, 0); }
1667 AC_DEFINE(SNPRINTF_CONST, [const],
1668 [Define as const if snprintf() can declare const char *fmt])],
1670 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1672 # Check for missing getpeereid (or equiv) support
1674 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1675 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1677 [#include <sys/types.h>
1678 #include <sys/socket.h>],
1679 [int i = SO_PEERCRED;],
1680 [ AC_MSG_RESULT(yes)
1681 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1688 dnl see whether mkstemp() requires XXXXXX
1689 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1690 AC_MSG_CHECKING([for (overly) strict mkstemp])
1694 main() { char template[]="conftest.mkstemp-test";
1695 if (mkstemp(template) == -1)
1697 unlink(template); exit(0);
1705 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1709 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1714 dnl make sure that openpty does not reacquire controlling terminal
1715 if test ! -z "$check_for_openpty_ctty_bug"; then
1716 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1720 #include <sys/fcntl.h>
1721 #include <sys/types.h>
1722 #include <sys/wait.h>
1728 int fd, ptyfd, ttyfd, status;
1731 if (pid < 0) { /* failed */
1733 } else if (pid > 0) { /* parent */
1734 waitpid(pid, &status, 0);
1735 if (WIFEXITED(status))
1736 exit(WEXITSTATUS(status));
1739 } else { /* child */
1740 close(0); close(1); close(2);
1742 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1743 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1745 exit(3); /* Acquired ctty: broken */
1747 exit(0); /* Did not acquire ctty: OK */
1756 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1759 AC_MSG_RESULT(cross-compiling, assuming yes)
1764 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1765 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1766 AC_MSG_CHECKING(if getaddrinfo seems to work)
1770 #include <sys/socket.h>
1773 #include <netinet/in.h>
1775 #define TEST_PORT "2222"
1781 struct addrinfo *gai_ai, *ai, hints;
1782 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1784 memset(&hints, 0, sizeof(hints));
1785 hints.ai_family = PF_UNSPEC;
1786 hints.ai_socktype = SOCK_STREAM;
1787 hints.ai_flags = AI_PASSIVE;
1789 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1791 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1795 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1796 if (ai->ai_family != AF_INET6)
1799 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1800 sizeof(ntop), strport, sizeof(strport),
1801 NI_NUMERICHOST|NI_NUMERICSERV);
1804 if (err == EAI_SYSTEM)
1805 perror("getnameinfo EAI_SYSTEM");
1807 fprintf(stderr, "getnameinfo failed: %s\n",
1812 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1815 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1828 AC_DEFINE(BROKEN_GETADDRINFO)
1831 AC_MSG_RESULT(cross-compiling, assuming yes)
1836 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1837 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1838 AC_MSG_CHECKING(if getaddrinfo seems to work)
1842 #include <sys/socket.h>
1845 #include <netinet/in.h>
1847 #define TEST_PORT "2222"
1853 struct addrinfo *gai_ai, *ai, hints;
1854 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1856 memset(&hints, 0, sizeof(hints));
1857 hints.ai_family = PF_UNSPEC;
1858 hints.ai_socktype = SOCK_STREAM;
1859 hints.ai_flags = AI_PASSIVE;
1861 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1863 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1867 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1868 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1871 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1872 sizeof(ntop), strport, sizeof(strport),
1873 NI_NUMERICHOST|NI_NUMERICSERV);
1875 if (ai->ai_family == AF_INET && err != 0) {
1876 perror("getnameinfo");
1885 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1886 [Define if you have a getaddrinfo that fails
1887 for the all-zeros IPv6 address])
1891 AC_DEFINE(BROKEN_GETADDRINFO)
1894 AC_MSG_RESULT(cross-compiling, assuming no)
1899 if test "x$check_for_conflicting_getspnam" = "x1"; then
1900 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1904 int main(void) {exit(0);}
1911 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1912 [Conflicting defs for getspnam])
1919 # Search for OpenSSL
1920 saved_CPPFLAGS="$CPPFLAGS"
1921 saved_LDFLAGS="$LDFLAGS"
1922 AC_ARG_WITH(ssl-dir,
1923 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1925 if test "x$withval" != "xno" ; then
1928 ./*|../*) withval="`pwd`/$withval"
1930 if test -d "$withval/lib"; then
1931 if test -n "${need_dash_r}"; then
1932 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1934 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1937 if test -n "${need_dash_r}"; then
1938 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1940 LDFLAGS="-L${withval} ${LDFLAGS}"
1943 if test -d "$withval/include"; then
1944 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1946 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1951 if test -z "$GSI_LDFLAGS" ; then
1952 LIBS="-lcrypto $LIBS"
1954 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1955 [Define if your ssl headers are included
1956 with #include <openssl/header.h>]),
1958 dnl Check default openssl install dir
1959 if test -n "${need_dash_r}"; then
1960 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1962 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1964 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1965 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1967 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1973 # Determine OpenSSL header version
1974 AC_MSG_CHECKING([OpenSSL header version])
1979 #include <openssl/opensslv.h>
1980 #define DATA "conftest.sslincver"
1985 fd = fopen(DATA,"w");
1989 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1996 ssl_header_ver=`cat conftest.sslincver`
1997 AC_MSG_RESULT($ssl_header_ver)
2000 AC_MSG_RESULT(not found)
2001 AC_MSG_ERROR(OpenSSL version header not found.)
2004 AC_MSG_WARN([cross compiling: not checking])
2008 # Determine OpenSSL library version
2009 AC_MSG_CHECKING([OpenSSL library version])
2014 #include <openssl/opensslv.h>
2015 #include <openssl/crypto.h>
2016 #define DATA "conftest.ssllibver"
2021 fd = fopen(DATA,"w");
2025 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2032 ssl_library_ver=`cat conftest.ssllibver`
2033 AC_MSG_RESULT($ssl_library_ver)
2036 AC_MSG_RESULT(not found)
2037 AC_MSG_ERROR(OpenSSL library not found.)
2040 AC_MSG_WARN([cross compiling: not checking])
2044 AC_ARG_WITH(openssl-header-check,
2045 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2046 [ if test "x$withval" = "xno" ; then
2047 openssl_check_nonfatal=1
2052 # Sanity check OpenSSL headers
2053 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2057 #include <openssl/opensslv.h>
2058 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2065 if test "x$openssl_check_nonfatal" = "x"; then
2066 AC_MSG_ERROR([Your OpenSSL headers do not match your
2067 library. Check config.log for details.
2068 If you are sure your installation is consistent, you can disable the check
2069 by running "./configure --without-openssl-header-check".
2070 Also see contrib/findssl.sh for help identifying header/library mismatches.
2073 AC_MSG_WARN([Your OpenSSL headers do not match your
2074 library. Check config.log for details.
2075 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2079 AC_MSG_WARN([cross compiling: not checking])
2083 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2086 #include <openssl/evp.h>
2087 int main(void) { SSLeay_add_all_algorithms(); }
2096 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2099 #include <openssl/evp.h>
2100 int main(void) { SSLeay_add_all_algorithms(); }
2113 AC_ARG_WITH(ssl-engine,
2114 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2115 [ if test "x$withval" != "xno" ; then
2116 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2118 [ #include <openssl/engine.h>],
2120 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2122 [ AC_MSG_RESULT(yes)
2123 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2124 [Enable OpenSSL engine support])
2126 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2131 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2132 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2136 #include <openssl/evp.h>
2137 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2144 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2145 [libcrypto is missing AES 192 and 256 bit functions])
2149 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2150 # because the system crypt() is more featureful.
2151 if test "x$check_for_libcrypt_before" = "x1"; then
2152 AC_CHECK_LIB(crypt, crypt)
2155 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2156 # version in OpenSSL.
2157 if test "x$check_for_libcrypt_later" = "x1"; then
2158 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2161 # Search for SHA256 support in libc and/or OpenSSL
2162 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2165 AC_CHECK_LIB(iaf, ia_openinfo, [
2167 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
2171 ### Configure cryptographic random number support
2173 # Check wheter OpenSSL seeds itself
2174 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2178 #include <openssl/rand.h>
2179 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2182 OPENSSL_SEEDS_ITSELF=yes
2187 # Default to use of the rand helper if OpenSSL doesn't
2192 AC_MSG_WARN([cross compiling: assuming yes])
2193 # This is safe, since all recent OpenSSL versions will
2194 # complain at runtime if not seeded correctly.
2195 OPENSSL_SEEDS_ITSELF=yes
2199 # Check for PAM libs
2202 [ --with-pam Enable PAM support ],
2204 if test "x$withval" != "xno" ; then
2205 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2206 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2207 AC_MSG_ERROR([PAM headers not found])
2211 AC_CHECK_LIB(dl, dlopen, , )
2212 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2213 AC_CHECK_FUNCS(pam_getenvlist)
2214 AC_CHECK_FUNCS(pam_putenv)
2219 SSHDLIBS="$SSHDLIBS -lpam"
2220 AC_DEFINE(USE_PAM, 1,
2221 [Define if you want to enable PAM support])
2223 if test $ac_cv_lib_dl_dlopen = yes; then
2226 # libdl already in LIBS
2229 SSHDLIBS="$SSHDLIBS -ldl"
2237 # Check for older PAM
2238 if test "x$PAM_MSG" = "xyes" ; then
2239 # Check PAM strerror arguments (old PAM)
2240 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2244 #if defined(HAVE_SECURITY_PAM_APPL_H)
2245 #include <security/pam_appl.h>
2246 #elif defined (HAVE_PAM_PAM_APPL_H)
2247 #include <pam/pam_appl.h>
2250 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2251 [AC_MSG_RESULT(no)],
2253 AC_DEFINE(HAVE_OLD_PAM, 1,
2254 [Define if you have an old version of PAM
2255 which takes only one argument to pam_strerror])
2257 PAM_MSG="yes (old library)"
2262 # Do we want to force the use of the rand helper?
2263 AC_ARG_WITH(rand-helper,
2264 [ --with-rand-helper Use subprocess to gather strong randomness ],
2266 if test "x$withval" = "xno" ; then
2267 # Force use of OpenSSL's internal RNG, even if
2268 # the previous test showed it to be unseeded.
2269 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2270 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2271 OPENSSL_SEEDS_ITSELF=yes
2280 # Which randomness source do we use?
2281 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2283 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2284 [Define if you want OpenSSL's internally seeded PRNG only])
2285 RAND_MSG="OpenSSL internal ONLY"
2286 INSTALL_SSH_RAND_HELPER=""
2287 elif test ! -z "$USE_RAND_HELPER" ; then
2288 # install rand helper
2289 RAND_MSG="ssh-rand-helper"
2290 INSTALL_SSH_RAND_HELPER="yes"
2292 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2294 ### Configuration of ssh-rand-helper
2297 AC_ARG_WITH(prngd-port,
2298 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2307 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2310 if test ! -z "$withval" ; then
2311 PRNGD_PORT="$withval"
2312 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2313 [Port number of PRNGD/EGD random number socket])
2318 # PRNGD Unix domain socket
2319 AC_ARG_WITH(prngd-socket,
2320 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2324 withval="/var/run/egd-pool"
2332 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2336 if test ! -z "$withval" ; then
2337 if test ! -z "$PRNGD_PORT" ; then
2338 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2340 if test ! -r "$withval" ; then
2341 AC_MSG_WARN(Entropy socket is not readable)
2343 PRNGD_SOCKET="$withval"
2344 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2345 [Location of PRNGD/EGD random number socket])
2349 # Check for existing socket only if we don't have a random device already
2350 if test "$USE_RAND_HELPER" = yes ; then
2351 AC_MSG_CHECKING(for PRNGD/EGD socket)
2352 # Insert other locations here
2353 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2354 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2355 PRNGD_SOCKET="$sock"
2356 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2360 if test ! -z "$PRNGD_SOCKET" ; then
2361 AC_MSG_RESULT($PRNGD_SOCKET)
2363 AC_MSG_RESULT(not found)
2369 # Change default command timeout for hashing entropy source
2371 AC_ARG_WITH(entropy-timeout,
2372 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2374 if test -n "$withval" && test "x$withval" != "xno" && \
2375 test "x${withval}" != "xyes"; then
2376 entropy_timeout=$withval
2380 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2381 [Builtin PRNG command timeout])
2383 SSH_PRIVSEP_USER=sshd
2384 AC_ARG_WITH(privsep-user,
2385 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2387 if test -n "$withval" && test "x$withval" != "xno" && \
2388 test "x${withval}" != "xyes"; then
2389 SSH_PRIVSEP_USER=$withval
2393 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2394 [non-privileged user for privilege separation])
2395 AC_SUBST(SSH_PRIVSEP_USER)
2397 # We do this little dance with the search path to insure
2398 # that programs that we select for use by installed programs
2399 # (which may be run by the super-user) come from trusted
2400 # locations before they come from the user's private area.
2401 # This should help avoid accidentally configuring some
2402 # random version of a program in someone's personal bin.
2406 test -h /bin 2> /dev/null && PATH=/usr/bin
2407 test -d /sbin && PATH=$PATH:/sbin
2408 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2409 PATH=$PATH:/etc:$OPATH
2411 # These programs are used by the command hashing source to gather entropy
2412 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2413 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2414 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2415 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2416 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2417 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2418 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2419 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2420 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2421 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2422 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2423 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2424 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2425 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2426 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2427 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2431 # Where does ssh-rand-helper get its randomness from?
2432 INSTALL_SSH_PRNG_CMDS=""
2433 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2434 if test ! -z "$PRNGD_PORT" ; then
2435 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2436 elif test ! -z "$PRNGD_SOCKET" ; then
2437 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2439 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2440 RAND_HELPER_CMDHASH=yes
2441 INSTALL_SSH_PRNG_CMDS="yes"
2444 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2447 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2448 if test ! -z "$SONY" ; then
2449 LIBS="$LIBS -liberty";
2452 # Check for long long datatypes
2453 AC_CHECK_TYPES([long long, unsigned long long, long double])
2455 # Check datatype sizes
2456 AC_CHECK_SIZEOF(char, 1)
2457 AC_CHECK_SIZEOF(short int, 2)
2458 AC_CHECK_SIZEOF(int, 4)
2459 AC_CHECK_SIZEOF(long int, 4)
2460 AC_CHECK_SIZEOF(long long int, 8)
2462 # Sanity check long long for some platforms (AIX)
2463 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2464 ac_cv_sizeof_long_long_int=0
2467 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2468 if test -z "$have_llong_max"; then
2469 AC_MSG_CHECKING([for max value of long long])
2473 /* Why is this so damn hard? */
2477 #define __USE_ISOC99
2479 #define DATA "conftest.llminmax"
2480 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2483 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2484 * we do this the hard way.
2487 fprint_ll(FILE *f, long long n)
2490 int l[sizeof(long long) * 8];
2493 if (fprintf(f, "-") < 0)
2495 for (i = 0; n != 0; i++) {
2496 l[i] = my_abs(n % 10);
2500 if (fprintf(f, "%d", l[--i]) < 0)
2503 if (fprintf(f, " ") < 0)
2510 long long i, llmin, llmax = 0;
2512 if((f = fopen(DATA,"w")) == NULL)
2515 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2516 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2520 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2521 /* This will work on one's complement and two's complement */
2522 for (i = 1; i > llmax; i <<= 1, i++)
2524 llmin = llmax + 1LL; /* wrap */
2528 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2529 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2530 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2531 fprintf(f, "unknown unknown\n");
2535 if (fprint_ll(f, llmin) < 0)
2537 if (fprint_ll(f, llmax) < 0)
2545 llong_min=`$AWK '{print $1}' conftest.llminmax`
2546 llong_max=`$AWK '{print $2}' conftest.llminmax`
2548 AC_MSG_RESULT($llong_max)
2549 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2550 [max value of long long calculated by configure])
2551 AC_MSG_CHECKING([for min value of long long])
2552 AC_MSG_RESULT($llong_min)
2553 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2554 [min value of long long calculated by configure])
2557 AC_MSG_RESULT(not found)
2560 AC_MSG_WARN([cross compiling: not checking])
2566 # More checks for data types
2567 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2569 [ #include <sys/types.h> ],
2571 [ ac_cv_have_u_int="yes" ],
2572 [ ac_cv_have_u_int="no" ]
2575 if test "x$ac_cv_have_u_int" = "xyes" ; then
2576 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2580 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2582 [ #include <sys/types.h> ],
2583 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2584 [ ac_cv_have_intxx_t="yes" ],
2585 [ ac_cv_have_intxx_t="no" ]
2588 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2589 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2593 if (test -z "$have_intxx_t" && \
2594 test "x$ac_cv_header_stdint_h" = "xyes")
2596 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2598 [ #include <stdint.h> ],
2599 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2601 AC_DEFINE(HAVE_INTXX_T)
2604 [ AC_MSG_RESULT(no) ]
2608 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2611 #include <sys/types.h>
2612 #ifdef HAVE_STDINT_H
2613 # include <stdint.h>
2615 #include <sys/socket.h>
2616 #ifdef HAVE_SYS_BITYPES_H
2617 # include <sys/bitypes.h>
2620 [ int64_t a; a = 1;],
2621 [ ac_cv_have_int64_t="yes" ],
2622 [ ac_cv_have_int64_t="no" ]
2625 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2626 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2629 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2631 [ #include <sys/types.h> ],
2632 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2633 [ ac_cv_have_u_intxx_t="yes" ],
2634 [ ac_cv_have_u_intxx_t="no" ]
2637 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2638 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2642 if test -z "$have_u_intxx_t" ; then
2643 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2645 [ #include <sys/socket.h> ],
2646 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2648 AC_DEFINE(HAVE_U_INTXX_T)
2651 [ AC_MSG_RESULT(no) ]
2655 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2657 [ #include <sys/types.h> ],
2658 [ u_int64_t a; a = 1;],
2659 [ ac_cv_have_u_int64_t="yes" ],
2660 [ ac_cv_have_u_int64_t="no" ]
2663 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2664 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2668 if test -z "$have_u_int64_t" ; then
2669 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2671 [ #include <sys/bitypes.h> ],
2672 [ u_int64_t a; a = 1],
2674 AC_DEFINE(HAVE_U_INT64_T)
2677 [ AC_MSG_RESULT(no) ]
2681 if test -z "$have_u_intxx_t" ; then
2682 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2685 #include <sys/types.h>
2687 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2688 [ ac_cv_have_uintxx_t="yes" ],
2689 [ ac_cv_have_uintxx_t="no" ]
2692 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2693 AC_DEFINE(HAVE_UINTXX_T, 1,
2694 [define if you have uintxx_t data type])
2698 if test -z "$have_uintxx_t" ; then
2699 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2701 [ #include <stdint.h> ],
2702 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2704 AC_DEFINE(HAVE_UINTXX_T)
2707 [ AC_MSG_RESULT(no) ]
2711 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2712 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2714 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2717 #include <sys/bitypes.h>
2720 int8_t a; int16_t b; int32_t c;
2721 u_int8_t e; u_int16_t f; u_int32_t g;
2722 a = b = c = e = f = g = 1;
2725 AC_DEFINE(HAVE_U_INTXX_T)
2726 AC_DEFINE(HAVE_INTXX_T)
2734 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2737 #include <sys/types.h>
2739 [ u_char foo; foo = 125; ],
2740 [ ac_cv_have_u_char="yes" ],
2741 [ ac_cv_have_u_char="no" ]
2744 if test "x$ac_cv_have_u_char" = "xyes" ; then
2745 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2750 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2752 AC_CHECK_TYPES(in_addr_t,,,
2753 [#include <sys/types.h>
2754 #include <netinet/in.h>])
2756 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2759 #include <sys/types.h>
2761 [ size_t foo; foo = 1235; ],
2762 [ ac_cv_have_size_t="yes" ],
2763 [ ac_cv_have_size_t="no" ]
2766 if test "x$ac_cv_have_size_t" = "xyes" ; then
2767 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2770 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2773 #include <sys/types.h>
2775 [ ssize_t foo; foo = 1235; ],
2776 [ ac_cv_have_ssize_t="yes" ],
2777 [ ac_cv_have_ssize_t="no" ]
2780 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2781 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2784 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2789 [ clock_t foo; foo = 1235; ],
2790 [ ac_cv_have_clock_t="yes" ],
2791 [ ac_cv_have_clock_t="no" ]
2794 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2795 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2798 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2801 #include <sys/types.h>
2802 #include <sys/socket.h>
2804 [ sa_family_t foo; foo = 1235; ],
2805 [ ac_cv_have_sa_family_t="yes" ],
2808 #include <sys/types.h>
2809 #include <sys/socket.h>
2810 #include <netinet/in.h>
2812 [ sa_family_t foo; foo = 1235; ],
2813 [ ac_cv_have_sa_family_t="yes" ],
2815 [ ac_cv_have_sa_family_t="no" ]
2819 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2820 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2821 [define if you have sa_family_t data type])
2824 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2827 #include <sys/types.h>
2829 [ pid_t foo; foo = 1235; ],
2830 [ ac_cv_have_pid_t="yes" ],
2831 [ ac_cv_have_pid_t="no" ]
2834 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2835 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2838 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2841 #include <sys/types.h>
2843 [ mode_t foo; foo = 1235; ],
2844 [ ac_cv_have_mode_t="yes" ],
2845 [ ac_cv_have_mode_t="no" ]
2848 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2849 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2853 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2856 #include <sys/types.h>
2857 #include <sys/socket.h>
2859 [ struct sockaddr_storage s; ],
2860 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2861 [ ac_cv_have_struct_sockaddr_storage="no" ]
2864 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2865 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2866 [define if you have struct sockaddr_storage data type])
2869 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2872 #include <sys/types.h>
2873 #include <netinet/in.h>
2875 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2876 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2877 [ ac_cv_have_struct_sockaddr_in6="no" ]
2880 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2881 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2882 [define if you have struct sockaddr_in6 data type])
2885 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2888 #include <sys/types.h>
2889 #include <netinet/in.h>
2891 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2892 [ ac_cv_have_struct_in6_addr="yes" ],
2893 [ ac_cv_have_struct_in6_addr="no" ]
2896 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2897 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2898 [define if you have struct in6_addr data type])
2901 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2904 #include <sys/types.h>
2905 #include <sys/socket.h>
2908 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2909 [ ac_cv_have_struct_addrinfo="yes" ],
2910 [ ac_cv_have_struct_addrinfo="no" ]
2913 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2914 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2915 [define if you have struct addrinfo data type])
2918 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2920 [ #include <sys/time.h> ],
2921 [ struct timeval tv; tv.tv_sec = 1;],
2922 [ ac_cv_have_struct_timeval="yes" ],
2923 [ ac_cv_have_struct_timeval="no" ]
2926 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2927 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2928 have_struct_timeval=1
2931 AC_CHECK_TYPES(struct timespec)
2933 # We need int64_t or else certian parts of the compile will fail.
2934 if test "x$ac_cv_have_int64_t" = "xno" && \
2935 test "x$ac_cv_sizeof_long_int" != "x8" && \
2936 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2937 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2938 echo "an alternative compiler (I.E., GCC) before continuing."
2942 dnl test snprintf (broken on SCO w/gcc)
2947 #ifdef HAVE_SNPRINTF
2951 char expected_out[50];
2953 #if (SIZEOF_LONG_INT == 8)
2954 long int num = 0x7fffffffffffffff;
2956 long long num = 0x7fffffffffffffffll;
2958 strcpy(expected_out, "9223372036854775807");
2959 snprintf(buf, mazsize, "%lld", num);
2960 if(strcmp(buf, expected_out) != 0)
2967 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2968 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2972 dnl Checks for structure members
2973 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2974 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2975 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2976 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2977 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2978 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2979 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2980 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2981 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2982 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2983 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2984 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2985 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2986 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2987 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2988 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2989 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2991 AC_CHECK_MEMBERS([struct stat.st_blksize])
2992 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2993 [Define if we don't have struct __res_state in resolv.h])],
2996 #if HAVE_SYS_TYPES_H
2997 # include <sys/types.h>
2999 #include <netinet/in.h>
3000 #include <arpa/nameser.h>
3004 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3005 ac_cv_have_ss_family_in_struct_ss, [
3008 #include <sys/types.h>
3009 #include <sys/socket.h>
3011 [ struct sockaddr_storage s; s.ss_family = 1; ],
3012 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3013 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3016 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3017 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3020 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3021 ac_cv_have___ss_family_in_struct_ss, [
3024 #include <sys/types.h>
3025 #include <sys/socket.h>
3027 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3028 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3029 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3032 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3033 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3034 [Fields in struct sockaddr_storage])
3037 AC_CACHE_CHECK([for pw_class field in struct passwd],
3038 ac_cv_have_pw_class_in_struct_passwd, [
3043 [ struct passwd p; p.pw_class = 0; ],
3044 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3045 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3048 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3049 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3050 [Define if your password has a pw_class field])
3053 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3054 ac_cv_have_pw_expire_in_struct_passwd, [
3059 [ struct passwd p; p.pw_expire = 0; ],
3060 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3061 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3064 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3065 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3066 [Define if your password has a pw_expire field])
3069 AC_CACHE_CHECK([for pw_change field in struct passwd],
3070 ac_cv_have_pw_change_in_struct_passwd, [
3075 [ struct passwd p; p.pw_change = 0; ],
3076 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3077 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3080 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3081 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3082 [Define if your password has a pw_change field])
3085 dnl make sure we're using the real structure members and not defines
3086 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3087 ac_cv_have_accrights_in_msghdr, [
3090 #include <sys/types.h>
3091 #include <sys/socket.h>
3092 #include <sys/uio.h>
3094 #ifdef msg_accrights
3095 #error "msg_accrights is a macro"
3099 m.msg_accrights = 0;
3103 [ ac_cv_have_accrights_in_msghdr="yes" ],
3104 [ ac_cv_have_accrights_in_msghdr="no" ]
3107 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3108 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3109 [Define if your system uses access rights style
3110 file descriptor passing])
3113 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3114 ac_cv_have_control_in_msghdr, [
3117 #include <sys/types.h>
3118 #include <sys/socket.h>
3119 #include <sys/uio.h>
3122 #error "msg_control is a macro"
3130 [ ac_cv_have_control_in_msghdr="yes" ],
3131 [ ac_cv_have_control_in_msghdr="no" ]
3134 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3135 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3136 [Define if your system uses ancillary data style
3137 file descriptor passing])
3140 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3142 [ extern char *__progname; printf("%s", __progname); ],
3143 [ ac_cv_libc_defines___progname="yes" ],
3144 [ ac_cv_libc_defines___progname="no" ]
3147 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3148 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3151 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3155 [ printf("%s", __FUNCTION__); ],
3156 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3157 [ ac_cv_cc_implements___FUNCTION__="no" ]
3160 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3161 AC_DEFINE(HAVE___FUNCTION__, 1,
3162 [Define if compiler implements __FUNCTION__])
3165 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3169 [ printf("%s", __func__); ],
3170 [ ac_cv_cc_implements___func__="yes" ],
3171 [ ac_cv_cc_implements___func__="no" ]
3174 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3175 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3178 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3180 [#include <stdarg.h>
3183 [ ac_cv_have_va_copy="yes" ],
3184 [ ac_cv_have_va_copy="no" ]
3187 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3188 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3191 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3193 [#include <stdarg.h>
3196 [ ac_cv_have___va_copy="yes" ],
3197 [ ac_cv_have___va_copy="no" ]
3200 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3201 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3204 AC_CACHE_CHECK([whether getopt has optreset support],
3205 ac_cv_have_getopt_optreset, [
3210 [ extern int optreset; optreset = 0; ],
3211 [ ac_cv_have_getopt_optreset="yes" ],
3212 [ ac_cv_have_getopt_optreset="no" ]
3215 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3216 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3217 [Define if your getopt(3) defines and uses optreset])
3220 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3222 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3223 [ ac_cv_libc_defines_sys_errlist="yes" ],
3224 [ ac_cv_libc_defines_sys_errlist="no" ]
3227 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3228 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3229 [Define if your system defines sys_errlist[]])
3233 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3235 [ extern int sys_nerr; printf("%i", sys_nerr);],
3236 [ ac_cv_libc_defines_sys_nerr="yes" ],
3237 [ ac_cv_libc_defines_sys_nerr="no" ]
3240 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3241 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3245 # Check whether user wants sectok support
3247 [ --with-sectok Enable smartcard support using libsectok],
3249 if test "x$withval" != "xno" ; then
3250 if test "x$withval" != "xyes" ; then
3251 CPPFLAGS="$CPPFLAGS -I${withval}"
3252 LDFLAGS="$LDFLAGS -L${withval}"
3253 if test ! -z "$need_dash_r" ; then
3254 LDFLAGS="$LDFLAGS -R${withval}"
3256 if test ! -z "$blibpath" ; then
3257 blibpath="$blibpath:${withval}"
3260 AC_CHECK_HEADERS(sectok.h)
3261 if test "$ac_cv_header_sectok_h" != yes; then
3262 AC_MSG_ERROR(Can't find sectok.h)
3264 AC_CHECK_LIB(sectok, sectok_open)
3265 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3266 AC_MSG_ERROR(Can't find libsectok)
3268 AC_DEFINE(SMARTCARD, 1,
3269 [Define if you want smartcard support])
3270 AC_DEFINE(USE_SECTOK, 1,
3271 [Define if you want smartcard support
3273 SCARD_MSG="yes, using sectok"
3278 # Check whether user wants OpenSC support
3281 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3283 if test "x$withval" != "xno" ; then
3284 if test "x$withval" != "xyes" ; then
3285 OPENSC_CONFIG=$withval/bin/opensc-config
3287 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3289 if test "$OPENSC_CONFIG" != "no"; then
3290 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3291 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3292 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3293 LIBS="$LIBS $LIBOPENSC_LIBS"
3294 AC_DEFINE(SMARTCARD)
3295 AC_DEFINE(USE_OPENSC, 1,
3296 [Define if you want smartcard support
3298 SCARD_MSG="yes, using OpenSC"
3304 # Check libraries needed by DNS fingerprint support
3305 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3306 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3307 [Define if getrrsetbyname() exists])],
3309 # Needed by our getrrsetbyname()
3310 AC_SEARCH_LIBS(res_query, resolv)
3311 AC_SEARCH_LIBS(dn_expand, resolv)
3312 AC_MSG_CHECKING(if res_query will link)
3313 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3316 LIBS="$LIBS -lresolv"
3317 AC_MSG_CHECKING(for res_query in -lresolv)
3322 res_query (0, 0, 0, 0, 0);
3326 [LIBS="$LIBS -lresolv"
3327 AC_MSG_RESULT(yes)],
3331 AC_CHECK_FUNCS(_getshort _getlong)
3332 AC_CHECK_DECLS([_getshort, _getlong], , ,
3333 [#include <sys/types.h>
3334 #include <arpa/nameser.h>])
3335 AC_CHECK_MEMBER(HEADER.ad,
3336 [AC_DEFINE(HAVE_HEADER_AD, 1,
3337 [Define if HEADER.ad exists in arpa/nameser.h])],,
3338 [#include <arpa/nameser.h>])
3341 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3344 #if HAVE_SYS_TYPES_H
3345 # include <sys/types.h>
3347 #include <netinet/in.h>
3348 #include <arpa/nameser.h>
3350 extern struct __res_state _res;
3351 int main() { return 0; }
3354 AC_DEFINE(HAVE__RES_EXTERN, 1,
3355 [Define if you have struct __res_state _res as an extern])
3357 [ AC_MSG_RESULT(no) ]
3360 # Check whether user wants SELinux support
3363 AC_ARG_WITH(selinux,
3364 [ --with-selinux Enable SELinux support],
3365 [ if test "x$withval" != "xno" ; then
3367 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3369 AC_CHECK_HEADER([selinux/selinux.h], ,
3370 AC_MSG_ERROR(SELinux support requires selinux.h header))
3371 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3372 AC_MSG_ERROR(SELinux support requires libselinux library))
3373 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3374 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3379 # Check whether user wants Kerberos 5 support
3381 AC_ARG_WITH(kerberos5,
3382 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3383 [ if test "x$withval" != "xno" ; then
3384 if test "x$withval" = "xyes" ; then
3385 KRB5ROOT="/usr/local"
3390 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3393 AC_MSG_CHECKING(for krb5-config)
3394 if test -x $KRB5ROOT/bin/krb5-config ; then
3395 KRB5CONF=$KRB5ROOT/bin/krb5-config
3396 AC_MSG_RESULT($KRB5CONF)
3398 AC_MSG_CHECKING(for gssapi support)
3399 if $KRB5CONF | grep gssapi >/dev/null ; then
3401 AC_DEFINE(GSSAPI, 1,
3402 [Define this if you want GSSAPI
3403 support in the version 2 protocol])
3409 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3410 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3411 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3412 AC_MSG_CHECKING(whether we are using Heimdal)
3413 AC_TRY_COMPILE([ #include <krb5.h> ],
3414 [ char *tmp = heimdal_version; ],
3415 [ AC_MSG_RESULT(yes)
3416 AC_DEFINE(HEIMDAL, 1,
3417 [Define this if you are using the
3418 Heimdal version of Kerberos V5]) ],
3423 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3424 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3425 AC_MSG_CHECKING(whether we are using Heimdal)
3426 AC_TRY_COMPILE([ #include <krb5.h> ],
3427 [ char *tmp = heimdal_version; ],
3428 [ AC_MSG_RESULT(yes)
3430 K5LIBS="-lkrb5 -ldes"
3431 K5LIBS="$K5LIBS -lcom_err -lasn1"
3432 AC_CHECK_LIB(roken, net_write,
3433 [K5LIBS="$K5LIBS -lroken"])
3436 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3439 AC_SEARCH_LIBS(dn_expand, resolv)
3441 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3443 K5LIBS="-lgssapi $K5LIBS" ],
3444 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3446 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3447 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3452 AC_CHECK_HEADER(gssapi.h, ,
3453 [ unset ac_cv_header_gssapi_h
3454 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3455 AC_CHECK_HEADERS(gssapi.h, ,
3456 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3462 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3463 AC_CHECK_HEADER(gssapi_krb5.h, ,
3464 [ CPPFLAGS="$oldCPP" ])
3466 # If we're using some other GSSAPI
3467 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3468 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3471 if test -z "$GSSAPI"; then
3476 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3477 AC_CHECK_HEADER(gssapi_krb5.h, ,
3478 [ CPPFLAGS="$oldCPP" ])
3481 if test ! -z "$need_dash_r" ; then
3482 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3484 if test ! -z "$blibpath" ; then
3485 blibpath="$blibpath:${KRB5ROOT}/lib"
3488 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3489 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3490 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3492 LIBS="$LIBS $K5LIBS"
3493 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3494 [Define this if you want to use libkafs' AFS support]))
3499 # Check whether user wants AFS_KRB5 support
3501 AC_ARG_WITH(afs-krb5,
3502 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3504 if test "x$withval" != "xno" ; then
3506 if test "x$withval" != "xyes" ; then
3507 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3508 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3510 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3512 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3515 if test -z "$KRB5ROOT" ; then
3516 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3519 LIBS="-lkrbafs -lkrb4 $LIBS"
3520 if test ! -z "$AFS_LIBS" ; then
3521 LIBS="$LIBS $AFS_LIBS"
3523 AC_DEFINE(AFS_KRB5, 1,
3524 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3530 AC_ARG_WITH(session-hooks,
3531 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3532 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3535 # Looking for programs, paths and files
3537 PRIVSEP_PATH=/var/empty
3538 AC_ARG_WITH(privsep-path,
3539 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3541 if test -n "$withval" && test "x$withval" != "xno" && \
3542 test "x${withval}" != "xyes"; then
3543 PRIVSEP_PATH=$withval
3547 AC_SUBST(PRIVSEP_PATH)
3550 [ --with-xauth=PATH Specify path to xauth program ],
3552 if test -n "$withval" && test "x$withval" != "xno" && \
3553 test "x${withval}" != "xyes"; then
3559 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3560 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3561 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3562 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3563 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3564 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3565 xauth_path="/usr/openwin/bin/xauth"
3571 AC_ARG_ENABLE(strip,
3572 [ --disable-strip Disable calling strip(1) on install],
3574 if test "x$enableval" = "xno" ; then
3581 if test -z "$xauth_path" ; then
3582 XAUTH_PATH="undefined"
3583 AC_SUBST(XAUTH_PATH)
3585 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3586 [Define if xauth is found in your path])
3587 XAUTH_PATH=$xauth_path
3588 AC_SUBST(XAUTH_PATH)
3591 AC_CHECK_DECL(_PATH_BSHELL, ,
3592 AC_DEFINE_UNQUOTED(_PATH_BSHELL, "/bin/sh",
3593 [Define to your C shell if not defined in paths.h]),
3594 [ #include <paths.h> ]
3597 AC_CHECK_DECL(_PATH_CSHELL, ,
3598 AC_DEFINE_UNQUOTED(_PATH_CSHELL, "/bin/csh",
3599 [Define to your Bourne shell if not defined in paths.h]),
3600 [ #include <paths.h> ]
3603 AC_CHECK_DECL(_PATH_SHELLS, ,
3604 AC_DEFINE_UNQUOTED(_PATH_SHELLS, "/etc/shells",
3605 [Define to your shells file if not defined in paths.h]),
3606 [ #include <paths.h> ]
3609 # if _PATH_MAILDIR is in paths.h then we won't go hunting for it.
3610 AC_CHECK_DECL(_PATH_MAILDIR,
3611 AC_DEFINE(PATH_MAILDIR_IN_PATHS_H, 1,
3612 [Define if _PATH_MAILDIR is in paths.h]),
3614 [ #include <paths.h> ]
3617 # Check for mail directory (last resort if we cannot get it from headers)
3618 if test ! -z "$MAIL" ; then
3619 maildir=`dirname $MAIL`
3620 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3621 [Set this to your mail directory if you don't have maillock.h])
3624 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3625 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3626 disable_ptmx_check=yes
3628 if test -z "$no_dev_ptmx" ; then
3629 if test "x$disable_ptmx_check" != "xyes" ; then
3630 AC_CHECK_FILE("/dev/ptmx",
3632 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3633 [Define if you have /dev/ptmx])
3640 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3641 AC_CHECK_FILE("/dev/ptc",
3643 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3644 [Define if you have /dev/ptc])
3649 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3652 # Options from here on. Some of these are preset by platform above
3653 AC_ARG_WITH(mantype,
3654 [ --with-mantype=man|cat|doc Set man page type],
3661 AC_MSG_ERROR(invalid man type: $withval)
3666 if test -z "$MANTYPE"; then
3667 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3668 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3669 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3671 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3678 if test "$MANTYPE" = "doc"; then
3685 # Check whether to enable MD5 passwords
3687 AC_ARG_WITH(md5-passwords,
3688 [ --with-md5-passwords Enable use of MD5 passwords],
3690 if test "x$withval" != "xno" ; then
3691 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3692 [Define if you want to allow MD5 passwords])
3698 # Whether to disable shadow password support
3700 [ --without-shadow Disable shadow password support],
3702 if test "x$withval" = "xno" ; then
3703 AC_DEFINE(DISABLE_SHADOW)
3709 if test -z "$disable_shadow" ; then
3710 AC_MSG_CHECKING([if the systems has expire shadow information])
3713 #include <sys/types.h>
3716 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3717 [ sp_expire_available=yes ], []
3720 if test "x$sp_expire_available" = "xyes" ; then
3722 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3723 [Define if you want to use shadow password expire field])
3729 # Use ip address instead of hostname in $DISPLAY
3730 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3731 DISPLAY_HACK_MSG="yes"
3732 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3733 [Define if you need to use IP address
3734 instead of hostname in $DISPLAY])
3736 DISPLAY_HACK_MSG="no"
3737 AC_ARG_WITH(ipaddr-display,
3738 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3740 if test "x$withval" != "xno" ; then
3741 AC_DEFINE(IPADDR_IN_DISPLAY)
3742 DISPLAY_HACK_MSG="yes"
3748 # check for /etc/default/login and use it if present.
3749 AC_ARG_ENABLE(etc-default-login,
3750 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3751 [ if test "x$enableval" = "xno"; then
3752 AC_MSG_NOTICE([/etc/default/login handling disabled])
3753 etc_default_login=no
3755 etc_default_login=yes
3757 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3759 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3760 etc_default_login=no
3762 etc_default_login=yes
3766 if test "x$etc_default_login" != "xno"; then
3767 AC_CHECK_FILE("/etc/default/login",
3768 [ external_path_file=/etc/default/login ])
3769 if test "x$external_path_file" = "x/etc/default/login"; then
3770 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3771 [Define if your system has /etc/default/login])
3775 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3776 if test $ac_cv_func_login_getcapbool = "yes" && \
3777 test $ac_cv_header_login_cap_h = "yes" ; then
3778 external_path_file=/etc/login.conf
3781 # Whether to mess with the default path
3782 SERVER_PATH_MSG="(default)"
3783 AC_ARG_WITH(default-path,
3784 [ --with-default-path= Specify default \$PATH environment for server],
3786 if test "x$external_path_file" = "x/etc/login.conf" ; then
3788 --with-default-path=PATH has no effect on this system.
3789 Edit /etc/login.conf instead.])
3790 elif test "x$withval" != "xno" ; then
3791 if test ! -z "$external_path_file" ; then
3793 --with-default-path=PATH will only be used if PATH is not defined in
3794 $external_path_file .])
3796 user_path="$withval"
3797 SERVER_PATH_MSG="$withval"
3800 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3801 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3803 if test ! -z "$external_path_file" ; then
3805 If PATH is defined in $external_path_file, ensure the path to scp is included,
3806 otherwise scp will not work.])
3810 /* find out what STDPATH is */
3815 #ifndef _PATH_STDPATH
3816 # ifdef _PATH_USERPATH /* Irix */
3817 # define _PATH_STDPATH _PATH_USERPATH
3819 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3822 #include <sys/types.h>
3823 #include <sys/stat.h>
3825 #define DATA "conftest.stdpath"
3832 fd = fopen(DATA,"w");
3836 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3842 [ user_path=`cat conftest.stdpath` ],
3843 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3844 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3846 # make sure $bindir is in USER_PATH so scp will work
3847 t_bindir=`eval echo ${bindir}`
3849 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3852 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3854 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3855 if test $? -ne 0 ; then
3856 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3857 if test $? -ne 0 ; then
3858 user_path=$user_path:$t_bindir
3859 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3864 if test "x$external_path_file" != "x/etc/login.conf" ; then
3865 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3869 # Set superuser path separately to user path
3870 AC_ARG_WITH(superuser-path,
3871 [ --with-superuser-path= Specify different path for super-user],
3873 if test -n "$withval" && test "x$withval" != "xno" && \
3874 test "x${withval}" != "xyes"; then
3875 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3876 [Define if you want a different $PATH
3878 superuser_path=$withval
3884 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3885 IPV4_IN6_HACK_MSG="no"
3887 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3889 if test "x$withval" != "xno" ; then
3891 AC_DEFINE(IPV4_IN_IPV6, 1,
3892 [Detect IPv4 in IPv6 mapped addresses
3894 IPV4_IN6_HACK_MSG="yes"
3899 if test "x$inet6_default_4in6" = "xyes"; then
3900 AC_MSG_RESULT([yes (default)])
3901 AC_DEFINE(IPV4_IN_IPV6)
3902 IPV4_IN6_HACK_MSG="yes"
3904 AC_MSG_RESULT([no (default)])
3909 # Whether to enable BSD auth support
3911 AC_ARG_WITH(bsd-auth,
3912 [ --with-bsd-auth Enable BSD auth support],
3914 if test "x$withval" != "xno" ; then
3915 AC_DEFINE(BSD_AUTH, 1,
3916 [Define if you have BSD auth support])
3922 # Where to place sshd.pid
3924 # make sure the directory exists
3925 if test ! -d $piddir ; then
3926 piddir=`eval echo ${sysconfdir}`
3928 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3932 AC_ARG_WITH(pid-dir,
3933 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3935 if test -n "$withval" && test "x$withval" != "xno" && \
3936 test "x${withval}" != "xyes"; then
3938 if test ! -d $piddir ; then
3939 AC_MSG_WARN([** no $piddir directory on this system **])
3945 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3948 dnl allow user to disable some login recording features
3949 AC_ARG_ENABLE(lastlog,
3950 [ --disable-lastlog disable use of lastlog even if detected [no]],
3952 if test "x$enableval" = "xno" ; then
3953 AC_DEFINE(DISABLE_LASTLOG)
3958 [ --disable-utmp disable use of utmp even if detected [no]],
3960 if test "x$enableval" = "xno" ; then
3961 AC_DEFINE(DISABLE_UTMP)
3965 AC_ARG_ENABLE(utmpx,
3966 [ --disable-utmpx disable use of utmpx even if detected [no]],
3968 if test "x$enableval" = "xno" ; then
3969 AC_DEFINE(DISABLE_UTMPX, 1,
3970 [Define if you don't want to use utmpx])
3975 [ --disable-wtmp disable use of wtmp even if detected [no]],
3977 if test "x$enableval" = "xno" ; then
3978 AC_DEFINE(DISABLE_WTMP)
3982 AC_ARG_ENABLE(wtmpx,
3983 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3985 if test "x$enableval" = "xno" ; then
3986 AC_DEFINE(DISABLE_WTMPX, 1,
3987 [Define if you don't want to use wtmpx])
3991 AC_ARG_ENABLE(libutil,
3992 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3994 if test "x$enableval" = "xno" ; then
3995 AC_DEFINE(DISABLE_LOGIN)
3999 AC_ARG_ENABLE(pututline,
4000 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4002 if test "x$enableval" = "xno" ; then
4003 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4004 [Define if you don't want to use pututline()
4005 etc. to write [uw]tmp])
4009 AC_ARG_ENABLE(pututxline,
4010 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4012 if test "x$enableval" = "xno" ; then
4013 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4014 [Define if you don't want to use pututxline()
4015 etc. to write [uw]tmpx])
4019 AC_ARG_WITH(lastlog,
4020 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4022 if test "x$withval" = "xno" ; then
4023 AC_DEFINE(DISABLE_LASTLOG)
4024 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4025 conf_lastlog_location=$withval
4030 dnl lastlog, [uw]tmpx? detection
4031 dnl NOTE: set the paths in the platform section to avoid the
4032 dnl need for command-line parameters
4033 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4035 dnl lastlog detection
4036 dnl NOTE: the code itself will detect if lastlog is a directory
4037 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4039 #include <sys/types.h>
4041 #ifdef HAVE_LASTLOG_H
4042 # include <lastlog.h>
4051 [ char *lastlog = LASTLOG_FILE; ],
4052 [ AC_MSG_RESULT(yes) ],
4055 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4057 #include <sys/types.h>
4059 #ifdef HAVE_LASTLOG_H
4060 # include <lastlog.h>
4066 [ char *lastlog = _PATH_LASTLOG; ],
4067 [ AC_MSG_RESULT(yes) ],
4070 system_lastlog_path=no
4075 if test -z "$conf_lastlog_location"; then
4076 if test x"$system_lastlog_path" = x"no" ; then
4077 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4078 if (test -d "$f" || test -f "$f") ; then
4079 conf_lastlog_location=$f
4082 if test -z "$conf_lastlog_location"; then
4083 AC_MSG_WARN([** Cannot find lastlog **])
4084 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4089 if test -n "$conf_lastlog_location"; then
4090 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4091 [Define if you want to specify the path to your lastlog file])
4095 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4097 #include <sys/types.h>
4103 [ char *utmp = UTMP_FILE; ],
4104 [ AC_MSG_RESULT(yes) ],
4106 system_utmp_path=no ]
4108 if test -z "$conf_utmp_location"; then
4109 if test x"$system_utmp_path" = x"no" ; then
4110 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4111 if test -f $f ; then
4112 conf_utmp_location=$f
4115 if test -z "$conf_utmp_location"; then
4116 AC_DEFINE(DISABLE_UTMP)
4120 if test -n "$conf_utmp_location"; then
4121 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4122 [Define if you want to specify the path to your utmp file])
4126 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4128 #include <sys/types.h>
4134 [ char *wtmp = WTMP_FILE; ],
4135 [ AC_MSG_RESULT(yes) ],
4137 system_wtmp_path=no ]
4139 if test -z "$conf_wtmp_location"; then
4140 if test x"$system_wtmp_path" = x"no" ; then
4141 for f in /usr/adm/wtmp /var/log/wtmp; do
4142 if test -f $f ; then
4143 conf_wtmp_location=$f
4146 if test -z "$conf_wtmp_location"; then
4147 AC_DEFINE(DISABLE_WTMP)
4151 if test -n "$conf_wtmp_location"; then
4152 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4153 [Define if you want to specify the path to your wtmp file])
4157 dnl utmpx detection - I don't know any system so perverse as to require
4158 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4160 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4162 #include <sys/types.h>
4171 [ char *utmpx = UTMPX_FILE; ],
4172 [ AC_MSG_RESULT(yes) ],
4174 system_utmpx_path=no ]
4176 if test -z "$conf_utmpx_location"; then
4177 if test x"$system_utmpx_path" = x"no" ; then
4178 AC_DEFINE(DISABLE_UTMPX)
4181 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4182 [Define if you want to specify the path to your utmpx file])
4186 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4188 #include <sys/types.h>
4197 [ char *wtmpx = WTMPX_FILE; ],
4198 [ AC_MSG_RESULT(yes) ],
4200 system_wtmpx_path=no ]
4202 if test -z "$conf_wtmpx_location"; then
4203 if test x"$system_wtmpx_path" = x"no" ; then
4204 AC_DEFINE(DISABLE_WTMPX)
4207 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4208 [Define if you want to specify the path to your wtmpx file])
4212 if test ! -z "$blibpath" ; then
4213 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4214 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4217 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4219 CFLAGS="$CFLAGS $werror_flags"
4222 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4223 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4224 scard/Makefile ssh_prng_cmds survey.sh])
4227 # Print summary of options
4229 # Someone please show me a better way :)
4230 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4231 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4232 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4233 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4234 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4235 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4236 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4237 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4238 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4239 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4242 echo "OpenSSH has been configured with the following options:"
4243 echo " User binaries: $B"
4244 echo " System binaries: $C"
4245 echo " Configuration files: $D"
4246 echo " Askpass program: $E"
4247 echo " Manual pages: $F"
4248 echo " PID file: $G"
4249 echo " Privilege separation chroot path: $H"
4250 if test "x$external_path_file" = "x/etc/login.conf" ; then
4251 echo " At runtime, sshd will use the path defined in $external_path_file"
4252 echo " Make sure the path to scp is present, otherwise scp will not work"
4254 echo " sshd default user PATH: $I"
4255 if test ! -z "$external_path_file"; then
4256 echo " (If PATH is set in $external_path_file it will be used instead. If"
4257 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4260 if test ! -z "$superuser_path" ; then
4261 echo " sshd superuser user PATH: $J"
4263 echo " Manpage format: $MANTYPE"
4264 echo " PAM support: $PAM_MSG"
4265 echo " OSF SIA support: $SIA_MSG"
4266 echo " KerberosV support: $KRB5_MSG"
4267 echo " SELinux support: $SELINUX_MSG"
4268 echo " Smartcard support: $SCARD_MSG"
4269 echo " S/KEY support: $SKEY_MSG"
4270 echo " TCP Wrappers support: $TCPW_MSG"
4271 echo " MD5 password support: $MD5_MSG"
4272 echo " libedit support: $LIBEDIT_MSG"
4273 echo " Solaris process contract support: $SPC_MSG"
4274 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4275 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4276 echo " BSD Auth support: $BSD_AUTH_MSG"
4277 echo " Random number source: $RAND_MSG"
4278 if test ! -z "$USE_RAND_HELPER" ; then
4279 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4284 echo " Host: ${host}"
4285 echo " Compiler: ${CC}"
4286 echo " Compiler flags: ${CFLAGS}"
4287 echo "Preprocessor flags: ${CPPFLAGS}"
4288 echo " Linker flags: ${LDFLAGS}"
4289 echo " Libraries: ${LIBS}"
4290 if test ! -z "${SSHDLIBS}"; then
4291 echo " +for sshd: ${SSHDLIBS}"
4296 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4297 echo "SVR4 style packages are supported with \"make package\""
4301 if test "x$PAM_MSG" = "xyes" ; then
4302 echo "PAM is enabled. You may need to install a PAM control file "
4303 echo "for sshd, otherwise password authentication may fail. "
4304 echo "Example PAM control files can be found in the contrib/ "
4309 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4310 echo "WARNING: you are using the builtin random number collection "
4311 echo "service. Please read WARNING.RNG and request that your OS "
4312 echo "vendor includes kernel-based random number collection in "
4313 echo "future versions of your OS."
4317 if test ! -z "$NO_PEERCHECK" ; then
4318 echo "WARNING: the operating system that you are using does not"
4319 echo "appear to support getpeereid(), getpeerucred() or the"
4320 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4321 echo "enforce security checks to prevent unauthorised connections to"
4322 echo "ssh-agent. Their absence increases the risk that a malicious"
4323 echo "user can connect to your agent."
4327 if test "$AUDIT_MODULE" = "bsm" ; then
4328 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4329 echo "See the Solaris section in README.platform for details."