3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
104 1.*) no_attrib_nonnull=1 ;;
106 CFLAGS="$CFLAGS -Wsign-compare"
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
115 # -fstack-protector-all doesn't always work for some GCC versions
116 # and/or platforms, so we test if we can. If it's not supported
117 # on a give platform gcc will emit a warning so we use -Werror.
118 if test "x$use_stack_protector" = "x1"; then
119 for t in -fstack-protector-all -fstack-protector; do
120 AC_MSG_CHECKING(if $CC supports $t)
121 saved_CFLAGS="$CFLAGS"
122 saved_LDFLAGS="$LDFLAGS"
123 CFLAGS="$CFLAGS $t -Werror"
124 LDFLAGS="$LDFLAGS $t -Werror"
128 int main(void){return 0;}
131 CFLAGS="$saved_CFLAGS $t"
132 LDFLAGS="$saved_LDFLAGS $t"
133 AC_MSG_CHECKING(if $t works)
137 int main(void){exit(0);}
141 [ AC_MSG_RESULT(no) ],
142 [ AC_MSG_WARN([cross compiling: cannot test])
146 [ AC_MSG_RESULT(no) ]
148 CFLAGS="$saved_CFLAGS"
149 LDFLAGS="$saved_LDFLAGS"
153 if test -z "$have_llong_max"; then
154 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
155 unset ac_cv_have_decl_LLONG_MAX
156 saved_CFLAGS="$CFLAGS"
157 CFLAGS="$CFLAGS -std=gnu99"
158 AC_CHECK_DECL(LLONG_MAX,
160 [CFLAGS="$saved_CFLAGS"],
161 [#include <limits.h>]
166 if test "x$no_attrib_nonnull" != "x1" ; then
167 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
171 [ --without-rpath Disable auto-added -R linker paths],
173 if test "x$withval" = "xno" ; then
176 if test "x$withval" = "xyes" ; then
182 # Allow user to specify flags
184 [ --with-cflags Specify additional flags to pass to compiler],
186 if test -n "$withval" && test "x$withval" != "xno" && \
187 test "x${withval}" != "xyes"; then
188 CFLAGS="$CFLAGS $withval"
192 AC_ARG_WITH(cppflags,
193 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
195 if test -n "$withval" && test "x$withval" != "xno" && \
196 test "x${withval}" != "xyes"; then
197 CPPFLAGS="$CPPFLAGS $withval"
202 [ --with-ldflags Specify additional flags to pass to linker],
204 if test -n "$withval" && test "x$withval" != "xno" && \
205 test "x${withval}" != "xyes"; then
206 LDFLAGS="$LDFLAGS $withval"
211 [ --with-libs Specify additional libraries to link with],
213 if test -n "$withval" && test "x$withval" != "xno" && \
214 test "x${withval}" != "xyes"; then
215 LIBS="$LIBS $withval"
220 [ --with-Werror Build main code with -Werror],
222 if test -n "$withval" && test "x$withval" != "xno"; then
223 werror_flags="-Werror"
224 if test "x${withval}" != "xyes"; then
225 werror_flags="$withval"
257 security/pam_appl.h \
296 # lastlog.h requires sys/time.h to be included first on Solaris
297 AC_CHECK_HEADERS(lastlog.h, [], [], [
298 #ifdef HAVE_SYS_TIME_H
299 # include <sys/time.h>
303 # sys/ptms.h requires sys/stream.h to be included first on Solaris
304 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
305 #ifdef HAVE_SYS_STREAM_H
306 # include <sys/stream.h>
310 # login_cap.h requires sys/types.h on NetBSD
311 AC_CHECK_HEADERS(login_cap.h, [], [], [
312 #include <sys/types.h>
315 # Messages for features tested for in target-specific section
319 # Check for some target-specific stuff
322 # Some versions of VAC won't allow macro redefinitions at
323 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
324 # particularly with older versions of vac or xlc.
325 # It also throws errors about null macro argments, but these are
327 AC_MSG_CHECKING(if compiler allows macro redefinitions)
330 #define testmacro foo
331 #define testmacro bar
332 int main(void) { exit(0); }
334 [ AC_MSG_RESULT(yes) ],
336 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
337 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
338 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
339 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
343 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
344 if (test -z "$blibpath"); then
345 blibpath="/usr/lib:/lib"
347 saved_LDFLAGS="$LDFLAGS"
348 if test "$GCC" = "yes"; then
349 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
351 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
353 for tryflags in $flags ;do
354 if (test -z "$blibflags"); then
355 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
356 AC_TRY_LINK([], [], [blibflags=$tryflags])
359 if (test -z "$blibflags"); then
360 AC_MSG_RESULT(not found)
361 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
363 AC_MSG_RESULT($blibflags)
365 LDFLAGS="$saved_LDFLAGS"
366 dnl Check for authenticate. Might be in libs.a on older AIXes
367 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
368 [Define if you want to enable AIX4's authenticate function])],
369 [AC_CHECK_LIB(s,authenticate,
370 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
374 dnl Check for various auth function declarations in headers.
375 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
376 passwdexpired, setauthdb], , , [#include <usersec.h>])
377 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
378 AC_CHECK_DECLS(loginfailed,
379 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
381 [#include <usersec.h>],
382 [(void)loginfailed("user","host","tty",0);],
384 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
385 [Define if your AIX loginfailed() function
386 takes 4 arguments (AIX >= 5.2)])],
390 [#include <usersec.h>]
392 AC_CHECK_FUNCS(getgrset setauthdb)
393 AC_CHECK_DECL(F_CLOSEM,
394 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
396 [ #include <limits.h>
399 check_for_aix_broken_getaddrinfo=1
400 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
401 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
402 [Define if your platform breaks doing a seteuid before a setuid])
403 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
404 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
405 dnl AIX handles lastlog as part of its login message
406 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
407 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
408 [Some systems need a utmpx entry for /bin/login to work])
409 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
410 [Define to a Set Process Title type if your system is
411 supported by bsd-setproctitle.c])
412 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
413 [AIX 5.2 and 5.3 (and presumably newer) require this])
414 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
417 check_for_libcrypt_later=1
418 LIBS="$LIBS /usr/lib/textreadmode.o"
419 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
420 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
421 AC_DEFINE(DISABLE_SHADOW, 1,
422 [Define if you want to disable shadow passwords])
423 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
424 [Define if your system choked on IP TOS setting])
425 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
426 [Define if X11 doesn't support AF_UNIX sockets on that system])
427 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
428 [Define if the concept of ports only accessible to
429 superusers isn't known])
430 AC_DEFINE(DISABLE_FD_PASSING, 1,
431 [Define if your platform needs to skip post auth
432 file descriptor passing])
435 AC_DEFINE(IP_TOS_IS_BROKEN)
436 AC_DEFINE(SETEUID_BREAKS_SETUID)
437 AC_DEFINE(BROKEN_SETREUID)
438 AC_DEFINE(BROKEN_SETREGID)
441 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
442 AC_DEFINE(BROKEN_GETADDRINFO)
443 AC_DEFINE(SETEUID_BREAKS_SETUID)
444 AC_DEFINE(BROKEN_SETREUID)
445 AC_DEFINE(BROKEN_SETREGID)
446 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
447 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
448 [Define if your resolver libs need this for getrrsetbyname])
449 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
450 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
451 [Use tunnel device compatibility to OpenBSD])
452 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
453 [Prepend the address family to IP tunnel traffic])
454 m4_pattern_allow(AU_IPv)
455 AC_CHECK_DECL(AU_IPv4, [],
456 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
457 [#include <bsm/audit.h>]
459 AC_MSG_CHECKING(if we have the Security Authorization Session API)
460 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
461 [SessionCreate(0, 0);],
462 [ac_cv_use_security_session_api="yes"
463 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
464 [platform has the Security Authorization Session API])
465 LIBS="$LIBS -framework Security"
467 [ac_cv_use_security_session_api="no"
469 AC_MSG_CHECKING(if we have an in-memory credentials cache)
471 [#include <Kerberos/Kerberos.h>],
473 (void) cc_initialize (&c, 0, NULL, NULL);],
474 [AC_DEFINE(USE_CCAPI, 1,
475 [platform uses an in-memory credentials cache])
476 LIBS="$LIBS -framework Security"
478 if test "x$ac_cv_use_security_session_api" = "xno"; then
479 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
485 SSHDLIBS="$SSHDLIBS -lcrypt"
488 # first we define all of the options common to all HP-UX releases
489 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
490 IPADDR_IN_DISPLAY=yes
492 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
493 [Define if your login program cannot handle end of options ("--")])
494 AC_DEFINE(LOGIN_NEEDS_UTMPX)
495 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
496 [String used in /etc/passwd to denote locked account])
497 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
498 MAIL="/var/mail/username"
500 AC_CHECK_LIB(xnet, t_error, ,
501 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
503 # next, we define all of the options specific to major releases
506 if test -z "$GCC"; then
511 AC_DEFINE(PAM_SUN_CODEBASE, 1,
512 [Define if you are using Solaris-derived PAM which
513 passes pam_messages to the conversation function
514 with an extra level of indirection])
515 AC_DEFINE(DISABLE_UTMP, 1,
516 [Define if you don't want to use utmp])
517 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
518 check_for_hpux_broken_getaddrinfo=1
519 check_for_conflicting_getspnam=1
523 # lastly, we define options specific to minor releases
526 AC_DEFINE(HAVE_SECUREWARE, 1,
527 [Define if you have SecureWare-based
528 protected password database])
529 disable_ptmx_check=yes
535 PATH="$PATH:/usr/etc"
536 AC_DEFINE(BROKEN_INET_NTOA, 1,
537 [Define if you system's inet_ntoa is busted
538 (e.g. Irix gcc issue)])
539 AC_DEFINE(SETEUID_BREAKS_SETUID)
540 AC_DEFINE(BROKEN_SETREUID)
541 AC_DEFINE(BROKEN_SETREGID)
542 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
543 [Define if you shouldn't strip 'tty' from your
545 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
548 PATH="$PATH:/usr/etc"
549 AC_DEFINE(WITH_IRIX_ARRAY, 1,
550 [Define if you have/want arrays
551 (cluster-wide session managment, not C arrays)])
552 AC_DEFINE(WITH_IRIX_PROJECT, 1,
553 [Define if you want IRIX project management])
554 AC_DEFINE(WITH_IRIX_AUDIT, 1,
555 [Define if you want IRIX audit trails])
556 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
557 [Define if you want IRIX kernel jobs])])
558 AC_DEFINE(BROKEN_INET_NTOA)
559 AC_DEFINE(SETEUID_BREAKS_SETUID)
560 AC_DEFINE(BROKEN_SETREUID)
561 AC_DEFINE(BROKEN_SETREGID)
562 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
563 AC_DEFINE(WITH_ABBREV_NO_TTY)
564 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
568 check_for_libcrypt_later=1
569 check_for_openpty_ctty_bug=1
570 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
571 AC_DEFINE(PAM_TTY_KLUDGE, 1,
572 [Work around problematic Linux PAM modules handling of PAM_TTY])
573 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
574 [String used in /etc/passwd to denote locked account])
575 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
576 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
577 [Define to whatever link() returns for "not supported"
578 if it doesn't return EOPNOTSUPP.])
579 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
581 inet6_default_4in6=yes
584 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
585 [Define if cmsg_type is not passed correctly])
588 # tun(4) forwarding compat code
589 AC_CHECK_HEADERS(linux/if_tun.h)
590 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
591 AC_DEFINE(SSH_TUN_LINUX, 1,
592 [Open tunnel devices the Linux tun/tap way])
593 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
594 [Use tunnel device compatibility to OpenBSD])
595 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
596 [Prepend the address family to IP tunnel traffic])
599 mips-sony-bsd|mips-sony-newsos4)
600 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
604 check_for_libcrypt_before=1
605 if test "x$withval" != "xno" ; then
608 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
609 AC_CHECK_HEADER([net/if_tap.h], ,
610 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
611 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
612 [Prepend the address family to IP tunnel traffic])
615 check_for_libcrypt_later=1
616 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
617 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
618 AC_CHECK_HEADER([net/if_tap.h], ,
619 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
620 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
623 AC_DEFINE(SETEUID_BREAKS_SETUID)
624 AC_DEFINE(BROKEN_SETREUID)
625 AC_DEFINE(BROKEN_SETREGID)
628 conf_lastlog_location="/usr/adm/lastlog"
629 conf_utmp_location=/etc/utmp
630 conf_wtmp_location=/usr/adm/wtmp
632 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
633 AC_DEFINE(BROKEN_REALPATH)
635 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
638 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
639 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
640 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
641 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
642 [syslog_r function is safe to use in in a signal handler])
645 if test "x$withval" != "xno" ; then
648 AC_DEFINE(PAM_SUN_CODEBASE)
649 AC_DEFINE(LOGIN_NEEDS_UTMPX)
650 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
651 [Some versions of /bin/login need the TERM supplied
653 AC_DEFINE(PAM_TTY_KLUDGE)
654 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
655 [Define if pam_chauthtok wants real uid set
656 to the unpriv'ed user])
657 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
658 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
659 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
660 [Define if sshd somehow reacquires a controlling TTY
662 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
663 in case the name is longer than 8 chars])
664 external_path_file=/etc/default/login
665 # hardwire lastlog location (can't detect it on some versions)
666 conf_lastlog_location="/var/adm/lastlog"
667 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
668 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
669 if test "$sol2ver" -ge 8; then
671 AC_DEFINE(DISABLE_UTMP)
672 AC_DEFINE(DISABLE_WTMP, 1,
673 [Define if you don't want to use wtmp])
677 AC_ARG_WITH(solaris-contracts,
678 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
680 AC_CHECK_LIB(contract, ct_tmpl_activate,
681 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
682 [Define if you have Solaris process contracts])
683 SSHDLIBS="$SSHDLIBS -lcontract"
690 CPPFLAGS="$CPPFLAGS -DSUNOS4"
691 AC_CHECK_FUNCS(getpwanam)
692 AC_DEFINE(PAM_SUN_CODEBASE)
693 conf_utmp_location=/etc/utmp
694 conf_wtmp_location=/var/adm/wtmp
695 conf_lastlog_location=/var/adm/lastlog
701 AC_DEFINE(SSHD_ACQUIRES_CTTY)
702 AC_DEFINE(SETEUID_BREAKS_SETUID)
703 AC_DEFINE(BROKEN_SETREUID)
704 AC_DEFINE(BROKEN_SETREGID)
707 # /usr/ucblib MUST NOT be searched on ReliantUNIX
708 AC_CHECK_LIB(dl, dlsym, ,)
709 # -lresolv needs to be at the end of LIBS or DNS lookups break
710 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
711 IPADDR_IN_DISPLAY=yes
713 AC_DEFINE(IP_TOS_IS_BROKEN)
714 AC_DEFINE(SETEUID_BREAKS_SETUID)
715 AC_DEFINE(BROKEN_SETREUID)
716 AC_DEFINE(BROKEN_SETREGID)
717 AC_DEFINE(SSHD_ACQUIRES_CTTY)
718 external_path_file=/etc/default/login
719 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
720 # Attention: always take care to bind libsocket and libnsl before libc,
721 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
723 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
726 AC_DEFINE(SETEUID_BREAKS_SETUID)
727 AC_DEFINE(BROKEN_SETREUID)
728 AC_DEFINE(BROKEN_SETREGID)
729 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
730 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
732 # UnixWare 7.x, OpenUNIX 8
734 check_for_libcrypt_later=1
735 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
737 AC_DEFINE(SETEUID_BREAKS_SETUID)
738 AC_DEFINE(BROKEN_SETREUID)
739 AC_DEFINE(BROKEN_SETREGID)
740 AC_DEFINE(PASSWD_NEEDS_USERNAME)
742 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
743 TEST_SHELL=/u95/bin/sh
744 AC_DEFINE(BROKEN_LIBIAF, 1,
745 [ia_uinfo routines not supported by OS yet])
746 AC_DEFINE(BROKEN_UPDWTMPX)
748 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
754 # SCO UNIX and OEM versions of SCO UNIX
756 AC_MSG_ERROR("This Platform is no longer supported.")
760 if test -z "$GCC"; then
761 CFLAGS="$CFLAGS -belf"
763 LIBS="$LIBS -lprot -lx -ltinfo -lm"
766 AC_DEFINE(HAVE_SECUREWARE)
767 AC_DEFINE(DISABLE_SHADOW)
768 AC_DEFINE(DISABLE_FD_PASSING)
769 AC_DEFINE(SETEUID_BREAKS_SETUID)
770 AC_DEFINE(BROKEN_SETREUID)
771 AC_DEFINE(BROKEN_SETREGID)
772 AC_DEFINE(WITH_ABBREV_NO_TTY)
773 AC_DEFINE(BROKEN_UPDWTMPX)
774 AC_DEFINE(PASSWD_NEEDS_USERNAME)
775 AC_CHECK_FUNCS(getluid setluid)
780 AC_DEFINE(NO_SSH_LASTLOG, 1,
781 [Define if you don't want to use lastlog in session.c])
782 AC_DEFINE(SETEUID_BREAKS_SETUID)
783 AC_DEFINE(BROKEN_SETREUID)
784 AC_DEFINE(BROKEN_SETREGID)
786 AC_DEFINE(DISABLE_FD_PASSING)
788 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
792 AC_DEFINE(SETEUID_BREAKS_SETUID)
793 AC_DEFINE(BROKEN_SETREUID)
794 AC_DEFINE(BROKEN_SETREGID)
795 AC_DEFINE(WITH_ABBREV_NO_TTY)
797 AC_DEFINE(DISABLE_FD_PASSING)
799 LIBS="$LIBS -lgen -lacid -ldb"
803 AC_DEFINE(SETEUID_BREAKS_SETUID)
804 AC_DEFINE(BROKEN_SETREUID)
805 AC_DEFINE(BROKEN_SETREGID)
807 AC_DEFINE(DISABLE_FD_PASSING)
808 AC_DEFINE(NO_SSH_LASTLOG)
809 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
810 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
814 AC_MSG_CHECKING(for Digital Unix SIA)
817 [ --with-osfsia Enable Digital Unix SIA],
819 if test "x$withval" = "xno" ; then
820 AC_MSG_RESULT(disabled)
825 if test -z "$no_osfsia" ; then
826 if test -f /etc/sia/matrix.conf; then
828 AC_DEFINE(HAVE_OSF_SIA, 1,
829 [Define if you have Digital Unix Security
830 Integration Architecture])
831 AC_DEFINE(DISABLE_LOGIN, 1,
832 [Define if you don't want to use your
833 system's login() call])
834 AC_DEFINE(DISABLE_FD_PASSING)
835 LIBS="$LIBS -lsecurity -ldb -lm -laud"
839 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
840 [String used in /etc/passwd to denote locked account])
843 AC_DEFINE(BROKEN_GETADDRINFO)
844 AC_DEFINE(SETEUID_BREAKS_SETUID)
845 AC_DEFINE(BROKEN_SETREUID)
846 AC_DEFINE(BROKEN_SETREGID)
851 AC_DEFINE(NO_X11_UNIX_SOCKETS)
852 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
853 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
854 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
855 AC_DEFINE(DISABLE_LASTLOG)
856 AC_DEFINE(SSHD_ACQUIRES_CTTY)
857 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
858 enable_etc_default_login=no # has incompatible /etc/default/login
861 AC_DEFINE(DISABLE_FD_PASSING)
867 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
868 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
869 AC_DEFINE(NEED_SETPGRP)
870 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
874 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
875 AC_DEFINE(MISSING_HOWMANY)
876 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
880 AC_MSG_CHECKING(compiler and flags for sanity)
886 [ AC_MSG_RESULT(yes) ],
889 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
891 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
894 dnl Checks for header files.
895 # Checks for libraries.
896 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
897 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
899 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
900 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
901 AC_CHECK_LIB(gen, dirname,[
902 AC_CACHE_CHECK([for broken dirname],
903 ac_cv_have_broken_dirname, [
911 int main(int argc, char **argv) {
914 strncpy(buf,"/etc", 32);
916 if (!s || strncmp(s, "/", 32) != 0) {
923 [ ac_cv_have_broken_dirname="no" ],
924 [ ac_cv_have_broken_dirname="yes" ],
925 [ ac_cv_have_broken_dirname="no" ],
929 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
931 AC_DEFINE(HAVE_DIRNAME)
932 AC_CHECK_HEADERS(libgen.h)
937 AC_CHECK_FUNC(getspnam, ,
938 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
939 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
940 [Define if you have the basename function.]))
944 [ --with-zlib=PATH Use zlib in PATH],
945 [ if test "x$withval" = "xno" ; then
946 AC_MSG_ERROR([*** zlib is required ***])
947 elif test "x$withval" != "xyes"; then
948 if test -d "$withval/lib"; then
949 if test -n "${need_dash_r}"; then
950 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
952 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
955 if test -n "${need_dash_r}"; then
956 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
958 LDFLAGS="-L${withval} ${LDFLAGS}"
961 if test -d "$withval/include"; then
962 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
964 CPPFLAGS="-I${withval} ${CPPFLAGS}"
969 AC_CHECK_LIB(z, deflate, ,
971 saved_CPPFLAGS="$CPPFLAGS"
972 saved_LDFLAGS="$LDFLAGS"
974 dnl Check default zlib install dir
975 if test -n "${need_dash_r}"; then
976 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
978 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
980 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
982 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
984 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
989 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
991 AC_ARG_WITH(zlib-version-check,
992 [ --without-zlib-version-check Disable zlib version check],
993 [ if test "x$withval" = "xno" ; then
994 zlib_check_nonfatal=1
999 AC_MSG_CHECKING(for possibly buggy zlib)
1000 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1005 int a=0, b=0, c=0, d=0, n, v;
1006 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1007 if (n != 3 && n != 4)
1009 v = a*1000000 + b*10000 + c*100 + d;
1010 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1013 if (a == 1 && b == 1 && c >= 4)
1016 /* 1.2.3 and up are OK */
1024 [ AC_MSG_RESULT(yes)
1025 if test -z "$zlib_check_nonfatal" ; then
1026 AC_MSG_ERROR([*** zlib too old - check config.log ***
1027 Your reported zlib version has known security problems. It's possible your
1028 vendor has fixed these problems without changing the version number. If you
1029 are sure this is the case, you can disable the check by running
1030 "./configure --without-zlib-version-check".
1031 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1032 See http://www.gzip.org/zlib/ for details.])
1034 AC_MSG_WARN([zlib version may have security problems])
1037 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1041 AC_CHECK_FUNC(strcasecmp,
1042 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1044 AC_CHECK_FUNCS(utimes,
1045 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1046 LIBS="$LIBS -lc89"]) ]
1049 dnl Checks for libutil functions
1050 AC_CHECK_HEADERS(libutil.h)
1051 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1052 [Define if your libraries define login()])])
1053 AC_CHECK_FUNCS(logout updwtmp logwtmp)
1057 # Check for ALTDIRFUNC glob() extension
1058 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1059 AC_EGREP_CPP(FOUNDIT,
1062 #ifdef GLOB_ALTDIRFUNC
1067 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1068 [Define if your system glob() function has
1069 the GLOB_ALTDIRFUNC extension])
1077 # Check for g.gl_matchc glob() extension
1078 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1080 [ #include <glob.h> ],
1081 [glob_t g; g.gl_matchc = 1;],
1083 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1084 [Define if your system glob() function has
1085 gl_matchc options in glob_t])
1093 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1095 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1098 #include <sys/types.h>
1100 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1102 [AC_MSG_RESULT(yes)],
1105 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1106 [Define if your struct dirent expects you to
1107 allocate extra space for d_name])
1110 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1111 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1115 # Check whether the user wants GSSAPI mechglue support
1116 AC_ARG_WITH(mechglue,
1117 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1119 AC_MSG_CHECKING(for mechglue library)
1121 if test -e ${withval}/libgssapi.a ; then
1122 mechglue_lib=${withval}/libgssapi.a
1123 elif test -e ${withval}/lib/libgssapi.a ; then
1124 mechglue_lib=${withval}/lib/libgssapi.a
1126 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1128 LIBS="$LIBS ${mechglue_lib}"
1129 AC_MSG_RESULT(${mechglue_lib})
1131 AC_CHECK_LIB(dl, dlopen, , )
1132 if test $ac_cv_lib_dl_dlopen = yes; then
1133 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1137 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1144 # Check whether the user wants GSI (Globus) support
1147 [ --with-gsi Enable Globus GSI authentication support],
1154 [ --with-globus Enable Globus GSI authentication support],
1160 AC_ARG_WITH(globus-static,
1161 [ --with-globus-static Link statically with Globus GSI libraries],
1163 gsi_static="-static"
1164 if test "x$gsi_path" = "xno" ; then
1170 # Check whether the user has a Globus flavor type
1171 globus_flavor_type="no"
1172 AC_ARG_WITH(globus-flavor,
1173 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
1175 globus_flavor_type="$withval"
1176 if test "x$gsi_path" = "xno" ; then
1182 if test "x$gsi_path" != "xno" ; then
1183 # Globus GSSAPI configuration
1184 AC_MSG_CHECKING(for Globus GSI)
1185 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
1187 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
1188 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1190 if test -z "$GSSAPI"; then
1195 if test "x$gsi_path" = "xyes" ; then
1196 if test -z "$GLOBUS_LOCATION" ; then
1197 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
1199 gsi_path="$GLOBUS_LOCATION"
1202 GLOBUS_LOCATION="$gsi_path"
1203 export GLOBUS_LOCATION
1204 if test ! -d "$GLOBUS_LOCATION" ; then
1205 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1208 if test "x$globus_flavor_type" = "xno" ; then
1209 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1211 if test "x$globus_flavor_type" = "xyes" ; then
1212 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1215 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1216 if test ! -d "$GLOBUS_INCLUDE" ; then
1217 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1219 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
1221 if test -x ${gsi_path}/bin/globus-makefile-header ; then
1222 ${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
1223 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
1224 ${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
1226 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
1228 . ./gpt_build_tmp.sh
1229 if test -n "${need_dash_r}"; then
1230 GSI_LDFLAGS="-L${gsi_path}/lib -R${gsi_path}/lib"
1232 GSI_LDFLAGS="-L${gsi_path}/lib"
1234 if test -z "$GLOBUS_PKG_LIBS" ; then
1235 AC_MSG_ERROR(globus-makefile-header failed)
1238 AC_DEFINE(HAVE_GSSAPI_H)
1240 LIBS="$LIBS $GLOBUS_LIBS $GLOBUS_PKG_LIBS"
1241 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1242 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
1244 # test that we got the libraries OK
1252 AC_MSG_ERROR(link with Globus libraries failed)
1255 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1256 INSTALL_GSISSH="yes"
1260 AC_SUBST(INSTALL_GSISSH)
1261 # End Globus/GSI section
1263 AC_MSG_CHECKING([for /proc/pid/fd directory])
1264 if test -d "/proc/$$/fd" ; then
1265 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1271 # Check whether user wants S/Key support
1274 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1276 if test "x$withval" != "xno" ; then
1278 if test "x$withval" != "xyes" ; then
1279 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1280 LDFLAGS="$LDFLAGS -L${withval}/lib"
1283 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1287 AC_MSG_CHECKING([for s/key support])
1292 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1294 [AC_MSG_RESULT(yes)],
1297 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1299 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1303 [(void)skeychallenge(NULL,"name","",0);],
1305 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1306 [Define if your skeychallenge()
1307 function takes 4 arguments (NetBSD)])],
1314 # Check whether user wants TCP wrappers support
1316 AC_ARG_WITH(tcp-wrappers,
1317 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1319 if test "x$withval" != "xno" ; then
1321 saved_LDFLAGS="$LDFLAGS"
1322 saved_CPPFLAGS="$CPPFLAGS"
1323 if test -n "${withval}" && \
1324 test "x${withval}" != "xyes"; then
1325 if test -d "${withval}/lib"; then
1326 if test -n "${need_dash_r}"; then
1327 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1329 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1332 if test -n "${need_dash_r}"; then
1333 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1335 LDFLAGS="-L${withval} ${LDFLAGS}"
1338 if test -d "${withval}/include"; then
1339 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1341 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1345 AC_MSG_CHECKING(for libwrap)
1348 #include <sys/types.h>
1349 #include <sys/socket.h>
1350 #include <netinet/in.h>
1352 int deny_severity = 0, allow_severity = 0;
1357 AC_DEFINE(LIBWRAP, 1,
1359 TCP Wrappers support])
1360 SSHDLIBS="$SSHDLIBS -lwrap"
1364 AC_MSG_ERROR([*** libwrap missing])
1372 # Check whether user wants libedit support
1374 AC_ARG_WITH(libedit,
1375 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1376 [ if test "x$withval" != "xno" ; then
1377 if test "x$withval" != "xyes"; then
1378 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1379 if test -n "${need_dash_r}"; then
1380 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1382 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1385 AC_CHECK_LIB(edit, el_init,
1386 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1387 LIBEDIT="-ledit -lcurses"
1391 [ AC_MSG_ERROR(libedit not found) ],
1394 AC_MSG_CHECKING(if libedit version is compatible)
1397 #include <histedit.h>
1401 el_init("", NULL, NULL, NULL);
1405 [ AC_MSG_RESULT(yes) ],
1407 AC_MSG_ERROR(libedit version is not compatible) ]
1414 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1416 AC_MSG_CHECKING(for supported audit module)
1421 dnl Checks for headers, libs and functions
1422 AC_CHECK_HEADERS(bsm/audit.h, [],
1423 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1430 AC_CHECK_LIB(bsm, getaudit, [],
1431 [AC_MSG_ERROR(BSM enabled and required library not found)])
1432 AC_CHECK_FUNCS(getaudit, [],
1433 [AC_MSG_ERROR(BSM enabled and required function not found)])
1434 # These are optional
1435 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1436 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1440 AC_MSG_RESULT(debug)
1441 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1447 AC_MSG_ERROR([Unknown audit module $withval])
1452 dnl Checks for library functions. Please keep in alphabetical order
1540 # IRIX has a const char return value for gai_strerror()
1541 AC_CHECK_FUNCS(gai_strerror,[
1542 AC_DEFINE(HAVE_GAI_STRERROR)
1544 #include <sys/types.h>
1545 #include <sys/socket.h>
1548 const char *gai_strerror(int);],[
1551 str = gai_strerror(0);],[
1552 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1553 [Define if gai_strerror() returns const char *])])])
1555 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1556 [Some systems put nanosleep outside of libc]))
1558 dnl Make sure prototypes are defined for these before using them.
1559 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1560 AC_CHECK_DECL(strsep,
1561 [AC_CHECK_FUNCS(strsep)],
1564 #ifdef HAVE_STRING_H
1565 # include <string.h>
1569 dnl tcsendbreak might be a macro
1570 AC_CHECK_DECL(tcsendbreak,
1571 [AC_DEFINE(HAVE_TCSENDBREAK)],
1572 [AC_CHECK_FUNCS(tcsendbreak)],
1573 [#include <termios.h>]
1576 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1578 AC_CHECK_DECLS(SHUT_RD, , ,
1580 #include <sys/types.h>
1581 #include <sys/socket.h>
1584 AC_CHECK_DECLS(O_NONBLOCK, , ,
1586 #include <sys/types.h>
1587 #ifdef HAVE_SYS_STAT_H
1588 # include <sys/stat.h>
1595 AC_CHECK_DECLS(writev, , , [
1596 #include <sys/types.h>
1597 #include <sys/uio.h>
1601 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1602 #include <sys/param.h>
1605 AC_CHECK_DECLS(offsetof, , , [
1609 AC_CHECK_FUNCS(setresuid, [
1610 dnl Some platorms have setresuid that isn't implemented, test for this
1611 AC_MSG_CHECKING(if setresuid seems to work)
1616 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1618 [AC_MSG_RESULT(yes)],
1619 [AC_DEFINE(BROKEN_SETRESUID, 1,
1620 [Define if your setresuid() is broken])
1621 AC_MSG_RESULT(not implemented)],
1622 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1626 AC_CHECK_FUNCS(setresgid, [
1627 dnl Some platorms have setresgid that isn't implemented, test for this
1628 AC_MSG_CHECKING(if setresgid seems to work)
1633 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1635 [AC_MSG_RESULT(yes)],
1636 [AC_DEFINE(BROKEN_SETRESGID, 1,
1637 [Define if your setresgid() is broken])
1638 AC_MSG_RESULT(not implemented)],
1639 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1643 dnl Checks for time functions
1644 AC_CHECK_FUNCS(gettimeofday time)
1645 dnl Checks for utmp functions
1646 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1647 AC_CHECK_FUNCS(utmpname)
1648 dnl Checks for utmpx functions
1649 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1650 AC_CHECK_FUNCS(setutxent utmpxname)
1652 AC_CHECK_FUNC(daemon,
1653 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1654 [AC_CHECK_LIB(bsd, daemon,
1655 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1658 AC_CHECK_FUNC(getpagesize,
1659 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1660 [Define if your libraries define getpagesize()])],
1661 [AC_CHECK_LIB(ucb, getpagesize,
1662 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1665 # Check for broken snprintf
1666 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1667 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1671 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1673 [AC_MSG_RESULT(yes)],
1676 AC_DEFINE(BROKEN_SNPRINTF, 1,
1677 [Define if your snprintf is busted])
1678 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1680 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1684 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1685 # returning the right thing on overflow: the number of characters it tried to
1686 # create (as per SUSv3)
1687 if test "x$ac_cv_func_asprintf" != "xyes" && \
1688 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1689 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1692 #include <sys/types.h>
1696 int x_snprintf(char *str,size_t count,const char *fmt,...)
1698 size_t ret; va_list ap;
1699 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1705 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1707 [AC_MSG_RESULT(yes)],
1710 AC_DEFINE(BROKEN_SNPRINTF, 1,
1711 [Define if your snprintf is busted])
1712 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1714 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1718 # On systems where [v]snprintf is broken, but is declared in stdio,
1719 # check that the fmt argument is const char * or just char *.
1720 # This is only useful for when BROKEN_SNPRINTF
1721 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1722 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1723 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1724 int main(void) { snprintf(0, 0, 0); }
1727 AC_DEFINE(SNPRINTF_CONST, [const],
1728 [Define as const if snprintf() can declare const char *fmt])],
1730 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1732 # Check for missing getpeereid (or equiv) support
1734 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1735 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1737 [#include <sys/types.h>
1738 #include <sys/socket.h>],
1739 [int i = SO_PEERCRED;],
1740 [ AC_MSG_RESULT(yes)
1741 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1748 dnl see whether mkstemp() requires XXXXXX
1749 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1750 AC_MSG_CHECKING([for (overly) strict mkstemp])
1754 main() { char template[]="conftest.mkstemp-test";
1755 if (mkstemp(template) == -1)
1757 unlink(template); exit(0);
1765 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1769 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1774 dnl make sure that openpty does not reacquire controlling terminal
1775 if test ! -z "$check_for_openpty_ctty_bug"; then
1776 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1780 #include <sys/fcntl.h>
1781 #include <sys/types.h>
1782 #include <sys/wait.h>
1788 int fd, ptyfd, ttyfd, status;
1791 if (pid < 0) { /* failed */
1793 } else if (pid > 0) { /* parent */
1794 waitpid(pid, &status, 0);
1795 if (WIFEXITED(status))
1796 exit(WEXITSTATUS(status));
1799 } else { /* child */
1800 close(0); close(1); close(2);
1802 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1803 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1805 exit(3); /* Acquired ctty: broken */
1807 exit(0); /* Did not acquire ctty: OK */
1816 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1819 AC_MSG_RESULT(cross-compiling, assuming yes)
1824 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1825 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1826 AC_MSG_CHECKING(if getaddrinfo seems to work)
1830 #include <sys/socket.h>
1833 #include <netinet/in.h>
1835 #define TEST_PORT "2222"
1841 struct addrinfo *gai_ai, *ai, hints;
1842 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1844 memset(&hints, 0, sizeof(hints));
1845 hints.ai_family = PF_UNSPEC;
1846 hints.ai_socktype = SOCK_STREAM;
1847 hints.ai_flags = AI_PASSIVE;
1849 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1851 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1855 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1856 if (ai->ai_family != AF_INET6)
1859 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1860 sizeof(ntop), strport, sizeof(strport),
1861 NI_NUMERICHOST|NI_NUMERICSERV);
1864 if (err == EAI_SYSTEM)
1865 perror("getnameinfo EAI_SYSTEM");
1867 fprintf(stderr, "getnameinfo failed: %s\n",
1872 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1875 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1888 AC_DEFINE(BROKEN_GETADDRINFO)
1891 AC_MSG_RESULT(cross-compiling, assuming yes)
1896 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1897 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1898 AC_MSG_CHECKING(if getaddrinfo seems to work)
1902 #include <sys/socket.h>
1905 #include <netinet/in.h>
1907 #define TEST_PORT "2222"
1913 struct addrinfo *gai_ai, *ai, hints;
1914 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1916 memset(&hints, 0, sizeof(hints));
1917 hints.ai_family = PF_UNSPEC;
1918 hints.ai_socktype = SOCK_STREAM;
1919 hints.ai_flags = AI_PASSIVE;
1921 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1923 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1927 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1928 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1931 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1932 sizeof(ntop), strport, sizeof(strport),
1933 NI_NUMERICHOST|NI_NUMERICSERV);
1935 if (ai->ai_family == AF_INET && err != 0) {
1936 perror("getnameinfo");
1945 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1946 [Define if you have a getaddrinfo that fails
1947 for the all-zeros IPv6 address])
1951 AC_DEFINE(BROKEN_GETADDRINFO)
1954 AC_MSG_RESULT(cross-compiling, assuming no)
1959 if test "x$check_for_conflicting_getspnam" = "x1"; then
1960 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1964 int main(void) {exit(0);}
1971 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1972 [Conflicting defs for getspnam])
1979 # Search for OpenSSL
1980 saved_CPPFLAGS="$CPPFLAGS"
1981 saved_LDFLAGS="$LDFLAGS"
1982 AC_ARG_WITH(ssl-dir,
1983 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1985 if test "x$withval" != "xno" ; then
1988 ./*|../*) withval="`pwd`/$withval"
1990 if test -d "$withval/lib"; then
1991 if test -n "${need_dash_r}"; then
1992 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1994 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1997 if test -n "${need_dash_r}"; then
1998 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2000 LDFLAGS="-L${withval} ${LDFLAGS}"
2003 if test -d "$withval/include"; then
2004 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2006 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2011 if test -z "$GSI_LDFLAGS" ; then
2012 LIBS="-lcrypto $LIBS"
2014 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
2015 [Define if your ssl headers are included
2016 with #include <openssl/header.h>]),
2018 dnl Check default openssl install dir
2019 if test -n "${need_dash_r}"; then
2020 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2022 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2024 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2025 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2027 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2033 # Determine OpenSSL header version
2034 AC_MSG_CHECKING([OpenSSL header version])
2039 #include <openssl/opensslv.h>
2040 #define DATA "conftest.sslincver"
2045 fd = fopen(DATA,"w");
2049 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2056 ssl_header_ver=`cat conftest.sslincver`
2057 AC_MSG_RESULT($ssl_header_ver)
2060 AC_MSG_RESULT(not found)
2061 AC_MSG_ERROR(OpenSSL version header not found.)
2064 AC_MSG_WARN([cross compiling: not checking])
2068 # Determine OpenSSL library version
2069 AC_MSG_CHECKING([OpenSSL library version])
2074 #include <openssl/opensslv.h>
2075 #include <openssl/crypto.h>
2076 #define DATA "conftest.ssllibver"
2081 fd = fopen(DATA,"w");
2085 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2092 ssl_library_ver=`cat conftest.ssllibver`
2093 AC_MSG_RESULT($ssl_library_ver)
2096 AC_MSG_RESULT(not found)
2097 AC_MSG_ERROR(OpenSSL library not found.)
2100 AC_MSG_WARN([cross compiling: not checking])
2104 AC_ARG_WITH(openssl-header-check,
2105 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2106 [ if test "x$withval" = "xno" ; then
2107 openssl_check_nonfatal=1
2112 # Sanity check OpenSSL headers
2113 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2117 #include <openssl/opensslv.h>
2118 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2125 if test "x$openssl_check_nonfatal" = "x"; then
2126 AC_MSG_ERROR([Your OpenSSL headers do not match your
2127 library. Check config.log for details.
2128 If you are sure your installation is consistent, you can disable the check
2129 by running "./configure --without-openssl-header-check".
2130 Also see contrib/findssl.sh for help identifying header/library mismatches.
2133 AC_MSG_WARN([Your OpenSSL headers do not match your
2134 library. Check config.log for details.
2135 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2139 AC_MSG_WARN([cross compiling: not checking])
2143 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2146 #include <openssl/evp.h>
2147 int main(void) { SSLeay_add_all_algorithms(); }
2156 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2159 #include <openssl/evp.h>
2160 int main(void) { SSLeay_add_all_algorithms(); }
2173 AC_ARG_WITH(ssl-engine,
2174 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2175 [ if test "x$withval" != "xno" ; then
2176 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2178 [ #include <openssl/engine.h>],
2180 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2182 [ AC_MSG_RESULT(yes)
2183 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2184 [Enable OpenSSL engine support])
2186 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2191 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2192 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2196 #include <openssl/evp.h>
2197 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2204 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2205 [libcrypto is missing AES 192 and 256 bit functions])
2209 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2210 # because the system crypt() is more featureful.
2211 if test "x$check_for_libcrypt_before" = "x1"; then
2212 AC_CHECK_LIB(crypt, crypt)
2215 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2216 # version in OpenSSL.
2217 if test "x$check_for_libcrypt_later" = "x1"; then
2218 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2221 # Search for SHA256 support in libc and/or OpenSSL
2222 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2225 AC_CHECK_LIB(iaf, ia_openinfo, [
2227 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2228 AC_DEFINE(HAVE_LIBIAF, 1,
2229 [Define if system has libiaf that supports set_id])
2234 ### Configure cryptographic random number support
2236 # Check wheter OpenSSL seeds itself
2237 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2241 #include <openssl/rand.h>
2242 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2245 OPENSSL_SEEDS_ITSELF=yes
2250 # Default to use of the rand helper if OpenSSL doesn't
2255 AC_MSG_WARN([cross compiling: assuming yes])
2256 # This is safe, since all recent OpenSSL versions will
2257 # complain at runtime if not seeded correctly.
2258 OPENSSL_SEEDS_ITSELF=yes
2262 # Check for PAM libs
2265 [ --with-pam Enable PAM support ],
2267 if test "x$withval" != "xno" ; then
2268 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2269 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2270 AC_MSG_ERROR([PAM headers not found])
2274 AC_CHECK_LIB(dl, dlopen, , )
2275 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2276 AC_CHECK_FUNCS(pam_getenvlist)
2277 AC_CHECK_FUNCS(pam_putenv)
2282 SSHDLIBS="$SSHDLIBS -lpam"
2283 AC_DEFINE(USE_PAM, 1,
2284 [Define if you want to enable PAM support])
2286 if test $ac_cv_lib_dl_dlopen = yes; then
2289 # libdl already in LIBS
2292 SSHDLIBS="$SSHDLIBS -ldl"
2300 # Check for older PAM
2301 if test "x$PAM_MSG" = "xyes" ; then
2302 # Check PAM strerror arguments (old PAM)
2303 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2307 #if defined(HAVE_SECURITY_PAM_APPL_H)
2308 #include <security/pam_appl.h>
2309 #elif defined (HAVE_PAM_PAM_APPL_H)
2310 #include <pam/pam_appl.h>
2313 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2314 [AC_MSG_RESULT(no)],
2316 AC_DEFINE(HAVE_OLD_PAM, 1,
2317 [Define if you have an old version of PAM
2318 which takes only one argument to pam_strerror])
2320 PAM_MSG="yes (old library)"
2325 # Do we want to force the use of the rand helper?
2326 AC_ARG_WITH(rand-helper,
2327 [ --with-rand-helper Use subprocess to gather strong randomness ],
2329 if test "x$withval" = "xno" ; then
2330 # Force use of OpenSSL's internal RNG, even if
2331 # the previous test showed it to be unseeded.
2332 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2333 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2334 OPENSSL_SEEDS_ITSELF=yes
2343 # Which randomness source do we use?
2344 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2346 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2347 [Define if you want OpenSSL's internally seeded PRNG only])
2348 RAND_MSG="OpenSSL internal ONLY"
2349 INSTALL_SSH_RAND_HELPER=""
2350 elif test ! -z "$USE_RAND_HELPER" ; then
2351 # install rand helper
2352 RAND_MSG="ssh-rand-helper"
2353 INSTALL_SSH_RAND_HELPER="yes"
2355 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2357 ### Configuration of ssh-rand-helper
2360 AC_ARG_WITH(prngd-port,
2361 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2370 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2373 if test ! -z "$withval" ; then
2374 PRNGD_PORT="$withval"
2375 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2376 [Port number of PRNGD/EGD random number socket])
2381 # PRNGD Unix domain socket
2382 AC_ARG_WITH(prngd-socket,
2383 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2387 withval="/var/run/egd-pool"
2395 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2399 if test ! -z "$withval" ; then
2400 if test ! -z "$PRNGD_PORT" ; then
2401 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2403 if test ! -r "$withval" ; then
2404 AC_MSG_WARN(Entropy socket is not readable)
2406 PRNGD_SOCKET="$withval"
2407 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2408 [Location of PRNGD/EGD random number socket])
2412 # Check for existing socket only if we don't have a random device already
2413 if test "$USE_RAND_HELPER" = yes ; then
2414 AC_MSG_CHECKING(for PRNGD/EGD socket)
2415 # Insert other locations here
2416 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2417 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2418 PRNGD_SOCKET="$sock"
2419 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2423 if test ! -z "$PRNGD_SOCKET" ; then
2424 AC_MSG_RESULT($PRNGD_SOCKET)
2426 AC_MSG_RESULT(not found)
2432 # Change default command timeout for hashing entropy source
2434 AC_ARG_WITH(entropy-timeout,
2435 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2437 if test -n "$withval" && test "x$withval" != "xno" && \
2438 test "x${withval}" != "xyes"; then
2439 entropy_timeout=$withval
2443 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2444 [Builtin PRNG command timeout])
2446 SSH_PRIVSEP_USER=sshd
2447 AC_ARG_WITH(privsep-user,
2448 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2450 if test -n "$withval" && test "x$withval" != "xno" && \
2451 test "x${withval}" != "xyes"; then
2452 SSH_PRIVSEP_USER=$withval
2456 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2457 [non-privileged user for privilege separation])
2458 AC_SUBST(SSH_PRIVSEP_USER)
2460 # We do this little dance with the search path to insure
2461 # that programs that we select for use by installed programs
2462 # (which may be run by the super-user) come from trusted
2463 # locations before they come from the user's private area.
2464 # This should help avoid accidentally configuring some
2465 # random version of a program in someone's personal bin.
2469 test -h /bin 2> /dev/null && PATH=/usr/bin
2470 test -d /sbin && PATH=$PATH:/sbin
2471 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2472 PATH=$PATH:/etc:$OPATH
2474 # These programs are used by the command hashing source to gather entropy
2475 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2476 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2477 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2478 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2479 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2480 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2481 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2482 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2483 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2484 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2485 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2486 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2487 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2488 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2489 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2490 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2494 # Where does ssh-rand-helper get its randomness from?
2495 INSTALL_SSH_PRNG_CMDS=""
2496 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2497 if test ! -z "$PRNGD_PORT" ; then
2498 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2499 elif test ! -z "$PRNGD_SOCKET" ; then
2500 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2502 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2503 RAND_HELPER_CMDHASH=yes
2504 INSTALL_SSH_PRNG_CMDS="yes"
2507 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2510 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2511 if test ! -z "$SONY" ; then
2512 LIBS="$LIBS -liberty";
2515 # Check for long long datatypes
2516 AC_CHECK_TYPES([long long, unsigned long long, long double])
2518 # Check datatype sizes
2519 AC_CHECK_SIZEOF(char, 1)
2520 AC_CHECK_SIZEOF(short int, 2)
2521 AC_CHECK_SIZEOF(int, 4)
2522 AC_CHECK_SIZEOF(long int, 4)
2523 AC_CHECK_SIZEOF(long long int, 8)
2525 # Sanity check long long for some platforms (AIX)
2526 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2527 ac_cv_sizeof_long_long_int=0
2530 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2531 if test -z "$have_llong_max"; then
2532 AC_MSG_CHECKING([for max value of long long])
2536 /* Why is this so damn hard? */
2540 #define __USE_ISOC99
2542 #define DATA "conftest.llminmax"
2543 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2546 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2547 * we do this the hard way.
2550 fprint_ll(FILE *f, long long n)
2553 int l[sizeof(long long) * 8];
2556 if (fprintf(f, "-") < 0)
2558 for (i = 0; n != 0; i++) {
2559 l[i] = my_abs(n % 10);
2563 if (fprintf(f, "%d", l[--i]) < 0)
2566 if (fprintf(f, " ") < 0)
2573 long long i, llmin, llmax = 0;
2575 if((f = fopen(DATA,"w")) == NULL)
2578 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2579 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2583 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2584 /* This will work on one's complement and two's complement */
2585 for (i = 1; i > llmax; i <<= 1, i++)
2587 llmin = llmax + 1LL; /* wrap */
2591 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2592 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2593 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2594 fprintf(f, "unknown unknown\n");
2598 if (fprint_ll(f, llmin) < 0)
2600 if (fprint_ll(f, llmax) < 0)
2608 llong_min=`$AWK '{print $1}' conftest.llminmax`
2609 llong_max=`$AWK '{print $2}' conftest.llminmax`
2611 AC_MSG_RESULT($llong_max)
2612 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2613 [max value of long long calculated by configure])
2614 AC_MSG_CHECKING([for min value of long long])
2615 AC_MSG_RESULT($llong_min)
2616 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2617 [min value of long long calculated by configure])
2620 AC_MSG_RESULT(not found)
2623 AC_MSG_WARN([cross compiling: not checking])
2629 # More checks for data types
2630 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2632 [ #include <sys/types.h> ],
2634 [ ac_cv_have_u_int="yes" ],
2635 [ ac_cv_have_u_int="no" ]
2638 if test "x$ac_cv_have_u_int" = "xyes" ; then
2639 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2643 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2645 [ #include <sys/types.h> ],
2646 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2647 [ ac_cv_have_intxx_t="yes" ],
2648 [ ac_cv_have_intxx_t="no" ]
2651 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2652 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2656 if (test -z "$have_intxx_t" && \
2657 test "x$ac_cv_header_stdint_h" = "xyes")
2659 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2661 [ #include <stdint.h> ],
2662 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2664 AC_DEFINE(HAVE_INTXX_T)
2667 [ AC_MSG_RESULT(no) ]
2671 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2674 #include <sys/types.h>
2675 #ifdef HAVE_STDINT_H
2676 # include <stdint.h>
2678 #include <sys/socket.h>
2679 #ifdef HAVE_SYS_BITYPES_H
2680 # include <sys/bitypes.h>
2683 [ int64_t a; a = 1;],
2684 [ ac_cv_have_int64_t="yes" ],
2685 [ ac_cv_have_int64_t="no" ]
2688 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2689 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2692 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2694 [ #include <sys/types.h> ],
2695 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2696 [ ac_cv_have_u_intxx_t="yes" ],
2697 [ ac_cv_have_u_intxx_t="no" ]
2700 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2701 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2705 if test -z "$have_u_intxx_t" ; then
2706 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2708 [ #include <sys/socket.h> ],
2709 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2711 AC_DEFINE(HAVE_U_INTXX_T)
2714 [ AC_MSG_RESULT(no) ]
2718 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2720 [ #include <sys/types.h> ],
2721 [ u_int64_t a; a = 1;],
2722 [ ac_cv_have_u_int64_t="yes" ],
2723 [ ac_cv_have_u_int64_t="no" ]
2726 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2727 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2731 if test -z "$have_u_int64_t" ; then
2732 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2734 [ #include <sys/bitypes.h> ],
2735 [ u_int64_t a; a = 1],
2737 AC_DEFINE(HAVE_U_INT64_T)
2740 [ AC_MSG_RESULT(no) ]
2744 if test -z "$have_u_intxx_t" ; then
2745 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2748 #include <sys/types.h>
2750 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2751 [ ac_cv_have_uintxx_t="yes" ],
2752 [ ac_cv_have_uintxx_t="no" ]
2755 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2756 AC_DEFINE(HAVE_UINTXX_T, 1,
2757 [define if you have uintxx_t data type])
2761 if test -z "$have_uintxx_t" ; then
2762 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2764 [ #include <stdint.h> ],
2765 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2767 AC_DEFINE(HAVE_UINTXX_T)
2770 [ AC_MSG_RESULT(no) ]
2774 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2775 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2777 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2780 #include <sys/bitypes.h>
2783 int8_t a; int16_t b; int32_t c;
2784 u_int8_t e; u_int16_t f; u_int32_t g;
2785 a = b = c = e = f = g = 1;
2788 AC_DEFINE(HAVE_U_INTXX_T)
2789 AC_DEFINE(HAVE_INTXX_T)
2797 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2800 #include <sys/types.h>
2802 [ u_char foo; foo = 125; ],
2803 [ ac_cv_have_u_char="yes" ],
2804 [ ac_cv_have_u_char="no" ]
2807 if test "x$ac_cv_have_u_char" = "xyes" ; then
2808 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2813 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2815 AC_CHECK_TYPES(in_addr_t,,,
2816 [#include <sys/types.h>
2817 #include <netinet/in.h>])
2819 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2822 #include <sys/types.h>
2824 [ size_t foo; foo = 1235; ],
2825 [ ac_cv_have_size_t="yes" ],
2826 [ ac_cv_have_size_t="no" ]
2829 if test "x$ac_cv_have_size_t" = "xyes" ; then
2830 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2833 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2836 #include <sys/types.h>
2838 [ ssize_t foo; foo = 1235; ],
2839 [ ac_cv_have_ssize_t="yes" ],
2840 [ ac_cv_have_ssize_t="no" ]
2843 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2844 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2847 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2852 [ clock_t foo; foo = 1235; ],
2853 [ ac_cv_have_clock_t="yes" ],
2854 [ ac_cv_have_clock_t="no" ]
2857 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2858 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2861 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2864 #include <sys/types.h>
2865 #include <sys/socket.h>
2867 [ sa_family_t foo; foo = 1235; ],
2868 [ ac_cv_have_sa_family_t="yes" ],
2871 #include <sys/types.h>
2872 #include <sys/socket.h>
2873 #include <netinet/in.h>
2875 [ sa_family_t foo; foo = 1235; ],
2876 [ ac_cv_have_sa_family_t="yes" ],
2878 [ ac_cv_have_sa_family_t="no" ]
2882 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2883 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2884 [define if you have sa_family_t data type])
2887 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2890 #include <sys/types.h>
2892 [ pid_t foo; foo = 1235; ],
2893 [ ac_cv_have_pid_t="yes" ],
2894 [ ac_cv_have_pid_t="no" ]
2897 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2898 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2901 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2904 #include <sys/types.h>
2906 [ mode_t foo; foo = 1235; ],
2907 [ ac_cv_have_mode_t="yes" ],
2908 [ ac_cv_have_mode_t="no" ]
2911 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2912 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2916 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2919 #include <sys/types.h>
2920 #include <sys/socket.h>
2922 [ struct sockaddr_storage s; ],
2923 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2924 [ ac_cv_have_struct_sockaddr_storage="no" ]
2927 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2928 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2929 [define if you have struct sockaddr_storage data type])
2932 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2935 #include <sys/types.h>
2936 #include <netinet/in.h>
2938 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2939 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2940 [ ac_cv_have_struct_sockaddr_in6="no" ]
2943 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2944 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2945 [define if you have struct sockaddr_in6 data type])
2948 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2951 #include <sys/types.h>
2952 #include <netinet/in.h>
2954 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2955 [ ac_cv_have_struct_in6_addr="yes" ],
2956 [ ac_cv_have_struct_in6_addr="no" ]
2959 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2960 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2961 [define if you have struct in6_addr data type])
2964 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2967 #include <sys/types.h>
2968 #include <sys/socket.h>
2971 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2972 [ ac_cv_have_struct_addrinfo="yes" ],
2973 [ ac_cv_have_struct_addrinfo="no" ]
2976 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2977 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2978 [define if you have struct addrinfo data type])
2981 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2983 [ #include <sys/time.h> ],
2984 [ struct timeval tv; tv.tv_sec = 1;],
2985 [ ac_cv_have_struct_timeval="yes" ],
2986 [ ac_cv_have_struct_timeval="no" ]
2989 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2990 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2991 have_struct_timeval=1
2994 AC_CHECK_TYPES(struct timespec)
2996 # We need int64_t or else certian parts of the compile will fail.
2997 if test "x$ac_cv_have_int64_t" = "xno" && \
2998 test "x$ac_cv_sizeof_long_int" != "x8" && \
2999 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3000 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3001 echo "an alternative compiler (I.E., GCC) before continuing."
3005 dnl test snprintf (broken on SCO w/gcc)
3010 #ifdef HAVE_SNPRINTF
3014 char expected_out[50];
3016 #if (SIZEOF_LONG_INT == 8)
3017 long int num = 0x7fffffffffffffff;
3019 long long num = 0x7fffffffffffffffll;
3021 strcpy(expected_out, "9223372036854775807");
3022 snprintf(buf, mazsize, "%lld", num);
3023 if(strcmp(buf, expected_out) != 0)
3030 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3031 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3035 dnl Checks for structure members
3036 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3037 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3038 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3039 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3040 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3041 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3042 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3043 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3044 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3045 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3046 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3047 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3048 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3049 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3050 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3051 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3052 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3054 AC_CHECK_MEMBERS([struct stat.st_blksize])
3055 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3056 [Define if we don't have struct __res_state in resolv.h])],
3059 #if HAVE_SYS_TYPES_H
3060 # include <sys/types.h>
3062 #include <netinet/in.h>
3063 #include <arpa/nameser.h>
3067 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3068 ac_cv_have_ss_family_in_struct_ss, [
3071 #include <sys/types.h>
3072 #include <sys/socket.h>
3074 [ struct sockaddr_storage s; s.ss_family = 1; ],
3075 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3076 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3079 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3080 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3083 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3084 ac_cv_have___ss_family_in_struct_ss, [
3087 #include <sys/types.h>
3088 #include <sys/socket.h>
3090 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3091 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3092 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3095 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3096 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3097 [Fields in struct sockaddr_storage])
3100 AC_CACHE_CHECK([for pw_class field in struct passwd],
3101 ac_cv_have_pw_class_in_struct_passwd, [
3106 [ struct passwd p; p.pw_class = 0; ],
3107 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3108 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3111 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3112 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3113 [Define if your password has a pw_class field])
3116 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3117 ac_cv_have_pw_expire_in_struct_passwd, [
3122 [ struct passwd p; p.pw_expire = 0; ],
3123 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3124 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3127 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3128 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3129 [Define if your password has a pw_expire field])
3132 AC_CACHE_CHECK([for pw_change field in struct passwd],
3133 ac_cv_have_pw_change_in_struct_passwd, [
3138 [ struct passwd p; p.pw_change = 0; ],
3139 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3140 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3143 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3144 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3145 [Define if your password has a pw_change field])
3148 dnl make sure we're using the real structure members and not defines
3149 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3150 ac_cv_have_accrights_in_msghdr, [
3153 #include <sys/types.h>
3154 #include <sys/socket.h>
3155 #include <sys/uio.h>
3157 #ifdef msg_accrights
3158 #error "msg_accrights is a macro"
3162 m.msg_accrights = 0;
3166 [ ac_cv_have_accrights_in_msghdr="yes" ],
3167 [ ac_cv_have_accrights_in_msghdr="no" ]
3170 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3171 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3172 [Define if your system uses access rights style
3173 file descriptor passing])
3176 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3177 ac_cv_have_control_in_msghdr, [
3180 #include <sys/types.h>
3181 #include <sys/socket.h>
3182 #include <sys/uio.h>
3185 #error "msg_control is a macro"
3193 [ ac_cv_have_control_in_msghdr="yes" ],
3194 [ ac_cv_have_control_in_msghdr="no" ]
3197 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3198 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3199 [Define if your system uses ancillary data style
3200 file descriptor passing])
3203 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3205 [ extern char *__progname; printf("%s", __progname); ],
3206 [ ac_cv_libc_defines___progname="yes" ],
3207 [ ac_cv_libc_defines___progname="no" ]
3210 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3211 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3214 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3218 [ printf("%s", __FUNCTION__); ],
3219 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3220 [ ac_cv_cc_implements___FUNCTION__="no" ]
3223 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3224 AC_DEFINE(HAVE___FUNCTION__, 1,
3225 [Define if compiler implements __FUNCTION__])
3228 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3232 [ printf("%s", __func__); ],
3233 [ ac_cv_cc_implements___func__="yes" ],
3234 [ ac_cv_cc_implements___func__="no" ]
3237 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3238 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3241 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3243 [#include <stdarg.h>
3246 [ ac_cv_have_va_copy="yes" ],
3247 [ ac_cv_have_va_copy="no" ]
3250 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3251 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3254 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3256 [#include <stdarg.h>
3259 [ ac_cv_have___va_copy="yes" ],
3260 [ ac_cv_have___va_copy="no" ]
3263 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3264 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3267 AC_CACHE_CHECK([whether getopt has optreset support],
3268 ac_cv_have_getopt_optreset, [
3273 [ extern int optreset; optreset = 0; ],
3274 [ ac_cv_have_getopt_optreset="yes" ],
3275 [ ac_cv_have_getopt_optreset="no" ]
3278 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3279 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3280 [Define if your getopt(3) defines and uses optreset])
3283 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3285 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3286 [ ac_cv_libc_defines_sys_errlist="yes" ],
3287 [ ac_cv_libc_defines_sys_errlist="no" ]
3290 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3291 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3292 [Define if your system defines sys_errlist[]])
3296 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3298 [ extern int sys_nerr; printf("%i", sys_nerr);],
3299 [ ac_cv_libc_defines_sys_nerr="yes" ],
3300 [ ac_cv_libc_defines_sys_nerr="no" ]
3303 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3304 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3308 # Check whether user wants sectok support
3310 [ --with-sectok Enable smartcard support using libsectok],
3312 if test "x$withval" != "xno" ; then
3313 if test "x$withval" != "xyes" ; then
3314 CPPFLAGS="$CPPFLAGS -I${withval}"
3315 LDFLAGS="$LDFLAGS -L${withval}"
3316 if test ! -z "$need_dash_r" ; then
3317 LDFLAGS="$LDFLAGS -R${withval}"
3319 if test ! -z "$blibpath" ; then
3320 blibpath="$blibpath:${withval}"
3323 AC_CHECK_HEADERS(sectok.h)
3324 if test "$ac_cv_header_sectok_h" != yes; then
3325 AC_MSG_ERROR(Can't find sectok.h)
3327 AC_CHECK_LIB(sectok, sectok_open)
3328 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3329 AC_MSG_ERROR(Can't find libsectok)
3331 AC_DEFINE(SMARTCARD, 1,
3332 [Define if you want smartcard support])
3333 AC_DEFINE(USE_SECTOK, 1,
3334 [Define if you want smartcard support
3336 SCARD_MSG="yes, using sectok"
3341 # Check whether user wants OpenSC support
3344 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3346 if test "x$withval" != "xno" ; then
3347 if test "x$withval" != "xyes" ; then
3348 OPENSC_CONFIG=$withval/bin/opensc-config
3350 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3352 if test "$OPENSC_CONFIG" != "no"; then
3353 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3354 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3355 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3356 LIBS="$LIBS $LIBOPENSC_LIBS"
3357 AC_DEFINE(SMARTCARD)
3358 AC_DEFINE(USE_OPENSC, 1,
3359 [Define if you want smartcard support
3361 SCARD_MSG="yes, using OpenSC"
3367 # Check libraries needed by DNS fingerprint support
3368 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3369 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3370 [Define if getrrsetbyname() exists])],
3372 # Needed by our getrrsetbyname()
3373 AC_SEARCH_LIBS(res_query, resolv)
3374 AC_SEARCH_LIBS(dn_expand, resolv)
3375 AC_MSG_CHECKING(if res_query will link)
3376 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3379 LIBS="$LIBS -lresolv"
3380 AC_MSG_CHECKING(for res_query in -lresolv)
3385 res_query (0, 0, 0, 0, 0);
3389 [LIBS="$LIBS -lresolv"
3390 AC_MSG_RESULT(yes)],
3394 AC_CHECK_FUNCS(_getshort _getlong)
3395 AC_CHECK_DECLS([_getshort, _getlong], , ,
3396 [#include <sys/types.h>
3397 #include <arpa/nameser.h>])
3398 AC_CHECK_MEMBER(HEADER.ad,
3399 [AC_DEFINE(HAVE_HEADER_AD, 1,
3400 [Define if HEADER.ad exists in arpa/nameser.h])],,
3401 [#include <arpa/nameser.h>])
3404 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3407 #if HAVE_SYS_TYPES_H
3408 # include <sys/types.h>
3410 #include <netinet/in.h>
3411 #include <arpa/nameser.h>
3413 extern struct __res_state _res;
3414 int main() { return 0; }
3417 AC_DEFINE(HAVE__RES_EXTERN, 1,
3418 [Define if you have struct __res_state _res as an extern])
3420 [ AC_MSG_RESULT(no) ]
3423 # Check whether user wants SELinux support
3426 AC_ARG_WITH(selinux,
3427 [ --with-selinux Enable SELinux support],
3428 [ if test "x$withval" != "xno" ; then
3430 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3432 AC_CHECK_HEADER([selinux/selinux.h], ,
3433 AC_MSG_ERROR(SELinux support requires selinux.h header))
3434 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3435 AC_MSG_ERROR(SELinux support requires libselinux library))
3436 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3437 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3442 # Check whether user wants Kerberos 5 support
3444 AC_ARG_WITH(kerberos5,
3445 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3446 [ if test "x$withval" != "xno" ; then
3447 if test "x$withval" = "xyes" ; then
3448 KRB5ROOT="/usr/local"
3453 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3456 AC_MSG_CHECKING(for krb5-config)
3457 if test -x $KRB5ROOT/bin/krb5-config ; then
3458 KRB5CONF=$KRB5ROOT/bin/krb5-config
3459 AC_MSG_RESULT($KRB5CONF)
3461 AC_MSG_CHECKING(for gssapi support)
3462 if $KRB5CONF | grep gssapi >/dev/null ; then
3464 AC_DEFINE(GSSAPI, 1,
3465 [Define this if you want GSSAPI
3466 support in the version 2 protocol])
3472 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3473 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3474 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3475 AC_MSG_CHECKING(whether we are using Heimdal)
3476 AC_TRY_COMPILE([ #include <krb5.h> ],
3477 [ char *tmp = heimdal_version; ],
3478 [ AC_MSG_RESULT(yes)
3479 AC_DEFINE(HEIMDAL, 1,
3480 [Define this if you are using the
3481 Heimdal version of Kerberos V5]) ],
3486 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3487 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3488 AC_MSG_CHECKING(whether we are using Heimdal)
3489 AC_TRY_COMPILE([ #include <krb5.h> ],
3490 [ char *tmp = heimdal_version; ],
3491 [ AC_MSG_RESULT(yes)
3493 K5LIBS="-lkrb5 -ldes"
3494 K5LIBS="$K5LIBS -lcom_err -lasn1"
3495 AC_CHECK_LIB(roken, net_write,
3496 [K5LIBS="$K5LIBS -lroken"])
3499 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3502 AC_SEARCH_LIBS(dn_expand, resolv)
3504 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3506 K5LIBS="-lgssapi $K5LIBS" ],
3507 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3509 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3510 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3515 AC_CHECK_HEADER(gssapi.h, ,
3516 [ unset ac_cv_header_gssapi_h
3517 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3518 AC_CHECK_HEADERS(gssapi.h, ,
3519 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3525 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3526 AC_CHECK_HEADER(gssapi_krb5.h, ,
3527 [ CPPFLAGS="$oldCPP" ])
3529 # If we're using some other GSSAPI
3530 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3531 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3534 if test -z "$GSSAPI"; then
3539 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3540 AC_CHECK_HEADER(gssapi_krb5.h, ,
3541 [ CPPFLAGS="$oldCPP" ])
3544 if test ! -z "$need_dash_r" ; then
3545 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3547 if test ! -z "$blibpath" ; then
3548 blibpath="$blibpath:${KRB5ROOT}/lib"
3551 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3552 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3553 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3555 LIBS="$LIBS $K5LIBS"
3556 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3557 [Define this if you want to use libkafs' AFS support]))
3562 # Check whether user wants AFS_KRB5 support
3564 AC_ARG_WITH(afs-krb5,
3565 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3567 if test "x$withval" != "xno" ; then
3569 if test "x$withval" != "xyes" ; then
3570 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3571 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3573 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3575 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3578 if test -z "$KRB5ROOT" ; then
3579 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3582 LIBS="-lkrbafs -lkrb4 $LIBS"
3583 if test ! -z "$AFS_LIBS" ; then
3584 LIBS="$LIBS $AFS_LIBS"
3586 AC_DEFINE(AFS_KRB5, 1,
3587 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3593 AC_ARG_WITH(session-hooks,
3594 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3595 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3598 # Looking for programs, paths and files
3600 PRIVSEP_PATH=/var/empty
3601 AC_ARG_WITH(privsep-path,
3602 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3604 if test -n "$withval" && test "x$withval" != "xno" && \
3605 test "x${withval}" != "xyes"; then
3606 PRIVSEP_PATH=$withval
3610 AC_SUBST(PRIVSEP_PATH)
3613 [ --with-xauth=PATH Specify path to xauth program ],
3615 if test -n "$withval" && test "x$withval" != "xno" && \
3616 test "x${withval}" != "xyes"; then
3622 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3623 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3624 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3625 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3626 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3627 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3628 xauth_path="/usr/openwin/bin/xauth"
3634 AC_ARG_ENABLE(strip,
3635 [ --disable-strip Disable calling strip(1) on install],
3637 if test "x$enableval" = "xno" ; then
3644 if test -z "$xauth_path" ; then
3645 XAUTH_PATH="undefined"
3646 AC_SUBST(XAUTH_PATH)
3648 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3649 [Define if xauth is found in your path])
3650 XAUTH_PATH=$xauth_path
3651 AC_SUBST(XAUTH_PATH)
3654 # Check for mail directory (last resort if we cannot get it from headers)
3655 if test ! -z "$MAIL" ; then
3656 maildir=`dirname $MAIL`
3657 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3658 [Set this to your mail directory if you don't have maillock.h])
3661 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3662 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3663 disable_ptmx_check=yes
3665 if test -z "$no_dev_ptmx" ; then
3666 if test "x$disable_ptmx_check" != "xyes" ; then
3667 AC_CHECK_FILE("/dev/ptmx",
3669 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3670 [Define if you have /dev/ptmx])
3677 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3678 AC_CHECK_FILE("/dev/ptc",
3680 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3681 [Define if you have /dev/ptc])
3686 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3689 # Options from here on. Some of these are preset by platform above
3690 AC_ARG_WITH(mantype,
3691 [ --with-mantype=man|cat|doc Set man page type],
3698 AC_MSG_ERROR(invalid man type: $withval)
3703 if test -z "$MANTYPE"; then
3704 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3705 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3706 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3708 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3715 if test "$MANTYPE" = "doc"; then
3722 # Check whether to enable MD5 passwords
3724 AC_ARG_WITH(md5-passwords,
3725 [ --with-md5-passwords Enable use of MD5 passwords],
3727 if test "x$withval" != "xno" ; then
3728 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3729 [Define if you want to allow MD5 passwords])
3735 # Whether to disable shadow password support
3737 [ --without-shadow Disable shadow password support],
3739 if test "x$withval" = "xno" ; then
3740 AC_DEFINE(DISABLE_SHADOW)
3746 if test -z "$disable_shadow" ; then
3747 AC_MSG_CHECKING([if the systems has expire shadow information])
3750 #include <sys/types.h>
3753 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3754 [ sp_expire_available=yes ], []
3757 if test "x$sp_expire_available" = "xyes" ; then
3759 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3760 [Define if you want to use shadow password expire field])
3766 # Use ip address instead of hostname in $DISPLAY
3767 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3768 DISPLAY_HACK_MSG="yes"
3769 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3770 [Define if you need to use IP address
3771 instead of hostname in $DISPLAY])
3773 DISPLAY_HACK_MSG="no"
3774 AC_ARG_WITH(ipaddr-display,
3775 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3777 if test "x$withval" != "xno" ; then
3778 AC_DEFINE(IPADDR_IN_DISPLAY)
3779 DISPLAY_HACK_MSG="yes"
3785 # check for /etc/default/login and use it if present.
3786 AC_ARG_ENABLE(etc-default-login,
3787 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3788 [ if test "x$enableval" = "xno"; then
3789 AC_MSG_NOTICE([/etc/default/login handling disabled])
3790 etc_default_login=no
3792 etc_default_login=yes
3794 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3796 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3797 etc_default_login=no
3799 etc_default_login=yes
3803 if test "x$etc_default_login" != "xno"; then
3804 AC_CHECK_FILE("/etc/default/login",
3805 [ external_path_file=/etc/default/login ])
3806 if test "x$external_path_file" = "x/etc/default/login"; then
3807 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3808 [Define if your system has /etc/default/login])
3812 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3813 if test $ac_cv_func_login_getcapbool = "yes" && \
3814 test $ac_cv_header_login_cap_h = "yes" ; then
3815 external_path_file=/etc/login.conf
3818 # Whether to mess with the default path
3819 SERVER_PATH_MSG="(default)"
3820 AC_ARG_WITH(default-path,
3821 [ --with-default-path= Specify default \$PATH environment for server],
3823 if test "x$external_path_file" = "x/etc/login.conf" ; then
3825 --with-default-path=PATH has no effect on this system.
3826 Edit /etc/login.conf instead.])
3827 elif test "x$withval" != "xno" ; then
3828 if test ! -z "$external_path_file" ; then
3830 --with-default-path=PATH will only be used if PATH is not defined in
3831 $external_path_file .])
3833 user_path="$withval"
3834 SERVER_PATH_MSG="$withval"
3837 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3838 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3840 if test ! -z "$external_path_file" ; then
3842 If PATH is defined in $external_path_file, ensure the path to scp is included,
3843 otherwise scp will not work.])
3847 /* find out what STDPATH is */
3852 #ifndef _PATH_STDPATH
3853 # ifdef _PATH_USERPATH /* Irix */
3854 # define _PATH_STDPATH _PATH_USERPATH
3856 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3859 #include <sys/types.h>
3860 #include <sys/stat.h>
3862 #define DATA "conftest.stdpath"
3869 fd = fopen(DATA,"w");
3873 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3879 [ user_path=`cat conftest.stdpath` ],
3880 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3881 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3883 # make sure $bindir is in USER_PATH so scp will work
3884 t_bindir=`eval echo ${bindir}`
3886 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3889 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3891 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3892 if test $? -ne 0 ; then
3893 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3894 if test $? -ne 0 ; then
3895 user_path=$user_path:$t_bindir
3896 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3901 if test "x$external_path_file" != "x/etc/login.conf" ; then
3902 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3906 # Set superuser path separately to user path
3907 AC_ARG_WITH(superuser-path,
3908 [ --with-superuser-path= Specify different path for super-user],
3910 if test -n "$withval" && test "x$withval" != "xno" && \
3911 test "x${withval}" != "xyes"; then
3912 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3913 [Define if you want a different $PATH
3915 superuser_path=$withval
3921 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3922 IPV4_IN6_HACK_MSG="no"
3924 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3926 if test "x$withval" != "xno" ; then
3928 AC_DEFINE(IPV4_IN_IPV6, 1,
3929 [Detect IPv4 in IPv6 mapped addresses
3931 IPV4_IN6_HACK_MSG="yes"
3936 if test "x$inet6_default_4in6" = "xyes"; then
3937 AC_MSG_RESULT([yes (default)])
3938 AC_DEFINE(IPV4_IN_IPV6)
3939 IPV4_IN6_HACK_MSG="yes"
3941 AC_MSG_RESULT([no (default)])
3946 # Whether to enable BSD auth support
3948 AC_ARG_WITH(bsd-auth,
3949 [ --with-bsd-auth Enable BSD auth support],
3951 if test "x$withval" != "xno" ; then
3952 AC_DEFINE(BSD_AUTH, 1,
3953 [Define if you have BSD auth support])
3959 # Where to place sshd.pid
3961 # make sure the directory exists
3962 if test ! -d $piddir ; then
3963 piddir=`eval echo ${sysconfdir}`
3965 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3969 AC_ARG_WITH(pid-dir,
3970 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3972 if test -n "$withval" && test "x$withval" != "xno" && \
3973 test "x${withval}" != "xyes"; then
3975 if test ! -d $piddir ; then
3976 AC_MSG_WARN([** no $piddir directory on this system **])
3982 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3985 dnl allow user to disable some login recording features
3986 AC_ARG_ENABLE(lastlog,
3987 [ --disable-lastlog disable use of lastlog even if detected [no]],
3989 if test "x$enableval" = "xno" ; then
3990 AC_DEFINE(DISABLE_LASTLOG)
3995 [ --disable-utmp disable use of utmp even if detected [no]],
3997 if test "x$enableval" = "xno" ; then
3998 AC_DEFINE(DISABLE_UTMP)
4002 AC_ARG_ENABLE(utmpx,
4003 [ --disable-utmpx disable use of utmpx even if detected [no]],
4005 if test "x$enableval" = "xno" ; then
4006 AC_DEFINE(DISABLE_UTMPX, 1,
4007 [Define if you don't want to use utmpx])
4012 [ --disable-wtmp disable use of wtmp even if detected [no]],
4014 if test "x$enableval" = "xno" ; then
4015 AC_DEFINE(DISABLE_WTMP)
4019 AC_ARG_ENABLE(wtmpx,
4020 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4022 if test "x$enableval" = "xno" ; then
4023 AC_DEFINE(DISABLE_WTMPX, 1,
4024 [Define if you don't want to use wtmpx])
4028 AC_ARG_ENABLE(libutil,
4029 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4031 if test "x$enableval" = "xno" ; then
4032 AC_DEFINE(DISABLE_LOGIN)
4036 AC_ARG_ENABLE(pututline,
4037 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4039 if test "x$enableval" = "xno" ; then
4040 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4041 [Define if you don't want to use pututline()
4042 etc. to write [uw]tmp])
4046 AC_ARG_ENABLE(pututxline,
4047 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4049 if test "x$enableval" = "xno" ; then
4050 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4051 [Define if you don't want to use pututxline()
4052 etc. to write [uw]tmpx])
4056 AC_ARG_WITH(lastlog,
4057 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4059 if test "x$withval" = "xno" ; then
4060 AC_DEFINE(DISABLE_LASTLOG)
4061 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4062 conf_lastlog_location=$withval
4067 dnl lastlog, [uw]tmpx? detection
4068 dnl NOTE: set the paths in the platform section to avoid the
4069 dnl need for command-line parameters
4070 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4072 dnl lastlog detection
4073 dnl NOTE: the code itself will detect if lastlog is a directory
4074 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4076 #include <sys/types.h>
4078 #ifdef HAVE_LASTLOG_H
4079 # include <lastlog.h>
4088 [ char *lastlog = LASTLOG_FILE; ],
4089 [ AC_MSG_RESULT(yes) ],
4092 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4094 #include <sys/types.h>
4096 #ifdef HAVE_LASTLOG_H
4097 # include <lastlog.h>
4103 [ char *lastlog = _PATH_LASTLOG; ],
4104 [ AC_MSG_RESULT(yes) ],
4107 system_lastlog_path=no
4112 if test -z "$conf_lastlog_location"; then
4113 if test x"$system_lastlog_path" = x"no" ; then
4114 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4115 if (test -d "$f" || test -f "$f") ; then
4116 conf_lastlog_location=$f
4119 if test -z "$conf_lastlog_location"; then
4120 AC_MSG_WARN([** Cannot find lastlog **])
4121 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4126 if test -n "$conf_lastlog_location"; then
4127 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4128 [Define if you want to specify the path to your lastlog file])
4132 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4134 #include <sys/types.h>
4140 [ char *utmp = UTMP_FILE; ],
4141 [ AC_MSG_RESULT(yes) ],
4143 system_utmp_path=no ]
4145 if test -z "$conf_utmp_location"; then
4146 if test x"$system_utmp_path" = x"no" ; then
4147 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4148 if test -f $f ; then
4149 conf_utmp_location=$f
4152 if test -z "$conf_utmp_location"; then
4153 AC_DEFINE(DISABLE_UTMP)
4157 if test -n "$conf_utmp_location"; then
4158 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4159 [Define if you want to specify the path to your utmp file])
4163 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4165 #include <sys/types.h>
4171 [ char *wtmp = WTMP_FILE; ],
4172 [ AC_MSG_RESULT(yes) ],
4174 system_wtmp_path=no ]
4176 if test -z "$conf_wtmp_location"; then
4177 if test x"$system_wtmp_path" = x"no" ; then
4178 for f in /usr/adm/wtmp /var/log/wtmp; do
4179 if test -f $f ; then
4180 conf_wtmp_location=$f
4183 if test -z "$conf_wtmp_location"; then
4184 AC_DEFINE(DISABLE_WTMP)
4188 if test -n "$conf_wtmp_location"; then
4189 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4190 [Define if you want to specify the path to your wtmp file])
4194 dnl utmpx detection - I don't know any system so perverse as to require
4195 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4197 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4199 #include <sys/types.h>
4208 [ char *utmpx = UTMPX_FILE; ],
4209 [ AC_MSG_RESULT(yes) ],
4211 system_utmpx_path=no ]
4213 if test -z "$conf_utmpx_location"; then
4214 if test x"$system_utmpx_path" = x"no" ; then
4215 AC_DEFINE(DISABLE_UTMPX)
4218 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4219 [Define if you want to specify the path to your utmpx file])
4223 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4225 #include <sys/types.h>
4234 [ char *wtmpx = WTMPX_FILE; ],
4235 [ AC_MSG_RESULT(yes) ],
4237 system_wtmpx_path=no ]
4239 if test -z "$conf_wtmpx_location"; then
4240 if test x"$system_wtmpx_path" = x"no" ; then
4241 AC_DEFINE(DISABLE_WTMPX)
4244 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4245 [Define if you want to specify the path to your wtmpx file])
4249 if test ! -z "$blibpath" ; then
4250 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4251 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4254 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4256 CFLAGS="$CFLAGS $werror_flags"
4259 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4260 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4261 scard/Makefile ssh_prng_cmds survey.sh])
4264 # Print summary of options
4266 # Someone please show me a better way :)
4267 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4268 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4269 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4270 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4271 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4272 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4273 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4274 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4275 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4276 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4279 echo "OpenSSH has been configured with the following options:"
4280 echo " User binaries: $B"
4281 echo " System binaries: $C"
4282 echo " Configuration files: $D"
4283 echo " Askpass program: $E"
4284 echo " Manual pages: $F"
4285 echo " PID file: $G"
4286 echo " Privilege separation chroot path: $H"
4287 if test "x$external_path_file" = "x/etc/login.conf" ; then
4288 echo " At runtime, sshd will use the path defined in $external_path_file"
4289 echo " Make sure the path to scp is present, otherwise scp will not work"
4291 echo " sshd default user PATH: $I"
4292 if test ! -z "$external_path_file"; then
4293 echo " (If PATH is set in $external_path_file it will be used instead. If"
4294 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4297 if test ! -z "$superuser_path" ; then
4298 echo " sshd superuser user PATH: $J"
4300 echo " Manpage format: $MANTYPE"
4301 echo " PAM support: $PAM_MSG"
4302 echo " OSF SIA support: $SIA_MSG"
4303 echo " KerberosV support: $KRB5_MSG"
4304 echo " SELinux support: $SELINUX_MSG"
4305 echo " Smartcard support: $SCARD_MSG"
4306 echo " S/KEY support: $SKEY_MSG"
4307 echo " TCP Wrappers support: $TCPW_MSG"
4308 echo " MD5 password support: $MD5_MSG"
4309 echo " libedit support: $LIBEDIT_MSG"
4310 echo " Solaris process contract support: $SPC_MSG"
4311 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4312 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4313 echo " BSD Auth support: $BSD_AUTH_MSG"
4314 echo " Random number source: $RAND_MSG"
4315 if test ! -z "$USE_RAND_HELPER" ; then
4316 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4321 echo " Host: ${host}"
4322 echo " Compiler: ${CC}"
4323 echo " Compiler flags: ${CFLAGS}"
4324 echo "Preprocessor flags: ${CPPFLAGS}"
4325 echo " Linker flags: ${LDFLAGS}"
4326 echo " Libraries: ${LIBS}"
4327 if test ! -z "${SSHDLIBS}"; then
4328 echo " +for sshd: ${SSHDLIBS}"
4333 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4334 echo "SVR4 style packages are supported with \"make package\""
4338 if test "x$PAM_MSG" = "xyes" ; then
4339 echo "PAM is enabled. You may need to install a PAM control file "
4340 echo "for sshd, otherwise password authentication may fail. "
4341 echo "Example PAM control files can be found in the contrib/ "
4346 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4347 echo "WARNING: you are using the builtin random number collection "
4348 echo "service. Please read WARNING.RNG and request that your OS "
4349 echo "vendor includes kernel-based random number collection in "
4350 echo "future versions of your OS."
4354 if test ! -z "$NO_PEERCHECK" ; then
4355 echo "WARNING: the operating system that you are using does not"
4356 echo "appear to support getpeereid(), getpeerucred() or the"
4357 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4358 echo "enforce security checks to prevent unauthorised connections to"
4359 echo "ssh-agent. Their absence increases the risk that a malicious"
4360 echo "user can connect to your agent."
4364 if test "$AUDIT_MODULE" = "bsm" ; then
4365 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4366 echo "See the Solaris section in README.platform for details."