3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
97 1.*) no_attrib_nonnull=1 ;;
99 CFLAGS="$CFLAGS -Wsign-compare"
102 2.*) no_attrib_nonnull=1 ;;
103 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
104 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
108 if test -z "$have_llong_max"; then
109 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
110 unset ac_cv_have_decl_LLONG_MAX
111 saved_CFLAGS="$CFLAGS"
112 CFLAGS="$CFLAGS -std=gnu99"
113 AC_CHECK_DECL(LLONG_MAX,
115 [CFLAGS="$saved_CFLAGS"],
116 [#include <limits.h>]
121 if test "x$no_attrib_nonnull" != "x1" ; then
122 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
126 [ --without-rpath Disable auto-added -R linker paths],
128 if test "x$withval" = "xno" ; then
131 if test "x$withval" = "xyes" ; then
137 # Allow user to specify flags
139 [ --with-cflags Specify additional flags to pass to compiler],
141 if test -n "$withval" && test "x$withval" != "xno" && \
142 test "x${withval}" != "xyes"; then
143 CFLAGS="$CFLAGS $withval"
147 AC_ARG_WITH(cppflags,
148 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
150 if test -n "$withval" && test "x$withval" != "xno" && \
151 test "x${withval}" != "xyes"; then
152 CPPFLAGS="$CPPFLAGS $withval"
157 [ --with-ldflags Specify additional flags to pass to linker],
159 if test -n "$withval" && test "x$withval" != "xno" && \
160 test "x${withval}" != "xyes"; then
161 LDFLAGS="$LDFLAGS $withval"
166 [ --with-libs Specify additional libraries to link with],
168 if test -n "$withval" && test "x$withval" != "xno" && \
169 test "x${withval}" != "xyes"; then
170 LIBS="$LIBS $withval"
175 [ --with-Werror Build main code with -Werror],
177 if test -n "$withval" && test "x$withval" != "xno"; then
178 werror_flags="-Werror"
179 if test "x${withval}" != "xyes"; then
180 werror_flags="$withval"
212 security/pam_appl.h \
250 # lastlog.h requires sys/time.h to be included first on Solaris
251 AC_CHECK_HEADERS(lastlog.h, [], [], [
252 #ifdef HAVE_SYS_TIME_H
253 # include <sys/time.h>
257 # sys/ptms.h requires sys/stream.h to be included first on Solaris
258 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
259 #ifdef HAVE_SYS_STREAM_H
260 # include <sys/stream.h>
264 # login_cap.h requires sys/types.h on NetBSD
265 AC_CHECK_HEADERS(login_cap.h, [], [], [
266 #include <sys/types.h>
269 # Messages for features tested for in target-specific section
273 # Check for some target-specific stuff
276 # Some versions of VAC won't allow macro redefinitions at
277 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
278 # particularly with older versions of vac or xlc.
279 # It also throws errors about null macro argments, but these are
281 AC_MSG_CHECKING(if compiler allows macro redefinitions)
284 #define testmacro foo
285 #define testmacro bar
286 int main(void) { exit(0); }
288 [ AC_MSG_RESULT(yes) ],
290 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
291 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
292 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
293 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
297 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
298 if (test -z "$blibpath"); then
299 blibpath="/usr/lib:/lib"
301 saved_LDFLAGS="$LDFLAGS"
302 if test "$GCC" = "yes"; then
303 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
305 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
307 for tryflags in $flags ;do
308 if (test -z "$blibflags"); then
309 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
310 AC_TRY_LINK([], [], [blibflags=$tryflags])
313 if (test -z "$blibflags"); then
314 AC_MSG_RESULT(not found)
315 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
317 AC_MSG_RESULT($blibflags)
319 LDFLAGS="$saved_LDFLAGS"
320 dnl Check for authenticate. Might be in libs.a on older AIXes
321 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
322 [Define if you want to enable AIX4's authenticate function])],
323 [AC_CHECK_LIB(s,authenticate,
324 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
328 dnl Check for various auth function declarations in headers.
329 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
330 passwdexpired, setauthdb], , , [#include <usersec.h>])
331 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
332 AC_CHECK_DECLS(loginfailed,
333 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
335 [#include <usersec.h>],
336 [(void)loginfailed("user","host","tty",0);],
338 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
339 [Define if your AIX loginfailed() function
340 takes 4 arguments (AIX >= 5.2)])],
344 [#include <usersec.h>]
346 AC_CHECK_FUNCS(setauthdb)
347 AC_CHECK_DECL(F_CLOSEM,
348 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
350 [ #include <limits.h>
353 check_for_aix_broken_getaddrinfo=1
354 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
355 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
356 [Define if your platform breaks doing a seteuid before a setuid])
357 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
358 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
359 dnl AIX handles lastlog as part of its login message
360 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
361 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
362 [Some systems need a utmpx entry for /bin/login to work])
363 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
364 [Define to a Set Process Title type if your system is
365 supported by bsd-setproctitle.c])
366 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
367 [AIX 5.2 and 5.3 (and presumably newer) require this])
368 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
371 check_for_libcrypt_later=1
372 LIBS="$LIBS /usr/lib/textreadmode.o"
373 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
374 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
375 AC_DEFINE(DISABLE_SHADOW, 1,
376 [Define if you want to disable shadow passwords])
377 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
378 [Define if your system choked on IP TOS setting])
379 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
380 [Define if X11 doesn't support AF_UNIX sockets on that system])
381 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
382 [Define if the concept of ports only accessible to
383 superusers isn't known])
384 AC_DEFINE(DISABLE_FD_PASSING, 1,
385 [Define if your platform needs to skip post auth
386 file descriptor passing])
389 AC_DEFINE(IP_TOS_IS_BROKEN)
390 AC_DEFINE(SETEUID_BREAKS_SETUID)
391 AC_DEFINE(BROKEN_SETREUID)
392 AC_DEFINE(BROKEN_SETREGID)
395 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
396 AC_DEFINE(BROKEN_GETADDRINFO)
397 AC_DEFINE(SETEUID_BREAKS_SETUID)
398 AC_DEFINE(BROKEN_SETREUID)
399 AC_DEFINE(BROKEN_SETREGID)
400 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
401 [Define if your resolver libs need this for getrrsetbyname])
402 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
403 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
404 [Use tunnel device compatibility to OpenBSD])
405 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
406 [Prepend the address family to IP tunnel traffic])
407 AC_MSG_CHECKING(if we have the Security Authorization Session API)
408 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
409 [SessionCreate(0, 0);],
410 [ac_cv_use_security_session_api="yes"
411 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
412 [platform has the Security Authorization Session API])
413 LIBS="$LIBS -framework Security"
415 [ac_cv_use_security_session_api="no"
417 AC_MSG_CHECKING(if we have an in-memory credentials cache)
419 [#include <Kerberos/Kerberos.h>],
421 (void) cc_initialize (&c, 0, NULL, NULL);],
422 [AC_DEFINE(USE_CCAPI, 1,
423 [platform uses an in-memory credentials cache])
424 LIBS="$LIBS -framework Security"
426 if test "x$ac_cv_use_security_session_api" = "xno"; then
427 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
433 SSHDLIBS="$SSHDLIBS -lcrypt"
436 # first we define all of the options common to all HP-UX releases
437 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
438 IPADDR_IN_DISPLAY=yes
440 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
441 [Define if your login program cannot handle end of options ("--")])
442 AC_DEFINE(LOGIN_NEEDS_UTMPX)
443 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
444 [String used in /etc/passwd to denote locked account])
445 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
446 MAIL="/var/mail/username"
448 AC_CHECK_LIB(xnet, t_error, ,
449 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
451 # next, we define all of the options specific to major releases
454 if test -z "$GCC"; then
459 AC_DEFINE(PAM_SUN_CODEBASE, 1,
460 [Define if you are using Solaris-derived PAM which
461 passes pam_messages to the conversation function
462 with an extra level of indirection])
463 AC_DEFINE(DISABLE_UTMP, 1,
464 [Define if you don't want to use utmp])
465 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
466 check_for_hpux_broken_getaddrinfo=1
467 check_for_conflicting_getspnam=1
471 # lastly, we define options specific to minor releases
474 AC_DEFINE(HAVE_SECUREWARE, 1,
475 [Define if you have SecureWare-based
476 protected password database])
477 disable_ptmx_check=yes
483 PATH="$PATH:/usr/etc"
484 AC_DEFINE(BROKEN_INET_NTOA, 1,
485 [Define if you system's inet_ntoa is busted
486 (e.g. Irix gcc issue)])
487 AC_DEFINE(SETEUID_BREAKS_SETUID)
488 AC_DEFINE(BROKEN_SETREUID)
489 AC_DEFINE(BROKEN_SETREGID)
490 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
491 [Define if you shouldn't strip 'tty' from your
493 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
496 PATH="$PATH:/usr/etc"
497 AC_DEFINE(WITH_IRIX_ARRAY, 1,
498 [Define if you have/want arrays
499 (cluster-wide session managment, not C arrays)])
500 AC_DEFINE(WITH_IRIX_PROJECT, 1,
501 [Define if you want IRIX project management])
502 AC_DEFINE(WITH_IRIX_AUDIT, 1,
503 [Define if you want IRIX audit trails])
504 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
505 [Define if you want IRIX kernel jobs])])
506 AC_DEFINE(BROKEN_INET_NTOA)
507 AC_DEFINE(SETEUID_BREAKS_SETUID)
508 AC_DEFINE(BROKEN_SETREUID)
509 AC_DEFINE(BROKEN_SETREGID)
510 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
511 AC_DEFINE(WITH_ABBREV_NO_TTY)
512 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
516 check_for_libcrypt_later=1
517 check_for_openpty_ctty_bug=1
518 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
519 AC_DEFINE(PAM_TTY_KLUDGE, 1,
520 [Work around problematic Linux PAM modules handling of PAM_TTY])
521 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
522 [String used in /etc/passwd to denote locked account])
523 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
524 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
525 [Define to whatever link() returns for "not supported"
526 if it doesn't return EOPNOTSUPP.])
527 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
529 inet6_default_4in6=yes
532 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
533 [Define if cmsg_type is not passed correctly])
536 # tun(4) forwarding compat code
537 AC_CHECK_HEADERS(linux/if_tun.h)
538 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
539 AC_DEFINE(SSH_TUN_LINUX, 1,
540 [Open tunnel devices the Linux tun/tap way])
541 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
542 [Use tunnel device compatibility to OpenBSD])
543 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
544 [Prepend the address family to IP tunnel traffic])
547 mips-sony-bsd|mips-sony-newsos4)
548 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
552 check_for_libcrypt_before=1
553 if test "x$withval" != "xno" ; then
556 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
557 AC_CHECK_HEADER([net/if_tap.h], ,
558 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
559 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
560 [Prepend the address family to IP tunnel traffic])
563 check_for_libcrypt_later=1
564 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
565 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
566 AC_CHECK_HEADER([net/if_tap.h], ,
567 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
570 AC_DEFINE(SETEUID_BREAKS_SETUID)
571 AC_DEFINE(BROKEN_SETREUID)
572 AC_DEFINE(BROKEN_SETREGID)
575 conf_lastlog_location="/usr/adm/lastlog"
576 conf_utmp_location=/etc/utmp
577 conf_wtmp_location=/usr/adm/wtmp
579 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
580 AC_DEFINE(BROKEN_REALPATH)
582 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
585 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
586 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
587 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
588 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
589 [syslog_r function is safe to use in in a signal handler])
592 if test "x$withval" != "xno" ; then
595 AC_DEFINE(PAM_SUN_CODEBASE)
596 AC_DEFINE(LOGIN_NEEDS_UTMPX)
597 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
598 [Some versions of /bin/login need the TERM supplied
600 AC_DEFINE(PAM_TTY_KLUDGE)
601 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
602 [Define if pam_chauthtok wants real uid set
603 to the unpriv'ed user])
604 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
605 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
606 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
607 [Define if sshd somehow reacquires a controlling TTY
609 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
610 in case the name is longer than 8 chars])
611 external_path_file=/etc/default/login
612 # hardwire lastlog location (can't detect it on some versions)
613 conf_lastlog_location="/var/adm/lastlog"
614 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
615 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
616 if test "$sol2ver" -ge 8; then
618 AC_DEFINE(DISABLE_UTMP)
619 AC_DEFINE(DISABLE_WTMP, 1,
620 [Define if you don't want to use wtmp])
624 AC_ARG_WITH(solaris-contracts,
625 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
627 AC_CHECK_LIB(contract, ct_tmpl_activate,
628 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
629 [Define if you have Solaris process contracts])
630 SSHDLIBS="$SSHDLIBS -lcontract"
637 CPPFLAGS="$CPPFLAGS -DSUNOS4"
638 AC_CHECK_FUNCS(getpwanam)
639 AC_DEFINE(PAM_SUN_CODEBASE)
640 conf_utmp_location=/etc/utmp
641 conf_wtmp_location=/var/adm/wtmp
642 conf_lastlog_location=/var/adm/lastlog
648 AC_DEFINE(SSHD_ACQUIRES_CTTY)
649 AC_DEFINE(SETEUID_BREAKS_SETUID)
650 AC_DEFINE(BROKEN_SETREUID)
651 AC_DEFINE(BROKEN_SETREGID)
654 # /usr/ucblib MUST NOT be searched on ReliantUNIX
655 AC_CHECK_LIB(dl, dlsym, ,)
656 # -lresolv needs to be at the end of LIBS or DNS lookups break
657 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
658 IPADDR_IN_DISPLAY=yes
660 AC_DEFINE(IP_TOS_IS_BROKEN)
661 AC_DEFINE(SETEUID_BREAKS_SETUID)
662 AC_DEFINE(BROKEN_SETREUID)
663 AC_DEFINE(BROKEN_SETREGID)
664 AC_DEFINE(SSHD_ACQUIRES_CTTY)
665 external_path_file=/etc/default/login
666 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
667 # Attention: always take care to bind libsocket and libnsl before libc,
668 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
670 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
673 AC_DEFINE(SETEUID_BREAKS_SETUID)
674 AC_DEFINE(BROKEN_SETREUID)
675 AC_DEFINE(BROKEN_SETREGID)
676 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
677 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
679 # UnixWare 7.x, OpenUNIX 8
681 check_for_libcrypt_later=1
682 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
684 AC_DEFINE(SETEUID_BREAKS_SETUID)
685 AC_DEFINE(BROKEN_SETREUID)
686 AC_DEFINE(BROKEN_SETREGID)
687 AC_DEFINE(PASSWD_NEEDS_USERNAME)
689 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
690 TEST_SHELL=/u95/bin/sh
691 AC_DEFINE(BROKEN_LIBIAF, 1,
692 [ia_uinfo routines not supported by OS yet])
693 AC_DEFINE(BROKEN_UPDWTMPX)
695 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
701 # SCO UNIX and OEM versions of SCO UNIX
703 AC_MSG_ERROR("This Platform is no longer supported.")
707 if test -z "$GCC"; then
708 CFLAGS="$CFLAGS -belf"
710 LIBS="$LIBS -lprot -lx -ltinfo -lm"
713 AC_DEFINE(HAVE_SECUREWARE)
714 AC_DEFINE(DISABLE_SHADOW)
715 AC_DEFINE(DISABLE_FD_PASSING)
716 AC_DEFINE(SETEUID_BREAKS_SETUID)
717 AC_DEFINE(BROKEN_SETREUID)
718 AC_DEFINE(BROKEN_SETREGID)
719 AC_DEFINE(WITH_ABBREV_NO_TTY)
720 AC_DEFINE(BROKEN_UPDWTMPX)
721 AC_DEFINE(PASSWD_NEEDS_USERNAME)
722 AC_CHECK_FUNCS(getluid setluid)
727 AC_DEFINE(NO_SSH_LASTLOG, 1,
728 [Define if you don't want to use lastlog in session.c])
729 AC_DEFINE(SETEUID_BREAKS_SETUID)
730 AC_DEFINE(BROKEN_SETREUID)
731 AC_DEFINE(BROKEN_SETREGID)
733 AC_DEFINE(DISABLE_FD_PASSING)
735 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
739 AC_DEFINE(SETEUID_BREAKS_SETUID)
740 AC_DEFINE(BROKEN_SETREUID)
741 AC_DEFINE(BROKEN_SETREGID)
742 AC_DEFINE(WITH_ABBREV_NO_TTY)
744 AC_DEFINE(DISABLE_FD_PASSING)
746 LIBS="$LIBS -lgen -lacid -ldb"
750 AC_DEFINE(SETEUID_BREAKS_SETUID)
751 AC_DEFINE(BROKEN_SETREUID)
752 AC_DEFINE(BROKEN_SETREGID)
754 AC_DEFINE(DISABLE_FD_PASSING)
755 AC_DEFINE(NO_SSH_LASTLOG)
756 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
757 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
761 AC_MSG_CHECKING(for Digital Unix SIA)
764 [ --with-osfsia Enable Digital Unix SIA],
766 if test "x$withval" = "xno" ; then
767 AC_MSG_RESULT(disabled)
772 if test -z "$no_osfsia" ; then
773 if test -f /etc/sia/matrix.conf; then
775 AC_DEFINE(HAVE_OSF_SIA, 1,
776 [Define if you have Digital Unix Security
777 Integration Architecture])
778 AC_DEFINE(DISABLE_LOGIN, 1,
779 [Define if you don't want to use your
780 system's login() call])
781 AC_DEFINE(DISABLE_FD_PASSING)
782 LIBS="$LIBS -lsecurity -ldb -lm -laud"
786 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
787 [String used in /etc/passwd to denote locked account])
790 AC_DEFINE(BROKEN_GETADDRINFO)
791 AC_DEFINE(SETEUID_BREAKS_SETUID)
792 AC_DEFINE(BROKEN_SETREUID)
793 AC_DEFINE(BROKEN_SETREGID)
798 AC_DEFINE(NO_X11_UNIX_SOCKETS)
799 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
800 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
801 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
802 AC_DEFINE(DISABLE_LASTLOG)
803 AC_DEFINE(SSHD_ACQUIRES_CTTY)
804 enable_etc_default_login=no # has incompatible /etc/default/login
807 AC_DEFINE(DISABLE_FD_PASSING)
813 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
814 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
815 AC_DEFINE(NEED_SETPGRP)
816 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
820 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
821 AC_DEFINE(MISSING_HOWMANY)
822 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
826 AC_MSG_CHECKING(compiler and flags for sanity)
832 [ AC_MSG_RESULT(yes) ],
835 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
837 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
840 dnl Checks for header files.
841 # Checks for libraries.
842 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
843 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
845 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
846 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
847 AC_CHECK_LIB(gen, dirname,[
848 AC_CACHE_CHECK([for broken dirname],
849 ac_cv_have_broken_dirname, [
857 int main(int argc, char **argv) {
860 strncpy(buf,"/etc", 32);
862 if (!s || strncmp(s, "/", 32) != 0) {
869 [ ac_cv_have_broken_dirname="no" ],
870 [ ac_cv_have_broken_dirname="yes" ],
871 [ ac_cv_have_broken_dirname="no" ],
875 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
877 AC_DEFINE(HAVE_DIRNAME)
878 AC_CHECK_HEADERS(libgen.h)
883 AC_CHECK_FUNC(getspnam, ,
884 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
885 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
886 [Define if you have the basename function.]))
890 [ --with-zlib=PATH Use zlib in PATH],
891 [ if test "x$withval" = "xno" ; then
892 AC_MSG_ERROR([*** zlib is required ***])
893 elif test "x$withval" != "xyes"; then
894 if test -d "$withval/lib"; then
895 if test -n "${need_dash_r}"; then
896 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
898 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
901 if test -n "${need_dash_r}"; then
902 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
904 LDFLAGS="-L${withval} ${LDFLAGS}"
907 if test -d "$withval/include"; then
908 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
910 CPPFLAGS="-I${withval} ${CPPFLAGS}"
915 AC_CHECK_LIB(z, deflate, ,
917 saved_CPPFLAGS="$CPPFLAGS"
918 saved_LDFLAGS="$LDFLAGS"
920 dnl Check default zlib install dir
921 if test -n "${need_dash_r}"; then
922 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
924 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
926 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
928 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
930 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
935 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
937 AC_ARG_WITH(zlib-version-check,
938 [ --without-zlib-version-check Disable zlib version check],
939 [ if test "x$withval" = "xno" ; then
940 zlib_check_nonfatal=1
945 AC_MSG_CHECKING(for possibly buggy zlib)
946 AC_RUN_IFELSE([AC_LANG_SOURCE([[
951 int a=0, b=0, c=0, d=0, n, v;
952 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
953 if (n != 3 && n != 4)
955 v = a*1000000 + b*10000 + c*100 + d;
956 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
959 if (a == 1 && b == 1 && c >= 4)
962 /* 1.2.3 and up are OK */
971 if test -z "$zlib_check_nonfatal" ; then
972 AC_MSG_ERROR([*** zlib too old - check config.log ***
973 Your reported zlib version has known security problems. It's possible your
974 vendor has fixed these problems without changing the version number. If you
975 are sure this is the case, you can disable the check by running
976 "./configure --without-zlib-version-check".
977 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
978 See http://www.gzip.org/zlib/ for details.])
980 AC_MSG_WARN([zlib version may have security problems])
983 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
987 AC_CHECK_FUNC(strcasecmp,
988 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
990 AC_CHECK_FUNCS(utimes,
991 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
992 LIBS="$LIBS -lc89"]) ]
995 dnl Checks for libutil functions
996 AC_CHECK_HEADERS(libutil.h)
997 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
998 [Define if your libraries define login()])])
999 AC_CHECK_FUNCS(logout updwtmp logwtmp)
1003 # Check for ALTDIRFUNC glob() extension
1004 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1005 AC_EGREP_CPP(FOUNDIT,
1008 #ifdef GLOB_ALTDIRFUNC
1013 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1014 [Define if your system glob() function has
1015 the GLOB_ALTDIRFUNC extension])
1023 # Check for g.gl_matchc glob() extension
1024 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1026 [ #include <glob.h> ],
1027 [glob_t g; g.gl_matchc = 1;],
1029 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1030 [Define if your system glob() function has
1031 gl_matchc options in glob_t])
1039 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1041 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1044 #include <sys/types.h>
1046 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1048 [AC_MSG_RESULT(yes)],
1051 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1052 [Define if your struct dirent expects you to
1053 allocate extra space for d_name])
1056 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1057 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1061 # Check whether the user wants GSSAPI mechglue support
1062 AC_ARG_WITH(mechglue,
1063 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1065 AC_MSG_CHECKING(for mechglue library)
1067 if test -e ${withval}/libgssapi.a ; then
1068 mechglue_lib=${withval}/libgssapi.a
1069 elif test -e ${withval}/lib/libgssapi.a ; then
1070 mechglue_lib=${withval}/lib/libgssapi.a
1072 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1074 LIBS="$LIBS ${mechglue_lib}"
1075 AC_MSG_RESULT(${mechglue_lib})
1077 AC_CHECK_LIB(dl, dlopen, , )
1078 if test $ac_cv_lib_dl_dlopen = yes; then
1079 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1083 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1090 # Check whether the user wants GSI (Globus) support
1093 [ --with-gsi Enable Globus GSI authentication support],
1100 [ --with-globus Enable Globus GSI authentication support],
1106 AC_ARG_WITH(globus-static,
1107 [ --with-globus-static Link statically with Globus GSI libraries],
1109 gsi_static="-static"
1110 if test "x$gsi_path" = "xno" ; then
1116 # Check whether the user has a Globus flavor type
1117 globus_flavor_type="no"
1118 AC_ARG_WITH(globus-flavor,
1119 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
1121 globus_flavor_type="$withval"
1122 if test "x$gsi_path" = "xno" ; then
1128 if test "x$gsi_path" != "xno" ; then
1129 # Globus GSSAPI configuration
1130 AC_MSG_CHECKING(for Globus GSI)
1131 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
1133 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
1134 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1136 if test -z "$GSSAPI"; then
1141 if test "x$gsi_path" = "xyes" ; then
1142 if test -z "$GLOBUS_LOCATION" ; then
1143 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
1145 gsi_path="$GLOBUS_LOCATION"
1148 GLOBUS_LOCATION="$gsi_path"
1149 export GLOBUS_LOCATION
1150 if test ! -d "$GLOBUS_LOCATION" ; then
1151 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1154 if test "x$globus_flavor_type" = "xno" ; then
1155 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1157 if test "x$globus_flavor_type" = "xyes" ; then
1158 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1161 if test -x ${gsi_path}/bin/globus-makefile-header ; then
1162 ${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
1163 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
1164 ${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | sed 's/ = \(.*\)/="\1"/' > ./gpt_build_tmp.sh
1166 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
1168 . ./gpt_build_tmp.sh
1169 if test -n "${need_dash_r}"; then
1170 GSI_LDFLAGS="-L${gsi_path}/lib -R${gsi_path}/lib"
1172 GSI_LDFLAGS="-L${gsi_path}/lib"
1174 if test -z "$GLOBUS_PKG_LIBS" ; then
1175 AC_MSG_ERROR(globus-makefile-header failed)
1178 AC_DEFINE(HAVE_GSSAPI_H)
1180 LIBS="$LIBS $GLOBUS_LIBS $GLOBUS_PKG_LIBS"
1181 LDFLAGS="$LDFLAGS $GLOBUS_LDFLAGS"
1182 CPPFLAGS="$CPPFLAGS $GLOBUS_CPPFLAGS $GLOBUS_INCLUDES"
1183 CFLAGS="$CFLAGS $GLOBUS_CFLAGS"
1185 # test that we got the libraries OK
1193 AC_MSG_ERROR(link with Globus libraries failed)
1196 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1197 INSTALL_GSISSH="yes"
1201 AC_SUBST(INSTALL_GSISSH)
1202 # End Globus/GSI section
1204 AC_MSG_CHECKING([for /proc/pid/fd directory])
1205 if test -d "/proc/$$/fd" ; then
1206 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1212 # Check whether user wants S/Key support
1215 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1217 if test "x$withval" != "xno" ; then
1219 if test "x$withval" != "xyes" ; then
1220 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1221 LDFLAGS="$LDFLAGS -L${withval}/lib"
1224 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1228 AC_MSG_CHECKING([for s/key support])
1233 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1235 [AC_MSG_RESULT(yes)],
1238 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1240 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1244 [(void)skeychallenge(NULL,"name","",0);],
1246 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1247 [Define if your skeychallenge()
1248 function takes 4 arguments (NetBSD)])],
1255 # Check whether user wants TCP wrappers support
1257 AC_ARG_WITH(tcp-wrappers,
1258 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1260 if test "x$withval" != "xno" ; then
1262 saved_LDFLAGS="$LDFLAGS"
1263 saved_CPPFLAGS="$CPPFLAGS"
1264 if test -n "${withval}" && \
1265 test "x${withval}" != "xyes"; then
1266 if test -d "${withval}/lib"; then
1267 if test -n "${need_dash_r}"; then
1268 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1270 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1273 if test -n "${need_dash_r}"; then
1274 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1276 LDFLAGS="-L${withval} ${LDFLAGS}"
1279 if test -d "${withval}/include"; then
1280 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1282 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1286 AC_MSG_CHECKING(for libwrap)
1289 #include <sys/types.h>
1290 #include <sys/socket.h>
1291 #include <netinet/in.h>
1293 int deny_severity = 0, allow_severity = 0;
1298 AC_DEFINE(LIBWRAP, 1,
1300 TCP Wrappers support])
1301 SSHDLIBS="$SSHDLIBS -lwrap"
1305 AC_MSG_ERROR([*** libwrap missing])
1313 # Check whether user wants libedit support
1315 AC_ARG_WITH(libedit,
1316 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1317 [ if test "x$withval" != "xno" ; then
1318 if test "x$withval" != "xyes"; then
1319 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1320 if test -n "${need_dash_r}"; then
1321 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1323 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1326 AC_CHECK_LIB(edit, el_init,
1327 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1328 LIBEDIT="-ledit -lcurses"
1332 [ AC_MSG_ERROR(libedit not found) ],
1335 AC_MSG_CHECKING(if libedit version is compatible)
1338 #include <histedit.h>
1342 el_init("", NULL, NULL, NULL);
1346 [ AC_MSG_RESULT(yes) ],
1348 AC_MSG_ERROR(libedit version is not compatible) ]
1355 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1357 AC_MSG_CHECKING(for supported audit module)
1362 dnl Checks for headers, libs and functions
1363 AC_CHECK_HEADERS(bsm/audit.h, [],
1364 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1371 AC_CHECK_LIB(bsm, getaudit, [],
1372 [AC_MSG_ERROR(BSM enabled and required library not found)])
1373 AC_CHECK_FUNCS(getaudit, [],
1374 [AC_MSG_ERROR(BSM enabled and required function not found)])
1375 # These are optional
1376 AC_CHECK_FUNCS(getaudit_addr)
1377 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1381 AC_MSG_RESULT(debug)
1382 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1388 AC_MSG_ERROR([Unknown audit module $withval])
1393 dnl Checks for library functions. Please keep in alphabetical order
1481 # IRIX has a const char return value for gai_strerror()
1482 AC_CHECK_FUNCS(gai_strerror,[
1483 AC_DEFINE(HAVE_GAI_STRERROR)
1485 #include <sys/types.h>
1486 #include <sys/socket.h>
1489 const char *gai_strerror(int);],[
1492 str = gai_strerror(0);],[
1493 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1494 [Define if gai_strerror() returns const char *])])])
1496 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1497 [Some systems put nanosleep outside of libc]))
1499 dnl Make sure prototypes are defined for these before using them.
1500 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1501 AC_CHECK_DECL(strsep,
1502 [AC_CHECK_FUNCS(strsep)],
1505 #ifdef HAVE_STRING_H
1506 # include <string.h>
1510 dnl tcsendbreak might be a macro
1511 AC_CHECK_DECL(tcsendbreak,
1512 [AC_DEFINE(HAVE_TCSENDBREAK)],
1513 [AC_CHECK_FUNCS(tcsendbreak)],
1514 [#include <termios.h>]
1517 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1519 AC_CHECK_DECLS(SHUT_RD, , ,
1521 #include <sys/types.h>
1522 #include <sys/socket.h>
1525 AC_CHECK_DECLS(O_NONBLOCK, , ,
1527 #include <sys/types.h>
1528 #ifdef HAVE_SYS_STAT_H
1529 # include <sys/stat.h>
1536 AC_CHECK_DECLS(writev, , , [
1537 #include <sys/types.h>
1538 #include <sys/uio.h>
1542 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1543 #include <sys/param.h>
1546 AC_CHECK_DECLS(offsetof, , , [
1550 AC_CHECK_FUNCS(setresuid, [
1551 dnl Some platorms have setresuid that isn't implemented, test for this
1552 AC_MSG_CHECKING(if setresuid seems to work)
1557 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1559 [AC_MSG_RESULT(yes)],
1560 [AC_DEFINE(BROKEN_SETRESUID, 1,
1561 [Define if your setresuid() is broken])
1562 AC_MSG_RESULT(not implemented)],
1563 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1567 AC_CHECK_FUNCS(setresgid, [
1568 dnl Some platorms have setresgid that isn't implemented, test for this
1569 AC_MSG_CHECKING(if setresgid seems to work)
1574 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1576 [AC_MSG_RESULT(yes)],
1577 [AC_DEFINE(BROKEN_SETRESGID, 1,
1578 [Define if your setresgid() is broken])
1579 AC_MSG_RESULT(not implemented)],
1580 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1584 dnl Checks for time functions
1585 AC_CHECK_FUNCS(gettimeofday time)
1586 dnl Checks for utmp functions
1587 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1588 AC_CHECK_FUNCS(utmpname)
1589 dnl Checks for utmpx functions
1590 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1591 AC_CHECK_FUNCS(setutxent utmpxname)
1593 AC_CHECK_FUNC(daemon,
1594 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1595 [AC_CHECK_LIB(bsd, daemon,
1596 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1599 AC_CHECK_FUNC(getpagesize,
1600 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1601 [Define if your libraries define getpagesize()])],
1602 [AC_CHECK_LIB(ucb, getpagesize,
1603 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1606 # Check for broken snprintf
1607 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1608 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1612 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1614 [AC_MSG_RESULT(yes)],
1617 AC_DEFINE(BROKEN_SNPRINTF, 1,
1618 [Define if your snprintf is busted])
1619 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1621 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1625 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1626 # returning the right thing on overflow: the number of characters it tried to
1627 # create (as per SUSv3)
1628 if test "x$ac_cv_func_asprintf" != "xyes" && \
1629 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1630 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1633 #include <sys/types.h>
1637 int x_snprintf(char *str,size_t count,const char *fmt,...)
1639 size_t ret; va_list ap;
1640 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1646 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1648 [AC_MSG_RESULT(yes)],
1651 AC_DEFINE(BROKEN_SNPRINTF, 1,
1652 [Define if your snprintf is busted])
1653 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1655 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1659 # On systems where [v]snprintf is broken, but is declared in stdio,
1660 # check that the fmt argument is const char * or just char *.
1661 # This is only useful for when BROKEN_SNPRINTF
1662 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1663 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1664 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1665 int main(void) { snprintf(0, 0, 0); }
1668 AC_DEFINE(SNPRINTF_CONST, [const],
1669 [Define as const if snprintf() can declare const char *fmt])],
1671 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1673 # Check for missing getpeereid (or equiv) support
1675 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1676 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1678 [#include <sys/types.h>
1679 #include <sys/socket.h>],
1680 [int i = SO_PEERCRED;],
1681 [ AC_MSG_RESULT(yes)
1682 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1689 dnl see whether mkstemp() requires XXXXXX
1690 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1691 AC_MSG_CHECKING([for (overly) strict mkstemp])
1695 main() { char template[]="conftest.mkstemp-test";
1696 if (mkstemp(template) == -1)
1698 unlink(template); exit(0);
1706 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1710 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1715 dnl make sure that openpty does not reacquire controlling terminal
1716 if test ! -z "$check_for_openpty_ctty_bug"; then
1717 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1721 #include <sys/fcntl.h>
1722 #include <sys/types.h>
1723 #include <sys/wait.h>
1729 int fd, ptyfd, ttyfd, status;
1732 if (pid < 0) { /* failed */
1734 } else if (pid > 0) { /* parent */
1735 waitpid(pid, &status, 0);
1736 if (WIFEXITED(status))
1737 exit(WEXITSTATUS(status));
1740 } else { /* child */
1741 close(0); close(1); close(2);
1743 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1744 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1746 exit(3); /* Acquired ctty: broken */
1748 exit(0); /* Did not acquire ctty: OK */
1757 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1760 AC_MSG_RESULT(cross-compiling, assuming yes)
1765 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1766 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1767 AC_MSG_CHECKING(if getaddrinfo seems to work)
1771 #include <sys/socket.h>
1774 #include <netinet/in.h>
1776 #define TEST_PORT "2222"
1782 struct addrinfo *gai_ai, *ai, hints;
1783 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1785 memset(&hints, 0, sizeof(hints));
1786 hints.ai_family = PF_UNSPEC;
1787 hints.ai_socktype = SOCK_STREAM;
1788 hints.ai_flags = AI_PASSIVE;
1790 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1792 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1796 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1797 if (ai->ai_family != AF_INET6)
1800 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1801 sizeof(ntop), strport, sizeof(strport),
1802 NI_NUMERICHOST|NI_NUMERICSERV);
1805 if (err == EAI_SYSTEM)
1806 perror("getnameinfo EAI_SYSTEM");
1808 fprintf(stderr, "getnameinfo failed: %s\n",
1813 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1816 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1829 AC_DEFINE(BROKEN_GETADDRINFO)
1832 AC_MSG_RESULT(cross-compiling, assuming yes)
1837 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1838 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1839 AC_MSG_CHECKING(if getaddrinfo seems to work)
1843 #include <sys/socket.h>
1846 #include <netinet/in.h>
1848 #define TEST_PORT "2222"
1854 struct addrinfo *gai_ai, *ai, hints;
1855 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1857 memset(&hints, 0, sizeof(hints));
1858 hints.ai_family = PF_UNSPEC;
1859 hints.ai_socktype = SOCK_STREAM;
1860 hints.ai_flags = AI_PASSIVE;
1862 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1864 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1868 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1869 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1872 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1873 sizeof(ntop), strport, sizeof(strport),
1874 NI_NUMERICHOST|NI_NUMERICSERV);
1876 if (ai->ai_family == AF_INET && err != 0) {
1877 perror("getnameinfo");
1886 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1887 [Define if you have a getaddrinfo that fails
1888 for the all-zeros IPv6 address])
1892 AC_DEFINE(BROKEN_GETADDRINFO)
1895 AC_MSG_RESULT(cross-compiling, assuming no)
1900 if test "x$check_for_conflicting_getspnam" = "x1"; then
1901 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1905 int main(void) {exit(0);}
1912 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1913 [Conflicting defs for getspnam])
1920 # Search for OpenSSL
1921 saved_CPPFLAGS="$CPPFLAGS"
1922 saved_LDFLAGS="$LDFLAGS"
1923 AC_ARG_WITH(ssl-dir,
1924 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1926 if test "x$withval" != "xno" ; then
1929 ./*|../*) withval="`pwd`/$withval"
1931 if test -d "$withval/lib"; then
1932 if test -n "${need_dash_r}"; then
1933 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1935 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1938 if test -n "${need_dash_r}"; then
1939 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1941 LDFLAGS="-L${withval} ${LDFLAGS}"
1944 if test -d "$withval/include"; then
1945 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1947 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1952 if test -z "$GSI_LDFLAGS" ; then
1953 LIBS="-lcrypto $LIBS"
1955 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1956 [Define if your ssl headers are included
1957 with #include <openssl/header.h>]),
1959 dnl Check default openssl install dir
1960 if test -n "${need_dash_r}"; then
1961 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1963 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1965 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1966 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1968 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1974 # Determine OpenSSL header version
1975 AC_MSG_CHECKING([OpenSSL header version])
1980 #include <openssl/opensslv.h>
1981 #define DATA "conftest.sslincver"
1986 fd = fopen(DATA,"w");
1990 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1997 ssl_header_ver=`cat conftest.sslincver`
1998 AC_MSG_RESULT($ssl_header_ver)
2001 AC_MSG_RESULT(not found)
2002 AC_MSG_ERROR(OpenSSL version header not found.)
2005 AC_MSG_WARN([cross compiling: not checking])
2009 # Determine OpenSSL library version
2010 AC_MSG_CHECKING([OpenSSL library version])
2015 #include <openssl/opensslv.h>
2016 #include <openssl/crypto.h>
2017 #define DATA "conftest.ssllibver"
2022 fd = fopen(DATA,"w");
2026 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2033 ssl_library_ver=`cat conftest.ssllibver`
2034 AC_MSG_RESULT($ssl_library_ver)
2037 AC_MSG_RESULT(not found)
2038 AC_MSG_ERROR(OpenSSL library not found.)
2041 AC_MSG_WARN([cross compiling: not checking])
2045 AC_ARG_WITH(openssl-header-check,
2046 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2047 [ if test "x$withval" = "xno" ; then
2048 openssl_check_nonfatal=1
2053 # Sanity check OpenSSL headers
2054 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2058 #include <openssl/opensslv.h>
2059 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2066 if test "x$openssl_check_nonfatal" = "x"; then
2067 AC_MSG_ERROR([Your OpenSSL headers do not match your
2068 library. Check config.log for details.
2069 If you are sure your installation is consistent, you can disable the check
2070 by running "./configure --without-openssl-header-check".
2071 Also see contrib/findssl.sh for help identifying header/library mismatches.
2074 AC_MSG_WARN([Your OpenSSL headers do not match your
2075 library. Check config.log for details.
2076 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2080 AC_MSG_WARN([cross compiling: not checking])
2084 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2087 #include <openssl/evp.h>
2088 int main(void) { SSLeay_add_all_algorithms(); }
2097 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2100 #include <openssl/evp.h>
2101 int main(void) { SSLeay_add_all_algorithms(); }
2114 AC_ARG_WITH(ssl-engine,
2115 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2116 [ if test "x$withval" != "xno" ; then
2117 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2119 [ #include <openssl/engine.h>],
2121 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2123 [ AC_MSG_RESULT(yes)
2124 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2125 [Enable OpenSSL engine support])
2127 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2132 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2133 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2137 #include <openssl/evp.h>
2138 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2145 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2146 [libcrypto is missing AES 192 and 256 bit functions])
2150 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2151 # because the system crypt() is more featureful.
2152 if test "x$check_for_libcrypt_before" = "x1"; then
2153 AC_CHECK_LIB(crypt, crypt)
2156 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2157 # version in OpenSSL.
2158 if test "x$check_for_libcrypt_later" = "x1"; then
2159 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2162 # Search for SHA256 support in libc and/or OpenSSL
2163 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2166 AC_CHECK_LIB(iaf, ia_openinfo, [
2168 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
2172 ### Configure cryptographic random number support
2174 # Check wheter OpenSSL seeds itself
2175 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2179 #include <openssl/rand.h>
2180 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2183 OPENSSL_SEEDS_ITSELF=yes
2188 # Default to use of the rand helper if OpenSSL doesn't
2193 AC_MSG_WARN([cross compiling: assuming yes])
2194 # This is safe, since all recent OpenSSL versions will
2195 # complain at runtime if not seeded correctly.
2196 OPENSSL_SEEDS_ITSELF=yes
2200 # Check for PAM libs
2203 [ --with-pam Enable PAM support ],
2205 if test "x$withval" != "xno" ; then
2206 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2207 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2208 AC_MSG_ERROR([PAM headers not found])
2212 AC_CHECK_LIB(dl, dlopen, , )
2213 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2214 AC_CHECK_FUNCS(pam_getenvlist)
2215 AC_CHECK_FUNCS(pam_putenv)
2220 SSHDLIBS="$SSHDLIBS -lpam"
2221 AC_DEFINE(USE_PAM, 1,
2222 [Define if you want to enable PAM support])
2224 if test $ac_cv_lib_dl_dlopen = yes; then
2227 # libdl already in LIBS
2230 SSHDLIBS="$SSHDLIBS -ldl"
2238 # Check for older PAM
2239 if test "x$PAM_MSG" = "xyes" ; then
2240 # Check PAM strerror arguments (old PAM)
2241 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2245 #if defined(HAVE_SECURITY_PAM_APPL_H)
2246 #include <security/pam_appl.h>
2247 #elif defined (HAVE_PAM_PAM_APPL_H)
2248 #include <pam/pam_appl.h>
2251 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2252 [AC_MSG_RESULT(no)],
2254 AC_DEFINE(HAVE_OLD_PAM, 1,
2255 [Define if you have an old version of PAM
2256 which takes only one argument to pam_strerror])
2258 PAM_MSG="yes (old library)"
2263 # Do we want to force the use of the rand helper?
2264 AC_ARG_WITH(rand-helper,
2265 [ --with-rand-helper Use subprocess to gather strong randomness ],
2267 if test "x$withval" = "xno" ; then
2268 # Force use of OpenSSL's internal RNG, even if
2269 # the previous test showed it to be unseeded.
2270 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2271 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2272 OPENSSL_SEEDS_ITSELF=yes
2281 # Which randomness source do we use?
2282 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2284 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2285 [Define if you want OpenSSL's internally seeded PRNG only])
2286 RAND_MSG="OpenSSL internal ONLY"
2287 INSTALL_SSH_RAND_HELPER=""
2288 elif test ! -z "$USE_RAND_HELPER" ; then
2289 # install rand helper
2290 RAND_MSG="ssh-rand-helper"
2291 INSTALL_SSH_RAND_HELPER="yes"
2293 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2295 ### Configuration of ssh-rand-helper
2298 AC_ARG_WITH(prngd-port,
2299 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2308 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2311 if test ! -z "$withval" ; then
2312 PRNGD_PORT="$withval"
2313 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2314 [Port number of PRNGD/EGD random number socket])
2319 # PRNGD Unix domain socket
2320 AC_ARG_WITH(prngd-socket,
2321 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2325 withval="/var/run/egd-pool"
2333 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2337 if test ! -z "$withval" ; then
2338 if test ! -z "$PRNGD_PORT" ; then
2339 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2341 if test ! -r "$withval" ; then
2342 AC_MSG_WARN(Entropy socket is not readable)
2344 PRNGD_SOCKET="$withval"
2345 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2346 [Location of PRNGD/EGD random number socket])
2350 # Check for existing socket only if we don't have a random device already
2351 if test "$USE_RAND_HELPER" = yes ; then
2352 AC_MSG_CHECKING(for PRNGD/EGD socket)
2353 # Insert other locations here
2354 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2355 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2356 PRNGD_SOCKET="$sock"
2357 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2361 if test ! -z "$PRNGD_SOCKET" ; then
2362 AC_MSG_RESULT($PRNGD_SOCKET)
2364 AC_MSG_RESULT(not found)
2370 # Change default command timeout for hashing entropy source
2372 AC_ARG_WITH(entropy-timeout,
2373 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2375 if test -n "$withval" && test "x$withval" != "xno" && \
2376 test "x${withval}" != "xyes"; then
2377 entropy_timeout=$withval
2381 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2382 [Builtin PRNG command timeout])
2384 SSH_PRIVSEP_USER=sshd
2385 AC_ARG_WITH(privsep-user,
2386 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2388 if test -n "$withval" && test "x$withval" != "xno" && \
2389 test "x${withval}" != "xyes"; then
2390 SSH_PRIVSEP_USER=$withval
2394 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2395 [non-privileged user for privilege separation])
2396 AC_SUBST(SSH_PRIVSEP_USER)
2398 # We do this little dance with the search path to insure
2399 # that programs that we select for use by installed programs
2400 # (which may be run by the super-user) come from trusted
2401 # locations before they come from the user's private area.
2402 # This should help avoid accidentally configuring some
2403 # random version of a program in someone's personal bin.
2407 test -h /bin 2> /dev/null && PATH=/usr/bin
2408 test -d /sbin && PATH=$PATH:/sbin
2409 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2410 PATH=$PATH:/etc:$OPATH
2412 # These programs are used by the command hashing source to gather entropy
2413 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2414 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2415 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2416 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2417 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2418 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2419 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2420 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2421 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2422 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2423 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2424 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2425 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2426 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2427 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2428 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2432 # Where does ssh-rand-helper get its randomness from?
2433 INSTALL_SSH_PRNG_CMDS=""
2434 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2435 if test ! -z "$PRNGD_PORT" ; then
2436 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2437 elif test ! -z "$PRNGD_SOCKET" ; then
2438 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2440 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2441 RAND_HELPER_CMDHASH=yes
2442 INSTALL_SSH_PRNG_CMDS="yes"
2445 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2448 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2449 if test ! -z "$SONY" ; then
2450 LIBS="$LIBS -liberty";
2453 # Check for long long datatypes
2454 AC_CHECK_TYPES([long long, unsigned long long, long double])
2456 # Check datatype sizes
2457 AC_CHECK_SIZEOF(char, 1)
2458 AC_CHECK_SIZEOF(short int, 2)
2459 AC_CHECK_SIZEOF(int, 4)
2460 AC_CHECK_SIZEOF(long int, 4)
2461 AC_CHECK_SIZEOF(long long int, 8)
2463 # Sanity check long long for some platforms (AIX)
2464 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2465 ac_cv_sizeof_long_long_int=0
2468 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2469 if test -z "$have_llong_max"; then
2470 AC_MSG_CHECKING([for max value of long long])
2474 /* Why is this so damn hard? */
2478 #define __USE_ISOC99
2480 #define DATA "conftest.llminmax"
2481 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2484 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2485 * we do this the hard way.
2488 fprint_ll(FILE *f, long long n)
2491 int l[sizeof(long long) * 8];
2494 if (fprintf(f, "-") < 0)
2496 for (i = 0; n != 0; i++) {
2497 l[i] = my_abs(n % 10);
2501 if (fprintf(f, "%d", l[--i]) < 0)
2504 if (fprintf(f, " ") < 0)
2511 long long i, llmin, llmax = 0;
2513 if((f = fopen(DATA,"w")) == NULL)
2516 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2517 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2521 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2522 /* This will work on one's complement and two's complement */
2523 for (i = 1; i > llmax; i <<= 1, i++)
2525 llmin = llmax + 1LL; /* wrap */
2529 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2530 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2531 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2532 fprintf(f, "unknown unknown\n");
2536 if (fprint_ll(f, llmin) < 0)
2538 if (fprint_ll(f, llmax) < 0)
2546 llong_min=`$AWK '{print $1}' conftest.llminmax`
2547 llong_max=`$AWK '{print $2}' conftest.llminmax`
2549 AC_MSG_RESULT($llong_max)
2550 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2551 [max value of long long calculated by configure])
2552 AC_MSG_CHECKING([for min value of long long])
2553 AC_MSG_RESULT($llong_min)
2554 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2555 [min value of long long calculated by configure])
2558 AC_MSG_RESULT(not found)
2561 AC_MSG_WARN([cross compiling: not checking])
2567 # More checks for data types
2568 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2570 [ #include <sys/types.h> ],
2572 [ ac_cv_have_u_int="yes" ],
2573 [ ac_cv_have_u_int="no" ]
2576 if test "x$ac_cv_have_u_int" = "xyes" ; then
2577 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2581 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2583 [ #include <sys/types.h> ],
2584 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2585 [ ac_cv_have_intxx_t="yes" ],
2586 [ ac_cv_have_intxx_t="no" ]
2589 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2590 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2594 if (test -z "$have_intxx_t" && \
2595 test "x$ac_cv_header_stdint_h" = "xyes")
2597 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2599 [ #include <stdint.h> ],
2600 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2602 AC_DEFINE(HAVE_INTXX_T)
2605 [ AC_MSG_RESULT(no) ]
2609 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2612 #include <sys/types.h>
2613 #ifdef HAVE_STDINT_H
2614 # include <stdint.h>
2616 #include <sys/socket.h>
2617 #ifdef HAVE_SYS_BITYPES_H
2618 # include <sys/bitypes.h>
2621 [ int64_t a; a = 1;],
2622 [ ac_cv_have_int64_t="yes" ],
2623 [ ac_cv_have_int64_t="no" ]
2626 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2627 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2630 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2632 [ #include <sys/types.h> ],
2633 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2634 [ ac_cv_have_u_intxx_t="yes" ],
2635 [ ac_cv_have_u_intxx_t="no" ]
2638 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2639 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2643 if test -z "$have_u_intxx_t" ; then
2644 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2646 [ #include <sys/socket.h> ],
2647 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2649 AC_DEFINE(HAVE_U_INTXX_T)
2652 [ AC_MSG_RESULT(no) ]
2656 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2658 [ #include <sys/types.h> ],
2659 [ u_int64_t a; a = 1;],
2660 [ ac_cv_have_u_int64_t="yes" ],
2661 [ ac_cv_have_u_int64_t="no" ]
2664 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2665 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2669 if test -z "$have_u_int64_t" ; then
2670 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2672 [ #include <sys/bitypes.h> ],
2673 [ u_int64_t a; a = 1],
2675 AC_DEFINE(HAVE_U_INT64_T)
2678 [ AC_MSG_RESULT(no) ]
2682 if test -z "$have_u_intxx_t" ; then
2683 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2686 #include <sys/types.h>
2688 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2689 [ ac_cv_have_uintxx_t="yes" ],
2690 [ ac_cv_have_uintxx_t="no" ]
2693 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2694 AC_DEFINE(HAVE_UINTXX_T, 1,
2695 [define if you have uintxx_t data type])
2699 if test -z "$have_uintxx_t" ; then
2700 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2702 [ #include <stdint.h> ],
2703 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2705 AC_DEFINE(HAVE_UINTXX_T)
2708 [ AC_MSG_RESULT(no) ]
2712 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2713 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2715 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2718 #include <sys/bitypes.h>
2721 int8_t a; int16_t b; int32_t c;
2722 u_int8_t e; u_int16_t f; u_int32_t g;
2723 a = b = c = e = f = g = 1;
2726 AC_DEFINE(HAVE_U_INTXX_T)
2727 AC_DEFINE(HAVE_INTXX_T)
2735 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2738 #include <sys/types.h>
2740 [ u_char foo; foo = 125; ],
2741 [ ac_cv_have_u_char="yes" ],
2742 [ ac_cv_have_u_char="no" ]
2745 if test "x$ac_cv_have_u_char" = "xyes" ; then
2746 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2751 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2753 AC_CHECK_TYPES(in_addr_t,,,
2754 [#include <sys/types.h>
2755 #include <netinet/in.h>])
2757 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2760 #include <sys/types.h>
2762 [ size_t foo; foo = 1235; ],
2763 [ ac_cv_have_size_t="yes" ],
2764 [ ac_cv_have_size_t="no" ]
2767 if test "x$ac_cv_have_size_t" = "xyes" ; then
2768 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2771 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2774 #include <sys/types.h>
2776 [ ssize_t foo; foo = 1235; ],
2777 [ ac_cv_have_ssize_t="yes" ],
2778 [ ac_cv_have_ssize_t="no" ]
2781 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2782 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2785 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2790 [ clock_t foo; foo = 1235; ],
2791 [ ac_cv_have_clock_t="yes" ],
2792 [ ac_cv_have_clock_t="no" ]
2795 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2796 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2799 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2802 #include <sys/types.h>
2803 #include <sys/socket.h>
2805 [ sa_family_t foo; foo = 1235; ],
2806 [ ac_cv_have_sa_family_t="yes" ],
2809 #include <sys/types.h>
2810 #include <sys/socket.h>
2811 #include <netinet/in.h>
2813 [ sa_family_t foo; foo = 1235; ],
2814 [ ac_cv_have_sa_family_t="yes" ],
2816 [ ac_cv_have_sa_family_t="no" ]
2820 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2821 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2822 [define if you have sa_family_t data type])
2825 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2828 #include <sys/types.h>
2830 [ pid_t foo; foo = 1235; ],
2831 [ ac_cv_have_pid_t="yes" ],
2832 [ ac_cv_have_pid_t="no" ]
2835 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2836 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2839 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2842 #include <sys/types.h>
2844 [ mode_t foo; foo = 1235; ],
2845 [ ac_cv_have_mode_t="yes" ],
2846 [ ac_cv_have_mode_t="no" ]
2849 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2850 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2854 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2857 #include <sys/types.h>
2858 #include <sys/socket.h>
2860 [ struct sockaddr_storage s; ],
2861 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2862 [ ac_cv_have_struct_sockaddr_storage="no" ]
2865 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2866 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2867 [define if you have struct sockaddr_storage data type])
2870 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2873 #include <sys/types.h>
2874 #include <netinet/in.h>
2876 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2877 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2878 [ ac_cv_have_struct_sockaddr_in6="no" ]
2881 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2882 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2883 [define if you have struct sockaddr_in6 data type])
2886 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2889 #include <sys/types.h>
2890 #include <netinet/in.h>
2892 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2893 [ ac_cv_have_struct_in6_addr="yes" ],
2894 [ ac_cv_have_struct_in6_addr="no" ]
2897 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2898 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2899 [define if you have struct in6_addr data type])
2902 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2905 #include <sys/types.h>
2906 #include <sys/socket.h>
2909 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2910 [ ac_cv_have_struct_addrinfo="yes" ],
2911 [ ac_cv_have_struct_addrinfo="no" ]
2914 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2915 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2916 [define if you have struct addrinfo data type])
2919 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2921 [ #include <sys/time.h> ],
2922 [ struct timeval tv; tv.tv_sec = 1;],
2923 [ ac_cv_have_struct_timeval="yes" ],
2924 [ ac_cv_have_struct_timeval="no" ]
2927 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2928 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2929 have_struct_timeval=1
2932 AC_CHECK_TYPES(struct timespec)
2934 # We need int64_t or else certian parts of the compile will fail.
2935 if test "x$ac_cv_have_int64_t" = "xno" && \
2936 test "x$ac_cv_sizeof_long_int" != "x8" && \
2937 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2938 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2939 echo "an alternative compiler (I.E., GCC) before continuing."
2943 dnl test snprintf (broken on SCO w/gcc)
2948 #ifdef HAVE_SNPRINTF
2952 char expected_out[50];
2954 #if (SIZEOF_LONG_INT == 8)
2955 long int num = 0x7fffffffffffffff;
2957 long long num = 0x7fffffffffffffffll;
2959 strcpy(expected_out, "9223372036854775807");
2960 snprintf(buf, mazsize, "%lld", num);
2961 if(strcmp(buf, expected_out) != 0)
2968 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2969 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2973 dnl Checks for structure members
2974 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2975 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2976 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2977 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2978 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2979 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2980 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2981 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2982 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2983 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2984 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2985 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2986 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2987 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2988 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2989 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2990 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2992 AC_CHECK_MEMBERS([struct stat.st_blksize])
2993 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2994 [Define if we don't have struct __res_state in resolv.h])],
2997 #if HAVE_SYS_TYPES_H
2998 # include <sys/types.h>
3000 #include <netinet/in.h>
3001 #include <arpa/nameser.h>
3005 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3006 ac_cv_have_ss_family_in_struct_ss, [
3009 #include <sys/types.h>
3010 #include <sys/socket.h>
3012 [ struct sockaddr_storage s; s.ss_family = 1; ],
3013 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3014 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3017 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3018 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3021 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3022 ac_cv_have___ss_family_in_struct_ss, [
3025 #include <sys/types.h>
3026 #include <sys/socket.h>
3028 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3029 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3030 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3033 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3034 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3035 [Fields in struct sockaddr_storage])
3038 AC_CACHE_CHECK([for pw_class field in struct passwd],
3039 ac_cv_have_pw_class_in_struct_passwd, [
3044 [ struct passwd p; p.pw_class = 0; ],
3045 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3046 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3049 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3050 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3051 [Define if your password has a pw_class field])
3054 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3055 ac_cv_have_pw_expire_in_struct_passwd, [
3060 [ struct passwd p; p.pw_expire = 0; ],
3061 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3062 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3065 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3066 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3067 [Define if your password has a pw_expire field])
3070 AC_CACHE_CHECK([for pw_change field in struct passwd],
3071 ac_cv_have_pw_change_in_struct_passwd, [
3076 [ struct passwd p; p.pw_change = 0; ],
3077 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3078 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3081 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3082 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3083 [Define if your password has a pw_change field])
3086 dnl make sure we're using the real structure members and not defines
3087 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3088 ac_cv_have_accrights_in_msghdr, [
3091 #include <sys/types.h>
3092 #include <sys/socket.h>
3093 #include <sys/uio.h>
3095 #ifdef msg_accrights
3096 #error "msg_accrights is a macro"
3100 m.msg_accrights = 0;
3104 [ ac_cv_have_accrights_in_msghdr="yes" ],
3105 [ ac_cv_have_accrights_in_msghdr="no" ]
3108 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3109 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3110 [Define if your system uses access rights style
3111 file descriptor passing])
3114 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3115 ac_cv_have_control_in_msghdr, [
3118 #include <sys/types.h>
3119 #include <sys/socket.h>
3120 #include <sys/uio.h>
3123 #error "msg_control is a macro"
3131 [ ac_cv_have_control_in_msghdr="yes" ],
3132 [ ac_cv_have_control_in_msghdr="no" ]
3135 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3136 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3137 [Define if your system uses ancillary data style
3138 file descriptor passing])
3141 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3143 [ extern char *__progname; printf("%s", __progname); ],
3144 [ ac_cv_libc_defines___progname="yes" ],
3145 [ ac_cv_libc_defines___progname="no" ]
3148 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3149 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3152 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3156 [ printf("%s", __FUNCTION__); ],
3157 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3158 [ ac_cv_cc_implements___FUNCTION__="no" ]
3161 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3162 AC_DEFINE(HAVE___FUNCTION__, 1,
3163 [Define if compiler implements __FUNCTION__])
3166 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3170 [ printf("%s", __func__); ],
3171 [ ac_cv_cc_implements___func__="yes" ],
3172 [ ac_cv_cc_implements___func__="no" ]
3175 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3176 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3179 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3181 [#include <stdarg.h>
3184 [ ac_cv_have_va_copy="yes" ],
3185 [ ac_cv_have_va_copy="no" ]
3188 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3189 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3192 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3194 [#include <stdarg.h>
3197 [ ac_cv_have___va_copy="yes" ],
3198 [ ac_cv_have___va_copy="no" ]
3201 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3202 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3205 AC_CACHE_CHECK([whether getopt has optreset support],
3206 ac_cv_have_getopt_optreset, [
3211 [ extern int optreset; optreset = 0; ],
3212 [ ac_cv_have_getopt_optreset="yes" ],
3213 [ ac_cv_have_getopt_optreset="no" ]
3216 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3217 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3218 [Define if your getopt(3) defines and uses optreset])
3221 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3223 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3224 [ ac_cv_libc_defines_sys_errlist="yes" ],
3225 [ ac_cv_libc_defines_sys_errlist="no" ]
3228 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3229 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3230 [Define if your system defines sys_errlist[]])
3234 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3236 [ extern int sys_nerr; printf("%i", sys_nerr);],
3237 [ ac_cv_libc_defines_sys_nerr="yes" ],
3238 [ ac_cv_libc_defines_sys_nerr="no" ]
3241 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3242 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3246 # Check whether user wants sectok support
3248 [ --with-sectok Enable smartcard support using libsectok],
3250 if test "x$withval" != "xno" ; then
3251 if test "x$withval" != "xyes" ; then
3252 CPPFLAGS="$CPPFLAGS -I${withval}"
3253 LDFLAGS="$LDFLAGS -L${withval}"
3254 if test ! -z "$need_dash_r" ; then
3255 LDFLAGS="$LDFLAGS -R${withval}"
3257 if test ! -z "$blibpath" ; then
3258 blibpath="$blibpath:${withval}"
3261 AC_CHECK_HEADERS(sectok.h)
3262 if test "$ac_cv_header_sectok_h" != yes; then
3263 AC_MSG_ERROR(Can't find sectok.h)
3265 AC_CHECK_LIB(sectok, sectok_open)
3266 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3267 AC_MSG_ERROR(Can't find libsectok)
3269 AC_DEFINE(SMARTCARD, 1,
3270 [Define if you want smartcard support])
3271 AC_DEFINE(USE_SECTOK, 1,
3272 [Define if you want smartcard support
3274 SCARD_MSG="yes, using sectok"
3279 # Check whether user wants OpenSC support
3282 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3284 if test "x$withval" != "xno" ; then
3285 if test "x$withval" != "xyes" ; then
3286 OPENSC_CONFIG=$withval/bin/opensc-config
3288 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3290 if test "$OPENSC_CONFIG" != "no"; then
3291 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3292 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3293 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3294 LIBS="$LIBS $LIBOPENSC_LIBS"
3295 AC_DEFINE(SMARTCARD)
3296 AC_DEFINE(USE_OPENSC, 1,
3297 [Define if you want smartcard support
3299 SCARD_MSG="yes, using OpenSC"
3305 # Check libraries needed by DNS fingerprint support
3306 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3307 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3308 [Define if getrrsetbyname() exists])],
3310 # Needed by our getrrsetbyname()
3311 AC_SEARCH_LIBS(res_query, resolv)
3312 AC_SEARCH_LIBS(dn_expand, resolv)
3313 AC_MSG_CHECKING(if res_query will link)
3314 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3317 LIBS="$LIBS -lresolv"
3318 AC_MSG_CHECKING(for res_query in -lresolv)
3323 res_query (0, 0, 0, 0, 0);
3327 [LIBS="$LIBS -lresolv"
3328 AC_MSG_RESULT(yes)],
3332 AC_CHECK_FUNCS(_getshort _getlong)
3333 AC_CHECK_DECLS([_getshort, _getlong], , ,
3334 [#include <sys/types.h>
3335 #include <arpa/nameser.h>])
3336 AC_CHECK_MEMBER(HEADER.ad,
3337 [AC_DEFINE(HAVE_HEADER_AD, 1,
3338 [Define if HEADER.ad exists in arpa/nameser.h])],,
3339 [#include <arpa/nameser.h>])
3342 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3345 #if HAVE_SYS_TYPES_H
3346 # include <sys/types.h>
3348 #include <netinet/in.h>
3349 #include <arpa/nameser.h>
3351 extern struct __res_state _res;
3352 int main() { return 0; }
3355 AC_DEFINE(HAVE__RES_EXTERN, 1,
3356 [Define if you have struct __res_state _res as an extern])
3358 [ AC_MSG_RESULT(no) ]
3361 # Check whether user wants SELinux support
3364 AC_ARG_WITH(selinux,
3365 [ --with-selinux Enable SELinux support],
3366 [ if test "x$withval" != "xno" ; then
3368 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3370 AC_CHECK_HEADER([selinux/selinux.h], ,
3371 AC_MSG_ERROR(SELinux support requires selinux.h header))
3372 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3373 AC_MSG_ERROR(SELinux support requires libselinux library))
3374 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3375 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3380 # Check whether user wants Kerberos 5 support
3382 AC_ARG_WITH(kerberos5,
3383 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3384 [ if test "x$withval" != "xno" ; then
3385 if test "x$withval" = "xyes" ; then
3386 KRB5ROOT="/usr/local"
3391 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3394 AC_MSG_CHECKING(for krb5-config)
3395 if test -x $KRB5ROOT/bin/krb5-config ; then
3396 KRB5CONF=$KRB5ROOT/bin/krb5-config
3397 AC_MSG_RESULT($KRB5CONF)
3399 AC_MSG_CHECKING(for gssapi support)
3400 if $KRB5CONF | grep gssapi >/dev/null ; then
3402 AC_DEFINE(GSSAPI, 1,
3403 [Define this if you want GSSAPI
3404 support in the version 2 protocol])
3410 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3411 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3412 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3413 AC_MSG_CHECKING(whether we are using Heimdal)
3414 AC_TRY_COMPILE([ #include <krb5.h> ],
3415 [ char *tmp = heimdal_version; ],
3416 [ AC_MSG_RESULT(yes)
3417 AC_DEFINE(HEIMDAL, 1,
3418 [Define this if you are using the
3419 Heimdal version of Kerberos V5]) ],
3424 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3425 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3426 AC_MSG_CHECKING(whether we are using Heimdal)
3427 AC_TRY_COMPILE([ #include <krb5.h> ],
3428 [ char *tmp = heimdal_version; ],
3429 [ AC_MSG_RESULT(yes)
3431 K5LIBS="-lkrb5 -ldes"
3432 K5LIBS="$K5LIBS -lcom_err -lasn1"
3433 AC_CHECK_LIB(roken, net_write,
3434 [K5LIBS="$K5LIBS -lroken"])
3437 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3440 AC_SEARCH_LIBS(dn_expand, resolv)
3442 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3444 K5LIBS="-lgssapi $K5LIBS" ],
3445 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3447 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3448 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3453 AC_CHECK_HEADER(gssapi.h, ,
3454 [ unset ac_cv_header_gssapi_h
3455 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3456 AC_CHECK_HEADERS(gssapi.h, ,
3457 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3463 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3464 AC_CHECK_HEADER(gssapi_krb5.h, ,
3465 [ CPPFLAGS="$oldCPP" ])
3467 # If we're using some other GSSAPI
3468 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3469 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3472 if test -z "$GSSAPI"; then
3477 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3478 AC_CHECK_HEADER(gssapi_krb5.h, ,
3479 [ CPPFLAGS="$oldCPP" ])
3482 if test ! -z "$need_dash_r" ; then
3483 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3485 if test ! -z "$blibpath" ; then
3486 blibpath="$blibpath:${KRB5ROOT}/lib"
3489 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3490 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3491 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3493 LIBS="$LIBS $K5LIBS"
3494 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3495 [Define this if you want to use libkafs' AFS support]))
3500 # Check whether user wants AFS_KRB5 support
3502 AC_ARG_WITH(afs-krb5,
3503 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3505 if test "x$withval" != "xno" ; then
3507 if test "x$withval" != "xyes" ; then
3508 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3509 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3511 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3513 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3516 if test -z "$KRB5ROOT" ; then
3517 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3520 LIBS="-lkrbafs -lkrb4 $LIBS"
3521 if test ! -z "$AFS_LIBS" ; then
3522 LIBS="$LIBS $AFS_LIBS"
3524 AC_DEFINE(AFS_KRB5, 1,
3525 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3531 AC_ARG_WITH(session-hooks,
3532 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3533 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3536 # Looking for programs, paths and files
3538 PRIVSEP_PATH=/var/empty
3539 AC_ARG_WITH(privsep-path,
3540 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3542 if test -n "$withval" && test "x$withval" != "xno" && \
3543 test "x${withval}" != "xyes"; then
3544 PRIVSEP_PATH=$withval
3548 AC_SUBST(PRIVSEP_PATH)
3551 [ --with-xauth=PATH Specify path to xauth program ],
3553 if test -n "$withval" && test "x$withval" != "xno" && \
3554 test "x${withval}" != "xyes"; then
3560 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3561 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3562 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3563 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3564 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3565 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3566 xauth_path="/usr/openwin/bin/xauth"
3572 AC_ARG_ENABLE(strip,
3573 [ --disable-strip Disable calling strip(1) on install],
3575 if test "x$enableval" = "xno" ; then
3582 if test -z "$xauth_path" ; then
3583 XAUTH_PATH="undefined"
3584 AC_SUBST(XAUTH_PATH)
3586 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3587 [Define if xauth is found in your path])
3588 XAUTH_PATH=$xauth_path
3589 AC_SUBST(XAUTH_PATH)
3592 AC_CHECK_DECL(_PATH_BSHELL, ,
3593 AC_DEFINE_UNQUOTED(_PATH_BSHELL, "/bin/sh",
3594 [Define to your C shell if not defined in paths.h]),
3595 [ #include <paths.h> ]
3598 AC_CHECK_DECL(_PATH_CSHELL, ,
3599 AC_DEFINE_UNQUOTED(_PATH_CSHELL, "/bin/csh",
3600 [Define to your Bourne shell if not defined in paths.h]),
3601 [ #include <paths.h> ]
3604 AC_CHECK_DECL(_PATH_SHELLS, ,
3605 AC_DEFINE_UNQUOTED(_PATH_SHELLS, "/etc/shells",
3606 [Define to your shells file if not defined in paths.h]),
3607 [ #include <paths.h> ]
3610 # if _PATH_MAILDIR is in paths.h then we won't go hunting for it.
3611 AC_CHECK_DECL(_PATH_MAILDIR,
3612 AC_DEFINE(PATH_MAILDIR_IN_PATHS_H, 1,
3613 [Define if _PATH_MAILDIR is in paths.h]),
3615 [ #include <paths.h> ]
3618 # Check for mail directory (last resort if we cannot get it from headers)
3619 if test ! -z "$MAIL" ; then
3620 maildir=`dirname $MAIL`
3621 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3622 [Set this to your mail directory if you don't have maillock.h])
3625 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3626 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3627 disable_ptmx_check=yes
3629 if test -z "$no_dev_ptmx" ; then
3630 if test "x$disable_ptmx_check" != "xyes" ; then
3631 AC_CHECK_FILE("/dev/ptmx",
3633 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3634 [Define if you have /dev/ptmx])
3641 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3642 AC_CHECK_FILE("/dev/ptc",
3644 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3645 [Define if you have /dev/ptc])
3650 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3653 # Options from here on. Some of these are preset by platform above
3654 AC_ARG_WITH(mantype,
3655 [ --with-mantype=man|cat|doc Set man page type],
3662 AC_MSG_ERROR(invalid man type: $withval)
3667 if test -z "$MANTYPE"; then
3668 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3669 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3670 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3672 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3679 if test "$MANTYPE" = "doc"; then
3686 # Check whether to enable MD5 passwords
3688 AC_ARG_WITH(md5-passwords,
3689 [ --with-md5-passwords Enable use of MD5 passwords],
3691 if test "x$withval" != "xno" ; then
3692 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3693 [Define if you want to allow MD5 passwords])
3699 # Whether to disable shadow password support
3701 [ --without-shadow Disable shadow password support],
3703 if test "x$withval" = "xno" ; then
3704 AC_DEFINE(DISABLE_SHADOW)
3710 if test -z "$disable_shadow" ; then
3711 AC_MSG_CHECKING([if the systems has expire shadow information])
3714 #include <sys/types.h>
3717 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3718 [ sp_expire_available=yes ], []
3721 if test "x$sp_expire_available" = "xyes" ; then
3723 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3724 [Define if you want to use shadow password expire field])
3730 # Use ip address instead of hostname in $DISPLAY
3731 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3732 DISPLAY_HACK_MSG="yes"
3733 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3734 [Define if you need to use IP address
3735 instead of hostname in $DISPLAY])
3737 DISPLAY_HACK_MSG="no"
3738 AC_ARG_WITH(ipaddr-display,
3739 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3741 if test "x$withval" != "xno" ; then
3742 AC_DEFINE(IPADDR_IN_DISPLAY)
3743 DISPLAY_HACK_MSG="yes"
3749 # check for /etc/default/login and use it if present.
3750 AC_ARG_ENABLE(etc-default-login,
3751 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3752 [ if test "x$enableval" = "xno"; then
3753 AC_MSG_NOTICE([/etc/default/login handling disabled])
3754 etc_default_login=no
3756 etc_default_login=yes
3758 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3760 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3761 etc_default_login=no
3763 etc_default_login=yes
3767 if test "x$etc_default_login" != "xno"; then
3768 AC_CHECK_FILE("/etc/default/login",
3769 [ external_path_file=/etc/default/login ])
3770 if test "x$external_path_file" = "x/etc/default/login"; then
3771 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3772 [Define if your system has /etc/default/login])
3776 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3777 if test $ac_cv_func_login_getcapbool = "yes" && \
3778 test $ac_cv_header_login_cap_h = "yes" ; then
3779 external_path_file=/etc/login.conf
3782 # Whether to mess with the default path
3783 SERVER_PATH_MSG="(default)"
3784 AC_ARG_WITH(default-path,
3785 [ --with-default-path= Specify default \$PATH environment for server],
3787 if test "x$external_path_file" = "x/etc/login.conf" ; then
3789 --with-default-path=PATH has no effect on this system.
3790 Edit /etc/login.conf instead.])
3791 elif test "x$withval" != "xno" ; then
3792 if test ! -z "$external_path_file" ; then
3794 --with-default-path=PATH will only be used if PATH is not defined in
3795 $external_path_file .])
3797 user_path="$withval"
3798 SERVER_PATH_MSG="$withval"
3801 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3802 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3804 if test ! -z "$external_path_file" ; then
3806 If PATH is defined in $external_path_file, ensure the path to scp is included,
3807 otherwise scp will not work.])
3811 /* find out what STDPATH is */
3816 #ifndef _PATH_STDPATH
3817 # ifdef _PATH_USERPATH /* Irix */
3818 # define _PATH_STDPATH _PATH_USERPATH
3820 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3823 #include <sys/types.h>
3824 #include <sys/stat.h>
3826 #define DATA "conftest.stdpath"
3833 fd = fopen(DATA,"w");
3837 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3843 [ user_path=`cat conftest.stdpath` ],
3844 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3845 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3847 # make sure $bindir is in USER_PATH so scp will work
3848 t_bindir=`eval echo ${bindir}`
3850 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3853 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3855 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3856 if test $? -ne 0 ; then
3857 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3858 if test $? -ne 0 ; then
3859 user_path=$user_path:$t_bindir
3860 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3865 if test "x$external_path_file" != "x/etc/login.conf" ; then
3866 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3870 # Set superuser path separately to user path
3871 AC_ARG_WITH(superuser-path,
3872 [ --with-superuser-path= Specify different path for super-user],
3874 if test -n "$withval" && test "x$withval" != "xno" && \
3875 test "x${withval}" != "xyes"; then
3876 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3877 [Define if you want a different $PATH
3879 superuser_path=$withval
3885 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3886 IPV4_IN6_HACK_MSG="no"
3888 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3890 if test "x$withval" != "xno" ; then
3892 AC_DEFINE(IPV4_IN_IPV6, 1,
3893 [Detect IPv4 in IPv6 mapped addresses
3895 IPV4_IN6_HACK_MSG="yes"
3900 if test "x$inet6_default_4in6" = "xyes"; then
3901 AC_MSG_RESULT([yes (default)])
3902 AC_DEFINE(IPV4_IN_IPV6)
3903 IPV4_IN6_HACK_MSG="yes"
3905 AC_MSG_RESULT([no (default)])
3910 # Whether to enable BSD auth support
3912 AC_ARG_WITH(bsd-auth,
3913 [ --with-bsd-auth Enable BSD auth support],
3915 if test "x$withval" != "xno" ; then
3916 AC_DEFINE(BSD_AUTH, 1,
3917 [Define if you have BSD auth support])
3923 # Where to place sshd.pid
3925 # make sure the directory exists
3926 if test ! -d $piddir ; then
3927 piddir=`eval echo ${sysconfdir}`
3929 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3933 AC_ARG_WITH(pid-dir,
3934 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3936 if test -n "$withval" && test "x$withval" != "xno" && \
3937 test "x${withval}" != "xyes"; then
3939 if test ! -d $piddir ; then
3940 AC_MSG_WARN([** no $piddir directory on this system **])
3946 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3949 dnl allow user to disable some login recording features
3950 AC_ARG_ENABLE(lastlog,
3951 [ --disable-lastlog disable use of lastlog even if detected [no]],
3953 if test "x$enableval" = "xno" ; then
3954 AC_DEFINE(DISABLE_LASTLOG)
3959 [ --disable-utmp disable use of utmp even if detected [no]],
3961 if test "x$enableval" = "xno" ; then
3962 AC_DEFINE(DISABLE_UTMP)
3966 AC_ARG_ENABLE(utmpx,
3967 [ --disable-utmpx disable use of utmpx even if detected [no]],
3969 if test "x$enableval" = "xno" ; then
3970 AC_DEFINE(DISABLE_UTMPX, 1,
3971 [Define if you don't want to use utmpx])
3976 [ --disable-wtmp disable use of wtmp even if detected [no]],
3978 if test "x$enableval" = "xno" ; then
3979 AC_DEFINE(DISABLE_WTMP)
3983 AC_ARG_ENABLE(wtmpx,
3984 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3986 if test "x$enableval" = "xno" ; then
3987 AC_DEFINE(DISABLE_WTMPX, 1,
3988 [Define if you don't want to use wtmpx])
3992 AC_ARG_ENABLE(libutil,
3993 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3995 if test "x$enableval" = "xno" ; then
3996 AC_DEFINE(DISABLE_LOGIN)
4000 AC_ARG_ENABLE(pututline,
4001 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4003 if test "x$enableval" = "xno" ; then
4004 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4005 [Define if you don't want to use pututline()
4006 etc. to write [uw]tmp])
4010 AC_ARG_ENABLE(pututxline,
4011 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4013 if test "x$enableval" = "xno" ; then
4014 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4015 [Define if you don't want to use pututxline()
4016 etc. to write [uw]tmpx])
4020 AC_ARG_WITH(lastlog,
4021 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4023 if test "x$withval" = "xno" ; then
4024 AC_DEFINE(DISABLE_LASTLOG)
4025 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4026 conf_lastlog_location=$withval
4031 dnl lastlog, [uw]tmpx? detection
4032 dnl NOTE: set the paths in the platform section to avoid the
4033 dnl need for command-line parameters
4034 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4036 dnl lastlog detection
4037 dnl NOTE: the code itself will detect if lastlog is a directory
4038 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4040 #include <sys/types.h>
4042 #ifdef HAVE_LASTLOG_H
4043 # include <lastlog.h>
4052 [ char *lastlog = LASTLOG_FILE; ],
4053 [ AC_MSG_RESULT(yes) ],
4056 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4058 #include <sys/types.h>
4060 #ifdef HAVE_LASTLOG_H
4061 # include <lastlog.h>
4067 [ char *lastlog = _PATH_LASTLOG; ],
4068 [ AC_MSG_RESULT(yes) ],
4071 system_lastlog_path=no
4076 if test -z "$conf_lastlog_location"; then
4077 if test x"$system_lastlog_path" = x"no" ; then
4078 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4079 if (test -d "$f" || test -f "$f") ; then
4080 conf_lastlog_location=$f
4083 if test -z "$conf_lastlog_location"; then
4084 AC_MSG_WARN([** Cannot find lastlog **])
4085 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4090 if test -n "$conf_lastlog_location"; then
4091 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4092 [Define if you want to specify the path to your lastlog file])
4096 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4098 #include <sys/types.h>
4104 [ char *utmp = UTMP_FILE; ],
4105 [ AC_MSG_RESULT(yes) ],
4107 system_utmp_path=no ]
4109 if test -z "$conf_utmp_location"; then
4110 if test x"$system_utmp_path" = x"no" ; then
4111 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4112 if test -f $f ; then
4113 conf_utmp_location=$f
4116 if test -z "$conf_utmp_location"; then
4117 AC_DEFINE(DISABLE_UTMP)
4121 if test -n "$conf_utmp_location"; then
4122 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4123 [Define if you want to specify the path to your utmp file])
4127 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4129 #include <sys/types.h>
4135 [ char *wtmp = WTMP_FILE; ],
4136 [ AC_MSG_RESULT(yes) ],
4138 system_wtmp_path=no ]
4140 if test -z "$conf_wtmp_location"; then
4141 if test x"$system_wtmp_path" = x"no" ; then
4142 for f in /usr/adm/wtmp /var/log/wtmp; do
4143 if test -f $f ; then
4144 conf_wtmp_location=$f
4147 if test -z "$conf_wtmp_location"; then
4148 AC_DEFINE(DISABLE_WTMP)
4152 if test -n "$conf_wtmp_location"; then
4153 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4154 [Define if you want to specify the path to your wtmp file])
4158 dnl utmpx detection - I don't know any system so perverse as to require
4159 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4161 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4163 #include <sys/types.h>
4172 [ char *utmpx = UTMPX_FILE; ],
4173 [ AC_MSG_RESULT(yes) ],
4175 system_utmpx_path=no ]
4177 if test -z "$conf_utmpx_location"; then
4178 if test x"$system_utmpx_path" = x"no" ; then
4179 AC_DEFINE(DISABLE_UTMPX)
4182 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4183 [Define if you want to specify the path to your utmpx file])
4187 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4189 #include <sys/types.h>
4198 [ char *wtmpx = WTMPX_FILE; ],
4199 [ AC_MSG_RESULT(yes) ],
4201 system_wtmpx_path=no ]
4203 if test -z "$conf_wtmpx_location"; then
4204 if test x"$system_wtmpx_path" = x"no" ; then
4205 AC_DEFINE(DISABLE_WTMPX)
4208 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4209 [Define if you want to specify the path to your wtmpx file])
4213 if test ! -z "$blibpath" ; then
4214 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4215 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4218 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4220 CFLAGS="$CFLAGS $werror_flags"
4223 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4224 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4225 scard/Makefile ssh_prng_cmds survey.sh])
4228 # Print summary of options
4230 # Someone please show me a better way :)
4231 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4232 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4233 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4234 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4235 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4236 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4237 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4238 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4239 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4240 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4243 echo "OpenSSH has been configured with the following options:"
4244 echo " User binaries: $B"
4245 echo " System binaries: $C"
4246 echo " Configuration files: $D"
4247 echo " Askpass program: $E"
4248 echo " Manual pages: $F"
4249 echo " PID file: $G"
4250 echo " Privilege separation chroot path: $H"
4251 if test "x$external_path_file" = "x/etc/login.conf" ; then
4252 echo " At runtime, sshd will use the path defined in $external_path_file"
4253 echo " Make sure the path to scp is present, otherwise scp will not work"
4255 echo " sshd default user PATH: $I"
4256 if test ! -z "$external_path_file"; then
4257 echo " (If PATH is set in $external_path_file it will be used instead. If"
4258 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4261 if test ! -z "$superuser_path" ; then
4262 echo " sshd superuser user PATH: $J"
4264 echo " Manpage format: $MANTYPE"
4265 echo " PAM support: $PAM_MSG"
4266 echo " OSF SIA support: $SIA_MSG"
4267 echo " KerberosV support: $KRB5_MSG"
4268 echo " SELinux support: $SELINUX_MSG"
4269 echo " Smartcard support: $SCARD_MSG"
4270 echo " S/KEY support: $SKEY_MSG"
4271 echo " TCP Wrappers support: $TCPW_MSG"
4272 echo " MD5 password support: $MD5_MSG"
4273 echo " libedit support: $LIBEDIT_MSG"
4274 echo " Solaris process contract support: $SPC_MSG"
4275 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4276 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4277 echo " BSD Auth support: $BSD_AUTH_MSG"
4278 echo " Random number source: $RAND_MSG"
4279 if test ! -z "$USE_RAND_HELPER" ; then
4280 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4285 echo " Host: ${host}"
4286 echo " Compiler: ${CC}"
4287 echo " Compiler flags: ${CFLAGS}"
4288 echo "Preprocessor flags: ${CPPFLAGS}"
4289 echo " Linker flags: ${LDFLAGS}"
4290 echo " Libraries: ${LIBS}"
4291 if test ! -z "${SSHDLIBS}"; then
4292 echo " +for sshd: ${SSHDLIBS}"
4297 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4298 echo "SVR4 style packages are supported with \"make package\""
4302 if test "x$PAM_MSG" = "xyes" ; then
4303 echo "PAM is enabled. You may need to install a PAM control file "
4304 echo "for sshd, otherwise password authentication may fail. "
4305 echo "Example PAM control files can be found in the contrib/ "
4310 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4311 echo "WARNING: you are using the builtin random number collection "
4312 echo "service. Please read WARNING.RNG and request that your OS "
4313 echo "vendor includes kernel-based random number collection in "
4314 echo "future versions of your OS."
4318 if test ! -z "$NO_PEERCHECK" ; then
4319 echo "WARNING: the operating system that you are using does not"
4320 echo "appear to support getpeereid(), getpeerucred() or the"
4321 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4322 echo "enforce security checks to prevent unauthorised connections to"
4323 echo "ssh-agent. Their absence increases the risk that a malicious"
4324 echo "user can connect to your agent."
4328 if test "$AUDIT_MODULE" = "bsm" ; then
4329 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4330 echo "See the Solaris section in README.platform for details."