3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Allow user to specify flags
132 [ --with-cflags Specify additional flags to pass to compiler],
134 if test -n "$withval" && test "x$withval" != "xno" && \
135 test "x${withval}" != "xyes"; then
136 CFLAGS="$CFLAGS $withval"
140 AC_ARG_WITH(cppflags,
141 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
143 if test -n "$withval" && test "x$withval" != "xno" && \
144 test "x${withval}" != "xyes"; then
145 CPPFLAGS="$CPPFLAGS $withval"
150 [ --with-ldflags Specify additional flags to pass to linker],
152 if test -n "$withval" && test "x$withval" != "xno" && \
153 test "x${withval}" != "xyes"; then
154 LDFLAGS="$LDFLAGS $withval"
159 [ --with-libs Specify additional libraries to link with],
161 if test -n "$withval" && test "x$withval" != "xno" && \
162 test "x${withval}" != "xyes"; then
163 LIBS="$LIBS $withval"
168 [ --with-Werror Build main code with -Werror],
170 if test -n "$withval" && test "x$withval" != "xno"; then
171 werror_flags="-Werror"
172 if test "x${withval}" != "xyes"; then
173 werror_flags="$withval"
204 security/pam_appl.h \
241 # lastlog.h requires sys/time.h to be included first on Solaris
242 AC_CHECK_HEADERS(lastlog.h, [], [], [
243 #ifdef HAVE_SYS_TIME_H
244 # include <sys/time.h>
248 # sys/ptms.h requires sys/stream.h to be included first on Solaris
249 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
250 #ifdef HAVE_SYS_STREAM_H
251 # include <sys/stream.h>
255 # login_cap.h requires sys/types.h on NetBSD
256 AC_CHECK_HEADERS(login_cap.h, [], [], [
257 #include <sys/types.h>
260 # Messages for features tested for in target-specific section
264 # Check for some target-specific stuff
267 # Some versions of VAC won't allow macro redefinitions at
268 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
269 # particularly with older versions of vac or xlc.
270 # It also throws errors about null macro argments, but these are
272 AC_MSG_CHECKING(if compiler allows macro redefinitions)
275 #define testmacro foo
276 #define testmacro bar
277 int main(void) { exit(0); }
279 [ AC_MSG_RESULT(yes) ],
281 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
282 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
283 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
284 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
288 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
289 if (test -z "$blibpath"); then
290 blibpath="/usr/lib:/lib"
292 saved_LDFLAGS="$LDFLAGS"
293 if test "$GCC" = "yes"; then
294 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
296 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
298 for tryflags in $flags ;do
299 if (test -z "$blibflags"); then
300 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
301 AC_TRY_LINK([], [], [blibflags=$tryflags])
304 if (test -z "$blibflags"); then
305 AC_MSG_RESULT(not found)
306 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
308 AC_MSG_RESULT($blibflags)
310 LDFLAGS="$saved_LDFLAGS"
311 dnl Check for authenticate. Might be in libs.a on older AIXes
312 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
313 [Define if you want to enable AIX4's authenticate function])],
314 [AC_CHECK_LIB(s,authenticate,
315 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
319 dnl Check for various auth function declarations in headers.
320 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
321 passwdexpired, setauthdb], , , [#include <usersec.h>])
322 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
323 AC_CHECK_DECLS(loginfailed,
324 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
326 [#include <usersec.h>],
327 [(void)loginfailed("user","host","tty",0);],
329 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
330 [Define if your AIX loginfailed() function
331 takes 4 arguments (AIX >= 5.2)])],
335 [#include <usersec.h>]
337 AC_CHECK_FUNCS(setauthdb)
338 AC_CHECK_DECL(F_CLOSEM,
339 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
341 [ #include <limits.h>
344 check_for_aix_broken_getaddrinfo=1
345 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
346 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
347 [Define if your platform breaks doing a seteuid before a setuid])
348 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
349 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
350 dnl AIX handles lastlog as part of its login message
351 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
352 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
353 [Some systems need a utmpx entry for /bin/login to work])
354 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
355 [Define to a Set Process Title type if your system is
356 supported by bsd-setproctitle.c])
357 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
358 [AIX 5.2 and 5.3 (and presumably newer) require this])
359 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
362 check_for_libcrypt_later=1
363 LIBS="$LIBS /usr/lib/textreadmode.o"
364 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
365 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
366 AC_DEFINE(DISABLE_SHADOW, 1,
367 [Define if you want to disable shadow passwords])
368 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
369 [Define if your system choked on IP TOS setting])
370 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
371 [Define if X11 doesn't support AF_UNIX sockets on that system])
372 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
373 [Define if the concept of ports only accessible to
374 superusers isn't known])
375 AC_DEFINE(DISABLE_FD_PASSING, 1,
376 [Define if your platform needs to skip post auth
377 file descriptor passing])
380 AC_DEFINE(IP_TOS_IS_BROKEN)
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
386 AC_MSG_CHECKING(if we have working getaddrinfo)
387 AC_TRY_RUN([#include <mach-o/dyld.h>
388 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
392 }], [AC_MSG_RESULT(working)],
393 [AC_MSG_RESULT(buggy)
394 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
395 [AC_MSG_RESULT(assume it is working)])
396 AC_DEFINE(SETEUID_BREAKS_SETUID)
397 AC_DEFINE(BROKEN_SETREUID)
398 AC_DEFINE(BROKEN_SETREGID)
399 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
400 [Define if your resolver libs need this for getrrsetbyname])
401 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
402 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
403 [Use tunnel device compatibility to OpenBSD])
404 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
405 [Prepend the address family to IP tunnel traffic])
406 AC_MSG_CHECKING(if we have the Security Authorization Session API)
407 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
408 [SessionCreate(0, 0);],
409 [ac_cv_use_security_session_api="yes"
410 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
411 [platform has the Security Authorization Session API])
412 LIBS="$LIBS -framework Security"
414 [ac_cv_use_security_session_api="no"
416 AC_MSG_CHECKING(if we have an in-memory credentials cache)
418 [#include <Kerberos/Kerberos.h>],
420 (void) cc_initialize (&c, 0, NULL, NULL);],
421 [AC_DEFINE(USE_CCAPI, 1,
422 [platform uses an in-memory credentials cache])
423 LIBS="$LIBS -framework Security"
425 if test "x$ac_cv_use_security_session_api" = "xno"; then
426 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
432 SSHDLIBS="$SSHDLIBS -lcrypt"
435 # first we define all of the options common to all HP-UX releases
436 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
437 IPADDR_IN_DISPLAY=yes
439 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
440 [Define if your login program cannot handle end of options ("--")])
441 AC_DEFINE(LOGIN_NEEDS_UTMPX)
442 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
443 [String used in /etc/passwd to denote locked account])
444 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
445 MAIL="/var/mail/username"
447 AC_CHECK_LIB(xnet, t_error, ,
448 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
450 # next, we define all of the options specific to major releases
453 if test -z "$GCC"; then
458 AC_DEFINE(PAM_SUN_CODEBASE, 1,
459 [Define if you are using Solaris-derived PAM which
460 passes pam_messages to the conversation function
461 with an extra level of indirection])
462 AC_DEFINE(DISABLE_UTMP, 1,
463 [Define if you don't want to use utmp])
464 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
465 check_for_hpux_broken_getaddrinfo=1
466 check_for_conflicting_getspnam=1
470 # lastly, we define options specific to minor releases
473 AC_DEFINE(HAVE_SECUREWARE, 1,
474 [Define if you have SecureWare-based
475 protected password database])
476 disable_ptmx_check=yes
482 PATH="$PATH:/usr/etc"
483 AC_DEFINE(BROKEN_INET_NTOA, 1,
484 [Define if you system's inet_ntoa is busted
485 (e.g. Irix gcc issue)])
486 AC_DEFINE(SETEUID_BREAKS_SETUID)
487 AC_DEFINE(BROKEN_SETREUID)
488 AC_DEFINE(BROKEN_SETREGID)
489 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
490 [Define if you shouldn't strip 'tty' from your
492 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
495 PATH="$PATH:/usr/etc"
496 AC_DEFINE(WITH_IRIX_ARRAY, 1,
497 [Define if you have/want arrays
498 (cluster-wide session managment, not C arrays)])
499 AC_DEFINE(WITH_IRIX_PROJECT, 1,
500 [Define if you want IRIX project management])
501 AC_DEFINE(WITH_IRIX_AUDIT, 1,
502 [Define if you want IRIX audit trails])
503 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
504 [Define if you want IRIX kernel jobs])])
505 AC_DEFINE(BROKEN_INET_NTOA)
506 AC_DEFINE(SETEUID_BREAKS_SETUID)
507 AC_DEFINE(BROKEN_SETREUID)
508 AC_DEFINE(BROKEN_SETREGID)
509 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
510 AC_DEFINE(WITH_ABBREV_NO_TTY)
511 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
515 check_for_libcrypt_later=1
516 check_for_openpty_ctty_bug=1
517 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
518 AC_DEFINE(PAM_TTY_KLUDGE, 1,
519 [Work around problematic Linux PAM modules handling of PAM_TTY])
520 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
521 [String used in /etc/passwd to denote locked account])
522 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
523 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
524 [Define to whatever link() returns for "not supported"
525 if it doesn't return EOPNOTSUPP.])
526 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
528 inet6_default_4in6=yes
531 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
532 [Define if cmsg_type is not passed correctly])
535 # tun(4) forwarding compat code
536 AC_CHECK_HEADERS(linux/if_tun.h)
537 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
538 AC_DEFINE(SSH_TUN_LINUX, 1,
539 [Open tunnel devices the Linux tun/tap way])
540 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
541 [Use tunnel device compatibility to OpenBSD])
542 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
543 [Prepend the address family to IP tunnel traffic])
546 mips-sony-bsd|mips-sony-newsos4)
547 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
551 check_for_libcrypt_before=1
552 if test "x$withval" != "xno" ; then
555 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
556 AC_CHECK_HEADER([net/if_tap.h], ,
557 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
558 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
559 [Prepend the address family to IP tunnel traffic])
562 check_for_libcrypt_later=1
563 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
564 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
565 AC_CHECK_HEADER([net/if_tap.h], ,
566 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
569 AC_DEFINE(SETEUID_BREAKS_SETUID)
570 AC_DEFINE(BROKEN_SETREUID)
571 AC_DEFINE(BROKEN_SETREGID)
574 conf_lastlog_location="/usr/adm/lastlog"
575 conf_utmp_location=/etc/utmp
576 conf_wtmp_location=/usr/adm/wtmp
578 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
579 AC_DEFINE(BROKEN_REALPATH)
581 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
584 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
585 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
586 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
587 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
588 [syslog_r function is safe to use in in a signal handler])
591 if test "x$withval" != "xno" ; then
594 AC_DEFINE(PAM_SUN_CODEBASE)
595 AC_DEFINE(LOGIN_NEEDS_UTMPX)
596 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
597 [Some versions of /bin/login need the TERM supplied
599 AC_DEFINE(PAM_TTY_KLUDGE)
600 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
601 [Define if pam_chauthtok wants real uid set
602 to the unpriv'ed user])
603 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
604 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
605 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
606 [Define if sshd somehow reacquires a controlling TTY
608 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
609 in case the name is longer than 8 chars])
610 external_path_file=/etc/default/login
611 # hardwire lastlog location (can't detect it on some versions)
612 conf_lastlog_location="/var/adm/lastlog"
613 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
614 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
615 if test "$sol2ver" -ge 8; then
617 AC_DEFINE(DISABLE_UTMP)
618 AC_DEFINE(DISABLE_WTMP, 1,
619 [Define if you don't want to use wtmp])
623 AC_ARG_WITH(solaris-contracts,
624 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
626 AC_CHECK_LIB(contract, ct_tmpl_activate,
627 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
628 [Define if you have Solaris process contracts])
629 SSHDLIBS="$SSHDLIBS -lcontract"
636 CPPFLAGS="$CPPFLAGS -DSUNOS4"
637 AC_CHECK_FUNCS(getpwanam)
638 AC_DEFINE(PAM_SUN_CODEBASE)
639 conf_utmp_location=/etc/utmp
640 conf_wtmp_location=/var/adm/wtmp
641 conf_lastlog_location=/var/adm/lastlog
647 AC_DEFINE(SSHD_ACQUIRES_CTTY)
648 AC_DEFINE(SETEUID_BREAKS_SETUID)
649 AC_DEFINE(BROKEN_SETREUID)
650 AC_DEFINE(BROKEN_SETREGID)
653 # /usr/ucblib MUST NOT be searched on ReliantUNIX
654 AC_CHECK_LIB(dl, dlsym, ,)
655 # -lresolv needs to be at the end of LIBS or DNS lookups break
656 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
657 IPADDR_IN_DISPLAY=yes
659 AC_DEFINE(IP_TOS_IS_BROKEN)
660 AC_DEFINE(SETEUID_BREAKS_SETUID)
661 AC_DEFINE(BROKEN_SETREUID)
662 AC_DEFINE(BROKEN_SETREGID)
663 AC_DEFINE(SSHD_ACQUIRES_CTTY)
664 external_path_file=/etc/default/login
665 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
666 # Attention: always take care to bind libsocket and libnsl before libc,
667 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
669 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
672 AC_DEFINE(SETEUID_BREAKS_SETUID)
673 AC_DEFINE(BROKEN_SETREUID)
674 AC_DEFINE(BROKEN_SETREGID)
675 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
676 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
678 # UnixWare 7.x, OpenUNIX 8
680 check_for_libcrypt_later=1
681 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
683 AC_DEFINE(SETEUID_BREAKS_SETUID)
684 AC_DEFINE(BROKEN_SETREUID)
685 AC_DEFINE(BROKEN_SETREGID)
686 AC_DEFINE(PASSWD_NEEDS_USERNAME)
688 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
689 TEST_SHELL=/u95/bin/sh
690 AC_DEFINE(BROKEN_LIBIAF, 1,
691 [ia_uinfo routines not supported by OS yet])
692 AC_DEFINE(BROKEN_UPDWTMPX)
694 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
700 # SCO UNIX and OEM versions of SCO UNIX
702 AC_MSG_ERROR("This Platform is no longer supported.")
706 if test -z "$GCC"; then
707 CFLAGS="$CFLAGS -belf"
709 LIBS="$LIBS -lprot -lx -ltinfo -lm"
712 AC_DEFINE(HAVE_SECUREWARE)
713 AC_DEFINE(DISABLE_SHADOW)
714 AC_DEFINE(DISABLE_FD_PASSING)
715 AC_DEFINE(SETEUID_BREAKS_SETUID)
716 AC_DEFINE(BROKEN_SETREUID)
717 AC_DEFINE(BROKEN_SETREGID)
718 AC_DEFINE(WITH_ABBREV_NO_TTY)
719 AC_DEFINE(BROKEN_UPDWTMPX)
720 AC_DEFINE(PASSWD_NEEDS_USERNAME)
721 AC_CHECK_FUNCS(getluid setluid)
726 AC_DEFINE(NO_SSH_LASTLOG, 1,
727 [Define if you don't want to use lastlog in session.c])
728 AC_DEFINE(SETEUID_BREAKS_SETUID)
729 AC_DEFINE(BROKEN_SETREUID)
730 AC_DEFINE(BROKEN_SETREGID)
732 AC_DEFINE(DISABLE_FD_PASSING)
734 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
738 AC_DEFINE(SETEUID_BREAKS_SETUID)
739 AC_DEFINE(BROKEN_SETREUID)
740 AC_DEFINE(BROKEN_SETREGID)
741 AC_DEFINE(WITH_ABBREV_NO_TTY)
743 AC_DEFINE(DISABLE_FD_PASSING)
745 LIBS="$LIBS -lgen -lacid -ldb"
749 AC_DEFINE(SETEUID_BREAKS_SETUID)
750 AC_DEFINE(BROKEN_SETREUID)
751 AC_DEFINE(BROKEN_SETREGID)
753 AC_DEFINE(DISABLE_FD_PASSING)
754 AC_DEFINE(NO_SSH_LASTLOG)
755 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
756 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
760 AC_MSG_CHECKING(for Digital Unix SIA)
763 [ --with-osfsia Enable Digital Unix SIA],
765 if test "x$withval" = "xno" ; then
766 AC_MSG_RESULT(disabled)
771 if test -z "$no_osfsia" ; then
772 if test -f /etc/sia/matrix.conf; then
774 AC_DEFINE(HAVE_OSF_SIA, 1,
775 [Define if you have Digital Unix Security
776 Integration Architecture])
777 AC_DEFINE(DISABLE_LOGIN, 1,
778 [Define if you don't want to use your
779 system's login() call])
780 AC_DEFINE(DISABLE_FD_PASSING)
781 LIBS="$LIBS -lsecurity -ldb -lm -laud"
785 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
786 [String used in /etc/passwd to denote locked account])
789 AC_DEFINE(BROKEN_GETADDRINFO)
790 AC_DEFINE(SETEUID_BREAKS_SETUID)
791 AC_DEFINE(BROKEN_SETREUID)
792 AC_DEFINE(BROKEN_SETREGID)
797 AC_DEFINE(NO_X11_UNIX_SOCKETS)
798 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
799 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
800 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
801 AC_DEFINE(DISABLE_LASTLOG)
802 AC_DEFINE(SSHD_ACQUIRES_CTTY)
803 enable_etc_default_login=no # has incompatible /etc/default/login
807 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
808 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
809 AC_DEFINE(NEED_SETPGRP)
810 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
814 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
815 AC_DEFINE(MISSING_HOWMANY)
816 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
820 AC_MSG_CHECKING(compiler and flags for sanity)
826 [ AC_MSG_RESULT(yes) ],
829 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
831 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
834 dnl Checks for header files.
835 # Checks for libraries.
836 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
837 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
839 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
840 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
841 AC_CHECK_LIB(gen, dirname,[
842 AC_CACHE_CHECK([for broken dirname],
843 ac_cv_have_broken_dirname, [
851 int main(int argc, char **argv) {
854 strncpy(buf,"/etc", 32);
856 if (!s || strncmp(s, "/", 32) != 0) {
863 [ ac_cv_have_broken_dirname="no" ],
864 [ ac_cv_have_broken_dirname="yes" ],
865 [ ac_cv_have_broken_dirname="no" ],
869 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
871 AC_DEFINE(HAVE_DIRNAME)
872 AC_CHECK_HEADERS(libgen.h)
877 AC_CHECK_FUNC(getspnam, ,
878 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
879 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
880 [Define if you have the basename function.]))
884 [ --with-zlib=PATH Use zlib in PATH],
885 [ if test "x$withval" = "xno" ; then
886 AC_MSG_ERROR([*** zlib is required ***])
887 elif test "x$withval" != "xyes"; then
888 if test -d "$withval/lib"; then
889 if test -n "${need_dash_r}"; then
890 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
892 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
895 if test -n "${need_dash_r}"; then
896 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
898 LDFLAGS="-L${withval} ${LDFLAGS}"
901 if test -d "$withval/include"; then
902 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
904 CPPFLAGS="-I${withval} ${CPPFLAGS}"
909 AC_CHECK_LIB(z, deflate, ,
911 saved_CPPFLAGS="$CPPFLAGS"
912 saved_LDFLAGS="$LDFLAGS"
914 dnl Check default zlib install dir
915 if test -n "${need_dash_r}"; then
916 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
918 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
920 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
922 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
924 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
929 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
931 AC_ARG_WITH(zlib-version-check,
932 [ --without-zlib-version-check Disable zlib version check],
933 [ if test "x$withval" = "xno" ; then
934 zlib_check_nonfatal=1
939 AC_MSG_CHECKING(for possibly buggy zlib)
940 AC_RUN_IFELSE([AC_LANG_SOURCE([[
945 int a=0, b=0, c=0, d=0, n, v;
946 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
947 if (n != 3 && n != 4)
949 v = a*1000000 + b*10000 + c*100 + d;
950 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
953 if (a == 1 && b == 1 && c >= 4)
956 /* 1.2.3 and up are OK */
965 if test -z "$zlib_check_nonfatal" ; then
966 AC_MSG_ERROR([*** zlib too old - check config.log ***
967 Your reported zlib version has known security problems. It's possible your
968 vendor has fixed these problems without changing the version number. If you
969 are sure this is the case, you can disable the check by running
970 "./configure --without-zlib-version-check".
971 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
972 See http://www.gzip.org/zlib/ for details.])
974 AC_MSG_WARN([zlib version may have security problems])
977 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
981 AC_CHECK_FUNC(strcasecmp,
982 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
984 AC_CHECK_FUNCS(utimes,
985 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
986 LIBS="$LIBS -lc89"]) ]
989 dnl Checks for libutil functions
990 AC_CHECK_HEADERS(libutil.h)
991 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
992 [Define if your libraries define login()])])
993 AC_CHECK_FUNCS(logout updwtmp logwtmp)
997 # Check for ALTDIRFUNC glob() extension
998 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
999 AC_EGREP_CPP(FOUNDIT,
1002 #ifdef GLOB_ALTDIRFUNC
1007 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1008 [Define if your system glob() function has
1009 the GLOB_ALTDIRFUNC extension])
1017 # Check for g.gl_matchc glob() extension
1018 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1020 [ #include <glob.h> ],
1021 [glob_t g; g.gl_matchc = 1;],
1023 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1024 [Define if your system glob() function has
1025 gl_matchc options in glob_t])
1033 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1035 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1038 #include <sys/types.h>
1040 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1042 [AC_MSG_RESULT(yes)],
1045 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1046 [Define if your struct dirent expects you to
1047 allocate extra space for d_name])
1050 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1051 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1055 AC_MSG_CHECKING([for /proc/pid/fd directory])
1056 if test -d "/proc/$$/fd" ; then
1057 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1063 # Check whether user wants S/Key support
1066 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1068 if test "x$withval" != "xno" ; then
1070 if test "x$withval" != "xyes" ; then
1071 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1072 LDFLAGS="$LDFLAGS -L${withval}/lib"
1075 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1079 AC_MSG_CHECKING([for s/key support])
1084 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1086 [AC_MSG_RESULT(yes)],
1089 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1091 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1095 [(void)skeychallenge(NULL,"name","",0);],
1097 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1098 [Define if your skeychallenge()
1099 function takes 4 arguments (NetBSD)])],
1106 # Check whether user wants TCP wrappers support
1108 AC_ARG_WITH(tcp-wrappers,
1109 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1111 if test "x$withval" != "xno" ; then
1113 saved_LDFLAGS="$LDFLAGS"
1114 saved_CPPFLAGS="$CPPFLAGS"
1115 if test -n "${withval}" && \
1116 test "x${withval}" != "xyes"; then
1117 if test -d "${withval}/lib"; then
1118 if test -n "${need_dash_r}"; then
1119 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1121 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1124 if test -n "${need_dash_r}"; then
1125 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1127 LDFLAGS="-L${withval} ${LDFLAGS}"
1130 if test -d "${withval}/include"; then
1131 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1133 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1137 LIBS="$LIBWRAP $LIBS"
1138 AC_MSG_CHECKING(for libwrap)
1141 #include <sys/types.h>
1142 #include <sys/socket.h>
1143 #include <netinet/in.h>
1145 int deny_severity = 0, allow_severity = 0;
1150 AC_DEFINE(LIBWRAP, 1,
1152 TCP Wrappers support])
1157 AC_MSG_ERROR([*** libwrap missing])
1165 # Check whether user wants libedit support
1167 AC_ARG_WITH(libedit,
1168 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1169 [ if test "x$withval" != "xno" ; then
1170 if test "x$withval" != "xyes"; then
1171 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1172 if test -n "${need_dash_r}"; then
1173 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1175 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1178 AC_CHECK_LIB(edit, el_init,
1179 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1180 LIBEDIT="-ledit -lcurses"
1184 [ AC_MSG_ERROR(libedit not found) ],
1187 AC_MSG_CHECKING(if libedit version is compatible)
1190 #include <histedit.h>
1194 el_init("", NULL, NULL, NULL);
1198 [ AC_MSG_RESULT(yes) ],
1200 AC_MSG_ERROR(libedit version is not compatible) ]
1207 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1209 AC_MSG_CHECKING(for supported audit module)
1214 dnl Checks for headers, libs and functions
1215 AC_CHECK_HEADERS(bsm/audit.h, [],
1216 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1223 AC_CHECK_LIB(bsm, getaudit, [],
1224 [AC_MSG_ERROR(BSM enabled and required library not found)])
1225 AC_CHECK_FUNCS(getaudit, [],
1226 [AC_MSG_ERROR(BSM enabled and required function not found)])
1227 # These are optional
1228 AC_CHECK_FUNCS(getaudit_addr)
1229 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1233 AC_MSG_RESULT(debug)
1234 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1240 AC_MSG_ERROR([Unknown audit module $withval])
1245 dnl Checks for library functions. Please keep in alphabetical order
1330 # IRIX has a const char return value for gai_strerror()
1331 AC_CHECK_FUNCS(gai_strerror,[
1332 AC_DEFINE(HAVE_GAI_STRERROR)
1334 #include <sys/types.h>
1335 #include <sys/socket.h>
1338 const char *gai_strerror(int);],[
1341 str = gai_strerror(0);],[
1342 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1343 [Define if gai_strerror() returns const char *])])])
1345 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1346 [Some systems put nanosleep outside of libc]))
1348 dnl Make sure prototypes are defined for these before using them.
1349 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1350 AC_CHECK_DECL(strsep,
1351 [AC_CHECK_FUNCS(strsep)],
1354 #ifdef HAVE_STRING_H
1355 # include <string.h>
1359 dnl tcsendbreak might be a macro
1360 AC_CHECK_DECL(tcsendbreak,
1361 [AC_DEFINE(HAVE_TCSENDBREAK)],
1362 [AC_CHECK_FUNCS(tcsendbreak)],
1363 [#include <termios.h>]
1366 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1368 AC_CHECK_DECLS(SHUT_RD, , ,
1370 #include <sys/types.h>
1371 #include <sys/socket.h>
1374 AC_CHECK_DECLS(O_NONBLOCK, , ,
1376 #include <sys/types.h>
1377 #ifdef HAVE_SYS_STAT_H
1378 # include <sys/stat.h>
1385 AC_CHECK_DECLS(writev, , , [
1386 #include <sys/types.h>
1387 #include <sys/uio.h>
1391 AC_CHECK_FUNCS(setresuid, [
1392 dnl Some platorms have setresuid that isn't implemented, test for this
1393 AC_MSG_CHECKING(if setresuid seems to work)
1398 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1400 [AC_MSG_RESULT(yes)],
1401 [AC_DEFINE(BROKEN_SETRESUID, 1,
1402 [Define if your setresuid() is broken])
1403 AC_MSG_RESULT(not implemented)],
1404 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1408 AC_CHECK_FUNCS(setresgid, [
1409 dnl Some platorms have setresgid that isn't implemented, test for this
1410 AC_MSG_CHECKING(if setresgid seems to work)
1415 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1417 [AC_MSG_RESULT(yes)],
1418 [AC_DEFINE(BROKEN_SETRESGID, 1,
1419 [Define if your setresgid() is broken])
1420 AC_MSG_RESULT(not implemented)],
1421 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1425 dnl Checks for time functions
1426 AC_CHECK_FUNCS(gettimeofday time)
1427 dnl Checks for utmp functions
1428 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1429 AC_CHECK_FUNCS(utmpname)
1430 dnl Checks for utmpx functions
1431 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1432 AC_CHECK_FUNCS(setutxent utmpxname)
1434 AC_CHECK_FUNC(daemon,
1435 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1436 [AC_CHECK_LIB(bsd, daemon,
1437 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1440 AC_CHECK_FUNC(getpagesize,
1441 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1442 [Define if your libraries define getpagesize()])],
1443 [AC_CHECK_LIB(ucb, getpagesize,
1444 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1447 # Check for broken snprintf
1448 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1449 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1453 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1455 [AC_MSG_RESULT(yes)],
1458 AC_DEFINE(BROKEN_SNPRINTF, 1,
1459 [Define if your snprintf is busted])
1460 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1462 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1466 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1467 # returning the right thing on overflow: the number of characters it tried to
1468 # create (as per SUSv3)
1469 if test "x$ac_cv_func_asprintf" != "xyes" && \
1470 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1471 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1474 #include <sys/types.h>
1478 int x_snprintf(char *str,size_t count,const char *fmt,...)
1480 size_t ret; va_list ap;
1481 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1487 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1489 [AC_MSG_RESULT(yes)],
1492 AC_DEFINE(BROKEN_SNPRINTF, 1,
1493 [Define if your snprintf is busted])
1494 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1496 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1500 # On systems where [v]snprintf is broken, but is declared in stdio,
1501 # check that the fmt argument is const char * or just char *.
1502 # This is only useful for when BROKEN_SNPRINTF
1503 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1504 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1505 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1506 int main(void) { snprintf(0, 0, 0); }
1509 AC_DEFINE(SNPRINTF_CONST, [const],
1510 [Define as const if snprintf() can declare const char *fmt])],
1512 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1514 # Check for missing getpeereid (or equiv) support
1516 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1517 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1519 [#include <sys/types.h>
1520 #include <sys/socket.h>],
1521 [int i = SO_PEERCRED;],
1522 [ AC_MSG_RESULT(yes)
1523 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1530 dnl see whether mkstemp() requires XXXXXX
1531 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1532 AC_MSG_CHECKING([for (overly) strict mkstemp])
1536 main() { char template[]="conftest.mkstemp-test";
1537 if (mkstemp(template) == -1)
1539 unlink(template); exit(0);
1547 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1551 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1556 dnl make sure that openpty does not reacquire controlling terminal
1557 if test ! -z "$check_for_openpty_ctty_bug"; then
1558 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1562 #include <sys/fcntl.h>
1563 #include <sys/types.h>
1564 #include <sys/wait.h>
1570 int fd, ptyfd, ttyfd, status;
1573 if (pid < 0) { /* failed */
1575 } else if (pid > 0) { /* parent */
1576 waitpid(pid, &status, 0);
1577 if (WIFEXITED(status))
1578 exit(WEXITSTATUS(status));
1581 } else { /* child */
1582 close(0); close(1); close(2);
1584 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1585 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1587 exit(3); /* Acquired ctty: broken */
1589 exit(0); /* Did not acquire ctty: OK */
1598 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1601 AC_MSG_RESULT(cross-compiling, assuming yes)
1606 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1607 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1608 AC_MSG_CHECKING(if getaddrinfo seems to work)
1612 #include <sys/socket.h>
1615 #include <netinet/in.h>
1617 #define TEST_PORT "2222"
1623 struct addrinfo *gai_ai, *ai, hints;
1624 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1626 memset(&hints, 0, sizeof(hints));
1627 hints.ai_family = PF_UNSPEC;
1628 hints.ai_socktype = SOCK_STREAM;
1629 hints.ai_flags = AI_PASSIVE;
1631 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1633 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1637 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1638 if (ai->ai_family != AF_INET6)
1641 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1642 sizeof(ntop), strport, sizeof(strport),
1643 NI_NUMERICHOST|NI_NUMERICSERV);
1646 if (err == EAI_SYSTEM)
1647 perror("getnameinfo EAI_SYSTEM");
1649 fprintf(stderr, "getnameinfo failed: %s\n",
1654 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1657 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1670 AC_DEFINE(BROKEN_GETADDRINFO)
1673 AC_MSG_RESULT(cross-compiling, assuming yes)
1678 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1679 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1680 AC_MSG_CHECKING(if getaddrinfo seems to work)
1684 #include <sys/socket.h>
1687 #include <netinet/in.h>
1689 #define TEST_PORT "2222"
1695 struct addrinfo *gai_ai, *ai, hints;
1696 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1698 memset(&hints, 0, sizeof(hints));
1699 hints.ai_family = PF_UNSPEC;
1700 hints.ai_socktype = SOCK_STREAM;
1701 hints.ai_flags = AI_PASSIVE;
1703 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1705 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1709 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1710 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1713 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1714 sizeof(ntop), strport, sizeof(strport),
1715 NI_NUMERICHOST|NI_NUMERICSERV);
1717 if (ai->ai_family == AF_INET && err != 0) {
1718 perror("getnameinfo");
1727 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1728 [Define if you have a getaddrinfo that fails
1729 for the all-zeros IPv6 address])
1733 AC_DEFINE(BROKEN_GETADDRINFO)
1736 AC_MSG_RESULT(cross-compiling, assuming no)
1741 if test "x$check_for_conflicting_getspnam" = "x1"; then
1742 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1746 int main(void) {exit(0);}
1753 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1754 [Conflicting defs for getspnam])
1761 # Search for OpenSSL
1762 saved_CPPFLAGS="$CPPFLAGS"
1763 saved_LDFLAGS="$LDFLAGS"
1764 AC_ARG_WITH(ssl-dir,
1765 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1767 if test "x$withval" != "xno" ; then
1770 ./*|../*) withval="`pwd`/$withval"
1772 if test -d "$withval/lib"; then
1773 if test -n "${need_dash_r}"; then
1774 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1776 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1779 if test -n "${need_dash_r}"; then
1780 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1782 LDFLAGS="-L${withval} ${LDFLAGS}"
1785 if test -d "$withval/include"; then
1786 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1788 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1793 LIBS="-lcrypto $LIBS"
1794 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1795 [Define if your ssl headers are included
1796 with #include <openssl/header.h>]),
1798 dnl Check default openssl install dir
1799 if test -n "${need_dash_r}"; then
1800 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1802 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1804 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1805 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1807 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1813 # Determine OpenSSL header version
1814 AC_MSG_CHECKING([OpenSSL header version])
1819 #include <openssl/opensslv.h>
1820 #define DATA "conftest.sslincver"
1825 fd = fopen(DATA,"w");
1829 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1836 ssl_header_ver=`cat conftest.sslincver`
1837 AC_MSG_RESULT($ssl_header_ver)
1840 AC_MSG_RESULT(not found)
1841 AC_MSG_ERROR(OpenSSL version header not found.)
1844 AC_MSG_WARN([cross compiling: not checking])
1848 # Determine OpenSSL library version
1849 AC_MSG_CHECKING([OpenSSL library version])
1854 #include <openssl/opensslv.h>
1855 #include <openssl/crypto.h>
1856 #define DATA "conftest.ssllibver"
1861 fd = fopen(DATA,"w");
1865 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1872 ssl_library_ver=`cat conftest.ssllibver`
1873 AC_MSG_RESULT($ssl_library_ver)
1876 AC_MSG_RESULT(not found)
1877 AC_MSG_ERROR(OpenSSL library not found.)
1880 AC_MSG_WARN([cross compiling: not checking])
1884 AC_ARG_WITH(openssl-header-check,
1885 [ --without-openssl-header-check Disable OpenSSL version consistency check],
1886 [ if test "x$withval" = "xno" ; then
1887 openssl_check_nonfatal=1
1892 # Sanity check OpenSSL headers
1893 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1897 #include <openssl/opensslv.h>
1898 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1905 if test "x$openssl_check_nonfatal" = "x"; then
1906 AC_MSG_ERROR([Your OpenSSL headers do not match your
1907 library. Check config.log for details.
1908 If you are sure your installation is consistent, you can disable the check
1909 by running "./configure --without-openssl-header-check".
1910 Also see contrib/findssl.sh for help identifying header/library mismatches.
1913 AC_MSG_WARN([Your OpenSSL headers do not match your
1914 library. Check config.log for details.
1915 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1919 AC_MSG_WARN([cross compiling: not checking])
1923 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1926 #include <openssl/evp.h>
1927 int main(void) { SSLeay_add_all_algorithms(); }
1936 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1939 #include <openssl/evp.h>
1940 int main(void) { SSLeay_add_all_algorithms(); }
1953 AC_ARG_WITH(ssl-engine,
1954 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1955 [ if test "x$withval" != "xno" ; then
1956 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1958 [ #include <openssl/engine.h>],
1960 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
1962 [ AC_MSG_RESULT(yes)
1963 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1964 [Enable OpenSSL engine support])
1966 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1971 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1972 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1976 #include <openssl/evp.h>
1977 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1984 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1985 [libcrypto is missing AES 192 and 256 bit functions])
1989 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1990 # because the system crypt() is more featureful.
1991 if test "x$check_for_libcrypt_before" = "x1"; then
1992 AC_CHECK_LIB(crypt, crypt)
1995 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1996 # version in OpenSSL.
1997 if test "x$check_for_libcrypt_later" = "x1"; then
1998 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2001 # Search for SHA256 support in libc and/or OpenSSL
2002 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2004 AC_CHECK_LIB(iaf, ia_openinfo)
2006 ### Configure cryptographic random number support
2008 # Check wheter OpenSSL seeds itself
2009 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2013 #include <openssl/rand.h>
2014 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2017 OPENSSL_SEEDS_ITSELF=yes
2022 # Default to use of the rand helper if OpenSSL doesn't
2027 AC_MSG_WARN([cross compiling: assuming yes])
2028 # This is safe, since all recent OpenSSL versions will
2029 # complain at runtime if not seeded correctly.
2030 OPENSSL_SEEDS_ITSELF=yes
2034 # Check for PAM libs
2037 [ --with-pam Enable PAM support ],
2039 if test "x$withval" != "xno" ; then
2040 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2041 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2042 AC_MSG_ERROR([PAM headers not found])
2046 AC_CHECK_LIB(dl, dlopen, , )
2047 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2048 AC_CHECK_FUNCS(pam_getenvlist)
2049 AC_CHECK_FUNCS(pam_putenv)
2055 AC_DEFINE(USE_PAM, 1,
2056 [Define if you want to enable PAM support])
2058 if test $ac_cv_lib_dl_dlopen = yes; then
2061 # libdl already in LIBS
2064 LIBPAM="$LIBPAM -ldl"
2073 # Check for older PAM
2074 if test "x$PAM_MSG" = "xyes" ; then
2075 # Check PAM strerror arguments (old PAM)
2076 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2080 #if defined(HAVE_SECURITY_PAM_APPL_H)
2081 #include <security/pam_appl.h>
2082 #elif defined (HAVE_PAM_PAM_APPL_H)
2083 #include <pam/pam_appl.h>
2086 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2087 [AC_MSG_RESULT(no)],
2089 AC_DEFINE(HAVE_OLD_PAM, 1,
2090 [Define if you have an old version of PAM
2091 which takes only one argument to pam_strerror])
2093 PAM_MSG="yes (old library)"
2098 # Do we want to force the use of the rand helper?
2099 AC_ARG_WITH(rand-helper,
2100 [ --with-rand-helper Use subprocess to gather strong randomness ],
2102 if test "x$withval" = "xno" ; then
2103 # Force use of OpenSSL's internal RNG, even if
2104 # the previous test showed it to be unseeded.
2105 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2106 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2107 OPENSSL_SEEDS_ITSELF=yes
2116 # Which randomness source do we use?
2117 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2119 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2120 [Define if you want OpenSSL's internally seeded PRNG only])
2121 RAND_MSG="OpenSSL internal ONLY"
2122 INSTALL_SSH_RAND_HELPER=""
2123 elif test ! -z "$USE_RAND_HELPER" ; then
2124 # install rand helper
2125 RAND_MSG="ssh-rand-helper"
2126 INSTALL_SSH_RAND_HELPER="yes"
2128 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2130 ### Configuration of ssh-rand-helper
2133 AC_ARG_WITH(prngd-port,
2134 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2143 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2146 if test ! -z "$withval" ; then
2147 PRNGD_PORT="$withval"
2148 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2149 [Port number of PRNGD/EGD random number socket])
2154 # PRNGD Unix domain socket
2155 AC_ARG_WITH(prngd-socket,
2156 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2160 withval="/var/run/egd-pool"
2168 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2172 if test ! -z "$withval" ; then
2173 if test ! -z "$PRNGD_PORT" ; then
2174 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2176 if test ! -r "$withval" ; then
2177 AC_MSG_WARN(Entropy socket is not readable)
2179 PRNGD_SOCKET="$withval"
2180 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2181 [Location of PRNGD/EGD random number socket])
2185 # Check for existing socket only if we don't have a random device already
2186 if test "$USE_RAND_HELPER" = yes ; then
2187 AC_MSG_CHECKING(for PRNGD/EGD socket)
2188 # Insert other locations here
2189 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2190 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2191 PRNGD_SOCKET="$sock"
2192 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2196 if test ! -z "$PRNGD_SOCKET" ; then
2197 AC_MSG_RESULT($PRNGD_SOCKET)
2199 AC_MSG_RESULT(not found)
2205 # Change default command timeout for hashing entropy source
2207 AC_ARG_WITH(entropy-timeout,
2208 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2210 if test -n "$withval" && test "x$withval" != "xno" && \
2211 test "x${withval}" != "xyes"; then
2212 entropy_timeout=$withval
2216 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2217 [Builtin PRNG command timeout])
2219 SSH_PRIVSEP_USER=sshd
2220 AC_ARG_WITH(privsep-user,
2221 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2223 if test -n "$withval" && test "x$withval" != "xno" && \
2224 test "x${withval}" != "xyes"; then
2225 SSH_PRIVSEP_USER=$withval
2229 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2230 [non-privileged user for privilege separation])
2231 AC_SUBST(SSH_PRIVSEP_USER)
2233 # We do this little dance with the search path to insure
2234 # that programs that we select for use by installed programs
2235 # (which may be run by the super-user) come from trusted
2236 # locations before they come from the user's private area.
2237 # This should help avoid accidentally configuring some
2238 # random version of a program in someone's personal bin.
2242 test -h /bin 2> /dev/null && PATH=/usr/bin
2243 test -d /sbin && PATH=$PATH:/sbin
2244 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2245 PATH=$PATH:/etc:$OPATH
2247 # These programs are used by the command hashing source to gather entropy
2248 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2249 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2250 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2251 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2252 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2253 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2254 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2255 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2256 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2257 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2258 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2259 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2260 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2261 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2262 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2263 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2267 # Where does ssh-rand-helper get its randomness from?
2268 INSTALL_SSH_PRNG_CMDS=""
2269 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2270 if test ! -z "$PRNGD_PORT" ; then
2271 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2272 elif test ! -z "$PRNGD_SOCKET" ; then
2273 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2275 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2276 RAND_HELPER_CMDHASH=yes
2277 INSTALL_SSH_PRNG_CMDS="yes"
2280 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2283 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2284 if test ! -z "$SONY" ; then
2285 LIBS="$LIBS -liberty";
2288 # Check for long long datatypes
2289 AC_CHECK_TYPES([long long, unsigned long long, long double])
2291 # Check datatype sizes
2292 AC_CHECK_SIZEOF(char, 1)
2293 AC_CHECK_SIZEOF(short int, 2)
2294 AC_CHECK_SIZEOF(int, 4)
2295 AC_CHECK_SIZEOF(long int, 4)
2296 AC_CHECK_SIZEOF(long long int, 8)
2298 # Sanity check long long for some platforms (AIX)
2299 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2300 ac_cv_sizeof_long_long_int=0
2303 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2304 if test -z "$have_llong_max"; then
2305 AC_MSG_CHECKING([for max value of long long])
2309 /* Why is this so damn hard? */
2313 #define __USE_ISOC99
2315 #define DATA "conftest.llminmax"
2316 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2319 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2320 * we do this the hard way.
2323 fprint_ll(FILE *f, long long n)
2326 int l[sizeof(long long) * 8];
2329 if (fprintf(f, "-") < 0)
2331 for (i = 0; n != 0; i++) {
2332 l[i] = my_abs(n % 10);
2336 if (fprintf(f, "%d", l[--i]) < 0)
2339 if (fprintf(f, " ") < 0)
2346 long long i, llmin, llmax = 0;
2348 if((f = fopen(DATA,"w")) == NULL)
2351 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2352 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2356 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2357 /* This will work on one's complement and two's complement */
2358 for (i = 1; i > llmax; i <<= 1, i++)
2360 llmin = llmax + 1LL; /* wrap */
2364 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2365 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2366 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2367 fprintf(f, "unknown unknown\n");
2371 if (fprint_ll(f, llmin) < 0)
2373 if (fprint_ll(f, llmax) < 0)
2381 llong_min=`$AWK '{print $1}' conftest.llminmax`
2382 llong_max=`$AWK '{print $2}' conftest.llminmax`
2384 AC_MSG_RESULT($llong_max)
2385 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2386 [max value of long long calculated by configure])
2387 AC_MSG_CHECKING([for min value of long long])
2388 AC_MSG_RESULT($llong_min)
2389 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2390 [min value of long long calculated by configure])
2393 AC_MSG_RESULT(not found)
2396 AC_MSG_WARN([cross compiling: not checking])
2402 # More checks for data types
2403 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2405 [ #include <sys/types.h> ],
2407 [ ac_cv_have_u_int="yes" ],
2408 [ ac_cv_have_u_int="no" ]
2411 if test "x$ac_cv_have_u_int" = "xyes" ; then
2412 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2416 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2418 [ #include <sys/types.h> ],
2419 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2420 [ ac_cv_have_intxx_t="yes" ],
2421 [ ac_cv_have_intxx_t="no" ]
2424 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2425 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2429 if (test -z "$have_intxx_t" && \
2430 test "x$ac_cv_header_stdint_h" = "xyes")
2432 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2434 [ #include <stdint.h> ],
2435 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2437 AC_DEFINE(HAVE_INTXX_T)
2440 [ AC_MSG_RESULT(no) ]
2444 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2447 #include <sys/types.h>
2448 #ifdef HAVE_STDINT_H
2449 # include <stdint.h>
2451 #include <sys/socket.h>
2452 #ifdef HAVE_SYS_BITYPES_H
2453 # include <sys/bitypes.h>
2456 [ int64_t a; a = 1;],
2457 [ ac_cv_have_int64_t="yes" ],
2458 [ ac_cv_have_int64_t="no" ]
2461 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2462 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2465 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2467 [ #include <sys/types.h> ],
2468 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2469 [ ac_cv_have_u_intxx_t="yes" ],
2470 [ ac_cv_have_u_intxx_t="no" ]
2473 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2474 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2478 if test -z "$have_u_intxx_t" ; then
2479 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2481 [ #include <sys/socket.h> ],
2482 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2484 AC_DEFINE(HAVE_U_INTXX_T)
2487 [ AC_MSG_RESULT(no) ]
2491 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2493 [ #include <sys/types.h> ],
2494 [ u_int64_t a; a = 1;],
2495 [ ac_cv_have_u_int64_t="yes" ],
2496 [ ac_cv_have_u_int64_t="no" ]
2499 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2500 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2504 if test -z "$have_u_int64_t" ; then
2505 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2507 [ #include <sys/bitypes.h> ],
2508 [ u_int64_t a; a = 1],
2510 AC_DEFINE(HAVE_U_INT64_T)
2513 [ AC_MSG_RESULT(no) ]
2517 if test -z "$have_u_intxx_t" ; then
2518 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2521 #include <sys/types.h>
2523 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2524 [ ac_cv_have_uintxx_t="yes" ],
2525 [ ac_cv_have_uintxx_t="no" ]
2528 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2529 AC_DEFINE(HAVE_UINTXX_T, 1,
2530 [define if you have uintxx_t data type])
2534 if test -z "$have_uintxx_t" ; then
2535 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2537 [ #include <stdint.h> ],
2538 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2540 AC_DEFINE(HAVE_UINTXX_T)
2543 [ AC_MSG_RESULT(no) ]
2547 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2548 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2550 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2553 #include <sys/bitypes.h>
2556 int8_t a; int16_t b; int32_t c;
2557 u_int8_t e; u_int16_t f; u_int32_t g;
2558 a = b = c = e = f = g = 1;
2561 AC_DEFINE(HAVE_U_INTXX_T)
2562 AC_DEFINE(HAVE_INTXX_T)
2570 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2573 #include <sys/types.h>
2575 [ u_char foo; foo = 125; ],
2576 [ ac_cv_have_u_char="yes" ],
2577 [ ac_cv_have_u_char="no" ]
2580 if test "x$ac_cv_have_u_char" = "xyes" ; then
2581 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2586 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2588 AC_CHECK_TYPES(in_addr_t,,,
2589 [#include <sys/types.h>
2590 #include <netinet/in.h>])
2592 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2595 #include <sys/types.h>
2597 [ size_t foo; foo = 1235; ],
2598 [ ac_cv_have_size_t="yes" ],
2599 [ ac_cv_have_size_t="no" ]
2602 if test "x$ac_cv_have_size_t" = "xyes" ; then
2603 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2606 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2609 #include <sys/types.h>
2611 [ ssize_t foo; foo = 1235; ],
2612 [ ac_cv_have_ssize_t="yes" ],
2613 [ ac_cv_have_ssize_t="no" ]
2616 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2617 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2620 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2625 [ clock_t foo; foo = 1235; ],
2626 [ ac_cv_have_clock_t="yes" ],
2627 [ ac_cv_have_clock_t="no" ]
2630 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2631 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2634 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2637 #include <sys/types.h>
2638 #include <sys/socket.h>
2640 [ sa_family_t foo; foo = 1235; ],
2641 [ ac_cv_have_sa_family_t="yes" ],
2644 #include <sys/types.h>
2645 #include <sys/socket.h>
2646 #include <netinet/in.h>
2648 [ sa_family_t foo; foo = 1235; ],
2649 [ ac_cv_have_sa_family_t="yes" ],
2651 [ ac_cv_have_sa_family_t="no" ]
2655 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2656 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2657 [define if you have sa_family_t data type])
2660 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2663 #include <sys/types.h>
2665 [ pid_t foo; foo = 1235; ],
2666 [ ac_cv_have_pid_t="yes" ],
2667 [ ac_cv_have_pid_t="no" ]
2670 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2671 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2674 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2677 #include <sys/types.h>
2679 [ mode_t foo; foo = 1235; ],
2680 [ ac_cv_have_mode_t="yes" ],
2681 [ ac_cv_have_mode_t="no" ]
2684 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2685 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2689 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2692 #include <sys/types.h>
2693 #include <sys/socket.h>
2695 [ struct sockaddr_storage s; ],
2696 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2697 [ ac_cv_have_struct_sockaddr_storage="no" ]
2700 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2701 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2702 [define if you have struct sockaddr_storage data type])
2705 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2708 #include <sys/types.h>
2709 #include <netinet/in.h>
2711 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2712 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2713 [ ac_cv_have_struct_sockaddr_in6="no" ]
2716 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2717 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2718 [define if you have struct sockaddr_in6 data type])
2721 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2724 #include <sys/types.h>
2725 #include <netinet/in.h>
2727 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2728 [ ac_cv_have_struct_in6_addr="yes" ],
2729 [ ac_cv_have_struct_in6_addr="no" ]
2732 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2733 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2734 [define if you have struct in6_addr data type])
2737 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2740 #include <sys/types.h>
2741 #include <sys/socket.h>
2744 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2745 [ ac_cv_have_struct_addrinfo="yes" ],
2746 [ ac_cv_have_struct_addrinfo="no" ]
2749 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2750 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2751 [define if you have struct addrinfo data type])
2754 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2756 [ #include <sys/time.h> ],
2757 [ struct timeval tv; tv.tv_sec = 1;],
2758 [ ac_cv_have_struct_timeval="yes" ],
2759 [ ac_cv_have_struct_timeval="no" ]
2762 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2763 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2764 have_struct_timeval=1
2767 AC_CHECK_TYPES(struct timespec)
2769 # We need int64_t or else certian parts of the compile will fail.
2770 if test "x$ac_cv_have_int64_t" = "xno" && \
2771 test "x$ac_cv_sizeof_long_int" != "x8" && \
2772 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2773 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2774 echo "an alternative compiler (I.E., GCC) before continuing."
2778 dnl test snprintf (broken on SCO w/gcc)
2783 #ifdef HAVE_SNPRINTF
2787 char expected_out[50];
2789 #if (SIZEOF_LONG_INT == 8)
2790 long int num = 0x7fffffffffffffff;
2792 long long num = 0x7fffffffffffffffll;
2794 strcpy(expected_out, "9223372036854775807");
2795 snprintf(buf, mazsize, "%lld", num);
2796 if(strcmp(buf, expected_out) != 0)
2803 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2804 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2808 dnl Checks for structure members
2809 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2810 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2811 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2812 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2813 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2814 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2815 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2816 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2817 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2818 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2819 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2820 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2821 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2822 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2823 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2824 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2825 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2827 AC_CHECK_MEMBERS([struct stat.st_blksize])
2828 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2829 [Define if we don't have struct __res_state in resolv.h])],
2832 #if HAVE_SYS_TYPES_H
2833 # include <sys/types.h>
2835 #include <netinet/in.h>
2836 #include <arpa/nameser.h>
2840 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2841 ac_cv_have_ss_family_in_struct_ss, [
2844 #include <sys/types.h>
2845 #include <sys/socket.h>
2847 [ struct sockaddr_storage s; s.ss_family = 1; ],
2848 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2849 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2852 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2853 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2856 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2857 ac_cv_have___ss_family_in_struct_ss, [
2860 #include <sys/types.h>
2861 #include <sys/socket.h>
2863 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2864 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2865 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2868 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2869 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2870 [Fields in struct sockaddr_storage])
2873 AC_CACHE_CHECK([for pw_class field in struct passwd],
2874 ac_cv_have_pw_class_in_struct_passwd, [
2879 [ struct passwd p; p.pw_class = 0; ],
2880 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2881 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2884 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2885 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2886 [Define if your password has a pw_class field])
2889 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2890 ac_cv_have_pw_expire_in_struct_passwd, [
2895 [ struct passwd p; p.pw_expire = 0; ],
2896 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2897 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2900 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2901 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2902 [Define if your password has a pw_expire field])
2905 AC_CACHE_CHECK([for pw_change field in struct passwd],
2906 ac_cv_have_pw_change_in_struct_passwd, [
2911 [ struct passwd p; p.pw_change = 0; ],
2912 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2913 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2916 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2917 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2918 [Define if your password has a pw_change field])
2921 dnl make sure we're using the real structure members and not defines
2922 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2923 ac_cv_have_accrights_in_msghdr, [
2926 #include <sys/types.h>
2927 #include <sys/socket.h>
2928 #include <sys/uio.h>
2930 #ifdef msg_accrights
2931 #error "msg_accrights is a macro"
2935 m.msg_accrights = 0;
2939 [ ac_cv_have_accrights_in_msghdr="yes" ],
2940 [ ac_cv_have_accrights_in_msghdr="no" ]
2943 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2944 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2945 [Define if your system uses access rights style
2946 file descriptor passing])
2949 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2950 ac_cv_have_control_in_msghdr, [
2953 #include <sys/types.h>
2954 #include <sys/socket.h>
2955 #include <sys/uio.h>
2958 #error "msg_control is a macro"
2966 [ ac_cv_have_control_in_msghdr="yes" ],
2967 [ ac_cv_have_control_in_msghdr="no" ]
2970 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2971 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2972 [Define if your system uses ancillary data style
2973 file descriptor passing])
2976 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2978 [ extern char *__progname; printf("%s", __progname); ],
2979 [ ac_cv_libc_defines___progname="yes" ],
2980 [ ac_cv_libc_defines___progname="no" ]
2983 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2984 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2987 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2991 [ printf("%s", __FUNCTION__); ],
2992 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2993 [ ac_cv_cc_implements___FUNCTION__="no" ]
2996 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2997 AC_DEFINE(HAVE___FUNCTION__, 1,
2998 [Define if compiler implements __FUNCTION__])
3001 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3005 [ printf("%s", __func__); ],
3006 [ ac_cv_cc_implements___func__="yes" ],
3007 [ ac_cv_cc_implements___func__="no" ]
3010 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3011 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3014 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3016 [#include <stdarg.h>
3019 [ ac_cv_have_va_copy="yes" ],
3020 [ ac_cv_have_va_copy="no" ]
3023 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3024 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3027 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3029 [#include <stdarg.h>
3032 [ ac_cv_have___va_copy="yes" ],
3033 [ ac_cv_have___va_copy="no" ]
3036 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3037 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3040 AC_CACHE_CHECK([whether getopt has optreset support],
3041 ac_cv_have_getopt_optreset, [
3046 [ extern int optreset; optreset = 0; ],
3047 [ ac_cv_have_getopt_optreset="yes" ],
3048 [ ac_cv_have_getopt_optreset="no" ]
3051 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3052 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3053 [Define if your getopt(3) defines and uses optreset])
3056 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3058 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3059 [ ac_cv_libc_defines_sys_errlist="yes" ],
3060 [ ac_cv_libc_defines_sys_errlist="no" ]
3063 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3064 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3065 [Define if your system defines sys_errlist[]])
3069 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3071 [ extern int sys_nerr; printf("%i", sys_nerr);],
3072 [ ac_cv_libc_defines_sys_nerr="yes" ],
3073 [ ac_cv_libc_defines_sys_nerr="no" ]
3076 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3077 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3081 # Check whether user wants sectok support
3083 [ --with-sectok Enable smartcard support using libsectok],
3085 if test "x$withval" != "xno" ; then
3086 if test "x$withval" != "xyes" ; then
3087 CPPFLAGS="$CPPFLAGS -I${withval}"
3088 LDFLAGS="$LDFLAGS -L${withval}"
3089 if test ! -z "$need_dash_r" ; then
3090 LDFLAGS="$LDFLAGS -R${withval}"
3092 if test ! -z "$blibpath" ; then
3093 blibpath="$blibpath:${withval}"
3096 AC_CHECK_HEADERS(sectok.h)
3097 if test "$ac_cv_header_sectok_h" != yes; then
3098 AC_MSG_ERROR(Can't find sectok.h)
3100 AC_CHECK_LIB(sectok, sectok_open)
3101 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3102 AC_MSG_ERROR(Can't find libsectok)
3104 AC_DEFINE(SMARTCARD, 1,
3105 [Define if you want smartcard support])
3106 AC_DEFINE(USE_SECTOK, 1,
3107 [Define if you want smartcard support
3109 SCARD_MSG="yes, using sectok"
3114 # Check whether user wants OpenSC support
3117 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3119 if test "x$withval" != "xno" ; then
3120 if test "x$withval" != "xyes" ; then
3121 OPENSC_CONFIG=$withval/bin/opensc-config
3123 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3125 if test "$OPENSC_CONFIG" != "no"; then
3126 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3127 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3128 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3129 LIBS="$LIBS $LIBOPENSC_LIBS"
3130 AC_DEFINE(SMARTCARD)
3131 AC_DEFINE(USE_OPENSC, 1,
3132 [Define if you want smartcard support
3134 SCARD_MSG="yes, using OpenSC"
3140 # Check libraries needed by DNS fingerprint support
3141 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3142 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3143 [Define if getrrsetbyname() exists])],
3145 # Needed by our getrrsetbyname()
3146 AC_SEARCH_LIBS(res_query, resolv)
3147 AC_SEARCH_LIBS(dn_expand, resolv)
3148 AC_MSG_CHECKING(if res_query will link)
3149 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3152 LIBS="$LIBS -lresolv"
3153 AC_MSG_CHECKING(for res_query in -lresolv)
3158 res_query (0, 0, 0, 0, 0);
3162 [LIBS="$LIBS -lresolv"
3163 AC_MSG_RESULT(yes)],
3167 AC_CHECK_FUNCS(_getshort _getlong)
3168 AC_CHECK_DECLS([_getshort, _getlong], , ,
3169 [#include <sys/types.h>
3170 #include <arpa/nameser.h>])
3171 AC_CHECK_MEMBER(HEADER.ad,
3172 [AC_DEFINE(HAVE_HEADER_AD, 1,
3173 [Define if HEADER.ad exists in arpa/nameser.h])],,
3174 [#include <arpa/nameser.h>])
3177 # Check whether user wants SELinux support
3180 AC_ARG_WITH(selinux,
3181 [ --with-selinux Enable SELinux support],
3182 [ if test "x$withval" != "xno" ; then
3183 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3185 AC_CHECK_HEADER([selinux/selinux.h], ,
3186 AC_MSG_ERROR(SELinux support requires selinux.h header))
3187 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3188 AC_MSG_ERROR(SELinux support requires libselinux library))
3190 LIBS="$LIBS $LIBSELINUX"
3191 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3195 AC_SUBST(LIBSELINUX)
3197 # Check whether user wants Kerberos 5 support
3199 AC_ARG_WITH(kerberos5,
3200 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3201 [ if test "x$withval" != "xno" ; then
3202 if test "x$withval" = "xyes" ; then
3203 KRB5ROOT="/usr/local"
3208 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3211 AC_MSG_CHECKING(for krb5-config)
3212 if test -x $KRB5ROOT/bin/krb5-config ; then
3213 KRB5CONF=$KRB5ROOT/bin/krb5-config
3214 AC_MSG_RESULT($KRB5CONF)
3216 AC_MSG_CHECKING(for gssapi support)
3217 if $KRB5CONF | grep gssapi >/dev/null ; then
3219 AC_DEFINE(GSSAPI, 1,
3220 [Define this if you want GSSAPI
3221 support in the version 2 protocol])
3227 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3228 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3229 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3230 AC_MSG_CHECKING(whether we are using Heimdal)
3231 AC_TRY_COMPILE([ #include <krb5.h> ],
3232 [ char *tmp = heimdal_version; ],
3233 [ AC_MSG_RESULT(yes)
3234 AC_DEFINE(HEIMDAL, 1,
3235 [Define this if you are using the
3236 Heimdal version of Kerberos V5]) ],
3241 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3242 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3243 AC_MSG_CHECKING(whether we are using Heimdal)
3244 AC_TRY_COMPILE([ #include <krb5.h> ],
3245 [ char *tmp = heimdal_version; ],
3246 [ AC_MSG_RESULT(yes)
3248 K5LIBS="-lkrb5 -ldes"
3249 K5LIBS="$K5LIBS -lcom_err -lasn1"
3250 AC_CHECK_LIB(roken, net_write,
3251 [K5LIBS="$K5LIBS -lroken"])
3254 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3257 AC_SEARCH_LIBS(dn_expand, resolv)
3259 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3261 K5LIBS="-lgssapi $K5LIBS" ],
3262 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3264 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3265 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3270 AC_CHECK_HEADER(gssapi.h, ,
3271 [ unset ac_cv_header_gssapi_h
3272 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3273 AC_CHECK_HEADERS(gssapi.h, ,
3274 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3280 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3281 AC_CHECK_HEADER(gssapi_krb5.h, ,
3282 [ CPPFLAGS="$oldCPP" ])
3285 if test ! -z "$need_dash_r" ; then
3286 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3288 if test ! -z "$blibpath" ; then
3289 blibpath="$blibpath:${KRB5ROOT}/lib"
3292 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3293 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3294 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3296 LIBS="$LIBS $K5LIBS"
3297 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3298 [Define this if you want to use libkafs' AFS support]))
3303 # Looking for programs, paths and files
3305 PRIVSEP_PATH=/var/empty
3306 AC_ARG_WITH(privsep-path,
3307 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3309 if test -n "$withval" && test "x$withval" != "xno" && \
3310 test "x${withval}" != "xyes"; then
3311 PRIVSEP_PATH=$withval
3315 AC_SUBST(PRIVSEP_PATH)
3318 [ --with-xauth=PATH Specify path to xauth program ],
3320 if test -n "$withval" && test "x$withval" != "xno" && \
3321 test "x${withval}" != "xyes"; then
3327 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3328 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3329 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3330 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3331 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3332 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3333 xauth_path="/usr/openwin/bin/xauth"
3339 AC_ARG_ENABLE(strip,
3340 [ --disable-strip Disable calling strip(1) on install],
3342 if test "x$enableval" = "xno" ; then
3349 if test -z "$xauth_path" ; then
3350 XAUTH_PATH="undefined"
3351 AC_SUBST(XAUTH_PATH)
3353 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3354 [Define if xauth is found in your path])
3355 XAUTH_PATH=$xauth_path
3356 AC_SUBST(XAUTH_PATH)
3359 # Check for mail directory (last resort if we cannot get it from headers)
3360 if test ! -z "$MAIL" ; then
3361 maildir=`dirname $MAIL`
3362 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3363 [Set this to your mail directory if you don't have maillock.h])
3366 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3367 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3368 disable_ptmx_check=yes
3370 if test -z "$no_dev_ptmx" ; then
3371 if test "x$disable_ptmx_check" != "xyes" ; then
3372 AC_CHECK_FILE("/dev/ptmx",
3374 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3375 [Define if you have /dev/ptmx])
3382 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3383 AC_CHECK_FILE("/dev/ptc",
3385 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3386 [Define if you have /dev/ptc])
3391 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3394 # Options from here on. Some of these are preset by platform above
3395 AC_ARG_WITH(mantype,
3396 [ --with-mantype=man|cat|doc Set man page type],
3403 AC_MSG_ERROR(invalid man type: $withval)
3408 if test -z "$MANTYPE"; then
3409 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3410 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3411 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3413 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3420 if test "$MANTYPE" = "doc"; then
3427 # Check whether to enable MD5 passwords
3429 AC_ARG_WITH(md5-passwords,
3430 [ --with-md5-passwords Enable use of MD5 passwords],
3432 if test "x$withval" != "xno" ; then
3433 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3434 [Define if you want to allow MD5 passwords])
3440 # Whether to disable shadow password support
3442 [ --without-shadow Disable shadow password support],
3444 if test "x$withval" = "xno" ; then
3445 AC_DEFINE(DISABLE_SHADOW)
3451 if test -z "$disable_shadow" ; then
3452 AC_MSG_CHECKING([if the systems has expire shadow information])
3455 #include <sys/types.h>
3458 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3459 [ sp_expire_available=yes ], []
3462 if test "x$sp_expire_available" = "xyes" ; then
3464 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3465 [Define if you want to use shadow password expire field])
3471 # Use ip address instead of hostname in $DISPLAY
3472 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3473 DISPLAY_HACK_MSG="yes"
3474 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3475 [Define if you need to use IP address
3476 instead of hostname in $DISPLAY])
3478 DISPLAY_HACK_MSG="no"
3479 AC_ARG_WITH(ipaddr-display,
3480 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3482 if test "x$withval" != "xno" ; then
3483 AC_DEFINE(IPADDR_IN_DISPLAY)
3484 DISPLAY_HACK_MSG="yes"
3490 # check for /etc/default/login and use it if present.
3491 AC_ARG_ENABLE(etc-default-login,
3492 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3493 [ if test "x$enableval" = "xno"; then
3494 AC_MSG_NOTICE([/etc/default/login handling disabled])
3495 etc_default_login=no
3497 etc_default_login=yes
3499 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3501 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3502 etc_default_login=no
3504 etc_default_login=yes
3508 if test "x$etc_default_login" != "xno"; then
3509 AC_CHECK_FILE("/etc/default/login",
3510 [ external_path_file=/etc/default/login ])
3511 if test "x$external_path_file" = "x/etc/default/login"; then
3512 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3513 [Define if your system has /etc/default/login])
3517 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3518 if test $ac_cv_func_login_getcapbool = "yes" && \
3519 test $ac_cv_header_login_cap_h = "yes" ; then
3520 external_path_file=/etc/login.conf
3523 # Whether to mess with the default path
3524 SERVER_PATH_MSG="(default)"
3525 AC_ARG_WITH(default-path,
3526 [ --with-default-path= Specify default \$PATH environment for server],
3528 if test "x$external_path_file" = "x/etc/login.conf" ; then
3530 --with-default-path=PATH has no effect on this system.
3531 Edit /etc/login.conf instead.])
3532 elif test "x$withval" != "xno" ; then
3533 if test ! -z "$external_path_file" ; then
3535 --with-default-path=PATH will only be used if PATH is not defined in
3536 $external_path_file .])
3538 user_path="$withval"
3539 SERVER_PATH_MSG="$withval"
3542 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3543 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3545 if test ! -z "$external_path_file" ; then
3547 If PATH is defined in $external_path_file, ensure the path to scp is included,
3548 otherwise scp will not work.])
3552 /* find out what STDPATH is */
3557 #ifndef _PATH_STDPATH
3558 # ifdef _PATH_USERPATH /* Irix */
3559 # define _PATH_STDPATH _PATH_USERPATH
3561 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3564 #include <sys/types.h>
3565 #include <sys/stat.h>
3567 #define DATA "conftest.stdpath"
3574 fd = fopen(DATA,"w");
3578 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3584 [ user_path=`cat conftest.stdpath` ],
3585 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3586 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3588 # make sure $bindir is in USER_PATH so scp will work
3589 t_bindir=`eval echo ${bindir}`
3591 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3594 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3596 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3597 if test $? -ne 0 ; then
3598 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3599 if test $? -ne 0 ; then
3600 user_path=$user_path:$t_bindir
3601 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3606 if test "x$external_path_file" != "x/etc/login.conf" ; then
3607 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3611 # Set superuser path separately to user path
3612 AC_ARG_WITH(superuser-path,
3613 [ --with-superuser-path= Specify different path for super-user],
3615 if test -n "$withval" && test "x$withval" != "xno" && \
3616 test "x${withval}" != "xyes"; then
3617 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3618 [Define if you want a different $PATH
3620 superuser_path=$withval
3626 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3627 IPV4_IN6_HACK_MSG="no"
3629 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3631 if test "x$withval" != "xno" ; then
3633 AC_DEFINE(IPV4_IN_IPV6, 1,
3634 [Detect IPv4 in IPv6 mapped addresses
3636 IPV4_IN6_HACK_MSG="yes"
3641 if test "x$inet6_default_4in6" = "xyes"; then
3642 AC_MSG_RESULT([yes (default)])
3643 AC_DEFINE(IPV4_IN_IPV6)
3644 IPV4_IN6_HACK_MSG="yes"
3646 AC_MSG_RESULT([no (default)])
3651 # Whether to enable BSD auth support
3653 AC_ARG_WITH(bsd-auth,
3654 [ --with-bsd-auth Enable BSD auth support],
3656 if test "x$withval" != "xno" ; then
3657 AC_DEFINE(BSD_AUTH, 1,
3658 [Define if you have BSD auth support])
3664 # Where to place sshd.pid
3666 # make sure the directory exists
3667 if test ! -d $piddir ; then
3668 piddir=`eval echo ${sysconfdir}`
3670 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3674 AC_ARG_WITH(pid-dir,
3675 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3677 if test -n "$withval" && test "x$withval" != "xno" && \
3678 test "x${withval}" != "xyes"; then
3680 if test ! -d $piddir ; then
3681 AC_MSG_WARN([** no $piddir directory on this system **])
3687 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3690 dnl allow user to disable some login recording features
3691 AC_ARG_ENABLE(lastlog,
3692 [ --disable-lastlog disable use of lastlog even if detected [no]],
3694 if test "x$enableval" = "xno" ; then
3695 AC_DEFINE(DISABLE_LASTLOG)
3700 [ --disable-utmp disable use of utmp even if detected [no]],
3702 if test "x$enableval" = "xno" ; then
3703 AC_DEFINE(DISABLE_UTMP)
3707 AC_ARG_ENABLE(utmpx,
3708 [ --disable-utmpx disable use of utmpx even if detected [no]],
3710 if test "x$enableval" = "xno" ; then
3711 AC_DEFINE(DISABLE_UTMPX, 1,
3712 [Define if you don't want to use utmpx])
3717 [ --disable-wtmp disable use of wtmp even if detected [no]],
3719 if test "x$enableval" = "xno" ; then
3720 AC_DEFINE(DISABLE_WTMP)
3724 AC_ARG_ENABLE(wtmpx,
3725 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3727 if test "x$enableval" = "xno" ; then
3728 AC_DEFINE(DISABLE_WTMPX, 1,
3729 [Define if you don't want to use wtmpx])
3733 AC_ARG_ENABLE(libutil,
3734 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3736 if test "x$enableval" = "xno" ; then
3737 AC_DEFINE(DISABLE_LOGIN)
3741 AC_ARG_ENABLE(pututline,
3742 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3744 if test "x$enableval" = "xno" ; then
3745 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3746 [Define if you don't want to use pututline()
3747 etc. to write [uw]tmp])
3751 AC_ARG_ENABLE(pututxline,
3752 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3754 if test "x$enableval" = "xno" ; then
3755 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3756 [Define if you don't want to use pututxline()
3757 etc. to write [uw]tmpx])
3761 AC_ARG_WITH(lastlog,
3762 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3764 if test "x$withval" = "xno" ; then
3765 AC_DEFINE(DISABLE_LASTLOG)
3766 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3767 conf_lastlog_location=$withval
3772 dnl lastlog, [uw]tmpx? detection
3773 dnl NOTE: set the paths in the platform section to avoid the
3774 dnl need for command-line parameters
3775 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3777 dnl lastlog detection
3778 dnl NOTE: the code itself will detect if lastlog is a directory
3779 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3781 #include <sys/types.h>
3783 #ifdef HAVE_LASTLOG_H
3784 # include <lastlog.h>
3793 [ char *lastlog = LASTLOG_FILE; ],
3794 [ AC_MSG_RESULT(yes) ],
3797 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3799 #include <sys/types.h>
3801 #ifdef HAVE_LASTLOG_H
3802 # include <lastlog.h>
3808 [ char *lastlog = _PATH_LASTLOG; ],
3809 [ AC_MSG_RESULT(yes) ],
3812 system_lastlog_path=no
3817 if test -z "$conf_lastlog_location"; then
3818 if test x"$system_lastlog_path" = x"no" ; then
3819 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3820 if (test -d "$f" || test -f "$f") ; then
3821 conf_lastlog_location=$f
3824 if test -z "$conf_lastlog_location"; then
3825 AC_MSG_WARN([** Cannot find lastlog **])
3826 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3831 if test -n "$conf_lastlog_location"; then
3832 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3833 [Define if you want to specify the path to your lastlog file])
3837 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3839 #include <sys/types.h>
3845 [ char *utmp = UTMP_FILE; ],
3846 [ AC_MSG_RESULT(yes) ],
3848 system_utmp_path=no ]
3850 if test -z "$conf_utmp_location"; then
3851 if test x"$system_utmp_path" = x"no" ; then
3852 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3853 if test -f $f ; then
3854 conf_utmp_location=$f
3857 if test -z "$conf_utmp_location"; then
3858 AC_DEFINE(DISABLE_UTMP)
3862 if test -n "$conf_utmp_location"; then
3863 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3864 [Define if you want to specify the path to your utmp file])
3868 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3870 #include <sys/types.h>
3876 [ char *wtmp = WTMP_FILE; ],
3877 [ AC_MSG_RESULT(yes) ],
3879 system_wtmp_path=no ]
3881 if test -z "$conf_wtmp_location"; then
3882 if test x"$system_wtmp_path" = x"no" ; then
3883 for f in /usr/adm/wtmp /var/log/wtmp; do
3884 if test -f $f ; then
3885 conf_wtmp_location=$f
3888 if test -z "$conf_wtmp_location"; then
3889 AC_DEFINE(DISABLE_WTMP)
3893 if test -n "$conf_wtmp_location"; then
3894 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3895 [Define if you want to specify the path to your wtmp file])
3899 dnl utmpx detection - I don't know any system so perverse as to require
3900 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3902 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3904 #include <sys/types.h>
3913 [ char *utmpx = UTMPX_FILE; ],
3914 [ AC_MSG_RESULT(yes) ],
3916 system_utmpx_path=no ]
3918 if test -z "$conf_utmpx_location"; then
3919 if test x"$system_utmpx_path" = x"no" ; then
3920 AC_DEFINE(DISABLE_UTMPX)
3923 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3924 [Define if you want to specify the path to your utmpx file])
3928 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3930 #include <sys/types.h>
3939 [ char *wtmpx = WTMPX_FILE; ],
3940 [ AC_MSG_RESULT(yes) ],
3942 system_wtmpx_path=no ]
3944 if test -z "$conf_wtmpx_location"; then
3945 if test x"$system_wtmpx_path" = x"no" ; then
3946 AC_DEFINE(DISABLE_WTMPX)
3949 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3950 [Define if you want to specify the path to your wtmpx file])
3954 if test ! -z "$blibpath" ; then
3955 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3956 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3959 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3961 CFLAGS="$CFLAGS $werror_flags"
3964 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3965 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3966 scard/Makefile ssh_prng_cmds survey.sh])
3969 # Print summary of options
3971 # Someone please show me a better way :)
3972 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3973 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3974 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3975 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3976 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3977 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3978 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3979 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3980 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3981 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3984 echo "OpenSSH has been configured with the following options:"
3985 echo " User binaries: $B"
3986 echo " System binaries: $C"
3987 echo " Configuration files: $D"
3988 echo " Askpass program: $E"
3989 echo " Manual pages: $F"
3990 echo " PID file: $G"
3991 echo " Privilege separation chroot path: $H"
3992 if test "x$external_path_file" = "x/etc/login.conf" ; then
3993 echo " At runtime, sshd will use the path defined in $external_path_file"
3994 echo " Make sure the path to scp is present, otherwise scp will not work"
3996 echo " sshd default user PATH: $I"
3997 if test ! -z "$external_path_file"; then
3998 echo " (If PATH is set in $external_path_file it will be used instead. If"
3999 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4002 if test ! -z "$superuser_path" ; then
4003 echo " sshd superuser user PATH: $J"
4005 echo " Manpage format: $MANTYPE"
4006 echo " PAM support: $PAM_MSG"
4007 echo " OSF SIA support: $SIA_MSG"
4008 echo " KerberosV support: $KRB5_MSG"
4009 echo " SELinux support: $SELINUX_MSG"
4010 echo " Smartcard support: $SCARD_MSG"
4011 echo " S/KEY support: $SKEY_MSG"
4012 echo " TCP Wrappers support: $TCPW_MSG"
4013 echo " MD5 password support: $MD5_MSG"
4014 echo " libedit support: $LIBEDIT_MSG"
4015 echo " Solaris process contract support: $SPC_MSG"
4016 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4017 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4018 echo " BSD Auth support: $BSD_AUTH_MSG"
4019 echo " Random number source: $RAND_MSG"
4020 if test ! -z "$USE_RAND_HELPER" ; then
4021 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4026 echo " Host: ${host}"
4027 echo " Compiler: ${CC}"
4028 echo " Compiler flags: ${CFLAGS}"
4029 echo "Preprocessor flags: ${CPPFLAGS}"
4030 echo " Linker flags: ${LDFLAGS}"
4031 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
4035 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4036 echo "SVR4 style packages are supported with \"make package\""
4040 if test "x$PAM_MSG" = "xyes" ; then
4041 echo "PAM is enabled. You may need to install a PAM control file "
4042 echo "for sshd, otherwise password authentication may fail. "
4043 echo "Example PAM control files can be found in the contrib/ "
4048 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4049 echo "WARNING: you are using the builtin random number collection "
4050 echo "service. Please read WARNING.RNG and request that your OS "
4051 echo "vendor includes kernel-based random number collection in "
4052 echo "future versions of your OS."
4056 if test ! -z "$NO_PEERCHECK" ; then
4057 echo "WARNING: the operating system that you are using does not "
4058 echo "appear to support either the getpeereid() API nor the "
4059 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4060 echo "enforce security checks to prevent unauthorised connections to "
4061 echo "ssh-agent. Their absence increases the risk that a malicious "
4062 echo "user can connect to your agent. "
4066 if test "$AUDIT_MODULE" = "bsm" ; then
4067 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4068 echo "See the Solaris section in README.platform for details."