3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Allow user to specify flags
132 [ --with-cflags Specify additional flags to pass to compiler],
134 if test -n "$withval" && test "x$withval" != "xno" && \
135 test "x${withval}" != "xyes"; then
136 CFLAGS="$CFLAGS $withval"
140 AC_ARG_WITH(cppflags,
141 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
143 if test -n "$withval" && test "x$withval" != "xno" && \
144 test "x${withval}" != "xyes"; then
145 CPPFLAGS="$CPPFLAGS $withval"
150 [ --with-ldflags Specify additional flags to pass to linker],
152 if test -n "$withval" && test "x$withval" != "xno" && \
153 test "x${withval}" != "xyes"; then
154 LDFLAGS="$LDFLAGS $withval"
159 [ --with-libs Specify additional libraries to link with],
161 if test -n "$withval" && test "x$withval" != "xno" && \
162 test "x${withval}" != "xyes"; then
163 LIBS="$LIBS $withval"
168 [ --with-Werror Build main code with -Werror],
170 if test -n "$withval" && test "x$withval" != "xno"; then
171 werror_flags="-Werror"
172 if test "x${withval}" != "xyes"; then
173 werror_flags="$withval"
204 security/pam_appl.h \
241 # lastlog.h requires sys/time.h to be included first on Solaris
242 AC_CHECK_HEADERS(lastlog.h, [], [], [
243 #ifdef HAVE_SYS_TIME_H
244 # include <sys/time.h>
248 # sys/ptms.h requires sys/stream.h to be included first on Solaris
249 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
250 #ifdef HAVE_SYS_STREAM_H
251 # include <sys/stream.h>
255 # login_cap.h requires sys/types.h on NetBSD
256 AC_CHECK_HEADERS(login_cap.h, [], [], [
257 #include <sys/types.h>
260 # Messages for features tested for in target-specific section
264 # Check for some target-specific stuff
267 # Some versions of VAC won't allow macro redefinitions at
268 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
269 # particularly with older versions of vac or xlc.
270 # It also throws errors about null macro argments, but these are
272 AC_MSG_CHECKING(if compiler allows macro redefinitions)
275 #define testmacro foo
276 #define testmacro bar
277 int main(void) { exit(0); }
279 [ AC_MSG_RESULT(yes) ],
281 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
282 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
283 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
284 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
288 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
289 if (test -z "$blibpath"); then
290 blibpath="/usr/lib:/lib"
292 saved_LDFLAGS="$LDFLAGS"
293 if test "$GCC" = "yes"; then
294 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
296 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
298 for tryflags in $flags ;do
299 if (test -z "$blibflags"); then
300 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
301 AC_TRY_LINK([], [], [blibflags=$tryflags])
304 if (test -z "$blibflags"); then
305 AC_MSG_RESULT(not found)
306 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
308 AC_MSG_RESULT($blibflags)
310 LDFLAGS="$saved_LDFLAGS"
311 dnl Check for authenticate. Might be in libs.a on older AIXes
312 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
313 [Define if you want to enable AIX4's authenticate function])],
314 [AC_CHECK_LIB(s,authenticate,
315 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
319 dnl Check for various auth function declarations in headers.
320 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
321 passwdexpired, setauthdb], , , [#include <usersec.h>])
322 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
323 AC_CHECK_DECLS(loginfailed,
324 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
326 [#include <usersec.h>],
327 [(void)loginfailed("user","host","tty",0);],
329 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
330 [Define if your AIX loginfailed() function
331 takes 4 arguments (AIX >= 5.2)])],
335 [#include <usersec.h>]
337 AC_CHECK_FUNCS(setauthdb)
338 AC_CHECK_DECL(F_CLOSEM,
339 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
341 [ #include <limits.h>
344 check_for_aix_broken_getaddrinfo=1
345 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
346 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
347 [Define if your platform breaks doing a seteuid before a setuid])
348 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
349 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
350 dnl AIX handles lastlog as part of its login message
351 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
352 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
353 [Some systems need a utmpx entry for /bin/login to work])
354 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
355 [Define to a Set Process Title type if your system is
356 supported by bsd-setproctitle.c])
357 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
358 [AIX 5.2 and 5.3 (and presumably newer) require this])
359 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
362 check_for_libcrypt_later=1
363 LIBS="$LIBS /usr/lib/textreadmode.o"
364 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
365 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
366 AC_DEFINE(DISABLE_SHADOW, 1,
367 [Define if you want to disable shadow passwords])
368 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
369 [Define if your system choked on IP TOS setting])
370 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
371 [Define if X11 doesn't support AF_UNIX sockets on that system])
372 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
373 [Define if the concept of ports only accessible to
374 superusers isn't known])
375 AC_DEFINE(DISABLE_FD_PASSING, 1,
376 [Define if your platform needs to skip post auth
377 file descriptor passing])
380 AC_DEFINE(IP_TOS_IS_BROKEN)
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
386 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
387 AC_DEFINE(BROKEN_GETADDRINFO)
388 AC_DEFINE(SETEUID_BREAKS_SETUID)
389 AC_DEFINE(BROKEN_SETREUID)
390 AC_DEFINE(BROKEN_SETREGID)
391 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
392 [Define if your resolver libs need this for getrrsetbyname])
393 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
394 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
395 [Use tunnel device compatibility to OpenBSD])
396 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
397 [Prepend the address family to IP tunnel traffic])
398 AC_MSG_CHECKING(if we have the Security Authorization Session API)
399 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
400 [SessionCreate(0, 0);],
401 [ac_cv_use_security_session_api="yes"
402 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
403 [platform has the Security Authorization Session API])
404 LIBS="$LIBS -framework Security"
406 [ac_cv_use_security_session_api="no"
408 AC_MSG_CHECKING(if we have an in-memory credentials cache)
410 [#include <Kerberos/Kerberos.h>],
412 (void) cc_initialize (&c, 0, NULL, NULL);],
413 [AC_DEFINE(USE_CCAPI, 1,
414 [platform uses an in-memory credentials cache])
415 LIBS="$LIBS -framework Security"
417 if test "x$ac_cv_use_security_session_api" = "xno"; then
418 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
424 SSHDLIBS="$SSHDLIBS -lcrypt"
427 # first we define all of the options common to all HP-UX releases
428 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
429 IPADDR_IN_DISPLAY=yes
431 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
432 [Define if your login program cannot handle end of options ("--")])
433 AC_DEFINE(LOGIN_NEEDS_UTMPX)
434 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
435 [String used in /etc/passwd to denote locked account])
436 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
437 MAIL="/var/mail/username"
439 AC_CHECK_LIB(xnet, t_error, ,
440 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
442 # next, we define all of the options specific to major releases
445 if test -z "$GCC"; then
450 AC_DEFINE(PAM_SUN_CODEBASE, 1,
451 [Define if you are using Solaris-derived PAM which
452 passes pam_messages to the conversation function
453 with an extra level of indirection])
454 AC_DEFINE(DISABLE_UTMP, 1,
455 [Define if you don't want to use utmp])
456 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
457 check_for_hpux_broken_getaddrinfo=1
458 check_for_conflicting_getspnam=1
462 # lastly, we define options specific to minor releases
465 AC_DEFINE(HAVE_SECUREWARE, 1,
466 [Define if you have SecureWare-based
467 protected password database])
468 disable_ptmx_check=yes
474 PATH="$PATH:/usr/etc"
475 AC_DEFINE(BROKEN_INET_NTOA, 1,
476 [Define if you system's inet_ntoa is busted
477 (e.g. Irix gcc issue)])
478 AC_DEFINE(SETEUID_BREAKS_SETUID)
479 AC_DEFINE(BROKEN_SETREUID)
480 AC_DEFINE(BROKEN_SETREGID)
481 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
482 [Define if you shouldn't strip 'tty' from your
484 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
487 PATH="$PATH:/usr/etc"
488 AC_DEFINE(WITH_IRIX_ARRAY, 1,
489 [Define if you have/want arrays
490 (cluster-wide session managment, not C arrays)])
491 AC_DEFINE(WITH_IRIX_PROJECT, 1,
492 [Define if you want IRIX project management])
493 AC_DEFINE(WITH_IRIX_AUDIT, 1,
494 [Define if you want IRIX audit trails])
495 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
496 [Define if you want IRIX kernel jobs])])
497 AC_DEFINE(BROKEN_INET_NTOA)
498 AC_DEFINE(SETEUID_BREAKS_SETUID)
499 AC_DEFINE(BROKEN_SETREUID)
500 AC_DEFINE(BROKEN_SETREGID)
501 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
502 AC_DEFINE(WITH_ABBREV_NO_TTY)
503 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
507 check_for_libcrypt_later=1
508 check_for_openpty_ctty_bug=1
509 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
510 AC_DEFINE(PAM_TTY_KLUDGE, 1,
511 [Work around problematic Linux PAM modules handling of PAM_TTY])
512 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
513 [String used in /etc/passwd to denote locked account])
514 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
515 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
516 [Define to whatever link() returns for "not supported"
517 if it doesn't return EOPNOTSUPP.])
518 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
520 inet6_default_4in6=yes
523 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
524 [Define if cmsg_type is not passed correctly])
527 # tun(4) forwarding compat code
528 AC_CHECK_HEADERS(linux/if_tun.h)
529 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
530 AC_DEFINE(SSH_TUN_LINUX, 1,
531 [Open tunnel devices the Linux tun/tap way])
532 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
533 [Use tunnel device compatibility to OpenBSD])
534 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
535 [Prepend the address family to IP tunnel traffic])
538 mips-sony-bsd|mips-sony-newsos4)
539 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
543 check_for_libcrypt_before=1
544 if test "x$withval" != "xno" ; then
547 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
548 AC_CHECK_HEADER([net/if_tap.h], ,
549 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
550 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
551 [Prepend the address family to IP tunnel traffic])
554 check_for_libcrypt_later=1
555 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
556 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
557 AC_CHECK_HEADER([net/if_tap.h], ,
558 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
561 AC_DEFINE(SETEUID_BREAKS_SETUID)
562 AC_DEFINE(BROKEN_SETREUID)
563 AC_DEFINE(BROKEN_SETREGID)
566 conf_lastlog_location="/usr/adm/lastlog"
567 conf_utmp_location=/etc/utmp
568 conf_wtmp_location=/usr/adm/wtmp
570 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
571 AC_DEFINE(BROKEN_REALPATH)
573 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
576 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
577 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
578 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
579 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
580 [syslog_r function is safe to use in in a signal handler])
583 if test "x$withval" != "xno" ; then
586 AC_DEFINE(PAM_SUN_CODEBASE)
587 AC_DEFINE(LOGIN_NEEDS_UTMPX)
588 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
589 [Some versions of /bin/login need the TERM supplied
591 AC_DEFINE(PAM_TTY_KLUDGE)
592 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
593 [Define if pam_chauthtok wants real uid set
594 to the unpriv'ed user])
595 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
596 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
597 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
598 [Define if sshd somehow reacquires a controlling TTY
600 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
601 in case the name is longer than 8 chars])
602 external_path_file=/etc/default/login
603 # hardwire lastlog location (can't detect it on some versions)
604 conf_lastlog_location="/var/adm/lastlog"
605 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
606 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
607 if test "$sol2ver" -ge 8; then
609 AC_DEFINE(DISABLE_UTMP)
610 AC_DEFINE(DISABLE_WTMP, 1,
611 [Define if you don't want to use wtmp])
615 AC_ARG_WITH(solaris-contracts,
616 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
618 AC_CHECK_LIB(contract, ct_tmpl_activate,
619 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
620 [Define if you have Solaris process contracts])
621 SSHDLIBS="$SSHDLIBS -lcontract"
628 CPPFLAGS="$CPPFLAGS -DSUNOS4"
629 AC_CHECK_FUNCS(getpwanam)
630 AC_DEFINE(PAM_SUN_CODEBASE)
631 conf_utmp_location=/etc/utmp
632 conf_wtmp_location=/var/adm/wtmp
633 conf_lastlog_location=/var/adm/lastlog
639 AC_DEFINE(SSHD_ACQUIRES_CTTY)
640 AC_DEFINE(SETEUID_BREAKS_SETUID)
641 AC_DEFINE(BROKEN_SETREUID)
642 AC_DEFINE(BROKEN_SETREGID)
645 # /usr/ucblib MUST NOT be searched on ReliantUNIX
646 AC_CHECK_LIB(dl, dlsym, ,)
647 # -lresolv needs to be at the end of LIBS or DNS lookups break
648 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
649 IPADDR_IN_DISPLAY=yes
651 AC_DEFINE(IP_TOS_IS_BROKEN)
652 AC_DEFINE(SETEUID_BREAKS_SETUID)
653 AC_DEFINE(BROKEN_SETREUID)
654 AC_DEFINE(BROKEN_SETREGID)
655 AC_DEFINE(SSHD_ACQUIRES_CTTY)
656 external_path_file=/etc/default/login
657 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
658 # Attention: always take care to bind libsocket and libnsl before libc,
659 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
661 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
664 AC_DEFINE(SETEUID_BREAKS_SETUID)
665 AC_DEFINE(BROKEN_SETREUID)
666 AC_DEFINE(BROKEN_SETREGID)
667 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
668 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
670 # UnixWare 7.x, OpenUNIX 8
672 check_for_libcrypt_later=1
673 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
675 AC_DEFINE(SETEUID_BREAKS_SETUID)
676 AC_DEFINE(BROKEN_SETREUID)
677 AC_DEFINE(BROKEN_SETREGID)
678 AC_DEFINE(PASSWD_NEEDS_USERNAME)
680 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
681 TEST_SHELL=/u95/bin/sh
682 AC_DEFINE(BROKEN_LIBIAF, 1,
683 [ia_uinfo routines not supported by OS yet])
684 AC_DEFINE(BROKEN_UPDWTMPX)
686 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
692 # SCO UNIX and OEM versions of SCO UNIX
694 AC_MSG_ERROR("This Platform is no longer supported.")
698 if test -z "$GCC"; then
699 CFLAGS="$CFLAGS -belf"
701 LIBS="$LIBS -lprot -lx -ltinfo -lm"
704 AC_DEFINE(HAVE_SECUREWARE)
705 AC_DEFINE(DISABLE_SHADOW)
706 AC_DEFINE(DISABLE_FD_PASSING)
707 AC_DEFINE(SETEUID_BREAKS_SETUID)
708 AC_DEFINE(BROKEN_SETREUID)
709 AC_DEFINE(BROKEN_SETREGID)
710 AC_DEFINE(WITH_ABBREV_NO_TTY)
711 AC_DEFINE(BROKEN_UPDWTMPX)
712 AC_DEFINE(PASSWD_NEEDS_USERNAME)
713 AC_CHECK_FUNCS(getluid setluid)
718 AC_DEFINE(NO_SSH_LASTLOG, 1,
719 [Define if you don't want to use lastlog in session.c])
720 AC_DEFINE(SETEUID_BREAKS_SETUID)
721 AC_DEFINE(BROKEN_SETREUID)
722 AC_DEFINE(BROKEN_SETREGID)
724 AC_DEFINE(DISABLE_FD_PASSING)
726 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
730 AC_DEFINE(SETEUID_BREAKS_SETUID)
731 AC_DEFINE(BROKEN_SETREUID)
732 AC_DEFINE(BROKEN_SETREGID)
733 AC_DEFINE(WITH_ABBREV_NO_TTY)
735 AC_DEFINE(DISABLE_FD_PASSING)
737 LIBS="$LIBS -lgen -lacid -ldb"
741 AC_DEFINE(SETEUID_BREAKS_SETUID)
742 AC_DEFINE(BROKEN_SETREUID)
743 AC_DEFINE(BROKEN_SETREGID)
745 AC_DEFINE(DISABLE_FD_PASSING)
746 AC_DEFINE(NO_SSH_LASTLOG)
747 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
748 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
752 AC_MSG_CHECKING(for Digital Unix SIA)
755 [ --with-osfsia Enable Digital Unix SIA],
757 if test "x$withval" = "xno" ; then
758 AC_MSG_RESULT(disabled)
763 if test -z "$no_osfsia" ; then
764 if test -f /etc/sia/matrix.conf; then
766 AC_DEFINE(HAVE_OSF_SIA, 1,
767 [Define if you have Digital Unix Security
768 Integration Architecture])
769 AC_DEFINE(DISABLE_LOGIN, 1,
770 [Define if you don't want to use your
771 system's login() call])
772 AC_DEFINE(DISABLE_FD_PASSING)
773 LIBS="$LIBS -lsecurity -ldb -lm -laud"
777 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
778 [String used in /etc/passwd to denote locked account])
781 AC_DEFINE(BROKEN_GETADDRINFO)
782 AC_DEFINE(SETEUID_BREAKS_SETUID)
783 AC_DEFINE(BROKEN_SETREUID)
784 AC_DEFINE(BROKEN_SETREGID)
789 AC_DEFINE(NO_X11_UNIX_SOCKETS)
790 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
791 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
792 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
793 AC_DEFINE(DISABLE_LASTLOG)
794 AC_DEFINE(SSHD_ACQUIRES_CTTY)
795 enable_etc_default_login=no # has incompatible /etc/default/login
799 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
800 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
801 AC_DEFINE(NEED_SETPGRP)
802 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
806 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
807 AC_DEFINE(MISSING_HOWMANY)
808 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
812 AC_MSG_CHECKING(compiler and flags for sanity)
818 [ AC_MSG_RESULT(yes) ],
821 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
823 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
826 dnl Checks for header files.
827 # Checks for libraries.
828 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
829 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
831 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
832 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
833 AC_CHECK_LIB(gen, dirname,[
834 AC_CACHE_CHECK([for broken dirname],
835 ac_cv_have_broken_dirname, [
843 int main(int argc, char **argv) {
846 strncpy(buf,"/etc", 32);
848 if (!s || strncmp(s, "/", 32) != 0) {
855 [ ac_cv_have_broken_dirname="no" ],
856 [ ac_cv_have_broken_dirname="yes" ],
857 [ ac_cv_have_broken_dirname="no" ],
861 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
863 AC_DEFINE(HAVE_DIRNAME)
864 AC_CHECK_HEADERS(libgen.h)
869 AC_CHECK_FUNC(getspnam, ,
870 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
871 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
872 [Define if you have the basename function.]))
876 [ --with-zlib=PATH Use zlib in PATH],
877 [ if test "x$withval" = "xno" ; then
878 AC_MSG_ERROR([*** zlib is required ***])
879 elif test "x$withval" != "xyes"; then
880 if test -d "$withval/lib"; then
881 if test -n "${need_dash_r}"; then
882 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
884 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
887 if test -n "${need_dash_r}"; then
888 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
890 LDFLAGS="-L${withval} ${LDFLAGS}"
893 if test -d "$withval/include"; then
894 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
896 CPPFLAGS="-I${withval} ${CPPFLAGS}"
901 AC_CHECK_LIB(z, deflate, ,
903 saved_CPPFLAGS="$CPPFLAGS"
904 saved_LDFLAGS="$LDFLAGS"
906 dnl Check default zlib install dir
907 if test -n "${need_dash_r}"; then
908 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
910 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
912 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
914 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
916 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
921 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
923 AC_ARG_WITH(zlib-version-check,
924 [ --without-zlib-version-check Disable zlib version check],
925 [ if test "x$withval" = "xno" ; then
926 zlib_check_nonfatal=1
931 AC_MSG_CHECKING(for possibly buggy zlib)
932 AC_RUN_IFELSE([AC_LANG_SOURCE([[
937 int a=0, b=0, c=0, d=0, n, v;
938 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
939 if (n != 3 && n != 4)
941 v = a*1000000 + b*10000 + c*100 + d;
942 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
945 if (a == 1 && b == 1 && c >= 4)
948 /* 1.2.3 and up are OK */
957 if test -z "$zlib_check_nonfatal" ; then
958 AC_MSG_ERROR([*** zlib too old - check config.log ***
959 Your reported zlib version has known security problems. It's possible your
960 vendor has fixed these problems without changing the version number. If you
961 are sure this is the case, you can disable the check by running
962 "./configure --without-zlib-version-check".
963 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
964 See http://www.gzip.org/zlib/ for details.])
966 AC_MSG_WARN([zlib version may have security problems])
969 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
973 AC_CHECK_FUNC(strcasecmp,
974 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
976 AC_CHECK_FUNCS(utimes,
977 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
978 LIBS="$LIBS -lc89"]) ]
981 dnl Checks for libutil functions
982 AC_CHECK_HEADERS(libutil.h)
983 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
984 [Define if your libraries define login()])])
985 AC_CHECK_FUNCS(logout updwtmp logwtmp)
989 # Check for ALTDIRFUNC glob() extension
990 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
991 AC_EGREP_CPP(FOUNDIT,
994 #ifdef GLOB_ALTDIRFUNC
999 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1000 [Define if your system glob() function has
1001 the GLOB_ALTDIRFUNC extension])
1009 # Check for g.gl_matchc glob() extension
1010 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1012 [ #include <glob.h> ],
1013 [glob_t g; g.gl_matchc = 1;],
1015 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1016 [Define if your system glob() function has
1017 gl_matchc options in glob_t])
1025 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1027 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1030 #include <sys/types.h>
1032 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1034 [AC_MSG_RESULT(yes)],
1037 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1038 [Define if your struct dirent expects you to
1039 allocate extra space for d_name])
1042 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1043 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1047 # Check whether the user wants GSSAPI mechglue support
1048 AC_ARG_WITH(mechglue,
1049 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1051 AC_MSG_CHECKING(for mechglue library)
1053 if test -e ${withval}/libgssapi.a ; then
1054 mechglue_lib=${withval}/libgssapi.a
1055 elif test -e ${withval}/lib/libgssapi.a ; then
1056 mechglue_lib=${withval}/lib/libgssapi.a
1058 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1060 LIBS="$LIBS ${mechglue_lib}"
1061 AC_MSG_RESULT(${mechglue_lib})
1063 AC_CHECK_LIB(dl, dlopen, , )
1064 if test $ac_cv_lib_dl_dlopen = yes; then
1065 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1069 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1076 # Check whether the user wants GSI (Globus) support
1079 [ --with-gsi Enable Globus GSI authentication support],
1086 [ --with-globus Enable Globus GSI authentication support],
1092 AC_ARG_WITH(globus-static,
1093 [ --with-globus-static Link statically with Globus GSI libraries],
1095 gsi_static="-static"
1096 if test "x$gsi_path" = "xno" ; then
1102 # Check whether the user has a Globus flavor type
1103 globus_flavor_type="no"
1104 AC_ARG_WITH(globus-flavor,
1105 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
1107 globus_flavor_type="$withval"
1108 if test "x$gsi_path" = "xno" ; then
1114 if test "x$gsi_path" != "xno" ; then
1115 # Globus GSSAPI configuration
1116 AC_MSG_CHECKING(for Globus GSI)
1117 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
1119 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
1120 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1122 if test -z "$GSSAPI"; then
1127 if test "x$gsi_path" = "xyes" ; then
1128 if test -z "$GLOBUS_LOCATION" ; then
1129 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
1131 gsi_path="$GLOBUS_LOCATION"
1134 GLOBUS_LOCATION="$gsi_path"
1135 export GLOBUS_LOCATION
1136 if test ! -d "$GLOBUS_LOCATION" ; then
1137 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1140 if test "x$globus_flavor_type" = "xno" ; then
1141 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1143 if test "x$globus_flavor_type" = "xyes" ; then
1144 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1147 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1148 if test ! -d "$GLOBUS_INCLUDE" ; then
1149 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1151 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
1153 if test -x ${gsi_path}/bin/globus-makefile-header ; then
1154 GSI_LIBS=`${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
1155 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
1156 GSI_LIBS=`${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
1158 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
1160 if test -n "${need_dash_r}"; then
1161 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
1163 GSI_LDFLAGS="-L${gsi_path}/lib"
1165 if test -z "$GSI_LIBS" ; then
1166 AC_MSG_ERROR(globus-makefile-header failed)
1169 AC_DEFINE(HAVE_GSSAPI_H)
1171 LIBS="$LIBS $GSI_LIBS"
1172 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1173 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
1175 # test that we got the libraries OK
1183 AC_MSG_ERROR(link with Globus libraries failed)
1186 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1187 INSTALL_GSISSH="yes"
1191 AC_SUBST(INSTALL_GSISSH)
1192 # End Globus/GSI section
1194 AC_MSG_CHECKING([for /proc/pid/fd directory])
1195 if test -d "/proc/$$/fd" ; then
1196 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1202 # Check whether user wants S/Key support
1205 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1207 if test "x$withval" != "xno" ; then
1209 if test "x$withval" != "xyes" ; then
1210 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1211 LDFLAGS="$LDFLAGS -L${withval}/lib"
1214 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1218 AC_MSG_CHECKING([for s/key support])
1223 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1225 [AC_MSG_RESULT(yes)],
1228 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1230 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1234 [(void)skeychallenge(NULL,"name","",0);],
1236 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1237 [Define if your skeychallenge()
1238 function takes 4 arguments (NetBSD)])],
1245 # Check whether user wants TCP wrappers support
1247 AC_ARG_WITH(tcp-wrappers,
1248 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1250 if test "x$withval" != "xno" ; then
1252 saved_LDFLAGS="$LDFLAGS"
1253 saved_CPPFLAGS="$CPPFLAGS"
1254 if test -n "${withval}" && \
1255 test "x${withval}" != "xyes"; then
1256 if test -d "${withval}/lib"; then
1257 if test -n "${need_dash_r}"; then
1258 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1260 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1263 if test -n "${need_dash_r}"; then
1264 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1266 LDFLAGS="-L${withval} ${LDFLAGS}"
1269 if test -d "${withval}/include"; then
1270 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1272 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1276 LIBS="$LIBWRAP $LIBS"
1277 AC_MSG_CHECKING(for libwrap)
1280 #include <sys/types.h>
1281 #include <sys/socket.h>
1282 #include <netinet/in.h>
1284 int deny_severity = 0, allow_severity = 0;
1289 AC_DEFINE(LIBWRAP, 1,
1291 TCP Wrappers support])
1296 AC_MSG_ERROR([*** libwrap missing])
1304 # Check whether user wants libedit support
1306 AC_ARG_WITH(libedit,
1307 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1308 [ if test "x$withval" != "xno" ; then
1309 if test "x$withval" != "xyes"; then
1310 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1311 if test -n "${need_dash_r}"; then
1312 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1314 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1317 AC_CHECK_LIB(edit, el_init,
1318 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1319 LIBEDIT="-ledit -lcurses"
1323 [ AC_MSG_ERROR(libedit not found) ],
1326 AC_MSG_CHECKING(if libedit version is compatible)
1329 #include <histedit.h>
1333 el_init("", NULL, NULL, NULL);
1337 [ AC_MSG_RESULT(yes) ],
1339 AC_MSG_ERROR(libedit version is not compatible) ]
1346 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1348 AC_MSG_CHECKING(for supported audit module)
1353 dnl Checks for headers, libs and functions
1354 AC_CHECK_HEADERS(bsm/audit.h, [],
1355 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1362 AC_CHECK_LIB(bsm, getaudit, [],
1363 [AC_MSG_ERROR(BSM enabled and required library not found)])
1364 AC_CHECK_FUNCS(getaudit, [],
1365 [AC_MSG_ERROR(BSM enabled and required function not found)])
1366 # These are optional
1367 AC_CHECK_FUNCS(getaudit_addr)
1368 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1372 AC_MSG_RESULT(debug)
1373 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1379 AC_MSG_ERROR([Unknown audit module $withval])
1384 dnl Checks for library functions. Please keep in alphabetical order
1469 # IRIX has a const char return value for gai_strerror()
1470 AC_CHECK_FUNCS(gai_strerror,[
1471 AC_DEFINE(HAVE_GAI_STRERROR)
1473 #include <sys/types.h>
1474 #include <sys/socket.h>
1477 const char *gai_strerror(int);],[
1480 str = gai_strerror(0);],[
1481 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1482 [Define if gai_strerror() returns const char *])])])
1484 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1485 [Some systems put nanosleep outside of libc]))
1487 dnl Make sure prototypes are defined for these before using them.
1488 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1489 AC_CHECK_DECL(strsep,
1490 [AC_CHECK_FUNCS(strsep)],
1493 #ifdef HAVE_STRING_H
1494 # include <string.h>
1498 dnl tcsendbreak might be a macro
1499 AC_CHECK_DECL(tcsendbreak,
1500 [AC_DEFINE(HAVE_TCSENDBREAK)],
1501 [AC_CHECK_FUNCS(tcsendbreak)],
1502 [#include <termios.h>]
1505 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1507 AC_CHECK_DECLS(SHUT_RD, , ,
1509 #include <sys/types.h>
1510 #include <sys/socket.h>
1513 AC_CHECK_DECLS(O_NONBLOCK, , ,
1515 #include <sys/types.h>
1516 #ifdef HAVE_SYS_STAT_H
1517 # include <sys/stat.h>
1524 AC_CHECK_DECLS(writev, , , [
1525 #include <sys/types.h>
1526 #include <sys/uio.h>
1530 AC_CHECK_FUNCS(setresuid, [
1531 dnl Some platorms have setresuid that isn't implemented, test for this
1532 AC_MSG_CHECKING(if setresuid seems to work)
1537 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1539 [AC_MSG_RESULT(yes)],
1540 [AC_DEFINE(BROKEN_SETRESUID, 1,
1541 [Define if your setresuid() is broken])
1542 AC_MSG_RESULT(not implemented)],
1543 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1547 AC_CHECK_FUNCS(setresgid, [
1548 dnl Some platorms have setresgid that isn't implemented, test for this
1549 AC_MSG_CHECKING(if setresgid seems to work)
1554 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1556 [AC_MSG_RESULT(yes)],
1557 [AC_DEFINE(BROKEN_SETRESGID, 1,
1558 [Define if your setresgid() is broken])
1559 AC_MSG_RESULT(not implemented)],
1560 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1564 dnl Checks for time functions
1565 AC_CHECK_FUNCS(gettimeofday time)
1566 dnl Checks for utmp functions
1567 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1568 AC_CHECK_FUNCS(utmpname)
1569 dnl Checks for utmpx functions
1570 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1571 AC_CHECK_FUNCS(setutxent utmpxname)
1573 AC_CHECK_FUNC(daemon,
1574 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1575 [AC_CHECK_LIB(bsd, daemon,
1576 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1579 AC_CHECK_FUNC(getpagesize,
1580 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1581 [Define if your libraries define getpagesize()])],
1582 [AC_CHECK_LIB(ucb, getpagesize,
1583 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1586 # Check for broken snprintf
1587 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1588 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1592 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1594 [AC_MSG_RESULT(yes)],
1597 AC_DEFINE(BROKEN_SNPRINTF, 1,
1598 [Define if your snprintf is busted])
1599 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1601 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1605 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1606 # returning the right thing on overflow: the number of characters it tried to
1607 # create (as per SUSv3)
1608 if test "x$ac_cv_func_asprintf" != "xyes" && \
1609 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1610 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1613 #include <sys/types.h>
1617 int x_snprintf(char *str,size_t count,const char *fmt,...)
1619 size_t ret; va_list ap;
1620 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1626 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1628 [AC_MSG_RESULT(yes)],
1631 AC_DEFINE(BROKEN_SNPRINTF, 1,
1632 [Define if your snprintf is busted])
1633 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1635 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1639 # On systems where [v]snprintf is broken, but is declared in stdio,
1640 # check that the fmt argument is const char * or just char *.
1641 # This is only useful for when BROKEN_SNPRINTF
1642 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1643 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1644 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1645 int main(void) { snprintf(0, 0, 0); }
1648 AC_DEFINE(SNPRINTF_CONST, [const],
1649 [Define as const if snprintf() can declare const char *fmt])],
1651 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1653 # Check for missing getpeereid (or equiv) support
1655 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1656 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1658 [#include <sys/types.h>
1659 #include <sys/socket.h>],
1660 [int i = SO_PEERCRED;],
1661 [ AC_MSG_RESULT(yes)
1662 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1669 dnl see whether mkstemp() requires XXXXXX
1670 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1671 AC_MSG_CHECKING([for (overly) strict mkstemp])
1675 main() { char template[]="conftest.mkstemp-test";
1676 if (mkstemp(template) == -1)
1678 unlink(template); exit(0);
1686 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1690 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1695 dnl make sure that openpty does not reacquire controlling terminal
1696 if test ! -z "$check_for_openpty_ctty_bug"; then
1697 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1701 #include <sys/fcntl.h>
1702 #include <sys/types.h>
1703 #include <sys/wait.h>
1709 int fd, ptyfd, ttyfd, status;
1712 if (pid < 0) { /* failed */
1714 } else if (pid > 0) { /* parent */
1715 waitpid(pid, &status, 0);
1716 if (WIFEXITED(status))
1717 exit(WEXITSTATUS(status));
1720 } else { /* child */
1721 close(0); close(1); close(2);
1723 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1724 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1726 exit(3); /* Acquired ctty: broken */
1728 exit(0); /* Did not acquire ctty: OK */
1737 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1740 AC_MSG_RESULT(cross-compiling, assuming yes)
1745 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1746 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1747 AC_MSG_CHECKING(if getaddrinfo seems to work)
1751 #include <sys/socket.h>
1754 #include <netinet/in.h>
1756 #define TEST_PORT "2222"
1762 struct addrinfo *gai_ai, *ai, hints;
1763 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1765 memset(&hints, 0, sizeof(hints));
1766 hints.ai_family = PF_UNSPEC;
1767 hints.ai_socktype = SOCK_STREAM;
1768 hints.ai_flags = AI_PASSIVE;
1770 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1772 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1776 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1777 if (ai->ai_family != AF_INET6)
1780 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1781 sizeof(ntop), strport, sizeof(strport),
1782 NI_NUMERICHOST|NI_NUMERICSERV);
1785 if (err == EAI_SYSTEM)
1786 perror("getnameinfo EAI_SYSTEM");
1788 fprintf(stderr, "getnameinfo failed: %s\n",
1793 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1796 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1809 AC_DEFINE(BROKEN_GETADDRINFO)
1812 AC_MSG_RESULT(cross-compiling, assuming yes)
1817 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1818 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1819 AC_MSG_CHECKING(if getaddrinfo seems to work)
1823 #include <sys/socket.h>
1826 #include <netinet/in.h>
1828 #define TEST_PORT "2222"
1834 struct addrinfo *gai_ai, *ai, hints;
1835 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1837 memset(&hints, 0, sizeof(hints));
1838 hints.ai_family = PF_UNSPEC;
1839 hints.ai_socktype = SOCK_STREAM;
1840 hints.ai_flags = AI_PASSIVE;
1842 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1844 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1848 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1849 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1852 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1853 sizeof(ntop), strport, sizeof(strport),
1854 NI_NUMERICHOST|NI_NUMERICSERV);
1856 if (ai->ai_family == AF_INET && err != 0) {
1857 perror("getnameinfo");
1866 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1867 [Define if you have a getaddrinfo that fails
1868 for the all-zeros IPv6 address])
1872 AC_DEFINE(BROKEN_GETADDRINFO)
1875 AC_MSG_RESULT(cross-compiling, assuming no)
1880 if test "x$check_for_conflicting_getspnam" = "x1"; then
1881 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1885 int main(void) {exit(0);}
1892 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1893 [Conflicting defs for getspnam])
1900 # Search for OpenSSL
1901 saved_CPPFLAGS="$CPPFLAGS"
1902 saved_LDFLAGS="$LDFLAGS"
1903 AC_ARG_WITH(ssl-dir,
1904 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1906 if test "x$withval" != "xno" ; then
1909 ./*|../*) withval="`pwd`/$withval"
1911 if test -d "$withval/lib"; then
1912 if test -n "${need_dash_r}"; then
1913 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1915 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1918 if test -n "${need_dash_r}"; then
1919 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1921 LDFLAGS="-L${withval} ${LDFLAGS}"
1924 if test -d "$withval/include"; then
1925 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1927 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1932 if test -z "$GSI_LIBS" ; then
1933 LIBS="-lcrypto $LIBS"
1935 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1936 [Define if your ssl headers are included
1937 with #include <openssl/header.h>]),
1939 dnl Check default openssl install dir
1940 if test -n "${need_dash_r}"; then
1941 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1943 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1945 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1946 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1948 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1954 # Determine OpenSSL header version
1955 AC_MSG_CHECKING([OpenSSL header version])
1960 #include <openssl/opensslv.h>
1961 #define DATA "conftest.sslincver"
1966 fd = fopen(DATA,"w");
1970 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1977 ssl_header_ver=`cat conftest.sslincver`
1978 AC_MSG_RESULT($ssl_header_ver)
1981 AC_MSG_RESULT(not found)
1982 AC_MSG_ERROR(OpenSSL version header not found.)
1985 AC_MSG_WARN([cross compiling: not checking])
1989 # Determine OpenSSL library version
1990 AC_MSG_CHECKING([OpenSSL library version])
1995 #include <openssl/opensslv.h>
1996 #include <openssl/crypto.h>
1997 #define DATA "conftest.ssllibver"
2002 fd = fopen(DATA,"w");
2006 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2013 ssl_library_ver=`cat conftest.ssllibver`
2014 AC_MSG_RESULT($ssl_library_ver)
2017 AC_MSG_RESULT(not found)
2018 AC_MSG_ERROR(OpenSSL library not found.)
2021 AC_MSG_WARN([cross compiling: not checking])
2025 AC_ARG_WITH(openssl-header-check,
2026 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2027 [ if test "x$withval" = "xno" ; then
2028 openssl_check_nonfatal=1
2033 # Sanity check OpenSSL headers
2034 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2038 #include <openssl/opensslv.h>
2039 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2046 if test "x$openssl_check_nonfatal" = "x"; then
2047 AC_MSG_ERROR([Your OpenSSL headers do not match your
2048 library. Check config.log for details.
2049 If you are sure your installation is consistent, you can disable the check
2050 by running "./configure --without-openssl-header-check".
2051 Also see contrib/findssl.sh for help identifying header/library mismatches.
2054 AC_MSG_WARN([Your OpenSSL headers do not match your
2055 library. Check config.log for details.
2056 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2060 AC_MSG_WARN([cross compiling: not checking])
2064 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2067 #include <openssl/evp.h>
2068 int main(void) { SSLeay_add_all_algorithms(); }
2077 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2080 #include <openssl/evp.h>
2081 int main(void) { SSLeay_add_all_algorithms(); }
2094 AC_ARG_WITH(ssl-engine,
2095 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2096 [ if test "x$withval" != "xno" ; then
2097 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2099 [ #include <openssl/engine.h>],
2101 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2103 [ AC_MSG_RESULT(yes)
2104 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2105 [Enable OpenSSL engine support])
2107 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2112 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2113 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2117 #include <openssl/evp.h>
2118 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2125 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2126 [libcrypto is missing AES 192 and 256 bit functions])
2130 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2131 # because the system crypt() is more featureful.
2132 if test "x$check_for_libcrypt_before" = "x1"; then
2133 AC_CHECK_LIB(crypt, crypt)
2136 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2137 # version in OpenSSL.
2138 if test "x$check_for_libcrypt_later" = "x1"; then
2139 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2142 # Search for SHA256 support in libc and/or OpenSSL
2143 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2145 AC_CHECK_LIB(iaf, ia_openinfo)
2147 ### Configure cryptographic random number support
2149 # Check wheter OpenSSL seeds itself
2150 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2154 #include <openssl/rand.h>
2155 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2158 OPENSSL_SEEDS_ITSELF=yes
2163 # Default to use of the rand helper if OpenSSL doesn't
2168 AC_MSG_WARN([cross compiling: assuming yes])
2169 # This is safe, since all recent OpenSSL versions will
2170 # complain at runtime if not seeded correctly.
2171 OPENSSL_SEEDS_ITSELF=yes
2175 # Check for PAM libs
2178 [ --with-pam Enable PAM support ],
2180 if test "x$withval" != "xno" ; then
2181 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2182 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2183 AC_MSG_ERROR([PAM headers not found])
2187 AC_CHECK_LIB(dl, dlopen, , )
2188 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2189 AC_CHECK_FUNCS(pam_getenvlist)
2190 AC_CHECK_FUNCS(pam_putenv)
2196 AC_DEFINE(USE_PAM, 1,
2197 [Define if you want to enable PAM support])
2199 if test $ac_cv_lib_dl_dlopen = yes; then
2202 # libdl already in LIBS
2205 LIBPAM="$LIBPAM -ldl"
2214 # Check for older PAM
2215 if test "x$PAM_MSG" = "xyes" ; then
2216 # Check PAM strerror arguments (old PAM)
2217 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2221 #if defined(HAVE_SECURITY_PAM_APPL_H)
2222 #include <security/pam_appl.h>
2223 #elif defined (HAVE_PAM_PAM_APPL_H)
2224 #include <pam/pam_appl.h>
2227 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2228 [AC_MSG_RESULT(no)],
2230 AC_DEFINE(HAVE_OLD_PAM, 1,
2231 [Define if you have an old version of PAM
2232 which takes only one argument to pam_strerror])
2234 PAM_MSG="yes (old library)"
2239 # Do we want to force the use of the rand helper?
2240 AC_ARG_WITH(rand-helper,
2241 [ --with-rand-helper Use subprocess to gather strong randomness ],
2243 if test "x$withval" = "xno" ; then
2244 # Force use of OpenSSL's internal RNG, even if
2245 # the previous test showed it to be unseeded.
2246 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2247 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2248 OPENSSL_SEEDS_ITSELF=yes
2257 # Which randomness source do we use?
2258 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2260 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2261 [Define if you want OpenSSL's internally seeded PRNG only])
2262 RAND_MSG="OpenSSL internal ONLY"
2263 INSTALL_SSH_RAND_HELPER=""
2264 elif test ! -z "$USE_RAND_HELPER" ; then
2265 # install rand helper
2266 RAND_MSG="ssh-rand-helper"
2267 INSTALL_SSH_RAND_HELPER="yes"
2269 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2271 ### Configuration of ssh-rand-helper
2274 AC_ARG_WITH(prngd-port,
2275 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2284 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2287 if test ! -z "$withval" ; then
2288 PRNGD_PORT="$withval"
2289 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2290 [Port number of PRNGD/EGD random number socket])
2295 # PRNGD Unix domain socket
2296 AC_ARG_WITH(prngd-socket,
2297 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2301 withval="/var/run/egd-pool"
2309 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2313 if test ! -z "$withval" ; then
2314 if test ! -z "$PRNGD_PORT" ; then
2315 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2317 if test ! -r "$withval" ; then
2318 AC_MSG_WARN(Entropy socket is not readable)
2320 PRNGD_SOCKET="$withval"
2321 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2322 [Location of PRNGD/EGD random number socket])
2326 # Check for existing socket only if we don't have a random device already
2327 if test "$USE_RAND_HELPER" = yes ; then
2328 AC_MSG_CHECKING(for PRNGD/EGD socket)
2329 # Insert other locations here
2330 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2331 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2332 PRNGD_SOCKET="$sock"
2333 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2337 if test ! -z "$PRNGD_SOCKET" ; then
2338 AC_MSG_RESULT($PRNGD_SOCKET)
2340 AC_MSG_RESULT(not found)
2346 # Change default command timeout for hashing entropy source
2348 AC_ARG_WITH(entropy-timeout,
2349 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2351 if test -n "$withval" && test "x$withval" != "xno" && \
2352 test "x${withval}" != "xyes"; then
2353 entropy_timeout=$withval
2357 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2358 [Builtin PRNG command timeout])
2360 SSH_PRIVSEP_USER=sshd
2361 AC_ARG_WITH(privsep-user,
2362 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2364 if test -n "$withval" && test "x$withval" != "xno" && \
2365 test "x${withval}" != "xyes"; then
2366 SSH_PRIVSEP_USER=$withval
2370 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2371 [non-privileged user for privilege separation])
2372 AC_SUBST(SSH_PRIVSEP_USER)
2374 # We do this little dance with the search path to insure
2375 # that programs that we select for use by installed programs
2376 # (which may be run by the super-user) come from trusted
2377 # locations before they come from the user's private area.
2378 # This should help avoid accidentally configuring some
2379 # random version of a program in someone's personal bin.
2383 test -h /bin 2> /dev/null && PATH=/usr/bin
2384 test -d /sbin && PATH=$PATH:/sbin
2385 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2386 PATH=$PATH:/etc:$OPATH
2388 # These programs are used by the command hashing source to gather entropy
2389 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2390 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2391 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2392 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2393 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2394 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2395 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2396 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2397 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2398 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2399 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2400 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2401 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2402 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2403 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2404 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2408 # Where does ssh-rand-helper get its randomness from?
2409 INSTALL_SSH_PRNG_CMDS=""
2410 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2411 if test ! -z "$PRNGD_PORT" ; then
2412 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2413 elif test ! -z "$PRNGD_SOCKET" ; then
2414 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2416 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2417 RAND_HELPER_CMDHASH=yes
2418 INSTALL_SSH_PRNG_CMDS="yes"
2421 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2424 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2425 if test ! -z "$SONY" ; then
2426 LIBS="$LIBS -liberty";
2429 # Check for long long datatypes
2430 AC_CHECK_TYPES([long long, unsigned long long, long double])
2432 # Check datatype sizes
2433 AC_CHECK_SIZEOF(char, 1)
2434 AC_CHECK_SIZEOF(short int, 2)
2435 AC_CHECK_SIZEOF(int, 4)
2436 AC_CHECK_SIZEOF(long int, 4)
2437 AC_CHECK_SIZEOF(long long int, 8)
2439 # Sanity check long long for some platforms (AIX)
2440 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2441 ac_cv_sizeof_long_long_int=0
2444 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2445 if test -z "$have_llong_max"; then
2446 AC_MSG_CHECKING([for max value of long long])
2450 /* Why is this so damn hard? */
2454 #define __USE_ISOC99
2456 #define DATA "conftest.llminmax"
2457 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2460 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2461 * we do this the hard way.
2464 fprint_ll(FILE *f, long long n)
2467 int l[sizeof(long long) * 8];
2470 if (fprintf(f, "-") < 0)
2472 for (i = 0; n != 0; i++) {
2473 l[i] = my_abs(n % 10);
2477 if (fprintf(f, "%d", l[--i]) < 0)
2480 if (fprintf(f, " ") < 0)
2487 long long i, llmin, llmax = 0;
2489 if((f = fopen(DATA,"w")) == NULL)
2492 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2493 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2497 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2498 /* This will work on one's complement and two's complement */
2499 for (i = 1; i > llmax; i <<= 1, i++)
2501 llmin = llmax + 1LL; /* wrap */
2505 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2506 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2507 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2508 fprintf(f, "unknown unknown\n");
2512 if (fprint_ll(f, llmin) < 0)
2514 if (fprint_ll(f, llmax) < 0)
2522 llong_min=`$AWK '{print $1}' conftest.llminmax`
2523 llong_max=`$AWK '{print $2}' conftest.llminmax`
2525 AC_MSG_RESULT($llong_max)
2526 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2527 [max value of long long calculated by configure])
2528 AC_MSG_CHECKING([for min value of long long])
2529 AC_MSG_RESULT($llong_min)
2530 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2531 [min value of long long calculated by configure])
2534 AC_MSG_RESULT(not found)
2537 AC_MSG_WARN([cross compiling: not checking])
2543 # More checks for data types
2544 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2546 [ #include <sys/types.h> ],
2548 [ ac_cv_have_u_int="yes" ],
2549 [ ac_cv_have_u_int="no" ]
2552 if test "x$ac_cv_have_u_int" = "xyes" ; then
2553 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2557 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2559 [ #include <sys/types.h> ],
2560 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2561 [ ac_cv_have_intxx_t="yes" ],
2562 [ ac_cv_have_intxx_t="no" ]
2565 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2566 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2570 if (test -z "$have_intxx_t" && \
2571 test "x$ac_cv_header_stdint_h" = "xyes")
2573 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2575 [ #include <stdint.h> ],
2576 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2578 AC_DEFINE(HAVE_INTXX_T)
2581 [ AC_MSG_RESULT(no) ]
2585 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2588 #include <sys/types.h>
2589 #ifdef HAVE_STDINT_H
2590 # include <stdint.h>
2592 #include <sys/socket.h>
2593 #ifdef HAVE_SYS_BITYPES_H
2594 # include <sys/bitypes.h>
2597 [ int64_t a; a = 1;],
2598 [ ac_cv_have_int64_t="yes" ],
2599 [ ac_cv_have_int64_t="no" ]
2602 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2603 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2606 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2608 [ #include <sys/types.h> ],
2609 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2610 [ ac_cv_have_u_intxx_t="yes" ],
2611 [ ac_cv_have_u_intxx_t="no" ]
2614 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2615 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2619 if test -z "$have_u_intxx_t" ; then
2620 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2622 [ #include <sys/socket.h> ],
2623 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2625 AC_DEFINE(HAVE_U_INTXX_T)
2628 [ AC_MSG_RESULT(no) ]
2632 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2634 [ #include <sys/types.h> ],
2635 [ u_int64_t a; a = 1;],
2636 [ ac_cv_have_u_int64_t="yes" ],
2637 [ ac_cv_have_u_int64_t="no" ]
2640 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2641 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2645 if test -z "$have_u_int64_t" ; then
2646 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2648 [ #include <sys/bitypes.h> ],
2649 [ u_int64_t a; a = 1],
2651 AC_DEFINE(HAVE_U_INT64_T)
2654 [ AC_MSG_RESULT(no) ]
2658 if test -z "$have_u_intxx_t" ; then
2659 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2662 #include <sys/types.h>
2664 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2665 [ ac_cv_have_uintxx_t="yes" ],
2666 [ ac_cv_have_uintxx_t="no" ]
2669 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2670 AC_DEFINE(HAVE_UINTXX_T, 1,
2671 [define if you have uintxx_t data type])
2675 if test -z "$have_uintxx_t" ; then
2676 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2678 [ #include <stdint.h> ],
2679 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2681 AC_DEFINE(HAVE_UINTXX_T)
2684 [ AC_MSG_RESULT(no) ]
2688 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2689 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2691 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2694 #include <sys/bitypes.h>
2697 int8_t a; int16_t b; int32_t c;
2698 u_int8_t e; u_int16_t f; u_int32_t g;
2699 a = b = c = e = f = g = 1;
2702 AC_DEFINE(HAVE_U_INTXX_T)
2703 AC_DEFINE(HAVE_INTXX_T)
2711 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2714 #include <sys/types.h>
2716 [ u_char foo; foo = 125; ],
2717 [ ac_cv_have_u_char="yes" ],
2718 [ ac_cv_have_u_char="no" ]
2721 if test "x$ac_cv_have_u_char" = "xyes" ; then
2722 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2727 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2729 AC_CHECK_TYPES(in_addr_t,,,
2730 [#include <sys/types.h>
2731 #include <netinet/in.h>])
2733 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2736 #include <sys/types.h>
2738 [ size_t foo; foo = 1235; ],
2739 [ ac_cv_have_size_t="yes" ],
2740 [ ac_cv_have_size_t="no" ]
2743 if test "x$ac_cv_have_size_t" = "xyes" ; then
2744 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2747 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2750 #include <sys/types.h>
2752 [ ssize_t foo; foo = 1235; ],
2753 [ ac_cv_have_ssize_t="yes" ],
2754 [ ac_cv_have_ssize_t="no" ]
2757 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2758 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2761 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2766 [ clock_t foo; foo = 1235; ],
2767 [ ac_cv_have_clock_t="yes" ],
2768 [ ac_cv_have_clock_t="no" ]
2771 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2772 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2775 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2778 #include <sys/types.h>
2779 #include <sys/socket.h>
2781 [ sa_family_t foo; foo = 1235; ],
2782 [ ac_cv_have_sa_family_t="yes" ],
2785 #include <sys/types.h>
2786 #include <sys/socket.h>
2787 #include <netinet/in.h>
2789 [ sa_family_t foo; foo = 1235; ],
2790 [ ac_cv_have_sa_family_t="yes" ],
2792 [ ac_cv_have_sa_family_t="no" ]
2796 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2797 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2798 [define if you have sa_family_t data type])
2801 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2804 #include <sys/types.h>
2806 [ pid_t foo; foo = 1235; ],
2807 [ ac_cv_have_pid_t="yes" ],
2808 [ ac_cv_have_pid_t="no" ]
2811 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2812 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2815 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2818 #include <sys/types.h>
2820 [ mode_t foo; foo = 1235; ],
2821 [ ac_cv_have_mode_t="yes" ],
2822 [ ac_cv_have_mode_t="no" ]
2825 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2826 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2830 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2833 #include <sys/types.h>
2834 #include <sys/socket.h>
2836 [ struct sockaddr_storage s; ],
2837 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2838 [ ac_cv_have_struct_sockaddr_storage="no" ]
2841 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2842 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2843 [define if you have struct sockaddr_storage data type])
2846 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2849 #include <sys/types.h>
2850 #include <netinet/in.h>
2852 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2853 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2854 [ ac_cv_have_struct_sockaddr_in6="no" ]
2857 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2858 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2859 [define if you have struct sockaddr_in6 data type])
2862 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2865 #include <sys/types.h>
2866 #include <netinet/in.h>
2868 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2869 [ ac_cv_have_struct_in6_addr="yes" ],
2870 [ ac_cv_have_struct_in6_addr="no" ]
2873 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2874 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2875 [define if you have struct in6_addr data type])
2878 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2881 #include <sys/types.h>
2882 #include <sys/socket.h>
2885 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2886 [ ac_cv_have_struct_addrinfo="yes" ],
2887 [ ac_cv_have_struct_addrinfo="no" ]
2890 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2891 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2892 [define if you have struct addrinfo data type])
2895 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2897 [ #include <sys/time.h> ],
2898 [ struct timeval tv; tv.tv_sec = 1;],
2899 [ ac_cv_have_struct_timeval="yes" ],
2900 [ ac_cv_have_struct_timeval="no" ]
2903 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2904 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2905 have_struct_timeval=1
2908 AC_CHECK_TYPES(struct timespec)
2910 # We need int64_t or else certian parts of the compile will fail.
2911 if test "x$ac_cv_have_int64_t" = "xno" && \
2912 test "x$ac_cv_sizeof_long_int" != "x8" && \
2913 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2914 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2915 echo "an alternative compiler (I.E., GCC) before continuing."
2919 dnl test snprintf (broken on SCO w/gcc)
2924 #ifdef HAVE_SNPRINTF
2928 char expected_out[50];
2930 #if (SIZEOF_LONG_INT == 8)
2931 long int num = 0x7fffffffffffffff;
2933 long long num = 0x7fffffffffffffffll;
2935 strcpy(expected_out, "9223372036854775807");
2936 snprintf(buf, mazsize, "%lld", num);
2937 if(strcmp(buf, expected_out) != 0)
2944 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2945 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2949 dnl Checks for structure members
2950 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2951 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2952 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2953 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2954 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2955 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2956 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2957 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2958 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2959 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2960 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2961 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2962 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2963 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2964 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2965 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2966 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2968 AC_CHECK_MEMBERS([struct stat.st_blksize])
2969 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2970 [Define if we don't have struct __res_state in resolv.h])],
2973 #if HAVE_SYS_TYPES_H
2974 # include <sys/types.h>
2976 #include <netinet/in.h>
2977 #include <arpa/nameser.h>
2981 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2982 ac_cv_have_ss_family_in_struct_ss, [
2985 #include <sys/types.h>
2986 #include <sys/socket.h>
2988 [ struct sockaddr_storage s; s.ss_family = 1; ],
2989 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2990 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2993 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2994 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2997 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2998 ac_cv_have___ss_family_in_struct_ss, [
3001 #include <sys/types.h>
3002 #include <sys/socket.h>
3004 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3005 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3006 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3009 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3010 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3011 [Fields in struct sockaddr_storage])
3014 AC_CACHE_CHECK([for pw_class field in struct passwd],
3015 ac_cv_have_pw_class_in_struct_passwd, [
3020 [ struct passwd p; p.pw_class = 0; ],
3021 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3022 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3025 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3026 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3027 [Define if your password has a pw_class field])
3030 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3031 ac_cv_have_pw_expire_in_struct_passwd, [
3036 [ struct passwd p; p.pw_expire = 0; ],
3037 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3038 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3041 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3042 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3043 [Define if your password has a pw_expire field])
3046 AC_CACHE_CHECK([for pw_change field in struct passwd],
3047 ac_cv_have_pw_change_in_struct_passwd, [
3052 [ struct passwd p; p.pw_change = 0; ],
3053 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3054 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3057 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3058 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3059 [Define if your password has a pw_change field])
3062 dnl make sure we're using the real structure members and not defines
3063 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3064 ac_cv_have_accrights_in_msghdr, [
3067 #include <sys/types.h>
3068 #include <sys/socket.h>
3069 #include <sys/uio.h>
3071 #ifdef msg_accrights
3072 #error "msg_accrights is a macro"
3076 m.msg_accrights = 0;
3080 [ ac_cv_have_accrights_in_msghdr="yes" ],
3081 [ ac_cv_have_accrights_in_msghdr="no" ]
3084 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3085 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3086 [Define if your system uses access rights style
3087 file descriptor passing])
3090 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3091 ac_cv_have_control_in_msghdr, [
3094 #include <sys/types.h>
3095 #include <sys/socket.h>
3096 #include <sys/uio.h>
3099 #error "msg_control is a macro"
3107 [ ac_cv_have_control_in_msghdr="yes" ],
3108 [ ac_cv_have_control_in_msghdr="no" ]
3111 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3112 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3113 [Define if your system uses ancillary data style
3114 file descriptor passing])
3117 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3119 [ extern char *__progname; printf("%s", __progname); ],
3120 [ ac_cv_libc_defines___progname="yes" ],
3121 [ ac_cv_libc_defines___progname="no" ]
3124 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3125 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3128 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3132 [ printf("%s", __FUNCTION__); ],
3133 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3134 [ ac_cv_cc_implements___FUNCTION__="no" ]
3137 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3138 AC_DEFINE(HAVE___FUNCTION__, 1,
3139 [Define if compiler implements __FUNCTION__])
3142 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3146 [ printf("%s", __func__); ],
3147 [ ac_cv_cc_implements___func__="yes" ],
3148 [ ac_cv_cc_implements___func__="no" ]
3151 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3152 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3155 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3157 [#include <stdarg.h>
3160 [ ac_cv_have_va_copy="yes" ],
3161 [ ac_cv_have_va_copy="no" ]
3164 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3165 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3168 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3170 [#include <stdarg.h>
3173 [ ac_cv_have___va_copy="yes" ],
3174 [ ac_cv_have___va_copy="no" ]
3177 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3178 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3181 AC_CACHE_CHECK([whether getopt has optreset support],
3182 ac_cv_have_getopt_optreset, [
3187 [ extern int optreset; optreset = 0; ],
3188 [ ac_cv_have_getopt_optreset="yes" ],
3189 [ ac_cv_have_getopt_optreset="no" ]
3192 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3193 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3194 [Define if your getopt(3) defines and uses optreset])
3197 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3199 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3200 [ ac_cv_libc_defines_sys_errlist="yes" ],
3201 [ ac_cv_libc_defines_sys_errlist="no" ]
3204 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3205 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3206 [Define if your system defines sys_errlist[]])
3210 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3212 [ extern int sys_nerr; printf("%i", sys_nerr);],
3213 [ ac_cv_libc_defines_sys_nerr="yes" ],
3214 [ ac_cv_libc_defines_sys_nerr="no" ]
3217 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3218 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3222 # Check whether user wants sectok support
3224 [ --with-sectok Enable smartcard support using libsectok],
3226 if test "x$withval" != "xno" ; then
3227 if test "x$withval" != "xyes" ; then
3228 CPPFLAGS="$CPPFLAGS -I${withval}"
3229 LDFLAGS="$LDFLAGS -L${withval}"
3230 if test ! -z "$need_dash_r" ; then
3231 LDFLAGS="$LDFLAGS -R${withval}"
3233 if test ! -z "$blibpath" ; then
3234 blibpath="$blibpath:${withval}"
3237 AC_CHECK_HEADERS(sectok.h)
3238 if test "$ac_cv_header_sectok_h" != yes; then
3239 AC_MSG_ERROR(Can't find sectok.h)
3241 AC_CHECK_LIB(sectok, sectok_open)
3242 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3243 AC_MSG_ERROR(Can't find libsectok)
3245 AC_DEFINE(SMARTCARD, 1,
3246 [Define if you want smartcard support])
3247 AC_DEFINE(USE_SECTOK, 1,
3248 [Define if you want smartcard support
3250 SCARD_MSG="yes, using sectok"
3255 # Check whether user wants OpenSC support
3258 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3260 if test "x$withval" != "xno" ; then
3261 if test "x$withval" != "xyes" ; then
3262 OPENSC_CONFIG=$withval/bin/opensc-config
3264 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3266 if test "$OPENSC_CONFIG" != "no"; then
3267 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3268 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3269 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3270 LIBS="$LIBS $LIBOPENSC_LIBS"
3271 AC_DEFINE(SMARTCARD)
3272 AC_DEFINE(USE_OPENSC, 1,
3273 [Define if you want smartcard support
3275 SCARD_MSG="yes, using OpenSC"
3281 # Check libraries needed by DNS fingerprint support
3282 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3283 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3284 [Define if getrrsetbyname() exists])],
3286 # Needed by our getrrsetbyname()
3287 AC_SEARCH_LIBS(res_query, resolv)
3288 AC_SEARCH_LIBS(dn_expand, resolv)
3289 AC_MSG_CHECKING(if res_query will link)
3290 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3293 LIBS="$LIBS -lresolv"
3294 AC_MSG_CHECKING(for res_query in -lresolv)
3299 res_query (0, 0, 0, 0, 0);
3303 [LIBS="$LIBS -lresolv"
3304 AC_MSG_RESULT(yes)],
3308 AC_CHECK_FUNCS(_getshort _getlong)
3309 AC_CHECK_DECLS([_getshort, _getlong], , ,
3310 [#include <sys/types.h>
3311 #include <arpa/nameser.h>])
3312 AC_CHECK_MEMBER(HEADER.ad,
3313 [AC_DEFINE(HAVE_HEADER_AD, 1,
3314 [Define if HEADER.ad exists in arpa/nameser.h])],,
3315 [#include <arpa/nameser.h>])
3318 # Check whether user wants SELinux support
3321 AC_ARG_WITH(selinux,
3322 [ --with-selinux Enable SELinux support],
3323 [ if test "x$withval" != "xno" ; then
3324 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3326 AC_CHECK_HEADER([selinux/selinux.h], ,
3327 AC_MSG_ERROR(SELinux support requires selinux.h header))
3328 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3329 AC_MSG_ERROR(SELinux support requires libselinux library))
3331 LIBS="$LIBS $LIBSELINUX"
3332 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3336 AC_SUBST(LIBSELINUX)
3338 # Check whether user wants Kerberos 5 support
3340 AC_ARG_WITH(kerberos5,
3341 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3342 [ if test "x$withval" != "xno" ; then
3343 if test "x$withval" = "xyes" ; then
3344 KRB5ROOT="/usr/local"
3349 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3352 AC_MSG_CHECKING(for krb5-config)
3353 if test -x $KRB5ROOT/bin/krb5-config ; then
3354 KRB5CONF=$KRB5ROOT/bin/krb5-config
3355 AC_MSG_RESULT($KRB5CONF)
3357 AC_MSG_CHECKING(for gssapi support)
3358 if $KRB5CONF | grep gssapi >/dev/null ; then
3360 AC_DEFINE(GSSAPI, 1,
3361 [Define this if you want GSSAPI
3362 support in the version 2 protocol])
3368 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3369 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3370 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3371 AC_MSG_CHECKING(whether we are using Heimdal)
3372 AC_TRY_COMPILE([ #include <krb5.h> ],
3373 [ char *tmp = heimdal_version; ],
3374 [ AC_MSG_RESULT(yes)
3375 AC_DEFINE(HEIMDAL, 1,
3376 [Define this if you are using the
3377 Heimdal version of Kerberos V5]) ],
3382 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3383 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3384 AC_MSG_CHECKING(whether we are using Heimdal)
3385 AC_TRY_COMPILE([ #include <krb5.h> ],
3386 [ char *tmp = heimdal_version; ],
3387 [ AC_MSG_RESULT(yes)
3389 K5LIBS="-lkrb5 -ldes"
3390 K5LIBS="$K5LIBS -lcom_err -lasn1"
3391 AC_CHECK_LIB(roken, net_write,
3392 [K5LIBS="$K5LIBS -lroken"])
3395 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3398 AC_SEARCH_LIBS(dn_expand, resolv)
3400 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3402 K5LIBS="-lgssapi $K5LIBS" ],
3403 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3405 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3406 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3411 AC_CHECK_HEADER(gssapi.h, ,
3412 [ unset ac_cv_header_gssapi_h
3413 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3414 AC_CHECK_HEADERS(gssapi.h, ,
3415 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3421 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3422 AC_CHECK_HEADER(gssapi_krb5.h, ,
3423 [ CPPFLAGS="$oldCPP" ])
3425 # If we're using some other GSSAPI
3426 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3427 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3430 if test -z "$GSSAPI"; then
3435 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3436 AC_CHECK_HEADER(gssapi_krb5.h, ,
3437 [ CPPFLAGS="$oldCPP" ])
3440 if test ! -z "$need_dash_r" ; then
3441 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3443 if test ! -z "$blibpath" ; then
3444 blibpath="$blibpath:${KRB5ROOT}/lib"
3447 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3448 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3449 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3451 LIBS="$LIBS $K5LIBS"
3452 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3453 [Define this if you want to use libkafs' AFS support]))
3458 # Check whether user wants AFS_KRB5 support
3460 AC_ARG_WITH(afs-krb5,
3461 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3463 if test "x$withval" != "xno" ; then
3465 if test "x$withval" != "xyes" ; then
3466 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3467 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3469 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3471 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3474 if test -z "$KRB5ROOT" ; then
3475 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3478 LIBS="-lkrbafs -lkrb4 $LIBS"
3479 if test ! -z "$AFS_LIBS" ; then
3480 LIBS="$LIBS $AFS_LIBS"
3482 AC_DEFINE(AFS_KRB5, 1,
3483 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3489 AC_ARG_WITH(session-hooks,
3490 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3491 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3494 # Looking for programs, paths and files
3496 PRIVSEP_PATH=/var/empty
3497 AC_ARG_WITH(privsep-path,
3498 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3500 if test -n "$withval" && test "x$withval" != "xno" && \
3501 test "x${withval}" != "xyes"; then
3502 PRIVSEP_PATH=$withval
3506 AC_SUBST(PRIVSEP_PATH)
3509 [ --with-xauth=PATH Specify path to xauth program ],
3511 if test -n "$withval" && test "x$withval" != "xno" && \
3512 test "x${withval}" != "xyes"; then
3518 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3519 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3520 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3521 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3522 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3523 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3524 xauth_path="/usr/openwin/bin/xauth"
3530 AC_ARG_ENABLE(strip,
3531 [ --disable-strip Disable calling strip(1) on install],
3533 if test "x$enableval" = "xno" ; then
3540 if test -z "$xauth_path" ; then
3541 XAUTH_PATH="undefined"
3542 AC_SUBST(XAUTH_PATH)
3544 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3545 [Define if xauth is found in your path])
3546 XAUTH_PATH=$xauth_path
3547 AC_SUBST(XAUTH_PATH)
3550 AC_CHECK_DECL(_PATH_BSHELL, ,
3551 AC_DEFINE_UNQUOTED(_PATH_BSHELL, "/bin/sh",
3552 [Define to your C shell if not defined in paths.h]),
3553 [ #include <paths.h> ]
3556 AC_CHECK_DECL(_PATH_CSHELL, ,
3557 AC_DEFINE_UNQUOTED(_PATH_CSHELL, "/bin/csh",
3558 [Define to your Bourne shell if not defined in paths.h]),
3559 [ #include <paths.h> ]
3562 AC_CHECK_DECL(_PATH_SHELLS, ,
3563 AC_DEFINE_UNQUOTED(_PATH_SHELLS, "/etc/shells",
3564 [Define to your shells file if not defined in paths.h]),
3565 [ #include <paths.h> ]
3568 # if _PATH_MAILDIR is in paths.h then we won't go hunting for it.
3569 AC_CHECK_DECL(_PATH_MAILDIR,
3570 AC_DEFINE(PATH_MAILDIR_IN_PATHS_H, 1,
3571 [Define if _PATH_MAILDIR is in paths.h]),
3573 [ #include <paths.h> ]
3576 # Check for mail directory (last resort if we cannot get it from headers)
3577 if test ! -z "$MAIL" ; then
3578 maildir=`dirname $MAIL`
3579 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3580 [Set this to your mail directory if you don't have maillock.h])
3583 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3584 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3585 disable_ptmx_check=yes
3587 if test -z "$no_dev_ptmx" ; then
3588 if test "x$disable_ptmx_check" != "xyes" ; then
3589 AC_CHECK_FILE("/dev/ptmx",
3591 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3592 [Define if you have /dev/ptmx])
3599 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3600 AC_CHECK_FILE("/dev/ptc",
3602 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3603 [Define if you have /dev/ptc])
3608 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3611 # Options from here on. Some of these are preset by platform above
3612 AC_ARG_WITH(mantype,
3613 [ --with-mantype=man|cat|doc Set man page type],
3620 AC_MSG_ERROR(invalid man type: $withval)
3625 if test -z "$MANTYPE"; then
3626 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3627 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3628 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3630 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3637 if test "$MANTYPE" = "doc"; then
3644 # Check whether to enable MD5 passwords
3646 AC_ARG_WITH(md5-passwords,
3647 [ --with-md5-passwords Enable use of MD5 passwords],
3649 if test "x$withval" != "xno" ; then
3650 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3651 [Define if you want to allow MD5 passwords])
3657 # Whether to disable shadow password support
3659 [ --without-shadow Disable shadow password support],
3661 if test "x$withval" = "xno" ; then
3662 AC_DEFINE(DISABLE_SHADOW)
3668 if test -z "$disable_shadow" ; then
3669 AC_MSG_CHECKING([if the systems has expire shadow information])
3672 #include <sys/types.h>
3675 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3676 [ sp_expire_available=yes ], []
3679 if test "x$sp_expire_available" = "xyes" ; then
3681 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3682 [Define if you want to use shadow password expire field])
3688 # Use ip address instead of hostname in $DISPLAY
3689 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3690 DISPLAY_HACK_MSG="yes"
3691 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3692 [Define if you need to use IP address
3693 instead of hostname in $DISPLAY])
3695 DISPLAY_HACK_MSG="no"
3696 AC_ARG_WITH(ipaddr-display,
3697 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3699 if test "x$withval" != "xno" ; then
3700 AC_DEFINE(IPADDR_IN_DISPLAY)
3701 DISPLAY_HACK_MSG="yes"
3707 # check for /etc/default/login and use it if present.
3708 AC_ARG_ENABLE(etc-default-login,
3709 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3710 [ if test "x$enableval" = "xno"; then
3711 AC_MSG_NOTICE([/etc/default/login handling disabled])
3712 etc_default_login=no
3714 etc_default_login=yes
3716 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3718 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3719 etc_default_login=no
3721 etc_default_login=yes
3725 if test "x$etc_default_login" != "xno"; then
3726 AC_CHECK_FILE("/etc/default/login",
3727 [ external_path_file=/etc/default/login ])
3728 if test "x$external_path_file" = "x/etc/default/login"; then
3729 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3730 [Define if your system has /etc/default/login])
3734 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3735 if test $ac_cv_func_login_getcapbool = "yes" && \
3736 test $ac_cv_header_login_cap_h = "yes" ; then
3737 external_path_file=/etc/login.conf
3740 # Whether to mess with the default path
3741 SERVER_PATH_MSG="(default)"
3742 AC_ARG_WITH(default-path,
3743 [ --with-default-path= Specify default \$PATH environment for server],
3745 if test "x$external_path_file" = "x/etc/login.conf" ; then
3747 --with-default-path=PATH has no effect on this system.
3748 Edit /etc/login.conf instead.])
3749 elif test "x$withval" != "xno" ; then
3750 if test ! -z "$external_path_file" ; then
3752 --with-default-path=PATH will only be used if PATH is not defined in
3753 $external_path_file .])
3755 user_path="$withval"
3756 SERVER_PATH_MSG="$withval"
3759 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3760 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3762 if test ! -z "$external_path_file" ; then
3764 If PATH is defined in $external_path_file, ensure the path to scp is included,
3765 otherwise scp will not work.])
3769 /* find out what STDPATH is */
3774 #ifndef _PATH_STDPATH
3775 # ifdef _PATH_USERPATH /* Irix */
3776 # define _PATH_STDPATH _PATH_USERPATH
3778 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3781 #include <sys/types.h>
3782 #include <sys/stat.h>
3784 #define DATA "conftest.stdpath"
3791 fd = fopen(DATA,"w");
3795 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3801 [ user_path=`cat conftest.stdpath` ],
3802 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3803 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3805 # make sure $bindir is in USER_PATH so scp will work
3806 t_bindir=`eval echo ${bindir}`
3808 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3811 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3813 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3814 if test $? -ne 0 ; then
3815 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3816 if test $? -ne 0 ; then
3817 user_path=$user_path:$t_bindir
3818 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3823 if test "x$external_path_file" != "x/etc/login.conf" ; then
3824 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3828 # Set superuser path separately to user path
3829 AC_ARG_WITH(superuser-path,
3830 [ --with-superuser-path= Specify different path for super-user],
3832 if test -n "$withval" && test "x$withval" != "xno" && \
3833 test "x${withval}" != "xyes"; then
3834 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3835 [Define if you want a different $PATH
3837 superuser_path=$withval
3843 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3844 IPV4_IN6_HACK_MSG="no"
3846 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3848 if test "x$withval" != "xno" ; then
3850 AC_DEFINE(IPV4_IN_IPV6, 1,
3851 [Detect IPv4 in IPv6 mapped addresses
3853 IPV4_IN6_HACK_MSG="yes"
3858 if test "x$inet6_default_4in6" = "xyes"; then
3859 AC_MSG_RESULT([yes (default)])
3860 AC_DEFINE(IPV4_IN_IPV6)
3861 IPV4_IN6_HACK_MSG="yes"
3863 AC_MSG_RESULT([no (default)])
3868 # Whether to enable BSD auth support
3870 AC_ARG_WITH(bsd-auth,
3871 [ --with-bsd-auth Enable BSD auth support],
3873 if test "x$withval" != "xno" ; then
3874 AC_DEFINE(BSD_AUTH, 1,
3875 [Define if you have BSD auth support])
3881 # Where to place sshd.pid
3883 # make sure the directory exists
3884 if test ! -d $piddir ; then
3885 piddir=`eval echo ${sysconfdir}`
3887 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3891 AC_ARG_WITH(pid-dir,
3892 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3894 if test -n "$withval" && test "x$withval" != "xno" && \
3895 test "x${withval}" != "xyes"; then
3897 if test ! -d $piddir ; then
3898 AC_MSG_WARN([** no $piddir directory on this system **])
3904 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3907 dnl allow user to disable some login recording features
3908 AC_ARG_ENABLE(lastlog,
3909 [ --disable-lastlog disable use of lastlog even if detected [no]],
3911 if test "x$enableval" = "xno" ; then
3912 AC_DEFINE(DISABLE_LASTLOG)
3917 [ --disable-utmp disable use of utmp even if detected [no]],
3919 if test "x$enableval" = "xno" ; then
3920 AC_DEFINE(DISABLE_UTMP)
3924 AC_ARG_ENABLE(utmpx,
3925 [ --disable-utmpx disable use of utmpx even if detected [no]],
3927 if test "x$enableval" = "xno" ; then
3928 AC_DEFINE(DISABLE_UTMPX, 1,
3929 [Define if you don't want to use utmpx])
3934 [ --disable-wtmp disable use of wtmp even if detected [no]],
3936 if test "x$enableval" = "xno" ; then
3937 AC_DEFINE(DISABLE_WTMP)
3941 AC_ARG_ENABLE(wtmpx,
3942 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3944 if test "x$enableval" = "xno" ; then
3945 AC_DEFINE(DISABLE_WTMPX, 1,
3946 [Define if you don't want to use wtmpx])
3950 AC_ARG_ENABLE(libutil,
3951 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3953 if test "x$enableval" = "xno" ; then
3954 AC_DEFINE(DISABLE_LOGIN)
3958 AC_ARG_ENABLE(pututline,
3959 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3961 if test "x$enableval" = "xno" ; then
3962 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3963 [Define if you don't want to use pututline()
3964 etc. to write [uw]tmp])
3968 AC_ARG_ENABLE(pututxline,
3969 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3971 if test "x$enableval" = "xno" ; then
3972 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3973 [Define if you don't want to use pututxline()
3974 etc. to write [uw]tmpx])
3978 AC_ARG_WITH(lastlog,
3979 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3981 if test "x$withval" = "xno" ; then
3982 AC_DEFINE(DISABLE_LASTLOG)
3983 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3984 conf_lastlog_location=$withval
3989 dnl lastlog, [uw]tmpx? detection
3990 dnl NOTE: set the paths in the platform section to avoid the
3991 dnl need for command-line parameters
3992 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3994 dnl lastlog detection
3995 dnl NOTE: the code itself will detect if lastlog is a directory
3996 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3998 #include <sys/types.h>
4000 #ifdef HAVE_LASTLOG_H
4001 # include <lastlog.h>
4010 [ char *lastlog = LASTLOG_FILE; ],
4011 [ AC_MSG_RESULT(yes) ],
4014 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4016 #include <sys/types.h>
4018 #ifdef HAVE_LASTLOG_H
4019 # include <lastlog.h>
4025 [ char *lastlog = _PATH_LASTLOG; ],
4026 [ AC_MSG_RESULT(yes) ],
4029 system_lastlog_path=no
4034 if test -z "$conf_lastlog_location"; then
4035 if test x"$system_lastlog_path" = x"no" ; then
4036 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4037 if (test -d "$f" || test -f "$f") ; then
4038 conf_lastlog_location=$f
4041 if test -z "$conf_lastlog_location"; then
4042 AC_MSG_WARN([** Cannot find lastlog **])
4043 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4048 if test -n "$conf_lastlog_location"; then
4049 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4050 [Define if you want to specify the path to your lastlog file])
4054 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4056 #include <sys/types.h>
4062 [ char *utmp = UTMP_FILE; ],
4063 [ AC_MSG_RESULT(yes) ],
4065 system_utmp_path=no ]
4067 if test -z "$conf_utmp_location"; then
4068 if test x"$system_utmp_path" = x"no" ; then
4069 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4070 if test -f $f ; then
4071 conf_utmp_location=$f
4074 if test -z "$conf_utmp_location"; then
4075 AC_DEFINE(DISABLE_UTMP)
4079 if test -n "$conf_utmp_location"; then
4080 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4081 [Define if you want to specify the path to your utmp file])
4085 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4087 #include <sys/types.h>
4093 [ char *wtmp = WTMP_FILE; ],
4094 [ AC_MSG_RESULT(yes) ],
4096 system_wtmp_path=no ]
4098 if test -z "$conf_wtmp_location"; then
4099 if test x"$system_wtmp_path" = x"no" ; then
4100 for f in /usr/adm/wtmp /var/log/wtmp; do
4101 if test -f $f ; then
4102 conf_wtmp_location=$f
4105 if test -z "$conf_wtmp_location"; then
4106 AC_DEFINE(DISABLE_WTMP)
4110 if test -n "$conf_wtmp_location"; then
4111 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4112 [Define if you want to specify the path to your wtmp file])
4116 dnl utmpx detection - I don't know any system so perverse as to require
4117 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4119 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4121 #include <sys/types.h>
4130 [ char *utmpx = UTMPX_FILE; ],
4131 [ AC_MSG_RESULT(yes) ],
4133 system_utmpx_path=no ]
4135 if test -z "$conf_utmpx_location"; then
4136 if test x"$system_utmpx_path" = x"no" ; then
4137 AC_DEFINE(DISABLE_UTMPX)
4140 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4141 [Define if you want to specify the path to your utmpx file])
4145 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4147 #include <sys/types.h>
4156 [ char *wtmpx = WTMPX_FILE; ],
4157 [ AC_MSG_RESULT(yes) ],
4159 system_wtmpx_path=no ]
4161 if test -z "$conf_wtmpx_location"; then
4162 if test x"$system_wtmpx_path" = x"no" ; then
4163 AC_DEFINE(DISABLE_WTMPX)
4166 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4167 [Define if you want to specify the path to your wtmpx file])
4171 if test ! -z "$blibpath" ; then
4172 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4173 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4176 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4178 CFLAGS="$CFLAGS $werror_flags"
4181 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4182 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4183 scard/Makefile ssh_prng_cmds survey.sh])
4186 # Print summary of options
4188 # Someone please show me a better way :)
4189 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4190 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4191 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4192 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4193 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4194 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4195 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4196 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4197 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4198 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4201 echo "OpenSSH has been configured with the following options:"
4202 echo " User binaries: $B"
4203 echo " System binaries: $C"
4204 echo " Configuration files: $D"
4205 echo " Askpass program: $E"
4206 echo " Manual pages: $F"
4207 echo " PID file: $G"
4208 echo " Privilege separation chroot path: $H"
4209 if test "x$external_path_file" = "x/etc/login.conf" ; then
4210 echo " At runtime, sshd will use the path defined in $external_path_file"
4211 echo " Make sure the path to scp is present, otherwise scp will not work"
4213 echo " sshd default user PATH: $I"
4214 if test ! -z "$external_path_file"; then
4215 echo " (If PATH is set in $external_path_file it will be used instead. If"
4216 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4219 if test ! -z "$superuser_path" ; then
4220 echo " sshd superuser user PATH: $J"
4222 echo " Manpage format: $MANTYPE"
4223 echo " PAM support: $PAM_MSG"
4224 echo " OSF SIA support: $SIA_MSG"
4225 echo " KerberosV support: $KRB5_MSG"
4226 echo " SELinux support: $SELINUX_MSG"
4227 echo " Smartcard support: $SCARD_MSG"
4228 echo " S/KEY support: $SKEY_MSG"
4229 echo " TCP Wrappers support: $TCPW_MSG"
4230 echo " MD5 password support: $MD5_MSG"
4231 echo " libedit support: $LIBEDIT_MSG"
4232 echo " Solaris process contract support: $SPC_MSG"
4233 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4234 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4235 echo " BSD Auth support: $BSD_AUTH_MSG"
4236 echo " Random number source: $RAND_MSG"
4237 if test ! -z "$USE_RAND_HELPER" ; then
4238 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4243 echo " Host: ${host}"
4244 echo " Compiler: ${CC}"
4245 echo " Compiler flags: ${CFLAGS}"
4246 echo "Preprocessor flags: ${CPPFLAGS}"
4247 echo " Linker flags: ${LDFLAGS}"
4248 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
4252 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4253 echo "SVR4 style packages are supported with \"make package\""
4257 if test "x$PAM_MSG" = "xyes" ; then
4258 echo "PAM is enabled. You may need to install a PAM control file "
4259 echo "for sshd, otherwise password authentication may fail. "
4260 echo "Example PAM control files can be found in the contrib/ "
4265 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4266 echo "WARNING: you are using the builtin random number collection "
4267 echo "service. Please read WARNING.RNG and request that your OS "
4268 echo "vendor includes kernel-based random number collection in "
4269 echo "future versions of your OS."
4273 if test ! -z "$NO_PEERCHECK" ; then
4274 echo "WARNING: the operating system that you are using does not "
4275 echo "appear to support either the getpeereid() API nor the "
4276 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4277 echo "enforce security checks to prevent unauthorised connections to "
4278 echo "ssh-agent. Their absence increases the risk that a malicious "
4279 echo "user can connect to your agent. "
4283 if test "$AUDIT_MODULE" = "bsm" ; then
4284 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4285 echo "See the Solaris section in README.platform for details."