3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Allow user to specify flags
132 [ --with-cflags Specify additional flags to pass to compiler],
134 if test -n "$withval" && test "x$withval" != "xno" && \
135 test "x${withval}" != "xyes"; then
136 CFLAGS="$CFLAGS $withval"
140 AC_ARG_WITH(cppflags,
141 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
143 if test -n "$withval" && test "x$withval" != "xno" && \
144 test "x${withval}" != "xyes"; then
145 CPPFLAGS="$CPPFLAGS $withval"
150 [ --with-ldflags Specify additional flags to pass to linker],
152 if test -n "$withval" && test "x$withval" != "xno" && \
153 test "x${withval}" != "xyes"; then
154 LDFLAGS="$LDFLAGS $withval"
159 [ --with-libs Specify additional libraries to link with],
161 if test -n "$withval" && test "x$withval" != "xno" && \
162 test "x${withval}" != "xyes"; then
163 LIBS="$LIBS $withval"
168 [ --with-Werror Build main code with -Werror],
170 if test -n "$withval" && test "x$withval" != "xno"; then
171 werror_flags="-Werror"
172 if test "x${withval}" != "xyes"; then
173 werror_flags="$withval"
204 security/pam_appl.h \
241 # lastlog.h requires sys/time.h to be included first on Solaris
242 AC_CHECK_HEADERS(lastlog.h, [], [], [
243 #ifdef HAVE_SYS_TIME_H
244 # include <sys/time.h>
248 # sys/ptms.h requires sys/stream.h to be included first on Solaris
249 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
250 #ifdef HAVE_SYS_STREAM_H
251 # include <sys/stream.h>
255 # login_cap.h requires sys/types.h on NetBSD
256 AC_CHECK_HEADERS(login_cap.h, [], [], [
257 #include <sys/types.h>
260 # Messages for features tested for in target-specific section
264 # Check for some target-specific stuff
267 # Some versions of VAC won't allow macro redefinitions at
268 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
269 # particularly with older versions of vac or xlc.
270 # It also throws errors about null macro argments, but these are
272 AC_MSG_CHECKING(if compiler allows macro redefinitions)
275 #define testmacro foo
276 #define testmacro bar
277 int main(void) { exit(0); }
279 [ AC_MSG_RESULT(yes) ],
281 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
282 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
283 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
284 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
288 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
289 if (test -z "$blibpath"); then
290 blibpath="/usr/lib:/lib"
292 saved_LDFLAGS="$LDFLAGS"
293 if test "$GCC" = "yes"; then
294 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
296 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
298 for tryflags in $flags ;do
299 if (test -z "$blibflags"); then
300 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
301 AC_TRY_LINK([], [], [blibflags=$tryflags])
304 if (test -z "$blibflags"); then
305 AC_MSG_RESULT(not found)
306 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
308 AC_MSG_RESULT($blibflags)
310 LDFLAGS="$saved_LDFLAGS"
311 dnl Check for authenticate. Might be in libs.a on older AIXes
312 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
313 [Define if you want to enable AIX4's authenticate function])],
314 [AC_CHECK_LIB(s,authenticate,
315 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
319 dnl Check for various auth function declarations in headers.
320 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
321 passwdexpired, setauthdb], , , [#include <usersec.h>])
322 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
323 AC_CHECK_DECLS(loginfailed,
324 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
326 [#include <usersec.h>],
327 [(void)loginfailed("user","host","tty",0);],
329 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
330 [Define if your AIX loginfailed() function
331 takes 4 arguments (AIX >= 5.2)])],
335 [#include <usersec.h>]
337 AC_CHECK_FUNCS(setauthdb)
338 AC_CHECK_DECL(F_CLOSEM,
339 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
341 [ #include <limits.h>
344 check_for_aix_broken_getaddrinfo=1
345 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
346 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
347 [Define if your platform breaks doing a seteuid before a setuid])
348 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
349 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
350 dnl AIX handles lastlog as part of its login message
351 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
352 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
353 [Some systems need a utmpx entry for /bin/login to work])
354 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
355 [Define to a Set Process Title type if your system is
356 supported by bsd-setproctitle.c])
357 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
358 [AIX 5.2 and 5.3 (and presumably newer) require this])
359 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
362 check_for_libcrypt_later=1
363 LIBS="$LIBS /usr/lib/textmode.o"
364 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
365 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
366 AC_DEFINE(DISABLE_SHADOW, 1,
367 [Define if you want to disable shadow passwords])
368 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
369 [Define if your system choked on IP TOS setting])
370 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
371 [Define if X11 doesn't support AF_UNIX sockets on that system])
372 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
373 [Define if the concept of ports only accessible to
374 superusers isn't known])
375 AC_DEFINE(DISABLE_FD_PASSING, 1,
376 [Define if your platform needs to skip post auth
377 file descriptor passing])
380 AC_DEFINE(IP_TOS_IS_BROKEN)
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
386 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
387 AC_DEFINE(SETEUID_BREAKS_SETUID)
388 AC_DEFINE(BROKEN_SETREUID)
389 AC_DEFINE(BROKEN_SETREGID)
390 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
391 [Define if your resolver libs need this for getrrsetbyname])
392 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
393 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
394 [Use tunnel device compatibility to OpenBSD])
395 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
396 [Prepend the address family to IP tunnel traffic])
397 AC_MSG_CHECKING(if we have the Security Authorization Session API)
398 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
399 [SessionCreate(0, 0);],
400 [ac_cv_use_security_session_api="yes"
401 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
402 [platform has the Security Authorization Session API])
403 LIBS="$LIBS -framework Security"
405 [ac_cv_use_security_session_api="no"
407 AC_MSG_CHECKING(if we have an in-memory credentials cache)
409 [#include <Kerberos/Kerberos.h>],
411 (void) cc_initialize (&c, 0, NULL, NULL);],
412 [AC_DEFINE(USE_CCAPI, 1,
413 [platform uses an in-memory credentials cache])
414 LIBS="$LIBS -framework Security"
416 if test "x$ac_cv_use_security_session_api" = "xno"; then
417 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
423 SSHDLIBS="$SSHDLIBS -lcrypt"
426 # first we define all of the options common to all HP-UX releases
427 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
428 IPADDR_IN_DISPLAY=yes
430 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
431 [Define if your login program cannot handle end of options ("--")])
432 AC_DEFINE(LOGIN_NEEDS_UTMPX)
433 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
434 [String used in /etc/passwd to denote locked account])
435 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
436 MAIL="/var/mail/username"
438 AC_CHECK_LIB(xnet, t_error, ,
439 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
441 # next, we define all of the options specific to major releases
444 if test -z "$GCC"; then
449 AC_DEFINE(PAM_SUN_CODEBASE, 1,
450 [Define if you are using Solaris-derived PAM which
451 passes pam_messages to the conversation function
452 with an extra level of indirection])
453 AC_DEFINE(DISABLE_UTMP, 1,
454 [Define if you don't want to use utmp])
455 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
456 check_for_hpux_broken_getaddrinfo=1
457 check_for_conflicting_getspnam=1
461 # lastly, we define options specific to minor releases
464 AC_DEFINE(HAVE_SECUREWARE, 1,
465 [Define if you have SecureWare-based
466 protected password database])
467 disable_ptmx_check=yes
473 PATH="$PATH:/usr/etc"
474 AC_DEFINE(BROKEN_INET_NTOA, 1,
475 [Define if you system's inet_ntoa is busted
476 (e.g. Irix gcc issue)])
477 AC_DEFINE(SETEUID_BREAKS_SETUID)
478 AC_DEFINE(BROKEN_SETREUID)
479 AC_DEFINE(BROKEN_SETREGID)
480 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
481 [Define if you shouldn't strip 'tty' from your
483 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
486 PATH="$PATH:/usr/etc"
487 AC_DEFINE(WITH_IRIX_ARRAY, 1,
488 [Define if you have/want arrays
489 (cluster-wide session managment, not C arrays)])
490 AC_DEFINE(WITH_IRIX_PROJECT, 1,
491 [Define if you want IRIX project management])
492 AC_DEFINE(WITH_IRIX_AUDIT, 1,
493 [Define if you want IRIX audit trails])
494 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
495 [Define if you want IRIX kernel jobs])])
496 AC_DEFINE(BROKEN_INET_NTOA)
497 AC_DEFINE(SETEUID_BREAKS_SETUID)
498 AC_DEFINE(BROKEN_SETREUID)
499 AC_DEFINE(BROKEN_SETREGID)
500 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
501 AC_DEFINE(WITH_ABBREV_NO_TTY)
502 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
506 check_for_libcrypt_later=1
507 check_for_openpty_ctty_bug=1
508 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
509 AC_DEFINE(PAM_TTY_KLUDGE, 1,
510 [Work around problematic Linux PAM modules handling of PAM_TTY])
511 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
512 [String used in /etc/passwd to denote locked account])
513 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
514 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
515 [Define to whatever link() returns for "not supported"
516 if it doesn't return EOPNOTSUPP.])
517 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
519 inet6_default_4in6=yes
522 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
523 [Define if cmsg_type is not passed correctly])
526 # tun(4) forwarding compat code
527 AC_CHECK_HEADERS(linux/if_tun.h)
528 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
529 AC_DEFINE(SSH_TUN_LINUX, 1,
530 [Open tunnel devices the Linux tun/tap way])
531 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
532 [Use tunnel device compatibility to OpenBSD])
533 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
534 [Prepend the address family to IP tunnel traffic])
537 mips-sony-bsd|mips-sony-newsos4)
538 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
542 check_for_libcrypt_before=1
543 if test "x$withval" != "xno" ; then
546 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
547 AC_CHECK_HEADER([net/if_tap.h], ,
548 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
549 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
550 [Prepend the address family to IP tunnel traffic])
553 check_for_libcrypt_later=1
554 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
555 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
556 AC_CHECK_HEADER([net/if_tap.h], ,
557 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
560 AC_DEFINE(SETEUID_BREAKS_SETUID)
561 AC_DEFINE(BROKEN_SETREUID)
562 AC_DEFINE(BROKEN_SETREGID)
565 conf_lastlog_location="/usr/adm/lastlog"
566 conf_utmp_location=/etc/utmp
567 conf_wtmp_location=/usr/adm/wtmp
569 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
570 AC_DEFINE(BROKEN_REALPATH)
572 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
575 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
576 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
577 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
578 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
579 [syslog_r function is safe to use in in a signal handler])
582 if test "x$withval" != "xno" ; then
585 AC_DEFINE(PAM_SUN_CODEBASE)
586 AC_DEFINE(LOGIN_NEEDS_UTMPX)
587 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
588 [Some versions of /bin/login need the TERM supplied
590 AC_DEFINE(PAM_TTY_KLUDGE)
591 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
592 [Define if pam_chauthtok wants real uid set
593 to the unpriv'ed user])
594 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
595 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
596 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
597 [Define if sshd somehow reacquires a controlling TTY
599 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
600 in case the name is longer than 8 chars])
601 external_path_file=/etc/default/login
602 # hardwire lastlog location (can't detect it on some versions)
603 conf_lastlog_location="/var/adm/lastlog"
604 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
605 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
606 if test "$sol2ver" -ge 8; then
608 AC_DEFINE(DISABLE_UTMP)
609 AC_DEFINE(DISABLE_WTMP, 1,
610 [Define if you don't want to use wtmp])
614 AC_ARG_WITH(solaris-contracts,
615 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
617 AC_CHECK_LIB(contract, ct_tmpl_activate,
618 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
619 [Define if you have Solaris process contracts])
620 SSHDLIBS="$SSHDLIBS -lcontract"
627 CPPFLAGS="$CPPFLAGS -DSUNOS4"
628 AC_CHECK_FUNCS(getpwanam)
629 AC_DEFINE(PAM_SUN_CODEBASE)
630 conf_utmp_location=/etc/utmp
631 conf_wtmp_location=/var/adm/wtmp
632 conf_lastlog_location=/var/adm/lastlog
638 AC_DEFINE(SSHD_ACQUIRES_CTTY)
639 AC_DEFINE(SETEUID_BREAKS_SETUID)
640 AC_DEFINE(BROKEN_SETREUID)
641 AC_DEFINE(BROKEN_SETREGID)
644 # /usr/ucblib MUST NOT be searched on ReliantUNIX
645 AC_CHECK_LIB(dl, dlsym, ,)
646 # -lresolv needs to be at the end of LIBS or DNS lookups break
647 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
648 IPADDR_IN_DISPLAY=yes
650 AC_DEFINE(IP_TOS_IS_BROKEN)
651 AC_DEFINE(SETEUID_BREAKS_SETUID)
652 AC_DEFINE(BROKEN_SETREUID)
653 AC_DEFINE(BROKEN_SETREGID)
654 AC_DEFINE(SSHD_ACQUIRES_CTTY)
655 external_path_file=/etc/default/login
656 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
657 # Attention: always take care to bind libsocket and libnsl before libc,
658 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
660 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
663 AC_DEFINE(SETEUID_BREAKS_SETUID)
664 AC_DEFINE(BROKEN_SETREUID)
665 AC_DEFINE(BROKEN_SETREGID)
666 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
667 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
669 # UnixWare 7.x, OpenUNIX 8
671 check_for_libcrypt_later=1
672 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
674 AC_DEFINE(SETEUID_BREAKS_SETUID)
675 AC_DEFINE(BROKEN_SETREUID)
676 AC_DEFINE(BROKEN_SETREGID)
677 AC_DEFINE(PASSWD_NEEDS_USERNAME)
679 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
680 TEST_SHELL=/u95/bin/sh
681 AC_DEFINE(BROKEN_LIBIAF, 1,
682 [ia_uinfo routines not supported by OS yet])
683 AC_DEFINE(BROKEN_UPDWTMPX)
685 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
691 # SCO UNIX and OEM versions of SCO UNIX
693 AC_MSG_ERROR("This Platform is no longer supported.")
697 if test -z "$GCC"; then
698 CFLAGS="$CFLAGS -belf"
700 LIBS="$LIBS -lprot -lx -ltinfo -lm"
703 AC_DEFINE(HAVE_SECUREWARE)
704 AC_DEFINE(DISABLE_SHADOW)
705 AC_DEFINE(DISABLE_FD_PASSING)
706 AC_DEFINE(SETEUID_BREAKS_SETUID)
707 AC_DEFINE(BROKEN_SETREUID)
708 AC_DEFINE(BROKEN_SETREGID)
709 AC_DEFINE(WITH_ABBREV_NO_TTY)
710 AC_DEFINE(BROKEN_UPDWTMPX)
711 AC_DEFINE(PASSWD_NEEDS_USERNAME)
712 AC_CHECK_FUNCS(getluid setluid)
717 AC_DEFINE(NO_SSH_LASTLOG, 1,
718 [Define if you don't want to use lastlog in session.c])
719 AC_DEFINE(SETEUID_BREAKS_SETUID)
720 AC_DEFINE(BROKEN_SETREUID)
721 AC_DEFINE(BROKEN_SETREGID)
723 AC_DEFINE(DISABLE_FD_PASSING)
725 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
729 AC_DEFINE(SETEUID_BREAKS_SETUID)
730 AC_DEFINE(BROKEN_SETREUID)
731 AC_DEFINE(BROKEN_SETREGID)
732 AC_DEFINE(WITH_ABBREV_NO_TTY)
734 AC_DEFINE(DISABLE_FD_PASSING)
736 LIBS="$LIBS -lgen -lacid -ldb"
740 AC_DEFINE(SETEUID_BREAKS_SETUID)
741 AC_DEFINE(BROKEN_SETREUID)
742 AC_DEFINE(BROKEN_SETREGID)
744 AC_DEFINE(DISABLE_FD_PASSING)
745 AC_DEFINE(NO_SSH_LASTLOG)
746 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
747 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
751 AC_MSG_CHECKING(for Digital Unix SIA)
754 [ --with-osfsia Enable Digital Unix SIA],
756 if test "x$withval" = "xno" ; then
757 AC_MSG_RESULT(disabled)
762 if test -z "$no_osfsia" ; then
763 if test -f /etc/sia/matrix.conf; then
765 AC_DEFINE(HAVE_OSF_SIA, 1,
766 [Define if you have Digital Unix Security
767 Integration Architecture])
768 AC_DEFINE(DISABLE_LOGIN, 1,
769 [Define if you don't want to use your
770 system's login() call])
771 AC_DEFINE(DISABLE_FD_PASSING)
772 LIBS="$LIBS -lsecurity -ldb -lm -laud"
776 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
777 [String used in /etc/passwd to denote locked account])
780 AC_DEFINE(BROKEN_GETADDRINFO)
781 AC_DEFINE(SETEUID_BREAKS_SETUID)
782 AC_DEFINE(BROKEN_SETREUID)
783 AC_DEFINE(BROKEN_SETREGID)
788 AC_DEFINE(NO_X11_UNIX_SOCKETS)
789 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
790 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
791 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
792 AC_DEFINE(DISABLE_LASTLOG)
793 AC_DEFINE(SSHD_ACQUIRES_CTTY)
794 enable_etc_default_login=no # has incompatible /etc/default/login
798 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
799 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
800 AC_DEFINE(NEED_SETPGRP)
801 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
805 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
806 AC_DEFINE(MISSING_HOWMANY)
807 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
811 AC_MSG_CHECKING(compiler and flags for sanity)
817 [ AC_MSG_RESULT(yes) ],
820 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
822 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
825 dnl Checks for header files.
826 # Checks for libraries.
827 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
828 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
830 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
831 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
832 AC_CHECK_LIB(gen, dirname,[
833 AC_CACHE_CHECK([for broken dirname],
834 ac_cv_have_broken_dirname, [
842 int main(int argc, char **argv) {
845 strncpy(buf,"/etc", 32);
847 if (!s || strncmp(s, "/", 32) != 0) {
854 [ ac_cv_have_broken_dirname="no" ],
855 [ ac_cv_have_broken_dirname="yes" ],
856 [ ac_cv_have_broken_dirname="no" ],
860 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
862 AC_DEFINE(HAVE_DIRNAME)
863 AC_CHECK_HEADERS(libgen.h)
868 AC_CHECK_FUNC(getspnam, ,
869 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
870 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
871 [Define if you have the basename function.]))
875 [ --with-zlib=PATH Use zlib in PATH],
876 [ if test "x$withval" = "xno" ; then
877 AC_MSG_ERROR([*** zlib is required ***])
878 elif test "x$withval" != "xyes"; then
879 if test -d "$withval/lib"; then
880 if test -n "${need_dash_r}"; then
881 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
883 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
886 if test -n "${need_dash_r}"; then
887 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
889 LDFLAGS="-L${withval} ${LDFLAGS}"
892 if test -d "$withval/include"; then
893 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
895 CPPFLAGS="-I${withval} ${CPPFLAGS}"
900 AC_CHECK_LIB(z, deflate, ,
902 saved_CPPFLAGS="$CPPFLAGS"
903 saved_LDFLAGS="$LDFLAGS"
905 dnl Check default zlib install dir
906 if test -n "${need_dash_r}"; then
907 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
909 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
911 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
913 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
915 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
920 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
922 AC_ARG_WITH(zlib-version-check,
923 [ --without-zlib-version-check Disable zlib version check],
924 [ if test "x$withval" = "xno" ; then
925 zlib_check_nonfatal=1
930 AC_MSG_CHECKING(for possibly buggy zlib)
931 AC_RUN_IFELSE([AC_LANG_SOURCE([[
936 int a=0, b=0, c=0, d=0, n, v;
937 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
938 if (n != 3 && n != 4)
940 v = a*1000000 + b*10000 + c*100 + d;
941 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
944 if (a == 1 && b == 1 && c >= 4)
947 /* 1.2.3 and up are OK */
956 if test -z "$zlib_check_nonfatal" ; then
957 AC_MSG_ERROR([*** zlib too old - check config.log ***
958 Your reported zlib version has known security problems. It's possible your
959 vendor has fixed these problems without changing the version number. If you
960 are sure this is the case, you can disable the check by running
961 "./configure --without-zlib-version-check".
962 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
963 See http://www.gzip.org/zlib/ for details.])
965 AC_MSG_WARN([zlib version may have security problems])
968 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
972 AC_CHECK_FUNC(strcasecmp,
973 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
975 AC_CHECK_FUNCS(utimes,
976 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
977 LIBS="$LIBS -lc89"]) ]
980 dnl Checks for libutil functions
981 AC_CHECK_HEADERS(libutil.h)
982 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
983 [Define if your libraries define login()])])
984 AC_CHECK_FUNCS(logout updwtmp logwtmp)
988 # Check for ALTDIRFUNC glob() extension
989 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
990 AC_EGREP_CPP(FOUNDIT,
993 #ifdef GLOB_ALTDIRFUNC
998 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
999 [Define if your system glob() function has
1000 the GLOB_ALTDIRFUNC extension])
1008 # Check for g.gl_matchc glob() extension
1009 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1011 [ #include <glob.h> ],
1012 [glob_t g; g.gl_matchc = 1;],
1014 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1015 [Define if your system glob() function has
1016 gl_matchc options in glob_t])
1024 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1026 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1029 #include <sys/types.h>
1031 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1033 [AC_MSG_RESULT(yes)],
1036 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1037 [Define if your struct dirent expects you to
1038 allocate extra space for d_name])
1041 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1042 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1046 # Check whether the user wants GSSAPI mechglue support
1047 AC_ARG_WITH(mechglue,
1048 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1050 AC_MSG_CHECKING(for mechglue library)
1052 if test -e ${withval}/libgssapi.a ; then
1053 mechglue_lib=${withval}/libgssapi.a
1054 elif test -e ${withval}/lib/libgssapi.a ; then
1055 mechglue_lib=${withval}/lib/libgssapi.a
1057 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1059 LIBS="$LIBS ${mechglue_lib}"
1060 AC_MSG_RESULT(${mechglue_lib})
1062 AC_CHECK_LIB(dl, dlopen, , )
1063 if test $ac_cv_lib_dl_dlopen = yes; then
1064 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1068 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1075 # Check whether the user wants GSI (Globus) support
1078 [ --with-gsi Enable Globus GSI authentication support],
1085 [ --with-globus Enable Globus GSI authentication support],
1091 AC_ARG_WITH(globus-static,
1092 [ --with-globus-static Link statically with Globus GSI libraries],
1094 gsi_static="-static"
1095 if test "x$gsi_path" = "xno" ; then
1101 # Check whether the user has a Globus flavor type
1102 globus_flavor_type="no"
1103 AC_ARG_WITH(globus-flavor,
1104 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
1106 globus_flavor_type="$withval"
1107 if test "x$gsi_path" = "xno" ; then
1113 if test "x$gsi_path" != "xno" ; then
1114 # Globus GSSAPI configuration
1115 AC_MSG_CHECKING(for Globus GSI)
1116 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
1118 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
1119 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1121 if test -z "$GSSAPI"; then
1126 if test "x$gsi_path" = "xyes" ; then
1127 if test -z "$GLOBUS_LOCATION" ; then
1128 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
1130 gsi_path="$GLOBUS_LOCATION"
1133 GLOBUS_LOCATION="$gsi_path"
1134 export GLOBUS_LOCATION
1135 if test ! -d "$GLOBUS_LOCATION" ; then
1136 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1139 if test "x$globus_flavor_type" = "xno" ; then
1140 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1142 if test "x$globus_flavor_type" = "xyes" ; then
1143 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1146 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1147 if test ! -d "$GLOBUS_INCLUDE" ; then
1148 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1150 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
1152 if test -x ${gsi_path}/bin/globus-makefile-header ; then
1153 GSI_LIBS=`${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
1154 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
1155 GSI_LIBS=`${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
1157 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
1159 if test -n "${need_dash_r}"; then
1160 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
1162 GSI_LDFLAGS="-L${gsi_path}/lib"
1164 if test -z "$GSI_LIBS" ; then
1165 AC_MSG_ERROR(globus-makefile-header failed)
1168 AC_DEFINE(HAVE_GSSAPI_H)
1170 LIBS="$LIBS $GSI_LIBS"
1171 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1172 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
1174 # test that we got the libraries OK
1182 AC_MSG_ERROR(link with Globus libraries failed)
1185 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1186 INSTALL_GSISSH="yes"
1190 AC_SUBST(INSTALL_GSISSH)
1191 # End Globus/GSI section
1193 AC_MSG_CHECKING([for /proc/pid/fd directory])
1194 if test -d "/proc/$$/fd" ; then
1195 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1201 # Check whether user wants S/Key support
1204 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1206 if test "x$withval" != "xno" ; then
1208 if test "x$withval" != "xyes" ; then
1209 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1210 LDFLAGS="$LDFLAGS -L${withval}/lib"
1213 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1217 AC_MSG_CHECKING([for s/key support])
1222 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1224 [AC_MSG_RESULT(yes)],
1227 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1229 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1233 [(void)skeychallenge(NULL,"name","",0);],
1235 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1236 [Define if your skeychallenge()
1237 function takes 4 arguments (NetBSD)])],
1244 # Check whether user wants TCP wrappers support
1246 AC_ARG_WITH(tcp-wrappers,
1247 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1249 if test "x$withval" != "xno" ; then
1251 saved_LDFLAGS="$LDFLAGS"
1252 saved_CPPFLAGS="$CPPFLAGS"
1253 if test -n "${withval}" && \
1254 test "x${withval}" != "xyes"; then
1255 if test -d "${withval}/lib"; then
1256 if test -n "${need_dash_r}"; then
1257 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1259 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1262 if test -n "${need_dash_r}"; then
1263 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1265 LDFLAGS="-L${withval} ${LDFLAGS}"
1268 if test -d "${withval}/include"; then
1269 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1271 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1275 LIBS="$LIBWRAP $LIBS"
1276 AC_MSG_CHECKING(for libwrap)
1279 #include <sys/types.h>
1280 #include <sys/socket.h>
1281 #include <netinet/in.h>
1283 int deny_severity = 0, allow_severity = 0;
1288 AC_DEFINE(LIBWRAP, 1,
1290 TCP Wrappers support])
1295 AC_MSG_ERROR([*** libwrap missing])
1303 # Check whether user wants libedit support
1305 AC_ARG_WITH(libedit,
1306 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1307 [ if test "x$withval" != "xno" ; then
1308 if test "x$withval" != "xyes"; then
1309 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1310 if test -n "${need_dash_r}"; then
1311 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1313 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1316 AC_CHECK_LIB(edit, el_init,
1317 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1318 LIBEDIT="-ledit -lcurses"
1322 [ AC_MSG_ERROR(libedit not found) ],
1325 AC_MSG_CHECKING(if libedit version is compatible)
1328 #include <histedit.h>
1332 el_init("", NULL, NULL, NULL);
1336 [ AC_MSG_RESULT(yes) ],
1338 AC_MSG_ERROR(libedit version is not compatible) ]
1345 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1347 AC_MSG_CHECKING(for supported audit module)
1352 dnl Checks for headers, libs and functions
1353 AC_CHECK_HEADERS(bsm/audit.h, [],
1354 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1361 AC_CHECK_LIB(bsm, getaudit, [],
1362 [AC_MSG_ERROR(BSM enabled and required library not found)])
1363 AC_CHECK_FUNCS(getaudit, [],
1364 [AC_MSG_ERROR(BSM enabled and required function not found)])
1365 # These are optional
1366 AC_CHECK_FUNCS(getaudit_addr)
1367 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1371 AC_MSG_RESULT(debug)
1372 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1378 AC_MSG_ERROR([Unknown audit module $withval])
1383 dnl Checks for library functions. Please keep in alphabetical order
1468 # IRIX has a const char return value for gai_strerror()
1469 AC_CHECK_FUNCS(gai_strerror,[
1470 AC_DEFINE(HAVE_GAI_STRERROR)
1472 #include <sys/types.h>
1473 #include <sys/socket.h>
1476 const char *gai_strerror(int);],[
1479 str = gai_strerror(0);],[
1480 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1481 [Define if gai_strerror() returns const char *])])])
1483 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1484 [Some systems put nanosleep outside of libc]))
1486 dnl Make sure prototypes are defined for these before using them.
1487 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1488 AC_CHECK_DECL(strsep,
1489 [AC_CHECK_FUNCS(strsep)],
1492 #ifdef HAVE_STRING_H
1493 # include <string.h>
1497 dnl tcsendbreak might be a macro
1498 AC_CHECK_DECL(tcsendbreak,
1499 [AC_DEFINE(HAVE_TCSENDBREAK)],
1500 [AC_CHECK_FUNCS(tcsendbreak)],
1501 [#include <termios.h>]
1504 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1506 AC_CHECK_DECLS(SHUT_RD, , ,
1508 #include <sys/types.h>
1509 #include <sys/socket.h>
1512 AC_CHECK_DECLS(O_NONBLOCK, , ,
1514 #include <sys/types.h>
1515 #ifdef HAVE_SYS_STAT_H
1516 # include <sys/stat.h>
1523 AC_CHECK_DECLS(writev, , , [
1524 #include <sys/types.h>
1525 #include <sys/uio.h>
1529 AC_CHECK_FUNCS(setresuid, [
1530 dnl Some platorms have setresuid that isn't implemented, test for this
1531 AC_MSG_CHECKING(if setresuid seems to work)
1536 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1538 [AC_MSG_RESULT(yes)],
1539 [AC_DEFINE(BROKEN_SETRESUID, 1,
1540 [Define if your setresuid() is broken])
1541 AC_MSG_RESULT(not implemented)],
1542 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1546 AC_CHECK_FUNCS(setresgid, [
1547 dnl Some platorms have setresgid that isn't implemented, test for this
1548 AC_MSG_CHECKING(if setresgid seems to work)
1553 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1555 [AC_MSG_RESULT(yes)],
1556 [AC_DEFINE(BROKEN_SETRESGID, 1,
1557 [Define if your setresgid() is broken])
1558 AC_MSG_RESULT(not implemented)],
1559 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1563 dnl Checks for time functions
1564 AC_CHECK_FUNCS(gettimeofday time)
1565 dnl Checks for utmp functions
1566 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1567 AC_CHECK_FUNCS(utmpname)
1568 dnl Checks for utmpx functions
1569 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1570 AC_CHECK_FUNCS(setutxent utmpxname)
1572 AC_CHECK_FUNC(daemon,
1573 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1574 [AC_CHECK_LIB(bsd, daemon,
1575 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1578 AC_CHECK_FUNC(getpagesize,
1579 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1580 [Define if your libraries define getpagesize()])],
1581 [AC_CHECK_LIB(ucb, getpagesize,
1582 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1585 # Check for broken snprintf
1586 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1587 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1591 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1593 [AC_MSG_RESULT(yes)],
1596 AC_DEFINE(BROKEN_SNPRINTF, 1,
1597 [Define if your snprintf is busted])
1598 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1600 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1604 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1605 # returning the right thing on overflow: the number of characters it tried to
1606 # create (as per SUSv3)
1607 if test "x$ac_cv_func_asprintf" != "xyes" && \
1608 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1609 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1612 #include <sys/types.h>
1616 int x_snprintf(char *str,size_t count,const char *fmt,...)
1618 size_t ret; va_list ap;
1619 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1625 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1627 [AC_MSG_RESULT(yes)],
1630 AC_DEFINE(BROKEN_SNPRINTF, 1,
1631 [Define if your snprintf is busted])
1632 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1634 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1638 # On systems where [v]snprintf is broken, but is declared in stdio,
1639 # check that the fmt argument is const char * or just char *.
1640 # This is only useful for when BROKEN_SNPRINTF
1641 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1642 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1643 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1644 int main(void) { snprintf(0, 0, 0); }
1647 AC_DEFINE(SNPRINTF_CONST, [const],
1648 [Define as const if snprintf() can declare const char *fmt])],
1650 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1652 # Check for missing getpeereid (or equiv) support
1654 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1655 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1657 [#include <sys/types.h>
1658 #include <sys/socket.h>],
1659 [int i = SO_PEERCRED;],
1660 [ AC_MSG_RESULT(yes)
1661 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1668 dnl see whether mkstemp() requires XXXXXX
1669 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1670 AC_MSG_CHECKING([for (overly) strict mkstemp])
1674 main() { char template[]="conftest.mkstemp-test";
1675 if (mkstemp(template) == -1)
1677 unlink(template); exit(0);
1685 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1689 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1694 dnl make sure that openpty does not reacquire controlling terminal
1695 if test ! -z "$check_for_openpty_ctty_bug"; then
1696 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1700 #include <sys/fcntl.h>
1701 #include <sys/types.h>
1702 #include <sys/wait.h>
1708 int fd, ptyfd, ttyfd, status;
1711 if (pid < 0) { /* failed */
1713 } else if (pid > 0) { /* parent */
1714 waitpid(pid, &status, 0);
1715 if (WIFEXITED(status))
1716 exit(WEXITSTATUS(status));
1719 } else { /* child */
1720 close(0); close(1); close(2);
1722 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1723 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1725 exit(3); /* Acquired ctty: broken */
1727 exit(0); /* Did not acquire ctty: OK */
1736 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1739 AC_MSG_RESULT(cross-compiling, assuming yes)
1744 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1745 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1746 AC_MSG_CHECKING(if getaddrinfo seems to work)
1750 #include <sys/socket.h>
1753 #include <netinet/in.h>
1755 #define TEST_PORT "2222"
1761 struct addrinfo *gai_ai, *ai, hints;
1762 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1764 memset(&hints, 0, sizeof(hints));
1765 hints.ai_family = PF_UNSPEC;
1766 hints.ai_socktype = SOCK_STREAM;
1767 hints.ai_flags = AI_PASSIVE;
1769 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1771 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1775 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1776 if (ai->ai_family != AF_INET6)
1779 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1780 sizeof(ntop), strport, sizeof(strport),
1781 NI_NUMERICHOST|NI_NUMERICSERV);
1784 if (err == EAI_SYSTEM)
1785 perror("getnameinfo EAI_SYSTEM");
1787 fprintf(stderr, "getnameinfo failed: %s\n",
1792 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1795 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1808 AC_DEFINE(BROKEN_GETADDRINFO)
1811 AC_MSG_RESULT(cross-compiling, assuming yes)
1816 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1817 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1818 AC_MSG_CHECKING(if getaddrinfo seems to work)
1822 #include <sys/socket.h>
1825 #include <netinet/in.h>
1827 #define TEST_PORT "2222"
1833 struct addrinfo *gai_ai, *ai, hints;
1834 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1836 memset(&hints, 0, sizeof(hints));
1837 hints.ai_family = PF_UNSPEC;
1838 hints.ai_socktype = SOCK_STREAM;
1839 hints.ai_flags = AI_PASSIVE;
1841 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1843 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1847 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1848 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1851 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1852 sizeof(ntop), strport, sizeof(strport),
1853 NI_NUMERICHOST|NI_NUMERICSERV);
1855 if (ai->ai_family == AF_INET && err != 0) {
1856 perror("getnameinfo");
1865 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1866 [Define if you have a getaddrinfo that fails
1867 for the all-zeros IPv6 address])
1871 AC_DEFINE(BROKEN_GETADDRINFO)
1874 AC_MSG_RESULT(cross-compiling, assuming no)
1879 if test "x$check_for_conflicting_getspnam" = "x1"; then
1880 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1884 int main(void) {exit(0);}
1891 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1892 [Conflicting defs for getspnam])
1899 # Search for OpenSSL
1900 saved_CPPFLAGS="$CPPFLAGS"
1901 saved_LDFLAGS="$LDFLAGS"
1902 AC_ARG_WITH(ssl-dir,
1903 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1905 if test "x$withval" != "xno" ; then
1908 ./*|../*) withval="`pwd`/$withval"
1910 if test -d "$withval/lib"; then
1911 if test -n "${need_dash_r}"; then
1912 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1914 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1917 if test -n "${need_dash_r}"; then
1918 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1920 LDFLAGS="-L${withval} ${LDFLAGS}"
1923 if test -d "$withval/include"; then
1924 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1926 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1931 if test -z "$GSI_LIBS" ; then
1932 LIBS="-lcrypto $LIBS"
1934 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1935 [Define if your ssl headers are included
1936 with #include <openssl/header.h>]),
1938 dnl Check default openssl install dir
1939 if test -n "${need_dash_r}"; then
1940 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1942 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1944 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1945 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1947 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1953 # Determine OpenSSL header version
1954 AC_MSG_CHECKING([OpenSSL header version])
1959 #include <openssl/opensslv.h>
1960 #define DATA "conftest.sslincver"
1965 fd = fopen(DATA,"w");
1969 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1976 ssl_header_ver=`cat conftest.sslincver`
1977 AC_MSG_RESULT($ssl_header_ver)
1980 AC_MSG_RESULT(not found)
1981 AC_MSG_ERROR(OpenSSL version header not found.)
1984 AC_MSG_WARN([cross compiling: not checking])
1988 # Determine OpenSSL library version
1989 AC_MSG_CHECKING([OpenSSL library version])
1994 #include <openssl/opensslv.h>
1995 #include <openssl/crypto.h>
1996 #define DATA "conftest.ssllibver"
2001 fd = fopen(DATA,"w");
2005 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2012 ssl_library_ver=`cat conftest.ssllibver`
2013 AC_MSG_RESULT($ssl_library_ver)
2016 AC_MSG_RESULT(not found)
2017 AC_MSG_ERROR(OpenSSL library not found.)
2020 AC_MSG_WARN([cross compiling: not checking])
2024 # Sanity check OpenSSL headers
2025 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2029 #include <openssl/opensslv.h>
2030 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2037 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
2038 Check config.log for details.
2039 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2042 AC_MSG_WARN([cross compiling: not checking])
2046 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2049 #include <openssl/evp.h>
2050 int main(void) { SSLeay_add_all_algorithms(); }
2059 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2062 #include <openssl/evp.h>
2063 int main(void) { SSLeay_add_all_algorithms(); }
2076 AC_ARG_WITH(ssl-engine,
2077 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2078 [ if test "x$withval" != "xno" ; then
2079 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2081 [ #include <openssl/engine.h>],
2083 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2085 [ AC_MSG_RESULT(yes)
2086 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2087 [Enable OpenSSL engine support])
2089 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2094 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2095 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2099 #include <openssl/evp.h>
2100 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2107 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2108 [libcrypto is missing AES 192 and 256 bit functions])
2112 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2113 # because the system crypt() is more featureful.
2114 if test "x$check_for_libcrypt_before" = "x1"; then
2115 AC_CHECK_LIB(crypt, crypt)
2118 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2119 # version in OpenSSL.
2120 if test "x$check_for_libcrypt_later" = "x1"; then
2121 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2124 # Search for SHA256 support in libc and/or OpenSSL
2125 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2127 AC_CHECK_LIB(iaf, ia_openinfo)
2129 ### Configure cryptographic random number support
2131 # Check wheter OpenSSL seeds itself
2132 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2136 #include <openssl/rand.h>
2137 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2140 OPENSSL_SEEDS_ITSELF=yes
2145 # Default to use of the rand helper if OpenSSL doesn't
2150 AC_MSG_WARN([cross compiling: assuming yes])
2151 # This is safe, since all recent OpenSSL versions will
2152 # complain at runtime if not seeded correctly.
2153 OPENSSL_SEEDS_ITSELF=yes
2157 # Check for PAM libs
2160 [ --with-pam Enable PAM support ],
2162 if test "x$withval" != "xno" ; then
2163 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2164 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2165 AC_MSG_ERROR([PAM headers not found])
2169 AC_CHECK_LIB(dl, dlopen, , )
2170 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2171 AC_CHECK_FUNCS(pam_getenvlist)
2172 AC_CHECK_FUNCS(pam_putenv)
2178 AC_DEFINE(USE_PAM, 1,
2179 [Define if you want to enable PAM support])
2181 if test $ac_cv_lib_dl_dlopen = yes; then
2184 # libdl already in LIBS
2187 LIBPAM="$LIBPAM -ldl"
2196 # Check for older PAM
2197 if test "x$PAM_MSG" = "xyes" ; then
2198 # Check PAM strerror arguments (old PAM)
2199 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2203 #if defined(HAVE_SECURITY_PAM_APPL_H)
2204 #include <security/pam_appl.h>
2205 #elif defined (HAVE_PAM_PAM_APPL_H)
2206 #include <pam/pam_appl.h>
2209 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2210 [AC_MSG_RESULT(no)],
2212 AC_DEFINE(HAVE_OLD_PAM, 1,
2213 [Define if you have an old version of PAM
2214 which takes only one argument to pam_strerror])
2216 PAM_MSG="yes (old library)"
2221 # Do we want to force the use of the rand helper?
2222 AC_ARG_WITH(rand-helper,
2223 [ --with-rand-helper Use subprocess to gather strong randomness ],
2225 if test "x$withval" = "xno" ; then
2226 # Force use of OpenSSL's internal RNG, even if
2227 # the previous test showed it to be unseeded.
2228 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2229 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2230 OPENSSL_SEEDS_ITSELF=yes
2239 # Which randomness source do we use?
2240 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2242 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2243 [Define if you want OpenSSL's internally seeded PRNG only])
2244 RAND_MSG="OpenSSL internal ONLY"
2245 INSTALL_SSH_RAND_HELPER=""
2246 elif test ! -z "$USE_RAND_HELPER" ; then
2247 # install rand helper
2248 RAND_MSG="ssh-rand-helper"
2249 INSTALL_SSH_RAND_HELPER="yes"
2251 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2253 ### Configuration of ssh-rand-helper
2256 AC_ARG_WITH(prngd-port,
2257 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2266 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2269 if test ! -z "$withval" ; then
2270 PRNGD_PORT="$withval"
2271 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2272 [Port number of PRNGD/EGD random number socket])
2277 # PRNGD Unix domain socket
2278 AC_ARG_WITH(prngd-socket,
2279 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2283 withval="/var/run/egd-pool"
2291 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2295 if test ! -z "$withval" ; then
2296 if test ! -z "$PRNGD_PORT" ; then
2297 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2299 if test ! -r "$withval" ; then
2300 AC_MSG_WARN(Entropy socket is not readable)
2302 PRNGD_SOCKET="$withval"
2303 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2304 [Location of PRNGD/EGD random number socket])
2308 # Check for existing socket only if we don't have a random device already
2309 if test "$USE_RAND_HELPER" = yes ; then
2310 AC_MSG_CHECKING(for PRNGD/EGD socket)
2311 # Insert other locations here
2312 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2313 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2314 PRNGD_SOCKET="$sock"
2315 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2319 if test ! -z "$PRNGD_SOCKET" ; then
2320 AC_MSG_RESULT($PRNGD_SOCKET)
2322 AC_MSG_RESULT(not found)
2328 # Change default command timeout for hashing entropy source
2330 AC_ARG_WITH(entropy-timeout,
2331 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2333 if test -n "$withval" && test "x$withval" != "xno" && \
2334 test "x${withval}" != "xyes"; then
2335 entropy_timeout=$withval
2339 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2340 [Builtin PRNG command timeout])
2342 SSH_PRIVSEP_USER=sshd
2343 AC_ARG_WITH(privsep-user,
2344 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2346 if test -n "$withval" && test "x$withval" != "xno" && \
2347 test "x${withval}" != "xyes"; then
2348 SSH_PRIVSEP_USER=$withval
2352 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2353 [non-privileged user for privilege separation])
2354 AC_SUBST(SSH_PRIVSEP_USER)
2356 # We do this little dance with the search path to insure
2357 # that programs that we select for use by installed programs
2358 # (which may be run by the super-user) come from trusted
2359 # locations before they come from the user's private area.
2360 # This should help avoid accidentally configuring some
2361 # random version of a program in someone's personal bin.
2365 test -h /bin 2> /dev/null && PATH=/usr/bin
2366 test -d /sbin && PATH=$PATH:/sbin
2367 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2368 PATH=$PATH:/etc:$OPATH
2370 # These programs are used by the command hashing source to gather entropy
2371 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2372 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2373 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2374 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2375 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2376 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2377 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2378 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2379 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2380 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2381 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2382 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2383 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2384 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2385 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2386 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2390 # Where does ssh-rand-helper get its randomness from?
2391 INSTALL_SSH_PRNG_CMDS=""
2392 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2393 if test ! -z "$PRNGD_PORT" ; then
2394 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2395 elif test ! -z "$PRNGD_SOCKET" ; then
2396 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2398 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2399 RAND_HELPER_CMDHASH=yes
2400 INSTALL_SSH_PRNG_CMDS="yes"
2403 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2406 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2407 if test ! -z "$SONY" ; then
2408 LIBS="$LIBS -liberty";
2411 # Check for long long datatypes
2412 AC_CHECK_TYPES([long long, unsigned long long, long double])
2414 # Check datatype sizes
2415 AC_CHECK_SIZEOF(char, 1)
2416 AC_CHECK_SIZEOF(short int, 2)
2417 AC_CHECK_SIZEOF(int, 4)
2418 AC_CHECK_SIZEOF(long int, 4)
2419 AC_CHECK_SIZEOF(long long int, 8)
2421 # Sanity check long long for some platforms (AIX)
2422 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2423 ac_cv_sizeof_long_long_int=0
2426 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2427 if test -z "$have_llong_max"; then
2428 AC_MSG_CHECKING([for max value of long long])
2432 /* Why is this so damn hard? */
2436 #define __USE_ISOC99
2438 #define DATA "conftest.llminmax"
2439 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2442 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2443 * we do this the hard way.
2446 fprint_ll(FILE *f, long long n)
2449 int l[sizeof(long long) * 8];
2452 if (fprintf(f, "-") < 0)
2454 for (i = 0; n != 0; i++) {
2455 l[i] = my_abs(n % 10);
2459 if (fprintf(f, "%d", l[--i]) < 0)
2462 if (fprintf(f, " ") < 0)
2469 long long i, llmin, llmax = 0;
2471 if((f = fopen(DATA,"w")) == NULL)
2474 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2475 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2479 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2480 /* This will work on one's complement and two's complement */
2481 for (i = 1; i > llmax; i <<= 1, i++)
2483 llmin = llmax + 1LL; /* wrap */
2487 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2488 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2489 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2490 fprintf(f, "unknown unknown\n");
2494 if (fprint_ll(f, llmin) < 0)
2496 if (fprint_ll(f, llmax) < 0)
2504 llong_min=`$AWK '{print $1}' conftest.llminmax`
2505 llong_max=`$AWK '{print $2}' conftest.llminmax`
2507 AC_MSG_RESULT($llong_max)
2508 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2509 [max value of long long calculated by configure])
2510 AC_MSG_CHECKING([for min value of long long])
2511 AC_MSG_RESULT($llong_min)
2512 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2513 [min value of long long calculated by configure])
2516 AC_MSG_RESULT(not found)
2519 AC_MSG_WARN([cross compiling: not checking])
2525 # More checks for data types
2526 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2528 [ #include <sys/types.h> ],
2530 [ ac_cv_have_u_int="yes" ],
2531 [ ac_cv_have_u_int="no" ]
2534 if test "x$ac_cv_have_u_int" = "xyes" ; then
2535 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2539 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2541 [ #include <sys/types.h> ],
2542 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2543 [ ac_cv_have_intxx_t="yes" ],
2544 [ ac_cv_have_intxx_t="no" ]
2547 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2548 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2552 if (test -z "$have_intxx_t" && \
2553 test "x$ac_cv_header_stdint_h" = "xyes")
2555 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2557 [ #include <stdint.h> ],
2558 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2560 AC_DEFINE(HAVE_INTXX_T)
2563 [ AC_MSG_RESULT(no) ]
2567 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2570 #include <sys/types.h>
2571 #ifdef HAVE_STDINT_H
2572 # include <stdint.h>
2574 #include <sys/socket.h>
2575 #ifdef HAVE_SYS_BITYPES_H
2576 # include <sys/bitypes.h>
2579 [ int64_t a; a = 1;],
2580 [ ac_cv_have_int64_t="yes" ],
2581 [ ac_cv_have_int64_t="no" ]
2584 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2585 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2588 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2590 [ #include <sys/types.h> ],
2591 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2592 [ ac_cv_have_u_intxx_t="yes" ],
2593 [ ac_cv_have_u_intxx_t="no" ]
2596 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2597 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2601 if test -z "$have_u_intxx_t" ; then
2602 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2604 [ #include <sys/socket.h> ],
2605 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2607 AC_DEFINE(HAVE_U_INTXX_T)
2610 [ AC_MSG_RESULT(no) ]
2614 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2616 [ #include <sys/types.h> ],
2617 [ u_int64_t a; a = 1;],
2618 [ ac_cv_have_u_int64_t="yes" ],
2619 [ ac_cv_have_u_int64_t="no" ]
2622 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2623 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2627 if test -z "$have_u_int64_t" ; then
2628 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2630 [ #include <sys/bitypes.h> ],
2631 [ u_int64_t a; a = 1],
2633 AC_DEFINE(HAVE_U_INT64_T)
2636 [ AC_MSG_RESULT(no) ]
2640 if test -z "$have_u_intxx_t" ; then
2641 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2644 #include <sys/types.h>
2646 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2647 [ ac_cv_have_uintxx_t="yes" ],
2648 [ ac_cv_have_uintxx_t="no" ]
2651 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2652 AC_DEFINE(HAVE_UINTXX_T, 1,
2653 [define if you have uintxx_t data type])
2657 if test -z "$have_uintxx_t" ; then
2658 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2660 [ #include <stdint.h> ],
2661 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2663 AC_DEFINE(HAVE_UINTXX_T)
2666 [ AC_MSG_RESULT(no) ]
2670 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2671 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2673 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2676 #include <sys/bitypes.h>
2679 int8_t a; int16_t b; int32_t c;
2680 u_int8_t e; u_int16_t f; u_int32_t g;
2681 a = b = c = e = f = g = 1;
2684 AC_DEFINE(HAVE_U_INTXX_T)
2685 AC_DEFINE(HAVE_INTXX_T)
2693 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2696 #include <sys/types.h>
2698 [ u_char foo; foo = 125; ],
2699 [ ac_cv_have_u_char="yes" ],
2700 [ ac_cv_have_u_char="no" ]
2703 if test "x$ac_cv_have_u_char" = "xyes" ; then
2704 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2709 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2711 AC_CHECK_TYPES(in_addr_t,,,
2712 [#include <sys/types.h>
2713 #include <netinet/in.h>])
2715 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2718 #include <sys/types.h>
2720 [ size_t foo; foo = 1235; ],
2721 [ ac_cv_have_size_t="yes" ],
2722 [ ac_cv_have_size_t="no" ]
2725 if test "x$ac_cv_have_size_t" = "xyes" ; then
2726 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2729 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2732 #include <sys/types.h>
2734 [ ssize_t foo; foo = 1235; ],
2735 [ ac_cv_have_ssize_t="yes" ],
2736 [ ac_cv_have_ssize_t="no" ]
2739 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2740 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2743 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2748 [ clock_t foo; foo = 1235; ],
2749 [ ac_cv_have_clock_t="yes" ],
2750 [ ac_cv_have_clock_t="no" ]
2753 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2754 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2757 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2760 #include <sys/types.h>
2761 #include <sys/socket.h>
2763 [ sa_family_t foo; foo = 1235; ],
2764 [ ac_cv_have_sa_family_t="yes" ],
2767 #include <sys/types.h>
2768 #include <sys/socket.h>
2769 #include <netinet/in.h>
2771 [ sa_family_t foo; foo = 1235; ],
2772 [ ac_cv_have_sa_family_t="yes" ],
2774 [ ac_cv_have_sa_family_t="no" ]
2778 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2779 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2780 [define if you have sa_family_t data type])
2783 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2786 #include <sys/types.h>
2788 [ pid_t foo; foo = 1235; ],
2789 [ ac_cv_have_pid_t="yes" ],
2790 [ ac_cv_have_pid_t="no" ]
2793 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2794 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2797 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2800 #include <sys/types.h>
2802 [ mode_t foo; foo = 1235; ],
2803 [ ac_cv_have_mode_t="yes" ],
2804 [ ac_cv_have_mode_t="no" ]
2807 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2808 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2812 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2815 #include <sys/types.h>
2816 #include <sys/socket.h>
2818 [ struct sockaddr_storage s; ],
2819 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2820 [ ac_cv_have_struct_sockaddr_storage="no" ]
2823 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2824 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2825 [define if you have struct sockaddr_storage data type])
2828 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2831 #include <sys/types.h>
2832 #include <netinet/in.h>
2834 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2835 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2836 [ ac_cv_have_struct_sockaddr_in6="no" ]
2839 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2840 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2841 [define if you have struct sockaddr_in6 data type])
2844 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2847 #include <sys/types.h>
2848 #include <netinet/in.h>
2850 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2851 [ ac_cv_have_struct_in6_addr="yes" ],
2852 [ ac_cv_have_struct_in6_addr="no" ]
2855 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2856 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2857 [define if you have struct in6_addr data type])
2860 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2863 #include <sys/types.h>
2864 #include <sys/socket.h>
2867 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2868 [ ac_cv_have_struct_addrinfo="yes" ],
2869 [ ac_cv_have_struct_addrinfo="no" ]
2872 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2873 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2874 [define if you have struct addrinfo data type])
2877 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2879 [ #include <sys/time.h> ],
2880 [ struct timeval tv; tv.tv_sec = 1;],
2881 [ ac_cv_have_struct_timeval="yes" ],
2882 [ ac_cv_have_struct_timeval="no" ]
2885 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2886 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2887 have_struct_timeval=1
2890 AC_CHECK_TYPES(struct timespec)
2892 # We need int64_t or else certian parts of the compile will fail.
2893 if test "x$ac_cv_have_int64_t" = "xno" && \
2894 test "x$ac_cv_sizeof_long_int" != "x8" && \
2895 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2896 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2897 echo "an alternative compiler (I.E., GCC) before continuing."
2901 dnl test snprintf (broken on SCO w/gcc)
2906 #ifdef HAVE_SNPRINTF
2910 char expected_out[50];
2912 #if (SIZEOF_LONG_INT == 8)
2913 long int num = 0x7fffffffffffffff;
2915 long long num = 0x7fffffffffffffffll;
2917 strcpy(expected_out, "9223372036854775807");
2918 snprintf(buf, mazsize, "%lld", num);
2919 if(strcmp(buf, expected_out) != 0)
2926 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2927 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2931 dnl Checks for structure members
2932 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2933 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2934 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2935 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2936 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2937 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2938 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2939 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2940 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2941 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2942 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2943 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2944 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2945 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2946 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2947 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2948 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2950 AC_CHECK_MEMBERS([struct stat.st_blksize])
2951 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2952 [Define if we don't have struct __res_state in resolv.h])],
2955 #if HAVE_SYS_TYPES_H
2956 # include <sys/types.h>
2958 #include <netinet/in.h>
2959 #include <arpa/nameser.h>
2963 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2964 ac_cv_have_ss_family_in_struct_ss, [
2967 #include <sys/types.h>
2968 #include <sys/socket.h>
2970 [ struct sockaddr_storage s; s.ss_family = 1; ],
2971 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2972 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2975 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2976 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2979 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2980 ac_cv_have___ss_family_in_struct_ss, [
2983 #include <sys/types.h>
2984 #include <sys/socket.h>
2986 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2987 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2988 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2991 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2992 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2993 [Fields in struct sockaddr_storage])
2996 AC_CACHE_CHECK([for pw_class field in struct passwd],
2997 ac_cv_have_pw_class_in_struct_passwd, [
3002 [ struct passwd p; p.pw_class = 0; ],
3003 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3004 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3007 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3008 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3009 [Define if your password has a pw_class field])
3012 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3013 ac_cv_have_pw_expire_in_struct_passwd, [
3018 [ struct passwd p; p.pw_expire = 0; ],
3019 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3020 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3023 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3024 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3025 [Define if your password has a pw_expire field])
3028 AC_CACHE_CHECK([for pw_change field in struct passwd],
3029 ac_cv_have_pw_change_in_struct_passwd, [
3034 [ struct passwd p; p.pw_change = 0; ],
3035 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3036 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3039 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3040 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3041 [Define if your password has a pw_change field])
3044 dnl make sure we're using the real structure members and not defines
3045 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3046 ac_cv_have_accrights_in_msghdr, [
3049 #include <sys/types.h>
3050 #include <sys/socket.h>
3051 #include <sys/uio.h>
3053 #ifdef msg_accrights
3054 #error "msg_accrights is a macro"
3058 m.msg_accrights = 0;
3062 [ ac_cv_have_accrights_in_msghdr="yes" ],
3063 [ ac_cv_have_accrights_in_msghdr="no" ]
3066 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3067 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3068 [Define if your system uses access rights style
3069 file descriptor passing])
3072 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3073 ac_cv_have_control_in_msghdr, [
3076 #include <sys/types.h>
3077 #include <sys/socket.h>
3078 #include <sys/uio.h>
3081 #error "msg_control is a macro"
3089 [ ac_cv_have_control_in_msghdr="yes" ],
3090 [ ac_cv_have_control_in_msghdr="no" ]
3093 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3094 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3095 [Define if your system uses ancillary data style
3096 file descriptor passing])
3099 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3101 [ extern char *__progname; printf("%s", __progname); ],
3102 [ ac_cv_libc_defines___progname="yes" ],
3103 [ ac_cv_libc_defines___progname="no" ]
3106 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3107 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3110 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3114 [ printf("%s", __FUNCTION__); ],
3115 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3116 [ ac_cv_cc_implements___FUNCTION__="no" ]
3119 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3120 AC_DEFINE(HAVE___FUNCTION__, 1,
3121 [Define if compiler implements __FUNCTION__])
3124 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3128 [ printf("%s", __func__); ],
3129 [ ac_cv_cc_implements___func__="yes" ],
3130 [ ac_cv_cc_implements___func__="no" ]
3133 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3134 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3137 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3139 [#include <stdarg.h>
3142 [ ac_cv_have_va_copy="yes" ],
3143 [ ac_cv_have_va_copy="no" ]
3146 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3147 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3150 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3152 [#include <stdarg.h>
3155 [ ac_cv_have___va_copy="yes" ],
3156 [ ac_cv_have___va_copy="no" ]
3159 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3160 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3163 AC_CACHE_CHECK([whether getopt has optreset support],
3164 ac_cv_have_getopt_optreset, [
3169 [ extern int optreset; optreset = 0; ],
3170 [ ac_cv_have_getopt_optreset="yes" ],
3171 [ ac_cv_have_getopt_optreset="no" ]
3174 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3175 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3176 [Define if your getopt(3) defines and uses optreset])
3179 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3181 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3182 [ ac_cv_libc_defines_sys_errlist="yes" ],
3183 [ ac_cv_libc_defines_sys_errlist="no" ]
3186 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3187 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3188 [Define if your system defines sys_errlist[]])
3192 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3194 [ extern int sys_nerr; printf("%i", sys_nerr);],
3195 [ ac_cv_libc_defines_sys_nerr="yes" ],
3196 [ ac_cv_libc_defines_sys_nerr="no" ]
3199 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3200 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3204 # Check whether user wants sectok support
3206 [ --with-sectok Enable smartcard support using libsectok],
3208 if test "x$withval" != "xno" ; then
3209 if test "x$withval" != "xyes" ; then
3210 CPPFLAGS="$CPPFLAGS -I${withval}"
3211 LDFLAGS="$LDFLAGS -L${withval}"
3212 if test ! -z "$need_dash_r" ; then
3213 LDFLAGS="$LDFLAGS -R${withval}"
3215 if test ! -z "$blibpath" ; then
3216 blibpath="$blibpath:${withval}"
3219 AC_CHECK_HEADERS(sectok.h)
3220 if test "$ac_cv_header_sectok_h" != yes; then
3221 AC_MSG_ERROR(Can't find sectok.h)
3223 AC_CHECK_LIB(sectok, sectok_open)
3224 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3225 AC_MSG_ERROR(Can't find libsectok)
3227 AC_DEFINE(SMARTCARD, 1,
3228 [Define if you want smartcard support])
3229 AC_DEFINE(USE_SECTOK, 1,
3230 [Define if you want smartcard support
3232 SCARD_MSG="yes, using sectok"
3237 # Check whether user wants OpenSC support
3240 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3242 if test "x$withval" != "xno" ; then
3243 if test "x$withval" != "xyes" ; then
3244 OPENSC_CONFIG=$withval/bin/opensc-config
3246 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3248 if test "$OPENSC_CONFIG" != "no"; then
3249 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3250 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3251 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3252 LIBS="$LIBS $LIBOPENSC_LIBS"
3253 AC_DEFINE(SMARTCARD)
3254 AC_DEFINE(USE_OPENSC, 1,
3255 [Define if you want smartcard support
3257 SCARD_MSG="yes, using OpenSC"
3263 # Check libraries needed by DNS fingerprint support
3264 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3265 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3266 [Define if getrrsetbyname() exists])],
3268 # Needed by our getrrsetbyname()
3269 AC_SEARCH_LIBS(res_query, resolv)
3270 AC_SEARCH_LIBS(dn_expand, resolv)
3271 AC_MSG_CHECKING(if res_query will link)
3272 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3275 LIBS="$LIBS -lresolv"
3276 AC_MSG_CHECKING(for res_query in -lresolv)
3281 res_query (0, 0, 0, 0, 0);
3285 [LIBS="$LIBS -lresolv"
3286 AC_MSG_RESULT(yes)],
3290 AC_CHECK_FUNCS(_getshort _getlong)
3291 AC_CHECK_DECLS([_getshort, _getlong], , ,
3292 [#include <sys/types.h>
3293 #include <arpa/nameser.h>])
3294 AC_CHECK_MEMBER(HEADER.ad,
3295 [AC_DEFINE(HAVE_HEADER_AD, 1,
3296 [Define if HEADER.ad exists in arpa/nameser.h])],,
3297 [#include <arpa/nameser.h>])
3300 # Check whether user wants SELinux support
3303 AC_ARG_WITH(selinux,
3304 [ --with-selinux Enable SELinux support],
3305 [ if test "x$withval" != "xno" ; then
3306 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3308 AC_CHECK_HEADER([selinux/selinux.h], ,
3309 AC_MSG_ERROR(SELinux support requires selinux.h header))
3310 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3311 AC_MSG_ERROR(SELinux support requires libselinux library))
3313 LIBS="$LIBS $LIBSELINUX"
3314 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3318 AC_SUBST(LIBSELINUX)
3320 # Check whether user wants Kerberos 5 support
3322 AC_ARG_WITH(kerberos5,
3323 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3324 [ if test "x$withval" != "xno" ; then
3325 if test "x$withval" = "xyes" ; then
3326 KRB5ROOT="/usr/local"
3331 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3334 AC_MSG_CHECKING(for krb5-config)
3335 if test -x $KRB5ROOT/bin/krb5-config ; then
3336 KRB5CONF=$KRB5ROOT/bin/krb5-config
3337 AC_MSG_RESULT($KRB5CONF)
3339 AC_MSG_CHECKING(for gssapi support)
3340 if $KRB5CONF | grep gssapi >/dev/null ; then
3342 AC_DEFINE(GSSAPI, 1,
3343 [Define this if you want GSSAPI
3344 support in the version 2 protocol])
3350 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3351 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3352 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3353 AC_MSG_CHECKING(whether we are using Heimdal)
3354 AC_TRY_COMPILE([ #include <krb5.h> ],
3355 [ char *tmp = heimdal_version; ],
3356 [ AC_MSG_RESULT(yes)
3357 AC_DEFINE(HEIMDAL, 1,
3358 [Define this if you are using the
3359 Heimdal version of Kerberos V5]) ],
3364 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3365 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3366 AC_MSG_CHECKING(whether we are using Heimdal)
3367 AC_TRY_COMPILE([ #include <krb5.h> ],
3368 [ char *tmp = heimdal_version; ],
3369 [ AC_MSG_RESULT(yes)
3371 K5LIBS="-lkrb5 -ldes"
3372 K5LIBS="$K5LIBS -lcom_err -lasn1"
3373 AC_CHECK_LIB(roken, net_write,
3374 [K5LIBS="$K5LIBS -lroken"])
3377 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3380 AC_SEARCH_LIBS(dn_expand, resolv)
3382 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3384 K5LIBS="-lgssapi $K5LIBS" ],
3385 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3387 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3388 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3393 AC_CHECK_HEADER(gssapi.h, ,
3394 [ unset ac_cv_header_gssapi_h
3395 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3396 AC_CHECK_HEADERS(gssapi.h, ,
3397 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3403 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3404 AC_CHECK_HEADER(gssapi_krb5.h, ,
3405 [ CPPFLAGS="$oldCPP" ])
3407 # If we're using some other GSSAPI
3408 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3409 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3412 if test -z "$GSSAPI"; then
3417 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3418 AC_CHECK_HEADER(gssapi_krb5.h, ,
3419 [ CPPFLAGS="$oldCPP" ])
3422 if test ! -z "$need_dash_r" ; then
3423 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3425 if test ! -z "$blibpath" ; then
3426 blibpath="$blibpath:${KRB5ROOT}/lib"
3429 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3430 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3431 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3433 LIBS="$LIBS $K5LIBS"
3434 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3435 [Define this if you want to use libkafs' AFS support]))
3440 # Check whether user wants AFS_KRB5 support
3442 AC_ARG_WITH(afs-krb5,
3443 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3445 if test "x$withval" != "xno" ; then
3447 if test "x$withval" != "xyes" ; then
3448 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3449 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3451 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3453 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3456 if test -z "$KRB5ROOT" ; then
3457 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3460 LIBS="-lkrbafs -lkrb4 $LIBS"
3461 if test ! -z "$AFS_LIBS" ; then
3462 LIBS="$LIBS $AFS_LIBS"
3464 AC_DEFINE(AFS_KRB5, 1,
3465 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3471 AC_ARG_WITH(session-hooks,
3472 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3473 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3476 # Looking for programs, paths and files
3478 PRIVSEP_PATH=/var/empty
3479 AC_ARG_WITH(privsep-path,
3480 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3482 if test -n "$withval" && test "x$withval" != "xno" && \
3483 test "x${withval}" != "xyes"; then
3484 PRIVSEP_PATH=$withval
3488 AC_SUBST(PRIVSEP_PATH)
3491 [ --with-xauth=PATH Specify path to xauth program ],
3493 if test -n "$withval" && test "x$withval" != "xno" && \
3494 test "x${withval}" != "xyes"; then
3500 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3501 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3502 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3503 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3504 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3505 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3506 xauth_path="/usr/openwin/bin/xauth"
3512 AC_ARG_ENABLE(strip,
3513 [ --disable-strip Disable calling strip(1) on install],
3515 if test "x$enableval" = "xno" ; then
3522 if test -z "$xauth_path" ; then
3523 XAUTH_PATH="undefined"
3524 AC_SUBST(XAUTH_PATH)
3526 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3527 [Define if xauth is found in your path])
3528 XAUTH_PATH=$xauth_path
3529 AC_SUBST(XAUTH_PATH)
3532 # Check for mail directory (last resort if we cannot get it from headers)
3533 if test ! -z "$MAIL" ; then
3534 maildir=`dirname $MAIL`
3535 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3536 [Set this to your mail directory if you don't have maillock.h])
3539 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3540 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3541 disable_ptmx_check=yes
3543 if test -z "$no_dev_ptmx" ; then
3544 if test "x$disable_ptmx_check" != "xyes" ; then
3545 AC_CHECK_FILE("/dev/ptmx",
3547 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3548 [Define if you have /dev/ptmx])
3555 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3556 AC_CHECK_FILE("/dev/ptc",
3558 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3559 [Define if you have /dev/ptc])
3564 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3567 # Options from here on. Some of these are preset by platform above
3568 AC_ARG_WITH(mantype,
3569 [ --with-mantype=man|cat|doc Set man page type],
3576 AC_MSG_ERROR(invalid man type: $withval)
3581 if test -z "$MANTYPE"; then
3582 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3583 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3584 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3586 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3593 if test "$MANTYPE" = "doc"; then
3600 # Check whether to enable MD5 passwords
3602 AC_ARG_WITH(md5-passwords,
3603 [ --with-md5-passwords Enable use of MD5 passwords],
3605 if test "x$withval" != "xno" ; then
3606 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3607 [Define if you want to allow MD5 passwords])
3613 # Whether to disable shadow password support
3615 [ --without-shadow Disable shadow password support],
3617 if test "x$withval" = "xno" ; then
3618 AC_DEFINE(DISABLE_SHADOW)
3624 if test -z "$disable_shadow" ; then
3625 AC_MSG_CHECKING([if the systems has expire shadow information])
3628 #include <sys/types.h>
3631 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3632 [ sp_expire_available=yes ], []
3635 if test "x$sp_expire_available" = "xyes" ; then
3637 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3638 [Define if you want to use shadow password expire field])
3644 # Use ip address instead of hostname in $DISPLAY
3645 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3646 DISPLAY_HACK_MSG="yes"
3647 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3648 [Define if you need to use IP address
3649 instead of hostname in $DISPLAY])
3651 DISPLAY_HACK_MSG="no"
3652 AC_ARG_WITH(ipaddr-display,
3653 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3655 if test "x$withval" != "xno" ; then
3656 AC_DEFINE(IPADDR_IN_DISPLAY)
3657 DISPLAY_HACK_MSG="yes"
3663 # check for /etc/default/login and use it if present.
3664 AC_ARG_ENABLE(etc-default-login,
3665 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3666 [ if test "x$enableval" = "xno"; then
3667 AC_MSG_NOTICE([/etc/default/login handling disabled])
3668 etc_default_login=no
3670 etc_default_login=yes
3672 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3674 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3675 etc_default_login=no
3677 etc_default_login=yes
3681 if test "x$etc_default_login" != "xno"; then
3682 AC_CHECK_FILE("/etc/default/login",
3683 [ external_path_file=/etc/default/login ])
3684 if test "x$external_path_file" = "x/etc/default/login"; then
3685 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3686 [Define if your system has /etc/default/login])
3690 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3691 if test $ac_cv_func_login_getcapbool = "yes" && \
3692 test $ac_cv_header_login_cap_h = "yes" ; then
3693 external_path_file=/etc/login.conf
3696 # Whether to mess with the default path
3697 SERVER_PATH_MSG="(default)"
3698 AC_ARG_WITH(default-path,
3699 [ --with-default-path= Specify default \$PATH environment for server],
3701 if test "x$external_path_file" = "x/etc/login.conf" ; then
3703 --with-default-path=PATH has no effect on this system.
3704 Edit /etc/login.conf instead.])
3705 elif test "x$withval" != "xno" ; then
3706 if test ! -z "$external_path_file" ; then
3708 --with-default-path=PATH will only be used if PATH is not defined in
3709 $external_path_file .])
3711 user_path="$withval"
3712 SERVER_PATH_MSG="$withval"
3715 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3716 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3718 if test ! -z "$external_path_file" ; then
3720 If PATH is defined in $external_path_file, ensure the path to scp is included,
3721 otherwise scp will not work.])
3725 /* find out what STDPATH is */
3730 #ifndef _PATH_STDPATH
3731 # ifdef _PATH_USERPATH /* Irix */
3732 # define _PATH_STDPATH _PATH_USERPATH
3734 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3737 #include <sys/types.h>
3738 #include <sys/stat.h>
3740 #define DATA "conftest.stdpath"
3747 fd = fopen(DATA,"w");
3751 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3757 [ user_path=`cat conftest.stdpath` ],
3758 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3759 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3761 # make sure $bindir is in USER_PATH so scp will work
3762 t_bindir=`eval echo ${bindir}`
3764 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3767 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3769 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3770 if test $? -ne 0 ; then
3771 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3772 if test $? -ne 0 ; then
3773 user_path=$user_path:$t_bindir
3774 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3779 if test "x$external_path_file" != "x/etc/login.conf" ; then
3780 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3784 # Set superuser path separately to user path
3785 AC_ARG_WITH(superuser-path,
3786 [ --with-superuser-path= Specify different path for super-user],
3788 if test -n "$withval" && test "x$withval" != "xno" && \
3789 test "x${withval}" != "xyes"; then
3790 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3791 [Define if you want a different $PATH
3793 superuser_path=$withval
3799 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3800 IPV4_IN6_HACK_MSG="no"
3802 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3804 if test "x$withval" != "xno" ; then
3806 AC_DEFINE(IPV4_IN_IPV6, 1,
3807 [Detect IPv4 in IPv6 mapped addresses
3809 IPV4_IN6_HACK_MSG="yes"
3814 if test "x$inet6_default_4in6" = "xyes"; then
3815 AC_MSG_RESULT([yes (default)])
3816 AC_DEFINE(IPV4_IN_IPV6)
3817 IPV4_IN6_HACK_MSG="yes"
3819 AC_MSG_RESULT([no (default)])
3824 # Whether to enable BSD auth support
3826 AC_ARG_WITH(bsd-auth,
3827 [ --with-bsd-auth Enable BSD auth support],
3829 if test "x$withval" != "xno" ; then
3830 AC_DEFINE(BSD_AUTH, 1,
3831 [Define if you have BSD auth support])
3837 # Where to place sshd.pid
3839 # make sure the directory exists
3840 if test ! -d $piddir ; then
3841 piddir=`eval echo ${sysconfdir}`
3843 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3847 AC_ARG_WITH(pid-dir,
3848 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3850 if test -n "$withval" && test "x$withval" != "xno" && \
3851 test "x${withval}" != "xyes"; then
3853 if test ! -d $piddir ; then
3854 AC_MSG_WARN([** no $piddir directory on this system **])
3860 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3863 dnl allow user to disable some login recording features
3864 AC_ARG_ENABLE(lastlog,
3865 [ --disable-lastlog disable use of lastlog even if detected [no]],
3867 if test "x$enableval" = "xno" ; then
3868 AC_DEFINE(DISABLE_LASTLOG)
3873 [ --disable-utmp disable use of utmp even if detected [no]],
3875 if test "x$enableval" = "xno" ; then
3876 AC_DEFINE(DISABLE_UTMP)
3880 AC_ARG_ENABLE(utmpx,
3881 [ --disable-utmpx disable use of utmpx even if detected [no]],
3883 if test "x$enableval" = "xno" ; then
3884 AC_DEFINE(DISABLE_UTMPX, 1,
3885 [Define if you don't want to use utmpx])
3890 [ --disable-wtmp disable use of wtmp even if detected [no]],
3892 if test "x$enableval" = "xno" ; then
3893 AC_DEFINE(DISABLE_WTMP)
3897 AC_ARG_ENABLE(wtmpx,
3898 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3900 if test "x$enableval" = "xno" ; then
3901 AC_DEFINE(DISABLE_WTMPX, 1,
3902 [Define if you don't want to use wtmpx])
3906 AC_ARG_ENABLE(libutil,
3907 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3909 if test "x$enableval" = "xno" ; then
3910 AC_DEFINE(DISABLE_LOGIN)
3914 AC_ARG_ENABLE(pututline,
3915 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3917 if test "x$enableval" = "xno" ; then
3918 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3919 [Define if you don't want to use pututline()
3920 etc. to write [uw]tmp])
3924 AC_ARG_ENABLE(pututxline,
3925 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3927 if test "x$enableval" = "xno" ; then
3928 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3929 [Define if you don't want to use pututxline()
3930 etc. to write [uw]tmpx])
3934 AC_ARG_WITH(lastlog,
3935 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3937 if test "x$withval" = "xno" ; then
3938 AC_DEFINE(DISABLE_LASTLOG)
3939 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3940 conf_lastlog_location=$withval
3945 dnl lastlog, [uw]tmpx? detection
3946 dnl NOTE: set the paths in the platform section to avoid the
3947 dnl need for command-line parameters
3948 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3950 dnl lastlog detection
3951 dnl NOTE: the code itself will detect if lastlog is a directory
3952 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3954 #include <sys/types.h>
3956 #ifdef HAVE_LASTLOG_H
3957 # include <lastlog.h>
3966 [ char *lastlog = LASTLOG_FILE; ],
3967 [ AC_MSG_RESULT(yes) ],
3970 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3972 #include <sys/types.h>
3974 #ifdef HAVE_LASTLOG_H
3975 # include <lastlog.h>
3981 [ char *lastlog = _PATH_LASTLOG; ],
3982 [ AC_MSG_RESULT(yes) ],
3985 system_lastlog_path=no
3990 if test -z "$conf_lastlog_location"; then
3991 if test x"$system_lastlog_path" = x"no" ; then
3992 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3993 if (test -d "$f" || test -f "$f") ; then
3994 conf_lastlog_location=$f
3997 if test -z "$conf_lastlog_location"; then
3998 AC_MSG_WARN([** Cannot find lastlog **])
3999 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4004 if test -n "$conf_lastlog_location"; then
4005 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4006 [Define if you want to specify the path to your lastlog file])
4010 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4012 #include <sys/types.h>
4018 [ char *utmp = UTMP_FILE; ],
4019 [ AC_MSG_RESULT(yes) ],
4021 system_utmp_path=no ]
4023 if test -z "$conf_utmp_location"; then
4024 if test x"$system_utmp_path" = x"no" ; then
4025 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4026 if test -f $f ; then
4027 conf_utmp_location=$f
4030 if test -z "$conf_utmp_location"; then
4031 AC_DEFINE(DISABLE_UTMP)
4035 if test -n "$conf_utmp_location"; then
4036 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4037 [Define if you want to specify the path to your utmp file])
4041 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4043 #include <sys/types.h>
4049 [ char *wtmp = WTMP_FILE; ],
4050 [ AC_MSG_RESULT(yes) ],
4052 system_wtmp_path=no ]
4054 if test -z "$conf_wtmp_location"; then
4055 if test x"$system_wtmp_path" = x"no" ; then
4056 for f in /usr/adm/wtmp /var/log/wtmp; do
4057 if test -f $f ; then
4058 conf_wtmp_location=$f
4061 if test -z "$conf_wtmp_location"; then
4062 AC_DEFINE(DISABLE_WTMP)
4066 if test -n "$conf_wtmp_location"; then
4067 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4068 [Define if you want to specify the path to your wtmp file])
4072 dnl utmpx detection - I don't know any system so perverse as to require
4073 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4075 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4077 #include <sys/types.h>
4086 [ char *utmpx = UTMPX_FILE; ],
4087 [ AC_MSG_RESULT(yes) ],
4089 system_utmpx_path=no ]
4091 if test -z "$conf_utmpx_location"; then
4092 if test x"$system_utmpx_path" = x"no" ; then
4093 AC_DEFINE(DISABLE_UTMPX)
4096 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4097 [Define if you want to specify the path to your utmpx file])
4101 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4103 #include <sys/types.h>
4112 [ char *wtmpx = WTMPX_FILE; ],
4113 [ AC_MSG_RESULT(yes) ],
4115 system_wtmpx_path=no ]
4117 if test -z "$conf_wtmpx_location"; then
4118 if test x"$system_wtmpx_path" = x"no" ; then
4119 AC_DEFINE(DISABLE_WTMPX)
4122 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4123 [Define if you want to specify the path to your wtmpx file])
4127 if test ! -z "$blibpath" ; then
4128 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4129 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4132 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4134 CFLAGS="$CFLAGS $werror_flags"
4137 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4138 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4139 scard/Makefile ssh_prng_cmds survey.sh])
4142 # Print summary of options
4144 # Someone please show me a better way :)
4145 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4146 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4147 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4148 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4149 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4150 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4151 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4152 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4153 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4154 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4157 echo "OpenSSH has been configured with the following options:"
4158 echo " User binaries: $B"
4159 echo " System binaries: $C"
4160 echo " Configuration files: $D"
4161 echo " Askpass program: $E"
4162 echo " Manual pages: $F"
4163 echo " PID file: $G"
4164 echo " Privilege separation chroot path: $H"
4165 if test "x$external_path_file" = "x/etc/login.conf" ; then
4166 echo " At runtime, sshd will use the path defined in $external_path_file"
4167 echo " Make sure the path to scp is present, otherwise scp will not work"
4169 echo " sshd default user PATH: $I"
4170 if test ! -z "$external_path_file"; then
4171 echo " (If PATH is set in $external_path_file it will be used instead. If"
4172 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4175 if test ! -z "$superuser_path" ; then
4176 echo " sshd superuser user PATH: $J"
4178 echo " Manpage format: $MANTYPE"
4179 echo " PAM support: $PAM_MSG"
4180 echo " OSF SIA support: $SIA_MSG"
4181 echo " KerberosV support: $KRB5_MSG"
4182 echo " SELinux support: $SELINUX_MSG"
4183 echo " Smartcard support: $SCARD_MSG"
4184 echo " S/KEY support: $SKEY_MSG"
4185 echo " TCP Wrappers support: $TCPW_MSG"
4186 echo " MD5 password support: $MD5_MSG"
4187 echo " libedit support: $LIBEDIT_MSG"
4188 echo " Solaris process contract support: $SPC_MSG"
4189 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4190 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4191 echo " BSD Auth support: $BSD_AUTH_MSG"
4192 echo " Random number source: $RAND_MSG"
4193 if test ! -z "$USE_RAND_HELPER" ; then
4194 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4199 echo " Host: ${host}"
4200 echo " Compiler: ${CC}"
4201 echo " Compiler flags: ${CFLAGS}"
4202 echo "Preprocessor flags: ${CPPFLAGS}"
4203 echo " Linker flags: ${LDFLAGS}"
4204 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
4208 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4209 echo "SVR4 style packages are supported with \"make package\""
4213 if test "x$PAM_MSG" = "xyes" ; then
4214 echo "PAM is enabled. You may need to install a PAM control file "
4215 echo "for sshd, otherwise password authentication may fail. "
4216 echo "Example PAM control files can be found in the contrib/ "
4221 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4222 echo "WARNING: you are using the builtin random number collection "
4223 echo "service. Please read WARNING.RNG and request that your OS "
4224 echo "vendor includes kernel-based random number collection in "
4225 echo "future versions of your OS."
4229 if test ! -z "$NO_PEERCHECK" ; then
4230 echo "WARNING: the operating system that you are using does not "
4231 echo "appear to support either the getpeereid() API nor the "
4232 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4233 echo "enforce security checks to prevent unauthorised connections to "
4234 echo "ssh-agent. Their absence increases the risk that a malicious "
4235 echo "user can connect to your agent. "
4239 if test "$AUDIT_MODULE" = "bsm" ; then
4240 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4241 echo "See the Solaris section in README.platform for details."