3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Messages for features tested for in target-specific section
134 # Check for some target-specific stuff
137 # Some versions of VAC won't allow macro redefinitions at
138 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
139 # particularly with older versions of vac or xlc.
140 # It also throws errors about null macro argments, but these are
142 AC_MSG_CHECKING(if compiler allows macro redefinitions)
145 #define testmacro foo
146 #define testmacro bar
147 int main(void) { exit(0); }
149 [ AC_MSG_RESULT(yes) ],
151 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
152 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
153 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
154 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
158 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
159 if (test -z "$blibpath"); then
160 blibpath="/usr/lib:/lib"
162 saved_LDFLAGS="$LDFLAGS"
163 if test "$GCC" = "yes"; then
164 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
166 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
168 for tryflags in $flags ;do
169 if (test -z "$blibflags"); then
170 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
171 AC_TRY_LINK([], [], [blibflags=$tryflags])
174 if (test -z "$blibflags"); then
175 AC_MSG_RESULT(not found)
176 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
178 AC_MSG_RESULT($blibflags)
180 LDFLAGS="$saved_LDFLAGS"
181 dnl Check for authenticate. Might be in libs.a on older AIXes
182 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
183 [Define if you want to enable AIX4's authenticate function])],
184 [AC_CHECK_LIB(s,authenticate,
185 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
189 dnl Check for various auth function declarations in headers.
190 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
191 passwdexpired, setauthdb], , , [#include <usersec.h>])
192 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
193 AC_CHECK_DECLS(loginfailed,
194 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
196 [#include <usersec.h>],
197 [(void)loginfailed("user","host","tty",0);],
199 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
200 [Define if your AIX loginfailed() function
201 takes 4 arguments (AIX >= 5.2)])],
205 [#include <usersec.h>]
207 AC_CHECK_FUNCS(setauthdb)
208 AC_CHECK_DECL(F_CLOSEM,
209 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
211 [ #include <limits.h>
214 check_for_aix_broken_getaddrinfo=1
215 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
216 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
217 [Define if your platform breaks doing a seteuid before a setuid])
218 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
219 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
220 dnl AIX handles lastlog as part of its login message
221 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
222 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
223 [Some systems need a utmpx entry for /bin/login to work])
224 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
225 [Define to a Set Process Title type if your system is
226 supported by bsd-setproctitle.c])
227 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
228 [AIX 5.2 and 5.3 (and presumably newer) require this])
229 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
232 check_for_libcrypt_later=1
233 LIBS="$LIBS /usr/lib/textmode.o"
234 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
235 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
236 AC_DEFINE(DISABLE_SHADOW, 1,
237 [Define if you want to disable shadow passwords])
238 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
239 [Define if your system choked on IP TOS setting])
240 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
241 [Define if X11 doesn't support AF_UNIX sockets on that system])
242 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
243 [Define if the concept of ports only accessible to
244 superusers isn't known])
245 AC_DEFINE(DISABLE_FD_PASSING, 1,
246 [Define if your platform needs to skip post auth
247 file descriptor passing])
250 AC_DEFINE(IP_TOS_IS_BROKEN)
251 AC_DEFINE(SETEUID_BREAKS_SETUID)
252 AC_DEFINE(BROKEN_SETREUID)
253 AC_DEFINE(BROKEN_SETREGID)
256 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
257 AC_DEFINE(SETEUID_BREAKS_SETUID)
258 AC_DEFINE(BROKEN_SETREUID)
259 AC_DEFINE(BROKEN_SETREGID)
260 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
261 [Define if your resolver libs need this for getrrsetbyname])
262 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
263 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
264 [Use tunnel device compatibility to OpenBSD])
265 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
266 [Prepend the address family to IP tunnel traffic])
267 AC_MSG_CHECKING(if we have the Security Authorization Session API)
268 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
269 [SessionCreate(0, 0);],
270 [ac_cv_use_security_session_api="yes"
271 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
272 [platform has the Security Authorization Session API])
273 LIBS="$LIBS -framework Security"
275 [ac_cv_use_security_session_api="no"
277 AC_MSG_CHECKING(if we have an in-memory credentials cache)
279 [#include <Kerberos/Kerberos.h>],
281 (void) cc_initialize (&c, 0, NULL, NULL);],
282 [AC_DEFINE(USE_CCAPI, 1,
283 [platform uses an in-memory credentials cache])
284 LIBS="$LIBS -framework Security"
286 if test "x$ac_cv_use_security_session_api" = "xno"; then
287 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
293 SSHDLIBS="$SSHDLIBS -lcrypt"
296 # first we define all of the options common to all HP-UX releases
297 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
298 IPADDR_IN_DISPLAY=yes
300 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
301 [Define if your login program cannot handle end of options ("--")])
302 AC_DEFINE(LOGIN_NEEDS_UTMPX)
303 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
304 [String used in /etc/passwd to denote locked account])
305 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
306 MAIL="/var/mail/username"
308 AC_CHECK_LIB(xnet, t_error, ,
309 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
311 # next, we define all of the options specific to major releases
314 if test -z "$GCC"; then
319 AC_DEFINE(PAM_SUN_CODEBASE, 1,
320 [Define if you are using Solaris-derived PAM which
321 passes pam_messages to the conversation function
322 with an extra level of indirection])
323 AC_DEFINE(DISABLE_UTMP, 1,
324 [Define if you don't want to use utmp])
325 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
326 check_for_hpux_broken_getaddrinfo=1
327 check_for_conflicting_getspnam=1
331 # lastly, we define options specific to minor releases
334 AC_DEFINE(HAVE_SECUREWARE, 1,
335 [Define if you have SecureWare-based
336 protected password database])
337 disable_ptmx_check=yes
343 PATH="$PATH:/usr/etc"
344 AC_DEFINE(BROKEN_INET_NTOA, 1,
345 [Define if you system's inet_ntoa is busted
346 (e.g. Irix gcc issue)])
347 AC_DEFINE(SETEUID_BREAKS_SETUID)
348 AC_DEFINE(BROKEN_SETREUID)
349 AC_DEFINE(BROKEN_SETREGID)
350 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
351 [Define if you shouldn't strip 'tty' from your
353 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
356 PATH="$PATH:/usr/etc"
357 AC_DEFINE(WITH_IRIX_ARRAY, 1,
358 [Define if you have/want arrays
359 (cluster-wide session managment, not C arrays)])
360 AC_DEFINE(WITH_IRIX_PROJECT, 1,
361 [Define if you want IRIX project management])
362 AC_DEFINE(WITH_IRIX_AUDIT, 1,
363 [Define if you want IRIX audit trails])
364 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
365 [Define if you want IRIX kernel jobs])])
366 AC_DEFINE(BROKEN_INET_NTOA)
367 AC_DEFINE(SETEUID_BREAKS_SETUID)
368 AC_DEFINE(BROKEN_SETREUID)
369 AC_DEFINE(BROKEN_SETREGID)
370 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
371 AC_DEFINE(WITH_ABBREV_NO_TTY)
372 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
376 check_for_libcrypt_later=1
377 check_for_openpty_ctty_bug=1
378 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
379 AC_DEFINE(PAM_TTY_KLUDGE, 1,
380 [Work around problematic Linux PAM modules handling of PAM_TTY])
381 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
382 [String used in /etc/passwd to denote locked account])
383 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
384 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
385 [Define to whatever link() returns for "not supported"
386 if it doesn't return EOPNOTSUPP.])
387 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
389 inet6_default_4in6=yes
392 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
393 [Define if cmsg_type is not passed correctly])
396 # tun(4) forwarding compat code
397 AC_CHECK_HEADERS(linux/if_tun.h)
398 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
399 AC_DEFINE(SSH_TUN_LINUX, 1,
400 [Open tunnel devices the Linux tun/tap way])
401 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
402 [Use tunnel device compatibility to OpenBSD])
403 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
404 [Prepend the address family to IP tunnel traffic])
407 mips-sony-bsd|mips-sony-newsos4)
408 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
412 check_for_libcrypt_before=1
413 if test "x$withval" != "xno" ; then
416 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
417 AC_CHECK_HEADER([net/if_tap.h], ,
418 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
419 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
420 [Prepend the address family to IP tunnel traffic])
423 check_for_libcrypt_later=1
424 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
425 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
426 AC_CHECK_HEADER([net/if_tap.h], ,
427 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
430 AC_DEFINE(SETEUID_BREAKS_SETUID)
431 AC_DEFINE(BROKEN_SETREUID)
432 AC_DEFINE(BROKEN_SETREGID)
435 conf_lastlog_location="/usr/adm/lastlog"
436 conf_utmp_location=/etc/utmp
437 conf_wtmp_location=/usr/adm/wtmp
439 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
440 AC_DEFINE(BROKEN_REALPATH)
442 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
445 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
446 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
447 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
448 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
449 [syslog_r function is safe to use in in a signal handler])
452 if test "x$withval" != "xno" ; then
455 AC_DEFINE(PAM_SUN_CODEBASE)
456 AC_DEFINE(LOGIN_NEEDS_UTMPX)
457 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
458 [Some versions of /bin/login need the TERM supplied
460 AC_DEFINE(PAM_TTY_KLUDGE)
461 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
462 [Define if pam_chauthtok wants real uid set
463 to the unpriv'ed user])
464 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
465 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
466 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
467 [Define if sshd somehow reacquires a controlling TTY
469 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
470 in case the name is longer than 8 chars])
471 external_path_file=/etc/default/login
472 # hardwire lastlog location (can't detect it on some versions)
473 conf_lastlog_location="/var/adm/lastlog"
474 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
475 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
476 if test "$sol2ver" -ge 8; then
478 AC_DEFINE(DISABLE_UTMP)
479 AC_DEFINE(DISABLE_WTMP, 1,
480 [Define if you don't want to use wtmp])
484 AC_ARG_WITH(solaris-contracts,
485 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
487 AC_CHECK_LIB(contract, ct_tmpl_activate,
488 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
489 [Define if you have Solaris process contracts])
490 SSHDLIBS="$SSHDLIBS -lcontract"
497 CPPFLAGS="$CPPFLAGS -DSUNOS4"
498 AC_CHECK_FUNCS(getpwanam)
499 AC_DEFINE(PAM_SUN_CODEBASE)
500 conf_utmp_location=/etc/utmp
501 conf_wtmp_location=/var/adm/wtmp
502 conf_lastlog_location=/var/adm/lastlog
508 AC_DEFINE(SSHD_ACQUIRES_CTTY)
509 AC_DEFINE(SETEUID_BREAKS_SETUID)
510 AC_DEFINE(BROKEN_SETREUID)
511 AC_DEFINE(BROKEN_SETREGID)
514 # /usr/ucblib MUST NOT be searched on ReliantUNIX
515 AC_CHECK_LIB(dl, dlsym, ,)
516 # -lresolv needs to be at the end of LIBS or DNS lookups break
517 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
518 IPADDR_IN_DISPLAY=yes
520 AC_DEFINE(IP_TOS_IS_BROKEN)
521 AC_DEFINE(SETEUID_BREAKS_SETUID)
522 AC_DEFINE(BROKEN_SETREUID)
523 AC_DEFINE(BROKEN_SETREGID)
524 AC_DEFINE(SSHD_ACQUIRES_CTTY)
525 external_path_file=/etc/default/login
526 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
527 # Attention: always take care to bind libsocket and libnsl before libc,
528 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
530 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
533 AC_DEFINE(SETEUID_BREAKS_SETUID)
534 AC_DEFINE(BROKEN_SETREUID)
535 AC_DEFINE(BROKEN_SETREGID)
536 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
537 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
539 # UnixWare 7.x, OpenUNIX 8
541 check_for_libcrypt_later=1
542 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
544 AC_DEFINE(SETEUID_BREAKS_SETUID)
545 AC_DEFINE(BROKEN_SETREUID)
546 AC_DEFINE(BROKEN_SETREGID)
547 AC_DEFINE(PASSWD_NEEDS_USERNAME)
549 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
550 TEST_SHELL=/u95/bin/sh
551 AC_DEFINE(BROKEN_LIBIAF, 1,
552 [ia_uinfo routines not supported by OS yet])
553 AC_DEFINE(BROKEN_UPDWTMPX)
555 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
561 # SCO UNIX and OEM versions of SCO UNIX
563 AC_MSG_ERROR("This Platform is no longer supported.")
567 if test -z "$GCC"; then
568 CFLAGS="$CFLAGS -belf"
570 LIBS="$LIBS -lprot -lx -ltinfo -lm"
573 AC_DEFINE(HAVE_SECUREWARE)
574 AC_DEFINE(DISABLE_SHADOW)
575 AC_DEFINE(DISABLE_FD_PASSING)
576 AC_DEFINE(SETEUID_BREAKS_SETUID)
577 AC_DEFINE(BROKEN_SETREUID)
578 AC_DEFINE(BROKEN_SETREGID)
579 AC_DEFINE(WITH_ABBREV_NO_TTY)
580 AC_DEFINE(BROKEN_UPDWTMPX)
581 AC_DEFINE(PASSWD_NEEDS_USERNAME)
582 AC_CHECK_FUNCS(getluid setluid)
587 AC_DEFINE(NO_SSH_LASTLOG, 1,
588 [Define if you don't want to use lastlog in session.c])
589 AC_DEFINE(SETEUID_BREAKS_SETUID)
590 AC_DEFINE(BROKEN_SETREUID)
591 AC_DEFINE(BROKEN_SETREGID)
593 AC_DEFINE(DISABLE_FD_PASSING)
595 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
599 AC_DEFINE(SETEUID_BREAKS_SETUID)
600 AC_DEFINE(BROKEN_SETREUID)
601 AC_DEFINE(BROKEN_SETREGID)
602 AC_DEFINE(WITH_ABBREV_NO_TTY)
604 AC_DEFINE(DISABLE_FD_PASSING)
606 LIBS="$LIBS -lgen -lacid -ldb"
610 AC_DEFINE(SETEUID_BREAKS_SETUID)
611 AC_DEFINE(BROKEN_SETREUID)
612 AC_DEFINE(BROKEN_SETREGID)
614 AC_DEFINE(DISABLE_FD_PASSING)
615 AC_DEFINE(NO_SSH_LASTLOG)
616 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
617 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
621 AC_MSG_CHECKING(for Digital Unix SIA)
624 [ --with-osfsia Enable Digital Unix SIA],
626 if test "x$withval" = "xno" ; then
627 AC_MSG_RESULT(disabled)
632 if test -z "$no_osfsia" ; then
633 if test -f /etc/sia/matrix.conf; then
635 AC_DEFINE(HAVE_OSF_SIA, 1,
636 [Define if you have Digital Unix Security
637 Integration Architecture])
638 AC_DEFINE(DISABLE_LOGIN, 1,
639 [Define if you don't want to use your
640 system's login() call])
641 AC_DEFINE(DISABLE_FD_PASSING)
642 LIBS="$LIBS -lsecurity -ldb -lm -laud"
646 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
647 [String used in /etc/passwd to denote locked account])
650 AC_DEFINE(BROKEN_GETADDRINFO)
651 AC_DEFINE(SETEUID_BREAKS_SETUID)
652 AC_DEFINE(BROKEN_SETREUID)
653 AC_DEFINE(BROKEN_SETREGID)
658 AC_DEFINE(NO_X11_UNIX_SOCKETS)
659 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
660 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
661 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
662 AC_DEFINE(DISABLE_LASTLOG)
663 AC_DEFINE(SSHD_ACQUIRES_CTTY)
664 enable_etc_default_login=no # has incompatible /etc/default/login
668 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
669 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
670 AC_DEFINE(NEED_SETPGRP)
671 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
675 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
676 AC_DEFINE(MISSING_HOWMANY)
677 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
681 # Allow user to specify flags
683 [ --with-cflags Specify additional flags to pass to compiler],
685 if test -n "$withval" && test "x$withval" != "xno" && \
686 test "x${withval}" != "xyes"; then
687 CFLAGS="$CFLAGS $withval"
691 AC_ARG_WITH(cppflags,
692 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
694 if test -n "$withval" && test "x$withval" != "xno" && \
695 test "x${withval}" != "xyes"; then
696 CPPFLAGS="$CPPFLAGS $withval"
701 [ --with-ldflags Specify additional flags to pass to linker],
703 if test -n "$withval" && test "x$withval" != "xno" && \
704 test "x${withval}" != "xyes"; then
705 LDFLAGS="$LDFLAGS $withval"
710 [ --with-libs Specify additional libraries to link with],
712 if test -n "$withval" && test "x$withval" != "xno" && \
713 test "x${withval}" != "xyes"; then
714 LIBS="$LIBS $withval"
719 [ --with-Werror Build main code with -Werror],
721 if test -n "$withval" && test "x$withval" != "xno"; then
722 werror_flags="-Werror"
723 if test "x${withval}" != "xyes"; then
724 werror_flags="$withval"
730 AC_MSG_CHECKING(compiler and flags for sanity)
736 [ AC_MSG_RESULT(yes) ],
739 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
741 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
744 dnl Checks for header files.
770 security/pam_appl.h \
807 # lastlog.h requires sys/time.h to be included first on Solaris
808 AC_CHECK_HEADERS(lastlog.h, [], [], [
809 #ifdef HAVE_SYS_TIME_H
810 # include <sys/time.h>
814 # sys/ptms.h requires sys/stream.h to be included first on Solaris
815 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
816 #ifdef HAVE_SYS_STREAM_H
817 # include <sys/stream.h>
821 # login_cap.h requires sys/types.h on NetBSD
822 AC_CHECK_HEADERS(login_cap.h, [], [], [
823 #include <sys/types.h>
826 # Checks for libraries.
827 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
828 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
830 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
831 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
832 AC_CHECK_LIB(gen, dirname,[
833 AC_CACHE_CHECK([for broken dirname],
834 ac_cv_have_broken_dirname, [
842 int main(int argc, char **argv) {
845 strncpy(buf,"/etc", 32);
847 if (!s || strncmp(s, "/", 32) != 0) {
854 [ ac_cv_have_broken_dirname="no" ],
855 [ ac_cv_have_broken_dirname="yes" ],
856 [ ac_cv_have_broken_dirname="no" ],
860 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
862 AC_DEFINE(HAVE_DIRNAME)
863 AC_CHECK_HEADERS(libgen.h)
868 AC_CHECK_FUNC(getspnam, ,
869 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
870 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
871 [Define if you have the basename function.]))
875 [ --with-zlib=PATH Use zlib in PATH],
876 [ if test "x$withval" = "xno" ; then
877 AC_MSG_ERROR([*** zlib is required ***])
878 elif test "x$withval" != "xyes"; then
879 if test -d "$withval/lib"; then
880 if test -n "${need_dash_r}"; then
881 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
883 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
886 if test -n "${need_dash_r}"; then
887 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
889 LDFLAGS="-L${withval} ${LDFLAGS}"
892 if test -d "$withval/include"; then
893 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
895 CPPFLAGS="-I${withval} ${CPPFLAGS}"
900 AC_CHECK_LIB(z, deflate, ,
902 saved_CPPFLAGS="$CPPFLAGS"
903 saved_LDFLAGS="$LDFLAGS"
905 dnl Check default zlib install dir
906 if test -n "${need_dash_r}"; then
907 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
909 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
911 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
913 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
915 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
920 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
922 AC_ARG_WITH(zlib-version-check,
923 [ --without-zlib-version-check Disable zlib version check],
924 [ if test "x$withval" = "xno" ; then
925 zlib_check_nonfatal=1
930 AC_MSG_CHECKING(for possibly buggy zlib)
931 AC_RUN_IFELSE([AC_LANG_SOURCE([[
936 int a=0, b=0, c=0, d=0, n, v;
937 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
938 if (n != 3 && n != 4)
940 v = a*1000000 + b*10000 + c*100 + d;
941 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
944 if (a == 1 && b == 1 && c >= 4)
947 /* 1.2.3 and up are OK */
956 if test -z "$zlib_check_nonfatal" ; then
957 AC_MSG_ERROR([*** zlib too old - check config.log ***
958 Your reported zlib version has known security problems. It's possible your
959 vendor has fixed these problems without changing the version number. If you
960 are sure this is the case, you can disable the check by running
961 "./configure --without-zlib-version-check".
962 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
963 See http://www.gzip.org/zlib/ for details.])
965 AC_MSG_WARN([zlib version may have security problems])
968 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
972 AC_CHECK_FUNC(strcasecmp,
973 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
975 AC_CHECK_FUNCS(utimes,
976 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
977 LIBS="$LIBS -lc89"]) ]
980 dnl Checks for libutil functions
981 AC_CHECK_HEADERS(libutil.h)
982 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
983 [Define if your libraries define login()])])
984 AC_CHECK_FUNCS(logout updwtmp logwtmp)
988 # Check for ALTDIRFUNC glob() extension
989 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
990 AC_EGREP_CPP(FOUNDIT,
993 #ifdef GLOB_ALTDIRFUNC
998 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
999 [Define if your system glob() function has
1000 the GLOB_ALTDIRFUNC extension])
1008 # Check for g.gl_matchc glob() extension
1009 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1011 [ #include <glob.h> ],
1012 [glob_t g; g.gl_matchc = 1;],
1014 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1015 [Define if your system glob() function has
1016 gl_matchc options in glob_t])
1024 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1026 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1029 #include <sys/types.h>
1031 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1033 [AC_MSG_RESULT(yes)],
1036 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1037 [Define if your struct dirent expects you to
1038 allocate extra space for d_name])
1041 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1042 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1046 # Check whether the user wants GSSAPI mechglue support
1047 AC_ARG_WITH(mechglue,
1048 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1050 AC_MSG_CHECKING(for mechglue library)
1052 if test -e ${withval}/libgssapi.a ; then
1053 mechglue_lib=${withval}/libgssapi.a
1054 elif test -e ${withval}/lib/libgssapi.a ; then
1055 mechglue_lib=${withval}/lib/libgssapi.a
1057 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1059 LIBS="$LIBS ${mechglue_lib}"
1060 AC_MSG_RESULT(${mechglue_lib})
1062 AC_CHECK_LIB(dl, dlopen, , )
1063 if test $ac_cv_lib_dl_dlopen = yes; then
1064 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1068 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1075 # Check whether the user wants GSI (Globus) support
1078 [ --with-gsi Enable Globus GSI authentication support],
1085 [ --with-globus Enable Globus GSI authentication support],
1091 AC_ARG_WITH(globus-static,
1092 [ --with-globus-static Link statically with Globus GSI libraries],
1094 gsi_static="-static"
1095 if test "x$gsi_path" = "xno" ; then
1101 # Check whether the user has a Globus flavor type
1102 globus_flavor_type="no"
1103 AC_ARG_WITH(globus-flavor,
1104 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
1106 globus_flavor_type="$withval"
1107 if test "x$gsi_path" = "xno" ; then
1113 if test "x$gsi_path" != "xno" ; then
1114 # Globus GSSAPI configuration
1115 AC_MSG_CHECKING(for Globus GSI)
1116 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
1118 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
1119 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1121 if test -z "$GSSAPI"; then
1126 if test "x$gsi_path" = "xyes" ; then
1127 if test -z "$GLOBUS_LOCATION" ; then
1128 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
1130 gsi_path="$GLOBUS_LOCATION"
1133 GLOBUS_LOCATION="$gsi_path"
1134 export GLOBUS_LOCATION
1135 if test ! -d "$GLOBUS_LOCATION" ; then
1136 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1139 if test "x$globus_flavor_type" = "xno" ; then
1140 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1142 if test "x$globus_flavor_type" = "xyes" ; then
1143 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1146 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1147 if test ! -d "$GLOBUS_INCLUDE" ; then
1148 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1150 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
1152 if test -x ${gsi_path}/bin/globus-makefile-header ; then
1153 GSI_LIBS=`${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
1154 elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
1155 GSI_LIBS=`${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
1157 AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
1159 if test -n "${need_dash_r}"; then
1160 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
1162 GSI_LDFLAGS="-L${gsi_path}/lib"
1164 if test -z "$GSI_LIBS" ; then
1165 AC_MSG_ERROR(globus-makefile-header failed)
1168 AC_DEFINE(HAVE_GSSAPI_H)
1170 LIBS="$LIBS $GSI_LIBS"
1171 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1172 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
1174 # test that we got the libraries OK
1182 AC_MSG_ERROR(link with Globus libraries failed)
1185 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1186 INSTALL_GSISSH="yes"
1190 AC_SUBST(INSTALL_GSISSH)
1191 # End Globus/GSI section
1193 AC_MSG_CHECKING([for /proc/pid/fd directory])
1194 if test -d "/proc/$$/fd" ; then
1195 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1201 # Check whether user wants S/Key support
1204 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1206 if test "x$withval" != "xno" ; then
1208 if test "x$withval" != "xyes" ; then
1209 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1210 LDFLAGS="$LDFLAGS -L${withval}/lib"
1213 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1217 AC_MSG_CHECKING([for s/key support])
1222 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1224 [AC_MSG_RESULT(yes)],
1227 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1229 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1233 [(void)skeychallenge(NULL,"name","",0);],
1235 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1236 [Define if your skeychallenge()
1237 function takes 4 arguments (NetBSD)])],
1244 # Check whether user wants TCP wrappers support
1246 AC_ARG_WITH(tcp-wrappers,
1247 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1249 if test "x$withval" != "xno" ; then
1251 saved_LDFLAGS="$LDFLAGS"
1252 saved_CPPFLAGS="$CPPFLAGS"
1253 if test -n "${withval}" && \
1254 test "x${withval}" != "xyes"; then
1255 if test -d "${withval}/lib"; then
1256 if test -n "${need_dash_r}"; then
1257 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1259 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1262 if test -n "${need_dash_r}"; then
1263 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1265 LDFLAGS="-L${withval} ${LDFLAGS}"
1268 if test -d "${withval}/include"; then
1269 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1271 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1275 LIBS="$LIBWRAP $LIBS"
1276 AC_MSG_CHECKING(for libwrap)
1279 #include <sys/types.h>
1280 #include <sys/socket.h>
1281 #include <netinet/in.h>
1283 int deny_severity = 0, allow_severity = 0;
1288 AC_DEFINE(LIBWRAP, 1,
1290 TCP Wrappers support])
1295 AC_MSG_ERROR([*** libwrap missing])
1303 # Check whether user wants libedit support
1305 AC_ARG_WITH(libedit,
1306 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1307 [ if test "x$withval" != "xno" ; then
1308 if test "x$withval" != "xyes"; then
1309 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1310 if test -n "${need_dash_r}"; then
1311 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1313 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1316 AC_CHECK_LIB(edit, el_init,
1317 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1318 LIBEDIT="-ledit -lcurses"
1322 [ AC_MSG_ERROR(libedit not found) ],
1325 AC_MSG_CHECKING(if libedit version is compatible)
1328 #include <histedit.h>
1332 el_init("", NULL, NULL, NULL);
1336 [ AC_MSG_RESULT(yes) ],
1338 AC_MSG_ERROR(libedit version is not compatible) ]
1345 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1347 AC_MSG_CHECKING(for supported audit module)
1352 dnl Checks for headers, libs and functions
1353 AC_CHECK_HEADERS(bsm/audit.h, [],
1354 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1361 AC_CHECK_LIB(bsm, getaudit, [],
1362 [AC_MSG_ERROR(BSM enabled and required library not found)])
1363 AC_CHECK_FUNCS(getaudit, [],
1364 [AC_MSG_ERROR(BSM enabled and required function not found)])
1365 # These are optional
1366 AC_CHECK_FUNCS(getaudit_addr)
1367 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1371 AC_MSG_RESULT(debug)
1372 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1378 AC_MSG_ERROR([Unknown audit module $withval])
1383 dnl Checks for library functions. Please keep in alphabetical order
1468 # IRIX has a const char return value for gai_strerror()
1469 AC_CHECK_FUNCS(gai_strerror,[
1470 AC_DEFINE(HAVE_GAI_STRERROR)
1472 #include <sys/types.h>
1473 #include <sys/socket.h>
1476 const char *gai_strerror(int);],[
1479 str = gai_strerror(0);],[
1480 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1481 [Define if gai_strerror() returns const char *])])])
1483 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1484 [Some systems put nanosleep outside of libc]))
1486 dnl Make sure prototypes are defined for these before using them.
1487 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1488 AC_CHECK_DECL(strsep,
1489 [AC_CHECK_FUNCS(strsep)],
1492 #ifdef HAVE_STRING_H
1493 # include <string.h>
1497 dnl tcsendbreak might be a macro
1498 AC_CHECK_DECL(tcsendbreak,
1499 [AC_DEFINE(HAVE_TCSENDBREAK)],
1500 [AC_CHECK_FUNCS(tcsendbreak)],
1501 [#include <termios.h>]
1504 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1506 AC_CHECK_DECLS(SHUT_RD, , ,
1508 #include <sys/types.h>
1509 #include <sys/socket.h>
1512 AC_CHECK_DECLS(O_NONBLOCK, , ,
1514 #include <sys/types.h>
1515 #ifdef HAVE_SYS_STAT_H
1516 # include <sys/stat.h>
1523 AC_CHECK_DECLS(writev, , , [
1524 #include <sys/types.h>
1525 #include <sys/uio.h>
1529 AC_CHECK_FUNCS(setresuid, [
1530 dnl Some platorms have setresuid that isn't implemented, test for this
1531 AC_MSG_CHECKING(if setresuid seems to work)
1536 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1538 [AC_MSG_RESULT(yes)],
1539 [AC_DEFINE(BROKEN_SETRESUID, 1,
1540 [Define if your setresuid() is broken])
1541 AC_MSG_RESULT(not implemented)],
1542 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1546 AC_CHECK_FUNCS(setresgid, [
1547 dnl Some platorms have setresgid that isn't implemented, test for this
1548 AC_MSG_CHECKING(if setresgid seems to work)
1553 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1555 [AC_MSG_RESULT(yes)],
1556 [AC_DEFINE(BROKEN_SETRESGID, 1,
1557 [Define if your setresgid() is broken])
1558 AC_MSG_RESULT(not implemented)],
1559 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1563 dnl Checks for time functions
1564 AC_CHECK_FUNCS(gettimeofday time)
1565 dnl Checks for utmp functions
1566 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1567 AC_CHECK_FUNCS(utmpname)
1568 dnl Checks for utmpx functions
1569 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1570 AC_CHECK_FUNCS(setutxent utmpxname)
1572 AC_CHECK_FUNC(daemon,
1573 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1574 [AC_CHECK_LIB(bsd, daemon,
1575 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1578 AC_CHECK_FUNC(getpagesize,
1579 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1580 [Define if your libraries define getpagesize()])],
1581 [AC_CHECK_LIB(ucb, getpagesize,
1582 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1585 # Check for broken snprintf
1586 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1587 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1591 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1593 [AC_MSG_RESULT(yes)],
1596 AC_DEFINE(BROKEN_SNPRINTF, 1,
1597 [Define if your snprintf is busted])
1598 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1600 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1604 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1605 # returning the right thing on overflow: the number of characters it tried to
1606 # create (as per SUSv3)
1607 if test "x$ac_cv_func_asprintf" != "xyes" && \
1608 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1609 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1612 #include <sys/types.h>
1616 int x_snprintf(char *str,size_t count,const char *fmt,...)
1618 size_t ret; va_list ap;
1619 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1625 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1627 [AC_MSG_RESULT(yes)],
1630 AC_DEFINE(BROKEN_SNPRINTF, 1,
1631 [Define if your snprintf is busted])
1632 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1634 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1638 # On systems where [v]snprintf is broken, but is declared in stdio,
1639 # check that the fmt argument is const char * or just char *.
1640 # This is only useful for when BROKEN_SNPRINTF
1641 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1642 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1643 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1644 int main(void) { snprintf(0, 0, 0); }
1647 AC_DEFINE(SNPRINTF_CONST, [const],
1648 [Define as const if snprintf() can declare const char *fmt])],
1650 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1652 # Check for missing getpeereid (or equiv) support
1654 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1655 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1657 [#include <sys/types.h>
1658 #include <sys/socket.h>],
1659 [int i = SO_PEERCRED;],
1660 [ AC_MSG_RESULT(yes)
1661 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1668 dnl see whether mkstemp() requires XXXXXX
1669 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1670 AC_MSG_CHECKING([for (overly) strict mkstemp])
1674 main() { char template[]="conftest.mkstemp-test";
1675 if (mkstemp(template) == -1)
1677 unlink(template); exit(0);
1685 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1689 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1694 dnl make sure that openpty does not reacquire controlling terminal
1695 if test ! -z "$check_for_openpty_ctty_bug"; then
1696 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1700 #include <sys/fcntl.h>
1701 #include <sys/types.h>
1702 #include <sys/wait.h>
1708 int fd, ptyfd, ttyfd, status;
1711 if (pid < 0) { /* failed */
1713 } else if (pid > 0) { /* parent */
1714 waitpid(pid, &status, 0);
1715 if (WIFEXITED(status))
1716 exit(WEXITSTATUS(status));
1719 } else { /* child */
1720 close(0); close(1); close(2);
1722 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1723 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1725 exit(3); /* Acquired ctty: broken */
1727 exit(0); /* Did not acquire ctty: OK */
1736 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1739 AC_MSG_RESULT(cross-compiling, assuming yes)
1744 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1745 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1746 AC_MSG_CHECKING(if getaddrinfo seems to work)
1750 #include <sys/socket.h>
1753 #include <netinet/in.h>
1755 #define TEST_PORT "2222"
1761 struct addrinfo *gai_ai, *ai, hints;
1762 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1764 memset(&hints, 0, sizeof(hints));
1765 hints.ai_family = PF_UNSPEC;
1766 hints.ai_socktype = SOCK_STREAM;
1767 hints.ai_flags = AI_PASSIVE;
1769 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1771 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1775 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1776 if (ai->ai_family != AF_INET6)
1779 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1780 sizeof(ntop), strport, sizeof(strport),
1781 NI_NUMERICHOST|NI_NUMERICSERV);
1784 if (err == EAI_SYSTEM)
1785 perror("getnameinfo EAI_SYSTEM");
1787 fprintf(stderr, "getnameinfo failed: %s\n",
1792 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1795 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1808 AC_DEFINE(BROKEN_GETADDRINFO)
1811 AC_MSG_RESULT(cross-compiling, assuming yes)
1816 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1817 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1818 AC_MSG_CHECKING(if getaddrinfo seems to work)
1822 #include <sys/socket.h>
1825 #include <netinet/in.h>
1827 #define TEST_PORT "2222"
1833 struct addrinfo *gai_ai, *ai, hints;
1834 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1836 memset(&hints, 0, sizeof(hints));
1837 hints.ai_family = PF_UNSPEC;
1838 hints.ai_socktype = SOCK_STREAM;
1839 hints.ai_flags = AI_PASSIVE;
1841 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1843 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1847 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1848 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1851 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1852 sizeof(ntop), strport, sizeof(strport),
1853 NI_NUMERICHOST|NI_NUMERICSERV);
1855 if (ai->ai_family == AF_INET && err != 0) {
1856 perror("getnameinfo");
1865 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1866 [Define if you have a getaddrinfo that fails
1867 for the all-zeros IPv6 address])
1871 AC_DEFINE(BROKEN_GETADDRINFO)
1874 AC_MSG_RESULT(cross-compiling, assuming no)
1879 if test "x$check_for_conflicting_getspnam" = "x1"; then
1880 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1884 int main(void) {exit(0);}
1891 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1892 [Conflicting defs for getspnam])
1899 # Search for OpenSSL
1900 saved_CPPFLAGS="$CPPFLAGS"
1901 saved_LDFLAGS="$LDFLAGS"
1902 AC_ARG_WITH(ssl-dir,
1903 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1905 if test "x$withval" != "xno" ; then
1908 ./*|../*) withval="`pwd`/$withval"
1910 if test -d "$withval/lib"; then
1911 if test -n "${need_dash_r}"; then
1912 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1914 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1917 if test -n "${need_dash_r}"; then
1918 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1920 LDFLAGS="-L${withval} ${LDFLAGS}"
1923 if test -d "$withval/include"; then
1924 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1926 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1931 if test -z "$GSI_LIBS" ; then
1932 LIBS="-lcrypto $LIBS"
1934 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1935 [Define if your ssl headers are included
1936 with #include <openssl/header.h>]),
1938 dnl Check default openssl install dir
1939 if test -n "${need_dash_r}"; then
1940 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1942 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1944 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1945 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1947 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1953 # Determine OpenSSL header version
1954 AC_MSG_CHECKING([OpenSSL header version])
1959 #include <openssl/opensslv.h>
1960 #define DATA "conftest.sslincver"
1965 fd = fopen(DATA,"w");
1969 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1976 ssl_header_ver=`cat conftest.sslincver`
1977 AC_MSG_RESULT($ssl_header_ver)
1980 AC_MSG_RESULT(not found)
1981 AC_MSG_ERROR(OpenSSL version header not found.)
1984 AC_MSG_WARN([cross compiling: not checking])
1988 # Determine OpenSSL library version
1989 AC_MSG_CHECKING([OpenSSL library version])
1994 #include <openssl/opensslv.h>
1995 #include <openssl/crypto.h>
1996 #define DATA "conftest.ssllibver"
2001 fd = fopen(DATA,"w");
2005 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2012 ssl_library_ver=`cat conftest.ssllibver`
2013 AC_MSG_RESULT($ssl_library_ver)
2016 AC_MSG_RESULT(not found)
2017 AC_MSG_ERROR(OpenSSL library not found.)
2020 AC_MSG_WARN([cross compiling: not checking])
2024 # Sanity check OpenSSL headers
2025 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2029 #include <openssl/opensslv.h>
2030 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2037 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
2038 Check config.log for details.
2039 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2042 AC_MSG_WARN([cross compiling: not checking])
2046 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2049 #include <openssl/evp.h>
2050 int main(void) { SSLeay_add_all_algorithms(); }
2059 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2062 #include <openssl/evp.h>
2063 int main(void) { SSLeay_add_all_algorithms(); }
2076 AC_ARG_WITH(ssl-engine,
2077 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2078 [ if test "x$withval" != "xno" ; then
2079 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2081 [ #include <openssl/engine.h>],
2083 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
2085 [ AC_MSG_RESULT(yes)
2086 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2087 [Enable OpenSSL engine support])
2089 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2094 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2095 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2099 #include <openssl/evp.h>
2100 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2107 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2108 [libcrypto is missing AES 192 and 256 bit functions])
2112 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2113 # because the system crypt() is more featureful.
2114 if test "x$check_for_libcrypt_before" = "x1"; then
2115 AC_CHECK_LIB(crypt, crypt)
2118 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2119 # version in OpenSSL.
2120 if test "x$check_for_libcrypt_later" = "x1"; then
2121 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2124 # Search for SHA256 support in libc and/or OpenSSL
2125 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2127 AC_CHECK_LIB(iaf, ia_openinfo)
2129 ### Configure cryptographic random number support
2131 # Check wheter OpenSSL seeds itself
2132 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2136 #include <openssl/rand.h>
2137 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2140 OPENSSL_SEEDS_ITSELF=yes
2145 # Default to use of the rand helper if OpenSSL doesn't
2150 AC_MSG_WARN([cross compiling: assuming yes])
2151 # This is safe, since all recent OpenSSL versions will
2152 # complain at runtime if not seeded correctly.
2153 OPENSSL_SEEDS_ITSELF=yes
2157 # Check for PAM libs
2160 [ --with-pam Enable PAM support ],
2162 if test "x$withval" != "xno" ; then
2163 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2164 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2165 AC_MSG_ERROR([PAM headers not found])
2169 AC_CHECK_LIB(dl, dlopen, , )
2170 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2171 AC_CHECK_FUNCS(pam_getenvlist)
2172 AC_CHECK_FUNCS(pam_putenv)
2178 AC_DEFINE(USE_PAM, 1,
2179 [Define if you want to enable PAM support])
2181 if test $ac_cv_lib_dl_dlopen = yes; then
2184 # libdl already in LIBS
2187 LIBPAM="$LIBPAM -ldl"
2196 # Check for older PAM
2197 if test "x$PAM_MSG" = "xyes" ; then
2198 # Check PAM strerror arguments (old PAM)
2199 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2203 #if defined(HAVE_SECURITY_PAM_APPL_H)
2204 #include <security/pam_appl.h>
2205 #elif defined (HAVE_PAM_PAM_APPL_H)
2206 #include <pam/pam_appl.h>
2209 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2210 [AC_MSG_RESULT(no)],
2212 AC_DEFINE(HAVE_OLD_PAM, 1,
2213 [Define if you have an old version of PAM
2214 which takes only one argument to pam_strerror])
2216 PAM_MSG="yes (old library)"
2221 # Do we want to force the use of the rand helper?
2222 AC_ARG_WITH(rand-helper,
2223 [ --with-rand-helper Use subprocess to gather strong randomness ],
2225 if test "x$withval" = "xno" ; then
2226 # Force use of OpenSSL's internal RNG, even if
2227 # the previous test showed it to be unseeded.
2228 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2229 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2230 OPENSSL_SEEDS_ITSELF=yes
2239 # Which randomness source do we use?
2240 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2242 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2243 [Define if you want OpenSSL's internally seeded PRNG only])
2244 RAND_MSG="OpenSSL internal ONLY"
2245 INSTALL_SSH_RAND_HELPER=""
2246 elif test ! -z "$USE_RAND_HELPER" ; then
2247 # install rand helper
2248 RAND_MSG="ssh-rand-helper"
2249 INSTALL_SSH_RAND_HELPER="yes"
2251 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2253 ### Configuration of ssh-rand-helper
2256 AC_ARG_WITH(prngd-port,
2257 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2266 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2269 if test ! -z "$withval" ; then
2270 PRNGD_PORT="$withval"
2271 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2272 [Port number of PRNGD/EGD random number socket])
2277 # PRNGD Unix domain socket
2278 AC_ARG_WITH(prngd-socket,
2279 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2283 withval="/var/run/egd-pool"
2291 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2295 if test ! -z "$withval" ; then
2296 if test ! -z "$PRNGD_PORT" ; then
2297 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2299 if test ! -r "$withval" ; then
2300 AC_MSG_WARN(Entropy socket is not readable)
2302 PRNGD_SOCKET="$withval"
2303 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2304 [Location of PRNGD/EGD random number socket])
2308 # Check for existing socket only if we don't have a random device already
2309 if test "$USE_RAND_HELPER" = yes ; then
2310 AC_MSG_CHECKING(for PRNGD/EGD socket)
2311 # Insert other locations here
2312 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2313 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2314 PRNGD_SOCKET="$sock"
2315 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2319 if test ! -z "$PRNGD_SOCKET" ; then
2320 AC_MSG_RESULT($PRNGD_SOCKET)
2322 AC_MSG_RESULT(not found)
2328 # Change default command timeout for hashing entropy source
2330 AC_ARG_WITH(entropy-timeout,
2331 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2333 if test -n "$withval" && test "x$withval" != "xno" && \
2334 test "x${withval}" != "xyes"; then
2335 entropy_timeout=$withval
2339 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2340 [Builtin PRNG command timeout])
2342 SSH_PRIVSEP_USER=sshd
2343 AC_ARG_WITH(privsep-user,
2344 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2346 if test -n "$withval" && test "x$withval" != "xno" && \
2347 test "x${withval}" != "xyes"; then
2348 SSH_PRIVSEP_USER=$withval
2352 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2353 [non-privileged user for privilege separation])
2354 AC_SUBST(SSH_PRIVSEP_USER)
2356 # We do this little dance with the search path to insure
2357 # that programs that we select for use by installed programs
2358 # (which may be run by the super-user) come from trusted
2359 # locations before they come from the user's private area.
2360 # This should help avoid accidentally configuring some
2361 # random version of a program in someone's personal bin.
2365 test -h /bin 2> /dev/null && PATH=/usr/bin
2366 test -d /sbin && PATH=$PATH:/sbin
2367 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2368 PATH=$PATH:/etc:$OPATH
2370 # These programs are used by the command hashing source to gather entropy
2371 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2372 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2373 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2374 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2375 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2376 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2377 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2378 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2379 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2380 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2381 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2382 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2383 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2384 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2385 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2386 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2390 # Where does ssh-rand-helper get its randomness from?
2391 INSTALL_SSH_PRNG_CMDS=""
2392 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2393 if test ! -z "$PRNGD_PORT" ; then
2394 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2395 elif test ! -z "$PRNGD_SOCKET" ; then
2396 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2398 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2399 RAND_HELPER_CMDHASH=yes
2400 INSTALL_SSH_PRNG_CMDS="yes"
2403 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2406 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2407 if test ! -z "$SONY" ; then
2408 LIBS="$LIBS -liberty";
2411 # Check for long long datatypes
2412 AC_CHECK_TYPES([long long, unsigned long long, long double])
2414 # Check datatype sizes
2415 AC_CHECK_SIZEOF(char, 1)
2416 AC_CHECK_SIZEOF(short int, 2)
2417 AC_CHECK_SIZEOF(int, 4)
2418 AC_CHECK_SIZEOF(long int, 4)
2419 AC_CHECK_SIZEOF(long long int, 8)
2421 # Sanity check long long for some platforms (AIX)
2422 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2423 ac_cv_sizeof_long_long_int=0
2426 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2427 if test -z "$have_llong_max"; then
2428 AC_MSG_CHECKING([for max value of long long])
2432 /* Why is this so damn hard? */
2436 #define __USE_ISOC99
2438 #define DATA "conftest.llminmax"
2439 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2442 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2443 * we do this the hard way.
2446 fprint_ll(FILE *f, long long n)
2449 int l[sizeof(long long) * 8];
2452 if (fprintf(f, "-") < 0)
2454 for (i = 0; n != 0; i++) {
2455 l[i] = my_abs(n % 10);
2459 if (fprintf(f, "%d", l[--i]) < 0)
2462 if (fprintf(f, " ") < 0)
2469 long long i, llmin, llmax = 0;
2471 if((f = fopen(DATA,"w")) == NULL)
2474 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2475 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2479 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2480 /* This will work on one's complement and two's complement */
2481 for (i = 1; i > llmax; i <<= 1, i++)
2483 llmin = llmax + 1LL; /* wrap */
2487 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2488 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2489 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2490 fprintf(f, "unknown unknown\n");
2494 if (fprint_ll(f, llmin) < 0)
2496 if (fprint_ll(f, llmax) < 0)
2504 llong_min=`$AWK '{print $1}' conftest.llminmax`
2505 llong_max=`$AWK '{print $2}' conftest.llminmax`
2507 AC_MSG_RESULT($llong_max)
2508 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2509 [max value of long long calculated by configure])
2510 AC_MSG_CHECKING([for min value of long long])
2511 AC_MSG_RESULT($llong_min)
2512 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2513 [min value of long long calculated by configure])
2516 AC_MSG_RESULT(not found)
2519 AC_MSG_WARN([cross compiling: not checking])
2525 # More checks for data types
2526 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2528 [ #include <sys/types.h> ],
2530 [ ac_cv_have_u_int="yes" ],
2531 [ ac_cv_have_u_int="no" ]
2534 if test "x$ac_cv_have_u_int" = "xyes" ; then
2535 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2539 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2541 [ #include <sys/types.h> ],
2542 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2543 [ ac_cv_have_intxx_t="yes" ],
2544 [ ac_cv_have_intxx_t="no" ]
2547 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2548 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2552 if (test -z "$have_intxx_t" && \
2553 test "x$ac_cv_header_stdint_h" = "xyes")
2555 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2557 [ #include <stdint.h> ],
2558 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2560 AC_DEFINE(HAVE_INTXX_T)
2563 [ AC_MSG_RESULT(no) ]
2567 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2570 #include <sys/types.h>
2571 #ifdef HAVE_STDINT_H
2572 # include <stdint.h>
2574 #include <sys/socket.h>
2575 #ifdef HAVE_SYS_BITYPES_H
2576 # include <sys/bitypes.h>
2579 [ int64_t a; a = 1;],
2580 [ ac_cv_have_int64_t="yes" ],
2581 [ ac_cv_have_int64_t="no" ]
2584 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2585 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2588 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2590 [ #include <sys/types.h> ],
2591 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2592 [ ac_cv_have_u_intxx_t="yes" ],
2593 [ ac_cv_have_u_intxx_t="no" ]
2596 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2597 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2601 if test -z "$have_u_intxx_t" ; then
2602 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2604 [ #include <sys/socket.h> ],
2605 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2607 AC_DEFINE(HAVE_U_INTXX_T)
2610 [ AC_MSG_RESULT(no) ]
2614 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2616 [ #include <sys/types.h> ],
2617 [ u_int64_t a; a = 1;],
2618 [ ac_cv_have_u_int64_t="yes" ],
2619 [ ac_cv_have_u_int64_t="no" ]
2622 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2623 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2627 if test -z "$have_u_int64_t" ; then
2628 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2630 [ #include <sys/bitypes.h> ],
2631 [ u_int64_t a; a = 1],
2633 AC_DEFINE(HAVE_U_INT64_T)
2636 [ AC_MSG_RESULT(no) ]
2640 if test -z "$have_u_intxx_t" ; then
2641 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2644 #include <sys/types.h>
2646 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2647 [ ac_cv_have_uintxx_t="yes" ],
2648 [ ac_cv_have_uintxx_t="no" ]
2651 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2652 AC_DEFINE(HAVE_UINTXX_T, 1,
2653 [define if you have uintxx_t data type])
2657 if test -z "$have_uintxx_t" ; then
2658 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2660 [ #include <stdint.h> ],
2661 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2663 AC_DEFINE(HAVE_UINTXX_T)
2666 [ AC_MSG_RESULT(no) ]
2670 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2671 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2673 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2676 #include <sys/bitypes.h>
2679 int8_t a; int16_t b; int32_t c;
2680 u_int8_t e; u_int16_t f; u_int32_t g;
2681 a = b = c = e = f = g = 1;
2684 AC_DEFINE(HAVE_U_INTXX_T)
2685 AC_DEFINE(HAVE_INTXX_T)
2693 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2696 #include <sys/types.h>
2698 [ u_char foo; foo = 125; ],
2699 [ ac_cv_have_u_char="yes" ],
2700 [ ac_cv_have_u_char="no" ]
2703 if test "x$ac_cv_have_u_char" = "xyes" ; then
2704 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2709 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2711 AC_CHECK_TYPES(in_addr_t,,,
2712 [#include <sys/types.h>
2713 #include <netinet/in.h>])
2715 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2718 #include <sys/types.h>
2720 [ size_t foo; foo = 1235; ],
2721 [ ac_cv_have_size_t="yes" ],
2722 [ ac_cv_have_size_t="no" ]
2725 if test "x$ac_cv_have_size_t" = "xyes" ; then
2726 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2729 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2732 #include <sys/types.h>
2734 [ ssize_t foo; foo = 1235; ],
2735 [ ac_cv_have_ssize_t="yes" ],
2736 [ ac_cv_have_ssize_t="no" ]
2739 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2740 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2743 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2748 [ clock_t foo; foo = 1235; ],
2749 [ ac_cv_have_clock_t="yes" ],
2750 [ ac_cv_have_clock_t="no" ]
2753 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2754 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2757 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2760 #include <sys/types.h>
2761 #include <sys/socket.h>
2763 [ sa_family_t foo; foo = 1235; ],
2764 [ ac_cv_have_sa_family_t="yes" ],
2767 #include <sys/types.h>
2768 #include <sys/socket.h>
2769 #include <netinet/in.h>
2771 [ sa_family_t foo; foo = 1235; ],
2772 [ ac_cv_have_sa_family_t="yes" ],
2774 [ ac_cv_have_sa_family_t="no" ]
2778 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2779 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2780 [define if you have sa_family_t data type])
2783 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2786 #include <sys/types.h>
2788 [ pid_t foo; foo = 1235; ],
2789 [ ac_cv_have_pid_t="yes" ],
2790 [ ac_cv_have_pid_t="no" ]
2793 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2794 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2797 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2800 #include <sys/types.h>
2802 [ mode_t foo; foo = 1235; ],
2803 [ ac_cv_have_mode_t="yes" ],
2804 [ ac_cv_have_mode_t="no" ]
2807 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2808 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2812 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2815 #include <sys/types.h>
2816 #include <sys/socket.h>
2818 [ struct sockaddr_storage s; ],
2819 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2820 [ ac_cv_have_struct_sockaddr_storage="no" ]
2823 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2824 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2825 [define if you have struct sockaddr_storage data type])
2828 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2831 #include <sys/types.h>
2832 #include <netinet/in.h>
2834 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2835 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2836 [ ac_cv_have_struct_sockaddr_in6="no" ]
2839 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2840 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2841 [define if you have struct sockaddr_in6 data type])
2844 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2847 #include <sys/types.h>
2848 #include <netinet/in.h>
2850 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2851 [ ac_cv_have_struct_in6_addr="yes" ],
2852 [ ac_cv_have_struct_in6_addr="no" ]
2855 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2856 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2857 [define if you have struct in6_addr data type])
2860 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2863 #include <sys/types.h>
2864 #include <sys/socket.h>
2867 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2868 [ ac_cv_have_struct_addrinfo="yes" ],
2869 [ ac_cv_have_struct_addrinfo="no" ]
2872 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2873 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2874 [define if you have struct addrinfo data type])
2877 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2879 [ #include <sys/time.h> ],
2880 [ struct timeval tv; tv.tv_sec = 1;],
2881 [ ac_cv_have_struct_timeval="yes" ],
2882 [ ac_cv_have_struct_timeval="no" ]
2885 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2886 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2887 have_struct_timeval=1
2890 AC_CHECK_TYPES(struct timespec)
2892 # We need int64_t or else certian parts of the compile will fail.
2893 if test "x$ac_cv_have_int64_t" = "xno" && \
2894 test "x$ac_cv_sizeof_long_int" != "x8" && \
2895 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2896 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2897 echo "an alternative compiler (I.E., GCC) before continuing."
2901 dnl test snprintf (broken on SCO w/gcc)
2906 #ifdef HAVE_SNPRINTF
2910 char expected_out[50];
2912 #if (SIZEOF_LONG_INT == 8)
2913 long int num = 0x7fffffffffffffff;
2915 long long num = 0x7fffffffffffffffll;
2917 strcpy(expected_out, "9223372036854775807");
2918 snprintf(buf, mazsize, "%lld", num);
2919 if(strcmp(buf, expected_out) != 0)
2926 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2927 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2931 dnl Checks for structure members
2932 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2933 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2934 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2935 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2936 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2937 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2938 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2939 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2940 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2941 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2942 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2943 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2944 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2945 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2946 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2947 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2948 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2950 AC_CHECK_MEMBERS([struct stat.st_blksize])
2951 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2952 [Define if we don't have struct __res_state in resolv.h])],
2955 #if HAVE_SYS_TYPES_H
2956 # include <sys/types.h>
2958 #include <netinet/in.h>
2959 #include <arpa/nameser.h>
2963 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2964 ac_cv_have_ss_family_in_struct_ss, [
2967 #include <sys/types.h>
2968 #include <sys/socket.h>
2970 [ struct sockaddr_storage s; s.ss_family = 1; ],
2971 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2972 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2975 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2976 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2979 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2980 ac_cv_have___ss_family_in_struct_ss, [
2983 #include <sys/types.h>
2984 #include <sys/socket.h>
2986 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2987 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2988 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2991 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2992 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2993 [Fields in struct sockaddr_storage])
2996 AC_CACHE_CHECK([for pw_class field in struct passwd],
2997 ac_cv_have_pw_class_in_struct_passwd, [
3002 [ struct passwd p; p.pw_class = 0; ],
3003 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3004 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3007 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3008 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3009 [Define if your password has a pw_class field])
3012 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3013 ac_cv_have_pw_expire_in_struct_passwd, [
3018 [ struct passwd p; p.pw_expire = 0; ],
3019 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3020 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3023 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3024 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3025 [Define if your password has a pw_expire field])
3028 AC_CACHE_CHECK([for pw_change field in struct passwd],
3029 ac_cv_have_pw_change_in_struct_passwd, [
3034 [ struct passwd p; p.pw_change = 0; ],
3035 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3036 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3039 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3040 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3041 [Define if your password has a pw_change field])
3044 dnl make sure we're using the real structure members and not defines
3045 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3046 ac_cv_have_accrights_in_msghdr, [
3049 #include <sys/types.h>
3050 #include <sys/socket.h>
3051 #include <sys/uio.h>
3053 #ifdef msg_accrights
3054 #error "msg_accrights is a macro"
3058 m.msg_accrights = 0;
3062 [ ac_cv_have_accrights_in_msghdr="yes" ],
3063 [ ac_cv_have_accrights_in_msghdr="no" ]
3066 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3067 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3068 [Define if your system uses access rights style
3069 file descriptor passing])
3072 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3073 ac_cv_have_control_in_msghdr, [
3076 #include <sys/types.h>
3077 #include <sys/socket.h>
3078 #include <sys/uio.h>
3081 #error "msg_control is a macro"
3089 [ ac_cv_have_control_in_msghdr="yes" ],
3090 [ ac_cv_have_control_in_msghdr="no" ]
3093 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3094 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3095 [Define if your system uses ancillary data style
3096 file descriptor passing])
3099 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3101 [ extern char *__progname; printf("%s", __progname); ],
3102 [ ac_cv_libc_defines___progname="yes" ],
3103 [ ac_cv_libc_defines___progname="no" ]
3106 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3107 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3110 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3114 [ printf("%s", __FUNCTION__); ],
3115 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3116 [ ac_cv_cc_implements___FUNCTION__="no" ]
3119 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3120 AC_DEFINE(HAVE___FUNCTION__, 1,
3121 [Define if compiler implements __FUNCTION__])
3124 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3128 [ printf("%s", __func__); ],
3129 [ ac_cv_cc_implements___func__="yes" ],
3130 [ ac_cv_cc_implements___func__="no" ]
3133 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3134 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3137 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3139 [#include <stdarg.h>
3142 [ ac_cv_have_va_copy="yes" ],
3143 [ ac_cv_have_va_copy="no" ]
3146 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3147 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3150 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3152 [#include <stdarg.h>
3155 [ ac_cv_have___va_copy="yes" ],
3156 [ ac_cv_have___va_copy="no" ]
3159 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3160 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3163 AC_CACHE_CHECK([whether getopt has optreset support],
3164 ac_cv_have_getopt_optreset, [
3169 [ extern int optreset; optreset = 0; ],
3170 [ ac_cv_have_getopt_optreset="yes" ],
3171 [ ac_cv_have_getopt_optreset="no" ]
3174 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3175 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3176 [Define if your getopt(3) defines and uses optreset])
3179 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3181 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3182 [ ac_cv_libc_defines_sys_errlist="yes" ],
3183 [ ac_cv_libc_defines_sys_errlist="no" ]
3186 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3187 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3188 [Define if your system defines sys_errlist[]])
3192 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3194 [ extern int sys_nerr; printf("%i", sys_nerr);],
3195 [ ac_cv_libc_defines_sys_nerr="yes" ],
3196 [ ac_cv_libc_defines_sys_nerr="no" ]
3199 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3200 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3204 # Check whether user wants sectok support
3206 [ --with-sectok Enable smartcard support using libsectok],
3208 if test "x$withval" != "xno" ; then
3209 if test "x$withval" != "xyes" ; then
3210 CPPFLAGS="$CPPFLAGS -I${withval}"
3211 LDFLAGS="$LDFLAGS -L${withval}"
3212 if test ! -z "$need_dash_r" ; then
3213 LDFLAGS="$LDFLAGS -R${withval}"
3215 if test ! -z "$blibpath" ; then
3216 blibpath="$blibpath:${withval}"
3219 AC_CHECK_HEADERS(sectok.h)
3220 if test "$ac_cv_header_sectok_h" != yes; then
3221 AC_MSG_ERROR(Can't find sectok.h)
3223 AC_CHECK_LIB(sectok, sectok_open)
3224 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3225 AC_MSG_ERROR(Can't find libsectok)
3227 AC_DEFINE(SMARTCARD, 1,
3228 [Define if you want smartcard support])
3229 AC_DEFINE(USE_SECTOK, 1,
3230 [Define if you want smartcard support
3232 SCARD_MSG="yes, using sectok"
3237 # Check whether user wants OpenSC support
3240 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3242 if test "x$withval" != "xno" ; then
3243 if test "x$withval" != "xyes" ; then
3244 OPENSC_CONFIG=$withval/bin/opensc-config
3246 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3248 if test "$OPENSC_CONFIG" != "no"; then
3249 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3250 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3251 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3252 LIBS="$LIBS $LIBOPENSC_LIBS"
3253 AC_DEFINE(SMARTCARD)
3254 AC_DEFINE(USE_OPENSC, 1,
3255 [Define if you want smartcard support
3257 SCARD_MSG="yes, using OpenSC"
3263 # Check libraries needed by DNS fingerprint support
3264 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3265 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3266 [Define if getrrsetbyname() exists])],
3268 # Needed by our getrrsetbyname()
3269 AC_SEARCH_LIBS(res_query, resolv)
3270 AC_SEARCH_LIBS(dn_expand, resolv)
3271 AC_MSG_CHECKING(if res_query will link)
3272 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3275 LIBS="$LIBS -lresolv"
3276 AC_MSG_CHECKING(for res_query in -lresolv)
3281 res_query (0, 0, 0, 0, 0);
3285 [LIBS="$LIBS -lresolv"
3286 AC_MSG_RESULT(yes)],
3290 AC_CHECK_FUNCS(_getshort _getlong)
3291 AC_CHECK_DECLS([_getshort, _getlong], , ,
3292 [#include <sys/types.h>
3293 #include <arpa/nameser.h>])
3294 AC_CHECK_MEMBER(HEADER.ad,
3295 [AC_DEFINE(HAVE_HEADER_AD, 1,
3296 [Define if HEADER.ad exists in arpa/nameser.h])],,
3297 [#include <arpa/nameser.h>])
3300 # Check whether user wants SELinux support
3303 AC_ARG_WITH(selinux,
3304 [ --with-selinux Enable SELinux support],
3305 [ if test "x$withval" != "xno" ; then
3306 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3308 AC_CHECK_HEADER([selinux/selinux.h], ,
3309 AC_MSG_ERROR(SELinux support requires selinux.h header))
3310 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3311 AC_MSG_ERROR(SELinux support requires libselinux library))
3312 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3315 AC_SUBST(LIBSELINUX)
3317 # Check whether user wants Kerberos 5 support
3319 AC_ARG_WITH(kerberos5,
3320 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3321 [ if test "x$withval" != "xno" ; then
3322 if test "x$withval" = "xyes" ; then
3323 KRB5ROOT="/usr/local"
3328 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3331 AC_MSG_CHECKING(for krb5-config)
3332 if test -x $KRB5ROOT/bin/krb5-config ; then
3333 KRB5CONF=$KRB5ROOT/bin/krb5-config
3334 AC_MSG_RESULT($KRB5CONF)
3336 AC_MSG_CHECKING(for gssapi support)
3337 if $KRB5CONF | grep gssapi >/dev/null ; then
3339 AC_DEFINE(GSSAPI, 1,
3340 [Define this if you want GSSAPI
3341 support in the version 2 protocol])
3347 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3348 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3349 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3350 AC_MSG_CHECKING(whether we are using Heimdal)
3351 AC_TRY_COMPILE([ #include <krb5.h> ],
3352 [ char *tmp = heimdal_version; ],
3353 [ AC_MSG_RESULT(yes)
3354 AC_DEFINE(HEIMDAL, 1,
3355 [Define this if you are using the
3356 Heimdal version of Kerberos V5]) ],
3361 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3362 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3363 AC_MSG_CHECKING(whether we are using Heimdal)
3364 AC_TRY_COMPILE([ #include <krb5.h> ],
3365 [ char *tmp = heimdal_version; ],
3366 [ AC_MSG_RESULT(yes)
3368 K5LIBS="-lkrb5 -ldes"
3369 K5LIBS="$K5LIBS -lcom_err -lasn1"
3370 AC_CHECK_LIB(roken, net_write,
3371 [K5LIBS="$K5LIBS -lroken"])
3374 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3377 AC_SEARCH_LIBS(dn_expand, resolv)
3379 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3381 K5LIBS="-lgssapi $K5LIBS" ],
3382 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3384 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3385 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3390 AC_CHECK_HEADER(gssapi.h, ,
3391 [ unset ac_cv_header_gssapi_h
3392 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3393 AC_CHECK_HEADERS(gssapi.h, ,
3394 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3400 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3401 AC_CHECK_HEADER(gssapi_krb5.h, ,
3402 [ CPPFLAGS="$oldCPP" ])
3404 # If we're using some other GSSAPI
3405 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3406 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3409 if test -z "$GSSAPI"; then
3414 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3415 AC_CHECK_HEADER(gssapi_krb5.h, ,
3416 [ CPPFLAGS="$oldCPP" ])
3419 if test ! -z "$need_dash_r" ; then
3420 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3422 if test ! -z "$blibpath" ; then
3423 blibpath="$blibpath:${KRB5ROOT}/lib"
3426 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3427 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3428 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3430 LIBS="$LIBS $K5LIBS"
3431 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3432 [Define this if you want to use libkafs' AFS support]))
3437 # Check whether user wants AFS_KRB5 support
3439 AC_ARG_WITH(afs-krb5,
3440 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3442 if test "x$withval" != "xno" ; then
3444 if test "x$withval" != "xyes" ; then
3445 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3446 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3448 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3450 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3453 if test -z "$KRB5ROOT" ; then
3454 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3457 LIBS="-lkrbafs -lkrb4 $LIBS"
3458 if test ! -z "$AFS_LIBS" ; then
3459 LIBS="$LIBS $AFS_LIBS"
3461 AC_DEFINE(AFS_KRB5, 1,
3462 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3468 AC_ARG_WITH(session-hooks,
3469 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3470 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3473 # Looking for programs, paths and files
3475 PRIVSEP_PATH=/var/empty
3476 AC_ARG_WITH(privsep-path,
3477 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3479 if test -n "$withval" && test "x$withval" != "xno" && \
3480 test "x${withval}" != "xyes"; then
3481 PRIVSEP_PATH=$withval
3485 AC_SUBST(PRIVSEP_PATH)
3488 [ --with-xauth=PATH Specify path to xauth program ],
3490 if test -n "$withval" && test "x$withval" != "xno" && \
3491 test "x${withval}" != "xyes"; then
3497 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3498 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3499 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3500 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3501 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3502 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3503 xauth_path="/usr/openwin/bin/xauth"
3509 AC_ARG_ENABLE(strip,
3510 [ --disable-strip Disable calling strip(1) on install],
3512 if test "x$enableval" = "xno" ; then
3519 if test -z "$xauth_path" ; then
3520 XAUTH_PATH="undefined"
3521 AC_SUBST(XAUTH_PATH)
3523 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3524 [Define if xauth is found in your path])
3525 XAUTH_PATH=$xauth_path
3526 AC_SUBST(XAUTH_PATH)
3529 # Check for mail directory (last resort if we cannot get it from headers)
3530 if test ! -z "$MAIL" ; then
3531 maildir=`dirname $MAIL`
3532 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3533 [Set this to your mail directory if you don't have maillock.h])
3536 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3537 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3538 disable_ptmx_check=yes
3540 if test -z "$no_dev_ptmx" ; then
3541 if test "x$disable_ptmx_check" != "xyes" ; then
3542 AC_CHECK_FILE("/dev/ptmx",
3544 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3545 [Define if you have /dev/ptmx])
3552 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3553 AC_CHECK_FILE("/dev/ptc",
3555 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3556 [Define if you have /dev/ptc])
3561 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3564 # Options from here on. Some of these are preset by platform above
3565 AC_ARG_WITH(mantype,
3566 [ --with-mantype=man|cat|doc Set man page type],
3573 AC_MSG_ERROR(invalid man type: $withval)
3578 if test -z "$MANTYPE"; then
3579 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3580 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3581 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3583 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3590 if test "$MANTYPE" = "doc"; then
3597 # Check whether to enable MD5 passwords
3599 AC_ARG_WITH(md5-passwords,
3600 [ --with-md5-passwords Enable use of MD5 passwords],
3602 if test "x$withval" != "xno" ; then
3603 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3604 [Define if you want to allow MD5 passwords])
3610 # Whether to disable shadow password support
3612 [ --without-shadow Disable shadow password support],
3614 if test "x$withval" = "xno" ; then
3615 AC_DEFINE(DISABLE_SHADOW)
3621 if test -z "$disable_shadow" ; then
3622 AC_MSG_CHECKING([if the systems has expire shadow information])
3625 #include <sys/types.h>
3628 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3629 [ sp_expire_available=yes ], []
3632 if test "x$sp_expire_available" = "xyes" ; then
3634 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3635 [Define if you want to use shadow password expire field])
3641 # Use ip address instead of hostname in $DISPLAY
3642 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3643 DISPLAY_HACK_MSG="yes"
3644 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3645 [Define if you need to use IP address
3646 instead of hostname in $DISPLAY])
3648 DISPLAY_HACK_MSG="no"
3649 AC_ARG_WITH(ipaddr-display,
3650 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3652 if test "x$withval" != "xno" ; then
3653 AC_DEFINE(IPADDR_IN_DISPLAY)
3654 DISPLAY_HACK_MSG="yes"
3660 # check for /etc/default/login and use it if present.
3661 AC_ARG_ENABLE(etc-default-login,
3662 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3663 [ if test "x$enableval" = "xno"; then
3664 AC_MSG_NOTICE([/etc/default/login handling disabled])
3665 etc_default_login=no
3667 etc_default_login=yes
3669 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3671 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3672 etc_default_login=no
3674 etc_default_login=yes
3678 if test "x$etc_default_login" != "xno"; then
3679 AC_CHECK_FILE("/etc/default/login",
3680 [ external_path_file=/etc/default/login ])
3681 if test "x$external_path_file" = "x/etc/default/login"; then
3682 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3683 [Define if your system has /etc/default/login])
3687 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3688 if test $ac_cv_func_login_getcapbool = "yes" && \
3689 test $ac_cv_header_login_cap_h = "yes" ; then
3690 external_path_file=/etc/login.conf
3693 # Whether to mess with the default path
3694 SERVER_PATH_MSG="(default)"
3695 AC_ARG_WITH(default-path,
3696 [ --with-default-path= Specify default \$PATH environment for server],
3698 if test "x$external_path_file" = "x/etc/login.conf" ; then
3700 --with-default-path=PATH has no effect on this system.
3701 Edit /etc/login.conf instead.])
3702 elif test "x$withval" != "xno" ; then
3703 if test ! -z "$external_path_file" ; then
3705 --with-default-path=PATH will only be used if PATH is not defined in
3706 $external_path_file .])
3708 user_path="$withval"
3709 SERVER_PATH_MSG="$withval"
3712 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3713 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3715 if test ! -z "$external_path_file" ; then
3717 If PATH is defined in $external_path_file, ensure the path to scp is included,
3718 otherwise scp will not work.])
3722 /* find out what STDPATH is */
3727 #ifndef _PATH_STDPATH
3728 # ifdef _PATH_USERPATH /* Irix */
3729 # define _PATH_STDPATH _PATH_USERPATH
3731 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3734 #include <sys/types.h>
3735 #include <sys/stat.h>
3737 #define DATA "conftest.stdpath"
3744 fd = fopen(DATA,"w");
3748 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3754 [ user_path=`cat conftest.stdpath` ],
3755 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3756 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3758 # make sure $bindir is in USER_PATH so scp will work
3759 t_bindir=`eval echo ${bindir}`
3761 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3764 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3766 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3767 if test $? -ne 0 ; then
3768 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3769 if test $? -ne 0 ; then
3770 user_path=$user_path:$t_bindir
3771 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3776 if test "x$external_path_file" != "x/etc/login.conf" ; then
3777 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3781 # Set superuser path separately to user path
3782 AC_ARG_WITH(superuser-path,
3783 [ --with-superuser-path= Specify different path for super-user],
3785 if test -n "$withval" && test "x$withval" != "xno" && \
3786 test "x${withval}" != "xyes"; then
3787 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3788 [Define if you want a different $PATH
3790 superuser_path=$withval
3796 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3797 IPV4_IN6_HACK_MSG="no"
3799 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3801 if test "x$withval" != "xno" ; then
3803 AC_DEFINE(IPV4_IN_IPV6, 1,
3804 [Detect IPv4 in IPv6 mapped addresses
3806 IPV4_IN6_HACK_MSG="yes"
3811 if test "x$inet6_default_4in6" = "xyes"; then
3812 AC_MSG_RESULT([yes (default)])
3813 AC_DEFINE(IPV4_IN_IPV6)
3814 IPV4_IN6_HACK_MSG="yes"
3816 AC_MSG_RESULT([no (default)])
3821 # Whether to enable BSD auth support
3823 AC_ARG_WITH(bsd-auth,
3824 [ --with-bsd-auth Enable BSD auth support],
3826 if test "x$withval" != "xno" ; then
3827 AC_DEFINE(BSD_AUTH, 1,
3828 [Define if you have BSD auth support])
3834 # Where to place sshd.pid
3836 # make sure the directory exists
3837 if test ! -d $piddir ; then
3838 piddir=`eval echo ${sysconfdir}`
3840 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3844 AC_ARG_WITH(pid-dir,
3845 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3847 if test -n "$withval" && test "x$withval" != "xno" && \
3848 test "x${withval}" != "xyes"; then
3850 if test ! -d $piddir ; then
3851 AC_MSG_WARN([** no $piddir directory on this system **])
3857 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3860 dnl allow user to disable some login recording features
3861 AC_ARG_ENABLE(lastlog,
3862 [ --disable-lastlog disable use of lastlog even if detected [no]],
3864 if test "x$enableval" = "xno" ; then
3865 AC_DEFINE(DISABLE_LASTLOG)
3870 [ --disable-utmp disable use of utmp even if detected [no]],
3872 if test "x$enableval" = "xno" ; then
3873 AC_DEFINE(DISABLE_UTMP)
3877 AC_ARG_ENABLE(utmpx,
3878 [ --disable-utmpx disable use of utmpx even if detected [no]],
3880 if test "x$enableval" = "xno" ; then
3881 AC_DEFINE(DISABLE_UTMPX, 1,
3882 [Define if you don't want to use utmpx])
3887 [ --disable-wtmp disable use of wtmp even if detected [no]],
3889 if test "x$enableval" = "xno" ; then
3890 AC_DEFINE(DISABLE_WTMP)
3894 AC_ARG_ENABLE(wtmpx,
3895 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3897 if test "x$enableval" = "xno" ; then
3898 AC_DEFINE(DISABLE_WTMPX, 1,
3899 [Define if you don't want to use wtmpx])
3903 AC_ARG_ENABLE(libutil,
3904 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3906 if test "x$enableval" = "xno" ; then
3907 AC_DEFINE(DISABLE_LOGIN)
3911 AC_ARG_ENABLE(pututline,
3912 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3914 if test "x$enableval" = "xno" ; then
3915 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3916 [Define if you don't want to use pututline()
3917 etc. to write [uw]tmp])
3921 AC_ARG_ENABLE(pututxline,
3922 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3924 if test "x$enableval" = "xno" ; then
3925 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3926 [Define if you don't want to use pututxline()
3927 etc. to write [uw]tmpx])
3931 AC_ARG_WITH(lastlog,
3932 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3934 if test "x$withval" = "xno" ; then
3935 AC_DEFINE(DISABLE_LASTLOG)
3936 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3937 conf_lastlog_location=$withval
3942 dnl lastlog, [uw]tmpx? detection
3943 dnl NOTE: set the paths in the platform section to avoid the
3944 dnl need for command-line parameters
3945 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3947 dnl lastlog detection
3948 dnl NOTE: the code itself will detect if lastlog is a directory
3949 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3951 #include <sys/types.h>
3953 #ifdef HAVE_LASTLOG_H
3954 # include <lastlog.h>
3963 [ char *lastlog = LASTLOG_FILE; ],
3964 [ AC_MSG_RESULT(yes) ],
3967 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3969 #include <sys/types.h>
3971 #ifdef HAVE_LASTLOG_H
3972 # include <lastlog.h>
3978 [ char *lastlog = _PATH_LASTLOG; ],
3979 [ AC_MSG_RESULT(yes) ],
3982 system_lastlog_path=no
3987 if test -z "$conf_lastlog_location"; then
3988 if test x"$system_lastlog_path" = x"no" ; then
3989 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3990 if (test -d "$f" || test -f "$f") ; then
3991 conf_lastlog_location=$f
3994 if test -z "$conf_lastlog_location"; then
3995 AC_MSG_WARN([** Cannot find lastlog **])
3996 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4001 if test -n "$conf_lastlog_location"; then
4002 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4003 [Define if you want to specify the path to your lastlog file])
4007 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4009 #include <sys/types.h>
4015 [ char *utmp = UTMP_FILE; ],
4016 [ AC_MSG_RESULT(yes) ],
4018 system_utmp_path=no ]
4020 if test -z "$conf_utmp_location"; then
4021 if test x"$system_utmp_path" = x"no" ; then
4022 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4023 if test -f $f ; then
4024 conf_utmp_location=$f
4027 if test -z "$conf_utmp_location"; then
4028 AC_DEFINE(DISABLE_UTMP)
4032 if test -n "$conf_utmp_location"; then
4033 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4034 [Define if you want to specify the path to your utmp file])
4038 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4040 #include <sys/types.h>
4046 [ char *wtmp = WTMP_FILE; ],
4047 [ AC_MSG_RESULT(yes) ],
4049 system_wtmp_path=no ]
4051 if test -z "$conf_wtmp_location"; then
4052 if test x"$system_wtmp_path" = x"no" ; then
4053 for f in /usr/adm/wtmp /var/log/wtmp; do
4054 if test -f $f ; then
4055 conf_wtmp_location=$f
4058 if test -z "$conf_wtmp_location"; then
4059 AC_DEFINE(DISABLE_WTMP)
4063 if test -n "$conf_wtmp_location"; then
4064 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4065 [Define if you want to specify the path to your wtmp file])
4069 dnl utmpx detection - I don't know any system so perverse as to require
4070 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4072 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4074 #include <sys/types.h>
4083 [ char *utmpx = UTMPX_FILE; ],
4084 [ AC_MSG_RESULT(yes) ],
4086 system_utmpx_path=no ]
4088 if test -z "$conf_utmpx_location"; then
4089 if test x"$system_utmpx_path" = x"no" ; then
4090 AC_DEFINE(DISABLE_UTMPX)
4093 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4094 [Define if you want to specify the path to your utmpx file])
4098 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4100 #include <sys/types.h>
4109 [ char *wtmpx = WTMPX_FILE; ],
4110 [ AC_MSG_RESULT(yes) ],
4112 system_wtmpx_path=no ]
4114 if test -z "$conf_wtmpx_location"; then
4115 if test x"$system_wtmpx_path" = x"no" ; then
4116 AC_DEFINE(DISABLE_WTMPX)
4119 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4120 [Define if you want to specify the path to your wtmpx file])
4124 if test ! -z "$blibpath" ; then
4125 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4126 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4129 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4131 CFLAGS="$CFLAGS $werror_flags"
4134 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4135 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4136 scard/Makefile ssh_prng_cmds survey.sh])
4139 # Print summary of options
4141 # Someone please show me a better way :)
4142 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4143 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4144 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4145 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4146 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4147 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4148 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
4149 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4150 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4151 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4154 echo "OpenSSH has been configured with the following options:"
4155 echo " User binaries: $B"
4156 echo " System binaries: $C"
4157 echo " Configuration files: $D"
4158 echo " Askpass program: $E"
4159 echo " Manual pages: $F"
4160 echo " PID file: $G"
4161 echo " Privilege separation chroot path: $H"
4162 if test "x$external_path_file" = "x/etc/login.conf" ; then
4163 echo " At runtime, sshd will use the path defined in $external_path_file"
4164 echo " Make sure the path to scp is present, otherwise scp will not work"
4166 echo " sshd default user PATH: $I"
4167 if test ! -z "$external_path_file"; then
4168 echo " (If PATH is set in $external_path_file it will be used instead. If"
4169 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4172 if test ! -z "$superuser_path" ; then
4173 echo " sshd superuser user PATH: $J"
4175 echo " Manpage format: $MANTYPE"
4176 echo " PAM support: $PAM_MSG"
4177 echo " OSF SIA support: $SIA_MSG"
4178 echo " KerberosV support: $KRB5_MSG"
4179 echo " SELinux support: $SELINUX_MSG"
4180 echo " Smartcard support: $SCARD_MSG"
4181 echo " S/KEY support: $SKEY_MSG"
4182 echo " TCP Wrappers support: $TCPW_MSG"
4183 echo " MD5 password support: $MD5_MSG"
4184 echo " libedit support: $LIBEDIT_MSG"
4185 echo " Solaris process contract support: $SPC_MSG"
4186 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4187 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4188 echo " BSD Auth support: $BSD_AUTH_MSG"
4189 echo " Random number source: $RAND_MSG"
4190 if test ! -z "$USE_RAND_HELPER" ; then
4191 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4196 echo " Host: ${host}"
4197 echo " Compiler: ${CC}"
4198 echo " Compiler flags: ${CFLAGS}"
4199 echo "Preprocessor flags: ${CPPFLAGS}"
4200 echo " Linker flags: ${LDFLAGS}"
4201 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
4205 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4206 echo "SVR4 style packages are supported with \"make package\""
4210 if test "x$PAM_MSG" = "xyes" ; then
4211 echo "PAM is enabled. You may need to install a PAM control file "
4212 echo "for sshd, otherwise password authentication may fail. "
4213 echo "Example PAM control files can be found in the contrib/ "
4218 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4219 echo "WARNING: you are using the builtin random number collection "
4220 echo "service. Please read WARNING.RNG and request that your OS "
4221 echo "vendor includes kernel-based random number collection in "
4222 echo "future versions of your OS."
4226 if test ! -z "$NO_PEERCHECK" ; then
4227 echo "WARNING: the operating system that you are using does not "
4228 echo "appear to support either the getpeereid() API nor the "
4229 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4230 echo "enforce security checks to prevent unauthorised connections to "
4231 echo "ssh-agent. Their absence increases the risk that a malicious "
4232 echo "user can connect to your agent. "
4236 if test "$AUDIT_MODULE" = "bsm" ; then
4237 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4238 echo "See the Solaris section in README.platform for details."