3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
94 AC_ARG_WITH(stackprotect,
95 [ --without-stackprotect Don't use compiler's stack protection], [
96 if test "x$withval" = "xno"; then
100 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
101 CFLAGS="$CFLAGS -Wall -Wpointer-arith"
102 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
104 1.*) no_attrib_nonnull=1 ;;
106 CFLAGS="$CFLAGS -Wsign-compare"
109 2.*) no_attrib_nonnull=1 ;;
110 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
111 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
115 # -fstack-protector-all doesn't always work for some GCC versions
116 # and/or platforms, so we test if we can. If it's not supported
117 # on a give platform gcc will emit a warning so we use -Werror.
118 if test "x$use_stack_protector" = "x1"; then
119 for t in -fstack-protector-all -fstack-protector; do
120 AC_MSG_CHECKING(if $CC supports $t)
121 saved_CFLAGS="$CFLAGS"
122 saved_LDFLAGS="$LDFLAGS"
123 CFLAGS="$CFLAGS $t -Werror"
124 LDFLAGS="$LDFLAGS $t -Werror"
128 int main(void){return 0;}
131 CFLAGS="$saved_CFLAGS $t"
132 LDFLAGS="$saved_LDFLAGS $t"
133 AC_MSG_CHECKING(if $t works)
137 int main(void){exit(0);}
141 [ AC_MSG_RESULT(no) ],
142 [ AC_MSG_WARN([cross compiling: cannot test])
146 [ AC_MSG_RESULT(no) ]
148 CFLAGS="$saved_CFLAGS"
149 LDFLAGS="$saved_LDFLAGS"
153 if test -z "$have_llong_max"; then
154 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
155 unset ac_cv_have_decl_LLONG_MAX
156 saved_CFLAGS="$CFLAGS"
157 CFLAGS="$CFLAGS -std=gnu99"
158 AC_CHECK_DECL(LLONG_MAX,
160 [CFLAGS="$saved_CFLAGS"],
161 [#include <limits.h>]
166 if test "x$no_attrib_nonnull" != "x1" ; then
167 AC_DEFINE(HAVE_ATTRIBUTE__NONNULL__, 1, [Have attribute nonnull])
171 [ --without-rpath Disable auto-added -R linker paths],
173 if test "x$withval" = "xno" ; then
176 if test "x$withval" = "xyes" ; then
182 # Allow user to specify flags
184 [ --with-cflags Specify additional flags to pass to compiler],
186 if test -n "$withval" && test "x$withval" != "xno" && \
187 test "x${withval}" != "xyes"; then
188 CFLAGS="$CFLAGS $withval"
192 AC_ARG_WITH(cppflags,
193 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
195 if test -n "$withval" && test "x$withval" != "xno" && \
196 test "x${withval}" != "xyes"; then
197 CPPFLAGS="$CPPFLAGS $withval"
202 [ --with-ldflags Specify additional flags to pass to linker],
204 if test -n "$withval" && test "x$withval" != "xno" && \
205 test "x${withval}" != "xyes"; then
206 LDFLAGS="$LDFLAGS $withval"
211 [ --with-libs Specify additional libraries to link with],
213 if test -n "$withval" && test "x$withval" != "xno" && \
214 test "x${withval}" != "xyes"; then
215 LIBS="$LIBS $withval"
220 [ --with-Werror Build main code with -Werror],
222 if test -n "$withval" && test "x$withval" != "xno"; then
223 werror_flags="-Werror"
224 if test "x${withval}" != "xyes"; then
225 werror_flags="$withval"
257 security/pam_appl.h \
296 # lastlog.h requires sys/time.h to be included first on Solaris
297 AC_CHECK_HEADERS(lastlog.h, [], [], [
298 #ifdef HAVE_SYS_TIME_H
299 # include <sys/time.h>
303 # sys/ptms.h requires sys/stream.h to be included first on Solaris
304 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
305 #ifdef HAVE_SYS_STREAM_H
306 # include <sys/stream.h>
310 # login_cap.h requires sys/types.h on NetBSD
311 AC_CHECK_HEADERS(login_cap.h, [], [], [
312 #include <sys/types.h>
315 # Messages for features tested for in target-specific section
319 # Check for some target-specific stuff
322 # Some versions of VAC won't allow macro redefinitions at
323 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
324 # particularly with older versions of vac or xlc.
325 # It also throws errors about null macro argments, but these are
327 AC_MSG_CHECKING(if compiler allows macro redefinitions)
330 #define testmacro foo
331 #define testmacro bar
332 int main(void) { exit(0); }
334 [ AC_MSG_RESULT(yes) ],
336 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
337 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
338 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
339 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
343 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
344 if (test -z "$blibpath"); then
345 blibpath="/usr/lib:/lib"
347 saved_LDFLAGS="$LDFLAGS"
348 if test "$GCC" = "yes"; then
349 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
351 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
353 for tryflags in $flags ;do
354 if (test -z "$blibflags"); then
355 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
356 AC_TRY_LINK([], [], [blibflags=$tryflags])
359 if (test -z "$blibflags"); then
360 AC_MSG_RESULT(not found)
361 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
363 AC_MSG_RESULT($blibflags)
365 LDFLAGS="$saved_LDFLAGS"
366 dnl Check for authenticate. Might be in libs.a on older AIXes
367 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
368 [Define if you want to enable AIX4's authenticate function])],
369 [AC_CHECK_LIB(s,authenticate,
370 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
374 dnl Check for various auth function declarations in headers.
375 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
376 passwdexpired, setauthdb], , , [#include <usersec.h>])
377 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
378 AC_CHECK_DECLS(loginfailed,
379 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
381 [#include <usersec.h>],
382 [(void)loginfailed("user","host","tty",0);],
384 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
385 [Define if your AIX loginfailed() function
386 takes 4 arguments (AIX >= 5.2)])],
390 [#include <usersec.h>]
392 AC_CHECK_FUNCS(getgrset setauthdb)
393 AC_CHECK_DECL(F_CLOSEM,
394 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
396 [ #include <limits.h>
399 check_for_aix_broken_getaddrinfo=1
400 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
401 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
402 [Define if your platform breaks doing a seteuid before a setuid])
403 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
404 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
405 dnl AIX handles lastlog as part of its login message
406 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
407 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
408 [Some systems need a utmpx entry for /bin/login to work])
409 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
410 [Define to a Set Process Title type if your system is
411 supported by bsd-setproctitle.c])
412 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
413 [AIX 5.2 and 5.3 (and presumably newer) require this])
414 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
417 check_for_libcrypt_later=1
418 LIBS="$LIBS /usr/lib/textreadmode.o"
419 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
420 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
421 AC_DEFINE(DISABLE_SHADOW, 1,
422 [Define if you want to disable shadow passwords])
423 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
424 [Define if your system choked on IP TOS setting])
425 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
426 [Define if X11 doesn't support AF_UNIX sockets on that system])
427 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
428 [Define if the concept of ports only accessible to
429 superusers isn't known])
430 AC_DEFINE(DISABLE_FD_PASSING, 1,
431 [Define if your platform needs to skip post auth
432 file descriptor passing])
435 AC_DEFINE(IP_TOS_IS_BROKEN)
436 AC_DEFINE(SETEUID_BREAKS_SETUID)
437 AC_DEFINE(BROKEN_SETREUID)
438 AC_DEFINE(BROKEN_SETREGID)
441 AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
442 AC_DEFINE(BROKEN_GETADDRINFO)
443 AC_DEFINE(SETEUID_BREAKS_SETUID)
444 AC_DEFINE(BROKEN_SETREUID)
445 AC_DEFINE(BROKEN_SETREGID)
446 AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
447 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
448 [Define if your resolver libs need this for getrrsetbyname])
449 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
450 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
451 [Use tunnel device compatibility to OpenBSD])
452 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
453 [Prepend the address family to IP tunnel traffic])
454 m4_pattern_allow(AU_IPv)
455 AC_CHECK_DECL(AU_IPv4, [],
456 AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
457 [#include <bsm/audit.h>]
459 AC_MSG_CHECKING(if we have the Security Authorization Session API)
460 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
461 [SessionCreate(0, 0);],
462 [ac_cv_use_security_session_api="yes"
463 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
464 [platform has the Security Authorization Session API])
465 LIBS="$LIBS -framework Security"
467 [ac_cv_use_security_session_api="no"
469 AC_MSG_CHECKING(if we have an in-memory credentials cache)
471 [#include <Kerberos/Kerberos.h>],
473 (void) cc_initialize (&c, 0, NULL, NULL);],
474 [AC_DEFINE(USE_CCAPI, 1,
475 [platform uses an in-memory credentials cache])
476 LIBS="$LIBS -framework Security"
478 if test "x$ac_cv_use_security_session_api" = "xno"; then
479 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
485 SSHDLIBS="$SSHDLIBS -lcrypt"
488 # first we define all of the options common to all HP-UX releases
489 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
490 IPADDR_IN_DISPLAY=yes
492 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
493 [Define if your login program cannot handle end of options ("--")])
494 AC_DEFINE(LOGIN_NEEDS_UTMPX)
495 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
496 [String used in /etc/passwd to denote locked account])
497 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
498 MAIL="/var/mail/username"
500 AC_CHECK_LIB(xnet, t_error, ,
501 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
503 # next, we define all of the options specific to major releases
506 if test -z "$GCC"; then
511 AC_DEFINE(PAM_SUN_CODEBASE, 1,
512 [Define if you are using Solaris-derived PAM which
513 passes pam_messages to the conversation function
514 with an extra level of indirection])
515 AC_DEFINE(DISABLE_UTMP, 1,
516 [Define if you don't want to use utmp])
517 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
518 check_for_hpux_broken_getaddrinfo=1
519 check_for_conflicting_getspnam=1
523 # lastly, we define options specific to minor releases
526 AC_DEFINE(HAVE_SECUREWARE, 1,
527 [Define if you have SecureWare-based
528 protected password database])
529 disable_ptmx_check=yes
535 PATH="$PATH:/usr/etc"
536 AC_DEFINE(BROKEN_INET_NTOA, 1,
537 [Define if you system's inet_ntoa is busted
538 (e.g. Irix gcc issue)])
539 AC_DEFINE(SETEUID_BREAKS_SETUID)
540 AC_DEFINE(BROKEN_SETREUID)
541 AC_DEFINE(BROKEN_SETREGID)
542 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
543 [Define if you shouldn't strip 'tty' from your
545 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
548 PATH="$PATH:/usr/etc"
549 AC_DEFINE(WITH_IRIX_ARRAY, 1,
550 [Define if you have/want arrays
551 (cluster-wide session managment, not C arrays)])
552 AC_DEFINE(WITH_IRIX_PROJECT, 1,
553 [Define if you want IRIX project management])
554 AC_DEFINE(WITH_IRIX_AUDIT, 1,
555 [Define if you want IRIX audit trails])
556 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
557 [Define if you want IRIX kernel jobs])])
558 AC_DEFINE(BROKEN_INET_NTOA)
559 AC_DEFINE(SETEUID_BREAKS_SETUID)
560 AC_DEFINE(BROKEN_SETREUID)
561 AC_DEFINE(BROKEN_SETREGID)
562 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
563 AC_DEFINE(WITH_ABBREV_NO_TTY)
564 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
568 check_for_libcrypt_later=1
569 check_for_openpty_ctty_bug=1
570 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
571 AC_DEFINE(PAM_TTY_KLUDGE, 1,
572 [Work around problematic Linux PAM modules handling of PAM_TTY])
573 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
574 [String used in /etc/passwd to denote locked account])
575 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
576 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
577 [Define to whatever link() returns for "not supported"
578 if it doesn't return EOPNOTSUPP.])
579 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
581 inet6_default_4in6=yes
584 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
585 [Define if cmsg_type is not passed correctly])
588 # tun(4) forwarding compat code
589 AC_CHECK_HEADERS(linux/if_tun.h)
590 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
591 AC_DEFINE(SSH_TUN_LINUX, 1,
592 [Open tunnel devices the Linux tun/tap way])
593 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
594 [Use tunnel device compatibility to OpenBSD])
595 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
596 [Prepend the address family to IP tunnel traffic])
599 mips-sony-bsd|mips-sony-newsos4)
600 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
604 check_for_libcrypt_before=1
605 if test "x$withval" != "xno" ; then
608 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
609 AC_CHECK_HEADER([net/if_tap.h], ,
610 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
611 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
612 [Prepend the address family to IP tunnel traffic])
615 check_for_libcrypt_later=1
616 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
617 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
618 AC_CHECK_HEADER([net/if_tap.h], ,
619 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
620 AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
623 AC_DEFINE(SETEUID_BREAKS_SETUID)
624 AC_DEFINE(BROKEN_SETREUID)
625 AC_DEFINE(BROKEN_SETREGID)
628 conf_lastlog_location="/usr/adm/lastlog"
629 conf_utmp_location=/etc/utmp
630 conf_wtmp_location=/usr/adm/wtmp
632 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
633 AC_DEFINE(BROKEN_REALPATH)
635 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
638 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
639 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
640 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
641 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
642 [syslog_r function is safe to use in in a signal handler])
645 if test "x$withval" != "xno" ; then
648 AC_DEFINE(PAM_SUN_CODEBASE)
649 AC_DEFINE(LOGIN_NEEDS_UTMPX)
650 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
651 [Some versions of /bin/login need the TERM supplied
653 AC_DEFINE(PAM_TTY_KLUDGE)
654 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
655 [Define if pam_chauthtok wants real uid set
656 to the unpriv'ed user])
657 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
658 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
659 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
660 [Define if sshd somehow reacquires a controlling TTY
662 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
663 in case the name is longer than 8 chars])
664 external_path_file=/etc/default/login
665 # hardwire lastlog location (can't detect it on some versions)
666 conf_lastlog_location="/var/adm/lastlog"
667 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
668 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
669 if test "$sol2ver" -ge 8; then
671 AC_DEFINE(DISABLE_UTMP)
672 AC_DEFINE(DISABLE_WTMP, 1,
673 [Define if you don't want to use wtmp])
677 AC_ARG_WITH(solaris-contracts,
678 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
680 AC_CHECK_LIB(contract, ct_tmpl_activate,
681 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
682 [Define if you have Solaris process contracts])
683 SSHDLIBS="$SSHDLIBS -lcontract"
690 CPPFLAGS="$CPPFLAGS -DSUNOS4"
691 AC_CHECK_FUNCS(getpwanam)
692 AC_DEFINE(PAM_SUN_CODEBASE)
693 conf_utmp_location=/etc/utmp
694 conf_wtmp_location=/var/adm/wtmp
695 conf_lastlog_location=/var/adm/lastlog
701 AC_DEFINE(SSHD_ACQUIRES_CTTY)
702 AC_DEFINE(SETEUID_BREAKS_SETUID)
703 AC_DEFINE(BROKEN_SETREUID)
704 AC_DEFINE(BROKEN_SETREGID)
707 # /usr/ucblib MUST NOT be searched on ReliantUNIX
708 AC_CHECK_LIB(dl, dlsym, ,)
709 # -lresolv needs to be at the end of LIBS or DNS lookups break
710 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
711 IPADDR_IN_DISPLAY=yes
713 AC_DEFINE(IP_TOS_IS_BROKEN)
714 AC_DEFINE(SETEUID_BREAKS_SETUID)
715 AC_DEFINE(BROKEN_SETREUID)
716 AC_DEFINE(BROKEN_SETREGID)
717 AC_DEFINE(SSHD_ACQUIRES_CTTY)
718 external_path_file=/etc/default/login
719 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
720 # Attention: always take care to bind libsocket and libnsl before libc,
721 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
723 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
726 AC_DEFINE(SETEUID_BREAKS_SETUID)
727 AC_DEFINE(BROKEN_SETREUID)
728 AC_DEFINE(BROKEN_SETREGID)
729 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
730 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
732 # UnixWare 7.x, OpenUNIX 8
734 check_for_libcrypt_later=1
735 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
737 AC_DEFINE(SETEUID_BREAKS_SETUID)
738 AC_DEFINE(BROKEN_SETREUID)
739 AC_DEFINE(BROKEN_SETREGID)
740 AC_DEFINE(PASSWD_NEEDS_USERNAME)
742 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
743 TEST_SHELL=/u95/bin/sh
744 AC_DEFINE(BROKEN_LIBIAF, 1,
745 [ia_uinfo routines not supported by OS yet])
746 AC_DEFINE(BROKEN_UPDWTMPX)
748 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
754 # SCO UNIX and OEM versions of SCO UNIX
756 AC_MSG_ERROR("This Platform is no longer supported.")
760 if test -z "$GCC"; then
761 CFLAGS="$CFLAGS -belf"
763 LIBS="$LIBS -lprot -lx -ltinfo -lm"
766 AC_DEFINE(HAVE_SECUREWARE)
767 AC_DEFINE(DISABLE_SHADOW)
768 AC_DEFINE(DISABLE_FD_PASSING)
769 AC_DEFINE(SETEUID_BREAKS_SETUID)
770 AC_DEFINE(BROKEN_SETREUID)
771 AC_DEFINE(BROKEN_SETREGID)
772 AC_DEFINE(WITH_ABBREV_NO_TTY)
773 AC_DEFINE(BROKEN_UPDWTMPX)
774 AC_DEFINE(PASSWD_NEEDS_USERNAME)
775 AC_CHECK_FUNCS(getluid setluid)
780 AC_DEFINE(NO_SSH_LASTLOG, 1,
781 [Define if you don't want to use lastlog in session.c])
782 AC_DEFINE(SETEUID_BREAKS_SETUID)
783 AC_DEFINE(BROKEN_SETREUID)
784 AC_DEFINE(BROKEN_SETREGID)
786 AC_DEFINE(DISABLE_FD_PASSING)
788 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
792 AC_DEFINE(SETEUID_BREAKS_SETUID)
793 AC_DEFINE(BROKEN_SETREUID)
794 AC_DEFINE(BROKEN_SETREGID)
795 AC_DEFINE(WITH_ABBREV_NO_TTY)
797 AC_DEFINE(DISABLE_FD_PASSING)
799 LIBS="$LIBS -lgen -lacid -ldb"
803 AC_DEFINE(SETEUID_BREAKS_SETUID)
804 AC_DEFINE(BROKEN_SETREUID)
805 AC_DEFINE(BROKEN_SETREGID)
807 AC_DEFINE(DISABLE_FD_PASSING)
808 AC_DEFINE(NO_SSH_LASTLOG)
809 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
810 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
814 AC_MSG_CHECKING(for Digital Unix SIA)
817 [ --with-osfsia Enable Digital Unix SIA],
819 if test "x$withval" = "xno" ; then
820 AC_MSG_RESULT(disabled)
825 if test -z "$no_osfsia" ; then
826 if test -f /etc/sia/matrix.conf; then
828 AC_DEFINE(HAVE_OSF_SIA, 1,
829 [Define if you have Digital Unix Security
830 Integration Architecture])
831 AC_DEFINE(DISABLE_LOGIN, 1,
832 [Define if you don't want to use your
833 system's login() call])
834 AC_DEFINE(DISABLE_FD_PASSING)
835 LIBS="$LIBS -lsecurity -ldb -lm -laud"
839 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
840 [String used in /etc/passwd to denote locked account])
843 AC_DEFINE(BROKEN_GETADDRINFO)
844 AC_DEFINE(SETEUID_BREAKS_SETUID)
845 AC_DEFINE(BROKEN_SETREUID)
846 AC_DEFINE(BROKEN_SETREGID)
851 AC_DEFINE(NO_X11_UNIX_SOCKETS)
852 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
853 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
854 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
855 AC_DEFINE(DISABLE_LASTLOG)
856 AC_DEFINE(SSHD_ACQUIRES_CTTY)
857 AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
858 enable_etc_default_login=no # has incompatible /etc/default/login
861 AC_DEFINE(DISABLE_FD_PASSING)
867 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
868 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
869 AC_DEFINE(NEED_SETPGRP)
870 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
874 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
875 AC_DEFINE(MISSING_HOWMANY)
876 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
880 AC_MSG_CHECKING(compiler and flags for sanity)
886 [ AC_MSG_RESULT(yes) ],
889 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
891 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
894 dnl Checks for header files.
895 # Checks for libraries.
896 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
897 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
899 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
900 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
901 AC_CHECK_LIB(gen, dirname,[
902 AC_CACHE_CHECK([for broken dirname],
903 ac_cv_have_broken_dirname, [
911 int main(int argc, char **argv) {
914 strncpy(buf,"/etc", 32);
916 if (!s || strncmp(s, "/", 32) != 0) {
923 [ ac_cv_have_broken_dirname="no" ],
924 [ ac_cv_have_broken_dirname="yes" ],
925 [ ac_cv_have_broken_dirname="no" ],
929 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
931 AC_DEFINE(HAVE_DIRNAME)
932 AC_CHECK_HEADERS(libgen.h)
937 AC_CHECK_FUNC(getspnam, ,
938 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
939 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
940 [Define if you have the basename function.]))
944 [ --with-zlib=PATH Use zlib in PATH],
945 [ if test "x$withval" = "xno" ; then
946 AC_MSG_ERROR([*** zlib is required ***])
947 elif test "x$withval" != "xyes"; then
948 if test -d "$withval/lib"; then
949 if test -n "${need_dash_r}"; then
950 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
952 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
955 if test -n "${need_dash_r}"; then
956 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
958 LDFLAGS="-L${withval} ${LDFLAGS}"
961 if test -d "$withval/include"; then
962 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
964 CPPFLAGS="-I${withval} ${CPPFLAGS}"
969 AC_CHECK_LIB(z, deflate, ,
971 saved_CPPFLAGS="$CPPFLAGS"
972 saved_LDFLAGS="$LDFLAGS"
974 dnl Check default zlib install dir
975 if test -n "${need_dash_r}"; then
976 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
978 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
980 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
982 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
984 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
989 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
991 AC_ARG_WITH(zlib-version-check,
992 [ --without-zlib-version-check Disable zlib version check],
993 [ if test "x$withval" = "xno" ; then
994 zlib_check_nonfatal=1
999 AC_MSG_CHECKING(for possibly buggy zlib)
1000 AC_RUN_IFELSE([AC_LANG_SOURCE([[
1005 int a=0, b=0, c=0, d=0, n, v;
1006 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
1007 if (n != 3 && n != 4)
1009 v = a*1000000 + b*10000 + c*100 + d;
1010 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
1013 if (a == 1 && b == 1 && c >= 4)
1016 /* 1.2.3 and up are OK */
1024 [ AC_MSG_RESULT(yes)
1025 if test -z "$zlib_check_nonfatal" ; then
1026 AC_MSG_ERROR([*** zlib too old - check config.log ***
1027 Your reported zlib version has known security problems. It's possible your
1028 vendor has fixed these problems without changing the version number. If you
1029 are sure this is the case, you can disable the check by running
1030 "./configure --without-zlib-version-check".
1031 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
1032 See http://www.gzip.org/zlib/ for details.])
1034 AC_MSG_WARN([zlib version may have security problems])
1037 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
1041 AC_CHECK_FUNC(strcasecmp,
1042 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
1044 AC_CHECK_FUNCS(utimes,
1045 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
1046 LIBS="$LIBS -lc89"]) ]
1049 dnl Checks for libutil functions
1050 AC_CHECK_HEADERS(libutil.h)
1051 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
1052 [Define if your libraries define login()])])
1053 AC_CHECK_FUNCS(logout updwtmp logwtmp)
1057 # Check for ALTDIRFUNC glob() extension
1058 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
1059 AC_EGREP_CPP(FOUNDIT,
1062 #ifdef GLOB_ALTDIRFUNC
1067 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1068 [Define if your system glob() function has
1069 the GLOB_ALTDIRFUNC extension])
1077 # Check for g.gl_matchc glob() extension
1078 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1080 [ #include <glob.h> ],
1081 [glob_t g; g.gl_matchc = 1;],
1083 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1084 [Define if your system glob() function has
1085 gl_matchc options in glob_t])
1093 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1095 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1098 #include <sys/types.h>
1100 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1102 [AC_MSG_RESULT(yes)],
1105 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1106 [Define if your struct dirent expects you to
1107 allocate extra space for d_name])
1110 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1111 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1115 # Check whether the user wants GSSAPI mechglue support
1116 AC_ARG_WITH(mechglue,
1117 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1119 AC_MSG_CHECKING(for mechglue library)
1121 if test -e ${withval}/libgssapi.a ; then
1122 mechglue_lib=${withval}/libgssapi.a
1123 elif test -e ${withval}/lib/libgssapi.a ; then
1124 mechglue_lib=${withval}/lib/libgssapi.a
1126 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1128 LIBS="$LIBS ${mechglue_lib}"
1129 AC_MSG_RESULT(${mechglue_lib})
1131 AC_CHECK_LIB(dl, dlopen, , )
1132 if test $ac_cv_lib_dl_dlopen = yes; then
1133 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1137 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1144 # Check whether the user wants GSI (Globus) support
1147 [ --with-gsi Enable Globus GSI authentication support],
1154 [ --with-globus Enable Globus GSI authentication support],
1160 AC_ARG_WITH(globus-static,
1161 [ --with-globus-static Link statically with Globus GSI libraries],
1164 if test "x$gsi_path" = "xno" ; then
1170 # Check whether the user has a Globus flavor type
1171 globus_flavor_type="no"
1172 AC_ARG_WITH(globus-flavor,
1173 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
1175 globus_flavor_type="$withval"
1176 if test "x$gsi_path" = "xno" ; then
1182 if test "x$gsi_path" != "xno" ; then
1183 # Globus GSSAPI configuration
1184 AC_MSG_CHECKING(for Globus GSI)
1185 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
1187 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
1188 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1190 if test -z "$GSSAPI"; then
1195 if test "x$gsi_path" = "xyes" ; then
1196 if test -z "$GLOBUS_LOCATION" ; then
1197 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
1199 gsi_path="$GLOBUS_LOCATION"
1202 GLOBUS_LOCATION="$gsi_path"
1203 export GLOBUS_LOCATION
1204 if test ! -d "$GLOBUS_LOCATION" ; then
1205 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1208 if test "x$globus_flavor_type" = "xno" ; then
1209 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1211 if test "x$globus_flavor_type" = "xyes" ; then
1212 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1216 AC_MSG_CHECKING(for Globus include path)
1217 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1218 if test ! -d "$GLOBUS_INCLUDE" ; then
1219 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1221 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
1225 # Find GPT linkline helper
1228 AC_MSG_CHECKING(for GPT linkline helper)
1229 if test -x $GPT_LOCATION/sbin/gpt_build_config ; then
1230 gpt_linkline_helper="$GPT_LOCATION/sbin/gpt_build_config"
1231 elif test -x ${gsi_path}/sbin/gpt_build_config ; then
1232 gpt_linkline_helper="${gsi_path}/sbin/gpt_build_config"
1234 AC_MSG_ERROR(Cannot find gpt_build_config: GPT installation is incomplete)
1239 # Build Globus linkline
1242 if test -n "${gsi_static}"; then
1243 ${gpt_linkline_helper} -f ${globus_flavor_type} -link static -src pkg_data_src.gpt
1245 ${gpt_linkline_helper} -f ${globus_flavor_type} -link shared -src pkg_data_src.gpt
1247 . ./gpt_build_temp.sh
1248 if test -n "${need_dash_r}"; then
1249 GSI_LDFLAGS="-L${gsi_path}/lib -R${gsi_path}/lib"
1251 GSI_LDFLAGS="-L${gsi_path}/lib"
1253 GSI_LIBS="$GPT_CONFIG_PGM_LINKS"
1254 LD_LIBRARY_PATH="${gsi_path}/lib:$LD_LIBRARY_PATH"; export LD_LIBRARY_PATH
1257 # Test Globus linkline
1260 AC_MSG_CHECKING(for Globus linkline)
1261 if test -z "$GSI_LIBS" ; then
1262 AC_MSG_ERROR(gpt_build_config failed)
1266 AC_DEFINE(HAVE_GSSAPI_H)
1268 LIBS="$LIBS $GSI_LIBS $GPT_CONFIG_LIBS"
1269 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1270 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS $GPT_CONFIG_INCLUDES"
1271 CFLAGS="$CFLAGS $GPT_CONFIG_CFLAGS"
1273 AC_MSG_CHECKING(that Globus linkline works)
1274 # test that we got the libraries OK
1282 AC_MSG_ERROR(link with Globus libraries failed)
1285 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1286 INSTALL_GSISSH="yes"
1290 # End Globus/GSI section
1292 AC_MSG_CHECKING([for /proc/pid/fd directory])
1293 if test -d "/proc/$$/fd" ; then
1294 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1300 # Check whether user wants S/Key support
1303 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1305 if test "x$withval" != "xno" ; then
1307 if test "x$withval" != "xyes" ; then
1308 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1309 LDFLAGS="$LDFLAGS -L${withval}/lib"
1312 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1316 AC_MSG_CHECKING([for s/key support])
1321 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1323 [AC_MSG_RESULT(yes)],
1326 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1328 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1332 [(void)skeychallenge(NULL,"name","",0);],
1334 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1335 [Define if your skeychallenge()
1336 function takes 4 arguments (NetBSD)])],
1343 # Check whether user wants TCP wrappers support
1345 AC_ARG_WITH(tcp-wrappers,
1346 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1348 if test "x$withval" != "xno" ; then
1350 saved_LDFLAGS="$LDFLAGS"
1351 saved_CPPFLAGS="$CPPFLAGS"
1352 if test -n "${withval}" && \
1353 test "x${withval}" != "xyes"; then
1354 if test -d "${withval}/lib"; then
1355 if test -n "${need_dash_r}"; then
1356 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1358 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1361 if test -n "${need_dash_r}"; then
1362 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1364 LDFLAGS="-L${withval} ${LDFLAGS}"
1367 if test -d "${withval}/include"; then
1368 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1370 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1374 AC_MSG_CHECKING(for libwrap)
1377 #include <sys/types.h>
1378 #include <sys/socket.h>
1379 #include <netinet/in.h>
1381 int deny_severity = 0, allow_severity = 0;
1386 AC_DEFINE(LIBWRAP, 1,
1388 TCP Wrappers support])
1389 SSHDLIBS="$SSHDLIBS -lwrap"
1393 AC_MSG_ERROR([*** libwrap missing])
1401 # Check whether user wants libedit support
1403 AC_ARG_WITH(libedit,
1404 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1405 [ if test "x$withval" != "xno" ; then
1406 if test "x$withval" != "xyes"; then
1407 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1408 if test -n "${need_dash_r}"; then
1409 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1411 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1414 AC_CHECK_LIB(edit, el_init,
1415 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1416 LIBEDIT="-ledit -lcurses"
1420 [ AC_MSG_ERROR(libedit not found) ],
1423 AC_MSG_CHECKING(if libedit version is compatible)
1426 #include <histedit.h>
1430 el_init("", NULL, NULL, NULL);
1434 [ AC_MSG_RESULT(yes) ],
1436 AC_MSG_ERROR(libedit version is not compatible) ]
1443 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1445 AC_MSG_CHECKING(for supported audit module)
1450 dnl Checks for headers, libs and functions
1451 AC_CHECK_HEADERS(bsm/audit.h, [],
1452 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1459 AC_CHECK_LIB(bsm, getaudit, [],
1460 [AC_MSG_ERROR(BSM enabled and required library not found)])
1461 AC_CHECK_FUNCS(getaudit, [],
1462 [AC_MSG_ERROR(BSM enabled and required function not found)])
1463 # These are optional
1464 AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1465 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1469 AC_MSG_RESULT(debug)
1470 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1476 AC_MSG_ERROR([Unknown audit module $withval])
1481 dnl Checks for library functions. Please keep in alphabetical order
1569 # IRIX has a const char return value for gai_strerror()
1570 AC_CHECK_FUNCS(gai_strerror,[
1571 AC_DEFINE(HAVE_GAI_STRERROR)
1573 #include <sys/types.h>
1574 #include <sys/socket.h>
1577 const char *gai_strerror(int);],[
1580 str = gai_strerror(0);],[
1581 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1582 [Define if gai_strerror() returns const char *])])])
1584 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1585 [Some systems put nanosleep outside of libc]))
1587 dnl Make sure prototypes are defined for these before using them.
1588 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1589 AC_CHECK_DECL(strsep,
1590 [AC_CHECK_FUNCS(strsep)],
1593 #ifdef HAVE_STRING_H
1594 # include <string.h>
1598 dnl tcsendbreak might be a macro
1599 AC_CHECK_DECL(tcsendbreak,
1600 [AC_DEFINE(HAVE_TCSENDBREAK)],
1601 [AC_CHECK_FUNCS(tcsendbreak)],
1602 [#include <termios.h>]
1605 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1607 AC_CHECK_DECLS(SHUT_RD, , ,
1609 #include <sys/types.h>
1610 #include <sys/socket.h>
1613 AC_CHECK_DECLS(O_NONBLOCK, , ,
1615 #include <sys/types.h>
1616 #ifdef HAVE_SYS_STAT_H
1617 # include <sys/stat.h>
1624 AC_CHECK_DECLS(writev, , , [
1625 #include <sys/types.h>
1626 #include <sys/uio.h>
1630 AC_CHECK_DECLS(MAXSYMLINKS, , , [
1631 #include <sys/param.h>
1634 AC_CHECK_DECLS(offsetof, , , [
1638 AC_CHECK_FUNCS(setresuid, [
1639 dnl Some platorms have setresuid that isn't implemented, test for this
1640 AC_MSG_CHECKING(if setresuid seems to work)
1645 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1647 [AC_MSG_RESULT(yes)],
1648 [AC_DEFINE(BROKEN_SETRESUID, 1,
1649 [Define if your setresuid() is broken])
1650 AC_MSG_RESULT(not implemented)],
1651 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1655 AC_CHECK_FUNCS(setresgid, [
1656 dnl Some platorms have setresgid that isn't implemented, test for this
1657 AC_MSG_CHECKING(if setresgid seems to work)
1662 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1664 [AC_MSG_RESULT(yes)],
1665 [AC_DEFINE(BROKEN_SETRESGID, 1,
1666 [Define if your setresgid() is broken])
1667 AC_MSG_RESULT(not implemented)],
1668 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1672 dnl Checks for time functions
1673 AC_CHECK_FUNCS(gettimeofday time)
1674 dnl Checks for utmp functions
1675 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1676 AC_CHECK_FUNCS(utmpname)
1677 dnl Checks for utmpx functions
1678 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1679 AC_CHECK_FUNCS(setutxent utmpxname)
1681 AC_CHECK_FUNC(daemon,
1682 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1683 [AC_CHECK_LIB(bsd, daemon,
1684 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1687 AC_CHECK_FUNC(getpagesize,
1688 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1689 [Define if your libraries define getpagesize()])],
1690 [AC_CHECK_LIB(ucb, getpagesize,
1691 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1694 # Check for broken snprintf
1695 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1696 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1700 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1702 [AC_MSG_RESULT(yes)],
1705 AC_DEFINE(BROKEN_SNPRINTF, 1,
1706 [Define if your snprintf is busted])
1707 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1709 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1713 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1714 # returning the right thing on overflow: the number of characters it tried to
1715 # create (as per SUSv3)
1716 if test "x$ac_cv_func_asprintf" != "xyes" && \
1717 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1718 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1721 #include <sys/types.h>
1725 int x_snprintf(char *str,size_t count,const char *fmt,...)
1727 size_t ret; va_list ap;
1728 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1734 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1736 [AC_MSG_RESULT(yes)],
1739 AC_DEFINE(BROKEN_SNPRINTF, 1,
1740 [Define if your snprintf is busted])
1741 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1743 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1747 # On systems where [v]snprintf is broken, but is declared in stdio,
1748 # check that the fmt argument is const char * or just char *.
1749 # This is only useful for when BROKEN_SNPRINTF
1750 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1751 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1752 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1753 int main(void) { snprintf(0, 0, 0); }
1756 AC_DEFINE(SNPRINTF_CONST, [const],
1757 [Define as const if snprintf() can declare const char *fmt])],
1759 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1761 # Check for missing getpeereid (or equiv) support
1763 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then
1764 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1766 [#include <sys/types.h>
1767 #include <sys/socket.h>],
1768 [int i = SO_PEERCRED;],
1769 [ AC_MSG_RESULT(yes)
1770 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1777 dnl see whether mkstemp() requires XXXXXX
1778 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1779 AC_MSG_CHECKING([for (overly) strict mkstemp])
1783 main() { char template[]="conftest.mkstemp-test";
1784 if (mkstemp(template) == -1)
1786 unlink(template); exit(0);
1794 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1798 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1803 dnl make sure that openpty does not reacquire controlling terminal
1804 if test ! -z "$check_for_openpty_ctty_bug"; then
1805 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1809 #include <sys/fcntl.h>
1810 #include <sys/types.h>
1811 #include <sys/wait.h>
1817 int fd, ptyfd, ttyfd, status;
1820 if (pid < 0) { /* failed */
1822 } else if (pid > 0) { /* parent */
1823 waitpid(pid, &status, 0);
1824 if (WIFEXITED(status))
1825 exit(WEXITSTATUS(status));
1828 } else { /* child */
1829 close(0); close(1); close(2);
1831 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1832 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1834 exit(3); /* Acquired ctty: broken */
1836 exit(0); /* Did not acquire ctty: OK */
1845 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1848 AC_MSG_RESULT(cross-compiling, assuming yes)
1853 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1854 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1855 AC_MSG_CHECKING(if getaddrinfo seems to work)
1859 #include <sys/socket.h>
1862 #include <netinet/in.h>
1864 #define TEST_PORT "2222"
1870 struct addrinfo *gai_ai, *ai, hints;
1871 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1873 memset(&hints, 0, sizeof(hints));
1874 hints.ai_family = PF_UNSPEC;
1875 hints.ai_socktype = SOCK_STREAM;
1876 hints.ai_flags = AI_PASSIVE;
1878 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1880 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1884 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1885 if (ai->ai_family != AF_INET6)
1888 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1889 sizeof(ntop), strport, sizeof(strport),
1890 NI_NUMERICHOST|NI_NUMERICSERV);
1893 if (err == EAI_SYSTEM)
1894 perror("getnameinfo EAI_SYSTEM");
1896 fprintf(stderr, "getnameinfo failed: %s\n",
1901 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1904 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1917 AC_DEFINE(BROKEN_GETADDRINFO)
1920 AC_MSG_RESULT(cross-compiling, assuming yes)
1925 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1926 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1927 AC_MSG_CHECKING(if getaddrinfo seems to work)
1931 #include <sys/socket.h>
1934 #include <netinet/in.h>
1936 #define TEST_PORT "2222"
1942 struct addrinfo *gai_ai, *ai, hints;
1943 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1945 memset(&hints, 0, sizeof(hints));
1946 hints.ai_family = PF_UNSPEC;
1947 hints.ai_socktype = SOCK_STREAM;
1948 hints.ai_flags = AI_PASSIVE;
1950 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1952 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1956 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1957 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1960 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1961 sizeof(ntop), strport, sizeof(strport),
1962 NI_NUMERICHOST|NI_NUMERICSERV);
1964 if (ai->ai_family == AF_INET && err != 0) {
1965 perror("getnameinfo");
1974 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1975 [Define if you have a getaddrinfo that fails
1976 for the all-zeros IPv6 address])
1980 AC_DEFINE(BROKEN_GETADDRINFO)
1983 AC_MSG_RESULT(cross-compiling, assuming no)
1988 if test "x$check_for_conflicting_getspnam" = "x1"; then
1989 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1993 int main(void) {exit(0);}
2000 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
2001 [Conflicting defs for getspnam])
2008 # Search for OpenSSL
2009 saved_CPPFLAGS="$CPPFLAGS"
2010 saved_LDFLAGS="$LDFLAGS"
2011 AC_ARG_WITH(ssl-dir,
2012 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
2014 if test "x$withval" != "xno" ; then
2017 ./*|../*) withval="`pwd`/$withval"
2019 if test -d "$withval/lib"; then
2020 if test -n "${need_dash_r}"; then
2021 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
2023 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
2026 if test -n "${need_dash_r}"; then
2027 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
2029 LDFLAGS="-L${withval} ${LDFLAGS}"
2032 if test -d "$withval/include"; then
2033 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
2035 CPPFLAGS="-I${withval} ${CPPFLAGS}"
2041 if test -z "$GSI_LIBS" ; then
2042 LIBS="-lcrypto $LIBS"
2044 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
2045 [Define if your ssl headers are included
2046 with #include <openssl/header.h>]),
2048 dnl Check default openssl install dir
2049 if test -n "${need_dash_r}"; then
2050 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
2052 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
2054 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
2055 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
2057 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
2063 # Determine OpenSSL header version
2064 AC_MSG_CHECKING([OpenSSL header version])
2069 #include <openssl/opensslv.h>
2070 #define DATA "conftest.sslincver"
2075 fd = fopen(DATA,"w");
2079 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2086 ssl_header_ver=`cat conftest.sslincver`
2087 AC_MSG_RESULT($ssl_header_ver)
2090 AC_MSG_RESULT(not found)
2091 AC_MSG_ERROR(OpenSSL version header not found.)
2094 AC_MSG_WARN([cross compiling: not checking])
2098 # Determine OpenSSL library version
2099 AC_MSG_CHECKING([OpenSSL library version])
2104 #include <openssl/opensslv.h>
2105 #include <openssl/crypto.h>
2106 #define DATA "conftest.ssllibver"
2111 fd = fopen(DATA,"w");
2115 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2122 ssl_library_ver=`cat conftest.ssllibver`
2123 AC_MSG_RESULT($ssl_library_ver)
2126 AC_MSG_RESULT(not found)
2127 AC_MSG_ERROR(OpenSSL library not found.)
2130 AC_MSG_WARN([cross compiling: not checking])
2134 AC_ARG_WITH(openssl-header-check,
2135 [ --without-openssl-header-check Disable OpenSSL version consistency check],
2136 [ if test "x$withval" = "xno" ; then
2137 openssl_check_nonfatal=1
2142 # Sanity check OpenSSL headers
2143 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2147 #include <openssl/opensslv.h>
2148 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2155 if test "x$openssl_check_nonfatal" = "x"; then
2156 AC_MSG_ERROR([Your OpenSSL headers do not match your
2157 library. Check config.log for details.
2158 If you are sure your installation is consistent, you can disable the check
2159 by running "./configure --without-openssl-header-check".
2160 Also see contrib/findssl.sh for help identifying header/library mismatches.
2163 AC_MSG_WARN([Your OpenSSL headers do not match your
2164 library. Check config.log for details.
2165 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2169 AC_MSG_WARN([cross compiling: not checking])
2173 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2176 #include <openssl/evp.h>
2177 int main(void) { SSLeay_add_all_algorithms(); }
2186 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2189 #include <openssl/evp.h>
2190 int main(void) { SSLeay_add_all_algorithms(); }
2203 AC_ARG_WITH(ssl-engine,
2204 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2205 [ if test "x$withval" != "xno" ; then
2206 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2208 [ #include <openssl/engine.h>],
2210 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2212 [ AC_MSG_RESULT(yes)
2213 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2214 [Enable OpenSSL engine support])
2216 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2221 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2222 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2226 #include <openssl/evp.h>
2227 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2234 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2235 [libcrypto is missing AES 192 and 256 bit functions])
2239 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2240 # because the system crypt() is more featureful.
2241 if test "x$check_for_libcrypt_before" = "x1"; then
2242 AC_CHECK_LIB(crypt, crypt)
2245 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2246 # version in OpenSSL.
2247 if test "x$check_for_libcrypt_later" = "x1"; then
2248 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2251 # Search for SHA256 support in libc and/or OpenSSL
2252 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2255 AC_CHECK_LIB(iaf, ia_openinfo, [
2257 AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
2258 AC_DEFINE(HAVE_LIBIAF, 1,
2259 [Define if system has libiaf that supports set_id])
2264 ### Configure cryptographic random number support
2266 # Check wheter OpenSSL seeds itself
2267 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2271 #include <openssl/rand.h>
2272 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2275 OPENSSL_SEEDS_ITSELF=yes
2280 # Default to use of the rand helper if OpenSSL doesn't
2285 AC_MSG_WARN([cross compiling: assuming yes])
2286 # This is safe, since all recent OpenSSL versions will
2287 # complain at runtime if not seeded correctly.
2288 OPENSSL_SEEDS_ITSELF=yes
2292 # Check for PAM libs
2295 [ --with-pam Enable PAM support ],
2297 if test "x$withval" != "xno" ; then
2298 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2299 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2300 AC_MSG_ERROR([PAM headers not found])
2304 AC_CHECK_LIB(dl, dlopen, , )
2305 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2306 AC_CHECK_FUNCS(pam_getenvlist)
2307 AC_CHECK_FUNCS(pam_putenv)
2312 SSHDLIBS="$SSHDLIBS -lpam"
2313 AC_DEFINE(USE_PAM, 1,
2314 [Define if you want to enable PAM support])
2316 if test $ac_cv_lib_dl_dlopen = yes; then
2319 # libdl already in LIBS
2322 SSHDLIBS="$SSHDLIBS -ldl"
2330 AC_CHECK_LIB(dl, dlopen, , )
2331 AC_CHECK_LIB(pam, pam_set_item, , )
2332 AC_CHECK_FUNCS(pam_getenvlist)
2333 AC_CHECK_FUNCS(pam_putenv)
2336 if (test "x$ac_cv_header_security_pam_appl_h" = "xyes" || \
2337 test "x$ac_cv_header_pam_pam_appl_h" = "xyes") &&
2338 test "x$ac_cv_lib_pam_pam_set_item" = "xyes" ; then
2344 if test $ac_cv_lib_dl_dlopen = yes; then
2347 # libdl already in LIBS
2350 LIBPAM="$LIBPAM -ldl"
2359 # Check for older PAM
2360 if test "x$PAM_MSG" = "xyes" ; then
2361 # Check PAM strerror arguments (old PAM)
2362 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2366 #if defined(HAVE_SECURITY_PAM_APPL_H)
2367 #include <security/pam_appl.h>
2368 #elif defined (HAVE_PAM_PAM_APPL_H)
2369 #include <pam/pam_appl.h>
2372 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2373 [AC_MSG_RESULT(no)],
2375 AC_DEFINE(HAVE_OLD_PAM, 1,
2376 [Define if you have an old version of PAM
2377 which takes only one argument to pam_strerror])
2379 PAM_MSG="yes (old library)"
2384 # Do we want to force the use of the rand helper?
2385 AC_ARG_WITH(rand-helper,
2386 [ --with-rand-helper Use subprocess to gather strong randomness ],
2388 if test "x$withval" = "xno" ; then
2389 # Force use of OpenSSL's internal RNG, even if
2390 # the previous test showed it to be unseeded.
2391 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2392 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2393 OPENSSL_SEEDS_ITSELF=yes
2402 # Which randomness source do we use?
2403 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2405 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2406 [Define if you want OpenSSL's internally seeded PRNG only])
2407 RAND_MSG="OpenSSL internal ONLY"
2408 INSTALL_SSH_RAND_HELPER=""
2409 elif test ! -z "$USE_RAND_HELPER" ; then
2410 # install rand helper
2411 RAND_MSG="ssh-rand-helper"
2412 INSTALL_SSH_RAND_HELPER="yes"
2414 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2416 ### Configuration of ssh-rand-helper
2419 AC_ARG_WITH(prngd-port,
2420 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2429 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2432 if test ! -z "$withval" ; then
2433 PRNGD_PORT="$withval"
2434 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2435 [Port number of PRNGD/EGD random number socket])
2440 # PRNGD Unix domain socket
2441 AC_ARG_WITH(prngd-socket,
2442 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2446 withval="/var/run/egd-pool"
2454 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2458 if test ! -z "$withval" ; then
2459 if test ! -z "$PRNGD_PORT" ; then
2460 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2462 if test ! -r "$withval" ; then
2463 AC_MSG_WARN(Entropy socket is not readable)
2465 PRNGD_SOCKET="$withval"
2466 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2467 [Location of PRNGD/EGD random number socket])
2471 # Check for existing socket only if we don't have a random device already
2472 if test "$USE_RAND_HELPER" = yes ; then
2473 AC_MSG_CHECKING(for PRNGD/EGD socket)
2474 # Insert other locations here
2475 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2476 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2477 PRNGD_SOCKET="$sock"
2478 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2482 if test ! -z "$PRNGD_SOCKET" ; then
2483 AC_MSG_RESULT($PRNGD_SOCKET)
2485 AC_MSG_RESULT(not found)
2491 # Change default command timeout for hashing entropy source
2493 AC_ARG_WITH(entropy-timeout,
2494 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2496 if test -n "$withval" && test "x$withval" != "xno" && \
2497 test "x${withval}" != "xyes"; then
2498 entropy_timeout=$withval
2502 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2503 [Builtin PRNG command timeout])
2505 SSH_PRIVSEP_USER=sshd
2506 AC_ARG_WITH(privsep-user,
2507 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2509 if test -n "$withval" && test "x$withval" != "xno" && \
2510 test "x${withval}" != "xyes"; then
2511 SSH_PRIVSEP_USER=$withval
2515 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2516 [non-privileged user for privilege separation])
2517 AC_SUBST(SSH_PRIVSEP_USER)
2519 # We do this little dance with the search path to insure
2520 # that programs that we select for use by installed programs
2521 # (which may be run by the super-user) come from trusted
2522 # locations before they come from the user's private area.
2523 # This should help avoid accidentally configuring some
2524 # random version of a program in someone's personal bin.
2528 test -h /bin 2> /dev/null && PATH=/usr/bin
2529 test -d /sbin && PATH=$PATH:/sbin
2530 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2531 PATH=$PATH:/etc:$OPATH
2533 # These programs are used by the command hashing source to gather entropy
2534 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2535 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2536 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2537 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2538 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2539 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2540 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2541 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2542 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2543 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2544 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2545 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2546 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2547 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2548 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2549 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2553 # Where does ssh-rand-helper get its randomness from?
2554 INSTALL_SSH_PRNG_CMDS=""
2555 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2556 if test ! -z "$PRNGD_PORT" ; then
2557 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2558 elif test ! -z "$PRNGD_SOCKET" ; then
2559 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2561 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2562 RAND_HELPER_CMDHASH=yes
2563 INSTALL_SSH_PRNG_CMDS="yes"
2566 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2569 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2570 if test ! -z "$SONY" ; then
2571 LIBS="$LIBS -liberty";
2574 # Check for long long datatypes
2575 AC_CHECK_TYPES([long long, unsigned long long, long double])
2577 # Check datatype sizes
2578 AC_CHECK_SIZEOF(char, 1)
2579 AC_CHECK_SIZEOF(short int, 2)
2580 AC_CHECK_SIZEOF(int, 4)
2581 AC_CHECK_SIZEOF(long int, 4)
2582 AC_CHECK_SIZEOF(long long int, 8)
2584 # Sanity check long long for some platforms (AIX)
2585 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2586 ac_cv_sizeof_long_long_int=0
2589 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2590 if test -z "$have_llong_max"; then
2591 AC_MSG_CHECKING([for max value of long long])
2595 /* Why is this so damn hard? */
2599 #define __USE_ISOC99
2601 #define DATA "conftest.llminmax"
2602 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2605 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2606 * we do this the hard way.
2609 fprint_ll(FILE *f, long long n)
2612 int l[sizeof(long long) * 8];
2615 if (fprintf(f, "-") < 0)
2617 for (i = 0; n != 0; i++) {
2618 l[i] = my_abs(n % 10);
2622 if (fprintf(f, "%d", l[--i]) < 0)
2625 if (fprintf(f, " ") < 0)
2632 long long i, llmin, llmax = 0;
2634 if((f = fopen(DATA,"w")) == NULL)
2637 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2638 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2642 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2643 /* This will work on one's complement and two's complement */
2644 for (i = 1; i > llmax; i <<= 1, i++)
2646 llmin = llmax + 1LL; /* wrap */
2650 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2651 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2652 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2653 fprintf(f, "unknown unknown\n");
2657 if (fprint_ll(f, llmin) < 0)
2659 if (fprint_ll(f, llmax) < 0)
2667 llong_min=`$AWK '{print $1}' conftest.llminmax`
2668 llong_max=`$AWK '{print $2}' conftest.llminmax`
2670 AC_MSG_RESULT($llong_max)
2671 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2672 [max value of long long calculated by configure])
2673 AC_MSG_CHECKING([for min value of long long])
2674 AC_MSG_RESULT($llong_min)
2675 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2676 [min value of long long calculated by configure])
2679 AC_MSG_RESULT(not found)
2682 AC_MSG_WARN([cross compiling: not checking])
2688 # More checks for data types
2689 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2691 [ #include <sys/types.h> ],
2693 [ ac_cv_have_u_int="yes" ],
2694 [ ac_cv_have_u_int="no" ]
2697 if test "x$ac_cv_have_u_int" = "xyes" ; then
2698 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2702 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2704 [ #include <sys/types.h> ],
2705 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2706 [ ac_cv_have_intxx_t="yes" ],
2707 [ ac_cv_have_intxx_t="no" ]
2710 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2711 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2715 if (test -z "$have_intxx_t" && \
2716 test "x$ac_cv_header_stdint_h" = "xyes")
2718 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2720 [ #include <stdint.h> ],
2721 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2723 AC_DEFINE(HAVE_INTXX_T)
2726 [ AC_MSG_RESULT(no) ]
2730 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2733 #include <sys/types.h>
2734 #ifdef HAVE_STDINT_H
2735 # include <stdint.h>
2737 #include <sys/socket.h>
2738 #ifdef HAVE_SYS_BITYPES_H
2739 # include <sys/bitypes.h>
2742 [ int64_t a; a = 1;],
2743 [ ac_cv_have_int64_t="yes" ],
2744 [ ac_cv_have_int64_t="no" ]
2747 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2748 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2751 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2753 [ #include <sys/types.h> ],
2754 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2755 [ ac_cv_have_u_intxx_t="yes" ],
2756 [ ac_cv_have_u_intxx_t="no" ]
2759 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2760 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2764 if test -z "$have_u_intxx_t" ; then
2765 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2767 [ #include <sys/socket.h> ],
2768 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2770 AC_DEFINE(HAVE_U_INTXX_T)
2773 [ AC_MSG_RESULT(no) ]
2777 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2779 [ #include <sys/types.h> ],
2780 [ u_int64_t a; a = 1;],
2781 [ ac_cv_have_u_int64_t="yes" ],
2782 [ ac_cv_have_u_int64_t="no" ]
2785 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2786 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2790 if test -z "$have_u_int64_t" ; then
2791 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2793 [ #include <sys/bitypes.h> ],
2794 [ u_int64_t a; a = 1],
2796 AC_DEFINE(HAVE_U_INT64_T)
2799 [ AC_MSG_RESULT(no) ]
2803 if test -z "$have_u_intxx_t" ; then
2804 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2807 #include <sys/types.h>
2809 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2810 [ ac_cv_have_uintxx_t="yes" ],
2811 [ ac_cv_have_uintxx_t="no" ]
2814 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2815 AC_DEFINE(HAVE_UINTXX_T, 1,
2816 [define if you have uintxx_t data type])
2820 if test -z "$have_uintxx_t" ; then
2821 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2823 [ #include <stdint.h> ],
2824 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2826 AC_DEFINE(HAVE_UINTXX_T)
2829 [ AC_MSG_RESULT(no) ]
2833 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2834 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2836 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2839 #include <sys/bitypes.h>
2842 int8_t a; int16_t b; int32_t c;
2843 u_int8_t e; u_int16_t f; u_int32_t g;
2844 a = b = c = e = f = g = 1;
2847 AC_DEFINE(HAVE_U_INTXX_T)
2848 AC_DEFINE(HAVE_INTXX_T)
2856 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2859 #include <sys/types.h>
2861 [ u_char foo; foo = 125; ],
2862 [ ac_cv_have_u_char="yes" ],
2863 [ ac_cv_have_u_char="no" ]
2866 if test "x$ac_cv_have_u_char" = "xyes" ; then
2867 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2872 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2874 AC_CHECK_TYPES(in_addr_t,,,
2875 [#include <sys/types.h>
2876 #include <netinet/in.h>])
2878 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2881 #include <sys/types.h>
2883 [ size_t foo; foo = 1235; ],
2884 [ ac_cv_have_size_t="yes" ],
2885 [ ac_cv_have_size_t="no" ]
2888 if test "x$ac_cv_have_size_t" = "xyes" ; then
2889 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2892 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2895 #include <sys/types.h>
2897 [ ssize_t foo; foo = 1235; ],
2898 [ ac_cv_have_ssize_t="yes" ],
2899 [ ac_cv_have_ssize_t="no" ]
2902 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2903 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2906 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2911 [ clock_t foo; foo = 1235; ],
2912 [ ac_cv_have_clock_t="yes" ],
2913 [ ac_cv_have_clock_t="no" ]
2916 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2917 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2920 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2923 #include <sys/types.h>
2924 #include <sys/socket.h>
2926 [ sa_family_t foo; foo = 1235; ],
2927 [ ac_cv_have_sa_family_t="yes" ],
2930 #include <sys/types.h>
2931 #include <sys/socket.h>
2932 #include <netinet/in.h>
2934 [ sa_family_t foo; foo = 1235; ],
2935 [ ac_cv_have_sa_family_t="yes" ],
2937 [ ac_cv_have_sa_family_t="no" ]
2941 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2942 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2943 [define if you have sa_family_t data type])
2946 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2949 #include <sys/types.h>
2951 [ pid_t foo; foo = 1235; ],
2952 [ ac_cv_have_pid_t="yes" ],
2953 [ ac_cv_have_pid_t="no" ]
2956 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2957 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2960 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2963 #include <sys/types.h>
2965 [ mode_t foo; foo = 1235; ],
2966 [ ac_cv_have_mode_t="yes" ],
2967 [ ac_cv_have_mode_t="no" ]
2970 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2971 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2975 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2978 #include <sys/types.h>
2979 #include <sys/socket.h>
2981 [ struct sockaddr_storage s; ],
2982 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2983 [ ac_cv_have_struct_sockaddr_storage="no" ]
2986 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2987 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2988 [define if you have struct sockaddr_storage data type])
2991 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2994 #include <sys/types.h>
2995 #include <netinet/in.h>
2997 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2998 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2999 [ ac_cv_have_struct_sockaddr_in6="no" ]
3002 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
3003 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
3004 [define if you have struct sockaddr_in6 data type])
3007 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
3010 #include <sys/types.h>
3011 #include <netinet/in.h>
3013 [ struct in6_addr s; s.s6_addr[0] = 0; ],
3014 [ ac_cv_have_struct_in6_addr="yes" ],
3015 [ ac_cv_have_struct_in6_addr="no" ]
3018 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
3019 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
3020 [define if you have struct in6_addr data type])
3023 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
3026 #include <sys/types.h>
3027 #include <sys/socket.h>
3030 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
3031 [ ac_cv_have_struct_addrinfo="yes" ],
3032 [ ac_cv_have_struct_addrinfo="no" ]
3035 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
3036 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
3037 [define if you have struct addrinfo data type])
3040 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
3042 [ #include <sys/time.h> ],
3043 [ struct timeval tv; tv.tv_sec = 1;],
3044 [ ac_cv_have_struct_timeval="yes" ],
3045 [ ac_cv_have_struct_timeval="no" ]
3048 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
3049 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
3050 have_struct_timeval=1
3053 AC_CHECK_TYPES(struct timespec)
3055 # We need int64_t or else certian parts of the compile will fail.
3056 if test "x$ac_cv_have_int64_t" = "xno" && \
3057 test "x$ac_cv_sizeof_long_int" != "x8" && \
3058 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
3059 echo "OpenSSH requires int64_t support. Contact your vendor or install"
3060 echo "an alternative compiler (I.E., GCC) before continuing."
3064 dnl test snprintf (broken on SCO w/gcc)
3069 #ifdef HAVE_SNPRINTF
3073 char expected_out[50];
3075 #if (SIZEOF_LONG_INT == 8)
3076 long int num = 0x7fffffffffffffff;
3078 long long num = 0x7fffffffffffffffll;
3080 strcpy(expected_out, "9223372036854775807");
3081 snprintf(buf, mazsize, "%lld", num);
3082 if(strcmp(buf, expected_out) != 0)
3089 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
3090 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
3094 dnl Checks for structure members
3095 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
3096 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
3097 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
3098 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
3099 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
3100 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
3101 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
3102 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
3103 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3104 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3105 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3106 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3107 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3108 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3109 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3110 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3111 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3113 AC_CHECK_MEMBERS([struct stat.st_blksize])
3114 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3115 [Define if we don't have struct __res_state in resolv.h])],
3118 #if HAVE_SYS_TYPES_H
3119 # include <sys/types.h>
3121 #include <netinet/in.h>
3122 #include <arpa/nameser.h>
3126 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3127 ac_cv_have_ss_family_in_struct_ss, [
3130 #include <sys/types.h>
3131 #include <sys/socket.h>
3133 [ struct sockaddr_storage s; s.ss_family = 1; ],
3134 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3135 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3138 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3139 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3142 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3143 ac_cv_have___ss_family_in_struct_ss, [
3146 #include <sys/types.h>
3147 #include <sys/socket.h>
3149 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3150 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3151 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3154 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3155 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3156 [Fields in struct sockaddr_storage])
3159 AC_CACHE_CHECK([for pw_class field in struct passwd],
3160 ac_cv_have_pw_class_in_struct_passwd, [
3165 [ struct passwd p; p.pw_class = 0; ],
3166 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3167 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3170 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3171 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3172 [Define if your password has a pw_class field])
3175 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3176 ac_cv_have_pw_expire_in_struct_passwd, [
3181 [ struct passwd p; p.pw_expire = 0; ],
3182 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3183 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3186 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3187 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3188 [Define if your password has a pw_expire field])
3191 AC_CACHE_CHECK([for pw_change field in struct passwd],
3192 ac_cv_have_pw_change_in_struct_passwd, [
3197 [ struct passwd p; p.pw_change = 0; ],
3198 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3199 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3202 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3203 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3204 [Define if your password has a pw_change field])
3207 dnl make sure we're using the real structure members and not defines
3208 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3209 ac_cv_have_accrights_in_msghdr, [
3212 #include <sys/types.h>
3213 #include <sys/socket.h>
3214 #include <sys/uio.h>
3216 #ifdef msg_accrights
3217 #error "msg_accrights is a macro"
3221 m.msg_accrights = 0;
3225 [ ac_cv_have_accrights_in_msghdr="yes" ],
3226 [ ac_cv_have_accrights_in_msghdr="no" ]
3229 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3230 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3231 [Define if your system uses access rights style
3232 file descriptor passing])
3235 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3236 ac_cv_have_control_in_msghdr, [
3239 #include <sys/types.h>
3240 #include <sys/socket.h>
3241 #include <sys/uio.h>
3244 #error "msg_control is a macro"
3252 [ ac_cv_have_control_in_msghdr="yes" ],
3253 [ ac_cv_have_control_in_msghdr="no" ]
3256 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3257 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3258 [Define if your system uses ancillary data style
3259 file descriptor passing])
3262 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3264 [ extern char *__progname; printf("%s", __progname); ],
3265 [ ac_cv_libc_defines___progname="yes" ],
3266 [ ac_cv_libc_defines___progname="no" ]
3269 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3270 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3273 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3277 [ printf("%s", __FUNCTION__); ],
3278 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3279 [ ac_cv_cc_implements___FUNCTION__="no" ]
3282 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3283 AC_DEFINE(HAVE___FUNCTION__, 1,
3284 [Define if compiler implements __FUNCTION__])
3287 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3291 [ printf("%s", __func__); ],
3292 [ ac_cv_cc_implements___func__="yes" ],
3293 [ ac_cv_cc_implements___func__="no" ]
3296 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3297 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3300 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3302 [#include <stdarg.h>
3305 [ ac_cv_have_va_copy="yes" ],
3306 [ ac_cv_have_va_copy="no" ]
3309 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3310 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3313 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3315 [#include <stdarg.h>
3318 [ ac_cv_have___va_copy="yes" ],
3319 [ ac_cv_have___va_copy="no" ]
3322 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3323 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3326 AC_CACHE_CHECK([whether getopt has optreset support],
3327 ac_cv_have_getopt_optreset, [
3332 [ extern int optreset; optreset = 0; ],
3333 [ ac_cv_have_getopt_optreset="yes" ],
3334 [ ac_cv_have_getopt_optreset="no" ]
3337 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3338 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3339 [Define if your getopt(3) defines and uses optreset])
3342 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3344 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3345 [ ac_cv_libc_defines_sys_errlist="yes" ],
3346 [ ac_cv_libc_defines_sys_errlist="no" ]
3349 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3350 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3351 [Define if your system defines sys_errlist[]])
3355 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3357 [ extern int sys_nerr; printf("%i", sys_nerr);],
3358 [ ac_cv_libc_defines_sys_nerr="yes" ],
3359 [ ac_cv_libc_defines_sys_nerr="no" ]
3362 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3363 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3367 # Check whether user wants sectok support
3369 [ --with-sectok Enable smartcard support using libsectok],
3371 if test "x$withval" != "xno" ; then
3372 if test "x$withval" != "xyes" ; then
3373 CPPFLAGS="$CPPFLAGS -I${withval}"
3374 LDFLAGS="$LDFLAGS -L${withval}"
3375 if test ! -z "$need_dash_r" ; then
3376 LDFLAGS="$LDFLAGS -R${withval}"
3378 if test ! -z "$blibpath" ; then
3379 blibpath="$blibpath:${withval}"
3382 AC_CHECK_HEADERS(sectok.h)
3383 if test "$ac_cv_header_sectok_h" != yes; then
3384 AC_MSG_ERROR(Can't find sectok.h)
3386 AC_CHECK_LIB(sectok, sectok_open)
3387 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3388 AC_MSG_ERROR(Can't find libsectok)
3390 AC_DEFINE(SMARTCARD, 1,
3391 [Define if you want smartcard support])
3392 AC_DEFINE(USE_SECTOK, 1,
3393 [Define if you want smartcard support
3395 SCARD_MSG="yes, using sectok"
3400 # Check whether user wants OpenSC support
3403 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3405 if test "x$withval" != "xno" ; then
3406 if test "x$withval" != "xyes" ; then
3407 OPENSC_CONFIG=$withval/bin/opensc-config
3409 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3411 if test "$OPENSC_CONFIG" != "no"; then
3412 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3413 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3414 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3415 LIBS="$LIBS $LIBOPENSC_LIBS"
3416 AC_DEFINE(SMARTCARD)
3417 AC_DEFINE(USE_OPENSC, 1,
3418 [Define if you want smartcard support
3420 SCARD_MSG="yes, using OpenSC"
3426 # Check libraries needed by DNS fingerprint support
3427 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3428 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3429 [Define if getrrsetbyname() exists])],
3431 # Needed by our getrrsetbyname()
3432 AC_SEARCH_LIBS(res_query, resolv)
3433 AC_SEARCH_LIBS(dn_expand, resolv)
3434 AC_MSG_CHECKING(if res_query will link)
3435 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3438 LIBS="$LIBS -lresolv"
3439 AC_MSG_CHECKING(for res_query in -lresolv)
3444 res_query (0, 0, 0, 0, 0);
3448 [LIBS="$LIBS -lresolv"
3449 AC_MSG_RESULT(yes)],
3453 AC_CHECK_FUNCS(_getshort _getlong)
3454 AC_CHECK_DECLS([_getshort, _getlong], , ,
3455 [#include <sys/types.h>
3456 #include <arpa/nameser.h>])
3457 AC_CHECK_MEMBER(HEADER.ad,
3458 [AC_DEFINE(HAVE_HEADER_AD, 1,
3459 [Define if HEADER.ad exists in arpa/nameser.h])],,
3460 [#include <arpa/nameser.h>])
3463 AC_MSG_CHECKING(if struct __res_state _res is an extern)
3466 #if HAVE_SYS_TYPES_H
3467 # include <sys/types.h>
3469 #include <netinet/in.h>
3470 #include <arpa/nameser.h>
3472 extern struct __res_state _res;
3473 int main() { return 0; }
3476 AC_DEFINE(HAVE__RES_EXTERN, 1,
3477 [Define if you have struct __res_state _res as an extern])
3479 [ AC_MSG_RESULT(no) ]
3482 # Check whether user wants SELinux support
3485 AC_ARG_WITH(selinux,
3486 [ --with-selinux Enable SELinux support],
3487 [ if test "x$withval" != "xno" ; then
3489 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3491 AC_CHECK_HEADER([selinux/selinux.h], ,
3492 AC_MSG_ERROR(SELinux support requires selinux.h header))
3493 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3494 AC_MSG_ERROR(SELinux support requires libselinux library))
3495 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3496 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3501 # Check whether user wants Kerberos 5 support
3503 AC_ARG_WITH(kerberos5,
3504 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3505 [ if test "x$withval" != "xno" ; then
3506 if test "x$withval" = "xyes" ; then
3507 KRB5ROOT="/usr/local"
3512 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3515 AC_MSG_CHECKING(for krb5-config)
3516 if test -x $KRB5ROOT/bin/krb5-config ; then
3517 KRB5CONF=$KRB5ROOT/bin/krb5-config
3518 AC_MSG_RESULT($KRB5CONF)
3520 AC_MSG_CHECKING(for gssapi support)
3521 if $KRB5CONF | grep gssapi >/dev/null ; then
3523 AC_DEFINE(GSSAPI, 1,
3524 [Define this if you want GSSAPI
3525 support in the version 2 protocol])
3531 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3532 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3533 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3534 AC_MSG_CHECKING(whether we are using Heimdal)
3535 AC_TRY_COMPILE([ #include <krb5.h> ],
3536 [ char *tmp = heimdal_version; ],
3537 [ AC_MSG_RESULT(yes)
3538 AC_DEFINE(HEIMDAL, 1,
3539 [Define this if you are using the
3540 Heimdal version of Kerberos V5]) ],
3545 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3546 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3547 AC_MSG_CHECKING(whether we are using Heimdal)
3548 AC_TRY_COMPILE([ #include <krb5.h> ],
3549 [ char *tmp = heimdal_version; ],
3550 [ AC_MSG_RESULT(yes)
3552 K5LIBS="-lkrb5 -ldes"
3553 K5LIBS="$K5LIBS -lcom_err -lasn1"
3554 AC_CHECK_LIB(roken, net_write,
3555 [K5LIBS="$K5LIBS -lroken"])
3558 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3561 AC_SEARCH_LIBS(dn_expand, resolv)
3563 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3565 K5LIBS="-lgssapi $K5LIBS" ],
3566 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3568 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3569 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3574 AC_CHECK_HEADER(gssapi.h, ,
3575 [ unset ac_cv_header_gssapi_h
3576 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3577 AC_CHECK_HEADERS(gssapi.h, ,
3578 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3584 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3585 AC_CHECK_HEADER(gssapi_krb5.h, ,
3586 [ CPPFLAGS="$oldCPP" ])
3588 # If we're using some other GSSAPI
3589 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3590 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3593 if test -z "$GSSAPI"; then
3598 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3599 AC_CHECK_HEADER(gssapi_krb5.h, ,
3600 [ CPPFLAGS="$oldCPP" ])
3603 if test ! -z "$need_dash_r" ; then
3604 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3606 if test ! -z "$blibpath" ; then
3607 blibpath="$blibpath:${KRB5ROOT}/lib"
3610 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3611 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3612 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3614 LIBS="$LIBS $K5LIBS"
3615 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3616 [Define this if you want to use libkafs' AFS support]))
3621 # Check whether user wants AFS_KRB5 support
3623 AC_ARG_WITH(afs-krb5,
3624 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3626 if test "x$withval" != "xno" ; then
3628 if test "x$withval" != "xyes" ; then
3629 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3630 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3632 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3634 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3637 if test -z "$KRB5ROOT" ; then
3638 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3641 LIBS="-lkrbafs -lkrb4 $LIBS"
3642 if test ! -z "$AFS_LIBS" ; then
3643 LIBS="$LIBS $AFS_LIBS"
3645 AC_DEFINE(AFS_KRB5, 1,
3646 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3652 AC_ARG_WITH(session-hooks,
3653 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3654 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3657 # Looking for programs, paths and files
3659 PRIVSEP_PATH=/var/empty
3660 AC_ARG_WITH(privsep-path,
3661 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3663 if test -n "$withval" && test "x$withval" != "xno" && \
3664 test "x${withval}" != "xyes"; then
3665 PRIVSEP_PATH=$withval
3669 AC_SUBST(PRIVSEP_PATH)
3672 [ --with-xauth=PATH Specify path to xauth program ],
3674 if test -n "$withval" && test "x$withval" != "xno" && \
3675 test "x${withval}" != "xyes"; then
3681 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3682 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3683 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3684 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3685 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3686 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3687 xauth_path="/usr/openwin/bin/xauth"
3693 AC_ARG_ENABLE(strip,
3694 [ --disable-strip Disable calling strip(1) on install],
3696 if test "x$enableval" = "xno" ; then
3703 if test -z "$xauth_path" ; then
3704 XAUTH_PATH="undefined"
3705 AC_SUBST(XAUTH_PATH)
3707 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3708 [Define if xauth is found in your path])
3709 XAUTH_PATH=$xauth_path
3710 AC_SUBST(XAUTH_PATH)
3713 # Check for mail directory (last resort if we cannot get it from headers)
3714 if test ! -z "$MAIL" ; then
3715 maildir=`dirname $MAIL`
3716 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3717 [Set this to your mail directory if you don't have maillock.h])
3720 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3721 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3722 disable_ptmx_check=yes
3724 if test -z "$no_dev_ptmx" ; then
3725 if test "x$disable_ptmx_check" != "xyes" ; then
3726 AC_CHECK_FILE("/dev/ptmx",
3728 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3729 [Define if you have /dev/ptmx])
3736 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3737 AC_CHECK_FILE("/dev/ptc",
3739 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3740 [Define if you have /dev/ptc])
3745 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3748 # Options from here on. Some of these are preset by platform above
3749 AC_ARG_WITH(mantype,
3750 [ --with-mantype=man|cat|doc Set man page type],
3757 AC_MSG_ERROR(invalid man type: $withval)
3762 if test -z "$MANTYPE"; then
3763 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3764 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3765 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3767 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3774 if test "$MANTYPE" = "doc"; then
3781 # Check whether to enable MD5 passwords
3783 AC_ARG_WITH(md5-passwords,
3784 [ --with-md5-passwords Enable use of MD5 passwords],
3786 if test "x$withval" != "xno" ; then
3787 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3788 [Define if you want to allow MD5 passwords])
3794 # Whether to disable shadow password support
3796 [ --without-shadow Disable shadow password support],
3798 if test "x$withval" = "xno" ; then
3799 AC_DEFINE(DISABLE_SHADOW)
3805 if test -z "$disable_shadow" ; then
3806 AC_MSG_CHECKING([if the systems has expire shadow information])
3809 #include <sys/types.h>
3812 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3813 [ sp_expire_available=yes ], []
3816 if test "x$sp_expire_available" = "xyes" ; then
3818 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3819 [Define if you want to use shadow password expire field])
3825 # Use ip address instead of hostname in $DISPLAY
3826 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3827 DISPLAY_HACK_MSG="yes"
3828 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3829 [Define if you need to use IP address
3830 instead of hostname in $DISPLAY])
3832 DISPLAY_HACK_MSG="no"
3833 AC_ARG_WITH(ipaddr-display,
3834 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3836 if test "x$withval" != "xno" ; then
3837 AC_DEFINE(IPADDR_IN_DISPLAY)
3838 DISPLAY_HACK_MSG="yes"
3844 # check for /etc/default/login and use it if present.
3845 AC_ARG_ENABLE(etc-default-login,
3846 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3847 [ if test "x$enableval" = "xno"; then
3848 AC_MSG_NOTICE([/etc/default/login handling disabled])
3849 etc_default_login=no
3851 etc_default_login=yes
3853 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3855 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3856 etc_default_login=no
3858 etc_default_login=yes
3862 if test "x$etc_default_login" != "xno"; then
3863 AC_CHECK_FILE("/etc/default/login",
3864 [ external_path_file=/etc/default/login ])
3865 if test "x$external_path_file" = "x/etc/default/login"; then
3866 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3867 [Define if your system has /etc/default/login])
3871 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3872 if test $ac_cv_func_login_getcapbool = "yes" && \
3873 test $ac_cv_header_login_cap_h = "yes" ; then
3874 external_path_file=/etc/login.conf
3877 # Whether to mess with the default path
3878 SERVER_PATH_MSG="(default)"
3879 AC_ARG_WITH(default-path,
3880 [ --with-default-path= Specify default \$PATH environment for server],
3882 if test "x$external_path_file" = "x/etc/login.conf" ; then
3884 --with-default-path=PATH has no effect on this system.
3885 Edit /etc/login.conf instead.])
3886 elif test "x$withval" != "xno" ; then
3887 if test ! -z "$external_path_file" ; then
3889 --with-default-path=PATH will only be used if PATH is not defined in
3890 $external_path_file .])
3892 user_path="$withval"
3893 SERVER_PATH_MSG="$withval"
3896 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3897 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3899 if test ! -z "$external_path_file" ; then
3901 If PATH is defined in $external_path_file, ensure the path to scp is included,
3902 otherwise scp will not work.])
3906 /* find out what STDPATH is */
3911 #ifndef _PATH_STDPATH
3912 # ifdef _PATH_USERPATH /* Irix */
3913 # define _PATH_STDPATH _PATH_USERPATH
3915 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3918 #include <sys/types.h>
3919 #include <sys/stat.h>
3921 #define DATA "conftest.stdpath"
3928 fd = fopen(DATA,"w");
3932 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3938 [ user_path=`cat conftest.stdpath` ],
3939 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3940 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3944 if test "x$external_path_file" != "x/etc/login.conf" ; then
3945 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3949 # Set superuser path separately to user path
3950 AC_ARG_WITH(superuser-path,
3951 [ --with-superuser-path= Specify different path for super-user],
3953 if test -n "$withval" && test "x$withval" != "xno" && \
3954 test "x${withval}" != "xyes"; then
3955 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3956 [Define if you want a different $PATH
3958 superuser_path=$withval
3964 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3965 IPV4_IN6_HACK_MSG="no"
3967 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3969 if test "x$withval" != "xno" ; then
3971 AC_DEFINE(IPV4_IN_IPV6, 1,
3972 [Detect IPv4 in IPv6 mapped addresses
3974 IPV4_IN6_HACK_MSG="yes"
3979 if test "x$inet6_default_4in6" = "xyes"; then
3980 AC_MSG_RESULT([yes (default)])
3981 AC_DEFINE(IPV4_IN_IPV6)
3982 IPV4_IN6_HACK_MSG="yes"
3984 AC_MSG_RESULT([no (default)])
3989 # Whether to enable BSD auth support
3991 AC_ARG_WITH(bsd-auth,
3992 [ --with-bsd-auth Enable BSD auth support],
3994 if test "x$withval" != "xno" ; then
3995 AC_DEFINE(BSD_AUTH, 1,
3996 [Define if you have BSD auth support])
4002 # Where to place sshd.pid
4004 # make sure the directory exists
4005 if test ! -d $piddir ; then
4006 piddir=`eval echo ${sysconfdir}`
4008 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
4012 AC_ARG_WITH(pid-dir,
4013 [ --with-pid-dir=PATH Specify location of ssh.pid file],
4015 if test -n "$withval" && test "x$withval" != "xno" && \
4016 test "x${withval}" != "xyes"; then
4018 if test ! -d $piddir ; then
4019 AC_MSG_WARN([** no $piddir directory on this system **])
4025 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
4028 dnl allow user to disable some login recording features
4029 AC_ARG_ENABLE(lastlog,
4030 [ --disable-lastlog disable use of lastlog even if detected [no]],
4032 if test "x$enableval" = "xno" ; then
4033 AC_DEFINE(DISABLE_LASTLOG)
4038 [ --disable-utmp disable use of utmp even if detected [no]],
4040 if test "x$enableval" = "xno" ; then
4041 AC_DEFINE(DISABLE_UTMP)
4045 AC_ARG_ENABLE(utmpx,
4046 [ --disable-utmpx disable use of utmpx even if detected [no]],
4048 if test "x$enableval" = "xno" ; then
4049 AC_DEFINE(DISABLE_UTMPX, 1,
4050 [Define if you don't want to use utmpx])
4055 [ --disable-wtmp disable use of wtmp even if detected [no]],
4057 if test "x$enableval" = "xno" ; then
4058 AC_DEFINE(DISABLE_WTMP)
4062 AC_ARG_ENABLE(wtmpx,
4063 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
4065 if test "x$enableval" = "xno" ; then
4066 AC_DEFINE(DISABLE_WTMPX, 1,
4067 [Define if you don't want to use wtmpx])
4071 AC_ARG_ENABLE(libutil,
4072 [ --disable-libutil disable use of libutil (login() etc.) [no]],
4074 if test "x$enableval" = "xno" ; then
4075 AC_DEFINE(DISABLE_LOGIN)
4079 AC_ARG_ENABLE(pututline,
4080 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
4082 if test "x$enableval" = "xno" ; then
4083 AC_DEFINE(DISABLE_PUTUTLINE, 1,
4084 [Define if you don't want to use pututline()
4085 etc. to write [uw]tmp])
4089 AC_ARG_ENABLE(pututxline,
4090 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
4092 if test "x$enableval" = "xno" ; then
4093 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
4094 [Define if you don't want to use pututxline()
4095 etc. to write [uw]tmpx])
4099 AC_ARG_WITH(lastlog,
4100 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
4102 if test "x$withval" = "xno" ; then
4103 AC_DEFINE(DISABLE_LASTLOG)
4104 elif test -n "$withval" && test "x${withval}" != "xyes"; then
4105 conf_lastlog_location=$withval
4110 dnl lastlog, [uw]tmpx? detection
4111 dnl NOTE: set the paths in the platform section to avoid the
4112 dnl need for command-line parameters
4113 dnl lastlog and [uw]tmp are subject to a file search if all else fails
4115 dnl lastlog detection
4116 dnl NOTE: the code itself will detect if lastlog is a directory
4117 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
4119 #include <sys/types.h>
4121 #ifdef HAVE_LASTLOG_H
4122 # include <lastlog.h>
4131 [ char *lastlog = LASTLOG_FILE; ],
4132 [ AC_MSG_RESULT(yes) ],
4135 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4137 #include <sys/types.h>
4139 #ifdef HAVE_LASTLOG_H
4140 # include <lastlog.h>
4146 [ char *lastlog = _PATH_LASTLOG; ],
4147 [ AC_MSG_RESULT(yes) ],
4150 system_lastlog_path=no
4155 if test -z "$conf_lastlog_location"; then
4156 if test x"$system_lastlog_path" = x"no" ; then
4157 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4158 if (test -d "$f" || test -f "$f") ; then
4159 conf_lastlog_location=$f
4162 if test -z "$conf_lastlog_location"; then
4163 AC_MSG_WARN([** Cannot find lastlog **])
4164 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4169 if test -n "$conf_lastlog_location"; then
4170 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4171 [Define if you want to specify the path to your lastlog file])
4175 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4177 #include <sys/types.h>
4183 [ char *utmp = UTMP_FILE; ],
4184 [ AC_MSG_RESULT(yes) ],
4186 system_utmp_path=no ]
4188 if test -z "$conf_utmp_location"; then
4189 if test x"$system_utmp_path" = x"no" ; then
4190 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4191 if test -f $f ; then
4192 conf_utmp_location=$f
4195 if test -z "$conf_utmp_location"; then
4196 AC_DEFINE(DISABLE_UTMP)
4200 if test -n "$conf_utmp_location"; then
4201 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4202 [Define if you want to specify the path to your utmp file])
4206 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4208 #include <sys/types.h>
4214 [ char *wtmp = WTMP_FILE; ],
4215 [ AC_MSG_RESULT(yes) ],
4217 system_wtmp_path=no ]
4219 if test -z "$conf_wtmp_location"; then
4220 if test x"$system_wtmp_path" = x"no" ; then
4221 for f in /usr/adm/wtmp /var/log/wtmp; do
4222 if test -f $f ; then
4223 conf_wtmp_location=$f
4226 if test -z "$conf_wtmp_location"; then
4227 AC_DEFINE(DISABLE_WTMP)
4231 if test -n "$conf_wtmp_location"; then
4232 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4233 [Define if you want to specify the path to your wtmp file])
4237 dnl utmpx detection - I don't know any system so perverse as to require
4238 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4240 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4242 #include <sys/types.h>
4251 [ char *utmpx = UTMPX_FILE; ],
4252 [ AC_MSG_RESULT(yes) ],
4254 system_utmpx_path=no ]
4256 if test -z "$conf_utmpx_location"; then
4257 if test x"$system_utmpx_path" = x"no" ; then
4258 AC_DEFINE(DISABLE_UTMPX)
4261 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4262 [Define if you want to specify the path to your utmpx file])
4266 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4268 #include <sys/types.h>
4277 [ char *wtmpx = WTMPX_FILE; ],
4278 [ AC_MSG_RESULT(yes) ],
4280 system_wtmpx_path=no ]
4282 if test -z "$conf_wtmpx_location"; then
4283 if test x"$system_wtmpx_path" = x"no" ; then
4284 AC_DEFINE(DISABLE_WTMPX)
4287 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4288 [Define if you want to specify the path to your wtmpx file])
4292 if test ! -z "$blibpath" ; then
4293 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4294 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4297 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4299 CFLAGS="$CFLAGS $werror_flags"
4302 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4303 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4304 scard/Makefile ssh_prng_cmds survey.sh])
4307 # Print summary of options
4309 # Someone please show me a better way :)
4310 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4311 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4312 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4313 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4314 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4315 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4316 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4317 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4318 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4321 echo "OpenSSH has been configured with the following options:"
4322 echo " User binaries: $B"
4323 echo " System binaries: $C"
4324 echo " Configuration files: $D"
4325 echo " Askpass program: $E"
4326 echo " Manual pages: $F"
4327 echo " Privilege separation chroot path: $H"
4328 if test "x$external_path_file" = "x/etc/login.conf" ; then
4329 echo " At runtime, sshd will use the path defined in $external_path_file"
4330 echo " Make sure the path to scp is present, otherwise scp will not work"
4332 echo " sshd default user PATH: $I"
4333 if test ! -z "$external_path_file"; then
4334 echo " (If PATH is set in $external_path_file it will be used instead. If"
4335 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4338 if test ! -z "$superuser_path" ; then
4339 echo " sshd superuser user PATH: $J"
4341 echo " Manpage format: $MANTYPE"
4342 echo " PAM support: $PAM_MSG"
4343 echo " OSF SIA support: $SIA_MSG"
4344 echo " KerberosV support: $KRB5_MSG"
4345 echo " SELinux support: $SELINUX_MSG"
4346 echo " Smartcard support: $SCARD_MSG"
4347 echo " S/KEY support: $SKEY_MSG"
4348 echo " TCP Wrappers support: $TCPW_MSG"
4349 echo " MD5 password support: $MD5_MSG"
4350 echo " libedit support: $LIBEDIT_MSG"
4351 echo " Solaris process contract support: $SPC_MSG"
4352 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4353 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4354 echo " BSD Auth support: $BSD_AUTH_MSG"
4355 echo " Random number source: $RAND_MSG"
4356 if test ! -z "$USE_RAND_HELPER" ; then
4357 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4362 echo " Host: ${host}"
4363 echo " Compiler: ${CC}"
4364 echo " Compiler flags: ${CFLAGS}"
4365 echo "Preprocessor flags: ${CPPFLAGS}"
4366 echo " Linker flags: ${LDFLAGS}"
4367 echo " Libraries: ${LIBS}"
4368 if test ! -z "${SSHDLIBS}"; then
4369 echo " +for sshd: ${SSHDLIBS}"
4374 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4375 echo "SVR4 style packages are supported with \"make package\""
4379 if test "x$PAM_MSG" = "xyes" ; then
4380 echo "PAM is enabled. You may need to install a PAM control file "
4381 echo "for sshd, otherwise password authentication may fail. "
4382 echo "Example PAM control files can be found in the contrib/ "
4387 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4388 echo "WARNING: you are using the builtin random number collection "
4389 echo "service. Please read WARNING.RNG and request that your OS "
4390 echo "vendor includes kernel-based random number collection in "
4391 echo "future versions of your OS."
4395 if test ! -z "$NO_PEERCHECK" ; then
4396 echo "WARNING: the operating system that you are using does not"
4397 echo "appear to support getpeereid(), getpeerucred() or the"
4398 echo "SO_PEERCRED getsockopt() option. These facilities are used to"
4399 echo "enforce security checks to prevent unauthorised connections to"
4400 echo "ssh-agent. Their absence increases the risk that a malicious"
4401 echo "user can connect to your agent."
4405 if test "$AUDIT_MODULE" = "bsm" ; then
4406 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4407 echo "See the Solaris section in README.platform for details."