3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Messages for features tested for in target-specific section
134 # Check for some target-specific stuff
137 # Some versions of VAC won't allow macro redefinitions at
138 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
139 # particularly with older versions of vac or xlc.
140 # It also throws errors about null macro argments, but these are
142 AC_MSG_CHECKING(if compiler allows macro redefinitions)
145 #define testmacro foo
146 #define testmacro bar
147 int main(void) { exit(0); }
149 [ AC_MSG_RESULT(yes) ],
151 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
152 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
153 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
154 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
158 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
159 if (test -z "$blibpath"); then
160 blibpath="/usr/lib:/lib"
162 saved_LDFLAGS="$LDFLAGS"
163 if test "$GCC" = "yes"; then
164 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
166 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
168 for tryflags in $flags ;do
169 if (test -z "$blibflags"); then
170 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
171 AC_TRY_LINK([], [], [blibflags=$tryflags])
174 if (test -z "$blibflags"); then
175 AC_MSG_RESULT(not found)
176 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
178 AC_MSG_RESULT($blibflags)
180 LDFLAGS="$saved_LDFLAGS"
181 dnl Check for authenticate. Might be in libs.a on older AIXes
182 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
183 [Define if you want to enable AIX4's authenticate function])],
184 [AC_CHECK_LIB(s,authenticate,
185 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
189 dnl Check for various auth function declarations in headers.
190 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
191 passwdexpired, setauthdb], , , [#include <usersec.h>])
192 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
193 AC_CHECK_DECLS(loginfailed,
194 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
196 [#include <usersec.h>],
197 [(void)loginfailed("user","host","tty",0);],
199 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
200 [Define if your AIX loginfailed() function
201 takes 4 arguments (AIX >= 5.2)])],
205 [#include <usersec.h>]
207 AC_CHECK_FUNCS(setauthdb)
208 AC_CHECK_DECL(F_CLOSEM,
209 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
211 [ #include <limits.h>
214 check_for_aix_broken_getaddrinfo=1
215 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
216 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
217 [Define if your platform breaks doing a seteuid before a setuid])
218 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
219 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
220 dnl AIX handles lastlog as part of its login message
221 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
222 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
223 [Some systems need a utmpx entry for /bin/login to work])
224 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
225 [Define to a Set Process Title type if your system is
226 supported by bsd-setproctitle.c])
227 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
228 [AIX 5.2 and 5.3 (and presumably newer) require this])
229 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
232 check_for_libcrypt_later=1
233 LIBS="$LIBS /usr/lib/textmode.o"
234 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
235 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
236 AC_DEFINE(DISABLE_SHADOW, 1,
237 [Define if you want to disable shadow passwords])
238 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
239 [Define if your system choked on IP TOS setting])
240 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
241 [Define if X11 doesn't support AF_UNIX sockets on that system])
242 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
243 [Define if the concept of ports only accessible to
244 superusers isn't known])
245 AC_DEFINE(DISABLE_FD_PASSING, 1,
246 [Define if your platform needs to skip post auth
247 file descriptor passing])
250 AC_DEFINE(IP_TOS_IS_BROKEN)
251 AC_DEFINE(SETEUID_BREAKS_SETUID)
252 AC_DEFINE(BROKEN_SETREUID)
253 AC_DEFINE(BROKEN_SETREGID)
256 AC_MSG_CHECKING(if we have working getaddrinfo)
257 AC_TRY_RUN([#include <mach-o/dyld.h>
258 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
262 }], [AC_MSG_RESULT(working)],
263 [AC_MSG_RESULT(buggy)
264 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
265 [AC_MSG_RESULT(assume it is working)])
266 AC_DEFINE(SETEUID_BREAKS_SETUID)
267 AC_DEFINE(BROKEN_SETREUID)
268 AC_DEFINE(BROKEN_SETREGID)
269 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
270 [Define if your resolver libs need this for getrrsetbyname])
271 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
272 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
273 [Use tunnel device compatibility to OpenBSD])
274 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
275 [Prepend the address family to IP tunnel traffic])
276 AC_MSG_CHECKING(if we have the Security Authorization Session API)
277 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
278 [SessionCreate(0, 0);],
279 [ac_cv_use_security_session_api="yes"
280 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
281 [platform has the Security Authorization Session API])
282 LIBS="$LIBS -framework Security"
284 [ac_cv_use_security_session_api="no"
286 AC_MSG_CHECKING(if we have an in-memory credentials cache)
288 [#include <Kerberos/Kerberos.h>],
290 (void) cc_initialize (&c, 0, NULL, NULL);],
291 [AC_DEFINE(USE_CCAPI, 1,
292 [platform uses an in-memory credentials cache])
293 LIBS="$LIBS -framework Security"
295 if test "x$ac_cv_use_security_session_api" = "xno"; then
296 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
302 SSHDLIBS="$SSHDLIBS -lcrypt"
305 # first we define all of the options common to all HP-UX releases
306 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
307 IPADDR_IN_DISPLAY=yes
309 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
310 [Define if your login program cannot handle end of options ("--")])
311 AC_DEFINE(LOGIN_NEEDS_UTMPX)
312 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
313 [String used in /etc/passwd to denote locked account])
314 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
315 MAIL="/var/mail/username"
317 AC_CHECK_LIB(xnet, t_error, ,
318 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
320 # next, we define all of the options specific to major releases
323 if test -z "$GCC"; then
328 AC_DEFINE(PAM_SUN_CODEBASE, 1,
329 [Define if you are using Solaris-derived PAM which
330 passes pam_messages to the conversation function
331 with an extra level of indirection])
332 AC_DEFINE(DISABLE_UTMP, 1,
333 [Define if you don't want to use utmp])
334 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
335 check_for_hpux_broken_getaddrinfo=1
336 check_for_conflicting_getspnam=1
340 # lastly, we define options specific to minor releases
343 AC_DEFINE(HAVE_SECUREWARE, 1,
344 [Define if you have SecureWare-based
345 protected password database])
346 disable_ptmx_check=yes
352 PATH="$PATH:/usr/etc"
353 AC_DEFINE(BROKEN_INET_NTOA, 1,
354 [Define if you system's inet_ntoa is busted
355 (e.g. Irix gcc issue)])
356 AC_DEFINE(SETEUID_BREAKS_SETUID)
357 AC_DEFINE(BROKEN_SETREUID)
358 AC_DEFINE(BROKEN_SETREGID)
359 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
360 [Define if you shouldn't strip 'tty' from your
362 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
365 PATH="$PATH:/usr/etc"
366 AC_DEFINE(WITH_IRIX_ARRAY, 1,
367 [Define if you have/want arrays
368 (cluster-wide session managment, not C arrays)])
369 AC_DEFINE(WITH_IRIX_PROJECT, 1,
370 [Define if you want IRIX project management])
371 AC_DEFINE(WITH_IRIX_AUDIT, 1,
372 [Define if you want IRIX audit trails])
373 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
374 [Define if you want IRIX kernel jobs])])
375 AC_DEFINE(BROKEN_INET_NTOA)
376 AC_DEFINE(SETEUID_BREAKS_SETUID)
377 AC_DEFINE(BROKEN_SETREUID)
378 AC_DEFINE(BROKEN_SETREGID)
379 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
380 AC_DEFINE(WITH_ABBREV_NO_TTY)
381 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
385 check_for_libcrypt_later=1
386 check_for_openpty_ctty_bug=1
387 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
388 AC_DEFINE(PAM_TTY_KLUDGE, 1,
389 [Work around problematic Linux PAM modules handling of PAM_TTY])
390 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
391 [String used in /etc/passwd to denote locked account])
392 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
393 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
394 [Define to whatever link() returns for "not supported"
395 if it doesn't return EOPNOTSUPP.])
396 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
398 inet6_default_4in6=yes
401 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
402 [Define if cmsg_type is not passed correctly])
405 # tun(4) forwarding compat code
406 AC_CHECK_HEADERS(linux/if_tun.h)
407 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
408 AC_DEFINE(SSH_TUN_LINUX, 1,
409 [Open tunnel devices the Linux tun/tap way])
410 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
411 [Use tunnel device compatibility to OpenBSD])
412 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
413 [Prepend the address family to IP tunnel traffic])
416 mips-sony-bsd|mips-sony-newsos4)
417 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
421 check_for_libcrypt_before=1
422 if test "x$withval" != "xno" ; then
425 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
426 AC_CHECK_HEADER([net/if_tap.h], ,
427 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
428 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
429 [Prepend the address family to IP tunnel traffic])
432 check_for_libcrypt_later=1
433 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
434 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
435 AC_CHECK_HEADER([net/if_tap.h], ,
436 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
439 AC_DEFINE(SETEUID_BREAKS_SETUID)
440 AC_DEFINE(BROKEN_SETREUID)
441 AC_DEFINE(BROKEN_SETREGID)
444 conf_lastlog_location="/usr/adm/lastlog"
445 conf_utmp_location=/etc/utmp
446 conf_wtmp_location=/usr/adm/wtmp
448 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
449 AC_DEFINE(BROKEN_REALPATH)
451 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
454 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
455 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
456 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
457 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
458 [syslog_r function is safe to use in in a signal handler])
461 if test "x$withval" != "xno" ; then
464 AC_DEFINE(PAM_SUN_CODEBASE)
465 AC_DEFINE(LOGIN_NEEDS_UTMPX)
466 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
467 [Some versions of /bin/login need the TERM supplied
469 AC_DEFINE(PAM_TTY_KLUDGE)
470 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
471 [Define if pam_chauthtok wants real uid set
472 to the unpriv'ed user])
473 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
474 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
475 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
476 [Define if sshd somehow reacquires a controlling TTY
478 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
479 in case the name is longer than 8 chars])
480 external_path_file=/etc/default/login
481 # hardwire lastlog location (can't detect it on some versions)
482 conf_lastlog_location="/var/adm/lastlog"
483 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
484 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
485 if test "$sol2ver" -ge 8; then
487 AC_DEFINE(DISABLE_UTMP)
488 AC_DEFINE(DISABLE_WTMP, 1,
489 [Define if you don't want to use wtmp])
493 AC_ARG_WITH(solaris-contracts,
494 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
496 AC_CHECK_LIB(contract, ct_tmpl_activate,
497 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
498 [Define if you have Solaris process contracts])
499 SSHDLIBS="$SSHDLIBS -lcontract"
506 CPPFLAGS="$CPPFLAGS -DSUNOS4"
507 AC_CHECK_FUNCS(getpwanam)
508 AC_DEFINE(PAM_SUN_CODEBASE)
509 conf_utmp_location=/etc/utmp
510 conf_wtmp_location=/var/adm/wtmp
511 conf_lastlog_location=/var/adm/lastlog
517 AC_DEFINE(SSHD_ACQUIRES_CTTY)
518 AC_DEFINE(SETEUID_BREAKS_SETUID)
519 AC_DEFINE(BROKEN_SETREUID)
520 AC_DEFINE(BROKEN_SETREGID)
523 # /usr/ucblib MUST NOT be searched on ReliantUNIX
524 AC_CHECK_LIB(dl, dlsym, ,)
525 # -lresolv needs to be at the end of LIBS or DNS lookups break
526 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
527 IPADDR_IN_DISPLAY=yes
529 AC_DEFINE(IP_TOS_IS_BROKEN)
530 AC_DEFINE(SETEUID_BREAKS_SETUID)
531 AC_DEFINE(BROKEN_SETREUID)
532 AC_DEFINE(BROKEN_SETREGID)
533 AC_DEFINE(SSHD_ACQUIRES_CTTY)
534 external_path_file=/etc/default/login
535 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
536 # Attention: always take care to bind libsocket and libnsl before libc,
537 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
539 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
542 AC_DEFINE(SETEUID_BREAKS_SETUID)
543 AC_DEFINE(BROKEN_SETREUID)
544 AC_DEFINE(BROKEN_SETREGID)
545 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
546 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
548 # UnixWare 7.x, OpenUNIX 8
550 check_for_libcrypt_later=1
551 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
553 AC_DEFINE(SETEUID_BREAKS_SETUID)
554 AC_DEFINE(BROKEN_SETREUID)
555 AC_DEFINE(BROKEN_SETREGID)
556 AC_DEFINE(PASSWD_NEEDS_USERNAME)
558 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
559 TEST_SHELL=/u95/bin/sh
560 AC_DEFINE(BROKEN_LIBIAF, 1,
561 [ia_uinfo routines not supported by OS yet])
562 AC_DEFINE(BROKEN_UPDWTMPX)
564 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
570 # SCO UNIX and OEM versions of SCO UNIX
572 AC_MSG_ERROR("This Platform is no longer supported.")
576 if test -z "$GCC"; then
577 CFLAGS="$CFLAGS -belf"
579 LIBS="$LIBS -lprot -lx -ltinfo -lm"
582 AC_DEFINE(HAVE_SECUREWARE)
583 AC_DEFINE(DISABLE_SHADOW)
584 AC_DEFINE(DISABLE_FD_PASSING)
585 AC_DEFINE(SETEUID_BREAKS_SETUID)
586 AC_DEFINE(BROKEN_SETREUID)
587 AC_DEFINE(BROKEN_SETREGID)
588 AC_DEFINE(WITH_ABBREV_NO_TTY)
589 AC_DEFINE(BROKEN_UPDWTMPX)
590 AC_DEFINE(PASSWD_NEEDS_USERNAME)
591 AC_CHECK_FUNCS(getluid setluid)
596 AC_DEFINE(NO_SSH_LASTLOG, 1,
597 [Define if you don't want to use lastlog in session.c])
598 AC_DEFINE(SETEUID_BREAKS_SETUID)
599 AC_DEFINE(BROKEN_SETREUID)
600 AC_DEFINE(BROKEN_SETREGID)
602 AC_DEFINE(DISABLE_FD_PASSING)
604 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
608 AC_DEFINE(SETEUID_BREAKS_SETUID)
609 AC_DEFINE(BROKEN_SETREUID)
610 AC_DEFINE(BROKEN_SETREGID)
611 AC_DEFINE(WITH_ABBREV_NO_TTY)
613 AC_DEFINE(DISABLE_FD_PASSING)
615 LIBS="$LIBS -lgen -lacid -ldb"
619 AC_DEFINE(SETEUID_BREAKS_SETUID)
620 AC_DEFINE(BROKEN_SETREUID)
621 AC_DEFINE(BROKEN_SETREGID)
623 AC_DEFINE(DISABLE_FD_PASSING)
624 AC_DEFINE(NO_SSH_LASTLOG)
625 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
626 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
630 AC_MSG_CHECKING(for Digital Unix SIA)
633 [ --with-osfsia Enable Digital Unix SIA],
635 if test "x$withval" = "xno" ; then
636 AC_MSG_RESULT(disabled)
641 if test -z "$no_osfsia" ; then
642 if test -f /etc/sia/matrix.conf; then
644 AC_DEFINE(HAVE_OSF_SIA, 1,
645 [Define if you have Digital Unix Security
646 Integration Architecture])
647 AC_DEFINE(DISABLE_LOGIN, 1,
648 [Define if you don't want to use your
649 system's login() call])
650 AC_DEFINE(DISABLE_FD_PASSING)
651 LIBS="$LIBS -lsecurity -ldb -lm -laud"
655 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
656 [String used in /etc/passwd to denote locked account])
659 AC_DEFINE(BROKEN_GETADDRINFO)
660 AC_DEFINE(SETEUID_BREAKS_SETUID)
661 AC_DEFINE(BROKEN_SETREUID)
662 AC_DEFINE(BROKEN_SETREGID)
667 AC_DEFINE(NO_X11_UNIX_SOCKETS)
668 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
669 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
670 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
671 AC_DEFINE(DISABLE_LASTLOG)
672 AC_DEFINE(SSHD_ACQUIRES_CTTY)
673 enable_etc_default_login=no # has incompatible /etc/default/login
677 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
678 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
679 AC_DEFINE(NEED_SETPGRP)
680 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
684 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
685 AC_DEFINE(MISSING_HOWMANY)
686 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
690 # Allow user to specify flags
692 [ --with-cflags Specify additional flags to pass to compiler],
694 if test -n "$withval" && test "x$withval" != "xno" && \
695 test "x${withval}" != "xyes"; then
696 CFLAGS="$CFLAGS $withval"
700 AC_ARG_WITH(cppflags,
701 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
703 if test -n "$withval" && test "x$withval" != "xno" && \
704 test "x${withval}" != "xyes"; then
705 CPPFLAGS="$CPPFLAGS $withval"
710 [ --with-ldflags Specify additional flags to pass to linker],
712 if test -n "$withval" && test "x$withval" != "xno" && \
713 test "x${withval}" != "xyes"; then
714 LDFLAGS="$LDFLAGS $withval"
719 [ --with-libs Specify additional libraries to link with],
721 if test -n "$withval" && test "x$withval" != "xno" && \
722 test "x${withval}" != "xyes"; then
723 LIBS="$LIBS $withval"
728 [ --with-Werror Build main code with -Werror],
730 if test -n "$withval" && test "x$withval" != "xno"; then
731 werror_flags="-Werror"
732 if test "x${withval}" != "xyes"; then
733 werror_flags="$withval"
739 AC_MSG_CHECKING(compiler and flags for sanity)
745 [ AC_MSG_RESULT(yes) ],
748 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
750 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
753 dnl Checks for header files.
779 security/pam_appl.h \
816 # lastlog.h requires sys/time.h to be included first on Solaris
817 AC_CHECK_HEADERS(lastlog.h, [], [], [
818 #ifdef HAVE_SYS_TIME_H
819 # include <sys/time.h>
823 # sys/ptms.h requires sys/stream.h to be included first on Solaris
824 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
825 #ifdef HAVE_SYS_STREAM_H
826 # include <sys/stream.h>
830 # login_cap.h requires sys/types.h on NetBSD
831 AC_CHECK_HEADERS(login_cap.h, [], [], [
832 #include <sys/types.h>
835 # Checks for libraries.
836 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
837 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
839 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
840 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
841 AC_CHECK_LIB(gen, dirname,[
842 AC_CACHE_CHECK([for broken dirname],
843 ac_cv_have_broken_dirname, [
851 int main(int argc, char **argv) {
854 strncpy(buf,"/etc", 32);
856 if (!s || strncmp(s, "/", 32) != 0) {
863 [ ac_cv_have_broken_dirname="no" ],
864 [ ac_cv_have_broken_dirname="yes" ],
865 [ ac_cv_have_broken_dirname="no" ],
869 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
871 AC_DEFINE(HAVE_DIRNAME)
872 AC_CHECK_HEADERS(libgen.h)
877 AC_CHECK_FUNC(getspnam, ,
878 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
879 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
880 [Define if you have the basename function.]))
884 [ --with-zlib=PATH Use zlib in PATH],
885 [ if test "x$withval" = "xno" ; then
886 AC_MSG_ERROR([*** zlib is required ***])
887 elif test "x$withval" != "xyes"; then
888 if test -d "$withval/lib"; then
889 if test -n "${need_dash_r}"; then
890 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
892 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
895 if test -n "${need_dash_r}"; then
896 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
898 LDFLAGS="-L${withval} ${LDFLAGS}"
901 if test -d "$withval/include"; then
902 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
904 CPPFLAGS="-I${withval} ${CPPFLAGS}"
909 AC_CHECK_LIB(z, deflate, ,
911 saved_CPPFLAGS="$CPPFLAGS"
912 saved_LDFLAGS="$LDFLAGS"
914 dnl Check default zlib install dir
915 if test -n "${need_dash_r}"; then
916 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
918 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
920 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
922 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
924 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
929 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
931 AC_ARG_WITH(zlib-version-check,
932 [ --without-zlib-version-check Disable zlib version check],
933 [ if test "x$withval" = "xno" ; then
934 zlib_check_nonfatal=1
939 AC_MSG_CHECKING(for possibly buggy zlib)
940 AC_RUN_IFELSE([AC_LANG_SOURCE([[
945 int a=0, b=0, c=0, d=0, n, v;
946 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
947 if (n != 3 && n != 4)
949 v = a*1000000 + b*10000 + c*100 + d;
950 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
953 if (a == 1 && b == 1 && c >= 4)
956 /* 1.2.3 and up are OK */
965 if test -z "$zlib_check_nonfatal" ; then
966 AC_MSG_ERROR([*** zlib too old - check config.log ***
967 Your reported zlib version has known security problems. It's possible your
968 vendor has fixed these problems without changing the version number. If you
969 are sure this is the case, you can disable the check by running
970 "./configure --without-zlib-version-check".
971 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
972 See http://www.gzip.org/zlib/ for details.])
974 AC_MSG_WARN([zlib version may have security problems])
977 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
981 AC_CHECK_FUNC(strcasecmp,
982 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
984 AC_CHECK_FUNCS(utimes,
985 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
986 LIBS="$LIBS -lc89"]) ]
989 dnl Checks for libutil functions
990 AC_CHECK_HEADERS(libutil.h)
991 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
992 [Define if your libraries define login()])])
993 AC_CHECK_FUNCS(logout updwtmp logwtmp)
997 # Check for ALTDIRFUNC glob() extension
998 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
999 AC_EGREP_CPP(FOUNDIT,
1002 #ifdef GLOB_ALTDIRFUNC
1007 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
1008 [Define if your system glob() function has
1009 the GLOB_ALTDIRFUNC extension])
1017 # Check for g.gl_matchc glob() extension
1018 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1020 [ #include <glob.h> ],
1021 [glob_t g; g.gl_matchc = 1;],
1023 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1024 [Define if your system glob() function has
1025 gl_matchc options in glob_t])
1033 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1035 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1038 #include <sys/types.h>
1040 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1042 [AC_MSG_RESULT(yes)],
1045 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1046 [Define if your struct dirent expects you to
1047 allocate extra space for d_name])
1050 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1051 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1055 AC_MSG_CHECKING([for /proc/pid/fd directory])
1056 if test -d "/proc/$$/fd" ; then
1057 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1063 # Check whether user wants S/Key support
1066 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1068 if test "x$withval" != "xno" ; then
1070 if test "x$withval" != "xyes" ; then
1071 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1072 LDFLAGS="$LDFLAGS -L${withval}/lib"
1075 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1079 AC_MSG_CHECKING([for s/key support])
1084 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1086 [AC_MSG_RESULT(yes)],
1089 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1091 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1095 [(void)skeychallenge(NULL,"name","",0);],
1097 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1098 [Define if your skeychallenge()
1099 function takes 4 arguments (NetBSD)])],
1106 # Check whether user wants TCP wrappers support
1108 AC_ARG_WITH(tcp-wrappers,
1109 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1111 if test "x$withval" != "xno" ; then
1113 saved_LDFLAGS="$LDFLAGS"
1114 saved_CPPFLAGS="$CPPFLAGS"
1115 if test -n "${withval}" && \
1116 test "x${withval}" != "xyes"; then
1117 if test -d "${withval}/lib"; then
1118 if test -n "${need_dash_r}"; then
1119 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1121 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1124 if test -n "${need_dash_r}"; then
1125 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1127 LDFLAGS="-L${withval} ${LDFLAGS}"
1130 if test -d "${withval}/include"; then
1131 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1133 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1137 LIBS="$LIBWRAP $LIBS"
1138 AC_MSG_CHECKING(for libwrap)
1141 #include <sys/types.h>
1142 #include <sys/socket.h>
1143 #include <netinet/in.h>
1145 int deny_severity = 0, allow_severity = 0;
1150 AC_DEFINE(LIBWRAP, 1,
1152 TCP Wrappers support])
1157 AC_MSG_ERROR([*** libwrap missing])
1165 # Check whether user wants libedit support
1167 AC_ARG_WITH(libedit,
1168 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1169 [ if test "x$withval" != "xno" ; then
1170 if test "x$withval" != "xyes"; then
1171 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1172 if test -n "${need_dash_r}"; then
1173 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1175 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1178 AC_CHECK_LIB(edit, el_init,
1179 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1180 LIBEDIT="-ledit -lcurses"
1184 [ AC_MSG_ERROR(libedit not found) ],
1187 AC_MSG_CHECKING(if libedit version is compatible)
1190 #include <histedit.h>
1194 el_init("", NULL, NULL, NULL);
1198 [ AC_MSG_RESULT(yes) ],
1200 AC_MSG_ERROR(libedit version is not compatible) ]
1207 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1209 AC_MSG_CHECKING(for supported audit module)
1214 dnl Checks for headers, libs and functions
1215 AC_CHECK_HEADERS(bsm/audit.h, [],
1216 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1223 AC_CHECK_LIB(bsm, getaudit, [],
1224 [AC_MSG_ERROR(BSM enabled and required library not found)])
1225 AC_CHECK_FUNCS(getaudit, [],
1226 [AC_MSG_ERROR(BSM enabled and required function not found)])
1227 # These are optional
1228 AC_CHECK_FUNCS(getaudit_addr)
1229 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1233 AC_MSG_RESULT(debug)
1234 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1240 AC_MSG_ERROR([Unknown audit module $withval])
1245 dnl Checks for library functions. Please keep in alphabetical order
1330 # IRIX has a const char return value for gai_strerror()
1331 AC_CHECK_FUNCS(gai_strerror,[
1332 AC_DEFINE(HAVE_GAI_STRERROR)
1334 #include <sys/types.h>
1335 #include <sys/socket.h>
1338 const char *gai_strerror(int);],[
1341 str = gai_strerror(0);],[
1342 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1343 [Define if gai_strerror() returns const char *])])])
1345 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1346 [Some systems put nanosleep outside of libc]))
1348 dnl Make sure prototypes are defined for these before using them.
1349 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1350 AC_CHECK_DECL(strsep,
1351 [AC_CHECK_FUNCS(strsep)],
1354 #ifdef HAVE_STRING_H
1355 # include <string.h>
1359 dnl tcsendbreak might be a macro
1360 AC_CHECK_DECL(tcsendbreak,
1361 [AC_DEFINE(HAVE_TCSENDBREAK)],
1362 [AC_CHECK_FUNCS(tcsendbreak)],
1363 [#include <termios.h>]
1366 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1368 AC_CHECK_DECLS(SHUT_RD, , ,
1370 #include <sys/types.h>
1371 #include <sys/socket.h>
1374 AC_CHECK_DECLS(O_NONBLOCK, , ,
1376 #include <sys/types.h>
1377 #ifdef HAVE_SYS_STAT_H
1378 # include <sys/stat.h>
1385 AC_CHECK_DECLS(writev, , , [
1386 #include <sys/types.h>
1387 #include <sys/uio.h>
1391 AC_CHECK_FUNCS(setresuid, [
1392 dnl Some platorms have setresuid that isn't implemented, test for this
1393 AC_MSG_CHECKING(if setresuid seems to work)
1398 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1400 [AC_MSG_RESULT(yes)],
1401 [AC_DEFINE(BROKEN_SETRESUID, 1,
1402 [Define if your setresuid() is broken])
1403 AC_MSG_RESULT(not implemented)],
1404 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1408 AC_CHECK_FUNCS(setresgid, [
1409 dnl Some platorms have setresgid that isn't implemented, test for this
1410 AC_MSG_CHECKING(if setresgid seems to work)
1415 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1417 [AC_MSG_RESULT(yes)],
1418 [AC_DEFINE(BROKEN_SETRESGID, 1,
1419 [Define if your setresgid() is broken])
1420 AC_MSG_RESULT(not implemented)],
1421 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1425 dnl Checks for time functions
1426 AC_CHECK_FUNCS(gettimeofday time)
1427 dnl Checks for utmp functions
1428 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1429 AC_CHECK_FUNCS(utmpname)
1430 dnl Checks for utmpx functions
1431 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1432 AC_CHECK_FUNCS(setutxent utmpxname)
1434 AC_CHECK_FUNC(daemon,
1435 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1436 [AC_CHECK_LIB(bsd, daemon,
1437 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1440 AC_CHECK_FUNC(getpagesize,
1441 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1442 [Define if your libraries define getpagesize()])],
1443 [AC_CHECK_LIB(ucb, getpagesize,
1444 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1447 # Check for broken snprintf
1448 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1449 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1453 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1455 [AC_MSG_RESULT(yes)],
1458 AC_DEFINE(BROKEN_SNPRINTF, 1,
1459 [Define if your snprintf is busted])
1460 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1462 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1466 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1467 # returning the right thing on overflow: the number of characters it tried to
1468 # create (as per SUSv3)
1469 if test "x$ac_cv_func_asprintf" != "xyes" && \
1470 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1471 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1474 #include <sys/types.h>
1478 int x_snprintf(char *str,size_t count,const char *fmt,...)
1480 size_t ret; va_list ap;
1481 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1487 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1489 [AC_MSG_RESULT(yes)],
1492 AC_DEFINE(BROKEN_SNPRINTF, 1,
1493 [Define if your snprintf is busted])
1494 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1496 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1500 # On systems where [v]snprintf is broken, but is declared in stdio,
1501 # check that the fmt argument is const char * or just char *.
1502 # This is only useful for when BROKEN_SNPRINTF
1503 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1504 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1505 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1506 int main(void) { snprintf(0, 0, 0); }
1509 AC_DEFINE(SNPRINTF_CONST, [const],
1510 [Define as const if snprintf() can declare const char *fmt])],
1512 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1514 # Check for missing getpeereid (or equiv) support
1516 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1517 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1519 [#include <sys/types.h>
1520 #include <sys/socket.h>],
1521 [int i = SO_PEERCRED;],
1522 [ AC_MSG_RESULT(yes)
1523 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1530 dnl see whether mkstemp() requires XXXXXX
1531 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1532 AC_MSG_CHECKING([for (overly) strict mkstemp])
1536 main() { char template[]="conftest.mkstemp-test";
1537 if (mkstemp(template) == -1)
1539 unlink(template); exit(0);
1547 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1551 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1556 dnl make sure that openpty does not reacquire controlling terminal
1557 if test ! -z "$check_for_openpty_ctty_bug"; then
1558 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1562 #include <sys/fcntl.h>
1563 #include <sys/types.h>
1564 #include <sys/wait.h>
1570 int fd, ptyfd, ttyfd, status;
1573 if (pid < 0) { /* failed */
1575 } else if (pid > 0) { /* parent */
1576 waitpid(pid, &status, 0);
1577 if (WIFEXITED(status))
1578 exit(WEXITSTATUS(status));
1581 } else { /* child */
1582 close(0); close(1); close(2);
1584 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1585 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1587 exit(3); /* Acquired ctty: broken */
1589 exit(0); /* Did not acquire ctty: OK */
1598 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1601 AC_MSG_RESULT(cross-compiling, assuming yes)
1606 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1607 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1608 AC_MSG_CHECKING(if getaddrinfo seems to work)
1612 #include <sys/socket.h>
1615 #include <netinet/in.h>
1617 #define TEST_PORT "2222"
1623 struct addrinfo *gai_ai, *ai, hints;
1624 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1626 memset(&hints, 0, sizeof(hints));
1627 hints.ai_family = PF_UNSPEC;
1628 hints.ai_socktype = SOCK_STREAM;
1629 hints.ai_flags = AI_PASSIVE;
1631 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1633 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1637 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1638 if (ai->ai_family != AF_INET6)
1641 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1642 sizeof(ntop), strport, sizeof(strport),
1643 NI_NUMERICHOST|NI_NUMERICSERV);
1646 if (err == EAI_SYSTEM)
1647 perror("getnameinfo EAI_SYSTEM");
1649 fprintf(stderr, "getnameinfo failed: %s\n",
1654 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1657 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1670 AC_DEFINE(BROKEN_GETADDRINFO)
1673 AC_MSG_RESULT(cross-compiling, assuming yes)
1678 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1679 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1680 AC_MSG_CHECKING(if getaddrinfo seems to work)
1684 #include <sys/socket.h>
1687 #include <netinet/in.h>
1689 #define TEST_PORT "2222"
1695 struct addrinfo *gai_ai, *ai, hints;
1696 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1698 memset(&hints, 0, sizeof(hints));
1699 hints.ai_family = PF_UNSPEC;
1700 hints.ai_socktype = SOCK_STREAM;
1701 hints.ai_flags = AI_PASSIVE;
1703 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1705 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1709 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1710 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1713 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1714 sizeof(ntop), strport, sizeof(strport),
1715 NI_NUMERICHOST|NI_NUMERICSERV);
1717 if (ai->ai_family == AF_INET && err != 0) {
1718 perror("getnameinfo");
1727 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1728 [Define if you have a getaddrinfo that fails
1729 for the all-zeros IPv6 address])
1733 AC_DEFINE(BROKEN_GETADDRINFO)
1736 AC_MSG_RESULT(cross-compiling, assuming no)
1741 if test "x$check_for_conflicting_getspnam" = "x1"; then
1742 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1746 int main(void) {exit(0);}
1753 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1754 [Conflicting defs for getspnam])
1761 # Search for OpenSSL
1762 saved_CPPFLAGS="$CPPFLAGS"
1763 saved_LDFLAGS="$LDFLAGS"
1764 AC_ARG_WITH(ssl-dir,
1765 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1767 if test "x$withval" != "xno" ; then
1770 ./*|../*) withval="`pwd`/$withval"
1772 if test -d "$withval/lib"; then
1773 if test -n "${need_dash_r}"; then
1774 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1776 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1779 if test -n "${need_dash_r}"; then
1780 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1782 LDFLAGS="-L${withval} ${LDFLAGS}"
1785 if test -d "$withval/include"; then
1786 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1788 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1793 LIBS="-lcrypto $LIBS"
1794 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1795 [Define if your ssl headers are included
1796 with #include <openssl/header.h>]),
1798 dnl Check default openssl install dir
1799 if test -n "${need_dash_r}"; then
1800 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1802 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1804 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1805 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1807 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1813 # Determine OpenSSL header version
1814 AC_MSG_CHECKING([OpenSSL header version])
1819 #include <openssl/opensslv.h>
1820 #define DATA "conftest.sslincver"
1825 fd = fopen(DATA,"w");
1829 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
1836 ssl_header_ver=`cat conftest.sslincver`
1837 AC_MSG_RESULT($ssl_header_ver)
1840 AC_MSG_RESULT(not found)
1841 AC_MSG_ERROR(OpenSSL version header not found.)
1844 AC_MSG_WARN([cross compiling: not checking])
1848 # Determine OpenSSL library version
1849 AC_MSG_CHECKING([OpenSSL library version])
1854 #include <openssl/opensslv.h>
1855 #include <openssl/crypto.h>
1856 #define DATA "conftest.ssllibver"
1861 fd = fopen(DATA,"w");
1865 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
1872 ssl_library_ver=`cat conftest.ssllibver`
1873 AC_MSG_RESULT($ssl_library_ver)
1876 AC_MSG_RESULT(not found)
1877 AC_MSG_ERROR(OpenSSL library not found.)
1880 AC_MSG_WARN([cross compiling: not checking])
1884 # Sanity check OpenSSL headers
1885 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
1889 #include <openssl/opensslv.h>
1890 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
1897 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
1898 Check config.log for details.
1899 Also see contrib/findssl.sh for help identifying header/library mismatches.])
1902 AC_MSG_WARN([cross compiling: not checking])
1906 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
1909 #include <openssl/evp.h>
1910 int main(void) { SSLeay_add_all_algorithms(); }
1919 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
1922 #include <openssl/evp.h>
1923 int main(void) { SSLeay_add_all_algorithms(); }
1936 AC_ARG_WITH(ssl-engine,
1937 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
1938 [ if test "x$withval" != "xno" ; then
1939 AC_MSG_CHECKING(for OpenSSL ENGINE support)
1941 [ #include <openssl/engine.h>],
1943 int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
1945 [ AC_MSG_RESULT(yes)
1946 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
1947 [Enable OpenSSL engine support])
1949 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
1954 # Check for OpenSSL without EVP_aes_{192,256}_cbc
1955 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1959 #include <openssl/evp.h>
1960 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1967 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1968 [libcrypto is missing AES 192 and 256 bit functions])
1972 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1973 # because the system crypt() is more featureful.
1974 if test "x$check_for_libcrypt_before" = "x1"; then
1975 AC_CHECK_LIB(crypt, crypt)
1978 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
1979 # version in OpenSSL.
1980 if test "x$check_for_libcrypt_later" = "x1"; then
1981 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1984 # Search for SHA256 support in libc and/or OpenSSL
1985 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
1987 AC_CHECK_LIB(iaf, ia_openinfo)
1989 ### Configure cryptographic random number support
1991 # Check wheter OpenSSL seeds itself
1992 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
1996 #include <openssl/rand.h>
1997 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2000 OPENSSL_SEEDS_ITSELF=yes
2005 # Default to use of the rand helper if OpenSSL doesn't
2010 AC_MSG_WARN([cross compiling: assuming yes])
2011 # This is safe, since all recent OpenSSL versions will
2012 # complain at runtime if not seeded correctly.
2013 OPENSSL_SEEDS_ITSELF=yes
2017 # Check for PAM libs
2020 [ --with-pam Enable PAM support ],
2022 if test "x$withval" != "xno" ; then
2023 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2024 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2025 AC_MSG_ERROR([PAM headers not found])
2029 AC_CHECK_LIB(dl, dlopen, , )
2030 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2031 AC_CHECK_FUNCS(pam_getenvlist)
2032 AC_CHECK_FUNCS(pam_putenv)
2038 AC_DEFINE(USE_PAM, 1,
2039 [Define if you want to enable PAM support])
2041 if test $ac_cv_lib_dl_dlopen = yes; then
2044 # libdl already in LIBS
2047 LIBPAM="$LIBPAM -ldl"
2056 # Check for older PAM
2057 if test "x$PAM_MSG" = "xyes" ; then
2058 # Check PAM strerror arguments (old PAM)
2059 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2063 #if defined(HAVE_SECURITY_PAM_APPL_H)
2064 #include <security/pam_appl.h>
2065 #elif defined (HAVE_PAM_PAM_APPL_H)
2066 #include <pam/pam_appl.h>
2069 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2070 [AC_MSG_RESULT(no)],
2072 AC_DEFINE(HAVE_OLD_PAM, 1,
2073 [Define if you have an old version of PAM
2074 which takes only one argument to pam_strerror])
2076 PAM_MSG="yes (old library)"
2081 # Do we want to force the use of the rand helper?
2082 AC_ARG_WITH(rand-helper,
2083 [ --with-rand-helper Use subprocess to gather strong randomness ],
2085 if test "x$withval" = "xno" ; then
2086 # Force use of OpenSSL's internal RNG, even if
2087 # the previous test showed it to be unseeded.
2088 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2089 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2090 OPENSSL_SEEDS_ITSELF=yes
2099 # Which randomness source do we use?
2100 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2102 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2103 [Define if you want OpenSSL's internally seeded PRNG only])
2104 RAND_MSG="OpenSSL internal ONLY"
2105 INSTALL_SSH_RAND_HELPER=""
2106 elif test ! -z "$USE_RAND_HELPER" ; then
2107 # install rand helper
2108 RAND_MSG="ssh-rand-helper"
2109 INSTALL_SSH_RAND_HELPER="yes"
2111 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2113 ### Configuration of ssh-rand-helper
2116 AC_ARG_WITH(prngd-port,
2117 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2126 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2129 if test ! -z "$withval" ; then
2130 PRNGD_PORT="$withval"
2131 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2132 [Port number of PRNGD/EGD random number socket])
2137 # PRNGD Unix domain socket
2138 AC_ARG_WITH(prngd-socket,
2139 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2143 withval="/var/run/egd-pool"
2151 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2155 if test ! -z "$withval" ; then
2156 if test ! -z "$PRNGD_PORT" ; then
2157 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2159 if test ! -r "$withval" ; then
2160 AC_MSG_WARN(Entropy socket is not readable)
2162 PRNGD_SOCKET="$withval"
2163 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2164 [Location of PRNGD/EGD random number socket])
2168 # Check for existing socket only if we don't have a random device already
2169 if test "$USE_RAND_HELPER" = yes ; then
2170 AC_MSG_CHECKING(for PRNGD/EGD socket)
2171 # Insert other locations here
2172 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2173 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2174 PRNGD_SOCKET="$sock"
2175 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2179 if test ! -z "$PRNGD_SOCKET" ; then
2180 AC_MSG_RESULT($PRNGD_SOCKET)
2182 AC_MSG_RESULT(not found)
2188 # Change default command timeout for hashing entropy source
2190 AC_ARG_WITH(entropy-timeout,
2191 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2193 if test -n "$withval" && test "x$withval" != "xno" && \
2194 test "x${withval}" != "xyes"; then
2195 entropy_timeout=$withval
2199 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2200 [Builtin PRNG command timeout])
2202 SSH_PRIVSEP_USER=sshd
2203 AC_ARG_WITH(privsep-user,
2204 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2206 if test -n "$withval" && test "x$withval" != "xno" && \
2207 test "x${withval}" != "xyes"; then
2208 SSH_PRIVSEP_USER=$withval
2212 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2213 [non-privileged user for privilege separation])
2214 AC_SUBST(SSH_PRIVSEP_USER)
2216 # We do this little dance with the search path to insure
2217 # that programs that we select for use by installed programs
2218 # (which may be run by the super-user) come from trusted
2219 # locations before they come from the user's private area.
2220 # This should help avoid accidentally configuring some
2221 # random version of a program in someone's personal bin.
2225 test -h /bin 2> /dev/null && PATH=/usr/bin
2226 test -d /sbin && PATH=$PATH:/sbin
2227 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2228 PATH=$PATH:/etc:$OPATH
2230 # These programs are used by the command hashing source to gather entropy
2231 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2232 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2233 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2234 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2235 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2236 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2237 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2238 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2239 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2240 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2241 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2242 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2243 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2244 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2245 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2246 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2250 # Where does ssh-rand-helper get its randomness from?
2251 INSTALL_SSH_PRNG_CMDS=""
2252 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2253 if test ! -z "$PRNGD_PORT" ; then
2254 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2255 elif test ! -z "$PRNGD_SOCKET" ; then
2256 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2258 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2259 RAND_HELPER_CMDHASH=yes
2260 INSTALL_SSH_PRNG_CMDS="yes"
2263 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2266 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2267 if test ! -z "$SONY" ; then
2268 LIBS="$LIBS -liberty";
2271 # Check for long long datatypes
2272 AC_CHECK_TYPES([long long, unsigned long long, long double])
2274 # Check datatype sizes
2275 AC_CHECK_SIZEOF(char, 1)
2276 AC_CHECK_SIZEOF(short int, 2)
2277 AC_CHECK_SIZEOF(int, 4)
2278 AC_CHECK_SIZEOF(long int, 4)
2279 AC_CHECK_SIZEOF(long long int, 8)
2281 # Sanity check long long for some platforms (AIX)
2282 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2283 ac_cv_sizeof_long_long_int=0
2286 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2287 if test -z "$have_llong_max"; then
2288 AC_MSG_CHECKING([for max value of long long])
2292 /* Why is this so damn hard? */
2296 #define __USE_ISOC99
2298 #define DATA "conftest.llminmax"
2299 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2302 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2303 * we do this the hard way.
2306 fprint_ll(FILE *f, long long n)
2309 int l[sizeof(long long) * 8];
2312 if (fprintf(f, "-") < 0)
2314 for (i = 0; n != 0; i++) {
2315 l[i] = my_abs(n % 10);
2319 if (fprintf(f, "%d", l[--i]) < 0)
2322 if (fprintf(f, " ") < 0)
2329 long long i, llmin, llmax = 0;
2331 if((f = fopen(DATA,"w")) == NULL)
2334 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2335 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2339 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2340 /* This will work on one's complement and two's complement */
2341 for (i = 1; i > llmax; i <<= 1, i++)
2343 llmin = llmax + 1LL; /* wrap */
2347 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2348 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2349 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2350 fprintf(f, "unknown unknown\n");
2354 if (fprint_ll(f, llmin) < 0)
2356 if (fprint_ll(f, llmax) < 0)
2364 llong_min=`$AWK '{print $1}' conftest.llminmax`
2365 llong_max=`$AWK '{print $2}' conftest.llminmax`
2367 AC_MSG_RESULT($llong_max)
2368 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2369 [max value of long long calculated by configure])
2370 AC_MSG_CHECKING([for min value of long long])
2371 AC_MSG_RESULT($llong_min)
2372 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2373 [min value of long long calculated by configure])
2376 AC_MSG_RESULT(not found)
2379 AC_MSG_WARN([cross compiling: not checking])
2385 # More checks for data types
2386 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2388 [ #include <sys/types.h> ],
2390 [ ac_cv_have_u_int="yes" ],
2391 [ ac_cv_have_u_int="no" ]
2394 if test "x$ac_cv_have_u_int" = "xyes" ; then
2395 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2399 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2401 [ #include <sys/types.h> ],
2402 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2403 [ ac_cv_have_intxx_t="yes" ],
2404 [ ac_cv_have_intxx_t="no" ]
2407 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2408 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2412 if (test -z "$have_intxx_t" && \
2413 test "x$ac_cv_header_stdint_h" = "xyes")
2415 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2417 [ #include <stdint.h> ],
2418 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2420 AC_DEFINE(HAVE_INTXX_T)
2423 [ AC_MSG_RESULT(no) ]
2427 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2430 #include <sys/types.h>
2431 #ifdef HAVE_STDINT_H
2432 # include <stdint.h>
2434 #include <sys/socket.h>
2435 #ifdef HAVE_SYS_BITYPES_H
2436 # include <sys/bitypes.h>
2439 [ int64_t a; a = 1;],
2440 [ ac_cv_have_int64_t="yes" ],
2441 [ ac_cv_have_int64_t="no" ]
2444 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2445 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2448 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2450 [ #include <sys/types.h> ],
2451 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2452 [ ac_cv_have_u_intxx_t="yes" ],
2453 [ ac_cv_have_u_intxx_t="no" ]
2456 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2457 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2461 if test -z "$have_u_intxx_t" ; then
2462 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2464 [ #include <sys/socket.h> ],
2465 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2467 AC_DEFINE(HAVE_U_INTXX_T)
2470 [ AC_MSG_RESULT(no) ]
2474 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2476 [ #include <sys/types.h> ],
2477 [ u_int64_t a; a = 1;],
2478 [ ac_cv_have_u_int64_t="yes" ],
2479 [ ac_cv_have_u_int64_t="no" ]
2482 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2483 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2487 if test -z "$have_u_int64_t" ; then
2488 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2490 [ #include <sys/bitypes.h> ],
2491 [ u_int64_t a; a = 1],
2493 AC_DEFINE(HAVE_U_INT64_T)
2496 [ AC_MSG_RESULT(no) ]
2500 if test -z "$have_u_intxx_t" ; then
2501 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2504 #include <sys/types.h>
2506 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2507 [ ac_cv_have_uintxx_t="yes" ],
2508 [ ac_cv_have_uintxx_t="no" ]
2511 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2512 AC_DEFINE(HAVE_UINTXX_T, 1,
2513 [define if you have uintxx_t data type])
2517 if test -z "$have_uintxx_t" ; then
2518 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2520 [ #include <stdint.h> ],
2521 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2523 AC_DEFINE(HAVE_UINTXX_T)
2526 [ AC_MSG_RESULT(no) ]
2530 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2531 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2533 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2536 #include <sys/bitypes.h>
2539 int8_t a; int16_t b; int32_t c;
2540 u_int8_t e; u_int16_t f; u_int32_t g;
2541 a = b = c = e = f = g = 1;
2544 AC_DEFINE(HAVE_U_INTXX_T)
2545 AC_DEFINE(HAVE_INTXX_T)
2553 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2556 #include <sys/types.h>
2558 [ u_char foo; foo = 125; ],
2559 [ ac_cv_have_u_char="yes" ],
2560 [ ac_cv_have_u_char="no" ]
2563 if test "x$ac_cv_have_u_char" = "xyes" ; then
2564 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2569 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2571 AC_CHECK_TYPES(in_addr_t,,,
2572 [#include <sys/types.h>
2573 #include <netinet/in.h>])
2575 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2578 #include <sys/types.h>
2580 [ size_t foo; foo = 1235; ],
2581 [ ac_cv_have_size_t="yes" ],
2582 [ ac_cv_have_size_t="no" ]
2585 if test "x$ac_cv_have_size_t" = "xyes" ; then
2586 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2589 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2592 #include <sys/types.h>
2594 [ ssize_t foo; foo = 1235; ],
2595 [ ac_cv_have_ssize_t="yes" ],
2596 [ ac_cv_have_ssize_t="no" ]
2599 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2600 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2603 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2608 [ clock_t foo; foo = 1235; ],
2609 [ ac_cv_have_clock_t="yes" ],
2610 [ ac_cv_have_clock_t="no" ]
2613 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2614 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2617 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2620 #include <sys/types.h>
2621 #include <sys/socket.h>
2623 [ sa_family_t foo; foo = 1235; ],
2624 [ ac_cv_have_sa_family_t="yes" ],
2627 #include <sys/types.h>
2628 #include <sys/socket.h>
2629 #include <netinet/in.h>
2631 [ sa_family_t foo; foo = 1235; ],
2632 [ ac_cv_have_sa_family_t="yes" ],
2634 [ ac_cv_have_sa_family_t="no" ]
2638 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2639 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2640 [define if you have sa_family_t data type])
2643 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2646 #include <sys/types.h>
2648 [ pid_t foo; foo = 1235; ],
2649 [ ac_cv_have_pid_t="yes" ],
2650 [ ac_cv_have_pid_t="no" ]
2653 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2654 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2657 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2660 #include <sys/types.h>
2662 [ mode_t foo; foo = 1235; ],
2663 [ ac_cv_have_mode_t="yes" ],
2664 [ ac_cv_have_mode_t="no" ]
2667 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2668 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2672 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2675 #include <sys/types.h>
2676 #include <sys/socket.h>
2678 [ struct sockaddr_storage s; ],
2679 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2680 [ ac_cv_have_struct_sockaddr_storage="no" ]
2683 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2684 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2685 [define if you have struct sockaddr_storage data type])
2688 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2691 #include <sys/types.h>
2692 #include <netinet/in.h>
2694 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2695 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2696 [ ac_cv_have_struct_sockaddr_in6="no" ]
2699 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2700 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2701 [define if you have struct sockaddr_in6 data type])
2704 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2707 #include <sys/types.h>
2708 #include <netinet/in.h>
2710 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2711 [ ac_cv_have_struct_in6_addr="yes" ],
2712 [ ac_cv_have_struct_in6_addr="no" ]
2715 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2716 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2717 [define if you have struct in6_addr data type])
2720 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2723 #include <sys/types.h>
2724 #include <sys/socket.h>
2727 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2728 [ ac_cv_have_struct_addrinfo="yes" ],
2729 [ ac_cv_have_struct_addrinfo="no" ]
2732 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2733 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2734 [define if you have struct addrinfo data type])
2737 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2739 [ #include <sys/time.h> ],
2740 [ struct timeval tv; tv.tv_sec = 1;],
2741 [ ac_cv_have_struct_timeval="yes" ],
2742 [ ac_cv_have_struct_timeval="no" ]
2745 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2746 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2747 have_struct_timeval=1
2750 AC_CHECK_TYPES(struct timespec)
2752 # We need int64_t or else certian parts of the compile will fail.
2753 if test "x$ac_cv_have_int64_t" = "xno" && \
2754 test "x$ac_cv_sizeof_long_int" != "x8" && \
2755 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2756 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2757 echo "an alternative compiler (I.E., GCC) before continuing."
2761 dnl test snprintf (broken on SCO w/gcc)
2766 #ifdef HAVE_SNPRINTF
2770 char expected_out[50];
2772 #if (SIZEOF_LONG_INT == 8)
2773 long int num = 0x7fffffffffffffff;
2775 long long num = 0x7fffffffffffffffll;
2777 strcpy(expected_out, "9223372036854775807");
2778 snprintf(buf, mazsize, "%lld", num);
2779 if(strcmp(buf, expected_out) != 0)
2786 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2787 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2791 dnl Checks for structure members
2792 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2793 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2794 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2795 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2796 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2797 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2798 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2799 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2800 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
2801 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
2802 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
2803 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
2804 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
2805 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
2806 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
2807 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2808 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2810 AC_CHECK_MEMBERS([struct stat.st_blksize])
2811 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2812 [Define if we don't have struct __res_state in resolv.h])],
2815 #if HAVE_SYS_TYPES_H
2816 # include <sys/types.h>
2818 #include <netinet/in.h>
2819 #include <arpa/nameser.h>
2823 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2824 ac_cv_have_ss_family_in_struct_ss, [
2827 #include <sys/types.h>
2828 #include <sys/socket.h>
2830 [ struct sockaddr_storage s; s.ss_family = 1; ],
2831 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
2832 [ ac_cv_have_ss_family_in_struct_ss="no" ],
2835 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2836 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2839 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2840 ac_cv_have___ss_family_in_struct_ss, [
2843 #include <sys/types.h>
2844 #include <sys/socket.h>
2846 [ struct sockaddr_storage s; s.__ss_family = 1; ],
2847 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
2848 [ ac_cv_have___ss_family_in_struct_ss="no" ]
2851 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2852 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2853 [Fields in struct sockaddr_storage])
2856 AC_CACHE_CHECK([for pw_class field in struct passwd],
2857 ac_cv_have_pw_class_in_struct_passwd, [
2862 [ struct passwd p; p.pw_class = 0; ],
2863 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
2864 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
2867 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2868 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2869 [Define if your password has a pw_class field])
2872 AC_CACHE_CHECK([for pw_expire field in struct passwd],
2873 ac_cv_have_pw_expire_in_struct_passwd, [
2878 [ struct passwd p; p.pw_expire = 0; ],
2879 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
2880 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
2883 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2884 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2885 [Define if your password has a pw_expire field])
2888 AC_CACHE_CHECK([for pw_change field in struct passwd],
2889 ac_cv_have_pw_change_in_struct_passwd, [
2894 [ struct passwd p; p.pw_change = 0; ],
2895 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
2896 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
2899 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2900 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2901 [Define if your password has a pw_change field])
2904 dnl make sure we're using the real structure members and not defines
2905 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
2906 ac_cv_have_accrights_in_msghdr, [
2909 #include <sys/types.h>
2910 #include <sys/socket.h>
2911 #include <sys/uio.h>
2913 #ifdef msg_accrights
2914 #error "msg_accrights is a macro"
2918 m.msg_accrights = 0;
2922 [ ac_cv_have_accrights_in_msghdr="yes" ],
2923 [ ac_cv_have_accrights_in_msghdr="no" ]
2926 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2927 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2928 [Define if your system uses access rights style
2929 file descriptor passing])
2932 AC_CACHE_CHECK([for msg_control field in struct msghdr],
2933 ac_cv_have_control_in_msghdr, [
2936 #include <sys/types.h>
2937 #include <sys/socket.h>
2938 #include <sys/uio.h>
2941 #error "msg_control is a macro"
2949 [ ac_cv_have_control_in_msghdr="yes" ],
2950 [ ac_cv_have_control_in_msghdr="no" ]
2953 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2954 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2955 [Define if your system uses ancillary data style
2956 file descriptor passing])
2959 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2961 [ extern char *__progname; printf("%s", __progname); ],
2962 [ ac_cv_libc_defines___progname="yes" ],
2963 [ ac_cv_libc_defines___progname="no" ]
2966 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2967 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2970 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
2974 [ printf("%s", __FUNCTION__); ],
2975 [ ac_cv_cc_implements___FUNCTION__="yes" ],
2976 [ ac_cv_cc_implements___FUNCTION__="no" ]
2979 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2980 AC_DEFINE(HAVE___FUNCTION__, 1,
2981 [Define if compiler implements __FUNCTION__])
2984 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
2988 [ printf("%s", __func__); ],
2989 [ ac_cv_cc_implements___func__="yes" ],
2990 [ ac_cv_cc_implements___func__="no" ]
2993 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2994 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2997 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2999 [#include <stdarg.h>
3002 [ ac_cv_have_va_copy="yes" ],
3003 [ ac_cv_have_va_copy="no" ]
3006 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3007 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3010 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3012 [#include <stdarg.h>
3015 [ ac_cv_have___va_copy="yes" ],
3016 [ ac_cv_have___va_copy="no" ]
3019 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3020 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3023 AC_CACHE_CHECK([whether getopt has optreset support],
3024 ac_cv_have_getopt_optreset, [
3029 [ extern int optreset; optreset = 0; ],
3030 [ ac_cv_have_getopt_optreset="yes" ],
3031 [ ac_cv_have_getopt_optreset="no" ]
3034 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3035 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3036 [Define if your getopt(3) defines and uses optreset])
3039 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3041 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3042 [ ac_cv_libc_defines_sys_errlist="yes" ],
3043 [ ac_cv_libc_defines_sys_errlist="no" ]
3046 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3047 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3048 [Define if your system defines sys_errlist[]])
3052 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3054 [ extern int sys_nerr; printf("%i", sys_nerr);],
3055 [ ac_cv_libc_defines_sys_nerr="yes" ],
3056 [ ac_cv_libc_defines_sys_nerr="no" ]
3059 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3060 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3064 # Check whether user wants sectok support
3066 [ --with-sectok Enable smartcard support using libsectok],
3068 if test "x$withval" != "xno" ; then
3069 if test "x$withval" != "xyes" ; then
3070 CPPFLAGS="$CPPFLAGS -I${withval}"
3071 LDFLAGS="$LDFLAGS -L${withval}"
3072 if test ! -z "$need_dash_r" ; then
3073 LDFLAGS="$LDFLAGS -R${withval}"
3075 if test ! -z "$blibpath" ; then
3076 blibpath="$blibpath:${withval}"
3079 AC_CHECK_HEADERS(sectok.h)
3080 if test "$ac_cv_header_sectok_h" != yes; then
3081 AC_MSG_ERROR(Can't find sectok.h)
3083 AC_CHECK_LIB(sectok, sectok_open)
3084 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3085 AC_MSG_ERROR(Can't find libsectok)
3087 AC_DEFINE(SMARTCARD, 1,
3088 [Define if you want smartcard support])
3089 AC_DEFINE(USE_SECTOK, 1,
3090 [Define if you want smartcard support
3092 SCARD_MSG="yes, using sectok"
3097 # Check whether user wants OpenSC support
3100 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3102 if test "x$withval" != "xno" ; then
3103 if test "x$withval" != "xyes" ; then
3104 OPENSC_CONFIG=$withval/bin/opensc-config
3106 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3108 if test "$OPENSC_CONFIG" != "no"; then
3109 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3110 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3111 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3112 LIBS="$LIBS $LIBOPENSC_LIBS"
3113 AC_DEFINE(SMARTCARD)
3114 AC_DEFINE(USE_OPENSC, 1,
3115 [Define if you want smartcard support
3117 SCARD_MSG="yes, using OpenSC"
3123 # Check libraries needed by DNS fingerprint support
3124 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3125 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3126 [Define if getrrsetbyname() exists])],
3128 # Needed by our getrrsetbyname()
3129 AC_SEARCH_LIBS(res_query, resolv)
3130 AC_SEARCH_LIBS(dn_expand, resolv)
3131 AC_MSG_CHECKING(if res_query will link)
3132 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3135 LIBS="$LIBS -lresolv"
3136 AC_MSG_CHECKING(for res_query in -lresolv)
3141 res_query (0, 0, 0, 0, 0);
3145 [LIBS="$LIBS -lresolv"
3146 AC_MSG_RESULT(yes)],
3150 AC_CHECK_FUNCS(_getshort _getlong)
3151 AC_CHECK_DECLS([_getshort, _getlong], , ,
3152 [#include <sys/types.h>
3153 #include <arpa/nameser.h>])
3154 AC_CHECK_MEMBER(HEADER.ad,
3155 [AC_DEFINE(HAVE_HEADER_AD, 1,
3156 [Define if HEADER.ad exists in arpa/nameser.h])],,
3157 [#include <arpa/nameser.h>])
3160 # Check whether user wants SELinux support
3163 AC_ARG_WITH(selinux,
3164 [ --with-selinux Enable SELinux support],
3165 [ if test "x$withval" != "xno" ; then
3166 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3168 AC_CHECK_HEADER([selinux/selinux.h], ,
3169 AC_MSG_ERROR(SELinux support requires selinux.h header))
3170 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3171 AC_MSG_ERROR(SELinux support requires libselinux library))
3172 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3175 AC_SUBST(LIBSELINUX)
3177 # Check whether user wants Kerberos 5 support
3179 AC_ARG_WITH(kerberos5,
3180 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3181 [ if test "x$withval" != "xno" ; then
3182 if test "x$withval" = "xyes" ; then
3183 KRB5ROOT="/usr/local"
3188 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3191 AC_MSG_CHECKING(for krb5-config)
3192 if test -x $KRB5ROOT/bin/krb5-config ; then
3193 KRB5CONF=$KRB5ROOT/bin/krb5-config
3194 AC_MSG_RESULT($KRB5CONF)
3196 AC_MSG_CHECKING(for gssapi support)
3197 if $KRB5CONF | grep gssapi >/dev/null ; then
3199 AC_DEFINE(GSSAPI, 1,
3200 [Define this if you want GSSAPI
3201 support in the version 2 protocol])
3207 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3208 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3209 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3210 AC_MSG_CHECKING(whether we are using Heimdal)
3211 AC_TRY_COMPILE([ #include <krb5.h> ],
3212 [ char *tmp = heimdal_version; ],
3213 [ AC_MSG_RESULT(yes)
3214 AC_DEFINE(HEIMDAL, 1,
3215 [Define this if you are using the
3216 Heimdal version of Kerberos V5]) ],
3221 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3222 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3223 AC_MSG_CHECKING(whether we are using Heimdal)
3224 AC_TRY_COMPILE([ #include <krb5.h> ],
3225 [ char *tmp = heimdal_version; ],
3226 [ AC_MSG_RESULT(yes)
3228 K5LIBS="-lkrb5 -ldes"
3229 K5LIBS="$K5LIBS -lcom_err -lasn1"
3230 AC_CHECK_LIB(roken, net_write,
3231 [K5LIBS="$K5LIBS -lroken"])
3234 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3237 AC_SEARCH_LIBS(dn_expand, resolv)
3239 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3241 K5LIBS="-lgssapi $K5LIBS" ],
3242 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3244 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3245 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3250 AC_CHECK_HEADER(gssapi.h, ,
3251 [ unset ac_cv_header_gssapi_h
3252 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3253 AC_CHECK_HEADERS(gssapi.h, ,
3254 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3260 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3261 AC_CHECK_HEADER(gssapi_krb5.h, ,
3262 [ CPPFLAGS="$oldCPP" ])
3265 if test ! -z "$need_dash_r" ; then
3266 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3268 if test ! -z "$blibpath" ; then
3269 blibpath="$blibpath:${KRB5ROOT}/lib"
3272 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3273 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3274 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3276 LIBS="$LIBS $K5LIBS"
3277 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3278 [Define this if you want to use libkafs' AFS support]))
3283 # Looking for programs, paths and files
3285 PRIVSEP_PATH=/var/empty
3286 AC_ARG_WITH(privsep-path,
3287 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3289 if test -n "$withval" && test "x$withval" != "xno" && \
3290 test "x${withval}" != "xyes"; then
3291 PRIVSEP_PATH=$withval
3295 AC_SUBST(PRIVSEP_PATH)
3298 [ --with-xauth=PATH Specify path to xauth program ],
3300 if test -n "$withval" && test "x$withval" != "xno" && \
3301 test "x${withval}" != "xyes"; then
3307 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3308 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3309 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3310 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3311 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3312 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3313 xauth_path="/usr/openwin/bin/xauth"
3319 AC_ARG_ENABLE(strip,
3320 [ --disable-strip Disable calling strip(1) on install],
3322 if test "x$enableval" = "xno" ; then
3329 if test -z "$xauth_path" ; then
3330 XAUTH_PATH="undefined"
3331 AC_SUBST(XAUTH_PATH)
3333 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3334 [Define if xauth is found in your path])
3335 XAUTH_PATH=$xauth_path
3336 AC_SUBST(XAUTH_PATH)
3339 # Check for mail directory (last resort if we cannot get it from headers)
3340 if test ! -z "$MAIL" ; then
3341 maildir=`dirname $MAIL`
3342 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3343 [Set this to your mail directory if you don't have maillock.h])
3346 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3347 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3348 disable_ptmx_check=yes
3350 if test -z "$no_dev_ptmx" ; then
3351 if test "x$disable_ptmx_check" != "xyes" ; then
3352 AC_CHECK_FILE("/dev/ptmx",
3354 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3355 [Define if you have /dev/ptmx])
3362 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3363 AC_CHECK_FILE("/dev/ptc",
3365 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3366 [Define if you have /dev/ptc])
3371 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3374 # Options from here on. Some of these are preset by platform above
3375 AC_ARG_WITH(mantype,
3376 [ --with-mantype=man|cat|doc Set man page type],
3383 AC_MSG_ERROR(invalid man type: $withval)
3388 if test -z "$MANTYPE"; then
3389 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3390 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3391 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3393 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3400 if test "$MANTYPE" = "doc"; then
3407 # Check whether to enable MD5 passwords
3409 AC_ARG_WITH(md5-passwords,
3410 [ --with-md5-passwords Enable use of MD5 passwords],
3412 if test "x$withval" != "xno" ; then
3413 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3414 [Define if you want to allow MD5 passwords])
3420 # Whether to disable shadow password support
3422 [ --without-shadow Disable shadow password support],
3424 if test "x$withval" = "xno" ; then
3425 AC_DEFINE(DISABLE_SHADOW)
3431 if test -z "$disable_shadow" ; then
3432 AC_MSG_CHECKING([if the systems has expire shadow information])
3435 #include <sys/types.h>
3438 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3439 [ sp_expire_available=yes ], []
3442 if test "x$sp_expire_available" = "xyes" ; then
3444 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3445 [Define if you want to use shadow password expire field])
3451 # Use ip address instead of hostname in $DISPLAY
3452 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3453 DISPLAY_HACK_MSG="yes"
3454 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3455 [Define if you need to use IP address
3456 instead of hostname in $DISPLAY])
3458 DISPLAY_HACK_MSG="no"
3459 AC_ARG_WITH(ipaddr-display,
3460 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3462 if test "x$withval" != "xno" ; then
3463 AC_DEFINE(IPADDR_IN_DISPLAY)
3464 DISPLAY_HACK_MSG="yes"
3470 # check for /etc/default/login and use it if present.
3471 AC_ARG_ENABLE(etc-default-login,
3472 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3473 [ if test "x$enableval" = "xno"; then
3474 AC_MSG_NOTICE([/etc/default/login handling disabled])
3475 etc_default_login=no
3477 etc_default_login=yes
3479 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3481 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3482 etc_default_login=no
3484 etc_default_login=yes
3488 if test "x$etc_default_login" != "xno"; then
3489 AC_CHECK_FILE("/etc/default/login",
3490 [ external_path_file=/etc/default/login ])
3491 if test "x$external_path_file" = "x/etc/default/login"; then
3492 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3493 [Define if your system has /etc/default/login])
3497 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3498 if test $ac_cv_func_login_getcapbool = "yes" && \
3499 test $ac_cv_header_login_cap_h = "yes" ; then
3500 external_path_file=/etc/login.conf
3503 # Whether to mess with the default path
3504 SERVER_PATH_MSG="(default)"
3505 AC_ARG_WITH(default-path,
3506 [ --with-default-path= Specify default \$PATH environment for server],
3508 if test "x$external_path_file" = "x/etc/login.conf" ; then
3510 --with-default-path=PATH has no effect on this system.
3511 Edit /etc/login.conf instead.])
3512 elif test "x$withval" != "xno" ; then
3513 if test ! -z "$external_path_file" ; then
3515 --with-default-path=PATH will only be used if PATH is not defined in
3516 $external_path_file .])
3518 user_path="$withval"
3519 SERVER_PATH_MSG="$withval"
3522 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3523 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3525 if test ! -z "$external_path_file" ; then
3527 If PATH is defined in $external_path_file, ensure the path to scp is included,
3528 otherwise scp will not work.])
3532 /* find out what STDPATH is */
3537 #ifndef _PATH_STDPATH
3538 # ifdef _PATH_USERPATH /* Irix */
3539 # define _PATH_STDPATH _PATH_USERPATH
3541 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3544 #include <sys/types.h>
3545 #include <sys/stat.h>
3547 #define DATA "conftest.stdpath"
3554 fd = fopen(DATA,"w");
3558 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3564 [ user_path=`cat conftest.stdpath` ],
3565 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3566 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3568 # make sure $bindir is in USER_PATH so scp will work
3569 t_bindir=`eval echo ${bindir}`
3571 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3574 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
3576 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3577 if test $? -ne 0 ; then
3578 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
3579 if test $? -ne 0 ; then
3580 user_path=$user_path:$t_bindir
3581 AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
3586 if test "x$external_path_file" != "x/etc/login.conf" ; then
3587 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3591 # Set superuser path separately to user path
3592 AC_ARG_WITH(superuser-path,
3593 [ --with-superuser-path= Specify different path for super-user],
3595 if test -n "$withval" && test "x$withval" != "xno" && \
3596 test "x${withval}" != "xyes"; then
3597 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3598 [Define if you want a different $PATH
3600 superuser_path=$withval
3606 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3607 IPV4_IN6_HACK_MSG="no"
3609 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3611 if test "x$withval" != "xno" ; then
3613 AC_DEFINE(IPV4_IN_IPV6, 1,
3614 [Detect IPv4 in IPv6 mapped addresses
3616 IPV4_IN6_HACK_MSG="yes"
3621 if test "x$inet6_default_4in6" = "xyes"; then
3622 AC_MSG_RESULT([yes (default)])
3623 AC_DEFINE(IPV4_IN_IPV6)
3624 IPV4_IN6_HACK_MSG="yes"
3626 AC_MSG_RESULT([no (default)])
3631 # Whether to enable BSD auth support
3633 AC_ARG_WITH(bsd-auth,
3634 [ --with-bsd-auth Enable BSD auth support],
3636 if test "x$withval" != "xno" ; then
3637 AC_DEFINE(BSD_AUTH, 1,
3638 [Define if you have BSD auth support])
3644 # Where to place sshd.pid
3646 # make sure the directory exists
3647 if test ! -d $piddir ; then
3648 piddir=`eval echo ${sysconfdir}`
3650 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3654 AC_ARG_WITH(pid-dir,
3655 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3657 if test -n "$withval" && test "x$withval" != "xno" && \
3658 test "x${withval}" != "xyes"; then
3660 if test ! -d $piddir ; then
3661 AC_MSG_WARN([** no $piddir directory on this system **])
3667 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3670 dnl allow user to disable some login recording features
3671 AC_ARG_ENABLE(lastlog,
3672 [ --disable-lastlog disable use of lastlog even if detected [no]],
3674 if test "x$enableval" = "xno" ; then
3675 AC_DEFINE(DISABLE_LASTLOG)
3680 [ --disable-utmp disable use of utmp even if detected [no]],
3682 if test "x$enableval" = "xno" ; then
3683 AC_DEFINE(DISABLE_UTMP)
3687 AC_ARG_ENABLE(utmpx,
3688 [ --disable-utmpx disable use of utmpx even if detected [no]],
3690 if test "x$enableval" = "xno" ; then
3691 AC_DEFINE(DISABLE_UTMPX, 1,
3692 [Define if you don't want to use utmpx])
3697 [ --disable-wtmp disable use of wtmp even if detected [no]],
3699 if test "x$enableval" = "xno" ; then
3700 AC_DEFINE(DISABLE_WTMP)
3704 AC_ARG_ENABLE(wtmpx,
3705 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3707 if test "x$enableval" = "xno" ; then
3708 AC_DEFINE(DISABLE_WTMPX, 1,
3709 [Define if you don't want to use wtmpx])
3713 AC_ARG_ENABLE(libutil,
3714 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3716 if test "x$enableval" = "xno" ; then
3717 AC_DEFINE(DISABLE_LOGIN)
3721 AC_ARG_ENABLE(pututline,
3722 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3724 if test "x$enableval" = "xno" ; then
3725 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3726 [Define if you don't want to use pututline()
3727 etc. to write [uw]tmp])
3731 AC_ARG_ENABLE(pututxline,
3732 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3734 if test "x$enableval" = "xno" ; then
3735 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3736 [Define if you don't want to use pututxline()
3737 etc. to write [uw]tmpx])
3741 AC_ARG_WITH(lastlog,
3742 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3744 if test "x$withval" = "xno" ; then
3745 AC_DEFINE(DISABLE_LASTLOG)
3746 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3747 conf_lastlog_location=$withval
3752 dnl lastlog, [uw]tmpx? detection
3753 dnl NOTE: set the paths in the platform section to avoid the
3754 dnl need for command-line parameters
3755 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3757 dnl lastlog detection
3758 dnl NOTE: the code itself will detect if lastlog is a directory
3759 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3761 #include <sys/types.h>
3763 #ifdef HAVE_LASTLOG_H
3764 # include <lastlog.h>
3773 [ char *lastlog = LASTLOG_FILE; ],
3774 [ AC_MSG_RESULT(yes) ],
3777 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
3779 #include <sys/types.h>
3781 #ifdef HAVE_LASTLOG_H
3782 # include <lastlog.h>
3788 [ char *lastlog = _PATH_LASTLOG; ],
3789 [ AC_MSG_RESULT(yes) ],
3792 system_lastlog_path=no
3797 if test -z "$conf_lastlog_location"; then
3798 if test x"$system_lastlog_path" = x"no" ; then
3799 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
3800 if (test -d "$f" || test -f "$f") ; then
3801 conf_lastlog_location=$f
3804 if test -z "$conf_lastlog_location"; then
3805 AC_MSG_WARN([** Cannot find lastlog **])
3806 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
3811 if test -n "$conf_lastlog_location"; then
3812 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3813 [Define if you want to specify the path to your lastlog file])
3817 AC_MSG_CHECKING([if your system defines UTMP_FILE])
3819 #include <sys/types.h>
3825 [ char *utmp = UTMP_FILE; ],
3826 [ AC_MSG_RESULT(yes) ],
3828 system_utmp_path=no ]
3830 if test -z "$conf_utmp_location"; then
3831 if test x"$system_utmp_path" = x"no" ; then
3832 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
3833 if test -f $f ; then
3834 conf_utmp_location=$f
3837 if test -z "$conf_utmp_location"; then
3838 AC_DEFINE(DISABLE_UTMP)
3842 if test -n "$conf_utmp_location"; then
3843 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3844 [Define if you want to specify the path to your utmp file])
3848 AC_MSG_CHECKING([if your system defines WTMP_FILE])
3850 #include <sys/types.h>
3856 [ char *wtmp = WTMP_FILE; ],
3857 [ AC_MSG_RESULT(yes) ],
3859 system_wtmp_path=no ]
3861 if test -z "$conf_wtmp_location"; then
3862 if test x"$system_wtmp_path" = x"no" ; then
3863 for f in /usr/adm/wtmp /var/log/wtmp; do
3864 if test -f $f ; then
3865 conf_wtmp_location=$f
3868 if test -z "$conf_wtmp_location"; then
3869 AC_DEFINE(DISABLE_WTMP)
3873 if test -n "$conf_wtmp_location"; then
3874 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3875 [Define if you want to specify the path to your wtmp file])
3879 dnl utmpx detection - I don't know any system so perverse as to require
3880 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
3882 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
3884 #include <sys/types.h>
3893 [ char *utmpx = UTMPX_FILE; ],
3894 [ AC_MSG_RESULT(yes) ],
3896 system_utmpx_path=no ]
3898 if test -z "$conf_utmpx_location"; then
3899 if test x"$system_utmpx_path" = x"no" ; then
3900 AC_DEFINE(DISABLE_UTMPX)
3903 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3904 [Define if you want to specify the path to your utmpx file])
3908 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
3910 #include <sys/types.h>
3919 [ char *wtmpx = WTMPX_FILE; ],
3920 [ AC_MSG_RESULT(yes) ],
3922 system_wtmpx_path=no ]
3924 if test -z "$conf_wtmpx_location"; then
3925 if test x"$system_wtmpx_path" = x"no" ; then
3926 AC_DEFINE(DISABLE_WTMPX)
3929 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3930 [Define if you want to specify the path to your wtmpx file])
3934 if test ! -z "$blibpath" ; then
3935 LDFLAGS="$LDFLAGS $blibflags$blibpath"
3936 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
3939 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3941 CFLAGS="$CFLAGS $werror_flags"
3944 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
3945 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
3946 scard/Makefile ssh_prng_cmds survey.sh])
3949 # Print summary of options
3951 # Someone please show me a better way :)
3952 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
3953 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
3954 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
3955 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
3956 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
3957 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
3958 G=`eval echo ${piddir}` ; G=`eval echo ${G}`
3959 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
3960 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
3961 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
3964 echo "OpenSSH has been configured with the following options:"
3965 echo " User binaries: $B"
3966 echo " System binaries: $C"
3967 echo " Configuration files: $D"
3968 echo " Askpass program: $E"
3969 echo " Manual pages: $F"
3970 echo " PID file: $G"
3971 echo " Privilege separation chroot path: $H"
3972 if test "x$external_path_file" = "x/etc/login.conf" ; then
3973 echo " At runtime, sshd will use the path defined in $external_path_file"
3974 echo " Make sure the path to scp is present, otherwise scp will not work"
3976 echo " sshd default user PATH: $I"
3977 if test ! -z "$external_path_file"; then
3978 echo " (If PATH is set in $external_path_file it will be used instead. If"
3979 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
3982 if test ! -z "$superuser_path" ; then
3983 echo " sshd superuser user PATH: $J"
3985 echo " Manpage format: $MANTYPE"
3986 echo " PAM support: $PAM_MSG"
3987 echo " OSF SIA support: $SIA_MSG"
3988 echo " KerberosV support: $KRB5_MSG"
3989 echo " SELinux support: $SELINUX_MSG"
3990 echo " Smartcard support: $SCARD_MSG"
3991 echo " S/KEY support: $SKEY_MSG"
3992 echo " TCP Wrappers support: $TCPW_MSG"
3993 echo " MD5 password support: $MD5_MSG"
3994 echo " libedit support: $LIBEDIT_MSG"
3995 echo " Solaris process contract support: $SPC_MSG"
3996 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
3997 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
3998 echo " BSD Auth support: $BSD_AUTH_MSG"
3999 echo " Random number source: $RAND_MSG"
4000 if test ! -z "$USE_RAND_HELPER" ; then
4001 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4006 echo " Host: ${host}"
4007 echo " Compiler: ${CC}"
4008 echo " Compiler flags: ${CFLAGS}"
4009 echo "Preprocessor flags: ${CPPFLAGS}"
4010 echo " Linker flags: ${LDFLAGS}"
4011 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
4015 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4016 echo "SVR4 style packages are supported with \"make package\""
4020 if test "x$PAM_MSG" = "xyes" ; then
4021 echo "PAM is enabled. You may need to install a PAM control file "
4022 echo "for sshd, otherwise password authentication may fail. "
4023 echo "Example PAM control files can be found in the contrib/ "
4028 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4029 echo "WARNING: you are using the builtin random number collection "
4030 echo "service. Please read WARNING.RNG and request that your OS "
4031 echo "vendor includes kernel-based random number collection in "
4032 echo "future versions of your OS."
4036 if test ! -z "$NO_PEERCHECK" ; then
4037 echo "WARNING: the operating system that you are using does not "
4038 echo "appear to support either the getpeereid() API nor the "
4039 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4040 echo "enforce security checks to prevent unauthorised connections to "
4041 echo "ssh-agent. Their absence increases the risk that a malicious "
4042 echo "user can connect to your agent. "
4046 if test "$AUDIT_MODULE" = "bsm" ; then
4047 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4048 echo "See the Solaris section in README.platform for details."