3 # Copyright (c) 1999-2004 Damien Miller
5 # Permission to use, copy, modify, and distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18 AC_REVISION($Revision$)
19 AC_CONFIG_SRCDIR([ssh.c])
21 AC_CONFIG_HEADER(config.h)
26 # Checks for programs.
33 AC_PATH_PROG(CAT, cat)
34 AC_PATH_PROG(KILL, kill)
35 AC_PATH_PROGS(PERL, perl5 perl)
36 AC_PATH_PROG(SED, sed)
38 AC_PATH_PROG(ENT, ent)
40 AC_PATH_PROG(TEST_MINUS_S_SH, bash)
41 AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
42 AC_PATH_PROG(TEST_MINUS_S_SH, sh)
44 AC_SUBST(TEST_SHELL,sh)
47 AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
48 [/usr/sbin${PATH_SEPARATOR}/etc])
49 AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
50 [/usr/sbin${PATH_SEPARATOR}/etc])
51 AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52 if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
61 if test -z "$AR" ; then
62 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
65 # Use LOGIN_PROGRAM from environment if possible
66 if test ! -z "$LOGIN_PROGRAM" ; then
67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
73 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
74 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
78 AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
79 if test ! -z "$PATH_PASSWD_PROG" ; then
80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
84 if test -z "$LD" ; then
91 AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
93 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
105 if test -z "$have_llong_max"; then
106 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
107 unset ac_cv_have_decl_LLONG_MAX
108 saved_CFLAGS="$CFLAGS"
109 CFLAGS="$CFLAGS -std=gnu99"
110 AC_CHECK_DECL(LLONG_MAX,
112 [CFLAGS="$saved_CFLAGS"],
113 [#include <limits.h>]
119 [ --without-rpath Disable auto-added -R linker paths],
121 if test "x$withval" = "xno" ; then
124 if test "x$withval" = "xyes" ; then
130 # Allow user to specify flags
132 [ --with-cflags Specify additional flags to pass to compiler],
134 if test -n "$withval" && test "x$withval" != "xno" && \
135 test "x${withval}" != "xyes"; then
136 CFLAGS="$CFLAGS $withval"
140 AC_ARG_WITH(cppflags,
141 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
143 if test -n "$withval" && test "x$withval" != "xno" && \
144 test "x${withval}" != "xyes"; then
145 CPPFLAGS="$CPPFLAGS $withval"
150 [ --with-ldflags Specify additional flags to pass to linker],
152 if test -n "$withval" && test "x$withval" != "xno" && \
153 test "x${withval}" != "xyes"; then
154 LDFLAGS="$LDFLAGS $withval"
159 [ --with-libs Specify additional libraries to link with],
161 if test -n "$withval" && test "x$withval" != "xno" && \
162 test "x${withval}" != "xyes"; then
163 LIBS="$LIBS $withval"
168 [ --with-Werror Build main code with -Werror],
170 if test -n "$withval" && test "x$withval" != "xno"; then
171 werror_flags="-Werror"
172 if test "x${withval}" != "xyes"; then
173 werror_flags="$withval"
204 security/pam_appl.h \
241 # lastlog.h requires sys/time.h to be included first on Solaris
242 AC_CHECK_HEADERS(lastlog.h, [], [], [
243 #ifdef HAVE_SYS_TIME_H
244 # include <sys/time.h>
248 # sys/ptms.h requires sys/stream.h to be included first on Solaris
249 AC_CHECK_HEADERS(sys/ptms.h, [], [], [
250 #ifdef HAVE_SYS_STREAM_H
251 # include <sys/stream.h>
255 # login_cap.h requires sys/types.h on NetBSD
256 AC_CHECK_HEADERS(login_cap.h, [], [], [
257 #include <sys/types.h>
260 # Messages for features tested for in target-specific section
264 # Check for some target-specific stuff
267 # Some versions of VAC won't allow macro redefinitions at
268 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that
269 # particularly with older versions of vac or xlc.
270 # It also throws errors about null macro argments, but these are
272 AC_MSG_CHECKING(if compiler allows macro redefinitions)
275 #define testmacro foo
276 #define testmacro bar
277 int main(void) { exit(0); }
279 [ AC_MSG_RESULT(yes) ],
281 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`"
282 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`"
283 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`"
284 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`"
288 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
289 if (test -z "$blibpath"); then
290 blibpath="/usr/lib:/lib"
292 saved_LDFLAGS="$LDFLAGS"
293 if test "$GCC" = "yes"; then
294 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
296 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
298 for tryflags in $flags ;do
299 if (test -z "$blibflags"); then
300 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
301 AC_TRY_LINK([], [], [blibflags=$tryflags])
304 if (test -z "$blibflags"); then
305 AC_MSG_RESULT(not found)
306 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
308 AC_MSG_RESULT($blibflags)
310 LDFLAGS="$saved_LDFLAGS"
311 dnl Check for authenticate. Might be in libs.a on older AIXes
312 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
313 [Define if you want to enable AIX4's authenticate function])],
314 [AC_CHECK_LIB(s,authenticate,
315 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
319 dnl Check for various auth function declarations in headers.
320 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
321 passwdexpired, setauthdb], , , [#include <usersec.h>])
322 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
323 AC_CHECK_DECLS(loginfailed,
324 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
326 [#include <usersec.h>],
327 [(void)loginfailed("user","host","tty",0);],
329 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
330 [Define if your AIX loginfailed() function
331 takes 4 arguments (AIX >= 5.2)])],
335 [#include <usersec.h>]
337 AC_CHECK_FUNCS(setauthdb)
338 AC_CHECK_DECL(F_CLOSEM,
339 AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
341 [ #include <limits.h>
344 check_for_aix_broken_getaddrinfo=1
345 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
346 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
347 [Define if your platform breaks doing a seteuid before a setuid])
348 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
349 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
350 dnl AIX handles lastlog as part of its login message
351 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
352 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
353 [Some systems need a utmpx entry for /bin/login to work])
354 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
355 [Define to a Set Process Title type if your system is
356 supported by bsd-setproctitle.c])
357 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
358 [AIX 5.2 and 5.3 (and presumably newer) require this])
359 AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
362 check_for_libcrypt_later=1
363 LIBS="$LIBS /usr/lib/textmode.o"
364 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
365 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
366 AC_DEFINE(DISABLE_SHADOW, 1,
367 [Define if you want to disable shadow passwords])
368 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
369 [Define if your system choked on IP TOS setting])
370 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
371 [Define if X11 doesn't support AF_UNIX sockets on that system])
372 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
373 [Define if the concept of ports only accessible to
374 superusers isn't known])
375 AC_DEFINE(DISABLE_FD_PASSING, 1,
376 [Define if your platform needs to skip post auth
377 file descriptor passing])
380 AC_DEFINE(IP_TOS_IS_BROKEN)
381 AC_DEFINE(SETEUID_BREAKS_SETUID)
382 AC_DEFINE(BROKEN_SETREUID)
383 AC_DEFINE(BROKEN_SETREGID)
386 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
387 AC_DEFINE(SETEUID_BREAKS_SETUID)
388 AC_DEFINE(BROKEN_SETREUID)
389 AC_DEFINE(BROKEN_SETREGID)
390 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
391 [Define if your resolver libs need this for getrrsetbyname])
392 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
393 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
394 [Use tunnel device compatibility to OpenBSD])
395 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
396 [Prepend the address family to IP tunnel traffic])
397 AC_MSG_CHECKING(if we have the Security Authorization Session API)
398 AC_TRY_COMPILE([#include <Security/AuthSession.h>],
399 [SessionCreate(0, 0);],
400 [ac_cv_use_security_session_api="yes"
401 AC_DEFINE(USE_SECURITY_SESSION_API, 1,
402 [platform has the Security Authorization Session API])
403 LIBS="$LIBS -framework Security"
405 [ac_cv_use_security_session_api="no"
407 AC_MSG_CHECKING(if we have an in-memory credentials cache)
409 [#include <Kerberos/Kerberos.h>],
411 (void) cc_initialize (&c, 0, NULL, NULL);],
412 [AC_DEFINE(USE_CCAPI, 1,
413 [platform uses an in-memory credentials cache])
414 LIBS="$LIBS -framework Security"
416 if test "x$ac_cv_use_security_session_api" = "xno"; then
417 AC_MSG_ERROR(*** Need a security framework to use the credentials cache API ***)
423 SSHDLIBS="$SSHDLIBS -lcrypt"
426 # first we define all of the options common to all HP-UX releases
427 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
428 IPADDR_IN_DISPLAY=yes
430 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
431 [Define if your login program cannot handle end of options ("--")])
432 AC_DEFINE(LOGIN_NEEDS_UTMPX)
433 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
434 [String used in /etc/passwd to denote locked account])
435 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
436 MAIL="/var/mail/username"
438 AC_CHECK_LIB(xnet, t_error, ,
439 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
441 # next, we define all of the options specific to major releases
444 if test -z "$GCC"; then
449 AC_DEFINE(PAM_SUN_CODEBASE, 1,
450 [Define if you are using Solaris-derived PAM which
451 passes pam_messages to the conversation function
452 with an extra level of indirection])
453 AC_DEFINE(DISABLE_UTMP, 1,
454 [Define if you don't want to use utmp])
455 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
456 check_for_hpux_broken_getaddrinfo=1
457 check_for_conflicting_getspnam=1
461 # lastly, we define options specific to minor releases
464 AC_DEFINE(HAVE_SECUREWARE, 1,
465 [Define if you have SecureWare-based
466 protected password database])
467 disable_ptmx_check=yes
473 PATH="$PATH:/usr/etc"
474 AC_DEFINE(BROKEN_INET_NTOA, 1,
475 [Define if you system's inet_ntoa is busted
476 (e.g. Irix gcc issue)])
477 AC_DEFINE(SETEUID_BREAKS_SETUID)
478 AC_DEFINE(BROKEN_SETREUID)
479 AC_DEFINE(BROKEN_SETREGID)
480 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
481 [Define if you shouldn't strip 'tty' from your
483 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
486 PATH="$PATH:/usr/etc"
487 AC_DEFINE(WITH_IRIX_ARRAY, 1,
488 [Define if you have/want arrays
489 (cluster-wide session managment, not C arrays)])
490 AC_DEFINE(WITH_IRIX_PROJECT, 1,
491 [Define if you want IRIX project management])
492 AC_DEFINE(WITH_IRIX_AUDIT, 1,
493 [Define if you want IRIX audit trails])
494 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
495 [Define if you want IRIX kernel jobs])])
496 AC_DEFINE(BROKEN_INET_NTOA)
497 AC_DEFINE(SETEUID_BREAKS_SETUID)
498 AC_DEFINE(BROKEN_SETREUID)
499 AC_DEFINE(BROKEN_SETREGID)
500 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
501 AC_DEFINE(WITH_ABBREV_NO_TTY)
502 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
506 check_for_libcrypt_later=1
507 check_for_openpty_ctty_bug=1
508 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
509 AC_DEFINE(PAM_TTY_KLUDGE, 1,
510 [Work around problematic Linux PAM modules handling of PAM_TTY])
511 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
512 [String used in /etc/passwd to denote locked account])
513 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
514 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
515 [Define to whatever link() returns for "not supported"
516 if it doesn't return EOPNOTSUPP.])
517 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
519 inet6_default_4in6=yes
522 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
523 [Define if cmsg_type is not passed correctly])
526 # tun(4) forwarding compat code
527 AC_CHECK_HEADERS(linux/if_tun.h)
528 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
529 AC_DEFINE(SSH_TUN_LINUX, 1,
530 [Open tunnel devices the Linux tun/tap way])
531 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
532 [Use tunnel device compatibility to OpenBSD])
533 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
534 [Prepend the address family to IP tunnel traffic])
537 mips-sony-bsd|mips-sony-newsos4)
538 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
542 check_for_libcrypt_before=1
543 if test "x$withval" != "xno" ; then
546 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
547 AC_CHECK_HEADER([net/if_tap.h], ,
548 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
549 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
550 [Prepend the address family to IP tunnel traffic])
553 check_for_libcrypt_later=1
554 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
555 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
556 AC_CHECK_HEADER([net/if_tap.h], ,
557 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
560 AC_DEFINE(SETEUID_BREAKS_SETUID)
561 AC_DEFINE(BROKEN_SETREUID)
562 AC_DEFINE(BROKEN_SETREGID)
565 conf_lastlog_location="/usr/adm/lastlog"
566 conf_utmp_location=/etc/utmp
567 conf_wtmp_location=/usr/adm/wtmp
569 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
570 AC_DEFINE(BROKEN_REALPATH)
572 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
575 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
576 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
577 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
578 AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
579 [syslog_r function is safe to use in in a signal handler])
582 if test "x$withval" != "xno" ; then
585 AC_DEFINE(PAM_SUN_CODEBASE)
586 AC_DEFINE(LOGIN_NEEDS_UTMPX)
587 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
588 [Some versions of /bin/login need the TERM supplied
590 AC_DEFINE(PAM_TTY_KLUDGE)
591 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
592 [Define if pam_chauthtok wants real uid set
593 to the unpriv'ed user])
594 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
595 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
596 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
597 [Define if sshd somehow reacquires a controlling TTY
599 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
600 in case the name is longer than 8 chars])
601 external_path_file=/etc/default/login
602 # hardwire lastlog location (can't detect it on some versions)
603 conf_lastlog_location="/var/adm/lastlog"
604 AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
605 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
606 if test "$sol2ver" -ge 8; then
608 AC_DEFINE(DISABLE_UTMP)
609 AC_DEFINE(DISABLE_WTMP, 1,
610 [Define if you don't want to use wtmp])
614 AC_ARG_WITH(solaris-contracts,
615 [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
617 AC_CHECK_LIB(contract, ct_tmpl_activate,
618 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
619 [Define if you have Solaris process contracts])
620 SSHDLIBS="$SSHDLIBS -lcontract"
627 CPPFLAGS="$CPPFLAGS -DSUNOS4"
628 AC_CHECK_FUNCS(getpwanam)
629 AC_DEFINE(PAM_SUN_CODEBASE)
630 conf_utmp_location=/etc/utmp
631 conf_wtmp_location=/var/adm/wtmp
632 conf_lastlog_location=/var/adm/lastlog
638 AC_DEFINE(SSHD_ACQUIRES_CTTY)
639 AC_DEFINE(SETEUID_BREAKS_SETUID)
640 AC_DEFINE(BROKEN_SETREUID)
641 AC_DEFINE(BROKEN_SETREGID)
644 # /usr/ucblib MUST NOT be searched on ReliantUNIX
645 AC_CHECK_LIB(dl, dlsym, ,)
646 # -lresolv needs to be at the end of LIBS or DNS lookups break
647 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
648 IPADDR_IN_DISPLAY=yes
650 AC_DEFINE(IP_TOS_IS_BROKEN)
651 AC_DEFINE(SETEUID_BREAKS_SETUID)
652 AC_DEFINE(BROKEN_SETREUID)
653 AC_DEFINE(BROKEN_SETREGID)
654 AC_DEFINE(SSHD_ACQUIRES_CTTY)
655 external_path_file=/etc/default/login
656 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
657 # Attention: always take care to bind libsocket and libnsl before libc,
658 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
660 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
663 AC_DEFINE(SETEUID_BREAKS_SETUID)
664 AC_DEFINE(BROKEN_SETREUID)
665 AC_DEFINE(BROKEN_SETREGID)
666 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
667 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
669 # UnixWare 7.x, OpenUNIX 8
671 check_for_libcrypt_later=1
672 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
674 AC_DEFINE(SETEUID_BREAKS_SETUID)
675 AC_DEFINE(BROKEN_SETREUID)
676 AC_DEFINE(BROKEN_SETREGID)
677 AC_DEFINE(PASSWD_NEEDS_USERNAME)
679 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
680 TEST_SHELL=/u95/bin/sh
681 AC_DEFINE(BROKEN_LIBIAF, 1,
682 [ia_uinfo routines not supported by OS yet])
683 AC_DEFINE(BROKEN_UPDWTMPX)
685 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
691 # SCO UNIX and OEM versions of SCO UNIX
693 AC_MSG_ERROR("This Platform is no longer supported.")
697 if test -z "$GCC"; then
698 CFLAGS="$CFLAGS -belf"
700 LIBS="$LIBS -lprot -lx -ltinfo -lm"
703 AC_DEFINE(HAVE_SECUREWARE)
704 AC_DEFINE(DISABLE_SHADOW)
705 AC_DEFINE(DISABLE_FD_PASSING)
706 AC_DEFINE(SETEUID_BREAKS_SETUID)
707 AC_DEFINE(BROKEN_SETREUID)
708 AC_DEFINE(BROKEN_SETREGID)
709 AC_DEFINE(WITH_ABBREV_NO_TTY)
710 AC_DEFINE(BROKEN_UPDWTMPX)
711 AC_DEFINE(PASSWD_NEEDS_USERNAME)
712 AC_CHECK_FUNCS(getluid setluid)
717 AC_DEFINE(NO_SSH_LASTLOG, 1,
718 [Define if you don't want to use lastlog in session.c])
719 AC_DEFINE(SETEUID_BREAKS_SETUID)
720 AC_DEFINE(BROKEN_SETREUID)
721 AC_DEFINE(BROKEN_SETREGID)
723 AC_DEFINE(DISABLE_FD_PASSING)
725 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
729 AC_DEFINE(SETEUID_BREAKS_SETUID)
730 AC_DEFINE(BROKEN_SETREUID)
731 AC_DEFINE(BROKEN_SETREGID)
732 AC_DEFINE(WITH_ABBREV_NO_TTY)
734 AC_DEFINE(DISABLE_FD_PASSING)
736 LIBS="$LIBS -lgen -lacid -ldb"
740 AC_DEFINE(SETEUID_BREAKS_SETUID)
741 AC_DEFINE(BROKEN_SETREUID)
742 AC_DEFINE(BROKEN_SETREGID)
744 AC_DEFINE(DISABLE_FD_PASSING)
745 AC_DEFINE(NO_SSH_LASTLOG)
746 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
747 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
751 AC_MSG_CHECKING(for Digital Unix SIA)
754 [ --with-osfsia Enable Digital Unix SIA],
756 if test "x$withval" = "xno" ; then
757 AC_MSG_RESULT(disabled)
762 if test -z "$no_osfsia" ; then
763 if test -f /etc/sia/matrix.conf; then
765 AC_DEFINE(HAVE_OSF_SIA, 1,
766 [Define if you have Digital Unix Security
767 Integration Architecture])
768 AC_DEFINE(DISABLE_LOGIN, 1,
769 [Define if you don't want to use your
770 system's login() call])
771 AC_DEFINE(DISABLE_FD_PASSING)
772 LIBS="$LIBS -lsecurity -ldb -lm -laud"
776 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
777 [String used in /etc/passwd to denote locked account])
780 AC_DEFINE(BROKEN_GETADDRINFO)
781 AC_DEFINE(SETEUID_BREAKS_SETUID)
782 AC_DEFINE(BROKEN_SETREUID)
783 AC_DEFINE(BROKEN_SETREGID)
788 AC_DEFINE(NO_X11_UNIX_SOCKETS)
789 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
790 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
791 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
792 AC_DEFINE(DISABLE_LASTLOG)
793 AC_DEFINE(SSHD_ACQUIRES_CTTY)
794 enable_etc_default_login=no # has incompatible /etc/default/login
798 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
799 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
800 AC_DEFINE(NEED_SETPGRP)
801 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
805 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
806 AC_DEFINE(MISSING_HOWMANY)
807 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
811 AC_MSG_CHECKING(compiler and flags for sanity)
817 [ AC_MSG_RESULT(yes) ],
820 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
822 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
825 dnl Checks for header files.
826 # Checks for libraries.
827 AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
828 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
830 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
831 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
832 AC_CHECK_LIB(gen, dirname,[
833 AC_CACHE_CHECK([for broken dirname],
834 ac_cv_have_broken_dirname, [
842 int main(int argc, char **argv) {
845 strncpy(buf,"/etc", 32);
847 if (!s || strncmp(s, "/", 32) != 0) {
854 [ ac_cv_have_broken_dirname="no" ],
855 [ ac_cv_have_broken_dirname="yes" ],
856 [ ac_cv_have_broken_dirname="no" ],
860 if test "x$ac_cv_have_broken_dirname" = "xno" ; then
862 AC_DEFINE(HAVE_DIRNAME)
863 AC_CHECK_HEADERS(libgen.h)
868 AC_CHECK_FUNC(getspnam, ,
869 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
870 AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
871 [Define if you have the basename function.]))
875 [ --with-zlib=PATH Use zlib in PATH],
876 [ if test "x$withval" = "xno" ; then
877 AC_MSG_ERROR([*** zlib is required ***])
878 elif test "x$withval" != "xyes"; then
879 if test -d "$withval/lib"; then
880 if test -n "${need_dash_r}"; then
881 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
883 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
886 if test -n "${need_dash_r}"; then
887 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
889 LDFLAGS="-L${withval} ${LDFLAGS}"
892 if test -d "$withval/include"; then
893 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
895 CPPFLAGS="-I${withval} ${CPPFLAGS}"
900 AC_CHECK_LIB(z, deflate, ,
902 saved_CPPFLAGS="$CPPFLAGS"
903 saved_LDFLAGS="$LDFLAGS"
905 dnl Check default zlib install dir
906 if test -n "${need_dash_r}"; then
907 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
909 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
911 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}"
913 AC_TRY_LINK_FUNC(deflate, AC_DEFINE(HAVE_LIBZ),
915 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])
920 AC_CHECK_HEADER([zlib.h], ,AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***]))
922 AC_ARG_WITH(zlib-version-check,
923 [ --without-zlib-version-check Disable zlib version check],
924 [ if test "x$withval" = "xno" ; then
925 zlib_check_nonfatal=1
930 AC_MSG_CHECKING(for possibly buggy zlib)
931 AC_RUN_IFELSE([AC_LANG_SOURCE([[
936 int a=0, b=0, c=0, d=0, n, v;
937 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
938 if (n != 3 && n != 4)
940 v = a*1000000 + b*10000 + c*100 + d;
941 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
944 if (a == 1 && b == 1 && c >= 4)
947 /* 1.2.3 and up are OK */
956 if test -z "$zlib_check_nonfatal" ; then
957 AC_MSG_ERROR([*** zlib too old - check config.log ***
958 Your reported zlib version has known security problems. It's possible your
959 vendor has fixed these problems without changing the version number. If you
960 are sure this is the case, you can disable the check by running
961 "./configure --without-zlib-version-check".
962 If you are in doubt, upgrade zlib to version 1.2.3 or greater.
963 See http://www.gzip.org/zlib/ for details.])
965 AC_MSG_WARN([zlib version may have security problems])
968 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ]
972 AC_CHECK_FUNC(strcasecmp,
973 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
975 AC_CHECK_FUNCS(utimes,
976 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
977 LIBS="$LIBS -lc89"]) ]
980 dnl Checks for libutil functions
981 AC_CHECK_HEADERS(libutil.h)
982 AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
983 [Define if your libraries define login()])])
984 AC_CHECK_FUNCS(logout updwtmp logwtmp)
988 # Check for ALTDIRFUNC glob() extension
989 AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
990 AC_EGREP_CPP(FOUNDIT,
993 #ifdef GLOB_ALTDIRFUNC
998 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
999 [Define if your system glob() function has
1000 the GLOB_ALTDIRFUNC extension])
1008 # Check for g.gl_matchc glob() extension
1009 AC_MSG_CHECKING(for gl_matchc field in glob_t)
1011 [ #include <glob.h> ],
1012 [glob_t g; g.gl_matchc = 1;],
1014 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
1015 [Define if your system glob() function has
1016 gl_matchc options in glob_t])
1024 AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
1026 AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
1029 #include <sys/types.h>
1031 int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
1033 [AC_MSG_RESULT(yes)],
1036 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
1037 [Define if your struct dirent expects you to
1038 allocate extra space for d_name])
1041 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
1042 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
1046 # Check whether the user wants GSSAPI mechglue support
1047 AC_ARG_WITH(mechglue,
1048 [ --with-mechglue=PATH Build with GSSAPI mechglue library],
1050 AC_MSG_CHECKING(for mechglue library)
1052 if test -e ${withval}/libgssapi.a ; then
1053 mechglue_lib=${withval}/libgssapi.a
1054 elif test -e ${withval}/lib/libgssapi.a ; then
1055 mechglue_lib=${withval}/lib/libgssapi.a
1057 AC_MSG_ERROR("Can't find libgssapi in ${withval}");
1059 LIBS="$LIBS ${mechglue_lib}"
1060 AC_MSG_RESULT(${mechglue_lib})
1062 AC_CHECK_LIB(dl, dlopen, , )
1063 if test $ac_cv_lib_dl_dlopen = yes; then
1064 LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
1068 AC_DEFINE(MECHGLUE, 1, [Define this if you're building with GSSAPI MechGlue.])
1075 # Check whether the user wants GSI (Globus) support
1078 [ --with-gsi Enable Globus GSI authentication support],
1085 [ --with-globus Enable Globus GSI authentication support],
1091 AC_ARG_WITH(globus-static,
1092 [ --with-globus-static Link statically with Globus GSI libraries],
1095 if test "x$gsi_path" = "xno" ; then
1101 # Check whether the user has a Globus flavor type
1102 globus_flavor_type="no"
1103 AC_ARG_WITH(globus-flavor,
1104 [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
1106 globus_flavor_type="$withval"
1107 if test "x$gsi_path" = "xno" ; then
1113 if test "x$gsi_path" != "xno" ; then
1114 # Globus GSSAPI configuration
1115 AC_MSG_CHECKING(for Globus GSI)
1116 AC_DEFINE(GSI, 1, [Define if you want GSI/Globus authentication support.])
1118 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
1119 AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
1121 if test -z "$GSSAPI"; then
1126 if test "x$gsi_path" = "xyes" ; then
1127 if test -z "$GLOBUS_LOCATION" ; then
1128 AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
1130 gsi_path="$GLOBUS_LOCATION"
1133 GLOBUS_LOCATION="$gsi_path"
1134 export GLOBUS_LOCATION
1135 if test ! -d "$GLOBUS_LOCATION" ; then
1136 AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
1139 if test "x$globus_flavor_type" = "xno" ; then
1140 AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
1142 if test "x$globus_flavor_type" = "xyes" ; then
1143 AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
1147 AC_MSG_CHECKING(for Globus include path)
1148 GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
1149 if test ! -d "$GLOBUS_INCLUDE" ; then
1150 AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
1152 GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
1156 # Find GPT linkline helper
1159 AC_MSG_CHECKING(for GPT linkline helper)
1160 if test -x $GPT_LOCATION/sbin/gpt_build_config ; then
1161 gpt_linkline_helper="$GPT_LOCATION/sbin/gpt_build_config"
1162 elif test -x ${gsi_path}/sbin/gpt_build_config ; then
1163 gpt_linkline_helper="${gsi_path}/sbin/gpt_build_config"
1165 AC_MSG_ERROR(Cannot find gpt_build_config: GPT installation is incomplete)
1170 # Build Globus linkline
1173 if test -n "${gsi_static}"; then
1174 ${gpt_linkline_helper} -f ${globus_flavor_type} -link static -src pkg_data_src.gpt
1176 ${gpt_linkline_helper} -f ${globus_flavor_type} -link shared -src pkg_data_src.gpt
1178 . ./gpt_build_temp.sh
1179 if test -n "${need_dash_r}"; then
1180 GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
1182 GSI_LDFLAGS="-L${gsi_path}/lib"
1184 GSI_LIBS="$GPT_CONFIG_PGM_LINKS"
1185 LD_LIBRARY_PATH="${gsi_path}/lib:$LD_LIBRARY_PATH"; export LD_LIBRARY_PATH
1188 # Test Globus linkline
1191 AC_MSG_CHECKING(for Globus linkline)
1192 if test -z "$GSI_LIBS" ; then
1193 AC_MSG_ERROR(gpt_build_config failed)
1197 AC_DEFINE(HAVE_GSSAPI_H)
1199 LIBS="$LIBS $GSI_LIBS"
1200 LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
1201 CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
1203 AC_MSG_CHECKING(that Globus linkline works)
1204 # test that we got the libraries OK
1212 AC_MSG_ERROR(link with Globus libraries failed)
1215 AC_CHECK_FUNCS(globus_gss_assist_map_and_authorize)
1216 INSTALL_GSISSH="yes"
1220 # End Globus/GSI section
1222 AC_MSG_CHECKING([for /proc/pid/fd directory])
1223 if test -d "/proc/$$/fd" ; then
1224 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
1230 # Check whether user wants S/Key support
1233 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)],
1235 if test "x$withval" != "xno" ; then
1237 if test "x$withval" != "xyes" ; then
1238 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1239 LDFLAGS="$LDFLAGS -L${withval}/lib"
1242 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
1246 AC_MSG_CHECKING([for s/key support])
1251 int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
1253 [AC_MSG_RESULT(yes)],
1256 AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
1258 AC_MSG_CHECKING(if skeychallenge takes 4 arguments)
1262 [(void)skeychallenge(NULL,"name","",0);],
1264 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1265 [Define if your skeychallenge()
1266 function takes 4 arguments (NetBSD)])],
1273 # Check whether user wants TCP wrappers support
1275 AC_ARG_WITH(tcp-wrappers,
1276 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
1278 if test "x$withval" != "xno" ; then
1280 saved_LDFLAGS="$LDFLAGS"
1281 saved_CPPFLAGS="$CPPFLAGS"
1282 if test -n "${withval}" && \
1283 test "x${withval}" != "xyes"; then
1284 if test -d "${withval}/lib"; then
1285 if test -n "${need_dash_r}"; then
1286 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1288 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1291 if test -n "${need_dash_r}"; then
1292 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1294 LDFLAGS="-L${withval} ${LDFLAGS}"
1297 if test -d "${withval}/include"; then
1298 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1300 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1304 LIBS="$LIBWRAP $LIBS"
1305 AC_MSG_CHECKING(for libwrap)
1308 #include <sys/types.h>
1309 #include <sys/socket.h>
1310 #include <netinet/in.h>
1312 int deny_severity = 0, allow_severity = 0;
1317 AC_DEFINE(LIBWRAP, 1,
1319 TCP Wrappers support])
1324 AC_MSG_ERROR([*** libwrap missing])
1332 # Check whether user wants libedit support
1334 AC_ARG_WITH(libedit,
1335 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1336 [ if test "x$withval" != "xno" ; then
1337 if test "x$withval" != "xyes"; then
1338 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1339 if test -n "${need_dash_r}"; then
1340 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1342 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1345 AC_CHECK_LIB(edit, el_init,
1346 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1347 LIBEDIT="-ledit -lcurses"
1351 [ AC_MSG_ERROR(libedit not found) ],
1354 AC_MSG_CHECKING(if libedit version is compatible)
1357 #include <histedit.h>
1361 el_init("", NULL, NULL, NULL);
1365 [ AC_MSG_RESULT(yes) ],
1367 AC_MSG_ERROR(libedit version is not compatible) ]
1374 [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
1376 AC_MSG_CHECKING(for supported audit module)
1381 dnl Checks for headers, libs and functions
1382 AC_CHECK_HEADERS(bsm/audit.h, [],
1383 [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)],
1390 AC_CHECK_LIB(bsm, getaudit, [],
1391 [AC_MSG_ERROR(BSM enabled and required library not found)])
1392 AC_CHECK_FUNCS(getaudit, [],
1393 [AC_MSG_ERROR(BSM enabled and required function not found)])
1394 # These are optional
1395 AC_CHECK_FUNCS(getaudit_addr)
1396 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1400 AC_MSG_RESULT(debug)
1401 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1407 AC_MSG_ERROR([Unknown audit module $withval])
1412 dnl Checks for library functions. Please keep in alphabetical order
1497 # IRIX has a const char return value for gai_strerror()
1498 AC_CHECK_FUNCS(gai_strerror,[
1499 AC_DEFINE(HAVE_GAI_STRERROR)
1501 #include <sys/types.h>
1502 #include <sys/socket.h>
1505 const char *gai_strerror(int);],[
1508 str = gai_strerror(0);],[
1509 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1510 [Define if gai_strerror() returns const char *])])])
1512 AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1513 [Some systems put nanosleep outside of libc]))
1515 dnl Make sure prototypes are defined for these before using them.
1516 AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1517 AC_CHECK_DECL(strsep,
1518 [AC_CHECK_FUNCS(strsep)],
1521 #ifdef HAVE_STRING_H
1522 # include <string.h>
1526 dnl tcsendbreak might be a macro
1527 AC_CHECK_DECL(tcsendbreak,
1528 [AC_DEFINE(HAVE_TCSENDBREAK)],
1529 [AC_CHECK_FUNCS(tcsendbreak)],
1530 [#include <termios.h>]
1533 AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
1535 AC_CHECK_DECLS(SHUT_RD, , ,
1537 #include <sys/types.h>
1538 #include <sys/socket.h>
1541 AC_CHECK_DECLS(O_NONBLOCK, , ,
1543 #include <sys/types.h>
1544 #ifdef HAVE_SYS_STAT_H
1545 # include <sys/stat.h>
1552 AC_CHECK_DECLS(writev, , , [
1553 #include <sys/types.h>
1554 #include <sys/uio.h>
1558 AC_CHECK_FUNCS(setresuid, [
1559 dnl Some platorms have setresuid that isn't implemented, test for this
1560 AC_MSG_CHECKING(if setresuid seems to work)
1565 int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1567 [AC_MSG_RESULT(yes)],
1568 [AC_DEFINE(BROKEN_SETRESUID, 1,
1569 [Define if your setresuid() is broken])
1570 AC_MSG_RESULT(not implemented)],
1571 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1575 AC_CHECK_FUNCS(setresgid, [
1576 dnl Some platorms have setresgid that isn't implemented, test for this
1577 AC_MSG_CHECKING(if setresgid seems to work)
1582 int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1584 [AC_MSG_RESULT(yes)],
1585 [AC_DEFINE(BROKEN_SETRESGID, 1,
1586 [Define if your setresgid() is broken])
1587 AC_MSG_RESULT(not implemented)],
1588 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1592 dnl Checks for time functions
1593 AC_CHECK_FUNCS(gettimeofday time)
1594 dnl Checks for utmp functions
1595 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
1596 AC_CHECK_FUNCS(utmpname)
1597 dnl Checks for utmpx functions
1598 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1599 AC_CHECK_FUNCS(setutxent utmpxname)
1601 AC_CHECK_FUNC(daemon,
1602 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1603 [AC_CHECK_LIB(bsd, daemon,
1604 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1607 AC_CHECK_FUNC(getpagesize,
1608 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1609 [Define if your libraries define getpagesize()])],
1610 [AC_CHECK_LIB(ucb, getpagesize,
1611 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1614 # Check for broken snprintf
1615 if test "x$ac_cv_func_snprintf" = "xyes" ; then
1616 AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
1620 int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1622 [AC_MSG_RESULT(yes)],
1625 AC_DEFINE(BROKEN_SNPRINTF, 1,
1626 [Define if your snprintf is busted])
1627 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1629 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1633 # If we don't have a working asprintf, then we strongly depend on vsnprintf
1634 # returning the right thing on overflow: the number of characters it tried to
1635 # create (as per SUSv3)
1636 if test "x$ac_cv_func_asprintf" != "xyes" && \
1637 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1638 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1641 #include <sys/types.h>
1645 int x_snprintf(char *str,size_t count,const char *fmt,...)
1647 size_t ret; va_list ap;
1648 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1654 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1656 [AC_MSG_RESULT(yes)],
1659 AC_DEFINE(BROKEN_SNPRINTF, 1,
1660 [Define if your snprintf is busted])
1661 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1663 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1667 # On systems where [v]snprintf is broken, but is declared in stdio,
1668 # check that the fmt argument is const char * or just char *.
1669 # This is only useful for when BROKEN_SNPRINTF
1670 AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1671 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1672 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1673 int main(void) { snprintf(0, 0, 0); }
1676 AC_DEFINE(SNPRINTF_CONST, [const],
1677 [Define as const if snprintf() can declare const char *fmt])],
1679 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1681 # Check for missing getpeereid (or equiv) support
1683 if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1684 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt])
1686 [#include <sys/types.h>
1687 #include <sys/socket.h>],
1688 [int i = SO_PEERCRED;],
1689 [ AC_MSG_RESULT(yes)
1690 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1697 dnl see whether mkstemp() requires XXXXXX
1698 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1699 AC_MSG_CHECKING([for (overly) strict mkstemp])
1703 main() { char template[]="conftest.mkstemp-test";
1704 if (mkstemp(template) == -1)
1706 unlink(template); exit(0);
1714 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1718 AC_DEFINE(HAVE_STRICT_MKSTEMP)
1723 dnl make sure that openpty does not reacquire controlling terminal
1724 if test ! -z "$check_for_openpty_ctty_bug"; then
1725 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1729 #include <sys/fcntl.h>
1730 #include <sys/types.h>
1731 #include <sys/wait.h>
1737 int fd, ptyfd, ttyfd, status;
1740 if (pid < 0) { /* failed */
1742 } else if (pid > 0) { /* parent */
1743 waitpid(pid, &status, 0);
1744 if (WIFEXITED(status))
1745 exit(WEXITSTATUS(status));
1748 } else { /* child */
1749 close(0); close(1); close(2);
1751 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
1752 fd = open("/dev/tty", O_RDWR | O_NOCTTY);
1754 exit(3); /* Acquired ctty: broken */
1756 exit(0); /* Did not acquire ctty: OK */
1765 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1768 AC_MSG_RESULT(cross-compiling, assuming yes)
1773 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1774 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1775 AC_MSG_CHECKING(if getaddrinfo seems to work)
1779 #include <sys/socket.h>
1782 #include <netinet/in.h>
1784 #define TEST_PORT "2222"
1790 struct addrinfo *gai_ai, *ai, hints;
1791 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1793 memset(&hints, 0, sizeof(hints));
1794 hints.ai_family = PF_UNSPEC;
1795 hints.ai_socktype = SOCK_STREAM;
1796 hints.ai_flags = AI_PASSIVE;
1798 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1800 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1804 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1805 if (ai->ai_family != AF_INET6)
1808 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1809 sizeof(ntop), strport, sizeof(strport),
1810 NI_NUMERICHOST|NI_NUMERICSERV);
1813 if (err == EAI_SYSTEM)
1814 perror("getnameinfo EAI_SYSTEM");
1816 fprintf(stderr, "getnameinfo failed: %s\n",
1821 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
1824 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
1837 AC_DEFINE(BROKEN_GETADDRINFO)
1840 AC_MSG_RESULT(cross-compiling, assuming yes)
1845 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1846 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1847 AC_MSG_CHECKING(if getaddrinfo seems to work)
1851 #include <sys/socket.h>
1854 #include <netinet/in.h>
1856 #define TEST_PORT "2222"
1862 struct addrinfo *gai_ai, *ai, hints;
1863 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL;
1865 memset(&hints, 0, sizeof(hints));
1866 hints.ai_family = PF_UNSPEC;
1867 hints.ai_socktype = SOCK_STREAM;
1868 hints.ai_flags = AI_PASSIVE;
1870 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai);
1872 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err));
1876 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) {
1877 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
1880 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop,
1881 sizeof(ntop), strport, sizeof(strport),
1882 NI_NUMERICHOST|NI_NUMERICSERV);
1884 if (ai->ai_family == AF_INET && err != 0) {
1885 perror("getnameinfo");
1894 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1895 [Define if you have a getaddrinfo that fails
1896 for the all-zeros IPv6 address])
1900 AC_DEFINE(BROKEN_GETADDRINFO)
1903 AC_MSG_RESULT(cross-compiling, assuming no)
1908 if test "x$check_for_conflicting_getspnam" = "x1"; then
1909 AC_MSG_CHECKING(for conflicting getspnam in shadow.h)
1913 int main(void) {exit(0);}
1920 AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1,
1921 [Conflicting defs for getspnam])
1928 # Search for OpenSSL
1929 saved_CPPFLAGS="$CPPFLAGS"
1930 saved_LDFLAGS="$LDFLAGS"
1931 AC_ARG_WITH(ssl-dir,
1932 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
1934 if test "x$withval" != "xno" ; then
1937 ./*|../*) withval="`pwd`/$withval"
1939 if test -d "$withval/lib"; then
1940 if test -n "${need_dash_r}"; then
1941 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1943 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1946 if test -n "${need_dash_r}"; then
1947 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
1949 LDFLAGS="-L${withval} ${LDFLAGS}"
1952 if test -d "$withval/include"; then
1953 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
1955 CPPFLAGS="-I${withval} ${CPPFLAGS}"
1961 if test -z "$GSI_LIBS" ; then
1962 LIBS="-lcrypto $LIBS"
1964 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1965 [Define if your ssl headers are included
1966 with #include <openssl/header.h>]),
1968 dnl Check default openssl install dir
1969 if test -n "${need_dash_r}"; then
1970 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
1972 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
1974 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
1975 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
1977 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
1983 # Determine OpenSSL header version
1984 AC_MSG_CHECKING([OpenSSL header version])
1989 #include <openssl/opensslv.h>
1990 #define DATA "conftest.sslincver"
1995 fd = fopen(DATA,"w");
1999 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
2006 ssl_header_ver=`cat conftest.sslincver`
2007 AC_MSG_RESULT($ssl_header_ver)
2010 AC_MSG_RESULT(not found)
2011 AC_MSG_ERROR(OpenSSL version header not found.)
2014 AC_MSG_WARN([cross compiling: not checking])
2018 # Determine OpenSSL library version
2019 AC_MSG_CHECKING([OpenSSL library version])
2024 #include <openssl/opensslv.h>
2025 #include <openssl/crypto.h>
2026 #define DATA "conftest.ssllibver"
2031 fd = fopen(DATA,"w");
2035 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
2042 ssl_library_ver=`cat conftest.ssllibver`
2043 AC_MSG_RESULT($ssl_library_ver)
2046 AC_MSG_RESULT(not found)
2047 AC_MSG_ERROR(OpenSSL library not found.)
2050 AC_MSG_WARN([cross compiling: not checking])
2054 # Sanity check OpenSSL headers
2055 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
2059 #include <openssl/opensslv.h>
2060 int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
2067 AC_MSG_ERROR([Your OpenSSL headers do not match your library.
2068 Check config.log for details.
2069 Also see contrib/findssl.sh for help identifying header/library mismatches.])
2072 AC_MSG_WARN([cross compiling: not checking])
2076 AC_MSG_CHECKING([if programs using OpenSSL functions will link])
2079 #include <openssl/evp.h>
2080 int main(void) { SSLeay_add_all_algorithms(); }
2089 AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
2092 #include <openssl/evp.h>
2093 int main(void) { SSLeay_add_all_algorithms(); }
2106 AC_ARG_WITH(ssl-engine,
2107 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2108 [ if test "x$withval" != "xno" ; then
2109 AC_MSG_CHECKING(for OpenSSL ENGINE support)
2111 [ #include <openssl/engine.h>],
2113 ENGINE_load_builtin_engines();ENGINE_register_all_complete();
2115 [ AC_MSG_RESULT(yes)
2116 AC_DEFINE(USE_OPENSSL_ENGINE, 1,
2117 [Enable OpenSSL engine support])
2119 [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
2124 # Check for OpenSSL without EVP_aes_{192,256}_cbc
2125 AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
2129 #include <openssl/evp.h>
2130 int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
2137 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
2138 [libcrypto is missing AES 192 and 256 bit functions])
2142 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
2143 # because the system crypt() is more featureful.
2144 if test "x$check_for_libcrypt_before" = "x1"; then
2145 AC_CHECK_LIB(crypt, crypt)
2148 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
2149 # version in OpenSSL.
2150 if test "x$check_for_libcrypt_later" = "x1"; then
2151 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
2154 # Search for SHA256 support in libc and/or OpenSSL
2155 AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
2157 AC_CHECK_LIB(iaf, ia_openinfo)
2159 ### Configure cryptographic random number support
2161 # Check wheter OpenSSL seeds itself
2162 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
2166 #include <openssl/rand.h>
2167 int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
2170 OPENSSL_SEEDS_ITSELF=yes
2175 # Default to use of the rand helper if OpenSSL doesn't
2180 AC_MSG_WARN([cross compiling: assuming yes])
2181 # This is safe, since all recent OpenSSL versions will
2182 # complain at runtime if not seeded correctly.
2183 OPENSSL_SEEDS_ITSELF=yes
2187 # Check for PAM libs
2190 [ --with-pam Enable PAM support ],
2192 if test "x$withval" != "xno" ; then
2193 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
2194 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
2195 AC_MSG_ERROR([PAM headers not found])
2199 AC_CHECK_LIB(dl, dlopen, , )
2200 AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
2201 AC_CHECK_FUNCS(pam_getenvlist)
2202 AC_CHECK_FUNCS(pam_putenv)
2208 AC_DEFINE(USE_PAM, 1,
2209 [Define if you want to enable PAM support])
2211 if test $ac_cv_lib_dl_dlopen = yes; then
2214 # libdl already in LIBS
2217 LIBPAM="$LIBPAM -ldl"
2226 AC_CHECK_LIB(dl, dlopen, , )
2227 AC_CHECK_LIB(pam, pam_set_item, , )
2228 AC_CHECK_FUNCS(pam_getenvlist)
2229 AC_CHECK_FUNCS(pam_putenv)
2232 if (test "x$ac_cv_header_security_pam_appl_h" = "xyes" || \
2233 test "x$ac_cv_header_pam_pam_appl_h" = "xyes") &&
2234 test "x$ac_cv_lib_pam_pam_set_item" = "xyes" ; then
2240 if test $ac_cv_lib_dl_dlopen = yes; then
2243 # libdl already in LIBS
2246 LIBPAM="$LIBPAM -ldl"
2255 # Check for older PAM
2256 if test "x$PAM_MSG" = "xyes" ; then
2257 # Check PAM strerror arguments (old PAM)
2258 AC_MSG_CHECKING([whether pam_strerror takes only one argument])
2262 #if defined(HAVE_SECURITY_PAM_APPL_H)
2263 #include <security/pam_appl.h>
2264 #elif defined (HAVE_PAM_PAM_APPL_H)
2265 #include <pam/pam_appl.h>
2268 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
2269 [AC_MSG_RESULT(no)],
2271 AC_DEFINE(HAVE_OLD_PAM, 1,
2272 [Define if you have an old version of PAM
2273 which takes only one argument to pam_strerror])
2275 PAM_MSG="yes (old library)"
2280 # Do we want to force the use of the rand helper?
2281 AC_ARG_WITH(rand-helper,
2282 [ --with-rand-helper Use subprocess to gather strong randomness ],
2284 if test "x$withval" = "xno" ; then
2285 # Force use of OpenSSL's internal RNG, even if
2286 # the previous test showed it to be unseeded.
2287 if test -z "$OPENSSL_SEEDS_ITSELF" ; then
2288 AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
2289 OPENSSL_SEEDS_ITSELF=yes
2298 # Which randomness source do we use?
2299 if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
2301 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
2302 [Define if you want OpenSSL's internally seeded PRNG only])
2303 RAND_MSG="OpenSSL internal ONLY"
2304 INSTALL_SSH_RAND_HELPER=""
2305 elif test ! -z "$USE_RAND_HELPER" ; then
2306 # install rand helper
2307 RAND_MSG="ssh-rand-helper"
2308 INSTALL_SSH_RAND_HELPER="yes"
2310 AC_SUBST(INSTALL_SSH_RAND_HELPER)
2312 ### Configuration of ssh-rand-helper
2315 AC_ARG_WITH(prngd-port,
2316 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT],
2325 AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
2328 if test ! -z "$withval" ; then
2329 PRNGD_PORT="$withval"
2330 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
2331 [Port number of PRNGD/EGD random number socket])
2336 # PRNGD Unix domain socket
2337 AC_ARG_WITH(prngd-socket,
2338 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
2342 withval="/var/run/egd-pool"
2350 AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
2354 if test ! -z "$withval" ; then
2355 if test ! -z "$PRNGD_PORT" ; then
2356 AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
2358 if test ! -r "$withval" ; then
2359 AC_MSG_WARN(Entropy socket is not readable)
2361 PRNGD_SOCKET="$withval"
2362 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
2363 [Location of PRNGD/EGD random number socket])
2367 # Check for existing socket only if we don't have a random device already
2368 if test "$USE_RAND_HELPER" = yes ; then
2369 AC_MSG_CHECKING(for PRNGD/EGD socket)
2370 # Insert other locations here
2371 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
2372 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
2373 PRNGD_SOCKET="$sock"
2374 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
2378 if test ! -z "$PRNGD_SOCKET" ; then
2379 AC_MSG_RESULT($PRNGD_SOCKET)
2381 AC_MSG_RESULT(not found)
2387 # Change default command timeout for hashing entropy source
2389 AC_ARG_WITH(entropy-timeout,
2390 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
2392 if test -n "$withval" && test "x$withval" != "xno" && \
2393 test "x${withval}" != "xyes"; then
2394 entropy_timeout=$withval
2398 AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2399 [Builtin PRNG command timeout])
2401 SSH_PRIVSEP_USER=sshd
2402 AC_ARG_WITH(privsep-user,
2403 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2405 if test -n "$withval" && test "x$withval" != "xno" && \
2406 test "x${withval}" != "xyes"; then
2407 SSH_PRIVSEP_USER=$withval
2411 AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2412 [non-privileged user for privilege separation])
2413 AC_SUBST(SSH_PRIVSEP_USER)
2415 # We do this little dance with the search path to insure
2416 # that programs that we select for use by installed programs
2417 # (which may be run by the super-user) come from trusted
2418 # locations before they come from the user's private area.
2419 # This should help avoid accidentally configuring some
2420 # random version of a program in someone's personal bin.
2424 test -h /bin 2> /dev/null && PATH=/usr/bin
2425 test -d /sbin && PATH=$PATH:/sbin
2426 test -d /usr/sbin && PATH=$PATH:/usr/sbin
2427 PATH=$PATH:/etc:$OPATH
2429 # These programs are used by the command hashing source to gather entropy
2430 OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
2431 OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
2432 OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
2433 OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
2434 OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
2435 OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
2436 OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
2437 OSSH_PATH_ENTROPY_PROG(PROG_W, w)
2438 OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
2439 OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
2440 OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
2441 OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
2442 OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
2443 OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
2444 OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
2445 OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
2449 # Where does ssh-rand-helper get its randomness from?
2450 INSTALL_SSH_PRNG_CMDS=""
2451 if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
2452 if test ! -z "$PRNGD_PORT" ; then
2453 RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
2454 elif test ! -z "$PRNGD_SOCKET" ; then
2455 RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
2457 RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
2458 RAND_HELPER_CMDHASH=yes
2459 INSTALL_SSH_PRNG_CMDS="yes"
2462 AC_SUBST(INSTALL_SSH_PRNG_CMDS)
2465 # Cheap hack to ensure NEWS-OS libraries are arranged right.
2466 if test ! -z "$SONY" ; then
2467 LIBS="$LIBS -liberty";
2470 # Check for long long datatypes
2471 AC_CHECK_TYPES([long long, unsigned long long, long double])
2473 # Check datatype sizes
2474 AC_CHECK_SIZEOF(char, 1)
2475 AC_CHECK_SIZEOF(short int, 2)
2476 AC_CHECK_SIZEOF(int, 4)
2477 AC_CHECK_SIZEOF(long int, 4)
2478 AC_CHECK_SIZEOF(long long int, 8)
2480 # Sanity check long long for some platforms (AIX)
2481 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
2482 ac_cv_sizeof_long_long_int=0
2485 # compute LLONG_MIN and LLONG_MAX if we don't know them.
2486 if test -z "$have_llong_max"; then
2487 AC_MSG_CHECKING([for max value of long long])
2491 /* Why is this so damn hard? */
2495 #define __USE_ISOC99
2497 #define DATA "conftest.llminmax"
2498 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
2501 * printf in libc on some platforms (eg old Tru64) does not understand %lld so
2502 * we do this the hard way.
2505 fprint_ll(FILE *f, long long n)
2508 int l[sizeof(long long) * 8];
2511 if (fprintf(f, "-") < 0)
2513 for (i = 0; n != 0; i++) {
2514 l[i] = my_abs(n % 10);
2518 if (fprintf(f, "%d", l[--i]) < 0)
2521 if (fprintf(f, " ") < 0)
2528 long long i, llmin, llmax = 0;
2530 if((f = fopen(DATA,"w")) == NULL)
2533 #if defined(LLONG_MIN) && defined(LLONG_MAX)
2534 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2538 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2539 /* This will work on one's complement and two's complement */
2540 for (i = 1; i > llmax; i <<= 1, i++)
2542 llmin = llmax + 1LL; /* wrap */
2546 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2547 || llmax - 1 > llmax || llmin == llmax || llmin == 0
2548 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
2549 fprintf(f, "unknown unknown\n");
2553 if (fprint_ll(f, llmin) < 0)
2555 if (fprint_ll(f, llmax) < 0)
2563 llong_min=`$AWK '{print $1}' conftest.llminmax`
2564 llong_max=`$AWK '{print $2}' conftest.llminmax`
2566 AC_MSG_RESULT($llong_max)
2567 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2568 [max value of long long calculated by configure])
2569 AC_MSG_CHECKING([for min value of long long])
2570 AC_MSG_RESULT($llong_min)
2571 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2572 [min value of long long calculated by configure])
2575 AC_MSG_RESULT(not found)
2578 AC_MSG_WARN([cross compiling: not checking])
2584 # More checks for data types
2585 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
2587 [ #include <sys/types.h> ],
2589 [ ac_cv_have_u_int="yes" ],
2590 [ ac_cv_have_u_int="no" ]
2593 if test "x$ac_cv_have_u_int" = "xyes" ; then
2594 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
2598 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
2600 [ #include <sys/types.h> ],
2601 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2602 [ ac_cv_have_intxx_t="yes" ],
2603 [ ac_cv_have_intxx_t="no" ]
2606 if test "x$ac_cv_have_intxx_t" = "xyes" ; then
2607 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
2611 if (test -z "$have_intxx_t" && \
2612 test "x$ac_cv_header_stdint_h" = "xyes")
2614 AC_MSG_CHECKING([for intXX_t types in stdint.h])
2616 [ #include <stdint.h> ],
2617 [ int8_t a; int16_t b; int32_t c; a = b = c = 1;],
2619 AC_DEFINE(HAVE_INTXX_T)
2622 [ AC_MSG_RESULT(no) ]
2626 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2629 #include <sys/types.h>
2630 #ifdef HAVE_STDINT_H
2631 # include <stdint.h>
2633 #include <sys/socket.h>
2634 #ifdef HAVE_SYS_BITYPES_H
2635 # include <sys/bitypes.h>
2638 [ int64_t a; a = 1;],
2639 [ ac_cv_have_int64_t="yes" ],
2640 [ ac_cv_have_int64_t="no" ]
2643 if test "x$ac_cv_have_int64_t" = "xyes" ; then
2644 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2647 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2649 [ #include <sys/types.h> ],
2650 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2651 [ ac_cv_have_u_intxx_t="yes" ],
2652 [ ac_cv_have_u_intxx_t="no" ]
2655 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2656 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2660 if test -z "$have_u_intxx_t" ; then
2661 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
2663 [ #include <sys/socket.h> ],
2664 [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;],
2666 AC_DEFINE(HAVE_U_INTXX_T)
2669 [ AC_MSG_RESULT(no) ]
2673 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2675 [ #include <sys/types.h> ],
2676 [ u_int64_t a; a = 1;],
2677 [ ac_cv_have_u_int64_t="yes" ],
2678 [ ac_cv_have_u_int64_t="no" ]
2681 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2682 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2686 if test -z "$have_u_int64_t" ; then
2687 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
2689 [ #include <sys/bitypes.h> ],
2690 [ u_int64_t a; a = 1],
2692 AC_DEFINE(HAVE_U_INT64_T)
2695 [ AC_MSG_RESULT(no) ]
2699 if test -z "$have_u_intxx_t" ; then
2700 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
2703 #include <sys/types.h>
2705 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ],
2706 [ ac_cv_have_uintxx_t="yes" ],
2707 [ ac_cv_have_uintxx_t="no" ]
2710 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2711 AC_DEFINE(HAVE_UINTXX_T, 1,
2712 [define if you have uintxx_t data type])
2716 if test -z "$have_uintxx_t" ; then
2717 AC_MSG_CHECKING([for uintXX_t types in stdint.h])
2719 [ #include <stdint.h> ],
2720 [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;],
2722 AC_DEFINE(HAVE_UINTXX_T)
2725 [ AC_MSG_RESULT(no) ]
2729 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
2730 test "x$ac_cv_header_sys_bitypes_h" = "xyes")
2732 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
2735 #include <sys/bitypes.h>
2738 int8_t a; int16_t b; int32_t c;
2739 u_int8_t e; u_int16_t f; u_int32_t g;
2740 a = b = c = e = f = g = 1;
2743 AC_DEFINE(HAVE_U_INTXX_T)
2744 AC_DEFINE(HAVE_INTXX_T)
2752 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2755 #include <sys/types.h>
2757 [ u_char foo; foo = 125; ],
2758 [ ac_cv_have_u_char="yes" ],
2759 [ ac_cv_have_u_char="no" ]
2762 if test "x$ac_cv_have_u_char" = "xyes" ; then
2763 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2768 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
2770 AC_CHECK_TYPES(in_addr_t,,,
2771 [#include <sys/types.h>
2772 #include <netinet/in.h>])
2774 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2777 #include <sys/types.h>
2779 [ size_t foo; foo = 1235; ],
2780 [ ac_cv_have_size_t="yes" ],
2781 [ ac_cv_have_size_t="no" ]
2784 if test "x$ac_cv_have_size_t" = "xyes" ; then
2785 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2788 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2791 #include <sys/types.h>
2793 [ ssize_t foo; foo = 1235; ],
2794 [ ac_cv_have_ssize_t="yes" ],
2795 [ ac_cv_have_ssize_t="no" ]
2798 if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2799 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2802 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2807 [ clock_t foo; foo = 1235; ],
2808 [ ac_cv_have_clock_t="yes" ],
2809 [ ac_cv_have_clock_t="no" ]
2812 if test "x$ac_cv_have_clock_t" = "xyes" ; then
2813 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2816 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2819 #include <sys/types.h>
2820 #include <sys/socket.h>
2822 [ sa_family_t foo; foo = 1235; ],
2823 [ ac_cv_have_sa_family_t="yes" ],
2826 #include <sys/types.h>
2827 #include <sys/socket.h>
2828 #include <netinet/in.h>
2830 [ sa_family_t foo; foo = 1235; ],
2831 [ ac_cv_have_sa_family_t="yes" ],
2833 [ ac_cv_have_sa_family_t="no" ]
2837 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2838 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2839 [define if you have sa_family_t data type])
2842 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2845 #include <sys/types.h>
2847 [ pid_t foo; foo = 1235; ],
2848 [ ac_cv_have_pid_t="yes" ],
2849 [ ac_cv_have_pid_t="no" ]
2852 if test "x$ac_cv_have_pid_t" = "xyes" ; then
2853 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2856 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2859 #include <sys/types.h>
2861 [ mode_t foo; foo = 1235; ],
2862 [ ac_cv_have_mode_t="yes" ],
2863 [ ac_cv_have_mode_t="no" ]
2866 if test "x$ac_cv_have_mode_t" = "xyes" ; then
2867 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2871 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
2874 #include <sys/types.h>
2875 #include <sys/socket.h>
2877 [ struct sockaddr_storage s; ],
2878 [ ac_cv_have_struct_sockaddr_storage="yes" ],
2879 [ ac_cv_have_struct_sockaddr_storage="no" ]
2882 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2883 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2884 [define if you have struct sockaddr_storage data type])
2887 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2890 #include <sys/types.h>
2891 #include <netinet/in.h>
2893 [ struct sockaddr_in6 s; s.sin6_family = 0; ],
2894 [ ac_cv_have_struct_sockaddr_in6="yes" ],
2895 [ ac_cv_have_struct_sockaddr_in6="no" ]
2898 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2899 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2900 [define if you have struct sockaddr_in6 data type])
2903 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2906 #include <sys/types.h>
2907 #include <netinet/in.h>
2909 [ struct in6_addr s; s.s6_addr[0] = 0; ],
2910 [ ac_cv_have_struct_in6_addr="yes" ],
2911 [ ac_cv_have_struct_in6_addr="no" ]
2914 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2915 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2916 [define if you have struct in6_addr data type])
2919 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2922 #include <sys/types.h>
2923 #include <sys/socket.h>
2926 [ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
2927 [ ac_cv_have_struct_addrinfo="yes" ],
2928 [ ac_cv_have_struct_addrinfo="no" ]
2931 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2932 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2933 [define if you have struct addrinfo data type])
2936 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2938 [ #include <sys/time.h> ],
2939 [ struct timeval tv; tv.tv_sec = 1;],
2940 [ ac_cv_have_struct_timeval="yes" ],
2941 [ ac_cv_have_struct_timeval="no" ]
2944 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2945 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2946 have_struct_timeval=1
2949 AC_CHECK_TYPES(struct timespec)
2951 # We need int64_t or else certian parts of the compile will fail.
2952 if test "x$ac_cv_have_int64_t" = "xno" && \
2953 test "x$ac_cv_sizeof_long_int" != "x8" && \
2954 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2955 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2956 echo "an alternative compiler (I.E., GCC) before continuing."
2960 dnl test snprintf (broken on SCO w/gcc)
2965 #ifdef HAVE_SNPRINTF
2969 char expected_out[50];
2971 #if (SIZEOF_LONG_INT == 8)
2972 long int num = 0x7fffffffffffffff;
2974 long long num = 0x7fffffffffffffffll;
2976 strcpy(expected_out, "9223372036854775807");
2977 snprintf(buf, mazsize, "%lld", num);
2978 if(strcmp(buf, expected_out) != 0)
2985 ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
2986 AC_MSG_WARN([cross compiling: Assuming working snprintf()])
2990 dnl Checks for structure members
2991 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
2992 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
2993 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
2994 OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
2995 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
2996 OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
2997 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
2998 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
2999 OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
3000 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
3001 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
3002 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
3003 OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
3004 OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
3005 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
3006 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
3007 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
3009 AC_CHECK_MEMBERS([struct stat.st_blksize])
3010 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
3011 [Define if we don't have struct __res_state in resolv.h])],
3014 #if HAVE_SYS_TYPES_H
3015 # include <sys/types.h>
3017 #include <netinet/in.h>
3018 #include <arpa/nameser.h>
3022 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
3023 ac_cv_have_ss_family_in_struct_ss, [
3026 #include <sys/types.h>
3027 #include <sys/socket.h>
3029 [ struct sockaddr_storage s; s.ss_family = 1; ],
3030 [ ac_cv_have_ss_family_in_struct_ss="yes" ],
3031 [ ac_cv_have_ss_family_in_struct_ss="no" ],
3034 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
3035 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
3038 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
3039 ac_cv_have___ss_family_in_struct_ss, [
3042 #include <sys/types.h>
3043 #include <sys/socket.h>
3045 [ struct sockaddr_storage s; s.__ss_family = 1; ],
3046 [ ac_cv_have___ss_family_in_struct_ss="yes" ],
3047 [ ac_cv_have___ss_family_in_struct_ss="no" ]
3050 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
3051 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
3052 [Fields in struct sockaddr_storage])
3055 AC_CACHE_CHECK([for pw_class field in struct passwd],
3056 ac_cv_have_pw_class_in_struct_passwd, [
3061 [ struct passwd p; p.pw_class = 0; ],
3062 [ ac_cv_have_pw_class_in_struct_passwd="yes" ],
3063 [ ac_cv_have_pw_class_in_struct_passwd="no" ]
3066 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
3067 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
3068 [Define if your password has a pw_class field])
3071 AC_CACHE_CHECK([for pw_expire field in struct passwd],
3072 ac_cv_have_pw_expire_in_struct_passwd, [
3077 [ struct passwd p; p.pw_expire = 0; ],
3078 [ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
3079 [ ac_cv_have_pw_expire_in_struct_passwd="no" ]
3082 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
3083 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
3084 [Define if your password has a pw_expire field])
3087 AC_CACHE_CHECK([for pw_change field in struct passwd],
3088 ac_cv_have_pw_change_in_struct_passwd, [
3093 [ struct passwd p; p.pw_change = 0; ],
3094 [ ac_cv_have_pw_change_in_struct_passwd="yes" ],
3095 [ ac_cv_have_pw_change_in_struct_passwd="no" ]
3098 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
3099 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
3100 [Define if your password has a pw_change field])
3103 dnl make sure we're using the real structure members and not defines
3104 AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
3105 ac_cv_have_accrights_in_msghdr, [
3108 #include <sys/types.h>
3109 #include <sys/socket.h>
3110 #include <sys/uio.h>
3112 #ifdef msg_accrights
3113 #error "msg_accrights is a macro"
3117 m.msg_accrights = 0;
3121 [ ac_cv_have_accrights_in_msghdr="yes" ],
3122 [ ac_cv_have_accrights_in_msghdr="no" ]
3125 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
3126 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
3127 [Define if your system uses access rights style
3128 file descriptor passing])
3131 AC_CACHE_CHECK([for msg_control field in struct msghdr],
3132 ac_cv_have_control_in_msghdr, [
3135 #include <sys/types.h>
3136 #include <sys/socket.h>
3137 #include <sys/uio.h>
3140 #error "msg_control is a macro"
3148 [ ac_cv_have_control_in_msghdr="yes" ],
3149 [ ac_cv_have_control_in_msghdr="no" ]
3152 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
3153 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
3154 [Define if your system uses ancillary data style
3155 file descriptor passing])
3158 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
3160 [ extern char *__progname; printf("%s", __progname); ],
3161 [ ac_cv_libc_defines___progname="yes" ],
3162 [ ac_cv_libc_defines___progname="no" ]
3165 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
3166 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
3169 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
3173 [ printf("%s", __FUNCTION__); ],
3174 [ ac_cv_cc_implements___FUNCTION__="yes" ],
3175 [ ac_cv_cc_implements___FUNCTION__="no" ]
3178 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
3179 AC_DEFINE(HAVE___FUNCTION__, 1,
3180 [Define if compiler implements __FUNCTION__])
3183 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
3187 [ printf("%s", __func__); ],
3188 [ ac_cv_cc_implements___func__="yes" ],
3189 [ ac_cv_cc_implements___func__="no" ]
3192 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
3193 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
3196 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
3198 [#include <stdarg.h>
3201 [ ac_cv_have_va_copy="yes" ],
3202 [ ac_cv_have_va_copy="no" ]
3205 if test "x$ac_cv_have_va_copy" = "xyes" ; then
3206 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
3209 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
3211 [#include <stdarg.h>
3214 [ ac_cv_have___va_copy="yes" ],
3215 [ ac_cv_have___va_copy="no" ]
3218 if test "x$ac_cv_have___va_copy" = "xyes" ; then
3219 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
3222 AC_CACHE_CHECK([whether getopt has optreset support],
3223 ac_cv_have_getopt_optreset, [
3228 [ extern int optreset; optreset = 0; ],
3229 [ ac_cv_have_getopt_optreset="yes" ],
3230 [ ac_cv_have_getopt_optreset="no" ]
3233 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
3234 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
3235 [Define if your getopt(3) defines and uses optreset])
3238 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
3240 [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
3241 [ ac_cv_libc_defines_sys_errlist="yes" ],
3242 [ ac_cv_libc_defines_sys_errlist="no" ]
3245 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
3246 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
3247 [Define if your system defines sys_errlist[]])
3251 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
3253 [ extern int sys_nerr; printf("%i", sys_nerr);],
3254 [ ac_cv_libc_defines_sys_nerr="yes" ],
3255 [ ac_cv_libc_defines_sys_nerr="no" ]
3258 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
3259 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
3263 # Check whether user wants sectok support
3265 [ --with-sectok Enable smartcard support using libsectok],
3267 if test "x$withval" != "xno" ; then
3268 if test "x$withval" != "xyes" ; then
3269 CPPFLAGS="$CPPFLAGS -I${withval}"
3270 LDFLAGS="$LDFLAGS -L${withval}"
3271 if test ! -z "$need_dash_r" ; then
3272 LDFLAGS="$LDFLAGS -R${withval}"
3274 if test ! -z "$blibpath" ; then
3275 blibpath="$blibpath:${withval}"
3278 AC_CHECK_HEADERS(sectok.h)
3279 if test "$ac_cv_header_sectok_h" != yes; then
3280 AC_MSG_ERROR(Can't find sectok.h)
3282 AC_CHECK_LIB(sectok, sectok_open)
3283 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
3284 AC_MSG_ERROR(Can't find libsectok)
3286 AC_DEFINE(SMARTCARD, 1,
3287 [Define if you want smartcard support])
3288 AC_DEFINE(USE_SECTOK, 1,
3289 [Define if you want smartcard support
3291 SCARD_MSG="yes, using sectok"
3296 # Check whether user wants OpenSC support
3299 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
3301 if test "x$withval" != "xno" ; then
3302 if test "x$withval" != "xyes" ; then
3303 OPENSC_CONFIG=$withval/bin/opensc-config
3305 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
3307 if test "$OPENSC_CONFIG" != "no"; then
3308 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
3309 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
3310 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
3311 LIBS="$LIBS $LIBOPENSC_LIBS"
3312 AC_DEFINE(SMARTCARD)
3313 AC_DEFINE(USE_OPENSC, 1,
3314 [Define if you want smartcard support
3316 SCARD_MSG="yes, using OpenSC"
3322 # Check libraries needed by DNS fingerprint support
3323 AC_SEARCH_LIBS(getrrsetbyname, resolv,
3324 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
3325 [Define if getrrsetbyname() exists])],
3327 # Needed by our getrrsetbyname()
3328 AC_SEARCH_LIBS(res_query, resolv)
3329 AC_SEARCH_LIBS(dn_expand, resolv)
3330 AC_MSG_CHECKING(if res_query will link)
3331 AC_TRY_LINK_FUNC(res_query, AC_MSG_RESULT(yes),
3334 LIBS="$LIBS -lresolv"
3335 AC_MSG_CHECKING(for res_query in -lresolv)
3340 res_query (0, 0, 0, 0, 0);
3344 [LIBS="$LIBS -lresolv"
3345 AC_MSG_RESULT(yes)],
3349 AC_CHECK_FUNCS(_getshort _getlong)
3350 AC_CHECK_DECLS([_getshort, _getlong], , ,
3351 [#include <sys/types.h>
3352 #include <arpa/nameser.h>])
3353 AC_CHECK_MEMBER(HEADER.ad,
3354 [AC_DEFINE(HAVE_HEADER_AD, 1,
3355 [Define if HEADER.ad exists in arpa/nameser.h])],,
3356 [#include <arpa/nameser.h>])
3359 # Check whether user wants SELinux support
3362 AC_ARG_WITH(selinux,
3363 [ --with-selinux Enable SELinux support],
3364 [ if test "x$withval" != "xno" ; then
3365 AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
3367 AC_CHECK_HEADER([selinux/selinux.h], ,
3368 AC_MSG_ERROR(SELinux support requires selinux.h header))
3369 AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
3370 AC_MSG_ERROR(SELinux support requires libselinux library))
3372 LIBS="$LIBS $LIBSELINUX"
3373 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3377 AC_SUBST(LIBSELINUX)
3379 # Check whether user wants Kerberos 5 support
3381 AC_ARG_WITH(kerberos5,
3382 [ --with-kerberos5=PATH Enable Kerberos 5 support],
3383 [ if test "x$withval" != "xno" ; then
3384 if test "x$withval" = "xyes" ; then
3385 KRB5ROOT="/usr/local"
3390 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
3393 AC_MSG_CHECKING(for krb5-config)
3394 if test -x $KRB5ROOT/bin/krb5-config ; then
3395 KRB5CONF=$KRB5ROOT/bin/krb5-config
3396 AC_MSG_RESULT($KRB5CONF)
3398 AC_MSG_CHECKING(for gssapi support)
3399 if $KRB5CONF | grep gssapi >/dev/null ; then
3401 AC_DEFINE(GSSAPI, 1,
3402 [Define this if you want GSSAPI
3403 support in the version 2 protocol])
3409 K5CFLAGS="`$KRB5CONF --cflags $k5confopts`"
3410 K5LIBS="`$KRB5CONF --libs $k5confopts`"
3411 CPPFLAGS="$CPPFLAGS $K5CFLAGS"
3412 AC_MSG_CHECKING(whether we are using Heimdal)
3413 AC_TRY_COMPILE([ #include <krb5.h> ],
3414 [ char *tmp = heimdal_version; ],
3415 [ AC_MSG_RESULT(yes)
3416 AC_DEFINE(HEIMDAL, 1,
3417 [Define this if you are using the
3418 Heimdal version of Kerberos V5]) ],
3423 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
3424 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
3425 AC_MSG_CHECKING(whether we are using Heimdal)
3426 AC_TRY_COMPILE([ #include <krb5.h> ],
3427 [ char *tmp = heimdal_version; ],
3428 [ AC_MSG_RESULT(yes)
3430 K5LIBS="-lkrb5 -ldes"
3431 K5LIBS="$K5LIBS -lcom_err -lasn1"
3432 AC_CHECK_LIB(roken, net_write,
3433 [K5LIBS="$K5LIBS -lroken"])
3436 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
3439 AC_SEARCH_LIBS(dn_expand, resolv)
3441 AC_CHECK_LIB(gssapi,gss_init_sec_context,
3443 K5LIBS="-lgssapi $K5LIBS" ],
3444 [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
3446 K5LIBS="-lgssapi_krb5 $K5LIBS" ],
3447 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
3452 AC_CHECK_HEADER(gssapi.h, ,
3453 [ unset ac_cv_header_gssapi_h
3454 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3455 AC_CHECK_HEADERS(gssapi.h, ,
3456 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
3462 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3463 AC_CHECK_HEADER(gssapi_krb5.h, ,
3464 [ CPPFLAGS="$oldCPP" ])
3466 # If we're using some other GSSAPI
3467 if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
3468 AC_MSG_ERROR([$GSSAPI GSSAPI library conflicts with Kerberos support. Use mechglue instead.])
3471 if test -z "$GSSAPI"; then
3476 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
3477 AC_CHECK_HEADER(gssapi_krb5.h, ,
3478 [ CPPFLAGS="$oldCPP" ])
3481 if test ! -z "$need_dash_r" ; then
3482 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
3484 if test ! -z "$blibpath" ; then
3485 blibpath="$blibpath:${KRB5ROOT}/lib"
3488 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
3489 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
3490 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
3492 LIBS="$LIBS $K5LIBS"
3493 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3494 [Define this if you want to use libkafs' AFS support]))
3499 # Check whether user wants AFS_KRB5 support
3501 AC_ARG_WITH(afs-krb5,
3502 [ --with-afs-krb5[[=AKLOG_PATH]] Enable aklog to get token (default=/usr/bin/aklog).],
3504 if test "x$withval" != "xno" ; then
3506 if test "x$withval" != "xyes" ; then
3507 AC_DEFINE_UNQUOTED(AKLOG_PATH, "$withval",
3508 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3510 AC_DEFINE_UNQUOTED(AKLOG_PATH,
3512 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3515 if test -z "$KRB5ROOT" ; then
3516 AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail])
3519 LIBS="-lkrbafs -lkrb4 $LIBS"
3520 if test ! -z "$AFS_LIBS" ; then
3521 LIBS="$LIBS $AFS_LIBS"
3523 AC_DEFINE(AFS_KRB5, 1,
3524 [Define this if you want to use AFS/Kerberos 5 option, which runs aklog.])
3530 AC_ARG_WITH(session-hooks,
3531 [ --with-session-hooks Enable hooks for executing external commands before/after a session],
3532 [ AC_DEFINE(SESSION_HOOKS, 1, [Define this if you want support for startup/shutdown hooks]) ]
3535 # Looking for programs, paths and files
3537 PRIVSEP_PATH=/var/empty
3538 AC_ARG_WITH(privsep-path,
3539 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
3541 if test -n "$withval" && test "x$withval" != "xno" && \
3542 test "x${withval}" != "xyes"; then
3543 PRIVSEP_PATH=$withval
3547 AC_SUBST(PRIVSEP_PATH)
3550 [ --with-xauth=PATH Specify path to xauth program ],
3552 if test -n "$withval" && test "x$withval" != "xno" && \
3553 test "x${withval}" != "xyes"; then
3559 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
3560 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
3561 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
3562 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
3563 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
3564 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
3565 xauth_path="/usr/openwin/bin/xauth"
3571 AC_ARG_ENABLE(strip,
3572 [ --disable-strip Disable calling strip(1) on install],
3574 if test "x$enableval" = "xno" ; then
3581 if test -z "$xauth_path" ; then
3582 XAUTH_PATH="undefined"
3583 AC_SUBST(XAUTH_PATH)
3585 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3586 [Define if xauth is found in your path])
3587 XAUTH_PATH=$xauth_path
3588 AC_SUBST(XAUTH_PATH)
3591 # Check for mail directory (last resort if we cannot get it from headers)
3592 if test ! -z "$MAIL" ; then
3593 maildir=`dirname $MAIL`
3594 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3595 [Set this to your mail directory if you don't have maillock.h])
3598 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
3599 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
3600 disable_ptmx_check=yes
3602 if test -z "$no_dev_ptmx" ; then
3603 if test "x$disable_ptmx_check" != "xyes" ; then
3604 AC_CHECK_FILE("/dev/ptmx",
3606 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3607 [Define if you have /dev/ptmx])
3614 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
3615 AC_CHECK_FILE("/dev/ptc",
3617 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3618 [Define if you have /dev/ptc])
3623 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test])
3626 # Options from here on. Some of these are preset by platform above
3627 AC_ARG_WITH(mantype,
3628 [ --with-mantype=man|cat|doc Set man page type],
3635 AC_MSG_ERROR(invalid man type: $withval)
3640 if test -z "$MANTYPE"; then
3641 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
3642 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
3643 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
3645 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
3652 if test "$MANTYPE" = "doc"; then
3659 # Check whether to enable MD5 passwords
3661 AC_ARG_WITH(md5-passwords,
3662 [ --with-md5-passwords Enable use of MD5 passwords],
3664 if test "x$withval" != "xno" ; then
3665 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3666 [Define if you want to allow MD5 passwords])
3672 # Whether to disable shadow password support
3674 [ --without-shadow Disable shadow password support],
3676 if test "x$withval" = "xno" ; then
3677 AC_DEFINE(DISABLE_SHADOW)
3683 if test -z "$disable_shadow" ; then
3684 AC_MSG_CHECKING([if the systems has expire shadow information])
3687 #include <sys/types.h>
3690 ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
3691 [ sp_expire_available=yes ], []
3694 if test "x$sp_expire_available" = "xyes" ; then
3696 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3697 [Define if you want to use shadow password expire field])
3703 # Use ip address instead of hostname in $DISPLAY
3704 if test ! -z "$IPADDR_IN_DISPLAY" ; then
3705 DISPLAY_HACK_MSG="yes"
3706 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3707 [Define if you need to use IP address
3708 instead of hostname in $DISPLAY])
3710 DISPLAY_HACK_MSG="no"
3711 AC_ARG_WITH(ipaddr-display,
3712 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
3714 if test "x$withval" != "xno" ; then
3715 AC_DEFINE(IPADDR_IN_DISPLAY)
3716 DISPLAY_HACK_MSG="yes"
3722 # check for /etc/default/login and use it if present.
3723 AC_ARG_ENABLE(etc-default-login,
3724 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],
3725 [ if test "x$enableval" = "xno"; then
3726 AC_MSG_NOTICE([/etc/default/login handling disabled])
3727 etc_default_login=no
3729 etc_default_login=yes
3731 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3733 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3734 etc_default_login=no
3736 etc_default_login=yes
3740 if test "x$etc_default_login" != "xno"; then
3741 AC_CHECK_FILE("/etc/default/login",
3742 [ external_path_file=/etc/default/login ])
3743 if test "x$external_path_file" = "x/etc/default/login"; then
3744 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
3745 [Define if your system has /etc/default/login])
3749 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
3750 if test $ac_cv_func_login_getcapbool = "yes" && \
3751 test $ac_cv_header_login_cap_h = "yes" ; then
3752 external_path_file=/etc/login.conf
3755 # Whether to mess with the default path
3756 SERVER_PATH_MSG="(default)"
3757 AC_ARG_WITH(default-path,
3758 [ --with-default-path= Specify default \$PATH environment for server],
3760 if test "x$external_path_file" = "x/etc/login.conf" ; then
3762 --with-default-path=PATH has no effect on this system.
3763 Edit /etc/login.conf instead.])
3764 elif test "x$withval" != "xno" ; then
3765 if test ! -z "$external_path_file" ; then
3767 --with-default-path=PATH will only be used if PATH is not defined in
3768 $external_path_file .])
3770 user_path="$withval"
3771 SERVER_PATH_MSG="$withval"
3774 [ if test "x$external_path_file" = "x/etc/login.conf" ; then
3775 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
3777 if test ! -z "$external_path_file" ; then
3779 If PATH is defined in $external_path_file, ensure the path to scp is included,
3780 otherwise scp will not work.])
3784 /* find out what STDPATH is */
3789 #ifndef _PATH_STDPATH
3790 # ifdef _PATH_USERPATH /* Irix */
3791 # define _PATH_STDPATH _PATH_USERPATH
3793 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
3796 #include <sys/types.h>
3797 #include <sys/stat.h>
3799 #define DATA "conftest.stdpath"
3806 fd = fopen(DATA,"w");
3810 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
3816 [ user_path=`cat conftest.stdpath` ],
3817 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3818 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3822 if test "x$external_path_file" != "x/etc/login.conf" ; then
3823 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3827 # Set superuser path separately to user path
3828 AC_ARG_WITH(superuser-path,
3829 [ --with-superuser-path= Specify different path for super-user],
3831 if test -n "$withval" && test "x$withval" != "xno" && \
3832 test "x${withval}" != "xyes"; then
3833 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3834 [Define if you want a different $PATH
3836 superuser_path=$withval
3842 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
3843 IPV4_IN6_HACK_MSG="no"
3845 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses],
3847 if test "x$withval" != "xno" ; then
3849 AC_DEFINE(IPV4_IN_IPV6, 1,
3850 [Detect IPv4 in IPv6 mapped addresses
3852 IPV4_IN6_HACK_MSG="yes"
3857 if test "x$inet6_default_4in6" = "xyes"; then
3858 AC_MSG_RESULT([yes (default)])
3859 AC_DEFINE(IPV4_IN_IPV6)
3860 IPV4_IN6_HACK_MSG="yes"
3862 AC_MSG_RESULT([no (default)])
3867 # Whether to enable BSD auth support
3869 AC_ARG_WITH(bsd-auth,
3870 [ --with-bsd-auth Enable BSD auth support],
3872 if test "x$withval" != "xno" ; then
3873 AC_DEFINE(BSD_AUTH, 1,
3874 [Define if you have BSD auth support])
3880 # Where to place sshd.pid
3882 # make sure the directory exists
3883 if test ! -d $piddir ; then
3884 piddir=`eval echo ${sysconfdir}`
3886 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
3890 AC_ARG_WITH(pid-dir,
3891 [ --with-pid-dir=PATH Specify location of ssh.pid file],
3893 if test -n "$withval" && test "x$withval" != "xno" && \
3894 test "x${withval}" != "xyes"; then
3896 if test ! -d $piddir ; then
3897 AC_MSG_WARN([** no $piddir directory on this system **])
3903 AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3906 dnl allow user to disable some login recording features
3907 AC_ARG_ENABLE(lastlog,
3908 [ --disable-lastlog disable use of lastlog even if detected [no]],
3910 if test "x$enableval" = "xno" ; then
3911 AC_DEFINE(DISABLE_LASTLOG)
3916 [ --disable-utmp disable use of utmp even if detected [no]],
3918 if test "x$enableval" = "xno" ; then
3919 AC_DEFINE(DISABLE_UTMP)
3923 AC_ARG_ENABLE(utmpx,
3924 [ --disable-utmpx disable use of utmpx even if detected [no]],
3926 if test "x$enableval" = "xno" ; then
3927 AC_DEFINE(DISABLE_UTMPX, 1,
3928 [Define if you don't want to use utmpx])
3933 [ --disable-wtmp disable use of wtmp even if detected [no]],
3935 if test "x$enableval" = "xno" ; then
3936 AC_DEFINE(DISABLE_WTMP)
3940 AC_ARG_ENABLE(wtmpx,
3941 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3943 if test "x$enableval" = "xno" ; then
3944 AC_DEFINE(DISABLE_WTMPX, 1,
3945 [Define if you don't want to use wtmpx])
3949 AC_ARG_ENABLE(libutil,
3950 [ --disable-libutil disable use of libutil (login() etc.) [no]],
3952 if test "x$enableval" = "xno" ; then
3953 AC_DEFINE(DISABLE_LOGIN)
3957 AC_ARG_ENABLE(pututline,
3958 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3960 if test "x$enableval" = "xno" ; then
3961 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3962 [Define if you don't want to use pututline()
3963 etc. to write [uw]tmp])
3967 AC_ARG_ENABLE(pututxline,
3968 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3970 if test "x$enableval" = "xno" ; then
3971 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3972 [Define if you don't want to use pututxline()
3973 etc. to write [uw]tmpx])
3977 AC_ARG_WITH(lastlog,
3978 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
3980 if test "x$withval" = "xno" ; then
3981 AC_DEFINE(DISABLE_LASTLOG)
3982 elif test -n "$withval" && test "x${withval}" != "xyes"; then
3983 conf_lastlog_location=$withval
3988 dnl lastlog, [uw]tmpx? detection
3989 dnl NOTE: set the paths in the platform section to avoid the
3990 dnl need for command-line parameters
3991 dnl lastlog and [uw]tmp are subject to a file search if all else fails
3993 dnl lastlog detection
3994 dnl NOTE: the code itself will detect if lastlog is a directory
3995 AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
3997 #include <sys/types.h>
3999 #ifdef HAVE_LASTLOG_H
4000 # include <lastlog.h>
4009 [ char *lastlog = LASTLOG_FILE; ],
4010 [ AC_MSG_RESULT(yes) ],
4013 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
4015 #include <sys/types.h>
4017 #ifdef HAVE_LASTLOG_H
4018 # include <lastlog.h>
4024 [ char *lastlog = _PATH_LASTLOG; ],
4025 [ AC_MSG_RESULT(yes) ],
4028 system_lastlog_path=no
4033 if test -z "$conf_lastlog_location"; then
4034 if test x"$system_lastlog_path" = x"no" ; then
4035 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
4036 if (test -d "$f" || test -f "$f") ; then
4037 conf_lastlog_location=$f
4040 if test -z "$conf_lastlog_location"; then
4041 AC_MSG_WARN([** Cannot find lastlog **])
4042 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
4047 if test -n "$conf_lastlog_location"; then
4048 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
4049 [Define if you want to specify the path to your lastlog file])
4053 AC_MSG_CHECKING([if your system defines UTMP_FILE])
4055 #include <sys/types.h>
4061 [ char *utmp = UTMP_FILE; ],
4062 [ AC_MSG_RESULT(yes) ],
4064 system_utmp_path=no ]
4066 if test -z "$conf_utmp_location"; then
4067 if test x"$system_utmp_path" = x"no" ; then
4068 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
4069 if test -f $f ; then
4070 conf_utmp_location=$f
4073 if test -z "$conf_utmp_location"; then
4074 AC_DEFINE(DISABLE_UTMP)
4078 if test -n "$conf_utmp_location"; then
4079 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
4080 [Define if you want to specify the path to your utmp file])
4084 AC_MSG_CHECKING([if your system defines WTMP_FILE])
4086 #include <sys/types.h>
4092 [ char *wtmp = WTMP_FILE; ],
4093 [ AC_MSG_RESULT(yes) ],
4095 system_wtmp_path=no ]
4097 if test -z "$conf_wtmp_location"; then
4098 if test x"$system_wtmp_path" = x"no" ; then
4099 for f in /usr/adm/wtmp /var/log/wtmp; do
4100 if test -f $f ; then
4101 conf_wtmp_location=$f
4104 if test -z "$conf_wtmp_location"; then
4105 AC_DEFINE(DISABLE_WTMP)
4109 if test -n "$conf_wtmp_location"; then
4110 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
4111 [Define if you want to specify the path to your wtmp file])
4115 dnl utmpx detection - I don't know any system so perverse as to require
4116 dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
4118 AC_MSG_CHECKING([if your system defines UTMPX_FILE])
4120 #include <sys/types.h>
4129 [ char *utmpx = UTMPX_FILE; ],
4130 [ AC_MSG_RESULT(yes) ],
4132 system_utmpx_path=no ]
4134 if test -z "$conf_utmpx_location"; then
4135 if test x"$system_utmpx_path" = x"no" ; then
4136 AC_DEFINE(DISABLE_UTMPX)
4139 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
4140 [Define if you want to specify the path to your utmpx file])
4144 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
4146 #include <sys/types.h>
4155 [ char *wtmpx = WTMPX_FILE; ],
4156 [ AC_MSG_RESULT(yes) ],
4158 system_wtmpx_path=no ]
4160 if test -z "$conf_wtmpx_location"; then
4161 if test x"$system_wtmpx_path" = x"no" ; then
4162 AC_DEFINE(DISABLE_WTMPX)
4165 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
4166 [Define if you want to specify the path to your wtmpx file])
4170 if test ! -z "$blibpath" ; then
4171 LDFLAGS="$LDFLAGS $blibflags$blibpath"
4172 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
4175 dnl Adding -Werror to CFLAGS early prevents configure tests from running.
4177 CFLAGS="$CFLAGS $werror_flags"
4180 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
4181 openbsd-compat/Makefile openbsd-compat/regress/Makefile \
4182 scard/Makefile ssh_prng_cmds survey.sh])
4185 # Print summary of options
4187 # Someone please show me a better way :)
4188 A=`eval echo ${prefix}` ; A=`eval echo ${A}`
4189 B=`eval echo ${bindir}` ; B=`eval echo ${B}`
4190 C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
4191 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
4192 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
4193 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
4194 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
4195 I=`eval echo ${user_path}` ; I=`eval echo ${I}`
4196 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
4199 echo "OpenSSH has been configured with the following options:"
4200 echo " User binaries: $B"
4201 echo " System binaries: $C"
4202 echo " Configuration files: $D"
4203 echo " Askpass program: $E"
4204 echo " Manual pages: $F"
4205 echo " Privilege separation chroot path: $H"
4206 if test "x$external_path_file" = "x/etc/login.conf" ; then
4207 echo " At runtime, sshd will use the path defined in $external_path_file"
4208 echo " Make sure the path to scp is present, otherwise scp will not work"
4210 echo " sshd default user PATH: $I"
4211 if test ! -z "$external_path_file"; then
4212 echo " (If PATH is set in $external_path_file it will be used instead. If"
4213 echo " used, ensure the path to scp is present, otherwise scp will not work.)"
4216 if test ! -z "$superuser_path" ; then
4217 echo " sshd superuser user PATH: $J"
4219 echo " Manpage format: $MANTYPE"
4220 echo " PAM support: $PAM_MSG"
4221 echo " OSF SIA support: $SIA_MSG"
4222 echo " KerberosV support: $KRB5_MSG"
4223 echo " SELinux support: $SELINUX_MSG"
4224 echo " Smartcard support: $SCARD_MSG"
4225 echo " S/KEY support: $SKEY_MSG"
4226 echo " TCP Wrappers support: $TCPW_MSG"
4227 echo " MD5 password support: $MD5_MSG"
4228 echo " libedit support: $LIBEDIT_MSG"
4229 echo " Solaris process contract support: $SPC_MSG"
4230 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
4231 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
4232 echo " BSD Auth support: $BSD_AUTH_MSG"
4233 echo " Random number source: $RAND_MSG"
4234 if test ! -z "$USE_RAND_HELPER" ; then
4235 echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
4240 echo " Host: ${host}"
4241 echo " Compiler: ${CC}"
4242 echo " Compiler flags: ${CFLAGS}"
4243 echo "Preprocessor flags: ${CPPFLAGS}"
4244 echo " Linker flags: ${LDFLAGS}"
4245 echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
4249 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then
4250 echo "SVR4 style packages are supported with \"make package\""
4254 if test "x$PAM_MSG" = "xyes" ; then
4255 echo "PAM is enabled. You may need to install a PAM control file "
4256 echo "for sshd, otherwise password authentication may fail. "
4257 echo "Example PAM control files can be found in the contrib/ "
4262 if test ! -z "$RAND_HELPER_CMDHASH" ; then
4263 echo "WARNING: you are using the builtin random number collection "
4264 echo "service. Please read WARNING.RNG and request that your OS "
4265 echo "vendor includes kernel-based random number collection in "
4266 echo "future versions of your OS."
4270 if test ! -z "$NO_PEERCHECK" ; then
4271 echo "WARNING: the operating system that you are using does not "
4272 echo "appear to support either the getpeereid() API nor the "
4273 echo "SO_PEERCRED getsockopt() option. These facilities are used to "
4274 echo "enforce security checks to prevent unauthorised connections to "
4275 echo "ssh-agent. Their absence increases the risk that a malicious "
4276 echo "user can connect to your agent. "
4280 if test "$AUDIT_MODULE" = "bsm" ; then
4281 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
4282 echo "See the Solaris section in README.platform for details."